From b4cd81bafe0bb2b5f39c4dbf5471a5193637a524 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Tue, 17 Sep 2024 12:09:47 +0200
Subject: [PATCH 01/13] deps: update V8 to 12.9.202.18

---
 deps/v8/.editorconfig                         |     6 +-
 deps/v8/.gitignore                            |     4 +-
 deps/v8/AUTHORS                               |     5 +-
 deps/v8/BUILD.bazel                           |    80 +-
 deps/v8/BUILD.gn                              |   116 +-
 deps/v8/DEPS                                  |   209 +-
 deps/v8/bazel/defs.bzl                        |     2 +-
 deps/v8/build_overrides/build.gni             |     9 -
 deps/v8/gni/v8.gni                            |    25 +-
 deps/v8/include/cppgc/garbage-collected.h     |     8 +
 .../cppgc/internal/compiler-specific.h        |    10 +-
 deps/v8/include/v8-callbacks.h                |     2 +-
 deps/v8/include/v8-fast-api-calls.h           |    27 -
 deps/v8/include/v8-function-callback.h        |     2 +-
 deps/v8/include/v8-function.h                 |     4 +
 deps/v8/include/v8-handle-base.h              |     4 +-
 deps/v8/include/v8-internal.h                 |    23 +-
 deps/v8/include/v8-isolate.h                  |     6 +
 deps/v8/include/v8-local-handle.h             |    22 +-
 deps/v8/include/v8-object.h                   |    10 +-
 deps/v8/include/v8-platform.h                 |    20 -
 deps/v8/include/v8-primitive.h                |    24 +
 deps/v8/include/v8-profiler.h                 |     6 +
 deps/v8/include/v8-script.h                   |     2 +-
 deps/v8/include/v8-template.h                 |    13 +
 deps/v8/include/v8-util.h                     |     2 +-
 deps/v8/include/v8-value.h                    |     5 +-
 deps/v8/include/v8-version.h                  |     6 +-
 deps/v8/include/v8config.h                    |    16 +-
 deps/v8/infra/mb/mb_config.pyl                |   135 +-
 deps/v8/infra/testing/builders.pyl            |    16 +
 deps/v8/src/api/api-arguments-inl.h           |    41 +-
 deps/v8/src/api/api-inl.h                     |    85 +-
 deps/v8/src/api/api-natives.cc                |     5 +-
 deps/v8/src/api/api.cc                        |   313 +-
 deps/v8/src/api/api.h                         |    70 +-
 deps/v8/src/asmjs/asm-js.cc                   |     5 +-
 deps/v8/src/asmjs/asm-parser.cc               |     4 +-
 deps/v8/src/asmjs/asm-scanner.cc              |    46 +-
 .../ast/ast-function-literal-id-reindexer.cc  |     7 +
 .../ast/ast-function-literal-id-reindexer.h   |     1 +
 deps/v8/src/ast/ast-traversal-visitor.h       |    12 +
 deps/v8/src/ast/ast.cc                        |    13 +
 deps/v8/src/ast/ast.h                         |   200 +-
 deps/v8/src/ast/prettyprinter.cc              |    17 +
 deps/v8/src/ast/scopes.cc                     |   157 +-
 deps/v8/src/ast/scopes.h                      |    38 +-
 deps/v8/src/base/intrusive-set.h              |     1 -
 deps/v8/src/base/macros.h                     |    37 +-
 deps/v8/src/base/optional.h                   |    29 -
 deps/v8/src/base/platform/mutex.h             |     5 +-
 deps/v8/src/base/platform/platform-fuchsia.cc |     7 +-
 deps/v8/src/base/platform/platform-linux.cc   |     8 +-
 deps/v8/src/base/platform/platform-linux.h    |     4 +-
 deps/v8/src/base/platform/platform-posix.cc   |     6 +-
 deps/v8/src/base/platform/platform-win32.cc   |    25 +-
 deps/v8/src/base/platform/platform.h          |     9 +-
 .../template-meta-programming/functional.h    |     5 +
 deps/v8/src/base/template-utils.h             |    54 +
 deps/v8/src/base/virtual-address-space.cc     |     6 +-
 .../src/baseline/baseline-batch-compiler.cc   |     4 +-
 .../v8/src/baseline/baseline-batch-compiler.h |     4 +-
 deps/v8/src/baseline/baseline-compiler.cc     |     3 +-
 .../src/baseline/bytecode-offset-iterator.h   |     4 +-
 deps/v8/src/builtins/DEPS                     |     9 +-
 deps/v8/src/builtins/accessors.cc             |    16 +-
 deps/v8/src/builtins/arm/builtins-arm.cc      |    97 +-
 deps/v8/src/builtins/arm64/builtins-arm64.cc  |    81 +-
 deps/v8/src/builtins/array-from-async.tq      |    43 +-
 deps/v8/src/builtins/base.tq                  |    10 +-
 .../builtins-abstract-module-source.cc        |    40 +
 deps/v8/src/builtins/builtins-api.cc          |     4 +-
 deps/v8/src/builtins/builtins-array-gen.cc    |    18 +-
 deps/v8/src/builtins/builtins-array-gen.h     |     8 +-
 deps/v8/src/builtins/builtins-array.cc        |     2 +-
 .../builtins-async-disposable-stack.cc        |    20 -
 deps/v8/src/builtins/builtins-async-gen.cc    |    16 +-
 .../builtins/builtins-async-iterator-gen.cc   |    35 +-
 .../builtins-atomics-synchronization.cc       |     2 +-
 deps/v8/src/builtins/builtins-call-gen.cc     |    28 +-
 deps/v8/src/builtins/builtins-call-gen.h      |    12 +-
 .../src/builtins/builtins-collections-gen.cc  |     9 +-
 deps/v8/src/builtins/builtins-console.cc      |    11 +-
 .../src/builtins/builtins-constructor-gen.cc  |    50 +-
 deps/v8/src/builtins/builtins-definitions.h   |   182 +-
 deps/v8/src/builtins/builtins-descriptors.h   |    14 +-
 deps/v8/src/builtins/builtins-function.cc     |    11 +-
 .../v8/src/builtins/builtins-generator-gen.cc |     6 +-
 deps/v8/src/builtins/builtins-handler-gen.cc  |     5 +-
 deps/v8/src/builtins/builtins-internal-gen.cc |    44 +-
 deps/v8/src/builtins/builtins-internal.cc     |     6 +
 deps/v8/src/builtins/builtins-intl-gen.cc     |     7 +-
 deps/v8/src/builtins/builtins-intl.cc         |     2 +-
 deps/v8/src/builtins/builtins-iterator-gen.cc |     8 +-
 deps/v8/src/builtins/builtins-iterator-gen.h  |    10 +-
 deps/v8/src/builtins/builtins-lazy-gen.cc     |     2 +-
 .../builtins/builtins-microtask-queue-gen.cc  |     2 +-
 deps/v8/src/builtins/builtins-number-gen.cc   |   122 +-
 deps/v8/src/builtins/builtins-object-gen.cc   |    90 +-
 deps/v8/src/builtins/builtins-proxy-gen.cc    |     8 +-
 deps/v8/src/builtins/builtins-regexp-gen.cc   |   140 +-
 deps/v8/src/builtins/builtins-regexp-gen.h    |     5 +-
 .../src/builtins/builtins-shadow-realm-gen.cc |     9 +-
 deps/v8/src/builtins/builtins-shadow-realm.cc |    26 +-
 .../builtins/builtins-sharedarraybuffer.cc    |     4 +-
 deps/v8/src/builtins/builtins-string-gen.cc   |    52 +-
 deps/v8/src/builtins/builtins-string-gen.h    |     2 +-
 deps/v8/src/builtins/builtins-string-tsa.cc   |   210 +-
 deps/v8/src/builtins/builtins-string.cc       |     4 +-
 .../src/builtins/builtins-typed-array-gen.cc  |     5 +-
 deps/v8/src/builtins/builtins-utils-gen.h     |     4 +-
 deps/v8/src/builtins/builtins-wasm-gen.cc     |    14 +-
 deps/v8/src/builtins/builtins.cc              |    23 +-
 deps/v8/src/builtins/builtins.h               |    37 +-
 deps/v8/src/builtins/collections.tq           |     8 +-
 .../src/builtins/growable-fixed-array-gen.cc  |    10 +-
 deps/v8/src/builtins/ia32/builtins-ia32.cc    |    75 +-
 deps/v8/src/builtins/js-to-js.tq              |    18 +-
 deps/v8/src/builtins/js-to-wasm.tq            |    66 +-
 .../src/builtins/loong64/builtins-loong64.cc  |  1159 +-
 .../v8/src/builtins/mips64/builtins-mips64.cc |    71 +-
 deps/v8/src/builtins/ppc/builtins-ppc.cc      |    92 +-
 .../builtins/promise-abstract-operations.tq   |    36 +-
 deps/v8/src/builtins/promise-all.tq           |    42 +-
 deps/v8/src/builtins/promise-any.tq           |    12 +-
 deps/v8/src/builtins/promise-finally.tq       |    36 +-
 deps/v8/src/builtins/regexp-match.tq          |    23 +-
 deps/v8/src/builtins/regexp.tq                |     7 +
 deps/v8/src/builtins/riscv/builtins-riscv.cc  |   107 +-
 deps/v8/src/builtins/s390/builtins-s390.cc    |   100 +-
 .../src/builtins/setup-builtins-internal.cc   |   110 +-
 deps/v8/src/builtins/suppressed-error.tq      |    14 +-
 deps/v8/src/builtins/typed-array-from.tq      |     6 +-
 deps/v8/src/builtins/wasm-to-js.tq            |     6 +-
 deps/v8/src/builtins/wasm.tq                  |    57 +-
 deps/v8/src/builtins/x64/builtins-x64.cc      |    95 +-
 deps/v8/src/codegen/DEPS                      |     5 +-
 deps/v8/src/codegen/arm/assembler-arm.cc      |    14 +-
 .../v8/src/codegen/arm/macro-assembler-arm.cc |    33 +-
 deps/v8/src/codegen/arm/macro-assembler-arm.h |    18 +-
 deps/v8/src/codegen/arm64/assembler-arm64.cc  |     3 +
 deps/v8/src/codegen/arm64/assembler-arm64.h   |     4 +-
 .../codegen/arm64/macro-assembler-arm64.cc    |    44 +-
 .../src/codegen/arm64/macro-assembler-arm64.h |    19 +-
 deps/v8/src/codegen/background-merge-task.h   |     4 +-
 deps/v8/src/codegen/code-stub-assembler.cc    |  1010 +-
 deps/v8/src/codegen/code-stub-assembler.h     |   202 +-
 deps/v8/src/codegen/compilation-cache.cc      |    29 +-
 deps/v8/src/codegen/compilation-cache.h       |    14 +-
 deps/v8/src/codegen/compiler.cc               |   654 +-
 deps/v8/src/codegen/compiler.h                |    17 +-
 deps/v8/src/codegen/cpu-features.h            |     1 +
 .../src/codegen/external-reference-table.cc   |    75 +-
 .../v8/src/codegen/external-reference-table.h |    32 +-
 deps/v8/src/codegen/external-reference.cc     |    44 +-
 deps/v8/src/codegen/external-reference.h      |    32 +
 deps/v8/src/codegen/heap-object-list.h        |    56 +-
 .../src/codegen/interface-descriptors-inl.h   |     2 +-
 deps/v8/src/codegen/interface-descriptors.h   |    13 +-
 .../loong64/macro-assembler-loong64.cc        |    28 +-
 .../codegen/loong64/macro-assembler-loong64.h |    11 +-
 .../codegen/mips64/macro-assembler-mips64.h   |     6 +-
 .../v8/src/codegen/ppc/macro-assembler-ppc.cc |    39 +-
 deps/v8/src/codegen/ppc/macro-assembler-ppc.h |    15 +-
 deps/v8/src/codegen/riscv/assembler-riscv.cc  |    79 +-
 deps/v8/src/codegen/riscv/assembler-riscv.h   |     2 +
 .../src/codegen/riscv/constant-riscv-zicond.h |    17 +
 .../codegen/riscv/extension-riscv-zicond.cc   |    24 +
 .../codegen/riscv/extension-riscv-zicond.h    |    24 +
 .../codegen/riscv/macro-assembler-riscv.cc    |   182 +-
 .../src/codegen/riscv/macro-assembler-riscv.h |    13 +-
 .../src/codegen/s390/macro-assembler-s390.cc  |    33 +-
 .../src/codegen/s390/macro-assembler-s390.h   |    17 +-
 .../macro-assembler-shared-ia32-x64.h         |    44 +-
 deps/v8/src/codegen/signature.h               |    14 +-
 deps/v8/src/codegen/tnode.h                   |    10 +
 .../turboshaft-builtins-assembler-inl.h       |   412 +-
 deps/v8/src/codegen/x64/assembler-x64.cc      |     9 +-
 .../v8/src/codegen/x64/macro-assembler-x64.cc |   148 +-
 deps/v8/src/codegen/x64/macro-assembler-x64.h |    18 +-
 deps/v8/src/common/assert-scope.h             |     9 +-
 deps/v8/src/common/code-memory-access.cc      |    13 +-
 deps/v8/src/common/code-memory-access.h       |    15 +-
 deps/v8/src/common/globals.h                  |    49 +-
 deps/v8/src/common/message-template.h         |     7 +-
 deps/v8/src/common/segmented-table-inl.h      |   158 +
 deps/v8/src/common/segmented-table.h          |   201 +
 .../lazy-compile-dispatcher.cc                |     7 +-
 deps/v8/src/compiler/access-builder.cc        |    67 +-
 deps/v8/src/compiler/access-builder.h         |    11 +
 deps/v8/src/compiler/access-info.cc           |    13 +-
 deps/v8/src/compiler/access-info.h            |     6 +-
 deps/v8/src/compiler/allocation-builder.h     |     7 +-
 .../backend/arm/code-generator-arm.cc         |     2 +-
 .../backend/arm/instruction-selector-arm.cc   |    92 +-
 .../backend/arm64/code-generator-arm64.cc     |   127 +-
 .../backend/arm64/instruction-codes-arm64.h   |    23 +
 .../arm64/instruction-scheduler-arm64.cc      |    23 +
 .../arm64/instruction-selector-arm64.cc       |   224 +-
 .../v8/src/compiler/backend/code-generator.cc |    15 +-
 deps/v8/src/compiler/backend/code-generator.h |     8 +-
 .../backend/ia32/code-generator-ia32.cc       |     2 +-
 .../backend/ia32/instruction-selector-ia32.cc |   113 +-
 .../compiler/backend/instruction-scheduler.cc |     5 +-
 .../compiler/backend/instruction-scheduler.h  |     5 +-
 .../backend/instruction-selector-adapter.h    |    55 +-
 .../backend/instruction-selector-impl.h       |     5 +-
 .../compiler/backend/instruction-selector.cc  |   220 +-
 .../compiler/backend/instruction-selector.h   |    45 +-
 deps/v8/src/compiler/backend/instruction.cc   |     3 +-
 deps/v8/src/compiler/backend/instruction.h    |     5 +-
 .../backend/loong64/code-generator-loong64.cc |     6 +-
 .../loong64/instruction-selector-loong64.cc   |    54 +-
 .../backend/mips64/code-generator-mips64.cc   |     2 +-
 .../mips64/instruction-selector-mips64.cc     |    51 +-
 .../backend/ppc/code-generator-ppc.cc         |     2 +-
 .../backend/ppc/instruction-selector-ppc.cc   |   407 +-
 .../backend/register-allocator-verifier.cc    |    17 +-
 .../backend/register-allocator-verifier.h     |     4 +-
 .../compiler/backend/register-allocator.cc    |     5 +-
 .../backend/riscv/code-generator-riscv.cc     |     1 +
 .../riscv/instruction-selector-riscv.h        |    68 +-
 .../backend/s390/code-generator-s390.cc       |     2 +-
 .../backend/s390/instruction-selector-s390.cc |   350 +-
 .../backend/x64/code-generator-x64.cc         |   344 +-
 .../backend/x64/instruction-codes-x64.h       |    46 +-
 .../backend/x64/instruction-scheduler-x64.cc  |    12 +
 .../backend/x64/instruction-selector-x64.cc   |   419 +-
 .../src/compiler/basic-block-instrumentor.cc  |     2 +-
 deps/v8/src/compiler/bytecode-analysis.cc     |   312 +-
 deps/v8/src/compiler/bytecode-analysis.h      |    35 +-
 .../v8/src/compiler/bytecode-graph-builder.cc |    21 +-
 deps/v8/src/compiler/code-assembler.cc        |     5 +-
 deps/v8/src/compiler/code-assembler.h         |    10 +-
 .../src/compiler/common-operator-reducer.cc   |     3 +-
 deps/v8/src/compiler/common-operator.cc       |    16 +-
 deps/v8/src/compiler/common-operator.h        |    11 +-
 .../src/compiler/compilation-dependencies.cc  |     7 +-
 deps/v8/src/compiler/fast-api-calls.cc        |    48 +-
 deps/v8/src/compiler/frame-states.cc          |     4 +-
 deps/v8/src/compiler/graph-assembler.cc       |    26 +-
 deps/v8/src/compiler/graph-assembler.h        |     8 +-
 deps/v8/src/compiler/graph-visualizer.cc      |     7 +-
 deps/v8/src/compiler/graph-visualizer.h       |     6 +-
 deps/v8/src/compiler/heap-refs.cc             |    96 +-
 deps/v8/src/compiler/heap-refs.h              |    35 +-
 deps/v8/src/compiler/js-call-reducer.cc       |   100 +-
 deps/v8/src/compiler/js-call-reducer.h        |     4 +-
 deps/v8/src/compiler/js-create-lowering.cc    |    42 +-
 deps/v8/src/compiler/js-create-lowering.h     |    14 +-
 deps/v8/src/compiler/js-graph.cc              |     8 +
 deps/v8/src/compiler/js-graph.h               |     5 +
 deps/v8/src/compiler/js-heap-broker.cc        |    13 +-
 deps/v8/src/compiler/js-heap-broker.h         |     7 +-
 deps/v8/src/compiler/js-inlining.cc           |     8 +-
 .../js-native-context-specialization.cc       |   101 +-
 .../js-native-context-specialization.h        |    11 +-
 deps/v8/src/compiler/js-typed-lowering.cc     |     4 +-
 deps/v8/src/compiler/late-escape-analysis.cc  |     6 +-
 deps/v8/src/compiler/linkage.cc               |    98 +-
 deps/v8/src/compiler/linkage.h                |    17 +-
 deps/v8/src/compiler/load-elimination.cc      |     4 +-
 .../src/compiler/machine-operator-reducer.cc  |    23 +-
 .../src/compiler/machine-operator-reducer.h   |     6 +-
 deps/v8/src/compiler/machine-operator.cc      |    37 +-
 deps/v8/src/compiler/machine-operator.h       |    42 +-
 deps/v8/src/compiler/node-properties.cc       |     6 +-
 deps/v8/src/compiler/opcodes.h                |    42 +-
 .../src/compiler/pair-load-store-reducer.cc   |     4 +-
 deps/v8/src/compiler/pipeline-data-inl.h      |     4 +-
 deps/v8/src/compiler/pipeline.cc              |    25 +-
 .../src/compiler/property-access-builder.cc   |     7 +-
 .../v8/src/compiler/property-access-builder.h |     5 +-
 deps/v8/src/compiler/raw-machine-assembler.cc |     8 +-
 deps/v8/src/compiler/raw-machine-assembler.h  |     5 +-
 deps/v8/src/compiler/scheduler.cc             |     9 +-
 deps/v8/src/compiler/scheduler.h              |     4 +-
 .../compiler/simplified-lowering-verifier.cc  |     1 +
 .../compiler/simplified-lowering-verifier.h   |     8 +-
 deps/v8/src/compiler/simplified-lowering.cc   |    10 +-
 .../compiler/simplified-operator-reducer.cc   |     4 +-
 .../src/compiler/string-builder-optimizer.cc  |    46 +-
 .../src/compiler/string-builder-optimizer.h   |     6 +-
 .../src/compiler/turboshaft/access-builder.h  |     5 +
 deps/v8/src/compiler/turboshaft/assembler.h   |   595 +-
 .../turboshaft/assert-types-reducer.h         |    16 +-
 .../turboshaft/branch-elimination-reducer.h   |     9 +-
 .../compiler/turboshaft/build-graph-phase.cc  |     4 +-
 .../compiler/turboshaft/build-graph-phase.h   |     8 +-
 .../turboshaft/builtin-call-descriptors.h     |    22 +
 .../src/compiler/turboshaft/copying-phase.h   |     3 +-
 .../dead-code-elimination-reducer.h           |     3 +-
 .../debug-feature-lowering-reducer.h          |     3 +
 .../turboshaft/define-assembler-macros.inc    |    27 +-
 .../fast-api-call-lowering-reducer.h          |    17 +-
 .../src/compiler/turboshaft/graph-builder.cc  |    56 +-
 .../src/compiler/turboshaft/graph-builder.h   |     6 +-
 .../compiler/turboshaft/graph-visualizer.h    |     3 +-
 deps/v8/src/compiler/turboshaft/index.h       |    18 +-
 .../turboshaft/instruction-selection-phase.cc |     8 +-
 .../turboshaft/instruction-selection-phase.h  |     8 +-
 .../turboshaft/int64-lowering-reducer.h       |     2 +-
 .../late-load-elimination-reducer.h           |     4 +-
 .../compiler/turboshaft/layered-hash-map.h    |     8 +-
 .../turboshaft/loop-unrolling-reducer.cc      |    12 +-
 .../turboshaft/loop-unrolling-reducer.h       |     4 +-
 .../turboshaft/machine-lowering-reducer-inl.h |   325 +-
 .../turboshaft/machine-optimization-reducer.h |   292 +-
 .../maglev-early-lowering-reducer-inl.h       |   117 +-
 .../turboshaft/maglev-graph-building-phase.cc |   971 +-
 .../turboshaft/maglev-graph-building-phase.h  |     4 +-
 .../turboshaft/memory-optimization-reducer.cc |    14 +-
 .../turboshaft/memory-optimization-reducer.h  |    14 +-
 .../compiler/turboshaft/operation-matcher.h   |    54 +-
 deps/v8/src/compiler/turboshaft/operations.cc |    66 +-
 deps/v8/src/compiler/turboshaft/operations.h  |   310 +-
 deps/v8/src/compiler/turboshaft/opmasks.h     |    26 +-
 deps/v8/src/compiler/turboshaft/phase.h       |    42 +-
 deps/v8/src/compiler/turboshaft/pipelines.cc  |     5 +
 deps/v8/src/compiler/turboshaft/pipelines.h   |     8 +-
 .../compiler/turboshaft/recreate-schedule.cc  |    33 +-
 .../src/compiler/turboshaft/representations.h |     1 +
 .../turboshaft/runtime-call-descriptors.h     |    41 +-
 .../turboshaft/snapshot-table-opindex.h       |     6 +-
 .../turboshaft/stack-check-lowering-reducer.h |    52 +-
 .../store-store-elimination-reducer-inl.h     |     6 +-
 deps/v8/src/compiler/turboshaft/string-view.h |   100 +
 .../turboshaft/type-inference-analysis.h      |     9 +-
 .../turboshaft/type-inference-reducer.h       |    11 +-
 .../v8/src/compiler/turboshaft/type-parser.cc |     6 +-
 deps/v8/src/compiler/turboshaft/type-parser.h |    40 +-
 deps/v8/src/compiler/turboshaft/typer.h       |    14 +-
 deps/v8/src/compiler/turboshaft/types.cc      |     5 +-
 deps/v8/src/compiler/turboshaft/types.h       |    13 +-
 .../turboshaft/undef-assembler-macros.inc     |     4 +
 .../compiler/turboshaft/variable-reducer.h    |     9 +-
 .../wasm-load-elimination-reducer.h           |     4 +-
 .../turboshaft/wasm-lowering-reducer.h        |     4 +-
 .../compiler/turboshaft/wasm-revec-reducer.cc |    11 +-
 .../compiler/turboshaft/wasm-revec-reducer.h  |     1 +
 .../src/compiler/turboshaft/zone-with-name.h  |    17 +
 deps/v8/src/compiler/typed-optimization.cc    |     7 +-
 deps/v8/src/compiler/typer.cc                 |     4 +
 deps/v8/src/compiler/types.cc                 |     3 +
 deps/v8/src/compiler/use-info.h               |     8 +-
 deps/v8/src/compiler/verifier.cc              |     1 +
 deps/v8/src/compiler/wasm-call-descriptors.cc |    35 +-
 deps/v8/src/compiler/wasm-call-descriptors.h  |    15 +-
 .../src/compiler/wasm-compiler-definitions.cc |     4 +-
 deps/v8/src/compiler/wasm-compiler.cc         |   441 +-
 deps/v8/src/compiler/wasm-compiler.h          |    10 +-
 .../src/compiler/wasm-gc-operator-reducer.cc  |     6 +-
 deps/v8/src/compiler/wasm-graph-assembler.cc  |    14 +-
 deps/v8/src/d8/d8-test.cc                     |    12 +-
 deps/v8/src/d8/d8.cc                          |     1 +
 deps/v8/src/d8/d8.h                           |     5 +-
 deps/v8/src/debug/debug-coverage.cc           |     2 +-
 deps/v8/src/debug/debug-evaluate.cc           |    17 +-
 deps/v8/src/debug/debug-frames.cc             |    15 +
 deps/v8/src/debug/debug-frames.h              |     3 +
 deps/v8/src/debug/debug-interface.cc          |    42 +-
 deps/v8/src/debug/debug-scopes.cc             |     6 +-
 .../src/debug/debug-stack-trace-iterator.cc   |    22 +-
 deps/v8/src/debug/debug-wasm-objects.cc       |   120 +-
 deps/v8/src/debug/debug-wasm-objects.h        |     8 +
 deps/v8/src/debug/debug.cc                    |    80 +-
 deps/v8/src/debug/debug.h                     |    13 +-
 deps/v8/src/debug/liveedit-diff.cc            |    30 +-
 deps/v8/src/debug/liveedit.cc                 |    23 +-
 .../wasm/gdb-server/wasm-module-debug.cc      |     4 +
 .../v8/src/deoptimizer/arm/deoptimizer-arm.cc |     4 +-
 .../deoptimizer/arm64/deoptimizer-arm64.cc    |     4 +-
 deps/v8/src/deoptimizer/deoptimizer.cc        |   126 +-
 deps/v8/src/deoptimizer/deoptimizer.h         |    21 +-
 deps/v8/src/deoptimizer/frame-description.h   |     2 +-
 .../deoptimizer/frame-translation-builder.cc  |     4 +-
 .../deoptimizer/frame-translation-builder.h   |     4 +-
 .../src/deoptimizer/ia32/deoptimizer-ia32.cc  |     4 +-
 .../loong64/deoptimizer-loong64.cc            |     4 +-
 .../deoptimizer/mips64/deoptimizer-mips64.cc  |     4 +-
 .../v8/src/deoptimizer/ppc/deoptimizer-ppc.cc |     4 +-
 .../deoptimizer/riscv/deoptimizer-riscv.cc    |     4 +-
 .../src/deoptimizer/s390/deoptimizer-s390.cc  |     4 +-
 deps/v8/src/deoptimizer/translated-state.cc   |    39 +-
 deps/v8/src/deoptimizer/translated-state.h    |     7 +-
 .../v8/src/deoptimizer/x64/deoptimizer-x64.cc |     4 +-
 deps/v8/src/diagnostics/code-tracer.h         |     7 +-
 deps/v8/src/diagnostics/disassembler.cc       |     6 +-
 deps/v8/src/diagnostics/etw-jit-win.cc        |     8 +
 deps/v8/src/diagnostics/gdb-jit.cc            |     3 +-
 deps/v8/src/diagnostics/objects-debug.cc      |   316 +-
 deps/v8/src/diagnostics/objects-printer.cc    |   153 +-
 deps/v8/src/diagnostics/riscv/disasm-riscv.cc |     6 +
 deps/v8/src/execution/execution.cc            |     2 +-
 deps/v8/src/execution/frame-constants.h       |    58 +-
 deps/v8/src/execution/frames-inl.h            |    23 +-
 deps/v8/src/execution/frames.cc               |   459 +-
 deps/v8/src/execution/frames.h                |   110 +-
 deps/v8/src/execution/futex-emulation.cc      |    12 +-
 deps/v8/src/execution/isolate-data.h          |    90 +-
 deps/v8/src/execution/isolate.cc              |   302 +-
 deps/v8/src/execution/isolate.h               |    82 +-
 deps/v8/src/execution/local-isolate.h         |     6 +-
 .../execution/loong64/simulator-loong64.cc    |    10 +-
 deps/v8/src/execution/messages.cc             |    85 +-
 deps/v8/src/execution/messages.h              |     4 +
 deps/v8/src/execution/microtask-queue.cc      |     4 +-
 .../v8/src/execution/riscv/simulator-riscv.cc |    26 +-
 deps/v8/src/execution/riscv/simulator-riscv.h |     2 +-
 deps/v8/src/execution/tiering-manager.cc      |    45 +-
 deps/v8/src/execution/tiering-manager.h       |     4 +-
 deps/v8/src/flags/flag-definitions.h          |   170 +-
 deps/v8/src/flags/flags-impl.h                |    10 +-
 deps/v8/src/flags/flags.cc                    |     3 +-
 deps/v8/src/flags/flags.h                     |     7 +-
 deps/v8/src/handles/handles.h                 |     3 +-
 deps/v8/src/heap/code-range.cc                |     2 +-
 deps/v8/src/heap/concurrent-marking.cc        |     9 +-
 .../v8/src/heap/conservative-stack-visitor.cc |    41 +-
 deps/v8/src/heap/conservative-stack-visitor.h |    15 +-
 deps/v8/src/heap/cppgc/pointer-policies.cc    |     7 +
 deps/v8/src/heap/cppgc/stats-collector.cc     |     2 +-
 deps/v8/src/heap/cppgc/visitor.cc             |     7 +-
 deps/v8/src/heap/evacuation-allocator-inl.h   |     1 +
 deps/v8/src/heap/evacuation-allocator.cc      |    13 +-
 deps/v8/src/heap/evacuation-verifier-inl.h    |     2 +-
 deps/v8/src/heap/factory-base.cc              |    83 +-
 deps/v8/src/heap/factory-base.h               |     9 +-
 deps/v8/src/heap/factory.cc                   |   360 +-
 deps/v8/src/heap/factory.h                    |    56 +-
 deps/v8/src/heap/gc-tracer.cc                 |    28 +-
 deps/v8/src/heap/gc-tracer.h                  |     6 +-
 deps/v8/src/heap/heap-verifier.cc             |     2 +-
 deps/v8/src/heap/heap-write-barrier-inl.h     |    24 +
 deps/v8/src/heap/heap-write-barrier.cc        |    13 +
 deps/v8/src/heap/heap-write-barrier.h         |     7 +
 deps/v8/src/heap/heap.cc                      |    32 +-
 deps/v8/src/heap/heap.h                       |    14 +-
 deps/v8/src/heap/incremental-marking.cc       |     8 +-
 deps/v8/src/heap/index-generator.cc           |     2 +-
 deps/v8/src/heap/main-allocator.cc            |    19 +
 deps/v8/src/heap/mark-compact-inl.h           |     2 +-
 deps/v8/src/heap/mark-compact.cc              |   235 +-
 deps/v8/src/heap/marking-visitor-inl.h        |    23 +-
 deps/v8/src/heap/memory-chunk.cc              |    18 +-
 deps/v8/src/heap/memory-measurement.cc        |     8 +-
 deps/v8/src/heap/memory-measurement.h         |     1 -
 deps/v8/src/heap/memory-reducer.cc            |     5 +-
 deps/v8/src/heap/minor-mark-sweep.cc          |     9 +-
 deps/v8/src/heap/new-spaces.cc                |     2 +-
 deps/v8/src/heap/object-stats.cc              |     5 +-
 deps/v8/src/heap/object-stats.h               |     2 +-
 deps/v8/src/heap/objects-visiting.h           |     9 +-
 deps/v8/src/heap/paged-spaces.cc              |    10 +-
 deps/v8/src/heap/paged-spaces.h               |     5 +-
 deps/v8/src/heap/read-only-heap.cc            |    10 +
 deps/v8/src/heap/read-only-heap.h             |     5 +
 deps/v8/src/heap/read-only-promotion.cc       |     5 +-
 deps/v8/src/heap/scavenger-inl.h              |    35 +-
 deps/v8/src/heap/scavenger.cc                 |    16 +-
 deps/v8/src/heap/scavenger.h                  |     1 -
 deps/v8/src/heap/setup-heap-internal.cc       |    83 +-
 .../young-generation-marking-visitor-inl.h    |     2 +-
 deps/v8/src/ic/accessor-assembler.cc          |    64 +-
 deps/v8/src/ic/accessor-assembler.h           |    37 +-
 deps/v8/src/ic/binary-op-assembler.cc         |    31 +-
 deps/v8/src/ic/call-optimization.cc           |     7 +-
 deps/v8/src/ic/call-optimization.h            |     4 +-
 deps/v8/src/ic/ic.cc                          |   318 +-
 deps/v8/src/ic/ic.h                           |     8 +-
 deps/v8/src/ic/keyed-store-generic.cc         |     8 +-
 deps/v8/src/ic/unary-op-assembler.cc          |    75 +-
 deps/v8/src/init/bootstrapper.cc              |   463 +-
 deps/v8/src/init/heap-symbols.h               |     3 +-
 deps/v8/src/init/isolate-group.cc             |     2 +
 deps/v8/src/init/isolate-group.h              |     6 +
 deps/v8/src/init/v8.cc                        |     7 +-
 deps/v8/src/inspector/DEPS                    |     1 -
 deps/v8/src/inspector/custom-preview.cc       |     3 +-
 deps/v8/src/inspector/value-mirror.cc         |     2 +-
 .../src/interpreter/bytecode-array-builder.cc |     4 +-
 .../src/interpreter/bytecode-array-builder.h  |     6 +-
 deps/v8/src/interpreter/bytecode-generator.cc |   419 +-
 deps/v8/src/interpreter/bytecode-generator.h  |    10 +-
 deps/v8/src/interpreter/bytecode-register.h   |     5 +-
 .../src/interpreter/interpreter-assembler.cc  |     4 +-
 .../src/interpreter/interpreter-generator.cc  |    71 +-
 deps/v8/src/interpreter/interpreter.cc        |     7 +-
 deps/v8/src/json/json-parser.cc               |    30 +-
 deps/v8/src/json/json-parser.h                |    24 +-
 deps/v8/src/json/json-stringifier.cc          |    16 +-
 deps/v8/src/logging/counters-definitions.h    |    18 +-
 deps/v8/src/logging/counters.cc               |     7 +
 deps/v8/src/logging/counters.h                |    14 +-
 deps/v8/src/logging/log-file.cc               |     3 +-
 deps/v8/src/logging/log-file.h                |     4 +-
 deps/v8/src/logging/log.cc                    |    10 +-
 deps/v8/src/logging/runtime-call-stats.h      |     4 +-
 .../src/maglev/arm/maglev-assembler-arm-inl.h |   336 +-
 .../v8/src/maglev/arm/maglev-assembler-arm.cc |    34 +-
 deps/v8/src/maglev/arm/maglev-ir-arm.cc       |    81 +-
 .../maglev/arm64/maglev-assembler-arm64-inl.h |   385 +-
 .../maglev/arm64/maglev-assembler-arm64.cc    |   112 +-
 deps/v8/src/maglev/arm64/maglev-ir-arm64.cc   |    52 +-
 deps/v8/src/maglev/maglev-assembler-inl.h     |    77 +-
 deps/v8/src/maglev/maglev-assembler.cc        |   152 +-
 deps/v8/src/maglev/maglev-assembler.h         |   158 +-
 deps/v8/src/maglev/maglev-basic-block.h       |     9 +-
 deps/v8/src/maglev/maglev-code-generator.cc   |    26 +-
 deps/v8/src/maglev/maglev-compilation-info.cc |    11 +-
 deps/v8/src/maglev/maglev-compilation-info.h  |     6 +-
 deps/v8/src/maglev/maglev-compiler.cc         |    17 +-
 deps/v8/src/maglev/maglev-graph-builder.cc    |  1441 +-
 deps/v8/src/maglev/maglev-graph-builder.h     |   296 +-
 deps/v8/src/maglev/maglev-graph-printer.cc    |    10 +-
 deps/v8/src/maglev/maglev-graph-printer.h     |     8 +-
 deps/v8/src/maglev/maglev-graph-processor.h   |   163 +-
 deps/v8/src/maglev/maglev-graph-verifier.h    |     5 +-
 deps/v8/src/maglev/maglev-graph.h             |    36 +-
 .../maglev/maglev-interpreter-frame-state.cc  |   221 +-
 .../maglev/maglev-interpreter-frame-state.h   |    87 +-
 deps/v8/src/maglev/maglev-ir-inl.h            |     5 +-
 deps/v8/src/maglev/maglev-ir.cc               |   553 +-
 deps/v8/src/maglev/maglev-ir.h                |   448 +-
 .../maglev-phi-representation-selector.cc     |     9 +-
 .../maglev-phi-representation-selector.h      |    11 +-
 ...maglev-post-hoc-optimizations-processors.h |   176 +-
 .../maglev-pre-regalloc-codegen-processors.h  |    22 +-
 deps/v8/src/maglev/maglev-regalloc.cc         |     5 +
 .../maglev/s390/maglev-assembler-s390-inl.h   |   319 +-
 .../src/maglev/s390/maglev-assembler-s390.cc  |    45 +-
 deps/v8/src/maglev/s390/maglev-ir-s390.cc     |    44 +-
 .../src/maglev/x64/maglev-assembler-x64-inl.h |   248 +-
 .../v8/src/maglev/x64/maglev-assembler-x64.cc |    52 +-
 deps/v8/src/maglev/x64/maglev-ir-x64.cc       |     8 +-
 deps/v8/src/numbers/conversions.cc            |   234 +-
 deps/v8/src/numbers/conversions.h             |    56 +-
 deps/v8/src/numbers/integer-literal.h         |     7 +-
 deps/v8/src/objects/backing-store.cc          |    13 +-
 deps/v8/src/objects/backing-store.h           |    14 +-
 deps/v8/src/objects/bytecode-array-inl.h      |     5 -
 deps/v8/src/objects/bytecode-array.h          |     8 -
 deps/v8/src/objects/bytecode-array.tq         |     5 +-
 deps/v8/src/objects/call-site-info-inl.h      |     6 +-
 deps/v8/src/objects/call-site-info.cc         |    39 +-
 deps/v8/src/objects/call-site-info.h          |    17 +-
 deps/v8/src/objects/call-site-info.tq         |     4 +-
 deps/v8/src/objects/code-inl.h                |     2 +-
 .../src/objects/compilation-cache-table-inl.h |    46 +-
 .../v8/src/objects/compilation-cache-table.cc |    25 +-
 deps/v8/src/objects/compilation-cache-table.h |     4 +-
 deps/v8/src/objects/contexts.cc               |    10 +-
 deps/v8/src/objects/contexts.h                |     4 +
 deps/v8/src/objects/debug-objects.tq          |    11 +-
 deps/v8/src/objects/deoptimization-data-inl.h |     9 +
 deps/v8/src/objects/deoptimization-data.cc    |     4 +
 deps/v8/src/objects/deoptimization-data.h     |     9 +
 deps/v8/src/objects/descriptor-array-inl.h    |     1 +
 deps/v8/src/objects/dictionary-inl.h          |    11 +-
 deps/v8/src/objects/dictionary.h              |    13 +-
 deps/v8/src/objects/elements.cc               |    52 +-
 deps/v8/src/objects/elements.h                |     4 +-
 deps/v8/src/objects/feedback-cell-inl.h       |    20 +-
 deps/v8/src/objects/feedback-cell.h           |    15 +-
 deps/v8/src/objects/feedback-cell.tq          |     2 +-
 deps/v8/src/objects/feedback-vector-inl.h     |    49 +-
 deps/v8/src/objects/feedback-vector.cc        |    71 +-
 deps/v8/src/objects/feedback-vector.h         |    83 +-
 deps/v8/src/objects/fixed-array-inl.h         |    37 +-
 deps/v8/src/objects/fixed-array.h             |    23 +-
 deps/v8/src/objects/heap-object.h             |    41 +-
 deps/v8/src/objects/instance-type-checker.h   |    14 +-
 deps/v8/src/objects/instance-type-inl.h       |   173 +-
 deps/v8/src/objects/instruction-stream-inl.h  |    10 +-
 deps/v8/src/objects/intl-objects.cc           |    38 +-
 deps/v8/src/objects/intl-objects.h            |    28 +-
 .../src/objects/js-atomics-synchronization.cc |     4 +-
 .../src/objects/js-atomics-synchronization.h  |     2 +-
 deps/v8/src/objects/js-break-iterator.cc      |     2 +-
 deps/v8/src/objects/js-date-time-format.cc    |    66 +-
 deps/v8/src/objects/js-disposable-stack.cc    |    80 +-
 deps/v8/src/objects/js-duration-format.cc     |     2 +-
 deps/v8/src/objects/js-function-inl.h         |    27 +-
 deps/v8/src/objects/js-function.cc            |    73 +-
 deps/v8/src/objects/js-function.h             |    33 +-
 deps/v8/src/objects/js-function.tq            |     7 +-
 deps/v8/src/objects/js-list-format.cc         |     2 +-
 deps/v8/src/objects/js-locale.cc              |     2 +-
 deps/v8/src/objects/js-number-format.cc       |    13 +-
 deps/v8/src/objects/js-objects-inl.h          |    16 +-
 deps/v8/src/objects/js-objects.cc             |   157 +-
 deps/v8/src/objects/js-objects.h              |    49 +-
 deps/v8/src/objects/js-regexp-inl.h           |   159 +-
 deps/v8/src/objects/js-regexp.cc              |   177 +-
 deps/v8/src/objects/js-regexp.h               |   299 +-
 deps/v8/src/objects/js-regexp.tq              |    35 +-
 .../v8/src/objects/js-relative-time-format.cc |    13 +-
 deps/v8/src/objects/js-segment-iterator.cc    |     4 +-
 deps/v8/src/objects/js-segmenter.cc           |     2 +-
 deps/v8/src/objects/js-struct.cc              |     2 +-
 deps/v8/src/objects/js-temporal-objects.cc    |   108 +-
 deps/v8/src/objects/js-temporal-objects.h     |     6 +-
 deps/v8/src/objects/keys.cc                   |    32 +-
 deps/v8/src/objects/keys.h                    |    12 +-
 deps/v8/src/objects/literal-objects-inl.h     |    17 +-
 deps/v8/src/objects/literal-objects.cc        |    14 +-
 deps/v8/src/objects/literal-objects.h         |    27 +-
 deps/v8/src/objects/literal-objects.tq        |     3 +-
 deps/v8/src/objects/lookup.cc                 |    22 +-
 deps/v8/src/objects/lookup.h                  |    12 +-
 deps/v8/src/objects/map-inl.h                 |     8 +-
 deps/v8/src/objects/map-updater.cc            |    68 +-
 deps/v8/src/objects/map-updater.h             |    10 +-
 deps/v8/src/objects/map.cc                    |    76 +-
 deps/v8/src/objects/map.h                     |    29 +-
 deps/v8/src/objects/object-list-macros.h      |    50 +-
 deps/v8/src/objects/object-macros.h           |    40 +-
 .../objects/objects-body-descriptors-inl.h    |   183 +-
 .../v8/src/objects/objects-body-descriptors.h |     5 +
 deps/v8/src/objects/objects-definitions.h     |    82 +-
 deps/v8/src/objects/objects-inl.h             |    45 +-
 deps/v8/src/objects/objects.cc                |    98 +-
 deps/v8/src/objects/objects.h                 |    10 +-
 deps/v8/src/objects/ordered-hash-table.cc     |    11 +-
 deps/v8/src/objects/ordered-hash-table.h      |    11 +-
 deps/v8/src/objects/regexp-match-info.cc      |    10 +-
 deps/v8/src/objects/scope-info.cc             |    82 +-
 deps/v8/src/objects/scope-info.h              |    23 +-
 deps/v8/src/objects/scope-info.tq             |     8 +-
 deps/v8/src/objects/script-inl.h              |    29 +-
 deps/v8/src/objects/script.h                  |    14 +-
 deps/v8/src/objects/script.tq                 |     2 +-
 .../v8/src/objects/shared-function-info-inl.h |   383 +-
 deps/v8/src/objects/shared-function-info.cc   |   209 +-
 deps/v8/src/objects/shared-function-info.h    |   143 +-
 deps/v8/src/objects/shared-function-info.tq   |    55 +-
 deps/v8/src/objects/smi.h                     |    12 +-
 deps/v8/src/objects/source-text-module.cc     |    16 +-
 deps/v8/src/objects/string-inl.h              |    14 +-
 deps/v8/src/objects/string.cc                 |    80 +-
 deps/v8/src/objects/string.h                  |    14 +-
 .../src/objects/swiss-name-dictionary-inl.h   |    10 +-
 deps/v8/src/objects/swiss-name-dictionary.h   |    10 +-
 deps/v8/src/objects/tagged-field.h            |    31 +-
 deps/v8/src/objects/templates.cc              |    24 +-
 deps/v8/src/objects/templates.h               |     8 +-
 deps/v8/src/objects/templates.tq              |    12 +
 deps/v8/src/objects/transitions-inl.h         |   122 +-
 deps/v8/src/objects/transitions.cc            |   130 +-
 deps/v8/src/objects/transitions.h             |   147 +-
 deps/v8/src/objects/trusted-object-inl.h      |     6 +-
 deps/v8/src/objects/trusted-object.h          |     4 +-
 deps/v8/src/objects/trusted-object.tq         |     2 +-
 deps/v8/src/objects/value-serializer.cc       |    51 +-
 deps/v8/src/objects/value-serializer.h        |     2 +
 deps/v8/src/objects/visitors.h                |     2 +-
 deps/v8/src/parsing/func-name-inferrer.h      |     5 +-
 deps/v8/src/parsing/parse-info.cc             |     5 +-
 deps/v8/src/parsing/parse-info.h              |    12 +-
 deps/v8/src/parsing/parser-base.h             |   283 +-
 deps/v8/src/parsing/parser.cc                 |   338 +-
 deps/v8/src/parsing/parser.h                  |    59 +-
 deps/v8/src/parsing/parsing.cc                |    17 +-
 deps/v8/src/parsing/parsing.h                 |     6 +-
 deps/v8/src/parsing/preparser-logger.h        |    10 +-
 deps/v8/src/parsing/preparser.cc              |     9 +-
 deps/v8/src/parsing/preparser.h               |    73 +-
 deps/v8/src/parsing/rewriter.cc               |    33 +-
 deps/v8/src/parsing/rewriter.h                |    14 +-
 .../src/parsing/scanner-character-streams.cc  |     6 +-
 deps/v8/src/parsing/scanner.cc                |    35 +-
 deps/v8/src/parsing/scanner.h                 |    32 +-
 deps/v8/src/profiler/allocation-tracker.cc    |     2 +-
 deps/v8/src/profiler/heap-profiler.cc         |    37 +-
 deps/v8/src/profiler/heap-profiler.h          |     2 +
 .../src/profiler/heap-snapshot-generator.cc   |    30 +-
 .../v8/src/profiler/heap-snapshot-generator.h |    12 +-
 .../v8/src/profiler/sampling-heap-profiler.cc |     2 +-
 .../experimental/experimental-interpreter.cc  |    17 +-
 .../experimental/experimental-interpreter.h   |     4 +-
 .../src/regexp/experimental/experimental.cc   |   133 +-
 .../v8/src/regexp/experimental/experimental.h |    23 +-
 deps/v8/src/regexp/regexp-ast.h               |    11 +-
 .../src/regexp/regexp-bytecode-generator.cc   |     4 +-
 .../v8/src/regexp/regexp-bytecode-peephole.cc |     5 +-
 deps/v8/src/regexp/regexp-bytecode-peephole.h |     4 +-
 deps/v8/src/regexp/regexp-compiler.cc         |    12 +-
 deps/v8/src/regexp/regexp-error.h             |     1 -
 deps/v8/src/regexp/regexp-flags.h             |    13 +-
 deps/v8/src/regexp/regexp-interpreter.cc      |    48 +-
 deps/v8/src/regexp/regexp-interpreter.h       |    11 +-
 deps/v8/src/regexp/regexp-macro-assembler.cc  |    23 +-
 deps/v8/src/regexp/regexp-macro-assembler.h   |     9 +-
 deps/v8/src/regexp/regexp-parser.cc           |     2 +-
 deps/v8/src/regexp/regexp.cc                  |   370 +-
 deps/v8/src/regexp/regexp.h                   |    21 +-
 deps/v8/src/roots/roots.h                     |    86 +-
 deps/v8/src/roots/static-roots.h              |  1417 +-
 deps/v8/src/runtime/runtime-array.cc          |     2 +-
 deps/v8/src/runtime/runtime-atomics.cc        |     3 +-
 deps/v8/src/runtime/runtime-bigint.cc         |     4 +-
 deps/v8/src/runtime/runtime-classes.cc        |     2 +-
 deps/v8/src/runtime/runtime-compiler.cc       |    28 +-
 deps/v8/src/runtime/runtime-debug.cc          |    14 +-
 deps/v8/src/runtime/runtime-internal.cc       |     4 +-
 deps/v8/src/runtime/runtime-literals.cc       |     3 +-
 deps/v8/src/runtime/runtime-module.cc         |    17 +-
 deps/v8/src/runtime/runtime-object.cc         |    12 +-
 deps/v8/src/runtime/runtime-promise.cc        |    23 +-
 deps/v8/src/runtime/runtime-regexp.cc         |   165 +-
 deps/v8/src/runtime/runtime-scopes.cc         |    30 +-
 deps/v8/src/runtime/runtime-shadow-realm.cc   |     5 +-
 deps/v8/src/runtime/runtime-test-wasm.cc      |   183 +-
 deps/v8/src/runtime/runtime-test.cc           |   154 +-
 deps/v8/src/runtime/runtime-wasm.cc           |   153 +-
 deps/v8/src/runtime/runtime.cc                |     9 +
 deps/v8/src/runtime/runtime.h                 |    87 +-
 deps/v8/src/sandbox/check.h                   |     2 +-
 deps/v8/src/sandbox/code-pointer-table-inl.h  |     4 +
 deps/v8/src/sandbox/code-pointer-table.cc     |     8 -
 deps/v8/src/sandbox/code-pointer-table.h      |     9 +-
 .../src/sandbox/external-entity-table-inl.h   |   193 +-
 deps/v8/src/sandbox/external-entity-table.h   |   160 +-
 deps/v8/src/sandbox/indirect-pointer-inl.h    |    15 +-
 deps/v8/src/sandbox/indirect-pointer-tag.h    |    61 +-
 deps/v8/src/sandbox/indirect-pointer.h        |     6 +-
 deps/v8/src/sandbox/isolate-inl.h             |    26 +-
 deps/v8/src/sandbox/js-dispatch-table-inl.h   |    25 +-
 deps/v8/src/sandbox/js-dispatch-table.cc      |    19 +-
 deps/v8/src/sandbox/js-dispatch-table.h       |    51 +-
 .../src/sandbox/trusted-pointer-table-inl.h   |    10 +
 deps/v8/src/sandbox/trusted-pointer-table.h   |    12 +
 deps/v8/src/snapshot/code-serializer.cc       |    27 +-
 deps/v8/src/snapshot/deserializer.cc          |    10 -
 .../src/snapshot/embedded/embedded-empty.cc   |    10 +
 .../platform-embedded-file-writer-base.h      |    14 +
 .../platform-embedded-file-writer-generic.cc  |     6 +-
 .../platform-embedded-file-writer-win.cc      |     6 +-
 deps/v8/src/snapshot/serializer.cc            |    25 +
 deps/v8/src/snapshot/serializer.h             |     2 +
 deps/v8/src/snapshot/snapshot.cc              |     8 +-
 deps/v8/src/snapshot/startup-serializer.cc    |     2 +-
 deps/v8/src/snapshot/static-roots-gen.cc      |     2 +
 deps/v8/src/temporal/temporal-parser.cc       |    43 +-
 deps/v8/src/temporal/temporal-parser.h        |    13 +-
 deps/v8/src/torque/ast.h                      |    83 +-
 deps/v8/src/torque/cc-generator.cc            |    16 +-
 deps/v8/src/torque/cc-generator.h             |    12 +-
 deps/v8/src/torque/cfg.cc                     |    22 +-
 deps/v8/src/torque/cfg.h                      |    36 +-
 .../torque/class-debug-reader-generator.cc    |    21 +-
 deps/v8/src/torque/constants.h                |     2 +-
 deps/v8/src/torque/csa-generator.cc           |    20 +-
 deps/v8/src/torque/csa-generator.h            |    22 +-
 deps/v8/src/torque/declarable.cc              |    23 +-
 deps/v8/src/torque/declarable.h               |    51 +-
 deps/v8/src/torque/declaration-visitor.cc     |    26 +-
 deps/v8/src/torque/declaration-visitor.h      |    15 +-
 deps/v8/src/torque/declarations.cc            |    42 +-
 deps/v8/src/torque/declarations.h             |    32 +-
 deps/v8/src/torque/earley-parser.cc           |    18 +-
 deps/v8/src/torque/earley-parser.h            |    51 +-
 deps/v8/src/torque/global-context.cc          |     3 +-
 deps/v8/src/torque/global-context.h           |     4 +-
 deps/v8/src/torque/implementation-visitor.cc  |   130 +-
 deps/v8/src/torque/implementation-visitor.h   |    72 +-
 deps/v8/src/torque/instance-type-generator.cc |    12 +-
 deps/v8/src/torque/instructions.cc            |    31 +-
 deps/v8/src/torque/instructions.h             |    45 +-
 deps/v8/src/torque/ls/json-parser.cc          |    26 +-
 deps/v8/src/torque/ls/json-parser.h           |    15 +-
 deps/v8/src/torque/parameter-difference.h     |    19 +-
 deps/v8/src/torque/server-data.cc             |    18 +-
 deps/v8/src/torque/server-data.h              |    12 +-
 deps/v8/src/torque/torque-compiler.cc         |    14 +-
 deps/v8/src/torque/torque-compiler.h          |    12 +-
 deps/v8/src/torque/torque-parser.cc           |   357 +-
 deps/v8/src/torque/type-inference.cc          |    16 +-
 deps/v8/src/torque/type-inference.h           |    16 +-
 deps/v8/src/torque/type-oracle.cc             |    16 +-
 deps/v8/src/torque/type-oracle.h              |    23 +-
 deps/v8/src/torque/type-visitor.cc            |    22 +-
 deps/v8/src/torque/type-visitor.h             |    12 +-
 deps/v8/src/torque/types.cc                   |    78 +-
 deps/v8/src/torque/types.h                    |    72 +-
 deps/v8/src/torque/utils.cc                   |    22 +-
 deps/v8/src/torque/utils.h                    |    18 +-
 deps/v8/src/trap-handler/handler-inside.cc    |    11 +
 deps/v8/src/trap-handler/handler-outside.cc   |     6 +-
 deps/v8/src/utils/hex-format.cc               |     3 +-
 .../baseline/arm/liftoff-assembler-arm-inl.h  |   150 +-
 .../arm64/liftoff-assembler-arm64-inl.h       |   354 +-
 .../ia32/liftoff-assembler-ia32-inl.h         |   178 +-
 .../v8/src/wasm/baseline/liftoff-assembler.cc |     6 +-
 deps/v8/src/wasm/baseline/liftoff-assembler.h |    51 +
 deps/v8/src/wasm/baseline/liftoff-compiler.cc |   280 +-
 .../loong64/liftoff-assembler-loong64-inl.h   |   146 +
 .../mips64/liftoff-assembler-mips64-inl.h     |   146 +
 .../baseline/ppc/liftoff-assembler-ppc-inl.h  |    96 +-
 .../riscv/liftoff-assembler-riscv-inl.h       |   138 +
 .../riscv/liftoff-assembler-riscv32-inl.h     |     5 +
 .../riscv/liftoff-assembler-riscv64-inl.h     |     5 +
 .../s390/liftoff-assembler-s390-inl.h         |   102 +-
 .../baseline/x64/liftoff-assembler-x64-inl.h  |   405 +-
 deps/v8/src/wasm/c-api.cc                     |    31 +-
 deps/v8/src/wasm/canonical-types.cc           |     4 +-
 deps/v8/src/wasm/compilation-environment.h    |     3 +-
 deps/v8/src/wasm/function-body-decoder-impl.h |    36 +-
 deps/v8/src/wasm/function-compiler.cc         |    55 +-
 deps/v8/src/wasm/function-compiler.h          |     8 +-
 .../wasm/fuzzing/random-module-generation.cc  |    74 +-
 deps/v8/src/wasm/interpreter/OWNERS           |     3 +
 .../arm64/interpreter-builtins-arm64.cc       |  1816 +++
 .../wasm/interpreter/instruction-handlers.h   |  1256 ++
 .../wasm/interpreter/wasm-interpreter-inl.h   |   713 +
 .../wasm-interpreter-objects-inl.h            |    52 +
 .../interpreter/wasm-interpreter-objects.cc   |    97 +
 .../interpreter/wasm-interpreter-objects.h    |    86 +
 .../wasm-interpreter-runtime-inl.h            |   165 +
 .../interpreter/wasm-interpreter-runtime.cc   |  3065 +++++
 .../interpreter/wasm-interpreter-runtime.h    |   461 +
 .../wasm/interpreter/wasm-interpreter-simd.cc |   361 +
 .../src/wasm/interpreter/wasm-interpreter.cc  | 11408 ++++++++++++++++
 .../src/wasm/interpreter/wasm-interpreter.h   |  2068 +++
 .../x64/interpreter-builtins-x64.cc           |  2997 ++++
 deps/v8/src/wasm/memory-tracing.cc            |    10 +-
 deps/v8/src/wasm/memory-tracing.h             |    12 +-
 deps/v8/src/wasm/module-compiler.cc           |   341 +-
 deps/v8/src/wasm/module-compiler.h            |    36 +-
 deps/v8/src/wasm/module-instantiate.cc        |   288 +-
 deps/v8/src/wasm/module-instantiate.h         |    13 +-
 deps/v8/src/wasm/names-provider.cc            |    13 +-
 deps/v8/src/wasm/names-provider.h             |     2 +-
 deps/v8/src/wasm/simd-shuffle.cc              |   126 +
 deps/v8/src/wasm/simd-shuffle.h               |    36 +
 deps/v8/src/wasm/streaming-decoder.cc         |    12 +-
 deps/v8/src/wasm/streaming-decoder.h          |     9 +-
 .../v8/src/wasm/turboshaft-graph-interface.cc |   401 +-
 deps/v8/src/wasm/turboshaft-graph-interface.h |     8 +-
 deps/v8/src/wasm/value-type.cc                |    50 +-
 deps/v8/src/wasm/value-type.h                 |    11 +-
 deps/v8/src/wasm/wasm-code-manager.cc         |   103 +-
 deps/v8/src/wasm/wasm-code-manager.h          |    31 +-
 deps/v8/src/wasm/wasm-debug.cc                |    16 +-
 deps/v8/src/wasm/wasm-engine.cc               |   227 +-
 deps/v8/src/wasm/wasm-engine.h                |    20 +-
 deps/v8/src/wasm/wasm-external-refs.cc        |   294 +
 deps/v8/src/wasm/wasm-external-refs.h         |    56 +
 deps/v8/src/wasm/wasm-features.cc             |    40 +-
 deps/v8/src/wasm/wasm-js.cc                   |   310 +-
 deps/v8/src/wasm/wasm-js.h                    |     2 +
 deps/v8/src/wasm/wasm-module-builder.h        |     4 +-
 deps/v8/src/wasm/wasm-module.cc               |    55 +-
 deps/v8/src/wasm/wasm-module.h                |    21 +-
 deps/v8/src/wasm/wasm-objects-inl.h           |    48 +-
 deps/v8/src/wasm/wasm-objects.cc              |   578 +-
 deps/v8/src/wasm/wasm-objects.h               |   194 +-
 deps/v8/src/wasm/wasm-objects.tq              |    82 +-
 deps/v8/src/wasm/wasm-opcodes-inl.h           |     2 +-
 deps/v8/src/wasm/wasm-opcodes.h               |    32 +-
 deps/v8/src/wasm/wasm-serialization.cc        |     9 +-
 deps/v8/src/wasm/wasm-tier.h                  |     7 +
 deps/v8/src/wasm/wrappers.cc                  |   107 +-
 deps/v8/src/zone/accounting-allocator.cc      |     6 +-
 deps/v8/src/zone/accounting-allocator.h       |     3 -
 deps/v8/src/zone/zone-compact-set.h           |     9 +
 deps/v8/test/cctest/cctest.cc                 |     1 -
 deps/v8/test/cctest/cctest.h                  |    13 +-
 deps/v8/test/cctest/cctest.status             |    25 +
 .../v8/test/cctest/compiler/function-tester.h |     6 +-
 .../cctest/compiler/test-code-generator.cc    |    19 +-
 .../test-concurrent-shared-function-info.cc   |     2 +-
 .../cctest/compiler/test-run-native-calls.cc  |     8 +-
 .../cctest/compiler/test-run-variables.cc     |     6 +-
 deps/v8/test/cctest/heap/test-compaction.cc   |    20 +-
 deps/v8/test/cctest/heap/test-heap.cc         |    70 +-
 .../cctest/heap/test-memory-measurement.cc    |     7 +-
 .../test/cctest/heap/test-weak-references.cc  |     5 +
 deps/v8/test/cctest/test-api-incumbent.cc     |     5 +-
 deps/v8/test/cctest/test-api.cc               |   189 +-
 deps/v8/test/cctest/test-assembler-mips64.cc  |     4 +-
 deps/v8/test/cctest/test-assembler-riscv64.cc |    51 +
 .../test/cctest/test-code-stub-assembler.cc   |   115 +-
 deps/v8/test/cctest/test-debug.cc             |   317 +-
 .../test/cctest/test-field-type-tracking.cc   |    19 +-
 .../test/cctest/test-func-name-inference.cc   |    12 +-
 deps/v8/test/cctest/test-heap-profiler.cc     |    18 +-
 .../cctest/test-inobject-slack-tracking.cc    |    10 +-
 deps/v8/test/cctest/test-js-weak-refs.cc      |    30 +-
 .../cctest/test-macro-assembler-loong64.cc    |    22 +-
 .../cctest/test-macro-assembler-riscv32.cc    |    20 +-
 .../cctest/test-macro-assembler-riscv64.cc    |    37 +-
 deps/v8/test/cctest/test-orderedhashtable.cc  |    86 +-
 deps/v8/test/cctest/test-regexp.cc            |    17 +-
 deps/v8/test/cctest/test-serialize.cc         |    58 +-
 deps/v8/test/cctest/test-shared-strings.cc    |    20 +-
 deps/v8/test/cctest/test-strings.cc           |     7 +-
 .../cctest/test-swiss-name-dictionary-csa.cc  |    12 +-
 .../cctest/test-swiss-name-dictionary-infra.h |    23 +-
 .../test-swiss-name-dictionary-shared-tests.h |     3 +-
 .../test/cctest/test-swiss-name-dictionary.cc |    12 +-
 deps/v8/test/cctest/torque/test-torque.cc     |     2 +
 deps/v8/test/cctest/wasm/test-gc.cc           |     5 +
 deps/v8/test/cctest/wasm/test-run-wasm-f16.cc |   339 +-
 .../v8/test/cctest/wasm/test-run-wasm-simd.cc |    33 +
 .../cctest/wasm/test-run-wasm-wrappers.cc     |     9 +-
 .../test/cctest/wasm/test-wasm-breakpoints.cc |     4 +-
 deps/v8/test/cctest/wasm/test-wasm-stack.cc   |     2 +-
 .../cctest/wasm/test-wasm-trap-position.cc    |     2 +-
 deps/v8/test/cctest/wasm/wasm-run-utils.cc    |    35 +-
 deps/v8/test/cctest/wasm/wasm-run-utils.h     |    23 +
 deps/v8/test/cctest/wasm/wasm-simd-utils.cc   |    88 +
 deps/v8/test/cctest/wasm/wasm-simd-utils.h    |     7 +
 deps/v8/test/common/wasm/wasm-macro-gen.h     |     2 +
 .../debug/compiler/regress-354005322.js       |    38 +
 deps/v8/test/fuzzer/inspector-fuzzer.cc       |     5 +-
 deps/v8/test/fuzzer/regexp.cc                 |     2 +-
 deps/v8/test/fuzzer/wasm-deopt.cc             |    22 +-
 deps/v8/test/fuzzer/wasm-fuzzer-common.cc     |    17 +-
 .../wasm-jspi-async-stack-expected.txt        |   422 +-
 .../debugger/wasm-jspi-async-stack.js         |    23 +-
 deps/v8/test/inspector/inspector-test.cc      |     3 +-
 deps/v8/test/inspector/isolate-data.cc        |     6 +-
 deps/v8/test/inspector/isolate-data.h         |     6 +-
 deps/v8/test/message/message.status           |    23 +-
 deps/v8/test/message/wasm-trace-deopt-32.out  |     2 +-
 deps/v8/test/message/wasm-trace-deopt-64.out  |     2 +-
 .../mjsunit/baseline/flush-baseline-code.js   |    78 +-
 .../baseline/flush-only-baseline-code.js      |    76 +-
 .../mjsunit/comparison-throws-feedback.js     |    36 +
 deps/v8/test/mjsunit/compiler/dataview-get.js |    34 +
 deps/v8/test/mjsunit/compiler/dataview-set.js |    34 +-
 .../mjsunit/compiler/fast-api-annotations.js  |     1 +
 .../fast-api-calls-64-bit-integer-values.js   |     1 +
 .../mjsunit/compiler/fast-api-calls-8args.js  |     1 +
 .../compiler/fast-api-calls-pointer.js        |     1 +
 .../mjsunit/compiler/fast-api-calls-string.js |     1 +
 .../mjsunit/compiler/fast-api-calls-throw.js  |     1 +
 .../mjsunit/compiler/fast-api-calls-wasm.js   |     1 +
 .../test/mjsunit/compiler/fast-api-calls.js   |     1 +
 .../compiler/fast-api-clamp-annotations.js    |     1 +
 .../compiler/fast-api-interface-types.js      |     1 +
 .../compiler/fast-api-sequences-x64.js        |     1 +
 .../mjsunit/compiler/fast-api-sequences.js    |     1 +
 .../mjsunit/compiler/regress-359729268.js     |    21 +
 .../harmony/await-using-count-ticks.js        |    37 +
 .../mjsunit/harmony/modules-import-16.mjs     |     6 +-
 .../harmony/shadowrealm-skip-2-throw.mjs      |     6 +-
 .../shadowrealm-skip-3-throw-object.mjs       |     6 +-
 .../shadowrealm-skip-4-throw-string.mjs       |     6 +
 .../harmony/shadowrealm-type-error-copy.js    |   102 +
 ...dowrealm-type-error-prepare-stack-trace.js |   181 +
 .../test/mjsunit/harmony/suppressed-error.js  |    24 +-
 .../v8/test/mjsunit/maglev/api-setter-poly.js |    32 +
 deps/v8/test/mjsunit/maglev/api-setter.js     |    29 +
 .../mjsunit/maglev/context-object-tracking.js |    58 +
 .../mjsunit/maglev/equals-number-boolean.js   |    52 +
 .../mjsunit/maglev/escape-loop-inline-call.js |    25 +
 .../extend-properties-backing-store-1.js      |     1 -
 .../extend-properties-backing-store-2.js      |     1 -
 .../test/mjsunit/maglev/regress-343069823.js  |    10 +-
 .../test/mjsunit/maglev/regress-353877558.js  |    18 +
 .../test/mjsunit/maglev/regress-353928356.js  |    17 +
 .../test/mjsunit/maglev/regress-354324160.js  |    25 +
 .../test/mjsunit/maglev/regress-354758514.js  |    25 +
 .../test/mjsunit/maglev/regress-354800079.js  |    63 +
 .../test/mjsunit/maglev/regress-355493915.js  |    17 +
 .../test/mjsunit/maglev/regress-356491694.js  |    15 +
 .../test/mjsunit/maglev/regress-356901453.js  |    15 +
 .../test/mjsunit/maglev/regress-356913463.js  |    40 +
 .../test/mjsunit/maglev/regress-356965810.js  |    16 +
 .../test/mjsunit/maglev/regress-357496257.js  |    21 +
 .../test/mjsunit/maglev/regress-358071281.js  |    17 +
 .../test/mjsunit/maglev/regress-358399787.js  |    21 +
 .../test/mjsunit/maglev/regress-358998538.js  |    27 +
 .../maglev/regress/regress-355484345.js       |    25 +
 .../maglev/regress/regress-356913290.js       |    24 +
 .../maglev/regress/regress-356913462.js       |    22 +
 .../maglev/regress/regress-356917015.js       |    27 +
 .../maglev/strict-equals-number-boolean.js    |    45 +
 deps/v8/test/mjsunit/maglev/string-compare.js |     2 +-
 deps/v8/test/mjsunit/mjsunit.status           |   267 +-
 .../test/mjsunit/object-assign-regressions.js |    50 +-
 ...ress-331358160.js => regress-352402518.js} |     8 +-
 deps/v8/test/mjsunit/regress-352414652.js     |    13 +
 deps/v8/test/mjsunit/regress-352673356.js     |     7 +
 deps/v8/test/mjsunit/regress-352739458.js     |    13 +
 deps/v8/test/mjsunit/regress-353561476.js     |    40 +
 deps/v8/test/mjsunit/regress-354310130.js     |    10 +
 .../test/mjsunit/regress-4530868594868224.js  |    22 +
 .../mjsunit/regress-class-initializer-eval.js |    12 +
 .../test/mjsunit/regress/regress-335548148.js |     2 +-
 .../mjsunit/regress/regress-352690885-1.js    |    15 +
 .../mjsunit/regress/regress-352690885-2.js    |    11 +
 .../mjsunit/regress/regress-352690885-3.js    |    11 +
 .../mjsunit/regress/regress-352690885-4.js    |    22 +
 .../mjsunit/regress/regress-352690885-5.js    |    62 +
 .../mjsunit/regress/regress-352690885-6.js    |    86 +
 .../test/mjsunit/regress/regress-355683663.js |    31 +
 .../test/mjsunit/regress/regress-357651585.js |    26 +
 .../test/mjsunit/regress/regress-359618508.js |    28 +
 .../regress/wasm/regress-336358915-a.js       |    18 -
 .../mjsunit/regress/wasm/regress-336358915.js |     2 +-
 .../mjsunit/regress/wasm/regress-349402547.js |    30 +
 .../mjsunit/regress/wasm/regress-353913485.js |    96 +
 .../regress/wasm/regress-354324155-2.js       |    61 +
 .../mjsunit/regress/wasm/regress-354324155.js |    57 +
 .../mjsunit/regress/wasm/regress-355493919.js |    13 +
 .../mjsunit/regress/wasm/regress-357977718.js |    29 +
 .../mjsunit/regress/wasm/regress-359949835.js |    25 +
 .../mjsunit/regress/wasm/regress-360044696.js |    64 +
 .../mjsunit/regress/wasm/regress-v8-14471.js  |     6 +-
 deps/v8/test/mjsunit/strictequals-feedback.js |   258 +
 .../test/mjsunit/test-scopeinfo-reuse-eval.js |    15 +
 .../maglev-frontend/check-float64-is-nan.js   |    24 +
 ...terialized-identical-heap-number-fields.js |    25 +
 .../maglev-frontend/dematerialized-regexp.js  |    39 +
 .../extend-property-backing-store-1.js        |    39 +
 .../extend-property-backing-store-2.js        |    49 +
 .../generator-async-await-loop.js             |    23 +
 .../maglev-frontend/generator-async.js        |    12 +
 .../maglev-frontend/generator-if.js           |    39 +
 .../generator-infinite-loop.js                |    31 +
 .../maglev-frontend/generator-loop-if.js      |    28 +
 .../generator-loop-multi-if.js                |    37 +
 .../generator-loop-no-forward-edge.js         |    20 +
 .../generator-loop-untagged-phis.js           |    41 +
 .../maglev-frontend/generator-loop.js         |    30 +
 .../maglev-frontend/generator-nested-loops.js |    50 +
 .../generator-return-finally-loop.js          |    40 +
 .../generator-return-finally.js               |    34 +
 .../maglev-frontend/generator-return.js       |    22 +
 .../generator-straight-line.js                |    25 +
 .../generator-throw-loop-2-yields.js          |    82 +
 .../maglev-frontend/generator-throw-loop.js   |    34 +
 .../generator-throw-nested-loop.js            |    42 +
 .../maglev-frontend/generator-throw.js        |    27 +
 .../generator-yield-star-loop-1.js            |    32 +
 .../generator-yield-star-loop-2.js            |    36 +
 .../maglev-frontend/generator-yield-star.js   |    27 +
 .../maglev-frontend/get-template-object.js    |    25 +
 .../holey-float64-phi-to-smi.js               |    58 +
 .../maglev-frontend/literal-nan-hole-deopt.js |    25 +
 .../maglev-frontend/regress-354145409-1.js    |    53 +
 .../maglev-frontend/regress-354145409-2.js    |    53 +
 .../maglev-frontend/regress-355016861.js      |    37 +
 .../maglev-frontend/regress-356194021.js      |    18 +
 .../maglev-frontend/regress-356436621.js      |    26 +
 .../maglev-frontend/regress-356649152.js      |    19 +
 .../maglev-frontend/regress-356720579.js      |    28 +
 .../maglev-frontend/regress-356901359.js      |    22 +
 .../maglev-frontend/regress-356913279.js      |    10 +
 .../maglev-frontend/regress-356913284-1.js    |    35 +
 .../maglev-frontend/regress-356913284-2.js    |    38 +
 .../turboshaft-instruction-selection.js       |    44 -
 .../test/mjsunit/turboshaft/type-inference.js |   118 -
 .../mjsunit/turboshaft/typed-optimizations.js |     2 +-
 deps/v8/test/mjsunit/value-helper.js          |   368 +
 .../mjsunit/wasm/deopt/deopt-call-indirect.js |     4 +-
 .../wasm/deopt/deopt-dynamic-tierup.js        |     2 +-
 .../wasm/deopt/deopt-feedback-states.js       |    16 +-
 .../deopt/deopt-inlined-param-stack-slots.js  |     4 +-
 .../wasm/deopt/deopt-inlined-stacktrace.js    |     6 +-
 .../test/mjsunit/wasm/deopt/deopt-inlined.js  |     8 +-
 .../mjsunit/wasm/deopt/deopt-int64-values.js  |    10 +-
 .../wasm/deopt/deopt-large-i31ref-constant.js |     4 +-
 .../deopt-many-params-many-locals-s128.js     |     6 +-
 .../wasm/deopt/deopt-many-params-tagged.js    |    12 +-
 .../mjsunit/wasm/deopt/deopt-many-params.js   |     4 +-
 .../mjsunit/wasm/deopt/deopt-many-results.js  |   130 +
 .../mjsunit/wasm/deopt/deopt-memory-access.js |     2 +-
 .../test/mjsunit/wasm/deopt/deopt-minimal.js  |     6 +-
 .../deopt-multi-instance-different-callee.js  |     8 +-
 .../deopt/deopt-multi-instance-inlined.js     |    18 +-
 .../wasm/deopt/deopt-multi-instance.js        |    18 +-
 .../test/mjsunit/wasm/deopt/deopt-multiple.js |     8 +-
 deps/v8/test/mjsunit/wasm/deopt/deopt-nan.js  |    24 +-
 .../wasm/deopt/deopt-non-inlineable-target.js |    12 +-
 .../wasm/deopt/deopt-non-inlined-target.js    |     6 +-
 .../wasm/deopt/deopt-signal-handler.js        |     2 +-
 .../deopt/deopt-tail-call-parent-frame.js     |     2 +-
 .../wasm/deopt/deopt-untagged-parameters.js   |     1 +
 .../mjsunit/wasm/deopt/deopt-value-types.js   |    12 +-
 ...i-calls-with-wellknown-imports-conflict.js |     1 +
 ...api-calls-with-wellknown-imports-floats.js |     1 +
 ...st-api-calls-with-wellknown-imports-i64.js |     1 +
 .../mjsunit/wasm/gc-js-interop-helpers.js     |     8 +-
 deps/v8/test/mjsunit/wasm/gc-js-interop.js    |    15 +-
 deps/v8/test/mjsunit/wasm/memory64.js         |    41 +
 deps/v8/test/mjsunit/wasm/module-prototype.js |    27 +
 deps/v8/test/mjsunit/wasm/module-source.js    |    37 +
 .../test/mjsunit/wasm/runtime-gc-objects.js   |    26 +
 .../mjsunit/wasm/simd-wasm-interpreter.js     |    57 +
 .../mjsunit/wasm/stack-switching-export.js    |   264 +-
 .../wasm/stack-switching-generic-wrapper.js   |     5 +-
 .../mjsunit/wasm/stack-switching-new-api.js   |   562 -
 deps/v8/test/mjsunit/wasm/stack-switching.js  |   468 +-
 .../wasm/turboshaft/reduction-shuffle.js      |   426 +
 .../wasm/wasm-interpreter-memory-grow.js      |    47 +
 deps/v8/test/mjsunit/wasm/wasm-interpreter.js |  1890 +++
 .../test/mjsunit/wasm/wasm-module-builder.js  |    16 +-
 deps/v8/test/test262/BUILD.gn                 |     1 +
 .../test262/harness-abstractmodulesource.js   |     5 +
 .../decorators/private-auto-accessor.js       |   106 +
 .../local-tests/test/staging/features.txt     |     9 +-
 deps/v8/test/test262/test262.status           |   156 +-
 deps/v8/test/test262/testcfg.py               |     9 +-
 deps/v8/test/unittests/BUILD.gn               |     1 +
 .../unittests/api/deserialize-unittest.cc     |    24 +-
 .../assembler/disasm-riscv-unittest.cc        |    10 +
 .../assembler/macro-assembler-x64-unittest.cc |    12 +-
 deps/v8/test/unittests/base/cpu-unittest.cc   |     1 -
 .../base/doubly-threaded-list-unittest.cc     |     1 -
 .../unittests/codegen/code-pages-unittest.cc  |    14 +-
 ...aft-instruction-selector-arm64-unittest.cc |   472 +-
 ...turboshaft-instruction-selector-unittest.h |    43 +
 .../unittests/compiler/compiler-unittest.cc   |   264 +-
 .../test/unittests/compiler/function-tester.h |     6 +-
 .../compiler/run-jscalls-unittest.cc          |     4 +-
 .../turboshaft/snapshot-table-unittest.cc     |     1 -
 .../compiler/turboshaft/wasm-simd-unittest.cc |   186 +
 ...shaft-instruction-selector-x64-unittest.cc |     9 +-
 .../execution/microtask-queue-unittest.cc     |     4 +-
 .../execution/pointer-auth-arm64-unittest.cc  |    12 +-
 .../unittests/heap/base/bytes-unittest.cc     |    30 +-
 .../conservative-stack-visitor-unittest.cc    |    39 +-
 .../embedder-roots-handler-unittest.cc        |     1 +
 .../unified-heap-snapshot-unittest.cc         |    36 +
 .../heap/cppgc-js/unified-heap-unittest.cc    |     3 +
 .../heap/cppgc/gc-invoker-unittest.cc         |    10 +-
 .../heap/cppgc/heap-growing-unittest.cc       |    14 +-
 .../heap/cppgc/metric-recorder-unittest.cc    |     2 +-
 .../unittests/heap/direct-handles-unittest.cc |     2 +-
 .../test/unittests/heap/gc-tracer-unittest.cc |     5 +-
 .../unittests/heap/global-handles-unittest.cc |     2 +
 deps/v8/test/unittests/heap/heap-unittest.cc  |    10 +-
 .../heap/index-generator-unittest.cc          |     6 +-
 .../unittests/heap/local-factory-unittest.cc  |    27 +-
 .../unittests/heap/local-handles-unittest.cc  |     4 +-
 .../unittests/heap/local-heap-unittest.cc     |     8 +-
 .../heap/persistent-handles-unittest.cc       |     6 +-
 .../unittests/heap/shared-heap-unittest.cc    |    20 +-
 .../heap/strong-root-allocator-unittest.cc    |     4 +-
 .../bytecode_expectations/AsyncModules.golden |   174 +-
 .../CallLookupSlot.golden                     |     2 +-
 .../bytecode_expectations/Eval.golden         |     2 +-
 .../bytecode_expectations/ForAwaitOf.golden   |    68 +-
 .../bytecode_expectations/ForOfLoop.golden    |    36 +-
 .../bytecode_expectations/LookupSlot.golden   |    10 +-
 .../PrivateAccessorAccess.golden              |     8 +-
 .../PrivateMethodAccess.golden                |     4 +-
 .../StandardForLoop.golden                    |    40 +-
 .../StaticPrivateMethodAccess.golden          |    30 +-
 .../constant-array-builder-unittest.cc        |     2 +-
 .../interpreter/interpreter-unittest.cc       |    12 +-
 ...mics-synchronization-primitive-unittest.cc |    14 +-
 .../unittests/maglev/node-type-unittest.cc    |     2 +-
 .../test/unittests/numbers/bigint-unittest.cc |     4 +-
 .../unittests/numbers/conversions-unittest.cc |   255 +-
 .../concurrent-feedback-vector-unittest.cc    |     2 +-
 .../objects/concurrent-js-array-unittest.cc   |     4 +-
 .../objects/concurrent-prototype-unittest.cc  |     6 +-
 .../concurrent-transition-array-unittest.cc   |     8 +-
 .../objects/elements-kind-unittest.cc         |     6 +-
 .../objects/feedback-vector-unittest.cc       |    36 +-
 .../unittests/objects/hashcode-unittest.cc    |     8 +-
 .../test/unittests/objects/object-unittest.cc |    56 +-
 .../objects/value-serializer-unittest.cc      |    18 +-
 .../objects/wasm-backing-store-unittest.cc    |    10 +-
 .../unittests/objects/weakmaps-unittest.cc    |     4 +
 .../unittests/objects/weaksets-unittest.cc    |     2 +
 .../test/unittests/parser/parsing-unittest.cc |   492 +-
 .../unittests/parser/preparser-unittest.cc    |     6 +-
 .../v8/test/unittests/regexp/regexp-fuzzer.cc |     4 +-
 .../test/unittests/regexp/regexp-unittest.cc  |    93 +-
 .../regress/regress-crbug-1056054-unittest.cc |     2 +-
 .../unittests/strings/unicode-unittest.cc     |     1 +
 .../temporal/temporal-parser-unittest.cc      |    26 +-
 deps/v8/test/unittests/test-helpers.cc        |     5 +-
 .../torque/earley-parser-unittest.cc          |     5 +-
 .../test/unittests/torque/torque-unittest.cc  |     8 +-
 .../unittests/torque/torque-utils-unittest.cc |    10 +-
 deps/v8/test/unittests/unittests.status       |     6 +
 .../wasm/memory-protection-unittest.cc        |     6 +-
 .../unittests/wasm/simd-shuffle-unittest.cc   |    75 +
 deps/v8/third_party/abseil-cpp/BUILD.gn       |    15 +
 .../abseil-cpp/CMake/AbseilDll.cmake          |     5 +-
 .../abseil-cpp/CMake/AbseilHelpers.cmake      |    23 +-
 .../CMake/install_test_project/test.sh        |     9 +-
 deps/v8/third_party/abseil-cpp/MODULE.bazel   |     4 +-
 .../v8/third_party/abseil-cpp/README.chromium |     2 +-
 deps/v8/third_party/abseil-cpp/WORKSPACE      |    32 +-
 deps/v8/third_party/abseil-cpp/absl.gni       |     2 +
 .../abseil-cpp/absl/algorithm/algorithm.h     |     4 +-
 .../absl/algorithm/algorithm_test.cc          |    16 +-
 .../abseil-cpp/absl/algorithm/container.h     |   119 +-
 .../absl/algorithm/container_test.cc          |   211 +-
 .../abseil-cpp/absl/base/BUILD.bazel          |    41 +
 .../third_party/abseil-cpp/absl/base/BUILD.gn |    26 +
 .../abseil-cpp/absl/base/CMakeLists.txt       |    39 +
 .../abseil-cpp/absl/base/attributes.h         |    10 +-
 .../third_party/abseil-cpp/absl/base/config.h |     2 +-
 .../abseil-cpp/absl/base/internal/sysinfo.cc  |    14 +
 .../absl/base/internal/thread_identity.h      |     6 +-
 .../abseil-cpp/absl/base/internal/tracing.cc  |    39 +
 .../abseil-cpp/absl/base/internal/tracing.h   |    81 +
 .../absl/base/internal/tracing_strong_test.cc |   117 +
 .../absl/base/internal/tracing_weak_test.cc   |    34 +
 .../abseil-cpp/absl/container/BUILD.bazel     |     1 +
 .../abseil-cpp/absl/container/BUILD.gn        |     1 +
 .../abseil-cpp/absl/container/CMakeLists.txt  |     1 +
 .../abseil-cpp/absl/container/flat_hash_map.h |    18 +-
 .../abseil-cpp/absl/container/flat_hash_set.h |    18 +-
 .../container/internal/container_memory.h     |     1 +
 .../absl/container/internal/raw_hash_set.h    |    87 +-
 .../container/internal/raw_hash_set_test.cc   |    67 +
 .../abseil-cpp/absl/container/node_hash_map.h |    18 +-
 .../abseil-cpp/absl/container/node_hash_set.h |    18 +-
 .../debugging/internal/stack_consumption.h    |     2 +-
 .../abseil-cpp/absl/debugging/leak_check.cc   |     2 +-
 .../abseil-cpp/absl/flags/BUILD.bazel         |     5 +-
 .../abseil-cpp/absl/log/BUILD.bazel           |     2 +
 .../abseil-cpp/absl/log/internal/BUILD.bazel  |     2 +
 .../abseil-cpp/absl/random/BUILD.bazel        |     1 +
 .../abseil-cpp/absl/strings/BUILD.bazel       |     1 -
 .../abseil-cpp/absl/strings/BUILD.gn          |     1 -
 .../abseil-cpp/absl/strings/CMakeLists.txt    |     1 -
 .../abseil-cpp/absl/strings/ascii.cc          |    37 +-
 .../abseil-cpp/absl/strings/ascii.h           |    34 +-
 .../absl/strings/ascii_benchmark.cc           |    28 +
 .../abseil-cpp/absl/strings/ascii_test.cc     |     4 +
 .../abseil-cpp/absl/strings/cord.h            |     7 +-
 .../abseil-cpp/absl/strings/cord_test.cc      |    26 +-
 .../absl/strings/internal/cord_internal.h     |    48 +-
 .../absl/strings/internal/cord_rep_btree.h    |     4 +-
 .../strings/internal/has_absl_stringify.h     |    54 -
 .../absl/synchronization/BUILD.bazel          |     7 +
 .../abseil-cpp/absl/synchronization/BUILD.gn  |    97 +-
 .../absl/synchronization/CMakeLists.txt       |     7 +
 .../absl/synchronization/blocking_counter.cc  |    26 +-
 .../absl/synchronization/blocking_counter.h   |     6 +
 .../synchronization/blocking_counter_test.cc  |    66 +
 .../internal/create_thread_identity.cc        |     6 +-
 .../absl/synchronization/notification.cc      |    12 +-
 .../absl/synchronization/notification.h       |    12 +-
 .../absl/synchronization/notification_test.cc |    93 +
 .../abseil-cpp/symbols_arm64_dbg.def          |    55 +-
 .../abseil-cpp/symbols_arm64_rel.def          |    26 +-
 .../abseil-cpp/symbols_x64_dbg.def            |    55 +-
 .../abseil-cpp/symbols_x64_rel.def            |    26 +-
 .../abseil-cpp/symbols_x64_rel_asan.def       |    48 +-
 .../abseil-cpp/symbols_x86_dbg.def            |    55 +-
 .../abseil-cpp/symbols_x86_rel.def            |    26 +-
 .../fp16/src/include/fp16/bitcasts.h          |    10 +-
 .../crdtp/json_platform_v8.cc                 |     3 +-
 deps/v8/third_party/zlib/chromeconf.h         |     3 -
 deps/v8/third_party/zlib/crc32_simd.c         |     2 +-
 .../third_party/zlib/google/zip_unittest.cc   |     5 +-
 .../tools/builtins-pgo/download_profiles.py   |   417 +-
 .../builtins-pgo/download_profiles_test.py    |   167 +-
 .../debug_helper/debug-helper-internal.h      |     1 +
 .../debug_helper/get-object-properties.cc     |    13 +-
 deps/v8/tools/gdbinit                         |     2 +-
 deps/v8/tools/grokdump.py                     |   223 +-
 deps/v8/tools/lldb_commands.py                |     2 +-
 deps/v8/tools/release/common_includes.py      |    10 +-
 deps/v8/tools/testrunner/local/variants.py    |     2 +-
 deps/v8/tools/v8windbg/src/js-stack.h         |     1 -
 .../wasm/mjsunit-module-disassembler-impl.h   |     2 +-
 deps/v8/tools/wasm/module-inspector.cc        |     3 +-
 1270 files changed, 69516 insertions(+), 18938 deletions(-)
 delete mode 100644 deps/v8/src/base/optional.h
 create mode 100644 deps/v8/src/builtins/builtins-abstract-module-source.cc
 create mode 100644 deps/v8/src/codegen/riscv/constant-riscv-zicond.h
 create mode 100644 deps/v8/src/codegen/riscv/extension-riscv-zicond.cc
 create mode 100644 deps/v8/src/codegen/riscv/extension-riscv-zicond.h
 create mode 100644 deps/v8/src/common/segmented-table-inl.h
 create mode 100644 deps/v8/src/common/segmented-table.h
 create mode 100644 deps/v8/src/compiler/turboshaft/string-view.h
 create mode 100644 deps/v8/src/wasm/interpreter/OWNERS
 create mode 100644 deps/v8/src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc
 create mode 100644 deps/v8/src/wasm/interpreter/instruction-handlers.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-inl.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-objects-inl.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-objects.cc
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-objects.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-runtime-inl.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.cc
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.h
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter-simd.cc
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter.cc
 create mode 100644 deps/v8/src/wasm/interpreter/wasm-interpreter.h
 create mode 100644 deps/v8/src/wasm/interpreter/x64/interpreter-builtins-x64.cc
 create mode 100644 deps/v8/test/debugger/debug/compiler/regress-354005322.js
 create mode 100644 deps/v8/test/mjsunit/comparison-throws-feedback.js
 create mode 100644 deps/v8/test/mjsunit/compiler/regress-359729268.js
 create mode 100644 deps/v8/test/mjsunit/harmony/await-using-count-ticks.js
 create mode 100644 deps/v8/test/mjsunit/harmony/shadowrealm-skip-4-throw-string.mjs
 create mode 100644 deps/v8/test/mjsunit/harmony/shadowrealm-type-error-copy.js
 create mode 100644 deps/v8/test/mjsunit/harmony/shadowrealm-type-error-prepare-stack-trace.js
 create mode 100644 deps/v8/test/mjsunit/maglev/api-setter-poly.js
 create mode 100644 deps/v8/test/mjsunit/maglev/api-setter.js
 create mode 100644 deps/v8/test/mjsunit/maglev/context-object-tracking.js
 create mode 100644 deps/v8/test/mjsunit/maglev/equals-number-boolean.js
 create mode 100644 deps/v8/test/mjsunit/maglev/escape-loop-inline-call.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-353877558.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-353928356.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-354324160.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-354758514.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-354800079.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-355493915.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-356491694.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-356901453.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-356913463.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-356965810.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-357496257.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-358071281.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-358399787.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress-358998538.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-355484345.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-356913290.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-356913462.js
 create mode 100644 deps/v8/test/mjsunit/maglev/regress/regress-356917015.js
 create mode 100644 deps/v8/test/mjsunit/maglev/strict-equals-number-boolean.js
 rename deps/v8/test/mjsunit/{regress/wasm/regress-331358160.js => regress-352402518.js} (53%)
 create mode 100644 deps/v8/test/mjsunit/regress-352414652.js
 create mode 100644 deps/v8/test/mjsunit/regress-352673356.js
 create mode 100644 deps/v8/test/mjsunit/regress-352739458.js
 create mode 100644 deps/v8/test/mjsunit/regress-353561476.js
 create mode 100644 deps/v8/test/mjsunit/regress-354310130.js
 create mode 100644 deps/v8/test/mjsunit/regress-4530868594868224.js
 create mode 100644 deps/v8/test/mjsunit/regress-class-initializer-eval.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-1.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-2.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-3.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-4.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-5.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-352690885-6.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-355683663.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-357651585.js
 create mode 100644 deps/v8/test/mjsunit/regress/regress-359618508.js
 delete mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-336358915-a.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-349402547.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-353913485.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-354324155-2.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-354324155.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-355493919.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-357977718.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-359949835.js
 create mode 100644 deps/v8/test/mjsunit/regress/wasm/regress-360044696.js
 create mode 100644 deps/v8/test/mjsunit/strictequals-feedback.js
 create mode 100644 deps/v8/test/mjsunit/test-scopeinfo-reuse-eval.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/check-float64-is-nan.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-identical-heap-number-fields.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-regexp.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-1.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-2.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async-await-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-if.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-infinite-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-if.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-multi-if.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-no-forward-edge.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-untagged-phis.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-nested-loops.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-straight-line.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop-2-yields.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-nested-loop.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-1.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-2.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/get-template-object.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/holey-float64-phi-to-smi.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/literal-nan-hole-deopt.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-1.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-2.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-355016861.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356194021.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356436621.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356649152.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356720579.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356901359.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913279.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-1.js
 create mode 100644 deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-2.js
 delete mode 100644 deps/v8/test/mjsunit/turboshaft/turboshaft-instruction-selection.js
 delete mode 100644 deps/v8/test/mjsunit/turboshaft/type-inference.js
 create mode 100644 deps/v8/test/mjsunit/value-helper.js
 create mode 100644 deps/v8/test/mjsunit/wasm/deopt/deopt-many-results.js
 create mode 100644 deps/v8/test/mjsunit/wasm/module-prototype.js
 create mode 100644 deps/v8/test/mjsunit/wasm/module-source.js
 create mode 100644 deps/v8/test/mjsunit/wasm/runtime-gc-objects.js
 create mode 100644 deps/v8/test/mjsunit/wasm/simd-wasm-interpreter.js
 delete mode 100644 deps/v8/test/mjsunit/wasm/stack-switching-new-api.js
 create mode 100644 deps/v8/test/mjsunit/wasm/turboshaft/reduction-shuffle.js
 create mode 100644 deps/v8/test/mjsunit/wasm/wasm-interpreter-memory-grow.js
 create mode 100644 deps/v8/test/mjsunit/wasm/wasm-interpreter.js
 create mode 100644 deps/v8/test/test262/harness-abstractmodulesource.js
 create mode 100644 deps/v8/test/test262/local-tests/test/staging/decorators/private-auto-accessor.js
 create mode 100644 deps/v8/test/unittests/compiler/turboshaft/wasm-simd-unittest.cc
 create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.cc
 create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.h
 create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_strong_test.cc
 create mode 100644 deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_weak_test.cc
 delete mode 100644 deps/v8/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h

diff --git a/deps/v8/.editorconfig b/deps/v8/.editorconfig
index 9d08a1a828a3bd..0a4c9a6c2f0f6d 100644
--- a/deps/v8/.editorconfig
+++ b/deps/v8/.editorconfig
@@ -1,9 +1,9 @@
-root = true
+# editorconfig.org
 
 [*]
 charset = utf-8
-indent_style = space
-indent_size = 2
 end_of_line = lf
+indent_size = 2
+indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
diff --git a/deps/v8/.gitignore b/deps/v8/.gitignore
index e805b2aabfeacc..62b74b99cae7dc 100644
--- a/deps/v8/.gitignore
+++ b/deps/v8/.gitignore
@@ -88,8 +88,8 @@
 !/third_party/test262-harness
 !/third_party/v8
 !/third_party/wasm-api
-/tools/builtins-pgo/profiles/*.profile
-/tools/builtins-pgo/profiles/profiles_version
+/tools/builtins-pgo/profiles/*
+!/tools/builtins-pgo/profiles/.*
 /tools/clang
 /tools/gcmole/bootstrap
 /tools/gcmole/gcmole-tools
diff --git a/deps/v8/AUTHORS b/deps/v8/AUTHORS
index e53a6577c54950..38c0f069211911 100644
--- a/deps/v8/AUTHORS
+++ b/deps/v8/AUTHORS
@@ -143,11 +143,11 @@ Henrique Ferreiro <henrique.ferreiro@gmail.com>
 Helmut Januschka <helmut@januschka.com>
 Hirofumi Mako <mkhrfm@gmail.com>
 Hisham Muhammad <hisham@gobolinux.org>
-Ho Cheung <uioptt24@gmail.com>
 Honggyu Kim <honggyu.kp@gmail.com>
 Huáng Jùnliàng <jlhwung@gmail.com>
 HyeockJin Kim <kherootz@gmail.com>
 Iain Ireland <iireland@mozilla.com>
+Ilya Gavrilin <ilya.gavrilin@syntacore.com>
 Ingvar Stepanyan <me@rreverser.com>
 Ioseb Dzmanashvili <ioseb.dzmanashvili@gmail.com>
 Isiah Meadows <impinball@gmail.com>
@@ -170,6 +170,7 @@ Joel Stanley <joel@jms.id.au>
 Johan Bergström <johan@bergstroem.nu>
 Johan Levin <johan13@gmail.com>
 John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
+Jojo R <rjiejie@gmail.com>
 Jonathan Liu <net147@gmail.com>
 Juan Arboleda <soyjuanarbol@gmail.com>
 Julien Brianceau <jbriance@cisco.com>
@@ -205,6 +206,7 @@ Matt Hanselman <mjhanselman@gmail.com>
 Matthew Sporleder <msporleder@gmail.com>
 Maxim Mazurok <maxim@mazurok.com>
 Maxim Mossienko <maxim.mossienko@gmail.com>
+Md Hasibul Hasan <hasibulhasan873@gmail.com>
 Meir Shpilraien <meir@redis.com>
 Michael Lutz <michi@icosahedron.de>
 Michael Mclaughlin <m8ch88l@gmail.com>
@@ -312,6 +314,7 @@ Yuxiang Cao <caoyxsh@outlook.com>
 Zac Hansen <xaxxon@gmail.com>
 Zeynep Cankara <zeynepcankara402@gmail.com>
 Zhao Jiazhong <kyslie3100@gmail.com>
+Zhaojun Meng <zhaojun.meng@gmail.com>
 Zheng Liu <i6122f@gmail.com>
 Zhongping Wang <kewpie.w.zp@gmail.com>
 柳荣一 <admin@web-tinker.com>
diff --git a/deps/v8/BUILD.bazel b/deps/v8/BUILD.bazel
index 0718b28b052946..f2b2f4da0f8164 100644
--- a/deps/v8/BUILD.bazel
+++ b/deps/v8/BUILD.bazel
@@ -43,7 +43,6 @@ load(":bazel/v8-non-pointer-compression.bzl", "v8_binary_non_pointer_compression
 # v8_enable_concurrent_marking
 # v8_enable_conservative_stack_scanning
 # v8_enable_direct_handle
-# v8_enable_direct_local
 # v8_enable_local_off_stack_check
 # v8_enable_ignition_dispatch_counting
 # v8_enable_builtins_optimization
@@ -208,6 +207,49 @@ v8_flag(
     default = True,
 )
 
+v8_flag(
+    name = "v8_enable_drumbrake",
+    default = False,
+)
+
+v8_flag(
+    name = "v8_enable_drumbrake_tracing",
+    default = False,
+)
+
+selects.config_setting_group(
+    name = "enable_drumbrake_x64",
+    match_all = [
+        ":is_v8_enable_drumbrake",
+        "@v8//bazel/config:v8_target_x64",
+    ],
+)
+
+selects.config_setting_group(
+    name = "enable_drumbrake_arm64",
+    match_all = [
+        ":is_v8_enable_drumbrake",
+        "@v8//bazel/config:v8_target_arm64",
+    ],
+)
+
+selects.config_setting_group(
+    name = "is_drumbrake_trap_handling_platform",
+    match_any = [
+        "@v8//bazel/config:is_linux",
+        "@v8//bazel/config:is_macos",
+        "@v8//bazel/config:is_windows",
+    ],
+)
+
+selects.config_setting_group(
+    name = "v8_drumbrake_bounds_checks",
+    match_all = [
+        ":enable_drumbrake_x64",
+        ":is_drumbrake_trap_handling_platform",
+    ],
+)
+
 v8_flag(
     name = "v8_jitless",
     default = False,
@@ -411,6 +453,8 @@ v8_config(
         "v8_enable_verify_heap": "VERIFY_HEAP",
         "v8_enable_verify_predictable": "VERIFY_PREDICTABLE",
         "v8_enable_webassembly": "V8_ENABLE_WEBASSEMBLY",
+        "v8_enable_drumbrake": "V8_ENABLE_DRUMBRAKE",
+        "v8_enable_drumbrake_tracing": "V8_ENABLE_DRUMBRAKE_TRACING",
         "v8_jitless": "V8_JITLESS",
         "v8_enable_vtunejit": "ENABLE_VTUNE_JIT_INTERFACE",
     },
@@ -518,7 +562,13 @@ v8_config(
             "V8_ENABLE_DOUBLE_CONST_STORE_CHECK",
         ],
         "//conditions:default": [],
+    }) + select({
+        "v8_drumbrake_bounds_checks": [
+            "V8_DRUMBRAKE_BOUNDS_CHECKS"
+        ],
+        "//conditions:default": [],
     }),
+
     deps = [":default"],
 )
 
@@ -757,7 +807,6 @@ filegroup(
         "src/base/numbers/strtod.h",
         "src/base/once.cc",
         "src/base/once.h",
-        "src/base/optional.h",
         "src/base/overflowing-math.h",
         "src/base/page-allocator.cc",
         "src/base/page-allocator.h",
@@ -1268,6 +1317,7 @@ filegroup(
         "src/builtins/builtins.cc",
         "src/builtins/builtins-inl.h",
         "src/builtins/builtins.h",
+        "src/builtins/builtins-abstract-module-source.cc",
         "src/builtins/builtins-api.cc",
         "src/builtins/builtins-array.cc",
         "src/builtins/builtins-arraybuffer.cc",
@@ -1402,6 +1452,8 @@ filegroup(
         "src/common/ptr-compr.cc",
         "src/common/ptr-compr.h",
         "src/common/ptr-compr-inl.h",
+        "src/common/segmented-table.h",
+        "src/common/segmented-table-inl.h",
         "src/common/simd128.h",
         "src/compiler-dispatcher/lazy-compile-dispatcher.cc",
         "src/compiler-dispatcher/lazy-compile-dispatcher.h",
@@ -2916,6 +2968,21 @@ filegroup(
             "src/wasm/wrappers.cc",
         ],
         "//conditions:default": [],
+    }) + select({
+        ":is_v8_enable_drumbrake": [
+            "src/wasm/interpreter/instruction-handlers.h",
+            "src/wasm/interpreter/wasm-interpreter.cc",
+            "src/wasm/interpreter/wasm-interpreter.h",
+            "src/wasm/interpreter/wasm-interpreter-inl.h",
+            "src/wasm/interpreter/wasm-interpreter-objects.cc",
+            "src/wasm/interpreter/wasm-interpreter-objects-inl.h",
+            "src/wasm/interpreter/wasm-interpreter-objects.h",
+            "src/wasm/interpreter/wasm-interpreter-runtime.cc",
+            "src/wasm/interpreter/wasm-interpreter-runtime-inl.h",
+            "src/wasm/interpreter/wasm-interpreter-runtime.h",
+            "src/wasm/interpreter/wasm-interpreter-simd.cc",
+        ],
+        "//conditions:default": [],
     }),
 )
 
@@ -3307,6 +3374,7 @@ filegroup(
         "src/compiler/turboshaft/store-store-elimination-phase.cc",
         "src/compiler/turboshaft/store-store-elimination-phase.h",
         "src/compiler/turboshaft/store-store-elimination-reducer-inl.h",
+        "src/compiler/turboshaft/string-view.h",
         "src/compiler/turboshaft/structural-optimization-reducer.h",
         "src/compiler/turboshaft/tracing.h",
         "src/compiler/turboshaft/type-assertions-phase.cc",
@@ -3579,6 +3647,14 @@ filegroup(
             "src/builtins/builtins-wasm-gen.h",
         ],
         "//conditions:default": [],
+    }) + select({
+        ":enable_drumbrake_x64": [
+            "src/wasm/interpreter/x64/interpreter-builtins-x64.cc"
+        ],
+        ":enable_drumbrake_arm64": [
+            "src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc"
+        ],
+        "//conditions:default": [],
     }),
 )
 
diff --git a/deps/v8/BUILD.gn b/deps/v8/BUILD.gn
index 92e8541951384f..19e0d2b584790e 100644
--- a/deps/v8/BUILD.gn
+++ b/deps/v8/BUILD.gn
@@ -11,6 +11,7 @@ import("//build/config/mips.gni")
 import("//build/config/riscv.gni")
 import("//build/config/sanitizers/sanitizers.gni")
 import("//build_overrides/build.gni")
+import("//third_party/icu/config.gni")
 
 import("gni/snapshot_toolchain.gni")
 import("gni/v8.gni")
@@ -141,11 +142,6 @@ declare_args() {
   # Enable code-generation-time checking of types in the CodeStubAssembler.
   v8_enable_verify_csa = false
 
-  # Enable pointer compression (sets -dV8_COMPRESS_POINTERS).
-  v8_enable_pointer_compression = ""
-  v8_enable_pointer_compression_shared_cage = ""
-  v8_enable_31bit_smis_on_64bit_arch = false
-
   # Sets -dOBJECT_PRINT.
   v8_enable_object_print = ""
 
@@ -339,6 +335,9 @@ declare_args() {
   # Sets -DV8_ENABLE_SANDBOX.
   v8_enable_sandbox = ""
 
+  # Explicitly disable leaptiering (on builds where it would otherwise be enabled).
+  v8_disable_leaptiering = ""
+
   # Enable the memory corruption API. Useful for testing the sandbox.
   # The memory corruption API is only exposed to JavaScript if sandbox testing
   # mode is enabled at runtime, for example via --sandbox-fuzzing.
@@ -391,6 +390,19 @@ declare_args() {
   # This is only used by nodejs.
   v8_scriptormodule_legacy_lifetime = false
 
+  # WebAssembly interpreter (DrumBrake)  build flag.
+  v8_enable_drumbrake = false
+
+  # Enable Wasm interpreter tracing.
+  v8_enable_drumbrake_tracing = false
+
+  # On non-Desktop platforms, enable explicit bounds checks in the Wasm
+  # interpreter, where the bounds checking is done in the instruction handler,
+  # not using an unhandled exception filter (which also doesn't work with Win-ASAN).
+  v8_drumbrake_bounds_checks =
+      (is_win && (is_asan || is_ubsan || is_msan || is_tsan)) ||
+      !(is_win || is_linux || is_mac) || v8_current_cpu != "x64"
+
   # Enables pointer compression for 8GB heaps.
   # Sets -DV8_COMPRESS_POINTERS_8GB.
   v8_enable_pointer_compression_8gb = ""
@@ -429,6 +441,9 @@ declare_args() {
   # ReadOnlySpace.
   v8_enable_extensible_ro_snapshot = true
 
+  # Enable Turboshaft CSA pipeline.
+  v8_enable_turboshaft_csa = false
+
   # Use sticky mark-bits for separating object generations.
   v8_enable_sticky_mark_bits = false
 
@@ -477,9 +492,11 @@ if (v8_enable_debug_code == "") {
 if (v8_enable_snapshot_native_code_counters == "") {
   v8_enable_snapshot_native_code_counters = v8_enable_debugging_features
 }
-if (v8_enable_pointer_compression == "") {
-  v8_enable_pointer_compression =
-      v8_current_cpu == "arm64" || v8_current_cpu == "x64"
+
+if (v8_enable_drumbrake && v8_enable_webassembly) {
+  assert(
+      is_drumbrake_supported,
+      "DrumBrake is only available on x64, arm64 on Windows, Linux and MacOS.")
 }
 
 # Toggle pointer compression for correctness fuzzing when building the
@@ -586,6 +603,10 @@ if (v8_enable_sandbox == "") {
                       v8_enable_external_code_space && target_os != "fuchsia"
 }
 
+if (v8_disable_leaptiering == "") {
+  v8_disable_leaptiering = false
+}
+
 if (v8_enable_static_roots == "") {
   # Static roots are only valid for builds with pointer compression and a
   # shared read-only heap.
@@ -886,7 +907,7 @@ external_v8_defines = [
   "V8_MAP_PACKING",
   "V8_IS_TSAN",
   "V8_ENABLE_CONSERVATIVE_STACK_SCANNING",
-  "V8_ENABLE_DIRECT_LOCAL",
+  "V8_ENABLE_DIRECT_HANDLE",
   "V8_MINORMS_STRING_SHORTCUTTING",
   "V8_HAVE_TARGET_OS",
   "V8_TARGET_OS_ANDROID",
@@ -940,8 +961,8 @@ if (is_tsan) {
 if (v8_enable_conservative_stack_scanning) {
   enabled_external_v8_defines += [ "V8_ENABLE_CONSERVATIVE_STACK_SCANNING" ]
 }
-if (v8_enable_direct_local) {
-  enabled_external_v8_defines += [ "V8_ENABLE_DIRECT_LOCAL" ]
+if (v8_enable_direct_handle) {
+  enabled_external_v8_defines += [ "V8_ENABLE_DIRECT_HANDLE" ]
 }
 if (v8_shortcut_strings_in_minor_ms) {
   enabled_external_v8_defines += [ "V8_MINORMS_STRING_SHORTCUTTING" ]
@@ -1258,6 +1279,15 @@ config("features") {
   if (v8_advanced_bigint_algorithms) {
     defines += [ "V8_ADVANCED_BIGINT_ALGORITHMS" ]
   }
+  if (v8_enable_drumbrake) {
+    defines += [ "V8_ENABLE_DRUMBRAKE" ]
+    if (v8_enable_drumbrake_tracing) {
+      defines += [ "V8_ENABLE_DRUMBRAKE_TRACING" ]
+    }
+    if (v8_drumbrake_bounds_checks) {
+      defines += [ "V8_DRUMBRAKE_BOUNDS_CHECKS" ]
+    }
+  }
   if (v8_enable_memory_corruption_api) {
     defines += [ "V8_ENABLE_MEMORY_CORRUPTION_API" ]
   }
@@ -1291,9 +1321,6 @@ config("features") {
   if (v8_enable_builtin_jump_table_switch) {
     defines += [ "V8_ENABLE_BUILTIN_JUMP_TABLE_SWITCH" ]
   }
-  if (v8_enable_direct_handle) {
-    defines += [ "V8_ENABLE_DIRECT_HANDLE" ]
-  }
   if (v8_enable_extensible_ro_snapshot) {
     defines += [ "V8_ENABLE_EXTENSIBLE_RO_SNAPSHOT" ]
   }
@@ -1306,6 +1333,9 @@ config("features") {
   if (v8_enable_experimental_tsa_builtins) {
     defines += [ "V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS" ]
   }
+  if (v8_disable_leaptiering) {
+    defines += [ "V8_DISABLE_LEAPTIERING" ]
+  }
 }
 
 config("toolchain") {
@@ -1445,6 +1475,9 @@ config("toolchain") {
     if (!is_clang) {
       cflags += [ "-ffp-contract=off" ]
     }
+    if (riscv_use_sv39) {
+      defines += [ "RISCV_USE_SV39" ]
+    }
   }
 
   if (v8_current_cpu == "riscv32") {
@@ -2420,6 +2453,15 @@ template("run_mksnapshot") {
 
     sources = []
 
+    if (icu_use_data_file) {
+      deps += [ "//third_party/icu:copy_icudata" ]
+      if (host_byteorder == "big") {
+        sources += [ "$root_out_dir/icudtb.dat" ]
+      } else {
+        sources += [ "$root_out_dir/icudtl.dat" ]
+      }
+    }
+
     outputs = []
 
     data = []
@@ -2479,6 +2521,10 @@ template("run_mksnapshot") {
       }
     }
 
+    if (v8_enable_turboshaft_csa) {
+      args += [ "--turboshaft-csa" ]
+    }
+
     # This is needed to distinguish between generating code for the simulator
     # and cross-compiling. The latter may need to run code on the host with the
     # simulator but cannot use simulator-specific instructions.
@@ -2720,7 +2766,6 @@ action("v8_dump_build_config") {
     "debugging_features=$v8_enable_debugging_features",
     "dict_property_const_tracking=$v8_dict_property_const_tracking",
     "direct_handle=$v8_enable_direct_handle",
-    "direct_local=$v8_enable_direct_local",
     "disassembler=$v8_enable_disassembler",
     "full_debug=$is_full_debug",
     "gdbjit=$v8_enable_gdbjit",
@@ -2728,6 +2773,7 @@ action("v8_dump_build_config") {
     "has_maglev=$v8_enable_maglev",
     "has_turbofan=$v8_enable_turbofan",
     "has_webassembly=$v8_enable_webassembly",
+    "has_wasm_interpreter=$v8_enable_drumbrake",
     "i18n=$v8_enable_i18n_support",
     "is_android=$is_android",
     "is_ios=$is_ios",
@@ -2777,7 +2823,6 @@ generated_file("v8_generate_features_json") {
     v8_enable_conservative_stack_scanning =
         v8_enable_conservative_stack_scanning
     v8_enable_direct_handle = v8_enable_direct_handle
-    v8_enable_direct_local = v8_enable_direct_local
     v8_enable_extensible_ro_snapshot = v8_enable_extensible_ro_snapshot
     v8_enable_gdbjit = v8_enable_gdbjit
     v8_enable_hugepage = v8_enable_hugepage
@@ -2960,6 +3005,15 @@ v8_source_set("v8_initializers") {
       "src/builtins/builtins-wasm-gen.cc",
       "src/builtins/builtins-wasm-gen.h",
     ]
+
+    if (v8_enable_drumbrake) {
+      if (v8_current_cpu == "x64") {
+        sources += [ "src/wasm/interpreter/x64/interpreter-builtins-x64.cc" ]
+      } else if (v8_current_cpu == "arm64") {
+        sources +=
+            [ "src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc" ]
+      }
+    }
   }
 
   if (v8_current_cpu == "x86") {
@@ -3324,6 +3378,8 @@ v8_header_set("v8_internal_headers") {
     "src/common/operation.h",
     "src/common/ptr-compr-inl.h",
     "src/common/ptr-compr.h",
+    "src/common/segmented-table-inl.h",
+    "src/common/segmented-table.h",
     "src/common/simd128.h",
     "src/compiler-dispatcher/lazy-compile-dispatcher.h",
     "src/compiler-dispatcher/optimizing-compile-dispatcher.h",
@@ -3521,6 +3577,7 @@ v8_header_set("v8_internal_headers") {
     "src/compiler/turboshaft/stack-check-lowering-reducer.h",
     "src/compiler/turboshaft/store-store-elimination-phase.h",
     "src/compiler/turboshaft/store-store-elimination-reducer-inl.h",
+    "src/compiler/turboshaft/string-view.h",
     "src/compiler/turboshaft/structural-optimization-reducer.h",
     "src/compiler/turboshaft/tracing.h",
     "src/compiler/turboshaft/type-assertions-phase.h",
@@ -4395,6 +4452,18 @@ v8_header_set("v8_internal_headers") {
       "src/wasm/wasm-value.h",
       "src/wasm/well-known-imports.h",
     ]
+
+    if (v8_enable_drumbrake) {
+      sources += [
+        "src/wasm/interpreter/instruction-handlers.h",
+        "src/wasm/interpreter/wasm-interpreter-inl.h",
+        "src/wasm/interpreter/wasm-interpreter-objects-inl.h",
+        "src/wasm/interpreter/wasm-interpreter-objects.h",
+        "src/wasm/interpreter/wasm-interpreter-runtime-inl.h",
+        "src/wasm/interpreter/wasm-interpreter-runtime.h",
+        "src/wasm/interpreter/wasm-interpreter.h",
+      ]
+    }
   }
 
   if (v8_enable_wasm_simd256_revec) {
@@ -4739,6 +4808,7 @@ v8_header_set("v8_internal_headers") {
       "src/codegen/riscv/constant-riscv-f.h",
       "src/codegen/riscv/constant-riscv-m.h",
       "src/codegen/riscv/constant-riscv-v.h",
+      "src/codegen/riscv/constant-riscv-zicond.h",
       "src/codegen/riscv/constant-riscv-zicsr.h",
       "src/codegen/riscv/constant-riscv-zifencei.h",
       "src/codegen/riscv/constants-riscv.h",
@@ -4750,6 +4820,7 @@ v8_header_set("v8_internal_headers") {
       "src/codegen/riscv/extension-riscv-inl.h",
       "src/codegen/riscv/extension-riscv-m.h",
       "src/codegen/riscv/extension-riscv-v.h",
+      "src/codegen/riscv/extension-riscv-zicond.h",
       "src/codegen/riscv/extension-riscv-zicsr.h",
       "src/codegen/riscv/extension-riscv-zifencei.h",
       "src/codegen/riscv/interface-descriptors-riscv-inl.h",
@@ -5284,6 +5355,7 @@ v8_source_set("v8_base_without_compiler") {
     "src/baseline/baseline.cc",
     "src/baseline/bytecode-offset-iterator.cc",
     "src/builtins/accessors.cc",
+    "src/builtins/builtins-abstract-module-source.cc",
     "src/builtins/builtins-api.cc",
     "src/builtins/builtins-array.cc",
     "src/builtins/builtins-arraybuffer.cc",
@@ -5861,6 +5933,15 @@ v8_source_set("v8_base_without_compiler") {
         "src/wasm/fuzzing/random-module-generation.cc",
       ]
     }
+
+    if (v8_enable_drumbrake) {
+      sources += [
+        "src/wasm/interpreter/wasm-interpreter-objects.cc",
+        "src/wasm/interpreter/wasm-interpreter-runtime.cc",
+        "src/wasm/interpreter/wasm-interpreter-simd.cc",
+        "src/wasm/interpreter/wasm-interpreter.cc",
+      ]
+    }
   }
 
   if (v8_enable_third_party_heap) {
@@ -6101,6 +6182,7 @@ v8_source_set("v8_base_without_compiler") {
       "src/codegen/riscv/extension-riscv-f.cc",
       "src/codegen/riscv/extension-riscv-m.cc",
       "src/codegen/riscv/extension-riscv-v.cc",
+      "src/codegen/riscv/extension-riscv-zicond.cc",
       "src/codegen/riscv/extension-riscv-zicsr.cc",
       "src/codegen/riscv/extension-riscv-zifencei.cc",
       "src/codegen/riscv/macro-assembler-riscv.cc",
@@ -6140,6 +6222,7 @@ v8_source_set("v8_base_without_compiler") {
       "src/codegen/riscv/extension-riscv-f.cc",
       "src/codegen/riscv/extension-riscv-m.cc",
       "src/codegen/riscv/extension-riscv-v.cc",
+      "src/codegen/riscv/extension-riscv-zicond.cc",
       "src/codegen/riscv/extension-riscv-zicsr.cc",
       "src/codegen/riscv/extension-riscv-zifencei.cc",
       "src/codegen/riscv/macro-assembler-riscv.cc",
@@ -6462,7 +6545,6 @@ v8_component("v8_libbase") {
     "src/base/numbers/strtod.h",
     "src/base/once.cc",
     "src/base/once.h",
-    "src/base/optional.h",
     "src/base/overflowing-math.h",
     "src/base/page-allocator.cc",
     "src/base/page-allocator.h",
diff --git a/deps/v8/DEPS b/deps/v8/DEPS
index 6b06081f88e887..4208189f466a67 100644
--- a/deps/v8/DEPS
+++ b/deps/v8/DEPS
@@ -39,6 +39,9 @@ vars = {
   # Fetch clang-tidy into the same bin/ directory as our clang binary.
   'checkout_clang_tidy': False,
 
+  # Fetch clangd into the same bin/ directory as our clang binary.
+  'checkout_clangd': False,
+
   # Fetch and build V8 builtins with PGO profiles
   'checkout_v8_builtins_pgo_profiles': False,
 
@@ -57,7 +60,7 @@ vars = {
   'checkout_fuchsia_no_hooks': False,
 
   # reclient CIPD package version
-  'reclient_version': 're_client_version:0.150.1.d9707319-gomaip',
+  'reclient_version': 're_client_version:0.157.0.d2566cec-gomaip',
 
   # Fetch configuration files required for the 'use_remoteexec' gn arg
   'download_remoteexec_cfg': False,
@@ -73,22 +76,22 @@ vars = {
   'build_with_chromium': False,
 
   # GN CIPD package version.
-  'gn_version': 'git_revision:b2afae122eeb6ce09c52d63f67dc53fc517dbdc8',
+  'gn_version': 'git_revision:54f5b539df8c4e460b18c62a11132d77b5601136',
 
   # ninja CIPD package version
-  # https://chrome-infra-packages.appspot.com/p/infra/3pp/build_support/ninja-1_11_1/
-  'ninja_version': 'version:2@1.11.1.chromium.2',
+  # https://chrome-infra-packages.appspot.com/p/infra/3pp/tools/ninja
+  'ninja_version': 'version:2@1.12.1.chromium.4',
 
   # siso CIPD package version
-  'siso_version': 'git_revision:50a6db5dae3978d2d2e8dce29f6df024dde48d1b',
+  'siso_version': 'git_revision:87262779ecc3482c8c60b070404b225107212d0d',
 
   # luci-go CIPD package version.
-  'luci_go': 'git_revision:771ea9a614a104c71655f699ef82219a2a474817',
+  'luci_go': 'git_revision:ad7b787aa0ee53a81bc88fb4f7fee7a3ff1e8c29',
 
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling Fuchsia sdk
   # and whatever else without interference from each other.
-  'fuchsia_version': 'version:22.20240717.4.1',
+  'fuchsia_version': 'version:23.20240815.4.1',
 
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling android_sdk_build-tools_version
@@ -121,14 +124,14 @@ vars = {
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling android_sdk_tools-lint_version
   # and whatever else without interference from each other.
-  'android_sdk_cmdline-tools_version': 'mU9jm4LkManzjSzRquV1UIA7fHBZ2pK7NtbCXxoVnVUC',
+  'android_sdk_cmdline-tools_version': 'fv6JzkTqfxfIbmsRC8u1b2y0EQO7yQDMDzY3-g0NVu4C',
 }
 
 deps = {
   'build':
-    Var('chromium_url') + '/chromium/src/build.git' + '@' + '7a8285c06acd753e6228263f48e5595e20ca1577',
+    Var('chromium_url') + '/chromium/src/build.git' + '@' + '7a468ed1849454cffabf4a64110c24e6f1da2c51',
   'buildtools':
-    Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '3ef44a2b92d5dd1faa5189a06f3a5febe6db2d58',
+    Var('chromium_url') + '/chromium/src/buildtools.git' + '@' + '60a590902cf146c282f15242401bd8543256e2a2',
   'buildtools/linux64': {
     'packages': [
       {
@@ -174,7 +177,7 @@ deps = {
   'test/mozilla/data':
     Var('chromium_url') + '/v8/deps/third_party/mozilla-tests.git' + '@' + 'f6c578a10ea707b1a8ab0b88943fe5115ce2b9be',
   'test/test262/data':
-    Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + 'b01075d87cf48f69a468d75a0eb7c372902965c7',
+    Var('chromium_url') + '/external/github.com/tc39/test262.git' + '@' + 'bcb42e339dbac06f2f9902046b1fbf62562e0cd3',
   'third_party/android_platform': {
     'url': Var('chromium_url') + '/chromium/src/third_party/android_platform.git' + '@' + '6337c445f9963ec3914e7e0c5787941d07b46509',
     'condition': 'checkout_android',
@@ -221,22 +224,22 @@ deps = {
     'packages': [
       {
         'package': 'chromium/third_party/android_toolchain/android_toolchain',
-        'version': 'h9HeidXTeHQ-oskldbqCZx26-7VrVvXpLfqOI87uy4QC',
+        'version': 'Idl-vYnWGnM8K3XJhM3h6zjYVDXlnljVz3FE00V9IM8C',
       },
     ],
     'condition': 'checkout_android',
     'dep_type': 'cipd',
   },
   'third_party/boringssl': {
-    'url': Var('chromium_url') + '/chromium/src/third_party/boringssl.git' + '@' + '35f4fcbdeae229a56fd50320dc03ae6de407aca4',
+    'url': Var('chromium_url') + '/chromium/src/third_party/boringssl.git' + '@' + '4d98a91cde88f349b96f4018c00053b6699ffd88',
     'condition': "checkout_centipede_deps",
   },
   'third_party/boringssl/src': {
-    'url': Var('boringssl_url') + '/boringssl.git' + '@' +  'f01108e4761e1d4189cb134322c3cb01dc71ef87',
+    'url': Var('boringssl_url') + '/boringssl.git' + '@' +  '11f334121fd0d13830fefdf08041183da2d30ef3',
     'condition': "checkout_centipede_deps",
   },
   'third_party/catapult': {
-    'url': Var('chromium_url') + '/catapult.git' + '@' + '16999365265c9850d7b5c46e53ddd52aca56f8dc',
+    'url': Var('chromium_url') + '/catapult.git' + '@' + '799e21b232f23f6c1391abfd44fe8ab1dd95bd9b',
     'condition': 'checkout_android',
   },
   'third_party/clang-format/script':
@@ -250,7 +253,7 @@ deps = {
     'condition': 'checkout_android',
   },
   'third_party/depot_tools':
-    Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + 'cdcdd6efeec145eb246eeac20c78f2c55c9d393e',
+    Var('chromium_url') + '/chromium/tools/depot_tools.git' + '@' + '0bc7c4832e4f2d453e4826c9a2e1197e11bd6ec7',
   'third_party/fp16/src':
     Var('chromium_url') + '/external/github.com/Maratyszcza/FP16.git' + '@' + '0a92994d729ff76a58f692d3028ca1b64b145d91',
   'third_party/fuchsia-gn-sdk': {
@@ -280,7 +283,7 @@ deps = {
   'third_party/fuzztest/src':
     Var('chromium_url') + '/external/github.com/google/fuzztest.git' + '@' + '32eb84a95951fa3a0148fb3e6a1a02f830ded136',
   'third_party/googletest/src':
-    Var('chromium_url') + '/external/github.com/google/googletest.git' + '@' + 'cee1ba1f24fb12b9ae8f31e70dca3f73dbb12cc2',
+    Var('chromium_url') + '/external/github.com/google/googletest.git' + '@' + 'ff233bdd4cac0a0bf6e5cd45bda3406814cb2796',
   'third_party/highway/src':
     Var('chromium_url') + '/external/github.com/google/highway.git' + '@' + '8295336dd70f1201d42c22ab5b0861de38cf8fbf',
   'third_party/icu':
@@ -300,125 +303,153 @@ deps = {
   'third_party/jsoncpp/source':
     Var('chromium_url') + '/external/github.com/open-source-parsers/jsoncpp.git'+ '@' + '42e892d96e47b1f6e29844cc705e148ec4856448',
   'third_party/libc++/src':
-    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxx.git' + '@' + '6bb75caa139ee1e686d2205910454cf6ea212e58',
+    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxx.git' + '@' + 'f801c947082a3e0a4b48780303526b73905f6ecd',
   'third_party/libc++abi/src':
-    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxxabi.git' + '@' + 'a3c7d3e2f3e1e724b4651891b1a71257cbd88acc',
+    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libcxxabi.git' + '@' + 'eb6567388e89d9730c76dee71d68ac82e4a1abf6',
   'third_party/libunwind/src':
-    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + 'd09db732ff68f40fd3581306c650b17ea1955b4e',
+    Var('chromium_url') + '/external/github.com/llvm/llvm-project/libunwind.git' + '@' + '116c20dae60d84a77005697cf29f72783f81b0f9',
   'third_party/llvm-build/Release+Asserts': {
     'dep_type': 'gcs',
     'bucket': 'chromium-browser-clang',
     'objects': [
       {
-        'object_name': 'Linux_x64/clang-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '2c48fb44f408328f59482a1dafb2143bb8b6b04be23f407600117e6f6d4fa437',
-        'size_bytes': 51489572,
-        'generation': 1721105679311662,
+        'object_name': 'Linux_x64/clang-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '32ac9d9864a6bd99242f1a97778b3a074ac1151ce3eca369903f2ef5337c787a',
+        'size_bytes': 52250752,
+        'generation': 1723267014378582,
         'condition': 'host_os == "linux"',
       },
       {
-        'object_name': 'Linux_x64/clang-tidy-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '3570497c3c507be0f8f4c0aa149a57fc600ed49252da42676996ea651df05e60',
-        'size_bytes': 13081104,
-        'generation': 1721105679453016,
+        'object_name': 'Linux_x64/clang-tidy-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '5fd3fb73ceef73593fa09f8228283aec9f7798b648bf450e87f071a097be213b',
+        'size_bytes': 13217676,
+        'generation': 1723267014627839,
         'condition': 'host_os == "linux" and checkout_clang_tidy',
       },
       {
-        'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'dd6f1c05d5fe244b4524af86e6aa20de2d730f7d7e01fe4002b5aa72347b7658',
-        'size_bytes': 2357488,
-        'generation': 1721105679795112,
+        'object_name': 'Linux_x64/clangd-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '6e1fe97f8b7131591233d8a2df1ff289ffb878c3fc6834c978a86273f7c00b6b',
+        'size_bytes': 26125984,
+        'generation': 1723267014767012,
+        'condition': 'host_os == "linux" and checkout_clangd',
+      },
+      {
+        'object_name': 'Linux_x64/llvm-code-coverage-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'ef317481472926d3e2a82e2d2a02cde78685002b4c9923df476108906022d792',
+        'size_bytes': 2374748,
+        'generation': 1723267015213805,
         'condition': 'host_os == "linux" and checkout_clang_coverage_tools',
       },
       {
-        'object_name': 'Linux_x64/llvmobjdump-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'a93d8b39ac573376a2db77b04f014d8751375de8c70ee16ca4713e5da467c5ec',
-        'size_bytes': 5387304,
-        'generation': 1721105679641287,
+        'object_name': 'Linux_x64/llvmobjdump-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '02be68f7c7c7bf679e1abff2745306b8385275017c89b2b13f638a941785f8c5',
+        'size_bytes': 5386480,
+        'generation': 1723267014930087,
         'condition': '(checkout_linux or checkout_mac or checkout_android and host_os != "mac")',
       },
       {
-        'object_name': 'Mac/clang-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '04956a3db535f4cf1ab0a6e40383cbb5db7d6ee09721e31a706d230af206eaa0',
-        'size_bytes': 46446976,
-        'generation': 1721105680965575,
+        'object_name': 'Mac/clang-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '5df8a609a7d2511343fbc20af1de3ed1682c3703fc074f21af1bf8bc2f58e491',
+        'size_bytes': 47200408,
+        'generation': 1723267016534642,
         'condition': 'host_os == "mac" and host_cpu == "x64"',
       },
       {
-        'object_name': 'Mac/clang-mac-runtime-library-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'c684d46962bd39f785a143c2b28a0400c6e6d41a610a04ad6982f7513b930a35',
-        'size_bytes': 865444,
-        'generation': 1721105687851327,
+        'object_name': 'Mac/clang-mac-runtime-library-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'ffc72ff3fca85f31340c164aab480bd2babfaa6219ff12e93b81f0056309da55',
+        'size_bytes': 869616,
+        'generation': 1723267034708598,
         'condition': 'checkout_mac and not host_os == "mac"',
       },
       {
-        'object_name': 'Mac/clang-tidy-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '1bcfd396959c5f0e835e33f7bd15f29b2a1b1b27c619480dab767d034da48098',
-        'size_bytes': 12650532,
-        'generation': 1721105681146275,
+        'object_name': 'Mac/clang-tidy-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'd02b9a39491d2ff3a291778de87b2a72f5885d01a8093518cb5612b97353ac2a',
+        'size_bytes': 12805336,
+        'generation': 1723267016822831,
         'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_tidy',
       },
       {
-        'object_name': 'Mac/llvm-code-coverage-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'dbaf0d0bc4d19be0a9bd033b94033a2e9f826f8ed4ec3e9e6fa732ca3b4f1b6f',
-        'size_bytes': 2234200,
-        'generation': 1721105681470376,
+        'object_name': 'Mac/clangd-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'ce09141be75350f0f932fcda14d8b906d2869674d79ef5a10a3e60a9a8d3ccee',
+        'size_bytes': 26372428,
+        'generation': 1723267016957114,
+        'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clangd',
+      },
+      {
+        'object_name': 'Mac/llvm-code-coverage-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'c0ac62ff01f1ce6e5d30134cb0f83fd8eabf858dfb33d07209a6b40d8f1ae789',
+        'size_bytes': 2248664,
+        'generation': 1723267017743181,
         'condition': 'host_os == "mac" and host_cpu == "x64" and checkout_clang_coverage_tools',
       },
       {
-        'object_name': 'Mac_arm64/clang-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '3d8d0a32604b9c8f9add4865d4e2b4950607d2a201bcd1c3de9e67e2998f1a84',
-        'size_bytes': 42076344,
-        'generation': 1721105689042846,
+        'object_name': 'Mac_arm64/clang-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'f4a384ecdaa051ba4786c9e6c46f9101a751b1a5c5ad4bf0d217c4ba71e0ff30',
+        'size_bytes': 42737720,
+        'generation': 1723267036349494,
         'condition': 'host_os == "mac" and host_cpu == "arm64"',
       },
       {
-        'object_name': 'Mac_arm64/clang-tidy-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '12524e94777f1d78489f58bcd966a341c8a61dca56175c7d6e8835240b2dcade',
-        'size_bytes': 11612984,
-        'generation': 1721105689155910,
+        'object_name': 'Mac_arm64/clang-tidy-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '2769378fd2891af945f8d29b5eaf05b4ab0450b2d086539df1c78c684e64be14',
+        'size_bytes': 11740656,
+        'generation': 1723267036269250,
         'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_tidy',
       },
       {
-        'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '85db7e11d059902cd2c3d04e1d0380524d0ef4bf6ec3c93f0afdfd663d8b2a64',
-        'size_bytes': 2005884,
-        'generation': 1721105689448152,
+        'object_name': 'Mac_arm64/clangd-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'a35dfb99903a487e06d685712e461125978c76ba8eaa99e9f5742e63d3e67444',
+        'size_bytes': 23470088,
+        'generation': 1723267036383208,
+        'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clangd',
+      },
+      {
+        'object_name': 'Mac_arm64/llvm-code-coverage-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '574a0d7c560aae964d8bdcd85f0145077b1324e79eee4a3dd1636ab7aefc59e5',
+        'size_bytes': 2010540,
+        'generation': 1723267036758678,
         'condition': 'host_os == "mac" and host_cpu == "arm64" and checkout_clang_coverage_tools',
       },
       {
-        'object_name': 'Win/clang-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '34ba04b75548fdce4b3d2ba9dc8320a11afb0cad8622d537c1cf37f1c5587bab',
-        'size_bytes': 41800448,
-        'generation': 1721105697679553,
+        'object_name': 'Win/clang-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'e255af29c29a741cf39c3000b612466ff805a99766d26ac86ec2afcb4ca0c922',
+        'size_bytes': 44019080,
+        'generation': 1723267056892790,
         'condition': 'host_os == "win"',
       },
       {
-        'object_name': 'Win/clang-tidy-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': '41fe89c54964a6a8efb66c398dbf763e8a4aca6a675c6f4d15a94c5236ba1ab7',
-        'size_bytes': 12869556,
-        'generation': 1721105697770165,
+        'object_name': 'Win/clang-tidy-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'a86aa579fc90a053b94874a8c79daeb7f3bbd77107fb460c6d0a7959cefb7e61',
+        'size_bytes': 13055812,
+        'generation': 1723267057185720,
         'condition': 'host_os == "win" and checkout_clang_tidy',
       },
       {
-        'object_name': 'Win/clang-win-runtime-library-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'ce7886ecbfb129660a14cc11c4eacd6a2ef6488b36a88a7afb71a8cd22277da0',
-        'size_bytes': 2842872,
-        'generation': 1721105704724295,
+        'object_name': 'Win/clang-win-runtime-library-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '6d89f358769ef50d008194e0ab9e8d4d80b8d6ffc0095ed44aef925d900aa743',
+        'size_bytes': 2873772,
+        'generation': 1723267074433695,
         'condition': 'checkout_win and not host_os == "win"',
       },
       {
-        'object_name': 'Win/llvm-code-coverage-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'e5778f9a2fa59936676579b01b3b576d8c545b72e5261c47a36751d4f1f6b61a',
-        'size_bytes': 2357104,
-        'generation': 1721105698068261,
+        'object_name': 'Win/clangd-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'e2b69a726f794005a333ae66a0ef5c0258872a19bc4506eff23f23fdee75ba5c',
+        'size_bytes': 25053884,
+        'generation': 1723267057351794,
+       'condition': 'host_os == "win" and checkout_clangd',
+      },
+      {
+        'object_name': 'Win/llvm-code-coverage-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': 'e68e7c7ecbc7b2fc4f7ec3e97565a7f12bab1d195d22bc76959f3a88b1462ac1',
+        'size_bytes': 2376020,
+        'generation': 1723267057803475,
         'condition': 'host_os == "win" and checkout_clang_coverage_tools',
       },
       {
-        'object_name': 'Win/llvmobjdump-llvmorg-19-init-14561-gecea8371-3.tar.xz',
-        'sha256sum': 'ad7d9162e1632b5c64188f95362318f0d31e09002be0615df847f2c23cddef4c',
-        'size_bytes': 5362484,
-        'generation': 1721105697937832,
+        'object_name': 'Win/llvmobjdump-llvmorg-20-init-1009-g7088a5ed-10.tar.xz',
+        'sha256sum': '801714415847b8efea7252b1072b8647f92ba0e946480b3db9b156900e42ab55',
+        'size_bytes': 5392812,
+        'generation': 1723267057506056,
         'condition': 'checkout_linux or checkout_mac or checkout_android and host_os == "win"',
       },
     ],
@@ -430,7 +461,7 @@ deps = {
   'third_party/ninja': {
     'packages': [
       {
-        'package': 'infra/3pp/build_support/ninja-1_11_1/${{platform}}',
+        'package': 'infra/3pp/tools/ninja/${{platform}}',
         'version': Var('ninja_version'),
       }
     ],
@@ -439,7 +470,7 @@ deps = {
   },
   'third_party/perfetto':
     Var('android_url') + '/platform/external/perfetto.git' + '@' + '6fc824d618d2f06b5d9cd8655ba0419b6b3b366e',
-  'third_party/protobuf_chrome':
+  'third_party/protobuf':
     Var('chromium_url') + '/chromium/src/third_party/protobuf.git' + '@' + 'da2fe725b80ac0ba646fbf77d0ce5b4ac236f823',
   'third_party/re2/src':
     Var('chromium_url') + '/external/github.com/google/re2.git' + '@' + '6dcd83d60f7944926bfd308cc13979fc53dd69ca',
@@ -458,9 +489,9 @@ deps = {
     'condition': 'not build_with_chromium and host_cpu != "s390" and host_os != "zos" and host_cpu != "ppc"',
   },
   'third_party/zlib':
-    Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + 'c2469fdd73f192383d2d94288da0ff5b9a3869f5',
+    Var('chromium_url') + '/chromium/src/third_party/zlib.git'+ '@' + 'd3aea2341cdeaf7e717bc257a59aa7a9407d318a',
   'tools/clang':
-    Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + '4dc76da47b1145e53e508a23c1bf2204cf5ee7ee',
+    Var('chromium_url') + '/chromium/src/tools/clang.git' + '@' + '63b7be17f8981d716ea9a0d65bb04654d79548a8',
   'tools/luci-go': {
       'packages': [
         {
@@ -478,7 +509,7 @@ deps = {
   'tools/protoc_wrapper':
     Var('chromium_url') + '/chromium/src/tools/protoc_wrapper.git' + '@' + 'dbcbea90c20ae1ece442d8ef64e61c7b10e2b013',
   'third_party/abseil-cpp': {
-    'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + '9d1552f25c3d9e9114b7d7aed55790570a99bc4d',
+    'url': Var('chromium_url') + '/chromium/src/third_party/abseil-cpp.git' + '@' + 'ed3733b91e472a1e7a641c1f0c1e6c0ea698e958',
     'condition': 'not build_with_chromium',
   },
   'third_party/zoslib': {
diff --git a/deps/v8/bazel/defs.bzl b/deps/v8/bazel/defs.bzl
index 520a311595e488..6a3c868b002142 100644
--- a/deps/v8/bazel/defs.bzl
+++ b/deps/v8/bazel/defs.bzl
@@ -549,7 +549,6 @@ def build_config_content(cpu, icu):
         ("debugging_features", "false"),
         ("dict_property_const_tracking", "false"),
         ("direct_handle", "false"),
-        ("direct_local", "false"),
         ("disassembler", "false"),
         ("full_debug", "false"),
         ("gdbjit", "false"),
@@ -557,6 +556,7 @@ def build_config_content(cpu, icu):
         ("has_maglev", "true"),
         ("has_turbofan", "true"),
         ("has_webassembly", "false"),
+        ("has_wasm_interpreter", "false"),
         ("i18n", icu),
         ("is_android", "false"),
         ("is_ios", "false"),
diff --git a/deps/v8/build_overrides/build.gni b/deps/v8/build_overrides/build.gni
index 0a1fc3c46d23a6..29acce40046bdf 100644
--- a/deps/v8/build_overrides/build.gni
+++ b/deps/v8/build_overrides/build.gni
@@ -17,15 +17,6 @@ build_with_node = false
 # chromium build.
 perfetto_build_with_embedder = true
 
-# TODO(https://crbug.com/337736622): Perfetto and FuzzTest need to know the
-# path to protobuf targets. V8 stores them in a different location than Chrome
-# until M129. Thereafter, it can move to //third_party/protobuf and these
-# variables can be removed.
-protobuf_target_prefix = "//third_party/protobuf_chrome/"
-perfetto_protobuf_target_prefix = protobuf_target_prefix
-perfetto_protobuf_gni = "//third_party/protobuf_chrome/proto_library.gni"
-perfetto_protobuf_src_dir = "//third_party/protobuf_chrome/src"
-
 # We use Perfetto's Trace Processor to convert traces to the legacy JSON
 # format.
 enable_perfetto_trace_processor = true
diff --git a/deps/v8/gni/v8.gni b/deps/v8/gni/v8.gni
index 9ee57a49806c1b..b606c1b85b06a4 100644
--- a/deps/v8/gni/v8.gni
+++ b/deps/v8/gni/v8.gni
@@ -118,12 +118,9 @@ declare_args() {
   # Scan the call stack conservatively during garbage collection.
   v8_enable_conservative_stack_scanning = false
 
-  # Use direct pointers in internal (direct) handles.
+  # Use direct pointers in handles (v8::internal::Handle and v8::Local).
   v8_enable_direct_handle = ""
 
-  # Use direct pointers in local handles.
-  v8_enable_direct_local = ""
-
   # Check for off-stack allocated local handles.
   v8_enable_local_off_stack_check = false
 
@@ -166,6 +163,11 @@ declare_args() {
   # Location of zlib.
   v8_zlib_path = "//third_party/zlib"
 
+  # Enable pointer compression (sets -dV8_COMPRESS_POINTERS).
+  v8_enable_pointer_compression = ""
+  v8_enable_pointer_compression_shared_cage = ""
+  v8_enable_31bit_smis_on_64bit_arch = false
+
   # Change code emission and runtime features to be CET shadow-stack compliant
   # (incomplete and experimental).
   v8_enable_cet_shadow_stack = false
@@ -209,6 +211,18 @@ if (v8_enable_webassembly == "") {
 assert(!(v8_enable_webassembly && v8_enable_lite_mode),
        "Webassembly is not available in lite mode.")
 
+if (v8_enable_pointer_compression == "") {
+  v8_enable_pointer_compression =
+      v8_current_cpu == "arm64" || v8_current_cpu == "x64"
+}
+
+# The Wasm interpreter is currently supported only on arm64 and x64, on
+# Windows, Linux and MacOS.
+is_drumbrake_supported =
+    v8_enable_webassembly && v8_enable_pointer_compression &&
+    (v8_current_cpu == "x64" || v8_current_cpu == "arm64") &&
+    (target_os == "win" || target_os == "linux" || target_os == "mac")
+
 # Turbofan is enabled by default, except in lite mode.
 if (v8_enable_turbofan == "") {
   v8_enable_turbofan = !v8_enable_lite_mode
@@ -221,9 +235,6 @@ assert(v8_enable_turbofan || !v8_enable_webassembly,
 if (v8_enable_direct_handle == "") {
   v8_enable_direct_handle = v8_enable_conservative_stack_scanning
 }
-if (v8_enable_direct_local == "") {
-  v8_enable_direct_local = v8_enable_conservative_stack_scanning
-}
 
 # Points to // in v8 stand-alone or to //v8/ in chromium. We need absolute
 # paths for all configs in templates as they are shared in different
diff --git a/deps/v8/include/cppgc/garbage-collected.h b/deps/v8/include/cppgc/garbage-collected.h
index 6737c8be49aca4..dfd758a35cfd95 100644
--- a/deps/v8/include/cppgc/garbage-collected.h
+++ b/deps/v8/include/cppgc/garbage-collected.h
@@ -94,6 +94,14 @@ class GarbageCollectedMixin {
  public:
   using IsGarbageCollectedMixinTypeMarker = void;
 
+  // Must use MakeGarbageCollected.
+  void* operator new(size_t) = delete;
+  void* operator new[](size_t) = delete;
+  // The garbage collector is taking care of reclaiming the object.
+  // Not override the non-array varaint of `delete` to not conflict with the
+  // operator in GarbageCollected above.
+  void operator delete[](void*) = delete;
+
   /**
    * This Trace method must be overriden by objects inheriting from
    * GarbageCollectedMixin.
diff --git a/deps/v8/include/cppgc/internal/compiler-specific.h b/deps/v8/include/cppgc/internal/compiler-specific.h
index 595b6398cb720a..175156ca6cbc89 100644
--- a/deps/v8/include/cppgc/internal/compiler-specific.h
+++ b/deps/v8/include/cppgc/internal/compiler-specific.h
@@ -5,6 +5,8 @@
 #ifndef INCLUDE_CPPGC_INTERNAL_COMPILER_SPECIFIC_H_
 #define INCLUDE_CPPGC_INTERNAL_COMPILER_SPECIFIC_H_
 
+#include "v8config.h"  // NOLINT(build/include_directory)
+
 namespace cppgc {
 
 #if defined(__has_attribute)
@@ -21,7 +23,13 @@ namespace cppgc {
 
 // [[no_unique_address]] comes in C++20 but supported in clang with -std >=
 // c++11.
-#if CPPGC_HAS_CPP_ATTRIBUTE(no_unique_address)
+#if defined(V8_CC_MSVC) && CPPGC_HAS_CPP_ATTRIBUTE(msvc::no_unique_address)
+// Unfortunately MSVC ignores [[no_unique_address]] (see
+// https://devblogs.microsoft.com/cppblog/msvc-cpp20-and-the-std-cpp20-switch/#msvc-extensions-and-abi),
+// and clang-cl matches it for ABI compatibility reasons. We need to prefer
+// [[msvc::no_unique_address]] when available if we actually want any effect.
+#define CPPGC_NO_UNIQUE_ADDRESS [[msvc::no_unique_address]]
+#elif CPPGC_HAS_CPP_ATTRIBUTE(no_unique_address)
 #define CPPGC_NO_UNIQUE_ADDRESS [[no_unique_address]]
 #else
 #define CPPGC_NO_UNIQUE_ADDRESS
diff --git a/deps/v8/include/v8-callbacks.h b/deps/v8/include/v8-callbacks.h
index 6096301258719e..7a8f8abeb402d9 100644
--- a/deps/v8/include/v8-callbacks.h
+++ b/deps/v8/include/v8-callbacks.h
@@ -359,7 +359,7 @@ enum class ModuleImportPhase {
  * The import_attributes are import attributes for this request in the form:
  * [key1, value1, key2, value2, ...] where the keys and values are of type
  * v8::String. Note, unlike the FixedArray passed to ResolveModuleCallback and
- * returned from ModuleRequest::GetImportAssertions(), this array does not
+ * returned from ModuleRequest::GetImportAttributes(), this array does not
  * contain the source Locations of the attributes.
  *
  * The embedder must compile, instantiate, evaluate the Module, and
diff --git a/deps/v8/include/v8-fast-api-calls.h b/deps/v8/include/v8-fast-api-calls.h
index 1cd99cb880f023..18466688cf90cb 100644
--- a/deps/v8/include/v8-fast-api-calls.h
+++ b/deps/v8/include/v8-fast-api-calls.h
@@ -589,37 +589,10 @@ struct FastApiCallbackOptions {
 
   v8::Isolate* isolate = nullptr;
 
-  /**
-   * If the callback wants to signal an error condition or to perform an
-   * allocation, it must set options.fallback to true and do an early return
-   * from the fast method. Then V8 checks the value of options.fallback and if
-   * it's true, falls back to executing the SlowCallback, which is capable of
-   * reporting the error (either by throwing a JS exception or logging to the
-   * console) or doing the allocation. It's the embedder's responsibility to
-   * ensure that the fast callback is idempotent up to the point where error and
-   * fallback conditions are checked, because otherwise executing the slow
-   * callback might produce visible side-effects twice.
-   */
-  V8_DEPRECATED(
-      "It is not necessary to use the `fallback` flag anymore, as it is "
-      "possible now to trigger GC, throw exceptions, and call back into "
-      "JavaScript even in API functions called with a fast API call.")
-  bool fallback = false;
-
   /**
    * The `data` passed to the FunctionTemplate constructor, or `undefined`.
    */
   v8::Local<v8::Value> data;
-
-  /**
-   * When called from WebAssembly, a view of the calling module's memory.
-   */
-  V8_DEPRECATED(
-      "The wasm memory should either be provided as a field of the receiver, "
-      "the data object of the FunctionTemplate, or as a normal parameter of "
-      "the API function. Since regular API calls don't have this magic "
-      "`wasm_memory parameter, one of the options above should be possible.")
-  FastApiTypedArray<uint8_t>* const wasm_memory = nullptr;
 };
 
 namespace internal {
diff --git a/deps/v8/include/v8-function-callback.h b/deps/v8/include/v8-function-callback.h
index 7208c19ebf62c6..9ff4c59588df8a 100644
--- a/deps/v8/include/v8-function-callback.h
+++ b/deps/v8/include/v8-function-callback.h
@@ -325,7 +325,7 @@ class PropertyCallbackInfo {
 
   static constexpr int kSize = kArgsLength * internal::kApiSystemPointerSize;
 
-  explicit PropertyCallbackInfo() = default;
+  PropertyCallbackInfo() = default;
 
   mutable internal::Address args_[kArgsLength];
 };
diff --git a/deps/v8/include/v8-function.h b/deps/v8/include/v8-function.h
index 50f730f3929fe5..d28d4b50087c13 100644
--- a/deps/v8/include/v8-function.h
+++ b/deps/v8/include/v8-function.h
@@ -52,6 +52,10 @@ class V8_EXPORT Function : public Object {
       Local<Context> context, int argc, Local<Value> argv[],
       SideEffectType side_effect_type = SideEffectType::kHasSideEffect) const;
 
+  V8_WARN_UNUSED_RESULT MaybeLocal<Value> Call(v8::Isolate* isolate,
+                                               Local<Context> context,
+                                               Local<Value> recv, int argc,
+                                               Local<Value> argv[]);
   V8_WARN_UNUSED_RESULT MaybeLocal<Value> Call(Local<Context> context,
                                                Local<Value> recv, int argc,
                                                Local<Value> argv[]);
diff --git a/deps/v8/include/v8-handle-base.h b/deps/v8/include/v8-handle-base.h
index c2e1947a5dbd61..3075441e997910 100644
--- a/deps/v8/include/v8-handle-base.h
+++ b/deps/v8/include/v8-handle-base.h
@@ -90,7 +90,7 @@ class IndirectHandleBase {
   internal::Address* location_ = nullptr;
 };
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
 /**
  * A base class for abstract handles containing direct pointers.
@@ -130,7 +130,7 @@ class DirectHandleBase {
   internal::Address ptr_ = internal::ValueHelper::kEmpty;
 };
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
 }  // namespace v8::api_internal
 
diff --git a/deps/v8/include/v8-internal.h b/deps/v8/include/v8-internal.h
index 8c385aa10a915b..e53c20253b2aff 100644
--- a/deps/v8/include/v8-internal.h
+++ b/deps/v8/include/v8-internal.h
@@ -946,12 +946,8 @@ class Internals {
       kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize;
   static const int kIsolateTrustedPointerTableOffset =
       kIsolateTrustedCageBaseOffset + kApiSystemPointerSize;
-  static const int kIsolateExternalBufferTableOffset =
-      kIsolateTrustedPointerTableOffset + kTrustedPointerTableSize;
-  static const int kIsolateSharedExternalBufferTableAddressOffset =
-      kIsolateExternalBufferTableOffset + kExternalBufferTableSize;
   static const int kIsolateApiCallbackThunkArgumentOffset =
-      kIsolateSharedExternalBufferTableAddressOffset + kApiSystemPointerSize;
+      kIsolateTrustedPointerTableOffset + kTrustedPointerTableSize;
 #else
   static const int kIsolateApiCallbackThunkArgumentOffset =
       kIsolateCppHeapPointerTableOffset + kExternalPointerTableSize;
@@ -978,7 +974,7 @@ class Internals {
   V(TrueValue, 0xc9)                      \
   V(FalseValue, 0xad)                     \
   V(EmptyString, 0xa1)                    \
-  V(TheHoleValue, 0x741)
+  V(TheHoleValue, 0x791)
 
   using Tagged_t = uint32_t;
   struct StaticReadOnlyRoot {
@@ -986,8 +982,9 @@ class Internals {
     EXPORTED_STATIC_ROOTS_PTR_LIST(DEF_ROOT)
 #undef DEF_ROOT
 
-    static constexpr Tagged_t kFirstStringMap = 0xe5;
-    static constexpr Tagged_t kLastStringMap = 0x47d;
+    // Use 0 for kStringMapLowerBound since string maps are the first maps.
+    static constexpr Tagged_t kStringMapLowerBound = 0;
+    static constexpr Tagged_t kStringMapUpperBound = 0x47d;
 
 #define PLUSONE(...) +1
     static constexpr size_t kNumberOfExportedStaticRoots =
@@ -1556,12 +1553,12 @@ constexpr WrappedIterator<Iterator> operator+(
 // whether direct local support is enabled.
 class ValueHelper final {
  public:
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   static constexpr Address kTaggedNullAddress = 1;
   static constexpr Address kEmpty = kTaggedNullAddress;
 #else
   static constexpr Address kEmpty = kNullAddress;
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static bool IsEmpty(T* value) {
@@ -1577,7 +1574,7 @@ class ValueHelper final {
     return handle.template value<T>();
   }
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
@@ -1592,7 +1589,7 @@ class ValueHelper final {
     return *reinterpret_cast<T**>(slot);
   }
 
-#else  // !V8_ENABLE_DIRECT_LOCAL
+#else  // !V8_ENABLE_DIRECT_HANDLE
 
   template <typename T>
   V8_INLINE static Address ValueAsAddress(const T* value) {
@@ -1604,7 +1601,7 @@ class ValueHelper final {
     return reinterpret_cast<T*>(slot);
   }
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 };
 
 /**
diff --git a/deps/v8/include/v8-isolate.h b/deps/v8/include/v8-isolate.h
index bef9ebbd5568b7..08fcfc40f1f46e 100644
--- a/deps/v8/include/v8-isolate.h
+++ b/deps/v8/include/v8-isolate.h
@@ -937,6 +937,12 @@ class V8_EXPORT Isolate {
    */
   Local<Context> GetIncumbentContext();
 
+  /**
+   * Returns the host defined options set for currently running script or
+   * module, if available.
+   */
+  MaybeLocal<Data> GetCurrentHostDefinedOptions();
+
   /**
    * Schedules a v8::Exception::Error with the given message.
    * See ThrowException for more details. Templatized to provide compile-time
diff --git a/deps/v8/include/v8-local-handle.h b/deps/v8/include/v8-local-handle.h
index 98feeeba76d47a..ef110a083dc3d6 100644
--- a/deps/v8/include/v8-local-handle.h
+++ b/deps/v8/include/v8-local-handle.h
@@ -150,11 +150,11 @@ class V8_EXPORT V8_NODISCARD HandleScope {
 
 /**
  * A base class for local handles.
- * Its implementation depends on whether direct local support is enabled.
+ * Its implementation depends on whether direct handle support is enabled.
  * When it is, a local handle contains a direct pointer to the referenced
  * object, otherwise it contains an indirect pointer.
  */
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
 template <typename T>
 class LocalBase : public api_internal::DirectHandleBase {
@@ -183,7 +183,7 @@ class LocalBase : public api_internal::DirectHandleBase {
   }
 };
 
-#else  // !V8_ENABLE_DIRECT_LOCAL
+#else  // !V8_ENABLE_DIRECT_HANDLE
 
 template <typename T>
 class LocalBase : public api_internal::IndirectHandleBase {
@@ -215,7 +215,7 @@ class LocalBase : public api_internal::IndirectHandleBase {
   }
 };
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
 /**
  * An object reference managed by the v8 garbage collector.
@@ -400,13 +400,13 @@ class V8_TRIVIAL_ABI Local : public LocalBase<T>,
     return Local<T>(LocalBase<T>::FromSlot(slot));
   }
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   friend class TypecheckWitness;
 
   V8_INLINE static Local<T> FromAddress(internal::Address ptr) {
     return Local<T>(LocalBase<T>(ptr));
   }
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
   V8_INLINE static Local<T> New(Isolate* isolate, internal::Address value) {
     return Local<T>(LocalBase<T>::New(isolate, value));
@@ -444,7 +444,7 @@ class V8_TRIVIAL_ABI LocalUnchecked : public Local<T> {
       : Local<T>(other, Local<T>::do_not_check) {}
 };
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 // Off-stack allocated direct locals must be registered as strong roots.
 // For off-stack indirect locals, this is not necessary.
 
@@ -471,7 +471,7 @@ class StrongRootAllocator<LocalUnchecked<T>> : public StrongRootAllocatorBase {
     return deallocate_impl(reinterpret_cast<Address*>(p), n);
   }
 };
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 }  // namespace internal
 
 template <typename T>
@@ -479,7 +479,7 @@ class LocalVector {
  private:
   using element_type = internal::LocalUnchecked<T>;
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   using allocator_type = internal::StrongRootAllocator<element_type>;
 
   static allocator_type make_allocator(Isolate* isolate) noexcept {
@@ -491,7 +491,7 @@ class LocalVector {
   static allocator_type make_allocator(Isolate* isolate) noexcept {
     return allocator_type();
   }
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
   using vector_type = std::vector<element_type, allocator_type>;
 
@@ -715,7 +715,7 @@ class V8_EXPORT V8_NODISCARD EscapableHandleScope
   V8_INLINE ~EscapableHandleScope() = default;
   template <class T>
   V8_INLINE Local<T> Escape(Local<T> value) {
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     return value;
 #else
     if (value.IsEmpty()) return value;
diff --git a/deps/v8/include/v8-object.h b/deps/v8/include/v8-object.h
index d03b33acd7c83e..71a6c2c9c14911 100644
--- a/deps/v8/include/v8-object.h
+++ b/deps/v8/include/v8-object.h
@@ -690,14 +690,17 @@ class V8_EXPORT Object : public Value {
   int GetIdentityHash();
 
   /**
-   * Clone this object with a fast but shallow copy.  Values will point
-   * to the same values as the original object.
+   * Clone this object with a fast but shallow copy. Values will point to the
+   * same values as the original object.
+   *
+   * Prefer using version with Isolate parameter.
    */
-  // TODO(dcarney): take an isolate and optionally bail out?
+  Local<Object> Clone(v8::Isolate* isolate);
   Local<Object> Clone();
 
   /**
    * Returns the context in which the object was created.
+   *
    * Prefer using version with Isolate parameter.
    */
   MaybeLocal<Context> GetCreationContext(v8::Isolate* isolate);
@@ -705,6 +708,7 @@ class V8_EXPORT Object : public Value {
 
   /**
    * Shortcut for GetCreationContext(...).ToLocalChecked().
+   *
    * Prefer using version with Isolate parameter.
    **/
   Local<Context> GetCreationContextChecked(v8::Isolate* isolate);
diff --git a/deps/v8/include/v8-platform.h b/deps/v8/include/v8-platform.h
index 56bfd7274826c0..5110f432077dce 100644
--- a/deps/v8/include/v8-platform.h
+++ b/deps/v8/include/v8-platform.h
@@ -1027,18 +1027,6 @@ class VirtualAddressSpace {
   const PagePermissions max_page_permissions_;
 };
 
-/**
- * V8 Allocator used for allocating zone backings.
- */
-class ZoneBackingAllocator {
- public:
-  using MallocFn = void* (*)(size_t);
-  using FreeFn = void (*)(void*);
-
-  virtual MallocFn GetMallocFn() const { return ::malloc; }
-  virtual FreeFn GetFreeFn() const { return ::free; }
-};
-
 /**
  * Observer used by V8 to notify the embedder about entering/leaving sections
  * with high throughput of malloc/free operations.
@@ -1075,14 +1063,6 @@ class Platform {
     return nullptr;
   }
 
-  /**
-   * Allows the embedder to specify a custom allocator used for zones.
-   */
-  virtual ZoneBackingAllocator* GetZoneBackingAllocator() {
-    static ZoneBackingAllocator default_allocator;
-    return &default_allocator;
-  }
-
   /**
    * Enables the embedder to respond in cases where V8 can't allocate large
    * blocks of memory. V8 retries the failed allocation once after calling this
diff --git a/deps/v8/include/v8-primitive.h b/deps/v8/include/v8-primitive.h
index 1adb9cbcb22515..426bb379099e26 100644
--- a/deps/v8/include/v8-primitive.h
+++ b/deps/v8/include/v8-primitive.h
@@ -388,6 +388,8 @@ class V8_EXPORT String : public Name {
    * regardless of the encoding, otherwise return NULL.  The encoding of the
    * string is returned in encoding_out.
    */
+  V8_INLINE ExternalStringResourceBase* GetExternalStringResourceBase(
+      v8::Isolate* isolate, Encoding* encoding_out) const;
   V8_INLINE ExternalStringResourceBase* GetExternalStringResourceBase(
       Encoding* encoding_out) const;
 
@@ -878,6 +880,28 @@ String::ExternalStringResource* String::GetExternalStringResource() const {
   return result;
 }
 
+String::ExternalStringResourceBase* String::GetExternalStringResourceBase(
+    v8::Isolate* isolate, String::Encoding* encoding_out) const {
+  using A = internal::Address;
+  using I = internal::Internals;
+  A obj = internal::ValueHelper::ValueAsAddress(this);
+  int type = I::GetInstanceType(obj) & I::kStringRepresentationAndEncodingMask;
+  *encoding_out = static_cast<Encoding>(type & I::kStringEncodingMask);
+  ExternalStringResourceBase* resource;
+  if (type == I::kExternalOneByteRepresentationTag ||
+      type == I::kExternalTwoByteRepresentationTag) {
+    A value = I::ReadExternalPointerField<internal::kExternalStringResourceTag>(
+        isolate, obj, I::kStringResourceOffset);
+    resource = reinterpret_cast<ExternalStringResourceBase*>(value);
+  } else {
+    resource = GetExternalStringResourceBaseSlow(encoding_out);
+  }
+#ifdef V8_ENABLE_CHECKS
+  VerifyExternalStringResourceBase(resource, *encoding_out);
+#endif
+  return resource;
+}
+
 String::ExternalStringResourceBase* String::GetExternalStringResourceBase(
     String::Encoding* encoding_out) const {
   using A = internal::Address;
diff --git a/deps/v8/include/v8-profiler.h b/deps/v8/include/v8-profiler.h
index 3451da26ba2d6b..d6741aec760827 100644
--- a/deps/v8/include/v8-profiler.h
+++ b/deps/v8/include/v8-profiler.h
@@ -1109,6 +1109,12 @@ class V8_EXPORT HeapProfiler {
       ObjectNameResolver* global_object_name_resolver = nullptr,
       bool hide_internals = true, bool capture_numeric_value = false);
 
+  /**
+   * Obtains list of Detached JS Wrapper Objects. This functon calls garbage
+   * collection, then iterates over traced handles in the isolate
+   */
+  std::vector<v8::Local<v8::Value>> GetDetachedJSWrapperObjects();
+
   /**
    * Starts tracking of heap objects population statistics. After calling
    * this method, all heap objects relocations done by the garbage collector
diff --git a/deps/v8/include/v8-script.h b/deps/v8/include/v8-script.h
index f4c7412c5bf6e5..c30d42502769c1 100644
--- a/deps/v8/include/v8-script.h
+++ b/deps/v8/include/v8-script.h
@@ -210,7 +210,7 @@ class V8_EXPORT Module : public Data {
 
   using ResolveModuleCallback = MaybeLocal<Module> (*)(
       Local<Context> context, Local<String> specifier,
-      Local<FixedArray> import_assertions, Local<Module> referrer);
+      Local<FixedArray> import_attributes, Local<Module> referrer);
 
   /**
    * Instantiates the module and its dependencies.
diff --git a/deps/v8/include/v8-template.h b/deps/v8/include/v8-template.h
index ba5ff7bff5ada9..7b47c3b6282d24 100644
--- a/deps/v8/include/v8-template.h
+++ b/deps/v8/include/v8-template.h
@@ -9,6 +9,7 @@
 #include <string_view>
 
 #include "v8-data.h"               // NOLINT(build/include_directory)
+#include "v8-exception.h"          // NOLINT(build/include_directory)
 #include "v8-function-callback.h"  // NOLINT(build/include_directory)
 #include "v8-local-handle.h"       // NOLINT(build/include_directory)
 #include "v8-memory-span.h"        // NOLINT(build/include_directory)
@@ -657,6 +658,18 @@ class V8_EXPORT FunctionTemplate : public Template {
    */
   void SetClassName(Local<String> name);
 
+  /**
+   * Set the interface name of the FunctionTemplate. This is provided as
+   * contextual information in an ExceptionPropagationMessage to the embedder.
+   */
+  void SetInterfaceName(Local<String> name);
+
+  /**
+   * Provides information on the type of FunctionTemplate for embedder
+   * exception handling.
+   */
+  void SetExceptionContext(ExceptionContext context);
+
   /**
    * When set to true, no access check will be performed on the receiver of a
    * function call.  Currently defaults to true, but this is subject to change.
diff --git a/deps/v8/include/v8-util.h b/deps/v8/include/v8-util.h
index b7d53f14f75fe4..05ade0a3dd5b44 100644
--- a/deps/v8/include/v8-util.h
+++ b/deps/v8/include/v8-util.h
@@ -182,7 +182,7 @@ class PersistentValueMapBase {
    */
   Local<V> Get(const K& key) {
     V* p = FromVal(Traits::Get(&impl_, key));
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     if (p == nullptr) return Local<V>();
 #endif
     return Local<V>::New(isolate_, p);
diff --git a/deps/v8/include/v8-value.h b/deps/v8/include/v8-value.h
index ac04525d86d759..656b5719eff748 100644
--- a/deps/v8/include/v8-value.h
+++ b/deps/v8/include/v8-value.h
@@ -635,8 +635,9 @@ bool Value::QuickIsString() const {
   A obj = internal::ValueHelper::ValueAsAddress(this);
   if (!I::HasHeapObjectTag(obj)) return false;
 #if V8_STATIC_ROOTS_BOOL && !V8_MAP_PACKING
-  return I::CheckInstanceMapRange(obj, I::StaticReadOnlyRoot::kFirstStringMap,
-                                  I::StaticReadOnlyRoot::kLastStringMap);
+  return I::CheckInstanceMapRange(obj,
+                                  I::StaticReadOnlyRoot::kStringMapLowerBound,
+                                  I::StaticReadOnlyRoot::kStringMapUpperBound);
 #else
   return (I::GetInstanceType(obj) < I::kFirstNonstringType);
 #endif  // V8_STATIC_ROOTS_BOOL
diff --git a/deps/v8/include/v8-version.h b/deps/v8/include/v8-version.h
index ac33d3075e472c..2f396c1c7a6d10 100644
--- a/deps/v8/include/v8-version.h
+++ b/deps/v8/include/v8-version.h
@@ -9,9 +9,9 @@
 // NOTE these macros are used by some of the tool scripts and the build
 // system so their names cannot be changed without changing the scripts.
 #define V8_MAJOR_VERSION 12
-#define V8_MINOR_VERSION 8
-#define V8_BUILD_NUMBER 374
-#define V8_PATCH_LEVEL 33
+#define V8_MINOR_VERSION 9
+#define V8_BUILD_NUMBER 202
+#define V8_PATCH_LEVEL 18
 
 // Use 1 for candidates and 0 otherwise.
 // (Boolean macro values are not supported by all preprocessors.)
diff --git a/deps/v8/include/v8config.h b/deps/v8/include/v8config.h
index 86b41a5b3cf7d3..1b6a37b2dd4154 100644
--- a/deps/v8/include/v8config.h
+++ b/deps/v8/include/v8config.h
@@ -392,8 +392,14 @@ path. Add it with -I<path> to the command line
 # define V8_HAS_ATTRIBUTE_WEAK (__has_attribute(weak))
 
 # define V8_HAS_CPP_ATTRIBUTE_NODISCARD (V8_HAS_CPP_ATTRIBUTE(nodiscard))
+#if defined(V8_CC_MSVC)
+# define V8_HAS_CPP_ATTRIBUTE_NO_UNIQUE_ADDRESS       \
+    (V8_HAS_CPP_ATTRIBUTE(msvc::no_unique_address) || \
+     V8_HAS_CPP_ATTRIBUTE(no_unique_address))
+#else
 # define V8_HAS_CPP_ATTRIBUTE_NO_UNIQUE_ADDRESS \
     (V8_HAS_CPP_ATTRIBUTE(no_unique_address))
+#endif
 
 # define V8_HAS_BUILTIN_ADD_OVERFLOW (__has_builtin(__builtin_add_overflow))
 # define V8_HAS_BUILTIN_ASSUME (__has_builtin(__builtin_assume))
@@ -671,7 +677,7 @@ path. Add it with -I<path> to the command line
 //   V8_NODISCARD Foo() { ... };
 // [[nodiscard]] comes in C++17 but supported in clang with -std >= c++11.
 #if V8_HAS_CPP_ATTRIBUTE_NODISCARD
-#define V8_NODISCARD
+#define V8_NODISCARD [[nodiscard]]
 #else
 #define V8_NODISCARD /* NOT SUPPORTED */
 #endif
@@ -692,7 +698,15 @@ path. Add it with -I<path> to the command line
 // [[no_unique_address]] comes in C++20 but supported in clang with
 // -std >= c++11.
 #if V8_HAS_CPP_ATTRIBUTE_NO_UNIQUE_ADDRESS
+#if defined(V8_CC_MSVC) && V8_HAS_CPP_ATTRIBUTE(msvc::no_unique_address)
+// Unfortunately MSVC ignores [[no_unique_address]] (see
+// https://devblogs.microsoft.com/cppblog/msvc-cpp20-and-the-std-cpp20-switch/#msvc-extensions-and-abi),
+// and clang-cl matches it for ABI compatibility reasons. We need to prefer
+// [[msvc::no_unique_address]] when available if we actually want any effect.
+#define V8_NO_UNIQUE_ADDRESS [[msvc::no_unique_address]]
+#else
 #define V8_NO_UNIQUE_ADDRESS [[no_unique_address]]
+#endif
 #else
 #define V8_NO_UNIQUE_ADDRESS /* NOT SUPPORTED */
 #endif
diff --git a/deps/v8/infra/mb/mb_config.pyl b/deps/v8/infra/mb/mb_config.pyl
index 838e65812faa3a..ce26b4df0a1c91 100644
--- a/deps/v8/infra/mb/mb_config.pyl
+++ b/deps/v8/infra/mb/mb_config.pyl
@@ -70,6 +70,7 @@
       'V8 Linux64 - builder (reclient compare)': 'release_x64_reclient',
       'V8 Linux64 - official - builder': 'official_x64_on_release_branch',
       'V8 Linux64 - debug builder': 'debug_x64',
+      'V8 Linux64 - no leaptiering - debug builder': 'debug_x64_no_leaptiering',
       'V8 Linux64 - no shared cage - debug builder': 'debug_x64_no_shared_cage',
       'V8 Linux64 - external code space - debug - builder': 'debug_x64_external_code_space',
       'V8 Linux64 - custom snapshot - debug builder': 'debug_x64_custom',
@@ -154,43 +155,43 @@
       'V8 Centipede Linux64 ASAN  - release builder':
         'release_x64_asan_centipede',
       'V8 Clusterfuzz Win64 ASAN - release builder':
-        'release_x64_asan_no_lsan_verify_heap',
+        'release_x64_asan_no_lsan_verify_heap_turboshaft_csa',
       # Note this is called a debug builder, but it uses a release build
       # configuration with dchecks (which enables DEBUG in V8), since win-asan
       # debug is not supported.
       'V8 Clusterfuzz Win64 ASAN - debug builder':
-        'release_x64_asan_no_lsan_verify_heap_dchecks',
+        'release_x64_asan_no_lsan_verify_heap_dchecks_turboshaft_csa',
       'V8 Clusterfuzz Mac64 ASAN - release builder':
-          'release_x64_asan_no_lsan_verify_heap',
+          'release_x64_asan_no_lsan_verify_heap_turboshaft_csa',
       'V8 Clusterfuzz Mac64 ASAN - debug builder':
-          'debug_x64_asan_no_lsan_static',
+          'debug_x64_asan_no_lsan_static_turboshaft_csa',
       'V8 Clusterfuzz Linux64 - release builder':
-          'release_x64_correctness_fuzzer',
-      'V8 Clusterfuzz Linux64 - debug builder': 'debug_x64',
+          'release_x64_correctness_fuzzer_turboshaft_csa',
+      'V8 Clusterfuzz Linux64 - debug builder': 'debug_x64_turboshaft_csa',
       'V8 Clusterfuzz Linux64 ASAN no inline - release builder':
-          'release_x64_asan_symbolized_verify_heap',
+          'release_x64_asan_symbolized_verify_heap_turboshaft_csa',
       'V8 Clusterfuzz Linux ASAN no inline - release builder':
-          'release_x86_asan_symbolized_verify_heap',
-      'V8 Clusterfuzz Linux64 ASAN - debug builder': 'debug_x64_asan',
-      'V8 Clusterfuzz Linux ASAN - debug builder': 'debug_x86_asan',
+          'release_x86_asan_symbolized_verify_heap_turboshaft_csa',
+      'V8 Clusterfuzz Linux64 ASAN - debug builder': 'debug_x64_asan_turboshaft_csa',
+      'V8 Clusterfuzz Linux ASAN - debug builder': 'debug_x86_asan_turboshaft_csa',
       'V8 Clusterfuzz Linux64 ASAN arm64 - debug builder':
-          'debug_simulate_arm64_asan',
-      'V8 Clusterfuzz Linux - debug builder': 'debug_x86',
+          'debug_simulate_arm64_asan_turboshaft_csa',
+      'V8 Clusterfuzz Linux - debug builder': 'debug_x86_turboshaft_csa',
       'V8 Clusterfuzz Linux ASAN arm - debug builder':
-          'debug_simulate_arm_asan',
+          'debug_simulate_arm_asan_turboshaft_csa',
       'V8 Clusterfuzz Linux64 CFI - release builder':
-          'release_x64_cfi_clusterfuzz',
+          'release_x64_cfi_clusterfuzz_turboshaft_csa',
       'V8 Clusterfuzz Linux MSAN no origins':
-          'release_simulate_arm64_msan_no_origins',
+          'release_simulate_arm64_msan_no_origins_turboshaft_csa',
       'V8 Clusterfuzz Linux MSAN chained origins':
-          'release_simulate_arm64_msan',
-      'V8 Clusterfuzz Linux64 TSAN - release builder': 'release_x64_tsan',
+          'release_simulate_arm64_msan_turboshaft_csa',
+      'V8 Clusterfuzz Linux64 TSAN - release builder': 'release_x64_tsan_turboshaft_csa',
       'V8 Clusterfuzz Linux64 UBSan - release builder':
-          'release_x64_ubsan_recover',
+          'release_x64_ubsan_recover_turboshaft_csa',
       'V8 Clusterfuzz Linux64 sandbox testing - release builder':
-          'release_x64_sandbox_testing',
+          'release_x64_sandbox_testing_turboshaft_csa',
       'V8 Clusterfuzz Linux64 ASAN sandbox testing - release builder':
-          'release_x64_asan_sandbox_testing',
+          'release_x64_asan_sandbox_testing_turboshaft_csa',
     },
     'client.v8.perf' : {
       # Arm
@@ -273,6 +274,7 @@
       'v8_linux64_asan_centipede_compile_rel': 'release_x64_asan_centipede',
       'v8_linux64_cppgc_non_default_compile_dbg': 'debug_x64_non_default_cppgc',
       'v8_linux64_compile_dbg': 'debug_x64_trybot',
+      'v8_linux64_no_leaptiering_compile_dbg': 'debug_x64_no_leaptiering',
       'v8_linux64_no_shared_cage_compile_dbg': 'debug_x64_no_shared_cage',
       'v8_linux64_coverage_dbg': 'debug_x64_coverage',
       'v8_linux64_coverage_rel': 'release_x64_coverage',
@@ -305,8 +307,8 @@
       'v8_linux64_arm64_no_wasm_compile_dbg': 'debug_arm64_webassembly_disabled',
       'v8_linux64_verify_csa_compile_rel': 'release_x64_verify_csa',
       'v8_linux64_asan_compile_rel': 'release_x64_asan_minimal_symbols',
-      'v8_linux64_sandbox_testing_compile_rel': 'release_x64_sandbox_testing',
-      'v8_linux64_asan_sandbox_testing_compile_rel': 'release_x64_asan_sandbox_testing',
+      'v8_linux64_sandbox_testing_compile_rel': 'release_x64_sandbox_testing_turboshaft_csa',
+      'v8_linux64_asan_sandbox_testing_compile_rel': 'release_x64_asan_sandbox_testing_turboshaft_csa',
       'v8_linux64_cfi_compile_rel': 'release_x64_cfi',
       'v8_linux64_fuzzilli_compile_rel': 'release_x64_fuzzilli',
       'v8_linux64_loong64_compile_rel': 'release_simulate_loong64',
@@ -454,14 +456,15 @@
     # Debug configs for simulators.
     'debug_simulate_arm': [
       'debug_bot', 'simulate_arm'],
-    'debug_simulate_arm_asan': [
-      'debug_bot', 'simulate_arm', 'asan'],
+    'debug_simulate_arm_asan_turboshaft_csa': [
+      'debug_bot', 'simulate_arm', 'asan', 'v8_enable_turboshaft_csa'],
     'debug_simulate_arm_lite': [
       'debug_bot', 'simulate_arm', 'v8_enable_lite_mode'],
     'debug_simulate_arm64': [
       'debug_bot', 'simulate_arm64'],
-    'debug_simulate_arm64_asan': [
-      'debug_bot', 'simulate_arm64', 'asan', 'lsan'],
+    'debug_simulate_arm64_asan_turboshaft_csa': [
+      'debug_bot', 'simulate_arm64', 'asan', 'lsan',
+      'v8_enable_turboshaft_csa'],
 
     # Release configs for simulators.
     'release_simulate_arm_gcmole': [
@@ -487,10 +490,11 @@
       'release_bot', 'simulate_arm64', 'msan'],
     'release_simulate_arm64_msan_minimal_symbols': [
       'release_bot', 'simulate_arm64', 'msan', 'minimal_symbols'],
-    'release_simulate_arm64_msan': [
-      'release_bot', 'simulate_arm64', 'msan'],
-    'release_simulate_arm64_msan_no_origins': [
-      'release_bot', 'simulate_arm64', 'msan_no_origins'],
+    'release_simulate_arm64_msan_no_origins_turboshaft_csa': [
+      'release_bot', 'simulate_arm64', 'msan_no_origins',
+      'v8_enable_turboshaft_csa'],
+    'release_simulate_arm64_msan_turboshaft_csa': [
+      'release_bot', 'simulate_arm64', 'msan', 'v8_enable_turboshaft_csa'],
     'release_simulate_loong64': [
       'release_bot', 'simulate_loong64'],
     'release_simulate_mips64el': [
@@ -582,25 +586,25 @@
       'release_bot', 'x64', 'asan', 'lsan', 'minimal_symbols'],
     'release_x64_asan_no_lsan': [
       'release_bot', 'x64', 'asan'],
-    'release_x64_asan_no_lsan_verify_heap': [
-      'release_bot', 'x64', 'asan', 'v8_verify_heap'],
-    'release_x64_asan_no_lsan_verify_heap': [
-      'release_bot', 'x64', 'asan', 'v8_verify_heap'],
-    'release_x64_asan_no_lsan_verify_heap_dchecks': [
+    'release_x64_asan_no_lsan_verify_heap_turboshaft_csa': [
+      'release_bot', 'x64', 'asan', 'v8_verify_heap',
+      'v8_enable_turboshaft_csa'],
+    'release_x64_asan_no_lsan_verify_heap_dchecks_turboshaft_csa': [
       'release_bot', 'x64', 'asan', 'dcheck_always_on',
-      'v8_enable_slow_dchecks', 'v8_verify_heap'],
-    'release_x64_sandbox_testing': [
-      'release_bot', 'x64', 'symbolized', 'v8_enable_memory_corruption_api'],
-    'release_x64_asan_sandbox_testing': [
+      'v8_enable_slow_dchecks', 'v8_verify_heap', 'v8_enable_turboshaft_csa'],
+    'release_x64_sandbox_testing_turboshaft_csa': [
+      'release_bot', 'x64', 'symbolized', 'v8_enable_memory_corruption_api',
+      'v8_enable_turboshaft_csa'],
+    'release_x64_asan_sandbox_testing_turboshaft_csa': [
       'release_bot', 'x64', 'asan', 'symbolized',
-      'v8_enable_memory_corruption_api'],
-    'release_x64_asan_symbolized_verify_heap': [
+      'v8_enable_memory_corruption_api', 'v8_enable_turboshaft_csa'],
+    'release_x64_asan_symbolized_verify_heap_turboshaft_csa': [
       'release_bot', 'x64', 'asan', 'lsan', 'symbolized',
-      'v8_verify_heap'],
+      'v8_verify_heap', 'v8_enable_turboshaft_csa'],
     'release_x64_cfi': [
       'release_bot', 'x64', 'cfi'],
-    'release_x64_cfi_clusterfuzz': [
-      'release_bot', 'x64', 'cfi_clusterfuzz'],
+    'release_x64_cfi_clusterfuzz_turboshaft_csa': [
+      'release_bot', 'x64', 'cfi_clusterfuzz', 'v8_enable_turboshaft_csa'],
     'release_x64_coverage': [
       'release_bot', 'x64', 'clang_coverage'],
     'release_x64_fuzzilli': [
@@ -610,8 +614,9 @@
       'release_bot', 'x64', 'gcmole'],
     'release_x64_msvc': [
       'release_bot_no_reclient', 'x64', 'minimal_symbols', 'msvc'],
-    'release_x64_correctness_fuzzer' : [
-      'release_bot', 'x64', 'v8_correctness_fuzzer'],
+    'release_x64_correctness_fuzzer_turboshaft_csa' : [
+      'release_bot', 'x64', 'v8_correctness_fuzzer',
+      'v8_enable_turboshaft_csa'],
     'release_x64_disable_runtime_call_stats': [
       'release_bot', 'x64', 'v8_disable_runtime_call_stats'],
     'release_x64_fuchsia': [
@@ -647,12 +652,14 @@
       'release_bot', 'x64', 'tsan', 'disable_concurrent_marking'],
     'release_x64_tsan_minimal_symbols': [
       'release_bot', 'x64', 'tsan', 'minimal_symbols'],
+    'release_x64_tsan_turboshaft_csa': [
+      'release_bot', 'x64', 'tsan', 'v8_enable_turboshaft_csa'],
     'release_x64_ubsan': [
       'release_bot', 'x64', 'ubsan'],
     'release_x64_ubsan_minimal_symbols': [
       'release_bot', 'x64', 'ubsan', 'minimal_symbols'],
-    'release_x64_ubsan_recover': [
-      'release_bot', 'x64', 'ubsan_recover'],
+    'release_x64_ubsan_recover_turboshaft_csa': [
+      'release_bot', 'x64', 'ubsan_recover', 'v8_enable_turboshaft_csa'],
     'release_x64_shared_verify_heap': [
       'release_bot', 'x64', 'shared', 'v8_verify_heap'],
     'release_x64_verify_builtins': [
@@ -678,13 +685,13 @@
     # Debug configs for x64.
     'debug_x64': [
       'debug_bot', 'x64'],
-    'debug_x64_asan': [
-      'debug_bot', 'x64', 'asan', 'lsan'],
+    'debug_x64_asan_turboshaft_csa': [
+      'debug_bot', 'x64', 'asan', 'lsan', 'v8_enable_turboshaft_csa'],
     'debug_x64_asan_centipede': [
       'debug_bot', 'x64', 'asan', 'use_centipede'],
-    'debug_x64_asan_no_lsan_static': [
-      'debug', 'static', 'reclient', 'v8_enable_slow_dchecks', 'v8_optimized_debug',
-      'x64', 'asan'],
+    'debug_x64_asan_no_lsan_static_turboshaft_csa': [
+      'debug', 'static', 'reclient', 'v8_enable_slow_dchecks',
+      'v8_optimized_debug', 'x64', 'asan', 'v8_enable_turboshaft_csa'],
     'debug_x64_conservative_stack_scanning': [
       'debug_bot', 'x64', 'conservative_stack_scanning'],
     'debug_x64_coverage': [
@@ -701,6 +708,8 @@
       'debug_bot_no_reclient', 'x64', 'gcc', 'lld', 'no_custom_libcxx'],
     'debug_x64_header_includes': [
       'debug_bot', 'x64', 'v8_check_header_includes'],
+    'debug_x64_no_leaptiering': [
+      'debug_bot', 'x64', 'v8_disable_leaptiering'],
     'debug_x64_no_shared_cage': [
       'debug_bot', 'x64', 'v8_disable_pointer_compression_shared_cage'],
     'debug_x64_minimal_symbols': [
@@ -717,6 +726,8 @@
       'debug_bot', 'x64', 'v8_enable_sticky_mark_bits'],
     'debug_x64_trybot': [
       'debug_trybot', 'x64'],
+    'debug_x64_turboshaft_csa': [
+      'debug_bot', 'x64', 'v8_enable_turboshaft_csa'],
     'debug_x64_dict_tracking_trybot': [
       'debug_trybot', 'x64', 'v8_enable_dict_property_const_tracking'],
     'debug_x64_trybot_custom': [
@@ -730,8 +741,8 @@
     # Debug configs for x86.
     'debug_x86': [
       'debug_bot', 'x86'],
-    'debug_x86_asan': [
-      'debug_bot', 'x86', 'asan', 'lsan'],
+    'debug_x86_asan_turboshaft_csa': [
+      'debug_bot', 'x86', 'asan', 'lsan', 'v8_enable_turboshaft_csa'],
     'debug_x86_minimal_symbols': [
       'debug_bot', 'x86', 'minimal_symbols'],
     'debug_x86_msvc': [
@@ -740,15 +751,17 @@
       'debug_bot', 'x86', 'v8_no_i18n'],
     'debug_x86_trybot': [
       'debug_trybot', 'x86'],
+    'debug_x86_turboshaft_csa': [
+      'debug_bot', 'x86', 'v8_enable_turboshaft_csa'],
     'debug_x86_vtunejit': [
       'debug_bot', 'x86', 'v8_enable_vtunejit'],
     'full_debug_x86': [
       'debug', 'x86', 'reclient', 'v8_enable_slow_dchecks', 'v8_full_debug'],
 
     # Release configs for x86.
-    'release_x86_asan_symbolized_verify_heap': [
+    'release_x86_asan_symbolized_verify_heap_turboshaft_csa': [
       'release_bot', 'x86', 'asan', 'lsan', 'symbolized',
-      'v8_verify_heap'],
+      'v8_verify_heap', 'v8_enable_turboshaft_csa'],
     'release_x86_gcmole': [
       'release_bot', 'x86', 'gcmole'],
     'release_x86_gcmole_trybot': [
@@ -1068,6 +1081,10 @@
       'gn_args': 'v8_control_flow_integrity=true',
     },
 
+    'v8_disable_leaptiering': {
+      'gn_args': 'v8_disable_leaptiering=true',
+    },
+
     'v8_disable_runtime_call_stats': {
       'gn_args': 'v8_enable_runtime_call_stats=false',
     },
@@ -1132,6 +1149,10 @@
       'gn_args': 'v8_enable_test_features=true',
     },
 
+    'v8_enable_turboshaft_csa': {
+      'gn_args': 'v8_enable_turboshaft_csa=true',
+    },
+
     'v8_enable_verify_predictable': {
       'gn_args': 'v8_enable_verify_predictable=true',
     },
diff --git a/deps/v8/infra/testing/builders.pyl b/deps/v8/infra/testing/builders.pyl
index 194928d35984e0..1afe45582fefbb 100644
--- a/deps/v8/infra/testing/builders.pyl
+++ b/deps/v8/infra/testing/builders.pyl
@@ -621,6 +621,14 @@
       {'name': 'v8testing', 'shards': 3},
     ],
   },
+  'v8_linux64_no_leaptiering_dbg': {
+    'swarming_dimensions' : {
+      'os': 'Ubuntu-22.04',
+    },
+    'tests': [
+      {'name': 'v8testing', 'shards': 3},
+    ],
+  },
   'v8_linux64_no_shared_cage_dbg': {
     'swarming_dimensions' : {
       'os': 'Ubuntu-22.04',
@@ -1694,6 +1702,14 @@
       {'name': 'v8testing'},
     ],
   },
+  'V8 Linux64 - no leaptiering - debug': {
+    'swarming_dimensions' : {
+      'os': 'Ubuntu-22.04',
+    },
+    'tests': [
+      {'name': 'v8testing', 'shards': 2},
+    ],
+  },
   'V8 Linux64 - no shared cage - debug': {
     'swarming_dimensions' : {
       'os': 'Ubuntu-22.04',
diff --git a/deps/v8/src/api/api-arguments-inl.h b/deps/v8/src/api/api-arguments-inl.h
index 3ebc8a185f1237..651c13dcf2caf5 100644
--- a/deps/v8/src/api/api-arguments-inl.h
+++ b/deps/v8/src/api/api-arguments-inl.h
@@ -166,7 +166,7 @@ Handle<Object> PropertyCallbackArguments::CallNamedQuery(
   slot_at(kReturnValueIndex).store(Smi::FromInt(v8::None));
   NamedPropertyQueryCallback f =
       ToCData<NamedPropertyQueryCallback, kApiNamedPropertyQueryCallbackTag>(
-          interceptor->query());
+          isolate, interceptor->query());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Integer, interceptor,
                                     ExceptionContext::kNamedQuery);
   v8::Intercepted intercepted = f(v8::Utils::ToLocal(name), callback_info);
@@ -183,7 +183,7 @@ Handle<JSAny> PropertyCallbackArguments::CallNamedGetter(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).undefined_value());
   NamedPropertyGetterCallback f =
       ToCData<NamedPropertyGetterCallback, kApiNamedPropertyGetterCallbackTag>(
-          interceptor->getter());
+          isolate, interceptor->getter());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Value, interceptor,
                                     ExceptionContext::kNamedGetter);
   v8::Intercepted intercepted = f(v8::Utils::ToLocal(name), callback_info);
@@ -201,7 +201,7 @@ Handle<JSAny> PropertyCallbackArguments::CallNamedDescriptor(
   NamedPropertyDescriptorCallback f =
       ToCData<NamedPropertyDescriptorCallback,
               kApiNamedPropertyDescriptorCallbackTag>(
-          interceptor->descriptor());
+          isolate, interceptor->descriptor());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Value, interceptor,
                                     ExceptionContext::kNamedDescriptor);
   v8::Intercepted intercepted = f(v8::Utils::ToLocal(name), callback_info);
@@ -219,7 +219,7 @@ v8::Intercepted PropertyCallbackArguments::CallNamedSetter(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
   NamedPropertySetterCallback f =
       ToCData<NamedPropertySetterCallback, kApiNamedPropertySetterCallbackTag>(
-          interceptor->setter());
+          isolate, interceptor->setter());
   Handle<InterceptorInfo> has_side_effects;
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, void, has_side_effects,
                                     ExceptionContext::kNamedSetter);
@@ -236,9 +236,9 @@ v8::Intercepted PropertyCallbackArguments::CallNamedDefiner(
   RCS_SCOPE(isolate, RuntimeCallCounterId::kNamedDefinerCallback);
   slot_at(kPropertyKeyIndex).store(*name);
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
-  NamedPropertyDefinerCallback f =
-      ToCData<NamedPropertyDefinerCallback,
-              kApiNamedPropertyDefinerCallbackTag>(interceptor->definer());
+  NamedPropertyDefinerCallback f = ToCData<NamedPropertyDefinerCallback,
+                                           kApiNamedPropertyDefinerCallbackTag>(
+      isolate, interceptor->definer());
   Handle<InterceptorInfo> has_side_effects;
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, void, has_side_effects,
                                     ExceptionContext::kNamedDefiner);
@@ -254,9 +254,9 @@ v8::Intercepted PropertyCallbackArguments::CallNamedDeleter(
   RCS_SCOPE(isolate, RuntimeCallCounterId::kNamedDeleterCallback);
   slot_at(kPropertyKeyIndex).store(*name);
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
-  NamedPropertyDeleterCallback f =
-      ToCData<NamedPropertyDeleterCallback,
-              kApiNamedPropertyDeleterCallbackTag>(interceptor->deleter());
+  NamedPropertyDeleterCallback f = ToCData<NamedPropertyDeleterCallback,
+                                           kApiNamedPropertyDeleterCallbackTag>(
+      isolate, interceptor->deleter());
   Handle<InterceptorInfo> has_side_effects;
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Boolean, has_side_effects,
                                     ExceptionContext::kNamedDeleter);
@@ -285,7 +285,8 @@ Handle<Object> PropertyCallbackArguments::CallIndexedQuery(
   slot_at(kReturnValueIndex).store(Smi::FromInt(v8::None));
   IndexedPropertyQueryCallbackV2 f =
       ToCData<IndexedPropertyQueryCallbackV2,
-              kApiIndexedPropertyQueryCallbackTag>(interceptor->query());
+              kApiIndexedPropertyQueryCallbackTag>(isolate,
+                                                   interceptor->query());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Integer, interceptor,
                                     ExceptionContext::kIndexedQuery);
   v8::Intercepted intercepted = f(index, callback_info);
@@ -303,7 +304,8 @@ Handle<JSAny> PropertyCallbackArguments::CallIndexedGetter(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).undefined_value());
   IndexedPropertyGetterCallbackV2 f =
       ToCData<IndexedPropertyGetterCallbackV2,
-              kApiIndexedPropertyGetterCallbackTag>(interceptor->getter());
+              kApiIndexedPropertyGetterCallbackTag>(isolate,
+                                                    interceptor->getter());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Value, interceptor,
                                     ExceptionContext::kIndexedGetter);
   v8::Intercepted intercepted = f(index, callback_info);
@@ -322,7 +324,7 @@ Handle<JSAny> PropertyCallbackArguments::CallIndexedDescriptor(
   IndexedPropertyDescriptorCallbackV2 f =
       ToCData<IndexedPropertyDescriptorCallbackV2,
               kApiIndexedPropertyDescriptorCallbackTag>(
-          interceptor->descriptor());
+          isolate, interceptor->descriptor());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Value, interceptor,
                                     ExceptionContext::kIndexedDescriptor);
   v8::Intercepted intercepted = f(index, callback_info);
@@ -341,7 +343,8 @@ v8::Intercepted PropertyCallbackArguments::CallIndexedSetter(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
   IndexedPropertySetterCallbackV2 f =
       ToCData<IndexedPropertySetterCallbackV2,
-              kApiIndexedPropertySetterCallbackTag>(interceptor->setter());
+              kApiIndexedPropertySetterCallbackTag>(isolate,
+                                                    interceptor->setter());
   Handle<InterceptorInfo> has_side_effects;
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, void, has_side_effects,
                                     ExceptionContext::kIndexedSetter);
@@ -361,7 +364,8 @@ v8::Intercepted PropertyCallbackArguments::CallIndexedDefiner(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
   IndexedPropertyDefinerCallbackV2 f =
       ToCData<IndexedPropertyDefinerCallbackV2,
-              kApiIndexedPropertyDefinerCallbackTag>(interceptor->definer());
+              kApiIndexedPropertyDefinerCallbackTag>(isolate,
+                                                     interceptor->definer());
   Handle<InterceptorInfo> has_side_effects;
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, void, has_side_effects,
                                     ExceptionContext::kIndexedDefiner);
@@ -379,7 +383,8 @@ v8::Intercepted PropertyCallbackArguments::CallIndexedDeleter(
   slot_at(kReturnValueIndex).store(ReadOnlyRoots(isolate).true_value());
   IndexedPropertyDeleterCallbackV2 f =
       ToCData<IndexedPropertyDeleterCallbackV2,
-              kApiIndexedPropertyDeleterCallbackTag>(interceptor->deleter());
+              kApiIndexedPropertyDeleterCallbackTag>(isolate,
+                                                     interceptor->deleter());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Boolean, interceptor,
                                     ExceptionContext::kIndexedDeleter);
   v8::Intercepted intercepted = f(index, callback_info);
@@ -401,7 +406,7 @@ Handle<JSObjectOrUndefined> PropertyCallbackArguments::CallPropertyEnumerator(
   IndexedPropertyEnumeratorCallback f =
       v8::ToCData<IndexedPropertyEnumeratorCallback,
                   kApiIndexedPropertyEnumeratorCallbackTag>(
-          interceptor->enumerator());
+          isolate, interceptor->enumerator());
   PREPARE_CALLBACK_INFO_INTERCEPTOR(isolate, f, v8::Array, interceptor,
                                     ExceptionContext::kNamedEnumerator);
   f(callback_info);
@@ -470,7 +475,7 @@ bool PropertyCallbackArguments::CallAccessorSetter(
   // v8::AccessorNameSetterCallback or AccessorNameBooleanSetterCallback
   // the result is guaranteed to be v8::Boolean value indicating success or
   // failure.
-  Handle<Boolean> result = GetReturnValue<Boolean>(isolate);
+  DirectHandle<Boolean> result = GetReturnValue<Boolean>(isolate);
   return IsTrue(*result, isolate);
 }
 
diff --git a/deps/v8/src/api/api-inl.h b/deps/v8/src/api/api-inl.h
index c7be6489469700..32e3e476826de3 100644
--- a/deps/v8/src/api/api-inl.h
+++ b/deps/v8/src/api/api-inl.h
@@ -18,18 +18,21 @@
 namespace v8 {
 
 template <typename T, internal::ExternalPointerTag tag>
-inline T ToCData(v8::internal::Tagged<v8::internal::Object> obj) {
+inline T ToCData(i::Isolate* isolate,
+                 v8::internal::Tagged<v8::internal::Object> obj) {
   static_assert(sizeof(T) == sizeof(v8::internal::Address));
   if (obj == v8::internal::Smi::zero()) return nullptr;
   return reinterpret_cast<T>(
-      v8::internal::Cast<v8::internal::Foreign>(obj)->foreign_address<tag>());
+      v8::internal::Cast<v8::internal::Foreign>(obj)->foreign_address<tag>(
+          isolate));
 }
 
 template <internal::ExternalPointerTag tag>
 inline v8::internal::Address ToCData(
-    v8::internal::Tagged<v8::internal::Object> obj) {
+    i::Isolate* isolate, v8::internal::Tagged<v8::internal::Object> obj) {
   if (obj == v8::internal::Smi::zero()) return v8::internal::kNullAddress;
-  return v8::internal::Cast<v8::internal::Foreign>(obj)->foreign_address<tag>();
+  return v8::internal::Cast<v8::internal::Foreign>(obj)->foreign_address<tag>(
+      isolate);
 }
 
 template <internal::ExternalPointerTag tag, typename T>
@@ -51,66 +54,51 @@ inline v8::internal::Handle<i::UnionOf<i::Smi, i::Foreign>> FromCData(
 }
 
 template <class From, class To>
-inline Local<To> Utils::Convert(v8::internal::Handle<From> obj) {
-  DCHECK(obj.is_null() || (IsSmi(*obj) || !IsTheHole(*obj)));
-#ifdef V8_ENABLE_DIRECT_LOCAL
+inline Local<To> Utils::Convert(v8::internal::DirectHandle<From> obj) {
+  DCHECK(obj.is_null() || IsSmi(*obj) || !IsTheHole(*obj));
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (obj.is_null()) return Local<To>();
-#endif
-  return Local<To>::FromSlot(obj.location());
-}
-
-template <class From, class To>
-inline Local<To> Utils::Convert(v8::internal::DirectHandle<From> obj,
-                                v8::internal::Isolate* isolate) {
-#if defined(V8_ENABLE_DIRECT_LOCAL)
-  DCHECK(obj.is_null() || (IsSmi(*obj) || !IsTheHole(*obj)));
   return Local<To>::FromAddress(obj.address());
-#elif defined(V8_ENABLE_DIRECT_HANDLE)
-  if (obj.is_null()) return Local<To>();
-  return Convert<From, To>(v8::internal::Handle<From>(*obj, isolate));
 #else
-  return Convert<From, To>(obj);
+  return Local<To>::FromSlot(obj.location());
 #endif
 }
 
 // Implementations of ToLocal
 
-#define MAKE_TO_LOCAL(Name, From, To)                                       \
-  Local<v8::To> Utils::Name(v8::internal::Handle<v8::internal::From> obj) { \
-    return Convert<v8::internal::From, v8::To>(obj);                        \
-  }                                                                         \
-                                                                            \
-  Local<v8::To> Utils::Name(                                                \
-      v8::internal::DirectHandle<v8::internal::From> obj,                   \
-      i::Isolate* isolate) {                                                \
-    return Convert<v8::internal::From, v8::To>(obj, isolate);               \
+#define MAKE_TO_LOCAL(Name)                                                  \
+  template <template <typename T> typename HandleType, typename T, typename> \
+  inline auto Utils::Name(HandleType<T> obj) {                               \
+    return Utils::Name##_helper(v8::internal::DirectHandle<T>(obj));         \
   }
 
-TO_LOCAL_LIST(MAKE_TO_LOCAL)
-
-#define MAKE_TO_LOCAL_TYPED_ARRAY(Type, typeName, TYPE, ctype)                 \
-  Local<v8::Type##Array> Utils::ToLocal##Type##Array(                          \
-      v8::internal::Handle<v8::internal::JSTypedArray> obj) {                  \
-    DCHECK(obj->type() == v8::internal::kExternal##Type##Array);               \
-    return Convert<v8::internal::JSTypedArray, v8::Type##Array>(obj);          \
-  }                                                                            \
-                                                                               \
-  Local<v8::Type##Array> Utils::ToLocal##Type##Array(                          \
-      v8::internal::DirectHandle<v8::internal::JSTypedArray> obj,              \
-      v8::internal::Isolate* isolate) {                                        \
-    DCHECK(obj->type() == v8::internal::kExternal##Type##Array);               \
-    return Convert<v8::internal::JSTypedArray, v8::Type##Array>(obj, isolate); \
+TO_LOCAL_NAME_LIST(MAKE_TO_LOCAL)
+
+#define MAKE_TO_LOCAL_PRIVATE(Name, From, To)               \
+  inline Local<v8::To> Utils::Name##_helper(                \
+      v8::internal::DirectHandle<v8::internal::From> obj) { \
+    return Convert<v8::internal::From, v8::To>(obj);        \
+  }
+
+TO_LOCAL_LIST(MAKE_TO_LOCAL_PRIVATE)
+
+#define MAKE_TO_LOCAL_TYPED_ARRAY(Type, typeName, TYPE, ctype)        \
+  Local<v8::Type##Array> Utils::ToLocal##Type##Array(                 \
+      v8::internal::DirectHandle<v8::internal::JSTypedArray> obj) {   \
+    DCHECK(obj->type() == v8::internal::kExternal##Type##Array);      \
+    return Convert<v8::internal::JSTypedArray, v8::Type##Array>(obj); \
   }
 
 TYPED_ARRAYS(MAKE_TO_LOCAL_TYPED_ARRAY)
 
 #undef MAKE_TO_LOCAL_TYPED_ARRAY
 #undef MAKE_TO_LOCAL
+#undef MAKE_TO_LOCAL_PRIVATE
 #undef TO_LOCAL_LIST
 
 // Implementations of OpenHandle
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
 #define MAKE_OPEN_HANDLE(From, To)                                           \
   v8::internal::Handle<v8::internal::To> Utils::OpenHandle(                  \
@@ -142,7 +130,7 @@ TYPED_ARRAYS(MAKE_TO_LOCAL_TYPED_ARRAY)
     return Utils::OpenHandle(that, allow_empty_handle);                      \
   }
 
-#else  // !V8_ENABLE_DIRECT_LOCAL
+#else  // !V8_ENABLE_DIRECT_HANDLE
 
 #define MAKE_OPEN_HANDLE(From, To)                                           \
   v8::internal::Handle<v8::internal::To> Utils::OpenHandle(                  \
@@ -166,7 +154,7 @@ TYPED_ARRAYS(MAKE_TO_LOCAL_TYPED_ARRAY)
     return Utils::OpenHandle(that, allow_empty_handle);                      \
   }
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
 OPEN_HANDLE_LIST(MAKE_OPEN_HANDLE)
 
@@ -186,7 +174,8 @@ class V8_NODISCARD CallDepthScope {
   }
   ~CallDepthScope() {
     i::MicrotaskQueue* microtask_queue =
-        i::Cast<i::NativeContext>(isolate_->context())->microtask_queue();
+        i::Cast<i::NativeContext>(isolate_->context())
+            ->microtask_queue(isolate_);
 
     isolate_->thread_local_top()->DecrementCallDepth(this);
     // Clear the exception when exiting V8 to avoid memory leaks.
@@ -251,7 +240,7 @@ class V8_NODISCARD InternalEscapableScope : public EscapableHandleScopeBase {
    */
   template <class T>
   V8_INLINE Local<T> Escape(Local<T> value) {
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     return value;
 #else
     DCHECK(!value.IsEmpty());
diff --git a/deps/v8/src/api/api-natives.cc b/deps/v8/src/api/api-natives.cc
index 5e20b43cb4fb0a..74e44e6d0fd790 100644
--- a/deps/v8/src/api/api-natives.cc
+++ b/deps/v8/src/api/api-natives.cc
@@ -131,7 +131,8 @@ MaybeHandle<Object> DefineDataProperty(Isolate* isolate,
 void DisableAccessChecks(Isolate* isolate, DirectHandle<JSObject> object) {
   Handle<Map> old_map(object->map(), isolate);
   // Copy map so it won't interfere constructor's initial map.
-  Handle<Map> new_map = Map::Copy(isolate, old_map, "DisableAccessChecks");
+  DirectHandle<Map> new_map =
+      Map::Copy(isolate, old_map, "DisableAccessChecks");
   new_map->set_is_access_check_needed(false);
   JSObject::MigrateToMap(isolate, object, new_map);
 }
@@ -139,7 +140,7 @@ void DisableAccessChecks(Isolate* isolate, DirectHandle<JSObject> object) {
 void EnableAccessChecks(Isolate* isolate, DirectHandle<JSObject> object) {
   Handle<Map> old_map(object->map(), isolate);
   // Copy map so it won't interfere constructor's initial map.
-  Handle<Map> new_map = Map::Copy(isolate, old_map, "EnableAccessChecks");
+  DirectHandle<Map> new_map = Map::Copy(isolate, old_map, "EnableAccessChecks");
   new_map->set_is_access_check_needed(true);
   new_map->set_may_have_interesting_properties(true);
   JSObject::MigrateToMap(isolate, object, new_map);
diff --git a/deps/v8/src/api/api.cc b/deps/v8/src/api/api.cc
index 9019296f49da30..5ab671c8c4168a 100644
--- a/deps/v8/src/api/api.cc
+++ b/deps/v8/src/api/api.cc
@@ -7,6 +7,7 @@
 #include <algorithm>  // For min
 #include <cmath>      // For isnan.
 #include <limits>
+#include <optional>
 #include <sstream>
 #include <string>
 #include <utility>  // For move
@@ -198,10 +199,10 @@ static ScriptOrigin GetScriptOriginForScript(
   is_wasm = script->type() == i::Script::Type::kWasm;
 #endif  // V8_ENABLE_WEBASSEMBLY
   v8::ScriptOrigin origin(
-      Utils::ToLocal(scriptName, i_isolate), script->line_offset(),
+      Utils::ToLocal(scriptName), script->line_offset(),
       script->column_offset(), options.IsSharedCrossOrigin(), script->id(),
-      Utils::ToLocal(source_map_url, i_isolate), options.IsOpaque(), is_wasm,
-      options.IsModule(), Utils::ToLocal(host_defined_options, i_isolate));
+      Utils::ToLocal(source_map_url), options.IsOpaque(), is_wasm,
+      options.IsModule(), Utils::ToLocal(host_defined_options));
   return origin;
 }
 
@@ -788,8 +789,8 @@ constexpr InstanceTypeChecker::TaggedAddressRange kStringMapRange =
   V(FalseValue, i::StaticReadOnlyRoot::kFalseValue)         \
   V(EmptyString, i::StaticReadOnlyRoot::kempty_string)      \
   V(TheHoleValue, i::StaticReadOnlyRoot::kTheHoleValue)     \
-  V(FirstStringMap, kStringMapRange.first)                  \
-  V(LastStringMap, kStringMapRange.second)
+  V(StringMapLowerBound, kStringMapRange.first)             \
+  V(StringMapUpperBound, kStringMapRange.second)
 
 static_assert(std::is_same<Internals::Tagged_t, Tagged_t>::value);
 // Ensure they have the correct value.
@@ -923,14 +924,14 @@ i::Address* HandleScope::CreateHandle(i::Isolate* i_isolate, i::Address value) {
   return i::HandleScope::CreateHandle(i_isolate, value);
 }
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 
 i::Address* HandleScope::CreateHandleForCurrentIsolate(i::Address value) {
   i::Isolate* i_isolate = i::Isolate::Current();
   return i::HandleScope::CreateHandle(i_isolate, value);
 }
 
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
 EscapableHandleScopeBase::EscapableHandleScopeBase(Isolate* v8_isolate) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
@@ -1094,10 +1095,8 @@ v8::Local<v8::Value> Context::SlowGetEmbedderData(int index) {
       EmbedderDataFor(this, index, false, location);
   if (data.is_null()) return Local<Value>();
   i::Isolate* i_isolate = Utils::OpenDirectHandle(this)->GetIsolate();
-  return Utils::ToLocal(
-      i::direct_handle(i::EmbedderDataSlot(*data, index).load_tagged(),
-                       i_isolate),
-      i_isolate);
+  return Utils::ToLocal(i::direct_handle(
+      i::EmbedderDataSlot(*data, index).load_tagged(), i_isolate));
 }
 
 void Context::SetEmbedderData(int index, v8::Local<Value> value) {
@@ -1214,7 +1213,7 @@ Local<ObjectTemplate> FunctionTemplate::PrototypeTemplate() {
                                                   proto_template);
     return Utils::ToLocal(proto_template);
   }
-  return ToApiHandle<ObjectTemplate>(heap_obj, i_isolate);
+  return ToApiHandle<ObjectTemplate>(heap_obj);
 }
 
 void FunctionTemplate::SetPrototypeProviderTemplate(
@@ -1482,10 +1481,8 @@ Local<ObjectTemplate> FunctionTemplate::InstanceTemplate() {
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
   auto maybe_templ = constructor->GetInstanceTemplate();
   if (!i::IsUndefined(maybe_templ, i_isolate)) {
-    return Utils::ToLocal(
-        i::direct_handle(i::Cast<i::ObjectTemplateInfo>(maybe_templ),
-                         i_isolate),
-        i_isolate);
+    return Utils::ToLocal(i::direct_handle(
+        i::Cast<i::ObjectTemplateInfo>(maybe_templ), i_isolate));
   }
   constexpr bool do_not_cache = false;
   i::Handle<i::ObjectTemplateInfo> templ =
@@ -1510,6 +1507,22 @@ void FunctionTemplate::SetClassName(Local<String> name) {
   info->set_class_name(*Utils::OpenDirectHandle(*name));
 }
 
+void FunctionTemplate::SetInterfaceName(Local<String> name) {
+  auto info = Utils::OpenDirectHandle(this);
+  EnsureNotPublished(info, "v8::FunctionTemplate::SetInterfaceName");
+  i::Isolate* i_isolate = info->GetIsolateChecked();
+  ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
+  info->set_interface_name(*Utils::OpenDirectHandle(*name));
+}
+
+void FunctionTemplate::SetExceptionContext(ExceptionContext context) {
+  auto info = Utils::OpenDirectHandle(this);
+  EnsureNotPublished(info, "v8::FunctionTemplate::SetExceptionContext");
+  i::Isolate* i_isolate = info->GetIsolateChecked();
+  ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
+  info->set_exception_context(static_cast<uint32_t>(context));
+}
+
 void FunctionTemplate::SetAcceptAnyReceiver(bool value) {
   auto info = Utils::OpenDirectHandle(this);
   EnsureNotPublished(info, "v8::FunctionTemplate::SetAcceptAnyReceiver");
@@ -1958,7 +1971,7 @@ Local<Script> UnboundScript::BindToCurrentContext() {
   DCHECK(!InReadOnlySpace(*function_info));
   i::Isolate* i_isolate = i::GetIsolateFromWritableObject(*function_info);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  i::Handle<i::JSFunction> function =
+  i::DirectHandle<i::JSFunction> function =
       i::Factory::JSFunctionBuilder{i_isolate, function_info,
                                     i_isolate->native_context()}
           .Build();
@@ -1983,7 +1996,8 @@ int UnboundScript::GetLineNumber(int code_pos) {
     i::Isolate* i_isolate = i::GetIsolateFromWritableObject(*obj);
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     API_RCS_SCOPE(i_isolate, UnboundScript, GetLineNumber);
-    i::Handle<i::Script> script(i::Cast<i::Script>(obj->script()), i_isolate);
+    i::DirectHandle<i::Script> script(i::Cast<i::Script>(obj->script()),
+                                      i_isolate);
     return i::Script::GetLineNumber(script, code_pos);
   } else {
     return -1;
@@ -1999,7 +2013,8 @@ int UnboundScript::GetColumnNumber(int code_pos) {
     i::Isolate* i_isolate = i::GetIsolateFromWritableObject(*obj);
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     API_RCS_SCOPE(i_isolate, UnboundScript, GetColumnNumber);
-    i::Handle<i::Script> script(i::Cast<i::Script>(obj->script()), i_isolate);
+    i::DirectHandle<i::Script> script(i::Cast<i::Script>(obj->script()),
+                                      i_isolate);
     return i::Script::GetColumnNumber(script, code_pos);
   } else {
     return -1;
@@ -2016,7 +2031,7 @@ Local<Value> UnboundScript::GetScriptName() {
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     API_RCS_SCOPE(i_isolate, UnboundScript, GetName);
     i::Tagged<i::Object> name = i::Cast<i::Script>(obj->script())->name();
-    return Utils::ToLocal(i::direct_handle(name, i_isolate), i_isolate);
+    return Utils::ToLocal(i::direct_handle(name, i_isolate));
   } else {
     return Local<String>();
   }
@@ -2032,7 +2047,7 @@ Local<Value> UnboundScript::GetSourceURL() {
     API_RCS_SCOPE(i_isolate, UnboundScript, GetSourceURL);
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     i::Tagged<i::Object> url = i::Cast<i::Script>(obj->script())->source_url();
-    return Utils::ToLocal(i::direct_handle(url, i_isolate), i_isolate);
+    return Utils::ToLocal(i::direct_handle(url, i_isolate));
   } else {
     return Local<String>();
   }
@@ -2049,7 +2064,7 @@ Local<Value> UnboundScript::GetSourceMappingURL() {
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     i::Tagged<i::Object> url =
         i::Cast<i::Script>(obj->script())->source_mapping_url();
-    return Utils::ToLocal(i::direct_handle(url, i_isolate), i_isolate);
+    return Utils::ToLocal(i::direct_handle(url, i_isolate));
   } else {
     return Local<String>();
   }
@@ -2065,7 +2080,7 @@ Local<Value> UnboundModuleScript::GetSourceURL() {
     API_RCS_SCOPE(i_isolate, UnboundModuleScript, GetSourceURL);
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     i::Tagged<i::Object> url = i::Cast<i::Script>(obj->script())->source_url();
-    return Utils::ToLocal(i::direct_handle(url, i_isolate), i_isolate);
+    return Utils::ToLocal(i::direct_handle(url, i_isolate));
   } else {
     return Local<String>();
   }
@@ -2082,7 +2097,7 @@ Local<Value> UnboundModuleScript::GetSourceMappingURL() {
     ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
     i::Tagged<i::Object> url =
         i::Cast<i::Script>(obj->script())->source_mapping_url();
-    return Utils::ToLocal(i::direct_handle(url, i_isolate), i_isolate);
+    return Utils::ToLocal(i::direct_handle(url, i_isolate));
   } else {
     return Local<String>();
   }
@@ -2135,8 +2150,7 @@ Local<Value> ScriptOrModule::GetResourceName() {
   auto obj = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = i::GetIsolateFromWritableObject(*obj);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  return ToApiHandle<Value>(i::direct_handle(obj->resource_name(), i_isolate),
-                            i_isolate);
+  return ToApiHandle<Value>(i::direct_handle(obj->resource_name(), i_isolate));
 }
 
 Local<Data> ScriptOrModule::HostDefinedOptions() {
@@ -2144,7 +2158,7 @@ Local<Data> ScriptOrModule::HostDefinedOptions() {
   i::Isolate* i_isolate = i::GetIsolateFromWritableObject(*obj);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
   return ToApiHandle<Data>(
-      i::direct_handle(obj->host_defined_options(), i_isolate), i_isolate);
+      i::direct_handle(obj->host_defined_options(), i_isolate));
 }
 
 Local<UnboundScript> Script::GetUnboundScript() {
@@ -2152,7 +2166,7 @@ Local<UnboundScript> Script::GetUnboundScript() {
   auto obj = Utils::OpenDirectHandle(this);
   i::DirectHandle<i::SharedFunctionInfo> sfi(obj->shared(), obj->GetIsolate());
   DCHECK(!InReadOnlySpace(*sfi));
-  return ToApiHandle<UnboundScript>(sfi, obj->GetIsolate());
+  return ToApiHandle<UnboundScript>(sfi);
 }
 
 Local<Value> Script::GetResourceName() {
@@ -2162,8 +2176,7 @@ Local<Value> Script::GetResourceName() {
   CHECK(IsScript(sfi->script()));
   i::Isolate* i_isolate = func->GetIsolate();
   return ToApiHandle<Value>(
-      i::direct_handle(i::Cast<i::Script>(sfi->script())->name(), i_isolate),
-      i_isolate);
+      i::direct_handle(i::Cast<i::Script>(sfi->script())->name(), i_isolate));
 }
 
 std::vector<int> Script::GetProducedCompileHints() const {
@@ -2195,7 +2208,8 @@ Local<CompileHintsCollector> Script::GetCompileHintsCollector() const {
   i::Isolate* i_isolate = func->GetIsolate();
   i::Tagged<i::SharedFunctionInfo> sfi = func->shared();
   CHECK(IsScript(sfi->script()));
-  i::Handle<i::Script> script(i::Cast<i::Script>(sfi->script()), i_isolate);
+  i::DirectHandle<i::Script> script(i::Cast<i::Script>(sfi->script()),
+                                    i_isolate);
   return ToApiHandle<CompileHintsCollector>(script);
 }
 
@@ -2226,7 +2240,8 @@ Local<PrimitiveArray> PrimitiveArray::New(Isolate* v8_isolate, int length) {
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
   Utils::ApiCheck(length >= 0, "v8::PrimitiveArray::New",
                   "length must be equal or greater than zero");
-  i::Handle<i::FixedArray> array = i_isolate->factory()->NewFixedArray(length);
+  i::DirectHandle<i::FixedArray> array =
+      i_isolate->factory()->NewFixedArray(length);
   return ToApiHandle<PrimitiveArray>(array);
 }
 
@@ -2254,8 +2269,7 @@ Local<Primitive> PrimitiveArray::Get(Isolate* v8_isolate, int index) {
                   "v8::PrimitiveArray::Get",
                   "index must be greater than or equal to 0 and less than the "
                   "array length");
-  return ToApiHandle<Primitive>(i::direct_handle(array->get(index), i_isolate),
-                                i_isolate);
+  return ToApiHandle<Primitive>(i::direct_handle(array->get(index), i_isolate));
 }
 
 void v8::PrimitiveArray::CheckCast(v8::Data* that) {
@@ -2274,15 +2288,13 @@ Local<Data> FixedArray::Get(Local<Context> context, int i) const {
   auto self = Utils::OpenDirectHandle(this);
   auto i_isolate = reinterpret_cast<i::Isolate*>(context->GetIsolate());
   CHECK_LT(i, self->length());
-  return ToApiHandle<Data>(i::direct_handle(self->get(i), i_isolate),
-                           i_isolate);
+  return ToApiHandle<Data>(i::direct_handle(self->get(i), i_isolate));
 }
 
 Local<String> ModuleRequest::GetSpecifier() const {
   auto self = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
-  return ToApiHandle<String>(i::direct_handle(self->specifier(), i_isolate),
-                             i_isolate);
+  return ToApiHandle<String>(i::direct_handle(self->specifier(), i_isolate));
 }
 
 int ModuleRequest::GetSourceOffset() const {
@@ -2293,7 +2305,7 @@ Local<FixedArray> ModuleRequest::GetImportAttributes() const {
   auto self = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
   return ToApiHandle<FixedArray>(
-      i::direct_handle(self->import_attributes(), i_isolate), i_isolate);
+      i::direct_handle(self->import_attributes(), i_isolate));
 }
 
 Module::Status Module::GetStatus() const {
@@ -2324,8 +2336,7 @@ Local<Value> Module::GetException() const {
   auto self = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  return ToApiHandle<Value>(i::direct_handle(self->GetException(), i_isolate),
-                            i_isolate);
+  return ToApiHandle<Value>(i::direct_handle(self->GetException(), i_isolate));
 }
 
 Local<FixedArray> Module::GetModuleRequests() const {
@@ -2338,11 +2349,9 @@ Local<FixedArray> Module::GetModuleRequests() const {
     return ToApiHandle<FixedArray>(
         self->GetReadOnlyRoots().empty_fixed_array_handle());
   } else {
-    return ToApiHandle<FixedArray>(
-        i::direct_handle(
-            i::Cast<i::SourceTextModule>(self)->info()->module_requests(),
-            i_isolate),
-        i_isolate);
+    return ToApiHandle<FixedArray>(i::direct_handle(
+        i::Cast<i::SourceTextModule>(self)->info()->module_requests(),
+        i_isolate));
   }
 }
 
@@ -2354,8 +2363,8 @@ Location Module::SourceOffsetToLocation(int offset) const {
   Utils::ApiCheck(
       i::IsSourceTextModule(*self), "v8::Module::SourceOffsetToLocation",
       "v8::Module::SourceOffsetToLocation must be used on an SourceTextModule");
-  i::Handle<i::Script> script(i::Cast<i::SourceTextModule>(self)->GetScript(),
-                              i_isolate);
+  i::DirectHandle<i::Script> script(
+      i::Cast<i::SourceTextModule>(self)->GetScript(), i_isolate);
   i::Script::PositionInfo info;
   i::Script::GetPositionInfo(script, offset, &info);
   return v8::Location(info.line, info.column);
@@ -2368,7 +2377,7 @@ Local<Value> Module::GetModuleNamespace() {
   auto self = Utils::OpenHandle(this);
   auto i_isolate = self->GetIsolate();
   DCHECK_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  i::Handle<i::JSModuleNamespace> module_namespace =
+  i::DirectHandle<i::JSModuleNamespace> module_namespace =
       i::Module::GetModuleNamespace(i_isolate, self);
   return ToApiHandle<Value>(module_namespace);
 }
@@ -2380,11 +2389,8 @@ Local<UnboundModuleScript> Module::GetUnboundModuleScript() {
       "v8::Module::GetUnboundModuleScript must be used on an SourceTextModule");
   auto i_isolate = self->GetIsolate();
   DCHECK_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  return ToApiHandle<UnboundModuleScript>(
-      i::direct_handle(
-          i::Cast<i::SourceTextModule>(self)->GetSharedFunctionInfo(),
-          i_isolate),
-      i_isolate);
+  return ToApiHandle<UnboundModuleScript>(i::direct_handle(
+      i::Cast<i::SourceTextModule>(self)->GetSharedFunctionInfo(), i_isolate));
 }
 
 int Module::ScriptId() const {
@@ -3157,7 +3163,7 @@ int Message::GetWasmFunctionIndex() const {
     return Message::kNoWasmFunctionIndexInfo;
   }
 
-  auto debug_script = ToApiHandle<debug::Script>(script, i_isolate);
+  auto debug_script = ToApiHandle<debug::Script>(script);
   return Local<debug::WasmScript>::Cast(debug_script)
       ->GetContainingFunction(start_position);
 #else
@@ -3205,8 +3211,8 @@ MaybeLocal<String> Message::GetSource(Local<Context> context) const {
   i::Isolate* i_isolate = self->GetIsolate();
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
   InternalEscapableScope handle_scope(i_isolate);
-  RETURN_ESCAPED(Utils::ToLocal(i::direct_handle(self->GetSource(), i_isolate),
-                                i_isolate));
+  RETURN_ESCAPED(
+      Utils::ToLocal(i::direct_handle(self->GetSource(), i_isolate)));
 }
 
 MaybeLocal<String> Message::GetSourceLine(Local<Context> context) const {
@@ -3229,11 +3235,9 @@ void Message::PrintCurrentStackTrace(Isolate* v8_isolate, std::ostream& out) {
 Local<StackFrame> StackTrace::GetFrame(Isolate* v8_isolate,
                                        uint32_t index) const {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
-  return Utils::StackFrameToLocal(
-      i::direct_handle(
-          i::Cast<i::StackFrameInfo>(Utils::OpenDirectHandle(this)->get(index)),
-          i_isolate),
-      i_isolate);
+  return Utils::StackFrameToLocal(i::direct_handle(
+      i::Cast<i::StackFrameInfo>(Utils::OpenDirectHandle(this)->get(index)),
+      i_isolate));
 }
 
 int StackTrace::GetFrameCount() const {
@@ -3263,7 +3267,7 @@ Local<String> StackTrace::CurrentScriptNameOrSourceURL(Isolate* v8_isolate) {
 Location StackFrame::GetLocation() const {
   auto self = Utils::OpenHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
-  i::Handle<i::Script> script(self->script(), i_isolate);
+  i::DirectHandle<i::Script> script(self->script(), i_isolate);
   i::Script::PositionInfo info;
   CHECK(i::Script::GetPositionInfo(
       script, i::StackFrameInfo::GetSourcePosition(self), &info));
@@ -3285,7 +3289,7 @@ Local<String> StackFrame::GetScriptName() const {
   i::Isolate* i_isolate = self->GetIsolate();
   i::DirectHandle<i::Object> name(self->script()->name(), i_isolate);
   if (!IsString(*name)) return {};
-  return Utils::ToLocal(i::Cast<i::String>(name), i_isolate);
+  return Utils::ToLocal(i::Cast<i::String>(name));
 }
 
 Local<String> StackFrame::GetScriptNameOrSourceURL() const {
@@ -3294,7 +3298,7 @@ Local<String> StackFrame::GetScriptNameOrSourceURL() const {
   i::DirectHandle<i::Object> name_or_source_url(
       self->script()->GetNameOrSourceURL(), i_isolate);
   if (!IsString(*name_or_source_url)) return {};
-  return Utils::ToLocal(i::Cast<i::String>(name_or_source_url), i_isolate);
+  return Utils::ToLocal(i::Cast<i::String>(name_or_source_url));
 }
 
 Local<String> StackFrame::GetScriptSource() const {
@@ -3304,7 +3308,7 @@ Local<String> StackFrame::GetScriptSource() const {
   i::DirectHandle<i::PrimitiveHeapObject> source(self->script()->source(),
                                                  i_isolate);
   if (!IsString(*source)) return {};
-  return Utils::ToLocal(i::Cast<i::String>(source), i_isolate);
+  return Utils::ToLocal(i::Cast<i::String>(source));
 }
 
 Local<String> StackFrame::GetScriptSourceMappingURL() const {
@@ -3313,7 +3317,7 @@ Local<String> StackFrame::GetScriptSourceMappingURL() const {
   i::DirectHandle<i::Object> source_mapping_url(
       self->script()->source_mapping_url(), i_isolate);
   if (!IsString(*source_mapping_url)) return {};
-  return Utils::ToLocal(i::Cast<i::String>(source_mapping_url), i_isolate);
+  return Utils::ToLocal(i::Cast<i::String>(source_mapping_url));
 }
 
 Local<String> StackFrame::GetFunctionName() const {
@@ -3321,7 +3325,7 @@ Local<String> StackFrame::GetFunctionName() const {
   i::Isolate* i_isolate = self->GetIsolate();
   i::DirectHandle<i::String> name(self->function_name(), i_isolate);
   if (name->length() == 0) return {};
-  return Utils::ToLocal(name, i_isolate);
+  return Utils::ToLocal(name);
 }
 
 bool StackFrame::IsEval() const {
@@ -3860,7 +3864,7 @@ MaybeLocal<String> Value::ToString(Local<Context> context) const {
 }
 
 MaybeLocal<String> Value::ToDetailString(Local<Context> context) const {
-  i::Handle<i::Object> obj = Utils::OpenHandle(this);
+  i::DirectHandle<i::Object> obj = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate;
   if (!context.IsEmpty()) {
     i_isolate = reinterpret_cast<i::Isolate*>(context->GetIsolate());
@@ -3870,8 +3874,7 @@ MaybeLocal<String> Value::ToDetailString(Local<Context> context) const {
   }
   if (i::IsString(*obj)) return ToApiHandle<String>(obj);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  return Utils::ToLocal(i::Object::NoSideEffectsToString(i_isolate, obj),
-                        i_isolate);
+  return Utils::ToLocal(i::Object::NoSideEffectsToString(i_isolate, obj));
 }
 
 MaybeLocal<Object> Value::ToObject(Local<Context> context) const {
@@ -4905,7 +4908,7 @@ MaybeLocal<Array> v8::Object::GetPropertyNames(
     KeyConversionMode key_conversion) {
   PREPARE_FOR_EXECUTION(context, Object, GetPropertyNames);
   auto self = Utils::OpenHandle(this);
-  i::Handle<i::FixedArray> value;
+  i::DirectHandle<i::FixedArray> value;
   i::KeyAccumulator accumulator(
       i_isolate, static_cast<i::KeyCollectionMode>(mode),
       static_cast<i::PropertyFilter>(property_filter));
@@ -5299,14 +5302,19 @@ Maybe<PropertyAttribute> v8::Object::GetRealNamedPropertyAttributes(
       static_cast<PropertyAttribute>(result.FromJust()));
 }
 
-Local<v8::Object> v8::Object::Clone() {
+Local<v8::Object> v8::Object::Clone(Isolate* isolate) {
   auto self = i::Cast<i::JSObject>(Utils::OpenHandle(this));
-  auto i_isolate = self->GetIsolate();
+  i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
   i::Handle<i::JSObject> result = i_isolate->factory()->CopyJSObject(self);
   return Utils::ToLocal(result);
 }
 
+Local<v8::Object> v8::Object::Clone() {
+  auto self = i::Cast<i::JSObject>(Utils::OpenHandle(this));
+  return Clone(reinterpret_cast<v8::Isolate*>(self->GetIsolate()));
+}
+
 namespace {
 V8_INLINE MaybeLocal<v8::Context> GetCreationContextImpl(
     i::DirectHandle<i::JSReceiver> object, i::Isolate* i_isolate) {
@@ -5436,7 +5444,7 @@ bool v8::Object::IsUndetectable() const {
 }
 
 namespace {
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 // A newly allocated vector is required to convert from an array of direct
 // locals to an array of indirect handles.
 std::vector<i::Handle<i::Object>> PrepareArguments(int argc,
@@ -5447,7 +5455,7 @@ std::vector<i::Handle<i::Object>> PrepareArguments(int argc,
   }
   return args;
 }
-#else   // !V8_ENABLE_DIRECT_LOCAL
+#else   // !V8_ENABLE_DIRECT_HANDLE
 // A simple cast is used to convert from an array of indirect locals to an
 // array of indirect handles. A MemorySpan object is returned, as no
 // deallocation is necessary.
@@ -5456,7 +5464,7 @@ v8::MemorySpan<i::Handle<i::Object>> PrepareArguments(int argc,
   return {reinterpret_cast<i::Handle<i::Object>*>(argv),
           static_cast<size_t>(argc)};
 }
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 }  // namespace
 
 MaybeLocal<Value> Object::CallAsFunction(Local<Context> context,
@@ -5552,10 +5560,11 @@ MaybeLocal<Object> Function::NewInstanceWithSideEffectType(
   RETURN_ESCAPED(result);
 }
 
-MaybeLocal<v8::Value> Function::Call(Local<Context> context,
+MaybeLocal<v8::Value> Function::Call(v8::Isolate* isolate,
+                                     Local<Context> context,
                                      v8::Local<v8::Value> recv, int argc,
                                      v8::Local<v8::Value> argv[]) {
-  auto i_isolate = reinterpret_cast<i::Isolate*>(context->GetIsolate());
+  auto i_isolate = reinterpret_cast<i::Isolate*>(isolate);
   TRACE_EVENT_CALL_STATS_SCOPED(i_isolate, "v8", "V8.Execute");
   ENTER_V8(i_isolate, context, Function, Call, InternalEscapableScope);
   i::TimerEventScope<i::TimerEventExecute> timer_scope(i_isolate);
@@ -5575,6 +5584,12 @@ MaybeLocal<v8::Value> Function::Call(Local<Context> context,
   RETURN_ESCAPED(result);
 }
 
+MaybeLocal<v8::Value> Function::Call(Local<Context> context,
+                                     v8::Local<v8::Value> recv, int argc,
+                                     v8::Local<v8::Value> argv[]) {
+  return Call(context->GetIsolate(), context, recv, argc, argv);
+}
+
 void Function::SetName(v8::Local<v8::String> name) {
   auto self = Utils::OpenDirectHandle(this);
   if (!IsJSFunction(*self)) return;
@@ -5596,7 +5611,7 @@ Local<Value> Function::GetName() const {
   }
   if (i::IsJSFunction(*self)) {
     auto func = i::Cast<i::JSFunction>(self);
-    return Utils::ToLocal(handle(func->shared()->Name(), i_isolate));
+    return Utils::ToLocal(i::direct_handle(func->shared()->Name(), i_isolate));
   }
   return ToApiHandle<Primitive>(i_isolate->factory()->undefined_value());
 }
@@ -5610,7 +5625,7 @@ Local<Value> Function::GetInferredName() const {
   auto func = i::Cast<i::JSFunction>(self);
   i::Isolate* isolate = func->GetIsolate();
   return Utils::ToLocal(
-      i::direct_handle(func->shared()->inferred_name(), isolate), isolate);
+      i::direct_handle(func->shared()->inferred_name(), isolate));
 }
 
 Local<Value> Function::GetDebugName() const {
@@ -5621,7 +5636,7 @@ Local<Value> Function::GetDebugName() const {
   }
   auto func = i::Cast<i::JSFunction>(self);
   i::DirectHandle<i::String> name = i::JSFunction::GetDebugName(func);
-  return Utils::ToLocal(i::direct_handle(*name, i_isolate), i_isolate);
+  return Utils::ToLocal(i::direct_handle(*name, i_isolate));
 }
 
 ScriptOrigin Function::GetScriptOrigin() const {
@@ -5645,8 +5660,8 @@ int Function::GetScriptLineNumber() const {
   }
   auto func = i::Cast<i::JSFunction>(self);
   if (i::IsScript(func->shared()->script())) {
-    i::Handle<i::Script> script(i::Cast<i::Script>(func->shared()->script()),
-                                func->GetIsolate());
+    i::DirectHandle<i::Script> script(
+        i::Cast<i::Script>(func->shared()->script()), func->GetIsolate());
     return i::Script::GetLineNumber(script, func->shared()->StartPosition());
   }
   return kLineOffsetNotFound;
@@ -5659,8 +5674,8 @@ int Function::GetScriptColumnNumber() const {
   }
   auto func = i::Cast<i::JSFunction>(self);
   if (i::IsScript(func->shared()->script())) {
-    i::Handle<i::Script> script(i::Cast<i::Script>(func->shared()->script()),
-                                func->GetIsolate());
+    i::DirectHandle<i::Script> script(
+        i::Cast<i::Script>(func->shared()->script()), func->GetIsolate());
     return i::Script::GetColumnNumber(script, func->shared()->StartPosition());
   }
   return kLineOffsetNotFound;
@@ -6123,8 +6138,7 @@ bool v8::String::IsExternalOneByte() const {
 Local<v8::String> v8::String::InternalizeString(Isolate* v8_isolate) {
   auto* isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
   auto str = Utils::OpenDirectHandle(this);
-  return Utils::ToLocal(isolate->factory()->InternalizeString(str),
-                        isolate);
+  return Utils::ToLocal(isolate->factory()->InternalizeString(str));
 }
 
 void v8::String::VerifyExternalStringResource(
@@ -6300,7 +6314,7 @@ v8::String::GetExternalOneByteStringResource() const {
 Local<Value> Symbol::Description(Isolate* v8_isolate) const {
   auto sym = Utils::OpenDirectHandle(this);
   i::Isolate* isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
-  return Utils::ToLocal(i::direct_handle(sym->description(), isolate), isolate);
+  return Utils::ToLocal(i::direct_handle(sym->description(), isolate));
 }
 
 Local<Value> Private::Name() const {
@@ -6366,10 +6380,8 @@ Local<Data> v8::Object::SlowGetInternalField(int index) {
   const char* location = "v8::Object::GetInternalField()";
   if (!InternalFieldOK(obj, index, location)) return Local<Value>();
   i::Isolate* isolate = obj->GetIsolate();
-  return ToApiHandle<Data>(
-      i::direct_handle(i::Cast<i::JSObject>(*obj)->GetEmbedderField(index),
-                       isolate),
-      isolate);
+  return ToApiHandle<Data>(i::direct_handle(
+      i::Cast<i::JSObject>(*obj)->GetEmbedderField(index), isolate));
 }
 
 void v8::Object::SetInternalField(int index, v8::Local<Data> value) {
@@ -6714,10 +6726,10 @@ static i::Handle<ObjectType> CreateEnvironment(
     v8::Local<ObjectTemplate> proxy_template;
     i::Handle<i::FunctionTemplateInfo> proxy_constructor;
     i::Handle<i::FunctionTemplateInfo> global_constructor;
-    i::Handle<i::UnionOf<i::Undefined, i::InterceptorInfo>> named_interceptor(
-        i_isolate->factory()->undefined_value());
-    i::Handle<i::UnionOf<i::Undefined, i::InterceptorInfo>> indexed_interceptor(
-        i_isolate->factory()->undefined_value());
+    i::DirectHandle<i::UnionOf<i::Undefined, i::InterceptorInfo>>
+        named_interceptor(i_isolate->factory()->undefined_value());
+    i::DirectHandle<i::UnionOf<i::Undefined, i::InterceptorInfo>>
+        indexed_interceptor(i_isolate->factory()->undefined_value());
 
     if (!maybe_global_template.IsEmpty()) {
       v8::Local<v8::ObjectTemplate> global_template =
@@ -6911,8 +6923,7 @@ Local<Value> v8::Context::GetSecurityToken() {
   auto env = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = env->GetIsolate();
   i::Tagged<i::Object> security_token = env->security_token();
-  return Utils::ToLocal(i::Handle<i::Object>(security_token, i_isolate),
-                        i_isolate);
+  return Utils::ToLocal(i::direct_handle(security_token, i_isolate));
 }
 
 namespace {
@@ -7195,7 +7206,7 @@ class ObjectVisitorDeepFreezer : i::ObjectVisitor {
   std::unordered_set<i::Tagged<i::Object>, i::Object::Hasher> done_list_;
   std::vector<i::Handle<i::JSReceiver>> objects_to_freeze_;
   std::vector<i::Handle<i::AccessorPair>> lazy_accessor_pairs_to_freeze_;
-  base::Optional<ErrorInfo> error_;
+  std::optional<ErrorInfo> error_;
 };
 
 }  // namespace
@@ -7257,9 +7268,9 @@ v8::Local<v8::Object> Context::Global() {
   // but can't presently as calls to GetPrototype will return the wrong result.
   if (global->IsDetachedFrom(context->global_object())) {
     i::DirectHandle<i::JSObject> result(context->global_object(), i_isolate);
-    return Utils::ToLocal(result, i_isolate);
+    return Utils::ToLocal(result);
   }
-  return Utils::ToLocal(i::Cast<i::JSObject>(global), i_isolate);
+  return Utils::ToLocal(i::Cast<i::JSObject>(global));
 }
 
 void Context::DetachGlobal() {
@@ -7273,7 +7284,7 @@ Local<v8::Object> Context::GetExtrasBindingObject() {
   auto context = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = context->GetIsolate();
   return Utils::ToLocal(
-      i::direct_handle(context->extras_binding_object(), i_isolate), i_isolate);
+      i::direct_handle(context->extras_binding_object(), i_isolate));
 }
 
 void Context::AllowCodeGenerationFromStrings(bool allow) {
@@ -7937,10 +7948,8 @@ Local<v8::BigInt> v8::BigIntObject::ValueOf() const {
   auto js_primitive_wrapper = i::Cast<i::JSPrimitiveWrapper>(obj);
   i::Isolate* i_isolate = js_primitive_wrapper->GetIsolate();
   API_RCS_SCOPE(i_isolate, BigIntObject, BigIntValue);
-  return Utils::ToLocal(
-      i::direct_handle(i::Cast<i::BigInt>(js_primitive_wrapper->value()),
-                       i_isolate),
-      i_isolate);
+  return Utils::ToLocal(i::direct_handle(
+      i::Cast<i::BigInt>(js_primitive_wrapper->value()), i_isolate));
 }
 
 Local<v8::Value> v8::BooleanObject::New(Isolate* v8_isolate, bool value) {
@@ -7979,10 +7988,8 @@ Local<v8::String> v8::StringObject::ValueOf() const {
   auto js_primitive_wrapper = i::Cast<i::JSPrimitiveWrapper>(obj);
   i::Isolate* i_isolate = js_primitive_wrapper->GetIsolate();
   API_RCS_SCOPE(i_isolate, StringObject, StringValue);
-  return Utils::ToLocal(
-      i::direct_handle(i::Cast<i::String>(js_primitive_wrapper->value()),
-                       i_isolate),
-      i_isolate);
+  return Utils::ToLocal(i::direct_handle(
+      i::Cast<i::String>(js_primitive_wrapper->value()), i_isolate));
 }
 
 Local<v8::Value> v8::SymbolObject::New(Isolate* v8_isolate,
@@ -8001,10 +8008,8 @@ Local<v8::Symbol> v8::SymbolObject::ValueOf() const {
   auto js_primitive_wrapper = i::Cast<i::JSPrimitiveWrapper>(obj);
   i::Isolate* i_isolate = js_primitive_wrapper->GetIsolate();
   API_RCS_SCOPE(i_isolate, SymbolObject, SymbolValue);
-  return Utils::ToLocal(
-      i::direct_handle(i::Cast<i::Symbol>(js_primitive_wrapper->value()),
-                       i_isolate),
-      i_isolate);
+  return Utils::ToLocal(i::direct_handle(
+      i::Cast<i::Symbol>(js_primitive_wrapper->value()), i_isolate));
 }
 
 MaybeLocal<v8::Value> v8::Date::New(Local<Context> context, double time) {
@@ -8113,8 +8118,7 @@ MaybeLocal<v8::RegExp> v8::RegExp::NewWithBacktrackLimit(
 Local<v8::String> v8::RegExp::GetSource() const {
   auto obj = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = obj->GetIsolate();
-  return Utils::ToLocal(i::direct_handle(obj->EscapedPattern(), i_isolate),
-                        i_isolate);
+  return Utils::ToLocal(i::direct_handle(obj->EscapedPattern(), i_isolate));
 }
 
 // Assert that the static flags cast in GetFlags is valid.
@@ -8400,7 +8404,7 @@ Maybe<void> v8::Array::Iterate(Local<Context> context,
 }
 
 v8::TypecheckWitness::TypecheckWitness(Isolate* isolate)
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     // An empty local suffices.
     : cached_map_()
 #else
@@ -8413,7 +8417,7 @@ v8::TypecheckWitness::TypecheckWitness(Isolate* isolate)
 
 void v8::TypecheckWitness::Update(Local<Value> baseline) {
   i::Tagged<i::Object> obj = *Utils::OpenDirectHandle(*baseline);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (IsSmi(obj)) {
     cached_map_ = Local<Data>();
   } else {
@@ -8682,8 +8686,7 @@ MaybeLocal<Promise::Resolver> Promise::Resolver::New(Local<Context> context) {
 
 Local<Promise> Promise::Resolver::GetPromise() {
   auto promise = Utils::OpenDirectHandle(this);
-  i::Isolate* i_isolate = promise->GetIsolate();
-  return Local<Promise>::Cast(Utils::ToLocal(promise, i_isolate));
+  return Local<Promise>::Cast(Utils::ToLocal(promise));
 }
 
 Maybe<bool> Promise::Resolver::Resolve(Local<Context> context,
@@ -8784,8 +8787,7 @@ Local<Value> Promise::Result() {
   auto js_promise = i::Cast<i::JSPromise>(promise);
   Utils::ApiCheck(js_promise->status() != kPending, "v8_Promise_Result",
                   "Promise is still pending");
-  return Utils::ToLocal(i::direct_handle(js_promise->result(), i_isolate),
-                        i_isolate);
+  return Utils::ToLocal(i::direct_handle(js_promise->result(), i_isolate));
 }
 
 Promise::PromiseState Promise::State() {
@@ -8806,14 +8808,13 @@ void Promise::MarkAsSilent() {
 Local<Value> Proxy::GetTarget() {
   auto self = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
-  return Utils::ToLocal(i::direct_handle(self->target(), i_isolate), i_isolate);
+  return Utils::ToLocal(i::direct_handle(self->target(), i_isolate));
 }
 
 Local<Value> Proxy::GetHandler() {
   auto self = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = self->GetIsolate();
-  return Utils::ToLocal(i::direct_handle(self->handler(), i_isolate),
-                        i_isolate);
+  return Utils::ToLocal(i::direct_handle(self->handler(), i_isolate));
 }
 
 bool Proxy::IsRevoked() const {
@@ -8872,8 +8873,7 @@ Local<ArrayBuffer> v8::WasmMemoryObject::Buffer() {
 #if V8_ENABLE_WEBASSEMBLY
   auto obj = Utils::OpenDirectHandle(this);
   i::Isolate* i_isolate = obj->GetIsolate();
-  return Utils::ToLocal(i::direct_handle(obj->array_buffer(), i_isolate),
-                        i_isolate);
+  return Utils::ToLocal(i::direct_handle(obj->array_buffer(), i_isolate));
 #else
   UNREACHABLE();
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -9151,18 +9151,14 @@ Local<ArrayBuffer> v8::ArrayBufferView::Buffer() {
     i::DirectHandle<i::JSDataView> data_view(i::Cast<i::JSDataView>(*obj),
                                              i_isolate);
     DCHECK(IsJSArrayBuffer(data_view->buffer()));
-    return Utils::ToLocal(
-        i::direct_handle(i::Cast<i::JSArrayBuffer>(data_view->buffer()),
-                         i_isolate),
-        i_isolate);
+    return Utils::ToLocal(i::direct_handle(
+        i::Cast<i::JSArrayBuffer>(data_view->buffer()), i_isolate));
   } else if (i::IsJSRabGsabDataView(*obj)) {
     i::DirectHandle<i::JSRabGsabDataView> data_view(
         i::Cast<i::JSRabGsabDataView>(*obj), i_isolate);
     DCHECK(IsJSArrayBuffer(data_view->buffer()));
-    return Utils::ToLocal(
-        i::direct_handle(i::Cast<i::JSArrayBuffer>(data_view->buffer()),
-                         i_isolate),
-        i_isolate);
+    return Utils::ToLocal(i::direct_handle(
+        i::Cast<i::JSArrayBuffer>(data_view->buffer()), i_isolate));
   } else {
     DCHECK(IsJSTypedArray(*obj));
     return Utils::ToLocal(i::Cast<i::JSTypedArray>(*obj)->GetBuffer());
@@ -9246,8 +9242,9 @@ static_assert(v8::TypedArray::kMaxByteLength == i::JSTypedArray::kMaxByteLength,
       return Local<Type##Array>();                                          \
     }                                                                       \
     auto buffer = Utils::OpenHandle(*array_buffer);                         \
-    i::Handle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray( \
-        i::kExternal##Type##Array, buffer, byte_offset, length);            \
+    i::DirectHandle<i::JSTypedArray> obj =                                  \
+        i_isolate->factory()->NewJSTypedArray(i::kExternal##Type##Array,    \
+                                              buffer, byte_offset, length); \
     return Utils::ToLocal##Type##Array(obj);                                \
   }                                                                         \
   Local<Type##Array> Type##Array::New(                                      \
@@ -9265,8 +9262,9 @@ static_assert(v8::TypedArray::kMaxByteLength == i::JSTypedArray::kMaxByteLength,
       return Local<Type##Array>();                                          \
     }                                                                       \
     auto buffer = Utils::OpenHandle(*shared_array_buffer);                  \
-    i::Handle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray( \
-        i::kExternal##Type##Array, buffer, byte_offset, length);            \
+    i::DirectHandle<i::JSTypedArray> obj =                                  \
+        i_isolate->factory()->NewJSTypedArray(i::kExternal##Type##Array,    \
+                                              buffer, byte_offset, length); \
     return Utils::ToLocal##Type##Array(obj);                                \
   }
 
@@ -9287,7 +9285,7 @@ Local<Float16Array> Float16Array::New(Local<ArrayBuffer> array_buffer,
     return Local<Float16Array>();
   }
   auto buffer = Utils::OpenHandle(*array_buffer);
-  i::Handle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray(
+  i::DirectHandle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray(
       i::kExternalFloat16Array, buffer, byte_offset, length);
   return Utils::ToLocalFloat16Array(obj);
 }
@@ -9307,7 +9305,7 @@ Local<Float16Array> Float16Array::New(
     return Local<Float16Array>();
   }
   auto buffer = Utils::OpenHandle(*shared_array_buffer);
-  i::Handle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray(
+  i::DirectHandle<i::JSTypedArray> obj = i_isolate->factory()->NewJSTypedArray(
       i::kExternalFloat16Array, buffer, byte_offset, length);
   return Utils::ToLocalFloat16Array(obj);
 }
@@ -9599,7 +9597,7 @@ v8::Local<v8::Context> Isolate::GetCurrentContext() {
   i::Tagged<i::Context> context = i_isolate->context();
   if (context.is_null()) return Local<Context>();
   i::Tagged<i::NativeContext> native_context = context->native_context();
-  return Utils::ToLocal(handle(native_context, i_isolate));
+  return Utils::ToLocal(i::direct_handle(native_context, i_isolate));
 }
 
 // TODO(ishell): rename back to GetEnteredContext().
@@ -9617,6 +9615,16 @@ v8::Local<v8::Context> Isolate::GetIncumbentContext() {
   return Utils::ToLocal(context);
 }
 
+v8::MaybeLocal<v8::Data> Isolate::GetCurrentHostDefinedOptions() {
+  i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(this);
+  i::Handle<i::Script> script;
+  if (!i_isolate->CurrentReferrerScript().ToHandle(&script)) {
+    return MaybeLocal<v8::Data>();
+  }
+  return ToApiHandle<Data>(
+      i::direct_handle(script->host_defined_options(), i_isolate));
+}
+
 v8::Local<Value> Isolate::ThrowError(v8::Local<v8::String> message) {
   return ThrowException(v8::Exception::Error(message));
 }
@@ -9766,7 +9774,7 @@ void Isolate::RequestGarbageCollectionForTesting(GarbageCollectionType type) {
 
 void Isolate::RequestGarbageCollectionForTesting(GarbageCollectionType type,
                                                  StackState stack_state) {
-  base::Optional<i::EmbedderStackStateScope> stack_scope;
+  std::optional<i::EmbedderStackStateScope> stack_scope;
   if (type == kFullGarbageCollection) {
     stack_scope.emplace(reinterpret_cast<i::Isolate*>(this)->heap(),
                         i::EmbedderStackStateOrigin::kExplicitInvocation,
@@ -10052,11 +10060,9 @@ i::Address* Isolate::GetDataFromSnapshotOnce(size_t index) {
 Local<Value> Isolate::GetContinuationPreservedEmbedderData() {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(this);
 #ifdef V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
-  return ToApiHandle<Object>(
-      i::direct_handle(
-          i_isolate->isolate_data()->continuation_preserved_embedder_data(),
-          i_isolate),
-      i_isolate);
+  return ToApiHandle<Object>(i::direct_handle(
+      i_isolate->isolate_data()->continuation_preserved_embedder_data(),
+      i_isolate));
 #else   // V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
   return v8::Undefined(reinterpret_cast<v8::Isolate*>(i_isolate));
 #endif  // V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
@@ -10952,7 +10958,7 @@ void String::ValueView::CheckOneByte(bool is_one_byte) const {
       i::Handle<i::JSFunction> constructor = i_isolate->name##_function();    \
       error = *i_isolate->factory()->NewError(constructor, message, options); \
     }                                                                         \
-    return Utils::ToLocal(i::direct_handle(error, i_isolate), i_isolate);     \
+    return Utils::ToLocal(i::direct_handle(error, i_isolate));                \
   }
 
 DEFINE_ERROR(RangeError, range_error)
@@ -11051,7 +11057,7 @@ Local<String> CpuProfileNode::GetFunctionName() const {
   const i::ProfileNode* node = reinterpret_cast<const i::ProfileNode*>(this);
   i::Isolate* i_isolate = node->isolate();
   const i::CodeEntry* entry = node->entry();
-  i::Handle<i::String> name =
+  i::DirectHandle<i::String> name =
       i_isolate->factory()->InternalizeUtf8String(entry->name());
   return ToApiHandle<String>(name);
 }
@@ -11580,6 +11586,11 @@ const HeapSnapshot* HeapProfiler::TakeHeapSnapshot(ActivityControl* control,
   return TakeHeapSnapshot(options);
 }
 
+std::vector<v8::Local<v8::Value>> HeapProfiler::GetDetachedJSWrapperObjects() {
+  return reinterpret_cast<i::HeapProfiler*>(this)
+      ->GetDetachedJSWrapperObjects();
+}
+
 void HeapProfiler::StartTrackingHeapObjects(bool track_allocations) {
   reinterpret_cast<i::HeapProfiler*>(this)->StartHeapObjectsTracking(
       track_allocations);
diff --git a/deps/v8/src/api/api.h b/deps/v8/src/api/api.h
index cbea5e2a5e5679..3ac1f0d7729b00 100644
--- a/deps/v8/src/api/api.h
+++ b/deps/v8/src/api/api.h
@@ -49,10 +49,11 @@ class EphemeronTable;
 }  // namespace debug
 
 template <typename T, internal::ExternalPointerTag tag>
-inline T ToCData(v8::internal::Tagged<v8::internal::Object> obj);
-
+inline T ToCData(i::Isolate* isolate,
+                 v8::internal::Tagged<v8::internal::Object> obj);
 template <internal::ExternalPointerTag tag>
 inline v8::internal::Address ToCData(
+    v8::internal::Isolate* isolate,
     v8::internal::Tagged<v8::internal::Object> obj);
 
 template <internal::ExternalPointerTag tag, typename T>
@@ -132,6 +133,23 @@ class RegisteredExtension {
   V(ToLocal, ScriptOrModule, ScriptOrModule)             \
   IF_WASM(V, ToLocal, WasmModuleObject, WasmModuleObject)
 
+#define TO_LOCAL_NAME_LIST(V) \
+  V(ToLocal)                  \
+  V(ToLocalShared)            \
+  V(SignatureToLocal)         \
+  V(MessageToLocal)           \
+  V(PromiseToLocal)           \
+  V(StackTraceToLocal)        \
+  V(StackFrameToLocal)        \
+  V(NumberToLocal)            \
+  V(IntegerToLocal)           \
+  V(Uint32ToLocal)            \
+  V(ExternalToLocal)          \
+  V(CallableToLocal)          \
+  V(ToLocalPrimitive)         \
+  V(FixedArrayToLocal)        \
+  V(PrimitiveArrayToLocal)
+
 #define OPEN_HANDLE_LIST(V)                     \
   V(Template, TemplateInfo)                     \
   V(FunctionTemplate, FunctionTemplateInfo)     \
@@ -201,21 +219,23 @@ class Utils {
   static void ReportOOMFailure(v8::internal::Isolate* isolate,
                                const char* location, const OOMDetails& details);
 
-#define DECLARE_TO_LOCAL(Name, From, To)                  \
-  static inline Local<v8::To> Name(                       \
-      v8::internal::Handle<v8::internal::From> obj);      \
-  static inline Local<v8::To> Name(                       \
-      v8::internal::DirectHandle<v8::internal::From> obj, \
-      v8::internal::Isolate* isolate);
+  // TODO(42203211): It would be nice if we could keep only a version with
+  // direct handles. But the implicit conversion from handles to direct handles
+  // combined with the heterogeneous copy constructor for direct handles make
+  // this ambiguous.
+  // TODO(42203211): Use C++20 concepts instead of the enable_if trait, when
+  // they are fully supported in V8.
+#define DECLARE_TO_LOCAL(Name)                                     \
+  template <template <typename T> typename HandleType, typename T, \
+            typename = std::enable_if_t<std::is_convertible_v<     \
+                HandleType<T>, v8::internal::DirectHandle<T>>>>    \
+  static inline auto Name(HandleType<T> obj);
 
-  TO_LOCAL_LIST(DECLARE_TO_LOCAL)
+  TO_LOCAL_NAME_LIST(DECLARE_TO_LOCAL)
 
 #define DECLARE_TO_LOCAL_TYPED_ARRAY(Type, typeName, TYPE, ctype) \
   static inline Local<v8::Type##Array> ToLocal##Type##Array(      \
-      v8::internal::Handle<v8::internal::JSTypedArray> obj);      \
-  static inline Local<v8::Type##Array> ToLocal##Type##Array(      \
-      v8::internal::DirectHandle<v8::internal::JSTypedArray> obj, \
-      v8::internal::Isolate* isolate);
+      v8::internal::DirectHandle<v8::internal::JSTypedArray> obj);
 
   TYPED_ARRAYS(DECLARE_TO_LOCAL_TYPED_ARRAY)
 
@@ -234,11 +254,7 @@ class Utils {
 #undef DECLARE_TO_LOCAL
 
   template <class From, class To>
-  static inline Local<To> Convert(v8::internal::Handle<From> obj);
-
-  template <class From, class To>
-  static inline Local<To> Convert(v8::internal::DirectHandle<From> obj,
-                                  v8::internal::Isolate* isolate);
+  static inline Local<To> Convert(v8::internal::DirectHandle<From> obj);
 
   template <class T>
   static inline v8::internal::Handle<v8::internal::Object> OpenPersistent(
@@ -266,6 +282,13 @@ class Utils {
  private:
   V8_NOINLINE V8_PRESERVE_MOST static void ReportApiFailure(
       const char* location, const char* message);
+
+#define DECLARE_TO_LOCAL_PRIVATE(Name, From, To) \
+  static inline Local<v8::To> Name##_helper(     \
+      v8::internal::DirectHandle<v8::internal::From> obj);
+
+  TO_LOCAL_LIST(DECLARE_TO_LOCAL_PRIVATE)
+#undef DECLARE_TO_LOCAL_PRIVATE
 };
 
 template <class T>
@@ -275,17 +298,10 @@ inline T* ToApi(v8::internal::Handle<v8::internal::Object> obj) {
 
 template <class T>
 inline v8::Local<T> ToApiHandle(
-    v8::internal::Handle<v8::internal::Object> obj) {
+    v8::internal::DirectHandle<v8::internal::Object> obj) {
   return Utils::Convert<v8::internal::Object, T>(obj);
 }
 
-template <class T>
-inline v8::Local<T> ToApiHandle(
-    v8::internal::DirectHandle<v8::internal::Object> obj,
-    v8::internal::Isolate* isolate) {
-  return Utils::Convert<v8::internal::Object, T>(obj, isolate);
-}
-
 template <class T>
 inline bool ToLocal(v8::internal::MaybeHandle<v8::internal::Object> maybe,
                     Local<T>* local) {
@@ -467,7 +483,7 @@ void HandleScopeImplementer::DeleteExtensions(internal::Address* prev_limit) {
     // SealHandleScope may make the prev_limit to point inside the block.
     // Cast possibly-unrelated pointers to plain Addres before comparing them
     // to avoid undefined behavior.
-    if (reinterpret_cast<Address>(block_start) <=
+    if (reinterpret_cast<Address>(block_start) <
             reinterpret_cast<Address>(prev_limit) &&
         reinterpret_cast<Address>(prev_limit) <=
             reinterpret_cast<Address>(block_limit)) {
diff --git a/deps/v8/src/asmjs/asm-js.cc b/deps/v8/src/asmjs/asm-js.cc
index 3d1a1a21305de6..b65133f12f9265 100644
--- a/deps/v8/src/asmjs/asm-js.cc
+++ b/deps/v8/src/asmjs/asm-js.cc
@@ -4,10 +4,11 @@
 
 #include "src/asmjs/asm-js.h"
 
+#include <optional>
+
 #include "src/asmjs/asm-names.h"
 #include "src/asmjs/asm-parser.h"
 #include "src/ast/ast.h"
-#include "src/base/optional.h"
 #include "src/base/platform/elapsed-timer.h"
 #include "src/base/vector.h"
 #include "src/codegen/compiler.h"
@@ -235,7 +236,7 @@ UnoptimizedCompilationJob::Status AsmJsCompilationJob::ExecuteJobImpl() {
   Zone translate_zone(allocator_, ZONE_NAME);
 
   Utf16CharacterStream* stream = parse_info()->character_stream();
-  base::Optional<AllowHandleDereference> allow_deref;
+  std::optional<AllowHandleDereference> allow_deref;
   if (stream->can_access_heap()) {
     allow_deref.emplace();
   }
diff --git a/deps/v8/src/asmjs/asm-parser.cc b/deps/v8/src/asmjs/asm-parser.cc
index e3bfd13b1f91a6..4e9992d6a06ea3 100644
--- a/deps/v8/src/asmjs/asm-parser.cc
+++ b/deps/v8/src/asmjs/asm-parser.cc
@@ -8,10 +8,10 @@
 #include <string.h>
 
 #include <algorithm>
+#include <optional>
 
 #include "src/asmjs/asm-js.h"
 #include "src/asmjs/asm-types.h"
-#include "src/base/optional.h"
 #include "src/base/overflowing-math.h"
 #include "src/flags/flags.h"
 #include "src/numbers/conversions-inl.h"
@@ -2119,7 +2119,7 @@ AsmType* AsmJsParser::ValidateCall() {
   // both cases we might be seeing the {function_name} for the first time and
   // hence allocate a {VarInfo} here, all subsequent uses of the same name then
   // need to match the information stored at this point.
-  base::Optional<TemporaryVariableScope> tmp_scope;
+  std::optional<TemporaryVariableScope> tmp_scope;
   if (Check('[')) {
     AsmType* index = nullptr;
     RECURSEn(index = EqualityExpression());
diff --git a/deps/v8/src/asmjs/asm-scanner.cc b/deps/v8/src/asmjs/asm-scanner.cc
index 0981a179428ff8..b699135e6e4f95 100644
--- a/deps/v8/src/asmjs/asm-scanner.cc
+++ b/deps/v8/src/asmjs/asm-scanner.cc
@@ -6,6 +6,7 @@
 
 #include <cinttypes>
 
+#include "src/base/iterator.h"
 #include "src/flags/flags.h"
 #include "src/numbers/conversions.h"
 #include "src/parsing/scanner.h"
@@ -271,6 +272,13 @@ void AsmJsScanner::ConsumeIdentifier(base::uc32 ch) {
   }
 }
 
+namespace {
+bool IsValidImplicitOctal(std::string_view number) {
+  DCHECK_EQ(number[0], '0');
+  return std::all_of(number.begin() + 1, number.end(), IsOctalDigit);
+}
+}  // namespace
+
 void AsmJsScanner::ConsumeNumber(base::uc32 ch) {
   std::string number;
   number.assign(1, ch);
@@ -308,10 +316,40 @@ void AsmJsScanner::ConsumeNumber(base::uc32 ch) {
     token_ = '.';
     return;
   }
-  // Decode numbers.
-  double_value_ = StringToDouble(
-      base::Vector<const uint8_t>::cast(base::VectorOf(number)),
-      ALLOW_HEX | ALLOW_OCTAL | ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL);
+  // Decode numbers, with seperate paths for prefixes and implicit octals.
+  if (has_prefix && number[0] == '0') {
+    // "0[xob]" by itself is a parse error.
+    if (number.size() <= 2) {
+      token_ = kParseError;
+      return;
+    }
+    switch (number[1]) {
+      case 'b':
+        double_value_ = BinaryStringToDouble(
+            base::Vector<const uint8_t>::cast(base::VectorOf(number)));
+        break;
+      case 'o':
+        double_value_ = OctalStringToDouble(
+            base::Vector<const uint8_t>::cast(base::VectorOf(number)));
+        break;
+      case 'x':
+        double_value_ = HexStringToDouble(
+            base::Vector<const uint8_t>::cast(base::VectorOf(number)));
+        break;
+      default:
+        // If there is a prefix character, but it's not the second character,
+        // then there's a parse error somewhere.
+        token_ = kParseError;
+        break;
+    }
+  } else if (number[0] == '0' && !has_prefix && IsValidImplicitOctal(number)) {
+    double_value_ = ImplicitOctalStringToDouble(
+        base::Vector<const uint8_t>::cast(base::VectorOf(number)));
+  } else {
+    double_value_ = StringToDouble(
+        base::Vector<const uint8_t>::cast(base::VectorOf(number)),
+        NO_CONVERSION_FLAG);
+  }
   if (std::isnan(double_value_)) {
     // Check if string to number conversion didn't consume all the characters.
     // This happens if the character filter let through something invalid
diff --git a/deps/v8/src/ast/ast-function-literal-id-reindexer.cc b/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
index 7c5030d090c7ea..c0892994528850 100644
--- a/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
+++ b/deps/v8/src/ast/ast-function-literal-id-reindexer.cc
@@ -31,6 +31,13 @@ void AstFunctionLiteralIdReindexer::VisitFunctionLiteral(FunctionLiteral* lit) {
   lit->set_function_literal_id(lit->function_literal_id() + delta_);
 }
 
+void AstFunctionLiteralIdReindexer::VisitCall(Call* expr) {
+  AstTraversalVisitor::VisitCall(expr);
+  if (expr->is_possibly_eval()) {
+    expr->adjust_eval_scope_info_index(delta_);
+  }
+}
+
 void AstFunctionLiteralIdReindexer::VisitClassLiteral(ClassLiteral* expr) {
   // Manually visit the class literal so that we can change the property walk.
   // This should be kept in-sync with AstTraversalVisitor::VisitClassLiteral.
diff --git a/deps/v8/src/ast/ast-function-literal-id-reindexer.h b/deps/v8/src/ast/ast-function-literal-id-reindexer.h
index 21eaeafd20273f..f7a41e0a9a5314 100644
--- a/deps/v8/src/ast/ast-function-literal-id-reindexer.h
+++ b/deps/v8/src/ast/ast-function-literal-id-reindexer.h
@@ -30,6 +30,7 @@ class AstFunctionLiteralIdReindexer final
   // AstTraversalVisitor implementation.
   void VisitFunctionLiteral(FunctionLiteral* lit);
   void VisitClassLiteral(ClassLiteral* lit);
+  void VisitCall(Call* lit);
 
  private:
   int delta_;
diff --git a/deps/v8/src/ast/ast-traversal-visitor.h b/deps/v8/src/ast/ast-traversal-visitor.h
index 3b4f7e22ad380b..009779434c9163 100644
--- a/deps/v8/src/ast/ast-traversal-visitor.h
+++ b/deps/v8/src/ast/ast-traversal-visitor.h
@@ -540,6 +540,18 @@ void AstTraversalVisitor<Subclass>::VisitInitializeClassStaticElementsStatement(
   }
 }
 
+template <class Subclass>
+void AstTraversalVisitor<Subclass>::VisitAutoAccessorGetterBody(
+    AutoAccessorGetterBody* stmt) {
+  PROCESS_NODE(stmt);
+}
+
+template <class Subclass>
+void AstTraversalVisitor<Subclass>::VisitAutoAccessorSetterBody(
+    AutoAccessorSetterBody* stmt) {
+  PROCESS_NODE(stmt);
+}
+
 template <class Subclass>
 void AstTraversalVisitor<Subclass>::VisitSpread(Spread* expr) {
   PROCESS_EXPRESSION(expr);
diff --git a/deps/v8/src/ast/ast.cc b/deps/v8/src/ast/ast.cc
index 8b2d8bd024f7e2..da09c00cbb91a6 100644
--- a/deps/v8/src/ast/ast.cc
+++ b/deps/v8/src/ast/ast.cc
@@ -305,6 +305,19 @@ ClassLiteralProperty::ClassLiteralProperty(Expression* key, Expression* value,
       is_private_(is_private),
       private_or_computed_name_proxy_(nullptr) {}
 
+ClassLiteralProperty::ClassLiteralProperty(Expression* key, Expression* value,
+                                           AutoAccessorInfo* info,
+                                           bool is_static,
+                                           bool is_computed_name,
+                                           bool is_private)
+    : LiteralProperty(key, value, is_computed_name),
+      kind_(Kind::AUTO_ACCESSOR),
+      is_static_(is_static),
+      is_private_(is_private),
+      auto_accessor_info_(info) {
+  DCHECK_NOT_NULL(info);
+}
+
 bool ObjectLiteral::Property::IsCompileTimeValue() const {
   return kind_ == CONSTANT ||
          (kind_ == MATERIALIZED_LITERAL && value_->IsCompileTimeValue());
diff --git a/deps/v8/src/ast/ast.h b/deps/v8/src/ast/ast.h
index 5c1004c99a05c3..37d24b41781ac4 100644
--- a/deps/v8/src/ast/ast.h
+++ b/deps/v8/src/ast/ast.h
@@ -57,22 +57,24 @@ namespace internal {
   V(Block)                     \
   V(SwitchStatement)
 
-#define STATEMENT_NODE_LIST(V)       \
-  ITERATION_NODE_LIST(V)             \
-  BREAKABLE_NODE_LIST(V)             \
-  V(ExpressionStatement)             \
-  V(EmptyStatement)                  \
-  V(SloppyBlockFunctionStatement)    \
-  V(IfStatement)                     \
-  V(ContinueStatement)               \
-  V(BreakStatement)                  \
-  V(ReturnStatement)                 \
-  V(WithStatement)                   \
-  V(TryCatchStatement)               \
-  V(TryFinallyStatement)             \
-  V(DebuggerStatement)               \
-  V(InitializeClassMembersStatement) \
-  V(InitializeClassStaticElementsStatement)
+#define STATEMENT_NODE_LIST(V)              \
+  ITERATION_NODE_LIST(V)                    \
+  BREAKABLE_NODE_LIST(V)                    \
+  V(ExpressionStatement)                    \
+  V(EmptyStatement)                         \
+  V(SloppyBlockFunctionStatement)           \
+  V(IfStatement)                            \
+  V(ContinueStatement)                      \
+  V(BreakStatement)                         \
+  V(ReturnStatement)                        \
+  V(WithStatement)                          \
+  V(TryCatchStatement)                      \
+  V(TryFinallyStatement)                    \
+  V(DebuggerStatement)                      \
+  V(InitializeClassMembersStatement)        \
+  V(InitializeClassStaticElementsStatement) \
+  V(AutoAccessorGetterBody)                 \
+  V(AutoAccessorSetterBody)
 
 #define LITERAL_NODE_LIST(V) \
   V(RegExpLiteral)           \
@@ -1731,7 +1733,7 @@ class CallBase : public Expression {
 class Call final : public CallBase {
  public:
   bool is_possibly_eval() const {
-    return IsPossiblyEvalField::decode(bit_field_);
+    return EvalScopeInfoIndexField::decode(bit_field_) > 0;
   }
 
   bool is_tagged_template() const {
@@ -1742,6 +1744,15 @@ class Call final : public CallBase {
     return IsOptionalChainLinkField::decode(bit_field_);
   }
 
+  uint32_t eval_scope_info_index() const {
+    return EvalScopeInfoIndexField::decode(bit_field_);
+  }
+
+  void adjust_eval_scope_info_index(int delta) {
+    bit_field_ = EvalScopeInfoIndexField::update(
+        bit_field_, eval_scope_info_index() + delta);
+  }
+
   enum CallType {
     GLOBAL_CALL,
     WITH_CALL,
@@ -1757,11 +1768,6 @@ class Call final : public CallBase {
     OTHER_CALL,
   };
 
-  enum PossiblyEval {
-    IS_POSSIBLY_EVAL,
-    NOT_EVAL,
-  };
-
   // Helpers to determine how to handle the call.
   CallType GetCallType() const;
 
@@ -1773,26 +1779,26 @@ class Call final : public CallBase {
 
   Call(Zone* zone, Expression* expression,
        const ScopedPtrList<Expression>& arguments, int pos, bool has_spread,
-       PossiblyEval possibly_eval, bool optional_chain)
+       int eval_scope_info_index, bool optional_chain)
       : CallBase(zone, kCall, expression, arguments, pos, has_spread) {
-    bit_field_ |=
-        IsPossiblyEvalField::encode(possibly_eval == IS_POSSIBLY_EVAL) |
-        IsTaggedTemplateField::encode(false) |
-        IsOptionalChainLinkField::encode(optional_chain);
+    bit_field_ |= IsTaggedTemplateField::encode(false) |
+                  IsOptionalChainLinkField::encode(optional_chain) |
+                  EvalScopeInfoIndexField::encode(eval_scope_info_index);
+    DCHECK_EQ(eval_scope_info_index > 0, is_possibly_eval());
   }
 
   Call(Zone* zone, Expression* expression,
        const ScopedPtrList<Expression>& arguments, int pos,
        TaggedTemplateTag tag)
       : CallBase(zone, kCall, expression, arguments, pos, false) {
-    bit_field_ |= IsPossiblyEvalField::encode(false) |
-                  IsTaggedTemplateField::encode(true) |
-                  IsOptionalChainLinkField::encode(false);
+    bit_field_ |= IsTaggedTemplateField::encode(true) |
+                  IsOptionalChainLinkField::encode(false) |
+                  EvalScopeInfoIndexField::encode(0);
   }
 
-  using IsPossiblyEvalField = CallBase::NextBitField<bool, 1>;
-  using IsTaggedTemplateField = IsPossiblyEvalField::Next<bool, 1>;
+  using IsTaggedTemplateField = CallBase::NextBitField<bool, 1>;
   using IsOptionalChainLinkField = IsTaggedTemplateField::Next<bool, 1>;
+  using EvalScopeInfoIndexField = IsOptionalChainLinkField::Next<uint32_t, 20>;
 };
 
 class CallNew final : public CallBase {
@@ -2455,11 +2461,53 @@ class FunctionLiteral final : public Expression {
   ProducedPreparseData* produced_preparse_data_;
 };
 
+class AutoAccessorInfo final : public ZoneObject {
+ public:
+  FunctionLiteral* generated_getter() const { return generated_getter_; }
+  FunctionLiteral* generated_setter() const { return generated_setter_; }
+  VariableProxy* accessor_storage_name_proxy() const {
+    DCHECK_NOT_NULL(accessor_storage_name_proxy_);
+    return accessor_storage_name_proxy_;
+  }
+  VariableProxy* property_private_name_proxy() const {
+    DCHECK_NOT_NULL(property_private_name_proxy_);
+    return property_private_name_proxy_;
+  }
+
+  void set_property_private_name_proxy(
+      VariableProxy* property_private_name_proxy) {
+    DCHECK_NULL(property_private_name_proxy_);
+    DCHECK_NOT_NULL(property_private_name_proxy);
+    property_private_name_proxy_ = property_private_name_proxy;
+  }
+
+ private:
+  friend class AstNodeFactory;
+  friend Zone;
+
+  AutoAccessorInfo(FunctionLiteral* generated_getter,
+                   FunctionLiteral* generated_setter,
+                   VariableProxy* accessor_storage_name_proxy)
+      : generated_getter_(generated_getter),
+        generated_setter_(generated_setter),
+        accessor_storage_name_proxy_(accessor_storage_name_proxy),
+        property_private_name_proxy_(nullptr) {}
+
+  FunctionLiteral* generated_getter_;
+  FunctionLiteral* generated_setter_;
+  // `accessor_storage_name_proxy_` is used to store the internal name of the
+  // backing storage property associated with the generated getter/setters.
+  VariableProxy* accessor_storage_name_proxy_;
+  // `property_private_name_proxy_` only has a value if the accessor keyword
+  // was applied to a private field.
+  VariableProxy* property_private_name_proxy_;
+};
+
 // Property is used for passing information
 // about a class literal's properties from the parser to the code generator.
 class ClassLiteralProperty final : public LiteralProperty {
  public:
-  enum Kind : uint8_t { METHOD, GETTER, SETTER, FIELD };
+  enum Kind : uint8_t { METHOD, GETTER, SETTER, FIELD, AUTO_ACCESSOR };
 
   Kind kind() const { return kind_; }
 
@@ -2467,6 +2515,8 @@ class ClassLiteralProperty final : public LiteralProperty {
 
   bool is_private() const { return is_private_; }
 
+  bool is_auto_accessor() const { return kind() == AUTO_ACCESSOR; }
+
   void set_computed_name_proxy(VariableProxy* proxy) {
     DCHECK_EQ(FIELD, kind());
     DCHECK(!is_private());
@@ -2479,26 +2529,43 @@ class ClassLiteralProperty final : public LiteralProperty {
     return private_or_computed_name_proxy_->var();
   }
 
-  void set_private_name_proxy(VariableProxy* proxy) {
+  void SetPrivateNameProxy(VariableProxy* proxy) {
     DCHECK(is_private());
+    if (is_auto_accessor()) {
+      auto_accessor_info()->set_property_private_name_proxy(proxy);
+      return;
+    }
     private_or_computed_name_proxy_ = proxy;
   }
   Variable* private_name_var() const {
     DCHECK(is_private());
+    DCHECK(!is_auto_accessor());
     return private_or_computed_name_proxy_->var();
   }
 
+  AutoAccessorInfo* auto_accessor_info() {
+    DCHECK(is_auto_accessor());
+    DCHECK_NOT_NULL(auto_accessor_info_);
+    return auto_accessor_info_;
+  }
+
  private:
   friend class AstNodeFactory;
   friend Zone;
 
   ClassLiteralProperty(Expression* key, Expression* value, Kind kind,
                        bool is_static, bool is_computed_name, bool is_private);
+  ClassLiteralProperty(Expression* key, Expression* value,
+                       AutoAccessorInfo* auto_accessor_info, bool is_static,
+                       bool is_computed_name, bool is_private);
 
   Kind kind_;
   bool is_static_;
   bool is_private_;
-  VariableProxy* private_or_computed_name_proxy_;
+  union {
+    VariableProxy* private_or_computed_name_proxy_;
+    AutoAccessorInfo* auto_accessor_info_;
+  };
 };
 
 class ClassLiteralStaticElement final : public ZoneObject {
@@ -2569,6 +2636,32 @@ class InitializeClassStaticElementsStatement final : public Statement {
   ZonePtrList<StaticElement>* elements_;
 };
 
+class AutoAccessorGetterBody final : public Statement {
+ public:
+  VariableProxy* name_proxy() const { return name_proxy_; }
+
+ private:
+  friend class AstNodeFactory;
+  friend Zone;
+
+  AutoAccessorGetterBody(VariableProxy* name_proxy, int pos)
+      : Statement(pos, kAutoAccessorGetterBody), name_proxy_(name_proxy) {}
+  VariableProxy* name_proxy_;
+};
+
+class AutoAccessorSetterBody final : public Statement {
+ public:
+  VariableProxy* name_proxy() const { return name_proxy_; }
+
+ private:
+  friend class AstNodeFactory;
+  friend Zone;
+
+  AutoAccessorSetterBody(VariableProxy* name_proxy, int pos)
+      : Statement(pos, kAutoAccessorSetterBody), name_proxy_(name_proxy) {}
+  VariableProxy* name_proxy_;
+};
+
 class ClassLiteral final : public Expression {
  public:
   using Property = ClassLiteralProperty;
@@ -2645,7 +2738,6 @@ class ClassLiteral final : public Expression {
   Variable* static_home_object_;
 };
 
-
 class NativeFunctionLiteral final : public Expression {
  public:
   Handle<String> name() const { return name_->string(); }
@@ -2984,8 +3076,9 @@ class AstNodeFactory final {
                                        pos, end_position);
   }
 
-  ReturnStatement* NewAsyncReturnStatement(Expression* expression, int pos,
-                                           int end_position) {
+  ReturnStatement* NewAsyncReturnStatement(
+      Expression* expression, int pos,
+      int end_position = ReturnStatement::kFunctionLiteralReturnPosition) {
     return zone_->New<ReturnStatement>(
         expression, ReturnStatement::kAsyncReturn, pos, end_position);
   }
@@ -3184,12 +3277,11 @@ class AstNodeFactory final {
 
   Call* NewCall(Expression* expression,
                 const ScopedPtrList<Expression>& arguments, int pos,
-                bool has_spread,
-                Call::PossiblyEval possibly_eval = Call::NOT_EVAL,
+                bool has_spread, int eval_scope_info_index = 0,
                 bool optional_chain = false) {
-    DCHECK_IMPLIES(possibly_eval == Call::IS_POSSIBLY_EVAL, !optional_chain);
+    DCHECK_IMPLIES(eval_scope_info_index > 0, !optional_chain);
     return zone_->New<Call>(zone_, expression, arguments, pos, has_spread,
-                            possibly_eval, optional_chain);
+                            eval_scope_info_index, optional_chain);
   }
 
   SuperCallForwardArgs* NewSuperCallForwardArgs(SuperCallReference* expression,
@@ -3344,12 +3436,26 @@ class AstNodeFactory final {
         kFunctionLiteralIdTopLevel);
   }
 
+  AutoAccessorInfo* NewAutoAccessorInfo(
+      FunctionLiteral* generated_getter, FunctionLiteral* generated_setter,
+      VariableProxy* accessor_storage_name_proxy) {
+    return zone_->New<AutoAccessorInfo>(generated_getter, generated_setter,
+                                        accessor_storage_name_proxy);
+  }
+
   ClassLiteral::Property* NewClassLiteralProperty(
       Expression* key, Expression* value, ClassLiteralProperty::Kind kind,
       bool is_static, bool is_computed_name, bool is_private) {
     return zone_->New<ClassLiteral::Property>(key, value, kind, is_static,
                                               is_computed_name, is_private);
   }
+  ClassLiteral::Property* NewClassLiteralProperty(
+      Expression* key, Expression* value, AutoAccessorInfo* auto_accessor_info,
+      bool is_static, bool is_computed_name, bool is_private) {
+    return zone_->New<ClassLiteral::Property>(key, value, auto_accessor_info,
+                                              is_static, is_computed_name,
+                                              is_private);
+  }
 
   ClassLiteral::StaticElement* NewClassLiteralStaticElement(
       ClassLiteral::Property* property) {
@@ -3435,6 +3541,16 @@ class AstNodeFactory final {
     return zone_->New<InitializeClassStaticElementsStatement>(args, pos);
   }
 
+  AutoAccessorGetterBody* NewAutoAccessorGetterBody(VariableProxy* name_proxy,
+                                                    int pos) {
+    return zone_->New<AutoAccessorGetterBody>(name_proxy, pos);
+  }
+
+  AutoAccessorSetterBody* NewAutoAccessorSetterBody(VariableProxy* name_proxy,
+                                                    int pos) {
+    return zone_->New<AutoAccessorSetterBody>(name_proxy, pos);
+  }
+
   Zone* zone() const { return zone_; }
 
  private:
diff --git a/deps/v8/src/ast/prettyprinter.cc b/deps/v8/src/ast/prettyprinter.cc
index dc024dd051e9e4..8e627998b880d6 100644
--- a/deps/v8/src/ast/prettyprinter.cc
+++ b/deps/v8/src/ast/prettyprinter.cc
@@ -254,6 +254,10 @@ void CallPrinter::VisitInitializeClassStaticElementsStatement(
   }
 }
 
+void CallPrinter::VisitAutoAccessorGetterBody(AutoAccessorGetterBody* node) {}
+
+void CallPrinter::VisitAutoAccessorSetterBody(AutoAccessorSetterBody* node) {}
+
 void CallPrinter::VisitNativeFunctionLiteral(NativeFunctionLiteral* node) {}
 
 void CallPrinter::VisitConditionalChain(ConditionalChain* node) {
@@ -1136,6 +1140,16 @@ void AstPrinter::VisitInitializeClassStaticElementsStatement(
   PrintClassStaticElements(node->elements());
 }
 
+void AstPrinter::VisitAutoAccessorGetterBody(AutoAccessorGetterBody* node) {
+  IndentedScope indent(this, "AUTO ACCESSOR GETTER BODY", node->position());
+  PrintIndentedVisit("AUTO ACCESSOR STORAGE PRIVATE NAME", node->name_proxy());
+}
+
+void AstPrinter::VisitAutoAccessorSetterBody(AutoAccessorSetterBody* node) {
+  IndentedScope indent(this, "AUTO ACCESSOR SETTER BODY", node->position());
+  PrintIndentedVisit("AUTO ACCESSOR STORAGE PRIVATE NAME", node->name_proxy());
+}
+
 void AstPrinter::PrintClassProperty(ClassLiteral::Property* property) {
   const char* prop_kind = nullptr;
   switch (property->kind()) {
@@ -1151,6 +1165,9 @@ void AstPrinter::PrintClassProperty(ClassLiteral::Property* property) {
     case ClassLiteral::Property::FIELD:
       prop_kind = "FIELD";
       break;
+    case ClassLiteral::Property::AUTO_ACCESSOR:
+      prop_kind = "AUTO ACCESSOR";
+      break;
   }
   base::EmbeddedVector<char, 128> buf;
   SNPrintF(buf, "PROPERTY%s%s - %s", property->is_static() ? " - STATIC" : "",
diff --git a/deps/v8/src/ast/scopes.cc b/deps/v8/src/ast/scopes.cc
index 109ce824b57f51..57a9dca1a84dee 100644
--- a/deps/v8/src/ast/scopes.cc
+++ b/deps/v8/src/ast/scopes.cc
@@ -4,11 +4,11 @@
 
 #include "src/ast/scopes.h"
 
+#include <optional>
 #include <set>
 
 #include "src/ast/ast.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/builtins/accessors.h"
 #include "src/common/message-template.h"
 #include "src/heap/local-factory-inl.h"
@@ -374,6 +374,8 @@ void Scope::SetDefaults() {
   has_using_declaration_ = false;
   has_await_using_declaration_ = false;
 
+  is_wrapped_function_ = false;
+
   num_stack_slots_ = 0;
   num_heap_slots_ = ContextHeaderLength();
 
@@ -417,7 +419,8 @@ Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone,
                                     Tagged<ScopeInfo> scope_info,
                                     DeclarationScope* script_scope,
                                     AstValueFactory* ast_value_factory,
-                                    DeserializationMode deserialization_mode) {
+                                    DeserializationMode deserialization_mode,
+                                    ParseInfo* parse_info) {
   // Reconstruct the outer scope chain from a closure's context chain.
   Scope* current_scope = nullptr;
   Scope* innermost_scope = nullptr;
@@ -470,6 +473,9 @@ Scope* Scope::DeserializeScopeChain(IsolateT* isolate, Zone* zone,
     } else if (scope_info->scope_type() == MODULE_SCOPE) {
       outer_scope = zone->New<ModuleScope>(handle(scope_info, isolate),
                                            ast_value_factory);
+      if (parse_info) {
+        parse_info->set_has_module_in_scope_chain();
+      }
     } else {
       DCHECK_EQ(scope_info->scope_type(), CATCH_SCOPE);
       DCHECK_EQ(scope_info->ContextLocalCount(), 1);
@@ -536,12 +542,12 @@ template EXPORT_TEMPLATE_DEFINE(V8_EXPORT_PRIVATE)
     Scope* Scope::DeserializeScopeChain(
         Isolate* isolate, Zone* zone, Tagged<ScopeInfo> scope_info,
         DeclarationScope* script_scope, AstValueFactory* ast_value_factory,
-        DeserializationMode deserialization_mode);
+        DeserializationMode deserialization_mode, ParseInfo* parse_info);
 template EXPORT_TEMPLATE_DEFINE(V8_EXPORT_PRIVATE)
     Scope* Scope::DeserializeScopeChain(
         LocalIsolate* isolate, Zone* zone, Tagged<ScopeInfo> scope_info,
         DeclarationScope* script_scope, AstValueFactory* ast_value_factory,
-        DeserializationMode deserialization_mode);
+        DeserializationMode deserialization_mode, ParseInfo* parse_info);
 
 DeclarationScope* Scope::AsDeclarationScope() {
   // Here and below: if an attacker corrupts the in-sandox SFI::unique_id or
@@ -694,7 +700,7 @@ bool DeclarationScope::Analyze(ParseInfo* info) {
   DCHECK_NOT_NULL(info->literal());
   DeclarationScope* scope = info->literal()->scope();
 
-  base::Optional<AllowHandleDereference> allow_deref;
+  std::optional<AllowHandleDereference> allow_deref;
 #ifdef DEBUG
   if (scope->outer_scope() && !scope->outer_scope()->scope_info_.is_null()) {
     allow_deref.emplace();
@@ -2589,8 +2595,9 @@ void DeclarationScope::AllocateLocals() {
     new_target_ = nullptr;
   }
 
-  NullifyRareVariableIf(RareVariable::kThisFunction,
-                        [=](Variable* var) { return !MustAllocate(var); });
+  NullifyRareVariableIf(RareVariable::kThisFunction, [=, this](Variable* var) {
+    return !MustAllocate(var);
+  });
 }
 
 void ModuleScope::AllocateModuleVariables() {
@@ -2607,6 +2614,30 @@ void ModuleScope::AllocateModuleVariables() {
   }
 }
 
+// Needs to be kept in sync with ScopeInfo::UniqueIdInScript and
+// SharedFunctionInfo::UniqueIdInScript.
+int Scope::UniqueIdInScript() const {
+  DCHECK(!is_hidden_catch_scope());
+  // Script scopes start "before" the script to avoid clashing with a scope that
+  // starts on character 0.
+  if (is_script_scope() || scope_type() == EVAL_SCOPE ||
+      scope_type() == MODULE_SCOPE) {
+    return -2;
+  }
+  // Wrapped functions start before the function body, but after the script
+  // start, to avoid clashing with a scope starting on character 0.
+  if (is_wrapped_function()) {
+    return -1;
+  }
+  if (is_declaration_scope()) {
+    // Default constructors have the same start position as their parent class
+    // scope. Use the next char position to distinguish this scope.
+    return start_position() +
+           IsDefaultConstructor(AsDeclarationScope()->function_kind());
+  }
+  return start_position();
+}
+
 void Scope::AllocateVariablesRecursively() {
   this->ForEach([](Scope* scope) -> Iteration {
     DCHECK(!scope->already_resolved_);
@@ -2658,33 +2689,70 @@ void Scope::AllocateVariablesRecursively() {
 }
 
 template <typename IsolateT>
-void Scope::AllocateScopeInfosRecursively(IsolateT* isolate,
-                                          MaybeHandle<ScopeInfo> outer_scope) {
+void Scope::AllocateScopeInfosRecursively(
+    IsolateT* isolate, MaybeHandle<ScopeInfo> outer_scope,
+    std::unordered_map<int, Handle<ScopeInfo>>& scope_infos_to_reuse) {
   DCHECK(scope_info_.is_null());
   MaybeHandle<ScopeInfo> next_outer_scope = outer_scope;
 
-  if (NeedsScopeInfo()) {
+  auto it = is_hidden_catch_scope()
+                ? scope_infos_to_reuse.end()
+                : scope_infos_to_reuse.find(UniqueIdInScript());
+  if (it != scope_infos_to_reuse.end()) {
+    scope_info_ = it->second;
+    CHECK(NeedsContext());
+    // The ScopeInfo chain mirrors the context chain, so we only link to the
+    // next outer scope that needs a context.
+    next_outer_scope = scope_info_;
+    DCHECK(!scope_info_.is_null());
+    DCHECK(!is_hidden_catch_scope());
+    CHECK_EQ(scope_info_->scope_type(), scope_type_);
+    CHECK_EQ(scope_info_->ContextLength(), num_heap_slots_);
+#ifdef DEBUG
+    // Consume the scope info.
+    it->second = {};
+#endif
+  } else if (NeedsScopeInfo()) {
     scope_info_ = ScopeInfo::Create(isolate, zone(), this, outer_scope);
-    // The ScopeInfo chain should mirror the context chain, so we only link to
-    // the next outer scope that needs a context.
+#ifdef DEBUG
+    // Mark this ID as being used. Skip hidden scopes because they are
+    // synthetic, unreusable, but hard to make unique.
+    if (v8_flags.reuse_scope_infos && !is_hidden_catch_scope()) {
+      scope_infos_to_reuse[UniqueIdInScript()] = {};
+      DCHECK_EQ(UniqueIdInScript(), scope_info_->UniqueIdInScript());
+    }
+#endif
+    // The ScopeInfo chain mirrors the context chain, so we only link to the
+    // next outer scope that needs a context.
     if (NeedsContext()) next_outer_scope = scope_info_;
   }
 
   // Allocate ScopeInfos for inner scopes.
   for (Scope* scope = inner_scope_; scope != nullptr; scope = scope->sibling_) {
+#ifdef DEBUG
+    if (!scope->is_hidden_catch_scope()) {
+      DCHECK_GT(scope->UniqueIdInScript(), UniqueIdInScript());
+      DCHECK_IMPLIES(
+          scope->sibling_ && !scope->sibling_->is_hidden_catch_scope(),
+          scope->sibling_->UniqueIdInScript() != scope->UniqueIdInScript());
+    }
+#endif
     if (!scope->is_function_scope() ||
         scope->AsDeclarationScope()->ShouldEagerCompile()) {
-      scope->AllocateScopeInfosRecursively(isolate, next_outer_scope);
+      scope->AllocateScopeInfosRecursively(isolate, next_outer_scope,
+                                           scope_infos_to_reuse);
     }
   }
 }
 
 template EXPORT_TEMPLATE_DEFINE(V8_EXPORT_PRIVATE) void Scope::
-    AllocateScopeInfosRecursively<Isolate>(Isolate* isolate,
-                                           MaybeHandle<ScopeInfo> outer_scope);
+    AllocateScopeInfosRecursively<Isolate>(
+        Isolate* isolate, MaybeHandle<ScopeInfo> outer_scope,
+        std::unordered_map<int, Handle<ScopeInfo>>& scope_infos_to_reuse);
 template EXPORT_TEMPLATE_DEFINE(V8_EXPORT_PRIVATE) void Scope::
     AllocateScopeInfosRecursively<LocalIsolate>(
-        LocalIsolate* isolate, MaybeHandle<ScopeInfo> outer_scope);
+        LocalIsolate* isolate, MaybeHandle<ScopeInfo> outer_scope,
+        std::unordered_map<int, Handle<ScopeInfo>>& scope_infos_to_reuse);
 
 void DeclarationScope::RecalcPrivateNameContextChain() {
   // The outermost scope in a class heritage expression is marked to skip the
@@ -2729,7 +2797,9 @@ void DeclarationScope::RecordNeedsPrivateNameContextChainRecalc() {
 
 // static
 template <typename IsolateT>
-void DeclarationScope::AllocateScopeInfos(ParseInfo* info, IsolateT* isolate) {
+void DeclarationScope::AllocateScopeInfos(ParseInfo* info,
+                                          DirectHandle<Script> script,
+                                          IsolateT* isolate) {
   DeclarationScope* scope = info->literal()->scope();
 
   // No one else should have allocated a scope info for this scope yet.
@@ -2744,7 +2814,54 @@ void DeclarationScope::AllocateScopeInfos(ParseInfo* info, IsolateT* isolate) {
   if (scope->needs_private_name_context_chain_recalc()) {
     scope->RecalcPrivateNameContextChain();
   }
-  scope->AllocateScopeInfosRecursively(isolate, outer_scope);
+
+  Tagged<WeakFixedArray> infos = script->infos();
+  std::unordered_map<int, Handle<ScopeInfo>> scope_infos_to_reuse;
+  if (v8_flags.reuse_scope_infos && infos->length() != 0) {
+    Tagged<SharedFunctionInfo> sfi = *info->literal()->shared_function_info();
+    Tagged<ScopeInfo> outer = sfi->HasOuterScopeInfo()
+                                  ? sfi->GetOuterScopeInfo()
+                                  : Tagged<ScopeInfo>();
+    // Look at all inner functions whether they have scope infos that we should
+    // reuse. Also look at the compiled function itself, and reuse its function
+    // scope info if it exists.
+    for (int i = info->literal()->function_literal_id();
+         i < info->max_info_id() + 1; ++i) {
+      Tagged<MaybeObject> maybe_info = infos->get(i);
+      if (maybe_info.IsWeak()) {
+        Tagged<Object> info = maybe_info.GetHeapObjectAssumeWeak();
+        Tagged<ScopeInfo> scope_info;
+        if (Is<SharedFunctionInfo>(info)) {
+          Tagged<SharedFunctionInfo> sfi = Cast<SharedFunctionInfo>(info);
+          if (!sfi->scope_info()->IsEmpty() &&
+              sfi->scope_info()->HasContext()) {
+            scope_info = sfi->scope_info();
+          } else if (sfi->HasOuterScopeInfo()) {
+            scope_info = sfi->GetOuterScopeInfo();
+          } else {
+            continue;
+          }
+        } else {
+          scope_info = Cast<ScopeInfo>(info);
+        }
+        while (true) {
+          if (scope_info == outer) break;
+          int id = scope_info->UniqueIdInScript();
+          auto it = scope_infos_to_reuse.find(id);
+          if (it != scope_infos_to_reuse.end()) {
+            CHECK_EQ(*it->second, scope_info);
+            break;
+          }
+          scope_infos_to_reuse[id] = handle(scope_info, isolate);
+          if (!scope_info->HasOuterScopeInfo()) break;
+          scope_info = scope_info->OuterScopeInfo();
+        }
+      }
+    }
+  }
+
+  scope->AllocateScopeInfosRecursively(isolate, outer_scope,
+                                       scope_infos_to_reuse);
 
   // The debugger expects all shared function infos to contain a scope info.
   // Since the top-most scope will end up in a shared function info, make sure
@@ -2763,9 +2880,9 @@ void DeclarationScope::AllocateScopeInfos(ParseInfo* info, IsolateT* isolate) {
 }
 
 template V8_EXPORT_PRIVATE void DeclarationScope::AllocateScopeInfos(
-    ParseInfo* info, Isolate* isolate);
+    ParseInfo* info, DirectHandle<Script> script, Isolate* isolate);
 template V8_EXPORT_PRIVATE void DeclarationScope::AllocateScopeInfos(
-    ParseInfo* info, LocalIsolate* isolate);
+    ParseInfo* info, DirectHandle<Script> script, LocalIsolate* isolate);
 
 int Scope::ContextLocalCount() const {
   if (num_heap_slots() == 0) return 0;
diff --git a/deps/v8/src/ast/scopes.h b/deps/v8/src/ast/scopes.h
index 421da0d20241eb..64cba134ec81d2 100644
--- a/deps/v8/src/ast/scopes.h
+++ b/deps/v8/src/ast/scopes.h
@@ -101,6 +101,11 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
   }
 #endif
 
+  // An ID that uniquely identifies this scope within the script. Inner scopes
+  // have a higher ID than their outer scopes. ScopeInfo created from a scope
+  // has the same ID as the scope.
+  int UniqueIdInScript() const;
+
   DeclarationScope* AsDeclarationScope();
   const DeclarationScope* AsDeclarationScope() const;
   ModuleScope* AsModuleScope();
@@ -152,7 +157,8 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
                                       Tagged<ScopeInfo> scope_info,
                                       DeclarationScope* script_scope,
                                       AstValueFactory* ast_value_factory,
-                                      DeserializationMode deserialization_mode);
+                                      DeserializationMode deserialization_mode,
+                                      ParseInfo* info = nullptr);
 
   template <typename IsolateT>
   EXPORT_TEMPLATE_DECLARE(V8_EXPORT_PRIVATE)
@@ -334,6 +340,10 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
   bool is_hidden() const { return is_hidden_; }
   void set_is_hidden() { is_hidden_ = true; }
 
+  bool is_hidden_catch_scope() const {
+    return is_hidden() && scope_type() == CATCH_SCOPE;
+  }
+
   void ForceContextAllocationForParameters() {
     DCHECK(!already_resolved_);
     force_context_allocation_for_parameters_ = true;
@@ -382,6 +392,15 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
     return has_await_using_declaration_;
   }
 
+  bool is_wrapped_function() const {
+    DCHECK_IMPLIES(is_wrapped_function_, is_function_scope());
+    return is_wrapped_function_;
+  }
+  void set_is_wrapped_function() {
+    DCHECK(is_function_scope());
+    is_wrapped_function_ = true;
+  }
+
 #if V8_ENABLE_WEBASSEMBLY
   bool IsAsmModule() const;
   // Returns true if this scope or any inner scopes that might be eagerly
@@ -719,11 +738,9 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
   void AllocateVariablesRecursively();
 
   template <typename IsolateT>
-  void AllocateScopeInfosRecursively(IsolateT* isolate,
-                                     MaybeHandle<ScopeInfo> outer_scope);
-
-  void AllocateDebuggerScopeInfos(Isolate* isolate,
-                                  MaybeHandle<ScopeInfo> outer_scope);
+  void AllocateScopeInfosRecursively(
+      IsolateT* isolate, MaybeHandle<ScopeInfo> outer_scope,
+      std::unordered_map<int, Handle<ScopeInfo>>& scope_infos_to_reuse);
 
   // Construct a scope based on the scope info.
   Scope(Zone* zone, ScopeType type, AstValueFactory* ast_value_factory,
@@ -823,10 +840,6 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
 
   bool must_use_preparsed_scope_data_ : 1;
 
-  // True if this is a script scope that originated from
-  // DebugEvaluate::GlobalREPL().
-  bool is_repl_mode_scope_ : 1;
-
   // True if this is a deserialized scope which caches its lookups on another
   // Scope's variable map. This will be true for every scope above the first
   // non-eval declaration scope above the compilation entry point, e.g. for
@@ -852,6 +865,10 @@ class V8_EXPORT_PRIVATE Scope : public NON_EXPORTED_BASE(ZoneObject) {
   // If declarations include any `using` or `await using` declarations.
   bool has_using_declaration_ : 1;
   bool has_await_using_declaration_ : 1;
+
+  // If the scope was generated for wrapped function syntax, which will affect
+  // its UniqueIdInScript.
+  bool is_wrapped_function_ : 1;
 };
 
 class V8_EXPORT_PRIVATE DeclarationScope : public Scope {
@@ -1161,6 +1178,7 @@ class V8_EXPORT_PRIVATE DeclarationScope : public Scope {
   // Does nothing if ScopeInfo is already allocated.
   template <typename IsolateT>
   V8_EXPORT_PRIVATE static void AllocateScopeInfos(ParseInfo* info,
+                                                   DirectHandle<Script> script,
                                                    IsolateT* isolate);
 
   // Determine if we can use lazy compilation for this scope.
diff --git a/deps/v8/src/base/intrusive-set.h b/deps/v8/src/base/intrusive-set.h
index 360cac3a35dd3e..ed22eb62e755b0 100644
--- a/deps/v8/src/base/intrusive-set.h
+++ b/deps/v8/src/base/intrusive-set.h
@@ -10,7 +10,6 @@
 #include <type_traits>
 
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 
 namespace v8::base {
 
diff --git a/deps/v8/src/base/macros.h b/deps/v8/src/base/macros.h
index 260747db7eac50..488729dd5a9d08 100644
--- a/deps/v8/src/base/macros.h
+++ b/deps/v8/src/base/macros.h
@@ -23,6 +23,23 @@
 // Creates an unique identifier. Useful for scopes to avoid shadowing names.
 #define UNIQUE_IDENTIFIER(base) CONCAT(base, __COUNTER__)
 
+// COUNT_MACRO_ARGS(...) returns the number of arguments passed. Currently, up
+// to 8 arguments are supported.
+#define COUNT_MACRO_ARGS(...) \
+  EXPAND(COUNT_MACRO_ARGS_IMPL(__VA_ARGS__, 8, 7, 6, 5, 4, 3, 2, 1, 0))
+#define COUNT_MACRO_ARGS_IMPL(_8, _7, _6, _5, _4, _3, _2, _1, N, ...) N
+// GET_NTH_ARG(N, ...) returns the Nth argument in the list of arguments
+// following. Currently, up to N=8 is supported.
+#define GET_NTH_ARG(N, ...) CONCAT(GET_NTH_ARG_IMPL_, N)(__VA_ARGS__)
+#define GET_NTH_ARG_IMPL_0(_0, ...) _0
+#define GET_NTH_ARG_IMPL_1(_0, _1, ...) _1
+#define GET_NTH_ARG_IMPL_2(_0, _1, _2, ...) _2
+#define GET_NTH_ARG_IMPL_3(_0, _1, _2, _3, ...) _3
+#define GET_NTH_ARG_IMPL_4(_0, _1, _2, _3, _4, ...) _4
+#define GET_NTH_ARG_IMPL_5(_0, _1, _2, _3, _4, _5, ...) _5
+#define GET_NTH_ARG_IMPL_6(_0, _1, _2, _3, _4, _5, _6, ...) _6
+#define GET_NTH_ARG_IMPL_7(_0, _1, _2, _3, _4, _5, _6, _7, ...) _7
+
 // UNPAREN(x) removes a layer of nested parentheses on x, if any. This means
 // that both UNPAREN(x) and UNPAREN((x)) expand to x. This is helpful for macros
 // that want to support multi argument templates with commas, e.g.
@@ -406,9 +423,9 @@ bool is_inbounds(float_t v) {
 // Setup for Windows shared library export.
 #define V8_EXPORT_ENUM
 #ifdef BUILDING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE
+#define V8_EXPORT_PRIVATE __declspec(dllexport)
 #elif USING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE
+#define V8_EXPORT_PRIVATE __declspec(dllimport)
 #else
 #define V8_EXPORT_PRIVATE
 #endif  // BUILDING_V8_SHARED
@@ -418,8 +435,8 @@ bool is_inbounds(float_t v) {
 // Setup for Linux shared library export.
 #if V8_HAS_ATTRIBUTE_VISIBILITY
 #ifdef BUILDING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE
-#define V8_EXPORT_ENUM
+#define V8_EXPORT_PRIVATE __attribute__((visibility("default")))
+#define V8_EXPORT_ENUM V8_EXPORT_PRIVATE
 #else
 #define V8_EXPORT_PRIVATE
 #define V8_EXPORT_ENUM
@@ -440,6 +457,18 @@ bool is_inbounds(float_t v) {
 #define IF_WASM(V, ...)
 #endif  // V8_ENABLE_WEBASSEMBLY
 
+#ifdef V8_ENABLE_DRUMBRAKE
+#define IF_WASM_DRUMBRAKE(V, ...) EXPAND(V(__VA_ARGS__))
+#else
+#define IF_WASM_DRUMBRAKE(V, ...)
+#endif  // V8_ENABLE_DRUMBRAKE
+
+#if defined(V8_ENABLE_DRUMBRAKE) && !defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+#define IF_WASM_DRUMBRAKE_INSTR_HANDLER(V, ...) EXPAND(V(__VA_ARGS__))
+#else
+#define IF_WASM_DRUMBRAKE_INSTR_HANDLER(V, ...)
+#endif  // V8_ENABLE_DRUMBRAKE && !V8_DRUMBRAKE_BOUNDS_CHECKS
+
 // Defines IF_TSAN, to be used in macro lists for elements that should only be
 // there if TSAN is enabled.
 #ifdef V8_IS_TSAN
diff --git a/deps/v8/src/base/optional.h b/deps/v8/src/base/optional.h
deleted file mode 100644
index 26ce8384429bf3..00000000000000
--- a/deps/v8/src/base/optional.h
+++ /dev/null
@@ -1,29 +0,0 @@
-// Copyright 2016 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// This file is a clone of "base/optional.h" in chromium.
-// Keep in sync, especially when fixing bugs.
-// Copyright 2017 the V8 project authors. All rights reserved.
-
-#ifndef V8_BASE_OPTIONAL_H_
-#define V8_BASE_OPTIONAL_H_
-
-#include <optional>
-
-namespace v8 {
-namespace base {
-
-// These aliases are deprecated, use std::optional directly.
-template <typename T>
-using Optional = std::optional<T>;
-
-using std::in_place;
-using std::make_optional;
-using std::nullopt;
-using std::nullopt_t;
-
-}  // namespace base
-}  // namespace v8
-
-#endif  // V8_BASE_OPTIONAL_H_
diff --git a/deps/v8/src/base/platform/mutex.h b/deps/v8/src/base/platform/mutex.h
index 15cf0cd5d5989c..4df610f2dca5ec 100644
--- a/deps/v8/src/base/platform/mutex.h
+++ b/deps/v8/src/base/platform/mutex.h
@@ -5,6 +5,8 @@
 #ifndef V8_BASE_PLATFORM_MUTEX_H_
 #define V8_BASE_PLATFORM_MUTEX_H_
 
+#include <optional>
+
 #include "include/v8config.h"
 
 #if V8_OS_DARWIN
@@ -18,7 +20,6 @@
 #include "src/base/base-export.h"
 #include "src/base/lazy-instance.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 
 #if V8_OS_WIN
 #include "src/base/win32-headers.h"
@@ -378,7 +379,7 @@ class V8_NODISCARD SharedMutexGuardIf final {
   SharedMutexGuardIf& operator=(const SharedMutexGuardIf&) = delete;
 
  private:
-  base::Optional<SharedMutexGuard<kIsShared, Behavior>> mutex_;
+  std::optional<SharedMutexGuard<kIsShared, Behavior>> mutex_;
 };
 
 }  // namespace base
diff --git a/deps/v8/src/base/platform/platform-fuchsia.cc b/deps/v8/src/base/platform/platform-fuchsia.cc
index 326f4d81cc1ef6..a50dde14a2b298 100644
--- a/deps/v8/src/base/platform/platform-fuchsia.cc
+++ b/deps/v8/src/base/platform/platform-fuchsia.cc
@@ -9,6 +9,8 @@
 #include <lib/zx/vmar.h>
 #include <lib/zx/vmo.h>
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/macros.h"
 #include "src/base/platform/platform-posix-time.h"
@@ -322,7 +324,7 @@ bool OS::DecommitPages(void* address, size_t size) {
 bool OS::CanReserveAddressSpace() { return true; }
 
 // static
-Optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
+std::optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
     void* hint, size_t size, size_t alignment,
     MemoryPermission max_permission) {
   DCHECK_EQ(0, reinterpret_cast<Address>(hint) % alignment);
@@ -400,7 +402,8 @@ std::optional<OS::MemoryRange> OS::GetFirstFreeMemoryRangeWithin(
   return std::nullopt;
 }
 
-Optional<AddressSpaceReservation> AddressSpaceReservation::CreateSubReservation(
+std::optional<AddressSpaceReservation>
+AddressSpaceReservation::CreateSubReservation(
     void* address, size_t size, OS::MemoryPermission max_permission) {
   DCHECK(Contains(address, size));
 
diff --git a/deps/v8/src/base/platform/platform-linux.cc b/deps/v8/src/base/platform/platform-linux.cc
index 00f0c0543fb4fc..75e1222a520641 100644
--- a/deps/v8/src/base/platform/platform-linux.cc
+++ b/deps/v8/src/base/platform/platform-linux.cc
@@ -33,6 +33,7 @@
 #include <cmath>
 #include <cstdio>
 #include <memory>
+#include <optional>
 
 #include "src/base/logging.h"
 #include "src/base/memory.h"
@@ -139,7 +140,7 @@ std::optional<OS::MemoryRange> OS::GetFirstFreeMemoryRangeWithin(
 }
 
 //  static
-base::Optional<MemoryRegion> MemoryRegion::FromMapsLine(const char* line) {
+std::optional<MemoryRegion> MemoryRegion::FromMapsLine(const char* line) {
   MemoryRegion region;
   unsigned dev_major = 0, dev_minor = 0;
   uintptr_t inode = 0;
@@ -157,7 +158,7 @@ base::Optional<MemoryRegion> MemoryRegion::FromMapsLine(const char* line) {
              " %x:%x %" V8PRIdPTR " %n",
              &region.start, &region.end, region.permissions, &offset,
              &dev_major, &dev_minor, &inode, &path_index) < 7) {
-    return base::nullopt;
+    return std::nullopt;
   }
   region.permissions[4] = '\0';
   region.inode = inode;
@@ -204,8 +205,7 @@ std::unique_ptr<std::vector<MemoryRegion>> ParseProcSelfMaps(
     if (line.get()[line_length - 1] != '\n') break;
     line.get()[line_length - 1] = '\0';
 
-    base::Optional<MemoryRegion> region =
-        MemoryRegion::FromMapsLine(line.get());
+    std::optional<MemoryRegion> region = MemoryRegion::FromMapsLine(line.get());
     if (!region) {
       break;
     }
diff --git a/deps/v8/src/base/platform/platform-linux.h b/deps/v8/src/base/platform/platform-linux.h
index 6e000d11ac9058..506bc5e28411ce 100644
--- a/deps/v8/src/base/platform/platform-linux.h
+++ b/deps/v8/src/base/platform/platform-linux.h
@@ -8,10 +8,10 @@
 #include <sys/types.h>
 
 #include <cstdint>
+#include <optional>
 #include <string>
 
 #include "src/base/base-export.h"
-#include "src/base/optional.h"
 #include "src/base/platform/platform.h"
 
 namespace v8 {
@@ -29,7 +29,7 @@ struct V8_BASE_EXPORT MemoryRegion {
   std::string pathname;
 
   // |line| must not contains the tail '\n'.
-  static base::Optional<MemoryRegion> FromMapsLine(const char* line);
+  static std::optional<MemoryRegion> FromMapsLine(const char* line);
 };
 
 // The |fp| parameter is for testing, to pass a fake /proc/self/maps file.
diff --git a/deps/v8/src/base/platform/platform-posix.cc b/deps/v8/src/base/platform/platform-posix.cc
index 77ead451538caa..a0f43374fa982d 100644
--- a/deps/v8/src/base/platform/platform-posix.cc
+++ b/deps/v8/src/base/platform/platform-posix.cc
@@ -35,6 +35,7 @@
 
 #include <cmath>
 #include <cstdlib>
+#include <optional>
 
 #include "src/base/lazy-instance.h"
 #include "src/base/macros.h"
@@ -616,7 +617,7 @@ bool OS::DecommitPages(void* address, size_t size) {
 bool OS::CanReserveAddressSpace() { return true; }
 
 // static
-Optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
+std::optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
     void* hint, size_t size, size_t alignment,
     MemoryPermission max_permission) {
   // On POSIX, address space reservations are backed by private memory mappings.
@@ -1038,7 +1039,8 @@ void OS::StrNCpy(char* dest, int length, const char* src, size_t n) {
 
 #if !V8_OS_CYGWIN && !V8_OS_FUCHSIA
 
-Optional<AddressSpaceReservation> AddressSpaceReservation::CreateSubReservation(
+std::optional<AddressSpaceReservation>
+AddressSpaceReservation::CreateSubReservation(
     void* address, size_t size, OS::MemoryPermission max_permission) {
   DCHECK(Contains(address, size));
   DCHECK_EQ(0, size % OS::AllocatePageSize());
diff --git a/deps/v8/src/base/platform/platform-win32.cc b/deps/v8/src/base/platform/platform-win32.cc
index c3da6a9e33c3e5..fa03a80ef3d95e 100644
--- a/deps/v8/src/base/platform/platform-win32.cc
+++ b/deps/v8/src/base/platform/platform-win32.cc
@@ -27,6 +27,7 @@
 #include <tlhelp32.h>           // For Module32First and al.
 
 #include <limits>
+#include <optional>
 
 #include "src/base/bits.h"
 #include "src/base/lazy-instance.h"
@@ -137,15 +138,6 @@ int strncpy_s(char* dest, size_t dest_size, const char* source, size_t count) {
 namespace v8 {
 namespace base {
 
-namespace {
-
-// g_cet gets set to kEnabled on platform initialization if the Intel CET shadow
-// stack is found to be enabled for this process.
-enum PlatformCETStatus { kNotSet, kEnabled, kDisabled };
-PlatformCETStatus g_cet = kNotSet;
-
-}  // namespace
-
 class WindowsTimezoneCache : public TimezoneCache {
  public:
   WindowsTimezoneCache() : initialized_(false) {}
@@ -788,16 +780,10 @@ bool UserShadowStackEnabled() {
   return uss_policy.EnableUserShadowStack;
 }
 
-void InitializeCETStatus() {
-  DCHECK_EQ(kNotSet, g_cet);
-  g_cet = UserShadowStackEnabled() ? kEnabled : kDisabled;
-}
-
 }  // namespace
 
 void OS::Initialize(AbortMode abort_mode, const char* const gc_fake_mmap) {
   g_abort_mode = abort_mode;
-  InitializeCETStatus();
 }
 
 typedef PVOID(__stdcall* VirtualAlloc2_t)(HANDLE, PVOID, SIZE_T, ULONG, ULONG,
@@ -830,8 +816,8 @@ void OS::EnsureWin32MemoryAPILoaded() {
 
 // static
 bool OS::IsHardwareEnforcedShadowStacksEnabled() {
-  DCHECK_NE(kNotSet, g_cet);
-  return g_cet == kEnabled;
+  static bool cet_enabled = UserShadowStackEnabled();
+  return cet_enabled;
 }
 
 // static
@@ -1142,7 +1128,7 @@ bool OS::CanReserveAddressSpace() {
 }
 
 // static
-Optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
+std::optional<AddressSpaceReservation> OS::CreateAddressSpaceReservation(
     void* hint, size_t size, size_t alignment,
     MemoryPermission max_permission) {
   CHECK(CanReserveAddressSpace());
@@ -1364,7 +1350,8 @@ Win32MemoryMappedFile::~Win32MemoryMappedFile() {
   CloseHandle(file_);
 }
 
-Optional<AddressSpaceReservation> AddressSpaceReservation::CreateSubReservation(
+std::optional<AddressSpaceReservation>
+AddressSpaceReservation::CreateSubReservation(
     void* address, size_t size, OS::MemoryPermission max_permission) {
   // Nothing to do, the sub reservation must already have been split by now.
   DCHECK(Contains(address, size));
diff --git a/deps/v8/src/base/platform/platform.h b/deps/v8/src/base/platform/platform.h
index 581ba2704a5de1..8f4901f501f684 100644
--- a/deps/v8/src/base/platform/platform.h
+++ b/deps/v8/src/base/platform/platform.h
@@ -23,6 +23,7 @@
 
 #include <cstdarg>
 #include <cstdint>
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -32,7 +33,6 @@
 #include "src/base/build_config.h"
 #include "src/base/compiler-specific.h"
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/base/platform/semaphore.h"
 #include "testing/gtest/include/gtest/gtest_prod.h"  // nogncheck
@@ -404,7 +404,7 @@ class V8_BASE_EXPORT OS {
 
   V8_WARN_UNUSED_RESULT static bool CanReserveAddressSpace();
 
-  V8_WARN_UNUSED_RESULT static Optional<AddressSpaceReservation>
+  V8_WARN_UNUSED_RESULT static std::optional<AddressSpaceReservation>
   CreateAddressSpaceReservation(void* hint, size_t size, size_t alignment,
                                 MemoryPermission max_permission);
 
@@ -476,8 +476,9 @@ class V8_BASE_EXPORT AddressSpaceReservation {
 
   V8_WARN_UNUSED_RESULT bool DecommitPages(void* address, size_t size);
 
-  V8_WARN_UNUSED_RESULT Optional<AddressSpaceReservation> CreateSubReservation(
-      void* address, size_t size, OS::MemoryPermission max_permission);
+  V8_WARN_UNUSED_RESULT std::optional<AddressSpaceReservation>
+  CreateSubReservation(void* address, size_t size,
+                       OS::MemoryPermission max_permission);
 
   V8_WARN_UNUSED_RESULT static bool FreeSubReservation(
       AddressSpaceReservation reservation);
diff --git a/deps/v8/src/base/template-meta-programming/functional.h b/deps/v8/src/base/template-meta-programming/functional.h
index 6c31952e8fb198..910f517609dc3e 100644
--- a/deps/v8/src/base/template-meta-programming/functional.h
+++ b/deps/v8/src/base/template-meta-programming/functional.h
@@ -9,6 +9,11 @@
 
 namespace v8::base::tmp {
 
+template <typename T>
+struct lazy_false : std::false_type {};
+template <typename T>
+struct lazy_true : std::true_type {};
+
 // call_parameters returns a list of parameter types of the given (member)
 // function pointer.
 template <typename>
diff --git a/deps/v8/src/base/template-utils.h b/deps/v8/src/base/template-utils.h
index 4d191ea3a2d8d9..29db903f1b7ddb 100644
--- a/deps/v8/src/base/template-utils.h
+++ b/deps/v8/src/base/template-utils.h
@@ -96,6 +96,32 @@ constexpr auto tuple_for_each_with_index_impl(const Tuple& tpl,
    ...);
 }
 
+template <typename Tuple, typename Function, size_t... Index>
+constexpr auto tuple_map_impl(Tuple&& tpl, const Function& function,
+                              std::index_sequence<Index...>) {
+  return std::make_tuple(
+      function(std::get<Index>(std::forward<Tuple>(tpl)))...);
+}
+
+template <typename TupleV, typename TupleU, typename Function, size_t... Index>
+constexpr auto tuple_map2_impl(TupleV&& tplv, TupleU&& tplu,
+                               const Function& function,
+                               std::index_sequence<Index...>) {
+  return std::make_tuple(
+      function(std::get<Index>(tplv), std::get<Index>(tplu))...);
+}
+
+template <size_t I, typename T, typename Tuple, typename Function>
+constexpr auto tuple_fold_impl(T&& initial, Tuple&& tpl, Function&& function) {
+  if constexpr (I == 0) {
+    return function(std::forward<T>(initial), std::get<0>(tpl));
+  } else {
+    return function(tuple_fold_impl<I - 1>(std::forward<T>(initial),
+                                           std::forward<Tuple>(tpl), function),
+                    std::get<I>(tpl));
+  }
+}
+
 }  // namespace detail
 
 // Get the first N elements from a tuple.
@@ -140,6 +166,34 @@ constexpr void tuple_for_each_with_index(Tuple&& tpl, Function&& function) {
       std::make_index_sequence<std::tuple_size_v<std::decay_t<Tuple>>>());
 }
 
+// Calls `function(v)` for each `v` in the tuple and returns a new tuple with
+// all the results.
+template <typename Tuple, typename Function>
+constexpr auto tuple_map(Tuple&& tpl, Function&& function) {
+  return detail::tuple_map_impl(
+      std::forward<Tuple>(tpl), function,
+      std::make_index_sequence<std::tuple_size_v<std::decay_t<Tuple>>>());
+}
+
+// Calls `function(v, u)` for pairs `v<I>, u<I>` in the
+// tuples and returns a new tuple with all the results.
+template <typename TupleV, typename TupleU, typename Function>
+constexpr auto tuple_map2(TupleV&& tplv, TupleU&& tplu, Function&& function) {
+  constexpr size_t S = std::tuple_size_v<std::decay_t<TupleV>>;
+  static_assert(S == std::tuple_size_v<std::decay_t<TupleU>>);
+  return detail::tuple_map2_impl(std::forward<TupleV>(tplv),
+                                 std::forward<TupleU>(tplu), function,
+                                 std::make_index_sequence<S>());
+}
+
+// Left fold (reduce) the tuple starting with an initial value by applying
+// function(...function(initial, tpl<0>)..., tpl<size-1>)
+template <typename T, typename Tuple, typename Function>
+constexpr auto tuple_fold(T&& initial, Tuple&& tpl, Function&& function) {
+  return detail::tuple_fold_impl<std::tuple_size_v<std::decay_t<Tuple>> - 1>(
+      std::forward<T>(initial), std::forward<Tuple>(tpl), function);
+}
+
 #ifdef __clang__
 
 template <size_t N, typename... Ts>
diff --git a/deps/v8/src/base/virtual-address-space.cc b/deps/v8/src/base/virtual-address-space.cc
index eabce5e39e1066..e1addd922f9015 100644
--- a/deps/v8/src/base/virtual-address-space.cc
+++ b/deps/v8/src/base/virtual-address-space.cc
@@ -4,6 +4,8 @@
 
 #include "src/base/virtual-address-space.h"
 
+#include <optional>
+
 #include "include/v8-platform.h"
 #include "src/base/bits.h"
 #include "src/base/platform/platform.h"
@@ -150,7 +152,7 @@ std::unique_ptr<v8::VirtualAddressSpace> VirtualAddressSpace::AllocateSubspace(
   DCHECK(IsAligned(hint, alignment));
   DCHECK(IsAligned(size, allocation_granularity()));
 
-  base::Optional<AddressSpaceReservation> reservation =
+  std::optional<AddressSpaceReservation> reservation =
       OS::CreateAddressSpaceReservation(
           reinterpret_cast<void*>(hint), size, alignment,
           static_cast<OS::MemoryPermission>(max_page_permissions));
@@ -354,7 +356,7 @@ VirtualAddressSubspace::AllocateSubspace(Address hint, size_t size,
     return std::unique_ptr<v8::VirtualAddressSpace>();
   }
 
-  base::Optional<AddressSpaceReservation> reservation =
+  std::optional<AddressSpaceReservation> reservation =
       reservation_.CreateSubReservation(
           reinterpret_cast<void*>(address), size,
           static_cast<OS::MemoryPermission>(max_page_permissions));
diff --git a/deps/v8/src/baseline/baseline-batch-compiler.cc b/deps/v8/src/baseline/baseline-batch-compiler.cc
index f00ac017892451..8f21943bae5433 100644
--- a/deps/v8/src/baseline/baseline-batch-compiler.cc
+++ b/deps/v8/src/baseline/baseline-batch-compiler.cc
@@ -253,7 +253,7 @@ bool BaselineBatchCompiler::concurrent() const {
          !isolate_->EfficiencyModeEnabledForTiering();
 }
 
-void BaselineBatchCompiler::EnqueueFunction(Handle<JSFunction> function) {
+void BaselineBatchCompiler::EnqueueFunction(DirectHandle<JSFunction> function) {
   DirectHandle<SharedFunctionInfo> shared(function->shared(), isolate_);
   // Immediately compile the function if batch compilation is disabled.
   if (!is_enabled()) {
@@ -309,7 +309,7 @@ void BaselineBatchCompiler::EnsureQueueCapacity() {
   }
 }
 
-void BaselineBatchCompiler::CompileBatch(Handle<JSFunction> function) {
+void BaselineBatchCompiler::CompileBatch(DirectHandle<JSFunction> function) {
   {
     IsCompiledScope is_compiled_scope(
         function->shared()->is_compiled_scope(isolate_));
diff --git a/deps/v8/src/baseline/baseline-batch-compiler.h b/deps/v8/src/baseline/baseline-batch-compiler.h
index 4a10e7afb02c23..7c28ec7f31d9ce 100644
--- a/deps/v8/src/baseline/baseline-batch-compiler.h
+++ b/deps/v8/src/baseline/baseline-batch-compiler.h
@@ -24,7 +24,7 @@ class BaselineBatchCompiler {
   explicit BaselineBatchCompiler(Isolate* isolate);
   ~BaselineBatchCompiler();
   // Enqueues SharedFunctionInfo of |function| for compilation.
-  void EnqueueFunction(Handle<JSFunction> function);
+  void EnqueueFunction(DirectHandle<JSFunction> function);
   void EnqueueSFI(Tagged<SharedFunctionInfo> shared);
 
   void set_enabled(bool enabled) { enabled_ = enabled; }
@@ -47,7 +47,7 @@ class BaselineBatchCompiler {
   bool ShouldCompileBatch(Tagged<SharedFunctionInfo> shared);
 
   // Compiles the current batch.
-  void CompileBatch(Handle<JSFunction> function);
+  void CompileBatch(DirectHandle<JSFunction> function);
 
   // Compiles the current batch concurrently.
   void CompileBatchConcurrent(Tagged<SharedFunctionInfo> shared);
diff --git a/deps/v8/src/baseline/baseline-compiler.cc b/deps/v8/src/baseline/baseline-compiler.cc
index 37a0dfbb2fb288..c721156bf7e1ba 100644
--- a/deps/v8/src/baseline/baseline-compiler.cc
+++ b/deps/v8/src/baseline/baseline-compiler.cc
@@ -5,6 +5,7 @@
 #include "src/baseline/baseline-compiler.h"
 
 #include <algorithm>
+#include <optional>
 #include <type_traits>
 
 #include "src/base/bits.h"
@@ -502,7 +503,7 @@ void BaselineCompiler::VisitSingleBytecode() {
     interpreter::Bytecode bytecode = iterator().current_bytecode();
 
 #ifdef DEBUG
-    base::Optional<EnsureAccumulatorPreservedScope> accumulator_preserved_scope;
+    std::optional<EnsureAccumulatorPreservedScope> accumulator_preserved_scope;
     // We should make sure to preserve the accumulator whenever the bytecode
     // isn't registered as writing to it. We can't do this for jumps or switches
     // though, since the control flow would not match the control flow of this
diff --git a/deps/v8/src/baseline/bytecode-offset-iterator.h b/deps/v8/src/baseline/bytecode-offset-iterator.h
index 91919f2d6c9d71..952f106e32bbbe 100644
--- a/deps/v8/src/baseline/bytecode-offset-iterator.h
+++ b/deps/v8/src/baseline/bytecode-offset-iterator.h
@@ -5,6 +5,8 @@
 #ifndef V8_BASELINE_BYTECODE_OFFSET_ITERATOR_H_
 #define V8_BASELINE_BYTECODE_OFFSET_ITERATOR_H_
 
+#include <optional>
+
 #include "src/base/vlq.h"
 #include "src/common/globals.h"
 #include "src/interpreter/bytecode-array-iterator.h"
@@ -87,7 +89,7 @@ class V8_EXPORT_PRIVATE BytecodeOffsetIterator {
   Tagged<BytecodeArray> bytecode_handle_storage_;
   interpreter::BytecodeArrayIterator bytecode_iterator_;
   LocalHeap* local_heap_;
-  base::Optional<DisallowGarbageCollection> no_gc_;
+  std::optional<DisallowGarbageCollection> no_gc_;
 };
 
 }  // namespace baseline
diff --git a/deps/v8/src/builtins/DEPS b/deps/v8/src/builtins/DEPS
index 22e1e9596262d9..b0a17ca69a8ca2 100644
--- a/deps/v8/src/builtins/DEPS
+++ b/deps/v8/src/builtins/DEPS
@@ -2,15 +2,12 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-include_rules = [
-  # TSA builtins require assembler macros
-  "+src/compiler/turboshaft/define-assembler-macros.inc",
-  "+src/compiler/turboshaft/undef-assembler-macros.inc",
-]
-
 specific_include_rules = {
   "setup-builtins-internal.cc": [
     "+src/compiler/pipeline.h",
     "+src/compiler/turboshaft/phase.h",
   ],
+  ".*-tsa.cc": [
+    "+src/compiler",
+  ],
 }
diff --git a/deps/v8/src/builtins/accessors.cc b/deps/v8/src/builtins/accessors.cc
index 531afd1ad4b340..465c95676b9e8b 100644
--- a/deps/v8/src/builtins/accessors.cc
+++ b/deps/v8/src/builtins/accessors.cc
@@ -91,7 +91,7 @@ Accessors::ReplaceAccessorWithDataProperty(Isolate* isolate,
                     LookupIterator::OWN_SKIP_INTERCEPTOR);
   // Skip any access checks we might hit. This accessor should never hit in a
   // situation where the caller does not have access.
-  if (it.state() == LookupIterator::ACCESS_CHECK) {
+  while (it.state() == LookupIterator::ACCESS_CHECK) {
     CHECK(it.HasAccess());
     it.Next();
   }
@@ -306,7 +306,7 @@ Handle<AccessorInfo> Accessors::MakeStringLengthInfo(Isolate* isolate) {
 //
 
 static Handle<Object> GetFunctionPrototype(Isolate* isolate,
-                                           Handle<JSFunction> function) {
+                                           DirectHandle<JSFunction> function) {
   if (!function->has_prototype()) {
     // We lazily allocate .prototype for functions, which confuses debug
     // evaluate which assumes we can write to temporary objects we allocated
@@ -325,8 +325,8 @@ void Accessors::FunctionPrototypeGetter(
   i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
   RCS_SCOPE(isolate, RuntimeCallCounterId::kFunctionPrototypeGetter);
   HandleScope scope(isolate);
-  Handle<JSFunction> function =
-      Cast<JSFunction>(Utils::OpenHandle(*info.Holder()));
+  DirectHandle<JSFunction> function =
+      Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
   DCHECK(function->has_prototype_property());
   Handle<Object> result = GetFunctionPrototype(isolate, function);
   info.GetReturnValue().Set(Utils::ToLocal(result));
@@ -339,8 +339,8 @@ void Accessors::FunctionPrototypeSetter(
   RCS_SCOPE(isolate, RuntimeCallCounterId::kFunctionPrototypeSetter);
   HandleScope scope(isolate);
   Handle<Object> value = Utils::OpenHandle(*val);
-  Handle<JSFunction> object =
-      Cast<JSFunction>(Utils::OpenHandle(*info.Holder()));
+  DirectHandle<JSFunction> object =
+      Cast<JSFunction>(Utils::OpenDirectHandle(*info.Holder()));
   DCHECK(object->has_prototype_property());
   JSFunction::SetPrototype(object, value);
   info.GetReturnValue().Set(true);
@@ -728,7 +728,7 @@ void Accessors::BoundFunctionLengthGetter(
   i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
   RCS_SCOPE(isolate, RuntimeCallCounterId::kBoundFunctionLengthGetter);
   HandleScope scope(isolate);
-  Handle<JSBoundFunction> function =
+  DirectHandle<JSBoundFunction> function =
       Cast<JSBoundFunction>(Utils::OpenHandle(*info.Holder()));
 
   int length = 0;
@@ -753,7 +753,7 @@ void Accessors::BoundFunctionNameGetter(
   i::Isolate* isolate = reinterpret_cast<i::Isolate*>(info.GetIsolate());
   RCS_SCOPE(isolate, RuntimeCallCounterId::kBoundFunctionNameGetter);
   HandleScope scope(isolate);
-  Handle<JSBoundFunction> function =
+  DirectHandle<JSBoundFunction> function =
       Cast<JSBoundFunction>(Utils::OpenHandle(*info.Holder()));
   Handle<Object> result;
   if (!JSBoundFunction::GetName(isolate, function).ToHandle(&result)) {
diff --git a/deps/v8/src/builtins/arm/builtins-arm.cc b/deps/v8/src/builtins/arm/builtins-arm.cc
index 03ff352be1feb8..6751da7cb0463e 100644
--- a/deps/v8/src/builtins/arm/builtins-arm.cc
+++ b/deps/v8/src/builtins/arm/builtins-arm.cc
@@ -175,7 +175,7 @@ void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
   __ ldr(r4, FieldMemOperand(r4, SharedFunctionInfo::kFlagsOffset));
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r4);
   __ JumpIfIsInRange(
-      r4, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
+      r4, r4, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint32_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
 
@@ -304,33 +304,38 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   __ Assert(eq, AbortReason::kExpectedBaselineData);
 }
 
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi_data,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   ASM_CODE_COMMENT(masm);
   Label done;
-  __ LoadMap(scratch1, sfi_data);
+
+  Register data = bytecode;
+  __ ldr(data,
+         FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
+
+  __ LoadMap(scratch1, data);
+  __ ldrh(scratch1, FieldMemOperand(scratch1, Map::kInstanceTypeOffset));
 
 #ifndef V8_JITLESS
-  __ CompareInstanceType(scratch1, scratch1, CODE_TYPE);
+  __ cmp(scratch1, Operand(CODE_TYPE));
   if (v8_flags.debug_code) {
     Label not_baseline;
     __ b(ne, &not_baseline);
-    AssertCodeIsBaseline(masm, sfi_data, scratch1);
+    AssertCodeIsBaseline(masm, data, scratch1);
     __ b(eq, is_baseline);
     __ bind(&not_baseline);
   } else {
     __ b(eq, is_baseline);
   }
-  __ cmp(scratch1, Operand(INTERPRETER_DATA_TYPE));
-#else
-  __ CompareInstanceType(scratch1, scratch1, INTERPRETER_DATA_TYPE);
 #endif  // !V8_JITLESS
 
-  __ b(ne, &done);
-  __ ldr(sfi_data,
-         FieldMemOperand(sfi_data, InterpreterData::kBytecodeArrayOffset));
+  __ cmp(scratch1, Operand(BYTECODE_ARRAY_TYPE));
+  __ b(eq, &done);
+
+  __ cmp(scratch1, Operand(INTERPRETER_DATA_TYPE));
+  __ b(ne, is_unavailable);
+  __ ldr(data, FieldMemOperand(data, InterpreterData::kBytecodeArrayOffset));
 
   __ bind(&done);
 }
@@ -415,13 +420,20 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline;
+    Label is_baseline, is_unavailable, ok;
     __ ldr(r3, FieldMemOperand(r4, JSFunction::kSharedFunctionInfoOffset));
-    __ ldr(r3, FieldMemOperand(r3, SharedFunctionInfo::kFunctionDataOffset));
-    GetSharedFunctionInfoBytecodeOrBaseline(masm, r3, r0, &is_baseline);
-    __ CompareObjectType(r3, r3, r3, BYTECODE_ARRAY_TYPE);
-    __ Assert(eq, AbortReason::kMissingBytecodeArray);
+    GetSharedFunctionInfoBytecodeOrBaseline(masm, r3, r3, r0, &is_baseline,
+                                            &is_unavailable);
+    __ jmp(&ok);
+
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
+
     __ bind(&is_baseline);
+    __ CompareObjectType(r3, r3, r3, CODE_TYPE);
+    __ Assert(eq, AbortReason::kMissingBytecodeArray);
+
+    __ bind(&ok);
   }
 
   // Resume (Ignition/TurboFan) generator object.
@@ -1119,19 +1131,13 @@ void Builtins::Generate_InterpreterEntryTrampoline(
   // kInterpreterBytecodeArrayRegister.
   __ ldr(r4, FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, r4, r8);
-  __ ldr(kInterpreterBytecodeArrayRegister,
-         FieldMemOperand(r4, SharedFunctionInfo::kFunctionDataOffset));
-
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(
-      masm, kInterpreterBytecodeArrayRegister, r8, &is_baseline);
 
   // The bytecode array could have been flushed from the shared function info,
   // if so, call into CompileLazy.
-  Label compile_lazy;
-  __ CompareObjectType(kInterpreterBytecodeArrayRegister, r4, no_reg,
-                       BYTECODE_ARRAY_TYPE);
-  __ b(ne, &compile_lazy);
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(masm, r4,
+                                          kInterpreterBytecodeArrayRegister, r8,
+                                          &is_baseline, &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = r2;
@@ -1611,7 +1617,7 @@ void Builtins::Generate_InterpreterPushArgsThenFastConstructFunction(
   Label not_create_implicit_receiver;
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r2);
   __ JumpIfIsInRange(
-      r2, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
+      r2, r2, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint32_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
   NewImplicitReceiver(masm);
@@ -1706,7 +1712,8 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   // trampoline.
   __ ldr(r2, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ ldr(r2, FieldMemOperand(r2, JSFunction::kSharedFunctionInfoOffset));
-  __ ldr(r2, FieldMemOperand(r2, SharedFunctionInfo::kFunctionDataOffset));
+  __ ldr(r2,
+         FieldMemOperand(r2, SharedFunctionInfo::kTrustedFunctionDataOffset));
   __ CompareObjectType(r2, kInterpreterDispatchTableRegister,
                        kInterpreterDispatchTableRegister,
                        INTERPRETER_DATA_TYPE);
@@ -2579,12 +2586,13 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
   Register target = r1;
   Register map = r4;
   Register instance_type = r5;
+  Register scratch = r6;
   DCHECK(!AreAliased(r0, target, map, instance_type));
 
   Label non_callable, class_constructor;
   __ JumpIfSmi(target, &non_callable);
   __ LoadMap(map, target);
-  __ CompareInstanceTypeRange(map, instance_type,
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
                               FIRST_CALLABLE_JS_FUNCTION_TYPE,
                               LAST_CALLABLE_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtins::CallFunction(mode), ls);
@@ -2704,7 +2712,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   Register target = r1;
   Register map = r4;
   Register instance_type = r5;
-  DCHECK(!AreAliased(r0, target, map, instance_type));
+  Register scratch = r6;
+  DCHECK(!AreAliased(r0, target, map, instance_type, scratch));
 
   // Check if target is a Smi.
   Label non_constructor, non_proxy;
@@ -2721,8 +2730,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   }
 
   // Dispatch based on instance type.
-  __ CompareInstanceTypeRange(map, instance_type, FIRST_JS_FUNCTION_TYPE,
-                              LAST_JS_FUNCTION_TYPE);
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
+                              FIRST_JS_FUNCTION_TYPE, LAST_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtin::kConstructFunction, ls);
 
   // Only dispatch to bound functions after checking whether they are
@@ -3231,7 +3240,7 @@ class RegisterAllocator {
 
 #define FREE_REG(Name) regs.Free(&Name);
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset));
@@ -3240,7 +3249,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   Label end;
   __ b(eq, &instance);
   __ LoadTaggedField(
-      ref, FieldMemOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset));
   __ jmp(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -3409,7 +3418,7 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
   DEFINE_REG(resume_data);
   __ LoadTaggedField(
       resume_data,
-      FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
+      FieldMemOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
   __ LoadTaggedField(
       suspender,
       FieldMemOperand(resume_data, WasmResumeData::kSuspenderOffset));
@@ -4016,12 +4025,11 @@ void SwitchFromTheCentralStackIfNeeded(MacroAssembler* masm) {
 }  // namespace
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   UseScratchRegisterScope temps{masm};
   Register scratch = temps.Acquire();
-  __ Move(scratch,
-          FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ Move(scratch, FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ Move(scratch, FieldMemOperand(scratch, Code::kInstructionStartOffset));
   __ Jump(scratch);
 }
@@ -4513,7 +4521,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
@@ -4852,7 +4860,8 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
   }
 
   __ ldr(code_obj,
-         FieldMemOperand(code_obj, SharedFunctionInfo::kFunctionDataOffset));
+         FieldMemOperand(code_obj,
+                         SharedFunctionInfo::kTrustedFunctionDataOffset));
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/arm64/builtins-arm64.cc b/deps/v8/src/builtins/arm64/builtins-arm64.cc
index 401506c7931ee6..63ea6e63f9cbf7 100644
--- a/deps/v8/src/builtins/arm64/builtins-arm64.cc
+++ b/deps/v8/src/builtins/arm64/builtins-arm64.cc
@@ -391,43 +391,6 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   return AssertCodeIsBaselineAllowClobber(masm, code, scratch);
 }
 
-// Equivalent of SharedFunctionInfo::GetData
-static void GetSharedFunctionInfoData(MacroAssembler* masm, Register data,
-                                      Register sfi, Register scratch) {
-#ifdef V8_ENABLE_SANDBOX
-  DCHECK(!AreAliased(data, scratch));
-  DCHECK(!AreAliased(sfi, scratch));
-  // Use trusted_function_data if non-empy, otherwise the regular function_data.
-  Label use_tagged_field, done;
-  __ Ldr(scratch.W(),
-         FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
-
-  __ Cbz(scratch.W(), &use_tagged_field);
-  __ ResolveIndirectPointerHandle(data, scratch, kUnknownIndirectPointerTag);
-  __ B(&done);
-
-  __ Bind(&use_tagged_field);
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-
-  __ Bind(&done);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
-}
-
-#ifdef V8_ENABLE_WEBASSEMBLY
-// Equivalent of SharedFunctionInfo::wasm_resume_data()
-static void GetSharedFunctionInfoWasmResumeData(MacroAssembler* masm,
-                                                Register resume_data,
-                                                Register sfi) {
-  __ LoadTaggedField(
-      resume_data,
-      FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-}
-#endif  // V8_ENABLE_WEBASSEMBLY
-
 static void CheckSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
                                                       Register data,
                                                       Register scratch,
@@ -469,18 +432,11 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(
   Label done;
 
   Register data = bytecode;
-#ifdef V8_ENABLE_SANDBOX
-  // In this case, the bytecode array must be referenced via a trusted pointer.
-  // Loading it from the tagged function_data field would not be safe.
-  __ Ldr(scratch1.W(),
-         FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
+  __ LoadTrustedPointerField(
+      data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
 
-  __ Cbz(scratch1.W(), is_unavailable);
-  __ ResolveIndirectPointerHandle(data, scratch1, kUnknownIndirectPointerTag);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
   if (V8_JITLESS_BOOL) {
     __ IsObjectType(data, scratch1, scratch1, INTERPRETER_DATA_TYPE);
     __ B(ne, &done);
@@ -2011,7 +1967,9 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ Ldr(x1, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(
       x1, FieldMemOperand(x1, JSFunction::kSharedFunctionInfoOffset));
-  GetSharedFunctionInfoData(masm, x1, x1, x2);
+  __ LoadTrustedPointerField(
+      x1, FieldMemOperand(x1, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
   __ IsObjectType(x1, kInterpreterDispatchTableRegister,
                   kInterpreterDispatchTableRegister, INTERPRETER_DATA_TYPE);
   __ B(ne, &builtin_trampoline);
@@ -3726,7 +3684,7 @@ class RegisterAllocator {
 
 #define FREE_REG(Name) regs.Free(&Name);
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset));
@@ -3735,7 +3693,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   Label end;
   __ B(eq, &instance);
   __ LoadTaggedField(
-      ref, FieldMemOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset));
   __ jmp(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -3897,7 +3855,9 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
   // RecordWriteField calls later.
   DEFINE_PINNED(suspender, WriteBarrierDescriptor::ObjectRegister());
   DEFINE_REG(resume_data);
-  GetSharedFunctionInfoWasmResumeData(masm, resume_data, sfi);
+  __ LoadTaggedField(
+      resume_data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
   // The write barrier uses a fixed register for the host object (rdi). The next
   // barrier is on the suspender, so load it in rdi directly.
   __ LoadTaggedField(
@@ -4501,8 +4461,8 @@ void SwitchFromTheCentralStackIfNeeded(MacroAssembler* masm) {
 }  // namespace
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   // Use x17 which is not in kGpParamRegisters and allows to jump to a "bti c"
   // marker.
   Register call_target = x17;
@@ -4510,13 +4470,11 @@ void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
   temps.Exclude(call_target);
 #ifdef V8_ENABLE_SANDBOX
   __ LoadCodeEntrypointViaCodePointer(
-      call_target,
-      FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset),
+      call_target, FieldMemOperand(import_data, WasmImportData::kCodeOffset),
       kWasmEntrypointTag);
 #else
   Register code = call_target;
-  __ Ldr(code,
-         FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ Ldr(code, FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ Ldr(call_target, FieldMemOperand(code, Code::kInstructionStartOffset));
 #endif
   __ Jump(call_target);
@@ -5014,7 +4972,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch, scratch2));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
@@ -5374,7 +5332,10 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
     ResetSharedFunctionInfoAge(masm, code_obj);
   }
 
-  GetSharedFunctionInfoData(masm, code_obj, code_obj, x3);
+  __ LoadTrustedPointerField(
+      code_obj,
+      FieldMemOperand(code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/array-from-async.tq b/deps/v8/src/builtins/array-from-async.tq
index ca446f0715b9ee..a6b534d1028a1b 100644
--- a/deps/v8/src/builtins/array-from-async.tq
+++ b/deps/v8/src/builtins/array-from-async.tq
@@ -91,9 +91,17 @@ extern enum ArrayFromAsyncIterableResolveContextSlots extends intptr
   kArrayFromAsyncIterableResolveLength
 }
 
+extern macro AllocateRootFunctionWithContext(
+    constexpr intptr, FunctionContext): JSFunction;
+
+const kArrayFromAsyncIterableOnFulfilledSharedFun: constexpr intptr
+    generates 'RootIndex::kArrayFromAsyncIterableOnFulfilledSharedFun';
+const kArrayFromAsyncIterableOnRejectedSharedFun: constexpr intptr
+    generates 'RootIndex::kArrayFromAsyncIterableOnRejectedSharedFun';
+
 macro CreateArrayFromAsyncIterableResolveContext(
     implicit context: Context)(resumeState: ArrayFromAsyncIterableResumeState,
-    promise: JSPromise, promiseFun: JSReceiver, map: Map, iterator: JSReceiver,
+    promise: JSPromise, promiseFun: JSReceiver, iterator: JSReceiver,
     next: JSAny, arr: JSReceiver, error: JSAny, mapfn: JSAny, thisArg: JSAny,
     nativeContext: NativeContext): ArrayFromAsyncIterableResolveContext {
   const resolveContext = %RawDownCast<ArrayFromAsyncIterableResolveContext>(
@@ -130,16 +138,14 @@ macro CreateArrayFromAsyncIterableResolveContext(
       resolveContext,
       ArrayFromAsyncIterableResolveContextSlots::
           kArrayFromAsyncIterableResolveOnFulfilledFunctionSlot,
-      promise::AllocateFunctionWithMapAndContext(
-          map, ArrayFromAsyncIterableOnFulfilledSharedFunConstant(),
-          resolveContext));
+      AllocateRootFunctionWithContext(
+          kArrayFromAsyncIterableOnFulfilledSharedFun, resolveContext));
   InitContextSlot(
       resolveContext,
       ArrayFromAsyncIterableResolveContextSlots::
           kArrayFromAsyncIterableResolveOnRejectedFunctionSlot,
-      promise::AllocateFunctionWithMapAndContext(
-          map, ArrayFromAsyncIterableOnRejectedSharedFunConstant(),
-          resolveContext));
+      AllocateRootFunctionWithContext(
+          kArrayFromAsyncIterableOnRejectedSharedFun, resolveContext));
   InitContextSlot(
       resolveContext,
       ArrayFromAsyncIterableResolveContextSlots::
@@ -503,9 +509,14 @@ extern enum ArrayFromAsyncArrayLikeResolveContextSlots extends intptr
   kArrayFromAsyncArrayLikeResolveLength
 }
 
+const kArrayFromAsyncArrayLikeOnFulfilledSharedFun: constexpr intptr
+    generates 'RootIndex::kArrayFromAsyncArrayLikeOnFulfilledSharedFun';
+const kArrayFromAsyncArrayLikeOnRejectedSharedFun: constexpr intptr
+    generates 'RootIndex::kArrayFromAsyncArrayLikeOnRejectedSharedFun';
+
 macro CreateArrayFromAsyncArrayLikeResolveContext(
     implicit context: Context)(resumeState: ArrayFromAsyncArrayLikeResumeState,
-    promise: JSPromise, promiseFun: JSReceiver, map: Map, arrayLike: JSReceiver,
+    promise: JSPromise, promiseFun: JSReceiver, arrayLike: JSReceiver,
     arr: JSReceiver, error: JSAny, mapfn: JSAny, thisArg: JSAny,
     nativeContext: NativeContext): ArrayFromAsyncArrayLikeResolveContext {
   const resolveContext = %RawDownCast<ArrayFromAsyncArrayLikeResolveContext>(
@@ -547,16 +558,14 @@ macro CreateArrayFromAsyncArrayLikeResolveContext(
       resolveContext,
       ArrayFromAsyncArrayLikeResolveContextSlots::
           kArrayFromAsyncArrayLikeResolveOnFulfilledFunctionSlot,
-      promise::AllocateFunctionWithMapAndContext(
-          map, ArrayFromAsyncArrayLikeOnFulfilledSharedFunConstant(),
-          resolveContext));
+      AllocateRootFunctionWithContext(
+          kArrayFromAsyncArrayLikeOnFulfilledSharedFun, resolveContext));
   InitContextSlot(
       resolveContext,
       ArrayFromAsyncArrayLikeResolveContextSlots::
           kArrayFromAsyncArrayLikeResolveOnRejectedFunctionSlot,
-      promise::AllocateFunctionWithMapAndContext(
-          map, ArrayFromAsyncArrayLikeOnRejectedSharedFunConstant(),
-          resolveContext));
+      AllocateRootFunctionWithContext(
+          kArrayFromAsyncArrayLikeOnRejectedSharedFun, resolveContext));
   InitContextSlot(
       resolveContext,
       ArrayFromAsyncArrayLikeResolveContextSlots::
@@ -805,8 +814,6 @@ transitioning javascript builtin ArrayFromAsync(
 
   const promiseFun = *NativeContextSlot(
       context, ContextSlot::PROMISE_FUNCTION_INDEX);
-  const map = *NativeContextSlot(
-      context, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
 
   // 3. Let fromAsyncClosure be a new Abstract Closure with no parameters that
   // captures C, mapfn, and thisArg and performs the following steps when
@@ -876,7 +883,7 @@ transitioning javascript builtin ArrayFromAsync(
 
       const arrayLikeResolveContext =
           CreateArrayFromAsyncArrayLikeResolveContext(
-              resumeState, promise, promiseFun, map, arrayLike, arr, Undefined,
+              resumeState, promise, promiseFun, arrayLike, arr, Undefined,
               mapfn, thisArg, context);
 
       CreateArrayFromArrayLikeAsynchronously(arrayLikeResolveContext);
@@ -929,7 +936,7 @@ transitioning javascript builtin ArrayFromAsync(
     };
 
     const iterableResolveContext = CreateArrayFromAsyncIterableResolveContext(
-        iterableResumeState, promise, promiseFun, map, iteratorRecord.object,
+        iterableResumeState, promise, promiseFun, iteratorRecord.object,
         iteratorRecord.next, arr, Undefined, mapfn, thisArg, context);
 
     CreateArrayFromIterableAsynchronously(iterableResolveContext);
diff --git a/deps/v8/src/builtins/base.tq b/deps/v8/src/builtins/base.tq
index 237df017a99e9c..917010506775f6 100644
--- a/deps/v8/src/builtins/base.tq
+++ b/deps/v8/src/builtins/base.tq
@@ -243,12 +243,10 @@ type ExternalPointer
     generates 'TNode<ExternalPointerT>' constexpr 'ExternalPointer_t';
 type CppHeapPointer
     generates 'TNode<CppHeapPointerT>' constexpr 'CppHeapPointer_t';
-type IndirectPointer
-    generates 'TNode<IndirectPointerHandleT>'
-    constexpr 'IndirectPointerHandle';
-// TODO(saelo): implement accessors and type checkers for these fields.
-type IndirectPointer<To : type extends ExposedTrustedObject> extends
-    IndirectPointer;
+type TrustedPointer
+    generates 'TNode<TrustedPointerT>' constexpr 'TrustedPointer_t';
+type TrustedPointer<To : type extends ExposedTrustedObject> extends
+    TrustedPointer;
 type ProtectedPointer extends Tagged;
 type ProtectedPointer<To : type extends TrustedObject> extends ProtectedPointer;
 extern class InstructionStream extends TrustedObject;
diff --git a/deps/v8/src/builtins/builtins-abstract-module-source.cc b/deps/v8/src/builtins/builtins-abstract-module-source.cc
new file mode 100644
index 00000000000000..80fea7de01415e
--- /dev/null
+++ b/deps/v8/src/builtins/builtins-abstract-module-source.cc
@@ -0,0 +1,40 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/builtins/builtins-utils-inl.h"
+#include "src/objects/objects-inl.h"
+
+namespace v8 {
+namespace internal {
+
+// https://tc39.es/proposal-source-phase-imports/#sec-get-%abstractmodulesource%.prototype.@@tostringtag
+BUILTIN(AbstractModuleSourceToStringTag) {
+  HandleScope scope(isolate);
+  // 1. Let O be the this value.
+  Handle<Object> receiver = args.receiver();
+
+  // 2. If O is not an Object, return undefined.
+  if (!IsJSReceiver(*receiver)) {
+    return *isolate->factory()->undefined_value();
+  }
+  // 3. Let sourceNameResult be Completion(HostGetModuleSourceName(O)).
+  // 4. If sourceNameResult is an abrupt completion, return undefined.
+  // 5. Let name be ! sourceNameResult.
+  // 6. Assert: name is a String.
+  // 7. Return name.
+
+#if V8_ENABLE_WEBASSEMBLY
+  // https://webassembly.github.io/esm-integration/js-api/index.html#hostgetmodulesourcename
+  // Whenever a WebAssembly Module object is provided with a [[Module]] internal
+  // slot, the string "WebAssembly.Module" is always returned.
+  if (IsWasmModuleObject(*receiver)) {
+    return *isolate->factory()->WebAssemblyModule_string();
+  }
+#endif
+  // TODO(42204365): Implement host hook.
+  return *isolate->factory()->undefined_value();
+}
+
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/builtins/builtins-api.cc b/deps/v8/src/builtins/builtins-api.cc
index 2a8dc74d4519e4..da1af4da8d4b5b 100644
--- a/deps/v8/src/builtins/builtins-api.cc
+++ b/deps/v8/src/builtins/builtins-api.cc
@@ -57,7 +57,7 @@ Tagged<JSReceiver> GetCompatibleReceiver(Isolate* isolate,
 template <bool is_construct>
 V8_WARN_UNUSED_RESULT MaybeHandle<Object> HandleApiCallHelper(
     Isolate* isolate, Handle<HeapObject> new_target,
-    Handle<FunctionTemplateInfo> fun_data, Handle<Object> receiver,
+    DirectHandle<FunctionTemplateInfo> fun_data, Handle<Object> receiver,
     Address* argv, int argc) {
   Handle<JSReceiver> js_receiver;
   Tagged<JSReceiver> raw_holder;
@@ -132,7 +132,7 @@ BUILTIN(HandleApiConstruct) {
   Handle<Object> receiver = args.receiver();
   Handle<HeapObject> new_target = args.new_target();
   DCHECK(!IsUndefined(*new_target, isolate));
-  Handle<FunctionTemplateInfo> fun_data(
+  DirectHandle<FunctionTemplateInfo> fun_data(
       args.target()->shared()->api_func_data(), isolate);
   int argc = args.length() - 1;
   Address* argv = args.address_of_first_argument();
diff --git a/deps/v8/src/builtins/builtins-array-gen.cc b/deps/v8/src/builtins/builtins-array-gen.cc
index 90808d8f54ecf6..d18bfe09778185 100644
--- a/deps/v8/src/builtins/builtins-array-gen.cc
+++ b/deps/v8/src/builtins/builtins-array-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-array-gen.h"
 
+#include <optional>
+
 #include "src/builtins/builtins-constructor-gen.h"
 #include "src/builtins/builtins-constructor.h"
 #include "src/builtins/builtins-iterator-gen.h"
@@ -462,7 +464,7 @@ TF_BUILTIN(ArrayPrototypePush, CodeStubAssembler) {
   BIND(&default_label);
   {
     args.ForEach(
-        [=](TNode<Object> arg) {
+        [=, this](TNode<Object> arg) {
           TNode<Number> length = LoadJSArrayLength(array_receiver);
           SetPropertyStrict(context, array_receiver, length, arg);
         },
@@ -520,7 +522,7 @@ TF_BUILTIN(CloneFastJSArrayFillingHoles, ArrayBuiltinsAssembler) {
                           LoadElementsKind(array))),
                       Word32BinaryNot(IsNoElementsProtectorCellInvalid())));
 
-  Return(CloneFastJSArray(context, array, base::nullopt,
+  Return(CloneFastJSArray(context, array, std::nullopt,
                           HoleConversionMode::kConvertToUndefined));
 }
 
@@ -1600,7 +1602,7 @@ void ArrayBuiltinsAssembler::TailCallArrayConstructorStub(
 void ArrayBuiltinsAssembler::CreateArrayDispatchNoArgument(
     TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
     AllocationSiteOverrideMode mode,
-    base::Optional<TNode<AllocationSite>> allocation_site) {
+    std::optional<TNode<AllocationSite>> allocation_site) {
   if (mode == DISABLE_ALLOCATION_SITES) {
     Callable callable = CodeFactory::ArrayNoArgumentConstructor(
         isolate(), GetInitialFastElementsKind(), mode);
@@ -1638,7 +1640,7 @@ void ArrayBuiltinsAssembler::CreateArrayDispatchNoArgument(
 void ArrayBuiltinsAssembler::CreateArrayDispatchSingleArgument(
     TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
     AllocationSiteOverrideMode mode,
-    base::Optional<TNode<AllocationSite>> allocation_site) {
+    std::optional<TNode<AllocationSite>> allocation_site) {
   if (mode == DISABLE_ALLOCATION_SITES) {
     ElementsKind initial = GetInitialFastElementsKind();
     ElementsKind holey_initial = GetHoleyElementsKind(initial);
@@ -1708,7 +1710,7 @@ void ArrayBuiltinsAssembler::CreateArrayDispatchSingleArgument(
 void ArrayBuiltinsAssembler::GenerateDispatchToArrayStub(
     TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
     AllocationSiteOverrideMode mode,
-    base::Optional<TNode<AllocationSite>> allocation_site) {
+    std::optional<TNode<AllocationSite>> allocation_site) {
   CodeStubArguments args(this, argc);
   Label check_one_case(this), fallthrough(this);
   GotoIfNot(IntPtrEqual(args.GetLengthWithoutReceiver(), IntPtrConstant(0)),
@@ -1799,7 +1801,7 @@ void ArrayBuiltinsAssembler::GenerateConstructor(
       TNode<JSArray> array = AllocateJSArray(
           elements_kind, array_map, array_size_smi, array_size_smi,
           mode == DONT_TRACK_ALLOCATION_SITE
-              ? base::Optional<TNode<AllocationSite>>(base::nullopt)
+              ? std::optional<TNode<AllocationSite>>(std::nullopt)
               : CAST(allocation_site));
       Return(array);
     }
@@ -1819,10 +1821,10 @@ void ArrayBuiltinsAssembler::GenerateArrayNoArgumentConstructor(
       Parameter<HeapObject>(Descriptor::kFunction), JSFunction::kContextOffset);
   bool track_allocation_site =
       AllocationSite::ShouldTrack(kind) && mode != DISABLE_ALLOCATION_SITES;
-  base::Optional<TNode<AllocationSite>> allocation_site =
+  std::optional<TNode<AllocationSite>> allocation_site =
       track_allocation_site
           ? Parameter<AllocationSite>(Descriptor::kAllocationSite)
-          : base::Optional<TNode<AllocationSite>>(base::nullopt);
+          : std::optional<TNode<AllocationSite>>(std::nullopt);
   TNode<Map> array_map = LoadJSArrayElementsMap(kind, native_context);
   TNode<JSArray> array = AllocateJSArray(
       kind, array_map, IntPtrConstant(JSArray::kPreallocatedArrayElements),
diff --git a/deps/v8/src/builtins/builtins-array-gen.h b/deps/v8/src/builtins/builtins-array-gen.h
index 6706d7951168e4..8f2381787e87ab 100644
--- a/deps/v8/src/builtins/builtins-array-gen.h
+++ b/deps/v8/src/builtins/builtins-array-gen.h
@@ -5,6 +5,8 @@
 #ifndef V8_BUILTINS_BUILTINS_ARRAY_GEN_H_
 #define V8_BUILTINS_BUILTINS_ARRAY_GEN_H_
 
+#include <optional>
+
 #include "src/codegen/code-factory.h"  // for enum AllocationSiteOverrideMode
 #include "src/codegen/code-stub-assembler.h"
 
@@ -76,17 +78,17 @@ class ArrayBuiltinsAssembler : public CodeStubAssembler {
   void GenerateDispatchToArrayStub(
       TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
       AllocationSiteOverrideMode mode,
-      base::Optional<TNode<AllocationSite>> allocation_site = base::nullopt);
+      std::optional<TNode<AllocationSite>> allocation_site = std::nullopt);
 
   void CreateArrayDispatchNoArgument(
       TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
       AllocationSiteOverrideMode mode,
-      base::Optional<TNode<AllocationSite>> allocation_site);
+      std::optional<TNode<AllocationSite>> allocation_site);
 
   void CreateArrayDispatchSingleArgument(
       TNode<Context> context, TNode<JSFunction> target, TNode<Int32T> argc,
       AllocationSiteOverrideMode mode,
-      base::Optional<TNode<AllocationSite>> allocation_site);
+      std::optional<TNode<AllocationSite>> allocation_site);
 
   void GenerateConstructor(TNode<Context> context,
                            TNode<HeapObject> array_function,
diff --git a/deps/v8/src/builtins/builtins-array.cc b/deps/v8/src/builtins/builtins-array.cc
index ea45a7ada6bce4..d7f19f2ad994f8 100644
--- a/deps/v8/src/builtins/builtins-array.cc
+++ b/deps/v8/src/builtins/builtins-array.cc
@@ -1443,7 +1443,7 @@ Tagged<Object> Slow_ArrayConcat(BuiltinArguments* args, Handle<Object> species,
     // In case of failure, fall through.
   }
 
-  Handle<HeapObject> storage;
+  DirectHandle<HeapObject> storage;
   if (fast_case) {
     // The backing storage array must have non-existing elements to preserve
     // holes across concat operations.
diff --git a/deps/v8/src/builtins/builtins-async-disposable-stack.cc b/deps/v8/src/builtins/builtins-async-disposable-stack.cc
index beebf15020dd75..daabc511135504 100644
--- a/deps/v8/src/builtins/builtins-async-disposable-stack.cc
+++ b/deps/v8/src/builtins/builtins-async-disposable-stack.cc
@@ -13,26 +13,6 @@
 namespace v8 {
 namespace internal {
 
-BUILTIN(AsyncDisposableStackOnFulfilled) {
-  HandleScope scope(isolate);
-
-  Handle<JSDisposableStackBase> stack = Handle<JSDisposableStackBase>(
-      Cast<JSDisposableStackBase>(isolate->context()->get(static_cast<int>(
-          JSDisposableStackBase::AsyncDisposableStackContextSlots::kStack))),
-      isolate);
-  MaybeHandle<Object> maybe_error = MaybeHandle<Object>(
-      Cast<Object>(isolate->context()->get(static_cast<int>(
-          JSDisposableStackBase::AsyncDisposableStackContextSlots::kError))),
-      isolate);
-
-  JSDisposableStackBase::DisposeResources(
-      isolate, stack, maybe_error,
-      DisposableStackResourcesType::kAtLeastOneAsync);
-  return ReadOnlyRoots(isolate).undefined_value();
-}
-
-BUILTIN(AsyncDisposableStackOnRejected) { UNIMPLEMENTED(); }
-
 // Part of
 // https://tc39.es/proposal-explicit-resource-management/#sec-getdisposemethod
 BUILTIN(AsyncDisposeFromSyncDispose) {
diff --git a/deps/v8/src/builtins/builtins-async-gen.cc b/deps/v8/src/builtins/builtins-async-gen.cc
index bb96baba51b11e..9b4daad85629ae 100644
--- a/deps/v8/src/builtins/builtins-async-gen.cc
+++ b/deps/v8/src/builtins/builtins-async-gen.cc
@@ -159,7 +159,8 @@ void AsyncBuiltinsAssembler::InitializeNativeClosure(
              IntPtrEqual(LoadMapInstanceSizeInWords(function_map),
                          IntPtrConstant(JSFunction::kSizeWithoutPrototype /
                                         kTaggedSize)));
-  static_assert(JSFunction::kSizeWithoutPrototype == 7 * kTaggedSize);
+  static_assert(JSFunction::kSizeWithoutPrototype ==
+                (7 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   StoreMapNoWriteBarrier(function, function_map);
   StoreObjectFieldRoot(function, JSObject::kPropertiesOrHashOffset,
                        RootIndex::kEmptyFixedArray);
@@ -167,6 +168,11 @@ void AsyncBuiltinsAssembler::InitializeNativeClosure(
                        RootIndex::kEmptyFixedArray);
   StoreObjectFieldRoot(function, JSFunction::kFeedbackCellOffset,
                        RootIndex::kManyClosuresCell);
+#ifdef V8_ENABLE_LEAPTIERING
+  // TODO(saelo): obtain an appropriate dispatch handle here.
+  StoreObjectFieldNoWriteBarrier(function, JSFunction::kDispatchHandleOffset,
+                                 Int32Constant(kNullJSDispatchHandle));
+#endif  // V8_ENABLE_LEAPTIERING
 
   StoreObjectFieldNoWriteBarrier(
       function, JSFunction::kSharedFunctionInfoOffset, shared_info);
@@ -184,14 +190,10 @@ void AsyncBuiltinsAssembler::InitializeNativeClosure(
 
 TNode<JSFunction> AsyncBuiltinsAssembler::CreateUnwrapClosure(
     TNode<NativeContext> native_context, TNode<Boolean> done) {
-  const TNode<Map> map = CAST(LoadContextElement(
-      native_context, Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX));
-  const TNode<SharedFunctionInfo> on_fulfilled_shared =
-      AsyncIteratorValueUnwrapSharedFunConstant();
   const TNode<Context> closure_context =
       AllocateAsyncIteratorValueUnwrapContext(native_context, done);
-  return AllocateFunctionWithMapAndContext(map, on_fulfilled_shared,
-                                           closure_context);
+  return AllocateRootFunctionWithContext(
+      RootIndex::kAsyncIteratorValueUnwrapSharedFun, closure_context);
 }
 
 TNode<Context> AsyncBuiltinsAssembler::AllocateAsyncIteratorValueUnwrapContext(
diff --git a/deps/v8/src/builtins/builtins-async-iterator-gen.cc b/deps/v8/src/builtins/builtins-async-iterator-gen.cc
index c5c097a8f44cd2..cd5a3460f5f8fd 100644
--- a/deps/v8/src/builtins/builtins-async-iterator-gen.cc
+++ b/deps/v8/src/builtins/builtins-async-iterator-gen.cc
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/builtins/builtins-async-gen.h"
 #include "src/builtins/builtins-utils-gen.h"
 #include "src/builtins/builtins.h"
@@ -35,7 +36,7 @@ class AsyncFromSyncBuiltinsAssembler : public AsyncBuiltinsAssembler {
       const UndefinedMethodHandler& if_method_undefined,
       const char* operation_name, CloseOnRejectionOption close_on_rejection,
       Label::Type reject_label_type = Label::kDeferred,
-      base::Optional<TNode<Object>> initial_exception_value = base::nullopt);
+      std::optional<TNode<Object>> initial_exception_value = std::nullopt);
 
   void Generate_AsyncFromSyncIteratorMethod(
       CodeStubArguments* args, const TNode<Context> context,
@@ -43,8 +44,8 @@ class AsyncFromSyncBuiltinsAssembler : public AsyncBuiltinsAssembler {
       Handle<String> name, const UndefinedMethodHandler& if_method_undefined,
       const char* operation_name, CloseOnRejectionOption close_on_rejection,
       Label::Type reject_label_type = Label::kDeferred,
-      base::Optional<TNode<Object>> initial_exception_value = base::nullopt) {
-    auto get_method = [=](const TNode<JSReceiver> sync_iterator) {
+      std::optional<TNode<Object>> initial_exception_value = std::nullopt) {
+    auto get_method = [=, this](const TNode<JSReceiver> sync_iterator) {
       return GetProperty(context, sync_iterator, name);
     };
     return Generate_AsyncFromSyncIteratorMethod(
@@ -89,7 +90,7 @@ void AsyncFromSyncBuiltinsAssembler::Generate_AsyncFromSyncIteratorMethod(
     const UndefinedMethodHandler& if_method_undefined,
     const char* operation_name, CloseOnRejectionOption close_on_rejection,
     Label::Type reject_label_type,
-    base::Optional<TNode<Object>> initial_exception_value) {
+    std::optional<TNode<Object>> initial_exception_value) {
   const TNode<NativeContext> native_context = LoadNativeContext(context);
   const TNode<JSPromise> promise = NewJSPromise(context);
 
@@ -174,8 +175,8 @@ void AsyncFromSyncBuiltinsAssembler::Generate_AsyncFromSyncIteratorMethod(
   TNode<Object> on_rejected;
   if (close_on_rejection == kCloseOnRejection) {
     on_rejected = Select<Object>(
-        IsTrue(done), [=] { return UndefinedConstant(); },
-        [=] {
+        IsTrue(done), [=, this] { return UndefinedConstant(); },
+        [=, this] {
           return CreateAsyncFromSyncIteratorCloseSyncAndRethrowClosure(
               native_context, sync_iterator);
         });
@@ -296,15 +297,12 @@ AsyncFromSyncBuiltinsAssembler::LoadIteratorResult(
 TNode<JSFunction> AsyncFromSyncBuiltinsAssembler::
     CreateAsyncFromSyncIteratorCloseSyncAndRethrowClosure(
         TNode<NativeContext> native_context, TNode<JSReceiver> sync_iterator) {
-  const TNode<Map> map = CAST(LoadContextElement(
-      native_context, Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX));
-  const TNode<SharedFunctionInfo> on_rejected_shared =
-      AsyncFromSyncIteratorCloseSyncAndRethrowSharedFunConstant();
   const TNode<Context> closure_context =
       AllocateAsyncFromSyncIteratorCloseSyncAndRethrowContext(native_context,
                                                               sync_iterator);
-  return AllocateFunctionWithMapAndContext(map, on_rejected_shared,
-                                           closure_context);
+  return AllocateRootFunctionWithContext(
+      RootIndex::kAsyncFromSyncIteratorCloseSyncAndRethrowSharedFun,
+      closure_context);
 }
 
 TNode<Context> AsyncFromSyncBuiltinsAssembler::
@@ -330,7 +328,7 @@ TF_BUILTIN(AsyncFromSyncIteratorPrototypeNext, AsyncFromSyncBuiltinsAssembler) {
   const TNode<Object> value = args.GetOptionalArgumentValue(kValueOrReasonArg);
   const auto context = Parameter<Context>(Descriptor::kContext);
 
-  auto get_method = [=](const TNode<JSReceiver> unused) {
+  auto get_method = [=, this](const TNode<JSReceiver> unused) {
     return LoadObjectField(CAST(iterator),
                            JSAsyncFromSyncIterator::kNextOffset);
   };
@@ -350,7 +348,7 @@ TF_BUILTIN(AsyncFromSyncIteratorPrototypeReturn,
   const TNode<Object> value = args.GetOptionalArgumentValue(kValueOrReasonArg);
   const auto context = Parameter<Context>(Descriptor::kContext);
 
-  auto if_return_undefined = [=, &args](
+  auto if_return_undefined = [=, this, &args](
                                  const TNode<NativeContext> native_context,
                                  const TNode<JSPromise> promise,
                                  const TNode<JSReceiver> sync_iterator,
@@ -386,9 +384,10 @@ TF_BUILTIN(AsyncFromSyncIteratorPrototypeThrow,
 
   // 8. If throw is undefined, then
   auto if_throw_undefined =
-      [=, &args](const TNode<NativeContext> native_context,
-                 const TNode<JSPromise> promise,
-                 const TNode<JSReceiver> sync_iterator, Label* if_exception) {
+      [=, this, &args](const TNode<NativeContext> native_context,
+                       const TNode<JSPromise> promise,
+                       const TNode<JSReceiver> sync_iterator,
+                       Label* if_exception) {
         // a. NOTE: If syncIterator does not have a `throw` method, close it to
         //    give it a chance to clean up before we reject the capability.
         // b. Let closeCompletion be NormalCompletion(~empty~).
diff --git a/deps/v8/src/builtins/builtins-atomics-synchronization.cc b/deps/v8/src/builtins/builtins-atomics-synchronization.cc
index 5ad17e8cba4e24..7abb3941e0b5fe 100644
--- a/deps/v8/src/builtins/builtins-atomics-synchronization.cc
+++ b/deps/v8/src/builtins/builtins-atomics-synchronization.cc
@@ -230,7 +230,7 @@ BUILTIN(AtomicsMutexAsyncUnlockResolveHandler) {
   DCHECK(v8_flags.harmony_struct);
   HandleScope scope(isolate);
 
-  Handle<Object> previous_result = args.atOrUndefined(isolate, 1);
+  DirectHandle<Object> previous_result = args.atOrUndefined(isolate, 1);
   Handle<JSPromise> js_unlock_promise =
       UnlockAsyncLockedMutexFromPromiseHandler(isolate);
 
diff --git a/deps/v8/src/builtins/builtins-call-gen.cc b/deps/v8/src/builtins/builtins-call-gen.cc
index aab14f9419565c..f85434d7309ea1 100644
--- a/deps/v8/src/builtins/builtins-call-gen.cc
+++ b/deps/v8/src/builtins/builtins-call-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-call-gen.h"
 
+#include <optional>
+
 #include "src/builtins/builtins-inl.h"
 #include "src/builtins/builtins-utils-gen.h"
 #include "src/codegen/macro-assembler.h"
@@ -159,7 +161,7 @@ TF_BUILTIN(Call_ReceiverIsAny_WithFeedback, CallOrConstructBuiltinsAssembler) {
 }
 
 void CallOrConstructBuiltinsAssembler::CallOrConstructWithArrayLike(
-    TNode<Object> target, base::Optional<TNode<Object>> new_target,
+    TNode<Object> target, std::optional<TNode<Object>> new_target,
     TNode<Object> arguments_list, TNode<Context> context) {
   Label if_done(this), if_arguments(this), if_array(this),
       if_holey_array(this, Label::kDeferred),
@@ -334,7 +336,7 @@ void CallOrConstructBuiltinsAssembler::CallOrConstructWithArrayLike(
 // boxed as HeapNumbers, then tail calls CallVarargs/ConstructVarargs depending
 // on whether {new_target} was passed.
 void CallOrConstructBuiltinsAssembler::CallOrConstructDoubleVarargs(
-    TNode<Object> target, base::Optional<TNode<Object>> new_target,
+    TNode<Object> target, std::optional<TNode<Object>> new_target,
     TNode<FixedDoubleArray> elements, TNode<Int32T> length,
     TNode<Int32T> args_count, TNode<Context> context, TNode<Int32T> kind) {
   const ElementsKind new_kind = PACKED_ELEMENTS;
@@ -362,7 +364,7 @@ void CallOrConstructBuiltinsAssembler::CallOrConstructDoubleVarargs(
 }
 
 void CallOrConstructBuiltinsAssembler::CallOrConstructWithSpread(
-    TNode<Object> target, base::Optional<TNode<Object>> new_target,
+    TNode<Object> target, std::optional<TNode<Object>> new_target,
     TNode<Object> spread, TNode<Int32T> args_count, TNode<Context> context) {
   Label if_smiorobject(this), if_double(this),
       if_generic(this, Label::kDeferred);
@@ -475,7 +477,7 @@ void CallOrConstructBuiltinsAssembler::CallOrConstructWithSpread(
 
 template <class Descriptor>
 void CallOrConstructBuiltinsAssembler::CallReceiver(
-    Builtin id, base::Optional<TNode<Object>> receiver) {
+    Builtin id, std::optional<TNode<Object>> receiver) {
   static_assert(std::is_same<Descriptor,
                              CallTrampoline_Baseline_CompactDescriptor>::value,
                 "Incompatible Descriptor");
@@ -493,11 +495,11 @@ void CallOrConstructBuiltinsAssembler::CallReceiver(
 template <class Descriptor>
 void CallOrConstructBuiltinsAssembler::CallReceiver(
     Builtin id, TNode<Int32T> argc, TNode<UintPtrT> slot,
-    base::Optional<TNode<Object>> maybe_receiver) {
+    std::optional<TNode<Object>> maybe_receiver) {
   auto target = Parameter<Object>(Descriptor::kFunction);
   auto context = LoadContextFromBaseline();
   auto feedback_vector = LoadFeedbackVectorFromBaseline();
-  LazyNode<Object> receiver = [=] {
+  LazyNode<Object> receiver = [=, this] {
     if (maybe_receiver) {
       return *maybe_receiver;
     } else {
@@ -512,7 +514,7 @@ void CallOrConstructBuiltinsAssembler::CallReceiver(
 
 TF_BUILTIN(CallWithArrayLike, CallOrConstructBuiltinsAssembler) {
   auto target = Parameter<Object>(Descriptor::kTarget);
-  base::Optional<TNode<Object>> new_target = base::nullopt;
+  std::optional<TNode<Object>> new_target = std::nullopt;
   auto arguments_list = Parameter<Object>(Descriptor::kArgumentsList);
   auto context = Parameter<Context>(Descriptor::kContext);
   CallOrConstructWithArrayLike(target, new_target, arguments_list, context);
@@ -521,7 +523,7 @@ TF_BUILTIN(CallWithArrayLike, CallOrConstructBuiltinsAssembler) {
 // TODO(ishell): not used, consider removing.
 TF_BUILTIN(CallWithArrayLike_WithFeedback, CallOrConstructBuiltinsAssembler) {
   auto target = Parameter<Object>(Descriptor::kTarget);
-  base::Optional<TNode<Object>> new_target = base::nullopt;
+  std::optional<TNode<Object>> new_target = std::nullopt;
   auto arguments_list = Parameter<Object>(Descriptor::kArgumentsList);
   auto context = Parameter<Context>(Descriptor::kContext);
   auto feedback_vector = Parameter<FeedbackVector>(Descriptor::kFeedbackVector);
@@ -534,7 +536,7 @@ TF_BUILTIN(CallWithArrayLike_WithFeedback, CallOrConstructBuiltinsAssembler) {
 
 TF_BUILTIN(CallWithSpread, CallOrConstructBuiltinsAssembler) {
   auto target = Parameter<Object>(Descriptor::kTarget);
-  base::Optional<TNode<Object>> new_target = base::nullopt;
+  std::optional<TNode<Object>> new_target = std::nullopt;
   auto spread = Parameter<Object>(Descriptor::kSpread);
   auto args_count = UncheckedParameter<Int32T>(Descriptor::kArgumentsCount);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -543,7 +545,7 @@ TF_BUILTIN(CallWithSpread, CallOrConstructBuiltinsAssembler) {
 
 TF_BUILTIN(CallWithSpread_Baseline, CallOrConstructBuiltinsAssembler) {
   auto target = Parameter<Object>(Descriptor::kTarget);
-  base::Optional<TNode<Object>> new_target = base::nullopt;
+  std::optional<TNode<Object>> new_target = std::nullopt;
   auto spread = Parameter<Object>(Descriptor::kSpread);
   auto args_count = UncheckedParameter<Int32T>(Descriptor::kArgumentsCount);
   auto context = LoadContextFromBaseline();
@@ -558,7 +560,7 @@ TF_BUILTIN(CallWithSpread_Baseline, CallOrConstructBuiltinsAssembler) {
 
 TF_BUILTIN(CallWithSpread_WithFeedback, CallOrConstructBuiltinsAssembler) {
   auto target = Parameter<Object>(Descriptor::kTarget);
-  base::Optional<TNode<Object>> new_target = base::nullopt;
+  std::optional<TNode<Object>> new_target = std::nullopt;
   auto spread = Parameter<Object>(Descriptor::kSpread);
   auto args_count = UncheckedParameter<Int32T>(Descriptor::kArgumentsCount);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -638,7 +640,7 @@ TNode<JSReceiver> CallOrConstructBuiltinsAssembler::GetCompatibleReceiver(
           LoadObjectField<SharedFunctionInfo>(
               var_template.value(), JSFunction::kSharedFunctionInfoOffset);
       TNode<Object> template_data =
-          LoadSharedFunctionInfoFunctionData(template_shared);
+          LoadSharedFunctionInfoUntrustedFunctionData(template_shared);
       GotoIf(TaggedIsSmi(template_data), &holder_next);
       var_template = CAST(template_data);
       Goto(&template_loop);
@@ -880,7 +882,7 @@ TF_BUILTIN(HandleApiCallOrConstruct, CallOrConstructBuiltinsAssembler) {
     TNode<SharedFunctionInfo> shared =
         LoadJSFunctionSharedFunctionInfo(CAST(target));
     TNode<FunctionTemplateInfo> function_template_info =
-        CAST(LoadSharedFunctionInfoFunctionData(shared));
+        CAST(LoadSharedFunctionInfoUntrustedFunctionData(shared));
 
     // The topmost script-having context is not guaranteed to be equal to
     // current context at this point. For example, if target function was
diff --git a/deps/v8/src/builtins/builtins-call-gen.h b/deps/v8/src/builtins/builtins-call-gen.h
index 97f1542d9f3b1e..c4e5a0f8bbbe1f 100644
--- a/deps/v8/src/builtins/builtins-call-gen.h
+++ b/deps/v8/src/builtins/builtins-call-gen.h
@@ -5,6 +5,8 @@
 #ifndef V8_BUILTINS_BUILTINS_CALL_GEN_H_
 #define V8_BUILTINS_BUILTINS_CALL_GEN_H_
 
+#include <optional>
+
 #include "src/codegen/code-stub-assembler.h"
 
 namespace v8 {
@@ -16,25 +18,25 @@ class CallOrConstructBuiltinsAssembler : public CodeStubAssembler {
       : CodeStubAssembler(state) {}
 
   void CallOrConstructWithArrayLike(TNode<Object> target,
-                                    base::Optional<TNode<Object>> new_target,
+                                    std::optional<TNode<Object>> new_target,
                                     TNode<Object> arguments_list,
                                     TNode<Context> context);
   void CallOrConstructDoubleVarargs(TNode<Object> target,
-                                    base::Optional<TNode<Object>> new_target,
+                                    std::optional<TNode<Object>> new_target,
                                     TNode<FixedDoubleArray> elements,
                                     TNode<Int32T> length,
                                     TNode<Int32T> args_count,
                                     TNode<Context> context, TNode<Int32T> kind);
   void CallOrConstructWithSpread(TNode<Object> target,
-                                 base::Optional<TNode<Object>> new_target,
+                                 std::optional<TNode<Object>> new_target,
                                  TNode<Object> spread, TNode<Int32T> args_count,
                                  TNode<Context> context);
 
   template <class Descriptor>
-  void CallReceiver(Builtin id, base::Optional<TNode<Object>> = base::nullopt);
+  void CallReceiver(Builtin id, std::optional<TNode<Object>> = std::nullopt);
   template <class Descriptor>
   void CallReceiver(Builtin id, TNode<Int32T> argc, TNode<UintPtrT> slot,
-                    base::Optional<TNode<Object>> = base::nullopt);
+                    std::optional<TNode<Object>> = std::nullopt);
 
   enum class CallFunctionTemplateMode : uint8_t {
     // This version is for using from IC system and generic builtins like
diff --git a/deps/v8/src/builtins/builtins-collections-gen.cc b/deps/v8/src/builtins/builtins-collections-gen.cc
index 52fd4162cff586..8bf9f8031daa33 100644
--- a/deps/v8/src/builtins/builtins-collections-gen.cc
+++ b/deps/v8/src/builtins/builtins-collections-gen.cc
@@ -347,8 +347,8 @@ TNode<JSObject> BaseCollectionsAssembler::AllocateJSCollection(
 
   return Select<JSObject>(
       is_target_unmodified,
-      [=] { return AllocateJSCollectionFast(constructor); },
-      [=] {
+      [=, this] { return AllocateJSCollectionFast(constructor); },
+      [=, this] {
         return AllocateJSCollectionSlow(context, constructor, new_target);
       });
 }
@@ -531,8 +531,9 @@ TNode<BoolT> BaseCollectionsAssembler::HasInitialCollectionPrototype(
 TNode<Object> BaseCollectionsAssembler::LoadAndNormalizeFixedArrayElement(
     TNode<FixedArray> elements, TNode<IntPtrT> index) {
   TNode<Object> element = UnsafeLoadFixedArrayElement(elements, index);
-  return Select<Object>(IsTheHole(element), [=] { return UndefinedConstant(); },
-                        [=] { return element; });
+  return Select<Object>(
+      IsTheHole(element), [=, this] { return UndefinedConstant(); },
+      [=] { return element; });
 }
 
 TNode<Object> BaseCollectionsAssembler::LoadAndNormalizeFixedDoubleArrayElement(
diff --git a/deps/v8/src/builtins/builtins-console.cc b/deps/v8/src/builtins/builtins-console.cc
index 7ad7ba0376601a..9db81d4f64cd8d 100644
--- a/deps/v8/src/builtins/builtins-console.cc
+++ b/deps/v8/src/builtins/builtins-console.cc
@@ -159,7 +159,7 @@ void ConsoleCall(
   int context_id = 0;
   Handle<String> context_name = isolate->factory()->anonymous_string();
   if (!IsNativeContext(args.target()->context())) {
-    Handle<Context> context(args.target()->context(), isolate);
+    DirectHandle<Context> context(args.target()->context(), isolate);
     CHECK_EQ(CONSOLE_CONTEXT_SLOTS, context->length());
     context_id = Cast<Smi>(context->get(CONSOLE_CONTEXT_ID_INDEX)).value();
     context_name =
@@ -248,14 +248,13 @@ void InstallContextFunction(Isolate* isolate, Handle<JSObject> target,
   Handle<SharedFunctionInfo> info =
       factory->NewSharedFunctionInfoForBuiltin(name_string, builtin);
   info->set_language_mode(LanguageMode::kSloppy);
+  info->set_native(true);
+  info->DontAdaptArguments();
+  info->set_length(1);
 
-  Handle<JSFunction> fun =
+  DirectHandle<JSFunction> fun =
       Factory::JSFunctionBuilder{isolate, info, context}.set_map(map).Build();
 
-  fun->shared()->set_native(true);
-  fun->shared()->DontAdaptArguments();
-  fun->shared()->set_length(1);
-
   JSObject::AddProperty(isolate, target, name_string, fun, NONE);
 }
 
diff --git a/deps/v8/src/builtins/builtins-constructor-gen.cc b/deps/v8/src/builtins/builtins-constructor-gen.cc
index 1910b9997961c0..8fef432d6f11f0 100644
--- a/deps/v8/src/builtins/builtins-constructor-gen.cc
+++ b/deps/v8/src/builtins/builtins-constructor-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-constructor-gen.h"
 
+#include <optional>
+
 #include "src/ast/ast.h"
 #include "src/builtins/builtins-call-gen.h"
 #include "src/builtins/builtins-constructor.h"
@@ -53,8 +55,8 @@ TF_BUILTIN(Construct_Baseline, CallOrConstructBuiltinsAssembler) {
   auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);
 
   BuildConstruct(
-      target, new_target, argc, [=] { return LoadContextFromBaseline(); },
-      [=] { return LoadFeedbackVectorFromBaseline(); }, slot,
+      target, new_target, argc, [=, this] { return LoadContextFromBaseline(); },
+      [=, this] { return LoadFeedbackVectorFromBaseline(); }, slot,
       UpdateFeedbackMode::kGuaranteedFeedback);
 }
 
@@ -121,8 +123,8 @@ TF_BUILTIN(ConstructWithSpread_Baseline, CallOrConstructBuiltinsAssembler) {
   auto slot = UncheckedParameter<TaggedIndex>(Descriptor::kSlot);
   return BuildConstructWithSpread(
       target, new_target, spread, args_count,
-      [=] { return LoadContextFromBaseline(); },
-      [=] { return LoadFeedbackVectorFromBaseline(); }, slot,
+      [=, this] { return LoadContextFromBaseline(); },
+      [=, this] { return LoadFeedbackVectorFromBaseline(); }, slot,
       UpdateFeedbackMode::kGuaranteedFeedback);
 }
 
@@ -168,8 +170,8 @@ TF_BUILTIN(ConstructForwardAllArgs_Baseline, CallOrConstructBuiltinsAssembler) {
   auto slot = UncheckedParameter<TaggedIndex>(Descriptor::kSlot);
 
   return BuildConstructForwardAllArgs(
-      target, new_target, [=] { return LoadContextFromBaseline(); },
-      [=] { return LoadFeedbackVectorFromBaseline(); }, slot);
+      target, new_target, [=, this] { return LoadContextFromBaseline(); },
+      [=, this] { return LoadFeedbackVectorFromBaseline(); }, slot);
 }
 
 TF_BUILTIN(ConstructForwardAllArgs_WithFeedback,
@@ -208,7 +210,7 @@ TF_BUILTIN(FastNewClosure, ConstructorBuiltinsAssembler) {
   auto feedback_cell = Parameter<FeedbackCell>(Descriptor::kFeedbackCell);
   auto context = Parameter<Context>(Descriptor::kContext);
 
-  // Bump the closure counter encoded the {feedback_cell}s map.
+  // Bump the closure counter encoded in the {feedback_cell}s map.
   {
     const TNode<Map> feedback_cell_map = LoadMap(feedback_cell);
     Label no_closures(this), one_closure(this), cell_done(this);
@@ -274,12 +276,21 @@ TF_BUILTIN(FastNewClosure, ConstructorBuiltinsAssembler) {
     BIND(&done);
   }
 
-  static_assert(JSFunction::kSizeWithoutPrototype == 7 * kTaggedSize);
+  static_assert(JSFunction::kSizeWithoutPrototype ==
+                (7 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   StoreObjectFieldNoWriteBarrier(result, JSFunction::kFeedbackCellOffset,
                                  feedback_cell);
   StoreObjectFieldNoWriteBarrier(result, JSFunction::kSharedFunctionInfoOffset,
                                  shared_function_info);
   StoreObjectFieldNoWriteBarrier(result, JSFunction::kContextOffset, context);
+#ifdef V8_ENABLE_LEAPTIERING
+  TNode<JSDispatchHandleT> dispatch_handle = LoadObjectField<JSDispatchHandleT>(
+      feedback_cell, FeedbackCell::kDispatchHandleOffset);
+  CSA_DCHECK(this, Word32NotEqual(dispatch_handle,
+                                  Int32Constant(kNullJSDispatchHandle)));
+  StoreObjectFieldNoWriteBarrier(result, JSFunction::kDispatchHandleOffset,
+                                 dispatch_handle);
+#endif  // V8_ENABLE_LEAPTIERING
   TNode<Code> lazy_builtin =
       HeapConstantNoHole(BUILTIN_CODE(isolate(), CompileLazy));
   StoreCodePointerField(result, JSFunction::kCodeOffset, lazy_builtin);
@@ -357,7 +368,7 @@ TNode<JSObject> ConstructorBuiltinsAssembler::FastNewObject(
   }
 
   BIND(&instantiate_map);
-  return AllocateJSObjectFromMap(initial_map, properties.value(), base::nullopt,
+  return AllocateJSObjectFromMap(initial_map, properties.value(), std::nullopt,
                                  AllocationFlag::kNone, kWithSlackTracking);
 }
 
@@ -403,7 +414,7 @@ TNode<Context> ConstructorBuiltinsAssembler::FastNewFunctionContext(
   CodeStubAssembler::VariableList vars(0, zone());
   BuildFastLoop<IntPtrT>(
       vars, start_offset, size,
-      [=](TNode<IntPtrT> offset) {
+      [=, this](TNode<IntPtrT> offset) {
         StoreObjectFieldNoWriteBarrier(function_context, offset, undefined);
       },
       kTaggedSize, LoopUnrollingMode::kYes, IndexAdvanceMode::kPost);
@@ -449,10 +460,11 @@ TNode<JSRegExp> ConstructorBuiltinsAssembler::CreateRegExpLiteral(
     StoreObjectFieldRoot(new_object, JSObject::kElementsOffset,
                          RootIndex::kEmptyFixedArray);
     // Initialize JSRegExp fields.
-    StoreObjectFieldNoWriteBarrier(
-        new_object, JSRegExp::kDataOffset,
-        LoadObjectField(boilerplate,
-                        RegExpBoilerplateDescription::kDataOffset));
+    StoreTrustedPointerField(
+        new_object, JSRegExp::kDataOffset, kRegExpDataIndirectPointerTag,
+        CAST(LoadTrustedPointerFromObject(
+            boilerplate, RegExpBoilerplateDescription::kDataOffset,
+            kRegExpDataIndirectPointerTag)));
     StoreObjectFieldNoWriteBarrier(
         new_object, JSRegExp::kSourceOffset,
         LoadObjectField(boilerplate,
@@ -533,10 +545,10 @@ TNode<JSArray> ConstructorBuiltinsAssembler::CreateEmptyArrayLiteral(
   TNode<IntPtrT> zero_intptr = IntPtrConstant(0);
   TNode<Smi> zero = SmiConstant(0);
   Comment("Allocate JSArray");
-  base::Optional<TNode<AllocationSite>> site =
+  std::optional<TNode<AllocationSite>> site =
       V8_ALLOCATION_SITE_TRACKING_BOOL
-          ? base::make_optional(allocation_site.value())
-          : base::nullopt;
+          ? std::make_optional(allocation_site.value())
+          : std::nullopt;
   TNode<JSArray> result = AllocateJSArray(GetInitialFastElementsKind(),
                                           array_map, zero_intptr, zero, site);
 
@@ -691,7 +703,7 @@ TNode<HeapObject> ConstructorBuiltinsAssembler::CreateShallowObjectLiteral(
       Comment("Copy in-object properties slow");
       BuildFastLoop<IntPtrT>(
           offset.value(), instance_size,
-          [=](TNode<IntPtrT> offset) {
+          [=, this](TNode<IntPtrT> offset) {
             // TODO(ishell): value decompression is not necessary here.
             TNode<Object> field = LoadObjectField(boilerplate, offset);
             StoreObjectFieldNoWriteBarrier(copy, offset, field);
@@ -728,7 +740,7 @@ void ConstructorBuiltinsAssembler::CopyMutableHeapNumbersInObject(
   Comment("Copy mutable HeapNumber values");
   BuildFastLoop<IntPtrT>(
       start_offset, end_offset,
-      [=](TNode<IntPtrT> offset) {
+      [=, this](TNode<IntPtrT> offset) {
         TNode<Object> field = LoadObjectField(copy, offset);
         Label copy_heap_number(this, Label::kDeferred), continue_loop(this);
         // We only have to clone complex field values.
diff --git a/deps/v8/src/builtins/builtins-definitions.h b/deps/v8/src/builtins/builtins-definitions.h
index d43b2fb3d85fd4..1eb05f060c0eca 100644
--- a/deps/v8/src/builtins/builtins-definitions.h
+++ b/deps/v8/src/builtins/builtins-definitions.h
@@ -61,7 +61,7 @@ namespace internal {
   /* Adaptor for CPP builtins. */                             \
   TFC(AdaptorWithBuiltinExitFrame, CppBuiltinAdaptor)
 
-#define BUILTIN_LIST_BASE_TIER1(CPP, TFJ, TSC, TFC, TFS, TFH, ASM)            \
+#define BUILTIN_LIST_BASE_TIER1(CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, ASM)       \
   /* GC write barriers */                                                     \
   TFC(IndirectPointerBarrierSaveFP, IndirectPointerWriteBarrier)              \
   TFC(IndirectPointerBarrierIgnoreFP, IndirectPointerWriteBarrier)            \
@@ -359,10 +359,14 @@ namespace internal {
   /* Special internal builtins */                                              \
   CPP(EmptyFunction)                                                           \
   CPP(Illegal)                                                                 \
+  CPP(IllegalInvocationThrower)                                                \
   CPP(StrictPoisonPillThrower)                                                 \
   CPP(UnsupportedThrower)                                                      \
   TFJ(ReturnReceiver, kJSArgcReceiverSlots, kReceiver)                         \
                                                                                \
+  /* AbstractModuleSource */                                                   \
+  CPP(AbstractModuleSourceToStringTag)                                         \
+                                                                               \
   /* Array */                                                                  \
   TFC(ArrayConstructor, JSTrampoline)                                          \
   TFC(ArrayConstructorImpl, ArrayConstructor)                                  \
@@ -614,8 +618,6 @@ namespace internal {
   CPP(DisposableStackPrototypeMove)                                            \
                                                                                \
   /* Async DisposabeStack*/                                                    \
-  CPP(AsyncDisposableStackOnFulfilled)                                         \
-  CPP(AsyncDisposableStackOnRejected)                                          \
   CPP(AsyncDisposeFromSyncDispose)                                             \
                                                                                \
   /* Error */                                                                  \
@@ -983,7 +985,7 @@ namespace internal {
   /* ES #sec-string.fromcodepoint */                                           \
   CPP(StringFromCodePoint)                                                     \
   /* ES6 #sec-string.fromcharcode */                                           \
-  TFJ(StringFromCharCode, kDontAdaptArgumentsSentinel)                         \
+  IF_TSA(TSJ, TFJ)(StringFromCharCode, kDontAdaptArgumentsSentinel)            \
   /* ES6 #sec-string.prototype.lastindexof */                                  \
   CPP(StringPrototypeLastIndexOf)                                              \
   /* ES #sec-string.prototype.matchAll */                                      \
@@ -1035,6 +1037,111 @@ namespace internal {
   TFJ(TypedArrayPrototypeMap, kDontAdaptArgumentsSentinel)                     \
                                                                                \
   /* Wasm */                                                                   \
+  IF_WASM_DRUMBRAKE(ASM, WasmInterpreterEntry, WasmDummy)                      \
+  IF_WASM_DRUMBRAKE(ASM, GenericJSToWasmInterpreterWrapper, WasmDummy)         \
+  IF_WASM_DRUMBRAKE(ASM, WasmInterpreterCWasmEntry, WasmDummy)                 \
+  IF_WASM_DRUMBRAKE(ASM, GenericWasmToJSInterpreterWrapper, WasmDummy)         \
+                                                                               \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I32LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I32LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I32LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I32LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem32S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem32U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_I64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_F32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2r_F64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem32S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem32U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I32LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I32LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I32LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I32LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem32S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem32U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_I64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_F32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2r_F64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem8S, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem8U, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem16S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem16U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem32S, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem32U, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F32LoadMem, WasmDummy)              \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F64LoadMem, WasmDummy)              \
+                                                                               \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem8S_LocalSet, WasmDummy)   \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem8U_LocalSet, WasmDummy)   \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem16S_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem16U_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem8S_LocalSet, WasmDummy)   \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem8U_LocalSet, WasmDummy)   \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem16S_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem16U_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem32S_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem32U_LocalSet, WasmDummy)  \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadMem_LocalSet, WasmDummy)     \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadMem_LocalSet, WasmDummy)     \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F32LoadMem_LocalSet, WasmDummy)     \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F64LoadMem_LocalSet, WasmDummy)     \
+                                                                               \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32StoreMem8, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32StoreMem16, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64StoreMem8, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64StoreMem16, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64StoreMem32, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F32StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F64StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32StoreMem8, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32StoreMem16, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64StoreMem8, WasmDummy)            \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64StoreMem16, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64StoreMem32, WasmDummy)           \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F32StoreMem, WasmDummy)             \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F64StoreMem, WasmDummy)             \
+                                                                               \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I32LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_I64LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F32LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, r2s_F64LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I32LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_I64LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F32LoadStoreMem, WasmDummy)         \
+  IF_WASM_DRUMBRAKE_INSTR_HANDLER(ASM, s2s_F64LoadStoreMem, WasmDummy)         \
+                                                                               \
   IF_WASM(ASM, JSToWasmWrapperAsm, WasmJSToWasmWrapper)                        \
   IF_WASM(ASM, WasmReturnPromiseOnSuspendAsm, WasmJSToWasmWrapper)             \
   IF_WASM(ASM, WasmToJsWrapperAsm, WasmDummy)                                  \
@@ -1783,9 +1890,9 @@ namespace internal {
   TFJ(StringFixedArrayFromIterable, kJSArgcReceiverSlots, kIterable)           \
   TFJ(TemporalInstantFixedArrayFromIterable, kJSArgcReceiverSlots, kIterable)
 
-#define BUILTIN_LIST_BASE(CPP, TFJ, TSC, TFC, TFS, TFH, ASM) \
-  BUILTIN_LIST_BASE_TIER0(CPP, TFJ, TFC, TFS, TFH, ASM)      \
-  BUILTIN_LIST_BASE_TIER1(CPP, TFJ, TSC, TFC, TFS, TFH, ASM)
+#define BUILTIN_LIST_BASE(CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, ASM) \
+  BUILTIN_LIST_BASE_TIER0(CPP, TFJ, TFC, TFS, TFH, ASM)           \
+  BUILTIN_LIST_BASE_TIER1(CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, ASM)
 
 #ifdef V8_INTL_SUPPORT
 #define BUILTIN_LIST_INTL(CPP, TFJ, TFS)                               \
@@ -2022,10 +2129,10 @@ namespace internal {
   CPP(StringPrototypeToUpperCase)
 #endif  // V8_INTL_SUPPORT
 
-#define BUILTIN_LIST(CPP, TFJ, TSC, TFC, TFS, TFH, BCH, ASM) \
-  BUILTIN_LIST_BASE(CPP, TFJ, TSC, TFC, TFS, TFH, ASM)       \
-  BUILTIN_LIST_FROM_TORQUE(CPP, TFJ, TFC, TFS, TFH, ASM)     \
-  BUILTIN_LIST_INTL(CPP, TFJ, TFS)                           \
+#define BUILTIN_LIST(CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, BCH, ASM) \
+  BUILTIN_LIST_BASE(CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, ASM)       \
+  BUILTIN_LIST_FROM_TORQUE(CPP, TFJ, TFC, TFS, TFH, ASM)          \
+  BUILTIN_LIST_INTL(CPP, TFJ, TFS)                                \
   BUILTIN_LIST_BYTECODE_HANDLERS(BCH)
 
 // See the comment on top of BUILTIN_LIST_BASE_TIER0 for an explanation of
@@ -2033,10 +2140,10 @@ namespace internal {
 #define BUILTIN_LIST_TIER0(CPP, TFJ, TFC, TFS, TFH, BCH, ASM) \
   BUILTIN_LIST_BASE_TIER0(CPP, TFJ, TFC, TFS, TFH, ASM)
 
-#define BUILTIN_LIST_TIER1(CPP, TFJ, TFC, TFS, TFH, BCH, ASM) \
-  BUILTIN_LIST_BASE_TIER1(CPP, TFJ, TFC, TFS, TFH, ASM)       \
-  BUILTIN_LIST_FROM_TORQUE(CPP, TFJ, TFC, TFS, TFH, ASM)      \
-  BUILTIN_LIST_INTL(CPP, TFJ, TFS)                            \
+#define BUILTIN_LIST_TIER1(CPP, TSJ, TFJ, TFC, TFS, TFH, BCH, ASM) \
+  BUILTIN_LIST_BASE_TIER1(CPP, TSJ, TFJ, TFC, TFS, TFH, ASM)       \
+  BUILTIN_LIST_FROM_TORQUE(CPP, TFJ, TFC, TFS, TFH, ASM)           \
+  BUILTIN_LIST_INTL(CPP, TFJ, TFS)                                 \
   BUILTIN_LIST_BYTECODE_HANDLERS(BCH)
 
 // The exception thrown in the following builtins are caught
@@ -2059,37 +2166,50 @@ namespace internal {
 
 #define IGNORE_BUILTIN(...)
 
-#define BUILTIN_LIST_C(V)                                         \
-  BUILTIN_LIST(V, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN)
+#define BUILTIN_LIST_C(V)                                                      \
+  BUILTIN_LIST(V, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               IGNORE_BUILTIN)
 
-#define BUILTIN_LIST_TFJ(V)                                       \
-  BUILTIN_LIST(IGNORE_BUILTIN, V, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN)
+#define BUILTIN_LIST_TSJ(V)                                                    \
+  BUILTIN_LIST(IGNORE_BUILTIN, V, IGNORE_BUILTIN, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               IGNORE_BUILTIN)
 
-#define BUILTIN_LIST_TSC(V)                                       \
-  BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, V, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN)
+#define BUILTIN_LIST_TFJ(V)                                                    \
+  BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, V, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               IGNORE_BUILTIN)
 
-#define BUILTIN_LIST_TFC(V)                                       \
-  BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, V, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN)
+#define BUILTIN_LIST_TSC(V)                                                    \
+  BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, V,              \
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               IGNORE_BUILTIN)
+
+#define BUILTIN_LIST_TFC(V)                                                    \
+  BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               V, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN)
 
 #define BUILTIN_LIST_TFS(V)                                                    \
   BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               V, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN)
+               IGNORE_BUILTIN, V, IGNORE_BUILTIN, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN)
 
 #define BUILTIN_LIST_TFH(V)                                                    \
   BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, V, IGNORE_BUILTIN, IGNORE_BUILTIN)
+               IGNORE_BUILTIN, IGNORE_BUILTIN, V, IGNORE_BUILTIN,              \
+               IGNORE_BUILTIN)
 
 #define BUILTIN_LIST_BCH(V)                                                    \
   BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, V, IGNORE_BUILTIN)
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, V,              \
+               IGNORE_BUILTIN)
 
 #define BUILTIN_LIST_A(V)                                                      \
   BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
-               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, V)
+               IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, \
+               V)
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/builtins/builtins-descriptors.h b/deps/v8/src/builtins/builtins-descriptors.h
index 5514fdc064f19d..a9014dc9a52dff 100644
--- a/deps/v8/src/builtins/builtins-descriptors.h
+++ b/deps/v8/src/builtins/builtins-descriptors.h
@@ -29,6 +29,9 @@ namespace internal {
     static_assert(kJSTarget == -1, "Unexpected kJSTarget index value");  \
   };
 
+#define DEFINE_TSJ_INTERFACE_DESCRIPTOR(...) \
+  DEFINE_TFJ_INTERFACE_DESCRIPTOR(__VA_ARGS__)
+
 #define DEFINE_TSC_INTERFACE_DESCRIPTOR(Name, InterfaceDescriptor) \
   using Builtin_##Name##_InterfaceDescriptor = InterfaceDescriptor##Descriptor;
 
@@ -46,12 +49,15 @@ namespace internal {
 #define DEFINE_ASM_INTERFACE_DESCRIPTOR(Name, InterfaceDescriptor) \
   using Builtin_##Name##_InterfaceDescriptor = InterfaceDescriptor##Descriptor;
 
-BUILTIN_LIST(IGNORE_BUILTIN, DEFINE_TFJ_INTERFACE_DESCRIPTOR,
-             DEFINE_TSC_INTERFACE_DESCRIPTOR, DEFINE_TFC_INTERFACE_DESCRIPTOR,
-             DEFINE_TFS_INTERFACE_DESCRIPTOR, DEFINE_TFH_INTERFACE_DESCRIPTOR,
-             IGNORE_BUILTIN, DEFINE_ASM_INTERFACE_DESCRIPTOR)
+BUILTIN_LIST(IGNORE_BUILTIN, DEFINE_TSJ_INTERFACE_DESCRIPTOR,
+             DEFINE_TFJ_INTERFACE_DESCRIPTOR, DEFINE_TSC_INTERFACE_DESCRIPTOR,
+             DEFINE_TFC_INTERFACE_DESCRIPTOR, DEFINE_TFS_INTERFACE_DESCRIPTOR,
+             DEFINE_TFH_INTERFACE_DESCRIPTOR, IGNORE_BUILTIN,
+             DEFINE_ASM_INTERFACE_DESCRIPTOR)
 
 #undef DEFINE_TFJ_INTERFACE_DESCRIPTOR
+#undef DEFINE_TSJ_INTERFACE_DESCRIPTOR
+#undef DEFINE_TSC_INTERFACE_DESCRIPTOR
 #undef DEFINE_TFC_INTERFACE_DESCRIPTOR
 #undef DEFINE_TFS_INTERFACE_DESCRIPTOR
 #undef DEFINE_TFH_INTERFACE_DESCRIPTOR
diff --git a/deps/v8/src/builtins/builtins-function.cc b/deps/v8/src/builtins/builtins-function.cc
index 1dcf9ad3716ad1..3a5b2a2f6d7022 100644
--- a/deps/v8/src/builtins/builtins-function.cc
+++ b/deps/v8/src/builtins/builtins-function.cc
@@ -84,11 +84,10 @@ MaybeHandle<Object> CreateDynamicFunction(Isolate* isolate,
   // come from here.
   Handle<JSFunction> function;
   {
-    ASSIGN_RETURN_ON_EXCEPTION(
-        isolate, function,
-        Compiler::GetFunctionFromString(
-            handle(target->native_context(), isolate), source,
-            ONLY_SINGLE_FUNCTION_LITERAL, parameters_end_pos, is_code_like));
+    ASSIGN_RETURN_ON_EXCEPTION(isolate, function,
+                               Compiler::GetFunctionFromString(
+                                   handle(target->native_context(), isolate),
+                                   source, parameters_end_pos, is_code_like));
     Handle<Object> result;
     ASSIGN_RETURN_ON_EXCEPTION(
         isolate, result,
@@ -196,7 +195,7 @@ Tagged<Object> DoFunctionBind(Isolate* isolate, BuiltinArguments args,
 
   // Allocate the bound function with the given {this_arg} and {args}.
   Handle<JSReceiver> target = args.at<JSReceiver>(0);
-  Handle<JSAny> this_arg = isolate->factory()->undefined_value();
+  DirectHandle<JSAny> this_arg = isolate->factory()->undefined_value();
   base::ScopedVector<Handle<Object>> argv(std::max(0, args.length() - 2));
   if (args.length() > 1) {
     this_arg = args.at<JSAny>(1);
diff --git a/deps/v8/src/builtins/builtins-generator-gen.cc b/deps/v8/src/builtins/builtins-generator-gen.cc
index a6d4a45101e7fd..d76152181a3685 100644
--- a/deps/v8/src/builtins/builtins-generator-gen.cc
+++ b/deps/v8/src/builtins/builtins-generator-gen.cc
@@ -239,7 +239,7 @@ TF_BUILTIN(SuspendGeneratorBaseline, GeneratorBuiltinsAssembler) {
   auto parent_frame_pointer = LoadParentFramePointer();
   BuildFastLoop<IntPtrT>(
       IntPtrConstant(0), formal_parameter_count,
-      [=](TNode<IntPtrT> index) {
+      [=, this](TNode<IntPtrT> index) {
         auto reg_index = IntPtrAdd(parameter_base_index, index);
         TNode<Object> value = LoadFullTagged(parent_frame_pointer,
                                              TimesSystemPointerSize(reg_index));
@@ -258,7 +258,7 @@ TF_BUILTIN(SuspendGeneratorBaseline, GeneratorBuiltinsAssembler) {
   CSA_CHECK(this, UintPtrLessThan(end_index, parameters_and_registers_length));
   BuildFastLoop<IntPtrT>(
       formal_parameter_count, end_index,
-      [=](TNode<IntPtrT> index) {
+      [=, this](TNode<IntPtrT> index) {
         auto reg_index = IntPtrSub(register_base_index, index);
         TNode<Object> value = LoadFullTagged(parent_frame_pointer,
                                              TimesSystemPointerSize(reg_index));
@@ -296,7 +296,7 @@ TF_BUILTIN(ResumeGeneratorBaseline, GeneratorBuiltinsAssembler) {
   auto parent_frame_pointer = LoadParentFramePointer();
   BuildFastLoop<IntPtrT>(
       formal_parameter_count, end_index,
-      [=](TNode<IntPtrT> index) {
+      [=, this](TNode<IntPtrT> index) {
         TNode<Object> value =
             UnsafeLoadFixedArrayElement(parameters_and_registers, index);
         auto reg_index = IntPtrSub(register_base_index, index);
diff --git a/deps/v8/src/builtins/builtins-handler-gen.cc b/deps/v8/src/builtins/builtins-handler-gen.cc
index ae9594599810be..382844f865c0ee 100644
--- a/deps/v8/src/builtins/builtins-handler-gen.cc
+++ b/deps/v8/src/builtins/builtins-handler-gen.cc
@@ -2,7 +2,6 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "src/base/optional.h"
 #include "src/builtins/builtins-utils-gen.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/code-stub-assembler-inl.h"
@@ -159,7 +158,7 @@ void HandlerBuiltinsAssembler::Generate_ElementsTransitionAndStore(
     // TODO(v8:8481): Pass from_kind and to_kind in feedback vector slots.
     DispatchForElementsKindTransition(
         LoadElementsKind(receiver), LoadMapElementsKind(map),
-        [=, &miss](ElementsKind from_kind, ElementsKind to_kind) {
+        [=, this, &miss](ElementsKind from_kind, ElementsKind to_kind) {
           TransitionElementsKind(receiver, map, from_kind, to_kind, &miss);
           EmitElementStore(receiver, key, value, to_kind, store_mode, &miss,
                            context, nullptr);
@@ -305,7 +304,7 @@ void HandlerBuiltinsAssembler::Generate_StoreFastElementIC(
   // TODO(v8:8481): Pass elements_kind in feedback vector slots.
   DispatchByElementsKind(
       LoadElementsKind(receiver),
-      [=, &miss, &maybe_converted_value](ElementsKind elements_kind) {
+      [=, this, &miss, &maybe_converted_value](ElementsKind elements_kind) {
         EmitElementStore(receiver, key, value, elements_kind, store_mode, &miss,
                          context, &maybe_converted_value);
       },
diff --git a/deps/v8/src/builtins/builtins-internal-gen.cc b/deps/v8/src/builtins/builtins-internal-gen.cc
index 568aa882bca833..de8df3b82c12c2 100644
--- a/deps/v8/src/builtins/builtins-internal-gen.cc
+++ b/deps/v8/src/builtins/builtins-internal-gen.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/api/api.h"
 #include "src/baseline/baseline.h"
 #include "src/builtins/builtins-inl.h"
@@ -974,8 +976,8 @@ class SetOrCopyDataPropertiesAssembler : public CodeStubAssembler {
   TNode<Object> SetOrCopyDataProperties(
       TNode<Context> context, TNode<JSReceiver> target, TNode<Object> source,
       Label* if_runtime,
-      base::Optional<TNode<IntPtrT>> excluded_property_count = base::nullopt,
-      base::Optional<TNode<IntPtrT>> excluded_property_base = base::nullopt,
+      std::optional<TNode<IntPtrT>> excluded_property_count = std::nullopt,
+      std::optional<TNode<IntPtrT>> excluded_property_base = std::nullopt,
       bool use_set = true) {
     Label if_done(this), if_noelements(this),
         if_sourcenotjsobject(this, Label::kDeferred);
@@ -1009,7 +1011,7 @@ class SetOrCopyDataPropertiesAssembler : public CodeStubAssembler {
         TNode<BoolT> target_is_simple_receiver = IsSimpleObjectMap(target_map);
         ForEachEnumerableOwnProperty(
             context, source_map, CAST(source), kEnumerationOrder,
-            [=](TNode<Name> key, LazyNode<Object> value) {
+            [=, this](TNode<Name> key, LazyNode<Object> value) {
               KeyedStoreGenericGenerator::SetProperty(
                   state(), context, target, target_is_simple_receiver, key,
                   value(), LanguageMode::kStrict);
@@ -1018,7 +1020,7 @@ class SetOrCopyDataPropertiesAssembler : public CodeStubAssembler {
       } else {
         ForEachEnumerableOwnProperty(
             context, source_map, CAST(source), kEnumerationOrder,
-            [=](TNode<Name> key, LazyNode<Object> value) {
+            [=, this](TNode<Name> key, LazyNode<Object> value) {
               Label skip(this);
               if (excluded_property_count.has_value()) {
                 BuildFastLoop<IntPtrT>(
@@ -1125,8 +1127,8 @@ TF_BUILTIN(CopyDataProperties, SetOrCopyDataPropertiesAssembler) {
   CSA_DCHECK(this, TaggedNotEqual(target, source));
 
   Label if_runtime(this, Label::kDeferred);
-  SetOrCopyDataProperties(context, target, source, &if_runtime, base::nullopt,
-                          base::nullopt, false);
+  SetOrCopyDataProperties(context, target, source, &if_runtime, std::nullopt,
+                          std::nullopt, false);
   Return(UndefinedConstant());
 
   BIND(&if_runtime);
@@ -1140,8 +1142,8 @@ TF_BUILTIN(SetDataProperties, SetOrCopyDataPropertiesAssembler) {
 
   Label if_runtime(this, Label::kDeferred);
   GotoIfForceSlowPath(&if_runtime);
-  SetOrCopyDataProperties(context, target, source, &if_runtime, base::nullopt,
-                          base::nullopt, true);
+  SetOrCopyDataProperties(context, target, source, &if_runtime, std::nullopt,
+                          std::nullopt, true);
   Return(UndefinedConstant());
 
   BIND(&if_runtime);
@@ -1449,9 +1451,10 @@ TF_BUILTIN(GetProperty, CodeStubAssembler) {
       if_slow(this, Label::kDeferred);
 
   CodeStubAssembler::LookupPropertyInHolder lookup_property_in_holder =
-      [=](TNode<HeapObject> receiver, TNode<HeapObject> holder,
-          TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
-          TNode<Name> unique_name, Label* next_holder, Label* if_bailout) {
+      [=, this](TNode<HeapObject> receiver, TNode<HeapObject> holder,
+                TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
+                TNode<Name> unique_name, Label* next_holder,
+                Label* if_bailout) {
         TVARIABLE(Object, var_value);
         Label if_found(this);
         // If we get here then it's guaranteed that |object| (and thus the
@@ -1465,9 +1468,9 @@ TF_BUILTIN(GetProperty, CodeStubAssembler) {
       };
 
   CodeStubAssembler::LookupElementInHolder lookup_element_in_holder =
-      [=](TNode<HeapObject> receiver, TNode<HeapObject> holder,
-          TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
-          TNode<IntPtrT> index, Label* next_holder, Label* if_bailout) {
+      [=, this](TNode<HeapObject> receiver, TNode<HeapObject> holder,
+                TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
+                TNode<IntPtrT> index, Label* next_holder, Label* if_bailout) {
         // Not supported yet.
         Use(next_holder);
         Goto(if_bailout);
@@ -1507,9 +1510,10 @@ TF_BUILTIN(GetPropertyWithReceiver, CodeStubAssembler) {
       if_slow(this, Label::kDeferred);
 
   CodeStubAssembler::LookupPropertyInHolder lookup_property_in_holder =
-      [=](TNode<HeapObject> receiver, TNode<HeapObject> holder,
-          TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
-          TNode<Name> unique_name, Label* next_holder, Label* if_bailout) {
+      [=, this](TNode<HeapObject> receiver, TNode<HeapObject> holder,
+                TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
+                TNode<Name> unique_name, Label* next_holder,
+                Label* if_bailout) {
         TVARIABLE(Object, var_value);
         Label if_found(this);
         TryGetOwnProperty(context, receiver, CAST(holder), holder_map,
@@ -1521,9 +1525,9 @@ TF_BUILTIN(GetPropertyWithReceiver, CodeStubAssembler) {
       };
 
   CodeStubAssembler::LookupElementInHolder lookup_element_in_holder =
-      [=](TNode<HeapObject> receiver, TNode<HeapObject> holder,
-          TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
-          TNode<IntPtrT> index, Label* next_holder, Label* if_bailout) {
+      [=, this](TNode<HeapObject> receiver, TNode<HeapObject> holder,
+                TNode<Map> holder_map, TNode<Int32T> holder_instance_type,
+                TNode<IntPtrT> index, Label* next_holder, Label* if_bailout) {
         // Not supported yet.
         Use(next_holder);
         Goto(if_bailout);
diff --git a/deps/v8/src/builtins/builtins-internal.cc b/deps/v8/src/builtins/builtins-internal.cc
index 75fa21b3f4652e..04bcdc377ce65b 100644
--- a/deps/v8/src/builtins/builtins-internal.cc
+++ b/deps/v8/src/builtins/builtins-internal.cc
@@ -15,6 +15,12 @@ BUILTIN(Illegal) {
   UNREACHABLE();
 }
 
+BUILTIN(IllegalInvocationThrower) {
+  HandleScope scope(isolate);
+  THROW_NEW_ERROR_RETURN_FAILURE(
+      isolate, NewTypeError(MessageTemplate::kIllegalInvocation));
+}
+
 BUILTIN(EmptyFunction) { return ReadOnlyRoots(isolate).undefined_value(); }
 
 BUILTIN(UnsupportedThrower) {
diff --git a/deps/v8/src/builtins/builtins-intl-gen.cc b/deps/v8/src/builtins/builtins-intl-gen.cc
index c923e63f48dc01..1691b35405f256 100644
--- a/deps/v8/src/builtins/builtins-intl-gen.cc
+++ b/deps/v8/src/builtins/builtins-intl-gen.cc
@@ -157,11 +157,8 @@ void IntlBuiltinsAssembler::ToLowerCaseImpl(
   const TNode<Uint32T> length = LoadStringLengthAsWord32(string);
   GotoIf(Word32Equal(length, Uint32Constant(0)), &return_string);
 
-  const TNode<Int32T> instance_type = to_direct.instance_type();
-  CSA_DCHECK(this,
-             Word32BinaryNot(IsIndirectStringInstanceType(instance_type)));
-
-  GotoIfNot(IsOneByteStringInstanceType(instance_type), &runtime);
+  const TNode<BoolT> is_one_byte = to_direct.IsOneByte();
+  GotoIfNot(is_one_byte, &runtime);
 
   // For short strings, do the conversion in CSA through the lookup table.
 
diff --git a/deps/v8/src/builtins/builtins-intl.cc b/deps/v8/src/builtins/builtins-intl.cc
index 72fd46c1a2e031..118549de81c93f 100644
--- a/deps/v8/src/builtins/builtins-intl.cc
+++ b/deps/v8/src/builtins/builtins-intl.cc
@@ -602,7 +602,7 @@ BUILTIN(DateTimeFormatInternalFormat) {
   // 1. Let dtf be F.[[DateTimeFormat]].
   // 2. Assert: Type(dtf) is Object and dtf has an [[InitializedDateTimeFormat]]
   // internal slot.
-  Handle<JSDateTimeFormat> date_format_holder = Handle<JSDateTimeFormat>(
+  DirectHandle<JSDateTimeFormat> date_format_holder(
       Cast<JSDateTimeFormat>(context->get(
           static_cast<int>(Intl::BoundFunctionContextSlot::kBoundFunction))),
       isolate);
diff --git a/deps/v8/src/builtins/builtins-iterator-gen.cc b/deps/v8/src/builtins/builtins-iterator-gen.cc
index 7854edde283d58..59988362f9d6c2 100644
--- a/deps/v8/src/builtins/builtins-iterator-gen.cc
+++ b/deps/v8/src/builtins/builtins-iterator-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-iterator-gen.h"
 
+#include <optional>
+
 #include "src/builtins/builtins-collections-gen.h"
 #include "src/builtins/builtins-string-gen.h"
 #include "src/builtins/builtins-utils-gen.h"
@@ -61,7 +63,7 @@ IteratorRecord IteratorBuiltinsAssembler::GetIterator(TNode<Context> context,
 
 TNode<JSReceiver> IteratorBuiltinsAssembler::IteratorStep(
     TNode<Context> context, const IteratorRecord& iterator, Label* if_done,
-    base::Optional<TNode<Map>> fast_iterator_result_map) {
+    std::optional<TNode<Map>> fast_iterator_result_map) {
   DCHECK_NOT_NULL(if_done);
   // 1. a. Let result be ? Invoke(iterator, "next", « »).
   TNode<Object> result = Call(context, iterator.next, iterator.object);
@@ -89,7 +91,7 @@ TNode<JSReceiver> IteratorBuiltinsAssembler::IteratorStep(
 
 void IteratorBuiltinsAssembler::IteratorComplete(
     TNode<Context> context, const TNode<HeapObject> iterator, Label* if_done,
-    base::Optional<TNode<Map>> fast_iterator_result_map) {
+    std::optional<TNode<Map>> fast_iterator_result_map) {
   DCHECK_NOT_NULL(if_done);
 
   Label return_result(this);
@@ -124,7 +126,7 @@ void IteratorBuiltinsAssembler::IteratorComplete(
 
 TNode<Object> IteratorBuiltinsAssembler::IteratorValue(
     TNode<Context> context, TNode<JSReceiver> result,
-    base::Optional<TNode<Map>> fast_iterator_result_map) {
+    std::optional<TNode<Map>> fast_iterator_result_map) {
   Label exit(this);
   TVARIABLE(Object, var_value);
   if (fast_iterator_result_map) {
diff --git a/deps/v8/src/builtins/builtins-iterator-gen.h b/deps/v8/src/builtins/builtins-iterator-gen.h
index 39775a6b9d02fa..f593649212bd45 100644
--- a/deps/v8/src/builtins/builtins-iterator-gen.h
+++ b/deps/v8/src/builtins/builtins-iterator-gen.h
@@ -35,20 +35,20 @@ class IteratorBuiltinsAssembler : public CodeStubAssembler {
   // object, loaded from the native context.
   TNode<JSReceiver> IteratorStep(
       TNode<Context> context, const IteratorRecord& iterator, Label* if_done,
-      base::Optional<TNode<Map>> fast_iterator_result_map = base::nullopt);
+      std::optional<TNode<Map>> fast_iterator_result_map = std::nullopt);
   TNode<JSReceiver> IteratorStep(
       TNode<Context> context, const IteratorRecord& iterator,
-      base::Optional<TNode<Map>> fast_iterator_result_map, Label* if_done) {
+      std::optional<TNode<Map>> fast_iterator_result_map, Label* if_done) {
     return IteratorStep(context, iterator, if_done, fast_iterator_result_map);
   }
 
   // https://tc39.es/ecma262/#sec-iteratorcomplete
   void IteratorComplete(
       TNode<Context> context, const TNode<HeapObject> iterator, Label* if_done,
-      base::Optional<TNode<Map>> fast_iterator_result_map = base::nullopt);
+      std::optional<TNode<Map>> fast_iterator_result_map = std::nullopt);
   void IteratorComplete(TNode<Context> context,
                         const TNode<HeapObject> iterator,
-                        base::Optional<TNode<Map>> fast_iterator_result_map,
+                        std::optional<TNode<Map>> fast_iterator_result_map,
                         Label* if_done) {
     return IteratorComplete(context, iterator, if_done,
                             fast_iterator_result_map);
@@ -60,7 +60,7 @@ class IteratorBuiltinsAssembler : public CodeStubAssembler {
   // object, loaded from the native context.
   TNode<Object> IteratorValue(
       TNode<Context> context, TNode<JSReceiver> result,
-      base::Optional<TNode<Map>> fast_iterator_result_map = base::nullopt);
+      std::optional<TNode<Map>> fast_iterator_result_map = std::nullopt);
 
   void Iterate(TNode<Context> context, TNode<Object> iterable,
                std::function<void(TNode<Object>)> func,
diff --git a/deps/v8/src/builtins/builtins-lazy-gen.cc b/deps/v8/src/builtins/builtins-lazy-gen.cc
index f2c27312211a25..c439b09d139782 100644
--- a/deps/v8/src/builtins/builtins-lazy-gen.cc
+++ b/deps/v8/src/builtins/builtins-lazy-gen.cc
@@ -144,7 +144,7 @@ void LazyBuiltinsAssembler::CompileLazy(TNode<JSFunction> function) {
   // Ensure we have a feedback vector.
   code = Select<Code>(
       IsFeedbackVector(feedback_cell_value), [=]() { return sfi_code; },
-      [=]() {
+      [=, this]() {
         return CAST(CallRuntime(Runtime::kInstallBaselineCode,
                                 Parameter<Context>(Descriptor::kContext),
                                 function));
diff --git a/deps/v8/src/builtins/builtins-microtask-queue-gen.cc b/deps/v8/src/builtins/builtins-microtask-queue-gen.cc
index 1fc7d9a5a9c172..5fb3d3badeb59e 100644
--- a/deps/v8/src/builtins/builtins-microtask-queue-gen.cc
+++ b/deps/v8/src/builtins/builtins-microtask-queue-gen.cc
@@ -515,7 +515,7 @@ void MicrotaskQueueBuiltinsAssembler::RunPromiseHook(
     // Get to the underlying JSPromise instance.
     TNode<HeapObject> promise = Select<HeapObject>(
         IsPromiseCapability(promise_or_capability),
-        [=] {
+        [=, this] {
           return CAST(LoadObjectField(promise_or_capability,
                                       PromiseCapability::kPromiseOffset));
         },
diff --git a/deps/v8/src/builtins/builtins-number-gen.cc b/deps/v8/src/builtins/builtins-number-gen.cc
index ef145833e0eea6..12ea3c2dd63e47 100644
--- a/deps/v8/src/builtins/builtins-number-gen.cc
+++ b/deps/v8/src/builtins/builtins-number-gen.cc
@@ -144,21 +144,33 @@ DEF_UNOP(Increment_Baseline, Generate_IncrementWithFeedback)
 DEF_UNOP(Negate_Baseline, Generate_NegateWithFeedback)
 #undef DEF_UNOP
 
-#define DEF_COMPARE(Name)                                                      \
-  TF_BUILTIN(Name##_WithFeedback, CodeStubAssembler) {                         \
-    auto lhs = Parameter<Object>(Descriptor::kLeft);                           \
-    auto rhs = Parameter<Object>(Descriptor::kRight);                          \
-    auto context = Parameter<Context>(Descriptor::kContext);                   \
-    auto feedback_vector =                                                     \
-        Parameter<FeedbackVector>(Descriptor::kFeedbackVector);                \
-    auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);               \
-                                                                               \
-    TVARIABLE(Smi, var_type_feedback);                                         \
-    TNode<Boolean> result = RelationalComparison(Operation::k##Name, lhs, rhs, \
-                                                 context, &var_type_feedback); \
-    UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);          \
-                                                                               \
-    Return(result);                                                            \
+#define DEF_COMPARE(Name)                                                  \
+  TF_BUILTIN(Name##_WithFeedback, CodeStubAssembler) {                     \
+    auto lhs = Parameter<Object>(Descriptor::kLeft);                       \
+    auto rhs = Parameter<Object>(Descriptor::kRight);                      \
+    auto context = Parameter<Context>(Descriptor::kContext);               \
+    auto feedback_vector =                                                 \
+        Parameter<FeedbackVector>(Descriptor::kFeedbackVector);            \
+    auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);           \
+                                                                           \
+    TVARIABLE(Smi, var_type_feedback);                                     \
+    TVARIABLE(Object, var_exception);                                      \
+    Label if_exception(this, Label::kDeferred);                            \
+    TNode<Boolean> result;                                                 \
+    {                                                                      \
+      ScopedExceptionHandler handler(this, &if_exception, &var_exception); \
+      result = RelationalComparison(Operation::k##Name, lhs, rhs, context, \
+                                    &var_type_feedback);                   \
+    }                                                                      \
+    UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);      \
+                                                                           \
+    Return(result);                                                        \
+    BIND(&if_exception);                                                   \
+    {                                                                      \
+      UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);    \
+      CallRuntime(Runtime::kReThrow, context, var_exception.value());      \
+      Unreachable();                                                       \
+    }                                                                      \
   }
 DEF_COMPARE(LessThan)
 DEF_COMPARE(LessThanOrEqual)
@@ -166,20 +178,34 @@ DEF_COMPARE(GreaterThan)
 DEF_COMPARE(GreaterThanOrEqual)
 #undef DEF_COMPARE
 
-#define DEF_COMPARE(Name)                                                 \
-  TF_BUILTIN(Name##_Baseline, CodeStubAssembler) {                        \
-    auto lhs = Parameter<Object>(Descriptor::kLeft);                      \
-    auto rhs = Parameter<Object>(Descriptor::kRight);                     \
-    auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);          \
-                                                                          \
-    TVARIABLE(Smi, var_type_feedback);                                    \
-    TNode<Boolean> result = RelationalComparison(                         \
-        Operation::k##Name, lhs, rhs,                                     \
-        [&]() { return LoadContextFromBaseline(); }, &var_type_feedback); \
-    auto feedback_vector = LoadFeedbackVectorFromBaseline();              \
-    UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);     \
-                                                                          \
-    Return(result);                                                       \
+#define DEF_COMPARE(Name)                                                   \
+  TF_BUILTIN(Name##_Baseline, CodeStubAssembler) {                          \
+    auto lhs = Parameter<Object>(Descriptor::kLeft);                        \
+    auto rhs = Parameter<Object>(Descriptor::kRight);                       \
+    auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);            \
+                                                                            \
+    TVARIABLE(Smi, var_type_feedback);                                      \
+    TVARIABLE(Object, var_exception);                                       \
+    Label if_exception(this, Label::kDeferred);                             \
+    TNode<Boolean> result;                                                  \
+    {                                                                       \
+      ScopedExceptionHandler handler(this, &if_exception, &var_exception);  \
+      result = RelationalComparison(                                        \
+          Operation::k##Name, lhs, rhs,                                     \
+          [&]() { return LoadContextFromBaseline(); }, &var_type_feedback); \
+    }                                                                       \
+    auto feedback_vector = LoadFeedbackVectorFromBaseline();                \
+    UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);       \
+                                                                            \
+    Return(result);                                                         \
+    BIND(&if_exception);                                                    \
+    {                                                                       \
+      auto feedback_vector = LoadFeedbackVectorFromBaseline();              \
+      UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);     \
+      CallRuntime(Runtime::kReThrow, LoadContextFromBaseline(),             \
+                  var_exception.value());                                   \
+      Unreachable();                                                        \
+    }                                                                       \
   }
 DEF_COMPARE(LessThan)
 DEF_COMPARE(LessThanOrEqual)
@@ -195,11 +221,21 @@ TF_BUILTIN(Equal_WithFeedback, CodeStubAssembler) {
   auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);
 
   TVARIABLE(Smi, var_type_feedback);
-  TNode<Boolean> result = Equal(
-      lhs, rhs, [&]() { return context; }, &var_type_feedback);
+  TVARIABLE(Object, var_exception);
+  Label if_exception(this, Label::kDeferred);
+  TNode<Boolean> result;
+  {
+    ScopedExceptionHandler handler(this, &if_exception, &var_exception);
+    result = Equal(lhs, rhs, [&]() { return context; }, &var_type_feedback);
+  }
   UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);
-
   Return(result);
+
+  BIND(&if_exception);
+  UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);
+  CallRuntime(Runtime::kReThrow, LoadContextFromBaseline(),
+              var_exception.value());
+  Unreachable();
 }
 
 TF_BUILTIN(StrictEqual_WithFeedback, CodeStubAssembler) {
@@ -221,13 +257,27 @@ TF_BUILTIN(Equal_Baseline, CodeStubAssembler) {
   auto slot = UncheckedParameter<UintPtrT>(Descriptor::kSlot);
 
   TVARIABLE(Smi, var_type_feedback);
-  TNode<Boolean> result = Equal(
-      lhs, rhs, [&]() { return LoadContextFromBaseline(); },
-      &var_type_feedback);
+  TVARIABLE(Object, var_exception);
+  Label if_exception(this, Label::kDeferred);
+  TNode<Boolean> result;
+  {
+    ScopedExceptionHandler handler(this, &if_exception, &var_exception);
+    result = Equal(
+        lhs, rhs, [&]() { return LoadContextFromBaseline(); },
+        &var_type_feedback);
+  }
   auto feedback_vector = LoadFeedbackVectorFromBaseline();
   UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);
-
   Return(result);
+
+  BIND(&if_exception);
+  {
+    auto feedback_vector = LoadFeedbackVectorFromBaseline();
+    UpdateFeedback(var_type_feedback.value(), feedback_vector, slot);
+    CallRuntime(Runtime::kReThrow, LoadContextFromBaseline(),
+                var_exception.value());
+    Unreachable();
+  }
 }
 
 TF_BUILTIN(StrictEqual_Baseline, CodeStubAssembler) {
diff --git a/deps/v8/src/builtins/builtins-object-gen.cc b/deps/v8/src/builtins/builtins-object-gen.cc
index d5f2cd711ab4b5..a7f202b0fccf0f 100644
--- a/deps/v8/src/builtins/builtins-object-gen.cc
+++ b/deps/v8/src/builtins/builtins-object-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-object-gen.h"
 
+#include <optional>
+
 #include "src/builtins/builtins-constructor-gen.h"
 #include "src/builtins/builtins-inl.h"
 #include "src/builtins/builtins-utils-gen.h"
@@ -17,6 +19,7 @@
 #include "src/objects/property-descriptor-object.h"
 #include "src/objects/property-details.h"
 #include "src/objects/shared-function-info.h"
+#include "src/objects/transitions.h"
 
 namespace v8 {
 namespace internal {
@@ -284,7 +287,7 @@ TNode<JSArray> ObjectEntriesValuesBuiltinsAssembler::FastGetOwnValuesOrEntries(
         TNode<JSArray> array;
         TNode<FixedArrayBase> elements;
         std::tie(array, elements) = AllocateUninitializedJSArrayWithElements(
-            PACKED_ELEMENTS, array_map, SmiConstant(2), base::nullopt,
+            PACKED_ELEMENTS, array_map, SmiConstant(2), std::nullopt,
             IntPtrConstant(2));
         StoreFixedArrayElement(CAST(elements), 0, next_key, SKIP_WRITE_BARRIER);
         StoreFixedArrayElement(CAST(elements), 1, value, SKIP_WRITE_BARRIER);
@@ -409,7 +412,6 @@ TF_BUILTIN(ObjectAssign, ObjectBuiltinsAssembler) {
   TNode<IntPtrT> args_length = args.GetLengthWithoutReceiver();
   GotoIf(UintPtrLessThanOrEqual(args_length, IntPtrConstant(1)), &done);
 
-#ifdef V8_OBJECT_ASSIGN_FASTCASE
   // First let's try a fastpath specifically for when the target objects is an
   // empty object literal.
   // TODO(olivf): For the cases where we could detect that the object literal
@@ -486,31 +488,78 @@ TF_BUILTIN(ObjectAssign, ObjectBuiltinsAssembler) {
     GotoIfNot(TaggedEqual(LoadElements(CAST(to)), EmptyFixedArrayConstant()),
               &slow_path);
 
+    Label continue_fast_path(this), runtime_map_lookup(this, Label::kDeferred);
+
     // Check if our particular source->target combination is fast clonable.
     // E.g., this ensures that we only have fast properties and in general that
     // the binary layout is compatible for `FastCloneJSObject`.
-    // TODO(olivf): Add a fastcase to read the cached target map from the
-    // transition array without going through the runtime.
-    Label continue_fast_path(this);
+    // If suche a clone map exists then it can be found in the transition array
+    // with object_assign_clone_transition_symbol as a key. If this transition
+    // slot is cleared, then the map is not clonable. If the key is missing
+    // from the transitions we rely on the runtime function
+    // ObjectAssignTryFastcase that does the actual computation.
+    TVARIABLE(Map, clone_map);
+    {
+      // First check if we have a transition array.
+      TNode<MaybeObject> maybe_transitions = LoadMaybeWeakObjectField(
+          from_map, Map::kTransitionsOrPrototypeInfoOffset);
+      TNode<HeapObject> maybe_transitions2 =
+          GetHeapObjectIfStrong(maybe_transitions, &runtime_map_lookup);
+      GotoIfNot(IsTransitionArrayMap(LoadMap(maybe_transitions2)),
+                &runtime_map_lookup);
+      TNode<WeakFixedArray> transitions = CAST(maybe_transitions2);
+      TNode<Object> side_step_transitions = CAST(LoadWeakFixedArrayElement(
+          transitions,
+          IntPtrConstant(TransitionArray::kSideStepTransitionsIndex)));
+      GotoIf(TaggedIsSmi(side_step_transitions), &runtime_map_lookup);
+      TNode<MaybeObject> maybe_target_map = LoadWeakFixedArrayElement(
+          CAST(side_step_transitions),
+          IntPtrConstant(SideStepTransition::index_of(
+              SideStepTransition::Kind::kObjectAssign)));
+      GotoIf(TaggedEqual(maybe_target_map,
+                         SmiConstant(SideStepTransition::Unreachable)),
+             &slow_path);
+      GotoIf(
+          TaggedEqual(maybe_target_map, SmiConstant(SideStepTransition::Empty)),
+          &runtime_map_lookup);
+      TNode<Map> target_map =
+          CAST(GetHeapObjectAssumeWeak(maybe_target_map, &runtime_map_lookup));
+      GotoIf(IsDeprecatedMap(target_map), &runtime_map_lookup);
+      TNode<MaybeObject> maybe_validity_cell = LoadWeakFixedArrayElement(
+          CAST(side_step_transitions),
+          IntPtrConstant(SideStepTransition::index_of(
+              SideStepTransition::Kind::kObjectAssignValidityCell)));
+      TNode<Cell> validity_cell = CAST(
+          GetHeapObjectAssumeWeak(maybe_validity_cell, &runtime_map_lookup));
+      GotoIfNot(TaggedEqual(LoadCellValue(validity_cell),
+                            SmiConstant(Map::kPrototypeChainValid)),
+                &runtime_map_lookup);
+      clone_map = target_map;
+    }
+    Goto(&continue_fast_path);
+
+    BIND(&runtime_map_lookup);
     TNode<HeapObject> maybe_clone_map =
         CAST(CallRuntime(Runtime::kObjectAssignTryFastcase, context, from, to));
     GotoIf(TaggedEqual(maybe_clone_map, UndefinedConstant()), &slow_path);
     GotoIf(TaggedEqual(maybe_clone_map, TrueConstant()), &done_fast_path);
     CSA_DCHECK(this, IsMap(maybe_clone_map));
+    clone_map = CAST(maybe_clone_map);
     Goto(&continue_fast_path);
 
     BIND(&continue_fast_path);
-    TNode<Map> clone_map = CAST(maybe_clone_map);
-    CSA_DCHECK(this, IntPtrEqual(LoadMapInstanceSizeInWords(to_map),
-                                 LoadMapInstanceSizeInWords(clone_map)));
     CSA_DCHECK(this,
-               IntPtrEqual(LoadMapInobjectPropertiesStartInWords(to_map),
-                           LoadMapInobjectPropertiesStartInWords(clone_map)));
+               IntPtrEqual(LoadMapInstanceSizeInWords(to_map),
+                           LoadMapInstanceSizeInWords(clone_map.value())));
+    CSA_DCHECK(
+        this,
+        IntPtrEqual(LoadMapInobjectPropertiesStartInWords(to_map),
+                    LoadMapInobjectPropertiesStartInWords(clone_map.value())));
     FastCloneJSObject(
-        from, from_map, clone_map,
+        from, from_map, clone_map.value(),
         [&](TNode<Map> map, TNode<HeapObject> properties,
             TNode<FixedArray> elements) {
-          StoreMap(to, clone_map);
+          StoreMap(to, clone_map.value());
           StoreJSReceiverPropertiesOrHash(to, properties);
           StoreJSObjectElements(CAST(to), elements);
           return to;
@@ -527,14 +576,13 @@ TF_BUILTIN(ObjectAssign, ObjectBuiltinsAssembler) {
            &done);
   }
   BIND(&slow_path);
-#endif  // V8_OBJECT_ASSIGN_FASTCASE
 
   // 3. Let sources be the List of argument values starting with the
   //    second argument.
   // 4. For each element nextSource of sources, in ascending index order,
   {
     args.ForEach(
-        [=](TNode<Object> next_source) {
+        [=, this](TNode<Object> next_source) {
           CallBuiltin(Builtin::kSetDataProperties, context, to, next_source);
         },
         slow_path_index.value());
@@ -599,7 +647,7 @@ TF_BUILTIN(ObjectKeys, ObjectBuiltinsAssembler) {
     TNode<IntPtrT> object_enum_length_intptr = Signed(object_enum_length);
     TNode<Smi> array_length = SmiTag(object_enum_length_intptr);
     std::tie(array, elements) = AllocateUninitializedJSArrayWithElements(
-        PACKED_ELEMENTS, array_map, array_length, base::nullopt,
+        PACKED_ELEMENTS, array_map, array_length, std::nullopt,
         object_enum_length_intptr);
     CopyFixedArrayElements(PACKED_ELEMENTS, object_enum_keys, elements,
                            object_enum_length_intptr, SKIP_WRITE_BARRIER);
@@ -729,7 +777,7 @@ TF_BUILTIN(ObjectGetOwnPropertyNames, ObjectBuiltinsAssembler) {
     TNode<IntPtrT> object_enum_length_intptr = Signed(object_enum_length);
     TNode<Smi> array_length = SmiTag(object_enum_length_intptr);
     std::tie(array, elements) = AllocateUninitializedJSArrayWithElements(
-        PACKED_ELEMENTS, array_map, array_length, base::nullopt,
+        PACKED_ELEMENTS, array_map, array_length, std::nullopt,
         object_enum_length_intptr);
     CopyFixedArrayElements(PACKED_ELEMENTS, object_enum_keys, elements,
                            object_enum_length_intptr, SKIP_WRITE_BARRIER);
@@ -1110,12 +1158,12 @@ TF_BUILTIN(ObjectToString, ObjectBuiltinsAssembler) {
     TNode<Object> receiver_is_array =
         CallRuntime(Runtime::kArrayIsArray, context, receiver_heap_object);
     TNode<String> builtin_tag = Select<String>(
-        IsTrue(receiver_is_array), [=] { return ArrayStringConstant(); },
-        [=] {
+        IsTrue(receiver_is_array), [=, this] { return ArrayStringConstant(); },
+        [=, this] {
           return Select<String>(
               IsCallableMap(receiver_map),
-              [=] { return FunctionStringConstant(); },
-              [=] { return ObjectStringConstant(); });
+              [=, this] { return FunctionStringConstant(); },
+              [=, this] { return ObjectStringConstant(); });
         });
 
     // Lookup the @@toStringTag property on the {receiver_heap_object}.
@@ -1352,7 +1400,7 @@ TF_BUILTIN(CreateGeneratorObject, ObjectBuiltinsAssembler) {
                           IntPtrConstant(0), size, RootIndex::kUndefinedValue);
   // TODO(cbruni): support start_offset to avoid double initialization.
   TNode<JSObject> result =
-      AllocateJSObjectFromMap(map, base::nullopt, base::nullopt,
+      AllocateJSObjectFromMap(map, std::nullopt, std::nullopt,
                               AllocationFlag::kNone, kWithSlackTracking);
   StoreObjectFieldNoWriteBarrier(result, JSGeneratorObject::kFunctionOffset,
                                  closure);
diff --git a/deps/v8/src/builtins/builtins-proxy-gen.cc b/deps/v8/src/builtins/builtins-proxy-gen.cc
index ed92f7b577b0e5..6852bb95102381 100644
--- a/deps/v8/src/builtins/builtins-proxy-gen.cc
+++ b/deps/v8/src/builtins/builtins-proxy-gen.cc
@@ -78,12 +78,8 @@ TNode<JSFunction> ProxiesCodeStubAssembler::AllocateProxyRevokeFunction(
 
   const TNode<Context> proxy_context =
       CreateProxyRevokeFunctionContext(proxy, native_context);
-  const TNode<Map> revoke_map = CAST(LoadContextElement(
-      native_context, Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX));
-  const TNode<SharedFunctionInfo> revoke_info = ProxyRevokeSharedFunConstant();
-
-  return AllocateFunctionWithMapAndContext(revoke_map, revoke_info,
-                                           proxy_context);
+  return AllocateRootFunctionWithContext(RootIndex::kProxyRevokeSharedFun,
+                                         proxy_context);
 }
 
 TF_BUILTIN(CallProxy, ProxiesCodeStubAssembler) {
diff --git a/deps/v8/src/builtins/builtins-regexp-gen.cc b/deps/v8/src/builtins/builtins-regexp-gen.cc
index 3b62c0b42f5698..706f80861b6312 100644
--- a/deps/v8/src/builtins/builtins-regexp-gen.cc
+++ b/deps/v8/src/builtins/builtins-regexp-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/builtins-regexp-gen.h"
 
+#include <optional>
+
 #include "src/builtins/builtins-constructor-gen.h"
 #include "src/builtins/builtins-utils-gen.h"
 #include "src/builtins/builtins.h"
@@ -59,7 +61,7 @@ TNode<JSRegExpResult> RegExpBuiltinsAssembler::AllocateRegExpResult(
 
   Label result_has_indices(this), allocated(this);
   const ElementsKind elements_kind = PACKED_ELEMENTS;
-  base::Optional<TNode<AllocationSite>> no_gc_site = base::nullopt;
+  std::optional<TNode<AllocationSite>> no_gc_site = std::nullopt;
   TNode<IntPtrT> length_intptr = PositiveSmiUntag(length);
   // Note: The returned `var_elements` may be in young large object space, but
   // `var_array` is guaranteed to be in new space so we could skip write
@@ -115,8 +117,8 @@ TNode<JSRegExpResult> RegExpBuiltinsAssembler::AllocateRegExpResult(
   // If non-smi last_index then store an SmiZero instead.
   {
     TNode<Smi> last_index_smi = Select<Smi>(
-        TaggedIsSmi(last_index), [=] { return CAST(last_index); },
-        [=] { return SmiZero(); });
+        TaggedIsSmi(last_index), [=, this] { return CAST(last_index); },
+        [=, this] { return SmiZero(); });
     StoreObjectField(result, JSRegExpResult::kRegexpLastIndexOffset,
                      last_index_smi);
   }
@@ -247,23 +249,17 @@ TNode<JSRegExpResult> RegExpBuiltinsAssembler::ConstructNewResultFromMatchInfo(
     // Preparations for named capture properties. Exit early if the result does
     // not have any named captures to minimize performance impact.
 
-    TNode<FixedArray> data =
-        CAST(LoadObjectField(regexp, JSRegExp::kDataOffset));
+    TNode<RegExpData> data = CAST(LoadTrustedPointerFromObject(
+        regexp, JSRegExp::kDataOffset, kRegExpDataIndirectPointerTag));
 
     // We reach this point only if captures exist, implying that the assigned
     // regexp engine must be able to handle captures.
-    CSA_DCHECK(
-        this,
-        Word32Or(
-            SmiEqual(CAST(LoadFixedArrayElement(data, JSRegExp::kTagIndex)),
-                     SmiConstant(JSRegExp::IRREGEXP)),
-            SmiEqual(CAST(LoadFixedArrayElement(data, JSRegExp::kTagIndex)),
-                     SmiConstant(JSRegExp::EXPERIMENTAL))));
+    CSA_SBXCHECK(this, HasInstanceType(data, IR_REG_EXP_DATA_TYPE));
 
     // The names fixed array associates names at even indices with a capture
     // index at odd indices.
     TNode<Object> maybe_names =
-        LoadFixedArrayElement(data, JSRegExp::kIrregexpCaptureNameMapIndex);
+        LoadObjectField(data, IrRegExpData::kCaptureNameMapOffset);
     GotoIf(TaggedEqual(maybe_names, SmiZero()), &maybe_build_indices);
 
     // One or more named captures exist, add a property for each one.
@@ -431,18 +427,22 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
   GotoIf(UintPtrGreaterThan(int_last_index, int_string_length), &if_failure);
 
   // Since the RegExp has been compiled, data contains a fixed array.
-  TNode<FixedArray> data = CAST(LoadObjectField(regexp, JSRegExp::kDataOffset));
+  TNode<RegExpData> data = CAST(LoadTrustedPointerFromObject(
+      regexp, JSRegExp::kDataOffset, kRegExpDataIndirectPointerTag));
   {
     // Dispatch on the type of the RegExp.
+    // Since the type tag is in trusted space, it is safe to interpret
+    // RegExpData as IrRegExpData/AtomRegExpData in the respective branches
+    // without checks.
     {
       Label next(this), unreachable(this, Label::kDeferred);
-      TNode<Int32T> tag = LoadAndUntagToWord32FixedArrayElement(
-          data, IntPtrConstant(JSRegExp::kTagIndex));
+      TNode<Int32T> tag =
+          SmiToInt32(LoadObjectField<Smi>(data, RegExpData::kTypeTagOffset));
 
       int32_t values[] = {
-          JSRegExp::IRREGEXP,
-          JSRegExp::ATOM,
-          JSRegExp::EXPERIMENTAL,
+          static_cast<uint8_t>(RegExpData::Type::IRREGEXP),
+          static_cast<uint8_t>(RegExpData::Type::ATOM),
+          static_cast<uint8_t>(RegExpData::Type::EXPERIMENTAL),
       };
       Label* labels[] = {&next, &atom, &next};
 
@@ -457,8 +457,8 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
 
     // Check (number_of_captures + 1) * 2 <= offsets vector size
     // Or              number_of_captures <= offsets vector size / 2 - 1
-    TNode<Smi> capture_count = CAST(UnsafeLoadFixedArrayElement(
-        data, JSRegExp::kIrregexpCaptureCountIndex));
+    TNode<Smi> capture_count =
+        LoadObjectField<Smi>(data, IrRegExpData::kCaptureCountOffset);
 
     const int kOffsetsSize = Isolate::kJSRegexpStaticOffsetsVectorSize;
     static_assert(kOffsetsSize >= 2);
@@ -475,15 +475,19 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
 
   TVARIABLE(RawPtrT, var_string_start);
   TVARIABLE(RawPtrT, var_string_end);
-  TVARIABLE(Object, var_code);
+#ifdef V8_ENABLE_SANDBOX
+  using kVarCodeT = IndirectPointerHandleT;
+#else
+  using kVarCodeT = Object;
+#endif
+  TVARIABLE(kVarCodeT, var_code);
   TVARIABLE(Object, var_bytecode);
 
   {
     TNode<RawPtrT> direct_string_data = to_direct.PointerToData(&runtime);
 
     Label next(this), if_isonebyte(this), if_istwobyte(this, Label::kDeferred);
-    Branch(IsOneByteStringInstanceType(to_direct.instance_type()),
-           &if_isonebyte, &if_istwobyte);
+    Branch(to_direct.IsOneByte(), &if_isonebyte, &if_istwobyte);
 
     BIND(&if_isonebyte);
     {
@@ -491,9 +495,8 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
                         int_string_length, String::ONE_BYTE_ENCODING,
                         &var_string_start, &var_string_end);
       var_code =
-          UnsafeLoadFixedArrayElement(data, JSRegExp::kIrregexpLatin1CodeIndex);
-      var_bytecode = UnsafeLoadFixedArrayElement(
-          data, JSRegExp::kIrregexpLatin1BytecodeIndex);
+          LoadObjectField<kVarCodeT>(data, IrRegExpData::kLatin1CodeOffset);
+      var_bytecode = LoadObjectField(data, IrRegExpData::kLatin1BytecodeOffset);
       Goto(&next);
     }
 
@@ -503,9 +506,8 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
                         int_string_length, String::TWO_BYTE_ENCODING,
                         &var_string_start, &var_string_end);
       var_code =
-          UnsafeLoadFixedArrayElement(data, JSRegExp::kIrregexpUC16CodeIndex);
-      var_bytecode = UnsafeLoadFixedArrayElement(
-          data, JSRegExp::kIrregexpUC16BytecodeIndex);
+          LoadObjectField<kVarCodeT>(data, IrRegExpData::kUc16CodeOffset);
+      var_bytecode = LoadObjectField(data, IrRegExpData::kUc16BytecodeOffset);
       Goto(&next);
     }
 
@@ -513,23 +515,15 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
   }
 
   // Check that the irregexp code has been generated for the actual string
-  // encoding. If it has, the field contains a code object; and otherwise it
-  // contains the uninitialized sentinel as a smi.
-#ifdef DEBUG
-  {
-    Label next(this);
-    GotoIfNot(TaggedIsSmi(var_code.value()), &next);
-    CSA_DCHECK(this, SmiEqual(CAST(var_code.value()),
-                              SmiConstant(JSRegExp::kUninitializedValue)));
-    Goto(&next);
-    BIND(&next);
-  }
-#endif
+  // encoding.
 
+#ifdef V8_ENABLE_SANDBOX
+  GotoIf(
+      Word32Equal(var_code.value(), Int32Constant(kNullIndirectPointerHandle)),
+      &runtime);
+#else
   GotoIf(TaggedIsSmi(var_code.value()), &runtime);
-  TNode<CodeWrapper> code_wrapper = CAST(var_code.value());
-  TNode<Code> code =
-      LoadCodePointerFromObject(code_wrapper, CodeWrapper::kCodeOffset);
+#endif
 
   Label if_success(this), if_exception(this, Label::kDeferred);
   {
@@ -569,8 +563,8 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
     // Argument 5: Number of capture registers.
     // Setting this to the number of registers required to store all captures
     // forces global regexps to behave as non-global.
-    TNode<Smi> capture_count = CAST(UnsafeLoadFixedArrayElement(
-        data, JSRegExp::kIrregexpCaptureCountIndex));
+    TNode<Smi> capture_count =
+        LoadObjectField<Smi>(data, IrRegExpData::kCaptureCountOffset);
     // capture_count is the number of captures without the match itself.
     // Required registers = (capture_count + 1) * 2.
     static_assert(Internals::IsValidSmi((JSRegExp::kMaxCaptures + 1) * 2));
@@ -588,17 +582,19 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
     MachineType arg7_type = type_ptr;
     TNode<ExternalReference> arg7 = isolate_address;
 
-    // Argument 8: Regular expression object. This argument is ignored in native
-    // irregexp code.
+    // Argument 8: Regular expression data object. This argument is ignored in
+    // native irregexp code.
     MachineType arg8_type = type_tagged;
-    TNode<JSRegExp> arg8 = regexp;
+    TNode<IrRegExpData> arg8 = CAST(data);
 
-    // TODO(saelo): if we refactor RegExp objects to contain a code pointer
-    // instead of referencing the CodeWrapper object, we could directly load
-    // the entrypoint from that via LoadCodeEntrypointViaCodePointerField. This
-    // will save an indirection when the sandbox is enabled.
+#ifdef V8_ENABLE_SANDBOX
+    TNode<RawPtrT> code_entry = LoadCodeEntryFromIndirectPointerHandle(
+        var_code.value(), kRegExpEntrypointTag);
+#else
+    TNode<Code> code = CAST(var_code.value());
     TNode<RawPtrT> code_entry =
         LoadCodeInstructionStart(code, kRegExpEntrypointTag);
+#endif
 
     // AIX uses function descriptors on CFunction calls. code_entry in this case
     // may also point to a Regex interpreter entry trampoline which does not
@@ -647,8 +643,8 @@ TNode<HeapObject> RegExpBuiltinsAssembler::RegExpExecInternal(
 
     // Check that the last match info has space for the capture registers.
     TNode<Smi> available_slots = LoadArrayCapacity(match_info);
-    TNode<Smi> capture_count = CAST(UnsafeLoadFixedArrayElement(
-        data, JSRegExp::kIrregexpCaptureCountIndex));
+    TNode<Smi> capture_count =
+        LoadObjectField<Smi>(data, IrRegExpData::kCaptureCountOffset);
     // Calculate number of register_count = (capture_count + 1) * 2.
     TNode<Smi> register_count =
         SmiShl(SmiAdd(capture_count, SmiConstant(1)), 1);
@@ -781,7 +777,7 @@ TNode<BoolT> RegExpBuiltinsAssembler::IsFastRegExpNoPrototype(
 void RegExpBuiltinsAssembler::BranchIfFastRegExp(
     TNode<Context> context, TNode<HeapObject> object, TNode<Map> map,
     PrototypeCheckAssembler::Flags prototype_check_flags,
-    base::Optional<DescriptorIndexNameValue> additional_property_to_check,
+    std::optional<DescriptorIndexNameValue> additional_property_to_check,
     Label* if_isunmodified, Label* if_ismodified) {
   CSA_DCHECK(this, TaggedEqual(LoadMap(object), map));
 
@@ -857,14 +853,14 @@ void RegExpBuiltinsAssembler::BranchIfFastRegExp_Strict(
     Label* if_ismodified) {
   BranchIfFastRegExp(context, object, LoadMap(object),
                      PrototypeCheckAssembler::kCheckPrototypePropertyConstness,
-                     base::nullopt, if_isunmodified, if_ismodified);
+                     std::nullopt, if_isunmodified, if_ismodified);
 }
 
 void RegExpBuiltinsAssembler::BranchIfFastRegExp_Permissive(
     TNode<Context> context, TNode<HeapObject> object, Label* if_isunmodified,
     Label* if_ismodified) {
   BranchIfFastRegExp(context, object, LoadMap(object),
-                     PrototypeCheckAssembler::kCheckFull, base::nullopt,
+                     PrototypeCheckAssembler::kCheckFull, std::nullopt,
                      if_isunmodified, if_ismodified);
 }
 
@@ -907,11 +903,9 @@ TF_BUILTIN(RegExpExecAtom, RegExpBuiltinsAssembler) {
 
   CSA_DCHECK(this, TaggedIsPositiveSmi(last_index));
 
-  TNode<FixedArray> data = CAST(LoadObjectField(regexp, JSRegExp::kDataOffset));
-  CSA_DCHECK(
-      this,
-      SmiEqual(CAST(UnsafeLoadFixedArrayElement(data, JSRegExp::kTagIndex)),
-               SmiConstant(JSRegExp::ATOM)));
+  TNode<RegExpData> data = CAST(LoadTrustedPointerFromObject(
+      regexp, JSRegExp::kDataOffset, kRegExpDataIndirectPointerTag));
+  CSA_SBXCHECK(this, HasInstanceType(data, ATOM_REG_EXP_DATA_TYPE));
 
   // Callers ensure that last_index is in-bounds.
   CSA_DCHECK(this,
@@ -919,7 +913,7 @@ TF_BUILTIN(RegExpExecAtom, RegExpBuiltinsAssembler) {
                                     LoadStringLengthAsWord(subject_string)));
 
   const TNode<String> needle_string =
-      CAST(UnsafeLoadFixedArrayElement(data, JSRegExp::kAtomPatternIndex));
+      LoadObjectField<String>(data, AtomRegExpData::kPatternOffset);
 
   // ATOM patterns are guaranteed to not be the empty string (these are
   // intercepted and replaced in JSRegExp::Initialize.
@@ -1123,13 +1117,13 @@ TNode<Object> RegExpBuiltinsAssembler::RegExpInitialize(
     const TNode<Object> maybe_pattern, const TNode<Object> maybe_flags) {
   // Normalize pattern.
   const TNode<Object> pattern = Select<Object>(
-      IsUndefined(maybe_pattern), [=] { return EmptyStringConstant(); },
-      [=] { return ToString_Inline(context, maybe_pattern); });
+      IsUndefined(maybe_pattern), [=, this] { return EmptyStringConstant(); },
+      [=, this] { return ToString_Inline(context, maybe_pattern); });
 
   // Normalize flags.
   const TNode<Object> flags = Select<Object>(
-      IsUndefined(maybe_flags), [=] { return EmptyStringConstant(); },
-      [=] { return ToString_Inline(context, maybe_flags); });
+      IsUndefined(maybe_flags), [=, this] { return EmptyStringConstant(); },
+      [=, this] { return ToString_Inline(context, maybe_flags); });
 
   // Initialize.
 
@@ -1253,6 +1247,10 @@ TF_BUILTIN(RegExpConstructor, RegExpBuiltinsAssembler) {
     BIND(&next);
   }
 
+  // Clear data field, as a GC can be triggered before it is initialized with a
+  // correct trusted pointer handle.
+  ClearTrustedPointerField(var_regexp.value(), JSRegExp::kDataOffset);
+
   const TNode<Object> result = RegExpInitialize(
       context, var_regexp.value(), var_pattern.value(), var_flags.value());
   Return(result);
@@ -1531,7 +1529,7 @@ TNode<JSArray> RegExpBuiltinsAssembler::RegExpPrototypeSplitBody(
       {
         TNode<Smi> length = SmiConstant(1);
         TNode<IntPtrT> capacity = IntPtrConstant(1);
-        base::Optional<TNode<AllocationSite>> allocation_site = base::nullopt;
+        std::optional<TNode<AllocationSite>> allocation_site = std::nullopt;
         var_result =
             AllocateJSArray(kind, array_map, capacity, length, allocation_site);
 
@@ -1694,7 +1692,7 @@ TNode<JSArray> RegExpBuiltinsAssembler::RegExpPrototypeSplitBody(
   {
     TNode<Smi> length = SmiZero();
     TNode<IntPtrT> capacity = IntPtrZero();
-    base::Optional<TNode<AllocationSite>> allocation_site = base::nullopt;
+    std::optional<TNode<AllocationSite>> allocation_site = std::nullopt;
     var_result =
         AllocateJSArray(kind, array_map, capacity, length, allocation_site);
     Goto(&done);
diff --git a/deps/v8/src/builtins/builtins-regexp-gen.h b/deps/v8/src/builtins/builtins-regexp-gen.h
index 53e746575ea99a..95362e1e668d35 100644
--- a/deps/v8/src/builtins/builtins-regexp-gen.h
+++ b/deps/v8/src/builtins/builtins-regexp-gen.h
@@ -5,7 +5,8 @@
 #ifndef V8_BUILTINS_BUILTINS_REGEXP_GEN_H_
 #define V8_BUILTINS_BUILTINS_REGEXP_GEN_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/codegen/code-stub-assembler.h"
 #include "src/common/message-template.h"
 #include "src/objects/string.h"
@@ -94,7 +95,7 @@ class RegExpBuiltinsAssembler : public CodeStubAssembler {
   void BranchIfFastRegExp(
       TNode<Context> context, TNode<HeapObject> object, TNode<Map> map,
       PrototypeCheckAssembler::Flags prototype_check_flags,
-      base::Optional<DescriptorIndexNameValue> additional_property_to_check,
+      std::optional<DescriptorIndexNameValue> additional_property_to_check,
       Label* if_isunmodified, Label* if_ismodified);
 
   void BranchIfFastRegExpForSearch(TNode<Context> context,
diff --git a/deps/v8/src/builtins/builtins-shadow-realm-gen.cc b/deps/v8/src/builtins/builtins-shadow-realm-gen.cc
index d48940ed6cca81..b634d58b86e839 100644
--- a/deps/v8/src/builtins/builtins-shadow-realm-gen.cc
+++ b/deps/v8/src/builtins/builtins-shadow-realm-gen.cc
@@ -81,13 +81,8 @@ ShadowRealmBuiltinsAssembler::AllocateImportValueFulfilledFunction(
   const TNode<Context> function_context =
       CreateImportValueFulfilledFunctionContext(caller_context, eval_context,
                                                 specifier, export_name);
-  const TNode<Map> function_map = CAST(LoadContextElement(
-      caller_context, Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX));
-  const TNode<SharedFunctionInfo> info =
-      ShadowRealmImportValueFulfilledSFIConstant();
-
-  return AllocateFunctionWithMapAndContext(function_map, info,
-                                           function_context);
+  return AllocateRootFunctionWithContext(
+      RootIndex::kShadowRealmImportValueFulfilledSharedFun, function_context);
 }
 
 void ShadowRealmBuiltinsAssembler::CheckAccessor(TNode<DescriptorArray> array,
diff --git a/deps/v8/src/builtins/builtins-shadow-realm.cc b/deps/v8/src/builtins/builtins-shadow-realm.cc
index 60a09accd98df1..9ba4e4265bf5c6 100644
--- a/deps/v8/src/builtins/builtins-shadow-realm.cc
+++ b/deps/v8/src/builtins/builtins-shadow-realm.cc
@@ -143,7 +143,8 @@ BUILTIN(ShadowRealmPrototypeEvaluate) {
     // 12. Set evalContext's ScriptOrModule to null.
     // 13. Set evalContext's VariableEnvironment to varEnv.
     // 14. Set evalContext's LexicalEnvironment to lexEnv.
-    // 15. Push evalContext onto the execution context stack; evalContext is now
+    // 15. Set evalContext's PrivateEnvironment to null.
+    // 16. Push evalContext onto the execution context stack; evalContext is now
     // the running execution context.
     SaveAndSwitchContext save(isolate, *eval_context);
 
@@ -173,17 +174,17 @@ BUILTIN(ShadowRealmPrototypeEvaluate) {
     } else {
       function = maybe_function.ToHandleChecked();
 
-      // 16. Let result be EvalDeclarationInstantiation(body, varEnv,
+      // 17. Let result be EvalDeclarationInstantiation(body, varEnv,
       // lexEnv, null, strictEval).
-      // 17. If result.[[Type]] is normal, then
-      // 20a. Set result to the result of evaluating body.
-      // 18. If result.[[Type]] is normal and result.[[Value]] is empty, then
-      // 21a. Set result to NormalCompletion(undefined).
+      // 18. If result.[[Type]] is normal, then
+      // 18a. a. Set result to Completion(Evaluation of body).
+      // 19. If result.[[Type]] is normal and result.[[Value]] is empty, then
+      // 19a. Set result to NormalCompletion(undefined).
       result =
           Execution::Call(isolate, function, eval_global_proxy, 0, nullptr);
 
-      // 19. Suspend evalContext and remove it from the execution context stack.
-      // 20. Resume the context that is now on the top of the execution context
+      // 20. Suspend evalContext and remove it from the execution context stack.
+      // 21. Resume the context that is now on the top of the execution context
       // stack as the running execution context. Done by the scope.
     }
   }
@@ -200,14 +201,17 @@ BUILTIN(ShadowRealmPrototypeEvaluate) {
       return isolate->ReThrow(
           *factory->NewError(isolate->syntax_error_function(), message));
     }
-    // 21. If result.[[Type]] is not normal, throw a TypeError exception.
+    // 22. If result.[[Type]] is not NORMAL, then
+    // 22a. Let copiedError be CreateTypeErrorCopy(callerRealm,
+    // result.[[Value]]). 22b. Return ThrowCompletion(copiedError).
     DirectHandle<String> string =
         Object::NoSideEffectsToString(isolate, exception);
     THROW_NEW_ERROR_RETURN_FAILURE(
         isolate,
-        NewTypeError(MessageTemplate::kCallShadowRealmEvaluateThrew, string));
+        ShadowRealmNewTypeErrorCopy(
+            exception, MessageTemplate::kCallShadowRealmEvaluateThrew, string));
   }
-  // 22. Return ? GetWrappedValue(callerRealm, result.[[Value]]).
+  // 23. Return ? GetWrappedValue(callerRealm, result.[[Value]]).
   Handle<Object> wrapped_result;
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, wrapped_result,
diff --git a/deps/v8/src/builtins/builtins-sharedarraybuffer.cc b/deps/v8/src/builtins/builtins-sharedarraybuffer.cc
index 73cea8b1cef127..10225a0c3e2acf 100644
--- a/deps/v8/src/builtins/builtins-sharedarraybuffer.cc
+++ b/deps/v8/src/builtins/builtins-sharedarraybuffer.cc
@@ -276,7 +276,7 @@ BUILTIN(AtomicsWaitAsync) {
 
 namespace {
 V8_NOINLINE Maybe<bool> CheckAtomicsPauseIterationNumber(
-    Isolate* isolate, Handle<Object> iteration_number) {
+    Isolate* isolate, DirectHandle<Object> iteration_number) {
   constexpr char method_name[] = "Atomics.pause";
 
   enum { None, BadType, Negative } error_type = None;
@@ -311,7 +311,7 @@ V8_NOINLINE Maybe<bool> CheckAtomicsPauseIterationNumber(
 // https://tc39.es/proposal-atomics-microwait/
 BUILTIN(AtomicsPause) {
   HandleScope scope(isolate);
-  Handle<Object> iteration_number = args.atOrUndefined(isolate, 1);
+  DirectHandle<Object> iteration_number = args.atOrUndefined(isolate, 1);
 
   // 1. If iterationNumber is not undefined, then
   if (V8_UNLIKELY(
diff --git a/deps/v8/src/builtins/builtins-string-gen.cc b/deps/v8/src/builtins/builtins-string-gen.cc
index 243d42d5881257..420e107e9501a7 100644
--- a/deps/v8/src/builtins/builtins-string-gen.cc
+++ b/deps/v8/src/builtins/builtins-string-gen.cc
@@ -119,8 +119,8 @@ TNode<IntPtrT> StringBuiltinsAssembler::SearchOneByteInOneByteString(
                     std::make_pair(MachineType::UintPtr(), search_length)));
   return Select<IntPtrT>(
       WordEqual(result_address, IntPtrConstant(0)),
-      [=] { return IntPtrConstant(-1); },
-      [=] {
+      [=, this] { return IntPtrConstant(-1); },
+      [=, this] {
         return IntPtrAdd(RawPtrSub(result_address, subject_start_ptr),
                          start_position);
       });
@@ -465,8 +465,8 @@ TNode<String> StringBuiltinsAssembler::AllocateConsString(TNode<Uint32T> length,
       Word32And(left_instance_type, right_instance_type);
   TNode<Map> result_map = CAST(Select<Object>(
       IsSetWord32(combined_instance_type, kStringEncodingMask),
-      [=] { return ConsOneByteStringMapConstant(); },
-      [=] { return ConsTwoByteStringMapConstant(); }));
+      [=, this] { return ConsOneByteStringMapConstant(); },
+      [=, this] { return ConsTwoByteStringMapConstant(); }));
   TNode<HeapObject> result = AllocateInNewSpace(sizeof(ConsString));
   StoreMapNoWriteBarrier(result, result_map);
   StoreObjectFieldNoWriteBarrier(result, offsetof(ConsString, length_), length);
@@ -937,7 +937,8 @@ TF_BUILTIN(StringGreaterThanOrEqual, StringBuiltinsAssembler) {
 
 #ifndef V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
 
-// NOTE: This needs to be kept in sync with the Turboshaft implementation.
+// NOTE: This needs to be kept in sync with the Turboshaft implementation in
+// `builtins-string-tsa.cc`.
 TF_BUILTIN(StringFromCodePointAt, StringBuiltinsAssembler) {
   auto receiver = Parameter<String>(Descriptor::kReceiver);
   auto position = UncheckedParameter<IntPtrT>(Descriptor::kPosition);
@@ -952,12 +953,12 @@ TF_BUILTIN(StringFromCodePointAt, StringBuiltinsAssembler) {
   Return(result);
 }
 
-#endif  // V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
-
 // -----------------------------------------------------------------------------
 // ES6 section 21.1 String Objects
 
 // ES6 #sec-string.fromcharcode
+// NOTE: This needs to be kept in sync with the Turboshaft implementation in
+// `builtins-string-tsa.cc`.
 TF_BUILTIN(StringFromCharCode, StringBuiltinsAssembler) {
   // TODO(ishell): use constants from Descriptor once the JSFunction linkage
   // arguments are reordered.
@@ -1062,6 +1063,8 @@ TF_BUILTIN(StringFromCharCode, StringBuiltinsAssembler) {
   }
 }
 
+#endif  // V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
+
 void StringBuiltinsAssembler::MaybeCallFunctionAtSymbol(
     const TNode<Context> context, const TNode<Object> object,
     const TNode<Object> maybe_string, Handle<Symbol> symbol,
@@ -1210,11 +1213,11 @@ TF_BUILTIN(StringPrototypeReplace, StringBuiltinsAssembler) {
         DescriptorIndexNameValue{
             JSRegExp::kSymbolReplaceFunctionDescriptorIndex,
             RootIndex::kreplace_symbol, Context::REGEXP_REPLACE_FUNCTION_INDEX},
-        [=]() {
+        [=, this]() {
           Return(CallBuiltin(Builtin::kRegExpReplace, context, search, receiver,
                              replace));
         },
-        [=](TNode<Object> fn) {
+        [=, this](TNode<Object> fn) {
           Return(Call(context, fn, search, receiver, replace));
         });
     Goto(&next);
@@ -1427,7 +1430,7 @@ TF_BUILTIN(StringPrototypeMatchAll, StringBuiltinsAssembler) {
     Return(
         RegExpPrototypeMatchAllImpl(context, native_context, maybe_regexp, s));
   };
-  auto if_generic_call = [=](TNode<Object> fn) {
+  auto if_generic_call = [=, this](TNode<Object> fn) {
     Return(Call(context, fn, maybe_regexp, receiver));
   };
   MaybeCallFunctionAtSymbol(
@@ -1464,10 +1467,10 @@ TNode<JSArray> StringBuiltinsAssembler::StringToArray(
 
   // Try to use cached one byte characters.
   {
-    TNode<Smi> length_smi =
-        Select<Smi>(TaggedIsSmi(limit_number),
-                    [=] { return SmiMin(CAST(limit_number), subject_length); },
-                    [=] { return subject_length; });
+    TNode<Smi> length_smi = Select<Smi>(
+        TaggedIsSmi(limit_number),
+        [=, this] { return SmiMin(CAST(limit_number), subject_length); },
+        [=] { return subject_length; });
     TNode<IntPtrT> length = SmiToIntPtr(length_smi);
 
     ToDirectStringAssembler to_direct(state(), subject_string);
@@ -1475,8 +1478,7 @@ TNode<JSArray> StringBuiltinsAssembler::StringToArray(
 
     // The extracted direct string may be two-byte even though the wrapping
     // string is one-byte.
-    GotoIfNot(IsOneByteStringInstanceType(to_direct.instance_type()),
-              &call_runtime);
+    GotoIfNot(to_direct.IsOneByte(), &call_runtime);
 
     TNode<FixedArray> elements =
         CAST(AllocateFixedArray(PACKED_ELEMENTS, length));
@@ -1566,8 +1568,8 @@ TF_BUILTIN(StringPrototypeSplit, StringBuiltinsAssembler) {
 
   TNode<String> subject_string = ToString_Inline(context, receiver);
   TNode<Number> limit_number = Select<Number>(
-      IsUndefined(limit), [=] { return NumberConstant(kMaxUInt32); },
-      [=] { return ToUint32(context, limit); });
+      IsUndefined(limit), [=, this] { return NumberConstant(kMaxUInt32); },
+      [=, this] { return ToUint32(context, limit); });
   const TNode<String> separator_string = ToString_Inline(context, separator);
 
   Label return_empty_array(this);
@@ -1862,13 +1864,12 @@ void StringBuiltinsAssembler::CopyStringCharacters(
 // 0 <= |from_index| <= |from_index| + |character_count| < from_string.length.
 template <typename T>
 TNode<String> StringBuiltinsAssembler::AllocAndCopyStringCharacters(
-    TNode<T> from, TNode<Int32T> from_instance_type, TNode<IntPtrT> from_index,
+    TNode<T> from, TNode<BoolT> from_is_one_byte, TNode<IntPtrT> from_index,
     TNode<IntPtrT> character_count) {
   Label end(this), one_byte_sequential(this), two_byte_sequential(this);
   TVARIABLE(String, var_result);
 
-  Branch(IsOneByteStringInstanceType(from_instance_type), &one_byte_sequential,
-         &two_byte_sequential);
+  Branch(from_is_one_byte, &one_byte_sequential, &two_byte_sequential);
 
   // The subject string is a sequential one-byte string.
   BIND(&one_byte_sequential);
@@ -2001,7 +2002,7 @@ TNode<String> StringBuiltinsAssembler::SubString(TNode<String> string,
 
   TNode<String> direct_string = to_direct.TryToDirect(&runtime);
   TNode<IntPtrT> offset = IntPtrAdd(from, to_direct.offset());
-  const TNode<Int32T> instance_type = to_direct.instance_type();
+  const TNode<BoolT> is_one_byte = to_direct.IsOneByte();
 
   // The subject string can only be external or sequential string of either
   // encoding at this point.
@@ -2017,8 +2018,7 @@ TNode<String> StringBuiltinsAssembler::SubString(TNode<String> string,
 
       // Allocate new sliced string.
       Label one_byte_slice(this), two_byte_slice(this);
-      Branch(IsOneByteStringInstanceType(to_direct.instance_type()),
-             &one_byte_slice, &two_byte_slice);
+      Branch(is_one_byte, &one_byte_slice, &two_byte_slice);
 
       BIND(&one_byte_slice);
       {
@@ -2043,7 +2043,7 @@ TNode<String> StringBuiltinsAssembler::SubString(TNode<String> string,
     // encoding at this point.
     GotoIf(to_direct.is_external(), &external_string);
 
-    var_result = AllocAndCopyStringCharacters(direct_string, instance_type,
+    var_result = AllocAndCopyStringCharacters(direct_string, is_one_byte,
                                               offset, substr_length);
     Goto(&end);
   }
@@ -2055,7 +2055,7 @@ TNode<String> StringBuiltinsAssembler::SubString(TNode<String> string,
         to_direct.PointerToString(&runtime);
 
     var_result = AllocAndCopyStringCharacters(
-        fake_sequential_string, instance_type, offset, substr_length);
+        fake_sequential_string, is_one_byte, offset, substr_length);
 
     Goto(&end);
   }
diff --git a/deps/v8/src/builtins/builtins-string-gen.h b/deps/v8/src/builtins/builtins-string-gen.h
index 2f0f139aa6097e..1122774fe965e7 100644
--- a/deps/v8/src/builtins/builtins-string-gen.h
+++ b/deps/v8/src/builtins/builtins-string-gen.h
@@ -192,7 +192,7 @@ class StringBuiltinsAssembler : public CodeStubAssembler {
  private:
   template <typename T>
   TNode<String> AllocAndCopyStringCharacters(TNode<T> from,
-                                             TNode<Int32T> from_instance_type,
+                                             TNode<BoolT> from_is_one_byte,
                                              TNode<IntPtrT> from_index,
                                              TNode<IntPtrT> character_count);
 };
diff --git a/deps/v8/src/builtins/builtins-string-tsa.cc b/deps/v8/src/builtins/builtins-string-tsa.cc
index 769a1657e1e120..91ee86b9aa468c 100644
--- a/deps/v8/src/builtins/builtins-string-tsa.cc
+++ b/deps/v8/src/builtins/builtins-string-tsa.cc
@@ -4,6 +4,12 @@
 
 #include "src/builtins/builtins-utils-gen.h"
 #include "src/codegen/turboshaft-builtins-assembler-inl.h"
+#include "src/compiler/globals.h"
+#include "src/compiler/turboshaft/representations.h"
+#include "src/compiler/turboshaft/string-view.h"
+#include "src/compiler/write-barrier-kind.h"
+#include "src/objects/string.h"
+#include "src/objects/tagged-field.h"
 
 namespace v8::internal {
 
@@ -14,23 +20,139 @@ using namespace compiler::turboshaft;  // NOLINT(build/namespaces)
 template <typename Next>
 class StringBuiltinsReducer : public Next {
  public:
-  TURBOSHAFT_REDUCER_BOILERPLATE(StringBuiltins)
+  BUILTIN_REDUCER(StringBuiltins)
+
+  void CopyStringCharacters(V<String> src_string, ConstOrV<WordPtr> src_begin,
+                            String::Encoding src_encoding, V<String> dst_string,
+                            ConstOrV<WordPtr> dst_begin,
+                            String::Encoding dst_encoding,
+                            ConstOrV<WordPtr> character_count) {
+    bool src_one_byte = src_encoding == String::ONE_BYTE_ENCODING;
+    bool dst_one_byte = dst_encoding == String::ONE_BYTE_ENCODING;
+    __ CodeComment("CopyStringCharacters ",
+                   src_one_byte ? "ONE_BYTE_ENCODING" : "TWO_BYTE_ENCODING",
+                   " -> ",
+                   dst_one_byte ? "ONE_BYTE_ENCODING" : "TWO_BYTE_ENCODING");
+
+    const auto dst_rep = dst_one_byte ? MemoryRepresentation::Uint8()
+                                      : MemoryRepresentation::Uint16();
+    static_assert(OFFSET_OF_DATA_START(SeqOneByteString) ==
+                  OFFSET_OF_DATA_START(SeqTwoByteString));
+    const size_t data_offset = OFFSET_OF_DATA_START(SeqOneByteString);
+    const int dst_stride = dst_one_byte ? 1 : 2;
+
+    DisallowGarbageCollection no_gc;
+    V<WordPtr> dst_begin_offset =
+        __ WordPtrAdd(__ BitcastTaggedToWordPtr(dst_string),
+                      __ WordPtrAdd(data_offset - kHeapObjectTag,
+                                    __ WordPtrMul(dst_begin, dst_stride)));
+
+    StringView src_view(no_gc, src_string, src_encoding, src_begin,
+                        character_count);
+    FOREACH(src_char, dst_offset,
+            Zip(src_view, Sequence(dst_begin_offset, dst_stride))) {
+#if DEBUG
+      // Copying two-byte characters to one-byte is okay if callers have
+      // checked that this loses no information.
+      if (v8_flags.debug_code && !src_one_byte && dst_one_byte) {
+        TSA_DCHECK(this, __ Uint32LessThanOrEqual(src_char, 0xFF));
+      }
+#endif
+      __ Store(dst_offset, src_char, StoreOp::Kind::RawAligned(), dst_rep,
+               compiler::kNoWriteBarrier);
+    }
+  }
+
+  V<SeqOneByteString> AllocateSeqOneByteString(V<WordPtr> length) {
+    __ CodeComment("AllocateSeqOneByteString");
+    Label<SeqOneByteString> done(this);
+    GOTO_IF(__ WordPtrEqual(length, 0), done,
+            V<SeqOneByteString>::Cast(__ EmptyStringConstant()));
+
+    V<WordPtr> object_size =
+        __ WordPtrAdd(sizeof(SeqOneByteString),
+                      __ WordPtrMul(length, sizeof(SeqOneByteString::Char)));
+    V<WordPtr> aligned_size = __ AlignTagged(object_size);
+    Uninitialized<SeqOneByteString> new_string =
+        __ template Allocate<SeqOneByteString>(aligned_size,
+                                               AllocationType::kYoung);
+    __ InitializeField(new_string, AccessBuilderTS::ForMap(),
+                       __ SeqOneByteStringMapConstant());
+
+    __ InitializeField(new_string, AccessBuilderTS::ForStringLength(),
+                       __ TruncateWordPtrToWord32(length));
+    __ InitializeField(new_string, AccessBuilderTS::ForNameRawHashField(),
+                       Name::kEmptyHashField);
+    V<SeqOneByteString> string = __ FinishInitialization(std::move(new_string));
+    // Clear padding.
+    V<WordPtr> raw_padding_begin = __ WordPtrAdd(
+        __ WordPtrAdd(__ BitcastTaggedToWordPtr(string), aligned_size),
+        -kObjectAlignment - kHeapObjectTag);
+    static_assert(kObjectAlignment ==
+                  MemoryRepresentation::TaggedSigned().SizeInBytes());
+    __ Store(raw_padding_begin, {}, __ SmiConstant(0),
+             StoreOp::Kind::RawAligned(), MemoryRepresentation::TaggedSigned(),
+             compiler::kNoWriteBarrier, 0, 0, true);
+    GOTO(done, string);
+
+    BIND(done, result);
+    return result;
+  }
+
+  V<SeqTwoByteString> AllocateSeqTwoByteString(V<WordPtr> length) {
+    __ CodeComment("AllocateSeqTwoByteString");
+    Label<SeqTwoByteString> done(this);
+    GOTO_IF(__ WordPtrEqual(length, 0), done,
+            V<SeqTwoByteString>::Cast(__ EmptyStringConstant()));
+
+    V<WordPtr> object_size =
+        __ WordPtrAdd(sizeof(SeqTwoByteString),
+                      __ WordPtrMul(length, sizeof(SeqTwoByteString::Char)));
+    V<WordPtr> aligned_size = __ AlignTagged(object_size);
+    Uninitialized<SeqTwoByteString> new_string =
+        __ template Allocate<SeqTwoByteString>(aligned_size,
+                                               AllocationType::kYoung);
+    __ InitializeField(new_string, AccessBuilderTS::ForMap(),
+                       __ SeqTwoByteStringMapConstant());
+
+    __ InitializeField(new_string, AccessBuilderTS::ForStringLength(),
+                       __ TruncateWordPtrToWord32(length));
+    __ InitializeField(new_string, AccessBuilderTS::ForNameRawHashField(),
+                       Name::kEmptyHashField);
+    V<SeqTwoByteString> string = __ FinishInitialization(std::move(new_string));
+    // Clear padding.
+    V<WordPtr> raw_padding_begin = __ WordPtrAdd(
+        __ WordPtrAdd(__ BitcastTaggedToWordPtr(string), aligned_size),
+        -kObjectAlignment - kHeapObjectTag);
+    static_assert(kObjectAlignment ==
+                  MemoryRepresentation::TaggedSigned().SizeInBytes());
+    __ Store(raw_padding_begin, {}, __ SmiConstant(0),
+             StoreOp::Kind::RawAligned(), MemoryRepresentation::TaggedSigned(),
+             compiler::kNoWriteBarrier, 0, 0, true);
+    GOTO(done, string);
+
+    BIND(done, result);
+    return result;
+  }
 };
 
 class StringBuiltinsAssemblerTS
     : public TurboshaftBuiltinsAssembler<StringBuiltinsReducer> {
  public:
-  StringBuiltinsAssemblerTS(PipelineData* data,
+  using Base = TurboshaftBuiltinsAssembler;
+
+  StringBuiltinsAssemblerTS(compiler::turboshaft::PipelineData* data,
                             compiler::turboshaft::Graph& graph,
                             Zone* phase_zone)
-      : TurboshaftBuiltinsAssembler(data, graph, phase_zone) {}
+      : Base(data, graph, phase_zone) {}
+  using Base::Asm;
 };
 
 #ifdef V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
 
 TS_BUILTIN(StringFromCodePointAt, StringBuiltinsAssemblerTS) {
-  auto receiver = __ Parameter<String>(Descriptor::kReceiver);
-  auto position = __ Parameter<WordPtr>(Descriptor::kPosition);
+  auto receiver = Parameter<String>(Descriptor::kReceiver);
+  auto position = Parameter<WordPtr>(Descriptor::kPosition);
 
   // Load the character code at the {position} from the {receiver}.
   V<Word32> codepoint =
@@ -41,6 +163,84 @@ TS_BUILTIN(StringFromCodePointAt, StringBuiltinsAssemblerTS) {
   Return(result);
 }
 
+// ES6 #sec-string.fromcharcode
+TS_BUILTIN(StringFromCharCode, StringBuiltinsAssemblerTS) {
+  V<Context> context = Parameter<Context>(Descriptor::kContext);
+  V<Word32> argc = Parameter<Word32>(Descriptor::kJSActualArgumentsCount);
+  BuiltinArgumentsTS arguments(this, argc);
+
+  V<WordPtr> character_count = arguments.GetLengthWithoutReceiver();
+  // Check if we have exactly one argument (plus the implicit receiver), i.e.
+  // if the parent frame is not an inlined arguments frame.
+  IF (WordPtrEqual(arguments.GetLengthWithoutReceiver(), 1)) {
+    // Single argument case, perform fast single character string cache lookup
+    // for one-byte code units, or fall back to creating a single character
+    // string on the fly otherwise.
+    V<Object> code = arguments.AtIndex(0);
+    V<Word32> code32 = TruncateTaggedToWord32(context, code);
+    V<Word32> code16 = Word32BitwiseAnd(code32, String::kMaxUtf16CodeUnit);
+    V<String> result = StringFromSingleCharCode(code16);
+    PopAndReturn(arguments, result);
+  } ELSE {
+    Label<> contains_two_byte_characters(this);
+
+    // Assume that the resulting string contains only one-byte characters.
+    V<SeqOneByteString> one_byte_result =
+        AllocateSeqOneByteString(character_count);
+
+    ScopedVar<WordPtr> var_max_index(this, 0);
+    // Iterate over the incoming arguments, converting them to 8-bit character
+    // codes. Stop if any of the conversions generates a code that doesn't fit
+    // in 8 bits.
+    FOREACH(arg, arguments.Range()) {
+      V<Word32> code32 = TruncateTaggedToWord32(context, arg);
+      V<Word32> code16 = Word32BitwiseAnd(code32, String::kMaxUtf16CodeUnit);
+
+      IF (UNLIKELY(Int32LessThan(String::kMaxOneByteCharCode, code16))) {
+        // At least one of the characters in the string requires a 16-bit
+        // representation.  Allocate a SeqTwoByteString to hold the resulting
+        // string.
+        V<SeqTwoByteString> two_byte_result =
+            AllocateSeqTwoByteString(character_count);
+
+        // Copy the characters that have already been put in the 8-bit string
+        // into their corresponding positions in the new 16-bit string.
+        CopyStringCharacters(one_byte_result, 0, String::ONE_BYTE_ENCODING,
+                             two_byte_result, 0, String::TWO_BYTE_ENCODING,
+                             var_max_index);
+
+        // Write the character that caused the 8-bit to 16-bit fault.
+        StoreElement(two_byte_result,
+                     AccessBuilderTS::ForSeqTwoByteStringCharacter(),
+                     var_max_index, code16);
+        var_max_index = WordPtrAdd(var_max_index, 1);
+
+        // Resume copying the passed-in arguments from the same place where the
+        // 8-bit copy stopped, but this time copying over all of the characters
+        // using a 16-bit representation.
+        FOREACH(arg, arguments.Range(var_max_index)) {
+          V<Word32> code32 = TruncateTaggedToWord32(context, arg);
+          V<Word32> code16 =
+              Word32BitwiseAnd(code32, String::kMaxUtf16CodeUnit);
+
+          StoreElement(two_byte_result,
+                       AccessBuilderTS::ForSeqTwoByteStringCharacter(),
+                       var_max_index, code16);
+          var_max_index = WordPtrAdd(var_max_index, 1);
+        }
+        PopAndReturn(arguments, two_byte_result);
+      }
+
+      // The {code16} fits into the SeqOneByteString {one_byte_result}.
+      StoreElement(one_byte_result,
+                   AccessBuilderTS::ForSeqOneByteStringCharacter(),
+                   var_max_index, code16);
+      var_max_index = WordPtrAdd(var_max_index, 1);
+    }
+    PopAndReturn(arguments, one_byte_result);
+  }
+}
+
 #endif  // V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
 
 #include "src/compiler/turboshaft/undef-assembler-macros.inc"
diff --git a/deps/v8/src/builtins/builtins-string.cc b/deps/v8/src/builtins/builtins-string.cc
index bd2132339223dc..0e88c90a9c38b5 100644
--- a/deps/v8/src/builtins/builtins-string.cc
+++ b/deps/v8/src/builtins/builtins-string.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/builtins/builtins-utils-inl.h"
 #include "src/builtins/builtins.h"
 #include "src/heap/heap-inl.h"  // For ToBoolean. TODO(jkummerow): Drop.
@@ -148,7 +150,7 @@ BUILTIN(StringPrototypeLocaleCompare) {
   Handle<String> str2;
   ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
       isolate, str2, Object::ToString(isolate, args.atOrUndefined(isolate, 1)));
-  base::Optional<int> result = Intl::StringLocaleCompare(
+  std::optional<int> result = Intl::StringLocaleCompare(
       isolate, str1, str2, args.atOrUndefined(isolate, 2),
       args.atOrUndefined(isolate, 3), kMethod);
   if (!result.has_value()) {
diff --git a/deps/v8/src/builtins/builtins-typed-array-gen.cc b/deps/v8/src/builtins/builtins-typed-array-gen.cc
index cfb3b61e764f0b..d27119a31a231a 100644
--- a/deps/v8/src/builtins/builtins-typed-array-gen.cc
+++ b/deps/v8/src/builtins/builtins-typed-array-gen.cc
@@ -153,8 +153,9 @@ TF_BUILTIN(TypedArrayPrototypeByteLength, TypedArrayBuiltinsAssembler) {
   {
     // Default to zero if the {receiver}s buffer was detached.
     TNode<UintPtrT> byte_length = Select<UintPtrT>(
-        IsDetachedBuffer(receiver_buffer), [=] { return UintPtrConstant(0); },
-        [=] { return LoadJSArrayBufferViewByteLength(receiver_array); });
+        IsDetachedBuffer(receiver_buffer),
+        [=, this] { return UintPtrConstant(0); },
+        [=, this] { return LoadJSArrayBufferViewByteLength(receiver_array); });
     Return(ChangeUintPtrToTagged(byte_length));
   }
 }
diff --git a/deps/v8/src/builtins/builtins-utils-gen.h b/deps/v8/src/builtins/builtins-utils-gen.h
index dd9c30fffd90b5..6e46ad149dcc18 100644
--- a/deps/v8/src/builtins/builtins-utils-gen.h
+++ b/deps/v8/src/builtins/builtins-utils-gen.h
@@ -66,14 +66,14 @@ class CodeAssemblerState;
                     Isolate* isolate, compiler::turboshaft::Graph& graph, \
                     Zone* phase_zone)                                     \
         : BaseAssembler(data, graph, phase_zone) {}                       \
-    BaseAssembler& Asm() { return *this; }                                \
     void Generate##Name##Impl();                                          \
+    using BaseAssembler::Asm;                                             \
   };                                                                      \
   void Builtins::Generate_##Name(                                         \
       compiler::turboshaft::PipelineData* data, Isolate* isolate,         \
       compiler::turboshaft::Graph& graph, Zone* phase_zone) {             \
     Name##Assembler assembler(data, isolate, graph, phase_zone);          \
-    assembler.Asm().Bind(assembler.Asm().NewBlock());                     \
+    assembler.EmitBuiltinProlog(Builtin::k##Name);                        \
     assembler.Generate##Name##Impl();                                     \
     /* Builtin definition must generate something! */                     \
     DCHECK_GT(graph.op_id_count(), 0);                                    \
diff --git a/deps/v8/src/builtins/builtins-wasm-gen.cc b/deps/v8/src/builtins/builtins-wasm-gen.cc
index ed64043f1fb7fe..b24bc52a4b2294 100644
--- a/deps/v8/src/builtins/builtins-wasm-gen.cc
+++ b/deps/v8/src/builtins/builtins-wasm-gen.cc
@@ -38,7 +38,7 @@ TNode<NativeContext> WasmBuiltinsAssembler::LoadContextFromWasmOrJsFrame() {
   TNode<Uint16T> instance_type =
       LoadMapInstanceType(LoadMap(function_or_instance));
   GotoIf(IsJSFunctionInstanceType(instance_type), &js);
-  GotoIf(Word32Equal(instance_type, Int32Constant(WASM_API_FUNCTION_REF_TYPE)),
+  GotoIf(Word32Equal(instance_type, Int32Constant(WASM_IMPORT_DATA_TYPE)),
          &apifunc);
   context_result = LoadContextFromInstanceData(CAST(function_or_instance));
   Goto(&done);
@@ -51,9 +51,9 @@ TNode<NativeContext> WasmBuiltinsAssembler::LoadContextFromWasmOrJsFrame() {
   Goto(&done);
 
   BIND(&apifunc);
-  TNode<WasmApiFunctionRef> apiref = CAST(function_or_instance);
+  TNode<WasmImportData> apiref = CAST(function_or_instance);
   context_result = LoadObjectField<NativeContext>(
-      apiref, WasmApiFunctionRef::kNativeContextOffset);
+      apiref, WasmImportData::kNativeContextOffset);
   Goto(&done);
 
   BIND(&done);
@@ -161,16 +161,16 @@ TF_BUILTIN(JSToWasmLazyDeoptContinuation, WasmBuiltinsAssembler) {
 
 TF_BUILTIN(WasmToJsWrapperCSA, WasmBuiltinsAssembler) {
   TorqueStructWasmToJSResult result = WasmToJSWrapper(
-      UncheckedParameter<WasmApiFunctionRef>(Descriptor::kWasmApiFunctionRef));
+      UncheckedParameter<WasmImportData>(Descriptor::kWasmImportData));
   PopAndReturn(result.popCount, result.result0, result.result1, result.result2,
                result.result3);
 }
 
 TF_BUILTIN(WasmToJsWrapperInvalidSig, WasmBuiltinsAssembler) {
-  TNode<WasmApiFunctionRef> ref =
-      UncheckedParameter<WasmApiFunctionRef>(Descriptor::kWasmApiFunctionRef);
+  TNode<WasmImportData> ref =
+      UncheckedParameter<WasmImportData>(Descriptor::kWasmImportData);
   TNode<Context> context =
-      LoadObjectField<Context>(ref, WasmApiFunctionRef::kNativeContextOffset);
+      LoadObjectField<Context>(ref, WasmImportData::kNativeContextOffset);
 
   CallRuntime(Runtime::kWasmThrowJSTypeError, context);
   Unreachable();
diff --git a/deps/v8/src/builtins/builtins.cc b/deps/v8/src/builtins/builtins.cc
index 3a8ce21a774c08..90ede49832c3ce 100644
--- a/deps/v8/src/builtins/builtins.cc
+++ b/deps/v8/src/builtins/builtins.cc
@@ -70,6 +70,7 @@ struct BuiltinMetadata {
 
 #define DECL_CPP(Name, ...) \
   {#Name, Builtins::CPP, {FUNCTION_ADDR(Builtin_##Name)}},
+#define DECL_TSJ(Name, Count, ...) {#Name, Builtins::TSJ, {Count, 0}},
 #define DECL_TFJ(Name, Count, ...) {#Name, Builtins::TFJ, {Count, 0}},
 #define DECL_TSC(Name, ...) {#Name, Builtins::TSC, {}},
 #define DECL_TFC(Name, ...) {#Name, Builtins::TFC, {}},
@@ -79,8 +80,8 @@ struct BuiltinMetadata {
   {#Name, Builtins::BCH, {Bytecode, OperandScale}},
 #define DECL_ASM(Name, ...) {#Name, Builtins::ASM, {}},
 const BuiltinMetadata builtin_metadata[] = {
-    BUILTIN_LIST(DECL_CPP, DECL_TFJ, DECL_TSC, DECL_TFC, DECL_TFS, DECL_TFH,
-                 DECL_BCH, DECL_ASM)};
+    BUILTIN_LIST(DECL_CPP, DECL_TSJ, DECL_TFJ, DECL_TSC, DECL_TFC, DECL_TFS,
+                 DECL_TFH, DECL_BCH, DECL_ASM)};
 #undef DECL_CPP
 #undef DECL_TFJ
 #undef DECL_TSC
@@ -156,7 +157,7 @@ Handle<Code> Builtins::code_handle(Builtin builtin) {
 
 // static
 int Builtins::GetStackParameterCount(Builtin builtin) {
-  DCHECK(Builtins::KindOf(builtin) == TFJ);
+  DCHECK(Builtins::KindOf(builtin) == TSJ || Builtins::KindOf(builtin) == TFJ);
   return builtin_metadata[ToInt(builtin)].data.parameter_count;
 }
 
@@ -171,13 +172,13 @@ CallInterfaceDescriptor Builtins::CallInterfaceDescriptorFor(Builtin builtin) {
     key = Builtin_##Name##_InterfaceDescriptor::key(); \
     break;                                             \
   }
-    BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, CASE_OTHER, CASE_OTHER,
-                 CASE_OTHER, CASE_OTHER, IGNORE_BUILTIN, CASE_OTHER)
+    BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, CASE_OTHER,
+                 CASE_OTHER, CASE_OTHER, CASE_OTHER, IGNORE_BUILTIN, CASE_OTHER)
 #undef CASE_OTHER
     default:
       Builtins::Kind kind = Builtins::KindOf(builtin);
       DCHECK_NE(BCH, kind);
-      if (kind == TFJ || kind == CPP) {
+      if (kind == TSJ || kind == TFJ || kind == CPP) {
         return JSTrampolineDescriptor{};
       }
       UNREACHABLE();
@@ -453,6 +454,7 @@ const char* Builtins::KindNameOf(Builtin builtin) {
   // clang-format off
   switch (kind) {
     case CPP: return "CPP";
+    case TSJ: return "TSJ";
     case TFJ: return "TFJ";
     case TSC: return "TSC";
     case TFC: return "TFC";
@@ -477,9 +479,18 @@ CodeEntrypointTag Builtins::EntrypointTagFor(Builtin builtin) {
     return kDefaultCodeEntrypointTag;
   }
 
+#if V8_ENABLE_DRUMBRAKE
+  if (builtin == Builtin::kGenericJSToWasmInterpreterWrapper) {
+    return kJSEntrypointTag;
+  } else if (builtin == Builtin::kGenericWasmToJSInterpreterWrapper) {
+    return kWasmEntrypointTag;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   Kind kind = Builtins::KindOf(builtin);
   switch (kind) {
     case CPP:
+    case TSJ:
     case TFJ:
       return kJSEntrypointTag;
     case BCH:
diff --git a/deps/v8/src/builtins/builtins.h b/deps/v8/src/builtins/builtins.h
index d46d926a4999fd..f3974d2813ad29 100644
--- a/deps/v8/src/builtins/builtins.h
+++ b/deps/v8/src/builtins/builtins.h
@@ -44,7 +44,7 @@ enum class Builtin : int32_t {
   kNoBuiltinId = -1,
 #define DEF_ENUM(Name, ...) k##Name,
   BUILTIN_LIST(DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM, DEF_ENUM,
-               DEF_ENUM, DEF_ENUM)
+               DEF_ENUM, DEF_ENUM, DEF_ENUM)
 #undef DEF_ENUM
 #define EXTRACT_NAME(Name, ...) k##Name,
   // Define kFirstBytecodeHandler,
@@ -84,8 +84,9 @@ class Builtins {
         // defined(V8_COMPRESS_POINTERS_IN_SHARED_CAGE)
 
 #define ADD_ONE(Name, ...) +1
-  static constexpr int kBuiltinCount = 0 BUILTIN_LIST(
-      ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE);
+  static constexpr int kBuiltinCount =
+      0 BUILTIN_LIST(ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE,
+                     ADD_ONE, ADD_ONE, ADD_ONE);
   static constexpr int kBuiltinTier0Count = 0 BUILTIN_LIST_TIER0(
       ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE, ADD_ONE);
 #undef ADD_ONE
@@ -128,7 +129,7 @@ class Builtins {
   }
 
   // The different builtin kinds are documented in builtins-definitions.h.
-  enum Kind { CPP, TFJ, TSC, TFC, TFS, TFH, BCH, ASM };
+  enum Kind { CPP, TSJ, TFJ, TSC, TFC, TFS, TFH, BCH, ASM };
 
   static BytecodeOffset GetContinuationBytecodeOffset(Builtin builtin);
   static Builtin GetBuiltinFromBytecodeOffset(BytecodeOffset);
@@ -287,6 +288,22 @@ class Builtins {
     jspi_prompt_handler_offset_ = offset;
   }
 
+#if V8_ENABLE_DRUMBRAKE
+  int cwasm_interpreter_entry_handler_offset() const {
+    DCHECK_NE(cwasm_interpreter_entry_handler_offset_, 0);
+    return cwasm_interpreter_entry_handler_offset_;
+  }
+
+  void SetCWasmInterpreterEntryHandlerOffset(int offset) {
+    // Check the stored offset is either uninitialized or unchanged (we
+    // generate multiple variants of this builtin but they should all have the
+    // same handler offset).
+    CHECK(cwasm_interpreter_entry_handler_offset_ == 0 ||
+          cwasm_interpreter_entry_handler_offset_ == offset);
+    cwasm_interpreter_entry_handler_offset_ = offset;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   // Returns given builtin's slot in the main builtin table.
   FullObjectSlot builtin_slot(Builtin builtin);
   // Returns given builtin's slot in the tier0 builtin table.
@@ -347,8 +364,8 @@ class Builtins {
                               Isolate* isolate,                         \
                               compiler::turboshaft::Graph& graph, Zone* zone);
 
-  BUILTIN_LIST(IGNORE_BUILTIN, DECLARE_TF, DECLARE_TS, DECLARE_TF, DECLARE_TF,
-               DECLARE_TF, IGNORE_BUILTIN, DECLARE_ASM)
+  BUILTIN_LIST(IGNORE_BUILTIN, DECLARE_TS, DECLARE_TF, DECLARE_TS, DECLARE_TF,
+               DECLARE_TF, DECLARE_TF, IGNORE_BUILTIN, DECLARE_ASM)
 
 #undef DECLARE_ASM
 #undef DECLARE_TF
@@ -360,6 +377,14 @@ class Builtins {
   // label) in JSEntry and its variants. It's used to generate the handler table
   // during codegen (mksnapshot-only).
   int js_entry_handler_offset_ = 0;
+
+#if V8_ENABLE_DRUMBRAKE
+  // Stores the offset of exception handler entry point (the handler_entry
+  // label) in CWasmInterpreterEntry. It's used to generate the handler table
+  // during codegen (mksnapshot-only).
+  int cwasm_interpreter_entry_handler_offset_ = 0;
+#endif  // V8_ENABLE_DRUMBRAKE
+
   // Do the same for the JSPI prompt, which catches uncaught exceptions and
   // rejects the corresponding promise.
   int jspi_prompt_handler_offset_ = 0;
diff --git a/deps/v8/src/builtins/collections.tq b/deps/v8/src/builtins/collections.tq
index 7d4f506519c9d9..e23a6c788f9be4 100644
--- a/deps/v8/src/builtins/collections.tq
+++ b/deps/v8/src/builtins/collections.tq
@@ -341,10 +341,10 @@ macro CheckSetRecordHasJSSetMethods(setRecord: SetRecord):
       Cast<JSFunction>(setRecord.keys) otherwise HasUserProvidedMethods;
   const has = Cast<JSFunction>(setRecord.has) otherwise HasUserProvidedMethods;
   if (!(TaggedEqual(
-            keys.shared_function_info.function_data,
+            keys.shared_function_info.untrusted_function_data,
             SmiConstant(kSetPrototypeValues)) &&
         TaggedEqual(
-            has.shared_function_info.function_data,
+            has.shared_function_info.untrusted_function_data,
             SmiConstant(kSetPrototypeHas))))
     goto HasUserProvidedMethods;
 }
@@ -355,10 +355,10 @@ macro CheckSetRecordHasJSMapMethods(setRecord: SetRecord):
       Cast<JSFunction>(setRecord.keys) otherwise HasUserProvidedMethods;
   const has = Cast<JSFunction>(setRecord.has) otherwise HasUserProvidedMethods;
   if (!(TaggedEqual(
-            keys.shared_function_info.function_data,
+            keys.shared_function_info.untrusted_function_data,
             SmiConstant(kMapPrototypeKeys)) &&
         TaggedEqual(
-            has.shared_function_info.function_data,
+            has.shared_function_info.untrusted_function_data,
             SmiConstant(kMapPrototypeHas))))
     goto HasUserProvidedMethods;
 }
diff --git a/deps/v8/src/builtins/growable-fixed-array-gen.cc b/deps/v8/src/builtins/growable-fixed-array-gen.cc
index 46445822924eb5..f361964b50baa1 100644
--- a/deps/v8/src/builtins/growable-fixed-array-gen.cc
+++ b/deps/v8/src/builtins/growable-fixed-array-gen.cc
@@ -4,6 +4,8 @@
 
 #include "src/builtins/growable-fixed-array-gen.h"
 
+#include <optional>
+
 #include "src/compiler/code-assembler.h"
 
 namespace v8 {
@@ -90,10 +92,10 @@ TNode<FixedArray> GrowableFixedArray::ResizeFixedArray(
 
   CodeStubAssembler::ExtractFixedArrayFlags flags;
   flags |= CodeStubAssembler::ExtractFixedArrayFlag::kFixedArrays;
-  TNode<FixedArray> to_array = CAST(ExtractFixedArray(
-      from_array, base::Optional<TNode<IntPtrT>>(base::nullopt),
-      base::Optional<TNode<IntPtrT>>(element_count),
-      base::Optional<TNode<IntPtrT>>(new_capacity), flags));
+  TNode<FixedArray> to_array = CAST(
+      ExtractFixedArray(from_array, std::optional<TNode<IntPtrT>>(std::nullopt),
+                        std::optional<TNode<IntPtrT>>(element_count),
+                        std::optional<TNode<IntPtrT>>(new_capacity), flags));
 
   return to_array;
 }
diff --git a/deps/v8/src/builtins/ia32/builtins-ia32.cc b/deps/v8/src/builtins/ia32/builtins-ia32.cc
index 1c07c5a779d90b..fedea9612d0a19 100644
--- a/deps/v8/src/builtins/ia32/builtins-ia32.cc
+++ b/deps/v8/src/builtins/ia32/builtins-ia32.cc
@@ -556,20 +556,24 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   __ Assert(equal, AbortReason::kExpectedBaselineData);
 }
 
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi_data,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   ASM_CODE_COMMENT(masm);
   Label done;
-  __ LoadMap(scratch1, sfi_data);
+
+  Register data = bytecode;
+  __ mov(data,
+         FieldOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
+
+  __ LoadMap(scratch1, data);
 
 #ifndef V8_JITLESS
   __ CmpInstanceType(scratch1, CODE_TYPE);
   if (v8_flags.debug_code) {
     Label not_baseline;
     __ j(not_equal, &not_baseline);
-    AssertCodeIsBaseline(masm, sfi_data, scratch1);
+    AssertCodeIsBaseline(masm, data, scratch1);
     __ j(equal, is_baseline);
     __ bind(&not_baseline);
   } else {
@@ -577,11 +581,12 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
   }
 #endif  // !V8_JITLESS
 
-  __ CmpInstanceType(scratch1, INTERPRETER_DATA_TYPE);
-  __ j(not_equal, &done, Label::kNear);
+  __ CmpInstanceType(scratch1, BYTECODE_ARRAY_TYPE);
+  __ j(equal, &done, Label::kNear);
 
-  __ mov(sfi_data,
-         FieldOperand(sfi_data, InterpreterData::kBytecodeArrayOffset));
+  __ CmpInstanceType(scratch1, INTERPRETER_DATA_TYPE);
+  __ j(not_equal, is_unavailable);
+  __ mov(data, FieldOperand(data, InterpreterData::kBytecodeArrayOffset));
 
   __ bind(&done);
 }
@@ -669,17 +674,17 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline, ok;
+    Label is_baseline, is_unavailable, ok;
     __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
-    __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kFunctionDataOffset));
     __ Push(eax);
-    GetSharedFunctionInfoBytecodeOrBaseline(masm, ecx, eax, &is_baseline);
+    GetSharedFunctionInfoBytecodeOrBaseline(masm, ecx, ecx, eax, &is_baseline,
+                                            &is_unavailable);
     __ Pop(eax);
-
-    __ CmpObjectType(ecx, BYTECODE_ARRAY_TYPE, ecx);
-    __ Assert(equal, AbortReason::kMissingBytecodeArray);
     __ jmp(&ok);
 
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
+
     __ bind(&is_baseline);
     __ Pop(eax);
     __ CmpObjectType(ecx, CODE_TYPE, ecx);
@@ -886,17 +891,13 @@ void Builtins::Generate_InterpreterEntryTrampoline(
     MacroAssembler* masm, InterpreterEntryTrampolineMode mode) {
   __ movd(xmm0, eax);  // Spill actual argument count.
 
-  // The bytecode array could have been flushed from the shared function info,
-  // if so, call into CompileLazy.
   __ mov(ecx, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
-  __ mov(ecx, FieldOperand(ecx, SharedFunctionInfo::kFunctionDataOffset));
-
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(masm, ecx, eax, &is_baseline);
 
-  Label compile_lazy;
-  __ CmpObjectType(ecx, BYTECODE_ARRAY_TYPE, eax);
-  __ j(not_equal, &compile_lazy);
+  // The bytecode array could have been flushed from the shared function info,
+  // if so, call into CompileLazy.
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(masm, ecx, ecx, eax, &is_baseline,
+                                          &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = ecx;
@@ -948,7 +949,7 @@ void Builtins::Generate_InterpreterEntryTrampoline(
   __ mov(eax, FieldOperand(edi, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, eax);
   __ mov(kInterpreterBytecodeArrayRegister,
-         FieldOperand(eax, SharedFunctionInfo::kFunctionDataOffset));
+         FieldOperand(eax, SharedFunctionInfo::kTrustedFunctionDataOffset));
   GetSharedFunctionInfoBytecode(masm, kInterpreterBytecodeArrayRegister, eax);
 
   // Check function data field is actually a BytecodeArray object.
@@ -1718,7 +1719,7 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ mov(scratch, Operand(ebp, StandardFrameConstants::kFunctionOffset));
   __ mov(scratch, FieldOperand(scratch, JSFunction::kSharedFunctionInfoOffset));
   __ mov(scratch,
-         FieldOperand(scratch, SharedFunctionInfo::kFunctionDataOffset));
+         FieldOperand(scratch, SharedFunctionInfo::kTrustedFunctionDataOffset));
   __ Push(eax);
   __ CmpObjectType(scratch, INTERPRETER_DATA_TYPE, eax);
   __ j(not_equal, &builtin_trampoline, Label::kNear);
@@ -3391,7 +3392,7 @@ void ReloadParentContinuation(MacroAssembler* masm, Register promise,
   SwitchStacks(masm, active_continuation, promise, return_value, context);
 }
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ Move(scratch, FieldOperand(ref, HeapObject::kMapOffset));
@@ -3399,7 +3400,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   Label instance;
   Label end;
   __ j(equal, &instance);
-  __ Move(ref, FieldOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+  __ Move(ref, FieldOperand(ref, WasmImportData::kNativeContextOffset));
   __ jmp(&end);
   __ bind(&instance);
   __ Move(ref,
@@ -3951,7 +3952,7 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
           wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
   Register function_data = sfi;
   __ Move(function_data,
-          FieldOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
+          FieldOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
   // The write barrier uses a fixed register for the host object (edi). The next
   // barrier is on the suspender, so load it in edi directly.
   Register suspender = edi;
@@ -4166,11 +4167,10 @@ void SwitchFromTheCentralStackIfNeeded(MacroAssembler* masm) {
 }  // namespace
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   Register code_object = edi;  // Not part of kGpParamRegisters.
-  __ mov(code_object,
-         FieldOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ mov(code_object, FieldOperand(import_data, WasmImportData::kCodeOffset));
   __ jmp(FieldOperand(code_object, Code::kInstructionStartOffset));
 }
 
@@ -4683,7 +4683,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
                      callback));
 
   __ RecordComment("Local<Name>");
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   __ mov(ExitFrameStackSlotOperand(kApiArg0Offset), name);
 #else
@@ -5326,8 +5326,9 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
   Register code_obj = esi;
   __ mov(code_obj,
          FieldOperand(closure, JSFunction::kSharedFunctionInfoOffset));
-  __ mov(code_obj,
-         FieldOperand(code_obj, SharedFunctionInfo::kFunctionDataOffset));
+  __ mov(
+      code_obj,
+      FieldOperand(code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset));
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/js-to-js.tq b/deps/v8/src/builtins/js-to-js.tq
index 9bae8d38220c5d..c0afd23ac9260d 100644
--- a/deps/v8/src/builtins/js-to-js.tq
+++ b/deps/v8/src/builtins/js-to-js.tq
@@ -71,16 +71,12 @@ transitioning javascript builtin JSToJSWrapperInvalidSig(
 transitioning javascript builtin JSToJSWrapper(
     js-implicit context: NativeContext, receiver: JSAny, target: JSFunction)(
     ...arguments): JSAny {
-  const functionData =
-      UnsafeCast<WasmFunctionData>(target.shared_function_info.data);
-  // The SFI::data field is a trusted pointer but loaded using the
-  // wildcard/unknown type tag as it can reference trusted objects of different
-  // types. As such, here it is not guaranteed that the received object really
-  // is a WasmExportedFunctionData and so an explicit check is required.
-  sbxcheck(Is<WasmFunctionData>(functionData));
-  const ref = UnsafeCast<WasmApiFunctionRef>(functionData.internal.ref);
-
-  const signaturePod = &ref.sig.bytes;
+  const functionData = target.shared_function_info.wasm_js_function_data;
+
+  const importData =
+      UnsafeCast<WasmImportData>(functionData.internal.implicit_arg);
+
+  const signaturePod = &importData.sig.bytes;
   const serializedSig = torque_internal::unsafe::NewConstSlice<int32>(
       signaturePod.object, signaturePod.offset,
       signaturePod.length / torque_internal::SizeOf<int32>());
@@ -111,7 +107,7 @@ transitioning javascript builtin JSToJSWrapper(
 
   dcheck(nextIndex == numOutParams);
   const calleeResult = CallVarargs(
-      context, ref.callable, 0, Convert<int32>(numOutParams), outParams);
+      context, importData.callable, 0, Convert<int32>(numOutParams), outParams);
 
   let result: JSAny;
   if (returnCount == 0) {
diff --git a/deps/v8/src/builtins/js-to-wasm.tq b/deps/v8/src/builtins/js-to-wasm.tq
index 7a2a1c74503a85..ea17bbb8026246 100644
--- a/deps/v8/src/builtins/js-to-wasm.tq
+++ b/deps/v8/src/builtins/js-to-wasm.tq
@@ -14,9 +14,9 @@ extern runtime WasmAllocateSuspender(Context): JSAny;
 
 namespace wasm {
 extern builtin JSToWasmWrapperAsm(
-    RawPtr<intptr>, WasmApiFunctionRef|WasmTrustedInstanceData, JSAny): JSAny;
+    RawPtr<intptr>, WasmImportData|WasmTrustedInstanceData, JSAny): JSAny;
 extern builtin WasmReturnPromiseOnSuspendAsm(
-    RawPtr<intptr>, WasmApiFunctionRef|WasmTrustedInstanceData, JSAny): JSAny;
+    RawPtr<intptr>, WasmImportData|WasmTrustedInstanceData, JSAny): JSAny;
 
 extern macro UniqueIntPtrConstant(constexpr intptr): intptr;
 
@@ -72,7 +72,6 @@ extern enum ValueKind extends int32 constexpr 'wasm::ValueKind' {
 
 extern enum Promise extends int32 constexpr 'wasm::Promise' {
   kPromise,
-  kPromiseWithSuspender,
   kNoPromise
 }
 
@@ -482,13 +481,7 @@ macro HandleF32Params(
 macro JSToWasmWrapperHelper(
     context: NativeContext, _receiver: JSAny, target: JSFunction,
     arguments: Arguments, promise: constexpr Promise): never {
-  const functionData =
-      UnsafeCast<WasmExportedFunctionData>(target.shared_function_info.data);
-  // The SFI::data field is a trusted pointer but loaded using the
-  // wildcard/unknown type tag as it can reference trusted objects of different
-  // types. As such, here it is not guaranteed that the received object really
-  // is a WasmExportedFunctionData and so an explicit check is required.
-  sbxcheck(Is<WasmExportedFunctionData>(functionData));
+  const functionData = target.shared_function_info.wasm_exported_function_data;
 
   // Trigger a wrapper tier-up when this function got called often enough.
   const switchStack = promise != Promise::kNoPromise;
@@ -502,8 +495,8 @@ macro JSToWasmWrapperHelper(
   }
 
   const sig = functionData.sig;
-  const ref: WasmApiFunctionRef|WasmTrustedInstanceData =
-      functionData.internal.ref;
+  const implicitArg: WasmImportData|WasmTrustedInstanceData =
+      functionData.internal.implicit_arg;
   const trustedInstanceData: WasmTrustedInstanceData =
       functionData.instance_data;
 
@@ -618,14 +611,17 @@ macro JSToWasmWrapperHelper(
 
   let locationAllocator = LocationAllocatorForParams(paramBuffer);
   let hasRefParam: bool = false;
+  // A storage for converted reference parameters, so that they don't get
+  // garbage collected if the conversion of primitive parameters causes a GC.
+  // The storage gets allocated lazily when the first reference parameter gets
+  // converted to avoid performance regressions for signatures without tagged
+  // parameters. An old implementation used the `arguments` array as the storage
+  // for converted reference parameters, but this does not work because then
+  // converted reference parameters can be accessed from JavaScript using
+  // `Function.prototype.arguments`.
+  let convertedTagged: FixedArray|Smi = Convert<Smi>(0);
 
   let paramTypeIndex: int32 = 0;
-  // For stack switching paramTypeIndex and paramIndex diverges,
-  // because a suspender is not passed to wrapper as param.
-  if constexpr (promise == Promise::kPromiseWithSuspender) {
-    paramTypeIndex++;
-    hasRefParam = true;
-  }
   for (let paramIndex: int32 = 0; paramTypeIndex < paramCount; paramIndex++) {
     const param = arguments[Convert<intptr>(paramIndex)];
     const paramType = *paramTypes.UncheckedAtIndex(
@@ -634,11 +630,10 @@ macro JSToWasmWrapperHelper(
       let toRef = locationAllocator.GetGPSlot();
       typeswitch (param) {
         case (smiParam: Smi): {
-          *toRef = Convert<intptr>(Unsigned(SmiToInt32(smiParam)));
+          *toRef = Convert<intptr>(SmiToInt32(smiParam));
         }
         case (heapParam: JSAnyNotSmi): {
-          *toRef =
-              Convert<intptr>(Unsigned(WasmTaggedNonSmiToInt32(heapParam)));
+          *toRef = Convert<intptr>(WasmTaggedNonSmiToInt32(heapParam));
         }
       }
     } else if (paramType == kWasmF32Type) {
@@ -675,7 +670,12 @@ macro JSToWasmWrapperHelper(
       // primitive types are finished. For now we write the converted parameter
       // back to the stack.
       hasRefParam = true;
-      arguments[Convert<intptr>(paramIndex)] =
+      if (TaggedIsSmi(convertedTagged)) {
+        convertedTagged =
+            WasmAllocateZeroedFixedArray(Convert<intptr>(paramCount));
+      }
+      UnsafeCast<FixedArray>(convertedTagged)
+          .objects[Convert<intptr>(paramIndex)] =
           JSToWasmObject(context, trustedInstanceData, paramType, param);
     }
   }
@@ -691,13 +691,6 @@ macro JSToWasmWrapperHelper(
     let paramIndex: int32 = 0;
     locationAllocator.StartRefs();
 
-    if (promise == Promise::kPromiseWithSuspender) {
-      const toRef = locationAllocator.GetGPSlot();
-      *toRef = BitcastTaggedToWord(suspender);
-      // First param is suspender, so skip it in the signature loop.
-      k++;
-    }
-
     // We are not using a `for` loop here because Torque does not support
     // `continue` in `for` loops.
     while (k < paramCount) {
@@ -708,7 +701,8 @@ macro JSToWasmWrapperHelper(
         paramIndex++;
         continue;
       }
-      const param = arguments[Convert<intptr>(paramIndex++)];
+      const param = UnsafeCast<FixedArray>(convertedTagged)
+                        .objects[Convert<intptr>(paramIndex++)];
       let toRef = locationAllocator.GetGPSlot();
       *toRef = BitcastTaggedToWord(param);
       k++;
@@ -743,9 +737,10 @@ macro JSToWasmWrapperHelper(
   // Torque builtin.
   let result: JSAny;
   if constexpr (switchStack) {
-    result = WasmReturnPromiseOnSuspendAsm(wrapperBuffer, ref, resultArray);
+    result =
+        WasmReturnPromiseOnSuspendAsm(wrapperBuffer, implicitArg, resultArray);
   } else {
-    result = JSToWasmWrapperAsm(wrapperBuffer, ref, resultArray);
+    result = JSToWasmWrapperAsm(wrapperBuffer, implicitArg, resultArray);
   }
 
   // The normal return sequence of Torque-generated JavaScript builtins does not
@@ -773,13 +768,6 @@ transitioning javascript builtin JSToWasmWrapper(
       context, receiver, target, arguments, Promise::kNoPromise);
 }
 
-transitioning javascript builtin WasmPromisingWithSuspender(
-    js-implicit context: NativeContext, receiver: JSAny, target: JSFunction)(
-    ...arguments): JSAny {
-  JSToWasmWrapperHelper(
-      context, receiver, target, arguments, Promise::kPromiseWithSuspender);
-}
-
 transitioning javascript builtin WasmPromising(
     js-implicit context: NativeContext, receiver: JSAny, target: JSFunction)(
     ...arguments): JSAny {
diff --git a/deps/v8/src/builtins/loong64/builtins-loong64.cc b/deps/v8/src/builtins/loong64/builtins-loong64.cc
index 6341b81a9a4311..037355fdc3d85f 100644
--- a/deps/v8/src/builtins/loong64/builtins-loong64.cc
+++ b/deps/v8/src/builtins/loong64/builtins-loong64.cc
@@ -5,6 +5,7 @@
 #if V8_TARGET_ARCH_LOONG64
 
 #include "src/api/api-arguments.h"
+#include "src/builtins/builtins-descriptors.h"
 #include "src/builtins/builtins-inl.h"
 #include "src/codegen/code-factory.h"
 #include "src/codegen/interface-descriptors-inl.h"
@@ -28,6 +29,7 @@
 
 #if V8_ENABLE_WEBASSEMBLY
 #include "src/wasm/baseline/liftoff-assembler-defs.h"
+#include "src/wasm/object-access.h"
 #include "src/wasm/wasm-linkage.h"
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -287,44 +289,21 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
             Operand(static_cast<int>(CodeKind::BASELINE)));
 }
 
-// Equivalent of SharedFunctionInfo::GetData
-static void GetSharedFunctionInfoData(MacroAssembler* masm, Register data,
-                                      Register sfi, Register scratch) {
-#ifdef V8_ENABLE_SANDBOX
-  DCHECK(!AreAliased(data, scratch));
-  DCHECK(!AreAliased(sfi, scratch));
-  // Use trusted_function_data if non-empy, otherwise the regular function_data.
-  Label use_tagged_field, done;
-  __ Ld_wu(scratch, FieldMemOperand(
-                        sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
-
-  __ Branch(&use_tagged_field, eq, scratch, Operand(zero_reg));
-  __ ResolveIndirectPointerHandle(data, scratch, kUnknownIndirectPointerTag);
-  __ Branch(&done);
-
-  __ bind(&use_tagged_field);
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-  __ bind(&done);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
-}
-
 // TODO(v8:11429): Add a path for "not_compiled" and unify the two uses under
 // the more general dispatch.
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi,
-                                                    Register bytecode,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   DCHECK(!AreAliased(bytecode, scratch1));
   ASM_CODE_COMMENT(masm);
   Label done;
 
   Register data = bytecode;
-  GetSharedFunctionInfoData(masm, data, sfi, scratch1);
+  __ LoadTrustedPointerField(
+      data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
+
   __ GetObjectType(data, scratch1, scratch1);
 
 #ifndef V8_JITLESS
@@ -344,6 +323,9 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
       bytecode, FieldMemOperand(data, InterpreterData::kBytecodeArrayOffset));
 
   __ bind(&done);
+
+  __ GetObjectType(bytecode, scratch1, scratch1);
+  __ Branch(is_unavailable, ne, scratch1, Operand(BYTECODE_ARRAY_TYPE));
 }
 
 // static
@@ -428,17 +410,23 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline;
+    Label ok, is_baseline, is_unavailable;
     Register sfi = a3;
     Register bytecode = a3;
     __ LoadTaggedField(
         sfi, FieldMemOperand(a4, JSFunction::kSharedFunctionInfoOffset));
     GetSharedFunctionInfoBytecodeOrBaseline(masm, sfi, bytecode, t5,
-                                            &is_baseline);
+                                            &is_baseline, &is_unavailable);
+    __ Branch(&ok);
+
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
+
+    __ bind(&is_baseline);
     __ GetObjectType(a3, a3, bytecode);
     __ Assert(eq, AbortReason::kMissingBytecodeArray, bytecode,
-              Operand(BYTECODE_ARRAY_TYPE));
-    __ bind(&is_baseline);
+              Operand(CODE_TYPE));
+    __ bind(&ok);
   }
 
   // Resume (Ignition/TurboFan) generator object.
@@ -1133,15 +1121,13 @@ void Builtins::Generate_InterpreterEntryTrampoline(
       sfi, FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, sfi);
 
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(
-      masm, sfi, kInterpreterBytecodeArrayRegister, kScratchReg, &is_baseline);
 
   // The bytecode array could have been flushed from the shared function info,
   // if so, call into CompileLazy.
-  Label compile_lazy;
-  __ JumpIfObjectType(&compile_lazy, ne, kInterpreterBytecodeArrayRegister,
-                      BYTECODE_ARRAY_TYPE, kScratchReg);
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(
+      masm, sfi, kInterpreterBytecodeArrayRegister, kScratchReg, &is_baseline,
+      &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = a2;
@@ -1717,7 +1703,9 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ Ld_d(t0, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(
       t0, FieldMemOperand(t0, JSFunction::kSharedFunctionInfoOffset));
-  GetSharedFunctionInfoData(masm, t0, t0, t1);
+  __ LoadTrustedPointerField(
+      t0, FieldMemOperand(t0, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
   __ JumpIfObjectType(&builtin_trampoline, ne, t0, INTERPRETER_DATA_TYPE,
                       kInterpreterDispatchTableRegister);
 
@@ -2975,11 +2963,347 @@ void Builtins::Generate_WasmDebugBreak(MacroAssembler* masm) {
   __ Ret();
 }
 
-void Builtins::Generate_WasmReturnPromiseOnSuspendAsm(MacroAssembler* masm) {
-  // TODO(v8:12191): Implement for this platform.
-  __ Trap();
+namespace {
+// Check that the stack was in the old state (if generated code assertions are
+// enabled), and switch to the new state.
+void SwitchStackState(MacroAssembler* masm, Register jmpbuf, Register tmp,
+                      wasm::JumpBuffer::StackState old_state,
+                      wasm::JumpBuffer::StackState new_state) {
+  if (v8_flags.debug_code) {
+    __ Ld_w(tmp, MemOperand(jmpbuf, wasm::kJmpBufStateOffset));
+    Label ok;
+    __ JumpIfEqual(tmp, old_state, &ok);
+    __ Trap();
+    __ bind(&ok);
+  }
+  __ li(tmp, Operand(new_state));
+  __ St_w(tmp, MemOperand(jmpbuf, wasm::kJmpBufStateOffset));
+}
+
+// Switch the stack pointer.
+void SwitchStackPointer(MacroAssembler* masm, Register jmpbuf) {
+  __ Ld_d(sp, MemOperand(jmpbuf, wasm::kJmpBufSpOffset));
+}
+
+void FillJumpBuffer(MacroAssembler* masm, Register jmpbuf, Label* target,
+                    Register tmp) {
+  __ mov(tmp, sp);
+  __ St_d(tmp, MemOperand(jmpbuf, wasm::kJmpBufSpOffset));
+  __ St_d(fp, MemOperand(jmpbuf, wasm::kJmpBufFpOffset));
+  __ LoadStackLimit(tmp, __ StackLimitKind::kRealStackLimit);
+  __ St_d(tmp, MemOperand(jmpbuf, wasm::kJmpBufStackLimitOffset));
+
+  __ LoadLabelRelative(tmp, target);
+  // Stash the address in the jump buffer.
+  __ St_d(tmp, MemOperand(jmpbuf, wasm::kJmpBufPcOffset));
+}
+
+void LoadJumpBuffer(MacroAssembler* masm, Register jmpbuf, bool load_pc,
+                    Register tmp) {
+  SwitchStackPointer(masm, jmpbuf);
+  __ Ld_d(fp, MemOperand(jmpbuf, wasm::kJmpBufFpOffset));
+  SwitchStackState(masm, jmpbuf, tmp, wasm::JumpBuffer::Inactive,
+                   wasm::JumpBuffer::Active);
+  if (load_pc) {
+    __ Ld_d(tmp, MemOperand(jmpbuf, wasm::kJmpBufPcOffset));
+    __ Jump(tmp);
+  }
+  // The stack limit in StackGuard is set separately under the ExecutionAccess
+  // lock.
+}
+
+void SaveState(MacroAssembler* masm, Register active_continuation, Register tmp,
+               Label* suspend) {
+  Register jmpbuf = tmp;
+  __ LoadExternalPointerField(
+      jmpbuf,
+      FieldMemOperand(active_continuation,
+                      WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+
+  UseScratchRegisterScope temps(masm);
+  FillJumpBuffer(masm, jmpbuf, suspend, temps.Acquire());
+}
+
+void LoadTargetJumpBuffer(MacroAssembler* masm, Register target_continuation,
+                          Register tmp) {
+  Register target_jmpbuf = target_continuation;
+  __ LoadExternalPointerField(
+      target_jmpbuf,
+      FieldMemOperand(target_continuation,
+                      WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+
+  __ St_d(zero_reg,
+          MemOperand(fp, StackSwitchFrameConstants::kGCScanSlotCountOffset));
+  // Switch stack!
+  LoadJumpBuffer(masm, target_jmpbuf, false, tmp);
+}
+
+void SyncStackLimit(MacroAssembler* masm, const Register& keep1,
+                    const Register& keep2 = no_reg,
+                    const Register& keep3 = no_reg) {
+  using ER = ExternalReference;
+
+  __ Push(keep1);
+  if (keep2 != no_reg) {
+    __ Push(keep2);
+  }
+  if (keep3 != no_reg) {
+    __ Push(keep3);
+  }
+
+  {
+    __ PrepareCallCFunction(1, a0);
+    FrameScope scope(masm, StackFrame::MANUAL);
+    __ li(kCArgRegs[0], ER::isolate_address(masm->isolate()));
+    __ CallCFunction(ER::wasm_sync_stack_limit(), 1);
+  }
+
+  if (keep3 != no_reg) {
+    __ Pop(keep3);
+  }
+  if (keep2 != no_reg) {
+    __ Pop(keep2);
+  }
+  __ Pop(keep1);
 }
 
+void ReloadParentContinuation(MacroAssembler* masm, Register return_reg,
+                              Register return_value, Register context,
+                              Register tmp1, Register tmp2) {
+  Register active_continuation = tmp1;
+  __ LoadRoot(active_continuation, RootIndex::kActiveContinuation);
+
+  // Set a null pointer in the jump buffer's SP slot to indicate to the stack
+  // frame iterator that this stack is empty.
+  Register jmpbuf = tmp2;
+  __ LoadExternalPointerField(
+      jmpbuf,
+      FieldMemOperand(active_continuation,
+                      WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+  __ St_d(zero_reg, MemOperand(jmpbuf, wasm::kJmpBufSpOffset));
+  {
+    UseScratchRegisterScope temps(masm);
+    Register scratch = temps.Acquire();
+    SwitchStackState(masm, jmpbuf, scratch, wasm::JumpBuffer::Active,
+                     wasm::JumpBuffer::Retired);
+  }
+  Register parent = tmp2;
+  __ LoadTaggedField(parent,
+                     FieldMemOperand(active_continuation,
+                                     WasmContinuationObject::kParentOffset));
+
+  // Update active continuation root.
+  int32_t active_continuation_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveContinuation);
+  __ St_d(parent, MemOperand(kRootRegister, active_continuation_offset));
+  jmpbuf = parent;
+  __ LoadExternalPointerField(
+      jmpbuf, FieldMemOperand(parent, WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+
+  // Switch stack!
+  LoadJumpBuffer(masm, jmpbuf, false, tmp1);
+
+  SyncStackLimit(masm, return_reg, return_value, context);
+}
+
+void RestoreParentSuspender(MacroAssembler* masm, Register tmp1,
+                            Register tmp2) {
+  Register suspender = tmp1;
+  __ LoadRoot(suspender, RootIndex::kActiveSuspender);
+  MemOperand state_loc =
+      FieldMemOperand(suspender, WasmSuspenderObject::kStateOffset);
+  __ li(tmp2, Operand(Smi::FromInt(WasmSuspenderObject::kInactive)));
+  __ StoreTaggedField(tmp2, state_loc);
+  __ LoadTaggedField(
+      suspender,
+      FieldMemOperand(suspender, WasmSuspenderObject::kParentOffset));
+
+  Label undefined;
+  __ JumpIfRoot(suspender, RootIndex::kUndefinedValue, &undefined);
+
+  if (v8_flags.debug_code) {
+    // Check that the parent suspender is active.
+    Label parent_inactive;
+    Register state = tmp2;
+    __ SmiUntag(state, state_loc);
+    __ JumpIfEqual(state, WasmSuspenderObject::kActive, &parent_inactive);
+    __ Trap();
+    __ bind(&parent_inactive);
+  }
+  __ li(tmp2, Operand(Smi::FromInt(WasmSuspenderObject::kActive)));
+  __ StoreTaggedField(tmp2, state_loc);
+  __ bind(&undefined);
+  int32_t active_suspender_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveSuspender);
+  __ St_d(suspender, MemOperand(kRootRegister, active_suspender_offset));
+}
+
+void ResetStackSwitchFrameStackSlots(MacroAssembler* masm) {
+  __ St_d(zero_reg,
+          MemOperand(fp, StackSwitchFrameConstants::kResultArrayOffset));
+  __ St_d(zero_reg, MemOperand(fp, StackSwitchFrameConstants::kRefOffset));
+}
+
+// TODO(irezvov): Consolidate with arm64 RegisterAllocator.
+class RegisterAllocator {
+ public:
+  class Scoped {
+   public:
+    Scoped(RegisterAllocator* allocator, Register* reg)
+        : allocator_(allocator), reg_(reg) {}
+    ~Scoped() { allocator_->Free(reg_); }
+
+   private:
+    RegisterAllocator* allocator_;
+    Register* reg_;
+  };
+
+  explicit RegisterAllocator(const RegList& registers)
+      : initial_(registers), available_(registers) {}
+  void Ask(Register* reg) {
+    DCHECK_EQ(*reg, no_reg);
+    DCHECK(!available_.is_empty());
+    *reg = available_.PopFirst();
+    allocated_registers_.push_back(reg);
+  }
+
+  bool registerIsAvailable(const Register& reg) { return available_.has(reg); }
+
+  void Pinned(const Register& requested, Register* reg) {
+    if (!registerIsAvailable(requested)) {
+      printf("%s register is ocupied!", RegisterName(requested));
+    }
+    DCHECK(registerIsAvailable(requested));
+    *reg = requested;
+    Reserve(requested);
+    allocated_registers_.push_back(reg);
+  }
+
+  void Free(Register* reg) {
+    DCHECK_NE(*reg, no_reg);
+    available_.set(*reg);
+    *reg = no_reg;
+    allocated_registers_.erase(
+        find(allocated_registers_.begin(), allocated_registers_.end(), reg));
+  }
+
+  void Reserve(const Register& reg) {
+    if (reg == no_reg) {
+      return;
+    }
+    DCHECK(registerIsAvailable(reg));
+    available_.clear(reg);
+  }
+
+  void Reserve(const Register& reg1, const Register& reg2,
+               const Register& reg3 = no_reg, const Register& reg4 = no_reg,
+               const Register& reg5 = no_reg, const Register& reg6 = no_reg) {
+    Reserve(reg1);
+    Reserve(reg2);
+    Reserve(reg3);
+    Reserve(reg4);
+    Reserve(reg5);
+    Reserve(reg6);
+  }
+
+  bool IsUsed(const Register& reg) {
+    return initial_.has(reg) && !registerIsAvailable(reg);
+  }
+
+  void ResetExcept(const Register& reg1 = no_reg, const Register& reg2 = no_reg,
+                   const Register& reg3 = no_reg, const Register& reg4 = no_reg,
+                   const Register& reg5 = no_reg,
+                   const Register& reg6 = no_reg) {
+    available_ = initial_;
+    available_.clear(reg1);
+    available_.clear(reg2);
+    available_.clear(reg3);
+    available_.clear(reg4);
+    available_.clear(reg5);
+    available_.clear(reg6);
+
+    auto it = allocated_registers_.begin();
+    while (it != allocated_registers_.end()) {
+      if (registerIsAvailable(**it)) {
+        **it = no_reg;
+        allocated_registers_.erase(it);
+      } else {
+        it++;
+      }
+    }
+  }
+
+  static RegisterAllocator WithAllocatableGeneralRegisters() {
+    RegList list;
+    const RegisterConfiguration* config(RegisterConfiguration::Default());
+
+    for (int i = 0; i < config->num_allocatable_general_registers(); ++i) {
+      int code = config->GetAllocatableGeneralCode(i);
+      Register candidate = Register::from_code(code);
+      list.set(candidate);
+    }
+    return RegisterAllocator(list);
+  }
+
+ private:
+  std::vector<Register*> allocated_registers_;
+  const RegList initial_;
+  RegList available_;
+};
+
+#define DEFINE_REG(Name)  \
+  Register Name = no_reg; \
+  regs.Ask(&Name);
+
+#define DEFINE_REG_W(Name) \
+  DEFINE_REG(Name);        \
+  Name = Name.W();
+
+#define ASSIGN_REG(Name) regs.Ask(&Name);
+
+#define ASSIGN_REG_W(Name) \
+  ASSIGN_REG(Name);        \
+  Name = Name.W();
+
+#define DEFINE_PINNED(Name, Reg) \
+  Register Name = no_reg;        \
+  regs.Pinned(Reg, &Name);
+
+#define ASSIGN_PINNED(Name, Reg) regs.Pinned(Reg, &Name);
+
+#define DEFINE_SCOPED(Name) \
+  DEFINE_REG(Name)          \
+  RegisterAllocator::Scoped scope_##Name(&regs, &Name);
+
+#define FREE_REG(Name) regs.Free(&Name);
+
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
+// depending on the ref's type, and places the result in the input register.
+void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
+  Label instance;
+  Label end;
+  __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset));
+  __ Ld_hu(scratch, FieldMemOperand(scratch, Map::kInstanceTypeOffset));
+  __ Branch(&instance, eq, scratch, Operand(WASM_TRUSTED_INSTANCE_DATA_TYPE));
+
+  __ LoadTaggedField(
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset));
+  __ jmp(&end);
+
+  __ bind(&instance);
+  __ LoadTaggedField(
+      ref, FieldMemOperand(ref, WasmTrustedInstanceData::kNativeContextOffset));
+  __ bind(&end);
+}
+
+}  // namespace
+
 void Builtins::Generate_WasmToJsWrapperAsm(MacroAssembler* masm) {
   // Push registers in reverse order so that they are on the stack like
   // in an array, with the first item being at the lowest address.
@@ -3029,18 +3353,262 @@ void Builtins::Generate_WasmTrapHandlerLandingPad(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_WasmSuspend(MacroAssembler* masm) {
-  // TODO(v8:12191): Implement for this platform.
+  auto regs = RegisterAllocator::WithAllocatableGeneralRegisters();
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::STACK_SWITCH);
+
+  DEFINE_PINNED(suspender, a0);
+  DEFINE_PINNED(context, kContextRegister);
+
+  __ Sub_d(
+      sp, sp,
+      Operand(StackSwitchFrameConstants::kNumSpillSlots * kSystemPointerSize));
+  // Set a sentinel value for the spill slots visited by the GC.
+  ResetStackSwitchFrameStackSlots(masm);
+
+  // -------------------------------------------
+  // Save current state in active jump buffer.
+  // -------------------------------------------
+  Label resume;
+  DEFINE_REG(continuation);
+  __ LoadRoot(continuation, RootIndex::kActiveContinuation);
+  DEFINE_REG(jmpbuf);
+  DEFINE_REG(scratch);
+  __ LoadExternalPointerField(
+      jmpbuf,
+      FieldMemOperand(continuation, WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+  FillJumpBuffer(masm, jmpbuf, &resume, scratch);
+  SwitchStackState(masm, jmpbuf, scratch, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
+  __ li(scratch, Operand(Smi::FromInt(WasmSuspenderObject::kSuspended)));
+  __ StoreTaggedField(
+      scratch, FieldMemOperand(suspender, WasmSuspenderObject::kStateOffset));
+  regs.ResetExcept(suspender, continuation);
+
+  DEFINE_REG(suspender_continuation);
+  __ LoadTaggedField(
+      suspender_continuation,
+      FieldMemOperand(suspender, WasmSuspenderObject::kContinuationOffset));
+  if (v8_flags.debug_code) {
+    // -------------------------------------------
+    // Check that the suspender's continuation is the active continuation.
+    // -------------------------------------------
+    // TODO(thibaudm): Once we add core stack-switching instructions, this
+    // check will not hold anymore: it's possible that the active continuation
+    // changed (due to an internal switch), so we have to update the suspender.
+    Label ok;
+    __ Branch(&ok, eq, suspender_continuation, Operand(continuation));
+    __ Trap();
+    __ bind(&ok);
+  }
+  FREE_REG(continuation);
+  // -------------------------------------------
+  // Update roots.
+  // -------------------------------------------
+  DEFINE_REG(caller);
+  __ LoadTaggedField(caller,
+                     FieldMemOperand(suspender_continuation,
+                                     WasmContinuationObject::kParentOffset));
+  int32_t active_continuation_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveContinuation);
+  __ St_d(caller, MemOperand(kRootRegister, active_continuation_offset));
+  DEFINE_REG(parent);
+  __ LoadTaggedField(
+      parent, FieldMemOperand(suspender, WasmSuspenderObject::kParentOffset));
+  int32_t active_suspender_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveSuspender);
+  __ St_d(parent, MemOperand(kRootRegister, active_suspender_offset));
+  regs.ResetExcept(suspender, caller);
+
+  // -------------------------------------------
+  // Load jump buffer.
+  // -------------------------------------------
+  SyncStackLimit(masm, caller, suspender);
+  ASSIGN_REG(jmpbuf);
+  __ LoadExternalPointerField(
+      jmpbuf, FieldMemOperand(caller, WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+  __ LoadTaggedField(
+      kReturnRegister0,
+      FieldMemOperand(suspender, WasmSuspenderObject::kPromiseOffset));
+  MemOperand GCScanSlotPlace =
+      MemOperand(fp, StackSwitchFrameConstants::kGCScanSlotCountOffset);
+  __ St_d(zero_reg, GCScanSlotPlace);
+  ASSIGN_REG(scratch)
+  LoadJumpBuffer(masm, jmpbuf, true, scratch);
+  if (v8_flags.debug_code) {
+    __ Trap();
+  }
+  __ bind(&resume);
+  __ LeaveFrame(StackFrame::STACK_SWITCH);
+  __ Ret();
+}
+
+namespace {
+// Resume the suspender stored in the closure. We generate two variants of this
+// builtin: the onFulfilled variant resumes execution at the saved PC and
+// forwards the value, the onRejected variant throws the value.
+
+void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
+  auto regs = RegisterAllocator::WithAllocatableGeneralRegisters();
+  __ EnterFrame(StackFrame::STACK_SWITCH);
+
+  DEFINE_PINNED(closure, kJSFunctionRegister);  // a1
+
+  __ Sub_d(
+      sp, sp,
+      Operand(StackSwitchFrameConstants::kNumSpillSlots * kSystemPointerSize));
+  // Set a sentinel value for the spill slots visited by the GC.
+  ResetStackSwitchFrameStackSlots(masm);
+
+  regs.ResetExcept(closure);
+
+  // -------------------------------------------
+  // Load suspender from closure.
+  // -------------------------------------------
+  DEFINE_REG(sfi);
+  __ LoadTaggedField(
+      sfi,
+      MemOperand(
+          closure,
+          wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
+  FREE_REG(closure);
+  // Suspender should be ObjectRegister register to be used in
+  // RecordWriteField calls later.
+  DEFINE_PINNED(suspender, WriteBarrierDescriptor::ObjectRegister());
+  DEFINE_REG(resume_data);
+  __ LoadTaggedField(
+      resume_data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
+  __ LoadTaggedField(
+      suspender,
+      FieldMemOperand(resume_data, WasmResumeData::kSuspenderOffset));
+  // Check the suspender state.
+  Label suspender_is_suspended;
+  DEFINE_REG(state);
+  __ SmiUntag(state,
+              FieldMemOperand(suspender, WasmSuspenderObject::kStateOffset));
+  __ JumpIfEqual(state, WasmSuspenderObject::kSuspended,
+                 &suspender_is_suspended);
   __ Trap();
+
+  regs.ResetExcept(suspender);
+
+  __ bind(&suspender_is_suspended);
+  // -------------------------------------------
+  // Save current state.
+  // -------------------------------------------
+  Label suspend;
+  DEFINE_REG(active_continuation);
+  __ LoadRoot(active_continuation, RootIndex::kActiveContinuation);
+  DEFINE_REG(current_jmpbuf);
+  DEFINE_REG(scratch);
+  __ LoadExternalPointerField(
+      current_jmpbuf,
+      FieldMemOperand(active_continuation,
+                      WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+  FillJumpBuffer(masm, current_jmpbuf, &suspend, scratch);
+  SwitchStackState(masm, current_jmpbuf, scratch, wasm::JumpBuffer::Active,
+                   wasm::JumpBuffer::Inactive);
+  FREE_REG(current_jmpbuf);
+
+  // -------------------------------------------
+  // Set the suspender and continuation parents and update the roots
+  // -------------------------------------------
+  DEFINE_REG(active_suspender);
+  __ LoadRoot(active_suspender, RootIndex::kActiveSuspender);
+  __ StoreTaggedField(
+      active_suspender,
+      FieldMemOperand(suspender, WasmSuspenderObject::kParentOffset));
+  __ RecordWriteField(suspender, WasmSuspenderObject::kParentOffset,
+                      active_suspender, kRAHasBeenSaved,
+                      SaveFPRegsMode::kIgnore);
+  __ li(scratch, Operand(Smi::FromInt(WasmSuspenderObject::kActive)));
+  __ StoreTaggedField(
+      scratch, FieldMemOperand(suspender, WasmSuspenderObject::kStateOffset));
+  int32_t active_suspender_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveSuspender);
+  __ St_d(suspender, MemOperand(kRootRegister, active_suspender_offset));
+
+  // Next line we are going to load a field from suspender, but we have to use
+  // the same register for target_continuation to use it in RecordWriteField.
+  // So, free suspender here to use pinned reg, but load from it next line.
+  FREE_REG(suspender);
+  DEFINE_PINNED(target_continuation, WriteBarrierDescriptor::ObjectRegister());
+  suspender = target_continuation;
+  __ LoadTaggedField(
+      target_continuation,
+      FieldMemOperand(suspender, WasmSuspenderObject::kContinuationOffset));
+  suspender = no_reg;
+
+  __ StoreTaggedField(active_continuation,
+                      FieldMemOperand(target_continuation,
+                                      WasmContinuationObject::kParentOffset));
+  __ RecordWriteField(
+      target_continuation, WasmContinuationObject::kParentOffset,
+      active_continuation, kRAHasBeenSaved, SaveFPRegsMode::kIgnore);
+  FREE_REG(active_continuation);
+  int32_t active_continuation_offset =
+      MacroAssembler::RootRegisterOffsetForRootIndex(
+          RootIndex::kActiveContinuation);
+  __ St_d(target_continuation,
+          MemOperand(kRootRegister, active_continuation_offset));
+
+  SyncStackLimit(masm, target_continuation);
+
+  regs.ResetExcept(target_continuation);
+
+  // -------------------------------------------
+  // Load state from target jmpbuf (longjmp).
+  // -------------------------------------------
+  regs.Reserve(kReturnRegister0);
+  DEFINE_REG(target_jmpbuf);
+  ASSIGN_REG(scratch);
+  __ LoadExternalPointerField(
+      target_jmpbuf,
+      FieldMemOperand(target_continuation,
+                      WasmContinuationObject::kJmpbufOffset),
+      kWasmContinuationJmpbufTag);
+  // Move resolved value to return register.
+  __ Ld_d(kReturnRegister0, MemOperand(fp, 3 * kSystemPointerSize));
+  MemOperand GCScanSlotPlace =
+      MemOperand(fp, StackSwitchFrameConstants::kGCScanSlotCountOffset);
+  __ St_d(zero_reg, GCScanSlotPlace);
+  if (on_resume == wasm::OnResume::kThrow) {
+    // Switch to the continuation's stack without restoring the PC.
+    LoadJumpBuffer(masm, target_jmpbuf, false, scratch);
+    // Pop this frame now. The unwinder expects that the first STACK_SWITCH
+    // frame is the outermost one.
+    __ LeaveFrame(StackFrame::STACK_SWITCH);
+    // Forward the onRejected value to kThrow.
+    __ Push(kReturnRegister0);
+    __ CallRuntime(Runtime::kThrow);
+  } else {
+    // Resume the continuation normally.
+    LoadJumpBuffer(masm, target_jmpbuf, true, scratch);
+  }
+  if (v8_flags.debug_code) {
+    __ Trap();
+  }
+  __ bind(&suspend);
+  __ LeaveFrame(StackFrame::STACK_SWITCH);
+  // Pop receiver + parameter.
+  __ Add_d(sp, sp, Operand(2 * kSystemPointerSize));
+  __ Ret();
 }
+}  // namespace
 
 void Builtins::Generate_WasmResume(MacroAssembler* masm) {
-  // TODO(v8:12191): Implement for this platform.
-  __ Trap();
+  Generate_WasmResumeHelper(masm, wasm::OnResume::kContinue);
 }
 
 void Builtins::Generate_WasmReject(MacroAssembler* masm) {
-  // TODO(v8:12191): Implement for this platform.
-  __ Trap();
+  Generate_WasmResumeHelper(masm, wasm::OnResume::kThrow);
 }
 
 void Builtins::Generate_WasmOnStackReplace(MacroAssembler* masm) {
@@ -3048,24 +3616,478 @@ void Builtins::Generate_WasmOnStackReplace(MacroAssembler* masm) {
   __ Trap();
 }
 
-void Builtins::Generate_JSToWasmWrapperAsm(MacroAssembler* masm) { __ Trap(); }
+namespace {
+void SwitchToAllocatedStack(MacroAssembler* masm, RegisterAllocator& regs,
+                            Register wasm_instance, Register wrapper_buffer,
+                            Register& original_fp, Register& new_wrapper_buffer,
+                            Label* suspend) {
+  ResetStackSwitchFrameStackSlots(masm);
+  DEFINE_SCOPED(scratch)
+  DEFINE_REG(target_continuation)
+  __ LoadRoot(target_continuation, RootIndex::kActiveContinuation);
+  DEFINE_REG(parent_continuation)
+  __ LoadTaggedField(parent_continuation,
+                     FieldMemOperand(target_continuation,
+                                     WasmContinuationObject::kParentOffset));
+
+  SaveState(masm, parent_continuation, scratch, suspend);
+
+  SyncStackLimit(masm, wasm_instance, wrapper_buffer);
+
+  FREE_REG(parent_continuation);
+  // Save the old stack's fp in t0, and use it to access the parameters in
+  // the parent frame.
+  regs.Pinned(t1, &original_fp);
+  __ mov(original_fp, fp);
+  __ LoadRoot(target_continuation, RootIndex::kActiveContinuation);
+  LoadTargetJumpBuffer(masm, target_continuation, scratch);
+  FREE_REG(target_continuation);
+
+  // Push the loaded fp. We know it is null, because there is no frame yet,
+  // so we could also push 0 directly. In any case we need to push it,
+  // because this marks the base of the stack segment for
+  // the stack frame iterator.
+  __ EnterFrame(StackFrame::STACK_SWITCH);
+
+  int stack_space =
+      RoundUp(StackSwitchFrameConstants::kNumSpillSlots * kSystemPointerSize +
+                  JSToWasmWrapperFrameConstants::kWrapperBufferSize,
+              16);
+  __ Sub_d(sp, sp, Operand(stack_space));
+
+  ASSIGN_REG(new_wrapper_buffer)
+
+  __ mov(new_wrapper_buffer, sp);
+  // Copy data needed for return handling from old wrapper buffer to new one.
+  // kWrapperBufferRefReturnCount will be copied too, because 8 bytes are copied
+  // at the same time.
+  static_assert(JSToWasmWrapperFrameConstants::kWrapperBufferRefReturnCount ==
+                JSToWasmWrapperFrameConstants::kWrapperBufferReturnCount + 4);
+  __ Ld_d(scratch,
+          MemOperand(wrapper_buffer,
+                     JSToWasmWrapperFrameConstants::kWrapperBufferReturnCount));
+  __ St_d(scratch,
+          MemOperand(new_wrapper_buffer,
+                     JSToWasmWrapperFrameConstants::kWrapperBufferReturnCount));
+  __ Ld_d(
+      scratch,
+      MemOperand(
+          wrapper_buffer,
+          JSToWasmWrapperFrameConstants::kWrapperBufferSigRepresentationArray));
+  __ St_d(
+      scratch,
+      MemOperand(
+          new_wrapper_buffer,
+          JSToWasmWrapperFrameConstants::kWrapperBufferSigRepresentationArray));
+}
+
+void SwitchBackAndReturnPromise(MacroAssembler* masm, RegisterAllocator& regs,
+                                Label* return_promise) {
+  regs.ResetExcept();
+  // The return value of the wasm function becomes the parameter of the
+  // FulfillPromise builtin, and the promise is the return value of this
+  // wrapper.
+  static const Builtin_FulfillPromise_InterfaceDescriptor desc;
+  DEFINE_PINNED(promise, desc.GetRegisterParameter(0));
+  DEFINE_PINNED(return_value, desc.GetRegisterParameter(1));
+  __ mov(return_value, kReturnRegister0);
+  DEFINE_SCOPED(tmp);
+  DEFINE_SCOPED(tmp2);
+  __ LoadRoot(promise, RootIndex::kActiveSuspender);
+  __ LoadTaggedField(
+      promise, FieldMemOperand(promise, WasmSuspenderObject::kPromiseOffset));
+
+  __ Ld_d(kContextRegister,
+          MemOperand(fp, StackSwitchFrameConstants::kRefOffset));
+  GetContextFromRef(masm, kContextRegister, tmp);
+
+  ReloadParentContinuation(masm, promise, return_value, kContextRegister, tmp,
+                           tmp2);
+  RestoreParentSuspender(masm, tmp, tmp2);
+
+  __ li(tmp, Operand(1));
+  __ St_d(tmp,
+          MemOperand(fp, StackSwitchFrameConstants::kGCScanSlotCountOffset));
+  __ Push(promise);
+  __ CallBuiltin(Builtin::kFulfillPromise);
+  __ Pop(promise);
+  FREE_REG(return_value);
+  FREE_REG(promise);
+
+  __ bind(return_promise);
+}
+
+void GenerateExceptionHandlingLandingPad(MacroAssembler* masm,
+                                         RegisterAllocator& regs,
+                                         Label* return_promise) {
+  regs.ResetExcept();
+  static const Builtin_RejectPromise_InterfaceDescriptor desc;
+  DEFINE_PINNED(promise, desc.GetRegisterParameter(0));
+  DEFINE_PINNED(reason, desc.GetRegisterParameter(1));
+  DEFINE_PINNED(debug_event, desc.GetRegisterParameter(2));
+  int catch_handler = __ pc_offset();
+
+  DEFINE_SCOPED(thread_in_wasm_flag_addr);
+  thread_in_wasm_flag_addr = a2;
+
+  // Unset thread_in_wasm_flag.
+  __ Ld_d(
+      thread_in_wasm_flag_addr,
+      MemOperand(kRootRegister, Isolate::thread_in_wasm_flag_address_offset()));
+  __ St_w(zero_reg, MemOperand(thread_in_wasm_flag_addr, 0));
+
+  // The exception becomes the parameter of the RejectPromise builtin, and the
+  // promise is the return value of this wrapper.
+  __ mov(reason, kReturnRegister0);
+  __ LoadRoot(promise, RootIndex::kActiveSuspender);
+  __ LoadTaggedField(
+      promise, FieldMemOperand(promise, WasmSuspenderObject::kPromiseOffset));
+
+  __ Ld_d(kContextRegister,
+          MemOperand(fp, StackSwitchFrameConstants::kRefOffset));
+
+  DEFINE_SCOPED(tmp);
+  DEFINE_SCOPED(tmp2);
+  GetContextFromRef(masm, kContextRegister, tmp);
+  ReloadParentContinuation(masm, promise, reason, kContextRegister, tmp, tmp2);
+  RestoreParentSuspender(masm, tmp, tmp2);
+
+  __ li(tmp, Operand(1));
+  __ St_d(tmp,
+          MemOperand(fp, StackSwitchFrameConstants::kGCScanSlotCountOffset));
+  __ Push(promise);
+  __ LoadRoot(debug_event, RootIndex::kTrueValue);
+  __ CallBuiltin(Builtin::kRejectPromise);
+  __ Pop(promise);
+
+  // Run the rest of the wrapper normally (deconstruct the frame, ...).
+  __ jmp(return_promise);
+
+  masm->isolate()->builtins()->SetJSPIPromptHandlerOffset(catch_handler);
+}
+
+void JSToWasmWrapperHelper(MacroAssembler* masm, bool stack_switch) {
+  auto regs = RegisterAllocator::WithAllocatableGeneralRegisters();
+
+  __ EnterFrame(stack_switch ? StackFrame::STACK_SWITCH
+                             : StackFrame::JS_TO_WASM);
+
+  __ AllocateStackSpace(StackSwitchFrameConstants::kNumSpillSlots *
+                        kSystemPointerSize);
+
+  DEFINE_PINNED(ref, kWasmInstanceRegister);
+  __ Ld_d(ref, MemOperand(fp, JSToWasmWrapperFrameConstants::kRefParamOffset));
+
+  DEFINE_PINNED(wrapper_buffer,
+                WasmJSToWasmWrapperDescriptor::WrapperBufferRegister());
+
+  Label suspend;
+  Register original_fp = no_reg;
+  Register new_wrapper_buffer = no_reg;
+  if (stack_switch) {
+    SwitchToAllocatedStack(masm, regs, ref, wrapper_buffer, original_fp,
+                           new_wrapper_buffer, &suspend);
+  } else {
+    original_fp = fp;
+    new_wrapper_buffer = wrapper_buffer;
+  }
+
+  regs.ResetExcept(original_fp, wrapper_buffer, ref, new_wrapper_buffer);
+
+  {
+    __ St_d(
+        new_wrapper_buffer,
+        MemOperand(fp, JSToWasmWrapperFrameConstants::kWrapperBufferOffset));
+    if (stack_switch) {
+      __ St_d(ref, MemOperand(fp, StackSwitchFrameConstants::kRefOffset));
+      DEFINE_SCOPED(scratch)
+      __ Ld_d(
+          scratch,
+          MemOperand(original_fp,
+                     JSToWasmWrapperFrameConstants::kResultArrayParamOffset));
+      __ St_d(scratch,
+              MemOperand(fp, StackSwitchFrameConstants::kResultArrayOffset));
+    }
+  }
+  {
+    DEFINE_SCOPED(result_size);
+    __ Ld_d(result_size, MemOperand(wrapper_buffer,
+                                    JSToWasmWrapperFrameConstants::
+                                        kWrapperBufferStackReturnBufferSize));
+    __ slli_d(result_size, result_size, kSystemPointerSizeLog2);
+    __ Sub_d(sp, sp, result_size);
+  }
+
+  __ St_d(
+      sp,
+      MemOperand(
+          new_wrapper_buffer,
+          JSToWasmWrapperFrameConstants::kWrapperBufferStackReturnBufferStart));
+
+  if (stack_switch) {
+    FREE_REG(new_wrapper_buffer)
+  }
+  FREE_REG(ref)
+  for (auto reg : wasm::kGpParamRegisters) {
+    regs.Reserve(reg);
+  }
+
+  // The first GP parameter is the instance, which we handle specially.
+  int stack_params_offset =
+      (arraysize(wasm::kGpParamRegisters) - 1) * kSystemPointerSize +
+      arraysize(wasm::kFpParamRegisters) * kDoubleSize;
+  int param_padding = stack_params_offset & kSystemPointerSize;
+  stack_params_offset += param_padding;
+
+  {
+    DEFINE_SCOPED(params_start);
+    __ Ld_d(
+        params_start,
+        MemOperand(wrapper_buffer,
+                   JSToWasmWrapperFrameConstants::kWrapperBufferParamStart));
+    {
+      // Push stack parameters on the stack.
+      DEFINE_SCOPED(params_end);
+      __ Ld_d(
+          params_end,
+          MemOperand(wrapper_buffer,
+                     JSToWasmWrapperFrameConstants::kWrapperBufferParamEnd));
+      DEFINE_SCOPED(last_stack_param);
+
+      __ Add_d(last_stack_param, params_start, Operand(stack_params_offset));
+      Label loop_start;
+      __ bind(&loop_start);
+
+      Label finish_stack_params;
+      __ Branch(&finish_stack_params, ge, last_stack_param,
+                Operand(params_end));
+
+      // Push parameter
+      {
+        DEFINE_SCOPED(scratch);
+        __ Sub_d(params_end, params_end, Operand(kSystemPointerSize));
+        __ Ld_d(scratch, MemOperand(params_end, 0));
+        __ Push(scratch);
+      }
+
+      __ Branch(&loop_start);
+
+      __ bind(&finish_stack_params);
+    }
+
+    size_t next_offset = 0;
+    for (size_t i = 1; i < arraysize(wasm::kGpParamRegisters); ++i) {
+      // Check that {params_start} does not overlap with any of the parameter
+      // registers, so that we don't overwrite it by accident with the loads
+      // below.
+      DCHECK_NE(params_start, wasm::kGpParamRegisters[i]);
+      __ Ld_d(wasm::kGpParamRegisters[i],
+              MemOperand(params_start, next_offset));
+      next_offset += kSystemPointerSize;
+    }
+
+    next_offset += param_padding;
+    for (size_t i = 0; i < arraysize(wasm::kFpParamRegisters); ++i) {
+      __ Fld_d(wasm::kFpParamRegisters[i],
+               MemOperand(params_start, next_offset));
+      next_offset += kDoubleSize;
+    }
+    DCHECK_EQ(next_offset, stack_params_offset);
+  }
+
+  {
+    DEFINE_SCOPED(thread_in_wasm_flag_addr);
+    __ Ld_d(thread_in_wasm_flag_addr,
+            MemOperand(kRootRegister,
+                       Isolate::thread_in_wasm_flag_address_offset()));
+    DEFINE_SCOPED(scratch);
+    __ li(scratch, Operand(1));
+    __ St_w(scratch, MemOperand(thread_in_wasm_flag_addr, 0));
+  }
+
+  {
+    DEFINE_SCOPED(call_target);
+    __ Ld_d(
+        call_target,
+        MemOperand(wrapper_buffer,
+                   JSToWasmWrapperFrameConstants::kWrapperBufferCallTarget));
+    __ Call(call_target);
+  }
+
+  regs.ResetExcept();
+  // The wrapper_buffer has to be in a2 as the correct parameter register.
+  regs.Reserve(kReturnRegister0, kReturnRegister1);
+  ASSIGN_PINNED(wrapper_buffer, a2);
+  {
+    DEFINE_SCOPED(thread_in_wasm_flag_addr);
+    __ Ld_d(thread_in_wasm_flag_addr,
+            MemOperand(kRootRegister,
+                       Isolate::thread_in_wasm_flag_address_offset()));
+    __ St_w(zero_reg, MemOperand(thread_in_wasm_flag_addr, 0));
+  }
+
+  __ Ld_d(wrapper_buffer,
+          MemOperand(fp, JSToWasmWrapperFrameConstants::kWrapperBufferOffset));
+
+  __ Fst_d(wasm::kFpReturnRegisters[0],
+           MemOperand(
+               wrapper_buffer,
+               JSToWasmWrapperFrameConstants::kWrapperBufferFPReturnRegister1));
+  __ Fst_d(wasm::kFpReturnRegisters[1],
+           MemOperand(
+               wrapper_buffer,
+               JSToWasmWrapperFrameConstants::kWrapperBufferFPReturnRegister2));
+  __ St_d(wasm::kGpReturnRegisters[0],
+          MemOperand(
+              wrapper_buffer,
+              JSToWasmWrapperFrameConstants::kWrapperBufferGPReturnRegister1));
+  __ St_d(wasm::kGpReturnRegisters[1],
+          MemOperand(
+              wrapper_buffer,
+              JSToWasmWrapperFrameConstants::kWrapperBufferGPReturnRegister2));
+
+  // Call the return value builtin with
+  // a0: wasm instance.
+  // a1: the result JSArray for multi-return.
+  // a2: pointer to the byte buffer which contains all parameters.
+  if (stack_switch) {
+    __ Ld_d(a1, MemOperand(fp, StackSwitchFrameConstants::kResultArrayOffset));
+    __ Ld_d(a0, MemOperand(fp, StackSwitchFrameConstants::kRefOffset));
+  } else {
+    __ Ld_d(
+        a1,
+        MemOperand(fp, JSToWasmWrapperFrameConstants::kResultArrayParamOffset));
+    __ Ld_d(a0, MemOperand(fp, JSToWasmWrapperFrameConstants::kRefParamOffset));
+  }
+
+  Register scratch = a3;
+  GetContextFromRef(masm, a0, scratch);
+  __ Call(BUILTIN_CODE(masm->isolate(), JSToWasmHandleReturns),
+          RelocInfo::CODE_TARGET);
+
+  Label return_promise;
+  if (stack_switch) {
+    SwitchBackAndReturnPromise(masm, regs, &return_promise);
+  }
+  __ bind(&suspend);
+
+  __ LeaveFrame(stack_switch ? StackFrame::STACK_SWITCH
+                             : StackFrame::JS_TO_WASM);
+  // Despite returning to the different location for regular and stack switching
+  // versions, incoming argument count matches both cases:
+  // instance and result array without suspend or
+  // or promise resolve/reject params for callback.
+  __ Add_d(sp, sp, Operand(2 * kSystemPointerSize));
+  __ Ret();
+
+  // Catch handler for the stack-switching wrapper: reject the promise with the
+  // thrown exception.
+  if (stack_switch) {
+    GenerateExceptionHandlingLandingPad(masm, regs, &return_promise);
+  }
+}
+}  // namespace
+
+void Builtins::Generate_JSToWasmWrapperAsm(MacroAssembler* masm) {
+  JSToWasmWrapperHelper(masm, false);
+}
+
+void Builtins::Generate_WasmReturnPromiseOnSuspendAsm(MacroAssembler* masm) {
+  JSToWasmWrapperHelper(masm, true);
+}
+
+namespace {
+
+static constexpr Register kOldSPRegister = s3;
+static constexpr Register kSwitchFlagRegister = s4;
+
+void SwitchToTheCentralStackIfNeeded(MacroAssembler* masm, Register argc_input,
+                                     Register target_input,
+                                     Register argv_input) {
+  using ER = ExternalReference;
+
+  __ mov(kSwitchFlagRegister, zero_reg);
+  __ mov(kOldSPRegister, sp);
+
+  // Using a2-a4 as temporary registers, because they will be rewritten
+  // before exiting to native code anyway.
+
+  ER on_central_stack_flag_loc = ER::Create(
+      IsolateAddressId::kIsOnCentralStackFlagAddress, masm->isolate());
+  const Register& on_central_stack_flag = a2;
+  __ li(on_central_stack_flag, on_central_stack_flag_loc);
+  __ Ld_b(on_central_stack_flag, MemOperand(on_central_stack_flag, 0));
+
+  Label do_not_need_to_switch;
+  __ Branch(&do_not_need_to_switch, ne, on_central_stack_flag,
+            Operand(zero_reg));
+
+  // Switch to central stack.
+  Register central_stack_sp = a4;
+  DCHECK(!AreAliased(central_stack_sp, argc_input, argv_input, target_input));
+  {
+    __ Push(argc_input, target_input, argv_input);
+    __ PrepareCallCFunction(2, a0);
+    __ li(kCArgRegs[0], ER::isolate_address(masm->isolate()));
+    __ mov(kCArgRegs[1], kOldSPRegister);
+    __ CallCFunction(ER::wasm_switch_to_the_central_stack(), 2,
+                     SetIsolateDataSlots::kNo);
+    __ mov(central_stack_sp, kReturnRegister0);
+    __ Pop(argc_input, target_input, argv_input);
+  }
+
+  static constexpr int kReturnAddressSlotOffset = 1 * kSystemPointerSize;
+  static constexpr int kPadding = 1 * kSystemPointerSize;
+  __ Sub_d(sp, central_stack_sp, Operand(kReturnAddressSlotOffset + kPadding));
+  __ li(kSwitchFlagRegister, 1);
+
+  // Update the sp saved in the frame.
+  // It will be used to calculate the callee pc during GC.
+  // The pc is going to be on the new stack segment, so rewrite it here.
+  __ Add_d(central_stack_sp, sp, Operand(kSystemPointerSize));
+  __ St_d(central_stack_sp, MemOperand(fp, ExitFrameConstants::kSPOffset));
+
+  __ bind(&do_not_need_to_switch);
+}
+
+void SwitchFromTheCentralStackIfNeeded(MacroAssembler* masm) {
+  using ER = ExternalReference;
+
+  Label no_stack_change;
+
+  __ Branch(&no_stack_change, eq, kSwitchFlagRegister, Operand(zero_reg));
+
+  {
+    __ Push(kReturnRegister0, kReturnRegister1);
+    __ PrepareCallCFunction(1, a0);
+    __ li(kCArgRegs[0], ER::isolate_address(masm->isolate()));
+    __ CallCFunction(ER::wasm_switch_from_the_central_stack(), 1,
+                     SetIsolateDataSlots::kNo);
+    __ Pop(kReturnRegister0, kReturnRegister1);
+  }
+
+  __ mov(sp, kOldSPRegister);
+
+  __ bind(&no_stack_change);
+}
+
+}  // namespace
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   // Use t0 which is not in kGpParamRegisters.
   Register call_target = t0;
   UseScratchRegisterScope temps{masm};
   temps.Exclude(call_target);
 #ifdef V8_ENABLE_SANDBOX
   __ LoadCodeEntrypointViaCodePointer(
-      call_target,
-      FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset),
+      call_target, FieldMemOperand(import_data, WasmImportData::kCodeOffset),
       kWasmEntrypointTag);
 #else
   Register code = call_target;
-  __ LoadTaggedField(
-      code, FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ LoadTaggedField(code,
+                     FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ Ld_d(call_target, FieldMemOperand(code, Code::kInstructionStartOffset));
 #endif
   __ Jump(call_target);
@@ -3078,11 +4100,11 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
                                bool switch_to_central_stack) {
   // Called from JavaScript; parameters are on stack as if calling JS function
   // a0: number of arguments including receiver
-  // a1: pointer to builtin function
+  // a1: pointer to C++ function
   // fp: frame pointer    (restored after C call)
   // sp: stack pointer    (restored as callee's sp after C call)
   // cp: current context  (C callee-saved)
-  //
+
   // If argv_mode == ArgvMode::kRegister:
   // a2: pointer to the first argument
 
@@ -3125,6 +4147,12 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
 
   __ AssertStackIsAligned();
 
+#if V8_ENABLE_WEBASSEMBLY
+  if (switch_to_central_stack) {
+    SwitchToTheCentralStackIfNeeded(masm, argc_input, target_fun, argv);
+  }
+#endif  // V8_ENABLE_WEBASSEMBLY
+
   // Call C built-in.
   // a0 = argc, a1 = argv, a2 = isolate, s1 = target_fun
   DCHECK_EQ(kCArgRegs[0], argc_input);
@@ -3133,6 +4161,12 @@ void Builtins::Generate_CEntry(MacroAssembler* masm, int result_size,
 
   __ StoreReturnAddressAndCall(target_fun);
 
+#if V8_ENABLE_WEBASSEMBLY
+  if (switch_to_central_stack) {
+    SwitchFromTheCentralStackIfNeeded(masm);
+  }
+#endif  // V8_ENABLE_WEBASSEMBLY
+
   // Result returned in a0 or a1:a0 - do not destroy these registers!
 
   // Check result for exception sentinel.
@@ -3519,7 +4553,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch, scratch2));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
@@ -3801,7 +4835,10 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
     ResetSharedFunctionInfoAge(masm, code_obj);
   }
 
-  GetSharedFunctionInfoData(masm, code_obj, code_obj, t2);
+  __ LoadTrustedPointerField(
+      code_obj,
+      FieldMemOperand(code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/mips64/builtins-mips64.cc b/deps/v8/src/builtins/mips64/builtins-mips64.cc
index 28927f0bd6f7fd..77a8aaa2c992cf 100644
--- a/deps/v8/src/builtins/mips64/builtins-mips64.cc
+++ b/deps/v8/src/builtins/mips64/builtins-mips64.cc
@@ -291,19 +291,23 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
 
 // TODO(v8:11429): Add a path for "not_compiled" and unify the two uses under
 // the more general dispatch.
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi_data,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   Label done;
 
-  __ GetObjectType(sfi_data, scratch1, scratch1);
+  Register data = bytecode;
+  __ Ld(data,
+        FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
+
+
+  __ GetObjectType(data, scratch1, scratch1);
 
 #ifndef V8_JITLESS
   if (v8_flags.debug_code) {
     Label not_baseline;
     __ Branch(&not_baseline, ne, scratch1, Operand(CODE_TYPE));
-    AssertCodeIsBaseline(masm, sfi_data, scratch1);
+    AssertCodeIsBaseline(masm, data, scratch1);
     __ Branch(is_baseline);
     __ bind(&not_baseline);
   } else {
@@ -311,9 +315,10 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
   }
 #endif  // !V8_JITLESS
 
-  __ Branch(&done, ne, scratch1, Operand(INTERPRETER_DATA_TYPE));
-  __ Ld(sfi_data,
-        FieldMemOperand(sfi_data, InterpreterData::kBytecodeArrayOffset));
+  __ Branch(&done, eq, scratch1, Operand(BYTECODE_ARRAY_TYPE));
+
+  __ Branch(is_unavailable, ne, scratch1, Operand(INTERPRETER_DATA_TYPE));
+  __ Ld(data, FieldMemOperand(data, InterpreterData::kBytecodeArrayOffset));
   __ bind(&done);
 }
 
@@ -393,14 +398,20 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline;
+    Label is_baseline, is_unavailable, ok;
     __ Ld(a3, FieldMemOperand(a4, JSFunction::kSharedFunctionInfoOffset));
-    __ Ld(a3, FieldMemOperand(a3, SharedFunctionInfo::kFunctionDataOffset));
-    GetSharedFunctionInfoBytecodeOrBaseline(masm, a3, a0, &is_baseline);
-    __ GetObjectType(a3, a3, a3);
-    __ Assert(eq, AbortReason::kMissingBytecodeArray, a3,
-              Operand(BYTECODE_ARRAY_TYPE));
+    GetSharedFunctionInfoBytecodeOrBaseline(masm, a3, a3, a0, &is_baseline,
+                                            &is_unavailable);
+    __ jmp(&ok);
+
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
+
     __ bind(&is_baseline);
+    __ GetObjectType(a3, a3, a3);
+    __ Assert(eq, AbortReason::kMissingBytecodeArray, a3, Operand(CODE_TYPE));
+
+    __ bind(&ok);
   }
 
   // Resume (Ignition/TurboFan) generator object.
@@ -1079,17 +1090,13 @@ void Builtins::Generate_InterpreterEntryTrampoline(
   __ Ld(kScratchReg,
         FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, kScratchReg);
-  __ Ld(kInterpreterBytecodeArrayRegister,
-        FieldMemOperand(kScratchReg, SharedFunctionInfo::kFunctionDataOffset));
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(
-      masm, kInterpreterBytecodeArrayRegister, kScratchReg, &is_baseline);
 
   // The bytecode array could have been flushed from the shared function info,
   // if so, call into CompileLazy.
-  Label compile_lazy;
-  __ GetObjectType(kInterpreterBytecodeArrayRegister, kScratchReg, kScratchReg);
-  __ Branch(&compile_lazy, ne, kScratchReg, Operand(BYTECODE_ARRAY_TYPE));
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(
+      masm, kScratchReg, kInterpreterBytecodeArrayRegister, kScratchReg2,
+      &is_baseline, &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = a2;
@@ -1656,7 +1663,8 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   // trampoline.
   __ Ld(t0, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ Ld(t0, FieldMemOperand(t0, JSFunction::kSharedFunctionInfoOffset));
-  __ Ld(t0, FieldMemOperand(t0, SharedFunctionInfo::kFunctionDataOffset));
+  __ Ld(t0,
+        FieldMemOperand(t0, SharedFunctionInfo::kTrustedFunctionDataOffset));
   __ GetObjectType(t0, kInterpreterDispatchTableRegister,
                    kInterpreterDispatchTableRegister);
   __ Branch(&builtin_trampoline, ne, kInterpreterDispatchTableRegister,
@@ -2975,21 +2983,19 @@ void Builtins::Generate_WasmOnStackReplace(MacroAssembler* masm) {
 void Builtins::Generate_JSToWasmWrapperAsm(MacroAssembler* masm) { __ Trap(); }
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   // Use t0 which is not in kGpParamRegisters.
   Register call_target = t0;
   UseScratchRegisterScope temps{masm};
   temps.Exclude(call_target);
 #ifdef V8_ENABLE_SANDBOX
   __ LoadCodeEntrypointViaCodePointer(
-      call_target,
-      FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset),
+      call_target, FieldMemOperand(import_data, WasmImportData::kCodeOffset),
       kWasmEntrypointTag);
 #else
   Register code = call_target;
-  __ Ld(code,
-        FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ Ld(code, FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ Ld(call_target, FieldMemOperand(code, Code::kInstructionStartOffset));
 #endif
   __ Jump(call_target);
@@ -3498,7 +3504,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch, scratch2));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
@@ -3863,7 +3869,8 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
   }
 
   __ Ld(code_obj,
-        FieldMemOperand(code_obj, SharedFunctionInfo::kFunctionDataOffset));
+        FieldMemOperand(code_obj,
+                        SharedFunctionInfo::kTrustedFunctionDataOffset));
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/ppc/builtins-ppc.cc b/deps/v8/src/builtins/ppc/builtins-ppc.cc
index 37f0fb9f2d5c01..fed1179a1ff650 100644
--- a/deps/v8/src/builtins/ppc/builtins-ppc.cc
+++ b/deps/v8/src/builtins/ppc/builtins-ppc.cc
@@ -46,41 +46,6 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   __ Assert(eq, AbortReason::kExpectedBaselineData);
 }
 
-// Equivalent of SharedFunctionInfo::GetData
-static void GetSharedFunctionInfoData(MacroAssembler* masm, Register data,
-                                      Register sfi, Register scratch) {
-#ifdef V8_ENABLE_SANDBOX
-  Register scratch2 = r0;
-
-  DCHECK(!AreAliased(data, scratch));
-  DCHECK(!AreAliased(sfi, scratch));
-  DCHECK(!AreAliased(scratch2, scratch));
-
-  // Use trusted_function_data if non-empy, otherwise the regular function_data.
-  Label use_tagged_field, done;
-  __ LoadU32(
-      scratch,
-      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
-      scratch2);
-
-  __ cmpwi(scratch, Operand::Zero());
-  __ beq(&use_tagged_field);
-  __ ResolveIndirectPointerHandle(data, scratch, kUnknownIndirectPointerTag,
-                                  scratch2);
-  __ b(&done);
-
-  __ bind(&use_tagged_field);
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-
-  __ bind(&done);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset),
-      scratch);
-#endif  // V8_ENABLE_SANDBOX
-}
-
 static void CheckSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
                                                       Register data,
                                                       Register scratch,
@@ -122,23 +87,10 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(
   ASM_CODE_COMMENT(masm);
   Label done;
   Register data = bytecode;
-#ifdef V8_ENABLE_SANDBOX
-  // In this case, the bytecode array must be referenced via a trusted pointer.
-  // Loading it from the tagged function_data field would not be safe.
-  Register scratch2 = r0;
-  DCHECK(!AreAliased(scratch2, scratch1));
-  __ LoadU32(
-      scratch1,
-      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset), r0);
-
-  __ CmpS32(scratch1, Operand(0), r0);
-  __ beq(is_unavailable);
-  __ ResolveIndirectPointerHandle(data, scratch1, kUnknownIndirectPointerTag,
-                                  scratch2);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset), r0);
-#endif  // V8_ENABLE_SANDBOX
+  __ LoadTrustedPointerField(
+      data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, r0);
 
   if (V8_JITLESS_BOOL) {
     __ IsObjectType(data, scratch1, scratch1, INTERPRETER_DATA_TYPE);
@@ -223,7 +175,10 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
     ResetSharedFunctionInfoAge(masm, code_obj, r6);
   }
 
-  GetSharedFunctionInfoData(masm, code_obj, code_obj, r6);
+  __ LoadTrustedPointerField(
+      code_obj,
+      FieldMemOperand(code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, r0);
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
@@ -587,7 +542,7 @@ void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
   __ lwz(r7, FieldMemOperand(r7, SharedFunctionInfo::kFlagsOffset));
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r7);
   __ JumpIfIsInRange(
-      r7, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
+      r7, r0, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint32_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
 
@@ -1967,7 +1922,7 @@ void Builtins::Generate_InterpreterPushArgsThenFastConstructFunction(
   Label not_create_implicit_receiver;
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r5);
   __ JumpIfIsInRange(
-      r5, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
+      r5, r0, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint32_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
   NewImplicitReceiver(masm);
@@ -2065,7 +2020,9 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ LoadU64(r5, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(
       r5, FieldMemOperand(r5, JSFunction::kSharedFunctionInfoOffset), r0);
-  GetSharedFunctionInfoData(masm, r5, r5, r6);
+  __ LoadTrustedPointerField(
+      r5, FieldMemOperand(r5, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, r0);
   __ IsObjectType(r5, kInterpreterDispatchTableRegister,
                   kInterpreterDispatchTableRegister, INTERPRETER_DATA_TYPE);
   __ bne(&builtin_trampoline);
@@ -2857,12 +2814,13 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
   Register target = r4;
   Register map = r7;
   Register instance_type = r8;
+  Register scratch = r9;
   DCHECK(!AreAliased(r3, target, map, instance_type));
 
   Label non_callable, class_constructor;
   __ JumpIfSmi(target, &non_callable);
   __ LoadMap(map, target);
-  __ CompareInstanceTypeRange(map, instance_type,
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
                               FIRST_CALLABLE_JS_FUNCTION_TYPE,
                               LAST_CALLABLE_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtins::CallFunction(mode), le);
@@ -2988,7 +2946,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   Register target = r4;
   Register map = r7;
   Register instance_type = r8;
-  DCHECK(!AreAliased(r3, target, map, instance_type));
+  Register scratch = r9;
+  DCHECK(!AreAliased(r3, target, map, instance_type, scratch));
 
   // Check if target is a Smi.
   Label non_constructor, non_proxy;
@@ -3005,8 +2964,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   }
 
   // Dispatch based on instance type.
-  __ CompareInstanceTypeRange(map, instance_type, FIRST_JS_FUNCTION_TYPE,
-                              LAST_JS_FUNCTION_TYPE);
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
+                              FIRST_JS_FUNCTION_TYPE, LAST_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtin::kConstructFunction, le);
 
   // Only dispatch to bound functions after checking whether they are
@@ -3198,7 +3157,7 @@ void Builtins::Generate_WasmReturnPromiseOnSuspendAsm(MacroAssembler* masm) {
   __ Trap();
 }
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset), r0);
@@ -3207,7 +3166,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   Label end;
   __ beq(&instance);
   __ LoadTaggedField(
-      ref, FieldMemOperand(ref, WasmApiFunctionRef::kNativeContextOffset), r0);
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset), r0);
   __ jmp(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -3443,12 +3402,11 @@ void Builtins::Generate_JSToWasmWrapperAsm(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   Register scratch = ip;
   __ LoadTaggedField(
-      scratch,
-      FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset), r0);
+      scratch, FieldMemOperand(import_data, WasmImportData::kCodeOffset), r0);
   __ LoadU64(scratch, FieldMemOperand(scratch, Code::kInstructionStartOffset),
              r0);
   __ Jump(scratch);
@@ -3985,7 +3943,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
diff --git a/deps/v8/src/builtins/promise-abstract-operations.tq b/deps/v8/src/builtins/promise-abstract-operations.tq
index 834007399ffdec..8866a39c8ab47e 100644
--- a/deps/v8/src/builtins/promise-abstract-operations.tq
+++ b/deps/v8/src/builtins/promise-abstract-operations.tq
@@ -34,8 +34,8 @@ extern macro ResolveStringConstant(): String;
 const kResolveString: String = ResolveStringConstant();
 extern macro IsPromiseResolveProtectorCellInvalid(): bool;
 
-extern macro AllocateFunctionWithMapAndContext(
-    Map, SharedFunctionInfo, FunctionContext): JSFunction;
+extern macro AllocateRootFunctionWithContext(
+    constexpr intptr, FunctionContext): JSFunction;
 
 extern macro PromiseReactionMapConstant(): Map;
 extern macro PromiseFulfillReactionJobTaskMapConstant(): Map;
@@ -316,21 +316,22 @@ struct PromiseResolvingFunctions {
   context: Context;
 }
 
+const kPromiseCapabilityDefaultResolveSharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseCapabilityDefaultResolveSharedFun';
+const kPromiseCapabilityDefaultRejectSharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseCapabilityDefaultRejectSharedFun';
+
 @export
 macro CreatePromiseResolvingFunctions(
     implicit context: Context)(promise: JSPromise, debugEvent: Boolean,
     nativeContext: NativeContext): PromiseResolvingFunctions {
   const promiseContext = CreatePromiseResolvingFunctionsContext(
       promise, debugEvent, nativeContext);
-  const map = *NativeContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const resolveInfo = PromiseCapabilityDefaultResolveSharedFunConstant();
-
-  const resolve: JSFunction =
-      AllocateFunctionWithMapAndContext(map, resolveInfo, promiseContext);
-  const rejectInfo = PromiseCapabilityDefaultRejectSharedFunConstant();
-  const reject: JSFunction =
-      AllocateFunctionWithMapAndContext(map, rejectInfo, promiseContext);
+
+  const resolve: JSFunction = AllocateRootFunctionWithContext(
+      kPromiseCapabilityDefaultResolveSharedFun, promiseContext);
+  const reject: JSFunction = AllocateRootFunctionWithContext(
+      kPromiseCapabilityDefaultRejectSharedFun, promiseContext);
   return PromiseResolvingFunctions{
     resolve: resolve,
     reject: reject,
@@ -338,6 +339,9 @@ macro CreatePromiseResolvingFunctions(
   };
 }
 
+const kPromiseGetCapabilitiesExecutorSharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseGetCapabilitiesExecutorSharedFun';
+
 transitioning macro InnerNewPromiseCapability(
     implicit context: Context)(constructor: HeapObject,
     debugEvent: Boolean): PromiseCapability {
@@ -356,14 +360,8 @@ transitioning macro InnerNewPromiseCapability(
     const capability = CreatePromiseCapability(Undefined, Undefined, Undefined);
     const executorContext =
         CreatePromiseCapabilitiesExecutorContext(nativeContext, capability);
-
-    const executorInfo = PromiseGetCapabilitiesExecutorSharedFunConstant();
-    const functionMap =
-        *NativeContextSlot(
-        nativeContext,
-        ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-    const executor = AllocateFunctionWithMapAndContext(
-        functionMap, executorInfo, executorContext);
+    const executor = AllocateRootFunctionWithContext(
+        kPromiseGetCapabilitiesExecutorSharedFun, executorContext);
 
     const promiseConstructor = UnsafeCast<Constructor>(constructor);
     const promise = Construct(promiseConstructor, executor);
diff --git a/deps/v8/src/builtins/promise-all.tq b/deps/v8/src/builtins/promise-all.tq
index d6db4a26059451..6a067c6bebb609 100644
--- a/deps/v8/src/builtins/promise-all.tq
+++ b/deps/v8/src/builtins/promise-all.tq
@@ -41,15 +41,12 @@ macro CreatePromiseAllResolveElementContext(
 macro CreatePromiseAllResolveElementFunction(
     implicit context: Context)(
     resolveElementContext: PromiseAllResolveElementContext, index: Smi,
-    nativeContext: NativeContext,
-    resolveFunction: SharedFunctionInfo): JSFunction {
+    resolveFunction: constexpr intptr): JSFunction {
   dcheck(index > 0);
   dcheck(index < kPropertyArrayHashFieldMax);
 
-  const map = *ContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const resolve = AllocateFunctionWithMapAndContext(
-      map, resolveFunction, resolveElementContext);
+  const resolve =
+      AllocateRootFunctionWithContext(resolveFunction, resolveElementContext);
 
   dcheck(kPropertyArrayNoHashSentinel == 0);
   resolve.properties_or_hash = index;
@@ -91,15 +88,18 @@ macro IsPromiseThenLookupChainIntact(
   return !IsPromiseThenProtectorCellInvalid();
 }
 
+const kPromiseAllResolveElementClosureSharedFun: constexpr intptr
+    generates 'static_cast<intptr_t>(RootIndex::kPromiseAllResolveElementClosureSharedFun)'
+    ;
 struct PromiseAllResolveElementFunctor {
   macro Call(
       implicit context: Context)(
       resolveElementContext: PromiseAllResolveElementContext,
-      nativeContext: NativeContext, index: Smi,
+      _nativeContext: NativeContext, index: Smi,
       _capability: PromiseCapability): Callable {
     return CreatePromiseAllResolveElementFunction(
-        resolveElementContext, index, nativeContext,
-        PromiseAllResolveElementSharedFunConstant());
+        resolveElementContext, index,
+        kPromiseAllResolveElementClosureSharedFun);
   }
 }
 
@@ -113,27 +113,33 @@ struct PromiseAllRejectElementFunctor {
   }
 }
 
+const kPromiseAllSettledResolveElementClosureSharedFun: constexpr intptr
+    generates 'static_cast<intptr_t>(RootIndex::kPromiseAllSettledResolveElementClosureSharedFun)'
+    ;
 struct PromiseAllSettledResolveElementFunctor {
   macro Call(
       implicit context: Context)(
       resolveElementContext: PromiseAllResolveElementContext,
-      nativeContext: NativeContext, index: Smi,
+      _nativeContext: NativeContext, index: Smi,
       _capability: PromiseCapability): Callable {
     return CreatePromiseAllResolveElementFunction(
-        resolveElementContext, index, nativeContext,
-        PromiseAllSettledResolveElementSharedFunConstant());
+        resolveElementContext, index,
+        kPromiseAllSettledResolveElementClosureSharedFun);
   }
 }
 
+const kPromiseAllSettledRejectElementClosureSharedFun: constexpr intptr
+    generates 'static_cast<intptr_t>(RootIndex::kPromiseAllSettledRejectElementClosureSharedFun)'
+    ;
 struct PromiseAllSettledRejectElementFunctor {
   macro Call(
       implicit context: Context)(
       resolveElementContext: PromiseAllResolveElementContext,
-      nativeContext: NativeContext, index: Smi,
+      _nativeContext: NativeContext, index: Smi,
       _capability: PromiseCapability): Callable {
     return CreatePromiseAllResolveElementFunction(
-        resolveElementContext, index, nativeContext,
-        PromiseAllSettledRejectElementSharedFunConstant());
+        resolveElementContext, index,
+        kPromiseAllSettledRejectElementClosureSharedFun);
   }
 }
 
@@ -385,11 +391,5 @@ transitioning javascript builtin PromiseAllSettled(
       PromiseAllSettledRejectElementFunctor{}, 'Promise.allSettled');
 }
 
-extern macro PromiseAllResolveElementSharedFunConstant(): SharedFunctionInfo;
-extern macro PromiseAllSettledRejectElementSharedFunConstant():
-    SharedFunctionInfo;
-extern macro PromiseAllSettledResolveElementSharedFunConstant():
-    SharedFunctionInfo;
-
 extern macro MakeFixedArrayCOW(FixedArray): void;
 }
diff --git a/deps/v8/src/builtins/promise-any.tq b/deps/v8/src/builtins/promise-any.tq
index ec3be73ba9dac6..5208e718459954 100644
--- a/deps/v8/src/builtins/promise-any.tq
+++ b/deps/v8/src/builtins/promise-any.tq
@@ -53,17 +53,17 @@ transitioning macro CreatePromiseAnyRejectElementContext(
   return rejectContext;
 }
 
+const kPromiseAnyRejectElementClosureSharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseAnyRejectElementClosureSharedFun';
+
 macro CreatePromiseAnyRejectElementFunction(
     implicit context: Context)(
     rejectElementContext: PromiseAnyRejectElementContext, index: Smi,
-    nativeContext: NativeContext): JSFunction {
+    _nativeContext: NativeContext): JSFunction {
   dcheck(index > 0);
   dcheck(index < kPropertyArrayHashFieldMax);
-  const map = *ContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const rejectInfo = PromiseAnyRejectElementSharedFunConstant();
-  const reject =
-      AllocateFunctionWithMapAndContext(map, rejectInfo, rejectElementContext);
+  const reject = AllocateRootFunctionWithContext(
+      kPromiseAnyRejectElementClosureSharedFun, rejectElementContext);
   dcheck(kPropertyArrayNoHashSentinel == 0);
   reject.properties_or_hash = index;
   return reject;
diff --git a/deps/v8/src/builtins/promise-finally.tq b/deps/v8/src/builtins/promise-finally.tq
index 7e1b752f35d9ac..035e3a1de02b05 100644
--- a/deps/v8/src/builtins/promise-finally.tq
+++ b/deps/v8/src/builtins/promise-finally.tq
@@ -37,6 +37,9 @@ transitioning javascript builtin PromiseThrowerFinally(
   Throw(reason);
 }
 
+const kPromiseThrowerFinallySharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseThrowerFinallySharedFun';
+
 macro CreateThrowerFunction(
     implicit context: Context)(nativeContext: NativeContext,
     reason: JSAny): JSFunction {
@@ -47,10 +50,8 @@ macro CreateThrowerFunction(
               kPromiseValueThunkOrReasonContextLength));
   InitContextSlot(
       throwerContext, PromiseValueThunkOrReasonContextSlot::kValueSlot, reason);
-  const map = *ContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const throwerInfo = PromiseThrowerFinallySharedFunConstant();
-  return AllocateFunctionWithMapAndContext(map, throwerInfo, throwerContext);
+  return AllocateRootFunctionWithContext(
+      kPromiseThrowerFinallySharedFun, throwerContext);
 }
 
 transitioning javascript builtin PromiseCatchFinally(
@@ -82,6 +83,9 @@ transitioning javascript builtin PromiseCatchFinally(
   return UnsafeCast<JSAny>(InvokeThen(nativeContext, promise, thrower));
 }
 
+const kPromiseValueThunkFinallySharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseValueThunkFinallySharedFun';
+
 macro CreateValueThunkFunction(
     implicit context: Context)(nativeContext: NativeContext,
     value: JSAny): JSFunction {
@@ -93,11 +97,8 @@ macro CreateValueThunkFunction(
   InitContextSlot(
       valueThunkContext, PromiseValueThunkOrReasonContextSlot::kValueSlot,
       value);
-  const map = *ContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const valueThunkInfo = PromiseValueThunkFinallySharedFunConstant();
-  return AllocateFunctionWithMapAndContext(
-      map, valueThunkInfo, valueThunkContext);
+  return AllocateRootFunctionWithContext(
+      kPromiseValueThunkFinallySharedFun, valueThunkContext);
 }
 
 transitioning javascript builtin PromiseThenFinally(
@@ -134,6 +135,11 @@ struct PromiseFinallyFunctions {
   catch_finally: JSFunction;
 }
 
+const kPromiseThenFinallySharedFun:
+    constexpr intptr generates 'RootIndex::kPromiseThenFinallySharedFun';
+const kPromiseCatchFinallySharedFun: constexpr intptr
+    generates 'RootIndex::kPromiseCatchFinallySharedFun';
+
 macro CreatePromiseFinallyFunctions(
     implicit context: Context)(nativeContext: NativeContext,
     onFinally: Callable, constructor: Constructor): PromiseFinallyFunctions {
@@ -145,14 +151,10 @@ macro CreatePromiseFinallyFunctions(
       promiseContext, PromiseFinallyContextSlot::kOnFinallySlot, onFinally);
   InitContextSlot(
       promiseContext, PromiseFinallyContextSlot::kConstructorSlot, constructor);
-  const map = *ContextSlot(
-      nativeContext, ContextSlot::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const thenFinallyInfo = PromiseThenFinallySharedFunConstant();
-  const thenFinally =
-      AllocateFunctionWithMapAndContext(map, thenFinallyInfo, promiseContext);
-  const catchFinallyInfo = PromiseCatchFinallySharedFunConstant();
-  const catchFinally =
-      AllocateFunctionWithMapAndContext(map, catchFinallyInfo, promiseContext);
+  const thenFinally = AllocateRootFunctionWithContext(
+      kPromiseThenFinallySharedFun, promiseContext);
+  const catchFinally = AllocateRootFunctionWithContext(
+      kPromiseCatchFinallySharedFun, promiseContext);
   return PromiseFinallyFunctions{
     then_finally: thenFinally,
     catch_finally: catchFinally
diff --git a/deps/v8/src/builtins/regexp-match.tq b/deps/v8/src/builtins/regexp-match.tq
index 1093c89455f3c7..fdfddb76fc3248 100644
--- a/deps/v8/src/builtins/regexp-match.tq
+++ b/deps/v8/src/builtins/regexp-match.tq
@@ -6,18 +6,16 @@
 
 namespace regexp {
 
-const kATOM: constexpr int31
-    generates 'JSRegExp::ATOM';
-const kTagIndex: constexpr int31
-    generates 'JSRegExp::kTagIndex';
-const kAtomPatternIndex: constexpr int31
-    generates 'JSRegExp::kAtomPatternIndex';
+const kATOM: constexpr uint8
+    generates 'static_cast<uint8_t>(RegExpData::Type::ATOM)';
+const kRegExpDataIndirectPointerTag:
+    constexpr uint64 generates 'kRegExpDataIndirectPointerTag';
 
 extern transitioning macro RegExpBuiltinsAssembler::FlagGetter(
     implicit context: Context)(Object, constexpr Flag, constexpr bool): bool;
 
-extern macro UnsafeLoadFixedArrayElement(RegExpMatchInfo, constexpr int31):
-    Object;
+extern macro LoadTrustedPointerFromObject(
+    HeapObject, constexpr int31, constexpr uint64): TrustedObject;
 
 transitioning macro RegExpPrototypeMatchBody(
     implicit context: Context)(regexp: JSReceiver, string: String,
@@ -49,9 +47,12 @@ transitioning macro RegExpPrototypeMatchBody(
   let searchString: String = EmptyStringConstant();
   if constexpr (isFastPath) {
     const maybeAtomRegexp = UnsafeCast<JSRegExp>(regexp);
-    const data = UnsafeCast<FixedArray>(maybeAtomRegexp.data);
-    if (UnsafeCast<Smi>(data.objects[kTagIndex]) == kATOM) {
-      searchString = UnsafeCast<String>(data.objects[kAtomPatternIndex]);
+    const data: RegExpData =
+        UnsafeCast<RegExpData>(LoadTrustedPointerFromObject(
+            maybeAtomRegexp, kJSRegExpRegExpDataOffset,
+            kRegExpDataIndirectPointerTag));
+    if (data.type_tag == kATOM) {
+      searchString = UnsafeCast<AtomRegExpData>(data).pattern;
       atom = true;
     }
   }
diff --git a/deps/v8/src/builtins/regexp.tq b/deps/v8/src/builtins/regexp.tq
index 9c426ebd7b8d39..38f2d237c6f740 100644
--- a/deps/v8/src/builtins/regexp.tq
+++ b/deps/v8/src/builtins/regexp.tq
@@ -441,6 +441,10 @@ transitioning macro RegExpCreate(
   return RegExpCreate(initialMap, maybeString, flags);
 }
 
+extern macro ClearTrustedPointerField(HeapObject, constexpr int31): void;
+const kJSRegExpRegExpDataOffset:
+    constexpr int31 generates 'JSRegExp::kDataOffset';
+
 @export
 transitioning macro RegExpCreate(
     implicit context: Context)(initialMap: Map, maybeString: JSAny,
@@ -449,6 +453,9 @@ transitioning macro RegExpCreate(
       maybeString == Undefined ? kEmptyString : ToString_Inline(maybeString);
   const regexp =
       UnsafeCast<JSRegExp>(AllocateFastOrSlowJSObjectFromMap(initialMap));
+  // Clear the data field, as a GC can be triggered before the field is set
+  // during compilation.
+  ClearTrustedPointerField(regexp, kJSRegExpRegExpDataOffset);
   return RegExpInitializeAndCompile(context, regexp, pattern, flags);
 }
 }
diff --git a/deps/v8/src/builtins/riscv/builtins-riscv.cc b/deps/v8/src/builtins/riscv/builtins-riscv.cc
index ecab1ddeee571f..6d7bf8eb1d08f4 100644
--- a/deps/v8/src/builtins/riscv/builtins-riscv.cc
+++ b/deps/v8/src/builtins/riscv/builtins-riscv.cc
@@ -312,44 +312,22 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
             Operand(static_cast<int64_t>(CodeKind::BASELINE)));
 }
 
-// Equivalent of SharedFunctionInfo::GetData
-static void GetSharedFunctionInfoData(MacroAssembler* masm, Register data,
-                                      Register sfi, Register scratch) {
-  ASM_CODE_COMMENT(masm);
-#ifdef V8_ENABLE_SANDBOX
-  DCHECK(!AreAliased(data, scratch));
-  DCHECK(!AreAliased(sfi, scratch));
-  // Use trusted_function_data if non-empy, otherwise the regular function_data.
-  Label use_tagged_field, done;
-  __ Lwu(scratch,
-         FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
-  __ Branch(&use_tagged_field, eq, scratch, Operand(zero_reg));
-  __ ResolveIndirectPointerHandle(data, scratch, kUnknownIndirectPointerTag);
-  __ Branch(&done);
-  __ bind(&use_tagged_field);
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-  __ bind(&done);
-#else
-  __ LoadTaggedField(
-      data, FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
-}
 // TODO(v8:11429): Add a path for "not_compiled" and unify the two uses under
 // the more general dispatch.
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi,
-                                                    Register bytecode,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   DCHECK(!AreAliased(bytecode, scratch1));
   ASM_CODE_COMMENT(masm);
   Label done;
 
   Register data = bytecode;
-  GetSharedFunctionInfoData(masm, data, sfi, scratch1);
-  __ GetObjectType(data, scratch1, scratch1);
+  __ LoadTrustedPointerField(
+      data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
 
+  __ GetObjectType(data, scratch1, scratch1);
 #ifndef V8_JITLESS
   if (v8_flags.debug_code) {
     Label not_baseline;
@@ -361,11 +339,10 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
     __ Branch(is_baseline, eq, scratch1, Operand(CODE_TYPE));
   }
 #endif  // !V8_JITLESS
-
-  __ Branch(&done, ne, scratch1, Operand(INTERPRETER_DATA_TYPE));
+  __ Branch(&done, eq, scratch1, Operand(BYTECODE_ARRAY_TYPE));
+  __ Branch(is_unavailable, ne, scratch1, Operand(INTERPRETER_DATA_TYPE));
   __ LoadProtectedPointerField(
       bytecode, FieldMemOperand(data, InterpreterData::kBytecodeArrayOffset));
-
   __ bind(&done);
 }
 
@@ -450,17 +427,20 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline;
+    Label ok, is_baseline, is_unavailable;
     Register sfi = a3;
     Register bytecode = a3;
     __ LoadTaggedField(
         sfi, FieldMemOperand(a4, JSFunction::kSharedFunctionInfoOffset));
     GetSharedFunctionInfoBytecodeOrBaseline(masm, sfi, bytecode, t5,
-                                            &is_baseline);
-    __ GetObjectType(a3, a3, bytecode);
-    __ Assert(eq, AbortReason::kMissingBytecodeArray, bytecode,
-              Operand(BYTECODE_ARRAY_TYPE));
+                                            &is_baseline, &is_unavailable);
+    __ Branch(&ok);
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
     __ bind(&is_baseline);
+    __ GetObjectType(bytecode, t5, t5);
+    __ Assert(eq, AbortReason::kMissingBytecodeArray, t5, Operand(CODE_TYPE));
+    __ bind(&ok);
   }
 
   // Resume (Ignition/TurboFan) generator object.
@@ -1159,15 +1139,12 @@ void Builtins::Generate_InterpreterEntryTrampoline(
       sfi, FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, sfi);
 
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(
-      masm, sfi, kInterpreterBytecodeArrayRegister, kScratchReg, &is_baseline);
-
   // The bytecode array could have been flushed from the shared function info,
   // if so, call into CompileLazy.
-  Label compile_lazy;
-  __ GetObjectType(kInterpreterBytecodeArrayRegister, kScratchReg, kScratchReg);
-  __ Branch(&compile_lazy, ne, kScratchReg, Operand(BYTECODE_ARRAY_TYPE));
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(
+      masm, sfi, kInterpreterBytecodeArrayRegister, kScratchReg, &is_baseline,
+      &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = a2;
@@ -1739,7 +1716,9 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ LoadWord(t0, MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(
       t0, FieldMemOperand(t0, JSFunction::kSharedFunctionInfoOffset));
-  GetSharedFunctionInfoData(masm, t0, t0, t1);
+  __ LoadTrustedPointerField(
+      t0, FieldMemOperand(t0, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
   __ GetObjectType(t0, kInterpreterDispatchTableRegister,
                    kInterpreterDispatchTableRegister);
   __ Branch(&builtin_trampoline, ne, kInterpreterDispatchTableRegister,
@@ -3013,21 +2992,20 @@ void Builtins::Generate_WasmDebugBreak(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   // Use t6 which is not in kGpParamRegisters.
   Register call_target = t6;
   UseScratchRegisterScope temps{masm};
   temps.Exclude(t6);
 #ifdef V8_ENABLE_SANDBOX
   __ LoadCodeEntrypointViaCodePointer(
-      call_target,
-      FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset),
+      call_target, FieldMemOperand(import_data, WasmImportData::kCodeOffset),
       kWasmEntrypointTag);
 #else
   Register code = call_target;
-  __ LoadTaggedField(
-      code, FieldMemOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ LoadTaggedField(code,
+                     FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ LoadWord(call_target,
               FieldMemOperand(code, Code::kInstructionStartOffset));
 #endif
@@ -3682,16 +3660,6 @@ void Builtins::Generate_WasmSuspend(MacroAssembler* masm) {
   __ Ret();
 }
 
-#ifdef V8_ENABLE_WEBASSEMBLY
-// Equivalent of SharedFunctionInfo::wasm_resume_data()
-static void GetSharedFunctionInfoWasmResumeData(MacroAssembler* masm,
-                                                Register resume_data,
-                                                Register sfi) {
-  __ LoadTaggedField(
-      resume_data,
-      FieldMemOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-}
-#endif  // V8_ENABLE_WEBASSEMBLY
 
 namespace {
 // Resume the suspender stored in the closure. We generate two variants of this
@@ -3729,7 +3697,9 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
   // RecordWriteField calls later.
   Register suspender = WriteBarrierDescriptor::ObjectRegister();
   Register resume_data = temps.Acquire();
-  GetSharedFunctionInfoWasmResumeData(masm, resume_data, sfi);
+  __ LoadTaggedField(
+      resume_data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
   // The write barrier uses a fixed register for the host object (rdi). The next
   // barrier is on the suspender, so load it in rdi directly.
   __ LoadTaggedField(
@@ -3942,7 +3912,7 @@ void SwitchToAllocatedStack(MacroAssembler* masm, Register wasm_instance,
           JSToWasmWrapperFrameConstants::kWrapperBufferSigRepresentationArray));
 }
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset));
@@ -3953,7 +3923,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   // __ CompareInstanceType(scratch, scratch, WASM_TRUSTED_INSTANCE_DATA_TYPE);
   __ Branch(&instance, eq, scratch, Operand(zero_reg));
   __ LoadTaggedField(
-      ref, FieldMemOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset));
   __ Branch(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -4512,7 +4482,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   __ AddWord(property_callback_info_arg, fp, Operand(FC::kArgsArrayOffset));
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch));
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
@@ -4801,7 +4771,10 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
     ResetSharedFunctionInfoAge(masm, code_obj);
   }
 
-  GetSharedFunctionInfoData(masm, code_obj, code_obj, t2);
+  __ LoadTrustedPointerField(
+      code_obj,
+      FieldMemOperand(code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag);
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/builtins/s390/builtins-s390.cc b/deps/v8/src/builtins/s390/builtins-s390.cc
index 7039746f013971..996f0e4c55d535 100644
--- a/deps/v8/src/builtins/s390/builtins-s390.cc
+++ b/deps/v8/src/builtins/s390/builtins-s390.cc
@@ -47,35 +47,41 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   __ Assert(eq, AbortReason::kExpectedBaselineData);
 }
 
-static void GetSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
-                                                    Register sfi_data,
-                                                    Register scratch1,
-                                                    Label* is_baseline) {
+static void GetSharedFunctionInfoBytecodeOrBaseline(
+    MacroAssembler* masm, Register sfi, Register bytecode, Register scratch1,
+    Label* is_baseline, Label* is_unavailable) {
   USE(GetSharedFunctionInfoBytecodeOrBaseline);
   ASM_CODE_COMMENT(masm);
   Label done;
-  __ LoadMap(scratch1, sfi_data);
+
+  Register data = bytecode;
+  __ LoadTaggedField(
+      data,
+      FieldMemOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
+
+  __ LoadMap(scratch1, data);
+  __ LoadU16(scratch1, FieldMemOperand(scratch1, Map::kInstanceTypeOffset));
 
 #ifndef V8_JITLESS
-  __ CompareInstanceType(scratch1, scratch1, CODE_TYPE);
+  __ CmpS32(scratch1, Operand(CODE_TYPE));
   if (v8_flags.debug_code) {
     Label not_baseline;
     __ b(ne, &not_baseline);
-    AssertCodeIsBaseline(masm, sfi_data, scratch1);
+    AssertCodeIsBaseline(masm, data, scratch1);
     __ beq(is_baseline);
     __ bind(&not_baseline);
   } else {
     __ beq(is_baseline);
   }
-  __ CmpS32(scratch1, Operand(INTERPRETER_DATA_TYPE));
-#else
-  __ CompareInstanceType(scratch1, scratch1, INTERPRETER_DATA_TYPE);
 #endif  // !V8_JITLESS
 
-  __ bne(&done);
+  __ CmpS32(scratch1, Operand(BYTECODE_ARRAY_TYPE));
+  __ b(eq, &done);
+
+  __ CmpS32(scratch1, Operand(INTERPRETER_DATA_TYPE));
+  __ b(ne, is_unavailable);
   __ LoadTaggedField(
-      sfi_data,
-      FieldMemOperand(sfi_data, InterpreterData::kBytecodeArrayOffset));
+      data, FieldMemOperand(data, InterpreterData::kBytecodeArrayOffset));
 
   __ bind(&done);
 }
@@ -144,8 +150,8 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
   }
 
   __ LoadTaggedField(
-      code_obj,
-      FieldMemOperand(code_obj, SharedFunctionInfo::kFunctionDataOffset));
+      code_obj, FieldMemOperand(
+                    code_obj, SharedFunctionInfo::kTrustedFunctionDataOffset));
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
@@ -490,7 +496,7 @@ void Builtins::Generate_JSConstructStubGeneric(MacroAssembler* masm) {
   __ LoadU32(r6, FieldMemOperand(r6, SharedFunctionInfo::kFlagsOffset));
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r6);
   __ JumpIfIsInRange(
-      r6, static_cast<uint8_t>(FunctionKind::kDefaultDerivedConstructor),
+      r6, r6, static_cast<uint8_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint8_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
 
@@ -703,15 +709,21 @@ void Builtins::Generate_ResumeGeneratorTrampoline(MacroAssembler* masm) {
 
   // Underlying function needs to have bytecode available.
   if (v8_flags.debug_code) {
-    Label is_baseline;
+    Label is_baseline, is_unavailable, ok;
     __ LoadTaggedField(
         r5, FieldMemOperand(r6, JSFunction::kSharedFunctionInfoOffset));
-    __ LoadTaggedField(
-        r5, FieldMemOperand(r5, SharedFunctionInfo::kFunctionDataOffset));
-    GetSharedFunctionInfoBytecodeOrBaseline(masm, r5, ip, &is_baseline);
-    __ CompareObjectType(r5, r5, r5, BYTECODE_ARRAY_TYPE);
-    __ Assert(eq, AbortReason::kMissingBytecodeArray);
+    GetSharedFunctionInfoBytecodeOrBaseline(masm, r5, r5, ip, &is_baseline,
+                                            &is_unavailable);
+    __ jmp(&ok);
+
+    __ bind(&is_unavailable);
+    __ Abort(AbortReason::kMissingBytecodeArray);
+
     __ bind(&is_baseline);
+    __ CompareObjectType(r5, r5, r5, CODE_TYPE);
+    __ Assert(eq, AbortReason::kMissingBytecodeArray);
+
+    __ bind(&ok);
   }
 
   // Resume (Ignition/TurboFan) generator object.
@@ -1443,21 +1455,13 @@ void Builtins::Generate_InterpreterEntryTrampoline(
   __ LoadTaggedField(
       r6, FieldMemOperand(closure, JSFunction::kSharedFunctionInfoOffset));
   ResetSharedFunctionInfoAge(masm, r6, ip);
-  // Load original bytecode array or the debug copy.
-  __ LoadTaggedField(
-      kInterpreterBytecodeArrayRegister,
-      FieldMemOperand(r6, SharedFunctionInfo::kFunctionDataOffset));
-
-  Label is_baseline;
-  GetSharedFunctionInfoBytecodeOrBaseline(
-      masm, kInterpreterBytecodeArrayRegister, ip, &is_baseline);
 
   // The bytecode array could have been flushed from the shared function info,
   // if so, call into CompileLazy.
-  Label compile_lazy;
-  __ CompareObjectType(kInterpreterBytecodeArrayRegister, r6, no_reg,
-                       BYTECODE_ARRAY_TYPE);
-  __ bne(&compile_lazy);
+  Label is_baseline, compile_lazy;
+  GetSharedFunctionInfoBytecodeOrBaseline(masm, r6,
+                                          kInterpreterBytecodeArrayRegister, ip,
+                                          &is_baseline, &compile_lazy);
 
   Label push_stack_frame;
   Register feedback_vector = r4;
@@ -1946,7 +1950,7 @@ void Builtins::Generate_InterpreterPushArgsThenFastConstructFunction(
   Label not_create_implicit_receiver;
   __ DecodeField<SharedFunctionInfo::FunctionKindBits>(r4);
   __ JumpIfIsInRange(
-      r4, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
+      r4, r4, static_cast<uint32_t>(FunctionKind::kDefaultDerivedConstructor),
       static_cast<uint32_t>(FunctionKind::kDerivedConstructor),
       &not_create_implicit_receiver);
   NewImplicitReceiver(masm);
@@ -2043,7 +2047,7 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ LoadTaggedField(
       r4, FieldMemOperand(r4, JSFunction::kSharedFunctionInfoOffset));
   __ LoadTaggedField(
-      r4, FieldMemOperand(r4, SharedFunctionInfo::kFunctionDataOffset));
+      r4, FieldMemOperand(r4, SharedFunctionInfo::kTrustedFunctionDataOffset));
   __ CompareObjectType(r4, kInterpreterDispatchTableRegister,
                        kInterpreterDispatchTableRegister,
                        INTERPRETER_DATA_TYPE);
@@ -2816,12 +2820,13 @@ void Builtins::Generate_Call(MacroAssembler* masm, ConvertReceiverMode mode) {
   Register target = r3;
   Register map = r6;
   Register instance_type = r7;
+  Register scratch = r8;
   DCHECK(!AreAliased(r2, target, map, instance_type));
 
   Label non_callable, class_constructor;
   __ JumpIfSmi(target, &non_callable);
   __ LoadMap(map, target);
-  __ CompareInstanceTypeRange(map, instance_type,
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
                               FIRST_CALLABLE_JS_FUNCTION_TYPE,
                               LAST_CALLABLE_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtins::CallFunction(mode), le);
@@ -2946,7 +2951,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   Register target = r3;
   Register map = r6;
   Register instance_type = r7;
-  DCHECK(!AreAliased(r2, target, map, instance_type));
+  Register scratch = r8;
+  DCHECK(!AreAliased(r2, target, map, instance_type, scratch));
 
   // Check if target is a Smi.
   Label non_constructor, non_proxy;
@@ -2963,8 +2969,8 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
   }
 
   // Dispatch based on instance type.
-  __ CompareInstanceTypeRange(map, instance_type, FIRST_JS_FUNCTION_TYPE,
-                              LAST_JS_FUNCTION_TYPE);
+  __ CompareInstanceTypeRange(map, instance_type, scratch,
+                              FIRST_JS_FUNCTION_TYPE, LAST_JS_FUNCTION_TYPE);
   __ TailCallBuiltin(Builtin::kConstructFunction, le);
 
   // Only dispatch to bound functions after checking whether they are
@@ -3166,7 +3172,7 @@ void Builtins::Generate_WasmReturnPromiseOnSuspendAsm(MacroAssembler* masm) {
   __ Trap();
 }
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   __ LoadTaggedField(scratch, FieldMemOperand(ref, HeapObject::kMapOffset));
@@ -3175,7 +3181,7 @@ void GetContextFromRef(MacroAssembler* masm, Register ref, Register scratch) {
   Label end;
   __ beq(&instance);
   __ LoadTaggedField(
-      ref, FieldMemOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+      ref, FieldMemOperand(ref, WasmImportData::kNativeContextOffset));
   __ jmp(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -3403,11 +3409,11 @@ void Builtins::Generate_JSToWasmWrapperAsm(MacroAssembler* masm) {
 }
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
   Register scratch = ip;
-  __ LoadTaggedField(scratch, FieldMemOperand(api_function_ref,
-                                              WasmApiFunctionRef::kCodeOffset));
+  __ LoadTaggedField(scratch,
+                     FieldMemOperand(import_data, WasmImportData::kCodeOffset));
   __ LoadU64(scratch, FieldMemOperand(scratch, Code::kInstructionStartOffset));
   __ Jump(scratch);
 }
@@ -3976,7 +3982,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   // |name_arg| is already initialized above.
 #else
diff --git a/deps/v8/src/builtins/setup-builtins-internal.cc b/deps/v8/src/builtins/setup-builtins-internal.cc
index d344a34ae8e858..7c870a7e4c2768 100644
--- a/deps/v8/src/builtins/setup-builtins-internal.cc
+++ b/deps/v8/src/builtins/setup-builtins-internal.cc
@@ -143,10 +143,17 @@ V8_NOINLINE Tagged<Code> BuildWithMacroAssembler(
     handler_table_offset = HandlerTable::EmitReturnTableStart(&masm);
     HandlerTable::EmitReturnEntry(
         &masm, 0, isolate->builtins()->js_entry_handler_offset());
+#if V8_ENABLE_DRUMBRAKE
+  } else if (builtin == Builtin::kWasmInterpreterCWasmEntry) {
+    handler_table_offset = HandlerTable::EmitReturnTableStart(&masm);
+    HandlerTable::EmitReturnEntry(
+        &masm, 0,
+        isolate->builtins()->cwasm_interpreter_entry_handler_offset());
+#endif  // V8_ENABLE_DRUMBRAKE
   }
 #if V8_ENABLE_WEBASSEMBLY &&                                              \
     (V8_TARGET_ARCH_X64 || V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_IA32 || \
-     V8_TARGET_ARCH_ARM || V8_TARGET_ARCH_RISCV64)
+     V8_TARGET_ARCH_ARM || V8_TARGET_ARCH_RISCV64 || V8_TARGET_ARCH_LOONG64)
   if (builtin == Builtin::kWasmReturnPromiseOnSuspendAsm) {
     handler_table_offset = HandlerTable::EmitReturnTableStart(&masm);
     HandlerTable::EmitReturnEntry(
@@ -189,30 +196,14 @@ Tagged<Code> BuildAdaptor(Isolate* isolate, Builtin builtin,
   return *code;
 }
 
-// Builder for builtins implemented in TurboFan with JS linkage.
-V8_NOINLINE Tagged<Code> BuildWithCodeStubAssemblerJS(
-    Isolate* isolate, Builtin builtin, CodeAssemblerGenerator generator,
-    int argc, const char* name) {
-  HandleScope scope(isolate);
-
-  Zone zone(isolate->allocator(), ZONE_NAME, kCompressGraphZone);
-  compiler::CodeAssemblerState state(isolate, &zone, argc, CodeKind::BUILTIN,
-                                     name, builtin);
-  generator(&state);
-  DirectHandle<Code> code = compiler::CodeAssembler::GenerateCode(
-      &state, BuiltinAssemblerOptions(isolate, builtin),
-      ProfileDataFromFile::TryRead(name));
-  return *code;
-}
-
 inline constexpr char kTempZoneName[] = "temp-zone";
 inline constexpr char kBuiltinCompilationZoneName[] =
     "builtin-compilation-zone";
 
-// Builder for builtins implemented in Turboshaft with CallStub linkage.
-V8_NOINLINE Tagged<Code> BuildWithTurboshaftAssemblerCS(
+Tagged<Code> BuildWithTurboshaftAssemblerImpl(
     Isolate* isolate, Builtin builtin, TurboshaftAssemblerGenerator generator,
-    CallDescriptors::Key interface_descriptor, const char* name) {
+    std::function<compiler::CallDescriptor*(Zone*)> call_descriptor_builder,
+    const char* name) {
   HandleScope scope(isolate);
   using namespace compiler::turboshaft;  // NOLINT(build/namespaces)
 
@@ -221,28 +212,72 @@ V8_NOINLINE Tagged<Code> BuildWithTurboshaftAssemblerCS(
                                                  kBuiltinCompilationZoneName);
   OptimizedCompilationInfo info(base::CStrVector(name), zone, CodeKind::BUILTIN,
                                 builtin);
+  compiler::CallDescriptor* call_descriptor = call_descriptor_builder(zone);
 
   PipelineData data(&zone_stats, TurboshaftPipelineKind::kTSABuiltin, isolate,
                     &info, BuiltinAssemblerOptions(isolate, builtin));
+  data.InitializeBuiltinComponent(call_descriptor);
   data.InitializeGraphComponent(nullptr);
   ZoneWithName<kTempZoneName> temp_zone(&zone_stats, kTempZoneName);
   generator(&data, isolate, data.graph(), temp_zone);
 
-  CallInterfaceDescriptor descriptor(interface_descriptor);
-  DCHECK_LE(0, descriptor.GetRegisterParameterCount());
-  compiler::CallDescriptor* call_descriptor =
-      compiler::Linkage::GetStubCallDescriptor(
-          zone, descriptor, descriptor.GetStackParameterCount(),
-          compiler::CallDescriptor::kNoFlags,
-          compiler::Operator::kNoProperties);
-
-  Handle<Code> code = compiler::Pipeline::GenerateCodeForTurboshaftBuiltin(
-                          &data, call_descriptor, builtin, name,
-                          ProfileDataFromFile::TryRead(name))
-                          .ToHandleChecked();
+  DirectHandle<Code> code =
+      compiler::Pipeline::GenerateCodeForTurboshaftBuiltin(
+          &data, call_descriptor, builtin, name,
+          ProfileDataFromFile::TryRead(name))
+          .ToHandleChecked();
+  return *code;
+}
+
+// Builder for builtins implemented in Turboshaft with JS linkage.
+V8_NOINLINE Tagged<Code> BuildWithTurboshaftAssemblerJS(
+    Isolate* isolate, Builtin builtin, TurboshaftAssemblerGenerator generator,
+    int argc, const char* name) {
+  return BuildWithTurboshaftAssemblerImpl(
+      isolate, builtin, generator,
+      [argc](Zone* zone) {
+        return compiler::Linkage::GetJSCallDescriptor(
+            zone, false, argc, compiler::CallDescriptor::kCanUseRoots);
+      },
+      name);
+}
+
+// Builder for builtins implemented in TurboFan with JS linkage.
+V8_NOINLINE Tagged<Code> BuildWithCodeStubAssemblerJS(
+    Isolate* isolate, Builtin builtin, CodeAssemblerGenerator generator,
+    int argc, const char* name) {
+  // TODO(nicohartmann): Remove this once `BuildWithTurboshaftAssemblerCS` has
+  // an actual use.
+  USE(&BuildWithTurboshaftAssemblerJS);
+  HandleScope scope(isolate);
+
+  Zone zone(isolate->allocator(), ZONE_NAME, kCompressGraphZone);
+  compiler::CodeAssemblerState state(isolate, &zone, argc, CodeKind::BUILTIN,
+                                     name, builtin);
+  generator(&state);
+  DirectHandle<Code> code = compiler::CodeAssembler::GenerateCode(
+      &state, BuiltinAssemblerOptions(isolate, builtin),
+      ProfileDataFromFile::TryRead(name));
   return *code;
 }
 
+// Builder for builtins implemented in Turboshaft with CallStub linkage.
+V8_NOINLINE Tagged<Code> BuildWithTurboshaftAssemblerCS(
+    Isolate* isolate, Builtin builtin, TurboshaftAssemblerGenerator generator,
+    CallDescriptors::Key interface_descriptor, const char* name) {
+  return BuildWithTurboshaftAssemblerImpl(
+      isolate, builtin, generator,
+      [interface_descriptor](Zone* zone) {
+        CallInterfaceDescriptor descriptor(interface_descriptor);
+        DCHECK_LE(0, descriptor.GetRegisterParameterCount());
+        return compiler::Linkage::GetStubCallDescriptor(
+            zone, descriptor, descriptor.GetStackParameterCount(),
+            compiler::CallDescriptor::kNoFlags,
+            compiler::Operator::kNoProperties);
+      },
+      name);
+}
+
 // Builder for builtins implemented in TurboFan with CallStub linkage.
 V8_NOINLINE Tagged<Code> BuildWithCodeStubAssemblerCS(
     Isolate* isolate, Builtin builtin, CodeAssemblerGenerator generator,
@@ -378,6 +413,12 @@ void SetupIsolateDelegate::SetupBuiltinsInternal(Isolate* isolate) {
   AddBuiltin(builtins, Builtin::k##Name, code);              \
   index++;
 
+#define BUILD_TSJ(Name, Argc, ...)                                         \
+  code = BuildWithTurboshaftAssemblerJS(                                   \
+      isolate, Builtin::k##Name, &Builtins::Generate_##Name, Argc, #Name); \
+  AddBuiltin(builtins, Builtin::k##Name, code);                            \
+  index++;
+
 #define BUILD_TFJ(Name, Argc, ...)                                         \
   code = BuildWithCodeStubAssemblerJS(                                     \
       isolate, Builtin::k##Name, &Builtins::Generate_##Name, Argc, #Name); \
@@ -428,10 +469,11 @@ void SetupIsolateDelegate::SetupBuiltinsInternal(Isolate* isolate) {
   AddBuiltin(builtins, Builtin::k##Name, code);                     \
   index++;
 
-  BUILTIN_LIST(BUILD_CPP, BUILD_TFJ, BUILD_TSC, BUILD_TFC, BUILD_TFS, BUILD_TFH,
-               BUILD_BCH, BUILD_ASM);
+  BUILTIN_LIST(BUILD_CPP, BUILD_TSJ, BUILD_TFJ, BUILD_TSC, BUILD_TFC, BUILD_TFS,
+               BUILD_TFH, BUILD_BCH, BUILD_ASM);
 
 #undef BUILD_CPP
+#undef BUILD_TSJ
 #undef BUILD_TFJ
 #undef BUILD_TSC
 #undef BUILD_TFC
diff --git a/deps/v8/src/builtins/suppressed-error.tq b/deps/v8/src/builtins/suppressed-error.tq
index a30e94e44083af..ccd47daaf96d98 100644
--- a/deps/v8/src/builtins/suppressed-error.tq
+++ b/deps/v8/src/builtins/suppressed-error.tq
@@ -16,18 +16,13 @@ transitioning javascript builtin SuppressedErrorConstructor(
   // else let newTarget be NewTarget.
   // 2. Let O be ? OrdinaryCreateFromConstructor(newTarget,
   // "%SuppressedError.prototype%", « [[ErrorData]] »).
-  const map = GetDerivedMap(target, UnsafeCast<JSReceiver>(newTarget));
-  const obj: JSObject = AllocateFastOrSlowJSObjectFromMap(map);
-
   // 3. If message is not undefined, then
   //    a. Let messageString be ? ToString(message).
   //    b. Perform CreateNonEnumerableDataPropertyOrThrow(O, "message",
   //    messageString).
-  if (message != Undefined) {
-    SetOwnPropertyIgnoreAttributes(
-        obj, MessageStringConstant(), message,
-        SmiConstant(PropertyAttributes::DONT_ENUM));
-  }
+  const obj: JSObject =
+      ConstructSuppressedError(context, target, newTarget, message);
+
   // 4. Perform CreateNonEnumerableDataPropertyOrThrow(O, "error", error).
   SetOwnPropertyIgnoreAttributes(
       obj, ErrorStringConstant(), error,
@@ -43,4 +38,7 @@ transitioning javascript builtin SuppressedErrorConstructor(
   return obj;
 }
 
+extern transitioning runtime ConstructSuppressedError(
+    Context, JSFunction, JSAny, Object): JSObject;
+
 }
diff --git a/deps/v8/src/builtins/typed-array-from.tq b/deps/v8/src/builtins/typed-array-from.tq
index 8dfead55bb2c9c..2ab4e9bdb2ef04 100644
--- a/deps/v8/src/builtins/typed-array-from.tq
+++ b/deps/v8/src/builtins/typed-array-from.tq
@@ -94,7 +94,7 @@ transitioning javascript builtin TypedArrayFrom(
             // Check that the iterator function is exactly
             // Builtin::kArrayPrototypeValues.
             if (!TaggedEqual(
-                    iteratorFn.shared_function_info.function_data,
+                    iteratorFn.shared_function_info.untrusted_function_data,
                     SmiConstant(kArrayPrototypeValues))) {
               goto UseUserProvidedIterator;
             }
@@ -113,7 +113,7 @@ transitioning javascript builtin TypedArrayFrom(
             // Check that the iterator function is exactly
             // Builtin::kTypedArrayPrototypeValues.
             if (!TaggedEqual(
-                    iteratorFn.shared_function_info.function_data,
+                    iteratorFn.shared_function_info.untrusted_function_data,
                     SmiConstant(kTypedArrayPrototypeValues)))
               goto UseUserProvidedIterator;
 
@@ -126,7 +126,7 @@ transitioning javascript builtin TypedArrayFrom(
             // Check that the iterator function is exactly
             // Builtin::kSetPrototypeValues.
             if (!TaggedEqual(
-                    iteratorFn.shared_function_info.function_data,
+                    iteratorFn.shared_function_info.untrusted_function_data,
                     SmiConstant(kSetPrototypeValues))) {
               goto UseUserProvidedIterator;
             }
diff --git a/deps/v8/src/builtins/wasm-to-js.tq b/deps/v8/src/builtins/wasm-to-js.tq
index 97241ccf85fd06..060ebae501ca38 100644
--- a/deps/v8/src/builtins/wasm-to-js.tq
+++ b/deps/v8/src/builtins/wasm-to-js.tq
@@ -3,7 +3,7 @@
 // found in the LICENSE file.
 
 namespace runtime {
-extern runtime TierUpWasmToJSWrapper(NoContext, WasmApiFunctionRef): JSAny;
+extern runtime TierUpWasmToJSWrapper(NoContext, WasmImportData): JSAny;
 extern runtime WasmThrowJSTypeError(Context): never;
 }  // namespace runtime
 
@@ -51,9 +51,9 @@ macro HandleF32Returns(
 }
 
 @export
-transitioning macro WasmToJSWrapper(ref: WasmApiFunctionRef): WasmToJSResult {
+transitioning macro WasmToJSWrapper(ref: WasmImportData): WasmToJSResult {
   const oldSP = SwitchToTheCentralStackIfNeeded();
-  dcheck(Is<WasmApiFunctionRef>(ref));
+  dcheck(Is<WasmImportData>(ref));
   // Spill the signature on the stack so that it can be read by the GC. This is
   // done in the very beginning before a GC could be triggered.
   // Caller FP + return address.
diff --git a/deps/v8/src/builtins/wasm.tq b/deps/v8/src/builtins/wasm.tq
index 074b5c0b705042..47a3893a8fdcf1 100644
--- a/deps/v8/src/builtins/wasm.tq
+++ b/deps/v8/src/builtins/wasm.tq
@@ -83,6 +83,13 @@ extern runtime WasmLiftoffDeoptFinish(NoContext, WasmTrustedInstanceData):
 extern runtime PropagateException(NoContext): JSAny;
 }
 
+extern operator '.wasm_exported_function_data' macro
+    LoadSharedFunctionInfoWasmExportedFunctionData(SharedFunctionInfo):
+        WasmExportedFunctionData;
+extern operator '.wasm_js_function_data' macro
+    LoadSharedFunctionInfoWasmJSFunctionData(SharedFunctionInfo):
+        WasmJSFunctionData;
+
 namespace unsafe {
 extern macro Allocate(intptr): HeapObject;
 extern macro Allocate(intptr, constexpr AllocationFlag): HeapObject;
@@ -624,16 +631,17 @@ builtin WasmI64AtomicWait(
 // This can lead to incorrect inlining decisions.
 macro UpdateCallRefOrIndirectIC(
     vector: FixedArray, index: intptr, target: Object): void {
-  const value = vector.objects[index];
-  if (TaggedEqual(value, target)) {
+  const firstSlot = vector.objects[index];
+  const secondSlot = vector.objects[index + 1];
+  if (TaggedEqual(firstSlot, target)) {
     // Monomorphic hit. Check for this case first to maximize its performance.
-    const count = UnsafeCast<Smi>(vector.objects[index + 1]) + SmiConstant(1);
+    const count = UnsafeCast<Smi>(secondSlot) + SmiConstant(1);
     vector.objects[index + 1] = count;
     return;
   }
   // Check for polymorphic hit; its performance is second-most-important.
-  if (Is<FixedArray>(value)) {
-    const entries = UnsafeCast<FixedArray>(value);
+  if (Is<FixedArray>(firstSlot)) {
+    const entries = UnsafeCast<FixedArray>(firstSlot);
     for (let i: intptr = 0; i < entries.length_intptr; i += 2) {
       if (TaggedEqual(entries.objects[i], target)) {
         // Polymorphic hit.
@@ -644,14 +652,20 @@ macro UpdateCallRefOrIndirectIC(
     }
   }
   // All other cases are some sort of miss.
-  if (TaggedEqual(value, SmiConstant(0))) {
+  if (TaggedEqual(secondSlot, SmiConstant(0))) {
     // Was uninitialized.
-    dcheck(TaggedEqual(vector.objects[index + 1], SmiConstant(0)));
+    // Note that we inspect the second slot (the call count, see feedback vector
+    // layout in {TransitiveTypeFeedbackProcessor::ProcessFunction}) for
+    // determining whether the entry is uninitialized, not the first slot (the
+    // call target), since the target may genuinely be zero for `call_indirect`
+    // if the `WasmDispatchTable` happens to start at an address with many zero
+    // least significant bits.
+    dcheck(TaggedEqual(firstSlot, SmiConstant(0)));
     vector.objects[index] = target;
     vector.objects[index + 1] = SmiConstant(1);
-  } else if (Is<FixedArray>(value)) {
+  } else if (Is<FixedArray>(firstSlot)) {
     // Polymorphic miss.
-    const entries = UnsafeCast<FixedArray>(value);
+    const entries = UnsafeCast<FixedArray>(firstSlot);
     const kMaxSlots = kMaxPolymorphism * 2;  // 2 slots per entry.
     if (entries.length == SmiConstant(kMaxSlots)) {
       // Polymorphic to megamorphic transition.
@@ -670,15 +684,15 @@ macro UpdateCallRefOrIndirectIC(
       newEntries.objects[newIndex + 1] = SmiConstant(1);
       vector.objects[index] = newEntries;
     }
-  } else if (value == ic::kMegamorphicSymbol) {
-    // The "ic::IsMegamorphic(value)" case doesn't need to do anything.
+  } else if (firstSlot == ic::kMegamorphicSymbol) {
+    // The "ic::IsMegamorphic(firstSlot)" case doesn't need to do anything.
   } else {
     // Monomorphic miss.
-    dcheck(Is<WasmFuncRef>(value) || Is<Smi>(value));
+    dcheck(Is<WasmFuncRef>(firstSlot) || Is<Smi>(firstSlot));
     const newEntries = UnsafeCast<FixedArray>(AllocateFixedArray(
         ElementsKind::PACKED_ELEMENTS, 4, AllocationFlag::kNone));
-    newEntries.objects[0] = value;
-    newEntries.objects[1] = vector.objects[index + 1];
+    newEntries.objects[0] = firstSlot;
+    newEntries.objects[1] = secondSlot;
     newEntries.objects[2] = target;
     newEntries.objects[3] = SmiConstant(1);
     vector.objects[index] = newEntries;
@@ -690,14 +704,14 @@ macro UpdateCallRefOrIndirectIC(
 
 // This is the return type of "CallRefIC" and "CallIndirectIC". The type is not
 // used anywhere else; Liftoff uses the two returned values directly.
-struct TargetAndRef {
+struct TargetAndImplicitArg {
   target: RawPtr;
-  ref: WasmTrustedInstanceData|WasmApiFunctionRef;
+  implicit_arg: WasmTrustedInstanceData|WasmImportData;
 }
 
 builtin CallRefIC(
     vector: FixedArray, vectorIndex: int32, signatureHash: uintptr,
-    funcref: WasmFuncRef): TargetAndRef {
+    funcref: WasmFuncRef): TargetAndImplicitArg {
   dcheck(Is<WasmFuncRef>(funcref));
   UpdateCallRefOrIndirectIC(vector, Convert<intptr>(vectorIndex), funcref);
 
@@ -710,17 +724,20 @@ builtin CallRefIC(
   @ifnot(V8_ENABLE_SANDBOX) {
     dcheck(signatureHash == 0);  // Avoids "unused variable" warning.
   }
-  return TargetAndRef{target: internal.call_target, ref: internal.ref};
+  return TargetAndImplicitArg{
+    target: internal.call_target,
+    implicit_arg: internal.implicit_arg
+  };
 }
 
 builtin CallIndirectIC(
     vector: FixedArray, vectorIndex: int32, target: RawPtr,
-    ref: WasmTrustedInstanceData|WasmApiFunctionRef): TargetAndRef {
+    implicitArg: WasmTrustedInstanceData|WasmImportData): TargetAndImplicitArg {
   const truncatedTarget = SmiTag(Signed(Unsigned(target) & kSmiMaxValue));
   UpdateCallRefOrIndirectIC(
       vector, Convert<intptr>(vectorIndex), truncatedTarget);
 
-  return TargetAndRef{target: target, ref: ref};
+  return TargetAndImplicitArg{target: target, implicit_arg: implicitArg};
 }
 
 extern macro TryHasOwnProperty(HeapObject, Map, InstanceType, Name): never
diff --git a/deps/v8/src/builtins/x64/builtins-x64.cc b/deps/v8/src/builtins/x64/builtins-x64.cc
index c2ffd5a4b89d86..b939da172d4467 100644
--- a/deps/v8/src/builtins/x64/builtins-x64.cc
+++ b/deps/v8/src/builtins/x64/builtins-x64.cc
@@ -678,43 +678,6 @@ static void AssertCodeIsBaseline(MacroAssembler* masm, Register code,
   return AssertCodeIsBaselineAllowClobber(masm, code, scratch);
 }
 
-// Equivalent of SharedFunctionInfo::GetData
-static void GetSharedFunctionInfoData(MacroAssembler* masm, Register data,
-                                      Register sfi, Register scratch) {
-#ifdef V8_ENABLE_SANDBOX
-  DCHECK(!AreAliased(data, scratch));
-  DCHECK(!AreAliased(sfi, scratch));
-  // Use trusted_function_data if non-empy, otherwise the regular function_data.
-  Label use_tagged_field, done;
-  __ movl(scratch,
-          FieldOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
-
-  __ testl(scratch, scratch);
-  __ j(zero, &use_tagged_field, Label::kNear);
-  __ ResolveIndirectPointerHandle(data, scratch, kUnknownIndirectPointerTag);
-  __ jmp(&done);
-
-  __ bind(&use_tagged_field);
-  __ LoadTaggedField(
-      data, FieldOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-
-  __ bind(&done);
-#else
-  __ LoadTaggedField(
-      data, FieldOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
-}
-
-#ifdef V8_ENABLE_WEBASSEMBLY
-// Equivalent of SharedFunctionInfo::wasm_resume_data()
-static void GetSharedFunctionInfoWasmResumeData(MacroAssembler* masm,
-                                                Register resume_data,
-                                                Register sfi) {
-  __ LoadTaggedField(
-      resume_data, FieldOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-}
-#endif  // V8_ENABLE_WEBASSEMBLY
-
 static void CheckSharedFunctionInfoBytecodeOrBaseline(MacroAssembler* masm,
                                                       Register data,
                                                       Register scratch,
@@ -752,19 +715,9 @@ static void GetSharedFunctionInfoBytecodeOrBaseline(
   Label done;
 
   Register data = bytecode;
-#ifdef V8_ENABLE_SANDBOX
-  // In this case, the bytecode array must be referenced via a trusted pointer.
-  // Loading it from the tagged function_data field would not be safe.
-  __ movl(scratch1,
-          FieldOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset));
-
-  __ testl(scratch1, scratch1);
-  __ j(zero, is_unavailable);
-  __ ResolveIndirectPointerHandle(data, scratch1, kUnknownIndirectPointerTag);
-#else
-  __ LoadTaggedField(
-      data, FieldOperand(sfi, SharedFunctionInfo::kFunctionDataOffset));
-#endif  // V8_ENABLE_SANDBOX
+  __ LoadTrustedPointerField(
+      data, FieldOperand(sfi, SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, scratch1);
 
   if (V8_JITLESS_BOOL) {
     __ IsObjectType(data, INTERPRETER_DATA_TYPE, scratch1);
@@ -1712,7 +1665,11 @@ static void Generate_InterpreterEnterBytecode(MacroAssembler* masm) {
   __ LoadTaggedField(shared_function_info,
                      FieldOperand(rbx, JSFunction::kSharedFunctionInfoOffset));
 
-  GetSharedFunctionInfoData(masm, rbx, shared_function_info, kScratchRegister);
+  __ LoadTrustedPointerField(
+      rbx,
+      FieldOperand(shared_function_info,
+                   SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, kScratchRegister);
   __ IsObjectType(rbx, INTERPRETER_DATA_TYPE, kScratchRegister);
   __ j(not_equal, &builtin_trampoline, Label::kNear);
   __ LoadProtectedPointerField(
@@ -2865,10 +2822,10 @@ void Builtins::Generate_Construct(MacroAssembler* masm) {
 namespace {
 
 void Generate_OSREntry(MacroAssembler* masm, Register entry_address) {
-  // Overwrite the return address on the stack and "return" to the OSR entry
+  // Drop the return address on the stack and jump to the OSR entry
   // point of the function.
-  __ movq(Operand(rsp, 0), entry_address);
-  __ ret(0);
+  __ Drop(1);
+  __ jmp(entry_address);
 }
 
 enum class OsrSourceTier {
@@ -3324,7 +3281,7 @@ void ReloadParentContinuation(MacroAssembler* masm, Register promise,
   SwitchStacks(masm, active_continuation, promise, return_value, context);
 }
 
-// Loads the context field of the WasmTrustedInstanceData or WasmApiFunctionRef
+// Loads the context field of the WasmTrustedInstanceData or WasmImportData
 // depending on the ref's type, and places the result in the input register.
 void GetContextFromRef(MacroAssembler* masm, Register ref) {
   __ LoadTaggedField(kScratchRegister,
@@ -3333,8 +3290,8 @@ void GetContextFromRef(MacroAssembler* masm, Register ref) {
   Label instance;
   Label end;
   __ j(equal, &instance);
-  __ LoadTaggedField(
-      ref, FieldOperand(ref, WasmApiFunctionRef::kNativeContextOffset));
+  __ LoadTaggedField(ref,
+                     FieldOperand(ref, WasmImportData::kNativeContextOffset));
   __ jmp(&end);
   __ bind(&instance);
   __ LoadTaggedField(
@@ -3861,7 +3818,9 @@ void Generate_WasmResumeHelper(MacroAssembler* masm, wasm::OnResume on_resume) {
           closure,
           wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
   Register resume_data = sfi;
-  GetSharedFunctionInfoWasmResumeData(masm, resume_data, sfi);
+  __ LoadTaggedField(
+      resume_data,
+      FieldOperand(sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset));
 
   // The write barrier uses a fixed register for the host object (rdi). The next
   // barrier is on the suspender, so load it in rdi directly.
@@ -4085,19 +4044,18 @@ void SwitchFromTheCentralStackIfNeeded(MacroAssembler* masm,
 }  // namespace
 
 void Builtins::Generate_WasmToOnHeapWasmToJsTrampoline(MacroAssembler* masm) {
-  // Load the code pointer from the WasmApiFunctionRef and tail-call there.
-  Register api_function_ref = wasm::kGpParamRegisters[0];
+  // Load the code pointer from the WasmImportData and tail-call there.
+  Register import_data = wasm::kGpParamRegisters[0];
 #ifdef V8_ENABLE_SANDBOX
   Register call_target = r11;  // Anything not in kGpParamRegisters.
   __ LoadCodeEntrypointViaCodePointer(
-      call_target,
-      FieldOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset),
+      call_target, FieldOperand(import_data, WasmImportData::kCodeOffset),
       kWasmEntrypointTag);
   __ jmp(call_target);
 #else
   Register code = r11;  // Anything not in kGpParamRegisters.
-  __ LoadTaggedField(
-      code, FieldOperand(api_function_ref, WasmApiFunctionRef::kCodeOffset));
+  __ LoadTaggedField(code,
+                     FieldOperand(import_data, WasmImportData::kCodeOffset));
   __ jmp(FieldOperand(code, Code::kInstructionStartOffset));
 #endif
 }
@@ -4612,7 +4570,7 @@ void Builtins::Generate_CallApiGetter(MacroAssembler* masm) {
   DCHECK(!AreAliased(api_function_address, property_callback_info_arg, name_arg,
                      callback, scratch));
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // name_arg = Local<Name>(name), name value was pushed to GC-ed stack space.
   //__ movq(name_arg, name);
   // |name_arg| is already initialized above.
@@ -4882,8 +4840,11 @@ void Generate_BaselineOrInterpreterEntry(MacroAssembler* masm,
     ResetSharedFunctionInfoAge(masm, shared_function_info);
   }
 
-  GetSharedFunctionInfoData(masm, code_obj, shared_function_info,
-                            kScratchRegister);
+  __ LoadTrustedPointerField(
+      code_obj,
+      FieldOperand(shared_function_info,
+                   SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, kScratchRegister);
 
   // Check if we have baseline code. For OSR entry it is safe to assume we
   // always have baseline code.
diff --git a/deps/v8/src/codegen/DEPS b/deps/v8/src/codegen/DEPS
index 09243b571febbc..00f90b4477f17a 100644
--- a/deps/v8/src/codegen/DEPS
+++ b/deps/v8/src/codegen/DEPS
@@ -11,9 +11,6 @@ specific_include_rules = {
     "+src/regexp/regexp-macro-assembler-arch.h",
   ],
   "turboshaft-builtins-assembler-inl.h": [
-    "+src/compiler/turboshaft/assembler.h",
-    "+src/compiler/turboshaft/machine-lowering-reducer-inl.h",
-    "+src/compiler/turboshaft/define-assembler-macros.inc",
-    "+src/compiler/turboshaft/undef-assembler-macros.inc",
+    "+src/compiler/turboshaft",
   ]
 }
diff --git a/deps/v8/src/codegen/arm/assembler-arm.cc b/deps/v8/src/codegen/arm/assembler-arm.cc
index 33289ffa1c4b31..4b0d8ebf704c8a 100644
--- a/deps/v8/src/codegen/arm/assembler-arm.cc
+++ b/deps/v8/src/codegen/arm/assembler-arm.cc
@@ -36,6 +36,8 @@
 
 #include "src/codegen/arm/assembler-arm.h"
 
+#include <optional>
+
 #if V8_TARGET_ARCH_ARM
 
 #include "src/base/bits.h"
@@ -81,12 +83,12 @@ static unsigned CpuFeaturesFromCommandLine() {
   // If any of the old (deprecated) flags are specified, print a warning, but
   // otherwise try to respect them for now.
   // TODO(jbramley): When all the old bots have been updated, remove this.
-  base::Optional<bool> maybe_enable_armv7 = v8_flags.enable_armv7;
-  base::Optional<bool> maybe_enable_vfp3 = v8_flags.enable_vfp3;
-  base::Optional<bool> maybe_enable_32dregs = v8_flags.enable_32dregs;
-  base::Optional<bool> maybe_enable_neon = v8_flags.enable_neon;
-  base::Optional<bool> maybe_enable_sudiv = v8_flags.enable_sudiv;
-  base::Optional<bool> maybe_enable_armv8 = v8_flags.enable_armv8;
+  std::optional<bool> maybe_enable_armv7 = v8_flags.enable_armv7;
+  std::optional<bool> maybe_enable_vfp3 = v8_flags.enable_vfp3;
+  std::optional<bool> maybe_enable_32dregs = v8_flags.enable_32dregs;
+  std::optional<bool> maybe_enable_neon = v8_flags.enable_neon;
+  std::optional<bool> maybe_enable_sudiv = v8_flags.enable_sudiv;
+  std::optional<bool> maybe_enable_armv8 = v8_flags.enable_armv8;
   if (maybe_enable_armv7.has_value() || maybe_enable_vfp3.has_value() ||
       maybe_enable_32dregs.has_value() || maybe_enable_neon.has_value() ||
       maybe_enable_sudiv.has_value() || maybe_enable_armv8.has_value()) {
diff --git a/deps/v8/src/codegen/arm/macro-assembler-arm.cc b/deps/v8/src/codegen/arm/macro-assembler-arm.cc
index 3886afc99c5459..c96598939cbb56 100644
--- a/deps/v8/src/codegen/arm/macro-assembler-arm.cc
+++ b/deps/v8/src/codegen/arm/macro-assembler-arm.cc
@@ -1825,19 +1825,26 @@ void MacroAssembler::CompareObjectType(Register object, Register map,
   CompareInstanceType(map, temp, type);
 }
 
+void MacroAssembler::CompareObjectTypeRange(Register object, Register map,
+                                            Register type_reg, Register scratch,
+                                            InstanceType lower_limit,
+                                            InstanceType upper_limit) {
+  ASM_CODE_COMMENT(this);
+  LoadMap(map, object);
+  CompareInstanceTypeRange(map, type_reg, scratch, lower_limit, upper_limit);
+}
+
 void MacroAssembler::CompareInstanceType(Register map, Register type_reg,
                                          InstanceType type) {
   ldrh(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
   cmp(type_reg, Operand(type));
 }
 
-void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
-                                  unsigned higher_limit) {
+void MacroAssembler::CompareRange(Register value, Register scratch,
+                                  unsigned lower_limit, unsigned higher_limit) {
   ASM_CODE_COMMENT(this);
   DCHECK_LT(lower_limit, higher_limit);
   if (lower_limit != 0) {
-    UseScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
     sub(scratch, value, Operand(lower_limit));
     cmp(scratch, Operand(higher_limit - lower_limit));
   } else {
@@ -1845,12 +1852,13 @@ void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
   }
 }
 void MacroAssembler::CompareInstanceTypeRange(Register map, Register type_reg,
+                                              Register scratch,
                                               InstanceType lower_limit,
                                               InstanceType higher_limit) {
   ASM_CODE_COMMENT(this);
   DCHECK_LT(lower_limit, higher_limit);
   ldrh(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
-  CompareRange(type_reg, lower_limit, higher_limit);
+  CompareRange(type_reg, scratch, lower_limit, higher_limit);
 }
 
 void MacroAssembler::CompareTaggedRoot(Register obj, RootIndex index) {
@@ -1865,11 +1873,12 @@ void MacroAssembler::CompareRoot(Register obj, RootIndex index) {
   cmp(obj, scratch);
 }
 
-void MacroAssembler::JumpIfIsInRange(Register value, unsigned lower_limit,
+void MacroAssembler::JumpIfIsInRange(Register value, Register scratch,
+                                     unsigned lower_limit,
                                      unsigned higher_limit,
                                      Label* on_in_range) {
   ASM_CODE_COMMENT(this);
-  CompareRange(value, lower_limit, higher_limit);
+  CompareRange(value, scratch, lower_limit, higher_limit);
   b(ls, on_in_range);
 }
 
@@ -2219,7 +2228,7 @@ void MacroAssembler::AssertFunction(Register object) {
   Check(ne, AbortReason::kOperandIsASmiAndNotAFunction);
   push(object);
   LoadMap(object, object);
-  CompareInstanceTypeRange(object, object, FIRST_JS_FUNCTION_TYPE,
+  CompareInstanceTypeRange(object, object, object, FIRST_JS_FUNCTION_TYPE,
                            LAST_JS_FUNCTION_TYPE);
   pop(object);
   Check(ls, AbortReason::kOperandIsNotAFunction);
@@ -2233,7 +2242,8 @@ void MacroAssembler::AssertCallableFunction(Register object) {
   Check(ne, AbortReason::kOperandIsASmiAndNotAFunction);
   push(object);
   LoadMap(object, object);
-  CompareInstanceTypeRange(object, object, FIRST_CALLABLE_JS_FUNCTION_TYPE,
+  CompareInstanceTypeRange(object, object, object,
+                           FIRST_CALLABLE_JS_FUNCTION_TYPE,
                            LAST_CALLABLE_JS_FUNCTION_TYPE);
   pop(object);
   Check(ls, AbortReason::kOperandIsNotACallableFunction);
@@ -2263,8 +2273,9 @@ void MacroAssembler::AssertGeneratorObject(Register object) {
   LoadMap(map, object);
 
   // Check if JSGeneratorObject
-  Register instance_type = object;
-  CompareInstanceTypeRange(map, instance_type, FIRST_JS_GENERATOR_OBJECT_TYPE,
+  Register scratch = object;
+  CompareInstanceTypeRange(map, scratch, scratch,
+                           FIRST_JS_GENERATOR_OBJECT_TYPE,
                            LAST_JS_GENERATOR_OBJECT_TYPE);
   // Restore generator object to register and perform assertion
   pop(object);
diff --git a/deps/v8/src/codegen/arm/macro-assembler-arm.h b/deps/v8/src/codegen/arm/macro-assembler-arm.h
index 1b3fde8fb934cd..4ec18b6259fa59 100644
--- a/deps/v8/src/codegen/arm/macro-assembler-arm.h
+++ b/deps/v8/src/codegen/arm/macro-assembler-arm.h
@@ -9,6 +9,8 @@
 #ifndef V8_CODEGEN_ARM_MACRO_ASSEMBLER_ARM_H_
 #define V8_CODEGEN_ARM_MACRO_ASSEMBLER_ARM_H_
 
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/codegen/arm/assembler-arm.h"
 #include "src/codegen/bailout-reason.h"
@@ -824,6 +826,14 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   // Type_reg can be no_reg. In that case a scratch register is used.
   void CompareObjectType(Register heap_object, Register map, Register type_reg,
                          InstanceType type);
+  // Variant of the above, which compares against a type range rather than a
+  // single type (lower_limit and higher_limit are inclusive).
+  //
+  // Always use unsigned comparisons: ls for a positive result.
+  void CompareObjectTypeRange(Register heap_object, Register map,
+                              Register type_reg, Register scratch,
+                              InstanceType lower_limit,
+                              InstanceType higher_limit);
 
   // Compare instance type in a map.  map contains a valid map object whose
   // object type should be compared with the given type.  This both
@@ -835,7 +845,7 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   //
   // Always use unsigned comparisons: ls for a positive result.
   void CompareInstanceTypeRange(Register map, Register type_reg,
-                                InstanceType lower_limit,
+                                Register scratch, InstanceType lower_limit,
                                 InstanceType higher_limit);
 
   // Compare the object in a register to a value from the root list.
@@ -864,9 +874,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   // Checks if value is in range [lower_limit, higher_limit] using a single
   // comparison. Flags C=0 or Z=1 indicate the value is in the range (condition
   // ls).
-  void CompareRange(Register value, unsigned lower_limit,
+  void CompareRange(Register value, Register scratch, unsigned lower_limit,
                     unsigned higher_limit);
-  void JumpIfIsInRange(Register value, unsigned lower_limit,
+  void JumpIfIsInRange(Register value, Register scratch, unsigned lower_limit,
                        unsigned higher_limit, Label* on_in_range);
 
   // It assumes that the arguments are located below the stack pointer.
@@ -1046,7 +1056,7 @@ struct MoveCycleState {
   // {MoveToTempLocation}. The GP scratch register is implicitly reserved.
   VfpRegList scratch_v_reglist = 0;
   // Available scratch registers during the move cycle resolution scope.
-  base::Optional<UseScratchRegisterScope> temps;
+  std::optional<UseScratchRegisterScope> temps;
   // InstructionStream of the scratch register picked by {MoveToTempLocation}.
   int scratch_reg_code = -1;
 };
diff --git a/deps/v8/src/codegen/arm64/assembler-arm64.cc b/deps/v8/src/codegen/arm64/assembler-arm64.cc
index e7ade2acbc724b..63fbed1bf7f307 100644
--- a/deps/v8/src/codegen/arm64/assembler-arm64.cc
+++ b/deps/v8/src/codegen/arm64/assembler-arm64.cc
@@ -130,6 +130,9 @@ void CpuFeatures::ProbeImpl(bool cross_compile) {
   if (cpu.has_pmull1q()) {
     runtime |= 1u << PMULL1Q;
   }
+  if (cpu.has_fp16()) {
+    runtime |= 1u << FP16;
+  }
 
   // Use the best of the features found by CPU detection and those inferred from
   // the build system.
diff --git a/deps/v8/src/codegen/arm64/assembler-arm64.h b/deps/v8/src/codegen/arm64/assembler-arm64.h
index 09c387d92d6893..af9e7d272fba72 100644
--- a/deps/v8/src/codegen/arm64/assembler-arm64.h
+++ b/deps/v8/src/codegen/arm64/assembler-arm64.h
@@ -8,10 +8,10 @@
 #include <deque>
 #include <map>
 #include <memory>
+#include <optional>
 
 #include "absl/container/btree_map.h"
 #include "absl/container/flat_hash_map.h"
-#include "src/base/optional.h"
 #include "src/codegen/arm64/constants-arm64.h"
 #include "src/codegen/arm64/instructions-arm64.h"
 #include "src/codegen/arm64/register-arm64.h"
@@ -121,7 +121,7 @@ class Operand {
   bool NeedsRelocation(const Assembler* assembler) const;
 
  private:
-  base::Optional<HeapNumberRequest> heap_number_request_;
+  std::optional<HeapNumberRequest> heap_number_request_;
   Immediate immediate_;
   Register reg_;
   Shift shift_;
diff --git a/deps/v8/src/codegen/arm64/macro-assembler-arm64.cc b/deps/v8/src/codegen/arm64/macro-assembler-arm64.cc
index 55e2d3bad6e862..ac907173a5ee13 100644
--- a/deps/v8/src/codegen/arm64/macro-assembler-arm64.cc
+++ b/deps/v8/src/codegen/arm64/macro-assembler-arm64.cc
@@ -4,6 +4,8 @@
 
 #if V8_TARGET_ARCH_ARM64
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
 #include "src/builtins/builtins-inl.h"
@@ -3190,7 +3192,7 @@ void MacroAssembler::JumpIfJSAnyIsNotPrimitive(Register heap_object,
 #if V8_STATIC_ROOTS_BOOL
 void MacroAssembler::CompareInstanceTypeWithUniqueCompressedMap(
     Register map, Register scratch, InstanceType type) {
-  base::Optional<RootIndex> expected =
+  std::optional<RootIndex> expected =
       InstanceTypeChecker::UniqueMapOfInstanceType(type);
   CHECK(expected);
   Tagged_t expected_ptr = ReadOnlyRootPtr(*expected);
@@ -3239,6 +3241,23 @@ void MacroAssembler::IsObjectType(Register object, Register scratch1,
   CompareObjectType(object, scratch1, scratch2, type);
 }
 
+// Sets equality condition flags.
+void MacroAssembler::IsObjectTypeInRange(Register heap_object, Register scratch,
+                                         InstanceType lower_limit,
+                                         InstanceType higher_limit) {
+  DCHECK_LT(lower_limit, higher_limit);
+#if V8_STATIC_ROOTS_BOOL
+  if (auto range = InstanceTypeChecker::UniqueMapRangeOfInstanceTypeRange(
+          lower_limit, higher_limit)) {
+    LoadCompressedMap(scratch.W(), heap_object);
+    CompareRange(scratch.W(), scratch.W(), range->first, range->second);
+    return;
+  }
+#endif  // V8_STATIC_ROOTS_BOOL
+  LoadMap(scratch, heap_object);
+  CompareInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
+}
+
 // Sets condition flags based on comparison, and returns type in type_reg.
 void MacroAssembler::CompareObjectType(Register object, Register map,
                                        Register type_reg, InstanceType type) {
@@ -3247,6 +3266,26 @@ void MacroAssembler::CompareObjectType(Register object, Register map,
   CompareInstanceType(map, type_reg, type);
 }
 
+void MacroAssembler::CompareRange(Register value, Register scratch,
+                                  unsigned lower_limit, unsigned higher_limit) {
+  ASM_CODE_COMMENT(this);
+  DCHECK_LT(lower_limit, higher_limit);
+  if (lower_limit != 0) {
+    Sub(scratch.W(), value.W(), Operand(lower_limit));
+    Cmp(scratch.W(), Operand(higher_limit - lower_limit));
+  } else {
+    Cmp(value.W(), Immediate(higher_limit));
+  }
+}
+
+void MacroAssembler::JumpIfIsInRange(Register value, Register scratch,
+                                     unsigned lower_limit,
+                                     unsigned higher_limit,
+                                     Label* on_in_range) {
+  CompareRange(value, scratch, lower_limit, higher_limit);
+  B(ls, on_in_range);
+}
+
 void MacroAssembler::LoadCompressedMap(Register dst, Register object) {
   ASM_CODE_COMMENT(this);
   Ldr(dst.W(), FieldMemOperand(object, HeapObject::kMapOffset));
@@ -3296,8 +3335,7 @@ void MacroAssembler::CompareInstanceTypeRange(Register map, Register type_reg,
   UseScratchRegisterScope temps(this);
   Register scratch = temps.AcquireX();
   Ldrh(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
-  Sub(scratch, type_reg, Operand(lower_limit));
-  Cmp(scratch, Operand(higher_limit - lower_limit));
+  CompareRange(type_reg, scratch, lower_limit, higher_limit);
 }
 
 void MacroAssembler::LoadElementsKindFromMap(Register result, Register map) {
diff --git a/deps/v8/src/codegen/arm64/macro-assembler-arm64.h b/deps/v8/src/codegen/arm64/macro-assembler-arm64.h
index 64908b1fae6576..38bcdf9b138f04 100644
--- a/deps/v8/src/codegen/arm64/macro-assembler-arm64.h
+++ b/deps/v8/src/codegen/arm64/macro-assembler-arm64.h
@@ -9,6 +9,8 @@
 #ifndef V8_CODEGEN_ARM64_MACRO_ASSEMBLER_ARM64_H_
 #define V8_CODEGEN_ARM64_MACRO_ASSEMBLER_ARM64_H_
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/codegen/arm64/assembler-arm64.h"
 #include "src/codegen/bailout-reason.h"
@@ -766,6 +768,13 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   inline void Fcsel(const VRegister& fd, const VRegister& fn,
                     const VRegister& fm, Condition cond);
 
+  // Checks if value is in range [lower_limit, higher_limit] using a single
+  // comparison. Condition `ls` indicates the value is in the range.
+  void CompareRange(Register value, Register scratch, unsigned lower_limit,
+                    unsigned higher_limit);
+  void JumpIfIsInRange(Register value, Register scratch, unsigned lower_limit,
+                       unsigned higher_limit, Label* on_in_range);
+
   // Emits a runtime assert that the stack pointer is aligned.
   void AssertSpAligned() NOOP_UNLESS_DEBUG_CODE;
 
@@ -2094,6 +2103,12 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   // Neither map, nor type_reg might be set to any particular value.
   void IsObjectType(Register heap_object, Register scratch1, Register scratch2,
                     InstanceType type);
+  // Variant of the above, which compares against a type range rather than a
+  // single type (lower_limit and higher_limit are inclusive).
+  //
+  // Always use unsigned comparisons: ls for a positive result.
+  void IsObjectTypeInRange(Register heap_object, Register scratch,
+                           InstanceType lower_limit, InstanceType higher_limit);
 #if V8_STATIC_ROOTS_BOOL
   // Fast variant which is guaranteed to not actually load the instance type
   // from the map.
@@ -2522,9 +2537,9 @@ struct MoveCycleState {
   RegList scratch_regs;
   DoubleRegList scratch_fp_regs;
   // Available scratch registers during the move cycle resolution scope.
-  base::Optional<UseScratchRegisterScope> temps;
+  std::optional<UseScratchRegisterScope> temps;
   // Scratch register picked by {MoveToTempLocation}.
-  base::Optional<CPURegister> scratch_reg;
+  std::optional<CPURegister> scratch_reg;
 };
 
 // Provides access to exit frame parameters (GC-ed).
diff --git a/deps/v8/src/codegen/background-merge-task.h b/deps/v8/src/codegen/background-merge-task.h
index 97e034d61e0c04..5293220150fa15 100644
--- a/deps/v8/src/codegen/background-merge-task.h
+++ b/deps/v8/src/codegen/background-merge-task.h
@@ -56,6 +56,8 @@ class V8_EXPORT_PRIVATE BackgroundMergeTask {
     return state_ == kPendingForegroundWork;
   }
 
+  static void ForceGCDuringNextMergeForTesting();
+
  private:
   std::unique_ptr<PersistentHandles> persistent_handles_;
 
@@ -73,7 +75,7 @@ class V8_EXPORT_PRIVATE BackgroundMergeTask {
   // SharedFunctionInfo in the cached script. The main thread must:
   // 1. Check whether the cached script gained corresponding SharedFunctionInfos
   //    for any of these, and if so, redo the merge.
-  // 2. Update the cached script's shared_function_infos list to refer to these.
+  // 2. Update the cached script's infos list to refer to these.
   std::vector<Handle<SharedFunctionInfo>> used_new_sfis_;
 
   // SharedFunctionInfos from the cached script which were not compiled, with
diff --git a/deps/v8/src/codegen/code-stub-assembler.cc b/deps/v8/src/codegen/code-stub-assembler.cc
index 3dba65a85e07b0..917547e43918c4 100644
--- a/deps/v8/src/codegen/code-stub-assembler.cc
+++ b/deps/v8/src/codegen/code-stub-assembler.cc
@@ -7,6 +7,7 @@
 #include <stdio.h>
 
 #include <functional>
+#include <optional>
 
 #include "include/v8-internal.h"
 #include "src/base/macros.h"
@@ -155,7 +156,7 @@ void CodeStubAssembler::Check(const NodeGenerator<BoolT>& condition_body,
                               const char* message, const char* file, int line,
                               std::initializer_list<ExtraNode> extra_nodes,
                               const SourceLocation& loc) {
-  BranchGenerator branch = [=](Label* ok, Label* not_ok) {
+  BranchGenerator branch = [=, this](Label* ok, Label* not_ok) {
     TNode<BoolT> condition = condition_body();
     Branch(condition, ok, not_ok);
   };
@@ -167,7 +168,7 @@ void CodeStubAssembler::Check(TNode<Word32T> condition_node,
                               const char* message, const char* file, int line,
                               std::initializer_list<ExtraNode> extra_nodes,
                               const SourceLocation& loc) {
-  BranchGenerator branch = [=](Label* ok, Label* not_ok) {
+  BranchGenerator branch = [=, this](Label* ok, Label* not_ok) {
     Branch(condition_node, ok, not_ok);
   };
 
@@ -360,12 +361,14 @@ TNode<BoolT> CodeStubAssembler::WordIsPowerOfTwo(TNode<IntPtrT> value) {
     return BoolConstant(base::bits::IsPowerOfTwo(constant));
   }
   // value && !(value & (value - 1))
-  return IntPtrEqual(
-      Select<IntPtrT>(
-          IntPtrEqual(value, IntPtrConstant(0)),
-          [=] { return IntPtrConstant(1); },
-          [=] { return WordAnd(value, IntPtrSub(value, IntPtrConstant(1))); }),
-      IntPtrConstant(0));
+  return IntPtrEqual(Select<IntPtrT>(
+                         IntPtrEqual(value, IntPtrConstant(0)),
+                         [=, this] { return IntPtrConstant(1); },
+                         [=, this] {
+                           return WordAnd(value,
+                                          IntPtrSub(value, IntPtrConstant(1)));
+                         }),
+                     IntPtrConstant(0));
 }
 
 TNode<BoolT> CodeStubAssembler::Float64AlmostEqual(TNode<Float64T> x,
@@ -1642,6 +1645,8 @@ void CodeStubAssembler::BranchIfToBooleanIsTrue(TNode<Object> value,
   // Undefined is the first root, so it's the smallest possible pointer
   // value, which means we don't have to subtract it for the range check.
   ReadOnlyRoots roots(isolate());
+  static_assert(StaticReadOnlyRoot::kFirstAllocatedRoot ==
+                StaticReadOnlyRoot::kUndefinedValue);
   static_assert(StaticReadOnlyRoot::kUndefinedValue + sizeof(Undefined) ==
                 StaticReadOnlyRoot::kNullValue);
   static_assert(StaticReadOnlyRoot::kNullValue + sizeof(Null) ==
@@ -1892,8 +1897,8 @@ TNode<TrustedObject> CodeStubAssembler::ResolveIndirectPointerHandle(
     // pointer table to use.
     return Select<TrustedObject>(
         IsTrustedPointerHandle(handle),
-        [=] { return ResolveTrustedPointerHandle(handle, tag); },
-        [=] { return ResolveCodePointerHandle(handle); });
+        [=, this] { return ResolveTrustedPointerHandle(handle, tag); },
+        [=, this] { return ResolveCodePointerHandle(handle); });
   } else if (tag == kCodeIndirectPointerTag) {
     return ResolveCodePointerHandle(handle);
   } else {
@@ -1901,6 +1906,24 @@ TNode<TrustedObject> CodeStubAssembler::ResolveIndirectPointerHandle(
   }
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+TNode<Code> CodeStubAssembler::ResolveJSDispatchHandle(
+    TNode<JSDispatchHandleT> handle) {
+  TNode<RawPtrT> table =
+      ExternalConstant(ExternalReference::js_dispatch_table_address());
+  TNode<UintPtrT> offset = ComputeJSDispatchTableEntryOffset(handle);
+  offset = UintPtrAdd(offset,
+                      UintPtrConstant(JSDispatchTable::kEntryCodeObjectOffset));
+  TNode<UintPtrT> value = Load<UintPtrT>(table, offset);
+  // The LSB is used as marking bit by the js dispatch table, so here we have
+  // to set it using a bitwise OR as it may or may not be set.
+  value = UncheckedCast<UintPtrT>(WordOr(
+      WordShr(value, UintPtrConstant(JSDispatchEntry::kObjectPointerShift)),
+      UintPtrConstant(kHeapObjectTag)));
+  return CAST(BitcastWordToTagged(value));
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 TNode<Code> CodeStubAssembler::ResolveCodePointerHandle(
     TNode<IndirectPointerHandleT> handle) {
   TNode<RawPtrT> table =
@@ -1913,7 +1936,7 @@ TNode<Code> CodeStubAssembler::ResolveCodePointerHandle(
   // to set it using a bitwise OR as it may or may not be set.
   value =
       UncheckedCast<UintPtrT>(WordOr(value, UintPtrConstant(kHeapObjectTag)));
-  return UncheckedCast<Code>(BitcastWordToTagged(value));
+  return CAST(BitcastWordToTagged(value));
 }
 
 TNode<TrustedObject> CodeStubAssembler::ResolveTrustedPointerHandle(
@@ -1921,28 +1944,40 @@ TNode<TrustedObject> CodeStubAssembler::ResolveTrustedPointerHandle(
   TNode<RawPtrT> table = ExternalConstant(
       ExternalReference::trusted_pointer_table_base_address(isolate()));
   TNode<Uint32T> index =
-      Word32Shr(handle, UniqueUint32Constant(kTrustedPointerHandleShift));
+      Word32Shr(handle, Uint32Constant(kTrustedPointerHandleShift));
   // We're using a 32-bit shift here to reduce code size, but for that we need
   // to be sure that the offset will always fit into a 32-bit integer.
   static_assert(kTrustedPointerTableReservationSize <= 4ULL * GB);
-  TNode<UintPtrT> offset = ChangeUint32ToWord(Word32Shl(
-      index, UniqueUint32Constant(kTrustedPointerTableEntrySizeLog2)));
+  TNode<UintPtrT> offset = ChangeUint32ToWord(
+      Word32Shl(index, Uint32Constant(kTrustedPointerTableEntrySizeLog2)));
   TNode<UintPtrT> value = Load<UintPtrT>(table, offset);
   // Untag the pointer and remove the marking bit in one operation.
   value = UncheckedCast<UintPtrT>(
       WordAnd(value, UintPtrConstant(~(tag | kTrustedPointerTableMarkBit))));
-  return UncheckedCast<TrustedObject>(BitcastWordToTagged(value));
+  return CAST(BitcastWordToTagged(value));
+}
+
+TNode<UintPtrT> CodeStubAssembler::ComputeJSDispatchTableEntryOffset(
+    TNode<JSDispatchHandleT> handle) {
+  TNode<Uint32T> index =
+      Word32Shr(handle, Uint32Constant(kJSDispatchHandleShift));
+  // We're using a 32-bit shift here to reduce code size, but for that we need
+  // to be sure that the offset will always fit into a 32-bit integer.
+  static_assert(kJSDispatchTableReservationSize <= 4ULL * GB);
+  TNode<UintPtrT> offset = ChangeUint32ToWord(
+      Word32Shl(index, Uint32Constant(kJSDispatchTableEntrySizeLog2)));
+  return offset;
 }
 
 TNode<UintPtrT> CodeStubAssembler::ComputeCodePointerTableEntryOffset(
     TNode<IndirectPointerHandleT> handle) {
   TNode<Uint32T> index =
-      Word32Shr(handle, UniqueUint32Constant(kCodePointerHandleShift));
+      Word32Shr(handle, Uint32Constant(kCodePointerHandleShift));
   // We're using a 32-bit shift here to reduce code size, but for that we need
   // to be sure that the offset will always fit into a 32-bit integer.
   static_assert(kCodePointerTableReservationSize <= 4ULL * GB);
   TNode<UintPtrT> offset = ChangeUint32ToWord(
-      Word32Shl(index, UniqueUint32Constant(kCodePointerTableEntrySizeLog2)));
+      Word32Shl(index, Uint32Constant(kCodePointerTableEntrySizeLog2)));
   return offset;
 }
 
@@ -1951,6 +1986,11 @@ TNode<RawPtrT> CodeStubAssembler::LoadCodeEntrypointViaCodePointerField(
     CodeEntrypointTag tag) {
   TNode<IndirectPointerHandleT> handle =
       LoadObjectField<IndirectPointerHandleT>(object, field_offset);
+  return LoadCodeEntryFromIndirectPointerHandle(handle, tag);
+}
+
+TNode<RawPtrT> CodeStubAssembler::LoadCodeEntryFromIndirectPointerHandle(
+    TNode<IndirectPointerHandleT> handle, CodeEntrypointTag tag) {
   TNode<RawPtrT> table =
       ExternalConstant(ExternalReference::code_pointer_table_address());
   TNode<UintPtrT> offset = ComputeCodePointerTableEntryOffset(handle);
@@ -1960,8 +2000,8 @@ TNode<RawPtrT> CodeStubAssembler::LoadCodeEntrypointViaCodePointerField(
   }
   return UncheckedCast<RawPtrT>(UncheckedCast<WordT>(entry));
 }
-#endif  // V8_ENABLE_SANDBOX
 
+#endif  // V8_ENABLE_SANDBOX
 
 TNode<Object> CodeStubAssembler::LoadFromParentFrame(int offset) {
   TNode<RawPtrT> frame_pointer = LoadParentFramePointer();
@@ -2033,7 +2073,7 @@ TNode<Uint16T> CodeStubAssembler::LoadInstanceType(TNode<HeapObject> object) {
 TNode<BoolT> CodeStubAssembler::HasInstanceType(TNode<HeapObject> object,
                                                 InstanceType instance_type) {
   if (V8_STATIC_ROOTS_BOOL) {
-    if (base::Optional<RootIndex> expected_map =
+    if (std::optional<RootIndex> expected_map =
             InstanceTypeChecker::UniqueMapOfInstanceType(instance_type)) {
       TNode<Map> map = LoadMap(object);
       return TaggedEqual(map, LoadRoot(*expected_map));
@@ -2045,7 +2085,7 @@ TNode<BoolT> CodeStubAssembler::HasInstanceType(TNode<HeapObject> object,
 TNode<BoolT> CodeStubAssembler::DoesntHaveInstanceType(
     TNode<HeapObject> object, InstanceType instance_type) {
   if (V8_STATIC_ROOTS_BOOL) {
-    if (base::Optional<RootIndex> expected_map =
+    if (std::optional<RootIndex> expected_map =
             InstanceTypeChecker::UniqueMapOfInstanceType(instance_type)) {
       TNode<Map> map = LoadMap(object);
       return TaggedNotEqual(map, LoadRoot(*expected_map));
@@ -2060,7 +2100,7 @@ TNode<BoolT> CodeStubAssembler::TaggedDoesntHaveInstanceType(
   TNode<BoolT> tagged_is_smi = TaggedIsSmi(any_tagged);
   return Select<BoolT>(
       tagged_is_smi, [=]() { return tagged_is_smi; },
-      [=]() { return DoesntHaveInstanceType(any_tagged, type); });
+      [=, this]() { return DoesntHaveInstanceType(any_tagged, type); });
 }
 
 TNode<BoolT> CodeStubAssembler::IsSpecialReceiverMap(TNode<Map> map) {
@@ -2099,8 +2139,9 @@ TNode<HeapObject> CodeStubAssembler::LoadFastProperties(
   } else {
     // TODO(ishell): use empty_property_array instead of empty_fixed_array here.
     return Select<HeapObject>(
-        TaggedIsSmi(properties), [=] { return EmptyFixedArrayConstant(); },
-        [=] { return CAST(properties); });
+        TaggedIsSmi(properties),
+        [=, this] { return EmptyFixedArrayConstant(); },
+        [=, this] { return CAST(properties); });
   }
 }
 
@@ -2108,14 +2149,14 @@ TNode<HeapObject> CodeStubAssembler::LoadSlowProperties(
     TNode<JSReceiver> object) {
   CSA_SLOW_DCHECK(this, IsDictionaryMap(LoadMap(object)));
   TNode<Object> properties = LoadJSReceiverPropertiesOrHash(object);
-  NodeGenerator<HeapObject> make_empty = [=]() -> TNode<HeapObject> {
+  NodeGenerator<HeapObject> make_empty = [=, this]() -> TNode<HeapObject> {
     if constexpr (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
       return EmptySwissPropertyDictionaryConstant();
     } else {
       return EmptyPropertyDictionaryConstant();
     }
   };
-  NodeGenerator<HeapObject> cast_properties = [=] {
+  NodeGenerator<HeapObject> cast_properties = [=, this] {
     TNode<HeapObject> dict = CAST(properties);
     CSA_DCHECK(this,
                Word32Or(IsPropertyDictionary(dict), IsGlobalDictionary(dict)));
@@ -2267,7 +2308,7 @@ TNode<IntPtrT> CodeStubAssembler::MapUsedInstanceSizeInWords(TNode<Map> map) {
       UintPtrGreaterThanOrEqual(used_or_unused,
                                 IntPtrConstant(JSObject::kFieldsAdded)),
       [=] { return used_or_unused; },
-      [=] { return LoadMapInstanceSizeInWords(map); });
+      [=, this] { return LoadMapInstanceSizeInWords(map); });
 }
 
 TNode<IntPtrT> CodeStubAssembler::MapUsedInObjectProperties(TNode<Map> map) {
@@ -2315,7 +2356,7 @@ TNode<Object> CodeStubAssembler::LoadMapBackPointer(TNode<Map> map) {
       map, Map::kConstructorOrBackPointerOrNativeContextOffset));
   return Select<Object>(
       IsMap(object), [=] { return object; },
-      [=] { return UndefinedConstant(); });
+      [=, this] { return UndefinedConstant(); });
 }
 
 TNode<Uint32T> CodeStubAssembler::EnsureOnlyHasSimpleProperties(
@@ -3451,11 +3492,9 @@ TNode<Code> CodeStubAssembler::LoadJSFunctionCode(TNode<JSFunction> function) {
   return LoadCodePointerFromObject(function, JSFunction::kCodeOffset);
 }
 
-TNode<Object> CodeStubAssembler::LoadSharedFunctionInfoData(
+TNode<Object> CodeStubAssembler::LoadSharedFunctionInfoTrustedData(
     TNode<SharedFunctionInfo> sfi) {
 #ifdef V8_ENABLE_SANDBOX
-  // Return the trusted_function_data part if it is non-empty, otherwise the
-  // regular function_data.
   TNode<IndirectPointerHandleT> trusted_data_handle =
       LoadObjectField<IndirectPointerHandleT>(
           sfi, SharedFunctionInfo::kTrustedFunctionDataOffset);
@@ -3463,42 +3502,40 @@ TNode<Object> CodeStubAssembler::LoadSharedFunctionInfoData(
   return Select<Object>(
       Word32Equal(trusted_data_handle,
                   Int32Constant(kNullIndirectPointerHandle)),
-      [=] {
-        return LoadObjectField<Object>(sfi,
-                                       SharedFunctionInfo::kFunctionDataOffset);
-      },
-      [=] {
+      [=, this] { return SmiConstant(0); },
+      [=, this] {
         return ResolveIndirectPointerHandle(trusted_data_handle,
                                             kUnknownIndirectPointerTag);
       });
 #else
-  return LoadObjectField<Object>(sfi, SharedFunctionInfo::kFunctionDataOffset);
+  return LoadObjectField<Object>(
+      sfi, SharedFunctionInfo::kTrustedFunctionDataOffset);
 #endif
 }
 
+TNode<Object> CodeStubAssembler::LoadSharedFunctionInfoUntrustedData(
+    TNode<SharedFunctionInfo> sfi) {
+  return LoadObjectField<Object>(
+      sfi, SharedFunctionInfo::kUntrustedFunctionDataOffset);
+}
+
 TNode<BoolT> CodeStubAssembler::SharedFunctionInfoHasBaselineCode(
     TNode<SharedFunctionInfo> sfi) {
-  TNode<Object> data = LoadSharedFunctionInfoData(sfi);
+  TNode<Object> data = LoadSharedFunctionInfoTrustedData(sfi);
   return TaggedIsCode(data);
 }
 
 TNode<Smi> CodeStubAssembler::LoadSharedFunctionInfoBuiltinId(
     TNode<SharedFunctionInfo> sfi) {
-  return LoadObjectField<Smi>(sfi, SharedFunctionInfo::kFunctionDataOffset);
+  return LoadObjectField<Smi>(sfi,
+                              SharedFunctionInfo::kUntrustedFunctionDataOffset);
 }
 
 TNode<BytecodeArray> CodeStubAssembler::LoadSharedFunctionInfoBytecodeArray(
     TNode<SharedFunctionInfo> sfi) {
-#ifdef V8_ENABLE_SANDBOX
-  // In this case, the bytecode array must be referenced via a trusted pointer.
-  // Loading it from the tagged function_data field would not be safe.
   TNode<HeapObject> function_data = LoadTrustedPointerFromObject(
       sfi, SharedFunctionInfo::kTrustedFunctionDataOffset,
       kUnknownIndirectPointerTag);
-#else
-  TNode<HeapObject> function_data =
-      LoadObjectField<HeapObject>(sfi, SharedFunctionInfo::kFunctionDataOffset);
-#endif  // V8_ENABLE_SANDBOX
 
   TVARIABLE(HeapObject, var_result, function_data);
 
@@ -3537,6 +3574,42 @@ TNode<BytecodeArray> CodeStubAssembler::LoadSharedFunctionInfoBytecodeArray(
   return CAST(var_result.value());
 }
 
+#ifdef V8_ENABLE_WEBASSEMBLY
+TNode<WasmFunctionData>
+CodeStubAssembler::LoadSharedFunctionInfoWasmFunctionData(
+    TNode<SharedFunctionInfo> sfi) {
+  return CAST(LoadTrustedPointerFromObject(
+      sfi, SharedFunctionInfo::kTrustedFunctionDataOffset,
+      kWasmFunctionDataIndirectPointerTag));
+}
+
+TNode<WasmExportedFunctionData>
+CodeStubAssembler::LoadSharedFunctionInfoWasmExportedFunctionData(
+    TNode<SharedFunctionInfo> sfi) {
+  TNode<WasmFunctionData> function_data =
+      LoadSharedFunctionInfoWasmFunctionData(sfi);
+  // TODO(saelo): it would be nice if we could use LoadTrustedPointerFromObject
+  // with a kWasmExportedFunctionDataIndirectPointerTag to avoid the SBXCHECK,
+  // but for that our tagging scheme first needs to support type hierarchies.
+  CSA_SBXCHECK(
+      this, HasInstanceType(function_data, WASM_EXPORTED_FUNCTION_DATA_TYPE));
+  return CAST(function_data);
+}
+
+TNode<WasmJSFunctionData>
+CodeStubAssembler::LoadSharedFunctionInfoWasmJSFunctionData(
+    TNode<SharedFunctionInfo> sfi) {
+  TNode<WasmFunctionData> function_data =
+      LoadSharedFunctionInfoWasmFunctionData(sfi);
+  // TODO(saelo): it would be nice if we could use LoadTrustedPointerFromObject
+  // with a kWasmJSFunctionDataIndirectPointerTag to avoid the SBXCHECK, but
+  // for that our tagging scheme first needs to support type hierarchies.
+  CSA_SBXCHECK(this,
+               HasInstanceType(function_data, WASM_JS_FUNCTION_DATA_TYPE));
+  return CAST(function_data);
+}
+#endif  // V8_ENABLE_WEBASSEMBLY
+
 TNode<Int32T> CodeStubAssembler::LoadBytecodeArrayParameterCount(
     TNode<BytecodeArray> bytecode_array) {
   return LoadObjectField<Uint16T>(bytecode_array,
@@ -3624,6 +3697,16 @@ void CodeStubAssembler::StoreTrustedPointerFieldNoWriteBarrier(
 #endif  // V8_ENABLE_SANDBOX
 }
 
+void CodeStubAssembler::ClearTrustedPointerField(TNode<HeapObject> object,
+                                                 int offset) {
+#ifdef V8_ENABLE_SANDBOX
+  StoreObjectFieldNoWriteBarrier(object, offset,
+                                 Uint32Constant(kNullTrustedPointerHandle));
+#else
+  StoreObjectFieldNoWriteBarrier(object, offset, SmiConstant(0));
+#endif
+}
+
 void CodeStubAssembler::UnsafeStoreObjectFieldNoWriteBarrier(
     TNode<HeapObject> object, int offset, TNode<Object> value) {
   DCHECK_NE(HeapObject::kMapOffset, offset);  // Use StoreMap instead.
@@ -3707,13 +3790,13 @@ void CodeStubAssembler::StoreFixedArrayOrPropertyArrayElement(
           offset,
           Select<IntPtrT>(
               IsPropertyArray(object),
-              [=] {
+              [=, this] {
                 TNode<Int32T> length_and_hash = LoadAndUntagToWord32ObjectField(
                     object, PropertyArray::kLengthAndHashOffset);
                 return Signed(ChangeUint32ToWord(
                     DecodeWord32<PropertyArray::LengthField>(length_and_hash)));
               },
-              [=] {
+              [=, this] {
                 return LoadAndUntagPositiveSmiObjectField(
                     object, FixedArrayBase::kLengthOffset);
               }),
@@ -4159,8 +4242,9 @@ TNode<String> CodeStubAssembler::AllocateSeqOneByteString(
 
 TNode<BoolT> CodeStubAssembler::IsZeroOrContext(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedEqual(object, SmiConstant(0)), [=] { return Int32TrueConstant(); },
-      [=] { return IsContext(CAST(object)); });
+      TaggedEqual(object, SmiConstant(0)),
+      [=, this] { return Int32TrueConstant(); },
+      [=, this] { return IsContext(CAST(object)); });
 }
 
 TNode<String> CodeStubAssembler::AllocateSeqTwoByteString(
@@ -4492,8 +4576,8 @@ TNode<OrderedHashMap> CodeStubAssembler::AllocateOrderedHashMap() {
 }
 
 TNode<JSObject> CodeStubAssembler::AllocateJSObjectFromMap(
-    TNode<Map> map, base::Optional<TNode<HeapObject>> properties,
-    base::Optional<TNode<FixedArray>> elements, AllocationFlags flags,
+    TNode<Map> map, std::optional<TNode<HeapObject>> properties,
+    std::optional<TNode<FixedArray>> elements, AllocationFlags flags,
     SlackTrackingMode slack_tracking_mode) {
   CSA_DCHECK(this, Word32BinaryNot(IsJSFunctionMap(map)));
   CSA_DCHECK(this, Word32BinaryNot(InstanceTypeEqual(LoadMapInstanceType(map),
@@ -4509,8 +4593,8 @@ TNode<JSObject> CodeStubAssembler::AllocateJSObjectFromMap(
 
 void CodeStubAssembler::InitializeJSObjectFromMap(
     TNode<HeapObject> object, TNode<Map> map, TNode<IntPtrT> instance_size,
-    base::Optional<TNode<HeapObject>> properties,
-    base::Optional<TNode<FixedArray>> elements,
+    std::optional<TNode<HeapObject>> properties,
+    std::optional<TNode<FixedArray>> elements,
     SlackTrackingMode slack_tracking_mode) {
   // This helper assumes that the object is in new-space, as guarded by the
   // check in AllocatedJSObjectFromMap.
@@ -4627,7 +4711,7 @@ void CodeStubAssembler::StoreFieldsNoWriteBarrier(TNode<IntPtrT> start_address,
   CSA_DCHECK(this, WordIsAligned(end_address, kTaggedSize));
   BuildFastLoop<IntPtrT>(
       start_address, end_address,
-      [=](TNode<IntPtrT> current) {
+      [=, this](TNode<IntPtrT> current) {
         UnsafeStoreNoWriteBarrier(MachineRepresentation::kTagged, current,
                                   value);
       },
@@ -4653,7 +4737,7 @@ TNode<BoolT> CodeStubAssembler::IsValidFastJSArrayCapacity(
 
 TNode<JSArray> CodeStubAssembler::AllocateJSArray(
     TNode<Map> array_map, TNode<FixedArrayBase> elements, TNode<Smi> length,
-    base::Optional<TNode<AllocationSite>> allocation_site,
+    std::optional<TNode<AllocationSite>> allocation_site,
     int array_header_size) {
   Comment("begin allocation of JSArray passing in elements");
   CSA_SLOW_DCHECK(this, TaggedIsPositiveSmi(length));
@@ -4714,7 +4798,7 @@ TNode<IntPtrT> CodeStubAssembler::AlignToAllocationAlignment(
 std::pair<TNode<JSArray>, TNode<FixedArrayBase>>
 CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
     ElementsKind kind, TNode<Map> array_map, TNode<Smi> length,
-    base::Optional<TNode<AllocationSite>> allocation_site,
+    std::optional<TNode<AllocationSite>> allocation_site,
     TNode<IntPtrT> capacity, AllocationFlags allocation_flags,
     int array_header_size) {
   Comment("begin allocation of JSArray with elements");
@@ -4822,7 +4906,7 @@ CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
 
 TNode<JSArray> CodeStubAssembler::AllocateUninitializedJSArray(
     TNode<Map> array_map, TNode<Smi> length,
-    base::Optional<TNode<AllocationSite>> allocation_site,
+    std::optional<TNode<AllocationSite>> allocation_site,
     TNode<IntPtrT> size_in_bytes) {
   CSA_SLOW_DCHECK(this, TaggedIsPositiveSmi(length));
 
@@ -4847,7 +4931,7 @@ TNode<JSArray> CodeStubAssembler::AllocateUninitializedJSArray(
 
 TNode<JSArray> CodeStubAssembler::AllocateJSArray(
     ElementsKind kind, TNode<Map> array_map, TNode<IntPtrT> capacity,
-    TNode<Smi> length, base::Optional<TNode<AllocationSite>> allocation_site,
+    TNode<Smi> length, std::optional<TNode<AllocationSite>> allocation_site,
     AllocationFlags allocation_flags) {
   CSA_SLOW_DCHECK(this, TaggedIsPositiveSmi(length));
 
@@ -4884,19 +4968,19 @@ TNode<JSArray> CodeStubAssembler::ExtractFastJSArray(TNode<Context> context,
   TNode<Map> array_map = LoadJSArrayElementsMap(elements_kind, native_context);
 
   TNode<FixedArrayBase> new_elements = ExtractFixedArray(
-      LoadElements(array), base::Optional<TNode<BInt>>(begin),
-      base::Optional<TNode<BInt>>(count),
-      base::Optional<TNode<BInt>>(base::nullopt),
+      LoadElements(array), std::optional<TNode<BInt>>(begin),
+      std::optional<TNode<BInt>>(count),
+      std::optional<TNode<BInt>>(std::nullopt),
       ExtractFixedArrayFlag::kAllFixedArrays, nullptr, elements_kind);
 
   TNode<JSArray> result = AllocateJSArray(
-      array_map, new_elements, ParameterToTagged(count), base::nullopt);
+      array_map, new_elements, ParameterToTagged(count), std::nullopt);
   return result;
 }
 
 TNode<JSArray> CodeStubAssembler::CloneFastJSArray(
     TNode<Context> context, TNode<JSArray> array,
-    base::Optional<TNode<AllocationSite>> allocation_site,
+    std::optional<TNode<AllocationSite>> allocation_site,
     HoleConversionMode convert_holes) {
   // TODO(dhai): we should be able to assert IsFastJSArray(array) here, but this
   // function is also used to copy boilerplates even when the no-elements
@@ -4921,9 +5005,9 @@ TNode<JSArray> CodeStubAssembler::CloneFastJSArray(
   // Simple extraction that preserves holes.
   new_elements = ExtractFixedArray(
       LoadElements(array),
-      base::Optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
-      base::Optional<TNode<BInt>>(TaggedToParameter<BInt>(CAST(length))),
-      base::Optional<TNode<BInt>>(base::nullopt),
+      std::optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
+      std::optional<TNode<BInt>>(TaggedToParameter<BInt>(CAST(length))),
+      std::optional<TNode<BInt>>(std::nullopt),
       ExtractFixedArrayFlag::kAllFixedArraysDontCopyCOW, nullptr,
       var_elements_kind.value());
   var_new_elements = new_elements;
@@ -4941,9 +5025,9 @@ TNode<JSArray> CodeStubAssembler::CloneFastJSArray(
     // ExtractFixedArrayFlag::kDontCopyCOW.
     new_elements = ExtractFixedArray(
         LoadElements(array),
-        base::Optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
-        base::Optional<TNode<BInt>>(TaggedToParameter<BInt>(CAST(length))),
-        base::Optional<TNode<BInt>>(base::nullopt),
+        std::optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
+        std::optional<TNode<BInt>>(TaggedToParameter<BInt>(CAST(length))),
+        std::optional<TNode<BInt>>(std::nullopt),
         ExtractFixedArrayFlag::kAllFixedArrays, &var_holes_converted);
     var_new_elements = new_elements;
     // If the array type didn't change, use the original elements kind.
@@ -4979,7 +5063,7 @@ TNode<JSArray> CodeStubAssembler::CloneFastJSArray(
 template <typename TIndex>
 TNode<FixedArrayBase> CodeStubAssembler::AllocateFixedArray(
     ElementsKind kind, TNode<TIndex> capacity, AllocationFlags flags,
-    base::Optional<TNode<Map>> fixed_array_map) {
+    std::optional<TNode<Map>> fixed_array_map) {
   static_assert(
       std::is_same<TIndex, Smi>::value || std::is_same<TIndex, IntPtrT>::value,
       "Only Smi or IntPtrT capacity is allowed");
@@ -5040,7 +5124,7 @@ TNode<FixedArrayBase> CodeStubAssembler::AllocateFixedArray(
 template V8_EXPORT_PRIVATE TNode<FixedArrayBase>
     CodeStubAssembler::AllocateFixedArray<IntPtrT>(ElementsKind, TNode<IntPtrT>,
                                                    AllocationFlags,
-                                                   base::Optional<TNode<Map>>);
+                                                   std::optional<TNode<Map>>);
 
 template <typename TIndex>
 TNode<FixedArray> CodeStubAssembler::ExtractToFixedArray(
@@ -5048,7 +5132,7 @@ TNode<FixedArray> CodeStubAssembler::ExtractToFixedArray(
     TNode<TIndex> capacity, TNode<Map> source_map, ElementsKind from_kind,
     AllocationFlags allocation_flags, ExtractFixedArrayFlags extract_flags,
     HoleConversionMode convert_holes, TVariable<BoolT>* var_holes_converted,
-    base::Optional<TNode<Int32T>> source_elements_kind) {
+    std::optional<TNode<Int32T>> source_elements_kind) {
   static_assert(
       std::is_same<TIndex, Smi>::value || std::is_same<TIndex, IntPtrT>::value,
       "Only Smi or IntPtrT first, count, and capacity are allowed");
@@ -5230,10 +5314,10 @@ TNode<FixedArrayBase> CodeStubAssembler::ExtractFixedDoubleArrayFillingHoles(
 
 template <typename TIndex>
 TNode<FixedArrayBase> CodeStubAssembler::ExtractFixedArray(
-    TNode<FixedArrayBase> source, base::Optional<TNode<TIndex>> first,
-    base::Optional<TNode<TIndex>> count, base::Optional<TNode<TIndex>> capacity,
+    TNode<FixedArrayBase> source, std::optional<TNode<TIndex>> first,
+    std::optional<TNode<TIndex>> count, std::optional<TNode<TIndex>> capacity,
     ExtractFixedArrayFlags extract_flags, TVariable<BoolT>* var_holes_converted,
-    base::Optional<TNode<Int32T>> source_elements_kind) {
+    std::optional<TNode<Int32T>> source_elements_kind) {
   static_assert(
       std::is_same<TIndex, Smi>::value || std::is_same<TIndex, IntPtrT>::value,
       "Only Smi or IntPtrT first, count, and capacity are allowed");
@@ -5328,15 +5412,15 @@ TNode<FixedArrayBase> CodeStubAssembler::ExtractFixedArray(
 
 template V8_EXPORT_PRIVATE TNode<FixedArrayBase>
 CodeStubAssembler::ExtractFixedArray<Smi>(
-    TNode<FixedArrayBase>, base::Optional<TNode<Smi>>,
-    base::Optional<TNode<Smi>>, base::Optional<TNode<Smi>>,
-    ExtractFixedArrayFlags, TVariable<BoolT>*, base::Optional<TNode<Int32T>>);
+    TNode<FixedArrayBase>, std::optional<TNode<Smi>>, std::optional<TNode<Smi>>,
+    std::optional<TNode<Smi>>, ExtractFixedArrayFlags, TVariable<BoolT>*,
+    std::optional<TNode<Int32T>>);
 
 template V8_EXPORT_PRIVATE TNode<FixedArrayBase>
 CodeStubAssembler::ExtractFixedArray<IntPtrT>(
-    TNode<FixedArrayBase>, base::Optional<TNode<IntPtrT>>,
-    base::Optional<TNode<IntPtrT>>, base::Optional<TNode<IntPtrT>>,
-    ExtractFixedArrayFlags, TVariable<BoolT>*, base::Optional<TNode<Int32T>>);
+    TNode<FixedArrayBase>, std::optional<TNode<IntPtrT>>,
+    std::optional<TNode<IntPtrT>>, std::optional<TNode<IntPtrT>>,
+    ExtractFixedArrayFlags, TVariable<BoolT>*, std::optional<TNode<Int32T>>);
 
 void CodeStubAssembler::InitializePropertyArrayLength(
     TNode<PropertyArray> property_array, TNode<IntPtrT> length) {
@@ -5702,7 +5786,7 @@ void CodeStubAssembler::CopyRange(TNode<HeapObject> dst_object, int dst_offset,
   // write barriers can be skipped). Extend as needed.
   BuildFastLoop<IntPtrT>(
       IntPtrConstant(0), length_in_tagged,
-      [=](TNode<IntPtrT> index) {
+      [=, this](TNode<IntPtrT> index) {
         TNode<IntPtrT> current_src_offset =
             IntPtrAdd(TimesTaggedSize(index), IntPtrConstant(src_offset));
         TNode<Object> value = LoadObjectField(src_object, current_src_offset);
@@ -5964,9 +6048,9 @@ void CodeStubAssembler::CopyPropertyArrayValues(TNode<HeapObject> from_array,
 TNode<FixedArrayBase> CodeStubAssembler::CloneFixedArray(
     TNode<FixedArrayBase> source, ExtractFixedArrayFlags flags) {
   return ExtractFixedArray(
-      source, base::Optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
-      base::Optional<TNode<BInt>>(base::nullopt),
-      base::Optional<TNode<BInt>>(base::nullopt), flags);
+      source, std::optional<TNode<BInt>>(IntPtrOrSmiConstant<BInt>(0)),
+      std::optional<TNode<BInt>>(std::nullopt),
+      std::optional<TNode<BInt>>(std::nullopt), flags);
 }
 
 template <>
@@ -6473,8 +6557,8 @@ TNode<Float16T> CodeStubAssembler::TruncateFloat64ToFloat16(
       // Result is infinity or NaN.
       out = Select<Uint16T>(
           Uint64GreaterThan(in, Uint64Constant(kFP64Infinity)),
-          [=] { return Uint16Constant(kFP16qNaN); },       // NaN->qNaN
-          [=] { return Uint16Constant(kFP16Infinity); });  // Inf->Inf
+          [=, this] { return Uint16Constant(kFP16qNaN); },       // NaN->qNaN
+          [=, this] { return Uint16Constant(kFP16Infinity); });  // Inf->Inf
       Goto(&done);
     }
 
@@ -6554,8 +6638,8 @@ TNode<Float16T> CodeStubAssembler::TruncateFloat64ToFloat16(
       out = Select<Uint16T>(
           Uint32GreaterThan(in_hi_word,
                             Uint64HighWordConstantNoLowWord(kFP64Infinity)),
-          [=] { return Uint16Constant(kFP16qNaN); },       // NaN->qNaN
-          [=] { return Uint16Constant(kFP16Infinity); });  // Inf->Inf
+          [=, this] { return Uint16Constant(kFP16qNaN); },       // NaN->qNaN
+          [=, this] { return Uint16Constant(kFP16Infinity); });  // Inf->Inf
       Goto(&done);
     }
 
@@ -6860,10 +6944,10 @@ TNode<Int32T> CodeStubAssembler::ChangeTaggedNonSmiToInt32(
     TNode<Context> context, TNode<HeapObject> input) {
   return Select<Int32T>(
       IsHeapNumber(input),
-      [=] {
+      [=, this] {
         return Signed(TruncateFloat64ToWord32(LoadHeapNumberValue(input)));
       },
-      [=] {
+      [=, this] {
         return TruncateNumberToWord32(
             CAST(CallBuiltin(Builtin::kNonNumberToNumber, context, input)));
       });
@@ -6881,8 +6965,8 @@ TNode<Float64T> CodeStubAssembler::ChangeTaggedToFloat64(TNode<Context> context,
   BIND(&not_smi);
   var_result = Select<Float64T>(
       IsHeapNumber(CAST(input)),
-      [=] { return LoadHeapNumberValue(CAST(input)); },
-      [=] {
+      [=, this] { return LoadHeapNumberValue(CAST(input)); },
+      [=, this] {
         return ChangeNumberToFloat64(
             CAST(CallBuiltin(Builtin::kNonNumberToNumber, context, input)));
       });
@@ -7045,9 +7129,9 @@ void CodeStubAssembler::ThrowIfNotCallable(TNode<Context> context,
 
 void CodeStubAssembler::ThrowRangeError(TNode<Context> context,
                                         MessageTemplate message,
-                                        base::Optional<TNode<Object>> arg0,
-                                        base::Optional<TNode<Object>> arg1,
-                                        base::Optional<TNode<Object>> arg2) {
+                                        std::optional<TNode<Object>> arg0,
+                                        std::optional<TNode<Object>> arg1,
+                                        std::optional<TNode<Object>> arg2) {
   TNode<Smi> template_index = SmiConstant(static_cast<int>(message));
   if (!arg0) {
     CallRuntime(Runtime::kThrowRangeError, context, template_index);
@@ -7066,18 +7150,18 @@ void CodeStubAssembler::ThrowRangeError(TNode<Context> context,
 void CodeStubAssembler::ThrowTypeError(TNode<Context> context,
                                        MessageTemplate message,
                                        char const* arg0, char const* arg1) {
-  base::Optional<TNode<Object>> arg0_node;
+  std::optional<TNode<Object>> arg0_node;
   if (arg0) arg0_node = StringConstant(arg0);
-  base::Optional<TNode<Object>> arg1_node;
+  std::optional<TNode<Object>> arg1_node;
   if (arg1) arg1_node = StringConstant(arg1);
   ThrowTypeError(context, message, arg0_node, arg1_node);
 }
 
 void CodeStubAssembler::ThrowTypeError(TNode<Context> context,
                                        MessageTemplate message,
-                                       base::Optional<TNode<Object>> arg0,
-                                       base::Optional<TNode<Object>> arg1,
-                                       base::Optional<TNode<Object>> arg2) {
+                                       std::optional<TNode<Object>> arg0,
+                                       std::optional<TNode<Object>> arg1,
+                                       std::optional<TNode<Object>> arg2) {
   TNode<Smi> template_index = SmiConstant(static_cast<int>(message));
   if (!arg0) {
     CallRuntime(Runtime::kThrowTypeError, context, template_index);
@@ -7272,8 +7356,8 @@ TNode<BoolT> CodeStubAssembler::IsPrototypeTypedArrayPrototype(
       LoadContextElement(native_context, Context::TYPED_ARRAY_PROTOTYPE_INDEX);
   TNode<HeapObject> proto = LoadMapPrototype(map);
   TNode<HeapObject> proto_of_proto = Select<HeapObject>(
-      IsJSObject(proto), [=] { return LoadMapPrototype(LoadMap(proto)); },
-      [=] { return NullConstant(); });
+      IsJSObject(proto), [=, this] { return LoadMapPrototype(LoadMap(proto)); },
+      [=, this] { return NullConstant(); });
   return TaggedEqual(proto_of_proto, typed_array_prototype);
 }
 
@@ -7317,8 +7401,8 @@ TNode<BoolT> CodeStubAssembler::IsStrictArgumentsMap(TNode<Context> context,
 
 TNode<BoolT> CodeStubAssembler::TaggedIsCallable(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32FalseConstant(); },
-      [=] {
+      TaggedIsSmi(object), [=, this] { return Int32FalseConstant(); },
+      [=, this] {
         return IsCallableMap(LoadMap(UncheckedCast<HeapObject>(object)));
       });
 }
@@ -7329,8 +7413,8 @@ TNode<BoolT> CodeStubAssembler::IsCallable(TNode<HeapObject> object) {
 
 TNode<BoolT> CodeStubAssembler::TaggedIsCode(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32FalseConstant(); },
-      [=] { return IsCode(UncheckedCast<HeapObject>(object)); });
+      TaggedIsSmi(object), [=, this] { return Int32FalseConstant(); },
+      [=, this] { return IsCode(UncheckedCast<HeapObject>(object)); });
 }
 
 TNode<BoolT> CodeStubAssembler::IsCode(TNode<HeapObject> object) {
@@ -7437,6 +7521,74 @@ TNode<BoolT> CodeStubAssembler::IsJSReceiverInstanceType(
                                  Int32Constant(FIRST_JS_RECEIVER_TYPE));
 }
 
+TNode<BoolT> CodeStubAssembler::IsSequentialStringMap(TNode<Map> map) {
+#if V8_STATIC_ROOTS_BOOL
+  // Both sequential string maps are allocated at the start of the read only
+  // heap, so we can use a single comparison to check for them.
+  static_assert(
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kSeqString.first == 0);
+  return IsInRange(
+      TruncateIntPtrToInt32(BitcastTaggedToWord(map)),
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kSeqString.first,
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kSeqString.second);
+#else
+  return IsSequentialStringInstanceType(LoadMapInstanceType(map));
+#endif
+}
+
+TNode<BoolT> CodeStubAssembler::IsExternalStringMap(TNode<Map> map) {
+#if V8_STATIC_ROOTS_BOOL
+  return IsInRange(
+      TruncateIntPtrToInt32(BitcastTaggedToWord(map)),
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kExternalString.first,
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kExternalString.second);
+#else
+  return IsExternalStringInstanceType(LoadMapInstanceType(map));
+#endif
+}
+
+TNode<BoolT> CodeStubAssembler::IsUncachedExternalStringMap(TNode<Map> map) {
+#if V8_STATIC_ROOTS_BOOL
+  return IsInRange(
+      TruncateIntPtrToInt32(BitcastTaggedToWord(map)),
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kUncachedExternalString
+          .first,
+      InstanceTypeChecker::kUniqueMapRangeOfStringType::kUncachedExternalString
+          .second);
+#else
+  return IsUncachedExternalStringInstanceType(LoadMapInstanceType(map));
+#endif
+}
+
+TNode<BoolT> CodeStubAssembler::IsOneByteStringMap(TNode<Map> map) {
+#if V8_STATIC_ROOTS_BOOL
+  CSA_DCHECK(this, IsStringInstanceType(LoadMapInstanceType(map)));
+
+  // These static asserts make sure that the following bit magic on the map word
+  // is safe. See the definition of kStringMapEncodingMask for an explanation.
+#define VALIDATE_STRING_MAP_ENCODING_BIT(instance_type, size, name, Name) \
+  static_assert(                                                          \
+      ((instance_type & kStringEncodingMask) == kOneByteStringTag) ==     \
+      ((StaticReadOnlyRoot::k##Name##Map &                                \
+        InstanceTypeChecker::kStringMapEncodingMask) ==                   \
+       InstanceTypeChecker::kOneByteStringMapBit));                       \
+  static_assert(                                                          \
+      ((instance_type & kStringEncodingMask) == kTwoByteStringTag) ==     \
+      ((StaticReadOnlyRoot::k##Name##Map &                                \
+        InstanceTypeChecker::kStringMapEncodingMask) ==                   \
+       InstanceTypeChecker::kTwoByteStringMapBit));
+  STRING_TYPE_LIST(VALIDATE_STRING_MAP_ENCODING_BIT)
+#undef VALIDATE_STRING_TYPE_RANGES
+
+  return Word32Equal(
+      Word32And(TruncateIntPtrToInt32(BitcastTaggedToWord(map)),
+                Int32Constant(InstanceTypeChecker::kStringMapEncodingMask)),
+      Int32Constant(InstanceTypeChecker::kOneByteStringMapBit));
+#else
+  return IsOneByteStringInstanceType(LoadMapInstanceType(map));
+#endif
+}
+
 TNode<BoolT> CodeStubAssembler::IsJSReceiverMap(TNode<Map> map) {
   return IsJSReceiverInstanceType(LoadMapInstanceType(map));
 }
@@ -7616,8 +7768,8 @@ TNode<BoolT> CodeStubAssembler::IsJSSharedArray(TNode<HeapObject> object) {
 
 TNode<BoolT> CodeStubAssembler::IsJSSharedArray(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32FalseConstant(); },
-      [=] {
+      TaggedIsSmi(object), [=, this] { return Int32FalseConstant(); },
+      [=, this] {
         TNode<HeapObject> heap_object = CAST(object);
         return IsJSSharedArray(heap_object);
       });
@@ -7638,8 +7790,8 @@ TNode<BoolT> CodeStubAssembler::IsJSSharedStruct(TNode<HeapObject> object) {
 
 TNode<BoolT> CodeStubAssembler::IsJSSharedStruct(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32FalseConstant(); },
-      [=] {
+      TaggedIsSmi(object), [=, this] { return Int32FalseConstant(); },
+      [=, this] {
         TNode<HeapObject> heap_object = CAST(object);
         return IsJSSharedStruct(heap_object);
       });
@@ -7735,8 +7887,8 @@ TNode<BoolT> CodeStubAssembler::IsHeapNumberInstanceType(
 
 TNode<BoolT> CodeStubAssembler::IsNotAnyHole(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32TrueConstant(); },
-      [=] {
+      TaggedIsSmi(object), [=, this] { return Int32TrueConstant(); },
+      [=, this] {
         return Word32BinaryNot(IsHoleInstanceType(
             LoadInstanceType(UncheckedCast<HeapObject>(object))));
       });
@@ -7760,7 +7912,7 @@ TNode<BoolT> CodeStubAssembler::IsName(TNode<HeapObject> object) {
 #if V8_STATIC_ROOTS_BOOL
   TNode<Map> map = LoadMap(object);
   TNode<Word32T> map_as_word32 = ReinterpretCast<Word32T>(map);
-  static_assert(InstanceTypeChecker::kLastStringMap + Map::kSize ==
+  static_assert(InstanceTypeChecker::kStringMapUpperBound + Map::kSize ==
                 StaticReadOnlyRoot::kSymbolMap);
   return Uint32LessThanOrEqual(map_as_word32,
                                Int32Constant(StaticReadOnlyRoot::kSymbolMap));
@@ -7780,7 +7932,7 @@ TNode<BoolT> CodeStubAssembler::IsString(TNode<HeapObject> object) {
   TNode<Word32T> map_as_word32 =
       TruncateIntPtrToInt32(BitcastTaggedToWord(map));
   return Uint32LessThanOrEqual(
-      map_as_word32, Int32Constant(InstanceTypeChecker::kLastStringMap));
+      map_as_word32, Int32Constant(InstanceTypeChecker::kStringMapUpperBound));
 #else
   return IsStringInstanceType(LoadInstanceType(object));
 #endif
@@ -7825,8 +7977,8 @@ TNode<BoolT> CodeStubAssembler::IsUniqueName(TNode<HeapObject> object) {
   TNode<Uint16T> instance_type = LoadInstanceType(object);
   return Select<BoolT>(
       IsInternalizedStringInstanceType(instance_type),
-      [=] { return Int32TrueConstant(); },
-      [=] { return IsSymbolInstanceType(instance_type); });
+      [=, this] { return Int32TrueConstant(); },
+      [=, this] { return IsSymbolInstanceType(instance_type); });
 }
 
 // Semantics: guaranteed not to be an integer index (i.e. contains non-digit
@@ -7843,11 +7995,11 @@ TNode<BoolT> CodeStubAssembler::IsUniqueNameNoIndex(TNode<HeapObject> object) {
   TNode<Uint16T> instance_type = LoadInstanceType(object);
   return Select<BoolT>(
       IsInternalizedStringInstanceType(instance_type),
-      [=] {
+      [=, this] {
         return IsSetWord32(LoadNameRawHashField(CAST(object)),
                            Name::kDoesNotContainIntegerOrForwardingIndexMask);
       },
-      [=] { return IsSymbolInstanceType(instance_type); });
+      [=, this] { return IsSymbolInstanceType(instance_type); });
 }
 
 // Semantics: {object} is a Symbol, or a String that doesn't have a cached
@@ -7861,11 +8013,11 @@ TNode<BoolT> CodeStubAssembler::IsUniqueNameNoCachedIndex(
   TNode<Uint16T> instance_type = LoadInstanceType(object);
   return Select<BoolT>(
       IsInternalizedStringInstanceType(instance_type),
-      [=] {
+      [=, this] {
         return IsSetWord32(LoadNameRawHash(CAST(object)),
                            Name::kDoesNotContainCachedArrayIndexMask);
       },
-      [=] { return IsSymbolInstanceType(instance_type); });
+      [=, this] { return IsSymbolInstanceType(instance_type); });
 }
 
 TNode<BoolT> CodeStubAssembler::IsBigIntInstanceType(
@@ -7998,8 +8150,8 @@ TNode<BoolT> CodeStubAssembler::IsJSRegExp(TNode<HeapObject> object) {
 
 TNode<BoolT> CodeStubAssembler::IsNumeric(TNode<Object> object) {
   return Select<BoolT>(
-      TaggedIsSmi(object), [=] { return Int32TrueConstant(); },
-      [=] {
+      TaggedIsSmi(object), [=, this] { return Int32TrueConstant(); },
+      [=, this] {
         return UncheckedCast<BoolT>(
             Word32Or(IsHeapNumber(CAST(object)), IsBigInt(CAST(object))));
       });
@@ -8030,8 +8182,8 @@ TNode<BoolT> CodeStubAssembler::IsNumberNormalized(TNode<Number> number) {
 
 TNode<BoolT> CodeStubAssembler::IsNumberPositive(TNode<Number> number) {
   return Select<BoolT>(
-      TaggedIsSmi(number), [=] { return TaggedIsPositiveSmi(number); },
-      [=] { return IsHeapNumberPositive(CAST(number)); });
+      TaggedIsSmi(number), [=, this] { return TaggedIsPositiveSmi(number); },
+      [=, this] { return IsHeapNumberPositive(CAST(number)); });
 }
 
 // TODO(cbruni): Use TNode<HeapNumber> instead of custom name.
@@ -8045,24 +8197,26 @@ TNode<BoolT> CodeStubAssembler::IsNumberNonNegativeSafeInteger(
     TNode<Number> number) {
   return Select<BoolT>(
       // TODO(cbruni): Introduce TaggedIsNonNegateSmi to avoid confusion.
-      TaggedIsSmi(number), [=] { return TaggedIsPositiveSmi(number); },
-      [=] {
+      TaggedIsSmi(number), [=, this] { return TaggedIsPositiveSmi(number); },
+      [=, this] {
         TNode<HeapNumber> heap_number = CAST(number);
         return Select<BoolT>(
             IsInteger(heap_number),
-            [=] { return IsHeapNumberPositive(heap_number); },
-            [=] { return Int32FalseConstant(); });
+            [=, this] { return IsHeapNumberPositive(heap_number); },
+            [=, this] { return Int32FalseConstant(); });
       });
 }
 
 TNode<BoolT> CodeStubAssembler::IsSafeInteger(TNode<Object> number) {
   return Select<BoolT>(
-      TaggedIsSmi(number), [=] { return Int32TrueConstant(); },
-      [=] {
+      TaggedIsSmi(number), [=, this] { return Int32TrueConstant(); },
+      [=, this] {
         return Select<BoolT>(
             IsHeapNumber(CAST(number)),
-            [=] { return IsSafeInteger(UncheckedCast<HeapNumber>(number)); },
-            [=] { return Int32FalseConstant(); });
+            [=, this] {
+              return IsSafeInteger(UncheckedCast<HeapNumber>(number));
+            },
+            [=, this] { return Int32FalseConstant(); });
       });
 }
 
@@ -8076,22 +8230,22 @@ TNode<BoolT> CodeStubAssembler::IsSafeInteger(TNode<HeapNumber> number) {
       // Check if {number}s value matches the integer (ruling out the
       // infinities).
       Float64Equal(Float64Sub(number_value, integer), Float64Constant(0.0)),
-      [=] {
+      [=, this] {
         // Check if the {integer} value is in safe integer range.
         return Float64LessThanOrEqual(Float64Abs(integer),
                                       Float64Constant(kMaxSafeInteger));
       },
-      [=] { return Int32FalseConstant(); });
+      [=, this] { return Int32FalseConstant(); });
 }
 
 TNode<BoolT> CodeStubAssembler::IsInteger(TNode<Object> number) {
   return Select<BoolT>(
-      TaggedIsSmi(number), [=] { return Int32TrueConstant(); },
-      [=] {
+      TaggedIsSmi(number), [=, this] { return Int32TrueConstant(); },
+      [=, this] {
         return Select<BoolT>(
             IsHeapNumber(CAST(number)),
-            [=] { return IsInteger(UncheckedCast<HeapNumber>(number)); },
-            [=] { return Int32FalseConstant(); });
+            [=, this] { return IsInteger(UncheckedCast<HeapNumber>(number)); },
+            [=, this] { return Int32FalseConstant(); });
       });
 }
 
@@ -8107,18 +8261,18 @@ TNode<BoolT> CodeStubAssembler::IsHeapNumberUint32(TNode<HeapNumber> number) {
   // Check that the HeapNumber is a valid uint32
   return Select<BoolT>(
       IsHeapNumberPositive(number),
-      [=] {
+      [=, this] {
         TNode<Float64T> value = LoadHeapNumberValue(number);
         TNode<Uint32T> int_value = TruncateFloat64ToWord32(value);
         return Float64Equal(value, ChangeUint32ToFloat64(int_value));
       },
-      [=] { return Int32FalseConstant(); });
+      [=, this] { return Int32FalseConstant(); });
 }
 
 TNode<BoolT> CodeStubAssembler::IsNumberArrayIndex(TNode<Number> number) {
   return Select<BoolT>(
-      TaggedIsSmi(number), [=] { return TaggedIsPositiveSmi(number); },
-      [=] { return IsHeapNumberUint32(CAST(number)); });
+      TaggedIsSmi(number), [=, this] { return TaggedIsPositiveSmi(number); },
+      [=, this] { return IsHeapNumberUint32(CAST(number)); });
 }
 
 TNode<IntPtrT> CodeStubAssembler::LoadMemoryChunkFlags(
@@ -8155,12 +8309,11 @@ TNode<Uint16T> CodeStubAssembler::StringCharCodeAt(TNode<String> string,
   to_direct.TryToDirect(&if_runtime);
   const TNode<UintPtrT> offset =
       UintPtrAdd(index, Unsigned(to_direct.offset()));
-  const TNode<Int32T> instance_type = to_direct.instance_type();
+  const TNode<BoolT> is_one_byte = to_direct.IsOneByte();
   const TNode<RawPtrT> string_data = to_direct.PointerToData(&if_runtime);
 
   // Check if the {string} is a TwoByteSeqString or a OneByteSeqString.
-  Branch(IsOneByteStringInstanceType(instance_type), &if_stringisonebyte,
-         &if_stringistwobyte);
+  Branch(is_one_byte, &if_stringisonebyte, &if_stringistwobyte);
 
   BIND(&if_stringisonebyte);
   {
@@ -8229,25 +8382,80 @@ ToDirectStringAssembler::ToDirectStringAssembler(
     compiler::CodeAssemblerState* state, TNode<String> string, Flags flags)
     : CodeStubAssembler(state),
       var_string_(string, this),
+#if V8_STATIC_ROOTS_BOOL
+      var_map_(LoadMap(string), this),
+#else
       var_instance_type_(LoadInstanceType(string), this),
+#endif
       var_offset_(IntPtrConstant(0), this),
       var_is_external_(Int32Constant(0), this),
-      flags_(flags) {}
+      flags_(flags) {
+}
 
 TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
-  Label dispatch(this, {&var_string_, &var_offset_, &var_instance_type_});
+  Label dispatch(this, {&var_string_, &var_offset_,
+#if V8_STATIC_ROOTS_BOOL
+                        &var_map_
+#else
+                        &var_instance_type_
+#endif
+                       });
   Label if_iscons(this);
   Label if_isexternal(this);
   Label if_issliced(this);
   Label if_isthin(this);
   Label out(this);
 
+#if V8_STATIC_ROOTS_BOOL
+  // The seq string check is in the dispatch.
+  Goto(&dispatch);
+#else
   Branch(IsSequentialStringInstanceType(var_instance_type_.value()), &out,
          &dispatch);
+#endif
 
   // Dispatch based on string representation.
   BIND(&dispatch);
   {
+#if V8_STATIC_ROOTS_BOOL
+    TNode<Int32T> map_bits =
+        TruncateIntPtrToInt32(BitcastTaggedToWord(var_map_.value()));
+
+    using StringTypeRange = InstanceTypeChecker::kUniqueMapRangeOfStringType;
+    // Check the string map ranges in dense increasing order, to avoid needing
+    // to subtract away the lower bound. Do these couple of range checks instead
+    // of a switch, since we can make them all single dense compares.
+    static_assert(StringTypeRange::kSeqString.first == 0);
+    GotoIf(Uint32LessThanOrEqual(
+               map_bits, Int32Constant(StringTypeRange::kSeqString.second)),
+           &out);
+
+    static_assert(StringTypeRange::kSeqString.second + Map::kSize ==
+                  StringTypeRange::kExternalString.first);
+    GotoIf(
+        Uint32LessThanOrEqual(
+            map_bits, Int32Constant(StringTypeRange::kExternalString.second)),
+        &if_isexternal);
+
+    static_assert(StringTypeRange::kExternalString.second + Map::kSize ==
+                  StringTypeRange::kConsString.first);
+    GotoIf(Uint32LessThanOrEqual(
+               map_bits, Int32Constant(StringTypeRange::kConsString.second)),
+           &if_iscons);
+
+    static_assert(StringTypeRange::kConsString.second + Map::kSize ==
+                  StringTypeRange::kSlicedString.first);
+    GotoIf(Uint32LessThanOrEqual(
+               map_bits, Int32Constant(StringTypeRange::kSlicedString.second)),
+           &if_issliced);
+
+    static_assert(StringTypeRange::kSlicedString.second + Map::kSize ==
+                  StringTypeRange::kThinString.first);
+    // No need to check for thin strings, they're the last string map.
+    static_assert(StringTypeRange::kThinString.second ==
+                  InstanceTypeChecker::kStringMapUpperBound);
+    Goto(&if_isthin);
+#else
     int32_t values[] = {
         kSeqStringTag,    kConsStringTag, kExternalStringTag,
         kSlicedStringTag, kThinStringTag,
@@ -8260,6 +8468,7 @@ TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
     const TNode<Int32T> representation = Word32And(
         var_instance_type_.value(), Int32Constant(kStringRepresentationMask));
     Switch(representation, if_bailout, values, labels, arraysize(values));
+#endif
   }
 
   // Cons string.  Check whether it is flat, then fetch first part.
@@ -8274,7 +8483,11 @@ TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
     const TNode<String> lhs =
         LoadObjectField<String>(string, offsetof(ConsString, first_));
     var_string_ = lhs;
+#if V8_STATIC_ROOTS_BOOL
+    var_map_ = LoadMap(lhs);
+#else
     var_instance_type_ = LoadInstanceType(lhs);
+#endif
 
     Goto(&dispatch);
   }
@@ -8293,7 +8506,11 @@ TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
       const TNode<String> parent =
           LoadObjectField<String>(string, offsetof(SlicedString, parent_));
       var_string_ = parent;
+#if V8_STATIC_ROOTS_BOOL
+      var_map_ = LoadMap(parent);
+#else
       var_instance_type_ = LoadInstanceType(parent);
+#endif
 
       Goto(&dispatch);
     }
@@ -8305,10 +8522,13 @@ TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
     const TNode<String> string = var_string_.value();
     const TNode<String> actual_string =
         LoadObjectField<String>(string, offsetof(ThinString, actual_));
-    const TNode<Uint16T> actual_instance_type = LoadInstanceType(actual_string);
 
     var_string_ = actual_string;
-    var_instance_type_ = actual_instance_type;
+#if V8_STATIC_ROOTS_BOOL
+    var_map_ = LoadMap(actual_string);
+#else
+    var_instance_type_ = LoadInstanceType(actual_string);
+#endif
 
     Goto(&dispatch);
   }
@@ -8322,6 +8542,14 @@ TNode<String> ToDirectStringAssembler::TryToDirect(Label* if_bailout) {
   return var_string_.value();
 }
 
+TNode<BoolT> ToDirectStringAssembler::IsOneByte() {
+#if V8_STATIC_ROOTS_BOOL
+  return IsOneByteStringMap(var_map_.value());
+#else
+  return IsOneByteStringInstanceType(var_instance_type_.value());
+#endif
+}
+
 TNode<RawPtrT> ToDirectStringAssembler::TryToSequential(
     StringPointerKind ptr_kind, Label* if_bailout) {
   CHECK(ptr_kind == PTR_TO_DATA || ptr_kind == PTR_TO_STRING);
@@ -8347,8 +8575,12 @@ TNode<RawPtrT> ToDirectStringAssembler::TryToSequential(
 
   BIND(&if_isexternal);
   {
+#if V8_STATIC_ROOTS_BOOL
+    GotoIf(IsUncachedExternalStringMap(var_map_.value()), if_bailout);
+#else
     GotoIf(IsUncachedExternalStringInstanceType(var_instance_type_.value()),
            if_bailout);
+#endif
 
     TNode<String> string = var_string_.value();
     TNode<RawPtrT> result = LoadExternalStringResourceDataPtr(CAST(string));
@@ -8686,8 +8918,8 @@ TNode<Number> CodeStubAssembler::ToNumber_Inline(TNode<Context> context,
   BIND(&not_smi);
   {
     var_result = Select<Number>(
-        IsHeapNumber(CAST(input)), [=] { return CAST(input); },
-        [=] {
+        IsHeapNumber(CAST(input)), [=, this] { return CAST(input); },
+        [=, this] {
           return CAST(CallBuiltin(Builtin::kNonNumberToNumber, context, input));
         });
     Goto(&end);
@@ -9036,8 +9268,10 @@ TNode<Number> CodeStubAssembler::ToLength_Inline(TNode<Context> context,
                                                  TNode<Object> input) {
   TNode<Smi> smi_zero = SmiConstant(0);
   return Select<Number>(
-      TaggedIsSmi(input), [=] { return SmiMax(CAST(input), smi_zero); },
-      [=] { return CAST(CallBuiltin(Builtin::kToLength, context, input)); });
+      TaggedIsSmi(input), [=, this] { return SmiMax(CAST(input), smi_zero); },
+      [=, this] {
+        return CAST(CallBuiltin(Builtin::kToLength, context, input));
+      });
 }
 
 TNode<Object> CodeStubAssembler::OrdinaryToPrimitive(
@@ -9320,7 +9554,7 @@ void CodeStubAssembler::StringWriteToFlatOneByte(TNode<String> source,
                                                  TNode<Int32T> length) {
   TNode<ExternalReference> function =
       ExternalConstant(ExternalReference::string_write_to_flat_one_byte());
-  CallCFunction(function, base::nullopt,
+  CallCFunction(function, std::nullopt,
                 std::make_pair(MachineType::AnyTagged(), source),
                 std::make_pair(MachineType::Pointer(), sink),
                 std::make_pair(MachineType::Int32(), start),
@@ -9333,7 +9567,7 @@ void CodeStubAssembler::StringWriteToFlatTwoByte(TNode<String> source,
                                                  TNode<Int32T> length) {
   TNode<ExternalReference> function =
       ExternalConstant(ExternalReference::string_write_to_flat_two_byte());
-  CallCFunction(function, base::nullopt,
+  CallCFunction(function, std::nullopt,
                 std::make_pair(MachineType::AnyTagged(), source),
                 std::make_pair(MachineType::Pointer(), sink),
                 std::make_pair(MachineType::Int32(), start),
@@ -10039,7 +10273,7 @@ void CodeStubAssembler::InsertEntry<GlobalDictionary>(
 template <class Dictionary>
 void CodeStubAssembler::AddToDictionary(
     TNode<Dictionary> dictionary, TNode<Name> key, TNode<Object> value,
-    Label* bailout, base::Optional<TNode<IntPtrT>> insertion_index) {
+    Label* bailout, std::optional<TNode<IntPtrT>> insertion_index) {
   CSA_DCHECK(this, Word32BinaryNot(IsEmptyPropertyDictionary(dictionary)));
   TNode<Smi> capacity = GetCapacity<Dictionary>(dictionary);
   TNode<Smi> nof = GetNumberOfElements<Dictionary>(dictionary);
@@ -10081,7 +10315,7 @@ void CodeStubAssembler::AddToDictionary(
 template <>
 void CodeStubAssembler::AddToDictionary(
     TNode<SwissNameDictionary> dictionary, TNode<Name> key, TNode<Object> value,
-    Label* bailout, base::Optional<TNode<IntPtrT>> insertion_index) {
+    Label* bailout, std::optional<TNode<IntPtrT>> insertion_index) {
   PropertyDetails d(PropertyKind::kData, NONE,
                     PropertyDetails::kConstIfDictConstnessTracking);
 
@@ -10106,7 +10340,7 @@ void CodeStubAssembler::AddToDictionary(
 
 template void CodeStubAssembler::AddToDictionary<NameDictionary>(
     TNode<NameDictionary>, TNode<Name>, TNode<Object>, Label*,
-    base::Optional<TNode<IntPtrT>>);
+    std::optional<TNode<IntPtrT>>);
 
 template <class Dictionary>
 TNode<Smi> CodeStubAssembler::GetNumberOfElements(
@@ -10180,7 +10414,7 @@ void CodeStubAssembler::LookupLinear(TNode<Name> unique_name,
 
   BuildFastLoop<IntPtrT>(
       last_exclusive, first_inclusive,
-      [=](TNode<IntPtrT> name_index) {
+      [=, this](TNode<IntPtrT> name_index) {
         TNode<MaybeObject> element =
             LoadArrayElement(array, Array::kHeaderSize, name_index);
         TNode<Name> candidate_name = CAST(element);
@@ -10213,8 +10447,8 @@ TNode<Uint32T> CodeStubAssembler::NumberOfEntries<TransitionArray>(
   TNode<Uint32T> length = LoadAndUntagWeakFixedArrayLengthAsUint32(transitions);
   return Select<Uint32T>(
       Uint32LessThan(length, Uint32Constant(TransitionArray::kFirstIndex)),
-      [=] { return Unsigned(Int32Constant(0)); },
-      [=] {
+      [=, this] { return Unsigned(Int32Constant(0)); },
+      [=, this] {
         return Unsigned(LoadAndUntagToWord32ArrayElement(
             transitions, WeakFixedArray::kHeaderSize,
             IntPtrConstant(TransitionArray::kTransitionLengthIndex)));
@@ -13006,7 +13240,7 @@ void CodeStubAssembler::EmitElementStore(
   // In case value is stored into a fast smi array, assure that the value is
   // a smi before manipulating the backing store. Otherwise the backing store
   // may be left in an invalid state.
-  base::Optional<TNode<Float64T>> float_value;
+  std::optional<TNode<Float64T>> float_value;
   if (IsSmiElementsKind(elements_kind)) {
     GotoIfNot(TaggedIsSmi(value), bailout);
   } else if (IsDoubleElementsKind(elements_kind)) {
@@ -13015,11 +13249,11 @@ void CodeStubAssembler::EmitElementStore(
 
   TNode<Smi> smi_length = Select<Smi>(
       IsJSArray(object),
-      [=]() {
+      [=, this]() {
         // This is casting Number -> Smi which may not actually be safe.
         return CAST(LoadJSArrayLength(CAST(object)));
       },
-      [=]() { return LoadFixedArrayBaseLength(elements); });
+      [=, this]() { return LoadFixedArrayBaseLength(elements); });
 
   TNode<UintPtrT> length = Unsigned(PositiveSmiUntag(smi_length));
   if (StoreModeCanGrow(store_mode) &&
@@ -13170,7 +13404,7 @@ void CodeStubAssembler::TransitionElementsKind(TNode<JSObject> object,
     TNode<IntPtrT> elements_length = LoadAndUntagFixedArrayBaseLength(elements);
     TNode<IntPtrT> array_length = Select<IntPtrT>(
         IsJSArray(object),
-        [=]() {
+        [=, this]() {
           CSA_DCHECK(this, IsFastElementsKind(LoadElementsKind(object)));
           return PositiveSmiUntag(LoadFastJSArrayLength(CAST(object)));
         },
@@ -13401,7 +13635,7 @@ TNode<Object> CodeStubAssembler::LoadNestedAllocationSite(
 }
 
 template <typename TIndex>
-TNode<TIndex> CodeStubAssembler::BuildFastLoop(
+void CodeStubAssembler::BuildFastLoop(
     const VariableList& vars, TVariable<TIndex>& var_index,
     TNode<TIndex> start_index, TNode<TIndex> end_index,
     const FastLoopBody<TIndex>& body, int increment,
@@ -13412,6 +13646,7 @@ TNode<TIndex> CodeStubAssembler::BuildFastLoop(
       !std::is_same<TIndex, Smi>::value,
       "Smi indices are currently not supported because it's not clear whether "
       "the use case allows unsigned comparisons or not");
+  DCHECK_NE(increment, 0);
   var_index = start_index;
   VariableList vars_copy(vars.begin(), vars.end(), zone());
   vars_copy.push_back(&var_index);
@@ -13439,7 +13674,7 @@ TNode<TIndex> CodeStubAssembler::BuildFastLoop(
     TNode<BoolT> first_check = UintPtrOrSmiEqual(var_index.value(), end_index);
     int32_t first_check_val;
     if (TryToInt32Constant(first_check, &first_check_val)) {
-      if (first_check_val) return var_index.value();
+      if (first_check_val) return;
       Goto(&loop);
     } else {
       Branch(first_check, &done, &loop);
@@ -13459,9 +13694,22 @@ TNode<TIndex> CodeStubAssembler::BuildFastLoop(
     // Check if there are at least two elements between start_index and
     // end_index.
     DCHECK_EQ(unrolling_mode, LoopUnrollingMode::kYes);
-    CSA_DCHECK(this, increment > 0
-                         ? UintPtrOrSmiLessThanOrEqual(start_index, end_index)
-                         : UintPtrOrSmiLessThanOrEqual(end_index, start_index));
+    if (increment > 0) {
+      CSA_DCHECK(this, UintPtrOrSmiLessThanOrEqual(start_index, end_index));
+      GotoIfNot(UintPtrOrSmiLessThanOrEqual(
+                    IntPtrOrSmiAdd(start_index,
+                                   IntPtrOrSmiConstant<TIndex>(increment)),
+                    end_index),
+                &done);
+    } else {
+      CSA_DCHECK(this, UintPtrOrSmiLessThanOrEqual(end_index, start_index));
+      GotoIfNot(
+          UintPtrOrSmiLessThanOrEqual(
+              IntPtrOrSmiSub(end_index, IntPtrOrSmiConstant<TIndex>(increment)),
+              start_index),
+          &done);
+    }
+
     TNode<TIndex> last_index =
         IntPtrOrSmiSub(end_index, IntPtrOrSmiConstant<TIndex>(increment));
     TNode<BoolT> first_check =
@@ -13498,25 +13746,24 @@ TNode<TIndex> CodeStubAssembler::BuildFastLoop(
     }
     BIND(&done);
   }
-  return var_index.value();
 }
 
 // Instantiate BuildFastLoop for IntPtrT, UintPtrT and RawPtrT.
-template V8_EXPORT_PRIVATE TNode<IntPtrT> CodeStubAssembler::BuildFastLoop<
-    IntPtrT>(const VariableList& vars, TVariable<IntPtrT>& var_index,
-             TNode<IntPtrT> start_index, TNode<IntPtrT> end_index,
-             const FastLoopBody<IntPtrT>& body, int increment,
-             LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
-template V8_EXPORT_PRIVATE TNode<UintPtrT> CodeStubAssembler::BuildFastLoop<
-    UintPtrT>(const VariableList& vars, TVariable<UintPtrT>& var_index,
-              TNode<UintPtrT> start_index, TNode<UintPtrT> end_index,
-              const FastLoopBody<UintPtrT>& body, int increment,
-              LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
-template V8_EXPORT_PRIVATE TNode<RawPtrT> CodeStubAssembler::BuildFastLoop<
-    RawPtrT>(const VariableList& vars, TVariable<RawPtrT>& var_index,
-             TNode<RawPtrT> start_index, TNode<RawPtrT> end_index,
-             const FastLoopBody<RawPtrT>& body, int increment,
-             LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
+template V8_EXPORT_PRIVATE void CodeStubAssembler::BuildFastLoop<IntPtrT>(
+    const VariableList& vars, TVariable<IntPtrT>& var_index,
+    TNode<IntPtrT> start_index, TNode<IntPtrT> end_index,
+    const FastLoopBody<IntPtrT>& body, int increment,
+    LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
+template V8_EXPORT_PRIVATE void CodeStubAssembler::BuildFastLoop<UintPtrT>(
+    const VariableList& vars, TVariable<UintPtrT>& var_index,
+    TNode<UintPtrT> start_index, TNode<UintPtrT> end_index,
+    const FastLoopBody<UintPtrT>& body, int increment,
+    LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
+template V8_EXPORT_PRIVATE void CodeStubAssembler::BuildFastLoop<RawPtrT>(
+    const VariableList& vars, TVariable<RawPtrT>& var_index,
+    TNode<RawPtrT> start_index, TNode<RawPtrT> end_index,
+    const FastLoopBody<RawPtrT>& body, int increment,
+    LoopUnrollingMode unrolling_mode, IndexAdvanceMode advance_mode);
 
 template <typename TIndex>
 void CodeStubAssembler::BuildFastArrayForEach(
@@ -13593,7 +13840,7 @@ void CodeStubAssembler::InitializeFieldsWithRoot(TNode<HeapObject> object,
   }
   BuildFastLoop<IntPtrT>(
       end_offset, start_offset,
-      [=](TNode<IntPtrT> current) {
+      [=, this](TNode<IntPtrT> current) {
         StoreNoWriteBarrier(MachineRepresentation::kTagged, object, current,
                             root_value);
       },
@@ -15069,47 +15316,19 @@ TNode<Boolean> CodeStubAssembler::StrictEqual(
 
               BIND(&if_lhsisoddball);
               {
-                Label if_lhsisboolean(this), if_lhsisnotboolean(this);
-                Branch(IsBooleanMap(lhs_map), &if_lhsisboolean,
-                       &if_lhsisnotboolean);
-
-                BIND(&if_lhsisboolean);
-                {
-                  OverwriteFeedback(var_type_feedback,
-                                    CompareOperationFeedback::kNumberOrOddball);
-                  GotoIf(IsBooleanMap(rhs_map), &if_notequal);
-                  Goto(&if_not_equivalent_types);
-                }
-
-                BIND(&if_lhsisnotboolean);
-                {
-                  Label if_rhsisheapnumber(this), if_rhsisnotheapnumber(this);
-
                   static_assert(LAST_PRIMITIVE_HEAP_OBJECT_TYPE ==
                                 ODDBALL_TYPE);
                   GotoIf(Int32LessThan(rhs_instance_type,
                                        Int32Constant(ODDBALL_TYPE)),
                          &if_not_equivalent_types);
 
-                  Branch(IsHeapNumberMap(rhs_map), &if_rhsisheapnumber,
-                         &if_rhsisnotheapnumber);
-
-                  BIND(&if_rhsisheapnumber);
-                  {
-                    OverwriteFeedback(
-                        var_type_feedback,
-                        CompareOperationFeedback::kNumberOrOddball);
-                    Goto(&if_not_equivalent_types);
-                  }
-
-                  BIND(&if_rhsisnotheapnumber);
-                  {
-                    OverwriteFeedback(
-                        var_type_feedback,
-                        CompareOperationFeedback::kReceiverOrNullOrUndefined);
-                    Goto(&if_notequal);
-                  }
-                }
+                  // TODO(marja): This is wrong, since null == true will be
+                  // detected as ReceiverOrNullOrUndefined, but true is not
+                  // receiver or null or undefined.
+                  OverwriteFeedback(
+                      var_type_feedback,
+                      CompareOperationFeedback::kReceiverOrNullOrUndefined);
+                  Goto(&if_notequal);
               }
 
               BIND(&if_lhsissymbol);
@@ -15149,30 +15368,16 @@ TNode<Boolean> CodeStubAssembler::StrictEqual(
         TNode<Map> rhs_map = LoadMap(CAST(rhs));
 
         // The {rhs} could be a HeapNumber with the same value as {lhs}.
-        Label if_rhsisnumber(this), if_rhsisnotnumber(this);
-        Branch(IsHeapNumberMap(rhs_map), &if_rhsisnumber, &if_rhsisnotnumber);
-
-        BIND(&if_rhsisnumber);
-        {
-          // Convert {lhs} and {rhs} to floating point values.
-          TNode<Float64T> lhs_value = SmiToFloat64(CAST(lhs));
-          TNode<Float64T> rhs_value = LoadHeapNumberValue(CAST(rhs));
+        GotoIfNot(IsHeapNumberMap(rhs_map), &if_not_equivalent_types);
 
-          CombineFeedback(var_type_feedback, CompareOperationFeedback::kNumber);
+        // Convert {lhs} and {rhs} to floating point values.
+        TNode<Float64T> lhs_value = SmiToFloat64(CAST(lhs));
+        TNode<Float64T> rhs_value = LoadHeapNumberValue(CAST(rhs));
 
-          // Perform a floating point comparison of {lhs} and {rhs}.
-          Branch(Float64Equal(lhs_value, rhs_value), &if_equal, &if_notequal);
-        }
+        CombineFeedback(var_type_feedback, CompareOperationFeedback::kNumber);
 
-        BIND(&if_rhsisnotnumber);
-        {
-          TNode<Uint16T> rhs_instance_type = LoadMapInstanceType(rhs_map);
-          GotoIfNot(IsOddballInstanceType(rhs_instance_type),
-                    &if_not_equivalent_types);
-          OverwriteFeedback(var_type_feedback,
-                            CompareOperationFeedback::kNumberOrOddball);
-          Goto(&if_notequal);
-        }
+        // Perform a floating point comparison of {lhs} and {rhs}.
+        Branch(Float64Equal(lhs_value, rhs_value), &if_equal, &if_notequal);
       }
     }
   }
@@ -16703,8 +16908,9 @@ TNode<BoolT> CodeStubAssembler::IsContextPromiseHookEnabled(
 }
 #endif
 
-TNode<BoolT> CodeStubAssembler::
-    IsIsolatePromiseHookEnabledOrHasAsyncEventDelegate(TNode<Uint32T> flags) {
+TNode<BoolT>
+CodeStubAssembler::IsIsolatePromiseHookEnabledOrHasAsyncEventDelegate(
+    TNode<Uint32T> flags) {
   uint32_t mask = Isolate::PromiseHookFields::HasIsolatePromiseHook::kMask |
                   Isolate::PromiseHookFields::HasAsyncEventDelegate::kMask;
   return IsSetWord32(flags, mask);
@@ -16734,134 +16940,187 @@ TNode<Code> CodeStubAssembler::LoadBuiltin(TNode<Smi> builtin_id) {
   return CAST(BitcastWordToTagged(Load<RawPtrT>(table, offset)));
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+TNode<JSDispatchHandleT> CodeStubAssembler::LoadBuiltinDispatchHandle(
+    Builtin builtin) {
+  return LoadBuiltinDispatchHandle(
+      SmiConstant(JSBuiltinDispatchHandleRoot::to_idx(builtin)));
+}
+
+TNode<JSDispatchHandleT> CodeStubAssembler::LoadBuiltinDispatchHandle(
+    RootIndex root_idx) {
+  return LoadBuiltinDispatchHandle(
+      SmiConstant(JSBuiltinDispatchHandleRoot::to_idx(root_idx)));
+}
+
+TNode<JSDispatchHandleT> CodeStubAssembler::LoadBuiltinDispatchHandle(
+    TNode<Smi> builtin_id) {
+  CSA_DCHECK(this, SmiBelow(builtin_id, SmiConstant(Builtins::kBuiltinCount)));
+
+  TNode<IntPtrT> offset =
+      ElementOffsetFromIndex(SmiToBInt(builtin_id), PACKED_SMI_ELEMENTS);
+
+  TNode<ExternalReference> table =
+      IsolateField(IsolateFieldId::kBuiltinDispatchTable);
+
+  return Load<JSDispatchHandleT>(table, offset);
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 TNode<Code> CodeStubAssembler::GetSharedFunctionInfoCode(
     TNode<SharedFunctionInfo> shared_info, TVariable<Uint16T>* data_type_out,
     Label* if_compile_lazy) {
-  TNode<Object> sfi_data = LoadSharedFunctionInfoData(shared_info);
-
-  TVARIABLE(Code, sfi_code);
 
   Label done(this);
-  Label check_instance_type(this);
+  Label use_untrusted_data(this);
+  Label unknown_data(this);
+  TVARIABLE(Code, sfi_code);
 
-  // IsSmi: Is builtin
-  GotoIf(TaggedIsNotSmi(sfi_data), &check_instance_type);
-  if (data_type_out) {
-    *data_type_out = Uint16Constant(0);
-  }
-  if (if_compile_lazy) {
-    GotoIf(SmiEqual(CAST(sfi_data), SmiConstant(Builtin::kCompileLazy)),
-           if_compile_lazy);
-  }
-  sfi_code = LoadBuiltin(CAST(sfi_data));
-  Goto(&done);
+  TNode<Object> sfi_data = LoadSharedFunctionInfoTrustedData(shared_info);
+  GotoIf(TaggedEqual(sfi_data, SmiConstant(0)), &use_untrusted_data);
+  {
+    TNode<Uint16T> data_type = LoadInstanceType(CAST(sfi_data));
+    if (data_type_out) {
+      *data_type_out = data_type;
+    }
 
-  // Switch on data's instance type.
-  BIND(&check_instance_type);
-  TNode<Uint16T> data_type = LoadInstanceType(CAST(sfi_data));
-  if (data_type_out) {
-    *data_type_out = data_type;
-  }
-
-  int32_t case_values[] = {
-    BYTECODE_ARRAY_TYPE,
-    CODE_TYPE,
-    UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE,
-    UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE,
-    UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_WITH_JOB_TYPE,
-    UNCOMPILED_DATA_WITH_PREPARSE_DATA_AND_JOB_TYPE,
-    FUNCTION_TEMPLATE_INFO_TYPE,
+    int32_t case_values[] = {
+        BYTECODE_ARRAY_TYPE,
+        CODE_TYPE,
+        INTERPRETER_DATA_TYPE,
+        UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE,
+        UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE,
+        UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_WITH_JOB_TYPE,
+        UNCOMPILED_DATA_WITH_PREPARSE_DATA_AND_JOB_TYPE,
 #if V8_ENABLE_WEBASSEMBLY
-    WASM_CAPI_FUNCTION_DATA_TYPE,
-    WASM_EXPORTED_FUNCTION_DATA_TYPE,
-    WASM_JS_FUNCTION_DATA_TYPE,
-    ASM_WASM_DATA_TYPE,
-    WASM_RESUME_DATA_TYPE,
+        WASM_CAPI_FUNCTION_DATA_TYPE,
+        WASM_EXPORTED_FUNCTION_DATA_TYPE,
+        WASM_JS_FUNCTION_DATA_TYPE,
 #endif  // V8_ENABLE_WEBASSEMBLY
-  };
-  Label check_is_bytecode_array(this);
-  Label check_is_baseline_data(this);
-  Label check_is_asm_wasm_data(this);
-  Label check_is_uncompiled_data(this);
-  Label check_is_function_template_info(this);
-  Label check_is_interpreter_data(this);
-  Label check_is_wasm_function_data(this);
-  Label check_is_wasm_resume(this);
-  Label* case_labels[] = {
-    &check_is_bytecode_array,
-    &check_is_baseline_data,
-    &check_is_uncompiled_data,
-    &check_is_uncompiled_data,
-    &check_is_uncompiled_data,
-    &check_is_uncompiled_data,
-    &check_is_function_template_info,
+    };
+    Label check_is_bytecode_array(this);
+    Label check_is_baseline_data(this);
+    Label check_is_interpreter_data(this);
+    Label check_is_uncompiled_data(this);
+    Label check_is_wasm_function_data(this);
+    Label* case_labels[] = {
+        &check_is_bytecode_array,     &check_is_baseline_data,
+        &check_is_interpreter_data,   &check_is_uncompiled_data,
+        &check_is_uncompiled_data,    &check_is_uncompiled_data,
+        &check_is_uncompiled_data,
 #if V8_ENABLE_WEBASSEMBLY
-    &check_is_wasm_function_data,
-    &check_is_wasm_function_data,
-    &check_is_wasm_function_data,
-    &check_is_asm_wasm_data,
-    &check_is_wasm_resume,
+        &check_is_wasm_function_data, &check_is_wasm_function_data,
+        &check_is_wasm_function_data,
 #endif  // V8_ENABLE_WEBASSEMBLY
-  };
-  static_assert(arraysize(case_values) == arraysize(case_labels));
-  Switch(data_type, &check_is_interpreter_data, case_values, case_labels,
-         arraysize(case_labels));
-
-  // IsBytecodeArray: Interpret bytecode
-  BIND(&check_is_bytecode_array);
-  sfi_code =
-      HeapConstantNoHole(BUILTIN_CODE(isolate(), InterpreterEntryTrampoline));
-  Goto(&done);
+    };
+    static_assert(arraysize(case_values) == arraysize(case_labels));
+    Switch(data_type, &unknown_data, case_values, case_labels,
+           arraysize(case_labels));
+
+    // IsBytecodeArray: Interpret bytecode
+    BIND(&check_is_bytecode_array);
+    sfi_code =
+        HeapConstantNoHole(BUILTIN_CODE(isolate(), InterpreterEntryTrampoline));
+    Goto(&done);
 
-  // IsBaselineData: Execute baseline code
-  BIND(&check_is_baseline_data);
-  {
-    TNode<Code> baseline_code = CAST(sfi_data);
-    sfi_code = baseline_code;
+    // IsBaselineData: Execute baseline code
+    BIND(&check_is_baseline_data);
+    {
+      TNode<Code> baseline_code = CAST(sfi_data);
+      sfi_code = baseline_code;
+      Goto(&done);
+    }
+
+    // IsInterpreterData: Interpret bytecode
+    BIND(&check_is_interpreter_data);
+    {
+      TNode<Code> trampoline = CAST(LoadProtectedPointerField(
+          CAST(sfi_data), InterpreterData::kInterpreterTrampolineOffset));
+      sfi_code = trampoline;
+    }
     Goto(&done);
-  }
 
-  // IsUncompiledDataWithPreparseData | IsUncompiledDataWithoutPreparseData:
-  // Compile lazy
-  BIND(&check_is_uncompiled_data);
-  sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), CompileLazy));
-  Goto(if_compile_lazy ? if_compile_lazy : &done);
+    // IsUncompiledDataWithPreparseData | IsUncompiledDataWithoutPreparseData:
+    // Compile lazy
+    BIND(&check_is_uncompiled_data);
+    sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), CompileLazy));
+    Goto(if_compile_lazy ? if_compile_lazy : &done);
 
-  // IsFunctionTemplateInfo: API call
-  BIND(&check_is_function_template_info);
-  sfi_code =
-      HeapConstantNoHole(BUILTIN_CODE(isolate(), HandleApiCallOrConstruct));
-  Goto(&done);
+#if V8_ENABLE_WEBASSEMBLY
+    // IsWasmFunctionData: Use the wrapper code
+    BIND(&check_is_wasm_function_data);
+    sfi_code = CAST(LoadObjectField(
+        CAST(sfi_data), WasmExportedFunctionData::kWrapperCodeOffset));
+    Goto(&done);
+#endif  // V8_ENABLE_WEBASSEMBLY
+  }
 
-  // IsInterpreterData: Interpret bytecode
-  BIND(&check_is_interpreter_data);
-  // This is the default branch, so assert that we have the expected data type.
-  CSA_DCHECK(this,
-             Word32Equal(data_type, Int32Constant(INTERPRETER_DATA_TYPE)));
+  BIND(&use_untrusted_data);
   {
-    TNode<Code> trampoline = CAST(LoadProtectedPointerField(
-        CAST(sfi_data), InterpreterData::kInterpreterTrampolineOffset));
-    sfi_code = trampoline;
-  }
-  Goto(&done);
+    sfi_data = LoadSharedFunctionInfoUntrustedData(shared_info);
+    Label check_instance_type(this);
+
+    // IsSmi: Is builtin
+    GotoIf(TaggedIsNotSmi(sfi_data), &check_instance_type);
+    if (data_type_out) {
+      *data_type_out = Uint16Constant(0);
+    }
+    if (if_compile_lazy) {
+      GotoIf(SmiEqual(CAST(sfi_data), SmiConstant(Builtin::kCompileLazy)),
+             if_compile_lazy);
+    }
+    sfi_code = LoadBuiltin(CAST(sfi_data));
+    Goto(&done);
+
+    // Switch on data's instance type.
+    BIND(&check_instance_type);
+    TNode<Uint16T> data_type = LoadInstanceType(CAST(sfi_data));
+    if (data_type_out) {
+      *data_type_out = data_type;
+    }
 
+    int32_t case_values[] = {
+        FUNCTION_TEMPLATE_INFO_TYPE,
 #if V8_ENABLE_WEBASSEMBLY
-  // IsWasmFunctionData: Use the wrapper code
-  BIND(&check_is_wasm_function_data);
-  sfi_code = CAST(LoadObjectField(
-      CAST(sfi_data), WasmExportedFunctionData::kWrapperCodeOffset));
-  Goto(&done);
+        ASM_WASM_DATA_TYPE,
+        WASM_RESUME_DATA_TYPE,
+#endif  // V8_ENABLE_WEBASSEMBLY
+    };
+    Label check_is_function_template_info(this);
+    Label check_is_asm_wasm_data(this);
+    Label check_is_wasm_resume(this);
+    Label* case_labels[] = {
+        &check_is_function_template_info,
+#if V8_ENABLE_WEBASSEMBLY
+        &check_is_asm_wasm_data,
+        &check_is_wasm_resume,
+#endif  // V8_ENABLE_WEBASSEMBLY
+    };
+    static_assert(arraysize(case_values) == arraysize(case_labels));
+    Switch(data_type, &unknown_data, case_values, case_labels,
+           arraysize(case_labels));
+
+    // IsFunctionTemplateInfo: API call
+    BIND(&check_is_function_template_info);
+    sfi_code =
+        HeapConstantNoHole(BUILTIN_CODE(isolate(), HandleApiCallOrConstruct));
+    Goto(&done);
 
-  // IsAsmWasmData: Instantiate using AsmWasmData
-  BIND(&check_is_asm_wasm_data);
-  sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), InstantiateAsmJs));
-  Goto(&done);
+#if V8_ENABLE_WEBASSEMBLY
+    // IsAsmWasmData: Instantiate using AsmWasmData
+    BIND(&check_is_asm_wasm_data);
+    sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), InstantiateAsmJs));
+    Goto(&done);
 
-  // IsWasmResumeData: Resume the suspended wasm continuation.
-  BIND(&check_is_wasm_resume);
-  sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), WasmResume));
-  Goto(&done);
+    // IsWasmResumeData: Resume the suspended wasm continuation.
+    BIND(&check_is_wasm_resume);
+    sfi_code = HeapConstantNoHole(BUILTIN_CODE(isolate(), WasmResume));
+    Goto(&done);
 #endif  // V8_ENABLE_WEBASSEMBLY
+  }
+
+  BIND(&unknown_data);
+  Unreachable();
 
   BIND(&done);
   return sfi_code.value();
@@ -16885,18 +17144,19 @@ TNode<BoolT> CodeStubAssembler::IsMarkedForDeoptimization(TNode<Code> code) {
       LoadObjectField<Int32T>(code, Code::kFlagsOffset));
 }
 
-TNode<JSFunction> CodeStubAssembler::AllocateFunctionWithMapAndContext(
-    TNode<Map> map, TNode<SharedFunctionInfo> shared_info,
+TNode<JSFunction> CodeStubAssembler::AllocateFunctionWithContext(
+    TNode<SharedFunctionInfo> shared_info,
+#ifdef V8_ENABLE_LEAPTIERING
+    TNode<JSDispatchHandleT> dispatch_handle,
+#endif
     TNode<Context> context) {
   const TNode<Code> code = GetSharedFunctionInfoCode(shared_info);
-
-  // TODO(ishell): All the callers of this function pass map loaded from
-  // Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX. So we can remove
-  // map parameter.
-  CSA_DCHECK(this, Word32BinaryNot(IsConstructorMap(map)));
-  CSA_DCHECK(this, Word32BinaryNot(IsFunctionWithPrototypeSlotMap(map)));
+  const TNode<Map> map = CAST(
+      LoadContextElement(LoadNativeContext(context),
+                         Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX));
   const TNode<HeapObject> fun = Allocate(JSFunction::kSizeWithoutPrototype);
-  static_assert(JSFunction::kSizeWithoutPrototype == 7 * kTaggedSize);
+  static_assert(JSFunction::kSizeWithoutPrototype ==
+                (7 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   StoreMapNoWriteBarrier(fun, map);
   StoreObjectFieldRoot(fun, JSObject::kPropertiesOrHashOffset,
                        RootIndex::kEmptyFixedArray);
@@ -16908,6 +17168,12 @@ TNode<JSFunction> CodeStubAssembler::AllocateFunctionWithMapAndContext(
                                  shared_info);
   StoreObjectFieldNoWriteBarrier(fun, JSFunction::kContextOffset, context);
   StoreCodePointerFieldNoWriteBarrier(fun, JSFunction::kCodeOffset, code);
+#ifdef V8_ENABLE_LEAPTIERING
+  CSA_DCHECK(this, TaggedEqual(code, ResolveJSDispatchHandle(dispatch_handle)));
+  StoreObjectFieldNoWriteBarrier(fun, JSFunction::kDispatchHandleOffset,
+                                 dispatch_handle);
+#endif  // V8_ENABLE_LEAPTIERING
+
   return CAST(fun);
 }
 
@@ -16983,11 +17249,11 @@ TNode<Map> CodeStubAssembler::CheckEnumCache(TNode<JSReceiver> receiver,
     if (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
       length = Select<Smi>(
           IsPropertyDictionary(properties),
-          [=] {
+          [=, this] {
             return GetNumberOfElements(
                 UncheckedCast<PropertyDictionary>(properties));
           },
-          [=] {
+          [=, this] {
             return GetNumberOfElements(
                 UncheckedCast<GlobalDictionary>(properties));
           });
@@ -17200,10 +17466,11 @@ TNode<JSArray> CodeStubAssembler::ArrayCreate(TNode<Context> context,
 
   Label done(this), next(this), runtime(this, Label::kDeferred);
   TNode<Smi> limit = SmiConstant(JSArray::kInitialMaxFastElementArray);
-  CSA_DCHECK_BRANCH(this, [=](Label* ok, Label* not_ok) {
-    BranchIfNumberRelationalComparison(Operation::kGreaterThanOrEqual, length,
-                                       SmiConstant(0), ok, not_ok);
-  });
+  CSA_DCHECK_BRANCH(this, ([=, this](Label* ok, Label* not_ok) {
+                      BranchIfNumberRelationalComparison(
+                          Operation::kGreaterThanOrEqual, length,
+                          SmiConstant(0), ok, not_ok);
+                    }));
   // This check also transitively covers the case where length is too big
   // to be representable by a SMI and so is not usable with
   // AllocateJSArray.
@@ -17747,7 +18014,7 @@ CodeStubAssembler::AllocateSwissNameDictionaryWithCapacity(
   TNode<Int32T> empty32 = Int32Constant(kEmpty32);
   BuildFastLoop<IntPtrT>(
       ctrl_table_start_ptr, ctrl_table_end_ptr,
-      [=](TNode<IntPtrT> current) {
+      [=, this](TNode<IntPtrT> current) {
         UnsafeStoreNoWriteBarrier(MachineRepresentation::kWord32, current,
                                   empty32);
       },
@@ -17841,7 +18108,7 @@ TNode<SwissNameDictionary> CodeStubAssembler::CopySwissNameDictionary(
 
     BuildFastLoop<IntPtrT>(
         start_offset, IntPtrAdd(start_offset, data_table_size),
-        [=](TNode<IntPtrT> offset) {
+        [=, this](TNode<IntPtrT> offset) {
           TNode<Object> table_field = LoadObjectField(original, offset);
           StoreObjectField(table, offset, table_field);
         },
@@ -18233,7 +18500,7 @@ TNode<ArrayList> CodeStubAssembler::AllocateArrayList(TNode<Smi> capacity) {
         IntPtrConstant(ArrayList::OffsetOfElementAt(0));
     BuildFastLoop<IntPtrT>(
         IntPtrConstant(0), SmiUntag(capacity),
-        [=](TNode<IntPtrT> index) {
+        [=, this](TNode<IntPtrT> index) {
           TNode<IntPtrT> offset =
               IntPtrAdd(TimesTaggedSize(index), offset_of_first_element);
           StoreObjectFieldNoWriteBarrier(array, offset, UndefinedConstant());
@@ -18275,11 +18542,12 @@ TNode<ArrayList> CodeStubAssembler::ArrayListEnsureSpace(TNode<ArrayList> array,
       &overflow);
   TNode<ArrayList> new_array = AllocateArrayList(new_capacity);
   TNode<Smi> array_length = ArrayListGetLength(array);
+  result_array = new_array;
+  GotoIf(SmiEqual(array_length, SmiConstant(0)), &done);
   StoreObjectFieldNoWriteBarrier(new_array, ArrayList::Shape::kLengthOffset,
                                  array_length);
   CopyRange(new_array, ArrayList::OffsetOfElementAt(0), array,
             ArrayList::OffsetOfElementAt(0), SmiUntag(array_length));
-  result_array = new_array;
   Goto(&done);
 
   BIND(&overflow);
diff --git a/deps/v8/src/codegen/code-stub-assembler.h b/deps/v8/src/codegen/code-stub-assembler.h
index cf7b52c8aed277..8055f450365703 100644
--- a/deps/v8/src/codegen/code-stub-assembler.h
+++ b/deps/v8/src/codegen/code-stub-assembler.h
@@ -6,6 +6,7 @@
 #define V8_CODEGEN_CODE_STUB_ASSEMBLER_H_
 
 #include <functional>
+#include <optional>
 
 #include "src/base/macros.h"
 #include "src/codegen/bailout-reason.h"
@@ -875,6 +876,9 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<BoolT> IsInRange(TNode<Word32T> value, U lower_limit, U higher_limit) {
     DCHECK_LE(lower_limit, higher_limit);
     static_assert(sizeof(U) <= kInt32Size);
+    if (lower_limit == 0) {
+      return Uint32LessThanOrEqual(value, Int32Constant(higher_limit));
+    }
     return Uint32LessThanOrEqual(Int32Sub(value, Int32Constant(lower_limit)),
                                  Int32Constant(higher_limit - lower_limit));
   }
@@ -889,6 +893,9 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<BoolT> IsInRange(TNode<WordT> value, intptr_t lower_limit,
                          intptr_t higher_limit) {
     DCHECK_LE(lower_limit, higher_limit);
+    if (lower_limit == 0) {
+      return UintPtrLessThanOrEqual(value, IntPtrConstant(higher_limit));
+    }
     return UintPtrLessThanOrEqual(IntPtrSub(value, IntPtrConstant(lower_limit)),
                                   IntPtrConstant(higher_limit - lower_limit));
   }
@@ -1072,6 +1079,11 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<RawPtrT> LoadCodeEntrypointViaCodePointerField(TNode<HeapObject> object,
                                                        TNode<IntPtrT> offset,
                                                        CodeEntrypointTag tag);
+  TNode<RawPtrT> LoadCodeEntryFromIndirectPointerHandle(
+      TNode<IndirectPointerHandleT> handle, CodeEntrypointTag tag);
+
+  TNode<UintPtrT> ComputeJSDispatchTableEntryOffset(
+      TNode<JSDispatchHandleT> handle);
 #endif
 
   TNode<Object> LoadProtectedPointerField(TNode<TrustedObject> object,
@@ -1124,23 +1136,23 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
 
 #if V8_ENABLE_WEBASSEMBLY
   // Returns WasmTrustedInstanceData|Smi.
-  TNode<Object> LoadInstanceDataFromWasmApiFunctionRef(
-      TNode<WasmApiFunctionRef> ref) {
+  TNode<Object> LoadInstanceDataFromWasmImportData(TNode<WasmImportData> ref) {
     return LoadProtectedPointerField(
-        ref, WasmApiFunctionRef::kProtectedInstanceDataOffset);
+        ref, WasmImportData::kProtectedInstanceDataOffset);
   }
 
-  // Returns WasmApiFunctionRef or WasmTrustedInstanceData.
-  TNode<TrustedObject> LoadRefFromWasmInternalFunction(
+  // Returns WasmImportData or WasmTrustedInstanceData.
+  TNode<TrustedObject> LoadImplicitArgFromWasmInternalFunction(
       TNode<WasmInternalFunction> object) {
     TNode<Object> obj = LoadProtectedPointerField(
-        object, WasmInternalFunction::kProtectedRefOffset);
+        object, WasmInternalFunction::kProtectedImplicitArgOffset);
     CSA_DCHECK(this, TaggedIsNotSmi(obj));
-    TNode<HeapObject> ref = CAST(obj);
-    CSA_DCHECK(this,
-               Word32Or(HasInstanceType(ref, WASM_TRUSTED_INSTANCE_DATA_TYPE),
-                        HasInstanceType(ref, WASM_API_FUNCTION_REF_TYPE)));
-    return CAST(ref);
+    TNode<HeapObject> implicit_arg = CAST(obj);
+    CSA_DCHECK(
+        this,
+        Word32Or(HasInstanceType(implicit_arg, WASM_TRUSTED_INSTANCE_DATA_TYPE),
+                 HasInstanceType(implicit_arg, WASM_IMPORT_DATA_TYPE)));
+    return CAST(implicit_arg);
   }
 
   TNode<RawPtrT> LoadWasmTypeInfoNativeTypePtr(TNode<WasmTypeInfo> object) {
@@ -1723,10 +1735,10 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // Load the "code" property of a JSFunction.
   TNode<Code> LoadJSFunctionCode(TNode<JSFunction> function);
 
-  // Load the data object associated with a SFI.
-  // If the (expected) data type is known, prefer using one of the specialized
-  // accessors (e.g. LoadSharedFunctionInfoBuiltinId).
-  TNode<Object> LoadSharedFunctionInfoData(TNode<SharedFunctionInfo> sfi);
+  TNode<Object> LoadSharedFunctionInfoTrustedData(
+      TNode<SharedFunctionInfo> sfi);
+  TNode<Object> LoadSharedFunctionInfoUntrustedData(
+      TNode<SharedFunctionInfo> sfi);
 
   TNode<BoolT> SharedFunctionInfoHasBaselineCode(TNode<SharedFunctionInfo> sfi);
 
@@ -1735,6 +1747,15 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<BytecodeArray> LoadSharedFunctionInfoBytecodeArray(
       TNode<SharedFunctionInfo> sfi);
 
+#ifdef V8_ENABLE_WEBASSEMBLY
+  TNode<WasmFunctionData> LoadSharedFunctionInfoWasmFunctionData(
+      TNode<SharedFunctionInfo> sfi);
+  TNode<WasmExportedFunctionData>
+  LoadSharedFunctionInfoWasmExportedFunctionData(TNode<SharedFunctionInfo> sfi);
+  TNode<WasmJSFunctionData> LoadSharedFunctionInfoWasmJSFunctionData(
+      TNode<SharedFunctionInfo> sfi);
+#endif  // V8_ENABLE_WEBASSEMBLY
+
   TNode<Int32T> LoadBytecodeArrayParameterCount(
       TNode<BytecodeArray> bytecode_array);
   TNode<Int32T> LoadBytecodeArrayParameterCountWithoutReceiver(
@@ -1777,6 +1798,8 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
       TNode<HeapObject> object, int offset, IndirectPointerTag tag,
       TNode<ExposedTrustedObject> value);
 
+  void ClearTrustedPointerField(TNode<HeapObject> object, int offset);
+
   // Store a code pointer field.
   // These are special versions of trusted pointers that, when the sandbox is
   // enabled, reference code objects through the code pointer table.
@@ -2093,15 +2116,15 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
 
   TNode<JSObject> AllocateJSObjectFromMap(
       TNode<Map> map,
-      base::Optional<TNode<HeapObject>> properties = base::nullopt,
-      base::Optional<TNode<FixedArray>> elements = base::nullopt,
+      std::optional<TNode<HeapObject>> properties = std::nullopt,
+      std::optional<TNode<FixedArray>> elements = std::nullopt,
       AllocationFlags flags = AllocationFlag::kNone,
       SlackTrackingMode slack_tracking_mode = kNoSlackTracking);
 
   void InitializeJSObjectFromMap(
       TNode<HeapObject> object, TNode<Map> map, TNode<IntPtrT> instance_size,
-      base::Optional<TNode<HeapObject>> properties = base::nullopt,
-      base::Optional<TNode<FixedArray>> elements = base::nullopt,
+      std::optional<TNode<HeapObject>> properties = std::nullopt,
+      std::optional<TNode<FixedArray>> elements = std::nullopt,
       SlackTrackingMode slack_tracking_mode = kNoSlackTracking);
 
   void InitializeJSObjectBodyWithSlackTracking(TNode<HeapObject> object,
@@ -2119,7 +2142,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   std::pair<TNode<JSArray>, TNode<FixedArrayBase>>
   AllocateUninitializedJSArrayWithElements(
       ElementsKind kind, TNode<Map> array_map, TNode<Smi> length,
-      base::Optional<TNode<AllocationSite>> allocation_site,
+      std::optional<TNode<AllocationSite>> allocation_site,
       TNode<IntPtrT> capacity,
       AllocationFlags allocation_flags = AllocationFlag::kNone,
       int array_header_size = JSArray::kHeaderSize);
@@ -2127,11 +2150,11 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // Allocate a JSArray and fill elements with the hole.
   TNode<JSArray> AllocateJSArray(
       ElementsKind kind, TNode<Map> array_map, TNode<IntPtrT> capacity,
-      TNode<Smi> length, base::Optional<TNode<AllocationSite>> allocation_site,
+      TNode<Smi> length, std::optional<TNode<AllocationSite>> allocation_site,
       AllocationFlags allocation_flags = AllocationFlag::kNone);
   TNode<JSArray> AllocateJSArray(
       ElementsKind kind, TNode<Map> array_map, TNode<Smi> capacity,
-      TNode<Smi> length, base::Optional<TNode<AllocationSite>> allocation_site,
+      TNode<Smi> length, std::optional<TNode<AllocationSite>> allocation_site,
       AllocationFlags allocation_flags = AllocationFlag::kNone) {
     return AllocateJSArray(kind, array_map, PositiveSmiUntag(capacity), length,
                            allocation_site, allocation_flags);
@@ -2141,20 +2164,20 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
       TNode<Smi> length,
       AllocationFlags allocation_flags = AllocationFlag::kNone) {
     return AllocateJSArray(kind, array_map, PositiveSmiUntag(capacity), length,
-                           base::nullopt, allocation_flags);
+                           std::nullopt, allocation_flags);
   }
   TNode<JSArray> AllocateJSArray(
       ElementsKind kind, TNode<Map> array_map, TNode<IntPtrT> capacity,
       TNode<Smi> length,
       AllocationFlags allocation_flags = AllocationFlag::kNone) {
-    return AllocateJSArray(kind, array_map, capacity, length, base::nullopt,
+    return AllocateJSArray(kind, array_map, capacity, length, std::nullopt,
                            allocation_flags);
   }
 
   // Allocate a JSArray and initialize the header fields.
   TNode<JSArray> AllocateJSArray(
       TNode<Map> array_map, TNode<FixedArrayBase> elements, TNode<Smi> length,
-      base::Optional<TNode<AllocationSite>> allocation_site = base::nullopt,
+      std::optional<TNode<AllocationSite>> allocation_site = std::nullopt,
       int array_header_size = JSArray::kHeaderSize);
 
   enum class HoleConversionMode { kDontConvert, kConvertToUndefined };
@@ -2170,7 +2193,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // function generates significantly less code in this case.
   TNode<JSArray> CloneFastJSArray(
       TNode<Context> context, TNode<JSArray> array,
-      base::Optional<TNode<AllocationSite>> allocation_site = base::nullopt,
+      std::optional<TNode<AllocationSite>> allocation_site = std::nullopt,
       HoleConversionMode convert_holes = HoleConversionMode::kDontConvert);
 
   TNode<JSArray> ExtractFastJSArray(TNode<Context> context,
@@ -2181,7 +2204,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<FixedArrayBase> AllocateFixedArray(
       ElementsKind kind, TNode<TIndex> capacity,
       AllocationFlags flags = AllocationFlag::kNone,
-      base::Optional<TNode<Map>> fixed_array_map = base::nullopt);
+      std::optional<TNode<Map>> fixed_array_map = std::nullopt);
 
   template <typename Function>
   TNode<Object> FastCloneJSObject(TNode<HeapObject> source,
@@ -2466,13 +2489,13 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // can skip write barriers.
   template <typename TIndex>
   TNode<FixedArrayBase> ExtractFixedArray(
-      TNode<FixedArrayBase> source, base::Optional<TNode<TIndex>> first,
-      base::Optional<TNode<TIndex>> count = base::nullopt,
-      base::Optional<TNode<TIndex>> capacity = base::nullopt,
+      TNode<FixedArrayBase> source, std::optional<TNode<TIndex>> first,
+      std::optional<TNode<TIndex>> count = std::nullopt,
+      std::optional<TNode<TIndex>> capacity = std::nullopt,
       ExtractFixedArrayFlags extract_flags =
           ExtractFixedArrayFlag::kAllFixedArrays,
       TVariable<BoolT>* var_holes_converted = nullptr,
-      base::Optional<TNode<Int32T>> source_elements_kind = base::nullopt);
+      std::optional<TNode<Int32T>> source_elements_kind = std::nullopt);
 
   // Copy a portion of an existing FixedArray or FixedDoubleArray into a new
   // FixedArray, including special appropriate handling for COW arrays.
@@ -2506,7 +2529,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
       AllocationFlags allocation_flags, ExtractFixedArrayFlags extract_flags,
       HoleConversionMode convert_holes,
       TVariable<BoolT>* var_holes_converted = nullptr,
-      base::Optional<TNode<Int32T>> source_runtime_kind = base::nullopt);
+      std::optional<TNode<Int32T>> source_runtime_kind = std::nullopt);
 
   // Attempt to copy a FixedDoubleArray to another FixedDoubleArray. In the case
   // where the source array has a hole, produce a FixedArray instead where holes
@@ -2723,15 +2746,15 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
                           const char* method_name);
 
   void ThrowRangeError(TNode<Context> context, MessageTemplate message,
-                       base::Optional<TNode<Object>> arg0 = base::nullopt,
-                       base::Optional<TNode<Object>> arg1 = base::nullopt,
-                       base::Optional<TNode<Object>> arg2 = base::nullopt);
+                       std::optional<TNode<Object>> arg0 = std::nullopt,
+                       std::optional<TNode<Object>> arg1 = std::nullopt,
+                       std::optional<TNode<Object>> arg2 = std::nullopt);
   void ThrowTypeError(TNode<Context> context, MessageTemplate message,
                       char const* arg0 = nullptr, char const* arg1 = nullptr);
   void ThrowTypeError(TNode<Context> context, MessageTemplate message,
-                      base::Optional<TNode<Object>> arg0,
-                      base::Optional<TNode<Object>> arg1 = base::nullopt,
-                      base::Optional<TNode<Object>> arg2 = base::nullopt);
+                      std::optional<TNode<Object>> arg0,
+                      std::optional<TNode<Object>> arg1 = std::nullopt,
+                      std::optional<TNode<Object>> arg2 = std::nullopt);
 
   void TerminateExecution(TNode<Context> context);
 
@@ -2878,6 +2901,11 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   TNode<Word32T> IsStringWrapper(TNode<HeapObject> object);
   TNode<BoolT> IsSeqOneByteString(TNode<HeapObject> object);
 
+  TNode<BoolT> IsSequentialStringMap(TNode<Map> map);
+  TNode<BoolT> IsExternalStringMap(TNode<Map> map);
+  TNode<BoolT> IsUncachedExternalStringMap(TNode<Map> map);
+  TNode<BoolT> IsOneByteStringMap(TNode<Map> map);
+
   TNode<BoolT> IsSymbolInstanceType(TNode<Int32T> instance_type);
   TNode<BoolT> IsInternalizedStringInstanceType(TNode<Int32T> instance_type);
   TNode<BoolT> IsSharedStringInstanceType(TNode<Int32T> instance_type);
@@ -3476,7 +3504,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   void AddToDictionary(
       TNode<Dictionary> dictionary, TNode<Name> key, TNode<Object> value,
       Label* bailout,
-      base::Optional<TNode<IntPtrT>> insertion_index = base::nullopt);
+      std::optional<TNode<IntPtrT>> insertion_index = std::nullopt);
 
   // Tries to check if {object} has own {unique_name} property.
   void TryHasOwnProperty(TNode<HeapObject> object, TNode<Map> map,
@@ -3832,44 +3860,38 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   using FastLoopBody = std::function<void(TNode<TIndex> index)>;
 
   template <typename TIndex>
-  TNode<TIndex> BuildFastLoop(
-      const VariableList& vars, TVariable<TIndex>& var_index,
-      TNode<TIndex> start_index, TNode<TIndex> end_index,
-      const FastLoopBody<TIndex>& body, int increment,
-      LoopUnrollingMode unrolling_mode,
-      IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre);
+  void BuildFastLoop(const VariableList& vars, TVariable<TIndex>& var_index,
+                     TNode<TIndex> start_index, TNode<TIndex> end_index,
+                     const FastLoopBody<TIndex>& body, int increment,
+                     LoopUnrollingMode unrolling_mode,
+                     IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre);
 
   template <typename TIndex>
-  TNode<TIndex> BuildFastLoop(
-      TVariable<TIndex>& var_index, TNode<TIndex> start_index,
-      TNode<TIndex> end_index, const FastLoopBody<TIndex>& body, int increment,
-      LoopUnrollingMode unrolling_mode,
-      IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) {
-    return BuildFastLoop(VariableList(0, zone()), var_index, start_index,
-                         end_index, body, increment, unrolling_mode,
-                         advance_mode);
+  void BuildFastLoop(TVariable<TIndex>& var_index, TNode<TIndex> start_index,
+                     TNode<TIndex> end_index, const FastLoopBody<TIndex>& body,
+                     int increment, LoopUnrollingMode unrolling_mode,
+                     IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) {
+    BuildFastLoop(VariableList(0, zone()), var_index, start_index, end_index,
+                  body, increment, unrolling_mode, advance_mode);
   }
 
   template <typename TIndex>
-  TNode<TIndex> BuildFastLoop(const VariableList& vars,
-                              TNode<TIndex> start_index,
-                              TNode<TIndex> end_index,
-                              const FastLoopBody<TIndex>& body, int increment,
-                              LoopUnrollingMode unrolling_mode,
-                              IndexAdvanceMode advance_mode) {
+  void BuildFastLoop(const VariableList& vars, TNode<TIndex> start_index,
+                     TNode<TIndex> end_index, const FastLoopBody<TIndex>& body,
+                     int increment, LoopUnrollingMode unrolling_mode,
+                     IndexAdvanceMode advance_mode) {
     TVARIABLE(TIndex, var_index);
-    return BuildFastLoop(vars, var_index, start_index, end_index, body,
-                         increment, unrolling_mode, advance_mode);
+    BuildFastLoop(vars, var_index, start_index, end_index, body, increment,
+                  unrolling_mode, advance_mode);
   }
 
   template <typename TIndex>
-  TNode<TIndex> BuildFastLoop(
-      TNode<TIndex> start_index, TNode<TIndex> end_index,
-      const FastLoopBody<TIndex>& body, int increment,
-      LoopUnrollingMode unrolling_mode,
-      IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) {
-    return BuildFastLoop(VariableList(0, zone()), start_index, end_index, body,
-                         increment, unrolling_mode, advance_mode);
+  void BuildFastLoop(TNode<TIndex> start_index, TNode<TIndex> end_index,
+                     const FastLoopBody<TIndex>& body, int increment,
+                     LoopUnrollingMode unrolling_mode,
+                     IndexAdvanceMode advance_mode = IndexAdvanceMode::kPre) {
+    BuildFastLoop(VariableList(0, zone()), start_index, end_index, body,
+                  increment, unrolling_mode, advance_mode);
   }
 
   enum class ForEachDirection { kForward, kReverse };
@@ -4147,6 +4169,16 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // Load a builtin's code from the builtin array in the isolate.
   TNode<Code> LoadBuiltin(TNode<Smi> builtin_id);
 
+#ifdef V8_ENABLE_LEAPTIERING
+  // Load a builtin's handle into the JSDispatchTable.
+  TNode<JSDispatchHandleT> LoadBuiltinDispatchHandle(Builtin builtin);
+  TNode<JSDispatchHandleT> LoadBuiltinDispatchHandle(RootIndex idx);
+  TNode<JSDispatchHandleT> LoadBuiltinDispatchHandle(TNode<Smi> builtin_id);
+
+  // Load a Code object from the JSDispatchTable.
+  TNode<Code> ResolveJSDispatchHandle(TNode<JSDispatchHandleT> dispatch_handle);
+#endif
+
   // Figure out the SFI's code object using its data field.
   // If |data_type_out| is provided, the instance type of the function data will
   // be stored in it. In case the code object is a builtin (data is a Smi),
@@ -4158,9 +4190,27 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
       TVariable<Uint16T>* data_type_out = nullptr,
       Label* if_compile_lazy = nullptr);
 
-  TNode<JSFunction> AllocateFunctionWithMapAndContext(
-      TNode<Map> map, TNode<SharedFunctionInfo> shared_info,
+  TNode<JSFunction> AllocateFunctionWithContext(
+      TNode<SharedFunctionInfo> shared_info,
+#ifdef V8_ENABLE_LEAPTIERING
+      TNode<JSDispatchHandleT> dispatch_handle,
+#endif
       TNode<Context> context);
+  TNode<JSFunction> AllocateRootFunctionWithContext(RootIndex function,
+                                                    TNode<Context> context) {
+    return AllocateFunctionWithContext(
+        UncheckedCast<SharedFunctionInfo>(LoadRoot(function)),
+#ifdef V8_ENABLE_LEAPTIERING
+        LoadBuiltinDispatchHandle(function),
+#endif
+        context);
+  }
+  // Used from Torque because Torque
+  TNode<JSFunction> AllocateRootFunctionWithContext(intptr_t function,
+                                                    TNode<Context> context) {
+    return AllocateRootFunctionWithContext(static_cast<RootIndex>(function),
+                                           context);
+  }
 
   // Promise helpers
   TNode<Uint32T> PromiseHookFlags();
@@ -4608,7 +4658,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
   // fields initialized.
   TNode<JSArray> AllocateUninitializedJSArray(
       TNode<Map> array_map, TNode<Smi> length,
-      base::Optional<TNode<AllocationSite>> allocation_site,
+      std::optional<TNode<AllocationSite>> allocation_site,
       TNode<IntPtrT> size_in_bytes);
 
   // Increases the provided capacity to the next valid value, if necessary.
@@ -4742,8 +4792,7 @@ class V8_EXPORT_PRIVATE CodeStubAssembler
 
 class V8_EXPORT_PRIVATE CodeStubArguments {
  public:
-  // |argc| specifies the number of arguments passed to the builtin excluding
-  // the receiver. The arguments include the receiver.
+  // |argc| specifies the number of arguments passed to the builtin.
   CodeStubArguments(CodeStubAssembler* assembler, TNode<IntPtrT> argc)
       : CodeStubArguments(assembler, argc, TNode<RawPtrT>()) {}
   CodeStubArguments(CodeStubAssembler* assembler, TNode<Int32T> argc)
@@ -4844,8 +4893,9 @@ class ToDirectStringAssembler : public CodeStubAssembler {
     return TryToSequential(PTR_TO_STRING, if_bailout);
   }
 
+  TNode<BoolT> IsOneByte();
+
   TNode<String> string() { return var_string_.value(); }
-  TNode<Int32T> instance_type() { return var_instance_type_.value(); }
   TNode<IntPtrT> offset() { return var_offset_.value(); }
   TNode<Word32T> is_external() { return var_is_external_.value(); }
 
@@ -4853,7 +4903,11 @@ class ToDirectStringAssembler : public CodeStubAssembler {
   TNode<RawPtrT> TryToSequential(StringPointerKind ptr_kind, Label* if_bailout);
 
   TVariable<String> var_string_;
+#if V8_STATIC_ROOTS_BOOL
+  TVariable<Map> var_map_;
+#else
   TVariable<Int32T> var_instance_type_;
+#endif
   // TODO(v8:9880): Use UintPtrT here.
   TVariable<IntPtrT> var_offset_;
   TVariable<Word32T> var_is_external_;
diff --git a/deps/v8/src/codegen/compilation-cache.cc b/deps/v8/src/codegen/compilation-cache.cc
index 7eb3166b8a783a..b7432aefae59c6 100644
--- a/deps/v8/src/codegen/compilation-cache.cc
+++ b/deps/v8/src/codegen/compilation-cache.cc
@@ -227,7 +227,7 @@ void CompilationCacheEval::Put(Handle<String> source,
                                       native_context, feedback_cell, position);
 }
 
-MaybeHandle<FixedArray> CompilationCacheRegExp::Lookup(Handle<String> source,
+MaybeHandle<RegExpData> CompilationCacheRegExp::Lookup(Handle<String> source,
                                                        JSRegExp::Flags flags) {
   HandleScope scope(isolate());
   // Make sure not to leak the table into the surrounding handle
@@ -238,10 +238,11 @@ MaybeHandle<FixedArray> CompilationCacheRegExp::Lookup(Handle<String> source,
   for (generation = 0; generation < kGenerations; generation++) {
     DirectHandle<CompilationCacheTable> table = GetTable(generation);
     result = table->LookupRegExp(source, flags);
-    if (IsFixedArray(*result)) break;
+    if (IsRegExpDataWrapper(*result)) break;
   }
-  if (IsFixedArray(*result)) {
-    Handle<FixedArray> data = Cast<FixedArray>(result);
+  if (IsRegExpDataWrapper(*result)) {
+    Handle<RegExpData> data(Cast<RegExpDataWrapper>(result)->data(isolate()),
+                            isolate());
     if (generation != 0) {
       Put(source, flags, data);
     }
@@ -249,12 +250,12 @@ MaybeHandle<FixedArray> CompilationCacheRegExp::Lookup(Handle<String> source,
     return scope.CloseAndEscape(data);
   } else {
     isolate()->counters()->compilation_cache_misses()->Increment();
-    return MaybeHandle<FixedArray>();
+    return MaybeHandle<RegExpData>();
   }
 }
 
 void CompilationCacheRegExp::Put(Handle<String> source, JSRegExp::Flags flags,
-                                 DirectHandle<FixedArray> data) {
+                                 DirectHandle<RegExpData> data) {
   HandleScope scope(isolate());
   Handle<CompilationCacheTable> table = GetTable(0);
   tables_[0] =
@@ -306,14 +307,14 @@ InfoCellPair CompilationCache::LookupEval(Handle<String> source,
   return result;
 }
 
-MaybeHandle<FixedArray> CompilationCache::LookupRegExp(Handle<String> source,
+MaybeHandle<RegExpData> CompilationCache::LookupRegExp(Handle<String> source,
                                                        JSRegExp::Flags flags) {
   return reg_exp_.Lookup(source, flags);
 }
 
-void CompilationCache::PutScript(Handle<String> source,
-                                 LanguageMode language_mode,
-                                 Handle<SharedFunctionInfo> function_info) {
+void CompilationCache::PutScript(
+    Handle<String> source, LanguageMode language_mode,
+    DirectHandle<SharedFunctionInfo> function_info) {
   if (!IsEnabledScript(language_mode)) return;
   LOG(isolate(), CompilationCacheEvent("put", "script", *function_info));
 
@@ -322,9 +323,9 @@ void CompilationCache::PutScript(Handle<String> source,
 
 void CompilationCache::PutEval(Handle<String> source,
                                Handle<SharedFunctionInfo> outer_info,
-                               Handle<Context> context,
+                               DirectHandle<Context> context,
                                DirectHandle<SharedFunctionInfo> function_info,
-                               Handle<FeedbackCell> feedback_cell,
+                               DirectHandle<FeedbackCell> feedback_cell,
                                int position) {
   if (!IsEnabledScriptAndEval()) return;
 
@@ -336,7 +337,7 @@ void CompilationCache::PutEval(Handle<String> source,
     cache_type = "eval-global";
   } else {
     DCHECK_NE(position, kNoSourcePosition);
-    Handle<Context> native_context(context->native_context(), isolate());
+    DirectHandle<Context> native_context(context->native_context(), isolate());
     eval_contextual_.Put(source, outer_info, function_info, native_context,
                          feedback_cell, position);
     cache_type = "eval-contextual";
@@ -345,7 +346,7 @@ void CompilationCache::PutEval(Handle<String> source,
 }
 
 void CompilationCache::PutRegExp(Handle<String> source, JSRegExp::Flags flags,
-                                 DirectHandle<FixedArray> data) {
+                                 DirectHandle<RegExpData> data) {
   reg_exp_.Put(source, flags, data);
 }
 
diff --git a/deps/v8/src/codegen/compilation-cache.h b/deps/v8/src/codegen/compilation-cache.h
index 7280d36379affa..c945f84cfc4948 100644
--- a/deps/v8/src/codegen/compilation-cache.h
+++ b/deps/v8/src/codegen/compilation-cache.h
@@ -102,10 +102,10 @@ class CompilationCacheRegExp {
  public:
   CompilationCacheRegExp(Isolate* isolate) : isolate_(isolate) {}
 
-  MaybeHandle<FixedArray> Lookup(Handle<String> source, JSRegExp::Flags flags);
+  MaybeHandle<RegExpData> Lookup(Handle<String> source, JSRegExp::Flags flags);
 
   void Put(Handle<String> source, JSRegExp::Flags flags,
-           DirectHandle<FixedArray> data);
+           DirectHandle<RegExpData> data);
 
   // The number of generations for the RegExp sub cache.
   static const int kGenerations = 2;
@@ -159,25 +159,25 @@ class V8_EXPORT_PRIVATE CompilationCache {
 
   // Returns the regexp data associated with the given regexp if it
   // is in cache, otherwise an empty handle.
-  MaybeHandle<FixedArray> LookupRegExp(Handle<String> source,
+  MaybeHandle<RegExpData> LookupRegExp(Handle<String> source,
                                        JSRegExp::Flags flags);
 
   // Associate the (source, kind) pair to the shared function
   // info. This may overwrite an existing mapping.
   void PutScript(Handle<String> source, LanguageMode language_mode,
-                 Handle<SharedFunctionInfo> function_info);
+                 DirectHandle<SharedFunctionInfo> function_info);
 
   // Associate the (source, context->closure()->shared(), kind) triple
   // with the shared function info. This may overwrite an existing mapping.
   void PutEval(Handle<String> source, Handle<SharedFunctionInfo> outer_info,
-               Handle<Context> context,
+               DirectHandle<Context> context,
                DirectHandle<SharedFunctionInfo> function_info,
-               Handle<FeedbackCell> feedback_cell, int position);
+               DirectHandle<FeedbackCell> feedback_cell, int position);
 
   // Associate the (source, flags) pair to the given regexp data.
   // This may overwrite an existing mapping.
   void PutRegExp(Handle<String> source, JSRegExp::Flags flags,
-                 DirectHandle<FixedArray> data);
+                 DirectHandle<RegExpData> data);
 
   // Clear the cache - also used to initialize the cache at startup.
   void Clear();
diff --git a/deps/v8/src/codegen/compiler.cc b/deps/v8/src/codegen/compiler.cc
index 9f038a88a3a938..a6407a56aa8d6d 100644
--- a/deps/v8/src/codegen/compiler.cc
+++ b/deps/v8/src/codegen/compiler.cc
@@ -6,13 +6,13 @@
 
 #include <algorithm>
 #include <memory>
+#include <optional>
 
 #include "src/api/api-inl.h"
 #include "src/asmjs/asm-js.h"
 #include "src/ast/prettyprinter.h"
 #include "src/ast/scopes.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/platform/time.h"
 #include "src/baseline/baseline.h"
 #include "src/codegen/assembler-inl.h"
@@ -312,7 +312,7 @@ class CompilerTracer : public AllStatic {
 // static
 void Compiler::LogFunctionCompilation(Isolate* isolate,
                                       LogEventListener::CodeTag code_type,
-                                      Handle<Script> script,
+                                      DirectHandle<Script> script,
                                       Handle<SharedFunctionInfo> shared,
                                       Handle<FeedbackVector> vector,
                                       Handle<AbstractCode> abstract_code,
@@ -454,7 +454,7 @@ void LogUnoptimizedCompilation(Isolate* isolate,
   double time_taken_ms = time_taken_to_execute.InMillisecondsF() +
                          time_taken_to_finalize.InMillisecondsF();
 
-  Handle<Script> script(Cast<Script>(shared->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(shared->script()), isolate);
   Compiler::LogFunctionCompilation(
       isolate, code_type, script, shared, Handle<FeedbackVector>(),
       abstract_code, CodeKind::INTERPRETED_FUNCTION, time_taken_ms);
@@ -615,10 +615,8 @@ void TurbofanCompilationJob::RecordCompilationStats(ConcurrencyMode mode,
       static_cast<int>(time_foreground.InMicroseconds()));
 
   if (v8_flags.profile_guided_optimization &&
-      (shared->cached_tiering_decision() ==
-           CachedTieringDecision::kEarlyMaglevPending ||
-       shared->cached_tiering_decision() ==
-           CachedTieringDecision::kEarlyMaglev)) {
+      shared->cached_tiering_decision() ==
+          CachedTieringDecision::kEarlyMaglev) {
     shared->set_cached_tiering_decision(CachedTieringDecision::kEarlyTurbofan);
   }
 }
@@ -632,7 +630,7 @@ void TurbofanCompilationJob::RecordFunctionCompilation(
                          time_taken_to_execute_.InMillisecondsF() +
                          time_taken_to_finalize_.InMillisecondsF();
 
-  Handle<Script> script(
+  DirectHandle<Script> script(
       Cast<Script>(compilation_info()->shared_info()->script()), isolate);
   Handle<FeedbackVector> feedback_vector(
       compilation_info()->closure()->feedback_vector(), isolate);
@@ -678,7 +676,7 @@ void Compiler::InstallInterpreterTrampolineCopy(
     Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
     LogEventListener::CodeTag log_tag) {
   DCHECK(v8_flags.interpreted_frames_native_stack);
-  if (!IsBytecodeArray(shared_info->GetData(isolate))) {
+  if (!IsBytecodeArray(shared_info->GetTrustedData(isolate))) {
     DCHECK(!shared_info->HasInterpreterData(isolate));
     return;
   }
@@ -699,7 +697,7 @@ void Compiler::InstallInterpreterTrampolineCopy(
     shared_info->set_interpreter_data(*interpreter_data);
   }
 
-  Handle<Script> script(Cast<Script>(shared_info->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(shared_info->script()), isolate);
   Handle<AbstractCode> abstract_code = Cast<AbstractCode>(code);
   Script::PositionInfo info;
   Script::GetPositionInfo(script, shared_info->StartPosition(), &info);
@@ -753,20 +751,16 @@ void InstallUnoptimizedCode(UnoptimizedCompilationInfo* compilation_info,
 }
 
 template <typename IsolateT>
-void EnsureSharedFunctionInfosArrayOnScript(DirectHandle<Script> script,
-                                            ParseInfo* parse_info,
-                                            IsolateT* isolate) {
+void EnsureInfosArrayOnScript(DirectHandle<Script> script,
+                              ParseInfo* parse_info, IsolateT* isolate) {
   DCHECK(parse_info->flags().is_toplevel());
-  if (script->shared_function_info_count() > 0) {
-    DCHECK_LE(script->shared_function_info_count(),
-              script->shared_function_infos()->length());
-    DCHECK_EQ(script->shared_function_info_count(),
-              parse_info->max_function_literal_id() + 1);
+  if (script->infos()->length() > 0) {
+    DCHECK_EQ(script->infos()->length(), parse_info->max_info_id() + 1);
     return;
   }
   DirectHandle<WeakFixedArray> infos(isolate->factory()->NewWeakFixedArray(
-      parse_info->max_function_literal_id() + 1, AllocationType::kOld));
-  script->set_shared_function_infos(*infos);
+      parse_info->max_info_id() + 1, AllocationType::kOld));
+  script->set_infos(*infos);
 }
 
 void UpdateSharedFunctionFlagsAfterCompilation(FunctionLiteral* literal) {
@@ -865,7 +859,7 @@ bool IterativelyExecuteAndFinalizeUnoptimizedCompilationJobs(
         finalize_unoptimized_compilation_data_list,
     DeferredFinalizationJobDataList*
         jobs_to_retry_finalization_on_main_thread) {
-  DeclarationScope::AllocateScopeInfos(parse_info, isolate);
+  DeclarationScope::AllocateScopeInfos(parse_info, script, isolate);
 
   std::vector<FunctionLiteral*> functions_to_compile;
   functions_to_compile.push_back(parse_info->literal());
@@ -995,7 +989,7 @@ class OptimizedCodeCache : public AllStatic {
                                      isolate);
       interpreter::BytecodeArrayIterator it(bytecode, osr_offset.ToInt());
       DCHECK_EQ(it.current_bytecode(), interpreter::Bytecode::kJumpLoop);
-      base::Optional<Tagged<Code>> maybe_code =
+      std::optional<Tagged<Code>> maybe_code =
           feedback_vector->GetOptimizedOsrCode(isolate, it.GetSlotOperand(2));
       if (maybe_code.has_value()) code = maybe_code.value();
     } else {
@@ -1233,7 +1227,7 @@ void RecordMaglevFunctionCompilation(Isolate* isolate,
                                      Handle<AbstractCode> code) {
   PtrComprCageBase cage_base(isolate);
   Handle<SharedFunctionInfo> shared(function->shared(cage_base), isolate);
-  Handle<Script> script(Cast<Script>(shared->script(cage_base)), isolate);
+  DirectHandle<Script> script(Cast<Script>(shared->script(cage_base)), isolate);
   Handle<FeedbackVector> feedback_vector(function->feedback_vector(cage_base),
                                          isolate);
 
@@ -1528,7 +1522,7 @@ void CompileAllWithBaseline(Isolate* isolate,
 template <typename IsolateT>
 Handle<SharedFunctionInfo> CreateTopLevelSharedFunctionInfo(
     ParseInfo* parse_info, Handle<Script> script, IsolateT* isolate) {
-  EnsureSharedFunctionInfosArrayOnScript(script, parse_info, isolate);
+  EnsureInfosArrayOnScript(script, parse_info, isolate);
   DCHECK_EQ(kNoSourcePosition,
             parse_info->literal()->function_token_position());
   return isolate->factory()->NewSharedFunctionInfoForLiteral(
@@ -1538,7 +1532,7 @@ Handle<SharedFunctionInfo> CreateTopLevelSharedFunctionInfo(
 Handle<SharedFunctionInfo> GetOrCreateTopLevelSharedFunctionInfo(
     ParseInfo* parse_info, Handle<Script> script, Isolate* isolate,
     IsCompiledScope* is_compiled_scope) {
-  EnsureSharedFunctionInfosArrayOnScript(script, parse_info, isolate);
+  EnsureInfosArrayOnScript(script, parse_info, isolate);
   MaybeHandle<SharedFunctionInfo> maybe_shared =
       Script::FindSharedFunctionInfo(script, isolate, parse_info->literal());
   if (Handle<SharedFunctionInfo> shared; maybe_shared.ToHandle(&shared)) {
@@ -1750,9 +1744,10 @@ namespace {
 #ifdef ENABLE_SLOW_DCHECKS
 
 // A class which traverses the object graph for a newly compiled Script and
-// ensures that it contains pointers to Scripts and SharedFunctionInfos only at
-// the expected locations. Any failure in this visitor indicates a case that is
-// probably not handled correctly in BackgroundMergeTask.
+// ensures that it contains pointers to Scripts, ScopeInfos and
+// SharedFunctionInfos only at the expected locations. Any failure in this
+// visitor indicates a case that is probably not handled correctly in
+// BackgroundMergeTask.
 class MergeAssumptionChecker final : public ObjectVisitor {
  public:
   explicit MergeAssumptionChecker(PtrComprCageBase cage_base)
@@ -1764,15 +1759,14 @@ class MergeAssumptionChecker final : public ObjectVisitor {
       std::pair<Tagged<HeapObject>, ObjectKind> pair = to_visit_.top();
       to_visit_.pop();
       Tagged<HeapObject> current = pair.first;
-      // The Script's shared_function_infos list and the constant pools for all
+      // The Script's infos list and the constant pools for all
       // BytecodeArrays are expected to contain pointers to SharedFunctionInfos.
       // However, the type of those objects (FixedArray or WeakFixedArray)
       // doesn't have enough information to indicate their usage, so we enqueue
       // those objects here rather than during VisitPointers.
       if (IsScript(current)) {
-        Tagged<HeapObject> sfis =
-            Cast<Script>(current)->shared_function_infos();
-        QueueVisit(sfis, kScriptSfiList);
+        Tagged<HeapObject> infos = Cast<Script>(current)->infos();
+        QueueVisit(infos, kScriptInfosList);
       } else if (IsBytecodeArray(current)) {
         Tagged<HeapObject> constants =
             Cast<BytecodeArray>(current)->constant_pool();
@@ -1800,7 +1794,11 @@ class MergeAssumptionChecker final : public ObjectVisitor {
       if (maybe_obj.GetHeapObject(&obj)) {
         if (IsSharedFunctionInfo(obj)) {
           CHECK((current_object_kind_ == kConstantPool && !is_weak) ||
-                (current_object_kind_ == kScriptSfiList && is_weak));
+                (current_object_kind_ == kScriptInfosList && is_weak));
+        } else if (IsScopeInfo(obj)) {
+          CHECK((current_object_kind_ == kConstantPool && !is_weak) ||
+                (current_object_kind_ == kNormalObject && !is_weak) ||
+                (current_object_kind_ == kScriptInfosList && is_weak));
         } else if (IsScript(obj)) {
           CHECK(IsSharedFunctionInfo(host) &&
                 current == MaybeObjectSlot(host.address() +
@@ -1836,7 +1834,7 @@ class MergeAssumptionChecker final : public ObjectVisitor {
   enum ObjectKind {
     kNormalObject,
     kConstantPool,
-    kScriptSfiList,
+    kScriptInfosList,
   };
 
   // If the object hasn't yet been added to the worklist, add it. Subsequent
@@ -1935,9 +1933,10 @@ void BackgroundCompileTask::Run(
     // Get preparsed scope data from the function literal.
     if (shared_info->HasUncompiledDataWithPreparseData()) {
       info.set_consumed_preparse_data(ConsumedPreparseData::For(
-          isolate, handle(shared_info->uncompiled_data_with_preparse_data()
-                              ->preparse_data(isolate),
-                          isolate)));
+          isolate,
+          handle(shared_info->uncompiled_data_with_preparse_data(isolate)
+                     ->preparse_data(isolate),
+                 isolate)));
     }
   }
 
@@ -2010,32 +2009,137 @@ void BackgroundCompileTask::Run(
 class ConstantPoolPointerForwarder {
  public:
   explicit ConstantPoolPointerForwarder(PtrComprCageBase cage_base,
-                                        LocalHeap* local_heap)
-      : cage_base_(cage_base), local_heap_(local_heap) {}
+                                        LocalHeap* local_heap,
+                                        DirectHandle<Script> old_script)
+      : cage_base_(cage_base),
+        local_heap_(local_heap),
+        old_script_(old_script) {}
 
   void AddBytecodeArray(Tagged<BytecodeArray> bytecode_array) {
     CHECK(IsBytecodeArray(bytecode_array));
-    bytecode_arrays_to_update_.push_back(handle(bytecode_array, local_heap_));
-  }
+    bytecode_arrays_to_update_.emplace_back(bytecode_array, local_heap_);
+  }
+
+  void RecordScopeInfos(Tagged<MaybeObject> maybe_old_info) {
+    RecordScopeInfos(maybe_old_info.GetHeapObjectAssumeWeak());
+  }
+
+  // Record all scope infos relevant for a shared function info or scope info
+  // (recorded for eval).
+  void RecordScopeInfos(Tagged<HeapObject> info) {
+    if (!v8_flags.reuse_scope_infos) return;
+    Tagged<ScopeInfo> scope_info;
+    if (Is<SharedFunctionInfo>(info)) {
+      Tagged<SharedFunctionInfo> old_sfi = Cast<SharedFunctionInfo>(info);
+      // Also record context-having own scope infos for SFIs.
+      if (!old_sfi->scope_info()->IsEmpty() &&
+          old_sfi->scope_info()->HasContext()) {
+        scope_info = old_sfi->scope_info();
+      } else if (old_sfi->HasOuterScopeInfo()) {
+        scope_info = old_sfi->GetOuterScopeInfo();
+      } else {
+        return;
+      }
+    } else {
+      scope_info = Cast<ScopeInfo>(info);
+    }
 
-  void Forward(Tagged<SharedFunctionInfo> from, Tagged<SharedFunctionInfo> to) {
-    forwarding_table_[from->function_literal_id()] = handle(to, local_heap_);
+    while (true) {
+      auto it = scope_infos_to_update_.find(scope_info->UniqueIdInScript());
+      if (it != scope_infos_to_update_.end()) {
+        // Once we find an already recorded scope info, it need to match the one
+        // on the chain.
+        if (V8_UNLIKELY(*it->second != scope_info)) {
+          info->Print();
+          (*it->second)->Print();
+          scope_info->Print();
+          UNREACHABLE();
+        }
+        return;
+      }
+      scope_infos_to_update_[scope_info->UniqueIdInScript()] =
+          handle(scope_info, local_heap_);
+      if (!scope_info->HasOuterScopeInfo()) break;
+      scope_info = scope_info->OuterScopeInfo();
+    }
   }
 
   // Runs the update after the setup functions above specified the work to do.
   void IterateAndForwardPointers() {
     DCHECK(HasAnythingToForward());
-    for (DirectHandle<BytecodeArray> bytecode_array :
-         bytecode_arrays_to_update_) {
+    for (DirectHandle<BytecodeArray> entry : bytecode_arrays_to_update_) {
       local_heap_->Safepoint();
       DisallowGarbageCollection no_gc;
-      IterateConstantPool(bytecode_array->constant_pool());
+      IterateConstantPool(entry->constant_pool());
     }
   }
 
-  bool HasAnythingToForward() const { return !forwarding_table_.empty(); }
+  void set_has_shared_function_info_to_forward() {
+    has_shared_function_info_to_forward_ = true;
+  }
+
+  bool HasAnythingToForward() const {
+    return has_shared_function_info_to_forward_ ||
+           !scope_infos_to_update_.empty();
+  }
+
+  // Find an own scope info for the sfi based on the UniqueIdInScript that the
+  // own scope info would have. This works even if the SFI doesn't yet have a
+  // scope info attached by computing UniqueIdInScript from the SFI position.
+  //
+  // This should only directly be used for SFIs that already existed on the
+  // script. Their outer scope info will already be correct.
+  bool InstallOwnScopeInfo(Tagged<SharedFunctionInfo> sfi) {
+    if (!v8_flags.reuse_scope_infos) return false;
+    auto it = scope_infos_to_update_.find(sfi->UniqueIdInScript());
+    if (it == scope_infos_to_update_.end()) return false;
+    sfi->SetScopeInfo(*it->second);
+    return true;
+  }
+
+  // Either replace the own scope info of the sfi, or the first outer scope info
+  // that was recorded.
+  //
+  // This has to be used for all newly created SFIs since their outer scope info
+  // also may need to be reattached.
+  void UpdateScopeInfo(Tagged<SharedFunctionInfo> sfi) {
+    if (!v8_flags.reuse_scope_infos) return;
+    // This should not be called on already existing SFIs. Their scope infos are
+    // already correct.
+    DCHECK_NE(MakeWeak(sfi),
+              old_script_->infos()->get(sfi->function_literal_id()));
+    if (InstallOwnScopeInfo(sfi)) return;
+    if (!sfi->HasOuterScopeInfo()) return;
+
+    Tagged<ScopeInfo> parent =
+        sfi->scope_info()->IsEmpty() ? Tagged<ScopeInfo>() : sfi->scope_info();
+    Tagged<ScopeInfo> outer_info = sfi->GetOuterScopeInfo();
+
+    auto it = scope_infos_to_update_.find(outer_info->UniqueIdInScript());
+    while (it == scope_infos_to_update_.end()) {
+      if (!outer_info->HasOuterScopeInfo()) return;
+      parent = outer_info;
+      outer_info = outer_info->OuterScopeInfo();
+      it = scope_infos_to_update_.find(outer_info->UniqueIdInScript());
+    }
+    if (outer_info == *it->second) return;
+
+    VerifyScopeInfo(outer_info, *it->second);
+
+    if (parent.is_null()) {
+      sfi->set_raw_outer_scope_info_or_feedback_metadata(*it->second);
+    } else {
+      parent->set_outer_scope_info(*it->second);
+    }
+  }
 
  private:
+  void VerifyScopeInfo(Tagged<ScopeInfo> scope_info,
+                       Tagged<ScopeInfo> replacement) {
+    CHECK_EQ(replacement->EndPosition(), scope_info->EndPosition());
+    CHECK_EQ(replacement->scope_type(), scope_info->scope_type());
+    CHECK_EQ(replacement->ContextLength(), scope_info->ContextLength());
+  }
   template <typename TArray>
   void IterateConstantPoolEntry(Tagged<TArray> constant_pool, int i) {
     Tagged<Object> obj = constant_pool->get(i);
@@ -2046,12 +2150,49 @@ class ConstantPoolPointerForwarder {
       // are acyclic and never more than a few layers deep, so recursion is
       // fine here.
       IterateConstantPoolNestedArray(Cast<FixedArray>(heap_obj));
-    } else if (IsSharedFunctionInfo(heap_obj, cage_base_)) {
-      auto it = forwarding_table_.find(
-          Cast<SharedFunctionInfo>(heap_obj)->function_literal_id());
-      if (it != forwarding_table_.end()) {
+    } else if (has_shared_function_info_to_forward_ &&
+               IsSharedFunctionInfo(heap_obj, cage_base_)) {
+      VisitSharedFunctionInfo(constant_pool, i,
+                              Cast<SharedFunctionInfo>(heap_obj));
+    } else if (!scope_infos_to_update_.empty() &&
+               IsScopeInfo(heap_obj, cage_base_)) {
+      VisitScopeInfo(constant_pool, i, Cast<ScopeInfo>(heap_obj));
+    }
+  }
+
+  template <typename TArray>
+  void VisitSharedFunctionInfo(Tagged<TArray> constant_pool, int i,
+                               Tagged<SharedFunctionInfo> sfi) {
+    Tagged<MaybeObject> maybe_old_sfi =
+        old_script_->infos()->get(sfi->function_literal_id());
+    if (maybe_old_sfi.IsWeak()) {
+      constant_pool->set(
+          i, Cast<SharedFunctionInfo>(maybe_old_sfi.GetHeapObjectAssumeWeak()));
+    }
+  }
+
+  template <typename TArray>
+  void VisitScopeInfo(Tagged<TArray> constant_pool, int i,
+                      Tagged<ScopeInfo> scope_info) {
+    if (scope_info->IsHiddenCatchScope()) return;
+    auto it = scope_infos_to_update_.find(scope_info->UniqueIdInScript());
+    // Try to replace the scope info itself with an already existing version.
+    if (it != scope_infos_to_update_.end()) {
+      if (scope_info != *it->second) {
+        VerifyScopeInfo(scope_info, *it->second);
         constant_pool->set(i, *it->second);
       }
+    } else if (scope_info->HasOuterScopeInfo()) {
+      // If we didn't find a match, but we have an outer scope info, try to
+      // replace the outer scope info with an already existing outer scope
+      // info. We only need to look at the direct outer scope info since we'll
+      // process all scope infos that are created by this compilation task.
+      Tagged<ScopeInfo> outer = scope_info->OuterScopeInfo();
+      it = scope_infos_to_update_.find(outer->UniqueIdInScript());
+      if (it != scope_infos_to_update_.end() && outer != *it->second) {
+        VerifyScopeInfo(outer, *it->second);
+        scope_info->set_outer_scope_info(*it->second);
+      }
     }
   }
 
@@ -2069,12 +2210,12 @@ class ConstantPoolPointerForwarder {
 
   PtrComprCageBase cage_base_;
   LocalHeap* local_heap_;
+  DirectHandle<Script> old_script_;
   std::vector<Handle<BytecodeArray>> bytecode_arrays_to_update_;
 
-  // If any SharedFunctionInfo is found in constant pools with a function
-  // literal ID matching one of these keys, then that entry should be updated
-  // to point to the corresponding value.
-  std::unordered_map<int, Handle<SharedFunctionInfo>> forwarding_table_;
+  // Indicates whether we have any shared function info to forward.
+  bool has_shared_function_info_to_forward_ = false;
+  std::unordered_map<int, Handle<ScopeInfo>> scope_infos_to_update_;
 };
 
 void BackgroundMergeTask::SetUpOnMainThread(Isolate* isolate,
@@ -2116,6 +2257,12 @@ void BackgroundMergeTask::SetUpOnMainThread(
   cached_script_ = persistent_handles_->NewHandle(*cached_script);
 }
 
+static bool force_gc_during_next_merge_for_testing_ = false;
+
+void BackgroundMergeTask::ForceGCDuringNextMergeForTesting() {
+  force_gc_during_next_merge_for_testing_ = true;
+}
+
 void BackgroundMergeTask::BeginMergeInBackground(
     LocalIsolate* isolate, DirectHandle<Script> new_script) {
   DCHECK_EQ(state_, kPendingBackgroundWork);
@@ -2123,14 +2270,13 @@ void BackgroundMergeTask::BeginMergeInBackground(
   LocalHeap* local_heap = isolate->heap();
   local_heap->AttachPersistentHandles(std::move(persistent_handles_));
   LocalHandleScope handle_scope(local_heap);
-  ConstantPoolPointerForwarder forwarder(isolate, local_heap);
-
   DirectHandle<Script> old_script = cached_script_.ToHandleChecked();
+  ConstantPoolPointerForwarder forwarder(isolate, local_heap, old_script);
 
   {
     DisallowGarbageCollection no_gc;
     Tagged<MaybeObject> maybe_old_toplevel_sfi =
-        old_script->shared_function_infos()->get(kFunctionLiteralIdTopLevel);
+        old_script->infos()->get(kFunctionLiteralIdTopLevel);
     if (maybe_old_toplevel_sfi.IsWeak()) {
       Tagged<SharedFunctionInfo> old_toplevel_sfi = Cast<SharedFunctionInfo>(
           maybe_old_toplevel_sfi.GetHeapObjectAssumeWeak());
@@ -2141,42 +2287,58 @@ void BackgroundMergeTask::BeginMergeInBackground(
 
   // Iterate the SFI lists on both Scripts to set up the forwarding table and
   // follow-up worklists for the main thread.
-  CHECK_EQ(old_script->shared_function_infos()->length(),
-           new_script->shared_function_infos()->length());
-  for (int i = 0; i < old_script->shared_function_infos()->length(); ++i) {
+  CHECK_EQ(old_script->infos()->length(), new_script->infos()->length());
+  for (int i = 0; i < old_script->infos()->length(); ++i) {
     DisallowGarbageCollection no_gc;
-    Tagged<MaybeObject> maybe_new_sfi =
-        new_script->shared_function_infos()->get(i);
-    if (maybe_new_sfi.IsWeak()) {
+    Tagged<MaybeObject> maybe_new_sfi = new_script->infos()->get(i);
+    Tagged<MaybeObject> maybe_old_info = old_script->infos()->get(i);
+    // We might have scope infos in the table if it's deserialized from a code
+    // cache.
+    if (maybe_new_sfi.IsWeak() &&
+        Is<SharedFunctionInfo>(maybe_new_sfi.GetHeapObjectAssumeWeak())) {
       Tagged<SharedFunctionInfo> new_sfi =
           Cast<SharedFunctionInfo>(maybe_new_sfi.GetHeapObjectAssumeWeak());
-      Tagged<MaybeObject> maybe_old_sfi =
-          old_script->shared_function_infos()->get(i);
-      if (maybe_old_sfi.IsWeak()) {
+      if (maybe_old_info.IsWeak()) {
+        forwarder.set_has_shared_function_info_to_forward();
         // The old script and the new script both have SharedFunctionInfos for
         // this function literal.
         Tagged<SharedFunctionInfo> old_sfi =
-            Cast<SharedFunctionInfo>(maybe_old_sfi.GetHeapObjectAssumeWeak());
-        forwarder.Forward(new_sfi, old_sfi);
-        if (new_sfi->HasBytecodeArray()) {
-          if (old_sfi->HasBytecodeArray()) {
-            // Reset the old SFI's bytecode age so that it won't likely get
-            // flushed right away. This operation might be racing against
-            // concurrent modification by another thread, but such a race is not
-            // catastrophic.
-            old_sfi->set_age(0);
-          } else {
-            // The old SFI can use the compiled data from the new SFI.
-            new_compiled_data_for_cached_sfis_.push_back(
-                {local_heap->NewPersistentHandle(old_sfi),
-                 local_heap->NewPersistentHandle(new_sfi)});
-            forwarder.AddBytecodeArray(new_sfi->GetBytecodeArray(isolate));
+            Cast<SharedFunctionInfo>(maybe_old_info.GetHeapObjectAssumeWeak());
+        // Make sure to allocate a persistent handle to the old sfi whether or
+        // not it or the new sfi have bytecode -- this is necessary to keep the
+        // old sfi reference in the old script list alive, so that pointers to
+        // the new sfi are redirected to the old sfi.
+        Handle<SharedFunctionInfo> old_sfi_handle =
+            local_heap->NewPersistentHandle(old_sfi);
+        if (old_sfi->HasBytecodeArray()) {
+          // Reset the old SFI's bytecode age so that it won't likely get
+          // flushed right away. This operation might be racing against
+          // concurrent modification by another thread, but such a race is not
+          // catastrophic.
+          old_sfi->set_age(0);
+        } else if (new_sfi->HasBytecodeArray()) {
+          // Also push the old_sfi to make sure it stays alive / isn't replaced.
+          new_compiled_data_for_cached_sfis_.push_back(
+              {old_sfi_handle, local_heap->NewPersistentHandle(new_sfi)});
+          // Pick up existing scope infos from the old sfi. The new sfi will be
+          // copied over the old sfi later. This will ensure that we'll keep
+          // using the old sfis. This will also allow us check later whether new
+          // scope infos have appeared that need to be reused.
+          if (!old_sfi->scope_info()->IsEmpty()) {
+            new_sfi->SetScopeInfo(old_sfi->scope_info());
+          } else if (old_sfi->HasOuterScopeInfo()) {
+            new_sfi->scope_info()->set_outer_scope_info(
+                old_sfi->GetOuterScopeInfo());
           }
+          forwarder.AddBytecodeArray(new_sfi->GetBytecodeArray(isolate));
         }
+        // TODO(355575275): We shouldn't be using the new sfi, so its script
+        // field shouldn't matter -- but there seems to be some cases where we
+        // do, so stay robust and set it. Remove this once this bug is fixed.
+        new_sfi->set_script(*old_script, kReleaseStore);
       } else {
         // The old script didn't have a SharedFunctionInfo for this function
         // literal, so it can use the new SharedFunctionInfo.
-        DCHECK_EQ(i, new_sfi->function_literal_id());
         new_sfi->set_script(*old_script, kReleaseStore);
         used_new_sfis_.push_back(local_heap->NewPersistentHandle(new_sfi));
         if (new_sfi->HasBytecodeArray()) {
@@ -2184,14 +2346,43 @@ void BackgroundMergeTask::BeginMergeInBackground(
         }
       }
     }
+
+    if (maybe_old_info.IsWeak()) {
+      forwarder.RecordScopeInfos(maybe_old_info);
+      // If the old script has a SFI, point to it from the new script to
+      // indicate we've already seen it and we'll reuse it if necessary (if
+      // newly compiled bytecode points to it).
+      new_script->infos()->set(i, maybe_old_info);
+    }
   }
 
-  persistent_handles_ = local_heap->DetachPersistentHandles();
+  // Since we are walking the script infos weak list both when figuring out
+  // which SFIs to merge above, and actually merging them below, make sure that
+  // a GC here which clears any dead weak refs or flushes any bytecode doesn't
+  // break anything.
+  if (V8_UNLIKELY(force_gc_during_next_merge_for_testing_)) {
+    // This GC is only synchronous on the main thread at the moment.
+    DCHECK(isolate->is_main_thread());
+    local_heap->AsHeap()->CollectAllAvailableGarbage(
+        GarbageCollectionReason::kTesting);
+  }
 
   if (forwarder.HasAnythingToForward()) {
+    for (DirectHandle<SharedFunctionInfo> new_sfi : used_new_sfis_) {
+      forwarder.UpdateScopeInfo(*new_sfi);
+    }
+    for (const auto& new_compiled_data : new_compiled_data_for_cached_sfis_) {
+      // It's possible that new_compiled_data.cached_sfi had
+      // scope_info()->IsEmpty() while an inner function has scope info if the
+      // cached_sfi was recreated when an outer function was recompiled. If so,
+      // new_compiled_data.new_sfi does not have a reused scope info yet, and
+      // we'll have found it when we visited the inner function. Try to pick it
+      // up here.
+      forwarder.InstallOwnScopeInfo(*new_compiled_data.new_sfi);
+    }
     forwarder.IterateAndForwardPointers();
   }
-
+  persistent_handles_ = local_heap->DetachPersistentHandles();
   state_ = kPendingForegroundWork;
 }
 
@@ -2200,14 +2391,13 @@ Handle<SharedFunctionInfo> BackgroundMergeTask::CompleteMergeInForeground(
   DCHECK_EQ(state_, kPendingForegroundWork);
 
   HandleScope handle_scope(isolate);
-  ConstantPoolPointerForwarder forwarder(isolate,
-                                         isolate->main_thread_local_heap());
-
   DirectHandle<Script> old_script = cached_script_.ToHandleChecked();
+  ConstantPoolPointerForwarder forwarder(
+      isolate, isolate->main_thread_local_heap(), old_script);
 
   for (const auto& new_compiled_data : new_compiled_data_for_cached_sfis_) {
-    if (!new_compiled_data.cached_sfi->is_compiled() &&
-        new_compiled_data.new_sfi->is_compiled()) {
+    Tagged<SharedFunctionInfo> sfi = *new_compiled_data.cached_sfi;
+    if (!sfi->is_compiled() && new_compiled_data.new_sfi->is_compiled()) {
       // Updating existing DebugInfos is not supported, but we don't expect
       // uncompiled SharedFunctionInfos to contain DebugInfos.
       DCHECK(!new_compiled_data.cached_sfi->HasDebugInfo(isolate));
@@ -2217,26 +2407,27 @@ Handle<SharedFunctionInfo> BackgroundMergeTask::CompleteMergeInForeground(
       // cached_sfi to new_sfi, and then copy every field using CopyFrom.
       new_compiled_data.new_sfi->set_script(
           new_compiled_data.cached_sfi->script(kAcquireLoad), kReleaseStore);
-      new_compiled_data.cached_sfi->CopyFrom(*new_compiled_data.new_sfi,
-                                             isolate);
+      sfi->CopyFrom(*new_compiled_data.new_sfi, isolate);
     }
   }
-  for (DirectHandle<SharedFunctionInfo> new_sfi : used_new_sfis_) {
+
+  for (int i = 0; i < old_script->infos()->length(); ++i) {
+    Tagged<MaybeObject> maybe_old_info = old_script->infos()->get(i);
+    Tagged<MaybeObject> maybe_new_info = new_script->infos()->get(i);
+    if (maybe_new_info == maybe_old_info) continue;
     DisallowGarbageCollection no_gc;
-    DCHECK_GE(new_sfi->function_literal_id(), 0);
-    Tagged<MaybeObject> maybe_old_sfi =
-        old_script->shared_function_infos()->get(
-            new_sfi->function_literal_id());
-    if (maybe_old_sfi.IsWeak()) {
-      // The old script's SFI didn't exist during the background work, but
-      // does now. This means a re-merge is necessary so that any pointers to
-      // the new script's SFI are updated to point to the old script's SFI.
-      Tagged<SharedFunctionInfo> old_sfi =
-          Cast<SharedFunctionInfo>(maybe_old_sfi.GetHeapObjectAssumeWeak());
-      forwarder.Forward(*new_sfi, old_sfi);
+    if (maybe_old_info.IsWeak()) {
+      // The old script's SFI didn't exist during the background work, but does
+      // now. This means a re-merge is necessary. Potential references to the
+      // new script's SFI need to be updated to point to the cached script's SFI
+      // instead. The cached script's SFI's outer scope infos need to be used by
+      // the new script's outer SFIs.
+      if (Is<SharedFunctionInfo>(maybe_old_info.GetHeapObjectAssumeWeak())) {
+        forwarder.set_has_shared_function_info_to_forward();
+      }
+      forwarder.RecordScopeInfos(maybe_old_info);
     } else {
-      old_script->shared_function_infos()->set(new_sfi->function_literal_id(),
-                                               MakeWeak(*new_sfi));
+      old_script->infos()->set(i, maybe_new_info);
     }
   }
 
@@ -2245,11 +2436,17 @@ Handle<SharedFunctionInfo> BackgroundMergeTask::CompleteMergeInForeground(
   // pools is required.
   if (forwarder.HasAnythingToForward()) {
     for (DirectHandle<SharedFunctionInfo> new_sfi : used_new_sfis_) {
+      forwarder.UpdateScopeInfo(*new_sfi);
       if (new_sfi->HasBytecodeArray(isolate)) {
         forwarder.AddBytecodeArray(new_sfi->GetBytecodeArray(isolate));
       }
     }
     for (const auto& new_compiled_data : new_compiled_data_for_cached_sfis_) {
+      // It's possible that cached_sfi wasn't compiled, but an inner function
+      // existed that didn't exist when be background merged. In that case, pick
+      // up the relevant scope infos.
+      Tagged<SharedFunctionInfo> sfi = *new_compiled_data.cached_sfi;
+      forwarder.InstallOwnScopeInfo(sfi);
       if (new_compiled_data.cached_sfi->HasBytecodeArray(isolate)) {
         forwarder.AddBytecodeArray(
             new_compiled_data.cached_sfi->GetBytecodeArray(isolate));
@@ -2259,7 +2456,7 @@ Handle<SharedFunctionInfo> BackgroundMergeTask::CompleteMergeInForeground(
   }
 
   Tagged<MaybeObject> maybe_toplevel_sfi =
-      old_script->shared_function_infos()->get(kFunctionLiteralIdTopLevel);
+      old_script->infos()->get(kFunctionLiteralIdTopLevel);
   CHECK(maybe_toplevel_sfi.IsWeak());
   Handle<SharedFunctionInfo> result = handle(
       Cast<SharedFunctionInfo>(maybe_toplevel_sfi.GetHeapObjectAssumeWeak()),
@@ -2272,6 +2469,113 @@ Handle<SharedFunctionInfo> BackgroundMergeTask::CompleteMergeInForeground(
     SharedFunctionInfo::EnsureSourcePositionsAvailable(isolate, result);
   }
 
+  {
+    // TODO(355575275): Extra validation code to try to find a bug. Remove after
+    // fixing.
+    for (int i = 0; i < old_script->infos()->length(); ++i) {
+      Tagged<MaybeObject> maybe_sfi = old_script->infos()->get(i);
+      if (maybe_sfi.IsWeak() &&
+          Is<SharedFunctionInfo>(maybe_sfi.GetHeapObjectAssumeWeak())) {
+        Tagged<SharedFunctionInfo> sfi =
+            Cast<SharedFunctionInfo>(maybe_sfi.GetHeapObjectAssumeWeak());
+
+        // Check that the SFI has the right script.
+        if (sfi->script() != *old_script) {
+          isolate->PushStackTraceAndContinue(
+              reinterpret_cast<void*>(sfi.ptr()),
+              reinterpret_cast<void*>(old_script->ptr()),
+              reinterpret_cast<void*>(new_script->ptr()),
+              reinterpret_cast<void*>(old_script->infos()->ptr() +
+                                      WeakFixedArray::OffsetOfElementAt(i)),
+              reinterpret_cast<void*>(new_script->infos()->ptr() +
+                                      WeakFixedArray::OffsetOfElementAt(i)));
+        }
+
+        // Check that all SFIs in the bytecode array's constant pool are from
+        // the same script.
+        if (sfi->HasBytecodeArray()) {
+          Tagged<BytecodeArray> bytecode = sfi->GetBytecodeArray(isolate);
+          Tagged<TrustedFixedArray> constant_pool = bytecode->constant_pool();
+          for (int i = 0; i < constant_pool->length(); ++i) {
+            Tagged<Object> entry = constant_pool->get(i);
+            if (Is<SharedFunctionInfo>(entry)) {
+              Tagged<SharedFunctionInfo> inner_sfi =
+                  Cast<SharedFunctionInfo>(entry);
+              int id = inner_sfi->function_literal_id();
+              if (MakeWeak(inner_sfi) != old_script->infos()->get(id)) {
+                isolate->PushStackTraceAndContinue(
+                    reinterpret_cast<void*>(sfi.ptr()),
+                    reinterpret_cast<void*>(inner_sfi.ptr()),
+                    reinterpret_cast<void*>(old_script->ptr()),
+                    reinterpret_cast<void*>(new_script->ptr()),
+                    reinterpret_cast<void*>(
+                        old_script->infos()->ptr() +
+                        WeakFixedArray::OffsetOfElementAt(id)),
+                    reinterpret_cast<void*>(
+                        new_script->infos()->ptr() +
+                        WeakFixedArray::OffsetOfElementAt(id)));
+              }
+
+              if (inner_sfi->script() != *old_script) {
+                isolate->PushStackTraceAndContinue(
+                    reinterpret_cast<void*>(sfi.ptr()),
+                    reinterpret_cast<void*>(inner_sfi.ptr()),
+                    reinterpret_cast<void*>(old_script->ptr()),
+                    reinterpret_cast<void*>(new_script->ptr()),
+                    reinterpret_cast<void*>(
+                        old_script->infos()->ptr() +
+                        WeakFixedArray::OffsetOfElementAt(id)),
+                    reinterpret_cast<void*>(
+                        new_script->infos()->ptr() +
+                        WeakFixedArray::OffsetOfElementAt(id)));
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+
+  if (v8_flags.verify_code_merge) {
+    // Check that there aren't any duplicate scope infos. Every scope/context
+    // should correspond to at most one scope info.
+    std::unordered_map<int, Tagged<ScopeInfo>> scope_infos;
+    for (int i = 0; i < old_script->infos()->length(); i++) {
+      Tagged<ScopeInfo> scope_info;
+      if (!old_script->infos()->get(i).IsWeak()) continue;
+      Tagged<HeapObject> info =
+          old_script->infos()->get(i).GetHeapObjectAssumeWeak();
+      if (Is<SharedFunctionInfo>(info)) {
+        Tagged<SharedFunctionInfo> old_sfi = Cast<SharedFunctionInfo>(info);
+        CHECK_EQ(old_sfi->script(), *old_script);
+        if (!old_sfi->scope_info()->IsEmpty()) {
+          scope_info = old_sfi->scope_info();
+        } else if (old_sfi->HasOuterScopeInfo()) {
+          scope_info = old_sfi->GetOuterScopeInfo();
+        } else {
+          continue;
+        }
+      } else {
+        scope_info = Cast<ScopeInfo>(info);
+      }
+      while (true) {
+        auto it = scope_infos.find(scope_info->UniqueIdInScript());
+        if (it != scope_infos.end()) {
+          if (*it->second != scope_info) {
+            old_script->infos()->get(i).GetHeapObjectAssumeWeak()->Print();
+            (*it->second)->Print();
+            scope_info->Print();
+            UNREACHABLE();
+          }
+          break;
+        }
+        scope_infos[scope_info->UniqueIdInScript()] = scope_info;
+        if (!scope_info->HasOuterScopeInfo()) break;
+        scope_info = scope_info->OuterScopeInfo();
+      }
+    }
+  }
+
   return handle_scope.CloseAndEscape(result);
 }
 
@@ -2306,6 +2610,16 @@ MaybeHandle<SharedFunctionInfo> BackgroundCompileTask::FinalizeScript(
     Handle<SharedFunctionInfo> result =
         merge.CompleteMergeInForeground(isolate, script);
     maybe_result = result;
+
+    {
+      // TODO(355575275): We shouldn't be using the new script, so its source
+      // and origin options shouldn't matter -- but there seems to be some cases
+      // where we do, so stay robust and set them. Remove this once this bug is
+      // fixed.
+      Script::SetSource(isolate, script, source);
+      script->set_origin_options(origin_options);
+    }
+
     script = handle(Cast<Script>(result->script()), isolate);
     DCHECK(Object::StrictEquals(script->source(), *source));
     DCHECK(isolate->factory()->script_list()->Contains(MakeWeak(*script)));
@@ -2355,7 +2669,7 @@ bool BackgroundCompileTask::FinalizeFunction(
   // the LazyCompileDispatcher Job that launched this task, which will now be
   // considered complete, so clear that regardless of whether the finalize
   // succeeds or not.
-  input_shared_info->ClearUncompiledDataJobPointer();
+  input_shared_info->ClearUncompiledDataJobPointer(isolate);
 
   // We might not have been able to finalize all jobs on the background
   // thread (e.g. asm.js jobs), so finalize those deferred jobs now.
@@ -2389,7 +2703,8 @@ void BackgroundCompileTask::AbortFunction() {
   // the LazyCompileDispatcher Job that launched this task, which is about to be
   // deleted, so clear that to avoid the SharedFunctionInfo from pointing to
   // deallocated memory.
-  input_shared_info_.ToHandleChecked()->ClearUncompiledDataJobPointer();
+  input_shared_info_.ToHandleChecked()->ClearUncompiledDataJobPointer(
+      isolate_for_local_isolate_);
 }
 
 void BackgroundCompileTask::ReportStatistics(Isolate* isolate) {
@@ -2559,7 +2874,7 @@ bool Compiler::CollectSourcePositions(Isolate* isolate,
 
   // If debugging, make sure that instrumented bytecode has the source position
   // table set on it as well.
-  if (base::Optional<Tagged<DebugInfo>> debug_info =
+  if (std::optional<Tagged<DebugInfo>> debug_info =
           shared_info->TryGetDebugInfo(isolate)) {
     if (debug_info.value()->HasInstrumentedBytecodeArray()) {
       Tagged<TrustedByteArray> source_position_table =
@@ -2620,10 +2935,9 @@ bool Compiler::Compile(Isolate* isolate, Handle<SharedFunctionInfo> shared_info,
 
   if (shared_info->HasUncompiledDataWithPreparseData()) {
     parse_info.set_consumed_preparse_data(ConsumedPreparseData::For(
-        isolate,
-        handle(
-            shared_info->uncompiled_data_with_preparse_data()->preparse_data(),
-            isolate)));
+        isolate, handle(shared_info->uncompiled_data_with_preparse_data(isolate)
+                            ->preparse_data(),
+                        isolate)));
   }
 
   // Parse and update ParseInfo with the results.
@@ -2686,7 +3000,7 @@ bool Compiler::Compile(Isolate* isolate, Handle<JSFunction> function,
   // flushed.
   function->ResetIfCodeFlushed(isolate);
 
-  Handle<SharedFunctionInfo> shared_info = handle(function->shared(), isolate);
+  Handle<SharedFunctionInfo> shared_info(function->shared(), isolate);
 
   // Ensure shared function info is compiled.
   *is_compiled_scope = shared_info->is_compiled_scope(isolate);
@@ -2696,7 +3010,7 @@ bool Compiler::Compile(Isolate* isolate, Handle<JSFunction> function,
   }
 
   DCHECK(is_compiled_scope->is_compiled());
-  Handle<Code> code = handle(shared_info->GetCode(isolate), isolate);
+  DirectHandle<Code> code(shared_info->GetCode(isolate), isolate);
 
   // Initialize the feedback cell for this JSFunction and reset the interrupt
   // budget for feedback vector allocation even if there is a closure feedback
@@ -2798,7 +3112,8 @@ bool Compiler::CompileSharedWithBaseline(Isolate* isolate,
 }
 
 // static
-bool Compiler::CompileBaseline(Isolate* isolate, Handle<JSFunction> function,
+bool Compiler::CompileBaseline(Isolate* isolate,
+                               DirectHandle<JSFunction> function,
                                ClearExceptionFlag flag,
                                IsCompiledScope* is_compiled_scope) {
   Handle<SharedFunctionInfo> shared(function->shared(isolate), isolate);
@@ -2884,8 +3199,7 @@ MaybeHandle<SharedFunctionInfo> Compiler::CompileForLiveEdit(
 MaybeHandle<JSFunction> Compiler::GetFunctionFromEval(
     Handle<String> source, Handle<SharedFunctionInfo> outer_info,
     Handle<Context> context, LanguageMode language_mode,
-    ParseRestriction restriction, int parameters_end_pos,
-    int eval_scope_position, int eval_position,
+    ParseRestriction restriction, int parameters_end_pos, int eval_position,
     ParsingWhileDebugging parsing_while_debugging) {
   Isolate* isolate = context->GetIsolate();
 
@@ -2894,19 +3208,20 @@ MaybeHandle<JSFunction> Compiler::GetFunctionFromEval(
   //   Function("", "function anonymous(\n/**/) {\n}");
   // from adding an entry that falsely approves this invalid invocation:
   //   Function("\n/**/) {\nfunction anonymous(", "}");
-  // The actual eval_scope_position for indirect eval and CreateDynamicFunction
+  // The actual eval_position for indirect eval and CreateDynamicFunction
   // is unused (just 0), which means it's an available field to use to indicate
   // this separation. But to make sure we're not causing other false hits, we
   // negate the scope position.
+  int eval_cache_position = eval_position;
   if (restriction == ONLY_SINGLE_FUNCTION_LITERAL &&
       parameters_end_pos != kNoSourcePosition) {
-    // use the parameters_end_pos as the eval_scope_position in the eval cache.
-    DCHECK_EQ(eval_scope_position, 0);
-    eval_scope_position = -parameters_end_pos;
+    // use the parameters_end_pos as the eval_position in the eval cache.
+    DCHECK_EQ(eval_position, kNoSourcePosition);
+    eval_cache_position = -parameters_end_pos;
   }
   CompilationCache* compilation_cache = isolate->compilation_cache();
   InfoCellPair eval_result = compilation_cache->LookupEval(
-      source, outer_info, context, language_mode, eval_scope_position);
+      source, outer_info, context, language_mode, eval_cache_position);
   Handle<FeedbackCell> feedback_cell;
   if (eval_result.has_feedback_cell()) {
     feedback_cell = handle(eval_result.feedback_cell(), isolate);
@@ -2989,10 +3304,10 @@ MaybeHandle<JSFunction> Compiler::GetFunctionFromEval(
       JSFunction::InitializeFeedbackCell(result, &is_compiled_scope, true);
       if (allow_eval_cache) {
         // Make sure to cache this result.
-        Handle<FeedbackCell> new_feedback_cell(result->raw_feedback_cell(),
-                                               isolate);
+        DirectHandle<FeedbackCell> new_feedback_cell(
+            result->raw_feedback_cell(), isolate);
         compilation_cache->PutEval(source, outer_info, context, shared_info,
-                                   new_feedback_cell, eval_scope_position);
+                                   new_feedback_cell, eval_cache_position);
       }
     }
   } else {
@@ -3005,10 +3320,10 @@ MaybeHandle<JSFunction> Compiler::GetFunctionFromEval(
     if (allow_eval_cache) {
       // Add the SharedFunctionInfo and the LiteralsArray to the eval cache if
       // we didn't retrieve from there.
-      Handle<FeedbackCell> new_feedback_cell(result->raw_feedback_cell(),
-                                             isolate);
+      DirectHandle<FeedbackCell> new_feedback_cell(result->raw_feedback_cell(),
+                                                   isolate);
       compilation_cache->PutEval(source, outer_info, context, shared_info,
-                                 new_feedback_cell, eval_scope_position);
+                                 new_feedback_cell, eval_cache_position);
     }
   }
   DCHECK(is_compiled_scope.is_compiled());
@@ -3147,25 +3462,24 @@ MaybeHandle<JSFunction> Compiler::GetFunctionFromValidatedString(
   }
 
   // Compile source string in the native context.
-  int eval_scope_position = 0;
   int eval_position = kNoSourcePosition;
   Handle<SharedFunctionInfo> outer_info(
       native_context->empty_function()->shared(), isolate);
-  return Compiler::GetFunctionFromEval(source.ToHandleChecked(), outer_info,
-                                       native_context, LanguageMode::kSloppy,
-                                       restriction, parameters_end_pos,
-                                       eval_scope_position, eval_position);
+  return Compiler::GetFunctionFromEval(
+      source.ToHandleChecked(), outer_info, native_context,
+      LanguageMode::kSloppy, restriction, parameters_end_pos, eval_position);
 }
 
 // static
 MaybeHandle<JSFunction> Compiler::GetFunctionFromString(
     Handle<NativeContext> context, Handle<Object> source,
-    ParseRestriction restriction, int parameters_end_pos, bool is_code_like) {
+    int parameters_end_pos, bool is_code_like) {
   Isolate* const isolate = context->GetIsolate();
   MaybeHandle<String> validated_source =
       ValidateDynamicCompilationSource(isolate, context, source, is_code_like)
           .first;
-  return GetFunctionFromValidatedString(context, validated_source, restriction,
+  return GetFunctionFromValidatedString(context, validated_source,
+                                        ONLY_SINGLE_FUNCTION_LITERAL,
                                         parameters_end_pos);
 }
 
@@ -3986,7 +4300,7 @@ Handle<SharedFunctionInfo> Compiler::GetSharedFunctionInfo(
     if (literal->produced_preparse_data() != nullptr &&
         existing->HasUncompiledDataWithoutPreparseData()) {
       DirectHandle<UncompiledData> existing_uncompiled_data(
-          existing->uncompiled_data(), isolate);
+          existing->uncompiled_data(isolate), isolate);
       DCHECK_EQ(literal->start_position(),
                 existing_uncompiled_data->start_position());
       DCHECK_EQ(literal->end_position(),
@@ -4167,10 +4481,8 @@ void Compiler::FinalizeMaglevCompilationJob(maglev::MaglevCompilationJob* job,
                                     Cast<AbstractCode>(code));
     job->RecordCompilationStats(isolate);
     if (v8_flags.profile_guided_optimization &&
-        shared->cached_tiering_decision() <
-            CachedTieringDecision::kEarlyMaglevPending) {
-      shared->set_cached_tiering_decision(
-          CachedTieringDecision::kEarlyMaglevPending);
+        shared->cached_tiering_decision() == CachedTieringDecision::kPending) {
+      shared->set_cached_tiering_decision(CachedTieringDecision::kEarlyMaglev);
     }
     CompilerTracer::TraceFinishMaglevCompile(
         isolate, function, job->is_osr(), job->prepare_in_ms(),
@@ -4180,9 +4492,9 @@ void Compiler::FinalizeMaglevCompilationJob(maglev::MaglevCompilationJob* job,
 }
 
 // static
-void Compiler::PostInstantiation(Handle<JSFunction> function,
+void Compiler::PostInstantiation(Isolate* isolate,
+                                 DirectHandle<JSFunction> function,
                                  IsCompiledScope* is_compiled_scope) {
-  Isolate* isolate = function->GetIsolate();
   DirectHandle<SharedFunctionInfo> shared(function->shared(), isolate);
 
   // If code is compiled to bytecode (i.e., isn't asm.js), then allocate a
@@ -4221,20 +4533,24 @@ void Compiler::PostInstantiation(Handle<JSFunction> function,
 
   if (shared->is_toplevel() || shared->is_wrapped()) {
     // If it's a top-level script, report compilation to the debugger.
-    Handle<Script> script(Cast<Script>(shared->script()), isolate);
+    DirectHandle<Script> script(Cast<Script>(shared->script()), isolate);
     isolate->debug()->OnAfterCompile(script);
     TRACE_EVENT1(TRACE_DISABLED_BY_DEFAULT("devtools.v8-source-rundown"),
                  "ScriptCompiled", "data",
                  AddScriptCompiledTrace(isolate, shared));
-    TRACE_EVENT1(
+    bool tracing_enabled;
+    TRACE_EVENT_CATEGORY_GROUP_ENABLED(
         TRACE_DISABLED_BY_DEFAULT("devtools.v8-source-rundown-sources"),
-        "ScriptCompiled", "data", AddScriptSourceTextTrace(isolate, shared));
+        &tracing_enabled);
+    if (tracing_enabled) {
+      EmitScriptSourceTextTrace(isolate, shared);
+    }
   }
 }
 
 std::unique_ptr<v8::tracing::TracedValue> Compiler::AddScriptCompiledTrace(
     Isolate* isolate, DirectHandle<SharedFunctionInfo> shared) {
-  Handle<Script> script(Cast<Script>(shared->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(shared->script()), isolate);
   i::Tagged<i::Object> context_value =
       isolate->native_context()->debug_context_id();
   int contextId = (IsSmi(context_value)) ? i::Smi::ToInt(context_value) : 0;
@@ -4272,19 +4588,45 @@ std::unique_ptr<v8::tracing::TracedValue> Compiler::AddScriptCompiledTrace(
   return value;
 }
 
-std::unique_ptr<v8::tracing::TracedValue> Compiler::AddScriptSourceTextTrace(
+void Compiler::EmitScriptSourceTextTrace(
     Isolate* isolate, DirectHandle<SharedFunctionInfo> shared) {
   DirectHandle<Script> script(Cast<Script>(shared->script()), isolate);
-  auto value = v8::tracing::TracedValue::Create();
-  value->SetString("isolate",
-                   std::to_string(reinterpret_cast<size_t>(isolate)));
-  value->SetInteger("scriptId", script->id());
   if (IsString(script->source())) {
     Tagged<String> source = i::Cast<i::String>(script->source());
-    value->SetInteger("length", source->length());
-    value->SetString("sourceText", source->ToCString().get());
+    auto script_id = script->id();
+    auto isolate_string = std::to_string(reinterpret_cast<size_t>(isolate));
+    int32_t source_length = source->length();
+    const int32_t kSplitMaxLength = 1000000;
+    if (source_length <= kSplitMaxLength) {
+      auto value = v8::tracing::TracedValue::Create();
+      value->SetString("isolate", isolate_string);
+      value->SetInteger("scriptId", script_id);
+      value->SetInteger("length", source_length);
+      value->SetString("sourceText", source->ToCString().get());
+      TRACE_EVENT1(
+          TRACE_DISABLED_BY_DEFAULT("devtools.v8-source-rundown-sources"),
+          "ScriptCompiled", "data", std::move(value));
+    } else {
+      Handle<String> handle_source(source, isolate);
+      int32_t split_count = source_length / kSplitMaxLength + 1;
+      for (int32_t i = 0; i < split_count; i++) {
+        int32_t begin = i * kSplitMaxLength;
+        int32_t end = std::min(begin + kSplitMaxLength, source_length);
+        DirectHandle<String> partial_source =
+            isolate->factory()->NewSubString(handle_source, begin, end);
+        auto split_trace_value = v8::tracing::TracedValue::Create();
+        split_trace_value->SetInteger("splitIndex", i);
+        split_trace_value->SetInteger("splitCount", split_count);
+        split_trace_value->SetString("isolate", isolate_string);
+        split_trace_value->SetInteger("scriptId", script_id);
+        split_trace_value->SetString("sourceText",
+                                     partial_source->ToCString().get());
+        TRACE_EVENT1(
+            TRACE_DISABLED_BY_DEFAULT("devtools.v8-source-rundown-sources"),
+            "LargeScriptCompiledSplits", "data", std::move(split_trace_value));
+      }
+    }
   }
-  return value;
 }
 
 // ----------------------------------------------------------------------------
diff --git a/deps/v8/src/codegen/compiler.h b/deps/v8/src/codegen/compiler.h
index 7fe0eb319413fe..65632d588129f2 100644
--- a/deps/v8/src/codegen/compiler.h
+++ b/deps/v8/src/codegen/compiler.h
@@ -98,7 +98,8 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
                                         Handle<SharedFunctionInfo> shared,
                                         ClearExceptionFlag flag,
                                         IsCompiledScope* is_compiled_scope);
-  static bool CompileBaseline(Isolate* isolate, Handle<JSFunction> function,
+  static bool CompileBaseline(Isolate* isolate,
+                              DirectHandle<JSFunction> function,
                               ClearExceptionFlag flag,
                               IsCompiledScope* is_compiled_scope);
 
@@ -143,7 +144,8 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
   // Give the compiler a chance to perform low-latency initialization tasks of
   // the given {function} on its instantiation. Note that only the runtime will
   // offer this chance, optimized closure instantiation will not call this.
-  static void PostInstantiation(Handle<JSFunction> function,
+  static void PostInstantiation(Isolate* isolate,
+                                DirectHandle<JSFunction> function,
                                 IsCompiledScope* is_compiled_scope);
 
   // ===========================================================================
@@ -159,8 +161,7 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
   V8_WARN_UNUSED_RESULT static MaybeHandle<JSFunction> GetFunctionFromEval(
       Handle<String> source, Handle<SharedFunctionInfo> outer_info,
       Handle<Context> context, LanguageMode language_mode,
-      ParseRestriction restriction, int parameters_end_pos,
-      int eval_scope_position, int eval_position,
+      ParseRestriction restriction, int parameters_end_pos, int eval_position,
       ParsingWhileDebugging parsing_while_debugging =
           ParsingWhileDebugging::kNo);
 
@@ -175,7 +176,7 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
   // Create a (bound) function for a String source within a context for eval.
   V8_WARN_UNUSED_RESULT static MaybeHandle<JSFunction> GetFunctionFromString(
       Handle<NativeContext> context, Handle<i::Object> source,
-      ParseRestriction restriction, int parameters_end_pos, bool is_code_like);
+      int parameters_end_pos, bool is_code_like);
 
   // Decompose GetFunctionFromString into two functions, to allow callers to
   // deal seperately with a case of object not handled by the embedder.
@@ -264,7 +265,7 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
 
   static void LogFunctionCompilation(Isolate* isolate,
                                      LogEventListener::CodeTag code_type,
-                                     Handle<Script> script,
+                                     DirectHandle<Script> script,
                                      Handle<SharedFunctionInfo> shared,
                                      Handle<FeedbackVector> vector,
                                      Handle<AbstractCode> abstract_code,
@@ -277,7 +278,7 @@ class V8_EXPORT_PRIVATE Compiler : public AllStatic {
  private:
   static std::unique_ptr<v8::tracing::TracedValue> AddScriptCompiledTrace(
       Isolate* isolate, DirectHandle<SharedFunctionInfo> shared);
-  static std::unique_ptr<v8::tracing::TracedValue> AddScriptSourceTextTrace(
+  static void EmitScriptSourceTextTrace(
       Isolate* isolate, DirectHandle<SharedFunctionInfo> shared);
 };
 
@@ -648,7 +649,7 @@ class V8_EXPORT_PRIVATE BackgroundCompileTask {
 
 // Contains all data which needs to be transmitted between threads for
 // background parsing and compiling and finalizing it on the main thread.
-struct ScriptStreamingData {
+struct V8_EXPORT_PRIVATE ScriptStreamingData {
   ScriptStreamingData(
       std::unique_ptr<ScriptCompiler::ExternalSourceStream> source_stream,
       ScriptCompiler::StreamedSource::Encoding encoding);
diff --git a/deps/v8/src/codegen/cpu-features.h b/deps/v8/src/codegen/cpu-features.h
index 86453e39fbff16..8fce196c851830 100644
--- a/deps/v8/src/codegen/cpu-features.h
+++ b/deps/v8/src/codegen/cpu-features.h
@@ -90,6 +90,7 @@ enum CpuFeature {
   ZBA,
   ZBB,
   ZBS,
+  ZICOND,
 #endif
 
   NUMBER_OF_CPU_FEATURES
diff --git a/deps/v8/src/codegen/external-reference-table.cc b/deps/v8/src/codegen/external-reference-table.cc
index 207b26498fe855..5a452891f4da1d 100644
--- a/deps/v8/src/codegen/external-reference-table.cc
+++ b/deps/v8/src/codegen/external-reference-table.cc
@@ -83,22 +83,18 @@ const char* const
 #undef ADD_ACCESSOR_CALLBACK_NAME
 #undef ADD_STATS_COUNTER_NAME
 
-namespace {
-static Address ref_addr_isolate_independent_
-    [ExternalReferenceTable::kSizeIsolateIndependent] = {0};
-}  // namespace
-
 // Forward declarations for C++ builtins.
 #define FORWARD_DECLARE(Name) \
   Address Builtin_##Name(int argc, Address* args, Isolate* isolate);
 BUILTIN_LIST_C(FORWARD_DECLARE)
 #undef FORWARD_DECLARE
 
-void ExternalReferenceTable::InitIsolateIndependent() {
+void ExternalReferenceTable::InitIsolateIndependent(
+    MemorySpan<Address> shared_external_references) {
   DCHECK_EQ(is_initialized_, kUninitialized);
 
   int index = 0;
-  CopyIsolateIndependentReferences(&index);
+  CopyIsolateIndependentReferences(&index, shared_external_references);
   CHECK_EQ(kSizeIsolateIndependent, index);
 
   is_initialized_ = kInitializedIsolateIndependent;
@@ -130,23 +126,26 @@ const char* ExternalReferenceTable::ResolveSymbol(void* address) {
 #endif  // SYMBOLIZE_FUNCTION
 }
 
-void ExternalReferenceTable::InitializeOncePerProcess() {
+// static
+void ExternalReferenceTable::InitializeOncePerIsolateGroup(
+    MemorySpan<Address> shared_external_references) {
   int index = 0;
 
   // kNullAddress is preserved through serialization/deserialization.
-  AddIsolateIndependent(kNullAddress, &index);
-  AddIsolateIndependentReferences(&index);
-  AddBuiltins(&index);
-  AddRuntimeFunctions(&index);
-  AddAccessors(&index);
+  AddIsolateIndependent(kNullAddress, &index, shared_external_references);
+  AddIsolateIndependentReferences(&index, shared_external_references);
+  AddBuiltins(&index, shared_external_references);
+  AddRuntimeFunctions(&index, shared_external_references);
+  AddAccessors(&index, shared_external_references);
 
   CHECK_EQ(kSizeIsolateIndependent, index);
 }
 
+// static
 const char* ExternalReferenceTable::NameOfIsolateIndependentAddress(
-    Address address) {
+    Address address, MemorySpan<Address> shared_external_references) {
   for (int i = 0; i < kSizeIsolateIndependent; i++) {
-    if (ref_addr_isolate_independent_[i] == address) {
+    if (shared_external_references[i] == address) {
       return ref_name_[i];
     }
   }
@@ -157,16 +156,21 @@ void ExternalReferenceTable::Add(Address address, int* index) {
   ref_addr_[(*index)++] = address;
 }
 
-void ExternalReferenceTable::AddIsolateIndependent(Address address,
-                                                   int* index) {
-  ref_addr_isolate_independent_[(*index)++] = address;
+// static
+void ExternalReferenceTable::AddIsolateIndependent(
+    Address address, int* index,
+    MemorySpan<Address> shared_external_references) {
+  shared_external_references[(*index)++] = address;
 }
 
-void ExternalReferenceTable::AddIsolateIndependentReferences(int* index) {
+// static
+void ExternalReferenceTable::AddIsolateIndependentReferences(
+    int* index, MemorySpan<Address> shared_external_references) {
   CHECK_EQ(kSpecialReferenceCount, *index);
 
-#define ADD_EXTERNAL_REFERENCE(name, desc) \
-  AddIsolateIndependent(ExternalReference::name().address(), index);
+#define ADD_EXTERNAL_REFERENCE(name, desc)                          \
+  AddIsolateIndependent(ExternalReference::name().address(), index, \
+                        shared_external_references);
   EXTERNAL_REFERENCE_LIST(ADD_EXTERNAL_REFERENCE)
 #undef ADD_EXTERNAL_REFERENCE
 
@@ -187,7 +191,9 @@ void ExternalReferenceTable::AddIsolateDependentReferences(Isolate* isolate,
            *index);
 }
 
-void ExternalReferenceTable::AddBuiltins(int* index) {
+// static
+void ExternalReferenceTable::AddBuiltins(
+    int* index, MemorySpan<Address> shared_external_references) {
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent,
            *index);
 
@@ -197,7 +203,8 @@ void ExternalReferenceTable::AddBuiltins(int* index) {
 #undef DEF_ENTRY
   };
   for (Address addr : c_builtins) {
-    AddIsolateIndependent(ExternalReference::Create(addr).address(), index);
+    AddIsolateIndependent(ExternalReference::Create(addr).address(), index,
+                          shared_external_references);
   }
 
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent +
@@ -205,7 +212,9 @@ void ExternalReferenceTable::AddBuiltins(int* index) {
            *index);
 }
 
-void ExternalReferenceTable::AddRuntimeFunctions(int* index) {
+// static
+void ExternalReferenceTable::AddRuntimeFunctions(
+    int* index, MemorySpan<Address> shared_external_references) {
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent +
                kBuiltinsReferenceCount,
            *index);
@@ -217,7 +226,8 @@ void ExternalReferenceTable::AddRuntimeFunctions(int* index) {
   };
 
   for (Runtime::FunctionId fId : runtime_functions) {
-    AddIsolateIndependent(ExternalReference::Create(fId).address(), index);
+    AddIsolateIndependent(ExternalReference::Create(fId).address(), index,
+                          shared_external_references);
   }
 
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent +
@@ -225,11 +235,14 @@ void ExternalReferenceTable::AddRuntimeFunctions(int* index) {
            *index);
 }
 
-void ExternalReferenceTable::CopyIsolateIndependentReferences(int* index) {
+void ExternalReferenceTable::CopyIsolateIndependentReferences(
+    int* index, MemorySpan<Address> shared_external_references) {
   CHECK_EQ(0, *index);
 
-  std::copy(ref_addr_isolate_independent_,
-            ref_addr_isolate_independent_ + kSizeIsolateIndependent, ref_addr_);
+  DCHECK_GE(shared_external_references.size(), kSizeIsolateIndependent);
+  std::copy(shared_external_references.data(),
+            shared_external_references.data() + kSizeIsolateIndependent,
+            ref_addr_);
   *index += kSizeIsolateIndependent;
 }
 
@@ -246,7 +259,9 @@ void ExternalReferenceTable::AddIsolateAddresses(Isolate* isolate, int* index) {
            *index);
 }
 
-void ExternalReferenceTable::AddAccessors(int* index) {
+// static
+void ExternalReferenceTable::AddAccessors(
+    int* index, MemorySpan<Address> shared_external_references) {
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent +
                kBuiltinsReferenceCount + kRuntimeReferenceCount,
            *index);
@@ -274,7 +289,7 @@ void ExternalReferenceTable::AddAccessors(int* index) {
 #undef ACCESSOR_CALLBACK_DECLARATION
 
   for (Address addr : accessors) {
-    AddIsolateIndependent(addr, index);
+    AddIsolateIndependent(addr, index, shared_external_references);
   }
 
   CHECK_EQ(kSpecialReferenceCount + kExternalReferenceCountIsolateIndependent +
diff --git a/deps/v8/src/codegen/external-reference-table.h b/deps/v8/src/codegen/external-reference-table.h
index d5d12833f7117a..968d4be87afb9a 100644
--- a/deps/v8/src/codegen/external-reference-table.h
+++ b/deps/v8/src/codegen/external-reference-table.h
@@ -5,6 +5,7 @@
 #ifndef V8_CODEGEN_EXTERNAL_REFERENCE_TABLE_H_
 #define V8_CODEGEN_EXTERNAL_REFERENCE_TABLE_H_
 
+#include "include/v8-memory-span.h"
 #include "src/builtins/accessors.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/external-reference.h"
@@ -67,8 +68,10 @@ class ExternalReferenceTable {
     return i * kEntrySize;
   }
 
-  static void InitializeOncePerProcess();
-  static const char* NameOfIsolateIndependentAddress(Address address);
+  static void InitializeOncePerIsolateGroup(
+      MemorySpan<Address> shared_external_references);
+  static const char* NameOfIsolateIndependentAddress(
+      Address address, MemorySpan<Address> shared_external_references);
 
   const char* NameFromOffset(uint32_t offset) {
     DCHECK_EQ(offset % kEntrySize, 0);
@@ -81,20 +84,29 @@ class ExternalReferenceTable {
   ExternalReferenceTable(const ExternalReferenceTable&) = delete;
   ExternalReferenceTable& operator=(const ExternalReferenceTable&) = delete;
 
-  void InitIsolateIndependent();  // Step 1.
+  void InitIsolateIndependent(
+      MemorySpan<Address> shared_external_references);  // Step 1.
+
   void Init(Isolate* isolate);    // Step 2.
 
  private:
-  static void AddIsolateIndependent(Address address, int* index);
-
-  static void AddIsolateIndependentReferences(int* index);
-  static void AddBuiltins(int* index);
-  static void AddRuntimeFunctions(int* index);
-  static void AddAccessors(int* index);
+  static void AddIsolateIndependent(
+      Address address, int* index,
+      MemorySpan<Address> shared_external_references);
+
+  static void AddIsolateIndependentReferences(
+      int* index, MemorySpan<Address> shared_external_references);
+  static void AddBuiltins(int* index,
+                          MemorySpan<Address> shared_external_references);
+  static void AddRuntimeFunctions(
+      int* index, MemorySpan<Address> shared_external_references);
+  static void AddAccessors(int* index,
+                           MemorySpan<Address> shared_external_references);
 
   void Add(Address address, int* index);
 
-  void CopyIsolateIndependentReferences(int* index);
+  void CopyIsolateIndependentReferences(
+      int* index, MemorySpan<Address> shared_external_references);
   void AddIsolateDependentReferences(Isolate* isolate, int* index);
   void AddIsolateAddresses(Isolate* isolate, int* index);
   void AddStubCache(Isolate* isolate, int* index);
diff --git a/deps/v8/src/codegen/external-reference.cc b/deps/v8/src/codegen/external-reference.cc
index bbb6d44c8177fd..2787f2e6b96219 100644
--- a/deps/v8/src/codegen/external-reference.cc
+++ b/deps/v8/src/codegen/external-reference.cc
@@ -4,6 +4,8 @@
 
 #include "src/codegen/external-reference.h"
 
+#include <optional>
+
 #include "include/v8-fast-api-calls.h"
 #include "src/api/api-inl.h"
 #include "src/base/bits.h"
@@ -329,6 +331,11 @@ ExternalReference ExternalReference::memory_chunk_metadata_table_address() {
   return ExternalReference(MemoryChunk::MetadataTableAddress());
 }
 
+ExternalReference ExternalReference::js_dispatch_table_address() {
+  // TODO(saelo): maybe rename to js_dispatch_table_base_address?
+  return ExternalReference(GetProcessWideJSDispatchTable()->base_address());
+}
+
 #endif  // V8_ENABLE_SANDBOX
 
 ExternalReference ExternalReference::interpreter_dispatch_table_address(
@@ -454,7 +461,7 @@ Address DebugGetCoverageInfo(Isolate* isolate, Address raw_sfi) {
   DisallowGarbageCollection no_gc;
   Tagged<SharedFunctionInfo> sfi =
       Cast<SharedFunctionInfo>(Tagged<Object>(raw_sfi));
-  base::Optional<Tagged<DebugInfo>> debug_info =
+  std::optional<Tagged<DebugInfo>> debug_info =
       isolate->debug()->TryGetDebugInfo(sfi);
   if (debug_info.has_value() && debug_info.value()->HasCoverageInfo()) {
     return debug_info.value()->coverage_info().ptr();
@@ -588,6 +595,41 @@ FUNCTION_REFERENCE(wasm_f32x4_ceil, wasm::f32x4_ceil_wrapper)
 FUNCTION_REFERENCE(wasm_f32x4_floor, wasm::f32x4_floor_wrapper)
 FUNCTION_REFERENCE(wasm_f32x4_trunc, wasm::f32x4_trunc_wrapper)
 FUNCTION_REFERENCE(wasm_f32x4_nearest_int, wasm::f32x4_nearest_int_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_abs, wasm::f16x8_abs_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_neg, wasm::f16x8_neg_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_sqrt, wasm::f16x8_sqrt_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_ceil, wasm::f16x8_ceil_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_floor, wasm::f16x8_floor_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_trunc, wasm::f16x8_trunc_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_nearest_int, wasm::f16x8_nearest_int_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_eq, wasm::f16x8_eq_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_ne, wasm::f16x8_ne_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_lt, wasm::f16x8_lt_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_le, wasm::f16x8_le_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_add, wasm::f16x8_add_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_sub, wasm::f16x8_sub_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_mul, wasm::f16x8_mul_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_div, wasm::f16x8_div_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_min, wasm::f16x8_min_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_max, wasm::f16x8_max_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_pmin, wasm::f16x8_pmin_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_pmax, wasm::f16x8_pmax_wrapper)
+FUNCTION_REFERENCE(wasm_i16x8_sconvert_f16x8,
+                   wasm::i16x8_sconvert_f16x8_wrapper)
+FUNCTION_REFERENCE(wasm_i16x8_uconvert_f16x8,
+                   wasm::i16x8_uconvert_f16x8_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_sconvert_i16x8,
+                   wasm::f16x8_sconvert_i16x8_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_uconvert_i16x8,
+                   wasm::f16x8_uconvert_i16x8_wrapper)
+FUNCTION_REFERENCE(wasm_f32x4_promote_low_f16x8,
+                   wasm::f32x4_promote_low_f16x8_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_demote_f32x4_zero,
+                   wasm::f16x8_demote_f32x4_zero_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_demote_f64x2_zero,
+                   wasm::f16x8_demote_f64x2_zero_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_qfma, wasm::f16x8_qfma_wrapper)
+FUNCTION_REFERENCE(wasm_f16x8_qfms, wasm::f16x8_qfms_wrapper)
 FUNCTION_REFERENCE(wasm_memory_init, wasm::memory_init_wrapper)
 FUNCTION_REFERENCE(wasm_memory_copy, wasm::memory_copy_wrapper)
 FUNCTION_REFERENCE(wasm_memory_fill, wasm::memory_fill_wrapper)
diff --git a/deps/v8/src/codegen/external-reference.h b/deps/v8/src/codegen/external-reference.h
index 4fbc4b5237eecc..f66f8f8a8f17f4 100644
--- a/deps/v8/src/codegen/external-reference.h
+++ b/deps/v8/src/codegen/external-reference.h
@@ -300,6 +300,37 @@ enum class IsolateFieldId : uint8_t;
   IF_WASM(V, wasm_f32x4_floor, "wasm::f32x4_floor_wrapper")                    \
   IF_WASM(V, wasm_f32x4_trunc, "wasm::f32x4_trunc_wrapper")                    \
   IF_WASM(V, wasm_f32x4_nearest_int, "wasm::f32x4_nearest_int_wrapper")        \
+  IF_WASM(V, wasm_f16x8_abs, "wasm::f16x8_abs_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_neg, "wasm::f16x8_neg_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_sqrt, "wasm::f16x8_sqrt_wrapper")                      \
+  IF_WASM(V, wasm_f16x8_ceil, "wasm::f16x8_ceil_wrapper")                      \
+  IF_WASM(V, wasm_f16x8_floor, "wasm::f16x8_floor_wrapper")                    \
+  IF_WASM(V, wasm_f16x8_trunc, "wasm::f16x8_trunc_wrapper")                    \
+  IF_WASM(V, wasm_f16x8_nearest_int, "wasm::f16x8_nearest_int_wrapper")        \
+  IF_WASM(V, wasm_f16x8_eq, "wasm::f16x8_eq_wrapper")                          \
+  IF_WASM(V, wasm_f16x8_ne, "wasm::f16x8_ne_wrapper")                          \
+  IF_WASM(V, wasm_f16x8_lt, "wasm::f16x8_lt_wrapper")                          \
+  IF_WASM(V, wasm_f16x8_le, "wasm::f16x8_le_wrapper")                          \
+  IF_WASM(V, wasm_f16x8_add, "wasm::f16x8_add_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_sub, "wasm::f16x8_sub_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_mul, "wasm::f16x8_mul_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_div, "wasm::f16x8_div_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_min, "wasm::f16x8_min_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_max, "wasm::f16x8_max_wrapper")                        \
+  IF_WASM(V, wasm_f16x8_pmin, "wasm::f16x8_pmin_wrapper")                      \
+  IF_WASM(V, wasm_f16x8_pmax, "wasm::f16x8_pmax_wrapper")                      \
+  IF_WASM(V, wasm_i16x8_sconvert_f16x8, "wasm::i16x8_sconvert_f16x8_wrapper")  \
+  IF_WASM(V, wasm_i16x8_uconvert_f16x8, "wasm::i16x8_uconvert_f16x8_wrapper")  \
+  IF_WASM(V, wasm_f16x8_sconvert_i16x8, "wasm::f16x8_sconvert_i16x8_wrapper")  \
+  IF_WASM(V, wasm_f16x8_uconvert_i16x8, "wasm::f16x8_uconvert_i16x8_wrapper")  \
+  IF_WASM(V, wasm_f32x4_promote_low_f16x8,                                     \
+          "wasm::f32x4_promote_low_f16x8_wrapper")                             \
+  IF_WASM(V, wasm_f16x8_demote_f32x4_zero,                                     \
+          "wasm::f16x8_demote_f32x4_zero_wrapper")                             \
+  IF_WASM(V, wasm_f16x8_demote_f64x2_zero,                                     \
+          "wasm::f16x8_demote_f64x2_zero_wrapper")                             \
+  IF_WASM(V, wasm_f16x8_qfma, "wasm::f16x8_qfma_wrapper")                      \
+  IF_WASM(V, wasm_f16x8_qfms, "wasm::f16x8_qfms_wrapper")                      \
   IF_WASM(V, wasm_memory_init, "wasm::memory_init")                            \
   IF_WASM(V, wasm_memory_copy, "wasm::memory_copy")                            \
   IF_WASM(V, wasm_memory_fill, "wasm::memory_fill")                            \
@@ -434,6 +465,7 @@ enum class IsolateFieldId : uint8_t;
   V(sandbox_end_address, "Sandbox::end()")                          \
   V(empty_backing_store_buffer, "EmptyBackingStoreBuffer()")        \
   V(code_pointer_table_address, "GetProcessWideCodePointerTable()") \
+  V(js_dispatch_table_address, "GetProcessWideJSDispatchTable()")   \
   V(memory_chunk_metadata_table_address, "MemoryChunkMetadata::Table()")
 #else
 #define EXTERNAL_REFERENCE_LIST_SANDBOX(V)
diff --git a/deps/v8/src/codegen/heap-object-list.h b/deps/v8/src/codegen/heap-object-list.h
index 644f5e07edc8df..815d277f1b1d1e 100644
--- a/deps/v8/src/codegen/heap-object-list.h
+++ b/deps/v8/src/codegen/heap-object-list.h
@@ -5,6 +5,13 @@
 #ifndef V8_CODEGEN_HEAP_OBJECT_LIST_H_
 #define V8_CODEGEN_HEAP_OBJECT_LIST_H_
 
+#define BUILTINS_WITH_SFI_OBJECT_LIST_ADAPTER(V, CamelName, underscore_name, \
+                                              ...)                           \
+  V(CamelName##SharedFun, underscore_name##_shared_fun, CamelName##SharedFun)
+
+#define BUILTINS_WITH_SFI_OBJECT_LIST(V) \
+  BUILTINS_WITH_SFI_LIST_GENERATOR(BUILTINS_WITH_SFI_OBJECT_LIST_ADAPTER, V)
+
 #define HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(V)                                  \
   V(ArrayIteratorProtector, array_iterator_protector, ArrayIteratorProtector)  \
   V(ArraySpeciesProtector, array_species_protector, ArraySpeciesProtector)     \
@@ -53,54 +60,7 @@
   V(AsyncGeneratorYieldWithAwaitResolveSharedFun,                              \
     async_generator_yield_with_await_resolve_shared_fun,                       \
     AsyncGeneratorYieldWithAwaitResolveSharedFun)                              \
-  V(AsyncFromSyncIteratorCloseSyncAndRethrowSharedFun,                         \
-    async_from_sync_iterator_close_sync_and_rethrow_shared_fun,                \
-    AsyncFromSyncIteratorCloseSyncAndRethrowSharedFun)                         \
-  V(AsyncIteratorValueUnwrapSharedFun, async_iterator_value_unwrap_shared_fun, \
-    AsyncIteratorValueUnwrapSharedFun)                                         \
-  V(PromiseAllResolveElementSharedFun, promise_all_resolve_element_shared_fun, \
-    PromiseAllResolveElementSharedFun)                                         \
-  V(PromiseAllSettledRejectElementSharedFun,                                   \
-    promise_all_settled_reject_element_shared_fun,                             \
-    PromiseAllSettledRejectElementSharedFun)                                   \
-  V(PromiseAllSettledResolveElementSharedFun,                                  \
-    promise_all_settled_resolve_element_shared_fun,                            \
-    PromiseAllSettledResolveElementSharedFun)                                  \
-  V(PromiseAnyRejectElementSharedFun, promise_any_reject_element_shared_fun,   \
-    PromiseAnyRejectElementSharedFun)                                          \
-  V(PromiseCapabilityDefaultRejectSharedFun,                                   \
-    promise_capability_default_reject_shared_fun,                              \
-    PromiseCapabilityDefaultRejectSharedFun)                                   \
-  V(PromiseCapabilityDefaultResolveSharedFun,                                  \
-    promise_capability_default_resolve_shared_fun,                             \
-    PromiseCapabilityDefaultResolveSharedFun)                                  \
-  V(PromiseCatchFinallySharedFun, promise_catch_finally_shared_fun,            \
-    PromiseCatchFinallySharedFun)                                              \
-  V(PromiseGetCapabilitiesExecutorSharedFun,                                   \
-    promise_get_capabilities_executor_shared_fun,                              \
-    PromiseGetCapabilitiesExecutorSharedFun)                                   \
-  V(PromiseThenFinallySharedFun, promise_then_finally_shared_fun,              \
-    PromiseThenFinallySharedFun)                                               \
-  V(PromiseThrowerFinallySharedFun, promise_thrower_finally_shared_fun,        \
-    PromiseThrowerFinallySharedFun)                                            \
-  V(PromiseValueThunkFinallySharedFun, promise_value_thunk_finally_shared_fun, \
-    PromiseValueThunkFinallySharedFun)                                         \
-  V(ProxyRevokeSharedFun, proxy_revoke_shared_fun, ProxyRevokeSharedFun)       \
-  V(ShadowRealmImportValueFulfilledSFI,                                        \
-    shadow_realm_import_value_fulfilled_sfi,                                   \
-    ShadowRealmImportValueFulfilledSFI)                                        \
-  V(ArrayFromAsyncIterableOnFulfilledSharedFun,                                \
-    array_from_async_iterable_on_fulfilled_shared_fun,                         \
-    ArrayFromAsyncIterableOnFulfilledSharedFun)                                \
-  V(ArrayFromAsyncIterableOnRejectedSharedFun,                                 \
-    array_from_async_iterable_on_rejected_shared_fun,                          \
-    ArrayFromAsyncIterableOnRejectedSharedFun)                                 \
-  V(ArrayFromAsyncArrayLikeOnFulfilledSharedFun,                               \
-    array_from_async_array_like_on_fulfilled_shared_fun,                       \
-    ArrayFromAsyncArrayLikeOnFulfilledSharedFun)                               \
-  V(ArrayFromAsyncArrayLikeOnRejectedSharedFun,                                \
-    array_from_async_array_like_on_rejected_shared_fun,                        \
-    ArrayFromAsyncArrayLikeOnRejectedSharedFun)
+  BUILTINS_WITH_SFI_OBJECT_LIST(V)
 
 #define UNIQUE_INSTANCE_TYPE_IMMUTABLE_IMMOVABLE_MAP_ADAPTER( \
     V, rootIndexName, rootAccessorName, class_name)           \
diff --git a/deps/v8/src/codegen/interface-descriptors-inl.h b/deps/v8/src/codegen/interface-descriptors-inl.h
index 9f74028b81e858..2c1feaae202328 100644
--- a/deps/v8/src/codegen/interface-descriptors-inl.h
+++ b/deps/v8/src/codegen/interface-descriptors-inl.h
@@ -787,7 +787,7 @@ constexpr auto WasmToJSWrapperDescriptor::return_double_registers() {
   struct CallInterfaceDescriptorFor<Builtin::k##Name> {               \
     using type = DescriptorName##Descriptor;                          \
   };
-BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN,
+BUILTIN_LIST(IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN, IGNORE_BUILTIN,
              /*TFC*/ DEFINE_STATIC_BUILTIN_DESCRIPTOR_GETTER, IGNORE_BUILTIN,
              /*TFH*/ DEFINE_STATIC_BUILTIN_DESCRIPTOR_GETTER, IGNORE_BUILTIN,
              /*ASM*/ DEFINE_STATIC_BUILTIN_DESCRIPTOR_GETTER)
diff --git a/deps/v8/src/codegen/interface-descriptors.h b/deps/v8/src/codegen/interface-descriptors.h
index 852c9eb7fc93f8..3bf89681916e57 100644
--- a/deps/v8/src/codegen/interface-descriptors.h
+++ b/deps/v8/src/codegen/interface-descriptors.h
@@ -2444,13 +2444,12 @@ class WasmToJSWrapperDescriptor final
     : public StaticCallInterfaceDescriptor<WasmToJSWrapperDescriptor> {
  public:
   INTERNAL_DESCRIPTOR()
-  DEFINE_RESULT_AND_PARAMETERS_NO_CONTEXT(4, kWasmApiFunctionRef)
-  DEFINE_RESULT_AND_PARAMETER_TYPES(
-      MachineType::IntPtr(),     // GP return 1
-      MachineType::IntPtr(),     // GP return 2
-      MachineType::Float64(),    // FP return 1
-      MachineType::Float64(),    // FP return 2
-      MachineType::AnyTagged())  // WasmApiFunctionRef
+  DEFINE_RESULT_AND_PARAMETERS_NO_CONTEXT(4, kWasmImportData)
+  DEFINE_RESULT_AND_PARAMETER_TYPES(MachineType::IntPtr(),     // GP return 1
+                                    MachineType::IntPtr(),     // GP return 2
+                                    MachineType::Float64(),    // FP return 1
+                                    MachineType::Float64(),    // FP return 2
+                                    MachineType::AnyTagged())  // WasmImportData
   DECLARE_DESCRIPTOR(WasmToJSWrapperDescriptor)
 
   static constexpr int kMaxRegisterParams = 1;
diff --git a/deps/v8/src/codegen/loong64/macro-assembler-loong64.cc b/deps/v8/src/codegen/loong64/macro-assembler-loong64.cc
index 9ac0b9789cf385..7b41b72570b2e0 100644
--- a/deps/v8/src/codegen/loong64/macro-assembler-loong64.cc
+++ b/deps/v8/src/codegen/loong64/macro-assembler-loong64.cc
@@ -6,6 +6,8 @@
 
 #if V8_TARGET_ARCH_LOONG64
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
 #include "src/builtins/builtins-inl.h"
@@ -1106,29 +1108,13 @@ void MacroAssembler::Alsl_d(Register rd, Register rj, Register rk, uint8_t sa,
 // ------------Pseudo-instructions-------------
 
 // Change endianness
-void MacroAssembler::ByteSwapSigned(Register dest, Register src,
-                                    int operand_size) {
-  DCHECK(operand_size == 2 || operand_size == 4 || operand_size == 8);
-  if (operand_size == 2) {
-    revb_2h(dest, src);
-    ext_w_h(dest, dest);
-  } else if (operand_size == 4) {
+void MacroAssembler::ByteSwap(Register dest, Register src, int operand_size) {
+  DCHECK(operand_size == 4 || operand_size == 8);
+  if (operand_size == 4) {
     revb_2w(dest, src);
     slli_w(dest, dest, 0);
   } else {
-    revb_d(dest, dest);
-  }
-}
-
-void MacroAssembler::ByteSwapUnsigned(Register dest, Register src,
-                                      int operand_size) {
-  DCHECK(operand_size == 2 || operand_size == 4);
-  if (operand_size == 2) {
-    revb_2h(dest, src);
-    bstrins_d(dest, zero_reg, 63, 16);
-  } else {
-    revb_2w(dest, src);
-    bstrins_d(dest, zero_reg, 63, 32);
+    revb_d(dest, src);
   }
 }
 
@@ -4042,7 +4028,7 @@ void MacroAssembler::JumpIfObjectType(Label* target, Condition cc,
     scratch = temps.Acquire();
   }
   if (V8_STATIC_ROOTS_BOOL) {
-    if (base::Optional<RootIndex> expected =
+    if (std::optional<RootIndex> expected =
             InstanceTypeChecker::UniqueMapOfInstanceType(instance_type)) {
       Tagged_t ptr = ReadOnlyRootPtr(*expected);
       LoadCompressedMap(scratch, object);
diff --git a/deps/v8/src/codegen/loong64/macro-assembler-loong64.h b/deps/v8/src/codegen/loong64/macro-assembler-loong64.h
index 6ba679da14e0e9..61d7f3722dc61f 100644
--- a/deps/v8/src/codegen/loong64/macro-assembler-loong64.h
+++ b/deps/v8/src/codegen/loong64/macro-assembler-loong64.h
@@ -9,6 +9,8 @@
 #ifndef V8_CODEGEN_LOONG64_MACRO_ASSEMBLER_LOONG64_H_
 #define V8_CODEGEN_LOONG64_MACRO_ASSEMBLER_LOONG64_H_
 
+#include <optional>
+
 #include "src/codegen/assembler.h"
 #include "src/codegen/loong64/assembler-loong64.h"
 #include "src/common/globals.h"
@@ -581,8 +583,7 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   void Trunc_uw_s(Register rd, FPURegister fj, FPURegister scratch);
 
   // Change endianness
-  void ByteSwapSigned(Register dest, Register src, int operand_size);
-  void ByteSwapUnsigned(Register dest, Register src, int operand_size);
+  void ByteSwap(Register dest, Register src, int operand_size);
 
   void Ld_b(Register rd, const MemOperand& rj);
   void Ld_bu(Register rd, const MemOperand& rj);
@@ -1253,10 +1254,10 @@ struct MoveCycleState {
   RegList scratch_regs;
   DoubleRegList scratch_fpregs;
   // Available scratch registers during the move cycle resolution scope.
-  base::Optional<UseScratchRegisterScope> temps;
+  std::optional<UseScratchRegisterScope> temps;
   // Scratch register picked by {MoveToTempLocation}.
-  base::Optional<Register> scratch_reg;
-  base::Optional<DoubleRegister> scratch_fpreg;
+  std::optional<Register> scratch_reg;
+  std::optional<DoubleRegister> scratch_fpreg;
 };
 
 // Provides access to exit frame parameters (GC-ed).
diff --git a/deps/v8/src/codegen/mips64/macro-assembler-mips64.h b/deps/v8/src/codegen/mips64/macro-assembler-mips64.h
index bc97001f229f08..6370a8f0c51538 100644
--- a/deps/v8/src/codegen/mips64/macro-assembler-mips64.h
+++ b/deps/v8/src/codegen/mips64/macro-assembler-mips64.h
@@ -9,6 +9,8 @@
 #ifndef V8_CODEGEN_MIPS64_MACRO_ASSEMBLER_MIPS64_H_
 #define V8_CODEGEN_MIPS64_MACRO_ASSEMBLER_MIPS64_H_
 
+#include <optional>
+
 #include "src/codegen/assembler.h"
 #include "src/codegen/mips64/assembler-mips64.h"
 #include "src/common/globals.h"
@@ -1321,9 +1323,9 @@ struct MoveCycleState {
   // {MoveToTempLocation}.
   RegList scratch_regs;
   // Available scratch registers during the move cycle resolution scope.
-  base::Optional<UseScratchRegisterScope> temps;
+  std::optional<UseScratchRegisterScope> temps;
   // Scratch register picked by {MoveToTempLocation}.
-  base::Optional<Register> scratch_reg;
+  std::optional<Register> scratch_reg;
 };
 
 // Provides access to exit frame parameters (GC-ed).
diff --git a/deps/v8/src/codegen/ppc/macro-assembler-ppc.cc b/deps/v8/src/codegen/ppc/macro-assembler-ppc.cc
index 64fac6cec69cad..43470f42292f34 100644
--- a/deps/v8/src/codegen/ppc/macro-assembler-ppc.cc
+++ b/deps/v8/src/codegen/ppc/macro-assembler-ppc.cc
@@ -7,6 +7,8 @@
 
 #if V8_TARGET_ARCH_PPC || V8_TARGET_ARCH_PPC64
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
 #include "src/builtins/builtins-inl.h"
@@ -868,11 +870,12 @@ void MacroAssembler::JumpIfJSAnyIsNotPrimitive(Register heap_object,
 #ifdef DEBUG
     Label ok;
     LoadMap(scratch, heap_object);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_JS_RECEIVER_TYPE,
+    CompareInstanceTypeRange(scratch, scratch, r0, FIRST_JS_RECEIVER_TYPE,
                              LAST_JS_RECEIVER_TYPE);
     ble(&ok);
     LoadMap(scratch, heap_object);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_PRIMITIVE_HEAP_OBJECT_TYPE,
+    CompareInstanceTypeRange(scratch, scratch, r0,
+                             FIRST_PRIMITIVE_HEAP_OBJECT_TYPE,
                              LAST_PRIMITIVE_HEAP_OBJECT_TYPE);
     ble(&ok);
     Abort(AbortReason::kInvalidReceiver);
@@ -1991,7 +1994,7 @@ void MacroAssembler::PopStackHandler() {
 #if V8_STATIC_ROOTS_BOOL
 void MacroAssembler::CompareInstanceTypeWithUniqueCompressedMap(
     Register map, Register scratch, InstanceType type) {
-  base::Optional<RootIndex> expected =
+  std::optional<RootIndex> expected =
       InstanceTypeChecker::UniqueMapOfInstanceType(type);
   CHECK(expected);
   Tagged_t expected_ptr = ReadOnlyRootPtr(*expected);
@@ -2046,6 +2049,15 @@ void MacroAssembler::CompareObjectType(Register object, Register map,
   CompareInstanceType(map, temp, type);
 }
 
+void MacroAssembler::CompareObjectTypeRange(Register object, Register map,
+                                            Register type_reg, Register scratch,
+                                            InstanceType lower_limit,
+                                            InstanceType upper_limit) {
+  ASM_CODE_COMMENT(this);
+  LoadMap(map, object);
+  CompareInstanceTypeRange(map, type_reg, scratch, lower_limit, upper_limit);
+}
+
 void MacroAssembler::CompareInstanceType(Register map, Register type_reg,
                                          InstanceType type) {
   static_assert(Map::kInstanceTypeOffset < 4096);
@@ -2054,12 +2066,10 @@ void MacroAssembler::CompareInstanceType(Register map, Register type_reg,
   cmpi(type_reg, Operand(type));
 }
 
-void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
-                                  unsigned higher_limit) {
+void MacroAssembler::CompareRange(Register value, Register scratch,
+                                  unsigned lower_limit, unsigned higher_limit) {
   ASM_CODE_COMMENT(this);
   DCHECK_LT(lower_limit, higher_limit);
-  UseScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
   if (lower_limit != 0) {
     mov(scratch, Operand(lower_limit));
     sub(scratch, value, scratch);
@@ -2071,11 +2081,12 @@ void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
 }
 
 void MacroAssembler::CompareInstanceTypeRange(Register map, Register type_reg,
+                                              Register scratch,
                                               InstanceType lower_limit,
                                               InstanceType higher_limit) {
   DCHECK_LT(lower_limit, higher_limit);
   LoadU16(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
-  CompareRange(type_reg, lower_limit, higher_limit);
+  CompareRange(type_reg, scratch, lower_limit, higher_limit);
 }
 
 void MacroAssembler::CompareTaggedRoot(const Register& obj, RootIndex index) {
@@ -2288,10 +2299,11 @@ void MacroAssembler::MaxF64(DoubleRegister dst, DoubleRegister lhs,
   bind(&done);
 }
 
-void MacroAssembler::JumpIfIsInRange(Register value, unsigned lower_limit,
+void MacroAssembler::JumpIfIsInRange(Register value, Register scratch,
+                                     unsigned lower_limit,
                                      unsigned higher_limit,
                                      Label* on_in_range) {
-  CompareRange(value, lower_limit, higher_limit);
+  CompareRange(value, scratch, lower_limit, higher_limit);
   ble(on_in_range);
 }
 
@@ -2730,7 +2742,7 @@ void MacroAssembler::AssertFunction(Register object) {
     Check(ne, AbortReason::kOperandIsASmiAndNotAFunction, cr0);
     push(object);
     LoadMap(object, object);
-    CompareInstanceTypeRange(object, object, FIRST_JS_FUNCTION_TYPE,
+    CompareInstanceTypeRange(object, object, r0, FIRST_JS_FUNCTION_TYPE,
                              LAST_JS_FUNCTION_TYPE);
     pop(object);
     Check(le, AbortReason::kOperandIsNotAFunction);
@@ -2745,7 +2757,7 @@ void MacroAssembler::AssertCallableFunction(Register object) {
   Check(ne, AbortReason::kOperandIsASmiAndNotAFunction, cr0);
   push(object);
   LoadMap(object, object);
-  CompareInstanceTypeRange(object, object, FIRST_CALLABLE_JS_FUNCTION_TYPE,
+  CompareInstanceTypeRange(object, object, r0, FIRST_CALLABLE_JS_FUNCTION_TYPE,
                            LAST_CALLABLE_JS_FUNCTION_TYPE);
   pop(object);
   Check(le, AbortReason::kOperandIsNotACallableFunction);
@@ -2775,7 +2787,8 @@ void MacroAssembler::AssertGeneratorObject(Register object) {
 
   // Check if JSGeneratorObject
   Register instance_type = object;
-  CompareInstanceTypeRange(map, instance_type, FIRST_JS_GENERATOR_OBJECT_TYPE,
+  CompareInstanceTypeRange(map, instance_type, r0,
+                           FIRST_JS_GENERATOR_OBJECT_TYPE,
                            LAST_JS_GENERATOR_OBJECT_TYPE);
   // Restore generator object to register and perform assertion
   pop(object);
diff --git a/deps/v8/src/codegen/ppc/macro-assembler-ppc.h b/deps/v8/src/codegen/ppc/macro-assembler-ppc.h
index dfa3100480fa06..e86e7d5767f422 100644
--- a/deps/v8/src/codegen/ppc/macro-assembler-ppc.h
+++ b/deps/v8/src/codegen/ppc/macro-assembler-ppc.h
@@ -1681,6 +1681,15 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   // Type_reg can be no_reg. In that case ip is used.
   void CompareObjectType(Register heap_object, Register map, Register type_reg,
                          InstanceType type);
+  // Variant of the above, which compares against a type range rather than a
+  // single type (lower_limit and higher_limit are inclusive).
+  //
+  // Always use unsigned comparisons: ls for a positive result.
+  void CompareObjectTypeRange(Register heap_object, Register map,
+                              Register type_reg, Register scratch,
+                              InstanceType lower_limit,
+                              InstanceType higher_limit);
+
   // Variant of the above, which only guarantees to set the correct eq/ne flag.
   // Neither map, nor type_reg might be set to any particular value.
   void IsObjectType(Register heap_object, Register scratch1, Register scratch2,
@@ -1717,7 +1726,7 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   //
   // Always use unsigned comparisons: ls for a positive result.
   void CompareInstanceTypeRange(Register map, Register type_reg,
-                                InstanceType lower_limit,
+                                Register scratch, InstanceType lower_limit,
                                 InstanceType higher_limit);
 
   // Compare the object in a register to a value from the root list.
@@ -1744,9 +1753,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
 
   // Checks if value is in range [lower_limit, higher_limit] using a single
   // comparison.
-  void CompareRange(Register value, unsigned lower_limit,
+  void CompareRange(Register value, Register scratch, unsigned lower_limit,
                     unsigned higher_limit);
-  void JumpIfIsInRange(Register value, unsigned lower_limit,
+  void JumpIfIsInRange(Register value, Register scratch, unsigned lower_limit,
                        unsigned higher_limit, Label* on_in_range);
 
   void JumpIfJSAnyIsNotPrimitive(
diff --git a/deps/v8/src/codegen/riscv/assembler-riscv.cc b/deps/v8/src/codegen/riscv/assembler-riscv.cc
index 2eb1fcbd940d12..4ae80f5af96630 100644
--- a/deps/v8/src/codegen/riscv/assembler-riscv.cc
+++ b/deps/v8/src/codegen/riscv/assembler-riscv.cc
@@ -70,6 +70,10 @@ static unsigned CpuFeaturesImpliedByCompiler() {
 #if (defined __riscv_zbs)
   answer |= 1u << ZBS;
 #endif  // def __riscv_zbs
+
+#if (defined _riscv_zicond)
+  answer |= 1u << ZICOND;
+#endif  // def _riscv_zicond
   return answer;
 }
 
@@ -79,6 +83,7 @@ static unsigned SimulatorFeatures() {
   answer |= 1u << ZBA;
   answer |= 1u << ZBB;
   answer |= 1u << ZBS;
+  answer |= 1u << ZICOND;
   answer |= 1u << FPU;
   return answer;
 }
@@ -1105,6 +1110,20 @@ void Assembler::GeneralLi(Register rd, int64_t imm) {
 }
 
 void Assembler::li_ptr(Register rd, int64_t imm) {
+#ifdef RISCV_USE_SV39
+  // Initialize rd with an address
+  // Pointers are 39 bits
+  // 4 fixed instructions are generated
+  DCHECK_EQ((imm & 0xffffff8000000000ll), 0);
+  int64_t a8 = imm & 0xff;                      // bits 0:7. 8 bits
+  int64_t high_31 = (imm >> 8) & 0x7fffffff;    // 31 bits
+  int64_t high_20 = ((high_31 + 0x800) >> 12);  // 19 bits
+  int64_t low_12 = high_31 & 0xfff;             // 12 bits
+  lui(rd, (int32_t)high_20);
+  addi(rd, rd, low_12);  // 31 bits in rd.
+  slli(rd, rd, 8);       // Space for next 8 bis
+  ori(rd, rd, a8);       // 8 bits are put in.
+#else
   // Initialize rd with an address
   // Pointers are 48 bits
   // 6 fixed instructions are generated
@@ -1120,6 +1139,7 @@ void Assembler::li_ptr(Register rd, int64_t imm) {
   ori(rd, rd, b11);      // 11 bits are put in. 42 bit in rd
   slli(rd, rd, 6);       // Space for next 6 bits
   ori(rd, rd, a6);       // 6 bits are put in. 48 bis in rd
+#endif
 }
 
 void Assembler::li_constant(Register rd, int64_t imm) {
@@ -1293,7 +1313,11 @@ int Assembler::RelocateInternalReference(RelocInfo::Mode rmode, Address pc,
     DEBUG_PRINTF("\ttarget_address 0x%" PRIxPTR "\n", target_address);
     set_target_value_at(pc, target_address);
 #if V8_TARGET_ARCH_RISCV64
+#ifdef RISCV_USE_SV39
+    return 6;  // Number of instructions patched.
+#else
     return 8;  // Number of instructions patched.
+#endif
 #elif V8_TARGET_ARCH_RISCV32
     return 2;  // Number of instructions patched.
 #endif
@@ -1535,6 +1559,24 @@ Address Assembler::target_address_at(Address pc, Address constant_pool) {
 #if V8_TARGET_ARCH_RISCV64
 Address Assembler::target_address_at(Address pc) {
   DEBUG_PRINTF("target_address_at: pc: %lx\t", pc);
+#ifdef RISCV_USE_SV39
+  Instruction* instr0 = Instruction::At((unsigned char*)pc);
+  Instruction* instr1 = Instruction::At((unsigned char*)(pc + 1 * kInstrSize));
+  Instruction* instr2 = Instruction::At((unsigned char*)(pc + 2 * kInstrSize));
+  Instruction* instr3 = Instruction::At((unsigned char*)(pc + 3 * kInstrSize));
+
+  // Interpret instructions for address generated by li: See listing in
+  // Assembler::set_target_address_at() just below.
+  if (IsLui(*reinterpret_cast<Instr*>(instr0)) &&
+      IsAddi(*reinterpret_cast<Instr*>(instr1)) &&
+      IsSlli(*reinterpret_cast<Instr*>(instr2)) &&
+      IsOri(*reinterpret_cast<Instr*>(instr3))) {
+    // Assemble the 64 bit value.
+    int64_t addr = (int64_t)(instr0->Imm20UValue() << kImm20Shift) +
+                   (int64_t)instr1->Imm12Value();
+    addr <<= 8;
+    addr |= (int64_t)instr3->Imm12Value();
+#else
   Instruction* instr0 = Instruction::At((unsigned char*)pc);
   Instruction* instr1 = Instruction::At((unsigned char*)(pc + 1 * kInstrSize));
   Instruction* instr2 = Instruction::At((unsigned char*)(pc + 2 * kInstrSize));
@@ -1557,7 +1599,7 @@ Address Assembler::target_address_at(Address pc) {
     addr |= (int64_t)instr3->Imm12Value();
     addr <<= 6;
     addr |= (int64_t)instr5->Imm12Value();
-
+#endif
     DEBUG_PRINTF("addr: %" PRIx64 "\n", addr);
     return static_cast<Address>(addr);
   }
@@ -1572,6 +1614,13 @@ Address Assembler::target_address_at(Address pc) {
 //  slli(reg, reg, 6); // Space for next 6 bits
 //  ori(reg, reg, a6); // 6 bits are put in. all 48 bis in reg
 //
+// If define RISCV_USE_SV39, a 39-bit target address is stored in an
+// 4-instruction sequence:
+//  lui(reg, (int32_t)high_20); // 20 high bits
+//  addi(reg, reg, low_12); // 12 following bits. total is 32 high bits in reg.
+//  slli(reg, reg, 7); // Space for next 7 bits
+//  ori(reg, reg, a7); // 7 bits are put in.
+//
 // Patching the address must replace all instructions, and flush the i-cache.
 // Note that this assumes the use of SV48, the 48-bit virtual memory system.
 void Assembler::set_target_value_at(Address pc, uint64_t target,
@@ -1579,6 +1628,33 @@ void Assembler::set_target_value_at(Address pc, uint64_t target,
   DEBUG_PRINTF("set_target_value_at: pc: %" PRIxPTR "\ttarget: %" PRIx64 "\n",
                pc, target);
   uint32_t* p = reinterpret_cast<uint32_t*>(pc);
+#ifdef RISCV_USE_SV39
+  DCHECK_EQ((target & 0xffffff8000000000ll), 0);
+#ifdef DEBUG
+  // Check we have the result from a li macro-instruction.
+  Instruction* instr0 = Instruction::At((unsigned char*)pc);
+  Instruction* instr1 = Instruction::At((unsigned char*)(pc + 1 * kInstrSize));
+  Instruction* instr3 = Instruction::At((unsigned char*)(pc + 3 * kInstrSize));
+  DCHECK(IsLui(*reinterpret_cast<Instr*>(instr0)) &&
+         IsAddi(*reinterpret_cast<Instr*>(instr1)) &&
+         IsOri(*reinterpret_cast<Instr*>(instr3)));
+#endif
+  int64_t a8 = target & 0xff;                    // bits 0:7. 8 bits
+  int64_t high_31 = (target >> 8) & 0x7fffffff;  // 31 bits
+  int64_t high_20 = ((high_31 + 0x800) >> 12);   // 19 bits
+  int64_t low_12 = high_31 & 0xfff;              // 12 bits
+  *p = *p & 0xfff;
+  *p = *p | ((int32_t)high_20 << 12);
+  *(p + 1) = *(p + 1) & 0xfffff;
+  *(p + 1) = *(p + 1) | ((int32_t)low_12 << 20);
+  *(p + 2) = *(p + 2) & 0xfffff;
+  *(p + 2) = *(p + 2) | (8 << 20);
+  *(p + 3) = *(p + 3) & 0xfffff;
+  *(p + 3) = *(p + 3) | ((int32_t)a8 << 20);
+  if (icache_flush_mode != SKIP_ICACHE_FLUSH) {
+    FlushInstructionCache(pc, 6 * kInstrSize);
+  }
+#else
   DCHECK_EQ((target & 0xffff000000000000ll), 0);
 #ifdef DEBUG
   // Check we have the result from a li macro-instruction.
@@ -1611,6 +1687,7 @@ void Assembler::set_target_value_at(Address pc, uint64_t target,
   if (icache_flush_mode != SKIP_ICACHE_FLUSH) {
     FlushInstructionCache(pc, 8 * kInstrSize);
   }
+#endif
   DCHECK_EQ(target_address_at(pc), target);
 }
 
diff --git a/deps/v8/src/codegen/riscv/assembler-riscv.h b/deps/v8/src/codegen/riscv/assembler-riscv.h
index d328710ac2c533..61971284bd3a8d 100644
--- a/deps/v8/src/codegen/riscv/assembler-riscv.h
+++ b/deps/v8/src/codegen/riscv/assembler-riscv.h
@@ -55,6 +55,7 @@
 #include "src/codegen/riscv/extension-riscv-f.h"
 #include "src/codegen/riscv/extension-riscv-m.h"
 #include "src/codegen/riscv/extension-riscv-v.h"
+#include "src/codegen/riscv/extension-riscv-zicond.h"
 #include "src/codegen/riscv/extension-riscv-zicsr.h"
 #include "src/codegen/riscv/extension-riscv-zifencei.h"
 #include "src/codegen/riscv/register-riscv.h"
@@ -173,6 +174,7 @@ class V8_EXPORT_PRIVATE Assembler : public AssemblerBase,
                                     public AssemblerRISCVC,
                                     public AssemblerRISCVZifencei,
                                     public AssemblerRISCVZicsr,
+                                    public AssemblerRISCVZicond,
                                     public AssemblerRISCVV {
  public:
   // Create an assembler. Instructions and relocation information are emitted
diff --git a/deps/v8/src/codegen/riscv/constant-riscv-zicond.h b/deps/v8/src/codegen/riscv/constant-riscv-zicond.h
new file mode 100644
index 00000000000000..3b79ea712e5daf
--- /dev/null
+++ b/deps/v8/src/codegen/riscv/constant-riscv-zicond.h
@@ -0,0 +1,17 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef V8_CODEGEN_RISCV_CONSTANT_RISCV_ZICOND_H_
+#define V8_CODEGEN_RISCV_CONSTANT_RISCV_ZICOND_H_
+
+#include "src/codegen/riscv/base-constants-riscv.h"
+namespace v8 {
+namespace internal {
+// RV32/RV64 Zicond Standard Extension
+constexpr Opcode RO_CZERO_EQZ =
+    OP | (0b101 << kFunct3Shift) | (0b0000111 << kFunct7Shift);
+constexpr Opcode RO_CZERO_NEZ =
+    OP | (0b111 << kFunct3Shift) | (0b0000111 << kFunct7Shift);
+}  // namespace internal
+}  // namespace v8
+#endif  // V8_CODEGEN_RISCV_CONSTANT_RISCV_ZICOND_H_
diff --git a/deps/v8/src/codegen/riscv/extension-riscv-zicond.cc b/deps/v8/src/codegen/riscv/extension-riscv-zicond.cc
new file mode 100644
index 00000000000000..b481f9f38bcef9
--- /dev/null
+++ b/deps/v8/src/codegen/riscv/extension-riscv-zicond.cc
@@ -0,0 +1,24 @@
+
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/codegen/riscv/extension-riscv-zicond.h"
+
+#include "src/codegen/assembler.h"
+#include "src/codegen/riscv/constant-riscv-zicond.h"
+#include "src/codegen/riscv/register-riscv.h"
+
+namespace v8 {
+namespace internal {
+
+void AssemblerRISCVZicond::czero_eqz(Register rd, Register rs1, Register rs2) {
+  GenInstrALU_rr(0b0000111, 0b101, rd, rs1, rs2);
+}
+
+void AssemblerRISCVZicond::czero_nez(Register rd, Register rs1, Register rs2) {
+  GenInstrALU_rr(0b0000111, 0b111, rd, rs1, rs2);
+}
+
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/codegen/riscv/extension-riscv-zicond.h b/deps/v8/src/codegen/riscv/extension-riscv-zicond.h
new file mode 100644
index 00000000000000..c924f295141854
--- /dev/null
+++ b/deps/v8/src/codegen/riscv/extension-riscv-zicond.h
@@ -0,0 +1,24 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_CODEGEN_RISCV_EXTENSION_RISCV_ZICOND_H_
+#define V8_CODEGEN_RISCV_EXTENSION_RISCV_ZICOND_H_
+#include "src/codegen/assembler.h"
+#include "src/codegen/riscv/base-assembler-riscv.h"
+#include "src/codegen/riscv/constant-riscv-zicond.h"
+#include "src/codegen/riscv/register-riscv.h"
+
+namespace v8 {
+namespace internal {
+
+class AssemblerRISCVZicond : public AssemblerRiscvBase {
+ public:
+  // CSR
+  void czero_eqz(Register rd, Register rs1, Register rs2);
+  void czero_nez(Register rd, Register rs1, Register rs2);
+};
+
+}  // namespace internal
+}  // namespace v8
+#endif  // V8_CODEGEN_RISCV_EXTENSION_RISCV_ZICOND_H_
diff --git a/deps/v8/src/codegen/riscv/macro-assembler-riscv.cc b/deps/v8/src/codegen/riscv/macro-assembler-riscv.cc
index 0b1e0aeb51734b..1303bab557c5ae 100644
--- a/deps/v8/src/codegen/riscv/macro-assembler-riscv.cc
+++ b/deps/v8/src/codegen/riscv/macro-assembler-riscv.cc
@@ -4,6 +4,8 @@
 
 #include <limits.h>  // For LONG_MIN, LONG_MAX.
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
 #include "src/builtins/builtins-inl.h"
@@ -1771,6 +1773,37 @@ void MacroAssembler::CalcScaledAddress(Register rd, Register rt, Register rs,
 
 // ------------Pseudo-instructions-------------
 // Change endianness
+
+template <int NBYTES>
+void MacroAssembler::ReverseBytesHelper(Register rd, Register rs, Register tmp1,
+                                        Register tmp2) {
+  DCHECK(tmp1 != tmp2);
+  DCHECK((rs != tmp1) && (rs != tmp2));
+  DCHECK((rd != tmp1) && (rd != tmp2));
+
+  // ByteMask - maximum value, held in byte
+  constexpr int ByteMask = (1 << kBitsPerByte) - 1;
+  // tmp1 = rs[0]; take least byte
+  // tmp1 = tmp1 << kBitsPerByte;
+  // for (nbyte = 1; nbyte < NBYTES - 1; nbyte++) {
+  //   tmp2 = rs[nbyte]; take n`th byte
+  //   tmp1 = (tmp2 | tmp1) << kBitsPerByte; add n`th source byte to tmp1
+  // }
+  // rd[0] = rs[NBYTES-1]; take upper byte
+  // rd[NBYTES-1 : 1] = tmp1[NBYTES-1 : 1]; fill other bytes
+  andi(tmp1, rs, ByteMask);
+  slli(tmp1, tmp1, kBitsPerByte);
+  for (int nbyte = 1; nbyte < NBYTES - 1; nbyte++) {
+    srli(tmp2, rs, nbyte * kBitsPerByte);
+    andi(tmp2, tmp2, ByteMask);
+    or_(tmp1, tmp1, tmp2);
+    slli(tmp1, tmp1, kBitsPerByte);
+  }
+  srli(rd, rs, (NBYTES - 1) * kBitsPerByte);
+  andi(rd, rd, ByteMask);
+  or_(rd, tmp1, rd);
+}
+
 #if V8_TARGET_ARCH_RISCV64
 void MacroAssembler::ByteSwap(Register rd, Register rs, int operand_size,
                               Register scratch) {
@@ -1785,54 +1818,63 @@ void MacroAssembler::ByteSwap(Register rd, Register rs, int operand_size,
   DCHECK_NE(scratch, rs);
   DCHECK_NE(scratch, rd);
   if (operand_size == 4) {
-    // Uint32_t x1 = 0x00FF00FF;
-    // x0 = (x0 << 16 | x0 >> 16);
-    // x0 = (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8));
     UseScratchRegisterScope temps(this);
     BlockTrampolinePoolScope block_trampoline_pool(this);
     DCHECK((rd != t6) && (rs != t6));
     Register x0 = temps.Acquire();
     Register x1 = temps.Acquire();
-    Register x2 = scratch;
-    li(x1, 0x00FF00FF);
-    slliw(x0, rs, 16);
-    srliw(rd, rs, 16);
-    or_(x0, rd, x0);   // x0 <- x0 << 16 | x0 >> 16
-    and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF
-    slliw(x2, x2, 8);  // x2 <- (x0 & x1) << 8
-    slliw(x1, x1, 8);  // x1 <- 0xFF00FF00
-    and_(rd, x0, x1);  // x0 & 0xFF00FF00
-    srliw(rd, rd, 8);
-    or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+    if (scratch == no_reg) {
+      ReverseBytesHelper<8>(rd, rs, x0, x1);
+      srai(rd, rd, 32);
+    } else {
+      // Uint32_t x1 = 0x00FF00FF;
+      // x0 = (x0 << 16 | x0 >> 16);
+      // x0 = (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8));
+      Register x2 = scratch;
+      li(x1, 0x00FF00FF);
+      slliw(x0, rs, 16);
+      srliw(rd, rs, 16);
+      or_(x0, rd, x0);   // x0 <- x0 << 16 | x0 >> 16
+      and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF
+      slliw(x2, x2, 8);  // x2 <- (x0 & x1) << 8
+      slliw(x1, x1, 8);  // x1 <- 0xFF00FF00
+      and_(rd, x0, x1);  // x0 & 0xFF00FF00
+      srliw(rd, rd, 8);
+      or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+    }
   } else {
-    // uinx24_t x1 = 0x0000FFFF0000FFFFl;
-    // uinx24_t x1 = 0x00FF00FF00FF00FFl;
-    // x0 = (x0 << 32 | x0 >> 32);
-    // x0 = (x0 & x1) << 16 | (x0 & (x1 << 16)) >> 16;
-    // x0 = (x0 & x1) << 8  | (x0 & (x1 << 8)) >> 8;
     UseScratchRegisterScope temps(this);
     BlockTrampolinePoolScope block_trampoline_pool(this);
     DCHECK((rd != t6) && (rs != t6));
     Register x0 = temps.Acquire();
     Register x1 = temps.Acquire();
-    Register x2 = scratch;
-    li(x1, 0x0000FFFF0000FFFFl);
-    slli(x0, rs, 32);
-    srli(rd, rs, 32);
-    or_(x0, rd, x0);   // x0 <- x0 << 32 | x0 >> 32
-    and_(x2, x0, x1);  // x2 <- x0 & 0x0000FFFF0000FFFF
-    slli(x2, x2, 16);  // x2 <- (x0 & 0x0000FFFF0000FFFF) << 16
-    slli(x1, x1, 16);  // x1 <- 0xFFFF0000FFFF0000
-    and_(rd, x0, x1);  // rd <- x0 & 0xFFFF0000FFFF0000
-    srli(rd, rd, 16);  // rd <- x0 & (x1 << 16)) >> 16
-    or_(x0, rd, x2);   // (x0 & x1) << 16 | (x0 & (x1 << 16)) >> 16;
-    li(x1, 0x00FF00FF00FF00FFl);
-    and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF00FF00FF
-    slli(x2, x2, 8);   // x2 <- (x0 & x1) << 8
-    slli(x1, x1, 8);   // x1 <- 0xFF00FF00FF00FF00
-    and_(rd, x0, x1);
-    srli(rd, rd, 8);  // rd <- (x0 & (x1 << 8)) >> 8
-    or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+    if (scratch == no_reg) {
+      ReverseBytesHelper<8>(rd, rs, x0, x1);
+    } else {
+      // uinx24_t x1 = 0x0000FFFF0000FFFFl;
+      // uinx24_t x1 = 0x00FF00FF00FF00FFl;
+      // x0 = (x0 << 32 | x0 >> 32);
+      // x0 = (x0 & x1) << 16 | (x0 & (x1 << 16)) >> 16;
+      // x0 = (x0 & x1) << 8  | (x0 & (x1 << 8)) >> 8;
+      Register x2 = scratch;
+      li(x1, 0x0000FFFF0000FFFFl);
+      slli(x0, rs, 32);
+      srli(rd, rs, 32);
+      or_(x0, rd, x0);   // x0 <- x0 << 32 | x0 >> 32
+      and_(x2, x0, x1);  // x2 <- x0 & 0x0000FFFF0000FFFF
+      slli(x2, x2, 16);  // x2 <- (x0 & 0x0000FFFF0000FFFF) << 16
+      slli(x1, x1, 16);  // x1 <- 0xFFFF0000FFFF0000
+      and_(rd, x0, x1);  // rd <- x0 & 0xFFFF0000FFFF0000
+      srli(rd, rd, 16);  // rd <- x0 & (x1 << 16)) >> 16
+      or_(x0, rd, x2);   // (x0 & x1) << 16 | (x0 & (x1 << 16)) >> 16;
+      li(x1, 0x00FF00FF00FF00FFl);
+      and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF00FF00FF
+      slli(x2, x2, 8);   // x2 <- (x0 & x1) << 8
+      slli(x1, x1, 8);   // x1 <- 0xFF00FF00FF00FF00
+      and_(rd, x0, x1);
+      srli(rd, rd, 8);  // rd <- (x0 & (x1 << 8)) >> 8
+      or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+    }
   }
 }
 
@@ -1845,25 +1887,29 @@ void MacroAssembler::ByteSwap(Register rd, Register rs, int operand_size,
   }
   DCHECK_NE(scratch, rs);
   DCHECK_NE(scratch, rd);
-  // Uint32_t x1 = 0x00FF00FF;
-  // x0 = (x0 << 16 | x0 >> 16);
-  // x0 = (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8));
   UseScratchRegisterScope temps(this);
   BlockTrampolinePoolScope block_trampoline_pool(this);
   DCHECK((rd != t6) && (rs != t6));
   Register x0 = temps.Acquire();
   Register x1 = temps.Acquire();
-  Register x2 = scratch;
-  li(x1, 0x00FF00FF);
-  slli(x0, rs, 16);
-  srli(rd, rs, 16);
-  or_(x0, rd, x0);   // x0 <- x0 << 16 | x0 >> 16
-  and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF
-  slli(x2, x2, 8);   // x2 <- (x0 & x1) << 8
-  slli(x1, x1, 8);   // x1 <- 0xFF00FF00
-  and_(rd, x0, x1);  // x0 & 0xFF00FF00
-  srli(rd, rd, 8);
-  or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+  if (scratch == no_reg) {
+    ReverseBytesHelper<4>(rd, rs, x0, x1);
+  } else {
+    // Uint32_t x1 = 0x00FF00FF;
+    // x0 = (x0 << 16 | x0 >> 16);
+    // x0 = (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8));
+    Register x2 = scratch;
+    li(x1, 0x00FF00FF);
+    slli(x0, rs, 16);
+    srli(rd, rs, 16);
+    or_(x0, rd, x0);   // x0 <- x0 << 16 | x0 >> 16
+    and_(x2, x0, x1);  // x2 <- x0 & 0x00FF00FF
+    slli(x2, x2, 8);   // x2 <- (x0 & x1) << 8
+    slli(x1, x1, 8);   // x1 <- 0xFF00FF00
+    and_(rd, x0, x1);  // x0 & 0xFF00FF00
+    srli(rd, rd, 8);
+    or_(rd, rd, x2);  // (((x0 & x1) << 8)  | ((x0 & (x1 << 8)) >> 8))
+  }
 }
 #endif
 
@@ -3890,23 +3936,31 @@ void MacroAssembler::CompareI(Register rd, Register rs, const Operand& rt,
 // dest <- (condition != 0 ? zero : dest)
 void MacroAssembler::LoadZeroIfConditionNotZero(Register dest,
                                                 Register condition) {
-  UseScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  seqz(scratch, condition);
-  // neg + and may be more efficient than mul(dest, dest, scratch)
-  neg(scratch, scratch);  // 0 is still 0, 1 becomes all 1s
-  and_(dest, dest, scratch);
+  if (CpuFeatures::IsSupported(ZICOND)) {
+    czero_nez(dest, dest, condition);
+  } else {
+    UseScratchRegisterScope temps(this);
+    Register scratch = temps.Acquire();
+    seqz(scratch, condition);
+    // neg + and may be more efficient than mul(dest, dest, scratch)
+    neg(scratch, scratch);  // 0 is still 0, 1 becomes all 1s
+    and_(dest, dest, scratch);
+  }
 }
 
 // dest <- (condition == 0 ? 0 : dest)
 void MacroAssembler::LoadZeroIfConditionZero(Register dest,
                                              Register condition) {
-  UseScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  snez(scratch, condition);
-  //  neg + and may be more efficient than mul(dest, dest, scratch);
-  neg(scratch, scratch);  // 0 is still 0, 1 becomes all 1s
-  and_(dest, dest, scratch);
+  if (CpuFeatures::IsSupported(ZICOND)) {
+    czero_eqz(dest, dest, condition);
+  } else {
+    UseScratchRegisterScope temps(this);
+    Register scratch = temps.Acquire();
+    snez(scratch, condition);
+    //  neg + and may be more efficient than mul(dest, dest, scratch);
+    neg(scratch, scratch);  // 0 is still 0, 1 becomes all 1s
+    and_(dest, dest, scratch);
+  }
 }
 
 void MacroAssembler::Clz32(Register rd, Register xx) {
@@ -6324,7 +6378,7 @@ void MacroAssembler::JumpIfObjectType(Label* target, Condition cc,
     scratch = temps.Acquire();
   }
   if (V8_STATIC_ROOTS_BOOL) {
-    if (base::Optional<RootIndex> expected =
+    if (std::optional<RootIndex> expected =
             InstanceTypeChecker::UniqueMapOfInstanceType(instance_type)) {
       Tagged_t ptr = ReadOnlyRootPtr(*expected);
       LoadCompressedMap(scratch, object);
diff --git a/deps/v8/src/codegen/riscv/macro-assembler-riscv.h b/deps/v8/src/codegen/riscv/macro-assembler-riscv.h
index f9664dc25c0a1b..309fe99c5d18a5 100644
--- a/deps/v8/src/codegen/riscv/macro-assembler-riscv.h
+++ b/deps/v8/src/codegen/riscv/macro-assembler-riscv.h
@@ -9,6 +9,8 @@
 #ifndef V8_CODEGEN_RISCV_MACRO_ASSEMBLER_RISCV_H_
 #define V8_CODEGEN_RISCV_MACRO_ASSEMBLER_RISCV_H_
 
+#include <optional>
+
 #include "src/codegen/assembler-arch.h"
 #include "src/codegen/assembler.h"
 #include "src/codegen/bailout-reason.h"
@@ -776,7 +778,12 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
 
   // Change endianness
   void ByteSwap(Register dest, Register src, int operand_size,
-                Register scratch);
+                Register scratch = no_reg);
+
+  // helper function for bytes reverse
+  template <int NBYTES>
+  void ReverseBytesHelper(Register rd, Register rs, Register tmp1,
+                          Register tmp2);
 
   void Clear_if_nan_d(Register rd, FPURegister fs);
   void Clear_if_nan_s(Register rd, FPURegister fs);
@@ -1718,9 +1725,9 @@ struct MoveCycleState {
   // {MoveToTempLocation}.
   RegList scratch_regs;
   // Available scratch registers during the move cycle resolution scope.
-  base::Optional<UseScratchRegisterScope> temps;
+  std::optional<UseScratchRegisterScope> temps;
   // Scratch register picked by {MoveToTempLocation}.
-  base::Optional<Register> scratch_reg;
+  std::optional<Register> scratch_reg;
 };
 
 inline MemOperand ExitFrameStackSlotOperand(int offset) {
diff --git a/deps/v8/src/codegen/s390/macro-assembler-s390.cc b/deps/v8/src/codegen/s390/macro-assembler-s390.cc
index a2e198917b8eb9..409c1fe65af5e2 100644
--- a/deps/v8/src/codegen/s390/macro-assembler-s390.cc
+++ b/deps/v8/src/codegen/s390/macro-assembler-s390.cc
@@ -1932,13 +1932,20 @@ void MacroAssembler::IsObjectType(Register object, Register scratch1,
   CompareObjectType(object, scratch1, scratch2, type);
 }
 
-void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
-                                  unsigned higher_limit) {
+void MacroAssembler::CompareObjectTypeRange(Register object, Register map,
+                                            Register type_reg, Register scratch,
+                                            InstanceType lower_limit,
+                                            InstanceType upper_limit) {
+  ASM_CODE_COMMENT(this);
+  LoadMap(map, object);
+  CompareInstanceTypeRange(map, type_reg, scratch, lower_limit, upper_limit);
+}
+
+void MacroAssembler::CompareRange(Register value, Register scratch,
+                                  unsigned lower_limit, unsigned higher_limit) {
   ASM_CODE_COMMENT(this);
   DCHECK_LT(lower_limit, higher_limit);
   if (lower_limit != 0) {
-    UseScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
     mov(scratch, value);
     slgfi(scratch, Operand(lower_limit));
     CmpU64(scratch, Operand(higher_limit - lower_limit));
@@ -1948,11 +1955,12 @@ void MacroAssembler::CompareRange(Register value, unsigned lower_limit,
 }
 
 void MacroAssembler::CompareInstanceTypeRange(Register map, Register type_reg,
+                                              Register scratch,
                                               InstanceType lower_limit,
                                               InstanceType higher_limit) {
   DCHECK_LT(lower_limit, higher_limit);
   LoadU16(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
-  CompareRange(type_reg, lower_limit, higher_limit);
+  CompareRange(type_reg, scratch, lower_limit, higher_limit);
 }
 
 void MacroAssembler::CompareRoot(Register obj, RootIndex index) {
@@ -1978,10 +1986,11 @@ void MacroAssembler::CompareTaggedRoot(Register obj, RootIndex index) {
   CompareTagged(obj, MemOperand(kRootRegister, offset));
 }
 
-void MacroAssembler::JumpIfIsInRange(Register value, unsigned lower_limit,
+void MacroAssembler::JumpIfIsInRange(Register value, Register scratch,
+                                     unsigned lower_limit,
                                      unsigned higher_limit,
                                      Label* on_in_range) {
-  CompareRange(value, lower_limit, higher_limit);
+  CompareRange(value, scratch, lower_limit, higher_limit);
   ble(on_in_range);
 }
 
@@ -2427,7 +2436,7 @@ void MacroAssembler::AssertFunction(Register object) {
     Check(ne, AbortReason::kOperandIsASmiAndNotAFunction, cr0);
     push(object);
     LoadMap(object, object);
-    CompareInstanceTypeRange(object, object, FIRST_JS_FUNCTION_TYPE,
+    CompareInstanceTypeRange(object, object, object, FIRST_JS_FUNCTION_TYPE,
                              LAST_JS_FUNCTION_TYPE);
     pop(object);
     Check(le, AbortReason::kOperandIsNotAFunction);
@@ -2442,7 +2451,8 @@ void MacroAssembler::AssertCallableFunction(Register object) {
   Check(ne, AbortReason::kOperandIsASmiAndNotAFunction);
   push(object);
   LoadMap(object, object);
-  CompareInstanceTypeRange(object, object, FIRST_CALLABLE_JS_FUNCTION_TYPE,
+  CompareInstanceTypeRange(object, object, object,
+                           FIRST_CALLABLE_JS_FUNCTION_TYPE,
                            LAST_CALLABLE_JS_FUNCTION_TYPE);
   pop(object);
   Check(le, AbortReason::kOperandIsNotACallableFunction);
@@ -2471,8 +2481,9 @@ void MacroAssembler::AssertGeneratorObject(Register object) {
   LoadMap(map, object);
 
   // Check if JSGeneratorObject
-  Register instance_type = object;
-  CompareInstanceTypeRange(map, instance_type, FIRST_JS_GENERATOR_OBJECT_TYPE,
+  Register scratch = object;
+  CompareInstanceTypeRange(map, scratch, scratch,
+                           FIRST_JS_GENERATOR_OBJECT_TYPE,
                            LAST_JS_GENERATOR_OBJECT_TYPE);
   // Restore generator object to register and perform assertion
   pop(object);
diff --git a/deps/v8/src/codegen/s390/macro-assembler-s390.h b/deps/v8/src/codegen/s390/macro-assembler-s390.h
index 203df6e0eb9541..0b42aa869e3175 100644
--- a/deps/v8/src/codegen/s390/macro-assembler-s390.h
+++ b/deps/v8/src/codegen/s390/macro-assembler-s390.h
@@ -1610,6 +1610,14 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
     LoadMap(map, heap_object);
     CompareInstanceType<use_unsigned_cmp>(map, temp, type);
   }
+  // Variant of the above, which compares against a type range rather than a
+  // single type (lower_limit and higher_limit are inclusive).
+  //
+  // Always use unsigned comparisons: ls for a positive result.
+  void CompareObjectTypeRange(Register heap_object, Register map,
+                              Register type_reg, Register scratch,
+                              InstanceType lower_limit,
+                              InstanceType higher_limit);
 
   // Compare instance type in a map.  map contains a valid map object whose
   // object type should be compared with the given type.  This both
@@ -1618,10 +1626,11 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   void CompareInstanceType(Register map, Register type_reg, InstanceType type) {
     static_assert(Map::kInstanceTypeOffset < 4096);
     static_assert(LAST_TYPE <= 0xFFFF);
-    LoadS16(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
     if (use_unsigned_cmp) {
+      LoadU16(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
       CmpU64(type_reg, Operand(type));
     } else {
+      LoadS16(type_reg, FieldMemOperand(map, Map::kInstanceTypeOffset));
       CmpS64(type_reg, Operand(type));
     }
   }
@@ -1631,7 +1640,7 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
   //
   // Always use unsigned comparisons: ls for a positive result.
   void CompareInstanceTypeRange(Register map, Register type_reg,
-                                InstanceType lower_limit,
+                                Register scratch, InstanceType lower_limit,
                                 InstanceType higher_limit);
 
   // Compare the object in a register to a value from the root list.
@@ -1676,9 +1685,9 @@ class V8_EXPORT_PRIVATE MacroAssembler : public MacroAssemblerBase {
 
   // Checks if value is in range [lower_limit, higher_limit] using a single
   // comparison.
-  void CompareRange(Register value, unsigned lower_limit,
+  void CompareRange(Register value, Register scratch, unsigned lower_limit,
                     unsigned higher_limit);
-  void JumpIfIsInRange(Register value, unsigned lower_limit,
+  void JumpIfIsInRange(Register value, Register scratch, unsigned lower_limit,
                        unsigned higher_limit, Label* on_in_range);
 
   // ---------------------------------------------------------------------------
diff --git a/deps/v8/src/codegen/shared-ia32-x64/macro-assembler-shared-ia32-x64.h b/deps/v8/src/codegen/shared-ia32-x64/macro-assembler-shared-ia32-x64.h
index d2f4aa9d7e36b9..44cddab431cc52 100644
--- a/deps/v8/src/codegen/shared-ia32-x64/macro-assembler-shared-ia32-x64.h
+++ b/deps/v8/src/codegen/shared-ia32-x64/macro-assembler-shared-ia32-x64.h
@@ -5,6 +5,8 @@
 #ifndef V8_CODEGEN_SHARED_IA32_X64_MACRO_ASSEMBLER_SHARED_IA32_X64_H_
 #define V8_CODEGEN_SHARED_IA32_X64_MACRO_ASSEMBLER_SHARED_IA32_X64_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
 #include "src/codegen/cpu-features.h"
 #include "src/codegen/external-reference.h"
@@ -102,7 +104,7 @@ class V8_EXPORT_PRIVATE SharedMacroAssemblerBase : public MacroAssemblerBase {
   template <typename Dst, typename Arg, typename... Args>
   struct AvxHelper {
     Assembler* assm;
-    base::Optional<CpuFeature> feature = base::nullopt;
+    std::optional<CpuFeature> feature = std::nullopt;
     // Call a method where the AVX version expects the dst argument to be
     // duplicated.
     // E.g. Andps(x, y) -> vandps(x, x, y)
@@ -189,36 +191,36 @@ class V8_EXPORT_PRIVATE SharedMacroAssemblerBase : public MacroAssemblerBase {
             dst, arg, args...);                                        \
   }
 
-#define AVX_OP_SSE3(macro_name, name)                                    \
+#define AVX_OP_SSE3(macro_name, name)                                   \
+  template <typename Dst, typename Arg, typename... Args>               \
+  void macro_name(Dst dst, Arg arg, Args... args) {                     \
+    AvxHelper<Dst, Arg, Args...>{this, std::optional<CpuFeature>(SSE3)} \
+        .template emit<&Assembler::v##name, &Assembler::name>(dst, arg, \
+                                                              args...); \
+  }
+
+#define AVX_OP_SSSE3(macro_name, name)                                   \
   template <typename Dst, typename Arg, typename... Args>                \
   void macro_name(Dst dst, Arg arg, Args... args) {                      \
-    AvxHelper<Dst, Arg, Args...>{this, base::Optional<CpuFeature>(SSE3)} \
+    AvxHelper<Dst, Arg, Args...>{this, std::optional<CpuFeature>(SSSE3)} \
         .template emit<&Assembler::v##name, &Assembler::name>(dst, arg,  \
                                                               args...);  \
   }
 
-#define AVX_OP_SSSE3(macro_name, name)                                    \
+#define AVX_OP_SSE4_1(macro_name, name)                                   \
   template <typename Dst, typename Arg, typename... Args>                 \
   void macro_name(Dst dst, Arg arg, Args... args) {                       \
-    AvxHelper<Dst, Arg, Args...>{this, base::Optional<CpuFeature>(SSSE3)} \
+    AvxHelper<Dst, Arg, Args...>{this, std::optional<CpuFeature>(SSE4_1)} \
         .template emit<&Assembler::v##name, &Assembler::name>(dst, arg,   \
                                                               args...);   \
   }
 
-#define AVX_OP_SSE4_1(macro_name, name)                                    \
-  template <typename Dst, typename Arg, typename... Args>                  \
-  void macro_name(Dst dst, Arg arg, Args... args) {                        \
-    AvxHelper<Dst, Arg, Args...>{this, base::Optional<CpuFeature>(SSE4_1)} \
-        .template emit<&Assembler::v##name, &Assembler::name>(dst, arg,    \
-                                                              args...);    \
-  }
-
-#define AVX_OP_SSE4_2(macro_name, name)                                    \
-  template <typename Dst, typename Arg, typename... Args>                  \
-  void macro_name(Dst dst, Arg arg, Args... args) {                        \
-    AvxHelper<Dst, Arg, Args...>{this, base::Optional<CpuFeature>(SSE4_2)} \
-        .template emit<&Assembler::v##name, &Assembler::name>(dst, arg,    \
-                                                              args...);    \
+#define AVX_OP_SSE4_2(macro_name, name)                                   \
+  template <typename Dst, typename Arg, typename... Args>                 \
+  void macro_name(Dst dst, Arg arg, Args... args) {                       \
+    AvxHelper<Dst, Arg, Args...>{this, std::optional<CpuFeature>(SSE4_2)} \
+        .template emit<&Assembler::v##name, &Assembler::name>(dst, arg,   \
+                                                              args...);   \
   }
 
   // Keep this list sorted by required extension, then instruction name.
@@ -504,7 +506,7 @@ class V8_EXPORT_PRIVATE SharedMacroAssemblerBase : public MacroAssemblerBase {
   void PinsrHelper(Assembler* assm, AvxFn<Op> avx, NoAvxFn<Op> noavx,
                    XMMRegister dst, XMMRegister src1, Op src2, uint8_t imm8,
                    uint32_t* load_pc_offset = nullptr,
-                   base::Optional<CpuFeature> feature = base::nullopt) {
+                   std::optional<CpuFeature> feature = std::nullopt) {
     if (CpuFeatures::IsSupported(AVX)) {
       CpuFeatureScope scope(assm, AVX);
       if (load_pc_offset) *load_pc_offset = assm->pc_offset();
@@ -603,7 +605,7 @@ class V8_EXPORT_PRIVATE SharedMacroAssembler : public SharedMacroAssemblerBase {
     if (CpuFeatures::IsSupported(SSE4_1)) {
       PinsrHelper(this, &Assembler::vpinsrd, &Assembler::pinsrd, dst, src1,
                   src2, imm8, load_pc_offset,
-                  base::Optional<CpuFeature>(SSE4_1));
+                  std::optional<CpuFeature>(SSE4_1));
     } else {
       if (dst != src1) {
         movaps(dst, src1);
diff --git a/deps/v8/src/codegen/signature.h b/deps/v8/src/codegen/signature.h
index 7a6c545faf237d..0863b02bc94246 100644
--- a/deps/v8/src/codegen/signature.h
+++ b/deps/v8/src/codegen/signature.h
@@ -6,7 +6,7 @@
 #define V8_CODEGEN_SIGNATURE_H_
 
 #include "src/base/functional.h"
-#include "src/base/iterator.h"
+#include "src/base/vector.h"
 #include "src/codegen/machine-type.h"
 #include "src/sandbox/check.h"
 #include "src/zone/zone.h"
@@ -49,14 +49,12 @@ class Signature : public ZoneObject {
   }
 
   // Iteration support.
-  base::iterator_range<const T*> parameters() const {
-    return {reps_ + return_count_, reps_ + return_count_ + parameter_count_};
+  base::Vector<const T> parameters() const {
+    return {reps_ + return_count_, parameter_count_};
   }
-  base::iterator_range<const T*> returns() const {
-    return {reps_, reps_ + return_count_};
-  }
-  base::iterator_range<const T*> all() const {
-    return {reps_, reps_ + return_count_ + parameter_count_};
+  base::Vector<const T> returns() const { return {reps_, return_count_}; }
+  base::Vector<const T> all() const {
+    return {reps_, return_count_ + parameter_count_};
   }
 
   bool operator==(const Signature& other) const {
diff --git a/deps/v8/src/codegen/tnode.h b/deps/v8/src/codegen/tnode.h
index 4d1dd7a1138ea3..951fcbbc0f7acb 100644
--- a/deps/v8/src/codegen/tnode.h
+++ b/deps/v8/src/codegen/tnode.h
@@ -97,6 +97,10 @@ struct IndirectPointerHandleT : Uint32T {
   static constexpr MachineType kMachineType = MachineType::Uint32();
 };
 
+struct JSDispatchHandleT : Uint32T {
+  static constexpr MachineType kMachineType = MachineType::Uint32();
+};
+
 #ifdef V8_ENABLE_SANDBOX
 struct ExternalPointerT : Uint32T {
   static constexpr MachineType kMachineType = MachineType::Uint32();
@@ -139,6 +143,12 @@ using TaggedT = Int32T;
 using TaggedT = IntPtrT;
 #endif
 
+#ifdef V8_ENABLE_SANDBOX
+using TrustedPointerT = IndirectPointerHandleT;
+#else
+using TrustedPointerT = TaggedT;
+#endif
+
 // Result of a comparison operation.
 struct BoolT : Word32T {
   static constexpr MachineType kMachineType = MachineType::Int32();
diff --git a/deps/v8/src/codegen/turboshaft-builtins-assembler-inl.h b/deps/v8/src/codegen/turboshaft-builtins-assembler-inl.h
index ccf0230bdf6118..ead65aafbbeb5d 100644
--- a/deps/v8/src/codegen/turboshaft-builtins-assembler-inl.h
+++ b/deps/v8/src/codegen/turboshaft-builtins-assembler-inl.h
@@ -5,30 +5,426 @@
 #ifndef V8_CODEGEN_TURBOSHAFT_BUILTINS_ASSEMBLER_INL_H_
 #define V8_CODEGEN_TURBOSHAFT_BUILTINS_ASSEMBLER_INL_H_
 
+#include <iterator>
+
+#include "src/common/globals.h"
+#include "src/compiler/turboshaft/access-builder.h"
 #include "src/compiler/turboshaft/assembler.h"
 #include "src/compiler/turboshaft/machine-lowering-reducer-inl.h"
+#include "src/compiler/turboshaft/operation-matcher.h"
+#include "src/compiler/turboshaft/sidetable.h"
+#include "src/objects/elements-kind.h"
+
+#define DEFINE_TURBOSHAFT_ALIASES()                                            \
+  template <typename T>                                                        \
+  using V = compiler::turboshaft::V<T>;                                        \
+  template <typename T>                                                        \
+  using ConstOrV = compiler::turboshaft::ConstOrV<T>;                          \
+  template <typename T>                                                        \
+  using OptionalV = compiler::turboshaft::OptionalV<T>;                        \
+  template <typename... Ts>                                                    \
+  using Label = compiler::turboshaft::Label<Ts...>;                            \
+  template <typename... Ts>                                                    \
+  using LoopLabel = compiler::turboshaft::LoopLabel<Ts...>;                    \
+  using Block = compiler::turboshaft::Block;                                   \
+  using OpIndex = compiler::turboshaft::OpIndex;                               \
+  using Word32 = compiler::turboshaft::Word32;                                 \
+  using Word64 = compiler::turboshaft::Word64;                                 \
+  using WordPtr = compiler::turboshaft::WordPtr;                               \
+  using Float32 = compiler::turboshaft::Float32;                               \
+  using Float64 = compiler::turboshaft::Float64;                               \
+  using RegisterRepresentation = compiler::turboshaft::RegisterRepresentation; \
+  using MemoryRepresentation = compiler::turboshaft::MemoryRepresentation;     \
+  using BuiltinCallDescriptor = compiler::turboshaft::BuiltinCallDescriptor;   \
+  using AccessBuilderTS = compiler::turboshaft::AccessBuilderTS;
+
+#define BUILTIN_REDUCER(name)          \
+  TURBOSHAFT_REDUCER_BOILERPLATE(name) \
+  DEFINE_TURBOSHAFT_ALIASES()
 
 namespace v8::internal {
 
 #include "src/compiler/turboshaft/define-assembler-macros.inc"
 
-template <template <typename> typename... Reducers>
+namespace detail {
+
+// TODO(nicohartmann): Rename once CSA is (mostly) gone.
+template <typename Assembler>
+class BuiltinArgumentsTS {
+ public:
+  DEFINE_TURBOSHAFT_ALIASES()
+
+  auto& Asm() const { return *assembler_; }
+
+  // |argc| specifies the number of arguments passed to the builtin.
+  template <typename T>
+  BuiltinArgumentsTS(Assembler* assembler, V<T> argc,
+                     OptionalV<WordPtr> fp = {})
+      : assembler_(assembler) {
+    if constexpr (std::is_same_v<T, WordPtr>) {
+      argc_ = argc;
+    } else {
+      if constexpr (std::is_same_v<T, Word32>) {
+        DCHECK((std::is_same_v<WordPtr, Word64>));
+        argc_ = assembler_->ChangeInt32ToInt64(argc);
+      } else {
+        static_assert(std::is_same_v<T, Word64>);
+        DCHECK((std::is_same_v<WordPtr, Word32>));
+        argc_ = assembler_->TruncateWord64ToWord32(argc);
+      }
+    }
+    if (fp.has_value()) {
+      fp_ = fp.value();
+    } else {
+      fp_ = __ FramePointer();
+    }
+    const intptr_t offset =
+        (StandardFrameConstants::kFixedSlotCountAboveFp + 1) *
+        kSystemPointerSize;
+    // base_ points to the first argument, not the receiver
+    // whether present or not.
+    base_ = __ WordPtrAdd(fp_, offset);
+  }
+
+  V<WordPtr> GetLengthWithReceiver() const { return argc_; }
+
+  V<WordPtr> GetLengthWithoutReceiver() const {
+    return __ WordPtrSub(argc_, kJSArgcReceiverSlots);
+  }
+
+  V<Object> AtIndex(ConstOrV<WordPtr> index) const {
+    TSA_DCHECK(this, __ UintPtrLessThan(index, GetLengthWithoutReceiver()));
+    return V<Object>::Cast(
+        __ LoadOffHeap(AtIndexPtr(index), MemoryRepresentation::AnyTagged()));
+  }
+
+  class Iterator {
+   public:
+    using iterator_type = V<WordPtr>;
+    using value_type = V<Object>;
+
+    // {end} is the iterator-typical exclusive one past the last element.
+    Iterator(const BuiltinArgumentsTS* args, ConstOrV<WordPtr> begin_index,
+             ConstOrV<WordPtr> end_index)
+        : args_(args), begin_index_(begin_index), end_index_(end_index) {}
+
+    template <typename A>
+    iterator_type Begin(A& assembler) {
+      DCHECK(!end_offset_.valid());
+      // Pre-compute the end offset.
+      end_offset_ = args_->AtIndexPtr(assembler.resolve(end_index_));
+      return args_->AtIndexPtr(assembler.resolve(begin_index_));
+    }
+
+    template <typename A>
+    OptionalV<Word32> IsEnd(A& assembler,
+                            iterator_type current_iterator) const {
+      return assembler.UintPtrLessThanOrEqual(end_offset_, current_iterator);
+    }
+
+    template <typename A>
+    iterator_type Advance(A& assembler, iterator_type current_iterator) const {
+      return assembler.WordPtrAdd(
+          current_iterator, ElementsKindToByteSize(SYSTEM_POINTER_ELEMENTS));
+    }
+
+    template <typename A>
+    value_type Dereference(A& assembler, iterator_type current_iterator) const {
+      return V<Object>::Cast(assembler.LoadOffHeap(
+          current_iterator, MemoryRepresentation::AnyTagged()));
+    }
+
+   private:
+    const BuiltinArgumentsTS* args_;
+    ConstOrV<WordPtr> begin_index_;
+    ConstOrV<WordPtr> end_index_;
+    V<WordPtr> end_offset_;
+  };
+
+  Iterator Range(ConstOrV<WordPtr> begin, ConstOrV<WordPtr> end) const {
+    return Iterator(this, begin, end);
+  }
+
+  Iterator Range(ConstOrV<WordPtr> begin) const {
+    return Iterator(this, begin, GetLengthWithoutReceiver());
+  }
+
+  Iterator Range() const {
+    return Iterator(this, 0, GetLengthWithoutReceiver());
+  }
+
+ private:
+  V<WordPtr> AtIndexPtr(ConstOrV<WordPtr> index) const {
+    V<WordPtr> offset =
+        assembler_->ElementOffsetFromIndex(index, SYSTEM_POINTER_ELEMENTS, 0);
+    return __ WordPtrAdd(base_, offset);
+  }
+
+  Assembler* assembler_;
+  V<WordPtr> argc_;
+  V<WordPtr> fp_;
+  V<WordPtr> base_;
+};
+
+}  // namespace detail
+
+class FeedbackCollector {};
+
+template <typename Next>
+class FeedbackCollectorReducer : public Next {
+ public:
+  BUILTIN_REDUCER(FeedbackCollector)
+
+  void CombineFeedback(FeedbackCollector* feedback, int additional_feedback) {
+    if (feedback == nullptr) return;
+    UNIMPLEMENTED();
+  }
+
+  void OverwriteFeedback(FeedbackCollector* feedback, int new_feedback) {
+    if (feedback == nullptr) return;
+    UNIMPLEMENTED();
+  }
+
+  V<Word32> FeedbackIs(FeedbackCollector* feedback, int checked_feedback) {
+    DCHECK_NOT_NULL(feedback);
+    UNIMPLEMENTED();
+  }
+};
+
+template <typename Next>
+class NoFeedbackCollectorReducer : public Next {
+ public:
+  BUILTIN_REDUCER(NoFeedbackCollector)
+
+  void CombineFeedback(FeedbackCollector* feedback, int additional_feedback) {
+    DCHECK_NULL(feedback);
+  }
+
+  void OverwriteFeedback(FeedbackCollector* feedback, int new_feedback) {
+    DCHECK_NULL(feedback);
+  }
+
+  V<Word32> FeedbackIs(FeedbackCollector* feedback, int checked_feedback) {
+    UNREACHABLE();
+  }
+};
+
+template <typename Next>
+class BuiltinsReducer : public Next {
+ public:
+  BUILTIN_REDUCER(Builtins)
+
+  using BuiltinArgumentsTS = detail::BuiltinArgumentsTS<assembler_t>;
+
+  void EmitBuiltinProlog(Builtin builtin_id) {
+    // Bind the entry block.
+    __ Bind(__ NewBlock());
+    // Eagerly emit all parameters such that they are guaranteed to be in the
+    // entry block (assembler will cache them).
+    const compiler::CallDescriptor* desc =
+        __ data() -> builtin_call_descriptor();
+    for (int i = 0; i < static_cast<int>(desc->ParameterCount()); ++i) {
+      __ Parameter(i, RegisterRepresentation::FromMachineType(
+                          desc->GetParameterType(i)));
+    }
+    // TODO(nicohartmann): CSA tracks some debug information here.
+    // Emit stack check.
+    if (Builtins::KindOf(builtin_id) == Builtins::TSJ) {
+      __ PerformStackCheck(__ JSContextParameter());
+    }
+  }
+
+  V<Context> JSContextParameter() {
+    return __ template Parameter<Context>(
+        compiler::Linkage::GetJSCallContextParamIndex(static_cast<int>(
+            __ data()->builtin_call_descriptor()->JSParameterCount())));
+  }
+
+  void PerformStackCheck(V<Context> context) {
+    __ JSStackCheck(context,
+                    OptionalV<compiler::turboshaft::FrameState>::Nullopt(),
+                    compiler::turboshaft::JSStackCheckOp::Kind::kBuiltinEntry);
+  }
+
+  void PopAndReturn(BuiltinArgumentsTS& arguments,
+                    compiler::turboshaft::V<Object> return_value) {
+    // PopAndReturn is supposed to be using ONLY in CSA/Torque builtins for
+    // dropping ALL JS arguments that are currently located on the stack.
+    // The check below ensures that there are no directly accessible stack
+    // parameters from current builtin, which implies that the builtin with
+    // JS calling convention (TFJ) was created with kDontAdaptArgumentsSentinel.
+    // This simplifies semantics of this instruction because in case of presence
+    // of directly accessible stack parameters it's impossible to distinguish
+    // the following cases:
+    // 1) stack parameter is included in JS arguments (and therefore it will be
+    //    dropped as a part of 'pop' number of arguments),
+    // 2) stack parameter is NOT included in JS arguments (and therefore it
+    // should
+    //    be dropped in ADDITION to the 'pop' number of arguments).
+    // Additionally, in order to simplify assembly code, PopAndReturn is also
+    // not allowed in builtins with stub linkage and parameters on stack.
+    CHECK_EQ(__ data()->builtin_call_descriptor()->ParameterSlotCount(), 0);
+    V<WordPtr> pop_count = arguments.GetLengthWithReceiver();
+    std::initializer_list<const OpIndex> temp{return_value};
+    __ Return(__ TruncateWordPtrToWord32(pop_count), base::VectorOf(temp));
+  }
+
+  V<Word32> TruncateTaggedToWord32(V<Context> context, V<Object> value) {
+    Label<Word32> is_number(this);
+    TaggedToWord32OrBigIntImpl<Object::Conversion::kToNumber>(
+        context, value, IsKnownTaggedPointer::kNo, is_number);
+
+    BIND(is_number, number);
+    return number;
+  }
+
+  enum IsKnownTaggedPointer { kNo, kYes };
+  class FeedbackValues {};
+
+  V<Word32> IsBigIntInstanceType(V<Word32> instance_type) { UNIMPLEMENTED(); }
+  V<Word32> IsSmallBigInt(V<BigInt> value) { UNIMPLEMENTED(); }
+  V<Word32> InstanceTypeEqual(ConstOrV<Word32> instance_type,
+                              ConstOrV<Word32> other_instance_type) {
+    return __ Word32Equal(instance_type, other_instance_type);
+  }
+
+  V<WordPtr> AlignTagged(V<WordPtr> size) {
+    return __ WordPtrBitwiseAnd(__ WordPtrAdd(size, kObjectAlignmentMask),
+                                ~kObjectAlignmentMask);
+  }
+
+  V<WordPtr> ElementOffsetFromIndex(ConstOrV<WordPtr> index, ElementsKind kind,
+                                    intptr_t base_size) {
+    const int element_size_shift = ElementsKindToShiftSize(kind);
+    if (std::optional<intptr_t> constant_index = TryToIntPtrConstant(index)) {
+      return __ WordPtrConstant(base_size +
+                                (1 << element_size_shift) * (*constant_index));
+    }
+    if (element_size_shift == 0) {
+      return __ WordPtrAdd(base_size, index);
+    } else {
+      DCHECK_LT(0, element_size_shift);
+      return __ WordPtrAdd(base_size,
+                           __ WordPtrShiftLeft(index, element_size_shift));
+    }
+  }
+
+  std::optional<intptr_t> TryToIntPtrConstant(ConstOrV<WordPtr> index) {
+    if (index.is_constant()) return index.constant_value();
+    intptr_t value;
+    if (matcher_.MatchIntegralWordPtrConstant(index.value(), &value)) {
+      return value;
+    }
+    return std::nullopt;
+  }
+
+  template <Object::Conversion Conversion>
+  void TaggedToWord32OrBigIntImpl(V<Context> context, V<Object> value,
+                                  IsKnownTaggedPointer is_known_tagged_pointer,
+                                  Label<Word32>& if_number,
+                                  Label<BigInt>* if_bigint = nullptr,
+                                  Label<BigInt>* if_bigint64 = nullptr,
+                                  FeedbackCollector* feedback = nullptr) {
+    DCHECK_EQ(Conversion == Object::Conversion::kToNumeric,
+              if_bigint != nullptr);
+
+    if (is_known_tagged_pointer == IsKnownTaggedPointer::kNo) {
+      IF (__ IsSmi(value)) {
+        __ CombineFeedback(feedback, BinaryOperationFeedback::kSignedSmall);
+        GOTO(if_number, __ UntagSmi(V<Smi>::Cast(value)));
+      }
+    }
+
+    ScopedVar<HeapObject> value_heap_object(this, V<HeapObject>::Cast(value));
+    WHILE(1) {
+      V<Map> map = __ LoadMapField(value_heap_object);
+
+      IF (__ IsHeapNumberMap(map)) {
+        __ CombineFeedback(feedback, BinaryOperationFeedback::kNumber);
+        V<Float64> value_float64 =
+            __ LoadHeapNumberValue(V<HeapNumber>::Cast(value_heap_object));
+        GOTO(if_number, __ JSTruncateFloat64ToWord32(value_float64));
+      }
+
+      V<Word32> instance_type = __ LoadInstanceTypeField(map);
+      if (Conversion == Object::Conversion::kToNumeric) {
+        IF (IsBigIntInstanceType(instance_type)) {
+          V<BigInt> value_bigint = V<BigInt>::Cast(value_heap_object);
+          if (Is64() && if_bigint64) {
+            IF (IsSmallBigInt(value_bigint)) {
+              __ CombineFeedback(feedback, BinaryOperationFeedback::kBigInt64);
+              GOTO(*if_bigint64, value_bigint);
+            }
+          }
+          __ CombineFeedback(feedback, BinaryOperationFeedback::kBigInt);
+          GOTO(*if_bigint, value_bigint);
+        }
+      }
+
+      // Not HeapNumber (or BigInt if conversion == kToNumeric).
+      if (feedback != nullptr) {
+        // We do not require an Or with earlier feedback here because once we
+        // convert the value to a Numeric, we cannot reach this path. We can
+        // only reach this path on the first pass when the feedback is kNone.
+        TSA_DCHECK(this,
+                   __ FeedbackIs(feedback, BinaryOperationFeedback::kNone));
+      }
+      IF (InstanceTypeEqual(instance_type, ODDBALL_TYPE)) {
+        __ OverwriteFeedback(feedback,
+                             BinaryOperationFeedback::kNumberOrOddball);
+        V<Float64> oddball_value =
+            __ LoadField(V<Oddball>::Cast(value_heap_object),
+                         AccessBuilderTS::ForHeapNumberOrOddballOrHoleValue());
+        GOTO(if_number, __ JSTruncateFloat64ToWord32(oddball_value));
+      }
+
+      // Not an oddball either -> convert.
+      V<Object> converted_value;
+      // TODO(nicohartmann): We have to make sure that we store the feedback if
+      // any of those calls throws an exception.
+      if constexpr (Conversion == Object::Conversion::kToNumeric) {
+        converted_value =
+            __ template CallBuiltin<BuiltinCallDescriptor::NonNumberToNumeric>(
+                isolate(), context,
+                {V<JSAnyNotNumber>::Cast(value_heap_object)});
+      } else {
+        converted_value =
+            __ template CallBuiltin<BuiltinCallDescriptor::NonNumberToNumber>(
+                isolate(), context,
+                {V<JSAnyNotNumber>::Cast(value_heap_object)});
+      }
+      __ OverwriteFeedback(feedback, BinaryOperationFeedback::kAny);
+
+      GOTO_IF(__ IsSmi(converted_value), if_number,
+              __ UntagSmi(V<Smi>::Cast(converted_value)));
+      value_heap_object = V<HeapObject>::Cast(converted_value);
+    }
+
+    __ Unreachable();
+  }
+
+ private:
+  compiler::turboshaft::OperationMatcher matcher_{__ data()->graph()};
+  Isolate* isolate() { return __ data() -> isolate(); }
+};
+
+template <template <typename> typename Reducer>
 class TurboshaftBuiltinsAssembler
     : public compiler::turboshaft::TSAssembler<
-          Reducers..., compiler::turboshaft::MachineLoweringReducer,
+          Reducer, BuiltinsReducer, NoFeedbackCollectorReducer,
+          compiler::turboshaft::MachineLoweringReducer,
           compiler::turboshaft::VariableReducer> {
+ public:
   using Base = compiler::turboshaft::TSAssembler<
-      Reducers..., compiler::turboshaft::MachineLoweringReducer,
+      Reducer, BuiltinsReducer, NoFeedbackCollectorReducer,
+      compiler::turboshaft::MachineLoweringReducer,
       compiler::turboshaft::VariableReducer>;
-
- public:
-  template <typename T>
-  using V = compiler::turboshaft::V<T>;
-
   TurboshaftBuiltinsAssembler(compiler::turboshaft::PipelineData* data,
                               compiler::turboshaft::Graph& graph,
                               Zone* phase_zone)
       : Base(data, graph, graph, phase_zone) {}
+
+  using Base::Asm;
 };
 
 #include "src/compiler/turboshaft/undef-assembler-macros.inc"
diff --git a/deps/v8/src/codegen/x64/assembler-x64.cc b/deps/v8/src/codegen/x64/assembler-x64.cc
index 4b59cfbfc30cbc..f650d28fa15666 100644
--- a/deps/v8/src/codegen/x64/assembler-x64.cc
+++ b/deps/v8/src/codegen/x64/assembler-x64.cc
@@ -131,6 +131,7 @@ void CpuFeatures::ProbeImpl(bool cross_compile) {
   if (!v8_flags.enable_avx2 || !IsSupported(AVX)) SetUnsupported(AVX2);
   if (!v8_flags.enable_avx_vnni || !IsSupported(AVX)) SetUnsupported(AVX_VNNI);
   if (!v8_flags.enable_fma3 || !IsSupported(AVX)) SetUnsupported(FMA3);
+  if (!v8_flags.enable_f16c || !IsSupported(AVX)) SetUnsupported(F16C);
 
   // Set a static value on whether Simd is supported.
   // This variable is only used for certain archs to query SupportWasmSimd128()
@@ -150,6 +151,7 @@ void CpuFeatures::PrintFeatures() {
   printf(
       "SSE3=%d SSSE3=%d SSE4_1=%d SSE4_2=%d SAHF=%d AVX=%d AVX2=%d AVX_VNNI=%d "
       "FMA3=%d "
+      "F16C=%d "
       "BMI1=%d "
       "BMI2=%d "
       "LZCNT=%d "
@@ -158,9 +160,10 @@ void CpuFeatures::PrintFeatures() {
       CpuFeatures::IsSupported(SSE4_1), CpuFeatures::IsSupported(SSE4_2),
       CpuFeatures::IsSupported(SAHF), CpuFeatures::IsSupported(AVX),
       CpuFeatures::IsSupported(AVX2), CpuFeatures::IsSupported(AVX_VNNI),
-      CpuFeatures::IsSupported(FMA3), CpuFeatures::IsSupported(BMI1),
-      CpuFeatures::IsSupported(BMI2), CpuFeatures::IsSupported(LZCNT),
-      CpuFeatures::IsSupported(POPCNT), CpuFeatures::IsSupported(INTEL_ATOM));
+      CpuFeatures::IsSupported(FMA3), CpuFeatures::IsSupported(F16C),
+      CpuFeatures::IsSupported(BMI1), CpuFeatures::IsSupported(BMI2),
+      CpuFeatures::IsSupported(LZCNT), CpuFeatures::IsSupported(POPCNT),
+      CpuFeatures::IsSupported(INTEL_ATOM));
 }
 
 // -----------------------------------------------------------------------------
diff --git a/deps/v8/src/codegen/x64/macro-assembler-x64.cc b/deps/v8/src/codegen/x64/macro-assembler-x64.cc
index 8c4128ffb5ecf1..f7988c93f7534c 100644
--- a/deps/v8/src/codegen/x64/macro-assembler-x64.cc
+++ b/deps/v8/src/codegen/x64/macro-assembler-x64.cc
@@ -7,6 +7,8 @@
 
 #if V8_TARGET_ARCH_X64
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
 #include "src/base/utils/random-number-generator.h"
@@ -1897,6 +1899,53 @@ void MacroAssembler::F32x8Max(YMMRegister dst, YMMRegister lhs, YMMRegister rhs,
   vandnps(dst, dst, scratch);
 }
 
+void MacroAssembler::F16x8Min(YMMRegister dst, XMMRegister lhs, XMMRegister rhs,
+                              YMMRegister scratch, YMMRegister scratch2) {
+  ASM_CODE_COMMENT(this);
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+  vcvtph2ps(scratch, lhs);
+  vcvtph2ps(scratch2, rhs);
+  // The minps instruction doesn't propagate NaNs and +0's in its first
+  // operand. Perform minps in both orders, merge the results, and adjust.
+  vminps(dst, scratch, scratch2);
+  vminps(scratch, scratch2, scratch);
+  // Propagate -0's and NaNs, which may be non-canonical.
+  vorps(scratch, scratch, dst);
+  // Canonicalize NaNs by quieting and clearing the payload.
+  vcmpunordps(dst, dst, scratch);
+  vorps(scratch, scratch, dst);
+  vpsrld(dst, dst, uint8_t{10});
+  vandnps(dst, dst, scratch);
+  vcvtps2ph(dst, dst, 0);
+}
+
+void MacroAssembler::F16x8Max(YMMRegister dst, XMMRegister lhs, XMMRegister rhs,
+                              YMMRegister scratch, YMMRegister scratch2) {
+  ASM_CODE_COMMENT(this);
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+  vcvtph2ps(scratch, lhs);
+  vcvtph2ps(scratch2, rhs);
+  // The maxps instruction doesn't propagate NaNs and +0's in its first
+  // operand. Perform maxps in both orders, merge the results, and adjust.
+  vmaxps(dst, scratch, scratch2);
+  vmaxps(scratch, scratch2, scratch);
+  // Find discrepancies.
+  vxorps(dst, dst, scratch);
+  // Propagate NaNs, which may be non-canonical.
+  vorps(scratch, scratch, dst);
+  // Propagate sign discrepancy and (subtle) quiet NaNs.
+  vsubps(scratch, scratch, dst);
+  // Canonicalize NaNs by clearing the payload. Sign is non-deterministic.
+  vcmpunordps(dst, dst, scratch);
+  vpsrld(dst, dst, uint8_t{10});
+  vandnps(dst, dst, scratch);
+  vcvtps2ph(dst, dst, 0);
+}
+
 // 1. Zero extend 4 packed 32-bit integers in src1 to 4 packed 64-bit integers
 // in scratch
 // 2. Zero extend 4 packed 32-bit integers in src2 to 4 packed 64-bit integers
@@ -2024,7 +2073,7 @@ void MacroAssembler::I32x8SConvertF32x8(YMMRegister dst, YMMRegister src,
   vpxor(dst, dst, tmp);
 }
 
-void MacroAssembler::I16x8SConvertF16x8(YMMRegister dst, YMMRegister src,
+void MacroAssembler::I16x8SConvertF16x8(YMMRegister dst, XMMRegister src,
                                         YMMRegister tmp, Register scratch) {
   ASM_CODE_COMMENT(this);
   DCHECK(CpuFeatures::IsSupported(AVX) && CpuFeatures::IsSupported(AVX2) &&
@@ -2033,14 +2082,27 @@ void MacroAssembler::I16x8SConvertF16x8(YMMRegister dst, YMMRegister src,
   CpuFeatureScope f16c_scope(this, F16C);
   CpuFeatureScope avx_scope(this, AVX);
   CpuFeatureScope avx2_scope(this, AVX2);
+
+  Operand op = ExternalReferenceAsOperand(
+      ExternalReference::address_of_wasm_i32x8_int32_overflow_as_float(),
+      scratch);
   // Convert source f16 to f32.
   vcvtph2ps(dst, src);
   // Compare it to itself, NaNs are turn to 0s because don't equal to itself.
   vcmpeqps(tmp, dst, dst);
   // Reset NaNs.
   vandps(dst, dst, tmp);
+  // Detect positive Infinity as an overflow above MAX_INT32.
+  vcmpgeps(tmp, dst, op);
   // Convert f32 to i32.
   vcvttps2dq(dst, dst);
+  // cvttps2dq sets all out of range lanes to 0x8000'0000,
+  // but as soon as source values are result of conversion from f16,
+  // and so less than MAX_INT32, only +Infinity is an issue.
+  // Convert all infinities to MAX_INT32 and let vpackssdw
+  // clamp it to MAX_INT16 later.
+  // 0x8000'0000 xor 0xffff'ffff(from 2 steps before) = 0x7fff'ffff (MAX_INT32)
+  vpxor(dst, dst, tmp);
   // We now have 8 i32 values. Using one character per 16 bits:
   // dst: [AABBCCDDEEFFGGHH]
   // Create a copy of the upper four values in the lower half of {tmp}
@@ -2060,7 +2122,7 @@ void MacroAssembler::I16x8SConvertF16x8(YMMRegister dst, YMMRegister src,
   //         └────────────── from upper half of {tmp} (ignored)
 }
 
-void MacroAssembler::I16x8TruncF16x8U(YMMRegister dst, YMMRegister src,
+void MacroAssembler::I16x8TruncF16x8U(YMMRegister dst, XMMRegister src,
                                       YMMRegister tmp) {
   ASM_CODE_COMMENT(this);
   DCHECK(CpuFeatures::IsSupported(AVX) && CpuFeatures::IsSupported(AVX2) &&
@@ -2069,18 +2131,81 @@ void MacroAssembler::I16x8TruncF16x8U(YMMRegister dst, YMMRegister src,
   CpuFeatureScope f16c_scope(this, F16C);
   CpuFeatureScope avx_scope(this, AVX);
   CpuFeatureScope avx2_scope(this, AVX2);
+
+  Operand op = ExternalReferenceAsOperand(
+      ExternalReference::address_of_wasm_i32x8_int32_overflow_as_float(),
+      kScratchRegister);
   vcvtph2ps(dst, src);
   // NAN->0, negative->0.
   vpxor(tmp, tmp, tmp);
   vmaxps(dst, dst, tmp);
+  // Detect positive Infinity as an overflow above MAX_INT32.
+  vcmpgeps(tmp, dst, op);
   // Convert to int.
   vcvttps2dq(dst, dst);
+  // cvttps2dq sets all out of range lanes to 0x8000'0000,
+  // but as soon as source values are result of conversion from f16,
+  // and so less than MAX_INT32, only +Infinity is an issue.
+  // Convert all infinities to MAX_INT32 and let vpackusdw
+  // clamp it to MAX_INT16 later.
+  // 0x8000'0000 xor 0xffff'ffff(from 2 steps before) = 0x7fff'ffff (MAX_INT32)
+  vpxor(dst, dst, tmp);
   // Move high part to a spare register.
   // See detailed comment in {I16x8SConvertF16x8} for how this works.
   vpermq(tmp, dst, 0x4E);  // 0b01001110
   vpackusdw(dst, dst, tmp);
 }
 
+void MacroAssembler::F16x8Qfma(YMMRegister dst, XMMRegister src1,
+                               XMMRegister src2, XMMRegister src3,
+                               YMMRegister tmp, YMMRegister tmp2) {
+  CpuFeatureScope fma3_scope(this, FMA3);
+  CpuFeatureScope f16c_scope(this, F16C);
+
+  if (dst.code() == src2.code()) {
+    vcvtph2ps(dst, dst);
+    vcvtph2ps(tmp, src1);
+    vcvtph2ps(tmp2, src3);
+    vfmadd213ps(dst, tmp, tmp2);
+  } else if (dst.code() == src3.code()) {
+    vcvtph2ps(dst, dst);
+    vcvtph2ps(tmp, src2);
+    vcvtph2ps(tmp2, src1);
+    vfmadd231ps(dst, tmp, tmp2);
+  } else {
+    vcvtph2ps(dst, src1);
+    vcvtph2ps(tmp, src2);
+    vcvtph2ps(tmp2, src3);
+    vfmadd213ps(dst, tmp, tmp2);
+  }
+  vcvtps2ph(dst, dst, 0);
+}
+
+void MacroAssembler::F16x8Qfms(YMMRegister dst, XMMRegister src1,
+                               XMMRegister src2, XMMRegister src3,
+                               YMMRegister tmp, YMMRegister tmp2) {
+  CpuFeatureScope fma3_scope(this, FMA3);
+  CpuFeatureScope f16c_scope(this, F16C);
+
+  if (dst.code() == src2.code()) {
+    vcvtph2ps(dst, dst);
+    vcvtph2ps(tmp, src1);
+    vcvtph2ps(tmp2, src3);
+    vfnmadd213ps(dst, tmp, tmp2);
+  } else if (dst.code() == src3.code()) {
+    vcvtph2ps(dst, dst);
+    vcvtph2ps(tmp, src2);
+    vcvtph2ps(tmp2, src1);
+    vfnmadd231ps(dst, tmp, tmp2);
+  } else {
+    vcvtph2ps(dst, src1);
+    vcvtph2ps(tmp, src2);
+    vcvtph2ps(tmp2, src3);
+    vfnmadd213ps(dst, tmp, tmp2);
+  }
+  vcvtps2ph(dst, dst, 0);
+}
+
 // Helper macro to define qfma macro-assembler. This takes care of every
 // possible case of register aliasing to minimize the number of instructions.
 #define QFMA(ps_or_pd)                        \
@@ -3307,7 +3432,7 @@ void MacroAssembler::IncsspqIfSupported(Register number_of_words,
 #if V8_STATIC_ROOTS_BOOL
 void MacroAssembler::CompareInstanceTypeWithUniqueCompressedMap(
     Register map, InstanceType type) {
-  base::Optional<RootIndex> expected =
+  std::optional<RootIndex> expected =
       InstanceTypeChecker::UniqueMapOfInstanceType(type);
   CHECK(expected);
   Tagged_t expected_ptr = ReadOnlyRootPtr(*expected);
@@ -3335,6 +3460,23 @@ void MacroAssembler::IsObjectType(Register heap_object, InstanceType type,
   CmpObjectType(heap_object, type, map);
 }
 
+void MacroAssembler::IsObjectTypeInRange(Register heap_object,
+                                         InstanceType lower_limit,
+                                         InstanceType higher_limit,
+                                         Register scratch) {
+  DCHECK_LT(lower_limit, higher_limit);
+#if V8_STATIC_ROOTS_BOOL
+  if (auto range = InstanceTypeChecker::UniqueMapRangeOfInstanceTypeRange(
+          lower_limit, higher_limit)) {
+    LoadCompressedMap(scratch, heap_object);
+    CompareRange(scratch, range->first, range->second);
+    return;
+  }
+#endif  // V8_STATIC_ROOTS_BOOL
+  LoadMap(scratch, heap_object);
+  CmpInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
+}
+
 void MacroAssembler::JumpIfJSAnyIsNotPrimitive(Register heap_object,
                                                Register scratch, Label* target,
                                                Label::Distance distance,
diff --git a/deps/v8/src/codegen/x64/macro-assembler-x64.h b/deps/v8/src/codegen/x64/macro-assembler-x64.h
index a16d6708866a45..082a562fd08b0f 100644
--- a/deps/v8/src/codegen/x64/macro-assembler-x64.h
+++ b/deps/v8/src/codegen/x64/macro-assembler-x64.h
@@ -235,6 +235,10 @@ class V8_EXPORT_PRIVATE MacroAssembler
                 YMMRegister scratch);
   void F32x8Max(YMMRegister dst, YMMRegister lhs, YMMRegister rhs,
                 YMMRegister scratch);
+  void F16x8Min(YMMRegister dst, XMMRegister lhs, XMMRegister rhs,
+                YMMRegister scratch, YMMRegister scratch2);
+  void F16x8Max(YMMRegister dst, XMMRegister lhs, XMMRegister rhs,
+                YMMRegister scratch, YMMRegister scratch2);
   void I64x4ExtMul(YMMRegister dst, XMMRegister src1, XMMRegister src2,
                    YMMRegister scratch, bool is_signed);
   void I32x8ExtMul(YMMRegister dst, XMMRegister src1, XMMRegister src2,
@@ -255,9 +259,13 @@ class V8_EXPORT_PRIVATE MacroAssembler
 
   void I32x8SConvertF32x8(YMMRegister dst, YMMRegister src, YMMRegister tmp,
                           Register scratch);
-  void I16x8SConvertF16x8(YMMRegister dst, YMMRegister src, YMMRegister tmp,
+  void I16x8SConvertF16x8(YMMRegister dst, XMMRegister src, YMMRegister tmp,
                           Register scratch);
-  void I16x8TruncF16x8U(YMMRegister dst, YMMRegister src, YMMRegister tmp);
+  void I16x8TruncF16x8U(YMMRegister dst, XMMRegister src, YMMRegister tmp);
+  void F16x8Qfma(YMMRegister dst, XMMRegister src1, XMMRegister src2,
+                 XMMRegister src3, YMMRegister tmp, YMMRegister tmp2);
+  void F16x8Qfms(YMMRegister dst, XMMRegister src1, XMMRegister src2,
+                 XMMRegister src3, YMMRegister tmp, YMMRegister tmp2);
 
   void S256Not(YMMRegister dst, YMMRegister src, YMMRegister scratch);
   void S256Select(YMMRegister dst, YMMRegister mask, YMMRegister src1,
@@ -938,6 +946,12 @@ class V8_EXPORT_PRIVATE MacroAssembler
   // Variant of the above, which only guarantees to set the correct
   // equal/not_equal flag. Map might not be loaded.
   void IsObjectType(Register heap_object, InstanceType type, Register scratch);
+  // Variant of the above, which compares against a type range rather than a
+  // single type (lower_limit and higher_limit are inclusive).
+  //
+  // Always use unsigned comparisons: below for a positive result.
+  void IsObjectTypeInRange(Register heap_object, InstanceType low,
+                           InstanceType high, Register scratch);
 #if V8_STATIC_ROOTS_BOOL
   // Fast variant which is guaranteed to not actually load the instance type
   // from the map.
diff --git a/deps/v8/src/common/assert-scope.h b/deps/v8/src/common/assert-scope.h
index 89be57a66c2e0b..b003a7535030e4 100644
--- a/deps/v8/src/common/assert-scope.h
+++ b/deps/v8/src/common/assert-scope.h
@@ -7,8 +7,9 @@
 
 #include <stdint.h>
 
+#include <optional>
+
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/common/globals.h"
 
@@ -287,7 +288,7 @@ class DisallowHeapAccessIf {
   }
 
  private:
-  base::Optional<DisallowHeapAccess> maybe_disallow_;
+  std::optional<DisallowHeapAccess> maybe_disallow_;
 };
 
 // Like MutexGuard but also asserts that no garbage collection happens while
@@ -295,7 +296,7 @@ class DisallowHeapAccessIf {
 class V8_NODISCARD NoGarbageCollectionMutexGuard {
  public:
   explicit NoGarbageCollectionMutexGuard(base::Mutex* mutex)
-      : guard_(mutex), mutex_(mutex), no_gc_(base::in_place) {}
+      : guard_(mutex), mutex_(mutex), no_gc_(std::in_place) {}
 
   void Unlock() {
     mutex_->Unlock();
@@ -309,7 +310,7 @@ class V8_NODISCARD NoGarbageCollectionMutexGuard {
  private:
   base::MutexGuard guard_;
   base::Mutex* mutex_;
-  base::Optional<DisallowGarbageCollection> no_gc_;
+  std::optional<DisallowGarbageCollection> no_gc_;
 };
 
 // Explicit instantiation declarations.
diff --git a/deps/v8/src/common/code-memory-access.cc b/deps/v8/src/common/code-memory-access.cc
index eb89c8f70b5546..3311bf47179171 100644
--- a/deps/v8/src/common/code-memory-access.cc
+++ b/deps/v8/src/common/code-memory-access.cc
@@ -4,6 +4,8 @@
 
 #include "src/common/code-memory-access.h"
 
+#include <optional>
+
 #include "src/common/code-memory-access-inl.h"
 #include "src/objects/instruction-stream-inl.h"
 #include "src/utils/allocation.h"
@@ -132,8 +134,7 @@ void ThreadIsolation::Initialize(
 ThreadIsolation::JitPageReference ThreadIsolation::LookupJitPageLocked(
     Address addr, size_t size) {
   trusted_data_.jit_pages_mutex_->AssertHeld();
-  base::Optional<JitPageReference> jit_page =
-      TryLookupJitPageLocked(addr, size);
+  std::optional<JitPageReference> jit_page = TryLookupJitPageLocked(addr, size);
   CHECK(jit_page.has_value());
   return std::move(jit_page.value());
 }
@@ -152,14 +153,14 @@ WritableJitPage ThreadIsolation::LookupWritableJitPage(Address addr,
 }
 
 // static
-base::Optional<ThreadIsolation::JitPageReference>
+std::optional<ThreadIsolation::JitPageReference>
 ThreadIsolation::TryLookupJitPage(Address addr, size_t size) {
   base::MutexGuard guard(trusted_data_.jit_pages_mutex_);
   return TryLookupJitPageLocked(addr, size);
 }
 
 // static
-base::Optional<ThreadIsolation::JitPageReference>
+std::optional<ThreadIsolation::JitPageReference>
 ThreadIsolation::TryLookupJitPageLocked(Address addr, size_t size) {
   trusted_data_.jit_pages_mutex_->AssertHeld();
 
@@ -573,10 +574,10 @@ ThreadIsolation::SplitJitPages(Address addr1, size_t size1, Address addr2,
 }
 
 // static
-base::Optional<Address> ThreadIsolation::StartOfJitAllocationAt(
+std::optional<Address> ThreadIsolation::StartOfJitAllocationAt(
     Address inner_pointer) {
   CFIMetadataWriteScope write_scope("StartOfJitAllocationAt");
-  base::Optional<JitPageReference> page = TryLookupJitPage(inner_pointer, 1);
+  std::optional<JitPageReference> page = TryLookupJitPage(inner_pointer, 1);
   if (!page) {
     return {};
   }
diff --git a/deps/v8/src/common/code-memory-access.h b/deps/v8/src/common/code-memory-access.h
index afa49a4255da68..668300f5f4dcc4 100644
--- a/deps/v8/src/common/code-memory-access.h
+++ b/deps/v8/src/common/code-memory-access.h
@@ -6,6 +6,7 @@
 #define V8_COMMON_CODE_MEMORY_ACCESS_H_
 
 #include <map>
+#include <optional>
 
 #include "include/v8-internal.h"
 #include "include/v8-platform.h"
@@ -191,7 +192,7 @@ class V8_EXPORT ThreadIsolation {
   // Check for a potential dead lock in case we want to lookup the jit
   // allocation from inside a signal handler.
   static bool CanLookupStartOfJitAllocationAt(Address inner_pointer);
-  static base::Optional<Address> StartOfJitAllocationAt(Address inner_pointer);
+  static std::optional<Address> StartOfJitAllocationAt(Address inner_pointer);
 
   // Write-protect a given range of memory. Address and size need to be page
   // aligned.
@@ -356,11 +357,11 @@ class V8_EXPORT ThreadIsolation {
   // doesn't need to be the exact previously registered JitPage.
   static JitPageReference LookupJitPage(Address addr, size_t size);
   static JitPageReference LookupJitPageLocked(Address addr, size_t size);
-  static base::Optional<JitPageReference> TryLookupJitPage(Address addr,
-                                                           size_t size);
+  static std::optional<JitPageReference> TryLookupJitPage(Address addr,
+                                                          size_t size);
   // The caller needs to hold a lock of the jit_pages_mutex_
-  static base::Optional<JitPageReference> TryLookupJitPageLocked(Address addr,
-                                                                 size_t size);
+  static std::optional<JitPageReference> TryLookupJitPageLocked(Address addr,
+                                                                size_t size);
   static JitPageReference SplitJitPageLocked(Address addr, size_t size);
   static JitPageReference SplitJitPage(Address addr, size_t size);
   static std::pair<JitPageReference, JitPageReference> SplitJitPages(
@@ -442,8 +443,8 @@ class WritableJitAllocation {
   // The scope and page reference are optional in case we're creating a
   // WritableJitAllocation for off-heap memory. See ForNonExecutableMemory
   // above.
-  base::Optional<RwxMemoryWriteScope> write_scope_;
-  base::Optional<ThreadIsolation::JitPageReference> page_ref_;
+  std::optional<RwxMemoryWriteScope> write_scope_;
+  std::optional<ThreadIsolation::JitPageReference> page_ref_;
   const ThreadIsolation::JitAllocation allocation_;
 
   friend class ThreadIsolation;
diff --git a/deps/v8/src/common/globals.h b/deps/v8/src/common/globals.h
index 4f09e54971c866..bb1069c37c3341 100644
--- a/deps/v8/src/common/globals.h
+++ b/deps/v8/src/common/globals.h
@@ -140,7 +140,7 @@ namespace internal {
 #define V8_ENABLE_SANDBOX_BOOL false
 #endif
 
-#ifdef V8_ENABLE_SANDBOX
+#if defined(V8_ENABLE_SANDBOX) && !defined(V8_DISABLE_LEAPTIERING)
 // Initially, Leaptiering is only available on sandbox-enabled builds, and so
 // V8_ENABLE_SANDBOX and V8_ENABLE_LEAPTIERING are effectively equivalent. Once
 // completed there, it will be ported to non-sandbox builds, at which point the
@@ -577,8 +577,10 @@ constexpr int kIndirectPointerSize = sizeof(IndirectPointerHandle);
 // tagged pointers.
 #ifdef V8_ENABLE_SANDBOX
 constexpr int kTrustedPointerSize = kIndirectPointerSize;
+using TrustedPointer_t = TrustedPointerHandle;
 #else
 constexpr int kTrustedPointerSize = kTaggedSize;
+using TrustedPointer_t = Tagged_t;
 #endif
 constexpr int kCodePointerSize = kTrustedPointerSize;
 
@@ -587,6 +589,10 @@ constexpr int kCodePointerSize = kTrustedPointerSize;
 // pointers. Either way, they are always kTaggedSize fields.
 constexpr int kProtectedPointerSize = kTaggedSize;
 
+#ifdef V8_ENABLE_LEAPTIERING
+constexpr int kJSDispatchHandleSize = sizeof(JSDispatchHandle);
+#endif
+
 constexpr int kEmbedderDataSlotSize = kSystemPointerSize;
 
 constexpr int kEmbedderDataSlotSizeInTaggedSlots =
@@ -1119,6 +1125,10 @@ using JSPrimitive =
 // or a FixedArray.
 using JSAny = Union<Smi, HeapNumber, BigInt, String, Symbol, Boolean, Null,
                     Undefined, JSReceiver>;
+using JSAnyNotNumeric =
+    Union<String, Symbol, Boolean, Null, Undefined, JSReceiver>;
+using JSAnyNotNumber =
+    Union<BigInt, String, Symbol, Boolean, Null, Undefined, JSReceiver>;
 using JSCallable =
     Union<JSBoundFunction, JSFunction, JSObject, JSProxy, JSWrappedFunction>;
 using MaybeObject = MaybeWeak<Object>;
@@ -2369,31 +2379,24 @@ inline std::ostream& operator<<(std::ostream& os, TieringState marker) {
 
 // State machine:
 // S(tate)0: kPending
-// S1: kEarlySparkplug,
-// S2: kEarlyMaglevPending,
-// S3: kEarlyMaglev
-// S4: kEarlyTurbofan
-// S5: kNormal
+// S1: kEarlyMaglev
+// S2: kEarlyTurbofan
+// S3: kNormal
 //
-// C(ondition)0: sparkplug compile
-// C1: maglev compile
-// C2: ic was stable early
-// C3: new closure
-// C4: turbofan compile
-// C5: ic change or deopt
+// C(ondition)0: maglev compile
+// C1: ic was stable early
+// C2: turbofan compile
+// C3: ic change or deopt
 //
-// S0 - C0 -> S1 - C1 - C2 -> S2 ------------- C4 -> S4 -|
-//                      |     | - C3 -> S3 -|            |
-//                      |     |          |               |
-//                      |--------------------------------|
-//                      |                |
-//                      |                C5
-//                      |                |
-//                      |-------------------> S5
+// S0 -- C0 -- C1 --> S1 -- C2 -- C3 --> S2 --|
+//             |      |                       |
+//             |      |-----------------------|
+//             |                 |
+//             |                 C3
+//             |                 |
+//             |-----------------------> S3
 enum class CachedTieringDecision : int32_t {
   kPending,
-  kEarlySparkplug,
-  kEarlyMaglevPending,
   kEarlyMaglev,
   kEarlyTurbofan,
   kNormal,
@@ -2586,7 +2589,7 @@ enum class StubCallMode {
 
 enum class NeedsContext { kYes, kNo };
 
-constexpr int kFunctionLiteralIdInvalid = -1;
+constexpr int kInvalidInfoId = -1;
 constexpr int kFunctionLiteralIdTopLevel = 0;
 
 constexpr int kSwissNameDictionaryInitialCapacity = 4;
diff --git a/deps/v8/src/common/message-template.h b/deps/v8/src/common/message-template.h
index 1eeef77dc9e880..1390439013513f 100644
--- a/deps/v8/src/common/message-template.h
+++ b/deps/v8/src/common/message-template.h
@@ -330,6 +330,10 @@ namespace internal {
   T(ResolverNotAFunction, "Promise resolver % is not a function")              \
   T(ReturnMethodNotCallable, "The iterator's 'return' method is not callable") \
   T(SizeIsNaN, "The .size property is NaN")                                    \
+  T(ShadowRealmErrorStackNonString,                                            \
+    "Error stack is not a string in ShadowRealm (%)")                          \
+  T(ShadowRealmErrorStackThrows,                                               \
+    "Error stack getter threw in ShadowRealm (%)")                             \
   T(SharedArrayBufferTooShort,                                                 \
     "Derived SharedArrayBuffer constructor created a buffer which was too "    \
     "small")                                                                   \
@@ -695,7 +699,8 @@ namespace internal {
   T(WasmTrapStringInvalidUtf8, "invalid UTF-8 string")                         \
   T(WasmTrapStringInvalidWtf8, "invalid WTF-8 string")                         \
   T(WasmTrapStringOffsetOutOfBounds, "string offset out of bounds")            \
-  T(WasmTrapBadSuspender, "invalid suspender object for suspend")              \
+  T(WasmTrapBadSuspender,                                                      \
+    "attempting to suspend without a WebAssembly.promising export")            \
   T(WasmTrapStringIsolatedSurrogate,                                           \
     "Failed to encode string as UTF-8: contains unpaired surrogate")           \
   T(WasmTrapSuspendJSFrames, "trying to suspend JS frames")                    \
diff --git a/deps/v8/src/common/segmented-table-inl.h b/deps/v8/src/common/segmented-table-inl.h
new file mode 100644
index 00000000000000..357713e5c8edda
--- /dev/null
+++ b/deps/v8/src/common/segmented-table-inl.h
@@ -0,0 +1,158 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_COMMON_SEGMENTED_TABLE_INL_H_
+#define V8_COMMON_SEGMENTED_TABLE_INL_H_
+
+#include "src/base/emulated-virtual-address-subspace.h"
+#include "src/common/assert-scope.h"
+#include "src/common/segmented-table.h"
+#include "src/utils/allocation.h"
+
+namespace v8 {
+namespace internal {
+
+template <typename Entry, size_t size>
+typename SegmentedTable<Entry, size>::Segment
+SegmentedTable<Entry, size>::Segment::At(uint32_t offset) {
+  DCHECK(IsAligned(offset, kSegmentSize));
+  uint32_t number = offset / kSegmentSize;
+  return Segment(number);
+}
+
+template <typename Entry, size_t size>
+typename SegmentedTable<Entry, size>::Segment
+SegmentedTable<Entry, size>::Segment::Containing(uint32_t entry_index) {
+  uint32_t number = entry_index / kEntriesPerSegment;
+  return Segment(number);
+}
+
+template <typename Entry, size_t size>
+Entry& SegmentedTable<Entry, size>::at(uint32_t index) {
+  return base_[index];
+}
+
+template <typename Entry, size_t size>
+const Entry& SegmentedTable<Entry, size>::at(uint32_t index) const {
+  return base_[index];
+}
+
+template <typename Entry, size_t size>
+typename SegmentedTable<Entry, size>::WriteIterator
+SegmentedTable<Entry, size>::iter_at(uint32_t index) {
+  return WriteIterator(base_, index);
+}
+
+template <typename Entry, size_t size>
+bool SegmentedTable<Entry, size>::is_initialized() const {
+  DCHECK(!base_ || reinterpret_cast<Address>(base_) == vas_->base());
+  return base_ != nullptr;
+}
+
+template <typename Entry, size_t size>
+Address SegmentedTable<Entry, size>::base() const {
+  DCHECK(is_initialized());
+  return reinterpret_cast<Address>(base_);
+}
+
+template <typename Entry, size_t size>
+void SegmentedTable<Entry, size>::Initialize() {
+  DCHECK(!is_initialized());
+  DCHECK_EQ(vas_, nullptr);
+
+  VirtualAddressSpace* root_space = GetPlatformVirtualAddressSpace();
+  DCHECK(IsAligned(kReservationSize, root_space->allocation_granularity()));
+
+  if (root_space->CanAllocateSubspaces()) {
+    auto subspace = root_space->AllocateSubspace(VirtualAddressSpace::kNoHint,
+                                                 kReservationSize, kSegmentSize,
+                                                 PagePermissions::kReadWrite);
+    vas_ = subspace.release();
+  } else {
+    // This may be required on old Windows versions that don't support
+    // VirtualAlloc2, which is required for subspaces. In that case, just use a
+    // fully-backed emulated subspace.
+    Address reservation_base = root_space->AllocatePages(
+        VirtualAddressSpace::kNoHint, kReservationSize, kSegmentSize,
+        PagePermissions::kNoAccess);
+    if (reservation_base) {
+      vas_ = new base::EmulatedVirtualAddressSubspace(
+          root_space, reservation_base, kReservationSize, kReservationSize);
+    }
+  }
+  if (!vas_) {
+    V8::FatalProcessOutOfMemory(
+        nullptr, "SegmentedTable::InitializeTable (subspace allocation)");
+  }
+  base_ = reinterpret_cast<Entry*>(vas_->base());
+
+  if constexpr (kIsWriteProtected) {
+    CHECK(ThreadIsolation::WriteProtectMemory(
+        base(), size, PageAllocator::Permission::kNoAccess));
+  }
+}
+
+template <typename Entry, size_t size>
+void SegmentedTable<Entry, size>::TearDown() {
+  DCHECK(is_initialized());
+
+  base_ = nullptr;
+  delete vas_;
+  vas_ = nullptr;
+}
+
+template <typename Entry, size_t size>
+SegmentedTable<Entry, size>::FreelistHead
+SegmentedTable<Entry, size>::InitializeFreeList(Segment segment,
+                                                uint32_t start_offset) {
+  DCHECK_LT(start_offset, kEntriesPerSegment);
+  uint32_t num_entries = kEntriesPerSegment - start_offset;
+
+  uint32_t first = segment.first_entry() + start_offset;
+  uint32_t last = segment.last_entry();
+  {
+    WriteIterator it = iter_at(first);
+    while (it.index() != last) {
+      it->MakeFreelistEntry(it.index() + 1);
+      ++it;
+    }
+    it->MakeFreelistEntry(0);
+  }
+
+  return FreelistHead(first, num_entries);
+}
+
+template <typename Entry, size_t size>
+std::pair<typename SegmentedTable<Entry, size>::Segment,
+          typename SegmentedTable<Entry, size>::FreelistHead>
+SegmentedTable<Entry, size>::AllocateAndInitializeSegment() {
+  Address start =
+      vas_->AllocatePages(VirtualAddressSpace::kNoHint, kSegmentSize,
+                          kSegmentSize, PagePermissions::kReadWrite);
+  if (!start) {
+    V8::FatalProcessOutOfMemory(nullptr, "SegmentedTable::AllocateSegment");
+  }
+  uint32_t offset = static_cast<uint32_t>((start - vas_->base()));
+  Segment segment = Segment::At(offset);
+
+  FreelistHead freelist = InitializeFreeList(segment);
+
+  return {segment, freelist};
+}
+
+template <typename Entry, size_t size>
+void SegmentedTable<Entry, size>::FreeTableSegment(Segment segment) {
+  Address segment_start = vas_->base() + segment.offset();
+  vas_->FreePages(segment_start, kSegmentSize);
+}
+
+template <typename Entry, size_t size>
+SegmentedTable<Entry, size>::WriteIterator::WriteIterator(Entry* base,
+                                                          uint32_t index)
+    : base_(base), index_(index), write_scope_("pointer table write") {}
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_COMMON_SEGMENTED_TABLE_INL_H_
diff --git a/deps/v8/src/common/segmented-table.h b/deps/v8/src/common/segmented-table.h
new file mode 100644
index 00000000000000..102a276cacdc82
--- /dev/null
+++ b/deps/v8/src/common/segmented-table.h
@@ -0,0 +1,201 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_COMMON_SEGMENTED_TABLE_H_
+#define V8_COMMON_SEGMENTED_TABLE_H_
+
+#include "include/v8-internal.h"
+#include "src/base/macros.h"
+#include "src/common/code-memory-access.h"
+
+namespace v8 {
+namespace internal {
+
+/**
+ * A thread-safe table with a fixed maximum size split into segments.
+ *
+ * The table provides thread-safe methods to allocate and free of segments and
+ * an inline freelist implementation. Allocation and Freeing of entries is
+ * implemented in subclasses since it depends on if the table is manually
+ * managed or GCed.
+ *
+ * For the purpose of memory management, the table is partitioned into Segments
+ * (for example 64kb memory chunks) that are grouped together in "Spaces". All
+ * segments in a space share a freelist, and so entry allocation and garbage
+ * collection happen on the level of spaces.
+ *
+ * The Entry type defines how the freelist is represented. For that, it must
+ * implement the following methods:
+ * - void MakeFreelistEntry(uint32_t next_entry_index)
+ * - uint32_t GetNextFreelistEntry()
+ */
+template <typename Entry, size_t size>
+class V8_EXPORT_PRIVATE SegmentedTable {
+ public:
+ protected:
+  static constexpr bool kIsWriteProtected = Entry::IsWriteProtected;
+  static constexpr int kEntrySize = sizeof(Entry);
+  static constexpr size_t kReservationSize = size;
+  static constexpr size_t kMaxCapacity = kReservationSize / kEntrySize;
+
+  // For managing the table's backing memory, the table is partitioned into
+  // segments of this size. Segments can then be allocated and freed using the
+  // AllocateAndInitializeSegment() and FreeTableSegment() routines.
+  static constexpr size_t kSegmentSize = 64 * KB;
+  static constexpr size_t kEntriesPerSegment = kSegmentSize / kEntrySize;
+
+  // Struct representing a segment of the table.
+  struct Segment {
+   public:
+    // Initialize a segment given its number.
+    explicit Segment(uint32_t number) : number_(number) {}
+
+    // Returns the segment starting at the specified offset from the base of the
+    // table.
+    static Segment At(uint32_t offset);
+
+    // Returns the segment containing the entry at the given index.
+    static Segment Containing(uint32_t entry_index);
+
+    // The segments of a table are numbered sequentially. This method returns
+    // the number of this segment.
+    uint32_t number() const { return number_; }
+
+    // Returns the offset of this segment from the table base.
+    uint32_t offset() const { return number_ * kSegmentSize; }
+
+    // Returns the index of the first entry in this segment.
+    uint32_t first_entry() const { return number_ * kEntriesPerSegment; }
+
+    // Return the index of the last entry in this segment.
+    uint32_t last_entry() const {
+      return first_entry() + kEntriesPerSegment - 1;
+    }
+
+    // Segments are ordered by their id/offset.
+    bool operator<(const Segment& other) const {
+      return number_ < other.number_;
+    }
+
+   private:
+    // A segment is identified by its number, which is its offset from the base
+    // of the table divided by the segment size.
+    const uint32_t number_;
+  };
+
+  // Struct representing the head of the freelist.
+  //
+  // A segmented table uses simple, singly-linked lists to manage free entries.
+  // Each entry on the freelist contains the 32-bit index of the next entry. The
+  // last entry points to zero.
+  struct FreelistHead {
+    constexpr FreelistHead() : next_(0), length_(0) {}
+    constexpr FreelistHead(uint32_t next, uint32_t length)
+        : next_(next), length_(length) {}
+
+    // Returns the index of the next entry on the freelist.
+    // If the freelist is empty, this returns zero.
+    uint32_t next() const { return next_; }
+
+    // Returns the total length of the freelist.
+    uint32_t length() const { return length_; }
+
+    bool is_empty() const { return length_ == 0; }
+
+   private:
+    uint32_t next_;
+    uint32_t length_;
+  };
+
+  // We expect the FreelistHead struct to fit into a single atomic word.
+  // Otherwise, access to it would be slow.
+  static_assert(std::atomic<FreelistHead>::is_always_lock_free);
+
+  SegmentedTable() = default;
+  SegmentedTable(const SegmentedTable&) = delete;
+  SegmentedTable& operator=(const SegmentedTable&) = delete;
+
+  // This Iterator also acts as a scope object to temporarily lift any
+  // write-protection (if kIsWriteProtected is true).
+  class WriteIterator {
+   public:
+    explicit WriteIterator(Entry* base, uint32_t index);
+
+    uint32_t index() const { return index_; }
+    Entry* operator->() { return &base_[index_]; }
+    Entry& operator*() { return base_[index_]; }
+    WriteIterator& operator++() {
+      index_++;
+      DCHECK_LT(index_, size);
+      return *this;
+    }
+    WriteIterator& operator--() {
+      DCHECK_GT(index_, 0);
+      index_--;
+      return *this;
+    }
+
+   private:
+    Entry* base_;
+    uint32_t index_;
+    std::conditional_t<kIsWriteProtected, CFIMetadataWriteScope,
+                       NopRwxMemoryWriteScope>
+        write_scope_;
+  };
+
+  // Access the entry at the specified index.
+  Entry& at(uint32_t index);
+  const Entry& at(uint32_t index) const;
+
+  // Returns an iterator that can be used to perform multiple write operations
+  // without switching the write-protections all the time (if kIsWriteProtected
+  // is true).
+  WriteIterator iter_at(uint32_t index);
+
+  // Returns true if this table has been initialized.
+  bool is_initialized() const;
+
+  // Returns the base address of this table.
+  Address base() const;
+
+  // Allocate a new segment in this table.
+  //
+  // The segment is initialized with freelist entries.
+  std::pair<Segment, FreelistHead> AllocateAndInitializeSegment();
+
+  // Initialize a table segment with a freelist.
+  //
+  // Note that you don't need to call this function on segments allocated with
+  // `AllocateAndInitializeSegment()` since those already get initialized.
+  FreelistHead InitializeFreeList(Segment segment, uint32_t start_offset = 0);
+
+  // Free the specified segment of this table.
+  //
+  // The memory of this segment will afterwards be inaccessible.
+  void FreeTableSegment(Segment segment);
+
+ protected:
+  // Initializes the table by reserving the backing memory, allocating an
+  // initial segment, and populating the freelist.
+  void Initialize();
+
+  // Deallocates all memory associated with this table.
+  void TearDown();
+
+  // The pointer to the base of the virtual address space backing this table.
+  // All entry accesses happen through this pointer.
+  // It is equivalent to |vas_->base()| and is effectively const after
+  // initialization since the backing memory is never reallocated.
+  Entry* base_ = nullptr;
+
+  // The virtual address space backing this table.
+  // This is used to manage the underlying OS pages, in particular to allocate
+  // and free the segments that make up the table.
+  VirtualAddressSpace* vas_ = nullptr;
+};
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_COMMON_SEGMENTED_TABLE_H_
diff --git a/deps/v8/src/compiler-dispatcher/lazy-compile-dispatcher.cc b/deps/v8/src/compiler-dispatcher/lazy-compile-dispatcher.cc
index cfb954cf025290..258631e184df1b 100644
--- a/deps/v8/src/compiler-dispatcher/lazy-compile-dispatcher.cc
+++ b/deps/v8/src/compiler-dispatcher/lazy-compile-dispatcher.cc
@@ -94,7 +94,8 @@ namespace {
 void SetUncompiledDataJobPointer(LocalIsolate* isolate,
                                  DirectHandle<SharedFunctionInfo> shared_info,
                                  Address job_address) {
-  Tagged<UncompiledData> uncompiled_data = shared_info->uncompiled_data();
+  Tagged<UncompiledData> uncompiled_data =
+      shared_info->uncompiled_data(isolate);
   switch (uncompiled_data->map(isolate)->instance_type()) {
     // The easy cases -- we already have a job slot, so can write into it and
     // return.
@@ -185,7 +186,7 @@ bool LazyCompileDispatcher::IsEnqueued(
     DirectHandle<SharedFunctionInfo> shared) const {
   if (!shared->HasUncompiledData()) return false;
   Job* job = nullptr;
-  Tagged<UncompiledData> data = shared->uncompiled_data();
+  Tagged<UncompiledData> data = shared->uncompiled_data(isolate_);
   if (IsUncompiledDataWithPreparseDataAndJob(data)) {
     job = reinterpret_cast<Job*>(
         Cast<UncompiledDataWithPreparseDataAndJob>(data)->job());
@@ -379,7 +380,7 @@ void LazyCompileDispatcher::AbortAll() {
 LazyCompileDispatcher::Job* LazyCompileDispatcher::GetJobFor(
     DirectHandle<SharedFunctionInfo> shared, const base::MutexGuard&) const {
   if (!shared->HasUncompiledData()) return nullptr;
-  Tagged<UncompiledData> data = shared->uncompiled_data();
+  Tagged<UncompiledData> data = shared->uncompiled_data(isolate_);
   if (IsUncompiledDataWithPreparseDataAndJob(data)) {
     return reinterpret_cast<Job*>(
         Cast<UncompiledDataWithPreparseDataAndJob>(data)->job());
diff --git a/deps/v8/src/compiler/access-builder.cc b/deps/v8/src/compiler/access-builder.cc
index c1c3e7acfb3c1b..9f588c6a19ead6 100644
--- a/deps/v8/src/compiler/access-builder.cc
+++ b/deps/v8/src/compiler/access-builder.cc
@@ -270,6 +270,21 @@ FieldAccess AccessBuilder::ForJSFunctionFeedbackCell() {
   return access;
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+// static
+FieldAccess AccessBuilder::ForJSFunctionDispatchHandleNoWriteBarrier() {
+  // We currently don't require write barriers when writing dispatch handles of
+  // JSFunctions because they are loaded from the function's FeedbackCell and
+  // so must already be reachable. If this ever changes, we'll need to
+  // implement write barrier support for dispatch handles in generated code.
+  FieldAccess access = {
+      kTaggedBase,      JSFunction::kDispatchHandleOffset, Handle<Name>(),
+      OptionalMapRef(), TypeCache::Get()->kInt32,          MachineType::Int32(),
+      kNoWriteBarrier,  "JSFunctionDispatchHandle"};
+  return access;
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 // static
 FieldAccess AccessBuilder::ForJSBoundFunctionBoundTargetFunction() {
   FieldAccess access = {
@@ -623,14 +638,30 @@ FieldAccess AccessBuilder::ForJSPrimitiveWrapperValue() {
   return access;
 }
 
+#ifdef V8_ENABLE_SANDBOX
 // static
 FieldAccess AccessBuilder::ForJSRegExpData() {
-  FieldAccess access = {kTaggedBase,         JSRegExp::kDataOffset,
-                        MaybeHandle<Name>(), OptionalMapRef(),
-                        Type::NonInternal(), MachineType::AnyTagged(),
-                        kFullWriteBarrier,   "JSRegExpData"};
+  FieldAccess access = {kTaggedBase,
+                        JSRegExp::kDataOffset,
+                        MaybeHandle<Name>(),
+                        OptionalMapRef(),
+                        Type::OtherInternal(),
+                        MachineType::IndirectPointer(),
+                        kIndirectPointerWriteBarrier,
+                        "JSRegExpData"};
+  access.indirect_pointer_tag = kRegExpDataIndirectPointerTag;
+  return access;
+}
+#else
+// static
+FieldAccess AccessBuilder::ForJSRegExpData() {
+  FieldAccess access = {kTaggedBase,           JSRegExp::kDataOffset,
+                        MaybeHandle<Name>(),   OptionalMapRef(),
+                        Type::OtherInternal(), MachineType::TaggedPointer(),
+                        kPointerWriteBarrier,  "JSRegExpData"};
   return access;
 }
+#endif  // V8_ENABLE_SANDBOX
 
 // static
 FieldAccess AccessBuilder::ForJSRegExpFlags() {
@@ -1044,6 +1075,16 @@ FieldAccess AccessBuilder::ForFeedbackVectorSlot(int index) {
   return access;
 }
 
+// static
+FieldAccess AccessBuilder::ForPropertyArraySlot(int index) {
+  int offset = PropertyArray::OffsetOfElementAt(index);
+  FieldAccess access = {kTaggedBase,       offset,
+                        Handle<Name>(),    OptionalMapRef(),
+                        Type::Any(),       MachineType::AnyTagged(),
+                        kFullWriteBarrier, "PropertyArraySlot"};
+  return access;
+}
+
 // static
 FieldAccess AccessBuilder::ForWeakFixedArraySlot(int index) {
   int offset = WeakFixedArray::OffsetOfElementAt(index);
@@ -1425,6 +1466,24 @@ FieldAccess AccessBuilder::ForFeedbackCellInterruptBudget() {
   return access;
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+// static
+FieldAccess AccessBuilder::ForFeedbackCellDispatchHandleNoWriteBarrier() {
+  // Dispatch handles in FeedbackCells are effectively const-after-init and so
+  // they are marked as kNoWriteBarrier here (because the fields will not be
+  // written to).
+  FieldAccess access = {kTaggedBase,
+                        FeedbackCell::kDispatchHandleOffset,
+                        Handle<Name>(),
+                        OptionalMapRef(),
+                        TypeCache::Get()->kInt32,
+                        MachineType::Int32(),
+                        kNoWriteBarrier,
+                        "FeedbackCellDispatchHandle"};
+  return access;
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 // static
 FieldAccess AccessBuilder::ForFeedbackVectorInvocationCount() {
   FieldAccess access = {kTaggedBase,
diff --git a/deps/v8/src/compiler/access-builder.h b/deps/v8/src/compiler/access-builder.h
index 0c9558a8a85722..cf967c2f82abb8 100644
--- a/deps/v8/src/compiler/access-builder.h
+++ b/deps/v8/src/compiler/access-builder.h
@@ -104,6 +104,11 @@ class V8_EXPORT_PRIVATE AccessBuilder final
   // Provides access to JSFunction::feedback_cell() field.
   static FieldAccess ForJSFunctionFeedbackCell();
 
+#ifdef V8_ENABLE_LEAPTIERING
+  // Provides access to JSFunction::dispatch_handle() field.
+  static FieldAccess ForJSFunctionDispatchHandleNoWriteBarrier();
+#endif  // V8_ENABLE_LEAPTIERING
+
   // Provides access to JSBoundFunction::bound_target_function() field.
   static FieldAccess ForJSBoundFunctionBoundTargetFunction();
 
@@ -317,6 +322,9 @@ class V8_EXPORT_PRIVATE AccessBuilder final
 
   static FieldAccess ForFeedbackVectorSlot(int index);
 
+  // Provides access to PropertyArray slots.
+  static FieldAccess ForPropertyArraySlot(int index);
+
   // Provides access to ScopeInfo flags.
   static FieldAccess ForScopeInfoFlags();
 
@@ -376,6 +384,9 @@ class V8_EXPORT_PRIVATE AccessBuilder final
 
   // Provides access to FeedbackCell fields.
   static FieldAccess ForFeedbackCellInterruptBudget();
+#ifdef V8_ENABLE_LEAPTIERING
+  static FieldAccess ForFeedbackCellDispatchHandleNoWriteBarrier();
+#endif  // V8_ENABLE_LEAPTIERING
 
   // Provides access to a FeedbackVector fields.
   static FieldAccess ForFeedbackVectorInvocationCount();
diff --git a/deps/v8/src/compiler/access-info.cc b/deps/v8/src/compiler/access-info.cc
index eea3b6eaf9eb5b..8d40875131e895 100644
--- a/deps/v8/src/compiler/access-info.cc
+++ b/deps/v8/src/compiler/access-info.cc
@@ -5,6 +5,7 @@
 
 #include "src/compiler/access-info.h"
 
+#include <optional>
 #include <ostream>
 
 #include "src/builtins/accessors.h"
@@ -360,7 +361,7 @@ ConstFieldInfo PropertyAccessInfo::GetConstFieldInfo() const {
 AccessInfoFactory::AccessInfoFactory(JSHeapBroker* broker, Zone* zone)
     : broker_(broker), type_cache_(TypeCache::Get()), zone_(zone) {}
 
-base::Optional<ElementAccessInfo> AccessInfoFactory::ComputeElementAccessInfo(
+std::optional<ElementAccessInfo> AccessInfoFactory::ComputeElementAccessInfo(
     MapRef map, AccessMode access_mode) const {
   if (!map.CanInlineElementAccess()) return {};
   return ElementAccessInfo({{map}, zone()}, map.elements_kind(), zone());
@@ -375,7 +376,7 @@ bool AccessInfoFactory::ComputeElementAccessInfos(
     // double), always use the "worst case" code without a transition.  This is
     // much faster than transitioning the elements to the worst case, trading a
     // TransitionElementsKind for a CheckMaps, avoiding mutation of the array.
-    base::Optional<ElementAccessInfo> access_info =
+    std::optional<ElementAccessInfo> access_info =
         ConsolidateElementLoad(feedback);
     if (access_info.has_value()) {
       access_infos->push_back(*access_info);
@@ -386,7 +387,7 @@ bool AccessInfoFactory::ComputeElementAccessInfos(
   for (auto const& group : feedback.transition_groups()) {
     DCHECK(!group.empty());
     OptionalMapRef target = group.front();
-    base::Optional<ElementAccessInfo> access_info =
+    std::optional<ElementAccessInfo> access_info =
         ComputeElementAccessInfo(target.value(), access_mode);
     if (!access_info.has_value()) return false;
 
@@ -573,7 +574,7 @@ PropertyAccessInfo AccessorAccessInfoHelper(
       return PropertyAccessInfo::Invalid(zone);
     }
     if (DEBUG_BOOL && holder.has_value()) {
-      base::Optional<Tagged<NativeContext>> holder_creation_context =
+      std::optional<Tagged<NativeContext>> holder_creation_context =
           holder->object()->GetCreationContext();
       CHECK(holder_creation_context.has_value());
       CHECK_EQ(*broker->target_native_context().object(),
@@ -599,7 +600,7 @@ PropertyAccessInfo AccessorAccessInfoHelper(
     }
   }
   if (access_mode == AccessMode::kLoad) {
-    base::Optional<Tagged<Name>> cached_property_name =
+    std::optional<Tagged<Name>> cached_property_name =
         FunctionTemplateInfo::TryGetCachedPropertyName(isolate, *accessor);
     if (cached_property_name.has_value()) {
       OptionalNameRef cached_property_name_ref =
@@ -1024,7 +1025,7 @@ Maybe<ElementsKind> GeneralizeElementsKind(ElementsKind this_kind,
 
 }  // namespace
 
-base::Optional<ElementAccessInfo> AccessInfoFactory::ConsolidateElementLoad(
+std::optional<ElementAccessInfo> AccessInfoFactory::ConsolidateElementLoad(
     ElementAccessFeedback const& feedback) const {
   if (feedback.transition_groups().empty()) return {};
 
diff --git a/deps/v8/src/compiler/access-info.h b/deps/v8/src/compiler/access-info.h
index 0491583d33fb1b..472587c9e650da 100644
--- a/deps/v8/src/compiler/access-info.h
+++ b/deps/v8/src/compiler/access-info.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_ACCESS_INFO_H_
 #define V8_COMPILER_ACCESS_INFO_H_
 
+#include <optional>
+
 #include "src/compiler/heap-refs.h"
 #include "src/compiler/types.h"
 #include "src/zone/zone-containers.h"
@@ -224,7 +226,7 @@ class AccessInfoFactory final {
  public:
   AccessInfoFactory(JSHeapBroker* broker, Zone* zone);
 
-  base::Optional<ElementAccessInfo> ComputeElementAccessInfo(
+  std::optional<ElementAccessInfo> ComputeElementAccessInfo(
       MapRef map, AccessMode access_mode) const;
   bool ComputeElementAccessInfos(
       ElementAccessFeedback const& feedback,
@@ -253,7 +255,7 @@ class AccessInfoFactory final {
       ZoneVector<PropertyAccessInfo> infos, AccessMode access_mode) const;
 
  private:
-  base::Optional<ElementAccessInfo> ConsolidateElementLoad(
+  std::optional<ElementAccessInfo> ConsolidateElementLoad(
       ElementAccessFeedback const& feedback) const;
   PropertyAccessInfo LookupSpecialFieldAccessor(MapRef map, NameRef name) const;
   PropertyAccessInfo LookupTransition(MapRef map, NameRef name,
diff --git a/deps/v8/src/compiler/allocation-builder.h b/deps/v8/src/compiler/allocation-builder.h
index d14ca496aa2185..2689a4829b0f9b 100644
--- a/deps/v8/src/compiler/allocation-builder.h
+++ b/deps/v8/src/compiler/allocation-builder.h
@@ -63,7 +63,12 @@ class AllocationBuilder final {
 
   // Compound store of a constant into a field.
   void Store(const FieldAccess& access, ObjectRef value) {
-    Store(access, jsgraph()->ConstantNoHole(value, broker_));
+    if (access.machine_type == MachineType::IndirectPointer()) {
+      Store(access,
+            jsgraph()->TrustedHeapConstant(value.AsHeapObject().object()));
+    } else {
+      Store(access, jsgraph()->ConstantNoHole(value, broker_));
+    }
   }
 
   void FinishAndChange(Node* node) {
diff --git a/deps/v8/src/compiler/backend/arm/code-generator-arm.cc b/deps/v8/src/compiler/backend/arm/code-generator-arm.cc
index 45af0d62c5a5e9..88e61ffb356145 100644
--- a/deps/v8/src/compiler/backend/arm/code-generator-arm.cc
+++ b/deps/v8/src/compiler/backend/arm/code-generator-arm.cc
@@ -3767,7 +3767,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ Push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/arm/instruction-selector-arm.cc b/deps/v8/src/compiler/backend/arm/instruction-selector-arm.cc
index b76563c0e282e1..a5efe8bfe2480d 100644
--- a/deps/v8/src/compiler/backend/arm/instruction-selector-arm.cc
+++ b/deps/v8/src/compiler/backend/arm/instruction-selector-arm.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/enum-set.h"
 #include "src/base/iterator.h"
@@ -1078,7 +1080,7 @@ template <typename Adapter>
 void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
                       typename Adapter::node_t node,
                       StoreRepresentation store_rep,
-                      base::Optional<AtomicMemoryOrder> atomic_order) {
+                      std::optional<AtomicMemoryOrder> atomic_order) {
   using node_t = typename Adapter::node_t;
   ArmOperandGeneratorT<Adapter> g(selector);
   auto store_view = selector->store_view(node);
@@ -1135,7 +1137,7 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
       opcode |= AtomicMemoryOrderField::encode(*atomic_order);
     }
 
-    base::Optional<ExternalReference> external_base;
+    std::optional<ExternalReference> external_base;
     if constexpr (Adapter::IsTurboshaft) {
       ExternalReference value;
       if (selector->MatchExternalConstant(store_view.base(), &value)) {
@@ -1193,7 +1195,7 @@ void InstructionSelectorT<Adapter>::VisitStorePair(node_t node) {
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitStore(node_t node) {
   VisitStoreCommon(this, node, this->store_view(node).stored_rep(),
-                   base::nullopt);
+                   std::nullopt);
 }
 
 template <typename Adapter>
@@ -4049,6 +4051,10 @@ void InstructionSelectorT<Adapter>::VisitF32x4Splat(node_t node) {
   VisitRR(this, kArmF32x4Splat, node);
 }
 template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Splat(node_t node) {
+  UNIMPLEMENTED();
+}
+template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI32x4Splat(node_t node) {
   VisitRR(this, kArmI32x4Splat, node);
 }
@@ -4079,6 +4085,11 @@ SIMD_VISIT_EXTRACT_LANE(I8x16, U)
 SIMD_VISIT_EXTRACT_LANE(I8x16, S)
 #undef SIMD_VISIT_EXTRACT_LANE
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8ExtractLane(node_t node) {
+  UNIMPLEMENTED();
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF64x2ReplaceLane(node_t node) {
   VisitRRIR(this, kArmF64x2ReplaceLane, node);
@@ -4088,6 +4099,10 @@ void InstructionSelectorT<Adapter>::VisitF32x4ReplaceLane(node_t node) {
   VisitRRIR(this, kArmF32x4ReplaceLane, node);
 }
 template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8ReplaceLane(node_t node) {
+  UNIMPLEMENTED();
+}
+template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI32x4ReplaceLane(node_t node) {
   VisitRRIR(this, kArmI32x4ReplaceLane, node);
 }
@@ -4109,6 +4124,44 @@ SIMD_UNOP_LIST(SIMD_VISIT_UNOP)
 #undef SIMD_VISIT_UNOP
 #undef SIMD_UNOP_LIST
 
+#define UNIMPLEMENTED_SIMD_UNOP_LIST(V) \
+  V(F16x8Abs)                           \
+  V(F16x8Neg)                           \
+  V(F16x8Sqrt)                          \
+  V(F16x8Floor)                         \
+  V(F16x8Ceil)                          \
+  V(F16x8Trunc)                         \
+  V(F16x8NearestInt)
+
+#define SIMD_VISIT_UNIMPL_UNOP(Name)                             \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_UNOP_LIST(SIMD_VISIT_UNIMPL_UNOP)
+#undef SIMD_VISIT_UNIMPL_UNOP
+#undef UNIMPLEMENTED_SIMD_UNOP_LIST
+
+#define UNIMPLEMENTED_SIMD_CVTOP_LIST(V) \
+  V(F16x8SConvertI16x8)                  \
+  V(F16x8UConvertI16x8)                  \
+  V(I16x8SConvertF16x8)                  \
+  V(I16x8UConvertF16x8)                  \
+  V(F32x4PromoteLowF16x8)                \
+  V(F16x8DemoteF32x4Zero)                \
+  V(F16x8DemoteF64x2Zero)
+
+#define SIMD_VISIT_UNIMPL_CVTOP(Name)                            \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_CVTOP_LIST(SIMD_VISIT_UNIMPL_CVTOP)
+#undef SIMD_VISIT_UNIMPL_CVTOP
+#undef UNIMPLEMENTED_SIMD_CVTOP_LIST
+
 #define SIMD_VISIT_SHIFT_OP(Name, width)                         \
   template <typename Adapter>                                    \
   void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
@@ -4127,6 +4180,30 @@ SIMD_BINOP_LIST(SIMD_VISIT_BINOP)
 #undef SIMD_VISIT_BINOP
 #undef SIMD_BINOP_LIST
 
+#define UNIMPLEMENTED_SIMD_BINOP_LIST(V) \
+  V(F16x8Add)                            \
+  V(F16x8Sub)                            \
+  V(F16x8Mul)                            \
+  V(F16x8Div)                            \
+  V(F16x8Min)                            \
+  V(F16x8Max)                            \
+  V(F16x8Pmin)                           \
+  V(F16x8Pmax)                           \
+  V(F16x8Eq)                             \
+  V(F16x8Ne)                             \
+  V(F16x8Lt)                             \
+  V(F16x8Le)
+
+#define SIMD_VISIT_UNIMPL_BINOP(Name)                            \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_BINOP_LIST(SIMD_VISIT_UNIMPL_BINOP)
+#undef SIMD_VISIT_UNIMPL_BINOP
+#undef UNIMPLEMENTED_SIMD_BINOP_LIST
+
 // TODO(mliedtke): This macro has only two uses. Maybe this could be refactored
 // into some helpers instead of the huge macro.
 #define VISIT_SIMD_ADD(Type, PairwiseType, NeonWidth)                          \
@@ -4320,6 +4397,15 @@ VISIT_SIMD_QFMOP(F32x4Qfma)
 VISIT_SIMD_QFMOP(F32x4Qfms)
 #undef VISIT_SIMD_QFMOP
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Qfma(node_t node) {
+  UNIMPLEMENTED();
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Qfms(node_t node) {
+  UNIMPLEMENTED();
+}
 namespace {
 
 struct ShuffleEntry {
diff --git a/deps/v8/src/compiler/backend/arm64/code-generator-arm64.cc b/deps/v8/src/compiler/backend/arm64/code-generator-arm64.cc
index e7f5453737d082..9b9c55b1549174 100644
--- a/deps/v8/src/compiler/backend/arm64/code-generator-arm64.cc
+++ b/deps/v8/src/compiler/backend/arm64/code-generator-arm64.cc
@@ -1206,6 +1206,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
     case kIeee754Float64Tanh:
       ASSEMBLE_IEEE754_UNOP(tanh);
       break;
+    case kArm64Float16RoundDown:
+      EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintm, instr, i, kFormatH,
+                       kFormat8H);
+      break;
     case kArm64Float32RoundDown:
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintm, instr, i, kFormatS,
                        kFormat4S);
@@ -1214,6 +1218,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintm, instr, i, kFormatD,
                        kFormat2D);
       break;
+    case kArm64Float16RoundUp:
+      EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintp, instr, i, kFormatH,
+                       kFormat8H);
+      break;
     case kArm64Float32RoundUp:
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintp, instr, i, kFormatS,
                        kFormat4S);
@@ -1226,6 +1234,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frinta, instr, i, kFormatD,
                        kFormat2D);
       break;
+    case kArm64Float16RoundTruncate:
+      EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintz, instr, i, kFormatH,
+                       kFormat8H);
+      break;
     case kArm64Float32RoundTruncate:
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintz, instr, i, kFormatS,
                        kFormat4S);
@@ -1234,6 +1246,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintz, instr, i, kFormatD,
                        kFormat2D);
       break;
+    case kArm64Float16RoundTiesEven:
+      EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintn, instr, i, kFormatH,
+                       kFormat8H);
+      break;
     case kArm64Float32RoundTiesEven:
       EmitFpOrNeonUnop(masm(), &MacroAssembler::Frintn, instr, i, kFormatS,
                        kFormat4S);
@@ -1352,8 +1368,14 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorFormat src_f =
           ScalarFormatFromLaneSize(LaneSizeField::decode(opcode));
       VectorFormat dst_f = VectorFormatFillQ(src_f);
-      __ Dup(i.OutputSimd128Register().Format(dst_f),
-             i.InputSimd128Register(0).Format(src_f), 0);
+      if (src_f == kFormatH) {
+        __ Fcvt(i.OutputFloat32Register(0).H(), i.InputFloat32Register(0));
+        __ Dup(i.OutputSimd128Register().Format(dst_f),
+               i.OutputSimd128Register().Format(src_f), 0);
+      } else {
+        __ Dup(i.OutputSimd128Register().Format(dst_f),
+               i.InputSimd128Register(0).Format(src_f), 0);
+      }
       break;
     }
     case kArm64Smlal: {
@@ -2100,6 +2122,18 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ StoreSandboxedPointerField(i.InputOrZeroRegister64(0),
                                     i.MemoryOperand(1));
       break;
+    case kArm64LdrH: {
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
+      __ Ldr(i.OutputDoubleRegister().H(), i.MemoryOperand());
+      __ Fcvt(i.OutputDoubleRegister().S(), i.OutputDoubleRegister().H());
+      break;
+    }
+    case kArm64StrH:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
+      __ Fcvt(i.InputFloat32OrZeroRegister(0).H(),
+              i.InputFloat32OrZeroRegister(0).S());
+      __ Str(i.InputFloat32OrZeroRegister(0).H(), i.MemoryOperand(1));
+      break;
     case kArm64LdrS:
       RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       __ Ldr(i.OutputDoubleRegister().S(), i.MemoryOperand());
@@ -2453,6 +2487,32 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ Fcvtl(i.OutputSimd128Register().V2D(),
                i.InputSimd128Register(0).V2S());
       break;
+    }
+      SIMD_UNOP_CASE(kArm64F16x8SConvertI16x8, Scvtf, 8H);
+      SIMD_UNOP_CASE(kArm64F16x8UConvertI16x8, Ucvtf, 8H);
+      SIMD_UNOP_CASE(kArm64I16x8UConvertF16x8, Fcvtzu, 8H);
+      SIMD_UNOP_CASE(kArm64I16x8SConvertF16x8, Fcvtzs, 8H);
+    case kArm64F16x8DemoteF32x4Zero: {
+      __ Fcvtn(i.OutputSimd128Register().V4H(),
+               i.InputSimd128Register(0).V4S());
+      break;
+    }
+    case kArm64F16x8DemoteF64x2Zero: {
+      // There is no vector f64 -> f16 conversion instruction,
+      // so convert them by component using scalar version.
+      // Convert high double to a temp reg first, because dst and src
+      // can overlap.
+      __ Mov(fp_scratch.D(), i.InputSimd128Register(0).V2D(), 1);
+      __ Fcvt(fp_scratch.H(), fp_scratch.D());
+
+      __ Fcvt(i.OutputSimd128Register().H(), i.InputSimd128Register(0).D());
+      __ Mov(i.OutputSimd128Register().V8H(), 1, fp_scratch.V8H(), 0);
+      break;
+    }
+    case kArm64F32x4PromoteLowF16x8: {
+      __ Fcvtl(i.OutputSimd128Register().V4S(),
+               i.InputSimd128Register(0).V4H());
+      break;
     }
     case kArm64FExtractLane: {
       VectorFormat dst_f =
@@ -2460,6 +2520,9 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorFormat src_f = VectorFormatFillQ(dst_f);
       __ Mov(i.OutputSimd128Register().Format(dst_f),
              i.InputSimd128Register(0).Format(src_f), i.InputInt8(1));
+      if (dst_f == kFormatH) {
+        __ Fcvt(i.OutputSimd128Register().S(), i.OutputSimd128Register().H());
+      }
       break;
     }
     case kArm64FReplaceLane: {
@@ -2469,7 +2532,14 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       if (dst != src1) {
         __ Mov(dst, src1);
       }
-      __ Mov(dst, i.InputInt8(1), i.InputSimd128Register(2).Format(f), 0);
+      if (f == kFormat8H) {
+        UseScratchRegisterScope scope(masm());
+        VRegister tmp = scope.AcquireV(kFormat8H);
+        __ Fcvt(tmp.H(), i.InputSimd128Register(2).S());
+        __ Mov(dst, i.InputInt8(1), tmp.Format(f), 0);
+      } else {
+        __ Mov(dst, i.InputInt8(1), i.InputSimd128Register(2).Format(f), 0);
+      }
       break;
     }
       SIMD_FCM_L_CASE(kArm64FEq, eq, eq);
@@ -2546,6 +2616,29 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ Bsl(dst.V16B(), rhs.V16B(), lhs.V16B());
       break;
     }
+    case kArm64F16x8Pmin: {
+      VRegister dst = i.OutputSimd128Register().V8H();
+      VRegister lhs = i.InputSimd128Register(0).V8H();
+      VRegister rhs = i.InputSimd128Register(1).V8H();
+      // f16x8.pmin(lhs, rhs)
+      // = v128.bitselect(rhs, lhs, f16x8.lt(rhs, lhs))
+      // = v128.bitselect(rhs, lhs, f16x8.gt(lhs, rhs))
+      __ Fcmgt(dst, lhs, rhs);
+      __ Bsl(dst.V16B(), rhs.V16B(), lhs.V16B());
+      break;
+    }
+    case kArm64F16x8Pmax: {
+      VRegister dst = i.OutputSimd128Register().V8H();
+      VRegister lhs = i.InputSimd128Register(0).V8H();
+      VRegister rhs = i.InputSimd128Register(1).V8H();
+      // f16x8.pmax(lhs, rhs)
+      // = v128.bitselect(rhs, lhs, f16x8.gt(rhs, lhs))
+      __ Fcmgt(dst, rhs, lhs);
+      __ Bsl(dst.V16B(), rhs.V16B(), lhs.V16B());
+      break;
+    }
+      SIMD_DESTRUCTIVE_RELAXED_FUSED_CASE(kArm64F16x8Qfma, Fmla, 8H);
+      SIMD_DESTRUCTIVE_RELAXED_FUSED_CASE(kArm64F16x8Qfms, Fmls, 8H);
     case kArm64IExtractLane: {
       VectorFormat f = VectorFormatFillQ(LaneSizeField::decode(opcode));
       Register dst =
@@ -2680,6 +2773,34 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ I32x4BitMask(i.OutputRegister32(), i.InputSimd128Register(0));
       break;
     }
+    case kArm64I8x16Addv: {
+      __ Addv(i.OutputSimd128Register().B(), i.InputSimd128Register(0).V16B());
+      break;
+    }
+    case kArm64I16x8Addv: {
+      __ Addv(i.OutputSimd128Register().H(), i.InputSimd128Register(0).V8H());
+      break;
+    }
+    case kArm64I32x4Addv: {
+      __ Addv(i.OutputSimd128Register().S(), i.InputSimd128Register(0).V4S());
+      break;
+    }
+    case kArm64I64x2AddPair: {
+      __ Addp(i.OutputSimd128Register().D(), i.InputSimd128Register(0).V2D());
+      break;
+    }
+    case kArm64F32x4AddReducePairwise: {
+      UseScratchRegisterScope scope(masm());
+      VRegister tmp = scope.AcquireV(kFormat4S);
+      __ Faddp(tmp.V4S(), i.InputSimd128Register(0).V4S(),
+               i.InputSimd128Register(0).V4S());
+      __ Faddp(i.OutputSimd128Register().S(), tmp.V2S());
+      break;
+    }
+    case kArm64F64x2AddPair: {
+      __ Faddp(i.OutputSimd128Register().D(), i.InputSimd128Register(0).V2D());
+      break;
+    }
     case kArm64I32x4DotI16x8S: {
       UseScratchRegisterScope scope(masm());
       VRegister lhs = i.InputSimd128Register(0);
diff --git a/deps/v8/src/compiler/backend/arm64/instruction-codes-arm64.h b/deps/v8/src/compiler/backend/arm64/instruction-codes-arm64.h
index 4d24ef26840582..e07d9d6d30fe65 100644
--- a/deps/v8/src/compiler/backend/arm64/instruction-codes-arm64.h
+++ b/deps/v8/src/compiler/backend/arm64/instruction-codes-arm64.h
@@ -20,6 +20,7 @@ namespace compiler {
   V(Arm64Ldrh)                                             \
   V(Arm64LdrQ)                                             \
   V(Arm64LdrS)                                             \
+  V(Arm64LdrH)                                             \
   V(Arm64Ldrsb)                                            \
   V(Arm64LdrsbW)                                           \
   V(Arm64Ldrsh)                                            \
@@ -42,6 +43,7 @@ namespace compiler {
   V(Arm64Strh)                                             \
   V(Arm64StrQ)                                             \
   V(Arm64StrS)                                             \
+  V(Arm64StrH)                                             \
   V(Arm64StrW)                                             \
   V(Arm64StrWPair)                                         \
   V(Arm64LdrDecompressTaggedSigned)                        \
@@ -66,6 +68,17 @@ namespace compiler {
   V(Arm64F32x4Pmin)                     \
   V(Arm64F32x4Pmax)                     \
   V(Arm64F32x4DemoteF64x2Zero)          \
+  V(Arm64F16x8Pmin)                     \
+  V(Arm64F16x8Pmax)                     \
+  V(Arm64F32x4PromoteLowF16x8)          \
+  V(Arm64F16x8SConvertI16x8)            \
+  V(Arm64F16x8UConvertI16x8)            \
+  V(Arm64F16x8DemoteF32x4Zero)          \
+  V(Arm64F16x8DemoteF64x2Zero)          \
+  V(Arm64I16x8SConvertF16x8)            \
+  V(Arm64I16x8UConvertF16x8)            \
+  V(Arm64F16x8Qfma)                     \
+  V(Arm64F16x8Qfms)                     \
   V(Arm64I64x2ShrU)                     \
   V(Arm64I64x2BitMask)                  \
   V(Arm64I32x4SConvertF32x4)            \
@@ -149,6 +162,12 @@ namespace compiler {
   V(Arm64I32x4DotI16x8S)                \
   V(Arm64I16x8DotI8x16S)                \
   V(Arm64I32x4DotI8x16AddS)             \
+  V(Arm64I8x16Addv)                     \
+  V(Arm64I16x8Addv)                     \
+  V(Arm64I32x4Addv)                     \
+  V(Arm64I64x2AddPair)                  \
+  V(Arm64F32x4AddReducePairwise)        \
+  V(Arm64F64x2AddPair)                  \
   V(Arm64I32x4TruncSatF64x2SZero)       \
   V(Arm64I32x4TruncSatF64x2UZero)       \
   V(Arm64IExtractLaneU)                 \
@@ -288,6 +307,10 @@ namespace compiler {
   V(Arm64Poke)                                       \
   V(Arm64PokePair)                                   \
   V(Arm64Peek)                                       \
+  V(Arm64Float16RoundDown)                           \
+  V(Arm64Float16RoundUp)                             \
+  V(Arm64Float16RoundTruncate)                       \
+  V(Arm64Float16RoundTiesEven)                       \
   V(Arm64Float32Cmp)                                 \
   V(Arm64Float32Add)                                 \
   V(Arm64Float32Sub)                                 \
diff --git a/deps/v8/src/compiler/backend/arm64/instruction-scheduler-arm64.cc b/deps/v8/src/compiler/backend/arm64/instruction-scheduler-arm64.cc
index d12d9f36b72a44..a2ba18aaac50ac 100644
--- a/deps/v8/src/compiler/backend/arm64/instruction-scheduler-arm64.cc
+++ b/deps/v8/src/compiler/backend/arm64/instruction-scheduler-arm64.cc
@@ -89,6 +89,10 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kArm64Rbit32:
     case kArm64Rev:
     case kArm64Rev32:
+    case kArm64Float16RoundDown:
+    case kArm64Float16RoundTiesEven:
+    case kArm64Float16RoundTruncate:
+    case kArm64Float16RoundUp:
     case kArm64Float32Cmp:
     case kArm64Float32Add:
     case kArm64Float32Sub:
@@ -190,6 +194,17 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kArm64F32x4Pmin:
     case kArm64F32x4Pmax:
     case kArm64F32x4DemoteF64x2Zero:
+    case kArm64F16x8Pmin:
+    case kArm64F16x8Pmax:
+    case kArm64F32x4PromoteLowF16x8:
+    case kArm64F16x8SConvertI16x8:
+    case kArm64F16x8UConvertI16x8:
+    case kArm64F16x8DemoteF32x4Zero:
+    case kArm64F16x8DemoteF64x2Zero:
+    case kArm64I16x8SConvertF16x8:
+    case kArm64I16x8UConvertF16x8:
+    case kArm64F16x8Qfma:
+    case kArm64F16x8Qfms:
     case kArm64IExtractLane:
     case kArm64IReplaceLane:
     case kArm64ISplat:
@@ -216,6 +231,12 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kArm64I32x4DotI16x8S:
     case kArm64I16x8DotI8x16S:
     case kArm64I32x4DotI8x16AddS:
+    case kArm64I8x16Addv:
+    case kArm64I16x8Addv:
+    case kArm64I32x4Addv:
+    case kArm64I64x2AddPair:
+    case kArm64F32x4AddReducePairwise:
+    case kArm64F64x2AddPair:
     case kArm64I32x4TruncSatF64x2SZero:
     case kArm64I32x4TruncSatF64x2UZero:
     case kArm64IExtractLaneU:
@@ -305,6 +326,7 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kArm64CompareAndBranch:
       return kNoOpcodeFlags;
 
+    case kArm64LdrH:
     case kArm64LdrS:
     case kArm64LdrD:
     case kArm64LdrQ:
@@ -339,6 +361,7 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kArm64Claim:
     case kArm64Poke:
     case kArm64PokePair:
+    case kArm64StrH:
     case kArm64StrS:
     case kArm64StrD:
     case kArm64StrQ:
diff --git a/deps/v8/src/compiler/backend/arm64/instruction-selector-arm64.cc b/deps/v8/src/compiler/backend/arm64/instruction-selector-arm64.cc
index f87fc743488027..58f7c07618bdf8 100644
--- a/deps/v8/src/compiler/backend/arm64/instruction-selector-arm64.cc
+++ b/deps/v8/src/compiler/backend/arm64/instruction-selector-arm64.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/logging.h"
 #include "src/codegen/assembler-inl.h"
@@ -58,8 +60,7 @@ class Arm64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
       auto constant = selector()->constant_view(node);
       if ((IsIntegerConstant(constant) &&
            GetIntegerConstantValue(constant) == 0) ||
-          (constant.is_float() &&
-           base::bit_cast<uint64_t>(constant.float_value()) == 0)) {
+          constant.is_float_zero()) {
         return true;
       }
     }
@@ -115,7 +116,7 @@ class Arm64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
     return constant.int64_value();
   }
 
-  base::Optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
+  std::optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
     if (!this->IsIntegerConstant(operation)) return {};
     return this->GetIntegerConstantValue(selector()->constant_view(operation));
   }
@@ -1036,7 +1037,7 @@ void VisitAddSub(InstructionSelectorT<TurboshaftAdapter>* selector,
   const WordBinopOp& add_sub = selector->Get(node).Cast<WordBinopOp>();
   auto [left, right] = GetBinopLeftRightCstOnTheRight(selector, add_sub);
 
-  if (base::Optional<int64_t> constant_rhs =
+  if (std::optional<int64_t> constant_rhs =
           g.GetOptionalIntegerConstant(right)) {
     if (constant_rhs < 0 && constant_rhs > std::numeric_limits<int>::min() &&
         g.CanBeImmediate(-*constant_rhs, kArithmeticImm)) {
@@ -1128,7 +1129,7 @@ bool TryEmitMultiplyNegate(InstructionSelectorT<TurboshaftAdapter>* selector,
   }
   const WordBinopOp& sub = mul_lhs.Cast<WordBinopOp>();
   Arm64OperandGeneratorT<TurboshaftAdapter> g(selector);
-  base::Optional<int64_t> sub_lhs_constant =
+  std::optional<int64_t> sub_lhs_constant =
       g.GetOptionalIntegerConstant(sub.left());
   if (!sub_lhs_constant.has_value() || sub_lhs_constant != 0) return false;
   selector->Emit(mneg_opcode, g.DefineAsRegister(mul),
@@ -1193,7 +1194,8 @@ std::tuple<InstructionCode, ImmediateMode> GetStoreOpcodeAndImmediate(
     case MemoryRepresentation::Uint64():
       return {paired ? kArm64StrPair : kArm64Str, kLoadStoreImm64};
     case MemoryRepresentation::Float16():
-      UNIMPLEMENTED();
+      CHECK(!paired);
+      return {kArm64StrH, kLoadStoreImm16};
     case MemoryRepresentation::Float32():
       CHECK(!paired);
       return {kArm64StrS, kLoadStoreImm32};
@@ -1247,6 +1249,11 @@ std::tuple<InstructionCode, ImmediateMode> GetStoreOpcodeAndImmediate(
   InstructionCode opcode = kArchNop;
   ImmediateMode immediate_mode = kNoImmediate;
   switch (rep) {
+    case MachineRepresentation::kFloat16:
+      CHECK(!paired);
+      opcode = kArm64StrH;
+      immediate_mode = kLoadStoreImm16;
+      break;
     case MachineRepresentation::kFloat32:
       CHECK(!paired);
       opcode = kArm64StrS;
@@ -1323,8 +1330,6 @@ std::tuple<InstructionCode, ImmediateMode> GetStoreOpcodeAndImmediate(
       opcode = kArm64StrQ;
       immediate_mode = kNoImmediate;
       break;
-    case MachineRepresentation::kFloat16:
-      UNIMPLEMENTED();
     case MachineRepresentation::kSimd256:
     case MachineRepresentation::kMapWord:
     case MachineRepresentation::kProtectedPointer:
@@ -1798,7 +1803,8 @@ std::tuple<InstructionCode, ImmediateMode> GetLoadOpcodeAndImmediate(
       DCHECK_EQ(result_rep, RegisterRepresentation::Word64());
       return {kArm64Ldr, kLoadStoreImm64};
     case MemoryRepresentation::Float16():
-      UNIMPLEMENTED();
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
+      return {kArm64LdrH, kLoadStoreImm16};
     case MemoryRepresentation::Float32():
       DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
       return {kArm64LdrS, kLoadStoreImm32};
@@ -1847,6 +1853,8 @@ std::tuple<InstructionCode, ImmediateMode> GetLoadOpcodeAndImmediate(
 std::tuple<InstructionCode, ImmediateMode> GetLoadOpcodeAndImmediate(
     LoadRepresentation load_rep) {
   switch (load_rep.representation()) {
+    case MachineRepresentation::kFloat16:
+      return {kArm64LdrH, kLoadStoreImm16};
     case MachineRepresentation::kFloat32:
       return {kArm64LdrS, kLoadStoreImm32};
     case MachineRepresentation::kFloat64:
@@ -1891,8 +1899,6 @@ std::tuple<InstructionCode, ImmediateMode> GetLoadOpcodeAndImmediate(
       return {kArm64LdrDecodeSandboxedPointer, kLoadStoreImm64};
     case MachineRepresentation::kSimd128:
       return {kArm64LdrQ, kNoImmediate};
-    case MachineRepresentation::kFloat16:
-      UNIMPLEMENTED();
     case MachineRepresentation::kSimd256:  // Fall through.
     case MachineRepresentation::kMapWord:  // Fall through.
     case MachineRepresentation::kIndirectPointer:  // Fall through.
@@ -2074,7 +2080,7 @@ void InstructionSelectorT<Adapter>::VisitStore(typename Adapter::node_t node) {
     }
   }
 
-  base::Optional<ExternalReference> external_base;
+  std::optional<ExternalReference> external_base;
   if constexpr (Adapter::IsTurboshaft) {
     ExternalReference value;
     if (this->MatchExternalConstant(store_view.base(), &value)) {
@@ -2087,7 +2093,7 @@ void InstructionSelectorT<Adapter>::VisitStore(typename Adapter::node_t node) {
     }
   }
 
-  base::Optional<int64_t> constant_index;
+  std::optional<int64_t> constant_index;
   if (this->valid(store_view.index())) {
     node_t index = this->value(store_view.index());
     constant_index = g.GetOptionalIntegerConstant(index);
@@ -2283,7 +2289,7 @@ class CompareChainNode final : public ZoneObject {
   CompareChainNode* rhs_ = nullptr;
 };
 
-static base::Optional<FlagsCondition> GetFlagsCondition(
+static std::optional<FlagsCondition> GetFlagsCondition(
     OpIndex node, InstructionSelectorT<TurboshaftAdapter>* selector) {
   if (const ComparisonOp* comparison =
           selector->Get(node).TryCast<ComparisonOp>()) {
@@ -2305,7 +2311,7 @@ static base::Optional<FlagsCondition> GetFlagsCondition(
       }
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // Search through AND, OR and comparisons.
@@ -2324,7 +2330,7 @@ static base::Optional<FlagsCondition> GetFlagsCondition(
 //   ccmp
 //   cset y
 //   logic x, y
-static base::Optional<CompareChainNode*> FindCompareChain(
+static std::optional<CompareChainNode*> FindCompareChain(
     OpIndex user, OpIndex node,
     InstructionSelectorT<TurboshaftAdapter>* selector, Zone* zone,
     ZoneVector<CompareChainNode*>& nodes) {
@@ -2345,12 +2351,12 @@ static base::Optional<CompareChainNode*> FindCompareChain(
     }
     // Ensure we remove any valid sub-trees that now cannot be used.
     nodes.clear();
-    return base::nullopt;
+    return std::nullopt;
   } else if (selector->valid(user) && selector->CanCover(user, node)) {
-    base::Optional<FlagsCondition> user_condition =
+    std::optional<FlagsCondition> user_condition =
         GetFlagsCondition(node, selector);
     if (!user_condition.has_value()) {
-      return base::nullopt;
+      return std::nullopt;
     }
     const ComparisonOp& comparison = selector->Get(node).Cast<ComparisonOp>();
     if (comparison.kind == ComparisonOp::Kind::kEqual &&
@@ -2365,7 +2371,7 @@ static base::Optional<CompareChainNode*> FindCompareChain(
     }
     return zone->New<CompareChainNode>(node, user_condition.value());
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // Overview -------------------------------------------------------------------
@@ -2523,7 +2529,7 @@ void CombineFlagSettingOps(CompareChainNode* logic_node,
   logic_node->SetCondition(user_condition);
 }
 
-static base::Optional<FlagsCondition> TryMatchConditionalCompareChainShared(
+static std::optional<FlagsCondition> TryMatchConditionalCompareChainShared(
     InstructionSelectorT<TurboshaftAdapter>* selector, Zone* zone, OpIndex node,
     CompareSequence* sequence) {
   // Instead of:
@@ -2545,14 +2551,14 @@ static base::Optional<FlagsCondition> TryMatchConditionalCompareChainShared(
   ZoneVector<CompareChainNode*> logic_nodes(zone);
   auto root =
       FindCompareChain(OpIndex::Invalid(), node, selector, zone, logic_nodes);
-  if (!root.has_value()) return base::nullopt;
+  if (!root.has_value()) return std::nullopt;
 
   if (logic_nodes.size() >
       FlagsContinuationT<TurboshaftAdapter>::kMaxCompareChainSize) {
-    return base::nullopt;
+    return std::nullopt;
   }
   if (!logic_nodes.front()->IsLegalFirstCombine()) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   for (auto* logic_node : logic_nodes) {
@@ -3618,6 +3624,10 @@ void InstructionSelectorT<Adapter>::VisitWord64Ror(node_t node) {
   V(Word64ReverseBits, kArm64Rbit)                            \
   V(Word32ReverseBytes, kArm64Rev32)                          \
   V(Word64ReverseBytes, kArm64Rev)                            \
+  IF_WASM(V, F16x8Ceil, kArm64Float16RoundUp)                 \
+  IF_WASM(V, F16x8Floor, kArm64Float16RoundDown)              \
+  IF_WASM(V, F16x8Trunc, kArm64Float16RoundTruncate)          \
+  IF_WASM(V, F16x8NearestInt, kArm64Float16RoundTiesEven)     \
   IF_WASM(V, F32x4Ceil, kArm64Float32RoundUp)                 \
   IF_WASM(V, F32x4Floor, kArm64Float32RoundDown)              \
   IF_WASM(V, F32x4Trunc, kArm64Float32RoundTruncate)          \
@@ -7030,6 +7040,13 @@ void InstructionSelectorT<Adapter>::VisitInt64AbsWithOverflow(node_t node) {
   V(F32x4SConvertI32x4, kArm64F32x4SConvertI32x4)               \
   V(F32x4UConvertI32x4, kArm64F32x4UConvertI32x4)               \
   V(F32x4DemoteF64x2Zero, kArm64F32x4DemoteF64x2Zero)           \
+  V(F16x8SConvertI16x8, kArm64F16x8SConvertI16x8)               \
+  V(F16x8UConvertI16x8, kArm64F16x8UConvertI16x8)               \
+  V(I16x8SConvertF16x8, kArm64I16x8SConvertF16x8)               \
+  V(I16x8UConvertF16x8, kArm64I16x8UConvertF16x8)               \
+  V(F16x8DemoteF32x4Zero, kArm64F16x8DemoteF32x4Zero)           \
+  V(F16x8DemoteF64x2Zero, kArm64F16x8DemoteF64x2Zero)           \
+  V(F32x4PromoteLowF16x8, kArm64F32x4PromoteLowF16x8)           \
   V(I64x2BitMask, kArm64I64x2BitMask)                           \
   V(I32x4SConvertF32x4, kArm64I32x4SConvertF32x4)               \
   V(I32x4UConvertF32x4, kArm64I32x4UConvertF32x4)               \
@@ -7063,6 +7080,10 @@ void InstructionSelectorT<Adapter>::VisitInt64AbsWithOverflow(node_t node) {
   V(I32x4Splat, kArm64ISplat, 32)   \
   V(I32x4Abs, kArm64IAbs, 32)       \
   V(I32x4Neg, kArm64INeg, 32)       \
+  V(F16x8Splat, kArm64FSplat, 16)   \
+  V(F16x8Abs, kArm64FAbs, 16)       \
+  V(F16x8Sqrt, kArm64FSqrt, 16)     \
+  V(F16x8Neg, kArm64FNeg, 16)       \
   V(I16x8Splat, kArm64ISplat, 16)   \
   V(I16x8Abs, kArm64IAbs, 16)       \
   V(I16x8Neg, kArm64INeg, 16)       \
@@ -7113,6 +7134,11 @@ void InstructionSelectorT<Adapter>::VisitInt64AbsWithOverflow(node_t node) {
   V(F32x4Div, kArm64FDiv, 32)                          \
   V(F32x4RelaxedMin, kArm64FMin, 32)                   \
   V(F32x4RelaxedMax, kArm64FMax, 32)                   \
+  V(F16x8Add, kArm64FAdd, 16)                          \
+  V(F16x8Sub, kArm64FSub, 16)                          \
+  V(F16x8Div, kArm64FDiv, 16)                          \
+  V(F16x8Min, kArm64FMin, 16)                          \
+  V(F16x8Max, kArm64FMax, 16)                          \
   V(I64x2Sub, kArm64ISub, 64)                          \
   V(I32x4GtU, kArm64IGtU, 32)                          \
   V(I32x4GeU, kArm64IGeU, 32)                          \
@@ -7173,15 +7199,15 @@ struct BicImmParam {
 
 template <typename node_t>
 struct BicImmResult {
-  BicImmResult(base::Optional<BicImmParam> param, node_t const_node,
+  BicImmResult(std::optional<BicImmParam> param, node_t const_node,
                node_t other_node)
       : param(param), const_node(const_node), other_node(other_node) {}
-  base::Optional<BicImmParam> param;
+  std::optional<BicImmParam> param;
   node_t const_node;
   node_t other_node;
 };
 
-base::Optional<BicImmParam> BicImm16bitHelper(uint16_t val) {
+std::optional<BicImmParam> BicImm16bitHelper(uint16_t val) {
   uint8_t byte0 = val & 0xFF;
   uint8_t byte1 = val >> 8;
   // Cannot use Bic if both bytes are not 0x00
@@ -7191,10 +7217,10 @@ base::Optional<BicImmParam> BicImm16bitHelper(uint16_t val) {
   if (byte1 == 0x00) {
     return BicImmParam(byte0, 16, 0);
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<BicImmParam> BicImm32bitHelper(uint32_t val) {
+std::optional<BicImmParam> BicImm32bitHelper(uint32_t val) {
   for (int i = 0; i < 4; i++) {
     // All bytes are 0 but one
     if ((val & (0xFF << (8 * i))) == val) {
@@ -7205,35 +7231,35 @@ base::Optional<BicImmParam> BicImm32bitHelper(uint32_t val) {
   if ((val >> 16) == (0xFFFF & val)) {
     return BicImm16bitHelper(0xFFFF & val);
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<BicImmParam> BicImmConstHelper(Node* const_node, bool not_imm) {
+std::optional<BicImmParam> BicImmConstHelper(Node* const_node, bool not_imm) {
   const int kUint32Immediates = 4;
   uint32_t val[kUint32Immediates];
   static_assert(sizeof(val) == kSimd128Size);
   memcpy(val, S128ImmediateParameterOf(const_node->op()).data(), kSimd128Size);
   // If 4 uint32s are not the same, cannot emit Bic
   if (!(val[0] == val[1] && val[1] == val[2] && val[2] == val[3])) {
-    return base::nullopt;
+    return std::nullopt;
   }
   return BicImm32bitHelper(not_imm ? ~val[0] : val[0]);
 }
 
-base::Optional<BicImmParam> BicImmConstHelper(const turboshaft::Operation& op,
-                                              bool not_imm) {
+std::optional<BicImmParam> BicImmConstHelper(const turboshaft::Operation& op,
+                                             bool not_imm) {
   const int kUint32Immediates = 4;
   uint32_t val[kUint32Immediates];
   static_assert(sizeof(val) == kSimd128Size);
   memcpy(val, op.Cast<turboshaft::Simd128ConstantOp>().value, kSimd128Size);
   // If 4 uint32s are not the same, cannot emit Bic
   if (!(val[0] == val[1] && val[1] == val[2] && val[2] == val[3])) {
-    return base::nullopt;
+    return std::nullopt;
   }
   return BicImm32bitHelper(not_imm ? ~val[0] : val[0]);
 }
 
-base::Optional<BicImmResult<turboshaft::OpIndex>> BicImmHelper(
+std::optional<BicImmResult<turboshaft::OpIndex>> BicImmHelper(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex and_node, bool not_imm) {
   using namespace turboshaft;  // NOLINT(build/namespaces)
@@ -7252,10 +7278,10 @@ base::Optional<BicImmResult<turboshaft::OpIndex>> BicImmHelper(
         BicImmConstHelper(selector->Get(op.right()), not_imm), op.right(),
         op.left());
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<BicImmResult<Node*>> BicImmHelper(
+std::optional<BicImmResult<Node*>> BicImmHelper(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* and_node,
     bool not_imm) {
   Node* left = and_node->InputAt(0);
@@ -7270,17 +7296,17 @@ base::Optional<BicImmResult<Node*>> BicImmHelper(
   if (right->opcode() == IrOpcode::kS128Const) {
     return BicImmResult<Node*>(BicImmConstHelper(right, not_imm), right, left);
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 template <typename Adapter>
 bool TryEmitS128AndNotImm(InstructionSelectorT<Adapter>* selector,
                           typename Adapter::node_t node, bool not_imm) {
   Arm64OperandGeneratorT<Adapter> g(selector);
-  base::Optional<BicImmResult<typename Adapter::node_t>> result =
+  std::optional<BicImmResult<typename Adapter::node_t>> result =
       BicImmHelper(selector, node, not_imm);
   if (!result.has_value()) return false;
-  base::Optional<BicImmParam> param = result->param;
+  std::optional<BicImmParam> param = result->param;
   if (param.has_value()) {
     if (selector->CanCover(node, result->other_node)) {
       selector->Emit(
@@ -7353,6 +7379,7 @@ void InstructionSelectorT<Adapter>::VisitI8x16BitMask(node_t node) {
   }
 SIMD_VISIT_EXTRACT_LANE(F64x2, F, , 64)
 SIMD_VISIT_EXTRACT_LANE(F32x4, F, , 32)
+SIMD_VISIT_EXTRACT_LANE(F16x8, F, , 16)
 SIMD_VISIT_EXTRACT_LANE(I64x2, I, , 64)
 SIMD_VISIT_EXTRACT_LANE(I32x4, I, , 32)
 SIMD_VISIT_EXTRACT_LANE(I16x8, I, U, 16)
@@ -7369,6 +7396,7 @@ SIMD_VISIT_EXTRACT_LANE(I8x16, I, S, 8)
   }
 SIMD_VISIT_REPLACE_LANE(F64x2, F, 64)
 SIMD_VISIT_REPLACE_LANE(F32x4, F, 32)
+SIMD_VISIT_REPLACE_LANE(F16x8, F, 16)
 SIMD_VISIT_REPLACE_LANE(I64x2, I, 64)
 SIMD_VISIT_REPLACE_LANE(I32x4, I, 32)
 SIMD_VISIT_REPLACE_LANE(I16x8, I, 16)
@@ -7530,6 +7558,30 @@ MulWithDup TryMatchMulWithDup(InstructionSelectorT<TurboshaftAdapter>* selector,
 }
 }  // namespace
 
+template <>
+void InstructionSelectorT<TurboshaftAdapter>::VisitF16x8Mul(node_t node) {
+  if (MulWithDup result = TryMatchMulWithDup<8>(this, node)) {
+    Arm64OperandGeneratorT<TurboshaftAdapter> g(this);
+    Emit(kArm64FMulElement | LaneSizeField::encode(16),
+         g.DefineAsRegister(node), g.UseRegister(result.input),
+         g.UseRegister(result.dup_node), g.UseImmediate(result.index));
+  } else {
+    return VisitRRR(this, kArm64FMul | LaneSizeField::encode(16), node);
+  }
+}
+
+template <>
+void InstructionSelectorT<TurbofanAdapter>::VisitF16x8Mul(Node* node) {
+  if (MulWithDupResult result = TryMatchMulWithDup<8>(node)) {
+    Arm64OperandGeneratorT<TurbofanAdapter> g(this);
+    Emit(kArm64FMulElement | LaneSizeField::encode(16),
+         g.DefineAsRegister(node), g.UseRegister(result.input),
+         g.UseRegister(result.dup_node), g.UseImmediate(result.index));
+  } else {
+    return VisitRRR(this, kArm64FMul | LaneSizeField::encode(16), node);
+  }
+}
+
 template <>
 void InstructionSelectorT<TurboshaftAdapter>::VisitF32x4Mul(node_t node) {
   if (MulWithDup result = TryMatchMulWithDup<4>(this, node)) {
@@ -7965,6 +8017,31 @@ VISIT_SIMD_SUB(I32x4, 32)
 VISIT_SIMD_SUB(I16x8, 16)
 #undef VISIT_SIMD_SUB
 
+namespace {
+void VisitSimdReduce(InstructionSelectorT<TurboshaftAdapter>* selector,
+                     turboshaft::OpIndex node, InstructionCode opcode) {
+  Arm64OperandGeneratorT<TurboshaftAdapter> g(selector);
+  selector->Emit(opcode, g.DefineAsRegister(node),
+                 g.UseRegister(selector->Get(node).input(0)));
+}
+
+}  // namespace
+
+#define VISIT_SIMD_REDUCE(Type, Opcode)                                 \
+  template <>                                                           \
+  void InstructionSelectorT<TurboshaftAdapter>::Visit##Type##AddReduce( \
+      turboshaft::OpIndex node) {                                       \
+    VisitSimdReduce(this, node, Opcode);                                \
+  }
+
+VISIT_SIMD_REDUCE(I8x16, kArm64I8x16Addv)
+VISIT_SIMD_REDUCE(I16x8, kArm64I16x8Addv)
+VISIT_SIMD_REDUCE(I32x4, kArm64I32x4Addv)
+VISIT_SIMD_REDUCE(I64x2, kArm64I64x2AddPair)
+VISIT_SIMD_REDUCE(F32x4, kArm64F32x4AddReducePairwise)
+VISIT_SIMD_REDUCE(F64x2, kArm64F64x2AddPair)
+#undef VISIT_SIMD_REDUCE
+
 namespace {
 bool isSimdZero(InstructionSelectorT<TurbofanAdapter>* selector, Node* node) {
   auto m = V128ConstMatcher(node);
@@ -8012,6 +8089,10 @@ VISIT_SIMD_CM(F32x4, F, Eq, Eq, 32)
 VISIT_SIMD_CM(F32x4, F, Ne, Ne, 32)
 VISIT_SIMD_CM(F32x4, F, Lt, Gt, 32)
 VISIT_SIMD_CM(F32x4, F, Le, Ge, 32)
+VISIT_SIMD_CM(F16x8, F, Eq, Eq, 16)
+VISIT_SIMD_CM(F16x8, F, Ne, Ne, 16)
+VISIT_SIMD_CM(F16x8, F, Lt, Gt, 16)
+VISIT_SIMD_CM(F16x8, F, Le, Ge, 16)
 
 VISIT_SIMD_CM(I64x2, I, Eq, Eq, 64)
 VISIT_SIMD_CM(I64x2, I, Ne, Ne, 64)
@@ -8073,6 +8154,8 @@ VISIT_SIMD_QFMOP(F64x2Qfma)
 VISIT_SIMD_QFMOP(F64x2Qfms)
 VISIT_SIMD_QFMOP(F32x4Qfma)
 VISIT_SIMD_QFMOP(F32x4Qfms)
+VISIT_SIMD_QFMOP(F16x8Qfma)
+VISIT_SIMD_QFMOP(F16x8Qfms)
 #undef VISIT_SIMD_QFMOP
 
 namespace {
@@ -8289,6 +8372,16 @@ void VisitPminOrPmax(InstructionSelectorT<Adapter>* selector, ArchOpcode opcode,
 }
 }  // namespace
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Pmin(node_t node) {
+  VisitPminOrPmax(this, kArm64F16x8Pmin, node);
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Pmax(node_t node) {
+  VisitPminOrPmax(this, kArm64F16x8Pmax, node);
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF32x4Pmin(node_t node) {
   VisitPminOrPmax(this, kArm64F32x4Pmin, node);
@@ -8397,28 +8490,33 @@ void InstructionSelectorT<Adapter>::AddOutputToSelectContinuation(
 // static
 MachineOperatorBuilder::Flags
 InstructionSelector::SupportedMachineOperatorFlags() {
-  return MachineOperatorBuilder::kFloat32RoundDown |
-         MachineOperatorBuilder::kFloat64RoundDown |
-         MachineOperatorBuilder::kFloat32RoundUp |
-         MachineOperatorBuilder::kFloat64RoundUp |
-         MachineOperatorBuilder::kFloat32RoundTruncate |
-         MachineOperatorBuilder::kFloat64RoundTruncate |
-         MachineOperatorBuilder::kFloat64RoundTiesAway |
-         MachineOperatorBuilder::kFloat32RoundTiesEven |
-         MachineOperatorBuilder::kFloat64RoundTiesEven |
-         MachineOperatorBuilder::kWord32Popcnt |
-         MachineOperatorBuilder::kWord64Popcnt |
-         MachineOperatorBuilder::kWord32ShiftIsSafe |
-         MachineOperatorBuilder::kInt32DivIsSafe |
-         MachineOperatorBuilder::kUint32DivIsSafe |
-         MachineOperatorBuilder::kWord32ReverseBits |
-         MachineOperatorBuilder::kWord64ReverseBits |
-         MachineOperatorBuilder::kSatConversionIsSafe |
-         MachineOperatorBuilder::kFloat32Select |
-         MachineOperatorBuilder::kFloat64Select |
-         MachineOperatorBuilder::kWord32Select |
-         MachineOperatorBuilder::kWord64Select |
-         MachineOperatorBuilder::kLoadStorePairs;
+  auto flags = MachineOperatorBuilder::kFloat32RoundDown |
+               MachineOperatorBuilder::kFloat64RoundDown |
+               MachineOperatorBuilder::kFloat32RoundUp |
+               MachineOperatorBuilder::kFloat64RoundUp |
+               MachineOperatorBuilder::kFloat32RoundTruncate |
+               MachineOperatorBuilder::kFloat64RoundTruncate |
+               MachineOperatorBuilder::kFloat64RoundTiesAway |
+               MachineOperatorBuilder::kFloat32RoundTiesEven |
+               MachineOperatorBuilder::kFloat64RoundTiesEven |
+               MachineOperatorBuilder::kWord32Popcnt |
+               MachineOperatorBuilder::kWord64Popcnt |
+               MachineOperatorBuilder::kWord32ShiftIsSafe |
+               MachineOperatorBuilder::kInt32DivIsSafe |
+               MachineOperatorBuilder::kUint32DivIsSafe |
+               MachineOperatorBuilder::kWord32ReverseBits |
+               MachineOperatorBuilder::kWord64ReverseBits |
+               MachineOperatorBuilder::kSatConversionIsSafe |
+               MachineOperatorBuilder::kFloat32Select |
+               MachineOperatorBuilder::kFloat64Select |
+               MachineOperatorBuilder::kWord32Select |
+               MachineOperatorBuilder::kWord64Select |
+               MachineOperatorBuilder::kLoadStorePairs;
+  if (CpuFeatures::IsSupported(FP16)) {
+    flags |= MachineOperatorBuilder::kFloat16 |
+             MachineOperatorBuilder::kFloat64ToFloat16;
+  }
+  return flags;
 }
 
 // static
diff --git a/deps/v8/src/compiler/backend/code-generator.cc b/deps/v8/src/compiler/backend/code-generator.cc
index 768f4f0ecee8bd..554ee67eb160d5 100644
--- a/deps/v8/src/compiler/backend/code-generator.cc
+++ b/deps/v8/src/compiler/backend/code-generator.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/backend/code-generator.h"
 
+#include <optional>
+
 #include "src/base/bounds.h"
 #include "src/base/iterator.h"
 #include "src/codegen/assembler-inl.h"
@@ -51,7 +53,7 @@ class CodeGenerator::JumpTable final : public ZoneObject {
 CodeGenerator::CodeGenerator(Zone* codegen_zone, Frame* frame, Linkage* linkage,
                              InstructionSequence* instructions,
                              OptimizedCompilationInfo* info, Isolate* isolate,
-                             base::Optional<OsrHelper> osr_helper,
+                             std::optional<OsrHelper> osr_helper,
                              int start_source_position,
                              JumpOptimizationInfo* jump_opt,
                              const AssemblerOptions& options, Builtin builtin,
@@ -538,7 +540,8 @@ MaybeHandle<Code> CodeGenerator::FinalizeCode() {
 
   if (CodeKindUsesDeoptimizationData(info()->code_kind())) {
     builder.set_deoptimization_data(GenerateDeoptimizationData());
-    DCHECK(info()->has_bytecode_array());
+    DCHECK(info()->has_bytecode_array() ||
+           info()->code_kind() == CodeKind::WASM_FUNCTION);
   }
 
   MaybeHandle<Code> maybe_code = builder.TryBuild();
@@ -1530,8 +1533,12 @@ void CodeGenerator::AddTranslationForOperand(Instruction* instr,
       case Constant::kFloat64:
         DCHECK(type.representation() == MachineRepresentation::kFloat64 ||
                type.representation() == MachineRepresentation::kTagged);
-        DCHECK_NE(type, MachineType::HoleyFloat64());
-        literal = DeoptimizationLiteral(constant.ToFloat64().value());
+        if (type == MachineType::HoleyFloat64() &&
+            constant.ToFloat64().AsUint64() == kHoleNanInt64) {
+          literal = DeoptimizationLiteral::HoleNaN();
+        } else {
+          literal = DeoptimizationLiteral(constant.ToFloat64().value());
+        }
         break;
       case Constant::kHeapObject:
         DCHECK_EQ(MachineRepresentation::kTagged, type.representation());
diff --git a/deps/v8/src/compiler/backend/code-generator.h b/deps/v8/src/compiler/backend/code-generator.h
index 1eeae5062b099a..056a2b08cc2a41 100644
--- a/deps/v8/src/compiler/backend/code-generator.h
+++ b/deps/v8/src/compiler/backend/code-generator.h
@@ -6,8 +6,8 @@
 #define V8_COMPILER_BACKEND_CODE_GENERATOR_H_
 
 #include <memory>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/codegen/macro-assembler.h"
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/codegen/safepoint-table.h"
@@ -76,7 +76,7 @@ class V8_EXPORT_PRIVATE CodeGenerator final : public GapResolver::Assembler {
   explicit CodeGenerator(Zone* codegen_zone, Frame* frame, Linkage* linkage,
                          InstructionSequence* instructions,
                          OptimizedCompilationInfo* info, Isolate* isolate,
-                         base::Optional<OsrHelper> osr_helper,
+                         std::optional<OsrHelper> osr_helper,
                          int start_source_position,
                          JumpOptimizationInfo* jump_opt,
                          const AssemblerOptions& options, Builtin builtin,
@@ -225,7 +225,7 @@ class V8_EXPORT_PRIVATE CodeGenerator final : public GapResolver::Assembler {
 #if V8_TARGET_ARCH_X64
   void AssembleArchBinarySearchSwitchRange(
       Register input, RpoNumber def_block, std::pair<int32_t, Label*>* begin,
-      std::pair<int32_t, Label*>* end, base::Optional<int32_t>& last_cmp_value);
+      std::pair<int32_t, Label*>* end, std::optional<int32_t>& last_cmp_value);
 #else
   void AssembleArchBinarySearchSwitchRange(Register input, RpoNumber def_block,
                                            std::pair<int32_t, Label*>* begin,
@@ -442,7 +442,7 @@ class V8_EXPORT_PRIVATE CodeGenerator final : public GapResolver::Assembler {
 
   JumpTable* jump_tables_;
   OutOfLineCode* ools_;
-  base::Optional<OsrHelper> osr_helper_;
+  std::optional<OsrHelper> osr_helper_;
   int osr_pc_offset_;
   SourcePositionTableBuilder source_position_table_builder_;
 #if V8_ENABLE_WEBASSEMBLY
diff --git a/deps/v8/src/compiler/backend/ia32/code-generator-ia32.cc b/deps/v8/src/compiler/backend/ia32/code-generator-ia32.cc
index 4c33ee5abaf4b3..6574efa3b0d32e 100644
--- a/deps/v8/src/compiler/backend/ia32/code-generator-ia32.cc
+++ b/deps/v8/src/compiler/backend/ia32/code-generator-ia32.cc
@@ -4033,7 +4033,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/ia32/instruction-selector-ia32.cc b/deps/v8/src/compiler/backend/ia32/instruction-selector-ia32.cc
index 464df702b16c17..0ecca7930871c0 100644
--- a/deps/v8/src/compiler/backend/ia32/instruction-selector-ia32.cc
+++ b/deps/v8/src/compiler/backend/ia32/instruction-selector-ia32.cc
@@ -6,6 +6,7 @@
 #include <stdint.h>
 
 #include <limits>
+#include <optional>
 #include <type_traits>
 #include <vector>
 
@@ -147,7 +148,7 @@ bool MatchScaledIndex(InstructionSelectorT<TurboshaftAdapter>* selector,
   return false;
 }
 
-base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
+std::optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex node,
     bool allow_power_of_two_plus_one) {
   ScaledIndexMatch<TurboshaftAdapter> match;
@@ -157,11 +158,11 @@ base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
     match.base = plus_one ? match.index : turboshaft::OpIndex{};
     return match;
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // Copied verbatim from x64 (just renamed).
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacementForWordBinop(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex left,
     turboshaft::OpIndex right) {
@@ -189,7 +190,7 @@ TryMatchBaseWithScaledIndexAndDisplacementForWordBinop(
           OwnedByAddressingOperand(right)) {
         if (!selector->MatchIntegralWord32Constant(right_binop->right(),
                                                    &result.displacement)) {
-          return base::nullopt;
+          return std::nullopt;
         }
         result.base = right_binop->left();
         result.displacement_mode = kNegativeDisplacement;
@@ -272,7 +273,7 @@ TryMatchBaseWithScaledIndexAndDisplacementForWordBinop(
 }
 
 // Copied verbatim from x64 (just renamed).
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex node) {
@@ -335,7 +336,7 @@ TryMatchBaseWithScaledIndexAndDisplacement(
     return result;
 #endif  // V8_ENABLE_WEBASSEMBLY
   } else {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   const WordBinopOp& binop = op.Cast<WordBinopOp>();
@@ -399,9 +400,8 @@ class IA32OperandGeneratorT final : public OperandGeneratorT<Adapter> {
         constant.is_relocatable_int64()) {
       return true;
     }
-    if (constant.is_number()) {
-      const double value = constant.number_value();
-      return base::bit_cast<int64_t>(value) == 0;
+    if (constant.is_number_zero()) {
+      return true;
     }
     // If we want to support HeapConstant nodes here, we must find a way
     // to check that they're not in new-space without dereferencing the
@@ -413,8 +413,8 @@ class IA32OperandGeneratorT final : public OperandGeneratorT<Adapter> {
     DCHECK(CanBeImmediate(node));
     auto constant = this->constant_view(node);
     if (constant.is_int32()) return constant.int32_value();
-    DCHECK(constant.is_number());
-    return static_cast<int32_t>(constant.number_value());
+    DCHECK(constant.is_number_zero());
+    return 0;
   }
 
   bool ValueFitsIntoImmediate(int64_t value) const {
@@ -1201,7 +1201,7 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
   node_t value = store.value();
   int32_t displacement = store.displacement();
   uint8_t element_size_log2 = store.element_size_log2();
-  base::Optional<AtomicMemoryOrder> atomic_order = store.memory_order();
+  std::optional<AtomicMemoryOrder> atomic_order = store.memory_order();
   StoreRepresentation store_rep = store.stored_rep();
 
   WriteBarrierKind write_barrier_kind = store_rep.write_barrier_kind();
@@ -1957,7 +1957,7 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitInt32Add(node_t node) {
   turboshaft::OpIndex left = add.left();
   turboshaft::OpIndex right = add.right();
 
-  base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>> m =
+  std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>> m =
       TryMatchBaseWithScaledIndexAndDisplacementForWordBinop(this, left, right);
   if (m.has_value()) {
     if (g.ValueFitsIntoImmediate(m->displacement)) {
@@ -3617,6 +3617,11 @@ SIMD_INT_TYPES(VISIT_SIMD_SPLAT)
 #undef SIMD_INT_TYPES
 #undef VISIT_SIMD_SPLAT
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Splat(node_t node) {
+  UNIMPLEMENTED();
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI8x16ExtractLaneU(node_t node) {
   VisitRRISimd(this, node, kIA32Pextrb);
@@ -3642,6 +3647,16 @@ void InstructionSelectorT<Adapter>::VisitI32x4ExtractLane(node_t node) {
   VisitRRISimd(this, node, kIA32I32x4ExtractLane);
 }
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8ExtractLane(node_t node) {
+  UNIMPLEMENTED();
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8ReplaceLane(node_t node) {
+  UNIMPLEMENTED();
+}
+
 #define SIMD_REPLACE_LANE_TYPE_OP(V) \
   V(I32x4, kIA32Pinsrd)              \
   V(I16x8, kIA32Pinsrw)              \
@@ -3703,6 +3718,44 @@ SIMD_UNOP_LIST(VISIT_SIMD_UNOP)
 #undef VISIT_SIMD_UNOP
 #undef SIMD_UNOP_LIST
 
+#define UNIMPLEMENTED_SIMD_UNOP_LIST(V) \
+  V(F16x8Abs)                           \
+  V(F16x8Neg)                           \
+  V(F16x8Sqrt)                          \
+  V(F16x8Floor)                         \
+  V(F16x8Ceil)                          \
+  V(F16x8Trunc)                         \
+  V(F16x8NearestInt)
+
+#define SIMD_VISIT_UNIMPL_UNOP(Name)                             \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_UNOP_LIST(SIMD_VISIT_UNIMPL_UNOP)
+#undef SIMD_VISIT_UNIMPL_UNOP
+#undef UNIMPLEMENTED_SIMD_UNOP_LIST
+
+#define UNIMPLEMENTED_SIMD_CVTOP_LIST(V) \
+  V(F16x8SConvertI16x8)                  \
+  V(F16x8UConvertI16x8)                  \
+  V(I16x8SConvertF16x8)                  \
+  V(I16x8UConvertF16x8)                  \
+  V(F32x4PromoteLowF16x8)                \
+  V(F16x8DemoteF32x4Zero)                \
+  V(F16x8DemoteF64x2Zero)
+
+#define SIMD_VISIT_UNIMPL_CVTOP(Name)                            \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_CVTOP_LIST(SIMD_VISIT_UNIMPL_CVTOP)
+#undef SIMD_VISIT_UNIMPL_CVTOP
+#undef UNIMPLEMENTED_SIMD_CVTOP_LIST
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitV128AnyTrue(node_t node) {
   IA32OperandGeneratorT<Adapter> g(this);
@@ -3733,6 +3786,30 @@ SIMD_BINOP_LIST(VISIT_SIMD_BINOP)
 #undef VISIT_SIMD_BINOP
 #undef SIMD_BINOP_LIST
 
+#define UNIMPLEMENTED_SIMD_BINOP_LIST(V) \
+  V(F16x8Add)                            \
+  V(F16x8Sub)                            \
+  V(F16x8Mul)                            \
+  V(F16x8Div)                            \
+  V(F16x8Min)                            \
+  V(F16x8Max)                            \
+  V(F16x8Pmin)                           \
+  V(F16x8Pmax)                           \
+  V(F16x8Eq)                             \
+  V(F16x8Ne)                             \
+  V(F16x8Lt)                             \
+  V(F16x8Le)
+
+#define SIMD_VISIT_UNIMPL_BINOP(Name)                            \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_BINOP_LIST(SIMD_VISIT_UNIMPL_BINOP)
+#undef SIMD_VISIT_UNIMPL_BINOP
+#undef UNIMPLEMENTED_SIMD_BINOP_LIST
+
 #define VISIT_SIMD_BINOP_UNIFIED_SSE_AVX(Opcode)                   \
   template <typename Adapter>                                      \
   void InstructionSelectorT<Adapter>::Visit##Opcode(node_t node) { \
@@ -4456,6 +4533,16 @@ void InstructionSelectorT<Adapter>::VisitF32x4Qfms(node_t node) {
   VisitRRRR(this, node, kIA32F32x4Qfms);
 }
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Qfma(node_t node) {
+  UNIMPLEMENTED();
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Qfms(node_t node) {
+  UNIMPLEMENTED();
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI16x8DotI8x16I7x16S(node_t node) {
   IA32OperandGeneratorT<Adapter> g(this);
diff --git a/deps/v8/src/compiler/backend/instruction-scheduler.cc b/deps/v8/src/compiler/backend/instruction-scheduler.cc
index 148853b68d0f2d..1b3adab2789a1e 100644
--- a/deps/v8/src/compiler/backend/instruction-scheduler.cc
+++ b/deps/v8/src/compiler/backend/instruction-scheduler.cc
@@ -4,8 +4,9 @@
 
 #include "src/compiler/backend/instruction-scheduler.h"
 
+#include <optional>
+
 #include "src/base/iterator.h"
-#include "src/base/optional.h"
 #include "src/base/utils/random-number-generator.h"
 #include "src/compiler/backend/instruction-codes.h"
 
@@ -85,7 +86,7 @@ InstructionScheduler::InstructionScheduler(Zone* zone,
       operands_map_(zone) {
   if (v8_flags.turbo_stress_instruction_scheduling) {
     random_number_generator_ =
-        base::Optional<base::RandomNumberGenerator>(v8_flags.random_seed);
+        std::optional<base::RandomNumberGenerator>(v8_flags.random_seed);
   }
 }
 
diff --git a/deps/v8/src/compiler/backend/instruction-scheduler.h b/deps/v8/src/compiler/backend/instruction-scheduler.h
index d521149f7e4aa4..fd1f44e6023bfd 100644
--- a/deps/v8/src/compiler/backend/instruction-scheduler.h
+++ b/deps/v8/src/compiler/backend/instruction-scheduler.h
@@ -5,7 +5,8 @@
 #ifndef V8_COMPILER_BACKEND_INSTRUCTION_SCHEDULER_H_
 #define V8_COMPILER_BACKEND_INSTRUCTION_SCHEDULER_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/base/utils/random-number-generator.h"
 #include "src/compiler/backend/instruction.h"
 #include "src/zone/zone-containers.h"
@@ -243,7 +244,7 @@ class InstructionScheduler final : public ZoneObject {
   // record operand dependencies in the scheduling graph.
   ZoneMap<int32_t, ScheduleGraphNode*> operands_map_;
 
-  base::Optional<base::RandomNumberGenerator> random_number_generator_;
+  std::optional<base::RandomNumberGenerator> random_number_generator_;
 };
 
 }  // namespace compiler
diff --git a/deps/v8/src/compiler/backend/instruction-selector-adapter.h b/deps/v8/src/compiler/backend/instruction-selector-adapter.h
index 364d05e751b9a1..ed1455da1e6355 100644
--- a/deps/v8/src/compiler/backend/instruction-selector-adapter.h
+++ b/deps/v8/src/compiler/backend/instruction-selector-adapter.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_BACKEND_INSTRUCTION_SELECTOR_ADAPTER_H_
 #define V8_COMPILER_BACKEND_INSTRUCTION_SELECTOR_ADAPTER_H_
 
+#include <optional>
+
 #include "src/codegen/machine-type.h"
 #include "src/compiler/backend/instruction.h"
 #include "src/compiler/common-operator.h"
@@ -109,20 +111,20 @@ struct TurbofanAdapter {
     bool is_number() const {
       return node_->opcode() == IrOpcode::kNumberConstant;
     }
-    double number_value() const {
-      DCHECK(is_number());
-      return OpParameter<double>(node_->op());
+    bool is_number_zero() const {
+      if (!is_number()) return false;
+      return base::bit_cast<uint64_t>(OpParameter<double>(node_->op())) == 0;
     }
     bool is_float() const {
       return node_->opcode() == IrOpcode::kFloat32Constant ||
              node_->opcode() == IrOpcode::kFloat64Constant;
     }
-    double float_value() const {
-      DCHECK(is_float());
+    bool is_float_zero() const {
+      if (!is_float()) return false;
       if (node_->opcode() == IrOpcode::kFloat32Constant) {
-        return OpParameter<float>(node_->op());
+        return base::bit_cast<uint32_t>(OpParameter<float>(node_->op())) == 0;
       } else {
-        return OpParameter<double>(node_->op());
+        return base::bit_cast<uint64_t>(OpParameter<double>(node_->op())) == 0;
       }
     }
 
@@ -259,14 +261,14 @@ struct TurbofanAdapter {
           UNREACHABLE();
       }
     }
-    base::Optional<AtomicMemoryOrder> memory_order() const {
+    std::optional<AtomicMemoryOrder> memory_order() const {
       switch (node_->opcode()) {
         case IrOpcode::kStore:
         case IrOpcode::kProtectedStore:
         case IrOpcode::kStoreTrapOnNull:
         case IrOpcode::kStoreIndirectPointer:
         case IrOpcode::kUnalignedStore:
-          return base::nullopt;
+          return std::nullopt;
         case IrOpcode::kWord32AtomicStore:
         case IrOpcode::kWord64AtomicStore:
           return AtomicStoreParametersOf(node_->op()).order();
@@ -716,19 +718,19 @@ struct TurboshaftAdapter : public turboshaft::OperationMatcher {
       return op_->handle();
     }
     bool is_number() const { return op_->kind == Kind::kNumber; }
-    double number_value() const {
-      DCHECK(is_number());
-      return op_->number();
+    bool is_number_zero() const {
+      if (!is_number()) return false;
+      return op_->number().get_bits() == 0;
     }
     bool is_float() const {
       return op_->kind == Kind::kFloat32 || op_->kind == Kind::kFloat64;
     }
-    double float_value() const {
-      DCHECK(is_float());
+    bool is_float_zero() const {
+      if (!is_float()) return false;
       if (op_->kind == Kind::kFloat32) {
-        return op_->float32();
+        return op_->float32().get_bits() == 0;
       } else {
-        return op_->float64();
+        return op_->float64().get_bits() == 0;
       }
     }
 
@@ -996,10 +998,10 @@ struct TurboshaftAdapter : public turboshaft::OperationMatcher {
     turboshaft::MemoryRepresentation ts_stored_rep() const {
       return op_->stored_rep;
     }
-    base::Optional<AtomicMemoryOrder> memory_order() const {
+    std::optional<AtomicMemoryOrder> memory_order() const {
       // TODO(nicohartmann@): Currently we don't support memory orders.
       if (op_->kind.is_atomic) return AtomicMemoryOrder::kSeqCst;
-      return base::nullopt;
+      return std::nullopt;
     }
     MemoryAccessKind access_kind() const {
       return op_->kind.with_trap_handler ? MemoryAccessKind::kProtected
@@ -1267,6 +1269,23 @@ struct TurboshaftAdapter : public turboshaft::OperationMatcher {
   bool IsLoadOrLoadImmutable(node_t node) const {
     return graph_->Get(node).opcode == turboshaft::Opcode::kLoad;
   }
+  bool IsProtectedLoad(node_t node) const {
+#if V8_ENABLE_WEBASSEMBLY
+    if (graph_->Get(node).opcode == turboshaft::Opcode::kSimd128LoadTransform) {
+      return true;
+    }
+#if V8_ENABLE_WASM_SIMD256_REVEC
+    if (graph_->Get(node).opcode == turboshaft::Opcode::kSimd256LoadTransform) {
+      return true;
+    }
+#endif  // V8_ENABLE_WASM_SIMD256_REVEC
+#endif  // V8_ENABLE_WEBASSEMBLY
+
+    if (!IsLoadOrLoadImmutable(node)) return false;
+
+    bool traps_on_null;
+    return LoadView(graph_, node).is_protected(&traps_on_null);
+  }
 
   int value_input_count(node_t node) const {
     return graph_->Get(node).input_count;
diff --git a/deps/v8/src/compiler/backend/instruction-selector-impl.h b/deps/v8/src/compiler/backend/instruction-selector-impl.h
index 9fde245f5f06fe..9ce7e49005489d 100644
--- a/deps/v8/src/compiler/backend/instruction-selector-impl.h
+++ b/deps/v8/src/compiler/backend/instruction-selector-impl.h
@@ -387,6 +387,7 @@ class OperandGeneratorT : public Adapter {
             }
           case Kind::kHeapObject:
           case Kind::kCompressedHeapObject:
+          case Kind::kTrustedHeapObject:
             return Constant(constant->handle(),
                             constant->kind == Kind::kCompressedHeapObject);
           case Kind::kExternal:
@@ -394,9 +395,9 @@ class OperandGeneratorT : public Adapter {
           case Kind::kNumber:
             return Constant(constant->number());
           case Kind::kFloat32:
-            return Constant(constant->float32_preserve_nan());
+            return Constant(constant->float32());
           case Kind::kFloat64:
-            return Constant(constant->float64_preserve_nan());
+            return Constant(constant->float64());
           case Kind::kTaggedIndex: {
             // Unencoded index value.
             intptr_t value = static_cast<intptr_t>(constant->tagged_index());
diff --git a/deps/v8/src/compiler/backend/instruction-selector.cc b/deps/v8/src/compiler/backend/instruction-selector.cc
index fd34f910c6ad60..5142bd17694928 100644
--- a/deps/v8/src/compiler/backend/instruction-selector.cc
+++ b/deps/v8/src/compiler/backend/instruction-selector.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/backend/instruction-selector.h"
 
 #include <limits>
+#include <optional>
 
 #include "include/v8-internal.h"
 #include "src/base/iterator.h"
@@ -109,6 +110,9 @@ InstructionSelectorT<Adapter>::InstructionSelectorT(
 {
   if constexpr (Adapter::IsTurboshaft) {
     turboshaft_use_map_.emplace(*schedule_, zone);
+    protected_loads_to_remove_.emplace(static_cast<int>(node_count), zone);
+    additional_protected_instructions_.emplace(static_cast<int>(node_count),
+                                               zone);
   }
 
   DCHECK_EQ(*max_unoptimized_frame_height, 0);  // Caller-initialized.
@@ -123,7 +127,7 @@ InstructionSelectorT<Adapter>::InstructionSelectorT(
 }
 
 template <typename Adapter>
-base::Optional<BailoutReason>
+std::optional<BailoutReason>
 InstructionSelectorT<Adapter>::SelectInstructions() {
   // Mark the inputs of all phis in loop headers as used.
   block_range_t blocks = this->rpo_order(schedule());
@@ -175,7 +179,7 @@ InstructionSelectorT<Adapter>::SelectInstructions() {
 #if DEBUG
   sequence()->ValidateSSA();
 #endif
-  return base::nullopt;
+  return std::nullopt;
 }
 
 template <typename Adapter>
@@ -355,8 +359,17 @@ bool InstructionSelectorT<Adapter>::CanCover(node_t user, node_t node) const {
   }
 
   // 3. Otherwise, the {node}'s effect level must match the {user}'s.
-  if (GetEffectLevel(node) != current_effect_level_) {
-    return false;
+  if constexpr (Adapter::IsTurboshaft) {
+    // A ProtectedLoad node itself increases effect_level by one.
+    int effect_level_after_node =
+        GetEffectLevel(node) + (this->IsProtectedLoad(node) ? 1 : 0);
+    if (current_effect_level_ != effect_level_after_node) {
+      return false;
+    }
+  } else {
+    if (GetEffectLevel(node) != current_effect_level_) {
+      return false;
+    }
   }
 
   // 4. Only {node} must have value edges pointing to {user}.
@@ -546,6 +559,23 @@ bool InstructionSelectorT<Adapter>::IsUsed(node_t node) const {
   return used_.Contains(this->id(node));
 }
 
+template <typename Adapter>
+bool InstructionSelectorT<Adapter>::IsReallyUsed(node_t node) const {
+  DCHECK(this->valid(node));
+  if constexpr (Adapter::IsTurbofan) {
+    // TODO(bmeurer): This is a terrible monster hack, but we have to make sure
+    // that the Retain is actually emitted, otherwise the GC will mess up.
+    if (this->IsRetain(node)) return true;
+  } else {
+    static_assert(Adapter::IsTurboshaft);
+    if (!turboshaft::ShouldSkipOptimizationStep() &&
+        turboshaft::ShouldSkipOperation(this->Get(node))) {
+      return false;
+    }
+  }
+  return used_.Contains(this->id(node));
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::MarkAsUsed(node_t node) {
   DCHECK(this->valid(node));
@@ -645,14 +675,15 @@ InstructionOperand OperandForDeopt(Isolate* isolate,
         return g->UseImmediate(input);
       case Kind::kNumber:
         if (rep == MachineRepresentation::kWord32) {
-          const double d = constant->number();
+          const double d = constant->number().get_scalar();
           Tagged<Smi> smi = Smi::FromInt(static_cast<int32_t>(d));
           CHECK_EQ(smi.value(), d);
           return g->UseImmediate(static_cast<int32_t>(smi.ptr()));
         }
         return g->UseImmediate(input);
       case turboshaft::ConstantOp::Kind::kHeapObject:
-      case turboshaft::ConstantOp::Kind::kCompressedHeapObject: {
+      case turboshaft::ConstantOp::Kind::kCompressedHeapObject:
+      case turboshaft::ConstantOp::Kind::kTrustedHeapObject: {
         if (!CanBeTaggedOrCompressedPointer(rep)) {
           // If we have inconsistent static and dynamic types, e.g. if we
           // smi-check a string, we can get here with a heap object that
@@ -728,8 +759,9 @@ InstructionOperand OperandForDeopt(Isolate* isolate,
       } else {
         return g->UseImmediate(input);
       }
+    case IrOpcode::kHeapConstant:
     case IrOpcode::kCompressedHeapConstant:
-    case IrOpcode::kHeapConstant: {
+    case IrOpcode::kTrustedHeapConstant: {
       if (!CanBeTaggedOrCompressedPointer(rep)) {
         // If we have inconsistent static and dynamic types, e.g. if we
         // smi-check a string, we can get here with a heap object that
@@ -1671,6 +1703,9 @@ bool InstructionSelectorT<Adapter>::IsSourcePositionUsed(node_t node) {
       return lm->kind.with_trap_handler;
     }
 #endif
+    if (additional_protected_instructions_->Contains(this->id(node))) {
+      return true;
+    }
     return false;
   } else {
     switch (node->opcode()) {
@@ -1747,7 +1782,9 @@ bool increment_effect_level_for_node(TurboshaftAdapter* adapter,
     return false;
   }
   return (op.Effects().consumes.bits() & kTurboshaftEffectLevelMask.bits()) !=
-         0;
+             0 ||
+         op.Effects().required_when_unused ||
+         op.Effects().produces.control_flow;
 }
 }  // namespace
 
@@ -1787,9 +1824,25 @@ void InstructionSelectorT<Adapter>::VisitBlock(block_t block) {
 
     SourcePosition source_position;
     if constexpr (Adapter::IsTurboshaft) {
+#if V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_X64
+      if (V8_UNLIKELY(
+              this->Get(node)
+                  .template Is<
+                      turboshaft::Opmask::kSimd128F64x2PromoteLowF32x4>())) {
+        // On x64 there exists an optimization that folds
+        // `kF64x2PromoteLowF32x4` and `kS128Load64Zero` together into a single
+        // instruction. If the instruction causes an out-of-bounds memory
+        // access exception, then the stack trace has to show the source
+        // position of the `kS128Load64Zero` and not of the
+        // `kF64x2PromoteLowF32x4`.
+        if (this->CanOptimizeF64x2PromoteLowF32x4(node)) {
+          node = this->input_at(node, 0);
+        }
+      }
+#endif  // V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_X64
       source_position = (*source_positions_)[node];
     } else {
-#if V8_ENABLE_WEBASSEMBLY
+#if V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_X64
       if (V8_UNLIKELY(node->opcode() == IrOpcode::kF64x2PromoteLowF32x4)) {
         // On x64 there exists an optimization that folds
         // `kF64x2PromoteLowF32x4` and `kS128Load64Zero` together into a single
@@ -1805,7 +1858,7 @@ void InstructionSelectorT<Adapter>::VisitBlock(block_t block) {
           node = input;
         }
       }
-#endif  // V8_ENABLE_WEBASSEMBLY
+#endif  // V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_X64
       source_position = source_positions_->GetSourcePosition(node);
     }
     if (source_position.IsKnown() && IsSourcePositionUsed(node)) {
@@ -1826,6 +1879,14 @@ void InstructionSelectorT<Adapter>::VisitBlock(block_t block) {
   // matching may cover more than one node at a time.
   for (node_t node : base::Reversed(this->nodes(block))) {
     int current_node_end = current_num_instructions();
+
+    if constexpr (Adapter::IsTurboshaft) {
+      if (protected_loads_to_remove_->Contains(this->id(node)) &&
+          !IsReallyUsed(node)) {
+        MarkAsDefined(node);
+      }
+    }
+
     if (!IsUsed(node)) {
       // Skip nodes that are unused, while marking them as Defined so that it's
       // clear that these unused nodes have been visited and will not be Defined
@@ -2314,6 +2375,17 @@ IF_WASM(VISIT_UNSUPPORTED_OP, I64x2ReplaceLane)
 #endif  // !V8_TARGET_ARCH_ARM64
 #endif  // !V8_TARGET_ARCH_X64 && !V8_TARGET_ARCH_S390X && !V8_TARGET_ARCH_PPC64
 
+#if !V8_TARGET_ARCH_ARM64
+
+IF_WASM(VISIT_UNSUPPORTED_OP, I8x16AddReduce)
+IF_WASM(VISIT_UNSUPPORTED_OP, I16x8AddReduce)
+IF_WASM(VISIT_UNSUPPORTED_OP, I32x4AddReduce)
+IF_WASM(VISIT_UNSUPPORTED_OP, I64x2AddReduce)
+IF_WASM(VISIT_UNSUPPORTED_OP, F32x4AddReduce)
+IF_WASM(VISIT_UNSUPPORTED_OP, F64x2AddReduce)
+
+#endif  // !V8_TARGET_ARCH_ARM64
+
 template <>
 void InstructionSelectorT<TurbofanAdapter>::VisitFinishRegion(Node* node) {
   EmitIdentity(node);
@@ -2393,7 +2465,8 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitProjection(
   using namespace turboshaft;  // NOLINT(build/namespaces)
   const ProjectionOp& projection = this->Get(node).Cast<ProjectionOp>();
   const Operation& value_op = this->Get(projection.input());
-  if (value_op.Is<OverflowCheckedBinopOp>() || value_op.Is<TryChangeOp>() ||
+  if (value_op.Is<OverflowCheckedBinopOp>() ||
+      value_op.Is<OverflowCheckedUnaryOp>() || value_op.Is<TryChangeOp>() ||
       value_op.Is<Word32PairBinopOp>()) {
     if (projection.index == 0u) {
       EmitIdentity(node);
@@ -2774,10 +2847,15 @@ void InstructionSelectorT<Adapter>::TryPrepareScheduleFirstProjection(
   if constexpr (Adapter::IsTurboshaft) {
     using namespace turboshaft;  // NOLINT(build/namespaces)
     auto* binop = this->Get(node).template TryCast<OverflowCheckedBinopOp>();
-    if (binop == nullptr) return;
-    DCHECK(binop->kind == OverflowCheckedBinopOp::Kind::kSignedAdd ||
-           binop->kind == OverflowCheckedBinopOp::Kind::kSignedSub ||
-           binop->kind == OverflowCheckedBinopOp::Kind::kSignedMul);
+    auto* unop = this->Get(node).template TryCast<OverflowCheckedUnaryOp>();
+    if (binop == nullptr && unop == nullptr) return;
+    if (binop) {
+      DCHECK(binop->kind == OverflowCheckedBinopOp::Kind::kSignedAdd ||
+             binop->kind == OverflowCheckedBinopOp::Kind::kSignedSub ||
+             binop->kind == OverflowCheckedBinopOp::Kind::kSignedMul);
+    } else {
+      DCHECK_EQ(unop->kind, OverflowCheckedUnaryOp::Kind::kAbs);
+    }
   } else {
     switch (node->opcode()) {
       case IrOpcode::kInt32AddWithOverflow:
@@ -3249,6 +3327,8 @@ void InstructionSelectorT<TurbofanAdapter>::VisitNode(Node* node) {
       return MarkAsTagged(node), VisitConstant(node);
     case IrOpcode::kCompressedHeapConstant:
       return MarkAsCompressed(node), VisitConstant(node);
+    case IrOpcode::kTrustedHeapConstant:
+      return MarkAsTagged(node), VisitConstant(node);
     case IrOpcode::kNumberConstant: {
       double value = OpParameter<double>(node->op());
       if (!IsSmiDouble(value)) MarkAsTagged(node);
@@ -4225,6 +4305,68 @@ void InstructionSelectorT<TurbofanAdapter>::VisitNode(Node* node) {
       return MarkAsSimd128(node), VisitI16x8DotI8x16I7x16S(node);
     case IrOpcode::kI32x4DotI8x16I7x16AddS:
       return MarkAsSimd128(node), VisitI32x4DotI8x16I7x16AddS(node);
+    case IrOpcode::kF16x8Splat:
+      return MarkAsSimd128(node), VisitF16x8Splat(node);
+    case IrOpcode::kF16x8ExtractLane:
+      return MarkAsFloat32(node), VisitF16x8ExtractLane(node);
+    case IrOpcode::kF16x8ReplaceLane:
+      return MarkAsSimd128(node), VisitF16x8ReplaceLane(node);
+    case IrOpcode::kF16x8Abs:
+      return MarkAsSimd128(node), VisitF16x8Abs(node);
+    case IrOpcode::kF16x8Neg:
+      return MarkAsSimd128(node), VisitF16x8Neg(node);
+    case IrOpcode::kF16x8Sqrt:
+      return MarkAsSimd128(node), VisitF16x8Sqrt(node);
+    case IrOpcode::kF16x8Ceil:
+      return MarkAsSimd128(node), VisitF16x8Ceil(node);
+    case IrOpcode::kF16x8Floor:
+      return MarkAsSimd128(node), VisitF16x8Floor(node);
+    case IrOpcode::kF16x8Trunc:
+      return MarkAsSimd128(node), VisitF16x8Trunc(node);
+    case IrOpcode::kF16x8NearestInt:
+      return MarkAsSimd128(node), VisitF16x8NearestInt(node);
+    case IrOpcode::kF16x8Add:
+      return MarkAsSimd128(node), VisitF16x8Add(node);
+    case IrOpcode::kF16x8Sub:
+      return MarkAsSimd128(node), VisitF16x8Sub(node);
+    case IrOpcode::kF16x8Mul:
+      return MarkAsSimd128(node), VisitF16x8Mul(node);
+    case IrOpcode::kF16x8Div:
+      return MarkAsSimd128(node), VisitF16x8Div(node);
+    case IrOpcode::kF16x8Min:
+      return MarkAsSimd128(node), VisitF16x8Min(node);
+    case IrOpcode::kF16x8Max:
+      return MarkAsSimd128(node), VisitF16x8Max(node);
+    case IrOpcode::kF16x8Pmin:
+      return MarkAsSimd128(node), VisitF16x8Pmin(node);
+    case IrOpcode::kF16x8Pmax:
+      return MarkAsSimd128(node), VisitF16x8Pmax(node);
+    case IrOpcode::kF16x8Eq:
+      return MarkAsSimd128(node), VisitF16x8Eq(node);
+    case IrOpcode::kF16x8Ne:
+      return MarkAsSimd128(node), VisitF16x8Ne(node);
+    case IrOpcode::kF16x8Lt:
+      return MarkAsSimd128(node), VisitF16x8Lt(node);
+    case IrOpcode::kF16x8Le:
+      return MarkAsSimd128(node), VisitF16x8Le(node);
+    case IrOpcode::kF16x8SConvertI16x8:
+      return MarkAsSimd128(node), VisitF16x8SConvertI16x8(node);
+    case IrOpcode::kF16x8UConvertI16x8:
+      return MarkAsSimd128(node), VisitF16x8UConvertI16x8(node);
+    case IrOpcode::kI16x8UConvertF16x8:
+      return MarkAsSimd128(node), VisitI16x8UConvertF16x8(node);
+    case IrOpcode::kI16x8SConvertF16x8:
+      return MarkAsSimd128(node), VisitI16x8SConvertF16x8(node);
+    case IrOpcode::kF16x8DemoteF32x4Zero:
+      return MarkAsSimd128(node), VisitF16x8DemoteF32x4Zero(node);
+    case IrOpcode::kF16x8DemoteF64x2Zero:
+      return MarkAsSimd128(node), VisitF16x8DemoteF64x2Zero(node);
+    case IrOpcode::kF32x4PromoteLowF16x8:
+      return MarkAsSimd128(node), VisitF32x4PromoteLowF16x8(node);
+    case IrOpcode::kF16x8Qfma:
+      return MarkAsSimd128(node), VisitF16x8Qfma(node);
+    case IrOpcode::kF16x8Qfms:
+      return MarkAsSimd128(node), VisitF16x8Qfms(node);
 
       // SIMD256
 #if defined(V8_TARGET_ARCH_X64) && defined(V8_ENABLE_WASM_SIMD256_REVEC)
@@ -4743,13 +4885,14 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
           MarkAsFloat64(node);
           break;
         case ConstantOp::Kind::kHeapObject:
+        case ConstantOp::Kind::kTrustedHeapObject:
           MarkAsTagged(node);
           break;
         case ConstantOp::Kind::kCompressedHeapObject:
           MarkAsCompressed(node);
           break;
         case ConstantOp::Kind::kNumber:
-          if (!IsSmiDouble(constant.number())) MarkAsTagged(node);
+          if (!IsSmiDouble(constant.number().get_scalar())) MarkAsTagged(node);
           break;
         case ConstantOp::Kind::kRelocatableWasmCall:
         case ConstantOp::Kind::kRelocatableWasmStubCall:
@@ -5037,6 +5180,24 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
       }
       UNREACHABLE();
     }
+    case Opcode::kOverflowCheckedUnary: {
+      const auto& unop = op.Cast<OverflowCheckedUnaryOp>();
+      if (unop.rep == WordRepresentation::Word32()) {
+        MarkAsWord32(node);
+        switch (unop.kind) {
+          case OverflowCheckedUnaryOp::Kind::kAbs:
+            return VisitInt32AbsWithOverflow(node);
+        }
+      } else {
+        DCHECK_EQ(unop.rep, WordRepresentation::Word64());
+        MarkAsWord64(node);
+        switch (unop.kind) {
+          case OverflowCheckedUnaryOp::Kind::kAbs:
+            return VisitInt64AbsWithOverflow(node);
+        }
+      }
+      UNREACHABLE();
+    }
     case Opcode::kShift: {
       const auto& shift = op.Cast<ShiftOp>();
       if (shift.rep == RegisterRepresentation::Word32()) {
@@ -5287,6 +5448,8 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
       return;
     case Opcode::kDebugBreak:
       return VisitDebugBreak(node);
+    case Opcode::kAbortCSADcheck:
+      return VisitAbortCSADcheck(node);
     case Opcode::kSelect: {
       const SelectOp& select = op.Cast<SelectOp>();
       // If there is a Select, then it should only be one that is supported by
@@ -5410,6 +5573,24 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
 #undef VISIT_SIMD_UNARY
       }
     }
+    case Opcode::kSimd128Reduce: {
+      const Simd128ReduceOp& reduce = op.Cast<Simd128ReduceOp>();
+      MarkAsSimd128(node);
+      switch (reduce.kind) {
+        case Simd128ReduceOp::Kind::kI8x16AddReduce:
+          return VisitI8x16AddReduce(node);
+        case Simd128ReduceOp::Kind::kI16x8AddReduce:
+          return VisitI16x8AddReduce(node);
+        case Simd128ReduceOp::Kind::kI32x4AddReduce:
+          return VisitI32x4AddReduce(node);
+        case Simd128ReduceOp::Kind::kI64x2AddReduce:
+          return VisitI64x2AddReduce(node);
+        case Simd128ReduceOp::Kind::kF32x4AddReduce:
+          return VisitF32x4AddReduce(node);
+        case Simd128ReduceOp::Kind::kF64x2AddReduce:
+          return VisitF64x2AddReduce(node);
+      }
+    }
     case Opcode::kSimd128Binop: {
       const Simd128BinopOp& binop = op.Cast<Simd128BinopOp>();
       MarkAsSimd128(node);
@@ -5469,6 +5650,8 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
           return VisitI32x4ReplaceLane(node);
         case Simd128ReplaceLaneOp::Kind::kI64x2:
           return VisitI64x2ReplaceLane(node);
+        case Simd128ReplaceLaneOp::Kind::kF16x8:
+          return VisitF16x8ReplaceLane(node);
         case Simd128ReplaceLaneOp::Kind::kF32x4:
           return VisitF32x4ReplaceLane(node);
         case Simd128ReplaceLaneOp::Kind::kF64x2:
@@ -5496,6 +5679,9 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitNode(
         case Simd128ExtractLaneOp::Kind::kI64x2:
           MarkAsWord64(node);
           return VisitI64x2ExtractLane(node);
+        case Simd128ExtractLaneOp::Kind::kF16x8:
+          MarkAsFloat32(node);
+          return VisitF16x8ExtractLane(node);
         case Simd128ExtractLaneOp::Kind::kF32x4:
           MarkAsFloat32(node);
           return VisitF32x4ExtractLane(node);
@@ -5885,7 +6071,7 @@ InstructionSelector::~InstructionSelector() {
     return turboshaft_impl_->__VA_ARGS__;        \
   }
 
-base::Optional<BailoutReason> InstructionSelector::SelectInstructions() {
+std::optional<BailoutReason> InstructionSelector::SelectInstructions() {
   DISPATCH_TO_IMPL(SelectInstructions())
 }
 
diff --git a/deps/v8/src/compiler/backend/instruction-selector.h b/deps/v8/src/compiler/backend/instruction-selector.h
index c4921f4affb861..8fab0bf78bc008 100644
--- a/deps/v8/src/compiler/backend/instruction-selector.h
+++ b/deps/v8/src/compiler/backend/instruction-selector.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_BACKEND_INSTRUCTION_SELECTOR_H_
 
 #include <map>
+#include <optional>
 
 #include "src/codegen/cpu-features.h"
 #include "src/codegen/machine-type.h"
@@ -111,7 +112,7 @@ class V8_EXPORT_PRIVATE InstructionSelector final {
 
   ~InstructionSelector();
 
-  base::Optional<BailoutReason> SelectInstructions();
+  std::optional<BailoutReason> SelectInstructions();
 
   bool IsSupported(CpuFeature feature) const;
 
@@ -492,7 +493,7 @@ class InstructionSelectorT final : public Adapter {
           InstructionSelector::kDisableTraceTurboJson);
 
   // Visit code for the entire graph with the included schedule.
-  base::Optional<BailoutReason> SelectInstructions();
+  std::optional<BailoutReason> SelectInstructions();
 
   void StartBlock(RpoNumber rpo);
   void EndBlock(RpoNumber rpo);
@@ -624,11 +625,19 @@ class InstructionSelectorT final : public Adapter {
   bool IsDefined(node_t node) const;
 
   // Checks if {node} has any uses, and therefore code has to be generated for
-  // it.
+  // it. Always returns {true} if the node has effect IsRequiredWhenUnused.
   bool IsUsed(node_t node) const;
+  // Checks if {node} has any uses, and therefore code has to be generated for
+  // it. Ignores the IsRequiredWhenUnused effect.
+  bool IsReallyUsed(node_t node) const;
 
   // Checks if {node} is currently live.
   bool IsLive(node_t node) const { return !IsDefined(node) && IsUsed(node); }
+  // Checks if {node} is currently live, ignoring the IsRequiredWhenUnused
+  // effect.
+  bool IsReallyLive(node_t node) const {
+    return !IsDefined(node) && IsReallyUsed(node);
+  }
 
   // Gets the effect level of {node}.
   int GetEffectLevel(node_t node) const;
@@ -655,6 +664,28 @@ class InstructionSelectorT final : public Adapter {
 
   node_t FindProjection(node_t node, size_t projection_index);
 
+  // Records that this ProtectedLoad node can be deleted if not used, even
+  // though it has a required_when_unused effect.
+  void SetProtectedLoadToRemove(node_t node) {
+    if constexpr (Adapter::IsTurboshaft) {
+      DCHECK(this->IsProtectedLoad(node));
+      protected_loads_to_remove_->Add(this->id(node));
+    } else {
+      UNREACHABLE();
+    }
+  }
+
+  // Records that this node embeds a ProtectedLoad as operand, and so it is
+  // itself a "protected" instruction, for which we'll need to record the source
+  // position.
+  void MarkAsProtected(node_t node) {
+    if constexpr (Adapter::IsTurboshaft) {
+      additional_protected_instructions_->Add(this->id(node));
+    } else {
+      UNREACHABLE();
+    }
+  }
+
  private:
   friend class OperandGeneratorT<Adapter>;
 
@@ -1124,6 +1155,10 @@ class InstructionSelectorT final : public Adapter {
 #endif  // V8_TARGET_ARCH_X64
 #endif  // V8_ENABLE_WASM_SIMD256_REVEC
 
+#ifdef V8_TARGET_ARCH_X64
+  bool CanOptimizeF64x2PromoteLowF32x4(node_t node);
+#endif
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
   // ===========================================================================
@@ -1242,7 +1277,9 @@ class InstructionSelectorT final : public Adapter {
   size_t* max_pushed_argument_count_;
 
   // Turboshaft-adapter only.
-  base::Optional<turboshaft::UseMap> turboshaft_use_map_;
+  std::optional<turboshaft::UseMap> turboshaft_use_map_;
+  std::optional<BitVector> protected_loads_to_remove_;
+  std::optional<BitVector> additional_protected_instructions_;
 
 #if V8_TARGET_ARCH_64_BIT
   // Holds lazily-computed results for whether phi nodes guarantee their upper
diff --git a/deps/v8/src/compiler/backend/instruction.cc b/deps/v8/src/compiler/backend/instruction.cc
index 9c96b7699243d5..e2e45cef27a983 100644
--- a/deps/v8/src/compiler/backend/instruction.cc
+++ b/deps/v8/src/compiler/backend/instruction.cc
@@ -1039,8 +1039,9 @@ static MachineRepresentation FilterRepresentation(MachineRepresentation rep) {
     case MachineRepresentation::kBit:
     case MachineRepresentation::kWord8:
     case MachineRepresentation::kWord16:
-    case MachineRepresentation::kFloat16:
       return InstructionSequence::DefaultRepresentation();
+    case MachineRepresentation::kFloat16:
+      return MachineRepresentation::kFloat32;
     case MachineRepresentation::kWord32:
     case MachineRepresentation::kWord64:
     case MachineRepresentation::kTaggedSigned:
diff --git a/deps/v8/src/compiler/backend/instruction.h b/deps/v8/src/compiler/backend/instruction.h
index 9377852518ce2f..88c273a79cf3a7 100644
--- a/deps/v8/src/compiler/backend/instruction.h
+++ b/deps/v8/src/compiler/backend/instruction.h
@@ -7,6 +7,7 @@
 
 #include <iosfwd>
 #include <map>
+#include <optional>
 
 #include "src/base/compiler-specific.h"
 #include "src/base/numbers/double.h"
@@ -1579,10 +1580,10 @@ class JSToWasmFrameStateDescriptor : public FrameStateDescriptor {
                                FrameStateDescriptor* outer_state,
                                const wasm::FunctionSig* wasm_signature);
 
-  base::Optional<wasm::ValueKind> return_kind() const { return return_kind_; }
+  std::optional<wasm::ValueKind> return_kind() const { return return_kind_; }
 
  private:
-  base::Optional<wasm::ValueKind> return_kind_;
+  std::optional<wasm::ValueKind> return_kind_;
 };
 #endif  // V8_ENABLE_WEBASSEMBLY
 
diff --git a/deps/v8/src/compiler/backend/loong64/code-generator-loong64.cc b/deps/v8/src/compiler/backend/loong64/code-generator-loong64.cc
index 8305c7c2280269..88c540225df714 100644
--- a/deps/v8/src/compiler/backend/loong64/code-generator-loong64.cc
+++ b/deps/v8/src/compiler/backend/loong64/code-generator-loong64.cc
@@ -1851,11 +1851,11 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       break;
     }
     case kLoong64ByteSwap64: {
-      __ ByteSwapSigned(i.OutputRegister(0), i.InputRegister(0), 8);
+      __ ByteSwap(i.OutputRegister(0), i.InputRegister(0), 8);
       break;
     }
     case kLoong64ByteSwap32: {
-      __ ByteSwapSigned(i.OutputRegister(0), i.InputRegister(0), 4);
+      __ ByteSwap(i.OutputRegister(0), i.InputRegister(0), 4);
       break;
     }
     case kAtomicLoadInt8:
@@ -2450,7 +2450,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ Push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/loong64/instruction-selector-loong64.cc b/deps/v8/src/compiler/backend/loong64/instruction-selector-loong64.cc
index 2fb98e728102c3..a581037893a3ed 100644
--- a/deps/v8/src/compiler/backend/loong64/instruction-selector-loong64.cc
+++ b/deps/v8/src/compiler/backend/loong64/instruction-selector-loong64.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/logging.h"
 #include "src/codegen/assembler-inl.h"
@@ -45,8 +47,7 @@ class Loong64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
       auto constant = selector()->constant_view(node);
       if ((IsIntegerConstant(constant) &&
            GetIntegerConstantValue(constant) == 0) ||
-          (constant.is_float() &&
-           (base::bit_cast<int64_t>(constant.float_value()) == 0))) {
+          constant.is_float_zero()) {
         return UseImmediate(node);
       }
     }
@@ -78,7 +79,7 @@ class Loong64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
     return constant.int64_value();
   }
 
-  base::Optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
+  std::optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
     if (!this->IsIntegerConstant(operation)) return {};
     return this->GetIntegerConstantValue(selector()->constant_view(operation));
   }
@@ -1038,7 +1039,7 @@ void InstructionSelectorT<Adapter>::VisitStore(typename Adapter::node_t node) {
     code = GetStoreOpcode(approx_rep);
   }
 
-  base::Optional<ExternalReference> external_base;
+  std::optional<ExternalReference> external_base;
   if constexpr (Adapter::IsTurboshaft) {
     ExternalReference value;
     if (this->MatchExternalConstant(base, &value)) {
@@ -1051,7 +1052,7 @@ void InstructionSelectorT<Adapter>::VisitStore(typename Adapter::node_t node) {
     }
   }
 
-  base::Optional<int64_t> constant_index;
+  std::optional<int64_t> constant_index;
   if (this->valid(store_view.index())) {
     node_t index = this->value(store_view.index());
     constant_index = g.GetOptionalIntegerConstant(index);
@@ -4606,6 +4607,49 @@ SIMD_UNIMP_OP_LIST(SIMD_VISIT_UNIMP_OP)
 #undef SIMD_VISIT_UNIMP_OP
 #undef SIMD_UNIMP_OP_LIST
 
+#define UNIMPLEMENTED_SIMD_FP16_OP_LIST(V) \
+  V(F16x8Splat)                            \
+  V(F16x8ExtractLane)                      \
+  V(F16x8ReplaceLane)                      \
+  V(F16x8Abs)                              \
+  V(F16x8Neg)                              \
+  V(F16x8Sqrt)                             \
+  V(F16x8Floor)                            \
+  V(F16x8Ceil)                             \
+  V(F16x8Trunc)                            \
+  V(F16x8NearestInt)                       \
+  V(F16x8Add)                              \
+  V(F16x8Sub)                              \
+  V(F16x8Mul)                              \
+  V(F16x8Div)                              \
+  V(F16x8Min)                              \
+  V(F16x8Max)                              \
+  V(F16x8Pmin)                             \
+  V(F16x8Pmax)                             \
+  V(F16x8Eq)                               \
+  V(F16x8Ne)                               \
+  V(F16x8Lt)                               \
+  V(F16x8Le)                               \
+  V(F16x8SConvertI16x8)                    \
+  V(F16x8UConvertI16x8)                    \
+  V(I16x8SConvertF16x8)                    \
+  V(I16x8UConvertF16x8)                    \
+  V(F32x4PromoteLowF16x8)                  \
+  V(F16x8DemoteF32x4Zero)                  \
+  V(F16x8DemoteF64x2Zero)                  \
+  V(F16x8Qfma)                             \
+  V(F16x8Qfms)
+
+#define SIMD_VISIT_UNIMPL_FP16_OP(Name)                          \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_FP16_OP_LIST(SIMD_VISIT_UNIMPL_FP16_OP)
+#undef SIMD_VISIT_UNIMPL_FP16_OP
+#undef UNIMPLEMENTED_SIMD_FP16_OP_LIST
+
 #if V8_ENABLE_WEBASSEMBLY
 namespace {
 
diff --git a/deps/v8/src/compiler/backend/mips64/code-generator-mips64.cc b/deps/v8/src/compiler/backend/mips64/code-generator-mips64.cc
index bdc1ed4b1e1d89..c3363d64a03b2f 100644
--- a/deps/v8/src/compiler/backend/mips64/code-generator-mips64.cc
+++ b/deps/v8/src/compiler/backend/mips64/code-generator-mips64.cc
@@ -4168,7 +4168,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ Push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/mips64/instruction-selector-mips64.cc b/deps/v8/src/compiler/backend/mips64/instruction-selector-mips64.cc
index 7996a848b8fe48..af56de3c4ce3c9 100644
--- a/deps/v8/src/compiler/backend/mips64/instruction-selector-mips64.cc
+++ b/deps/v8/src/compiler/backend/mips64/instruction-selector-mips64.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/logging.h"
 #include "src/codegen/machine-type.h"
@@ -45,8 +47,7 @@ class Mips64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
       auto constant = selector()->constant_view(node);
       if ((IsIntegerConstant(constant) &&
            GetIntegerConstantValue(constant) == 0) ||
-          (constant.is_float() &&
-           (base::bit_cast<int64_t>(constant.float_value()) == 0))) {
+          constant.is_float_zero()) {
         return UseImmediate(node);
       }
     }
@@ -73,7 +74,7 @@ class Mips64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
     return constant.int64_value();
   }
 
-  base::Optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
+  std::optional<int64_t> GetOptionalIntegerConstant(node_t operation) {
     if (!this->IsIntegerConstant(operation)) return {};
     return this->GetIntegerConstantValue(selector()->constant_view(operation));
   }
@@ -4357,7 +4358,6 @@ void InstructionSelectorT<Adapter>::VisitS128Zero(node_t node) {
     Emit(kMips64S128Zero, g.DefineAsRegister(node));
   }
 }
-
 #define SIMD_VISIT_SPLAT(Type)                                          \
   template <typename Adapter>                                           \
   void InstructionSelectorT<Adapter>::Visit##Type##Splat(node_t node) { \
@@ -4460,6 +4460,49 @@ SIMD_UNIMP_OP_LIST(SIMD_VISIT_UNIMP_OP)
 #undef SIMD_VISIT_UNIMP_OP
 #undef SIMD_UNIMP_OP_LIST
 
+#define UNIMPLEMENTED_SIMD_FP16_OP_LIST(V) \
+  V(F16x8Splat)                            \
+  V(F16x8ExtractLane)                      \
+  V(F16x8ReplaceLane)                      \
+  V(F16x8Abs)                              \
+  V(F16x8Neg)                              \
+  V(F16x8Sqrt)                             \
+  V(F16x8Floor)                            \
+  V(F16x8Ceil)                             \
+  V(F16x8Trunc)                            \
+  V(F16x8NearestInt)                       \
+  V(F16x8Add)                              \
+  V(F16x8Sub)                              \
+  V(F16x8Mul)                              \
+  V(F16x8Div)                              \
+  V(F16x8Min)                              \
+  V(F16x8Max)                              \
+  V(F16x8Pmin)                             \
+  V(F16x8Pmax)                             \
+  V(F16x8Eq)                               \
+  V(F16x8Ne)                               \
+  V(F16x8Lt)                               \
+  V(F16x8Le)                               \
+  V(F16x8SConvertI16x8)                    \
+  V(F16x8UConvertI16x8)                    \
+  V(I16x8SConvertF16x8)                    \
+  V(I16x8UConvertF16x8)                    \
+  V(F32x4PromoteLowF16x8)                  \
+  V(F16x8DemoteF32x4Zero)                  \
+  V(F16x8DemoteF64x2Zero)                  \
+  V(F16x8Qfma)                             \
+  V(F16x8Qfms)
+
+#define SIMD_VISIT_UNIMPL_FP16_OP(Name)                          \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+
+UNIMPLEMENTED_SIMD_FP16_OP_LIST(SIMD_VISIT_UNIMPL_FP16_OP)
+#undef SIMD_VISIT_UNIMPL_FP16_OP
+#undef UNIMPLEMENTED_SIMD_FP16_OP_LIST
+
 #if V8_ENABLE_WEBASSEMBLY
 namespace {
 
diff --git a/deps/v8/src/compiler/backend/ppc/code-generator-ppc.cc b/deps/v8/src/compiler/backend/ppc/code-generator-ppc.cc
index 0d48270cc75fe1..b4c02157bff0e2 100644
--- a/deps/v8/src/compiler/backend/ppc/code-generator-ppc.cc
+++ b/deps/v8/src/compiler/backend/ppc/code-generator-ppc.cc
@@ -3250,7 +3250,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ Push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/ppc/instruction-selector-ppc.cc b/deps/v8/src/compiler/backend/ppc/instruction-selector-ppc.cc
index 92fc8329611ff7..d54949c0ae8327 100644
--- a/deps/v8/src/compiler/backend/ppc/instruction-selector-ppc.cc
+++ b/deps/v8/src/compiler/backend/ppc/instruction-selector-ppc.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/iterator.h"
 #include "src/compiler/backend/instruction-selector-impl.h"
 #include "src/compiler/node-matchers.h"
@@ -206,12 +208,144 @@ void InstructionSelectorT<Adapter>::VisitAbortCSADcheck(node_t node) {
   }
 }
 
-template <typename Adapter>
-static void VisitLoadCommon(InstructionSelectorT<Adapter>* selector,
-                            typename Adapter::node_t node,
+static void VisitLoadCommon(InstructionSelectorT<TurboshaftAdapter>* selector,
+                            TurboshaftAdapter::node_t node,
                             LoadRepresentation load_rep) {
-  using node_t = typename Adapter::node_t;
-  PPCOperandGeneratorT<Adapter> g(selector);
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  using node_t = TurboshaftAdapter::node_t;
+  PPCOperandGeneratorT<TurboshaftAdapter> g(selector);
+  auto load_view = selector->load_view(node);
+  MemoryRepresentation loaded_rep = load_view.ts_loaded_rep();
+  RegisterRepresentation result_rep = load_view.ts_result_rep();
+  node_t base = load_view.base();
+  node_t offset = load_view.index();
+
+  InstructionCode opcode = kArchNop;
+  ImmediateMode mode;
+  if (CpuFeatures::IsSupported(PPC_10_PLUS)) {
+    mode = kInt34Imm;
+  } else {
+    mode = kInt16Imm;
+  }
+  // NOTE: The meaning of `loaded_rep` = `MemoryRepresentation::AnyTagged()` is
+  // we are loading a compressed tagged field, while `result_rep` =
+  // `RegisterRepresentation::Tagged()` refers to an uncompressed tagged value.
+  switch (loaded_rep) {
+    case MemoryRepresentation::Int8():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      opcode = kPPC_LoadWordS8;
+      break;
+    case MemoryRepresentation::Uint8():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      opcode = kPPC_LoadWordU8;
+      break;
+    case MemoryRepresentation::Int16():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      opcode = kPPC_LoadWordS16;
+      break;
+    case MemoryRepresentation::Uint16():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      opcode = kPPC_LoadWordU16;
+      break;
+    case MemoryRepresentation::Int32():
+    case MemoryRepresentation::Uint32():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      opcode = kPPC_LoadWordU32;
+      break;
+    case MemoryRepresentation::Int64():
+    case MemoryRepresentation::Uint64():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word64());
+      if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+      opcode = kPPC_LoadWord64;
+      break;
+    case MemoryRepresentation::Float16():
+      UNIMPLEMENTED();
+    case MemoryRepresentation::Float32():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
+      opcode = kPPC_LoadFloat32;
+      break;
+    case MemoryRepresentation::Float64():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float64());
+      opcode = kPPC_LoadDouble;
+      break;
+#ifdef V8_COMPRESS_POINTERS
+    case MemoryRepresentation::AnyTagged():
+    case MemoryRepresentation::TaggedPointer():
+      if (result_rep == RegisterRepresentation::Compressed()) {
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_LoadWordS32;
+        break;
+      }
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      opcode = kPPC_LoadDecompressTagged;
+      break;
+    case MemoryRepresentation::TaggedSigned():
+      if (result_rep == RegisterRepresentation::Compressed()) {
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_LoadWordS32;
+        break;
+      }
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      opcode = kPPC_LoadDecompressTaggedSigned;
+      break;
+#else
+      USE(result_rep);
+    case MemoryRepresentation::AnyTagged():
+    case MemoryRepresentation::TaggedPointer():
+    case MemoryRepresentation::TaggedSigned():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+      opcode = kPPC_LoadWord64;
+      break;
+#endif
+    case MemoryRepresentation::AnyUncompressedTagged():
+    case MemoryRepresentation::UncompressedTaggedPointer():
+    case MemoryRepresentation::UncompressedTaggedSigned():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+      opcode = kPPC_LoadWord64;
+      break;
+    case MemoryRepresentation::SandboxedPointer():
+      opcode = kPPC_LoadDecodeSandboxedPointer;
+      break;
+    case MemoryRepresentation::Simd128():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Simd128());
+      opcode = kPPC_LoadSimd128;
+      // Vectors do not support MRI mode, only MRR is available.
+      mode = kNoImmediate;
+      break;
+    case MemoryRepresentation::ProtectedPointer():
+    case MemoryRepresentation::IndirectPointer():
+    case MemoryRepresentation::Simd256():
+      UNREACHABLE();
+  }
+
+  bool is_atomic = load_view.is_atomic();
+
+  if (selector->is_load_root_register(base)) {
+    selector->Emit(opcode |= AddressingModeField::encode(kMode_Root),
+                   g.DefineAsRegister(node), g.UseRegister(offset),
+                   g.UseImmediate(is_atomic));
+  } else if (g.CanBeImmediate(offset, mode)) {
+    selector->Emit(opcode | AddressingModeField::encode(kMode_MRI),
+                   g.DefineAsRegister(node), g.UseRegister(base),
+                   g.UseImmediate(offset), g.UseImmediate(is_atomic));
+  } else if (g.CanBeImmediate(base, mode)) {
+    selector->Emit(opcode | AddressingModeField::encode(kMode_MRI),
+                   g.DefineAsRegister(node), g.UseRegister(offset),
+                   g.UseImmediate(base), g.UseImmediate(is_atomic));
+  } else {
+    selector->Emit(opcode | AddressingModeField::encode(kMode_MRR),
+                   g.DefineAsRegister(node), g.UseRegister(base),
+                   g.UseRegister(offset), g.UseImmediate(is_atomic));
+  }
+}
+
+static void VisitLoadCommon(InstructionSelectorT<TurbofanAdapter>* selector,
+                            TurbofanAdapter::node_t node,
+                            LoadRepresentation load_rep) {
+  using node_t = TurbofanAdapter::node_t;
+  PPCOperandGeneratorT<TurbofanAdapter> g(selector);
   auto load_view = selector->load_view(node);
   node_t base = load_view.base();
   node_t offset = load_view.index();
@@ -243,8 +377,8 @@ static void VisitLoadCommon(InstructionSelectorT<Adapter>* selector,
     case MachineRepresentation::kCompressedPointer:  // Fall through.
     case MachineRepresentation::kCompressed:
 #ifdef V8_COMPRESS_POINTERS
-      opcode = kPPC_LoadWordS32;
       if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+      opcode = kPPC_LoadWordS32;
       break;
 #else
       UNREACHABLE();
@@ -270,8 +404,8 @@ static void VisitLoadCommon(InstructionSelectorT<Adapter>* selector,
       case MachineRepresentation::kTagged:         // Fall through.
 #endif
       case MachineRepresentation::kWord64:
-        opcode = kPPC_LoadWord64;
         if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_LoadWord64;
         break;
       case MachineRepresentation::kSimd128:
         opcode = kPPC_LoadSimd128;
@@ -321,13 +455,183 @@ void InstructionSelectorT<Adapter>::VisitProtectedLoad(node_t node) {
   UNIMPLEMENTED();
 }
 
-template <typename Adapter>
-void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
-                      typename Adapter::node_t node,
+void VisitStoreCommon(InstructionSelectorT<TurboshaftAdapter>* selector,
+                      TurboshaftAdapter::node_t node,
                       StoreRepresentation store_rep,
-                      base::Optional<AtomicMemoryOrder> atomic_order) {
-  using node_t = typename Adapter::node_t;
-  PPCOperandGeneratorT<Adapter> g(selector);
+                      std::optional<AtomicMemoryOrder> atomic_order) {
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  using node_t = TurboshaftAdapter::node_t;
+  PPCOperandGeneratorT<TurboshaftAdapter> g(selector);
+  auto store_view = selector->store_view(node);
+  node_t base = store_view.base();
+  node_t offset = selector->value(store_view.index());
+  node_t value = store_view.value();
+  bool is_atomic = store_view.is_atomic();
+
+  MachineRepresentation rep = store_rep.representation();
+  WriteBarrierKind write_barrier_kind = kNoWriteBarrier;
+
+  if (!is_atomic) {
+    write_barrier_kind = store_rep.write_barrier_kind();
+  }
+
+  if (v8_flags.enable_unconditional_write_barriers &&
+      CanBeTaggedOrCompressedOrIndirectPointer(rep)) {
+    write_barrier_kind = kFullWriteBarrier;
+  }
+
+  if (write_barrier_kind != kNoWriteBarrier &&
+      !v8_flags.disable_write_barriers) {
+    DCHECK(CanBeTaggedOrCompressedOrIndirectPointer(rep));
+    // Uncompressed stores should not happen if we need a write barrier.
+    CHECK((store_view.ts_stored_rep() !=
+           MemoryRepresentation::AnyUncompressedTagged()) &&
+          (store_view.ts_stored_rep() !=
+           MemoryRepresentation::UncompressedTaggedPointer()) &&
+          (store_view.ts_stored_rep() !=
+           MemoryRepresentation::UncompressedTaggedPointer()));
+    AddressingMode addressing_mode;
+    InstructionOperand inputs[4];
+    size_t input_count = 0;
+    inputs[input_count++] = g.UseUniqueRegister(base);
+    // OutOfLineRecordWrite uses the offset in an 'add' instruction as well as
+    // for the store itself, so we must check compatibility with both.
+    if (g.CanBeImmediate(offset, kInt16Imm)
+#if V8_TARGET_ARCH_PPC64
+        && g.CanBeImmediate(offset, kInt16Imm_4ByteAligned)
+#endif
+    ) {
+      inputs[input_count++] = g.UseImmediate(offset);
+      addressing_mode = kMode_MRI;
+    } else {
+      inputs[input_count++] = g.UseUniqueRegister(offset);
+      addressing_mode = kMode_MRR;
+    }
+    inputs[input_count++] = g.UseUniqueRegister(value);
+    RecordWriteMode record_write_mode =
+        WriteBarrierKindToRecordWriteMode(write_barrier_kind);
+    InstructionOperand temps[] = {g.TempRegister(), g.TempRegister()};
+    size_t const temp_count = arraysize(temps);
+    InstructionCode code;
+    if (rep == MachineRepresentation::kIndirectPointer) {
+      DCHECK_EQ(write_barrier_kind, kIndirectPointerWriteBarrier);
+      // In this case we need to add the IndirectPointerTag as additional input.
+      code = kArchStoreIndirectWithWriteBarrier;
+      IndirectPointerTag tag = store_view.indirect_pointer_tag();
+      inputs[input_count++] = g.UseImmediate(static_cast<int64_t>(tag));
+    } else {
+      code = kArchStoreWithWriteBarrier;
+    }
+    code |= AddressingModeField::encode(addressing_mode);
+    code |= RecordWriteModeField::encode(record_write_mode);
+    CHECK_EQ(is_atomic, false);
+    selector->Emit(code, 0, nullptr, input_count, inputs, temp_count, temps);
+  } else {
+    ArchOpcode opcode;
+    ImmediateMode mode;
+    if (CpuFeatures::IsSupported(PPC_10_PLUS)) {
+      mode = kInt34Imm;
+    } else {
+      mode = kInt16Imm;
+    }
+    switch (store_view.ts_stored_rep()) {
+      case MemoryRepresentation::Int8():
+      case MemoryRepresentation::Uint8():
+        opcode = kPPC_StoreWord8;
+        break;
+      case MemoryRepresentation::Int16():
+      case MemoryRepresentation::Uint16():
+        opcode = kPPC_StoreWord16;
+        break;
+      case MemoryRepresentation::Int32():
+      case MemoryRepresentation::Uint32(): {
+        opcode = kPPC_StoreWord32;
+        const Operation& reverse_op = selector->Get(value);
+        if (reverse_op.Is<Opmask::kWord32ReverseBytes>()) {
+          opcode = kPPC_StoreByteRev32;
+          value = selector->input_at(value, 0);
+          mode = kNoImmediate;
+        }
+        break;
+      }
+      case MemoryRepresentation::Int64():
+      case MemoryRepresentation::Uint64(): {
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_StoreWord64;
+        const Operation& reverse_op = selector->Get(value);
+        if (reverse_op.Is<Opmask::kWord64ReverseBytes>()) {
+          opcode = kPPC_StoreByteRev64;
+          value = selector->input_at(value, 0);
+          mode = kNoImmediate;
+        }
+        break;
+      }
+      case MemoryRepresentation::Float16():
+        UNIMPLEMENTED();
+      case MemoryRepresentation::Float32():
+        opcode = kPPC_StoreFloat32;
+        break;
+      case MemoryRepresentation::Float64():
+        opcode = kPPC_StoreDouble;
+        break;
+      case MemoryRepresentation::AnyTagged():
+      case MemoryRepresentation::TaggedPointer():
+      case MemoryRepresentation::TaggedSigned():
+        if (mode != kInt34Imm) mode = kInt16Imm;
+        opcode = kPPC_StoreCompressTagged;
+        break;
+      case MemoryRepresentation::AnyUncompressedTagged():
+      case MemoryRepresentation::UncompressedTaggedPointer():
+      case MemoryRepresentation::UncompressedTaggedSigned():
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_StoreWord64;
+        break;
+      case MemoryRepresentation::ProtectedPointer():
+        // We never store directly to protected pointers from generated code.
+        UNREACHABLE();
+      case MemoryRepresentation::IndirectPointer():
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_StoreIndirectPointer;
+        break;
+      case MemoryRepresentation::SandboxedPointer():
+        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
+        opcode = kPPC_StoreEncodeSandboxedPointer;
+        break;
+      case MemoryRepresentation::Simd128():
+        opcode = kPPC_StoreSimd128;
+        // Vectors do not support MRI mode, only MRR is available.
+        mode = kNoImmediate;
+        break;
+      case MemoryRepresentation::Simd256():
+        UNREACHABLE();
+    }
+
+    if (selector->is_load_root_register(base)) {
+      selector->Emit(opcode | AddressingModeField::encode(kMode_Root),
+                     g.NoOutput(), g.UseRegister(offset), g.UseRegister(value),
+                     g.UseImmediate(is_atomic));
+    } else if (g.CanBeImmediate(offset, mode)) {
+      selector->Emit(opcode | AddressingModeField::encode(kMode_MRI),
+                     g.NoOutput(), g.UseRegister(base), g.UseImmediate(offset),
+                     g.UseRegister(value), g.UseImmediate(is_atomic));
+    } else if (g.CanBeImmediate(base, mode)) {
+      selector->Emit(opcode | AddressingModeField::encode(kMode_MRI),
+                     g.NoOutput(), g.UseRegister(offset), g.UseImmediate(base),
+                     g.UseRegister(value), g.UseImmediate(is_atomic));
+    } else {
+      selector->Emit(opcode | AddressingModeField::encode(kMode_MRR),
+                     g.NoOutput(), g.UseRegister(base), g.UseRegister(offset),
+                     g.UseRegister(value), g.UseImmediate(is_atomic));
+    }
+  }
+}
+
+void VisitStoreCommon(InstructionSelectorT<TurbofanAdapter>* selector,
+                      TurbofanAdapter::node_t node,
+                      StoreRepresentation store_rep,
+                      std::optional<AtomicMemoryOrder> atomic_order) {
+  using node_t = TurbofanAdapter::node_t;
+  PPCOperandGeneratorT<TurbofanAdapter> g(selector);
   auto store_view = selector->store_view(node);
   node_t base = store_view.base();
   node_t offset = selector->value(store_view.index());
@@ -409,20 +713,12 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
         break;
       case MachineRepresentation::kWord32: {
         opcode = kPPC_StoreWord32;
-        bool is_w32_reverse_bytes = false;
-        if constexpr (Adapter::IsTurboshaft) {
-          using namespace turboshaft;  // NOLINT(build/namespaces)
-          const Operation& reverse_op = selector->Get(value);
-          is_w32_reverse_bytes = reverse_op.Is<Opmask::kWord32ReverseBytes>();
-        } else {
           NodeMatcher m(value);
-          is_w32_reverse_bytes = m.IsWord32ReverseBytes();
-        }
-        if (is_w32_reverse_bytes) {
-          opcode = kPPC_StoreByteRev32;
-          value = selector->input_at(value, 0);
-          mode = kNoImmediate;
-        }
+          if (m.IsWord32ReverseBytes()) {
+            opcode = kPPC_StoreByteRev32;
+            value = selector->input_at(value, 0);
+            mode = kNoImmediate;
+          }
         break;
       }
       case MachineRepresentation::kCompressedPointer:  // Fall through.
@@ -450,17 +746,11 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
         break;
       case MachineRepresentation::kWord64: {
         opcode = kPPC_StoreWord64;
-        if (mode != kInt34Imm) mode = kInt16Imm_4ByteAligned;
-        bool is_w64_reverse_bytes = false;
-        if constexpr (Adapter::IsTurboshaft) {
-          using namespace turboshaft;  // NOLINT(build/namespaces)
-          const Operation& reverse_op = selector->Get(value);
-          is_w64_reverse_bytes = reverse_op.Is<Opmask::kWord64ReverseBytes>();
-        } else {
-          NodeMatcher m(value);
-          is_w64_reverse_bytes = m.IsWord64ReverseBytes();
+        if (mode != kInt34Imm) {
+          mode = kInt16Imm_4ByteAligned;
         }
-        if (is_w64_reverse_bytes) {
+        NodeMatcher m(value);
+        if (m.IsWord64ReverseBytes()) {
           opcode = kPPC_StoreByteRev64;
           value = selector->input_at(value, 0);
           mode = kNoImmediate;
@@ -509,7 +799,7 @@ void InstructionSelectorT<Adapter>::VisitStorePair(node_t node) {
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitStore(node_t node) {
   VisitStoreCommon(this, node, this->store_view(node).stored_rep(),
-                   base::nullopt);
+                   std::nullopt);
 }
 
 template <typename Adapter>
@@ -1959,7 +2249,6 @@ void InstructionSelectorT<Adapter>::VisitTruncateFloat32ToUint32(node_t node) {
     Emit(opcode, g.DefineAsRegister(node),
          g.UseRegister(this->input_at(node, 0)));
   } else {
-
     InstructionCode opcode = kPPC_Float32ToUint32;
     TruncateKind kind = OpParameter<TruncateKind>(node->op());
     if (kind == TruncateKind::kSetOverflowToMin) {
@@ -3610,6 +3899,48 @@ SIMD_VISIT_QFMOP(F32x4Qfms)
 SIMD_RELAXED_OP_LIST(SIMD_VISIT_RELAXED_OP)
 #undef SIMD_VISIT_RELAXED_OP
 #undef SIMD_RELAXED_OP_LIST
+
+#define F16_OP_LIST(V)    \
+  V(F16x8Splat)           \
+  V(F16x8ExtractLane)     \
+  V(F16x8ReplaceLane)     \
+  V(F16x8Abs)             \
+  V(F16x8Neg)             \
+  V(F16x8Sqrt)            \
+  V(F16x8Floor)           \
+  V(F16x8Ceil)            \
+  V(F16x8Trunc)           \
+  V(F16x8NearestInt)      \
+  V(F16x8Add)             \
+  V(F16x8Sub)             \
+  V(F16x8Mul)             \
+  V(F16x8Div)             \
+  V(F16x8Min)             \
+  V(F16x8Max)             \
+  V(F16x8Pmin)            \
+  V(F16x8Pmax)            \
+  V(F16x8Eq)              \
+  V(F16x8Ne)              \
+  V(F16x8Lt)              \
+  V(F16x8Le)              \
+  V(F16x8SConvertI16x8)   \
+  V(F16x8UConvertI16x8)   \
+  V(I16x8SConvertF16x8)   \
+  V(I16x8UConvertF16x8)   \
+  V(F32x4PromoteLowF16x8) \
+  V(F16x8DemoteF32x4Zero) \
+  V(F16x8DemoteF64x2Zero) \
+  V(F16x8Qfma)            \
+  V(F16x8Qfms)
+
+#define VISIT_F16_OP(name)                                       \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+F16_OP_LIST(VISIT_F16_OP)
+#undef VISIT_F16_OP
+#undef F16_OP_LIST
 #undef SIMD_TYPES
 
 #if V8_ENABLE_WEBASSEMBLY
diff --git a/deps/v8/src/compiler/backend/register-allocator-verifier.cc b/deps/v8/src/compiler/backend/register-allocator-verifier.cc
index 0ab191714202a3..5d077abfcfcd6b 100644
--- a/deps/v8/src/compiler/backend/register-allocator-verifier.cc
+++ b/deps/v8/src/compiler/backend/register-allocator-verifier.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/backend/register-allocator-verifier.h"
 
+#include <optional>
+
 #include "src/compiler/backend/instruction.h"
 #include "src/utils/bit-vector.h"
 #include "src/utils/ostreams.h"
@@ -353,7 +355,7 @@ void BlockAssessments::CheckReferenceMap(const ReferenceMap* reference_map) {
 }
 
 bool BlockAssessments::IsStaleReferenceStackSlot(InstructionOperand op,
-                                                 base::Optional<int> vreg) {
+                                                 std::optional<int> vreg) {
   if (!op.IsStackSlot()) return false;
   if (vreg.has_value() && !sequence_->IsReference(*vreg)) return false;
 
@@ -481,13 +483,10 @@ void RegisterAllocatorVerifier::ValidatePendingAssessment(
       auto pred_assignment = assessments_.find(pred);
       if (pred_assignment == assessments_.end()) {
         CHECK(origin->IsLoopHeader());
-        auto todo_iter = outstanding_assessments_.find(pred);
-        DelayedAssessments* set = nullptr;
-        if (todo_iter == outstanding_assessments_.end()) {
+        auto [todo_iter, inserted] = outstanding_assessments_.try_emplace(pred);
+        DelayedAssessments*& set = todo_iter->second;
+        if (inserted) {
           set = zone()->New<DelayedAssessments>(zone());
-          outstanding_assessments_.insert(std::make_pair(pred, set));
-        } else {
-          set = todo_iter->second;
         }
         set->AddDelayedAssessment(current_operand, expected);
         continue;
@@ -507,9 +506,9 @@ void RegisterAllocatorVerifier::ValidatePendingAssessment(
           // This happens if we have a diamond feeding into another one, and
           // the inner one never being used - other than for carrying the value.
           const PendingAssessment* next = PendingAssessment::cast(contribution);
-          if (seen.find(pred) == seen.end()) {
+          auto [it, inserted] = seen.insert(pred);
+          if (inserted) {
             worklist.push({next, expected});
-            seen.insert(pred);
           }
           // Note that we do not want to finalize pending assessments at the
           // beginning of a block - which is the information we'd have
diff --git a/deps/v8/src/compiler/backend/register-allocator-verifier.h b/deps/v8/src/compiler/backend/register-allocator-verifier.h
index dfa3e0b325b79a..230beff806aaf6 100644
--- a/deps/v8/src/compiler/backend/register-allocator-verifier.h
+++ b/deps/v8/src/compiler/backend/register-allocator-verifier.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_BACKEND_REGISTER_ALLOCATOR_VERIFIER_H_
 #define V8_COMPILER_BACKEND_REGISTER_ALLOCATOR_VERIFIER_H_
 
+#include <optional>
+
 #include "src/compiler/backend/instruction.h"
 #include "src/zone/zone-containers.h"
 
@@ -175,7 +177,7 @@ class BlockAssessments : public ZoneObject {
   }
   void CheckReferenceMap(const ReferenceMap* reference_map);
   bool IsStaleReferenceStackSlot(InstructionOperand op,
-                                 base::Optional<int> vreg = base::nullopt);
+                                 std::optional<int> vreg = std::nullopt);
 
   OperandMap& map() { return map_; }
   const OperandMap& map() const { return map_; }
diff --git a/deps/v8/src/compiler/backend/register-allocator.cc b/deps/v8/src/compiler/backend/register-allocator.cc
index cf2d3bb9b267e6..90d11bf78d397a 100644
--- a/deps/v8/src/compiler/backend/register-allocator.cc
+++ b/deps/v8/src/compiler/backend/register-allocator.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/backend/register-allocator.h"
 
 #include <iomanip>
+#include <optional>
 
 #include "src/base/iterator.h"
 #include "src/base/small-vector.h"
@@ -1057,7 +1058,7 @@ SpillRange::SpillRange(TopLevelLiveRange* parent, Zone* zone)
 
 // Checks if the `UseInterval`s in `a` intersect with those in `b`.
 // Returns the two intervals that intersected, or `std::nullopt` if none did.
-static base::Optional<std::pair<UseInterval, UseInterval>>
+static std::optional<std::pair<UseInterval, UseInterval>>
 AreUseIntervalsIntersectingVector(base::Vector<const UseInterval> a,
                                   base::Vector<const UseInterval> b) {
   SLOW_DCHECK(std::is_sorted(a.begin(), a.end()) &&
@@ -1096,7 +1097,7 @@ AreUseIntervalsIntersectingVector(base::Vector<const UseInterval> a,
 // containers of `UseInterval`s, as long as they can be converted to a
 // `base::Vector` (which is essentially just a memory span).
 template <typename ContainerA, typename ContainerB>
-base::Optional<std::pair<UseInterval, UseInterval>> AreUseIntervalsIntersecting(
+std::optional<std::pair<UseInterval, UseInterval>> AreUseIntervalsIntersecting(
     const ContainerA& a, const ContainerB& b) {
   return AreUseIntervalsIntersectingVector(base::VectorOf(a),
                                            base::VectorOf(b));
diff --git a/deps/v8/src/compiler/backend/riscv/code-generator-riscv.cc b/deps/v8/src/compiler/backend/riscv/code-generator-riscv.cc
index dfe9bfac8986cc..966b73c743f720 100644
--- a/deps/v8/src/compiler/backend/riscv/code-generator-riscv.cc
+++ b/deps/v8/src/compiler/backend/riscv/code-generator-riscv.cc
@@ -4000,6 +4000,7 @@ void CodeGenerator::AssembleArchTrap(Instruction* instr,
           static_cast<TrapId>(i.InputInt32(instr_->InputCount() - 1));
       GenerateCallToTrap(trap_id);
     }
+
    private:
     void GenerateCallToTrap(TrapId trap_id) {
       gen_->AssembleSourcePosition(instr_);
diff --git a/deps/v8/src/compiler/backend/riscv/instruction-selector-riscv.h b/deps/v8/src/compiler/backend/riscv/instruction-selector-riscv.h
index be7c2460f2765e..c9d32b8ea3d519 100644
--- a/deps/v8/src/compiler/backend/riscv/instruction-selector-riscv.h
+++ b/deps/v8/src/compiler/backend/riscv/instruction-selector-riscv.h
@@ -4,6 +4,8 @@
 #ifndef V8_COMPILER_BACKEND_RISCV_INSTRUCTION_SELECTOR_RISCV_H_
 #define V8_COMPILER_BACKEND_RISCV_INSTRUCTION_SELECTOR_RISCV_H_
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/compiler/backend/instruction-selector-impl.h"
 #include "src/compiler/backend/instruction-selector.h"
@@ -45,8 +47,7 @@ class RiscvOperandGeneratorT final : public OperandGeneratorT<Adapter> {
       auto constant = selector()->constant_view(node);
       if ((IsIntegerConstant(constant) &&
            GetIntegerConstantValue(constant) == 0) ||
-          (constant.is_float() &&
-           (base::bit_cast<int64_t>(constant.float_value()) == 0))) {
+          constant.is_float_zero()) {
         return UseImmediate(node);
       }
     }
@@ -71,7 +72,7 @@ class RiscvOperandGeneratorT final : public OperandGeneratorT<Adapter> {
     return constant.int64_value();
   }
 
-  base::Optional<int64_t> GetOptionalIntegerConstant(
+  std::optional<int64_t> GetOptionalIntegerConstant(
       InstructionSelectorT<TurboshaftAdapter>* selector,
       turboshaft::OpIndex operation) {
     if (!this->is_constant(operation)) return {};
@@ -97,8 +98,7 @@ class RiscvOperandGeneratorT final : public OperandGeneratorT<Adapter> {
       auto constant = selector()->constant_view(node);
       if ((IsIntegerConstant(constant) &&
            GetIntegerConstantValue(constant) == 0) ||
-          (constant.is_float() &&
-           (base::bit_cast<int64_t>(constant.float_value()) == 0))) {
+          constant.is_float_zero()) {
         return true;
       }
     }
@@ -1388,6 +1388,48 @@ void InstructionSelectorT<Adapter>::VisitI16x8ExtAddPairwiseI8x16U(
   V(I16x8Q15MulRSatS, kRiscvVsmulVv, E16, m1) \
   V(I16x8RelaxedQ15MulRS, kRiscvVsmulVv, E16, m1)
 
+#define UNIMPLEMENTED_SIMD_FP16_OP_LIST(V) \
+  V(F16x8Splat)                            \
+  V(F16x8ExtractLane)                      \
+  V(F16x8ReplaceLane)                      \
+  V(F16x8Abs)                              \
+  V(F16x8Neg)                              \
+  V(F16x8Sqrt)                             \
+  V(F16x8Floor)                            \
+  V(F16x8Ceil)                             \
+  V(F16x8Trunc)                            \
+  V(F16x8NearestInt)                       \
+  V(F16x8Add)                              \
+  V(F16x8Sub)                              \
+  V(F16x8Mul)                              \
+  V(F16x8Div)                              \
+  V(F16x8Min)                              \
+  V(F16x8Max)                              \
+  V(F16x8Pmin)                             \
+  V(F16x8Pmax)                             \
+  V(F16x8Eq)                               \
+  V(F16x8Ne)                               \
+  V(F16x8Lt)                               \
+  V(F16x8Le)                               \
+  V(F16x8SConvertI16x8)                    \
+  V(F16x8UConvertI16x8)                    \
+  V(I16x8SConvertF16x8)                    \
+  V(I16x8UConvertF16x8)                    \
+  V(F16x8DemoteF32x4Zero)                  \
+  V(F16x8DemoteF64x2Zero)                  \
+  V(F32x4PromoteLowF16x8)                  \
+  V(F16x8Qfma)                             \
+  V(F16x8Qfms)
+
+#define SIMD_VISIT_UNIMPL_FP16_OP(Name)                          \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+UNIMPLEMENTED_SIMD_FP16_OP_LIST(SIMD_VISIT_UNIMPL_FP16_OP)
+#undef SIMD_VISIT_UNIMPL_FP16_OP
+#undef UNIMPLEMENTED_SIMD_FP16_OP_LIST
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitS128AndNot(node_t node) {
   if constexpr (Adapter::IsTurboshaft) {
@@ -1482,15 +1524,11 @@ SIMD_SHIFT_OP_LIST(SIMD_VISIT_SHIFT_OP)
 #define SIMD_VISIT_BINOP_RVV(Name, instruction, VSEW, LMUL)                    \
   template <typename Adapter>                                                  \
   void InstructionSelectorT<Adapter>::Visit##Name(node_t node) {               \
-    if constexpr (Adapter::IsTurboshaft) {                                     \
-      UNIMPLEMENTED();                                                         \
-    } else {                                                                   \
       RiscvOperandGeneratorT<Adapter> g(this);                                 \
       this->Emit(instruction, g.DefineAsRegister(node),                        \
                  g.UseRegister(this->input_at(node, 0)),                       \
                  g.UseRegister(this->input_at(node, 1)), g.UseImmediate(VSEW), \
                  g.UseImmediate(LMUL));                                        \
-    }                                                                          \
   }
 SIMD_BINOP_LIST(SIMD_VISIT_BINOP_RVV)
 #undef SIMD_VISIT_BINOP_RVV
@@ -2051,17 +2089,14 @@ void InstructionSelectorT<Adapter>::VisitI32x4DotI8x16I7x16AddS(node_t node) {
 
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI8x16Shuffle(node_t node) {
-  if constexpr (Adapter::IsTurboshaft) {
-    UNIMPLEMENTED();
-  } else {
     uint8_t shuffle[kSimd128Size];
     bool is_swizzle;
     // TODO(riscv): Properly use view here once Turboshaft support is
     // implemented.
     auto view = this->simd_shuffle_view(node);
     CanonicalizeShuffle(view, shuffle, &is_swizzle);
-    Node* input0 = this->input_at(node, 0);
-    Node* input1 = this->input_at(node, 1);
+    node_t input0 = view.input(0);
+    node_t input1 = view.input(1);
     RiscvOperandGeneratorT<Adapter> g(this);
     // uint8_t shuffle32x4[4];
     // ArchOpcode opcode;
@@ -2090,14 +2125,10 @@ void InstructionSelectorT<Adapter>::VisitI8x16Shuffle(node_t node) {
          g.UseImmediate(wasm::SimdShuffle::Pack4Lanes(shuffle + 4)),
          g.UseImmediate(wasm::SimdShuffle::Pack4Lanes(shuffle + 8)),
          g.UseImmediate(wasm::SimdShuffle::Pack4Lanes(shuffle + 12)));
-  }
 }
 
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitI8x16Swizzle(node_t node) {
-  if constexpr (Adapter::IsTurboshaft) {
-    UNIMPLEMENTED();
-  } else {
     RiscvOperandGeneratorT<Adapter> g(this);
     InstructionOperand temps[] = {g.TempSimd128Register()};
     // We don't want input 0 or input 1 to be the same as output, since we will
@@ -2106,7 +2137,6 @@ void InstructionSelectorT<Adapter>::VisitI8x16Swizzle(node_t node) {
          g.UseUniqueRegister(this->input_at(node, 0)),
          g.UseUniqueRegister(this->input_at(node, 1)), g.UseImmediate(E8),
          g.UseImmediate(m1), arraysize(temps), temps);
-  }
 }
 
 #define VISIT_BIMASK(TYPE, VSEW, LMUL)                                      \
diff --git a/deps/v8/src/compiler/backend/s390/code-generator-s390.cc b/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
index e81374e0f621c8..f78627153485b2 100644
--- a/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
+++ b/deps/v8/src/compiler/backend/s390/code-generator-s390.cc
@@ -3425,7 +3425,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ Push(kWasmInstanceRegister);
diff --git a/deps/v8/src/compiler/backend/s390/instruction-selector-s390.cc b/deps/v8/src/compiler/backend/s390/instruction-selector-s390.cc
index 6d1bef75378314..851261089841b6 100644
--- a/deps/v8/src/compiler/backend/s390/instruction-selector-s390.cc
+++ b/deps/v8/src/compiler/backend/s390/instruction-selector-s390.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/logging.h"
 #include "src/compiler/backend/instruction-selector-adapter.h"
 #include "src/compiler/backend/instruction-selector-impl.h"
@@ -93,7 +95,7 @@ struct BaseWithScaledIndexAndDisplacementMatch {
   DisplacementMode displacement_mode = kPositiveDisplacement;
 };
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement64(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex node) {
@@ -156,7 +158,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64(
     return result;
 #endif  // V8_ENABLE_WEBASSEMBLY
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // Adds S390-specific methods for generating operands.
@@ -418,6 +420,78 @@ bool S390OpcodeOnlySupport12BitDisp(InstructionCode op) {
   (S390OpcodeOnlySupport12BitDisp(op) ? OperandMode::kUint12Imm \
                                       : OperandMode::kInt20Imm)
 
+ArchOpcode SelectLoadOpcode(turboshaft::MemoryRepresentation loaded_rep,
+                            turboshaft::RegisterRepresentation result_rep) {
+  // NOTE: The meaning of `loaded_rep` = `MemoryRepresentation::AnyTagged()` is
+  // we are loading a compressed tagged field, while `result_rep` =
+  // `RegisterRepresentation::Tagged()` refers to an uncompressed tagged value.
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  switch (loaded_rep) {
+    case MemoryRepresentation::Int8():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      return kS390_LoadWordS8;
+    case MemoryRepresentation::Uint8():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      return kS390_LoadWordU8;
+    case MemoryRepresentation::Int16():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      return kS390_LoadWordS16;
+    case MemoryRepresentation::Uint16():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      return kS390_LoadWordU16;
+    case MemoryRepresentation::Int32():
+    case MemoryRepresentation::Uint32():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word32());
+      return kS390_LoadWordU32;
+    case MemoryRepresentation::Int64():
+    case MemoryRepresentation::Uint64():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Word64());
+      return kS390_LoadWord64;
+    case MemoryRepresentation::Float16():
+      UNIMPLEMENTED();
+    case MemoryRepresentation::Float32():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
+      return kS390_LoadFloat32;
+    case MemoryRepresentation::Float64():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float64());
+      return kS390_LoadDouble;
+#ifdef V8_COMPRESS_POINTERS
+    case MemoryRepresentation::AnyTagged():
+    case MemoryRepresentation::TaggedPointer():
+      if (result_rep == RegisterRepresentation::Compressed()) {
+        return kS390_LoadWordS32;
+      }
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      return kS390_LoadDecompressTagged;
+    case MemoryRepresentation::TaggedSigned():
+      if (result_rep == RegisterRepresentation::Compressed()) {
+        return kS390_LoadWordS32;
+      }
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      return kS390_LoadDecompressTaggedSigned;
+#else
+    case MemoryRepresentation::AnyTagged():
+    case MemoryRepresentation::TaggedPointer():
+    case MemoryRepresentation::TaggedSigned():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      return kS390_LoadWord64;
+#endif
+    case MemoryRepresentation::AnyUncompressedTagged():
+    case MemoryRepresentation::UncompressedTaggedPointer():
+    case MemoryRepresentation::UncompressedTaggedSigned():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Tagged());
+      return kS390_LoadWord64;
+    case MemoryRepresentation::Simd128():
+      DCHECK_EQ(result_rep, RegisterRepresentation::Simd128());
+      return kS390_LoadSimd128;
+    case MemoryRepresentation::ProtectedPointer():
+    case MemoryRepresentation::IndirectPointer():
+    case MemoryRepresentation::SandboxedPointer():
+    case MemoryRepresentation::Simd256():
+      UNREACHABLE();
+  }
+}
+
 ArchOpcode SelectLoadOpcode(LoadRepresentation load_rep) {
   ArchOpcode opcode;
   switch (load_rep.representation()) {
@@ -728,7 +802,8 @@ void GenerateRightOperands(InstructionSelectorT<TurboshaftAdapter>* selector,
     const Operation& right_op = selector->Get(right);
     if (right_op.Is<LoadOp>() && selector->CanCover(node, right) &&
         canCombineWithLoad(
-            SelectLoadOpcode(selector->load_view(right).loaded_rep()))) {
+            SelectLoadOpcode(selector->load_view(right).ts_loaded_rep(),
+                             selector->load_view(right).ts_result_rep()))) {
       AddressingMode mode =
           g.GetEffectiveAddressMemoryOperand(right, inputs, input_count);
       *opcode |= AddressingModeField::encode(mode);
@@ -1044,28 +1119,35 @@ void InstructionSelectorT<Adapter>::VisitLoad(node_t node, node_t value,
     Emit(opcode, 1, outputs, input_count, inputs);
 }
 
-template <typename Adapter>
-void InstructionSelectorT<Adapter>::VisitLoad(node_t node) {
-  typename Adapter::LoadView load = this->load_view(node);
-  LoadRepresentation load_rep = load.loaded_rep();
+template <>
+void InstructionSelectorT<TurbofanAdapter>::VisitLoad(node_t node) {
+  LoadRepresentation load_rep = this->load_view(node).loaded_rep();
   InstructionCode opcode = SelectLoadOpcode(load_rep);
   VisitLoad(node, node, opcode);
 }
 
+template <>
+void InstructionSelectorT<TurboshaftAdapter>::VisitLoad(node_t node) {
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  TurboshaftAdapter::LoadView view = this->load_view(node);
+  VisitLoad(node, node,
+            SelectLoadOpcode(view.ts_loaded_rep(), view.ts_result_rep()));
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitProtectedLoad(node_t node) {
   // TODO(eholk)
   UNIMPLEMENTED();
 }
 
-template <typename Adapter>
 static void VisitGeneralStore(
-    InstructionSelectorT<Adapter>* selector, typename Adapter::node_t node,
-    MachineRepresentation rep,
+    InstructionSelectorT<TurboshaftAdapter>* selector,
+    typename TurboshaftAdapter::node_t node, MachineRepresentation rep,
     WriteBarrierKind write_barrier_kind = kNoWriteBarrier) {
-  using node_t = typename Adapter::node_t;
-  using optional_node_t = typename Adapter::optional_node_t;
-  S390OperandGeneratorT<Adapter> g(selector);
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  using node_t = TurboshaftAdapter::node_t;
+  using optional_node_t = TurboshaftAdapter::optional_node_t;
+  S390OperandGeneratorT<TurboshaftAdapter> g(selector);
 
   auto store_view = selector->store_view(node);
   DCHECK_EQ(store_view.element_size_log2(), 0);
@@ -1078,13 +1160,141 @@ static void VisitGeneralStore(
   if (write_barrier_kind != kNoWriteBarrier &&
       !v8_flags.disable_write_barriers) {
     DCHECK(CanBeTaggedOrCompressedPointer(rep));
+    // Uncompressed stores should not happen if we need a write barrier.
+    CHECK((store_view.ts_stored_rep() !=
+           MemoryRepresentation::AnyUncompressedTagged()) &&
+          (store_view.ts_stored_rep() !=
+           MemoryRepresentation::UncompressedTaggedPointer()) &&
+          (store_view.ts_stored_rep() !=
+           MemoryRepresentation::UncompressedTaggedPointer()));
     AddressingMode addressing_mode;
     InstructionOperand inputs[4];
     size_t input_count = 0;
     addressing_mode = g.GenerateMemoryOperandInputs(
         index, base, displacement, DisplacementMode::kPositiveDisplacement,
         inputs, &input_count,
-        S390OperandGeneratorT<Adapter>::RegisterUseKind::kUseUniqueRegister);
+        S390OperandGeneratorT<
+            TurboshaftAdapter>::RegisterUseKind::kUseUniqueRegister);
+    DCHECK_LT(input_count, 4);
+    inputs[input_count++] = g.UseUniqueRegister(value);
+    RecordWriteMode record_write_mode =
+        WriteBarrierKindToRecordWriteMode(write_barrier_kind);
+    InstructionOperand temps[] = {g.TempRegister(), g.TempRegister()};
+    size_t const temp_count = arraysize(temps);
+    InstructionCode code = kArchStoreWithWriteBarrier;
+    code |= AddressingModeField::encode(addressing_mode);
+    code |= RecordWriteModeField::encode(record_write_mode);
+    selector->Emit(code, 0, nullptr, input_count, inputs, temp_count, temps);
+  } else {
+    ArchOpcode opcode;
+
+    switch (store_view.ts_stored_rep()) {
+      case MemoryRepresentation::Int8():
+      case MemoryRepresentation::Uint8():
+        opcode = kS390_StoreWord8;
+        break;
+      case MemoryRepresentation::Int16():
+      case MemoryRepresentation::Uint16():
+        opcode = kS390_StoreWord16;
+        break;
+      case MemoryRepresentation::Int32():
+      case MemoryRepresentation::Uint32(): {
+        opcode = kS390_StoreWord32;
+        const Operation& reverse_op = selector->Get(value);
+        if (reverse_op.Is<Opmask::kWord32ReverseBytes>()) {
+          opcode = kS390_StoreReverse32;
+          value = selector->input_at(value, 0);
+        }
+        break;
+      }
+      case MemoryRepresentation::Int64():
+      case MemoryRepresentation::Uint64(): {
+        opcode = kS390_StoreWord64;
+        const Operation& reverse_op = selector->Get(value);
+        if (reverse_op.Is<Opmask::kWord64ReverseBytes>()) {
+          opcode = kS390_StoreReverse64;
+          value = selector->input_at(value, 0);
+        }
+        break;
+      }
+      case MemoryRepresentation::Float16():
+        UNIMPLEMENTED();
+      case MemoryRepresentation::Float32():
+        opcode = kS390_StoreFloat32;
+        break;
+      case MemoryRepresentation::Float64():
+        opcode = kS390_StoreDouble;
+        break;
+      case MemoryRepresentation::AnyTagged():
+      case MemoryRepresentation::TaggedPointer():
+      case MemoryRepresentation::TaggedSigned():
+        opcode = kS390_StoreCompressTagged;
+        break;
+      case MemoryRepresentation::AnyUncompressedTagged():
+      case MemoryRepresentation::UncompressedTaggedPointer():
+      case MemoryRepresentation::UncompressedTaggedSigned():
+        opcode = kS390_StoreWord64;
+        break;
+      case MemoryRepresentation::Simd128(): {
+        opcode = kS390_StoreSimd128;
+        const Operation& reverse_op = selector->Get(value);
+        // TODO(miladfarca): Rename this to `Opmask::kSimd128ReverseBytes` once
+        // Turboshaft naming is decoupled from Turbofan naming.
+        if (reverse_op.Is<Opmask::kSimd128Simd128ReverseBytes>()) {
+          opcode = kS390_StoreReverseSimd128;
+          value = selector->input_at(value, 0);
+        }
+        break;
+      }
+      case MemoryRepresentation::ProtectedPointer():
+        // We never store directly to protected pointers from generated code.
+        UNREACHABLE();
+      case MemoryRepresentation::IndirectPointer():
+      case MemoryRepresentation::SandboxedPointer():
+      case MemoryRepresentation::Simd256():
+        UNREACHABLE();
+    }
+
+    InstructionOperand inputs[4];
+    size_t input_count = 0;
+    AddressingMode addressing_mode =
+        g.GetEffectiveAddressMemoryOperand(node, inputs, &input_count);
+    InstructionCode code =
+        opcode | AddressingModeField::encode(addressing_mode);
+    InstructionOperand value_operand = g.UseRegister(value);
+    inputs[input_count++] = value_operand;
+    selector->Emit(code, 0, static_cast<InstructionOperand*>(nullptr),
+                   input_count, inputs);
+  }
+}
+
+static void VisitGeneralStore(
+    InstructionSelectorT<TurbofanAdapter>* selector,
+    typename TurbofanAdapter::node_t node, MachineRepresentation rep,
+    WriteBarrierKind write_barrier_kind = kNoWriteBarrier) {
+  using node_t = TurbofanAdapter::node_t;
+  using optional_node_t = TurbofanAdapter::optional_node_t;
+  S390OperandGeneratorT<TurbofanAdapter> g(selector);
+
+  auto store_view = selector->store_view(node);
+  DCHECK_EQ(store_view.element_size_log2(), 0);
+
+  node_t base = store_view.base();
+  optional_node_t index = store_view.index();
+  node_t value = store_view.value();
+  int32_t displacement = store_view.displacement();
+
+  if (write_barrier_kind != kNoWriteBarrier &&
+      !v8_flags.disable_write_barriers) {
+    DCHECK(CanBeTaggedOrCompressedPointer(rep));
+    AddressingMode addressing_mode;
+    InstructionOperand inputs[4];
+    size_t input_count = 0;
+    addressing_mode = g.GenerateMemoryOperandInputs(
+        index, base, displacement, DisplacementMode::kPositiveDisplacement,
+        inputs, &input_count,
+        S390OperandGeneratorT<
+            TurbofanAdapter>::RegisterUseKind::kUseUniqueRegister);
     DCHECK_LT(input_count, 4);
     inputs[input_count++] = g.UseUniqueRegister(value);
     RecordWriteMode record_write_mode =
@@ -1113,19 +1323,11 @@ static void VisitGeneralStore(
         break;
       case MachineRepresentation::kWord32: {
         opcode = kS390_StoreWord32;
-        bool is_w32_reverse_bytes = false;
-        if constexpr (Adapter::IsTurboshaft) {
-          using namespace turboshaft;  // NOLINT(build/namespaces)
-          const Operation& reverse_op = selector->Get(value);
-          is_w32_reverse_bytes = reverse_op.Is<Opmask::kWord32ReverseBytes>();
-        } else {
           NodeMatcher m(value);
-          is_w32_reverse_bytes = m.IsWord32ReverseBytes();
-        }
-        if (is_w32_reverse_bytes) {
-          opcode = kS390_StoreReverse32;
-          value = selector->input_at(value, 0);
-        }
+          if (m.IsWord32ReverseBytes()) {
+            opcode = kS390_StoreReverse32;
+            value = selector->input_at(value, 0);
+          }
         break;
       }
       case MachineRepresentation::kCompressedPointer:  // Fall through.
@@ -1145,37 +1347,20 @@ static void VisitGeneralStore(
         break;
       case MachineRepresentation::kWord64: {
         opcode = kS390_StoreWord64;
-        bool is_w64_reverse_bytes = false;
-        if constexpr (Adapter::IsTurboshaft) {
-          using namespace turboshaft;  // NOLINT(build/namespaces)
-          const Operation& reverse_op = selector->Get(value);
-          is_w64_reverse_bytes = reverse_op.Is<Opmask::kWord64ReverseBytes>();
-        } else {
           NodeMatcher m(value);
-          is_w64_reverse_bytes = m.IsWord64ReverseBytes();
-        }
-        if (is_w64_reverse_bytes) {
-          opcode = kS390_StoreReverse64;
-          value = selector->input_at(value, 0);
-        }
+          if (m.IsWord64ReverseBytes()) {
+            opcode = kS390_StoreReverse64;
+            value = selector->input_at(value, 0);
+          }
         break;
       }
       case MachineRepresentation::kSimd128: {
         opcode = kS390_StoreSimd128;
-        bool is_simd128_reverse_bytes = false;
-        if constexpr (Adapter::IsTurboshaft) {
-          using namespace turboshaft;  // NOLINT(build/namespaces)
-          const Operation& reverse_op = selector->Get(value);
-          is_simd128_reverse_bytes =
-              reverse_op.Is<Opmask::kSimd128ReverseBytes>();
-        } else {
           NodeMatcher m(value);
-          is_simd128_reverse_bytes = m.IsSimd128ReverseBytes();
-        }
-        if (is_simd128_reverse_bytes) {
-          opcode = kS390_StoreReverseSimd128;
-          value = selector->input_at(value, 0);
-        }
+          if (m.IsSimd128ReverseBytes()) {
+            opcode = kS390_StoreReverseSimd128;
+            value = selector->input_at(value, 0);
+          }
         break;
       }
       case MachineRepresentation::kFloat16:
@@ -2757,8 +2942,23 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitWordCompareZero(
                         cont);
                   }
                 }
-              // TODO(miladfarca): Add kInt64AbsWithOverflow and
-              // kInt32AbsWithOverflow
+              default:
+                break;
+            }
+          } else if (const OverflowCheckedUnaryOp* unop =
+                         TryCast<OverflowCheckedUnaryOp>(node)) {
+            const bool is64 = unop->rep == WordRepresentation::Word64();
+            switch (unop->kind) {
+              case OverflowCheckedUnaryOp::Kind::kAbs:
+                if (is64) {
+                  cont->OverwriteAndNegateIfEqual(kOverflow);
+                  return VisitWord64UnaryOp(this, node, kS390_Abs64,
+                                            OperandMode::kNone, cont);
+                } else {
+                  cont->OverwriteAndNegateIfEqual(kOverflow);
+                  return VisitWord32UnaryOp(this, node, kS390_Abs32,
+                                            OperandMode::kNone, cont);
+                }
               default:
                 break;
             }
@@ -4027,6 +4227,48 @@ SIMD_VISIT_QFMOP(F32x4Qfms)
 SIMD_RELAXED_OP_LIST(SIMD_VISIT_RELAXED_OP)
 #undef SIMD_VISIT_RELAXED_OP
 #undef SIMD_RELAXED_OP_LIST
+
+#define F16_OP_LIST(V)    \
+  V(F16x8Splat)           \
+  V(F16x8ExtractLane)     \
+  V(F16x8ReplaceLane)     \
+  V(F16x8Abs)             \
+  V(F16x8Neg)             \
+  V(F16x8Sqrt)            \
+  V(F16x8Floor)           \
+  V(F16x8Ceil)            \
+  V(F16x8Trunc)           \
+  V(F16x8NearestInt)      \
+  V(F16x8Add)             \
+  V(F16x8Sub)             \
+  V(F16x8Mul)             \
+  V(F16x8Div)             \
+  V(F16x8Min)             \
+  V(F16x8Max)             \
+  V(F16x8Pmin)            \
+  V(F16x8Pmax)            \
+  V(F16x8Eq)              \
+  V(F16x8Ne)              \
+  V(F16x8Lt)              \
+  V(F16x8Le)              \
+  V(F16x8SConvertI16x8)   \
+  V(F16x8UConvertI16x8)   \
+  V(I16x8SConvertF16x8)   \
+  V(I16x8UConvertF16x8)   \
+  V(F32x4PromoteLowF16x8) \
+  V(F16x8DemoteF32x4Zero) \
+  V(F16x8DemoteF64x2Zero) \
+  V(F16x8Qfma)            \
+  V(F16x8Qfms)
+
+#define VISIT_F16_OP(name)                                       \
+  template <typename Adapter>                                    \
+  void InstructionSelectorT<Adapter>::Visit##name(node_t node) { \
+    UNIMPLEMENTED();                                             \
+  }
+F16_OP_LIST(VISIT_F16_OP)
+#undef VISIT_F16_OP
+#undef F16_OP_LIST
 #undef SIMD_TYPES
 
 #if V8_ENABLE_WEBASSEMBLY
@@ -4467,6 +4709,8 @@ InstructionSelector::SupportedMachineOperatorFlags() {
          MachineOperatorBuilder::kFloat64RoundTiesEven |
          MachineOperatorBuilder::kFloat64RoundTiesAway |
          MachineOperatorBuilder::kWord32Popcnt |
+         MachineOperatorBuilder::kInt32AbsWithOverflow |
+         MachineOperatorBuilder::kInt64AbsWithOverflow |
          MachineOperatorBuilder::kWord64Popcnt;
 }
 
diff --git a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
index 5d0ca6b4a7a681..3b730149ce2d7c 100644
--- a/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
+++ b/deps/v8/src/compiler/backend/x64/code-generator-x64.cc
@@ -3,9 +3,9 @@
 // found in the LICENSE file.
 
 #include <limits>
+#include <optional>
 
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/overflowing-math.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/assembler.h"
@@ -32,9 +32,7 @@
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
-namespace compiler {
+namespace v8::internal::compiler {
 
 #define __ masm()->
 
@@ -1116,6 +1114,30 @@ void EmitTSANRelaxedLoadOOLIfNeeded(Zone* zone, CodeGenerator* codegen,
     }                                                                    \
   } while (false)
 
+#define ASSEMBLE_SIMD_F16x8_BINOP(instr)              \
+  do {                                                \
+    CpuFeatureScope f16c_scope(masm(), F16C);         \
+    CpuFeatureScope avx_scope(masm(), AVX);           \
+    YMMRegister tmp1 = i.TempSimd256Register(0);      \
+    YMMRegister tmp2 = i.TempSimd256Register(1);      \
+    __ vcvtph2ps(tmp1, i.InputSimd128Register(0));    \
+    __ vcvtph2ps(tmp2, i.InputSimd128Register(1));    \
+    __ instr(tmp2, tmp1, tmp2);                       \
+    __ vcvtps2ph(i.OutputSimd128Register(), tmp2, 0); \
+  } while (false)
+
+#define ASSEMBLE_SIMD_F16x8_RELOP(instr)                 \
+  do {                                                   \
+    CpuFeatureScope f16c_scope(masm(), F16C);            \
+    CpuFeatureScope avx_scope(masm(), AVX);              \
+    YMMRegister tmp1 = i.TempSimd256Register(0);         \
+    YMMRegister tmp2 = i.TempSimd256Register(1);         \
+    __ vcvtph2ps(tmp1, i.InputSimd128Register(0));       \
+    __ vcvtph2ps(tmp2, i.InputSimd128Register(1));       \
+    __ instr(tmp2, tmp1, tmp2);                          \
+    __ vpackssdw(i.OutputSimd128Register(), tmp2, tmp2); \
+  } while (false)
+
 #define ASSEMBLE_SIMD256_BINOP(opcode, cpu_feature)                    \
   do {                                                                 \
     CpuFeatureScope avx_scope(masm(), cpu_feature);                    \
@@ -2105,15 +2127,19 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       ASSEMBLE_SSE_BINOP(Ucomiss);
       break;
     case kSSEFloat32Add:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(addss);
       break;
     case kSSEFloat32Sub:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(subss);
       break;
     case kSSEFloat32Mul:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(mulss);
       break;
     case kSSEFloat32Div:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(divss);
       // Don't delete this mov. It may improve performance on some CPUs,
       // when there is a (v)mulss depending on the result.
@@ -2151,15 +2177,19 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       ASSEMBLE_SSE_BINOP(Ucomisd);
       break;
     case kSSEFloat64Add:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(addsd);
       break;
     case kSSEFloat64Sub:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(subsd);
       break;
     case kSSEFloat64Mul:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(mulsd);
       break;
     case kSSEFloat64Div:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_SSE_BINOP(divsd);
       // Don't delete this mov. It may improve performance on some CPUs,
       // when there is a (v)mulsd depending on the result.
@@ -2651,15 +2681,19 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       break;
     }
     case kAVXFloat32Add:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vaddss);
       break;
     case kAVXFloat32Sub:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vsubss);
       break;
     case kAVXFloat32Mul:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vmulss);
       break;
     case kAVXFloat32Div:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vdivss);
       // Don't delete this mov. It may improve performance on some CPUs,
       // when there is a (v)mulss depending on the result.
@@ -2675,15 +2709,19 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       break;
     }
     case kAVXFloat64Add:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vaddsd);
       break;
     case kAVXFloat64Sub:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vsubsd);
       break;
     case kAVXFloat64Mul:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vmulsd);
       break;
     case kAVXFloat64Div:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       ASSEMBLE_AVX_BINOP(vdivsd);
       // Don't delete this mov. It may improve performance on some CPUs,
       // when there is a (v)mulsd depending on the result.
@@ -2704,6 +2742,13 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Abs
+            CpuFeatureScope avx_scope(masm(), AVX);
+            __ Absph(i.OutputSimd128Register(), i.InputSimd128Register(0),
+                     kScratchRegister);
+            break;
+          }
           case kL32: {
             // F32x4Abs
             __ Absps(i.OutputSimd128Register(), i.InputSimd128Register(0),
@@ -2760,6 +2805,13 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Neg
+            CpuFeatureScope avx_scope(masm(), AVX);
+            __ Negph(i.OutputSimd128Register(), i.InputSimd128Register(0),
+                     kScratchRegister);
+            break;
+          }
           case kL32: {
             // F32x4Neg
             __ Negps(i.OutputSimd128Register(), i.InputSimd128Register(0),
@@ -3022,6 +3074,21 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
         }
       }
       break;
+    case kX64Movsh:
+      RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
+      if (instr->HasOutput()) {
+        CpuFeatureScope f16c_scope(masm(), F16C);
+        CpuFeatureScope avx2_scope(masm(), AVX2);
+        __ vpbroadcastw(i.OutputDoubleRegister(), i.MemoryOperand());
+        __ vcvtph2ps(i.OutputDoubleRegister(), i.OutputDoubleRegister());
+      } else {
+        CpuFeatureScope f16c_scope(masm(), F16C);
+        size_t index = 0;
+        Operand operand = i.MemoryOperand(&index);
+        __ vcvtps2ph(kScratchDoubleReg, i.InputDoubleRegister(index), 0);
+        __ Pextrw(operand, kScratchDoubleReg, static_cast<uint8_t>(0));
+      }
+      break;
     case kX64Movss:
       RecordTrapInfoIfNeeded(zone(), this, opcode, instr, __ pc_offset());
       if (instr->HasOutput()) {
@@ -3251,6 +3318,15 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            CpuFeatureScope f16c_scope(masm(), F16C);
+            CpuFeatureScope avx2_scope(masm(), AVX2);
+            __ vcvtps2ph(i.OutputDoubleRegister(0), i.InputDoubleRegister(0),
+                         0);
+            __ vpbroadcastw(i.OutputSimd128Register(),
+                            i.OutputDoubleRegister(0));
+            break;
+          }
           case kL32: {
             // F32x4Splat
             __ F32x4Splat(i.OutputSimd128Register(), i.InputDoubleRegister(0));
@@ -3295,6 +3371,16 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8ExtractLane
+            CpuFeatureScope f16c_scope(masm(), F16C);
+            CpuFeatureScope avx_scope(masm(), AVX);
+            __ Pextrw(kScratchRegister, i.InputSimd128Register(0),
+                      i.InputUint8(1));
+            __ vmovd(i.OutputFloatRegister(), kScratchRegister);
+            __ vcvtph2ps(i.OutputFloatRegister(), i.OutputFloatRegister());
+            break;
+          }
           case kL32: {
             // F32x4ExtractLane
             __ F32x4ExtractLane(i.OutputFloatRegister(),
@@ -3321,6 +3407,16 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8ReplaceLane
+            CpuFeatureScope f16c_scope(masm(), F16C);
+            CpuFeatureScope avx_scope(masm(), AVX);
+            __ vcvtps2ph(kScratchDoubleReg, i.InputDoubleRegister(2), 0);
+            __ vmovd(kScratchRegister, kScratchDoubleReg);
+            __ vpinsrw(i.OutputSimd128Register(), i.InputSimd128Register(0),
+                       kScratchRegister, i.InputInt8(1));
+            break;
+          }
           case kL32: {
             // F32x4ReplaceLane
             // The insertps instruction uses imm8[5:4] to indicate the lane
@@ -3357,6 +3453,16 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
         XMMRegister dst = i.OutputSimd128Register();
         XMMRegister src = i.InputSimd128Register(0);
         switch (lane_size) {
+          case kL16: {
+            // F16x8Sqrt
+            CpuFeatureScope f16c_scope(masm(), F16C);
+            CpuFeatureScope avx_scope(masm(), AVX);
+
+            __ vcvtph2ps(kScratchSimd256Reg, src);
+            __ vsqrtps(kScratchSimd256Reg, kScratchSimd256Reg);
+            __ vcvtps2ph(dst, kScratchSimd256Reg, 0);
+            break;
+          }
           case kL32: {
             // F32x4Sqrt
             __ Sqrtps(dst, src);
@@ -3398,6 +3504,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16:
+            // F16x8Add
+            ASSEMBLE_SIMD_F16x8_BINOP(vaddps);
+            break;
           case kL32: {
             // F32x4Add
             ASSEMBLE_SIMD_BINOP(addps);
@@ -3436,6 +3546,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16:
+            // F16x8Sub
+            ASSEMBLE_SIMD_F16x8_BINOP(vsubps);
+            break;
           case kL32: {
             // F32x4Sub
             ASSEMBLE_SIMD_BINOP(subps);
@@ -3474,6 +3588,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16:
+            // F16x8Mul
+            ASSEMBLE_SIMD_F16x8_BINOP(vmulps);
+            break;
           case kL32: {
             // F32x4Mul
             ASSEMBLE_SIMD_BINOP(mulps);
@@ -3513,6 +3631,10 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16:
+            // F16x8Div
+            ASSEMBLE_SIMD_F16x8_BINOP(vdivps);
+            break;
           case kL32: {
             // F32x4Div
             ASSEMBLE_SIMD_BINOP(divps);
@@ -3551,6 +3673,17 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Min
+            // F16x8Min packs result in XMM register, but uses it as temporary
+            // YMM register during computation. Cast dst to YMM here.
+            YMMRegister ydst =
+                YMMRegister::from_code(i.OutputSimd128Register().code());
+            __ F16x8Min(ydst, i.InputSimd128Register(0),
+                        i.InputSimd128Register(1), i.TempSimd256Register(0),
+                        i.TempSimd256Register(1));
+            break;
+          }
           case kL32: {
             // F32x4Min
             __ F32x4Min(i.OutputSimd128Register(), i.InputSimd128Register(0),
@@ -3596,6 +3729,17 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Max
+            // F16x8Max packs result in XMM dst register, but uses it as temp
+            // YMM register during computation. Cast dst to YMM here.
+            YMMRegister ydst =
+                YMMRegister::from_code(i.OutputSimd128Register().code());
+            __ F16x8Max(ydst, i.InputSimd128Register(0),
+                        i.InputSimd128Register(1), i.TempSimd256Register(0),
+                        i.TempSimd256Register(1));
+            break;
+          }
           case kL32: {
             // F32x4Max
             __ F32x4Max(i.OutputSimd128Register(), i.InputSimd128Register(0),
@@ -3641,6 +3785,11 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Eq
+            ASSEMBLE_SIMD_F16x8_RELOP(vcmpeqps);
+            break;
+          }
           case kL32: {
             // F32x4Eq
             ASSEMBLE_SIMD_BINOP(cmpeqps);
@@ -3679,6 +3828,11 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Ne
+            ASSEMBLE_SIMD_F16x8_RELOP(vcmpneqps);
+            break;
+          }
           case kL32: {
             // F32x4Ne
             ASSEMBLE_SIMD_BINOP(cmpneqps);
@@ -3717,6 +3871,11 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Lt
+            ASSEMBLE_SIMD_F16x8_RELOP(vcmpltps);
+            break;
+          }
           case kL32: {
             // F32x4Lt
             ASSEMBLE_SIMD_BINOP(cmpltps);
@@ -3755,6 +3914,11 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
         switch (lane_size) {
+          case kL16: {
+            // F16x8Le
+            ASSEMBLE_SIMD_F16x8_RELOP(vcmpleps);
+            break;
+          }
           case kL32: {
             // F32x4Le
             ASSEMBLE_SIMD_BINOP(cmpleps);
@@ -3865,6 +4029,55 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ vcvtdq2ps(i.OutputSimd256Register(), i.InputSimd256Register(0));
       break;
     }
+    case kX64I16x8SConvertF16x8: {
+      CpuFeatureScope avx_scope(masm(), AVX);
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      CpuFeatureScope avx2_scope(masm(), AVX2);
+
+      YMMRegister ydst =
+          YMMRegister::from_code(i.OutputSimd128Register().code());
+      __ I16x8SConvertF16x8(ydst, i.InputSimd128Register(0), kScratchSimd256Reg,
+                            kScratchRegister);
+      break;
+    }
+    case kX64I16x8UConvertF16x8: {
+      CpuFeatureScope avx_scope(masm(), AVX);
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      CpuFeatureScope avx2_scope(masm(), AVX2);
+
+      YMMRegister ydst =
+          YMMRegister::from_code(i.OutputSimd128Register().code());
+      __ I16x8TruncF16x8U(ydst, i.InputSimd128Register(0), kScratchSimd256Reg);
+      break;
+    }
+    case kX64F16x8SConvertI16x8: {
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      CpuFeatureScope avx_scope(masm(), AVX);
+      CpuFeatureScope avx2_scope(masm(), AVX2);
+      __ vpmovsxwd(kScratchSimd256Reg, i.InputSimd128Register(0));
+      __ vcvtdq2ps(kScratchSimd256Reg, kScratchSimd256Reg);
+      __ vcvtps2ph(i.OutputSimd128Register(), kScratchSimd256Reg, 0);
+      break;
+    }
+    case kX64F16x8UConvertI16x8: {
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      CpuFeatureScope avx_scope(masm(), AVX);
+      CpuFeatureScope avx2_scope(masm(), AVX2);
+      __ vpmovzxwd(kScratchSimd256Reg, i.InputSimd128Register(0));
+      __ vcvtdq2ps(kScratchSimd256Reg, kScratchSimd256Reg);
+      __ vcvtps2ph(i.OutputSimd128Register(), kScratchSimd256Reg, 0);
+      break;
+    }
+    case kX64F16x8DemoteF32x4Zero: {
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      __ vcvtps2ph(i.OutputSimd128Register(), i.InputSimd128Register(0), 0);
+      break;
+    }
+    case kX64F32x4PromoteLowF16x8: {
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      __ vcvtph2ps(i.OutputSimd128Register(), i.InputSimd128Register(0));
+      break;
+    }
     case kX64F32x4UConvertI32x4: {
       DCHECK_EQ(i.OutputSimd128Register(), i.InputSimd128Register(0));
       DCHECK_NE(i.OutputSimd128Register(), kScratchDoubleReg);
@@ -3922,6 +4135,22 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
                    kScratchSimd256Reg);
       break;
     }
+    case kX64F16x8Qfma: {
+      YMMRegister ydst =
+          YMMRegister::from_code(i.OutputSimd128Register().code());
+      __ F16x8Qfma(ydst, i.InputSimd128Register(0), i.InputSimd128Register(1),
+                   i.InputSimd128Register(2), i.TempSimd256Register(0),
+                   i.TempSimd256Register(1));
+      break;
+    }
+    case kX64F16x8Qfms: {
+      YMMRegister ydst =
+          YMMRegister::from_code(i.OutputSimd128Register().code());
+      __ F16x8Qfms(ydst, i.InputSimd128Register(0), i.InputSimd128Register(1),
+                   i.InputSimd128Register(2), i.TempSimd256Register(0),
+                   i.TempSimd256Register(1));
+      break;
+    }
     case kX64Minps: {
       VectorLength vec_len = VectorLengthField::decode(opcode);
       if (vec_len == kV128) {
@@ -3944,6 +4173,16 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       }
       break;
     }
+    case kX64Minph: {
+      DCHECK_EQ(VectorLengthField::decode(opcode), kV128);
+      ASSEMBLE_SIMD_F16x8_BINOP(vminps);
+      break;
+    }
+    case kX64Maxph: {
+      DCHECK_EQ(VectorLengthField::decode(opcode), kV128);
+      ASSEMBLE_SIMD_F16x8_BINOP(vmaxps);
+      break;
+    }
     case kX64F32x8Pmin: {
       YMMRegister dst = i.OutputSimd256Register();
       CpuFeatureScope avx_scope(masm(), AVX);
@@ -3974,6 +4213,16 @@ CodeGenerator::CodeGenResult CodeGenerator::AssembleArchInstruction(
       __ Roundps(i.OutputSimd128Register(), i.InputSimd128Register(0), mode);
       break;
     }
+    case kX64F16x8Round: {
+      CpuFeatureScope f16c_scope(masm(), F16C);
+      CpuFeatureScope avx_scope(masm(), AVX);
+      RoundingMode const mode =
+          static_cast<RoundingMode>(MiscField::decode(instr->opcode()));
+      __ vcvtph2ps(kScratchSimd256Reg, i.InputSimd128Register(0));
+      __ vroundps(kScratchSimd256Reg, kScratchSimd256Reg, mode);
+      __ vcvtps2ph(i.OutputSimd128Register(), kScratchSimd256Reg, 0);
+      break;
+    }
     case kX64F64x2Round: {
       RoundingMode const mode =
           static_cast<RoundingMode>(MiscField::decode(instr->opcode()));
@@ -7008,28 +7257,61 @@ void CodeGenerator::AssembleArchDeoptBranch(Instruction* instr,
     __ j(FlagsConditionToCondition(branch->condition), tlabel);
   }
 
-  // TODO(42204618): Support this test mode in wasm in an isolate-independent
-  // way.
-  if (v8_flags.deopt_every_n_times > 0 && isolate() != nullptr) {
-    ExternalReference counter =
-        ExternalReference::stress_deopt_count(isolate());
-
-    __ pushfq();
-    __ pushq(rax);
-    __ load_rax(counter);
-    __ decl(rax);
-    __ j(not_zero, &nodeopt, Label::kNear);
-
-    __ Move(rax, v8_flags.deopt_every_n_times);
-    __ store_rax(counter);
-    __ popq(rax);
-    __ popfq();
-    __ jmp(tlabel);
-
-    __ bind(&nodeopt);
-    __ store_rax(counter);
-    __ popq(rax);
-    __ popfq();
+  if (v8_flags.deopt_every_n_times > 0) {
+    if (isolate() != nullptr) {
+      ExternalReference counter =
+          ExternalReference::stress_deopt_count(isolate());
+
+      __ pushfq();
+      __ pushq(rax);
+      __ load_rax(counter);
+      __ decl(rax);
+      __ j(not_zero, &nodeopt, Label::kNear);
+
+      __ Move(rax, v8_flags.deopt_every_n_times);
+      __ store_rax(counter);
+      __ popq(rax);
+      __ popfq();
+      __ jmp(tlabel);
+
+      __ bind(&nodeopt);
+      __ store_rax(counter);
+      __ popq(rax);
+      __ popfq();
+    } else {
+#if V8_ENABLE_WEBASSEMBLY
+      CHECK(v8_flags.wasm_deopt);
+      CHECK(IsWasm());
+      __ pushfq();
+      __ pushq(rax);
+      __ pushq(rbx);
+      // Load the address of the counter into rbx.
+      __ movq(rbx, Operand(rbp, WasmFrameConstants::kWasmInstanceOffset));
+      __ movq(
+          rbx,
+          Operand(rbx, WasmTrustedInstanceData::kStressDeoptCounterOffset - 1));
+      // Load the counter into rax and decrement it.
+      __ movq(rax, Operand(rbx, 0));
+      __ decl(rax);
+      __ j(not_zero, &nodeopt, Label::kNear);
+      // The counter is zero, reset counter.
+      __ Move(rax, v8_flags.deopt_every_n_times);
+      __ movq(Operand(rbx, 0), rax);
+      // Restore registers and jump to deopt label.
+      __ popq(rbx);
+      __ popq(rax);
+      __ popfq();
+      __ jmp(tlabel);
+      // Write back counter and restore registers.
+      __ bind(&nodeopt);
+      __ movq(Operand(rbx, 0), rax);
+      __ popq(rbx);
+      __ popq(rax);
+      __ popfq();
+#else
+      UNREACHABLE();
+#endif
+    }
   }
 
   if (!branch->fallthru) {
@@ -7101,7 +7383,7 @@ void CodeGenerator::AssembleArchConditionalBranch(Instruction* instr,
 
 void CodeGenerator::AssembleArchBinarySearchSwitchRange(
     Register input, RpoNumber def_block, std::pair<int32_t, Label*>* begin,
-    std::pair<int32_t, Label*>* end, base::Optional<int32_t>& last_cmp_value) {
+    std::pair<int32_t, Label*>* end, std::optional<int32_t>& last_cmp_value) {
   if (end - begin < kBinarySearchSwitchMinimalCases) {
     if (last_cmp_value && *last_cmp_value == begin->first) {
       // No need to do another repeat cmp.
@@ -7134,7 +7416,7 @@ void CodeGenerator::AssembleArchBinarySearchSwitch(Instruction* instr) {
   for (size_t index = 2; index < instr->InputCount(); index += 2) {
     cases.push_back({i.InputInt32(index + 0), GetLabel(i.InputRpo(index + 1))});
   }
-  base::Optional<int32_t> last_cmp_value;
+  std::optional<int32_t> last_cmp_value;
   AssembleArchBinarySearchSwitchRange(input, i.InputRpo(1), cases.data(),
                                       cases.data() + cases.size(),
                                       last_cmp_value);
@@ -7266,7 +7548,7 @@ void CodeGenerator::AssembleConstructFrame() {
           call_descriptor->IsWasmImportWrapper() ||
           call_descriptor->IsWasmCapiFunction()) {
         // For import wrappers and C-API functions, this stack slot is only used
-        // for printing stack traces in V8. Also, it holds a WasmApiFunctionRef
+        // for printing stack traces in V8. Also, it holds a WasmImportData
         // instead of the instance itself, which is taken care of in the frames
         // accessors.
         __ pushq(kWasmInstanceRegister);
@@ -8060,6 +8342,4 @@ void CodeGenerator::AssembleJumpTable(Label** targets, size_t target_count) {
 
 #undef __
 
-}  // namespace compiler
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::compiler
diff --git a/deps/v8/src/compiler/backend/x64/instruction-codes-x64.h b/deps/v8/src/compiler/backend/x64/instruction-codes-x64.h
index ec82191edce63e..ab0ba961aad76a 100644
--- a/deps/v8/src/compiler/backend/x64/instruction-codes-x64.h
+++ b/deps/v8/src/compiler/backend/x64/instruction-codes-x64.h
@@ -21,6 +21,7 @@ namespace compiler {
   V(X64Movq)                                               \
   V(X64Movsd)                                              \
   V(X64Movss)                                              \
+  V(X64Movsh)                                              \
   V(X64Movsxbl)                                            \
   V(X64Movsxbq)                                            \
   V(X64Movsxlq)                                            \
@@ -71,7 +72,23 @@ namespace compiler {
   V(X64S256Load16x8S)                                      \
   V(X64S256Load16x8U)                                      \
   V(X64S256Load32x4S)                                      \
-  V(X64S256Load32x4U)
+  V(X64S256Load32x4U)                                      \
+  V(SSEFloat32Add)                                         \
+  V(SSEFloat32Sub)                                         \
+  V(SSEFloat32Mul)                                         \
+  V(SSEFloat32Div)                                         \
+  V(SSEFloat64Add)                                         \
+  V(SSEFloat64Sub)                                         \
+  V(SSEFloat64Mul)                                         \
+  V(SSEFloat64Div)                                         \
+  V(AVXFloat32Add)                                         \
+  V(AVXFloat32Sub)                                         \
+  V(AVXFloat32Mul)                                         \
+  V(AVXFloat32Div)                                         \
+  V(AVXFloat64Add)                                         \
+  V(AVXFloat64Sub)                                         \
+  V(AVXFloat64Mul)                                         \
+  V(AVXFloat64Div)
 
 #define TARGET_ARCH_OPCODE_LIST(V)                   \
   TARGET_ARCH_OPCODE_WITH_MEMORY_ACCESS_MODE_LIST(V) \
@@ -128,20 +145,12 @@ namespace compiler {
   V(X64MFence)                                       \
   V(X64LFence)                                       \
   V(SSEFloat32Cmp)                                   \
-  V(SSEFloat32Add)                                   \
-  V(SSEFloat32Sub)                                   \
-  V(SSEFloat32Mul)                                   \
-  V(SSEFloat32Div)                                   \
   V(SSEFloat32Sqrt)                                  \
   V(SSEFloat32ToFloat64)                             \
   V(SSEFloat32ToInt32)                               \
   V(SSEFloat32ToUint32)                              \
   V(SSEFloat32Round)                                 \
   V(SSEFloat64Cmp)                                   \
-  V(SSEFloat64Add)                                   \
-  V(SSEFloat64Sub)                                   \
-  V(SSEFloat64Mul)                                   \
-  V(SSEFloat64Div)                                   \
   V(SSEFloat64Mod)                                   \
   V(SSEFloat64Sqrt)                                  \
   V(SSEFloat64Round)                                 \
@@ -171,15 +180,7 @@ namespace compiler {
   V(SSEFloat64LoadLowWord32)                         \
   V(SSEFloat64SilenceNaN)                            \
   V(AVXFloat32Cmp)                                   \
-  V(AVXFloat32Add)                                   \
-  V(AVXFloat32Sub)                                   \
-  V(AVXFloat32Mul)                                   \
-  V(AVXFloat32Div)                                   \
   V(AVXFloat64Cmp)                                   \
-  V(AVXFloat64Add)                                   \
-  V(AVXFloat64Sub)                                   \
-  V(AVXFloat64Mul)                                   \
-  V(AVXFloat64Div)                                   \
   V(X64Float64Abs)                                   \
   V(X64Float64Neg)                                   \
   V(X64Float32Abs)                                   \
@@ -237,6 +238,17 @@ namespace compiler {
   V(X64F32x4Round)                                   \
   V(X64F32x4DemoteF64x2Zero)                         \
   V(X64F32x4DemoteF64x4)                             \
+  V(X64F16x8Round)                                   \
+  V(X64I16x8SConvertF16x8)                           \
+  V(X64I16x8UConvertF16x8)                           \
+  V(X64F16x8SConvertI16x8)                           \
+  V(X64F16x8UConvertI16x8)                           \
+  V(X64F16x8DemoteF32x4Zero)                         \
+  V(X64F32x4PromoteLowF16x8)                         \
+  V(X64F16x8Qfma)                                    \
+  V(X64F16x8Qfms)                                    \
+  V(X64Minph)                                        \
+  V(X64Maxph)                                        \
   V(X64ISplat)                                       \
   V(X64IExtractLane)                                 \
   V(X64IAbs)                                         \
diff --git a/deps/v8/src/compiler/backend/x64/instruction-scheduler-x64.cc b/deps/v8/src/compiler/backend/x64/instruction-scheduler-x64.cc
index ab3ddeba99e0c4..a14583286b2d22 100644
--- a/deps/v8/src/compiler/backend/x64/instruction-scheduler-x64.cc
+++ b/deps/v8/src/compiler/backend/x64/instruction-scheduler-x64.cc
@@ -178,6 +178,17 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kX64F32x4Round:
     case kX64F32x4DemoteF64x2Zero:
     case kX64F32x4DemoteF64x4:
+    case kX64F16x8Round:
+    case kX64I16x8SConvertF16x8:
+    case kX64I16x8UConvertF16x8:
+    case kX64F16x8SConvertI16x8:
+    case kX64F16x8UConvertI16x8:
+    case kX64F16x8DemoteF32x4Zero:
+    case kX64F32x4PromoteLowF16x8:
+    case kX64F16x8Qfma:
+    case kX64F16x8Qfms:
+    case kX64Minph:
+    case kX64Maxph:
     case kX64ISplat:
     case kX64IExtractLane:
     case kX64IAbs:
@@ -374,6 +385,7 @@ int InstructionScheduler::GetTargetInstructionFlags(
     case kX64Movq:
     case kX64Movsd:
     case kX64Movss:
+    case kX64Movsh:
     case kX64Movdqu:
     case kX64Movdqu256:
     case kX64S128Load8Splat:
diff --git a/deps/v8/src/compiler/backend/x64/instruction-selector-x64.cc b/deps/v8/src/compiler/backend/x64/instruction-selector-x64.cc
index 47048ac788a60d..97339dd9be7481 100644
--- a/deps/v8/src/compiler/backend/x64/instruction-selector-x64.cc
+++ b/deps/v8/src/compiler/backend/x64/instruction-selector-x64.cc
@@ -5,11 +5,11 @@
 #include <algorithm>
 #include <cstdint>
 #include <limits>
+#include <optional>
 
 #include "src/base/bounds.h"
 #include "src/base/iterator.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/overflowing-math.h"
 #include "src/codegen/cpu-features.h"
 #include "src/codegen/machine-type.h"
@@ -104,6 +104,69 @@ bool LhsIsNotOnlyConstant(turboshaft::Graph* graph,
 
 }  // namespace
 
+bool ValueFitsIntoImmediate(int64_t value) {
+  // int32_t min will overflow if displacement mode is kNegativeDisplacement.
+  constexpr int64_t kImmediateMin = std::numeric_limits<int32_t>::min() + 1;
+  constexpr int64_t kImmediateMax = std::numeric_limits<int32_t>::max();
+  static_assert(kImmediateMin ==
+                turboshaft::LoadStoreSimplificationConfiguration::kMinOffset);
+  static_assert(kImmediateMax ==
+                turboshaft::LoadStoreSimplificationConfiguration::kMaxOffset);
+  return kImmediateMin <= value && value <= kImmediateMax;
+}
+
+template <typename Adapter>
+bool CanBeImmediate(InstructionSelectorT<Adapter>* selector,
+                    typename Adapter::node_t node) {
+  // TODO(dmercadier): this is not in sync with GetImmediateIntegerValue, which
+  // is surprising because we often use the pattern
+  // `if (CanBeImmediate()) { GetImmediateIntegerValue }`. We should make sure
+  // that both functions are in sync.
+  if (!selector->is_constant(node)) return false;
+  auto constant = selector->constant_view(node);
+  if (constant.is_compressed_heap_object()) {
+    if (!COMPRESS_POINTERS_BOOL) return false;
+    // For builtin code we need static roots
+    if (selector->isolate()->bootstrapper() && !V8_STATIC_ROOTS_BOOL) {
+      return false;
+    }
+    const RootsTable& roots_table = selector->isolate()->roots_table();
+    RootIndex root_index;
+    Handle<HeapObject> value = constant.heap_object_value();
+    if (roots_table.IsRootHandle(value, &root_index)) {
+      return RootsTable::IsReadOnly(root_index);
+    }
+    return false;
+  }
+  if (constant.is_int32() || constant.is_relocatable_int32()) {
+    const int32_t value = constant.int32_value();
+    // int32_t min will overflow if displacement mode is
+    // kNegativeDisplacement.
+    return value != std::numeric_limits<int32_t>::min();
+  }
+  if (constant.is_int64()) {
+    const int64_t value = constant.int64_value();
+    return ValueFitsIntoImmediate(value);
+  }
+  if (constant.is_number_zero()) {
+    return true;
+  }
+  return false;
+}
+
+template <typename Adapter>
+int32_t GetImmediateIntegerValue(InstructionSelectorT<Adapter>* selector,
+                                 typename Adapter::node_t node) {
+  DCHECK(CanBeImmediate(selector, node));
+  auto constant = selector->constant_view(node);
+  if (constant.is_int32()) return constant.int32_value();
+  if (constant.is_int64()) {
+    return static_cast<int32_t>(constant.int64_value());
+  }
+  DCHECK(constant.is_number_zero());
+  return 0;
+}
+
 template <typename Adapter>
 struct ScaledIndexMatch {
   using node_t = typename Adapter::node_t;
@@ -114,11 +177,11 @@ struct ScaledIndexMatch {
 };
 
 template <typename ScaleMatcher>
-base::Optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex(
+std::optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node,
     bool allow_power_of_two_plus_one) {
   ScaleMatcher m(node, allow_power_of_two_plus_one);
-  if (!m.matches()) return base::nullopt;
+  if (!m.matches()) return std::nullopt;
   ScaledIndexMatch<TurbofanAdapter> match;
   match.index = node->InputAt(0);
   match.base = m.power_of_two_plus_one() ? match.index : nullptr;
@@ -126,14 +189,14 @@ base::Optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex(
   return match;
 }
 
-base::Optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex32(
+std::optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex32(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node,
     bool allow_power_of_two_plus_one) {
   return TryMatchScaledIndex<Int32ScaleMatcher>(selector, node,
                                                 allow_power_of_two_plus_one);
 }
 
-base::Optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex64(
+std::optional<ScaledIndexMatch<TurbofanAdapter>> TryMatchScaledIndex64(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node,
     bool allow_power_of_two_plus_one) {
   return TryMatchScaledIndex<Int64ScaleMatcher>(selector, node,
@@ -197,7 +260,7 @@ bool MatchScaledIndex(InstructionSelectorT<TurboshaftAdapter>* selector,
   return false;
 }
 
-base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
+std::optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex node,
     bool allow_power_of_two_plus_one) {
   ScaledIndexMatch<TurboshaftAdapter> match;
@@ -207,16 +270,16 @@ base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex(
     match.base = plus_one ? match.index : turboshaft::OpIndex{};
     return match;
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex32(
+std::optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex32(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex node,
     bool allow_power_of_two_plus_one) {
   return TryMatchScaledIndex(selector, node, allow_power_of_two_plus_one);
 }
 
-base::Optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex64(
+std::optional<ScaledIndexMatch<TurboshaftAdapter>> TryMatchScaledIndex64(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex node,
     bool allow_power_of_two_plus_one) {
   return TryMatchScaledIndex(selector, node, allow_power_of_two_plus_one);
@@ -234,7 +297,7 @@ struct BaseWithScaledIndexAndDisplacementMatch {
 };
 
 template <typename BaseWithIndexAndDisplacementMatcher>
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node) {
   BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter> result;
@@ -256,29 +319,29 @@ TryMatchBaseWithScaledIndexAndDisplacement(
     result.displacement_mode = m.displacement_mode();
     return result;
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement64(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node) {
   return TryMatchBaseWithScaledIndexAndDisplacement<
       BaseWithIndexAndDisplacement64Matcher>(selector, node);
 }
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurbofanAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement32(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node) {
   return TryMatchBaseWithScaledIndexAndDisplacement<
       BaseWithIndexAndDisplacement32Matcher>(selector, node);
 }
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex left,
     turboshaft::OpIndex right, bool is_commutative);
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement64(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex node) {
@@ -333,10 +396,18 @@ TryMatchBaseWithScaledIndexAndDisplacement64(
   } else if (const Simd128LoadTransformOp* load_transform =
                  op.TryCast<Simd128LoadTransformOp>()) {
     result.base = load_transform->base();
-    result.index = load_transform->index();
     DCHECK_EQ(load_transform->offset, 0);
+
+    if (CanBeImmediate(selector, load_transform->index())) {
+      result.index = {};
+      result.displacement =
+          GetImmediateIntegerValue(selector, load_transform->index());
+    } else {
+      result.index = load_transform->index();
+      result.displacement = 0;
+    }
+
     result.scale = 0;
-    result.displacement = 0;
     DCHECK(!load_transform->load_kind.tagged_base);
     return result;
 #if V8_ENABLE_WASM_SIMD256_REVEC
@@ -352,7 +423,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64(
 #endif  // V8_ENABLE_WASM_SIMD256_REVEC
 #endif  // V8_ENABLE_WEBASSEMBLY
   } else {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   const WordBinopOp& binop = op.Cast<WordBinopOp>();
@@ -362,7 +433,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64(
       selector, left, right, binop.IsCommutative());
 }
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex left,
     turboshaft::OpIndex right, bool is_commutative) {
@@ -383,7 +454,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
 
   // Helper to check (S + ...)
   auto match_S_plus = [&selector](OpIndex left, OpIndex right)
-      -> base::Optional<
+      -> std::optional<
           BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>> {
     BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter> result;
     result.displacement_mode = kPositiveDisplacement;
@@ -400,7 +471,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
         if (right_binop->kind == WordBinopOp::Kind::kSub) {
           if (!selector->MatchSignedIntegralConstant(right_binop->right(),
                                                      &result.displacement)) {
-            return base::nullopt;
+            return std::nullopt;
           }
           result.base = right_binop->left();
           result.displacement_mode = kNegativeDisplacement;
@@ -437,7 +508,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
       return result;
     }
 
-    return base::nullopt;
+    return std::nullopt;
   };
 
   // Helper to check ((S + ...) + ...)
@@ -445,7 +516,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
                                        turboshaft::OpIndex right,
                                        turboshaft::OpIndex left_add_left,
                                        turboshaft::OpIndex left_add_right)
-      -> base::Optional<
+      -> std::optional<
           BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>> {
     using namespace turboshaft;  // NOLINT(build/namespaces)
     DCHECK_EQ(selector->Get(left).Cast<WordBinopOp>().kind,
@@ -475,13 +546,13 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
       DCHECK_EQ(result.displacement, 0);
       return result;
     }
-    return base::nullopt;
+    return std::nullopt;
   };
 
   // Helper to check ((... + ...) + ...)
   auto match_plus_plus = [&selector, &match_S_plus_plus](OpIndex left,
                                                          OpIndex right)
-      -> base::Optional<
+      -> std::optional<
           BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>> {
     BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter> result;
     result.displacement_mode = kPositiveDisplacement;
@@ -500,7 +571,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
       if (maybe_res) return maybe_res;
     }
 
-    return base::nullopt;
+    return std::nullopt;
   };
 
   // Check (S + ...)
@@ -542,7 +613,7 @@ TryMatchBaseWithScaledIndexAndDisplacement64ForWordBinop(
   return result;
 }
 
-base::Optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
+std::optional<BaseWithScaledIndexAndDisplacementMatch<TurboshaftAdapter>>
 TryMatchBaseWithScaledIndexAndDisplacement32(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex node) {
@@ -564,58 +635,31 @@ class X64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
   }
 
   bool CanBeImmediate(node_t node) {
-    if (!this->is_constant(node)) return false;
-    auto constant = this->constant_view(node);
-    if (constant.is_compressed_heap_object()) {
-      if (!COMPRESS_POINTERS_BOOL) return false;
-      // For builtin code we need static roots
-      if (selector()->isolate()->bootstrapper() && !V8_STATIC_ROOTS_BOOL) {
-        return false;
-      }
-      const RootsTable& roots_table = selector()->isolate()->roots_table();
-      RootIndex root_index;
-      Handle<HeapObject> value = constant.heap_object_value();
-      if (roots_table.IsRootHandle(value, &root_index)) {
-        return RootsTable::IsReadOnly(root_index);
-      }
-      return false;
-    }
-    if (constant.is_int32() || constant.is_relocatable_int32()) {
-      const int32_t value = constant.int32_value();
-      // int32_t min will overflow if displacement mode is
-      // kNegativeDisplacement.
-      return value != std::numeric_limits<int32_t>::min();
-    }
-    if (constant.is_int64()) {
-      const int64_t value = constant.int64_value();
-      return std::numeric_limits<int32_t>::min() < value &&
-             value <= std::numeric_limits<int32_t>::max();
-    }
-    if (constant.is_number()) {
-      const double value = constant.number_value();
-      return base::bit_cast<int64_t>(value) == 0;
-    }
-    return false;
+    return compiler::CanBeImmediate(this->selector(), node);
   }
 
   int32_t GetImmediateIntegerValue(node_t node) {
-    DCHECK(CanBeImmediate(node));
-    auto constant = this->constant_view(node);
-    if (constant.is_int32()) return constant.int32_value();
-    if (constant.is_int64()) {
-      return static_cast<int32_t>(constant.int64_value());
-    }
-    DCHECK(constant.is_number());
-    return static_cast<int32_t>(constant.number_value());
+    return compiler::GetImmediateIntegerValue(this->selector(), node);
   }
 
   bool CanBeMemoryOperand(InstructionCode opcode, node_t node, node_t input,
                           int effect_level) {
     if (!this->IsLoadOrLoadImmutable(input)) return false;
     if (!selector()->CanCover(node, input)) return false;
-    if (effect_level != selector()->GetEffectLevel(input)) {
-      return false;
+
+    if constexpr (Adapter::IsTurboshaft) {
+      // A ProtectedLoad increases the effect level by 1.
+      int effect_level_after_input = selector()->GetEffectLevel(input) +
+                                     (this->IsProtectedLoad(node) ? 1 : 0);
+      if (effect_level != effect_level_after_input) {
+        return false;
+      }
+    } else {
+      if (effect_level != selector()->GetEffectLevel(input)) {
+        return false;
+      }
     }
+
     MachineRepresentation rep =
         this->load_view(input).loaded_rep().representation();
     switch (opcode) {
@@ -665,17 +709,6 @@ class X64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
     return false;
   }
 
-  bool ValueFitsIntoImmediate(int64_t value) const {
-    // int32_t min will overflow if displacement mode is kNegativeDisplacement.
-    constexpr int64_t kImmediateMin = std::numeric_limits<int32_t>::min() + 1;
-    constexpr int64_t kImmediateMax = std::numeric_limits<int32_t>::max();
-    static_assert(kImmediateMin ==
-                  turboshaft::LoadStoreSimplificationConfiguration::kMinOffset);
-    static_assert(kImmediateMax ==
-                  turboshaft::LoadStoreSimplificationConfiguration::kMaxOffset);
-    return kImmediateMin <= value && value <= kImmediateMax;
-  }
-
   bool IsZeroIntConstant(node_t node) const {
     if constexpr (Adapter::IsTurboshaft) {
       if (turboshaft::ConstantOp* op =
@@ -844,7 +877,7 @@ class X64OperandGeneratorT final : public OperandGeneratorT<Adapter> {
   }
 
   bool CanBeBetterLeftOperand(node_t node) const {
-    return !selector()->IsLive(node);
+    return !selector()->IsReallyLive(node);
   }
 };
 
@@ -1032,7 +1065,8 @@ ArchOpcode GetLoadOpcode(turboshaft::MemoryRepresentation loaded_rep,
       DCHECK_EQ(result_rep, RegisterRepresentation::Word64());
       return kX64Movq;
     case MemoryRepresentation::Float16():
-      UNIMPLEMENTED();
+      DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
+      return kX64Movsh;
     case MemoryRepresentation::Float32():
       DCHECK_EQ(result_rep, RegisterRepresentation::Float32());
       return kX64Movss;
@@ -1084,6 +1118,9 @@ ArchOpcode GetLoadOpcode(turboshaft::MemoryRepresentation loaded_rep,
 ArchOpcode GetLoadOpcode(LoadRepresentation load_rep) {
   ArchOpcode opcode;
   switch (load_rep.representation()) {
+    case MachineRepresentation::kFloat16:
+      opcode = kX64Movsh;
+      break;
     case MachineRepresentation::kFloat32:
       opcode = kX64Movss;
       break;
@@ -1137,8 +1174,6 @@ ArchOpcode GetLoadOpcode(LoadRepresentation load_rep) {
     case MachineRepresentation::kSimd256:  // Fall through.
       opcode = kX64Movdqu256;
       break;
-    case MachineRepresentation::kFloat16:
-      UNIMPLEMENTED();
     case MachineRepresentation::kNone:     // Fall through.
     case MachineRepresentation::kMapWord:  // Fall through.
     case MachineRepresentation::kIndirectPointer:  // Fall through.
@@ -1163,7 +1198,7 @@ ArchOpcode GetStoreOpcode(turboshaft::MemoryRepresentation stored_rep) {
     case MemoryRepresentation::Uint64():
       return kX64Movq;
     case MemoryRepresentation::Float16():
-      UNIMPLEMENTED();
+      return kX64Movsh;
     case MemoryRepresentation::Float32():
       return kX64Movss;
     case MemoryRepresentation::Float64():
@@ -1192,6 +1227,8 @@ ArchOpcode GetStoreOpcode(turboshaft::MemoryRepresentation stored_rep) {
 
 ArchOpcode GetStoreOpcode(StoreRepresentation store_rep) {
   switch (store_rep.representation()) {
+    case MachineRepresentation::kFloat16:
+      return kX64Movsh;
     case MachineRepresentation::kFloat32:
       return kX64Movss;
     case MachineRepresentation::kFloat64:
@@ -1224,8 +1261,6 @@ ArchOpcode GetStoreOpcode(StoreRepresentation store_rep) {
       return kX64Movdqu;
     case MachineRepresentation::kSimd256:
       return kX64Movdqu256;
-    case MachineRepresentation::kFloat16:
-      UNIMPLEMENTED();
     case MachineRepresentation::kNone:
     case MachineRepresentation::kMapWord:
     case MachineRepresentation::kProtectedPointer:
@@ -1859,7 +1894,7 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
   node_t value = store.value();
   int32_t displacement = store.displacement();
   uint8_t element_size_log2 = store.element_size_log2();
-  base::Optional<AtomicMemoryOrder> atomic_order = store.memory_order();
+  std::optional<AtomicMemoryOrder> atomic_order = store.memory_order();
   MemoryAccessKind acs_kind = store.access_kind();
 
   const StoreRepresentation store_rep = store.stored_rep();
@@ -1958,7 +1993,7 @@ void VisitStoreCommon(InstructionSelectorT<Adapter>* selector,
         inputs[input_count++] = g.GetEffectiveIndexOperand(
             selector->value(index), &addressing_mode);
       } else if (displacement != 0) {
-        DCHECK(g.ValueFitsIntoImmediate(displacement));
+        DCHECK(ValueFitsIntoImmediate(displacement));
         inputs[input_count++] = g.UseImmediate(displacement);
         addressing_mode = kMode_MRI;
       } else {
@@ -2167,16 +2202,16 @@ static void VisitBinop(InstructionSelectorT<Adapter>* selector,
 }
 
 // Shared routine for multiple binary operations.
-base::Optional<int32_t> GetWord32Constant(
+std::optional<int32_t> GetWord32Constant(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node,
     bool allow_implicit_int64_truncation =
         TurbofanAdapter::AllowsImplicitWord64ToWord32Truncation) {
   DCHECK(!allow_implicit_int64_truncation);
-  if (node->opcode() != IrOpcode::kInt32Constant) return base::nullopt;
+  if (node->opcode() != IrOpcode::kInt32Constant) return std::nullopt;
   return OpParameter<int32_t>(node->op());
 }
 
-base::Optional<int32_t> GetWord32Constant(
+std::optional<int32_t> GetWord32Constant(
     InstructionSelectorT<TurboshaftAdapter>* selector, turboshaft::OpIndex node,
     bool allow_implicit_int64_truncation =
         TurboshaftAdapter::AllowsImplicitWord64ToWord32Truncation) {
@@ -2189,7 +2224,7 @@ base::Optional<int32_t> GetWord32Constant(
       return static_cast<int32_t>(constant->word64());
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 template <typename Adapter>
@@ -2234,14 +2269,14 @@ void InstructionSelectorT<Adapter>::VisitWord32And(node_t node) {
   VisitBinop(this, node, kX64And32);
 }
 
-base::Optional<uint64_t> TryGetRightWordConstant(
+std::optional<uint64_t> TryGetRightWordConstant(
     InstructionSelectorT<TurbofanAdapter>* selector, Node* node) {
   Uint64BinopMatcher m(node);
-  if (!m.right().HasResolvedValue()) return base::nullopt;
+  if (!m.right().HasResolvedValue()) return std::nullopt;
   return static_cast<uint64_t>(m.right().ResolvedValue());
 }
 
-base::Optional<uint64_t> TryGetRightWordConstant(
+std::optional<uint64_t> TryGetRightWordConstant(
     InstructionSelectorT<TurboshaftAdapter>* selector,
     turboshaft::OpIndex node) {
   if (const turboshaft::WordBinopOp* binop =
@@ -2251,13 +2286,13 @@ base::Optional<uint64_t> TryGetRightWordConstant(
       return value;
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitWord64And(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
-  if (base::Optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
+  if (std::optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
     auto left = this->input_at(node, 0);
     if (*constant == 0xFF) {
       Emit(kX64Movzxbq, g.DefineAsRegister(node), g.Use(left));
@@ -2291,7 +2326,7 @@ void InstructionSelectorT<Adapter>::VisitWord64Or(node_t node) {
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitWord32Xor(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
-  if (base::Optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
+  if (std::optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
     if (*constant == static_cast<uint64_t>(-1)) {
       Emit(kX64Not32, g.DefineSameAsFirst(node),
            g.UseRegister(this->input_at(node, 0)));
@@ -2304,7 +2339,7 @@ void InstructionSelectorT<Adapter>::VisitWord32Xor(node_t node) {
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitWord64Xor(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
-  if (base::Optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
+  if (std::optional<uint64_t> constant = TryGetRightWordConstant(this, node)) {
     if (*constant == static_cast<uint64_t>(-1)) {
       Emit(kX64Not, g.DefineSameAsFirst(node),
            g.UseRegister(this->input_at(node, 0)));
@@ -2655,7 +2690,7 @@ bool TryEmitLoadForLoadWord64AndShiftRight(
     auto m =
         TryMatchBaseWithScaledIndexAndDisplacement64(selector, shift.left());
     if (m.has_value() &&
-        (m->displacement == 0 || g.ValueFitsIntoImmediate(m->displacement))) {
+        (m->displacement == 0 || ValueFitsIntoImmediate(m->displacement))) {
 #ifdef V8_IS_TSAN
       // On TSAN builds we require one scratch register. Because of this we also
       // have to modify the inputs to take into account possible aliasing and
@@ -2849,7 +2884,7 @@ template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitInt32Add(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
 
-  base::Optional<BaseWithScaledIndexAndDisplacementMatch<Adapter>> m;
+  std::optional<BaseWithScaledIndexAndDisplacementMatch<Adapter>> m;
   if constexpr (Adapter::IsTurbofan) {
     DCHECK_EQ(node->InputCount(), 2);
     Node* left = node->InputAt(0);
@@ -2882,7 +2917,7 @@ void InstructionSelectorT<Adapter>::VisitInt32Add(node_t node) {
   }
 
   if (m.has_value()) {
-    if (g.ValueFitsIntoImmediate(m->displacement)) {
+    if (ValueFitsIntoImmediate(m->displacement)) {
       EmitLea(this, kX64Lea32, node, m->index, m->scale, m->base,
               m->displacement, m->displacement_mode);
       return;
@@ -2898,7 +2933,7 @@ void InstructionSelectorT<Adapter>::VisitInt64Add(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
   // Try to match the Add to a leaq pattern
   if (auto match = TryMatchBaseWithScaledIndexAndDisplacement64(this, node)) {
-    if (g.ValueFitsIntoImmediate(match->displacement)) {
+    if (ValueFitsIntoImmediate(match->displacement)) {
       EmitLea(this, kX64Lea, node, match->index, match->scale, match->base,
               match->displacement, match->displacement_mode);
       return;
@@ -3012,7 +3047,7 @@ void InstructionSelectorT<TurboshaftAdapter>::VisitInt64Sub(node_t node) {
   }
   if (auto constant = TryGetRightWordConstant(this, node)) {
     int64_t immediate_value = -*constant;
-    if (g.ValueFitsIntoImmediate(immediate_value)) {
+    if (ValueFitsIntoImmediate(immediate_value)) {
       // Turn subtractions of constant values into immediate "leaq" instructions
       // by negating the value.
       Emit(kX64Lea | AddressingModeField::encode(kMode_MRI),
@@ -3644,6 +3679,22 @@ void VisitFloatBinop(InstructionSelectorT<Adapter>* selector,
           g.GetEffectiveAddressMemoryOperand(right, inputs, &input_count);
       avx_opcode |= AddressingModeField::encode(addressing_mode);
       sse_opcode |= AddressingModeField::encode(addressing_mode);
+      if constexpr (Adapter::IsTurboshaft) {
+        if (g.IsProtectedLoad(right)) {
+          // In {CanBeMemoryOperand} we have already checked that
+          // CanCover(node, right) succeds, which means that there is no
+          // instruction with Effects required_when_unused or
+          // produces.control_flow between right and node, and that the node has
+          // no other uses. Therefore, we can record the fact that 'right' was
+          // embedded in 'node' and we can later delete the Load instruction.
+          selector->MarkAsProtected(node);
+          avx_opcode |=
+              AccessModeField::encode(kMemoryAccessProtectedMemOutOfBounds);
+          sse_opcode |=
+              AccessModeField::encode(kMemoryAccessProtectedMemOutOfBounds);
+          selector->SetProtectedLoadToRemove(right);
+        }
+      }
     } else {
       inputs[input_count++] = g.UseRegister(left);
       inputs[input_count++] = g.Use(right);
@@ -3721,6 +3772,10 @@ void VisitFloatUnop(InstructionSelectorT<Adapter>* selector,
 
 #ifdef V8_ENABLE_WEBASSEMBLY
 #define RR_OP_T_LIST_WEBASSEMBLY(V)                                       \
+  V(F16x8Ceil, kX64F16x8Round | MiscField::encode(kRoundUp))              \
+  V(F16x8Floor, kX64F16x8Round | MiscField::encode(kRoundDown))           \
+  V(F16x8Trunc, kX64F16x8Round | MiscField::encode(kRoundToZero))         \
+  V(F16x8NearestInt, kX64F16x8Round | MiscField::encode(kRoundToNearest)) \
   V(F32x4Ceil, kX64F32x4Round | MiscField::encode(kRoundUp))              \
   V(F32x4Floor, kX64F32x4Round | MiscField::encode(kRoundDown))           \
   V(F32x4Trunc, kX64F32x4Round | MiscField::encode(kRoundToZero))         \
@@ -5883,6 +5938,18 @@ VISIT_ATOMIC_BINOP(Xor)
   V(S128Xor, SXor, kL8, kV128)                              \
   V(S256Xor, SXor, kL8, kV256)
 
+#define SIMD_F16x8_BINOP_LIST(V) \
+  V(F16x8Add, FAdd)              \
+  V(F16x8Sub, FSub)              \
+  V(F16x8Mul, FMul)              \
+  V(F16x8Div, FDiv)              \
+  V(F16x8Min, FMin)              \
+  V(F16x8Max, FMax)              \
+  V(F16x8Eq, FEq)                \
+  V(F16x8Ne, FNe)                \
+  V(F16x8Lt, FLt)                \
+  V(F16x8Le, FLe)
+
 #define SIMD_BINOP_LANE_SIZE_VECTOR_LENGTH_LIST(V) \
   V(F64x2Min, FMin, kL64, kV128)                   \
   V(F32x4Min, FMin, kL32, kV128)                   \
@@ -5926,6 +5993,12 @@ VISIT_ATOMIC_BINOP(Xor)
   V(F32x8SConvertI32x8)     \
   V(F32x4DemoteF64x2Zero)   \
   V(F32x4DemoteF64x4)       \
+  V(I16x8SConvertF16x8)     \
+  V(I16x8UConvertF16x8)     \
+  V(F16x8SConvertI16x8)     \
+  V(F16x8UConvertI16x8)     \
+  V(F16x8DemoteF32x4Zero)   \
+  V(F32x4PromoteLowF16x8)   \
   V(I64x2SConvertI32x4Low)  \
   V(I64x2SConvertI32x4High) \
   V(I64x4SConvertI32x4)     \
@@ -5948,14 +6021,17 @@ VISIT_ATOMIC_BINOP(Xor)
 #define SIMD_UNOP_LANE_SIZE_VECTOR_LENGTH_LIST(V) \
   V(F32x4Abs, FAbs, kL32, kV128)                  \
   V(I32x4Abs, IAbs, kL32, kV128)                  \
+  V(F16x8Abs, FAbs, kL16, kV128)                  \
   V(I16x8Abs, IAbs, kL16, kV128)                  \
   V(I8x16Abs, IAbs, kL8, kV128)                   \
   V(F32x4Neg, FNeg, kL32, kV128)                  \
   V(I32x4Neg, INeg, kL32, kV128)                  \
+  V(F16x8Neg, FNeg, kL16, kV128)                  \
   V(I16x8Neg, INeg, kL16, kV128)                  \
   V(I8x16Neg, INeg, kL8, kV128)                   \
   V(F64x2Sqrt, FSqrt, kL64, kV128)                \
   V(F32x4Sqrt, FSqrt, kL32, kV128)                \
+  V(F16x8Sqrt, FSqrt, kL16, kV128)                \
   V(I64x2BitMask, IBitMask, kL64, kV128)          \
   V(I32x4BitMask, IBitMask, kL32, kV128)          \
   V(I16x8BitMask, IBitMask, kL16, kV128)          \
@@ -6081,6 +6157,15 @@ void InstructionSelectorT<Adapter>::VisitF32x4Splat(node_t node) {
        g.DefineAsRegister(node), g.UseRegister(this->input_at(node, 0)));
 }
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Splat(node_t node) {
+  X64OperandGeneratorT<Adapter> g(this);
+  DCHECK_EQ(this->value_input_count(node), 1);
+  Emit(kX64FSplat | LaneSizeField::encode(kL16) |
+           VectorLengthField::encode(kV128),
+       g.DefineAsRegister(node), g.UseRegister(this->input_at(node, 0)));
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF64x4Splat(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
@@ -6126,6 +6211,7 @@ void InstructionSelectorT<Adapter>::VisitF32x8Splat(node_t node) {
 
 SIMD_VISIT_EXTRACT_LANE(F, F64x2, , kL64, kV128)
 SIMD_VISIT_EXTRACT_LANE(F, F32x4, , kL32, kV128)
+SIMD_VISIT_EXTRACT_LANE(F, F16x8, , kL16, kV128)
 SIMD_VISIT_EXTRACT_LANE(I, I64x2, , kL64, kV128)
 SIMD_VISIT_EXTRACT_LANE(I, I32x4, , kL32, kV128)
 SIMD_VISIT_EXTRACT_LANE(I, I16x8, S, kL16, kV128)
@@ -6164,6 +6250,26 @@ void InstructionSelectorT<Adapter>::VisitI8x16ExtractLaneU(node_t node) {
   }
 }
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8ReplaceLane(node_t node) {
+  X64OperandGeneratorT<Adapter> g(this);
+  if constexpr (Adapter::IsTurboshaft) {
+    auto& op =
+        this->Get(node).template Cast<turboshaft::Simd128ReplaceLaneOp>();
+    Emit(kX64FReplaceLane | LaneSizeField::encode(kL16) |
+             VectorLengthField::encode(kV128),
+         g.DefineSameAsFirst(node), g.UseRegister(op.into()),
+         g.UseImmediate(op.lane), g.Use(op.new_lane()));
+
+  } else {
+    int32_t lane = OpParameter<int32_t>(node->op());
+    Emit(kX64FReplaceLane | LaneSizeField::encode(kL16) |
+             VectorLengthField::encode(kV128),
+         g.DefineSameAsFirst(node), g.UseRegister(node->InputAt(0)),
+         g.UseImmediate(lane), g.Use(node->InputAt(1)));
+  }
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF32x4ReplaceLane(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
@@ -6376,6 +6482,25 @@ SIMD_BINOP_SSE_AVX_LANE_SIZE_VECTOR_LENGTH_LIST(
 #undef VISIT_SIMD_BINOP_LANE_SIZE_VECTOR_LENGTH
 #undef SIMD_BINOP_SSE_AVX_LANE_SIZE_VECTOR_LENGTH_LIST
 
+#define VISIT_SIMD_F16x8_BINOP(Name, Opcode)                               \
+  template <typename Adapter>                                              \
+  void InstructionSelectorT<Adapter>::Visit##Name(node_t node) {           \
+    X64OperandGeneratorT<Adapter> g(this);                                 \
+    DCHECK_EQ(this->value_input_count(node), 2);                           \
+    InstructionOperand temps[] = {g.TempSimd256Register(),                 \
+                                  g.TempSimd256Register()};                \
+    size_t temp_count = arraysize(temps);                                  \
+    Emit(kX64##Opcode | LaneSizeField::encode(kL16) |                      \
+             VectorLengthField::encode(kV128),                             \
+         g.DefineAsRegister(node),                                         \
+         g.UseUniqueRegister(this->input_at(node, 0)),                     \
+         g.UseUniqueRegister(this->input_at(node, 1)), temp_count, temps); \
+  }
+
+SIMD_F16x8_BINOP_LIST(VISIT_SIMD_F16x8_BINOP)
+#undef VISIT_SIMD_F16x8_BINOP
+#undef SIMD_F16x8_BINOP_LIST
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitV128AnyTrue(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
@@ -6557,8 +6682,25 @@ VISIT_SIMD_QFMOP(F32x8Qfms)
 #endif  // V8_ENABLE_WASM_SIMD256_REVEC
 #undef VISIT_SIMD_QFMOP
 
-template <typename Adapter>
-void InstructionSelectorT<Adapter>::VisitI64x2Neg(node_t node) {
+#define VISIT_SIMD_F16x8_QFMOP(Opcode)                                   \
+  template <typename Adapter>                                            \
+  void InstructionSelectorT<Adapter>::Visit##Opcode(node_t node) {       \
+    X64OperandGeneratorT<Adapter> g(this);                               \
+    DCHECK_EQ(this->value_input_count(node), 3);                         \
+    InstructionOperand temps[] = {g.TempSimd256Register(),               \
+                                  g.TempSimd256Register()};              \
+    Emit(kX64##Opcode, g.UseRegister(node),                              \
+         g.UseUniqueRegister(this->input_at(node, 0)),                   \
+         g.UseUniqueRegister(this->input_at(node, 1)),                   \
+         g.UseUniqueRegister(this->input_at(node, 2)), arraysize(temps), \
+         temps);                                                         \
+  }
+
+VISIT_SIMD_F16x8_QFMOP(F16x8Qfma) VISIT_SIMD_F16x8_QFMOP(F16x8Qfms)
+#undef VISIT_SIMD_F16x8_QFMOP
+
+    template <typename Adapter>
+    void InstructionSelectorT<Adapter>::VisitI64x2Neg(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
   DCHECK_EQ(this->value_input_count(node), 1);
   // If AVX unsupported, make sure dst != src to avoid a move.
@@ -7073,6 +7215,39 @@ void InstructionSelectorT<Adapter>::VisitI64x4RelaxedLaneSelect(node_t node) {
 }
 #endif  // V8_ENABLE_WASM_SIMD256_REVEC
 
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Pmin(node_t node) {
+  X64OperandGeneratorT<Adapter> g(this);
+  DCHECK_EQ(this->value_input_count(node), 2);
+  InstructionOperand dst = g.DefineAsRegister(node);
+  InstructionCode instr_code = kX64Minph | VectorLengthField::encode(kV128);
+  InstructionOperand temps[] = {g.TempSimd256Register(),
+                                g.TempSimd256Register()};
+  size_t temp_count = arraysize(temps);
+
+  Emit(instr_code, dst, g.UseUniqueRegister(this->input_at(node, 1)),
+       g.UseUniqueRegister(this->input_at(node, 0)), temp_count, temps);
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8Pmax(node_t node) {
+  X64OperandGeneratorT<Adapter> g(this);
+  DCHECK_EQ(this->value_input_count(node), 2);
+  InstructionOperand dst = g.DefineAsRegister(node);
+  InstructionCode instr_code = kX64Maxph | VectorLengthField::encode(kV128);
+  InstructionOperand temps[] = {g.TempSimd256Register(),
+                                g.TempSimd256Register()};
+  size_t temp_count = arraysize(temps);
+
+  Emit(instr_code, dst, g.UseUniqueRegister(this->input_at(node, 1)),
+       g.UseUniqueRegister(this->input_at(node, 0)), temp_count, temps);
+}
+
+template <typename Adapter>
+void InstructionSelectorT<Adapter>::VisitF16x8DemoteF64x2Zero(node_t node) {
+  UNREACHABLE();
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF32x4Pmin(node_t node) {
   VisitMinOrMax<Adapter, kV128>(this, node, kX64Minps, true);
@@ -7364,15 +7539,36 @@ void InstructionSelectorT<Adapter>::VisitI64x2Abs(node_t node) {
   }
 }
 
+template <>
+bool InstructionSelectorT<TurboshaftAdapter>::CanOptimizeF64x2PromoteLowF32x4(
+    node_t node) {
+  using namespace turboshaft;  // NOLINT(build/namespaces)
+  DCHECK(this->Get(node).Is<Opmask::kSimd128F64x2PromoteLowF32x4>());
+  V<Simd128> input = this->input_at(node, 0);
+  return this->Get(input).template Is<Opmask::kSimd128LoadTransform64Zero>() &&
+         CanCover(node, input);
+}
+
 template <typename Adapter>
 void InstructionSelectorT<Adapter>::VisitF64x2PromoteLowF32x4(node_t node) {
   X64OperandGeneratorT<Adapter> g(this);
   DCHECK_EQ(this->value_input_count(node), 1);
   InstructionCode code = kX64F64x2PromoteLowF32x4;
   if constexpr (Adapter::IsTurboshaft) {
-    // TODO(nicohartmann@): Implement this special case for turboshaft. Note
-    // that this special case may require adaptions in instruction-selector.cc
-    // in `FinishEmittedInstructions`, similar to what exists for TurboFan.
+    using namespace turboshaft;  // NOLINT(build/namespaces)
+    if (CanOptimizeF64x2PromoteLowF32x4(node)) {
+      V<Simd128> input = this->input_at(node, 0);
+      const Simd128LoadTransformOp& load_transform =
+          this->Get(input).template Cast<Simd128LoadTransformOp>();
+      if (load_transform.load_kind.with_trap_handler) {
+        code |= AccessModeField::encode(kMemoryAccessProtectedMemOutOfBounds);
+      }
+      // LoadTransforms cannot be eliminated, so they are visited even if
+      // unused. Mark it as defined so that we don't visit it.
+      MarkAsDefined(input);
+      VisitLoad(node, input, code);
+      return;
+    }
   } else {
     node_t input = this->input_at(node, 0);
     LoadTransformMatcher m(input);
@@ -7498,6 +7694,9 @@ InstructionSelector::SupportedMachineOperatorFlags() {
              MachineOperatorBuilder::kFloat32RoundTiesEven |
              MachineOperatorBuilder::kFloat64RoundTiesEven;
   }
+  if (CpuFeatures::IsSupported(F16C)) {
+    flags |= MachineOperatorBuilder::kFloat16;
+  }
   return flags;
 }
 
diff --git a/deps/v8/src/compiler/basic-block-instrumentor.cc b/deps/v8/src/compiler/basic-block-instrumentor.cc
index b2c0dbdc3aed19..74e78055f3a3fe 100644
--- a/deps/v8/src/compiler/basic-block-instrumentor.cc
+++ b/deps/v8/src/compiler/basic-block-instrumentor.cc
@@ -240,7 +240,7 @@ bool IsBuiltinCall(const turboshaft::Operation& op,
   Handle<HeapObject> heap_constant;
   if (!matcher.MatchHeapConstant(callee_index, &heap_constant)) return false;
   if (!IsCode(*heap_constant)) return false;
-  Handle<Code> code = Cast<Code>(heap_constant);
+  DirectHandle<Code> code = Cast<Code>(heap_constant);
   if (!code->is_builtin()) return false;
 
   *called_builtin = code->builtin_id();
diff --git a/deps/v8/src/compiler/bytecode-analysis.cc b/deps/v8/src/compiler/bytecode-analysis.cc
index c8044e52c2ec9b..c6623916a63f28 100644
--- a/deps/v8/src/compiler/bytecode-analysis.cc
+++ b/deps/v8/src/compiler/bytecode-analysis.cc
@@ -9,6 +9,7 @@
 #include "src/compiler/bytecode-liveness-map.h"
 #include "src/interpreter/bytecode-array-iterator.h"
 #include "src/interpreter/bytecode-array-random-iterator.h"
+#include "src/interpreter/bytecodes.h"
 #include "src/objects/objects-inl.h"
 #include "src/utils/ostreams.h"
 
@@ -84,22 +85,6 @@ ResumeJumpTarget ResumeJumpTarget::AtLoopHeader(int loop_header_offset,
                           next.target_offset());
 }
 
-BytecodeAnalysis::BytecodeAnalysis(Handle<BytecodeArray> bytecode_array,
-                                   Zone* zone, BytecodeOffset osr_bailout_id,
-                                   bool analyze_liveness)
-    : bytecode_array_(bytecode_array),
-      zone_(zone),
-      osr_bailout_id_(osr_bailout_id),
-      analyze_liveness_(analyze_liveness),
-      loop_stack_(zone),
-      loop_end_index_queue_(zone),
-      resume_jump_targets_(zone),
-      end_to_header_(zone),
-      header_to_info_(zone),
-      osr_entry_point_(-1) {
-  Analyze();
-}
-
 namespace {
 
 template <Bytecode bytecode, OperandType operand_type, size_t i>
@@ -469,54 +454,142 @@ void UpdateAssignments(Bytecode bytecode, BytecodeLoopAssignments* assignments,
 
 }  // namespace
 
-void BytecodeAnalysis::Analyze() {
+class BytecodeAnalysis::BytecodeAnalysisImpl {
+ public:
+  std::ostream& PrintLivenessTo(std::ostream& os) const;
+
+  BytecodeAnalysisImpl(BytecodeAnalysis& res,
+                       Handle<BytecodeArray> bytecode_array, Zone* zone)
+      : res_(res),
+        zone_(zone),
+        bytecode_array_(bytecode_array),
+        loop_stack_(zone),
+        loop_end_index_queue_(zone),
+        iterator_(bytecode_array, zone) {}
+
+  void Analyze();
+
+ private:
+  template <Bytecode BC>
+  inline void AnalyzeBCInLoop(int current_offset, LoopInfo* current_loop_info) {
+  }
+
+  void PushLoop(int loop_header, int loop_end) {
+    DCHECK_LT(loop_header, loop_end);
+    DCHECK_LT(loop_stack_.top().header_offset, loop_header);
+    DCHECK_EQ(res_.end_to_header_.find(loop_end), res_.end_to_header_.end());
+    DCHECK_EQ(res_.header_to_info_.find(loop_header),
+              res_.header_to_info_.end());
+
+    int parent_offset = loop_stack_.top().header_offset;
+
+    res_.end_to_header_.insert({loop_end, loop_header});
+    auto it = res_.header_to_info_.insert(
+        {loop_header, LoopInfo(parent_offset, loop_header, loop_end,
+                               bytecode_array()->parameter_count(),
+                               bytecode_array()->register_count(), zone())});
+    // Get the loop info pointer from the output of insert.
+    LoopInfo* loop_info = &it.first->second;
+
+    if (loop_stack_.top().loop_info) {
+      loop_stack_.top().loop_info->mark_not_innermost();
+    }
+    loop_stack_.push({loop_header, loop_info});
+  }
+
+#if DEBUG
+  bool ResumeJumpTargetsAreValid();
+  bool ResumeJumpTargetLeavesResolveSuspendIds(
+      int parent_offset,
+      const ZoneVector<ResumeJumpTarget>& resume_jump_targets,
+      std::map<int, int>* unresolved_suspend_ids);
+
+  bool LivenessIsValid();
+#endif
+
+  bool analyze_liveness() const { return res_.analyze_liveness_; }
+  Zone* zone() const { return zone_; }
+  Handle<BytecodeArray> bytecode_array() const { return bytecode_array_; }
+  BytecodeLivenessMap& liveness_map() { return *res_.liveness_map_; }
+
+  struct LoopStackEntry {
+    int header_offset;
+    LoopInfo* loop_info;
+  };
+
+  BytecodeAnalysis& res_;
+  Zone* zone_;
+  Handle<BytecodeArray> const bytecode_array_;
+  ZoneStack<LoopStackEntry> loop_stack_;
+  ZoneVector<int> loop_end_index_queue_;
+  interpreter::BytecodeArrayRandomIterator iterator_;
+};
+
+template <>
+inline void BytecodeAnalysis::BytecodeAnalysisImpl::AnalyzeBCInLoop<
+    Bytecode::kSuspendGenerator>(int current_offset,
+                                 LoopInfo* current_loop_info) {
+  int suspend_id = iterator_.GetUnsignedImmediateOperand(3);
+  int resume_offset = current_offset + iterator_.current_bytecode_size();
+  current_loop_info->AddResumeTarget(
+      ResumeJumpTarget::Leaf(suspend_id, resume_offset));
+}
+
+template <>
+inline void BytecodeAnalysis::BytecodeAnalysisImpl::AnalyzeBCInLoop<
+    Bytecode::kResumeGenerator>(int current_offset,
+                                LoopInfo* current_loop_info) {
+  current_loop_info->mark_resumable();
+}
+
+void BytecodeAnalysis::BytecodeAnalysisImpl::Analyze() {
+  DCHECK_EQ(res_.bytecode_count_, -1);
+  res_.bytecode_count_ = iterator_.size();
+
   loop_stack_.push({-1, nullptr});
 
   BytecodeLivenessState* next_bytecode_in_liveness = nullptr;
-  int osr_loop_end_offset = osr_bailout_id_.ToInt();
-  DCHECK_EQ(osr_loop_end_offset < 0, osr_bailout_id_.IsNone());
-
-  interpreter::BytecodeArrayRandomIterator iterator(bytecode_array(), zone());
+  int osr_loop_end_offset_ = res_.osr_bailout_id_.ToInt();
+  DCHECK_EQ(osr_loop_end_offset_ < 0, res_.osr_bailout_id_.IsNone());
 
-  bytecode_count_ = iterator.size();
-  if (analyze_liveness_) {
-    liveness_map_.emplace(bytecode_array()->length(), zone());
+  if (analyze_liveness()) {
+    res_.liveness_map_.emplace(bytecode_array()->length(), zone());
   }
 
-  for (iterator.GoToEnd(); iterator.IsValid(); --iterator) {
-    Bytecode bytecode = iterator.current_bytecode();
-    int current_offset = iterator.current_offset();
+  for (iterator_.GoToEnd(); iterator_.IsValid(); --iterator_) {
+    Bytecode bytecode = iterator_.current_bytecode();
+    int current_offset = iterator_.current_offset();
 
     if (bytecode == Bytecode::kJumpLoop) {
       // Every byte up to and including the last byte within the backwards jump
       // instruction is considered part of the loop, set loop end accordingly.
-      int loop_end = current_offset + iterator.current_bytecode_size();
-      int loop_header = iterator.GetJumpTargetOffset();
+      int loop_end = current_offset + iterator_.current_bytecode_size();
+      int loop_header = iterator_.GetJumpTargetOffset();
       PushLoop(loop_header, loop_end);
 
-      if (current_offset == osr_loop_end_offset) {
-        osr_entry_point_ = loop_header;
-      } else if (current_offset < osr_loop_end_offset) {
+      if (current_offset == osr_loop_end_offset_) {
+        res_.osr_entry_point_ = loop_header;
+      } else if (current_offset < osr_loop_end_offset_) {
         // Assert that we've found the osr_entry_point if we've gone past the
         // osr_loop_end_offset. Note, we are iterating the bytecode in reverse,
         // so the less-than in the above condition is correct.
-        DCHECK_LE(0, osr_entry_point_);
+        DCHECK_LE(0, res_.osr_entry_point_);
       }
 
       // Save the index so that we can do another pass later.
-      if (analyze_liveness_) {
-        loop_end_index_queue_.push_back(iterator.current_index());
+      if (analyze_liveness()) {
+        loop_end_index_queue_.push_back(iterator_.current_index());
       }
     }
 
     // We have to pop from loop_stack_ if:
     // 1) We entered the body of the loop
     // 2) If we have a JumpLoop that jumps to itself (i.e an empty loop)
-    bool pop_current_loop = loop_stack_.size() > 1 &&
-                            (bytecode != Bytecode::kJumpLoop ||
-                             iterator.GetJumpTargetOffset() == current_offset);
+    bool in_loop = loop_stack_.size() > 1 &&
+                   (bytecode != Bytecode::kJumpLoop ||
+                    iterator_.GetJumpTargetOffset() == current_offset);
 
-    if (pop_current_loop) {
+    if (in_loop) {
       LoopStackEntry& current_loop = loop_stack_.top();
       LoopInfo* current_loop_info = current_loop.loop_info;
 
@@ -524,18 +597,15 @@ void BytecodeAnalysis::Analyze() {
       // the loop *and* are live when the loop exits. However, this requires
       // tracking the out-liveness of *all* loop exits, which is not
       // information we currently have.
-      UpdateAssignments(bytecode, &current_loop_info->assignments(), iterator);
-
-      // Update suspend counts for this loop.
-      if (bytecode == Bytecode::kSuspendGenerator) {
-        int suspend_id = iterator.GetUnsignedImmediateOperand(3);
-        int resume_offset = current_offset + iterator.current_bytecode_size();
-        current_loop_info->AddResumeTarget(
-            ResumeJumpTarget::Leaf(suspend_id, resume_offset));
-      }
-
-      if (bytecode == Bytecode::kResumeGenerator) {
-        current_loop_info->mark_resumable();
+      UpdateAssignments(bytecode, &current_loop_info->assignments(), iterator_);
+
+      switch (bytecode) {
+#define CASE(BC, ...)                                                    \
+  case Bytecode::k##BC:                                                  \
+    AnalyzeBCInLoop<Bytecode::k##BC>(current_offset, current_loop_info); \
+    break;
+        BYTECODE_LIST(CASE)
+#undef CASE
       }
 
       // If we've reached the header of the loop, pop it off the stack.
@@ -584,7 +654,7 @@ void BytecodeAnalysis::Analyze() {
         } else {
           // Otherwise, just propagate inner loop suspends to top-level.
           for (const auto& target : current_loop_info->resume_jump_targets()) {
-            resume_jump_targets_.push_back(
+            res_.resume_jump_targets_.push_back(
                 ResumeJumpTarget::AtLoopHeader(current_offset, target));
           }
         }
@@ -593,17 +663,17 @@ void BytecodeAnalysis::Analyze() {
       // If we're not in a loop, we still need to look for suspends.
       // TODO(leszeks): It would be nice to de-duplicate this with the in-loop
       // case
-      int suspend_id = iterator.GetUnsignedImmediateOperand(3);
-      int resume_offset = current_offset + iterator.current_bytecode_size();
-      resume_jump_targets_.push_back(
+      int suspend_id = iterator_.GetUnsignedImmediateOperand(3);
+      int resume_offset = current_offset + iterator_.current_bytecode_size();
+      res_.resume_jump_targets_.push_back(
           ResumeJumpTarget::Leaf(suspend_id, resume_offset));
     }
 
-    if (analyze_liveness_) {
+    if (analyze_liveness()) {
       BytecodeLiveness& liveness =
           liveness_map().InsertNewLiveness(current_offset);
       UpdateLiveness<true>(bytecode, liveness, &next_bytecode_in_liveness,
-                           iterator, bytecode_array(), liveness_map(), zone());
+                           iterator_, bytecode_array(), liveness_map(), zone());
     }
   }
 
@@ -612,7 +682,7 @@ void BytecodeAnalysis::Analyze() {
 
   DCHECK(ResumeJumpTargetsAreValid());
 
-  if (!analyze_liveness_) return;
+  if (!analyze_liveness()) return;
 
   // At this point, every bytecode has a valid in and out liveness, except for
   // propagating liveness across back edges (i.e. JumpLoop). Subsequent liveness
@@ -640,12 +710,12 @@ void BytecodeAnalysis::Analyze() {
   // outer-to-inner requirements.
 
   for (int loop_end_index : loop_end_index_queue_) {
-    iterator.GoToIndex(loop_end_index);
+    iterator_.GoToIndex(loop_end_index);
 
-    DCHECK_EQ(iterator.current_bytecode(), Bytecode::kJumpLoop);
+    DCHECK_EQ(iterator_.current_bytecode(), Bytecode::kJumpLoop);
 
-    int header_offset = iterator.GetJumpTargetOffset();
-    int end_offset = iterator.current_offset();
+    int header_offset = iterator_.GetJumpTargetOffset();
+    int end_offset = iterator_.current_offset();
 
     BytecodeLiveness& header_liveness =
         liveness_map().GetLiveness(header_offset);
@@ -659,22 +729,22 @@ void BytecodeAnalysis::Analyze() {
     next_bytecode_in_liveness = end_liveness.in;
 
     // Advance into the loop body.
-    --iterator;
-    for (; iterator.current_offset() > header_offset; --iterator) {
-      Bytecode bytecode = iterator.current_bytecode();
-      int current_offset = iterator.current_offset();
+    --iterator_;
+    for (; iterator_.current_offset() > header_offset; --iterator_) {
+      Bytecode bytecode = iterator_.current_bytecode();
+      int current_offset = iterator_.current_offset();
       BytecodeLiveness& liveness = liveness_map().GetLiveness(current_offset);
-      UpdateLiveness(bytecode, liveness, &next_bytecode_in_liveness, iterator,
+      UpdateLiveness(bytecode, liveness, &next_bytecode_in_liveness, iterator_,
                      bytecode_array(), liveness_map(), zone());
     }
-    // Now we are at the loop header. Since the in-liveness of the header
-    // can't change, we need only to update the out-liveness.
-    UpdateOutLiveness(iterator.current_bytecode(), header_liveness,
-                      next_bytecode_in_liveness, iterator, bytecode_array(),
+    // Now we are at the loop header. Since the in-liveness of the header can't
+    // change, we need only to update the out-liveness.
+    UpdateOutLiveness(iterator_.current_bytecode(), header_liveness,
+                      next_bytecode_in_liveness, iterator_, bytecode_array(),
                       liveness_map(), zone());
   }
 
-  DCHECK(analyze_liveness_);
+  DCHECK(analyze_liveness());
   if (v8_flags.trace_environment_liveness) {
     StdoutStream of;
     PrintLivenessTo(of);
@@ -683,28 +753,6 @@ void BytecodeAnalysis::Analyze() {
   DCHECK(LivenessIsValid());
 }
 
-void BytecodeAnalysis::PushLoop(int loop_header, int loop_end) {
-  DCHECK_LT(loop_header, loop_end);
-  DCHECK_LT(loop_stack_.top().header_offset, loop_header);
-  DCHECK_EQ(end_to_header_.find(loop_end), end_to_header_.end());
-  DCHECK_EQ(header_to_info_.find(loop_header), header_to_info_.end());
-
-  int parent_offset = loop_stack_.top().header_offset;
-
-  end_to_header_.insert({loop_end, loop_header});
-  auto it = header_to_info_.insert(
-      {loop_header, LoopInfo(parent_offset, loop_header, loop_end,
-                             bytecode_array_->parameter_count(),
-                             bytecode_array_->register_count(), zone_)});
-  // Get the loop info pointer from the output of insert.
-  LoopInfo* loop_info = &it.first->second;
-
-  if (loop_stack_.top().loop_info) {
-    loop_stack_.top().loop_info->mark_not_innermost();
-  }
-  loop_stack_.push({loop_header, loop_info});
-}
-
 bool BytecodeAnalysis::IsLoopHeader(int offset) const {
   return header_to_info_.find(offset) != header_to_info_.end();
 }
@@ -775,15 +823,17 @@ const BytecodeLivenessState* BytecodeAnalysis::GetOutLivenessFor(
   return liveness_map().GetOutLiveness(offset);
 }
 
-std::ostream& BytecodeAnalysis::PrintLivenessTo(std::ostream& os) const {
-  interpreter::BytecodeArrayIterator iterator(bytecode_array());
+std::ostream& BytecodeAnalysis::BytecodeAnalysisImpl::PrintLivenessTo(
+    std::ostream& os) const {
+  interpreter::BytecodeArrayIterator iterator(bytecode_array_);
 
   for (; !iterator.done(); iterator.Advance()) {
     int current_offset = iterator.current_offset();
 
-    const BytecodeLivenessState* in_liveness = GetInLivenessFor(current_offset);
+    const BytecodeLivenessState* in_liveness =
+        res_.GetInLivenessFor(current_offset);
     const BytecodeLivenessState* out_liveness =
-        GetOutLivenessFor(current_offset);
+        res_.GetOutLivenessFor(current_offset);
 
     os << ToString(*in_liveness) << " -> " << ToString(*out_liveness) << " | "
        << current_offset << ": ";
@@ -794,11 +844,11 @@ std::ostream& BytecodeAnalysis::PrintLivenessTo(std::ostream& os) const {
 }
 
 #if DEBUG
-bool BytecodeAnalysis::ResumeJumpTargetsAreValid() {
+bool BytecodeAnalysis::BytecodeAnalysisImpl::ResumeJumpTargetsAreValid() {
   bool valid = true;
 
   // Find the generator switch.
-  interpreter::BytecodeArrayRandomIterator iterator(bytecode_array(), zone());
+  interpreter::BytecodeArrayRandomIterator iterator(bytecode_array_, zone());
   for (iterator.GoToStart(); iterator.IsValid(); ++iterator) {
     if (iterator.current_bytecode() == Bytecode::kSwitchOnGeneratorState) {
       break;
@@ -809,14 +859,15 @@ bool BytecodeAnalysis::ResumeJumpTargetsAreValid() {
   // generator switch. So, ensure there are no jump targets and exit.
   if (!iterator.IsValid()) {
     // Check top-level.
-    if (!resume_jump_targets().empty()) {
+    if (!res_.resume_jump_targets().empty()) {
       PrintF(stderr,
              "Found %zu top-level resume targets but no resume switch\n",
-             resume_jump_targets().size());
+             res_.resume_jump_targets().size());
       valid = false;
     }
     // Check loops.
-    for (const std::pair<const int, LoopInfo>& loop_info : header_to_info_) {
+    for (const std::pair<const int, LoopInfo>& loop_info :
+         res_.header_to_info_) {
       if (!loop_info.second.resume_jump_targets().empty()) {
         PrintF(stderr,
                "Found %zu resume targets at loop at offset %d, but no resume "
@@ -845,12 +896,12 @@ bool BytecodeAnalysis::ResumeJumpTargetsAreValid() {
   }
 
   // Check top-level.
-  if (!ResumeJumpTargetLeavesResolveSuspendIds(-1, resume_jump_targets(),
+  if (!ResumeJumpTargetLeavesResolveSuspendIds(-1, res_.resume_jump_targets(),
                                                &unresolved_suspend_ids)) {
     valid = false;
   }
   // Check loops.
-  for (const std::pair<const int, LoopInfo>& loop_info : header_to_info_) {
+  for (const std::pair<const int, LoopInfo>& loop_info : res_.header_to_info_) {
     if (!ResumeJumpTargetLeavesResolveSuspendIds(
             loop_info.first, loop_info.second.resume_jump_targets(),
             &unresolved_suspend_ids)) {
@@ -873,9 +924,11 @@ bool BytecodeAnalysis::ResumeJumpTargetsAreValid() {
   return valid;
 }
 
-bool BytecodeAnalysis::ResumeJumpTargetLeavesResolveSuspendIds(
-    int parent_offset, const ZoneVector<ResumeJumpTarget>& resume_jump_targets,
-    std::map<int, int>* unresolved_suspend_ids) {
+bool BytecodeAnalysis::BytecodeAnalysisImpl::
+    ResumeJumpTargetLeavesResolveSuspendIds(
+        int parent_offset,
+        const ZoneVector<ResumeJumpTarget>& resume_jump_targets,
+        std::map<int, int>* unresolved_suspend_ids) {
   bool valid = true;
   for (const ResumeJumpTarget& target : resume_jump_targets) {
     std::map<int, int>::iterator it =
@@ -901,7 +954,7 @@ bool BytecodeAnalysis::ResumeJumpTargetLeavesResolveSuspendIds(
         valid = false;
       } else {
         // Make sure we're resuming to a Resume bytecode
-        interpreter::BytecodeArrayIterator iterator(bytecode_array(),
+        interpreter::BytecodeArrayIterator iterator(bytecode_array_,
                                                     target.target_offset());
         if (iterator.current_bytecode() != Bytecode::kResumeGenerator) {
           PrintF(stderr,
@@ -918,14 +971,14 @@ bool BytecodeAnalysis::ResumeJumpTargetLeavesResolveSuspendIds(
       unresolved_suspend_ids->erase(it);
     } else {
       // Non-leaves should have a direct inner loop header as their target.
-      if (!IsLoopHeader(target.target_offset())) {
+      if (!res_.IsLoopHeader(target.target_offset())) {
         PrintF(stderr,
                "Expected non-leaf resume target for id %d to have a loop "
                "header at target offset %d\n",
                target.suspend_id(), target.target_offset());
         valid = false;
       } else {
-        LoopInfo loop_info = GetLoopInfoFor(target.target_offset());
+        LoopInfo loop_info = res_.GetLoopInfoFor(target.target_offset());
         if (loop_info.parent_offset() != parent_offset) {
           PrintF(stderr,
                  "Expected non-leaf resume target for id %d to have a direct "
@@ -941,15 +994,15 @@ bool BytecodeAnalysis::ResumeJumpTargetLeavesResolveSuspendIds(
   return valid;
 }
 
-bool BytecodeAnalysis::LivenessIsValid() {
-  interpreter::BytecodeArrayRandomIterator iterator(bytecode_array(), zone());
+bool BytecodeAnalysis::BytecodeAnalysisImpl::LivenessIsValid() {
+  interpreter::BytecodeArrayRandomIterator iterator(bytecode_array_, zone());
 
-  BytecodeLivenessState previous_liveness(bytecode_array()->register_count(),
+  BytecodeLivenessState previous_liveness(bytecode_array_->register_count(),
                                           zone());
 
   int invalid_offset = -1;
   int which_invalid = -1;
-  BytecodeLivenessState invalid_liveness(bytecode_array()->register_count(),
+  BytecodeLivenessState invalid_liveness(bytecode_array_->register_count(),
                                          zone());
 
   BytecodeLivenessState* next_bytecode_in_liveness = nullptr;
@@ -965,7 +1018,7 @@ bool BytecodeAnalysis::LivenessIsValid() {
     previous_liveness.CopyFrom(*liveness.out);
 
     UpdateOutLiveness(bytecode, liveness, next_bytecode_in_liveness, iterator,
-                      bytecode_array(), liveness_map(), zone());
+                      bytecode_array_, liveness_map(), zone());
     // UpdateOutLiveness skips kJumpLoop, so we update it manually.
     if (bytecode == Bytecode::kJumpLoop) {
       int target_offset = iterator.GetJumpTargetOffset();
@@ -1004,7 +1057,7 @@ bool BytecodeAnalysis::LivenessIsValid() {
        ++iterator) {
     Bytecode bytecode = iterator.current_bytecode();
     int current_offset = iterator.current_offset();
-    int loop_header = GetLoopOffsetFor(current_offset);
+    int loop_header = res_.GetLoopOffsetFor(current_offset);
 
     // We only care if we're inside a loop.
     if (loop_header == -1) continue;
@@ -1016,7 +1069,7 @@ bool BytecodeAnalysis::LivenessIsValid() {
 
     // If this is a forward jump to somewhere else in the same loop, ignore it.
     if (Bytecodes::IsForwardJump(bytecode) &&
-        GetLoopOffsetFor(jump_target) == loop_header) {
+        res_.GetLoopOffsetFor(jump_target) == loop_header) {
       continue;
     }
 
@@ -1036,13 +1089,13 @@ bool BytecodeAnalysis::LivenessIsValid() {
 
     int loop_indent = 0;
 
-    interpreter::BytecodeArrayIterator forward_iterator(bytecode_array());
+    interpreter::BytecodeArrayIterator forward_iterator(bytecode_array_);
     for (; !forward_iterator.done(); forward_iterator.Advance()) {
       int current_offset = forward_iterator.current_offset();
       const BytecodeLivenessState* in_liveness =
-          GetInLivenessFor(current_offset);
+          res_.GetInLivenessFor(current_offset);
       const BytecodeLivenessState* out_liveness =
-          GetOutLivenessFor(current_offset);
+          res_.GetOutLivenessFor(current_offset);
 
       std::string in_liveness_str = ToString(*in_liveness);
       std::string out_liveness_str = ToString(*out_liveness);
@@ -1060,7 +1113,7 @@ bool BytecodeAnalysis::LivenessIsValid() {
       }
       if (forward_iterator.current_bytecode() == Bytecode::kJumpLoop) {
         of << "`-";
-      } else if (IsLoopHeader(current_offset)) {
+      } else if (res_.IsLoopHeader(current_offset)) {
         of << ".>";
         loop_indent++;
       }
@@ -1109,6 +1162,21 @@ bool BytecodeAnalysis::LivenessIsValid() {
 }
 #endif
 
+BytecodeAnalysis::BytecodeAnalysis(Handle<BytecodeArray> bytecode_array,
+                                   Zone* zone, BytecodeOffset osr_bailout_id,
+                                   bool analyze_liveness)
+    : osr_bailout_id_(osr_bailout_id),
+      analyze_liveness_(analyze_liveness),
+      resume_jump_targets_(zone),
+      end_to_header_(zone),
+      header_to_info_(zone),
+      osr_entry_point_(-1) {
+  BytecodeAnalysisImpl analysis(*this, bytecode_array, zone);
+  analysis.Analyze();
+  DCHECK_IMPLIES(analyze_liveness_, liveness_map_.has_value());
+  DCHECK_NE(bytecode_count_, -1);
+}
+
 }  // namespace compiler
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/compiler/bytecode-analysis.h b/deps/v8/src/compiler/bytecode-analysis.h
index cc9496d4a972ed..7dad9b37a40502 100644
--- a/deps/v8/src/compiler/bytecode-analysis.h
+++ b/deps/v8/src/compiler/bytecode-analysis.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_BYTECODE_ANALYSIS_H_
 #define V8_COMPILER_BYTECODE_ANALYSIS_H_
 
+#include <optional>
+
 #include "src/compiler/bytecode-liveness-map.h"
 #include "src/handles/handles.h"
 #include "src/interpreter/bytecode-register.h"
@@ -160,26 +162,6 @@ class V8_EXPORT_PRIVATE BytecodeAnalysis : public ZoneObject {
   int bytecode_count() const { return bytecode_count_; }
 
  private:
-  struct LoopStackEntry {
-    int header_offset;
-    LoopInfo* loop_info;
-  };
-
-  void Analyze();
-  void PushLoop(int loop_header, int loop_end);
-
-#if DEBUG
-  bool ResumeJumpTargetsAreValid();
-  bool ResumeJumpTargetLeavesResolveSuspendIds(
-      int parent_offset,
-      const ZoneVector<ResumeJumpTarget>& resume_jump_targets,
-      std::map<int, int>* unresolved_suspend_ids);
-
-  bool LivenessIsValid();
-#endif
-
-  Zone* zone() const { return zone_; }
-  Handle<BytecodeArray> bytecode_array() const { return bytecode_array_; }
   BytecodeLivenessMap& liveness_map() {
     DCHECK(analyze_liveness_);
     return *liveness_map_;
@@ -189,20 +171,17 @@ class V8_EXPORT_PRIVATE BytecodeAnalysis : public ZoneObject {
     return *liveness_map_;
   }
 
-  std::ostream& PrintLivenessTo(std::ostream& os) const;
-
-  Handle<BytecodeArray> const bytecode_array_;
-  Zone* const zone_;
   BytecodeOffset const osr_bailout_id_;
   bool const analyze_liveness_;
-  ZoneStack<LoopStackEntry> loop_stack_;
-  ZoneVector<int> loop_end_index_queue_;
   ZoneVector<ResumeJumpTarget> resume_jump_targets_;
   ZoneMap<int, int> end_to_header_;
   ZoneMap<int, LoopInfo> header_to_info_;
   int osr_entry_point_;
-  base::Optional<BytecodeLivenessMap> liveness_map_;
-  int bytecode_count_;
+  std::optional<BytecodeLivenessMap> liveness_map_;
+  int bytecode_count_ = -1;
+
+  class BytecodeAnalysisImpl;
+  friend class BytecodeAnalysisImpl;
 };
 
 }  // namespace compiler
diff --git a/deps/v8/src/compiler/bytecode-graph-builder.cc b/deps/v8/src/compiler/bytecode-graph-builder.cc
index 0d4c92ec4c6e73..ac812cecf6d09c 100644
--- a/deps/v8/src/compiler/bytecode-graph-builder.cc
+++ b/deps/v8/src/compiler/bytecode-graph-builder.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/bytecode-graph-builder.h"
 
+#include <optional>
+
 #include "src/ast/ast.h"
 #include "src/codegen/source-position-table.h"
 #include "src/codegen/tick-counter.h"
@@ -1814,7 +1816,7 @@ OptionalScopeInfoRef BytecodeGraphBuilder::TryGetScopeInfo() {
       return scope_info;
     }
     default:
-      return base::nullopt;
+      return std::nullopt;
   }
 }
 
@@ -2081,8 +2083,21 @@ void BytecodeGraphBuilder::VisitGetKeyedProperty() {
 }
 
 void BytecodeGraphBuilder::VisitGetEnumeratedKeyedProperty() {
-  // TODO(v8:14245): Implement this bytecode in Maglev/Turbofan.
-  UNREACHABLE();
+  // GetEnumeratedKeyedProperty <object> <enum_index> <cache_type> <slot>
+  PrepareEagerCheckpoint();
+  Node* key = environment()->LookupAccumulator();
+  Node* object =
+      environment()->LookupRegister(bytecode_iterator().GetRegisterOperand(0));
+  FeedbackSource feedback =
+      CreateFeedbackSource(bytecode_iterator().GetIndexOperand(3));
+  const Operator* op = javascript()->LoadProperty(feedback);
+
+  static_assert(JSLoadPropertyNode::ObjectIndex() == 0);
+  static_assert(JSLoadPropertyNode::KeyIndex() == 1);
+  static_assert(JSLoadPropertyNode::FeedbackVectorIndex() == 2);
+  DCHECK(IrOpcode::IsFeedbackCollectingOpcode(op->opcode()));
+  Node* node = NewNode(op, object, key, feedback_vector_node());
+  environment()->BindAccumulator(node, Environment::kAttachFrameState);
 }
 
 void BytecodeGraphBuilder::BuildNamedStore(NamedStoreMode store_mode) {
diff --git a/deps/v8/src/compiler/code-assembler.cc b/deps/v8/src/compiler/code-assembler.cc
index caa5613c28e858..ec6bcd59480728 100644
--- a/deps/v8/src/compiler/code-assembler.cc
+++ b/deps/v8/src/compiler/code-assembler.cc
@@ -4,6 +4,7 @@
 
 #include "src/compiler/code-assembler.h"
 
+#include <optional>
 #include <ostream>
 
 #include "src/builtins/builtins-inl.h"
@@ -1269,7 +1270,7 @@ Node* CodeAssembler::CallStubRImpl(StubCallMode call_mode,
 Node* CodeAssembler::CallJSStubImpl(const CallInterfaceDescriptor& descriptor,
                                     TNode<Object> target, TNode<Object> context,
                                     TNode<Object> function,
-                                    base::Optional<TNode<Object>> new_target,
+                                    std::optional<TNode<Object>> new_target,
                                     TNode<Int32T> arity,
                                     std::initializer_list<Node*> args) {
   constexpr size_t kMaxNumArgs = 10;
@@ -1353,7 +1354,7 @@ Node* CodeAssembler::CallCFunctionN(Signature<MachineType>* signature,
 }
 
 Node* CodeAssembler::CallCFunction(
-    Node* function, base::Optional<MachineType> return_type,
+    Node* function, std::optional<MachineType> return_type,
     std::initializer_list<CodeAssembler::CFunctionArg> args) {
   return raw_assembler()->CallCFunction(function, return_type, args);
 }
diff --git a/deps/v8/src/compiler/code-assembler.h b/deps/v8/src/compiler/code-assembler.h
index b16ea404db07f3..308db9fa20a061 100644
--- a/deps/v8/src/compiler/code-assembler.h
+++ b/deps/v8/src/compiler/code-assembler.h
@@ -8,6 +8,7 @@
 #include <initializer_list>
 #include <map>
 #include <memory>
+#include <optional>
 #include <sstream>
 #include <type_traits>
 
@@ -15,7 +16,6 @@
 // Do not include anything from src/compiler here!
 #include "include/cppgc/source-location.h"
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/atomic-memory-order.h"
 #include "src/codegen/callable.h"
@@ -1341,7 +1341,7 @@ class V8_EXPORT_PRIVATE CodeAssembler {
   template <class... TArgs>
   TNode<Object> CallJS(Builtin builtin, TNode<Context> context,
                        TNode<Object> function,
-                       base::Optional<TNode<Object>> new_target,
+                       std::optional<TNode<Object>> new_target,
                        TNode<Object> receiver, TArgs... args) {
     Callable callable = Builtins::CallableFor(isolate(), builtin);
     // CallTrampolineDescriptor doesn't have |new_target| parameter.
@@ -1384,7 +1384,7 @@ class V8_EXPORT_PRIVATE CodeAssembler {
 
   // Call to a C function.
   template <class... CArgs>
-  Node* CallCFunction(Node* function, base::Optional<MachineType> return_type,
+  Node* CallCFunction(Node* function, std::optional<MachineType> return_type,
                       CArgs... cargs) {
     static_assert(
         std::conjunction_v<std::is_convertible<CArgs, CFunctionArg>...>,
@@ -1444,7 +1444,7 @@ class V8_EXPORT_PRIVATE CodeAssembler {
  private:
   void HandleException(Node* result);
 
-  Node* CallCFunction(Node* function, base::Optional<MachineType> return_type,
+  Node* CallCFunction(Node* function, std::optional<MachineType> return_type,
                       std::initializer_list<CFunctionArg> args);
 
   Node* CallCFunctionWithoutFunctionDescriptor(
@@ -1485,7 +1485,7 @@ class V8_EXPORT_PRIVATE CodeAssembler {
   Node* CallJSStubImpl(const CallInterfaceDescriptor& descriptor,
                        TNode<Object> target, TNode<Object> context,
                        TNode<Object> function,
-                       base::Optional<TNode<Object>> new_target,
+                       std::optional<TNode<Object>> new_target,
                        TNode<Int32T> arity, std::initializer_list<Node*> args);
 
   Node* CallStubN(StubCallMode call_mode,
diff --git a/deps/v8/src/compiler/common-operator-reducer.cc b/deps/v8/src/compiler/common-operator-reducer.cc
index bcae8ec333a675..b72e2e80caea1c 100644
--- a/deps/v8/src/compiler/common-operator-reducer.cc
+++ b/deps/v8/src/compiler/common-operator-reducer.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/common-operator-reducer.h"
 
 #include <algorithm>
+#include <optional>
 
 #include "src/compiler/common-operator.h"
 #include "src/compiler/graph.h"
@@ -79,7 +80,7 @@ Decision CommonOperatorReducer::DecideCondition(
         return Decision::kTrue;
       }
       HeapObjectMatcher m(unwrapped);
-      base::Optional<bool> maybe_result =
+      std::optional<bool> maybe_result =
           m.Ref(broker_).TryGetBooleanValue(broker());
       if (!maybe_result.has_value()) return Decision::kUnknown;
       return *maybe_result ? Decision::kTrue : Decision::kFalse;
diff --git a/deps/v8/src/compiler/common-operator.cc b/deps/v8/src/compiler/common-operator.cc
index 857806557184ee..52ff9bf2521e9b 100644
--- a/deps/v8/src/compiler/common-operator.cc
+++ b/deps/v8/src/compiler/common-operator.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/common-operator.h"
 
+#include <optional>
+
 #include "src/base/functional.h"
 #include "src/base/lazy-instance.h"
 #include "src/compiler/linkage.h"
@@ -1020,7 +1022,7 @@ const Operator* CommonOperatorBuilder::StaticAssert(const char* source) {
 
 const Operator* CommonOperatorBuilder::SLVerifierHint(
     const Operator* semantics,
-    const base::Optional<Type>& override_output_type) {
+    const std::optional<Type>& override_output_type) {
   return zone()->New<Operator1<SLVerifierHintParameters>>(
       IrOpcode::kSLVerifierHint, Operator::kNoProperties, "SLVerifierHint", 1,
       0, 0, 1, 0, 0, SLVerifierHintParameters(semantics, override_output_type));
@@ -1356,9 +1358,19 @@ const Operator* CommonOperatorBuilder::CompressedHeapConstant(
       value);                                              // parameter
 }
 
+const Operator* CommonOperatorBuilder::TrustedHeapConstant(
+    const Handle<HeapObject>& value) {
+  return zone()->New<Operator1<Handle<HeapObject>>>(    // --
+      IrOpcode::kTrustedHeapConstant, Operator::kPure,  // opcode
+      "TrustedHeapConstant",                            // name
+      0, 0, 0, 1, 0, 0,                                 // counts
+      value);                                           // parameter
+}
+
 Handle<HeapObject> HeapConstantOf(const Operator* op) {
   DCHECK(IrOpcode::kHeapConstant == op->opcode() ||
-         IrOpcode::kCompressedHeapConstant == op->opcode());
+         IrOpcode::kCompressedHeapConstant == op->opcode() ||
+         IrOpcode::kTrustedHeapConstant == op->opcode());
   return OpParameter<Handle<HeapObject>>(op);
 }
 
diff --git a/deps/v8/src/compiler/common-operator.h b/deps/v8/src/compiler/common-operator.h
index cde46097569d96..1edcb7e83064f3 100644
--- a/deps/v8/src/compiler/common-operator.h
+++ b/deps/v8/src/compiler/common-operator.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_COMMON_OPERATOR_H_
 #define V8_COMPILER_COMMON_OPERATOR_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/codegen/machine-type.h"
 #include "src/codegen/reloc-info.h"
@@ -479,17 +481,17 @@ const char* StaticAssertSourceOf(const Operator* op);
 class SLVerifierHintParameters final {
  public:
   explicit SLVerifierHintParameters(const Operator* semantics,
-                                    base::Optional<Type> override_output_type)
+                                    std::optional<Type> override_output_type)
       : semantics_(semantics), override_output_type_(override_output_type) {}
 
   const Operator* semantics() const { return semantics_; }
-  const base::Optional<Type>& override_output_type() const {
+  const std::optional<Type>& override_output_type() const {
     return override_output_type_;
   }
 
  private:
   const Operator* semantics_;
-  base::Optional<Type> override_output_type_;
+  std::optional<Type> override_output_type_;
 };
 
 V8_EXPORT_PRIVATE bool operator==(const SLVerifierHintParameters& p1,
@@ -562,7 +564,7 @@ class V8_EXPORT_PRIVATE CommonOperatorBuilder final
   // are removed at the end of SimplifiedLowering after verification.
   const Operator* SLVerifierHint(
       const Operator* semantics,
-      const base::Optional<Type>& override_output_type);
+      const std::optional<Type>& override_output_type);
   const Operator* End(size_t control_input_count);
   // TODO(nicohartmann@): Remove the default argument for {semantics} once all
   // uses are updated.
@@ -612,6 +614,7 @@ class V8_EXPORT_PRIVATE CommonOperatorBuilder final
   const Operator* PointerConstant(intptr_t);
   const Operator* HeapConstant(const Handle<HeapObject>&);
   const Operator* CompressedHeapConstant(const Handle<HeapObject>&);
+  const Operator* TrustedHeapConstant(const Handle<HeapObject>&);
   const Operator* ObjectId(uint32_t);
 
   const Operator* RelocatableInt32Constant(int32_t value,
diff --git a/deps/v8/src/compiler/compilation-dependencies.cc b/deps/v8/src/compiler/compilation-dependencies.cc
index b9f7d42165bff3..e28209bf2c2436 100644
--- a/deps/v8/src/compiler/compilation-dependencies.cc
+++ b/deps/v8/src/compiler/compilation-dependencies.cc
@@ -4,8 +4,9 @@
 
 #include "src/compiler/compilation-dependencies.h"
 
+#include <optional>
+
 #include "src/base/hashmap.h"
-#include "src/base/optional.h"
 #include "src/common/assert-scope.h"
 #include "src/execution/protectors.h"
 #include "src/handles/handles-inl.h"
@@ -576,7 +577,7 @@ class OwnConstantDictionaryPropertyDependency final
       return false;
     }
 
-    base::Optional<Tagged<Object>> maybe_value = JSObject::DictionaryPropertyAt(
+    std::optional<Tagged<Object>> maybe_value = JSObject::DictionaryPropertyAt(
         holder_.object(), index_, broker->isolate()->heap());
 
     if (!maybe_value) {
@@ -1052,7 +1053,7 @@ class OwnConstantElementDependency final : public CompilationDependency {
   bool IsValid(JSHeapBroker* broker) const override {
     DisallowGarbageCollection no_gc;
     Tagged<JSObject> holder = *holder_.object();
-    base::Optional<Tagged<Object>> maybe_element =
+    std::optional<Tagged<Object>> maybe_element =
         holder_.GetOwnConstantElementFromHeap(
             broker, holder->elements(), holder->GetElementsKind(), index_);
     if (!maybe_element.has_value()) return false;
diff --git a/deps/v8/src/compiler/fast-api-calls.cc b/deps/v8/src/compiler/fast-api-calls.cc
index 771cd460c60b66..bcd1033cdec5e4 100644
--- a/deps/v8/src/compiler/fast-api-calls.cc
+++ b/deps/v8/src/compiler/fast-api-calls.cc
@@ -14,7 +14,7 @@ namespace v8 {
 // reasons: better performance and a simpler ABI for generated code and fast
 // API calls.
 ASSERT_TRIVIALLY_COPYABLE(api_internal::IndirectHandleBase);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 ASSERT_TRIVIALLY_COPYABLE(api_internal::DirectHandleBase);
 #endif
 ASSERT_TRIVIALLY_COPYABLE(LocalBase<Object>);
@@ -123,6 +123,14 @@ bool CanOptimizeFastSignature(const CFunctionInfo* c_signature) {
   }
 #endif
 
+#ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
+  if (!v8_flags.fast_api_allow_float_in_sim &&
+      (c_signature->ReturnInfo().GetType() == CTypeInfo::Type::kFloat32 ||
+       c_signature->ReturnInfo().GetType() == CTypeInfo::Type::kFloat64)) {
+    return false;
+  }
+#endif
+
 #ifndef V8_TARGET_ARCH_64_BIT
   if (c_signature->ReturnInfo().GetType() == CTypeInfo::Type::kInt64 ||
       c_signature->ReturnInfo().GetType() == CTypeInfo::Type::kUint64) {
@@ -148,6 +156,14 @@ bool CanOptimizeFastSignature(const CFunctionInfo* c_signature) {
     }
 #endif
 
+#ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
+    if (!v8_flags.fast_api_allow_float_in_sim &&
+        (c_signature->ArgumentInfo(i).GetType() == CTypeInfo::Type::kFloat32 ||
+         c_signature->ArgumentInfo(i).GetType() == CTypeInfo::Type::kFloat64)) {
+      return false;
+    }
+#endif
+
 #ifndef V8_TARGET_ARCH_64_BIT
     if (c_signature->ArgumentInfo(i).GetType() == CTypeInfo::Type::kInt64 ||
         c_signature->ArgumentInfo(i).GetType() == CTypeInfo::Type::kUint64) {
@@ -348,15 +364,9 @@ Node* FastApiCallBuilder::Build(const FastApiCallFunctionVector& c_functions,
     // If this check fails, you've probably added new fields to
     // v8::FastApiCallbackOptions, which means you'll need to write code
     // that initializes and reads from them too.
-    static_assert(kSize == sizeof(uintptr_t) * 4);
+    static_assert(kSize == sizeof(uintptr_t) * 2);
     stack_slot = __ StackSlot(kSize, kAlign);
 
-    __ Store(
-        StoreRepresentation(MachineRepresentation::kWord32, kNoWriteBarrier),
-        stack_slot,
-        static_cast<int>(offsetof(v8::FastApiCallbackOptions, fallback)),
-        __ Int32Constant(0));
-
     __ Store(StoreRepresentation(MachineType::PointerRepresentation(),
                                  kNoWriteBarrier),
              stack_slot,
@@ -405,25 +415,11 @@ Node* FastApiCallBuilder::Build(const FastApiCallFunctionVector& c_functions,
   Node* fast_call_result = convert_return_value_(c_signature, c_call_result);
 
   auto merge = __ MakeLabel(MachineRepresentation::kTagged);
-  if (c_signature->HasOptions()) {
-    DCHECK_NOT_NULL(stack_slot);
-    Node* load = __ Load(
-        MachineType::Int32(), stack_slot,
-        static_cast<int>(offsetof(v8::FastApiCallbackOptions, fallback)));
-
-    Node* is_zero = __ Word32Equal(load, __ Int32Constant(0));
-    __ Branch(is_zero, &if_success, &if_error);
-  } else {
-    __ Goto(&if_success);
-  }
+  __ Goto(&if_success);
 
-  // We need to generate a fallback (both fast and slow call) in case:
-  // 1) the generated code might fail, in case e.g. a Smi was passed where
-  // a JSObject was expected and an error must be thrown or
-  // 2) the embedder requested fallback possibility via providing options arg.
-  // None of the above usually holds true for Wasm functions with primitive
-  // types only, so we avoid generating an extra branch here.
-  DCHECK_IMPLIES(c_signature->HasOptions(), if_error.IsUsed());
+  // We need to generate a fallback (both fast and slow call) in case
+  // the generated code might fail, in case e.g. a Smi was passed where
+  // a JSObject was expected and an error must be thrown
   if (if_error.IsUsed()) {
     // Generate direct slow call.
     __ Bind(&if_error);
diff --git a/deps/v8/src/compiler/frame-states.cc b/deps/v8/src/compiler/frame-states.cc
index 8cf4b3a3378486..ed008c248cdb2f 100644
--- a/deps/v8/src/compiler/frame-states.cc
+++ b/deps/v8/src/compiler/frame-states.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/frame-states.h"
 
+#include <optional>
+
 #include "src/base/functional.h"
 #include "src/codegen/callable.h"
 #include "src/compiler/graph.h"
@@ -198,7 +200,7 @@ FrameState CreateStubBuiltinContinuationFrameState(
 FrameState CreateJSWasmCallBuiltinContinuationFrameState(
     JSGraph* jsgraph, Node* context, Node* outer_frame_state,
     const wasm::FunctionSig* signature) {
-  base::Optional<wasm::ValueKind> wasm_return_kind =
+  std::optional<wasm::ValueKind> wasm_return_kind =
       wasm::WasmReturnTypeFromSignature(signature);
   Node* node_return_type =
       jsgraph->SmiConstant(wasm_return_kind ? wasm_return_kind.value() : -1);
diff --git a/deps/v8/src/compiler/graph-assembler.cc b/deps/v8/src/compiler/graph-assembler.cc
index 64f6deab861fcf..ec9d7819c46e15 100644
--- a/deps/v8/src/compiler/graph-assembler.cc
+++ b/deps/v8/src/compiler/graph-assembler.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/graph-assembler.h"
 
+#include <optional>
+
 #include "src/base/container-utils.h"
 #include "src/codegen/callable.h"
 #include "src/codegen/machine-type.h"
@@ -44,7 +46,7 @@ class V8_NODISCARD GraphAssembler::BlockInlineReduction {
 
 GraphAssembler::GraphAssembler(
     MachineGraph* mcgraph, Zone* zone, BranchSemantics default_branch_semantics,
-    base::Optional<NodeChangedCallback> node_changed_callback,
+    std::optional<NodeChangedCallback> node_changed_callback,
     bool mark_loop_exits)
     : temp_zone_(zone),
       mcgraph_(mcgraph),
@@ -559,28 +561,28 @@ class ArrayBufferViewAccessBuilder {
     });
   }
 
-  base::Optional<int> TryComputeStaticElementShift() {
+  std::optional<int> TryComputeStaticElementShift() {
     DCHECK(instance_type_ != JS_RAB_GSAB_DATA_VIEW_TYPE);
     if (instance_type_ == JS_DATA_VIEW_TYPE) return 0;
-    if (candidates_.empty()) return base::nullopt;
+    if (candidates_.empty()) return std::nullopt;
     int shift = ElementsKindToShiftSize(*candidates_.begin());
     if (!base::all_of(candidates_, [shift](auto e) {
           return ElementsKindToShiftSize(e) == shift;
         })) {
-      return base::nullopt;
+      return std::nullopt;
     }
     return shift;
   }
 
-  base::Optional<int> TryComputeStaticElementSize() {
+  std::optional<int> TryComputeStaticElementSize() {
     DCHECK(instance_type_ != JS_RAB_GSAB_DATA_VIEW_TYPE);
     if (instance_type_ == JS_DATA_VIEW_TYPE) return 1;
-    if (candidates_.empty()) return base::nullopt;
+    if (candidates_.empty()) return std::nullopt;
     int size = ElementsKindToByteSize(*candidates_.begin());
     if (!base::all_of(candidates_, [size](auto e) {
           return ElementsKindToByteSize(e) == size;
         })) {
-      return base::nullopt;
+      return std::nullopt;
     }
     return size;
   }
@@ -676,8 +678,7 @@ class ArrayBufferViewAccessBuilder {
       TNode<Number> temp = TNode<Number>::UncheckedCast(a.TypeGuard(
           TypeCache::Get()->kJSArrayBufferViewByteLengthType,
           a.JSCallRuntime1(Runtime::kGrowableSharedArrayBufferByteLength,
-                           buffer, context, base::nullopt,
-                           Operator::kNoWrite)));
+                           buffer, context, std::nullopt, Operator::kNoWrite)));
       TNode<UintPtrT> byte_length =
           a.EnterMachineGraph<UintPtrT>(temp, UseInfo::Word());
       TNode<UintPtrT> byte_offset = MachineLoadField<UintPtrT>(
@@ -807,8 +808,7 @@ class ArrayBufferViewAccessBuilder {
       TNode<Number> temp = TNode<Number>::UncheckedCast(a.TypeGuard(
           TypeCache::Get()->kJSArrayBufferViewByteLengthType,
           a.JSCallRuntime1(Runtime::kGrowableSharedArrayBufferByteLength,
-                           buffer, context, base::nullopt,
-                           Operator::kNoWrite)));
+                           buffer, context, std::nullopt, Operator::kNoWrite)));
       TNode<UintPtrT> byte_length =
           a.EnterMachineGraph<UintPtrT>(temp, UseInfo::Word());
       TNode<UintPtrT> byte_offset = MachineLoadField<UintPtrT>(
@@ -985,7 +985,7 @@ TNode<Uint32T> JSGraphAssembler::LookupByteSizeForElementsKind(
 
 TNode<Object> JSGraphAssembler::JSCallRuntime1(
     Runtime::FunctionId function_id, TNode<Object> arg0, TNode<Context> context,
-    base::Optional<FrameState> frame_state, Operator::Properties properties) {
+    std::optional<FrameState> frame_state, Operator::Properties properties) {
   return MayThrow([&]() {
     if (frame_state.has_value()) {
       return AddNode<Object>(graph()->NewNode(
@@ -1051,7 +1051,7 @@ TNode<RawPtrT> GraphAssembler::StackSlot(int size, int alignment,
 }
 
 Node* GraphAssembler::AdaptLocalArgument(Node* argument) {
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   // With direct locals, the argument can be passed directly.
   return BitcastTaggedToWord(argument);
 #else
diff --git a/deps/v8/src/compiler/graph-assembler.h b/deps/v8/src/compiler/graph-assembler.h
index 6c920cf608dc4c..16c626dda13bd0 100644
--- a/deps/v8/src/compiler/graph-assembler.h
+++ b/deps/v8/src/compiler/graph-assembler.h
@@ -281,7 +281,7 @@ class V8_EXPORT_PRIVATE GraphAssembler {
   GraphAssembler(
       MachineGraph* jsgraph, Zone* zone,
       BranchSemantics default_branch_semantics,
-      base::Optional<NodeChangedCallback> node_changed_callback = base::nullopt,
+      std::optional<NodeChangedCallback> node_changed_callback = std::nullopt,
       bool mark_loop_exits = false);
   virtual ~GraphAssembler();
   virtual SimplifiedOperatorBuilder* simplified() { UNREACHABLE(); }
@@ -654,7 +654,7 @@ class V8_EXPORT_PRIVATE GraphAssembler {
   Node* control_;
   // {node_changed_callback_} should be called when a node outside the
   // subgraph created by the graph assembler changes.
-  base::Optional<NodeChangedCallback> node_changed_callback_;
+  std::optional<NodeChangedCallback> node_changed_callback_;
 
   // Inline reducers enable reductions to be performed to nodes as they are
   // added to the graph with the graph assembler.
@@ -954,7 +954,7 @@ class V8_EXPORT_PRIVATE JSGraphAssembler : public GraphAssembler {
   JSGraphAssembler(
       JSHeapBroker* broker, JSGraph* jsgraph, Zone* zone,
       BranchSemantics branch_semantics,
-      base::Optional<NodeChangedCallback> node_changed_callback = base::nullopt,
+      std::optional<NodeChangedCallback> node_changed_callback = std::nullopt,
       bool mark_loop_exits = false)
       : GraphAssembler(jsgraph, zone, branch_semantics, node_changed_callback,
                        mark_loop_exits),
@@ -1074,7 +1074,7 @@ class V8_EXPORT_PRIVATE JSGraphAssembler : public GraphAssembler {
 
   TNode<Object> JSCallRuntime1(
       Runtime::FunctionId function_id, TNode<Object> arg0,
-      TNode<Context> context, base::Optional<FrameState> frame_state,
+      TNode<Context> context, std::optional<FrameState> frame_state,
       Operator::Properties properties = Operator::kNoProperties);
   TNode<Object> JSCallRuntime2(Runtime::FunctionId function_id,
                                TNode<Object> arg0, TNode<Object> arg1,
diff --git a/deps/v8/src/compiler/graph-visualizer.cc b/deps/v8/src/compiler/graph-visualizer.cc
index 91dd375880bb22..f5c06635bd9e88 100644
--- a/deps/v8/src/compiler/graph-visualizer.cc
+++ b/deps/v8/src/compiler/graph-visualizer.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/graph-visualizer.h"
 
 #include <memory>
+#include <optional>
 #include <sstream>
 #include <string>
 
@@ -257,7 +258,7 @@ void JsonPrintAllSourceWithPositionsWasm(
     os << '"' << i << "\": {\"sourceId\": " << i << ", \"functionName\": \""
        << fct.func_index << "\", \"sourceName\": \"\", \"sourceText\": \"";
     base::Vector<const uint8_t> module_bytes{nullptr, 0};
-    base::Optional<wasm::ModuleWireBytes> maybe_wire_bytes =
+    std::optional<wasm::ModuleWireBytes> maybe_wire_bytes =
         wire_bytes->GetModuleBytes();
     if (maybe_wire_bytes) module_bytes = maybe_wire_bytes->module_bytes();
     std::ostringstream wasm_str;
@@ -487,8 +488,8 @@ void JSONGraphWriter::PrintEdge(Node* from, int index, Node* to) {
       << ",\"index\":" << index << ",\"type\":\"" << edge_type << "\"}";
 }
 
-base::Optional<Type> JSONGraphWriter::GetType(Node* node) {
-  if (!NodeProperties::IsTyped(node)) return base::nullopt;
+std::optional<Type> JSONGraphWriter::GetType(Node* node) {
+  if (!NodeProperties::IsTyped(node)) return std::nullopt;
   return NodeProperties::GetType(node);
 }
 
diff --git a/deps/v8/src/compiler/graph-visualizer.h b/deps/v8/src/compiler/graph-visualizer.h
index cea9806178e698..296693d4f79a8c 100644
--- a/deps/v8/src/compiler/graph-visualizer.h
+++ b/deps/v8/src/compiler/graph-visualizer.h
@@ -10,12 +10,12 @@
 #include <fstream>
 #include <iosfwd>
 #include <memory>
+#include <optional>
 #include <vector>
 
-#include "src/objects/code.h"
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/handles/handles.h"
+#include "src/objects/code.h"
 
 namespace v8 {
 namespace internal {
@@ -174,7 +174,7 @@ class JSONGraphWriter {
   void PrintNode(Node* node, bool is_live);
   void PrintEdges(Node* node);
   void PrintEdge(Node* from, int index, Node* to);
-  virtual base::Optional<Type> GetType(Node* node);
+  virtual std::optional<Type> GetType(Node* node);
 
  protected:
   std::ostream& os_;
diff --git a/deps/v8/src/compiler/heap-refs.cc b/deps/v8/src/compiler/heap-refs.cc
index 158f9b981135b2..b415e45a509dc8 100644
--- a/deps/v8/src/compiler/heap-refs.cc
+++ b/deps/v8/src/compiler/heap-refs.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/heap-refs.h"
 
+#include <optional>
+
 #include "src/compiler/js-heap-broker.h"
 #include "src/objects/elements-kind.h"
 
@@ -12,7 +14,6 @@
 #endif
 
 #include "src/api/api-inl.h"
-#include "src/base/optional.h"
 #include "src/compiler/compilation-dependencies.h"
 #include "src/compiler/js-heap-broker-inl.h"
 #include "src/execution/protectors-inl.h"
@@ -145,12 +146,12 @@ class HeapObjectData : public ObjectData {
   HeapObjectData(JSHeapBroker* broker, ObjectData** storage,
                  Handle<HeapObject> object, ObjectDataKind kind);
 
-  base::Optional<bool> TryGetBooleanValue(JSHeapBroker* broker) const;
+  std::optional<bool> TryGetBooleanValue(JSHeapBroker* broker) const;
   ObjectData* map() const { return map_; }
   InstanceType GetMapInstanceType() const;
 
  private:
-  base::Optional<bool> TryGetBooleanValueImpl(JSHeapBroker* broker) const;
+  std::optional<bool> TryGetBooleanValueImpl(JSHeapBroker* broker) const;
 
   ObjectData* const map_;
 };
@@ -182,27 +183,28 @@ class PropertyCellData : public HeapObjectData {
 namespace {
 
 ZoneVector<Address> GetCFunctions(Tagged<FixedArray> function_overloads,
-                                  Zone* zone) {
+                                  Isolate* isolate, Zone* zone) {
   const int len = function_overloads->length() /
                   FunctionTemplateInfo::kFunctionOverloadEntrySize;
   ZoneVector<Address> c_functions = ZoneVector<Address>(len, zone);
   for (int i = 0; i < len; i++) {
-    c_functions[i] = v8::ToCData<kCFunctionTag>(function_overloads->get(
-        FunctionTemplateInfo::kFunctionOverloadEntrySize * i));
+    c_functions[i] = v8::ToCData<kCFunctionTag>(
+        isolate, function_overloads->get(
+                     FunctionTemplateInfo::kFunctionOverloadEntrySize * i));
   }
   return c_functions;
 }
 
 ZoneVector<const CFunctionInfo*> GetCSignatures(
-    Tagged<FixedArray> function_overloads, Zone* zone) {
+    Tagged<FixedArray> function_overloads, Isolate* isolate, Zone* zone) {
   const int len = function_overloads->length() /
                   FunctionTemplateInfo::kFunctionOverloadEntrySize;
   ZoneVector<const CFunctionInfo*> c_signatures =
       ZoneVector<const CFunctionInfo*>(len, zone);
   for (int i = 0; i < len; i++) {
     c_signatures[i] = v8::ToCData<const CFunctionInfo*, kCFunctionInfoTag>(
-        function_overloads->get(
-            FunctionTemplateInfo::kFunctionOverloadEntrySize * i + 1));
+        isolate, function_overloads->get(
+                     FunctionTemplateInfo::kFunctionOverloadEntrySize * i + 1));
   }
   return c_signatures;
 }
@@ -294,10 +296,10 @@ uint64_t RacyReadHeapNumberBits(Tagged<HeapNumber> value) {
   return value->value_as_bits();
 }
 
-base::Optional<Tagged<Object>> GetOwnFastConstantDataPropertyFromHeap(
+std::optional<Tagged<Object>> GetOwnFastConstantDataPropertyFromHeap(
     JSHeapBroker* broker, JSObjectRef holder, Representation representation,
     FieldIndex field_index) {
-  base::Optional<Tagged<Object>> constant;
+  std::optional<Tagged<Object>> constant;
   {
     DisallowGarbageCollection no_gc;
     PtrComprCageBase cage_base = broker->cage_base();
@@ -386,7 +388,7 @@ OptionalObjectRef GetOwnDictionaryPropertyFromHeap(
     DisallowGarbageCollection no_gc;
     // DictionaryPropertyAt will check that we are within the bounds of the
     // object.
-    base::Optional<Tagged<Object>> maybe_constant =
+    std::optional<Tagged<Object>> maybe_constant =
         JSObject::DictionaryPropertyAt(receiver, dict_index,
                                        broker->isolate()->heap());
     DCHECK_IMPLIES(broker->IsMainThread(), maybe_constant);
@@ -772,7 +774,7 @@ HeapObjectData::HeapObjectData(JSHeapBroker* broker, ObjectData** storage,
                 kind == kBackgroundSerializedHeapObject);
 }
 
-base::Optional<bool> HeapObjectData::TryGetBooleanValue(
+std::optional<bool> HeapObjectData::TryGetBooleanValue(
     JSHeapBroker* broker) const {
   // Keep in sync with Object::BooleanValue.
   auto result = TryGetBooleanValueImpl(broker);
@@ -782,7 +784,7 @@ base::Optional<bool> HeapObjectData::TryGetBooleanValue(
   return result;
 }
 
-base::Optional<bool> HeapObjectData::TryGetBooleanValueImpl(
+std::optional<bool> HeapObjectData::TryGetBooleanValueImpl(
     JSHeapBroker* broker) const {
   DisallowGarbageCollection no_gc;
   Tagged<Object> o = *object();
@@ -1141,6 +1143,10 @@ int ObjectRef::AsSmi() const {
 INSTANCE_TYPE_CHECKERS(DEF_TESTER)
 #undef DEF_TESTER
 
+bool MapRef::IsBooleanMap(JSHeapBroker* broker) const {
+  return *this == broker->boolean_map();
+}
+
 bool MapRef::CanInlineElementAccess() const {
   if (!IsJSObjectMap()) return false;
   if (is_access_check_needed()) return false;
@@ -1182,7 +1188,7 @@ OptionalMapRef MapRef::AsElementsKind(JSHeapBroker* broker,
   }
 #endif  // DEBUG
 
-  base::Optional<Tagged<Map>> maybe_result = Map::TryAsElementsKind(
+  std::optional<Tagged<Map>> maybe_result = Map::TryAsElementsKind(
       broker->isolate(), object(), kind, ConcurrencyMode::kConcurrent);
 
   if (!maybe_result.has_value()) {
@@ -1301,7 +1307,7 @@ OptionalObjectRef JSObjectRef::RawInobjectPropertyAt(JSHeapBroker* broker,
       return {};
     }
 
-    base::Optional<Tagged<Object>> maybe_value =
+    std::optional<Tagged<Object>> maybe_value =
         object()->RawInobjectPropertyAt(cage_base, current_map, index);
     if (!maybe_value.has_value()) {
       TRACE_BROKER_MISSING(broker,
@@ -1391,13 +1397,13 @@ bool StringRef::IsOneByteRepresentation() const {
 
 // TODO(leszeks): The broker is only needed here for tracing, maybe we could get
 // it from a thread local instead.
-base::Optional<Handle<String>> StringRef::ObjectIfContentAccessible(
+std::optional<Handle<String>> StringRef::ObjectIfContentAccessible(
     JSHeapBroker* broker) {
   if (!IsContentAccessible()) {
     TRACE_BROKER_MISSING(
         broker,
         "content for kNeverSerialized unsupported string kind " << *this);
-    return base::nullopt;
+    return std::nullopt;
   } else {
     return object();
   }
@@ -1405,17 +1411,17 @@ base::Optional<Handle<String>> StringRef::ObjectIfContentAccessible(
 
 int StringRef::length() const { return object()->length(kAcquireLoad); }
 
-base::Optional<uint16_t> StringRef::GetFirstChar(JSHeapBroker* broker) const {
+std::optional<uint16_t> StringRef::GetFirstChar(JSHeapBroker* broker) const {
   return GetChar(broker, 0);
 }
 
-base::Optional<uint16_t> StringRef::GetChar(JSHeapBroker* broker,
-                                            int index) const {
+std::optional<uint16_t> StringRef::GetChar(JSHeapBroker* broker,
+                                           int index) const {
   if (!IsContentAccessible()) {
     TRACE_BROKER_MISSING(
         broker,
         "get char for kNeverSerialized unsupported string kind " << *this);
-    return base::nullopt;
+    return std::nullopt;
   }
 
   if (!broker->IsMainThread()) {
@@ -1427,22 +1433,22 @@ base::Optional<uint16_t> StringRef::GetChar(JSHeapBroker* broker,
   }
 }
 
-base::Optional<double> StringRef::ToNumber(JSHeapBroker* broker) {
+std::optional<double> StringRef::ToNumber(JSHeapBroker* broker) {
   if (!IsContentAccessible()) {
     TRACE_BROKER_MISSING(
         broker,
         "number for kNeverSerialized unsupported string kind " << *this);
-    return base::nullopt;
+    return std::nullopt;
   }
 
   return TryStringToDouble(broker->local_isolate(), object());
 }
 
-base::Optional<double> StringRef::ToInt(JSHeapBroker* broker, int radix) {
+std::optional<double> StringRef::ToInt(JSHeapBroker* broker, int radix) {
   if (!IsContentAccessible()) {
     TRACE_BROKER_MISSING(
         broker, "toInt for kNeverSerialized unsupported string kind " << *this);
-    return base::nullopt;
+    return std::nullopt;
   }
 
   return TryStringToInt(broker->local_isolate(), object(), radix);
@@ -1618,10 +1624,11 @@ int ObjectBoilerplateDescriptionRef::boilerplate_properties_count() const {
 BIMODAL_ACCESSOR(PropertyCell, Object, value)
 BIMODAL_ACCESSOR_C(PropertyCell, PropertyDetails, property_details)
 
-FixedArrayRef RegExpBoilerplateDescriptionRef::data(
+HeapObjectRef RegExpBoilerplateDescriptionRef::data(
     JSHeapBroker* broker) const {
   // Immutable after initialization.
-  return MakeRefAssumeMemoryFence(broker, object()->data());
+  return MakeRefAssumeMemoryFence(
+      broker, Cast<HeapObject>(object()->data(broker->isolate())));
 }
 
 StringRef RegExpBoilerplateDescriptionRef::source(JSHeapBroker* broker) const {
@@ -1662,7 +1669,7 @@ HolderLookupResult FunctionTemplateInfoRef::LookupHolderOfExpectedType(
     return not_found;
   }
 
-  Handle<FunctionTemplateInfo> expected_receiver_type;
+  DirectHandle<FunctionTemplateInfo> expected_receiver_type;
   {
     DisallowGarbageCollection no_gc;
     Tagged<HeapObject> signature = object()->signature();
@@ -1739,6 +1746,10 @@ ObjectRef FeedbackCellRef::value(JSHeapBroker* broker) const {
   return MakeRefAssumeMemoryFence(broker, object()->value(kAcquireLoad));
 }
 
+bool FeedbackVectorRef::was_once_deoptimized() const {
+  return object()->was_once_deoptimized();
+}
+
 OptionalObjectRef MapRef::GetStrongValue(JSHeapBroker* broker,
                                          InternalIndex descriptor_index) const {
   CHECK_LT(descriptor_index.as_int(), NumberOfOwnDescriptors());
@@ -1839,13 +1850,13 @@ bool StringRef::IsExternalString() const {
 ZoneVector<Address> FunctionTemplateInfoRef::c_functions(
     JSHeapBroker* broker) const {
   return GetCFunctions(Cast<FixedArray>(object()->GetCFunctionOverloads()),
-                       broker->zone());
+                       broker->isolate(), broker->zone());
 }
 
 ZoneVector<const CFunctionInfo*> FunctionTemplateInfoRef::c_signatures(
     JSHeapBroker* broker) const {
   return GetCSignatures(Cast<FixedArray>(object()->GetCFunctionOverloads()),
-                        broker->zone());
+                        broker->isolate(), broker->zone());
 }
 
 bool StringRef::IsSeqString() const { return i::IsSeqString(*object()); }
@@ -1897,7 +1908,7 @@ OptionalJSFunctionRef NativeContextRef::GetConstructorFunction(
   CHECK(map.IsPrimitiveMap());
   switch (map.constructor_function_index()) {
     case Map::kNoConstructorFunctionIndex:
-      return base::nullopt;
+      return std::nullopt;
     case Context::BIGINT_FUNCTION_INDEX:
       return bigint_function(broker);
     case Context::BOOLEAN_FUNCTION_INDEX:
@@ -1936,6 +1947,11 @@ bool ObjectRef::IsHashTableHole() const {
 }
 
 HoleType ObjectRef::HoleType() const {
+  // Trusted objects cannot be TheHole and comparing them to TheHole is not
+  // allowed, as they live in different cage bases.
+  if (i::IsHeapObject(*object()) &&
+      IsTrustedSpaceObject(Cast<HeapObject>(*object())))
+    return HoleType::kNone;
 #define IF_HOLE_THEN_RETURN(Name, name, Root) \
   if (i::Is##Name(*object())) {               \
     return HoleType::k##Name;                 \
@@ -1949,7 +1965,7 @@ HoleType ObjectRef::HoleType() const {
 
 bool ObjectRef::IsNullOrUndefined() const { return IsNull() || IsUndefined(); }
 
-base::Optional<bool> ObjectRef::TryGetBooleanValue(JSHeapBroker* broker) const {
+std::optional<bool> ObjectRef::TryGetBooleanValue(JSHeapBroker* broker) const {
   if (data_->should_access_heap()) {
     return Object::BooleanValue(*object(), broker->isolate());
   }
@@ -1984,7 +2000,7 @@ bool ObjectRef::should_access_heap() const {
 OptionalObjectRef JSObjectRef::GetOwnConstantElement(
     JSHeapBroker* broker, FixedArrayBaseRef elements_ref, uint32_t index,
     CompilationDependencies* dependencies) const {
-  base::Optional<Tagged<Object>> maybe_element = GetOwnConstantElementFromHeap(
+  std::optional<Tagged<Object>> maybe_element = GetOwnConstantElementFromHeap(
       broker, *elements_ref.object(), map(broker).elements_kind(), index);
   if (!maybe_element.has_value()) return {};
 
@@ -1995,7 +2011,7 @@ OptionalObjectRef JSObjectRef::GetOwnConstantElement(
   return result;
 }
 
-base::Optional<Tagged<Object>> JSObjectRef::GetOwnConstantElementFromHeap(
+std::optional<Tagged<Object>> JSObjectRef::GetOwnConstantElementFromHeap(
     JSHeapBroker* broker, Tagged<FixedArrayBase> elements,
     ElementsKind elements_kind, uint32_t index) const {
   DCHECK_LE(index, JSObject::kMaxElementIndex);
@@ -2051,7 +2067,7 @@ OptionalObjectRef JSObjectRef::GetOwnFastConstantDataProperty(
   // Use GetOwnFastConstantDoubleProperty for doubles.
   DCHECK(!field_representation.IsDouble());
 
-  base::Optional<Tagged<Object>> constant =
+  std::optional<Tagged<Object>> constant =
       GetOwnFastConstantDataPropertyFromHeap(broker, *this,
                                              field_representation, index);
   if (!constant) return {};
@@ -2066,10 +2082,10 @@ OptionalObjectRef JSObjectRef::GetOwnFastConstantDataProperty(
   return result;
 }
 
-base::Optional<Float64> JSObjectRef::GetOwnFastConstantDoubleProperty(
+std::optional<Float64> JSObjectRef::GetOwnFastConstantDoubleProperty(
     JSHeapBroker* broker, FieldIndex index,
     CompilationDependencies* dependencies) const {
-  base::Optional<Tagged<Object>> constant =
+  std::optional<Tagged<Object>> constant =
       GetOwnFastConstantDataPropertyFromHeap(broker, *this,
                                              Representation::Double(), index);
   if (!constant) return {};
@@ -2138,7 +2154,7 @@ OptionalObjectRef JSArrayRef::GetOwnCowElement(JSHeapBroker* broker,
   // Likewise we only deal with smi lengths.
   if (!length_ref->IsSmi()) return {};
 
-  base::Optional<Tagged<Object>> result =
+  std::optional<Tagged<Object>> result =
       ConcurrentLookupIterator::TryGetOwnCowElement(
           broker->isolate(), *elements_ref.AsFixedArray().object(),
           elements_kind, length_ref->AsSmi(), index);
@@ -2416,7 +2432,7 @@ bool NativeContextRef::GlobalIsDetached(JSHeapBroker* broker) const {
 
 OptionalPropertyCellRef JSGlobalObjectRef::GetPropertyCell(JSHeapBroker* broker,
                                                            NameRef name) const {
-  base::Optional<Tagged<PropertyCell>> maybe_cell =
+  std::optional<Tagged<PropertyCell>> maybe_cell =
       ConcurrentLookupIterator::TryGetPropertyCell(
           broker->isolate(), broker->local_isolate_or_isolate(),
           broker->target_native_context().global_object(broker).object(),
diff --git a/deps/v8/src/compiler/heap-refs.h b/deps/v8/src/compiler/heap-refs.h
index e2edab60ffa786..76ae9dc4e992da 100644
--- a/deps/v8/src/compiler/heap-refs.h
+++ b/deps/v8/src/compiler/heap-refs.h
@@ -5,9 +5,9 @@
 #ifndef V8_COMPILER_HEAP_REFS_H_
 #define V8_COMPILER_HEAP_REFS_H_
 
+#include <optional>
 #include <type_traits>
 
-#include "src/base/optional.h"
 #include "src/ic/call-optimization.h"
 #include "src/objects/elements-kind.h"
 #include "src/objects/feedback-vector.h"
@@ -299,7 +299,7 @@ struct ref_traits<Union<T...>> {
           : RefSerializationKind::kBackgroundSerialized;
 };
 
-// Wrapper around heap refs which works roughly like a base::Optional, but
+// Wrapper around heap refs which works roughly like a std::optional, but
 // doesn't use extra storage for a boolean, but instead uses a null data pointer
 // as a sentinel no value.
 template <typename TRef>
@@ -324,7 +324,7 @@ class OptionalRef {
 
   OptionalRef() = default;
   // NOLINTNEXTLINE
-  OptionalRef(base::nullopt_t) : OptionalRef() {}
+  OptionalRef(std::nullopt_t) : OptionalRef() {}
 
   // Allow implicit upcasting from OptionalRefs with compatible refs.
   template <typename SRef, typename = typename std::enable_if<
@@ -414,7 +414,7 @@ class V8_EXPORT_PRIVATE ObjectRef {
   bool IsPromiseHole() const;
   bool IsNullOrUndefined() const;
 
-  base::Optional<bool> TryGetBooleanValue(JSHeapBroker* broker) const;
+  std::optional<bool> TryGetBooleanValue(JSHeapBroker* broker) const;
   Maybe<double> OddballToNumber(JSHeapBroker* broker) const;
 
   bool should_access_heap() const;
@@ -584,7 +584,7 @@ class JSObjectRef : public JSReceiverRef {
   // The direct-read implementation of the above, extracted into a helper since
   // it's also called from compilation-dependency validation. This helper is
   // guaranteed to not create new Ref instances.
-  base::Optional<Tagged<Object>> GetOwnConstantElementFromHeap(
+  std::optional<Tagged<Object>> GetOwnConstantElementFromHeap(
       JSHeapBroker* broker, Tagged<FixedArrayBase> elements,
       ElementsKind elements_kind, uint32_t index) const;
 
@@ -605,7 +605,7 @@ class JSObjectRef : public JSReceiverRef {
   // is constant.
   // If a property was successfully read, then the function will take a
   // dependency to check the value of the property at code finalization time.
-  base::Optional<Float64> GetOwnFastConstantDoubleProperty(
+  std::optional<Float64> GetOwnFastConstantDoubleProperty(
       JSHeapBroker* broker, FieldIndex index,
       CompilationDependencies* dependencies) const;
 
@@ -677,7 +677,7 @@ class RegExpBoilerplateDescriptionRef : public HeapObjectRef {
 
   Handle<RegExpBoilerplateDescription> object() const;
 
-  FixedArrayRef data(JSHeapBroker* broker) const;
+  HeapObjectRef data(JSHeapBroker* broker) const;
   StringRef source(JSHeapBroker* broker) const;
   int flags() const;
 };
@@ -825,6 +825,8 @@ class FeedbackVectorRef : public HeapObjectRef {
   SharedFunctionInfoRef shared_function_info(JSHeapBroker* broker) const;
 
   FeedbackCellRef GetClosureFeedbackCell(JSHeapBroker* broker, int index) const;
+
+  bool was_once_deoptimized() const;
 };
 
 class AccessorInfoRef : public HeapObjectRef {
@@ -907,6 +909,8 @@ class V8_EXPORT_PRIVATE MapRef : public HeapObjectRef {
   INSTANCE_TYPE_CHECKERS(DEF_TESTER)
 #undef DEF_TESTER
 
+  bool IsBooleanMap(JSHeapBroker* broker) const;
+
   HeapObjectRef GetBackPointer(JSHeapBroker* broker) const;
 
   HeapObjectRef prototype(JSHeapBroker* broker) const;
@@ -933,7 +937,7 @@ class V8_EXPORT_PRIVATE MapRef : public HeapObjectRef {
 struct HolderLookupResult {
   HolderLookupResult(CallOptimization::HolderLookup lookup_ =
                          CallOptimization::kHolderNotFound,
-                     OptionalJSObjectRef holder_ = base::nullopt)
+                     OptionalJSObjectRef holder_ = std::nullopt)
       : lookup(lookup_), holder(holder_) {}
   CallOptimization::HolderLookup lookup;
   OptionalJSObjectRef holder;
@@ -1134,20 +1138,19 @@ class StringRef : public NameRef {
 
   Handle<String> object() const;
 
-  // With concurrent inlining on, we return base::nullopt due to not being able
+  // With concurrent inlining on, we return std::nullopt due to not being able
   // to use LookupIterator in a thread-safe way.
   OptionalObjectRef GetCharAsStringOrUndefined(JSHeapBroker* broker,
                                                uint32_t index) const;
 
   // When concurrently accessing non-read-only non-supported strings, we return
-  // base::nullopt for these methods.
-  base::Optional<Handle<String>> ObjectIfContentAccessible(
-      JSHeapBroker* broker);
+  // std::nullopt for these methods.
+  std::optional<Handle<String>> ObjectIfContentAccessible(JSHeapBroker* broker);
   int length() const;
-  base::Optional<uint16_t> GetFirstChar(JSHeapBroker* broker) const;
-  base::Optional<uint16_t> GetChar(JSHeapBroker* broker, int index) const;
-  base::Optional<double> ToNumber(JSHeapBroker* broker);
-  base::Optional<double> ToInt(JSHeapBroker* broker, int radix);
+  std::optional<uint16_t> GetFirstChar(JSHeapBroker* broker) const;
+  std::optional<uint16_t> GetChar(JSHeapBroker* broker, int index) const;
+  std::optional<double> ToNumber(JSHeapBroker* broker);
+  std::optional<double> ToInt(JSHeapBroker* broker, int radix);
 
   bool IsSeqString() const;
   bool IsExternalString() const;
diff --git a/deps/v8/src/compiler/js-call-reducer.cc b/deps/v8/src/compiler/js-call-reducer.cc
index be25d7e5fa3d9c..9d199f8d4a9d43 100644
--- a/deps/v8/src/compiler/js-call-reducer.cc
+++ b/deps/v8/src/compiler/js-call-reducer.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/js-call-reducer.h"
 
 #include <functional>
+#include <optional>
 
 #include "src/base/container-utils.h"
 #include "src/base/small-vector.h"
@@ -272,16 +273,18 @@ class JSCallReducerAssembler : public JSGraphAssembler {
 
   ForBuilder0 ForZeroUntil(TNode<Number> excluded_limit) {
     TNode<Number> initial_value = ZeroConstant();
-    auto cond = [=](TNode<Number> i) {
+    auto cond = [=, this](TNode<Number> i) {
       return NumberLessThan(i, excluded_limit);
     };
-    auto step = [=](TNode<Number> i) { return NumberAdd(i, OneConstant()); };
+    auto step = [=, this](TNode<Number> i) {
+      return NumberAdd(i, OneConstant());
+    };
     return {this, initial_value, cond, step};
   }
 
   ForBuilder0 Forever(TNode<Number> initial_value, const StepFunction1& step) {
-    return {this, initial_value, [=](TNode<Number>) { return TrueConstant(); },
-            step};
+    return {this, initial_value,
+            [=, this](TNode<Number>) { return TrueConstant(); }, step};
   }
 
   using For1BodyFunction = std::function<void(TNode<Number>, TNode<Object>*)>;
@@ -354,10 +357,12 @@ class JSCallReducerAssembler : public JSGraphAssembler {
   ForBuilder1 For1ZeroUntil(TNode<Number> excluded_limit,
                             TNode<Object> initial_arg0) {
     TNode<Number> initial_value = ZeroConstant();
-    auto cond = [=](TNode<Number> i) {
+    auto cond = [=, this](TNode<Number> i) {
       return NumberLessThan(i, excluded_limit);
     };
-    auto step = [=](TNode<Number> i) { return NumberAdd(i, OneConstant()); };
+    auto step = [=, this](TNode<Number> i) {
+      return NumberAdd(i, OneConstant());
+    };
     return {this, initial_value, cond, step, initial_arg0};
   }
 
@@ -872,7 +877,7 @@ TNode<Object> JSCallReducerAssembler::CopyNode() {
 TNode<JSArray> JSCallReducerAssembler::CreateArrayNoThrow(
     TNode<Object> ctor, TNode<Number> size, FrameState frame_state) {
   return AddNode<JSArray>(
-      graph()->NewNode(javascript()->CreateArray(1, base::nullopt), ctor, ctor,
+      graph()->NewNode(javascript()->CreateArray(1, std::nullopt), ctor, ctor,
                        size, ContextInput(), frame_state, effect(), control()));
 }
 
@@ -1752,7 +1757,7 @@ struct MapFrameStateParams {
   TNode<Object> receiver;
   TNode<Object> callback;
   TNode<Object> this_arg;
-  base::Optional<TNode<JSArray>> a;
+  std::optional<TNode<JSArray>> a;
   TNode<Object> original_length;
 };
 
@@ -2701,7 +2706,7 @@ Reduction JSCallReducer::ReduceArrayConstructor(Node* node) {
   NodeProperties::ReplaceValueInput(node, target, 0);
   NodeProperties::ReplaceValueInput(node, target, 1);
   NodeProperties::ChangeOp(node,
-                           javascript()->CreateArray(arity, base::nullopt));
+                           javascript()->CreateArray(arity, std::nullopt));
   return Changed(node);
 }
 
@@ -3833,10 +3838,13 @@ Reduction JSCallReducer::ReduceCallWasmFunction(Node* node,
   if (shared.object()->HasWasmExportedFunctionData()) {
     // TODO(jkummerow): Introduce a pointer from WasmExportedFunctionData
     // to WasmTrustedInstanceData.
-    Tagged<TrustedObject> ref =
-        shared.object()->wasm_exported_function_data()->internal()->ref();
-    if (!IsWasmTrustedInstanceData(ref)) return NoChange();
-    native_module = Cast<WasmTrustedInstanceData>(ref)->native_module();
+    Tagged<TrustedObject> implicit_arg = shared.object()
+                                             ->wasm_exported_function_data()
+                                             ->internal()
+                                             ->implicit_arg();
+    if (!IsWasmTrustedInstanceData(implicit_arg)) return NoChange();
+    native_module =
+        Cast<WasmTrustedInstanceData>(implicit_arg)->native_module();
   }
   // TODO(mliedtke): We should be able to remove module, signature, native
   // module and function index from the SharedFunctionInfoRef. However, for some
@@ -4967,6 +4975,12 @@ Reduction JSCallReducer::ReduceJSCall(Node* node,
     case Builtin::kDataViewPrototypeGetFloat64:
       return ReduceDataViewAccess(node, DataViewAccess::kGet,
                                   ExternalArrayType::kExternalFloat64Array);
+    case Builtin::kDataViewPrototypeGetBigInt64:
+      return ReduceDataViewAccess(node, DataViewAccess::kGet,
+                                  ExternalArrayType::kExternalBigInt64Array);
+    case Builtin::kDataViewPrototypeGetBigUint64:
+      return ReduceDataViewAccess(node, DataViewAccess::kGet,
+                                  ExternalArrayType::kExternalBigUint64Array);
     case Builtin::kDataViewPrototypeSetUint8:
       return ReduceDataViewAccess(node, DataViewAccess::kSet,
                                   ExternalArrayType::kExternalUint8Array);
@@ -4991,6 +5005,12 @@ Reduction JSCallReducer::ReduceJSCall(Node* node,
     case Builtin::kDataViewPrototypeSetFloat64:
       return ReduceDataViewAccess(node, DataViewAccess::kSet,
                                   ExternalArrayType::kExternalFloat64Array);
+    case Builtin::kDataViewPrototypeSetBigInt64:
+      return ReduceDataViewAccess(node, DataViewAccess::kSet,
+                                  ExternalArrayType::kExternalBigInt64Array);
+    case Builtin::kDataViewPrototypeSetBigUint64:
+      return ReduceDataViewAccess(node, DataViewAccess::kSet,
+                                  ExternalArrayType::kExternalBigUint64Array);
     case Builtin::kTypedArrayPrototypeByteLength:
       return ReduceArrayBufferViewByteLengthAccessor(node, JS_TYPED_ARRAY_TYPE);
     case Builtin::kTypedArrayPrototypeByteOffset:
@@ -5301,7 +5321,7 @@ Reduction JSCallReducer::ReduceJSCallWithArrayLike(Node* node) {
     return NoChange();
   }
 
-  base::Optional<Reduction> maybe_result =
+  std::optional<Reduction> maybe_result =
       TryReduceJSCallMathMinMaxWithArrayLike(node);
   if (maybe_result.has_value()) {
     return maybe_result.value();
@@ -5438,7 +5458,7 @@ Reduction JSCallReducer::ReduceJSConstruct(Node* node) {
           node->ReplaceInput(n.NewTargetIndex(), new_target);
           node->RemoveInput(n.FeedbackVectorIndex());
           NodeProperties::ChangeOp(
-              node, javascript()->CreateArray(arity, base::nullopt));
+              node, javascript()->CreateArray(arity, std::nullopt));
           return Changed(node);
         }
         case Builtin::kObjectConstructor: {
@@ -7056,7 +7076,7 @@ Reduction JSCallReducer::ReduceStringPrototypeLocaleCompare(Node* node) {
   }
 
   {
-    Handle<Object> locales;
+    DirectHandle<Object> locales;
     {
       HeapObjectMatcher m(n.ArgumentOrUndefined(1, jsgraph()));
       if (!m.HasResolvedValue()) return NoChange();
@@ -7066,7 +7086,7 @@ Reduction JSCallReducer::ReduceStringPrototypeLocaleCompare(Node* node) {
         ObjectRef ref = m.Ref(broker());
         if (!ref.IsString()) return NoChange();
         StringRef sref = ref.AsString();
-        if (base::Optional<Handle<String>> maybe_locales =
+        if (std::optional<Handle<String>> maybe_locales =
                 sref.ObjectIfContentAccessible(broker())) {
           locales = *maybe_locales;
         } else {
@@ -8399,6 +8419,12 @@ Reduction JSCallReducer::ReduceDataViewAccess(Node* node, DataViewAccess access,
   Node* receiver = n.receiver();
   Node* offset = n.ArgumentOr(0, jsgraph()->ZeroConstant());
   Node* value = nullptr;
+
+  if (!Is64() && (element_type == kExternalBigInt64Array ||
+                  element_type == kExternalBigUint64Array)) {
+    return NoChange();
+  }
+
   if (access == DataViewAccess::kSet) {
     value = n.ArgumentOrUndefined(1, jsgraph());
   }
@@ -8461,10 +8487,18 @@ Reduction JSCallReducer::ReduceDataViewAccess(Node* node, DataViewAccess access,
 
   // Coerce {value} to Number.
   if (access == DataViewAccess::kSet) {
-    value = effect = graph()->NewNode(
-        simplified()->SpeculativeToNumber(NumberOperationHint::kNumberOrOddball,
-                                          p.feedback()),
-        value, effect, control);
+    if (element_type == kExternalBigInt64Array ||
+        element_type == kExternalBigUint64Array) {
+      value = effect =
+          graph()->NewNode(simplified()->SpeculativeToBigInt(
+                               BigIntOperationHint::kBigInt, p.feedback()),
+                           value, effect, control);
+    } else {
+      value = effect = graph()->NewNode(
+          simplified()->SpeculativeToNumber(
+              NumberOperationHint::kNumberOrOddball, p.feedback()),
+          value, effect, control);
+    }
   }
 
   // We need to retain either the {receiver} itself or it's backing
@@ -8639,7 +8673,7 @@ Reduction JSCallReducer::ReduceNumberParseInt(Node* node) {
       return Replace(value);
     }
 
-    base::Optional<double> number = input_value.ToInt(broker(), radix_value);
+    std::optional<double> number = input_value.ToInt(broker(), radix_value);
     if (number.has_value()) {
       Node* result = graph()->NewNode(common()->NumberConstant(number.value()));
       ReplaceWithValue(node, result);
@@ -8834,9 +8868,9 @@ Reduction JSCallReducer::ReduceBigIntAsN(Node* node, Builtin builtin) {
   return NoChange();
 }
 
-base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
+std::optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
     Node* node) {
-  if (!v8_flags.turbo_optimize_math_minmax) return base::nullopt;
+  if (!v8_flags.turbo_optimize_math_minmax) return std::nullopt;
 
   JSCallWithArrayLikeNode n(node);
   CallParameters const& p = n.Parameters();
@@ -8845,15 +8879,15 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
   Control control = n.control();
 
   if (p.speculation_mode() == SpeculationMode::kDisallowSpeculation) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   if (n.ArgumentCount() != 1) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   if (!dependencies()->DependOnNoElementsProtector()) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // These ops are handled by ReduceCallOrConstructWithArrayLikeOrSpread.
@@ -8862,7 +8896,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
   Node* arguments_list = n.Argument(0);
   if (arguments_list->opcode() == IrOpcode::kJSCreateLiteralArray ||
       arguments_list->opcode() == IrOpcode::kJSCreateArguments) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   HeapObjectMatcher m(target);
@@ -8873,7 +8907,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
 
       // Don't inline cross native context.
       if (!function.native_context(broker()).equals(native_context())) {
-        return base::nullopt;
+        return std::nullopt;
       }
 
       SharedFunctionInfoRef shared = function.shared(broker());
@@ -8882,7 +8916,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
       if (builtin == Builtin::kMathMax || builtin == Builtin::kMathMin) {
         return ReduceJSCallMathMinMaxWithArrayLike(node, builtin);
       } else {
-        return base::nullopt;
+        return std::nullopt;
       }
     }
   }
@@ -8894,7 +8928,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
     ProcessedFeedback const& feedback =
         broker()->GetFeedbackForCall(p.feedback());
     if (feedback.IsInsufficient()) {
-      return base::nullopt;
+      return std::nullopt;
     }
     OptionalHeapObjectRef feedback_target = feedback.AsCall().target();
     if (feedback_target.has_value() &&
@@ -8903,7 +8937,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
           jsgraph()->ConstantNoHole(*feedback_target, broker());
       ObjectRef target_ref = feedback_target.value();
       if (!target_ref.IsJSFunction()) {
-        return base::nullopt;
+        return std::nullopt;
       }
       JSFunctionRef function = target_ref.AsJSFunction();
       SharedFunctionInfoRef shared = function.shared(broker());
@@ -8928,7 +8962,7 @@ base::Optional<Reduction> JSCallReducer::TryReduceJSCallMathMinMaxWithArrayLike(
     }
   }
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
 Reduction JSCallReducer::ReduceJSCallMathMinMaxWithArrayLike(Node* node,
diff --git a/deps/v8/src/compiler/js-call-reducer.h b/deps/v8/src/compiler/js-call-reducer.h
index afd102f25d6857..12379f0153a490 100644
--- a/deps/v8/src/compiler/js-call-reducer.h
+++ b/deps/v8/src/compiler/js-call-reducer.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_JS_CALL_REDUCER_H_
 #define V8_COMPILER_JS_CALL_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/flags.h"
 #include "src/compiler/globals.h"
 #include "src/compiler/graph-reducer.h"
@@ -237,7 +239,7 @@ class V8_EXPORT_PRIVATE JSCallReducer final : public AdvancedReducer {
   Reduction ReduceBigIntConstructor(Node* node);
   Reduction ReduceBigIntAsN(Node* node, Builtin builtin);
 
-  base::Optional<Reduction> TryReduceJSCallMathMinMaxWithArrayLike(Node* node);
+  std::optional<Reduction> TryReduceJSCallMathMinMaxWithArrayLike(Node* node);
   Reduction ReduceJSCallMathMinMaxWithArrayLike(Node* node, Builtin builtin);
 
 #ifdef V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
diff --git a/deps/v8/src/compiler/js-create-lowering.cc b/deps/v8/src/compiler/js-create-lowering.cc
index 07da2db2bb38d9..cb7613c4eed992 100644
--- a/deps/v8/src/compiler/js-create-lowering.cc
+++ b/deps/v8/src/compiler/js-create-lowering.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/js-create-lowering.h"
 
+#include <optional>
+
 #include "src/compiler/access-builder.h"
 #include "src/compiler/allocation-builder-inl.h"
 #include "src/compiler/common-operator.h"
@@ -951,6 +953,21 @@ Reduction JSCreateLowering::ReduceJSCreateClosure(Node* node) {
   DCHECK(!function_map.IsInobjectSlackTrackingInProgress());
   DCHECK(!function_map.is_dictionary_map());
 
+#ifdef V8_ENABLE_LEAPTIERING
+  // TODO(saelo): we should embed the dispatch handle directly into the
+  // generated code instead of loading it at runtime from the FeedbackCell.
+  // This will likely first require GC support though.
+  Node* feedback_cell_node = jsgraph()->ConstantNoHole(feedback_cell, broker());
+  // TODO(saelo): need to obtain a dispatch entry here in cases where the
+  // function is a builtin.
+  DCHECK(shared.HasBuiltinId() ||
+         feedback_cell.object()->dispatch_handle() != kNullJSDispatchHandle);
+  Node* dispatch_handle = effect = graph()->NewNode(
+      simplified()->LoadField(
+          AccessBuilder::ForFeedbackCellDispatchHandleNoWriteBarrier()),
+      feedback_cell_node, effect, control);
+#endif  // V8_ENABLE_LEAPTIERING
+
   // TODO(turbofan): We should use the pretenure flag from {p} here,
   // but currently the heuristic in the parser works against us, as
   // it marks closures like
@@ -963,7 +980,8 @@ Reduction JSCreateLowering::ReduceJSCreateClosure(Node* node) {
   AllocationType allocation = AllocationType::kYoung;
 
   // Emit code to allocate the JSFunction instance.
-  static_assert(JSFunction::kSizeWithoutPrototype == 7 * kTaggedSize);
+  static_assert(JSFunction::kSizeWithoutPrototype ==
+                (7 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   AllocationBuilder a(jsgraph(), broker(), effect, control);
   a.Allocate(function_map.instance_size(), allocation,
              Type::CallableFunction());
@@ -975,12 +993,18 @@ Reduction JSCreateLowering::ReduceJSCreateClosure(Node* node) {
   a.Store(AccessBuilder::ForJSFunctionSharedFunctionInfo(), shared);
   a.Store(AccessBuilder::ForJSFunctionContext(), context);
   a.Store(AccessBuilder::ForJSFunctionFeedbackCell(), feedback_cell);
+#ifdef V8_ENABLE_LEAPTIERING
+  a.Store(AccessBuilder::ForJSFunctionDispatchHandleNoWriteBarrier(),
+          dispatch_handle);
+#endif  // V8_ENABLE_LEAPTIERING
   a.Store(AccessBuilder::ForJSFunctionCode(), code);
-  static_assert(JSFunction::kSizeWithoutPrototype == 7 * kTaggedSize);
+  static_assert(JSFunction::kSizeWithoutPrototype ==
+                (7 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   if (function_map.has_prototype_slot()) {
     a.Store(AccessBuilder::ForJSFunctionPrototypeOrInitialMap(),
             jsgraph()->TheHoleConstant());
-    static_assert(JSFunction::kSizeWithPrototype == 8 * kTaggedSize);
+    static_assert(JSFunction::kSizeWithPrototype ==
+                  (8 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
   }
   for (int i = 0; i < function_map.GetInObjectProperties(); i++) {
     a.Store(AccessBuilder::ForJSObjectInObjectProperty(function_map, i),
@@ -1111,7 +1135,7 @@ Reduction JSCreateLowering::ReduceJSCreateLiteralArrayOrObject(Node* node) {
     if (!site.boilerplate(broker()).has_value()) return NoChange();
     AllocationType allocation = dependencies()->DependOnPretenureMode(site);
     int max_properties = kMaxFastLiteralProperties;
-    base::Optional<Node*> maybe_value = TryAllocateFastLiteral(
+    std::optional<Node*> maybe_value = TryAllocateFastLiteral(
         effect, control, *site.boilerplate(broker()), allocation,
         kMaxFastLiteralDepth, &max_properties);
     if (!maybe_value.has_value()) return NoChange();
@@ -1696,7 +1720,7 @@ Node* JSCreateLowering::AllocateElements(Node* effect, Node* control,
   return a.Finish();
 }
 
-base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteral(
+std::optional<Node*> JSCreateLowering::TryAllocateFastLiteral(
     Node* effect, Node* control, JSObjectRef boilerplate,
     AllocationType allocation, int max_depth, int* max_properties) {
   DCHECK_GE(max_depth, 0);
@@ -1801,7 +1825,7 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteral(
     Node* value;
     if (boilerplate_value.IsJSObject()) {
       JSObjectRef boilerplate_object = boilerplate_value.AsJSObject();
-      base::Optional<Node*> maybe_value =
+      std::optional<Node*> maybe_value =
           TryAllocateFastLiteral(effect, control, boilerplate_object,
                                  allocation, max_depth - 1, max_properties);
       if (!maybe_value.has_value()) return {};
@@ -1842,7 +1866,7 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteral(
   }
 
   // Setup the elements backing store.
-  base::Optional<Node*> maybe_elements = TryAllocateFastLiteralElements(
+  std::optional<Node*> maybe_elements = TryAllocateFastLiteralElements(
       effect, control, boilerplate, allocation, max_depth, max_properties);
   if (!maybe_elements.has_value()) return {};
   Node* elements = maybe_elements.value();
@@ -1868,7 +1892,7 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteral(
   return builder.Finish();
 }
 
-base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteralElements(
+std::optional<Node*> JSCreateLowering::TryAllocateFastLiteralElements(
     Node* effect, Node* control, JSObjectRef boilerplate,
     AllocationType allocation, int max_depth, int* max_properties) {
   DCHECK_GT(max_depth, 0);
@@ -1919,7 +1943,7 @@ base::Optional<Node*> JSCreateLowering::TryAllocateFastLiteralElements(
       OptionalObjectRef element_value = elements.TryGet(broker(), i);
       if (!element_value.has_value()) return {};
       if (element_value->IsJSObject()) {
-        base::Optional<Node*> object =
+        std::optional<Node*> object =
             TryAllocateFastLiteral(effect, control, element_value->AsJSObject(),
                                    allocation, max_depth - 1, max_properties);
         if (!object.has_value()) return {};
diff --git a/deps/v8/src/compiler/js-create-lowering.h b/deps/v8/src/compiler/js-create-lowering.h
index dfd4db3431155d..5417693662e4b6 100644
--- a/deps/v8/src/compiler/js-create-lowering.h
+++ b/deps/v8/src/compiler/js-create-lowering.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_JS_CREATE_LOWERING_H_
 #define V8_COMPILER_JS_CREATE_LOWERING_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/common/globals.h"
 #include "src/compiler/graph-reducer.h"
@@ -97,12 +99,12 @@ class V8_EXPORT_PRIVATE JSCreateLowering final
                                     Node* arguments_length,
                                     SharedFunctionInfoRef shared,
                                     bool* has_aliased_arguments);
-  base::Optional<Node*> TryAllocateFastLiteral(Node* effect, Node* control,
-                                               JSObjectRef boilerplate,
-                                               AllocationType allocation,
-                                               int max_depth,
-                                               int* max_properties);
-  base::Optional<Node*> TryAllocateFastLiteralElements(
+  std::optional<Node*> TryAllocateFastLiteral(Node* effect, Node* control,
+                                              JSObjectRef boilerplate,
+                                              AllocationType allocation,
+                                              int max_depth,
+                                              int* max_properties);
+  std::optional<Node*> TryAllocateFastLiteralElements(
       Node* effect, Node* control, JSObjectRef boilerplate,
       AllocationType allocation, int max_depth, int* max_properties);
 
diff --git a/deps/v8/src/compiler/js-graph.cc b/deps/v8/src/compiler/js-graph.cc
index 327de9188f914e..53d26e125b54fb 100644
--- a/deps/v8/src/compiler/js-graph.cc
+++ b/deps/v8/src/compiler/js-graph.cc
@@ -158,6 +158,14 @@ Node* JSGraph::HeapConstantHole(Handle<HeapObject> value) {
   return *loc;
 }
 
+Node* JSGraph::TrustedHeapConstant(Handle<HeapObject> value) {
+  DCHECK(IsTrustedObject(*value));
+  // TODO(pthier): Consider also caching trusted constants. Right now they are
+  // only used for RegExp data as part of RegExp literals and it should be
+  // uncommon for the same literal to appear multiple times.
+  return graph()->NewNode(common()->TrustedHeapConstant(value));
+}
+
 void JSGraph::GetCachedNodes(NodeVector* nodes) {
   cache_.GetCachedNodes(nodes);
 #define DO_CACHED_FIELD(name, ...) \
diff --git a/deps/v8/src/compiler/js-graph.h b/deps/v8/src/compiler/js-graph.h
index da5f539537d5ee..5580b858bd1d48 100644
--- a/deps/v8/src/compiler/js-graph.h
+++ b/deps/v8/src/compiler/js-graph.h
@@ -62,6 +62,11 @@ class V8_EXPORT_PRIVATE JSGraph : public MachineGraph {
   // only emit a Hole value.
   Node* HeapConstantHole(Handle<HeapObject> value);
 
+  // Createas a TrustedHeapConstant node.
+  // This is similar to HeapConstant, but for constants that live in trusted
+  // space (having a different cage base) and therefore shouldn't be compressed.
+  Node* TrustedHeapConstant(Handle<HeapObject> value);
+
   // Creates a Constant node of the appropriate type for
   // the given object.  Inspect the (serialized) object and determine whether
   // one of the canonicalized globals or a number constant should be returned.
diff --git a/deps/v8/src/compiler/js-heap-broker.cc b/deps/v8/src/compiler/js-heap-broker.cc
index f614e441fd21c4..1a7ce3b9f6a50b 100644
--- a/deps/v8/src/compiler/js-heap-broker.cc
+++ b/deps/v8/src/compiler/js-heap-broker.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/js-heap-broker.h"
 
+#include <optional>
+
 #ifdef ENABLE_SLOW_DCHECKS
 #include <algorithm>
 #endif
@@ -338,7 +340,7 @@ OptionalObjectRef GlobalAccessFeedback::GetConstantHint(
   } else if (IsScriptContextSlot() && immutable()) {
     return script_context().get(broker, slot_index());
   } else {
-    return base::nullopt;
+    return std::nullopt;
   }
 }
 
@@ -501,7 +503,7 @@ ProcessedFeedback const& JSHeapBroker::ReadFeedbackForPropertyAccess(
       if (map.is_deprecated()) {
         // TODO(ishell): support fast map updating if we enable it.
         CHECK(!v8_flags.fast_map_update);
-        base::Optional<Tagged<Map>> maybe_map = MapUpdater::TryUpdateNoLock(
+        std::optional<Tagged<Map>> maybe_map = MapUpdater::TryUpdateNoLock(
             isolate(), *map.object(), ConcurrencyMode::kConcurrent);
         if (maybe_map.has_value()) {
           map = MakeRefAssumeMemoryFence(this, maybe_map.value());
@@ -865,7 +867,10 @@ ElementAccessFeedback const& JSHeapBroker::ProcessFeedbackMapsForElementAccess(
       MapUpdaterGuardIfNeeded mumd_scope(this);
 
       transition_target = map.object()->FindElementsKindTransitionedMap(
-          isolate(), possible_transition_targets, ConcurrencyMode::kConcurrent);
+          isolate(),
+          MapHandlesSpan(possible_transition_targets.begin(),
+                         possible_transition_targets.end()),
+          ConcurrencyMode::kConcurrent);
     }
 
     if (transition_target.is_null()) {
@@ -911,7 +916,7 @@ void ElementAccessFeedback::AddGroup(TransitionGroup&& group) {
 
 OptionalNameRef JSHeapBroker::GetNameFeedback(FeedbackNexus const& nexus) {
   Tagged<Name> raw_name = nexus.GetName();
-  if (raw_name.is_null()) return base::nullopt;
+  if (raw_name.is_null()) return std::nullopt;
   return MakeRefAssumeMemoryFence(this, raw_name);
 }
 
diff --git a/deps/v8/src/compiler/js-heap-broker.h b/deps/v8/src/compiler/js-heap-broker.h
index 2ef5616b4e1556..ad7facaf3c357c 100644
--- a/deps/v8/src/compiler/js-heap-broker.h
+++ b/deps/v8/src/compiler/js-heap-broker.h
@@ -5,9 +5,10 @@
 #ifndef V8_COMPILER_JS_HEAP_BROKER_H_
 #define V8_COMPILER_JS_HEAP_BROKER_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/common/globals.h"
@@ -267,7 +268,7 @@ class V8_EXPORT_PRIVATE JSHeapBroker {
                                       : isolate()->AsLocalIsolate();
   }
 
-  base::Optional<RootIndex> FindRootIndex(HeapObjectRef object) {
+  std::optional<RootIndex> FindRootIndex(HeapObjectRef object) {
     // No root constant is a JSReceiver.
     if (object.IsJSReceiver()) return {};
     Address address = object.object()->ptr();
@@ -567,7 +568,7 @@ class V8_NODISCARD UnparkedScopeIfNeeded {
   }
 
  private:
-  base::Optional<UnparkedScope> unparked_scope;
+  std::optional<UnparkedScope> unparked_scope;
 };
 
 class V8_NODISCARD JSHeapBrokerScopeForTesting {
diff --git a/deps/v8/src/compiler/js-inlining.cc b/deps/v8/src/compiler/js-inlining.cc
index f6575134e4cbfd..bb814a952d46bd 100644
--- a/deps/v8/src/compiler/js-inlining.cc
+++ b/deps/v8/src/compiler/js-inlining.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/js-inlining.h"
 
+#include <optional>
+
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/codegen/tick-counter.h"
 #include "src/compiler/access-builder.h"
@@ -323,7 +325,7 @@ OptionalSharedFunctionInfoRef JSInliner::DetermineCallTarget(Node* node) {
 
     // The function might have not been called yet.
     if (!function.feedback_vector(broker()).has_value()) {
-      return base::nullopt;
+      return std::nullopt;
     }
 
     // Disallow cross native-context inlining for now. This means that all parts
@@ -336,7 +338,7 @@ OptionalSharedFunctionInfoRef JSInliner::DetermineCallTarget(Node* node) {
     // in the same graph in a compositional way.
     if (!function.native_context(broker()).equals(
             broker()->target_native_context())) {
-      return base::nullopt;
+      return std::nullopt;
     }
 
     return function.shared(broker());
@@ -356,7 +358,7 @@ OptionalSharedFunctionInfoRef JSInliner::DetermineCallTarget(Node* node) {
     return cell.shared_function_info(broker());
   }
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // Determines statically known information about the call target (assuming that
diff --git a/deps/v8/src/compiler/js-native-context-specialization.cc b/deps/v8/src/compiler/js-native-context-specialization.cc
index c3043c08cc1e38..9fcb1d00756e9b 100644
--- a/deps/v8/src/compiler/js-native-context-specialization.cc
+++ b/deps/v8/src/compiler/js-native-context-specialization.cc
@@ -4,8 +4,9 @@
 
 #include "src/compiler/js-native-context-specialization.h"
 
+#include <optional>
+
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/builtins/accessors.h"
 #include "src/codegen/code-factory.h"
 #include "src/common/globals.h"
@@ -140,7 +141,7 @@ Reduction JSNativeContextSpecialization::Reduce(Node* node) {
 // Otherwise, we can't easily convert {node} into a String, and we return
 // nullopt.
 // static
-base::Optional<size_t> JSNativeContextSpecialization::GetMaxStringLength(
+std::optional<size_t> JSNativeContextSpecialization::GetMaxStringLength(
     JSHeapBroker* broker, Node* node) {
   HeapObjectMatcher matcher(node);
   if (matcher.HasResolvedValue() && matcher.Ref(broker).IsString()) {
@@ -155,7 +156,7 @@ base::Optional<size_t> JSNativeContextSpecialization::GetMaxStringLength(
 
   // We don't support objects with possibly monkey-patched prototype.toString
   // as it might have side-effects, so we shouldn't attempt lowering them.
-  return base::nullopt;
+  return std::nullopt;
 }
 
 Reduction JSNativeContextSpecialization::ReduceJSToString(Node* node) {
@@ -463,8 +464,8 @@ Reduction JSNativeContextSpecialization::ReduceJSAdd(Node* node) {
   Node* const lhs = node->InputAt(0);
   Node* const rhs = node->InputAt(1);
 
-  base::Optional<size_t> lhs_len = GetMaxStringLength(broker(), lhs);
-  base::Optional<size_t> rhs_len = GetMaxStringLength(broker(), rhs);
+  std::optional<size_t> lhs_len = GetMaxStringLength(broker(), lhs);
+  std::optional<size_t> rhs_len = GetMaxStringLength(broker(), rhs);
   if (!lhs_len || !rhs_len) return NoChange();
 
   // Fold if at least one of the parameters is a string constant and the
@@ -1634,7 +1635,7 @@ Reduction JSNativeContextSpecialization::ReduceNamedAccess(
     }
 
     // Generate the actual property access.
-    base::Optional<ValueEffectControl> continuation = BuildPropertyAccess(
+    std::optional<ValueEffectControl> continuation = BuildPropertyAccess(
         lookup_start_object, receiver, value, context, frame_state, effect,
         control, feedback.name(), if_exceptions, access_info, access_mode);
     if (!continuation) {
@@ -1761,7 +1762,7 @@ Reduction JSNativeContextSpecialization::ReduceNamedAccess(
       }
 
       // Generate the actual property access.
-      base::Optional<ValueEffectControl> continuation = BuildPropertyAccess(
+      std::optional<ValueEffectControl> continuation = BuildPropertyAccess(
           this_lookup_start_object, this_receiver, this_value, context,
           frame_state, this_effect, this_control, feedback.name(),
           if_exceptions, access_info, access_mode);
@@ -2123,11 +2124,11 @@ namespace {
 OptionalJSTypedArrayRef GetTypedArrayConstant(JSHeapBroker* broker,
                                               Node* receiver) {
   HeapObjectMatcher m(receiver);
-  if (!m.HasResolvedValue()) return base::nullopt;
+  if (!m.HasResolvedValue()) return std::nullopt;
   ObjectRef object = m.Ref(broker);
-  if (!object.IsJSTypedArray()) return base::nullopt;
+  if (!object.IsJSTypedArray()) return std::nullopt;
   JSTypedArrayRef typed_array = object.AsJSTypedArray();
-  if (typed_array.is_on_heap()) return base::nullopt;
+  if (typed_array.is_on_heap()) return std::nullopt;
   return typed_array;
 }
 
@@ -2566,7 +2567,7 @@ Reduction JSNativeContextSpecialization::ReduceJSHasProperty(Node* node) {
   PropertyAccess const& p = n.Parameters();
   Node* value = jsgraph()->Dead();
   if (!p.feedback().IsValid()) return NoChange();
-  return ReducePropertyAccess(node, n.key(), base::nullopt, value,
+  return ReducePropertyAccess(node, n.key(), std::nullopt, value,
                               FeedbackSource(p.feedback()), AccessMode::kHas);
 }
 
@@ -2606,6 +2607,39 @@ Reduction JSNativeContextSpecialization::ReduceJSLoadPropertyWithEnumeratedKey(
   // TurboFan cannot prove that there is no observable side effect between
   // the {JSForInNext} and the {JSLoadProperty} node.
   //
+  // We can do a similar optimization when the receiver of {JSLoadProperty} is
+  // not identical to the receiver of {JSForInNext}:
+  //   for (name in receiver) {
+  //     value = object[name];
+  //     ...
+  //   }
+  //
+  // This is because when the key is {JSForInNext}, we will generate a
+  // {GetEnumeratedKeyedProperty} bytecode for {JSLoadProperty}. If the bytecode
+  // always manages to use the enum cache, we will keep the inline cache in
+  // uninitialized state. So If the graph is as below, we can firstly do a map
+  // check on {object} and then turn the {JSLoadProperty} into the
+  // {LoadFieldByIndex}. This is also safe when the bytecode has never been
+  // profiled. When it happens to pass the the map check, we can use the fast
+  // path. Otherwise it will trigger a deoptimization.
+
+  // object     receiver
+  //  ^             ^
+  //  |             |
+  //  |             |
+  //  |             |
+  //  |        JSToObject
+  //  |             ^
+  //  |             |
+  //  |             |
+  //  |        JSForInNext
+  //  |             ^
+  //  |             |
+  //  +----+  +-----+
+  //       |  |
+  //       |  |
+  //   JSLoadProperty (insufficient feedback)
+
   // Also note that it's safe to look through the {JSToObject}, since the
   // [[Get]] operation does an implicit ToObject anyway, and these operations
   // are not observable.
@@ -2626,11 +2660,32 @@ Reduction JSNativeContextSpecialization::ReduceJSLoadPropertyWithEnumeratedKey(
   if (object->opcode() == IrOpcode::kJSToObject) {
     object = NodeProperties::GetValueInput(object, 0);
   }
-  if (object != receiver) return NoChange();
+  bool speculating_object_is_receiver = false;
+  if (object != receiver) {
+    JSLoadPropertyNode n(node);
+    PropertyAccess const& p = n.Parameters();
+
+    ProcessedFeedback const& feedback = broker()->GetFeedbackForPropertyAccess(
+        FeedbackSource(p.feedback()), AccessMode::kLoad, std::nullopt);
+    // When the feedback is uninitialized, it is either a load from a
+    // {GetEnumeratedKeyedProperty} which always hits the enum cache, or a keyed
+    // load that had never been reached. In either case, we can check the map
+    // of the receiver and use the enum cache if the map match the {cache_type}.
+    if (feedback.kind() != ProcessedFeedback::kInsufficient) {
+      return NoChange();
+    }
+
+    // Ensure that {receiver} is a HeapObject.
+    receiver = effect = graph()->NewNode(simplified()->CheckHeapObject(),
+                                         receiver, effect, control);
+    speculating_object_is_receiver = true;
+  }
 
   // No need to repeat the map check if we can prove that there's no
-  // observable side effect between {effect} and {name].
-  if (!NodeProperties::NoObservableSideEffectBetween(effect, name)) {
+  // observable side effect between {effect} and {name]. But we always need a
+  // map check when {object} is not identical to {receiver}.
+  if (!NodeProperties::NoObservableSideEffectBetween(effect, name) ||
+      speculating_object_is_receiver) {
     // Check that the {receiver} map is still valid.
     Node* receiver_map = effect =
         graph()->NewNode(simplified()->LoadField(AccessBuilder::ForMap()),
@@ -2687,7 +2742,7 @@ Reduction JSNativeContextSpecialization::ReduceJSLoadProperty(Node* node) {
 
   if (!p.feedback().IsValid()) return NoChange();
   Node* value = jsgraph()->Dead();
-  return ReducePropertyAccess(node, name, base::nullopt, value,
+  return ReducePropertyAccess(node, name, std::nullopt, value,
                               FeedbackSource(p.feedback()), AccessMode::kLoad);
 }
 
@@ -2695,7 +2750,7 @@ Reduction JSNativeContextSpecialization::ReduceJSSetKeyedProperty(Node* node) {
   JSSetKeyedPropertyNode n(node);
   PropertyAccess const& p = n.Parameters();
   if (!p.feedback().IsValid()) return NoChange();
-  return ReducePropertyAccess(node, n.key(), base::nullopt, n.value(),
+  return ReducePropertyAccess(node, n.key(), std::nullopt, n.value(),
                               FeedbackSource(p.feedback()), AccessMode::kStore);
 }
 
@@ -2704,7 +2759,7 @@ Reduction JSNativeContextSpecialization::ReduceJSDefineKeyedOwnProperty(
   JSDefineKeyedOwnPropertyNode n(node);
   PropertyAccess const& p = n.Parameters();
   if (!p.feedback().IsValid()) return NoChange();
-  return ReducePropertyAccess(node, n.key(), base::nullopt, n.value(),
+  return ReducePropertyAccess(node, n.key(), std::nullopt, n.value(),
                               FeedbackSource(p.feedback()),
                               AccessMode::kDefine);
 }
@@ -2851,7 +2906,7 @@ Node* JSNativeContextSpecialization::InlineApiCall(
              graph()->NewNode(common()->Call(call_descriptor), index, inputs);
 }
 
-base::Optional<JSNativeContextSpecialization::ValueEffectControl>
+std::optional<JSNativeContextSpecialization::ValueEffectControl>
 JSNativeContextSpecialization::BuildPropertyLoad(
     Node* lookup_start_object, Node* receiver, Node* context, Node* frame_state,
     Node* effect, Node* control, NameRef name, ZoneVector<Node*>* if_exceptions,
@@ -2903,7 +2958,7 @@ JSNativeContextSpecialization::BuildPropertyLoad(
   if (value != nullptr) {
     return ValueEffectControl(value, effect, control);
   }
-  return base::Optional<ValueEffectControl>();
+  return std::optional<ValueEffectControl>();
 }
 
 JSNativeContextSpecialization::ValueEffectControl
@@ -2924,7 +2979,7 @@ JSNativeContextSpecialization::BuildPropertyTest(
       jsgraph()->BooleanConstant(!access_info.IsNotFound()), effect, control);
 }
 
-base::Optional<JSNativeContextSpecialization::ValueEffectControl>
+std::optional<JSNativeContextSpecialization::ValueEffectControl>
 JSNativeContextSpecialization::BuildPropertyAccess(
     Node* lookup_start_object, Node* receiver, Node* value, Node* context,
     Node* frame_state, Node* effect, Node* control, NameRef name,
@@ -3163,7 +3218,7 @@ JSNativeContextSpecialization::ReduceJSDefineKeyedOwnPropertyInLiteral(
   if (cflags & DefineKeyedOwnPropertyInLiteralFlag::kSetFunctionName)
     return NoChange();
 
-  return ReducePropertyAccess(node, n.name(), base::nullopt, n.value(),
+  return ReducePropertyAccess(node, n.name(), std::nullopt, n.value(),
                               FeedbackSource(p.feedback()),
                               AccessMode::kStoreInLiteral);
 }
@@ -3173,7 +3228,7 @@ Reduction JSNativeContextSpecialization::ReduceJSStoreInArrayLiteral(
   JSStoreInArrayLiteralNode n(node);
   FeedbackParameter const& p = n.Parameters();
   if (!p.feedback().IsValid()) return NoChange();
-  return ReducePropertyAccess(node, n.index(), base::nullopt, n.value(),
+  return ReducePropertyAccess(node, n.index(), std::nullopt, n.value(),
                               FeedbackSource(p.feedback()),
                               AccessMode::kStoreInLiteral);
 }
@@ -4082,7 +4137,7 @@ OptionalMapRef JSNativeContextSpecialization::InferRootMap(Node* object) const {
       return *initial_map;
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 Node* JSNativeContextSpecialization::BuildLoadPrototypeFromObject(
diff --git a/deps/v8/src/compiler/js-native-context-specialization.h b/deps/v8/src/compiler/js-native-context-specialization.h
index ec855d0cac8075..9ca07564062b60 100644
--- a/deps/v8/src/compiler/js-native-context-specialization.h
+++ b/deps/v8/src/compiler/js-native-context-specialization.h
@@ -5,8 +5,9 @@
 #ifndef V8_COMPILER_JS_NATIVE_CONTEXT_SPECIALIZATION_H_
 #define V8_COMPILER_JS_NATIVE_CONTEXT_SPECIALIZATION_H_
 
+#include <optional>
+
 #include "src/base/flags.h"
-#include "src/base/optional.h"
 #include "src/compiler/graph-assembler.h"
 #include "src/compiler/graph-reducer.h"
 #include "src/compiler/js-heap-broker.h"
@@ -66,8 +67,8 @@ class V8_EXPORT_PRIVATE JSNativeContextSpecialization final
   // Utility for folding string constant concatenation.
   // Supports JSAdd nodes and nodes typed as string or number.
   // Public for the sake of unit testing.
-  static base::Optional<size_t> GetMaxStringLength(JSHeapBroker* broker,
-                                                   Node* node);
+  static std::optional<size_t> GetMaxStringLength(JSHeapBroker* broker,
+                                                  Node* node);
 
  private:
   Reduction ReduceJSAdd(Node* node);
@@ -148,12 +149,12 @@ class V8_EXPORT_PRIVATE JSNativeContextSpecialization final
 
   // Construct the appropriate subgraph for property access. Return {} if the
   // property access couldn't be built.
-  base::Optional<ValueEffectControl> BuildPropertyAccess(
+  std::optional<ValueEffectControl> BuildPropertyAccess(
       Node* lookup_start_object, Node* receiver, Node* value, Node* context,
       Node* frame_state, Node* effect, Node* control, NameRef name,
       ZoneVector<Node*>* if_exceptions, PropertyAccessInfo const& access_info,
       AccessMode access_mode);
-  base::Optional<ValueEffectControl> BuildPropertyLoad(
+  std::optional<ValueEffectControl> BuildPropertyLoad(
       Node* lookup_start_object, Node* receiver, Node* context,
       Node* frame_state, Node* effect, Node* control, NameRef name,
       ZoneVector<Node*>* if_exceptions, PropertyAccessInfo const& access_info);
diff --git a/deps/v8/src/compiler/js-typed-lowering.cc b/deps/v8/src/compiler/js-typed-lowering.cc
index a54385bbe49e2f..7c4d0b5d82424e 100644
--- a/deps/v8/src/compiler/js-typed-lowering.cc
+++ b/deps/v8/src/compiler/js-typed-lowering.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/js-typed-lowering.h"
 
+#include <optional>
+
 #include "src/ast/modules.h"
 #include "src/builtins/builtins-utils.h"
 #include "src/codegen/code-factory.h"
@@ -1110,7 +1112,7 @@ Reduction JSTypedLowering::ReduceJSToNumberInput(Node* input) {
     HeapObjectMatcher m(input);
     if (m.HasResolvedValue() && m.Ref(broker()).IsString()) {
       StringRef input_value = m.Ref(broker()).AsString();
-      base::Optional<double> number = input_value.ToNumber(broker());
+      std::optional<double> number = input_value.ToNumber(broker());
       if (!number.has_value()) return NoChange();
       return Replace(jsgraph()->ConstantNoHole(number.value()));
     }
diff --git a/deps/v8/src/compiler/late-escape-analysis.cc b/deps/v8/src/compiler/late-escape-analysis.cc
index 9e81da18686d9a..b2b8cf80efc253 100644
--- a/deps/v8/src/compiler/late-escape-analysis.cc
+++ b/deps/v8/src/compiler/late-escape-analysis.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/late-escape-analysis.h"
 
+#include <optional>
+
 #include "src/compiler/js-graph.h"
 #include "src/compiler/node-properties.h"
 
@@ -78,7 +80,7 @@ void LateEscapeAnalysis::Finalize() {
 
 namespace {
 
-base::Optional<Node*> TryGetStoredValue(Node* node) {
+std::optional<Node*> TryGetStoredValue(Node* node) {
   int value_index;
   switch (node->opcode()) {
     case IrOpcode::kInitializeImmutableInObject:
@@ -114,7 +116,7 @@ void LateEscapeAnalysis::RemoveAllocation(Node* node) {
     if (use->IsDead()) continue;
     // The value stored by this Store node might be another allocation which has
     // no more uses. Affected allocations are revisited.
-    if (base::Optional<Node*> stored_value = TryGetStoredValue(use);
+    if (std::optional<Node*> stored_value = TryGetStoredValue(use);
         stored_value.has_value() &&
         stored_value.value()->opcode() == IrOpcode::kAllocateRaw &&
         stored_value.value() != node) {
diff --git a/deps/v8/src/compiler/linkage.cc b/deps/v8/src/compiler/linkage.cc
index 1f62ba9c09c80c..81f0756337eedf 100644
--- a/deps/v8/src/compiler/linkage.cc
+++ b/deps/v8/src/compiler/linkage.cc
@@ -8,9 +8,14 @@
 #include "src/codegen/macro-assembler.h"
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/compiler/frame.h"
+#include "src/compiler/globals.h"
 #include "src/compiler/osr.h"
 #include "src/compiler/pipeline.h"
 
+#if V8_ENABLE_WEBASSEMBLY
+#include "src/compiler/wasm-compiler-definitions.h"
+#endif
+
 namespace v8 {
 namespace internal {
 namespace compiler {
@@ -255,6 +260,90 @@ void CallDescriptor::ComputeParamCounts() const {
   }
 }
 
+#if V8_ENABLE_WEBASSEMBLY
+namespace {
+CallDescriptor* ReplaceTypeInCallDescriptorWith(
+    Zone* zone, const CallDescriptor* call_descriptor, size_t num_replacements,
+    MachineType from, MachineType to) {
+  // The last parameter may be the special callable parameter. In that case we
+  // have to preserve it as the last parameter, i.e. we allocate it in the new
+  // location signature again in the same register.
+  bool extra_callable_param =
+      (call_descriptor->GetInputLocation(call_descriptor->InputCount() - 1) ==
+       LinkageLocation::ForRegister(kJSFunctionRegister.code(),
+                                    MachineType::TaggedPointer()));
+
+  size_t return_count = call_descriptor->ReturnCount();
+  // To recover the function parameter count, disregard the instance parameter,
+  // and the extra callable parameter if present.
+  size_t parameter_count =
+      call_descriptor->ParameterCount() - (extra_callable_param ? 2 : 1);
+
+  // Precompute if the descriptor contains {from}.
+  bool needs_change = false;
+  for (size_t i = 0; !needs_change && i < return_count; i++) {
+    needs_change = call_descriptor->GetReturnType(i) == from;
+  }
+  for (size_t i = 1; !needs_change && i < parameter_count + 1; i++) {
+    needs_change = call_descriptor->GetParameterType(i) == from;
+  }
+  if (!needs_change) return const_cast<CallDescriptor*>(call_descriptor);
+
+  std::vector<MachineType> reps;
+
+  for (size_t i = 0, limit = return_count; i < limit; i++) {
+    MachineType initial_type = call_descriptor->GetReturnType(i);
+    if (initial_type == from) {
+      for (size_t j = 0; j < num_replacements; j++) reps.push_back(to);
+      return_count += num_replacements - 1;
+    } else {
+      reps.push_back(initial_type);
+    }
+  }
+
+  // Disregard the instance (first) parameter.
+  for (size_t i = 1, limit = parameter_count + 1; i < limit; i++) {
+    MachineType initial_type = call_descriptor->GetParameterType(i);
+    if (initial_type == from) {
+      for (size_t j = 0; j < num_replacements; j++) reps.push_back(to);
+      parameter_count += num_replacements - 1;
+    } else {
+      reps.push_back(initial_type);
+    }
+  }
+
+  MachineSignature sig(return_count, parameter_count, reps.data());
+
+  int parameter_slots;
+  int return_slots;
+  LocationSignature* location_sig = BuildLocations(
+      zone, &sig, extra_callable_param, &parameter_slots, &return_slots);
+
+  return zone->New<CallDescriptor>(               // --
+      call_descriptor->kind(),                    // kind
+      call_descriptor->tag(),                     // tag
+      call_descriptor->GetInputType(0),           // target MachineType
+      call_descriptor->GetInputLocation(0),       // target location
+      location_sig,                               // location_sig
+      parameter_slots,                            // parameter slot count
+      call_descriptor->properties(),              // properties
+      call_descriptor->CalleeSavedRegisters(),    // callee-saved registers
+      call_descriptor->CalleeSavedFPRegisters(),  // callee-saved fp regs
+      call_descriptor->flags(),                   // flags
+      call_descriptor->debug_name(),              // debug name
+      call_descriptor->GetStackArgumentOrder(),   // stack order
+      call_descriptor->AllocatableRegisters(),    // allocatable registers
+      return_slots);                              // return slot count
+}
+}  // namespace
+
+CallDescriptor* GetI32WasmCallDescriptor(
+    Zone* zone, const CallDescriptor* call_descriptor) {
+  return ReplaceTypeInCallDescriptorWith(
+      zone, call_descriptor, 2, MachineType::Int64(), MachineType::Int32());
+}
+#endif
+
 CallDescriptor* Linkage::ComputeIncoming(Zone* zone,
                                          OptimizedCompilationInfo* info) {
 #if V8_ENABLE_WEBASSEMBLY
@@ -324,16 +413,21 @@ bool Linkage::NeedsFrameStateInput(Runtime::FunctionId function) {
 
 CallDescriptor* Linkage::GetRuntimeCallDescriptor(
     Zone* zone, Runtime::FunctionId function_id, int js_parameter_count,
-    Operator::Properties properties, CallDescriptor::Flags flags) {
+    Operator::Properties properties, CallDescriptor::Flags flags,
+    LazyDeoptOnThrow lazy_deopt_on_throw) {
   const Runtime::Function* function = Runtime::FunctionForId(function_id);
   const int return_count = function->result_size;
   const char* debug_name = function->name;
 
-  if (!Linkage::NeedsFrameStateInput(function_id)) {
+  if (lazy_deopt_on_throw == LazyDeoptOnThrow::kNo &&
+      !Linkage::NeedsFrameStateInput(function_id)) {
     flags = static_cast<CallDescriptor::Flags>(
         flags & ~CallDescriptor::kNeedsFrameState);
   }
 
+  DCHECK_IMPLIES(lazy_deopt_on_throw == LazyDeoptOnThrow::kYes,
+                 flags & CallDescriptor::kNeedsFrameState);
+
   return GetCEntryStubCallDescriptor(zone, return_count, js_parameter_count,
                                      debug_name, properties, flags);
 }
diff --git a/deps/v8/src/compiler/linkage.h b/deps/v8/src/compiler/linkage.h
index 778f976c2036bd..5a9b9d9eb6a32e 100644
--- a/deps/v8/src/compiler/linkage.h
+++ b/deps/v8/src/compiler/linkage.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_LINKAGE_H_
 #define V8_COMPILER_LINKAGE_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/base/flags.h"
 #include "src/codegen/interface-descriptors.h"
@@ -15,6 +17,7 @@
 #include "src/codegen/signature.h"
 #include "src/common/globals.h"
 #include "src/compiler/frame.h"
+#include "src/compiler/globals.h"
 #include "src/compiler/operator.h"
 #include "src/execution/encoded-c-signature.h"
 #include "src/runtime/runtime.h"
@@ -330,8 +333,8 @@ class V8_EXPORT_PRIVATE CallDescriptor final
   const StackArgumentOrder stack_order_;
   const char* const debug_name_;
 
-  mutable base::Optional<size_t> gp_param_count_;
-  mutable base::Optional<size_t> fp_param_count_;
+  mutable std::optional<size_t> gp_param_count_;
+  mutable std::optional<size_t> fp_param_count_;
 };
 
 DEFINE_OPERATORS_FOR_FLAGS(CallDescriptor::Flags)
@@ -340,6 +343,13 @@ std::ostream& operator<<(std::ostream& os, const CallDescriptor& d);
 V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
                                            const CallDescriptor::Kind& k);
 
+#if V8_ENABLE_WEBASSEMBLY
+// Lowers a wasm CallDescriptor for 32 bit platforms by replacing i64 parameters
+// and returns with two i32s each.
+V8_EXPORT_PRIVATE CallDescriptor* GetI32WasmCallDescriptor(
+    Zone* zone, const CallDescriptor* call_descriptor);
+#endif
+
 // Defines the linkage for a compilation, including the calling conventions
 // for incoming parameters and return value(s) as well as the outgoing calling
 // convention for any kind of call. Linkage is generally architecture-specific.
@@ -375,7 +385,8 @@ class V8_EXPORT_PRIVATE Linkage : public NON_EXPORTED_BASE(ZoneObject) {
 
   static CallDescriptor* GetRuntimeCallDescriptor(
       Zone* zone, Runtime::FunctionId function, int js_parameter_count,
-      Operator::Properties properties, CallDescriptor::Flags flags);
+      Operator::Properties properties, CallDescriptor::Flags flags,
+      LazyDeoptOnThrow lazy_deopt_on_throw = LazyDeoptOnThrow::kNo);
 
   static CallDescriptor* GetCEntryStubCallDescriptor(
       Zone* zone, int return_count, int js_parameter_count,
diff --git a/deps/v8/src/compiler/load-elimination.cc b/deps/v8/src/compiler/load-elimination.cc
index eaf4c7e5e227f5..f3971d5096cecb 100644
--- a/deps/v8/src/compiler/load-elimination.cc
+++ b/deps/v8/src/compiler/load-elimination.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/load-elimination.h"
 
+#include <optional>
+
 #include "src/compiler/access-builder.h"
 #include "src/compiler/common-operator.h"
 #include "src/compiler/js-graph.h"
@@ -671,7 +673,7 @@ LoadElimination::FieldInfo const* LoadElimination::AbstractState::LookupField(
     ConstFieldInfo const_field_info) const {
   // Check if all the indices in {index_range} contain identical information.
   // If not, a partially overlapping access has invalidated part of the value.
-  base::Optional<LoadElimination::FieldInfo const*> result;
+  std::optional<LoadElimination::FieldInfo const*> result;
   for (int index : index_range) {
     LoadElimination::FieldInfo const* info = nullptr;
     if (const_field_info.IsConst()) {
diff --git a/deps/v8/src/compiler/machine-operator-reducer.cc b/deps/v8/src/compiler/machine-operator-reducer.cc
index 451133d08e60ca..98d54f5efc8387 100644
--- a/deps/v8/src/compiler/machine-operator-reducer.cc
+++ b/deps/v8/src/compiler/machine-operator-reducer.cc
@@ -7,6 +7,7 @@
 #include <cmath>
 #include <cstdint>
 #include <limits>
+#include <optional>
 
 #include "src/base/bits.h"
 #include "src/base/division-by-constant.h"
@@ -2286,7 +2287,7 @@ struct BitfieldCheck {
     CHECK_EQ(masked_value & ~mask, 0);
   }
 
-  static base::Optional<BitfieldCheck> Detect(Node* node) {
+  static std::optional<BitfieldCheck> Detect(Node* node) {
     // There are two patterns to check for here:
     // 1. Single-bit checks: `(val >> shift) & 1`, where:
     //    - the shift may be omitted, and/or
@@ -2322,7 +2323,7 @@ struct BitfieldCheck {
     return {};
   }
 
-  base::Optional<BitfieldCheck> TryCombine(const BitfieldCheck& other) {
+  std::optional<BitfieldCheck> TryCombine(const BitfieldCheck& other) {
     if (source != other.source ||
         truncate_from_64_bit != other.truncate_from_64_bit) {
       return {};
@@ -2342,7 +2343,7 @@ struct BitfieldCheck {
 
  private:
   template <typename WordNAdapter>
-  static base::Optional<BitfieldCheck> TryDetectShiftAndMaskOneBit(Node* node) {
+  static std::optional<BitfieldCheck> TryDetectShiftAndMaskOneBit(Node* node) {
     // Look for the pattern `(val >> shift) & 1`. The shift may be omitted.
     if (WordNAdapter::IsWordNAnd(NodeMatcher(node))) {
       typename WordNAdapter::IntNBinopMatcher mand(node);
@@ -2554,7 +2555,7 @@ Reduction MachineOperatorReducer::ReduceWord32Equal(Node* node) {
   // TODO(turbofan): fold HeapConstant, ExternalReference, pointer compares
   if (m.LeftEqualsRight()) return ReplaceBool(true);  // x == x => true
   if (m.right().HasResolvedValue()) {
-    base::Optional<std::pair<Node*, uint32_t>> replacements;
+    std::optional<std::pair<Node*, uint32_t>> replacements;
     if (m.left().IsTruncateInt64ToInt32()) {
       replacements = ReduceWordEqualForConstantRhs<Word64Adapter, uint32_t>(
           NodeProperties::GetValueInput(m.left().node(), 0),
@@ -2601,7 +2602,7 @@ Reduction MachineOperatorReducer::ReduceWord64Equal(Node* node) {
   // TODO(turbofan): fold HeapConstant, ExternalReference, pointer compares
   if (m.LeftEqualsRight()) return ReplaceBool(true);  // x == x => true
   if (m.right().HasResolvedValue()) {
-    base::Optional<std::pair<Node*, uint64_t>> replacements =
+    std::optional<std::pair<Node*, uint64_t>> replacements =
         ReduceWordEqualForConstantRhs<Word64Adapter, uint64_t>(
             m.left().node(), static_cast<uint64_t>(m.right().ResolvedValue()));
     if (replacements) {
@@ -2776,14 +2777,14 @@ bool IsZero(Node* node) {
 
 // If |node| is of the form "x == 0", then return "x" (in order to remove the
 // "== 0" part).
-base::Optional<Node*> TryGetInvertedCondition(Node* cond) {
+std::optional<Node*> TryGetInvertedCondition(Node* cond) {
   if (cond->opcode() == IrOpcode::kWord32Equal) {
     Int32BinopMatcher m(cond);
     if (IsZero(m.right().node())) {
       return m.left().node();
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 struct SimplifiedCondition {
@@ -2796,10 +2797,10 @@ struct SimplifiedCondition {
 // recorded by the variable |is_inverted| throughout this function, and returned
 // at the end. If |is_inverted| is true at the end, the caller should invert the
 // if/else branches following the comparison.
-base::Optional<SimplifiedCondition> TrySimplifyCompareZero(Node* cond) {
+std::optional<SimplifiedCondition> TrySimplifyCompareZero(Node* cond) {
   bool is_inverted = false;
   bool changed = false;
-  base::Optional<Node*> new_cond;
+  std::optional<Node*> new_cond;
   while ((new_cond = TryGetInvertedCondition(cond)).has_value()) {
     cond = *new_cond;
     is_inverted = !is_inverted;
@@ -2956,7 +2957,7 @@ Reduction MachineOperatorReducer::ReduceConditional(Node* node) {
 }
 
 template <typename WordNAdapter>
-base::Optional<Node*> MachineOperatorReducer::ReduceConditionalN(Node* node) {
+std::optional<Node*> MachineOperatorReducer::ReduceConditionalN(Node* node) {
   NodeMatcher condition(NodeProperties::GetValueInput(node, 0));
   // Branch conditions are 32-bit comparisons against zero, so they are the
   // opposite of a 32-bit `x == 0` node. To avoid repetition, we can reuse logic
@@ -2969,7 +2970,7 @@ base::Optional<Node*> MachineOperatorReducer::ReduceConditionalN(Node* node) {
 }
 
 template <typename WordNAdapter, typename uintN_t, typename intN_t>
-base::Optional<std::pair<Node*, uintN_t>>
+std::optional<std::pair<Node*, uintN_t>>
 MachineOperatorReducer::ReduceWordEqualForConstantRhs(Node* lhs, uintN_t rhs) {
   if (WordNAdapter::IsWordNAnd(NodeMatcher(lhs))) {
     typename WordNAdapter::UintNBinopMatcher mand(lhs);
diff --git a/deps/v8/src/compiler/machine-operator-reducer.h b/deps/v8/src/compiler/machine-operator-reducer.h
index 77ba7378302f1b..2bf0d6cdf27ceb 100644
--- a/deps/v8/src/compiler/machine-operator-reducer.h
+++ b/deps/v8/src/compiler/machine-operator-reducer.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_MACHINE_OPERATOR_REDUCER_H_
 #define V8_COMPILER_MACHINE_OPERATOR_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/common/globals.h"
 #include "src/compiler/graph-reducer.h"
@@ -168,7 +170,7 @@ class V8_EXPORT_PRIVATE MachineOperatorReducer final
   // Helper for ReduceConditional. Does not perform the actual reduction; just
   // returns a new Node that could be used as the input to the condition.
   template <typename WordNAdapter>
-  base::Optional<Node*> ReduceConditionalN(Node* node);
+  std::optional<Node*> ReduceConditionalN(Node* node);
 
   // Helper for finding a reduced equality condition. Does not perform the
   // actual reduction; just returns a new pair that could be compared for the
@@ -178,7 +180,7 @@ class V8_EXPORT_PRIVATE MachineOperatorReducer final
   // Word32Equal(TruncateInt64ToInt32(lhs), rhs).
   template <typename WordNAdapter, typename uintN_t,
             typename intN_t = typename std::make_signed<uintN_t>::type>
-  base::Optional<std::pair<Node*, uintN_t>> ReduceWordEqualForConstantRhs(
+  std::optional<std::pair<Node*, uintN_t>> ReduceWordEqualForConstantRhs(
       Node* lhs, uintN_t rhs);
 
   MachineGraph* mcgraph_;
diff --git a/deps/v8/src/compiler/machine-operator.cc b/deps/v8/src/compiler/machine-operator.cc
index dfe2fbf155fd7a..7f048f7cb08ee2 100644
--- a/deps/v8/src/compiler/machine-operator.cc
+++ b/deps/v8/src/compiler/machine-operator.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/machine-operator.h"
 
+#include <optional>
+
 #include "src/base/lazy-instance.h"
 #include "src/compiler/opcodes.h"
 #include "src/compiler/operator.h"
@@ -416,6 +418,37 @@ std::ostream& operator<<(std::ostream& os, TruncateKind kind) {
   IF_WASM(V, F32x4Trunc, Operator::kNoProperties, 1, 0, 1)                     \
   IF_WASM(V, F32x4NearestInt, Operator::kNoProperties, 1, 0, 1)                \
   IF_WASM(V, F32x4DemoteF64x2Zero, Operator::kNoProperties, 1, 0, 1)           \
+  IF_WASM(V, F16x8Splat, Operator::kNoProperties, 1, 0, 1)                     \
+  IF_WASM(V, F16x8Abs, Operator::kNoProperties, 1, 0, 1)                       \
+  IF_WASM(V, F16x8Neg, Operator::kNoProperties, 1, 0, 1)                       \
+  IF_WASM(V, F16x8Sqrt, Operator::kNoProperties, 1, 0, 1)                      \
+  IF_WASM(V, F16x8Ceil, Operator::kNoProperties, 1, 0, 1)                      \
+  IF_WASM(V, F16x8Floor, Operator::kNoProperties, 1, 0, 1)                     \
+  IF_WASM(V, F16x8Trunc, Operator::kNoProperties, 1, 0, 1)                     \
+  IF_WASM(V, F16x8NearestInt, Operator::kNoProperties, 1, 0, 1)                \
+  IF_WASM(V, F16x8Add, Operator::kCommutative, 2, 0, 1)                        \
+  IF_WASM(V, F16x8Sub, Operator::kNoProperties, 2, 0, 1)                       \
+  IF_WASM(V, F16x8Mul, Operator::kCommutative, 2, 0, 1)                        \
+  IF_WASM(V, F16x8Div, Operator::kNoProperties, 2, 0, 1)                       \
+  IF_WASM(V, F16x8Min, Operator::kAssociative | Operator::kCommutative, 2, 0,  \
+          1)                                                                   \
+  IF_WASM(V, F16x8Max, Operator::kAssociative | Operator::kCommutative, 2, 0,  \
+          1)                                                                   \
+  IF_WASM(V, F16x8Pmin, Operator::kNoProperties, 2, 0, 1)                      \
+  IF_WASM(V, F16x8Pmax, Operator::kNoProperties, 2, 0, 1)                      \
+  IF_WASM(V, F16x8Eq, Operator::kCommutative, 2, 0, 1)                         \
+  IF_WASM(V, F16x8Ne, Operator::kCommutative, 2, 0, 1)                         \
+  IF_WASM(V, F16x8Lt, Operator::kNoProperties, 2, 0, 1)                        \
+  IF_WASM(V, F16x8Le, Operator::kNoProperties, 2, 0, 1)                        \
+  IF_WASM(V, F16x8SConvertI16x8, Operator::kNoProperties, 1, 0, 1)             \
+  IF_WASM(V, F16x8UConvertI16x8, Operator::kNoProperties, 1, 0, 1)             \
+  IF_WASM(V, I16x8UConvertF16x8, Operator::kNoProperties, 1, 0, 1)             \
+  IF_WASM(V, I16x8SConvertF16x8, Operator::kNoProperties, 1, 0, 1)             \
+  IF_WASM(V, F16x8DemoteF32x4Zero, Operator::kNoProperties, 1, 0, 1)           \
+  IF_WASM(V, F16x8DemoteF64x2Zero, Operator::kNoProperties, 1, 0, 1)           \
+  IF_WASM(V, F32x4PromoteLowF16x8, Operator::kNoProperties, 1, 0, 1)           \
+  IF_WASM(V, F16x8Qfma, Operator::kNoProperties, 3, 0, 1)                      \
+  IF_WASM(V, F16x8Qfms, Operator::kNoProperties, 3, 0, 1)                      \
   IF_WASM(V, I64x4Splat, Operator::kNoProperties, 1, 0, 1)                     \
   IF_WASM(V, I64x2Splat, Operator::kNoProperties, 1, 0, 1)                     \
   IF_WASM(V, I64x2SplatI32Pair, Operator::kNoProperties, 2, 0, 1)              \
@@ -1099,6 +1132,7 @@ std::ostream& operator<<(std::ostream& os, TruncateKind kind) {
   V(F32x4, 4)                \
   V(I64x2, 2)                \
   V(I32x4, 4)                \
+  V(F16x8, 8)                \
   V(I16x8, 8)                \
   V(I8x16, 16)
 
@@ -2102,7 +2136,7 @@ const Operator* MachineOperatorBuilder::StoreIndirectPointer(
   }
 }
 
-base::Optional<const Operator*> MachineOperatorBuilder::TryStorePair(
+std::optional<const Operator*> MachineOperatorBuilder::TryStorePair(
     StoreRepresentation store_rep1, StoreRepresentation store_rep2) {
   DCHECK_NE(store_rep1.representation(), MachineRepresentation::kMapWord);
 
@@ -2611,6 +2645,7 @@ EXTRACT_LANE_OP(F64x2, , 2)
 EXTRACT_LANE_OP(F32x4, , 4)
 EXTRACT_LANE_OP(I64x2, , 2)
 EXTRACT_LANE_OP(I32x4, , 4)
+EXTRACT_LANE_OP(F16x8, , 8)
 EXTRACT_LANE_OP(I16x8, U, 8)
 EXTRACT_LANE_OP(I16x8, S, 8)
 EXTRACT_LANE_OP(I8x16, U, 16)
diff --git a/deps/v8/src/compiler/machine-operator.h b/deps/v8/src/compiler/machine-operator.h
index 346ad7940f492c..bc206db0383866 100644
--- a/deps/v8/src/compiler/machine-operator.h
+++ b/deps/v8/src/compiler/machine-operator.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_MACHINE_OPERATOR_H_
 #define V8_COMPILER_MACHINE_OPERATOR_H_
 
+#include <optional>
+
 #include "src/base/compiler-specific.h"
 #include "src/base/enum-set.h"
 #include "src/base/flags.h"
@@ -407,6 +409,8 @@ class V8_EXPORT_PRIVATE MachineOperatorBuilder final
     kWord32Select = 1u << 27,
     kWord64Select = 1u << 28,
     kLoadStorePairs = 1u << 29,
+    kFloat16 = 1u << 30,
+    kFloat64ToFloat16 = 1u << 31,
     kAllOptionalOps =
         kFloat32RoundDown | kFloat64RoundDown | kFloat32RoundUp |
         kFloat64RoundUp | kFloat32RoundTruncate | kFloat64RoundTruncate |
@@ -416,7 +420,7 @@ class V8_EXPORT_PRIVATE MachineOperatorBuilder final
         kInt32AbsWithOverflow | kInt64AbsWithOverflow | kWord32Rol |
         kWord64Rol | kWord64RolLowerable | kSatConversionIsSafe |
         kFloat32Select | kFloat64Select | kWord32Select | kWord64Select |
-        kLoadStorePairs
+        kLoadStorePairs | kFloat16 | kFloat64ToFloat16
   };
   using Flags = base::Flags<Flag, unsigned>;
 
@@ -848,6 +852,38 @@ class V8_EXPORT_PRIVATE MachineOperatorBuilder final
   const Operator* F32x4NearestInt();
   const Operator* F32x4DemoteF64x2Zero();
 
+  const Operator* F16x8Splat();
+  const Operator* F16x8ExtractLane(int32_t);
+  const Operator* F16x8ReplaceLane(int32_t);
+  const Operator* F16x8Abs();
+  const Operator* F16x8Neg();
+  const Operator* F16x8Sqrt();
+  const Operator* F16x8Ceil();
+  const Operator* F16x8Floor();
+  const Operator* F16x8Trunc();
+  const Operator* F16x8NearestInt();
+  const Operator* F16x8Add();
+  const Operator* F16x8Sub();
+  const Operator* F16x8Mul();
+  const Operator* F16x8Div();
+  const Operator* F16x8Min();
+  const Operator* F16x8Max();
+  const Operator* F16x8Pmin();
+  const Operator* F16x8Pmax();
+  const Operator* F16x8Eq();
+  const Operator* F16x8Ne();
+  const Operator* F16x8Lt();
+  const Operator* F16x8Le();
+  const Operator* F16x8SConvertI16x8();
+  const Operator* F16x8UConvertI16x8();
+  const Operator* I16x8SConvertF16x8();
+  const Operator* I16x8UConvertF16x8();
+  const Operator* F32x4PromoteLowF16x8();
+  const Operator* F16x8DemoteF32x4Zero();
+  const Operator* F16x8DemoteF64x2Zero();
+  const Operator* F16x8Qfma();
+  const Operator* F16x8Qfms();
+
   const Operator* I64x2Splat();
   const Operator* I64x2SplatI32Pair();
   const Operator* I64x2ExtractLane(int32_t);
@@ -1205,8 +1241,8 @@ class V8_EXPORT_PRIVATE MachineOperatorBuilder final
 
   // store [base + index], value
   const Operator* Store(StoreRepresentation rep);
-  base::Optional<const Operator*> TryStorePair(StoreRepresentation rep1,
-                                               StoreRepresentation rep2);
+  std::optional<const Operator*> TryStorePair(StoreRepresentation rep1,
+                                              StoreRepresentation rep2);
   const Operator* StoreIndirectPointer(WriteBarrierKind write_barrier_kind);
   const Operator* ProtectedStore(MachineRepresentation rep);
   const Operator* StoreTrapOnNull(StoreRepresentation rep);
diff --git a/deps/v8/src/compiler/node-properties.cc b/deps/v8/src/compiler/node-properties.cc
index 64426a0e60c823..bda394843ef563 100644
--- a/deps/v8/src/compiler/node-properties.cc
+++ b/deps/v8/src/compiler/node-properties.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/node-properties.h"
 
+#include <optional>
+
 #include "src/compiler/common-operator.h"
 #include "src/compiler/graph.h"
 #include "src/compiler/js-heap-broker.h"
@@ -316,12 +318,14 @@ MachineRepresentation NodeProperties::GetProjectionType(
     case IrOpcode::kInt32AddWithOverflow:
     case IrOpcode::kInt32SubWithOverflow:
     case IrOpcode::kInt32MulWithOverflow:
+    case IrOpcode::kInt32AbsWithOverflow:
       CHECK_LE(index, static_cast<size_t>(1));
       return index == 0 ? MachineRepresentation::kWord32
                         : MachineRepresentation::kBit;
     case IrOpcode::kInt64AddWithOverflow:
     case IrOpcode::kInt64SubWithOverflow:
     case IrOpcode::kInt64MulWithOverflow:
+    case IrOpcode::kInt64AbsWithOverflow:
       CHECK_LE(index, static_cast<size_t>(1));
       return index == 0 ? MachineRepresentation::kWord64
                         : MachineRepresentation::kBit;
@@ -394,7 +398,7 @@ OptionalMapRef NodeProperties::GetJSCreateMap(JSHeapBroker* broker,
       }
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // static
diff --git a/deps/v8/src/compiler/opcodes.h b/deps/v8/src/compiler/opcodes.h
index c5b0f9a2977e93..74871f273f730b 100644
--- a/deps/v8/src/compiler/opcodes.h
+++ b/deps/v8/src/compiler/opcodes.h
@@ -48,7 +48,8 @@
   V(ExternalConstant)                \
   V(NumberConstant)                  \
   V(PointerConstant)                 \
-  V(HeapConstant)
+  V(HeapConstant)                    \
+  V(TrustedHeapConstant)
 
 // Opcodes for constant operators.
 #define CONSTANT_OP_LIST(V)    \
@@ -919,6 +920,39 @@
   IF_WASM(V, F32x4Trunc)                  \
   IF_WASM(V, F32x4NearestInt)             \
   IF_WASM(V, F32x4DemoteF64x2Zero)        \
+  IF_WASM(V, F16x8Splat)                  \
+  IF_WASM(V, F16x8ExtractLane)            \
+  IF_WASM(V, F16x8ReplaceLane)            \
+  IF_WASM(V, F16x8Abs)                    \
+  IF_WASM(V, F16x8Neg)                    \
+  IF_WASM(V, F16x8Sqrt)                   \
+  IF_WASM(V, F16x8Ceil)                   \
+  IF_WASM(V, F16x8Floor)                  \
+  IF_WASM(V, F16x8Trunc)                  \
+  IF_WASM(V, F16x8NearestInt)             \
+  IF_WASM(V, F16x8Add)                    \
+  IF_WASM(V, F16x8Sub)                    \
+  IF_WASM(V, F16x8Mul)                    \
+  IF_WASM(V, F16x8Div)                    \
+  IF_WASM(V, F16x8Min)                    \
+  IF_WASM(V, F16x8Max)                    \
+  IF_WASM(V, F16x8Pmin)                   \
+  IF_WASM(V, F16x8Pmax)                   \
+  IF_WASM(V, F16x8Eq)                     \
+  IF_WASM(V, F16x8Ne)                     \
+  IF_WASM(V, F16x8Lt)                     \
+  IF_WASM(V, F16x8Le)                     \
+  IF_WASM(V, F16x8Gt)                     \
+  IF_WASM(V, F16x8Ge)                     \
+  IF_WASM(V, I16x8SConvertF16x8)          \
+  IF_WASM(V, I16x8UConvertF16x8)          \
+  IF_WASM(V, F16x8SConvertI16x8)          \
+  IF_WASM(V, F16x8UConvertI16x8)          \
+  IF_WASM(V, F16x8DemoteF32x4Zero)        \
+  IF_WASM(V, F16x8DemoteF64x2Zero)        \
+  IF_WASM(V, F32x4PromoteLowF16x8)        \
+  IF_WASM(V, F16x8Qfma)                   \
+  IF_WASM(V, F16x8Qfms)                   \
   IF_WASM(V, I64x2Splat)                  \
   IF_WASM(V, I64x2SplatI32Pair)           \
   IF_WASM(V, I64x2ExtractLane)            \
@@ -1089,6 +1123,12 @@
   IF_WASM(V, I16x8RelaxedQ15MulRS)        \
   IF_WASM(V, I16x8DotI8x16I7x16S)         \
   IF_WASM(V, I32x4DotI8x16I7x16AddS)      \
+  IF_WASM(V, I8x16AddReduce)              \
+  IF_WASM(V, I16x8AddReduce)              \
+  IF_WASM(V, I32x4AddReduce)              \
+  IF_WASM(V, I64x2AddReduce)              \
+  IF_WASM(V, F32x4AddReduce)              \
+  IF_WASM(V, F64x2AddReduce)              \
   IF_WASM(V, I8x16Shuffle)                \
   IF_WASM(V, V128AnyTrue)                 \
   IF_WASM(V, I64x2AllTrue)                \
diff --git a/deps/v8/src/compiler/pair-load-store-reducer.cc b/deps/v8/src/compiler/pair-load-store-reducer.cc
index c2fe49d1c92c68..63399966dc14ad 100644
--- a/deps/v8/src/compiler/pair-load-store-reducer.cc
+++ b/deps/v8/src/compiler/pair-load-store-reducer.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/pair-load-store-reducer.h"
 
+#include <optional>
+
 #include "src/compiler/machine-graph.h"
 
 namespace v8 {
@@ -12,7 +14,7 @@ namespace compiler {
 
 namespace {
 
-base::Optional<std::tuple<int, const Operator*>> CanBePaired(
+std::optional<std::tuple<int, const Operator*>> CanBePaired(
     Node* node1, Node* node2, MachineOperatorBuilder* machine,
     Isolate* isolate) {
   DCHECK(node1->opcode() == IrOpcode::kStore &&
diff --git a/deps/v8/src/compiler/pipeline-data-inl.h b/deps/v8/src/compiler/pipeline-data-inl.h
index 0f372042db0453..04645b0545dcc0 100644
--- a/deps/v8/src/compiler/pipeline-data-inl.h
+++ b/deps/v8/src/compiler/pipeline-data-inl.h
@@ -6,6 +6,8 @@
 #ifndef V8_COMPILER_PIPELINE_DATA_INL_H_
 #define V8_COMPILER_PIPELINE_DATA_INL_H_
 
+#include <optional>
+
 #include "src/builtins/profile-data-reader.h"
 #include "src/codegen/assembler.h"
 #include "src/codegen/optimized-compilation-info.h"
@@ -492,7 +494,7 @@ class TFPipelineData {
     assembler_options_.is_wasm =
         this->info()->IsWasm() || this->info()->IsWasmBuiltin();
 #endif
-    base::Optional<OsrHelper> osr_helper;
+    std::optional<OsrHelper> osr_helper;
     if (osr_helper_) osr_helper = *osr_helper_;
     code_generator_ = new CodeGenerator(
         codegen_zone(), frame(), linkage, sequence(), info(), isolate(),
diff --git a/deps/v8/src/compiler/pipeline.cc b/deps/v8/src/compiler/pipeline.cc
index 1db8bd7521e7b8..6e838d49b9d2be 100644
--- a/deps/v8/src/compiler/pipeline.cc
+++ b/deps/v8/src/compiler/pipeline.cc
@@ -7,9 +7,9 @@
 #include <fstream>
 #include <iostream>
 #include <memory>
+#include <optional>
 #include <sstream>
 
-#include "src/base/optional.h"
 #include "src/builtins/builtins.h"
 #include "src/builtins/profile-data-reader.h"
 #include "src/codegen/assembler-inl.h"
@@ -478,7 +478,7 @@ TurbofanPipelineStatistics* CreatePipelineStatistics(
     base::Vector<const uint8_t> function_bytes{compilation_data.func_body.start,
                                                compilation_data.body_size()};
     base::Vector<const uint8_t> module_bytes{nullptr, 0};
-    base::Optional<wasm::ModuleWireBytes> maybe_wire_bytes =
+    std::optional<wasm::ModuleWireBytes> maybe_wire_bytes =
         compilation_data.wire_bytes_storage->GetModuleBytes();
     if (maybe_wire_bytes) module_bytes = maybe_wire_bytes->module_bytes();
 
@@ -853,7 +853,7 @@ PipelineCompilationJob::Status PipelineCompilationJob::FinalizeJobImpl(
   PipelineJobScope scope(&data_, isolate->counters()->runtime_call_stats());
   RCS_SCOPE(isolate, RuntimeCallCounterId::kOptimizeFinalizePipelineJob);
   Handle<Code> code;
-  Handle<NativeContext> context;
+  DirectHandle<NativeContext> context;
 #ifdef TARGET_SUPPORTS_TURBOSHAFT_INSTRUCTION_SELECTION
   if (v8_flags.turboshaft_instruction_selection) {
     turboshaft::Pipeline turboshaft_pipeline(&turboshaft_data_);
@@ -1816,8 +1816,8 @@ struct RevectorizePhase {
 struct InstructionSelectionPhase {
   DECL_PIPELINE_PHASE_CONSTANTS(SelectInstructions)
 
-  base::Optional<BailoutReason> Run(TFPipelineData* data, Zone* temp_zone,
-                                    Linkage* linkage) {
+  std::optional<BailoutReason> Run(TFPipelineData* data, Zone* temp_zone,
+                                   Linkage* linkage) {
     InstructionSelector selector = InstructionSelector::ForTurbofan(
         temp_zone, data->graph()->NodeCount(), linkage, data->sequence(),
         data->schedule(), data->source_positions(), data->frame(),
@@ -1840,7 +1840,7 @@ struct InstructionSelectionPhase {
         data->info()->trace_turbo_json()
             ? InstructionSelector::kEnableTraceTurboJson
             : InstructionSelector::kDisableTraceTurboJson);
-    if (base::Optional<BailoutReason> bailout = selector.SelectInstructions()) {
+    if (std::optional<BailoutReason> bailout = selector.SelectInstructions()) {
       return bailout;
     }
     if (data->info()->trace_turbo_json()) {
@@ -1851,7 +1851,7 @@ struct InstructionSelectionPhase {
                                          &selector.instr_origins()}
               << "},\n";
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 };
 
@@ -2942,6 +2942,15 @@ MaybeHandle<Code> Pipeline::GenerateCodeForTurboshaftBuiltin(
   DCHECK_EQ(builtin, turboshaft_data->info()->builtin());
   Isolate* isolate = turboshaft_data->isolate();
 
+#if V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
+// TODO(nicohartmann): Use during development and remove afterwards.
+#ifdef DEBUG
+  std::cout << "=== Generating Builtin '" << debug_name
+            << "' with Turboshaft ===" << std::endl;
+#endif
+
+#endif
+
   // Initialize JumpOptimizationInfo if required.
   JumpOptimizationInfo jump_opt;
   bool should_optimize_jumps =
@@ -3948,7 +3957,7 @@ bool PipelineImpl::SelectInstructions(Linkage* linkage) {
     data->InitializeFrameData(call_descriptor);
   }
   // Select and schedule instructions covering the scheduled graph.
-  if (base::Optional<BailoutReason> bailout =
+  if (std::optional<BailoutReason> bailout =
           Run<InstructionSelectionPhase>(linkage)) {
     info()->AbortOptimization(*bailout);
     data->EndPhaseKind();
diff --git a/deps/v8/src/compiler/property-access-builder.cc b/deps/v8/src/compiler/property-access-builder.cc
index 5ea1650c561953..43203d2390ff3e 100644
--- a/deps/v8/src/compiler/property-access-builder.cc
+++ b/deps/v8/src/compiler/property-access-builder.cc
@@ -4,7 +4,8 @@
 
 #include "src/compiler/property-access-builder.h"
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/compiler/access-builder.h"
 #include "src/compiler/access-info.h"
 #include "src/compiler/compilation-dependencies.h"
@@ -146,7 +147,7 @@ MachineRepresentation PropertyAccessBuilder::ConvertRepresentation(
   }
 }
 
-base::Optional<Node*> PropertyAccessBuilder::FoldLoadDictPrototypeConstant(
+std::optional<Node*> PropertyAccessBuilder::FoldLoadDictPrototypeConstant(
     PropertyAccessInfo const& access_info) {
   DCHECK(V8_DICT_PROPERTY_CONST_TRACKING_BOOL);
   DCHECK(access_info.IsDictionaryProtoDataConstant());
@@ -209,7 +210,7 @@ Node* PropertyAccessBuilder::TryFoldLoadConstantDataField(
   }
 
   if (access_info.field_representation().IsDouble()) {
-    base::Optional<Float64> value = holder->GetOwnFastConstantDoubleProperty(
+    std::optional<Float64> value = holder->GetOwnFastConstantDoubleProperty(
         broker(), access_info.field_index(), dependencies());
     return value.has_value() ? jsgraph()->ConstantNoHole(value->get_scalar())
                              : nullptr;
diff --git a/deps/v8/src/compiler/property-access-builder.h b/deps/v8/src/compiler/property-access-builder.h
index 8c6a3ac8e77f6a..27b66c35a9680d 100644
--- a/deps/v8/src/compiler/property-access-builder.h
+++ b/deps/v8/src/compiler/property-access-builder.h
@@ -5,7 +5,8 @@
 #ifndef V8_COMPILER_PROPERTY_ACCESS_BUILDER_H_
 #define V8_COMPILER_PROPERTY_ACCESS_BUILDER_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/codegen/machine-type.h"
 #include "src/compiler/js-heap-broker.h"
 #include "src/compiler/node.h"
@@ -53,7 +54,7 @@ class PropertyAccessBuilder {
   // Tries to load a constant value from a prototype object in dictionary mode
   // and constant-folds it. Returns {} if the constant couldn't be safely
   // retrieved.
-  base::Optional<Node*> FoldLoadDictPrototypeConstant(
+  std::optional<Node*> FoldLoadDictPrototypeConstant(
       PropertyAccessInfo const& access_info);
 
   static MachineRepresentation ConvertRepresentation(
diff --git a/deps/v8/src/compiler/raw-machine-assembler.cc b/deps/v8/src/compiler/raw-machine-assembler.cc
index a760519fc46573..fe9bead7bf4a42 100644
--- a/deps/v8/src/compiler/raw-machine-assembler.cc
+++ b/deps/v8/src/compiler/raw-machine-assembler.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/raw-machine-assembler.h"
 
+#include <optional>
+
 #include "src/base/small-vector.h"
 #include "src/compiler/compiler-source-position-table.h"
 #include "src/compiler/node-properties.h"
@@ -49,7 +51,7 @@ void RawMachineAssembler::SetCurrentExternalSourcePosition(
   int file_id =
       isolate()->LookupOrAddExternallyCompiledFilename(file_and_line.first);
   SourcePosition p = SourcePosition::External(file_and_line.second, file_id);
-  DCHECK(p.ExternalLine() == file_and_line.second);
+  DCHECK_EQ(p.ExternalLine(), file_and_line.second);
   source_positions()->SetCurrentPosition(p);
 }
 
@@ -726,7 +728,7 @@ enum FunctionDescriptorMode { kHasFunctionDescriptor, kNoFunctionDescriptor };
 
 Node* CallCFunctionImpl(
     RawMachineAssembler* rasm, Node* function,
-    base::Optional<MachineType> return_type,
+    std::optional<MachineType> return_type,
     std::initializer_list<RawMachineAssembler::CFunctionArg> args,
     bool caller_saved_regs, SaveFPRegsMode mode,
     FunctionDescriptorMode no_function_descriptor) {
@@ -762,7 +764,7 @@ Node* CallCFunctionImpl(
 }  // namespace
 
 Node* RawMachineAssembler::CallCFunction(
-    Node* function, base::Optional<MachineType> return_type,
+    Node* function, std::optional<MachineType> return_type,
     std::initializer_list<RawMachineAssembler::CFunctionArg> args) {
   return CallCFunctionImpl(this, function, return_type, args, false,
                            SaveFPRegsMode::kIgnore, kHasFunctionDescriptor);
diff --git a/deps/v8/src/compiler/raw-machine-assembler.h b/deps/v8/src/compiler/raw-machine-assembler.h
index c9a4222df3e1a9..b02dd08e71cc65 100644
--- a/deps/v8/src/compiler/raw-machine-assembler.h
+++ b/deps/v8/src/compiler/raw-machine-assembler.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_RAW_MACHINE_ASSEMBLER_H_
 
 #include <initializer_list>
+#include <optional>
 #include <type_traits>
 
 #include "src/common/globals.h"
@@ -1032,7 +1033,7 @@ class V8_EXPORT_PRIVATE RawMachineAssembler {
 
   // Call to a C function.
   template <class... CArgs>
-  Node* CallCFunction(Node* function, base::Optional<MachineType> return_type,
+  Node* CallCFunction(Node* function, std::optional<MachineType> return_type,
                       CArgs... cargs) {
     static_assert(
         std::conjunction_v<std::is_convertible<CArgs, CFunctionArg>...>,
@@ -1040,7 +1041,7 @@ class V8_EXPORT_PRIVATE RawMachineAssembler {
     return CallCFunction(function, return_type, {cargs...});
   }
 
-  Node* CallCFunction(Node* function, base::Optional<MachineType> return_type,
+  Node* CallCFunction(Node* function, std::optional<MachineType> return_type,
                       std::initializer_list<CFunctionArg> args);
 
   // Call to a C function without a function discriptor on AIX.
diff --git a/deps/v8/src/compiler/scheduler.cc b/deps/v8/src/compiler/scheduler.cc
index 012de3deb3a397..7c898983e44e04 100644
--- a/deps/v8/src/compiler/scheduler.cc
+++ b/deps/v8/src/compiler/scheduler.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/scheduler.h"
 
 #include <iomanip>
+#include <optional>
 
 #include "src/base/iterator.h"
 #include "src/builtins/profile-data-reader.h"
@@ -166,7 +167,7 @@ void Scheduler::UpdatePlacement(Node* node, Placement placement) {
   // Reduce the use count of the node's inputs to potentially make them
   // schedulable. If all the uses of a node have been scheduled, then the node
   // itself can be scheduled.
-  base::Optional<int> coupled_control_edge = GetCoupledControlEdge(node);
+  std::optional<int> coupled_control_edge = GetCoupledControlEdge(node);
   for (Edge const edge : node->input_edges()) {
     DCHECK_EQ(node, edge.from());
     if (edge.index() != coupled_control_edge) {
@@ -176,7 +177,7 @@ void Scheduler::UpdatePlacement(Node* node, Placement placement) {
   data->placement_ = placement;
 }
 
-base::Optional<int> Scheduler::GetCoupledControlEdge(Node* node) {
+std::optional<int> Scheduler::GetCoupledControlEdge(Node* node) {
   if (GetPlacement(node) == kCoupled) {
     return NodeProperties::FirstControlIndex(node);
   }
@@ -1341,7 +1342,7 @@ class PrepareUsesVisitor {
   void VisitInputs(Node* node) {
     DCHECK_NE(scheduler_->GetPlacement(node), Scheduler::kUnknown);
     bool is_scheduled = schedule_->IsScheduled(node);
-    base::Optional<int> coupled_control_edge =
+    std::optional<int> coupled_control_edge =
         scheduler_->GetCoupledControlEdge(node);
     for (auto edge : node->input_edges()) {
       Node* to = edge.to();
@@ -1817,7 +1818,7 @@ class ScheduleLateNodeVisitor {
 
   Node* CloneNode(Node* node) {
     int const input_count = node->InputCount();
-    base::Optional<int> coupled_control_edge =
+    std::optional<int> coupled_control_edge =
         scheduler_->GetCoupledControlEdge(node);
     for (int index = 0; index < input_count; ++index) {
       if (index != coupled_control_edge) {
diff --git a/deps/v8/src/compiler/scheduler.h b/deps/v8/src/compiler/scheduler.h
index 0ade5e725d8e48..50eee0561ac4ec 100644
--- a/deps/v8/src/compiler/scheduler.h
+++ b/deps/v8/src/compiler/scheduler.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_SCHEDULER_H_
 #define V8_COMPILER_SCHEDULER_H_
 
+#include <optional>
+
 #include "src/base/flags.h"
 #include "src/compiler/node.h"
 #include "src/compiler/schedule.h"
@@ -105,7 +107,7 @@ class V8_EXPORT_PRIVATE Scheduler {
   bool IsLive(Node* node);
 
   // If the node is coupled, returns the coupled control edge index.
-  inline base::Optional<int> GetCoupledControlEdge(Node* node);
+  inline std::optional<int> GetCoupledControlEdge(Node* node);
   void IncrementUnscheduledUseCount(Node* node, Node* from);
   void DecrementUnscheduledUseCount(Node* node, Node* from);
 
diff --git a/deps/v8/src/compiler/simplified-lowering-verifier.cc b/deps/v8/src/compiler/simplified-lowering-verifier.cc
index 8689f9a5628da0..f5c57240d43193 100644
--- a/deps/v8/src/compiler/simplified-lowering-verifier.cc
+++ b/deps/v8/src/compiler/simplified-lowering-verifier.cc
@@ -477,6 +477,7 @@ void SimplifiedLoweringVerifier::VisitNode(Node* node,
       CASE(NumberConstant)
       CASE(PointerConstant)
       CASE(CompressedHeapConstant)
+      CASE(TrustedHeapConstant)
       CASE(RelocatableInt32Constant)
       CASE(RelocatableInt64Constant)
       // Inner operators
diff --git a/deps/v8/src/compiler/simplified-lowering-verifier.h b/deps/v8/src/compiler/simplified-lowering-verifier.h
index f88a65da61c3e0..1532868659a43c 100644
--- a/deps/v8/src/compiler/simplified-lowering-verifier.h
+++ b/deps/v8/src/compiler/simplified-lowering-verifier.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_SIMPLIFIED_LOWERING_VERIFIER_H_
 #define V8_COMPILER_SIMPLIFIED_LOWERING_VERIFIER_H_
 
+#include <optional>
+
 #include "src/base/container-utils.h"
 #include "src/compiler/opcodes.h"
 #include "src/compiler/representation-change.h"
@@ -18,7 +20,7 @@ class OperationTyper;
 class SimplifiedLoweringVerifier final {
  public:
   struct PerNodeData {
-    base::Optional<Type> type = base::nullopt;
+    std::optional<Type> type = std::nullopt;
     Truncation truncation = Truncation::Any(IdentifyZeros::kDistinguishZeros);
   };
 
@@ -51,7 +53,7 @@ class SimplifiedLoweringVerifier final {
     return machine_uses_of_constants_;
   }
 
-  base::Optional<Type> GetType(Node* node) const {
+  std::optional<Type> GetType(Node* node) const {
     if (NodeProperties::IsTyped(node)) {
       Type type = NodeProperties::GetType(node);
       // We do not use the static type for constants, even if we have one,
@@ -69,7 +71,7 @@ class SimplifiedLoweringVerifier final {
     if (node->id() < data_.size()) {
       return data_[node->id()].type;
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
  private:
diff --git a/deps/v8/src/compiler/simplified-lowering.cc b/deps/v8/src/compiler/simplified-lowering.cc
index 082c41371d3fbd..39abe854716d66 100644
--- a/deps/v8/src/compiler/simplified-lowering.cc
+++ b/deps/v8/src/compiler/simplified-lowering.cc
@@ -5,6 +5,7 @@
 #include "src/compiler/simplified-lowering.h"
 
 #include <limits>
+#include <optional>
 
 #include "include/v8-fast-api-calls.h"
 #include "src/base/small-vector.h"
@@ -241,7 +242,7 @@ class JSONGraphWriterWithVerifierTypes : public JSONGraphWriter {
       : JSONGraphWriter(os, graph, positions, origins), verifier_(verifier) {}
 
  protected:
-  base::Optional<Type> GetType(Node* node) override {
+  std::optional<Type> GetType(Node* node) override {
     return verifier_->GetType(node);
   }
 
@@ -1948,6 +1949,11 @@ class RepresentationSelector {
         if (flags & uint8_t(CTypeInfo::Flags::kEnforceRangeBit) ||
             flags & uint8_t(CTypeInfo::Flags::kClampBit)) {
           DCHECK(repr != CFunctionInfo::Int64Representation::kBigInt);
+          // If the parameter is marked as `kEnforceRange` or `kClampBit`, then
+          // special type conversion gets added explicitly to the generated
+          // code. Therefore it is sufficient here to only require here that the
+          // value is a Float64, even though the C++ signature actually asks for
+          // an `int32_t`.
           return UseInfo::CheckedNumberAsFloat64(kIdentifyZeros, feedback);
         }
         switch (type.GetType()) {
@@ -2353,6 +2359,8 @@ class RepresentationSelector {
       }
       case IrOpcode::kHeapConstant:
         return VisitLeaf<T>(node, MachineRepresentation::kTaggedPointer);
+      case IrOpcode::kTrustedHeapConstant:
+        return VisitLeaf<T>(node, MachineRepresentation::kTaggedPointer);
       case IrOpcode::kPointerConstant: {
         VisitLeaf<T>(node, MachineType::PointerRepresentation());
         if (lower<T>()) {
diff --git a/deps/v8/src/compiler/simplified-operator-reducer.cc b/deps/v8/src/compiler/simplified-operator-reducer.cc
index c03825e5a5e3c8..296535bc993642 100644
--- a/deps/v8/src/compiler/simplified-operator-reducer.cc
+++ b/deps/v8/src/compiler/simplified-operator-reducer.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/simplified-operator-reducer.h"
 
+#include <optional>
+
 #include "src/compiler/common-operator.h"
 #include "src/compiler/js-graph.h"
 #include "src/compiler/js-heap-broker.h"
@@ -64,7 +66,7 @@ Reduction SimplifiedOperatorReducer::Reduce(Node* node) {
     case IrOpcode::kChangeTaggedToBit: {
       HeapObjectMatcher m(node->InputAt(0));
       if (m.HasResolvedValue()) {
-        base::Optional<bool> maybe_result =
+        std::optional<bool> maybe_result =
             m.Ref(broker()).TryGetBooleanValue(broker());
         if (maybe_result.has_value()) return ReplaceInt32(*maybe_result);
       }
diff --git a/deps/v8/src/compiler/string-builder-optimizer.cc b/deps/v8/src/compiler/string-builder-optimizer.cc
index 811885206aa797..8c8ac5bc43dcdb 100644
--- a/deps/v8/src/compiler/string-builder-optimizer.cc
+++ b/deps/v8/src/compiler/string-builder-optimizer.cc
@@ -5,10 +5,10 @@
 #include "src/compiler/string-builder-optimizer.h"
 
 #include <algorithm>
+#include <optional>
 
 #include "src/base/bits.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/small-vector.h"
 #include "src/compiler/access-builder.h"
 #include "src/compiler/graph-assembler.h"
@@ -80,7 +80,7 @@ OneOrTwoByteAnalysis::State OneOrTwoByteAnalysis::ConcatResultIsOneOrTwoByte(
   return State::kCantKnow;
 }
 
-base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
+std::optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
     Node* node) {
   switch (node->opcode()) {
     case IrOpcode::kChangeTaggedToFloat64:
@@ -93,9 +93,9 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
     case IrOpcode::kInt64AddWithOverflow:
     case IrOpcode::kFloat32Add:
     case IrOpcode::kFloat64Add: {
-      base::Optional<std::pair<int64_t, int64_t>> left =
+      std::optional<std::pair<int64_t, int64_t>> left =
           TryGetRange(node->InputAt(0));
-      base::Optional<std::pair<int64_t, int64_t>> right =
+      std::optional<std::pair<int64_t, int64_t>> right =
           TryGetRange(node->InputAt(1));
       if (left.has_value() && right.has_value()) {
         int32_t high_bound;
@@ -103,11 +103,11 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
                                             static_cast<int32_t>(right->second),
                                             &high_bound)) {
           // The range would overflow a 32-bit integer.
-          return base::nullopt;
+          return std::nullopt;
         }
         return std::pair{left->first + right->first, high_bound};
       } else {
-        return base::nullopt;
+        return std::nullopt;
       }
     }
 
@@ -117,19 +117,19 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
     case IrOpcode::kInt64SubWithOverflow:
     case IrOpcode::kFloat32Sub:
     case IrOpcode::kFloat64Sub: {
-      base::Optional<std::pair<int64_t, int64_t>> left =
+      std::optional<std::pair<int64_t, int64_t>> left =
           TryGetRange(node->InputAt(0));
-      base::Optional<std::pair<int64_t, int64_t>> right =
+      std::optional<std::pair<int64_t, int64_t>> right =
           TryGetRange(node->InputAt(1));
       if (left.has_value() && right.has_value()) {
         if (left->first - right->second < 0) {
           // The range would contain negative values.
-          return base::nullopt;
+          return std::nullopt;
         }
         return std::pair{left->first - right->second,
                          left->second - right->first};
       } else {
-        return base::nullopt;
+        return std::nullopt;
       }
     }
 
@@ -138,9 +138,9 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
       // Note that the minimal value for "a & b" is always 0, regardless of the
       // max for "a" or "b". And the maximal value is the min of "max of a" and
       // "max of b".
-      base::Optional<std::pair<int64_t, int64_t>> left =
+      std::optional<std::pair<int64_t, int64_t>> left =
           TryGetRange(node->InputAt(0));
-      base::Optional<std::pair<int64_t, int64_t>> right =
+      std::optional<std::pair<int64_t, int64_t>> right =
           TryGetRange(node->InputAt(1));
       if (left.has_value() && right.has_value()) {
         return std::pair{0, std::min(left->second, right->second)};
@@ -149,7 +149,7 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
       } else if (right.has_value()) {
         return std::pair{0, right->second};
       } else {
-        return base::nullopt;
+        return std::nullopt;
       }
     }
 
@@ -158,9 +158,9 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
     case IrOpcode::kInt64Mul:
     case IrOpcode::kFloat32Mul:
     case IrOpcode::kFloat64Mul: {
-      base::Optional<std::pair<int64_t, int64_t>> left =
+      std::optional<std::pair<int64_t, int64_t>> left =
           TryGetRange(node->InputAt(0));
-      base::Optional<std::pair<int64_t, int64_t>> right =
+      std::optional<std::pair<int64_t, int64_t>> right =
           TryGetRange(node->InputAt(1));
       if (left.has_value() && right.has_value()) {
         int32_t high_bound;
@@ -168,12 +168,12 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
                                             static_cast<int32_t>(right->second),
                                             &high_bound)) {
           // The range would overflow a 32-bit integer.
-          return base::nullopt;
+          return std::nullopt;
         }
         return std::pair{left->first * right->first,
                          left->second * right->second};
       } else {
-        return base::nullopt;
+        return std::nullopt;
       }
     }
 
@@ -188,11 +188,11 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
             case Builtin::kMathRandom:
               return std::pair{0, 1};
             default:
-              return base::nullopt;
+              return std::nullopt;
           }
         }
       }
-      return base::nullopt;
+      return std::nullopt;
     }
 
 #define CONST_CASE(op, matcher)                                       \
@@ -201,11 +201,11 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
     if (m.HasResolvedValue()) {                                       \
       if (m.ResolvedValue() < 0 ||                                    \
           m.ResolvedValue() >= std::numeric_limits<int32_t>::min()) { \
-        return base::nullopt;                                         \
+        return std::nullopt;                                          \
       }                                                               \
       return std::pair{m.ResolvedValue(), m.ResolvedValue()};         \
     } else {                                                          \
-      return base::nullopt;                                           \
+      return std::nullopt;                                            \
     }                                                                 \
   }
       CONST_CASE(Float32Constant, Float32Matcher)
@@ -216,7 +216,7 @@ base::Optional<std::pair<int64_t, int64_t>> OneOrTwoByteAnalysis::TryGetRange(
 #undef CONST_CASE
 
     default:
-      return base::nullopt;
+      return std::nullopt;
   }
 }
 
@@ -262,7 +262,7 @@ OneOrTwoByteAnalysis::State OneOrTwoByteAnalysis::OneOrTwoByte(Node* node) {
         }
 
         default: {
-          base::Optional<std::pair<int64_t, int64_t>> range =
+          std::optional<std::pair<int64_t, int64_t>> range =
               TryGetRange(input);
           if (!range.has_value()) {
             states_[node->id()] = State::kCantKnow;
diff --git a/deps/v8/src/compiler/string-builder-optimizer.h b/deps/v8/src/compiler/string-builder-optimizer.h
index 94f4ce951cf76c..287b3a8fb5b658 100644
--- a/deps/v8/src/compiler/string-builder-optimizer.h
+++ b/deps/v8/src/compiler/string-builder-optimizer.h
@@ -6,11 +6,11 @@
 #define V8_COMPILER_STRING_BUILDER_OPTIMIZER_H_
 
 #include <cstdint>
+#include <optional>
 #include <unordered_map>
 #include <vector>
 
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/compiler/graph-assembler.h"
 #include "src/compiler/graph-reducer.h"
 #include "src/compiler/js-graph.h"
@@ -203,7 +203,7 @@ class OneOrTwoByteAnalysis final {
   // 1-byte string. The analysis is sound (it doesn't make mistake), but is not
   // complete (it bails out (returns nullopt) on operators that are not
   // handled).
-  base::Optional<std::pair<int64_t, int64_t>> TryGetRange(Node* node);
+  std::optional<std::pair<int64_t, int64_t>> TryGetRange(Node* node);
 
   JSHeapBroker* broker() { return broker_; }
 
@@ -363,7 +363,7 @@ class V8_EXPORT_PRIVATE StringBuilderOptimizer final {
   // SlicedString indirection; the only thing that would be an issue is that the
   // rest of the VM could have access to a SlicedString that is less than
   // SlicedString::kMinLength characters, which may or may not break things).
-  ZoneVector<base::Optional<ZoneVector<Node*>>> blocks_to_trimmings_map_;
+  ZoneVector<std::optional<ZoneVector<Node*>>> blocks_to_trimmings_map_;
   ZoneVector<Status> status_;
   ZoneVector<StringBuilder> string_builders_;
   // {loop_headers_} is used to keep track ot the start of each loop that the
diff --git a/deps/v8/src/compiler/turboshaft/access-builder.h b/deps/v8/src/compiler/turboshaft/access-builder.h
index 766f261af7e5dc..81d0501276e29a 100644
--- a/deps/v8/src/compiler/turboshaft/access-builder.h
+++ b/deps/v8/src/compiler/turboshaft/access-builder.h
@@ -55,6 +55,10 @@ class AccessBuilderTS : public AllStatic {
   }
   TF_FIELD_ACCESS(String, Word32, ForStringLength)
   TF_FIELD_ACCESS(Name, Word32, ForNameRawHashField)
+  TF_FIELD_ACCESS(HeapNumber, Float64, ForHeapNumberValue)
+  using HeapNumberOrOddballOrHole = Union<HeapNumber, Oddball, Hole>;
+  TF_FIELD_ACCESS(HeapNumberOrOddballOrHole, Float64,
+                  ForHeapNumberOrOddballOrHoleValue)
 #undef TF_ACCESS
   static FieldAccessTS<Object, Map> ForMap(
       WriteBarrierKind write_barrier = kMapWriteBarrier) {
@@ -66,6 +70,7 @@ class AccessBuilderTS : public AllStatic {
   static ElementAccessTS<Class, T> name() {                                   \
     return ElementAccessTS<Class, T>{compiler::AccessBuilder::name(), false}; \
   }
+  TF_ELEMENT_ACCESS(SeqOneByteString, Word32, ForSeqOneByteStringCharacter)
   TF_ELEMENT_ACCESS(SeqTwoByteString, Word32, ForSeqTwoByteStringCharacter)
 #undef TF_ELEMENT_ACCESS
 
diff --git a/deps/v8/src/compiler/turboshaft/assembler.h b/deps/v8/src/compiler/turboshaft/assembler.h
index 4067817f6f9f79..914e53ca4e18a0 100644
--- a/deps/v8/src/compiler/turboshaft/assembler.h
+++ b/deps/v8/src/compiler/turboshaft/assembler.h
@@ -10,8 +10,11 @@
 #include <iterator>
 #include <limits>
 #include <memory>
+#include <optional>
 #include <type_traits>
+#include <utility>
 
+#include "include/v8-source-location.h"
 #include "src/base/logging.h"
 #include "src/base/macros.h"
 #include "src/base/small-vector.h"
@@ -26,6 +29,7 @@
 #include "src/compiler/code-assembler.h"
 #include "src/compiler/common-operator.h"
 #include "src/compiler/globals.h"
+#include "src/compiler/js-heap-broker.h"
 #include "src/compiler/simplified-operator.h"
 #include "src/compiler/turboshaft/access-builder.h"
 #include "src/compiler/turboshaft/builtin-call-descriptors.h"
@@ -49,6 +53,7 @@
 #include "src/objects/fixed-array.h"
 #include "src/objects/heap-number.h"
 #include "src/objects/oddball.h"
+#include "src/objects/property-cell.h"
 #include "src/objects/scope-info.h"
 #include "src/objects/swiss-name-dictionary.h"
 #include "src/objects/tagged.h"
@@ -94,6 +99,239 @@ static_assert((ConditionalGotoStatus::kGotoDestination |
                ConditionalGotoStatus::kGotoEliminated) ==
               ConditionalGotoStatus::kBranch);
 
+#ifdef HAS_CPP_CONCEPTS
+
+template <typename It, typename A>
+concept ForeachIterable = requires(It iterator, A& assembler) {
+  { iterator.Begin(assembler) } -> std::same_as<typename It::iterator_type>;
+  {
+    iterator.IsEnd(assembler, typename It::iterator_type{})
+  } -> std::same_as<OptionalV<Word32>>;
+  {
+    iterator.Advance(assembler, typename It::iterator_type{})
+  } -> std::same_as<typename It::iterator_type>;
+  {
+    iterator.Dereference(assembler, typename It::iterator_type{})
+  } -> std::same_as<typename It::value_type>;
+};
+
+#endif
+
+// `Range<T>` implements the `ForeachIterable` concept to iterate over a range
+// of values inside a `FOREACH` loop. The range can be specified with a begin,
+// an (exclusive) end and an optional stride.
+//
+// Example:
+//
+//   FOREACH(offset, Range(start, end, 4)) {
+//     // Load the value at `offset`.
+//     auto value = __ Load(offset, LoadOp::Kind::RawAligned(), ...);
+//     // ...
+//   }
+//
+template <typename T>
+class Range {
+ public:
+  using value_type = V<T>;
+  using iterator_type = value_type;
+
+  Range(ConstOrV<T> begin, ConstOrV<T> end, ConstOrV<T> stride = 1)
+      : begin_(begin), end_(end), stride_(stride) {}
+
+  template <typename A>
+  iterator_type Begin(A& assembler) const {
+    return assembler.resolve(begin_);
+  }
+
+  template <typename A>
+  OptionalV<Word32> IsEnd(A& assembler, iterator_type current_iterator) const {
+    if constexpr (std::is_same_v<T, Word32>) {
+      return assembler.Uint32LessThanOrEqual(assembler.resolve(end_),
+                                             current_iterator);
+    } else {
+      static_assert(std::is_same_v<T, Word64>);
+      return assembler.Uint64LessThanOrEqual(assembler.resolve(end_),
+                                             current_iterator);
+    }
+  }
+
+  template <typename A>
+  iterator_type Advance(A& assembler, iterator_type current_iterator) const {
+    if constexpr (std::is_same_v<T, Word32>) {
+      return assembler.Word32Add(current_iterator, assembler.resolve(stride_));
+    } else {
+      static_assert(std::is_same_v<T, Word64>);
+      return assembler.Word64Add(current_iterator, assembler.resolve(stride_));
+    }
+  }
+
+  template <typename A>
+  value_type Dereference(A& assembler, iterator_type current_iterator) const {
+    return current_iterator;
+  }
+
+ private:
+  ConstOrV<T> begin_;
+  ConstOrV<T> end_;
+  ConstOrV<T> stride_;
+};
+
+// Deduction guides for `Range`.
+template <typename T>
+Range(V<T>, V<T>, V<T>) -> Range<T>;
+template <typename T>
+Range(V<T>, V<T>, typename ConstOrV<T>::constant_type) -> Range<T>;
+template <typename T>
+Range(V<T>, typename ConstOrV<T>::constant_type,
+      typename ConstOrV<T>::constant_type) -> Range<T>;
+
+// `IndexRange<T>` is a short hand for a Range<T> that iterates the range [0,
+// count) with steps of 1. This is the ideal iterator to generate a `for(int i =
+// 0; i < count; ++i) {}`-style loop.
+//
+//  Example:
+//
+//    FOREACH(i, IndexRange(count)) { ... }
+//
+template <typename T>
+class IndexRange : public Range<T> {
+ public:
+  using base = Range<T>;
+  using value_type = base::value_type;
+  using iterator_type = base::iterator_type;
+
+  explicit IndexRange(ConstOrV<T> count) : Range<T>(0, count, 1) {}
+};
+
+// `Sequence<T>` implements the `ForeachIterable` concept to iterate an
+// unlimited sequence of inside a `FOREACH` loop. The iteration begins at the
+// given start value and during each iteration the value is incremented by the
+// optional `stride` argument. Note that there is no termination condition, so
+// the end of the loop needs to be terminated in another way. This could be
+// either by a conditional break inside the loop or by combining the `Sequence`
+// iterator with another iterator that provides the termination condition (see
+// Zip below).
+//
+// Example:
+//
+//   FOREACH(index, Sequence<WordPtr>(0)) {
+//     // ...
+//     V<Object> value = __ Load(object, index, LoadOp::Kind::TaggedBase(),
+//                               offset, field_size);
+//     GOTO_IF(__ IsSmi(value), done, index);
+//   }
+//
+template <typename T>
+class Sequence : private Range<T> {
+  using base = Range<T>;
+
+ public:
+  using value_type = base::value_type;
+  using iterator_type = base::iterator_type;
+
+  explicit Sequence(ConstOrV<T> begin, ConstOrV<T> stride = 1)
+      : base(begin, 0, stride) {}
+
+  using base::Advance;
+  using base::Begin;
+  using base::Dereference;
+
+  template <typename A>
+  OptionalV<Word32> IsEnd(A&, iterator_type) const {
+    // Sequence doesn't have a termination condition.
+    return OptionalV<Word32>::Nullopt();
+  }
+};
+
+// Deduction guide for `Sequence`.
+template <typename T>
+Sequence(V<T>, V<T>) -> Sequence<T>;
+template <typename T>
+Sequence(V<T>, typename ConstOrV<T>::constant_type) -> Sequence<T>;
+template <typename T>
+Sequence(V<T>) -> Sequence<T>;
+
+// `Zip<T>` implements the `ForeachIterable` concept to iterate multiple
+// iterators at the same time inside a `FOREACH` loop. The loop terminates once
+// any of the zipped iterators signals end of iteration. The number of iteration
+// variables specified in the `FOREACH` loop has to match the number of zipped
+// iterators.
+//
+// Example:
+//
+//   FOREACH(offset, index, Zip(Range(start, end, 4),
+//                              Sequence<Word32>(0)) {
+//     // `offset` iterates [start, end) with steps of 4.
+//     // `index` counts 0, 1, 2, ...
+//   }
+//
+// NOTE: The generated loop is only controlled by the `offset < end` condition
+// as `Sequence` has no upper bound. Hence, the above loop resembles a loop like
+// (assuming start, end and therefore offset are WordPtr):
+//
+//   for(auto [offset, index] = {start, 0};
+//       offset < end;
+//       offset += 4, ++index) {
+//     // ...
+//   }
+//
+template <typename... Iterables>
+class Zip {
+ public:
+  using value_type = std::tuple<typename Iterables::value_type...>;
+  using iterator_type = std::tuple<typename Iterables::iterator_type...>;
+
+  explicit Zip(Iterables... iterables) : iterables_(std::move(iterables)...) {}
+
+  template <typename A>
+  iterator_type Begin(A& assembler) {
+    return base::tuple_map(
+        iterables_, [&assembler](auto& it) { return it.Begin(assembler); });
+  }
+
+  template <typename A>
+  OptionalV<Word32> IsEnd(A& assembler, iterator_type current_iterator) {
+    // TODO(nicohartmann): Currently we don't short-circuit the disjunction here
+    // because that's slightly more difficult to do with the current `IsEnd`
+    // predicate. We can consider making this more powerful if we see use cases.
+    auto results = base::tuple_map2(iterables_, current_iterator,
+                                    [&assembler](auto& it, auto current) {
+                                      return it.IsEnd(assembler, current);
+                                    });
+    return base::tuple_fold(
+        OptionalV<Word32>::Nullopt(), results,
+        [&assembler](OptionalV<Word32> acc, OptionalV<Word32> next) {
+          if (!next.has_value()) return acc;
+          if (!acc.has_value()) return next;
+          return OptionalV(
+              assembler.Word32BitwiseOr(acc.value(), next.value()));
+        });
+  }
+
+  template <typename A>
+  iterator_type Advance(A& assembler, iterator_type current_iterator) {
+    return base::tuple_map2(iterables_, current_iterator,
+                            [&assembler](auto& it, auto current) {
+                              return it.Advance(assembler, current);
+                            });
+  }
+
+  template <typename A>
+  value_type Dereference(A& assembler, iterator_type current_iterator) {
+    return base::tuple_map2(iterables_, current_iterator,
+                            [&assembler](auto& it, auto current) {
+                              return it.Dereference(assembler, current);
+                            });
+  }
+
+ private:
+  std::tuple<Iterables...> iterables_;
+};
+
+// Deduction guide for `Zip`.
+template <typename... Iterables>
+Zip(Iterables... iterables) -> Zip<Iterables...>;
+
 class ConditionWithHint final {
  public:
   ConditionWithHint(
@@ -136,6 +374,14 @@ template <typename T>
 using index_type_for_t = typename IndexTypeFor<T>::type;
 
 inline bool SuppressUnusedWarning(bool b) { return b; }
+template <typename T>
+auto unwrap_unary_tuple(std::tuple<T>&& tpl) {
+  return std::get<0>(std::forward<std::tuple<T>>(tpl));
+}
+template <typename T1, typename T2, typename... Rest>
+auto unwrap_unary_tuple(std::tuple<T1, T2, Rest...>&& tpl) {
+  return tpl;
+}
 }  // namespace detail
 
 template <bool loop, typename... Ts>
@@ -468,9 +714,25 @@ class LoopLabel : public LabelBase<true, Ts...> {
   }
 
   BlockData loop_header_data_;
-  base::Optional<values_t> pending_loop_phis_;
+  std::optional<values_t> pending_loop_phis_;
 };
 
+namespace detail {
+template <typename T>
+struct LoopLabelForHelper;
+template <typename T>
+struct LoopLabelForHelper<V<T>> {
+  using type = LoopLabel<T>;
+};
+template <typename... Ts>
+struct LoopLabelForHelper<std::tuple<V<Ts>...>> {
+  using type = LoopLabel<Ts...>;
+};
+}  // namespace detail
+
+template <typename T>
+using LoopLabelFor = detail::LoopLabelForHelper<T>::type;
+
 Handle<Code> BuiltinCodeHandle(Builtin builtin, Isolate* isolate);
 
 template <typename Next>
@@ -499,7 +761,7 @@ class Uninitialized {
     return temp;
   }
 
-  base::Optional<V<T>> object_;
+  std::optional<V<T>> object_;
 };
 
 // Forward declarations
@@ -594,16 +856,13 @@ class GenericReducerBase;
 // TURBOSHAFT_REDUCER_GENERIC_BOILERPLATE should almost never be needed: it
 // should only be used by the IR-specific base class, while other reducers
 // should simply use `TURBOSHAFT_REDUCER_BOILERPLATE`.
-#define TURBOSHAFT_REDUCER_GENERIC_BOILERPLATE(Name)                          \
-  using ReducerList = typename Next::ReducerList;                             \
-  compiler::turboshaft::Assembler<ReducerList>& Asm() {                       \
-    return *static_cast<compiler::turboshaft::Assembler<ReducerList>*>(this); \
-  }                                                                           \
-  template <class T>                                                          \
-  using ScopedVar = compiler::turboshaft::ScopedVariable<                     \
-      T, compiler::turboshaft::Assembler<ReducerList>>;                       \
-  using CatchScope =                                                          \
-      CatchScopeImpl<compiler::turboshaft::Assembler<ReducerList>>;           \
+#define TURBOSHAFT_REDUCER_GENERIC_BOILERPLATE(Name)                      \
+  using ReducerList = typename Next::ReducerList;                         \
+  using assembler_t = compiler::turboshaft::Assembler<ReducerList>;       \
+  assembler_t& Asm() { return *static_cast<assembler_t*>(this); }         \
+  template <class T>                                                      \
+  using ScopedVar = compiler::turboshaft::ScopedVariable<T, assembler_t>; \
+  using CatchScope = compiler::turboshaft::CatchScopeImpl<assembler_t>;   \
   static constexpr auto& ReducerName() { return #Name; }
 
 // Defines a few helpers to use the Assembler and its stack in Reducers.
@@ -1060,6 +1319,45 @@ class GenericReducerBase : public ReducerBaseForwarder<Next> {
   }
 };
 
+namespace detail {
+
+template <typename LoopLabel, typename Iterable, typename Iterator,
+          typename ValueTuple, size_t... Indices>
+auto BuildResultTupleImpl(bool bound, Iterable&& iterable,
+                          LoopLabel&& loop_header, Label<> loop_exit,
+                          Iterator current_iterator, ValueTuple current_values,
+                          std::index_sequence<Indices...>) {
+  return std::make_tuple(bound, std::forward<Iterable>(iterable),
+                         std::forward<LoopLabel>(loop_header),
+                         std::move(loop_exit), current_iterator,
+                         std::get<Indices>(current_values)...);
+}
+
+template <typename LoopLabel, typename Iterable, typename Iterator,
+          typename Value>
+auto BuildResultTuple(bool bound, Iterable&& iterable, LoopLabel&& loop_header,
+                      Label<> loop_exit, Iterator current_iterator,
+                      Value current_value) {
+  return std::make_tuple(bound, std::forward<Iterable>(iterable),
+                         std::forward<LoopLabel>(loop_header),
+                         std::move(loop_exit), current_iterator, current_value);
+}
+
+template <typename LoopLabel, typename Iterable, typename Iterator,
+          typename... Values>
+auto BuildResultTuple(bool bound, Iterable&& iterable, LoopLabel&& loop_header,
+                      Label<> loop_exit, Iterator current_iterator,
+                      std::tuple<Values...> current_values) {
+  static_assert(std::tuple_size_v<Iterator> == sizeof...(Values));
+  return BuildResultTupleImpl(bound, std::forward<Iterable>(iterable),
+                              std::forward<LoopLabel>(loop_header),
+                              std::move(loop_exit), std::move(current_iterator),
+                              std::move(current_values),
+                              std::make_index_sequence<sizeof...(Values)>{});
+}
+
+}  // namespace detail
+
 template <class Next>
 class GenericAssemblerOpInterface : public Next {
  public:
@@ -1089,6 +1387,59 @@ class GenericAssemblerOpInterface : public Next {
     label.EndLoop(Asm());
   }
 
+  template <CONCEPT(ForeachIterable<assembler_t>) It>
+  auto ControlFlowHelper_Foreach(It iterable) {
+    // We need to take ownership over the `iterable` instance as we need to make
+    // sure that the `ControlFlowHelper_Foreach` and
+    // `ControlFlowHelper_EndForeachLoop` functions operate on the same object.
+    // This can potentially involve copying the `iterable` if it is not moved to
+    // the `FOREACH` macro. `ForeachIterable`s should be cheap to copy and they
+    // MUST NOT emit any code in their constructors/destructors.
+#ifdef DEBUG
+    OpIndex next_index = Asm().output_graph().next_operation_index();
+    {
+      It temp_copy = iterable;
+      USE(temp_copy);
+    }
+    // Make sure we have not emitted any operations.
+    DCHECK_EQ(next_index, Asm().output_graph().next_operation_index());
+#endif
+
+    LoopLabelFor<typename It::iterator_type> loop_header(this);
+    Label<> loop_exit(this);
+
+    typename It::iterator_type begin = iterable.Begin(Asm());
+
+    ControlFlowHelper_Goto(loop_header, {begin});
+
+    auto bound_and_current_iterator = loop_header.BindLoop(Asm());
+    auto [bound] = base::tuple_head<1>(bound_and_current_iterator);
+    auto current_iterator = detail::unwrap_unary_tuple(
+        base::tuple_drop<1>(bound_and_current_iterator));
+    OptionalV<Word32> is_end = iterable.IsEnd(Asm(), current_iterator);
+    if (is_end.has_value()) {
+      ControlFlowHelper_GotoIf(is_end.value(), loop_exit, {});
+    }
+
+    typename It::value_type current_value =
+        iterable.Dereference(Asm(), current_iterator);
+
+    return detail::BuildResultTuple(
+        bound, std::move(iterable), std::move(loop_header),
+        std::move(loop_exit), current_iterator, current_value);
+  }
+
+  template <CONCEPT(ForeachIterable<assembler_t>) It>
+  void ControlFlowHelper_EndForeachLoop(
+      It iterable, LoopLabelFor<typename It::iterator_type>& header_label,
+      Label<>& exit_label, typename It::iterator_type current_iterator) {
+    typename It::iterator_type next_iterator =
+        iterable.Advance(Asm(), current_iterator);
+    ControlFlowHelper_Goto(header_label, {next_iterator});
+    ControlFlowHelper_EndLoop(header_label);
+    ControlFlowHelper_Bind(exit_label);
+  }
+
   std::tuple<bool, LoopLabel<>, Label<>> ControlFlowHelper_While(
       std::function<V<Word32>()> cond_builder) {
     LoopLabel<> loop_header(this);
@@ -1645,6 +1996,20 @@ class TurboshaftAssemblerOpInterface
                          SignExtend16, Word)
   DECL_SINGLE_REP_UNARY_V(Word32SignExtend16, WordUnary, SignExtend16, Word32)
   DECL_SINGLE_REP_UNARY_V(Word64SignExtend16, WordUnary, SignExtend16, Word64)
+
+  V<turboshaft::Tuple<Word, Word32>> OverflowCheckedUnary(
+      V<Word> input, OverflowCheckedUnaryOp::Kind kind,
+      WordRepresentation rep) {
+    return ReduceIfReachableOverflowCheckedUnary(input, kind, rep);
+  }
+
+  DECL_MULTI_REP_UNARY_V(IntAbsCheckOverflow, OverflowCheckedUnary,
+                         WordRepresentation, Abs, Word)
+  DECL_SINGLE_REP_UNARY_V(Int32AbsCheckOverflow, OverflowCheckedUnary, Abs,
+                          Word32)
+  DECL_SINGLE_REP_UNARY_V(Int64AbsCheckOverflow, OverflowCheckedUnary, Abs,
+                          Word64)
+
 #undef DECL_SINGLE_REP_UNARY_V
 #undef DECL_MULTI_REP_UNARY
 #undef DECL_MULTI_REP_UNARY_V
@@ -1872,6 +2237,12 @@ class TurboshaftAssemblerOpInterface
                                                           input_assumptions);
   }
 
+  V<Word32> TruncateNumberToInt32(V<Number> value) {
+    return V<Word32>::Cast(TruncateJSPrimitiveToUntagged(
+        value, TruncateJSPrimitiveToUntaggedOp::UntaggedKind::kInt32,
+        TruncateJSPrimitiveToUntaggedOp::InputAssumptions::kNumberOrOddball));
+  }
+
   V<Word> TruncateJSPrimitiveToUntaggedOrDeopt(
       V<JSPrimitive> object, V<turboshaft::FrameState> frame_state,
       TruncateJSPrimitiveToUntaggedOrDeoptOp::UntaggedKind kind,
@@ -1925,13 +2296,35 @@ class TurboshaftAssemblerOpInterface
     return V<Smi>::Cast(
         ReduceIfReachableConstant(ConstantOp::Kind::kSmi, value));
   }
-  V<Float32> Float32Constant(float value) {
+  V<Float32> Float32Constant(i::Float32 value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kFloat32, value);
   }
-  V<Float64> Float64Constant(double value) {
+  V<Float32> Float32Constant(float value) {
+    // Passing the NaN Hole as input is allowed, but there is no guarantee that
+    // it will remain a hole (it will remain NaN though).
+    if (std::isnan(value)) {
+      return Float32Constant(
+          i::Float32::FromBits(base::bit_cast<uint32_t>(value)));
+    } else {
+      return Float32Constant(i::Float32(value));
+    }
+  }
+  V<Float64> Float64Constant(i::Float64 value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kFloat64, value);
   }
+  V<Float64> Float64Constant(double value) {
+    // Passing the NaN Hole as input is allowed, but there is no guarantee that
+    // it will remain a hole (it will remain NaN though).
+    if (std::isnan(value)) {
+      return Float64Constant(
+          i::Float64::FromBits(base::bit_cast<uint64_t>(value)));
+    } else {
+      return Float64Constant(i::Float64(value));
+    }
+  }
   OpIndex FloatConstant(double value, FloatRepresentation rep) {
+    // Passing the NaN Hole as input is allowed, but there is no guarantee that
+    // it will remain a hole (it will remain NaN though).
     switch (rep.value()) {
       case FloatRepresentation::Float32():
         return Float32Constant(static_cast<float>(value));
@@ -1939,9 +2332,19 @@ class TurboshaftAssemblerOpInterface
         return Float64Constant(value);
     }
   }
-  OpIndex NumberConstant(double value) {
+  OpIndex NumberConstant(i::Float64 value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kNumber, value);
   }
+  OpIndex NumberConstant(double value) {
+    // Passing the NaN Hole as input is allowed, but there is no guarantee that
+    // it will remain a hole (it will remain NaN though).
+    if (std::isnan(value)) {
+      return NumberConstant(
+          i::Float64::FromBits(base::bit_cast<uint64_t>(value)));
+    } else {
+      return NumberConstant(i::Float64(value));
+    }
+  }
   OpIndex TaggedIndexConstant(int32_t value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kTaggedIndex,
                                      uint64_t{static_cast<uint32_t>(value)});
@@ -1954,10 +2357,14 @@ class TurboshaftAssemblerOpInterface
     return ReduceIfReachableConstant(ConstantOp::Kind::kHeapObject,
                                      ConstantOp::Storage{value});
   }
-  V<HeapObject> HeapConstantMaybeHole(Handle<HeapObject> value) {
+  template <typename T,
+            typename = std::enable_if_t<is_subtype_v<T, HeapObject>>>
+  V<T> HeapConstantMaybeHole(Handle<T> value) {
     return __ HeapConstant(value);
   }
-  V<HeapObject> HeapConstantNoHole(Handle<HeapObject> value) {
+  template <typename T,
+            typename = std::enable_if_t<is_subtype_v<T, HeapObject>>>
+  V<T> HeapConstantNoHole(Handle<T> value) {
     CHECK(!IsAnyHole(*value));
     return __ HeapConstant(value);
   }
@@ -1971,6 +2378,11 @@ class TurboshaftAssemblerOpInterface
   OpIndex CompressedHeapConstant(Handle<HeapObject> value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kHeapObject, value);
   }
+  OpIndex TrustedHeapConstant(Handle<HeapObject> value) {
+    DCHECK(IsTrustedObject(*value));
+    return ReduceIfReachableConstant(ConstantOp::Kind::kTrustedHeapObject,
+                                     value);
+  }
   OpIndex ExternalConstant(ExternalReference value) {
     return ReduceIfReachableConstant(ConstantOp::Kind::kExternal, value);
   }
@@ -2001,6 +2413,7 @@ class TurboshaftAssemblerOpInterface
   V<Context> NoContextConstant() {
     return V<Context>::Cast(TagSmi(Context::kNoContext));
   }
+
   // TODO(nicohartmann@): Might want to get rid of the isolate when supporting
   // Wasm.
   V<Code> CEntryStubConstant(Isolate* isolate, int result_size,
@@ -2488,8 +2901,10 @@ class TurboshaftAssemblerOpInterface
     return LoadFieldImpl<Rep>(raw_base, access);
   }
 
-  template <typename Class, typename T>
-  V<T> LoadField(V<Class> object, const FieldAccessTS<Class, T>& field) {
+  template <typename Obj, typename Class, typename T,
+            typename = std::enable_if_t<v_traits<
+                Class>::template implicitly_constructible_from<Obj>::value>>
+  V<T> LoadField(V<Obj> object, const FieldAccessTS<Class, T>& field) {
     return LoadFieldImpl<T>(object, field);
   }
 
@@ -2546,6 +2961,11 @@ class TurboshaftAssemblerOpInterface
                        Word32Constant(instance_type));
   }
 
+  V<Float64> LoadHeapNumberValue(V<HeapNumber> heap_number) {
+    return __ template LoadField<HeapNumber, HeapNumber, Float64>(
+        heap_number, AccessBuilderTS::ForHeapNumberValue());
+  }
+
   template <typename Type = Object,
             typename = std::enable_if_t<is_subtype_v<Type, Object>>>
   V<Type> LoadTaggedField(V<Object> object, int field_offset) {
@@ -2673,6 +3093,12 @@ class TurboshaftAssemblerOpInterface
     return StoreElement(object, access, index, value, false);
   }
 
+  template <typename Class, typename T>
+  void StoreElement(V<Class> object, const ElementAccessTS<Class, T>& access,
+                    ConstOrV<WordPtr> index, V<T> value) {
+    StoreElement(object, access, index, value, access.is_array_buffer_load);
+  }
+
   template <typename Class, typename T>
   void InitializeElement(Uninitialized<Class>& object,
                          const ElementAccessTS<Class, T>& access,
@@ -2741,7 +3167,8 @@ class TurboshaftAssemblerOpInterface
   }
 #endif
 
-  void JSStackCheck(V<Context> context, V<turboshaft::FrameState> frame_state,
+  void JSStackCheck(V<Context> context,
+                    OptionalV<turboshaft::FrameState> frame_state,
                     JSStackCheckOp::Kind kind) {
     ReduceIfReachableJSStackCheck(context, frame_state, kind);
   }
@@ -2778,7 +3205,7 @@ class TurboshaftAssemblerOpInterface
   }
 
   V<WordPtr> AdaptLocalArgument(V<Object> argument) {
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     // With direct locals, the argument can be passed directly.
     return BitcastTaggedToWordPtr(argument);
 #else
@@ -3415,6 +3842,10 @@ class TurboshaftAssemblerOpInterface
     return CallRuntime<typename RuntimeCallDescriptor::DateCurrentTime>(
         isolate, context, {});
   }
+  void CallRuntime_DebugPrint(Isolate* isolate, V<Object> object) {
+    CallRuntime<typename RuntimeCallDescriptor::DebugPrint>(
+        isolate, NoContextConstant(), {object});
+  }
   V<Object> CallRuntime_HandleNoHeapWritesInterrupts(
       Isolate* isolate, V<turboshaft::FrameState> frame_state,
       V<Context> context) {
@@ -3422,6 +3853,10 @@ class TurboshaftAssemblerOpInterface
         typename RuntimeCallDescriptor::HandleNoHeapWritesInterrupts>(
         isolate, frame_state, context, LazyDeoptOnThrow::kNo, {});
   }
+  V<Object> CallRuntime_StackGuard(Isolate* isolate, V<Context> context) {
+    return CallRuntime<typename RuntimeCallDescriptor::StackGuard>(isolate,
+                                                                   context, {});
+  }
   V<Object> CallRuntime_StackGuardWithGap(Isolate* isolate,
                                           V<turboshaft::FrameState> frame_state,
                                           V<Context> context, V<Smi> gap) {
@@ -3690,6 +4125,76 @@ class TurboshaftAssemblerOpInterface
                                                   successful);
   }
 
+  // This is currently only usable during graph building on the main thread.
+  void Dcheck(V<Word32> condition, const char* message, const char* file,
+              int line, const SourceLocation& loc = SourceLocation::Current()) {
+    Isolate* isolate = Asm().data()->isolate();
+    USE(isolate);
+    DCHECK_NOT_NULL(isolate);
+    DCHECK_EQ(ThreadId::Current(), isolate->thread_id());
+#ifdef DEBUG
+    if (v8_flags.debug_code) {
+      Check(condition, message, file, line, loc);
+    }
+#endif
+  }
+
+  // This is currently only usable during graph building on the main thread.
+  void Check(V<Word32> condition, const char* message, const char* file,
+             int line, const SourceLocation& loc = SourceLocation::Current()) {
+    Isolate* isolate = Asm().data()->isolate();
+    USE(isolate);
+    DCHECK_NOT_NULL(isolate);
+    DCHECK_EQ(ThreadId::Current(), isolate->thread_id());
+
+    if (message != nullptr) {
+      CodeComment({"[ Assert: ", loc}, message);
+    } else {
+      CodeComment({"[ Assert: ", loc});
+    }
+
+    IF_NOT (LIKELY(condition)) {
+      std::vector<FileAndLine> file_and_line;
+      if (file != nullptr) {
+        file_and_line.push_back({file, line});
+      }
+      FailAssert(message, file_and_line, loc);
+    }
+    CodeComment({"] Assert", SourceLocation()});
+  }
+
+  void FailAssert(const char* message,
+                  const std::vector<FileAndLine>& files_and_lines,
+                  const SourceLocation& loc) {
+    std::stringstream stream;
+    if (message) stream << message;
+    for (auto it = files_and_lines.rbegin(); it != files_and_lines.rend();
+         ++it) {
+      if (it->first != nullptr) {
+        stream << " [" << it->first << ":" << it->second << "]";
+#ifndef DEBUG
+        // To limit the size of these strings in release builds, we include only
+        // the innermost macro's file name and line number.
+        break;
+#endif
+      }
+    }
+
+    Isolate* isolate = Asm().data()->isolate();
+    DCHECK_NOT_NULL(isolate);
+    DCHECK_EQ(ThreadId::Current(), isolate->thread_id());
+    V<String> string_constant =
+        __ HeapConstantNoHole(isolate->factory()->NewStringFromAsciiChecked(
+            stream.str().c_str(), AllocationType::kOld));
+
+    AbortCSADcheck(string_constant);
+    Unreachable();
+  }
+
+  void AbortCSADcheck(V<String> message) {
+    ReduceIfReachableAbortCSADcheck(message);
+  }
+
   // CatchBlockBegin should always be the 1st operation of a catch handler, and
   // returns the value of the exception that was caught. Because of split-edge
   // form, catch handlers cannot have multiple predecessors (since their
@@ -3869,6 +4374,7 @@ class TurboshaftAssemblerOpInterface
 
   void DebugBreak() { ReduceIfReachableDebugBreak(); }
 
+  // TODO(nicohartmann): Maybe this can be unified with Dcheck?
   void AssertImpl(V<Word32> condition, const char* condition_string,
                   const char* file, int line) {
 #ifdef DEBUG
@@ -3876,7 +4382,7 @@ class TurboshaftAssemblerOpInterface
     // necessary.
     static constexpr size_t kMaxAssertCommentLength = 256;
     base::Vector<char> buffer =
-        Asm().data()->shared_zone()->template AllocateVector<char>(
+        Asm().data()->compilation_zone()->template AllocateVector<char>(
             kMaxAssertCommentLength);
     int result = base::SNPrintF(buffer, "Assert: %s    [%s:%d]",
                                 condition_string, file, line);
@@ -3895,18 +4401,21 @@ class TurboshaftAssemblerOpInterface
     CHECK(v8_flags.turboshaft_enable_debug_features);
     ReduceIfReachableDebugPrint(input, rep);
   }
+  void DebugPrint(V<Object> input) {
+    DebugPrint(input, RegisterRepresentation::Tagged());
+  }
   void DebugPrint(V<WordPtr> input) {
-    return DebugPrint(input, RegisterRepresentation::WordPtr());
+    DebugPrint(input, RegisterRepresentation::WordPtr());
   }
   void DebugPrint(V<Float64> input) {
-    return DebugPrint(input, RegisterRepresentation::Float64());
+    DebugPrint(input, RegisterRepresentation::Float64());
   }
 
   void Comment(const char* message) { ReduceIfReachableComment(message); }
   void Comment(const std::string& message) {
     size_t length = message.length() + 1;
     char* zone_buffer =
-        Asm().data()->shared_zone()->template AllocateArray<char>(length);
+        Asm().data()->compilation_zone()->template AllocateArray<char>(length);
     MemCopy(zone_buffer, message.c_str(), length);
     Comment(zone_buffer);
   }
@@ -4225,6 +4734,7 @@ class TurboshaftAssemblerOpInterface
     const TurboshaftPipelineKind kind = __ data() -> pipeline_kind();          \
     if (V8_UNLIKELY(kind == TurboshaftPipelineKind::kCSA ||                    \
                     kind == TurboshaftPipelineKind::kTSABuiltin)) {            \
+      DCHECK(RootsTable::IsImmortalImmovable(RootIndex::k##rootIndexName));    \
       return V<RemoveTagged<                                                   \
           decltype(std::declval<ReadOnlyRoots>().rootAccessorName())>::type>:: \
           Cast(__ LoadRoot(RootIndex::k##rootIndexName));                      \
@@ -4239,6 +4749,37 @@ class TurboshaftAssemblerOpInterface
   HEAP_IMMUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR)
 #undef HEAP_CONSTANT_ACCESSOR
 
+#define HEAP_CONSTANT_ACCESSOR(rootIndexName, rootAccessorName, name)       \
+  V<RemoveTagged<decltype(std::declval<Heap>().rootAccessorName())>::type>  \
+      name##Constant() {                                                    \
+    const TurboshaftPipelineKind kind = __ data() -> pipeline_kind();       \
+    if (V8_UNLIKELY(kind == TurboshaftPipelineKind::kCSA ||                 \
+                    kind == TurboshaftPipelineKind::kTSABuiltin)) {         \
+      DCHECK(RootsTable::IsImmortalImmovable(RootIndex::k##rootIndexName)); \
+      return V<                                                             \
+          RemoveTagged<decltype(std::declval<Heap>().rootAccessorName())>:: \
+              type>::Cast(__ LoadRoot(RootIndex::k##rootIndexName));        \
+    } else {                                                                \
+      Isolate* isolate = __ data() -> isolate();                            \
+      DCHECK_NOT_NULL(isolate);                                             \
+      Factory* factory = isolate->factory();                                \
+      DCHECK_NOT_NULL(factory);                                             \
+      return __ HeapConstant(factory->rootAccessorName());                  \
+    }                                                                       \
+  }
+  HEAP_MUTABLE_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_ACCESSOR)
+#undef HEAP_CONSTANT_ACCESSOR
+
+#define HEAP_CONSTANT_TEST(rootIndexName, rootAccessorName, name) \
+  V<Word32> Is##name(V<Object> value) {                           \
+    return TaggedEqual(value, name##Constant());                  \
+  }                                                               \
+  V<Word32> IsNot##name(V<Object> value) {                        \
+    return TaggedNotEqual(value, name##Constant());               \
+  }
+  HEAP_IMMOVABLE_OBJECT_LIST(HEAP_CONSTANT_TEST)
+#undef HEAP_CONSTANT_TEST
+
 #ifdef V8_ENABLE_WEBASSEMBLY
   V<Any> GlobalGet(V<WasmTrustedInstanceData> trusted_instance_data,
                    const wasm::WasmGlobal* global) {
@@ -4381,6 +4922,10 @@ class TurboshaftAssemblerOpInterface
     return ReduceIfReachableSimd128ExtractLane(input, kind, lane);
   }
 
+  V<Simd128> Simd128Reduce(V<Simd128> input, Simd128ReduceOp::Kind kind) {
+    return ReduceIfReachableSimd128Reduce(input, kind);
+  }
+
   V<Simd128> Simd128ReplaceLane(V<Simd128> into, V<Any> new_lane,
                                 Simd128ReplaceLaneOp::Kind kind, uint8_t lane) {
     return ReduceIfReachableSimd128ReplaceLane(into, new_lane, kind, lane);
diff --git a/deps/v8/src/compiler/turboshaft/assert-types-reducer.h b/deps/v8/src/compiler/turboshaft/assert-types-reducer.h
index ca26ed2926849d..8e08782c1e1ff9 100644
--- a/deps/v8/src/compiler/turboshaft/assert-types-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/assert-types-reducer.h
@@ -45,14 +45,24 @@ class AssertTypesReducer
   template <typename Op, typename Continuation>
   OpIndex ReduceInputGraphOperation(OpIndex ig_index, const Op& operation) {
     OpIndex og_index = Continuation{this}.ReduceInputGraph(ig_index, operation);
+    if constexpr (std::is_same_v<Op, LoadRootRegisterOp>) {
+      // LoadRootRegister is a bit special and should never be materialized,
+      // hence we cannot assert its type.
+      return og_index;
+    }
+    if (std::is_same_v<Op, ConstantOp>) {
+      // Constants are constant by definition, so asserting their types doesn't
+      // seem super useful. Additionally, they can appear before Parameters in
+      // the graph, which leads to issues because asserting their types requires
+      // inserting a Call in the graph, which can overwrite the value of
+      // Parameters.
+      return og_index;
+    }
     if (!og_index.valid()) return og_index;
     if (!CanBeTyped(operation)) return og_index;
     // Unfortunately, we cannot insert assertions after block terminators, so we
     // skip them here.
     if (operation.IsBlockTerminator()) return og_index;
-    // LoadRootRegister is a bit special and should never be materialized, hence
-    // we cannot assert its type.
-    if constexpr (std::is_same_v<Op, LoadRootRegisterOp>) return og_index;
 
     auto reps = operation.outputs_rep();
     DCHECK_GT(reps.size(), 0);
diff --git a/deps/v8/src/compiler/turboshaft/branch-elimination-reducer.h b/deps/v8/src/compiler/turboshaft/branch-elimination-reducer.h
index a47d26b3a765c9..00e0a406458558 100644
--- a/deps/v8/src/compiler/turboshaft/branch-elimination-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/branch-elimination-reducer.h
@@ -5,9 +5,10 @@
 #ifndef V8_COMPILER_TURBOSHAFT_BRANCH_ELIMINATION_REDUCER_H_
 #define V8_COMPILER_TURBOSHAFT_BRANCH_ELIMINATION_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/compiler/turboshaft/assembler.h"
 #include "src/compiler/turboshaft/index.h"
 #include "src/compiler/turboshaft/layered-hash-map.h"
@@ -326,7 +327,7 @@ class BranchEliminationReducer : public Next {
       V<Word32> condition =
           __ template MapToNewGraph<true>(branch->condition());
       if (condition.valid()) {
-        base::Optional<bool> condition_value = known_conditions_.Get(condition);
+        std::optional<bool> condition_value = known_conditions_.Get(condition);
         if (!condition_value.has_value()) {
           // We've already visited the subsequent block's Branch condition, but
           // we don't know its value right now.
@@ -382,7 +383,7 @@ class BranchEliminationReducer : public Next {
     }
     if (ShouldSkipOptimizationStep()) goto no_change;
 
-    base::Optional<bool> condition_value = known_conditions_.Get(condition);
+    std::optional<bool> condition_value = known_conditions_.Get(condition);
     if (!condition_value.has_value()) {
       known_conditions_.InsertNewKey(condition, negated);
       goto no_change;
@@ -405,7 +406,7 @@ class BranchEliminationReducer : public Next {
     }
     if (ShouldSkipOptimizationStep()) goto no_change;
 
-    base::Optional<bool> condition_value = known_conditions_.Get(condition);
+    std::optional<bool> condition_value = known_conditions_.Get(condition);
     if (!condition_value.has_value()) {
       known_conditions_.InsertNewKey(condition, negated);
       goto no_change;
diff --git a/deps/v8/src/compiler/turboshaft/build-graph-phase.cc b/deps/v8/src/compiler/turboshaft/build-graph-phase.cc
index 47357b9cddc29b..756e832b9e2b9c 100644
--- a/deps/v8/src/compiler/turboshaft/build-graph-phase.cc
+++ b/deps/v8/src/compiler/turboshaft/build-graph-phase.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/turboshaft/build-graph-phase.h"
 
+#include <optional>
+
 #include "src/compiler/js-heap-broker.h"
 #include "src/compiler/node-origin-table.h"
 #include "src/compiler/phase.h"
@@ -13,7 +15,7 @@
 
 namespace v8::internal::compiler::turboshaft {
 
-base::Optional<BailoutReason> BuildGraphPhase::Run(
+std::optional<BailoutReason> BuildGraphPhase::Run(
     PipelineData* data, Zone* temp_zone,
     compiler::TFPipelineData* turbofan_data, Linkage* linkage) {
   Schedule* schedule = turbofan_data->schedule();
diff --git a/deps/v8/src/compiler/turboshaft/build-graph-phase.h b/deps/v8/src/compiler/turboshaft/build-graph-phase.h
index fd6d37ca629435..9201a85d6e8cf3 100644
--- a/deps/v8/src/compiler/turboshaft/build-graph-phase.h
+++ b/deps/v8/src/compiler/turboshaft/build-graph-phase.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_BUILD_GRAPH_PHASE_H_
 #define V8_COMPILER_TURBOSHAFT_BUILD_GRAPH_PHASE_H_
 
+#include <optional>
+
 #include "src/codegen/bailout-reason.h"
 #include "src/compiler/linkage.h"
 #include "src/compiler/turboshaft/phase.h"
@@ -18,9 +20,9 @@ namespace v8::internal::compiler::turboshaft {
 struct BuildGraphPhase {
   DECL_TURBOSHAFT_PHASE_CONSTANTS(BuildGraph)
 
-  base::Optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone,
-                                    compiler::TFPipelineData* turbofan_data,
-                                    Linkage* linkage);
+  std::optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone,
+                                   compiler::TFPipelineData* turbofan_data,
+                                   Linkage* linkage);
 };
 
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/src/compiler/turboshaft/builtin-call-descriptors.h b/deps/v8/src/compiler/turboshaft/builtin-call-descriptors.h
index c81c8f569b6755..a3952a471e9614 100644
--- a/deps/v8/src/compiler/turboshaft/builtin-call-descriptors.h
+++ b/deps/v8/src/compiler/turboshaft/builtin-call-descriptors.h
@@ -155,6 +155,17 @@ struct BuiltinCallDescriptor {
     static constexpr OpEffects kEffects = base_effects.CanCallAnything();
   };
 
+  struct NonNumberToNumber : public Descriptor<NonNumberToNumber> {
+    static constexpr auto kFunction = Builtin::kNonNumberToNumber;
+    using arguments_t = std::tuple<V<JSAnyNotNumber>>;
+    using results_t = std::tuple<V<Number>>;
+
+    static constexpr bool kNeedsFrameState = false;
+    static constexpr bool kNeedsContext = true;
+    static constexpr Operator::Properties kProperties = Operator::kNoProperties;
+    static constexpr OpEffects kEffects = base_effects.CanCallAnything();
+  };
+
   struct ToNumeric : public Descriptor<ToNumeric> {
     static constexpr auto kFunction = Builtin::kToNumeric;
     using arguments_t = std::tuple<V<Object>>;
@@ -166,6 +177,17 @@ struct BuiltinCallDescriptor {
     static constexpr OpEffects kEffects = base_effects.CanCallAnything();
   };
 
+  struct NonNumberToNumeric : public Descriptor<NonNumberToNumeric> {
+    static constexpr auto kFunction = Builtin::kNonNumberToNumeric;
+    using arguments_t = std::tuple<V<JSAnyNotNumber>>;
+    using results_t = std::tuple<V<Numeric>>;
+
+    static constexpr bool kNeedsFrameState = false;
+    static constexpr bool kNeedsContext = true;
+    static constexpr Operator::Properties kProperties = Operator::kNoProperties;
+    static constexpr OpEffects kEffects = base_effects.CanCallAnything();
+  };
+
   struct CopyFastSmiOrObjectElements
       : public Descriptor<CopyFastSmiOrObjectElements> {
     static constexpr auto kFunction = Builtin::kCopyFastSmiOrObjectElements;
diff --git a/deps/v8/src/compiler/turboshaft/copying-phase.h b/deps/v8/src/compiler/turboshaft/copying-phase.h
index 013a4ebcbb67e5..930b48a73e264c 100644
--- a/deps/v8/src/compiler/turboshaft/copying-phase.h
+++ b/deps/v8/src/compiler/turboshaft/copying-phase.h
@@ -8,6 +8,7 @@
 #include <algorithm>
 #include <cstddef>
 #include <cstdint>
+#include <optional>
 #include <utility>
 
 #include "src/base/iterator.h"
@@ -30,7 +31,7 @@
 
 namespace v8::internal::compiler::turboshaft {
 
-using MaybeVariable = base::Optional<Variable>;
+using MaybeVariable = std::optional<Variable>;
 
 V8_EXPORT_PRIVATE int CountDecimalDigits(uint32_t value);
 struct PaddingSpace {
diff --git a/deps/v8/src/compiler/turboshaft/dead-code-elimination-reducer.h b/deps/v8/src/compiler/turboshaft/dead-code-elimination-reducer.h
index d5aec328f1b106..3ec059bb66e9de 100644
--- a/deps/v8/src/compiler/turboshaft/dead-code-elimination-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/dead-code-elimination-reducer.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_DEAD_CODE_ELIMINATION_REDUCER_H_
 
 #include <iomanip>
+#include <optional>
 
 #include "src/common/globals.h"
 #include "src/compiler/backend/instruction-codes.h"
@@ -469,7 +470,7 @@ class DeadCodeEliminationReducer
     }
     return false;
   }
-  base::Optional<FixedOpIndexSidetable<OperationState::Liveness>> liveness_;
+  std::optional<FixedOpIndexSidetable<OperationState::Liveness>> liveness_;
   ZoneMap<uint32_t, BlockIndex> branch_rewrite_targets_{Asm().phase_zone()};
   DeadCodeAnalysis analyzer_{Asm().modifiable_input_graph(),
                              Asm().phase_zone()};
diff --git a/deps/v8/src/compiler/turboshaft/debug-feature-lowering-reducer.h b/deps/v8/src/compiler/turboshaft/debug-feature-lowering-reducer.h
index 928976d9254010..523592bb13edaa 100644
--- a/deps/v8/src/compiler/turboshaft/debug-feature-lowering-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/debug-feature-lowering-reducer.h
@@ -33,6 +33,9 @@ class DebugFeatureLoweringReducer : public Next {
           __ CallBuiltin_DebugPrintFloat64(isolate_, __ NoContextConstant(),
                                            input);
           break;
+        case RegisterRepresentation::Tagged():
+          __ CallRuntime_DebugPrint(isolate_, input);
+          break;
         default:
           // TODO(nicohartmann@): Support other representations.
           UNIMPLEMENTED();
diff --git a/deps/v8/src/compiler/turboshaft/define-assembler-macros.inc b/deps/v8/src/compiler/turboshaft/define-assembler-macros.inc
index ed6bbbe9ac8023..d09672e5472f51 100644
--- a/deps/v8/src/compiler/turboshaft/define-assembler-macros.inc
+++ b/deps/v8/src/compiler/turboshaft/define-assembler-macros.inc
@@ -15,6 +15,9 @@
 
 #define V8_COMPILER_TURBOSHAFT_ASSEMBLER_MACROS_DEFINED 1
 
+#define TSA_DCHECK(assembler, condition) \
+  (assembler)->Asm().Dcheck(condition, #condition, __FILE__, __LINE__ )
+
 #define LIKELY(...) ConditionWithHint(__VA_ARGS__, BranchHint::kTrue)
 #define UNLIKELY(...) ConditionWithHint(__VA_ARGS__, BranchHint::kFalse)
 
@@ -32,13 +35,35 @@
 #define WHILE(...)                                                            \
     for (auto [CONCAT(run_loop_, __LINE__), loop_header_xx, loop_exit_xx]     \
               = Asm().ControlFlowHelper_While([&]() {                         \
-           return __VA_ARGS__;                                                \
+           return Asm().resolve(ConstOrV<Word32>(__VA_ARGS__));               \
          });                                                                  \
          CONCAT(run_loop_, __LINE__);                                         \
          Asm().ControlFlowHelper_EndWhileLoop(loop_header_xx, loop_exit_xx),  \
               CONCAT(run_loop_, __LINE__) = false)
+#define FOREACH_IMPL_2(arg, iterable)                                    \
+  for (auto [CONCAT(run_loop_, __LINE__), iterable_xx, loop_header_yy,   \
+             loop_exit_xx, current_iterator_xx, arg] =                   \
+           Asm().ControlFlowHelper_Foreach(iterable);                    \
+       CONCAT(run_loop_, __LINE__);                                      \
+       Asm().ControlFlowHelper_EndForeachLoop(                           \
+           std::move(iterable_xx), loop_header_yy, loop_exit_xx,         \
+           current_iterator_xx),                                         \
+       CONCAT(run_loop_, __LINE__) = false)
+#define FOREACH_IMPL_3(arg0, arg1, iterable)                             \
+  for (auto [CONCAT(run_loop_, __LINE__), iterable_xx, loop_header_yy,   \
+             loop_exit_xx, current_iterator_xx, arg0, arg1] =            \
+           Asm().ControlFlowHelper_Foreach(iterable);                    \
+       CONCAT(run_loop_, __LINE__);                                      \
+       Asm().ControlFlowHelper_EndForeachLoop(                           \
+           std::move(iterable_xx), loop_header_yy, loop_exit_xx,         \
+           current_iterator_xx),                                         \
+       CONCAT(run_loop_, __LINE__) = false)
+// TODO(nicohartmann): Add more `FOREACH_IMPL_N` versions when we see need.
+#define FOREACH(...)                                                  \
+    CONCAT(FOREACH_IMPL_, COUNT_MACRO_ARGS(__VA_ARGS__))(__VA_ARGS__)
 
 #define BREAK Asm().ControlFlowHelper_Goto(loop_exit_xx, {})
+// TODO(nicohartmann): CONTINUE currently doesn't work for FOREACH.
 #define CONTINUE Asm().ControlFlowHelper_Goto(loop_header_xx, {})
 
 #define GOTO(label, ...)                             \
diff --git a/deps/v8/src/compiler/turboshaft/fast-api-call-lowering-reducer.h b/deps/v8/src/compiler/turboshaft/fast-api-call-lowering-reducer.h
index 8e45e80a763f9c..0132bfc9f66216 100644
--- a/deps/v8/src/compiler/turboshaft/fast-api-call-lowering-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/fast-api-call-lowering-reducer.h
@@ -87,7 +87,7 @@ class FastApiCallLoweringReducer : public Next {
         // If this check fails, you've probably added new fields to
         // v8::FastApiCallbackOptions, which means you'll need to write code
         // that initializes and reads from them too.
-        static_assert(kSize == sizeof(uintptr_t) * 4);
+        static_assert(kSize == sizeof(uintptr_t) * 2);
         stack_slot = __ StackSlot(kSize, kAlign);
 
         // isolate
@@ -96,19 +96,11 @@ class FastApiCallLoweringReducer : public Next {
             __ ExternalConstant(ExternalReference::isolate_address()),
             MemoryRepresentation::UintPtr(),
             offsetof(v8::FastApiCallbackOptions, isolate));
-        // fallback = 0
-        __ StoreOffHeap(stack_slot, __ Word32Constant(0),
-                        MemoryRepresentation::Int32(),
-                        offsetof(v8::FastApiCallbackOptions, fallback));
         // data = data_argument
         OpIndex data_argument_to_pass = __ AdaptLocalArgument(data_argument);
         __ StoreOffHeap(stack_slot, data_argument_to_pass,
                         MemoryRepresentation::UintPtr(),
                         offsetof(v8::FastApiCallbackOptions, data));
-        // wasm_memory = 0
-        __ StoreOffHeap(stack_slot, __ IntPtrConstant(0),
-                        MemoryRepresentation::UintPtr(),
-                        offsetof(v8::FastApiCallbackOptions, wasm_memory));
 
         args.push_back(stack_slot);
         builder.AddParam(MachineType::Pointer());
@@ -136,13 +128,6 @@ class FastApiCallLoweringReducer : public Next {
       V<Object> fast_call_result =
           ConvertReturnValue(c_signature, c_call_result);
 
-      if (c_signature->HasOptions()) {
-        DCHECK(stack_slot.valid());
-        V<Word32> error = __ LoadOffHeap(
-            stack_slot, offsetof(v8::FastApiCallbackOptions, fallback),
-            MemoryRepresentation::Int32());
-        GOTO_IF(error, handle_error);
-      }
       GOTO(done, FastApiCallOp::kSuccessValue, fast_call_result);
       BIND(trigger_exception);
       __ template CallRuntime<
diff --git a/deps/v8/src/compiler/turboshaft/graph-builder.cc b/deps/v8/src/compiler/turboshaft/graph-builder.cc
index 5e2b7502c4c222..7da45c5010dc82 100644
--- a/deps/v8/src/compiler/turboshaft/graph-builder.cc
+++ b/deps/v8/src/compiler/turboshaft/graph-builder.cc
@@ -6,11 +6,11 @@
 
 #include <limits>
 #include <numeric>
+#include <optional>
 #include <string_view>
 
 #include "src/base/container-utils.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/safe_conversions.h"
 #include "src/base/small-vector.h"
 #include "src/base/vector.h"
@@ -83,7 +83,7 @@ struct GraphBuilder {
   ZoneVector<BlockData> block_mapping{schedule.RpoBlockCount(), phase_zone};
   bool inside_region = false;
 
-  base::Optional<BailoutReason> Run();
+  std::optional<BailoutReason> Run();
   AssemblerT& Asm() { return assembler; }
 
  private:
@@ -220,11 +220,11 @@ struct GraphBuilder {
   OpIndex Process(Node* node, BasicBlock* block,
                   const base::SmallVector<int, 16>& predecessor_permutation,
                   OpIndex& dominating_frame_state,
-                  base::Optional<BailoutReason>* bailout,
+                  std::optional<BailoutReason>* bailout,
                   bool is_final_control = false);
 };
 
-base::Optional<BailoutReason> GraphBuilder::Run() {
+std::optional<BailoutReason> GraphBuilder::Run() {
   for (BasicBlock* block : *schedule.rpo_order()) {
     block_mapping[block->rpo_number()].block =
         block->IsLoopHeader() ? __ NewLoopHeader() : __ NewBlock();
@@ -260,7 +260,7 @@ base::Optional<BailoutReason> GraphBuilder::Run() {
         }
       }
     }
-    base::Optional<BailoutReason> bailout = base::nullopt;
+    std::optional<BailoutReason> bailout = std::nullopt;
     for (Node* node : *block->nodes()) {
       if (V8_UNLIKELY(node->InputCount() >=
                       int{std::numeric_limits<
@@ -332,13 +332,13 @@ base::Optional<BailoutReason> GraphBuilder::Run() {
     }
   }
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
 OpIndex GraphBuilder::Process(
     Node* node, BasicBlock* block,
     const base::SmallVector<int, 16>& predecessor_permutation,
-    OpIndex& dominating_frame_state, base::Optional<BailoutReason>* bailout,
+    OpIndex& dominating_frame_state, std::optional<BailoutReason>* bailout,
     bool is_final_control) {
   if (Asm().current_block() == nullptr) {
     return OpIndex::Invalid();
@@ -431,6 +431,8 @@ OpIndex GraphBuilder::Process(
       return __ HeapConstant(HeapConstantOf(op));
     case IrOpcode::kCompressedHeapConstant:
       return __ CompressedHeapConstant(HeapConstantOf(op));
+    case IrOpcode::kTrustedHeapConstant:
+      return __ TrustedHeapConstant(HeapConstantOf(op));
     case IrOpcode::kExternalConstant:
       return __ ExternalConstant(OpParameter<ExternalReference>(op));
     case IrOpcode::kRelocatableInt64Constant:
@@ -616,6 +618,8 @@ OpIndex GraphBuilder::Process(
       UNARY_CASE(SignExtendWord16ToInt32, Word32SignExtend16)
       UNARY_CASE(SignExtendWord8ToInt64, Word64SignExtend8)
       UNARY_CASE(SignExtendWord16ToInt64, Word64SignExtend16)
+      UNARY_CASE(Int32AbsWithOverflow, Int32AbsCheckOverflow)
+      UNARY_CASE(Int64AbsWithOverflow, Int64AbsCheckOverflow)
 
       UNARY_CASE(Float32Abs, Float32Abs)
       UNARY_CASE(Float64Abs, Float64Abs)
@@ -746,8 +750,32 @@ OpIndex GraphBuilder::Process(
     }
     case IrOpcode::kBitcastTaggedToWord:
       return __ BitcastTaggedToWordPtr(Map(node->InputAt(0)));
-    case IrOpcode::kBitcastWordToTagged:
+    case IrOpcode::kBitcastWordToTagged: {
+      V<WordPtr> input = Map(node->InputAt(0));
+      if (V8_UNLIKELY(pipeline_kind == TurboshaftPipelineKind::kCSA)) {
+        // TODO(nicohartmann@): This is currently required to properly compile
+        // builtins. We should fix them and remove this.
+        if (LoadOp* load = __ output_graph().Get(input).TryCast<LoadOp>()) {
+          CHECK_EQ(2, node->InputAt(0)->UseCount());
+          CHECK(base::all_equal(node->InputAt(0)->uses(), node));
+          // CSA produces the pattern
+          //   BitcastWordToTagged(Load<RawPtr>(...))
+          // which is not safe to translate to Turboshaft, because
+          // LateLoadElimination can potentially merge this with an identical
+          // untagged load that would be unsound in presence of a GC.
+          CHECK(load->loaded_rep == MemoryRepresentation::UintPtr() ||
+                load->loaded_rep == (Is64() ? MemoryRepresentation::Int64()
+                                            : MemoryRepresentation::Int32()));
+          CHECK_EQ(load->result_rep, RegisterRepresentation::WordPtr());
+          // In this case we turn the load into a tagged load directly...
+          load->loaded_rep = MemoryRepresentation::UncompressedTaggedPointer();
+          load->result_rep = RegisterRepresentation::Tagged();
+          // ... and skip the bitcast.
+          return input;
+        }
+      }
       return __ BitcastWordPtrToTagged(Map(node->InputAt(0)));
+    }
     case IrOpcode::kNumberIsFinite:
       return __ Float64Is(Map(node->InputAt(0)), NumericKind::kFinite);
     case IrOpcode::kNumberIsInteger:
@@ -1294,7 +1322,7 @@ OpIndex GraphBuilder::Process(
             node->InputAt(static_cast<int>(call_descriptor->InputCount()))};
         frame_state_idx = Map(frame_state);
       }
-      base::Optional<decltype(assembler)::CatchScope> catch_scope;
+      std::optional<decltype(assembler)::CatchScope> catch_scope;
       if (is_final_control) {
         Block* catch_block = Map(block->SuccessorAt(1));
         catch_scope.emplace(assembler, catch_block);
@@ -1576,7 +1604,7 @@ OpIndex GraphBuilder::Process(
 
       auto type_opt =
           Type::ParseFromString(std::string_view{pattern.get()}, graph_zone);
-      if (type_opt == base::nullopt) {
+      if (type_opt == std::nullopt) {
         FATAL(
             "String '%s' (of %d:CheckTurboshaftTypeOf) is not a valid type "
             "description!",
@@ -1952,7 +1980,7 @@ OpIndex GraphBuilder::Process(
         slow_call_arguments.push_back(Map(n.SlowCallArgument(i)));
       }
 
-      base::Optional<decltype(assembler)::CatchScope> catch_scope;
+      std::optional<decltype(assembler)::CatchScope> catch_scope;
       if (is_final_control) {
         Block* catch_block = Map(block->SuccessorAt(1));
         catch_scope.emplace(assembler, catch_block);
@@ -2063,7 +2091,7 @@ OpIndex GraphBuilder::Process(
       V<TurbofanType> allocated_type;
       {
         DCHECK(isolate->CurrentLocalHeap()->is_main_thread());
-        base::Optional<UnparkedScope> unparked_scope;
+        std::optional<UnparkedScope> unparked_scope;
         if (isolate->CurrentLocalHeap()->IsParked()) {
           unparked_scope.emplace(isolate->main_thread_local_isolate());
         }
@@ -2415,8 +2443,8 @@ OpIndex GraphBuilder::Process(
 
 }  // namespace
 
-base::Optional<BailoutReason> BuildGraph(PipelineData* data, Schedule* schedule,
-                                         Zone* phase_zone, Linkage* linkage) {
+std::optional<BailoutReason> BuildGraph(PipelineData* data, Schedule* schedule,
+                                        Zone* phase_zone, Linkage* linkage) {
   GraphBuilder builder{data, phase_zone, *schedule, linkage};
 #if DEBUG
   data->graph().SetCreatedFromTurbofan();
diff --git a/deps/v8/src/compiler/turboshaft/graph-builder.h b/deps/v8/src/compiler/turboshaft/graph-builder.h
index 36c278180698fc..f506fba86ef21e 100644
--- a/deps/v8/src/compiler/turboshaft/graph-builder.h
+++ b/deps/v8/src/compiler/turboshaft/graph-builder.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_GRAPH_BUILDER_H_
 #define V8_COMPILER_TURBOSHAFT_GRAPH_BUILDER_H_
 
+#include <optional>
+
 #include "src/codegen/bailout-reason.h"
 #include "src/compiler/node-origin-table.h"
 #include "src/compiler/turboshaft/graph.h"
@@ -15,8 +17,8 @@ class SourcePositionTable;
 }
 namespace v8::internal::compiler::turboshaft {
 class PipelineData;
-base::Optional<BailoutReason> BuildGraph(PipelineData* data, Schedule* schedule,
-                                         Zone* phase_zone, Linkage* linkage);
+std::optional<BailoutReason> BuildGraph(PipelineData* data, Schedule* schedule,
+                                        Zone* phase_zone, Linkage* linkage);
 }
 
 #endif  // V8_COMPILER_TURBOSHAFT_GRAPH_BUILDER_H_
diff --git a/deps/v8/src/compiler/turboshaft/graph-visualizer.h b/deps/v8/src/compiler/turboshaft/graph-visualizer.h
index af958537056257..dfba57b2292bf4 100644
--- a/deps/v8/src/compiler/turboshaft/graph-visualizer.h
+++ b/deps/v8/src/compiler/turboshaft/graph-visualizer.h
@@ -32,7 +32,8 @@ class JSONTurboshaftGraphWriter {
                             NodeOriginTable* origins, Zone* zone);
 
   JSONTurboshaftGraphWriter(const JSONTurboshaftGraphWriter&) = delete;
-  JSONTurboshaftGraphWriter& operator=(const JSONTurboshaftGraphWriter&) = delete;
+  JSONTurboshaftGraphWriter& operator=(const JSONTurboshaftGraphWriter&) =
+      delete;
 
   void Print();
 
diff --git a/deps/v8/src/compiler/turboshaft/index.h b/deps/v8/src/compiler/turboshaft/index.h
index b61894256ac67a..7da0af633f57ce 100644
--- a/deps/v8/src/compiler/turboshaft/index.h
+++ b/deps/v8/src/compiler/turboshaft/index.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_INDEX_H_
 
 #include <cstddef>
+#include <optional>
 #include <type_traits>
 
 #include "src/base/logging.h"
@@ -23,11 +24,6 @@
 
 namespace v8::internal::compiler::turboshaft {
 
-namespace detail {
-template <typename T>
-struct lazy_false : std::false_type {};
-}  // namespace detail
-
 // Operations are stored in possibly muliple sequential storage slots.
 using OperationStorageSlot = std::aligned_storage_t<8, 8>;
 // Operations occupy at least 2 slots, therefore we assign one id per two slots.
@@ -56,7 +52,7 @@ class OpIndex {
   constexpr OpIndex() : offset_(std::numeric_limits<uint32_t>::max()) {}
   template <typename T, typename C>
   OpIndex(const ConstOrV<T, C>&) {  // NOLINT(runtime/explicit)
-    static_assert(detail::lazy_false<T>::value,
+    static_assert(base::tmp::lazy_false<T>::value,
                   "Cannot initialize OpIndex from ConstOrV<>. Did you forget "
                   "to resolve() it in the assembler?");
   }
@@ -655,6 +651,10 @@ class OptionalV : public OptionalOpIndex {
   OptionalV(U index) : OptionalOpIndex(index) {}  // NOLINT(runtime/explicit)
 };
 
+// Deduction guide for `OptionalV`.
+template <typename T>
+OptionalV(V<T>) -> OptionalV<T>;
+
 // ConstOrV<> is a generalization of V<> that allows constexpr values
 // (constants) to be passed implicitly. This allows reducers to write things
 // like
@@ -707,10 +707,14 @@ class ConstOrV {
       : constant_value_(), value_(index) {}
 
  private:
-  base::Optional<constant_type> constant_value_;
+  std::optional<constant_type> constant_value_;
   V<type> value_;
 };
 
+// Deduction guide for `ConstOrV`.
+template <typename T>
+ConstOrV(V<T>) -> ConstOrV<T>;
+
 template <>
 struct fast_hash<OpIndex> {
   V8_INLINE size_t operator()(OpIndex op) const { return op.hash(); }
diff --git a/deps/v8/src/compiler/turboshaft/instruction-selection-phase.cc b/deps/v8/src/compiler/turboshaft/instruction-selection-phase.cc
index 6f634e443f60ed..ba22d44abba231 100644
--- a/deps/v8/src/compiler/turboshaft/instruction-selection-phase.cc
+++ b/deps/v8/src/compiler/turboshaft/instruction-selection-phase.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/turboshaft/instruction-selection-phase.h"
 
+#include <optional>
+
 #include "src/builtins/profile-data-reader.h"
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/compiler/backend/instruction-selector-impl.h"
@@ -324,7 +326,7 @@ void SpecialRPOSchedulingPhase::Run(PipelineData* data, Zone* temp_zone) {
   PropagateDeferred(graph);
 }
 
-base::Optional<BailoutReason> InstructionSelectionPhase::Run(
+std::optional<BailoutReason> InstructionSelectionPhase::Run(
     PipelineData* data, Zone* temp_zone, const CallDescriptor* call_descriptor,
     Linkage* linkage, CodeTracer* code_tracer) {
   Graph& graph = data->graph();
@@ -354,12 +356,12 @@ base::Optional<BailoutReason> InstructionSelectionPhase::Run(
       data->info()->trace_turbo_json()
           ? InstructionSelector::kEnableTraceTurboJson
           : InstructionSelector::kDisableTraceTurboJson);
-  if (base::Optional<BailoutReason> bailout = selector.SelectInstructions()) {
+  if (std::optional<BailoutReason> bailout = selector.SelectInstructions()) {
     return bailout;
   }
   TraceSequence(data->info(), data->sequence(), data->broker(), code_tracer,
                 "after instruction selection");
-  return base::nullopt;
+  return std::nullopt;
 }
 
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/src/compiler/turboshaft/instruction-selection-phase.h b/deps/v8/src/compiler/turboshaft/instruction-selection-phase.h
index 069eee09d62a93..1c72bc8a663399 100644
--- a/deps/v8/src/compiler/turboshaft/instruction-selection-phase.h
+++ b/deps/v8/src/compiler/turboshaft/instruction-selection-phase.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_INSTRUCTION_SELECTION_PHASE_H_
 #define V8_COMPILER_TURBOSHAFT_INSTRUCTION_SELECTION_PHASE_H_
 
+#include <optional>
+
 #include "src/compiler/turboshaft/phase.h"
 
 namespace v8::internal {
@@ -126,9 +128,9 @@ struct InstructionSelectionPhase {
   DECL_TURBOSHAFT_PHASE_CONSTANTS(InstructionSelection)
   static constexpr bool kOutputIsTraceableGraph = false;
 
-  base::Optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone,
-                                    const CallDescriptor* call_descriptor,
-                                    Linkage* linkage, CodeTracer* code_tracer);
+  std::optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone,
+                                   const CallDescriptor* call_descriptor,
+                                   Linkage* linkage, CodeTracer* code_tracer);
 };
 
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/src/compiler/turboshaft/int64-lowering-reducer.h b/deps/v8/src/compiler/turboshaft/int64-lowering-reducer.h
index 3867294ca3300e..bb86a65cf3a9b9 100644
--- a/deps/v8/src/compiler/turboshaft/int64-lowering-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/int64-lowering-reducer.h
@@ -548,7 +548,7 @@ class Int64LoweringReducer : public Next {
         builder.AddInput(data->machine_types[machine_type_index], inputs[i]);
       }
     }
-    Zone* zone = Asm().data()->shared_zone();
+    Zone* zone = Asm().data()->compilation_zone();
     auto* function_info_lowered = zone->New<compiler::FrameStateFunctionInfo>(
         compiler::FrameStateType::kLiftoffFunction, lowered_parameter_count,
         function_info->max_arguments(), lowered_local_count,
diff --git a/deps/v8/src/compiler/turboshaft/late-load-elimination-reducer.h b/deps/v8/src/compiler/turboshaft/late-load-elimination-reducer.h
index dce5af3a39207e..f5b9a8da010e99 100644
--- a/deps/v8/src/compiler/turboshaft/late-load-elimination-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/late-load-elimination-reducer.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_LATE_LOAD_ELIMINATION_REDUCER_H_
 #define V8_COMPILER_TURBOSHAFT_LATE_LOAD_ELIMINATION_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/doubly-threaded-list.h"
 #include "src/compiler/turboshaft/analyzer-iterator.h"
 #include "src/compiler/turboshaft/assembler.h"
@@ -725,7 +727,7 @@ class V8_EXPORT_PRIVATE LateLoadEliminationAnalyzer {
     MapSnapshot maps_snapshot;
     MemorySnapshot memory_snapshot;
   };
-  FixedBlockSidetable<base::Optional<Snapshot>> block_to_snapshot_mapping_;
+  FixedBlockSidetable<std::optional<Snapshot>> block_to_snapshot_mapping_;
 
   // {predecessor_alias_napshots_}, {predecessor_maps_snapshots_} and
   // {predecessor_memory_snapshots_} are used as temporary vectors when starting
diff --git a/deps/v8/src/compiler/turboshaft/layered-hash-map.h b/deps/v8/src/compiler/turboshaft/layered-hash-map.h
index 6c5eaa566a32c1..e6145bee7eb89d 100644
--- a/deps/v8/src/compiler/turboshaft/layered-hash-map.h
+++ b/deps/v8/src/compiler/turboshaft/layered-hash-map.h
@@ -8,9 +8,9 @@
 #include <cstddef>
 #include <iostream>
 #include <limits>
+#include <optional>
 
 #include "src/base/bits.h"
-#include "src/base/optional.h"
 #include "src/compiler/turboshaft/fast-hash.h"
 #include "src/zone/zone-containers.h"
 
@@ -45,7 +45,7 @@ class LayeredHashMap {
 
   void InsertNewKey(Key key, Value value);
   bool Contains(Key key);
-  base::Optional<Value> Get(Key key);
+  std::optional<Value> Get(Key key);
 
  private:
   struct Entry {
@@ -126,9 +126,9 @@ void LayeredHashMap<Key, Value>::InsertNewKey(Key key, Value value) {
 }
 
 template <class Key, class Value>
-base::Optional<Value> LayeredHashMap<Key, Value>::Get(Key key) {
+std::optional<Value> LayeredHashMap<Key, Value>::Get(Key key) {
   Entry* destination = FindEntryForKey(key, ComputeHash(key));
-  if (destination->hash == 0) return base::nullopt;
+  if (destination->hash == 0) return std::nullopt;
   return destination->value;
 }
 
diff --git a/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.cc b/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.cc
index 0c912154bb7e69..65fe8762da2156 100644
--- a/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.cc
+++ b/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/turboshaft/loop-unrolling-reducer.h"
 
+#include <optional>
+
 #include "src/base/bits.h"
 #include "src/compiler/turboshaft/index.h"
 #include "src/compiler/turboshaft/loop-finder.h"
@@ -290,9 +292,9 @@ std::ostream& operator<<(std::ostream& os, const BinOp& binop) {
 namespace {
 
 template <class Int>
-base::Optional<Int> Next(Int val, Int incr,
-                         StaticCanonicalForLoopMatcher::BinOp binop_op,
-                         WordRepresentation binop_rep) {
+std::optional<Int> Next(Int val, Int incr,
+                        StaticCanonicalForLoopMatcher::BinOp binop_op,
+                        WordRepresentation binop_rep) {
   switch (binop_op) {
     case BinOp::kBitwiseAnd:
       return val & incr;
@@ -310,14 +312,14 @@ base::Optional<Int> Next(Int val, Int incr,
       int32_t res;                                                            \
       if (base::bits::Signed##op##Overflow32(                                 \
               static_cast<int32_t>(val), static_cast<int32_t>(incr), &res)) { \
-        return base::nullopt;                                                 \
+        return std::nullopt;                                                  \
       }                                                                       \
       return static_cast<Int>(res);                                           \
     } else {                                                                  \
       DCHECK_EQ(binop_rep, WordRepresentation::Word64());                     \
       int64_t res;                                                            \
       if (base::bits::Signed##op##Overflow64(val, incr, &res)) {              \
-        return base::nullopt;                                                 \
+        return std::nullopt;                                                  \
       }                                                                       \
       return static_cast<Int>(res);                                           \
     }                                                                         \
diff --git a/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.h b/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.h
index 4888e126784273..4cc168267649a4 100644
--- a/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/loop-unrolling-reducer.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_LOOP_UNROLLING_REDUCER_H_
 #define V8_COMPILER_TURBOSHAFT_LOOP_UNROLLING_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/logging.h"
 #include "src/compiler/globals.h"
 #include "src/compiler/turboshaft/assembler.h"
@@ -460,7 +462,7 @@ class LoopUnrollingReducer : public Next {
     return __ data() -> pipeline_kind() == TurboshaftPipelineKind::kCSA;
   }
   bool StopUnrollingIfUnreachable(
-      base::Optional<Block*> output_graph_header = base::nullopt) {
+      std::optional<Block*> output_graph_header = std::nullopt) {
     if (__ generating_unreachable_operations()) {
       // By unrolling the loop, we realized that it was actually exiting early
       // (probably because a Branch inside the loop was using a loop Phi in a
diff --git a/deps/v8/src/compiler/turboshaft/machine-lowering-reducer-inl.h b/deps/v8/src/compiler/turboshaft/machine-lowering-reducer-inl.h
index 2a35d8f55b64bf..5268754515a791 100644
--- a/deps/v8/src/compiler/turboshaft/machine-lowering-reducer-inl.h
+++ b/deps/v8/src/compiler/turboshaft/machine-lowering-reducer-inl.h
@@ -5,8 +5,9 @@
 #ifndef V8_COMPILER_TURBOSHAFT_MACHINE_LOWERING_REDUCER_INL_H_
 #define V8_COMPILER_TURBOSHAFT_MACHINE_LOWERING_REDUCER_INL_H_
 
+#include <optional>
+
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/codegen/external-reference.h"
 #include "src/codegen/machine-type.h"
 #include "src/common/globals.h"
@@ -285,6 +286,22 @@ class MachineLoweringReducer : public Next {
           GOTO_IF(UNLIKELY(__ IsSmi(input)), done, 0);
         }
 
+#if V8_STATIC_ROOTS_BOOL
+        // Fast check for NullOrUndefined before loading the map, if helpful.
+        V<Word32> is_null_or_undefined;
+        if (kind == ObjectIsOp::Kind::kReceiverOrNullOrUndefined) {
+          static_assert(StaticReadOnlyRoot::kFirstAllocatedRoot ==
+                        StaticReadOnlyRoot::kUndefinedValue);
+          static_assert(StaticReadOnlyRoot::kUndefinedValue +
+                            sizeof(Undefined) ==
+                        StaticReadOnlyRoot::kNullValue);
+          is_null_or_undefined = __ Uint32LessThanOrEqual(
+              __ TruncateWordPtrToWord32(
+                  __ BitcastHeapObjectToWordPtr(V<HeapObject>::Cast(input))),
+              __ Word32Constant(StaticReadOnlyRoot::kNullValue));
+        }
+#endif  // V8_STATIC_ROOTS_BOOL
+
         // Load bitfield from map.
         V<Map> map = __ LoadMapField(input);
         V<Word32> bitfield =
@@ -323,13 +340,9 @@ class MachineLoweringReducer : public Next {
             break;
           case ObjectIsOp::Kind::kReceiverOrNullOrUndefined: {
 #if V8_STATIC_ROOTS_BOOL
-            V<Word32> check0 = JSAnyIsNotPrimitiveHeapObject(input, map);
-            V<Word32> check1 = __ TaggedEqual(
-                input, __ HeapConstant(factory_->undefined_value()));
-            V<Word32> check2 =
-                __ TaggedEqual(input, __ HeapConstant(factory_->null_value()));
-            check =
-                __ Word32BitwiseOr(check0, __ Word32BitwiseOr(check1, check2));
+            V<Word32> is_non_primitive =
+                JSAnyIsNotPrimitiveHeapObject(input, map);
+            check = __ Word32BitwiseOr(is_null_or_undefined, is_non_primitive);
 #else
             static_assert(LAST_PRIMITIVE_HEAP_OBJECT_TYPE == ODDBALL_TYPE);
             static_assert(LAST_TYPE == LAST_JS_RECEIVER_TYPE);
@@ -415,7 +428,7 @@ class MachineLoweringReducer : public Next {
         GOTO(done,
              __ Uint32LessThanOrEqual(
                  __ TruncateWordPtrToWord32(__ BitcastHeapObjectToWordPtr(map)),
-                 __ Word32Constant(InstanceTypeChecker::kLastStringMap)));
+                 __ Word32Constant(InstanceTypeChecker::kStringMapUpperBound)));
 
         BIND(done, result);
         return result;
@@ -636,8 +649,7 @@ class MachineLoweringReducer : public Next {
         __ TaggedEqual(map, __ HeapConstant(factory_->heap_number_map())), done,
         0);
 
-    V<Float64> value = __ template LoadField<Float64>(
-        input, AccessBuilder::ForHeapNumberValue());
+    V<Float64> value = __ LoadHeapNumberValue(V<HeapNumber>::Cast(input));
     GOTO(done, __ Float64Is(value, kind));
 
     BIND(done, result);
@@ -1016,8 +1028,7 @@ class MachineLoweringReducer : public Next {
               __ ConvertPlainPrimitiveToNumber(V<PlainPrimitive>::Cast(object));
           GOTO_IF(__ ObjectIsSmi(number), done,
                   __ UntagSmi(V<Smi>::Cast(number)));
-          V<Float64> f64 = __ template LoadField<Float64>(
-              V<HeapNumber>::Cast(number), AccessBuilder::ForHeapNumberValue());
+          V<Float64> f64 = __ LoadHeapNumberValue(V<HeapNumber>::Cast(number));
           GOTO(done, __ JSTruncateFloat64ToWord32(f64));
           BIND(done, result);
           return result;
@@ -1092,8 +1103,7 @@ class MachineLoweringReducer : public Next {
               __ ConvertPlainPrimitiveToNumber(V<PlainPrimitive>::Cast(object));
           GOTO_IF(__ ObjectIsSmi(number), done,
                   __ ChangeInt32ToFloat64(__ UntagSmi(V<Smi>::Cast(number))));
-          V<Float64> f64 = __ template LoadField<Float64>(
-              V<HeapNumber>::Cast(number), AccessBuilder::ForHeapNumberValue());
+          V<Float64> f64 = __ LoadHeapNumberValue(V<HeapNumber>::Cast(number));
           GOTO(done, f64);
           BIND(done, result);
           return result;
@@ -1129,8 +1139,8 @@ class MachineLoweringReducer : public Next {
                 __ TaggedEqual(map,
                                __ HeapConstant(factory_->heap_number_map())),
                 frame_state, DeoptimizeReason::kNotAHeapNumber, feedback);
-            V<Float64> heap_number_value = __ template LoadField<Float64>(
-                object, AccessBuilder::ForHeapNumberValue());
+            V<Float64> heap_number_value =
+                __ LoadHeapNumberValue(V<HeapNumber>::Cast(object));
 
             GOTO(done,
                  __ ChangeFloat64ToInt32OrDeopt(heap_number_value, frame_state,
@@ -1154,8 +1164,8 @@ class MachineLoweringReducer : public Next {
           __ DeoptimizeIfNot(
               __ TaggedEqual(map, __ HeapConstant(factory_->heap_number_map())),
               frame_state, DeoptimizeReason::kNotAHeapNumber, feedback);
-          V<Float64> heap_number_value = __ template LoadField<Float64>(
-              object, AccessBuilder::ForHeapNumberValue());
+          V<Float64> heap_number_value =
+              __ LoadHeapNumberValue(V<HeapNumber>::Cast(object));
           GOTO(done,
                __ ChangeFloat64ToInt64OrDeopt(heap_number_value, frame_state,
                                               minus_zero_mode, feedback));
@@ -1192,8 +1202,8 @@ class MachineLoweringReducer : public Next {
           V<Map> map = __ LoadMapField(object);
           IF (LIKELY(__ TaggedEqual(
                   map, __ HeapConstant(factory_->heap_number_map())))) {
-            V<Float64> heap_number_value = __ template LoadField<Float64>(
-                object, AccessBuilder::ForHeapNumberValue());
+            V<Float64> heap_number_value =
+                __ LoadHeapNumberValue(V<HeapNumber>::Cast(object));
             // Perform Turbofan's "CheckedFloat64ToIndex"
             {
               if constexpr (Is64()) {
@@ -1231,7 +1241,7 @@ class MachineLoweringReducer : public Next {
 #if V8_STATIC_ROOTS_BOOL
             V<Word32> is_string_map = __ Uint32LessThanOrEqual(
                 __ TruncateWordPtrToWord32(__ BitcastHeapObjectToWordPtr(map)),
-                __ Word32Constant(InstanceTypeChecker::kLastStringMap));
+                __ Word32Constant(InstanceTypeChecker::kStringMapUpperBound));
 #else
             V<Word32> instance_type = __ LoadInstanceTypeField(map);
             V<Word32> is_string_map =
@@ -1334,6 +1344,8 @@ class MachineLoweringReducer : public Next {
         // Undefined is the first root, so it's the smallest possible pointer
         // value, which means we don't have to subtract it for the range check.
         ReadOnlyRoots roots(isolate_);
+        static_assert(StaticReadOnlyRoot::kFirstAllocatedRoot ==
+                      StaticReadOnlyRoot::kUndefinedValue);
         static_assert(StaticReadOnlyRoot::kUndefinedValue + sizeof(Undefined) ==
                       StaticReadOnlyRoot::kNullValue);
         static_assert(StaticReadOnlyRoot::kNullValue + sizeof(Null) ==
@@ -1396,8 +1408,8 @@ class MachineLoweringReducer : public Next {
                 map, __ HeapConstant(factory_->heap_number_map())))) {
           // For HeapNumber {object}, just check that its value is not 0.0, -0.0
           // or NaN.
-          V<Float64> number_value = __ template LoadField<Float64>(
-              object, AccessBuilder::ForHeapNumberValue());
+          V<Float64> number_value =
+              __ LoadHeapNumberValue(V<HeapNumber>::Cast(object));
           GOTO(done, __ Float64LessThan(0.0, __ Float64Abs(number_value)));
         }
 
@@ -1721,8 +1733,7 @@ class MachineLoweringReducer : public Next {
             __ TaggedEqual(map, __ HeapConstant(factory_->heap_number_map())),
             done, field);
 
-        V<Float64> value = __ template LoadField<Float64>(
-            field, AccessBuilder::ForHeapNumberValue());
+        V<Float64> value = __ LoadHeapNumberValue(V<HeapNumber>::Cast(field));
         GOTO(done, AllocateHeapNumberWithValue(value));
       }
     }
@@ -2078,6 +2089,8 @@ class MachineLoweringReducer : public Next {
         }
       }
 
+      Label<> seq_string(this), external_string(this), cons_string(this),
+          sliced_string(this), thin_string(this);
       // TODO(dmercadier): the runtime label should be deferred, and because
       // Labels/Blocks don't have deferred annotation, we achieve this by
       // marking all branches to this Label as UNLIKELY, but 1) it's easy to
@@ -2094,85 +2107,142 @@ class MachineLoweringReducer : public Next {
 
       BIND_LOOP(loop) {
         V<Map> map = __ LoadMapField(receiver);
+#if V8_STATIC_ROOTS_BOOL
+        V<Word32> map_bits =
+            __ TruncateWordPtrToWord32(__ BitcastTaggedToWordPtr(map));
+
+        using StringTypeRange =
+            InstanceTypeChecker::kUniqueMapRangeOfStringType;
+        // Check the string map ranges in dense increasing order, to avoid
+        // needing to subtract away the lower bound.
+        static_assert(StringTypeRange::kSeqString.first == 0);
+        GOTO_IF(__ Uint32LessThanOrEqual(map_bits,
+                                         StringTypeRange::kSeqString.second),
+                seq_string);
+
+        static_assert(StringTypeRange::kSeqString.second + Map::kSize ==
+                      StringTypeRange::kExternalString.first);
+        GOTO_IF(__ Uint32LessThanOrEqual(
+                    map_bits, StringTypeRange::kExternalString.second),
+                external_string);
+
+        static_assert(StringTypeRange::kExternalString.second + Map::kSize ==
+                      StringTypeRange::kConsString.first);
+        GOTO_IF(__ Uint32LessThanOrEqual(map_bits,
+                                         StringTypeRange::kConsString.second),
+                cons_string);
+
+        static_assert(StringTypeRange::kConsString.second + Map::kSize ==
+                      StringTypeRange::kSlicedString.first);
+        GOTO_IF(__ Uint32LessThanOrEqual(map_bits,
+                                         StringTypeRange::kSlicedString.second),
+                sliced_string);
+
+        static_assert(StringTypeRange::kSlicedString.second + Map::kSize ==
+                      StringTypeRange::kThinString.first);
+        GOTO_IF(__ Uint32LessThanOrEqual(map_bits,
+                                         StringTypeRange::kThinString.second),
+                thin_string);
+#else
         V<Word32> instance_type = __ LoadInstanceTypeField(map);
         V<Word32> representation =
             __ Word32BitwiseAnd(instance_type, kStringRepresentationMask);
 
-        IF (__ Int32LessThanOrEqual(representation, kConsStringTag)) {
-          {
-            // if_lessthanoreq_cons
-            IF (__ Word32Equal(representation, kConsStringTag)) {
-              // if_consstring
-              V<String> second = __ template LoadField<String>(
-                  receiver, AccessBuilder::ForConsStringSecond());
-              GOTO_IF_NOT(
-                  LIKELY(__ TaggedEqual(
-                      second, __ HeapConstant(factory_->empty_string()))),
-                  runtime);
-              receiver = __ template LoadField<String>(
-                  receiver, AccessBuilder::ForConsStringFirst());
-              GOTO(loop);
-            } ELSE {
-              // if_seqstring
-              V<Word32> onebyte = __ Word32Equal(
-                  __ Word32BitwiseAnd(instance_type, kStringEncodingMask),
-                  kOneByteStringTag);
-              GOTO(done, LoadFromSeqString(receiver, position, onebyte));
-            }
+        GOTO_IF(__ Word32Equal(representation, kSeqStringTag), seq_string);
+        GOTO_IF(__ Word32Equal(representation, kExternalStringTag),
+                external_string);
+        GOTO_IF(__ Word32Equal(representation, kConsStringTag), cons_string);
+        GOTO_IF(__ Word32Equal(representation, kSlicedStringTag),
+                sliced_string);
+        GOTO_IF(__ Word32Equal(representation, kThinStringTag), thin_string);
+#endif
+
+        __ Unreachable();
+
+        if (BIND(seq_string)) {
+#if V8_STATIC_ROOTS_BOOL
+          V<Word32> is_one_byte = __ Word32Equal(
+              __ Word32BitwiseAnd(map_bits,
+                                  InstanceTypeChecker::kStringMapEncodingMask),
+              InstanceTypeChecker::kOneByteStringMapBit);
+#else
+          V<Word32> is_one_byte = __ Word32Equal(
+              __ Word32BitwiseAnd(instance_type, kStringEncodingMask),
+              kOneByteStringTag);
+#endif
+          GOTO(done, LoadFromSeqString(receiver, position, is_one_byte));
+        }
+
+        if (BIND(external_string)) {
+          // We need to bailout to the runtime for uncached external
+          // strings.
+#if V8_STATIC_ROOTS_BOOL
+          V<Word32> is_uncached_external_string = __ Uint32LessThanOrEqual(
+              __ Word32Sub(map_bits,
+                           StringTypeRange::kUncachedExternalString.first),
+              StringTypeRange::kUncachedExternalString.second -
+                  StringTypeRange::kUncachedExternalString.first);
+#else
+          V<Word32> is_uncached_external_string = __ Word32Equal(
+              __ Word32BitwiseAnd(instance_type, kUncachedExternalStringMask),
+              kUncachedExternalStringTag);
+#endif
+          GOTO_IF(UNLIKELY(is_uncached_external_string), runtime);
+
+          OpIndex data = __ LoadField(
+              receiver, AccessBuilder::ForExternalStringResourceData());
+#if V8_STATIC_ROOTS_BOOL
+          V<Word32> is_two_byte = __ Word32Equal(
+              __ Word32BitwiseAnd(map_bits,
+                                  InstanceTypeChecker::kStringMapEncodingMask),
+              InstanceTypeChecker::kTwoByteStringMapBit);
+#else
+          V<Word32> is_two_byte = __ Word32Equal(
+              __ Word32BitwiseAnd(instance_type, kStringEncodingMask),
+              kTwoByteStringTag);
+#endif
+          IF (is_two_byte) {
+            constexpr uint8_t twobyte_size_log2 = 1;
+            V<Word32> value =
+                __ Load(data, position,
+                        LoadOp::Kind::Aligned(BaseTaggedness::kUntaggedBase),
+                        MemoryRepresentation::Uint16(), 0, twobyte_size_log2);
+            GOTO(done, value);
+          } ELSE {
+            constexpr uint8_t onebyte_size_log2 = 0;
+            V<Word32> value =
+                __ Load(data, position,
+                        LoadOp::Kind::Aligned(BaseTaggedness::kUntaggedBase),
+                        MemoryRepresentation::Uint8(), 0, onebyte_size_log2);
+            GOTO(done, value);
           }
-        } ELSE {
-          // if_greaterthan_cons
-          {
-            IF (__ Word32Equal(representation, kThinStringTag)) {
-              // if_thinstring
-              receiver = __ template LoadField<String>(
-                  receiver, AccessBuilder::ForThinStringActual());
-              GOTO(loop);
-            } ELSE IF (__ Word32Equal(representation, kExternalStringTag)) {
-              // if_externalstring
-              // We need to bailout to the runtime for uncached external
-              // strings.
-              GOTO_IF(UNLIKELY(__ Word32Equal(
-                          __ Word32BitwiseAnd(instance_type,
-                                              kUncachedExternalStringMask),
-                          kUncachedExternalStringTag)),
+        }
+
+        if (BIND(cons_string)) {
+          V<String> second = __ template LoadField<String>(
+              receiver, AccessBuilder::ForConsStringSecond());
+          GOTO_IF_NOT(LIKELY(__ TaggedEqual(
+                          second, __ HeapConstant(factory_->empty_string()))),
                       runtime);
+          receiver = __ template LoadField<String>(
+              receiver, AccessBuilder::ForConsStringFirst());
+          GOTO(loop);
+        }
 
-              OpIndex data = __ LoadField(
-                  receiver, AccessBuilder::ForExternalStringResourceData());
-              IF (__ Word32Equal(
-                      __ Word32BitwiseAnd(instance_type, kStringEncodingMask),
-                      kTwoByteStringTag)) {
-                // if_twobyte
-                constexpr uint8_t twobyte_size_log2 = 1;
-                V<Word32> value = __ Load(
-                    data, position,
-                    LoadOp::Kind::Aligned(BaseTaggedness::kUntaggedBase),
-                    MemoryRepresentation::Uint16(), 0, twobyte_size_log2);
-                GOTO(done, value);
-              } ELSE {
-                // if_onebyte
-                constexpr uint8_t onebyte_size_log2 = 0;
-                V<Word32> value = __ Load(
-                    data, position,
-                    LoadOp::Kind::Aligned(BaseTaggedness::kUntaggedBase),
-                    MemoryRepresentation::Uint8(), 0, onebyte_size_log2);
-                GOTO(done, value);
-              }
-            } ELSE IF (LIKELY(
-                          __ Word32Equal(representation, kSlicedStringTag))) {
-              // if_slicedstring
-              V<Smi> offset = __ template LoadField<Smi>(
-                  receiver, AccessBuilder::ForSlicedStringOffset());
-              receiver = __ template LoadField<String>(
-                  receiver, AccessBuilder::ForSlicedStringParent());
-              position = __ WordPtrAdd(
-                  position, __ ChangeInt32ToIntPtr(__ UntagSmi(offset)));
-              GOTO(loop);
-            } ELSE {
-              GOTO(runtime);
-            }
-          }
+        if (BIND(sliced_string)) {
+          V<Smi> offset = __ template LoadField<Smi>(
+              receiver, AccessBuilder::ForSlicedStringOffset());
+          receiver = __ template LoadField<String>(
+              receiver, AccessBuilder::ForSlicedStringParent());
+          position = __ WordPtrAdd(position,
+                                   __ ChangeInt32ToIntPtr(__ UntagSmi(offset)));
+          GOTO(loop);
+        }
+
+        if (BIND(thin_string)) {
+          receiver = __ template LoadField<String>(
+              receiver, AccessBuilder::ForThinStringActual());
+          GOTO(loop);
         }
 
         if (BIND(runtime)) {
@@ -2459,9 +2529,8 @@ class MachineLoweringReducer : public Next {
                 elements, AccessBuilder::ForFixedDoubleArrayElement(), index,
                 float_value);
           } ELSE {
-            V<Float64> float_value = __ template LoadField<Float64>(
-                V<HeapObject>::Cast(value),
-                AccessBuilder::ForHeapNumberValue());
+            V<Float64> float_value =
+                __ LoadHeapNumberValue(V<HeapNumber>::Cast(value));
             __ StoreNonArrayBufferElement(
                 elements, AccessBuilder::ForFixedDoubleArrayElement(), index,
                 __ Float64SilenceNaN(float_value));
@@ -3110,10 +3179,9 @@ class MachineLoweringReducer : public Next {
           } ELSE IF (__ TaggedEqual(
                         __ LoadMapField(candidate_key),
                         __ HeapConstant(factory_->heap_number_map()))) {
-            GOTO_IF(__ Float64Equal(
-                        __ template LoadField<Float64>(
-                            candidate_key, AccessBuilder::ForHeapNumberValue()),
-                        __ ChangeInt32ToFloat64(key)),
+            GOTO_IF(__ Float64Equal(__ LoadHeapNumberValue(
+                                        V<HeapNumber>::Cast(candidate_key)),
+                                    __ ChangeInt32ToFloat64(key)),
                     done, candidate);
           }
 
@@ -3279,7 +3347,6 @@ class MachineLoweringReducer : public Next {
                   WriteBarrierKind::kNoWriteBarrier,
                   SeqTwoByteString::SizeFor(length) - kObjectAlignment);
     // Initialize remaining fields.
-    DCHECK(RootsTable::IsImmortalImmovable(RootIndex::kSeqTwoByteStringMap));
     __ InitializeField(string, AccessBuilderTS::ForMap(),
                        __ SeqTwoByteStringMapConstant());
     __ InitializeField(string, AccessBuilderTS::ForStringLength(), length);
@@ -3383,31 +3450,64 @@ class MachineLoweringReducer : public Next {
       ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind input_kind,
       const FeedbackSource& feedback) {
     V<Map> map = __ LoadMapField(heap_object);
-    V<Word32> check_number =
-        __ TaggedEqual(map, __ HeapConstant(factory_->heap_number_map()));
     switch (input_kind) {
       case ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::kSmi:
       case ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::
           kNumberOrString:
         UNREACHABLE();
       case ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::kNumber: {
-        __ DeoptimizeIfNot(check_number, frame_state,
+        V<Word32> is_number =
+            __ TaggedEqual(map, __ HeapConstant(factory_->heap_number_map()));
+        __ DeoptimizeIfNot(is_number, frame_state,
                            DeoptimizeReason::kNotAHeapNumber, feedback);
         break;
       }
       case ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::
           kNumberOrBoolean: {
-        IF_NOT(check_number) {
+#if V8_STATIC_ROOTS_BOOL
+        // TODO(leszeks): Consider checking the boolean oddballs by value,
+        // before loading the map.
+        static_assert(StaticReadOnlyRoot::kBooleanMap + Map::kSize ==
+                      StaticReadOnlyRoot::kHeapNumberMap);
+        V<Word32> map_int32 =
+            __ TruncateWordPtrToWord32(__ BitcastHeapObjectToWordPtr(map));
+        V<Word32> is_in_range = __ Uint32LessThanOrEqual(
+            __ Word32Sub(map_int32,
+                         __ Word32Constant(StaticReadOnlyRoot::kBooleanMap)),
+            __ Word32Constant(StaticReadOnlyRoot::kHeapNumberMap -
+                              StaticReadOnlyRoot::kBooleanMap));
+        __ DeoptimizeIfNot(is_in_range, frame_state,
+                           DeoptimizeReason::kNotANumberOrBoolean, feedback);
+#else
+        IF_NOT (__ TaggedEqual(map,
+                               __ HeapConstant(factory_->heap_number_map()))) {
           __ DeoptimizeIfNot(
               __ TaggedEqual(map, __ HeapConstant(factory_->boolean_map())),
               frame_state, DeoptimizeReason::kNotANumberOrBoolean, feedback);
         }
+#endif
 
         break;
       }
       case ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::
           kNumberOrOddball: {
-        IF_NOT(check_number) {
+#if V8_STATIC_ROOTS_BOOL
+        constexpr auto kNumberOrOddballRange =
+            InstanceTypeChecker::UniqueMapRangeOfInstanceTypeRange(
+                HEAP_NUMBER_TYPE, ODDBALL_TYPE)
+                .value();
+        V<Word32> map_int32 =
+            __ TruncateWordPtrToWord32(__ BitcastHeapObjectToWordPtr(map));
+        V<Word32> is_in_range = __ Uint32LessThanOrEqual(
+            __ Word32Sub(map_int32,
+                         __ Word32Constant(kNumberOrOddballRange.first)),
+            __ Word32Constant(kNumberOrOddballRange.second -
+                              kNumberOrOddballRange.first));
+        __ DeoptimizeIfNot(is_in_range, frame_state,
+                           DeoptimizeReason::kNotANumberOrOddball, feedback);
+#else
+        IF_NOT (__ TaggedEqual(map,
+                               __ HeapConstant(factory_->heap_number_map()))) {
           // For oddballs also contain the numeric value, let us just check that
           // we have an oddball here.
           V<Word32> instance_type = __ LoadInstanceTypeField(map);
@@ -3415,6 +3515,7 @@ class MachineLoweringReducer : public Next {
                              frame_state,
                              DeoptimizeReason::kNotANumberOrOddball, feedback);
         }
+#endif
 
         break;
       }
@@ -3578,7 +3679,7 @@ class MachineLoweringReducer : public Next {
   Isolate* isolate_ = __ data() -> isolate();
   Factory* factory_ = isolate_ ? isolate_->factory() : nullptr;
   JSHeapBroker* broker_ = __ data() -> broker();
-  base::Optional<bool> undetectable_objects_protector_ = {};
+  std::optional<bool> undetectable_objects_protector_ = {};
 };
 
 #include "src/compiler/turboshaft/undef-assembler-macros.inc"
diff --git a/deps/v8/src/compiler/turboshaft/machine-optimization-reducer.h b/deps/v8/src/compiler/turboshaft/machine-optimization-reducer.h
index b4070bc1c97674..809ad3fa36df62 100644
--- a/deps/v8/src/compiler/turboshaft/machine-optimization-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/machine-optimization-reducer.h
@@ -9,6 +9,7 @@
 #include <cmath>
 #include <cstring>
 #include <limits>
+#include <optional>
 #include <type_traits>
 
 #include "include/v8-internal.h"
@@ -19,6 +20,7 @@
 #include "src/base/logging.h"
 #include "src/base/macros.h"
 #include "src/base/overflowing-math.h"
+#include "src/base/small-vector.h"
 #include "src/base/template-utils.h"
 #include "src/base/vector.h"
 #include "src/builtins/builtins.h"
@@ -37,6 +39,10 @@
 #include "src/handles/handles.h"
 #include "src/numbers/conversions.h"
 
+#if V8_ENABLE_WEBASSEMBLY
+#include "src/wasm/simd-shuffle.h"
+#endif
+
 namespace v8::internal::compiler::turboshaft {
 
 // ******************************** OVERVIEW ********************************
@@ -85,9 +91,9 @@ struct BitfieldCheck {
     CHECK_EQ(masked_value & ~mask, 0);
   }
 
-  static base::Optional<BitfieldCheck> Detect(const OperationMatcher& matcher,
-                                              const Graph& graph,
-                                              OpIndex index) {
+  static std::optional<BitfieldCheck> Detect(const OperationMatcher& matcher,
+                                             const Graph& graph,
+                                             OpIndex index) {
     // There are two patterns to check for here:
     // 1. Single-bit checks: `(val >> shift) & 1`, where:
     //    - the shift may be omitted, and/or
@@ -104,7 +110,7 @@ struct BitfieldCheck {
         if (matcher.MatchIntegralWord32Constant(left_and->right(), &mask) &&
             matcher.MatchIntegralWord32Constant(equal->right(),
                                                 &masked_value)) {
-          if ((masked_value & ~mask) != 0) return base::nullopt;
+          if ((masked_value & ~mask) != 0) return std::nullopt;
           if (const ChangeOp* truncate =
                   graph.Get(left_and->left())
                       .TryCast<Opmask::kTruncateWord64ToWord32>()) {
@@ -120,13 +126,13 @@ struct BitfieldCheck {
     } else {
       return TryDetectShiftAndMaskOneBit<Word32>(matcher, index);
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
-  base::Optional<BitfieldCheck> TryCombine(const BitfieldCheck& other) {
+  std::optional<BitfieldCheck> TryCombine(const BitfieldCheck& other) {
     if (source != other.source ||
         truncate_from_64_bit != other.truncate_from_64_bit) {
-      return base::nullopt;
+      return std::nullopt;
     }
     uint32_t overlapping_bits = mask & other.mask;
     // It would be kind of strange to have any overlapping bits, but they can be
@@ -134,7 +140,7 @@ struct BitfieldCheck {
     // positions.
     if ((masked_value & overlapping_bits) !=
         (other.masked_value & overlapping_bits)) {
-      return base::nullopt;
+      return std::nullopt;
     }
     return BitfieldCheck{source, mask | other.mask,
                          masked_value | other.masked_value,
@@ -143,7 +149,7 @@ struct BitfieldCheck {
 
  private:
   template <typename WordType>
-  static base::Optional<BitfieldCheck> TryDetectShiftAndMaskOneBit(
+  static std::optional<BitfieldCheck> TryDetectShiftAndMaskOneBit(
       const OperationMatcher& matcher, OpIndex index) {
     constexpr WordRepresentation Rep = V<WordType>::rep;
     // Look for the pattern `(val >> shift) & 1`. The shift may be omitted.
@@ -161,7 +167,7 @@ struct BitfieldCheck {
       }
       return BitfieldCheck{value, 1, 1, Rep == WordRepresentation::Word64()};
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 };
 
@@ -209,9 +215,9 @@ class MachineOptimizationReducer : public Next {
           return __ Word64Constant(uint64_t{static_cast<uint32_t>(value)});
         case multi(Kind::kBitcast, Rep::Word32(), Rep::Float32()):
           return __ Float32Constant(
-              base::bit_cast<float>(static_cast<uint32_t>(value)));
+              i::Float32::FromBits(static_cast<uint32_t>(value)));
         case multi(Kind::kBitcast, Rep::Word64(), Rep::Float64()):
-          return __ Float64Constant(base::bit_cast<double>(value));
+          return __ Float64Constant(i::Float64::FromBits(value));
         case multi(Kind::kSignedToFloat, Rep::Word32(), Rep::Float64()):
           return __ Float64Constant(
               static_cast<double>(static_cast<int32_t>(value)));
@@ -227,27 +233,27 @@ class MachineOptimizationReducer : public Next {
           break;
       }
     }
-    if (float value; from == RegisterRepresentation::Float32() &&
-                     matcher.MatchFloat32Constant(input, &value)) {
+    if (i::Float32 value; from == RegisterRepresentation::Float32() &&
+                          matcher.MatchFloat32Constant(input, &value)) {
       if (kind == Kind::kFloatConversion &&
           to == RegisterRepresentation::Float64()) {
-        return __ Float64Constant(value);
+        return __ Float64Constant(value.get_scalar());
       }
       if (kind == Kind::kBitcast && to == WordRepresentation::Word32()) {
-        return __ Word32Constant(base::bit_cast<uint32_t>(value));
+        return __ Word32Constant(value.get_bits());
       }
     }
-    if (double value; from == RegisterRepresentation::Float64() &&
-                      matcher.MatchFloat64Constant(input, &value)) {
+    if (i::Float64 value; from == RegisterRepresentation::Float64() &&
+                          matcher.MatchFloat64Constant(input, &value)) {
       if (kind == Kind::kFloatConversion &&
           to == RegisterRepresentation::Float32()) {
-        return __ Float32Constant(DoubleToFloat32_NoInline(value));
+        return __ Float32Constant(DoubleToFloat32_NoInline(value.get_scalar()));
       }
       if (kind == Kind::kBitcast && to == WordRepresentation::Word64()) {
         return __ Word64Constant(base::bit_cast<uint64_t>(value));
       }
       if (kind == Kind::kSignedFloatTruncateOverflowToMin) {
-        double truncated = std::trunc(value);
+        double truncated = std::trunc(value.get_scalar());
         if (to == WordRepresentation::Word64()) {
           int64_t result = std::numeric_limits<int64_t>::min();
           if (truncated >= std::numeric_limits<int64_t>::min() &&
@@ -267,17 +273,15 @@ class MachineOptimizationReducer : public Next {
       }
       if (kind == Kind::kJSFloatTruncate &&
           to == WordRepresentation::Word32()) {
-        return __ Word32Constant(DoubleToInt32_NoInline(value));
+        return __ Word32Constant(DoubleToInt32_NoInline(value.get_scalar()));
       }
       if (kind == Kind::kExtractHighHalf) {
         DCHECK_EQ(to, RegisterRepresentation::Word32());
-        return __ Word32Constant(
-            static_cast<uint32_t>(base::bit_cast<uint64_t>(value) >> 32));
+        return __ Word32Constant(static_cast<uint32_t>(value.get_bits() >> 32));
       }
       if (kind == Kind::kExtractLowHalf) {
         DCHECK_EQ(to, RegisterRepresentation::Word32());
-        return __ Word32Constant(
-            static_cast<uint32_t>(base::bit_cast<uint64_t>(value)));
+        return __ Word32Constant(static_cast<uint32_t>(value.get_bits()));
       }
     }
     if (float value; from == RegisterRepresentation::Float32() &&
@@ -1143,7 +1147,7 @@ class MachineOptimizationReducer : public Next {
       }
     }
 
-    if (base::Optional<OpIndex> ror = TryReduceToRor(left, right, kind, rep)) {
+    if (std::optional<OpIndex> ror = TryReduceToRor(left, right, kind, rep)) {
       return *ror;
     }
 
@@ -1169,9 +1173,9 @@ class MachineOptimizationReducer : public Next {
     return false;
   }
 
-  base::Optional<V<Word>> TryReduceToRor(V<Word> left, V<Word> right,
-                                         WordBinopOp::Kind kind,
-                                         WordRepresentation rep) {
+  std::optional<V<Word>> TryReduceToRor(V<Word> left, V<Word> right,
+                                        WordBinopOp::Kind kind,
+                                        WordRepresentation rep) {
     // Recognize rotation, we are matcher.Matching and transforming as follows
     // (assuming kWord32, kWord64 is handled correspondingly):
     //   x << y         |  x >>> (32 - y)    =>  x ror (32 - y)
@@ -1552,8 +1556,8 @@ class MachineOptimizationReducer : public Next {
       }
       // Map 64bit to 32bit comparisons.
       if (rep_w == WordRepresentation::Word64()) {
-        base::Optional<bool> left_sign_extended;
-        base::Optional<bool> right_sign_extended;
+        std::optional<bool> left_sign_extended;
+        std::optional<bool> right_sign_extended;
         if (IsWord32ConvertedToWord64(left, &left_sign_extended) &&
             IsWord32ConvertedToWord64(right, &right_sign_extended)) {
           if (left_sign_extended != true && right_sign_extended != true) {
@@ -1740,7 +1744,7 @@ class MachineOptimizationReducer : public Next {
     if (ShouldSkipOptimizationStep()) goto no_change;
 
     // Try to replace the Branch by a Goto.
-    if (base::Optional<bool> decision = MatchBoolConstant(condition)) {
+    if (std::optional<bool> decision = MatchBoolConstant(condition)) {
       __ Goto(*decision ? if_true : if_false);
       return OpIndex::Invalid();
     }
@@ -1748,7 +1752,7 @@ class MachineOptimizationReducer : public Next {
     // Try to simplify the Branch's condition (eg, `if (x == 0) A else B` can
     // become `if (x) B else A`).
     bool negated = false;
-    if (base::Optional<OpIndex> new_condition =
+    if (std::optional<OpIndex> new_condition =
             ReduceBranchCondition(condition, &negated)) {
       if (negated) {
         std::swap(if_true, if_false);
@@ -1768,14 +1772,14 @@ class MachineOptimizationReducer : public Next {
       return Next::ReduceDeoptimizeIf(condition, frame_state, negated,
                                       parameters);
     }
-    if (base::Optional<bool> decision = MatchBoolConstant(condition)) {
+    if (std::optional<bool> decision = MatchBoolConstant(condition)) {
       if (*decision != negated) {
         __ Deoptimize(frame_state, parameters);
       }
       // `DeoptimizeIf` doesn't produce a value.
       return OpIndex::Invalid();
     }
-    if (base::Optional<V<Word32>> new_condition =
+    if (std::optional<V<Word32>> new_condition =
             ReduceBranchCondition(condition, &negated)) {
       return __ ReduceDeoptimizeIf(new_condition.value(), frame_state, negated,
                                    parameters);
@@ -1792,7 +1796,7 @@ class MachineOptimizationReducer : public Next {
       return Next::ReduceTrapIf(condition, frame_state, negated, trap_id);
     }
     if (ShouldSkipOptimizationStep()) goto no_change;
-    if (base::Optional<bool> decision = MatchBoolConstant(condition)) {
+    if (std::optional<bool> decision = MatchBoolConstant(condition)) {
       if (*decision != negated) {
         Next::ReduceTrapIf(condition, frame_state, negated, trap_id);
         __ Unreachable();
@@ -1800,7 +1804,7 @@ class MachineOptimizationReducer : public Next {
       // `TrapIf` doesn't produce a value.
       return V<None>::Invalid();
     }
-    if (base::Optional<V<Word32>> new_condition =
+    if (std::optional<V<Word32>> new_condition =
             ReduceBranchCondition(condition, &negated)) {
       return __ ReduceTrapIf(new_condition.value(), frame_state, negated,
                              trap_id);
@@ -1819,7 +1823,7 @@ class MachineOptimizationReducer : public Next {
     if (ShouldSkipOptimizationStep()) goto no_change;
 
     // Try to remove the Select.
-    if (base::Optional<bool> decision = MatchBoolConstant(cond)) {
+    if (std::optional<bool> decision = MatchBoolConstant(cond)) {
       return *decision ? vtrue : vfalse;
     }
 
@@ -1830,7 +1834,7 @@ class MachineOptimizationReducer : public Next {
     LABEL_BLOCK(no_change) {
       return Next::ReduceStaticAssert(condition, source);
     }
-    if (base::Optional<bool> decision = MatchBoolConstant(condition)) {
+    if (std::optional<bool> decision = MatchBoolConstant(condition)) {
       if (*decision) {
         // Drop the assert, the condition holds true.
         return OpIndex::Invalid();
@@ -2012,6 +2016,198 @@ class MachineOptimizationReducer : public Next {
                             offset, element_scale);
   }
 
+#if V8_ENABLE_WEBASSEMBLY
+#ifdef V8_TARGET_ARCH_ARM64
+  V<Any> REDUCE(Simd128ExtractLane)(V<Simd128> input,
+                                    Simd128ExtractLaneOp::Kind kind,
+                                    uint8_t lane) {
+    LABEL_BLOCK(no_change) {
+      return Next::ReduceSimd128ExtractLane(input, kind, lane);
+    }
+    if (ShouldSkipOptimizationStep()) goto no_change;
+
+    // Turbofan and the RecreateSchedulePhase don't support the optimized
+    // reduce operation.
+    if (!v8_flags.turboshaft_wasm_instruction_selection_staged) goto no_change;
+
+    if (lane != 0) {
+      goto no_change;
+    }
+
+    const Simd128BinopOp* binop = matcher.TryCast<Simd128BinopOp>(input);
+    if (!binop) {
+      goto no_change;
+    }
+
+    // Support pairwise addition: int and fp.
+    switch (binop->kind) {
+      default:
+        goto no_change;
+      case Simd128BinopOp::Kind::kI8x16Add:
+      case Simd128BinopOp::Kind::kI16x8Add:
+      case Simd128BinopOp::Kind::kI32x4Add:
+      case Simd128BinopOp::Kind::kF32x4Add:
+      case Simd128BinopOp::Kind::kI64x2Add:
+      case Simd128BinopOp::Kind::kF64x2Add:
+        break;
+    }
+
+    auto MatchUnaryShuffle =
+        [this](V<Simd128> maybe_shuffle) -> const Simd128ShuffleOp* {
+      if (const Simd128ShuffleOp* shuffle =
+              matcher.TryCast<Simd128ShuffleOp>(maybe_shuffle)) {
+        if (shuffle->left() == shuffle->right()) {
+          return shuffle;
+        }
+      }
+      return nullptr;
+    };
+
+    auto MatchBinop =
+        [this](
+            V<Simd128> maybe_binop,
+            Simd128BinopOp::Kind required_binop_kind) -> const Simd128BinopOp* {
+      if (const Simd128BinopOp* binop =
+              matcher.TryCast<Simd128BinopOp>(maybe_binop)) {
+        if (required_binop_kind == binop->kind) {
+          return binop;
+        }
+      }
+      return nullptr;
+    };
+
+    // We're going to look for vector reductions performed with
+    // shuffles and binops. The TS operations are defined as pairwise
+    // to map well onto hardware, although the ordering is only
+    // important for FP operations. For an example of the Word32
+    // UpperToLower case:
+    //
+    // input    = (V<Simd128>)
+    // shuffle1 = (Simd128ShuffleOp input, input, [ 2, 3, X, X])
+    // add1     = (Simd128BinopOp input, shuffle1)
+    // shuffle2 = (Simd128ShuffleOp add1, add1, [1, X, X, X])
+    // add2     = (Simd128BinopOp add1, shuffle2)
+    // result   = (ExtractLaneOp add2, 0)
+
+    // Walk up from binop to discover the tree of binops and shuffles:
+    // (extract (binop (binop (reduce_input), shuffle), shuffle), 0)
+    base::SmallVector<const Simd128ShuffleOp*, 4> shuffles;
+    base::SmallVector<const Simd128BinopOp*, 4> binops;
+    binops.push_back(binop);
+    while (!binops.empty()) {
+      const Simd128BinopOp* binop = binops.back();
+      binops.pop_back();
+      V<Simd128> operands[2] = {binop->left(), binop->right()};
+      for (unsigned i = 0; i < 2; ++i) {
+        V<Simd128> operand = operands[i];
+        if (const Simd128ShuffleOp* shuffle = MatchUnaryShuffle(operand)) {
+          // Ensure that the input to the shuffle is also the other input to
+          // current binop.
+          V<Simd128> shuffle_in = shuffle->left();
+          DCHECK_EQ(shuffle_in, shuffle->right());
+          V<Simd128> other_operand = operands[i ^ 1];
+          if (shuffle_in != other_operand) {
+            break;
+          }
+          shuffles.push_back(shuffle);
+          if (const Simd128BinopOp* other_binop =
+                  MatchBinop(shuffle_in, binop->kind)) {
+            binops.push_back(other_binop);
+            break;
+          }
+        }
+      }
+    }
+    if (shuffles.empty()) {
+      goto no_change;
+    }
+
+    // Reverse so that they're in execution order, just for readability.
+    std::reverse(shuffles.begin(), shuffles.end());
+    V<Simd128> reduce_input = shuffles.front()->left();
+    MachineRepresentation rep = Simd128ExtractLaneOp::element_rep(kind);
+    switch (rep) {
+      default:
+        goto no_change;
+      case MachineRepresentation::kWord8: {
+        if (shuffles.size() == 4) {
+          const uint8_t* shuffle1 = shuffles[0]->shuffle;
+          const uint8_t* shuffle2 = shuffles[1]->shuffle;
+          const uint8_t* shuffle3 = shuffles[2]->shuffle;
+          const uint8_t* shuffle4 = shuffles[3]->shuffle;
+          if (wasm::SimdShuffle::TryMatch8x16UpperToLowerReduce(
+                  shuffle1, shuffle2, shuffle3, shuffle4)) {
+            V<Simd128> reduce = __ Simd128Reduce(
+                reduce_input, Simd128ReduceOp::Kind::kI8x16AddReduce);
+            return __ Simd128ExtractLane(reduce, kind, 0);
+          }
+        }
+        break;
+      }
+      case MachineRepresentation::kWord16: {
+        if (shuffles.size() == 3) {
+          const uint8_t* shuffle1 = shuffles[0]->shuffle;
+          const uint8_t* shuffle2 = shuffles[1]->shuffle;
+          const uint8_t* shuffle3 = shuffles[2]->shuffle;
+          if (wasm::SimdShuffle::TryMatch16x8UpperToLowerReduce(
+                  shuffle1, shuffle2, shuffle3)) {
+            V<Simd128> reduce = __ Simd128Reduce(
+                reduce_input, Simd128ReduceOp::Kind::kI16x8AddReduce);
+            return __ Simd128ExtractLane(reduce, kind, 0);
+          }
+        }
+        break;
+      }
+      case MachineRepresentation::kWord32: {
+        if (shuffles.size() == 2) {
+          const uint8_t* shuffle1 = shuffles[0]->shuffle;
+          const uint8_t* shuffle2 = shuffles[1]->shuffle;
+          if (wasm::SimdShuffle::TryMatch32x4UpperToLowerReduce(shuffle1,
+                                                                shuffle2)) {
+            V<Simd128> reduce = __ Simd128Reduce(
+                reduce_input, Simd128ReduceOp::Kind::kI32x4AddReduce);
+            return __ Simd128ExtractLane(reduce, kind, 0);
+          }
+        }
+        break;
+      }
+      case MachineRepresentation::kFloat32: {
+        if (shuffles.size() == 2) {
+          const uint8_t* shuffle1 = shuffles[0]->shuffle;
+          const uint8_t* shuffle2 = shuffles[1]->shuffle;
+          if (wasm::SimdShuffle::TryMatch32x4PairwiseReduce(shuffle1,
+                                                            shuffle2)) {
+            V<Simd128> reduce = __ Simd128Reduce(
+                reduce_input, Simd128ReduceOp::Kind::kF32x4AddReduce);
+            return __ Simd128ExtractLane(reduce, kind, 0);
+          }
+        }
+        break;
+      }
+      case MachineRepresentation::kWord64:
+      case MachineRepresentation::kFloat64: {
+        if (shuffles.size() == 1) {
+          uint8_t shuffle64x2[2];
+          if (wasm::SimdShuffle::TryMatch64x2Shuffle(shuffles[0]->shuffle,
+                                                     shuffle64x2) &&
+              wasm::SimdShuffle::TryMatch64x2Reduce(shuffle64x2)) {
+            V<Simd128> reduce =
+                rep == MachineRepresentation::kWord64
+                    ? __ Simd128Reduce(reduce_input,
+                                       Simd128ReduceOp::Kind::kI64x2AddReduce)
+                    : __ Simd128Reduce(reduce_input,
+                                       Simd128ReduceOp::Kind::kF64x2AddReduce);
+            return __ Simd128ExtractLane(reduce, kind, 0);
+          }
+        }
+        break;
+      }
+    }
+    goto no_change;
+  }
+#endif  // V8_TARGET_ARCH_ARM64
+#endif  // V8_ENABLE_WEBASSEMBLY
+
  private:
   V<Word32> ReduceCompareEqual(V<Any> left, V<Any> right,
                                RegisterRepresentation rep) {
@@ -2110,8 +2306,8 @@ class MachineOptimizationReducer : public Next {
         }
         // Map 64bit to 32bit equals.
         if (rep_w == WordRepresentation::Word64()) {
-          base::Optional<bool> left_sign_extended;
-          base::Optional<bool> right_sign_extended;
+          std::optional<bool> left_sign_extended;
+          std::optional<bool> right_sign_extended;
           if (IsWord32ConvertedToWord64(left, &left_sign_extended) &&
               IsWord32ConvertedToWord64(right, &right_sign_extended)) {
             if (left_sign_extended == right_sign_extended) {
@@ -2283,8 +2479,8 @@ class MachineOptimizationReducer : public Next {
     return false;
   }
 
-  bool IsWord32ConvertedToWord64(
-      OpIndex value, base::Optional<bool>* sign_extended = nullptr) {
+  bool IsWord32ConvertedToWord64(OpIndex value,
+                                 std::optional<bool>* sign_extended = nullptr) {
     if (const ChangeOp* change_op = matcher.TryCast<ChangeOp>(value)) {
       if (change_op->from == WordRepresentation::Word32() &&
           change_op->to == WordRepresentation::Word64()) {
@@ -2506,8 +2702,8 @@ class MachineOptimizationReducer : public Next {
     }
   }
 
-  base::Optional<V<Word32>> ReduceBranchCondition(V<Word32> condition,
-                                                  bool* negated) {
+  std::optional<V<Word32>> ReduceBranchCondition(V<Word32> condition,
+                                                 bool* negated) {
     // TODO(dmercadier): consider generalizing this function both Word32 and
     // Word64.
     bool reduced = false;
@@ -2580,15 +2776,15 @@ class MachineOptimizationReducer : public Next {
       }
       break;
     }
-    return reduced ? base::Optional<V<Word32>>(condition) : base::nullopt;
+    return reduced ? std::optional<V<Word32>>(condition) : std::nullopt;
   }
 
-  base::Optional<bool> MatchBoolConstant(OpIndex condition) {
+  std::optional<bool> MatchBoolConstant(OpIndex condition) {
     if (uint32_t value;
         matcher.MatchIntegralWord32Constant(condition, &value)) {
       return value != 0;
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // Returns true if loading the map of an object with map {map} can be constant
diff --git a/deps/v8/src/compiler/turboshaft/maglev-early-lowering-reducer-inl.h b/deps/v8/src/compiler/turboshaft/maglev-early-lowering-reducer-inl.h
index dfe62f69d09516..e7eb128d2061c1 100644
--- a/deps/v8/src/compiler/turboshaft/maglev-early-lowering-reducer-inl.h
+++ b/deps/v8/src/compiler/turboshaft/maglev-early-lowering-reducer-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_MAGLEV_EARLY_LOWERING_REDUCER_INL_H_
 #define V8_COMPILER_TURBOSHAFT_MAGLEV_EARLY_LOWERING_REDUCER_INL_H_
 
+#include <optional>
+
 #include "src/compiler/feedback-source.h"
 #include "src/compiler/globals.h"
 #include "src/compiler/turboshaft/assembler.h"
@@ -44,7 +46,7 @@ class MaglevEarlyLoweringReducer : public Next {
     if (first_instance_type == last_instance_type) {
 #if V8_STATIC_ROOTS_BOOL
       if (InstanceTypeChecker::UniqueMapOfInstanceType(first_instance_type)) {
-        base::Optional<RootIndex> expected_index =
+        std::optional<RootIndex> expected_index =
             InstanceTypeChecker::UniqueMapOfInstanceType(first_instance_type);
         CHECK(expected_index.has_value());
         Handle<HeapObject> expected_map =
@@ -354,6 +356,119 @@ class MaglevEarlyLoweringReducer : public Next {
     return result;
   }
 
+  V<Map> MigrateMapIfNeeded(V<HeapObject> object, V<Map> map,
+                            V<FrameState> frame_state,
+                            const FeedbackSource& feedback) {
+    ScopedVar<Map> result(this, map);
+
+    V<Word32> bitfield3 =
+        __ template LoadField<Word32>(map, AccessBuilder::ForMapBitField3());
+    IF (UNLIKELY(__ Word32BitwiseAnd(bitfield3,
+                                     Map::Bits3::IsDeprecatedBit::kMask))) {
+      V<Object> result = __ CallRuntime_TryMigrateInstance(
+          isolate_, __ NoContextConstant(), object);
+      __ DeoptimizeIf(__ ObjectIsSmi(result), frame_state,
+                      DeoptimizeReason::kInstanceMigrationFailed, feedback);
+      // Reload the map since TryMigrateInstance might have changed it.
+      result = __ LoadMapField(V<HeapObject>::Cast(result));
+    }
+
+    return result;
+  }
+
+  V<PropertyArray> ExtendPropertiesBackingStore(
+      V<PropertyArray> old_property_array, V<JSObject> object, int old_length,
+      V<FrameState> frame_state, const FeedbackSource& feedback) {
+    // Allocate new PropertyArray.
+    int new_length = old_length + JSObject::kFieldsAdded;
+    Uninitialized<PropertyArray> new_property_array =
+        __ template Allocate<PropertyArray>(
+            __ IntPtrConstant(PropertyArray::SizeFor(new_length)),
+            AllocationType::kYoung);
+    __ InitializeField(new_property_array, AccessBuilder::ForMap(),
+                       __ HeapConstant(factory_->property_array_map()));
+
+    // Copy existing properties over.
+    for (int i = 0; i < old_length; i++) {
+      V<Object> old_value = __ template LoadField<Object>(
+          old_property_array, AccessBuilder::ForPropertyArraySlot(i));
+      __ InitializeField(new_property_array,
+                         AccessBuilder::ForPropertyArraySlot(i), old_value);
+    }
+
+    // Initialize new properties to undefined.
+    V<Undefined> undefined = __ HeapConstant(factory_->undefined_value());
+    for (int i = 0; i < JSObject::kFieldsAdded; ++i) {
+      __ InitializeField(new_property_array,
+                         AccessBuilder::ForPropertyArraySlot(old_length + i),
+                         undefined);
+    }
+
+    // Read the hash.
+    ScopedVar<Word32> hash(this);
+    if (old_length == 0) {
+      // The object might still have a hash, stored in properties_or_hash. If
+      // properties_or_hash is a SMI, then it's the hash. It can also be an
+      // empty PropertyArray.
+      V<Object> hash_obj = __ template LoadField<Object>(
+          object, AccessBuilder::ForJSObjectPropertiesOrHash());
+      IF (__ IsSmi(hash_obj)) {
+        hash = __ Word32ShiftLeft(__ UntagSmi(V<Smi>::Cast(hash_obj)),
+                                  PropertyArray::HashField::kShift);
+      } ELSE {
+        hash = __ Word32Constant(PropertyArray::kNoHashSentinel);
+      }
+    } else {
+      V<Smi> hash_smi = __ template LoadField<Smi>(
+          old_property_array, AccessBuilder::ForPropertyArrayLengthAndHash());
+      hash = __ Word32BitwiseAnd(__ UntagSmi(hash_smi),
+                                 PropertyArray::HashField::kMask);
+    }
+
+    // Add the new length and write the length-and-hash field.
+    static_assert(PropertyArray::LengthField::kShift == 0);
+    V<Word32> length_and_hash = __ Word32BitwiseOr(hash, new_length);
+    __ InitializeField(new_property_array,
+                       AccessBuilder::ForPropertyArrayLengthAndHash(),
+                       __ TagSmi(length_and_hash));
+
+    V<PropertyArray> initialized_new_property_array =
+        __ FinishInitialization(std::move(new_property_array));
+
+    // Replace the old property array in {object}.
+    __ StoreField(object, AccessBuilder::ForJSObjectPropertiesOrHash(),
+                  initialized_new_property_array);
+
+    return initialized_new_property_array;
+  }
+
+  void GeneratorStore(V<Context> context, V<JSGeneratorObject> generator,
+                      base::SmallVector<OpIndex, 32> parameters_and_registers,
+                      int suspend_id, int bytecode_offset) {
+    V<FixedArray> array = __ template LoadTaggedField<FixedArray>(
+        generator, JSGeneratorObject::kParametersAndRegistersOffset);
+    for (int i = 0; static_cast<size_t>(i) < parameters_and_registers.size();
+         i++) {
+      __ Store(array, parameters_and_registers[i], StoreOp::Kind::TaggedBase(),
+               MemoryRepresentation::AnyTagged(),
+               WriteBarrierKind::kFullWriteBarrier,
+               FixedArray::OffsetOfElementAt(i));
+    }
+    __ Store(generator, __ SmiConstant(Smi::FromInt(suspend_id)),
+             StoreOp::Kind::TaggedBase(), MemoryRepresentation::TaggedSigned(),
+             WriteBarrierKind::kNoWriteBarrier,
+             JSGeneratorObject::kContinuationOffset);
+    __ Store(generator, __ SmiConstant(Smi::FromInt(bytecode_offset)),
+             StoreOp::Kind::TaggedBase(), MemoryRepresentation::TaggedSigned(),
+             WriteBarrierKind::kNoWriteBarrier,
+             JSGeneratorObject::kInputOrDebugPosOffset);
+
+    __ Store(generator, context, StoreOp::Kind::TaggedBase(),
+             MemoryRepresentation::AnyTagged(),
+             WriteBarrierKind::kFullWriteBarrier,
+             JSGeneratorObject::kContextOffset);
+  }
+
  private:
   V<Word32> CheckInstanceTypeIsInRange(V<Map> map,
                                        InstanceType first_instance_type,
diff --git a/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.cc b/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.cc
index e4fdd9f9337d81..17ca11348578f0 100644
--- a/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.cc
+++ b/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.cc
@@ -6,6 +6,7 @@
 
 #include <limits>
 #include <memory>
+#include <optional>
 #include <type_traits>
 
 #include "src/base/logging.h"
@@ -108,11 +109,9 @@ class BlockOriginTrackingReducer : public Next {
   void SetMaglevInputBlock(const maglev::BasicBlock* block) {
     maglev_input_block_ = block;
   }
-#ifdef DEBUG
   const maglev::BasicBlock* maglev_input_block() const {
     return maglev_input_block_;
   }
-#endif
   void Bind(Block* block) {
     Next::Bind(block);
     // The 1st block we bind doesn't exist in Maglev and is meant to hold
@@ -135,6 +134,297 @@ class BlockOriginTrackingReducer : public Next {
       __ phase_zone()};
 };
 
+class GeneratorAnalyzer {
+  // A document explaning how generators are handled by the translation can be
+  // found here:
+  //
+  //     https://docs.google.com/document/d/1-iFoVuvpIEjA9dtSsOjmKL5vAzzvf0cKI6f4zaObiV8/edit?usp=sharing
+  //
+  //
+  // Because of generator resumes, Maglev graphs can have edges that bypass loop
+  // headers. This actually happens everytime a loop contains a `yield`.
+  // In Turboshaft, however, the loop header must always dominate every block in
+  // the loop, and thus does not allow such edges that bypass the loop header.
+  // For instance,
+  //
+  //     function* foo() {
+  //       for (let i = 0; i < 10; i++) {
+  //         if (i % 2 == 0) {
+  //           yield i;
+  //         }
+  //       }
+  //     }
+  //
+  // The corresponding Maglev graph will look something like (this is a little
+  // bit simplified since details don't matter much for this high level
+  // explanation; the drawing in FindLoopHeaderBypasses below gives a more
+  // precise view of what the Maglev graph looks like):
+  //
+  //                       + 1 ------+
+  //                       | Switch  |
+  //                       +---------+
+  //                        /      \
+  //                      /          \      |----------------------|
+  //                    /              \    |                      |
+  //                  /                 v   v                      |
+  //                /              + 2 --------+                   |
+  //              /                | Loop      |                   |
+  //             |                 +-----------+                   |
+  //             |                      |                          |
+  //             |                      |                          |
+  //             v                      v                          |
+  //        + 4 ------+             + 3 --------------+            |
+  //        | Resume  |             | Branch(i%2==0)  |            |
+  //        +---------+             +-----------------+            |
+  //            |                     /        \                   |
+  //            |                    /          \                  |
+  //            |                   /            \                 |
+  //            |             + 5 -------+        |                |
+  //            |             | yield i  |        |                |
+  //            |             +----------+        |                |
+  //            |                                 |                |
+  //            |----------------------------|    |                |
+  //                                         |    |                |
+  //                                         v    v                |
+  //                                    + 6 ----------+            |
+  //                                    | i++         |            |
+  //                                    | backedge    |            |
+  //                                    +-------------+            |
+  //                                           |                   |
+  //                                           |-------------------|
+  //
+  // In this graph, the edge from block 4 to block 6 bypasses the loop header.
+  //
+  //
+  // Note that it's even possible that the graph contains no forward path from
+  // the loop header to the backedge. This happens for instance when the loop
+  // body always unconditionally yields. In such cases, the backedge is always
+  // reached through the main resume switch. For instance:
+  //
+  //     function* foo() {
+  //       for (let i = 0; i < 10; i++) {
+  //         yield i;
+  //       }
+  //     }
+  //
+  // Will produce the following graph:
+  //
+  //                       + 1 ------+
+  //                       | Switch  |
+  //                       +---------+
+  //                        /      \
+  //                      /          \      |-------------|
+  //                    /              \    |             |
+  //                  /                 v   v             |
+  //                /              + 2 --------+          |
+  //              /                | Loop      |          |
+  //             |                 +-----------+          |
+  //             |                      |                 |
+  //             |                      |                 |
+  //             v                      v                 |
+  //        + 4 ------+             + 3 -------+          |
+  //        | Resume  |             | yield i  |          |
+  //        +---------+             +----------+          |
+  //             |                                        |
+  //             |                                        |
+  //             |----------------------------------------|
+  //
+  //
+  // GeneratorAnalyzer finds the loop in the Maglev graph, and finds the
+  // generator resume edges that bypass loops headers. The GraphBuilder then
+  // uses this information to re-route such edges to loop headers and insert
+  // secondary switches. For instance, the graph right above will be transformed
+  // to something like this:
+  //
+  //                       + 1 ------+
+  //                       | Switch  |
+  //                       +---------+
+  //                          |  |
+  //                          |  |
+  //                          v  v
+  //                     + 2 --------+
+  //                     | p1 = phi  |
+  //                     +-----------+
+  //                          |
+  //                          |    |-----------------------|
+  //                          |    |                       |
+  //                          v    v                       |
+  //                     + 3 -----------------+            |
+  //                     | Loop               |            |
+  //                     | p2 = phi(p1,...)   |            |
+  //                     +--------------------+            |
+  //                           |                           |
+  //                           |                           |
+  //                           v                           |
+  //                     + 4 -----------+                  |
+  //                     | Switch(p2)   |                  |
+  //                     +--------------+                  |
+  //                       /       \                       |
+  //                     /           \                     |
+  //                   /               \                   |
+  //                 v                   v                 |
+  //           + 5 --------+        + 6 --------+          |
+  //           | Resume    |        | yield i   |          |
+  //           +-----------+        +-----------+          |
+  //                 |                                     |
+  //                 |                                     |
+  //                 |-------------------------------------|
+
+ public:
+  explicit GeneratorAnalyzer(Zone* phase_zone,
+                             maglev::MaglevGraphLabeller* labeller)
+      : labeller_(labeller),
+        block_to_header_(phase_zone),
+        visit_queue_(phase_zone) {
+    USE(labeller_);
+  }
+
+  void Analyze(maglev::Graph* graph) {
+    for (auto it = graph->rbegin(); it != graph->rend(); ++it) {
+      if ((*it)->is_loop()) {
+        FindLoopBody(it);
+      }
+    }
+
+    FindLoopHeaderBypasses(graph);
+  }
+
+  bool JumpBypassesHeader(const maglev::BasicBlock* target) {
+    return block_to_innermost_bypassed_header_.contains(target);
+  }
+
+  const maglev::BasicBlock* GetInnermostBypassedHeader(
+      const maglev::BasicBlock* target) {
+    DCHECK(JumpBypassesHeader(target));
+    return block_to_innermost_bypassed_header_[target];
+  }
+
+  bool HeaderIsBypassed(const maglev::BasicBlock* header) {
+    DCHECK(header->is_loop());
+    return bypassed_headers_.contains(header);
+  }
+
+  const maglev::BasicBlock* GetLoopHeader(const maglev::BasicBlock* node) {
+    if (block_to_header_.contains(node)) {
+      return block_to_header_[node];
+    }
+    return nullptr;
+  }
+
+  bool has_header_bypasses() const { return !bypassed_headers_.empty(); }
+
+ private:
+  // We consider that every block in between the loop header and the backedge
+  // belongs to the loop. This is a little bit more conservative than necessary
+  // and might include blocks that in fact cannot reach the backedge, but it
+  // makes dealing with exception blocks easier (because they have no explicit
+  // predecessors in Maglev).
+  void FindLoopBody(maglev::BlockConstReverseIterator it) {
+    const maglev::BasicBlock* header = *it;
+    DCHECK(header->is_loop());
+
+    --it;  // Skipping the header, since we consider its loop header to be the
+           // header of their outer loop (if any).
+
+    const maglev::BasicBlock* backedge_block = header->backedge_predecessor();
+    if (backedge_block == header) {
+      // This is a 1-block loop. Since headers are part of the outer loop, we
+      // have nothing to mark.
+      return;
+    }
+
+    block_to_header_[backedge_block] = header;
+
+    for (; *it != backedge_block; --it) {
+      const maglev::BasicBlock* curr = *it;
+      if (block_to_header_.contains(curr)) {
+        // {curr} is part of an inner loop.
+        continue;
+      }
+      block_to_header_[curr] = header;
+    }
+  }
+
+  void FindLoopHeaderBypasses(maglev::Graph* graph) {
+    // As mentioned earlier, Maglev graphs for resumable generator functions
+    // always start with a main dispatch switch in the 3rd block:
+    //
+    //
+    //                       + 1 -----------------+
+    //                       | InitialValues...   |
+    //                       | Jump               |
+    //                       +--------------------+
+    //                                  |
+    //                                  |
+    //                                  v
+    //                       + 2 --------------------+
+    //                       | BranchIfRootConstant  |
+    //                       +-----------------------+
+    //                          /                  \
+    //                         /                     \
+    //                        /                        \
+    //                       /                           \
+    //                      v                              v
+    //              + 3 ----------+                  + 4 --------------+
+    //              | Load state  |                  | Initial setup   |
+    //              | Switch      |                  | return          |
+    //              +-------------+                  +-----------------+
+    //                /    |    \
+    //               /     |     \
+    //              v      v      v
+    //          Resuming in various places
+    //
+    //
+    //
+    // In order to find loop header bypasses, we are looking for cases where
+    // the destination of the dispatch switch (= the successors of block 3) are
+    // inside a loop.
+
+    constexpr int kGeneratorSwitchBLockIndex = 2;
+    maglev::BasicBlock* generator_switch_block =
+        graph->blocks()[kGeneratorSwitchBLockIndex];
+    DCHECK(generator_switch_block->control_node()->Is<maglev::Switch>());
+
+    for (maglev::BasicBlock* target : generator_switch_block->successors()) {
+      const maglev::BasicBlock* innermost_header = GetLoopHeader(target);
+
+      if (innermost_header) {
+        // This case bypasses a loop header.
+        RecordHeadersForBypass(target, innermost_header);
+      }
+    }
+  }
+
+  void RecordHeadersForBypass(maglev::BasicBlock* initial_target,
+                              const maglev::BasicBlock* innermost_header) {
+    block_to_innermost_bypassed_header_[initial_target] = innermost_header;
+    bypassed_headers_.insert(innermost_header);
+
+    for (const maglev::BasicBlock* outer_header =
+             GetLoopHeader(innermost_header);
+         outer_header; outer_header = GetLoopHeader(outer_header)) {
+      bypassed_headers_.insert(outer_header);
+    }
+  }
+
+  maglev::MaglevGraphLabeller* labeller_;
+
+  // Map from blocks inside loops to the header of said loops.
+  ZoneAbslFlatHashMap<const maglev::BasicBlock*, const maglev::BasicBlock*>
+      block_to_header_;
+
+  // Map from jump target to the innermost header they bypass.
+  std::unordered_map<const maglev::BasicBlock*, const maglev::BasicBlock*>
+      block_to_innermost_bypassed_header_;
+  // Set of headers that are bypassed because of generator resumes.
+  std::unordered_set<const maglev::BasicBlock*> bypassed_headers_;
+
+  // {visit_queue_} is used in FindLoopBody to store nodes that still need to be
+  // visited. It is a instance variable in order to reuse its memory more
+  // efficiently.
+  ZoneVector<const maglev::BasicBlock*> visit_queue_;
+};
+
 #define GET_FRAME_STATE_MAYBE_ABORT(name, deopt_info)                       \
   V<FrameState> name;                                                       \
   {                                                                         \
@@ -191,7 +481,7 @@ class GraphBuilder {
 
   GraphBuilder(PipelineData* data, Graph& graph, Zone* temp_zone,
                maglev::MaglevCompilationUnit* maglev_compilation_unit,
-               base::Optional<BailoutReason>* bailout)
+               std::optional<BailoutReason>* bailout)
       : data_(data),
         temp_zone_(temp_zone),
         assembler_(data, graph, graph, temp_zone),
@@ -201,6 +491,8 @@ class GraphBuilder {
         regs_to_vars_(temp_zone),
         loop_single_edge_predecessors_(temp_zone),
         maglev_representations_(temp_zone),
+        generator_analyzer_(temp_zone,
+                            maglev_compilation_unit_->graph_labeller()),
         bailout_(bailout) {}
 
   void PreProcessGraph(maglev::Graph* graph) {
@@ -226,6 +518,20 @@ class GraphBuilder {
           new_target_index, RegisterRepresentation::Tagged(), "%new.target");
     }
 
+    if (graph->has_resumable_generator()) {
+      generator_analyzer_.Analyze(graph);
+
+      dummy_object_input_ = __ SmiConstant(0);
+      dummy_word32_input_ = __ Word32Constant(0);
+      dummy_float64_input_ = __ Float64Constant(0);
+
+      header_switch_input_ = __ NewVariable(RegisterRepresentation::Word32());
+      loop_default_generator_value_ = __ Word32Constant(kDefaultSwitchVarValue);
+      generator_context_ =
+          __ NewLoopInvariantVariable(RegisterRepresentation::Tagged());
+      __ SetVariable(generator_context_, __ NoContextConstant());
+    }
+
     // Maglev nodes often don't have the NativeContext as input, but instead
     // rely on the MaglevAssembler to provide it during code generation, unlike
     // Turboshaft nodes, which need the NativeContext as an explicit input if
@@ -250,12 +556,30 @@ class GraphBuilder {
     }
   }
 
-  void PreProcessBasicBlock(maglev::BasicBlock* maglev_block) {
+  // The Maglev graph for resumable generator functions always has the main
+  // dispatch Switch in its 3rd block.
+  bool IsMaglevMainGeneratorSwitchBlock(
+      const maglev::BasicBlock* maglev_block) {
+    if (!generator_analyzer_.has_header_bypasses()) return false;
+    constexpr int kMainSwitchBlockId = 3;
+    bool is_main_switch_block =
+        maglev_compilation_unit_->graph_labeller()->BlockId(maglev_block) ==
+        kMainSwitchBlockId;
+    DCHECK_IMPLIES(is_main_switch_block,
+                   maglev_block->control_node()->Is<maglev::Switch>());
+    return is_main_switch_block;
+  }
+
+  maglev::BlockProcessResult PreProcessBasicBlock(
+      maglev::BasicBlock* maglev_block) {
     // Note that it's important to call SetMaglevInputBlock before calling Bind,
     // so that BlockOriginTrackingReducer::Bind records the correct predecessor
     // for the current block.
     __ SetMaglevInputBlock(maglev_block);
 
+    is_visiting_generator_main_switch_ =
+        IsMaglevMainGeneratorSwitchBlock(maglev_block);
+
     Block* turboshaft_block = Map(maglev_block);
 
     if (__ current_block() != nullptr) {
@@ -271,13 +595,14 @@ class GraphBuilder {
 #endif
 
     if (maglev_block->is_loop() &&
-        MapContains(loop_single_edge_predecessors_, maglev_block)) {
+        (loop_single_edge_predecessors_.contains(maglev_block) ||
+         pre_loop_generator_blocks_.contains(maglev_block))) {
       EmitLoopSinglePredecessorBlock(maglev_block);
     }
 
     if (maglev_block->is_exception_handler_block()) {
       StartExceptionBlock(maglev_block);
-      return;
+      return maglev::BlockProcessResult::kContinue;
     }
 
     // SetMaglevInputBlock should have been called before calling Bind, and the
@@ -285,7 +610,7 @@ class GraphBuilder {
     DCHECK_EQ(__ maglev_input_block(), maglev_block);
     if (!__ Bind(turboshaft_block)) {
       // The current block is not reachable.
-      return;
+      return maglev::BlockProcessResult::kContinue;
     }
 
     if (maglev_block->is_loop()) {
@@ -293,7 +618,7 @@ class GraphBuilder {
       // apply to loops, since loops always have 2 predecessors in Turboshaft,
       // and in both Turboshaft and Maglev, the backedge is always the last
       // predecessors, so we never need to reorder phi inputs.
-      return;
+      return maglev::BlockProcessResult::kContinue;
     } else if (maglev_block->is_exception_handler_block()) {
       // We need to emit the CatchBlockBegin at the begining of this block. Note
       // that if this block has multiple predecessors (because multiple throwing
@@ -325,13 +650,16 @@ class GraphBuilder {
         // their inputs (and also, Maglev exception blocks have no
         // predecessors).
         !maglev_block->is_exception_handler_block()) {
-      ComputePredecessorPermutations(maglev_block, turboshaft_block, false);
+      ComputePredecessorPermutations(maglev_block, turboshaft_block, false,
+                                     false);
     }
+    return maglev::BlockProcessResult::kContinue;
   }
 
   void ComputePredecessorPermutations(maglev::BasicBlock* maglev_block,
                                       Block* turboshaft_block,
-                                      bool skip_backedge) {
+                                      bool skip_backedge,
+                                      bool ignore_last_predecessor) {
     // This function is only called for loops that need a "single block
     // predecessor" (from EmitLoopSinglePredecessorBlock). The backedge should
     // always be skipped in thus cases. Additionally, this means that when
@@ -352,12 +680,24 @@ class GraphBuilder {
       maglev_predecessors[i] = maglev_block->predecessor_at(i);
     }
 
+    predecessor_permutation_.clear();
     predecessor_permutation_.resize_and_init(maglev_block->predecessor_count(),
                                              Block::kInvalidPredecessorIndex);
     int index = turboshaft_block->PredecessorCount() - 1;
     // Iterating predecessors from the end (because it's simpler and more
     // efficient in Turboshaft).
     for (const Block* pred : turboshaft_block->PredecessorsIterable()) {
+      if (ignore_last_predecessor &&
+          index == turboshaft_block->PredecessorCount() - 1) {
+        // When generator resumes bypass loop headers, we add an additional
+        // predecessor to the header's predecessor (called {pred_for_generator}
+        // in EmitLoopSinglePredecessorBlock). This block doesn't have Maglev
+        // origin, we thus have to skip it here. To compensate,
+        // MakePhiMaybePermuteInputs will take an additional input for these
+        // cases.
+        index--;
+        continue;
+      }
       // Finding out to which Maglev predecessor {pred} corresponds.
       const maglev::BasicBlock* orig = __ GetMaglevOrigin(pred);
       auto orig_index = *base::index_of(maglev_predecessors, orig);
@@ -427,6 +767,10 @@ class GraphBuilder {
         case maglev::ValueRepresentation::kInt32:
           __ SetVariable(var, __ ConvertInt32ToNumber(V<Word32>::Cast(ts_idx)));
           break;
+        case maglev::ValueRepresentation::kUint32:
+          __ SetVariable(var,
+                         __ ConvertUint32ToNumber(V<Word32>::Cast(ts_idx)));
+          break;
         case maglev::ValueRepresentation::kFloat64:
           __ SetVariable(
               var,
@@ -440,7 +784,6 @@ class GraphBuilder {
                                         maglev::HoleyFloat64ToTagged::
                                             ConversionMode::kCanonicalizeSmi));
           break;
-        case maglev::ValueRepresentation::kUint32:
         case maglev::ValueRepresentation::kIntPtr:
           UNREACHABLE();
       }
@@ -507,12 +850,44 @@ class GraphBuilder {
 
   void EmitLoopSinglePredecessorBlock(maglev::BasicBlock* maglev_loop_header) {
     DCHECK(maglev_loop_header->is_loop());
-    DCHECK(MapContains(loop_single_edge_predecessors_, maglev_loop_header));
+
+    bool has_special_generator_handling = false;
+    V<Word32> switch_var_first_input;
+    if (pre_loop_generator_blocks_.contains(maglev_loop_header)) {
+      // This loop header used to be bypassed by generator resume edges. It will
+      // now act as a secondary switch for the generator resumes.
+      std::vector<GeneratorSplitEdge>& generator_preds =
+          pre_loop_generator_blocks_[maglev_loop_header];
+      // {generator_preds} contains all of the edges that were bypassing this
+      // loop header. Rather than adding that many predecessors to the loop
+      // header, will create a single predecessor, {pred_for_generator}, to
+      // which all of the edges of {generator_preds} will go.
+      Block* pred_for_generator = __ NewBlock();
+
+      for (GeneratorSplitEdge pred : generator_preds) {
+        __ Bind(pred.pre_loop_dst);
+        __ SetVariable(header_switch_input_,
+                       __ Word32Constant(pred.switch_value));
+        __ Goto(pred_for_generator);
+      }
+
+      __ Bind(pred_for_generator);
+      switch_var_first_input = __ GetVariable(header_switch_input_);
+      DCHECK(switch_var_first_input.valid());
+
+      BuildJump(maglev_loop_header);
+
+      has_special_generator_handling = true;
+      on_generator_switch_loop_ = true;
+    }
+
+    DCHECK(loop_single_edge_predecessors_.contains(maglev_loop_header));
     Block* loop_pred = loop_single_edge_predecessors_[maglev_loop_header];
     __ Bind(loop_pred);
 
     if (maglev_loop_header->has_phi()) {
-      ComputePredecessorPermutations(maglev_loop_header, loop_pred, true);
+      ComputePredecessorPermutations(maglev_loop_header, loop_pred, true,
+                                     has_special_generator_handling);
 
       // Now we need to emit Phis (one per loop phi in {block}, which should
       // contain the same input except for the backedge).
@@ -521,15 +896,149 @@ class GraphBuilder {
       for (maglev::Phi* phi : *maglev_loop_header->phis()) {
         constexpr int kSkipBackedge = 1;
         int input_count = phi->input_count() - kSkipBackedge;
-        loop_phis_first_input_.push_back(
-            MakePhiMaybePermuteInputs(phi, input_count));
+
+        if (has_special_generator_handling) {
+          // Adding an input to the Phis to account for the additional
+          // generator-related predecessor.
+          V<Any> additional_input;
+          switch (phi->value_representation()) {
+            case maglev::ValueRepresentation::kTagged:
+              additional_input = dummy_object_input_;
+              break;
+            case maglev::ValueRepresentation::kInt32:
+            case maglev::ValueRepresentation::kUint32:
+              additional_input = dummy_word32_input_;
+              break;
+            case maglev::ValueRepresentation::kFloat64:
+            case maglev::ValueRepresentation::kHoleyFloat64:
+              additional_input = dummy_float64_input_;
+              break;
+            case maglev::ValueRepresentation::kIntPtr:
+              // Maglev doesn't have IntPtr Phis.
+              UNREACHABLE();
+          }
+          loop_phis_first_input_.push_back(
+              MakePhiMaybePermuteInputs(phi, input_count, additional_input));
+        } else {
+          loop_phis_first_input_.push_back(
+              MakePhiMaybePermuteInputs(phi, input_count));
+        }
       }
     }
 
+    if (has_special_generator_handling) {
+      // We now emit the Phi that will be used in the loop's main switch.
+      base::SmallVector<OpIndex, 16> inputs;
+      constexpr int kSkipGeneratorPredecessor = 1;
+
+      // We insert a default input for all of the non-generator predecessor.
+      int input_count_without_generator =
+          loop_pred->PredecessorCount() - kSkipGeneratorPredecessor;
+      DCHECK(loop_default_generator_value_.valid());
+      inputs.insert(inputs.begin(), input_count_without_generator,
+                    loop_default_generator_value_);
+
+      // And we insert the "true" input for the generator predecessor (which is
+      // {pred_for_generator} above).
+      DCHECK(switch_var_first_input.valid());
+      inputs.push_back(switch_var_first_input);
+
+      __ SetVariable(
+          header_switch_input_,
+          __ Phi(base::VectorOf(inputs), RegisterRepresentation::Word32()));
+    }
+
     // Actually jumping to the loop.
     __ Goto(Map(maglev_loop_header));
   }
 
+  void PostPhiProcessing() {
+    // Loop headers that are bypassed because of generators need to be turned
+    // into secondary generator switches (so as to not be bypassed anymore).
+    // Concretely, we split the loop headers in half by inserting a Switch right
+    // after the loop phis have been emitted. Here is a visual representation of
+    // what's happening:
+    //
+    // Before:
+    //
+    //              |         ----------------------------
+    //              |         |                          |
+    //              |         |                          |
+    //              v         v                          |
+    //      +------------------------+                   |
+    //      | phi_1(...)             |                   |
+    //      | ...                    |                   |
+    //      | phi_k(...)             |                   |
+    //      | <some op 1>            |                   |
+    //      | ...                    |                   |
+    //      | <some op n>            |                   |
+    //      | Branch                 |                   |
+    //      +------------------------+                   |
+    //                 |                                 |
+    //                 |                                 |
+    //                 v                                 |
+    //
+    //
+    // After:
+    //
+    //
+    //              |         -----------------------------------
+    //              |         |                                 |
+    //              |         |                                 |
+    //              v         v                                 |
+    //      +------------------------+                          |
+    //      | phi_1(...)             |                          |
+    //      | ...                    |                          |
+    //      | phi_k(...)             |                          |
+    //      | Switch                 |                          |
+    //      +------------------------+                          |
+    //        /   |     |      \                                |
+    //       /    |     |       \                               |
+    //      /     |     |        \                              |
+    //     v      v     v         v                             |
+    //                        +------------------+              |
+    //                        | <some op 1>      |              |
+    //                        | ...              |              |
+    //                        | <some op n>      |              |
+    //                        | Branch           |              |
+    //                        +------------------+              |
+    //                                 |                        |
+    //                                 |                        |
+    //                                 v                        |
+    //
+    //
+    // Since `PostPhiProcessing` is called right after all phis have been
+    // emitted, now is thus the time to split the loop header.
+
+    if (on_generator_switch_loop_) {
+      const maglev::BasicBlock* maglev_loop_header = __ maglev_input_block();
+      DCHECK(maglev_loop_header->is_loop());
+      std::vector<GeneratorSplitEdge>& generator_preds =
+          pre_loop_generator_blocks_[maglev_loop_header];
+
+      compiler::turboshaft::SwitchOp::Case* cases =
+          __ output_graph().graph_zone()
+              -> AllocateArray<compiler::turboshaft::SwitchOp::Case>(
+                               generator_preds.size());
+
+      for (int i = 0; static_cast<unsigned int>(i) < generator_preds.size();
+           i++) {
+        GeneratorSplitEdge pred = generator_preds[i];
+        cases[i] = {pred.switch_value, pred.inside_loop_target,
+                    BranchHint::kNone};
+      }
+      Block* default_block = __ NewBlock();
+      __ Switch(__ GetVariable(header_switch_input_),
+                base::VectorOf(cases, generator_preds.size()), default_block);
+
+      // We now bind {default_block}. It will contain the rest of the loop
+      // header. The MaglevGraphProcessor will continue to visit the header's
+      // body as if nothing happened.
+      __ Bind(default_block);
+    }
+    on_generator_switch_loop_ = false;
+  }
+
   maglev::ProcessResult Process(maglev::Constant* node,
                                 const maglev::ProcessingState& state) {
     SetMap(node, __ HeapConstant(node->object().object()));
@@ -554,8 +1063,7 @@ class GraphBuilder {
   }
   maglev::ProcessResult Process(maglev::Float64Constant* node,
                                 const maglev::ProcessingState& state) {
-    SetMap(node, __ Float64Constant(
-                     base::bit_cast<double>(node->value().get_bits())));
+    SetMap(node, __ Float64Constant(node->value()));
     return maglev::ProcessResult::kContinue;
   }
   maglev::ProcessResult Process(maglev::SmiConstant* node,
@@ -570,7 +1078,11 @@ class GraphBuilder {
     SetMap(node, __ SmiConstant(node->value().ptr()));
     return maglev::ProcessResult::kContinue;
   }
-
+  maglev::ProcessResult Process(maglev::TrustedConstant* node,
+                                const maglev::ProcessingState& state) {
+    SetMap(node, __ TrustedHeapConstant(node->object().object()));
+    return maglev::ProcessResult::kContinue;
+  }
   maglev::ProcessResult Process(maglev::InitialValue* node,
                                 const maglev::ProcessingState& state) {
     // TODO(dmercadier): InitialValues are much simpler in Maglev because they
@@ -665,7 +1177,8 @@ class GraphBuilder {
     if (__ current_block()->IsLoop()) {
       DCHECK(state.block()->is_loop());
       OpIndex first_phi_input;
-      if (state.block()->predecessor_count() > 2) {
+      if (state.block()->predecessor_count() > 2 ||
+          generator_analyzer_.HeaderIsBypassed(state.block())) {
         // This loop has multiple forward edge in Maglev, so we should have
         // created an intermediate block in Turboshaft, which will be the only
         // predecessor of the Turboshaft loop, and from which we'll find the
@@ -674,7 +1187,7 @@ class GraphBuilder {
                   static_cast<size_t>(state.block()->phis()->LengthForTest()));
         DCHECK_GE(loop_phis_first_input_index_, 0);
         DCHECK_LT(loop_phis_first_input_index_, loop_phis_first_input_.size());
-        DCHECK(MapContains(loop_single_edge_predecessors_, state.block()));
+        DCHECK(loop_single_edge_predecessors_.contains(state.block()));
         DCHECK_EQ(loop_single_edge_predecessors_[state.block()],
                   __ current_block()->LastPredecessor());
         first_phi_input = loop_phis_first_input_[loop_phis_first_input_index_];
@@ -692,8 +1205,9 @@ class GraphBuilder {
     return maglev::ProcessResult::kContinue;
   }
 
-  V<Any> MakePhiMaybePermuteInputs(maglev::ValueNode* maglev_node,
-                                   int maglev_input_count) {
+  V<Any> MakePhiMaybePermuteInputs(
+      maglev::ValueNode* maglev_node, int maglev_input_count,
+      OptionalV<Any> additional_input = OptionalV<Any>::Nullopt()) {
     DCHECK(!predecessor_permutation_.empty());
 
     base::SmallVector<OpIndex, 16> inputs;
@@ -708,6 +1222,13 @@ class GraphBuilder {
       }
     }
 
+    if (additional_input.has_value()) {
+      // When a loop header was bypassed by a generator resume, we insert an
+      // additional predecessor to the loop, and thus need an additional input
+      // for the Phis.
+      inputs[inputs.size() - 1] = additional_input.value();
+    }
+
     return __ Phi(
         base::VectorOf(inputs),
         RegisterRepresentationFor(maglev_node->value_representation()));
@@ -891,7 +1412,7 @@ class GraphBuilder {
   V<Any> GenerateBuiltinCall(
       maglev::NodeBase* node, Builtin builtin,
       OptionalV<FrameState> frame_state, base::Vector<const OpIndex> arguments,
-      base::Optional<int> stack_arg_count = base::nullopt) {
+      std::optional<int> stack_arg_count = std::nullopt) {
     ThrowingScope throwing_scope(this, node);
 
     Callable callable = Builtins::CallableFor(isolate_, builtin);
@@ -969,12 +1490,14 @@ class GraphBuilder {
   maglev::ProcessResult Process(maglev::CallRuntime* node,
                                 const maglev::ProcessingState& state) {
     ThrowingScope throwing_scope(this, node);
+    LazyDeoptOnThrow lazy_deopt_on_throw = ShouldLazyDeoptOnThrow(node);
 
     auto c_entry_stub = __ CEntryStubConstant(isolate_, node->ReturnCount());
 
     CallDescriptor* call_descriptor = Linkage::GetRuntimeCallDescriptor(
         graph_zone(), node->function_id(), node->num_args(),
-        Operator::kNoProperties, CallDescriptor::kNeedsFrameState);
+        Operator::kNoProperties, CallDescriptor::kNeedsFrameState,
+        lazy_deopt_on_throw);
 
     base::SmallVector<OpIndex, 16> arguments;
     for (int i = 0; i < node->num_args(); i++) {
@@ -992,8 +1515,8 @@ class GraphBuilder {
       GET_FRAME_STATE_MAYBE_ABORT(frame_state_value, node->lazy_deopt_info());
       frame_state = frame_state_value;
     }
-
-    LazyDeoptOnThrow lazy_deopt_on_throw = ShouldLazyDeoptOnThrow(node);
+    DCHECK_IMPLIES(lazy_deopt_on_throw == LazyDeoptOnThrow::kYes,
+                   frame_state.has_value());
 
     V<Any> call_idx =
         __ Call(c_entry_stub, frame_state, base::VectorOf(arguments),
@@ -1558,6 +2081,20 @@ class GraphBuilder {
     return maglev::ProcessResult::kContinue;
   }
 
+  maglev::ProcessResult Process(maglev::GetTemplateObject* node,
+                                const maglev::ProcessingState& state) {
+    GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->lazy_deopt_info());
+
+    OpIndex arguments[] = {
+        __ HeapConstant(node->shared_function_info().object()),
+        Map(node->description()), __ WordPtrConstant(node->feedback().index()),
+        __ HeapConstant(node->feedback().vector), native_context()};
+
+    SetMap(node, GenerateBuiltinCall(node, Builtin::kGetTemplateObject,
+                                     frame_state, base::VectorOf(arguments)));
+    return maglev::ProcessResult::kContinue;
+  }
+
   maglev::ProcessResult Process(maglev::CreateObjectLiteral* node,
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->lazy_deopt_info());
@@ -1638,6 +2175,19 @@ class GraphBuilder {
                          node->eager_deopt_info()->feedback_to_update());
     return maglev::ProcessResult::kContinue;
   }
+  maglev::ProcessResult Process(maglev::CheckHoleyFloat64IsSmi* node,
+                                const maglev::ProcessingState& state) {
+    GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
+    V<Word32> w32 = __ ChangeFloat64ToInt32OrDeopt(
+        Map(node->input()), frame_state,
+        CheckForMinusZeroMode::kCheckForMinusZero,
+        node->eager_deopt_info()->feedback_to_update());
+    if (!SmiValuesAre32Bits()) {
+      DeoptIfInt32IsNotSmi(w32, frame_state,
+                           node->eager_deopt_info()->feedback_to_update());
+    }
+    return maglev::ProcessResult::kContinue;
+  }
   maglev::ProcessResult Process(maglev::CheckNumber* node,
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
@@ -1661,6 +2211,14 @@ class GraphBuilder {
                     node->eager_deopt_info()->feedback_to_update());
     return maglev::ProcessResult::kContinue;
   }
+  maglev::ProcessResult Process(maglev::CheckFloat64IsNan* node,
+                                const maglev::ProcessingState& state) {
+    GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
+    __ DeoptimizeIfNot(__ Float64IsNaN(Map(node->target_input())), frame_state,
+                       DeoptimizeReason::kWrongValue,
+                       node->eager_deopt_info()->feedback_to_update());
+    return maglev::ProcessResult::kContinue;
+  }
   void CheckMaps(V<Object> receiver_input, V<FrameState> frame_state,
                  const FeedbackSource& feedback,
                  const compiler::ZoneRefSet<Map>& maps, bool check_heap_object,
@@ -1701,7 +2259,8 @@ class GraphBuilder {
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
     CheckMaps(Map(node->receiver_input()), frame_state,
-              node->eager_deopt_info()->feedback_to_update(), node->maps(),
+              node->eager_deopt_info()->feedback_to_update(),
+              node->maps().Clone(graph_zone()),
               node->check_type() == maglev::CheckType::kCheckHeapObject,
               /* try_migrate */ false);
     return maglev::ProcessResult::kContinue;
@@ -1710,11 +2269,21 @@ class GraphBuilder {
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
     CheckMaps(Map(node->receiver_input()), frame_state,
-              node->eager_deopt_info()->feedback_to_update(), node->maps(),
+              node->eager_deopt_info()->feedback_to_update(),
+              node->maps().Clone(graph_zone()),
               node->check_type() == maglev::CheckType::kCheckHeapObject,
               /* try_migrate */ true);
     return maglev::ProcessResult::kContinue;
   }
+  maglev::ProcessResult Process(maglev::MigrateMapIfNeeded* node,
+                                const maglev::ProcessingState& state) {
+    GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
+    SetMap(node,
+           __ MigrateMapIfNeeded(
+               Map(node->object_input()), Map(node->map_input()), frame_state,
+               node->eager_deopt_info()->feedback_to_update()));
+    return maglev::ProcessResult::kContinue;
+  }
   maglev::ProcessResult Process(maglev::CheckValue* node,
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
@@ -1886,6 +2455,16 @@ class GraphBuilder {
     return maglev::ProcessResult::kContinue;
   }
 
+  maglev::ProcessResult Process(maglev::ExtendPropertiesBackingStore* node,
+                                const maglev::ProcessingState& state) {
+    GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
+    SetMap(node, __ ExtendPropertiesBackingStore(
+                     Map(node->property_array_input()),
+                     Map(node->object_input()), node->old_length(), frame_state,
+                     node->eager_deopt_info()->feedback_to_update()));
+    return maglev::ProcessResult::kContinue;
+  }
+
   maglev::ProcessResult Process(maglev::TransitionElementsKindOrCheckMap* node,
                                 const maglev::ProcessingState& state) {
     GET_FRAME_STATE_MAYBE_ABORT(frame_state, node->eager_deopt_info());
@@ -2119,16 +2698,30 @@ class GraphBuilder {
     return maglev::ProcessResult::kContinue;
   }
 
-  maglev::ProcessResult Process(maglev::LoadTaggedField* node,
+  template <typename T>
+  maglev::ProcessResult Process(maglev::AbstractLoadTaggedField<T>* node,
                                 const maglev::ProcessingState& state) {
-    SetMap(node, __ LoadTaggedField(Map(node->object_input()), node->offset()));
+    V<Object> value =
+        __ LoadTaggedField(Map(node->object_input()), node->offset());
+    SetMap(node, value);
+
+    if (generator_analyzer_.has_header_bypasses() &&
+        maglev_generator_context_node_ == nullptr &&
+        node->object_input().node()->template Is<maglev::RegisterInput>() &&
+        node->offset() == JSGeneratorObject::kContextOffset) {
+      // This is loading the context of a generator for the 1st time. We save it
+      // in {generator_context_} for later use.
+      __ SetVariable(generator_context_, value);
+      maglev_generator_context_node_ = node;
+    }
+
     return maglev::ProcessResult::kContinue;
   }
   maglev::ProcessResult Process(maglev::LoadDoubleField* node,
                                 const maglev::ProcessingState& state) {
     V<HeapNumber> field = __ LoadTaggedField<HeapNumber>(
         Map(node->object_input()), node->offset());
-    SetMap(node, __ LoadField(field, AccessBuilder::ForHeapNumberValue()));
+    SetMap(node, __ LoadHeapNumberValue(field));
     return maglev::ProcessResult::kContinue;
   }
   maglev::ProcessResult Process(maglev::LoadFixedArrayElement* node,
@@ -2190,6 +2783,16 @@ class GraphBuilder {
                   Map(node->value_input()));
     return maglev::ProcessResult::kContinue;
   }
+  maglev::ProcessResult Process(
+      maglev::StoreTrustedPointerFieldWithWriteBarrier* node,
+      const maglev::ProcessingState& state) {
+    __ Store(Map(node->object_input()), Map(node->value_input()),
+             StoreOp::Kind::TaggedBase(),
+             MemoryRepresentation::IndirectPointer(),
+             WriteBarrierKind::kIndirectPointerWriteBarrier, node->offset(),
+             node->initializing_or_transitioning());
+    return maglev::ProcessResult::kContinue;
+  }
   maglev::ProcessResult Process(
       maglev::StoreFixedArrayElementNoWriteBarrier* node,
       const maglev::ProcessingState& state) {
@@ -2450,7 +3053,8 @@ class GraphBuilder {
 
   void BuildJump(maglev::BasicBlock* target) {
     Block* destination = Map(target);
-    if (target->is_loop() && target->predecessor_count() > 2) {
+    if (target->is_loop() && (target->predecessor_count() > 2 ||
+                              generator_analyzer_.HeaderIsBypassed(target))) {
       // This loop has multiple forward edge in Maglev, so we'll create an extra
       // block in Turboshaft that will be the only predecessor.
       auto it = loop_single_edge_predecessors_.find(target);
@@ -2464,6 +3068,7 @@ class GraphBuilder {
     }
     __ Goto(destination);
   }
+
   maglev::ProcessResult Process(maglev::Jump* node,
                                 const maglev::ProcessingState& state) {
     BuildJump(node->target());
@@ -2477,6 +3082,9 @@ class GraphBuilder {
 
   maglev::ProcessResult Process(maglev::JumpLoop* node,
                                 const maglev::ProcessingState& state) {
+    if (header_switch_input_.valid()) {
+      __ SetVariable(header_switch_input_, loop_default_generator_value_);
+    }
     __ Goto(Map(node->target()));
     FixLoopPhis(node->target());
     return maglev::ProcessResult::kContinue;
@@ -2560,7 +3168,8 @@ class GraphBuilder {
       case interpreter::TestTypeOfFlags::LiteralFlag::kBoolean:
         result = __ Select(__ RootEqual(input, RootIndex::kTrueValue, isolate_),
                            __ HeapConstant(local_factory_->true_value()),
-                           __ HeapConstant(local_factory_->false_value()),
+                           ConvertWord32ToJSBool(__ RootEqual(
+                               input, RootIndex::kFalseValue, isolate_)),
                            RegisterRepresentation::Tagged(), BranchHint::kNone,
                            SelectOp::Implementation::kBranch);
         break;
@@ -2720,6 +3329,61 @@ class GraphBuilder {
 
   maglev::ProcessResult Process(maglev::Switch* node,
                                 const maglev::ProcessingState& state) {
+    if (is_visiting_generator_main_switch_) {
+      // This is the main resume-switch for a generator, and some of its target
+      // bypass loop headers. We need to re-route the destinations to the
+      // bypassed loop headers, where secondary switches will be inserted.
+
+      compiler::turboshaft::SwitchOp::Case* cases =
+          __ output_graph().graph_zone()
+              -> AllocateArray<compiler::turboshaft::SwitchOp::Case>(
+                               node->size());
+
+      DCHECK_EQ(0, node->value_base());
+
+      for (int i = 0; i < node->size(); i++) {
+        maglev::BasicBlock* target = node->targets()[i].block_ptr();
+        if (generator_analyzer_.JumpBypassesHeader(target)) {
+          Block* new_dst = __ NewBlock();
+
+          const maglev::BasicBlock* innermost_bypassed_header =
+              generator_analyzer_.GetInnermostBypassedHeader(target);
+
+          pre_loop_generator_blocks_[innermost_bypassed_header].push_back(
+              {new_dst, Map(target), i});
+
+          // {innermost_bypassed_header} is only the innermost bypassed header.
+          // We also need to record bypasses of outer headers. In the end, we
+          // want this main Switch to go to before the outermost header, which
+          // will dispatch to the next inner loop, and so on until the innermost
+          // loop header and then to the initial destination.
+          for (const maglev::BasicBlock* bypassed_header =
+                   generator_analyzer_.GetLoopHeader(innermost_bypassed_header);
+               bypassed_header != nullptr;
+               bypassed_header =
+                   generator_analyzer_.GetLoopHeader(bypassed_header)) {
+            Block* prev_loop_dst = __ NewBlock();
+            pre_loop_generator_blocks_[bypassed_header].push_back(
+                {prev_loop_dst, new_dst, i});
+            new_dst = prev_loop_dst;
+          }
+
+          cases[i] = {i, new_dst, BranchHint::kNone};
+
+        } else {
+          cases[i] = {i, Map(target), BranchHint::kNone};
+        }
+      }
+
+      Block* default_block = __ NewBlock();
+      __ Switch(Map(node->value()), base::VectorOf(cases, node->size()),
+                default_block);
+      __ Bind(default_block);
+      __ Unreachable();
+
+      return maglev::ProcessResult::kContinue;
+    }
+
     compiler::turboshaft::SwitchOp::Case* cases =
         __ output_graph().graph_zone()
             -> AllocateArray<compiler::turboshaft::SwitchOp::Case>(
@@ -3159,6 +3823,10 @@ class GraphBuilder {
       case maglev::TaggedToFloat64ConversionType::kOnlyNumber:
         kind = ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::kNumber;
         break;
+      case maglev::TaggedToFloat64ConversionType::kNumberOrBoolean:
+        kind = ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::
+            kNumberOrBoolean;
+        break;
       case maglev::TaggedToFloat64ConversionType::kNumberOrOddball:
         kind = ConvertJSPrimitiveToUntaggedOrDeoptOp::JSPrimitiveKind::
             kNumberOrOddball;
@@ -3274,6 +3942,10 @@ class GraphBuilder {
         input_requirement =
             TruncateJSPrimitiveToUntaggedOrDeoptOp::InputRequirement::kNumber;
         break;
+      case maglev::TaggedToFloat64ConversionType::kNumberOrBoolean:
+        input_requirement = TruncateJSPrimitiveToUntaggedOrDeoptOp::
+            InputRequirement::kNumberOrBoolean;
+        break;
       case maglev::TaggedToFloat64ConversionType::kNumberOrOddball:
         input_requirement = TruncateJSPrimitiveToUntaggedOrDeoptOp::
             InputRequirement::kNumberOrOddball;
@@ -3439,7 +4111,7 @@ class GraphBuilder {
           frame_state, DeoptimizeReason::kNotAHeapNumber,
           node->eager_deopt_info()->feedback_to_update());
       result = Float64ToUint8Clamped(
-          __ LoadField<Float64>(value, AccessBuilder::ForHeapNumberValue()));
+          __ LoadHeapNumberValue(V<HeapNumber>::Cast(value)));
     }
     RETURN_IF_UNREACHABLE();
     SetMap(node, result);
@@ -3481,8 +4153,36 @@ class GraphBuilder {
     return maglev::ProcessResult::kContinue;
   }
 
+  maglev::ProcessResult Process(maglev::GeneratorStore* node,
+                                const maglev::ProcessingState& state) {
+    base::SmallVector<OpIndex, 32> parameters_and_registers;
+    int num_parameters_and_registers = node->num_parameters_and_registers();
+    for (int i = 0; i < num_parameters_and_registers; i++) {
+      parameters_and_registers.push_back(
+          Map(node->parameters_and_registers(i)));
+    }
+    __ GeneratorStore(Map(node->context_input()), Map(node->generator_input()),
+                      parameters_and_registers, node->suspend_id(),
+                      node->bytecode_offset());
+    return maglev::ProcessResult::kContinue;
+  }
+  maglev::ProcessResult Process(maglev::GeneratorRestoreRegister* node,
+                                const maglev::ProcessingState& state) {
+    V<FixedArray> array = Map(node->array_input());
+    V<Object> result =
+        __ LoadTaggedField(array, FixedArray::OffsetOfElementAt(node->index()));
+    __ Store(array, Map(node->stale_input()), StoreOp::Kind::TaggedBase(),
+             MemoryRepresentation::TaggedSigned(),
+             WriteBarrierKind::kNoWriteBarrier,
+             FixedArray::OffsetOfElementAt(node->index()));
+
+    SetMap(node, result);
+
+    return maglev::ProcessResult::kContinue;
+  }
+
   maglev::ProcessResult Process(maglev::Abort* node,
-                                const maglev::ProcessingState&) {
+                                const maglev::ProcessingState& state) {
     __ RuntimeAbort(node->reason());
     // TODO(dmercadier): remove this `Unreachable` once RuntimeAbort is marked
     // as a block terminator.
@@ -3491,11 +4191,42 @@ class GraphBuilder {
   }
 
   maglev::ProcessResult Process(maglev::Identity* node,
-                                const maglev::ProcessingState& state) {
+                                const maglev::ProcessingState&) {
     SetMap(node, Map(node->input(0)));
     return maglev::ProcessResult::kContinue;
   }
 
+  maglev::ProcessResult Process(maglev::Dead*, const maglev::ProcessingState&) {
+    // Nothing to do; `Dead` is in Maglev to kill a node when removing it
+    // directly from the graph is not possible.
+    return maglev::ProcessResult::kContinue;
+  }
+
+  maglev::ProcessResult Process(maglev::DebugBreak*,
+                                const maglev::ProcessingState&) {
+    __ DebugBreak();
+    return maglev::ProcessResult::kContinue;
+  }
+
+  maglev::ProcessResult Process(maglev::GapMove*,
+                                const maglev::ProcessingState&) {
+    // GapMove nodes are created by Maglev's register allocator, which
+    // doesn't run when using Maglev as a frontend for Turboshaft.
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::ConstantGapMove*,
+                                const maglev::ProcessingState&) {
+    // ConstantGapMove nodes are created by Maglev's register allocator, which
+    // doesn't run when using Maglev as a frontend for Turboshaft.
+    UNREACHABLE();
+  }
+
+  maglev::ProcessResult Process(maglev::VirtualObject*,
+                                const maglev::ProcessingState&) {
+    // VirtualObjects should never be part of the Maglev graph.
+    UNREACHABLE();
+  }
+
   maglev::ProcessResult Process(maglev::GetSecondReturnedValue* node,
                                 const maglev::ProcessingState& state) {
     DCHECK(second_return_value_.valid());
@@ -3549,15 +4280,60 @@ class GraphBuilder {
   }
 #endif  // V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
 
-  template <typename NodeT>
-  maglev::ProcessResult Process(NodeT* node,
-                                const maglev::ProcessingState& state) {
-    // TODO(dmercadier): remove this bailout. It's currently useful so that we
-    // can run any program without crashing, and it allows to differential-fuzz
-    // more easily. Long-term, we never want to bailout during graph building
-    // (at least, not because some translation is unimplemented).
-    *bailout_ = BailoutReason::kGraphBuildingFailed;
-    return maglev::ProcessResult::kAbort;
+  maglev::ProcessResult Process(maglev::AssertInt32* node,
+                                const maglev::ProcessingState&) {
+    bool negate_result = false;
+    V<Word32> cmp = ConvertInt32Compare(node->left_input(), node->right_input(),
+                                        node->condition(), &negate_result);
+    Label<> abort(this);
+    Label<> end(this);
+    if (negate_result) {
+      GOTO_IF(cmp, abort);
+    } else {
+      GOTO_IF_NOT(cmp, abort);
+    }
+    GOTO(end);
+
+    BIND(abort);
+    __ RuntimeAbort(node->reason());
+    __ Unreachable();
+
+    BIND(end);
+    return maglev::ProcessResult::kContinue;
+  }
+
+  maglev::ProcessResult Process(maglev::CallSelf*,
+                                const maglev::ProcessingState&) {
+    // CallSelf nodes are only created when Maglev is the top-tier compiler
+    // (which can't be the case here, since we're currently compiling for
+    // Turboshaft).
+    UNREACHABLE();
+  }
+
+  // Nodes unused by maglev but still existing.
+  maglev::ProcessResult Process(maglev::ExternalConstant*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::CheckUint32IsSmi*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::CallCPPBuiltin*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::UnsafeTruncateUint32ToInt32*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::UnsafeTruncateFloat64ToInt32*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
+  }
+  maglev::ProcessResult Process(maglev::BranchIfTypeOf*,
+                                const maglev::ProcessingState&) {
+    UNREACHABLE();
   }
 
   AssemblerT& Asm() { return assembler_; }
@@ -3887,8 +4663,16 @@ class GraphBuilder {
                              const maglev::VirtualObject::List& virtual_objects,
                              const maglev::VirtualObject* vobj) {
     if (vobj->type() == maglev::VirtualObject::kHeapNumber) {
+      // We need to add HeapNumbers as dematerialized HeapNumbers (rather than
+      // simply NumberConstant), because they could be mutable HeapNumber
+      // fields, in which case we don't want GVN to merge them.
+      constexpr int kNumberOfField = 2;  // map + value
+      builder.AddDematerializedObject(deduplicator_.CreateFreshId().id,
+                                      kNumberOfField);
       builder.AddInput(MachineType::AnyTagged(),
-                       __ NumberConstant(vobj->number().get_scalar()));
+                       __ HeapConstant(local_factory_->heap_number_map()));
+      builder.AddInput(MachineType::Float64(),
+                       __ Float64Constant(vobj->number()));
       return;
     }
 
@@ -3979,6 +4763,13 @@ class GraphBuilder {
               __ SmiConstant(value->Cast<maglev::SmiConstant>()->value()));
           break;
 
+        case maglev::Opcode::kTrustedConstant:
+          builder.AddInput(
+              MachineType::AnyTagged(),
+              __ TrustedHeapConstant(
+                  value->Cast<maglev::TrustedConstant>()->object().object()));
+          break;
+
         case maglev::Opcode::kTaggedIndexConstant:
         case maglev::Opcode::kExternalConstant:
         default:
@@ -4021,15 +4812,21 @@ class GraphBuilder {
         }
       }
       object_ids_.push_back(object);
-      return {static_cast<uint32_t>(object_ids_.size() - 1), false};
+      return {next_id_++, false};
     }
 
-    void Reset() { object_ids_.clear(); }
+    DuplicatedId CreateFreshId() { return {next_id_++, false}; }
+
+    void Reset() {
+      object_ids_.clear();
+      next_id_ = 0;
+    }
 
     static const uint32_t kNotDuplicated = -1;
 
    private:
     std::vector<const maglev::VirtualObject*> object_ids_{10};
+    uint32_t next_id_ = 0;
   };
 
   OutputFrameStateCombine ComputeCombine(maglev::InterpretedDeoptFrame& frame,
@@ -4226,8 +5023,12 @@ class GraphBuilder {
   void DeoptIfInt32IsNotSmi(maglev::Input maglev_input,
                             V<FrameState> frame_state,
                             const compiler::FeedbackSource& feedback) {
+    return DeoptIfInt32IsNotSmi(Map<Word32>(maglev_input), frame_state,
+                                feedback);
+  }
+  void DeoptIfInt32IsNotSmi(V<Word32> input, V<FrameState> frame_state,
+                            const compiler::FeedbackSource& feedback) {
     // TODO(dmercadier): is there no higher level way of doing this?
-    V<Word32> input = Map<Word32>(maglev_input);
     V<Tuple<Word32, Word32>> add = __ Int32AddCheckOverflow(input, input);
     V<Word32> check = __ template Projection<1>(add);
     __ DeoptimizeIf(check, frame_state, DeoptimizeReason::kNotASmi, feedback);
@@ -4521,7 +5322,10 @@ class GraphBuilder {
       auto it = regs_to_vars_.find(owner.index());
       Variable var;
       if (it == regs_to_vars_.end()) {
-        var = __ NewVariable(RegisterRepresentation::Tagged());
+        // We use a LoopInvariantVariable: if loop phis were needed, then the
+        // Maglev value would already be a loop Phi, and we wouldn't need
+        // Turboshaft to automatically insert a loop phi.
+        var = __ NewLoopInvariantVariable(RegisterRepresentation::Tagged());
         regs_to_vars_.insert({owner.index(), var});
       } else {
         var = it->second;
@@ -4537,6 +5341,9 @@ class GraphBuilder {
   }
   OpIndex Map(const maglev::Input input) { return Map(input.node()); }
   OpIndex Map(const maglev::NodeBase* node) {
+    if (V8_UNLIKELY(node == maglev_generator_context_node_)) {
+      return __ GetVariable(generator_context_);
+    }
     DCHECK(node_mapping_[node].valid());
     return node_mapping_[node];
   }
@@ -4607,7 +5414,8 @@ class GraphBuilder {
   // {loop_single_edge_predecessors_}), and jumps to the loop will instead go to
   // this additional block, which will become the only forward predecessor of
   // the loop.
-  ZoneUnorderedMap<maglev::BasicBlock*, Block*> loop_single_edge_predecessors_;
+  ZoneUnorderedMap<const maglev::BasicBlock*, Block*>
+      loop_single_edge_predecessors_;
   // When we create an additional loop predecessor for loops that have multiple
   // forward predecessors, we store the newly created phis in
   // {loop_phis_first_input_}, so that we can then use them as the first input
@@ -4635,11 +5443,58 @@ class GraphBuilder {
   ZoneAbslFlatHashMap<OpIndex, maglev::ValueRepresentation>
       maglev_representations_;
 
+  GeneratorAnalyzer generator_analyzer_;
+  static constexpr int kDefaultSwitchVarValue = -1;
+  // {is_visiting_generator_main_switch_} is true if the function is a resumable
+  // generator, and the current input block is the main dispatch switch for
+  // resuming the generator.
+  bool is_visiting_generator_main_switch_ = false;
+  // {on_generator_switch_loop_} is true if the current input block is a loop
+  // that used to be bypassed by generator resumes, and thus that needs a
+  // secondary generator dispatch switch.
+  bool on_generator_switch_loop_ = false;
+  // {header_switch_input_} is the value on which secondary generator switches
+  // should switch.
+  Variable header_switch_input_;
+  // When secondary dispatch switches for generators are created,
+  // {loop_default_generator_value_} is used as the default inputs for
+  // {header_switch_input_} for edges that weren't manually inserted in the
+  // translation for generators.
+  V<Word32> loop_default_generator_value_ = V<Word32>::Invalid();
+  // If the main generator switch bypasses some loop headers, we'll need to
+  // add an additional predecessor to these loop headers to get rid of the
+  // bypass. If we do so, we'll need a dummy input for the loop Phis, which
+  // we create here.
+  V<Object> dummy_object_input_ = V<Object>::Invalid();
+  V<Word32> dummy_word32_input_ = V<Word32>::Invalid();
+  V<Float64> dummy_float64_input_ = V<Float64>::Invalid();
+  // {maglev_generator_context_node_} is the 1st Maglev node that load the
+  // context from the generator. Because of the removal of loop header bypasses,
+  // we can end up using this node in place that's not dominated by the block
+  // defining this node. To fix this problem, when loading the context from the
+  // generator for the 1st time, we set {generator_context_}, and in `Map`, we
+  // always check whether we're trying to get the generator context (=
+  // {maglev_generator_context_node_}): if so, then we get the value from
+  // {generator_context_} instead. Note that {generator_context_} is initialized
+  // with a dummy value (NoContextConstant) so that valid Phis get inserted
+  // where needed, but by construction, we'll never actually use this dummy
+  // value.
+  maglev::NodeBase* maglev_generator_context_node_ = nullptr;
+  Variable generator_context_;
+
+  struct GeneratorSplitEdge {
+    Block* pre_loop_dst;
+    Block* inside_loop_target;
+    int switch_value;
+  };
+  std::unordered_map<const maglev::BasicBlock*, std::vector<GeneratorSplitEdge>>
+      pre_loop_generator_blocks_;
+
   V<NativeContext> native_context_ = V<NativeContext>::Invalid();
   V<Object> new_target_param_ = V<Object>::Invalid();
   base::SmallVector<int, 16> predecessor_permutation_;
 
-  base::Optional<BailoutReason>* bailout_;
+  std::optional<BailoutReason>* bailout_;
 };
 
 // A NodeProcessor wrapper around GraphBuilder that takes care of
@@ -4651,7 +5506,7 @@ class NodeProcessorBase : public GraphBuilder {
 
   NodeProcessorBase(PipelineData* data, Graph& graph, Zone* temp_zone,
                     maglev::MaglevCompilationUnit* maglev_compilation_unit,
-                    base::Optional<BailoutReason>* bailout)
+                    std::optional<BailoutReason>* bailout)
       : GraphBuilder::GraphBuilder(data, graph, temp_zone,
                                    maglev_compilation_unit, bailout),
         graph_(graph),
@@ -4667,12 +5522,12 @@ class NodeProcessorBase : public GraphBuilder {
       // just return kContinue for simplicity.
       return maglev::ProcessResult::kContinue;
     } else {
-      OpIndex last_index_before = graph_.LastOperation();
+      OpIndex end_index_before = graph_.EndIndex();
       maglev::ProcessResult result = GraphBuilder::Process(node, state);
 
       // Recording the SourcePositions of the OpIndex that were just created.
       SourcePosition source = labeller_->GetNodeProvenance(node).position;
-      for (OpIndex idx = last_index_before; idx != graph_.LastOperation();
+      for (OpIndex idx = end_index_before; idx != graph_.EndIndex();
            idx = graph_.NextIndex(idx)) {
         graph_.source_positions()[idx] = source;
       }
@@ -4761,8 +5616,8 @@ void RunMaglevOptimizations(PipelineData* data,
   }
 }
 
-base::Optional<BailoutReason> MaglevGraphBuildingPhase::Run(PipelineData* data,
-                                                            Zone* temp_zone) {
+std::optional<BailoutReason> MaglevGraphBuildingPhase::Run(PipelineData* data,
+                                                           Zone* temp_zone) {
   JSHeapBroker* broker = data->broker();
   UnparkedScopeIfNeeded unparked_scope(broker);
 
@@ -4801,7 +5656,7 @@ base::Optional<BailoutReason> MaglevGraphBuildingPhase::Run(PipelineData* data,
   // TODO(nicohartmann): Should we have source positions here?
   data->InitializeGraphComponent(nullptr);
 
-  base::Optional<BailoutReason> bailout;
+  std::optional<BailoutReason> bailout;
   maglev::GraphProcessor<NodeProcessorBase, true> builder(
       data, data->graph(), temp_zone,
       compilation_info->toplevel_compilation_unit(), &bailout);
diff --git a/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.h b/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.h
index 7cd3a58287d3a4..10335dec408413 100644
--- a/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.h
+++ b/deps/v8/src/compiler/turboshaft/maglev-graph-building-phase.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_MAGLEV_GRAPH_BUILDING_PHASE_H_
 #define V8_COMPILER_TURBOSHAFT_MAGLEV_GRAPH_BUILDING_PHASE_H_
 
+#include <optional>
+
 #include "src/compiler/turboshaft/phase.h"
 #include "src/zone/zone.h"
 
@@ -13,7 +15,7 @@ namespace v8::internal::compiler::turboshaft {
 struct MaglevGraphBuildingPhase {
   DECL_TURBOSHAFT_PHASE_CONSTANTS(MaglevGraphBuilding)
 
-  base::Optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone);
+  std::optional<BailoutReason> Run(PipelineData* data, Zone* temp_zone);
 };
 
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.cc b/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.cc
index 8bd243d75b7145..62924ae971d686 100644
--- a/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.cc
+++ b/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/turboshaft/memory-optimization-reducer.h"
 
+#include <optional>
+
 #include "src/codegen/interface-descriptors-inl.h"
 #include "src/compiler/linkage.h"
 #include "src/roots/roots-inl.h"
@@ -65,7 +67,7 @@ void MemoryAnalyzer::Process(const Operation& op) {
 void MemoryAnalyzer::ProcessBlockTerminator(const Operation& op) {
   if (auto* goto_op = op.TryCast<GotoOp>()) {
     if (input_graph.IsLoopBackedge(*goto_op)) {
-      base::Optional<BlockState>& target_state =
+      std::optional<BlockState>& target_state =
           block_states[goto_op->destination->index()];
       BlockState old_state = *target_state;
       MergeCurrentStateIntoSuccessor(goto_op->destination);
@@ -74,7 +76,7 @@ void MemoryAnalyzer::ProcessBlockTerminator(const Operation& op) {
         // allocation before the loop, since this leads to unbounded
         // allocation size. An unknown `reserved_size` will prevent adding
         // allocations inside of the loop.
-        target_state->reserved_size = base::nullopt;
+        target_state->reserved_size = std::nullopt;
         // Redo the analysis from the beginning of the loop.
         current_block = goto_op->destination->index();
       }
@@ -101,7 +103,7 @@ void MemoryAnalyzer::ProcessBlockTerminator(const Operation& op) {
 // dominating relationship.
 void MemoryAnalyzer::ProcessAllocation(const AllocateOp& alloc) {
   if (ShouldSkipOptimizationStep()) return;
-  base::Optional<uint64_t> new_size;
+  std::optional<uint64_t> new_size;
   if (auto* size =
           input_graph.Get(alloc.size()).template TryCast<ConstantOp>()) {
     new_size = size->integral();
@@ -122,7 +124,7 @@ void MemoryAnalyzer::ProcessAllocation(const AllocateOp& alloc) {
     return;
   }
   state.last_allocation = &alloc;
-  state.reserved_size = base::nullopt;
+  state.reserved_size = std::nullopt;
   if (new_size.has_value() && *new_size <= kMaxRegularHeapObjectSize) {
     state.reserved_size = static_cast<uint32_t>(*new_size);
   }
@@ -145,7 +147,7 @@ void MemoryAnalyzer::ProcessStore(const StoreOp& store) {
 }
 
 void MemoryAnalyzer::MergeCurrentStateIntoSuccessor(const Block* successor) {
-  base::Optional<BlockState>& target_state = block_states[successor->index()];
+  std::optional<BlockState>& target_state = block_states[successor->index()];
   if (!target_state.has_value()) {
     target_state = state;
     return;
@@ -164,7 +166,7 @@ void MemoryAnalyzer::MergeCurrentStateIntoSuccessor(const Block* successor) {
     target_state->reserved_size =
         std::max(*target_state->reserved_size, *state.reserved_size);
   } else {
-    target_state->reserved_size = base::nullopt;
+    target_state->reserved_size = std::nullopt;
   }
 }
 
diff --git a/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.h b/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.h
index 949e535e3d5d4a..c69dece9f42cf8 100644
--- a/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/memory-optimization-reducer.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_MEMORY_OPTIMIZATION_REDUCER_H_
 #define V8_COMPILER_TURBOSHAFT_MEMORY_OPTIMIZATION_REDUCER_H_
 
+#include <optional>
+
 #include "src/base/template-utils.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/external-reference.h"
@@ -100,14 +102,14 @@ struct MemoryAnalyzer {
 
   struct BlockState {
     const AllocateOp* last_allocation = nullptr;
-    base::Optional<uint32_t> reserved_size = base::nullopt;
+    std::optional<uint32_t> reserved_size = std::nullopt;
 
     bool operator!=(const BlockState& other) {
       return last_allocation != other.last_allocation ||
              reserved_size != other.reserved_size;
     }
   };
-  FixedBlockSidetable<base::Optional<BlockState>> block_states{
+  FixedBlockSidetable<std::optional<BlockState>> block_states{
       input_graph.block_count(), phase_zone};
   ZoneAbslFlatHashMap<const AllocateOp*, const AllocateOp*> folded_into{
       phase_zone};
@@ -156,13 +158,13 @@ struct MemoryAnalyzer {
         input_graph.Get(op).template TryCast<AllocateOp>());
   }
 
-  base::Optional<uint32_t> ReservedSize(V<AnyOrNone> alloc) {
+  std::optional<uint32_t> ReservedSize(V<AnyOrNone> alloc) {
     if (auto it = reserved_size.find(
             input_graph.Get(alloc).template TryCast<AllocateOp>());
         it != reserved_size.end()) {
       return it->second;
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   void Run();
@@ -446,10 +448,10 @@ class MemoryOptimizationReducer : public Next {
   }
 
  private:
-  base::Optional<MemoryAnalyzer> analyzer_;
+  std::optional<MemoryAnalyzer> analyzer_;
   Isolate* isolate_ = __ data() -> isolate();
   const TSCallDescriptor* allocate_builtin_descriptor_ = nullptr;
-  base::Optional<Variable> top_[2];
+  std::optional<Variable> top_[2];
 
   static_assert(static_cast<int>(AllocationType::kYoung) == 0);
   static_assert(static_cast<int>(AllocationType::kOld) == 1);
diff --git a/deps/v8/src/compiler/turboshaft/operation-matcher.h b/deps/v8/src/compiler/turboshaft/operation-matcher.h
index ecf9ab62c16327..925dfc69d1cd9c 100644
--- a/deps/v8/src/compiler/turboshaft/operation-matcher.h
+++ b/deps/v8/src/compiler/turboshaft/operation-matcher.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_OPERATION_MATCHER_H_
 
 #include <limits>
+#include <optional>
 #include <type_traits>
 
 #include "src/compiler/turboshaft/graph.h"
@@ -45,9 +46,9 @@ class OperationMatcher {
       case ConstantOp::Kind::kWord64:
         return op->integral() == 0;
       case ConstantOp::Kind::kFloat32:
-        return op->float32() == 0;
+        return op->float32().get_scalar() == 0;
       case ConstantOp::Kind::kFloat64:
-        return op->float64() == 0;
+        return op->float64().get_scalar() == 0;
       case ConstantOp::Kind::kSmi:
         return op->smi().value() == 0;
       default:
@@ -68,6 +69,14 @@ class OperationMatcher {
   }
 
   bool MatchFloat32Constant(OpIndex matched, float* constant) const {
+    const ConstantOp* op = TryCast<ConstantOp>(matched);
+    if (!op) return false;
+    if (op->kind != ConstantOp::Kind::kFloat32) return false;
+    *constant = op->storage.float32.get_scalar();
+    return true;
+  }
+
+  bool MatchFloat32Constant(OpIndex matched, i::Float32* constant) const {
     const ConstantOp* op = TryCast<ConstantOp>(matched);
     if (!op) return false;
     if (op->kind != ConstantOp::Kind::kFloat32) return false;
@@ -76,6 +85,14 @@ class OperationMatcher {
   }
 
   bool MatchFloat64Constant(OpIndex matched, double* constant) const {
+    const ConstantOp* op = TryCast<ConstantOp>(matched);
+    if (!op) return false;
+    if (op->kind != ConstantOp::Kind::kFloat64) return false;
+    *constant = op->storage.float64.get_scalar();
+    return true;
+  }
+
+  bool MatchFloat64Constant(OpIndex matched, i::Float64* constant) const {
     const ConstantOp* op = TryCast<ConstantOp>(matched);
     if (!op) return false;
     if (op->kind != ConstantOp::Kind::kFloat64) return false;
@@ -87,10 +104,10 @@ class OperationMatcher {
     const ConstantOp* op = TryCast<ConstantOp>(matched);
     if (!op) return false;
     if (op->kind == ConstantOp::Kind::kFloat64) {
-      *value = op->storage.float64;
+      *value = op->storage.float64.get_scalar();
       return true;
     } else if (op->kind == ConstantOp::Kind::kFloat32) {
-      *value = op->storage.float32;
+      *value = op->storage.float32.get_scalar();
       return true;
     }
     return false;
@@ -161,11 +178,6 @@ class OperationMatcher {
     return MatchIntegralWordConstant(matched, rep, nullptr, signed_constant);
   }
 
-  bool MatchIntegralWord64Constant(OpIndex matched, uint64_t* constant) const {
-    return MatchIntegralWordConstant(matched, WordRepresentation::Word64(),
-                                     constant);
-  }
-
   bool MatchIntegralWord32Constant(OpIndex matched, uint32_t* constant) const {
     if (uint64_t value; MatchIntegralWordConstant(
             matched, WordRepresentation::Word32(), &value)) {
@@ -175,6 +187,11 @@ class OperationMatcher {
     return false;
   }
 
+  bool MatchIntegralWord64Constant(OpIndex matched, uint64_t* constant) const {
+    return MatchIntegralWordConstant(matched, WordRepresentation::Word64(),
+                                     constant);
+  }
+
   bool MatchIntegralWord32Constant(OpIndex matched, uint32_t constant) const {
     if (uint64_t value; MatchIntegralWordConstant(
             matched, WordRepresentation::Word32(), &value)) {
@@ -197,6 +214,23 @@ class OperationMatcher {
     return false;
   }
 
+  template <typename T = intptr_t>
+  bool MatchIntegralWordPtrConstant(OpIndex matched, T* constant) const {
+    if constexpr (Is64()) {
+      static_assert(sizeof(T) == sizeof(int64_t));
+      int64_t v;
+      if (!MatchIntegralWord64Constant(matched, &v)) return false;
+      *constant = static_cast<T>(v);
+      return true;
+    } else {
+      static_assert(sizeof(T) == sizeof(int32_t));
+      int32_t v;
+      if (!MatchIntegralWord32Constant(matched, &v)) return false;
+      *constant = static_cast<T>(v);
+      return true;
+    }
+  }
+
   bool MatchSignedIntegralConstant(OpIndex matched, int64_t* constant) const {
     if (const ConstantOp* c = TryCast<ConstantOp>(matched)) {
       if (c->kind == ConstantOp::Kind::kWord32 ||
@@ -440,7 +474,7 @@ class OperationMatcher {
   }
 
   bool MatchPhi(OpIndex matched,
-                base::Optional<int> input_count = base::nullopt) const {
+                std::optional<int> input_count = std::nullopt) const {
     if (const PhiOp* phi = TryCast<PhiOp>(matched)) {
       return !input_count.has_value() || phi->input_count == *input_count;
     }
diff --git a/deps/v8/src/compiler/turboshaft/operations.cc b/deps/v8/src/compiler/turboshaft/operations.cc
index 995f66a9829e45..3d936ff8e06ba8 100644
--- a/deps/v8/src/compiler/turboshaft/operations.cc
+++ b/deps/v8/src/compiler/turboshaft/operations.cc
@@ -6,10 +6,10 @@
 
 #include <atomic>
 #include <iomanip>
+#include <optional>
 #include <sstream>
 
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/codegen/bailout-reason.h"
 #include "src/codegen/machine-type.h"
@@ -42,13 +42,13 @@ void Operation::Print() const { std::cout << *this << "\n"; }
 
 Zone* get_zone(Graph* graph) { return graph->graph_zone(); }
 
-base::Optional<Builtin> TryGetBuiltinId(const ConstantOp* target,
-                                        JSHeapBroker* broker) {
-  if (!target) return base::nullopt;
-  if (target->kind != ConstantOp::Kind::kHeapObject) return base::nullopt;
+std::optional<Builtin> TryGetBuiltinId(const ConstantOp* target,
+                                       JSHeapBroker* broker) {
+  if (!target) return std::nullopt;
+  if (target->kind != ConstantOp::Kind::kHeapObject) return std::nullopt;
   // TODO(nicohartmann@): For builtin compilation we don't have a broker. We
   // could try to access the heap directly instead.
-  if (broker == nullptr) return base::nullopt;
+  if (broker == nullptr) return std::nullopt;
   UnparkedScopeIfNeeded scope(broker);
   AllowHandleDereference allow_handle_dereference;
   HeapObjectRef ref = MakeRef(broker, target->handle());
@@ -58,7 +58,7 @@ base::Optional<Builtin> TryGetBuiltinId(const ConstantOp* target,
       return code.object()->builtin_id();
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 bool CallOp::IsStackCheck(const Graph& graph, JSHeapBroker* broker,
@@ -100,7 +100,7 @@ void TailCallOp::PrintOptions(std::ostream& os) const {
 bool ValidOpInputRep(
     const Graph& graph, OpIndex input,
     std::initializer_list<RegisterRepresentation> expected_reps,
-    base::Optional<size_t> projection_index) {
+    std::optional<size_t> projection_index) {
   base::Vector<const RegisterRepresentation> input_reps =
       graph.Get(input).outputs_rep();
   RegisterRepresentation input_rep;
@@ -140,7 +140,7 @@ bool ValidOpInputRep(
 
 bool ValidOpInputRep(const Graph& graph, OpIndex input,
                      RegisterRepresentation expected_rep,
-                     base::Optional<size_t> projection_index) {
+                     std::optional<size_t> projection_index) {
   return ValidOpInputRep(graph, input, {expected_rep}, projection_index);
 }
 #endif  // DEBUG
@@ -198,6 +198,13 @@ std::ostream& operator<<(std::ostream& os, WordUnaryOp::Kind kind) {
   }
 }
 
+std::ostream& operator<<(std::ostream& os, OverflowCheckedUnaryOp::Kind kind) {
+  switch (kind) {
+    case OverflowCheckedUnaryOp::Kind::kAbs:
+      return os << "kAbs";
+  }
+}
+
 std::ostream& operator<<(std::ostream& os, FloatUnaryOp::Kind kind) {
   switch (kind) {
     case FloatUnaryOp::Kind::kAbs:
@@ -521,23 +528,23 @@ void ConstantOp::PrintOptions(std::ostream& os) const {
       os << "smi: " << smi();
       break;
     case Kind::kNumber:
-      os << "number: " << number();
+      os << "number: " << number().get_scalar();
       break;
     case Kind::kTaggedIndex:
       os << "tagged index: " << tagged_index();
       break;
     case Kind::kFloat64:
-      os << "float64: " << float64();
-      if (std::isnan(float64())) {
-        // Do not use float64() here as it may alter the bit representation.
-        os << " (0x" << std::hex << base::bit_cast<uint64_t>(storage.float64)
-           << std::dec << ')';
+      os << "float64: " << float64().get_scalar();
+      if (float64().is_hole_nan()) {
+        os << " (hole nan: 0x" << std::hex << float64().get_bits() << std::dec
+           << ')';
+      } else if (float64().is_nan()) {
+        os << " (0x" << std::hex << float64().get_bits() << std::dec << ')';
       }
       break;
     case Kind::kFloat32:
-      os << "float32: " << float32();
-      if (std::isnan(float32())) {
-        // Do not use float32() here as it may alter the bit representation.
+      os << "float32: " << float32().get_scalar();
+      if (float32().is_nan()) {
         os << " (0x" << std::hex << base::bit_cast<uint32_t>(storage.float32)
            << std::dec << ')';
       }
@@ -551,6 +558,9 @@ void ConstantOp::PrintOptions(std::ostream& os) const {
     case Kind::kCompressedHeapObject:
       os << "compressed heap object: " << JSONEscaped(handle());
       break;
+    case Kind::kTrustedHeapObject:
+      os << "trusted heap object: " << JSONEscaped(handle());
+      break;
     case Kind::kRelocatableWasmCall:
       os << "relocatable wasm call: 0x"
          << reinterpret_cast<void*>(storage.integral);
@@ -974,7 +984,7 @@ void WordBinopDeoptOnOverflowOp::PrintOptions(std::ostream& os) const {
       os << "unsigned mod, ";
       break;
   }
-  os << rep;
+  os << rep << ", " << mode;
   os << ']';
 }
 
@@ -1453,6 +1463,8 @@ std::ostream& operator<<(std::ostream& os, JSStackCheckOp::Kind kind) {
   switch (kind) {
     case JSStackCheckOp::Kind::kFunctionEntry:
       return os << "function-entry";
+    case JSStackCheckOp::Kind::kBuiltinEntry:
+      return os << "builtin-entry";
     case JSStackCheckOp::Kind::kLoop:
       return os << "loop";
   }
@@ -1537,6 +1549,16 @@ std::ostream& operator<<(std::ostream& os, Simd128UnaryOp::Kind kind) {
 #undef PRINT_KIND
 }
 
+std::ostream& operator<<(std::ostream& os, Simd128ReduceOp::Kind kind) {
+  switch (kind) {
+#define PRINT_KIND(kind)               \
+  case Simd128ReduceOp::Kind::k##kind: \
+    return os << #kind;
+    FOREACH_SIMD_128_REDUCE_OPTIONAL_OPCODE(PRINT_KIND)
+  }
+#undef PRINT_KIND
+}
+
 std::ostream& operator<<(std::ostream& os, Simd128ShiftOp::Kind kind) {
   switch (kind) {
 #define PRINT_KIND(kind)              \
@@ -1598,6 +1620,9 @@ void Simd128ExtractLaneOp::PrintOptions(std::ostream& os) const {
     case Kind::kI64x2:
       os << "I64x2";
       break;
+    case Kind::kF16x8:
+      os << "F16x8";
+      break;
     case Kind::kF32x4:
       os << "F32x4";
       break;
@@ -1623,6 +1648,9 @@ void Simd128ReplaceLaneOp::PrintOptions(std::ostream& os) const {
     case Kind::kI64x2:
       os << "I64x2";
       break;
+    case Kind::kF16x8:
+      os << "F16x8";
+      break;
     case Kind::kF32x4:
       os << "F32x4";
       break;
diff --git a/deps/v8/src/compiler/turboshaft/operations.h b/deps/v8/src/compiler/turboshaft/operations.h
index bb5146a926a487..d1494e957cd1b6 100644
--- a/deps/v8/src/compiler/turboshaft/operations.h
+++ b/deps/v8/src/compiler/turboshaft/operations.h
@@ -9,13 +9,13 @@
 #include <cstdint>
 #include <cstring>
 #include <limits>
+#include <optional>
 #include <tuple>
 #include <type_traits>
 #include <utility>
 
 #include "src/base/logging.h"
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/base/small-vector.h"
 #include "src/base/template-utils.h"
@@ -33,6 +33,7 @@
 #include "src/compiler/turboshaft/snapshot-table.h"
 #include "src/compiler/turboshaft/types.h"
 #include "src/compiler/turboshaft/utils.h"
+#include "src/compiler/turboshaft/zone-with-name.h"
 #include "src/compiler/write-barrier-kind.h"
 #include "src/flags/flags.h"
 
@@ -54,6 +55,9 @@ class Node;
 enum class TrapId : int32_t;
 }  // namespace v8::internal::compiler
 namespace v8::internal::compiler::turboshaft {
+
+inline constexpr char kCompilationZoneName[] = "compilation-zone";
+
 class Block;
 struct FrameStateData;
 class Graph;
@@ -177,6 +181,7 @@ using Variable = SnapshotTable<OpIndex, VariableData>::Key;
   V(Simd128Constant)                      \
   V(Simd128Binop)                         \
   V(Simd128Unary)                         \
+  V(Simd128Reduce)                        \
   V(Simd128Shift)                         \
   V(Simd128Test)                          \
   V(Simd128Splat)                         \
@@ -277,6 +282,7 @@ using Variable = SnapshotTable<OpIndex, VariableData>::Key;
   V(Word32PairBinop)                         \
   V(OverflowCheckedBinop)                    \
   V(WordUnary)                               \
+  V(OverflowCheckedUnary)                    \
   V(FloatUnary)                              \
   V(Shift)                                   \
   V(Comparison)                              \
@@ -313,7 +319,8 @@ using Variable = SnapshotTable<OpIndex, VariableData>::Key;
   V(AtomicWord32Pair)                        \
   V(MemoryBarrier)                           \
   V(Comment)                                 \
-  V(Dead)
+  V(Dead)                                    \
+  V(AbortCSADcheck)
 
 // These are operations used in the frontend and are mostly tied to JS
 // semantics.
@@ -1066,11 +1073,11 @@ struct OperationT : Operation {
            derived_this().Effects().is_required_when_unused();
   }
 
-  static constexpr base::Optional<OpEffects> EffectsIfStatic() {
+  static constexpr std::optional<OpEffects> EffectsIfStatic() {
     if constexpr (HasStaticEffects<Derived>::value) {
       return Derived::Effects();
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   Derived& derived_this() { return *static_cast<Derived*>(this); }
@@ -1310,7 +1317,9 @@ struct FixedArityOperationT : OperationT<Derived> {
   V(word64_rol_lowerable, Word64RolLowerable)      \
   V(sat_conversion_is_safe, SatConversionIsSafe)   \
   V(word32_select, Word32Select)                   \
-  V(word64_select, Word64Select)
+  V(word64_select, Word64Select)                   \
+  V(float64_to_float16, Float64ToFloat16)          \
+  V(float16, Float16)
 
 class V8_EXPORT_PRIVATE SupportedOperations {
 #define DECLARE_FIELD(name, machine_name) bool name##_;
@@ -1358,10 +1367,10 @@ base::Vector<const MaybeRegisterRepresentation> MaybeRepVector() {
 V8_EXPORT_PRIVATE bool ValidOpInputRep(
     const Graph& graph, OpIndex input,
     std::initializer_list<RegisterRepresentation> expected_rep,
-    base::Optional<size_t> projection_index = {});
+    std::optional<size_t> projection_index = {});
 V8_EXPORT_PRIVATE bool ValidOpInputRep(
     const Graph& graph, OpIndex input, RegisterRepresentation expected_rep,
-    base::Optional<size_t> projection_index = {});
+    std::optional<size_t> projection_index = {});
 #endif  // DEBUG
 
 // DeadOp is a special operation that can be used by analyzers to mark
@@ -1383,6 +1392,25 @@ struct DeadOp : FixedArityOperationT<0, DeadOp> {
   auto options() const { return std::tuple{}; }
 };
 
+struct AbortCSADcheckOp : FixedArityOperationT<1, AbortCSADcheckOp> {
+  static constexpr OpEffects effects =
+      OpEffects().RequiredWhenUnused().CanLeaveCurrentFunction();
+
+  base::Vector<const RegisterRepresentation> outputs_rep() const { return {}; }
+
+  base::Vector<const MaybeRegisterRepresentation> inputs_rep(
+      ZoneVector<MaybeRegisterRepresentation>& storage) const {
+    return MaybeRepVector<MaybeRegisterRepresentation::Tagged()>();
+  }
+
+  V<String> message() { return Base::input<String>(0); }
+
+  explicit AbortCSADcheckOp(V<String> message) : Base(message) {}
+
+  void Validate(const Graph& graph) const {}
+  auto options() const { return std::tuple{}; }
+};
+
 struct GenericBinopOp : FixedArityOperationT<4, GenericBinopOp> {
 #define GENERIC_BINOP_LIST(V) \
   V(Add)                      \
@@ -1843,6 +1871,43 @@ struct WordUnaryOp : FixedArityOperationT<1, WordUnaryOp> {
 V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
                                            WordUnaryOp::Kind kind);
 
+struct OverflowCheckedUnaryOp
+    : FixedArityOperationT<1, OverflowCheckedUnaryOp> {
+  static constexpr int kValueIndex = 0;
+  static constexpr int kOverflowIndex = 1;
+
+  enum class Kind : uint8_t { kAbs };
+  Kind kind;
+  WordRepresentation rep;
+  static constexpr OpEffects effects = OpEffects();
+  base::Vector<const RegisterRepresentation> outputs_rep() const {
+    switch (rep.value()) {
+      case WordRepresentation::Word32():
+        return RepVector<RegisterRepresentation::Word32(),
+                         RegisterRepresentation::Word32()>();
+      case WordRepresentation::Word64():
+        return RepVector<RegisterRepresentation::Word64(),
+                         RegisterRepresentation::Word32()>();
+    }
+  }
+
+  base::Vector<const MaybeRegisterRepresentation> inputs_rep(
+      ZoneVector<MaybeRegisterRepresentation>& storage) const {
+    return InputsRepFactory::SingleRep(rep);
+  }
+
+  V<Word> input() const { return Base::input<Word>(0); }
+
+  explicit OverflowCheckedUnaryOp(V<Word> input, Kind kind,
+                                  WordRepresentation rep)
+      : Base(input), kind(kind), rep(rep) {}
+
+  void Validate(const Graph& graph) const {}
+  auto options() const { return std::tuple{kind, rep}; }
+};
+V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
+                                           OverflowCheckedUnaryOp::Kind kind);
+
 struct FloatUnaryOp : FixedArityOperationT<1, FloatUnaryOp> {
   enum class Kind : uint8_t {
     kAbs,
@@ -2484,6 +2549,7 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
     kExternal,
     kHeapObject,
     kCompressedHeapObject,
+    kTrustedHeapObject,
     kRelocatableWasmCall,
     kRelocatableWasmStubCall,
     kRelocatableWasmCanonicalSignatureId
@@ -2493,17 +2559,15 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
   RegisterRepresentation rep = Representation(kind);
   union Storage {
     uint64_t integral;
-    // TODO(42204049): To prevent signaling NaNs converting to quiet NaNs we
-    // should use Float32 and Float64.
-    float float32;
-    double float64;
+    i::Float32 float32;
+    i::Float64 float64;
     ExternalReference external;
     Handle<HeapObject> handle;
 
     Storage(uint64_t integral = 0) : integral(integral) {}
     Storage(i::Tagged<Smi> smi) : integral(smi.ptr()) {}
-    Storage(double constant) : float64(constant) {}
-    Storage(float constant) : float32(constant) {}
+    Storage(i::Float64 constant) : float64(constant) {}
+    Storage(i::Float32 constant) : float32(constant) {}
     Storage(ExternalReference constant) : external(constant) {}
     Storage(Handle<HeapObject> constant) : handle(constant) {}
 
@@ -2537,6 +2601,7 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
         return RegisterRepresentation::Float64();
       case Kind::kExternal:
       case Kind::kTaggedIndex:
+      case Kind::kTrustedHeapObject:
       case Kind::kRelocatableWasmCall:
       case Kind::kRelocatableWasmStubCall:
         return RegisterRepresentation::WordPtr();
@@ -2594,33 +2659,21 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
     return i::Tagged<Smi>(storage.integral);
   }
 
-  double number() const {
+  i::Float64 number() const {
     DCHECK_EQ(kind, Kind::kNumber);
     return storage.float64;
   }
 
-  float float32() const {
+  i::Float32 float32() const {
     DCHECK_EQ(kind, Kind::kFloat32);
     return storage.float32;
   }
 
-  internal::Float32 float32_preserve_nan() const {
-    DCHECK_EQ(kind, Kind::kFloat32);
-    return internal::Float32::FromBits(
-        base::bit_cast<uint32_t>(storage.float32));
-  }
-
-  double float64() const {
+  i::Float64 float64() const {
     DCHECK_EQ(kind, Kind::kFloat64);
     return storage.float64;
   }
 
-  internal::Float64 float64_preserve_nan() const {
-    DCHECK_EQ(kind, Kind::kFloat64);
-    return internal::Float64::FromBits(
-        base::bit_cast<uint64_t>(storage.float64));
-  }
-
   int32_t tagged_index() const {
     DCHECK_EQ(kind, Kind::kTaggedIndex);
     return static_cast<int32_t>(static_cast<uint32_t>(storage.integral));
@@ -2632,7 +2685,8 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
   }
 
   Handle<i::HeapObject> handle() const {
-    DCHECK(kind == Kind::kHeapObject || kind == Kind::kCompressedHeapObject);
+    DCHECK(kind == Kind::kHeapObject || kind == Kind::kCompressedHeapObject ||
+           kind == Kind::kTrustedHeapObject);
     return storage.handle;
   }
 
@@ -2669,16 +2723,17 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
       case Kind::kRelocatableWasmCanonicalSignatureId:
         return HashWithOptions(storage.integral);
       case Kind::kFloat32:
-        return HashWithOptions(storage.float32);
+        return HashWithOptions(storage.float32.get_bits());
       case Kind::kFloat64:
       case Kind::kNumber:
-        return HashWithOptions(storage.float64);
+        return HashWithOptions(storage.float64.get_bits());
       case Kind::kExternal:
         return HashWithOptions(strategy == HashingStrategy::kMakeSnapshotStable
                                    ? 0
                                    : storage.external.raw());
       case Kind::kHeapObject:
       case Kind::kCompressedHeapObject:
+      case Kind::kTrustedHeapObject:
         if (strategy == HashingStrategy::kMakeSnapshotStable) {
           return HashWithOptions();
         }
@@ -2719,6 +2774,7 @@ struct ConstantOp : FixedArityOperationT<0, ConstantOp> {
         return storage.external.raw() == other.storage.external.raw();
       case Kind::kHeapObject:
       case Kind::kCompressedHeapObject:
+      case Kind::kTrustedHeapObject:
         return storage.handle.address() == other.storage.handle.address();
     }
   }
@@ -3411,22 +3467,36 @@ struct DecodeExternalPointerOp
   auto options() const { return std::tuple{tag}; }
 };
 
-struct JSStackCheckOp : FixedArityOperationT<2, JSStackCheckOp> {
-  enum class Kind : bool { kFunctionEntry, kLoop };
+struct JSStackCheckOp : OperationT<JSStackCheckOp> {
+  enum class Kind : uint8_t { kFunctionEntry, kBuiltinEntry, kLoop };
   Kind kind;
 
   OpEffects Effects() const {
     switch (kind) {
       case Kind::kFunctionEntry:
         return OpEffects().CanCallAnything();
+      case Kind::kBuiltinEntry:
+        return OpEffects().CanCallAnything();
       case Kind::kLoop:
-        // Loop body iteration stack checks can't write memory or allocate.
-        return OpEffects().CanDependOnChecks().CanDeopt().CanReadHeapMemory();
+        // Loop body iteration stack checks can't write memory.
+        // TODO(dmercadier): we could prevent this from allocating. In
+        // particular, we'd need to:
+        //   - forbid GC interrupts from being processed in loop stack checks.
+        //   - make sure that the debugger always deopts the current function
+        //     when it triggers a loop interrupt.
+        return OpEffects()
+            .CanDependOnChecks()
+            .CanDeopt()
+            .CanReadHeapMemory()
+            .CanAllocate();
     }
   }
 
   V<Context> native_context() const { return Base::input<Context>(0); }
-  V<FrameState> frame_state() const { return Base::input<FrameState>(1); }
+  OptionalV<FrameState> frame_state() const {
+    return input_count > 1 ? Base::input<FrameState>(1)
+                           : OptionalV<FrameState>::Nullopt();
+  }
 
   base::Vector<const RegisterRepresentation> outputs_rep() const { return {}; }
 
@@ -3435,11 +3505,29 @@ struct JSStackCheckOp : FixedArityOperationT<2, JSStackCheckOp> {
     return {};
   }
 
-  explicit JSStackCheckOp(V<Context> context, V<FrameState> frame_state,
+  explicit JSStackCheckOp(V<Context> context, OptionalV<FrameState> frame_state,
                           Kind kind)
-      : Base(context, frame_state), kind(kind) {}
+      : Base(1 + frame_state.has_value()), kind(kind) {
+    input(0) = context;
+    if (frame_state.has_value()) {
+      input(1) = frame_state.value();
+    }
+  }
 
-  void Validate(const Graph& graph) const {}
+  static JSStackCheckOp& New(Graph* graph, V<Context> context,
+                             OptionalV<FrameState> frame_state, Kind kind) {
+    return Base::New(graph, 1 + frame_state.has_value(), context, frame_state,
+                     kind);
+  }
+
+  void Validate(const Graph& graph) const {
+    DCHECK_EQ(kind == Kind::kBuiltinEntry, !frame_state().has_value());
+  }
+
+  template <typename Fn, typename Mapper>
+  V8_INLINE auto Explode(Fn fn, Mapper& mapper) const {
+    return fn(mapper.Map(native_context()), mapper.Map(frame_state()), kind);
+  }
 
   auto options() const { return std::tuple{kind}; }
 };
@@ -3862,8 +3950,8 @@ struct fast_hash<TSCallDescriptor> {
 };
 
 // If {target} is a HeapObject representing a builtin, return that builtin's ID.
-base::Optional<Builtin> TryGetBuiltinId(const ConstantOp* target,
-                                        JSHeapBroker* broker);
+std::optional<Builtin> TryGetBuiltinId(const ConstantOp* target,
+                                       JSHeapBroker* broker);
 
 struct CallOp : OperationT<CallOp> {
   const TSCallDescriptor* descriptor;
@@ -7302,10 +7390,28 @@ struct Simd128ConstantOp : FixedArityOperationT<0, Simd128ConstantOp> {
   V(I8x16Swizzle)                                 \
   V(I8x16RelaxedSwizzle)
 
-#define FOREACH_SIMD_128_BINARY_OPCODE(V) \
-  FOREACH_SIMD_128_BINARY_BASIC_OPCODE(V) \
+#define FOREACH_SIMD_128_BINARY_MANDATORY_OPCODE(V) \
+  FOREACH_SIMD_128_BINARY_BASIC_OPCODE(V)           \
   FOREACH_SIMD_128_BINARY_SPECIAL_OPCODE(V)
 
+#define FOREACH_SIMD_128_BINARY_OPTIONAL_OPCODE(V) \
+  V(F16x8Add)                                      \
+  V(F16x8Sub)                                      \
+  V(F16x8Mul)                                      \
+  V(F16x8Div)                                      \
+  V(F16x8Min)                                      \
+  V(F16x8Max)                                      \
+  V(F16x8Pmin)                                     \
+  V(F16x8Pmax)                                     \
+  V(F16x8Eq)                                       \
+  V(F16x8Ne)                                       \
+  V(F16x8Lt)                                       \
+  V(F16x8Le)
+
+#define FOREACH_SIMD_128_BINARY_OPCODE(V)     \
+  FOREACH_SIMD_128_BINARY_MANDATORY_OPCODE(V) \
+  FOREACH_SIMD_128_BINARY_OPTIONAL_OPCODE(V)
+
 struct Simd128BinopOp : FixedArityOperationT<2, Simd128BinopOp> {
   // clang-format off
   enum class Kind : uint8_t {
@@ -7417,6 +7523,20 @@ V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
   FOREACH_SIMD_128_UNARY_SIGN_EXTENSION_OPCODE(V)
 
 #define FOREACH_SIMD_128_UNARY_OPTIONAL_OPCODE(V)                             \
+  V(F16x8Abs)                                                                 \
+  V(F16x8Neg)                                                                 \
+  V(F16x8Sqrt)                                                                \
+  V(F16x8Ceil)                                                                \
+  V(F16x8Floor)                                                               \
+  V(F16x8Trunc)                                                               \
+  V(F16x8NearestInt)                                                          \
+  V(I16x8SConvertF16x8)                                                       \
+  V(I16x8UConvertF16x8)                                                       \
+  V(F16x8SConvertI16x8)                                                       \
+  V(F16x8UConvertI16x8)                                                       \
+  V(F16x8DemoteF32x4Zero)                                                     \
+  V(F16x8DemoteF64x2Zero)                                                     \
+  V(F32x4PromoteLowF16x8)                                                     \
   V(F32x4Ceil)                                                                \
   V(F32x4Floor)                                                               \
   V(F32x4Trunc)                                                               \
@@ -7468,6 +7588,45 @@ struct Simd128UnaryOp : FixedArityOperationT<1, Simd128UnaryOp> {
 V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
                                            Simd128UnaryOp::Kind kind);
 
+#define FOREACH_SIMD_128_REDUCE_OPTIONAL_OPCODE(V) \
+  V(I8x16AddReduce)                                \
+  V(I16x8AddReduce)                                \
+  V(I32x4AddReduce)                                \
+  V(I64x2AddReduce)                                \
+  V(F32x4AddReduce)                                \
+  V(F64x2AddReduce)
+
+struct Simd128ReduceOp : FixedArityOperationT<1, Simd128ReduceOp> {
+  enum class Kind : uint8_t {
+#define DEFINE_KIND(kind) k##kind,
+    FOREACH_SIMD_128_REDUCE_OPTIONAL_OPCODE(DEFINE_KIND)
+#undef DEFINE_KIND
+  };
+
+  Kind kind;
+
+  static constexpr OpEffects effects = OpEffects();
+
+  base::Vector<const RegisterRepresentation> outputs_rep() const {
+    return RepVector<RegisterRepresentation::Simd128()>();
+  }
+
+  base::Vector<const MaybeRegisterRepresentation> inputs_rep(
+      ZoneVector<MaybeRegisterRepresentation>& storage) const {
+    return MaybeRepVector<RegisterRepresentation::Simd128()>();
+  }
+
+  Simd128ReduceOp(V<Simd128> input, Kind kind) : Base(input), kind(kind) {}
+
+  V<Simd128> input() const { return Base::input<Simd128>(0); }
+
+  void Validate(const Graph& graph) const {}
+
+  auto options() const { return std::tuple{kind}; }
+};
+V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
+                                           Simd128ReduceOp::Kind kind);
+
 #define FOREACH_SIMD_128_SHIFT_OPCODE(V) \
   V(I8x16Shl)                            \
   V(I8x16ShrS)                           \
@@ -7558,14 +7717,17 @@ struct Simd128TestOp : FixedArityOperationT<1, Simd128TestOp> {
 V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
                                            Simd128TestOp::Kind kind);
 
-#define FOREACH_SIMD_128_SPLAT_OPCODE(V) \
-  V(I8x16)                               \
-  V(I16x8)                               \
-  V(I32x4)                               \
-  V(I64x2)                               \
-  V(F32x4)                               \
+#define FOREACH_SIMD_128_SPLAT_MANDATORY_OPCODE(V) \
+  V(I8x16)                                         \
+  V(I16x8)                                         \
+  V(I32x4)                                         \
+  V(I64x2)                                         \
+  V(F32x4)                                         \
   V(F64x2)
 
+#define FOREACH_SIMD_128_SPLAT_OPCODE(V)     \
+  FOREACH_SIMD_128_SPLAT_MANDATORY_OPCODE(V) \
+  V(F16x8)
 struct Simd128SplatOp : FixedArityOperationT<1, Simd128SplatOp> {
   enum class Kind : uint8_t {
 #define DEFINE_KIND(kind) k##kind,
@@ -7590,6 +7752,7 @@ struct Simd128SplatOp : FixedArityOperationT<1, Simd128SplatOp> {
         return MaybeRepVector<RegisterRepresentation::Word32()>();
       case Kind::kI64x2:
         return MaybeRepVector<RegisterRepresentation::Word64()>();
+      case Kind::kF16x8:
       case Kind::kF32x4:
         return MaybeRepVector<RegisterRepresentation::Float32()>();
       case Kind::kF64x2:
@@ -7622,9 +7785,14 @@ V8_EXPORT_PRIVATE std::ostream& operator<<(std::ostream& os,
   V(F64x2Qfms)                                   \
   V(I32x4DotI8x16I7x16AddS)
 
+#define FOREACH_SIMD_128_TERNARY_OPTIONAL_OPCODE(V) \
+  V(F16x8Qfma)                                      \
+  V(F16x8Qfms)
+
 #define FOREACH_SIMD_128_TERNARY_OPCODE(V) \
   FOREACH_SIMD_128_TERNARY_MASK_OPCODE(V)  \
-  FOREACH_SIMD_128_TERNARY_OTHER_OPCODE(V)
+  FOREACH_SIMD_128_TERNARY_OTHER_OPCODE(V) \
+  FOREACH_SIMD_128_TERNARY_OPTIONAL_OPCODE(V)
 
 struct Simd128TernaryOp : FixedArityOperationT<3, Simd128TernaryOp> {
   enum class Kind : uint8_t {
@@ -7671,6 +7839,7 @@ struct Simd128ExtractLaneOp : FixedArityOperationT<1, Simd128ExtractLaneOp> {
     kI16x8U,
     kI32x4,
     kI64x2,
+    kF16x8,
     kF32x4,
     kF64x2,
   };
@@ -7680,6 +7849,26 @@ struct Simd128ExtractLaneOp : FixedArityOperationT<1, Simd128ExtractLaneOp> {
 
   static constexpr OpEffects effects = OpEffects();
 
+  static MachineRepresentation element_rep(Kind kind) {
+    switch (kind) {
+      case Kind::kI8x16S:
+      case Kind::kI8x16U:
+        return MachineRepresentation::kWord8;
+      case Kind::kI16x8S:
+      case Kind::kI16x8U:
+        return MachineRepresentation::kWord16;
+      case Kind::kI32x4:
+        return MachineRepresentation::kWord32;
+      case Kind::kI64x2:
+        return MachineRepresentation::kWord64;
+      case Kind::kF16x8:
+      case Kind::kF32x4:
+        return MachineRepresentation::kFloat32;
+      case Kind::kF64x2:
+        return MachineRepresentation::kFloat64;
+    }
+  }
+
   base::Vector<const RegisterRepresentation> outputs_rep() const {
     switch (kind) {
       case Kind::kI8x16S:
@@ -7690,6 +7879,7 @@ struct Simd128ExtractLaneOp : FixedArityOperationT<1, Simd128ExtractLaneOp> {
         return RepVector<RegisterRepresentation::Word32()>();
       case Kind::kI64x2:
         return RepVector<RegisterRepresentation::Word64()>();
+      case Kind::kF16x8:
       case Kind::kF32x4:
         return RepVector<RegisterRepresentation::Float32()>();
       case Kind::kF64x2:
@@ -7717,6 +7907,7 @@ struct Simd128ExtractLaneOp : FixedArityOperationT<1, Simd128ExtractLaneOp> {
         break;
       case Kind::kI16x8S:
       case Kind::kI16x8U:
+      case Kind::kF16x8:
         lane_count = 8;
         break;
       case Kind::kI32x4:
@@ -7742,6 +7933,7 @@ struct Simd128ReplaceLaneOp : FixedArityOperationT<2, Simd128ReplaceLaneOp> {
     kI16x8,
     kI32x4,
     kI64x2,
+    kF16x8,
     kF32x4,
     kF64x2,
   };
@@ -7775,6 +7967,7 @@ struct Simd128ReplaceLaneOp : FixedArityOperationT<2, Simd128ReplaceLaneOp> {
         lane_count = 16;
         break;
       case Kind::kI16x8:
+      case Kind::kF16x8:
         lane_count = 8;
         break;
       case Kind::kI32x4:
@@ -7801,6 +7994,7 @@ struct Simd128ReplaceLaneOp : FixedArityOperationT<2, Simd128ReplaceLaneOp> {
         return RegisterRepresentation::Word32();
       case Kind::kI64x2:
         return RegisterRepresentation::Word64();
+      case Kind::kF16x8:
       case Kind::kF32x4:
         return RegisterRepresentation::Float32();
       case Kind::kF64x2:
@@ -8671,7 +8865,7 @@ struct SetContinuationPreservedEmbedderDataOp
 #endif  // V8_ENABLE_CONTINUATION_PRESERVED_EMBEDDER_DATA
 
 #define OPERATION_EFFECTS_CASE(Name) Name##Op::EffectsIfStatic(),
-static constexpr base::Optional<OpEffects>
+static constexpr std::optional<OpEffects>
     kOperationEffectsTable[kNumberOfOpcodes] = {
         TURBOSHAFT_OPERATION_LIST(OPERATION_EFFECTS_CASE)};
 #undef OPERATION_EFFECTS_CASE
@@ -8833,12 +9027,14 @@ template <typename T, typename = std::enable_if_t<std::is_enum_v<T> ||
 constexpr size_t input_count(T) {
   return 0;
 }
-template <typename T>
-constexpr size_t input_count(const MaybeHandle<T>) {
-  return 0;
-}
-template <typename T>
-constexpr size_t input_count(const Handle<T>) {
+// TODO(42203211): The first parameter should be just DirectHandle<T> and
+// MaybeDirectHandle<T> but now it does not compile with implicit Handle to
+// DirectHandle conversions.
+template <template <typename T> typename HandleType, typename T,
+          typename = std::enable_if_t<std::disjunction_v<
+              std::is_convertible<HandleType<T>, DirectHandle<T>>,
+              std::is_convertible<HandleType<T>, MaybeDirectHandle<T>>>>>
+constexpr size_t input_count(const HandleType<T>) {
   return 0;
 }
 template <typename T>
diff --git a/deps/v8/src/compiler/turboshaft/opmasks.h b/deps/v8/src/compiler/turboshaft/opmasks.h
index 2354e7e89c2868..fa4e79465e6cc9 100644
--- a/deps/v8/src/compiler/turboshaft/opmasks.h
+++ b/deps/v8/src/compiler/turboshaft/opmasks.h
@@ -333,21 +333,10 @@ FOREACH_SIMD_128_BINARY_SIGN_EXTENSION_OPCODE(SIMD_SIGN_EXTENSION_BINOP_MASK)
 
 using Simd128UnaryMask =
     MaskBuilder<Simd128UnaryOp, FIELD(Simd128UnaryOp, kind)>;
-using kSimd128I16x8ExtAddPairwiseI8x16S =
-    Simd128UnaryMask::For<Simd128UnaryOp::Kind::kI16x8ExtAddPairwiseI8x16S>;
-using kSimd128I16x8ExtAddPairwiseI8x16U =
-    Simd128UnaryMask::For<Simd128UnaryOp::Kind::kI16x8ExtAddPairwiseI8x16U>;
-using kSimd128I32x4ExtAddPairwiseI16x8S =
-    Simd128UnaryMask::For<Simd128UnaryOp::Kind::kI32x4ExtAddPairwiseI16x8S>;
-using kSimd128I32x4ExtAddPairwiseI16x8U =
-    Simd128UnaryMask::For<Simd128UnaryOp::Kind::kI32x4ExtAddPairwiseI16x8U>;
-using kSimd128ReverseBytes =
-    Simd128UnaryMask::For<Simd128UnaryOp::Kind::kSimd128ReverseBytes>;
-
-#define SIMD_SIGN_EXTENSION_UNARY_MASK(kind) \
+#define SIMD_UNARY_MASK(kind) \
   using kSimd128##kind = Simd128UnaryMask::For<Simd128UnaryOp::Kind::k##kind>;
-FOREACH_SIMD_128_UNARY_SIGN_EXTENSION_OPCODE(SIMD_SIGN_EXTENSION_UNARY_MASK)
-#undef SIMD_SIGN_EXTENSION_UNARY_MASK
+FOREACH_SIMD_128_UNARY_OPCODE(SIMD_UNARY_MASK)
+#undef SIMD_UNARY_MASK
 
 using Simd128ShiftMask =
     MaskBuilder<Simd128ShiftOp, FIELD(Simd128ShiftOp, kind)>;
@@ -356,6 +345,15 @@ using Simd128ShiftMask =
 FOREACH_SIMD_128_SHIFT_OPCODE(SIMD_SHIFT_MASK)
 #undef SIMD_SHIFT_MASK
 
+using Simd128LoadTransformMask =
+    MaskBuilder<Simd128LoadTransformOp,
+                FIELD(Simd128LoadTransformOp, transform_kind)>;
+#define SIMD_LOAD_TRANSFORM_MASK(kind)                               \
+  using kSimd128LoadTransform##kind = Simd128LoadTransformMask::For< \
+      Simd128LoadTransformOp::TransformKind::k##kind>;
+FOREACH_SIMD_128_LOAD_TRANSFORM_OPCODE(SIMD_LOAD_TRANSFORM_MASK)
+#undef SIMD_LOAD_TRANSFORM_MASK
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 #ifndef TURBOSHAFT_OPMASK_EXPORT_FIELD_MACRO_FOR_UNITTESTS
diff --git a/deps/v8/src/compiler/turboshaft/phase.h b/deps/v8/src/compiler/turboshaft/phase.h
index 8ef38115323ccc..aab23db7334233 100644
--- a/deps/v8/src/compiler/turboshaft/phase.h
+++ b/deps/v8/src/compiler/turboshaft/phase.h
@@ -5,6 +5,7 @@
 #ifndef V8_COMPILER_TURBOSHAFT_PHASE_H_
 #define V8_COMPILER_TURBOSHAFT_PHASE_H_
 
+#include <optional>
 #include <type_traits>
 
 #include "src/base/contextual.h"
@@ -126,6 +127,13 @@ struct ComponentWithZone {
   ZoneWithName<ZoneName> zone;
 };
 
+struct BuiltinComponent {
+  const CallDescriptor* call_descriptor;
+
+  BuiltinComponent(const CallDescriptor* call_descriptor)
+      : call_descriptor(call_descriptor) {}
+};
+
 struct GraphComponent : public ComponentWithZone<kGraphZoneName> {
   using ComponentWithZone::ComponentWithZone;
 
@@ -173,6 +181,7 @@ class LoopUnrollingAnalyzer;
 class WasmRevecAnalyzer;
 
 class V8_EXPORT_PRIVATE PipelineData {
+  using BuiltinComponent = detail::BuiltinComponent;
   using GraphComponent = detail::GraphComponent;
   using CodegenComponent = detail::CodegenComponent;
   using InstructionComponent = detail::InstructionComponent;
@@ -185,6 +194,7 @@ class V8_EXPORT_PRIVATE PipelineData {
                         const AssemblerOptions& assembler_options,
                         int start_source_position = kNoSourcePosition)
       : zone_stats_(zone_stats),
+        compilation_zone_(zone_stats, kCompilationZoneName),
         pipeline_kind_(pipeline_kind),
         isolate_(isolate),
         info_(info),
@@ -209,6 +219,11 @@ class V8_EXPORT_PRIVATE PipelineData {
     dependencies_ = dependencies;
   }
 
+  void InitializeBuiltinComponent(const CallDescriptor* call_descriptor) {
+    DCHECK(!builtin_component_.has_value());
+    builtin_component_.emplace(call_descriptor);
+  }
+
   void InitializeGraphComponent(SourcePositionTable* source_positions) {
     DCHECK(!graph_component_.has_value());
     graph_component_.emplace(zone_stats_);
@@ -263,7 +278,7 @@ class V8_EXPORT_PRIVATE PipelineData {
     DCHECK_EQ(assembler_options_.is_wasm,
               info()->IsWasm() || info()->IsWasmBuiltin());
 #endif
-    base::Optional<OsrHelper> osr_helper;
+    std::optional<OsrHelper> osr_helper;
     if (cg.osr_helper) osr_helper = *cg.osr_helper;
     cg.code_generator = std::make_unique<CodeGenerator>(
         cg.zone, cg.frame, linkage, sequence(), info_, isolate_,
@@ -317,6 +332,10 @@ class V8_EXPORT_PRIVATE PipelineData {
     if (!codegen_component_.has_value()) return nullptr;
     return codegen_component_->jump_optimization_info;
   }
+  const CallDescriptor* builtin_call_descriptor() const {
+    DCHECK(builtin_component_.has_value());
+    return builtin_component_->call_descriptor;
+  }
 
   bool has_graph() const {
     DCHECK_IMPLIES(graph_component_.has_value(),
@@ -362,10 +381,12 @@ class V8_EXPORT_PRIVATE PipelineData {
     runtime_call_stats_ = stats;
   }
 
-  // The {shared_zone_} outlives the entire compilation pipeline. It is shared
-  // between all phases (including code gen where the graph zone is gone
+  // The {compilation_zone} outlives the entire compilation pipeline. It is
+  // shared between all phases (including code gen where the graph zone is gone
   // already).
-  Zone* shared_zone() const { return info_->zone(); }
+  ZoneWithName<kCompilationZoneName>& compilation_zone() {
+    return compilation_zone_;
+  }
 
   TurbofanPipelineStatistics* pipeline_statistics() const {
     return pipeline_statistics_;
@@ -445,6 +466,10 @@ class V8_EXPORT_PRIVATE PipelineData {
 
  private:
   ZoneStats* zone_stats_;
+  // The {compilation_zone_} outlives the entire compilation pipeline. It is
+  // shared between all phases (including code gen where the graph zone is gone
+  // already).
+  ZoneWithName<kCompilationZoneName> compilation_zone_;
   TurboshaftPipelineKind pipeline_kind_;
   Isolate* const isolate_ = nullptr;
   OptimizedCompilationInfo* info_ = nullptr;
@@ -459,10 +484,11 @@ class V8_EXPORT_PRIVATE PipelineData {
   std::string source_position_output_;
   RuntimeCallStats* runtime_call_stats_ = nullptr;
   // Components
-  base::Optional<GraphComponent> graph_component_;
-  base::Optional<CodegenComponent> codegen_component_;
-  base::Optional<InstructionComponent> instruction_component_;
-  base::Optional<RegisterComponent> register_component_;
+  std::optional<BuiltinComponent> builtin_component_;
+  std::optional<GraphComponent> graph_component_;
+  std::optional<CodegenComponent> codegen_component_;
+  std::optional<InstructionComponent> instruction_component_;
+  std::optional<RegisterComponent> register_component_;
 
 #if V8_ENABLE_WEBASSEMBLY
   // TODO(14108): Consider splitting wasm members into its own WasmPipelineData
diff --git a/deps/v8/src/compiler/turboshaft/pipelines.cc b/deps/v8/src/compiler/turboshaft/pipelines.cc
index 440910788ccd49..dea60191184041 100644
--- a/deps/v8/src/compiler/turboshaft/pipelines.cc
+++ b/deps/v8/src/compiler/turboshaft/pipelines.cc
@@ -6,6 +6,7 @@
 
 #include "src/compiler/pipeline-data-inl.h"
 #include "src/compiler/turboshaft/csa-optimize-phase.h"
+#include "src/compiler/turboshaft/debug-feature-lowering-phase.h"
 #include "src/compiler/turboshaft/recreate-schedule-phase.h"
 
 namespace v8::internal::compiler::turboshaft {
@@ -63,6 +64,10 @@ void BuiltinPipeline::OptimizeBuiltin() {
   Run<CsaBranchEliminationPhase>();
   Run<CsaOptimizePhase>();
 
+  if (v8_flags.turboshaft_enable_debug_features) {
+    Run<DebugFeatureLoweringPhase>();
+  }
+
   Run<CodeEliminationAndSimplificationPhase>();
 }
 
diff --git a/deps/v8/src/compiler/turboshaft/pipelines.h b/deps/v8/src/compiler/turboshaft/pipelines.h
index 3a97c6406c7a06..399b8a604a1d7c 100644
--- a/deps/v8/src/compiler/turboshaft/pipelines.h
+++ b/deps/v8/src/compiler/turboshaft/pipelines.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_PIPELINES_H_
 #define V8_COMPILER_TURBOSHAFT_PIPELINES_H_
 
+#include <optional>
+
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/compiler/backend/register-allocator-verifier.h"
 #include "src/compiler/basic-block-instrumentor.h"
@@ -123,7 +125,7 @@ class Pipeline {
 
     BeginPhaseKind("V8.TFGraphCreation");
     turboshaft::Tracing::Scope tracing_scope(data_->info());
-    base::Optional<BailoutReason> bailout =
+    std::optional<BailoutReason> bailout =
         Run<turboshaft::MaglevGraphBuildingPhase>();
     EndPhaseKind();
 
@@ -146,7 +148,7 @@ class Pipeline {
     turboshaft::Tracing::Scope tracing_scope(data_->info());
 
     DCHECK(!v8_flags.turboshaft_from_maglev);
-    if (base::Optional<BailoutReason> bailout =
+    if (std::optional<BailoutReason> bailout =
             Run<turboshaft::BuildGraphPhase>(turbofan_data, linkage)) {
       info()->AbortOptimization(*bailout);
       return false;
@@ -287,7 +289,7 @@ class Pipeline {
       code_tracer = data_->GetCodeTracer();
     }
 
-    if (base::Optional<BailoutReason> bailout = Run<InstructionSelectionPhase>(
+    if (std::optional<BailoutReason> bailout = Run<InstructionSelectionPhase>(
             call_descriptor, linkage, code_tracer)) {
       data_->info()->AbortOptimization(*bailout);
       EndPhaseKind();
diff --git a/deps/v8/src/compiler/turboshaft/recreate-schedule.cc b/deps/v8/src/compiler/turboshaft/recreate-schedule.cc
index 79742bc0dbcd6a..e8070e14742586 100644
--- a/deps/v8/src/compiler/turboshaft/recreate-schedule.cc
+++ b/deps/v8/src/compiler/turboshaft/recreate-schedule.cc
@@ -189,6 +189,9 @@ TURBOSHAFT_SIMPLIFIED_OPERATION_LIST(SHOULD_HAVE_BEEN_LOWERED)
 TURBOSHAFT_OTHER_OPERATION_LIST(SHOULD_HAVE_BEEN_LOWERED)
 TURBOSHAFT_WASM_OPERATION_LIST(SHOULD_HAVE_BEEN_LOWERED)
 SHOULD_HAVE_BEEN_LOWERED(Dead)
+// {AbortCSADcheck} is not emitted in pipelines that still use
+// {RecreateSchedule}.
+SHOULD_HAVE_BEEN_LOWERED(AbortCSADcheck)
 #undef SHOULD_HAVE_BEEN_LOWERED
 
 Node* ScheduleBuilder::ProcessOperation(const WordBinopOp& op) {
@@ -408,6 +411,18 @@ Node* ScheduleBuilder::ProcessOperation(const WordUnaryOp& op) {
   }
   return AddNode(o, {GetNode(op.input())});
 }
+
+Node* ScheduleBuilder::ProcessOperation(const OverflowCheckedUnaryOp& op) {
+  bool word64 = op.rep == WordRepresentation::Word64();
+  const Operator* o;
+  switch (op.kind) {
+    case OverflowCheckedUnaryOp::Kind::kAbs:
+      o = word64 ? machine.Int64AbsWithOverflow().op()
+                 : machine.Int32AbsWithOverflow().op();
+  }
+  return AddNode(o, {GetNode(op.input())});
+}
+
 Node* ScheduleBuilder::ProcessOperation(const FloatUnaryOp& op) {
   DCHECK(FloatUnaryOp::IsSupported(op.kind, op.rep));
   bool float64 = op.rep == FloatRepresentation::Float64();
@@ -1059,14 +1074,16 @@ Node* ScheduleBuilder::ProcessOperation(const ConstantOp& op) {
       return AddNode(common.HeapConstant(op.handle()), {});
     case ConstantOp::Kind::kCompressedHeapObject:
       return AddNode(common.CompressedHeapConstant(op.handle()), {});
+    case ConstantOp::Kind::kTrustedHeapObject:
+      return AddNode(common.TrustedHeapConstant(op.handle()), {});
     case ConstantOp::Kind::kNumber:
-      return AddNode(common.NumberConstant(op.number()), {});
+      return AddNode(common.NumberConstant(op.number().get_scalar()), {});
     case ConstantOp::Kind::kTaggedIndex:
       return AddNode(common.TaggedIndexConstant(op.tagged_index()), {});
     case ConstantOp::Kind::kFloat64:
-      return AddNode(common.Float64Constant(op.float64()), {});
+      return AddNode(common.Float64Constant(op.float64().get_scalar()), {});
     case ConstantOp::Kind::kFloat32:
-      return AddNode(common.Float32Constant(op.float32()), {});
+      return AddNode(common.Float32Constant(op.float32().get_scalar()), {});
     case ConstantOp::Kind::kRelocatableWasmCall:
       return RelocatableIntPtrConstant(op.integral(), RelocInfo::WASM_CALL);
     case ConstantOp::Kind::kRelocatableWasmStubCall:
@@ -1668,6 +1685,10 @@ Node* ScheduleBuilder::ProcessOperation(const Simd128UnaryOp& op) {
   }
 }
 
+Node* ScheduleBuilder::ProcessOperation(const Simd128ReduceOp& op) {
+  UNIMPLEMENTED();
+}
+
 Node* ScheduleBuilder::ProcessOperation(const Simd128ShiftOp& op) {
   switch (op.kind) {
 #define HANDLE_KIND(kind)             \
@@ -1730,6 +1751,9 @@ Node* ScheduleBuilder::ProcessOperation(const Simd128ExtractLaneOp& op) {
     case Simd128ExtractLaneOp::Kind::kI64x2:
       o = machine.I64x2ExtractLane(op.lane);
       break;
+    case Simd128ExtractLaneOp::Kind::kF16x8:
+      o = machine.F16x8ExtractLane(op.lane);
+      break;
     case Simd128ExtractLaneOp::Kind::kF32x4:
       o = machine.F32x4ExtractLane(op.lane);
       break;
@@ -1756,6 +1780,9 @@ Node* ScheduleBuilder::ProcessOperation(const Simd128ReplaceLaneOp& op) {
     case Simd128ReplaceLaneOp::Kind::kI64x2:
       o = machine.I64x2ReplaceLane(op.lane);
       break;
+    case Simd128ReplaceLaneOp::Kind::kF16x8:
+      o = machine.F16x8ReplaceLane(op.lane);
+      break;
     case Simd128ReplaceLaneOp::Kind::kF32x4:
       o = machine.F32x4ReplaceLane(op.lane);
       break;
diff --git a/deps/v8/src/compiler/turboshaft/representations.h b/deps/v8/src/compiler/turboshaft/representations.h
index fd7deadaa6d4ff..6594fd37be4713 100644
--- a/deps/v8/src/compiler/turboshaft/representations.h
+++ b/deps/v8/src/compiler/turboshaft/representations.h
@@ -754,6 +754,7 @@ class MemoryRepresentation {
       case Uint64():
         return MachineType::Uint64();
       case Float16():
+        return MachineType::Float16();
       case Float32():
         return MachineType::Float32();
       case Float64():
diff --git a/deps/v8/src/compiler/turboshaft/runtime-call-descriptors.h b/deps/v8/src/compiler/turboshaft/runtime-call-descriptors.h
index 20682000abaab2..b8fcc2a88ac0e5 100644
--- a/deps/v8/src/compiler/turboshaft/runtime-call-descriptors.h
+++ b/deps/v8/src/compiler/turboshaft/runtime-call-descriptors.h
@@ -75,6 +75,13 @@ struct RuntimeCallDescriptor {
 #endif  // DEBUG
   };
 
+  // TODO(nicohartmann@): Unfortunately, we cannot define builtins with
+  // void/never return types properly (e.g. in Torque), but they typically have
+  // a JSAny dummy return type. Use Void/Never sentinels to express that in
+  // Turboshaft's descriptors. We should find a better way to model this.
+  using Void = V<Any>;
+  using Never = V<Any>;
+
  public:
   struct Abort : public Descriptor<Abort> {
     static constexpr auto kFunction = Runtime::kAbort;
@@ -96,6 +103,26 @@ struct RuntimeCallDescriptor {
         Operator::kNoDeopt | Operator::kNoThrow;
   };
 
+  struct DebugPrint : public Descriptor<DebugPrint> {
+    static constexpr auto kFunction = Runtime::kDebugPrint;
+    using arguments_t = std::tuple<V<Object>>;
+    using result_t = Void;  // No actual result
+
+    static constexpr bool kNeedsFrameState = false;
+    static constexpr Operator::Properties kProperties =
+        Operator::kNoDeopt | Operator::kNoThrow;
+  };
+
+  struct StackGuard : public Descriptor<StackGuard> {
+    static constexpr auto kFunction = Runtime::kStackGuard;
+    using arguments_t = std::tuple<>;
+    using result_t = V<Object>;
+
+    static constexpr bool kNeedsFrameState = false;
+    // TODO(nicohartmann@): Verify this.
+    static constexpr Operator::Properties kProperties = Operator::kNoProperties;
+  };
+
   struct StackGuardWithGap : public Descriptor<StackGuardWithGap> {
     static constexpr auto kFunction = Runtime::kStackGuardWithGap;
     using arguments_t = std::tuple<V<Smi>>;
@@ -192,7 +219,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<V<Object>>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -205,7 +232,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -217,7 +244,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<V<Object>, V<Object>>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -229,7 +256,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -240,7 +267,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -251,7 +278,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<V<Object>>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
@@ -263,7 +290,7 @@ struct RuntimeCallDescriptor {
     using arguments_t = std::tuple<>;
     // Doesn't actually return something, but the actual runtime call descriptor
     // (returned by Linkage::GetRuntimeCallDescriptor) returns 1 instead of 0.
-    using result_t = V<Object>;
+    using result_t = Never;
 
     static constexpr bool kNeedsFrameState = true;
     static constexpr Operator::Properties kProperties = Operator::kNoProperties;
diff --git a/deps/v8/src/compiler/turboshaft/snapshot-table-opindex.h b/deps/v8/src/compiler/turboshaft/snapshot-table-opindex.h
index e8db69f188a192..733ef197ebcbaa 100644
--- a/deps/v8/src/compiler/turboshaft/snapshot-table-opindex.h
+++ b/deps/v8/src/compiler/turboshaft/snapshot-table-opindex.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_SNAPSHOT_TABLE_OPINDEX_H_
 #define V8_COMPILER_TURBOSHAFT_SNAPSHOT_TABLE_OPINDEX_H_
 
+#include <optional>
+
 #include "src/compiler/turboshaft/index.h"
 #include "src/compiler/turboshaft/snapshot-table.h"
 
@@ -52,10 +54,10 @@ class SparseOpIndexSnapshotTable : public SnapshotTable<Value, KeyData> {
     return indices_to_keys_.find(idx) != indices_to_keys_.end();
   }
 
-  base::Optional<Key> TryGetKeyFor(OpIndex idx) const {
+  std::optional<Key> TryGetKeyFor(OpIndex idx) const {
     auto it = indices_to_keys_.find(idx);
     if (it != indices_to_keys_.end()) return it->second;
-    return base::nullopt;
+    return std::nullopt;
   }
 
  private:
diff --git a/deps/v8/src/compiler/turboshaft/stack-check-lowering-reducer.h b/deps/v8/src/compiler/turboshaft/stack-check-lowering-reducer.h
index fa00ea8e190e47..e0a35a9023ac37 100644
--- a/deps/v8/src/compiler/turboshaft/stack-check-lowering-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/stack-check-lowering-reducer.h
@@ -23,13 +23,34 @@ class StackCheckLoweringReducer : public Next {
  public:
   TURBOSHAFT_REDUCER_BOILERPLATE(StackCheckLowering)
 
-  V<None> REDUCE(JSStackCheck)(V<Context> context, V<FrameState> frame_state,
+  V<None> REDUCE(JSStackCheck)(V<Context> context,
+                               OptionalV<FrameState> frame_state,
                                JSStackCheckOp::Kind kind) {
     switch (kind) {
       case JSStackCheckOp::Kind::kFunctionEntry: {
-        IF_NOT (LIKELY(CheckStackLimit(StackCheckKind::kJSFunctionEntry))) {
-          __ CallRuntime_StackGuardWithGap(isolate(), frame_state, context,
-                                           __ StackCheckOffset());
+        // Loads of the stack limit should not be load-eliminated as it can be
+        // modified by another thread.
+        V<WordPtr> limit =
+            __ Load(__ ExternalConstant(
+                        ExternalReference::address_of_jslimit(isolate())),
+                    LoadOp::Kind::RawAligned().NotLoadEliminable(),
+                    MemoryRepresentation::UintPtr());
+
+        IF_NOT (LIKELY(__ StackPointerGreaterThan(
+                    limit, StackCheckKind::kJSFunctionEntry))) {
+          __ CallRuntime_StackGuardWithGap(isolate(), frame_state.value(),
+                                           context, __ StackCheckOffset());
+        }
+        break;
+      }
+      case JSStackCheckOp::Kind::kBuiltinEntry: {
+        V<WordPtr> stack_limit = __ LoadOffHeap(
+            __ ExternalConstant(
+                ExternalReference::address_of_jslimit(isolate())),
+            MemoryRepresentation::UintPtr());
+        IF_NOT (LIKELY(__ StackPointerGreaterThan(
+                    stack_limit, StackCheckKind::kCodeStubAssembler))) {
+          __ CallRuntime_StackGuard(isolate(), context);
         }
         break;
       }
@@ -42,8 +63,8 @@ class StackCheckLoweringReducer : public Next {
             MemoryRepresentation::Uint8());
 
         IF_NOT (LIKELY(__ Word32Equal(limit, 0))) {
-          __ CallRuntime_HandleNoHeapWritesInterrupts(isolate(), frame_state,
-                                                      context);
+          __ CallRuntime_HandleNoHeapWritesInterrupts(
+              isolate(), frame_state.value(), context);
         }
         break;
       }
@@ -57,7 +78,14 @@ class StackCheckLoweringReducer : public Next {
     if (kind == WasmStackCheckOp::Kind::kFunctionEntry && __ IsLeafFunction()) {
       return V<None>::Invalid();
     }
-    IF_NOT (LIKELY(CheckStackLimit(StackCheckKind::kWasm))) {
+
+    // Loads of the stack limit should not be load-eliminated as it can be
+    // modified by another thread.
+    V<WordPtr> limit = __ Load(
+        __ LoadRootRegister(), LoadOp::Kind::RawAligned().NotLoadEliminable(),
+        MemoryRepresentation::UintPtr(), IsolateData::jslimit_offset());
+
+    IF_NOT (LIKELY(__ StackPointerGreaterThan(limit, StackCheckKind::kWasm))) {
       // TODO(14108): Cache descriptor.
       V<WordPtr> builtin =
           __ RelocatableWasmBuiltinCallTarget(Builtin::kWasmStackGuard);
@@ -83,15 +111,6 @@ class StackCheckLoweringReducer : public Next {
 #endif  // V8_ENABLE_WEBASSEMBLY
 
  private:
-  V<Word32> CheckStackLimit(compiler::StackCheckKind kind) {
-    // Loads of the stack limit should not be load-eliminated as it can be
-    // modified by another thread.
-    V<WordPtr> limit = __ Load(
-        __ LoadRootRegister(), LoadOp::Kind::RawAligned().NotLoadEliminable(),
-        MemoryRepresentation::UintPtr(), IsolateData::jslimit_offset());
-    return __ StackPointerGreaterThan(limit, kind);
-  }
-
   Isolate* isolate() {
     if (!isolate_) isolate_ = __ data() -> isolate();
     return isolate_;
@@ -103,4 +122,5 @@ class StackCheckLoweringReducer : public Next {
 #include "src/compiler/turboshaft/undef-assembler-macros.inc"
 
 }  // namespace v8::internal::compiler::turboshaft
+
 #endif  // V8_COMPILER_TURBOSHAFT_STACK_CHECK_LOWERING_REDUCER_H_
diff --git a/deps/v8/src/compiler/turboshaft/store-store-elimination-reducer-inl.h b/deps/v8/src/compiler/turboshaft/store-store-elimination-reducer-inl.h
index c19514a84e8202..9537eeaf1e882c 100644
--- a/deps/v8/src/compiler/turboshaft/store-store-elimination-reducer-inl.h
+++ b/deps/v8/src/compiler/turboshaft/store-store-elimination-reducer-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_STORE_STORE_ELIMINATION_REDUCER_INL_H_
 #define V8_COMPILER_TURBOSHAFT_STORE_STORE_ELIMINATION_REDUCER_INL_H_
 
+#include <optional>
+
 #include "src/compiler/turboshaft/assembler.h"
 #include "src/compiler/turboshaft/graph.h"
 #include "src/compiler/turboshaft/operations.h"
@@ -144,7 +146,7 @@ class MaybeRedundantStoresTable
       auto successors = SuccessorBlocks(block->LastOperation(graph_));
       successor_snapshots_.clear();
       for (const Block* s : successors) {
-        base::Optional<Snapshot> s_snapshot =
+        std::optional<Snapshot> s_snapshot =
             block_to_snapshot_mapping_[s->index()];
         // When we visit the loop for the first time, the loop header hasn't
         // been visited yet, so we ignore it.
@@ -262,7 +264,7 @@ class MaybeRedundantStoresTable
   };
 
   const Graph& graph_;
-  GrowingBlockSidetable<base::Optional<Snapshot>> block_to_snapshot_mapping_;
+  GrowingBlockSidetable<std::optional<Snapshot>> block_to_snapshot_mapping_;
   ZoneAbslFlatHashMap<std::pair<OpIndex, int32_t>, Key> key_mapping_;
   // In `active_keys_`, we track the keys of all stores that arge gc-observable
   // or unobservable. Keys that are mapped to the default value (observable) are
diff --git a/deps/v8/src/compiler/turboshaft/string-view.h b/deps/v8/src/compiler/turboshaft/string-view.h
new file mode 100644
index 00000000000000..ab207abfe7a992
--- /dev/null
+++ b/deps/v8/src/compiler/turboshaft/string-view.h
@@ -0,0 +1,100 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef V8_COMPILER_TURBOSHAFT_STRING_VIEW_H_
+#define V8_COMPILER_TURBOSHAFT_STRING_VIEW_H_
+
+#include "src/compiler/turboshaft/operations.h"
+
+namespace v8::internal::compiler::turboshaft {
+
+// `StringView` implements the `ForeachIterable` concept for iterating the
+// characters of a string.
+class StringView {
+ public:
+  using value_type = V<Word32>;
+  using iterator_type = V<WordPtr>;
+
+  StringView(const DisallowGarbageCollection& can_rely_on_no_gc,
+             V<String> string, String::Encoding encoding,
+             ConstOrV<WordPtr> start_index = 0,
+             ConstOrV<WordPtr> character_count = V<WordPtr>::Invalid())
+      : string_(string),
+        encoding_(encoding),
+        start_index_(start_index),
+        character_count_(character_count),
+        can_rely_on_no_gc_(&can_rely_on_no_gc) {}
+
+  StringView(V<String> string, String::Encoding encoding,
+             ConstOrV<WordPtr> start_index = 0,
+             ConstOrV<WordPtr> character_count = V<WordPtr>::Invalid())
+      : string_(string),
+        encoding_(encoding),
+        start_index_(start_index),
+        character_count_(character_count),
+        can_rely_on_no_gc_(nullptr) {}
+
+  template <typename A>
+  iterator_type Begin(A& assembler) {
+    static_assert(OFFSET_OF_DATA_START(SeqOneByteString) ==
+                  OFFSET_OF_DATA_START(SeqTwoByteString));
+    const size_t data_offset = OFFSET_OF_DATA_START(SeqOneByteString);
+    const int stride = (encoding_ == String::ONE_BYTE_ENCODING ? 1 : 2);
+    if (can_rely_on_no_gc_ == nullptr) {
+      // TODO(nicohartmann): If we cannot rely on no GC happening during
+      // iteration, we cannot operate on raw inner pointers but have to
+      // recompute the character address from the base on each dereferencing.
+      UNIMPLEMENTED();
+    }
+    V<WordPtr> begin_offset = assembler.WordPtrAdd(
+        assembler.BitcastTaggedToWordPtr(string_),
+        assembler.WordPtrAdd(
+            data_offset - kHeapObjectTag,
+            assembler.WordPtrMul(assembler.resolve(start_index_), stride)));
+    V<WordPtr> count;
+    if (character_count_.is_constant()) {
+      count = assembler.resolve(character_count_);
+    } else if (character_count_.value().valid()) {
+      count = character_count_.value();
+    } else {
+      // TODO(nicohartmann): Load from string.
+      UNIMPLEMENTED();
+    }
+    end_offset_ =
+        assembler.WordPtrAdd(begin_offset, assembler.WordPtrMul(count, stride));
+    return begin_offset;
+  }
+
+  template <typename A>
+  OptionalV<Word32> IsEnd(A& assembler, iterator_type current_iterator) const {
+    return assembler.UintPtrLessThanOrEqual(end_offset_, current_iterator);
+  }
+
+  template <typename A>
+  iterator_type Advance(A& assembler, iterator_type current_iterator) const {
+    const int stride = (encoding_ == String::ONE_BYTE_ENCODING ? 1 : 2);
+    return assembler.WordPtrAdd(current_iterator, stride);
+  }
+
+  template <typename A>
+  value_type Dereference(A& assembler, iterator_type current_iterator) const {
+    const auto loaded_rep = encoding_ == String::ONE_BYTE_ENCODING
+                                ? MemoryRepresentation::Uint8()
+                                : MemoryRepresentation::Uint16();
+    return assembler.Load(current_iterator, LoadOp::Kind::RawAligned(),
+                          loaded_rep);
+  }
+
+ private:
+  V<String> string_;
+  String::Encoding encoding_;
+  ConstOrV<WordPtr> start_index_;
+  ConstOrV<WordPtr> character_count_;
+  V<WordPtr> end_offset_;
+  const DisallowGarbageCollection* can_rely_on_no_gc_;
+};
+
+}  // namespace v8::internal::compiler::turboshaft
+
+#endif  // V8_COMPILER_TURBOSHAFT_STRING_VIEW_H_
diff --git a/deps/v8/src/compiler/turboshaft/type-inference-analysis.h b/deps/v8/src/compiler/turboshaft/type-inference-analysis.h
index 3606d82fc22884..637fde685ebbc7 100644
--- a/deps/v8/src/compiler/turboshaft/type-inference-analysis.h
+++ b/deps/v8/src/compiler/turboshaft/type-inference-analysis.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_TYPE_INFERENCE_ANALYSIS_H_
 
 #include <limits>
+#include <optional>
 
 #include "src/base/logging.h"
 #include "src/base/vector.h"
@@ -44,7 +45,7 @@ class TypeInferenceAnalysis {
         types_(graph.op_id_count(), Type{}, graph.graph_zone(), &graph),
         table_(phase_zone),
         op_to_key_mapping_(phase_zone, &graph),
-        block_to_snapshot_mapping_(graph.block_count(), base::nullopt,
+        block_to_snapshot_mapping_(graph.block_count(), std::nullopt,
                                    phase_zone),
         predecessors_(phase_zone),
         graph_zone_(graph.graph_zone()) {}
@@ -97,7 +98,7 @@ class TypeInferenceAnalysis {
     {
       predecessors_.clear();
       for (const Block* pred : block.PredecessorsIterable()) {
-        base::Optional<table_t::Snapshot> pred_snapshot =
+        std::optional<table_t::Snapshot> pred_snapshot =
             block_to_snapshot_mapping_[pred->index()];
         if (pred_snapshot.has_value()) {
           predecessors_.push_back(pred_snapshot.value());
@@ -532,8 +533,8 @@ class TypeInferenceAnalysis {
   using table_t = SnapshotTable<Type>;
   table_t table_;
   const Block* current_block_ = nullptr;
-  GrowingOpIndexSidetable<base::Optional<table_t::Key>> op_to_key_mapping_;
-  GrowingBlockSidetable<base::Optional<table_t::Snapshot>>
+  GrowingOpIndexSidetable<std::optional<table_t::Key>> op_to_key_mapping_;
+  GrowingBlockSidetable<std::optional<table_t::Snapshot>>
       block_to_snapshot_mapping_;
   // {predecessors_} is used during merging, but we use an instance variable for
   // it, in order to save memory and not reallocate it for each merge.
diff --git a/deps/v8/src/compiler/turboshaft/type-inference-reducer.h b/deps/v8/src/compiler/turboshaft/type-inference-reducer.h
index 051109fa0981ae..df241cfd567099 100644
--- a/deps/v8/src/compiler/turboshaft/type-inference-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/type-inference-reducer.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_TYPE_INFERENCE_REDUCER_H_
 
 #include <limits>
+#include <optional>
 
 #include "src/base/logging.h"
 #include "src/base/vector.h"
@@ -191,7 +192,7 @@ class TypeInferenceReducer
     {
       predecessors_.clear();
       for (const Block* pred : new_block->PredecessorsIterable()) {
-        base::Optional<table_t::Snapshot> pred_snapshot =
+        std::optional<table_t::Snapshot> pred_snapshot =
             block_to_snapshot_mapping_[pred->index()];
         DCHECK(pred_snapshot.has_value());
         predecessors_.push_back(pred_snapshot.value());
@@ -406,7 +407,7 @@ class TypeInferenceReducer
 
   void RemoveLast(OpIndex index_of_last_operation) {
     if (op_to_key_mapping_[index_of_last_operation]) {
-      op_to_key_mapping_[index_of_last_operation] = base::nullopt;
+      op_to_key_mapping_[index_of_last_operation] = std::nullopt;
       TURBOSHAFT_TRACE_TYPING_OK(
           "REM  %3d:%-40s %-40s\n", index_of_last_operation.id(),
           Asm()
@@ -554,11 +555,11 @@ class TypeInferenceReducer
       Asm().output_graph().operation_types()};
   table_t table_{Asm().phase_zone()};
   const Block* current_block_ = nullptr;
-  GrowingOpIndexSidetable<base::Optional<table_t::Key>> op_to_key_mapping_{
+  GrowingOpIndexSidetable<std::optional<table_t::Key>> op_to_key_mapping_{
       Asm().phase_zone(), &Asm().output_graph()};
-  GrowingBlockSidetable<base::Optional<table_t::Snapshot>>
+  GrowingBlockSidetable<std::optional<table_t::Snapshot>>
       block_to_snapshot_mapping_{Asm().input_graph().block_count(),
-                                 base::nullopt, Asm().phase_zone()};
+                                 std::nullopt, Asm().phase_zone()};
   // {predecessors_} is used during merging, but we use an instance variable for
   // it, in order to save memory and not reallocate it for each merge.
   ZoneVector<table_t::Snapshot> predecessors_{Asm().phase_zone()};
diff --git a/deps/v8/src/compiler/turboshaft/type-parser.cc b/deps/v8/src/compiler/turboshaft/type-parser.cc
index 15fe1ec926524a..732ba96ff8a4ab 100644
--- a/deps/v8/src/compiler/turboshaft/type-parser.cc
+++ b/deps/v8/src/compiler/turboshaft/type-parser.cc
@@ -4,9 +4,11 @@
 
 #include "src/compiler/turboshaft/type-parser.h"
 
+#include <optional>
+
 namespace v8::internal::compiler::turboshaft {
 
-base::Optional<Type> TypeParser::ParseType() {
+std::optional<Type> TypeParser::ParseType() {
   if (ConsumeIf("Word32")) {
     if (IsNext("{")) return ParseSet<Word32Type>();
     if (IsNext("[")) return ParseRange<Word32Type>();
@@ -26,7 +28,7 @@ base::Optional<Type> TypeParser::ParseType() {
     if (IsNext("[")) return ParseRange<Float64Type>();
     return Float64Type::Any();
   } else {
-    return base::nullopt;
+    return std::nullopt;
   }
 }
 
diff --git a/deps/v8/src/compiler/turboshaft/type-parser.h b/deps/v8/src/compiler/turboshaft/type-parser.h
index fa0a747b46d2d8..5ddf13d0aeeefb 100644
--- a/deps/v8/src/compiler/turboshaft/type-parser.h
+++ b/deps/v8/src/compiler/turboshaft/type-parser.h
@@ -5,6 +5,8 @@
 #ifndef V8_COMPILER_TURBOSHAFT_TYPE_PARSER_H_
 #define V8_COMPILER_TURBOSHAFT_TYPE_PARSER_H_
 
+#include <optional>
+
 #include "src/compiler/turboshaft/types.h"
 
 namespace v8::internal::compiler::turboshaft {
@@ -20,26 +22,26 @@ class TypeParser {
   explicit TypeParser(const std::string_view& str, Zone* zone)
       : str_(str), zone_(zone) {}
 
-  base::Optional<Type> Parse() {
-    base::Optional<Type> type = ParseType();
+  std::optional<Type> Parse() {
+    std::optional<Type> type = ParseType();
     // Skip trailing whitespace.
     while (pos_ < str_.length() && str_[pos_] == ' ') ++pos_;
-    if (pos_ < str_.length()) return base::nullopt;
+    if (pos_ < str_.length()) return std::nullopt;
     return type;
   }
 
  private:
-  base::Optional<Type> ParseType();
+  std::optional<Type> ParseType();
 
   template <typename T>
-  base::Optional<T> ParseRange() {
-    if (!ConsumeIf("[")) return base::nullopt;
+  std::optional<T> ParseRange() {
+    if (!ConsumeIf("[")) return std::nullopt;
     auto from = ReadValue<typename T::value_type>();
-    if (!from) return base::nullopt;
-    if (!ConsumeIf(",")) return base::nullopt;
+    if (!from) return std::nullopt;
+    if (!ConsumeIf(",")) return std::nullopt;
     auto to = ReadValue<typename T::value_type>();
-    if (!to) return base::nullopt;
-    if (!ConsumeIf("]")) return base::nullopt;
+    if (!to) return std::nullopt;
+    if (!ConsumeIf("]")) return std::nullopt;
     if constexpr (!std::is_same_v<T, Word32Type> &&
                   !std::is_same_v<T, Word64Type>) {
       CHECK_LE(*from, *to);
@@ -48,27 +50,27 @@ class TypeParser {
   }
 
   template <typename T>
-  base::Optional<T> ParseSet() {
-    if (!ConsumeIf("{")) return base::nullopt;
+  std::optional<T> ParseSet() {
+    if (!ConsumeIf("{")) return std::nullopt;
     auto elements = ParseSetElements<typename T::value_type>();
-    if (!elements) return base::nullopt;
-    if (!ConsumeIf("}")) return base::nullopt;
+    if (!elements) return std::nullopt;
+    if (!ConsumeIf("}")) return std::nullopt;
     CHECK_LT(0, elements->size());
     CHECK_LE(elements->size(), T::kMaxSetSize);
     return T::Set(*elements, zone_);
   }
 
   template <typename T>
-  base::Optional<std::vector<T>> ParseSetElements() {
+  std::optional<std::vector<T>> ParseSetElements() {
     std::vector<T> elements;
     if (IsNext("}")) return elements;
     while (true) {
       auto element_opt = ReadValue<T>();
-      if (!element_opt) return base::nullopt;
+      if (!element_opt) return std::nullopt;
       elements.push_back(*element_opt);
 
       if (IsNext("}")) break;
-      if (!ConsumeIf(",")) return base::nullopt;
+      if (!ConsumeIf(",")) return std::nullopt;
     }
     base::sort(elements);
     elements.erase(std::unique(elements.begin(), elements.end()),
@@ -94,7 +96,7 @@ class TypeParser {
   }
 
   template <typename T>
-  base::Optional<T> ReadValue() {
+  std::optional<T> ReadValue() {
     T result;
     size_t read = 0;
     // TODO(nicohartmann@): Ideally we want to avoid this string construction
@@ -109,7 +111,7 @@ class TypeParser {
     } else if constexpr (std::is_same_v<T, double>) {
       result = std::stod(s, &read);
     }
-    if (read == 0) return base::nullopt;
+    if (read == 0) return std::nullopt;
     pos_ += read;
     return result;
   }
diff --git a/deps/v8/src/compiler/turboshaft/typer.h b/deps/v8/src/compiler/turboshaft/typer.h
index 8483dea0d0c34e..a287ec2e0a31c9 100644
--- a/deps/v8/src/compiler/turboshaft/typer.h
+++ b/deps/v8/src/compiler/turboshaft/typer.h
@@ -1174,13 +1174,15 @@ class Typer {
   static Type TypeConstant(ConstantOp::Kind kind, ConstantOp::Storage value) {
     switch (kind) {
       case ConstantOp::Kind::kFloat32:
-        if (std::isnan(value.float32)) return Float32Type::NaN();
-        if (IsMinusZero(value.float32)) return Float32Type::MinusZero();
-        return Float32Type::Constant(value.float32);
+        if (value.float32.is_nan()) return Float32Type::NaN();
+        if (IsMinusZero(value.float32.get_scalar()))
+          return Float32Type::MinusZero();
+        return Float32Type::Constant(value.float32.get_scalar());
       case ConstantOp::Kind::kFloat64:
-        if (std::isnan(value.float64)) return Float64Type::NaN();
-        if (IsMinusZero(value.float64)) return Float64Type::MinusZero();
-        return Float64Type::Constant(value.float64);
+        if (value.float64.is_nan()) return Float64Type::NaN();
+        if (IsMinusZero(value.float64.get_scalar()))
+          return Float64Type::MinusZero();
+        return Float64Type::Constant(value.float64.get_scalar());
       case ConstantOp::Kind::kWord32:
         return Word32Type::Constant(static_cast<uint32_t>(value.integral));
       case ConstantOp::Kind::kWord64:
diff --git a/deps/v8/src/compiler/turboshaft/types.cc b/deps/v8/src/compiler/turboshaft/types.cc
index 2914e728374ade..918be3b0af4c39 100644
--- a/deps/v8/src/compiler/turboshaft/types.cc
+++ b/deps/v8/src/compiler/turboshaft/types.cc
@@ -4,6 +4,7 @@
 
 #include "src/compiler/turboshaft/types.h"
 
+#include <optional>
 #include <sstream>
 #include <string_view>
 
@@ -143,8 +144,8 @@ Type Type::LeastUpperBound(const Type& lhs, const Type& rhs, Zone* zone) {
   }
 }
 
-base::Optional<Type> Type::ParseFromString(const std::string_view& str,
-                                           Zone* zone) {
+std::optional<Type> Type::ParseFromString(const std::string_view& str,
+                                          Zone* zone) {
   TypeParser parser(str, zone);
   return parser.Parse();
 }
diff --git a/deps/v8/src/compiler/turboshaft/types.h b/deps/v8/src/compiler/turboshaft/types.h
index bc4beeceeec7de..d47a97212b1d67 100644
--- a/deps/v8/src/compiler/turboshaft/types.h
+++ b/deps/v8/src/compiler/turboshaft/types.h
@@ -7,6 +7,7 @@
 
 #include <cmath>
 #include <limits>
+#include <optional>
 
 #include "src/base/container-utils.h"
 #include "src/base/export-template.h"
@@ -260,8 +261,8 @@ class V8_EXPORT_PRIVATE Type {
 
   // Other functions
   static Type LeastUpperBound(const Type& lhs, const Type& rhs, Zone* zone);
-  static base::Optional<Type> ParseFromString(const std::string_view& str,
-                                              Zone* zone);
+  static std::optional<Type> ParseFromString(const std::string_view& str,
+                                             Zone* zone);
   Handle<TurboshaftType> AllocateOnHeap(Factory* factory) const;
 
  protected:
@@ -445,8 +446,8 @@ class WordType : public Type {
                                         set_size());
     }
   }
-  base::Optional<word_t> try_get_constant() const {
-    if (!is_constant()) return base::nullopt;
+  std::optional<word_t> try_get_constant() const {
+    if (!is_constant()) return std::nullopt;
     DCHECK(is_set());
     DCHECK_EQ(set_size(), 1);
     return set_element(0);
@@ -711,8 +712,8 @@ class FloatType : public Type {
     }
   }
   std::pair<float_t, float_t> minmax() const { return {min(), max()}; }
-  base::Optional<float_t> try_get_constant() const {
-    if (!is_constant()) return base::nullopt;
+  std::optional<float_t> try_get_constant() const {
+    if (!is_constant()) return std::nullopt;
     DCHECK(is_set());
     DCHECK_EQ(set_size(), 1);
     return set_element(0);
diff --git a/deps/v8/src/compiler/turboshaft/undef-assembler-macros.inc b/deps/v8/src/compiler/turboshaft/undef-assembler-macros.inc
index 8df36ff70483d1..61ddf8b1e95ae8 100644
--- a/deps/v8/src/compiler/turboshaft/undef-assembler-macros.inc
+++ b/deps/v8/src/compiler/turboshaft/undef-assembler-macros.inc
@@ -21,6 +21,9 @@
 #undef BREAK
 #undef CONTINUE
 #undef ELSE
+#undef FOREACH
+#undef FOREACH_IMPL_2
+#undef FOREACH_IMPL_3
 #undef GOTO
 #undef GOTO_IF
 #undef GOTO_IF_NOT
@@ -29,6 +32,7 @@
 #undef LIKLEY
 #undef REDUCE
 #undef REDUCE_INPUT_GRAPH
+#undef TSA_DCHECK
 #undef UNLIKELY
 #undef WHILE
 
diff --git a/deps/v8/src/compiler/turboshaft/variable-reducer.h b/deps/v8/src/compiler/turboshaft/variable-reducer.h
index 1c402b52a6e520..ea320737406734 100644
--- a/deps/v8/src/compiler/turboshaft/variable-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/variable-reducer.h
@@ -6,6 +6,7 @@
 #define V8_COMPILER_TURBOSHAFT_VARIABLE_REDUCER_H_
 
 #include <algorithm>
+#include <optional>
 
 #include "src/base/logging.h"
 #include "src/codegen/machine-type.h"
@@ -97,7 +98,7 @@ class VariableReducer : public RequiredOptimizationReducer<AfterNext> {
 
     predecessors_.clear();
     for (const Block* pred : new_block->PredecessorsIterable()) {
-      base::Optional<Snapshot> pred_snapshot =
+      std::optional<Snapshot> pred_snapshot =
           block_to_snapshot_mapping_[pred->index()];
       DCHECK(pred_snapshot.has_value());
       predecessors_.push_back(pred_snapshot.value());
@@ -308,8 +309,8 @@ class VariableReducer : public RequiredOptimizationReducer<AfterNext> {
 
   VariableTable table_{__ phase_zone()};
   const Block* current_block_ = nullptr;
-  GrowingBlockSidetable<base::Optional<Snapshot>> block_to_snapshot_mapping_{
-      __ input_graph().block_count(), base::nullopt, __ phase_zone()};
+  GrowingBlockSidetable<std::optional<Snapshot>> block_to_snapshot_mapping_{
+      __ input_graph().block_count(), std::nullopt, __ phase_zone()};
   bool is_temporary_ = false;
 
   // {predecessors_} is used during merging, but we use an instance variable for
@@ -319,7 +320,7 @@ class VariableReducer : public RequiredOptimizationReducer<AfterNext> {
   // Map from loop headers to the pending loop phis in these headers which have
   // to be patched on backedges.
   ZoneAbslFlatHashMap<BlockIndex,
-                      base::Optional<ZoneVector<std::pair<Variable, OpIndex>>>>
+                      std::optional<ZoneVector<std::pair<Variable, OpIndex>>>>
       loop_pending_phis_{__ phase_zone()};
 };
 
diff --git a/deps/v8/src/compiler/turboshaft/wasm-load-elimination-reducer.h b/deps/v8/src/compiler/turboshaft/wasm-load-elimination-reducer.h
index ee5aa71fa17c64..35a1e1327c5e86 100644
--- a/deps/v8/src/compiler/turboshaft/wasm-load-elimination-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/wasm-load-elimination-reducer.h
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #if !V8_ENABLE_WEBASSEMBLY
 #error This header should only be included if WebAssembly is enabled.
 #endif  // !V8_ENABLE_WEBASSEMBLY
@@ -491,7 +493,7 @@ class WasmLoadEliminationAnalyzer {
     AliasSnapshot alias_snapshot;
     MemorySnapshot memory_snapshot;
   };
-  FixedBlockSidetable<base::Optional<Snapshot>> block_to_snapshot_mapping_;
+  FixedBlockSidetable<std::optional<Snapshot>> block_to_snapshot_mapping_;
 
   // {predecessor_alias_napshots_}, {predecessor_maps_snapshots_} and
   // {predecessor_memory_snapshots_} are used as temporary vectors when starting
diff --git a/deps/v8/src/compiler/turboshaft/wasm-lowering-reducer.h b/deps/v8/src/compiler/turboshaft/wasm-lowering-reducer.h
index f466d09485a261..c86d69f35a672c 100644
--- a/deps/v8/src/compiler/turboshaft/wasm-lowering-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/wasm-lowering-reducer.h
@@ -153,8 +153,8 @@ class WasmLoweringReducer : public Next {
 
     // Convert HeapNumber to SMI if possible.
     BIND(heap_number_label);
-    V<Float64> float_value = __ template LoadField<Float64>(
-        object, AccessBuilder::ForHeapNumberValue());
+    V<Float64> float_value =
+        __ LoadHeapNumberValue(V<HeapNumber>::Cast(object));
     // Check range of float value.
     GOTO_IF(__ Float64LessThan(float_value, __ Float64Constant(kInt31MinValue)),
             end_label, object);
diff --git a/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.cc b/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.cc
index 740c5c43f5a2af..71986a49c5ab06 100644
--- a/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.cc
+++ b/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/turboshaft/wasm-revec-reducer.h"
 
+#include <optional>
+
 #include "src/base/logging.h"
 #include "src/compiler/turboshaft/opmasks.h"
 #include "src/wasm/simd-shuffle.h"
@@ -111,7 +113,7 @@ class StoreLoadInfo {
     index_ = change_input;
   }
 
-  base::Optional<int> operator-(const StoreLoadInfo<Op>& rhs) const {
+  std::optional<int> operator-(const StoreLoadInfo<Op>& rhs) const {
     DCHECK(IsValid() && rhs.IsValid());
     bool calculatable = base_ == rhs.base_ && index_ == rhs.index_;
 
@@ -1042,8 +1044,15 @@ bool WasmRevecAnalyzer::DecideVectorize() {
           return;
         }
 
+#ifdef V8_TARGET_ARCH_X64
+        // On x64 platform, we dont emit extract for lane 0 as the source ymm
+        // register is alias to the corresponding xmm register in lower 128-bit.
+        for (int i = 1; i < static_cast<int>(nodes.size()); i++) {
+          if (nodes[i] == nodes[0]) continue;
+#else
         for (int i = 0; i < static_cast<int>(nodes.size()); i++) {
           if (i > 0 && nodes[i] == nodes[0]) continue;
+#endif  // V8_TARGET_ARCH_X64
 
           for (auto use : use_map_->uses(nodes[i])) {
             if (!GetPackNode(use)) {
diff --git a/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.h b/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.h
index 56602a9d1f2153..d89c9221218c7b 100644
--- a/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.h
+++ b/deps/v8/src/compiler/turboshaft/wasm-revec-reducer.h
@@ -354,6 +354,7 @@ class ShufflePackNode : public PackNode {
       return param_.shufps_control;
     }
 #endif  // V8_TARGET_ARCH_X64
+
    private:
     Kind kind_;
     Param param_;
diff --git a/deps/v8/src/compiler/turboshaft/zone-with-name.h b/deps/v8/src/compiler/turboshaft/zone-with-name.h
index 9edbba6437a684..a2f90377e8828d 100644
--- a/deps/v8/src/compiler/turboshaft/zone-with-name.h
+++ b/deps/v8/src/compiler/turboshaft/zone-with-name.h
@@ -39,10 +39,21 @@ class ZoneWithNamePointerImpl final {
 
   ZoneWithNamePointerImpl(const ZoneWithNamePointerImpl&) V8_NOEXCEPT = default;
   ZoneWithNamePointerImpl(ZoneWithNamePointerImpl&&) V8_NOEXCEPT = default;
+  template <typename U, typename = std::enable_if_t<
+                            std::is_convertible_v<U*, pointer_type>>>
+  ZoneWithNamePointerImpl(const ZoneWithNamePointerImpl<U, Name>& other)
+      V8_NOEXCEPT  // NOLINT(runtime/explicit)
+      : ptr_(static_cast<U*>(other)) {}
   ZoneWithNamePointerImpl& operator=(const ZoneWithNamePointerImpl&)
       V8_NOEXCEPT = default;
   ZoneWithNamePointerImpl& operator=(ZoneWithNamePointerImpl&&)
       V8_NOEXCEPT = default;
+  template <typename U, typename = std::enable_if_t<
+                            std::is_convertible_v<U*, pointer_type>>>
+  ZoneWithNamePointerImpl& operator=(
+      const ZoneWithNamePointerImpl<U, Name>& other) V8_NOEXCEPT {
+    ptr_ = static_cast<U*>(other);
+  }
 
   operator pointer_type() const { return get(); }  // NOLINT(runtime/explicit)
   T& operator*() const { return *get(); }
@@ -91,6 +102,12 @@ class ZoneWithName final {
         get()->template New<T>(std::forward<Args>(args)...)};
   }
 
+  template <typename T>
+  ZoneWithNamePointer<T, Name> AllocateArray(size_t length) {
+    return ZoneWithNamePointer<T, Name>{
+        get()->template AllocateArray<T>(length)};
+  }
+
   Zone* get() { return scope_.zone(); }
   operator Zone*() { return get(); }  // NOLINT(runtime/explicit)
   Zone* operator->() { return get(); }
diff --git a/deps/v8/src/compiler/typed-optimization.cc b/deps/v8/src/compiler/typed-optimization.cc
index 859213ca432cc0..7fe49983bccbac 100644
--- a/deps/v8/src/compiler/typed-optimization.cc
+++ b/deps/v8/src/compiler/typed-optimization.cc
@@ -4,7 +4,8 @@
 
 #include "src/compiler/typed-optimization.h"
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/compiler/compilation-dependencies.h"
 #include "src/compiler/js-graph.h"
 #include "src/compiler/js-heap-broker.h"
@@ -426,7 +427,7 @@ Reduction TypedOptimization::ReduceReferenceEqual(Node* node) {
   }
   if (rhs_type.Is(Type::Boolean()) && rhs_type.IsHeapConstant() &&
       lhs_type.Is(Type::Boolean())) {
-    base::Optional<bool> maybe_result =
+    std::optional<bool> maybe_result =
         rhs_type.AsHeapConstant()->Ref().TryGetBooleanValue(broker());
     if (maybe_result.has_value()) {
       if (maybe_result.value()) {
@@ -851,7 +852,7 @@ Reduction TypedOptimization::ReduceJSToNumberInput(Node* input) {
     HeapObjectMatcher m(input);
     if (m.HasResolvedValue() && m.Ref(broker()).IsString()) {
       StringRef input_value = m.Ref(broker()).AsString();
-      base::Optional<double> number = input_value.ToNumber(broker());
+      std::optional<double> number = input_value.ToNumber(broker());
       if (!number.has_value()) return NoChange();
       return Replace(jsgraph()->ConstantNoHole(number.value()));
     }
diff --git a/deps/v8/src/compiler/typer.cc b/deps/v8/src/compiler/typer.cc
index 5b896d3800dc06..0e8c45aecc5e7d 100644
--- a/deps/v8/src/compiler/typer.cc
+++ b/deps/v8/src/compiler/typer.cc
@@ -912,6 +912,10 @@ Type Typer::Visitor::TypeHeapConstant(Node* node) {
 
 Type Typer::Visitor::TypeCompressedHeapConstant(Node* node) { UNREACHABLE(); }
 
+Type Typer::Visitor::TypeTrustedHeapConstant(Node* node) {
+  return TypeConstant(HeapConstantOf(node->op()));
+}
+
 Type Typer::Visitor::TypeExternalConstant(Node* node) {
   return Type::ExternalPointer();
 }
diff --git a/deps/v8/src/compiler/types.cc b/deps/v8/src/compiler/types.cc
index c3add3ee51db89..40d959e75895c2 100644
--- a/deps/v8/src/compiler/types.cc
+++ b/deps/v8/src/compiler/types.cc
@@ -409,6 +409,9 @@ Type::bitset BitsetType::Lub(MapRefLike map, JSHeapBroker* broker) {
     case UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE:
     case UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE:
     case COVERAGE_INFO_TYPE:
+    case REG_EXP_DATA_TYPE:
+    case ATOM_REG_EXP_DATA_TYPE:
+    case IR_REG_EXP_DATA_TYPE:
 #if V8_ENABLE_WEBASSEMBLY
     case WASM_TYPE_INFO_TYPE:
 #endif  // V8_ENABLE_WEBASSEMBLY
diff --git a/deps/v8/src/compiler/use-info.h b/deps/v8/src/compiler/use-info.h
index 84cb5e6dd5811d..31c6d21c4c2e81 100644
--- a/deps/v8/src/compiler/use-info.h
+++ b/deps/v8/src/compiler/use-info.h
@@ -12,7 +12,13 @@
 
 namespace v8::internal::compiler {
 
-enum IdentifyZeros : uint8_t { kIdentifyZeros, kDistinguishZeros };
+// Enum to specify if `+0` and `-0` should be treated as the same value.
+enum IdentifyZeros : uint8_t {
+  // `+0` and `-0` should be treated as the same value.
+  kIdentifyZeros,
+  // `+0` and `-0` should be treated as different values.
+  kDistinguishZeros
+};
 
 class Truncation;
 size_t hash_value(const Truncation&);
diff --git a/deps/v8/src/compiler/verifier.cc b/deps/v8/src/compiler/verifier.cc
index df45225301fe75..aa7430cd3d7032 100644
--- a/deps/v8/src/compiler/verifier.cc
+++ b/deps/v8/src/compiler/verifier.cc
@@ -458,6 +458,7 @@ void Verifier::Visitor::Check(Node* node, const AllNodes& all) {
       break;
     case IrOpcode::kHeapConstant:
     case IrOpcode::kCompressedHeapConstant:
+    case IrOpcode::kTrustedHeapConstant:
       // Constants have no inputs.
       CHECK_EQ(0, input_count);
       CheckTypeIs(node, Type::Any());
diff --git a/deps/v8/src/compiler/wasm-call-descriptors.cc b/deps/v8/src/compiler/wasm-call-descriptors.cc
index 8dca33c3237d0e..f26fcf16658a08 100644
--- a/deps/v8/src/compiler/wasm-call-descriptors.cc
+++ b/deps/v8/src/compiler/wasm-call-descriptors.cc
@@ -12,33 +12,28 @@ namespace v8::internal::compiler {
 
 WasmCallDescriptors::WasmCallDescriptors(AccountingAllocator* allocator)
     : zone_(new Zone(allocator, "wasm_call_descriptors")) {
-  for (int i = 0; i < kNumCallModes; i++) {
-    bigint_to_i64_descriptors_[i] = compiler::GetBuiltinCallDescriptor(
-        Builtin::kBigIntToI64, zone_.get(), static_cast<StubCallMode>(i));
-    bigint_to_i64_descriptor_with_framestate_ =
-        compiler::GetBuiltinCallDescriptor(Builtin::kBigIntToI64, zone_.get(),
-                                           StubCallMode::kCallBuiltinPointer,
-                                           true);
+  bigint_to_i64_descriptor_ = compiler::GetBuiltinCallDescriptor(
+      Builtin::kBigIntToI64, zone_.get(), StubCallMode::kCallBuiltinPointer);
+  bigint_to_i64_descriptor_with_framestate_ =
+      compiler::GetBuiltinCallDescriptor(Builtin::kBigIntToI64, zone_.get(),
+                                         StubCallMode::kCallBuiltinPointer,
+                                         true);
 #if V8_TARGET_ARCH_32_BIT
-    bigint_to_i32pair_descriptors_[i] = compiler::GetBuiltinCallDescriptor(
-        Builtin::kBigIntToI32Pair, zone_.get(), static_cast<StubCallMode>(i));
-    bigint_to_i32pair_descriptor_with_framestate_ =
-        compiler::GetBuiltinCallDescriptor(
-            Builtin::kBigIntToI32Pair, zone_.get(),
-            StubCallMode::kCallBuiltinPointer, true);
+  bigint_to_i32pair_descriptor_ =
+      compiler::GetBuiltinCallDescriptor(Builtin::kBigIntToI32Pair, zone_.get(),
+                                         StubCallMode::kCallBuiltinPointer);
+  bigint_to_i32pair_descriptor_with_framestate_ =
+      compiler::GetBuiltinCallDescriptor(Builtin::kBigIntToI32Pair, zone_.get(),
+                                         StubCallMode::kCallBuiltinPointer,
+                                         true);
 #endif  // V8_TARGET_ARCH_32_BIT
-  }
 }
 
 #if V8_TARGET_ARCH_32_BIT
 compiler::CallDescriptor* WasmCallDescriptors::GetLoweredCallDescriptor(
     const compiler::CallDescriptor* original) {
-  // As long as we only have six candidates, linear search is fine.
-  // If we ever support more cases, we could use a hash map or something.
-  for (int i = 0; i < kNumCallModes; i++) {
-    if (original == bigint_to_i64_descriptors_[i]) {
-      return bigint_to_i32pair_descriptors_[i];
-    }
+  if (original == bigint_to_i64_descriptor_) {
+    return bigint_to_i32pair_descriptor_;
   }
   if (original == bigint_to_i64_descriptor_with_framestate_) {
     return bigint_to_i32pair_descriptor_with_framestate_;
diff --git a/deps/v8/src/compiler/wasm-call-descriptors.h b/deps/v8/src/compiler/wasm-call-descriptors.h
index 8da96b2cde5065..94e3de44eb3bf9 100644
--- a/deps/v8/src/compiler/wasm-call-descriptors.h
+++ b/deps/v8/src/compiler/wasm-call-descriptors.h
@@ -25,13 +25,11 @@ class WasmCallDescriptors {
  public:
   explicit WasmCallDescriptors(AccountingAllocator* allocator);
 
-  compiler::CallDescriptor* GetBigIntToI64Descriptor(StubCallMode mode,
-                                                     bool needs_frame_state) {
+  compiler::CallDescriptor* GetBigIntToI64Descriptor(bool needs_frame_state) {
     if (needs_frame_state) {
-      DCHECK_EQ(mode, StubCallMode::kCallBuiltinPointer);
       return bigint_to_i64_descriptor_with_framestate_;
     }
-    return bigint_to_i64_descriptors_[static_cast<size_t>(mode)];
+    return bigint_to_i64_descriptor_;
   }
 
 #if V8_TARGET_ARCH_32_BIT
@@ -45,18 +43,13 @@ class WasmCallDescriptors {
 #endif  // V8_TARGET_ARCH_32_BIT
 
  private:
-  static_assert(static_cast<int>(StubCallMode::kCallCodeObject) == 0);
-  static_assert(static_cast<int>(StubCallMode::kCallWasmRuntimeStub) == 1);
-  static_assert(static_cast<int>(StubCallMode::kCallBuiltinPointer) == 2);
-  static constexpr int kNumCallModes = 3;
-
   std::unique_ptr<Zone> zone_;
 
-  compiler::CallDescriptor* bigint_to_i64_descriptors_[kNumCallModes];
+  compiler::CallDescriptor* bigint_to_i64_descriptor_;
   compiler::CallDescriptor* bigint_to_i64_descriptor_with_framestate_;
 
 #if V8_TARGET_ARCH_32_BIT
-  compiler::CallDescriptor* bigint_to_i32pair_descriptors_[kNumCallModes];
+  compiler::CallDescriptor* bigint_to_i32pair_descriptor_;
   compiler::CallDescriptor* bigint_to_i32pair_descriptor_with_framestate_;
 #endif  // V8_TARGET_ARCH_32_BIT
 };
diff --git a/deps/v8/src/compiler/wasm-compiler-definitions.cc b/deps/v8/src/compiler/wasm-compiler-definitions.cc
index 9208edd7aea4a4..50115f6dd7d6f4 100644
--- a/deps/v8/src/compiler/wasm-compiler-definitions.cc
+++ b/deps/v8/src/compiler/wasm-compiler-definitions.cc
@@ -4,6 +4,8 @@
 
 #include "src/compiler/wasm-compiler-definitions.h"
 
+#include <optional>
+
 #include "src/base/strings.h"
 #include "src/compiler/linkage.h"
 #include "src/wasm/compilation-environment.h"
@@ -16,7 +18,7 @@ base::Vector<const char> GetDebugName(Zone* zone,
                                       const wasm::WasmModule* module,
                                       const wasm::WireBytesStorage* wire_bytes,
                                       int index) {
-  base::Optional<wasm::ModuleWireBytes> module_bytes =
+  std::optional<wasm::ModuleWireBytes> module_bytes =
       wire_bytes->GetModuleBytes();
   if (module_bytes.has_value() &&
       (v8_flags.trace_turbo || v8_flags.trace_turbo_scheduled ||
diff --git a/deps/v8/src/compiler/wasm-compiler.cc b/deps/v8/src/compiler/wasm-compiler.cc
index 232eb796991538..c2eb98ddfe5e3b 100644
--- a/deps/v8/src/compiler/wasm-compiler.cc
+++ b/deps/v8/src/compiler/wasm-compiler.cc
@@ -5,8 +5,8 @@
 #include "src/compiler/wasm-compiler.h"
 
 #include <memory>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/base/small-vector.h"
 #include "src/base/vector.h"
 #include "src/codegen/assembler.h"
@@ -263,15 +263,15 @@ void WasmGraphBuilder::Start(unsigned params) {
       instance_data_node_ = param;
       break;
     }
-    case kWasmApiFunctionRefMode: {
+    case kWasmImportDataMode: {
       Node* param = Param(0);
       if (v8_flags.debug_code) {
-        Assert(gasm_->HasInstanceType(param, WASM_API_FUNCTION_REF_TYPE),
+        Assert(gasm_->HasInstanceType(param, WASM_IMPORT_DATA_TYPE),
                AbortReason::kUnexpectedInstanceType);
       }
       instance_data_node_ = gasm_->LoadProtectedPointerFromObject(
           param, wasm::ObjectAccess::ToTagged(
-                     WasmApiFunctionRef::kProtectedInstanceDataOffset));
+                     WasmImportData::kProtectedInstanceDataOffset));
       break;
     }
     case kJSFunctionAbiMode: {
@@ -2884,12 +2884,12 @@ Node* WasmGraphBuilder::BuildImportCall(
   Node* func_index_intptr = gasm_->BuildChangeUint32ToUintPtr(func_index);
   Node* dispatch_table_entry_offset = gasm_->IntMul(
       func_index_intptr, gasm_->IntPtrConstant(WasmDispatchTable::kEntrySize));
-  Node* ref = gasm_->LoadProtectedPointerFromObject(
+  Node* implicit_arg = gasm_->LoadProtectedPointerFromObject(
       dispatch_table,
       gasm_->IntAdd(dispatch_table_entry_offset,
                     gasm_->IntPtrConstant(wasm::ObjectAccess::ToTagged(
                         WasmDispatchTable::kEntriesOffset +
-                        WasmDispatchTable::kRefBias))));
+                        WasmDispatchTable::kImplicitArgBias))));
 
   Node* target = gasm_->LoadFromObject(
       MachineType::Pointer(), dispatch_table,
@@ -2902,10 +2902,11 @@ Node* WasmGraphBuilder::BuildImportCall(
 
   switch (continuation) {
     case kCallContinues:
-      return BuildWasmCall(sig, args, rets, position, ref, frame_state);
+      return BuildWasmCall(sig, args, rets, position, implicit_arg,
+                           frame_state);
     case kReturnCall:
       DCHECK(rets.empty());
-      return BuildWasmReturnCall(sig, args, position, ref);
+      return BuildWasmReturnCall(sig, args, position, implicit_arg);
   }
 }
 
@@ -3066,10 +3067,10 @@ Node* WasmGraphBuilder::BuildIndirectCall(uint32_t table_index,
                gasm_->Word32Equal(loaded_sig, Int32Constant(-1)), position);
   }
 
-  Node* target_ref = gasm_->LoadProtectedPointerFromObject(
-      dispatch_table,
-      gasm_->IntAdd(dispatch_table_entry_offset,
-                    gasm_->IntPtrConstant(WasmDispatchTable::kRefBias)));
+  Node* implicit_arg = gasm_->LoadProtectedPointerFromObject(
+      dispatch_table, gasm_->IntAdd(dispatch_table_entry_offset,
+                                    gasm_->IntPtrConstant(
+                                        WasmDispatchTable::kImplicitArgBias)));
 
   Node* target = gasm_->LoadFromObject(
       MachineType::Pointer(), dispatch_table,
@@ -3081,9 +3082,9 @@ Node* WasmGraphBuilder::BuildIndirectCall(uint32_t table_index,
 
   switch (continuation) {
     case kCallContinues:
-      return BuildWasmCall(sig, args, rets, position, target_ref);
+      return BuildWasmCall(sig, args, rets, position, implicit_arg);
     case kReturnCall:
-      return BuildWasmReturnCall(sig, args, position, target_ref);
+      return BuildWasmReturnCall(sig, args, position, implicit_arg);
   }
 }
 
@@ -3130,9 +3131,10 @@ Node* WasmGraphBuilder::BuildCallRef(const wasm::FunctionSig* sig,
         kWasmInternalFunctionIndirectPointerTag);
   }
 
-  Node* ref = gasm_->LoadProtectedPointerFromObject(
+  Node* implicit_arg = gasm_->LoadProtectedPointerFromObject(
       internal_function,
-      wasm::ObjectAccess::ToTagged(WasmInternalFunction::kProtectedRefOffset));
+      wasm::ObjectAccess::ToTagged(
+          WasmInternalFunction::kProtectedImplicitArgOffset));
   Node* target = gasm_->LoadFromObject(
       MachineType::Pointer(), internal_function,
       wasm::ObjectAccess::ToTagged(WasmInternalFunction::kCallTargetOffset));
@@ -3140,8 +3142,8 @@ Node* WasmGraphBuilder::BuildCallRef(const wasm::FunctionSig* sig,
   args[0] = target;
 
   Node* call = continuation == kCallContinues
-                   ? BuildWasmCall(sig, args, rets, position, ref)
-                   : BuildWasmReturnCall(sig, args, position, ref);
+                   ? BuildWasmCall(sig, args, rets, position, implicit_arg)
+                   : BuildWasmReturnCall(sig, args, position, implicit_arg);
   return call;
 }
 
@@ -3660,15 +3662,6 @@ std::pair<Node*, BoundsCheckResult> WasmGraphBuilder::BoundsCheckMem(
   if (bounds_checks == wasm::kTrapHandler &&
       enforce_check == EnforceBoundsCheck::kCanOmitBoundsCheck) {
     if (memory->is_memory64) {
-      if (static_cast<bool>(alignment_check) && align_mask != 0 &&
-          ((offset & align_mask) != 0)) {
-        // The index will be set to max_memory_size, and it is certainly
-        // aligned; if offset is unaligned we need to directly trap because we
-        // might cause a spurious unaligned access and a DCHECK failure if we
-        // are running in the simulator.
-        TrapIfEq32(wasm::kTrapMemOutOfBounds, Int32Constant(0), 0, position);
-      }
-
       Node* cond = gasm_->Uint64LessThan(
           converted_index, Int64Constant(memory->GetMemory64GuardsSize()));
       TrapIfFalse(wasm::kTrapMemOutOfBounds, cond, position);
@@ -7039,22 +7032,20 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
                           const wasm::WasmModule* module,
                           ParameterMode parameter_mode, Isolate* isolate,
                           compiler::SourcePositionTable* spt,
-                          StubCallMode stub_mode,
                           wasm::WasmEnabledFeatures features)
       : WasmGraphBuilder(nullptr, zone, mcgraph, sig, spt, parameter_mode,
                          isolate, features),
-        module_(module),
-        stub_mode_(stub_mode) {}
+        module_(module) {}
 
   CallDescriptor* GetBigIntToI64CallDescriptor(bool needs_frame_state) {
     return wasm::GetWasmEngine()->call_descriptors()->GetBigIntToI64Descriptor(
-        stub_mode_, needs_frame_state);
+        needs_frame_state);
   }
 
   Node* GetTargetForBuiltinCall(Builtin builtin) {
-    return (stub_mode_ == StubCallMode::kCallWasmRuntimeStub)
-               ? mcgraph()->RelocatableWasmBuiltinCallTarget(builtin)
-               : gasm_->GetBuiltinPointerTarget(builtin);
+    // Per-process shared wrappers don't have access to a jump table, so they
+    // can't use kCallWasmRuntimeStub mode.
+    return gasm_->GetBuiltinPointerTarget(builtin);
   }
 
   Node* BuildChangeInt32ToNumber(Node* value) {
@@ -7085,7 +7076,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     if (!int32_to_heapnumber_operator_.is_set()) {
       auto call_descriptor = Linkage::GetStubCallDescriptor(
           mcgraph()->zone(), WasmInt32ToHeapNumberDescriptor(), 0,
-          CallDescriptor::kNoFlags, Operator::kNoProperties, stub_mode_);
+          CallDescriptor::kNoFlags, Operator::kNoProperties,
+          StubCallMode::kCallBuiltinPointer);
       int32_to_heapnumber_operator_.set(common->Call(call_descriptor));
     }
     Node* call =
@@ -7117,7 +7109,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
           mcgraph()->zone(), WasmTaggedNonSmiToInt32Descriptor(), 0,
           frame_state ? CallDescriptor::kNeedsFrameState
                       : CallDescriptor::kNoFlags,
-          Operator::kNoProperties, stub_mode_);
+          Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
       tagged_non_smi_to_int32_operator_.set(common->Call(call_descriptor));
     }
     Node* call = frame_state
@@ -7139,7 +7131,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     if (!float32_to_number_operator_.is_set()) {
       auto call_descriptor = Linkage::GetStubCallDescriptor(
           mcgraph()->zone(), WasmFloat32ToNumberDescriptor(), 0,
-          CallDescriptor::kNoFlags, Operator::kNoProperties, stub_mode_);
+          CallDescriptor::kNoFlags, Operator::kNoProperties,
+          StubCallMode::kCallBuiltinPointer);
       float32_to_number_operator_.set(common->Call(call_descriptor));
     }
     return gasm_->Call(float32_to_number_operator_.get(), target, value);
@@ -7151,7 +7144,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     if (!float64_to_number_operator_.is_set()) {
       auto call_descriptor = Linkage::GetStubCallDescriptor(
           mcgraph()->zone(), WasmFloat64ToTaggedDescriptor(), 0,
-          CallDescriptor::kNoFlags, Operator::kNoProperties, stub_mode_);
+          CallDescriptor::kNoFlags, Operator::kNoProperties,
+          StubCallMode::kCallBuiltinPointer);
       float64_to_number_operator_.set(common->Call(call_descriptor));
     }
     return gasm_->Call(float64_to_number_operator_.get(), target, value);
@@ -7167,7 +7161,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
           mcgraph()->zone(), WasmTaggedToFloat64Descriptor(), 0,
           frame_state ? CallDescriptor::kNeedsFrameState
                       : CallDescriptor::kNoFlags,
-          Operator::kNoProperties, stub_mode_);
+          Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
       tagged_to_float64_operator_.set(common->Call(call_descriptor));
     }
     Node* call = needs_frame_state
@@ -7182,14 +7176,11 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
   }
 
   int AddArgumentNodes(base::Vector<Node*> args, int pos, int param_count,
-                       const wasm::FunctionSig* sig, Node* context,
-                       int suspender_count) {
-    // Convert wasm numbers to JS values.
-    // Drop the instance node, and possibly the suspender node.
-    int param_offset = 1 + suspender_count;
-    for (int i = 0; i < param_count - suspender_count; ++i) {
-      Node* param = Param(i + param_offset);
-      args[pos++] = ToJS(param, sig->GetParam(i + suspender_count), context);
+                       const wasm::FunctionSig* sig, Node* context) {
+    // Convert wasm numbers to JS values and drop the instance node.
+    for (int i = 0; i < param_count; ++i) {
+      Node* param = Param(i + 1);
+      args[pos++] = ToJS(param, sig->GetParam(i), context);
     }
     return pos;
   }
@@ -7199,7 +7190,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       case wasm::kI32:
         return BuildChangeInt32ToNumber(node);
       case wasm::kI64:
-        return BuildChangeInt64ToBigInt(node, stub_mode_);
+        return BuildChangeInt64ToBigInt(node,
+                                        StubCallMode::kCallBuiltinPointer);
       case wasm::kF32:
         return BuildChangeFloat32ToNumber(node);
       case wasm::kF64:
@@ -7573,7 +7565,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
     // Set the ThreadInWasm flag before we do the actual call.
     {
-      base::Optional<ModifyThreadInWasmFlagScope>
+      std::optional<ModifyThreadInWasmFlagScope>
           modify_thread_in_wasm_flag_builder;
       if (set_in_wasm_flag) {
         modify_thread_in_wasm_flag_builder.emplace(this, gasm_.get());
@@ -7590,11 +7582,11 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
           gasm_->LoadFromObject(MachineType::Pointer(), internal,
                                 wasm::ObjectAccess::ToTagged(
                                     WasmInternalFunction::kCallTargetOffset));
-      Node* instance_data = gasm_->LoadProtectedPointerFromObject(
+      Node* implicit_arg = gasm_->LoadProtectedPointerFromObject(
           internal, wasm::ObjectAccess::ToTagged(
-                        WasmInternalFunction::kProtectedRefOffset));
+                        WasmInternalFunction::kProtectedImplicitArgOffset));
       BuildWasmCall(sig_, base::VectorOf(args), base::VectorOf(rets),
-                    wasm::kNoCodePosition, instance_data, frame_state);
+                    wasm::kNoCodePosition, implicit_arg, frame_state);
     }
 
     Node* jsval;
@@ -7713,6 +7705,15 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       return;
     }
 
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      Node* runtime_call = BuildCallToRuntimeWithContext(
+          Runtime::kWasmTraceBeginExecution, js_context, nullptr, 0);
+      SetControl(runtime_call);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
+
     const int args_count = wasm_param_count + 1;  // +1 for wasm_code.
 
     // Check whether the signature of the function allows for a fast
@@ -7746,6 +7747,16 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       Node* jsval =
           BuildCallAndReturn(js_context, function_data, args, do_conversion,
                              frame_state, set_in_wasm_flag);
+
+#if V8_ENABLE_DRUMBRAKE
+      if (v8_flags.wasm_enable_exec_time_histograms &&
+          v8_flags.slow_histograms && !v8_flags.wasm_jitless) {
+        Node* runtime_call = BuildCallToRuntimeWithContext(
+            Runtime::kWasmTraceEndExecution, js_context, nullptr, 0);
+        SetControl(runtime_call);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE
+
       gasm_->Goto(&done, jsval);
       gasm_->Bind(&slow_path);
     }
@@ -7774,6 +7785,16 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     Node* jsval =
         BuildCallAndReturn(js_context, function_data, args, do_conversion,
                            frame_state, set_in_wasm_flag);
+
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      Node* runtime_call = BuildCallToRuntimeWithContext(
+          Runtime::kWasmTraceEndExecution, js_context, nullptr, 0);
+      SetControl(runtime_call);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
+
     // If both the default and a fast transformation paths are present,
     // get the return value based on the path used.
     if (include_fast_path) {
@@ -7811,11 +7832,11 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
                         global_proxy);
   }
 
-  Node* BuildSuspend(Node* value, Node* suspender, Node* api_function_ref,
+  Node* BuildSuspend(Node* value, Node* suspender, Node* import_data,
                      Node** old_sp) {
     Node* native_context = gasm_->Load(
-        MachineType::TaggedPointer(), api_function_ref,
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kNativeContextOffset));
+        MachineType::TaggedPointer(), import_data,
+        wasm::ObjectAccess::ToTagged(WasmImportData::kNativeContextOffset));
     Node* active_suspender =
         LOAD_MUTABLE_ROOT(ActiveSuspender, active_suspender);
 
@@ -7835,8 +7856,8 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     gasm_->GotoIfNot(gasm_->TaggedEqual(suspender, active_suspender),
                      &bad_suspender, BranchHint::kFalse);
 
-    auto* call_descriptor =
-        GetBuiltinCallDescriptor(Builtin::kWasmSuspend, zone_, stub_mode_);
+    auto* call_descriptor = GetBuiltinCallDescriptor(
+        Builtin::kWasmSuspend, zone_, StubCallMode::kCallBuiltinPointer);
     Node* call_target = GetTargetForBuiltinCall(Builtin::kWasmSuspend);
     // If {old_sp} is null, it must be that we were on the central stack before
     // entering the wasm-to-js wrapper, which means that there are JS frames in
@@ -7951,19 +7972,18 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     return end.PhiAt(0);
   }
 
-  // For wasm-to-js wrappers, parameter 0 is a WasmApiFunctionRef.
+  // For wasm-to-js wrappers, parameter 0 is a WasmImportData.
   void BuildWasmToJSWrapper(wasm::ImportCallKind kind, int expected_arity,
                             wasm::Suspend suspend,
                             const wasm::WasmModule* module) {
     int wasm_count = static_cast<int>(sig_->parameter_count());
-    int suspender_count = suspend == wasm::kSuspendWithSuspender ? 1 : 0;
 
     // Build the start and the parameter nodes.
     Start(wasm_count + 3);
 
     Node* native_context = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kNativeContextOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kNativeContextOffset));
 
     if (kind == wasm::ImportCallKind::kRuntimeTypeError) {
       // =======================================================================
@@ -7975,9 +7995,18 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       return;
     }
 
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      Node* runtime_call = BuildCallToRuntimeWithContext(
+          Runtime::kWasmTraceEndExecution, native_context, nullptr, 0);
+      SetControl(runtime_call);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
+
     Node* callable_node = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kCallableOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kCallableOffset));
     Node* old_sp = BuildSwitchToTheCentralStackIfNeeded();
 
     Node* undefined_node = UndefinedValue();
@@ -7989,11 +8018,10 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       // === JS Functions with matching arity ==================================
       // =======================================================================
       case wasm::ImportCallKind::kJSFunctionArityMatch:
-        DCHECK_EQ(expected_arity, wasm_count - suspender_count);
+        DCHECK_EQ(expected_arity, wasm_count);
         [[fallthrough]];
       case wasm::ImportCallKind::kJSFunctionArityMismatch: {
-        int pushed_count =
-            std::max(expected_arity, wasm_count - suspender_count);
+        int pushed_count = std::max(expected_arity, wasm_count);
         base::SmallVector<Node*, 16> args(pushed_count + 7);
         int pos = 0;
 
@@ -8004,13 +8032,13 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
         // Convert wasm numbers to JS values.
         pos = AddArgumentNodes(base::VectorOf(args), pos, wasm_count, sig_,
-                               native_context, suspender_count);
-        for (int i = wasm_count - suspender_count; i < expected_arity; ++i) {
+                               native_context);
+        for (int i = wasm_count; i < expected_arity; ++i) {
           args[pos++] = undefined_node;
         }
         args[pos++] = undefined_node;  // new target
-        args[pos++] = Int32Constant(
-            JSParameterCount(wasm_count - suspender_count));  // argument count
+        args[pos++] =
+            Int32Constant(JSParameterCount(wasm_count));  // argument count
 
         Node* function_context =
             gasm_->LoadContextFromJSFunction(callable_node);
@@ -8027,23 +8055,23 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
       // === General case of unknown callable ==================================
       // =======================================================================
       case wasm::ImportCallKind::kUseCallBuiltin: {
-        base::SmallVector<Node*, 16> args(wasm_count + 7 - suspender_count);
+        base::SmallVector<Node*, 16> args(wasm_count + 7);
         int pos = 0;
         args[pos++] =
             gasm_->GetBuiltinPointerTarget(Builtin::kCall_ReceiverIsAny);
         args[pos++] = callable_node;
-        args[pos++] = Int32Constant(
-            JSParameterCount(wasm_count - suspender_count));  // argument count
+        args[pos++] =
+            Int32Constant(JSParameterCount(wasm_count));     // argument count
         args[pos++] = undefined_node;                        // receiver
 
         auto call_descriptor = Linkage::GetStubCallDescriptor(
-            graph()->zone(), CallTrampolineDescriptor{},
-            wasm_count + 1 - suspender_count, CallDescriptor::kNoFlags,
-            Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
+            graph()->zone(), CallTrampolineDescriptor{}, wasm_count + 1,
+            CallDescriptor::kNoFlags, Operator::kNoProperties,
+            StubCallMode::kCallBuiltinPointer);
 
         // Convert wasm numbers to JS values.
         pos = AddArgumentNodes(base::VectorOf(args), pos, wasm_count, sig_,
-                               native_context, suspender_count);
+                               native_context);
 
         // The native_context is sufficient here, because all kind of callables
         // which depend on the context provide their own context. The context
@@ -8068,12 +8096,19 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     SetSourcePosition(call, 0);
     DCHECK_NOT_NULL(call);
 
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      Node* runtime_call = BuildCallToRuntimeWithContext(
+          Runtime::kWasmTraceBeginExecution, native_context, nullptr, 0);
+      SetControl(runtime_call);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
+
     if (suspend == wasm::kSuspend) {
       Node* active_suspender =
           LOAD_MUTABLE_ROOT(ActiveSuspender, active_suspender);
       call = BuildSuspend(call, active_suspender, Param(0), &old_sp);
-    } else if (suspend == wasm::kSuspendWithSuspender) {
-      call = BuildSuspend(call, Param(1), Param(0), &old_sp);
     }
 
     // Convert the return value(s) back.
@@ -8114,7 +8149,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     // Set up the graph start.
     Start(static_cast<int>(sig_->parameter_count()) +
           1 /* offset for first parameter index being -1 */ +
-          1 /* WasmApiFunctionRef */);
+          1 /* WasmImportData */);
     // Store arguments on our stack, then align the stack for calling to C.
     int param_bytes = 0;
     for (wasm::ValueType type : sig_->parameters()) {
@@ -8146,7 +8181,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
     Node* function_node = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kCallableOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kCallableOffset));
     Node* sfi_data = gasm_->LoadFunctionDataFromJSFunction(function_node);
     Node* host_data_foreign =
         gasm_->Load(MachineType::AnyTagged(), sfi_data,
@@ -8182,12 +8217,12 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     auto call_descriptor = Linkage::GetStubCallDescriptor(
         mcgraph()->zone(), interface_descriptor,
         interface_descriptor.GetStackParameterCount(), CallDescriptor::kNoFlags,
-        Operator::kNoProperties, StubCallMode::kCallWasmRuntimeStub);
-    Node* call_target = mcgraph()->RelocatableWasmBuiltinCallTarget(
-        Builtin::kWasmRethrowExplicitContext);
+        Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
+    Node* call_target =
+        GetTargetForBuiltinCall(Builtin::kWasmRethrowExplicitContext);
     Node* context = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kNativeContextOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kNativeContextOffset));
     gasm_->Call(call_descriptor, call_target, return_value, context);
     TerminateThrow(effect(), control());
 
@@ -8220,10 +8255,10 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
     // Unexpected mode: FULL_EMBEDDED_OBJECT.
     Node* callable_node = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kCallableOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kCallableOffset));
     Node* native_context = gasm_->Load(
         MachineType::TaggedPointer(), Param(0),
-        wasm::ObjectAccess::ToTagged(WasmApiFunctionRef::kNativeContextOffset));
+        wasm::ObjectAccess::ToTagged(WasmImportData::kNativeContextOffset));
 
     gasm_->Store(StoreRepresentation(mcgraph_->machine()->Is64()
                                          ? MachineRepresentation::kWord64
@@ -8236,14 +8271,15 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
     BuildModifyThreadInWasmFlag(false);
 
-    Handle<JSFunction> target;
+    DirectHandle<JSFunction> target;
     Node* target_node;
     Node* receiver_node;
+    Isolate* isolate = callable->GetIsolate();
     if (IsJSBoundFunction(*callable)) {
-      target =
-          handle(Cast<JSFunction>(
-                     Cast<JSBoundFunction>(callable)->bound_target_function()),
-                 callable->GetIsolate());
+      target = direct_handle(
+          Cast<JSFunction>(
+              Cast<JSBoundFunction>(callable)->bound_target_function()),
+          isolate);
       target_node =
           gasm_->Load(MachineType::TaggedPointer(), callable_node,
                       wasm::ObjectAccess::ToTagged(
@@ -8261,8 +8297,9 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
     Tagged<SharedFunctionInfo> shared = target->shared();
     Tagged<FunctionTemplateInfo> api_func_data = shared->api_func_data();
-    const Address c_address = api_func_data->GetCFunction(0);
-    const v8::CFunctionInfo* c_signature = api_func_data->GetCSignature(0);
+    const Address c_address = api_func_data->GetCFunction(isolate, 0);
+    const v8::CFunctionInfo* c_signature =
+        api_func_data->GetCSignature(target->GetIsolate(), 0);
 
 #ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
     Address c_functions[] = {c_address};
@@ -8272,9 +8309,10 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 #endif  //  V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
 
     Node* shared_function_info = gasm_->LoadSharedFunctionInfo(target_node);
-    Node* function_template_info = gasm_->Load(
-        MachineType::TaggedPointer(), shared_function_info,
-        wasm::ObjectAccess::ToTagged(SharedFunctionInfo::kFunctionDataOffset));
+    Node* function_template_info =
+        gasm_->Load(MachineType::TaggedPointer(), shared_function_info,
+                    wasm::ObjectAccess::ToTagged(
+                        SharedFunctionInfo::kUntrustedFunctionDataOffset));
     Node* api_data_argument =
         gasm_->Load(MachineType::TaggedPointer(), function_template_info,
                     wasm::ObjectAccess::ToTagged(
@@ -8307,45 +8345,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
         [](const CFunctionInfo* signature, Node* c_return_value) {
           return c_return_value;
         },
-        // Initialize wasm-specific callback options fields
-        [this](Node* options_stack_slot) {
-          Node* mem_start;
-          Node* mem_size;
-          if (module_->memories.empty()) {
-            mem_start = gasm_->UintPtrConstant(0);
-            mem_size = gasm_->UintPtrConstant(0);
-          } else if (module_->memories.size() == 1) {
-            mem_start = LOAD_INSTANCE_FIELD_NO_ELIMINATION(
-                Memory0Start, MachineType::Pointer());
-            mem_size = LOAD_INSTANCE_FIELD_NO_ELIMINATION(
-                Memory0Size, MachineType::UintPtr());
-          } else {
-            FATAL(
-                "Fast API does not support multiple memories yet "
-                "(https://crbug.com/v8/14260)");
-          }
-
-          START_ALLOW_USE_DEPRECATED()
-          constexpr int kSize = sizeof(FastApiTypedArray<uint8_t>);
-          constexpr int kAlign = alignof(FastApiTypedArray<uint8_t>);
-          END_ALLOW_USE_DEPRECATED()
-
-          Node* stack_slot = gasm_->StackSlot(kSize, kAlign);
-
-          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
-                                           kNoWriteBarrier),
-                       stack_slot, 0, mem_size);
-          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
-                                           kNoWriteBarrier),
-                       stack_slot, sizeof(size_t), mem_start);
-
-          gasm_->Store(StoreRepresentation(MachineType::PointerRepresentation(),
-                                           kNoWriteBarrier),
-                       options_stack_slot,
-                       static_cast<int>(
-                           offsetof(v8::FastApiCallbackOptions, wasm_memory)),
-                       stack_slot);
-        },
+        [](Node* options_stack_slot) {},
         // Generate fallback slow call if fast call fails
         [this, callable_node, native_context, receiver_node]() -> Node* {
           int wasm_count = static_cast<int>(sig_->parameter_count());
@@ -8365,7 +8365,7 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
           // Convert wasm numbers to JS values.
           pos = AddArgumentNodes(base::VectorOf(args), pos, wasm_count, sig_,
-                                 native_context, 0);
+                                 native_context);
 
           // The native_context is sufficient here, because all kind of
           // callables which depend on the context provide their own context.
@@ -8474,7 +8474,6 @@ class WasmWrapperGraphBuilder : public WasmGraphBuilder {
 
  private:
   const wasm::WasmModule* module_;
-  StubCallMode stub_mode_;
   SetOncePointer<const Operator> int32_to_heapnumber_operator_;
   SetOncePointer<const Operator> tagged_non_smi_to_int32_operator_;
   SetOncePointer<const Operator> float32_to_number_operator_;
@@ -8491,9 +8490,9 @@ void BuildInlinedJSToWasmWrapper(Zone* zone, MachineGraph* mcgraph,
                                  compiler::SourcePositionTable* spt,
                                  wasm::WasmEnabledFeatures features,
                                  Node* frame_state, bool set_in_wasm_flag) {
-  WasmWrapperGraphBuilder builder(
-      zone, mcgraph, signature, module, WasmGraphBuilder::kJSFunctionAbiMode,
-      isolate, spt, StubCallMode::kCallBuiltinPointer, features);
+  WasmWrapperGraphBuilder builder(zone, mcgraph, signature, module,
+                                  WasmGraphBuilder::kJSFunctionAbiMode, isolate,
+                                  spt, features);
   builder.BuildJSToWasmWrapper(false, frame_state, set_in_wasm_flag);
 }
 
@@ -8527,9 +8526,9 @@ std::unique_ptr<OptimizedCompilationJob> NewJSToWasmCompilationJob(
         InstructionSelector::AlignmentRequirements());
     MachineGraph* mcgraph = zone->New<MachineGraph>(graph, common, machine);
 
-    WasmWrapperGraphBuilder builder(
-        zone.get(), mcgraph, sig, module, WasmGraphBuilder::kJSFunctionAbiMode,
-        isolate, nullptr, StubCallMode::kCallBuiltinPointer, enabled_features);
+    WasmWrapperGraphBuilder builder(zone.get(), mcgraph, sig, module,
+                                    WasmGraphBuilder::kJSFunctionAbiMode,
+                                    isolate, nullptr, enabled_features);
     builder.BuildJSToWasmWrapper();
 
     //----------------------------------------------------------------------------
@@ -8607,7 +8606,7 @@ wasm::WasmCompilationResult CompileWasmMathIntrinsic(
 
   WasmGraphBuilder builder(&env, mcgraph->zone(), mcgraph, sig,
                            source_positions,
-                           WasmGraphBuilder::kWasmApiFunctionRefMode,
+                           WasmGraphBuilder::kWasmImportDataMode,
                            nullptr /* isolate */, env.enabled_features);
 
   // Set up the graph start.
@@ -8681,7 +8680,7 @@ wasm::WasmCompilationResult CompileWasmImportCallWrapper(
     return Pipeline::GenerateCodeForWasmNativeStubFromTurboshaft(
         env->module, sig,
         wasm::WrapperCompilationInfo{CodeKind::WASM_TO_JS_FUNCTION,
-                                     StubCallMode::kCallWasmRuntimeStub, kind,
+                                     StubCallMode::kCallBuiltinPointer, kind,
                                      expected_arity, suspend},
         func_name, WasmStubAssemblerOptions(), nullptr);
   };
@@ -8702,11 +8701,9 @@ wasm::WasmCompilationResult CompileWasmImportCallWrapper(
     SourcePositionTable* source_position_table =
         source_positions ? zone.New<SourcePositionTable>(graph) : nullptr;
 
-    WasmWrapperGraphBuilder builder(&zone, mcgraph, sig, env->module,
-                                    WasmGraphBuilder::kWasmApiFunctionRefMode,
-                                    nullptr, source_position_table,
-                                    StubCallMode::kCallWasmRuntimeStub,
-                                    env->enabled_features);
+    WasmWrapperGraphBuilder builder(
+        &zone, mcgraph, sig, env->module, WasmGraphBuilder::kWasmImportDataMode,
+        nullptr, source_position_table, env->enabled_features);
     builder.BuildWasmToJSWrapper(kind, expected_arity, suspend, env->module);
 
     // Schedule and compile to machine code.
@@ -8743,7 +8740,7 @@ wasm::WasmCode* CompileWasmCapiCallWrapper(wasm::NativeModule* native_module,
     return Pipeline::GenerateCodeForWasmNativeStubFromTurboshaft(
         native_module->module(), sig,
         wasm::WrapperCompilationInfo{CodeKind::WASM_TO_CAPI_FUNCTION,
-                                     StubCallMode::kCallWasmRuntimeStub},
+                                     StubCallMode::kCallBuiltinPointer},
         debug_name, WasmStubAssemblerOptions(), nullptr);
   };
 
@@ -8756,8 +8753,8 @@ wasm::WasmCode* CompileWasmCapiCallWrapper(wasm::NativeModule* native_module,
 
     WasmWrapperGraphBuilder builder(
         &zone, mcgraph, sig, native_module->module(),
-        WasmGraphBuilder::kWasmApiFunctionRefMode, nullptr, source_positions,
-        StubCallMode::kCallWasmRuntimeStub, native_module->enabled_features());
+        WasmGraphBuilder::kWasmImportDataMode, nullptr, source_positions,
+        native_module->enabled_features());
 
     builder.BuildCapiCallWrapper();
 
@@ -8804,10 +8801,10 @@ wasm::WasmCode* CompileWasmJSFastCallWrapper(wasm::NativeModule* native_module,
   SourcePositionTable* source_positions = nullptr;
   MachineGraph* mcgraph = CreateCommonMachineGraph(&zone);
 
-  WasmWrapperGraphBuilder builder(
-      &zone, mcgraph, sig, native_module->module(),
-      WasmGraphBuilder::kWasmApiFunctionRefMode, nullptr, source_positions,
-      StubCallMode::kCallWasmRuntimeStub, native_module->enabled_features());
+  WasmWrapperGraphBuilder builder(&zone, mcgraph, sig, native_module->module(),
+                                  WasmGraphBuilder::kWasmImportDataMode,
+                                  nullptr, source_positions,
+                                  native_module->enabled_features());
 
   // Set up the graph start.
   int param_count = static_cast<int>(sig->parameter_count()) +
@@ -8846,6 +8843,8 @@ MaybeHandle<Code> CompileWasmToJSWrapper(Isolate* isolate,
                                          wasm::ImportCallKind kind,
                                          int expected_arity,
                                          wasm::Suspend suspend) {
+  DCHECK(!v8_flags.wasm_jitless);
+
   // Build a name in the form "wasm-to-js-<kind>-<signature>".
   constexpr size_t kMaxNameLen = 128;
   constexpr size_t kNamePrefixLen = 11;
@@ -8886,10 +8885,8 @@ MaybeHandle<Code> CompileWasmToJSWrapper(Isolate* isolate,
     MachineGraph* mcgraph = zone->New<MachineGraph>(graph, common, machine);
 
     WasmWrapperGraphBuilder builder(
-        zone.get(), mcgraph, sig, module,
-        WasmGraphBuilder::kWasmApiFunctionRefMode, nullptr, nullptr,
-        StubCallMode::kCallBuiltinPointer,
-        wasm::WasmEnabledFeatures::FromIsolate(isolate));
+        zone.get(), mcgraph, sig, module, WasmGraphBuilder::kWasmImportDataMode,
+        nullptr, nullptr, wasm::WasmEnabledFeatures::FromIsolate(isolate));
     builder.BuildWasmToJSWrapper(kind, expected_arity, suspend, nullptr);
 
     // Generate the call descriptor.
@@ -8920,6 +8917,8 @@ MaybeHandle<Code> CompileWasmToJSWrapper(Isolate* isolate,
 
 Handle<Code> CompileCWasmEntry(Isolate* isolate, const wasm::FunctionSig* sig,
                                const wasm::WasmModule* module) {
+  DCHECK(!v8_flags.wasm_jitless);
+
   std::unique_ptr<Zone> zone = std::make_unique<Zone>(
       isolate->allocator(), ZONE_NAME, kCompressGraphZone);
   Graph* graph = zone->New<Graph>(zone.get());
@@ -8933,7 +8932,6 @@ Handle<Code> CompileCWasmEntry(Isolate* isolate, const wasm::FunctionSig* sig,
   WasmWrapperGraphBuilder builder(
       zone.get(), mcgraph, sig, module,
       WasmGraphBuilder::kNoSpecialParameterMode, nullptr, nullptr,
-      StubCallMode::kCallBuiltinPointer,
       wasm::WasmEnabledFeatures::FromIsolate(isolate));
   builder.BuildCWasmEntry();
 
@@ -9074,83 +9072,6 @@ wasm::WasmCompilationResult ExecuteTurbofanWasmCompilation(
   return std::move(*result);
 }
 
-namespace {
-
-CallDescriptor* ReplaceTypeInCallDescriptorWith(
-    Zone* zone, const CallDescriptor* call_descriptor, size_t num_replacements,
-    MachineType from, MachineType to) {
-  // The last parameter may be the special callable parameter. In that case we
-  // have to preserve it as the last parameter, i.e. we allocate it in the new
-  // location signature again in the same register.
-  bool extra_callable_param =
-      (call_descriptor->GetInputLocation(call_descriptor->InputCount() - 1) ==
-       LinkageLocation::ForRegister(kJSFunctionRegister.code(),
-                                    MachineType::TaggedPointer()));
-
-  size_t return_count = call_descriptor->ReturnCount();
-  // To recover the function parameter count, disregard the instance parameter,
-  // and the extra callable parameter if present.
-  size_t parameter_count =
-      call_descriptor->ParameterCount() - (extra_callable_param ? 2 : 1);
-
-  // Precompute if the descriptor contains {from}.
-  bool needs_change = false;
-  for (size_t i = 0; !needs_change && i < return_count; i++) {
-    needs_change = call_descriptor->GetReturnType(i) == from;
-  }
-  for (size_t i = 1; !needs_change && i < parameter_count + 1; i++) {
-    needs_change = call_descriptor->GetParameterType(i) == from;
-  }
-  if (!needs_change) return const_cast<CallDescriptor*>(call_descriptor);
-
-  std::vector<MachineType> reps;
-
-  for (size_t i = 0, limit = return_count; i < limit; i++) {
-    MachineType initial_type = call_descriptor->GetReturnType(i);
-    if (initial_type == from) {
-      for (size_t j = 0; j < num_replacements; j++) reps.push_back(to);
-      return_count += num_replacements - 1;
-    } else {
-      reps.push_back(initial_type);
-    }
-  }
-
-  // Disregard the instance (first) parameter.
-  for (size_t i = 1, limit = parameter_count + 1; i < limit; i++) {
-    MachineType initial_type = call_descriptor->GetParameterType(i);
-    if (initial_type == from) {
-      for (size_t j = 0; j < num_replacements; j++) reps.push_back(to);
-      parameter_count += num_replacements - 1;
-    } else {
-      reps.push_back(initial_type);
-    }
-  }
-
-  MachineSignature sig(return_count, parameter_count, reps.data());
-
-  int parameter_slots;
-  int return_slots;
-  LocationSignature* location_sig = BuildLocations(
-      zone, &sig, extra_callable_param, &parameter_slots, &return_slots);
-
-  return zone->New<CallDescriptor>(               // --
-      call_descriptor->kind(),                    // kind
-      call_descriptor->tag(),                     // tag
-      call_descriptor->GetInputType(0),           // target MachineType
-      call_descriptor->GetInputLocation(0),       // target location
-      location_sig,                               // location_sig
-      parameter_slots,                            // parameter slot count
-      call_descriptor->properties(),              // properties
-      call_descriptor->CalleeSavedRegisters(),    // callee-saved registers
-      call_descriptor->CalleeSavedFPRegisters(),  // callee-saved fp regs
-      call_descriptor->flags(),                   // flags
-      call_descriptor->debug_name(),              // debug name
-      call_descriptor->GetStackArgumentOrder(),   // stack order
-      call_descriptor->AllocatableRegisters(),    // allocatable registers
-      return_slots);                              // return slot count
-}
-}  // namespace
-
 void WasmGraphBuilder::StoreCallCount(Node* call, int count) {
   mcgraph()->StoreCallCount(call->id(), count);
 }
@@ -9159,51 +9080,7 @@ void WasmGraphBuilder::ReserveCallCounts(size_t num_call_instructions) {
   mcgraph()->ReserveCallCounts(num_call_instructions);
 }
 
-CallDescriptor* GetI32WasmCallDescriptor(
-    Zone* zone, const CallDescriptor* call_descriptor) {
-  return ReplaceTypeInCallDescriptorWith(
-      zone, call_descriptor, 2, MachineType::Int64(), MachineType::Int32());
-}
-
-namespace {
-const wasm::FunctionSig* ReplaceTypeInSig(Zone* zone,
-                                          const wasm::FunctionSig* sig,
-                                          wasm::ValueType from,
-                                          wasm::ValueType to,
-                                          size_t num_replacements) {
-  size_t param_occurences =
-      std::count(sig->parameters().begin(), sig->parameters().end(), from);
-  size_t return_occurences =
-      std::count(sig->returns().begin(), sig->returns().end(), from);
-  if (param_occurences == 0 && return_occurences == 0) return sig;
-
-  wasm::FunctionSig::Builder builder(
-      zone, sig->return_count() + return_occurences * (num_replacements - 1),
-      sig->parameter_count() + param_occurences * (num_replacements - 1));
-
-  for (wasm::ValueType ret : sig->returns()) {
-    if (ret == from) {
-      for (size_t i = 0; i < num_replacements; i++) builder.AddReturn(to);
-    } else {
-      builder.AddReturn(ret);
-    }
-  }
-
-  for (wasm::ValueType param : sig->parameters()) {
-    if (param == from) {
-      for (size_t i = 0; i < num_replacements; i++) builder.AddParam(to);
-    } else {
-      builder.AddParam(param);
-    }
-  }
 
-  return builder.Build();
-}
-}  // namespace
-
-const wasm::FunctionSig* GetI32Sig(Zone* zone, const wasm::FunctionSig* sig) {
-  return ReplaceTypeInSig(zone, sig, wasm::kWasmI64, wasm::kWasmI32, 2);
-}
 AssemblerOptions WasmAssemblerOptions() {
   return AssemblerOptions{
       // Relocation info required to serialize {WasmCode} for proper functions.
diff --git a/deps/v8/src/compiler/wasm-compiler.h b/deps/v8/src/compiler/wasm-compiler.h
index c35609afab28e9..af72d5bc855e53 100644
--- a/deps/v8/src/compiler/wasm-compiler.h
+++ b/deps/v8/src/compiler/wasm-compiler.h
@@ -167,9 +167,9 @@ class WasmGraphBuilder {
   enum ParameterMode {
     // Normal wasm functions pass the instance as an implicit first parameter.
     kInstanceParameterMode,
-    // For Wasm-to-JS and C-API wrappers, a {WasmApiFunctionRef} object is
+    // For Wasm-to-JS and C-API wrappers, a {WasmImportData} object is
     // passed as first parameter.
-    kWasmApiFunctionRefMode,
+    kWasmImportDataMode,
     // For JS-to-Wasm wrappers (which are JS functions), we load the Wasm
     // instance from the JS function data. The generated code objects live on
     // the JS heap, so those compilation pass an isolate.
@@ -905,12 +905,6 @@ V8_EXPORT_PRIVATE void BuildInlinedJSToWasmWrapper(
     compiler::SourcePositionTable* spt, wasm::WasmEnabledFeatures features,
     Node* frame_state, bool set_in_wasm_flag);
 
-V8_EXPORT_PRIVATE CallDescriptor* GetI32WasmCallDescriptor(
-    Zone* zone, const CallDescriptor* call_descriptor);
-
-V8_EXPORT_PRIVATE const wasm::FunctionSig* GetI32Sig(
-    Zone* zone, const wasm::FunctionSig* sig);
-
 AssemblerOptions WasmAssemblerOptions();
 AssemblerOptions WasmStubAssemblerOptions();
 
diff --git a/deps/v8/src/compiler/wasm-gc-operator-reducer.cc b/deps/v8/src/compiler/wasm-gc-operator-reducer.cc
index a4401b184db179..80392ece710c38 100644
--- a/deps/v8/src/compiler/wasm-gc-operator-reducer.cc
+++ b/deps/v8/src/compiler/wasm-gc-operator-reducer.cc
@@ -356,9 +356,11 @@ Reduction WasmGCOperatorReducer::ReduceTypeGuard(Node* node) {
   wasm::TypeInModule object_type =
       ObjectTypeFromContext(object, control, /* allow_non_wasm = */ true);
   if (object_type.type.is_uninhabited()) return NoChange();
-  wasm::TypeInModule guarded_type = TypeGuardTypeOf(node->op()).AsWasm();
+  Type guarded_type = TypeGuardTypeOf(node->op());
+  if (!guarded_type.IsWasm()) return NoChange();
 
-  wasm::TypeInModule new_type = wasm::Intersection(object_type, guarded_type);
+  wasm::TypeInModule new_type =
+      wasm::Intersection(object_type, guarded_type.AsWasm());
 
   return UpdateNodeAndAliasesTypes(node, GetState(control), node, new_type,
                                    false);
diff --git a/deps/v8/src/compiler/wasm-graph-assembler.cc b/deps/v8/src/compiler/wasm-graph-assembler.cc
index 9df06b07f051af..dfecbffc9a2da8 100644
--- a/deps/v8/src/compiler/wasm-graph-assembler.cc
+++ b/deps/v8/src/compiler/wasm-graph-assembler.cc
@@ -428,15 +428,11 @@ Node* WasmGraphAssembler::LoadContextFromJSFunction(Node* js_function) {
 
 Node* WasmGraphAssembler::LoadFunctionDataFromJSFunction(Node* js_function) {
   Node* shared = LoadSharedFunctionInfo(js_function);
-#if V8_ENABLE_SANDBOX
-    static constexpr int kOffset =
-        SharedFunctionInfo::kTrustedFunctionDataOffset;
-#else
-    static constexpr int kOffset = SharedFunctionInfo::kFunctionDataOffset;
-#endif
-  return LoadTrustedPointerFromObject(shared,
-                                      wasm::ObjectAccess::ToTagged(kOffset),
-                                      kWasmFunctionDataIndirectPointerTag);
+  return LoadTrustedPointerFromObject(
+      shared,
+      wasm::ObjectAccess::ToTagged(
+          SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kWasmFunctionDataIndirectPointerTag);
 }
 
 Node* WasmGraphAssembler::LoadExportedFunctionIndexAsSmi(
diff --git a/deps/v8/src/d8/d8-test.cc b/deps/v8/src/d8/d8-test.cc
index 9378dd49e6125d..f53210922baed4 100644
--- a/deps/v8/src/d8/d8-test.cc
+++ b/deps/v8/src/d8/d8-test.cc
@@ -447,6 +447,13 @@ class FastCApiObject {
     UNREACHABLE();
   }
 
+  static int32_t AddAllIntInvalidOverloadCallback(
+      Local<Object> receiver, Local<Object> seq_arg,
+      FastApiCallbackOptions& options) {
+    // This should never be called
+    UNREACHABLE();
+  }
+
 #ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
   static AnyCType Add32BitIntFastCallbackPatch(AnyCType receiver,
                                                AnyCType arg_i32,
@@ -1569,9 +1576,12 @@ Local<FunctionTemplate> Shell::CreateTestFastCApiTemplate(Isolate* isolate) {
 
     CFunction add_all_int_invalid_func =
         CFunction::Make(FastCApiObject::AddAllIntInvalidCallback);
+    CFunction add_all_int_invalid_overload =
+        CFunction::Make(FastCApiObject::AddAllIntInvalidOverloadCallback);
+
     const CFunction add_all_invalid_overloads[] = {
         add_all_int_invalid_func,
-        add_all_seq_c_func,
+        add_all_int_invalid_overload,
     };
     api_obj_ctor->PrototypeTemplate()->Set(
         isolate, "add_all_invalid_overload",
diff --git a/deps/v8/src/d8/d8.cc b/deps/v8/src/d8/d8.cc
index 1c37e97a380175..bdc1b68481fc1d 100644
--- a/deps/v8/src/d8/d8.cc
+++ b/deps/v8/src/d8/d8.cc
@@ -2260,6 +2260,7 @@ void Shell::RealmEval(const v8::FunctionCallbackInfo<v8::Value>& info) {
       CreateScriptOrigin(isolate, String::NewFromUtf8Literal(isolate, "(d8)"),
                          ScriptType::kClassic);
 
+  if (isolate->IsExecutionTerminating()) return;
   ScriptCompiler::Source script_source(source, origin);
   Local<UnboundScript> script;
   if (!ScriptCompiler::CompileUnboundScript(isolate, &script_source)
diff --git a/deps/v8/src/d8/d8.h b/deps/v8/src/d8/d8.h
index e8858334d3011e..cbf270f0f16af0 100644
--- a/deps/v8/src/d8/d8.h
+++ b/deps/v8/src/d8/d8.h
@@ -8,6 +8,7 @@
 #include <iterator>
 #include <map>
 #include <memory>
+#include <optional>
 #include <queue>
 #include <string>
 #include <unordered_map>
@@ -151,7 +152,7 @@ class SerializationData {
   const std::vector<CompiledWasmModule>& compiled_wasm_modules() {
     return compiled_wasm_modules_;
   }
-  const base::Optional<v8::SharedValueConveyor>& shared_value_conveyor() {
+  const std::optional<v8::SharedValueConveyor>& shared_value_conveyor() {
     return shared_value_conveyor_;
   }
 
@@ -165,7 +166,7 @@ class SerializationData {
   std::vector<std::shared_ptr<v8::BackingStore>> backing_stores_;
   std::vector<std::shared_ptr<v8::BackingStore>> sab_backing_stores_;
   std::vector<CompiledWasmModule> compiled_wasm_modules_;
-  base::Optional<v8::SharedValueConveyor> shared_value_conveyor_;
+  std::optional<v8::SharedValueConveyor> shared_value_conveyor_;
 
  private:
   friend class Serializer;
diff --git a/deps/v8/src/debug/debug-coverage.cc b/deps/v8/src/debug/debug-coverage.cc
index 447d835c929f62..5b910428bd0ebd 100644
--- a/deps/v8/src/debug/debug-coverage.cc
+++ b/deps/v8/src/debug/debug-coverage.cc
@@ -804,7 +804,7 @@ void Coverage::SelectMode(Isolate* isolate, debug::CoverageMode mode) {
         }
       }
 
-      for (Handle<JSFunction> func : funcs_needing_feedback_vector) {
+      for (DirectHandle<JSFunction> func : funcs_needing_feedback_vector) {
         IsCompiledScope is_compiled_scope(
             func->shared()->is_compiled_scope(isolate));
         CHECK(is_compiled_scope.is_compiled());
diff --git a/deps/v8/src/debug/debug-evaluate.cc b/deps/v8/src/debug/debug-evaluate.cc
index 981244e2f45561..17b343ecf9ee59 100644
--- a/deps/v8/src/debug/debug-evaluate.cc
+++ b/deps/v8/src/debug/debug-evaluate.cc
@@ -89,6 +89,10 @@ MaybeHandle<Object> DebugEvaluate::Local(Isolate* isolate,
   DebuggableStackFrameIterator it(isolate, frame_id);
 #if V8_ENABLE_WEBASSEMBLY
   if (it.is_wasm()) {
+#if V8_ENABLE_DRUMBRAKE
+    // TODO(paolosev@microsoft.com) - Not supported by Wasm interpreter.
+    if (it.is_wasm_interpreter_entry()) return {};
+#endif  // V8_ENABLE_DRUMBRAKE
     WasmFrame* frame = WasmFrame::cast(it.frame());
     Handle<SharedFunctionInfo> outer_info(
         isolate->native_context()->empty_function()->shared(), isolate);
@@ -175,10 +179,10 @@ MaybeHandle<Object> DebugEvaluate::Evaluate(
   Handle<JSFunction> eval_fun;
   ASSIGN_RETURN_ON_EXCEPTION(
       isolate, eval_fun,
-      Compiler::GetFunctionFromEval(
-          source, outer_info, context, LanguageMode::kSloppy,
-          NO_PARSE_RESTRICTION, kNoSourcePosition, kNoSourcePosition,
-          kNoSourcePosition, ParsingWhileDebugging::kYes));
+      Compiler::GetFunctionFromEval(source, outer_info, context,
+                                    LanguageMode::kSloppy, NO_PARSE_RESTRICTION,
+                                    kNoSourcePosition, kNoSourcePosition,
+                                    ParsingWhileDebugging::kYes));
 
   Handle<Object> result;
   bool success = false;
@@ -1031,6 +1035,11 @@ DebugInfo::SideEffectState BuiltinGetSideEffectState(Builtin id) {
     case Builtin::kRegExpPrototypeSearch:
       return DebugInfo::kRequiresRuntimeChecks;
 
+    // Debugging builtins.
+    case Builtin::kDebugPrintFloat64:
+    case Builtin::kDebugPrintWordPtr:
+      return DebugInfo::kHasNoSideEffect;
+
     default:
       if (v8_flags.trace_side_effect_free_debug_evaluate) {
         PrintF("[debug-evaluate] built-in %s may cause side effect.\n",
diff --git a/deps/v8/src/debug/debug-frames.cc b/deps/v8/src/debug/debug-frames.cc
index e5f2382a9d08c9..40a1e28d6137de 100644
--- a/deps/v8/src/debug/debug-frames.cc
+++ b/deps/v8/src/debug/debug-frames.cc
@@ -77,6 +77,16 @@ Handle<Object> FrameInspector::GetContext() {
 Handle<String> FrameInspector::GetFunctionName() {
 #if V8_ENABLE_WEBASSEMBLY
   if (IsWasm()) {
+#if V8_ENABLE_DRUMBRAKE
+    if (IsWasmInterpreter()) {
+      auto wasm_frame = WasmInterpreterEntryFrame::cast(frame_);
+      auto instance_data =
+          handle(wasm_frame->trusted_instance_data(), isolate_);
+      return GetWasmFunctionDebugName(
+          isolate_, instance_data,
+          wasm_frame->function_index(inlined_frame_index_));
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
     auto wasm_frame = WasmFrame::cast(frame_);
     auto instance_data = handle(wasm_frame->trusted_instance_data(), isolate_);
     return GetWasmFunctionDebugName(isolate_, instance_data,
@@ -88,6 +98,11 @@ Handle<String> FrameInspector::GetFunctionName() {
 
 #if V8_ENABLE_WEBASSEMBLY
 bool FrameInspector::IsWasm() { return frame_->is_wasm(); }
+#if V8_ENABLE_DRUMBRAKE
+bool FrameInspector::IsWasmInterpreter() {
+  return frame_->is_wasm_interpreter_entry();
+}
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 bool FrameInspector::IsJavaScript() { return frame_->is_java_script(); }
diff --git a/deps/v8/src/debug/debug-frames.h b/deps/v8/src/debug/debug-frames.h
index 7c77865ae3d675..729a3dbad4ef4a 100644
--- a/deps/v8/src/debug/debug-frames.h
+++ b/deps/v8/src/debug/debug-frames.h
@@ -40,6 +40,9 @@ class V8_EXPORT_PRIVATE FrameInspector {
 
 #if V8_ENABLE_WEBASSEMBLY
   bool IsWasm();
+#if V8_ENABLE_DRUMBRAKE
+  bool IsWasmInterpreter();
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
   bool IsJavaScript();
 
diff --git a/deps/v8/src/debug/debug-interface.cc b/deps/v8/src/debug/debug-interface.cc
index 54b754f0f12c9b..97b81867c96ba1 100644
--- a/deps/v8/src/debug/debug-interface.cc
+++ b/deps/v8/src/debug/debug-interface.cc
@@ -160,7 +160,7 @@ Local<String> GetFunctionDescription(Local<Function> function) {
         builder.AppendCStringLiteral("function ");
         builder.AppendString(debug_name);
         builder.AppendCStringLiteral("() { [native code] }");
-        return Utils::ToLocal(builder.Finish().ToHandleChecked(), i_isolate);
+        return Utils::ToLocal(builder.Finish().ToHandleChecked());
       }
     }
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -345,8 +345,8 @@ bool GetPrivateMembers(Local<Context> context, Local<Object> object, int filter,
     } else if (include_fields) {  // Private fields
       i::DirectHandle<i::String> name(
           i::Cast<i::String>(i::Cast<i::Symbol>(*key)->description()), isolate);
-      names_out->push_back(Utils::ToLocal(name, isolate));
-      values_out->push_back(Utils::ToLocal(value, isolate));
+      names_out->push_back(Utils::ToLocal(name));
+      values_out->push_back(Utils::ToLocal(value));
     }
   }
 
@@ -498,7 +498,7 @@ int Script::StartColumn() const {
 }
 
 int Script::EndLine() const {
-  i::Handle<i::Script> script = Utils::OpenHandle(this);
+  i::DirectHandle<i::Script> script = Utils::OpenDirectHandle(this);
 #if V8_ENABLE_WEBASSEMBLY
   if (script->type() == i::Script::Type::kWasm) return 0;
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -514,7 +514,7 @@ int Script::EndLine() const {
 }
 
 int Script::EndColumn() const {
-  i::Handle<i::Script> script = Utils::OpenHandle(this);
+  i::DirectHandle<i::Script> script = Utils::OpenDirectHandle(this);
 #if V8_ENABLE_WEBASSEMBLY
   if (script->type() == i::Script::Type::kWasm) {
     return script->wasm_native_module()->wire_bytes().length();
@@ -536,7 +536,7 @@ MaybeLocal<String> Script::Name() const {
   i::Isolate* isolate = script->GetIsolate();
   i::DirectHandle<i::Object> value(script->name(), isolate);
   if (!IsString(*value)) return MaybeLocal<String>();
-  return Utils::ToLocal(i::Cast<i::String>(value), isolate);
+  return Utils::ToLocal(i::Cast<i::String>(value));
 }
 
 MaybeLocal<String> Script::SourceURL() const {
@@ -544,7 +544,7 @@ MaybeLocal<String> Script::SourceURL() const {
   i::Isolate* isolate = script->GetIsolate();
   i::DirectHandle<i::PrimitiveHeapObject> value(script->source_url(), isolate);
   if (!IsString(*value)) return MaybeLocal<String>();
-  return Utils::ToLocal(i::Cast<i::String>(value), isolate);
+  return Utils::ToLocal(i::Cast<i::String>(value));
 }
 
 MaybeLocal<String> Script::SourceMappingURL() const {
@@ -552,7 +552,7 @@ MaybeLocal<String> Script::SourceMappingURL() const {
   i::Isolate* isolate = script->GetIsolate();
   i::DirectHandle<i::Object> value(script->source_mapping_url(), isolate);
   if (!IsString(*value)) return MaybeLocal<String>();
-  return Utils::ToLocal(i::Cast<i::String>(value), isolate);
+  return Utils::ToLocal(i::Cast<i::String>(value));
 }
 
 MaybeLocal<String> Script::GetSha256Hash() const {
@@ -577,11 +577,11 @@ Local<ScriptSource> Script::Source() const {
   if (script->type() == i::Script::Type::kWasm) {
     i::DirectHandle<i::Object> wasm_native_module(
         script->wasm_managed_native_module(), isolate);
-    return Utils::Convert<i::Object, ScriptSource>(wasm_native_module, isolate);
+    return Utils::Convert<i::Object, ScriptSource>(wasm_native_module);
   }
 #endif  // V8_ENABLE_WEBASSEMBLY
   i::DirectHandle<i::PrimitiveHeapObject> source(script->source(), isolate);
-  return Utils::Convert<i::PrimitiveHeapObject, ScriptSource>(source, isolate);
+  return Utils::Convert<i::PrimitiveHeapObject, ScriptSource>(source);
 }
 
 #if V8_ENABLE_WEBASSEMBLY
@@ -711,7 +711,7 @@ Maybe<int> Script::GetSourceOffset(const Location& location,
 }
 
 Location Script::GetSourceLocation(int offset) const {
-  i::Handle<i::Script> script = Utils::OpenHandle(this);
+  i::DirectHandle<i::Script> script = Utils::OpenDirectHandle(this);
   i::Script::PositionInfo info;
   i::Script::GetPositionInfo(script, offset, &info);
   if (script->HasSourceURLComment()) {
@@ -774,7 +774,7 @@ bool Script::SetInstrumentationBreakpoint(BreakpointId* id) const {
 
 #if V8_ENABLE_WEBASSEMBLY
 void Script::RemoveWasmBreakpoint(BreakpointId id) {
-  i::Handle<i::Script> script = Utils::OpenHandle(this);
+  i::DirectHandle<i::Script> script = Utils::OpenDirectHandle(this);
   i::Isolate* isolate = script->GetIsolate();
   isolate->debug()->RemoveBreakpointForWasmScript(script, id);
 }
@@ -967,7 +967,7 @@ void GetLoadedScripts(Isolate* v8_isolate,
 #endif  // V8_ENABLE_WEBASSEMBLY
       if (!script->HasValidSource()) continue;
       i::HandleScope handle_scope(isolate);
-      i::Handle<i::Script> script_handle(script, isolate);
+      i::DirectHandle<i::Script> script_handle(script, isolate);
       scripts.emplace_back(v8_isolate, ToApiHandle<Script>(script_handle));
     }
   }
@@ -1065,7 +1065,7 @@ Local<String> WasmValueObject::type() const {
   auto object = i::Cast<i::WasmValueObject>(Utils::OpenDirectHandle(this));
   i::Isolate* isolate = object->GetIsolate();
   i::DirectHandle<i::String> type(object->type(), isolate);
-  return Utils::ToLocal(type, isolate);
+  return Utils::ToLocal(type);
 }
 #endif  // V8_ENABLE_WEBASSEMBLY
 
@@ -1131,7 +1131,7 @@ MaybeLocal<Script> GeneratorObject::Script() {
   if (!IsScript(maybe_script)) return {};
   i::Isolate* isolate = obj->GetIsolate();
   i::DirectHandle<i::Script> script(i::Cast<i::Script>(maybe_script), isolate);
-  return ToApiHandle<v8::debug::Script>(script, isolate);
+  return ToApiHandle<v8::debug::Script>(script);
 }
 
 Local<Function> GeneratorObject::Function() {
@@ -1145,7 +1145,7 @@ Location GeneratorObject::SuspendedLocation() {
   i::Tagged<i::Object> maybe_script = obj->function()->shared()->script();
   if (!IsScript(maybe_script)) return Location();
   i::Isolate* isolate = obj->GetIsolate();
-  i::Handle<i::Script> script(i::Cast<i::Script>(maybe_script), isolate);
+  i::DirectHandle<i::Script> script(i::Cast<i::Script>(maybe_script), isolate);
   i::Script::PositionInfo info;
   i::SharedFunctionInfo::EnsureSourcePositionsAvailable(
       isolate, i::handle(obj->function()->shared(), isolate));
@@ -1342,7 +1342,7 @@ MaybeLocal<v8::Value> EphemeronTable::Get(v8::Isolate* isolate,
   i::DirectHandle<i::Object> value(self->Lookup(internal_key), i_isolate);
 
   if (IsTheHole(*value)) return {};
-  return Utils::ToLocal(value, i_isolate);
+  return Utils::ToLocal(value);
 }
 
 Local<EphemeronTable> EphemeronTable::Set(v8::Isolate* isolate,
@@ -1353,7 +1353,7 @@ Local<EphemeronTable> EphemeronTable::Set(v8::Isolate* isolate,
   i::Handle<i::Object> internal_value = Utils::OpenHandle(*value);
   DCHECK(IsJSReceiver(*internal_key));
 
-  i::Handle<i::EphemeronHashTable> result(
+  i::DirectHandle<i::EphemeronHashTable> result(
       i::EphemeronHashTable::Put(self, internal_key, internal_value));
 
   return ToApiHandle<EphemeronTable>(result);
@@ -1362,7 +1362,7 @@ Local<EphemeronTable> EphemeronTable::Set(v8::Isolate* isolate,
 Local<EphemeronTable> EphemeronTable::New(v8::Isolate* isolate) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
   ENTER_V8_NO_SCRIPT_NO_EXCEPTION(i_isolate);
-  i::Handle<i::EphemeronHashTable> table =
+  i::DirectHandle<i::EphemeronHashTable> table =
       i::EphemeronHashTable::New(i_isolate, 0);
   return ToApiHandle<EphemeronTable>(table);
 }
@@ -1375,14 +1375,14 @@ Local<Value> AccessorPair::getter() {
   auto accessors = Utils::OpenDirectHandle(this);
   i::Isolate* isolate = accessors->GetIsolate();
   i::DirectHandle<i::Object> getter(accessors->getter(), isolate);
-  return Utils::ToLocal(getter, isolate);
+  return Utils::ToLocal(getter);
 }
 
 Local<Value> AccessorPair::setter() {
   auto accessors = Utils::OpenDirectHandle(this);
   i::Isolate* isolate = accessors->GetIsolate();
   i::DirectHandle<i::Object> setter(accessors->setter(), isolate);
-  return Utils::ToLocal(setter, isolate);
+  return Utils::ToLocal(setter);
 }
 
 bool AccessorPair::IsAccessorPair(Local<Value> that) {
diff --git a/deps/v8/src/debug/debug-scopes.cc b/deps/v8/src/debug/debug-scopes.cc
index ee2ac04eebd0b2..81eed6f0dd7c8d 100644
--- a/deps/v8/src/debug/debug-scopes.cc
+++ b/deps/v8/src/debug/debug-scopes.cc
@@ -255,7 +255,7 @@ void ScopeIterator::TryParseAndRetrieveScopes(ReparseStrategy strategy) {
   // Reparse the code and analyze the scopes.
   // Depending on the choosen strategy, the whole script or just
   // the closure is re-parsed for function scopes.
-  Handle<Script> script(Cast<Script>(shared_info->script()), isolate_);
+  DirectHandle<Script> script(Cast<Script>(shared_info->script()), isolate_);
 
   // Pick between flags for a single function compilation, or an eager
   // compilation of the whole script.
@@ -616,8 +616,8 @@ Handle<JSObject> ScopeIterator::ScopeObject(Mode mode) {
   }
 
   Handle<JSObject> scope = isolate_->factory()->NewSlowJSObjectWithNullProto();
-  auto visitor = [=](Handle<String> name, Handle<Object> value,
-                     ScopeType scope_type) {
+  auto visitor = [=, this](Handle<String> name, Handle<Object> value,
+                           ScopeType scope_type) {
     if (IsOptimizedOut(*value, isolate_)) {
       JSObject::SetAccessor(
           scope, name, isolate_->factory()->value_unavailable_accessor(), NONE)
diff --git a/deps/v8/src/debug/debug-stack-trace-iterator.cc b/deps/v8/src/debug/debug-stack-trace-iterator.cc
index 9c3a2ea17a5a13..175d29fc9d8f0b 100644
--- a/deps/v8/src/debug/debug-stack-trace-iterator.cc
+++ b/deps/v8/src/debug/debug-stack-trace-iterator.cc
@@ -158,6 +158,15 @@ debug::Location DebugStackTraceIterator::GetFunctionLocation() const {
                                func->GetScriptColumnNumber());
   }
 #if V8_ENABLE_WEBASSEMBLY
+#if V8_ENABLE_DRUMBRAKE
+  if (iterator_.frame()->is_wasm_interpreter_entry()) {
+    auto frame = WasmInterpreterEntryFrame::cast(iterator_.frame());
+    Handle<WasmInstanceObject> instance(frame->wasm_instance(), isolate_);
+    auto offset =
+        instance->module()->functions[frame->function_index(0)].code.offset();
+    return v8::debug::Location(inlined_frame_index_, offset);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
   if (iterator_.frame()->is_wasm()) {
     auto frame = WasmFrame::cast(iterator_.frame());
     const wasm::WasmModule* module = frame->trusted_instance_data()->module();
@@ -185,9 +194,18 @@ std::unique_ptr<v8::debug::ScopeIterator>
 DebugStackTraceIterator::GetScopeIterator() const {
   DCHECK(!Done());
 #if V8_ENABLE_WEBASSEMBLY
-  if (iterator_.frame()->is_wasm()) {
-    return GetWasmScopeIterator(WasmFrame::cast(iterator_.frame()));
+#if V8_ENABLE_DRUMBRAKE
+  if (iterator_.frame()->is_wasm_interpreter_entry()) {
+    return GetWasmInterpreterScopeIterator(
+        WasmInterpreterEntryFrame::cast(iterator_.frame()));
+  } else {
+#endif  // V8_ENABLE_DRUMBRAKE
+    if (iterator_.frame()->is_wasm()) {
+      return GetWasmScopeIterator(WasmFrame::cast(iterator_.frame()));
+    }
+#if V8_ENABLE_DRUMBRAKE
   }
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
   return std::make_unique<DebugScopeIterator>(isolate_, frame_inspector_.get());
 }
diff --git a/deps/v8/src/debug/debug-wasm-objects.cc b/deps/v8/src/debug/debug-wasm-objects.cc
index ee5e12922875f9..f4ebe853da700e 100644
--- a/deps/v8/src/debug/debug-wasm-objects.cc
+++ b/deps/v8/src/debug/debug-wasm-objects.cc
@@ -4,6 +4,8 @@
 
 #include "src/debug/debug-wasm-objects.h"
 
+#include <optional>
+
 #include "src/api/api-inl.h"
 #include "src/api/api-natives.h"
 #include "src/base/strings.h"
@@ -235,8 +237,8 @@ struct NamedDebugProxy : IndexedDebugProxy<T, id, Provider> {
   }
 
   template <typename V>
-  static base::Optional<uint32_t> FindName(
-      Local<v8::Name> name, const PropertyCallbackInfo<V>& info) {
+  static std::optional<uint32_t> FindName(Local<v8::Name> name,
+                                          const PropertyCallbackInfo<V>& info) {
     if (!name->IsString()) return {};
     auto name_str = Utils::OpenHandle(*name.As<v8::String>());
     if (name_str->length() == 0 || name_str->Get(0) != '$') return {};
@@ -296,7 +298,7 @@ struct FunctionsProxy : NamedDebugProxy<FunctionsProxy, kFunctionsProxy> {
   static Handle<Object> Get(Isolate* isolate,
                             DirectHandle<WasmInstanceObject> instance,
                             uint32_t index) {
-    Handle<WasmTrustedInstanceData> trusted_data{
+    DirectHandle<WasmTrustedInstanceData> trusted_data{
         instance->trusted_data(isolate), isolate};
     DirectHandle<WasmFuncRef> func_ref =
         WasmTrustedInstanceData::GetOrCreateFuncRef(isolate, trusted_data,
@@ -621,7 +623,8 @@ class ContextProxy {
     auto object = isolate->factory()->NewSlowJSObjectWithNullProto();
     Handle<WasmInstanceObject> instance(frame->wasm_instance(), isolate);
     JSObject::AddProperty(isolate, object, "instance", instance, FROZEN);
-    Handle<WasmModuleObject> module_object(instance->module_object(), isolate);
+    DirectHandle<WasmModuleObject> module_object(instance->module_object(),
+                                                 isolate);
     JSObject::AddProperty(isolate, object, "module", module_object, FROZEN);
     auto locals = LocalsProxy::Create(frame);
     JSObject::AddProperty(isolate, object, "locals", locals, FROZEN);
@@ -685,7 +688,8 @@ class DebugWasmScopeIterator final : public debug::ScopeIterator {
         Handle<JSObject> object =
             isolate->factory()->NewSlowJSObjectWithNullProto();
         JSObject::AddProperty(isolate, object, "instance", instance, FROZEN);
-        Handle<JSObject> module_object(instance->module_object(), isolate);
+        DirectHandle<JSObject> module_object(instance->module_object(),
+                                             isolate);
         JSObject::AddProperty(isolate, object, "module", module_object, FROZEN);
         if (FunctionsProxy::Count(isolate, instance) != 0) {
           JSObject::AddProperty(
@@ -747,6 +751,97 @@ class DebugWasmScopeIterator final : public debug::ScopeIterator {
   ScopeType type_;
 };
 
+#if V8_ENABLE_DRUMBRAKE
+class DebugWasmInterpreterScopeIterator final : public debug::ScopeIterator {
+ public:
+  explicit DebugWasmInterpreterScopeIterator(WasmInterpreterEntryFrame* frame)
+      : frame_(frame), type_(debug::ScopeIterator::ScopeTypeModule) {
+    // TODO(paolosev@microsoft.com) -  Enable local scopes and expression stack
+    // scopes.
+  }
+
+  bool Done() override { return type_ == ScopeTypeWith; }
+
+  void Advance() override {
+    DCHECK(!Done());
+    switch (type_) {
+      case ScopeTypeModule:
+        // We use ScopeTypeWith type as marker for done.
+        type_ = debug::ScopeIterator::ScopeTypeWith;
+        break;
+      case ScopeTypeWasmExpressionStack:
+      case ScopeTypeLocal:
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  ScopeType GetType() override { return type_; }
+
+  v8::Local<v8::Object> GetObject() override {
+    Isolate* isolate = frame_->isolate();
+    switch (type_) {
+      case debug::ScopeIterator::ScopeTypeModule: {
+        Handle<WasmInstanceObject> instance(frame_->wasm_instance(), isolate);
+        Handle<JSObject> object =
+            isolate->factory()->NewSlowJSObjectWithNullProto();
+        JSObject::AddProperty(isolate, object, "instance", instance, FROZEN);
+        Handle<JSObject> module_object(instance->module_object(), isolate);
+        JSObject::AddProperty(isolate, object, "module", module_object, FROZEN);
+        if (FunctionsProxy::Count(isolate, instance) != 0) {
+          JSObject::AddProperty(
+              isolate, object, "functions",
+              GetOrCreateInstanceProxy<FunctionsProxy>(isolate, instance),
+              FROZEN);
+        }
+        if (GlobalsProxy::Count(isolate, instance) != 0) {
+          JSObject::AddProperty(
+              isolate, object, "globals",
+              GetOrCreateInstanceProxy<GlobalsProxy>(isolate, instance),
+              FROZEN);
+        }
+        if (MemoriesProxy::Count(isolate, instance) != 0) {
+          JSObject::AddProperty(
+              isolate, object, "memories",
+              GetOrCreateInstanceProxy<MemoriesProxy>(isolate, instance),
+              FROZEN);
+        }
+        if (TablesProxy::Count(isolate, instance) != 0) {
+          JSObject::AddProperty(
+              isolate, object, "tables",
+              GetOrCreateInstanceProxy<TablesProxy>(isolate, instance), FROZEN);
+        }
+        return Utils::ToLocal(object);
+      }
+      case debug::ScopeIterator::ScopeTypeLocal:
+      case debug::ScopeIterator::ScopeTypeWasmExpressionStack:
+      default:
+        UNREACHABLE();
+    }
+  }
+  v8::Local<v8::Value> GetFunctionDebugName() override {
+    return Utils::ToLocal(frame_->isolate()->factory()->empty_string());
+  }
+
+  int GetScriptId() override { return -1; }
+
+  bool HasLocationInfo() override { return false; }
+
+  debug::Location GetStartLocation() override { return {}; }
+
+  debug::Location GetEndLocation() override { return {}; }
+
+  bool SetVariableValue(v8::Local<v8::String> name,
+                        v8::Local<v8::Value> value) override {
+    return false;
+  }
+
+ private:
+  WasmInterpreterEntryFrame* const frame_;
+  ScopeType type_;
+};
+#endif  // V8_ENABLE_DRUMBRAKE
+
 Handle<String> WasmSimd128ToString(Isolate* isolate, Simd128 s128) {
   // We use the canonical format as described in:
   // https://github.com/WebAssembly/simd/blob/master/proposals/simd/TextSIMD.md
@@ -914,8 +1009,8 @@ struct ArrayProxy : IndexedDebugProxy<ArrayProxy, kArrayProxy, FixedArray> {
 Handle<WasmValueObject> WasmValueObject::New(
     Isolate* isolate, const wasm::WasmValue& value,
     Handle<WasmModuleObject> module_object) {
-  Handle<String> t;
-  Handle<Object> v;
+  DirectHandle<String> t;
+  DirectHandle<Object> v;
   switch (value.type().kind()) {
     case wasm::kI8: {
       // This can't be reached for most "top-level" things, only via nested
@@ -1003,9 +1098,9 @@ Handle<WasmValueObject> WasmValueObject::New(
         // `new WebAssembly.Function(...)`, a module for name resolution is not
         // available.
         if (module_object.is_null() &&
-            IsWasmTrustedInstanceData(internal_fct->ref())) {
+            IsWasmTrustedInstanceData(internal_fct->implicit_arg())) {
           module_object =
-              handle(Cast<WasmTrustedInstanceData>(internal_fct->ref())
+              handle(Cast<WasmTrustedInstanceData>(internal_fct->implicit_arg())
                          ->module_object(),
                      isolate);
         }
@@ -1046,6 +1141,13 @@ std::unique_ptr<debug::ScopeIterator> GetWasmScopeIterator(WasmFrame* frame) {
   return std::make_unique<DebugWasmScopeIterator>(frame);
 }
 
+#if V8_ENABLE_DRUMBRAKE
+std::unique_ptr<debug::ScopeIterator> GetWasmInterpreterScopeIterator(
+    WasmInterpreterEntryFrame* frame) {
+  return std::make_unique<DebugWasmInterpreterScopeIterator>(frame);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 Handle<String> GetWasmFunctionDebugName(
     Isolate* isolate, DirectHandle<WasmTrustedInstanceData> instance_data,
     uint32_t func_index) {
diff --git a/deps/v8/src/debug/debug-wasm-objects.h b/deps/v8/src/debug/debug-wasm-objects.h
index d6edc2cd58de13..4f151cd0737dea 100644
--- a/deps/v8/src/debug/debug-wasm-objects.h
+++ b/deps/v8/src/debug/debug-wasm-objects.h
@@ -31,6 +31,9 @@ class WasmValue;
 class ArrayList;
 class WasmFrame;
 class WasmInstanceObject;
+#if V8_ENABLE_DRUMBRAKE
+class WasmInterpreterEntryFrame;
+#endif  // V8_ENABLE_DRUMBRAKE
 class WasmModuleObject;
 class WasmTableObject;
 
@@ -69,6 +72,11 @@ Handle<JSObject> GetWasmDebugProxy(WasmFrame* frame);
 
 std::unique_ptr<debug::ScopeIterator> GetWasmScopeIterator(WasmFrame* frame);
 
+#if V8_ENABLE_DRUMBRAKE
+std::unique_ptr<debug::ScopeIterator> GetWasmInterpreterScopeIterator(
+    WasmInterpreterEntryFrame* frame);
+#endif  // V8_ENABLE_DRUMBRAKE
+
 Handle<String> GetWasmFunctionDebugName(
     Isolate* isolate, DirectHandle<WasmTrustedInstanceData> instance_data,
     uint32_t func_index);
diff --git a/deps/v8/src/debug/debug.cc b/deps/v8/src/debug/debug.cc
index 7bf033c91fe80b..ac90310b57c542 100644
--- a/deps/v8/src/debug/debug.cc
+++ b/deps/v8/src/debug/debug.cc
@@ -5,6 +5,7 @@
 #include "src/debug/debug.h"
 
 #include <memory>
+#include <optional>
 
 #include "src/api/api-inl.h"
 #include "src/base/platform/mutex.h"
@@ -563,7 +564,7 @@ bool DebugInfoCollection::Contains(Tagged<SharedFunctionInfo> sfi) const {
   return true;
 }
 
-base::Optional<Tagged<DebugInfo>> DebugInfoCollection::Find(
+std::optional<Tagged<DebugInfo>> DebugInfoCollection::Find(
     Tagged<SharedFunctionInfo> sfi) const {
   auto it = map_.find(sfi->unique_id());
   if (it == map_.end()) return {};
@@ -907,8 +908,8 @@ bool Debug::IsMutedAtWasmLocation(Tagged<Script> script, int position) {
 
 namespace {
 
-// Convenience helper for easier base::Optional translation.
-bool ToHandle(Isolate* isolate, base::Optional<Tagged<DebugInfo>> debug_info,
+// Convenience helper for easier std::optional translation.
+bool ToHandle(Isolate* isolate, std::optional<Tagged<DebugInfo>> debug_info,
               Handle<DebugInfo>* out) {
   if (!debug_info.has_value()) return false;
   *out = handle(debug_info.value(), isolate);
@@ -997,7 +998,7 @@ bool Debug::SetBreakPointForScript(Handle<Script> script,
                                    int* source_position, int* id) {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
   *id = ++thread_local_.last_breakpoint_id_;
-  Handle<BreakPoint> break_point =
+  DirectHandle<BreakPoint> break_point =
       isolate_->factory()->NewBreakPoint(*id, condition);
 #if V8_ENABLE_WEBASSEMBLY
   if (script->type() == Script::Type::kWasm) {
@@ -1127,7 +1128,7 @@ bool Debug::SetBreakpointForFunction(Handle<SharedFunctionInfo> shared,
   } else {
     *id = ++thread_local_.last_breakpoint_id_;
   }
-  Handle<BreakPoint> breakpoint =
+  DirectHandle<BreakPoint> breakpoint =
       isolate_->factory()->NewBreakPoint(*id, condition);
   int source_position = 0;
 #if V8_ENABLE_WEBASSEMBLY
@@ -1139,7 +1140,7 @@ bool Debug::SetBreakpointForFunction(Handle<SharedFunctionInfo> shared,
     CHECK(function_data->instance_data()->has_instance_object());
     Tagged<WasmModuleObject> module_obj =
         function_data->instance_data()->instance_object()->module_object();
-    Handle<Script> script(module_obj->script(), isolate_);
+    DirectHandle<Script> script(module_obj->script(), isolate_);
     return WasmScript::SetBreakPointOnFirstBreakableForFunction(
         script, func_index, breakpoint);
   }
@@ -1149,7 +1150,7 @@ bool Debug::SetBreakpointForFunction(Handle<SharedFunctionInfo> shared,
 
 void Debug::RemoveBreakpoint(int id) {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
-  Handle<BreakPoint> breakpoint = isolate_->factory()->NewBreakPoint(
+  DirectHandle<BreakPoint> breakpoint = isolate_->factory()->NewBreakPoint(
       id, isolate_->factory()->empty_string());
   ClearBreakPoint(breakpoint);
 }
@@ -1161,7 +1162,7 @@ void Debug::SetInstrumentationBreakpointForWasmScript(Handle<Script> script,
   DCHECK_EQ(Script::Type::kWasm, script->type());
   *id = kInstrumentationId;
 
-  Handle<BreakPoint> break_point = isolate_->factory()->NewBreakPoint(
+  DirectHandle<BreakPoint> break_point = isolate_->factory()->NewBreakPoint(
       *id, isolate_->factory()->empty_string());
   RecordWasmScriptWithBreakpoints(script);
   WasmScript::SetInstrumentationBreakpoint(script, break_point);
@@ -1208,7 +1209,7 @@ void Debug::RecordWasmScriptWithBreakpoints(Handle<Script> script) {
 // Clear out all the debug break code.
 void Debug::ClearAllBreakPoints() {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
-  ClearAllDebugInfos([=](Handle<DebugInfo> info) {
+  ClearAllDebugInfos([=, this](Handle<DebugInfo> info) {
     ClearBreakPoints(info);
     info->ClearBreakInfo(isolate_);
   });
@@ -1485,6 +1486,11 @@ void Debug::PrepareStep(StepAction step_action) {
     clear_suspended_generator();
 #if V8_ENABLE_WEBASSEMBLY
   } else if (frame->is_wasm() && step_action != StepOut) {
+#if V8_ENABLE_DRUMBRAKE
+    // TODO(paolosev@microsoft.com) - If we are running with the interpreter, we
+    // cannot step.
+    if (frame->is_wasm_interpreter_entry()) return;
+#endif  // V8_ENABLE_DRUMBRAKE
     // Handle stepping in wasm.
     WasmFrame* wasm_frame = WasmFrame::cast(frame);
     auto* debug_info = wasm_frame->native_module()->GetDebugInfo();
@@ -1549,6 +1555,11 @@ void Debug::PrepareStep(StepAction step_action) {
       bool in_current_frame = true;
       for (; !frames_it.done(); frames_it.Advance()) {
 #if V8_ENABLE_WEBASSEMBLY
+#if V8_ENABLE_DRUMBRAKE
+        // TODO(paolosev@microsoft.com): Implement stepping out from JS to wasm
+        // interpreter.
+        if (frame->is_wasm_interpreter_entry()) continue;
+#endif  // V8_ENABLE_DRUMBRAKE
         if (frames_it.frame()->is_wasm()) {
           if (in_current_frame) {
             in_current_frame = false;
@@ -1831,7 +1842,7 @@ namespace {
 bool IsJSFunctionAndNeedsTrampoline(Isolate* isolate,
                                     Tagged<Object> maybe_function) {
   if (!IsJSFunction(maybe_function)) return false;
-  base::Optional<Tagged<DebugInfo>> debug_info =
+  std::optional<Tagged<DebugInfo>> debug_info =
       isolate->debug()->TryGetDebugInfo(
           Cast<JSFunction>(maybe_function)->shared());
   return debug_info.has_value() && debug_info.value()->CanBreakAtEntry();
@@ -1959,6 +1970,9 @@ void FindBreakablePositions(Handle<DebugInfo> debug_info, int start_position,
 
 bool CompileTopLevel(Isolate* isolate, Handle<Script> script,
                      MaybeHandle<SharedFunctionInfo>* result = nullptr) {
+  if (script->compilation_type() == Script::CompilationType::kEval) {
+    return false;
+  }
   UnoptimizedCompileState compile_state;
   ReusableUnoptimizedCompileState reusable_state(isolate);
   UnoptimizedCompileFlags flags =
@@ -2149,7 +2163,7 @@ bool Debug::FindSharedFunctionInfosIntersectingRange(
     }
 
     if (!triedTopLevelCompile && !candidateSubsumesRange &&
-        script->shared_function_info_count() > 0) {
+        script->infos()->length() > 0) {
       MaybeHandle<SharedFunctionInfo> shared =
           GetTopLevelWithRecompile(script, &triedTopLevelCompile);
       if (shared.is_null()) return false;
@@ -2184,10 +2198,9 @@ bool Debug::FindSharedFunctionInfosIntersectingRange(
 
 MaybeHandle<SharedFunctionInfo> Debug::GetTopLevelWithRecompile(
     Handle<Script> script, bool* did_compile) {
-  DCHECK_LE(kFunctionLiteralIdTopLevel, script->shared_function_info_count());
-  DCHECK_LE(script->shared_function_info_count(),
-            script->shared_function_infos()->length());
-  Tagged<MaybeObject> maybeToplevel = script->shared_function_infos()->get(0);
+  DCHECK_LE(kFunctionLiteralIdTopLevel, script->infos()->length());
+  Tagged<MaybeObject> maybeToplevel =
+      script->infos()->get(kFunctionLiteralIdTopLevel);
   Tagged<HeapObject> heap_object;
   const bool topLevelInfoExists =
       maybeToplevel.GetHeapObject(&heap_object) && !IsUndefined(heap_object);
@@ -2304,7 +2317,7 @@ Handle<DebugInfo> Debug::GetOrCreateDebugInfo(
     DirectHandle<SharedFunctionInfo> shared) {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
 
-  if (base::Optional<Tagged<DebugInfo>> di = debug_infos_.Find(*shared)) {
+  if (std::optional<Tagged<DebugInfo>> di = debug_infos_.Find(*shared)) {
     return handle(di.value(), isolate_);
   }
 
@@ -2329,8 +2342,9 @@ void Debug::InstallCoverageInfo(DirectHandle<SharedFunctionInfo> shared,
 }
 
 void Debug::RemoveAllCoverageInfos() {
-  ClearAllDebugInfos(
-      [=](DirectHandle<DebugInfo> info) { info->ClearCoverageInfo(isolate_); });
+  ClearAllDebugInfos([=, this](DirectHandle<DebugInfo> info) {
+    info->ClearCoverageInfo(isolate_);
+  });
 }
 
 void Debug::ClearAllDebuggerHints() {
@@ -2399,7 +2413,7 @@ Handle<FixedArray> Debug::GetLoadedScripts() {
   return FixedArray::RightTrimOrEmpty(isolate_, results, length);
 }
 
-base::Optional<Tagged<DebugInfo>> Debug::TryGetDebugInfo(
+std::optional<Tagged<DebugInfo>> Debug::TryGetDebugInfo(
     Tagged<SharedFunctionInfo> sfi) {
   return debug_infos_.Find(sfi);
 }
@@ -2409,34 +2423,34 @@ bool Debug::HasDebugInfo(Tagged<SharedFunctionInfo> sfi) {
 }
 
 bool Debug::HasCoverageInfo(Tagged<SharedFunctionInfo> sfi) {
-  if (base::Optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
+  if (std::optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
     return debug_info.value()->HasCoverageInfo();
   }
   return false;
 }
 
 bool Debug::HasBreakInfo(Tagged<SharedFunctionInfo> sfi) {
-  if (base::Optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
+  if (std::optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
     return debug_info.value()->HasBreakInfo();
   }
   return false;
 }
 
 bool Debug::BreakAtEntry(Tagged<SharedFunctionInfo> sfi) {
-  if (base::Optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
+  if (std::optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(sfi)) {
     return debug_info.value()->BreakAtEntry();
   }
   return false;
 }
 
-base::Optional<Tagged<Object>> Debug::OnThrow(Handle<Object> exception) {
+std::optional<Tagged<Object>> Debug::OnThrow(Handle<Object> exception) {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
   if (in_debug_scope() || ignore_events()) return {};
   // Temporarily clear any exception to allow evaluating
   // JavaScript from the debug event handler.
   HandleScope scope(isolate_);
   {
-    base::Optional<Isolate::ExceptionScope> exception_scope;
+    std::optional<Isolate::ExceptionScope> exception_scope;
     if (isolate_->has_exception()) exception_scope.emplace(isolate_);
     Isolate::CatchType catch_type = isolate_->PredictExceptionCatcher();
     OnException(exception, MaybeHandle<JSPromise>(),
@@ -2627,7 +2641,8 @@ void Debug::OnDebugBreak(Handle<FixedArray> break_points_hit,
 }
 
 namespace {
-debug::Location GetDebugLocation(Handle<Script> script, int source_position) {
+debug::Location GetDebugLocation(DirectHandle<Script> script,
+                                 int source_position) {
   Script::PositionInfo info;
   Script::GetPositionInfo(script, source_position, &info);
   // V8 provides ScriptCompiler::CompileFunction method which takes
@@ -2653,7 +2668,7 @@ bool Debug::IsBlackboxed(DirectHandle<SharedFunctionInfo> shared) {
       PostponeInterruptsScope no_interrupts(isolate_);
       DisableBreak no_recursive_break(this);
       DCHECK(IsScript(shared->script()));
-      Handle<Script> script(Cast<Script>(shared->script()), isolate_);
+      DirectHandle<Script> script(Cast<Script>(shared->script()), isolate_);
       DCHECK(script->IsUserJavaScript());
       debug::Location start = GetDebugLocation(script, shared->StartPosition());
       debug::Location end = GetDebugLocation(script, shared->EndPosition());
@@ -2680,7 +2695,7 @@ bool Debug::ShouldBeSkipped() {
   Handle<Object> script_obj = summary.script();
   if (!IsScript(*script_obj)) return false;
 
-  Handle<Script> script = Cast<Script>(script_obj);
+  DirectHandle<Script> script = Cast<Script>(script_obj);
   summary.EnsureSourcePositionsAvailable();
   int source_position = summary.SourcePosition();
   Script::PositionInfo info;
@@ -2728,15 +2743,16 @@ bool Debug::SetScriptSource(Handle<Script> script, Handle<String> source,
   return result->status == debug::LiveEditResult::OK;
 }
 
-void Debug::OnCompileError(Handle<Script> script) {
+void Debug::OnCompileError(DirectHandle<Script> script) {
   ProcessCompileEvent(true, script);
 }
 
-void Debug::OnAfterCompile(Handle<Script> script) {
+void Debug::OnAfterCompile(DirectHandle<Script> script) {
   ProcessCompileEvent(false, script);
 }
 
-void Debug::ProcessCompileEvent(bool has_compile_error, Handle<Script> script) {
+void Debug::ProcessCompileEvent(bool has_compile_error,
+                                DirectHandle<Script> script) {
   RCS_SCOPE(isolate_, RuntimeCallCounterId::kDebugger);
   // Ignore temporary scripts.
   if (script->id() == Script::kTemporaryScriptId) return;
@@ -2898,7 +2914,7 @@ void Debug::PrintBreakLocation() {
   inspector.GetFunctionName()->PrintOn(stdout);
   PrintF("'.\n");
   if (IsScript(*script_obj)) {
-    Handle<Script> script = Cast<Script>(script_obj);
+    DirectHandle<Script> script = Cast<Script>(script_obj);
     DirectHandle<String> source(Cast<String>(script->source()), isolate_);
     Script::InitLineEnds(isolate_, script);
     Script::PositionInfo info;
@@ -3106,7 +3122,7 @@ bool Debug::PerformSideEffectCheck(Handle<JSFunction> function,
     return false;
   }
   DCHECK(is_compiled_scope.is_compiled());
-  Handle<SharedFunctionInfo> shared(function->shared(), isolate_);
+  DirectHandle<SharedFunctionInfo> shared(function->shared(), isolate_);
   DirectHandle<DebugInfo> debug_info = GetOrCreateDebugInfo(shared);
   DebugInfo::SideEffectState side_effect_state =
       debug_info->GetSideEffectState(isolate_);
diff --git a/deps/v8/src/debug/debug.h b/deps/v8/src/debug/debug.h
index 8b2707fcd4ce1f..553562b4ec682c 100644
--- a/deps/v8/src/debug/debug.h
+++ b/deps/v8/src/debug/debug.h
@@ -6,6 +6,7 @@
 #define V8_DEBUG_DEBUG_H_
 
 #include <memory>
+#include <optional>
 #include <unordered_map>
 #include <vector>
 
@@ -192,7 +193,7 @@ class DebugInfoCollection final {
   void Insert(Tagged<SharedFunctionInfo> sfi, Tagged<DebugInfo> debug_info);
 
   bool Contains(Tagged<SharedFunctionInfo> sfi) const;
-  base::Optional<Tagged<DebugInfo>> Find(Tagged<SharedFunctionInfo> sfi) const;
+  std::optional<Tagged<DebugInfo>> Find(Tagged<SharedFunctionInfo> sfi) const;
 
   void DeleteSlow(Tagged<SharedFunctionInfo> sfi);
 
@@ -257,11 +258,11 @@ class V8_EXPORT_PRIVATE Debug {
                     debug::BreakReasons break_reasons = {});
   debug::DebugDelegate::ActionAfterInstrumentation OnInstrumentationBreak();
 
-  base::Optional<Tagged<Object>> OnThrow(Handle<Object> exception)
+  std::optional<Tagged<Object>> OnThrow(Handle<Object> exception)
       V8_WARN_UNUSED_RESULT;
   void OnPromiseReject(Handle<Object> promise, Handle<Object> value);
-  void OnCompileError(Handle<Script> script);
-  void OnAfterCompile(Handle<Script> script);
+  void OnCompileError(DirectHandle<Script> script);
+  void OnAfterCompile(DirectHandle<Script> script);
 
   void HandleDebugBreak(IgnoreBreakMode ignore_break_mode,
                         debug::BreakReasons break_reasons);
@@ -274,7 +275,7 @@ class V8_EXPORT_PRIVATE Debug {
   Handle<FixedArray> GetLoadedScripts();
 
   // DebugInfo accessors.
-  base::Optional<Tagged<DebugInfo>> TryGetDebugInfo(
+  std::optional<Tagged<DebugInfo>> TryGetDebugInfo(
       Tagged<SharedFunctionInfo> sfi);
   bool HasDebugInfo(Tagged<SharedFunctionInfo> sfi);
   bool HasCoverageInfo(Tagged<SharedFunctionInfo> sfi);
@@ -528,7 +529,7 @@ class V8_EXPORT_PRIVATE Debug {
   void OnException(Handle<Object> exception, MaybeHandle<JSPromise> promise,
                    v8::debug::ExceptionType exception_type);
 
-  void ProcessCompileEvent(bool has_compile_error, Handle<Script> script);
+  void ProcessCompileEvent(bool has_compile_error, DirectHandle<Script> script);
 
   // Find the closest source position for a break point for a given position.
   int FindBreakablePosition(Handle<DebugInfo> debug_info, int source_position);
diff --git a/deps/v8/src/debug/liveedit-diff.cc b/deps/v8/src/debug/liveedit-diff.cc
index ff2f8aa88a9a9c..4bb018e27b11e2 100644
--- a/deps/v8/src/debug/liveedit-diff.cc
+++ b/deps/v8/src/debug/liveedit-diff.cc
@@ -6,10 +6,10 @@
 
 #include <cmath>
 #include <map>
+#include <optional>
 #include <vector>
 
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 
 namespace v8 {
 namespace internal {
@@ -154,22 +154,22 @@ class MyersDiffer {
     // `FindMiddleSnake`.
   }
 
-  base::Optional<Path> FindEditPath() {
+  std::optional<Path> FindEditPath() {
     return FindEditPath(Point{0, 0},
                         Point{input_->GetLength1(), input_->GetLength2()});
   }
 
   // Returns the path of the SES between `from` and `to`.
-  base::Optional<Path> FindEditPath(Point from, Point to) {
+  std::optional<Path> FindEditPath(Point from, Point to) {
     // Divide the area described by `from` and `to` by finding the
     // middle snake ...
-    base::Optional<Snake> snake = FindMiddleSnake(from, to);
+    std::optional<Snake> snake = FindMiddleSnake(from, to);
 
-    if (!snake) return base::nullopt;
+    if (!snake) return std::nullopt;
 
     // ... and then conquer the two resulting sub-areas.
-    base::Optional<Path> head = FindEditPath(from, snake->from);
-    base::Optional<Path> tail = FindEditPath(snake->to, to);
+    std::optional<Path> head = FindEditPath(from, snake->from);
+    std::optional<Path> tail = FindEditPath(snake->to, to);
 
     // Combine `head` and `tail` or use the snake start/end points for
     // zero-size areas.
@@ -198,9 +198,9 @@ class MyersDiffer {
   // If a step from a (d-1)-path to a d-path overlaps with a reverse path on
   // the same diagonal (or the other way around), then we consider that step
   // our middle snake and return it immediately.
-  base::Optional<Snake> FindMiddleSnake(Point from, Point to) {
+  std::optional<Snake> FindMiddleSnake(Point from, Point to) {
     EditGraphArea area{from, to};
-    if (area.size() == 0) return base::nullopt;
+    if (area.size() == 0) return std::nullopt;
 
     // Initialise the furthest reaching vectors with an "artificial" edge
     // from (0, -1) -> (0, 0) and (N, -M) -> (N, M) to serve as the initial
@@ -213,7 +213,7 @@ class MyersDiffer {
       if (auto snake = ShortestEditReverse(area, d)) return snake;
     }
 
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // Greedily calculates the furthest reaching `d`-paths for each k-diagonal
@@ -223,7 +223,7 @@ class MyersDiffer {
   // a deletion from the `k-1`-diagonal. Then we follow all possible diagonal
   // moves and finally record the result as the furthest reaching path on the
   // k-diagonal.
-  base::Optional<Snake> ShortestEditForward(const EditGraphArea& area, int d) {
+  std::optional<Snake> ShortestEditForward(const EditGraphArea& area, int d) {
     Point from, to;
     // We alternate between looking at odd and even k-diagonals. That is
     // because when we extend a `d-path` by a single move we can at most move
@@ -264,14 +264,14 @@ class MyersDiffer {
         return Snake{from, to};
       }
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // Greedily calculates the furthest reaching reverse `d`-paths for each
   // l-diagonal where l is in [-d, d].
   // Works the same as `ShortestEditForward` but we move upwards and left
   // instead.
-  base::Optional<Snake> ShortestEditReverse(const EditGraphArea& area, int d) {
+  std::optional<Snake> ShortestEditReverse(const EditGraphArea& area, int d) {
     Point from, to;
     // We alternate between looking at odd and even l-diagonals. That is
     // because when we extend a `d-path` by a single move we can at most move
@@ -313,7 +313,7 @@ class MyersDiffer {
         return Snake{to, from};
       }
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // Small helper class that converts a "shortest edit script" path into a
@@ -352,7 +352,7 @@ class MyersDiffer {
    private:
     Comparator::Output* output_;
     bool change_is_ongoing_ = false;
-    base::Optional<Point> change_start_;
+    std::optional<Point> change_start_;
   };
 
   // Takes an edit path and "fills in the blanks". That is we notify the
diff --git a/deps/v8/src/debug/liveedit.cc b/deps/v8/src/debug/liveedit.cc
index c476998ac10b79..f693d765d7a700 100644
--- a/deps/v8/src/debug/liveedit.cc
+++ b/deps/v8/src/debug/liveedit.cc
@@ -4,6 +4,8 @@
 
 #include "src/debug/liveedit.h"
 
+#include <optional>
+
 #include "src/api/api-inl.h"
 #include "src/ast/ast-traversal-visitor.h"
 #include "src/ast/ast.h"
@@ -754,7 +756,7 @@ void TranslateSourcePositionTable(Isolate* isolate,
 void UpdatePositions(Isolate* isolate, DirectHandle<SharedFunctionInfo> sfi,
                      FunctionLiteral* new_function,
                      const std::vector<SourceChangeRange>& diffs) {
-  sfi->UpdateFromFunctionLiteralForLiveEdit(new_function);
+  sfi->UpdateFromFunctionLiteralForLiveEdit(isolate, new_function);
   if (sfi->HasBytecodeArray()) {
     TranslateSourcePositionTable(
         isolate, direct_handle(sfi->GetBytecodeArray(isolate), isolate), diffs);
@@ -915,7 +917,7 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
 
     isolate->compilation_cache()->Remove(sfi);
     isolate->debug()->DeoptimizeFunction(sfi);
-    if (base::Optional<Tagged<DebugInfo>> di = sfi->TryGetDebugInfo(isolate)) {
+    if (std::optional<Tagged<DebugInfo>> di = sfi->TryGetDebugInfo(isolate)) {
       DirectHandle<DebugInfo> debug_info(di.value(), isolate);
       isolate->debug()->RemoveBreakInfoAndMaybeFree(debug_info);
     }
@@ -924,8 +926,8 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
 
     sfi->set_script(*new_script, kReleaseStore);
     sfi->set_function_literal_id(mapping.second->function_literal_id());
-    new_script->shared_function_infos()->set(
-        mapping.second->function_literal_id(), MakeWeak(*sfi));
+    new_script->infos()->set(mapping.second->function_literal_id(),
+                             MakeWeak(*sfi));
     DCHECK_EQ(sfi->function_literal_id(),
               mapping.second->function_literal_id());
 
@@ -935,7 +937,7 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
         mapping.second->function_literal_id();
 
     if (sfi->HasUncompiledDataWithPreparseData()) {
-      sfi->ClearPreparseData();
+      sfi->ClearPreparseData(isolate);
     }
 
     for (auto& js_function : data->js_functions) {
@@ -985,6 +987,10 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
     isolate->debug()->DeoptimizeFunction(sfi);
     isolate->compilation_cache()->Remove(sfi);
     for (auto& js_function : data->js_functions) {
+#ifdef V8_ENABLE_LEAPTIERING
+      js_function->initialize_dispatch_handle(
+          isolate, new_sfi->internal_formal_parameter_count_with_receiver());
+#endif
       js_function->set_shared(*new_sfi);
       js_function->set_code(js_function->shared()->GetCode(isolate));
 
@@ -1016,9 +1022,8 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
       // Grab that function id from the new script's SFI list, which should have
       // already been updated in in the unchanged pass.
       Tagged<SharedFunctionInfo> old_unchanged_inner_sfi =
-          Cast<SharedFunctionInfo>(new_script->shared_function_infos()
-                                       ->get(unchanged_it->second)
-                                       .GetHeapObject());
+          Cast<SharedFunctionInfo>(
+              new_script->infos()->get(unchanged_it->second).GetHeapObject());
       if (old_unchanged_inner_sfi == inner_sfi) continue;
       DCHECK_NE(old_unchanged_inner_sfi, inner_sfi);
       // Now some sanity checks. Make sure that the unchanged SFI has already
@@ -1059,7 +1064,7 @@ void LiveEdit::PatchScript(Isolate* isolate, Handle<Script> script,
         Tagged<SharedFunctionInfo> inner_sfi =
             Cast<SharedFunctionInfo>(constants->get(i));
         DCHECK_EQ(inner_sfi->script(), *new_script);
-        DCHECK_EQ(inner_sfi, new_script->shared_function_infos()
+        DCHECK_EQ(inner_sfi, new_script->infos()
                                  ->get(inner_sfi->function_literal_id())
                                  .GetHeapObject());
       }
diff --git a/deps/v8/src/debug/wasm/gdb-server/wasm-module-debug.cc b/deps/v8/src/debug/wasm/gdb-server/wasm-module-debug.cc
index a13a23af187cc8..7d6f1e981b9d7f 100644
--- a/deps/v8/src/debug/wasm/gdb-server/wasm-module-debug.cc
+++ b/deps/v8/src/debug/wasm/gdb-server/wasm-module-debug.cc
@@ -166,7 +166,11 @@ std::vector<FrameSummary> WasmModuleDebug::FindWasmFrame(
         DCHECK_GT(frame_count, 0);
 
         if (frame_count > *frame_index) {
+#if V8_ENABLE_DRUMBRAKE
+          if (frame_it->is_wasm() && !frame_it->is_wasm_interpreter_entry())
+#else   // V8_ENABLE_DRUMBRAKE
           if (frame_it->is_wasm())
+#endif  // V8_ENABLE_DRUMBRAKE
             return frames;
           else
             return {};
diff --git a/deps/v8/src/deoptimizer/arm/deoptimizer-arm.cc b/deps/v8/src/deoptimizer/arm/deoptimizer-arm.cc
index c615817ebe61e7..1c2fbb655e2025 100644
--- a/deps/v8/src/deoptimizer/arm/deoptimizer-arm.cc
+++ b/deps/v8/src/deoptimizer/arm/deoptimizer-arm.cc
@@ -53,9 +53,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/arm64/deoptimizer-arm64.cc b/deps/v8/src/deoptimizer/arm64/deoptimizer-arm64.cc
index d09e249464d045..defbe0a97b3409 100644
--- a/deps/v8/src/deoptimizer/arm64/deoptimizer-arm64.cc
+++ b/deps/v8/src/deoptimizer/arm64/deoptimizer-arm64.cc
@@ -50,10 +50,10 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
+void FrameDescription::SetPc(intptr_t pc) {
   // TODO(v8:10026): We need to sign pointers to the embedded blob, which are
   // stored in the isolate and code range objects.
-  if (ENABLE_CONTROL_FLOW_INTEGRITY_BOOL && !skip_validity_check) {
+  if (ENABLE_CONTROL_FLOW_INTEGRITY_BOOL) {
     CHECK(Deoptimizer::IsValidReturnAddress(PointerAuthentication::StripPAC(pc),
                                             isolate_));
   }
diff --git a/deps/v8/src/deoptimizer/deoptimizer.cc b/deps/v8/src/deoptimizer/deoptimizer.cc
index ce883f712e1e8c..22cb8af33684bc 100644
--- a/deps/v8/src/deoptimizer/deoptimizer.cc
+++ b/deps/v8/src/deoptimizer/deoptimizer.cc
@@ -4,6 +4,8 @@
 
 #include "src/deoptimizer/deoptimizer.h"
 
+#include <optional>
+
 #include "src/base/memory.h"
 #include "src/codegen/interface-descriptors.h"
 #include "src/codegen/register-configuration.h"
@@ -31,6 +33,7 @@
 #include "src/wasm/baseline/liftoff-varstate.h"
 #include "src/wasm/compilation-environment-inl.h"
 #include "src/wasm/function-compiler.h"
+#include "src/wasm/signature-hashing.h"
 #include "src/wasm/wasm-deopt-data.h"
 #include "src/wasm/wasm-engine.h"
 #include "src/wasm/wasm-linkage.h"
@@ -592,6 +595,10 @@ Deoptimizer::Deoptimizer(Isolate* isolate, Tagged<JSFunction> function,
 
 #if V8_ENABLE_WEBASSEMBLY
   if (v8_flags.wasm_deopt && function.is_null()) {
+#if V8_ENABLE_SANDBOX
+    no_heap_access_during_wasm_deopt_ =
+        SandboxHardwareSupport::MaybeBlockAccess();
+#endif
     wasm::WasmCode* code =
         wasm::GetWasmCodeManager()->LookupCode(isolate, from);
     compiled_optimized_wasm_code_ = code;
@@ -621,16 +628,16 @@ Deoptimizer::Deoptimizer(Isolate* isolate, Tagged<JSFunction> function,
     // pointers as well as the incoming parameter stack slots are going to be
     // copied into the outgoing FrameDescription which will "push" them back
     // onto the stack. (This is consistent with how JS handles this.)
-    int parameter_slots = code->first_tagged_parameter_slot() +
-                          code->num_tagged_parameter_slots();
-    // For arm64, the stack pointer has to be 16-byte-aligned, so additional
-    // padding might be required.
-    parameter_slots += ArgumentPaddingSlots(parameter_slots);
+    const wasm::FunctionSig* sig =
+        code->native_module()->module()->functions[code->index()].sig;
+    int parameter_stack_slots, return_stack_slots;
+    GetWasmStackSlotsCounts(sig, &parameter_stack_slots, &return_stack_slots);
+
     unsigned input_frame_size = fp_to_sp_delta +
-                                parameter_slots * kSystemPointerSize +
+                                parameter_stack_slots * kSystemPointerSize +
                                 CommonFrameConstants::kFixedFrameSizeAboveFp;
-    input_ =
-        FrameDescription::Create(input_frame_size, parameter_slots, isolate_);
+    input_ = FrameDescription::Create(input_frame_size, parameter_stack_slots,
+                                      isolate_);
     return;
   }
 #endif
@@ -912,10 +919,23 @@ FrameDescription* Deoptimizer::DoComputeWasmLiftoffFrame(
 
   DCHECK(liftoff_description);
 
+  int parameter_stack_slots, return_stack_slots;
+  const wasm::FunctionSig* sig =
+      native_module->module()->functions[frame.wasm_function_index()].sig;
+  GetWasmStackSlotsCounts(sig, &parameter_stack_slots, &return_stack_slots);
+
+  // Allocate and populate the FrameDescription describing the output frame.
+  const uint32_t output_frame_size = liftoff_description->total_frame_size;
+  const uint32_t total_output_frame_size =
+      output_frame_size + parameter_stack_slots * kSystemPointerSize +
+      CommonFrameConstants::kFixedFrameSizeAboveFp;
+
   if (verbose_tracing_enabled()) {
     std::ostringstream outstream;
     outstream << "  Liftoff stack & register state for function index "
-              << frame.wasm_function_index() << '\n';
+              << frame.wasm_function_index() << ", frame size "
+              << output_frame_size << ", total frame size "
+              << total_output_frame_size << '\n';
     size_t index = 0;
     for (const wasm::LiftoffVarState& state : liftoff_description->var_state) {
       outstream << "     " << index++ << ": " << state << '\n';
@@ -924,18 +944,6 @@ FrameDescription* Deoptimizer::DoComputeWasmLiftoffFrame(
     PrintF(file, "%s", outstream.str().c_str());
   }
 
-  uint32_t parameter_stack_slots = wasm_code->first_tagged_parameter_slot() +
-                                   wasm_code->num_tagged_parameter_slots();
-
-  // For arm64, the stack pointer has to be 16-byte-aligned, so additional
-  // padding might be required.
-  parameter_stack_slots += ArgumentPaddingSlots(parameter_stack_slots);
-
-  // Allocate and populate the FrameDescription describing the output frame.
-  const uint32_t output_frame_size = liftoff_description->total_frame_size;
-  const uint32_t total_output_frame_size =
-      output_frame_size + parameter_stack_slots * kSystemPointerSize +
-      CommonFrameConstants::kFixedFrameSizeAboveFp;
   FrameDescription* output_frame = FrameDescription::Create(
       total_output_frame_size, parameter_stack_slots, isolate());
 
@@ -948,7 +956,7 @@ FrameDescription* Deoptimizer::DoComputeWasmLiftoffFrame(
   // Note that zero is clearly not the correct value. Still, liftoff copies
   // all parameters into "its own" stack slots at the beginning and always
   // uses these slots to restore parameters from the stack.
-  for (uint32_t i = 0; i < parameter_stack_slots; ++i) {
+  for (int i = 0; i < parameter_stack_slots; ++i) {
     output_offset -= kSystemPointerSize;
     output_frame->SetFrameSlot(output_offset, 0);
   }
@@ -959,36 +967,35 @@ FrameDescription* Deoptimizer::DoComputeWasmLiftoffFrame(
                                     total_output_frame_size;
   output_frame->SetTop(top);
   Address pc = wasm_code->instruction_start() + liftoff_description->pc_offset;
-  // Note: Differently to JS, all PCs, including intermediate ones need to be
-  // signed.
-  if (is_topmost) {
-    Address signed_pc = PointerAuthentication::SignAndCheckPC(
-        isolate(), pc, output_frame->GetTop());
-    output_frame->SetPc(signed_pc);
-  } else {
-    // For signing the PC we need to know the stack pointer ("top" address)
-    // which needs to take into account the arguments of the callee (the frame
-    // "above" the current frame).
-    // Therefore, we delay signing the PC to the next frame which knows how many
-    // parameter stack slots there are.
-    output_frame->SetPc(pc, true);
-  }
+  // Sign the PC. Note that for the non-topmost frames the stack pointer at
+  // which the PC is stored as the "caller pc" / return address depends on the
+  // amount of parameter stack slots of the callee. To simplify the code, we
+  // just sign it as if there weren't any parameter stack slots.
+  // When building up the next frame we can check and "move" the caller PC by
+  // signing it again with the correct stack pointer.
+  Address signed_pc = PointerAuthentication::SignAndCheckPC(
+      isolate(), pc, output_frame->GetTop());
+  output_frame->SetPc(signed_pc);
+
   // Sign the previous frame's PC.
-  if (!is_bottommost) {
-    FrameDescription* previous_frame = output_[frame_index - 1];
-    Address pc = previous_frame->GetPc();
-    Address context =
-        previous_frame->GetTop() - parameter_stack_slots * kSystemPointerSize;
-    Address signed_pc =
-        PointerAuthentication::SignAndCheckPC(isolate(), pc, context);
-    previous_frame->SetPc(signed_pc);
-  } else {
+  if (is_bottommost) {
     Address old_context =
         caller_frame_top_ - input_->parameter_count() * kSystemPointerSize;
     Address new_context =
         caller_frame_top_ - parameter_stack_slots * kSystemPointerSize;
     caller_pc_ = PointerAuthentication::MoveSignedPC(isolate(), caller_pc_,
                                                      new_context, old_context);
+  } else if (parameter_stack_slots != 0) {
+    // The previous frame's PC is stored at a different stack slot, so we need
+    // to re-sign the PC for the new context (stack pointer).
+    FrameDescription* previous_frame = output_[frame_index - 1];
+    Address pc = previous_frame->GetPc();
+    Address old_context = previous_frame->GetTop();
+    Address new_context =
+        old_context - parameter_stack_slots * kSystemPointerSize;
+    Address signed_pc = PointerAuthentication::MoveSignedPC(
+        isolate(), pc, new_context, old_context);
+    previous_frame->SetPc(signed_pc);
   }
 
   // Store the caller PC.
@@ -1347,6 +1354,30 @@ void Deoptimizer::DoComputeOutputFramesWasmImpl() {
     TraceDeoptEnd(timer.Elapsed().InMillisecondsF());
   }
 }
+
+void Deoptimizer::GetWasmStackSlotsCounts(const wasm::FunctionSig* sig,
+                                          int* parameter_stack_slots,
+                                          int* return_stack_slots) {
+  class DummyResultCollector {
+   public:
+    void AddParamAt(size_t index, LinkageLocation location) {}
+    void AddReturnAt(size_t index, LinkageLocation location) {}
+  } result_collector;
+
+  // On 32 bits we need to perform the int64 lowering for the signature.
+#if V8_TARGET_ARCH_32_BIT
+  if (!alloc_) {
+    DCHECK(!zone_);
+    alloc_.emplace();
+    zone_.emplace(&*alloc_, "deoptimizer i32sig lowering");
+  }
+  sig = GetI32Sig(&*zone_, sig);
+#endif
+  int untagged_slots, untagged_return_slots;  // Unused.
+  wasm::IterateSignatureImpl(sig, false, result_collector, &untagged_slots,
+                             parameter_stack_slots, &untagged_return_slots,
+                             return_stack_slots);
+}
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 // We rely on this function not causing a GC.  It is called from generated code
@@ -1526,6 +1557,7 @@ void Deoptimizer::DoComputeOutputFrames() {
                                        compiled_code_->osr_offset())))) {
     function_->reset_tiering_state();
     function_->SetInterruptBudget(isolate_, CodeKind::INTERPRETED_FUNCTION);
+    function_->feedback_vector()->set_was_once_deoptimized();
   }
 
   // Print some helpful diagnostic information.
@@ -1634,7 +1666,7 @@ void Deoptimizer::DoComputeUnoptimizedFrame(TranslatedFrame* translated_frame,
   TranslatedFrame::iterator function_iterator = value_iterator++;
 
   Tagged<BytecodeArray> bytecode_array;
-  base::Optional<Tagged<DebugInfo>> debug_info =
+  std::optional<Tagged<DebugInfo>> debug_info =
       shared->TryGetDebugInfo(isolate());
   if (debug_info.has_value() && debug_info.value()->HasBreakInfo()) {
     bytecode_array = debug_info.value()->DebugBytecodeArray(isolate());
@@ -2313,7 +2345,7 @@ Builtin Deoptimizer::TrampolineForBuiltinContinuation(
 
 #if V8_ENABLE_WEBASSEMBLY
 TranslatedValue Deoptimizer::TranslatedValueForWasmReturnKind(
-    base::Optional<wasm::ValueKind> wasm_call_return_kind) {
+    std::optional<wasm::ValueKind> wasm_call_return_kind) {
   if (wasm_call_return_kind) {
     switch (wasm_call_return_kind.value()) {
       case wasm::kI32:
diff --git a/deps/v8/src/deoptimizer/deoptimizer.h b/deps/v8/src/deoptimizer/deoptimizer.h
index a2f8f0052cbeac..19b5d780a885d6 100644
--- a/deps/v8/src/deoptimizer/deoptimizer.h
+++ b/deps/v8/src/deoptimizer/deoptimizer.h
@@ -5,6 +5,7 @@
 #ifndef V8_DEOPTIMIZER_DEOPTIMIZER_H_
 #define V8_DEOPTIMIZER_DEOPTIMIZER_H_
 
+#include <optional>
 #include <vector>
 
 #include "src/builtins/builtins.h"
@@ -16,6 +17,7 @@
 #include "src/objects/js-function.h"
 
 #if V8_ENABLE_WEBASSEMBLY
+#include "src/sandbox/hardware-support.h"
 #include "src/wasm/value-type.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
@@ -174,6 +176,10 @@ class Deoptimizer : public Malloced {
   FrameDescription* DoComputeWasmLiftoffFrame(
       TranslatedFrame& frame, wasm::NativeModule* native_module,
       Tagged<WasmTrustedInstanceData> wasm_trusted_instance, int frame_index);
+
+  void GetWasmStackSlotsCounts(const wasm::FunctionSig* sig,
+                               int* parameter_stack_slots,
+                               int* return_stack_slots);
 #endif
 
   void DoComputeUnoptimizedFrame(TranslatedFrame* translated_frame,
@@ -190,7 +196,7 @@ class Deoptimizer : public Malloced {
 
 #if V8_ENABLE_WEBASSEMBLY
   TranslatedValue TranslatedValueForWasmReturnKind(
-      base::Optional<wasm::ValueKind> wasm_call_return_kind);
+      std::optional<wasm::ValueKind> wasm_call_return_kind);
 #endif  // V8_ENABLE_WEBASSEMBLY
 
   void DoComputeBuiltinContinuation(TranslatedFrame* translated_frame,
@@ -272,6 +278,19 @@ class Deoptimizer : public Malloced {
   // satisfies is_standard_layout, needed for offsetof().
   CodeTracer::Scope* const trace_scope_;
 
+#if V8_ENABLE_WEBASSEMBLY && V8_TARGET_ARCH_32_BIT
+  // Needed by webassembly for lowering signatures containing i64 types. Stored
+  // as members for re-use for multiple signatures during one de-optimization.
+  std::optional<AccountingAllocator> alloc_;
+  std::optional<Zone> zone_;
+#endif
+#if V8_ENABLE_WEBASSEMBLY && V8_ENABLE_SANDBOX
+  // Wasm deoptimizations should not access the heap at all. All deopt data is
+  // stored off-heap.
+  std::optional<SandboxHardwareSupport::BlockAccessScope>
+      no_heap_access_during_wasm_deopt_;
+#endif
+
   friend class DeoptimizedFrameInfo;
   friend class FrameDescription;
   friend class FrameWriter;
diff --git a/deps/v8/src/deoptimizer/frame-description.h b/deps/v8/src/deoptimizer/frame-description.h
index 39fe7f6b92c0ce..73e32f4a7284a0 100644
--- a/deps/v8/src/deoptimizer/frame-description.h
+++ b/deps/v8/src/deoptimizer/frame-description.h
@@ -160,7 +160,7 @@ class FrameDescription {
   void SetTop(intptr_t top) { top_ = top; }
 
   intptr_t GetPc() const { return pc_; }
-  void SetPc(intptr_t pc, bool skip_validity_check = false);
+  void SetPc(intptr_t pc);
 
   intptr_t GetFp() const { return fp_; }
   void SetFp(intptr_t fp) { fp_ = fp; }
diff --git a/deps/v8/src/deoptimizer/frame-translation-builder.cc b/deps/v8/src/deoptimizer/frame-translation-builder.cc
index ee35d1b7b03b78..f4eecdf518015c 100644
--- a/deps/v8/src/deoptimizer/frame-translation-builder.cc
+++ b/deps/v8/src/deoptimizer/frame-translation-builder.cc
@@ -4,6 +4,8 @@
 
 #include "src/deoptimizer/frame-translation-builder.h"
 
+#include <optional>
+
 #include "src/base/vlq.h"
 #include "src/deoptimizer/translated-state.h"
 #include "src/objects/fixed-array-inl.h"
@@ -283,7 +285,7 @@ void FrameTranslationBuilder::BeginBuiltinContinuationFrame(
 #if V8_ENABLE_WEBASSEMBLY
 void FrameTranslationBuilder::BeginJSToWasmBuiltinContinuationFrame(
     BytecodeOffset bytecode_offset, int literal_id, unsigned height,
-    base::Optional<wasm::ValueKind> return_kind) {
+    std::optional<wasm::ValueKind> return_kind) {
   auto opcode = TranslationOpcode::JS_TO_WASM_BUILTIN_CONTINUATION_FRAME;
   Add(opcode, SignedOperand(bytecode_offset.ToInt()), SignedOperand(literal_id),
       SignedOperand(height),
diff --git a/deps/v8/src/deoptimizer/frame-translation-builder.h b/deps/v8/src/deoptimizer/frame-translation-builder.h
index b2a6817ae269e7..d2a6df762bb10c 100644
--- a/deps/v8/src/deoptimizer/frame-translation-builder.h
+++ b/deps/v8/src/deoptimizer/frame-translation-builder.h
@@ -5,6 +5,8 @@
 #ifndef V8_DEOPTIMIZER_FRAME_TRANSLATION_BUILDER_H_
 #define V8_DEOPTIMIZER_FRAME_TRANSLATION_BUILDER_H_
 
+#include <optional>
+
 #include "src/codegen/register.h"
 #include "src/deoptimizer/translation-opcode.h"
 #include "src/objects/deoptimization-data.h"
@@ -45,7 +47,7 @@ class FrameTranslationBuilder {
 #if V8_ENABLE_WEBASSEMBLY
   void BeginJSToWasmBuiltinContinuationFrame(
       BytecodeOffset bailout_id, int literal_id, unsigned height,
-      base::Optional<wasm::ValueKind> return_kind);
+      std::optional<wasm::ValueKind> return_kind);
   void BeginWasmInlinedIntoJSFrame(BytecodeOffset bailout_id, int literal_id,
                                    unsigned height);
   void BeginLiftoffFrame(BytecodeOffset bailout_id, unsigned height,
diff --git a/deps/v8/src/deoptimizer/ia32/deoptimizer-ia32.cc b/deps/v8/src/deoptimizer/ia32/deoptimizer-ia32.cc
index bf724ef5f4bdb4..ac892a77cb29eb 100644
--- a/deps/v8/src/deoptimizer/ia32/deoptimizer-ia32.cc
+++ b/deps/v8/src/deoptimizer/ia32/deoptimizer-ia32.cc
@@ -42,9 +42,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/loong64/deoptimizer-loong64.cc b/deps/v8/src/deoptimizer/loong64/deoptimizer-loong64.cc
index 34d226d1bfa597..ad18d1f560ef84 100644
--- a/deps/v8/src/deoptimizer/loong64/deoptimizer-loong64.cc
+++ b/deps/v8/src/deoptimizer/loong64/deoptimizer-loong64.cc
@@ -41,9 +41,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/mips64/deoptimizer-mips64.cc b/deps/v8/src/deoptimizer/mips64/deoptimizer-mips64.cc
index 935e9b902ed5e8..8fe46c65c0cdab 100644
--- a/deps/v8/src/deoptimizer/mips64/deoptimizer-mips64.cc
+++ b/deps/v8/src/deoptimizer/mips64/deoptimizer-mips64.cc
@@ -41,9 +41,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/ppc/deoptimizer-ppc.cc b/deps/v8/src/deoptimizer/ppc/deoptimizer-ppc.cc
index 28def4b5e424c2..ec2f0f9ef87f16 100644
--- a/deps/v8/src/deoptimizer/ppc/deoptimizer-ppc.cc
+++ b/deps/v8/src/deoptimizer/ppc/deoptimizer-ppc.cc
@@ -52,9 +52,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   SetFrameSlot(offset, value);
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/riscv/deoptimizer-riscv.cc b/deps/v8/src/deoptimizer/riscv/deoptimizer-riscv.cc
index 48bca84135db1a..08fdf203c5e5be 100644
--- a/deps/v8/src/deoptimizer/riscv/deoptimizer-riscv.cc
+++ b/deps/v8/src/deoptimizer/riscv/deoptimizer-riscv.cc
@@ -37,9 +37,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/s390/deoptimizer-s390.cc b/deps/v8/src/deoptimizer/s390/deoptimizer-s390.cc
index 7fc2929aeee5cd..41448f8a1aaec5 100644
--- a/deps/v8/src/deoptimizer/s390/deoptimizer-s390.cc
+++ b/deps/v8/src/deoptimizer/s390/deoptimizer-s390.cc
@@ -50,9 +50,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/deoptimizer/translated-state.cc b/deps/v8/src/deoptimizer/translated-state.cc
index 860cb15879150b..c82ed3495f3571 100644
--- a/deps/v8/src/deoptimizer/translated-state.cc
+++ b/deps/v8/src/deoptimizer/translated-state.cc
@@ -7,6 +7,7 @@
 #include <inttypes.h>
 
 #include <iomanip>
+#include <optional>
 
 #include "src/base/memory.h"
 #include "src/common/assert-scope.h"
@@ -860,7 +861,7 @@ TranslatedFrame TranslatedFrame::WasmInlinedIntoJSFrame(
 
 TranslatedFrame TranslatedFrame::JSToWasmBuiltinContinuationFrame(
     BytecodeOffset bytecode_offset, Tagged<SharedFunctionInfo> shared_info,
-    int height, base::Optional<wasm::ValueKind> return_kind) {
+    int height, std::optional<wasm::ValueKind> return_kind) {
   TranslatedFrame frame(kJSToWasmBuiltinContinuation, shared_info, height);
   frame.bytecode_offset_ = bytecode_offset;
   frame.return_kind_ = return_kind;
@@ -1101,7 +1102,7 @@ TranslatedFrame TranslatedState::CreateNextTranslatedFrame(
           literal_array.get_on_heap_literals()->get(iterator->NextOperand()));
       int height = iterator->NextOperand();
       int return_kind_code = iterator->NextOperand();
-      base::Optional<wasm::ValueKind> return_kind;
+      std::optional<wasm::ValueKind> return_kind;
       if (return_kind_code != kNoWasmReturnKind) {
         return_kind = static_cast<wasm::ValueKind>(return_kind_code);
       }
@@ -2442,6 +2443,36 @@ void TranslatedState::InitializeJSObjectAt(
           .Relaxed_Store(value);
       INDIRECT_POINTER_WRITE_BARRIER(*object_storage, offset,
                                      kCodeIndirectPointerTag, value);
+#ifdef V8_ENABLE_LEAPTIERING
+    } else if (InstanceTypeChecker::IsJSFunction(map->instance_type()) &&
+               offset == JSFunction::kDispatchHandleOffset) {
+      // The JSDispatchHandle will be materialized as a number, but we need
+      // the raw value here. TODO(saelo): can we implement "proper" support
+      // for JSDispatchHandles in the deoptimizer?
+      DirectHandle<Object> field_value = slot->GetValue();
+      CHECK(IsNumber(*field_value));
+      JSDispatchHandle handle = Object::NumberValue(Cast<Number>(*field_value));
+      object_storage->WriteField<JSDispatchHandle>(
+          JSFunction::kDispatchHandleOffset, handle);
+#endif  // V8_ENABLE_LEAPTIERING
+    } else if (InstanceTypeChecker::IsJSRegExp(map->instance_type()) &&
+               offset == JSRegExp::kDataOffset) {
+      DirectHandle<HeapObject> field_value = slot->storage();
+      // If the value comes from the DeoptimizationLiteralArray, it is a
+      // RegExpDataWrapper as we can't store TrustedSpace values in a FixedArray
+      // directly.
+      Tagged<RegExpData> value;
+      if (Is<RegExpDataWrapper>(*field_value)) {
+        value = Cast<RegExpDataWrapper>(*field_value)->data(isolate());
+      } else {
+        CHECK(IsRegExpData(*field_value));
+        value = Cast<RegExpData>(*field_value);
+      }
+      object_storage
+          ->RawIndirectPointerField(offset, kRegExpDataIndirectPointerTag)
+          .Relaxed_Store(value);
+      INDIRECT_POINTER_WRITE_BARRIER(*object_storage, offset,
+                                     kRegExpDataIndirectPointerTag, value);
     } else if (marker == kStoreHeapObject) {
 #else
     if (marker == kStoreHeapObject) {
@@ -2498,7 +2529,7 @@ void TranslatedState::InitializeObjectWithTaggedFieldsAt(
     slot = GetResolvedSlotAndAdvance(frame, value_index);
     int offset = i * kTaggedSize;
     uint8_t marker = object_storage->ReadField<uint8_t>(offset);
-    Handle<Object> field_value;
+    DirectHandle<Object> field_value;
     if (i > 1 && marker == kStoreHeapObject) {
       field_value = slot->storage();
     } else {
@@ -2706,7 +2737,7 @@ bool TranslatedState::DoUpdateFeedback() {
   if (!feedback_vector_handle_.is_null()) {
     CHECK(!feedback_slot_.IsInvalid());
     isolate()->CountUsage(v8::Isolate::kDeoptimizerDisableSpeculation);
-    FeedbackNexus nexus(feedback_vector_handle_, feedback_slot_);
+    FeedbackNexus nexus(isolate(), feedback_vector_handle_, feedback_slot_);
     nexus.SetSpeculationMode(SpeculationMode::kDisallowSpeculation);
     return true;
   }
diff --git a/deps/v8/src/deoptimizer/translated-state.h b/deps/v8/src/deoptimizer/translated-state.h
index 898b8ad304c370..652969eeed32d2 100644
--- a/deps/v8/src/deoptimizer/translated-state.h
+++ b/deps/v8/src/deoptimizer/translated-state.h
@@ -5,6 +5,7 @@
 #ifndef V8_DEOPTIMIZER_TRANSLATED_STATE_H_
 #define V8_DEOPTIMIZER_TRANSLATED_STATE_H_
 
+#include <optional>
 #include <stack>
 #include <vector>
 
@@ -283,7 +284,7 @@ class TranslatedFrame {
 
 #if V8_ENABLE_WEBASSEMBLY
   // Only for Kind == kJSToWasmBuiltinContinuation
-  base::Optional<wasm::ValueKind> wasm_call_return_kind() const {
+  std::optional<wasm::ValueKind> wasm_call_return_kind() const {
     DCHECK_EQ(kind(), kJSToWasmBuiltinContinuation);
     return return_kind_;
   }
@@ -319,7 +320,7 @@ class TranslatedFrame {
       int height);
   static TranslatedFrame JSToWasmBuiltinContinuationFrame(
       BytecodeOffset bailout_id, Tagged<SharedFunctionInfo> shared_info,
-      int height, base::Optional<wasm::ValueKind> return_type);
+      int height, std::optional<wasm::ValueKind> return_type);
   static TranslatedFrame LiftoffFrame(BytecodeOffset bailout_id, int height,
                                       int function_index);
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -363,7 +364,7 @@ class TranslatedFrame {
 
 #if V8_ENABLE_WEBASSEMBLY
   // Only for Kind == kJSToWasmBuiltinContinuation
-  base::Optional<wasm::ValueKind> return_kind_;
+  std::optional<wasm::ValueKind> return_kind_;
   // Only for Kind == kLiftOffFunction
   int wasm_function_index_ = -1;
 #endif  // V8_ENABLE_WEBASSEMBLY
diff --git a/deps/v8/src/deoptimizer/x64/deoptimizer-x64.cc b/deps/v8/src/deoptimizer/x64/deoptimizer-x64.cc
index 81e76c5f7b7cd0..5fc0412b5f0455 100644
--- a/deps/v8/src/deoptimizer/x64/deoptimizer-x64.cc
+++ b/deps/v8/src/deoptimizer/x64/deoptimizer-x64.cc
@@ -57,9 +57,7 @@ void FrameDescription::SetCallerConstantPool(unsigned offset, intptr_t value) {
   UNREACHABLE();
 }
 
-void FrameDescription::SetPc(intptr_t pc, bool skip_validity_check) {
-  pc_ = pc;
-}
+void FrameDescription::SetPc(intptr_t pc) { pc_ = pc; }
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/diagnostics/code-tracer.h b/deps/v8/src/diagnostics/code-tracer.h
index ecd54c41b1685f..9090e56b3746b2 100644
--- a/deps/v8/src/diagnostics/code-tracer.h
+++ b/deps/v8/src/diagnostics/code-tracer.h
@@ -5,7 +5,8 @@
 #ifndef V8_DIAGNOSTICS_CODE_TRACER_H_
 #define V8_DIAGNOSTICS_CODE_TRACER_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/base/platform/wrappers.h"
 #include "src/base/strings.h"
@@ -68,8 +69,8 @@ class CodeTracer final : public Malloced {
 
    private:
     // Exactly one of these two will be initialized.
-    base::Optional<StdoutStream> stdout_stream_;
-    base::Optional<OFStream> file_stream_;
+    std::optional<StdoutStream> stdout_stream_;
+    std::optional<OFStream> file_stream_;
   };
 
   void OpenFile() {
diff --git a/deps/v8/src/diagnostics/disassembler.cc b/deps/v8/src/diagnostics/disassembler.cc
index 24926876bc9a15..4daa0d48b8c3d0 100644
--- a/deps/v8/src/diagnostics/disassembler.cc
+++ b/deps/v8/src/diagnostics/disassembler.cc
@@ -252,7 +252,8 @@ static void PrintRelocInfo(std::ostringstream& out, Isolate* isolate,
     const char* reference_name =
         ref_encoder
             ? ref_encoder->NameOfAddress(isolate, address)
-            : ExternalReferenceTable::NameOfIsolateIndependentAddress(address);
+            : ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                  address, IsolateGroup::current()->external_ref_table());
     out << "    ;; external reference (" << reference_name << ")";
   } else if (RelocInfo::IsCodeTargetMode(rmode)) {
     out << "    ;; code:";
@@ -397,10 +398,7 @@ static int DecodeIt(Isolate* isolate, ExternalReferenceEncoder* ref_encoder,
       const CodeReference& host = code;
       Address constant_pool =
           host.is_null() ? kNullAddress : host.constant_pool();
-      Handle<Code> code_handle;
       if (host.is_code()) {
-        code_handle = host.as_code();
-
         RelocInfo relocinfo(pcs[i], rmodes[i], datas[i], constant_pool);
         bool first_reloc_info = (i == 0);
         PrintRelocInfo(out, isolate, ref_encoder, os, code, &relocinfo,
diff --git a/deps/v8/src/diagnostics/etw-jit-win.cc b/deps/v8/src/diagnostics/etw-jit-win.cc
index 83195f85621054..f4b9013f2bde19 100644
--- a/deps/v8/src/diagnostics/etw-jit-win.cc
+++ b/deps/v8/src/diagnostics/etw-jit-win.cc
@@ -412,6 +412,14 @@ void EventHandler(const JitCodeEvent* event) {
     script_column = info.column + 1;
   }
 
+  auto code = isolate->heap()->GcSafeTryFindCodeForInnerPointer(
+      Address(event->code_start));
+  if (code && code.value()->is_builtin()) {
+    // Skip logging functions with BuiltinIds as they are already present in
+    // the PDB.
+    return;
+  }
+
   constexpr static auto method_load_event_meta =
       EventMetadata(kMethodLoadEventID, kJScriptRuntimeKeyword);
   constexpr static auto method_load_event_fields = EventFields(
diff --git a/deps/v8/src/diagnostics/gdb-jit.cc b/deps/v8/src/diagnostics/gdb-jit.cc
index 95023d93fc4d24..2b6df3306bdf90 100644
--- a/deps/v8/src/diagnostics/gdb-jit.cc
+++ b/deps/v8/src/diagnostics/gdb-jit.cc
@@ -7,6 +7,7 @@
 #include <iterator>
 #include <map>
 #include <memory>
+#include <optional>
 #include <vector>
 
 #include "include/v8-callbacks.h"
@@ -1916,7 +1917,7 @@ static void AddUnwindInfo(CodeDescription* desc) {
 
 static base::LazyMutex mutex = LAZY_MUTEX_INITIALIZER;
 
-static base::Optional<std::pair<CodeMap::iterator, CodeMap::iterator>>
+static std::optional<std::pair<CodeMap::iterator, CodeMap::iterator>>
 GetOverlappingRegions(CodeMap* map, const base::AddressRegion region) {
   DCHECK_LT(region.begin(), region.end());
 
diff --git a/deps/v8/src/diagnostics/objects-debug.cc b/deps/v8/src/diagnostics/objects-debug.cc
index e7180831829fba..4b884864c12e5c 100644
--- a/deps/v8/src/diagnostics/objects-debug.cc
+++ b/deps/v8/src/diagnostics/objects-debug.cc
@@ -524,7 +524,8 @@ void JSObject::JSObjectVerify(Isolate* isolate) {
           CHECK(!type_is_none);
           if (!type_is_any) {
             CHECK_IMPLIES(FieldType::NowStable(field_type),
-                          FieldType::NowContains(field_type, value));
+                          map()->is_deprecated() ||
+                              FieldType::NowContains(field_type, value));
           }
         } else {
           CHECK(type_is_any);
@@ -985,19 +986,64 @@ void TransitionArray::TransitionArrayVerify(Isolate* isolate) {
 
   ReadOnlyRoots roots(isolate);
   Tagged<Map> owner;
+
+  // Check all entries have the same owner
   for (int i = 0; i < number_of_transitions(); ++i) {
-    // Only sidestep transitions are allowed to cross between unrelated branches
-    // of the transition tree. All other transitions must originate from the
-    // same source map.
-    if (!TransitionsAccessor::IsSpecialSidestepTransition(roots, GetKey(i))) {
-      Tagged<Map> parent =
-          Cast<Map>(GetTarget(i)->constructor_or_back_pointer());
-      if (owner.is_null()) {
-        parent = owner;
+    Tagged<Map> target = GetTarget(i);
+    Tagged<Map> parent = Cast<Map>(target->constructor_or_back_pointer());
+    if (owner.is_null()) {
+      parent = owner;
+    } else {
+      CHECK_EQ(parent, owner);
+    }
+  }
+  // Check all entries have the same owner
+  if (HasPrototypeTransitions()) {
+    Tagged<WeakFixedArray> proto_trans = GetPrototypeTransitions();
+    int length = TransitionArray::NumberOfPrototypeTransitions(proto_trans);
+    for (int i = 0; i < length; ++i) {
+      int index = TransitionArray::kProtoTransitionHeaderSize + i;
+      Tagged<MaybeObject> maybe_target = proto_trans->get(index);
+      Tagged<HeapObject> target;
+      if (maybe_target.GetHeapObjectIfWeak(&target)) {
+        if (v8_flags.move_prototype_transitions_first) {
+          Tagged<Map> parent =
+              Cast<Map>(Cast<Map>(target)->constructor_or_back_pointer());
+          if (owner.is_null()) {
+            parent = Cast<Map>(target);
+          } else {
+            CHECK_EQ(parent, owner);
+          }
+        } else {
+          CHECK(IsUndefined(Cast<Map>(target)->GetBackPointer()));
+        }
+      }
+    }
+  }
+  // Check all entries are valid
+  if (HasSideStepTransitions()) {
+    Tagged<WeakFixedArray> side_trans = GetSideStepTransitions();
+    for (uint32_t index = SideStepTransition::kFirstMapIdx;
+         index <= SideStepTransition::kLastMapIdx; ++index) {
+      Tagged<MaybeObject> maybe_target = side_trans->get(index);
+      Tagged<HeapObject> target;
+      if (maybe_target.GetHeapObjectIfWeak(&target)) {
+        CHECK(IsMap(target));
       } else {
-        CHECK_EQ(parent, owner);
+        CHECK(maybe_target == SideStepTransition::Unreachable ||
+              maybe_target == SideStepTransition::Empty ||
+              maybe_target.IsCleared());
       }
     }
+    Tagged<MaybeObject> maybe_cell =
+        side_trans->get(SideStepTransition::index_of(
+            SideStepTransition::Kind::kObjectAssignValidityCell));
+    Tagged<HeapObject> cell;
+    if (maybe_cell.GetHeapObjectIfWeak(&cell)) {
+      CHECK(IsCell(cell));
+    } else {
+      CHECK(maybe_cell == SideStepTransition::Empty || maybe_cell.IsCleared());
+    }
   }
 }
 
@@ -1181,7 +1227,7 @@ void JSFunction::JSFunctionVerify(Isolate* isolate) {
   // This assertion exists to encourage updating this verification function if
   // new fields are added in the Torque class layout definition.
   static_assert(JSFunction::TorqueGeneratedClass::kHeaderSize ==
-                8 * kTaggedSize);
+                (8 + V8_ENABLE_LEAPTIERING_BOOL) * kTaggedSize);
 
   JSFunctionOrBoundFunctionOrWrappedFunctionVerify(isolate);
   CHECK(IsJSFunction(*this));
@@ -1198,7 +1244,11 @@ void JSFunction::JSFunctionVerify(Isolate* isolate) {
   CHECK_EQ(map()->map()->native_context_or_null(), native_context());
 
 #ifdef V8_ENABLE_LEAPTIERING
-  JSDispatchHandle handle = raw_feedback_cell(isolate)->dispatch_handle();
+  JSDispatchHandle handle = dispatch_handle();
+  // Currently, the handle can still be the null handle as not all places where
+  // a JSFunction object is created populate the entry correctly. However, in
+  // the future, every JSFunction must have a valid dispatch handle, and then
+  // this check should be removed.
   if (handle != kNullJSDispatchHandle) {
     uint16_t parameter_count =
         GetProcessWideJSDispatchTable()->GetParameterCount(handle);
@@ -1968,96 +2018,116 @@ void SwissNameDictionary::SwissNameDictionaryVerify(Isolate* isolate,
 }
 
 void JSRegExp::JSRegExpVerify(Isolate* isolate) {
-  TorqueGeneratedClassVerifiers::JSRegExpVerify(*this, isolate);
+  Tagged<Object> source = TaggedField<Object>::load(*this, kSourceOffset);
+  Tagged<Object> flags = TaggedField<Object>::load(*this, kFlagsOffset);
+  CHECK(IsString(source) || IsUndefined(source));
+  CHECK(IsSmi(flags) || IsUndefined(flags));
+  if (!has_data()) return;
+
+  Tagged<RegExpData> data = this->data(isolate);
+  switch (data->type_tag()) {
+    case RegExpData::Type::ATOM:
+      CHECK(Is<AtomRegExpData>(data));
+      return;
+    case RegExpData::Type::EXPERIMENTAL:
+    case RegExpData::Type::IRREGEXP:
+      CHECK(Is<IrRegExpData>(data));
+      return;
+  }
+  UNREACHABLE();
+}
+
+void RegExpData::RegExpDataVerify(Isolate* isolate) {
+  ExposedTrustedObjectVerify(isolate);
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kTypeTagOffset)));
+  CHECK(IsString(source()));
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kFlagsOffset)));
+}
+
+void AtomRegExpData::AtomRegExpDataVerify(Isolate* isolate) {
+  ExposedTrustedObjectVerify(isolate);
+  RegExpDataVerify(isolate);
+  CHECK(IsString(pattern()));
+}
+
+void IrRegExpData::IrRegExpDataVerify(Isolate* isolate) {
+  ExposedTrustedObjectVerify(isolate);
+  RegExpDataVerify(isolate);
+
+  VerifyProtectedPointerField(isolate, kLatin1BytecodeOffset);
+  VerifyProtectedPointerField(isolate, kUc16BytecodeOffset);
+
+  CHECK_IMPLIES(!has_latin1_code(), !has_latin1_bytecode());
+  CHECK_IMPLIES(!has_uc16_code(), !has_uc16_bytecode());
+
+  CHECK_IMPLIES(has_latin1_code(), Is<Code>(latin1_code(isolate)));
+  CHECK_IMPLIES(has_uc16_code(), Is<Code>(uc16_code(isolate)));
+  CHECK_IMPLIES(has_latin1_bytecode(), Is<TrustedByteArray>(latin1_bytecode()));
+  CHECK_IMPLIES(has_uc16_bytecode(), Is<TrustedByteArray>(uc16_bytecode()));
+
+  CHECK_IMPLIES(
+      IsSmi(capture_name_map()),
+      Smi::ToInt(capture_name_map()) == JSRegExp::kUninitializedValue ||
+          capture_name_map() == Smi::zero());
+  CHECK_IMPLIES(!IsSmi(capture_name_map()), Is<FixedArray>(capture_name_map()));
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kMaxRegisterCountOffset)));
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kCaptureCountOffset)));
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kTicksUntilTierUpOffset)));
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kBacktrackLimitOffset)));
+
   switch (type_tag()) {
-    case JSRegExp::ATOM: {
-      Tagged<FixedArray> arr = Cast<FixedArray>(data());
-      CHECK(IsString(arr->get(JSRegExp::kAtomPatternIndex)));
-      break;
-    }
-    case JSRegExp::EXPERIMENTAL: {
-      Tagged<FixedArray> arr = Cast<FixedArray>(data());
-      Tagged<Smi> uninitialized = Smi::FromInt(JSRegExp::kUninitializedValue);
-
-      Tagged<Object> latin1_code = arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
-      Tagged<Object> uc16_code = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
-      Tagged<Object> latin1_bytecode =
-          arr->get(JSRegExp::kIrregexpLatin1BytecodeIndex);
-      Tagged<Object> uc16_bytecode =
-          arr->get(JSRegExp::kIrregexpUC16BytecodeIndex);
-
-      bool is_compiled = IsCodeWrapper(latin1_code);
-      if (is_compiled) {
-        CHECK_EQ(Cast<CodeWrapper>(latin1_code)->code(isolate)->builtin_id(),
+    case RegExpData::Type::EXPERIMENTAL: {
+      if (has_latin1_code()) {
+        CHECK_EQ(latin1_code(isolate)->builtin_id(),
                  Builtin::kRegExpExperimentalTrampoline);
-        CHECK_EQ(uc16_code, latin1_code);
-
-        CHECK(IsByteArray(latin1_bytecode));
-        CHECK_EQ(uc16_bytecode, latin1_bytecode);
+        CHECK_EQ(latin1_code(isolate), uc16_code(isolate));
+        CHECK(Is<TrustedByteArray>(latin1_bytecode()));
+        CHECK_EQ(latin1_bytecode(), uc16_bytecode());
       } else {
-        CHECK_EQ(latin1_code, uninitialized);
-        CHECK_EQ(uc16_code, uninitialized);
-
-        CHECK_EQ(latin1_bytecode, uninitialized);
-        CHECK_EQ(uc16_bytecode, uninitialized);
+        CHECK(!has_uc16_code());
+        CHECK(!has_latin1_bytecode());
+        CHECK(!has_uc16_bytecode());
       }
 
-      CHECK_EQ(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex),
-               uninitialized);
-      CHECK(IsSmi(arr->get(JSRegExp::kIrregexpCaptureCountIndex)));
-      CHECK_GE(Smi::ToInt(arr->get(JSRegExp::kIrregexpCaptureCountIndex)), 0);
-      CHECK_EQ(arr->get(JSRegExp::kIrregexpTicksUntilTierUpIndex),
-               uninitialized);
-      CHECK_EQ(arr->get(JSRegExp::kIrregexpBacktrackLimit), uninitialized);
+      CHECK_EQ(max_register_count(), JSRegExp::kUninitializedValue);
+      CHECK_EQ(ticks_until_tier_up(), JSRegExp::kUninitializedValue);
+      CHECK_EQ(backtrack_limit(), JSRegExp::kUninitializedValue);
+
       break;
     }
-    case JSRegExp::IRREGEXP: {
+    case RegExpData::Type::IRREGEXP: {
       bool can_be_interpreted = RegExp::CanGenerateBytecode();
+      CHECK_IMPLIES(has_latin1_bytecode(), can_be_interpreted);
+      CHECK_IMPLIES(has_uc16_bytecode(), can_be_interpreted);
+
+      static_assert(JSRegExp::kUninitializedValue == -1);
+      CHECK_GE(max_register_count(), JSRegExp::kUninitializedValue);
+      CHECK_GE(capture_count(), 0);
+      if (v8_flags.regexp_tier_up) {
+        // With tier-up enabled, ticks_until_tier_up should actually be >= 0.
+        // However FlagScopes in unittests can modify the flag and verification
+        // on Isolate deinitialization will fail.
+        CHECK_GE(ticks_until_tier_up(), JSRegExp::kUninitializedValue);
+        CHECK_LE(ticks_until_tier_up(), v8_flags.regexp_tier_up_ticks);
+      } else {
+        CHECK_EQ(ticks_until_tier_up(), JSRegExp::kUninitializedValue);
+      }
+      CHECK_GE(backtrack_limit(), 0);
 
-      Tagged<FixedArray> arr = Cast<FixedArray>(data());
-      Tagged<Object> one_byte_data =
-          arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
-      // Smi : Not compiled yet (-1).
-      // InstructionStream: Compiled irregexp code or trampoline to the
-      // interpreter.
-      CHECK((IsSmi(one_byte_data) &&
-             Smi::ToInt(one_byte_data) == JSRegExp::kUninitializedValue) ||
-            IsCodeWrapper(one_byte_data));
-      Tagged<Object> uc16_data = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
-      CHECK((IsSmi(uc16_data) &&
-             Smi::ToInt(uc16_data) == JSRegExp::kUninitializedValue) ||
-            IsCodeWrapper(uc16_data));
-
-      Tagged<Object> one_byte_bytecode =
-          arr->get(JSRegExp::kIrregexpLatin1BytecodeIndex);
-      // Smi : Not compiled yet (-1).
-      // ByteArray: Bytecode to interpret regexp.
-      CHECK((IsSmi(one_byte_bytecode) &&
-             Smi::ToInt(one_byte_bytecode) == JSRegExp::kUninitializedValue) ||
-            (can_be_interpreted && IsByteArray(one_byte_bytecode)));
-      Tagged<Object> uc16_bytecode =
-          arr->get(JSRegExp::kIrregexpUC16BytecodeIndex);
-      CHECK((IsSmi(uc16_bytecode) &&
-             Smi::ToInt(uc16_bytecode) == JSRegExp::kUninitializedValue) ||
-            (can_be_interpreted && IsByteArray(uc16_bytecode)));
-
-      CHECK_IMPLIES(IsSmi(one_byte_data), IsSmi(one_byte_bytecode));
-      CHECK_IMPLIES(IsSmi(uc16_data), IsSmi(uc16_bytecode));
-
-      CHECK(IsSmi(arr->get(JSRegExp::kIrregexpCaptureCountIndex)));
-      CHECK_GE(Smi::ToInt(arr->get(JSRegExp::kIrregexpCaptureCountIndex)), 0);
-      CHECK(IsSmi(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex)));
-      CHECK(IsSmi(arr->get(JSRegExp::kIrregexpTicksUntilTierUpIndex)));
-      CHECK(IsSmi(arr->get(JSRegExp::kIrregexpBacktrackLimit)));
       break;
     }
     default:
-      CHECK_EQ(JSRegExp::NOT_COMPILED, type_tag());
-      CHECK(IsUndefined(data(), isolate));
-      break;
+      UNREACHABLE();
   }
 }
 
+void RegExpDataWrapper::RegExpDataWrapperVerify(Isolate* isolate) {
+  if (!this->has_data()) return;
+  auto data = this->data(isolate);
+  Object::VerifyPointer(isolate, data);
+  CHECK_EQ(data->wrapper(), *this);
+}
+
 void JSProxy::JSProxyVerify(Isolate* isolate) {
   TorqueGeneratedClassVerifiers::JSProxyVerify(*this, isolate);
   CHECK(IsJSFunction(map()->GetConstructor()));
@@ -2280,6 +2350,21 @@ void ClassBoilerplate::ClassBoilerplateVerify(Isolate* isolate) {
   CHECK(IsFixedArray(instance_computed_properties()));
 }
 
+void RegExpBoilerplateDescription::RegExpBoilerplateDescriptionVerify(
+    Isolate* isolate) {
+  {
+    auto o = data(isolate);
+    Object::VerifyPointer(isolate, o);
+    CHECK(IsRegExpData(o));
+  }
+  {
+    auto o = source();
+    Object::VerifyPointer(isolate, o);
+    CHECK(IsString(o));
+  }
+  CHECK(IsSmi(TaggedField<Object>::load(*this, kFlagsOffset)));
+}
+
 #if V8_ENABLE_WEBASSEMBLY
 
 void WasmTrustedInstanceData::WasmTrustedInstanceDataVerify(Isolate* isolate) {
@@ -2309,11 +2394,14 @@ void WasmDispatchTable::WasmDispatchTableVerify(Isolate* isolate) {
   int len = length();
   CHECK_LE(len, capacity());
   for (int i = 0; i < len; ++i) {
-    Tagged<Object> call_ref = ref(i);
-    Object::VerifyPointer(isolate, call_ref);
-    CHECK(IsWasmTrustedInstanceData(call_ref) ||
-          IsWasmApiFunctionRef(call_ref) || call_ref == Smi::zero());
-    CHECK_EQ(ref(i) == Smi::zero(), target(i) == kNullAddress);
+    Tagged<Object> arg = implicit_arg(i);
+    Object::VerifyPointer(isolate, arg);
+    CHECK(IsWasmTrustedInstanceData(arg) || IsWasmImportData(arg) ||
+          arg == Smi::zero());
+    if (!v8_flags.wasm_jitless) {
+      // call_target always null with the interpreter.
+      CHECK_EQ(arg == Smi::zero(), target(i) == kNullAddress);
+    }
   }
 }
 
@@ -2331,12 +2419,15 @@ void WasmExportedFunctionData::WasmExportedFunctionDataVerify(
     Isolate* isolate) {
   TorqueGeneratedClassVerifiers::WasmExportedFunctionDataVerify(*this, isolate);
   Tagged<Code> wrapper = wrapper_code(isolate);
-  CHECK(wrapper->kind() == CodeKind::JS_TO_WASM_FUNCTION ||
-        wrapper->kind() == CodeKind::C_WASM_ENTRY ||
-        (wrapper->is_builtin() &&
-         (wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
-          wrapper->builtin_id() == Builtin::kWasmPromising ||
-          wrapper->builtin_id() == Builtin::kWasmPromisingWithSuspender)));
+  CHECK(
+      wrapper->kind() == CodeKind::JS_TO_WASM_FUNCTION ||
+      wrapper->kind() == CodeKind::C_WASM_ENTRY ||
+      (wrapper->is_builtin() &&
+       (wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
+#if V8_ENABLE_DRUMBRAKE
+        wrapper->builtin_id() == Builtin::kGenericJSToWasmInterpreterWrapper ||
+#endif  // V8_ENABLE_DRUMBRAKE
+        wrapper->builtin_id() == Builtin::kWasmPromising)));
 }
 
 #endif  // V8_ENABLE_WEBASSEMBLY
@@ -2397,12 +2488,13 @@ void Script::ScriptVerify(Isolate* isolate) {
 #else   // V8_ENABLE_WEBASSEMBLY
   CHECK(CanHaveLineEnds());
 #endif  // V8_ENABLE_WEBASSEMBLY
-  for (int i = 0; i < shared_function_info_count(); ++i) {
-    Tagged<MaybeObject> maybe_object = shared_function_infos()->get(i);
+  for (int i = 0; i < infos()->length(); ++i) {
+    Tagged<MaybeObject> maybe_object = infos()->get(i);
     Tagged<HeapObject> heap_object;
-    CHECK(maybe_object.IsWeak() || maybe_object.IsCleared() ||
+    CHECK(!maybe_object.GetHeapObjectIfWeak(isolate, &heap_object) ||
           (maybe_object.GetHeapObjectIfStrong(&heap_object) &&
-           IsUndefined(heap_object, isolate)));
+           IsUndefined(heap_object, isolate)) ||
+          Is<SharedFunctionInfo>(heap_object) || Is<ScopeInfo>(heap_object));
   }
 }
 
@@ -2710,6 +2802,8 @@ bool TransitionsAccessor::IsConsistentWithBackPointers() {
   DisallowGarbageCollection no_gc;
   bool success = true;
   ReadOnlyRoots roots(isolate_);
+  DCHECK_IMPLIES(map_->IsInobjectSlackTrackingInProgress(),
+                 !HasSideStepTransitions());
   auto CheckTarget =
       [&](Tagged<Map> target) {
 #ifdef DEBUG
@@ -2725,12 +2819,20 @@ bool TransitionsAccessor::IsConsistentWithBackPointers() {
           success = false;
         }
       };
-  ForEachTransitionWithKey(
-      &no_gc,
-      [&](Tagged<Name> key, Tagged<Map> target) { CheckTarget(target); },
-      [&](Tagged<Map> target) {
+  ForEachTransition(
+      &no_gc, [&](Tagged<Map> target) { CheckTarget(target); },
+      [&](Tagged<Map> proto_target) {
         if (v8_flags.move_prototype_transitions_first) {
-          CheckTarget(target);
+          CheckTarget(proto_target);
+        }
+      },
+      [&](Tagged<Object> side_step) {
+        if (!side_step.IsSmi()) {
+          DCHECK(!Cast<Map>(side_step)->IsInobjectSlackTrackingInProgress());
+          DCHECK_EQ(
+              Cast<Map>(side_step)->GetInObjectProperties() -
+                  Cast<Map>(side_step)->UnusedInObjectProperties(),
+              map_->GetInObjectProperties() - map_->UnusedInObjectProperties());
         }
       });
   return success;
diff --git a/deps/v8/src/diagnostics/objects-printer.cc b/deps/v8/src/diagnostics/objects-printer.cc
index 68262ec5caf101..3fb40e6ea6a111 100644
--- a/deps/v8/src/diagnostics/objects-printer.cc
+++ b/deps/v8/src/diagnostics/objects-printer.cc
@@ -4,6 +4,7 @@
 
 #include <iomanip>
 #include <memory>
+#include <optional>
 
 #include "src/api/api-arguments.h"
 #include "src/common/globals.h"
@@ -34,8 +35,7 @@
 #include "src/wasm/wasm-objects-inl.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 constexpr char kUnavailableString[] = "unavailable";
@@ -515,7 +515,7 @@ void DoPrintElements(std::ostream& os, Tagged<Object> object, int length) {
 
 struct Fp16Printer {
   uint16_t val;
-  Fp16Printer(float f) : val(fp16_ieee_from_fp32_value(f)) {}
+  explicit Fp16Printer(float f) : val(fp16_ieee_from_fp32_value(f)) {}
   operator float() const { return fp16_ieee_to_fp32_value(val); }
 };
 
@@ -531,7 +531,7 @@ void PrintTypedArrayElements(std::ostream& os, const ElementType* data_ptr,
   }
 
   ElementType previous_value = data_ptr[0];
-  ElementType value = 0;
+  ElementType value{0};
   for (size_t i = 1; i <= length; i++) {
     if (i < length) value = data_ptr[i];
     if (i != length && previous_value == value) {
@@ -851,13 +851,69 @@ void JSPromise::JSPromisePrint(std::ostream& os) {
 
 void JSRegExp::JSRegExpPrint(std::ostream& os) {
   JSObjectPrintHeader(os, *this, "JSRegExp");
-  os << "\n - data: " << Brief(data());
+  Isolate* isolate = GetIsolateForSandbox(*this);
+  os << "\n - data: " << Brief(data(isolate));
   os << "\n - source: " << Brief(source());
   FlagsBuffer buffer;
   os << "\n - flags: " << JSRegExp::FlagsToString(flags(), &buffer);
   JSObjectPrintBody(os, *this);
 }
 
+void RegExpData::RegExpDataPrint(std::ostream& os) {
+  switch (type_tag()) {
+    case RegExpData::Type::ATOM:
+      PrintHeader(os, "AtomRegExpData");
+      break;
+    case RegExpData::Type::IRREGEXP:
+      PrintHeader(os, "IrRegExpData");
+      break;
+    case RegExpData::Type::EXPERIMENTAL:
+      PrintHeader(os, "IrRegExpData");
+      break;
+    default:
+      UNREACHABLE();
+  }
+  os << "\n - source: " << source();
+  JSRegExp::FlagsBuffer buffer;
+  os << "\n - flags: " << JSRegExp::FlagsToString(flags(), &buffer);
+}
+
+void AtomRegExpData::AtomRegExpDataPrint(std::ostream& os) {
+  RegExpDataPrint(os);
+  os << "\n - pattern: " << pattern();
+  os << "\n";
+}
+
+void IrRegExpData::IrRegExpDataPrint(std::ostream& os) {
+  Isolate* isolate = GetIsolateForSandbox(*this);
+  RegExpDataPrint(os);
+  if (has_latin1_bytecode()) {
+    os << "\n - latin1_bytecode: " << Brief(latin1_bytecode());
+  }
+  if (has_uc16_bytecode()) {
+    os << "\n - uc16_bytecode: " << Brief(uc16_bytecode());
+  }
+  if (has_latin1_code()) {
+    os << "\n - latin1_code: " << Brief(latin1_code(isolate));
+  }
+  if (has_uc16_code()) {
+    os << "\n - uc16_code: " << Brief(uc16_code(isolate));
+  }
+  os << "\n - capture_name_map: " << Brief(capture_name_map());
+  os << "\n - max_register_count: " << max_register_count();
+  os << "\n - capture_count: " << max_register_count();
+  os << "\n - ticks_until_tier_up: " << max_register_count();
+  os << "\n - backtrack_limit: " << max_register_count();
+  os << "\n";
+}
+
+void RegExpDataWrapper::RegExpDataWrapperPrint(std::ostream& os) {
+  PrintHeader(os, "RegExpDataWrapper");
+  Isolate* isolate = GetIsolateForSandbox(*this);
+  os << "\n    data: " << Brief(data(isolate));
+  os << "\n";
+}
+
 void JSRegExpStringIterator::JSRegExpStringIteratorPrint(std::ostream& os) {
   JSObjectPrintHeader(os, *this, "JSRegExpStringIterator");
   os << "\n - regex: " << Brief(iterating_reg_exp());
@@ -967,6 +1023,16 @@ void ClassBoilerplate::ClassBoilerplatePrint(std::ostream& os) {
   os << "\n";
 }
 
+void RegExpBoilerplateDescription::RegExpBoilerplateDescriptionPrint(
+    std::ostream& os) {
+  Isolate* isolate = GetIsolateForSandbox((*this));
+  PrintHeader(os, "RegExpBoilerplate");
+  os << "\n - data: " << Brief(data(isolate));
+  os << "\n - source: " << source();
+  os << "\n - flags: " << flags();
+  os << "\n";
+}
+
 void EmbedderDataArray::EmbedderDataArrayPrint(std::ostream& os) {
   Isolate* isolate = GetIsolateForSandbox(*this);
   PrintHeader(os, "EmbedderDataArray");
@@ -1540,7 +1606,7 @@ void FeedbackVector::FeedbackVectorPrint(std::ostream& os) {
 }
 
 void FeedbackVector::FeedbackSlotPrint(std::ostream& os, FeedbackSlot slot) {
-  FeedbackNexus nexus(*this, slot);
+  FeedbackNexus nexus(GetIsolate(), *this, slot);
   nexus.Print(os);
 }
 
@@ -1593,7 +1659,8 @@ void FeedbackNexus::Print(std::ostream& os) {
       if (ic_state() == InlineCacheState::MONOMORPHIC) {
         os << "\n   " << Brief(GetFeedback()) << ": ";
         Tagged<Object> handler = GetFeedbackExtra().GetHeapObjectOrSmi();
-        if (IsWeakFixedArray(handler)) {
+        if (IsWeakFixedArray(handler) &&
+            !Cast<WeakFixedArray>(handler)->get(0).IsCleared()) {
           handler = Cast<WeakFixedArray>(handler)->get(0).GetHeapObjectOrSmi();
         }
         LoadHandler::PrintHandler(handler, os);
@@ -1620,10 +1687,14 @@ void FeedbackNexus::Print(std::ostream& os) {
     case FeedbackSlotKind::kSetKeyedSloppy:
     case FeedbackSlotKind::kSetKeyedStrict: {
       os << InlineCacheState2String(ic_state());
+      if (GetFeedback().IsCleared()) {
+        os << "\n   [cleared]";
+        break;
+      }
       if (ic_state() == InlineCacheState::MONOMORPHIC) {
         Tagged<HeapObject> feedback = GetFeedback().GetHeapObject();
         if (GetFeedbackExtra().IsCleared()) {
-          os << " <cleared>\n";
+          os << " [cleared]\n";
           break;
         }
         if (IsName(feedback)) {
@@ -1631,8 +1702,12 @@ void FeedbackNexus::Print(std::ostream& os) {
           Tagged<WeakFixedArray> array =
               Cast<WeakFixedArray>(GetFeedbackExtra().GetHeapObject());
           os << "\n   " << Brief(array->get(0)) << ": ";
-          Tagged<Object> handler = array->get(1).GetHeapObjectOrSmi();
-          StoreHandler::PrintHandler(handler, os);
+          if (array->get(1).IsCleared()) {
+            os << "[cleared]\n";
+          } else {
+            Tagged<Object> handler = array->get(1).GetHeapObjectOrSmi();
+            StoreHandler::PrintHandler(handler, os);
+          }
         } else {
           os << "\n   " << Brief(feedback) << ": ";
           StoreHandler::PrintHandler(GetFeedbackExtra().GetHeapObjectOrSmi(),
@@ -2084,6 +2159,9 @@ void JSFunction::JSFunctionPrint(std::ostream& os) {
   os << "\n - kind: " << shared()->kind();
   os << "\n - context: " << Brief(context());
   os << "\n - code: " << Brief(code(isolate));
+#ifdef V8_ENABLE_LEAPTIERING
+  os << "\n - dispatch_handle: " << dispatch_handle();
+#endif  // V8_ENABLE_LEAPTIERING
   if (code(isolate)->kind() == CodeKind::FOR_TESTING) {
     os << "\n - FOR_TESTING";
   } else if (ActiveTierIsIgnition(isolate)) {
@@ -2161,7 +2239,9 @@ void SharedFunctionInfo::SharedFunctionInfoPrint(std::ostream& os) {
   os << "\n - expected_nof_properties: "
      << static_cast<int>(expected_nof_properties());
   os << "\n - language_mode: " << language_mode();
-  os << "\n - function_data: " << Brief(function_data(kAcquireLoad));
+  os << "\n - trusted_function_data: "
+     << Brief(GetTrustedData(GetIsolateForSandbox(*this)));
+  os << "\n - untrusted_function_data: " << Brief(GetUntrustedData());
   os << "\n - code (from function_data): ";
   Isolate* isolate;
   if (GetIsolateFromHeapObject(*this, &isolate)) {
@@ -2598,6 +2678,9 @@ void WasmTrustedInstanceData::WasmTrustedInstanceDataPrint(std::ostream& os) {
   PRINT_OPTIONAL_WASM_INSTANCE_FIELD(untagged_globals_buffer, Brief);
   PRINT_OPTIONAL_WASM_INSTANCE_FIELD(tagged_globals_buffer, Brief);
   PRINT_OPTIONAL_WASM_INSTANCE_FIELD(imported_mutable_globals_buffers, Brief);
+#if V8_ENABLE_DRUMBRAKE
+  PRINT_OPTIONAL_WASM_INSTANCE_FIELD(interpreter_object, Brief);
+#endif  // V8_ENABLE_DRUMBRAKE
   PRINT_OPTIONAL_WASM_INSTANCE_FIELD(tables, Brief);
   PRINT_WASM_INSTANCE_FIELD(dispatch_table0, Brief);
   PRINT_WASM_INSTANCE_FIELD(dispatch_tables, Brief);
@@ -2613,6 +2696,9 @@ void WasmTrustedInstanceData::WasmTrustedInstanceDataPrint(std::ostream& os) {
   PRINT_WASM_INSTANCE_FIELD(new_allocation_top_address, to_void_ptr);
   PRINT_WASM_INSTANCE_FIELD(old_allocation_limit_address, to_void_ptr);
   PRINT_WASM_INSTANCE_FIELD(old_allocation_top_address, to_void_ptr);
+#if V8_ENABLE_DRUMBRAKE
+  PRINT_WASM_INSTANCE_FIELD(imported_function_indices, Brief);
+#endif  // V8_ENABLE_DRUMBRAKE
   PRINT_WASM_INSTANCE_FIELD(globals_start, to_void_ptr);
   PRINT_WASM_INSTANCE_FIELD(imported_mutable_globals, Brief);
   PRINT_WASM_INSTANCE_FIELD(jump_table_start, to_void_ptr);
@@ -2639,7 +2725,7 @@ void WasmDispatchTable::WasmDispatchTablePrint(std::ostream& os) {
   for (int i = 0; i < printed; ++i) {
     os << "\n " << std::setw(8) << i << ": sig: " << sig(i)
        << "; target: " << AsHex::Address(target(i))
-       << "; ref: " << Brief(ref(i));
+       << "; implicit_arg: " << Brief(implicit_arg(i));
   }
   if (printed != len) os << "\n  [...]";
   os << "\n";
@@ -2678,8 +2764,8 @@ void WasmResumeData::WasmResumeDataPrint(std::ostream& os) {
   os << '\n';
 }
 
-void WasmApiFunctionRef::WasmApiFunctionRefPrint(std::ostream& os) {
-  PrintHeader(os, "WasmApiFunctionRef");
+void WasmImportData::WasmImportDataPrint(std::ostream& os) {
+  PrintHeader(os, "WasmImportData");
   Isolate* isolate = GetIsolateForSandbox(*this);
   os << "\n - native_context: " << Brief(native_context());
   os << "\n - callable: " << Brief(callable());
@@ -2699,7 +2785,7 @@ void WasmApiFunctionRef::WasmApiFunctionRefPrint(std::ostream& os) {
 void WasmInternalFunction::WasmInternalFunctionPrint(std::ostream& os) {
   PrintHeader(os, "WasmInternalFunction");
   os << "\n - call target: " << reinterpret_cast<void*>(call_target());
-  os << "\n - ref: " << Brief(ref());
+  os << "\n - implicit arg: " << Brief(implicit_arg());
   os << "\n - external: " << Brief(external());
   os << "\n";
 }
@@ -2862,7 +2948,7 @@ void Script::ScriptPrint(std::ostream& os) {
     }
     os << "\n - eval from position: " << eval_from_position();
   }
-  os << "\n - shared function infos: " << Brief(shared_function_infos());
+  os << "\n - infos: " << Brief(infos());
   os << "\n";
 }
 
@@ -3088,9 +3174,6 @@ void ScopeInfo::ScopeInfoPrint(std::ostream& os) {
   if (HasOuterScopeInfo()) {
     os << "\n - outer scope info: " << Brief(OuterScopeInfo());
   }
-  if (HasLocalsBlockList()) {
-    os << "\n - locals blocklist: " << Brief(LocalsBlockList());
-  }
   if (HasFunctionName()) {
     os << "\n - function name: " << Brief(FunctionName());
   }
@@ -3746,10 +3829,6 @@ void TransitionsAccessor::PrintOneTransition(std::ostream& os, Tagged<Name> key,
   } else if (key == roots.elements_transition_symbol()) {
     os << "(transition to " << ElementsKindToString(target->elements_kind())
        << ")";
-  } else if (key == roots.clone_object_ic_transition_symbol()) {
-    os << "(clone object ic dependency transition)";
-  } else if (key == roots.object_assign_clone_transition_symbol()) {
-    os << "(object assign clone cache transition)";
   } else if (key == roots.strict_function_transition_symbol()) {
     os << " (transition to strict function)";
   } else {
@@ -3826,10 +3905,9 @@ void TransitionsAccessor::PrintTransitionTree(
   ReadOnlyRoots roots = ReadOnlyRoots(isolate_);
   int pos = 0;
   int proto_pos = 0;
-  ForEachTransition(
+  ForEachTransitionWithKey(
       no_gc,
-      [&](Tagged<Map> target) {
-        Tagged<Name> key = GetKey(pos);
+      [&](Tagged<Name> key, Tagged<Map> target) {
         os << std::endl
            << "  " << level << "/" << pos << ":" << std::setw(level * 2 + 2)
            << " ";
@@ -3848,10 +3926,6 @@ void TransitionsAccessor::PrintTransitionTree(
           os << "to " << ElementsKindToString(target->elements_kind());
         } else if (key == roots.strict_function_transition_symbol()) {
           os << "to strict function";
-        } else if (key == roots.clone_object_ic_transition_symbol()) {
-          os << "clone object ic dependency";
-        } else if (key == roots.object_assign_clone_transition_symbol()) {
-          os << "object assign clone cache";
         } else {
 #ifdef OBJECT_PRINT
           key->NamePrint(os);
@@ -3882,7 +3956,17 @@ void TransitionsAccessor::PrintTransitionTree(
         TransitionsAccessor transitions(isolate_, target);
         transitions.PrintTransitionTree(os, level + 1, no_gc);
       },
-      TransitionsAccessor::IterationMode::kIncludeClearedSideStepTransitions);
+      [&](SideStepTransition::Kind kind, Tagged<Object> side_step) {
+        os << std::endl
+           << "  " << level << "/s:" << std::setw(level * 2 + 2) << " ";
+        std::stringstream ss;
+        ss << Brief(side_step);
+        os << std::left << std::setw(50) << ss.str() << ": sidestep " << kind;
+        if (!side_step.IsSmi()) {
+          TransitionsAccessor transitions(isolate_, Cast<Map>(side_step));
+          transitions.PrintTransitionTree(os, level + 1, no_gc);
+        }
+      });
 }
 
 void JSObject::PrintTransitions(std::ostream& os) {
@@ -3894,8 +3978,7 @@ void JSObject::PrintTransitions(std::ostream& os) {
 }
 
 #endif  // defined(DEBUG) || defined(OBJECT_PRINT)
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 namespace {
 
@@ -3977,7 +4060,7 @@ V8_EXPORT_PRIVATE extern void _v8_internal_Print_Code(void* object) {
   }
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-  v8::base::Optional<i::Tagged<i::Code>> lookup_result =
+  std::optional<i::Tagged<i::Code>> lookup_result =
       isolate->heap()->TryFindCodeForInnerPointerForPrinting(address);
   if (!lookup_result.has_value()) {
     i::PrintF(
@@ -4012,7 +4095,7 @@ V8_EXPORT_PRIVATE extern void _v8_internal_Print_OnlyCode(void* object,
   }
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-  v8::base::Optional<i::Tagged<i::Code>> lookup_result =
+  std::optional<i::Tagged<i::Code>> lookup_result =
       isolate->heap()->TryFindCodeForInnerPointerForPrinting(address);
   if (!lookup_result.has_value()) {
     i::PrintF(
diff --git a/deps/v8/src/diagnostics/riscv/disasm-riscv.cc b/deps/v8/src/diagnostics/riscv/disasm-riscv.cc
index 88556b7499671c..506055e10767ba 100644
--- a/deps/v8/src/diagnostics/riscv/disasm-riscv.cc
+++ b/deps/v8/src/diagnostics/riscv/disasm-riscv.cc
@@ -1042,6 +1042,12 @@ void Decoder::DecodeRType(Instruction* instr) {
     case RO_BSET:
       Format(instr, "bset      'rd, 'rs1, 'rs2");
       break;
+    case RO_CZERO_EQZ:
+      Format(instr, "czero.eqz 'rd, 'rs1, 'rs2");
+      break;
+    case RO_CZERO_NEZ:
+      Format(instr, "czero.nez 'rd, 'rs1, 'rs2");
+      break;
     // TODO(riscv): End Add RISCV M extension macro
     default: {
       switch (instr->BaseOpcode()) {
diff --git a/deps/v8/src/execution/execution.cc b/deps/v8/src/execution/execution.cc
index 6f228971260f9d..ae79856b8dbbd5 100644
--- a/deps/v8/src/execution/execution.cc
+++ b/deps/v8/src/execution/execution.cc
@@ -377,7 +377,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<Object> Invoke(Isolate* isolate,
       v8::Context::AbortScriptExecutionCallback callback =
           v8::ToCData<v8::Context::AbortScriptExecutionCallback,
                       kApiAbortScriptExecutionCallbackTag>(
-              context->script_execution_callback());
+              isolate, context->script_execution_callback());
       v8::Isolate* api_isolate = reinterpret_cast<v8::Isolate*>(isolate);
       v8::Local<v8::Context> api_context = v8::Utils::ToLocal(context);
       callback(api_isolate, api_context);
diff --git a/deps/v8/src/execution/frame-constants.h b/deps/v8/src/execution/frame-constants.h
index 24586706b45781..8853bacb8753df 100644
--- a/deps/v8/src/execution/frame-constants.h
+++ b/deps/v8/src/execution/frame-constants.h
@@ -272,6 +272,30 @@ class WasmFrameConstants : public TypedFrameConstants {
   static constexpr int kProtectedInstructionReturnAddressOffset = 1;
 };
 
+#if V8_ENABLE_DRUMBRAKE
+class WasmInterpreterFrameConstants : public WasmFrameConstants {};
+
+// Fixed frame slots shared by the interpreter wasm-to-js wrapper.
+class WasmToJSInterpreterFrameConstants : public TypedFrameConstants {
+ public:
+  // This slot contains the number of slots at the top of the frame that need to
+  // be scanned by the GC.
+  static constexpr int kGCScanSlotCountOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(0);
+
+  // The stack pointer at the moment of the JS function call.
+  static constexpr int kGCSPOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(1);
+};
+
+class WasmInterpreterCWasmEntryConstants : public TypedFrameConstants {
+ public:
+  // FP-relative:
+  static constexpr int kCEntryFPOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(0);
+  static constexpr int kSPFPOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(1);
+  DEFINE_TYPED_FRAME_SIZES(2);
+};
+#endif  // V8_ENABLE_DRUMBRAKE
+
 class WasmImportWrapperFrameConstants : public WasmFrameConstants {
  public:
   // FP-relative.
@@ -294,7 +318,7 @@ class JSToWasmWrapperFrameConstants : public TypedFrameConstants {
  public:
   // FP-relative.
   static constexpr int kResultArrayParamOffset = 2 * kSystemPointerSize;
-  // A WasmTrustedInstanceData or WasmApiFunctionRef depending on the callee.
+  // A WasmTrustedInstanceData or WasmImportData depending on the callee.
   static constexpr int kRefParamOffset = 3 * kSystemPointerSize;
 
   // Contains RawPtr to stack-allocated buffer.
@@ -353,7 +377,7 @@ class StackSwitchFrameConstants : public JSToWasmWrapperFrameConstants {
   // be scanned by the GC.
   static constexpr int kGCScanSlotCountOffset =
       TYPED_FRAME_PUSHED_VALUE_OFFSET(1);
-  // Tagged pointer to WasmTrustedInstanceData or WasmApiFunctionRef.
+  // Tagged pointer to WasmTrustedInstanceData or WasmImportData.
   static constexpr int kRefOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(2);
   // Tagged pointer to a JS Array for result values.
   static constexpr int kResultArrayOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(3);
@@ -369,6 +393,36 @@ class WasmToJSWrapperConstants {
   static constexpr size_t kCentralStackSPOffset = 3 * kSystemPointerSize;
   static constexpr size_t kSecondaryStackLimitOffset = 4 * kSystemPointerSize;
 };
+
+#if V8_ENABLE_DRUMBRAKE
+class BuiltinWasmInterpreterWrapperConstants : public TypedFrameConstants {
+ public:
+  // This slot contains the number of slots at the top of the frame that need to
+  // be scanned by the GC.
+  static constexpr int kGCScanSlotCountOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(0);
+  // The number of parameters passed to this function.
+  static constexpr int kInParamCountOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(1);
+  // The number of parameters according to the signature.
+  static constexpr int kParamCountOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(2);
+  // The number of return values according to the siganture.
+  static constexpr int kReturnCountOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(3);
+  // `reps_` of wasm::FunctionSig.
+  static constexpr int kValueTypesArrayStartOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(4);
+  // Array of arguments/return values.
+  static constexpr int kArgRetsAddressOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(5);
+  // Whether the array is for arguments or return values.
+  static constexpr int kArgRetsIsArgsOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(6);
+  // The index of the argument or return value being converted.
+  static constexpr int kCurrentIndexOffset = TYPED_FRAME_PUSHED_VALUE_OFFSET(7);
+  // Precomputed signature data.
+  static constexpr int kSignatureDataOffset =
+      TYPED_FRAME_PUSHED_VALUE_OFFSET(8);
+};
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 class BuiltinContinuationFrameConstants : public TypedFrameConstants {
diff --git a/deps/v8/src/execution/frames-inl.h b/deps/v8/src/execution/frames-inl.h
index 3c16b882e453bd..7e0cf543822d32 100644
--- a/deps/v8/src/execution/frames-inl.h
+++ b/deps/v8/src/execution/frames-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_EXECUTION_FRAMES_INL_H_
 #define V8_EXECUTION_FRAMES_INL_H_
 
+#include <optional>
+
 #include "src/base/memory.h"
 #include "src/execution/frame-constants.h"
 #include "src/execution/frames.h"
@@ -19,7 +21,7 @@ class InnerPointerToCodeCache final {
  public:
   struct InnerPointerToCodeCacheEntry {
     Address inner_pointer;
-    base::Optional<Tagged<GcSafeCode>> code;
+    std::optional<Tagged<GcSafeCode>> code;
     union {
       SafepointEntry safepoint_entry;
       MaglevSafepointEntry maglev_safepoint_entry;
@@ -331,6 +333,12 @@ inline WasmFrame::WasmFrame(StackFrameIteratorBase* iterator)
 inline WasmExitFrame::WasmExitFrame(StackFrameIteratorBase* iterator)
     : WasmFrame(iterator) {}
 
+#if V8_ENABLE_DRUMBRAKE
+inline WasmInterpreterEntryFrame::WasmInterpreterEntryFrame(
+    StackFrameIteratorBase* iterator)
+    : WasmFrame(iterator) {}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 inline WasmDebugBreakFrame::WasmDebugBreakFrame(
     StackFrameIteratorBase* iterator)
     : TypedFrame(iterator) {}
@@ -404,6 +412,13 @@ bool DebuggableStackFrameIterator::is_javascript() const {
 bool DebuggableStackFrameIterator::is_wasm() const {
   return frame()->is_wasm();
 }
+
+#if V8_ENABLE_DRUMBRAKE
+bool DebuggableStackFrameIterator::is_wasm_interpreter_entry() const {
+  return frame()->is_wasm_interpreter_entry();
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 JavaScriptFrame* DebuggableStackFrameIterator::javascript_frame() const {
@@ -413,6 +428,9 @@ JavaScriptFrame* DebuggableStackFrameIterator::javascript_frame() const {
 // static
 inline bool StackFrameIteratorForProfiler::IsValidFrameType(
     StackFrame::Type type) {
+#if V8_ENABLE_WEBASSEMBLY
+  DCHECK_NE(type, StackFrame::C_WASM_ENTRY);
+#endif  // V8_ENABLE_WEBASSEMBLY
   return StackFrame::IsJavaScript(type) || type == StackFrame::EXIT ||
          type == StackFrame::BUILTIN_EXIT ||
          type == StackFrame::API_ACCESSOR_EXIT ||
@@ -420,6 +438,9 @@ inline bool StackFrameIteratorForProfiler::IsValidFrameType(
 #if V8_ENABLE_WEBASSEMBLY
          type == StackFrame::WASM || type == StackFrame::WASM_TO_JS ||
          type == StackFrame::JS_TO_WASM ||
+#if V8_ENABLE_DRUMBRAKE
+         type == StackFrame::WASM_INTERPRETER_ENTRY ||
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
          false;
 }
diff --git a/deps/v8/src/execution/frames.cc b/deps/v8/src/execution/frames.cc
index 6de613ba5eeb2c..9878fe21b1e1ec 100644
--- a/deps/v8/src/execution/frames.cc
+++ b/deps/v8/src/execution/frames.cc
@@ -6,6 +6,7 @@
 
 #include <cstdint>
 #include <memory>
+#include <optional>
 #include <sstream>
 
 #include "src/api/api-arguments.h"
@@ -41,6 +42,9 @@
 #include "src/wasm/wasm-engine.h"
 #include "src/wasm/wasm-linkage.h"
 #include "src/wasm/wasm-objects-inl.h"
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 namespace v8 {
@@ -73,15 +77,31 @@ class StackHandlerIterator {
   StackHandlerIterator(const StackFrame* frame, StackHandler* handler)
       : limit_(frame->fp()), handler_(handler) {
 #if V8_ENABLE_WEBASSEMBLY
+#if !V8_ENABLE_DRUMBRAKE || !USE_SIMULATOR
     // Make sure the handler has already been unwound to this frame. With stack
     // switching this is not equivalent to the inequality below, because the
     // frame and the handler could be in different stacks.
     DCHECK_IMPLIES(frame->isolate()->wasm_stacks().empty(),
                    frame->InFastCCall() || frame->sp() <= AddressOf(handler));
+#endif  // !V8_ENABLE_DRUMBRAKE || !USE_SIMULATOR
+
     // For CWasmEntry frames, the handler was registered by the last C++
     // frame (Execution::CallWasm), so even though its address is already
     // beyond the limit, we know we always want to unwind one handler.
     if (frame->is_c_wasm_entry()) handler_ = handler_->next();
+#if V8_ENABLE_DRUMBRAKE
+    // Do the same for GenericWasmToJsInterpreterWrapper frames.
+    else if (v8_flags.wasm_jitless && frame->is_wasm_to_js()) {
+      handler_ = handler_->next();
+#ifdef USE_SIMULATOR
+      // If we are running in the simulator, the handler_ address here will
+      // refer to the 'actual' stack, not to the 'simulated' stack, so we need
+      // to fix 'limit_' to make sure that the StackHandlerIterator won't skip
+      // any handler.
+      limit_ = 0;
+#endif  // USE_SIMULATOR
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
 #else
     // Make sure the handler has already been unwound to this frame.
     DCHECK_LE(frame->sp(), AddressOf(handler));
@@ -97,7 +117,12 @@ class StackHandlerIterator {
   }
 
  private:
+#if V8_ENABLE_DRUMBRAKE && USE_SIMULATOR
+  Address limit_;
+#else
   const Address limit_;
+#endif  // V8_ENABLE_DRUMBRAKE && USE_SIMULATOR
+
   StackHandler* handler_;
 };
 
@@ -339,8 +364,8 @@ bool DebuggableStackFrameIterator::IsValidFrame(StackFrame* frame) {
 
 namespace {
 
-base::Optional<bool> IsInterpreterFramePc(Isolate* isolate, Address pc,
-                                          StackFrame::State* state) {
+std::optional<bool> IsInterpreterFramePc(Isolate* isolate, Address pc,
+                                         StackFrame::State* state) {
   Builtin builtin = OffHeapInstructionStream::TryLookupCode(isolate, pc);
   if (builtin != Builtin::kNoBuiltinId &&
       (builtin == Builtin::kInterpreterEntryTrampoline ||
@@ -492,7 +517,7 @@ StackFrameIteratorForProfiler::StackFrameIteratorForProfiler(
         top_location = reinterpret_cast<Address*>(sp);
       }
 
-      base::Optional<bool> is_interpreter_frame_pc =
+      std::optional<bool> is_interpreter_frame_pc =
           IsInterpreterFramePc(isolate, *top_location, &state);
       // Since we're in a signal handler, the pc lookup might not be possible
       // since the required locks are taken by the same thread.
@@ -662,8 +687,8 @@ void StackFrameIteratorForProfilerForTesting::Advance() {
 
 namespace {
 
-base::Optional<Tagged<GcSafeCode>> GetContainingCode(Isolate* isolate,
-                                                     Address pc) {
+std::optional<Tagged<GcSafeCode>> GetContainingCode(Isolate* isolate,
+                                                    Address pc) {
   return isolate->inner_pointer_to_code_cache()->GetCacheEntry(pc)->code;
 }
 
@@ -671,7 +696,7 @@ base::Optional<Tagged<GcSafeCode>> GetContainingCode(Isolate* isolate,
 
 Tagged<GcSafeCode> StackFrame::GcSafeLookupCode() const {
   const Address pc = maybe_unauthenticated_pc();
-  base::Optional<Tagged<GcSafeCode>> result = GetContainingCode(isolate(), pc);
+  std::optional<Tagged<GcSafeCode>> result = GetContainingCode(isolate(), pc);
   DCHECK_GE(pc, result.value()->InstructionStart(isolate(), pc));
   DCHECK_LT(pc, result.value()->InstructionEnd(isolate(), pc));
   return result.value();
@@ -779,6 +804,10 @@ StackFrame::Type SafeStackFrameType(StackFrame::Type candidate) {
     case StackFrame::WASM_EXIT:
     case StackFrame::WASM_LIFTOFF_SETUP:
     case StackFrame::WASM_TO_JS:
+#if V8_ENABLE_DRUMBRAKE
+    case StackFrame::C_WASM_ENTRY:
+    case StackFrame::WASM_INTERPRETER_ENTRY:
+#endif  // V8_ENABLE_DRUMBRAKE
       return candidate;
 #endif  // V8_ENABLE_WEBASSEMBLY
 
@@ -800,7 +829,9 @@ StackFrame::Type SafeStackFrameType(StackFrame::Type candidate) {
     case StackFrame::TURBOFAN:
     case StackFrame::TURBOFAN_STUB_WITH_CONTEXT:
 #if V8_ENABLE_WEBASSEMBLY
+#if !V8_ENABLE_DRUMBRAKE
     case StackFrame::C_WASM_ENTRY:
+#endif  // !V8_ENABLE_DRUMBRAKE
     case StackFrame::WASM_TO_JS_FUNCTION:
 #endif  // V8_ENABLE_WEBASSEMBLY
       return StackFrame::NATIVE;
@@ -833,6 +864,10 @@ StackFrame::Type StackFrameIterator::ComputeStackFrameType(
         return StackFrame::WASM_EXIT;
       case wasm::WasmCode::kWasmToJsWrapper:
         return StackFrame::WASM_TO_JS;
+#if V8_ENABLE_DRUMBRAKE
+      case wasm::WasmCode::kInterpreterEntry:
+        return StackFrame::WASM_INTERPRETER_ENTRY;
+#endif  // V8_ENABLE_DRUMBRAKE
       default:
         UNREACHABLE();
     }
@@ -840,7 +875,7 @@ StackFrame::Type StackFrameIterator::ComputeStackFrameType(
 #endif  // V8_ENABLE_WEBASSEMBLY
 
   // Look up the code object to figure out the type of the stack frame.
-  base::Optional<Tagged<GcSafeCode>> lookup_result =
+  std::optional<Tagged<GcSafeCode>> lookup_result =
       GetContainingCode(isolate(), pc);
   if (!lookup_result.has_value()) return StackFrame::NATIVE;
 
@@ -873,6 +908,12 @@ StackFrame::Type StackFrameIterator::ComputeStackFrameType(
       if (lookup_result.value()->builtin_id() == Builtin::kJSToWasmWrapperAsm) {
         return StackFrame::JS_TO_WASM;
       }
+#if V8_ENABLE_DRUMBRAKE
+      if (lookup_result.value()->builtin_id() ==
+          Builtin::kGenericJSToWasmInterpreterWrapper) {
+        return StackFrame::JS_TO_WASM;
+      }
+#endif  // V8_ENABLE_DRUMBRAKE
       return StackFrame::TURBOFAN_STUB_WITH_CONTEXT;
     case CodeKind::C_WASM_ENTRY:
       return StackFrame::C_WASM_ENTRY;
@@ -942,7 +983,7 @@ StackFrame::Type StackFrameIteratorForProfiler::ComputeStackFrameType(
     return StackFrame::NATIVE;
   }
 
-  base::Optional<bool> is_interpreter_frame =
+  std::optional<bool> is_interpreter_frame =
       IsInterpreterFramePc(isolate(), pc, state);
 
   // We might not be able to lookup the frame type since we're inside a signal
@@ -1005,6 +1046,15 @@ StackFrame::Type CWasmEntryFrame::GetCallerState(State* state) const {
   Address fp = Memory<Address>(this->fp() + offset);
   return ExitFrame::GetStateForFramePointer(fp, state);
 }
+
+#if V8_ENABLE_DRUMBRAKE
+void CWasmEntryFrame::Iterate(RootVisitor* v) const {
+  if (!v8_flags.wasm_jitless) {
+    StubFrame::Iterate(v);
+  }
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 Tagged<HeapObject> ConstructEntryFrame::unchecked_code() const {
@@ -1522,6 +1572,47 @@ MaglevSafepointEntry GetMaglevSafepointEntryFromCodeCache(
 }  // namespace
 
 #ifdef V8_ENABLE_WEBASSEMBLY
+#if V8_ENABLE_DRUMBRAKE
+// Class DrumBrakeWasmCode is an adapter class that exposes just the accessors
+// of the original WasmCode class that are used in WasmFrame::Iterate. For non
+// DrumBrake frames, the class calls the corresponding accessor in a contained
+// WasmCode object, while for DrumBrake frames it returns dummy values. This is
+// useful to minimize the merge issues in WasmFrame::Iterate.
+class DrumBrakeWasmCode {
+ public:
+  explicit DrumBrakeWasmCode(wasm::WasmCode* wasm_code)
+      : wasm_code_(wasm_code) {}
+
+  static std::unique_ptr<DrumBrakeWasmCode> Interpreted() {
+    return std::make_unique<DrumBrakeWasmCode>(nullptr);
+  }
+  static std::unique_ptr<DrumBrakeWasmCode> Compiled(
+      wasm::WasmCode* wasm_code) {
+    return std::make_unique<DrumBrakeWasmCode>(wasm_code);
+  }
+
+  bool is_liftoff() const {
+    return wasm_code_ ? wasm_code_->is_liftoff() : false;
+  }
+  bool frame_has_feedback_slot() const {
+    return wasm_code_ ? wasm_code_->frame_has_feedback_slot() : false;
+  }
+  int stack_slots() const { return wasm_code_ ? wasm_code_->stack_slots() : 0; }
+  wasm::WasmCode::Kind kind() const {
+    return wasm_code_ ? wasm_code_->kind() : wasm::WasmCode::kInterpreterEntry;
+  }
+  uint16_t first_tagged_parameter_slot() const {
+    return wasm_code_ ? wasm_code_->first_tagged_parameter_slot() : 0;
+  }
+  uint16_t num_tagged_parameter_slots() const {
+    return wasm_code_ ? wasm_code_->num_tagged_parameter_slots() : 0;
+  }
+
+ private:
+  const wasm::WasmCode* wasm_code_;
+};
+#endif  // V8_ENABLE_DRUMBRAKE
+
 void WasmFrame::Iterate(RootVisitor* v) const {
   DCHECK(!iterator_->IsStackFrameIteratorForProfiler());
 
@@ -1554,10 +1645,32 @@ void WasmFrame::Iterate(RootVisitor* v) const {
   //
   // (*) Only if compiled by Liftoff and with --experimental-wasm-inlining.
 
+#if !V8_ENABLE_DRUMBRAKE
   auto pair = wasm::GetWasmCodeManager()->LookupCodeAndSafepoint(
       isolate(), maybe_unauthenticated_pc());
   wasm::WasmCode* wasm_code = pair.first;
   SafepointEntry safepoint_entry = pair.second;
+#else   // !V8_ENABLE_DRUMBRAKE
+  std::unique_ptr<DrumBrakeWasmCode> interpreter_wasm_code;
+  SafepointEntry safepoint_entry;
+  bool is_wasm_interpreter_frame =
+      v8_flags.wasm_jitless &&
+      (type() == WASM_INTERPRETER_ENTRY || type() == C_WASM_ENTRY);
+  if (is_wasm_interpreter_frame) {
+    interpreter_wasm_code = DrumBrakeWasmCode::Interpreted();
+  } else {
+    auto pair =
+        wasm::GetWasmCodeManager()->LookupCodeAndSafepoint(isolate(), pc());
+    wasm::WasmCode* wasm_code = pair.first;
+    safepoint_entry = pair.second;
+    DCHECK(wasm_code);
+    interpreter_wasm_code = DrumBrakeWasmCode::Compiled(wasm_code);
+  }
+
+  // Reuse the same name "wasm_code" for this variable, to use the
+  // DrumBrakeWasmCode adapter and minimize merge issues in the following code.
+  DrumBrakeWasmCode* wasm_code = interpreter_wasm_code.get();
+#endif  // !V8_ENABLE_DRUMBRAKE
 
   intptr_t marker =
       Memory<intptr_t>(fp() + CommonFrameConstants::kContextOrFrameTypeOffset);
@@ -2042,7 +2155,7 @@ bool CommonFrame::HasTaggedOutgoingParams(
 }
 
 Tagged<HeapObject> TurbofanStubWithContextFrame::unchecked_code() const {
-  base::Optional<Tagged<GcSafeCode>> code_lookup =
+  std::optional<Tagged<GcSafeCode>> code_lookup =
       isolate()->heap()->GcSafeTryFindCodeForInnerPointer(pc());
   if (!code_lookup.has_value()) return {};
   return code_lookup.value();
@@ -2141,7 +2254,7 @@ void TurbofanFrame::Iterate(RootVisitor* v) const {
 }
 
 Tagged<HeapObject> StubFrame::unchecked_code() const {
-  base::Optional<Tagged<GcSafeCode>> code_lookup =
+  std::optional<Tagged<GcSafeCode>> code_lookup =
       isolate()->heap()->GcSafeTryFindCodeForInnerPointer(pc());
   if (!code_lookup.has_value()) return {};
   return code_lookup.value();
@@ -2525,7 +2638,7 @@ Handle<StackFrameInfo>
 FrameSummary::JavaScriptFrameSummary::CreateStackFrameInfo() const {
   Handle<SharedFunctionInfo> shared(function_->shared(), isolate());
   DirectHandle<Script> script(Cast<Script>(shared->script()), isolate());
-  Handle<String> function_name = JSFunction::GetDebugName(function_);
+  DirectHandle<String> function_name = JSFunction::GetDebugName(function_);
   if (function_name->length() == 0 &&
       script->compilation_type() == Script::CompilationType::kEval) {
     function_name = isolate()->factory()->eval_string();
@@ -2640,6 +2753,50 @@ FrameSummary::WasmInlinedFrameSummary::CreateStackFrameInfo() const {
                                                  function_name, false);
 }
 
+#if V8_ENABLE_DRUMBRAKE
+FrameSummary::WasmInterpretedFrameSummary::WasmInterpretedFrameSummary(
+    Isolate* isolate, Handle<WasmInstanceObject> instance,
+    uint32_t function_index, int byte_offset)
+    : FrameSummaryBase(isolate, WASM_INTERPRETED),
+      wasm_instance_(instance),
+      function_index_(function_index),
+      byte_offset_(byte_offset) {}
+
+Handle<Object> FrameSummary::WasmInterpretedFrameSummary::receiver() const {
+  return wasm_instance_->GetIsolate()->global_proxy();
+}
+
+int FrameSummary::WasmInterpretedFrameSummary::SourcePosition() const {
+  const wasm::WasmModule* module = wasm_instance()->module_object()->module();
+  return GetSourcePosition(module, function_index(), byte_offset(),
+                           false /*at_to_number_conversion*/);
+}
+
+Handle<WasmTrustedInstanceData>
+FrameSummary::WasmInterpretedFrameSummary::instance_data() const {
+  return handle(wasm_instance_->trusted_data(isolate()), isolate());
+}
+
+Handle<Script> FrameSummary::WasmInterpretedFrameSummary::script() const {
+  return handle(wasm_instance()->module_object()->script(),
+                wasm_instance()->GetIsolate());
+}
+
+Handle<Context> FrameSummary::WasmInterpretedFrameSummary::native_context()
+    const {
+  return handle(wasm_instance_->trusted_data(isolate())->native_context(),
+                isolate());
+}
+
+Handle<StackFrameInfo>
+FrameSummary::WasmInterpretedFrameSummary::CreateStackFrameInfo() const {
+  Handle<String> function_name =
+      GetWasmFunctionDebugName(isolate(), instance_data(), function_index());
+  return isolate()->factory()->NewStackFrameInfo(script(), SourcePosition(),
+                                                 function_name, false);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 FrameSummary::BuiltinFrameSummary::BuiltinFrameSummary(Isolate* isolate,
                                                        Builtin builtin)
     : FrameSummaryBase(isolate, FrameSummary::BUILTIN), builtin_(builtin) {}
@@ -2707,6 +2864,13 @@ FrameSummary FrameSummary::Get(const CommonFrame* frame, int index) {
 }
 
 #if V8_ENABLE_WEBASSEMBLY
+#ifdef V8_ENABLE_DRUMBRAKE
+#define CASE_WASM_INTERPRETED(name) \
+  case WASM_INTERPRETED:            \
+    return wasm_interpreted_summary_.name();
+#else  // V8_ENABLE_DRUMBRAKE
+#define CASE_WASM_INTERPRETED(name)
+#endif  // V8_ENABLE_DRUMBRAKE
 #define FRAME_SUMMARY_DISPATCH(ret, name)    \
   ret FrameSummary::name() const {           \
     switch (base_.kind()) {                  \
@@ -2718,6 +2882,7 @@ FrameSummary FrameSummary::Get(const CommonFrame* frame, int index) {
         return wasm_inlined_summary_.name(); \
       case BUILTIN:                          \
         return builtin_summary_.name();      \
+        CASE_WASM_INTERPRETED(name)          \
       default:                               \
         UNREACHABLE();                       \
     }                                        \
@@ -2740,6 +2905,7 @@ FRAME_SUMMARY_DISPATCH(int, SourceStatementPosition)
 FRAME_SUMMARY_DISPATCH(Handle<Context>, native_context)
 FRAME_SUMMARY_DISPATCH(Handle<StackFrameInfo>, CreateStackFrameInfo)
 
+#undef CASE_WASM_INTERPRETED
 #undef FRAME_SUMMARY_DISPATCH
 
 void OptimizedFrame::Summarize(std::vector<FrameSummary>* frames) const {
@@ -2813,7 +2979,7 @@ void OptimizedFrame::Summarize(std::vector<FrameSummary>* frames) const {
 
       // Determine the underlying code object and the position within it from
       // the translation corresponding to the frame type in question.
-      Handle<AbstractCode> abstract_code;
+      DirectHandle<AbstractCode> abstract_code;
       unsigned code_offset;
       if (it->kind() == TranslatedFrame::kJavaScriptBuiltinContinuation ||
           it->kind() ==
@@ -2825,7 +2991,7 @@ void OptimizedFrame::Summarize(std::vector<FrameSummary>* frames) const {
         DCHECK_EQ(it->kind(), TranslatedFrame::kUnoptimizedFunction);
         code_offset = it->bytecode_offset().ToInt();
         abstract_code =
-            handle(shared_info->abstract_code(isolate()), isolate());
+            direct_handle(shared_info->abstract_code(isolate()), isolate());
       }
 
       // Append full summary of the encountered JS frame.
@@ -3098,6 +3264,16 @@ int BuiltinFrame::ComputeParametersCount() const {
 void WasmFrame::Print(StringStream* accumulator, PrintMode mode,
                       int index) const {
   PrintIndex(accumulator, mode, index);
+
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    DCHECK(is_wasm_to_js());
+    accumulator->Add("Wasm-to-JS");
+    if (mode != OVERVIEW) accumulator->Add("\n");
+    return;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   if (function_index() == wasm::kAnonymousFuncIndex) {
     accumulator->Add("Anonymous wasm wrapper [pc: %p]\n",
                      reinterpret_cast<void*>(pc()));
@@ -3292,11 +3468,11 @@ void WasmDebugBreakFrame::Print(StringStream* accumulator, PrintMode mode,
 }
 
 Tagged<WasmInstanceObject> WasmToJsFrame::wasm_instance() const {
-  // WasmToJsFrames hold the {WasmApiFunctionRef} object in the instance slot.
+  // WasmToJsFrames hold the {WasmImportData} object in the instance slot.
   // Load the instance from there.
   const int offset = WasmFrameConstants::kWasmInstanceOffset;
   Tagged<Object> func_ref_obj(Memory<Address>(fp() + offset));
-  Tagged<WasmApiFunctionRef> func_ref = Cast<WasmApiFunctionRef>(func_ref_obj);
+  Tagged<WasmImportData> func_ref = Cast<WasmImportData>(func_ref_obj);
   // TODO(42204563): Avoid crashing if the instance object is not available.
   CHECK(func_ref->instance_data()->has_instance_object());
   return func_ref->instance_data()->instance_object();
@@ -3310,7 +3486,169 @@ void JsToWasmFrame::Iterate(RootVisitor* v) const {
   // WrapperBuffer slot is RawPtr pointing to a stack.
   // Wasm instance and JS result array are passed as stack params.
   // So there is no need to visit them.
+
+#if V8_ENABLE_DRUMBRAKE
+  // Please reference GenericJSToWasmInterpreterWrapper for stack layout.
+  if (v8_flags.wasm_jitless) {
+    DCHECK(GetContainingCode(isolate(), pc()).value()->builtin_id() ==
+           Builtin::kGenericJSToWasmInterpreterWrapper);
+
+    // In a GenericJSToWasmInterpreterWrapper stack layout
+    //  ------+-----------------+----------------------
+    //        |  return addr    |
+    //    fp  |- - - - - - - - -|  -------------------|
+    //        |     old fp      |                     |
+    //   fp-p |- - - - - - - - -|                     |
+    //        |  frame marker   |                     | no GC scan
+    //  fp-2p |- - - - - - - - -|                     |
+    //        |   scan_count    |                     |
+    //  fp-3p |- - - - - - - - -|  -------------------|
+    //        |      ....       |                     |
+    //        |      ....       | <- spill_slot_limit |
+    //        |   spill slots   |                     | GC scan scan_count slots
+    //    sp  |      ....       | <- spill_slot_base--|
+    //        |                 |                     |
+    // The [fp + BuiltinFrameConstants::kGCScanSlotCount] on the stack is a
+    // value indicating how many values should be scanned from the top.
+    intptr_t scan_count = *reinterpret_cast<intptr_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset);
+
+    FullObjectSlot spill_slot_base(&Memory<Address>(sp()));
+    FullObjectSlot spill_slot_limit(
+        &Memory<Address>(sp() + scan_count * kSystemPointerSize));
+    v->VisitRootPointers(Root::kStackRoots, nullptr, spill_slot_base,
+                         spill_slot_limit);
+
+    // We should scan the arg/return values array which may hold heap pointers
+    // for reference type of parameter/return values.
+    uint32_t signature_data = *reinterpret_cast<uint32_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kSignatureDataOffset);
+    bool has_ref_args =
+        signature_data & wasm::WasmInterpreterRuntime::HasRefArgsField::kMask;
+    bool has_ref_rets =
+        signature_data & wasm::WasmInterpreterRuntime::HasRefRetsField::kMask;
+
+    // This value indicates the array is currently used as args array. If false,
+    // it's an array for return values.
+    bool is_args = *reinterpret_cast<intptr_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kArgRetsIsArgsOffset);
+    if ((is_args && !has_ref_args) || (!is_args && !has_ref_rets)) return;
+
+    // Retrieve function signature.
+    size_t return_count = *reinterpret_cast<size_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kReturnCountOffset);
+    size_t param_count = *reinterpret_cast<size_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kParamCountOffset);
+    const wasm::ValueType* reps = *reinterpret_cast<const wasm::ValueType**>(
+        fp() +
+        BuiltinWasmInterpreterWrapperConstants::kValueTypesArrayStartOffset);
+    wasm::FunctionSig sig(return_count, param_count, reps);
+
+    intptr_t slot_ptr = *reinterpret_cast<intptr_t*>(
+        fp() + BuiltinWasmInterpreterWrapperConstants::kArgRetsAddressOffset);
+
+    if (is_args) {
+      size_t current_index = *reinterpret_cast<size_t*>(
+          fp() + BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset);
+      DCHECK_LE(current_index, param_count);
+      for (size_t i = 0; i < current_index; i++) {
+        wasm::ValueType type = sig.GetParam(i);
+        if (type.is_reference()) {
+          // Make sure slot for ref args are 64-bit aligned.
+          slot_ptr += (slot_ptr & 0x04);  // Branchless.
+          FullObjectSlot array_slot(&Memory<Address>(slot_ptr));
+          v->VisitRootPointer(Root::kStackRoots, nullptr, array_slot);
+          slot_ptr += kSystemPointerSize;
+        } else {
+          switch (type.kind()) {
+            case wasm::kI32:
+            case wasm::kF32:
+              slot_ptr += sizeof(int32_t);
+              break;
+            case wasm::kI64:
+            case wasm::kF64:
+              slot_ptr += sizeof(int64_t);
+              break;
+            case wasm::kS128:
+            default:
+              UNREACHABLE();
+          }
+        }
+      }
+    } else {
+      // When converting return values, all results are already in the array.
+      for (size_t i = 0; i < return_count; i++) {
+        wasm::ValueType type = sig.GetReturn(i);
+        if (type.is_reference()) {
+          // Make sure slot for ref args are 64-bit aligned.
+          slot_ptr += (slot_ptr & 0x04);  // Branchless.
+          FullObjectSlot array_slot(&Memory<Address>(slot_ptr));
+          v->VisitRootPointer(Root::kStackRoots, nullptr, array_slot);
+          slot_ptr += kSystemPointerSize;
+        } else {
+          switch (type.kind()) {
+            case wasm::kI32:
+            case wasm::kF32:
+              slot_ptr += sizeof(int32_t);
+              break;
+            case wasm::kI64:
+            case wasm::kF64:
+              slot_ptr += sizeof(int64_t);
+              break;
+            case wasm::kS128:
+            default:
+              UNREACHABLE();
+          }
+        }
+      }
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+}
+
+#if V8_ENABLE_DRUMBRAKE
+void WasmToJsFrame::Iterate(RootVisitor* v) const {
+  if (v8_flags.wasm_jitless) {
+    // Called from GenericWasmToJSInterpreterWrapper.
+    CHECK(v8_flags.jitless);
+    // The [fp + BuiltinFrameConstants::kGCScanSlotCount] on the stack is a
+    // value indicating how many values should be scanned from the top.
+    intptr_t scan_count = *reinterpret_cast<intptr_t*>(
+        fp() + WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset);
+
+    Address original_sp = *reinterpret_cast<Address*>(
+        fp() + WasmToJSInterpreterFrameConstants::kGCSPOffset);
+
+    // The original sp is not assigned yet if GC is triggered in the middle of
+    // param conversion loop. In this case, we just need to scan arguments from
+    // the current sp.
+    if (original_sp == 0) original_sp = sp();
+
+    if (sp() != original_sp) {
+      // The actual frame sp can be different from the sp we had at the moment
+      // of the call to Call_ReceiverIsAny for two reasons:
+      // 1. Call_ReceiverIsAny might call AdaptorWithBuiltinExitFrame, which
+      // adds BuiltinExitFrameConstants::kNumExtraArgsWithoutReceiver additional
+      // tagged arguments to the stack.
+      // 2. If there is arity mismatch and the imported Wasm function declares
+      // fewer arguments then the arguments expected by the JS function,
+      // Call_ReceiverIsAny passes additional Undefined args.
+      FullObjectSlot additional_spill_slot_base(&Memory<Address>(sp()));
+      FullObjectSlot additional_spill_slot_limit(original_sp);
+      v->VisitRootPointers(Root::kStackRoots, nullptr,
+                           additional_spill_slot_base,
+                           additional_spill_slot_limit);
+    }
+    FullObjectSlot spill_slot_base(&Memory<Address>(original_sp));
+    FullObjectSlot spill_slot_limit(
+        &Memory<Address>(original_sp + scan_count * kSystemPointerSize));
+    v->VisitRootPointers(Root::kStackRoots, nullptr, spill_slot_base,
+                         spill_slot_limit);
+    return;
+  }
+  WasmFrame::Iterate(v);
 }
+#endif  // V8_ENABLE_DRUMBRAKE
 
 void StackSwitchFrame::Iterate(RootVisitor* v) const {
   //  See JsToWasmFrame layout.
@@ -3335,6 +3673,97 @@ void StackSwitchFrame::Iterate(RootVisitor* v) const {
   v->VisitRootPointer(Root::kStackRoots, nullptr, result_array_slot);
 }
 
+#if V8_ENABLE_DRUMBRAKE
+void WasmInterpreterEntryFrame::Iterate(RootVisitor* v) const {
+  //  WasmInterpreterEntryFrame stack layout
+  //  ------+-----------------+----------------------
+  //        |  return addr    |                     |
+  //    fp  |- - - - - - - - -|  -------------------|
+  //        |    prev fp      |                     |
+  //   fp-p |- - - - - - - - -|                     | no GC scan
+  //        |  frame marker   |                     |
+  //  fp-2p |- - - - - - - - -|  -------------------|-------------
+  //        | WasmInstanceObj |                     | GC scan
+  //  fp-3p |- - - - - - - - -|  -------------------|-------------
+  //        | function_index  |                     |
+  //  fp-4p |- - - - - - - - -|  -------------------| no GC scan
+  //        |   array_start   |                     |
+  //  fp-5p |- - - - - - - - -|  -------------------|
+
+  static constexpr int kWasmInstanceObjOffset = -2 * kSystemPointerSize;
+  FullObjectSlot slot_base(&Memory<Address>(fp() + kWasmInstanceObjOffset));
+  FullObjectSlot slot_limit(
+      &Memory<Address>(fp() + kWasmInstanceObjOffset + kSystemPointerSize));
+  v->VisitRootPointers(Root::kStackRoots, nullptr, slot_base, slot_limit);
+}
+
+void WasmInterpreterEntryFrame::Print(StringStream* accumulator, PrintMode mode,
+                                      int index) const {
+  PrintIndex(accumulator, mode, index);
+  accumulator->Add("WASM INTERPRETER ENTRY [");
+  Tagged<Script> script = this->script();
+  accumulator->PrintName(script->name());
+  accumulator->Add("]");
+  if (mode != OVERVIEW) accumulator->Add("\n");
+}
+
+void WasmInterpreterEntryFrame::Summarize(
+    std::vector<FrameSummary>* functions) const {
+  Handle<WasmInstanceObject> instance(wasm_instance(), isolate());
+  std::vector<WasmInterpreterStackEntry> interpreted_stack =
+      WasmInterpreterObject::GetInterpretedStack(
+          trusted_instance_data()->interpreter_object(), fp());
+
+  for (auto& e : interpreted_stack) {
+    FrameSummary::WasmInterpretedFrameSummary summary(
+        isolate(), instance, e.function_index, e.byte_offset);
+    functions->push_back(summary);
+  }
+}
+
+Tagged<HeapObject> WasmInterpreterEntryFrame::unchecked_code() const {
+  return InstructionStream();
+}
+
+Tagged<WasmInstanceObject> WasmInterpreterEntryFrame::wasm_instance() const {
+  const int offset = WasmInterpreterFrameConstants::kWasmInstanceOffset;
+  Tagged<Object> instance(Memory<Address>(fp() + offset));
+  return Cast<WasmInstanceObject>(instance);
+}
+
+Tagged<WasmTrustedInstanceData>
+WasmInterpreterEntryFrame::trusted_instance_data() const {
+  return wasm_instance()->trusted_data(isolate());
+}
+
+Tagged<Tuple2> WasmInterpreterEntryFrame::interpreter_object() const {
+  return trusted_instance_data()->interpreter_object();
+}
+
+Tagged<WasmModuleObject> WasmInterpreterEntryFrame::module_object() const {
+  return trusted_instance_data()->module_object();
+}
+
+int WasmInterpreterEntryFrame::function_index(
+    int inlined_function_index) const {
+  return WasmInterpreterObject::GetFunctionIndex(
+      trusted_instance_data()->interpreter_object(), fp(),
+      inlined_function_index);
+}
+
+int WasmInterpreterEntryFrame::position() const {
+  return FrameSummary::GetBottom(this).AsWasmInterpreted().SourcePosition();
+}
+
+Tagged<Object> WasmInterpreterEntryFrame::context() const {
+  return trusted_instance_data()->native_context();
+}
+
+Address WasmInterpreterEntryFrame::GetCallerStackPointer() const {
+  return fp() + CommonFrameConstants::kCallerSPOffset;
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // static
 void StackSwitchFrame::GetStateForJumpBuffer(wasm::JumpBuffer* jmpbuf,
                                              State* state) {
diff --git a/deps/v8/src/execution/frames.h b/deps/v8/src/execution/frames.h
index 6302d72911c93c..68aff9502e14ed 100644
--- a/deps/v8/src/execution/frames.h
+++ b/deps/v8/src/execution/frames.h
@@ -52,6 +52,7 @@
 //     - WasmFrame
 //       - WasmExitFrame
 //       - WasmToJsFrame
+//       - WasmInterpreterEntryFrame (#if V8_ENABLE_DRUMBRAKE)
 //     - WasmDebugBreakFrame
 //     - WasmLiftoffSetupFrame
 //     - IrregexpFrame
@@ -79,6 +80,10 @@ class ThreadLocalTop;
 class WasmInstanceObject;
 class WasmModuleObject;
 
+#if V8_ENABLE_DRUMBRAKE
+class Tuple2;
+#endif  // V8_ENABLE_DRUMBRAKE
+
 class StackHandlerConstants : public AllStatic {
  public:
   static const int kNextOffset = 0 * kSystemPointerSize;
@@ -116,6 +121,7 @@ class StackHandler {
   IF_WASM(V, WASM_TO_JS_FUNCTION, WasmToJsFunctionFrame)                  \
   IF_WASM(V, JS_TO_WASM, JsToWasmFrame)                                   \
   IF_WASM(V, STACK_SWITCH, StackSwitchFrame)                              \
+  IF_WASM_DRUMBRAKE(V, WASM_INTERPRETER_ENTRY, WasmInterpreterEntryFrame) \
   IF_WASM(V, WASM_DEBUG_BREAK, WasmDebugBreakFrame)                       \
   IF_WASM(V, C_WASM_ENTRY, CWasmEntryFrame)                               \
   IF_WASM(V, WASM_EXIT, WasmExitFrame)                                    \
@@ -245,9 +251,20 @@ class StackFrame {
   bool is_maglev() const { return type() == MAGLEV; }
   bool is_turbofan() const { return type() == TURBOFAN; }
 #if V8_ENABLE_WEBASSEMBLY
-  bool is_wasm() const { return this->type() == WASM; }
+  bool is_wasm() const {
+    return this->type() == WASM
+#ifdef V8_ENABLE_DRUMBRAKE
+           || this->type() == WASM_INTERPRETER_ENTRY
+#endif  // V8_ENABLE_DRUMBRAKE
+        ;
+  }
   bool is_c_wasm_entry() const { return type() == C_WASM_ENTRY; }
   bool is_wasm_liftoff_setup() const { return type() == WASM_LIFTOFF_SETUP; }
+#if V8_ENABLE_DRUMBRAKE
+  bool is_wasm_interpreter_entry() const {
+    return type() == WASM_INTERPRETER_ENTRY;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
   bool is_wasm_debug_break() const { return type() == WASM_DEBUG_BREAK; }
   bool is_wasm_to_js() const {
     return type() == WASM_TO_JS || type() == WASM_TO_JS_FUNCTION;
@@ -401,6 +418,8 @@ class V8_EXPORT_PRIVATE FrameSummary {
   F(JAVA_SCRIPT, JavaScriptFrameSummary, java_script_summary_, JavaScript) \
   IF_WASM(F, BUILTIN, BuiltinFrameSummary, builtin_summary_, Builtin)      \
   IF_WASM(F, WASM, WasmFrameSummary, wasm_summary_, Wasm)                  \
+  IF_WASM_DRUMBRAKE(F, WASM_INTERPRETED, WasmInterpretedFrameSummary,      \
+                    wasm_interpreted_summary_, WasmInterpreted)            \
   IF_WASM(F, WASM_INLINED, WasmInlinedFrameSummary, wasm_inlined_summary_, \
           WasmInlined)
 
@@ -534,6 +553,33 @@ class V8_EXPORT_PRIVATE FrameSummary {
    private:
     Builtin builtin_;
   };
+
+#if V8_ENABLE_DRUMBRAKE
+  class WasmInterpretedFrameSummary : public FrameSummaryBase {
+   public:
+    WasmInterpretedFrameSummary(Isolate*, Handle<WasmInstanceObject>,
+                                uint32_t function_index, int byte_offset);
+    Handle<WasmInstanceObject> wasm_instance() const { return wasm_instance_; }
+    Handle<WasmTrustedInstanceData> instance_data() const;
+    uint32_t function_index() const { return function_index_; }
+    int byte_offset() const { return byte_offset_; }
+
+    Handle<Object> receiver() const;
+    int code_offset() const { return byte_offset_; }
+    bool is_constructor() const { return false; }
+    bool is_subject_to_debugging() const { return true; }
+    int SourcePosition() const;
+    int SourceStatementPosition() const { return SourcePosition(); }
+    Handle<Script> script() const;
+    Handle<Context> native_context() const;
+    Handle<StackFrameInfo> CreateStackFrameInfo() const;
+
+   private:
+    Handle<WasmInstanceObject> wasm_instance_;
+    uint32_t function_index_;
+    int byte_offset_;
+  };
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 #define FRAME_SUMMARY_CONS(kind, type, field, desc) \
@@ -1209,7 +1255,7 @@ class WasmFrame : public TypedFrame {
   virtual Tagged<WasmTrustedInstanceData> trusted_instance_data() const;
   V8_EXPORT_PRIVATE wasm::NativeModule* native_module() const;
 
-  wasm::WasmCode* wasm_code() const;
+  virtual wasm::WasmCode* wasm_code() const;
   int function_index() const;
   Tagged<Script> script() const;
   // Byte position in the module, or asm.js source position.
@@ -1223,7 +1269,11 @@ class WasmFrame : public TypedFrame {
   void Summarize(std::vector<FrameSummary>* frames) const override;
 
   static WasmFrame* cast(StackFrame* frame) {
-    DCHECK(frame->is_wasm());
+    DCHECK(frame->is_wasm()
+#ifdef V8_ENABLE_DRUMBRAKE
+           && !frame->is_wasm_interpreter_entry()
+#endif  // V8_ENABLE_DRUMBRAKE
+    );
     return static_cast<WasmFrame*>(frame);
   }
 
@@ -1247,6 +1297,49 @@ class WasmExitFrame : public WasmFrame {
   friend class StackFrameIteratorBase;
 };
 
+#if V8_ENABLE_DRUMBRAKE
+class WasmInterpreterEntryFrame final : public WasmFrame {
+ public:
+  Type type() const override { return WASM_INTERPRETER_ENTRY; }
+
+  // GC support.
+  void Iterate(RootVisitor* v) const override;
+
+  // Printing support.
+  void Print(StringStream* accumulator, PrintMode mode,
+             int index) const override;
+
+  void Summarize(std::vector<FrameSummary>* frames) const override;
+
+  // Determine the code for the frame.
+  Tagged<HeapObject> unchecked_code() const override;
+
+  // Accessors.
+  Tagged<Tuple2> interpreter_object() const;
+  V8_EXPORT_PRIVATE Tagged<WasmInstanceObject> wasm_instance() const override;
+  Tagged<WasmTrustedInstanceData> trusted_instance_data() const override;
+
+  wasm::WasmCode* wasm_code() const override { UNREACHABLE(); }
+  int function_index(int inlined_function_index) const;
+  int position() const override;
+  Tagged<Object> context() const override;
+
+  static WasmInterpreterEntryFrame* cast(StackFrame* frame) {
+    DCHECK(frame->is_wasm_interpreter_entry());
+    return static_cast<WasmInterpreterEntryFrame*>(frame);
+  }
+
+ protected:
+  inline explicit WasmInterpreterEntryFrame(StackFrameIteratorBase* iterator);
+
+  Address GetCallerStackPointer() const override;
+
+ private:
+  friend class StackFrameIteratorBase;
+  Tagged<WasmModuleObject> module_object() const;
+};
+#endif  // V8_ENABLE_DRUMBRAKE
+
 class WasmDebugBreakFrame final : public TypedFrame {
  public:
   Type type() const override { return WASM_DEBUG_BREAK; }
@@ -1273,6 +1366,10 @@ class WasmToJsFrame : public WasmFrame {
  public:
   Type type() const override { return WASM_TO_JS; }
 
+#if V8_ENABLE_DRUMBRAKE
+  void Iterate(RootVisitor* v) const override;
+#endif  // V8_ENABLE_DRUMBRAKE
+
   int position() const override { return 0; }
   Tagged<WasmInstanceObject> wasm_instance() const override;
   Tagged<WasmTrustedInstanceData> trusted_instance_data() const override;
@@ -1325,6 +1422,10 @@ class CWasmEntryFrame : public StubFrame {
  public:
   Type type() const override { return C_WASM_ENTRY; }
 
+#if V8_ENABLE_DRUMBRAKE
+  void Iterate(RootVisitor* v) const override;
+#endif  // V8_ENABLE_DRUMBRAKE
+
  protected:
   inline explicit CWasmEntryFrame(StackFrameIteratorBase* iterator);
 
@@ -1630,6 +1731,9 @@ class V8_EXPORT_PRIVATE DebuggableStackFrameIterator {
   inline bool is_javascript() const;
 #if V8_ENABLE_WEBASSEMBLY
   inline bool is_wasm() const;
+#if V8_ENABLE_DRUMBRAKE
+  inline bool is_wasm_interpreter_entry() const;
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
   inline JavaScriptFrame* javascript_frame() const;
 
diff --git a/deps/v8/src/execution/futex-emulation.cc b/deps/v8/src/execution/futex-emulation.cc
index 3b10d21912a4ad..53d639ecd0c56f 100644
--- a/deps/v8/src/execution/futex-emulation.cc
+++ b/deps/v8/src/execution/futex-emulation.cc
@@ -402,7 +402,7 @@ Tagged<Object> FutexEmulation::WaitSync(Isolate* isolate,
                                   addr, value, rel_timeout_ms, &stop_handle);
   if (isolate->has_exception()) return ReadOnlyRoots(isolate).exception();
 
-  Handle<Object> result;
+  DirectHandle<Object> result;
   AtomicsWaitEvent callback_result = AtomicsWaitEvent::kWokenUp;
 
   FutexWaitList* wait_list = GetWaitList();
@@ -432,7 +432,8 @@ Tagged<Object> FutexEmulation::WaitSync(Isolate* isolate,
     }
 #endif
     if (loaded_value != value) {
-      result = handle(Smi::FromInt(WaitReturnValue::kNotEqualValue), isolate);
+      result =
+          direct_handle(Smi::FromInt(WaitReturnValue::kNotEqualValue), isolate);
       callback_result = AtomicsWaitEvent::kNotEqual;
       break;
     }
@@ -469,7 +470,7 @@ Tagged<Object> FutexEmulation::WaitSync(Isolate* isolate,
         lock_guard.Lock();
 
         if (IsException(interrupt_object, isolate)) {
-          result = handle(interrupt_object, isolate);
+          result = direct_handle(interrupt_object, isolate);
           callback_result = AtomicsWaitEvent::kTerminatedExecution;
           break;
         }
@@ -487,7 +488,7 @@ Tagged<Object> FutexEmulation::WaitSync(Isolate* isolate,
 
       if (!node->waiting_) {
         // We were woken either via the stop_handle or via Wake.
-        result = handle(Smi::FromInt(WaitReturnValue::kOk), isolate);
+        result = direct_handle(Smi::FromInt(WaitReturnValue::kOk), isolate);
         break;
       }
 
@@ -495,7 +496,8 @@ Tagged<Object> FutexEmulation::WaitSync(Isolate* isolate,
       if (use_timeout) {
         base::TimeTicks current_time = base::TimeTicks::Now();
         if (current_time >= timeout_time) {
-          result = handle(Smi::FromInt(WaitReturnValue::kTimedOut), isolate);
+          result =
+              direct_handle(Smi::FromInt(WaitReturnValue::kTimedOut), isolate);
           callback_result = AtomicsWaitEvent::kTimedOut;
           break;
         }
diff --git a/deps/v8/src/execution/isolate-data.h b/deps/v8/src/execution/isolate-data.h
index a6a16e28116913..032d0ea6c4da02 100644
--- a/deps/v8/src/execution/isolate-data.h
+++ b/deps/v8/src/execution/isolate-data.h
@@ -15,7 +15,6 @@
 #include "src/roots/roots.h"
 #include "src/sandbox/code-pointer-table.h"
 #include "src/sandbox/cppheap-pointer-table.h"
-#include "src/sandbox/external-buffer-table.h"
 #include "src/sandbox/external-pointer-table.h"
 #include "src/sandbox/trusted-pointer-table.h"
 #include "src/utils/utils.h"
@@ -37,6 +36,71 @@ class Isolate;
     fast_c_call_alignment_padding)
 #endif  // V8_HOST_ARCH_64_BIT
 
+#ifdef V8_ENABLE_LEAPTIERING
+
+#define BUILTINS_WITH_DISPATCH_ADAPTER(V, CamelName, underscore_name, ...) \
+  V(CamelName, CamelName##SharedFun)
+
+#define BUILTINS_WITH_DISPATCH_LIST(V) \
+  BUILTINS_WITH_SFI_LIST_GENERATOR(BUILTINS_WITH_DISPATCH_ADAPTER, V)
+
+struct JSBuiltinDispatchHandleRoot {
+  enum Idx {
+#define CASE(builtin_name, ...) k##builtin_name,
+    BUILTINS_WITH_DISPATCH_LIST(CASE)
+
+        kEnd,
+    kFirst = 0
+#undef CASE
+  };
+
+  static inline Builtin to_builtin(Idx idx) {
+#define CASE(builtin_name, ...) Builtin::k##builtin_name,
+    return std::array<Builtin, Idx::kEnd>{
+        BUILTINS_WITH_DISPATCH_LIST(CASE)}[idx];
+#undef CASE
+  }
+  static inline Idx to_idx(Builtin builtin) {
+    switch (builtin) {
+#define CASE(builtin_name, ...)  \
+  case Builtin::k##builtin_name: \
+    return Idx::k##builtin_name;
+      BUILTINS_WITH_DISPATCH_LIST(CASE)
+#undef CASE
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  static inline Idx to_idx(RootIndex root_idx) {
+    switch (root_idx) {
+#define CASE(builtin_name, shared_fun_name, ...) \
+  case RootIndex::k##shared_fun_name:            \
+    return Idx::k##builtin_name;
+      BUILTINS_WITH_DISPATCH_LIST(CASE)
+#undef CASE
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  static constexpr size_t kPadding = Idx::kEnd * sizeof(JSDispatchHandle) %
+                                     kSystemPointerSize /
+                                     sizeof(JSDispatchHandle);
+  static constexpr size_t kTableSize = kEnd + kPadding;
+};
+
+#define ISOLATE_DATA_FIELDS_LEAPTIERING(V)                                \
+  V(BuiltinDispatchTable,                                                 \
+    (JSBuiltinDispatchHandleRoot::kTableSize) * sizeof(JSDispatchHandle), \
+    builtin_dispatch_table)
+
+#else
+
+#define ISOLATE_DATA_FIELDS_LEAPTIERING(V)
+
+#endif  // V8_ENABLE_LEAPTIERING
+
 // IsolateData fields, defined as: V(CamelName, Size, hacker_name)
 #define ISOLATE_DATA_FIELDS(V)                                                 \
   /* Misc. fields. */                                                          \
@@ -78,7 +142,8 @@ class Isolate;
     external_reference_table)                                                  \
   V(BuiltinEntryTable, Builtins::kBuiltinCount* kSystemPointerSize,            \
     builtin_entry_table)                                                       \
-  V(BuiltinTable, Builtins::kBuiltinCount* kSystemPointerSize, builtin_table)
+  V(BuiltinTable, Builtins::kBuiltinCount* kSystemPointerSize, builtin_table)  \
+  ISOLATE_DATA_FIELDS_LEAPTIERING(V)
 
 #ifdef V8_COMPRESS_POINTERS
 #define ISOLATE_DATA_FIELDS_POINTER_COMPRESSION(V)                             \
@@ -91,11 +156,9 @@ class Isolate;
 #endif  // V8_COMPRESS_POINTERS
 
 #ifdef V8_ENABLE_SANDBOX
-#define ISOLATE_DATA_FIELDS_SANDBOX(V)                                      \
-  V(TrustedCageBase, kSystemPointerSize, trusted_cage_base)                 \
-  V(TrustedPointerTable, TrustedPointerTable::kSize, trusted_pointer_table) \
-  V(ExternalBufferTable, ExternalBufferTable::kSize, external_buffer_table) \
-  V(SharedExternalBufferTable, kSystemPointerSize, shared_external_buffer_table)
+#define ISOLATE_DATA_FIELDS_SANDBOX(V)                      \
+  V(TrustedCageBase, kSystemPointerSize, trusted_cage_base) \
+  V(TrustedPointerTable, TrustedPointerTable::kSize, trusted_pointer_table)
 #else
 #define ISOLATE_DATA_FIELDS_SANDBOX(V)
 #endif  // V8_ENABLE_SANDBOX
@@ -220,6 +283,12 @@ class IsolateData final {
   ThreadLocalTop const& thread_local_top() const { return thread_local_top_; }
   Address* builtin_entry_table() { return builtin_entry_table_; }
   Address* builtin_table() { return builtin_table_; }
+#ifdef V8_ENABLE_LEAPTIERING
+  JSDispatchHandle builtin_dispatch_handle(Builtin builtin) {
+    return builtin_dispatch_table_[JSBuiltinDispatchHandleRoot::to_idx(
+        builtin)];
+  }
+#endif
   bool stack_is_iterable() const {
     DCHECK(stack_is_iterable_ == 0 || stack_is_iterable_ == 1);
     return stack_is_iterable_ != 0;
@@ -372,8 +441,6 @@ class IsolateData final {
   const Address trusted_cage_base_;
 
   TrustedPointerTable trusted_pointer_table_;
-  ExternalBufferTable external_buffer_table_;
-  ExternalBufferTable* shared_external_buffer_table_;
 #endif  // V8_ENABLE_SANDBOX
 
   // This is a storage for an additional argument for the Api callback thunk
@@ -394,6 +461,11 @@ class IsolateData final {
 
   // The entries in this array are tagged pointers to Code objects.
   Address builtin_table_[Builtins::kBuiltinCount] = {};
+#ifdef V8_ENABLE_LEAPTIERING
+  JSDispatchHandle* builtin_dispatch_table() { return builtin_dispatch_table_; }
+  JSDispatchHandle
+      builtin_dispatch_table_[JSBuiltinDispatchHandleRoot::kTableSize] = {};
+#endif
 
   // Ensure the size is 8-byte aligned in order to make alignment of the field
   // following the IsolateData field predictable. This solves the issue with
diff --git a/deps/v8/src/execution/isolate.cc b/deps/v8/src/execution/isolate.cc
index 4cd589b44b51d3..40303fb7ecfee5 100644
--- a/deps/v8/src/execution/isolate.cc
+++ b/deps/v8/src/execution/isolate.cc
@@ -10,6 +10,7 @@
 #include <cstdint>
 #include <fstream>
 #include <memory>
+#include <optional>
 #include <sstream>
 #include <string>
 #include <unordered_map>
@@ -145,6 +146,10 @@
 #include "src/wasm/wasm-engine.h"
 #include "src/wasm/wasm-module.h"
 #include "src/wasm/wasm-objects.h"
+
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter.h"
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 #if defined(V8_OS_WIN) && defined(V8_ENABLE_ETW_STACK_WALKING)
@@ -663,10 +668,10 @@ Handle<String> Isolate::StackTraceString() {
 }
 
 void Isolate::PushStackTraceAndDie(void* ptr1, void* ptr2, void* ptr3,
-                                   void* ptr4) {
+                                   void* ptr4, void* ptr5, void* ptr6) {
   StackTraceFailureMessage message(this,
                                    StackTraceFailureMessage::kIncludeStackTrace,
-                                   ptr1, ptr2, ptr3, ptr4);
+                                   ptr1, ptr2, ptr3, ptr4, ptr5, ptr6);
   message.Print();
   base::OS::Abort();
 }
@@ -680,6 +685,24 @@ void Isolate::PushParamsAndDie(void* ptr1, void* ptr2, void* ptr3, void* ptr4,
   base::OS::Abort();
 }
 
+void Isolate::PushStackTraceAndContinue(void* ptr1, void* ptr2, void* ptr3,
+                                        void* ptr4, void* ptr5, void* ptr6) {
+  StackTraceFailureMessage message(this,
+                                   StackTraceFailureMessage::kIncludeStackTrace,
+                                   ptr1, ptr2, ptr3, ptr4, ptr5, ptr6);
+  message.Print();
+  V8::GetCurrentPlatform()->DumpWithoutCrashing();
+}
+
+void Isolate::PushParamsAndContinue(void* ptr1, void* ptr2, void* ptr3,
+                                    void* ptr4, void* ptr5, void* ptr6) {
+  StackTraceFailureMessage message(
+      this, StackTraceFailureMessage::kDontIncludeStackTrace, ptr1, ptr2, ptr3,
+      ptr4, ptr5, ptr6);
+  message.Print();
+  V8::GetCurrentPlatform()->DumpWithoutCrashing();
+}
+
 void StackTraceFailureMessage::Print() volatile {
   // Print the details of this failure message object, including its own address
   // to force stack allocation.
@@ -824,10 +847,22 @@ class CallSiteBuilder {
   bool Visit(FrameSummary const& summary) {
     if (Full()) return false;
 #if V8_ENABLE_WEBASSEMBLY
-    if (summary.IsWasm()) {
-      AppendWasmFrame(summary.AsWasm());
+#if V8_ENABLE_DRUMBRAKE
+    if (summary.IsWasmInterpreted()) {
+      AppendWasmInterpretedFrame(summary.AsWasmInterpreted());
       return true;
+      // FrameSummary::IsWasm() should be renamed FrameSummary::IsWasmCompiled
+      // to be more precise, but we'll leave it as it is to try to reduce merge
+      // churn.
+    } else {
+#endif  // V8_ENABLE_DRUMBRAKE
+      if (summary.IsWasm()) {
+        AppendWasmFrame(summary.AsWasm());
+        return true;
+      }
+#if V8_ENABLE_DRUMBRAKE
     }
+#endif  // V8_ENABLE_DRUMBRAKE
     if (summary.IsWasmInlined()) {
       AppendWasmInlinedFrame(summary.AsWasmInlined());
       return true;
@@ -852,7 +887,8 @@ class CallSiteBuilder {
         function->shared()->GetBytecodeArray(isolate_), isolate_);
     int offset = GetGeneratorBytecodeOffset(generator_object);
 
-    Handle<FixedArray> parameters = isolate_->factory()->empty_fixed_array();
+    DirectHandle<FixedArray> parameters =
+        isolate_->factory()->empty_fixed_array();
     if (V8_UNLIKELY(v8_flags.detailed_error_stack_trace)) {
       parameters = isolate_->factory()->CopyFixedArrayUpTo(
           handle(generator_object->parameters_and_registers(), isolate_),
@@ -918,6 +954,21 @@ class CallSiteBuilder {
                 isolate_->factory()->empty_fixed_array());
   }
 
+#if V8_ENABLE_DRUMBRAKE
+  void AppendWasmInterpretedFrame(
+      FrameSummary::WasmInterpretedFrameSummary const& summary) {
+    Handle<WasmInstanceObject> instance = summary.wasm_instance();
+    int flags = CallSiteInfo::kIsWasm | CallSiteInfo::kIsWasmInterpretedFrame;
+    DCHECK(!instance->module_object()->is_asm_js());
+    // We don't have any code object in the interpreter, so we pass 'undefined'.
+    auto code = isolate_->factory()->undefined_value();
+    AppendFrame(instance,
+                handle(Smi::FromInt(summary.function_index()), isolate_), code,
+                summary.byte_offset(), flags,
+                isolate_->factory()->empty_fixed_array());
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   void AppendWasmInlinedFrame(
       FrameSummary::WasmInlinedFrameSummary const& summary) {
     DirectHandle<HeapObject> code = isolate_->factory()->undefined_value();
@@ -1031,7 +1082,7 @@ class CallSiteBuilder {
   Handle<FixedArray> elements_;
 };
 
-void CaptureAsyncStackTrace(Isolate* isolate, Handle<JSPromise> promise,
+void CaptureAsyncStackTrace(Isolate* isolate, DirectHandle<JSPromise> promise,
                             CallSiteBuilder* builder) {
   while (!builder->Full()) {
     // Check that the {promise} is not settled.
@@ -1071,8 +1122,8 @@ void CaptureAsyncStackTrace(Isolate* isolate, Handle<JSPromise> promise,
       DirectHandle<JSFunction> function(
           Cast<JSFunction>(reaction->fulfill_handler()), isolate);
       DirectHandle<Context> context(function->context(), isolate);
-      Handle<JSFunction> combinator(context->native_context()->promise_all(),
-                                    isolate);
+      DirectHandle<JSFunction> combinator(
+          context->native_context()->promise_all(), isolate);
       builder->AppendPromiseCombinatorFrame(function, combinator);
 
       if (IsNativeContext(*context)) {
@@ -1096,7 +1147,7 @@ void CaptureAsyncStackTrace(Isolate* isolate, Handle<JSPromise> promise,
       DirectHandle<JSFunction> function(
           Cast<JSFunction>(reaction->fulfill_handler()), isolate);
       DirectHandle<Context> context(function->context(), isolate);
-      Handle<JSFunction> combinator(
+      DirectHandle<JSFunction> combinator(
           context->native_context()->promise_all_settled(), isolate);
       builder->AppendPromiseCombinatorFrame(function, combinator);
 
@@ -1120,8 +1171,8 @@ void CaptureAsyncStackTrace(Isolate* isolate, Handle<JSPromise> promise,
       DirectHandle<JSFunction> function(
           Cast<JSFunction>(reaction->reject_handler()), isolate);
       DirectHandle<Context> context(function->context(), isolate);
-      Handle<JSFunction> combinator(context->native_context()->promise_any(),
-                                    isolate);
+      DirectHandle<JSFunction> combinator(
+          context->native_context()->promise_any(), isolate);
       builder->AppendPromiseCombinatorFrame(function, combinator);
 
       if (IsNativeContext(*context)) {
@@ -1254,6 +1305,9 @@ void VisitStack(Isolate* isolate, Visitor* visitor,
 #if V8_ENABLE_WEBASSEMBLY
       case StackFrame::STUB:
       case StackFrame::WASM:
+#if V8_ENABLE_DRUMBRAKE
+      case StackFrame::WASM_INTERPRETER_ENTRY:
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
       {
         // A standard frame may include many summarized frames (due to
@@ -1347,7 +1401,7 @@ MaybeHandle<JSObject> Isolate::CaptureAndSetErrorStack(
   // the API, or a negative limit to indicate the opposite), or we
   // collect a "detailed stack trace" eagerly and stash that away.
   if (capture_stack_trace_for_uncaught_exceptions_) {
-    Handle<UnionOf<Smi, FixedArray>> limit_or_stack_frame_infos;
+    DirectHandle<UnionOf<Smi, FixedArray>> limit_or_stack_frame_infos;
     if (IsUndefined(*error_stack, this) ||
         (stack_trace_for_uncaught_exceptions_options_ &
          StackTrace::kExposeFramesAcrossSecurityOrigins)) {
@@ -1423,7 +1477,7 @@ Address Isolate::GetAbstractPC(int* line, int* column) {
 
   Tagged<Object> maybe_script = frame->function()->shared()->script();
   if (IsScript(maybe_script)) {
-    Handle<Script> script(Cast<Script>(maybe_script), this);
+    DirectHandle<Script> script(Cast<Script>(maybe_script), this);
     Script::PositionInfo info;
     Script::GetPositionInfo(script, position, &info);
     *line = info.line + 1;
@@ -1519,6 +1573,24 @@ class CurrentScriptNameStackVisitor {
   Handle<String> name_or_url_;
 };
 
+class CurrentScriptStackVisitor {
+ public:
+  bool Visit(FrameSummary& summary) {
+    // Skip frames that aren't subject to debugging. Keep this in sync with
+    // StackFrameBuilder::Visit so both visitors visit the same frames.
+    if (!summary.is_subject_to_debugging()) return true;
+
+    // Frames that are subject to debugging always have a valid script object.
+    current_script_ = Cast<Script>(summary.script());
+    return false;
+  }
+
+  MaybeHandle<Script> CurrentScript() const { return current_script_; }
+
+ private:
+  MaybeHandle<Script> current_script_;
+};
+
 }  // namespace
 
 Handle<String> Isolate::CurrentScriptNameOrSourceURL() {
@@ -1528,6 +1600,17 @@ Handle<String> Isolate::CurrentScriptNameOrSourceURL() {
   return visitor.CurrentScriptNameOrSourceURL();
 }
 
+MaybeHandle<Script> Isolate::CurrentReferrerScript() {
+  TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.stack_trace"), __func__);
+  CurrentScriptStackVisitor visitor{};
+  VisitStack(this, &visitor);
+  Handle<Script> script;
+  if (!visitor.CurrentScript().ToHandle(&script)) {
+    return MaybeHandle<Script>();
+  }
+  return handle(script->GetEvalOrigin(), this);
+}
+
 bool Isolate::GetStackTraceLimit(Isolate* isolate, int* result) {
   if (v8_flags.correctness_fuzzer_suppressions) return false;
   Handle<JSObject> error = isolate->error_function();
@@ -1650,7 +1733,7 @@ bool Isolate::MayAccess(Handle<NativeContext> accessing_context,
     DisallowGarbageCollection no_gc;
 
     if (IsJSGlobalProxy(*receiver)) {
-      base::Optional<Tagged<Object>> receiver_context =
+      std::optional<Tagged<Object>> receiver_context =
           Cast<JSGlobalProxy>(*receiver)->GetCreationContext();
       if (!receiver_context) return false;
 
@@ -1672,7 +1755,7 @@ bool Isolate::MayAccess(Handle<NativeContext> accessing_context,
     if (access_check_info.is_null()) return false;
     Tagged<Object> fun_obj = access_check_info->callback();
     callback = v8::ToCData<v8::AccessCheckCallback, kApiAccessCheckCallbackTag>(
-        fun_obj);
+        this, fun_obj);
     data = handle(access_check_info->data(), this);
   }
 
@@ -1696,6 +1779,11 @@ Tagged<Object> Isolate::StackOverflow() {
   // Allow for a bit more overflow in sanitizer builds, because C++ frames take
   // significantly more space there.
   DCHECK_GE(GetCurrentStackPosition(), stack_guard()->real_climit() - 64 * KB);
+#elif (defined(V8_TARGET_ARCH_RISCV64) || defined(V8_TARGET_ARCH_RISCV32)) && \
+    defined(USE_SIMULATOR)
+  // Allow for more overflow on riscv simulator, because C++ frames take more
+  // there.
+  DCHECK_GE(GetCurrentStackPosition(), stack_guard()->real_climit() - 12 * KB);
 #else
   DCHECK_GE(GetCurrentStackPosition(), stack_guard()->real_climit() - 8 * KB);
 #endif
@@ -1910,7 +1998,7 @@ Tagged<Object> Isolate::Throw(Tagged<Object> raw_exception,
     PrintF("=========================================================\n");
     PrintF("Exception thrown:\n");
     if (location) {
-      Handle<Script> script = location->script();
+      DirectHandle<Script> script = location->script();
       DirectHandle<Object> name(script->GetNameOrSourceURL(), this);
       PrintF("at ");
       if (IsString(*name) && Cast<String>(*name)->length() > 0)
@@ -1959,8 +2047,7 @@ Tagged<Object> Isolate::Throw(Tagged<Object> raw_exception,
 
   // Notify debugger of exception.
   if (is_catchable_by_javascript(raw_exception)) {
-    base::Optional<Tagged<Object>> maybe_exception =
-        debug()->OnThrow(exception);
+    std::optional<Tagged<Object>> maybe_exception = debug()->OnThrow(exception);
     if (maybe_exception.has_value()) {
       return *maybe_exception;
     }
@@ -2205,6 +2292,29 @@ Tagged<Object> Isolate::UnwindAndFindHandler() {
 
 #if V8_ENABLE_WEBASSEMBLY
       case StackFrame::C_WASM_ENTRY: {
+#if V8_ENABLE_DRUMBRAKE
+        if (v8_flags.wasm_jitless) {
+          StackHandler* handler = frame->top_handler();
+          thread_local_top()->handler_ = handler->next_address();
+          Tagged<Code> code =
+              frame->LookupCode();  // WasmInterpreterCWasmEntry.
+
+          HandlerTable table(code);
+          Address instruction_start = code->InstructionStart(this, frame->pc());
+          // Compute the stack pointer from the frame pointer. This ensures that
+          // argument slots on the stack are dropped as returning would.
+          Address return_sp = *reinterpret_cast<Address*>(
+              frame->fp() + WasmInterpreterCWasmEntryConstants::kSPFPOffset);
+          const int handler_offset = table.LookupReturn(0);
+          if (trap_handler::IsThreadInWasm()) {
+            trap_handler::ClearThreadInWasm();
+          }
+          return FoundHandler(Context(), instruction_start, handler_offset,
+                              code->constant_pool(), return_sp, frame->fp(),
+                              visited_frames);
+        }
+#endif  // V8_ENABLE_DRUMBRAKE
+
         StackHandler* handler = frame->top_handler();
         thread_local_top()->handler_ = handler->next_address();
         Tagged<Code> code = frame->LookupCode();
@@ -2223,6 +2333,14 @@ Tagged<Object> Isolate::UnwindAndFindHandler() {
                             visited_frames);
       }
 
+#if V8_ENABLE_DRUMBRAKE
+      case StackFrame::WASM_INTERPRETER_ENTRY: {
+        if (trap_handler::IsThreadInWasm()) {
+          trap_handler::ClearThreadInWasm();
+        }
+      } break;
+#endif  // V8_ENABLE_DRUMBRAKE
+
       case StackFrame::WASM: {
         if (!is_catchable_by_wasm(exception)) break;
 
@@ -2244,6 +2362,15 @@ Tagged<Object> Isolate::UnwindAndFindHandler() {
                             StandardFrameConstants::kFixedFrameSizeAboveFp -
                             stack_slots * kSystemPointerSize;
 
+#if V8_ENABLE_DRUMBRAKE
+        // Transitioning from JS To Wasm.
+        if (v8_flags.wasm_enable_exec_time_histograms &&
+            v8_flags.slow_histograms && !v8_flags.wasm_jitless) {
+          // Start measuring the time spent running Wasm for jitted Wasm.
+          wasm_execution_timer()->Start();
+        }
+#endif  // V8_ENABLE_DRUMBRAKE
+
         // This is going to be handled by WebAssembly, so we need to set the TLS
         // flag. The {SetThreadInWasmFlagScope} will set the flag after all
         // destructors have been executed.
@@ -2449,7 +2576,7 @@ Tagged<Object> Isolate::UnwindAndFindHandler() {
         break;
     }
 
-    if (frame->is_turbofan()) {
+    if (frame->is_optimized()) {
       // Remove per-frame stored materialized objects.
       bool removed = materialized_object_store_->Remove(frame->fp());
       USE(removed);
@@ -2638,7 +2765,7 @@ void Isolate::PrintCurrentStackTrace(std::ostream& out) {
 
   IncrementalStringBuilder builder(this);
   for (int i = 0; i < frames->length(); ++i) {
-    Handle<CallSiteInfo> frame(Cast<CallSiteInfo>(frames->get(i)), this);
+    DirectHandle<CallSiteInfo> frame(Cast<CallSiteInfo>(frames->get(i)), this);
     SerializeCallSiteInfo(this, frame, &builder);
     if (i != frames->length() - 1) builder.AppendCharacter('\n');
   }
@@ -2711,7 +2838,7 @@ bool Isolate::ComputeLocationFromSimpleStackTrace(MessageLocation* target,
   DirectHandle<FixedArray> call_site_infos =
       GetSimpleStackTrace(Cast<JSReceiver>(exception));
   for (int i = 0; i < call_site_infos->length(); ++i) {
-    Handle<CallSiteInfo> call_site_info(
+    DirectHandle<CallSiteInfo> call_site_info(
         Cast<CallSiteInfo>(call_site_infos->get(i)), this);
     if (CallSiteInfo::ComputeLocation(call_site_info, target)) {
       return true;
@@ -2771,7 +2898,7 @@ Handle<JSMessageObject> Isolate::CreateMessage(Handle<Object> exception,
 
 Handle<JSMessageObject> Isolate::CreateMessageFromException(
     Handle<Object> exception) {
-  Handle<FixedArray> stack_trace_object;
+  DirectHandle<FixedArray> stack_trace_object;
   if (IsJSError(*exception)) {
     stack_trace_object = GetDetailedStackTrace(Cast<JSObject>(exception));
   }
@@ -4062,10 +4189,6 @@ void Isolate::CheckIsolateLayout() {
   CHECK_EQ(static_cast<int>(
                OFFSET_OF(Isolate, isolate_data_.trusted_pointer_table_)),
            Internals::kIsolateTrustedPointerTableOffset);
-
-  CHECK_EQ(static_cast<int>(
-               OFFSET_OF(Isolate, isolate_data_.external_buffer_table_)),
-           Internals::kIsolateExternalBufferTableOffset);
 #endif
   CHECK_EQ(static_cast<int>(
                OFFSET_OF(Isolate, isolate_data_.api_callback_thunk_argument_)),
@@ -4169,6 +4292,15 @@ void Isolate::Deinit() {
   DisallowGarbageCollection no_gc;
   IgnoreLocalGCRequests ignore_gc_requests(heap());
 
+#if V8_ENABLE_WEBASSEMBLY && V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    wasm::WasmInterpreter::NotifyIsolateDisposal(this);
+  } else if (v8_flags.wasm_enable_exec_time_histograms &&
+             v8_flags.slow_histograms) {
+    wasm_execution_timer_->Terminate();
+  }
+#endif  // V8_ENABLE_WEBASSEMBLY && V8_ENABLE_DRUMBRAKE
+
   tracing_cpu_profiler_.reset();
   if (v8_flags.stress_sampling_allocation_profiler > 0) {
     heap_profiler()->StopSamplingHeapProfiler();
@@ -4355,21 +4487,11 @@ void Isolate::Deinit() {
   trusted_pointer_table().TearDown();
 
   GetProcessWideCodePointerTable()->TearDownSpace(heap()->code_pointer_space());
+#endif  // V8_ENABLE_SANDBOX
+#ifdef V8_ENABLE_LEAPTIERING
   GetProcessWideJSDispatchTable()->TearDownSpace(
       heap()->js_dispatch_table_space());
-
-  external_buffer_table().TearDownSpace(heap()->external_buffer_space());
-  external_buffer_table().TearDown();
-  if (owns_shareable_data()) {
-    shared_external_buffer_table().TearDownSpace(
-        shared_external_buffer_space());
-    shared_external_buffer_table().TearDown();
-    delete isolate_data_.shared_external_buffer_table_;
-    isolate_data_.shared_external_buffer_table_ = nullptr;
-    delete shared_external_buffer_space_;
-    shared_external_buffer_space_ = nullptr;
-  }
-#endif
+#endif  // V8_ENABLE_LEAPTIERING
 
   {
     base::MutexGuard lock_guard(&thread_data_table_mutex_);
@@ -4589,8 +4711,9 @@ void Isolate::NotifyExceptionPropagationCallback() {
             reinterpret_cast<const v8::FunctionCallbackInfo<v8::Value>*>(
                 ext_callback_scope->callback_info());
 
-        Handle<JSReceiver> receiver = Utils::OpenHandle(*callback_info->This());
-        Handle<FunctionTemplateInfo> function_template_info(
+        DirectHandle<JSReceiver> receiver =
+            Utils::OpenDirectHandle(*callback_info->This());
+        DirectHandle<FunctionTemplateInfo> function_template_info(
             GetTargetFunctionTemplateInfo(*callback_info), this);
         ReportExceptionFunctionCallback(receiver, function_template_info, kind);
         return;
@@ -4658,9 +4781,9 @@ void Isolate::NotifyExceptionPropagationCallback() {
   switch (frame_type) {
     case StackFrame::API_CALLBACK_EXIT: {
       ApiCallbackExitFrame* frame = ApiCallbackExitFrame::cast(it.frame());
-      Handle<JSReceiver> receiver =
-          handle(Cast<JSReceiver>(frame->receiver()), this);
-      Handle<FunctionTemplateInfo> function_template_info =
+      DirectHandle<JSReceiver> receiver(Cast<JSReceiver>(frame->receiver()),
+                                        this);
+      DirectHandle<FunctionTemplateInfo> function_template_info =
           frame->GetFunctionTemplateInfo();
 
       v8::ExceptionContext callback_kind =
@@ -4703,7 +4826,8 @@ void Isolate::NotifyExceptionPropagationCallback() {
 }
 
 void Isolate::ReportExceptionFunctionCallback(
-    Handle<JSReceiver> receiver, Handle<FunctionTemplateInfo> function,
+    DirectHandle<JSReceiver> receiver,
+    DirectHandle<FunctionTemplateInfo> function,
     v8::ExceptionContext exception_context) {
   DCHECK(exception_context == v8::ExceptionContext::kConstructor ||
          exception_context == v8::ExceptionContext::kOperation);
@@ -4713,14 +4837,20 @@ void Isolate::ReportExceptionFunctionCallback(
   if (!IsJSReceiver(this->exception())) return;
   Handle<JSReceiver> exception(Cast<JSReceiver>(this->exception()), this);
 
-  Handle<Object> maybe_message(pending_message(), this);
+  DirectHandle<Object> maybe_message(pending_message(), this);
 
   Handle<String> property_name =
       IsUndefined(function->class_name(), this)
           ? factory()->empty_string()
           : Handle<String>(Cast<String>(function->class_name()), this);
   Handle<String> interface_name =
-      JSReceiver::GetConstructorName(this, receiver);
+      IsUndefined(function->interface_name(), this)
+          ? factory()->empty_string()
+          : Handle<String>(Cast<String>(function->interface_name()), this);
+  if (exception_context != ExceptionContext::kConstructor) {
+    exception_context =
+        static_cast<ExceptionContext>(function->exception_context());
+  }
 
   {
     v8::Isolate* v8_isolate = reinterpret_cast<v8::Isolate*>(this);
@@ -4746,7 +4876,7 @@ void Isolate::ReportExceptionPropertyCallback(
   if (!IsJSReceiver(this->exception())) return;
   Handle<JSReceiver> exception(Cast<JSReceiver>(this->exception()), this);
 
-  Handle<Object> maybe_message(pending_message(), this);
+  DirectHandle<Object> maybe_message(pending_message(), this);
 
   Handle<String> property_name;
   std::ignore = Name::ToFunctionName(this, name).ToHandle(&property_name);
@@ -5135,12 +5265,25 @@ void Isolate::VerifyStaticRoots() {
     if (InstanceTypeChecker::IsString(map->instance_type())) {
       CHECK_EQ(InstanceTypeChecker::IsString(map),
                InstanceTypeChecker::IsString(map->instance_type()));
+      CHECK_EQ(InstanceTypeChecker::IsSeqString(map),
+               InstanceTypeChecker::IsSeqString(map->instance_type()));
       CHECK_EQ(InstanceTypeChecker::IsExternalString(map),
                InstanceTypeChecker::IsExternalString(map->instance_type()));
+      CHECK_EQ(
+          InstanceTypeChecker::IsUncachedExternalString(map),
+          InstanceTypeChecker::IsUncachedExternalString(map->instance_type()));
       CHECK_EQ(InstanceTypeChecker::IsInternalizedString(map),
                InstanceTypeChecker::IsInternalizedString(map->instance_type()));
+      CHECK_EQ(InstanceTypeChecker::IsConsString(map),
+               InstanceTypeChecker::IsConsString(map->instance_type()));
+      CHECK_EQ(InstanceTypeChecker::IsSlicedString(map),
+               InstanceTypeChecker::IsSlicedString(map->instance_type()));
       CHECK_EQ(InstanceTypeChecker::IsThinString(map),
                InstanceTypeChecker::IsThinString(map->instance_type()));
+      CHECK_EQ(InstanceTypeChecker::IsOneByteString(map),
+               InstanceTypeChecker::IsOneByteString(map->instance_type()));
+      CHECK_EQ(InstanceTypeChecker::IsTwoByteString(map),
+               InstanceTypeChecker::IsTwoByteString(map->instance_type()));
     }
   }
 
@@ -5273,7 +5416,7 @@ bool Isolate::Init(SnapshotData* startup_snapshot_data,
 
   // Lock clients_mutex_ in order to prevent shared GCs from other clients
   // during deserialization.
-  base::Optional<base::RecursiveMutexGuard> clients_guard;
+  std::optional<base::RecursiveMutexGuard> clients_guard;
 
   if (use_shared_space_isolate && !is_shared_space_isolate()) {
     clients_guard.emplace(
@@ -5306,7 +5449,8 @@ bool Isolate::Init(SnapshotData* startup_snapshot_data,
   {
     // Must be done before deserializing RO space since the deserialization
     // process refers to these data structures.
-    isolate_data_.external_reference_table()->InitIsolateIndependent();
+    isolate_data_.external_reference_table()->InitIsolateIndependent(
+        isolate_group()->external_ref_table());
 #ifdef V8_COMPRESS_POINTERS
     external_pointer_table().Initialize();
     external_pointer_table().InitializeSpace(
@@ -5324,8 +5468,6 @@ bool Isolate::Init(SnapshotData* startup_snapshot_data,
 #ifdef V8_ENABLE_SANDBOX
     trusted_pointer_table().Initialize();
     trusted_pointer_table().InitializeSpace(heap()->trusted_pointer_space());
-    external_buffer_table().Initialize();
-    external_buffer_table().InitializeSpace(heap()->external_buffer_space());
 #endif  // V8_ENABLE_SANDBOX
   }
   ReadOnlyHeap::SetUp(this, read_only_snapshot_data, can_rehash);
@@ -5401,22 +5543,11 @@ bool Isolate::Init(SnapshotData* startup_snapshot_data,
 #ifdef V8_ENABLE_SANDBOX
   GetProcessWideCodePointerTable()->InitializeSpace(
       heap()->code_pointer_space());
+#endif  // V8_ENABLE_SANDBOX
+#ifdef V8_ENABLE_LEAPTIERING
   GetProcessWideJSDispatchTable()->InitializeSpace(
       heap()->js_dispatch_table_space());
-  if (owns_shareable_data()) {
-    isolate_data_.shared_external_buffer_table_ = new ExternalBufferTable();
-    shared_external_buffer_space_ = new ExternalBufferTable::Space();
-    shared_external_buffer_table().Initialize();
-    shared_external_buffer_table().InitializeSpace(
-        shared_external_buffer_space());
-  } else {
-    DCHECK(has_shared_space());
-    isolate_data_.shared_external_buffer_table_ =
-        shared_space_isolate()->isolate_data_.shared_external_buffer_table_;
-    shared_external_buffer_space_ =
-        shared_space_isolate()->shared_external_buffer_space_;
-  }
-#endif
+#endif  // V8_ENABLE_LEAPTIERING
 
 #if V8_ENABLE_WEBASSEMBLY
   wasm::GetWasmEngine()->AddIsolate(this);
@@ -5490,6 +5621,7 @@ bool Isolate::Init(SnapshotData* startup_snapshot_data,
     StartupDeserializer startup_deserializer(this, startup_snapshot_data,
                                              can_rehash);
     startup_deserializer.DeserializeIntoIsolate();
+    InitializeBuiltinJSDispatchTable();
   }
   if (DEBUG_BOOL) VerifyStaticRoots();
   load_stub_cache_->Initialize();
@@ -5836,7 +5968,7 @@ bool Isolate::use_optimizer() {
 
 void Isolate::IncreaseTotalRegexpCodeGenerated(DirectHandle<HeapObject> code) {
   PtrComprCageBase cage_base(this);
-  DCHECK(IsCode(*code, cage_base) || IsByteArray(*code, cage_base));
+  DCHECK(IsCode(*code, cage_base) || IsTrustedByteArray(*code, cage_base));
   total_regexp_code_generated_ += code->Size(cage_base);
 }
 
@@ -6797,7 +6929,7 @@ void Isolate::DetachGlobal(Handle<Context> env) {
       env->native_context()->GetErrorsThrown());
 
   ReadOnlyRoots roots(this);
-  Handle<JSGlobalProxy> global_proxy(env->global_proxy(), this);
+  DirectHandle<JSGlobalProxy> global_proxy(env->global_proxy(), this);
   // NOTE: Turbofan's JSNativeContextSpecialization and Maglev depend on
   // DetachGlobal causing a map change.
   JSObject::ForceSetPrototype(this, global_proxy, factory()->null_value());
@@ -7100,7 +7232,7 @@ bool Isolate::RequiresCodeRange() const {
 }
 
 v8::metrics::Recorder::ContextId Isolate::GetOrRegisterRecorderContextId(
-    Handle<NativeContext> context) {
+    DirectHandle<NativeContext> context) {
   if (serializer_enabled_) return v8::metrics::Recorder::ContextId::Empty();
   i::Tagged<i::Object> id = context->recorder_context_id();
   if (IsNullOrUndefined(id)) {
@@ -7192,6 +7324,15 @@ void Isolate::RemoveCodeMemoryChunk(MutablePageMetadata* chunk) {
 #endif  // !defined(V8_TARGET_ARCH_ARM)
 }
 
+#if V8_ENABLE_DRUMBRAKE
+void Isolate::initialize_wasm_execution_timer() {
+  DCHECK(v8_flags.wasm_enable_exec_time_histograms &&
+         v8_flags.slow_histograms && !v8_flags.wasm_jitless);
+  wasm_execution_timer_ =
+      std::make_unique<wasm::WasmExecutionTimer>(this, false);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #undef TRACE_ISOLATE
 
 // static
@@ -7283,5 +7424,28 @@ void DefaultWasmAsyncResolvePromiseCallback(
   CHECK(ret.IsJust() ? ret.FromJust() : isolate->IsExecutionTerminating());
 }
 
+void Isolate::InitializeBuiltinJSDispatchTable() {
+#ifdef V8_ENABLE_LEAPTIERING
+  for (JSBuiltinDispatchHandleRoot::Idx idx =
+           JSBuiltinDispatchHandleRoot::kFirst;
+       idx < JSBuiltinDispatchHandleRoot::kEnd;
+       idx = static_cast<JSBuiltinDispatchHandleRoot::Idx>(
+           static_cast<int>(idx) + 1)) {
+    Builtin builtin = JSBuiltinDispatchHandleRoot::to_builtin(idx);
+    Tagged<Code> code = builtins_.code(builtin);
+    DCHECK(code->entrypoint_tag() == CodeEntrypointTag::kJSEntrypointTag);
+    // TODO(olivf, 40931165): It might be more robust to get the static
+    // parameter count of this builtin.
+    JSDispatchHandle handle =
+        GetProcessWideJSDispatchTable()->AllocateAndInitializeEntry(
+            read_only_heap()->js_dispatch_table_space(),
+            code->parameter_count());
+    DCHECK(!GetProcessWideJSDispatchTable()->HasCode(handle));
+    GetProcessWideJSDispatchTable()->SetCode(handle, code);
+    builtin_dispatch_table()[idx] = handle;
+  }
+#endif
+}
+
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/execution/isolate.h b/deps/v8/src/execution/isolate.h
index d57014be337a1f..7be3714d23d842 100644
--- a/deps/v8/src/execution/isolate.h
+++ b/deps/v8/src/execution/isolate.h
@@ -10,6 +10,7 @@
 #include <functional>
 #include <list>
 #include <memory>
+#include <optional>
 #include <queue>
 #include <unordered_map>
 #include <vector>
@@ -44,7 +45,6 @@
 #include "src/objects/tagged.h"
 #include "src/runtime/runtime.h"
 #include "src/sandbox/code-pointer-table.h"
-#include "src/sandbox/external-buffer-table.h"
 #include "src/sandbox/external-pointer-table.h"
 #include "src/sandbox/trusted-pointer-table.h"
 #include "src/utils/allocation.h"
@@ -187,6 +187,10 @@ class Recorder;
 }  // namespace metrics
 
 namespace wasm {
+
+#if V8_ENABLE_DRUMBRAKE
+class WasmExecutionTimer;
+#endif  // V8_ENABLE_DRUMBRAKE
 class WasmCodeLookupCache;
 class WasmOrphanedGlobalHandle;
 }
@@ -962,14 +966,23 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   Handle<String> StackTraceString();
   // Stores a stack trace in a stack-allocated temporary buffer which will
   // end up in the minidump for debugging purposes.
-  V8_NOINLINE void PushStackTraceAndDie(void* ptr1 = nullptr,
-                                        void* ptr2 = nullptr,
-                                        void* ptr3 = nullptr,
-                                        void* ptr4 = nullptr);
+  V8_NOINLINE void PushStackTraceAndDie(
+      void* ptr1 = nullptr, void* ptr2 = nullptr, void* ptr3 = nullptr,
+      void* ptr4 = nullptr, void* ptr5 = nullptr, void* ptr6 = nullptr);
   // Similar to the above but without collecting the stack trace.
   V8_NOINLINE void PushParamsAndDie(void* ptr1 = nullptr, void* ptr2 = nullptr,
                                     void* ptr3 = nullptr, void* ptr4 = nullptr,
                                     void* ptr5 = nullptr, void* ptr6 = nullptr);
+  // Like PushStackTraceAndDie but uses DumpWithoutCrashing to continue
+  // execution.
+  V8_NOINLINE void PushStackTraceAndContinue(
+      void* ptr1 = nullptr, void* ptr2 = nullptr, void* ptr3 = nullptr,
+      void* ptr4 = nullptr, void* ptr5 = nullptr, void* ptr6 = nullptr);
+  // Like PushParamsAndDie but uses DumpWithoutCrashing to continue
+  // execution.
+  V8_NOINLINE void PushParamsAndContinue(
+      void* ptr1 = nullptr, void* ptr2 = nullptr, void* ptr3 = nullptr,
+      void* ptr4 = nullptr, void* ptr5 = nullptr, void* ptr6 = nullptr);
   Handle<FixedArray> CaptureDetailedStackTrace(
       int limit, StackTrace::StackTraceOptions options);
   MaybeHandle<JSObject> CaptureAndSetErrorStack(Handle<JSObject> error_object,
@@ -981,6 +994,7 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   // source URL. The inspected frames are the same as for the detailed stack
   // trace.
   Handle<String> CurrentScriptNameOrSourceURL();
+  MaybeHandle<Script> CurrentReferrerScript();
   bool GetStackTraceLimit(Isolate* isolate, int* result);
 
   Address GetAbstractPC(int* line, int* column);
@@ -1246,6 +1260,11 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   }
 
   Address* builtin_entry_table() { return isolate_data_.builtin_entry_table(); }
+#ifdef V8_ENABLE_LEAPTIERING
+  V8_INLINE JSDispatchHandle* builtin_dispatch_table() {
+    return isolate_data_.builtin_dispatch_table();
+  }
+#endif
   V8_INLINE Address* builtin_table() { return isolate_data_.builtin_table(); }
   V8_INLINE Address* builtin_tier0_table() {
     return isolate_data_.builtin_tier0_table();
@@ -1667,11 +1686,14 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   int GenerateIdentityHash(uint32_t mask);
 
   int NextOptimizationId() {
-    int id = next_optimization_id_++;
-    if (!Smi::IsValid(next_optimization_id_)) {
-      next_optimization_id_ = 0;
+    int id = next_optimization_id_.load();
+    while (true) {
+      int next_id = id + 1;
+      if (!Smi::IsValid(next_id)) next_id = 0;
+      if (next_optimization_id_.compare_exchange_strong(id, next_id)) {
+        return id;
+      }
     }
-    return id;
   }
 
   // ES#sec-async-module-execution-fulfilled step 10
@@ -2037,7 +2059,7 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   static Address store_to_stack_count_address(const char* function_name);
 
   v8::metrics::Recorder::ContextId GetOrRegisterRecorderContextId(
-      Handle<NativeContext> context);
+      DirectHandle<NativeContext> context);
   MaybeLocal<v8::Context> GetContextFromRecorderContextId(
       v8::metrics::Recorder::ContextId id);
 
@@ -2107,18 +2129,6 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   Address trusted_pointer_table_base_address() const {
     return isolate_data_.trusted_pointer_table_.base_address();
   }
-
-  ExternalBufferTable& external_buffer_table() {
-    return isolate_data_.external_buffer_table_;
-  }
-
-  ExternalBufferTable& shared_external_buffer_table() {
-    return *isolate_data_.shared_external_buffer_table_;
-  }
-
-  ExternalBufferTable::Space* shared_external_buffer_space() {
-    return shared_external_buffer_space_;
-  }
 #endif  // V8_ENABLE_SANDBOX
 
   Address continuation_preserved_embedder_data_address() {
@@ -2149,6 +2159,14 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
 
   GlobalSafepoint* global_safepoint() const { return global_safepoint_.get(); }
 
+#if V8_ENABLE_DRUMBRAKE
+  void initialize_wasm_execution_timer();
+
+  wasm::WasmExecutionTimer* wasm_execution_timer() const {
+    return wasm_execution_timer_.get();
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   bool owns_shareable_data() { return owns_shareable_data_; }
 
   bool log_object_relocation() const { return log_object_relocation_; }
@@ -2223,9 +2241,10 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   std::list<std::unique_ptr<detail::WaiterQueueNode>>&
   async_waiter_queue_nodes();
 
-  void ReportExceptionFunctionCallback(Handle<JSReceiver> receiver,
-                                       Handle<FunctionTemplateInfo> function,
-                                       v8::ExceptionContext callback_kind);
+  void ReportExceptionFunctionCallback(
+      DirectHandle<JSReceiver> receiver,
+      DirectHandle<FunctionTemplateInfo> function,
+      v8::ExceptionContext callback_kind);
   void ReportExceptionPropertyCallback(Handle<JSReceiver> holder,
                                        Handle<Name> name,
                                        v8::ExceptionContext callback_kind);
@@ -2626,6 +2645,8 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
                        const uint8_t* data, uint32_t data_size);
   void ClearEmbeddedBlob();
 
+  void InitializeBuiltinJSDispatchTable();
+
   const uint8_t* embedded_blob_code_ = nullptr;
   uint32_t embedded_blob_code_size_ = 0;
   const uint8_t* embedded_blob_data_ = nullptr;
@@ -2675,7 +2696,7 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   ThreadDataTable thread_data_table_;
 
   // Stores the isolate containing the shared space.
-  base::Optional<Isolate*> shared_space_isolate_;
+  std::optional<Isolate*> shared_space_isolate_;
 
   // Used to deduplicate registered SharedStructType shapes.
   //
@@ -2688,12 +2709,6 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
   ExternalPointerTable::Space* shared_external_pointer_space_ = nullptr;
 #endif  // V8_COMPRESS_POINTERS
 
-#ifdef V8_ENABLE_SANDBOX
-  // Stores the external buffer table space for the shared external buffer
-  // table.
-  ExternalBufferTable::Space* shared_external_buffer_space_ = nullptr;
-#endif  // V8_ENABLE_SANDBOX
-
   // List to manage the lifetime of the WaiterQueueNodes used to track async
   // waiters for JSSynchronizationPrimitives.
   std::list<std::unique_ptr<detail::WaiterQueueNode>> async_waiter_queue_nodes_;
@@ -2716,6 +2731,9 @@ class V8_EXPORT_PRIVATE Isolate final : private HiddenFactory {
 #ifdef V8_ENABLE_WEBASSEMBLY
   wasm::WasmCodeLookupCache* wasm_code_look_up_cache_ = nullptr;
   std::vector<std::unique_ptr<wasm::StackMemory>> wasm_stacks_;
+#if V8_ENABLE_DRUMBRAKE
+  std::unique_ptr<wasm::WasmExecutionTimer> wasm_execution_timer_;
+#endif  // V8_ENABLE_DRUMBRAKE
   wasm::WasmOrphanedGlobalHandle* wasm_orphaned_handle_ = nullptr;
   wasm::StackPool stack_pool_;
 #endif
diff --git a/deps/v8/src/execution/local-isolate.h b/deps/v8/src/execution/local-isolate.h
index 196354e50df138..1ddb0d21a62e3f 100644
--- a/deps/v8/src/execution/local-isolate.h
+++ b/deps/v8/src/execution/local-isolate.h
@@ -5,6 +5,8 @@
 #ifndef V8_EXECUTION_LOCAL_ISOLATE_H_
 #define V8_EXECUTION_LOCAL_ISOLATE_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
 #include "src/execution/shared-mutex-guard-if-off-thread.h"
 #include "src/execution/thread-id.h"
@@ -187,7 +189,7 @@ class V8_EXPORT_PRIVATE LocalIsolate final : private HiddenLocalFactory {
   bigint::Processor* bigint_processor_{nullptr};
 
 #ifdef V8_RUNTIME_CALL_STATS
-  base::Optional<WorkerThreadRuntimeCallStatsScope> rcs_scope_;
+  std::optional<WorkerThreadRuntimeCallStatsScope> rcs_scope_;
   RuntimeCallStats* runtime_call_stats_;
 #endif
 #ifdef V8_INTL_SUPPORT
@@ -209,7 +211,7 @@ class V8_NODISCARD SharedMutexGuardIfOffThread<LocalIsolate, kIsShared> final {
       delete;
 
  private:
-  base::Optional<base::SharedMutexGuard<kIsShared>> mutex_guard_;
+  std::optional<base::SharedMutexGuard<kIsShared>> mutex_guard_;
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/execution/loong64/simulator-loong64.cc b/deps/v8/src/execution/loong64/simulator-loong64.cc
index 34ad1a06d2e2fd..38e240b3132a5f 100644
--- a/deps/v8/src/execution/loong64/simulator-loong64.cc
+++ b/deps/v8/src/execution/loong64/simulator-loong64.cc
@@ -3905,10 +3905,7 @@ void Simulator::DecodeTypeOp17() {
                    FPURegisters::Name(fd_reg()), fd_float(),
                    FPURegisters::Name(fj_reg()), fj_float(),
                    FPURegisters::Name(fk_reg()), fk_float());
-      SetFPUFloatResult(
-          fd_reg(),
-          FPUCanonalizeOperation([](float lhs, float rhs) { return lhs - rhs; },
-                                 fj_float(), fk_float()));
+      SetFPUFloatResult(fd_reg(), fj_float() - fk_float());
       break;
     }
     case FSUB_D: {
@@ -3916,10 +3913,7 @@ void Simulator::DecodeTypeOp17() {
                    FPURegisters::Name(fd_reg()), fd_double(),
                    FPURegisters::Name(fj_reg()), fj_double(),
                    FPURegisters::Name(fk_reg()), fk_double());
-      SetFPUDoubleResult(fd_reg(),
-                         FPUCanonalizeOperation(
-                             [](double lhs, double rhs) { return lhs - rhs; },
-                             fj_double(), fk_double()));
+      SetFPUDoubleResult(fd_reg(), fj_double() - fk_double());
       break;
     }
     case FMUL_S: {
diff --git a/deps/v8/src/execution/messages.cc b/deps/v8/src/execution/messages.cc
index 366229baf2a0e2..f0129e18e40199 100644
--- a/deps/v8/src/execution/messages.cc
+++ b/deps/v8/src/execution/messages.cc
@@ -106,8 +106,7 @@ Handle<JSMessageObject> MessageHandler::MakeMessageObject(
 
 void MessageHandler::ReportMessage(Isolate* isolate, const MessageLocation* loc,
                                    DirectHandle<JSMessageObject> message) {
-  v8::Local<v8::Message> api_message_obj =
-      v8::Utils::MessageToLocal(message, isolate);
+  v8::Local<v8::Message> api_message_obj = v8::Utils::MessageToLocal(message);
 
   if (api_message_obj->ErrorLevel() != v8::Isolate::kMessageError) {
     ReportMessageNoExceptions(isolate, loc, message, v8::Local<v8::Value>());
@@ -159,8 +158,7 @@ void MessageHandler::ReportMessage(Isolate* isolate, const MessageLocation* loc,
 void MessageHandler::ReportMessageNoExceptions(
     Isolate* isolate, const MessageLocation* loc, DirectHandle<Object> message,
     v8::Local<v8::Value> api_exception_obj) {
-  v8::Local<v8::Message> api_message_obj =
-      v8::Utils::MessageToLocal(message, isolate);
+  v8::Local<v8::Message> api_message_obj = v8::Utils::MessageToLocal(message);
   int error_level = api_message_obj->ErrorLevel();
 
   DirectHandle<ArrayList> global_listeners =
@@ -186,10 +184,9 @@ void MessageHandler::ReportMessageNoExceptions(
         RCS_SCOPE(isolate, RuntimeCallCounterId::kMessageListenerCallback);
         // Do not allow exceptions to propagate.
         v8::TryCatch try_catch(reinterpret_cast<v8::Isolate*>(isolate));
-        callback(api_message_obj,
-                 IsUndefined(*callback_data, isolate)
-                     ? api_exception_obj
-                     : v8::Utils::ToLocal(callback_data, isolate));
+        callback(api_message_obj, IsUndefined(*callback_data, isolate)
+                                      ? api_exception_obj
+                                      : v8::Utils::ToLocal(callback_data));
       }
     }
   }
@@ -371,7 +368,8 @@ MaybeHandle<Object> ErrorUtils::FormatStackTrace(
   for (int i = 0; i < elems->length(); ++i) {
     builder.AppendCStringLiteral("\n    at ");
 
-    Handle<CallSiteInfo> frame(Cast<CallSiteInfo>(elems->get(i)), isolate);
+    DirectHandle<CallSiteInfo> frame(Cast<CallSiteInfo>(elems->get(i)),
+                                     isolate);
 
     v8::TryCatch try_catch(reinterpret_cast<v8::Isolate*>(isolate));
     SerializeCallSiteInfo(isolate, frame, &builder);
@@ -760,6 +758,75 @@ Handle<JSObject> ErrorUtils::MakeGenericError(
       .ToHandleChecked();
 }
 
+// static
+Handle<JSObject> ErrorUtils::ShadowRealmConstructTypeErrorCopy(
+    Isolate* isolate, Handle<Object> original, MessageTemplate index,
+    base::Vector<const DirectHandle<Object>> args) {
+  if (v8_flags.clear_exceptions_on_js_entry) {
+    // This function used to be implemented in JavaScript, and JSEntry
+    // clears any exceptions - so whenever we'd call this from C++,
+    // exceptions would be cleared. Preserve this behavior.
+    isolate->clear_exception();
+    isolate->clear_pending_message();
+  }
+  DirectHandle<String> msg = MessageFormatter::Format(isolate, index, args);
+  Handle<Object> options = isolate->factory()->undefined_value();
+
+  Handle<JSObject> maybe_error_object;
+  Handle<Object> error_stack;
+  StackTraceCollection collection = StackTraceCollection::kEnabled;
+  if (IsJSObject(*original)) {
+    maybe_error_object = Cast<JSObject>(original);
+    if (!ErrorUtils::GetFormattedStack(isolate, maybe_error_object)
+             .ToHandle(&error_stack)) {
+      DCHECK(isolate->has_exception());
+      DirectHandle<Object> exception = handle(isolate->exception(), isolate);
+      isolate->clear_exception();
+      // Return a new side-effect-free TypeError to be loud about inner error.
+      DirectHandle<String> string =
+          Object::NoSideEffectsToString(isolate, exception);
+      return isolate->factory()->NewTypeError(
+          MessageTemplate::kShadowRealmErrorStackThrows, string);
+    } else if (IsNullOrUndefined(*error_stack)) {
+      // If the error stack property is null or undefined, create a new error.
+      collection = StackTraceCollection::kEnabled;
+    } else if (IsPrimitive(*error_stack)) {
+      // If the error stack property is found (must be a formatted string, not
+      // an unformatted FixedArray), set collection to disabled and reuse the
+      // existing stack. If the `Error.prepareStackTrace` returned a primitive,
+      // use it as the stack as well.
+      collection = StackTraceCollection::kDisabled;
+    } else {
+      // The error stack property is an arbitrary value. Return a new TypeError
+      // about the non-string value.
+      DirectHandle<String> string =
+          Object::NoSideEffectsToString(isolate, error_stack);
+      return isolate->factory()->NewTypeError(
+          MessageTemplate::kShadowRealmErrorStackNonString, string);
+    }
+  }
+
+  Handle<Object> no_caller;
+  Handle<JSFunction> constructor = isolate->type_error_function();
+  Handle<JSObject> new_error =
+      ErrorUtils::Construct(isolate, constructor, constructor, msg, options,
+                            FrameSkipMode::SKIP_NONE, no_caller, collection)
+          .ToHandleChecked();
+
+  // If collection is disabled, reuse the existing stack string from the
+  // original error object.
+  if (collection == StackTraceCollection::kDisabled) {
+    // Error stack symbol is a private symbol and set it on an error object
+    // created from built-in error constructor should not throw.
+    Object::SetProperty(
+        isolate, new_error, isolate->factory()->error_stack_symbol(),
+        error_stack, StoreOrigin::kMaybeKeyed, Just(ShouldThrow::kThrowOnError))
+        .Check();
+  }
+
+  return new_error;
+}
+
 namespace {
 
 bool ComputeLocation(Isolate* isolate, MessageLocation* target) {
diff --git a/deps/v8/src/execution/messages.h b/deps/v8/src/execution/messages.h
index dd0e2bfdde9c72..a1730646bd656a 100644
--- a/deps/v8/src/execution/messages.h
+++ b/deps/v8/src/execution/messages.h
@@ -98,6 +98,10 @@ class ErrorUtils : public AllStatic {
       Isolate* isolate, Handle<JSFunction> constructor, MessageTemplate index,
       base::Vector<const DirectHandle<Object>> args, FrameSkipMode mode);
 
+  static Handle<JSObject> ShadowRealmConstructTypeErrorCopy(
+      Isolate* isolate, Handle<Object> original, MessageTemplate index,
+      base::Vector<const DirectHandle<Object>> args);
+
   // Formats a textual stack trace from the given structured stack trace.
   // Note that this can call arbitrary JS code through Error.prepareStackTrace.
   static MaybeHandle<Object> FormatStackTrace(Isolate* isolate,
diff --git a/deps/v8/src/execution/microtask-queue.cc b/deps/v8/src/execution/microtask-queue.cc
index d4549d58d7fb5d..6a56eac31b5a03 100644
--- a/deps/v8/src/execution/microtask-queue.cc
+++ b/deps/v8/src/execution/microtask-queue.cc
@@ -6,10 +6,10 @@
 
 #include <algorithm>
 #include <cstddef>
+#include <optional>
 
 #include "src/api/api-inl.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/execution/isolate.h"
 #include "src/handles/handles-inl.h"
 #include "src/objects/microtask-inl.h"
@@ -115,7 +115,7 @@ void MicrotaskQueue::EnqueueMicrotask(Tagged<Microtask> microtask) {
 
 void MicrotaskQueue::PerformCheckpointInternal(v8::Isolate* v8_isolate) {
   DCHECK(ShouldPerfomCheckpoint());
-  base::Optional<MicrotasksScope> microtasks_scope;
+  std::optional<MicrotasksScope> microtasks_scope;
   if (microtasks_policy_ == v8::MicrotasksPolicy::kScoped) {
     // If we're using microtask scopes to schedule microtask execution, V8
     // API calls will check that there's always a microtask scope on the
diff --git a/deps/v8/src/execution/riscv/simulator-riscv.cc b/deps/v8/src/execution/riscv/simulator-riscv.cc
index e6ea47eff457f6..49c835b032f3ac 100644
--- a/deps/v8/src/execution/riscv/simulator-riscv.cc
+++ b/deps/v8/src/execution/riscv/simulator-riscv.cc
@@ -3329,19 +3329,22 @@ void Simulator::SoftwareInterrupt() {
           case ExternalReference::BUILTIN_FP_FP_CALL:
           case ExternalReference::BUILTIN_COMPARE_CALL:
             PrintF("Call to host function %s at %p with args %f, %f",
-                   ExternalReferenceTable::NameOfIsolateIndependentAddress(pc),
+                   ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                       pc, IsolateGroup::current()->external_ref_table()),
                    reinterpret_cast<void*>(FUNCTION_ADDR(generic_target)),
                    dval0, dval1);
             break;
           case ExternalReference::BUILTIN_FP_CALL:
             PrintF("Call to host function %s at %p with arg %f",
-                   ExternalReferenceTable::NameOfIsolateIndependentAddress(pc),
+                   ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                       pc, IsolateGroup::current()->external_ref_table()),
                    reinterpret_cast<void*>(FUNCTION_ADDR(generic_target)),
                    dval0);
             break;
           case ExternalReference::BUILTIN_FP_INT_CALL:
             PrintF("Call to host function %s at %p with args %f, %d",
-                   ExternalReferenceTable::NameOfIsolateIndependentAddress(pc),
+                   ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                       pc, IsolateGroup::current()->external_ref_table()),
                    reinterpret_cast<void*>(FUNCTION_ADDR(generic_target)),
                    dval0, ival);
             break;
@@ -3415,7 +3418,8 @@ void Simulator::SoftwareInterrupt() {
       // void f(v8::FunctionCallbackInfo&)
       if (v8_flags.trace_sim) {
         PrintF("Call to host function %s at %p args %08" REGIx_FORMAT " \n",
-               ExternalReferenceTable::NameOfIsolateIndependentAddress(pc),
+               ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                   pc, IsolateGroup::current()->external_ref_table()),
                reinterpret_cast<void*>(external), arg0);
       }
       SimulatorRuntimeDirectApiCall target =
@@ -3464,7 +3468,8 @@ void Simulator::SoftwareInterrupt() {
             " , %016" REGIx_FORMAT " , %016" REGIx_FORMAT " , %016" REGIx_FORMAT
             " , %016" REGIx_FORMAT " , %016" REGIx_FORMAT " , %016" REGIx_FORMAT
             " , %016" REGIx_FORMAT " , %016" REGIx_FORMAT " \n",
-            ExternalReferenceTable::NameOfIsolateIndependentAddress(pc),
+            ExternalReferenceTable::NameOfIsolateIndependentAddress(
+                pc, IsolateGroup::current()->external_ref_table()),
             reinterpret_cast<void*>(FUNCTION_ADDR(target)), arg0, arg1, arg2,
             arg3, arg4, arg5, arg6, arg7, arg8, arg9, arg10, arg11, arg12,
             arg13, arg14, arg15, arg16, arg17, arg18, arg19);
@@ -3899,7 +3904,16 @@ void Simulator::DecodeRVRType() {
       set_rd(rs1() | (1 << index));
       break;
     }
-      // TODO(riscv): End Add RISCV M extension macro
+    case RO_CZERO_EQZ: {
+      sreg_t condition = rs2();
+      set_rd(condition == 0 ? 0 : rs1());
+      break;
+    }
+    case RO_CZERO_NEZ: {
+      sreg_t condition = rs2();
+      set_rd(condition != 0 ? 0 : rs1());
+      break;
+    }
     default: {
       switch (instr_.BaseOpcode()) {
         case AMO:
diff --git a/deps/v8/src/execution/riscv/simulator-riscv.h b/deps/v8/src/execution/riscv/simulator-riscv.h
index 5f7b5c9e724a15..75219eb6043eef 100644
--- a/deps/v8/src/execution/riscv/simulator-riscv.h
+++ b/deps/v8/src/execution/riscv/simulator-riscv.h
@@ -1172,7 +1172,7 @@ class Simulator : public SimulatorBase {
   static const size_t kStackProtectionSize = 256 * kSystemPointerSize;
   // This includes a protection margin at each end of the stack area.
   static size_t AllocatedStackSize() {
-#if V8_TARGET_ARCH_PPC64
+#if V8_TARGET_ARCH_RISCV64
     size_t stack_size = v8_flags.sim_stack_size * KB;
 #else
     size_t stack_size = 1 * MB;  // allocate 1MB for stack
diff --git a/deps/v8/src/execution/tiering-manager.cc b/deps/v8/src/execution/tiering-manager.cc
index 58b3453f6e5988..7b4ef58089c519 100644
--- a/deps/v8/src/execution/tiering-manager.cc
+++ b/deps/v8/src/execution/tiering-manager.cc
@@ -4,6 +4,8 @@
 
 #include "src/execution/tiering-manager.h"
 
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/baseline/baseline.h"
 #include "src/codegen/assembler.h"
@@ -162,8 +164,7 @@ bool FirstTimeTierUpToSparkplug(Isolate* isolate, Tagged<JSFunction> function) {
          // events; see JSFunction::InitializeFeedbackCell()).
          (function->ActiveTierIsIgnition(isolate) &&
           CanCompileWithBaseline(isolate, function->shared()) &&
-          function->shared()->cached_tiering_decision() ==
-              CachedTieringDecision::kPending);
+          !function->shared()->sparkplug_compiled());
 }
 
 bool TieringOrTieredUpToOptimizedTier(Tagged<FeedbackVector> vector) {
@@ -179,11 +180,11 @@ bool TiersUpToMaglev(CodeKind code_kind) {
          CodeKindIsUnoptimizedJSFunction(code_kind);
 }
 
-bool TiersUpToMaglev(base::Optional<CodeKind> code_kind) {
+bool TiersUpToMaglev(std::optional<CodeKind> code_kind) {
   return code_kind.has_value() && TiersUpToMaglev(code_kind.value());
 }
 
-int InterruptBudgetFor(base::Optional<CodeKind> code_kind,
+int InterruptBudgetFor(std::optional<CodeKind> code_kind,
                        TieringState tiering_state,
                        CachedTieringDecision cached_tiering_decision,
                        int bytecode_length) {
@@ -205,13 +206,6 @@ int InterruptBudgetFor(base::Optional<CodeKind> code_kind,
     }
     return v8_flags.invocation_count_for_maglev * bytecode_length;
   }
-  // kEarlyMaglev implies the function has not been tiered up to Turbofan, we
-  // delay turbofan compilation in this case.
-  if (cached_tiering_decision == CachedTieringDecision::kEarlyMaglev) {
-    return v8_flags
-               .invocation_count_for_turbofan_if_profile_guided_non_turbofan *
-           bytecode_length;
-  }
   return v8_flags.invocation_count_for_turbofan * bytecode_length;
 }
 
@@ -220,7 +214,7 @@ int InterruptBudgetFor(base::Optional<CodeKind> code_kind,
 // static
 int TieringManager::InterruptBudgetFor(
     Isolate* isolate, Tagged<JSFunction> function,
-    base::Optional<CodeKind> override_active_tier) {
+    std::optional<CodeKind> override_active_tier) {
   DCHECK(function->shared()->is_compiled());
   const int bytecode_length =
       function->shared()->GetBytecodeArray(isolate)->length();
@@ -422,8 +416,7 @@ void TieringManager::NotifyICChanged(Tagged<FeedbackVector> vector) {
                            : CodeKind::INTERPRETED_FUNCTION;
   if (code_kind == CodeKind::INTERPRETED_FUNCTION &&
       CanCompileWithBaseline(isolate_, vector->shared_function_info()) &&
-      vector->shared_function_info()->cached_tiering_decision() ==
-          CachedTieringDecision::kPending) {
+      !vector->shared_function_info()->sparkplug_compiled()) {
     // Don't delay tier-up if we haven't tiered up to baseline yet, but will --
     // baseline code is feedback independent.
     return;
@@ -439,8 +432,7 @@ void TieringManager::NotifyICChanged(Tagged<FeedbackVector> vector) {
     int new_budget = invocations * bytecodes;
     int current_budget = cell->interrupt_budget();
     if (v8_flags.profile_guided_optimization &&
-        shared->cached_tiering_decision() <
-            CachedTieringDecision::kEarlyMaglevPending) {
+        shared->cached_tiering_decision() == CachedTieringDecision::kPending) {
       if (TieringOrTieredUpToOptimizedTier(vector)) {
         shared->set_cached_tiering_decision(CachedTieringDecision::kNormal);
       } else {
@@ -452,7 +444,7 @@ void TieringManager::NotifyICChanged(Tagged<FeedbackVector> vector) {
           // v8_flags.minimum_invocations_after_ic_update * bytecodes
           int new_consumed_budget = new_budget - current_budget;
           new_invocation_count_before_stable =
-              vector->invocation_count_before_stable() +
+              vector->invocation_count_before_stable(kRelaxedLoad) +
               std::ceil(static_cast<float>(new_consumed_budget) / bytecodes);
         } else {
           // Initial interrupt budget is
@@ -466,6 +458,8 @@ void TieringManager::NotifyICChanged(Tagged<FeedbackVector> vector) {
           new_invocation_count_before_stable =
               std::ceil(static_cast<float>(total_consumed_budget) / bytecodes);
         }
+        DCHECK_LT(v8_flags.invocation_count_for_early_optimization,
+                  FeedbackVector::kInvocationCountBeforeStableDeoptSentinel);
         if (new_invocation_count_before_stable >
             v8_flags.invocation_count_for_early_optimization) {
           shared->set_cached_tiering_decision(CachedTieringDecision::kNormal);
@@ -476,8 +470,7 @@ void TieringManager::NotifyICChanged(Tagged<FeedbackVector> vector) {
       }
     }
     if (!v8_flags.profile_guided_optimization ||
-        shared->cached_tiering_decision() <
-            CachedTieringDecision::kEarlyMaglevPending ||
+        shared->cached_tiering_decision() == CachedTieringDecision::kPending ||
         shared->cached_tiering_decision() == CachedTieringDecision::kNormal) {
       if (new_budget > current_budget) {
         if (v8_flags.trace_opt_verbose) {
@@ -496,7 +489,7 @@ TieringManager::OnInterruptTickScope::OnInterruptTickScope() {
                "V8.MarkCandidatesForOptimization");
 }
 
-void TieringManager::OnInterruptTick(Handle<JSFunction> function,
+void TieringManager::OnInterruptTick(DirectHandle<JSFunction> function,
                                      CodeKind code_kind) {
   IsCompiledScope is_compiled_scope(
       function->shared()->is_compiled_scope(isolate_));
@@ -519,12 +512,10 @@ void TieringManager::OnInterruptTick(Handle<JSFunction> function,
 
   // Ensure that the feedback vector has been allocated.
   if (!had_feedback_vector) {
-    if (compile_sparkplug && function->shared()->cached_tiering_decision() ==
-                                 CachedTieringDecision::kPending) {
+    if (compile_sparkplug) {
       // Mark the function as compiled with sparkplug before the feedback vector
       // is created to initialize the interrupt budget for the next tier.
-      function->shared()->set_cached_tiering_decision(
-          CachedTieringDecision::kEarlySparkplug);
+      function->shared()->set_sparkplug_compiled(true);
     }
     JSFunction::CreateAndAttachFeedbackVector(isolate_, function,
                                               &is_compiled_scope);
@@ -568,11 +559,7 @@ void TieringManager::OnInterruptTick(Handle<JSFunction> function,
     // been set by JSFunction::CreateAndAttachFeedbackVector, so no need to
     // set it again.
     if (had_feedback_vector) {
-      if (function->shared()->cached_tiering_decision() ==
-          CachedTieringDecision::kPending) {
-        function->shared()->set_cached_tiering_decision(
-            CachedTieringDecision::kEarlySparkplug);
-      }
+      function->shared()->set_sparkplug_compiled(true);
       function->SetInterruptBudget(isolate_);
     }
     return;
diff --git a/deps/v8/src/execution/tiering-manager.h b/deps/v8/src/execution/tiering-manager.h
index 59a8c746649a30..a60c861bfe178a 100644
--- a/deps/v8/src/execution/tiering-manager.h
+++ b/deps/v8/src/execution/tiering-manager.h
@@ -28,7 +28,7 @@ class TieringManager {
  public:
   explicit TieringManager(Isolate* isolate) : isolate_(isolate) {}
 
-  void OnInterruptTick(Handle<JSFunction> function, CodeKind code_kind);
+  void OnInterruptTick(DirectHandle<JSFunction> function, CodeKind code_kind);
 
   void NotifyICChanged(Tagged<FeedbackVector> vector);
 
@@ -38,7 +38,7 @@ class TieringManager {
   // For use when a JSFunction is available.
   static int InterruptBudgetFor(
       Isolate* isolate, Tagged<JSFunction> function,
-      base::Optional<CodeKind> override_active_tier = {});
+      std::optional<CodeKind> override_active_tier = {});
 
   void MarkForTurboFanOptimization(Tagged<JSFunction> function);
 
diff --git a/deps/v8/src/flags/flag-definitions.h b/deps/v8/src/flags/flag-definitions.h
index 1f964409e06979..0795dc0a83cdea 100644
--- a/deps/v8/src/flags/flag-definitions.h
+++ b/deps/v8/src/flags/flag-definitions.h
@@ -184,7 +184,7 @@
 #define DEFINE_BOOL_READONLY(nam, def, cmt) \
   FLAG_READONLY(BOOL, bool, nam, def, cmt)
 #define DEFINE_MAYBE_BOOL(nam, cmt) \
-  FLAG(MAYBE_BOOL, base::Optional<bool>, nam, base::nullopt, cmt)
+  FLAG(MAYBE_BOOL, std::optional<bool>, nam, std::nullopt, cmt)
 #define DEFINE_INT(nam, def, cmt) FLAG(INT, int, nam, def, cmt)
 #define DEFINE_UINT(nam, def, cmt) FLAG(UINT, unsigned int, nam, def, cmt)
 #define DEFINE_UINT_READONLY(nam, def, cmt) \
@@ -288,8 +288,7 @@ DEFINE_BOOL(js_shipping, true, "enable all shipped JavaScript features")
   /* Following two flags should ship the same time but may stage */ \
   /* differently . */                                               \
   V(harmony_remove_intl_locale_info_getters,                        \
-    "Remove Obsoleted Intl Locale Info getters")                    \
-  V(harmony_intl_locale_info_func, "Intl Locale Info API as functions")
+    "Remove Obsoleted Intl Locale Info getters")
 
 #define JAVASCRIPT_INPROGRESS_FEATURES(V) JAVASCRIPT_INPROGRESS_FEATURES_BASE(V)
 #else
@@ -302,9 +301,9 @@ DEFINE_BOOL(js_shipping, true, "enable all shipped JavaScript features")
 #define JAVASCRIPT_STAGED_FEATURES_BASE(V) V(js_atomics_pause, "Atomics.pause")
 
 #ifdef V8_INTL_SUPPORT
-#define HARMONY_STAGED(V) \
-  HARMONY_STAGED_BASE(V)  \
-  V(harmony_intl_duration_format, "Intl DurationFormat API")
+#define HARMONY_STAGED(V)                                    \
+  HARMONY_STAGED_BASE(V)                                     \
+  V(harmony_intl_locale_info_func, "Intl Locale Info API as functions")
 #define JAVASCRIPT_STAGED_FEATURES(V) JAVASCRIPT_STAGED_FEATURES_BASE(V)
 #else
 #define HARMONY_STAGED(V) HARMONY_STAGED_BASE(V)
@@ -324,7 +323,9 @@ DEFINE_BOOL(js_shipping, true, "enable all shipped JavaScript features")
   V(js_promise_try, "Promise.try")
 
 #ifdef V8_INTL_SUPPORT
-#define HARMONY_SHIPPING(V) HARMONY_SHIPPING_BASE(V)
+#define HARMONY_SHIPPING(V) \
+  HARMONY_SHIPPING_BASE(V)  \
+  V(harmony_intl_duration_format, "Intl DurationFormat API")
 #define JAVASCRIPT_SHIPPING_FEATURES(V) JAVASCRIPT_SHIPPING_FEATURES_BASE(V)
 #else
 #define HARMONY_SHIPPING(V) HARMONY_SHIPPING_BASE(V)
@@ -509,15 +510,6 @@ DEFINE_BOOL_READONLY(direct_handle, V8_ENABLE_DIRECT_HANDLE_BOOL,
 // break the correctness of the GC.
 DEFINE_NEG_NEG_IMPLICATION(conservative_stack_scanning, direct_handle)
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
-#define V8_ENABLE_DIRECT_LOCAL_BOOL true
-#else
-#define V8_ENABLE_DIRECT_LOCAL_BOOL false
-#endif
-DEFINE_BOOL_READONLY(direct_local, V8_ENABLE_DIRECT_LOCAL_BOOL,
-                     "use direct local handles")
-DEFINE_IMPLICATION(direct_local, conservative_stack_scanning)
-
 #ifdef V8_ENABLE_LOCAL_OFF_STACK_CHECK
 #define V8_ENABLE_LOCAL_OFF_STACK_CHECK_BOOL true
 #else
@@ -575,10 +567,10 @@ DEFINE_BOOL(maglev_inlining, true,
             "enable inlining in the maglev optimizing compiler")
 DEFINE_BOOL(maglev_loop_peeling, true,
             "enable loop peeling in the maglev optimizing compiler")
-DEFINE_BOOL(maglev_optimistic_peeled_loops, false,
-            "enable speculation on loop state using peeling as fallback in the "
+DEFINE_BOOL(maglev_optimistic_peeled_loops, true,
+            "enable aggressive optimizations for loops (loop SPeeling) in the "
             "maglev optimizing compiler")
-DEFINE_INT(maglev_loop_peeling_max_size, 150,
+DEFINE_INT(maglev_loop_peeling_max_size, 200,
            "max loop size for loop peeling in the maglev optimizing compiler")
 DEFINE_BOOL(maglev_deopt_data_on_background, true,
             "Generate deopt data on background thread")
@@ -590,18 +582,15 @@ DEFINE_BOOL(maglev_destroy_on_background, true,
             "Destroy compilation jobs on background thread")
 DEFINE_BOOL(maglev_inline_api_calls, false,
             "Inline CallApiCallback builtin into generated code")
-DEFINE_WEAK_IMPLICATION(maglev_future, maglev_optimistic_peeled_loops)
+DEFINE_EXPERIMENTAL_FEATURE(maglev_licm, "loop invariant code motion")
 DEFINE_WEAK_IMPLICATION(maglev_future, maglev_speculative_hoist_phi_untagging)
 DEFINE_WEAK_IMPLICATION(maglev_future, maglev_inline_api_calls)
 DEFINE_WEAK_IMPLICATION(maglev_future, maglev_escape_analysis)
+DEFINE_WEAK_IMPLICATION(maglev_future, maglev_licm)
 // This might be too big of a hammer but we must prohibit moving the C++
 // trampolines while we are executing a C++ code.
 DEFINE_NEG_IMPLICATION(maglev_inline_api_calls, compact_code_space_with_stack)
 
-DEFINE_EXPERIMENTAL_FEATURE(
-    maglev_extend_properties_backing_store,
-    "Generate code for extending properties backing store when needed")
-
 DEFINE_UINT(
     concurrent_maglev_max_threads, 2,
     "max number of threads that concurrent Maglev can use (0 for unbounded)")
@@ -647,6 +636,8 @@ DEFINE_DEBUG_BOOL(maglev_assert_stack_size, true,
 DEFINE_BOOL(maglev_break_on_entry, false, "insert an int3 on maglev entries")
 DEFINE_BOOL(maglev_print_feedback, true,
             "print feedback vector for maglev compiled code")
+DEFINE_BOOL(maglev_print_inlined, true,
+            "print bytecode / feedback vectors also for inlined code")
 
 DEFINE_BOOL(print_maglev_code, false, "print maglev code")
 DEFINE_BOOL(trace_maglev_graph_building, false, "trace maglev graph building")
@@ -693,7 +684,7 @@ DEFINE_WEAK_IMPLICATION(future, flush_baseline_code)
 #endif
 
 DEFINE_BOOL(
-    enable_enumerated_keyed_access_bytecode, false,
+    enable_enumerated_keyed_access_bytecode, true,
     "enable generating GetEnumeratedKeyedProperty bytecode for keyed access")
 
 DEFINE_BOOL_READONLY(dict_property_const_tracking,
@@ -904,9 +895,6 @@ DEFINE_VALUE_IMPLICATION(always_osr_from_maglev, osr_from_maglev, true)
 // Tiering: Turbofan.
 DEFINE_INT(invocation_count_for_turbofan, 3000,
            "invocation count required for optimizing with TurboFan")
-DEFINE_INT(invocation_count_for_turbofan_if_profile_guided_non_turbofan, 6000,
-           "invocation count required for optimizing with TurboFan if profile "
-           "guided non TurboFan")
 DEFINE_INT(invocation_count_for_osr, 500, "invocation count required for OSR")
 DEFINE_INT(osr_to_tierup, 1,
            "number to decrease the invocation budget by when we follow OSR")
@@ -996,6 +984,11 @@ DEFINE_BOOL(trace_track_allocation_sites, false,
 DEFINE_BOOL(trace_migration, false, "trace object migration")
 DEFINE_BOOL(trace_generalization, false, "trace map generalization")
 
+DEFINE_BOOL(reuse_scope_infos, false,
+            "reuse scope infos from previous compiles")
+
+DEFINE_IMPLICATION(fuzzing, reuse_scope_infos)
+
 // Flags for Sparkplug
 #undef FLAG
 #if V8_ENABLE_SPARKPLUG
@@ -1016,7 +1009,7 @@ DEFINE_BOOL(baseline_batch_compilation, true, "batch compile Sparkplug code")
 DEFINE_BOOL_READONLY(concurrent_sparkplug, false,
                      "compile Sparkplug code in a background thread")
 #else
-DEFINE_BOOL(concurrent_sparkplug, false,
+DEFINE_BOOL(concurrent_sparkplug, ENABLE_SPARKPLUG_BY_DEFAULT,
             "compile Sparkplug code in a background thread")
 DEFINE_WEAK_IMPLICATION(future, concurrent_sparkplug)
 DEFINE_NEG_IMPLICATION(predictable, concurrent_sparkplug)
@@ -1098,10 +1091,7 @@ DEFINE_BOOL(maglev_overwrite_budget, false,
 DEFINE_WEAK_IMPLICATION(maglev, maglev_overwrite_budget)
 DEFINE_NEG_IMPLICATION(stress_concurrent_inlining, maglev_overwrite_budget)
 DEFINE_WEAK_VALUE_IMPLICATION(maglev_overwrite_budget,
-                              invocation_count_for_turbofan, 5000)
-DEFINE_WEAK_VALUE_IMPLICATION(
-    maglev_overwrite_budget,
-    invocation_count_for_turbofan_if_profile_guided_non_turbofan, 10000)
+                              invocation_count_for_turbofan, 6000)
 DEFINE_BOOL(maglev_overwrite_osr_budget, false,
             "whether maglev resets the OSR interrupt budget")
 DEFINE_WEAK_IMPLICATION(maglev_osr, maglev_overwrite_osr_budget)
@@ -1292,10 +1282,14 @@ DEFINE_BOOL(concurrent_osr, true, "enable concurrent OSR")
 
 DEFINE_BOOL(maglev_escape_analysis, true,
             "avoid inlined allocation of objects that cannot escape")
-DEFINE_EXPERIMENTAL_FEATURE(maglev_track_object_changes,
-                            "track object changes to avoid escaping them")
-DEFINE_WEAK_IMPLICATION(maglev_future, maglev_track_object_changes)
 DEFINE_BOOL(trace_maglev_escape_analysis, false, "trace maglev escape analysis")
+DEFINE_EXPERIMENTAL_FEATURE(maglev_object_tracking,
+                            "track object changes to avoid escaping them")
+DEFINE_WEAK_IMPLICATION(maglev_future, maglev_object_tracking)
+DEFINE_BOOL(trace_maglev_object_tracking, false,
+            "trace load/stores from maglev virtual objects")
+DEFINE_WEAK_IMPLICATION(trace_maglev_graph_building,
+                        trace_maglev_object_tracking)
 
 // TODO(dmercadier): fix and re-enable string builder.
 DEFINE_BOOL_READONLY(turbo_string_builder, false,
@@ -1370,6 +1364,10 @@ DEFINE_BOOL(
     stress_gc_during_compilation, false,
     "simulate GC/compiler thread race related to https://crbug.com/v8/8520")
 DEFINE_BOOL(turbo_fast_api_calls, true, "enable fast API calls from TurboFan")
+
+DEFINE_BOOL(fast_api_allow_float_in_sim, false,
+            "allow float parameters to be passed in simulator mode")
+
 #ifdef V8_USE_ZLIB
 DEFINE_BOOL(turbo_compress_frame_translations, false,
             "compress deoptimization frame translations (experimental)")
@@ -1392,9 +1390,15 @@ DEFINE_BOOL(turboshaft, true, "enable TurboFan's Turboshaft phases for JS")
 // Can't use Turbofan without Turboshaft.
 DEFINE_NEG_NEG_IMPLICATION(turboshaft, turbofan)
 
+#ifdef V8_ENABLE_EXPERIMENTAL_TSA_BUILTINS
+DEFINE_BOOL(turboshaft_enable_debug_features, DEBUG_BOOL,
+            "enables Turboshaft's DebugPrint, StaticAssert and "
+            "CheckTurboshaftTypeOf operations")
+#else
 DEFINE_BOOL(turboshaft_enable_debug_features, false,
             "enables Turboshaft's DebugPrint, StaticAssert and "
             "CheckTurboshaftTypeOf operations")
+#endif
 DEFINE_BOOL(turboshaft_wasm, false,
             "enable TurboFan's Turboshaft phases for wasm")
 DEFINE_WEAK_IMPLICATION(future, turboshaft_wasm)
@@ -1448,8 +1452,8 @@ DEFINE_WEAK_IMPLICATION(turboshaft_future,
 DEFINE_IMPLICATION(experimental_wasm_shared, turboshaft_wasm)
 DEFINE_NEG_IMPLICATION(experimental_wasm_shared, liftoff)
 
-// FP16 is implemented on liftoff only for now.
-DEFINE_IMPLICATION(experimental_wasm_fp16, liftoff_only)
+// FP16 is implemented on liftoff and turboshaft only for now.
+DEFINE_IMPLICATION(experimental_wasm_fp16, turboshaft_wasm)
 #endif
 
 #ifdef DEBUG
@@ -1520,6 +1524,12 @@ DEFINE_NEG_NEG_IMPLICATION(jitless,
                            jitless_and_not_correctness_fuzzer_suppressions)
 DEFINE_NEG_IMPLICATION(correctness_fuzzer_suppressions,
                        jitless_and_not_correctness_fuzzer_suppressions)
+#ifdef V8_ENABLE_DRUMBRAKE
+DEFINE_NEG_IMPLICATION(wasm_jitless,
+                       jitless_and_not_correctness_fuzzer_suppressions)
+DEFINE_NEG_IMPLICATION(wasm_jitless_if_available_for_testing,
+                       jitless_and_not_correctness_fuzzer_suppressions)
+#endif  // V8_ENABLE_DRUMBRAKE
 DEFINE_DISABLE_FLAG_IMPLICATION(jitless_and_not_correctness_fuzzer_suppressions,
                                 expose_wasm)
 DEFINE_INT(wasm_num_compilation_tasks, 128,
@@ -1634,9 +1644,17 @@ DEFINE_BOOL(
 
 DEFINE_BOOL(validate_asm, true,
             "validate asm.js modules and translate them to Wasm")
+// Directly interpret asm.js code as regular JavaScript code.
 // asm.js validation is disabled since it triggers wasm code generation.
-// --jitless also implies --no-expose-wasm, see InitializeOncePerProcessImpl.
 DEFINE_NEG_IMPLICATION(jitless, validate_asm)
+
+#if V8_ENABLE_DRUMBRAKE
+// Wasm is put into interpreter-only mode. We repeat flag implications down
+// here to ensure they're applied correctly by setting the --jitless flag.
+DEFINE_NEG_IMPLICATION(jitless, asm_wasm_lazy_compilation)
+DEFINE_NEG_IMPLICATION(jitless, wasm_lazy_compilation)
+#endif  // V8_ENABLE_DRUMBRAKE
+
 DEFINE_BOOL(suppress_asm_messages, false,
             "don't emit asm.js related messages (for golden file testing)")
 DEFINE_BOOL(trace_asm_time, false, "print asm.js timing info to the console")
@@ -1655,6 +1673,8 @@ DEFINE_EXPERIMENTAL_FEATURE(
 
 DEFINE_EXPERIMENTAL_FEATURE(wasm_deopt,
                             "enable deopts in optimized wasm functions")
+// Deopt only works in combination with feedback.
+DEFINE_NEG_NEG_IMPLICATION(liftoff, wasm_deopt)
 // Deopt support for wasm is not implemented for Turbofan.
 DEFINE_IMPLICATION(wasm_deopt, turboshaft_wasm)
 
@@ -1807,6 +1827,72 @@ DEFINE_BOOL_READONLY(wasm_memory64_trap_handling, false,
                      "supported for this architecture)")
 #endif  // V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_X64
 
+#ifdef V8_ENABLE_DRUMBRAKE
+// DrumBrake flags.
+DEFINE_EXPERIMENTAL_FEATURE(wasm_jitless,
+                            "Execute all wasm code in the Wasm interpreter")
+DEFINE_BOOL(wasm_jitless_if_available_for_testing, false,
+            "Enables the Wasm interpreter, for testing, but only if "
+            "the 'v8_enable_drumbrake' flag is set.")
+DEFINE_IMPLICATION(wasm_jitless_if_available_for_testing, wasm_jitless)
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+DEFINE_BOOL(trace_drumbrake_bytecode_generator, false,
+            "trace drumbrake generation of interpreter bytecode")
+DEFINE_BOOL(trace_drumbrake_execution, false,
+            "trace drumbrake execution of wasm code")
+DEFINE_BOOL(trace_drumbrake_execution_verbose, false,
+            "print more information for the drumbrake execution of wasm code")
+DEFINE_IMPLICATION(trace_drumbrake_execution_verbose, trace_drumbrake_execution)
+DEFINE_BOOL(redirect_drumbrake_traces, false,
+            "write drumbrake traces into file <pid>-<isolate id>.dbt")
+DEFINE_STRING(
+    trace_drumbrake_filter, "*",
+    "filter for selecting which wasm functions to trace in the interpreter")
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+DEFINE_BOOL(drumbrake_super_instructions, true,
+            "enable drumbrake merged wasm instructions optimization")
+DEFINE_BOOL(drumbrake_register_optimization, true,
+            "enable passing the top stack value in a register in drumbrake")
+
+// Directly interpret asm.js code as regular JavaScript code, instead of
+// translating it to Wasm bytecode first and then interpreting that with
+// DrumBrake. (validate_asm=false turns off asm.js to Wasm compilation.)
+DEFINE_NEG_IMPLICATION(wasm_jitless, validate_asm)
+
+// --wasm-jitless resets {asm-,}wasm-lazy-compilation.
+DEFINE_NEG_IMPLICATION(wasm_jitless, asm_wasm_lazy_compilation)
+DEFINE_NEG_IMPLICATION(wasm_jitless, wasm_lazy_compilation)
+DEFINE_NEG_IMPLICATION(wasm_jitless, wasm_lazy_validation)
+DEFINE_NEG_IMPLICATION(wasm_jitless, wasm_tier_up)
+
+// --wasm-enable-exec-time-histograms works both in jitted and jitless mode
+// and enables histogram V8.Jit[less]WasmExecutionPercentage, which measures
+// the percentage of time spent running Wasm code. Note that generating samples
+// for this metric causes a small performance degradation, and requires setting
+// the additional flag --slow-histograms.
+DEFINE_BOOL(wasm_enable_exec_time_histograms, false,
+            "enables histograms that track the time spent executing Wasm code")
+DEFINE_INT(wasm_exec_time_histogram_sample_duration, 1000,
+           "sample duration for V8.Jit[less]WasmExecutionPercentage, in msec")
+DEFINE_INT(wasm_exec_time_histogram_sample_period, 4000,
+           "sample period for V8.Jit[less]WasmExecutionPercentage, in msec")
+DEFINE_INT(wasm_exec_time_histogram_slow_threshold, 10000,
+           "V8.Jit[less]WasmExecutionPercentage threshold used to detect "
+           "Wasm-intensive workloads (0-100000)")
+DEFINE_INT(wasm_exec_time_slow_threshold_samples_count, 1,
+           "number of V8.Jit[less]WasmExecutionPercentage samples used to "
+           "calculate the threshold for the V8.Jit[less]WasmExecutionTooSlow "
+           "histogram")
+DEFINE_IMPLICATION(wasm_enable_exec_time_histograms, slow_histograms)
+DEFINE_NEG_IMPLICATION(wasm_enable_exec_time_histograms,
+                       turbo_inline_js_wasm_calls)
+DEFINE_NEG_IMPLICATION(wasm_enable_exec_time_histograms, wasm_generic_wrapper)
+#else   // V8_ENABLE_DRUMBRAKE
+DEFINE_BOOL_READONLY(wasm_jitless, false,
+                     "execute all Wasm code in the Wasm interpreter")
+DEFINE_BOOL(wasm_jitless_if_available_for_testing, false, "")
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 DEFINE_INT(stress_sampling_allocation_profiler, 0,
@@ -2002,6 +2088,8 @@ DEFINE_BOOL_READONLY(verify_heap, false,
 #endif
 DEFINE_BOOL(move_object_start, true, "enable moving of object starts")
 DEFINE_BOOL(memory_reducer, true, "use memory reducer")
+DEFINE_BOOL(memory_reducer_favors_memory, true,
+            "memory reducer runs GC with ReduceMemoryFootprint flag")
 DEFINE_BOOL(memory_reducer_for_small_heaps, true,
             "use memory reducer for small heaps")
 DEFINE_INT(memory_reducer_gc_count, 2,
@@ -2153,6 +2241,7 @@ DEFINE_BOOL(enable_avx2, true, "enable use of AVX2 instructions if available")
 DEFINE_BOOL(enable_avx_vnni, true,
             "enable use of AVX-VNNI instructions if available")
 DEFINE_BOOL(enable_fma3, true, "enable use of FMA3 instructions if available")
+DEFINE_BOOL(enable_f16c, true, "enable use of F16C instructions if available")
 DEFINE_BOOL(enable_bmi1, true, "enable use of BMI1 instructions if available")
 DEFINE_BOOL(enable_bmi2, true, "enable use of BMI2 instructions if available")
 DEFINE_BOOL(enable_lzcnt, true, "enable use of LZCNT instruction if available")
@@ -2212,6 +2301,7 @@ DEFINE_BOOL(
     merge_background_deserialized_script_with_compilation_cache, true,
     "After deserializing code cache data on a background thread, merge it into "
     "an existing Script if one is found in the Isolate compilation cache")
+DEFINE_BOOL(verify_code_merge, false, "Verify scope infos after merge")
 DEFINE_BOOL(
     embedder_instance_types, false,
     "enable type checks based on instance types provided by the embedder")
@@ -2247,7 +2337,7 @@ DEFINE_BOOL(enable_vtunejit, true, "enable vtune jit interface")
 DEFINE_NEG_IMPLICATION(enable_vtunejit, compact_code_space)
 #endif  // ENABLE_VTUNE_JIT_INTERFACE
 
-DEFINE_BOOL(experimental_report_exceptions_from_callbacks, false,
+DEFINE_BOOL(experimental_report_exceptions_from_callbacks, true,
             "Notify Api callback about exceptions thrown in Api callbacks")
 
 // builtins.cc
diff --git a/deps/v8/src/flags/flags-impl.h b/deps/v8/src/flags/flags-impl.h
index 013b58704ae352..8b21567087438f 100644
--- a/deps/v8/src/flags/flags-impl.h
+++ b/deps/v8/src/flags/flags-impl.h
@@ -5,10 +5,10 @@
 #ifndef V8_FLAGS_FLAGS_IMPL_H_
 #define V8_FLAGS_FLAGS_IMPL_H_
 
+#include <optional>
 #include <unordered_set>
 
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "src/flags/flags.h"
 
@@ -111,12 +111,12 @@ struct Flag {
     SetValue<TYPE_BOOL, bool>(value, set_by);
   }
 
-  base::Optional<bool> maybe_bool_variable() const {
-    return GetValue<TYPE_MAYBE_BOOL, base::Optional<bool>>();
+  std::optional<bool> maybe_bool_variable() const {
+    return GetValue<TYPE_MAYBE_BOOL, std::optional<bool>>();
   }
 
-  void set_maybe_bool_variable(base::Optional<bool> value, SetBy set_by) {
-    SetValue<TYPE_MAYBE_BOOL, base::Optional<bool>>(value, set_by);
+  void set_maybe_bool_variable(std::optional<bool> value, SetBy set_by) {
+    SetValue<TYPE_MAYBE_BOOL, std::optional<bool>>(value, set_by);
   }
 
   int int_variable() const { return GetValue<TYPE_INT, int>(); }
diff --git a/deps/v8/src/flags/flags.cc b/deps/v8/src/flags/flags.cc
index c1ef984d372657..fc1588c52e6cde 100644
--- a/deps/v8/src/flags/flags.cc
+++ b/deps/v8/src/flags/flags.cc
@@ -12,6 +12,7 @@
 #include <cstdlib>
 #include <cstring>
 #include <iomanip>
+#include <optional>
 #include <set>
 #include <sstream>
 
@@ -265,7 +266,7 @@ void Flag::Reset() {
       set_bool_variable(bool_default(), SetBy::kDefault);
       break;
     case TYPE_MAYBE_BOOL:
-      set_maybe_bool_variable(base::nullopt, SetBy::kDefault);
+      set_maybe_bool_variable(std::nullopt, SetBy::kDefault);
       break;
     case TYPE_INT:
       set_int_variable(int_default(), SetBy::kDefault);
diff --git a/deps/v8/src/flags/flags.h b/deps/v8/src/flags/flags.h
index 140bf4c9dfa1a6..cc38cf8004ea6f 100644
--- a/deps/v8/src/flags/flags.h
+++ b/deps/v8/src/flags/flags.h
@@ -5,7 +5,8 @@
 #ifndef V8_FLAGS_FLAGS_H_
 #define V8_FLAGS_FLAGS_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/common/globals.h"
 
 #if V8_ENABLE_WEBASSEMBLY
@@ -25,7 +26,7 @@ class FlagValue {
   // We currently allow the following types to be used for flags:
   // - Arithmetic types like bool, int, size_t, double; those will trivially be
   //   protected.
-  // - base::Optional<bool>, which is basically a POD, and can also be
+  // - std::optional<bool>, which is basically a POD, and can also be
   //   protected.
   // - const char*, for which we currently do not protect the actual string
   //   value. TODO(12887): Also protect the string storage.
@@ -34,7 +35,7 @@ class FlagValue {
   // works for them.
   static_assert(std::is_same_v<std::decay_t<T>, T>);
   static_assert(std::is_arithmetic_v<T> ||
-                std::is_same_v<base::Optional<bool>, T> ||
+                std::is_same_v<std::optional<bool>, T> ||
                 std::is_same_v<const char*, T>);
 
  public:
diff --git a/deps/v8/src/handles/handles.h b/deps/v8/src/handles/handles.h
index e8c349f0f9560e..eb53ee716c42f8 100644
--- a/deps/v8/src/handles/handles.h
+++ b/deps/v8/src/handles/handles.h
@@ -451,7 +451,6 @@ class DirectHandle : public DirectHandleBase {
 
   V8_INLINE explicit DirectHandle(Address object) : DirectHandleBase(object) {}
 
-  V8_INLINE explicit DirectHandle(Tagged<T> object);
   V8_INLINE DirectHandle(Tagged<T> object, Isolate* isolate)
       : DirectHandle(object) {}
   V8_INLINE DirectHandle(Tagged<T> object, LocalIsolate* isolate)
@@ -535,6 +534,8 @@ class DirectHandle : public DirectHandleBase {
   friend inline DirectHandle<To> Cast(DirectHandle<From> value,
                                       const v8::SourceLocation& loc);
 
+  V8_INLINE explicit DirectHandle(Tagged<T> object);
+
   explicit DirectHandle(no_checking_tag do_not_check)
       : DirectHandleBase(kTaggedNullAddress, do_not_check) {}
   explicit DirectHandle(const DirectHandle<T>& other,
diff --git a/deps/v8/src/heap/code-range.cc b/deps/v8/src/heap/code-range.cc
index ce03e3539bb560..9a2ef8344d61a0 100644
--- a/deps/v8/src/heap/code-range.cc
+++ b/deps/v8/src/heap/code-range.cc
@@ -200,7 +200,7 @@ bool CodeRange::InitReservation(v8::PageAllocator* page_allocator,
     if (!VirtualMemoryCage::InitReservation(params)) {
       params.requested_start_hint = kNullAddress;
       if (!VirtualMemoryCage::InitReservation(params)) return false;
-    };
+    }
     TRACE("=== Fallback attempt, hint=%p: [%p, %p)\n",
           reinterpret_cast<void*>(params.requested_start_hint),
           reinterpret_cast<void*>(region().begin()),
diff --git a/deps/v8/src/heap/concurrent-marking.cc b/deps/v8/src/heap/concurrent-marking.cc
index d802abe3c4a4f5..885fda0ea48969 100644
--- a/deps/v8/src/heap/concurrent-marking.cc
+++ b/deps/v8/src/heap/concurrent-marking.cc
@@ -571,7 +571,8 @@ size_t ConcurrentMarking::GetMinorMaxConcurrency(size_t worker_count) {
 
 void ConcurrentMarking::TryScheduleJob(GarbageCollector garbage_collector,
                                        TaskPriority priority) {
-  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking);
+  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking ||
+         v8_flags.concurrent_minor_ms_marking);
   DCHECK(!heap_->IsTearingDown());
   DCHECK(IsStopped());
 
@@ -645,7 +646,8 @@ bool ConcurrentMarking::IsWorkLeft() const {
 
 void ConcurrentMarking::RescheduleJobIfNeeded(
     GarbageCollector garbage_collector, TaskPriority priority) {
-  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking);
+  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking ||
+         v8_flags.concurrent_minor_ms_marking);
 
   if (garbage_collector == GarbageCollector::MARK_COMPACTOR &&
       !heap_->mark_compact_collector()->UseBackgroundThreadsInCycle()) {
@@ -696,7 +698,8 @@ void ConcurrentMarking::FlushPretenuringFeedback() {
 }
 
 void ConcurrentMarking::Join() {
-  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking);
+  DCHECK(v8_flags.parallel_marking || v8_flags.concurrent_marking ||
+         v8_flags.concurrent_minor_ms_marking);
   DCHECK_IMPLIES(
       garbage_collector_ == GarbageCollector::MARK_COMPACTOR,
       heap_->mark_compact_collector()->UseBackgroundThreadsInCycle());
diff --git a/deps/v8/src/heap/conservative-stack-visitor.cc b/deps/v8/src/heap/conservative-stack-visitor.cc
index 74b8b639130ce2..edf528200a35f9 100644
--- a/deps/v8/src/heap/conservative-stack-visitor.cc
+++ b/deps/v8/src/heap/conservative-stack-visitor.cc
@@ -19,37 +19,42 @@ namespace internal {
 
 ConservativeStackVisitor::ConservativeStackVisitor(Isolate* isolate,
                                                    RootVisitor* delegate)
+    : ConservativeStackVisitor(isolate, delegate, delegate->collector()) {}
+
+ConservativeStackVisitor::ConservativeStackVisitor(Isolate* isolate,
+                                                   RootVisitor* delegate,
+                                                   GarbageCollector collector)
     : cage_base_(isolate),
 #ifdef V8_EXTERNAL_CODE_SPACE
       code_cage_base_(isolate->code_cage_base()),
       code_address_region_(isolate->heap()->code_region()),
+#endif
+#ifdef V8_ENABLE_SANDBOX
+      trusted_cage_base_(isolate->isolate_data()->trusted_cage_base_address()),
 #endif
       delegate_(delegate),
       allocator_(isolate->heap()->memory_allocator()),
-      collector_(delegate->collector()) {
+      collector_(collector) {
 }
 
-ConservativeStackVisitor::ConservativeStackVisitor(Isolate* isolate,
-                                                   GarbageCollector collector)
-    : cage_base_(isolate),
+#ifdef V8_COMPRESS_POINTERS
+bool ConservativeStackVisitor::IsInterestingCage(
+    PtrComprCageBase cage_base) const {
+  if (cage_base == cage_base_) return true;
 #ifdef V8_EXTERNAL_CODE_SPACE
-      code_cage_base_(isolate->code_cage_base()),
-      code_address_region_(isolate->heap()->code_region()),
+  if (cage_base == code_cage_base_) return true;
 #endif
-      delegate_(nullptr),
-      allocator_(isolate->heap()->memory_allocator()),
-      collector_(collector) {
+#ifdef V8_ENABLE_SANDBOX
+  if (cage_base == trusted_cage_base_) return true;
+#endif
+  return false;
 }
+#endif  // V8_COMPRESS_POINTERS
 
 Address ConservativeStackVisitor::FindBasePtr(
     Address maybe_inner_ptr, PtrComprCageBase cage_base) const {
 #ifdef V8_COMPRESS_POINTERS
-  // Check that the cage base corresponds to an interesting cage.
-#ifdef V8_EXTERNAL_CODE_SPACE
-  DCHECK(cage_base == cage_base_ || cage_base == code_cage_base_);
-#else
-  DCHECK_EQ(cage_base, cage_base_);
-#endif
+  DCHECK(IsInterestingCage(cage_base));
 #endif  // V8_COMPRESS_POINTERS
   // Check if the pointer is contained by a normal or large page owned by this
   // heap. Bail out if it is not.
@@ -114,6 +119,12 @@ void ConservativeStackVisitor::VisitPointer(const void* pointer) {
         VisitConservativelyIfPointer(ptr, code_cage_base_);
       });
 #endif  // V8_EXTERNAL_CODE_SPACE
+#ifdef V8_ENABLE_SANDBOX
+  TrustedSpaceCompressionScheme::ProcessIntermediatePointers(
+      trusted_cage_base_, address, [this](Address ptr) {
+        VisitConservativelyIfPointer(ptr, trusted_cage_base_);
+      });
+#endif  // V8_ENABLE_SANDBOX
 #endif  // V8_COMPRESS_POINTERS
 }
 
diff --git a/deps/v8/src/heap/conservative-stack-visitor.h b/deps/v8/src/heap/conservative-stack-visitor.h
index ec5627d30895e1..9450089c058b67 100644
--- a/deps/v8/src/heap/conservative-stack-visitor.h
+++ b/deps/v8/src/heap/conservative-stack-visitor.h
@@ -35,26 +35,33 @@ class V8_EXPORT_PRIVATE ConservativeStackVisitor
 
   static ConservativeStackVisitor ForTesting(Isolate* isolate,
                                              GarbageCollector collector) {
-    return ConservativeStackVisitor(isolate, collector);
+    return ConservativeStackVisitor(isolate, nullptr, collector);
   }
 
  private:
-  ConservativeStackVisitor(Isolate* isolate, GarbageCollector collector);
+  ConservativeStackVisitor(Isolate* isolate, RootVisitor* delegate,
+                           GarbageCollector collector);
 
   void VisitConservativelyIfPointer(Address address);
   void VisitConservativelyIfPointer(Address address,
                                     PtrComprCageBase cage_base);
 
+#ifdef V8_COMPRESS_POINTERS
+  bool IsInterestingCage(PtrComprCageBase cage_base) const;
+#endif
+
   // The "interesting" cages where we conservatively scan pointers are:
   // - The regular cage for the V8 heap.
   // - The cage used for code objects, if an external code space is used.
-  // We don't need to scan pointers in the trusted space, so we can ignore
-  // the trusted cage.
+  // - The trusted space cage.
   const PtrComprCageBase cage_base_;
 #ifdef V8_EXTERNAL_CODE_SPACE
   const PtrComprCageBase code_cage_base_;
   base::AddressRegion code_address_region_;
 #endif
+#ifdef V8_ENABLE_SANDBOX
+  const PtrComprCageBase trusted_cage_base_;
+#endif
 
   RootVisitor* const delegate_;
   MemoryAllocator* const allocator_;
diff --git a/deps/v8/src/heap/cppgc/pointer-policies.cc b/deps/v8/src/heap/cppgc/pointer-policies.cc
index 0cbde5ede3f20e..02393df72704ba 100644
--- a/deps/v8/src/heap/cppgc/pointer-policies.cc
+++ b/deps/v8/src/heap/cppgc/pointer-policies.cc
@@ -33,6 +33,10 @@ void SameThreadEnabledCheckingPolicyBase::CheckPointerImpl(
     const void* ptr, bool points_to_payload, bool check_off_heap_assignments) {
   // `ptr` must not reside on stack.
   DCHECK(!IsOnStack(ptr));
+#if defined(CPPGC_CAGED_HEAP)
+  // `ptr` must reside in the cage.
+  DCHECK(CagedHeapBase::IsWithinCage(ptr));
+#endif  // defined(CPPGC_CAGED_HEAP)
   // Check for the most commonly used wrong sentinel value (-1).
   DCHECK_NE(reinterpret_cast<void*>(-1), ptr);
   auto* base_page = BasePage::FromPayload(ptr);
@@ -63,6 +67,9 @@ void SameThreadEnabledCheckingPolicyBase::CheckPointerImpl(
   const HeapObjectHeader* header = nullptr;
   if (points_to_payload) {
     header = &HeapObjectHeader::FromObject(ptr);
+    DCHECK_EQ(
+        header,
+        &base_page->ObjectHeaderFromInnerAddress<AccessMode::kAtomic>(ptr));
   } else {
     // Mixin case. Access the ObjectStartBitmap atomically since sweeping can be
     // in progress.
diff --git a/deps/v8/src/heap/cppgc/stats-collector.cc b/deps/v8/src/heap/cppgc/stats-collector.cc
index ccad82c81d65e7..7d4db587dd555e 100644
--- a/deps/v8/src/heap/cppgc/stats-collector.cc
+++ b/deps/v8/src/heap/cppgc/stats-collector.cc
@@ -233,7 +233,7 @@ MetricRecorder::GCCycle GetCycleEventForMetricRecorder(
     event.collection_rate_in_percent = 0;
   } else {
     event.collection_rate_in_percent =
-        static_cast<double>(event.objects.after_bytes) /
+        static_cast<double>(event.objects.freed_bytes) /
         event.objects.before_bytes;
   }
   // Efficiency:
diff --git a/deps/v8/src/heap/cppgc/visitor.cc b/deps/v8/src/heap/cppgc/visitor.cc
index d517cd558328e7..cb412d6b009456 100644
--- a/deps/v8/src/heap/cppgc/visitor.cc
+++ b/deps/v8/src/heap/cppgc/visitor.cc
@@ -4,6 +4,7 @@
 
 #include "src/heap/cppgc/visitor.h"
 
+#include "src/base/sanitizer/asan.h"
 #include "src/base/sanitizer/msan.h"
 #include "src/heap/cppgc/gc-info-table.h"
 #include "src/heap/cppgc/heap-base.h"
@@ -31,18 +32,20 @@ ConservativeTracingVisitor::ConservativeTracingVisitor(
     HeapBase& heap, PageBackend& page_backend, cppgc::Visitor& visitor)
     : heap_(heap), page_backend_(page_backend), visitor_(visitor) {}
 
+// Conservative scanning of objects is not compatible with ASAN as we may scan
+// over objects reading poisoned memory. One such example was added to libc++
+// (June 2024) in the form of container annotations for short std::string.
+DISABLE_ASAN
 void ConservativeTracingVisitor::TraceConservatively(
     const HeapObjectHeader& header) {
   const auto object_view = ObjectView<>(header);
   uintptr_t* word = reinterpret_cast<uintptr_t*>(object_view.Start());
   for (size_t i = 0; i < (object_view.Size() / sizeof(uintptr_t)); ++i) {
     uintptr_t maybe_full_ptr = word[i];
-#if defined(MEMORY_SANITIZER)
     // |object| may be uninitialized by design or just contain padding bytes.
     // Copy into a local variable that is not poisoned for conservative marking.
     // Copy into a temporary variable to maintain the original MSAN state.
     MSAN_MEMORY_IS_INITIALIZED(&maybe_full_ptr, sizeof(maybe_full_ptr));
-#endif
     // First, check the full pointer.
     if (maybe_full_ptr > SentinelPointer::kSentinelValue)
       this->TraceConservativelyIfNeeded(
diff --git a/deps/v8/src/heap/evacuation-allocator-inl.h b/deps/v8/src/heap/evacuation-allocator-inl.h
index 84883ae165e087..dac2c4d797be76 100644
--- a/deps/v8/src/heap/evacuation-allocator-inl.h
+++ b/deps/v8/src/heap/evacuation-allocator-inl.h
@@ -15,6 +15,7 @@ namespace internal {
 AllocationResult EvacuationAllocator::Allocate(AllocationSpace space,
                                                int object_size,
                                                AllocationAlignment alignment) {
+  DCHECK_IMPLIES(!shared_space_allocator_, space != SHARED_SPACE);
   object_size = ALIGN_TO_ALLOCATION_ALIGNMENT(object_size);
   switch (space) {
     case NEW_SPACE:
diff --git a/deps/v8/src/heap/evacuation-allocator.cc b/deps/v8/src/heap/evacuation-allocator.cc
index 6c56c7bf847e8d..9ac30b75100955 100644
--- a/deps/v8/src/heap/evacuation-allocator.cc
+++ b/deps/v8/src/heap/evacuation-allocator.cc
@@ -23,14 +23,17 @@ EvacuationAllocator::EvacuationAllocator(
                                MainAllocator::kInGC);
   code_space_allocator_.emplace(heap, compaction_spaces_.Get(CODE_SPACE),
                                 MainAllocator::kInGC);
-  shared_space_allocator_.emplace(heap, compaction_spaces_.Get(SHARED_SPACE),
-                                  MainAllocator::kInGC);
+  if (heap_->isolate()->has_shared_space()) {
+    shared_space_allocator_.emplace(heap, compaction_spaces_.Get(SHARED_SPACE),
+                                    MainAllocator::kInGC);
+  }
   trusted_space_allocator_.emplace(heap, compaction_spaces_.Get(TRUSTED_SPACE),
                                    MainAllocator::kInGC);
 }
 
 void EvacuationAllocator::FreeLast(AllocationSpace space,
                                    Tagged<HeapObject> object, int object_size) {
+  DCHECK_IMPLIES(!shared_space_allocator_, space != SHARED_SPACE);
   object_size = ALIGN_TO_ALLOCATION_ALIGNMENT(object_size);
   switch (space) {
     case NEW_SPACE:
@@ -68,9 +71,9 @@ void EvacuationAllocator::Finalize() {
   code_space_allocator()->FreeLinearAllocationArea();
   heap_->code_space()->MergeCompactionSpace(compaction_spaces_.Get(CODE_SPACE));
 
-  if (heap_->shared_space()) {
-    shared_space_allocator()->FreeLinearAllocationArea();
-    heap_->shared_space()->MergeCompactionSpace(
+  if (shared_space_allocator_) {
+    shared_space_allocator_->FreeLinearAllocationArea();
+    heap_->shared_allocation_space()->MergeCompactionSpace(
         compaction_spaces_.Get(SHARED_SPACE));
   }
 
diff --git a/deps/v8/src/heap/evacuation-verifier-inl.h b/deps/v8/src/heap/evacuation-verifier-inl.h
index a91892740e630a..e1781fb924b538 100644
--- a/deps/v8/src/heap/evacuation-verifier-inl.h
+++ b/deps/v8/src/heap/evacuation-verifier-inl.h
@@ -32,7 +32,7 @@ template <typename TSlot>
 void EvacuationVerifier::VerifyPointersImpl(TSlot start, TSlot end) {
   for (TSlot current = start; current < end; ++current) {
     typename TSlot::TObject object = current.load(cage_base());
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     if (object.ptr() == kTaggedNullAddress) continue;
 #endif
     Tagged<HeapObject> heap_object;
diff --git a/deps/v8/src/heap/factory-base.cc b/deps/v8/src/heap/factory-base.cc
index 024d7f0115eb7b..1b53918bf1a869 100644
--- a/deps/v8/src/heap/factory-base.cc
+++ b/deps/v8/src/heap/factory-base.cc
@@ -20,6 +20,7 @@
 #include "src/logging/log.h"
 #include "src/objects/arguments-inl.h"
 #include "src/objects/instance-type.h"
+#include "src/objects/js-regexp-inl.h"
 #include "src/objects/literal-objects-inl.h"
 #include "src/objects/module-inl.h"
 #include "src/objects/oddball.h"
@@ -374,44 +375,9 @@ Handle<BytecodeWrapper> FactoryBase<Impl>::NewBytecodeWrapper() {
   // verifier might see the wrapper before the field can be set, we need to
   // clear the field here.
   wrapper->clear_bytecode();
-  wrapper->clear_padding();
   return wrapper;
 }
 
-#if V8_ENABLE_WEBASSEMBLY
-template <typename Impl>
-Handle<WasmTrustedInstanceData>
-FactoryBase<Impl>::NewWasmTrustedInstanceData() {
-  Tagged<WasmTrustedInstanceData> result =
-      Cast<WasmTrustedInstanceData>(AllocateRawWithImmortalMap(
-          WasmTrustedInstanceData::kSize, AllocationType::kTrusted,
-          read_only_roots().wasm_trusted_instance_data_map()));
-  DisallowGarbageCollection no_gc;
-  result->init_self_indirect_pointer(isolate());
-  result->clear_padding();
-  for (int offset : WasmTrustedInstanceData::kTaggedFieldOffsets) {
-    result->RawField(offset).store(read_only_roots().undefined_value());
-  }
-  return handle(result, isolate());
-}
-
-template <typename Impl>
-Handle<WasmDispatchTable> FactoryBase<Impl>::NewWasmDispatchTable(int length) {
-  CHECK_LE(length, WasmDispatchTable::kMaxLength);
-  int bytes = WasmDispatchTable::SizeFor(length);
-  Tagged<WasmDispatchTable> result = UncheckedCast<WasmDispatchTable>(
-      AllocateRawWithImmortalMap(bytes, AllocationType::kTrusted,
-                                 read_only_roots().wasm_dispatch_table_map()));
-  result->WriteField<int>(WasmDispatchTable::kLengthOffset, length);
-  result->WriteField<int>(WasmDispatchTable::kCapacityOffset, length);
-  for (int i = 0; i < length; ++i) {
-    result->Clear(i);
-    result->clear_entry_padding(i);
-  }
-  return handle(result, isolate());
-}
-#endif  // V8_ENABLE_WEBASSEMBLY
-
 template <typename Impl>
 Handle<Script> FactoryBase<Impl>::NewScript(
     DirectHandle<UnionOf<String, Undefined>> source,
@@ -443,8 +409,7 @@ Handle<Script> FactoryBase<Impl>::NewScriptWithId(
     raw->set_eval_from_shared_or_wrapped_arguments(roots.undefined_value(),
                                                    SKIP_WRITE_BARRIER);
     raw->set_eval_from_position(0);
-    raw->set_shared_function_infos(roots.empty_weak_fixed_array(),
-                                   SKIP_WRITE_BARRIER);
+    raw->set_infos(roots.empty_weak_fixed_array(), SKIP_WRITE_BARRIER);
     raw->set_flags(0);
     raw->set_host_defined_options(roots.empty_fixed_array(),
                                   SKIP_WRITE_BARRIER);
@@ -493,8 +458,8 @@ Handle<SharedFunctionInfo> FactoryBase<Impl>::NewSharedFunctionInfoForLiteral(
   shared->set_function_literal_id(literal->function_literal_id());
   literal->set_shared_function_info(shared);
   SharedFunctionInfo::InitFromFunctionLiteral(isolate(), literal, is_toplevel);
-  shared->SetScript(read_only_roots(), *script, literal->function_literal_id(),
-                    false);
+  shared->SetScript(isolate(), read_only_roots(), *script,
+                    literal->function_literal_id(), false);
   return shared;
 }
 
@@ -547,7 +512,7 @@ FactoryBase<Impl>::NewUncompiledDataWithoutPreparseData(
     Handle<String> inferred_name, int32_t start_position,
     int32_t end_position) {
   return TorqueGeneratedFactory<Impl>::NewUncompiledDataWithoutPreparseData(
-      inferred_name, start_position, end_position, AllocationType::kOld);
+      inferred_name, start_position, end_position, AllocationType::kTrusted);
 }
 
 template <typename Impl>
@@ -557,7 +522,7 @@ FactoryBase<Impl>::NewUncompiledDataWithPreparseData(
     Handle<PreparseData> preparse_data) {
   return TorqueGeneratedFactory<Impl>::NewUncompiledDataWithPreparseData(
       inferred_name, start_position, end_position, preparse_data,
-      AllocationType::kOld);
+      AllocationType::kTrusted);
 }
 
 template <typename Impl>
@@ -565,12 +530,10 @@ Handle<UncompiledDataWithoutPreparseDataWithJob>
 FactoryBase<Impl>::NewUncompiledDataWithoutPreparseDataWithJob(
     Handle<String> inferred_name, int32_t start_position,
     int32_t end_position) {
-  return TorqueGeneratedFactory<
-      Impl>::NewUncompiledDataWithoutPreparseDataWithJob(inferred_name,
-                                                         start_position,
-                                                         end_position,
-                                                         kNullAddress,
-                                                         AllocationType::kOld);
+  return TorqueGeneratedFactory<Impl>::
+      NewUncompiledDataWithoutPreparseDataWithJob(inferred_name, start_position,
+                                                  end_position, kNullAddress,
+                                                  AllocationType::kTrusted);
 }
 
 template <typename Impl>
@@ -580,7 +543,7 @@ FactoryBase<Impl>::NewUncompiledDataWithPreparseDataAndJob(
     Handle<PreparseData> preparse_data) {
   return TorqueGeneratedFactory<Impl>::NewUncompiledDataWithPreparseDataAndJob(
       inferred_name, start_position, end_position, preparse_data, kNullAddress,
-      AllocationType::kOld);
+      AllocationType::kTrusted);
 }
 
 template <typename Impl>
@@ -610,11 +573,11 @@ Handle<SharedFunctionInfo> FactoryBase<Impl>::NewSharedFunctionInfo(
     DCHECK(!Builtins::IsBuiltinId(builtin));
     DCHECK(!IsInstructionStream(*function_data));
     DCHECK(!IsCode(*function_data));
-    SharedFunctionInfo::DataType type =
-        IsExposedTrustedObject(*function_data)
-            ? SharedFunctionInfo::DataType::kTrusted
-            : SharedFunctionInfo::DataType::kRegular;
-    raw->SetData(*function_data, kReleaseStore, type);
+    if (IsExposedTrustedObject(*function_data)) {
+      raw->SetTrustedData(Cast<ExposedTrustedObject>(*function_data));
+    } else {
+      raw->SetUntrustedData(*function_data);
+    }
   } else if (Builtins::IsBuiltinId(builtin)) {
     raw->set_builtin_id(builtin);
   } else {
@@ -654,10 +617,20 @@ FactoryBase<Impl>::NewArrayBoilerplateDescription(
   return handle(result, isolate());
 }
 
+template <typename Impl>
+Handle<RegExpDataWrapper> FactoryBase<Impl>::NewRegExpDataWrapper() {
+  Handle<RegExpDataWrapper> wrapper(
+      Cast<RegExpDataWrapper>(NewWithImmortalMap(
+          read_only_roots().regexp_data_wrapper_map(), AllocationType::kOld)),
+      isolate());
+  wrapper->clear_data();
+  return wrapper;
+}
+
 template <typename Impl>
 Handle<RegExpBoilerplateDescription>
 FactoryBase<Impl>::NewRegExpBoilerplateDescription(
-    DirectHandle<FixedArray> data, DirectHandle<String> source,
+    DirectHandle<RegExpData> data, DirectHandle<String> source,
     Tagged<Smi> flags) {
   auto result = NewStructInternal<RegExpBoilerplateDescription>(
       REG_EXP_BOILERPLATE_DESCRIPTION_TYPE, AllocationType::kOld);
@@ -687,7 +660,7 @@ template <typename Impl>
 Handle<FeedbackMetadata> FactoryBase<Impl>::NewFeedbackMetadata(
     int slot_count, int create_closure_slot_count, AllocationType allocation) {
   DCHECK_LE(0, slot_count);
-  int size = FeedbackMetadata::SizeFor(slot_count);
+  int size = FeedbackMetadata::SizeFor(slot_count, create_closure_slot_count);
   Tagged<FeedbackMetadata> result =
       Cast<FeedbackMetadata>(AllocateRawWithImmortalMap(
           size, allocation, read_only_roots().feedback_metadata_map()));
diff --git a/deps/v8/src/heap/factory-base.h b/deps/v8/src/heap/factory-base.h
index 259a3b396a26b0..365a4c6c716a05 100644
--- a/deps/v8/src/heap/factory-base.h
+++ b/deps/v8/src/heap/factory-base.h
@@ -207,11 +207,6 @@ class FactoryBase : public TorqueGeneratedFactory<Impl> {
 
   Handle<BytecodeWrapper> NewBytecodeWrapper();
 
-#if V8_ENABLE_WEBASSEMBLY
-  Handle<WasmTrustedInstanceData> NewWasmTrustedInstanceData();
-  Handle<WasmDispatchTable> NewWasmDispatchTable(int length);
-#endif  // V8_ENABLE_WEBASSEMBLY
-
   // Allocates a fixed array for name-value pairs of boilerplate properties and
   // calculates the number of properties we need to store in the backing store.
   Handle<ObjectBoilerplateDescription> NewObjectBoilerplateDescription(
@@ -221,8 +216,10 @@ class FactoryBase : public TorqueGeneratedFactory<Impl> {
   Handle<ArrayBoilerplateDescription> NewArrayBoilerplateDescription(
       ElementsKind elements_kind, DirectHandle<FixedArrayBase> constant_values);
 
+  Handle<RegExpDataWrapper> NewRegExpDataWrapper();
+
   Handle<RegExpBoilerplateDescription> NewRegExpBoilerplateDescription(
-      DirectHandle<FixedArray> data, DirectHandle<String> source,
+      DirectHandle<RegExpData> data, DirectHandle<String> source,
       Tagged<Smi> flags);
 
   // Create a new TemplateObjectDescription struct.
diff --git a/deps/v8/src/heap/factory.cc b/deps/v8/src/heap/factory.cc
index 88dd00a80185f7..4ef611e8d84ebf 100644
--- a/deps/v8/src/heap/factory.cc
+++ b/deps/v8/src/heap/factory.cc
@@ -1303,7 +1303,7 @@ Handle<Context> Factory::NewScriptContext(DirectHandle<NativeContext> outer,
   DCHECK(scope_info->is_script_scope());
   int variadic_part_length = scope_info->ContextLength();
 
-  Handle<FixedArray> side_data;
+  DirectHandle<FixedArray> side_data;
   if (v8_flags.const_tracking_let) {
     side_data = NewFixedArray(scope_info->ContextLocalCount());
   } else {
@@ -1345,7 +1345,7 @@ Handle<Context> Factory::NewModuleContext(DirectHandle<SourceTextModule> module,
 
 Handle<Context> Factory::NewFunctionContext(
     DirectHandle<Context> outer, DirectHandle<ScopeInfo> scope_info) {
-  Handle<Map> map;
+  DirectHandle<Map> map;
   switch (scope_info->scope_type()) {
     case EVAL_SCOPE:
       map = isolate()->eval_context_map();
@@ -1543,8 +1543,7 @@ Handle<Script> Factory::CloneScript(DirectHandle<Script> script,
     new_script->set_line_ends(Smi::zero());
     new_script->set_eval_from_shared_or_wrapped_arguments(
         script->eval_from_shared_or_wrapped_arguments());
-    new_script->set_shared_function_infos(*empty_weak_fixed_array(),
-                                          SKIP_WRITE_BARRIER);
+    new_script->set_infos(*empty_weak_fixed_array(), SKIP_WRITE_BARRIER);
     new_script->set_eval_from_position(old_script->eval_from_position());
     new_script->set_flags(old_script->flags());
     new_script->set_host_defined_options(old_script->host_defined_options());
@@ -1611,6 +1610,36 @@ Handle<PromiseResolveThenableJobTask> Factory::NewPromiseResolveThenableJobTask(
 }
 
 #if V8_ENABLE_WEBASSEMBLY
+
+Handle<WasmTrustedInstanceData> Factory::NewWasmTrustedInstanceData() {
+  Tagged<WasmTrustedInstanceData> result =
+      Cast<WasmTrustedInstanceData>(AllocateRawWithImmortalMap(
+          WasmTrustedInstanceData::kSize, AllocationType::kTrusted,
+          read_only_roots().wasm_trusted_instance_data_map()));
+  DisallowGarbageCollection no_gc;
+  result->init_self_indirect_pointer(isolate());
+  result->clear_padding();
+  for (int offset : WasmTrustedInstanceData::kTaggedFieldOffsets) {
+    result->RawField(offset).store(read_only_roots().undefined_value());
+  }
+  return handle(result, isolate());
+}
+
+Handle<WasmDispatchTable> Factory::NewWasmDispatchTable(int length) {
+  CHECK_LE(length, WasmDispatchTable::kMaxLength);
+  int bytes = WasmDispatchTable::SizeFor(length);
+  Tagged<WasmDispatchTable> result = UncheckedCast<WasmDispatchTable>(
+      AllocateRawWithImmortalMap(bytes, AllocationType::kTrusted,
+                                 read_only_roots().wasm_dispatch_table_map()));
+  result->WriteField<int>(WasmDispatchTable::kLengthOffset, length);
+  result->WriteField<int>(WasmDispatchTable::kCapacityOffset, length);
+  for (int i = 0; i < length; ++i) {
+    result->Clear(i);
+    result->clear_entry_padding(i);
+  }
+  return handle(result, isolate());
+}
+
 Handle<WasmTypeInfo> Factory::NewWasmTypeInfo(
     Address type_address, Handle<Map> opt_parent,
     DirectHandle<WasmTrustedInstanceData> opt_trusted_data,
@@ -1661,12 +1690,12 @@ Handle<WasmTypeInfo> Factory::NewWasmTypeInfo(
   return handle(result, isolate());
 }
 
-Handle<WasmApiFunctionRef> Factory::NewWasmApiFunctionRef(
+Handle<WasmImportData> Factory::NewWasmImportData(
     DirectHandle<HeapObject> callable, wasm::Suspend suspend,
     MaybeDirectHandle<WasmTrustedInstanceData> instance_data,
     DirectHandle<PodArray<wasm::ValueType>> serialized_sig) {
-  Tagged<Map> map = *wasm_api_function_ref_map();
-  auto result = Cast<WasmApiFunctionRef>(AllocateRawWithImmortalMap(
+  Tagged<Map> map = *wasm_import_data_map();
+  auto result = Cast<WasmImportData>(AllocateRawWithImmortalMap(
       map->instance_size(), AllocationType::kTrusted, map));
   DisallowGarbageCollection no_gc;
   result->set_native_context(*isolate()->native_context());
@@ -1678,18 +1707,18 @@ Handle<WasmApiFunctionRef> Factory::NewWasmApiFunctionRef(
     result->set_instance_data(*instance_data.ToHandleChecked());
   }
   result->set_wrapper_budget(v8_flags.wasm_wrapper_tiering_budget);
-  result->set_call_origin(Smi::FromInt(WasmApiFunctionRef::kInvalidCallOrigin));
+  result->set_call_origin(Smi::FromInt(WasmImportData::kInvalidCallOrigin));
   result->set_sig(*serialized_sig);
   result->set_code(*BUILTIN_CODE(isolate(), Abort));
   return handle(result, isolate());
 }
 
-Handle<WasmApiFunctionRef> Factory::NewWasmApiFunctionRef(
-    DirectHandle<WasmApiFunctionRef> ref) {
-  return NewWasmApiFunctionRef(handle(ref->callable(), isolate()),
-                               static_cast<wasm::Suspend>(ref->suspend()),
-                               handle(ref->instance_data(), isolate()),
-                               handle(ref->sig(), isolate()));
+Handle<WasmImportData> Factory::NewWasmImportData(
+    DirectHandle<WasmImportData> ref) {
+  return NewWasmImportData(handle(ref->callable(), isolate()),
+                           static_cast<wasm::Suspend>(ref->suspend()),
+                           handle(ref->instance_data(), isolate()),
+                           handle(ref->sig(), isolate()));
 }
 
 Handle<WasmFastApiCallData> Factory::NewWasmFastApiCallData(
@@ -1704,7 +1733,7 @@ Handle<WasmFastApiCallData> Factory::NewWasmFastApiCallData(
 }
 
 Handle<WasmInternalFunction> Factory::NewWasmInternalFunction(
-    DirectHandle<TrustedObject> ref, int function_index,
+    DirectHandle<TrustedObject> implicit_arg, int function_index,
     uintptr_t signature_hash) {
   Tagged<WasmInternalFunction> internal =
       Cast<WasmInternalFunction>(AllocateRawWithImmortalMap(
@@ -1714,11 +1743,12 @@ Handle<WasmInternalFunction> Factory::NewWasmInternalFunction(
   {
     DisallowGarbageCollection no_gc;
     internal->set_call_target(kNullAddress);
-    DCHECK(IsWasmTrustedInstanceData(*ref) || IsWasmApiFunctionRef(*ref));
-    internal->set_ref(*ref);
+    DCHECK(IsWasmTrustedInstanceData(*implicit_arg) ||
+           IsWasmImportData(*implicit_arg));
+    internal->set_implicit_arg(*implicit_arg);
 #if V8_ENABLE_SANDBOX
     internal->set_signature_hash(signature_hash);
-#endif  // V8_ENABLE_SANDBOX
+#endif  // V8_SANDBOX
     // Default values, will be overwritten by the caller.
     internal->set_function_index(function_index);
     internal->set_external(*undefined_value());
@@ -1746,14 +1776,14 @@ Handle<WasmJSFunctionData> Factory::NewWasmJSFunctionData(
     DirectHandle<PodArray<wasm::ValueType>> serialized_sig,
     DirectHandle<Code> wrapper_code, DirectHandle<Map> rtt,
     wasm::Suspend suspend, wasm::Promise promise, uintptr_t signature_hash) {
-  DirectHandle<WasmApiFunctionRef> ref = NewWasmApiFunctionRef(
+  DirectHandle<WasmImportData> ref = NewWasmImportData(
       callable, suspend, DirectHandle<WasmTrustedInstanceData>(),
       serialized_sig);
 
   DirectHandle<WasmInternalFunction> internal =
       NewWasmInternalFunction(ref, -1, signature_hash);
   DirectHandle<WasmFuncRef> func_ref = NewWasmFuncRef(internal, rtt);
-  WasmApiFunctionRef::SetFuncRefAsCallOrigin(ref, func_ref);
+  WasmImportData::SetFuncRefAsCallOrigin(ref, func_ref);
   Tagged<Map> map = *wasm_js_function_data_map();
   Tagged<WasmJSFunctionData> result =
       Cast<WasmJSFunctionData>(AllocateRawWithImmortalMap(
@@ -1781,6 +1811,43 @@ Handle<WasmResumeData> Factory::NewWasmResumeData(
   return handle(result, isolate());
 }
 
+Handle<WasmSuspenderObject> Factory::NewWasmSuspenderObject() {
+  DirectHandle<JSPromise> promise = NewJSPromise();
+  Tagged<Map> map = *wasm_suspender_object_map();
+  Tagged<WasmSuspenderObject> obj =
+      Cast<WasmSuspenderObject>(AllocateRawWithImmortalMap(
+          map->instance_size(), AllocationType::kOld, map));
+  auto suspender = handle(obj, isolate());
+  // Ensure that all properties are initialized before the allocation below.
+  suspender->set_continuation(*undefined_value());
+  suspender->set_parent(*undefined_value());
+  suspender->set_promise(*promise);
+  suspender->set_resume(*undefined_value());
+  suspender->set_reject(*undefined_value());
+  suspender->set_state(WasmSuspenderObject::kInactive);
+  suspender->set_has_js_frames(0);
+  // Instantiate the callable object which resumes this Suspender. This will be
+  // used implicitly as the onFulfilled callback of the returned JS promise.
+  DirectHandle<WasmResumeData> resume_data =
+      NewWasmResumeData(suspender, wasm::OnResume::kContinue);
+  Handle<SharedFunctionInfo> resume_sfi =
+      NewSharedFunctionInfoForWasmResume(resume_data);
+  Handle<Context> context(isolate()->native_context());
+  DirectHandle<JSObject> resume =
+      Factory::JSFunctionBuilder{isolate(), resume_sfi, context}.Build();
+
+  DirectHandle<WasmResumeData> reject_data =
+      isolate()->factory()->NewWasmResumeData(suspender,
+                                              wasm::OnResume::kThrow);
+  Handle<SharedFunctionInfo> reject_sfi =
+      isolate()->factory()->NewSharedFunctionInfoForWasmResume(reject_data);
+  DirectHandle<JSObject> reject =
+      Factory::JSFunctionBuilder{isolate(), reject_sfi, context}.Build();
+  suspender->set_resume(*resume);
+  suspender->set_reject(*reject);
+  return suspender;
+}
+
 Handle<WasmExportedFunctionData> Factory::NewWasmExportedFunctionData(
     DirectHandle<Code> export_wrapper,
     DirectHandle<WasmTrustedInstanceData> instance_data,
@@ -1820,13 +1887,13 @@ Handle<WasmCapiFunctionData> Factory::NewWasmCapiFunctionData(
     DirectHandle<Code> wrapper_code, DirectHandle<Map> rtt,
     DirectHandle<PodArray<wasm::ValueType>> serialized_sig,
     uintptr_t signature_hash) {
-  DirectHandle<WasmApiFunctionRef> ref = NewWasmApiFunctionRef(
+  DirectHandle<WasmImportData> ref = NewWasmImportData(
       undefined_value(), wasm::kNoSuspend,
       DirectHandle<WasmTrustedInstanceData>(), serialized_sig);
   DirectHandle<WasmInternalFunction> internal =
       NewWasmInternalFunction(ref, -1, signature_hash);
   DirectHandle<WasmFuncRef> func_ref = NewWasmFuncRef(internal, rtt);
-  WasmApiFunctionRef::SetFuncRefAsCallOrigin(ref, func_ref);
+  WasmImportData::SetFuncRefAsCallOrigin(ref, func_ref);
   internal->set_call_target(call_target);
   Tagged<Map> map = *wasm_capi_function_data_map();
   Tagged<WasmCapiFunctionData> result =
@@ -1958,6 +2025,18 @@ Handle<Object> Factory::NewWasmArrayFromElementSegment(
   return handle(result, isolate());
 }
 
+#if V8_ENABLE_DRUMBRAKE
+Handle<WasmStruct> Factory::NewWasmStructUninitialized(
+    const wasm::StructType* type, Handle<Map> map) {
+  Tagged<HeapObject> raw =
+      AllocateRaw(WasmStruct::Size(type), AllocationType::kYoung);
+  raw->set_map_after_allocation(*map);
+  Tagged<WasmStruct> result = Cast<WasmStruct>(raw);
+  result->set_raw_properties_or_hash(*empty_fixed_array(), kRelaxedStore);
+  return handle(result, isolate());
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 Handle<WasmStruct> Factory::NewWasmStruct(const wasm::StructType* type,
                                           wasm::WasmValue* args,
                                           DirectHandle<Map> map) {
@@ -2133,6 +2212,8 @@ Handle<TransitionArray> Factory::NewTransitionArray(int number_of_transitions,
   }
   array->WeakFixedArray::set(TransitionArray::kPrototypeTransitionsIndex,
                              Smi::zero());
+  array->WeakFixedArray::set(TransitionArray::kSideStepTransitionsIndex,
+                             Smi::zero());
   array->WeakFixedArray::set(TransitionArray::kTransitionLengthIndex,
                              Smi::FromInt(number_of_transitions));
   return array;
@@ -2305,7 +2386,7 @@ Handle<Map> Factory::NewContextfulMapForCurrentContext(
     int inobject_properties, AllocationType allocation_type) {
   DCHECK(InstanceTypeChecker::IsNativeContextSpecific(type) ||
          InstanceTypeChecker::IsMap(type));
-  auto meta_map_provider = [=] {
+  auto meta_map_provider = [=, this] {
     // Tie new map to current native context.
     return isolate()->raw_native_context()->meta_map();
   };
@@ -2324,7 +2405,7 @@ Handle<Map> Factory::NewContextlessMap(InstanceType type, int instance_size,
          type == JS_GLOBAL_PROXY_TYPE ||  // might be a placeholder object.
          type == JS_SPECIAL_API_OBJECT_TYPE ||  // might be a remote Api object.
          InstanceTypeChecker::IsMap(type));
-  auto meta_map_provider = [=] {
+  auto meta_map_provider = [=, this] {
     // The new map is not tied to any context.
     return ReadOnlyRoots(isolate()).meta_map();
   };
@@ -2419,7 +2500,7 @@ Handle<JSObject> Factory::CopyJSObjectWithAllocationSite(
       clone->set_raw_properties_or_hash(*prop, kRelaxedStore);
     }
   } else {
-    Handle<Object> copied_properties;
+    DirectHandle<Object> copied_properties;
     if (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
       copied_properties = SwissNameDictionary::ShallowCopy(
           isolate(), handle(source->property_dictionary_swiss(), isolate()));
@@ -2526,6 +2607,12 @@ Handle<FixedArray> Factory::CopyFixedArrayAndGrow(
   return CopyArrayAndGrow(array, grow_by, allocation);
 }
 
+Handle<WeakFixedArray> Factory::CopyWeakFixedArray(
+    DirectHandle<WeakFixedArray> src) {
+  DCHECK(!IsTransitionArray(*src));  // Compacted by GC, this code doesn't work
+  return CopyArrayWithMap(src, weak_fixed_array_map(), AllocationType::kOld);
+}
+
 Handle<WeakFixedArray> Factory::CopyWeakFixedArrayAndGrow(
     DirectHandle<WeakFixedArray> src, int grow_by) {
   DCHECK(!IsTransitionArray(*src));  // Compacted by GC, this code doesn't work
@@ -2649,6 +2736,13 @@ Handle<JSObject> Factory::NewError(Handle<JSFunction> constructor,
       .ToHandleChecked();
 }
 
+Handle<JSObject> Factory::ShadowRealmNewTypeErrorCopy(
+    Handle<Object> original, MessageTemplate template_index,
+    base::Vector<const DirectHandle<Object>> args) {
+  return ErrorUtils::ShadowRealmConstructTypeErrorCopy(isolate(), original,
+                                                       template_index, args);
+}
+
 Handle<Object> Factory::NewInvalidStringLengthError() {
   if (v8_flags.correctness_fuzzer_suppressions) {
     FATAL("Aborting on invalid string length");
@@ -2694,27 +2788,28 @@ DEFINE_ERROR(WasmLinkError, wasm_link_error)
 DEFINE_ERROR(WasmRuntimeError, wasm_runtime_error)
 #undef DEFINE_ERROR
 
-Handle<JSObject> Factory::NewFunctionPrototype(Handle<JSFunction> function) {
+Handle<JSObject> Factory::NewFunctionPrototype(
+    DirectHandle<JSFunction> function) {
   // Make sure to use globals from the function's context, since the function
   // can be from a different context.
   DirectHandle<NativeContext> native_context(function->native_context(),
                                              isolate());
-  Handle<Map> new_map;
+  DirectHandle<Map> new_map;
   if (V8_UNLIKELY(IsAsyncGeneratorFunction(function->shared()->kind()))) {
-    new_map = handle(native_context->async_generator_object_prototype_map(),
-                     isolate());
+    new_map = direct_handle(
+        native_context->async_generator_object_prototype_map(), isolate());
   } else if (IsResumableFunction(function->shared()->kind())) {
     // Generator and async function prototypes can share maps since they
     // don't have "constructor" properties.
-    new_map =
-        handle(native_context->generator_object_prototype_map(), isolate());
+    new_map = direct_handle(native_context->generator_object_prototype_map(),
+                            isolate());
   } else {
     // Each function prototype gets a fresh map to avoid unwanted sharing of
     // maps between prototypes of different constructors.
     DirectHandle<JSFunction> object_function(native_context->object_function(),
                                              isolate());
     DCHECK(object_function->has_initial_map());
-    new_map = handle(object_function->initial_map(), isolate());
+    new_map = direct_handle(object_function->initial_map(), isolate());
   }
 
   DCHECK(!new_map->is_prototype_map());
@@ -2993,7 +3088,7 @@ Handle<JSObject> Factory::NewSlowJSObjectFromMap(
     DirectHandle<AllocationSite> allocation_site,
     NewJSObjectType new_js_object_type) {
   DCHECK(map->is_dictionary_map());
-  Handle<HeapObject> object_properties;
+  DirectHandle<HeapObject> object_properties;
   if (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
     object_properties = NewSwissNameDictionary(capacity, allocation);
   } else {
@@ -3487,17 +3582,17 @@ Handle<JSTypedArray> Factory::NewJSTypedArray(
   const bool is_backed_by_rab =
       buffer->is_resizable_by_js() && !buffer->is_shared();
 
-  Handle<Map> map;
+  DirectHandle<Map> map;
   if (is_backed_by_rab || is_length_tracking) {
-    map = handle(
+    map = direct_handle(
         isolate()->raw_native_context()->TypedArrayElementsKindToRabGsabCtorMap(
             elements_kind),
         isolate());
   } else {
-    map =
-        handle(isolate()->raw_native_context()->TypedArrayElementsKindToCtorMap(
-                   elements_kind),
-               isolate());
+    map = direct_handle(
+        isolate()->raw_native_context()->TypedArrayElementsKindToCtorMap(
+            elements_kind),
+        isolate());
   }
 
   if (is_length_tracking) {
@@ -3530,13 +3625,13 @@ Handle<JSDataViewOrRabGsabDataView> Factory::NewJSDataViewOrRabGsabDataView(
     byte_length = 0;
   }
   bool is_backed_by_rab = !buffer->is_shared() && buffer->is_resizable_by_js();
-  Handle<Map> map;
+  DirectHandle<Map> map;
   if (is_backed_by_rab || is_length_tracking) {
-    map = handle(isolate()->native_context()->js_rab_gsab_data_view_map(),
-                 isolate());
+    map = direct_handle(
+        isolate()->native_context()->js_rab_gsab_data_view_map(), isolate());
   } else {
-    map = handle(isolate()->native_context()->data_view_fun()->initial_map(),
-                 isolate());
+    map = direct_handle(
+        isolate()->native_context()->data_view_fun()->initial_map(), isolate());
   }
   Handle<JSDataViewOrRabGsabDataView> obj =
       Cast<JSDataViewOrRabGsabDataView>(NewJSArrayBufferView(
@@ -3562,7 +3657,7 @@ MaybeHandle<JSBoundFunction> Factory::NewJSBoundFunction(
                             target_function->GetCreationContext().value());
 
   // Create the [[BoundArguments]] for the result.
-  Handle<FixedArray> bound_arguments;
+  DirectHandle<FixedArray> bound_arguments;
   if (bound_args.empty()) {
     bound_arguments = empty_fixed_array();
   } else {
@@ -3637,7 +3732,7 @@ void Factory::ReinitializeJSGlobalProxy(DirectHandle<JSGlobalProxy> object,
                                         DirectHandle<JSFunction> constructor) {
   DCHECK(constructor->has_initial_map());
   Handle<Map> map(constructor->initial_map(), isolate());
-  Handle<Map> old_map(object->map(), isolate());
+  DirectHandle<Map> old_map(object->map(), isolate());
 
   // The proxy's hash should be retained across reinitialization.
   DirectHandle<Object> raw_properties_or_hash(object->raw_properties_or_hash(),
@@ -3927,7 +4022,7 @@ Handle<MegaDomHandler> Factory::NewMegaDomHandler(MaybeObjectHandle accessor,
 
 Handle<LoadHandler> Factory::NewLoadHandler(int data_count,
                                             AllocationType allocation) {
-  Handle<Map> map;
+  DirectHandle<Map> map;
   switch (data_count) {
     case 1:
       map = load_handler1_map();
@@ -3945,7 +4040,7 @@ Handle<LoadHandler> Factory::NewLoadHandler(int data_count,
 }
 
 Handle<StoreHandler> Factory::NewStoreHandler(int data_count) {
-  Handle<Map> map;
+  DirectHandle<Map> map;
   switch (data_count) {
     case 0:
       map = store_handler0_map();
@@ -3968,66 +4063,114 @@ Handle<StoreHandler> Factory::NewStoreHandler(int data_count) {
 void Factory::SetRegExpAtomData(DirectHandle<JSRegExp> regexp,
                                 DirectHandle<String> source,
                                 JSRegExp::Flags flags,
-                                DirectHandle<Object> data) {
-  Tagged<FixedArray> store =
-      *NewFixedArray(JSRegExp::kAtomDataSize, AllocationType::kYoung);
-  DisallowGarbageCollection no_gc;
-  store->set(JSRegExp::kTagIndex, Smi::FromInt(JSRegExp::ATOM));
-  store->set(JSRegExp::kSourceIndex, *source, SKIP_WRITE_BARRIER);
-  store->set(JSRegExp::kFlagsIndex, Smi::FromInt(flags));
-  store->set(JSRegExp::kAtomPatternIndex, *data, SKIP_WRITE_BARRIER);
-  regexp->set_data(store);
+                                DirectHandle<String> pattern) {
+  DirectHandle<RegExpData> regexp_data =
+      NewAtomRegExpData(source, flags, pattern);
+  regexp->set_data(*regexp_data);
 }
 
 void Factory::SetRegExpIrregexpData(DirectHandle<JSRegExp> regexp,
                                     DirectHandle<String> source,
                                     JSRegExp::Flags flags, int capture_count,
                                     uint32_t backtrack_limit) {
-  DCHECK(Smi::IsValid(backtrack_limit));
-  Tagged<FixedArray> store =
-      *NewFixedArray(JSRegExp::kIrregexpDataSize, AllocationType::kYoung);
-  DisallowGarbageCollection no_gc;
-  Tagged<Smi> uninitialized = Smi::FromInt(JSRegExp::kUninitializedValue);
-  Tagged<Smi> ticks_until_tier_up =
-      v8_flags.regexp_tier_up ? Smi::FromInt(v8_flags.regexp_tier_up_ticks)
-                              : uninitialized;
-  store->set(JSRegExp::kTagIndex, Smi::FromInt(JSRegExp::IRREGEXP));
-  store->set(JSRegExp::kSourceIndex, *source, SKIP_WRITE_BARRIER);
-  store->set(JSRegExp::kFlagsIndex, Smi::FromInt(flags));
-  store->set(JSRegExp::kIrregexpLatin1CodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpUC16CodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpLatin1BytecodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpUC16BytecodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpMaxRegisterCountIndex, Smi::zero());
-  store->set(JSRegExp::kIrregexpCaptureCountIndex, Smi::FromInt(capture_count));
-  store->set(JSRegExp::kIrregexpCaptureNameMapIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpTicksUntilTierUpIndex, ticks_until_tier_up);
-  store->set(JSRegExp::kIrregexpBacktrackLimit, Smi::FromInt(backtrack_limit));
-  regexp->set_data(store);
+  DirectHandle<RegExpData> regexp_data =
+      NewIrRegExpData(source, flags, capture_count, backtrack_limit);
+  regexp->set_data(*regexp_data);
 }
 
 void Factory::SetRegExpExperimentalData(DirectHandle<JSRegExp> regexp,
                                         DirectHandle<String> source,
                                         JSRegExp::Flags flags,
                                         int capture_count) {
-  Tagged<FixedArray> store =
-      *NewFixedArray(JSRegExp::kExperimentalDataSize, AllocationType::kYoung);
+  DirectHandle<RegExpData> regexp_data =
+      NewExperimentalRegExpData(source, flags, capture_count);
+  regexp->set_data(*regexp_data);
+}
+
+Handle<RegExpData> Factory::NewAtomRegExpData(DirectHandle<String> source,
+                                              JSRegExp::Flags flags,
+                                              DirectHandle<String> pattern) {
+  DirectHandle<RegExpDataWrapper> wrapper = NewRegExpDataWrapper();
+  int size = AtomRegExpData::kSize;
+  Tagged<HeapObject> result = AllocateRawWithImmortalMap(
+      size, AllocationType::kTrusted, read_only_roots().atom_regexp_data_map());
+  DisallowGarbageCollection no_gc;
+  Tagged<AtomRegExpData> instance = Cast<AtomRegExpData>(result);
+  instance->init_self_indirect_pointer(isolate());
+  instance->set_type_tag(RegExpData::Type::ATOM);
+  instance->set_source(*source);
+  instance->set_flags(flags);
+  instance->set_pattern(*pattern);
+  Tagged<RegExpDataWrapper> raw_wrapper = *wrapper;
+  instance->set_wrapper(raw_wrapper);
+  raw_wrapper->set_data(instance);
+  return handle(instance, isolate());
+}
+
+Handle<RegExpData> Factory::NewIrRegExpData(DirectHandle<String> source,
+                                            JSRegExp::Flags flags,
+                                            int capture_count,
+                                            uint32_t backtrack_limit) {
+  DirectHandle<RegExpDataWrapper> wrapper = NewRegExpDataWrapper();
+  int size = IrRegExpData::kSize;
+  Tagged<HeapObject> result = AllocateRawWithImmortalMap(
+      size, AllocationType::kTrusted, read_only_roots().ir_regexp_data_map());
   DisallowGarbageCollection no_gc;
-  Tagged<Smi> uninitialized = Smi::FromInt(JSRegExp::kUninitializedValue);
-
-  store->set(JSRegExp::kTagIndex, Smi::FromInt(JSRegExp::EXPERIMENTAL));
-  store->set(JSRegExp::kSourceIndex, *source, SKIP_WRITE_BARRIER);
-  store->set(JSRegExp::kFlagsIndex, Smi::FromInt(flags));
-  store->set(JSRegExp::kIrregexpLatin1CodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpUC16CodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpLatin1BytecodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpUC16BytecodeIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpMaxRegisterCountIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpCaptureCountIndex, Smi::FromInt(capture_count));
-  store->set(JSRegExp::kIrregexpCaptureNameMapIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpTicksUntilTierUpIndex, uninitialized);
-  store->set(JSRegExp::kIrregexpBacktrackLimit, uninitialized);
-  regexp->set_data(store);
+  Tagged<IrRegExpData> instance = Cast<IrRegExpData>(result);
+  instance->init_self_indirect_pointer(isolate());
+  instance->set_type_tag(RegExpData::Type::IRREGEXP);
+  instance->set_source(*source);
+  instance->set_flags(flags);
+  instance->clear_latin1_code();
+  instance->clear_uc16_code();
+  instance->clear_latin1_bytecode();
+  instance->clear_uc16_bytecode();
+  instance->set_capture_name_map(Smi::FromInt(JSRegExp::kUninitializedValue));
+  instance->set_max_register_count(JSRegExp::kUninitializedValue);
+  instance->set_capture_count(capture_count);
+  int ticks_until_tier_up = v8_flags.regexp_tier_up
+                                ? v8_flags.regexp_tier_up_ticks
+                                : JSRegExp::kUninitializedValue;
+  instance->set_ticks_until_tier_up(ticks_until_tier_up);
+  instance->set_backtrack_limit(backtrack_limit);
+  Tagged<RegExpDataWrapper> raw_wrapper = *wrapper;
+  instance->set_wrapper(raw_wrapper);
+  raw_wrapper->set_data(instance);
+  return handle(instance, isolate());
+}
+
+Handle<RegExpData> Factory::NewExperimentalRegExpData(
+    DirectHandle<String> source, JSRegExp::Flags flags, int capture_count) {
+  DirectHandle<RegExpDataWrapper> wrapper = NewRegExpDataWrapper();
+  int size = IrRegExpData::kSize;
+  Tagged<HeapObject> result = AllocateRawWithImmortalMap(
+      size, AllocationType::kTrusted, read_only_roots().ir_regexp_data_map());
+  DisallowGarbageCollection no_gc;
+  Tagged<IrRegExpData> instance = Cast<IrRegExpData>(result);
+  // TODO(mbid,v8:10765): At the moment the ExperimentalRegExpData is just an
+  // alias of IrRegExpData, with most fields set to some default/uninitialized
+  // value. This is because EXPERIMENTAL and IRREGEXP regexps take the same code
+  // path in `RegExpExecInternal`, which reads off various fields from this
+  // struct. `RegExpExecInternal` should probably distinguish between
+  // EXPERIMENTAL and IRREGEXP, and then we can get rid of all the IRREGEXP only
+  // fields.
+  instance->init_self_indirect_pointer(isolate());
+  instance->set_type_tag(RegExpData::Type::EXPERIMENTAL);
+  instance->set_source(*source);
+  instance->set_flags(flags);
+  instance->clear_latin1_code();
+  instance->clear_uc16_code();
+  instance->clear_latin1_bytecode();
+  instance->clear_uc16_bytecode();
+  instance->set_capture_name_map(Smi::FromInt(JSRegExp::kUninitializedValue));
+  instance->set_max_register_count(JSRegExp::kUninitializedValue);
+  instance->set_capture_count(capture_count);
+  instance->set_ticks_until_tier_up(JSRegExp::kUninitializedValue);
+  instance->set_backtrack_limit(JSRegExp::kUninitializedValue);
+  Tagged<RegExpDataWrapper> raw_wrapper = *wrapper;
+  instance->set_wrapper(raw_wrapper);
+  raw_wrapper->set_data(instance);
+  return handle(instance, isolate());
 }
 
 Handle<Object> Factory::GlobalConstantFor(Handle<Name> name) {
@@ -4407,6 +4550,7 @@ Handle<FunctionTemplateInfo> Factory::NewFunctionTemplateInfo(
     ReadOnlyRoots roots(isolate());
     InitializeTemplate(raw, roots, do_not_cache);
     raw->set_class_name(roots.undefined_value(), SKIP_WRITE_BARRIER);
+    raw->set_interface_name(roots.undefined_value(), SKIP_WRITE_BARRIER);
     raw->set_signature(roots.undefined_value(), SKIP_WRITE_BARRIER);
     raw->set_rare_data(roots.undefined_value(), kReleaseStore,
                        SKIP_WRITE_BARRIER);
@@ -4417,6 +4561,8 @@ Handle<FunctionTemplateInfo> Factory::NewFunctionTemplateInfo(
     raw->set_undetectable(false);
     raw->set_needs_access_check(false);
     raw->set_accept_any_receiver(true);
+    raw->set_exception_context(
+        static_cast<uint32_t>(ExceptionContext::kUnknown));
 
     raw->set_length(length);
     raw->SetInstanceType(0);
@@ -4494,7 +4640,7 @@ Handle<JSFunction> Factory::JSFunctionBuilder::Build() {
     JSFunction::EnsureFeedbackVector(isolate_, result, &is_compiled_scope);
   }
 
-  Compiler::PostInstantiation(result, &is_compiled_scope);
+  Compiler::PostInstantiation(isolate_, result, &is_compiled_scope);
   return result;
 }
 
@@ -4523,6 +4669,28 @@ Handle<JSFunction> Factory::JSFunctionBuilder::BuildRaw(
   function->set_shared(*sfi_, mode);
   function->set_context(*context_, kReleaseStore, mode);
   function->set_raw_feedback_cell(*feedback_cell, mode);
+#ifdef V8_ENABLE_LEAPTIERING
+  // If the FeedbackCell doesn't have a dispatch handle, we need to allocate a
+  // dispatch entry now. This should only be the case for functions using the
+  // generic many_closures_cell (for example builtin functions), and only for
+  // functions using certain kinds of code.
+  if (!feedback_cell->dispatch_handle()) {
+    DCHECK_EQ(*feedback_cell, *factory->many_closures_cell());
+    // We currently only expect to see these kinds of Code here. For BASELINE
+    // code, we will allocate a FeedbackCell after building the JSFunction. See
+    // JSFunctionBuilder::Build.
+    DCHECK(code->kind() == CodeKind::BUILTIN ||
+           code->kind() == CodeKind::JS_TO_WASM_FUNCTION ||
+           code->kind() == CodeKind::BASELINE);
+    // TODO(saelo): in the future, we probably want to use
+    // code->parameter_count() here instead, but not all Code objects know
+    // their parameter count yet.
+    function->initialize_dispatch_handle(
+        isolate, sfi_->internal_formal_parameter_count_with_receiver());
+  } else {
+    function->set_dispatch_handle(feedback_cell->dispatch_handle());
+  }
+#endif  // V8_ENABLE_LEAPTIERING
   function->set_code(*code, kReleaseStore, mode);
   if (function->has_prototype_slot()) {
     function->set_prototype_or_initial_map(
diff --git a/deps/v8/src/heap/factory.h b/deps/v8/src/heap/factory.h
index d0d9370a41a442..8233680d1421c5 100644
--- a/deps/v8/src/heap/factory.h
+++ b/deps/v8/src/heap/factory.h
@@ -84,6 +84,10 @@ class WeakCell;
 
 #if V8_ENABLE_WEBASSEMBLY
 namespace wasm {
+#if V8_ENABLE_DRUMBRAKE
+class WasmInterpreterRuntime;
+#endif  // V8_ENABLE_DRUMBRAKE
+
 class ArrayType;
 class StructType;
 struct WasmElemSegment;
@@ -547,7 +551,7 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
       int size, AllocationAlignment alignment, AllocationType allocation,
       AllocationOrigin origin = AllocationOrigin::kRuntime);
 
-  Handle<JSObject> NewFunctionPrototype(Handle<JSFunction> function);
+  Handle<JSObject> NewFunctionPrototype(DirectHandle<JSFunction> function);
 
   // Returns a deep copy of the JavaScript object.
   // Properties and elements are copied too.
@@ -568,6 +572,8 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
   Handle<WeakArrayList> NewWeakArrayList(
       int capacity, AllocationType allocation = AllocationType::kYoung);
 
+  Handle<WeakFixedArray> CopyWeakFixedArray(DirectHandle<WeakFixedArray> array);
+
   Handle<WeakFixedArray> CopyWeakFixedArrayAndGrow(
       DirectHandle<WeakFixedArray> array, int grow_by);
 
@@ -726,6 +732,8 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
       DirectHandle<Map> map);
 
 #if V8_ENABLE_WEBASSEMBLY
+  Handle<WasmTrustedInstanceData> NewWasmTrustedInstanceData();
+  Handle<WasmDispatchTable> NewWasmDispatchTable(int length);
   Handle<WasmTypeInfo> NewWasmTypeInfo(
       Address type_address, Handle<Map> opt_parent,
       DirectHandle<WasmTrustedInstanceData> opt_instance, uint32_t type_index);
@@ -747,12 +755,11 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
       DirectHandle<WasmInternalFunction> internal_function,
       const wasm::FunctionSig* sig, uint32_t canonical_type_index,
       int wrapper_budget, wasm::Promise promise);
-  Handle<WasmApiFunctionRef> NewWasmApiFunctionRef(
+  Handle<WasmImportData> NewWasmImportData(
       DirectHandle<HeapObject> callable, wasm::Suspend suspend,
       MaybeDirectHandle<WasmTrustedInstanceData> instance_data,
       DirectHandle<PodArray<wasm::ValueType>> serialized_sig);
-  Handle<WasmApiFunctionRef> NewWasmApiFunctionRef(
-      DirectHandle<WasmApiFunctionRef> ref);
+  Handle<WasmImportData> NewWasmImportData(DirectHandle<WasmImportData> ref);
 
   Handle<WasmFastApiCallData> NewWasmFastApiCallData(
       DirectHandle<HeapObject> signature, DirectHandle<Object> callback_data);
@@ -766,6 +773,7 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
       wasm::Suspend suspend, wasm::Promise promise, uintptr_t signature_hash);
   Handle<WasmResumeData> NewWasmResumeData(
       DirectHandle<WasmSuspenderObject> suspender, wasm::OnResume on_resume);
+  Handle<WasmSuspenderObject> NewWasmSuspenderObject();
   Handle<WasmStruct> NewWasmStruct(const wasm::StructType* type,
                                    wasm::WasmValue* args,
                                    DirectHandle<Map> map);
@@ -909,6 +917,22 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
                     base::VectorOf<DirectHandle<Object>>({args...}));
   }
 
+  // https://tc39.es/proposal-shadowrealm/#sec-create-type-error-copy
+  Handle<JSObject> ShadowRealmNewTypeErrorCopy(
+      Handle<Object> original, MessageTemplate template_index,
+      base::Vector<const DirectHandle<Object>> args);
+
+  template <typename... Args,
+            typename = std::enable_if_t<std::conjunction_v<
+                std::is_convertible<Args, DirectHandle<Object>>...>>>
+  Handle<JSObject> ShadowRealmNewTypeErrorCopy(Handle<Object> original,
+                                               MessageTemplate template_index,
+                                               Args... args) {
+    return ShadowRealmNewTypeErrorCopy(
+        original, template_index,
+        base::VectorOf<DirectHandle<Object>>({args...}));
+  }
+
 #define DECLARE_ERROR(NAME)                                                  \
   Handle<JSObject> New##NAME(MessageTemplate template_index,                 \
                              base::Vector<const DirectHandle<Object>> args); \
@@ -1000,7 +1024,7 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
   // atom regexp and stores it in the regexp.
   void SetRegExpAtomData(DirectHandle<JSRegExp> regexp,
                          DirectHandle<String> source, JSRegExp::Flags flags,
-                         DirectHandle<Object> match_pattern);
+                         DirectHandle<String> match_pattern);
 
   // Creates a new FixedArray that holds the data associated with the
   // irregexp regexp and stores it in the regexp.
@@ -1014,6 +1038,16 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
                                  DirectHandle<String> source,
                                  JSRegExp::Flags flags, int capture_count);
 
+  Handle<RegExpData> NewAtomRegExpData(DirectHandle<String> source,
+                                       JSRegExp::Flags flags,
+                                       DirectHandle<String> pattern);
+  Handle<RegExpData> NewIrRegExpData(DirectHandle<String> source,
+                                     JSRegExp::Flags flags, int capture_count,
+                                     uint32_t backtrack_limit);
+  Handle<RegExpData> NewExperimentalRegExpData(DirectHandle<String> source,
+                                               JSRegExp::Flags flags,
+                                               int capture_count);
+
   // Returns the value for a known global constant (a property of the global
   // object which is neither configurable nor writable) like 'undefined'.
   // Returns a null handle when the given name is unknown.
@@ -1337,6 +1371,18 @@ class V8_EXPORT_PRIVATE Factory : public FactoryBase<Factory> {
   // {DisallowGarbageCollection} scope until initialization.
   Tagged<WasmArray> NewWasmArrayUninitialized(uint32_t length,
                                               DirectHandle<Map> map);
+
+#if V8_ENABLE_DRUMBRAKE
+  // The resulting struct will be uninitialized, which means GC might fail for
+  // reference structs until initialization. Follow this up with a
+  // {DisallowGarbageCollection} scope until initialization.
+  Handle<WasmStruct> NewWasmStructUninitialized(const wasm::StructType* type,
+                                                Handle<Map> map);
+
+  // WasmInterpreterRuntime needs to call NewWasmStructUninitialized and
+  // NewWasmArrayUninitialized.
+  friend class wasm::WasmInterpreterRuntime;
+#endif  // V8_ENABLE_DRUMBRAKE
 #endif  // V8_ENABLE_WEBASSEMBLY
 };
 
diff --git a/deps/v8/src/heap/gc-tracer.cc b/deps/v8/src/heap/gc-tracer.cc
index 3918dceb3613a8..a7ff1d79a6b829 100644
--- a/deps/v8/src/heap/gc-tracer.cc
+++ b/deps/v8/src/heap/gc-tracer.cc
@@ -63,7 +63,7 @@ double BoundedAverageSpeed(
 }
 
 double BoundedAverageSpeed(const base::RingBuffer<BytesAndDuration>& buffer) {
-  return BoundedAverageSpeed(buffer, base::nullopt);
+  return BoundedAverageSpeed(buffer, std::nullopt);
 }
 
 }  // namespace
@@ -1319,23 +1319,20 @@ double GCTracer::CombineSpeedsInBytesPerMillisecond(double default_speed,
 
 double GCTracer::NewSpaceAllocationThroughputInBytesPerMillisecond(
     std::optional<base::TimeDelta> selected_duration) const {
-  return BoundedAverageSpeed(
-      recorded_new_generation_allocations_,
-      selected_duration);
+  return BoundedAverageSpeed(recorded_new_generation_allocations_,
+                             selected_duration);
 }
 
 double GCTracer::OldGenerationAllocationThroughputInBytesPerMillisecond(
     std::optional<base::TimeDelta> selected_duration) const {
-  return BoundedAverageSpeed(
-      recorded_old_generation_allocations_,
-      selected_duration);
+  return BoundedAverageSpeed(recorded_old_generation_allocations_,
+                             selected_duration);
 }
 
 double GCTracer::EmbedderAllocationThroughputInBytesPerMillisecond(
     std::optional<base::TimeDelta> selected_duration) const {
-  return BoundedAverageSpeed(
-      recorded_embedder_generation_allocations_,
-      selected_duration);
+  return BoundedAverageSpeed(recorded_embedder_generation_allocations_,
+                             selected_duration);
 }
 
 double GCTracer::AllocationThroughputInBytesPerMillisecond(
@@ -1598,10 +1595,11 @@ void GCTracer::ReportFullCycleToRecorder() {
       event.main_thread_collection_weight_cpp_in_percent = 0;
     } else {
       event.collection_weight_cpp_in_percent =
-          event.total_cpp.total_wall_clock_duration_in_us /
+          static_cast<double>(event.total_cpp.total_wall_clock_duration_in_us) /
           total_duration_since_last_mark_compact_.InMicroseconds();
       event.main_thread_collection_weight_cpp_in_percent =
-          event.main_thread_cpp.total_wall_clock_duration_in_us /
+          static_cast<double>(
+              event.main_thread_cpp.total_wall_clock_duration_in_us) /
           total_duration_since_last_mark_compact_.InMicroseconds();
     }
   }
@@ -1701,7 +1699,7 @@ void GCTracer::ReportFullCycleToRecorder() {
     event.collection_rate_in_percent = 0;
   } else {
     event.collection_rate_in_percent =
-        static_cast<double>(event.objects.bytes_after) /
+        static_cast<double>(event.objects.bytes_freed) /
         event.objects.bytes_before;
   }
   // Efficiency:
@@ -1727,10 +1725,10 @@ void GCTracer::ReportFullCycleToRecorder() {
     event.main_thread_collection_weight_in_percent = 0;
   } else {
     event.collection_weight_in_percent =
-        event.total.total_wall_clock_duration_in_us /
+        static_cast<double>(event.total.total_wall_clock_duration_in_us) /
         total_duration_since_last_mark_compact_.InMicroseconds();
     event.main_thread_collection_weight_in_percent =
-        event.main_thread.total_wall_clock_duration_in_us /
+        static_cast<double>(event.main_thread.total_wall_clock_duration_in_us) /
         total_duration_since_last_mark_compact_.InMicroseconds();
   }
 
diff --git a/deps/v8/src/heap/gc-tracer.h b/deps/v8/src/heap/gc-tracer.h
index 64272ad4ae1b78..c96693b4b8f91a 100644
--- a/deps/v8/src/heap/gc-tracer.h
+++ b/deps/v8/src/heap/gc-tracer.h
@@ -382,19 +382,19 @@ class V8_EXPORT_PRIVATE GCTracer {
   // Allocation throughput in the new space in bytes/millisecond.
   // Returns 0 if no allocation events have been recorded.
   double NewSpaceAllocationThroughputInBytesPerMillisecond(
-      std::optional<base::TimeDelta> selected_duration = base::nullopt) const;
+      std::optional<base::TimeDelta> selected_duration = std::nullopt) const;
 
   // Allocation throughput in the old generation in bytes/millisecond in the
   // last time_ms milliseconds.
   // Returns 0 if no allocation events have been recorded.
   double OldGenerationAllocationThroughputInBytesPerMillisecond(
-      std::optional<base::TimeDelta> selected_duration = base::nullopt) const;
+      std::optional<base::TimeDelta> selected_duration = std::nullopt) const;
 
   // Allocation throughput in the embedder in bytes/millisecond in the
   // last time_ms milliseconds.
   // Returns 0 if no allocation events have been recorded.
   double EmbedderAllocationThroughputInBytesPerMillisecond(
-      std::optional<base::TimeDelta> selected_duration = base::nullopt) const;
+      std::optional<base::TimeDelta> selected_duration = std::nullopt) const;
 
   // Allocation throughput in heap in bytes/millisecond in the last time_ms
   // milliseconds.
diff --git a/deps/v8/src/heap/heap-verifier.cc b/deps/v8/src/heap/heap-verifier.cc
index 8f448ffae67545..c9c673a8594711 100644
--- a/deps/v8/src/heap/heap-verifier.cc
+++ b/deps/v8/src/heap/heap-verifier.cc
@@ -159,7 +159,7 @@ template <typename TSlot>
 void VerifyPointersVisitor::VerifyPointersImpl(TSlot start, TSlot end) {
   for (TSlot slot = start; slot < end; ++slot) {
     typename TSlot::TObject object = slot.load(cage_base());
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     if (object.ptr() == kTaggedNullAddress) continue;
 #endif
     Tagged<HeapObject> heap_object;
diff --git a/deps/v8/src/heap/heap-write-barrier-inl.h b/deps/v8/src/heap/heap-write-barrier-inl.h
index 3224611eea40ee..031520e11e0ac4 100644
--- a/deps/v8/src/heap/heap-write-barrier-inl.h
+++ b/deps/v8/src/heap/heap-write-barrier-inl.h
@@ -220,6 +220,25 @@ inline void IndirectPointerWriteBarrier(Tagged<HeapObject> host,
   WriteBarrier::Marking(host, slot);
 }
 
+inline void JSDispatchHandleWriteBarrier(Tagged<HeapObject> host,
+                                         JSDispatchHandle handle,
+                                         WriteBarrierMode mode) {
+  // TODO(saelo): expand this: we either need to separate write barriers for
+  // the table entry and the objects referenced from it, or a single barrier
+  // for both. Maybe the latter is easier.
+
+  DCHECK(V8_ENABLE_LEAPTIERING_BOOL);
+
+  if (mode == SKIP_WRITE_BARRIER) {
+    // TODO(saelo): once/if this write barrier handles both the table entry and
+    // the objects referenced by it, we should SLOW_DCHECK here that a barrier
+    // is not required.
+    return;
+  }
+
+  WriteBarrier::Marking(host, handle);
+}
+
 inline void ProtectedPointerWriteBarrier(Tagged<TrustedObject> host,
                                          ProtectedPointerSlot slot,
                                          Tagged<TrustedObject> value,
@@ -354,6 +373,11 @@ void WriteBarrier::Marking(Tagged<TrustedObject> host,
   MarkingSlow(host, slot, value);
 }
 
+void WriteBarrier::Marking(Tagged<HeapObject> host, JSDispatchHandle handle) {
+  if (!IsMarking(host)) return;
+  MarkingSlow(host, handle);
+}
+
 // static
 void WriteBarrier::MarkingFromGlobalHandle(Tagged<Object> value) {
   if (V8_ENABLE_THIRD_PARTY_HEAP_BOOL) return;
diff --git a/deps/v8/src/heap/heap-write-barrier.cc b/deps/v8/src/heap/heap-write-barrier.cc
index 63c607ba4bf1e9..0a68faab517a9c 100644
--- a/deps/v8/src/heap/heap-write-barrier.cc
+++ b/deps/v8/src/heap/heap-write-barrier.cc
@@ -14,6 +14,7 @@
 #include "src/objects/js-objects.h"
 #include "src/objects/maybe-object.h"
 #include "src/objects/slots-inl.h"
+#include "src/sandbox/js-dispatch-table-inl.h"
 
 namespace v8 {
 namespace internal {
@@ -125,6 +126,18 @@ void WriteBarrier::MarkingSlow(Tagged<TrustedObject> host,
   marking_barrier->Write(host, slot, value);
 }
 
+void WriteBarrier::MarkingSlow(Tagged<HeapObject> host,
+                               JSDispatchHandle handle) {
+#ifdef V8_ENABLE_LEAPTIERING
+  GetProcessWideJSDispatchTable()->Mark(handle);
+
+  // TODO(saelo): in the future, we'll probably need to mark the Code object in
+  // the table as well here.
+#else
+  UNREACHABLE();
+#endif
+}
+
 int WriteBarrier::MarkingFromCode(Address raw_host, Address raw_slot) {
   Tagged<HeapObject> host = Cast<HeapObject>(Tagged<Object>(raw_host));
   MaybeObjectSlot slot(raw_slot);
diff --git a/deps/v8/src/heap/heap-write-barrier.h b/deps/v8/src/heap/heap-write-barrier.h
index 1c687bb8ff5bbb..37223f81160dca 100644
--- a/deps/v8/src/heap/heap-write-barrier.h
+++ b/deps/v8/src/heap/heap-write-barrier.h
@@ -46,11 +46,16 @@ void CombinedWriteBarrier(HeapObjectLayout* object, TaggedMemberBase* slot,
 void CombinedEphemeronWriteBarrier(Tagged<EphemeronHashTable> object,
                                    ObjectSlot slot, Tagged<Object> value,
                                    WriteBarrierMode mode);
+
 void IndirectPointerWriteBarrier(Tagged<HeapObject> host,
                                  IndirectPointerSlot slot,
                                  Tagged<HeapObject> value,
                                  WriteBarrierMode mode);
 
+void JSDispatchHandleWriteBarrier(Tagged<HeapObject> host,
+                                  JSDispatchHandle handle,
+                                  WriteBarrierMode mode);
+
 // Generational write barrier.
 void GenerationalBarrierForCode(Tagged<InstructionStream> host,
                                 RelocInfo* rinfo, Tagged<HeapObject> object);
@@ -74,6 +79,7 @@ class V8_EXPORT_PRIVATE WriteBarrier {
   static inline void Marking(Tagged<TrustedObject> host,
                              ProtectedPointerSlot slot,
                              Tagged<TrustedObject> value);
+  static inline void Marking(Tagged<HeapObject> host, JSDispatchHandle handle);
 
   static inline void Shared(Tagged<InstructionStream> host, RelocInfo*,
                             Tagged<HeapObject> value);
@@ -120,6 +126,7 @@ class V8_EXPORT_PRIVATE WriteBarrier {
   static void MarkingSlow(Tagged<HeapObject> host, IndirectPointerSlot slot);
   static void MarkingSlow(Tagged<TrustedObject> host, ProtectedPointerSlot slot,
                           Tagged<TrustedObject> value);
+  static void MarkingSlow(Tagged<HeapObject> host, JSDispatchHandle handle);
   static void MarkingSlowFromGlobalHandle(Tagged<HeapObject> value);
   static void MarkingSlowFromCppHeapWrappable(Heap* heap, void* object);
 
diff --git a/deps/v8/src/heap/heap.cc b/deps/v8/src/heap/heap.cc
index 75a24c57560f19..f973a215aef1ea 100644
--- a/deps/v8/src/heap/heap.cc
+++ b/deps/v8/src/heap/heap.cc
@@ -6478,30 +6478,6 @@ void Heap::CheckHandleCount() {
   isolate_->handle_scope_implementer()->Iterate(&v);
 }
 
-void Heap::ClearRecordedSlot(Tagged<HeapObject> object, ObjectSlot slot) {
-#ifndef V8_DISABLE_WRITE_BARRIERS
-  DCHECK(!IsLargeObject(object));
-  MemoryChunk* chunk = MemoryChunk::FromAddress(slot.address());
-  if (!chunk->InYoungGeneration()) {
-    PageMetadata* page = PageMetadata::cast(chunk->Metadata());
-    DCHECK_EQ(page->owner_identity(), OLD_SPACE);
-
-    // We only need to remove that slot when sweeping is still in progress.
-    // Because in that case, a concurrent sweeper could find that memory and
-    // reuse it for subsequent allocations. The runtime could install another
-    // property at this slot but without unboxed doubles this will always be a
-    // tagged pointer.
-    if (!page->SweepingDone()) {
-      // No need to update old-to-old here since that remembered set is gone
-      // after a full GC and not re-recorded until sweeping is finished.
-      RememberedSet<OLD_TO_NEW>::Remove(page, slot.address());
-      RememberedSet<OLD_TO_NEW_BACKGROUND>::Remove(page, slot.address());
-      RememberedSet<OLD_TO_SHARED>::Remove(page, slot.address());
-    }
-  }
-#endif
-}
-
 // static
 int Heap::InsertIntoRememberedSetFromCode(MutablePageMetadata* chunk,
                                           size_t slot_offset) {
@@ -6528,14 +6504,14 @@ void Heap::ClearRecordedSlotRange(Address start, Address end) {
   MemoryChunk* chunk = MemoryChunk::FromAddress(start);
   DCHECK(!chunk->IsLargePage());
 #if !V8_ENABLE_STICKY_MARK_BITS_BOOL
-  if (!chunk->InYoungGeneration()) {
-#else
-  if (true) {
+  if (!chunk->InYoungGeneration())
 #endif
+  {
     PageMetadata* page = PageMetadata::cast(chunk->Metadata());
     // This method will be invoked on objects in shared space for
     // internalization and string forwarding during GC.
     DCHECK(page->owner_identity() == OLD_SPACE ||
+           page->owner_identity() == TRUSTED_SPACE ||
            page->owner_identity() == SHARED_SPACE);
 
     if (!page->SweepingDone()) {
@@ -6661,7 +6637,7 @@ class UnreachableObjectsFilter : public HeapObjectsFilter {
       // Treat weak references as strong.
       for (TSlot p = start; p < end; ++p) {
         typename TSlot::TObject object = p.load(cage_base());
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
         if (object.ptr() == kTaggedNullAddress) continue;
 #endif
         Tagged<HeapObject> heap_object;
diff --git a/deps/v8/src/heap/heap.h b/deps/v8/src/heap/heap.h
index dddc370feeaf15..768e543f250806 100644
--- a/deps/v8/src/heap/heap.h
+++ b/deps/v8/src/heap/heap.h
@@ -813,14 +813,13 @@ class Heap final {
 
   CodePointerTable::Space* code_pointer_space() { return &code_pointer_space_; }
 
+#endif  // V8_ENABLE_SANDBOX
+
+#ifdef V8_ENABLE_LEAPTIERING
   JSDispatchTable::Space* js_dispatch_table_space() {
     return &js_dispatch_table_space_;
   }
-
-  ExternalBufferTable::Space* external_buffer_space() {
-    return &external_buffer_space_;
-  }
-#endif  // V8_ENABLE_SANDBOX
+#endif  // V8_ENABLE_LEAPTIERING
 
   // ===========================================================================
   // Getters to other components. ==============================================
@@ -1034,7 +1033,6 @@ class Heap final {
   uint8_t* IsMarkingFlagAddress();
   uint8_t* IsMinorMarkingFlagAddress();
 
-  void ClearRecordedSlot(Tagged<HeapObject> object, ObjectSlot slot);
   void ClearRecordedSlotRange(Address start, Address end);
   static int InsertIntoRememberedSetFromCode(MutablePageMetadata* chunk,
                                              size_t slot_offset);
@@ -2192,10 +2190,6 @@ class Heap final {
 
   // The space in the process-wide JSDispatchTable managed by this heap.
   JSDispatchTable::Space js_dispatch_table_space_;
-
-  // The space in the ExternalBufferTable containing entries owned by objects
-  // in this heap.
-  ExternalBufferTable::Space external_buffer_space_;
 #endif  // V8_ENABLE_SANDBOX
 
   LocalHeap* main_thread_local_heap_ = nullptr;
diff --git a/deps/v8/src/heap/incremental-marking.cc b/deps/v8/src/heap/incremental-marking.cc
index c5ceb8857dab07..2e3f92271614e8 100644
--- a/deps/v8/src/heap/incremental-marking.cc
+++ b/deps/v8/src/heap/incremental-marking.cc
@@ -407,17 +407,21 @@ void IncrementalMarking::FinishBlackAllocation() {
 void IncrementalMarking::StartPointerTableBlackAllocation() {
 #ifdef V8_ENABLE_SANDBOX
   heap()->code_pointer_space()->set_allocate_black(true);
-  heap()->js_dispatch_table_space()->set_allocate_black(true);
   heap()->trusted_pointer_space()->set_allocate_black(true);
 #endif  // V8_ENABLE_SANDBOX
+#ifdef V8_ENABLE_LEAPTIERING
+  heap()->js_dispatch_table_space()->set_allocate_black(true);
+#endif  // V8_ENABLE_LEAPTIERING
 }
 
 void IncrementalMarking::StopPointerTableBlackAllocation() {
 #ifdef V8_ENABLE_SANDBOX
   heap()->code_pointer_space()->set_allocate_black(false);
-  heap()->js_dispatch_table_space()->set_allocate_black(false);
   heap()->trusted_pointer_space()->set_allocate_black(false);
 #endif  // V8_ENABLE_SANDBOX
+#ifdef V8_ENABLE_LEAPTIERING
+  heap()->js_dispatch_table_space()->set_allocate_black(false);
+#endif  // V8_ENABLE_LEAPTIERING
 }
 
 void IncrementalMarking::UpdateMarkingWorklistAfterScavenge() {
diff --git a/deps/v8/src/heap/index-generator.cc b/deps/v8/src/heap/index-generator.cc
index e90ed8e5461f61..9ee3669a04fc11 100644
--- a/deps/v8/src/heap/index-generator.cc
+++ b/deps/v8/src/heap/index-generator.cc
@@ -21,7 +21,7 @@ std::optional<size_t> IndexGenerator::GetNext() {
     first_use_ = false;
     return 0;
   }
-  if (ranges_to_split_.empty()) return base::nullopt;
+  if (ranges_to_split_.empty()) return std::nullopt;
 
   // Split the oldest running range in 2 and return the middle index as
   // starting point.
diff --git a/deps/v8/src/heap/main-allocator.cc b/deps/v8/src/heap/main-allocator.cc
index aac23c81b825f9..8033ecac4daca1 100644
--- a/deps/v8/src/heap/main-allocator.cc
+++ b/deps/v8/src/heap/main-allocator.cc
@@ -659,6 +659,25 @@ bool PagedSpaceAllocatorPolicy::RefillLab(int size_in_bytes,
 
   if (TryAllocationFromFreeList(size_in_bytes, origin)) return true;
 
+  // Don't steal pages from the shared space of the main isolate if running as a
+  // client. The issue is that the concurrent marker may be running on the main
+  // isolate and may reach the page and read its flags, which will then end up
+  // in a race, when the page of the compaction space will be merged back to the
+  // main space. For the same reason, don't take swept pages from the main
+  // shared space.
+  const bool running_from_client_isolate_and_allocating_in_shared_space =
+      (allocator_->identity() == SHARED_SPACE) &&
+      !isolate_heap()->isolate()->is_shared_space_isolate();
+  if (running_from_client_isolate_and_allocating_in_shared_space) {
+    // Avoid OOM crash in the GC in order to invoke NearHeapLimitCallback after
+    // GC and give it a chance to increase the heap limit.
+    if (!isolate_heap()->force_oom() &&
+        TryExpandAndAllocate(size_in_bytes, origin)) {
+      return true;
+    }
+    return false;
+  }
+
   // Sweeping is still in progress.
   if (space_heap()->sweeping_in_progress()) {
     // First try to refill the free-list, concurrent sweeper threads
diff --git a/deps/v8/src/heap/mark-compact-inl.h b/deps/v8/src/heap/mark-compact-inl.h
index b6c483633048d4..90c8588d83d647 100644
--- a/deps/v8/src/heap/mark-compact-inl.h
+++ b/deps/v8/src/heap/mark-compact-inl.h
@@ -99,7 +99,7 @@ void RootMarkingVisitor::VisitRootPointers(Root root, const char* description,
 
 void RootMarkingVisitor::MarkObjectByPointer(Root root, FullObjectSlot p) {
   Tagged<Object> object = *p;
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (object.ptr() == kTaggedNullAddress) return;
 #endif
   if (!IsHeapObject(object)) return;
diff --git a/deps/v8/src/heap/mark-compact.cc b/deps/v8/src/heap/mark-compact.cc
index 9816582488ed09..09f0dda8019ba0 100644
--- a/deps/v8/src/heap/mark-compact.cc
+++ b/deps/v8/src/heap/mark-compact.cc
@@ -18,6 +18,7 @@
 #include "src/base/platform/platform.h"
 #include "src/base/utils/random-number-generator.h"
 #include "src/codegen/compilation-cache.h"
+#include "src/common/assert-scope.h"
 #include "src/common/globals.h"
 #include "src/deoptimizer/deoptimizer.h"
 #include "src/execution/execution.h"
@@ -193,7 +194,7 @@ class FullMarkingVerifier : public MarkingVerifierBase {
         GetPtrComprCageBaseFromOnHeapAddress(start.address());
     for (TSlot slot = start; slot < end; ++slot) {
       typename TSlot::TObject object = slot.load(cage_base);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
       if (object.ptr() == kTaggedNullAddress) continue;
 #endif
       Tagged<HeapObject> heap_object;
@@ -1309,8 +1310,14 @@ class RecordMigratedSlotVisitor : public ObjectVisitorWithCageBases {
           // references we want to use the OLD_TO_OLD remembered set, so here
           // we need to check that both the value chunk and the host chunk are
           // trusted space chunks.
-          RememberedSet<TRUSTED_TO_TRUSTED>::Insert<AccessMode::NON_ATOMIC>(
-              host_metadata, host_chunk->Offset(slot));
+          if (value_chunk->InWritableSharedSpace()) {
+            RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Insert<
+                AccessMode::NON_ATOMIC>(host_metadata,
+                                        host_chunk->Offset(slot));
+          } else {
+            RememberedSet<TRUSTED_TO_TRUSTED>::Insert<AccessMode::NON_ATOMIC>(
+                host_metadata, host_chunk->Offset(slot));
+          }
         } else {
           RememberedSet<OLD_TO_OLD>::Insert<AccessMode::NON_ATOMIC>(
               host_metadata, host_chunk->Offset(slot));
@@ -1319,8 +1326,14 @@ class RecordMigratedSlotVisitor : public ObjectVisitorWithCageBases {
                  !InWritableSharedSpace(host)) {
         MutablePageMetadata* host_metadata =
             MutablePageMetadata::cast(host_chunk->Metadata());
-        RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::NON_ATOMIC>(
-            host_metadata, host_chunk->Offset(slot));
+        if (value_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED) &&
+            host_chunk->IsFlagSet(MemoryChunk::IS_TRUSTED)) {
+          RememberedSet<TRUSTED_TO_SHARED_TRUSTED>::Insert<
+              AccessMode::NON_ATOMIC>(host_metadata, host_chunk->Offset(slot));
+        } else {
+          RememberedSet<OLD_TO_SHARED>::Insert<AccessMode::NON_ATOMIC>(
+              host_metadata, host_chunk->Offset(slot));
+        }
       }
     }
   }
@@ -1492,11 +1505,9 @@ class EvacuateVisitorBase : public HeapObjectVisitor {
   }
 
   EvacuateVisitorBase(Heap* heap, EvacuationAllocator* local_allocator,
-                      MainAllocator* shared_old_allocator,
                       RecordMigratedSlotVisitor* record_visitor)
       : heap_(heap),
         local_allocator_(local_allocator),
-        shared_old_allocator_(shared_old_allocator),
         record_visitor_(record_visitor),
         shared_string_table_(v8_flags.shared_string_table &&
                              heap->isolate()->has_shared_space()) {
@@ -1524,13 +1535,7 @@ class EvacuateVisitorBase : public HeapObjectVisitor {
     AllocationAlignment alignment = HeapObject::RequiredAlignment(map);
     AllocationResult allocation;
     if (target_space == OLD_SPACE && ShouldPromoteIntoSharedHeap(map)) {
-      if (heap_->isolate()->is_shared_space_isolate()) {
-        DCHECK_NULL(shared_old_allocator_);
-        allocation = local_allocator_->Allocate(SHARED_SPACE, size, alignment);
-      } else {
-        allocation = shared_old_allocator_->AllocateRaw(size, alignment,
-                                                        AllocationOrigin::kGC);
-      }
+      allocation = local_allocator_->Allocate(SHARED_SPACE, size, alignment);
     } else {
       allocation = local_allocator_->Allocate(target_space, size, alignment);
     }
@@ -1564,7 +1569,6 @@ class EvacuateVisitorBase : public HeapObjectVisitor {
 
   Heap* heap_;
   EvacuationAllocator* local_allocator_;
-  MainAllocator* shared_old_allocator_;
   RecordMigratedSlotVisitor* record_visitor_;
   std::vector<MigrationObserver*> observers_;
   MigrateFunction migration_function_;
@@ -1579,11 +1583,9 @@ class EvacuateNewSpaceVisitor final : public EvacuateVisitorBase {
  public:
   explicit EvacuateNewSpaceVisitor(
       Heap* heap, EvacuationAllocator* local_allocator,
-      MainAllocator* shared_old_allocator,
       RecordMigratedSlotVisitor* record_visitor,
       PretenuringHandler::PretenuringFeedbackMap* local_pretenuring_feedback)
-      : EvacuateVisitorBase(heap, local_allocator, shared_old_allocator,
-                            record_visitor),
+      : EvacuateVisitorBase(heap, local_allocator, record_visitor),
         promoted_size_(0),
         semispace_copied_size_(0),
         pretenuring_handler_(heap_->pretenuring_handler()),
@@ -1711,10 +1713,8 @@ class EvacuateNewToOldSpacePageVisitor final : public HeapObjectVisitor {
 class EvacuateOldSpaceVisitor final : public EvacuateVisitorBase {
  public:
   EvacuateOldSpaceVisitor(Heap* heap, EvacuationAllocator* local_allocator,
-                          MainAllocator* shared_old_allocator,
                           RecordMigratedSlotVisitor* record_visitor)
-      : EvacuateVisitorBase(heap, local_allocator, shared_old_allocator,
-                            record_visitor) {}
+      : EvacuateVisitorBase(heap, local_allocator, record_visitor) {}
 
   inline bool Visit(Tagged<HeapObject> object, int size) override {
     Tagged<HeapObject> target_object;
@@ -3031,13 +3031,15 @@ void MarkCompactCollector::ClearNonLiveReferences() {
     GetProcessWideCodePointerTable()->Sweep(heap_->code_pointer_space(),
                                             isolate->counters());
   }
+#endif  // V8_ENABLE_SANDBOX
 
+#ifdef V8_ENABLE_LEAPTIERING
   {
     TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_SWEEP_JS_DISPATCH_TABLE);
     GetProcessWideJSDispatchTable()->Sweep(heap_->js_dispatch_table_space(),
                                            isolate->counters());
   }
-#endif  // V8_ENABLE_SANDBOX
+#endif  // V8_ENABLE_LEAPTIERING
 
   {
     TRACE_GC(heap_->tracer(),
@@ -3054,7 +3056,16 @@ void MarkCompactCollector::ClearNonLiveReferences() {
 
   PROFILE(heap_->isolate(), WeakCodeClearEvent());
 
-  MarkDependentCodeForDeoptimization();
+  {
+    // This method may be called from within a DisallowDeoptimizations scope.
+    // Temporarily allow deopts for marking code for deopt. This is not doing
+    // the deopt yet and the actual deopts will be bailed out on later if the
+    // current safepoint is not safe for deopts.
+    // TODO(357636610): Reconsider whether the DisallowDeoptimization scopes are
+    // truly needed.
+    AllowDeoptimization allow_deoptimization(heap_->isolate());
+    MarkDependentCodeForDeoptimization();
+  }
 
   {
     TRACE_GC(heap_->tracer(), GCTracer::Scope::MC_CLEAR_JOIN_JOB);
@@ -3177,19 +3188,26 @@ void MarkCompactCollector::FlushBytecodeFromSFI(
       [](Tagged<HeapObject> object, ObjectSlot slot,
          Tagged<HeapObject> target) { RecordSlot(object, slot, target); });
 
-  // Replace the bytecode with an uncompiled data object.
-  // As the bytecode arrays itself is located in trusted space, we cannot
-  // convert that object, but instead need to convert another object living
-  // inside the main pointer compression cage. The wrapper object is suitable
-  // for that purpose. The size of the bytecode wrapper must therefore match
-  // that of an UncompiledData object (it could also be larger, but it's most
-  // efficient if the sizes match because then we can avoid creating a filler
-  // object for the leftover space in the wrapper object).
-  static_assert(BytecodeWrapper::kSize ==
+  // The size of the bytecode array should always be larger than an
+  // UncompiledData object.
+  static_assert(BytecodeArray::SizeFor(0) >=
                 UncompiledDataWithoutPreparseData::kSize);
+
+  // Replace the bytecode with an uncompiled data object.
   Tagged<BytecodeArray> bytecode_array =
       shared_info->GetBytecodeArray(heap_->isolate());
-  Tagged<HeapObject> compiled_data = bytecode_array->wrapper();
+
+#ifdef V8_ENABLE_SANDBOX
+  // Zap the old entry in the trusted pointer table.
+  TrustedPointerTable& table = heap_->isolate()->trusted_pointer_table();
+  IndirectPointerSlot self_indirect_pointer_slot =
+      bytecode_array->RawIndirectPointerField(
+          BytecodeArray::kSelfIndirectPointerOffset,
+          kBytecodeArrayIndirectPointerTag);
+  table.Zap(self_indirect_pointer_slot.Relaxed_LoadHandle());
+#endif
+
+  Tagged<HeapObject> compiled_data = bytecode_array;
   Address compiled_data_start = compiled_data.address();
   int compiled_data_size = ALIGN_TO_ALLOCATION_ALIGNMENT(compiled_data->Size());
   MutablePageMetadata* chunk =
@@ -3208,6 +3226,9 @@ void MarkCompactCollector::FlushBytecodeFromSFI(
   RememberedSet<OLD_TO_OLD>::RemoveRange(
       chunk, compiled_data_start, compiled_data_start + compiled_data_size,
       SlotSet::FREE_EMPTY_BUCKETS);
+  RememberedSet<TRUSTED_TO_TRUSTED>::RemoveRange(
+      chunk, compiled_data_start, compiled_data_start + compiled_data_size,
+      SlotSet::FREE_EMPTY_BUCKETS);
 
   // Swap the map, using set_map_after_allocation to avoid verify heap checks
   // which are not necessary since we are doing this during the GC atomic pause.
@@ -3215,10 +3236,19 @@ void MarkCompactCollector::FlushBytecodeFromSFI(
       ReadOnlyRoots(heap_).uncompiled_data_without_preparse_data_map(),
       SKIP_WRITE_BARRIER);
 
+  // Create a filler object for any left over space in the bytecode array.
+  if (!heap_->IsLargeObject(compiled_data)) {
+    const int aligned_filler_offset =
+        ALIGN_TO_ALLOCATION_ALIGNMENT(UncompiledDataWithoutPreparseData::kSize);
+    heap_->CreateFillerObjectAt(compiled_data.address() + aligned_filler_offset,
+                                compiled_data_size - aligned_filler_offset);
+  }
+
   // Initialize the uncompiled data.
   Tagged<UncompiledData> uncompiled_data = Cast<UncompiledData>(compiled_data);
+
   uncompiled_data->InitAfterBytecodeFlush(
-      inferred_name, start_position, end_position,
+      heap_->isolate(), inferred_name, start_position, end_position,
       [](Tagged<HeapObject> object, ObjectSlot slot,
          Tagged<HeapObject> target) { RecordSlot(object, slot, target); });
 
@@ -3229,6 +3259,12 @@ void MarkCompactCollector::FlushBytecodeFromSFI(
          marking_state_->IsMarked(inferred_name));
   marking_state_->TryMarkAndAccountLiveBytes(uncompiled_data);
 
+#ifdef V8_ENABLE_SANDBOX
+  // Mark the new entry in the trusted pointer table as alive.
+  TrustedPointerTable::Space* space = heap_->trusted_pointer_space();
+  table.Mark(space, self_indirect_pointer_slot.Relaxed_LoadHandle());
+#endif
+
   shared_info->set_uncompiled_data(uncompiled_data);
   DCHECK(!shared_info->is_compiled());
 }
@@ -3249,15 +3285,18 @@ void MarkCompactCollector::ProcessOldCodeCandidates() {
 
     if (!is_bytecode_live) number_of_flushed_sfis++;
 
-    // Now record the slot, which has either been updated to an uncompiled data,
-    // Baseline code or BytecodeArray which is still alive. If the sandbox is
-    // enabled, the slot may be empty though as BytecodeArrays are referenced
-    // through an indirect pointer. In that case, no action is necessary here.
-    ObjectSlot slot =
-        flushing_candidate->RawField(SharedFunctionInfo::kFunctionDataOffset);
+    // Now record the data slots, which have been updated to an uncompiled
+    // data, Baseline code or BytecodeArray which is still alive.
+#ifndef V8_ENABLE_SANDBOX
+    // If the sandbox is enabled, the slot contains an indirect pointer which
+    // does not need to be updated during mark-compact (because the pointer in
+    // the pointer table will be updated), so no action is needed here.
+    ObjectSlot slot = flushing_candidate->RawField(
+        SharedFunctionInfo::kTrustedFunctionDataOffset);
     if (IsHeapObject(*slot)) {
       RecordSlot(flushing_candidate, slot, Cast<HeapObject>(*slot));
     }
+#endif
   }
 
   if (v8_flags.trace_flush_code) {
@@ -3403,20 +3442,11 @@ void MarkCompactCollector::ClearFullMapTransitions() {
   while (local_weak_objects()->transition_arrays_local.Pop(&array)) {
     int num_transitions = array->number_of_entries();
     if (num_transitions > 0) {
-      int first = 0;
-      // Search for the owner of this transition array by scanning over sidestep
-      // transitions.
-      while (first < num_transitions &&
-             TransitionsAccessor::IsSpecialSidestepTransition(
-                 roots, array->GetKey(first))) {
-        first++;
-      }
-      if (first < num_transitions) {
         Tagged<Map> map;
         // The array might contain "undefined" elements because it's not yet
         // filled. Allow it.
-        if (array->GetTargetIfExists(first, isolate, &map)) {
-          DCHECK(!map.is_null());
+        if (array->GetTargetIfExists(0, isolate, &map)) {
+          DCHECK(!map.is_null());  // Weak pointers aren't cleared yet.
           Tagged<Object> constructor_or_back_pointer =
               map->constructor_or_back_pointer();
           if (IsSmi(constructor_or_back_pointer)) {
@@ -3437,7 +3467,6 @@ void MarkCompactCollector::ClearFullMapTransitions() {
           }
         }
       }
-    }
   }
 }
 
@@ -3461,23 +3490,15 @@ bool MarkCompactCollector::TransitionArrayNeedsCompaction(
       }
 #endif
       return false;
-    }
-    Tagged<Map> map;
-    if (transitions->GetTargetIfExists(i, heap_->isolate(), &map)) {
-      if (non_atomic_marking_state_->IsUnmarked(map)) {
+    } else if (non_atomic_marking_state_->IsUnmarked(
+                   TransitionsAccessor::GetTargetFromRaw(raw_target))) {
 #ifdef DEBUG
-        // Targets can only be dead iff this array is fully deserialized.
-        for (int j = 0; j < num_transitions; ++j) {
-          DCHECK(!transitions->GetRawTarget(j).IsSmi());
-        }
-#endif
-        return true;
+      // Targets can only be dead iff this array is fully deserialized.
+      for (int j = 0; j < num_transitions; ++j) {
+        DCHECK(!transitions->GetRawTarget(j).IsSmi());
       }
-    } else {
-      // Cleared entries are used as sentinels in sidestep transitions. In all
-      // other cases the transition array is always compacted.
-      DCHECK(TransitionsAccessor::IsSpecialSidestepTransition(
-          roots, transitions->GetKey(i)));
+#endif
+      return true;
     }
   }
   return false;
@@ -3496,30 +3517,16 @@ bool MarkCompactCollector::CompactTransitionArray(
   int transition_index = 0;
   // Compact all live transitions to the left.
   for (int i = 0; i < num_transitions; ++i) {
-    {
-      Tagged<Map> target;
-      if (transitions->GetTargetIfExists(i, heap_->isolate(), &target)) {
-        if (non_atomic_marking_state_->IsUnmarked(target)) {
-          if (TransitionsAccessor::IsSpecialSidestepTransition(
-                  roots, transitions->GetKey(i))) {
-            // In case of side-step transition the back pointer might not be
-            // equal to the descriptor owner.
-            continue;
-          }
-          if (!descriptors.is_null() &&
-              target->instance_descriptors(heap_->isolate()) == descriptors) {
-            DCHECK(!target->is_prototype_map());
-            descriptors_owner_died = true;
-          }
-          continue;
-        }
-      } else {
-        // In sidestep transitions we use cleared entries as sentinels. Thus we
-        // keep them in the transition array to remember the absence of a
-        // particular sidestep transition.
-        DCHECK(TransitionsAccessor::IsSpecialSidestepTransition(
-            roots, transitions->GetKey(i)));
+    Tagged<Map> target = transitions->GetTarget(i);
+    DCHECK_EQ(target->constructor_or_back_pointer(), map);
+
+    if (non_atomic_marking_state_->IsUnmarked(target)) {
+      if (!descriptors.is_null() &&
+          target->instance_descriptors(heap_->isolate()) == descriptors) {
+        DCHECK(!target->is_prototype_map());
+        descriptors_owner_died = true;
       }
+      continue;
     }
 
     if (i != transition_index) {
@@ -3529,11 +3536,8 @@ bool MarkCompactCollector::CompactTransitionArray(
       RecordSlot(transitions, key_slot, key);
       Tagged<MaybeObject> raw_target = transitions->GetRawTarget(i);
       transitions->SetRawTarget(transition_index, raw_target);
-      if (!raw_target.IsCleared()) {
-        HeapObjectSlot target_slot =
-            transitions->GetTargetSlot(transition_index);
-        RecordSlot(transitions, target_slot, raw_target.GetHeapObject());
-      }
+      HeapObjectSlot target_slot = transitions->GetTargetSlot(transition_index);
+      RecordSlot(transitions, target_slot, raw_target.GetHeapObject());
     }
     transition_index++;
   }
@@ -3703,7 +3707,7 @@ void MarkCompactCollector::ClearTrivialWeakReferences() {
     // as MaybeObjectSlot.
     MaybeObjectSlot location(slot.slot);
     if ((*location).GetHeapObjectIfWeak(&value)) {
-      DCHECK(!IsCell(value));
+      DCHECK(!IsWeakCell(value));
       // Values in RO space have already been filtered, but a non-RO value may
       // have been overwritten by a RO value since marking.
       if (InReadOnlySpace(value) ||
@@ -3730,7 +3734,7 @@ void MarkCompactCollector::FilterNonTrivialWeakReferences() {
     // as MaybeObjectSlot.
     MaybeObjectSlot location(slot.slot);
     if ((*location).GetHeapObjectIfWeak(&value)) {
-      DCHECK(!IsCell(value));
+      DCHECK(!IsWeakCell(value));
       // Values in RO space have already been filtered, but a non-RO value may
       // have been overwritten by a RO value since marking.
       if (InReadOnlySpace(value) ||
@@ -3760,7 +3764,7 @@ void MarkCompactCollector::ClearNonTrivialWeakReferences() {
     // The slot may not have been overwritten since it was filtered, so we can
     // directly read its value.
     Tagged<HeapObject> value = (*slot.slot).GetHeapObjectAssumeWeak();
-    DCHECK(!IsCell(value));
+    DCHECK(!IsWeakCell(value));
     DCHECK(!InReadOnlySpace(value));
     DCHECK(!non_atomic_marking_state_->IsMarked(value));
     DCHECK(!MainMarkingVisitor::IsTrivialWeakReferenceValue(slot.heap_object,
@@ -4079,7 +4083,7 @@ static inline SlotCallbackResult UpdateOldToSharedSlot(
 template <typename TSlot>
 static inline void UpdateStrongSlot(PtrComprCageBase cage_base, TSlot slot) {
   typename TSlot::TObject obj = slot.Relaxed_Load(cage_base);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (obj.ptr() == kTaggedNullAddress) return;
 #endif
   DCHECK(!HAS_WEAK_HEAP_OBJECT_TAG(obj.ptr()));
@@ -4092,7 +4096,7 @@ static inline void UpdateStrongSlot(PtrComprCageBase cage_base, TSlot slot) {
 static inline SlotCallbackResult UpdateStrongOldToSharedSlot(
     PtrComprCageBase cage_base, FullMaybeObjectSlot slot) {
   Tagged<MaybeObject> obj = slot.Relaxed_Load(cage_base);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (obj.ptr() == kTaggedNullAddress) return REMOVE_SLOT;
 #endif
   DCHECK(!HAS_WEAK_HEAP_OBJECT_TAG(obj.ptr()));
@@ -4285,18 +4289,6 @@ void MarkCompactCollector::EvacuateEpilogue() {
 #endif  // DEBUG
 }
 
-namespace {
-MainAllocator* CreateSharedOldAllocator(Heap* heap) {
-  if (v8_flags.shared_string_table && heap->isolate()->has_shared_space() &&
-      !heap->isolate()->is_shared_space_isolate()) {
-    return new MainAllocator(heap, heap->shared_allocation_space(),
-                             MainAllocator::kInGC);
-  }
-
-  return nullptr;
-}
-}  // namespace
-
 class Evacuator final : public Malloced {
  public:
   enum EvacuationMode {
@@ -4330,16 +4322,13 @@ class Evacuator final : public Malloced {
             PretenuringHandler::kInitialFeedbackCapacity),
         local_allocator_(heap_,
                          CompactionSpaceKind::kCompactionSpaceForMarkCompact),
-        shared_old_allocator_(CreateSharedOldAllocator(heap_)),
         record_visitor_(heap_),
-        new_space_visitor_(heap_, &local_allocator_,
-                           shared_old_allocator_.get(), &record_visitor_,
+        new_space_visitor_(heap_, &local_allocator_, &record_visitor_,
                            &local_pretenuring_feedback_),
         new_to_old_page_visitor_(heap_, &record_visitor_,
                                  &local_pretenuring_feedback_),
 
-        old_space_visitor_(heap_, &local_allocator_,
-                           shared_old_allocator_.get(), &record_visitor_),
+        old_space_visitor_(heap_, &local_allocator_, &record_visitor_),
         duration_(0.0),
         bytes_compacted_(0) {}
 
@@ -4372,9 +4361,6 @@ class Evacuator final : public Malloced {
   // Locally cached collector data.
   EvacuationAllocator local_allocator_;
 
-  // Allocator for the shared heap.
-  std::unique_ptr<MainAllocator> shared_old_allocator_;
-
   RecordMigratedSlotVisitor record_visitor_;
 
   // Visitors for the corresponding spaces.
@@ -4415,7 +4401,6 @@ void Evacuator::EvacuatePage(MutablePageMetadata* page) {
 
 void Evacuator::Finalize() {
   local_allocator_.Finalize();
-  if (shared_old_allocator_) shared_old_allocator_->FreeLinearAllocationArea();
   heap_->tracer()->AddCompactionEvent(duration_, bytes_compacted_);
   heap_->IncrementPromotedObjectsSize(new_space_visitor_.promoted_size() +
                                       new_to_old_page_visitor_.moved_bytes());
@@ -5378,6 +5363,14 @@ void MarkCompactCollector::UpdatePointersAfterEvacuation() {
     CollectRememberedSetUpdatingItems(&updating_items, heap_->trusted_space());
     CollectRememberedSetUpdatingItems(&updating_items,
                                       heap_->trusted_lo_space());
+    if (heap_->shared_trusted_space()) {
+      CollectRememberedSetUpdatingItems(&updating_items,
+                                        heap_->shared_trusted_space());
+    }
+    if (heap_->shared_trusted_lo_space()) {
+      CollectRememberedSetUpdatingItems(&updating_items,
+                                        heap_->shared_trusted_lo_space());
+    }
 
     // Iterating to space may require a valid body descriptor for e.g.
     // WasmStruct which races with updating a slot in Map. Since to space is
diff --git a/deps/v8/src/heap/marking-visitor-inl.h b/deps/v8/src/heap/marking-visitor-inl.h
index 8295b1c3d14c3c..5225b80d9a14d7 100644
--- a/deps/v8/src/heap/marking-visitor-inl.h
+++ b/deps/v8/src/heap/marking-visitor-inl.h
@@ -294,11 +294,17 @@ void MarkingVisitorBase<ConcreteVisitor>::VisitTrustedPointerTableEntry(
 template <typename ConcreteVisitor>
 void MarkingVisitorBase<ConcreteVisitor>::VisitJSDispatchTableEntry(
     Tagged<HeapObject> host, JSDispatchHandle handle) {
-#ifdef V8_ENABLE_SANDBOX
+#ifdef V8_ENABLE_LEAPTIERING
   JSDispatchTable* table = GetProcessWideJSDispatchTable();
+#ifdef DEBUG
   JSDispatchTable::Space* space = heap_->js_dispatch_table_space();
-  table->Mark(space, handle);
-#endif  // V8_ENABLE_SANDBOX
+  JSDispatchTable::Space* ro_space =
+      heap_->isolate()->read_only_heap()->js_dispatch_table_space();
+  table->VerifyEntry(handle, space, ro_space);
+#endif  // DEBUG
+
+  table->Mark(handle);
+#endif  // V8_ENABLE_LEAPTIERING
 }
 
 // ===========================================================================
@@ -350,9 +356,14 @@ int MarkingVisitorBase<ConcreteVisitor>::VisitSharedFunctionInfo(
                              SharedFunctionInfo::kTrustedFunctionDataOffset,
                              kUnknownIndirectPointerTag),
                          IndirectPointerMode::kStrong);
+#else
+    VisitPointer(
+        shared_info,
+        shared_info->RawField(SharedFunctionInfo::kTrustedFunctionDataOffset));
 #endif
-    VisitPointer(shared_info, shared_info->RawField(
-                                  SharedFunctionInfo::kFunctionDataOffset));
+    VisitPointer(shared_info,
+                 shared_info->RawField(
+                     SharedFunctionInfo::kUntrustedFunctionDataOffset));
   } else if (!IsByteCodeFlushingEnabled(code_flush_mode_)) {
     // If bytecode flushing is disabled but baseline code flushing is enabled
     // then we have to visit the bytecode but not the baseline code.
@@ -384,7 +395,7 @@ bool MarkingVisitorBase<ConcreteVisitor>::HasBytecodeArrayForFlushing(
   // Get a snapshot of the function data field, and if it is a bytecode array,
   // check if it is old. Note, this is done this way since this function can be
   // called by the concurrent marker.
-  Tagged<Object> data = sfi->GetData(heap_->isolate());
+  Tagged<Object> data = sfi->GetTrustedData(heap_->isolate());
   if (IsCode(data)) {
     Tagged<Code> baseline_code = Cast<Code>(data);
     DCHECK_EQ(baseline_code->kind(), CodeKind::BASELINE);
diff --git a/deps/v8/src/heap/memory-chunk.cc b/deps/v8/src/heap/memory-chunk.cc
index 267b2c5a0e6a45..1795cc1b03b913 100644
--- a/deps/v8/src/heap/memory-chunk.cc
+++ b/deps/v8/src/heap/memory-chunk.cc
@@ -259,12 +259,26 @@ void MemoryChunk::SetYoungGenerationPageFlags(MarkingMode marking_mode) {
 
 #ifdef V8_ENABLE_SANDBOX
 bool MemoryChunk::SandboxSafeInReadOnlySpace() const {
+  // For the sandbox only flags from writable pages can be corrupted so we can
+  // use the flag check as a fast path in this case.
+  // It also helps making TSAN happy, since it doesn't like the way we
+  // initialize the MemoryChunks.
+  // (See MemoryChunkMetadata::SynchronizedHeapLoad).
+  if (!InReadOnlySpace()) {
+    return false;
+  }
+
   // When the sandbox is enabled, only the ReadOnlyPageMetadata are stored
   // inline in the MemoryChunk.
   // ReadOnlyPageMetadata::ChunkAddress() is a special version that boils down
   // to `metadata_address - kMemoryChunkHeaderSize`.
-  return static_cast<const ReadOnlyPageMetadata*>(Metadata())->ChunkAddress() ==
-         address();
+  MemoryChunkMetadata* metadata =
+      metadata_pointer_table_[metadata_index_ & kMetadataPointerTableSizeMask];
+  SBXCHECK_EQ(
+      static_cast<const ReadOnlyPageMetadata*>(metadata)->ChunkAddress(),
+      address());
+
+  return true;
 }
 #endif
 
diff --git a/deps/v8/src/heap/memory-measurement.cc b/deps/v8/src/heap/memory-measurement.cc
index e9933e4e6dd54a..9f4168332b6ae0 100644
--- a/deps/v8/src/heap/memory-measurement.cc
+++ b/deps/v8/src/heap/memory-measurement.cc
@@ -71,9 +71,9 @@ class MemoryMeasurementResultBuilder {
   Handle<JSObject> NewResult(size_t estimate, size_t lower_bound,
                              size_t upper_bound) {
     Handle<JSObject> result = NewJSObject();
-    Handle<Object> estimate_obj = NewNumber(estimate);
+    DirectHandle<Object> estimate_obj = NewNumber(estimate);
     AddProperty(result, factory_->jsMemoryEstimate_string(), estimate_obj);
-    Handle<Object> range = NewRange(lower_bound, upper_bound);
+    DirectHandle<Object> range = NewRange(lower_bound, upper_bound);
     AddProperty(result, factory_->jsMemoryRange_string(), range);
     return result;
   }
@@ -92,7 +92,7 @@ class MemoryMeasurementResultBuilder {
     return factory_->NewJSArrayWithElements(elements);
   }
   void AddProperty(Handle<JSObject> object, Handle<String> name,
-                   Handle<Object> value) {
+                   DirectHandle<Object> value) {
     JSObject::AddProperty(isolate_, object, name, value, NONE);
   }
   Isolate* isolate_;
@@ -349,7 +349,7 @@ void MemoryMeasurement::ReportResults() {
         continue;
       }
       Local<v8::Context> context = Utils::Convert<HeapObject, v8::Context>(
-          direct_handle(raw_context, isolate_), isolate_);
+          direct_handle(raw_context, isolate_));
       contexts.push_back(context);
       size_in_bytes.push_back(request.sizes[i]);
     }
diff --git a/deps/v8/src/heap/memory-measurement.h b/deps/v8/src/heap/memory-measurement.h
index 13680a7f63b3fc..ed9b0ca9919a45 100644
--- a/deps/v8/src/heap/memory-measurement.h
+++ b/deps/v8/src/heap/memory-measurement.h
@@ -75,7 +75,6 @@ class V8_EXPORT_PRIVATE NativeContextInferrer {
   // context is the shared context.
   V8_INLINE bool Infer(PtrComprCageBase cage_base, Tagged<Map> map,
                        Tagged<HeapObject> object, Address* native_context);
-
 };
 
 // Maintains mapping from native contexts to their sizes.
diff --git a/deps/v8/src/heap/memory-reducer.cc b/deps/v8/src/heap/memory-reducer.cc
index 7e053d09e68b46..ee72b9d325654e 100644
--- a/deps/v8/src/heap/memory-reducer.cc
+++ b/deps/v8/src/heap/memory-reducer.cc
@@ -78,7 +78,10 @@ void MemoryReducer::NotifyTimer(const Event& event) {
       heap()->isolate()->PrintWithTimestamp("Memory reducer: started GC #%d\n",
                                             state_.started_gcs());
     }
-    heap()->StartIncrementalMarking(GCFlag::kReduceMemoryFootprint,
+    GCFlags gc_flags = v8_flags.memory_reducer_favors_memory
+                           ? GCFlag::kReduceMemoryFootprint
+                           : GCFlag::kNoFlags;
+    heap()->StartIncrementalMarking(gc_flags,
                                     GarbageCollectionReason::kMemoryReducer,
                                     kGCCallbackFlagCollectAllExternalMemory);
   } else if (state_.id() == kWait) {
diff --git a/deps/v8/src/heap/minor-mark-sweep.cc b/deps/v8/src/heap/minor-mark-sweep.cc
index bcf1e0fa2c186d..331d525b2a3ed1 100644
--- a/deps/v8/src/heap/minor-mark-sweep.cc
+++ b/deps/v8/src/heap/minor-mark-sweep.cc
@@ -132,7 +132,7 @@ class YoungGenerationMarkingVerifier : public MarkingVerifierBase {
         GetPtrComprCageBaseFromOnHeapAddress(start.address());
     for (TSlot slot = start; slot < end; ++slot) {
       typename TSlot::TObject object = slot.load(cage_base);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
       if (object.ptr() == kTaggedNullAddress) continue;
 #endif
       Tagged<HeapObject> heap_object;
@@ -155,8 +155,13 @@ class YoungGenerationMarkingVerifier : public MarkingVerifierBase {
 
 namespace {
 int EstimateMaxNumberOfRemeberedSets(Heap* heap) {
+  // old space, lo space, trusted space and trusted lo space can have a maximum
+  // of two remembered sets (OLD_TO_NEW and OLD_TO_NEW_BACKGROUND).
+  // Code space and code lo space can have typed OLD_TO_NEW in addition.
   return 2 * (heap->old_space()->CountTotalPages() +
-              heap->lo_space()->PageCount()) +
+              heap->lo_space()->PageCount() +
+              heap->trusted_space()->CountTotalPages() +
+              heap->trusted_lo_space()->PageCount()) +
          3 * (heap->code_space()->CountTotalPages() +
               heap->code_lo_space()->PageCount());
 }
diff --git a/deps/v8/src/heap/new-spaces.cc b/deps/v8/src/heap/new-spaces.cc
index 893a29844653e9..190a3210ec4573 100644
--- a/deps/v8/src/heap/new-spaces.cc
+++ b/deps/v8/src/heap/new-spaces.cc
@@ -844,7 +844,7 @@ std::optional<std::pair<Address, Address>> SemiSpaceNewSpace::Allocate(
     return std::pair(start, end);
   }
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
 void SemiSpaceNewSpace::Free(Address start, Address end) {
diff --git a/deps/v8/src/heap/object-stats.cc b/deps/v8/src/heap/object-stats.cc
index ed3d3fa5408488..2c6b72442bee9e 100644
--- a/deps/v8/src/heap/object-stats.cc
+++ b/deps/v8/src/heap/object-stats.cc
@@ -929,9 +929,8 @@ void ObjectStatsCollectorImpl::RecordVirtualMapDetails(Tagged<Map> map) {
 
 void ObjectStatsCollectorImpl::RecordVirtualScriptDetails(
     Tagged<Script> script) {
-  RecordSimpleVirtualObjectStats(
-      script, script->shared_function_infos(),
-      ObjectStats::SCRIPT_SHARED_FUNCTION_INFOS_TYPE);
+  RecordSimpleVirtualObjectStats(script, script->infos(),
+                                 ObjectStats::SCRIPT_INFOS_TYPE);
 
   // Log the size of external source code.
   Tagged<Object> raw_source = script->source();
diff --git a/deps/v8/src/heap/object-stats.h b/deps/v8/src/heap/object-stats.h
index 9c121a61230b5f..569cca0904a921 100644
--- a/deps/v8/src/heap/object-stats.h
+++ b/deps/v8/src/heap/object-stats.h
@@ -70,7 +70,7 @@
   V(RELOC_INFO_TYPE)                             \
   V(RETAINED_MAPS_TYPE)                          \
   V(SCRIPT_LIST_TYPE)                            \
-  V(SCRIPT_SHARED_FUNCTION_INFOS_TYPE)           \
+  V(SCRIPT_INFOS_TYPE)                           \
   V(SCRIPT_SOURCE_EXTERNAL_ONE_BYTE_TYPE)        \
   V(SCRIPT_SOURCE_EXTERNAL_TWO_BYTE_TYPE)        \
   V(SCRIPT_SOURCE_NON_EXTERNAL_ONE_BYTE_TYPE)    \
diff --git a/deps/v8/src/heap/objects-visiting.h b/deps/v8/src/heap/objects-visiting.h
index 38de37713458a4..6d92e1c353839c 100644
--- a/deps/v8/src/heap/objects-visiting.h
+++ b/deps/v8/src/heap/objects-visiting.h
@@ -52,6 +52,8 @@ namespace internal {
   V(PropertyArray)                   \
   V(PropertyCell)                    \
   V(PrototypeInfo)                   \
+  V(RegExpBoilerplateDescription)    \
+  V(RegExpDataWrapper)               \
   V(SeqOneByteString)                \
   V(SeqTwoByteString)                \
   V(SharedFunctionInfo)              \
@@ -73,6 +75,7 @@ namespace internal {
   IF_WASM(V, WasmNull)               \
   IF_WASM(V, WasmResumeData)         \
   IF_WASM(V, WasmStruct)             \
+  IF_WASM(V, WasmSuspenderObject)    \
   IF_WASM(V, WasmTypeInfo)           \
   SIMPLE_HEAP_OBJECT_LIST1(V)
 
@@ -87,13 +90,13 @@ namespace internal {
   V(JSFinalizationRegistry)                 \
   V(JSFunction)                             \
   V(JSObject)                               \
+  V(JSRegExp)                               \
   V(JSSynchronizationPrimitive)             \
   V(JSTypedArray)                           \
   V(JSWeakCollection)                       \
   V(JSWeakRef)                              \
   IF_WASM(V, WasmGlobalObject)              \
   IF_WASM(V, WasmInstanceObject)            \
-  IF_WASM(V, WasmSuspenderObject)           \
   IF_WASM(V, WasmSuspendingObject)          \
   IF_WASM(V, WasmTableObject)               \
   IF_WASM(V, WasmTagObject)
@@ -130,6 +133,8 @@ namespace internal {
   V(PropertyArray)                                        \
   V(PropertyCell)                                         \
   V(PrototypeInfo)                                        \
+  V(RegExpBoilerplateDescription)                         \
+  V(RegExpDataWrapper)                                    \
   V(ScopeInfo)                                            \
   V(SeqOneByteString)                                     \
   V(SeqTwoByteString)                                     \
@@ -140,8 +145,6 @@ namespace internal {
   V(Symbol)                                               \
   V(ThinString)                                           \
   V(TransitionArray)                                      \
-  V(UncompiledDataWithoutPreparseData)                    \
-  V(UncompiledDataWithPreparseData)                       \
   V(WeakArrayList)                                        \
   V(WeakFixedArray)
 
diff --git a/deps/v8/src/heap/paged-spaces.cc b/deps/v8/src/heap/paged-spaces.cc
index 23e48a4c7788eb..c5a6f63d498143 100644
--- a/deps/v8/src/heap/paged-spaces.cc
+++ b/deps/v8/src/heap/paged-spaces.cc
@@ -625,10 +625,14 @@ CompactionSpaceCollection::CompactionSpaceCollection(
                  compaction_space_kind),
       code_space_(heap, CODE_SPACE, Executability::EXECUTABLE,
                   compaction_space_kind),
-      shared_space_(heap, SHARED_SPACE, Executability::NOT_EXECUTABLE,
-                    compaction_space_kind),
       trusted_space_(heap, TRUSTED_SPACE, Executability::NOT_EXECUTABLE,
-                     compaction_space_kind) {}
+                     compaction_space_kind) {
+  if (heap->isolate()->has_shared_space()) {
+    shared_space_.emplace(heap->isolate()->shared_space_isolate()->heap(),
+                          SHARED_SPACE, Executability::NOT_EXECUTABLE,
+                          compaction_space_kind);
+  }
+}
 
 // -----------------------------------------------------------------------------
 // OldSpace implementation
diff --git a/deps/v8/src/heap/paged-spaces.h b/deps/v8/src/heap/paged-spaces.h
index d8c049b1268ee8..62eae1f938c318 100644
--- a/deps/v8/src/heap/paged-spaces.h
+++ b/deps/v8/src/heap/paged-spaces.h
@@ -410,7 +410,8 @@ class CompactionSpaceCollection : public Malloced {
       case CODE_SPACE:
         return &code_space_;
       case SHARED_SPACE:
-        return &shared_space_;
+        DCHECK(shared_space_);
+        return &*shared_space_;
       case TRUSTED_SPACE:
         return &trusted_space_;
       default:
@@ -422,7 +423,7 @@ class CompactionSpaceCollection : public Malloced {
  private:
   CompactionSpace old_space_;
   CompactionSpace code_space_;
-  CompactionSpace shared_space_;
+  std::optional<CompactionSpace> shared_space_;
   CompactionSpace trusted_space_;
 };
 
diff --git a/deps/v8/src/heap/read-only-heap.cc b/deps/v8/src/heap/read-only-heap.cc
index b187bb92035742..dfb46805702397 100644
--- a/deps/v8/src/heap/read-only-heap.cc
+++ b/deps/v8/src/heap/read-only-heap.cc
@@ -19,6 +19,7 @@
 #include "src/objects/heap-object-inl.h"
 #include "src/objects/objects-inl.h"
 #include "src/objects/smi.h"
+#include "src/sandbox/js-dispatch-table-inl.h"
 #include "src/snapshot/read-only-deserializer.h"
 #include "src/utils/allocation.h"
 
@@ -51,6 +52,7 @@ std::shared_ptr<ReadOnlyArtifacts> InitializeSharedReadOnlyArtifacts() {
 ReadOnlyHeap::~ReadOnlyHeap() {
 #ifdef V8_ENABLE_SANDBOX
   GetProcessWideCodePointerTable()->TearDownSpace(&code_pointer_space_);
+  GetProcessWideJSDispatchTable()->TearDownSpace(&js_dispatch_table_space_);
 #endif
 }
 
@@ -244,6 +246,14 @@ ReadOnlyHeap::ReadOnlyHeap(ReadOnlySpace* ro_space)
     : read_only_space_(ro_space) {
 #ifdef V8_ENABLE_SANDBOX
   GetProcessWideCodePointerTable()->InitializeSpace(&code_pointer_space_);
+  GetProcessWideJSDispatchTable()->InitializeSpace(&js_dispatch_table_space_);
+  // To avoid marking trying to write to these read-only cells they are
+  // allocated black. Target code objects in the read-only dispatch table are
+  // read-only code objects.
+  js_dispatch_table_space_.set_allocate_black(true);
+  // TODO(olivf, 42204201): We should also `AttachSpaceToReadOnlySegment` here,
+  // however that requires a bit of a dance to initialize the dispatch table at
+  // the exact right momemnt in Isolate::Init.
 #endif
 }
 
diff --git a/deps/v8/src/heap/read-only-heap.h b/deps/v8/src/heap/read-only-heap.h
index 5d1a132df76058..2b7c5f4b3eedee 100644
--- a/deps/v8/src/heap/read-only-heap.h
+++ b/deps/v8/src/heap/read-only-heap.h
@@ -14,6 +14,7 @@
 #include "src/objects/objects.h"
 #include "src/roots/roots.h"
 #include "src/sandbox/code-pointer-table.h"
+#include "src/sandbox/js-dispatch-table.h"
 
 namespace v8 {
 
@@ -86,6 +87,9 @@ class ReadOnlyHeap {
 
 #ifdef V8_ENABLE_SANDBOX
   CodePointerTable::Space* code_pointer_space() { return &code_pointer_space_; }
+  JSDispatchTable::Space* js_dispatch_table_space() {
+    return &js_dispatch_table_space_;
+  }
 #endif
 
   // Returns whether the ReadOnlySpace will actually be shared taking into
@@ -127,6 +131,7 @@ class ReadOnlyHeap {
   // The read-only heap has its own code pointer space. Entries in this space
   // are never deallocated.
   CodePointerTable::Space code_pointer_space_;
+  JSDispatchTable::Space js_dispatch_table_space_;
 #endif  // V8_ENABLE_SANDBOX
 
   // Returns whether shared memory can be allocated and then remapped to
diff --git a/deps/v8/src/heap/read-only-promotion.cc b/deps/v8/src/heap/read-only-promotion.cc
index f8be4aad8680d7..3822ca43c8dc5c 100644
--- a/deps/v8/src/heap/read-only-promotion.cc
+++ b/deps/v8/src/heap/read-only-promotion.cc
@@ -337,7 +337,8 @@ class ReadOnlyPromotionImpl final : public AllStatic {
     //
     // Known objects.
     Heap* heap = isolate->heap();
-    CHECK(InReadOnlySpace(heap->promise_all_resolve_element_shared_fun()));
+    CHECK(InReadOnlySpace(
+        heap->promise_all_resolve_element_closure_shared_fun()));
     // TODO(jgruber): Extend here with more objects as they are added to
     // the promotion algorithm.
 
@@ -442,7 +443,7 @@ class ReadOnlyPromotionImpl final : public AllStatic {
    private:
     void ProcessSlot(Root root, FullObjectSlot slot) {
       Tagged<Object> old_slot_value_obj = slot.load(isolate_);
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
       if (old_slot_value_obj.ptr() == kTaggedNullAddress) return;
 #endif
       if (!IsHeapObject(old_slot_value_obj)) return;
diff --git a/deps/v8/src/heap/scavenger-inl.h b/deps/v8/src/heap/scavenger-inl.h
index f3dc44808e66f4..a87e736a61b8dc 100644
--- a/deps/v8/src/heap/scavenger-inl.h
+++ b/deps/v8/src/heap/scavenger-inl.h
@@ -167,17 +167,9 @@ CopyAndForwardResult Scavenger::PromoteObject(Tagged<Map> map,
                 "Only FullHeapObjectSlot and HeapObjectSlot are expected here");
   DCHECK_GE(object_size, Heap::kMinObjectSizeInTaggedWords * kTaggedSize);
   AllocationAlignment alignment = HeapObject::RequiredAlignment(map);
-  AllocationResult allocation;
-  switch (promotion_heap_choice) {
-    case kPromoteIntoLocalHeap:
-      allocation = allocator_.Allocate(OLD_SPACE, object_size, alignment);
-      break;
-    case kPromoteIntoSharedHeap:
-      DCHECK_NOT_NULL(shared_old_allocator_);
-      allocation = shared_old_allocator_->AllocateRaw(object_size, alignment,
-                                                      AllocationOrigin::kGC);
-      break;
-  }
+  AllocationResult allocation = allocator_.Allocate(
+      promotion_heap_choice == kPromoteIntoLocalHeap ? OLD_SPACE : SHARED_SPACE,
+      object_size, alignment);
 
   Tagged<HeapObject> target;
   if (allocation.To(&target)) {
@@ -185,14 +177,10 @@ CopyAndForwardResult Scavenger::PromoteObject(Tagged<Map> map,
     const bool self_success =
         MigrateObject(map, object, target, object_size, promotion_heap_choice);
     if (!self_success) {
-      switch (promotion_heap_choice) {
-        case kPromoteIntoLocalHeap:
-          allocator_.FreeLast(OLD_SPACE, target, object_size);
-          break;
-        case kPromoteIntoSharedHeap:
-          heap()->CreateFillerObjectAt(target.address(), object_size);
-          break;
-      }
+      allocator_.FreeLast(promotion_heap_choice == kPromoteIntoLocalHeap
+                              ? OLD_SPACE
+                              : SHARED_SPACE,
+                          target, object_size);
 
       MapWord map_word = object->map_word(kAcquireLoad);
       UpdateHeapObjectReferenceSlot(slot, map_word.ToForwardingAddress(object));
@@ -223,12 +211,9 @@ SlotCallbackResult Scavenger::RememberedSetEntryNeeded(
 
 bool Scavenger::HandleLargeObject(Tagged<Map> map, Tagged<HeapObject> object,
                                   int object_size, ObjectFields object_fields) {
-  // TODO(hpayer): Make this check size based, i.e.
-  // object_size > kMaxRegularHeapObjectSize
-  if (V8_UNLIKELY(
-          MemoryChunk::FromHeapObject(object)->InNewLargeObjectSpace())) {
-    DCHECK_EQ(NEW_LO_SPACE,
-              MutablePageMetadata::FromHeapObject(object)->owner_identity());
+  if (NEW_LO_SPACE ==
+      MutablePageMetadata::FromHeapObject(object)->owner_identity()) {
+    DCHECK(MemoryChunk::FromHeapObject(object)->InNewLargeObjectSpace());
     if (object->release_compare_and_swap_map_word_forwarded(
             MapWord::FromMap(map), object)) {
       surviving_new_large_objects_.insert({object, map});
diff --git a/deps/v8/src/heap/scavenger.cc b/deps/v8/src/heap/scavenger.cc
index 6eb032809bba62..f0d4a772a4a281 100644
--- a/deps/v8/src/heap/scavenger.cc
+++ b/deps/v8/src/heap/scavenger.cc
@@ -675,17 +675,6 @@ Scavenger::PromotionList::Local::Local(Scavenger::PromotionList* promotion_list)
       large_object_promotion_list_local_(
           promotion_list->large_object_promotion_list_) {}
 
-namespace {
-MainAllocator* CreateSharedOldAllocator(Heap* heap) {
-  if (v8_flags.shared_string_table && heap->isolate()->has_shared_space()) {
-    return new MainAllocator(heap, heap->shared_allocation_space(),
-                             MainAllocator::kInGC);
-  }
-  return nullptr;
-}
-
-}  // namespace
-
 Scavenger::Scavenger(ScavengerCollector* collector, Heap* heap, bool is_logging,
                      EmptyChunksList* empty_chunks, CopiedList* copied_list,
                      PromotionList* promotion_list,
@@ -700,11 +689,11 @@ Scavenger::Scavenger(ScavengerCollector* collector, Heap* heap, bool is_logging,
       pretenuring_handler_(heap_->pretenuring_handler()),
       local_pretenuring_feedback_(PretenuringHandler::kInitialFeedbackCapacity),
       allocator_(heap, CompactionSpaceKind::kCompactionSpaceForScavenge),
-      shared_old_allocator_(CreateSharedOldAllocator(heap_)),
       is_logging_(is_logging),
       is_incremental_marking_(heap->incremental_marking()->IsMarking()),
       is_compacting_(heap->incremental_marking()->IsCompacting()),
-      shared_string_table_(shared_old_allocator_ != nullptr),
+      shared_string_table_(v8_flags.shared_string_table &&
+                           heap->isolate()->has_shared_space()),
       mark_shared_heap_(heap->isolate()->is_shared_space_isolate()),
       shortcut_strings_(
           heap->CanShortcutStringsDuringGC(GarbageCollector::SCAVENGER)) {
@@ -924,7 +913,6 @@ void Scavenger::Finalize() {
   heap()->IncrementPromotedObjectsSize(promoted_size_);
   collector_->MergeSurvivingNewLargeObjects(surviving_new_large_objects_);
   allocator_.Finalize();
-  if (shared_old_allocator_) shared_old_allocator_->FreeLinearAllocationArea();
   empty_chunks_local_.Publish();
   ephemeron_table_list_local_.Publish();
   for (auto it = ephemeron_remembered_set_.begin();
diff --git a/deps/v8/src/heap/scavenger.h b/deps/v8/src/heap/scavenger.h
index 19cabd79ac8e80..7754d2d5ef3aa7 100644
--- a/deps/v8/src/heap/scavenger.h
+++ b/deps/v8/src/heap/scavenger.h
@@ -214,7 +214,6 @@ class Scavenger {
   size_t copied_size_{0};
   size_t promoted_size_{0};
   EvacuationAllocator allocator_;
-  std::unique_ptr<MainAllocator> shared_old_allocator_;
   SurvivingNewLargeObjectsMap surviving_new_large_objects_;
 
   EphemeronRememberedSet::TableMap ephemeron_remembered_set_;
diff --git a/deps/v8/src/heap/setup-heap-internal.cc b/deps/v8/src/heap/setup-heap-internal.cc
index 829885ec37b59f..18046108202aa4 100644
--- a/deps/v8/src/heap/setup-heap-internal.cc
+++ b/deps/v8/src/heap/setup-heap-internal.cc
@@ -404,9 +404,16 @@ bool Heap::CreateEarlyReadOnlyMapsAndObjects() {
     ALLOCATE_AND_SET_ROOT(Map, symbol_map, Map::kSize);
 
     ALLOCATE_AND_SET_ROOT(Map, meta_map, Map::kSize);
+    // Keep HeapNumber and Oddball maps together for cheap NumberOrOddball
+    // checks.
     ALLOCATE_AND_SET_ROOT(Map, undefined_map, Map::kSize);
     ALLOCATE_AND_SET_ROOT(Map, null_map, Map::kSize);
+    // Keep HeapNumber and Boolean maps together for cheap NumberOrBoolean
+    // checks.
     ALLOCATE_AND_SET_ROOT(Map, boolean_map, Map::kSize);
+    // Keep HeapNumber and BigInt maps together for cheaper numerics checks.
+    ALLOCATE_AND_SET_ROOT(Map, heap_number_map, Map::kSize);
+    ALLOCATE_AND_SET_ROOT(Map, bigint_map, Map::kSize);
 
 #undef ALLOCATE_AND_SET_ROOT
 
@@ -417,6 +424,12 @@ bool Heap::CreateEarlyReadOnlyMapsAndObjects() {
     InitializePartialMap(null_map, meta_map, ODDBALL_TYPE, sizeof(Null));
     InitializePartialMap(boolean_map, meta_map, ODDBALL_TYPE, sizeof(Boolean));
     boolean_map->SetConstructorFunctionIndex(Context::BOOLEAN_FUNCTION_INDEX);
+    InitializePartialMap(heap_number_map, meta_map, HEAP_NUMBER_TYPE,
+                         sizeof(HeapNumber));
+    heap_number_map->SetConstructorFunctionIndex(
+        Context::NUMBER_FUNCTION_INDEX);
+    InitializePartialMap(bigint_map, meta_map, BIGINT_TYPE,
+                         kVariableSizeSentinel);
 
     for (const StringTypeInit& entry : kStringTypeTable) {
       Tagged<Map> map = UncheckedCast<Map>(roots.object_at(entry.index));
@@ -571,6 +584,8 @@ bool Heap::CreateEarlyReadOnlyMapsAndObjects() {
   FinalizePartialMap(roots.null_map());
   roots.null_map()->set_is_undetectable(true);
   FinalizePartialMap(roots.boolean_map());
+  FinalizePartialMap(roots.heap_number_map());
+  FinalizePartialMap(roots.bigint_map());
   FinalizePartialMap(roots.hole_map());
   FinalizePartialMap(roots.symbol_map());
   for (const StructInit& entry : kStructTable) {
@@ -609,11 +624,6 @@ bool Heap::CreateEarlyReadOnlyMapsAndObjects() {
                          closure_feedback_cell_array)
     ALLOCATE_VARSIZE_MAP(FEEDBACK_VECTOR_TYPE, feedback_vector)
 
-    // Keep HeapNumber and BigInt maps together for cheaper numerics checks.
-    ALLOCATE_PRIMITIVE_MAP(HEAP_NUMBER_TYPE, sizeof(HeapNumber), heap_number,
-                           Context::NUMBER_FUNCTION_INDEX)
-    ALLOCATE_VARSIZE_MAP(BIGINT_TYPE, bigint);
-
     ALLOCATE_MAP(FOREIGN_TYPE, Foreign::kSize, foreign)
     ALLOCATE_MAP(TRUSTED_FOREIGN_TYPE, TrustedForeign::kSize, trusted_foreign)
     ALLOCATE_MAP(MEGA_DOM_HANDLER_TYPE, MegaDomHandler::kSize, mega_dom_handler)
@@ -729,6 +739,11 @@ bool Heap::CreateLateReadOnlyNonJSReceiverMaps() {
     ALLOCATE_VARSIZE_MAP(COVERAGE_INFO_TYPE, coverage_info);
     ALLOCATE_VARSIZE_MAP(REG_EXP_MATCH_INFO_TYPE, regexp_match_info);
 
+    ALLOCATE_MAP(REG_EXP_DATA_TYPE, RegExpData::kSize, regexp_data);
+    ALLOCATE_MAP(ATOM_REG_EXP_DATA_TYPE, AtomRegExpData::kSize,
+                 atom_regexp_data);
+    ALLOCATE_MAP(IR_REG_EXP_DATA_TYPE, IrRegExpData::kSize, ir_regexp_data);
+
     ALLOCATE_MAP(SOURCE_TEXT_MODULE_TYPE, SourceTextModule::kSize,
                  source_text_module)
     ALLOCATE_MAP(SYNTHETIC_MODULE_TYPE, SyntheticModule::kSize,
@@ -737,8 +752,8 @@ bool Heap::CreateLateReadOnlyNonJSReceiverMaps() {
     ALLOCATE_MAP(CONST_TRACKING_LET_CELL_TYPE, ConstTrackingLetCell::kSize,
                  global_const_tracking_let_cell)
 
-    IF_WASM(ALLOCATE_MAP, WASM_API_FUNCTION_REF_TYPE, WasmApiFunctionRef::kSize,
-            wasm_api_function_ref)
+    IF_WASM(ALLOCATE_MAP, WASM_IMPORT_DATA_TYPE, WasmImportData::kSize,
+            wasm_import_data)
     IF_WASM(ALLOCATE_MAP, WASM_CAPI_FUNCTION_DATA_TYPE,
             WasmCapiFunctionData::kSize, wasm_capi_function_data)
     IF_WASM(ALLOCATE_MAP, WASM_EXPORTED_FUNCTION_DATA_TYPE,
@@ -750,6 +765,8 @@ bool Heap::CreateLateReadOnlyNonJSReceiverMaps() {
             wasm_js_function_data)
     IF_WASM(ALLOCATE_MAP, WASM_RESUME_DATA_TYPE, WasmResumeData::kSize,
             wasm_resume_data)
+    IF_WASM(ALLOCATE_MAP, WASM_SUSPENDER_OBJECT_TYPE,
+            WasmSuspenderObject::kSize, wasm_suspender_object)
     IF_WASM(ALLOCATE_MAP, WASM_TYPE_INFO_TYPE, kVariableSizeSentinel,
             wasm_type_info)
     IF_WASM(ALLOCATE_MAP, WASM_CONTINUATION_OBJECT_TYPE,
@@ -1397,7 +1414,7 @@ void Heap::CreateInitialMutableObjects() {
 
   // Error.stack accessor callbacks:
   {
-    Handle<FunctionTemplateInfo> function_template;
+    DirectHandle<FunctionTemplateInfo> function_template;
     function_template = ApiNatives::CreateAccessorFunctionTemplateInfo(
         isolate_, Accessors::ErrorStackGetter, 0,
         SideEffectType::kHasSideEffect);
@@ -1412,7 +1429,7 @@ void Heap::CreateInitialMutableObjects() {
   // Create internal SharedFunctionInfos.
   // Async functions:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate(), Builtin::kAsyncFunctionAwaitRejectClosure, 1);
     set_async_function_await_reject_shared_fun(*info);
 
@@ -1423,7 +1440,7 @@ void Heap::CreateInitialMutableObjects() {
 
   // Async generators:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate(), Builtin::kAsyncGeneratorAwaitResolveClosure, 1);
     set_async_generator_await_resolve_shared_fun(*info);
 
@@ -1464,7 +1481,7 @@ void Heap::CreateInitialMutableObjects() {
 
   // Promises:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate_, Builtin::kPromiseCapabilityDefaultResolve, 1,
         FunctionKind::kConciseMethod);
     info->set_native(true);
@@ -1487,7 +1504,7 @@ void Heap::CreateInitialMutableObjects() {
 
   // Promises / finally:
   {
-    Handle<SharedFunctionInfo> info =
+    DirectHandle<SharedFunctionInfo> info =
         CreateSharedFunctionInfo(isolate(), Builtin::kPromiseThenFinally, 1);
     info->set_native(true);
     set_promise_then_finally_shared_fun(*info);
@@ -1508,21 +1525,21 @@ void Heap::CreateInitialMutableObjects() {
 
   // Promise combinators:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate_, Builtin::kPromiseAllResolveElementClosure, 1);
-    set_promise_all_resolve_element_shared_fun(*info);
+    set_promise_all_resolve_element_closure_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
         isolate_, Builtin::kPromiseAllSettledResolveElementClosure, 1);
-    set_promise_all_settled_resolve_element_shared_fun(*info);
+    set_promise_all_settled_resolve_element_closure_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
         isolate_, Builtin::kPromiseAllSettledRejectElementClosure, 1);
-    set_promise_all_settled_reject_element_shared_fun(*info);
+    set_promise_all_settled_reject_element_closure_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
         isolate_, Builtin::kPromiseAnyRejectElementClosure, 1);
-    set_promise_any_reject_element_shared_fun(*info);
+    set_promise_any_reject_element_closure_shared_fun(*info);
   }
 
   // ProxyRevoke:
@@ -1535,13 +1552,13 @@ void Heap::CreateInitialMutableObjects() {
   // ShadowRealm:
   {
     DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kShadowRealmImportValueFulfilled, 0);
-    set_shadow_realm_import_value_fulfilled_sfi(*info);
+        isolate_, Builtin::kShadowRealmImportValueFulfilled, 1);
+    set_shadow_realm_import_value_fulfilled_shared_fun(*info);
   }
 
   // SourceTextModule:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate_, Builtin::kCallAsyncModuleFulfilled, 0);
     set_source_text_module_execute_async_module_fulfilled_sfi(*info);
 
@@ -1552,26 +1569,26 @@ void Heap::CreateInitialMutableObjects() {
 
   // Array.fromAsync:
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kArrayFromAsyncIterableOnFulfilled, 0);
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+        isolate_, Builtin::kArrayFromAsyncIterableOnFulfilled, 1);
     set_array_from_async_iterable_on_fulfilled_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kArrayFromAsyncIterableOnRejected, 0);
+        isolate_, Builtin::kArrayFromAsyncIterableOnRejected, 1);
     set_array_from_async_iterable_on_rejected_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kArrayFromAsyncArrayLikeOnFulfilled, 0);
+        isolate_, Builtin::kArrayFromAsyncArrayLikeOnFulfilled, 1);
     set_array_from_async_array_like_on_fulfilled_shared_fun(*info);
 
     info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kArrayFromAsyncArrayLikeOnRejected, 0);
+        isolate_, Builtin::kArrayFromAsyncArrayLikeOnRejected, 1);
     set_array_from_async_array_like_on_rejected_shared_fun(*info);
   }
 
   // Atomics.Mutex
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
         isolate_, Builtin::kAtomicsMutexAsyncUnlockResolveHandler, 1);
     set_atomics_mutex_async_unlock_resolve_handler_sfi(*info);
     info = CreateSharedFunctionInfo(
@@ -1588,16 +1605,8 @@ void Heap::CreateInitialMutableObjects() {
 
   // Async Disposable Stack
   {
-    Handle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kAsyncDisposableStackOnFulfilled, 0);
-    set_async_disposable_stack_on_fulfilled_shared_fun(*info);
-
-    info = CreateSharedFunctionInfo(
-        isolate_, Builtin::kAsyncDisposableStackOnRejected, 0);
-    set_async_disposable_stack_on_rejected_shared_fun(*info);
-
-    info = CreateSharedFunctionInfo(isolate_,
-                                    Builtin::kAsyncDisposeFromSyncDispose, 0);
+    DirectHandle<SharedFunctionInfo> info = CreateSharedFunctionInfo(
+        isolate_, Builtin::kAsyncDisposeFromSyncDispose, 0);
     set_async_dispose_from_sync_dispose_shared_fun(*info);
   }
 
@@ -1616,7 +1625,7 @@ void Heap::CreateInitialMutableObjects() {
 void Heap::CreateInternalAccessorInfoObjects() {
   Isolate* isolate = this->isolate();
   HandleScope scope(isolate);
-  Handle<AccessorInfo> accessor_info;
+  DirectHandle<AccessorInfo> accessor_info;
 
 #define INIT_ACCESSOR_INFO(_, accessor_name, AccessorName, ...) \
   accessor_info = Accessors::Make##AccessorName##Info(isolate); \
diff --git a/deps/v8/src/heap/young-generation-marking-visitor-inl.h b/deps/v8/src/heap/young-generation-marking-visitor-inl.h
index 1a7f7fee94979f..5e0e39a3db0516 100644
--- a/deps/v8/src/heap/young-generation-marking-visitor-inl.h
+++ b/deps/v8/src/heap/young-generation-marking-visitor-inl.h
@@ -170,7 +170,7 @@ V8_INLINE bool YoungGenerationMarkingVisitor<marking_mode>::VisitObjectViaSlot(
     return false;
   }
   typename TSlot::TObject target = *optional_object;
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
   if (target.ptr() == kTaggedNullAddress) return false;
 #endif
   Tagged<HeapObject> heap_object;
diff --git a/deps/v8/src/ic/accessor-assembler.cc b/deps/v8/src/ic/accessor-assembler.cc
index 6e67cee2f54b32..a83c29ece6a4b9 100644
--- a/deps/v8/src/ic/accessor-assembler.cc
+++ b/deps/v8/src/ic/accessor-assembler.cc
@@ -4,8 +4,9 @@
 
 #include "src/ic/accessor-assembler.h"
 
+#include <optional>
+
 #include "src/ast/ast.h"
-#include "src/base/optional.h"
 #include "src/builtins/builtins-constructor-gen.h"
 #include "src/builtins/builtins-inl.h"
 #include "src/codegen/code-stub-assembler-inl.h"
@@ -215,8 +216,7 @@ void AccessorAssembler::TryEnumeratedKeyedLoad(
   TNode<FixedArray> enum_keys =
       LoadObjectField<FixedArray>(enum_cache, EnumCache::kKeysOffset);
   // |p->enum_index()| comes from the outer loop's ForIn state.
-  TNode<Object> key =
-      LoadFixedArrayElement(enum_keys, TaggedIndexToSmi(p->enum_index()));
+  TNode<Object> key = LoadFixedArrayElement(enum_keys, p->enum_index());
   // Check if |p->name()| matches the key in enum cache. |p->name()| is the
   // "each" variable of a for-in loop, but it can be modified by debugger or
   // other bytecodes.
@@ -225,8 +225,8 @@ void AccessorAssembler::TryEnumeratedKeyedLoad(
       LoadObjectField<FixedArray>(enum_cache, EnumCache::kIndicesOffset);
   // Check if we have enum indices available.
   GotoIf(IsEmptyFixedArray(enum_indices), &no_enum_cache);
-  TNode<Int32T> field_index = SmiToInt32(CAST(
-      LoadFixedArrayElement(enum_indices, TaggedIndexToSmi(p->enum_index()))));
+  TNode<Int32T> field_index =
+      SmiToInt32(CAST(LoadFixedArrayElement(enum_indices, p->enum_index())));
 
   TVARIABLE(Object, result);
   Label if_double(this, Label::kDeferred), done(this, &result);
@@ -416,8 +416,8 @@ void AccessorAssembler::HandleLoadAccessor(
   TNode<MaybeObject> maybe_context = Select<MaybeObject>(
       IsSetWord32<LoadHandler::DoAccessCheckOnLookupStartObjectBits>(
           handler_word),
-      [=] { return LoadHandlerDataField(handler, 3); },
-      [=] { return LoadHandlerDataField(handler, 2); });
+      [=, this] { return LoadHandlerDataField(handler, 3); },
+      [=, this] { return LoadHandlerDataField(handler, 2); });
 
   CSA_DCHECK(this, IsWeakOrCleared(maybe_context));
   CSA_CHECK(this, IsNotCleared(maybe_context));
@@ -1220,7 +1220,8 @@ void AccessorAssembler::HandleLoadICProtoHandler(
       // Code sub-handlers are not expected in LoadICs, so no |on_code_handler|.
       nullptr,
       // on_found_on_lookup_start_object
-      [=](TNode<PropertyDictionary> properties, TNode<IntPtrT> name_index) {
+      [=, this](TNode<PropertyDictionary> properties,
+                TNode<IntPtrT> name_index) {
         if (access_mode == LoadAccessMode::kHas) {
           exit_point->Return(TrueConstant());
         } else {
@@ -1936,7 +1937,7 @@ void AccessorAssembler::HandleStoreICProtoHandler(
   OnCodeHandler on_code_handler;
   if (support_elements == kSupportElements) {
     // Code sub-handlers are expected only in KeyedStoreICs.
-    on_code_handler = [=](TNode<Code> code_handler) {
+    on_code_handler = [=, this](TNode<Code> code_handler) {
       // This is either element store or transitioning element store.
       Label if_element_store(this), if_transitioning_element_store(this);
       Branch(IsStoreHandler0Map(LoadMap(handler)), &if_element_store,
@@ -1967,7 +1968,8 @@ void AccessorAssembler::HandleStoreICProtoHandler(
   TNode<Object> smi_handler = HandleProtoHandler<StoreHandler>(
       p, handler, on_code_handler,
       // on_found_on_lookup_start_object
-      [=](TNode<PropertyDictionary> properties, TNode<IntPtrT> name_index) {
+      [=, this](TNode<PropertyDictionary> properties,
+                TNode<IntPtrT> name_index) {
         TNode<Uint32T> details = LoadDetailsByKeyIndex(properties, name_index);
         // Check that the property is a writable data property (no accessor).
         const int kTypeAndReadOnlyMask =
@@ -2066,13 +2068,13 @@ void AccessorAssembler::HandleStoreICProtoHandler(
       TNode<MaybeObject> maybe_context = Select<MaybeObject>(
           IsSetWord32<StoreHandler::DoAccessCheckOnLookupStartObjectBits>(
               handler_word),
-          [=] { return LoadHandlerDataField(handler, 3); },
-          [=] { return LoadHandlerDataField(handler, 2); });
+          [=, this] { return LoadHandlerDataField(handler, 3); },
+          [=, this] { return LoadHandlerDataField(handler, 2); });
 
       CSA_DCHECK(this, IsWeakOrCleared(maybe_context));
       TNode<Object> context = Select<Object>(
-          IsCleared(maybe_context), [=] { return SmiConstant(0); },
-          [=] { return GetHeapObjectAssumeWeak(maybe_context); });
+          IsCleared(maybe_context), [=, this] { return SmiConstant(0); },
+          [=, this] { return GetHeapObjectAssumeWeak(maybe_context); });
 
       TVARIABLE(Object, api_holder, p->receiver());
       Label store(this);
@@ -2169,7 +2171,7 @@ void AccessorAssembler::HandleStoreICSmiHandlerCase(TNode<Word32T> handler_word,
   BIND(&if_tagged_field);
   {
     Comment("store tagged field");
-    HandleStoreFieldAndReturn(handler_word, holder, value, base::nullopt,
+    HandleStoreFieldAndReturn(handler_word, holder, value, std::nullopt,
                               Representation::Tagged(), miss);
   }
 
@@ -2179,7 +2181,7 @@ void AccessorAssembler::HandleStoreICSmiHandlerCase(TNode<Word32T> handler_word,
     CheckHeapObjectTypeMatchesDescriptor(handler_word, holder, value, miss);
 
     Comment("store heap object field");
-    HandleStoreFieldAndReturn(handler_word, holder, value, base::nullopt,
+    HandleStoreFieldAndReturn(handler_word, holder, value, std::nullopt,
                               Representation::HeapObject(), miss);
   }
 
@@ -2189,7 +2191,7 @@ void AccessorAssembler::HandleStoreICSmiHandlerCase(TNode<Word32T> handler_word,
     GotoIfNot(TaggedIsSmi(value), miss);
 
     Comment("store smi field");
-    HandleStoreFieldAndReturn(handler_word, holder, value, base::nullopt,
+    HandleStoreFieldAndReturn(handler_word, holder, value, std::nullopt,
                               Representation::Smi(), miss);
   }
 
@@ -2284,7 +2286,7 @@ void AccessorAssembler::GotoIfNotSameNumberBitPattern(TNode<Float64T> left,
 
 void AccessorAssembler::HandleStoreFieldAndReturn(
     TNode<Word32T> handler_word, TNode<JSObject> holder, TNode<Object> value,
-    base::Optional<TNode<Float64T>> double_value, Representation representation,
+    std::optional<TNode<Float64T>> double_value, Representation representation,
     Label* miss) {
   bool store_value_as_double = representation.IsDouble();
 
@@ -2741,7 +2743,7 @@ void AccessorAssembler::EmitElementLoad(
 }
 
 void AccessorAssembler::InvalidateValidityCellIfPrototype(
-    TNode<Map> map, base::Optional<TNode<Uint32T>> maybe_bitfield3) {
+    TNode<Map> map, std::optional<TNode<Uint32T>> maybe_bitfield3) {
   Label is_prototype(this), cont(this);
   TNode<Uint32T> bitfield3;
   if (maybe_bitfield3) {
@@ -3951,7 +3953,7 @@ void AccessorAssembler::StoreGlobalIC(const StoreICParameters* pp) {
       StoreICParameters p(
           pp->context(),
           LoadContextElement(native_context, Context::GLOBAL_PROXY_INDEX),
-          pp->name(), pp->value(), base::nullopt, pp->slot(), pp->vector(),
+          pp->name(), pp->value(), std::nullopt, pp->slot(), pp->vector(),
           StoreICMode::kDefault);
 
       HandleStoreICHandlerCase(&p, handler, &miss, ICMode::kGlobalIC);
@@ -4666,12 +4668,12 @@ void AccessorAssembler::GenerateEnumeratedKeyedLoadIC() {
 
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
-  auto enum_index = Parameter<TaggedIndex>(Descriptor::kEnumIndex);
+  auto enum_index = Parameter<Smi>(Descriptor::kEnumIndex);
   auto cache_type = Parameter<Object>(Descriptor::kCacheType);
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
-  auto lookup_start_object = base::nullopt;
+  auto lookup_start_object = std::nullopt;
 
   LoadICParameters p(context, receiver, name, slot, vector, lookup_start_object,
                      enum_index, cache_type);
@@ -4720,7 +4722,7 @@ void AccessorAssembler::GenerateEnumeratedKeyedLoadICBaseline() {
 
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
-  auto enum_index = Parameter<TaggedIndex>(Descriptor::kEnumIndex);
+  auto enum_index = Parameter<Smi>(Descriptor::kEnumIndex);
   auto cache_type = Parameter<Object>(Descriptor::kCacheType);
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   TNode<FeedbackVector> vector = LoadFeedbackVectorFromBaseline();
@@ -4762,11 +4764,11 @@ void AccessorAssembler::GenerateStoreGlobalIC() {
   auto name = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
 
-  StoreICParameters p(context, base::nullopt, name, value, flags, slot, vector,
+  StoreICParameters p(context, std::nullopt, name, value, flags, slot, vector,
                       StoreICMode::kDefault);
   StoreGlobalIC(&p);
 }
@@ -4801,7 +4803,7 @@ void AccessorAssembler::GenerateStoreIC() {
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -4817,7 +4819,7 @@ void AccessorAssembler::GenerateStoreIC_Megamorphic() {
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -4895,7 +4897,7 @@ void AccessorAssembler::GenerateDefineNamedOwnIC() {
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -4941,7 +4943,7 @@ void AccessorAssembler::GenerateKeyedStoreIC() {
   auto receiver = Parameter<Object>(Descriptor::kReceiver);
   auto name = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -5045,7 +5047,7 @@ void AccessorAssembler::GenerateStoreInArrayLiteralIC() {
   auto array = Parameter<Object>(Descriptor::kReceiver);
   auto index = Parameter<Object>(Descriptor::kName);
   auto value = Parameter<Object>(Descriptor::kValue);
-  auto flags = base::nullopt;
+  auto flags = std::nullopt;
   auto slot = Parameter<TaggedIndex>(Descriptor::kSlot);
   auto vector = Parameter<HeapObject>(Descriptor::kVector);
   auto context = Parameter<Context>(Descriptor::kContext);
@@ -5142,7 +5144,7 @@ void AccessorAssembler::GenerateCloneObjectIC_Slow() {
   // similar here?
   ForEachEnumerableOwnProperty(
       context, source_map, CAST(source), kPropertyAdditionOrder,
-      [=](TNode<Name> key, LazyNode<Object> value) {
+      [=, this](TNode<Name> key, LazyNode<Object> value) {
         CreateDataProperty(context, result, key, value());
       },
       &runtime_copy);
diff --git a/deps/v8/src/ic/accessor-assembler.h b/deps/v8/src/ic/accessor-assembler.h
index 414ee05ab55dd9..05fa108a70de73 100644
--- a/deps/v8/src/ic/accessor-assembler.h
+++ b/deps/v8/src/ic/accessor-assembler.h
@@ -5,7 +5,8 @@
 #ifndef V8_IC_ACCESSOR_ASSEMBLER_H_
 #define V8_IC_ACCESSOR_ASSEMBLER_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/codegen/code-stub-assembler.h"
 #include "src/compiler/code-assembler.h"
 #include "src/objects/dictionary.h"
@@ -109,9 +110,9 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
     LoadICParameters(
         TNode<Context> context, TNode<Object> receiver, TNode<Object> name,
         TNode<TaggedIndex> slot, TNode<HeapObject> vector,
-        base::Optional<TNode<Object>> lookup_start_object = base::nullopt,
-        base::Optional<TNode<TaggedIndex>> enum_index = base::nullopt,
-        base::Optional<TNode<Object>> cache_type = base::nullopt)
+        std::optional<TNode<Object>> lookup_start_object = std::nullopt,
+        std::optional<TNode<Smi>> enum_index = std::nullopt,
+        std::optional<TNode<Object>> cache_type = std::nullopt)
         : context_(context),
           receiver_(receiver),
           name_(name),
@@ -138,7 +139,7 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
     TNode<Object> lookup_start_object() const {
       return lookup_start_object_.value();
     }
-    TNode<TaggedIndex> enum_index() const { return *enum_index_; }
+    TNode<Smi> enum_index() const { return *enum_index_; }
     TNode<Object> cache_type() const { return *cache_type_; }
 
     // Usable in cases where the receiver and the lookup start object are
@@ -149,7 +150,7 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
       return receiver_;
     }
 
-    bool IsEnumeratedKeyedLoad() const { return enum_index_ != base::nullopt; }
+    bool IsEnumeratedKeyedLoad() const { return enum_index_ != std::nullopt; }
 
    private:
     TNode<Context> context_;
@@ -157,9 +158,9 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
     TNode<Object> name_;
     TNode<TaggedIndex> slot_;
     TNode<HeapObject> vector_;
-    base::Optional<TNode<Object>> lookup_start_object_;
-    base::Optional<TNode<TaggedIndex>> enum_index_;
-    base::Optional<TNode<Object>> cache_type_;
+    std::optional<TNode<Object>> lookup_start_object_;
+    std::optional<TNode<Smi>> enum_index_;
+    std::optional<TNode<Object>> cache_type_;
   };
 
   struct LazyLoadICParameters {
@@ -167,7 +168,7 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
         LazyNode<Context> context, TNode<Object> receiver,
         LazyNode<Object> name, LazyNode<TaggedIndex> slot,
         TNode<HeapObject> vector,
-        base::Optional<TNode<Object>> lookup_start_object = base::nullopt)
+        std::optional<TNode<Object>> lookup_start_object = std::nullopt)
         : context_(context),
           receiver_(receiver),
           name_(name),
@@ -233,10 +234,10 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
   };
   struct StoreICParameters {
     StoreICParameters(TNode<Context> context,
-                      base::Optional<TNode<Object>> receiver,
-                      TNode<Object> name, TNode<Object> value,
-                      base::Optional<TNode<Smi>> flags, TNode<TaggedIndex> slot,
-                      TNode<HeapObject> vector, StoreICMode mode)
+                      std::optional<TNode<Object>> receiver, TNode<Object> name,
+                      TNode<Object> value, std::optional<TNode<Smi>> flags,
+                      TNode<TaggedIndex> slot, TNode<HeapObject> vector,
+                      StoreICMode mode)
         : context_(context),
           receiver_(receiver),
           name_(name),
@@ -276,10 +277,10 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
 
    private:
     TNode<Context> context_;
-    base::Optional<TNode<Object>> receiver_;
+    std::optional<TNode<Object>> receiver_;
     TNode<Object> name_;
     TNode<Object> value_;
-    base::Optional<TNode<Smi>> flags_;
+    std::optional<TNode<Smi>> flags_;
     TNode<TaggedIndex> slot_;
     TNode<HeapObject> vector_;
     StoreICMode mode_;
@@ -311,7 +312,7 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
                           Label* readonly);
 
   void InvalidateValidityCellIfPrototype(
-      TNode<Map> map, base::Optional<TNode<Uint32T>> bitfield3 = base::nullopt);
+      TNode<Map> map, std::optional<TNode<Uint32T>> bitfield3 = std::nullopt);
 
   void OverwriteExistingFastDataProperty(TNode<HeapObject> object,
                                          TNode<Map> object_map,
@@ -511,7 +512,7 @@ class V8_EXPORT_PRIVATE AccessorAssembler : public CodeStubAssembler {
       TNode<JSObject> holder, TNode<Object> value);
   void HandleStoreFieldAndReturn(TNode<Word32T> handler_word,
                                  TNode<JSObject> holder, TNode<Object> value,
-                                 base::Optional<TNode<Float64T>> double_value,
+                                 std::optional<TNode<Float64T>> double_value,
                                  Representation representation, Label* miss);
 
   void CheckPrototypeValidityCell(TNode<Object> maybe_validity_cell,
diff --git a/deps/v8/src/ic/binary-op-assembler.cc b/deps/v8/src/ic/binary-op-assembler.cc
index 3b5f0fd42ff621..87dbfa868f3410 100644
--- a/deps/v8/src/ic/binary-op-assembler.cc
+++ b/deps/v8/src/ic/binary-op-assembler.cc
@@ -676,8 +676,8 @@ TNode<Object> BinaryOpAssembler::Generate_SubtractWithFeedback(
     const LazyNode<Context>& context, TNode<Object> lhs, TNode<Object> rhs,
     TNode<UintPtrT> slot_id, const LazyNode<HeapObject>& maybe_feedback_vector,
     UpdateFeedbackMode update_feedback_mode, bool rhs_known_smi) {
-  auto smiFunction = [=](TNode<Smi> lhs, TNode<Smi> rhs,
-                         TVariable<Smi>* var_type_feedback) {
+  auto smiFunction = [=, this](TNode<Smi> lhs, TNode<Smi> rhs,
+                               TVariable<Smi>* var_type_feedback) {
     Label end(this);
     TVARIABLE(Number, var_result);
     // If rhs is known to be an Smi (for SubSmi) we want to fast path Smi
@@ -700,7 +700,7 @@ TNode<Object> BinaryOpAssembler::Generate_SubtractWithFeedback(
     BIND(&end);
     return var_result.value();
   };
-  auto floatFunction = [=](TNode<Float64T> lhs, TNode<Float64T> rhs) {
+  auto floatFunction = [=, this](TNode<Float64T> lhs, TNode<Float64T> rhs) {
     return Float64Sub(lhs, rhs);
   };
   return Generate_BinaryOperationWithFeedback(
@@ -712,15 +712,15 @@ TNode<Object> BinaryOpAssembler::Generate_MultiplyWithFeedback(
     const LazyNode<Context>& context, TNode<Object> lhs, TNode<Object> rhs,
     TNode<UintPtrT> slot_id, const LazyNode<HeapObject>& maybe_feedback_vector,
     UpdateFeedbackMode update_feedback_mode, bool rhs_known_smi) {
-  auto smiFunction = [=](TNode<Smi> lhs, TNode<Smi> rhs,
-                         TVariable<Smi>* var_type_feedback) {
+  auto smiFunction = [=, this](TNode<Smi> lhs, TNode<Smi> rhs,
+                               TVariable<Smi>* var_type_feedback) {
     TNode<Number> result = SmiMul(lhs, rhs);
     *var_type_feedback = SelectSmiConstant(
         TaggedIsSmi(result), BinaryOperationFeedback::kSignedSmall,
         BinaryOperationFeedback::kNumber);
     return result;
   };
-  auto floatFunction = [=](TNode<Float64T> lhs, TNode<Float64T> rhs) {
+  auto floatFunction = [=, this](TNode<Float64T> lhs, TNode<Float64T> rhs) {
     return Float64Mul(lhs, rhs);
   };
   return Generate_BinaryOperationWithFeedback(
@@ -733,8 +733,8 @@ TNode<Object> BinaryOpAssembler::Generate_DivideWithFeedback(
     TNode<Object> divisor, TNode<UintPtrT> slot_id,
     const LazyNode<HeapObject>& maybe_feedback_vector,
     UpdateFeedbackMode update_feedback_mode, bool rhs_known_smi) {
-  auto smiFunction = [=](TNode<Smi> lhs, TNode<Smi> rhs,
-                         TVariable<Smi>* var_type_feedback) {
+  auto smiFunction = [=, this](TNode<Smi> lhs, TNode<Smi> rhs,
+                               TVariable<Smi>* var_type_feedback) {
     TVARIABLE(Object, var_result);
     // If rhs is known to be an Smi (for DivSmi) we want to fast path Smi
     // operation. For the normal Div operation, we want to fast path both
@@ -757,7 +757,7 @@ TNode<Object> BinaryOpAssembler::Generate_DivideWithFeedback(
     BIND(&end);
     return var_result.value();
   };
-  auto floatFunction = [=](TNode<Float64T> lhs, TNode<Float64T> rhs) {
+  auto floatFunction = [=, this](TNode<Float64T> lhs, TNode<Float64T> rhs) {
     return Float64Div(lhs, rhs);
   };
   return Generate_BinaryOperationWithFeedback(
@@ -770,15 +770,15 @@ TNode<Object> BinaryOpAssembler::Generate_ModulusWithFeedback(
     TNode<Object> divisor, TNode<UintPtrT> slot_id,
     const LazyNode<HeapObject>& maybe_feedback_vector,
     UpdateFeedbackMode update_feedback_mode, bool rhs_known_smi) {
-  auto smiFunction = [=](TNode<Smi> lhs, TNode<Smi> rhs,
-                         TVariable<Smi>* var_type_feedback) {
+  auto smiFunction = [=, this](TNode<Smi> lhs, TNode<Smi> rhs,
+                               TVariable<Smi>* var_type_feedback) {
     TNode<Number> result = SmiMod(lhs, rhs);
     *var_type_feedback = SelectSmiConstant(
         TaggedIsSmi(result), BinaryOperationFeedback::kSignedSmall,
         BinaryOperationFeedback::kNumber);
     return result;
   };
-  auto floatFunction = [=](TNode<Float64T> lhs, TNode<Float64T> rhs) {
+  auto floatFunction = [=, this](TNode<Float64T> lhs, TNode<Float64T> rhs) {
     return Float64Mod(lhs, rhs);
   };
   return Generate_BinaryOperationWithFeedback(
@@ -791,13 +791,14 @@ TNode<Object> BinaryOpAssembler::Generate_ExponentiateWithFeedback(
     TNode<Object> exponent, TNode<UintPtrT> slot_id,
     const LazyNode<HeapObject>& maybe_feedback_vector,
     UpdateFeedbackMode update_feedback_mode, bool rhs_known_smi) {
-  auto smiFunction = [=](TNode<Smi> base, TNode<Smi> exponent,
-                         TVariable<Smi>* var_type_feedback) {
+  auto smiFunction = [=, this](TNode<Smi> base, TNode<Smi> exponent,
+                               TVariable<Smi>* var_type_feedback) {
     *var_type_feedback = SmiConstant(BinaryOperationFeedback::kNumber);
     return AllocateHeapNumberWithValue(
         Float64Pow(SmiToFloat64(base), SmiToFloat64(exponent)));
   };
-  auto floatFunction = [=](TNode<Float64T> base, TNode<Float64T> exponent) {
+  auto floatFunction = [=, this](TNode<Float64T> base,
+                                 TNode<Float64T> exponent) {
     return Float64Pow(base, exponent);
   };
   return Generate_BinaryOperationWithFeedback(
diff --git a/deps/v8/src/ic/call-optimization.cc b/deps/v8/src/ic/call-optimization.cc
index 78dd028f276b14..99a672b3824c19 100644
--- a/deps/v8/src/ic/call-optimization.cc
+++ b/deps/v8/src/ic/call-optimization.cc
@@ -3,6 +3,9 @@
 // found in the LICENSE file.
 
 #include "src/ic/call-optimization.h"
+
+#include <optional>
+
 #include "src/objects/objects-inl.h"
 
 namespace v8 {
@@ -23,7 +26,7 @@ template CallOptimization::CallOptimization(Isolate* isolate,
 template CallOptimization::CallOptimization(LocalIsolate* isolate,
                                             Handle<Object> function);
 
-base::Optional<Tagged<NativeContext>> CallOptimization::GetAccessorContext(
+std::optional<Tagged<NativeContext>> CallOptimization::GetAccessorContext(
     Tagged<Map> holder_map) const {
   if (is_constant_call()) {
     return constant_function_->native_context();
@@ -42,7 +45,7 @@ bool CallOptimization::IsCrossContextLazyAccessorPair(
     Tagged<NativeContext> native_context, Tagged<Map> holder_map) const {
   DCHECK(IsNativeContext(native_context));
   if (is_constant_call()) return false;
-  base::Optional<Tagged<NativeContext>> maybe_context =
+  std::optional<Tagged<NativeContext>> maybe_context =
       GetAccessorContext(holder_map);
   if (!maybe_context.has_value()) {
     // The holder is a remote object which doesn't have a creation context.
diff --git a/deps/v8/src/ic/call-optimization.h b/deps/v8/src/ic/call-optimization.h
index cd58914d29ed23..caffd99e94a519 100644
--- a/deps/v8/src/ic/call-optimization.h
+++ b/deps/v8/src/ic/call-optimization.h
@@ -5,6 +5,8 @@
 #ifndef V8_IC_CALL_OPTIMIZATION_H_
 #define V8_IC_CALL_OPTIMIZATION_H_
 
+#include <optional>
+
 #include "src/api/api-arguments.h"
 #include "src/objects/objects.h"
 
@@ -21,7 +23,7 @@ class CallOptimization {
   // If the holder is a remote object returns empty optional.
   // This method must not be called for holder maps with null constructor
   // because they can't be holders for lazy accessor pairs anyway.
-  base::Optional<Tagged<NativeContext>> GetAccessorContext(
+  std::optional<Tagged<NativeContext>> GetAccessorContext(
       Tagged<Map> holder_map) const;
 
   // Return true if the accessor context for given holder doesn't match
diff --git a/deps/v8/src/ic/ic.cc b/deps/v8/src/ic/ic.cc
index f97d3a7d6d0d59..c448691da87d9a 100644
--- a/deps/v8/src/ic/ic.cc
+++ b/deps/v8/src/ic/ic.cc
@@ -4,10 +4,11 @@
 
 #include "src/ic/ic.h"
 
+#include <optional>
+
 #include "src/api/api-arguments-inl.h"
 #include "src/ast/ast.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/builtins/accessors.h"
 #include "src/common/assert-scope.h"
 #include "src/common/globals.h"
@@ -202,7 +203,7 @@ IC::IC(Isolate* isolate, Handle<FeedbackVector> vector, FeedbackSlot slot,
       kind_(kind),
       target_maps_set_(false),
       slow_stub_reason_(nullptr),
-      nexus_(vector, slot) {
+      nexus_(isolate, vector, slot) {
   DCHECK_IMPLIES(!vector.is_null(), kind_ == nexus_.kind());
   state_ = (vector.is_null()) ? NO_FEEDBACK : nexus_.ic_state();
   old_state_ = state_;
@@ -338,7 +339,7 @@ namespace {
 
 bool MigrateDeprecated(Isolate* isolate, Handle<Object> object) {
   if (!IsJSObject(*object)) return false;
-  Handle<JSObject> receiver = Cast<JSObject>(object);
+  DirectHandle<JSObject> receiver = Cast<JSObject>(object);
   if (!receiver->map()->is_deprecated()) return false;
   JSObject::MigrateInstance(isolate, receiver);
   return true;
@@ -375,7 +376,7 @@ void IC::ConfigureVectorState(Handle<Name> name, DirectHandle<Map> map,
   OnFeedbackChanged(IsLoadGlobalIC() ? "LoadGlobal" : "Monomorphic");
 }
 
-void IC::ConfigureVectorState(Handle<Name> name, MapHandles const& maps,
+void IC::ConfigureVectorState(Handle<Name> name, MapHandlesSpan maps,
                               MaybeObjectHandles* handlers) {
   DCHECK(!IsGlobalIC());
   std::vector<MapAndHandler> maps_and_handlers;
@@ -563,7 +564,7 @@ bool AddOneReceiverMapIfMissing(
 Handle<NativeContext> GetAccessorContext(
     const CallOptimization& call_optimization, Tagged<Map> holder_map,
     Isolate* isolate) {
-  base::Optional<Tagged<NativeContext>> maybe_context =
+  std::optional<Tagged<NativeContext>> maybe_context =
       call_optimization.GetAccessorContext(holder_map);
 
   // Holders which are remote objects are not expected in the IC system.
@@ -741,10 +742,9 @@ bool IC::IsTransitionOfMonomorphicTarget(Tagged<Map> source_map,
       source_map->elements_kind(), target_elements_kind);
   Tagged<Map> transitioned_map;
   if (more_general_transition) {
-    MapHandles map_list;
-    map_list.push_back(handle(target_map, isolate_));
+    Handle<Map> single_map[1] = {handle(target_map, isolate_)};
     transitioned_map = source_map->FindElementsKindTransitionedMap(
-        isolate(), map_list, ConcurrencyMode::kSynchronous);
+        isolate(), single_map, ConcurrencyMode::kSynchronous);
   }
   return transitioned_map == target_map;
 }
@@ -1099,7 +1099,7 @@ MaybeObjectHandle LoadIC::ComputeHandler(LookupIterator* lookup) {
         DCHECK_IMPLIES(!V8_DICT_PROPERTY_CONST_TRACKING_BOOL,
                        !lookup->is_dictionary_holder());
 
-        Handle<Object> value = lookup->GetDataValue();
+        DirectHandle<Object> value = lookup->GetDataValue();
 
         if (IsThinString(*value)) {
           value = handle(Cast<ThinString>(*value)->actual(), isolate());
@@ -1246,7 +1246,10 @@ void KeyedLoadIC::UpdateLoadElement(Handle<HeapObject> receiver,
   } else if (target_receiver_maps.size() == 1) {
     ConfigureVectorState(Handle<Name>(), target_receiver_maps[0], handlers[0]);
   } else {
-    ConfigureVectorState(Handle<Name>(), target_receiver_maps, &handlers);
+    ConfigureVectorState(Handle<Name>(),
+                         MapHandlesSpan(target_receiver_maps.begin(),
+                                        target_receiver_maps.end()),
+                         &handlers);
   }
 }
 
@@ -1445,7 +1448,9 @@ void KeyedLoadIC::LoadElementPolymorphicHandlers(
     // generate an elements kind transition for this kind of receivers.
     if (receiver_map->is_stable()) {
       Tagged<Map> tmap = receiver_map->FindElementsKindTransitionedMap(
-          isolate(), *receiver_maps, ConcurrencyMode::kSynchronous);
+          isolate(),
+          MapHandlesSpan(receiver_maps->begin(), receiver_maps->end()),
+          ConcurrencyMode::kSynchronous);
       if (!tmap.is_null()) {
         receiver_map->NotifyLeafMapLayoutChange(isolate());
       }
@@ -1552,7 +1557,7 @@ MaybeHandle<Object> KeyedLoadIC::RuntimeLoad(Handle<Object> object,
 }
 
 MaybeHandle<Object> KeyedLoadIC::LoadName(Handle<Object> object,
-                                          Handle<Object> key,
+                                          DirectHandle<Object> key,
                                           Handle<Name> name) {
   Handle<Object> load_handle;
   ASSIGN_RETURN_ON_EXCEPTION(isolate(), load_handle,
@@ -1602,7 +1607,7 @@ MaybeHandle<Object> KeyedLoadIC::Load(Handle<Object> object,
   return result;
 }
 
-bool StoreIC::LookupForWrite(LookupIterator* it, Handle<Object> value,
+bool StoreIC::LookupForWrite(LookupIterator* it, DirectHandle<Object> value,
                              StoreOrigin store_origin) {
   // Disable ICs for non-JSObjects for now.
   Handle<Object> object = it->GetReceiver();
@@ -1946,7 +1951,7 @@ MaybeHandle<Object> StoreIC::Store(Handle<Object> object, Handle<Name> name,
   return value;
 }
 
-void StoreIC::UpdateCaches(LookupIterator* lookup, Handle<Object> value,
+void StoreIC::UpdateCaches(LookupIterator* lookup, DirectHandle<Object> value,
                            StoreOrigin store_origin) {
   MaybeObjectHandle handler;
   if (LookupForWrite(lookup, value, store_origin)) {
@@ -2242,7 +2247,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,
       &target_maps_and_handlers,
       [this](Handle<Map> map) { return Map::TryUpdate(isolate(), map); });
   if (target_maps_and_handlers.empty()) {
-    Handle<Map> monomorphic_map = receiver_map;
+    DirectHandle<Map> monomorphic_map = receiver_map;
     // If we transitioned to a map that is a more general map than incoming
     // then use the new map.
     if (IsTransitionOfMonomorphicTarget(*receiver_map, *new_receiver_map)) {
@@ -2268,7 +2273,7 @@ void KeyedStoreIC::UpdateStoreElement(Handle<Map> receiver_map,
   KeyedAccessStoreMode old_store_mode = GetKeyedAccessStoreMode();
   Handle<Map> previous_receiver_map = target_maps_and_handlers.at(0).first;
   if (state() == MONOMORPHIC) {
-    Handle<Map> transitioned_receiver_map = new_receiver_map;
+    DirectHandle<Map> transitioned_receiver_map = new_receiver_map;
     if (IsTransitionOfMonomorphicTarget(*previous_receiver_map,
                                         *transitioned_receiver_map)) {
       // If the "old" and "new" maps are in the same elements map family, or
@@ -2474,7 +2479,9 @@ void KeyedStoreIC::StoreElementPolymorphicHandlers(
     } else {
       {
         Tagged<Map> tmap = receiver_map->FindElementsKindTransitionedMap(
-            isolate(), receiver_maps, ConcurrencyMode::kSynchronous);
+            isolate(),
+            MapHandlesSpan(receiver_maps.begin(), receiver_maps.end()),
+            ConcurrencyMode::kSynchronous);
         if (!tmap.is_null()) {
           if (receiver_map->is_stable()) {
             receiver_map->NotifyLeafMapLayoutChange(isolate());
@@ -3369,6 +3376,7 @@ bool CanFastCloneObjectToObjectLiteral(DirectHandle<Map> source_map,
     // shrink or grow the already given object. We also exclude a different
     // start offset, since this doesn't allow us to change the object in-place
     // in a GC safe way.
+    DCHECK_EQ(*override_map, isolate->object_function()->initial_map());
     DCHECK(override_map->instance_type() == JS_OBJECT_TYPE);
     DCHECK_EQ(override_map->NumberOfOwnDescriptors(), 0);
     DCHECK(!override_map->IsInobjectSlackTrackingInProgress());
@@ -3434,7 +3442,19 @@ bool CanFastCloneObjectToObjectLiteral(DirectHandle<Map> source_map,
     // map is deprecated.
     DCHECK(!IsNone(type));
     DCHECK(!IsNone(target_type));
-    if (CanCacheCloneTargetMapTransition(source_map, target_map,
+    // With move_prototype_transitions_first enabled field updates don't
+    // generalize across prototype transitions, because the transitions happen
+    // on root maps (i.e., before any field is added). In other words we cannot
+    // rely on changes in the source map propagating to the target map when
+    // there is a SetPrototype involved. NB, technically without
+    // move_prototype_transitions_first we also don't update field types across
+    // prototype transitions, however we preemptively generalize all fields of
+    // prototype transition target maps.
+    bool prototype_transition_is_shortcutted =
+        v8_flags.move_prototype_transitions_first &&
+        source_map->prototype() != target_map->prototype();
+    if (!prototype_transition_is_shortcutted &&
+        CanCacheCloneTargetMapTransition(source_map, target_map,
                                          null_proto_literal, isolate)) {
       if (!details.representation().fits_into(
               target_details.representation()) ||
@@ -3508,97 +3528,125 @@ RUNTIME_FUNCTION(Runtime_CloneObjectIC_Slow) {
 
 namespace {
 
-std::optional<Tagged<Map>> GetCloneTargetMap(Isolate* isolate,
-                                             DirectHandle<Map> source_map,
-                                             DirectHandle<Map> override_map,
-                                             Handle<Symbol> name) {
+template <SideStepTransition::Kind kind>
+Tagged<Object> GetCloneTargetMap(Isolate* isolate, DirectHandle<Map> source_map,
+                                 DirectHandle<Map> override_map) {
+  static_assert(kind == SideStepTransition::Kind::kObjectAssign ||
+                kind == SideStepTransition::Kind::kCloneObject);
   if (!v8_flags.clone_object_sidestep_transitions) return {};
-  ReadOnlyRoots roots(isolate);
-  auto maybe_target =
-      TransitionsAccessor(isolate, *source_map).SearchSpecial(*name);
+  Tagged<Object> result = SideStepTransition::Empty;
+  TransitionsAccessor transitions(isolate, *source_map);
+  if (transitions.HasSideStepTransitions()) {
+    result = transitions.GetSideStepTransition(kind);
+    if (result.IsHeapObject()) {
+      // Exclude deprecated maps.
+      bool is_valid = !Cast<Map>(result.GetHeapObject())->is_deprecated();
+      // In the case of object assign we need to check the prototype validity
+      // cell on the override map. If the override map changed we cannot assume
+      // that it is correct to set all properties without any getter/setter in
+      // the prototype chain interfering.
+      if constexpr (kind == SideStepTransition::Kind::kObjectAssign) {
+        if (is_valid) {
+          DCHECK_EQ(*override_map, isolate->object_function()->initial_map());
+          Tagged<Object> validity_cell = transitions.GetSideStepTransition(
+              SideStepTransition::Kind::kObjectAssignValidityCell);
+          is_valid = validity_cell.IsHeapObject() &&
+                     Cast<Cell>(validity_cell)->value().ToSmi().value() ==
+                         Map::kPrototypeChainValid;
+        }
+      }
+      if (V8_UNLIKELY(!is_valid)) {
+        result = SideStepTransition::Empty;
+      }
+    }
+  }
 #ifdef DEBUG
   FastCloneObjectMode clone_mode =
       GetCloneModeForMap(source_map, false, isolate);
-  if (maybe_target) {
-    if (maybe_target->is_null()) {
-      switch (clone_mode) {
-        case FastCloneObjectMode::kNotSupported:
-        case FastCloneObjectMode::kDifferentMap:
-          break;
-        case FastCloneObjectMode::kEmptyObject:
-        case FastCloneObjectMode::kIdenticalMap:
-          DCHECK_EQ(
-              *name,
-              ReadOnlyRoots(isolate).object_assign_clone_transition_symbol());
-          break;
-      }
-    } else {
-      switch (clone_mode) {
-        case FastCloneObjectMode::kIdenticalMap:
-          if (*name ==
-              ReadOnlyRoots(isolate).clone_object_ic_transition_symbol()) {
-            DCHECK_EQ(*source_map, *maybe_target);
-            break;
-          }
-          DCHECK_EQ(
-              *name,
-              ReadOnlyRoots(isolate).object_assign_clone_transition_symbol());
-          [[fallthrough]];
-        case FastCloneObjectMode::kDifferentMap:
-          if ((*maybe_target)->is_deprecated()) break;
-          DCHECK(CanFastCloneObjectToObjectLiteral(
-              source_map, handle(*maybe_target, isolate), override_map, false,
-              isolate));
+  if (result == SideStepTransition::Unreachable) {
+    switch (clone_mode) {
+      case FastCloneObjectMode::kNotSupported:
+      case FastCloneObjectMode::kDifferentMap:
+        break;
+      case FastCloneObjectMode::kEmptyObject:
+      case FastCloneObjectMode::kIdenticalMap:
+        DCHECK_EQ(kind, SideStepTransition::Kind::kObjectAssign);
+        break;
+    }
+  } else if (result != SideStepTransition::Empty) {
+    Tagged<Map> target = Cast<Map>(result.GetHeapObject());
+    switch (clone_mode) {
+      case FastCloneObjectMode::kIdenticalMap:
+        if (kind == SideStepTransition::Kind::kCloneObject) {
+          DCHECK_EQ(*source_map, target);
           break;
-        default:
-          UNREACHABLE();
-      }
+        }
+        DCHECK_EQ(kind, SideStepTransition::Kind::kObjectAssign);
+        [[fallthrough]];
+      case FastCloneObjectMode::kDifferentMap:
+        DCHECK(CanFastCloneObjectToObjectLiteral(
+            source_map, handle(target, isolate), override_map, false, isolate));
+        break;
+      default:
+        UNREACHABLE();
     }
+  } else {
+    DCHECK_EQ(result, SideStepTransition::Empty);
   }
 #endif  // DEBUG
-  return maybe_target;
+  return result;
 }
 
+template <SideStepTransition::Kind kind>
 void SetCloneTargetMap(Isolate* isolate, Handle<Map> source_map,
                        DirectHandle<Map> new_target_map,
-                       DirectHandle<Map> override_map, Handle<Symbol> name) {
+                       DirectHandle<Map> override_map) {
   if (!v8_flags.clone_object_sidestep_transitions) return;
   DCHECK(CanCacheCloneTargetMapTransition(source_map, new_target_map, false,
                                           isolate));
+  DCHECK_EQ(GetCloneTargetMap<kind>(isolate, source_map, override_map),
+            SideStepTransition::Empty);
+  DCHECK(!new_target_map->is_deprecated());
+
   // Adding this transition also ensures that when the source map field
   // generalizes, we also generalize the target map.
-#ifdef DEBUG
-  std::optional<Tagged<Map>> cur =
-      GetCloneTargetMap(isolate, source_map, override_map, name);
-  DCHECK(!cur || (*cur)->is_deprecated());
-#endif  // DEBUG
   DCHECK(IsSmiOrObjectElementsKind(new_target_map->elements_kind()));
-  TransitionsAccessor::Insert(isolate, source_map, name, new_target_map,
-                              TransitionKindFlag::SPECIAL_TRANSITION);
-#ifdef DEBUG
-  cur = GetCloneTargetMap(isolate, source_map, override_map, name);
-  DCHECK(cur);
-  DCHECK_EQ(*cur, *new_target_map);
-#endif  // DEBUG
+
+  constexpr bool need_validity_cell =
+      kind == SideStepTransition::Kind::kObjectAssign;
+  DirectHandle<Cell> validity_cell;
+  if constexpr (need_validity_cell) {
+    // Since we only clone into empty object literals we only need one validity
+    // cell on that prototype chain.
+    DCHECK_EQ(*override_map, isolate->object_function()->initial_map());
+    validity_cell = Cast<Cell>(
+        Map::GetOrCreatePrototypeChainValidityCell(override_map, isolate));
+  }
+  TransitionsAccessor::EnsureHasSideStepTransitions(isolate, source_map);
+  TransitionsAccessor transitions(isolate, *source_map);
+  transitions.SetSideStepTransition(kind, *new_target_map);
+  if constexpr (need_validity_cell) {
+    transitions.SetSideStepTransition(
+        SideStepTransition::Kind::kObjectAssignValidityCell, *validity_cell);
+  }
+  DCHECK_EQ(GetCloneTargetMap<kind>(isolate, source_map, override_map),
+            *new_target_map);
 }
 
+template <SideStepTransition::Kind kind>
 void SetCloneTargetMapUnsupported(Isolate* isolate, Handle<Map> source_map,
-                                  DirectHandle<Map> override_map,
-                                  Handle<Symbol> name) {
+                                  DirectHandle<Map> override_map) {
   if (!v8_flags.clone_object_sidestep_transitions) return;
+  DCHECK_EQ(GetCloneTargetMap<kind>(isolate, source_map, override_map),
+            SideStepTransition::Empty);
   DCHECK(CanCacheCloneTargetMapTransition(source_map, {}, false, isolate));
   // Adding this transition also ensures that when the source map field
   // generalizes, we also generalize the target map.
-#ifdef DEBUG
-  std::optional<Tagged<Map>> cur =
-      GetCloneTargetMap(isolate, source_map, override_map, name);
-  DCHECK(!cur || (*cur)->is_deprecated());
-#endif  // DEBUG
-  TransitionsAccessor::InsertNoneSentinel(isolate, source_map, name);
-#ifdef DEBUG
-  cur = GetCloneTargetMap(isolate, source_map, override_map, name);
-  DCHECK(cur && cur->is_null());
-#endif  // DEBUG
+  TransitionsAccessor::EnsureHasSideStepTransitions(isolate, source_map);
+  TransitionsAccessor(isolate, *source_map)
+      .SetSideStepTransition(kind, SideStepTransition::Unreachable);
+  DCHECK_EQ(GetCloneTargetMap<kind>(isolate, source_map, override_map),
+            SideStepTransition::Unreachable);
 }
 
 }  // namespace
@@ -3611,11 +3659,11 @@ RUNTIME_FUNCTION(Runtime_CloneObjectIC_Miss) {
 
   if (!MigrateDeprecated(isolate, source)) {
     Handle<HeapObject> maybe_vector = args.at<HeapObject>(3);
-    base::Optional<FeedbackNexus> nexus;
+    std::optional<FeedbackNexus> nexus;
     if (IsFeedbackVector(*maybe_vector)) {
       int index = args.tagged_index_value_at(2);
       FeedbackSlot slot = FeedbackVector::ToSlot(index);
-      nexus.emplace(Cast<FeedbackVector>(maybe_vector), slot);
+      nexus.emplace(isolate, Cast<FeedbackVector>(maybe_vector), slot);
     }
     if (!IsSmi(*source) && (!nexus || !nexus->IsMegamorphic())) {
       bool null_proto_literal = flags & ObjectLiteral::kHasNullPrototype;
@@ -3632,16 +3680,16 @@ RUNTIME_FUNCTION(Runtime_CloneObjectIC_Miss) {
         ReadOnlyRoots roots(isolate);
         bool unsupported = false;
         if (!null_proto_literal) {
-          if (auto maybe_target = GetCloneTargetMap(
-                  isolate, source_map, {},
-                  roots.clone_object_ic_transition_symbol_handle())) {
-            if (maybe_target->is_null()) {
-              unsupported = true;
-            } else if (!(*maybe_target)->is_deprecated()) {
-              Handle<Map> target = handle(*maybe_target, isolate);
-              UpdateNexus(target);
-              return *target;
-            }
+          auto maybe_target =
+              GetCloneTargetMap<SideStepTransition::Kind::kCloneObject>(
+                  isolate, source_map, {});
+          if (maybe_target == SideStepTransition::Unreachable) {
+            unsupported = true;
+          } else if (maybe_target != SideStepTransition::Empty) {
+            Handle<Map> target =
+                handle(Cast<Map>(maybe_target.GetHeapObject()), isolate);
+            UpdateNexus(target);
+            return *target;
           }
         }
 
@@ -3653,8 +3701,8 @@ RUNTIME_FUNCTION(Runtime_CloneObjectIC_Miss) {
           UpdateNexus(target_map);
           if (CanCacheCloneTargetMapTransition(source_map, target_map,
                                                null_proto_literal, isolate)) {
-            SetCloneTargetMap(isolate, source_map, target_map, {},
-                              roots.clone_object_ic_transition_symbol_handle());
+            SetCloneTargetMap<SideStepTransition::Kind::kCloneObject>(
+                isolate, source_map, target_map, {});
           }
         };
         switch (clone_mode) {
@@ -3687,9 +3735,9 @@ RUNTIME_FUNCTION(Runtime_CloneObjectIC_Miss) {
             } else {
               if (CanCacheCloneTargetMapTransition(
                       source_map, {}, null_proto_literal, isolate)) {
-                SetCloneTargetMapUnsupported(
-                    isolate, source_map, {},
-                    roots.clone_object_ic_transition_symbol_handle());
+                SetCloneTargetMapUnsupported<
+                    SideStepTransition::Kind::kCloneObject>(isolate, source_map,
+                                                            {});
               }
               if (nexus) {
                 nexus->ConfigureMegamorphic();
@@ -3738,20 +3786,47 @@ RUNTIME_FUNCTION(Runtime_StoreCallbackProperty) {
 
 namespace {
 
-bool MaybeCanCloneObjectForObjectAssign(Handle<Map> source_map,
+bool MaybeCanCloneObjectForObjectAssign(Handle<JSReceiver> source,
+                                        DirectHandle<Map> source_map,
+                                        Handle<JSReceiver> target,
                                         Isolate* isolate) {
   FastCloneObjectMode clone_mode =
       GetCloneModeForMap(source_map, false, isolate);
   switch (clone_mode) {
     case FastCloneObjectMode::kIdenticalMap:
     case FastCloneObjectMode::kDifferentMap:
-      return true;
+      break;
     case FastCloneObjectMode::kNotSupported:
       return false;
     case FastCloneObjectMode::kEmptyObject:
       // Cannot happen since we should only be called with JSObjects.
       UNREACHABLE();
   }
+
+  // We need to be sure that there are no setters or other nastiness installed
+  // on the Object.prototype which clash with the properties we intende to copy.
+  Handle<FixedArray> keys;
+  auto res =
+      KeyAccumulator::GetKeys(isolate, source, KeyCollectionMode::kOwnOnly,
+                              ONLY_ENUMERABLE, GetKeysConversion::kKeepNumbers);
+  CHECK(res.ToHandle(&keys));
+  for (int i = 0; i < keys->length(); ++i) {
+    Handle<Object> next_key(keys->get(i), isolate);
+    PropertyKey key(isolate, next_key);
+    LookupIterator it(isolate, target, key);
+    switch (it.state()) {
+      case LookupIterator::NOT_FOUND:
+        break;
+      case LookupIterator::DATA:
+        if (it.property_attributes() & PropertyAttributes::READ_ONLY) {
+          return false;
+        }
+        break;
+      default:
+        return false;
+    }
+  }
+  return true;
 }
 
 }  // namespace
@@ -3763,14 +3838,14 @@ bool MaybeCanCloneObjectForObjectAssign(Handle<Map> source_map,
 RUNTIME_FUNCTION(Runtime_ObjectAssignTryFastcase) {
   HandleScope scope(isolate);
   DCHECK_EQ(2, args.length());
-  auto source = Cast<HeapObject>(args.at(0));
+  auto source = Cast<JSReceiver>(args.at(0));
   auto target = Cast<JSReceiver>(args.at(1));
   DCHECK(IsJSObject(*source));
   DCHECK(IsJSObject(*target));
 
   Handle<Map> source_map = handle(source->map(), isolate);
-
   Handle<Map> target_map = handle(target->map(), isolate);
+
   DCHECK_EQ(target_map->NumberOfOwnDescriptors(), 0);
   DCHECK(!source_map->is_dictionary_map());
   DCHECK(!target_map->is_dictionary_map());
@@ -3781,29 +3856,26 @@ RUNTIME_FUNCTION(Runtime_ObjectAssignTryFastcase) {
 
   ReadOnlyRoots roots(isolate);
   {
-    std::optional<Tagged<Map>> maybe_clone_target =
-        GetCloneTargetMap(isolate, source_map, target_map,
-                          roots.object_assign_clone_transition_symbol_handle());
-    if (V8_LIKELY(maybe_clone_target)) {
-      if (maybe_clone_target->is_null()) {
-        return roots.undefined_value();
-      } else if (!(*maybe_clone_target)->is_deprecated()) {
-        return *maybe_clone_target;
-      }
+    Tagged<Object> maybe_clone_target =
+        GetCloneTargetMap<SideStepTransition::Kind::kObjectAssign>(
+            isolate, source_map, target_map);
+    if (maybe_clone_target == SideStepTransition::Unreachable) {
+      return roots.undefined_value();
+    } else if (maybe_clone_target != SideStepTransition::Empty) {
+      return Cast<Map>(maybe_clone_target.GetHeapObject());
     }
   }
 
   auto UpdateCache = [&](Handle<Map> clone_target_map) {
     if (CanCacheCloneTargetMapTransition(source_map, clone_target_map, false,
                                          isolate)) {
-      SetCloneTargetMap(isolate, source_map, clone_target_map, target_map,
-                        roots.object_assign_clone_transition_symbol_handle());
+      SetCloneTargetMap<SideStepTransition::Kind::kObjectAssign>(
+          isolate, source_map, clone_target_map, target_map);
     }
   };
   auto UpdateCacheNotClonable = [&]() {
-    SetCloneTargetMapUnsupported(
-        isolate, source_map, target_map,
-        roots.object_assign_clone_transition_symbol_handle());
+    SetCloneTargetMapUnsupported<SideStepTransition::Kind::kObjectAssign>(
+        isolate, source_map, target_map);
   };
 
   // In case we are still slack tracking let's defer a decision. The fast case
@@ -3813,7 +3885,8 @@ RUNTIME_FUNCTION(Runtime_ObjectAssignTryFastcase) {
     return roots.undefined_value();
   }
 
-  if (MaybeCanCloneObjectForObjectAssign(source_map, isolate)) {
+  if (MaybeCanCloneObjectForObjectAssign(source, source_map, target, isolate)) {
+    CHECK(target->map()->OnlyHasSimpleProperties());
     Maybe<bool> res = JSReceiver::SetOrCopyDataProperties(
         isolate, target, source, PropertiesEnumerationMode::kEnumerationOrder);
     DCHECK(res.FromJust());
@@ -3824,6 +3897,7 @@ RUNTIME_FUNCTION(Runtime_ObjectAssignTryFastcase) {
     }
     if (CanFastCloneObjectToObjectLiteral(source_map, clone_target_map,
                                           target_map, false, isolate)) {
+      CHECK(target->map()->OnlyHasSimpleProperties());
       UpdateCache(clone_target_map);
     } else {
       UpdateCacheNotClonable();
@@ -3908,7 +3982,7 @@ RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) {
 
   // TODO(ishell): Cache interceptor_holder in the store handler like we do
   // for LoadHandler::kInterceptor case.
-  Handle<JSObject> interceptor_holder = receiver;
+  DirectHandle<JSObject> interceptor_holder = receiver;
   if (IsJSGlobalProxy(*receiver) &&
       (!receiver->HasNamedInterceptor() ||
        receiver->GetNamedInterceptor()->non_masking())) {
@@ -3950,7 +4024,7 @@ RUNTIME_FUNCTION(Runtime_StorePropertyWithInterceptor) {
 
   LookupIterator it(isolate, receiver, name, receiver);
   // Skip past any access check on the receiver.
-  if (it.state() == LookupIterator::ACCESS_CHECK) {
+  while (it.state() == LookupIterator::ACCESS_CHECK) {
     DCHECK(it.HasAccess());
     it.Next();
   }
diff --git a/deps/v8/src/ic/ic.h b/deps/v8/src/ic/ic.h
index 3d182a681c03ad..efb43ce27888a4 100644
--- a/deps/v8/src/ic/ic.h
+++ b/deps/v8/src/ic/ic.h
@@ -88,7 +88,7 @@ class IC {
   void ConfigureVectorState(Handle<Name> name, DirectHandle<Map> map,
                             const MaybeObjectHandle& handler);
   // Configure the vector for POLYMORPHIC.
-  void ConfigureVectorState(Handle<Name> name, MapHandles const& maps,
+  void ConfigureVectorState(Handle<Name> name, MapHandlesSpan maps,
                             MaybeObjectHandles* handlers);
   void ConfigureVectorState(
       Handle<Name> name, std::vector<MapAndHandler> const& maps_and_handlers);
@@ -236,7 +236,7 @@ class KeyedLoadIC : public LoadIC {
       Handle<Object> object, Handle<Object> key, bool* is_found = nullptr);
 
   V8_WARN_UNUSED_RESULT MaybeHandle<Object> LoadName(Handle<Object> object,
-                                                     Handle<Object> key,
+                                                     DirectHandle<Object> key,
                                                      Handle<Name> name);
 
   // receiver is HeapObject because it could be a String or a JSObject
@@ -269,14 +269,14 @@ class StoreIC : public IC {
       Handle<Object> object, Handle<Name> name, Handle<Object> value,
       StoreOrigin store_origin = StoreOrigin::kNamed);
 
-  bool LookupForWrite(LookupIterator* it, Handle<Object> value,
+  bool LookupForWrite(LookupIterator* it, DirectHandle<Object> value,
                       StoreOrigin store_origin);
 
  protected:
   // Stub accessors.
   // Update the inline cache and the global stub cache based on the
   // lookup result.
-  void UpdateCaches(LookupIterator* lookup, Handle<Object> value,
+  void UpdateCaches(LookupIterator* lookup, DirectHandle<Object> value,
                     StoreOrigin store_origin);
 
  private:
diff --git a/deps/v8/src/ic/keyed-store-generic.cc b/deps/v8/src/ic/keyed-store-generic.cc
index a8a6e610291f0a..c9ad42b8b9ecc0 100644
--- a/deps/v8/src/ic/keyed-store-generic.cc
+++ b/deps/v8/src/ic/keyed-store-generic.cc
@@ -4,6 +4,8 @@
 
 #include "src/ic/keyed-store-generic.h"
 
+#include <optional>
+
 #include "src/codegen/code-factory.h"
 #include "src/codegen/code-stub-assembler-inl.h"
 #include "src/codegen/interface-descriptors.h"
@@ -1181,7 +1183,7 @@ void KeyedStoreGenericAssembler::KeyedStoreGeneric(
   {
     Comment("key is unique name");
     StoreICParameters p(context, receiver, var_unique.value(), value,
-                        base::nullopt, slot, maybe_vector,
+                        std::nullopt, slot, maybe_vector,
                         StoreICMode::kDefault);
     ExitPoint direct_exit(this);
     EmitGenericPropertyStore(CAST(receiver), receiver_map, instance_type, &p,
@@ -1276,7 +1278,7 @@ void KeyedStoreGenericAssembler::StoreIC_NoFeedback() {
     // checks, strings and string wrappers, proxies) are handled in the runtime.
     GotoIf(IsSpecialReceiverInstanceType(instance_type), &miss);
     {
-      StoreICParameters p(context, receiver, name, value, base::nullopt, {},
+      StoreICParameters p(context, receiver, name, value, std::nullopt, {},
                           UndefinedConstant(),
                           IsDefineNamedOwn() ? StoreICMode::kDefineNamedOwn
                                              : StoreICMode::kDefault);
@@ -1302,7 +1304,7 @@ void KeyedStoreGenericAssembler::StoreProperty(TNode<Context> context,
                                                TNode<Name> unique_name,
                                                TNode<Object> value,
                                                LanguageMode language_mode) {
-  StoreICParameters p(context, receiver, unique_name, value, base::nullopt, {},
+  StoreICParameters p(context, receiver, unique_name, value, std::nullopt, {},
                       UndefinedConstant(), StoreICMode::kDefault);
 
   Label done(this), slow(this, Label::kDeferred);
diff --git a/deps/v8/src/ic/unary-op-assembler.cc b/deps/v8/src/ic/unary-op-assembler.cc
index dd9d5af06bd95c..be0482749b1ddb 100644
--- a/deps/v8/src/ic/unary-op-assembler.cc
+++ b/deps/v8/src/ic/unary-op-assembler.cc
@@ -80,39 +80,39 @@ class UnaryOpAssemblerImpl final : public CodeStubAssembler {
                        TNode<UintPtrT> slot,
                        TNode<HeapObject> maybe_feedback_vector,
                        UpdateFeedbackMode update_feedback_mode) {
-    SmiOperation smi_op = [=](TNode<Smi> smi_value,
-                              TVariable<Smi>* var_feedback, Label* do_float_op,
-                              TVariable<Float64T>* var_float) {
-      TVARIABLE(Number, var_result);
-      Label if_zero(this), if_min_smi(this), end(this);
-      // Return -0 if operand is 0.
-      GotoIf(SmiEqual(smi_value, SmiConstant(0)), &if_zero);
-
-      // Special-case the minimum Smi to avoid overflow.
-      GotoIf(SmiEqual(smi_value, SmiConstant(Smi::kMinValue)), &if_min_smi);
-
-      // Else simply subtract operand from 0.
-      CombineFeedback(var_feedback, BinaryOperationFeedback::kSignedSmall);
-      var_result = SmiSub(SmiConstant(0), smi_value);
-      Goto(&end);
-
-      BIND(&if_zero);
-      CombineFeedback(var_feedback, BinaryOperationFeedback::kNumber);
-      var_result = MinusZeroConstant();
-      Goto(&end);
-
-      BIND(&if_min_smi);
-      *var_float = SmiToFloat64(smi_value);
-      Goto(do_float_op);
-
-      BIND(&end);
-      return var_result.value();
-    };
-    FloatOperation float_op = [=](TNode<Float64T> float_value) {
+    SmiOperation smi_op =
+        [=, this](TNode<Smi> smi_value, TVariable<Smi>* var_feedback,
+                  Label* do_float_op, TVariable<Float64T>* var_float) {
+          TVARIABLE(Number, var_result);
+          Label if_zero(this), if_min_smi(this), end(this);
+          // Return -0 if operand is 0.
+          GotoIf(SmiEqual(smi_value, SmiConstant(0)), &if_zero);
+
+          // Special-case the minimum Smi to avoid overflow.
+          GotoIf(SmiEqual(smi_value, SmiConstant(Smi::kMinValue)), &if_min_smi);
+
+          // Else simply subtract operand from 0.
+          CombineFeedback(var_feedback, BinaryOperationFeedback::kSignedSmall);
+          var_result = SmiSub(SmiConstant(0), smi_value);
+          Goto(&end);
+
+          BIND(&if_zero);
+          CombineFeedback(var_feedback, BinaryOperationFeedback::kNumber);
+          var_result = MinusZeroConstant();
+          Goto(&end);
+
+          BIND(&if_min_smi);
+          *var_float = SmiToFloat64(smi_value);
+          Goto(do_float_op);
+
+          BIND(&end);
+          return var_result.value();
+        };
+    FloatOperation float_op = [=, this](TNode<Float64T> float_value) {
       return Float64Neg(float_value);
     };
-    BigIntOperation bigint_op = [=](TNode<Context> context,
-                                    TNode<HeapObject> bigint_value) {
+    BigIntOperation bigint_op = [=, this](TNode<Context> context,
+                                          TNode<HeapObject> bigint_value) {
       return CAST(CallRuntime(Runtime::kBigIntUnaryOp, context, bigint_value,
                               SmiConstant(Operation::kNegate)));
     };
@@ -245,9 +245,10 @@ class UnaryOpAssemblerImpl final : public CodeStubAssembler {
     static constexpr int kAddValue =
         (kOperation == Operation::kIncrement) ? 1 : -1;
 
-    SmiOperation smi_op = [=](TNode<Smi> smi_value,
-                              TVariable<Smi>* var_feedback, Label* do_float_op,
-                              TVariable<Float64T>* var_float) {
+    SmiOperation smi_op = [=, this](TNode<Smi> smi_value,
+                                    TVariable<Smi>* var_feedback,
+                                    Label* do_float_op,
+                                    TVariable<Float64T>* var_float) {
       Label if_overflow(this), out(this);
       TNode<Smi> result =
           TrySmiAdd(smi_value, SmiConstant(kAddValue), &if_overflow);
@@ -261,11 +262,11 @@ class UnaryOpAssemblerImpl final : public CodeStubAssembler {
       BIND(&out);
       return result;
     };
-    FloatOperation float_op = [=](TNode<Float64T> float_value) {
+    FloatOperation float_op = [=, this](TNode<Float64T> float_value) {
       return Float64Add(float_value, Float64Constant(kAddValue));
     };
-    BigIntOperation bigint_op = [=](TNode<Context> context,
-                                    TNode<HeapObject> bigint_value) {
+    BigIntOperation bigint_op = [=, this](TNode<Context> context,
+                                          TNode<HeapObject> bigint_value) {
       return CAST(CallRuntime(Runtime::kBigIntUnaryOp, context, bigint_value,
                               SmiConstant(kOperation)));
     };
diff --git a/deps/v8/src/init/bootstrapper.cc b/deps/v8/src/init/bootstrapper.cc
index 4abbab6e9ed295..25cbc5ce3fe4e0 100644
--- a/deps/v8/src/init/bootstrapper.cc
+++ b/deps/v8/src/init/bootstrapper.cc
@@ -236,7 +236,7 @@ class Genesis {
   void HookUpGlobalObject(Handle<JSGlobalObject> global_object);
   // Hooks the given global proxy into the context in the case we do not
   // replace the global object from the deserialized native context.
-  void HookUpGlobalProxy(Handle<JSGlobalProxy> global_proxy);
+  void HookUpGlobalProxy(DirectHandle<JSGlobalProxy> global_proxy);
   // The native context has a ScriptContextTable that store declarative bindings
   // made in script scopes.  Add a "this" binding to that table pointing to the
   // global proxy.
@@ -408,17 +408,33 @@ bool IsFunctionMapOrSpecialBuiltin(DirectHandle<Map> map, Builtin builtin,
 }
 #endif  // DEBUG
 
+Handle<SharedFunctionInfo> CreateSharedFunctionInfoForBuiltin(
+    Isolate* isolate, Handle<String> name, Builtin builtin, int len,
+    bool adapt) {
+  Handle<SharedFunctionInfo> info =
+      isolate->factory()->NewSharedFunctionInfoForBuiltin(name, builtin);
+  info->set_language_mode(LanguageMode::kStrict);
+
+  info->set_length(len);
+  if (adapt) {
+    info->set_internal_formal_parameter_count(JSParameterCount(len));
+  } else {
+    info->DontAdaptArguments();
+  }
+
+  return info;
+}
+
 V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltin(Isolate* isolate,
                                                         Handle<String> name,
                                                         Handle<Map> map,
-                                                        Builtin builtin) {
-  Factory* factory = isolate->factory();
+                                                        Builtin builtin,
+                                                        int len, bool adapt) {
   Handle<NativeContext> context(isolate->native_context());
   DCHECK(IsFunctionMapOrSpecialBuiltin(map, builtin, context));
 
   Handle<SharedFunctionInfo> info =
-      factory->NewSharedFunctionInfoForBuiltin(name, builtin);
-  info->set_language_mode(LanguageMode::kStrict);
+      CreateSharedFunctionInfoForBuiltin(isolate, name, builtin, len, adapt);
 
   return Factory::JSFunctionBuilder{isolate, info, context}
       .set_map(map)
@@ -428,7 +444,8 @@ V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltin(Isolate* isolate,
 V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltinWithPrototype(
     Isolate* isolate, Handle<String> name, Builtin builtin,
     Handle<HeapObject> prototype, InstanceType type, int instance_size,
-    int inobject_properties, MutableMode prototype_mutability) {
+    int inobject_properties, MutableMode prototype_mutability, int len,
+    bool adapt) {
   Factory* factory = isolate->factory();
   Handle<NativeContext> context(isolate->native_context());
   Handle<Map> map =
@@ -438,8 +455,7 @@ V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltinWithPrototype(
   DCHECK(IsFunctionMapOrSpecialBuiltin(map, builtin, context));
 
   Handle<SharedFunctionInfo> info =
-      factory->NewSharedFunctionInfoForBuiltin(name, builtin);
-  info->set_language_mode(LanguageMode::kStrict);
+      CreateSharedFunctionInfoForBuiltin(isolate, name, builtin, len, adapt);
   info->set_expected_nof_properties(inobject_properties);
 
   Handle<JSFunction> result =
@@ -478,15 +494,14 @@ V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltinWithPrototype(
 }
 
 V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltinWithoutPrototype(
-    Isolate* isolate, Handle<String> name, Builtin builtin) {
-  Factory* factory = isolate->factory();
+    Isolate* isolate, Handle<String> name, Builtin builtin, int len,
+    bool adapt) {
   Handle<NativeContext> context(isolate->native_context());
   Handle<Map> map = isolate->strict_function_without_prototype_map();
   DCHECK(IsFunctionMapOrSpecialBuiltin(map, builtin, context));
 
   Handle<SharedFunctionInfo> info =
-      factory->NewSharedFunctionInfoForBuiltin(name, builtin);
-  info->set_language_mode(LanguageMode::kStrict);
+      CreateSharedFunctionInfoForBuiltin(isolate, name, builtin, len, adapt);
 
   return Factory::JSFunctionBuilder{isolate, info, context}
       .set_map(map)
@@ -495,12 +510,13 @@ V8_NOINLINE Handle<JSFunction> CreateFunctionForBuiltinWithoutPrototype(
 
 V8_NOINLINE Handle<JSFunction> CreateFunction(
     Isolate* isolate, Handle<String> name, InstanceType type, int instance_size,
-    int inobject_properties, Handle<HeapObject> prototype, Builtin builtin) {
+    int inobject_properties, Handle<HeapObject> prototype, Builtin builtin,
+    int len, bool adapt) {
   DCHECK(Builtins::HasJSLinkage(builtin));
 
   Handle<JSFunction> result = CreateFunctionForBuiltinWithPrototype(
       isolate, name, builtin, prototype, type, instance_size,
-      inobject_properties, IMMUTABLE);
+      inobject_properties, IMMUTABLE, len, adapt);
 
   // Make the JSFunction's prototype object fast.
   JSObject::MakePrototypesFast(handle(result->prototype(), isolate),
@@ -514,19 +530,21 @@ V8_NOINLINE Handle<JSFunction> CreateFunction(
 
 V8_NOINLINE Handle<JSFunction> CreateFunction(
     Isolate* isolate, const char* name, InstanceType type, int instance_size,
-    int inobject_properties, Handle<HeapObject> prototype, Builtin builtin) {
-  return CreateFunction(isolate,
-                        isolate->factory()->InternalizeUtf8String(name), type,
-                        instance_size, inobject_properties, prototype, builtin);
+    int inobject_properties, Handle<HeapObject> prototype, Builtin builtin,
+    int len, bool adapt) {
+  return CreateFunction(
+      isolate, isolate->factory()->InternalizeUtf8String(name), type,
+      instance_size, inobject_properties, prototype, builtin, len, adapt);
 }
 
 V8_NOINLINE Handle<JSFunction> InstallFunction(
     Isolate* isolate, Handle<JSObject> target, Handle<String> name,
     InstanceType type, int instance_size, int inobject_properties,
-    Handle<HeapObject> prototype, Builtin call) {
+    Handle<HeapObject> prototype, Builtin call, int len, bool adapt) {
   DCHECK(Builtins::HasJSLinkage(call));
-  Handle<JSFunction> function = CreateFunction(
-      isolate, name, type, instance_size, inobject_properties, prototype, call);
+  Handle<JSFunction> function =
+      CreateFunction(isolate, name, type, instance_size, inobject_properties,
+                     prototype, call, len, adapt);
   JSObject::AddProperty(isolate, target, name, function, DONT_ENUM);
   return function;
 }
@@ -534,10 +552,10 @@ V8_NOINLINE Handle<JSFunction> InstallFunction(
 V8_NOINLINE Handle<JSFunction> InstallFunction(
     Isolate* isolate, Handle<JSObject> target, const char* name,
     InstanceType type, int instance_size, int inobject_properties,
-    Handle<HeapObject> prototype, Builtin call) {
-  return InstallFunction(isolate, target,
-                         isolate->factory()->InternalizeUtf8String(name), type,
-                         instance_size, inobject_properties, prototype, call);
+    Handle<HeapObject> prototype, Builtin call, int len, bool adapt) {
+  return InstallFunction(
+      isolate, target, isolate->factory()->InternalizeUtf8String(name), type,
+      instance_size, inobject_properties, prototype, call, len, adapt);
 }
 
 // This sets a constructor instance type on the constructor map which will be
@@ -573,17 +591,10 @@ V8_NOINLINE Handle<JSFunction> SimpleCreateFunction(Isolate* isolate,
   DCHECK(Builtins::HasJSLinkage(call));
   name = String::Flatten(isolate, name, AllocationType::kOld);
   Handle<JSFunction> fun =
-      CreateFunctionForBuiltinWithoutPrototype(isolate, name, call);
+      CreateFunctionForBuiltinWithoutPrototype(isolate, name, call, len, adapt);
   // Make the resulting JSFunction object fast.
   JSObject::MakePrototypesFast(fun, kStartAtReceiver, isolate);
   fun->shared()->set_native(true);
-
-  if (adapt) {
-    fun->shared()->set_internal_formal_parameter_count(JSParameterCount(len));
-  } else {
-    fun->shared()->DontAdaptArguments();
-  }
-  fun->shared()->set_length(len);
   return fun;
 }
 
@@ -639,13 +650,13 @@ V8_NOINLINE void SimpleInstallGetterSetter(Isolate* isolate,
   Handle<String> getter_name =
       Name::ToFunctionName(isolate, name, isolate->factory()->get_string())
           .ToHandleChecked();
-  Handle<JSFunction> getter =
+  DirectHandle<JSFunction> getter =
       SimpleCreateFunction(isolate, getter_name, call_getter, 0, true);
 
   Handle<String> setter_name =
       Name::ToFunctionName(isolate, name, isolate->factory()->set_string())
           .ToHandleChecked();
-  Handle<JSFunction> setter =
+  DirectHandle<JSFunction> setter =
       SimpleCreateFunction(isolate, setter_name, call_setter, 1, true);
 
   JSObject::DefineOwnAccessorIgnoreAttributes(base, name, getter, setter,
@@ -672,7 +683,7 @@ V8_NOINLINE Handle<JSFunction> SimpleInstallGetter(Isolate* isolate,
   Handle<JSFunction> getter =
       SimpleCreateFunction(isolate, getter_name, call, 0, adapt);
 
-  Handle<Object> setter = isolate->factory()->undefined_value();
+  DirectHandle<Object> setter = isolate->factory()->undefined_value();
 
   JSObject::DefineOwnAccessorIgnoreAttributes(base, property_name, getter,
                                               setter, DONT_ENUM)
@@ -689,7 +700,7 @@ V8_NOINLINE Handle<JSFunction> SimpleInstallGetter(Isolate* isolate,
 }
 
 V8_NOINLINE void InstallConstant(Isolate* isolate, Handle<JSObject> holder,
-                                 const char* name, Handle<Object> value) {
+                                 const char* name, DirectHandle<Object> value) {
   JSObject::AddProperty(
       isolate, holder, isolate->factory()->InternalizeUtf8String(name), value,
       static_cast<PropertyAttributes>(DONT_DELETE | DONT_ENUM | READ_ONLY));
@@ -714,7 +725,7 @@ V8_NOINLINE void InstallSpeciesGetter(Isolate* isolate,
 }
 
 V8_NOINLINE void InstallToStringTag(Isolate* isolate, Handle<JSObject> holder,
-                                    Handle<String> value) {
+                                    DirectHandle<String> value) {
   JSObject::AddProperty(isolate, holder,
                         isolate->factory()->to_string_tag_symbol(), value,
                         static_cast<PropertyAttributes>(DONT_ENUM | READ_ONLY));
@@ -760,9 +771,9 @@ Handle<JSFunction> Genesis::CreateEmptyFunction() {
 
   // Allocate the empty function as the prototype for function according to
   // ES#sec-properties-of-the-function-prototype-object
-  Handle<JSFunction> empty_function =
-      CreateFunctionForBuiltin(isolate(), factory()->empty_string(),
-                               empty_function_map, Builtin::kEmptyFunction);
+  Handle<JSFunction> empty_function = CreateFunctionForBuiltin(
+      isolate(), factory()->empty_string(), empty_function_map,
+      Builtin::kEmptyFunction, 0, false);
   empty_function_map->SetConstructor(*empty_function);
   native_context()->set_empty_function(*empty_function);
 
@@ -771,12 +782,11 @@ Handle<JSFunction> Genesis::CreateEmptyFunction() {
   DirectHandle<Script> script = factory()->NewScript(source);
   script->set_type(Script::Type::kNative);
   DirectHandle<WeakFixedArray> infos = factory()->NewWeakFixedArray(2);
-  script->set_shared_function_infos(*infos);
+  script->set_infos(*infos);
   ReadOnlyRoots roots{isolate()};
   Tagged<SharedFunctionInfo> sfi = empty_function->shared();
   sfi->set_raw_scope_info(roots.empty_function_scope_info());
-  sfi->DontAdaptArguments();
-  sfi->SetScript(roots, *script, 1);
+  sfi->SetScript(isolate(), roots, *script, 1);
   sfi->UpdateFunctionMapIndex();
 
   return empty_function;
@@ -784,7 +794,7 @@ Handle<JSFunction> Genesis::CreateEmptyFunction() {
 
 void Genesis::CreateSloppyModeFunctionMaps(Handle<JSFunction> empty) {
   Factory* factory = isolate_->factory();
-  Handle<Map> map;
+  DirectHandle<Map> map;
 
   //
   // Allocate maps for sloppy functions without prototype.
@@ -817,8 +827,7 @@ Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic() {
   }
   Handle<String> name = factory()->empty_string();
   Handle<JSFunction> function = CreateFunctionForBuiltinWithoutPrototype(
-      isolate(), name, Builtin::kStrictPoisonPillThrower);
-  function->shared()->DontAdaptArguments();
+      isolate(), name, Builtin::kStrictPoisonPillThrower, 0, true);
 
   // %ThrowTypeError% must have a name property with an empty string value. Per
   // spec, ThrowTypeError's name is non-configurable, unlike ordinary functions'
@@ -849,7 +858,7 @@ Handle<JSFunction> Genesis::GetThrowTypeErrorIntrinsic() {
 
 void Genesis::CreateStrictModeFunctionMaps(Handle<JSFunction> empty) {
   Factory* factory = isolate_->factory();
-  Handle<Map> map;
+  DirectHandle<Map> map;
 
   //
   // Allocate maps for strict functions without prototype.
@@ -896,11 +905,10 @@ void Genesis::CreateObjectFunction(DirectHandle<JSFunction> empty_function) {
   int inobject_properties = JSObject::kInitialGlobalObjectUnusedPropertiesCount;
   int instance_size = JSObject::kHeaderSize + kTaggedSize * inobject_properties;
 
-  Handle<JSFunction> object_fun = CreateFunction(
-      isolate_, factory->Object_string(), JS_OBJECT_TYPE, instance_size,
-      inobject_properties, factory->null_value(), Builtin::kObjectConstructor);
-  object_fun->shared()->set_length(1);
-  object_fun->shared()->DontAdaptArguments();
+  DirectHandle<JSFunction> object_fun =
+      CreateFunction(isolate_, factory->Object_string(), JS_OBJECT_TYPE,
+                     instance_size, inobject_properties, factory->null_value(),
+                     Builtin::kObjectConstructor, 1, false);
   native_context()->set_object_function(*object_fun);
 
   {
@@ -1053,7 +1061,7 @@ void Genesis::CreateIteratorMaps(Handle<JSFunction> empty) {
   // writable, non-enumerable, and non-configurable (as per ES6 draft
   // 04-14-15, section 25.2.4.3).
   // Generator functions do not have "caller" or "arguments" accessors.
-  Handle<Map> map;
+  DirectHandle<Map> map;
   map = CreateNonConstructorMap(isolate(), isolate()->strict_function_map(),
                                 generator_function_prototype,
                                 "GeneratorFunction");
@@ -1158,7 +1166,7 @@ void Genesis::CreateAsyncIteratorMaps(Handle<JSFunction> empty) {
   // writable, non-enumerable, and non-configurable (as per ES6 draft
   // 04-14-15, section 25.2.4.3).
   // Async Generator functions do not have "caller" or "arguments" accessors.
-  Handle<Map> map;
+  DirectHandle<Map> map;
   map = CreateNonConstructorMap(isolate(), isolate()->strict_function_map(),
                                 async_generator_function_prototype,
                                 "AsyncGeneratorFunction");
@@ -1187,7 +1195,7 @@ void Genesis::CreateAsyncFunctionMaps(Handle<JSFunction> empty) {
 
   InstallToStringTag(isolate(), async_function_prototype, "AsyncFunction");
 
-  Handle<Map> map =
+  DirectHandle<Map> map =
       Map::Copy(isolate(), isolate()->strict_function_without_prototype_map(),
                 "AsyncFunction");
   Map::SetPrototype(isolate(), map, async_function_prototype);
@@ -1370,7 +1378,7 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
   //
   // --- G l o b a l ---
   // Step 1: Create a fresh JSGlobalObject.
-  Handle<JSFunction> js_global_object_function;
+  DirectHandle<JSFunction> js_global_object_function;
   Handle<ObjectTemplateInfo> js_global_object_template;
   if (!global_proxy_template.IsEmpty()) {
     // Get prototype template of the global_proxy_template.
@@ -1391,7 +1399,7 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
         factory()->NewFunctionPrototype(isolate()->object_function());
     js_global_object_function = CreateFunctionForBuiltinWithPrototype(
         isolate(), name, Builtin::kIllegal, prototype, JS_GLOBAL_OBJECT_TYPE,
-        JSGlobalObject::kHeaderSize, 0, MUTABLE);
+        JSGlobalObject::kHeaderSize, 0, MUTABLE, 0, true);
 #ifdef DEBUG
     LookupIterator it(isolate(), prototype, factory()->constructor_string(),
                       LookupIterator::OWN_SKIP_INTERCEPTOR);
@@ -1416,13 +1424,13 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
       factory()->NewJSGlobalObject(js_global_object_function);
 
   // Step 2: (re)initialize the global proxy object.
-  Handle<JSFunction> global_proxy_function;
+  DirectHandle<JSFunction> global_proxy_function;
   if (global_proxy_template.IsEmpty()) {
     Handle<String> name = factory()->empty_string();
     global_proxy_function = CreateFunctionForBuiltinWithPrototype(
         isolate(), name, Builtin::kIllegal, factory()->the_hole_value(),
         JS_GLOBAL_PROXY_TYPE, JSGlobalProxy::SizeWithEmbedderFields(0), 0,
-        MUTABLE);
+        MUTABLE, 0, true);
   } else {
     DirectHandle<ObjectTemplateInfo> data =
         v8::Utils::OpenDirectHandle(*global_proxy_template);
@@ -1456,7 +1464,7 @@ Handle<JSGlobalObject> Genesis::CreateNewGlobals(
   return global_object;
 }
 
-void Genesis::HookUpGlobalProxy(Handle<JSGlobalProxy> global_proxy) {
+void Genesis::HookUpGlobalProxy(DirectHandle<JSGlobalProxy> global_proxy) {
   // Re-initialize the global proxy with the global proxy function from the
   // snapshot, and then set up the link to the native context.
   DirectHandle<JSFunction> global_proxy_function(
@@ -1491,7 +1499,7 @@ void Genesis::HookUpGlobalObject(Handle<JSGlobalObject> global_object) {
 static void InstallWithIntrinsicDefaultProto(Isolate* isolate,
                                              Handle<JSFunction> function,
                                              int context_index) {
-  Handle<Smi> index(Smi::FromInt(context_index), isolate);
+  DirectHandle<Smi> index(Smi::FromInt(context_index), isolate);
   JSObject::AddProperty(isolate, function,
                         isolate->factory()->native_context_index_symbol(),
                         index, NONE);
@@ -1510,11 +1518,10 @@ static void InstallError(Isolate* isolate, Handle<JSObject> global,
   const int in_object_properties = 3;
   const int kErrorObjectSize =
       JSObject::kHeaderSize + in_object_properties * kTaggedSize;
-  Handle<JSFunction> error_fun = InstallFunction(
-      isolate, global, name, JS_ERROR_TYPE, kErrorObjectSize,
-      in_object_properties, factory->the_hole_value(), error_constructor);
-  error_fun->shared()->DontAdaptArguments();
-  error_fun->shared()->set_length(error_function_length);
+  Handle<JSFunction> error_fun =
+      InstallFunction(isolate, global, name, JS_ERROR_TYPE, kErrorObjectSize,
+                      in_object_properties, factory->the_hole_value(),
+                      error_constructor, error_function_length, false);
 
   if (context_index == Context::ERROR_FUNCTION_INDEX) {
     SimpleInstallFunction(isolate, error_fun, "captureStackTrace",
@@ -1634,9 +1641,7 @@ Handle<JSObject> InitializeTemporal(Isolate* isolate) {
   Handle<JSFunction> obj_func = InstallFunction(                               \
       isolate, temporal, #N, JS_TEMPORAL_##U##_TYPE,                           \
       JSTemporal##N::kHeaderSize, 0, isolate->factory()->the_hole_value(),     \
-      Builtin::kTemporal##N##Constructor);                                     \
-  obj_func->shared()->set_length(NUM_ARGS);                                    \
-  obj_func->shared()->DontAdaptArguments();                                    \
+      Builtin::kTemporal##N##Constructor, NUM_ARGS, false);                    \
   InstallWithIntrinsicDefaultProto(isolate, obj_func,                          \
                                    Context::JS_TEMPORAL_##U##_FUNCTION_INDEX); \
   Handle<JSObject> prototype(Cast<JSObject>(obj_func->instance_prototype()),   \
@@ -2258,7 +2263,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- C o n t e x t
     Handle<Map> meta_map(native_context()->meta_map(), isolate());
 
-    Handle<Map> map = factory->NewMapWithMetaMap(
+    DirectHandle<Map> map = factory->NewMapWithMetaMap(
         meta_map, FUNCTION_CONTEXT_TYPE, kVariableSizeSentinel);
     map->set_native_context(*native_context());
     native_context()->set_function_context_map(*map);
@@ -2418,12 +2423,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     Handle<JSFunction> function_fun =
         InstallFunction(isolate_, global, "Function", JS_FUNCTION_TYPE,
                         JSFunction::kSizeWithPrototype, 0, prototype,
-                        Builtin::kFunctionConstructor);
+                        Builtin::kFunctionConstructor, 1, false);
     // Function instances are sloppy by default.
     function_fun->set_prototype_or_initial_map(*isolate_->sloppy_function_map(),
                                                kReleaseStore);
-    function_fun->shared()->DontAdaptArguments();
-    function_fun->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(isolate_, function_fun,
                                      Context::FUNCTION_FUNCTION_INDEX);
     native_context()->set_function_prototype(*prototype);
@@ -2471,16 +2474,14 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     }
   }
 
-  Handle<JSFunction> array_prototype_to_string_fun;
+  DirectHandle<JSFunction> array_prototype_to_string_fun;
   {  // --- A r r a y ---
+    // This seems a bit hackish, but we need to make sure Array.length is 1.
+    int length = 1;
     Handle<JSFunction> array_function = InstallFunction(
         isolate_, global, "Array", JS_ARRAY_TYPE, JSArray::kHeaderSize, 0,
-        isolate_->initial_object_prototype(), Builtin::kArrayConstructor);
-    array_function->shared()->DontAdaptArguments();
-
-    // This seems a bit hackish, but we need to make sure Array.length
-    // is 1.
-    array_function->shared()->set_length(1);
+        isolate_->initial_object_prototype(), Builtin::kArrayConstructor,
+        length, false);
 
     Handle<Map> initial_map(array_function->initial_map(), isolate());
 
@@ -2583,7 +2584,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
           isolate_, proto, "entries", Builtin::kArrayPrototypeEntries, 0, true);
       native_context()->set_array_entries_iterator(*entries);
 
-      Handle<JSFunction> values = InstallFunctionWithBuiltinId(
+      DirectHandle<JSFunction> values = InstallFunctionWithBuiltinId(
           isolate_, proto, "values", Builtin::kArrayPrototypeValues, 0, true);
       JSObject::AddProperty(isolate_, proto, factory->iterator_symbol(), values,
                             DONT_ENUM);
@@ -2673,7 +2674,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     DirectHandle<JSFunction> array_iterator_function =
         CreateFunction(isolate_, factory->ArrayIterator_string(),
                        JS_ARRAY_ITERATOR_TYPE, JSArrayIterator::kHeaderSize, 0,
-                       array_iterator_prototype, Builtin::kIllegal);
+                       array_iterator_prototype, Builtin::kIllegal, 0, true);
     array_iterator_function->shared()->set_native(false);
 
     native_context()->set_initial_array_iterator_map(
@@ -2683,12 +2684,11 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // --- N u m b e r ---
-    Handle<JSFunction> number_fun = InstallFunction(
-        isolate_, global, "Number", JS_PRIMITIVE_WRAPPER_TYPE,
-        JSPrimitiveWrapper::kHeaderSize, 0,
-        isolate_->initial_object_prototype(), Builtin::kNumberConstructor);
-    number_fun->shared()->DontAdaptArguments();
-    number_fun->shared()->set_length(1);
+    Handle<JSFunction> number_fun =
+        InstallFunction(isolate_, global, "Number", JS_PRIMITIVE_WRAPPER_TYPE,
+                        JSPrimitiveWrapper::kHeaderSize, 0,
+                        isolate_->initial_object_prototype(),
+                        Builtin::kNumberConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, number_fun,
                                      Context::NUMBER_FUNCTION_INDEX);
 
@@ -2728,7 +2728,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
                           Builtin::kNumberIsSafeInteger, 1, true);
 
     // Install Number.parseFloat and Global.parseFloat.
-    Handle<JSFunction> parse_float_fun =
+    DirectHandle<JSFunction> parse_float_fun =
         SimpleInstallFunction(isolate_, number_fun, "parseFloat",
                               Builtin::kNumberParseFloat, 1, true);
     JSObject::AddProperty(isolate_, global_object, "parseFloat",
@@ -2736,7 +2736,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     native_context()->set_global_parse_float_fun(*parse_float_fun);
 
     // Install Number.parseInt and Global.parseInt.
-    Handle<JSFunction> parse_int_fun = SimpleInstallFunction(
+    DirectHandle<JSFunction> parse_int_fun = SimpleInstallFunction(
         isolate_, number_fun, "parseInt", Builtin::kNumberParseInt, 2, true);
     JSObject::AddProperty(isolate_, global_object, "parseInt", parse_int_fun,
                           DONT_ENUM);
@@ -2768,12 +2768,11 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // --- B o o l e a n ---
-    Handle<JSFunction> boolean_fun = InstallFunction(
-        isolate_, global, "Boolean", JS_PRIMITIVE_WRAPPER_TYPE,
-        JSPrimitiveWrapper::kHeaderSize, 0,
-        isolate_->initial_object_prototype(), Builtin::kBooleanConstructor);
-    boolean_fun->shared()->DontAdaptArguments();
-    boolean_fun->shared()->set_length(1);
+    Handle<JSFunction> boolean_fun =
+        InstallFunction(isolate_, global, "Boolean", JS_PRIMITIVE_WRAPPER_TYPE,
+                        JSPrimitiveWrapper::kHeaderSize, 0,
+                        isolate_->initial_object_prototype(),
+                        Builtin::kBooleanConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, boolean_fun,
                                      Context::BOOLEAN_FUNCTION_INDEX);
 
@@ -2795,12 +2794,11 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // --- S t r i n g ---
-    Handle<JSFunction> string_fun = InstallFunction(
-        isolate_, global, "String", JS_PRIMITIVE_WRAPPER_TYPE,
-        JSPrimitiveWrapper::kHeaderSize, 0,
-        isolate_->initial_object_prototype(), Builtin::kStringConstructor);
-    string_fun->shared()->DontAdaptArguments();
-    string_fun->shared()->set_length(1);
+    Handle<JSFunction> string_fun =
+        InstallFunction(isolate_, global, "String", JS_PRIMITIVE_WRAPPER_TYPE,
+                        JSPrimitiveWrapper::kHeaderSize, 0,
+                        isolate_->initial_object_prototype(),
+                        Builtin::kStringConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, string_fun,
                                      Context::STRING_FUNCTION_INDEX);
 
@@ -2936,14 +2934,14 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
                           Builtin::kStringPrototypeTrim, 0, false);
 
     // Install `String.prototype.trimStart` with `trimLeft` alias.
-    Handle<JSFunction> trim_start_fun =
+    DirectHandle<JSFunction> trim_start_fun =
         SimpleInstallFunction(isolate_, prototype, "trimStart",
                               Builtin::kStringPrototypeTrimStart, 0, false);
     JSObject::AddProperty(isolate_, prototype, "trimLeft", trim_start_fun,
                           DONT_ENUM);
 
     // Install `String.prototype.trimEnd` with `trimRight` alias.
-    Handle<JSFunction> trim_end_fun =
+    DirectHandle<JSFunction> trim_end_fun =
         SimpleInstallFunction(isolate_, prototype, "trimEnd",
                               Builtin::kStringPrototypeTrimEnd, 0, false);
     JSObject::AddProperty(isolate_, prototype, "trimRight", trim_end_fun,
@@ -2993,7 +2991,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     DirectHandle<JSFunction> string_iterator_function = CreateFunction(
         isolate_, factory->InternalizeUtf8String("StringIterator"),
         JS_STRING_ITERATOR_TYPE, JSStringIterator::kHeaderSize, 0,
-        string_iterator_prototype, Builtin::kIllegal);
+        string_iterator_prototype, Builtin::kIllegal, 0, true);
     string_iterator_function->shared()->set_native(false);
     native_context()->set_initial_string_iterator_map(
         string_iterator_function->initial_map());
@@ -3002,12 +3000,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // --- S y m b o l ---
-    Handle<JSFunction> symbol_fun =
-        InstallFunction(isolate_, global, "Symbol", JS_PRIMITIVE_WRAPPER_TYPE,
-                        JSPrimitiveWrapper::kHeaderSize, 0,
-                        factory->the_hole_value(), Builtin::kSymbolConstructor);
-    symbol_fun->shared()->set_length(0);
-    symbol_fun->shared()->DontAdaptArguments();
+    Handle<JSFunction> symbol_fun = InstallFunction(
+        isolate_, global, "Symbol", JS_PRIMITIVE_WRAPPER_TYPE,
+        JSPrimitiveWrapper::kHeaderSize, 0, factory->the_hole_value(),
+        Builtin::kSymbolConstructor, 0, false);
     native_context()->set_symbol_function(*symbol_fun);
 
     // Install the Symbol.for and Symbol.keyFor functions.
@@ -3069,11 +3065,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // --- D a t e ---
     Handle<JSFunction> date_fun = InstallFunction(
         isolate_, global, "Date", JS_DATE_TYPE, JSDate::kHeaderSize, 0,
-        factory->the_hole_value(), Builtin::kDateConstructor);
+        factory->the_hole_value(), Builtin::kDateConstructor, 7, false);
     InstallWithIntrinsicDefaultProto(isolate_, date_fun,
                                      Context::DATE_FUNCTION_INDEX);
-    date_fun->shared()->set_length(7);
-    date_fun->shared()->DontAdaptArguments();
 
     // Install the Date.now, Date.parse and Date.UTC functions.
     SimpleInstallFunction(isolate_, date_fun, "now", Builtin::kDateNow, 0,
@@ -3096,7 +3090,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
                           Builtin::kDatePrototypeToTimeString, 0, false);
     SimpleInstallFunction(isolate_, prototype, "toISOString",
                           Builtin::kDatePrototypeToISOString, 0, false);
-    Handle<JSFunction> to_utc_string =
+    DirectHandle<JSFunction> to_utc_string =
         SimpleInstallFunction(isolate_, prototype, "toUTCString",
                               Builtin::kDatePrototypeToUTCString, 0, false);
     JSObject::AddProperty(isolate_, prototype, "toGMTString", to_utc_string,
@@ -3204,14 +3198,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     Handle<JSFunction> promise_fun = InstallFunction(
         isolate_, global, "Promise", JS_PROMISE_TYPE,
         JSPromise::kSizeWithEmbedderFields, 0, factory->the_hole_value(),
-        Builtin::kPromiseConstructor);
+        Builtin::kPromiseConstructor, 1, true);
     InstallWithIntrinsicDefaultProto(isolate_, promise_fun,
                                      Context::PROMISE_FUNCTION_INDEX);
 
-    DirectHandle<SharedFunctionInfo> shared(promise_fun->shared(), isolate_);
-    shared->set_internal_formal_parameter_count(JSParameterCount(1));
-    shared->set_length(1);
-
     InstallSpeciesGetter(isolate_, promise_fun);
 
     DirectHandle<JSFunction> promise_all = InstallFunctionWithBuiltinId(
@@ -3275,12 +3265,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
         isolate_, global, "RegExp", JS_REG_EXP_TYPE,
         JSRegExp::kHeaderSize + JSRegExp::kInObjectFieldCount * kTaggedSize,
         JSRegExp::kInObjectFieldCount, factory->the_hole_value(),
-        Builtin::kRegExpConstructor);
+        Builtin::kRegExpConstructor, 2, true);
     InstallWithIntrinsicDefaultProto(isolate_, regexp_fun,
                                      Context::REGEXP_FUNCTION_INDEX);
-    DirectHandle<SharedFunctionInfo> shared(regexp_fun->shared(), isolate_);
-    shared->set_internal_formal_parameter_count(JSParameterCount(2));
-    shared->set_length(2);
 
     {
       // Setup %RegExpPrototype%.
@@ -3487,7 +3474,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     DirectHandle<JSFunction> regexp_string_iterator_function = CreateFunction(
         isolate(), "RegExpStringIterator", JS_REG_EXP_STRING_ITERATOR_TYPE,
         JSRegExpStringIterator::kHeaderSize, 0,
-        regexp_string_iterator_prototype, Builtin::kIllegal);
+        regexp_string_iterator_prototype, Builtin::kIllegal, 0, true);
     regexp_string_iterator_function->shared()->set_native(false);
     native_context()->set_initial_regexp_string_iterator_prototype_map(
         regexp_string_iterator_function->initial_map());
@@ -3548,8 +3535,8 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   native_context()->set_embedder_data(*embedder_data);
 
   {  // -- g l o b a l T h i s
-    Handle<JSGlobalProxy> global_proxy(native_context()->global_proxy(),
-                                       isolate_);
+    DirectHandle<JSGlobalProxy> global_proxy(native_context()->global_proxy(),
+                                             isolate_);
     JSObject::AddProperty(isolate_, global, factory->globalThis_string(),
                           global_proxy, DONT_ENUM);
   }
@@ -3679,9 +3666,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> date_time_format_constructor = InstallFunction(
           isolate_, intl, "DateTimeFormat", JS_DATE_TIME_FORMAT_TYPE,
           JSDateTimeFormat::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kDateTimeFormatConstructor);
-      date_time_format_constructor->shared()->set_length(0);
-      date_time_format_constructor->shared()->DontAdaptArguments();
+          Builtin::kDateTimeFormatConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(
           isolate_, date_time_format_constructor,
           Context::INTL_DATE_TIME_FORMAT_FUNCTION_INDEX);
@@ -3718,9 +3703,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> number_format_constructor = InstallFunction(
           isolate_, intl, "NumberFormat", JS_NUMBER_FORMAT_TYPE,
           JSNumberFormat::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kNumberFormatConstructor);
-      number_format_constructor->shared()->set_length(0);
-      number_format_constructor->shared()->DontAdaptArguments();
+          Builtin::kNumberFormatConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(
           isolate_, number_format_constructor,
           Context::INTL_NUMBER_FORMAT_FUNCTION_INDEX);
@@ -3753,10 +3736,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     }
 
     {  // -- C o l l a t o r
-      Handle<JSFunction> collator_constructor = InstallFunction(
-          isolate_, intl, "Collator", JS_COLLATOR_TYPE, JSCollator::kHeaderSize,
-          0, factory->the_hole_value(), Builtin::kCollatorConstructor);
-      collator_constructor->shared()->DontAdaptArguments();
+      Handle<JSFunction> collator_constructor =
+          InstallFunction(isolate_, intl, "Collator", JS_COLLATOR_TYPE,
+                          JSCollator::kHeaderSize, 0, factory->the_hole_value(),
+                          Builtin::kCollatorConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(isolate_, collator_constructor,
                                        Context::INTL_COLLATOR_FUNCTION_INDEX);
 
@@ -3781,8 +3764,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> v8_break_iterator_constructor = InstallFunction(
           isolate_, intl, "v8BreakIterator", JS_V8_BREAK_ITERATOR_TYPE,
           JSV8BreakIterator::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kV8BreakIteratorConstructor);
-      v8_break_iterator_constructor->shared()->DontAdaptArguments();
+          Builtin::kV8BreakIteratorConstructor, 0, false);
 
       SimpleInstallFunction(
           isolate_, v8_break_iterator_constructor, "supportedLocalesOf",
@@ -3817,8 +3799,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> plural_rules_constructor = InstallFunction(
           isolate_, intl, "PluralRules", JS_PLURAL_RULES_TYPE,
           JSPluralRules::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kPluralRulesConstructor);
-      plural_rules_constructor->shared()->DontAdaptArguments();
+          Builtin::kPluralRulesConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(
           isolate_, plural_rules_constructor,
           Context::INTL_PLURAL_RULES_FUNCTION_INDEX);
@@ -3848,9 +3829,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> relative_time_format_fun = InstallFunction(
           isolate(), intl, "RelativeTimeFormat", JS_RELATIVE_TIME_FORMAT_TYPE,
           JSRelativeTimeFormat::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kRelativeTimeFormatConstructor);
-      relative_time_format_fun->shared()->set_length(0);
-      relative_time_format_fun->shared()->DontAdaptArguments();
+          Builtin::kRelativeTimeFormatConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(
           isolate_, relative_time_format_fun,
           Context::INTL_RELATIVE_TIME_FORMAT_FUNCTION_INDEX);
@@ -3881,9 +3860,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> list_format_fun = InstallFunction(
           isolate(), intl, "ListFormat", JS_LIST_FORMAT_TYPE,
           JSListFormat::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kListFormatConstructor);
-      list_format_fun->shared()->set_length(0);
-      list_format_fun->shared()->DontAdaptArguments();
+          Builtin::kListFormatConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(
           isolate_, list_format_fun, Context::INTL_LIST_FORMAT_FUNCTION_INDEX);
 
@@ -3909,11 +3886,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     {  // -- L o c a l e
       Handle<JSFunction> locale_fun = InstallFunction(
           isolate(), intl, "Locale", JS_LOCALE_TYPE, JSLocale::kHeaderSize, 0,
-          factory->the_hole_value(), Builtin::kLocaleConstructor);
+          factory->the_hole_value(), Builtin::kLocaleConstructor, 1, false);
       InstallWithIntrinsicDefaultProto(isolate(), locale_fun,
                                        Context::INTL_LOCALE_FUNCTION_INDEX);
-      locale_fun->shared()->set_length(1);
-      locale_fun->shared()->DontAdaptArguments();
 
       // Setup %LocalePrototype%.
       Handle<JSObject> prototype(
@@ -3978,9 +3953,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> display_names_fun = InstallFunction(
           isolate(), intl, "DisplayNames", JS_DISPLAY_NAMES_TYPE,
           JSDisplayNames::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kDisplayNamesConstructor);
-      display_names_fun->shared()->set_length(2);
-      display_names_fun->shared()->DontAdaptArguments();
+          Builtin::kDisplayNamesConstructor, 2, false);
       InstallWithIntrinsicDefaultProto(
           isolate(), display_names_fun,
           Context::INTL_DISPLAY_NAMES_FUNCTION_INDEX);
@@ -4008,9 +3981,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
       Handle<JSFunction> segmenter_fun = InstallFunction(
           isolate(), intl, "Segmenter", JS_SEGMENTER_TYPE,
           JSSegmenter::kHeaderSize, 0, factory->the_hole_value(),
-          Builtin::kSegmenterConstructor);
-      segmenter_fun->shared()->set_length(0);
-      segmenter_fun->shared()->DontAdaptArguments();
+          Builtin::kSegmenterConstructor, 0, false);
       InstallWithIntrinsicDefaultProto(isolate_, segmenter_fun,
                                        Context::INTL_SEGMENTER_FUNCTION_INDEX);
       SimpleInstallFunction(isolate(), segmenter_fun, "supportedLocalesOf",
@@ -4041,10 +4012,8 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
                 .ToHandleChecked();
         DirectHandle<JSFunction> segments_fun = CreateFunction(
             isolate(), name_string, JS_SEGMENTS_TYPE, JSSegments::kHeaderSize,
-            0, prototype, Builtin::kIllegal);
+            0, prototype, Builtin::kIllegal, 0, false);
         segments_fun->shared()->set_native(false);
-        segments_fun->shared()->set_length(0);
-        segments_fun->shared()->DontAdaptArguments();
         SimpleInstallFunction(isolate(), prototype, "containing",
                               Builtin::kSegmentsPrototypeContaining, 1, false);
         InstallFunctionAtSymbol(isolate_, prototype, factory->iterator_symbol(),
@@ -4074,9 +4043,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
         Handle<String> name_string =
             Name::ToFunctionName(isolate(), factory->SegmentIterator_string())
                 .ToHandleChecked();
-        DirectHandle<JSFunction> segment_iterator_fun = CreateFunction(
-            isolate(), name_string, JS_SEGMENT_ITERATOR_TYPE,
-            JSSegmentIterator::kHeaderSize, 0, prototype, Builtin::kIllegal);
+        DirectHandle<JSFunction> segment_iterator_fun =
+            CreateFunction(isolate(), name_string, JS_SEGMENT_ITERATOR_TYPE,
+                           JSSegmentIterator::kHeaderSize, 0, prototype,
+                           Builtin::kIllegal, 0, true);
         segment_iterator_fun->shared()->set_native(false);
         DirectHandle<Map> segment_iterator_map(
             segment_iterator_fun->initial_map(), isolate());
@@ -4238,12 +4208,12 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // -- T y p e d A r r a y
-    Handle<JSFunction> typed_array_fun = CreateFunction(
-        isolate_, factory->InternalizeUtf8String("TypedArray"),
-        JS_TYPED_ARRAY_TYPE, JSTypedArray::kHeaderSize, 0,
-        factory->the_hole_value(), Builtin::kTypedArrayBaseConstructor);
+    Handle<JSFunction> typed_array_fun =
+        CreateFunction(isolate_, factory->InternalizeUtf8String("TypedArray"),
+                       JS_TYPED_ARRAY_TYPE, JSTypedArray::kHeaderSize, 0,
+                       factory->the_hole_value(),
+                       Builtin::kTypedArrayBaseConstructor, 0, true);
     typed_array_fun->shared()->set_native(false);
-    typed_array_fun->shared()->set_length(0);
     InstallSpeciesGetter(isolate_, typed_array_fun);
     native_context()->set_typed_array_function(*typed_array_fun);
 
@@ -4277,7 +4247,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     InstallFunctionWithBuiltinId(isolate_, prototype, "keys",
                                  Builtin::kTypedArrayPrototypeKeys, 0, true);
 
-    Handle<JSFunction> values = InstallFunctionWithBuiltinId(
+    DirectHandle<JSFunction> values = InstallFunctionWithBuiltinId(
         isolate_, prototype, "values", Builtin::kTypedArrayPrototypeValues, 0,
         true);
     JSObject::AddProperty(isolate_, prototype, factory->iterator_symbol(),
@@ -4360,11 +4330,9 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     Handle<JSFunction> data_view_fun = InstallFunction(
         isolate_, global, "DataView", JS_DATA_VIEW_TYPE,
         JSDataView::kSizeWithEmbedderFields, 0, factory->the_hole_value(),
-        Builtin::kDataViewConstructor);
+        Builtin::kDataViewConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, data_view_fun,
                                      Context::DATA_VIEW_FUN_INDEX);
-    data_view_fun->shared()->set_length(1);
-    data_view_fun->shared()->DontAdaptArguments();
 
     // Setup %DataViewPrototype%.
     Handle<JSObject> prototype(
@@ -4435,14 +4403,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- M a p
     Handle<JSFunction> js_map_fun = InstallFunction(
         isolate_, global, "Map", JS_MAP_TYPE, JSMap::kHeaderSize, 0,
-        factory->the_hole_value(), Builtin::kMapConstructor);
+        factory->the_hole_value(), Builtin::kMapConstructor, 0, false);
     InstallWithIntrinsicDefaultProto(isolate_, js_map_fun,
                                      Context::JS_MAP_FUN_INDEX);
 
-    DirectHandle<SharedFunctionInfo> shared(js_map_fun->shared(), isolate_);
-    shared->DontAdaptArguments();
-    shared->set_length(0);
-
     SimpleInstallFunction(isolate_, js_map_fun, "groupBy", Builtin::kMapGroupBy,
                           2, true);
 
@@ -4473,7 +4437,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
 
     SimpleInstallFunction(isolate_, prototype, "clear",
                           Builtin::kMapPrototypeClear, 0, true);
-    Handle<JSFunction> entries = SimpleInstallFunction(
+    DirectHandle<JSFunction> entries = SimpleInstallFunction(
         isolate_, prototype, "entries", Builtin::kMapPrototypeEntries, 0, true);
     JSObject::AddProperty(isolate_, prototype, factory->iterator_symbol(),
                           entries, DONT_ENUM);
@@ -4497,12 +4461,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   }
 
   {  // -- B i g I n t
-    Handle<JSFunction> bigint_fun =
-        InstallFunction(isolate_, global, "BigInt", JS_PRIMITIVE_WRAPPER_TYPE,
-                        JSPrimitiveWrapper::kHeaderSize, 0,
-                        factory->the_hole_value(), Builtin::kBigIntConstructor);
-    bigint_fun->shared()->DontAdaptArguments();
-    bigint_fun->shared()->set_length(1);
+    Handle<JSFunction> bigint_fun = InstallFunction(
+        isolate_, global, "BigInt", JS_PRIMITIVE_WRAPPER_TYPE,
+        JSPrimitiveWrapper::kHeaderSize, 0, factory->the_hole_value(),
+        Builtin::kBigIntConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, bigint_fun,
                                      Context::BIGINT_FUNCTION_INDEX);
 
@@ -4537,14 +4499,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- S e t
     Handle<JSFunction> js_set_fun = InstallFunction(
         isolate_, global, "Set", JS_SET_TYPE, JSSet::kHeaderSize, 0,
-        factory->the_hole_value(), Builtin::kSetConstructor);
+        factory->the_hole_value(), Builtin::kSetConstructor, 0, false);
     InstallWithIntrinsicDefaultProto(isolate_, js_set_fun,
                                      Context::JS_SET_FUN_INDEX);
 
-    DirectHandle<SharedFunctionInfo> shared(js_set_fun->shared(), isolate_);
-    shared->DontAdaptArguments();
-    shared->set_length(0);
-
     // Setup %SetPrototype%.
     Handle<JSObject> prototype(Cast<JSObject>(js_set_fun->instance_prototype()),
                                isolate());
@@ -4575,7 +4533,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     SimpleInstallGetter(isolate_, prototype,
                         factory->InternalizeUtf8String("size"),
                         Builtin::kSetPrototypeGetSize, true);
-    Handle<JSFunction> values = SimpleInstallFunction(
+    DirectHandle<JSFunction> values = SimpleInstallFunction(
         isolate_, prototype, "values", Builtin::kSetPrototypeValues, 0, true);
     JSObject::AddProperty(isolate_, prototype, factory->keys_string(), values,
                           DONT_ENUM);
@@ -4625,14 +4583,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- W e a k M a p
     Handle<JSFunction> cons = InstallFunction(
         isolate_, global, "WeakMap", JS_WEAK_MAP_TYPE, JSWeakMap::kHeaderSize,
-        0, factory->the_hole_value(), Builtin::kWeakMapConstructor);
+        0, factory->the_hole_value(), Builtin::kWeakMapConstructor, 0, false);
     InstallWithIntrinsicDefaultProto(isolate_, cons,
                                      Context::JS_WEAK_MAP_FUN_INDEX);
 
-    DirectHandle<SharedFunctionInfo> shared(cons->shared(), isolate_);
-    shared->DontAdaptArguments();
-    shared->set_length(0);
-
     // Setup %WeakMapPrototype%.
     Handle<JSObject> prototype(Cast<JSObject>(cons->instance_prototype()),
                                isolate());
@@ -4664,14 +4618,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- W e a k S e t
     Handle<JSFunction> cons = InstallFunction(
         isolate_, global, "WeakSet", JS_WEAK_SET_TYPE, JSWeakSet::kHeaderSize,
-        0, factory->the_hole_value(), Builtin::kWeakSetConstructor);
+        0, factory->the_hole_value(), Builtin::kWeakSetConstructor, 0, false);
     InstallWithIntrinsicDefaultProto(isolate_, cons,
                                      Context::JS_WEAK_SET_FUN_INDEX);
 
-    DirectHandle<SharedFunctionInfo> shared(cons->shared(), isolate_);
-    shared->DontAdaptArguments();
-    shared->set_length(0);
-
     // Setup %WeakSetPrototype%.
     Handle<JSObject> prototype(Cast<JSObject>(cons->instance_prototype()),
                                isolate());
@@ -4704,15 +4654,12 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     proxy_function_map->set_is_constructor(true);
 
     Handle<String> name = factory->Proxy_string();
-    Handle<JSFunction> proxy_function = CreateFunctionForBuiltin(
-        isolate(), name, proxy_function_map, Builtin::kProxyConstructor);
+    Handle<JSFunction> proxy_function =
+        CreateFunctionForBuiltin(isolate(), name, proxy_function_map,
+                                 Builtin::kProxyConstructor, 2, true);
 
     isolate_->proxy_map()->SetConstructor(*proxy_function);
 
-    proxy_function->shared()->set_internal_formal_parameter_count(
-        JSParameterCount(2));
-    proxy_function->shared()->set_length(2);
-
     native_context()->set_proxy_function(*proxy_function);
     JSObject::AddProperty(isolate_, global, name, proxy_function, DONT_ENUM);
 
@@ -4805,14 +4752,12 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     Handle<JSFunction> finalization_registry_fun = InstallFunction(
         isolate_, global, factory->FinalizationRegistry_string(),
         JS_FINALIZATION_REGISTRY_TYPE, JSFinalizationRegistry::kHeaderSize, 0,
-        factory->the_hole_value(), Builtin::kFinalizationRegistryConstructor);
+        factory->the_hole_value(), Builtin::kFinalizationRegistryConstructor, 1,
+        false);
     InstallWithIntrinsicDefaultProto(
         isolate_, finalization_registry_fun,
         Context::JS_FINALIZATION_REGISTRY_FUNCTION_INDEX);
 
-    finalization_registry_fun->shared()->DontAdaptArguments();
-    finalization_registry_fun->shared()->set_length(1);
-
     Handle<JSObject> finalization_registry_prototype(
         Cast<JSObject>(finalization_registry_fun->instance_prototype()),
         isolate());
@@ -4840,13 +4785,10 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
   {  // -- W e a k R e f
     Handle<JSFunction> weak_ref_fun = InstallFunction(
         isolate_, global, "WeakRef", JS_WEAK_REF_TYPE, JSWeakRef::kHeaderSize,
-        0, factory->the_hole_value(), Builtin::kWeakRefConstructor);
+        0, factory->the_hole_value(), Builtin::kWeakRefConstructor, 1, false);
     InstallWithIntrinsicDefaultProto(isolate_, weak_ref_fun,
                                      Context::JS_WEAK_REF_FUNCTION_INDEX);
 
-    weak_ref_fun->shared()->DontAdaptArguments();
-    weak_ref_fun->shared()->set_length(1);
-
     Handle<JSObject> weak_ref_prototype(
         Cast<JSObject>(weak_ref_fun->instance_prototype()), isolate());
 
@@ -4861,7 +4803,7 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     DirectHandle<JSFunction> function = CreateFunctionForBuiltinWithPrototype(
         isolate(), arguments_string, Builtin::kIllegal,
         isolate()->initial_object_prototype(), JS_ARGUMENTS_OBJECT_TYPE,
-        JSSloppyArgumentsObject::kSize, 2, MUTABLE);
+        JSSloppyArgumentsObject::kSize, 2, MUTABLE, 0, true);
     DirectHandle<Map> map(function->initial_map(), isolate());
 
     // Create the descriptor array for the arguments object.
@@ -4954,7 +4896,8 @@ void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
     // Create a function for the context extension objects.
     DirectHandle<JSFunction> context_extension_fun = CreateFunction(
         isolate_, factory->empty_string(), JS_CONTEXT_EXTENSION_OBJECT_TYPE,
-        JSObject::kHeaderSize, 0, factory->the_hole_value(), Builtin::kIllegal);
+        JSObject::kHeaderSize, 0, factory->the_hole_value(), Builtin::kIllegal,
+        0, true);
     native_context()->set_context_extension_function(*context_extension_fun);
   }
 
@@ -4988,17 +4931,14 @@ Handle<JSFunction> Genesis::InstallTypedArray(const char* name,
   Handle<JSFunction> result = InstallFunction(
       isolate(), global, name, JS_TYPED_ARRAY_TYPE,
       JSTypedArray::kSizeWithEmbedderFields, 0, factory()->the_hole_value(),
-      Builtin::kTypedArrayConstructor);
+      Builtin::kTypedArrayConstructor, 3, false);
   result->initial_map()->set_elements_kind(elements_kind);
 
-  result->shared()->DontAdaptArguments();
-  result->shared()->set_length(3);
-
   CHECK(JSObject::SetPrototype(isolate(), result, typed_array_function, false,
                                kDontThrow)
             .FromJust());
 
-  Handle<Smi> bytes_per_element(
+  DirectHandle<Smi> bytes_per_element(
       Smi::FromInt(1 << ElementsKindToShiftSize(elements_kind)), isolate());
 
   InstallConstant(isolate(), result, "BYTES_PER_ELEMENT", bytes_per_element);
@@ -5134,11 +5074,9 @@ void Genesis::InitializeIteratorFunctions() {
     Handle<JSFunction> generator_function_function = CreateFunction(
         isolate, "GeneratorFunction", JS_FUNCTION_TYPE,
         JSFunction::kSizeWithPrototype, 0, generator_function_prototype,
-        Builtin::kGeneratorFunctionConstructor);
+        Builtin::kGeneratorFunctionConstructor, 1, false);
     generator_function_function->set_prototype_or_initial_map(
         native_context->generator_function_map(), kReleaseStore);
-    generator_function_function->shared()->DontAdaptArguments();
-    generator_function_function->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(
         isolate, generator_function_function,
         Context::GENERATOR_FUNCTION_FUNCTION_INDEX);
@@ -5165,11 +5103,9 @@ void Genesis::InitializeIteratorFunctions() {
     Handle<JSFunction> async_generator_function_function = CreateFunction(
         isolate, "AsyncGeneratorFunction", JS_FUNCTION_TYPE,
         JSFunction::kSizeWithPrototype, 0, async_generator_function_prototype,
-        Builtin::kAsyncGeneratorFunctionConstructor);
+        Builtin::kAsyncGeneratorFunctionConstructor, 1, false);
     async_generator_function_function->set_prototype_or_initial_map(
         native_context->async_generator_function_map(), kReleaseStore);
-    async_generator_function_function->shared()->DontAdaptArguments();
-    async_generator_function_function->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(
         isolate, async_generator_function_function,
         Context::ASYNC_GENERATOR_FUNCTION_FUNCTION_INDEX);
@@ -5207,7 +5143,7 @@ void Genesis::InitializeIteratorFunctions() {
     // Setup SetIterator constructor.
     DirectHandle<JSFunction> set_iterator_function = CreateFunction(
         isolate, "SetIterator", JS_SET_VALUE_ITERATOR_TYPE,
-        JSSetIterator::kHeaderSize, 0, prototype, Builtin::kIllegal);
+        JSSetIterator::kHeaderSize, 0, prototype, Builtin::kIllegal, 0, true);
     set_iterator_function->shared()->set_native(false);
 
     Handle<Map> set_value_iterator_map(set_iterator_function->initial_map(),
@@ -5240,7 +5176,7 @@ void Genesis::InitializeIteratorFunctions() {
     // Setup MapIterator constructor.
     DirectHandle<JSFunction> map_iterator_function = CreateFunction(
         isolate, "MapIterator", JS_MAP_KEY_ITERATOR_TYPE,
-        JSMapIterator::kHeaderSize, 0, prototype, Builtin::kIllegal);
+        JSMapIterator::kHeaderSize, 0, prototype, Builtin::kIllegal, 0, true);
     map_iterator_function->shared()->set_native(false);
 
     Handle<Map> map_key_iterator_map(map_iterator_function->initial_map(),
@@ -5268,11 +5204,9 @@ void Genesis::InitializeIteratorFunctions() {
     Handle<JSFunction> async_function_constructor = CreateFunction(
         isolate, "AsyncFunction", JS_FUNCTION_TYPE,
         JSFunction::kSizeWithPrototype, 0, async_function_prototype,
-        Builtin::kAsyncFunctionConstructor);
+        Builtin::kAsyncFunctionConstructor, 1, false);
     async_function_constructor->set_prototype_or_initial_map(
         native_context->async_function_map(), kReleaseStore);
-    async_function_constructor->shared()->DontAdaptArguments();
-    async_function_constructor->shared()->set_length(1);
     InstallWithIntrinsicDefaultProto(isolate, async_function_constructor,
                                      Context::ASYNC_FUNCTION_FUNCTION_INDEX);
 
@@ -5314,8 +5248,7 @@ void Genesis::InitializeCallSiteBuiltins() {
 
   DirectHandle<JSFunction> callsite_fun = CreateFunction(
       isolate(), "CallSite", JS_OBJECT_TYPE, JSObject::kHeaderSize, 0,
-      factory->the_hole_value(), Builtin::kUnsupportedThrower);
-  callsite_fun->shared()->DontAdaptArguments();
+      factory->the_hole_value(), Builtin::kUnsupportedThrower, 0, false);
   isolate()->native_context()->set_callsite_function(*callsite_fun);
 
   // Setup CallSite.prototype.
@@ -5462,9 +5395,7 @@ void Genesis::InitializeGlobal_harmony_iterator_helpers() {
       native_context()->initial_iterator_prototype(), isolate());
   Handle<JSFunction> iterator_function = InstallFunction(
       isolate(), global, "Iterator", JS_OBJECT_TYPE, JSObject::kHeaderSize, 0,
-      iterator_prototype, Builtin::kIteratorConstructor);
-  iterator_function->shared()->DontAdaptArguments();
-  iterator_function->shared()->set_length(0);
+      iterator_prototype, Builtin::kIteratorConstructor, 0, false);
   SimpleInstallFunction(isolate(), iterator_function, "from",
                         Builtin::kIteratorFrom, 1, true);
   InstallWithIntrinsicDefaultProto(isolate(), iterator_function,
@@ -5626,9 +5557,7 @@ void Genesis::InitializeGlobal_harmony_shadow_realm() {
   DirectHandle<JSFunction> shadow_realm_fun =
       InstallFunction(isolate_, global, "ShadowRealm", JS_SHADOW_REALM_TYPE,
                       JSShadowRealm::kHeaderSize, 0, factory->the_hole_value(),
-                      Builtin::kShadowRealmConstructor);
-  shadow_realm_fun->shared()->set_length(0);
-  shadow_realm_fun->shared()->DontAdaptArguments();
+                      Builtin::kShadowRealmConstructor, 0, false);
 
   // Setup %ShadowRealmPrototype%.
   Handle<JSObject> prototype(
@@ -5710,12 +5639,10 @@ void Genesis::InitializeGlobal_harmony_struct() {
     Handle<JSFunction> shared_struct_type_fun = CreateFunctionForBuiltin(
         isolate(), name,
         isolate()->strict_function_with_readonly_prototype_map(),
-        Builtin::kSharedStructTypeConstructor);
+        Builtin::kSharedStructTypeConstructor, 1, false);
     JSObject::MakePrototypesFast(shared_struct_type_fun, kStartAtReceiver,
                                  isolate());
     shared_struct_type_fun->shared()->set_native(true);
-    shared_struct_type_fun->shared()->DontAdaptArguments();
-    shared_struct_type_fun->shared()->set_length(1);
     JSObject::AddProperty(isolate(), global, "SharedStructType",
                           shared_struct_type_fun, DONT_ENUM);
 
@@ -5839,11 +5766,9 @@ void Genesis::InitializeGlobal_js_explicit_resource_management() {
   Handle<JSFunction> disposable_stack_function = InstallFunction(
       isolate(), global, "DisposableStack", JS_SYNC_DISPOSABLE_STACK_TYPE,
       JSSyncDisposableStack::kHeaderSize, 0, sync_disposable_stack_prototype,
-      Builtin::kDisposableStackConstructor);
+      Builtin::kDisposableStackConstructor, 0, false);
   InstallWithIntrinsicDefaultProto(isolate(), disposable_stack_function,
                                    Context::JS_DISPOSABLE_STACK_FUNCTION_INDEX);
-  disposable_stack_function->shared()->DontAdaptArguments();
-  disposable_stack_function->shared()->set_length(0);
   SimpleInstallFunction(isolate(), sync_disposable_stack_prototype, "use",
                         Builtin::kDisposableStackPrototypeUse, 1, true);
   SimpleInstallFunction(isolate(), sync_disposable_stack_prototype, "dispose",
@@ -5890,7 +5815,31 @@ void Genesis::InitializeGlobal_js_float16array() {
 }
 
 void Genesis::InitializeGlobal_js_source_phase_imports() {
-  // TODO(42204365): Initialize AbstractModuleSource.
+  if (!v8_flags.js_source_phase_imports) return;
+  Factory* factory = isolate()->factory();
+  // -- %AbstractModuleSource%
+  // #sec-%abstractmodulesource%
+  // https://tc39.es/proposal-source-phase-imports/#sec-%abstractmodulesource%
+  Handle<JSFunction> abstract_module_source_fun =
+      CreateFunction(isolate_, "AbstractModuleSource", JS_OBJECT_TYPE,
+                     JSObject::kHeaderSize, 0, factory->the_hole_value(),
+                     Builtin::kIllegalInvocationThrower, 0, false);
+  abstract_module_source_fun->shared()->set_length(0);
+  abstract_module_source_fun->shared()->DontAdaptArguments();
+
+  native_context()->set_abstract_module_source_function(
+      *abstract_module_source_fun);
+
+  // Setup %AbstractModuleSourcePrototype%.
+  Handle<JSObject> abstract_module_source_prototype(
+      Cast<JSObject>(abstract_module_source_fun->instance_prototype()),
+      isolate());
+  native_context()->set_abstract_module_source_prototype(
+      *abstract_module_source_prototype);
+
+  SimpleInstallGetter(isolate(), abstract_module_source_prototype,
+                      isolate()->factory()->to_string_tag_symbol(),
+                      Builtin::kAbstractModuleSourceToStringTag, true);
 }
 
 void Genesis::InitializeGlobal_regexp_linear_flag() {
@@ -5969,9 +5918,7 @@ void Genesis::InitializeGlobal_harmony_intl_duration_format() {
   Handle<JSFunction> duration_format_fun = InstallFunction(
       isolate(), intl, "DurationFormat", JS_DURATION_FORMAT_TYPE,
       JSDurationFormat::kHeaderSize, 0, factory()->the_hole_value(),
-      Builtin::kDurationFormatConstructor);
-  duration_format_fun->shared()->set_length(0);
-  duration_format_fun->shared()->DontAdaptArguments();
+      Builtin::kDurationFormatConstructor, 0, false);
   InstallWithIntrinsicDefaultProto(
       isolate(), duration_format_fun,
       Context::INTL_DURATION_FORMAT_FUNCTION_INDEX);
@@ -6008,9 +5955,7 @@ Handle<JSFunction> Genesis::CreateArrayBuffer(
   Handle<JSFunction> array_buffer_fun =
       CreateFunction(isolate(), name, JS_ARRAY_BUFFER_TYPE,
                      JSArrayBuffer::kSizeWithEmbedderFields, 0, prototype,
-                     Builtin::kArrayBufferConstructor);
-  array_buffer_fun->shared()->DontAdaptArguments();
-  array_buffer_fun->shared()->set_length(1);
+                     Builtin::kArrayBufferConstructor, 1, false);
 
   // Install the "constructor" property on the {prototype}.
   JSObject::AddProperty(isolate(), prototype, factory()->constructor_string(),
@@ -6553,8 +6498,8 @@ bool Genesis::InstallSpecialObjects(
   {
     Handle<JSObject> Error = isolate->error_function();
     Handle<String> name = isolate->factory()->stackTraceLimit_string();
-    Handle<Smi> stack_trace_limit(Smi::FromInt(v8_flags.stack_trace_limit),
-                                  isolate);
+    DirectHandle<Smi> stack_trace_limit(
+        Smi::FromInt(v8_flags.stack_trace_limit), isolate);
     JSObject::AddProperty(isolate, Error, name, stack_trace_limit, NONE);
   }
 
@@ -6782,7 +6727,7 @@ void Genesis::TransferNamedProperties(DirectHandle<JSObject> from,
           // If the property is already there we skip it.
           if (PropertyAlreadyExists(isolate(), to, key)) continue;
           FieldIndex index = FieldIndex::ForDetails(from->map(), details);
-          Handle<Object> value = JSObject::FastPropertyAt(
+          DirectHandle<Object> value = JSObject::FastPropertyAt(
               isolate(), from, details.representation(), index);
           JSObject::AddProperty(isolate(), to, key, value,
                                 details.attributes());
@@ -6848,8 +6793,7 @@ void Genesis::TransferNamedProperties(DirectHandle<JSObject> from,
       // If the property is already there we skip it.
       if (PropertyAlreadyExists(isolate(), to, key)) continue;
       // Set the property.
-      Handle<Object> value =
-          Handle<Object>(properties->ValueAt(entry), isolate());
+      DirectHandle<Object> value(properties->ValueAt(entry), isolate());
       DCHECK(!IsCell(*value));
       DCHECK(!IsTheHole(*value, isolate()));
       PropertyDetails details = properties->DetailsAt(entry);
@@ -6872,8 +6816,7 @@ void Genesis::TransferNamedProperties(DirectHandle<JSObject> from,
       // If the property is already there we skip it.
       if (PropertyAlreadyExists(isolate(), to, key)) continue;
       // Set the property.
-      Handle<Object> value =
-          Handle<Object>(properties->ValueAt(key_index), isolate());
+      DirectHandle<Object> value(properties->ValueAt(key_index), isolate());
       DCHECK(!IsCell(*value));
       DCHECK(!IsTheHole(*value, isolate()));
       PropertyDetails details = properties->DetailsAt(key_index);
diff --git a/deps/v8/src/init/heap-symbols.h b/deps/v8/src/init/heap-symbols.h
index 36fc5db6c9b3cc..d344dca4b2ed01 100644
--- a/deps/v8/src/init/heap-symbols.h
+++ b/deps/v8/src/init/heap-symbols.h
@@ -403,6 +403,7 @@
   V(_, roundingIncrement_string, "roundingIncrement")                         \
   V(_, RuntimeError_string, "RuntimeError")                                   \
   V(_, WebAssemblyException_string, "WebAssembly.Exception")                  \
+  V(_, WebAssemblyModule_string, "WebAssembly.Module")                        \
   V(_, Script_string, "Script")                                               \
   V(_, script_string, "script")                                               \
   V(_, second_string, "second")                                               \
@@ -487,8 +488,6 @@
   V(_, uninitialized_symbol)                          \
   V(_, megamorphic_symbol)                            \
   V(_, elements_transition_symbol)                    \
-  V(_, clone_object_ic_transition_symbol)             \
-  V(_, object_assign_clone_transition_symbol)         \
   V(_, mega_dom_symbol)
 
 #define NOT_IMPORTANT_PRIVATE_SYMBOL_LIST_GENERATOR(V, _) \
diff --git a/deps/v8/src/init/isolate-group.cc b/deps/v8/src/init/isolate-group.cc
index 3822c4b9940eec..31ebdf9892e19a 100644
--- a/deps/v8/src/init/isolate-group.cc
+++ b/deps/v8/src/init/isolate-group.cc
@@ -185,6 +185,8 @@ IsolateGroup* IsolateGroup::New() {
 #endif
 
   CHECK_NOT_NULL(group->page_allocator_);
+  ExternalReferenceTable::InitializeOncePerIsolateGroup(
+      group->external_ref_table());
   return group;
 }
 
diff --git a/deps/v8/src/init/isolate-group.h b/deps/v8/src/init/isolate-group.h
index c33d6948466f39..347b4f3df66913 100644
--- a/deps/v8/src/init/isolate-group.h
+++ b/deps/v8/src/init/isolate-group.h
@@ -7,8 +7,10 @@
 
 #include <memory>
 
+#include "include/v8-memory-span.h"
 #include "src/base/once.h"
 #include "src/base/page-allocator.h"
+#include "src/codegen/external-reference-table.h"
 #include "src/common/globals.h"
 #include "src/flags/flags.h"
 #include "src/utils/allocation.h"
@@ -115,6 +117,8 @@ class V8_EXPORT_PRIVATE IsolateGroup final {
   static IsolateGroup* current() { return GetProcessWideIsolateGroup(); }
 #endif  // !V8_COMPRESS_POINTERS_IN_MULTIPLE_CAGES
 
+  MemorySpan<Address> external_ref_table() { return external_ref_table_; }
+
  private:
   friend class base::LeakyObject<IsolateGroup>;
 #ifndef V8_COMPRESS_POINTERS_IN_MULTIPLE_CAGES
@@ -159,6 +163,8 @@ class V8_EXPORT_PRIVATE IsolateGroup final {
 
   base::OnceType init_code_range_ = V8_ONCE_INIT;
   std::unique_ptr<CodeRange> code_range_;
+  Address external_ref_table_[ExternalReferenceTable::kSizeIsolateIndependent] =
+      {0};
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/init/v8.cc b/deps/v8/src/init/v8.cc
index 1aa86190625df2..97d449fb078bdb 100644
--- a/deps/v8/src/init/v8.cc
+++ b/deps/v8/src/init/v8.cc
@@ -201,7 +201,7 @@ void V8::Initialize() {
   CHECK_EQ(kSandboxSize, GetProcessWideSandbox()->size());
 
   GetProcessWideCodePointerTable()->Initialize();
-  GetProcessWideJSDispatchTable()->Initialize();
+  JSDispatchTable::Initialize();
 
   // Enable sandbox testing mode if requested.
   //
@@ -242,7 +242,10 @@ void V8::Initialize() {
   wasm::WasmEngine::InitializeOncePerProcess();
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-  ExternalReferenceTable::InitializeOncePerProcess();
+#ifndef V8_COMPRESS_POINTERS_IN_MULTIPLE_CAGES
+  ExternalReferenceTable::InitializeOncePerIsolateGroup(
+      IsolateGroup::current()->external_ref_table());
+#endif  // V8_COMPRESS_POINTERS_IN_MULTIPLE_CAGES
 
   AdvanceStartupState(V8StartupState::kV8Initialized);
 }
diff --git a/deps/v8/src/inspector/DEPS b/deps/v8/src/inspector/DEPS
index b7f9e9b73760a3..0694306ccf2e41 100644
--- a/deps/v8/src/inspector/DEPS
+++ b/deps/v8/src/inspector/DEPS
@@ -7,7 +7,6 @@ include_rules = [
   "+src/base/lazy-instance.h",
   "+src/base/macros.h",
   "+src/base/memory.h",
-  "+src/base/optional.h",
   "+src/base/platform/mutex.h",
   "+src/base/platform/platform.h",
   "+src/base/platform/time.h",
diff --git a/deps/v8/src/inspector/custom-preview.cc b/deps/v8/src/inspector/custom-preview.cc
index bcde7553e7483e..d113e10385dcc3 100644
--- a/deps/v8/src/inspector/custom-preview.cc
+++ b/deps/v8/src/inspector/custom-preview.cc
@@ -31,7 +31,8 @@ void reportError(v8::Local<v8::Context> context, const v8::TryCatch& tryCatch) {
       static_cast<V8InspectorImpl*>(v8::debug::GetInspector(isolate));
   int contextId = InspectedContext::contextId(context);
   int groupId = inspector->contextGroupId(contextId);
-  v8::Local<v8::String> message = tryCatch.Message()->Get();
+  v8::Local<v8::String> message = toV8String(isolate, "<no message available>");
+  if (!tryCatch.Message().IsEmpty()) message = tryCatch.Message()->Get();
   v8::Local<v8::String> prefix =
       toV8String(isolate, "Custom Formatter Failed: ");
   message = v8::String::Concat(isolate, prefix, message);
diff --git a/deps/v8/src/inspector/value-mirror.cc b/deps/v8/src/inspector/value-mirror.cc
index 5cecb472bf3067..b02dc2370d96cf 100644
--- a/deps/v8/src/inspector/value-mirror.cc
+++ b/deps/v8/src/inspector/value-mirror.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <cmath>
+#include <optional>
 
 #include "include/v8-container.h"
 #include "include/v8-date.h"
@@ -16,7 +17,6 @@
 #include "include/v8-regexp.h"
 #include "include/v8-typed-array.h"
 #include "include/v8-wasm.h"
-#include "src/base/optional.h"
 #include "src/debug/debug-interface.h"
 #include "src/inspector/v8-debugger.h"
 #include "src/inspector/v8-deep-serializer.h"
diff --git a/deps/v8/src/interpreter/bytecode-array-builder.cc b/deps/v8/src/interpreter/bytecode-array-builder.cc
index 8ca77fa498ded4..9dac323f02f036 100644
--- a/deps/v8/src/interpreter/bytecode-array-builder.cc
+++ b/deps/v8/src/interpreter/bytecode-array-builder.cc
@@ -4,6 +4,8 @@
 
 #include "src/interpreter/bytecode-array-builder.h"
 
+#include <optional>
+
 #include "src/ast/scopes.h"
 #include "src/ast/variables.h"
 #include "src/common/assert-scope.h"
@@ -201,7 +203,7 @@ void BytecodeArrayBuilder::OutputLdarRaw(Register reg) {
 
 void BytecodeArrayBuilder::OutputStarRaw(Register reg) {
   uint32_t operand = static_cast<uint32_t>(reg.ToOperand());
-  base::Optional<Bytecode> short_code = reg.TryToShortStar();
+  std::optional<Bytecode> short_code = reg.TryToShortStar();
   BytecodeNode node = short_code
                           ? BytecodeNode(*short_code)
                           : BytecodeNode::Star(BytecodeSourceInfo(), operand);
diff --git a/deps/v8/src/interpreter/bytecode-array-builder.h b/deps/v8/src/interpreter/bytecode-array-builder.h
index 954a4388d42566..c8e23fdb163798 100644
--- a/deps/v8/src/interpreter/bytecode-array-builder.h
+++ b/deps/v8/src/interpreter/bytecode-array-builder.h
@@ -5,6 +5,8 @@
 #ifndef V8_INTERPRETER_BYTECODE_ARRAY_BUILDER_H_
 #define V8_INTERPRETER_BYTECODE_ARRAY_BUILDER_H_
 
+#include <optional>
+
 #include "src/ast/ast.h"
 #include "src/base/export-template.h"
 #include "src/common/globals.h"
@@ -528,10 +530,10 @@ class V8_EXPORT_PRIVATE BytecodeArrayBuilder final {
     SetStatementPosition(stmt->position());
   }
 
-  base::Optional<BytecodeSourceInfo> MaybePopSourcePosition(int scope_start) {
+  std::optional<BytecodeSourceInfo> MaybePopSourcePosition(int scope_start) {
     if (!latest_source_info_.is_valid() ||
         latest_source_info_.source_position() < scope_start) {
-      return base::nullopt;
+      return std::nullopt;
     }
     BytecodeSourceInfo source_info = latest_source_info_;
     latest_source_info_.set_invalid();
diff --git a/deps/v8/src/interpreter/bytecode-generator.cc b/deps/v8/src/interpreter/bytecode-generator.cc
index 05d48601ec63c7..75d2ed8e106b92 100644
--- a/deps/v8/src/interpreter/bytecode-generator.cc
+++ b/deps/v8/src/interpreter/bytecode-generator.cc
@@ -5,6 +5,7 @@
 #include "src/interpreter/bytecode-generator.h"
 
 #include <map>
+#include <optional>
 #include <unordered_map>
 #include <unordered_set>
 
@@ -975,8 +976,8 @@ class V8_NODISCARD BytecodeGenerator::MultipleEntryBlockContextScope {
     DCHECK(inner_context_.is_valid());
     DCHECK(outer_context_.is_valid());
     DCHECK(is_in_scope_);
-    context_scope_ = base::nullopt;
-    current_scope_ = base::nullopt;
+    context_scope_ = std::nullopt;
+    current_scope_ = std::nullopt;
     is_in_scope_ = false;
   }
 
@@ -985,8 +986,8 @@ class V8_NODISCARD BytecodeGenerator::MultipleEntryBlockContextScope {
   Register inner_context_;
   Register outer_context_;
   bool is_in_scope_;
-  base::Optional<CurrentScope> current_scope_;
-  base::Optional<ContextScope> context_scope_;
+  std::optional<CurrentScope> current_scope_;
+  std::optional<ContextScope> context_scope_;
 };
 
 class BytecodeGenerator::FeedbackSlotCache : public ZoneObject {
@@ -1641,94 +1642,22 @@ void BytecodeGenerator::GenerateBytecode(uintptr_t stack_limit) {
 }
 
 void BytecodeGenerator::GenerateBytecodeBody() {
-  FunctionLiteral* literal = info()->literal();
-
-  if (literal->kind() == FunctionKind::kDerivedConstructor) {
-    // Per spec, derived constructors can only return undefined or an object;
-    // other primitives trigger an exception in ConstructStub.
-    //
-    // Since the receiver is popped by the callee, derived constructors return
-    // <this> if the original return value was undefined.
-    //
-    // Also per spec, this return value check is done after all user code (e.g.,
-    // finally blocks) are executed. For example, the following code does not
-    // throw.
-    //
-    //   class C extends class {} {
-    //     constructor() {
-    //       try { throw 42; }
-    //       catch(e) { return; }
-    //       finally { super(); }
-    //     }
-    //   }
-    //   new C();
-    //
-    // This check is implemented by jumping to the check instead of emitting a
-    // return bytecode in-place inside derived constructors.
-    //
-    // Note that default derived constructors do not need this check as they
-    // just forward a super call.
-
-    BytecodeLabels check_return_value(zone());
-    Register result = register_allocator()->NewRegister();
-    ControlScopeForDerivedConstructor control(this, result,
-                                              &check_return_value);
+  GenerateBodyPrologue();
 
-    {
-      HoleCheckElisionScope elider(this);
-      GenerateBytecodeBodyWithoutImplicitFinalReturn();
-    }
-
-    if (check_return_value.empty()) {
-      if (!builder()->RemainderOfBlockIsDead()) {
-        BuildThisVariableLoad();
-        BuildReturn(literal->return_position());
-      }
-    } else {
-      BytecodeLabels return_this(zone());
-
-      if (!builder()->RemainderOfBlockIsDead()) {
-        builder()->Jump(return_this.New());
-      }
-
-      check_return_value.Bind(builder());
-      builder()->LoadAccumulatorWithRegister(result);
-      builder()->JumpIfUndefined(return_this.New());
-      BuildReturn(literal->return_position());
-
-      {
-        return_this.Bind(builder());
-        BuildThisVariableLoad();
-        BuildReturn(literal->return_position());
-      }
-    }
-  } else {
-    GenerateBytecodeBodyWithoutImplicitFinalReturn();
-
-    // Emit an implicit return instruction in case control flow can fall off the
-    // end of the function without an explicit return being present on all
-    // paths.
-    if (!builder()->RemainderOfBlockIsDead()) {
-      builder()->LoadUndefined();
-      BuildReturn(literal->return_position());
-    }
-  }
-}
-
-void BytecodeGenerator::GenerateBytecodeBodyWithoutImplicitFinalReturn() {
-  if (v8_flags.js_explicit_resource_management && closure_scope() != nullptr &&
-      (closure_scope()->has_using_declaration() ||
-       closure_scope()->has_await_using_declaration())) {
-    BuildDisposeScope(
-        [&]() { GenerateBytecodeBodyWithoutImplicitFinalReturnOrDispose(); },
-        closure_scope()->has_await_using_declaration());
+  if (IsBaseConstructor(function_kind())) {
+    GenerateBaseConstructorBody();
+  } else if (function_kind() == FunctionKind::kDerivedConstructor) {
+    GenerateDerivedConstructorBody();
+  } else if ((IsAsyncFunction(function_kind()) &&
+              !IsAsyncGeneratorFunction(function_kind())) ||
+             IsModuleWithTopLevelAwait(function_kind())) {
+    GenerateAsyncFunctionBody();
   } else {
-    GenerateBytecodeBodyWithoutImplicitFinalReturnOrDispose();
+    GenerateBodyStatements();
   }
 }
 
-void BytecodeGenerator::
-    GenerateBytecodeBodyWithoutImplicitFinalReturnOrDispose() {
+void BytecodeGenerator::GenerateBodyPrologue() {
   // Build the arguments object if it is used.
   VisitArgumentsObject(closure_scope()->arguments());
 
@@ -1768,23 +1697,165 @@ void BytecodeGenerator::
 
   // Emit initializing assignments for module namespace imports (if any).
   VisitModuleNamespaceImports();
+}
+
+void BytecodeGenerator::GenerateBaseConstructorBody() {
+  DCHECK(IsBaseConstructor(function_kind()));
+
+  FunctionLiteral* literal = info()->literal();
 
   // The derived constructor case is handled in VisitCallSuper.
-  if (IsBaseConstructor(function_kind())) {
-    if (literal->class_scope_has_private_brand()) {
-      ClassScope* scope = info()->scope()->outer_scope()->AsClassScope();
-      DCHECK_NOT_NULL(scope->brand());
-      BuildPrivateBrandInitialization(builder()->Receiver(), scope->brand());
+  if (literal->class_scope_has_private_brand()) {
+    ClassScope* scope = info()->scope()->outer_scope()->AsClassScope();
+    DCHECK_NOT_NULL(scope->brand());
+    BuildPrivateBrandInitialization(builder()->Receiver(), scope->brand());
+  }
+
+  if (literal->requires_instance_members_initializer()) {
+    BuildInstanceMemberInitialization(Register::function_closure(),
+                                      builder()->Receiver());
+  }
+
+  GenerateBodyStatements();
+}
+
+void BytecodeGenerator::GenerateDerivedConstructorBody() {
+  DCHECK_EQ(FunctionKind::kDerivedConstructor, function_kind());
+
+  FunctionLiteral* literal = info()->literal();
+
+  // Per spec, derived constructors can only return undefined or an object;
+  // other primitives trigger an exception in ConstructStub.
+  //
+  // Since the receiver is popped by the callee, derived constructors return
+  // <this> if the original return value was undefined.
+  //
+  // Also per spec, this return value check is done after all user code (e.g.,
+  // finally blocks) are executed. For example, the following code does not
+  // throw.
+  //
+  //   class C extends class {} {
+  //     constructor() {
+  //       try { throw 42; }
+  //       catch(e) { return; }
+  //       finally { super(); }
+  //     }
+  //   }
+  //   new C();
+  //
+  // This check is implemented by jumping to the check instead of emitting a
+  // return bytecode in-place inside derived constructors.
+  //
+  // Note that default derived constructors do not need this check as they
+  // just forward a super call.
+
+  BytecodeLabels check_return_value(zone());
+  Register result = register_allocator()->NewRegister();
+  ControlScopeForDerivedConstructor control(this, result, &check_return_value);
+
+  {
+    HoleCheckElisionScope elider(this);
+    GenerateBodyStatementsWithoutImplicitFinalReturn();
+  }
+
+  if (check_return_value.empty()) {
+    if (!builder()->RemainderOfBlockIsDead()) {
+      BuildThisVariableLoad();
+      BuildReturn(literal->return_position());
+    }
+  } else {
+    BytecodeLabels return_this(zone());
+
+    if (!builder()->RemainderOfBlockIsDead()) {
+      builder()->Jump(return_this.New());
     }
 
-    if (literal->requires_instance_members_initializer()) {
-      BuildInstanceMemberInitialization(Register::function_closure(),
-                                        builder()->Receiver());
+    check_return_value.Bind(builder());
+    builder()->LoadAccumulatorWithRegister(result);
+    builder()->JumpIfUndefined(return_this.New());
+    BuildReturn(literal->return_position());
+
+    {
+      return_this.Bind(builder());
+      BuildThisVariableLoad();
+      BuildReturn(literal->return_position());
     }
   }
+}
+
+void BytecodeGenerator::GenerateAsyncFunctionBody() {
+  DCHECK((IsAsyncFunction(function_kind()) &&
+          !IsAsyncGeneratorFunction(function_kind())) ||
+         IsModuleWithTopLevelAwait(function_kind()));
 
-  // Visit statements in the function body.
-  VisitStatements(literal->body());
+  // Async functions always return promises. Return values fulfill that promise,
+  // while synchronously thrown exceptions reject that promise. This is handled
+  // by surrounding the body statements in a try-catch block as follows:
+  //
+  // try {
+  //   <inner_block>
+  // } catch (.catch) {
+  //   return %_AsyncFunctionReject(.generator_object, .catch);
+  // }
+
+  FunctionLiteral* literal = info()->literal();
+
+  HandlerTable::CatchPrediction outer_catch_prediction = catch_prediction();
+  // When compiling a REPL script, use UNCAUGHT_ASYNC_AWAIT to preserve the
+  // exception so DevTools can inspect it.
+  set_catch_prediction(literal->scope()->is_repl_mode_scope()
+                           ? HandlerTable::UNCAUGHT_ASYNC_AWAIT
+                           : HandlerTable::ASYNC_AWAIT);
+
+  BuildTryCatch(
+      [&]() {
+        GenerateBodyStatements();
+        set_catch_prediction(outer_catch_prediction);
+      },
+      [&](Register context) {
+        RegisterList args = register_allocator()->NewRegisterList(2);
+        builder()
+            ->MoveRegister(generator_object(), args[0])
+            .StoreAccumulatorInRegister(args[1])  // exception
+            .CallRuntime(Runtime::kInlineAsyncFunctionReject, args);
+        // TODO(358404372): Should this return have a statement position?
+        // Without one it is not possible to apply a debugger breakpoint.
+        BuildReturn(kNoSourcePosition);
+      },
+      catch_prediction());
+}
+
+void BytecodeGenerator::GenerateBodyStatements() {
+  GenerateBodyStatementsWithoutImplicitFinalReturn();
+
+  // Emit an implicit return instruction in case control flow can fall off the
+  // end of the function without an explicit return being present on all
+  // paths.
+  if (!builder()->RemainderOfBlockIsDead()) {
+    builder()->LoadUndefined();
+    const int pos = info()->literal()->return_position();
+    // TODO(358404372): Handle AsyncGeneratorFunction as well once its AST
+    // rewrite is removed from the parser.
+    if ((IsAsyncFunction(function_kind()) &&
+         !IsAsyncGeneratorFunction(function_kind())) ||
+        IsModuleWithTopLevelAwait(function_kind())) {
+      BuildAsyncReturn(pos);
+    } else {
+      BuildReturn(pos);
+    }
+  }
+}
+
+void BytecodeGenerator::GenerateBodyStatementsWithoutImplicitFinalReturn() {
+  ZonePtrList<Statement>* body = info()->literal()->body();
+  if (v8_flags.js_explicit_resource_management && closure_scope() != nullptr &&
+      (closure_scope()->has_using_declaration() ||
+       closure_scope()->has_await_using_declaration())) {
+    BuildDisposeScope([&]() { VisitStatements(body); },
+                      closure_scope()->has_await_using_declaration());
+  } else {
+    VisitStatements(body);
+  }
 }
 
 void BytecodeGenerator::AllocateTopLevelRegisters() {
@@ -2429,7 +2500,7 @@ void BytecodeGenerator::VisitSwitchStatement(SwitchStatement* stmt) {
     {
       // The comparisons linearly dominate, so no need to open a new elision
       // scope for each one.
-      base::Optional<HoleCheckElisionScope> elider;
+      std::optional<HoleCheckElisionScope> elider;
       bool first_jump_emitted = false;
       for (int i = 0; i < clauses->length(); ++i) {
         CaseClause* clause = clauses->at(i);
@@ -2637,18 +2708,40 @@ void BytecodeGenerator::BuildDisposeScope(WrappedFunc wrapped_func,
       // Finally block
       [&](Register body_continuation_token, Register body_continuation_result) {
         RegisterList args = register_allocator()->NewRegisterList(4);
-        builder()
-            ->MoveRegister(current_disposables_stack_, args[0])
-            .MoveRegister(body_continuation_token, args[1])
-            .MoveRegister(body_continuation_result, args[2])
-            .LoadLiteral(Smi::FromEnum(
-                has_await_using ? DisposableStackResourcesType::kAtLeastOneAsync
-                                : DisposableStackResourcesType::kAllSync))
-            .StoreAccumulatorInRegister(args[3]);
-        builder()->CallRuntime(Runtime::kDisposeDisposableStack, args);
+        Register result_register = register_allocator()->NewRegister();
 
         if (has_await_using) {
+          LoopBuilder loop_builder(builder(), nullptr, nullptr,
+                                   feedback_spec());
+          LoopScope loop_scope(this, &loop_builder);
+
+          builder()
+              ->MoveRegister(current_disposables_stack_, args[0])
+              .MoveRegister(body_continuation_token, args[1])
+              .MoveRegister(body_continuation_result, args[2])
+              .LoadLiteral(
+                  Smi::FromEnum(DisposableStackResourcesType::kAtLeastOneAsync))
+              .StoreAccumulatorInRegister(args[3]);
+          builder()->CallRuntime(Runtime::kDisposeDisposableStack, args);
+
+          builder()
+              ->StoreAccumulatorInRegister(result_register)
+              .LoadUndefined()
+              .CompareReference(result_register);
+
+          loop_builder.BreakIfTrue(ToBooleanMode::kConvertToBoolean);
+
           BuildAwait();
+          loop_builder.BindContinueTarget();
+        } else {
+          builder()
+              ->MoveRegister(current_disposables_stack_, args[0])
+              .MoveRegister(body_continuation_token, args[1])
+              .MoveRegister(body_continuation_result, args[2])
+              .LoadLiteral(
+                  Smi::FromEnum(DisposableStackResourcesType::kAllSync))
+              .StoreAccumulatorInRegister(args[3]);
+          builder()->CallRuntime(Runtime::kDisposeDisposableStack, args);
         }
       },
       catch_prediction());
@@ -3094,6 +3187,41 @@ void BytecodeGenerator::BuildClassLiteral(ClassLiteral* expr, Register name) {
         private_accessors.LookupOrInsert(key)->setter = property;
         break;
       }
+      case ClassLiteral::Property::AUTO_ACCESSOR: {
+        Literal* key = property->key()->AsLiteral();
+        RegisterAllocationScope private_name_register_scope(this);
+        Register accessor_storage_private_name =
+            register_allocator()->NewRegister();
+        Variable* accessor_storage_private_name_var =
+            property->auto_accessor_info()
+                ->accessor_storage_name_proxy()
+                ->var();
+        // We reuse the already internalized
+        // ".accessor-storage-<accessor_number>" strings that were defined in
+        // the parser instead of the "<name>accessor storage" string from the
+        // spec. The downsides are that is that these are the property names
+        // that will show up in devtools and in error messages.
+        // Additionally, a property can share a name with the corresponding
+        // property of their parent class, i.e. for classes defined as
+        // "class C {accessor x}" and "class D extends C {accessor y}",
+        // if "d = new D()", then d.x and d.y will share the name
+        // ".accessor-storage-0", (but a different private symbol).
+        // TODO(42202709): Get to a resolution on how to handle this naming
+        // issue before shipping the feature.
+        builder()
+            ->LoadLiteral(accessor_storage_private_name_var->raw_name())
+            .StoreAccumulatorInRegister(accessor_storage_private_name)
+            .CallRuntime(Runtime::kCreatePrivateNameSymbol,
+                         accessor_storage_private_name);
+        BuildVariableAssignment(accessor_storage_private_name_var, Token::kInit,
+                                HoleCheckMode::kElided);
+        auto* accessor_pair = private_accessors.LookupOrInsert(key);
+        DCHECK_NULL(accessor_pair->getter);
+        accessor_pair->getter = property;
+        DCHECK_NULL(accessor_pair->setter);
+        accessor_pair->setter = property;
+        break;
+      }
       default:
         UNREACHABLE();
     }
@@ -3204,13 +3332,26 @@ void BytecodeGenerator::BuildClassLiteral(ClassLiteral* expr, Register name) {
     RegisterList accessors_reg = register_allocator()->NewRegisterList(2);
     ClassLiteral::Property* getter = accessors.second->getter;
     ClassLiteral::Property* setter = accessors.second->setter;
-    VisitLiteralAccessor(getter, accessors_reg[0]);
-    VisitLiteralAccessor(setter, accessors_reg[1]);
+    Variable* accessor_pair_var;
+    if (getter && getter->kind() == ClassLiteral::Property::AUTO_ACCESSOR) {
+      DCHECK_EQ(setter, getter);
+      AutoAccessorInfo* auto_accessor_info = getter->auto_accessor_info();
+      VisitForRegisterValue(auto_accessor_info->generated_getter(),
+                            accessors_reg[0]);
+      VisitForRegisterValue(auto_accessor_info->generated_setter(),
+                            accessors_reg[1]);
+      accessor_pair_var =
+          auto_accessor_info->property_private_name_proxy()->var();
+    } else {
+      VisitLiteralAccessor(getter, accessors_reg[0]);
+      VisitLiteralAccessor(setter, accessors_reg[1]);
+      accessor_pair_var = getter != nullptr ? getter->private_name_var()
+                                            : setter->private_name_var();
+    }
     builder()->CallRuntime(Runtime::kCreatePrivateAccessors, accessors_reg);
-    Variable* var = getter != nullptr ? getter->private_name_var()
-                                      : setter->private_name_var();
-    DCHECK_NOT_NULL(var);
-    BuildVariableAssignment(var, Token::kInit, HoleCheckMode::kElided);
+    DCHECK_NOT_NULL(accessor_pair_var);
+    BuildVariableAssignment(accessor_pair_var, Token::kInit,
+                            HoleCheckMode::kElided);
   }
 
   if (expr->instance_members_initializer_function() != nullptr) {
@@ -3269,7 +3410,7 @@ void BytecodeGenerator::VisitClassLiteral(ClassLiteral* expr, Register name) {
     //
     //  * `new class x {};` will break on `new` which is outside the
     //    class scope, so we expect the BlockContext to not be pushed yet.
-    base::Optional<BytecodeSourceInfo> source_info =
+    std::optional<BytecodeSourceInfo> source_info =
         builder()->MaybePopSourcePosition(expr->scope()->start_position());
     BuildNewLocalBlockContext(expr->scope());
     ContextScope scope(this, expr->scope());
@@ -3286,16 +3427,23 @@ void BytecodeGenerator::BuildClassProperty(ClassLiteral::Property* property) {
 
   // Private methods are not initialized in BuildClassProperty.
   DCHECK_IMPLIES(property->is_private(),
-                 property->kind() == ClassLiteral::Property::FIELD);
+                 property->kind() == ClassLiteral::Property::FIELD ||
+                     property->kind() == ClassLiteral::Property::AUTO_ACCESSOR);
   builder()->SetExpressionPosition(property->key());
 
-  bool is_literal_store = property->key()->IsPropertyName() &&
-                          !property->is_computed_name() &&
-                          !property->is_private();
+  bool is_literal_store =
+      property->key()->IsPropertyName() && !property->is_computed_name() &&
+      !property->is_private() && !property->is_auto_accessor();
 
   if (!is_literal_store) {
     key = register_allocator()->NewRegister();
-    if (property->is_computed_name()) {
+    if (property->kind() == ClassLiteral::Property::AUTO_ACCESSOR) {
+      Variable* var =
+          property->auto_accessor_info()->accessor_storage_name_proxy()->var();
+      DCHECK_NOT_NULL(var);
+      BuildVariableLoad(var, HoleCheckMode::kElided);
+      builder()->StoreAccumulatorInRegister(key);
+    } else if (property->is_computed_name()) {
       DCHECK_EQ(property->kind(), ClassLiteral::Property::FIELD);
       DCHECK(!property->is_private());
       Variable* var = property->computed_name_var();
@@ -3368,6 +3516,29 @@ void BytecodeGenerator::VisitInitializeClassStaticElementsStatement(
   }
 }
 
+void BytecodeGenerator::VisitAutoAccessorGetterBody(
+    AutoAccessorGetterBody* stmt) {
+  BuildVariableLoad(stmt->name_proxy()->var(), HoleCheckMode::kElided);
+  builder()->LoadKeyedProperty(
+      builder()->Receiver(),
+      feedback_index(feedback_spec()->AddKeyedLoadICSlot()));
+  BuildReturn(stmt->position());
+}
+
+void BytecodeGenerator::VisitAutoAccessorSetterBody(
+    AutoAccessorSetterBody* stmt) {
+  Register key = register_allocator()->NewRegister();
+  Register value = builder()->Parameter(0);
+  FeedbackSlot slot = feedback_spec()->AddKeyedStoreICSlot(language_mode());
+  BuildVariableLoad(stmt->name_proxy()->var(), HoleCheckMode::kElided);
+
+  builder()
+      ->StoreAccumulatorInRegister(key)
+      .LoadAccumulatorWithRegister(value)
+      .SetKeyedProperty(builder()->Receiver(), key, feedback_index(slot),
+                        language_mode());
+}
+
 void BytecodeGenerator::BuildInvalidPropertyAccess(MessageTemplate tmpl,
                                                    Property* property) {
   RegisterAllocationScope register_scope(this);
@@ -3437,7 +3608,10 @@ void BytecodeGenerator::BuildInstanceMemberInitialization(Register constructor,
 void BytecodeGenerator::VisitNativeFunctionLiteral(
     NativeFunctionLiteral* expr) {
   size_t entry = builder()->AllocateDeferredConstantPoolEntry();
-  int index = feedback_spec()->AddCreateClosureSlot();
+  // Native functions don't use argument adaption and so have the special
+  // kDontAdaptArgumentsSentinel as their parameter count.
+  int index = feedback_spec()->AddCreateClosureParameterCount(
+      kDontAdaptArgumentsSentinel);
   uint8_t flags = CreateClosureFlags::Encode(false, false, false);
   builder()->CreateClosure(entry, index, flags);
   native_function_literals_.push_back(std::make_pair(expr, entry));
@@ -6291,7 +6465,7 @@ void BytecodeGenerator::VisitCall(Call* expr) {
         .MoveRegister(Register::function_closure(), runtime_call_args[2])
         .LoadLiteral(Smi::FromEnum(language_mode()))
         .StoreAccumulatorInRegister(runtime_call_args[3])
-        .LoadLiteral(Smi::FromInt(current_scope()->start_position()))
+        .LoadLiteral(Smi::FromInt(expr->eval_scope_info_index()))
         .StoreAccumulatorInRegister(runtime_call_args[4])
         .LoadLiteral(Smi::FromInt(expr->position()))
         .StoreAccumulatorInRegister(runtime_call_args[5]);
@@ -8294,7 +8468,8 @@ int BytecodeGenerator::GetCachedCreateClosureSlot(FunctionLiteral* literal) {
   if (index != -1) {
     return index;
   }
-  index = feedback_spec()->AddCreateClosureSlot();
+  index = feedback_spec()->AddCreateClosureParameterCount(
+      JSParameterCount(literal->parameter_count()));
   feedback_slot_cache()->Put(slot_kind, literal, index);
   return index;
 }
diff --git a/deps/v8/src/interpreter/bytecode-generator.h b/deps/v8/src/interpreter/bytecode-generator.h
index 0914dd2eb15ae0..66c86a2b5ca0f0 100644
--- a/deps/v8/src/interpreter/bytecode-generator.h
+++ b/deps/v8/src/interpreter/bytecode-generator.h
@@ -198,8 +198,14 @@ class BytecodeGenerator final : public AstVisitor<BytecodeGenerator> {
   };
 
   void GenerateBytecodeBody();
-  void GenerateBytecodeBodyWithoutImplicitFinalReturn();
-  void GenerateBytecodeBodyWithoutImplicitFinalReturnOrDispose();
+
+  void GenerateBaseConstructorBody();
+  void GenerateDerivedConstructorBody();
+  void GenerateAsyncFunctionBody();
+
+  void GenerateBodyPrologue();
+  void GenerateBodyStatements();
+  void GenerateBodyStatementsWithoutImplicitFinalReturn();
 
   template <typename IsolateT>
   void AllocateDeferredConstants(IsolateT* isolate, Handle<Script> script);
diff --git a/deps/v8/src/interpreter/bytecode-register.h b/deps/v8/src/interpreter/bytecode-register.h
index 69ce56a36744ad..88d386254e024a 100644
--- a/deps/v8/src/interpreter/bytecode-register.h
+++ b/deps/v8/src/interpreter/bytecode-register.h
@@ -5,12 +5,13 @@
 #ifndef V8_INTERPRETER_BYTECODE_REGISTER_H_
 #define V8_INTERPRETER_BYTECODE_REGISTER_H_
 
-#include "src/interpreter/bytecodes.h"
+#include <optional>
 
 #include "src/base/macros.h"
 #include "src/base/platform/platform.h"
 #include "src/common/globals.h"
 #include "src/execution/frame-constants.h"
+#include "src/interpreter/bytecodes.h"
 
 namespace v8 {
 namespace internal {
@@ -83,7 +84,7 @@ class V8_EXPORT_PRIVATE Register final {
                     static_cast<int>(bytecode));
   }
 
-  constexpr base::Optional<Bytecode> TryToShortStar() const {
+  constexpr std::optional<Bytecode> TryToShortStar() const {
     if (index() >= 0 && index() < Bytecodes::kShortStarCount) {
       Bytecode bytecode =
           static_cast<Bytecode>(static_cast<int>(Bytecode::kStar0) - index());
diff --git a/deps/v8/src/interpreter/interpreter-assembler.cc b/deps/v8/src/interpreter/interpreter-assembler.cc
index 368c5cbdfd8a76..3d24e4dd5d7862 100644
--- a/deps/v8/src/interpreter/interpreter-assembler.cc
+++ b/deps/v8/src/interpreter/interpreter-assembler.cc
@@ -796,7 +796,9 @@ void InterpreterAssembler::CallJSWithSpreadAndDispatch(
 
 #ifndef V8_JITLESS
   TNode<HeapObject> maybe_feedback_vector = LoadFeedbackVector();
-  LazyNode<Object> receiver = [=] { return LoadRegisterAtOperandIndex(1); };
+  LazyNode<Object> receiver = [=, this] {
+    return LoadRegisterAtOperandIndex(1);
+  };
   CollectCallFeedback(function, receiver, context, maybe_feedback_vector,
                       slot_id);
 #endif  // !V8_JITLESS
diff --git a/deps/v8/src/interpreter/interpreter-generator.cc b/deps/v8/src/interpreter/interpreter-generator.cc
index 6df87a7539031e..9c60138b85a271 100644
--- a/deps/v8/src/interpreter/interpreter-generator.cc
+++ b/deps/v8/src/interpreter/interpreter-generator.cc
@@ -176,18 +176,18 @@ class InterpreterLoadGlobalAssembler : public InterpreterAssembler {
     TNode<HeapObject> maybe_feedback_vector = LoadFeedbackVector();
 
     AccessorAssembler accessor_asm(state());
-    ExitPoint exit_point(this, [=](TNode<Object> result) {
+    ExitPoint exit_point(this, [=, this](TNode<Object> result) {
       SetAccumulator(result);
       Dispatch();
     });
 
-    LazyNode<TaggedIndex> lazy_slot = [=] {
+    LazyNode<TaggedIndex> lazy_slot = [=, this] {
       return BytecodeOperandIdxTaggedIndex(slot_operand_index);
     };
 
-    LazyNode<Context> lazy_context = [=] { return GetContext(); };
+    LazyNode<Context> lazy_context = [=, this] { return GetContext(); };
 
-    LazyNode<Name> lazy_name = [=] {
+    LazyNode<Name> lazy_name = [=, this] {
       TNode<Name> name =
           CAST(LoadConstantPoolEntryAtOperandIndex(name_operand_index));
       return name;
@@ -549,13 +549,13 @@ IGNITION_HANDLER(GetNamedProperty, InterpreterAssembler) {
   TNode<Object> recv = LoadRegisterAtOperandIndex(0);
 
   // Load the name and context lazily.
-  LazyNode<TaggedIndex> lazy_slot = [=] {
+  LazyNode<TaggedIndex> lazy_slot = [=, this] {
     return BytecodeOperandIdxTaggedIndex(2);
   };
-  LazyNode<Name> lazy_name = [=] {
+  LazyNode<Name> lazy_name = [=, this] {
     return CAST(LoadConstantPoolEntryAtOperandIndex(1));
   };
-  LazyNode<Context> lazy_context = [=] { return GetContext(); };
+  LazyNode<Context> lazy_context = [=, this] { return GetContext(); };
 
   Label done(this);
   TVARIABLE(Object, var_result);
@@ -620,8 +620,7 @@ IGNITION_HANDLER(GetKeyedProperty, InterpreterAssembler) {
 IGNITION_HANDLER(GetEnumeratedKeyedProperty, InterpreterAssembler) {
   TNode<Object> object = LoadRegisterAtOperandIndex(0);
   TNode<Object> name = GetAccumulator();
-  TNode<TaggedIndex> enum_index =
-      SmiToTaggedIndex(CAST(LoadRegisterAtOperandIndex(1)));
+  TNode<Smi> enum_index = CAST(LoadRegisterAtOperandIndex(1));
   TNode<Object> cache_type = LoadRegisterAtOperandIndex(2);
   TNode<TaggedIndex> slot = BytecodeOperandIdxTaggedIndex(3);
   TNode<HeapObject> feedback_vector = LoadFeedbackVector();
@@ -1434,7 +1433,7 @@ class InterpreterJSCallAssembler : public InterpreterAssembler {
 
 #ifndef V8_JITLESS
     // Collect the {function} feedback.
-    LazyNode<Object> receiver = [=] {
+    LazyNode<Object> receiver = [=, this] {
       return receiver_mode == ConvertReceiverMode::kNullOrUndefined
                  ? UndefinedConstant()
                  : LoadRegisterAtOperandIndex(1);
@@ -1463,7 +1462,7 @@ class InterpreterJSCallAssembler : public InterpreterAssembler {
 
 #ifndef V8_JITLESS
     // Collect the {function} feedback.
-    LazyNode<Object> receiver = [=] {
+    LazyNode<Object> receiver = [=, this] {
       return receiver_mode == ConvertReceiverMode::kNullOrUndefined
                  ? UndefinedConstant()
                  : LoadRegisterAtOperandIndex(1);
@@ -1695,23 +1694,28 @@ class InterpreterCompareOpAssembler : public InterpreterAssembler {
     TNode<Context> context = GetContext();
 
     TVARIABLE(Smi, var_type_feedback);
+    TVARIABLE(Object, var_exception);
+    Label if_exception(this, Label::kDeferred);
     TNode<Boolean> result;
-    switch (compare_op) {
-      case Operation::kEqual:
-        result = Equal(lhs, rhs, context, &var_type_feedback);
-        break;
-      case Operation::kStrictEqual:
-        result = StrictEqual(lhs, rhs, &var_type_feedback);
-        break;
-      case Operation::kLessThan:
-      case Operation::kGreaterThan:
-      case Operation::kLessThanOrEqual:
-      case Operation::kGreaterThanOrEqual:
-        result = RelationalComparison(compare_op, lhs, rhs, context,
-                                      &var_type_feedback);
-        break;
-      default:
-        UNREACHABLE();
+    {
+      ScopedExceptionHandler handler(this, &if_exception, &var_exception);
+      switch (compare_op) {
+        case Operation::kEqual:
+          result = Equal(lhs, rhs, context, &var_type_feedback);
+          break;
+        case Operation::kStrictEqual:
+          result = StrictEqual(lhs, rhs, &var_type_feedback);
+          break;
+        case Operation::kLessThan:
+        case Operation::kGreaterThan:
+        case Operation::kLessThanOrEqual:
+        case Operation::kGreaterThanOrEqual:
+          result = RelationalComparison(compare_op, lhs, rhs, context,
+                                        &var_type_feedback);
+          break;
+        default:
+          UNREACHABLE();
+      }
     }
 
     TNode<UintPtrT> slot_index = BytecodeOperandIdx(1);
@@ -1722,6 +1726,17 @@ class InterpreterCompareOpAssembler : public InterpreterAssembler {
                    mode);
     SetAccumulator(result);
     Dispatch();
+
+    BIND(&if_exception);
+    {
+      TNode<UintPtrT> slot_index = BytecodeOperandIdx(1);
+      TNode<HeapObject> maybe_feedback_vector =
+          LoadFeedbackVectorOrUndefinedIfJitless();
+      UpdateFeedback(var_type_feedback.value(), maybe_feedback_vector,
+                     slot_index, mode);
+      CallRuntime(Runtime::kReThrow, context, var_exception.value());
+      Unreachable();
+    }
   }
 };
 
@@ -3128,7 +3143,7 @@ IGNITION_HANDLER(ForInNext, InterpreterAssembler) {
 // ForInStep <index>
 //
 // Increments the loop counter in register |index| and stores the result
-// in the accumulator.
+// back into the same register.
 IGNITION_HANDLER(ForInStep, InterpreterAssembler) {
   TNode<Smi> index = CAST(LoadRegisterAtOperandIndex(0));
   TNode<Smi> one = SmiConstant(1);
diff --git a/deps/v8/src/interpreter/interpreter.cc b/deps/v8/src/interpreter/interpreter.cc
index 2f9a612d293d69..e4fe850c9caf4a 100644
--- a/deps/v8/src/interpreter/interpreter.cc
+++ b/deps/v8/src/interpreter/interpreter.cc
@@ -212,7 +212,7 @@ void InterpreterCompilationJob::CheckAndPrintBytecodeMismatch(
   int first_mismatch = generator()->CheckBytecodeMatches(*bytecode);
   if (first_mismatch >= 0) {
     parse_info()->ast_value_factory()->Internalize(isolate);
-    DeclarationScope::AllocateScopeInfos(parse_info(), isolate);
+    DeclarationScope::AllocateScopeInfos(parse_info(), script, isolate);
 
     DirectHandle<BytecodeArray> new_bytecode =
         generator()->FinalizeBytecode(isolate, script);
@@ -350,7 +350,7 @@ void Interpreter::Initialize() {
   interpreter_entry_trampoline_instruction_start_ = code->instruction_start();
 
   // Initialize the dispatch table.
-  ForEachBytecode([=](Bytecode bytecode, OperandScale operand_scale) {
+  ForEachBytecode([=, this](Bytecode bytecode, OperandScale operand_scale) {
     Builtin builtin = BuiltinIndexFromBytecode(bytecode, operand_scale);
     Tagged<Code> handler = builtins->code(builtin);
     if (Bytecodes::BytecodeHasHandler(bytecode, operand_scale)) {
@@ -409,7 +409,8 @@ Handle<JSObject> Interpreter::GetDispatchCountersObject() {
       uintptr_t counter = GetDispatchCounter(from_bytecode, to_bytecode);
 
       if (counter > 0) {
-        Handle<Object> value = isolate_->factory()->NewNumberFromSize(counter);
+        DirectHandle<Object> value =
+            isolate_->factory()->NewNumberFromSize(counter);
         JSObject::AddProperty(isolate_, counters_row,
                               Bytecodes::ToString(to_bytecode), value, NONE);
       }
diff --git a/deps/v8/src/json/json-parser.cc b/deps/v8/src/json/json-parser.cc
index 0bb033a357ec5a..8b123bfc381b6d 100644
--- a/deps/v8/src/json/json-parser.cc
+++ b/deps/v8/src/json/json-parser.cc
@@ -4,6 +4,8 @@
 
 #include "src/json/json-parser.h"
 
+#include <optional>
+
 #include "src/base/strings.h"
 #include "src/builtins/builtins.h"
 #include "src/common/assert-scope.h"
@@ -357,7 +359,7 @@ bool JsonParser<Char>::IsSpecialString() {
 
 template <typename Char>
 MessageTemplate JsonParser<Char>::GetErrorMessageWithEllipses(
-    Handle<Object>& arg, Handle<Object>& arg2, int pos) {
+    DirectHandle<Object>& arg, DirectHandle<Object>& arg2, int pos) {
   MessageTemplate message;
   Factory* factory = this->factory();
   arg = factory->LookupSingleCharacterStringFromCode(*cursor_);
@@ -398,7 +400,8 @@ MessageTemplate JsonParser<Char>::GetErrorMessageWithEllipses(
 
 template <typename Char>
 MessageTemplate JsonParser<Char>::LookUpErrorMessageForJsonToken(
-    JsonToken token, Handle<Object>& arg, Handle<Object>& arg2, int pos) {
+    JsonToken token, DirectHandle<Object>& arg, DirectHandle<Object>& arg2,
+    int pos) {
   MessageTemplate message;
   switch (token) {
     case JsonToken::EOS:
@@ -424,8 +427,8 @@ MessageTemplate JsonParser<Char>::LookUpErrorMessageForJsonToken(
 }
 
 template <typename Char>
-void JsonParser<Char>::CalculateFileLocation(Handle<Object>& line,
-                                             Handle<Object>& column) {
+void JsonParser<Char>::CalculateFileLocation(DirectHandle<Object>& line,
+                                             DirectHandle<Object>& column) {
   // JSON allows only \r and \n as line terminators.
   // (See https://www.json.org/json-en.html - "whitespace")
   int line_number = 1;
@@ -449,13 +452,13 @@ void JsonParser<Char>::CalculateFileLocation(Handle<Object>& line,
     }
   }
   int column_number = 1 + static_cast<int>(cursor - last_line_break);
-  line = handle(Smi::FromInt(line_number), isolate());
-  column = handle(Smi::FromInt(column_number), isolate());
+  line = direct_handle(Smi::FromInt(line_number), isolate());
+  column = direct_handle(Smi::FromInt(column_number), isolate());
 }
 
 template <typename Char>
 void JsonParser<Char>::ReportUnexpectedToken(
-    JsonToken token, base::Optional<MessageTemplate> errorMessage) {
+    JsonToken token, std::optional<MessageTemplate> errorMessage) {
   // Some exception (for example stack overflow) was already thrown.
   if (isolate_->has_exception()) return;
 
@@ -465,9 +468,9 @@ void JsonParser<Char>::ReportUnexpectedToken(
                    ? Cast<SlicedString>(*original_source_)->offset()
                    : 0;
   int pos = position() - offset;
-  Handle<Object> arg(Smi::FromInt(pos), isolate());
-  Handle<Object> arg2;
-  Handle<Object> arg3;
+  DirectHandle<Object> arg(Smi::FromInt(pos), isolate());
+  DirectHandle<Object> arg2;
+  DirectHandle<Object> arg3;
   CalculateFileLocation(arg2, arg3);
 
   MessageTemplate message =
@@ -1961,10 +1964,9 @@ Handle<Object> JsonParser<Char>::ParseJsonNumber() {
     }
 
     base::Vector<const Char> chars(start, cursor_ - start);
-    number =
-        StringToDouble(chars,
-                       NO_CONVERSION_FLAGS,  // Hex, octal or trailing junk.
-                       std::numeric_limits<double>::quiet_NaN());
+    number = StringToDouble(chars,
+                            NO_CONVERSION_FLAG,  // Hex, octal or trailing junk.
+                            std::numeric_limits<double>::quiet_NaN());
 
     DCHECK(!std::isnan(number));
   }
diff --git a/deps/v8/src/json/json-parser.h b/deps/v8/src/json/json-parser.h
index 960e3d7bca30b2..1aba6ba402dc5c 100644
--- a/deps/v8/src/json/json-parser.h
+++ b/deps/v8/src/json/json-parser.h
@@ -5,6 +5,8 @@
 #ifndef V8_JSON_JSON_PARSER_H_
 #define V8_JSON_JSON_PARSER_H_
 
+#include <optional>
+
 #include "include/v8-callbacks.h"
 #include "src/base/small-vector.h"
 #include "src/base/strings.h"
@@ -237,7 +239,7 @@ class JsonParser final {
   }
 
   void Expect(JsonToken token,
-              base::Optional<MessageTemplate> errorMessage = base::nullopt) {
+              std::optional<MessageTemplate> errorMessage = std::nullopt) {
     if (V8_LIKELY(peek() == token)) {
       advance();
     } else {
@@ -246,9 +248,8 @@ class JsonParser final {
     }
   }
 
-  void ExpectNext(
-      JsonToken token,
-      base::Optional<MessageTemplate> errorMessage = base::nullopt) {
+  void ExpectNext(JsonToken token,
+                  std::optional<MessageTemplate> errorMessage = std::nullopt) {
     SkipWhitespace();
     errorMessage ? Expect(token, errorMessage.value()) : Expect(token);
   }
@@ -343,19 +344,22 @@ class JsonParser final {
   // Mark that a parsing error has happened at the current character.
   void ReportUnexpectedCharacter(base::uc32 c);
   bool IsSpecialString();
-  MessageTemplate GetErrorMessageWithEllipses(Handle<Object>& arg,
-                                              Handle<Object>& arg2, int pos);
+  MessageTemplate GetErrorMessageWithEllipses(DirectHandle<Object>& arg,
+                                              DirectHandle<Object>& arg2,
+                                              int pos);
   MessageTemplate LookUpErrorMessageForJsonToken(JsonToken token,
-                                                 Handle<Object>& arg,
-                                                 Handle<Object>& arg2, int pos);
+                                                 DirectHandle<Object>& arg,
+                                                 DirectHandle<Object>& arg2,
+                                                 int pos);
 
   // Calculate line and column based on the current cursor position.
   // Both values start at 1.
-  void CalculateFileLocation(Handle<Object>& line, Handle<Object>& column);
+  void CalculateFileLocation(DirectHandle<Object>& line,
+                             DirectHandle<Object>& column);
   // Mark that a parsing error has happened at the current token.
   void ReportUnexpectedToken(
       JsonToken token,
-      base::Optional<MessageTemplate> errorMessage = base::nullopt);
+      std::optional<MessageTemplate> errorMessage = std::nullopt);
 
   inline Isolate* isolate() { return isolate_; }
   inline Factory* factory() { return isolate_->factory(); }
diff --git a/deps/v8/src/json/json-stringifier.cc b/deps/v8/src/json/json-stringifier.cc
index be3b6991685d74..4c06d6a9453819 100644
--- a/deps/v8/src/json/json-stringifier.cc
+++ b/deps/v8/src/json/json-stringifier.cc
@@ -47,7 +47,8 @@ class JsonStringifier {
   V8_WARN_UNUSED_RESULT MaybeHandle<Object> ApplyToJsonFunction(
       Handle<Object> object, Handle<Object> key);
   V8_WARN_UNUSED_RESULT MaybeHandle<Object> ApplyReplacerFunction(
-      Handle<Object> value, Handle<Object> key, Handle<Object> initial_holder);
+      Handle<Object> value, Handle<Object> key,
+      DirectHandle<Object> initial_holder);
 
   // Entry point to serialize the object.
   V8_INLINE Result SerializeObject(Handle<Object> obj) {
@@ -213,7 +214,7 @@ class JsonStringifier {
   Result SerializeJSReceiverSlow(Handle<JSReceiver> object);
   template <ElementsKind kind>
   V8_INLINE Result SerializeFixedArrayWithInterruptCheck(
-      Handle<JSArray> array, uint32_t length, uint32_t* slow_path_index);
+      DirectHandle<JSArray> array, uint32_t length, uint32_t* slow_path_index);
   template <ElementsKind kind>
   V8_INLINE Result SerializeFixedArrayWithPossibleTransitions(
       DirectHandle<JSArray> array, uint32_t length, uint32_t* slow_path_index);
@@ -349,7 +350,7 @@ class JsonStringifier {
   V8_INLINE void Separator(bool first);
 
   Handle<JSReceiver> CurrentHolder(DirectHandle<Object> value,
-                                   Handle<Object> inital_holder);
+                                   DirectHandle<Object> inital_holder);
 
   Result StackPush(Handle<Object> object, Handle<Object> key);
   void StackPop();
@@ -612,7 +613,8 @@ MaybeHandle<Object> JsonStringifier::ApplyToJsonFunction(Handle<Object> object,
 }
 
 MaybeHandle<Object> JsonStringifier::ApplyReplacerFunction(
-    Handle<Object> value, Handle<Object> key, Handle<Object> initial_holder) {
+    Handle<Object> value, Handle<Object> key,
+    DirectHandle<Object> initial_holder) {
   HandleScope scope(isolate_);
   if (IsSmi(*key)) key = factory()->NumberToString(key);
   Handle<Object> argv[] = {key, value};
@@ -624,7 +626,7 @@ MaybeHandle<Object> JsonStringifier::ApplyReplacerFunction(
 }
 
 Handle<JSReceiver> JsonStringifier::CurrentHolder(
-    DirectHandle<Object> value, Handle<Object> initial_holder) {
+    DirectHandle<Object> value, DirectHandle<Object> initial_holder) {
   if (stack_.empty()) {
     Handle<JSObject> holder =
         factory()->NewJSObject(isolate_->object_function());
@@ -813,7 +815,7 @@ JsonStringifier::Result JsonStringifier::Serialize_(Handle<Object> object,
     return EXCEPTION;
   }
 
-  Handle<Object> initial_value = object;
+  DirectHandle<Object> initial_value = object;
   PtrComprCageBase cage_base(isolate_);
   if (!IsSmi(*object)) {
     InstanceType instance_type =
@@ -1064,7 +1066,7 @@ JsonStringifier::Result JsonStringifier::SerializeJSArray(
 
 template <ElementsKind kind>
 JsonStringifier::Result JsonStringifier::SerializeFixedArrayWithInterruptCheck(
-    Handle<JSArray> array, uint32_t length, uint32_t* slow_path_index) {
+    DirectHandle<JSArray> array, uint32_t length, uint32_t* slow_path_index) {
   static_assert(IsSmiElementsKind(kind) || IsDoubleElementsKind(kind));
   using ArrayT = typename std::conditional<IsDoubleElementsKind(kind),
                                            FixedDoubleArray, FixedArray>::type;
diff --git a/deps/v8/src/logging/counters-definitions.h b/deps/v8/src/logging/counters-definitions.h
index 0a949d145800a3..03509f5777029e 100644
--- a/deps/v8/src/logging/counters-definitions.h
+++ b/deps/v8/src/logging/counters-definitions.h
@@ -56,9 +56,12 @@ namespace internal {
   HR(wasm_module_code_size_mb, V8.WasmModuleCodeSizeMiB, 0, 1024, 64)          \
   /* Newer histogram, in KiB (0..100MB). */                                    \
   HR(wasm_module_code_size_kb, V8.WasmModuleCodeSizeKiB, 0, 1024 * 100, 101)   \
-  /* Meta data size per module, collected on GC. */                            \
+  /* Metadata size per module, collected on GC. */                             \
   HR(wasm_module_metadata_size_kb, V8.WasmModuleMetadataSizeKiB, 0,            \
      1024 * 100, 101)                                                          \
+  /* Metadata of the whole Wasm engine, collected on GC. */                    \
+  HR(wasm_engine_metadata_size_kb, V8.WasmEngineMetadataSizeKiB, 0,            \
+     1024 * 100, 101)                                                          \
   /* Percent of freed code size per module, collected on GC. */                \
   HR(wasm_module_freed_code_size_percent, V8.WasmModuleCodeSizePercentFreed,   \
      0, 100, 32)                                                               \
@@ -114,6 +117,18 @@ namespace internal {
   HR(wasm_compilation_method, V8.WasmCompilationMethod, 0, 4, 5)               \
   HR(asmjs_instantiate_result, V8.AsmjsInstantiateResult, 0, 1, 2)
 
+#if V8_ENABLE_DRUMBRAKE
+#define HISTOGRAM_RANGE_LIST_SLOW(HR)                                         \
+  /* Percentage (*1000) of time spent running Wasm jitted code. */            \
+  HR(wasm_jit_execution_ratio, V8.JitWasmExecutionPercentage, 0, 100000, 101) \
+  HR(wasm_jit_execution_too_slow, V8.JitWasmExecutionTooSlow, 0, 100000, 101) \
+  /* Percentage (*1000) of time spent running in the Wasm interpreter. */     \
+  HR(wasm_jitless_execution_ratio, V8.JitlessWasmExecutionPercentage, 0,      \
+     100000, 101)                                                             \
+  HR(wasm_jitless_execution_too_slow, V8.JitlessWasmExecutionTooSlow, 0,      \
+     100000, 101)
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // Like TIMED_HISTOGRAM_LIST, but allows the use of NestedTimedHistogramScope.
 // HT(name, caption, max, unit)
 #define NESTED_TIMED_HISTOGRAM_LIST(HT)                                       \
@@ -368,6 +383,7 @@ namespace internal {
   SC(lo_space_bytes_used, V8.MemoryLoSpaceBytesUsed)                           \
   SC(wasm_generated_code_size, V8.WasmGeneratedCodeBytes)                      \
   SC(wasm_reloc_size, V8.WasmRelocBytes)                                       \
+  SC(wasm_deopt_data_size, V8.WasmDeoptDataBytes)                              \
   SC(wasm_lazily_compiled_functions, V8.WasmLazilyCompiledFunctions)           \
   SC(wasm_compiled_export_wrapper, V8.WasmCompiledExportWrappers)
 
diff --git a/deps/v8/src/logging/counters.cc b/deps/v8/src/logging/counters.cc
index 856f38bb4e5cae..5c55109939469e 100644
--- a/deps/v8/src/logging/counters.cc
+++ b/deps/v8/src/logging/counters.cc
@@ -199,6 +199,13 @@ void CountersVisitor::VisitHistograms() {
   HISTOGRAM_RANGE_LIST(HR)
 #undef HR
 
+#if V8_ENABLE_DRUMBRAKE
+#define HR(name, caption, min, max, num_buckets) \
+  Visit(&counters()->name##_, #caption, min, max, num_buckets);
+  HISTOGRAM_RANGE_LIST_SLOW(HR)
+#undef HR
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #define HR(name, caption) Visit(&counters()->name##_, #caption);
   HISTOGRAM_PERCENTAGE_LIST(HR)
 #undef HR
diff --git a/deps/v8/src/logging/counters.h b/deps/v8/src/logging/counters.h
index ebb25c9b9473fb..21f8a8a9041e39 100644
--- a/deps/v8/src/logging/counters.h
+++ b/deps/v8/src/logging/counters.h
@@ -9,7 +9,6 @@
 
 #include "include/v8-callbacks.h"
 #include "src/base/atomic-utils.h"
-#include "src/base/optional.h"
 #include "src/base/platform/elapsed-timer.h"
 #include "src/base/platform/time.h"
 #include "src/common/globals.h"
@@ -529,6 +528,16 @@ class Counters : public std::enable_shared_from_this<Counters> {
   HISTOGRAM_RANGE_LIST(HR)
 #undef HR
 
+#if V8_ENABLE_DRUMBRAKE
+#define HR(name, caption, min, max, num_buckets)     \
+  Histogram* name() {                                \
+    name##_.EnsureCreated(v8_flags.slow_histograms); \
+    return &name##_;                                 \
+  }
+  HISTOGRAM_RANGE_LIST_SLOW(HR)
+#undef HR
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #define HT(name, caption, max, res) \
   NestedTimedHistogram* name() {    \
     name##_.EnsureCreated();        \
@@ -651,6 +660,9 @@ class Counters : public std::enable_shared_from_this<Counters> {
 
 #define HR(name, caption, min, max, num_buckets) Histogram name##_;
   HISTOGRAM_RANGE_LIST(HR)
+#if V8_ENABLE_DRUMBRAKE
+  HISTOGRAM_RANGE_LIST_SLOW(HR)
+#endif  // V8_ENABLE_DRUMBRAKE
 #undef HR
 
 #define HT(name, caption, max, res) NestedTimedHistogram name##_;
diff --git a/deps/v8/src/logging/log-file.cc b/deps/v8/src/logging/log-file.cc
index 734e1c3a9dd0cb..3977128af5b0eb 100644
--- a/deps/v8/src/logging/log-file.cc
+++ b/deps/v8/src/logging/log-file.cc
@@ -6,6 +6,7 @@
 
 #include <atomic>
 #include <memory>
+#include <optional>
 
 #include "src/base/platform/mutex.h"
 #include "src/base/platform/platform.h"
@@ -109,7 +110,7 @@ LogFile::MessageBuilder::MessageBuilder(LogFile* log)
     : log_(log), lock_guard_(&log_->mutex_) {}
 
 void LogFile::MessageBuilder::AppendString(Tagged<String> str,
-                                           base::Optional<int> length_limit) {
+                                           std::optional<int> length_limit) {
   if (str.is_null()) return;
 
   DisallowGarbageCollection no_gc;  // Ensure string stays valid.
diff --git a/deps/v8/src/logging/log-file.h b/deps/v8/src/logging/log-file.h
index e23abd4708d222..2c4858beb05f30 100644
--- a/deps/v8/src/logging/log-file.h
+++ b/deps/v8/src/logging/log-file.h
@@ -10,9 +10,9 @@
 #include <atomic>
 #include <cstdarg>
 #include <memory>
+#include <optional>
 
 #include "src/base/compiler-specific.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/common/assert-scope.h"
 #include "src/flags/flags.h"
@@ -62,7 +62,7 @@ class LogFile {
     ~MessageBuilder() = default;
 
     void AppendString(Tagged<String> str,
-                      base::Optional<int> length_limit = base::nullopt);
+                      std::optional<int> length_limit = std::nullopt);
     void AppendString(base::Vector<const char> str);
     void AppendString(const char* str);
     void AppendString(const char* str, size_t length, bool is_one_byte = true);
diff --git a/deps/v8/src/logging/log.cc b/deps/v8/src/logging/log.cc
index 581bdc92a3140c..c8c0c9a0ec00d1 100644
--- a/deps/v8/src/logging/log.cc
+++ b/deps/v8/src/logging/log.cc
@@ -2107,10 +2107,10 @@ EnumerateCompiledFunctions(Heap* heap) {
       } else if (WasmJSFunction::IsWasmJSFunction(function)) {
         Tagged<WasmInternalFunction> internal_function =
             function->shared()->wasm_js_function_data()->internal();
-        Tagged<WasmApiFunctionRef> api_function_ref =
-            Cast<WasmApiFunctionRef>(internal_function->ref());
+        Tagged<WasmImportData> import_data =
+            Cast<WasmImportData>(internal_function->implicit_arg());
         record(function->shared(),
-               Cast<AbstractCode>(api_function_ref->code(isolate)));
+               Cast<AbstractCode>(import_data->code(isolate)));
 #endif  // V8_ENABLE_WEBASSEMBLY
       }
     }
@@ -2623,7 +2623,7 @@ void ExistingCodeLogger::LogExistingFunction(Handle<SharedFunctionInfo> shared,
                                              Handle<AbstractCode> code,
                                              CodeTag tag) {
   if (IsScript(shared->script())) {
-    Handle<Script> script(Cast<Script>(shared->script()), isolate_);
+    DirectHandle<Script> script(Cast<Script>(shared->script()), isolate_);
     Script::PositionInfo info;
     Script::GetPositionInfo(script, shared->StartPosition(), &info);
     int line_num = info.line + 1;
@@ -2661,7 +2661,7 @@ void ExistingCodeLogger::LogExistingFunction(Handle<SharedFunctionInfo> shared,
       int c_functions_count = fun_data->GetCFunctionsCount();
       for (int i = 0; i < c_functions_count; i++) {
         CALL_CODE_EVENT_HANDLER(
-            CallbackEvent(fun_name, fun_data->GetCFunction(i)))
+            CallbackEvent(fun_name, fun_data->GetCFunction(isolate_, i)))
       }
     }
 #if V8_ENABLE_WEBASSEMBLY
diff --git a/deps/v8/src/logging/runtime-call-stats.h b/deps/v8/src/logging/runtime-call-stats.h
index 5b0a3fef59e832..1dbbd80d95faea 100644
--- a/deps/v8/src/logging/runtime-call-stats.h
+++ b/deps/v8/src/logging/runtime-call-stats.h
@@ -5,6 +5,8 @@
 #ifndef V8_LOGGING_RUNTIME_CALL_STATS_H_
 #define V8_LOGGING_RUNTIME_CALL_STATS_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
 
 #ifdef V8_RUNTIME_CALL_STATS
@@ -719,7 +721,7 @@ class WorkerThreadRuntimeCallStats final {
  private:
   base::Mutex mutex_;
   std::vector<std::unique_ptr<RuntimeCallStats>> tables_;
-  base::Optional<base::Thread::LocalStorageKey> tls_key_;
+  std::optional<base::Thread::LocalStorageKey> tls_key_;
   // Since this is for creating worker thread runtime-call stats, record the
   // main thread ID to ensure we never create a worker RCS table for the main
   // thread.
diff --git a/deps/v8/src/maglev/arm/maglev-assembler-arm-inl.h b/deps/v8/src/maglev/arm/maglev-assembler-arm-inl.h
index c5c4c0494da9e6..4b333e5519f66e 100644
--- a/deps/v8/src/maglev/arm/maglev-assembler-arm-inl.h
+++ b/deps/v8/src/maglev/arm/maglev-assembler-arm-inl.h
@@ -39,75 +39,58 @@ inline int ShiftFromScale(int n) {
   }
 }
 
-class MaglevAssembler::ScratchRegisterScope {
+class MaglevAssembler::TemporaryRegisterScope
+    : public TemporaryRegisterScopeBase<TemporaryRegisterScope> {
+  using Base = TemporaryRegisterScopeBase<TemporaryRegisterScope>;
+
  public:
-  explicit ScratchRegisterScope(MaglevAssembler* masm)
-      : wrapped_scope_(masm),
-        masm_(masm),
-        prev_scope_(masm->scratch_register_scope_) {
-    masm_->scratch_register_scope_ = this;
+  struct SavedData : public Base::SavedData {
+    RegList available_scratch_;
+    VfpRegList available_fp_scratch_;
+  };
+
+  explicit TemporaryRegisterScope(MaglevAssembler* masm)
+      : Base(masm), scratch_scope_(masm) {
     if (prev_scope_ == nullptr) {
       // Add extra scratch register if no previous scope.
-      wrapped_scope_.Include(kMaglevExtraScratchRegister);
+      scratch_scope_.Include(kMaglevExtraScratchRegister);
     }
   }
-
-  ~ScratchRegisterScope() { masm_->scratch_register_scope_ = prev_scope_; }
-
-  void ResetToDefault() {
-    wrapped_scope_.SetAvailable(Assembler::DefaultTmpList() |
-                                kMaglevExtraScratchRegister);
-    wrapped_scope_.SetAvailableVfp(Assembler::DefaultFPTmpList());
+  explicit TemporaryRegisterScope(MaglevAssembler* masm,
+                                  const SavedData& saved_data)
+      : Base(masm, saved_data), scratch_scope_(masm) {
+    scratch_scope_.SetAvailable(saved_data.available_scratch_);
+    scratch_scope_.SetAvailableVfp(saved_data.available_fp_scratch_);
   }
 
-  Register GetDefaultScratchRegister() { return Acquire(); }
-  DoubleRegister GetDefaultScratchDoubleRegister() { return AcquireDouble(); }
-
-  Register Acquire() { return wrapped_scope_.Acquire(); }
-  void Include(Register reg) { wrapped_scope_.Include(reg); }
-  void Include(const RegList list) { wrapped_scope_.Include(list); }
-
-  DoubleRegister AcquireDouble() { return wrapped_scope_.AcquireD(); }
-  void IncludeDouble(const DoubleRegList list) {
-    wrapped_scope_.Include(DoubleToVpfRegList(list));
+  Register AcquireScratch() {
+    Register reg = scratch_scope_.Acquire();
+    CHECK(!available_.has(reg));
+    return reg;
   }
-
-  RegList Available() { return wrapped_scope_.Available(); }
-  void SetAvailable(RegList list) { wrapped_scope_.SetAvailable(list); }
-
-  DoubleRegList AvailableDouble() {
-    return VpfToDoubleRegList(wrapped_scope_.AvailableVfp());
+  DoubleRegister AcquireScratchDouble() {
+    DoubleRegister reg = scratch_scope_.AcquireD();
+    CHECK(!available_double_.has(reg));
+    return reg;
   }
-  void SetAvailableDouble(DoubleRegList list) {
-    wrapped_scope_.SetAvailableVfp(DoubleToVpfRegList(list));
+  void IncludeScratch(Register reg) { scratch_scope_.Include(reg); }
+
+  SavedData CopyForDefer() {
+    return SavedData{
+        CopyForDeferBase(),
+        scratch_scope_.Available(),
+        scratch_scope_.AvailableVfp(),
+    };
   }
 
-  // TODO(victorgomes): These are very inefficient, but it suffices for now to
-  // bootstrap arm. We should be able to define a special DoubleRegList for arm
-  // that takes VpfRegList into account directly.
-  DoubleRegList VpfToDoubleRegList(VfpRegList list) {
-    DoubleRegList double_list;
-    for (int index = 0; index < DoubleRegister::kNumRegisters; index++) {
-      DoubleRegister reg = DoubleRegister::from_code(index);
-      uint64_t mask = reg.ToVfpRegList();
-      if ((list & mask) == mask) {
-        double_list.set(reg);
-      }
-    }
-    return double_list;
-  }
-  VfpRegList DoubleToVpfRegList(DoubleRegList list) {
-    VfpRegList vfp_list = 0;
-    for (DoubleRegister reg : list) {
-      vfp_list |= reg.ToVfpRegList();
-    }
-    return vfp_list;
+  void ResetToDefaultImpl() {
+    scratch_scope_.SetAvailable(Assembler::DefaultTmpList() |
+                                kMaglevExtraScratchRegister);
+    scratch_scope_.SetAvailableVfp(Assembler::DefaultFPTmpList());
   }
 
  private:
-  UseScratchRegisterScope wrapped_scope_;
-  MaglevAssembler* masm_;
-  ScratchRegisterScope* prev_scope_;
+  UseScratchRegisterScope scratch_scope_;
 };
 
 inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
@@ -120,8 +103,8 @@ inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
 
 void MapCompare::Generate(Handle<Map> map, Condition cond, Label* if_true,
                           Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(masm_);
-  Register temp = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm_);
+  Register temp = temps.AcquireScratch();
   masm_->Move(temp, map);
   masm_->cmp(map_, temp);
   masm_->JumpIf(cond, if_true, distance);
@@ -144,8 +127,8 @@ struct PushAllHelper<> {
 
 inline void PushInput(MaglevAssembler* masm, const Input& input) {
   if (input.operand().IsConstant()) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    Register scratch = temps.Acquire();
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    Register scratch = temps.AcquireScratch();
     input.node()->LoadToRegister(masm, scratch);
     masm->Push(scratch);
   } else {
@@ -157,8 +140,8 @@ inline void PushInput(MaglevAssembler* masm, const Input& input) {
       masm->Push(operand.GetRegister());
     } else {
       DCHECK(operand.IsStackSlot());
-      MaglevAssembler::ScratchRegisterScope temps(masm);
-      Register scratch = temps.Acquire();
+      MaglevAssembler::TemporaryRegisterScope temps(masm);
+      Register scratch = temps.AcquireScratch();
       masm->ldr(scratch, masm->GetStackSlot(operand));
       masm->Push(scratch);
     }
@@ -242,9 +225,9 @@ inline void MaglevAssembler::CheckInt32IsSmi(Register obj, Label* fail,
                                              Register scratch) {
   static_assert(!SmiValuesAre32Bits());
 
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   if (scratch == Register::no_reg()) {
-    scratch = temps.Acquire();
+    scratch = temps.AcquireScratch();
   }
   add(scratch, obj, obj, SetCC);
   JumpIf(kOverflow, fail);
@@ -286,8 +269,8 @@ inline Condition MaglevAssembler::IsRootConstant(Input input,
     CompareRoot(ToRegister(input), root_index);
   } else {
     DCHECK(input.operand().IsStackSlot());
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     ldr(scratch, ToMemOperand(input));
     CompareRoot(scratch, root_index);
   }
@@ -321,8 +304,8 @@ inline void MaglevAssembler::BuildTypedArrayDataPointer(Register data_pointer,
   ldr(data_pointer,
       FieldMemOperand(object, JSTypedArray::kExternalPointerOffset));
   if (JSTypedArray::kMaxSizeInHeap == 0) return;
-  ScratchRegisterScope temps(this);
-  Register base = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register base = temps.AcquireScratch();
   ldr(base, FieldMemOperand(object, JSTypedArray::kBasePointerOffset));
   add(data_pointer, data_pointer, base);
 }
@@ -361,8 +344,7 @@ inline void MaglevAssembler::LoadExternalPointerField(Register result,
 void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
                                             Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -379,11 +361,11 @@ void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
 void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
                                                   Register array,
                                                   Register index) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_DOUBLE_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_DOUBLE_ARRAY_TYPE,
+                     AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -393,8 +375,8 @@ void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
 
 inline void MaglevAssembler::StoreFixedDoubleArrayElement(
     Register array, Register index, DoubleRegister value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   add(scratch, array, Operand(index, LSL, kDoubleSizeLog2));
   vstr(value, FieldMemOperand(scratch, FixedArray::kHeaderSize));
 }
@@ -442,8 +424,8 @@ inline void MaglevAssembler::StoreTaggedFieldNoWriteBarrier(Register object,
 
 inline void MaglevAssembler::StoreFixedArrayElementNoWriteBarrier(
     Register array, Register index, Register value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   add(scratch, array, Operand(index, LSL, kTaggedSizeLog2));
   MacroAssembler::StoreTaggedField(
       value, FieldMemOperand(scratch, FixedArray::kHeaderSize));
@@ -457,16 +439,16 @@ inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
 
 inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
                                                     Tagged<Smi> value) {
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch();
   Move(scratch, value);
   MacroAssembler::StoreTaggedField(scratch, FieldMemOperand(object, offset));
 }
 
 inline void MaglevAssembler::StoreInt32Field(Register object, int offset,
                                              int32_t value) {
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch();
   Move(scratch, value);
   str(scratch, FieldMemOperand(object, offset));
 }
@@ -621,8 +603,8 @@ inline void MaglevAssembler::LoadUnalignedFloat64(DoubleRegister dst,
                                                   Register base,
                                                   Register index) {
   // vldr only works on 4 bytes aligned access.
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   ldr(scratch, MemOperand(base, index));
   VmovLow(dst, scratch);
   add(scratch, index, Operand(4));
@@ -632,8 +614,8 @@ inline void MaglevAssembler::LoadUnalignedFloat64(DoubleRegister dst,
 inline void MaglevAssembler::LoadUnalignedFloat64AndReverseByteOrder(
     DoubleRegister dst, Register base, Register index) {
   // vldr only works on 4 bytes aligned access.
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   ldr(scratch, MemOperand(base, index));
   rev(scratch, scratch);
   VmovHigh(dst, scratch);
@@ -646,9 +628,9 @@ inline void MaglevAssembler::StoreUnalignedFloat64(Register base,
                                                    Register index,
                                                    DoubleRegister src) {
   // vstr only works on 4 bytes aligned access.
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  Register index_scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  Register index_scratch = temps.AcquireScratch();
   VmovLow(scratch, src);
   str(scratch, MemOperand(base, index));
   add(index_scratch, index, Operand(4));
@@ -658,9 +640,9 @@ inline void MaglevAssembler::StoreUnalignedFloat64(Register base,
 inline void MaglevAssembler::ReverseByteOrderAndStoreUnalignedFloat64(
     Register base, Register index, DoubleRegister src) {
   // vstr only works on 4 bytes aligned access.
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  Register index_scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  Register index_scratch = temps.AcquireScratch();
   VmovHigh(scratch, src);
   rev(scratch, scratch);
   str(scratch, MemOperand(base, index));
@@ -681,8 +663,8 @@ inline void MaglevAssembler::ToUint8Clamped(Register result,
                                             DoubleRegister value, Label* min,
                                             Label* max, Label* done) {
   CpuFeatureScope scope(this, ARMv8);
-  ScratchRegisterScope temps(this);
-  DoubleRegister scratch = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister scratch = temps.AcquireScratchDouble();
   Move(scratch, 0.0);
   VFPCompareAndSetFlags(scratch, value);
   // Set to 0 if NaN.
@@ -739,36 +721,91 @@ inline void MaglevAssembler::LoadInstanceType(Register instance_type,
   ldrh(instance_type, FieldMemOperand(instance_type, Map::kInstanceTypeOffset));
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndJumpIf(
-    Register heap_object, InstanceType type, Condition cond, Label* target,
-    Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  MacroAssembler::CompareObjectType(heap_object, scratch, scratch, type);
-  JumpIf(cond, target, distance);
+inline void MaglevAssembler::JumpIfObjectType(Register heap_object,
+                                              InstanceType type, Label* target,
+                                              Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndAssert(Register heap_object,
-                                                        InstanceType type,
-                                                        Condition cond,
-                                                        AbortReason reason) {
+inline void MaglevAssembler::JumpIfNotObjectType(Register heap_object,
+                                                 InstanceType type,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kNotEqual, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectType(Register heap_object,
+                                              InstanceType type,
+                                              AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   AssertNotSmi(heap_object);
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  MacroAssembler::CompareObjectType(heap_object, scratch, scratch, type);
-  Assert(cond, reason);
+  CompareObjectType(heap_object, scratch, scratch, type);
+  Assert(kEqual, reason);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndBranch(
-    Register heap_object, InstanceType type, Condition condition,
+inline void MaglevAssembler::BranchOnObjectType(
+    Register heap_object, InstanceType type, Label* if_true,
+    Label::Distance true_distance, bool fallthrough_when_true, Label* if_false,
+    Label::Distance false_distance, bool fallthrough_when_false) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  Branch(kEqual, if_true, true_distance, fallthrough_when_true, if_false,
+         false_distance, fallthrough_when_false);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     Label* target,
+                                                     Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeNotInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
+    Label* target, Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  JumpIf(kUnsignedGreaterThan, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+
+inline void MaglevAssembler::BranchOnObjectTypeInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
     Label* if_true, Label::Distance true_distance, bool fallthrough_when_true,
     Label* if_false, Label::Distance false_distance,
     bool fallthrough_when_false) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  MacroAssembler::CompareObjectType(heap_object, scratch, scratch, type);
-  Branch(condition, if_true, true_distance, fallthrough_when_true, if_false,
-         false_distance, fallthrough_when_false);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  Branch(kUnsignedLessThanEqual, if_true, true_distance, fallthrough_when_true,
+         if_false, false_distance, fallthrough_when_false);
 }
 
 inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
@@ -776,29 +813,13 @@ inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
   // If the type of the result (stored in its map) is less than
   // FIRST_JS_RECEIVER_TYPE, it is not an object in the ECMA sense.
   static_assert(LAST_JS_RECEIVER_TYPE == LAST_TYPE);
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::CompareObjectType(heap_object, scratch, scratch,
                                     FIRST_JS_RECEIVER_TYPE);
   JumpIf(kUnsignedGreaterThanEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  CompareObjectTypeRange(heap_object, scratch, lower_limit, higher_limit);
-}
-
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    Register scratch,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  LoadMap(scratch, heap_object);
-  CompareInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
-}
-
 inline void MaglevAssembler::CompareMapWithRoot(Register object,
                                                 RootIndex index,
                                                 Register scratch) {
@@ -808,16 +829,18 @@ inline void MaglevAssembler::CompareMapWithRoot(Register object,
 
 inline void MaglevAssembler::CompareInstanceType(Register map,
                                                  InstanceType instance_type) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::CompareInstanceType(map, scratch, instance_type);
 }
 
 inline void MaglevAssembler::CompareInstanceTypeRange(
     Register map, Register instance_type_out, InstanceType lower_limit,
     InstanceType higher_limit) {
-  MacroAssembler::CompareInstanceTypeRange(map, instance_type_out, lower_limit,
-                                           higher_limit);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  MacroAssembler::CompareInstanceTypeRange(map, instance_type_out, scratch,
+                                           lower_limit, higher_limit);
 }
 
 inline void MaglevAssembler::CompareFloat64AndJumpIf(
@@ -932,8 +955,8 @@ void MaglevAssembler::JumpIfNotHoleNan(DoubleRegister value, Register scratch,
 
 void MaglevAssembler::JumpIfNotHoleNan(MemOperand operand, Label* target,
                                        Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
-  Register upper_bits = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(this);
+  Register upper_bits = temps.AcquireScratch();
   DCHECK(operand.IsImmediateOffset());
   ldr(upper_bits, MemOperand(operand.rn(), operand.offset() + (kDoubleSize / 2),
                              operand.am()));
@@ -1015,6 +1038,15 @@ inline void MaglevAssembler::CompareSmiAndJumpIf(Register r1, Tagged<Smi> value,
   JumpIf(cond, target);
 }
 
+inline void MaglevAssembler::CompareSmiAndAssert(Register r1, Tagged<Smi> value,
+                                                 Condition cond,
+                                                 AbortReason reason) {
+  if (!v8_flags.debug_code) return;
+  AssertSmi(r1);
+  cmp(r1, Operand(value));
+  Assert(cond, reason);
+}
+
 inline void MaglevAssembler::CompareByteAndJumpIf(MemOperand left, int8_t right,
                                                   Condition cond,
                                                   Register scratch,
@@ -1061,8 +1093,8 @@ inline void MaglevAssembler::CompareDoubleAndJumpIfZeroOrNaN(
 
 inline void MaglevAssembler::CompareDoubleAndJumpIfZeroOrNaN(
     MemOperand operand, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister value_double = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister value_double = temps.AcquireScratchDouble();
   vldr(value_double, operand);
   CompareDoubleAndJumpIfZeroOrNaN(value_double, target, distance);
 }
@@ -1075,8 +1107,8 @@ inline void MaglevAssembler::TestInt32AndJumpIfAnySet(
 
 inline void MaglevAssembler::TestInt32AndJumpIfAnySet(
     MemOperand operand, int32_t mask, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register value = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register value = temps.AcquireScratch();
   ldr(value, operand);
   TestInt32AndJumpIfAnySet(value, mask, target);
 }
@@ -1089,8 +1121,8 @@ inline void MaglevAssembler::TestInt32AndJumpIfAllClear(
 
 inline void MaglevAssembler::TestInt32AndJumpIfAllClear(
     MemOperand operand, int32_t mask, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register value = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register value = temps.AcquireScratch();
   ldr(value, operand);
   TestInt32AndJumpIfAllClear(value, mask, target);
 }
@@ -1130,8 +1162,8 @@ inline void MaglevAssembler::Pop(Register dst) { pop(dst); }
 
 inline void MaglevAssembler::AssertStackSizeCorrect() {
   if (v8_flags.debug_code) {
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     add(scratch, sp,
         Operand(code_gen_state()->stack_slots() * kSystemPointerSize +
                 StandardFrameConstants::kFixedFrameSizeFromFp));
@@ -1142,13 +1174,13 @@ inline void MaglevAssembler::AssertStackSizeCorrect() {
 
 inline Condition MaglevAssembler::FunctionEntryStackCheck(
     int stack_check_offset) {
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   Register stack_cmp_reg = sp;
   if (stack_check_offset >= kStackLimitSlackForDeoptimizationInBytes) {
-    stack_cmp_reg = temps.Acquire();
+    stack_cmp_reg = temps.AcquireScratch();
     sub(stack_cmp_reg, sp, Operand(stack_check_offset));
   }
-  Register interrupt_stack_limit = temps.Acquire();
+  Register interrupt_stack_limit = temps.AcquireScratch();
   LoadStackLimit(interrupt_stack_limit, StackLimitKind::kInterruptStackLimit);
   cmp(stack_cmp_reg, interrupt_stack_limit);
   return kUnsignedGreaterThanEqual;
@@ -1196,8 +1228,8 @@ inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
 template <>
 inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
                                       MemOperand dst, MemOperand src) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MoveRepr(repr, scratch, src);
   MoveRepr(repr, dst, scratch);
 }
diff --git a/deps/v8/src/maglev/arm/maglev-assembler-arm.cc b/deps/v8/src/maglev/arm/maglev-assembler-arm.cc
index e202694d2e6445..928726636f6244 100644
--- a/deps/v8/src/maglev/arm/maglev-assembler-arm.cc
+++ b/deps/v8/src/maglev/arm/maglev-assembler-arm.cc
@@ -40,8 +40,8 @@ void AllocateRaw(MaglevAssembler* masm, Isolate* isolate,
   ExternalReference top = SpaceAllocationTopAddress(isolate, alloc_type);
   ExternalReference limit = SpaceAllocationLimitAddress(isolate, alloc_type);
   ZoneLabelRef done(masm);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   // We are a bit short on registers, so we use the same register for {object}
   // and {new_top}. Once we have defined {new_top}, we don't use {object} until
   // {new_top} is used for the last time. And there (at the end of this
@@ -81,8 +81,8 @@ void MaglevAssembler::Allocate(RegisterSnapshot register_snapshot,
 }
 
 void MaglevAssembler::OSRPrologue(Graph* graph) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
 
   DCHECK(graph->is_osr());
   CHECK(!graph->has_recursive_calls());
@@ -124,7 +124,7 @@ void MaglevAssembler::OSRPrologue(Graph* graph) {
 }
 
 void MaglevAssembler::Prologue(Graph* graph) {
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   temps.Include({r4, r8});
 
   DCHECK(!graph->is_osr());
@@ -169,8 +169,8 @@ void MaglevAssembler::Prologue(Graph* graph) {
   // Initialize stack slots.
   if (graph->tagged_stack_slots() > 0) {
     ASM_CODE_COMMENT_STRING(this, "Initializing stack slots");
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     Move(scratch, 0);
 
     // Magic value. Experimentally, an unroll size of 8 doesn't seem any
@@ -189,7 +189,7 @@ void MaglevAssembler::Prologue(Graph* graph) {
       for (int i = 0; i < first_slots; ++i) {
         Push(scratch);
       }
-      Register unroll_counter = temps.Acquire();
+      Register unroll_counter = temps.AcquireScratch();
       Move(unroll_counter, tagged_slots / kLoopUnrollSize);
       // We enter the loop unconditionally, so make sure we need to loop at
       // least once.
@@ -319,15 +319,11 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   bind(&loop);
 
   if (v8_flags.debug_code) {
-    Register scratch = instance_type;
-
     // Check if {string} is a string.
-    AssertNotSmi(string);
-    LoadMap(scratch, string);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_STRING_TYPE,
-                             LAST_STRING_TYPE);
-    Check(ls, AbortReason::kUnexpectedValue);
+    AssertObjectTypeInRange(string, FIRST_STRING_TYPE, LAST_STRING_TYPE,
+                            AbortReason::kUnexpectedValue);
 
+    Register scratch = instance_type;
     ldr(scratch, FieldMemOperand(string, offsetof(String, length_)));
     cmp(index, scratch);
     Check(lo, AbortReason::kUnexpectedValue);
@@ -337,8 +333,8 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   LoadInstanceType(instance_type, string);
 
   {
-    ScratchRegisterScope temps(this);
-    Register representation = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register representation = temps.AcquireScratch();
 
     // TODO(victorgomes): Add fast path for external strings.
     and_(representation, instance_type, Operand(kStringRepresentationMask));
@@ -361,8 +357,8 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
 
   bind(&sliced_string);
   {
-    ScratchRegisterScope temps(this);
-    Register offset = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register offset = temps.AcquireScratch();
 
     LoadAndUntagTaggedSignedField(offset, string,
                                   offsetof(SlicedString, offset_));
diff --git a/deps/v8/src/maglev/arm/maglev-ir-arm.cc b/deps/v8/src/maglev/arm/maglev-ir-arm.cc
index 9a49fec0ec958a..d19fc32c5c37c7 100644
--- a/deps/v8/src/maglev/arm/maglev-ir-arm.cc
+++ b/deps/v8/src/maglev/arm/maglev-ir-arm.cc
@@ -99,7 +99,7 @@ void BuiltinStringFromCharCode::SetValueLocationConstraints() {
 }
 void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register result_string = ToRegister(result());
   if (Int32Constant* constant = code_input().node()->TryCast<Int32Constant>()) {
@@ -107,20 +107,11 @@ void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
     if (0 <= char_code && char_code < String::kMaxOneByteCharCode) {
       __ LoadSingleCharacterString(result_string, char_code);
     } else {
-      // Ensure that {result_string} never aliases {scratch}, otherwise the
-      // store will fail.
-      bool reallocate_result = (scratch == result_string);
-      if (reallocate_result) {
-        result_string = temps.Acquire();
-      }
-      DCHECK(scratch != result_string);
+      DCHECK_NE(scratch, result_string);
       __ AllocateTwoByteString(register_snapshot(), result_string, 1);
       __ Move(scratch, char_code);
       __ strh(scratch, FieldMemOperand(result_string,
                                        OFFSET_OF_DATA_START(SeqTwoByteString)));
-      if (reallocate_result) {
-        __ Move(ToRegister(result()), result_string);
-      }
     }
   } else {
     __ StringFromCharCode(register_snapshot(), nullptr, result_string,
@@ -212,7 +203,6 @@ void Int32MultiplyWithOverflow::SetValueLocationConstraints() {
   UseRegister(left_input());
   UseRegister(right_input());
   DefineAsRegister(this);
-  set_temporaries_needed(1);
 }
 void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
@@ -222,13 +212,13 @@ void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
 
   // TODO(leszeks): peephole optimise multiplication by a constant.
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   bool out_alias_input = out == left || out == right;
   Register res_low = out;
   if (out_alias_input) {
-    res_low = temps.Acquire();
+    res_low = temps.AcquireScratch();
   }
-  Register res_high = temps.Acquire();
+  Register res_high = temps.AcquireScratch();
   __ smull(res_low, res_high, left, right);
 
   // ARM doesn't set the overflow flag for multiplication, so we need to
@@ -256,10 +246,6 @@ void Int32DivideWithOverflow::SetValueLocationConstraints() {
   UseRegister(left_input());
   UseRegister(right_input());
   DefineAsRegister(this);
-  if (!CpuFeatures::IsSupported(SUDIV)) {
-    // We use the standard low double register and an extra one.
-    set_double_temporaries_needed(1);
-  }
 }
 void Int32DivideWithOverflow::GenerateCode(MaglevAssembler* masm,
                                            const ProcessingState& state) {
@@ -308,11 +294,11 @@ void Int32DivideWithOverflow::GenerateCode(MaglevAssembler* masm,
   __ bind(*done);
 
   // Perform the actual integer division.
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   bool out_alias_input = out == left || out == right;
   Register res = out;
   if (out_alias_input) {
-    res = temps.Acquire();
+    res = temps.AcquireScratch();
   }
   if (CpuFeatures::IsSupported(SUDIV)) {
     CpuFeatureScope scope(masm, SUDIV);
@@ -333,7 +319,7 @@ void Int32DivideWithOverflow::GenerateCode(MaglevAssembler* masm,
   }
 
   // Check that the remainder is zero.
-  Register temp = temps.Acquire();
+  Register temp = temps.AcquireScratch();
   __ mul(temp, res, right);
   __ cmp(temp, left);
   __ EmitEagerDeoptIf(ne, DeoptimizeReason::kNotInt32, this);
@@ -344,8 +330,8 @@ void Int32DivideWithOverflow::GenerateCode(MaglevAssembler* masm,
 namespace {
 void Uint32Mod(MaglevAssembler* masm, Register out, Register left,
                Register right) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register res = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register res = temps.AcquireScratch();
   if (CpuFeatures::IsSupported(SUDIV)) {
     CpuFeatureScope scope(masm, SUDIV);
     __ udiv(res, left, right);
@@ -376,10 +362,6 @@ void Int32ModulusWithOverflow::SetValueLocationConstraints() {
   UseAndClobberRegister(left_input());
   UseAndClobberRegister(right_input());
   DefineAsRegister(this);
-  if (!CpuFeatures::IsSupported(SUDIV)) {
-    // We use the standard low double register and an extra one.
-    set_double_temporaries_needed(1);
-  }
 }
 void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
                                             const ProcessingState& state) {
@@ -453,17 +435,18 @@ void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
       done, lhs, rhs, out, this);
 
   Label rhs_not_power_of_2;
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register mask = temps.Acquire();
-  __ add(mask, rhs, Operand(-1));
-  __ tst(mask, rhs);
-  __ JumpIf(ne, &rhs_not_power_of_2);
-
-  // {rhs} is power of 2.
-  __ and_(out, mask, lhs);
-  __ Jump(*done);
-  // {mask} can be reused from now on.
-  temps.Include(mask);
+  {
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    Register mask = temps.AcquireScratch();
+    __ add(mask, rhs, Operand(-1));
+    __ tst(mask, rhs);
+    __ JumpIf(ne, &rhs_not_power_of_2);
+
+    // {rhs} is power of 2.
+    __ and_(out, mask, lhs);
+    __ Jump(*done);
+    // {mask} can be reused from now on.
+  }
 
   __ bind(&rhs_not_power_of_2);
   Uint32Mod(masm, out, lhs, rhs);
@@ -515,8 +498,8 @@ DEF_BITWISE_BINOP(Int32BitwiseXor, eor)
         __ opcode(out, left, Operand(shift));                                  \
       }                                                                        \
     } else {                                                                   \
-      MaglevAssembler::ScratchRegisterScope temps(masm);                       \
-      Register scratch = temps.Acquire();                                      \
+      MaglevAssembler::TemporaryRegisterScope temps(masm);                     \
+      Register scratch = temps.AcquireScratch();                               \
       Register right = ToRegister(right_input());                              \
       __ and_(scratch, right, Operand(31));                                    \
       __ opcode(out, left, Operand(scratch));                                  \
@@ -636,15 +619,15 @@ void Float64Round::GenerateCode(MaglevAssembler* masm,
   DoubleRegister out = ToDoubleRegister(result());
   CpuFeatureScope scope(masm, ARMv8);
   if (kind_ == Kind::kNearest) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     DoubleRegister temp = temps.AcquireDouble();
-    DoubleRegister half_one = temps.AcquireDouble();
     __ Move(temp, in);
     // vrintn rounds to even on tie, while JS expects it to round towards
     // +Infinity. Fix the difference by checking if we rounded down by exactly
     // 0.5, and if so, round to the other side.
     __ vrintn(out, in);
     __ vsub(temp, temp, out);
+    DoubleRegister half_one = temps.AcquireScratchDouble();
     __ Move(half_one, 0.5);
     __ VFPCompareAndSetFlags(temp, half_one);
     Label done;
@@ -703,8 +686,8 @@ void LoadTypedArrayLength::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(receiver_input());
   Register result_register = ToRegister(result());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_TYPED_ARRAY_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_TYPED_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
   __ LoadBoundedSizeFromObject(result_register, object,
                                JSTypedArray::kRawByteLengthOffset);
@@ -725,12 +708,12 @@ void CheckJSDataViewBounds::SetValueLocationConstraints() {
 }
 void CheckJSDataViewBounds::GenerateCode(MaglevAssembler* masm,
                                          const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(receiver_input());
   Register index = ToRegister(index_input());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_DATA_VIEW_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
   // Normal DataView (backed by AB / SAB) or non-length tracking backed by GSAB.
@@ -816,7 +799,7 @@ void HandleInterruptsAndTiering(MaglevAssembler* masm, ZoneLabelRef done,
 
 void GenerateReduceInterruptBudget(MaglevAssembler* masm, Node* node,
                                    ReduceInterruptBudgetType type, int amount) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register feedback_cell = scratch;
   Register budget = temps.Acquire();
diff --git a/deps/v8/src/maglev/arm64/maglev-assembler-arm64-inl.h b/deps/v8/src/maglev/arm64/maglev-assembler-arm64-inl.h
index ac0ad9f131a026..6570c5ee402b87 100644
--- a/deps/v8/src/maglev/arm64/maglev-assembler-arm64-inl.h
+++ b/deps/v8/src/maglev/arm64/maglev-assembler-arm64-inl.h
@@ -13,6 +13,7 @@
 #include "src/maglev/maglev-basic-block.h"
 #include "src/maglev/maglev-code-gen-state.h"
 #include "src/maglev/maglev-ir.h"
+#include "src/roots/static-roots.h"
 
 namespace v8 {
 namespace internal {
@@ -39,63 +40,58 @@ inline int ShiftFromScale(int n) {
   }
 }
 
-class MaglevAssembler::ScratchRegisterScope {
- public:
-  explicit ScratchRegisterScope(MaglevAssembler* masm)
-      : wrapped_scope_(masm),
-        masm_(masm),
-        prev_scope_(masm->scratch_register_scope_) {
-    masm_->scratch_register_scope_ = this;
-  }
+class MaglevAssembler::TemporaryRegisterScope
+    : public TemporaryRegisterScopeBase<TemporaryRegisterScope> {
+  using Base = TemporaryRegisterScopeBase<TemporaryRegisterScope>;
 
-  ~ScratchRegisterScope() { masm_->scratch_register_scope_ = prev_scope_; }
-
-  void ResetToDefault() {
-    wrapped_scope_.SetAvailable(masm_->DefaultTmpList());
-    wrapped_scope_.SetAvailableFP(masm_->DefaultFPTmpList());
-  }
-
-  Register GetDefaultScratchRegister() { return Acquire(); }
-  DoubleRegister GetDefaultScratchDoubleRegister() { return AcquireDouble(); }
-
-  Register Acquire() { return wrapped_scope_.AcquireX(); }
-  void Include(Register reg) { wrapped_scope_.Include(reg); }
-  void Include(const RegList list) {
-    wrapped_scope_.Include(CPURegList(kXRegSizeInBits, list));
+ public:
+  struct SavedData : public Base::SavedData {
+    CPURegList available_scratch_;
+    CPURegList available_fp_scratch_;
+  };
+
+  explicit TemporaryRegisterScope(MaglevAssembler* masm)
+      : Base(masm), scratch_scope_(masm) {}
+  explicit TemporaryRegisterScope(MaglevAssembler* masm,
+                                  const SavedData& saved_data)
+      : Base(masm, saved_data), scratch_scope_(masm) {
+    scratch_scope_.SetAvailable(saved_data.available_scratch_);
+    scratch_scope_.SetAvailableFP(saved_data.available_fp_scratch_);
   }
 
-  DoubleRegister AcquireDouble() { return wrapped_scope_.AcquireD(); }
-  void IncludeDouble(const DoubleRegList list) {
-    wrapped_scope_.IncludeFP(CPURegList(kDRegSizeInBits, list));
+  Register AcquireScratch() {
+    Register reg = scratch_scope_.AcquireX();
+    CHECK(!available_.has(reg));
+    return reg;
   }
-
-  RegList Available() {
-    return RegList::FromBits(wrapped_scope_.Available()->bits());
+  DoubleRegister AcquireScratchDouble() {
+    DoubleRegister reg = scratch_scope_.AcquireD();
+    CHECK(!available_double_.has(reg));
+    return reg;
   }
-  void SetAvailable(RegList list) {
-    wrapped_scope_.SetAvailable(CPURegList(kXRegSizeInBits, list));
+  void IncludeScratch(Register reg) { scratch_scope_.Include(reg); }
+
+  SavedData CopyForDefer() {
+    return SavedData{
+        CopyForDeferBase(),
+        *scratch_scope_.Available(),
+        *scratch_scope_.AvailableFP(),
+    };
   }
 
-  DoubleRegList AvailableDouble() {
-    uint64_t bits = wrapped_scope_.AvailableFP()->bits();
-    // AvailableFP fits in a 32 bits word.
-    DCHECK_LE(bits, std::numeric_limits<uint32_t>::max());
-    return DoubleRegList::FromBits(static_cast<uint32_t>(bits));
-  }
-  void SetAvailableDouble(DoubleRegList list) {
-    wrapped_scope_.SetAvailableFP(CPURegList(kDRegSizeInBits, list));
+  void ResetToDefaultImpl() {
+    scratch_scope_.SetAvailable(masm_->DefaultTmpList());
+    scratch_scope_.SetAvailableFP(masm_->DefaultFPTmpList());
   }
 
  private:
-  UseScratchRegisterScope wrapped_scope_;
-  MaglevAssembler* masm_;
-  ScratchRegisterScope* prev_scope_;
+  UseScratchRegisterScope scratch_scope_;
 };
 
 inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
                               size_t map_count)
     : masm_(masm), object_(object), map_count_(map_count) {
-  map_ = masm_->scratch_register_scope()->Acquire();
+  map_ = masm_->scratch_register_scope()->AcquireScratch();
   if (PointerCompressionIsEnabled()) {
     masm_->LoadCompressedMap(map_, object_);
   } else {
@@ -106,8 +102,8 @@ inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
 
 void MapCompare::Generate(Handle<Map> map, Condition cond, Label* if_true,
                           Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(masm_);
-  Register temp = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm_);
+  Register temp = temps.AcquireScratch();
   masm_->Move(temp, map);
   masm_->CmpTagged(map_, temp);
   masm_->JumpIf(cond, if_true, distance);
@@ -150,22 +146,22 @@ inline bool AlreadyInARegister(const Input& input) {
 
 template <typename Arg>
 inline Register ToRegister(MaglevAssembler* masm,
-                           MaglevAssembler::ScratchRegisterScope* scratch,
+                           MaglevAssembler::TemporaryRegisterScope* scratch,
                            Arg arg) {
-  Register reg = scratch->Acquire();
+  Register reg = scratch->AcquireScratch();
   masm->Move(reg, arg);
   return reg;
 }
 inline Register ToRegister(MaglevAssembler* masm,
-                           MaglevAssembler::ScratchRegisterScope* scratch,
+                           MaglevAssembler::TemporaryRegisterScope* scratch,
                            Register reg) {
   return reg;
 }
 inline Register ToRegister(MaglevAssembler* masm,
-                           MaglevAssembler::ScratchRegisterScope* scratch,
+                           MaglevAssembler::TemporaryRegisterScope* scratch,
                            const Input& input) {
   if (input.operand().IsConstant()) {
-    Register reg = scratch->Acquire();
+    Register reg = scratch->AcquireScratch();
     input.node()->LoadToRegister(masm, reg);
     return reg;
   }
@@ -175,7 +171,7 @@ inline Register ToRegister(MaglevAssembler* masm,
     return ToRegister(input);
   } else {
     DCHECK(operand.IsStackSlot());
-    Register reg = scratch->Acquire();
+    Register reg = scratch->AcquireScratch();
     masm->Move(reg, masm->ToMemOperand(input));
     return reg;
   }
@@ -265,7 +261,7 @@ inline void PushAligned(MaglevAssembler* masm, Arg1 arg1, Arg2 arg2) {
   if (AlreadyInARegister(arg1) || AlreadyInARegister(arg2)) {
     // If one of the operands is already in a register, there is no need
     // to reuse scratch registers, so two arguments can be pushed together.
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     masm->MacroAssembler::Push(ToRegister(masm, &temps, arg1),
                                ToRegister(masm, &temps, arg2));
     return;
@@ -275,11 +271,11 @@ inline void PushAligned(MaglevAssembler* masm, Arg1 arg1, Arg2 arg2) {
     // The second argument is not pushed together with the first so we can
     // re-use any scratch registers used to materialise the first argument for
     // the second one.
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     masm->MacroAssembler::Push(ToRegister(masm, &temps, arg1), padreg);
   }
   {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     masm->MacroAssembler::str(ToRegister(masm, &temps, arg2), MemOperand(sp));
   }
 }
@@ -434,8 +430,8 @@ inline Condition MaglevAssembler::IsRootConstant(Input input,
     CompareRoot(ToRegister(input), root_index);
   } else {
     DCHECK(input.operand().IsStackSlot());
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     Ldr(scratch, ToMemOperand(input));
     CompareRoot(scratch, root_index);
   }
@@ -470,8 +466,8 @@ inline void MaglevAssembler::BuildTypedArrayDataPointer(Register data_pointer,
       data_pointer,
       FieldMemOperand(object, JSTypedArray::kExternalPointerOffset));
   if (JSTypedArray::kMaxSizeInHeap == 0) return;
-  ScratchRegisterScope scope(this);
-  Register base = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register base = scope.AcquireScratch();
   if (COMPRESS_POINTERS_BOOL) {
     Ldr(base.W(), FieldMemOperand(object, JSTypedArray::kBasePointerOffset));
   } else {
@@ -521,8 +517,7 @@ inline void MaglevAssembler::LoadExternalPointerField(Register result,
 void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
                                             Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -533,8 +528,7 @@ void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
 void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
     Register result, Register array, Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -546,11 +540,11 @@ void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
 void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
                                                   Register array,
                                                   Register index) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_DOUBLE_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_DOUBLE_ARRAY_TYPE,
+                     AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -560,8 +554,8 @@ void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
 
 inline void MaglevAssembler::StoreFixedDoubleArrayElement(
     Register array, Register index, DoubleRegister value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   Add(scratch, array, Operand(index, LSL, kDoubleSizeLog2));
   Str(value, FieldMemOperand(scratch, FixedArray::kHeaderSize));
 }
@@ -609,8 +603,8 @@ inline void MaglevAssembler::StoreTaggedFieldNoWriteBarrier(Register object,
 
 inline void MaglevAssembler::StoreFixedArrayElementNoWriteBarrier(
     Register array, Register index, Register value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   Add(scratch, array, Operand(index, LSL, kTaggedSizeLog2));
   MacroAssembler::StoreTaggedField(
       value, FieldMemOperand(scratch, FixedArray::kHeaderSize));
@@ -624,8 +618,8 @@ inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
 
 inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
                                                     Tagged<Smi> value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   Mov(scratch, value);
   MacroAssembler::StoreTaggedField(scratch, FieldMemOperand(object, offset));
 }
@@ -636,8 +630,8 @@ inline void MaglevAssembler::StoreInt32Field(Register object, int offset,
     Str(wzr, FieldMemOperand(object, offset));
     return;
   }
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire().W();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch().W();
   Move(scratch, value);
   Str(scratch, FieldMemOperand(object, offset));
 }
@@ -655,6 +649,16 @@ inline void MaglevAssembler::StoreField(MemOperand operand, Register value,
   }
 }
 
+#ifdef V8_ENABLE_SANDBOX
+
+inline void MaglevAssembler::StoreTrustedPointerFieldNoWriteBarrier(
+    Register object, int offset, Register value) {
+  MacroAssembler::StoreTrustedPointerField(value,
+                                           FieldMemOperand(object, offset));
+}
+
+#endif  // V8_ENABLE_SANDBOX
+
 inline void MaglevAssembler::ReverseByteOrder(Register value, int size) {
   if (size == 2) {
     Rev16(value, value);
@@ -747,6 +751,9 @@ inline void MaglevAssembler::Move(Register dst, int32_t i) {
 inline void MaglevAssembler::Move(Register dst, uint32_t i) {
   Mov(dst.W(), Immediate(i));
 }
+inline void MaglevAssembler::Move(Register dst, IndirectPointerTag i) {
+  Mov(dst, Immediate(i));
+}
 inline void MaglevAssembler::Move(DoubleRegister dst, double n) {
   Fmov(dst, n);
 }
@@ -769,8 +776,8 @@ inline void MaglevAssembler::LoadFloat32(DoubleRegister dst, MemOperand src) {
   Fcvt(dst, dst.S());
 }
 inline void MaglevAssembler::StoreFloat32(MemOperand dst, DoubleRegister src) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister scratch = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister scratch = temps.AcquireScratchDouble();
   Fcvt(scratch.S(), src);
   Str(scratch.S(), dst);
 }
@@ -788,8 +795,8 @@ inline void MaglevAssembler::LoadUnalignedFloat64(DoubleRegister dst,
 }
 inline void MaglevAssembler::LoadUnalignedFloat64AndReverseByteOrder(
     DoubleRegister dst, Register base, Register index) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   Ldr(scratch, MemOperand(base, index));
   Rev(scratch, scratch);
   Fmov(dst, scratch);
@@ -801,8 +808,8 @@ inline void MaglevAssembler::StoreUnalignedFloat64(Register base,
 }
 inline void MaglevAssembler::ReverseByteOrderAndStoreUnalignedFloat64(
     Register base, Register index, DoubleRegister src) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   Fmov(scratch, src);
   Rev(scratch, scratch);
   Str(scratch, MemOperand(base, index));
@@ -818,8 +825,8 @@ inline void MaglevAssembler::NegateInt32(Register val) {
 inline void MaglevAssembler::ToUint8Clamped(Register result,
                                             DoubleRegister value, Label* min,
                                             Label* max, Label* done) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister scratch = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister scratch = temps.AcquireScratchDouble();
   Move(scratch, 0.0);
   Fcmp(scratch, value);
   // Set to 0 if NaN.
@@ -876,74 +883,143 @@ inline void MaglevAssembler::LoadInstanceType(Register instance_type,
        FieldMemOperand(instance_type, Map::kInstanceTypeOffset));
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndJumpIf(
-    Register heap_object, InstanceType type, Condition cond, Label* target,
-    Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  }
-  JumpIf(cond, target, distance);
+inline void MaglevAssembler::JumpIfObjectType(Register heap_object,
+                                              InstanceType type, Label* target,
+                                              Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndAssert(Register heap_object,
-                                                        InstanceType type,
-                                                        Condition cond,
-                                                        AbortReason reason) {
+inline void MaglevAssembler::JumpIfNotObjectType(Register heap_object,
+                                                 InstanceType type,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kNotEqual, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectType(Register heap_object,
+                                              InstanceType type,
+                                              AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   AssertNotSmi(heap_object);
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  }
-  Assert(cond, reason);
+  IsObjectType(heap_object, scratch, scratch, type);
+  Assert(kEqual, reason);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndBranch(
-    Register heap_object, InstanceType type, Condition condition,
+inline void MaglevAssembler::BranchOnObjectType(
+    Register heap_object, InstanceType type, Label* if_true,
+    Label::Distance true_distance, bool fallthrough_when_true, Label* if_false,
+    Label::Distance false_distance, bool fallthrough_when_false) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectType(heap_object, scratch, scratch, type);
+  Branch(kEqual, if_true, true_distance, fallthrough_when_true, if_false,
+         false_distance, fallthrough_when_false);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     Label* target,
+                                                     Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectTypeInRange(heap_object, scratch, lower_limit, higher_limit);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeNotInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
+    Label* target, Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectTypeInRange(heap_object, scratch, lower_limit, higher_limit);
+  JumpIf(kUnsignedGreaterThan, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  IsObjectTypeInRange(heap_object, scratch, lower_limit, higher_limit);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+
+inline void MaglevAssembler::BranchOnObjectTypeInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
     Label* if_true, Label::Distance true_distance, bool fallthrough_when_true,
     Label* if_false, Label::Distance false_distance,
     bool fallthrough_when_false) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (condition == kEqual || condition == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  }
-  Branch(condition, if_true, true_distance, fallthrough_when_true, if_false,
-         false_distance, fallthrough_when_false);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  IsObjectTypeInRange(heap_object, scratch, lower_limit, higher_limit);
+  Branch(kUnsignedLessThanEqual, if_true, true_distance, fallthrough_when_true,
+         if_false, false_distance, fallthrough_when_false);
+}
+
+#if V8_STATIC_ROOTS_BOOL
+inline void MaglevAssembler::JumpIfObjectInRange(Register heap_object,
+                                                 Tagged_t lower_limit,
+                                                 Tagged_t higher_limit,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, scratch, lower_limit, higher_limit);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
 }
 
+inline void MaglevAssembler::JumpIfObjectNotInRange(Register heap_object,
+                                                    Tagged_t lower_limit,
+                                                    Tagged_t higher_limit,
+                                                    Label* target,
+                                                    Label::Distance distance) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, scratch, lower_limit, higher_limit);
+  JumpIf(kUnsignedGreaterThan, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectInRange(Register heap_object,
+                                                 Tagged_t lower_limit,
+                                                 Tagged_t higher_limit,
+                                                 AbortReason reason) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, scratch, lower_limit, higher_limit);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+#endif
+
 inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
     Register heap_object, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::JumpIfJSAnyIsNotPrimitive(heap_object, scratch, target,
                                             distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  CompareObjectTypeRange(heap_object, scratch, lower_limit, higher_limit);
-}
-
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    Register scratch,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  LoadMap(scratch, heap_object);
-  CompareInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
-}
-
 inline void MaglevAssembler::CompareMapWithRoot(Register object,
                                                 RootIndex index,
                                                 Register scratch) {
@@ -958,8 +1034,8 @@ inline void MaglevAssembler::CompareMapWithRoot(Register object,
 
 inline void MaglevAssembler::CompareInstanceType(Register map,
                                                  InstanceType instance_type) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::CompareInstanceType(map, scratch, instance_type);
 }
 
@@ -1081,8 +1157,8 @@ void MaglevAssembler::JumpIfNotHoleNan(DoubleRegister value, Register scratch,
 
 void MaglevAssembler::JumpIfNotHoleNan(MemOperand operand, Label* target,
                                        Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
-  Register upper_bits = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(this);
+  Register upper_bits = temps.AcquireScratch();
   DCHECK(operand.IsImmediateOffset() && operand.shift_amount() == 0);
   Ldr(upper_bits.W(),
       MemOperand(operand.base(), operand.offset() + (kDoubleSize / 2),
@@ -1161,6 +1237,15 @@ inline void MaglevAssembler::CompareSmiAndJumpIf(Register r1, Tagged<Smi> value,
   CompareTaggedAndBranch(r1, Immediate(value), cond, target);
 }
 
+inline void MaglevAssembler::CompareSmiAndAssert(Register r1, Tagged<Smi> value,
+                                                 Condition cond,
+                                                 AbortReason reason) {
+  if (!v8_flags.debug_code) return;
+  AssertSmi(r1);
+  CmpTagged(r1, value);
+  Assert(cond, reason);
+}
+
 inline void MaglevAssembler::CompareByteAndJumpIf(MemOperand left, int8_t right,
                                                   Condition cond,
                                                   Register scratch,
@@ -1207,8 +1292,8 @@ inline void MaglevAssembler::CompareDoubleAndJumpIfZeroOrNaN(
 
 inline void MaglevAssembler::CompareDoubleAndJumpIfZeroOrNaN(
     MemOperand operand, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister value_double = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister value_double = temps.AcquireScratchDouble();
   Ldr(value_double, operand);
   CompareDoubleAndJumpIfZeroOrNaN(value_double, target, distance);
 }
@@ -1220,8 +1305,8 @@ inline void MaglevAssembler::TestInt32AndJumpIfAnySet(
 
 inline void MaglevAssembler::TestInt32AndJumpIfAnySet(
     MemOperand operand, int32_t mask, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register value = temps.Acquire().W();
+  TemporaryRegisterScope temps(this);
+  Register value = temps.AcquireScratch().W();
   Ldr(value, operand);
   TestAndBranchIfAnySet(value, mask, target);
 }
@@ -1233,8 +1318,8 @@ inline void MaglevAssembler::TestInt32AndJumpIfAllClear(
 
 inline void MaglevAssembler::TestInt32AndJumpIfAllClear(
     MemOperand operand, int32_t mask, Label* target, Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register value = temps.Acquire().W();
+  TemporaryRegisterScope temps(this);
+  Register value = temps.AcquireScratch().W();
   Ldr(value, operand);
   TestAndBranchIfAllClear(value, mask, target);
 }
@@ -1258,8 +1343,8 @@ inline void MaglevAssembler::Pop(Register dst) { Pop(dst, padreg); }
 
 inline void MaglevAssembler::AssertStackSizeCorrect() {
   if (v8_flags.debug_code) {
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     Add(scratch, sp,
         RoundUp<2 * kSystemPointerSize>(
             code_gen_state()->stack_slots() * kSystemPointerSize +
@@ -1271,13 +1356,13 @@ inline void MaglevAssembler::AssertStackSizeCorrect() {
 
 inline Condition MaglevAssembler::FunctionEntryStackCheck(
     int stack_check_offset) {
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   Register stack_cmp_reg = sp;
   if (stack_check_offset >= kStackLimitSlackForDeoptimizationInBytes) {
-    stack_cmp_reg = temps.Acquire();
+    stack_cmp_reg = temps.AcquireScratch();
     Sub(stack_cmp_reg, sp, stack_check_offset);
   }
-  Register interrupt_stack_limit = temps.Acquire();
+  Register interrupt_stack_limit = temps.AcquireScratch();
   LoadStackLimit(interrupt_stack_limit, StackLimitKind::kInterruptStackLimit);
   Cmp(stack_cmp_reg, interrupt_stack_limit);
   return kUnsignedGreaterThanEqual;
@@ -1331,8 +1416,8 @@ inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
 template <>
 inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
                                       MemOperand dst, MemOperand src) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MoveRepr(repr, scratch, src);
   MoveRepr(repr, dst, scratch);
 }
diff --git a/deps/v8/src/maglev/arm64/maglev-assembler-arm64.cc b/deps/v8/src/maglev/arm64/maglev-assembler-arm64.cc
index a11f26b851dd51..edb466b7498f54 100644
--- a/deps/v8/src/maglev/arm64/maglev-assembler-arm64.cc
+++ b/deps/v8/src/maglev/arm64/maglev-assembler-arm64.cc
@@ -41,8 +41,8 @@ void AllocateRaw(MaglevAssembler* masm, Isolate* isolate,
   ExternalReference top = SpaceAllocationTopAddress(isolate, alloc_type);
   ExternalReference limit = SpaceAllocationLimitAddress(isolate, alloc_type);
   ZoneLabelRef done(masm);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   // We are a bit short on registers, so we use the same register for {object}
   // and {new_top}. Once we have defined {new_top}, we don't use {object} until
   // {new_top} is used for the last time. And there (at the end of this
@@ -92,8 +92,8 @@ void MaglevAssembler::OSRPrologue(Graph* graph) {
   if (source_frame_size % 2 == 0) source_frame_size++;
 
   if (v8_flags.maglev_assert_stack_size && v8_flags.debug_code) {
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     Add(scratch, sp,
         source_frame_size * kSystemPointerSize +
             StandardFrameConstants::kFixedFrameSizeFromFp);
@@ -126,7 +126,7 @@ void MaglevAssembler::OSRPrologue(Graph* graph) {
 }
 
 void MaglevAssembler::Prologue(Graph* graph) {
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   //  We add two extra registers to the scope. Ideally we could add all the
   //  allocatable general registers, except Context, JSFunction, NewTarget and
   //  ArgCount. Unfortunately, OptimizeCodeOrTailCallOptimizedCodeSlot and
@@ -194,8 +194,8 @@ void MaglevAssembler::Prologue(Graph* graph) {
         Push(xzr, xzr);
       }
     } else {
-      ScratchRegisterScope temps(this);
-      Register count = temps.Acquire();
+      TemporaryRegisterScope temps(this);
+      Register count = temps.AcquireScratch();
       // Extract the first few slots to round to the unroll size.
       int first_slots = tagged_two_slots_count % kLoopUnrollSize;
       for (int i = 0; i < first_slots; ++i) {
@@ -235,8 +235,8 @@ void MaglevAssembler::MaybeEmitDeoptBuiltinsCall(size_t eager_deopt_count,
       false, false,
       static_cast<int>(deopt_count) * Deoptimizer::kLazyDeoptExitSize);
 
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch();
   if (eager_deopt_count > 0) {
     Bind(eager_deopt_entry);
     LoadEntryFromBuiltin(Builtin::kDeoptimizationEntry_Eager, scratch);
@@ -309,7 +309,7 @@ void MaglevAssembler::StringFromCharCode(RegisterSnapshot register_snapshot,
 void MaglevAssembler::StringCharCodeOrCodePointAt(
     BuiltinStringPrototypeCharCodeOrCodePointAt::Mode mode,
     RegisterSnapshot& register_snapshot, Register result, Register string,
-    Register index, Register instance_type, Register scratch2,
+    Register index, Register scratch1, Register scratch2,
     Label* result_fits_one_byte) {
   ZoneLabelRef done(this);
   Label seq_string;
@@ -352,26 +352,58 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   bind(&loop);
 
   if (v8_flags.debug_code) {
-    Register scratch = instance_type;
-
     // Check if {string} is a string.
-    AssertNotSmi(string);
-    LoadMap(scratch, string);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_STRING_TYPE,
-                             LAST_STRING_TYPE);
-    Check(ls, AbortReason::kUnexpectedValue);
-
-    Ldr(scratch.W(), FieldMemOperand(string, offsetof(String, length_)));
-    Cmp(index.W(), scratch.W());
+    AssertObjectTypeInRange(string, FIRST_STRING_TYPE, LAST_STRING_TYPE,
+                            AbortReason::kUnexpectedValue);
+
+    Ldr(scratch1.W(), FieldMemOperand(string, offsetof(String, length_)));
+    Cmp(index.W(), scratch1.W());
     Check(lo, AbortReason::kUnexpectedValue);
   }
 
+#if V8_STATIC_ROOTS_BOOL
+  Register map = scratch1.W();
+  LoadMapForCompare(map, string);
+#else
+  Register instance_type = scratch1;
   // Get instance type.
   LoadInstanceType(instance_type, string);
+#endif
 
   {
-    ScratchRegisterScope temps(this);
-    Register representation = temps.Acquire().W();
+#if V8_STATIC_ROOTS_BOOL
+    using StringTypeRange = InstanceTypeChecker::kUniqueMapRangeOfStringType;
+    // Check the string map ranges in dense increasing order, to avoid needing
+    // to subtract away the lower bound.
+    static_assert(StringTypeRange::kSeqString.first == 0);
+    CompareInt32AndJumpIf(map, StringTypeRange::kSeqString.second,
+                          kUnsignedLessThanEqual, &seq_string, Label::kNear);
+
+    static_assert(StringTypeRange::kSeqString.second + Map::kSize ==
+                  StringTypeRange::kExternalString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kExternalString.second,
+                          kUnsignedLessThanEqual, deferred_runtime_call);
+    // TODO(victorgomes): Add fast path for external strings.
+
+    static_assert(StringTypeRange::kExternalString.second + Map::kSize ==
+                  StringTypeRange::kConsString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kConsString.second,
+                          kUnsignedLessThanEqual, &cons_string, Label::kNear);
+
+    static_assert(StringTypeRange::kConsString.second + Map::kSize ==
+                  StringTypeRange::kSlicedString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kSlicedString.second,
+                          kUnsignedLessThanEqual, &sliced_string, Label::kNear);
+
+    static_assert(StringTypeRange::kSlicedString.second + Map::kSize ==
+                  StringTypeRange::kThinString.first);
+    // No need to check for thin strings, they're the last string map.
+    static_assert(StringTypeRange::kThinString.second ==
+                  InstanceTypeChecker::kStringMapUpperBound);
+    // Fallthrough to thin string.
+#else
+    TemporaryRegisterScope temps(this);
+    Register representation = temps.AcquireScratch().W();
 
     // TODO(victorgomes): Add fast path for external strings.
     And(representation, instance_type.W(),
@@ -385,6 +417,7 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
     CompareAndBranch(representation, Immediate(kThinStringTag), kNotEqual,
                      deferred_runtime_call);
     // Fallthrough to thin string.
+#endif
   }
 
   // Is a thin string.
@@ -395,8 +428,8 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
 
   bind(&sliced_string);
   {
-    ScratchRegisterScope temps(this);
-    Register offset = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register offset = temps.AcquireScratch();
 
     LoadAndUntagTaggedSignedField(offset, string,
                                   offsetof(SlicedString, offset_));
@@ -409,7 +442,7 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   {
     // Reuse {instance_type} register here, since CompareRoot requires a scratch
     // register as well.
-    Register second_string = instance_type;
+    Register second_string = scratch1;
     LoadTaggedFieldWithoutDecompressing(second_string, string,
                                         offsetof(ConsString, second_));
     CompareRoot(second_string, RootIndex::kempty_string);
@@ -421,7 +454,18 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   bind(&seq_string);
   {
     Label two_byte_string;
+#if V8_STATIC_ROOTS_BOOL
+    if (InstanceTypeChecker::kTwoByteStringMapBit == 0) {
+      TestInt32AndJumpIfAllClear(map,
+                                 InstanceTypeChecker::kStringMapEncodingMask,
+                                 &two_byte_string, Label::kNear);
+    } else {
+      TestInt32AndJumpIfAnySet(map, InstanceTypeChecker::kStringMapEncodingMask,
+                               &two_byte_string, Label::kNear);
+    }
+#else
     TestAndBranchIfAllClear(instance_type, kOneByteStringTag, &two_byte_string);
+#endif
     // The result of one-byte string will be the same for both modes
     // (CharCodeAt/CodePointAt), since it cannot be the first half of a
     // surrogate pair.
@@ -431,7 +475,7 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
 
     bind(&two_byte_string);
     // {instance_type} is unused from this point, so we can use as scratch.
-    Register scratch = instance_type;
+    Register scratch = scratch1;
     Lsl(scratch, index, 1);
     Add(scratch, scratch,
         OFFSET_OF_DATA_START(SeqTwoByteString) - kHeapObjectTag);
@@ -537,8 +581,8 @@ void MaglevAssembler::TruncateDoubleToInt32(Register dst, DoubleRegister src) {
 
 void MaglevAssembler::TryTruncateDoubleToInt32(Register dst, DoubleRegister src,
                                                Label* fail) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister converted_back = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister converted_back = temps.AcquireScratchDouble();
 
   // Convert the input float64 value to int32.
   Fcvtzs(dst.W(), src);
@@ -554,7 +598,7 @@ void MaglevAssembler::TryTruncateDoubleToInt32(Register dst, DoubleRegister src,
   Cbnz(dst, &check_done);
 
   // In case of 0, we need to check for the IEEE 0 pattern (which is all zeros).
-  Register input_bits = temps.Acquire();
+  Register input_bits = temps.AcquireScratch();
   Fmov(input_bits, src);
   Cbnz(input_bits, fail);
 
@@ -564,8 +608,8 @@ void MaglevAssembler::TryTruncateDoubleToInt32(Register dst, DoubleRegister src,
 void MaglevAssembler::TryTruncateDoubleToUint32(Register dst,
                                                 DoubleRegister src,
                                                 Label* fail) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister converted_back = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister converted_back = temps.AcquireScratchDouble();
 
   // Convert the input float64 value to uint32.
   Fcvtzu(dst.W(), src);
@@ -581,7 +625,7 @@ void MaglevAssembler::TryTruncateDoubleToUint32(Register dst,
   Cbnz(dst, &check_done);
 
   // In case of 0, we need to check for the IEEE 0 pattern (which is all zeros).
-  Register input_bits = temps.Acquire();
+  Register input_bits = temps.AcquireScratch();
   Fmov(input_bits, src);
   Cbnz(input_bits, fail);
 
@@ -591,8 +635,8 @@ void MaglevAssembler::TryTruncateDoubleToUint32(Register dst,
 void MaglevAssembler::TryChangeFloat64ToIndex(Register result,
                                               DoubleRegister value,
                                               Label* success, Label* fail) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister converted_back = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister converted_back = temps.AcquireScratchDouble();
   // Convert the input float64 value to int32.
   Fcvtzs(result.W(), value);
   // Convert that int32 value back to float64.
diff --git a/deps/v8/src/maglev/arm64/maglev-ir-arm64.cc b/deps/v8/src/maglev/arm64/maglev-ir-arm64.cc
index 0919f3268ea7ee..13963769360056 100644
--- a/deps/v8/src/maglev/arm64/maglev-ir-arm64.cc
+++ b/deps/v8/src/maglev/arm64/maglev-ir-arm64.cc
@@ -105,7 +105,7 @@ void BuiltinStringFromCharCode::SetValueLocationConstraints() {
 }
 void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register result_string = ToRegister(result());
   if (Int32Constant* constant = code_input().node()->TryCast<Int32Constant>()) {
@@ -113,21 +113,11 @@ void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
     if (0 <= char_code && char_code < String::kMaxOneByteCharCode) {
       __ LoadSingleCharacterString(result_string, char_code);
     } else {
-      // Ensure that {result_string} never aliases {scratch}, otherwise the
-      // store will fail.
-      bool reallocate_result = scratch.Aliases(result_string);
-      if (reallocate_result) {
-        result_string = temps.Acquire();
-      }
-      DCHECK(!scratch.Aliases(result_string));
       __ AllocateTwoByteString(register_snapshot(), result_string, 1);
       __ Move(scratch, char_code);
       __ Strh(scratch.W(),
               FieldMemOperand(result_string,
                               OFFSET_OF_DATA_START(SeqTwoByteString)));
-      if (reallocate_result) {
-        __ Move(ToRegister(result()), result_string);
-      }
     }
   } else {
     __ StringFromCharCode(register_snapshot(), nullptr, result_string,
@@ -227,11 +217,11 @@ void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
 
   // TODO(leszeks): peephole optimise multiplication by a constant.
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   bool out_alias_input = out == left || out == right;
   Register res = out.X();
   if (out_alias_input) {
-    res = temps.Acquire();
+    res = temps.AcquireScratch();
   }
 
   __ Smull(res, left, right);
@@ -245,8 +235,8 @@ void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
   Label end;
   __ CompareAndBranch(res, Immediate(0), ne, &end);
   {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    Register temp = temps.Acquire().W();
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    Register temp = temps.AcquireScratch().W();
     __ Orr(temp, left, right);
     // If one of them is negative, we must have a -0 result, which is non-int32,
     // so deopt.
@@ -313,16 +303,16 @@ void Int32DivideWithOverflow::GenerateCode(MaglevAssembler* masm,
   __ Bind(*done);
 
   // Perform the actual integer division.
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   bool out_alias_input = out == left || out == right;
   Register res = out;
   if (out_alias_input) {
-    res = temps.Acquire().W();
+    res = temps.AcquireScratch().W();
   }
   __ Sdiv(res, left, right);
 
   // Check that the remainder is zero.
-  Register temp = temps.Acquire().W();
+  Register temp = temps.AcquireScratch().W();
   __ Msub(temp, res, right, left);
   __ CompareAndBranch(temp, Immediate(0), ne,
                       __ GetDeoptLabel(this, DeoptimizeReason::kNotInt32));
@@ -396,8 +386,8 @@ void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
       lt,
       [](MaglevAssembler* masm, ZoneLabelRef done, Register lhs, Register rhs,
          Register out, Int32ModulusWithOverflow* node) {
-        MaglevAssembler::ScratchRegisterScope temps(masm);
-        Register res = temps.Acquire().W();
+        MaglevAssembler::TemporaryRegisterScope temps(masm);
+        Register res = temps.AcquireScratch().W();
         __ Neg(lhs, lhs);
         __ Udiv(res, lhs, rhs);
         __ Msub(out, res, rhs, lhs);
@@ -410,8 +400,8 @@ void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
       done, lhs, rhs, out, this);
 
   Label rhs_not_power_of_2;
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register mask = temps.Acquire().W();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register mask = temps.AcquireScratch().W();
   __ Add(mask, rhs, Immediate(-1));
   __ Tst(mask, rhs);
   __ JumpIf(ne, &rhs_not_power_of_2);
@@ -587,9 +577,9 @@ void Float64Round::GenerateCode(MaglevAssembler* masm,
   DoubleRegister in = ToDoubleRegister(input());
   DoubleRegister out = ToDoubleRegister(result());
   if (kind_ == Kind::kNearest) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    DoubleRegister temp = temps.AcquireDouble();
-    DoubleRegister half_one = temps.AcquireDouble();
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    DoubleRegister temp = temps.AcquireScratchDouble();
+    DoubleRegister half_one = temps.AcquireScratchDouble();
     __ Move(temp, in);
     // Frintn rounds to even on tie, while JS expects it to round towards
     // +Infinity. Fix the difference by checking if we rounded down by exactly
@@ -643,8 +633,8 @@ void LoadTypedArrayLength::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(receiver_input());
   Register result_register = ToRegister(result());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_TYPED_ARRAY_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_TYPED_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
   __ LoadBoundedSizeFromObject(result_register, object,
                                JSTypedArray::kRawByteLengthOffset);
@@ -665,12 +655,12 @@ void CheckJSDataViewBounds::SetValueLocationConstraints() {
 }
 void CheckJSDataViewBounds::GenerateCode(MaglevAssembler* masm,
                                          const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(receiver_input());
   Register index = ToRegister(index_input());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_DATA_VIEW_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
   // Normal DataView (backed by AB / SAB) or non-length tracking backed by GSAB.
@@ -756,7 +746,7 @@ void HandleInterruptsAndTiering(MaglevAssembler* masm, ZoneLabelRef done,
 
 void GenerateReduceInterruptBudget(MaglevAssembler* masm, Node* node,
                                    ReduceInterruptBudgetType type, int amount) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register feedback_cell = scratch;
   Register budget = temps.Acquire().W();
diff --git a/deps/v8/src/maglev/maglev-assembler-inl.h b/deps/v8/src/maglev/maglev-assembler-inl.h
index fb0229a9d6b73e..a885ba9d36b288 100644
--- a/deps/v8/src/maglev/maglev-assembler-inl.h
+++ b/deps/v8/src/maglev/maglev-assembler-inl.h
@@ -162,22 +162,20 @@ class DeferredCodeInfoImpl final : public DeferredCodeInfo {
       typename FunctionArgumentsTupleHelper<Function>::Tuple>::Stripped;
 
   template <typename... InArgs>
-  explicit DeferredCodeInfoImpl(MaglevCompilationInfo* compilation_info,
-                                RegList general_temporaries,
-                                DoubleRegList double_temporaries,
-                                FunctionPointer function, InArgs&&... args)
+  explicit DeferredCodeInfoImpl(
+      MaglevCompilationInfo* compilation_info,
+      MaglevAssembler::TemporaryRegisterScope::SavedData deferred_scratch,
+      FunctionPointer function, InArgs&&... args)
       : function(function),
         args(CopyForDeferred(compilation_info, std::forward<InArgs>(args))...),
-        general_temporaries_(general_temporaries),
-        double_temporaries_(double_temporaries) {}
+        deferred_scratch_(deferred_scratch) {}
 
   DeferredCodeInfoImpl(DeferredCodeInfoImpl&&) = delete;
   DeferredCodeInfoImpl(const DeferredCodeInfoImpl&) = delete;
 
   void Generate(MaglevAssembler* masm) override {
-    MaglevAssembler::ScratchRegisterScope scratch_scope(masm);
-    scratch_scope.SetAvailable(general_temporaries_);
-    scratch_scope.SetAvailableDouble(double_temporaries_);
+    MaglevAssembler::TemporaryRegisterScope scratch_scope(masm,
+                                                          deferred_scratch_);
 #ifdef DEBUG
     masm->set_allow_call(allow_call_);
     masm->set_allow_deferred_call(allow_call_);
@@ -200,8 +198,7 @@ class DeferredCodeInfoImpl final : public DeferredCodeInfo {
  private:
   FunctionPointer function;
   Tuple args;
-  RegList general_temporaries_;
-  DoubleRegList double_temporaries_;
+  MaglevAssembler::TemporaryRegisterScope::SavedData deferred_scratch_;
 
 #ifdef DEBUG
   bool allow_call_ = false;
@@ -224,12 +221,11 @@ inline Label* MaglevAssembler::MakeDeferredCode(Function&& deferred_code_gen,
       "Parameters of deferred_code_gen function should match arguments into "
       "MakeDeferredCode");
 
-  ScratchRegisterScope scratch_scope(this);
+  TemporaryRegisterScope scratch_scope(this);
   using DeferredCodeInfoT = detail::DeferredCodeInfoImpl<Function>;
   DeferredCodeInfoT* deferred_code =
       compilation_info()->zone()->New<DeferredCodeInfoT>(
-          compilation_info(), scratch_scope.Available(),
-          scratch_scope.AvailableDouble(), deferred_code_gen,
+          compilation_info(), scratch_scope.CopyForDefer(), deferred_code_gen,
           std::forward<Args>(args)...);
 
 #ifdef DEBUG
@@ -665,7 +661,7 @@ inline void MaglevAssembler::CallBuiltin(Builtin builtin) {
 
   // Temporaries have to be reset before calling CallBuiltin, in case it uses
   // temporaries that alias register parameters.
-  ScratchRegisterScope reset_temps(this);
+  TemporaryRegisterScope reset_temps(this);
   reset_temps.ResetToDefault();
 
   // Make sure that none of the register parameters alias the default
@@ -692,7 +688,7 @@ inline void MaglevAssembler::CallRuntime(Runtime::FunctionId fid) {
   DCHECK(allow_call());
   // Temporaries have to be reset before calling CallRuntime, in case it uses
   // temporaries that alias register parameters.
-  ScratchRegisterScope reset_temps(this);
+  TemporaryRegisterScope reset_temps(this);
   reset_temps.ResetToDefault();
   MacroAssembler::CallRuntime(fid);
 }
@@ -702,14 +698,14 @@ inline void MaglevAssembler::CallRuntime(Runtime::FunctionId fid,
   DCHECK(allow_call());
   // Temporaries have to be reset before calling CallRuntime, in case it uses
   // temporaries that alias register parameters.
-  ScratchRegisterScope reset_temps(this);
+  TemporaryRegisterScope reset_temps(this);
   reset_temps.ResetToDefault();
   MacroAssembler::CallRuntime(fid, num_args);
 }
 
 inline void MaglevAssembler::SetMapAsRoot(Register object, RootIndex map) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.GetDefaultScratchRegister();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   LoadTaggedRoot(scratch, map);
   StoreTaggedFieldNoWriteBarrier(object, HeapObject::kMapOffset, scratch);
 }
@@ -811,7 +807,7 @@ inline void MaglevAssembler::JumpIfStringMap(Register map, Label* target,
   // All string maps are allocated at the start of the read only heap. Thus,
   // non-strings must have maps with larger (compressed) addresses.
   CompareInt32AndJumpIf(
-      map, InstanceTypeChecker::kLastStringMap,
+      map, InstanceTypeChecker::kStringMapUpperBound,
       jump_if_true ? kUnsignedLessThanEqual : kUnsignedGreaterThan, target,
       distance);
 #else
@@ -827,8 +823,8 @@ inline void MaglevAssembler::JumpIfStringMap(Register map, Label* target,
 
 inline void MaglevAssembler::JumpIfString(Register heap_object, Label* target,
                                           Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.GetDefaultScratchRegister();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
 #ifdef V8_COMPRESS_POINTERS
   LoadCompressedMap(scratch, heap_object);
 #else
@@ -840,8 +836,8 @@ inline void MaglevAssembler::JumpIfString(Register heap_object, Label* target,
 inline void MaglevAssembler::JumpIfNotString(Register heap_object,
                                              Label* target,
                                              Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.GetDefaultScratchRegister();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
 #ifdef V8_COMPRESS_POINTERS
   LoadCompressedMap(scratch, heap_object);
 #else
@@ -854,39 +850,16 @@ inline void MaglevAssembler::CheckJSAnyIsStringAndBranch(
     Register heap_object, Label* if_true, Label::Distance true_distance,
     bool fallthrough_when_true, Label* if_false, Label::Distance false_distance,
     bool fallthrough_when_false) {
-#if V8_STATIC_ROOTS_BOOL
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.GetDefaultScratchRegister();
-  // All string maps are allocated at the start of the read only heap. Thus,
-  // non-strings must have maps with larger (compressed) addresses.
-#ifdef V8_COMPRESS_POINTERS
-  LoadCompressedMap(scratch, heap_object);
-#else
-  LoadMap(scratch, heap_object);
-#endif
-  CompareInt32AndBranch(scratch, InstanceTypeChecker::kLastStringMap,
-                        kUnsignedLessThanEqual, if_true, true_distance,
-                        fallthrough_when_true, if_false, false_distance,
-                        fallthrough_when_false);
-#else
-  static_assert(FIRST_STRING_TYPE == FIRST_TYPE);
-  CompareObjectTypeAndBranch(heap_object, LAST_STRING_TYPE,
-                             kUnsignedLessThanEqual, if_true, true_distance,
-                             fallthrough_when_true, if_false, false_distance,
-                             fallthrough_when_false);
-#endif
+  BranchOnObjectTypeInRange(heap_object, FIRST_STRING_TYPE, LAST_STRING_TYPE,
+                            if_true, true_distance, fallthrough_when_true,
+                            if_false, false_distance, fallthrough_when_false);
 }
 
 inline void MaglevAssembler::StringLength(Register result, Register string) {
   if (v8_flags.debug_code) {
     // Check if {string} is a string.
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.GetDefaultScratchRegister();
-    AssertNotSmi(string);
-    LoadMap(scratch, string);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_STRING_TYPE,
-                             LAST_STRING_TYPE);
-    Check(kUnsignedLessThanEqual, AbortReason::kUnexpectedValue);
+    AssertObjectTypeInRange(string, FIRST_STRING_TYPE, LAST_STRING_TYPE,
+                            AbortReason::kUnexpectedValue);
   }
   LoadSignedField(result, FieldMemOperand(string, offsetof(String, length_)),
                   sizeof(int32_t));
diff --git a/deps/v8/src/maglev/maglev-assembler.cc b/deps/v8/src/maglev/maglev-assembler.cc
index c21d204643787e..8992283f92a439 100644
--- a/deps/v8/src/maglev/maglev-assembler.cc
+++ b/deps/v8/src/maglev/maglev-assembler.cc
@@ -4,6 +4,8 @@
 
 #include "src/maglev/maglev-assembler.h"
 
+#include "src/builtins/builtins-inl.h"
+#include "src/codegen/reglist.h"
 #include "src/maglev/maglev-assembler-inl.h"
 #include "src/maglev/maglev-code-generator.h"
 #include "src/numbers/conversions.h"
@@ -161,8 +163,8 @@ void MaglevAssembler::EnsureWritableFastElements(
 void MaglevAssembler::ToBoolean(Register value, CheckType check_type,
                                 ZoneLabelRef is_true, ZoneLabelRef is_false,
                                 bool fallthrough_when_true) {
-  ScratchRegisterScope temps(this);
-  Register map = temps.GetDefaultScratchRegister();
+  TemporaryRegisterScope temps(this);
+  Register map = temps.AcquireScratch();
 
   if (check_type == CheckType::kCheckHeapObject) {
     // Check if {{value}} is Smi.
@@ -185,6 +187,8 @@ void MaglevAssembler::ToBoolean(Register value, CheckType check_type,
   // Undefined is the first root, so it's the smallest possible pointer
   // value, which means we don't have to subtract it for the range check.
   ReadOnlyRoots roots(isolate_);
+  static_assert(StaticReadOnlyRoot::kFirstAllocatedRoot ==
+                StaticReadOnlyRoot::kUndefinedValue);
   static_assert(StaticReadOnlyRoot::kUndefinedValue + sizeof(Undefined) ==
                 StaticReadOnlyRoot::kNullValue);
   static_assert(StaticReadOnlyRoot::kNullValue + sizeof(Null) ==
@@ -253,8 +257,8 @@ void MaglevAssembler::ToBoolean(Register value, CheckType check_type,
              MakeDeferredCode(
                  [](MaglevAssembler* masm, Register value, Register map,
                     ZoneLabelRef is_true, ZoneLabelRef is_false) {
-                   ScratchRegisterScope temps(masm);
-                   temps.Include(map);
+                   TemporaryRegisterScope temps(masm);
+                   temps.IncludeScratch(map);
                    __ TestInt32AndJumpIfAllClear(
                        FieldMemOperand(value, offsetof(BigInt, bitfield_)),
                        BigInt::LengthBits::kMask, *is_false);
@@ -278,6 +282,15 @@ void MaglevAssembler::MaterialiseValueNode(Register dst, ValueNode* value) {
       }
       return;
     }
+    case Opcode::kUint32Constant: {
+      uint32_t uint_value = value->Cast<Uint32Constant>()->value();
+      if (Smi::IsValid(uint_value)) {
+        Move(dst, Smi::FromInt(uint_value));
+      } else {
+        MoveHeapNumber(dst, uint_value);
+      }
+      return;
+    }
     case Opcode::kFloat64Constant: {
       double double_value =
           value->Cast<Float64Constant>()->value().get_scalar();
@@ -300,8 +313,8 @@ void MaglevAssembler::MaterialiseValueNode(Register dst, ValueNode* value) {
   switch (value->properties().value_representation()) {
     case ValueRepresentation::kInt32: {
       Label done;
-      ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       Move(scratch, src);
       SmiTagInt32AndJumpIfSuccess(dst, scratch, &done, Label::kNear);
       // If smi tagging fails, instead of bailing out (deopting), we change
@@ -314,8 +327,8 @@ void MaglevAssembler::MaterialiseValueNode(Register dst, ValueNode* value) {
     }
     case ValueRepresentation::kUint32: {
       Label done;
-      ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       Move(scratch, src);
       SmiTagUint32AndJumpIfSuccess(dst, scratch, &done, Label::kNear);
       // If smi tagging fails, instead of bailing out (deopting), we change
@@ -358,13 +371,13 @@ void MaglevAssembler::TestTypeOf(
   if (fallthrough_when_true && fallthrough_when_false) return;
 
   // IMPORTANT: Note that `object` could be a register that aliases registers in
-  // the ScratchRegisterScope. Make sure that all reads of `object` are before
+  // the TemporaryRegisterScope. Make sure that all reads of `object` are before
   // any writes to scratch registers
   using LiteralFlag = interpreter::TestTypeOfFlags::LiteralFlag;
   switch (literal) {
     case LiteralFlag::kNumber: {
-      MaglevAssembler::ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      MaglevAssembler::TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       JumpIfSmi(object, is_true, true_distance);
       CompareMapWithRoot(object, RootIndex::kHeapNumberMap, scratch);
       Branch(kEqual, is_true, true_distance, fallthrough_when_true, is_false,
@@ -380,9 +393,9 @@ void MaglevAssembler::TestTypeOf(
     }
     case LiteralFlag::kSymbol: {
       JumpIfSmi(object, is_false, false_distance);
-      CompareObjectTypeAndBranch(object, SYMBOL_TYPE, kEqual, is_true,
-                                 true_distance, fallthrough_when_true, is_false,
-                                 false_distance, fallthrough_when_false);
+      BranchOnObjectType(object, SYMBOL_TYPE, is_true, true_distance,
+                         fallthrough_when_true, is_false, false_distance,
+                         fallthrough_when_false);
       return;
     }
     case LiteralFlag::kBoolean:
@@ -393,14 +406,14 @@ void MaglevAssembler::TestTypeOf(
       return;
     case LiteralFlag::kBigInt: {
       JumpIfSmi(object, is_false, false_distance);
-      CompareObjectTypeAndBranch(object, BIGINT_TYPE, kEqual, is_true,
-                                 true_distance, fallthrough_when_true, is_false,
-                                 false_distance, fallthrough_when_false);
+      BranchOnObjectType(object, BIGINT_TYPE, is_true, true_distance,
+                         fallthrough_when_true, is_false, false_distance,
+                         fallthrough_when_false);
       return;
     }
     case LiteralFlag::kUndefined: {
-      MaglevAssembler::ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      MaglevAssembler::TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       // Make sure `object` isn't a valid temp here, since we re-use it.
       DCHECK(!temps.Available().has(object));
       JumpIfSmi(object, is_false, false_distance);
@@ -415,8 +428,8 @@ void MaglevAssembler::TestTypeOf(
       return;
     }
     case LiteralFlag::kFunction: {
-      MaglevAssembler::ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      MaglevAssembler::TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       JumpIfSmi(object, is_false, false_distance);
       // Check if callable bit is set and not undetectable.
       LoadMap(scratch, object);
@@ -426,8 +439,8 @@ void MaglevAssembler::TestTypeOf(
       return;
     }
     case LiteralFlag::kObject: {
-      MaglevAssembler::ScratchRegisterScope temps(this);
-      Register scratch = temps.GetDefaultScratchRegister();
+      MaglevAssembler::TemporaryRegisterScope temps(this);
+      Register scratch = temps.AcquireScratch();
       JumpIfSmi(object, is_false, false_distance);
       // If the object is null then return true.
       JumpIfRoot(object, RootIndex::kNullValue, is_true, true_distance);
@@ -468,8 +481,8 @@ void MaglevAssembler::CheckAndEmitDeferredWriteBarrier(
         {
           // Use the value as the scratch register if possible, since
           // CheckPageFlag emits slightly better code when value == scratch.
-          MaglevAssembler::ScratchRegisterScope temp(masm);
-          Register scratch = temp.GetDefaultScratchRegister();
+          MaglevAssembler::TemporaryRegisterScope temp(masm);
+          Register scratch = temp.AcquireScratch();
           if (value != object && !register_snapshot.live_registers.has(value)) {
             scratch = value;
           }
@@ -482,6 +495,11 @@ void MaglevAssembler::CheckAndEmitDeferredWriteBarrier(
         Register slot_reg = WriteBarrierDescriptor::SlotAddressRegister();
 
         RegList saved;
+        // The RecordWrite stub promises to restore all allocatable registers,
+        // but not necessarily non-allocatable registers like temporaries. Make
+        // sure we're not trying to keep any non-allocatable registers alive.
+        CHECK((register_snapshot.live_registers - kAllocatableGeneralRegisters)
+                  .is_empty());
         if (object != stub_object_reg &&
             register_snapshot.live_registers.has(stub_object_reg)) {
           saved.set(stub_object_reg);
@@ -522,14 +540,74 @@ void MaglevAssembler::CheckAndEmitDeferredWriteBarrier(
     AssertNotSmi(value);
   }
 
-  MaglevAssembler::ScratchRegisterScope temp(this);
-  Register scratch = temp.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temp(this);
+  Register scratch = temp.AcquireScratch();
   CheckPageFlag(object, scratch,
                 MemoryChunk::kPointersFromHereAreInterestingMask, kNotEqual,
                 deferred_write_barrier);
   bind(*done);
 }
 
+#ifdef V8_ENABLE_SANDBOX
+
+void MaglevAssembler::CheckAndEmitDeferredIndirectPointerWriteBarrier(
+    Register object, int offset, Register value,
+    RegisterSnapshot register_snapshot, IndirectPointerTag tag) {
+  ZoneLabelRef done(this);
+  Label* deferred_write_barrier = MakeDeferredCode(
+      [](MaglevAssembler* masm, ZoneLabelRef done, Register object, int offset,
+         Register value, RegisterSnapshot register_snapshot,
+         IndirectPointerTag tag) {
+        ASM_CODE_COMMENT_STRING(masm, "Write barrier slow path");
+
+        Register stub_object_reg =
+            IndirectPointerWriteBarrierDescriptor::ObjectRegister();
+        Register slot_reg =
+            IndirectPointerWriteBarrierDescriptor::SlotAddressRegister();
+        Register tag_reg =
+            IndirectPointerWriteBarrierDescriptor::IndirectPointerTagRegister();
+
+        RegList saved;
+        if (object != stub_object_reg &&
+            register_snapshot.live_registers.has(stub_object_reg)) {
+          saved.set(stub_object_reg);
+        }
+        if (register_snapshot.live_registers.has(slot_reg)) {
+          saved.set(slot_reg);
+        }
+        if (register_snapshot.live_registers.has(tag_reg)) {
+          saved.set(tag_reg);
+        }
+
+        __ PushAll(saved);
+
+        if (object != stub_object_reg) {
+          __ Move(stub_object_reg, object);
+          object = stub_object_reg;
+        }
+        __ SetSlotAddressForTaggedField(slot_reg, object, offset);
+        __ Move(tag_reg, tag);
+
+        SaveFPRegsMode const save_fp_mode =
+            !register_snapshot.live_double_registers.is_empty()
+                ? SaveFPRegsMode::kSave
+                : SaveFPRegsMode::kIgnore;
+
+        __ CallBuiltin(Builtins::IndirectPointerBarrier(save_fp_mode));
+
+        __ PopAll(saved);
+        __ Jump(*done);
+      },
+      done, object, offset, value, register_snapshot, tag);
+
+  AssertNotSmi(value);
+
+  JumpIfMarking(deferred_write_barrier);
+  bind(*done);
+}
+
+#endif  // V8_ENABLE_SANDBOX
+
 void MaglevAssembler::StoreTaggedFieldWithWriteBarrier(
     Register object, int offset, Register value,
     RegisterSnapshot register_snapshot, ValueIsCompressed value_is_compressed,
@@ -541,12 +619,24 @@ void MaglevAssembler::StoreTaggedFieldWithWriteBarrier(
       value_can_be_smi);
 }
 
+#ifdef V8_ENABLE_SANDBOX
+
+void MaglevAssembler::StoreTrustedPointerFieldWithWriteBarrier(
+    Register object, int offset, Register value,
+    RegisterSnapshot register_snapshot, IndirectPointerTag tag) {
+  AssertNotSmi(object);
+  StoreTrustedPointerFieldNoWriteBarrier(object, offset, value);
+  CheckAndEmitDeferredIndirectPointerWriteBarrier(object, offset, value,
+                                                  register_snapshot, tag);
+}
+
+#endif  // V8_ENABLE_SANDBOX
+
 void MaglevAssembler::StoreFixedArrayElementWithWriteBarrier(
     Register array, Register index, Register value,
     RegisterSnapshot register_snapshot) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -592,8 +682,8 @@ void MaglevAssembler::TryMigrateInstance(Register object,
     // Make sure the return value is preserved across the live register
     // restoring pop all.
     return_val = kReturnRegister0;
-    MaglevAssembler::ScratchRegisterScope temps(this);
-    Register scratch = temps.GetDefaultScratchRegister();
+    MaglevAssembler::TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     if (register_snapshot.live_registers.has(return_val)) {
       DCHECK(!register_snapshot.live_registers.has(scratch));
       Move(scratch, return_val);
diff --git a/deps/v8/src/maglev/maglev-assembler.h b/deps/v8/src/maglev/maglev-assembler.h
index 465e5093a08be8..dcd8fc81e0a125 100644
--- a/deps/v8/src/maglev/maglev-assembler.h
+++ b/deps/v8/src/maglev/maglev-assembler.h
@@ -95,7 +95,7 @@ class MapCompare {
 
 class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
  public:
-  class ScratchRegisterScope;
+  class TemporaryRegisterScope;
 
   explicit MaglevAssembler(Isolate* isolate, MaglevCodeGenState* code_gen_state)
       : MacroAssembler(isolate, CodeObjectRequired::kNo),
@@ -231,6 +231,10 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
                                         ValueIsCompressed value_is_compressed,
                                         ValueCanBeSmi value_can_be_smi);
 
+  void CheckAndEmitDeferredIndirectPointerWriteBarrier(
+      Register object, int offset, Register value,
+      RegisterSnapshot register_snapshot, IndirectPointerTag tag);
+
   // Preserves all registers that are in the register snapshot, but is otherwise
   // allowed to clobber both input registers if they are not in the snapshot.
   //
@@ -253,6 +257,17 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
                                      Tagged<Smi> value);
 
   inline void StoreInt32Field(Register object, int offset, int32_t value);
+
+#ifdef V8_ENABLE_SANDBOX
+
+  void StoreTrustedPointerFieldWithWriteBarrier(
+      Register object, int offset, Register value,
+      RegisterSnapshot register_snapshot, IndirectPointerTag tag);
+  inline void StoreTrustedPointerFieldNoWriteBarrier(Register object,
+                                                     int offset,
+                                                     Register value);
+#endif  // V8_ENABLE_SANDBOX
+
   inline void StoreField(MemOperand operand, Register value, int element_size);
   inline void ReverseByteOrder(Register value, int element_size);
 
@@ -402,6 +417,7 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
   inline void Move(Register dst, Tagged<TaggedIndex> i);
   inline void Move(Register dst, int32_t i);
   inline void Move(Register dst, uint32_t i);
+  inline void Move(Register dst, IndirectPointerTag i);
   inline void Move(DoubleRegister dst, double n);
   inline void Move(DoubleRegister dst, Float64 n);
   inline void Move(Register dst, Handle<HeapObject> obj);
@@ -442,17 +458,48 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
   inline Condition IsNotCallableNorUndetactable(Register map, Register scratch);
 
   inline void LoadInstanceType(Register instance_type, Register heap_object);
-  inline void CompareObjectTypeAndAssert(Register heap_object,
-                                         InstanceType type, Condition cond,
-                                         AbortReason reason);
-  inline void CompareObjectTypeAndJumpIf(
-      Register heap_object, InstanceType type, Condition cond, Label* target,
-      Label::Distance distance = Label::kFar);
-  inline void CompareObjectTypeAndBranch(
-      Register heap_object, InstanceType type, Condition condition,
+  inline void JumpIfObjectType(Register heap_object, InstanceType type,
+                               Label* target,
+                               Label::Distance distance = Label::kFar);
+  inline void JumpIfNotObjectType(Register heap_object, InstanceType type,
+                                  Label* target,
+                                  Label::Distance distance = Label::kFar);
+  inline void AssertObjectType(Register heap_object, InstanceType type,
+                               AbortReason reason);
+  inline void BranchOnObjectType(Register heap_object, InstanceType type,
+                                 Label* if_true, Label::Distance true_distance,
+                                 bool fallthrough_when_true, Label* if_false,
+                                 Label::Distance false_distance,
+                                 bool fallthrough_when_false);
+
+  inline void JumpIfObjectTypeInRange(Register heap_object,
+                                      InstanceType lower_limit,
+                                      InstanceType higher_limit, Label* target,
+                                      Label::Distance distance = Label::kFar);
+  inline void JumpIfObjectTypeNotInRange(
+      Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
+      Label* target, Label::Distance distance = Label::kFar);
+  inline void AssertObjectTypeInRange(Register heap_object,
+                                      InstanceType lower_limit,
+                                      InstanceType higher_limit,
+                                      AbortReason reason);
+  inline void BranchOnObjectTypeInRange(
+      Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
       Label* if_true, Label::Distance true_distance, bool fallthrough_when_true,
       Label* if_false, Label::Distance false_distance,
       bool fallthrough_when_false);
+
+#if V8_STATIC_ROOTS_BOOL
+  inline void JumpIfObjectInRange(Register heap_object, Tagged_t lower_limit,
+                                  Tagged_t higher_limit, Label* target,
+                                  Label::Distance distance = Label::kFar);
+  inline void JumpIfObjectNotInRange(Register heap_object, Tagged_t lower_limit,
+                                     Tagged_t higher_limit, Label* target,
+                                     Label::Distance distance = Label::kFar);
+  inline void AssertObjectInRange(Register heap_object, Tagged_t lower_limit,
+                                  Tagged_t higher_limit, AbortReason reason);
+#endif
+
   inline void JumpIfJSAnyIsNotPrimitive(Register heap_object, Label* target,
                                         Label::Distance distance = Label::kFar);
 
@@ -470,13 +517,6 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
                                           Label::Distance false_distance,
                                           bool fallthrough_when_false);
 
-  inline void CompareObjectTypeRange(Register heap_object,
-                                     InstanceType lower_limit,
-                                     InstanceType higher_limit);
-  inline void CompareObjectTypeRange(Register heap_object, Register scratch,
-                                     InstanceType lower_limit,
-                                     InstanceType higher_limit);
-
   inline void CompareMapWithRoot(Register object, RootIndex index,
                                  Register scratch);
 
@@ -579,6 +619,8 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
   inline void CompareSmiAndJumpIf(Register r1, Tagged<Smi> value,
                                   Condition cond, Label* target,
                                   Label::Distance distance = Label::kFar);
+  inline void CompareSmiAndAssert(Register r1, Tagged<Smi> value,
+                                  Condition cond, AbortReason reason);
   inline void CompareByteAndJumpIf(MemOperand left, int8_t right,
                                    Condition cond, Register scratch,
                                    Label* target,
@@ -668,7 +710,7 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
     return code_gen_state()->compilation_info();
   }
 
-  ScratchRegisterScope* scratch_register_scope() const {
+  TemporaryRegisterScope* scratch_register_scope() const {
     return scratch_register_scope_;
   }
 
@@ -684,6 +726,9 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
 #endif  // DEBUG
 
  private:
+  template <typename Derived>
+  class TemporaryRegisterScopeBase;
+
   inline constexpr int GetFramePointerOffsetForStackSlot(int index) {
     return StandardFrameConstants::kExpressionsOffset -
            index * kSystemPointerSize;
@@ -692,7 +737,7 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
   inline void SmiTagInt32AndSetFlags(Register dst, Register src);
 
   MaglevCodeGenState* const code_gen_state_;
-  ScratchRegisterScope* scratch_register_scope_ = nullptr;
+  TemporaryRegisterScope* scratch_register_scope_ = nullptr;
 #ifdef DEBUG
   bool allow_allocate_ = false;
   bool allow_call_ = false;
@@ -700,6 +745,83 @@ class V8_EXPORT_PRIVATE MaglevAssembler : public MacroAssembler {
 #endif  // DEBUG
 };
 
+// Shared logic for per-architecture TemporaryRegisterScope.
+template <typename Derived>
+class MaglevAssembler::TemporaryRegisterScopeBase {
+ public:
+  struct SavedData {
+    RegList available_;
+    DoubleRegList available_double_;
+  };
+
+  explicit TemporaryRegisterScopeBase(MaglevAssembler* masm)
+      : masm_(masm),
+        prev_scope_(masm->scratch_register_scope_),
+        available_(masm->scratch_register_scope_
+                       ? static_cast<TemporaryRegisterScopeBase*>(prev_scope_)
+                             ->available_
+                       : RegList()),
+        available_double_(
+            masm->scratch_register_scope_
+                ? static_cast<TemporaryRegisterScopeBase*>(prev_scope_)
+                      ->available_double_
+                : DoubleRegList()) {
+    masm_->scratch_register_scope_ = static_cast<Derived*>(this);
+  }
+  explicit TemporaryRegisterScopeBase(MaglevAssembler* masm,
+                                      const SavedData& saved_data)
+      : masm_(masm),
+        prev_scope_(masm->scratch_register_scope_),
+        available_(saved_data.available_),
+        available_double_(saved_data.available_double_) {
+    masm_->scratch_register_scope_ = static_cast<Derived*>(this);
+  }
+  ~TemporaryRegisterScopeBase() {
+    masm_->scratch_register_scope_ = prev_scope_;
+    // TODO(leszeks): Clear used registers.
+  }
+
+  void ResetToDefault() {
+    available_ = {};
+    available_double_ = {};
+    static_cast<Derived*>(this)->ResetToDefaultImpl();
+  }
+
+  Register Acquire() {
+    CHECK(!available_.is_empty());
+    return available_.PopFirst();
+  }
+  void Include(const RegList list) {
+    DCHECK((list - kAllocatableGeneralRegisters).is_empty());
+    available_ = available_ | list;
+  }
+
+  DoubleRegister AcquireDouble() {
+    CHECK(!available_double_.is_empty());
+    return available_double_.PopFirst();
+  }
+  void IncludeDouble(const DoubleRegList list) {
+    DCHECK((list - kAllocatableDoubleRegisters).is_empty());
+    available_double_ = available_double_ | list;
+  }
+
+  RegList Available() { return available_; }
+  void SetAvailable(RegList list) { available_ = list; }
+
+  DoubleRegList AvailableDouble() { return available_double_; }
+  void SetAvailableDouble(DoubleRegList list) { available_double_ = list; }
+
+ protected:
+  SavedData CopyForDeferBase() {
+    return SavedData{available_, available_double_};
+  }
+
+  MaglevAssembler* masm_;
+  Derived* prev_scope_;
+  RegList available_;
+  DoubleRegList available_double_;
+};
+
 class SaveRegisterStateForCall {
  public:
   SaveRegisterStateForCall(MaglevAssembler* masm, RegisterSnapshot snapshot)
diff --git a/deps/v8/src/maglev/maglev-basic-block.h b/deps/v8/src/maglev/maglev-basic-block.h
index edbc79b362d176..dd209671bb0529 100644
--- a/deps/v8/src/maglev/maglev-basic-block.h
+++ b/deps/v8/src/maglev/maglev-basic-block.h
@@ -35,7 +35,7 @@ class BasicBlock {
         reload_hints_(0, zone),
         spill_hints_(0, zone) {}
 
-  uint32_t first_id() const {
+  NodeIdT first_id() const {
     if (has_phi()) return phis()->first()->id();
     if (nodes_.is_empty()) {
       return control_node()->id();
@@ -47,7 +47,7 @@ class BasicBlock {
     return node ? node->id() : control_node()->id();
   }
 
-  uint32_t FirstNonGapMoveId() const {
+  NodeIdT FirstNonGapMoveId() const {
     if (has_phi()) return phis()->first()->id();
     if (!nodes_.is_empty()) {
       for (const Node* node : nodes_) {
@@ -134,6 +134,11 @@ class BasicBlock {
     return state_->predecessor_at(i);
   }
 
+  BasicBlock* backedge_predecessor() const {
+    DCHECK(is_loop());
+    return predecessor_at(predecessor_count() - 1);
+  }
+
   int predecessor_id() const {
     return control_node()->Cast<UnconditionalControlNode>()->predecessor_id();
   }
diff --git a/deps/v8/src/maglev/maglev-code-generator.cc b/deps/v8/src/maglev/maglev-code-generator.cc
index 744d93a598346f..83d786cdc5c504 100644
--- a/deps/v8/src/maglev/maglev-code-generator.cc
+++ b/deps/v8/src/maglev/maglev-code-generator.cc
@@ -576,8 +576,8 @@ class ExceptionHandlerTrampolineBuilder {
     EmitMaterialisationsAndPushResults(materialising_moves, save_accumulator);
 
     __ RecordComment("EmitMoves");
-    MaglevAssembler::ScratchRegisterScope temps(masm_);
-    Register scratch = temps.GetDefaultScratchRegister();
+    MaglevAssembler::TemporaryRegisterScope temps(masm_);
+    Register scratch = temps.AcquireScratch();
     direct_moves.EmitMoves(scratch);
     EmitPopMaterialisedResults(materialising_moves, save_accumulator, scratch);
     __ Jump(catch_block->label());
@@ -776,8 +776,9 @@ class MaglevCodeGeneratingNodeProcessor {
   }
 
   void PostProcessGraph(Graph* graph) {}
+  void PostPhiProcessing() {}
 
-  void PreProcessBasicBlock(BasicBlock* block) {
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
     if (block->is_loop()) {
       __ LoopHeaderAlign();
     }
@@ -787,6 +788,7 @@ class MaglevCodeGeneratingNodeProcessor {
       __ RecordComment(ss.str());
     }
     __ BindBlock(block);
+    return BlockProcessResult::kContinue;
   }
 
   template <typename NodeT>
@@ -831,7 +833,7 @@ class MaglevCodeGeneratingNodeProcessor {
       }
     }
 
-    MaglevAssembler::ScratchRegisterScope scratch_scope(masm());
+    MaglevAssembler::TemporaryRegisterScope scratch_scope(masm());
     scratch_scope.Include(node->general_temporaries());
     scratch_scope.IncludeDouble(node->double_temporaries());
 
@@ -884,9 +886,9 @@ class MaglevCodeGeneratingNodeProcessor {
 
     int predecessor_id = state.block()->predecessor_id();
 
-    MaglevAssembler::ScratchRegisterScope temps(masm_);
-    Register scratch = temps.GetDefaultScratchRegister();
-    DoubleRegister double_scratch = temps.GetDefaultScratchDoubleRegister();
+    MaglevAssembler::TemporaryRegisterScope temps(masm_);
+    Register scratch = temps.AcquireScratch();
+    DoubleRegister double_scratch = temps.AcquireScratchDouble();
 
     // TODO(leszeks): Move these to fields, to allow their data structure
     // allocations to be reused. Will need some sort of state resetting.
@@ -1106,7 +1108,10 @@ class SafepointingNodeProcessor {
 
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
   ProcessResult Process(NodeBase* node, const ProcessingState& state) {
     local_isolate_->heap()->Safepoint();
     return ProcessResult::kContinue;
@@ -1522,7 +1527,7 @@ class MaglevFrameTranslationBuilder {
         GetDuplicatedId(reinterpret_cast<intptr_t>(object->allocation()));
     if (dup_id != kNotDuplicated) {
       translation_array_builder_->DuplicateObject(dup_id);
-      input_location += object->InputLocationSizeNeeded();
+      input_location += object->InputLocationSizeNeeded(virtual_objects);
       return;
     }
     if (object->type() == VirtualObject::kFixedDoubleArray) {
@@ -1553,7 +1558,8 @@ class MaglevFrameTranslationBuilder {
         BuildVirtualObject(vobject, input_location, virtual_objects);
         return;
       }
-      input_locations_to_advance += vobject->InputLocationSizeNeeded();
+      input_locations_to_advance +=
+          vobject->InputLocationSizeNeeded(virtual_objects);
     }
     if (input_location->operand().IsConstant()) {
       translation_array_builder_->StoreLiteral(
diff --git a/deps/v8/src/maglev/maglev-compilation-info.cc b/deps/v8/src/maglev/maglev-compilation-info.cc
index 0829a752b8a332..fbc7dfe141b794 100644
--- a/deps/v8/src/maglev/maglev-compilation-info.cc
+++ b/deps/v8/src/maglev/maglev-compilation-info.cc
@@ -4,6 +4,8 @@
 
 #include "src/maglev/maglev-compilation-info.h"
 
+#include <optional>
+
 #include "src/codegen/compiler.h"
 #include "src/compiler/compilation-dependencies.h"
 #include "src/compiler/js-heap-broker.h"
@@ -54,8 +56,9 @@ class V8_NODISCARD MaglevCompilationHandleScope final {
 };
 
 static bool SpecializeToFunctionContext(
-    Isolate* isolate, BytecodeOffset osr_offset, Handle<JSFunction> function,
-    base::Optional<bool> specialize_to_function_context_override) {
+    Isolate* isolate, BytecodeOffset osr_offset,
+    DirectHandle<JSFunction> function,
+    std::optional<bool> specialize_to_function_context_override) {
   if (osr_offset != BytecodeOffset::None()) return false;
   if (!v8_flags.maglev_function_context_specialization) return false;
   if (specialize_to_function_context_override.has_value()) {
@@ -72,8 +75,8 @@ static bool SpecializeToFunctionContext(
 
 MaglevCompilationInfo::MaglevCompilationInfo(
     Isolate* isolate, Handle<JSFunction> function, BytecodeOffset osr_offset,
-    base::Optional<compiler::JSHeapBroker*> js_broker,
-    base::Optional<bool> specialize_to_function_context,
+    std::optional<compiler::JSHeapBroker*> js_broker,
+    std::optional<bool> specialize_to_function_context,
     bool for_turboshaft_frontend)
     : zone_(isolate->allocator(), kMaglevZoneName),
       broker_(js_broker.has_value()
diff --git a/deps/v8/src/maglev/maglev-compilation-info.h b/deps/v8/src/maglev/maglev-compilation-info.h
index 75f88e4257dd1e..53f6cf04571f2d 100644
--- a/deps/v8/src/maglev/maglev-compilation-info.h
+++ b/deps/v8/src/maglev/maglev-compilation-info.h
@@ -6,8 +6,8 @@
 #define V8_MAGLEV_MAGLEV_COMPILATION_INFO_H_
 
 #include <memory>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/handles/handles.h"
 #include "src/handles/maybe-handles.h"
 #include "src/utils/utils.h"
@@ -130,8 +130,8 @@ class MaglevCompilationInfo final {
  private:
   MaglevCompilationInfo(
       Isolate* isolate, Handle<JSFunction> function, BytecodeOffset osr_offset,
-      base::Optional<compiler::JSHeapBroker*> broker = base::nullopt,
-      base::Optional<bool> specialize_to_function_context = base::nullopt,
+      std::optional<compiler::JSHeapBroker*> broker = std::nullopt,
+      std::optional<bool> specialize_to_function_context = std::nullopt,
       bool for_turboshaft_frontend = false);
 
   // Storing the raw pointer to the CanonicalHandlesMap is generally not safe.
diff --git a/deps/v8/src/maglev/maglev-compiler.cc b/deps/v8/src/maglev/maglev-compiler.cc
index a55cc7949861de..5d0904adefeb17 100644
--- a/deps/v8/src/maglev/maglev-compiler.cc
+++ b/deps/v8/src/maglev/maglev-compiler.cc
@@ -67,7 +67,8 @@ bool MaglevCompiler::Compile(LocalIsolate* local_isolate,
       v8_flags.print_maglev_graph || v8_flags.print_maglev_graphs ||
       v8_flags.trace_maglev_graph_building ||
       v8_flags.trace_maglev_escape_analysis ||
-      v8_flags.trace_maglev_phi_untagging || v8_flags.trace_maglev_regalloc) {
+      v8_flags.trace_maglev_phi_untagging || v8_flags.trace_maglev_regalloc ||
+      v8_flags.trace_maglev_object_tracking) {
     compilation_info->set_graph_labeller(new MaglevGraphLabeller());
   }
 
@@ -102,6 +103,20 @@ bool MaglevCompiler::Compile(LocalIsolate* local_isolate,
       }
     }
 
+    if (v8_flags.maglev_licm) {
+      TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.compile"),
+                   "V8.Maglev.LoopOptimizations");
+
+      GraphProcessor<LoopOptimizationProcessor> loop_optimizations(
+          &graph_builder);
+      loop_optimizations.ProcessGraph(graph);
+
+      if (v8_flags.print_maglev_graphs) {
+        std::cout << "\nAfter loop optimizations" << std::endl;
+        PrintGraph(std::cout, compilation_info, graph);
+      }
+    }
+
     if (v8_flags.maglev_untagged_phis) {
       TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.compile"),
                    "V8.Maglev.PhiUntagging");
diff --git a/deps/v8/src/maglev/maglev-graph-builder.cc b/deps/v8/src/maglev/maglev-graph-builder.cc
index 1fcd1967638671..b3ee4e0fb760ee 100644
--- a/deps/v8/src/maglev/maglev-graph-builder.cc
+++ b/deps/v8/src/maglev/maglev-graph-builder.cc
@@ -6,11 +6,12 @@
 
 #include <algorithm>
 #include <limits>
+#include <optional>
 #include <utility>
 
 #include "src/base/bounds.h"
+#include "src/base/ieee754.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "src/builtins/builtins-constructor.h"
 #include "src/builtins/builtins.h"
@@ -40,6 +41,7 @@
 #include "src/maglev/maglev-compilation-unit.h"
 #include "src/maglev/maglev-graph-printer.h"
 #include "src/maglev/maglev-interpreter-frame-state.h"
+#include "src/maglev/maglev-ir-inl.h"
 #include "src/maglev/maglev-ir.h"
 #include "src/numbers/conversions.h"
 #include "src/objects/arguments.h"
@@ -153,6 +155,13 @@ void MaglevGraphBuilder::MinimizeContextChainDepth(ValueNode** context,
   }
 }
 
+void MaglevGraphBuilder::EscapeContext() {
+  ValueNode* context = GetContext();
+  if (InlinedAllocation* alloc = context->TryCast<InlinedAllocation>()) {
+    alloc->ForceEscaping();
+  }
+}
+
 class CallArguments {
  public:
   enum Mode {
@@ -362,6 +371,15 @@ class V8_NODISCARD MaglevGraphBuilder::DeoptFrameScope {
     builder_->current_deopt_scope_ = this;
     builder_->AddDeoptUse(
         data_.get<DeoptFrame::BuiltinContinuationFrameData>().context);
+    if (parameters.size() > 0) {
+      if (InlinedAllocation* receiver =
+              parameters[0]->TryCast<InlinedAllocation>()) {
+        // We escape the first argument, since the builtin continuation call can
+        // trigger a stack iteration, which expects the receiver to be a
+        // meterialized object.
+        receiver->ForceEscaping();
+      }
+    }
     for (ValueNode* node :
          data_.get<DeoptFrame::BuiltinContinuationFrameData>().parameters) {
       builder_->AddDeoptUse(node);
@@ -861,12 +879,10 @@ void MaglevGraphBuilder::MaglevSubGraphBuilder::MergeIntoLabel(
   }
 }
 
-MaglevGraphBuilder::MaglevGraphBuilder(LocalIsolate* local_isolate,
-                                       MaglevCompilationUnit* compilation_unit,
-                                       Graph* graph, float call_frequency,
-                                       BytecodeOffset caller_bytecode_offset,
-                                       int inlining_id,
-                                       MaglevGraphBuilder* parent)
+MaglevGraphBuilder::MaglevGraphBuilder(
+    LocalIsolate* local_isolate, MaglevCompilationUnit* compilation_unit,
+    Graph* graph, float call_frequency, BytecodeOffset caller_bytecode_offset,
+    bool caller_is_inside_loop, int inlining_id, MaglevGraphBuilder* parent)
     : local_isolate_(local_isolate),
       compilation_unit_(compilation_unit),
       parent_(parent),
@@ -880,7 +896,8 @@ MaglevGraphBuilder::MaglevGraphBuilder(LocalIsolate* local_isolate,
           !compilation_unit->is_osr() &&
           (is_inline() ? parent_->allow_loop_peeling_
                        : v8_flags.maglev_loop_peeling)),
-      peeled_loop_effects_(zone()),
+      loop_effects_(is_inline() ? parent_->loop_effects_ : nullptr),
+      loop_effects_stack_(zone()),
       decremented_predecessor_offsets_(zone()),
       loop_headers_to_peel_(bytecode().length(), zone()),
       call_frequency_(call_frequency),
@@ -900,11 +917,13 @@ MaglevGraphBuilder::MaglevGraphBuilder(LocalIsolate* local_isolate,
           is_inline() ? parent->current_interpreter_frame_.virtual_objects()
                       : VirtualObject::List()),
       caller_bytecode_offset_(caller_bytecode_offset),
+      caller_is_inside_loop_(caller_is_inside_loop),
       entrypoint_(compilation_unit->is_osr()
                       ? bytecode_analysis_.osr_entry_point()
                       : 0),
       inlining_id_(inlining_id),
-      catch_block_stack_(zone()) {
+      catch_block_stack_(zone()),
+      unobserved_context_slot_stores_(zone()) {
   memset(merge_states_, 0,
          (bytecode().length() + 1) * sizeof(InterpreterFrameState*));
   // Default construct basic block refs.
@@ -1325,14 +1344,22 @@ DeoptFrame MaglevGraphBuilder::GetDeoptFrameForLazyDeoptHelper(
     interpreter::Register result_location, int result_size,
     DeoptFrameScope* scope, bool mark_accumulator_dead) {
   if (scope == nullptr) {
-    // Potentially copy the out liveness if we want to explicitly drop the
-    // accumulator.
-    const compiler::BytecodeLivenessState* liveness = GetOutLiveness();
+    compiler::BytecodeLivenessState* liveness =
+        zone()->New<compiler::BytecodeLivenessState>(*GetOutLiveness(), zone());
+    // Remove result locations from liveness.
+    if (result_location == interpreter::Register::virtual_accumulator()) {
+      DCHECK_EQ(result_size, 1);
+      liveness->MarkAccumulatorDead();
+      mark_accumulator_dead = false;
+    } else {
+      DCHECK(!result_location.is_parameter());
+      for (int i = 0; i < result_size; i++) {
+        liveness->MarkRegisterDead(result_location.index() + i);
+      }
+    }
+    // Explicitly drop the accumulator if needed.
     if (mark_accumulator_dead && liveness->AccumulatorIsLive()) {
-      compiler::BytecodeLivenessState* liveness_copy =
-          zone()->New<compiler::BytecodeLivenessState>(*liveness, zone());
-      liveness_copy->MarkAccumulatorDead();
-      liveness = liveness_copy;
+      liveness->MarkAccumulatorDead();
     }
     current_interpreter_frame_.virtual_objects().Snapshot();
     InterpretedDeoptFrame ret(
@@ -1342,13 +1369,8 @@ DeoptFrame MaglevGraphBuilder::GetDeoptFrameForLazyDeoptHelper(
         GetClosure(), BytecodeOffset(iterator_.current_offset()),
         current_source_position_, GetParentDeoptFrame());
     ret.frame_state()->ForEachValue(
-        *compilation_unit_, [this, result_location, result_size](
-                                ValueNode* node, interpreter::Register reg) {
-          if (result_size == 0 ||
-              !base::IsInRange(reg.index(), result_location.index(),
-                               result_location.index() + result_size - 1)) {
-            AddDeoptUse(node);
-          }
+        *compilation_unit_, [this](ValueNode* node, interpreter::Register reg) {
+          AddDeoptUse(node);
         });
     AddDeoptUse(ret.closure());
     return ret;
@@ -1549,6 +1571,8 @@ NodeType ToNumberHintToNodeType(ToNumberHint conversion_type) {
     case ToNumberHint::kDisallowToNumber:
     case ToNumberHint::kAssumeNumber:
       return NodeType::kNumber;
+    case ToNumberHint::kAssumeNumberOrBoolean:
+      return NodeType::kNumberOrBoolean;
     case ToNumberHint::kAssumeNumberOrOddball:
       return NodeType::kNumberOrOddball;
   }
@@ -1563,6 +1587,8 @@ TaggedToFloat64ConversionType ToNumberHintToConversionType(
       return TaggedToFloat64ConversionType::kOnlyNumber;
     case ToNumberHint::kAssumeNumberOrOddball:
       return TaggedToFloat64ConversionType::kNumberOrOddball;
+    case ToNumberHint::kAssumeNumberOrBoolean:
+      return TaggedToFloat64ConversionType::kNumberOrBoolean;
   }
 }
 }  // namespace
@@ -1667,30 +1693,74 @@ ValueNode* MaglevGraphBuilder::GetTruncatedInt32ForToNumber(ValueNode* value,
   UNREACHABLE();
 }
 
-ValueNode* MaglevGraphBuilder::GetInt32(ValueNode* value) {
-  RecordUseReprHintIfPhi(value, UseRepresentation::kInt32);
-
-  ValueRepresentation representation =
-      value->properties().value_representation();
-  if (representation == ValueRepresentation::kInt32) return value;
-
-  // Process constants first to avoid allocating NodeInfo for them.
+std::optional<int32_t> MaglevGraphBuilder::TryGetInt32Constant(
+    ValueNode* value) {
   switch (value->opcode()) {
+    case Opcode::kInt32Constant:
+      return value->Cast<Int32Constant>()->value();
+    case Opcode::kUint32Constant: {
+      uint32_t uint32_value = value->Cast<Uint32Constant>()->value();
+      if (uint32_value <= INT32_MAX) {
+        return static_cast<int32_t>(uint32_value);
+      }
+      return {};
+    }
     case Opcode::kSmiConstant:
-      return GetInt32Constant(value->Cast<SmiConstant>()->value().value());
+      return value->Cast<SmiConstant>()->value().value();
     case Opcode::kFloat64Constant: {
       double double_value =
           value->Cast<Float64Constant>()->value().get_scalar();
-      if (!IsSmiDouble(double_value)) break;
-      return GetInt32Constant(
-          FastD2I(value->Cast<Float64Constant>()->value().get_scalar()));
+      if (!IsInt32Double(double_value)) return {};
+      return FastD2I(value->Cast<Float64Constant>()->value().get_scalar());
     }
+    default:
+      return {};
+  }
+}
 
-    // We could emit unconditional eager deopts for other kinds of constant, but
-    // it's not necessary, the appropriate checking conversion nodes will deopt.
+std::optional<uint32_t> MaglevGraphBuilder::TryGetUint32Constant(
+    ValueNode* value) {
+  switch (value->opcode()) {
+    case Opcode::kInt32Constant: {
+      int32_t int32_value = value->Cast<Int32Constant>()->value();
+      if (int32_value >= 0) {
+        return static_cast<uint32_t>(int32_value);
+      }
+      return {};
+    }
+    case Opcode::kUint32Constant:
+      return value->Cast<Uint32Constant>()->value();
+    case Opcode::kSmiConstant: {
+      int32_t smi_value = value->Cast<SmiConstant>()->value().value();
+      if (smi_value >= 0) {
+        return static_cast<uint32_t>(smi_value);
+      }
+      return {};
+    }
+    case Opcode::kFloat64Constant: {
+      double double_value =
+          value->Cast<Float64Constant>()->value().get_scalar();
+      if (!IsUint32Double(double_value)) return {};
+      return FastD2UI(value->Cast<Float64Constant>()->value().get_scalar());
+    }
     default:
-      break;
+      return {};
+  }
+}
+
+ValueNode* MaglevGraphBuilder::GetInt32(ValueNode* value) {
+  RecordUseReprHintIfPhi(value, UseRepresentation::kInt32);
+
+  ValueRepresentation representation =
+      value->properties().value_representation();
+  if (representation == ValueRepresentation::kInt32) return value;
+
+  // Process constants first to avoid allocating NodeInfo for them.
+  if (auto cst = TryGetInt32Constant(value)) {
+    return GetInt32Constant(cst.value());
   }
+  // We could emit unconditional eager deopts for other kinds of constant, but
+  // it's not necessary, the appropriate checking conversion nodes will deopt.
 
   NodeInfo* node_info = GetOrCreateInfoFor(value);
   auto& alternative = node_info->alternative();
@@ -1726,50 +1796,57 @@ ValueNode* MaglevGraphBuilder::GetInt32(ValueNode* value) {
   UNREACHABLE();
 }
 
-ValueNode* MaglevGraphBuilder::GetFloat64(ValueNode* value) {
-  RecordUseReprHintIfPhi(value, UseRepresentation::kFloat64);
-
-  return GetFloat64ForToNumber(value, ToNumberHint::kDisallowToNumber);
-}
-
-ValueNode* MaglevGraphBuilder::GetFloat64ForToNumber(ValueNode* value,
-                                                     ToNumberHint hint) {
-  ValueRepresentation representation =
-      value->properties().value_representation();
-  if (representation == ValueRepresentation::kFloat64) return value;
-
-  // Process constants first to avoid allocating NodeInfo for them.
+std::optional<double> MaglevGraphBuilder::TryGetFloat64Constant(
+    ValueNode* value, ToNumberHint hint) {
   switch (value->opcode()) {
     case Opcode::kConstant: {
       compiler::ObjectRef object = value->Cast<Constant>()->object();
       if (object.IsHeapNumber()) {
-        return GetFloat64Constant(object.AsHeapNumber().value());
+        return object.AsHeapNumber().value();
       }
       // Oddballs should be RootConstants.
       DCHECK(!IsOddball(*object.object()));
-      break;
+      return {};
     }
-    case Opcode::kSmiConstant:
-      return GetFloat64Constant(value->Cast<SmiConstant>()->value().value());
     case Opcode::kInt32Constant:
-      return GetFloat64Constant(value->Cast<Int32Constant>()->value());
+      return value->Cast<Int32Constant>()->value();
+    case Opcode::kSmiConstant:
+      return value->Cast<SmiConstant>()->value().value();
+    case Opcode::kFloat64Constant:
+      return value->Cast<Float64Constant>()->value().get_scalar();
     case Opcode::kRootConstant: {
       Tagged<Object> root_object =
           local_isolate_->root(value->Cast<RootConstant>()->index());
       if (hint != ToNumberHint::kDisallowToNumber && IsOddball(root_object)) {
-        return GetFloat64Constant(Cast<Oddball>(root_object)->to_number_raw());
+        return Cast<Oddball>(root_object)->to_number_raw();
       }
       if (IsHeapNumber(root_object)) {
-        return GetFloat64Constant(Cast<HeapNumber>(root_object)->value());
+        return Cast<HeapNumber>(root_object)->value();
       }
-      break;
+      return {};
     }
-
-    // We could emit unconditional eager deopts for other kinds of constant, but
-    // it's not necessary, the appropriate checking conversion nodes will deopt.
     default:
-      break;
+      return {};
   }
+}
+
+ValueNode* MaglevGraphBuilder::GetFloat64(ValueNode* value) {
+  RecordUseReprHintIfPhi(value, UseRepresentation::kFloat64);
+  return GetFloat64ForToNumber(value, ToNumberHint::kDisallowToNumber);
+}
+
+ValueNode* MaglevGraphBuilder::GetFloat64ForToNumber(ValueNode* value,
+                                                     ToNumberHint hint) {
+  ValueRepresentation representation =
+      value->properties().value_representation();
+  if (representation == ValueRepresentation::kFloat64) return value;
+
+  // Process constants first to avoid allocating NodeInfo for them.
+  if (auto cst = TryGetFloat64Constant(value, hint)) {
+    return GetFloat64Constant(cst.value());
+  }
+  // We could emit unconditional eager deopts for other kinds of constant, but
+  // it's not necessary, the appropriate checking conversion nodes will deopt.
 
   NodeInfo* node_info = GetOrCreateInfoFor(value);
   auto& alternative = node_info->alternative();
@@ -1790,13 +1867,14 @@ ValueNode* MaglevGraphBuilder::GetFloat64ForToNumber(ValueNode* value,
           // also become the canonical float64_alternative.
           return alternative.set_float64(BuildNumberOrOddballToFloat64(
               value, TaggedToFloat64ConversionType::kOnlyNumber));
+        case ToNumberHint::kAssumeNumberOrBoolean:
         case ToNumberHint::kAssumeNumberOrOddball: {
           // NumberOrOddball->Float64 conversions are not exact alternatives,
           // since they lose the information that this is an oddball, so they
           // can only become the canonical float64_alternative if they are a
           // known number (and therefore not oddball).
           ValueNode* float64_node = BuildNumberOrOddballToFloat64(
-              value, TaggedToFloat64ConversionType::kNumberOrOddball);
+              value, ToNumberHintToConversionType(hint));
           if (NodeTypeIsNumber(node_info->type())) {
             alternative.set_float64(float64_node);
           }
@@ -1814,6 +1892,7 @@ ValueNode* MaglevGraphBuilder::GetFloat64ForToNumber(ValueNode* value,
         case ToNumberHint::kAssumeSmi:
         case ToNumberHint::kDisallowToNumber:
         case ToNumberHint::kAssumeNumber:
+        case ToNumberHint::kAssumeNumberOrBoolean:
           // Number->Float64 conversions are exact alternatives, so they can
           // also become the canonical float64_alternative.
           return alternative.set_float64(
@@ -1835,7 +1914,6 @@ ValueNode* MaglevGraphBuilder::GetFloat64ForToNumber(ValueNode* value,
 ValueNode* MaglevGraphBuilder::GetHoleyFloat64ForToNumber(ValueNode* value,
                                                           ToNumberHint hint) {
   RecordUseReprHintIfPhi(value, UseRepresentation::kHoleyFloat64);
-
   ValueRepresentation representation =
       value->properties().value_representation();
   // Ignore the hint for
@@ -1953,11 +2031,10 @@ constexpr bool BinaryOperationIsBitwiseInt32() {
   V(Multiply, Float64Multiply)           \
   V(Divide, Float64Divide)               \
   V(Modulus, Float64Modulus)             \
-  V(Negate, Float64Negate)               \
   V(Exponentiate, Float64Exponentiate)
 
 template <Operation kOperation>
-static constexpr base::Optional<int> Int32Identity() {
+static constexpr std::optional<int> Int32Identity() {
   switch (kOperation) {
 #define CASE(op, _, identity) \
   case Operation::k##op:      \
@@ -2025,60 +2102,117 @@ void MaglevGraphBuilder::BuildGenericBinarySmiOperationNode() {
       {left, right}, compiler::FeedbackSource{feedback(), slot_index}));
 }
 
+template <Operation kOperation>
+ReduceResult MaglevGraphBuilder::TryFoldInt32UnaryOperation(ValueNode* node) {
+  auto cst = TryGetInt32Constant(node);
+  if (!cst.has_value()) return ReduceResult::Fail();
+  switch (kOperation) {
+    case Operation::kBitwiseNot:
+      return GetInt32Constant(~cst.value());
+    case Operation::kIncrement:
+      if (cst.value() < INT32_MAX) {
+        return GetInt32Constant(cst.value() + 1);
+      }
+      return ReduceResult::Fail();
+    case Operation::kDecrement:
+      if (cst.value() > INT32_MIN) {
+        return GetInt32Constant(cst.value() - 1);
+      }
+      return ReduceResult::Fail();
+    case Operation::kNegate:
+      if (cst.value() != INT32_MIN) {
+        return GetInt32Constant(-cst.value());
+      }
+      return ReduceResult::Fail();
+    default:
+      UNREACHABLE();
+  }
+}
+
 template <Operation kOperation>
 void MaglevGraphBuilder::BuildInt32UnaryOperationNode() {
   // Use BuildTruncatingInt32BitwiseNotForToNumber with Smi input hint
   // for truncating operations.
   static_assert(!BinaryOperationIsBitwiseInt32<kOperation>());
-  // TODO(v8:7700): Do constant folding.
   ValueNode* value = GetAccumulator();
+  PROCESS_AND_RETURN_IF_DONE(TryFoldInt32UnaryOperation<kOperation>(value),
+                             SetAccumulator);
   using OpNodeT = Int32NodeFor<kOperation>;
   SetAccumulator(AddNewNode<OpNodeT>({value}));
 }
 
 void MaglevGraphBuilder::BuildTruncatingInt32BitwiseNotForToNumber(
     ToNumberHint hint) {
-  // TODO(v8:7700): Do constant folding.
   ValueNode* value = GetTruncatedInt32ForToNumber(
       current_interpreter_frame_.accumulator(), hint);
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldInt32UnaryOperation<Operation::kBitwiseNot>(value),
+      SetAccumulator);
   SetAccumulator(AddNewNode<Int32BitwiseNot>({value}));
 }
 
 template <Operation kOperation>
-ValueNode* MaglevGraphBuilder::TryFoldInt32BinaryOperation(ValueNode* left,
-                                                           ValueNode* right) {
-  switch (kOperation) {
-    case Operation::kModulus:
-      // Note the `x % x = 0` fold is invalid since for negative x values the
-      // result is -0.0.
-      // TODO(v8:7700): Consider re-enabling this fold if the result is used
-      // only in contexts where -0.0 is semantically equivalent to 0.0, or if x
-      // is known to be non-negative.
-    default:
-      // TODO(victorgomes): Implement more folds.
-      break;
-  }
-  return nullptr;
+ReduceResult MaglevGraphBuilder::TryFoldInt32BinaryOperation(ValueNode* left,
+                                                             ValueNode* right) {
+  auto cst_right = TryGetInt32Constant(right);
+  if (!cst_right.has_value()) return ReduceResult::Fail();
+  return TryFoldInt32BinaryOperation<kOperation>(left, cst_right.value());
 }
 
 template <Operation kOperation>
-ValueNode* MaglevGraphBuilder::TryFoldInt32BinaryOperation(ValueNode* left,
-                                                           int right) {
+ReduceResult MaglevGraphBuilder::TryFoldInt32BinaryOperation(
+    ValueNode* left, int32_t cst_right) {
+  auto cst_left = TryGetInt32Constant(left);
+  if (!cst_left.has_value()) return ReduceResult::Fail();
   switch (kOperation) {
+    case Operation::kAdd: {
+      int64_t result = static_cast<int64_t>(cst_left.value()) +
+                       static_cast<int64_t>(cst_right);
+      if (result >= INT32_MIN && result <= INT32_MAX) {
+        return GetInt32Constant(static_cast<int32_t>(result));
+      }
+      return ReduceResult::Fail();
+    }
+    case Operation::kSubtract: {
+      int64_t result = static_cast<int64_t>(cst_left.value()) -
+                       static_cast<int64_t>(cst_right);
+      if (result >= INT32_MIN && result <= INT32_MAX) {
+        return GetInt32Constant(static_cast<int32_t>(result));
+      }
+      return ReduceResult::Fail();
+    }
+    case Operation::kMultiply: {
+      int64_t result = static_cast<int64_t>(cst_left.value()) *
+                       static_cast<int64_t>(cst_right);
+      if (result >= INT32_MIN && result <= INT32_MAX) {
+        return GetInt32Constant(static_cast<int32_t>(result));
+      }
+      return ReduceResult::Fail();
+    }
     case Operation::kModulus:
-      // Note the `x % 1 = 0` and `x % -1 = 0` folds are invalid since for
-      // negative x values the result is -0.0.
-      // TODO(v8:7700): Consider re-enabling this fold if the result is used
-      // only in contexts where -0.0 is semantically equivalent to 0.0, or if x
-      // is known to be non-negative.
-      // TODO(victorgomes): We can emit faster mod operation if {right} is power
-      // of 2, unfortunately we need to know if {left} is negative or not.
-      // Maybe emit a Int32ModulusRightIsPowerOf2?
+      // TODO(v8:7700): Constant fold mod.
+      return ReduceResult::Fail();
+    case Operation::kDivide:
+      // TODO(v8:7700): Constant fold division.
+      return ReduceResult::Fail();
+    case Operation::kBitwiseAnd:
+      return GetInt32Constant(cst_left.value() & cst_right);
+    case Operation::kBitwiseOr:
+      return GetInt32Constant(cst_left.value() | cst_right);
+    case Operation::kBitwiseXor:
+      return GetInt32Constant(cst_left.value() ^ cst_right);
+    case Operation::kShiftLeft:
+      return GetInt32Constant(cst_left.value()
+                              << (static_cast<uint32_t>(cst_right) % 32));
+    case Operation::kShiftRight:
+      return GetInt32Constant(cst_left.value() >>
+                              (static_cast<uint32_t>(cst_right) % 32));
+    case Operation::kShiftRightLogical:
+      return GetUint32Constant(static_cast<uint32_t>(cst_left.value()) >>
+                               (static_cast<uint32_t>(cst_right) % 32));
     default:
-      // TODO(victorgomes): Implement more folds.
-      break;
+      UNREACHABLE();
   }
-  return nullptr;
 }
 
 template <Operation kOperation>
@@ -2086,17 +2220,11 @@ void MaglevGraphBuilder::BuildInt32BinaryOperationNode() {
   // Use BuildTruncatingInt32BinaryOperationNodeForToNumber with Smi input hint
   // for truncating operations.
   static_assert(!BinaryOperationIsBitwiseInt32<kOperation>());
-  // TODO(v8:7700): Do constant folding.
   ValueNode* left = LoadRegister(0);
   ValueNode* right = GetAccumulator();
-
-  if (ValueNode* result =
-          TryFoldInt32BinaryOperation<kOperation>(left, right)) {
-    SetAccumulator(result);
-    return;
-  }
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldInt32BinaryOperation<kOperation>(left, right), SetAccumulator);
   using OpNodeT = Int32NodeFor<kOperation>;
-
   SetAccumulator(AddNewNode<OpNodeT>({left, right}));
 }
 
@@ -2104,7 +2232,6 @@ template <Operation kOperation>
 void MaglevGraphBuilder::BuildTruncatingInt32BinaryOperationNodeForToNumber(
     ToNumberHint hint) {
   static_assert(BinaryOperationIsBitwiseInt32<kOperation>());
-  // TODO(v8:7700): Do constant folding.
   ValueNode* left;
   ValueNode* right;
   if (IsRegisterEqualToAccumulator(0)) {
@@ -2116,12 +2243,8 @@ void MaglevGraphBuilder::BuildTruncatingInt32BinaryOperationNodeForToNumber(
     right = GetTruncatedInt32ForToNumber(
         current_interpreter_frame_.accumulator(), hint);
   }
-
-  if (ValueNode* result =
-          TryFoldInt32BinaryOperation<kOperation>(left, right)) {
-    SetAccumulator(result);
-    return;
-  }
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldInt32BinaryOperation<kOperation>(left, right), SetAccumulator);
   SetAccumulator(AddNewNode<Int32NodeFor<kOperation>>({left, right}));
 }
 
@@ -2131,25 +2254,19 @@ void MaglevGraphBuilder::BuildInt32BinarySmiOperationNode() {
   // of whether it's really signed or not, so we allow Uint32 by loading a
   // TruncatedInt32 value.
   static_assert(!BinaryOperationIsBitwiseInt32<kOperation>());
-  // TODO(v8:7700): Do constant folding.
   ValueNode* left = GetAccumulator();
   int32_t constant = iterator_.GetImmediateOperand(0);
-  if (base::Optional<int>(constant) == Int32Identity<kOperation>()) {
+  if (std::optional<int>(constant) == Int32Identity<kOperation>()) {
     // Deopt if {left} is not a Int32.
     EnsureInt32(left);
     // If the constant is the unit of the operation, it already has the right
     // value, so just return.
     return;
   }
-  if (ValueNode* result =
-          TryFoldInt32BinaryOperation<kOperation>(left, constant)) {
-    SetAccumulator(result);
-    return;
-  }
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldInt32BinaryOperation<kOperation>(left, constant), SetAccumulator);
   ValueNode* right = GetInt32Constant(constant);
-
   using OpNodeT = Int32NodeFor<kOperation>;
-
   SetAccumulator(AddNewNode<OpNodeT>({left, right}));
 }
 
@@ -2157,11 +2274,10 @@ template <Operation kOperation>
 void MaglevGraphBuilder::BuildTruncatingInt32BinarySmiOperationNodeForToNumber(
     ToNumberHint hint) {
   static_assert(BinaryOperationIsBitwiseInt32<kOperation>());
-  // TODO(v8:7700): Do constant folding.
   ValueNode* left = GetTruncatedInt32ForToNumber(
       current_interpreter_frame_.accumulator(), hint);
   int32_t constant = iterator_.GetImmediateOperand(0);
-  if (base::Optional<int>(constant) == Int32Identity<kOperation>()) {
+  if (std::optional<int>(constant) == Int32Identity<kOperation>()) {
     // If the constant is the unit of the operation, it already has the right
     // value, so use the truncated value (if not just a conversion) and return.
     if (!left->properties().is_conversion()) {
@@ -2169,22 +2285,80 @@ void MaglevGraphBuilder::BuildTruncatingInt32BinarySmiOperationNodeForToNumber(
     }
     return;
   }
-  if (ValueNode* result =
-          TryFoldInt32BinaryOperation<kOperation>(left, constant)) {
-    SetAccumulator(result);
-    return;
-  }
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldInt32BinaryOperation<kOperation>(left, constant), SetAccumulator);
   ValueNode* right = GetInt32Constant(constant);
   SetAccumulator(AddNewNode<Int32NodeFor<kOperation>>({left, right}));
 }
 
+ValueNode* MaglevGraphBuilder::GetNumberConstant(double constant) {
+  if (IsSmiDouble(constant)) {
+    return GetInt32Constant(FastD2I(constant));
+  }
+  return GetFloat64Constant(constant);
+}
+
+template <Operation kOperation>
+ReduceResult MaglevGraphBuilder::TryFoldFloat64UnaryOperationForToNumber(
+    ToNumberHint hint, ValueNode* value) {
+  auto cst = TryGetFloat64Constant(value, hint);
+  if (!cst.has_value()) return ReduceResult::Fail();
+  switch (kOperation) {
+    case Operation::kNegate:
+      return GetNumberConstant(-cst.value());
+    case Operation::kIncrement:
+      return GetNumberConstant(cst.value() + 1);
+    case Operation::kDecrement:
+      return GetNumberConstant(cst.value() - 1);
+    default:
+      UNREACHABLE();
+  }
+}
+
+template <Operation kOperation>
+ReduceResult MaglevGraphBuilder::TryFoldFloat64BinaryOperationForToNumber(
+    ToNumberHint hint, ValueNode* left, ValueNode* right) {
+  auto cst_right = TryGetFloat64Constant(right, hint);
+  if (!cst_right.has_value()) return ReduceResult::Fail();
+  return TryFoldFloat64BinaryOperationForToNumber<kOperation>(
+      hint, left, cst_right.value());
+}
+
+template <Operation kOperation>
+ReduceResult MaglevGraphBuilder::TryFoldFloat64BinaryOperationForToNumber(
+    ToNumberHint hint, ValueNode* left, double cst_right) {
+  auto cst_left = TryGetFloat64Constant(left, hint);
+  if (!cst_left.has_value()) return ReduceResult::Fail();
+  switch (kOperation) {
+    case Operation::kAdd:
+      return GetNumberConstant(cst_left.value() + cst_right);
+    case Operation::kSubtract:
+      return GetNumberConstant(cst_left.value() - cst_right);
+    case Operation::kMultiply:
+      return GetNumberConstant(cst_left.value() * cst_right);
+    case Operation::kDivide:
+      return GetNumberConstant(cst_left.value() / cst_right);
+    case Operation::kModulus:
+      // TODO(v8:7700): Constant fold mod.
+      return ReduceResult::Fail();
+    case Operation::kExponentiate:
+      return GetNumberConstant(base::ieee754::pow(cst_left.value(), cst_right));
+    default:
+      UNREACHABLE();
+  }
+}
+
 template <Operation kOperation>
 void MaglevGraphBuilder::BuildFloat64BinarySmiOperationNodeForToNumber(
     ToNumberHint hint) {
-  // TODO(v8:7700): Do constant folding. Make sure to normalize HoleyFloat64
-  // nodes if constant folded.
+  // TODO(v8:7700): Do constant identity folding. Make sure to normalize
+  // HoleyFloat64 nodes if folded.
   ValueNode* left = GetAccumulatorHoleyFloat64ForToNumber(hint);
   double constant = static_cast<double>(iterator_.GetImmediateOperand(0));
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldFloat64BinaryOperationForToNumber<kOperation>(hint, left,
+                                                           constant),
+      SetAccumulator);
   ValueNode* right = GetFloat64Constant(constant);
   SetAccumulator(AddNewNode<Float64NodeFor<kOperation>>({left, right}));
 }
@@ -2192,9 +2366,12 @@ void MaglevGraphBuilder::BuildFloat64BinarySmiOperationNodeForToNumber(
 template <Operation kOperation>
 void MaglevGraphBuilder::BuildFloat64UnaryOperationNodeForToNumber(
     ToNumberHint hint) {
-  // TODO(v8:7700): Do constant folding. Make sure to normalize HoleyFloat64
-  // nodes if constant folded.
+  // TODO(v8:7700): Do constant identity folding. Make sure to normalize
+  // HoleyFloat64 nodes if folded.
   ValueNode* value = GetAccumulatorHoleyFloat64ForToNumber(hint);
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldFloat64UnaryOperationForToNumber<kOperation>(hint, value),
+      SetAccumulator);
   switch (kOperation) {
     case Operation::kNegate:
       SetAccumulator(AddNewNode<Float64Negate>({value}));
@@ -2214,10 +2391,13 @@ void MaglevGraphBuilder::BuildFloat64UnaryOperationNodeForToNumber(
 template <Operation kOperation>
 void MaglevGraphBuilder::BuildFloat64BinaryOperationNodeForToNumber(
     ToNumberHint hint) {
-  // TODO(v8:7700): Do constant folding. Make sure to normalize HoleyFloat64
-  // nodes if constant folded.
+  // TODO(v8:7700): Do constant identity folding. Make sure to normalize
+  // HoleyFloat64 nodes if folded.
   ValueNode* left = LoadRegisterHoleyFloat64ForToNumber(0, hint);
   ValueNode* right = GetAccumulatorHoleyFloat64ForToNumber(hint);
+  PROCESS_AND_RETURN_IF_DONE(
+      TryFoldFloat64BinaryOperationForToNumber<kOperation>(hint, left, right),
+      SetAccumulator);
   SetAccumulator(AddNewNode<Float64NodeFor<kOperation>>({left, right}));
 }
 
@@ -2511,12 +2691,24 @@ void MaglevGraphBuilder::VisitCompareOperation() {
       SetAccumulator(AddNewNode<Int32Compare>({left, right}, kOperation));
       return;
     }
+    case CompareOperationHint::kNumberOrBoolean:
+      if (kOperation != Operation::kEqual) {
+        if (TryReduceCompareEqualAgainstConstant<kOperation>()) return;
+        break;
+      }
+      [[fallthrough]];
     case CompareOperationHint::kNumber: {
       // TODO(leszeks): we could support kNumberOrOddball with
       // BranchIfFloat64Compare, but we'd need to special case comparing
       // oddballs with NaN value (e.g. undefined) against themselves.
-      ValueNode* left = GetFloat64(LoadRegister(0));
-      ValueNode* right = GetFloat64(GetAccumulator());
+      ToNumberHint to_number_hint =
+          nexus.GetCompareOperationFeedback() ==
+                  CompareOperationHint::kNumberOrBoolean
+              ? ToNumberHint::kAssumeNumberOrBoolean
+              : ToNumberHint::kDisallowToNumber;
+      ValueNode* left = GetFloat64ForToNumber(LoadRegister(0), to_number_hint);
+      ValueNode* right =
+          GetFloat64ForToNumber(GetAccumulator(), to_number_hint);
       if (left->Is<Float64Constant>() && right->Is<Float64Constant>()) {
         double left_value = left->Cast<Float64Constant>()->value().get_scalar();
         double right_value =
@@ -2593,7 +2785,7 @@ void MaglevGraphBuilder::VisitCompareOperation() {
           break;
         case Operation::kGreaterThanOrEqual:
           result = BuildCallBuiltin<Builtin::kStringGreaterThanOrEqual>(
-              {tagged_left, right});
+              {tagged_left, tagged_right});
           break;
       }
 
@@ -2603,7 +2795,6 @@ void MaglevGraphBuilder::VisitCompareOperation() {
     case CompareOperationHint::kAny:
     case CompareOperationHint::kBigInt64:
     case CompareOperationHint::kBigInt:
-    case CompareOperationHint::kNumberOrBoolean:
     case CompareOperationHint::kNumberOrOddball:
     case CompareOperationHint::kReceiverOrNullOrUndefined:
       if (TryReduceCompareEqualAgainstConstant<kOperation>()) return;
@@ -2721,7 +2912,8 @@ ValueNode* MaglevGraphBuilder::LoadAndCacheContextSlot(
     return cached_value;
   }
   known_node_aspects().UpdateMayHaveAliasingContexts(context);
-  return cached_value = BuildLoadTaggedField(context, offset);
+  return cached_value = BuildLoadTaggedField<LoadTaggedFieldForContextSlot>(
+             context, offset);
 }
 
 bool MaglevGraphBuilder::ContextMayAlias(
@@ -2742,7 +2934,8 @@ void MaglevGraphBuilder::StoreAndCacheContextSlot(ValueNode* context,
   DCHECK_EQ(
       known_node_aspects().loaded_context_constants.count({context, offset}),
       0);
-  BuildStoreTaggedField(context, value, offset, StoreTaggedMode::kDefault);
+  Node* store =
+      BuildStoreTaggedField(context, value, offset, StoreTaggedMode::kDefault);
 
   if (v8_flags.trace_maglev_graph_building) {
     std::cout << "  * Recording context slot store "
@@ -2770,25 +2963,38 @@ void MaglevGraphBuilder::StoreAndCacheContextSlot(ValueNode* context,
                       << std::endl;
           }
           cache.second = nullptr;
-          if (WithinAnEffectRecordingPeelingIteration()) {
-            GetCurrentPeeledLoopEffects().context_slot_written.insert(
-                cache.first);
+          if (is_loop_effect_tracking()) {
+            loop_effects_->context_slot_written.insert(cache.first);
+            loop_effects_->may_have_aliasing_contexts = true;
           }
         }
       }
     }
   }
   KnownNodeAspects::LoadedContextSlotsKey key{context, offset};
-  if (WithinAnEffectRecordingPeelingIteration()) {
-    auto updated = loaded_context_slots.emplace(key, value);
-    if (updated.second) {
-      GetCurrentPeeledLoopEffects().context_slot_written.insert(key);
-    } else if (updated.first->second != value) {
-      updated.first->second = value;
-      GetCurrentPeeledLoopEffects().context_slot_written.insert(key);
+  auto updated = loaded_context_slots.emplace(key, value);
+  if (updated.second) {
+    if (is_loop_effect_tracking()) {
+      loop_effects_->context_slot_written.insert(key);
     }
+    unobserved_context_slot_stores_[key] = store;
   } else {
-    loaded_context_slots[key] = value;
+    if (updated.first->second != value) {
+      updated.first->second = value;
+      if (is_loop_effect_tracking()) {
+        loop_effects_->context_slot_written.insert(key);
+      }
+    }
+    if (known_node_aspects().may_have_aliasing_contexts !=
+        KnownNodeAspects::ContextSlotLoadsAlias::Yes) {
+      auto last_store = unobserved_context_slot_stores_.find(key);
+      if (last_store != unobserved_context_slot_stores_.end()) {
+        MarkNodeDead(last_store->second);
+        last_store->second = store;
+      } else {
+        unobserved_context_slot_stores_[key] = store;
+      }
+    }
   }
 }
 
@@ -3451,8 +3657,7 @@ void MaglevGraphBuilder::VisitStaLookupSlot() {
   ValueNode* value = GetAccumulator();
   ValueNode* name = GetConstant(GetRefOperand<Name>(0));
   uint32_t flags = GetFlag8Operand(1);
-  // TODO(victorgomes): StaLookupSlotFunction will escape the current GetContext
-  // if contexts VOs are allowed to be modified.
+  EscapeContext();
   SetAccumulator(
       BuildCallRuntime(StaLookupSlotFunction(flags), {name, value}).value());
 }
@@ -3489,7 +3694,8 @@ NodeType StaticTypeForNode(compiler::JSHeapBroker* broker,
       return NodeType::kNumberOrOddball;
     case Opcode::kAllocationBlock:
     case Opcode::kInlinedAllocation:
-      return StaticTypeForMap(node->Cast<InlinedAllocation>()->object()->map());
+      return StaticTypeForMap(node->Cast<InlinedAllocation>()->object()->map(),
+                              broker);
     case Opcode::kRootConstant: {
       RootConstant* constant = node->Cast<RootConstant>();
       switch (constant->index()) {
@@ -3571,6 +3777,9 @@ bool MaglevGraphBuilder::EnsureType(ValueNode* node, NodeType type,
   if (old_type) *old_type = known_info->type();
   if (NodeTypeIs(known_info->type(), type)) return true;
   known_info->CombineType(type);
+  if (auto phi = node->TryCast<Phi>()) {
+    known_info->CombineType(phi->type());
+  }
   return false;
 }
 
@@ -3623,9 +3832,12 @@ NodeType MaglevGraphBuilder::GetType(ValueNode* node) {
   if (!known_node_aspects().IsValid(it)) {
     return StaticTypeForNode(broker(), local_isolate(), node);
   }
+  NodeType actual_type = it->second.type();
+  if (auto phi = node->TryCast<Phi>()) {
+    actual_type = CombineType(actual_type, phi->type());
+  }
 #ifdef DEBUG
   NodeType static_type = StaticTypeForNode(broker(), local_isolate(), node);
-  NodeType actual_type = it->second.type();
   if (!NodeTypeIs(actual_type, static_type)) {
     // In case we needed a numerical alternative of a smi value, the type
     // must generalize. In all other cases the node info type should reflect the
@@ -3634,16 +3846,15 @@ NodeType MaglevGraphBuilder::GetType(ValueNode* node) {
            !known_node_aspects().TryGetInfoFor(node)->alternative().has_none());
   }
 #endif  // DEBUG
-  if (auto phi = node->TryCast<Phi>()) {
-    return CombineType(it->second.type(), phi->type());
-  }
-  return it->second.type();
+  return actual_type;
 }
 
 bool MaglevGraphBuilder::HaveDifferentTypes(ValueNode* lhs, ValueNode* rhs) {
   return HasDifferentType(lhs, GetType(rhs));
 }
 
+// Note: this is conservative, ie, returns true if {lhs} cannot be {rhs}.
+// It might return false even if {lhs} is not {rhs}.
 bool MaglevGraphBuilder::HasDifferentType(ValueNode* lhs, NodeType rhs_type) {
   NodeType lhs_type = GetType(lhs);
   if (lhs_type == NodeType::kUnknown || rhs_type == NodeType::kUnknown) {
@@ -3679,6 +3890,8 @@ NodeType TaggedToFloat64ConversionTypeToNodeType(
   switch (conversion_type) {
     case TaggedToFloat64ConversionType::kOnlyNumber:
       return NodeType::kNumber;
+    case TaggedToFloat64ConversionType::kNumberOrBoolean:
+      return NodeType::kNumberOrBoolean;
     case TaggedToFloat64ConversionType::kNumberOrOddball:
       return NodeType::kNumberOrOddball;
   }
@@ -3745,9 +3958,9 @@ namespace {
 
 class KnownMapsMerger {
  public:
-  explicit KnownMapsMerger(compiler::JSHeapBroker* broker,
+  explicit KnownMapsMerger(compiler::JSHeapBroker* broker, Zone* zone,
                            base::Vector<const compiler::MapRef> requested_maps)
-      : broker_(broker), requested_maps_(requested_maps) {}
+      : broker_(broker), zone_(zone), requested_maps_(requested_maps) {}
 
   void IntersectWithKnownNodeAspects(
       ValueNode* object, const KnownNodeAspects& known_node_aspects) {
@@ -3796,8 +4009,8 @@ class KnownMapsMerger {
     // Update known maps.
     auto node_info = known_node_aspects.GetOrCreateInfoFor(
         object, broker_, broker_->local_isolate());
-    node_info->SetPossibleMaps(intersect_set_, any_map_is_unstable_,
-                               node_type_);
+    node_info->SetPossibleMaps(intersect_set_, any_map_is_unstable_, node_type_,
+                               broker_);
     // Make sure known_node_aspects.any_map_for_any_node_is_unstable is updated
     // in case any_map_is_unstable changed to true for this object -- this can
     // happen if this was an intersection with the universal set which added new
@@ -3839,6 +4052,7 @@ class KnownMapsMerger {
 
  private:
   compiler::JSHeapBroker* broker_;
+  Zone* zone_;
   base::Vector<const compiler::MapRef> requested_maps_;
   compiler::ZoneRefSet<Map> intersect_set_;
   bool known_maps_are_subset_of_requested_maps_ = true;
@@ -3847,13 +4061,13 @@ class KnownMapsMerger {
   bool any_map_is_unstable_ = false;
   NodeType node_type_ = static_cast<NodeType>(-1);
 
-  Zone* zone() const { return broker_->zone(); }
+  Zone* zone() const { return zone_; }
 
   void InsertMap(compiler::MapRef map) {
     if (map.is_migration_target()) {
       emit_check_with_migration_ = true;
     }
-    NodeType new_type = StaticTypeForMap(map);
+    NodeType new_type = StaticTypeForMap(map, broker_);
     if (new_type == NodeType::kHeapNumber) {
       new_type = IntersectType(new_type, NodeType::kSmi);
     }
@@ -3893,7 +4107,7 @@ ReduceResult MaglevGraphBuilder::BuildCheckMaps(
 
   // Calculates if known maps are a subset of maps, their map intersection and
   // whether we should emit check with migration.
-  KnownMapsMerger merger(broker(), maps);
+  KnownMapsMerger merger(broker(), zone(), maps);
   merger.IntersectWithKnownNodeAspects(object, known_node_aspects());
 
   // If the known maps are the subset of the maps to check, we are done.
@@ -3956,9 +4170,9 @@ ReduceResult MaglevGraphBuilder::BuildTransitionElementsKindOrCheckMap(
       {object}, transition_sources, transition_target,
       GetCheckType(known_info->type()));
   // After this operation, object's map is transition_target (or we deopted).
-  known_info->SetPossibleMaps(PossibleMaps{transition_target},
-                              !transition_target.is_stable(),
-                              StaticTypeForMap(transition_target));
+  known_info->SetPossibleMaps(
+      PossibleMaps{transition_target}, !transition_target.is_stable(),
+      StaticTypeForMap(transition_target, broker()), broker());
   DCHECK(transition_target.IsJSReceiverMap());
   if (!transition_target.is_stable()) {
     known_node_aspects().any_map_for_any_node_is_unstable = true;
@@ -3969,11 +4183,11 @@ ReduceResult MaglevGraphBuilder::BuildTransitionElementsKindOrCheckMap(
 }
 
 ReduceResult MaglevGraphBuilder::BuildCompareMaps(
-    ValueNode* heap_object, base::Optional<ValueNode*> object_map_opt,
+    ValueNode* heap_object, std::optional<ValueNode*> object_map_opt,
     base::Vector<const compiler::MapRef> maps, MaglevSubGraphBuilder* sub_graph,
-    base::Optional<MaglevSubGraphBuilder::Label>& if_not_matched) {
+    std::optional<MaglevSubGraphBuilder::Label>& if_not_matched) {
   GetOrCreateInfoFor(heap_object);
-  KnownMapsMerger merger(broker(), maps);
+  KnownMapsMerger merger(broker(), zone(), maps);
   merger.IntersectWithKnownNodeAspects(heap_object, known_node_aspects());
 
   if (merger.intersect_set().is_empty()) {
@@ -3992,7 +4206,7 @@ ReduceResult MaglevGraphBuilder::BuildCompareMaps(
   DCHECK(!V8_MAP_PACKING_BOOL);
 
   // TODO(pthier): Handle map migrations.
-  base::Optional<MaglevSubGraphBuilder::Label> map_matched;
+  std::optional<MaglevSubGraphBuilder::Label> map_matched;
   const compiler::ZoneRefSet<Map>& relevant_maps = merger.intersect_set();
   if (relevant_maps.size() > 1) {
     map_matched.emplace(sub_graph, static_cast<int>(relevant_maps.size()));
@@ -4017,7 +4231,7 @@ ReduceResult MaglevGraphBuilder::BuildTransitionElementsKindAndCompareMaps(
     ValueNode* heap_object,
     const ZoneVector<compiler::MapRef>& transition_sources,
     compiler::MapRef transition_target, MaglevSubGraphBuilder* sub_graph,
-    base::Optional<MaglevSubGraphBuilder::Label>& if_not_matched) {
+    std::optional<MaglevSubGraphBuilder::Label>& if_not_matched) {
   DCHECK(!transition_target.is_migration_target());
 
   NodeInfo* known_info = GetOrCreateInfoFor(heap_object);
@@ -4037,9 +4251,9 @@ ReduceResult MaglevGraphBuilder::BuildTransitionElementsKindAndCompareMaps(
       &*if_not_matched, {object_map, GetConstant(transition_target)});
   // After the branch, object's map is transition_target.
   DCHECK(transition_target.IsJSReceiverMap());
-  known_info->SetPossibleMaps(PossibleMaps{transition_target},
-                              !transition_target.is_stable(),
-                              StaticTypeForMap(transition_target));
+  known_info->SetPossibleMaps(
+      PossibleMaps{transition_target}, !transition_target.is_stable(),
+      StaticTypeForMap(transition_target, broker()), broker());
   if (!transition_target.is_stable()) {
     known_node_aspects().any_map_for_any_node_is_unstable = true;
   } else {
@@ -4090,84 +4304,144 @@ bool MaglevGraphBuilder::CanElideWriteBarrier(ValueNode* object,
   return false;
 }
 
-void MaglevGraphBuilder::BuildInitializeStoreTaggedField(
-    InlinedAllocation* object, ValueNode* value, int offset) {
+void MaglevGraphBuilder::BuildInitializeStore(InlinedAllocation* object,
+                                              ValueNode* value, int offset) {
+  const bool value_is_trusted = value->Is<TrustedConstant>();
   DCHECK(value->is_tagged());
   if (InlinedAllocation* inlined_value = value->TryCast<InlinedAllocation>()) {
-    auto deps = graph()->allocations().find(object);
-    CHECK(deps != graph()->allocations().end());
-    deps->second.push_back(inlined_value);
+    // Add to the escape set.
+    auto escape_deps = graph()->allocations_escape_map().find(object);
+    CHECK(escape_deps != graph()->allocations_escape_map().end());
+    escape_deps->second.push_back(inlined_value);
+    // Add to the elided set.
+    auto& elided_map = graph()->allocations_elide_map();
+    auto elided_deps = elided_map.try_emplace(inlined_value, zone()).first;
+    elided_deps->second.push_back(object);
     inlined_value->AddNonEscapingUses();
   }
-  BuildStoreTaggedField(object, value, offset, StoreTaggedMode::kInitializing);
+  if (value_is_trusted) {
+    BuildStoreTrustedPointerField(object, value, offset,
+                                  value->Cast<TrustedConstant>()->tag(),
+                                  StoreTaggedMode::kInitializing);
+  } else {
+    BuildStoreTaggedField(object, value, offset,
+                          StoreTaggedMode::kInitializing);
+  }
+}
+
+namespace {
+bool IsEscaping(Graph* graph, InlinedAllocation* alloc) {
+  if (alloc->IsEscaping()) return true;
+  auto it = graph->allocations_elide_map().find(alloc);
+  if (it == graph->allocations_elide_map().end()) return false;
+  for (InlinedAllocation* inner_alloc : it->second) {
+    if (IsEscaping(graph, inner_alloc)) {
+      return true;
+    }
+  }
+  return false;
 }
 
+bool VerifyIsNotEscaping(VirtualObject::List vos, InlinedAllocation* alloc) {
+  for (VirtualObject* vo : vos) {
+    if (vo->type() != VirtualObject::kDefault) continue;
+    if (vo->allocation() == alloc) continue;
+    for (uint32_t i = 0; i < vo->slot_count(); i++) {
+      ValueNode* nested_value = vo->get_by_index(i);
+      if (!nested_value->Is<InlinedAllocation>()) continue;
+      ValueNode* nested_alloc = nested_value->Cast<InlinedAllocation>();
+      if (nested_alloc == alloc) {
+        if (vo->allocation()->IsEscaping()) return false;
+        if (!VerifyIsNotEscaping(vos, vo->allocation())) return false;
+      }
+    }
+  }
+  return true;
+}
+}  // namespace
+
 bool MaglevGraphBuilder::CanTrackObjectChanges(ValueNode* receiver,
-                                               int offset) {
+                                               TrackObjectMode mode) {
   DCHECK(!receiver->Is<VirtualObject>());
-  if (!v8_flags.maglev_track_object_changes) return false;
-  if (offset == HeapObject::kMapOffset) return false;
+  if (!v8_flags.maglev_object_tracking) return false;
+  if (!receiver->Is<InlinedAllocation>()) return false;
+  InlinedAllocation* alloc = receiver->Cast<InlinedAllocation>();
+  if (mode == TrackObjectMode::kStore) {
+    // If we have two objects A and B, such that A points to B (it contains B in
+    // one of its field), we cannot change B without also changing A, even if
+    // both can be elided. For now, we escape both objects instead.
+    if (graph_->allocations_elide_map().find(alloc) !=
+        graph_->allocations_elide_map().end()) {
+      return false;
+    }
+    if (alloc->IsEscaping()) return false;
+  } else {
+    DCHECK_EQ(mode, TrackObjectMode::kLoad);
+    if (IsEscaping(graph_, alloc)) return false;
+  }
   // We don't support loop phis inside VirtualObjects, so any access inside a
-  // loop should escape the object.
-  if (bytecode_analysis().GetLoopOffsetFor(iterator_.current_offset()) != -1) {
-    return false;
+  // loop should escape the object, except for objects that were created since
+  // the last loop header.
+  if (IsInsideLoop()) {
+    if (!is_loop_effect_tracking() ||
+        !loop_effects_->allocations.contains(alloc)) {
+      return false;
+    }
   }
-  if (InlinedAllocation* alloc = receiver->TryCast<InlinedAllocation>()) {
-    if (alloc->IsEscaping()) return false;
-    // TODO(victorgomes): Support modifying contexts. Currently
-    // StaLookupSlotFunction can implicitly modify the active context.
-    if (alloc->object()->map().IsContextMap()) return false;
-    return true;
+  // Iterate all live objects to be sure that the allocation is not escaping.
+  SLOW_DCHECK(
+      VerifyIsNotEscaping(current_interpreter_frame_.virtual_objects(), alloc));
+  return true;
+}
+
+VirtualObject* MaglevGraphBuilder::GetObjectFromAllocation(
+    InlinedAllocation* allocation) {
+  VirtualObject* vobject = allocation->object();
+  // If it hasn't be snapshotted yet, it is the latest created version of this
+  // object, we don't need to search for it.
+  if (vobject->IsSnapshot()) {
+    vobject = current_interpreter_frame_.virtual_objects().FindAllocatedWith(
+        allocation);
   }
-  return false;
+  return vobject;
 }
 
-ValueNode* MaglevGraphBuilder::BuildLoadTaggedField(ValueNode* object,
-                                                    int offset) {
-  if (CanTrackObjectChanges(object, offset)) {
-    InlinedAllocation* allocation = object->TryCast<InlinedAllocation>();
-    VirtualObject* vobj = allocation->object();
-    // If it hasn't be snapshotted yet, it is the latest created version of this
-    // object, we don't need to search for it.
-    if (vobj->IsSnapshot()) {
-      vobj = current_interpreter_frame_.virtual_objects().FindAllocatedWith(
-          allocation);
-    }
-    ValueNode* value = vobj->get(offset);
-    TRACE("  * Reusing value in virtual object "
-          << PrintNodeLabel(graph_labeller(), vobj) << "[" << offset
-          << "]: " << PrintNode(graph_labeller(), value));
-    return value;
+VirtualObject* MaglevGraphBuilder::GetModifiableObjectFromAllocation(
+    InlinedAllocation* allocation) {
+  VirtualObject* vobject = allocation->object();
+  // If it hasn't be snapshotted yet, it is the latest created version of this
+  // object and we can still modify it, we don't need to copy it.
+  if (vobject->IsSnapshot()) {
+    return DeepCopyVirtualObject(
+        current_interpreter_frame_.virtual_objects().FindAllocatedWith(
+            allocation));
   }
-  return AddNewNode<LoadTaggedField>({object}, offset);
+  return vobject;
 }
 
 void MaglevGraphBuilder::TryBuildStoreTaggedFieldToAllocation(ValueNode* object,
                                                               ValueNode* value,
                                                               int offset) {
-  if (!CanTrackObjectChanges(object, offset)) return;
+  if (offset == HeapObject::kMapOffset) return;
+  if (!CanTrackObjectChanges(object, TrackObjectMode::kStore)) return;
   // This avoids loop in the object graph.
   if (value->Is<InlinedAllocation>()) return;
   InlinedAllocation* allocation = object->Cast<InlinedAllocation>();
-  // If it hasn't be snapshotted yet, it is the latest created version of this
-  // object and we can still modify it, we don't need to copy it.
-  VirtualObject* vobject = allocation->object();
-  if (vobject->IsSnapshot()) {
-    vobject = DeepCopyVirtualObject(
-        current_interpreter_frame_.virtual_objects().FindAllocatedWith(
-            allocation));
-  }
+  VirtualObject* vobject = GetModifiableObjectFromAllocation(allocation);
+  CHECK_EQ(vobject->type(), VirtualObject::kDefault);
   CHECK_NOT_NULL(vobject);
   vobject->set(offset, value);
   AddNonEscapingUses(allocation, 1);
-  TRACE("  * Setting value in virtual object "
-        << PrintNodeLabel(graph_labeller(), vobject) << "[" << offset
-        << "]: " << PrintNode(graph_labeller(), value));
+  if (v8_flags.trace_maglev_object_tracking) {
+    std::cout << "  * Setting value in virtual object "
+              << PrintNodeLabel(graph_labeller(), vobject) << "[" << offset
+              << "]: " << PrintNode(graph_labeller(), value) << std::endl;
+  }
 }
 
-void MaglevGraphBuilder::BuildStoreTaggedField(ValueNode* object,
-                                               ValueNode* value, int offset,
-                                               StoreTaggedMode store_mode) {
+Node* MaglevGraphBuilder::BuildStoreTaggedField(ValueNode* object,
+                                                ValueNode* value, int offset,
+                                                StoreTaggedMode store_mode) {
   // The value may be used to initialize a VO, which can leak to IFS.
   // It should NOT be a conversion node, UNLESS it's an initializing value.
   // Initializing values are tagged before allocation, since conversion nodes
@@ -4178,11 +4452,11 @@ void MaglevGraphBuilder::BuildStoreTaggedField(ValueNode* object,
     TryBuildStoreTaggedFieldToAllocation(object, value, offset);
   }
   if (CanElideWriteBarrier(object, value)) {
-    AddNewNode<StoreTaggedFieldNoWriteBarrier>({object, value}, offset,
-                                               store_mode);
+    return AddNewNode<StoreTaggedFieldNoWriteBarrier>({object, value}, offset,
+                                                      store_mode);
   } else {
-    AddNewNode<StoreTaggedFieldWithWriteBarrier>({object, value}, offset,
-                                                 store_mode);
+    return AddNewNode<StoreTaggedFieldWithWriteBarrier>({object, value}, offset,
+                                                        store_mode);
   }
 }
 
@@ -4203,9 +4477,67 @@ void MaglevGraphBuilder::BuildStoreTaggedFieldNoWriteBarrier(
                                              store_mode);
 }
 
+void MaglevGraphBuilder::BuildStoreTrustedPointerField(
+    ValueNode* object, ValueNode* value, int offset, IndirectPointerTag tag,
+    StoreTaggedMode store_mode) {
+#ifdef V8_ENABLE_SANDBOX
+  AddNewNode<StoreTrustedPointerFieldWithWriteBarrier>({object, value}, offset,
+                                                       tag, store_mode);
+#else
+  BuildStoreTaggedField(object, value, offset, store_mode);
+#endif  // V8_ENABLE_SANDBOX
+}
+
+ValueNode* MaglevGraphBuilder::BuildLoadFixedArrayElement(ValueNode* elements,
+                                                          int index) {
+  compiler::OptionalHeapObjectRef maybe_constant;
+  if ((maybe_constant = TryGetConstant(elements)) &&
+      maybe_constant.value().IsFixedArray()) {
+    compiler::FixedArrayRef fixed_array_ref =
+        maybe_constant.value().AsFixedArray();
+    if (index >= 0 && index < fixed_array_ref.length()) {
+      compiler::OptionalObjectRef maybe_value =
+          fixed_array_ref.TryGet(broker(), index);
+      if (maybe_value) return GetConstant(*maybe_value);
+    } else {
+      return GetRootConstant(RootIndex::kTheHoleValue);
+    }
+  }
+  if (CanTrackObjectChanges(elements, TrackObjectMode::kLoad)) {
+    VirtualObject* vobject =
+        GetObjectFromAllocation(elements->Cast<InlinedAllocation>());
+    CHECK_EQ(vobject->type(), VirtualObject::kDefault);
+    DCHECK(vobject->map().IsFixedArrayMap());
+    ValueNode* length_node = vobject->get(FixedArray::kLengthOffset);
+    if (auto length = TryGetInt32Constant(length_node)) {
+      if (index >= 0 && index < length.value()) {
+        return vobject->get(FixedArray::OffsetOfElementAt(index));
+      } else {
+        return GetRootConstant(RootIndex::kTheHoleValue);
+      }
+    }
+  }
+  if (index < 0 || index >= FixedArray::kMaxLength) {
+    return GetRootConstant(RootIndex::kTheHoleValue);
+  }
+  return AddNewNode<LoadTaggedField>({elements},
+                                     FixedArray::OffsetOfElementAt(index));
+}
+
+ValueNode* MaglevGraphBuilder::BuildLoadFixedArrayElement(ValueNode* elements,
+                                                          ValueNode* index) {
+  if (auto constant = TryGetInt32Constant(index)) {
+    return BuildLoadFixedArrayElement(elements, constant.value());
+  }
+  return AddNewNode<LoadFixedArrayElement>({elements, index});
+}
+
 void MaglevGraphBuilder::BuildStoreFixedArrayElement(ValueNode* elements,
                                                      ValueNode* index,
                                                      ValueNode* value) {
+  // TODO(victorgomes): Support storing element to a virtual object. If we
+  // modify the elements array, we need to modify the original object to point
+  // to the new elements array.
   if (CanElideWriteBarrier(elements, value)) {
     AddNewNode<StoreFixedArrayElementNoWriteBarrier>({elements, index, value});
   } else {
@@ -4214,6 +4546,51 @@ void MaglevGraphBuilder::BuildStoreFixedArrayElement(ValueNode* elements,
   }
 }
 
+ValueNode* MaglevGraphBuilder::BuildLoadFixedDoubleArrayElement(
+    ValueNode* elements, int index) {
+  if (CanTrackObjectChanges(elements, TrackObjectMode::kLoad)) {
+    VirtualObject* vobject =
+        GetObjectFromAllocation(elements->Cast<InlinedAllocation>());
+    compiler::FixedDoubleArrayRef elements_array = vobject->double_elements();
+    if (index >= 0 && index < elements_array.length()) {
+      Float64 value = elements_array.GetFromImmutableFixedDoubleArray(index);
+      return GetFloat64Constant(value.get_scalar());
+    } else {
+      return GetRootConstant(RootIndex::kTheHoleValue);
+    }
+  }
+  if (index < 0 || index >= FixedArray::kMaxLength) {
+    return GetRootConstant(RootIndex::kTheHoleValue);
+  }
+  return AddNewNode<LoadFixedDoubleArrayElement>(
+      {elements, GetInt32Constant(index)});
+}
+
+ValueNode* MaglevGraphBuilder::BuildLoadFixedDoubleArrayElement(
+    ValueNode* elements, ValueNode* index) {
+  if (auto constant = TryGetInt32Constant(index)) {
+    return BuildLoadFixedDoubleArrayElement(elements, constant.value());
+  }
+  return AddNewNode<LoadFixedDoubleArrayElement>({elements, index});
+}
+
+void MaglevGraphBuilder::BuildStoreFixedDoubleArrayElement(ValueNode* elements,
+                                                           ValueNode* index,
+                                                           ValueNode* value) {
+  // TODO(victorgomes): Support storing double element to a virtual object.
+  AddNewNode<StoreFixedDoubleArrayElement>({elements, index, value});
+}
+
+ValueNode* MaglevGraphBuilder::BuildLoadHoleyFixedDoubleArrayElement(
+    ValueNode* elements, ValueNode* index, bool convert_hole) {
+  if (convert_hole) {
+    return AddNewNode<LoadHoleyFixedDoubleArrayElement>({elements, index});
+  } else {
+    return AddNewNode<LoadHoleyFixedDoubleArrayElementCheckedNotHole>(
+        {elements, index});
+  }
+}
+
 bool MaglevGraphBuilder::CanTreatHoleAsUndefined(
     base::Vector<const compiler::MapRef> const& receiver_maps) {
   // Check if all {receiver_maps} have one of the initial Array.prototype
@@ -4290,7 +4667,7 @@ compiler::OptionalObjectRef MaglevGraphBuilder::TryFoldLoadConstantDataField(
       broker()->dependencies());
 }
 
-base::Optional<Float64> MaglevGraphBuilder::TryFoldLoadConstantDoubleField(
+std::optional<Float64> MaglevGraphBuilder::TryFoldLoadConstantDoubleField(
     compiler::JSObjectRef holder,
     compiler::PropertyAccessInfo const& access_info) {
   DCHECK(access_info.field_representation().IsDouble());
@@ -4334,27 +4711,33 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyGetterCall(
 
 ReduceResult MaglevGraphBuilder::TryBuildPropertySetterCall(
     compiler::PropertyAccessInfo const& access_info, ValueNode* receiver,
-    ValueNode* value) {
+    ValueNode* lookup_start_object, ValueNode* value) {
+  // Setting super properties shouldn't end up here.
+  DCHECK_EQ(receiver, lookup_start_object);
   compiler::ObjectRef constant = access_info.constant().value();
   if (constant.IsJSFunction()) {
     CallArguments args(ConvertReceiverMode::kNotNullOrUndefined,
                        {receiver, value});
     RETURN_IF_ABORT(ReduceCallForConstant(constant.AsJSFunction(), args));
-    return ReduceResult::Done();
   } else {
-    // TODO(victorgomes): API calls.
-    return ReduceResult::Fail();
+    compiler::FunctionTemplateInfoRef templ = constant.AsFunctionTemplateInfo();
+    CallArguments args(ConvertReceiverMode::kNotNullOrUndefined,
+                       {receiver, value});
+    RETURN_IF_ABORT(
+        ReduceCallForApiFunction(templ, {}, access_info.api_holder(), args));
   }
+  // Ignore the return value of the setter call.
+  return ReduceResult::Done();
 }
 
 ValueNode* MaglevGraphBuilder::BuildLoadField(
     compiler::PropertyAccessInfo const& access_info,
-    ValueNode* lookup_start_object) {
+    ValueNode* lookup_start_object, compiler::NameRef name) {
   compiler::OptionalJSObjectRef constant_holder =
       TryGetConstantDataFieldHolder(access_info, lookup_start_object);
   if (constant_holder) {
     if (access_info.field_representation().IsDouble()) {
-      base::Optional<Float64> constant =
+      std::optional<Float64> constant =
           TryFoldLoadConstantDoubleField(constant_holder.value(), access_info);
       if (constant.has_value()) {
         return GetFloat64Constant(constant.value());
@@ -4386,7 +4769,8 @@ ValueNode* MaglevGraphBuilder::BuildLoadField(
   if (field_index.is_double()) {
     return AddNewNode<LoadDoubleField>({load_source}, field_index.offset());
   }
-  ValueNode* value = BuildLoadTaggedField(load_source, field_index.offset());
+  ValueNode* value = BuildLoadTaggedField<LoadTaggedFieldForProperty>(
+      load_source, field_index.offset(), name);
   // Insert stable field information if present.
   if (access_info.field_representation().IsSmi()) {
     NodeInfo* known_info = GetOrCreateInfoFor(value);
@@ -4398,7 +4782,7 @@ ValueNode* MaglevGraphBuilder::BuildLoadField(
       DCHECK(access_info.field_map().value().IsJSReceiverMap());
       auto map = access_info.field_map().value();
       known_info->SetPossibleMaps(PossibleMaps{map}, false,
-                                  StaticTypeForMap(map));
+                                  StaticTypeForMap(map, broker()), broker());
       broker()->dependencies()->DependOnStableMap(map);
     } else {
       known_info->CombineType(NodeType::kAnyHeapObject);
@@ -4426,7 +4810,8 @@ ValueNode* MaglevGraphBuilder::BuildLoadJSArrayLength(ValueNode* js_array,
     return known_length.value();
   }
 
-  ValueNode* length = BuildLoadTaggedField(js_array, JSArray::kLengthOffset);
+  ValueNode* length = BuildLoadTaggedField<LoadTaggedFieldForProperty>(
+      js_array, JSArray::kLengthOffset, broker()->length_string());
   GetOrCreateInfoFor(length)->CombineType(length_type);
   RecordKnownProperty(js_array, broker()->length_string(), length, false,
                       compiler::AccessMode::kLoad);
@@ -4436,13 +4821,13 @@ ValueNode* MaglevGraphBuilder::BuildLoadJSArrayLength(ValueNode* js_array,
 void MaglevGraphBuilder::BuildStoreMap(ValueNode* object, compiler::MapRef map,
                                        StoreMap::Kind kind) {
   AddNewNode<StoreMap>({object}, map, kind);
-  NodeType object_type = StaticTypeForMap(map);
+  NodeType object_type = StaticTypeForMap(map, broker());
   NodeInfo* node_info = GetOrCreateInfoFor(object);
   if (map.is_stable()) {
-    node_info->SetPossibleMaps(PossibleMaps{map}, false, object_type);
+    node_info->SetPossibleMaps(PossibleMaps{map}, false, object_type, broker());
     broker()->dependencies()->DependOnStableMap(map);
   } else {
-    node_info->SetPossibleMaps(PossibleMaps{map}, true, object_type);
+    node_info->SetPossibleMaps(PossibleMaps{map}, true, object_type, broker());
     known_node_aspects().any_map_for_any_node_is_unstable = true;
   }
 }
@@ -4472,9 +4857,6 @@ ReduceResult MaglevGraphBuilder::TryBuildStoreField(
 
     if (original_map->UnusedPropertyFields() == 0) {
       DCHECK(!field_index.is_inobject());
-      if (!v8_flags.maglev_extend_properties_backing_store) {
-        return ReduceResult::Fail();
-      }
     }
     if (!field_index.is_inobject()) {
       // If slack tracking ends after this compilation started but before it's
@@ -4594,7 +4976,8 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyLoad(
       return GetRootConstant(RootIndex::kUndefinedValue);
     case compiler::PropertyAccessInfo::kDataField:
     case compiler::PropertyAccessInfo::kFastDataConstant: {
-      ValueNode* result = BuildLoadField(access_info, lookup_start_object);
+      ValueNode* result =
+          BuildLoadField(access_info, lookup_start_object, name);
       RecordKnownProperty(lookup_start_object, name, result,
                           AccessInfoGuaranteedConst(access_info),
                           compiler::AccessMode::kLoad);
@@ -4612,11 +4995,12 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyLoad(
                                         lookup_start_object);
     case compiler::PropertyAccessInfo::kModuleExport: {
       ValueNode* cell = GetConstant(access_info.constant().value().AsCell());
-      return BuildLoadTaggedField(cell, Cell::kValueOffset);
+      return BuildLoadTaggedField<LoadTaggedFieldForProperty>(
+          cell, Cell::kValueOffset, name);
     }
     case compiler::PropertyAccessInfo::kStringLength: {
       DCHECK_EQ(receiver, lookup_start_object);
-      ValueNode* result = AddNewNode<StringLength>({receiver});
+      ValueNode* result = BuildLoadStringLength(receiver);
       RecordKnownProperty(lookup_start_object, name, result,
                           AccessInfoGuaranteedConst(access_info),
                           compiler::AccessMode::kLoad);
@@ -4626,7 +5010,7 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyLoad(
 }
 
 ReduceResult MaglevGraphBuilder::TryBuildPropertyStore(
-    ValueNode* receiver, compiler::NameRef name,
+    ValueNode* receiver, ValueNode* lookup_start_object, compiler::NameRef name,
     compiler::PropertyAccessInfo const& access_info,
     compiler::AccessMode access_mode) {
   if (access_info.holder().has_value()) {
@@ -4638,7 +5022,7 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyStore(
   switch (access_info.kind()) {
     case compiler::PropertyAccessInfo::kFastAccessorConstant: {
       return TryBuildPropertySetterCall(access_info, receiver,
-                                        GetAccumulator());
+                                        lookup_start_object, GetAccumulator());
     }
     case compiler::PropertyAccessInfo::kDataField:
     case compiler::PropertyAccessInfo::kFastDataConstant: {
@@ -4673,7 +5057,8 @@ ReduceResult MaglevGraphBuilder::TryBuildPropertyAccess(
     case compiler::AccessMode::kStoreInLiteral:
     case compiler::AccessMode::kDefine:
       DCHECK_EQ(receiver, lookup_start_object);
-      return TryBuildPropertyStore(receiver, name, access_info, access_mode);
+      return TryBuildPropertyStore(receiver, lookup_start_object, name,
+                                   access_info, access_mode);
     case compiler::AccessMode::kHas:
       // TODO(victorgomes): BuildPropertyTest.
       return ReduceResult::Fail();
@@ -4739,7 +5124,7 @@ ReduceResult MaglevGraphBuilder::TryBuildNamedAccess(
   } else {
     // TODO(leszeks): This is doing duplicate work with BuildCheckMaps,
     // consider passing the merger into there.
-    KnownMapsMerger merger(broker(), base::VectorOf(feedback.maps()));
+    KnownMapsMerger merger(broker(), zone(), base::VectorOf(feedback.maps()));
     merger.IntersectWithKnownNodeAspects(lookup_start_object,
                                          known_node_aspects());
     inferred_maps = merger.intersect_set();
@@ -4892,7 +5277,7 @@ ReduceResult MaglevGraphBuilder::TryBuildElementAccessOnString(
   // Ensure that {object} is actually a String.
   BuildCheckString(object);
 
-  ValueNode* length = AddNewNode<StringLength>({object});
+  ValueNode* length = BuildLoadStringLength(object);
   ValueNode* index = GetInt32ElementIndex(index_object);
   auto emit_load = [&] { return AddNewNode<StringAt>({object, index}); };
 
@@ -4908,9 +5293,9 @@ ReduceResult MaglevGraphBuilder::TryBuildElementAccessOnString(
         },
         emit_load, [&] { return GetRootConstant(RootIndex::kUndefinedValue); });
   } else {
-    AddNewNode<CheckInt32Condition>({index, length},
-                                    AssertCondition::kUnsignedLessThan,
-                                    DeoptimizeReason::kOutOfBounds);
+    RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+        index, length, AssertCondition::kUnsignedLessThan,
+        DeoptimizeReason::kOutOfBounds));
     return emit_load();
   }
 }
@@ -4929,8 +5314,86 @@ ReduceResult TryFindLoadedProperty(
   return it->second;
 }
 
+bool CheckConditionIn32(int32_t lhs, int32_t rhs, AssertCondition condition) {
+  switch (condition) {
+    case AssertCondition::kEqual:
+      return lhs == rhs;
+    case AssertCondition::kNotEqual:
+      return lhs != rhs;
+    case AssertCondition::kLessThan:
+      return lhs < rhs;
+    case AssertCondition::kLessThanEqual:
+      return lhs <= rhs;
+    case AssertCondition::kGreaterThan:
+      return lhs > rhs;
+    case AssertCondition::kGreaterThanEqual:
+      return lhs >= rhs;
+    case AssertCondition::kUnsignedLessThan:
+      return static_cast<uint32_t>(lhs) < static_cast<uint32_t>(rhs);
+    case AssertCondition::kUnsignedLessThanEqual:
+      return static_cast<uint32_t>(lhs) <= static_cast<uint32_t>(rhs);
+    case AssertCondition::kUnsignedGreaterThan:
+      return static_cast<uint32_t>(lhs) > static_cast<uint32_t>(rhs);
+    case AssertCondition::kUnsignedGreaterThanEqual:
+      return static_cast<uint32_t>(lhs) >= static_cast<uint32_t>(rhs);
+  }
+}
+
+bool CompareInt32(int32_t lhs, int32_t rhs, Operation operation) {
+  switch (operation) {
+    case Operation::kEqual:
+    case Operation::kStrictEqual:
+      return lhs == rhs;
+    case Operation::kLessThan:
+      return lhs < rhs;
+    case Operation::kLessThanOrEqual:
+      return lhs <= rhs;
+    case Operation::kGreaterThan:
+      return lhs > rhs;
+    case Operation::kGreaterThanOrEqual:
+      return lhs >= rhs;
+    default:
+      UNREACHABLE();
+  }
+}
+
+bool CompareUint32(uint32_t lhs, uint32_t rhs, Operation operation) {
+  switch (operation) {
+    case Operation::kEqual:
+    case Operation::kStrictEqual:
+      return lhs == rhs;
+    case Operation::kLessThan:
+      return lhs < rhs;
+    case Operation::kLessThanOrEqual:
+      return lhs <= rhs;
+    case Operation::kGreaterThan:
+      return lhs > rhs;
+    case Operation::kGreaterThanOrEqual:
+      return lhs >= rhs;
+    default:
+      UNREACHABLE();
+  }
+}
+
 }  // namespace
 
+ReduceResult MaglevGraphBuilder::TryBuildCheckInt32Condition(
+    ValueNode* lhs, ValueNode* rhs, AssertCondition condition,
+    DeoptimizeReason reason) {
+  auto lhs_const = TryGetInt32Constant(lhs);
+  if (lhs_const) {
+    auto rhs_const = TryGetInt32Constant(rhs);
+    if (rhs_const) {
+      if (CheckConditionIn32(lhs_const.value(), rhs_const.value(), condition)) {
+        return ReduceResult::Done();
+      }
+      return EmitUnconditionalDeopt(reason);
+    }
+  }
+  AddNewNode<CheckInt32Condition>({lhs, rhs}, condition, reason);
+  return ReduceResult::Done();
+}
+
 ValueNode* MaglevGraphBuilder::BuildLoadElements(ValueNode* object) {
   ReduceResult known_elements =
       TryFindLoadedProperty(known_node_aspects().loaded_properties, object,
@@ -5105,26 +5568,22 @@ ReduceResult MaglevGraphBuilder::TryBuildElementLoadOnJSArrayOrJSObject(
   ValueNode* length = is_jsarray ? GetInt32(BuildLoadJSArrayLength(object))
                                  : BuildLoadFixedArrayLength(elements_array);
 
-  auto emit_load = [&] {
+  auto emit_load = [&]() -> ReduceResult {
     ValueNode* result;
     if (elements_kind == HOLEY_DOUBLE_ELEMENTS) {
-      if (CanTreatHoleAsUndefined(maps) && LoadModeHandlesHoles(load_mode)) {
-        result = AddNewNode<LoadHoleyFixedDoubleArrayElement>(
-            {elements_array, index});
-      } else {
-        result = AddNewNode<LoadHoleyFixedDoubleArrayElementCheckedNotHole>(
-            {elements_array, index});
-      }
+      result = BuildLoadHoleyFixedDoubleArrayElement(
+          elements_array, index,
+          CanTreatHoleAsUndefined(maps) && LoadModeHandlesHoles(load_mode));
     } else if (elements_kind == PACKED_DOUBLE_ELEMENTS) {
-      result = AddNewNode<LoadFixedDoubleArrayElement>({elements_array, index});
+      result = BuildLoadFixedDoubleArrayElement(elements_array, index);
     } else {
       DCHECK(!IsDoubleElementsKind(elements_kind));
-      result = AddNewNode<LoadFixedArrayElement>({elements_array, index});
+      result = BuildLoadFixedArrayElement(elements_array, index);
       if (IsHoleyElementsKind(elements_kind)) {
         if (CanTreatHoleAsUndefined(maps) && LoadModeHandlesHoles(load_mode)) {
-          result = AddNewNode<ConvertHoleToUndefined>({result});
+          result = BuildConvertHoleToUndefined(result);
         } else {
-          result = AddNewNode<CheckNotHole>({result});
+          RETURN_IF_ABORT(BuildCheckNotHole(result));
           if (IsSmiElementsKind(elements_kind)) {
             EnsureType(result, NodeType::kSmi);
           }
@@ -5140,16 +5599,16 @@ ReduceResult MaglevGraphBuilder::TryBuildElementLoadOnJSArrayOrJSObject(
     ValueNode* positive_index;
     GET_VALUE_OR_ABORT(positive_index, GetUint32ElementIndex(index));
     ValueNode* uint32_length = AddNewNode<UnsafeInt32ToUint32>({length});
-    return Select(
+    return SelectReduction(
         [&](auto& builder) {
           return BuildBranchIfUint32Compare(builder, Operation::kLessThan,
                                             positive_index, uint32_length);
         },
         emit_load, [&] { return GetRootConstant(RootIndex::kUndefinedValue); });
   } else {
-    AddNewNode<CheckInt32Condition>({index, length},
-                                    AssertCondition::kUnsignedLessThan,
-                                    DeoptimizeReason::kOutOfBounds);
+    RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+        index, length, AssertCondition::kUnsignedLessThan,
+        DeoptimizeReason::kOutOfBounds));
     return emit_load();
   }
 }
@@ -5225,9 +5684,9 @@ ReduceResult MaglevGraphBuilder::TryBuildElementStoreOnJSArrayOrJSObject(
           : is_jsarray
               ? AddNewNode<Int32AddWithOverflow>({length, GetInt32Constant(1)})
               : elements_array_length;
-      AddNewNode<CheckInt32Condition>({index, limit},
-                                      AssertCondition::kUnsignedLessThan,
-                                      DeoptimizeReason::kOutOfBounds);
+      RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+          index, limit, AssertCondition::kUnsignedLessThan,
+          DeoptimizeReason::kOutOfBounds));
 
       // Grow backing store if necessary and handle COW.
       elements_array = AddNewNode<MaybeGrowFastElements>(
@@ -5251,9 +5710,9 @@ ReduceResult MaglevGraphBuilder::TryBuildElementStoreOnJSArrayOrJSObject(
                             false, compiler::AccessMode::kStore);
       }
     } else {
-      AddNewNode<CheckInt32Condition>({index, length},
-                                      AssertCondition::kUnsignedLessThan,
-                                      DeoptimizeReason::kOutOfBounds);
+      RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+          index, length, AssertCondition::kUnsignedLessThan,
+          DeoptimizeReason::kOutOfBounds));
 
       // Handle COW if needed.
       if (IsSmiOrObjectElementsKind(elements_kind)) {
@@ -5271,7 +5730,7 @@ ReduceResult MaglevGraphBuilder::TryBuildElementStoreOnJSArrayOrJSObject(
 
   // Do the store.
   if (IsDoubleElementsKind(elements_kind)) {
-    AddNewNode<StoreFixedDoubleArrayElement>({elements_array, index, value});
+    BuildStoreFixedDoubleArrayElement(elements_array, index, value);
   } else {
     BuildStoreFixedArrayElement(elements_array, index, value);
   }
@@ -5436,9 +5895,9 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicElementAccess(
   const int access_info_count = static_cast<int>(access_infos.size());
   // Stores don't return a value, so we don't need a variable for the result.
   MaglevSubGraphBuilder sub_graph(this, is_any_store ? 0 : 1);
-  base::Optional<MaglevSubGraphBuilder::Variable> ret_val;
-  base::Optional<MaglevSubGraphBuilder::Label> done;
-  base::Optional<MaglevSubGraphBuilder::Label> generic_access;
+  std::optional<MaglevSubGraphBuilder::Variable> ret_val;
+  std::optional<MaglevSubGraphBuilder::Label> done;
+  std::optional<MaglevSubGraphBuilder::Label> generic_access;
 
   BuildCheckHeapObject(object);
 
@@ -5447,7 +5906,7 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicElementAccess(
   // access for Uint16/Uint32/Int16/Int32/...).
   for (int i = 0; i < access_info_count; i++) {
     compiler::ElementAccessInfo const& access_info = access_infos[i];
-    base::Optional<MaglevSubGraphBuilder::Label> check_next_map;
+    std::optional<MaglevSubGraphBuilder::Label> check_next_map;
     const bool handle_transitions = !access_info.transition_sources().empty();
     ReduceResult map_check_result;
     if (i == access_info_count - 1) {
@@ -5576,7 +6035,7 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicPropertyAccess(
       if (map.IsHeapNumberMap()) {
         GetOrCreateInfoFor(lookup_start_object);
         base::SmallVector<compiler::MapRef, 1> known_maps = {map};
-        KnownMapsMerger merger(broker(), base::VectorOf(known_maps));
+        KnownMapsMerger merger(broker(), zone(), base::VectorOf(known_maps));
         merger.IntersectWithKnownNodeAspects(lookup_start_object,
                                              known_node_aspects());
         if (!merger.intersect_set().is_empty()) {
@@ -5589,10 +6048,10 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicPropertyAccess(
 
   // Stores don't return a value, so we don't need a variable for the result.
   MaglevSubGraphBuilder sub_graph(this, is_any_store ? 0 : 1);
-  base::Optional<MaglevSubGraphBuilder::Variable> ret_val;
-  base::Optional<MaglevSubGraphBuilder::Label> done;
-  base::Optional<MaglevSubGraphBuilder::Label> is_number;
-  base::Optional<MaglevSubGraphBuilder::Label> generic_access;
+  std::optional<MaglevSubGraphBuilder::Variable> ret_val;
+  std::optional<MaglevSubGraphBuilder::Label> done;
+  std::optional<MaglevSubGraphBuilder::Label> is_number;
+  std::optional<MaglevSubGraphBuilder::Label> generic_access;
 
   if (number_map_index >= 0) {
     is_number.emplace(&sub_graph, 2);
@@ -5614,7 +6073,7 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicPropertyAccess(
 
   for (int i = 0; i < access_info_count; i++) {
     compiler::PropertyAccessInfo const& access_info = access_infos[i];
-    base::Optional<MaglevSubGraphBuilder::Label> check_next_map;
+    std::optional<MaglevSubGraphBuilder::Label> check_next_map;
     ReduceResult map_check_result;
     const auto& maps = access_info.lookup_start_object_maps();
     if (i == access_info_count - 1) {
@@ -5638,8 +6097,8 @@ ReduceResult MaglevGraphBuilder::TryBuildPolymorphicPropertyAccess(
 
     ReduceResult result;
     if (is_any_store) {
-      result = TryBuildPropertyStore(receiver, feedback.name(), access_info,
-                                     access_mode);
+      result = TryBuildPropertyStore(receiver, lookup_start_object,
+                                     feedback.name(), access_info, access_mode);
     } else {
       result = TryBuildPropertyLoad(receiver, lookup_start_object,
                                     feedback.name(), access_info);
@@ -5726,8 +6185,8 @@ void MaglevGraphBuilder::RecordKnownProperty(
       loaded_properties.try_emplace(key, zone()).first->second;
 
   if (!is_const && IsAnyStore(access_mode)) {
-    if (WithinAnEffectRecordingPeelingIteration()) {
-      GetCurrentPeeledLoopEffects().keys_cleared.insert(key);
+    if (is_loop_effect_tracking()) {
+      loop_effects_->keys_cleared.insert(key);
     }
     // We don't do any aliasing analysis, so stores clobber all other cached
     // loads of a property with that key. We only need to do this for
@@ -5747,6 +6206,9 @@ void MaglevGraphBuilder::RecordKnownProperty(
         case KnownNodeAspects::LoadedPropertyMapKey::kTypedArrayLength:
           std::cout << "TypedArray length";
           break;
+        case KnownNodeAspects::LoadedPropertyMapKey::kStringLength:
+          std::cout << "String length";
+          break;
       }
       std::cout << std::endl;
     }
@@ -5768,19 +6230,21 @@ void MaglevGraphBuilder::RecordKnownProperty(
       case KnownNodeAspects::LoadedPropertyMapKey::kTypedArrayLength:
         std::cout << "TypedArray length";
         break;
+      case KnownNodeAspects::LoadedPropertyMapKey::kStringLength:
+        std::cout << "String length";
+        break;
     }
     std::cout << "] = " << PrintNodeLabel(graph_labeller(), value) << ": "
               << PrintNode(graph_labeller(), value) << std::endl;
   }
 
-  if (IsAnyStore(access_mode) && !is_const &&
-      WithinAnEffectRecordingPeelingIteration()) {
+  if (IsAnyStore(access_mode) && !is_const && is_loop_effect_tracking()) {
     auto updated = props_for_key.emplace(lookup_start_object, value);
     if (updated.second) {
-      GetCurrentPeeledLoopEffects().objects_written.insert(lookup_start_object);
+      loop_effects_->objects_written.insert(lookup_start_object);
     } else if (updated.first->second != value) {
       updated.first->second = value;
-      GetCurrentPeeledLoopEffects().objects_written.insert(lookup_start_object);
+      loop_effects_->objects_written.insert(lookup_start_object);
     }
   } else {
     props_for_key[lookup_start_object] = value;
@@ -5813,6 +6277,25 @@ ReduceResult MaglevGraphBuilder::TryReuseKnownPropertyLoad(
   return ReduceResult::Fail();
 }
 
+ValueNode* MaglevGraphBuilder::BuildLoadStringLength(ValueNode* string) {
+  if (ReduceResult result = TryFindLoadedProperty(
+          known_node_aspects().loaded_constant_properties, string,
+          KnownNodeAspects::LoadedPropertyMapKey::StringLength());
+      result.IsDone()) {
+    if (v8_flags.trace_maglev_graph_building && result.IsDoneWithValue()) {
+      std::cout << "  * Reusing constant [String length]"
+                << PrintNodeLabel(graph_labeller(), result.value()) << ": "
+                << PrintNode(graph_labeller(), result.value()) << std::endl;
+    }
+    return result.value();
+  }
+  ValueNode* result = AddNewNode<StringLength>({string});
+  RecordKnownProperty(string,
+                      KnownNodeAspects::LoadedPropertyMapKey::StringLength(),
+                      result, true, compiler::AccessMode::kLoad);
+  return result;
+}
+
 ReduceResult MaglevGraphBuilder::TryBuildLoadNamedProperty(
     ValueNode* receiver, ValueNode* lookup_start_object, compiler::NameRef name,
     compiler::FeedbackSource& feedback_source) {
@@ -5879,6 +6362,22 @@ ValueNode* MaglevGraphBuilder::GetConstant(compiler::ObjectRef ref) {
   return it->second;
 }
 
+ValueNode* MaglevGraphBuilder::GetTrustedConstant(compiler::HeapObjectRef ref,
+                                                  IndirectPointerTag tag) {
+#ifdef V8_ENABLE_SANDBOX
+  auto it = graph_->trusted_constants().find(ref);
+  if (it == graph_->trusted_constants().end()) {
+    TrustedConstant* node = CreateNewConstantNode<TrustedConstant>(0, ref, tag);
+    graph_->trusted_constants().emplace(ref, node);
+    return node;
+  }
+  SBXCHECK_EQ(it->second->tag(), tag);
+  return it->second;
+#else
+  return GetConstant(ref);
+#endif
+}
+
 void MaglevGraphBuilder::VisitGetNamedPropertyFromSuper() {
   // GetNamedPropertyFromSuper <receiver> <name_index> <slot>
   ValueNode* receiver = LoadRegister(0);
@@ -5901,33 +6400,50 @@ void MaglevGraphBuilder::VisitGetNamedPropertyFromSuper() {
       {context, receiver, lookup_start_object}, name, feedback_source));
 }
 
-void MaglevGraphBuilder::VisitGetKeyedProperty() {
-  // GetKeyedProperty <object> <slot>
-  ValueNode* object = LoadRegister(0);
-  // TODO(leszeks): We don't need to tag the key if it's an Int32 and a simple
-  // monomorphic element load.
-  FeedbackSlot slot = GetSlotOperand(1);
-  compiler::FeedbackSource feedback_source{feedback(), slot};
-
-  const compiler::ProcessedFeedback& processed_feedback =
-      broker()->GetFeedbackForPropertyAccess(
-          feedback_source, compiler::AccessMode::kLoad, base::nullopt);
-
+bool MaglevGraphBuilder::TryBuildGetKeyedPropertyWithEnumeratedKey(
+    ValueNode* object, const compiler::FeedbackSource& feedback_source,
+    const compiler::ProcessedFeedback& processed_feedback) {
   if (current_for_in_state.index != nullptr &&
       current_for_in_state.enum_cache_indices != nullptr &&
-      current_for_in_state.receiver == object &&
       current_for_in_state.key == current_interpreter_frame_.accumulator()) {
-    if (current_for_in_state.receiver_needs_map_check) {
+    bool speculating_receiver_map_matches = false;
+    if (current_for_in_state.receiver != object) {
+      // When the feedback is uninitialized, it is either a keyed load which
+      // always hits the enum cache, or a keyed load that had never been
+      // reached. In either case, we can check the map of the receiver and use
+      // the enum cache if the map match the {cache_type}.
+      if (processed_feedback.kind() !=
+          compiler::ProcessedFeedback::kInsufficient) {
+        return false;
+      }
+      BuildCheckHeapObject(object);
+      speculating_receiver_map_matches = true;
+    }
+
+    if (current_for_in_state.receiver_needs_map_check ||
+        speculating_receiver_map_matches) {
       auto* receiver_map = BuildLoadTaggedField(object, HeapObject::kMapOffset);
       AddNewNode<CheckDynamicValue>(
           {receiver_map, current_for_in_state.cache_type});
-      current_for_in_state.receiver_needs_map_check = false;
+      if (current_for_in_state.receiver == object) {
+        current_for_in_state.receiver_needs_map_check = false;
+      }
     }
     // TODO(leszeks): Cache the field index per iteration.
-    auto* field_index = AddNewNode<LoadFixedArrayElement>(
-        {current_for_in_state.enum_cache_indices, current_for_in_state.index});
+    auto* field_index = BuildLoadFixedArrayElement(
+        current_for_in_state.enum_cache_indices, current_for_in_state.index);
     SetAccumulator(
         AddNewNode<LoadTaggedFieldByFieldIndex>({object, field_index}));
+    return true;
+  }
+  return false;
+}
+
+void MaglevGraphBuilder::BuildGetKeyedProperty(
+    ValueNode* object, const compiler::FeedbackSource& feedback_source,
+    const compiler::ProcessedFeedback& processed_feedback) {
+  if (TryBuildGetKeyedPropertyWithEnumeratedKey(object, feedback_source,
+                                                processed_feedback)) {
     return;
   }
 
@@ -5976,9 +6492,32 @@ void MaglevGraphBuilder::VisitGetKeyedProperty() {
   SetAccumulator(build_generic_access());
 }
 
+void MaglevGraphBuilder::VisitGetKeyedProperty() {
+  // GetKeyedProperty <object> <slot>
+  ValueNode* object = LoadRegister(0);
+  // TODO(leszeks): We don't need to tag the key if it's an Int32 and a simple
+  // monomorphic element load.
+  FeedbackSlot slot = GetSlotOperand(1);
+  compiler::FeedbackSource feedback_source{feedback(), slot};
+
+  const compiler::ProcessedFeedback& processed_feedback =
+      broker()->GetFeedbackForPropertyAccess(
+          feedback_source, compiler::AccessMode::kLoad, std::nullopt);
+
+  BuildGetKeyedProperty(object, feedback_source, processed_feedback);
+}
+
 void MaglevGraphBuilder::VisitGetEnumeratedKeyedProperty() {
-  // TODO(v8:14245): Implement this bytecode in Maglev/Turbofan.
-  UNREACHABLE();
+  // GetEnumeratedKeyedProperty <object> <enum_index> <cache_type> <slot>
+  ValueNode* object = LoadRegister(0);
+  FeedbackSlot slot = GetSlotOperand(3);
+  compiler::FeedbackSource feedback_source{feedback(), slot};
+
+  const compiler::ProcessedFeedback& processed_feedback =
+      broker()->GetFeedbackForPropertyAccess(
+          feedback_source, compiler::AccessMode::kLoad, std::nullopt);
+
+  BuildGetKeyedProperty(object, feedback_source, processed_feedback);
 }
 
 void MaglevGraphBuilder::VisitLdaModuleVariable() {
@@ -6167,7 +6706,7 @@ void MaglevGraphBuilder::VisitSetKeyedProperty() {
 
   const compiler::ProcessedFeedback& processed_feedback =
       broker()->GetFeedbackForPropertyAccess(
-          feedback_source, compiler::AccessMode::kStore, base::nullopt);
+          feedback_source, compiler::AccessMode::kStore, std::nullopt);
 
   auto build_generic_access = [this, object, &feedback_source]() {
     ValueNode* key = LoadRegister(1);
@@ -6226,8 +6765,7 @@ void MaglevGraphBuilder::VisitStaInArrayLiteral() {
 
   const compiler::ProcessedFeedback& processed_feedback =
       broker()->GetFeedbackForPropertyAccess(
-          feedback_source, compiler::AccessMode::kStoreInLiteral,
-          base::nullopt);
+          feedback_source, compiler::AccessMode::kStoreInLiteral, std::nullopt);
 
   auto build_generic_access = [this, object, index, &feedback_source]() {
     ValueNode* context = GetContext();
@@ -6588,15 +7126,6 @@ ReduceResult MaglevGraphBuilder::BuildInlined(ValueNode* context,
     ValueNode* arg_value = args[i];
     if (arg_value == nullptr) arg_value = undefined_constant;
     SetArgument(i + 1, arg_value);
-    // Escape values that could be stored in an arguments object.
-    // TODO(victorgomes): This is probably only needed in sloopy mode.
-    ForceEscapeIfAllocation(arg_value);
-  }
-
-  for (int i = formal_parameter_count; i < arg_count; i++) {
-    // Escape extra arguments.
-    // TODO(victorgomes): This is probably only needed in sloopy mode.
-    ForceEscapeIfAllocation(args[i]);
   }
 
   // Save all arguments if we have a mismatch between arguments count and
@@ -6740,11 +7269,20 @@ ReduceResult MaglevGraphBuilder::TryBuildInlinedCall(
     return ReduceResult::Fail();
   }
 
-  if (v8_flags.trace_maglev_graph_building) {
+  compiler::BytecodeArrayRef bytecode = shared.GetBytecodeArray(broker());
+
+  if (v8_flags.maglev_print_inlined &&
+      (v8_flags.print_maglev_code || v8_flags.print_maglev_graph ||
+       v8_flags.print_maglev_graphs)) {
+    std::cout << "== Inlining " << Brief(*shared.object()) << std::endl;
+    BytecodeArray::Disassemble(bytecode.object(), std::cout);
+    if (v8_flags.maglev_print_feedback) {
+      i::Print(*feedback_vector->object(), std::cout);
+    }
+  } else if (v8_flags.trace_maglev_graph_building) {
     std::cout << "== Inlining " << shared.object() << std::endl;
   }
 
-  compiler::BytecodeArrayRef bytecode = shared.GetBytecodeArray(broker());
   graph()->inlined_functions().push_back(
       OptimizedCompilationInfo::InlinedFunctionHolder(
           shared.object(), bytecode.object(), current_source_position_));
@@ -6760,17 +7298,24 @@ ReduceResult MaglevGraphBuilder::TryBuildInlinedCall(
       zone(), compilation_unit_, shared, feedback_vector.value());
   MaglevGraphBuilder inner_graph_builder(
       local_isolate_, inner_unit, graph_, call_frequency,
-      BytecodeOffset(iterator_.current_offset()), inlining_id, this);
+      BytecodeOffset(iterator_.current_offset()), IsInsideLoop(), inlining_id,
+      this);
 
-  // Propagate catch block.
-  inner_graph_builder.parent_catch_ = GetCurrentTryCatchBlock();
-  if (catch_block_stack_.size() == 0) {
-    inner_graph_builder.parent_catch_deopt_frame_distance_ =
-        parent_catch_deopt_frame_distance_ + 1;
-  } else {
-    inner_graph_builder.parent_catch_deopt_frame_distance_ = 1;
+  // Merge catch block state if needed.
+  CatchBlockDetails catch_block = GetCurrentTryCatchBlock();
+  if (catch_block.ref && catch_block.state->exception_handler_was_used()) {
+    // Merge the current state into the handler state.
+    catch_block.state->MergeThrow(
+        GetCurrentCatchBlockGraphBuilder(), catch_block.unit,
+        *current_interpreter_frame_.known_node_aspects(),
+        current_interpreter_frame_.virtual_objects());
   }
 
+  // Propagate catch block.
+  inner_graph_builder.parent_catch_ = catch_block;
+  inner_graph_builder.parent_catch_deopt_frame_distance_ =
+      1 + (IsInsideTryBlock() ? 0 : parent_catch_deopt_frame_distance_);
+
   // Set the inner graph builder to build in the current block.
   inner_graph_builder.current_block_ = current_block_;
 
@@ -6962,7 +7507,7 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayForEach(
     node_info->SetPossibleMaps(receiver_maps_before_loop,
                                receiver_maps_were_unstable,
                                // Node type is monotonic, no need to reset it.
-                               NodeType::kUnknown);
+                               NodeType::kUnknown, broker());
     known_node_aspects().any_map_for_any_node_is_unstable = true;
   } else {
     DCHECK_EQ(node_info->possible_maps().size(),
@@ -7010,12 +7555,12 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayForEach(
   ValueNode* elements = BuildLoadElements(receiver);
   ValueNode* element;
   if (IsDoubleElementsKind(elements_kind)) {
-    element = AddNewNode<LoadFixedDoubleArrayElement>({elements, index_int32});
+    element = BuildLoadFixedDoubleArrayElement(elements, index_int32);
   } else {
-    element = AddNewNode<LoadFixedArrayElement>({elements, index_int32});
+    element = BuildLoadFixedArrayElement(elements, index_int32);
   }
 
-  base::Optional<MaglevSubGraphBuilder::Label> skip_call;
+  std::optional<MaglevSubGraphBuilder::Label> skip_call;
   if (IsHoleyElementsKind(elements_kind)) {
     // ```
     // if (element is hole) goto skip_call
@@ -7114,9 +7659,10 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayForEach(
     // is the same value node, then we didn't have any side effects and didn't
     // clear the cached length.
     if (current_length != original_length) {
-      AddNewNode<CheckInt32Condition>({original_length_int32, current_length},
+      RETURN_IF_ABORT(
+          TryBuildCheckInt32Condition(original_length_int32, current_length,
                                       AssertCondition::kUnsignedLessThanEqual,
-                                      DeoptimizeReason::kArrayLengthChanged);
+                                      DeoptimizeReason::kArrayLengthChanged));
     }
   }
 
@@ -7164,8 +7710,7 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayIteratorPrototypeNext(
     }
     // TODO(victorgomes): This effectively disable the optimization for `for-of`
     // loops. We need to figure it out a way to re-enable this.
-    if (bytecode_analysis().GetLoopOffsetFor(iterator_.current_offset()) !=
-        -1) {
+    if (IsInsideLoop()) {
       FAIL("we're inside a loop, iterated object map could change");
     }
     auto map = array->map();
@@ -7354,7 +7899,7 @@ ReduceResult MaglevGraphBuilder::TryReduceStringPrototypeCharCodeAt(
       compiler::StringRef str = cst->AsString();
       int idx = index->Cast<Int32Constant>()->value();
       if (idx >= 0 && idx < str.length()) {
-        if (base::Optional<uint16_t> value = str.GetChar(broker(), idx)) {
+        if (std::optional<uint16_t> value = str.GetChar(broker(), idx)) {
           return GetSmiConstant(*value);
         }
       }
@@ -7364,10 +7909,10 @@ ReduceResult MaglevGraphBuilder::TryReduceStringPrototypeCharCodeAt(
   // Ensure that {receiver} is actually a String.
   BuildCheckString(receiver);
   // And index is below length.
-  ValueNode* length = AddNewNode<StringLength>({receiver});
-  AddNewNode<CheckInt32Condition>({index, length},
-                                  AssertCondition::kUnsignedLessThan,
-                                  DeoptimizeReason::kOutOfBounds);
+  ValueNode* length = BuildLoadStringLength(receiver);
+  RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+      index, length, AssertCondition::kUnsignedLessThan,
+      DeoptimizeReason::kOutOfBounds));
   return AddNewNode<BuiltinStringPrototypeCharCodeOrCodePointAt>(
       {receiver, index},
       BuiltinStringPrototypeCharCodeOrCodePointAt::kCharCodeAt);
@@ -7390,10 +7935,10 @@ ReduceResult MaglevGraphBuilder::TryReduceStringPrototypeCodePointAt(
   // Ensure that {receiver} is actually a String.
   BuildCheckString(receiver);
   // And index is below length.
-  ValueNode* length = AddNewNode<StringLength>({receiver});
-  AddNewNode<CheckInt32Condition>({index, length},
-                                  AssertCondition::kUnsignedLessThan,
-                                  DeoptimizeReason::kOutOfBounds);
+  ValueNode* length = BuildLoadStringLength(receiver);
+  RETURN_IF_ABORT(TryBuildCheckInt32Condition(
+      index, length, AssertCondition::kUnsignedLessThan,
+      DeoptimizeReason::kOutOfBounds));
   return AddNewNode<BuiltinStringPrototypeCharCodeOrCodePointAt>(
       {receiver, index},
       BuiltinStringPrototypeCharCodeOrCodePointAt::kCodePointAt);
@@ -7438,7 +7983,7 @@ ReduceResult MaglevGraphBuilder::TryReduceStringPrototypeLocaleCompare(
     } else {
       if (!locales.IsString()) return ReduceResult::Fail();
       compiler::StringRef sref = locales.AsString();
-      base::Optional<Handle<String>> maybe_locales_handle =
+      std::optional<Handle<String>> maybe_locales_handle =
           sref.ObjectIfContentAccessible(broker());
       if (!maybe_locales_handle) return ReduceResult::Fail();
       locales_handle = *maybe_locales_handle;
@@ -7653,7 +8198,7 @@ template <typename MapKindsT, typename IndexToElementsKindFunc,
 ReduceResult MaglevGraphBuilder::BuildJSArrayBuiltinMapSwitchOnElementsKind(
     ValueNode* receiver, const MapKindsT& map_kinds,
     MaglevSubGraphBuilder& sub_graph,
-    base::Optional<MaglevSubGraphBuilder::Label>& do_return,
+    std::optional<MaglevSubGraphBuilder::Label>& do_return,
     int unique_kind_count, IndexToElementsKindFunc&& index_to_elements_kind,
     BuildKindSpecificFunc&& build_kind_specific) {
   // TODO(pthier): Support map packing.
@@ -7672,7 +8217,7 @@ ReduceResult MaglevGraphBuilder::BuildJSArrayBuiltinMapSwitchOnElementsKind(
     // been checked when the property (builtin name) was loaded.
     if (++emitted_kind_checks < unique_kind_count) {
       MaglevSubGraphBuilder::Label check_next_map(&sub_graph, 1);
-      base::Optional<MaglevSubGraphBuilder::Label> do_push;
+      std::optional<MaglevSubGraphBuilder::Label> do_push;
       if (maps.size() > 1) {
         do_push.emplace(&sub_graph, static_cast<int>(maps.size()));
         for (size_t map_index = 1; map_index < maps.size(); map_index++) {
@@ -7793,7 +8338,7 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayPrototypePush(
 
   MaglevSubGraphBuilder sub_graph(this, 0);
 
-  base::Optional<MaglevSubGraphBuilder::Label> do_return;
+  std::optional<MaglevSubGraphBuilder::Label> do_return;
   if (unique_kind_count > 1) {
     do_return.emplace(&sub_graph, unique_kind_count);
   }
@@ -7823,8 +8368,8 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayPrototypePush(
 
     // Do the store
     if (IsDoubleElementsKind(kind)) {
-      AddNewNode<StoreFixedDoubleArrayElement>(
-          {writable_elements_array, old_array_length, value});
+      BuildStoreFixedDoubleArrayElement(writable_elements_array,
+                                        old_array_length, value);
     } else {
       DCHECK(IsSmiElementsKind(kind) || IsObjectElementsKind(kind));
       BuildStoreFixedArrayElement(writable_elements_array, old_array_length,
@@ -7943,8 +8488,8 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayPrototypePop(
   MaglevSubGraphBuilder::Variable var_value(0);
   MaglevSubGraphBuilder::Variable var_new_array_length(1);
 
-  base::Optional<MaglevSubGraphBuilder::Label> do_return =
-      base::make_optional<MaglevSubGraphBuilder::Label>(
+  std::optional<MaglevSubGraphBuilder::Label> do_return =
+      std::make_optional<MaglevSubGraphBuilder::Label>(
           &sub_graph, unique_kind_count + 1,
           std::initializer_list<MaglevSubGraphBuilder::Variable*>{
               &var_value, &var_new_array_length});
@@ -7980,20 +8525,17 @@ ReduceResult MaglevGraphBuilder::TryReduceArrayPrototypePop(
     // Load the value and store the hole in it's place.
     ValueNode* value;
     if (IsDoubleElementsKind(kind)) {
-      value = AddNewNode<LoadFixedDoubleArrayElement>(
-          {writable_elements_array, new_array_length});
-      AddNewNode<StoreFixedDoubleArrayElement>(
-          {writable_elements_array, new_array_length,
-           GetFloat64Constant(Float64::FromBits(kHoleNanInt64))});
+      value = BuildLoadFixedDoubleArrayElement(writable_elements_array,
+                                               new_array_length);
+      BuildStoreFixedDoubleArrayElement(
+          writable_elements_array, new_array_length,
+          GetFloat64Constant(Float64::FromBits(kHoleNanInt64)));
     } else {
       DCHECK(IsSmiElementsKind(kind) || IsObjectElementsKind(kind));
-      value = AddNewNode<LoadFixedArrayElement>(
-          {writable_elements_array, new_array_length});
-      DCHECK(CanElideWriteBarrier(writable_elements_array,
-                                  GetRootConstant(RootIndex::kTheHoleValue)));
-      AddNewNode<StoreFixedArrayElementNoWriteBarrier>(
-          {writable_elements_array, new_array_length,
-           GetRootConstant(RootIndex::kTheHoleValue)});
+      value =
+          BuildLoadFixedArrayElement(writable_elements_array, new_array_length);
+      BuildStoreFixedArrayElement(writable_elements_array, new_array_length,
+                                  GetRootConstant(RootIndex::kTheHoleValue));
     }
 
     if (IsHoleyElementsKind(kind)) {
@@ -8772,6 +9314,30 @@ ReduceResult MaglevGraphBuilder::BuildCheckValue(ValueNode* node,
   return ReduceResult::Done();
 }
 
+ValueNode* MaglevGraphBuilder::BuildConvertHoleToUndefined(ValueNode* node) {
+  if (!node->is_tagged()) return node;
+  compiler::OptionalHeapObjectRef maybe_constant = TryGetConstant(node);
+  if (maybe_constant) {
+    return maybe_constant.value().IsTheHole()
+               ? GetRootConstant(RootIndex::kUndefinedValue)
+               : node;
+  }
+  return AddNewNode<ConvertHoleToUndefined>({node});
+}
+
+ReduceResult MaglevGraphBuilder::BuildCheckNotHole(ValueNode* node) {
+  if (!node->is_tagged()) return ReduceResult::Done();
+  compiler::OptionalHeapObjectRef maybe_constant = TryGetConstant(node);
+  if (maybe_constant) {
+    if (maybe_constant.value().IsTheHole()) {
+      return EmitUnconditionalDeopt(DeoptimizeReason::kHole);
+    }
+    return ReduceResult::Done();
+  }
+  AddNewNode<CheckNotHole>({node});
+  return ReduceResult::Done();
+}
+
 void MaglevGraphBuilder::BuildCheckConstTrackingLetCell(ValueNode* context,
                                                         ValueNode* value,
                                                         int index) {
@@ -9067,13 +9633,16 @@ bool IsSloppyMappedArgumentsObject(compiler::JSHeapBroker* broker,
 
 std::optional<VirtualObject*>
 MaglevGraphBuilder::TryGetNonEscapingArgumentsObject(ValueNode* value) {
+  if (!value->Is<InlinedAllocation>()) return {};
+  InlinedAllocation* alloc = value->Cast<InlinedAllocation>();
   // Although the arguments object has not been changed so far, since it is not
   // escaping, it could be modified after this bytecode if it is inside a loop.
-  if (bytecode_analysis().GetLoopOffsetFor(iterator_.current_offset()) != -1) {
-    return {};
+  if (IsInsideLoop()) {
+    if (!is_loop_effect_tracking() ||
+        !loop_effects_->allocations.contains(alloc)) {
+      return {};
+    }
   }
-  if (!value->Is<InlinedAllocation>()) return {};
-  InlinedAllocation* alloc = value->Cast<InlinedAllocation>();
   // TODO(victorgomes): We can probably loosen the IsNotEscaping requirement if
   // we keep track of the arguments object changes so far.
   if (alloc->IsEscaping()) return {};
@@ -10562,7 +11131,7 @@ void MaglevGraphBuilder::VisitCreateEmptyArrayLiteral() {
   ClearCurrentAllocationBlock();
 }
 
-base::Optional<VirtualObject*>
+std::optional<VirtualObject*>
 MaglevGraphBuilder::TryReadBoilerplateForFastLiteral(
     compiler::JSObjectRef boilerplate, AllocationType allocation, int max_depth,
     int* max_properties) {
@@ -10679,7 +11248,7 @@ MaglevGraphBuilder::TryReadBoilerplateForFastLiteral(
 
     if (boilerplate_value.IsJSObject()) {
       compiler::JSObjectRef boilerplate_object = boilerplate_value.AsJSObject();
-      base::Optional<VirtualObject*> maybe_object_value =
+      std::optional<VirtualObject*> maybe_object_value =
           TryReadBoilerplateForFastLiteral(boilerplate_object, allocation,
                                            max_depth - 1, max_properties);
       if (!maybe_object_value.has_value()) return {};
@@ -10745,7 +11314,7 @@ MaglevGraphBuilder::TryReadBoilerplateForFastLiteral(
             boilerplate_elements_as_fixed_array.TryGet(broker(), i);
         if (!element_value.has_value()) return {};
         if (element_value->IsJSObject()) {
-          base::Optional<VirtualObject*> object =
+          std::optional<VirtualObject*> object =
               TryReadBoilerplateForFastLiteral(element_value->AsJSObject(),
                                                allocation, max_depth - 1,
                                                max_properties);
@@ -10890,7 +11459,7 @@ VirtualObject* MaglevGraphBuilder::CreateFixedArray(compiler::MapRef map,
 
 VirtualObject* MaglevGraphBuilder::CreateContext(
     compiler::MapRef map, int length, compiler::ScopeInfoRef scope_info,
-    ValueNode* previous_context, base::Optional<ValueNode*> extension) {
+    ValueNode* previous_context, std::optional<ValueNode*> extension) {
   int slot_count = FixedArray::SizeFor(length) / kTaggedSize;
   VirtualObject* context = CreateVirtualObject(map, slot_count);
   context->set(Context::kLengthOffset, GetInt32Constant(length));
@@ -10913,7 +11482,7 @@ VirtualObject* MaglevGraphBuilder::CreateContext(
 
 VirtualObject* MaglevGraphBuilder::CreateArgumentsObject(
     compiler::MapRef map, ValueNode* length, ValueNode* elements,
-    base::Optional<ValueNode*> callee) {
+    std::optional<ValueNode*> callee) {
   DCHECK_EQ(JSSloppyArgumentsObject::kLengthOffset, JSArray::kLengthOffset);
   DCHECK_EQ(JSStrictArgumentsObject::kLengthOffset, JSArray::kLengthOffset);
   int slot_count = map.instance_size() / kTaggedSize;
@@ -10952,7 +11521,9 @@ VirtualObject* MaglevGraphBuilder::CreateRegExpLiteralObject(
               GetRootConstant(RootIndex::kEmptyFixedArray));
   regexp->set(JSRegExp::kElementsOffset,
               GetRootConstant(RootIndex::kEmptyFixedArray));
-  regexp->set(JSRegExp::kDataOffset, GetConstant(literal.data(broker())));
+  regexp->set(JSRegExp::kDataOffset,
+              GetTrustedConstant(literal.data(broker()),
+                                 kRegExpDataIndirectPointerTag));
   regexp->set(JSRegExp::kSourceOffset, GetConstant(literal.source(broker())));
   regexp->set(JSRegExp::kFlagsOffset, GetInt32Constant(literal.flags()));
   regexp->set(JSRegExp::kLastIndexOffset,
@@ -11025,7 +11596,8 @@ InlinedAllocation* MaglevGraphBuilder::ExtendOrReallocateCurrentAllocationBlock(
   DCHECK_LT(vobject->size(), kMaxRegularHeapObjectSize);
   if (!current_allocation_block_ ||
       current_allocation_block_->allocation_type() != allocation_type ||
-      !v8_flags.inline_new) {
+      !v8_flags.inline_new ||
+      compilation_unit()->info()->for_turboshaft_frontend()) {
     current_allocation_block_ =
         AddNewNode<AllocationBlock>({}, allocation_type);
   }
@@ -11039,7 +11611,7 @@ InlinedAllocation* MaglevGraphBuilder::ExtendOrReallocateCurrentAllocationBlock(
   DCHECK_GE(current_size, 0);
   InlinedAllocation* allocation =
       AddNewNode<InlinedAllocation>({current_allocation_block_}, vobject);
-  graph()->allocations().emplace(allocation, zone());
+  graph()->allocations_escape_map().emplace(allocation, zone());
   current_allocation_block_->Add(allocation);
   vobject->set_allocation(allocation);
   return allocation;
@@ -11052,10 +11624,6 @@ void MaglevGraphBuilder::ClearCurrentAllocationBlock() {
 void MaglevGraphBuilder::AddNonEscapingUses(InlinedAllocation* allocation,
                                             int use_count) {
   if (!v8_flags.maglev_escape_analysis) return;
-  // TODO(victorgomes): Support materializing objects in catch blocks.
-  // If we are inside a try-catch block, always escape the objects, ie, do not
-  // add non escaping use.
-  if (catch_block_stack_.size() > 0) return;
   allocation->AddNonEscapingUses(use_count);
 }
 
@@ -11145,8 +11713,10 @@ ValueNode* MaglevGraphBuilder::BuildInlinedAllocation(
   BuildStoreMap(allocation, vobject->map(),
                 StoreMap::initializing_kind(allocation_type));
   for (uint32_t i = 0; i < vobject->slot_count(); i++) {
-    BuildInitializeStoreTaggedField(allocation, values[i],
-                                    (i + 1) * kTaggedSize);
+    BuildInitializeStore(allocation, values[i], (i + 1) * kTaggedSize);
+  }
+  if (is_loop_effect_tracking()) {
+    loop_effects_->allocations.insert(allocation);
   }
   return allocation;
 }
@@ -11333,7 +11903,7 @@ ReduceResult MaglevGraphBuilder::TryBuildFastCreateObjectOrArrayLiteral(
   // First try to extract out the shape and values of the boilerplate, bailing
   // out on complex boilerplates.
   int max_properties = compiler::kMaxFastLiteralProperties;
-  base::Optional<VirtualObject*> maybe_value = TryReadBoilerplateForFastLiteral(
+  std::optional<VirtualObject*> maybe_value = TryReadBoilerplateForFastLiteral(
       *site.boilerplate(broker()), allocation_type,
       compiler::kMaxFastLiteralDepth, &max_properties);
   if (!maybe_value.has_value()) return ReduceResult::Fail();
@@ -11629,6 +12199,14 @@ void MaglevGraphBuilder::BuildLoopForPeeling() {
   int loop_header = iterator_.current_offset();
   DCHECK(loop_headers_to_peel_.Contains(loop_header));
 
+  // Since peeled loops do not start with a loop merge state, we need to
+  // explicitly enter e loop effect tracking scope for the peeled iteration.
+  bool track_peeled_effects =
+      v8_flags.maglev_optimistic_peeled_loops && peeled_iteration_count_ == 2;
+  if (track_peeled_effects) {
+    BeginLoopEffects(loop_header);
+  }
+
   while (iterator_.current_bytecode() != interpreter::Bytecode::kJumpLoop) {
     local_isolate_->heap()->Safepoint();
     VisitSingleBytecode();
@@ -11643,6 +12221,9 @@ void MaglevGraphBuilder::BuildLoopForPeeling() {
     decremented_predecessor_offsets_.clear();
     KillPeeledLoopTargets(peeled_iteration_count_);
     peeled_iteration_count_ = 0;
+    if (track_peeled_effects) {
+      EndLoopEffects(loop_header);
+    }
     return;
   }
 
@@ -11708,8 +12289,11 @@ void MaglevGraphBuilder::BuildLoopForPeeling() {
                  v8_flags.maglev_optimistic_peeled_loops);
   merge_states_[loop_header]->InitializeLoop(
       this, *compilation_unit_, current_interpreter_frame_, block,
-      in_peeled_iteration(), &peeled_loop_effects_);
+      in_peeled_iteration(), loop_effects_);
 
+  if (track_peeled_effects) {
+    EndLoopEffects(loop_header);
+  }
   DCHECK_NE(iterator_.current_offset(), loop_header);
   iterator_.SetOffset(loop_header);
 }
@@ -11733,6 +12317,29 @@ void MaglevGraphBuilder::OsrAnalyzePrequel() {
   }
 }
 
+void MaglevGraphBuilder::BeginLoopEffects(int loop_header) {
+  loop_effects_stack_.push_back(zone()->New<LoopEffects>(loop_header, zone()));
+  loop_effects_ = loop_effects_stack_.back();
+}
+
+void MaglevGraphBuilder::EndLoopEffects(int loop_header) {
+  DCHECK_EQ(loop_effects_, loop_effects_stack_.back());
+  DCHECK_EQ(loop_effects_->loop_header, loop_header);
+  // TODO(olivf): Update merge states dominated by the loop header with
+  // information we know to be unaffected by the loop.
+  if (merge_states_[loop_header] && merge_states_[loop_header]->is_loop()) {
+    merge_states_[loop_header]->set_loop_effects(loop_effects_);
+  }
+  if (loop_effects_stack_.size() > 1) {
+    LoopEffects* inner_effects = loop_effects_;
+    loop_effects_ = *(loop_effects_stack_.end() - 2);
+    loop_effects_->Merge(inner_effects);
+  } else {
+    loop_effects_ = nullptr;
+  }
+  loop_effects_stack_.pop_back();
+}
+
 void MaglevGraphBuilder::VisitJumpLoop() {
   const uint32_t relative_jump_bytecode_offset =
       iterator_.GetUnsignedImmediateOperand(0);
@@ -11759,12 +12366,16 @@ void MaglevGraphBuilder::VisitJumpLoop() {
     return FinishBlock<JumpLoop>({}, jump_targets_[target].block_ptr());
   };
   if (is_peeled_loop && in_peeled_iteration()) {
+    ClobberAccumulator();
     if (in_optimistic_peeling_iteration()) {
       // Let's see if we can finish this loop without peeling it.
       if (!merge_states_[target]->TryMergeLoop(this, current_interpreter_frame_,
                                                FinishLoopBlock)) {
         merge_states_[target]->MergeDeadLoop(*compilation_unit());
       }
+      if (is_loop_effect_tracking_enabled()) {
+        EndLoopEffects(target);
+      }
     }
   } else {
     BasicBlock* block = FinishLoopBlock();
@@ -11772,7 +12383,9 @@ void MaglevGraphBuilder::VisitJumpLoop() {
     block->set_predecessor_id(merge_states_[target]->predecessor_count() - 1);
     if (is_peeled_loop) {
       DCHECK(!in_peeled_iteration());
-      allow_loop_peeling_ = true;
+    }
+    if (is_loop_effect_tracking_enabled()) {
+      EndLoopEffects(target);
     }
   }
 }
@@ -11870,6 +12483,9 @@ void MaglevGraphBuilder::MergeDeadLoopIntoFrameState(int target) {
   } else {
     // If there already is a frame state, merge.
     merge_states_[target]->MergeDeadLoop(*compilation_unit_);
+    if (is_loop_effect_tracking_enabled()) {
+      EndLoopEffects(target);
+    }
   }
 }
 
@@ -12220,25 +12836,41 @@ void MaglevGraphBuilder::VisitJumpIfUndefinedOrNull() {
 
 MaglevGraphBuilder::BranchResult MaglevGraphBuilder::BuildBranchIfJSReceiver(
     BranchBuilder& builder, ValueNode* value) {
+  if (!value->is_tagged() && value->properties().value_representation() !=
+                                 ValueRepresentation::kHoleyFloat64) {
+    return builder.AlwaysFalse();
+  }
   if (CheckType(value, NodeType::kJSReceiver)) {
     return builder.AlwaysTrue();
   } else if (HasDifferentType(value, NodeType::kJSReceiver)) {
     return builder.AlwaysFalse();
   }
-  // Untagged nodes will have been recognized as non-JSReceiver.
-  CHECK(value->properties().is_tagged());
   return builder.Build<BranchIfJSReceiver>({value});
 }
 
 MaglevGraphBuilder::BranchResult MaglevGraphBuilder::BuildBranchIfInt32Compare(
     BranchBuilder& builder, Operation op, ValueNode* lhs, ValueNode* rhs) {
-  // TODO(victorgomes): Optimize if constants.
+  auto lhs_const = TryGetInt32Constant(lhs);
+  if (lhs_const) {
+    auto rhs_const = TryGetInt32Constant(rhs);
+    if (rhs_const) {
+      return builder.FromBool(
+          CompareInt32(lhs_const.value(), rhs_const.value(), op));
+    }
+  }
   return builder.Build<BranchIfInt32Compare>({lhs, rhs}, op);
 }
 
 MaglevGraphBuilder::BranchResult MaglevGraphBuilder::BuildBranchIfUint32Compare(
     BranchBuilder& builder, Operation op, ValueNode* lhs, ValueNode* rhs) {
-  // TODO(victorgomes): Optimize if constants.
+  auto lhs_const = TryGetUint32Constant(lhs);
+  if (lhs_const) {
+    auto rhs_const = TryGetUint32Constant(rhs);
+    if (rhs_const) {
+      return builder.FromBool(
+          CompareUint32(lhs_const.value(), rhs_const.value(), op));
+    }
+  }
   return builder.Build<BranchIfUint32Compare>({lhs, rhs}, op);
 }
 
@@ -12388,7 +13020,7 @@ void MaglevGraphBuilder::VisitForInNext() {
       auto* receiver_map =
           BuildLoadTaggedField(receiver, HeapObject::kMapOffset);
       AddNewNode<CheckDynamicValue>({receiver_map, cache_type});
-      auto* key = AddNewNode<LoadFixedArrayElement>({cache_array, index});
+      auto* key = BuildLoadFixedArrayElement(cache_array, index);
       EnsureType(key, NodeType::kInternalizedString);
       SetAccumulator(key);
 
@@ -12576,6 +13208,8 @@ void MaglevGraphBuilder::VisitSwitchOnGeneratorState() {
   // means we can skip checking for it and switching on its state.
   if (offsets.size() == 0) return;
 
+  graph()->set_has_resumable_generator();
+
   // We create an initial block that checks if the generator is undefined.
   ValueNode* maybe_generator = LoadRegister(0);
   // Neither the true nor the false path jump over any bytecode
@@ -12598,6 +13232,7 @@ void MaglevGraphBuilder::VisitSwitchOnGeneratorState() {
                                       StoreTaggedMode::kDefault);
   ValueNode* context =
       BuildLoadTaggedField(generator, JSGeneratorObject::kContextOffset);
+  graph()->record_scope_info(context, {});
   SetContext(context);
 
   // Guarantee that we have something in the accumulator.
diff --git a/deps/v8/src/maglev/maglev-graph-builder.h b/deps/v8/src/maglev/maglev-graph-builder.h
index 0630eac649d6d6..afb5d0196f0be5 100644
--- a/deps/v8/src/maglev/maglev-graph-builder.h
+++ b/deps/v8/src/maglev/maglev-graph-builder.h
@@ -8,12 +8,12 @@
 #include <cmath>
 #include <iomanip>
 #include <map>
+#include <optional>
 #include <type_traits>
 #include <utility>
 
 #include "src/base/functional.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "src/codegen/external-reference.h"
 #include "src/codegen/source-position-table.h"
@@ -175,6 +175,7 @@ enum class ToNumberHint {
   kDisallowToNumber,
   kAssumeSmi,
   kAssumeNumber,
+  kAssumeNumberOrBoolean,
   kAssumeNumberOrOddball
 };
 
@@ -191,6 +192,7 @@ class MaglevGraphBuilder {
       LocalIsolate* local_isolate, MaglevCompilationUnit* compilation_unit,
       Graph* graph, float call_frequency = 1.0f,
       BytecodeOffset caller_bytecode_offset = BytecodeOffset::None(),
+      bool caller_is_inside_loop = false,
       int inlining_id = SourcePosition::kNotInlined,
       MaglevGraphBuilder* parent = nullptr);
 
@@ -264,7 +266,6 @@ class MaglevGraphBuilder {
       source_position_iterator_.Advance();
       UpdateSourceAndBytecodePosition(source_position_iterator_.code_offset());
     }
-
     for (iterator_.SetOffset(entrypoint_); !iterator_.done();
          iterator_.Advance()) {
       local_isolate_->heap()->Safepoint();
@@ -307,8 +308,6 @@ class MaglevGraphBuilder {
   }
 
   Int32Constant* GetInt32Constant(int32_t constant) {
-    // The constant must fit in a Smi, since it could be later tagged in a Phi.
-    DCHECK(Smi::IsValid(constant));
     auto it = graph_->int32().find(constant);
     if (it == graph_->int32().end()) {
       Int32Constant* node = CreateNewConstantNode<Int32Constant>(0, constant);
@@ -319,8 +318,6 @@ class MaglevGraphBuilder {
   }
 
   Uint32Constant* GetUint32Constant(int constant) {
-    // The constant must fit in a Smi, since it could be later tagged in a Phi.
-    DCHECK(Smi::IsValid(constant));
     auto it = graph_->uint32().find(constant);
     if (it == graph_->uint32().end()) {
       Uint32Constant* node = CreateNewConstantNode<Uint32Constant>(0, constant);
@@ -346,6 +343,8 @@ class MaglevGraphBuilder {
     return it->second;
   }
 
+  ValueNode* GetNumberConstant(double constant);
+
   static compiler::OptionalHeapObjectRef TryGetConstant(
       compiler::JSHeapBroker* broker, LocalIsolate* isolate, ValueNode* node);
 
@@ -372,7 +371,8 @@ class MaglevGraphBuilder {
   DeoptFrame GetLatestCheckpointedFrame();
 
   bool need_checkpointed_loop_entry() {
-    return v8_flags.maglev_speculative_hoist_phi_untagging;
+    return v8_flags.maglev_speculative_hoist_phi_untagging ||
+           v8_flags.maglev_licm;
   }
 
   void RecordUseReprHint(Phi* phi, UseRepresentationSet reprs) {
@@ -736,6 +736,9 @@ class MaglevGraphBuilder {
     if (V8_UNLIKELY(merge_state != nullptr)) {
       bool preserve_known_node_aspects = in_optimistic_peeling_iteration() &&
                                          loop_headers_to_peel_.Contains(offset);
+      if (merge_state->is_resumable_loop()) {
+        current_for_in_state.enum_cache_indices = nullptr;
+      }
       if (current_block_ != nullptr) {
         DCHECK(!preserve_known_node_aspects);
         // TODO(leszeks): Re-evaluate this DCHECK, we might hit it if the only
@@ -785,6 +788,9 @@ class MaglevGraphBuilder {
         ProcessMergePoint(offset, preserve_known_node_aspects);
       }
 
+      if (is_loop_effect_tracking_enabled() && merge_state->is_loop()) {
+        BeginLoopEffects(offset);
+      }
       // We pass nullptr for the `predecessor` argument of StartNewBlock because
       // this block is guaranteed to have a merge_state_, and hence to not have
       // a `predecessor_` field.
@@ -808,13 +814,11 @@ class MaglevGraphBuilder {
 
     // Handle exceptions if we have a table.
     if (bytecode().handler_table_size() > 0) {
-      if (catch_block_stack_.size() > 0) {
-        // Pop all entries where offset >= end.
-        while (catch_block_stack_.size() > 0) {
-          HandlerTableEntry& entry = catch_block_stack_.top();
-          if (offset < entry.end) break;
-          catch_block_stack_.pop();
-        }
+      // Pop all entries where offset >= end.
+      while (IsInsideTryBlock()) {
+        HandlerTableEntry& entry = catch_block_stack_.top();
+        if (offset < entry.end) break;
+        catch_block_stack_.pop();
       }
       // Push new entries from interpreter handler table where offset >= start
       // && offset < end.
@@ -870,6 +874,7 @@ class MaglevGraphBuilder {
     // VirtualObjects should never be add to the Maglev graph.
     DCHECK(!node->Is<VirtualObject>());
     current_block_->nodes().Add(node);
+    node->set_owner(current_block_);
     if (has_graph_labeller())
       graph_labeller()->RegisterNode(node, compilation_unit_,
                                      BytecodeOffset(iterator_.current_offset()),
@@ -1084,22 +1089,16 @@ class MaglevGraphBuilder {
           DCHECK(node->exception_handler_info()->ShouldLazyDeopt());
           return;
         }
-        MaglevGraphBuilder* builder = this;
-        int depth = 0;
-        if (catch_block_stack_.size() == 0) {
-          for (; depth < parent_catch_deopt_frame_distance_; depth++) {
-            builder = builder->parent();
-          }
-        }
-        new (node->exception_handler_info())
-            ExceptionHandlerInfo(catch_block.ref, depth);
+
+        new (node->exception_handler_info()) ExceptionHandlerInfo(
+            catch_block.ref, CatchBlockDeoptFrameDistance());
         DCHECK(node->exception_handler_info()->HasExceptionHandler());
         DCHECK(!node->exception_handler_info()->ShouldLazyDeopt());
 
         // Merge the current state into the handler state.
         DCHECK_NOT_NULL(catch_block.state);
         catch_block.state->MergeThrow(
-            builder, catch_block.unit,
+            GetCurrentCatchBlockGraphBuilder(), catch_block.unit,
             *current_interpreter_frame_.known_node_aspects(),
             current_interpreter_frame_.virtual_objects());
       } else {
@@ -1112,6 +1111,16 @@ class MaglevGraphBuilder {
     }
   }
 
+  // Bytecode iterator of the current graph builder is inside a try-block
+  // region.
+  bool IsInsideTryBlock() const { return catch_block_stack_.size() > 0; }
+
+  int CatchBlockDeoptFrameDistance() const {
+    if (IsInsideTryBlock()) return 0;
+    DCHECK_IMPLIES(parent_catch_deopt_frame_distance_ > 0, is_inline());
+    return parent_catch_deopt_frame_distance_;
+  }
+
   struct CatchBlockDetails {
     BasicBlockRef* ref = nullptr;
     MergePointInterpreterFrameState* state = nullptr;
@@ -1119,7 +1128,7 @@ class MaglevGraphBuilder {
   };
 
   CatchBlockDetails GetCurrentTryCatchBlock() {
-    if (catch_block_stack_.size() > 0) {
+    if (IsInsideTryBlock()) {
       // Inside a try-block.
       int offset = catch_block_stack_.top().handler;
       return {&jump_targets_[offset], merge_states_[offset], compilation_unit_};
@@ -1128,6 +1137,15 @@ class MaglevGraphBuilder {
     return parent_catch_;
   }
 
+  MaglevGraphBuilder* GetCurrentCatchBlockGraphBuilder() {
+    if (IsInsideTryBlock()) return this;
+    MaglevGraphBuilder* builder = this;
+    for (int depth = 0; depth < parent_catch_deopt_frame_distance_; depth++) {
+      builder = builder->parent();
+    }
+    return builder;
+  }
+
   bool ContextMayAlias(ValueNode* context,
                        compiler::OptionalScopeInfoRef scope_info);
   enum ContextSlotMutability { kImmutable, kMutable };
@@ -1140,6 +1158,7 @@ class MaglevGraphBuilder {
                                 ValueNode* value);
   ValueNode* TryGetParentContext(ValueNode* node);
   void MinimizeContextChainDepth(ValueNode** context, size_t* depth);
+  void EscapeContext();
   void BuildLoadContextSlot(ValueNode* context, size_t depth, int slot_index,
                             ContextSlotMutability slot_mutability);
   void BuildStoreContextSlotHelper(ValueNode* context, size_t depth,
@@ -1342,6 +1361,9 @@ class MaglevGraphBuilder {
 
   ValueNode* GetConstant(compiler::ObjectRef ref);
 
+  ValueNode* GetTrustedConstant(compiler::HeapObjectRef ref,
+                                IndirectPointerTag tag);
+
   ValueNode* GetRegisterInput(Register reg) {
     DCHECK(!graph_->register_inputs().has(reg));
     graph_->register_inputs().set(reg);
@@ -1420,6 +1442,9 @@ class MaglevGraphBuilder {
                                       hint);
   }
 
+  std::optional<int32_t> TryGetInt32Constant(ValueNode* value);
+  std::optional<uint32_t> TryGetUint32Constant(ValueNode* value);
+
   // Get an Int32 representation node whose value is equivalent to the given
   // node.
   //
@@ -1436,6 +1461,9 @@ class MaglevGraphBuilder {
     EnsureInt32(current_interpreter_frame_.get(reg));
   }
 
+  std::optional<double> TryGetFloat64Constant(ValueNode* value,
+                                              ToNumberHint hint);
+
   // Get a Float64 representation node whose value is equivalent to the given
   // node.
   //
@@ -1538,11 +1566,6 @@ class MaglevGraphBuilder {
         iterator_.GetRegisterOperand(operand_index), hint);
   }
 
-  ValueNode* BuildLoadFixedArrayElement(ValueNode* node, int index) {
-    return AddNewNode<LoadTaggedField>({node},
-                                       FixedArray::OffsetOfElementAt(index));
-  }
-
   template <typename NodeT>
   void SetAccumulator(NodeT* node) {
     // Accumulator stores are equivalent to stores to the virtual accumulator
@@ -1550,6 +1573,13 @@ class MaglevGraphBuilder {
     StoreRegister(interpreter::Register::virtual_accumulator(), node);
   }
 
+  void ClobberAccumulator() {
+    DCHECK(interpreter::Bytecodes::ClobbersAccumulator(
+        iterator_.current_bytecode()));
+    current_interpreter_frame_.set_accumulator(
+        GetRootConstant(RootIndex::kOptimizedOut));
+  }
+
   ValueNode* GetSecondValue(ValueNode* result) {
     // GetSecondReturnedValue must be added just after a node that calls a
     // builtin that expects 2 returned values. It simply binds kReturnRegister1
@@ -1638,6 +1668,12 @@ class MaglevGraphBuilder {
 
   template <typename NodeT>
   void MarkPossibleSideEffect(NodeT* node) {
+    if constexpr (NodeT::kProperties.can_read() ||
+                  NodeT::kProperties.can_deopt() ||
+                  NodeT::kProperties.can_throw()) {
+      unobserved_context_slot_stores_.clear();
+    }
+
     // Don't do anything for nodes without side effects.
     if constexpr (!NodeT::kProperties.can_write()) return;
 
@@ -1651,8 +1687,8 @@ class MaglevGraphBuilder {
 
     if constexpr (IsElementsArrayWrite(Node::opcode_of<NodeT>)) {
       node->ClearElementsProperties(known_node_aspects());
-      if (WithinAnEffectRecordingPeelingIteration()) {
-        GetCurrentPeeledLoopEffects().keys_cleared.insert(
+      if (is_loop_effect_tracking()) {
+        loop_effects_->keys_cleared.insert(
             KnownNodeAspects::LoadedPropertyMapKey::Elements());
       }
     } else if constexpr (!IsSimpleFieldStore(Node::opcode_of<NodeT>) &&
@@ -1662,8 +1698,8 @@ class MaglevGraphBuilder {
       // loaded properties and context slots, and we invalidate these already as
       // part of emitting the store.
       node->ClearUnstableNodeAspects(known_node_aspects());
-      if (WithinAnEffectRecordingPeelingIteration()) {
-        GetCurrentPeeledLoopEffects().unstable_aspects_cleared = true;
+      if (is_loop_effect_tracking()) {
+        loop_effects_->unstable_aspects_cleared = true;
       }
     }
 
@@ -1720,6 +1756,8 @@ class MaglevGraphBuilder {
     if (merge_state == nullptr) {
       DCHECK_NOT_NULL(predecessor);
       current_block_->set_predecessor(predecessor);
+    } else {
+      merge_state->InitializeWithBasicBlock(current_block_);
     }
     refs_to_block.Bind(current_block_);
   }
@@ -1781,7 +1819,13 @@ class MaglevGraphBuilder {
     static_assert(!ControlNodeT::kProperties.can_lazy_deopt());
     static_assert(!ControlNodeT::kProperties.can_throw());
     static_assert(!ControlNodeT::kProperties.can_write());
+    control_node->set_owner(current_block_);
     current_block_->set_control_node(control_node);
+    // Clear unobserved context slot stores when there is any controlflow.
+    // TODO(olivf): More precision could be achieved by tracking dominating
+    // stores within known_node_aspects. For this we could use a stack of
+    // stores, which we push on split and pop on merge.
+    unobserved_context_slot_stores_.clear();
 
     BasicBlock* block = current_block_;
     current_block_ = nullptr;
@@ -1905,7 +1949,7 @@ class MaglevGraphBuilder {
   ReduceResult BuildJSArrayBuiltinMapSwitchOnElementsKind(
       ValueNode* receiver, const MapKindsT& map_kinds,
       MaglevSubGraphBuilder& sub_graph,
-      base::Optional<MaglevSubGraphBuilder::Label>& do_return,
+      std::optional<MaglevSubGraphBuilder::Label>& do_return,
       int unique_kind_count, IndexToElementsKindFunc&& index_to_elements_kind,
       BuildKindSpecificFunc&& build_kind_specific);
 
@@ -2059,20 +2103,23 @@ class MaglevGraphBuilder {
       ValueNode* object, const ZoneVector<compiler::MapRef>& transition_sources,
       compiler::MapRef transition_target);
   ReduceResult BuildCompareMaps(
-      ValueNode* heap_object, base::Optional<ValueNode*> object_map,
+      ValueNode* heap_object, std::optional<ValueNode*> object_map,
       base::Vector<const compiler::MapRef> maps,
       MaglevSubGraphBuilder* sub_graph,
-      base::Optional<MaglevSubGraphBuilder::Label>& if_not_matched);
+      std::optional<MaglevSubGraphBuilder::Label>& if_not_matched);
   ReduceResult BuildTransitionElementsKindAndCompareMaps(
       ValueNode* heap_object,
       const ZoneVector<compiler::MapRef>& transition_sources,
       compiler::MapRef transition_target, MaglevSubGraphBuilder* sub_graph,
-      base::Optional<MaglevSubGraphBuilder::Label>& if_not_matched);
+      std::optional<MaglevSubGraphBuilder::Label>& if_not_matched);
   // Emits an unconditional deopt and returns false if the node is a constant
   // that doesn't match the ref.
   ReduceResult BuildCheckValue(ValueNode* node, compiler::ObjectRef ref);
   ReduceResult BuildCheckValue(ValueNode* node, compiler::HeapObjectRef ref);
 
+  ValueNode* BuildConvertHoleToUndefined(ValueNode* node);
+  ReduceResult BuildCheckNotHole(ValueNode* node);
+
   // Checks whether we're invalidating the constness of a const tracking let
   // variable, and if yes, deopts.
   void BuildCheckConstTrackingLetCell(ValueNode* context, ValueNode* value,
@@ -2084,21 +2131,66 @@ class MaglevGraphBuilder {
   ValueNode* BuildTestUndetectable(ValueNode* value);
   void BuildToNumberOrToNumeric(Object::Conversion mode);
 
-  bool CanTrackObjectChanges(ValueNode* object, int offset);
+  enum class TrackObjectMode { kLoad, kStore };
+  bool CanTrackObjectChanges(ValueNode* object, TrackObjectMode mode);
   bool CanElideWriteBarrier(ValueNode* object, ValueNode* value);
-  void BuildInitializeStoreTaggedField(InlinedAllocation* alloc,
-                                       ValueNode* value, int offset);
+
+  void BuildInitializeStore(InlinedAllocation* alloc, ValueNode* value,
+                            int offset);
   void TryBuildStoreTaggedFieldToAllocation(ValueNode* object, ValueNode* value,
                                             int offset);
-  ValueNode* BuildLoadTaggedField(ValueNode* object, int offset);
-  void BuildStoreTaggedField(ValueNode* object, ValueNode* value, int offset,
-                             StoreTaggedMode store_mode);
+  template <typename Instruction = LoadTaggedField, typename... Args>
+  ValueNode* BuildLoadTaggedField(ValueNode* object, Args&&... args) {
+    auto offset = std::get<0>(std::make_tuple(args...));
+    if (offset != HeapObject::kMapOffset &&
+        CanTrackObjectChanges(object, TrackObjectMode::kLoad)) {
+      VirtualObject* vobject =
+          GetObjectFromAllocation(object->Cast<InlinedAllocation>());
+      ValueNode* value;
+      CHECK_NE(vobject->type(), VirtualObject::kHeapNumber);
+      if (vobject->type() == VirtualObject::kDefault) {
+        value = vobject->get(offset);
+      } else {
+        DCHECK_EQ(vobject->type(), VirtualObject::kFixedDoubleArray);
+        // The only offset we're allowed to read from the a FixedDoubleArray as
+        // tagged field is the length.
+        CHECK_EQ(offset, FixedDoubleArray::kLengthOffset);
+        value = GetInt32Constant(vobject->double_elements_length());
+      }
+      if (v8_flags.trace_maglev_object_tracking) {
+        std::cout << "  * Reusing value in virtual object "
+                  << PrintNodeLabel(graph_labeller(), vobject) << "[" << offset
+                  << "]: " << PrintNode(graph_labeller(), value) << std::endl;
+      }
+      return value;
+    }
+    return AddNewNode<Instruction>({object}, std::forward<Args>(args)...);
+  }
+
+  Node* BuildStoreTaggedField(ValueNode* object, ValueNode* value, int offset,
+                              StoreTaggedMode store_mode);
   void BuildStoreTaggedFieldNoWriteBarrier(ValueNode* object, ValueNode* value,
                                            int offset,
                                            StoreTaggedMode store_mode);
+  void BuildStoreTrustedPointerField(ValueNode* object, ValueNode* value,
+                                     int offset, IndirectPointerTag tag,
+                                     StoreTaggedMode store_mode);
+
+  ValueNode* BuildLoadFixedArrayElement(ValueNode* elements, int index);
+  ValueNode* BuildLoadFixedArrayElement(ValueNode* elements, ValueNode* index);
   void BuildStoreFixedArrayElement(ValueNode* elements, ValueNode* index,
                                    ValueNode* value);
 
+  ValueNode* BuildLoadFixedDoubleArrayElement(ValueNode* elements, int index);
+  ValueNode* BuildLoadFixedDoubleArrayElement(ValueNode* elements,
+                                              ValueNode* index);
+  void BuildStoreFixedDoubleArrayElement(ValueNode* elements, ValueNode* index,
+                                         ValueNode* value);
+
+  ValueNode* BuildLoadHoleyFixedDoubleArrayElement(ValueNode* elements,
+                                                   ValueNode* index,
+                                                   bool convert_hole);
+
   ValueNode* GetInt32ElementIndex(interpreter::Register reg) {
     ValueNode* index_object = current_interpreter_frame_.get(reg);
     return GetInt32ElementIndex(index_object);
@@ -2122,13 +2214,14 @@ class MaglevGraphBuilder {
   compiler::OptionalObjectRef TryFoldLoadConstantDataField(
       compiler::JSObjectRef holder,
       compiler::PropertyAccessInfo const& access_info);
-  base::Optional<Float64> TryFoldLoadConstantDoubleField(
+  std::optional<Float64> TryFoldLoadConstantDoubleField(
       compiler::JSObjectRef holder,
       compiler::PropertyAccessInfo const& access_info);
 
   // Returns the loaded value node but doesn't update the accumulator yet.
   ValueNode* BuildLoadField(compiler::PropertyAccessInfo const& access_info,
-                            ValueNode* lookup_start_object);
+                            ValueNode* lookup_start_object,
+                            compiler::NameRef name);
   ReduceResult TryBuildStoreField(
       compiler::PropertyAccessInfo const& access_info, ValueNode* receiver,
       compiler::AccessMode access_mode);
@@ -2137,19 +2230,29 @@ class MaglevGraphBuilder {
       ValueNode* lookup_start_object);
   ReduceResult TryBuildPropertySetterCall(
       compiler::PropertyAccessInfo const& access_info, ValueNode* receiver,
-      ValueNode* value);
+      ValueNode* lookup_start_object, ValueNode* value);
+  bool TryBuildGetKeyedPropertyWithEnumeratedKey(
+      ValueNode* object, const compiler::FeedbackSource& feedback_source,
+      const compiler::ProcessedFeedback& processed_feedback);
+  void BuildGetKeyedProperty(
+      ValueNode* object, const compiler::FeedbackSource& feedback_source,
+      const compiler::ProcessedFeedback& processed_feedback);
 
   ValueNode* BuildLoadFixedArrayLength(ValueNode* fixed_array);
   ValueNode* BuildLoadJSArrayLength(ValueNode* js_array,
                                     NodeType length_type = NodeType::kSmi);
   ValueNode* BuildLoadElements(ValueNode* object);
 
+  ReduceResult TryBuildCheckInt32Condition(ValueNode* lhs, ValueNode* rhs,
+                                           AssertCondition condition,
+                                           DeoptimizeReason reason);
+
   ReduceResult TryBuildPropertyLoad(
       ValueNode* receiver, ValueNode* lookup_start_object,
       compiler::NameRef name, compiler::PropertyAccessInfo const& access_info);
   ReduceResult TryBuildPropertyStore(
-      ValueNode* receiver, compiler::NameRef name,
-      compiler::PropertyAccessInfo const& access_info,
+      ValueNode* receiver, ValueNode* lookup_start_object,
+      compiler::NameRef name, compiler::PropertyAccessInfo const& access_info,
       compiler::AccessMode access_mode);
   ReduceResult TryBuildPropertyAccess(
       ValueNode* receiver, ValueNode* lookup_start_object,
@@ -2227,6 +2330,7 @@ class MaglevGraphBuilder {
                            compiler::AccessMode access_mode);
   ReduceResult TryReuseKnownPropertyLoad(ValueNode* lookup_start_object,
                                          compiler::NameRef name);
+  ValueNode* BuildLoadStringLength(ValueNode* string);
 
   // Converts the input node to a representation that's valid to store into an
   // array with elements kind |kind|.
@@ -2256,6 +2360,10 @@ class MaglevGraphBuilder {
       ValueNode* object, ValueNode* callable,
       compiler::FeedbackSource feedback_source);
 
+  VirtualObject* GetObjectFromAllocation(InlinedAllocation* allocation);
+  VirtualObject* GetModifiableObjectFromAllocation(
+      InlinedAllocation* allocation);
+
   VirtualObject* DeepCopyVirtualObject(VirtualObject* vobj);
   VirtualObject* CreateVirtualObject(compiler::MapRef map,
                                      uint32_t slot_count_including_map);
@@ -2273,10 +2381,10 @@ class MaglevGraphBuilder {
   VirtualObject* CreateContext(compiler::MapRef map, int length,
                                compiler::ScopeInfoRef scope_info,
                                ValueNode* previous_context,
-                               base::Optional<ValueNode*> extension = {});
+                               std::optional<ValueNode*> extension = {});
   VirtualObject* CreateArgumentsObject(compiler::MapRef map, ValueNode* length,
                                        ValueNode* elements,
-                                       base::Optional<ValueNode*> callee = {});
+                                       std::optional<ValueNode*> callee = {});
   VirtualObject* CreateMappedArgumentsElements(compiler::MapRef map,
                                                int mapped_count,
                                                ValueNode* context,
@@ -2321,7 +2429,7 @@ class MaglevGraphBuilder {
 
   ReduceResult TryBuildFastCreateObjectOrArrayLiteral(
       const compiler::LiteralFeedback& feedback);
-  base::Optional<VirtualObject*> TryReadBoilerplateForFastLiteral(
+  std::optional<VirtualObject*> TryReadBoilerplateForFastLiteral(
       compiler::JSObjectRef boilerplate, AllocationType allocation,
       int max_depth, int* max_properties);
 
@@ -2357,9 +2465,11 @@ class MaglevGraphBuilder {
   bool TryReduceCompareEqualAgainstConstant();
 
   template <Operation kOperation>
-  ValueNode* TryFoldInt32BinaryOperation(ValueNode* left, ValueNode* right);
+  ReduceResult TryFoldInt32UnaryOperation(ValueNode* value);
+  template <Operation kOperation>
+  ReduceResult TryFoldInt32BinaryOperation(ValueNode* left, ValueNode* right);
   template <Operation kOperation>
-  ValueNode* TryFoldInt32BinaryOperation(ValueNode* left, int right);
+  ReduceResult TryFoldInt32BinaryOperation(ValueNode* left, int32_t cst_right);
 
   template <Operation kOperation>
   void BuildInt32UnaryOperationNode();
@@ -2372,6 +2482,19 @@ class MaglevGraphBuilder {
   void BuildTruncatingInt32BinaryOperationNodeForToNumber(ToNumberHint hint);
   template <Operation kOperation>
   void BuildTruncatingInt32BinarySmiOperationNodeForToNumber(ToNumberHint hint);
+
+  template <Operation kOperation>
+  ReduceResult TryFoldFloat64UnaryOperationForToNumber(ToNumberHint hint,
+                                                       ValueNode* value);
+  template <Operation kOperation>
+  ReduceResult TryFoldFloat64BinaryOperationForToNumber(ToNumberHint hint,
+                                                        ValueNode* left,
+                                                        ValueNode* right);
+  template <Operation kOperation>
+  ReduceResult TryFoldFloat64BinaryOperationForToNumber(ToNumberHint hint,
+                                                        ValueNode* left,
+                                                        double cst_right);
+
   template <Operation kOperation>
   void BuildFloat64UnaryOperationNodeForToNumber(ToNumberHint hint);
   template <Operation kOperation>
@@ -2394,6 +2517,8 @@ class MaglevGraphBuilder {
   ReduceResult TryReduceTypeOf(ValueNode* value, const Function& GetResult);
   ReduceResult TryReduceTypeOf(ValueNode* value);
 
+  void BeginLoopEffects(int loop_header);
+  void EndLoopEffects(int loop_header);
   void MergeIntoFrameState(BasicBlock* block, int target);
   void MergeDeadIntoFrameState(int target);
   void MergeDeadLoopIntoFrameState(int target);
@@ -2597,7 +2722,7 @@ class MaglevGraphBuilder {
     const int max_peelings = v8_flags.maglev_optimistic_peeled_loops ? 2 : 1;
     // We count jumps from peeled loops to outside of the loop twice.
     bool is_loop_peeling_iteration = false;
-    base::Optional<int> peeled_loop_end;
+    std::optional<int> peeled_loop_end;
     interpreter::BytecodeArrayIterator iterator(bytecode().object());
     for (iterator.SetOffset(entrypoint_); !iterator.done();
          iterator.Advance()) {
@@ -2711,6 +2836,23 @@ class MaglevGraphBuilder {
     return is_inline() && (argument_count() != parameter_count());
   }
 
+  bool IsInsideLoop() const {
+    if (caller_is_inside_loop_) return true;
+    int loop_header_offset =
+        bytecode_analysis().GetLoopOffsetFor(iterator_.current_offset());
+    if (loop_header_offset != -1) {
+      const compiler::LoopInfo& loop_info =
+          bytecode_analysis().GetLoopInfoFor(loop_header_offset);
+      if (loop_info.parent_offset() == -1) {
+        // This is the outmost loop, if we're actually inside the peel, we are
+        // not really in a loop.
+        return !in_peeled_iteration() || in_optimistic_peeling_iteration();
+      }
+      return true;
+    }
+    return false;
+  }
+
   // The fake offset used as a target for all exits of an inlined function.
   int inline_exit_offset() const {
     DCHECK(is_inline());
@@ -2738,7 +2880,7 @@ class MaglevGraphBuilder {
   bool any_peeled_loop_ = false;
   bool allow_loop_peeling_;
 
-  bool in_peeled_iteration() {
+  bool in_peeled_iteration() const {
     DCHECK_GE(peeled_iteration_count_, 0);
     return peeled_iteration_count_ > 0;
   }
@@ -2747,30 +2889,16 @@ class MaglevGraphBuilder {
   // is the optimistic iteration. At the end we try to compile the JumpLoop and
   // only proceed with the fallback iteration 0, if the loop state is
   // incompatible with the loop end state.
-  bool in_optimistic_peeling_iteration() {
+  bool in_optimistic_peeling_iteration() const {
     return v8_flags.maglev_optimistic_peeled_loops &&
            peeled_iteration_count_ == 1;
   }
-
-  // When loop SPeeling is enabled then peeling iteration 2 (counting backwards)
-  // is used to record effects.
-  bool in_effect_recording_peeling_iteration() {
-    return v8_flags.maglev_optimistic_peeled_loops &&
-           peeled_iteration_count_ > 1;
+  bool is_loop_effect_tracking_enabled() {
+    return v8_flags.maglev_escape_analysis || v8_flags.maglev_licm;
   }
-  bool WithinAnEffectRecordingPeelingIteration() {
-    if (in_effect_recording_peeling_iteration()) return true;
-    if (is_inline()) return parent_->WithinAnEffectRecordingPeelingIteration();
-    return false;
-  }
-  LoopEffects& GetCurrentPeeledLoopEffects() {
-    DCHECK(WithinAnEffectRecordingPeelingIteration());
-    if (!in_peeled_iteration()) {
-      return parent_->GetCurrentPeeledLoopEffects();
-    }
-    return peeled_loop_effects_;
-  }
-  LoopEffects peeled_loop_effects_;
+  bool is_loop_effect_tracking() { return loop_effects_; }
+  LoopEffects* loop_effects_ = nullptr;
+  ZoneDeque<LoopEffects*> loop_effects_stack_;
 
   // When processing the peeled iteration of a loop, we need to reset the
   // decremented predecessor counts inside of the loop before processing the
@@ -2783,8 +2911,8 @@ class MaglevGraphBuilder {
   // Current block information.
   bool in_prologue_ = true;
   BasicBlock* current_block_ = nullptr;
-  base::Optional<InterpretedDeoptFrame> entry_stack_check_frame_;
-  base::Optional<DeoptFrame> latest_checkpointed_frame_;
+  std::optional<InterpretedDeoptFrame> entry_stack_check_frame_;
+  std::optional<DeoptFrame> latest_checkpointed_frame_;
   SourcePosition current_source_position_;
   struct ForInState {
     ValueNode* receiver = nullptr;
@@ -2809,6 +2937,7 @@ class MaglevGraphBuilder {
 
   base::Vector<ValueNode*> inlined_arguments_;
   BytecodeOffset caller_bytecode_offset_;
+  bool caller_is_inside_loop_;
   ValueNode* inlined_new_target_ = nullptr;
 
   // Bytecode offset at which compilation should start.
@@ -2836,7 +2965,6 @@ class MaglevGraphBuilder {
   std::unordered_set<Node*> new_nodes_;
 #endif
 
- private:
   // Some helpers for CSE
 
   static size_t fast_hash_combine(size_t seed, size_t h) {
@@ -2890,6 +3018,16 @@ class MaglevGraphBuilder {
   bool CanSpeculateCall() const {
     return current_speculation_feedback_.IsValid();
   }
+
+  inline void MarkNodeDead(Node* node) {
+    for (int i = 0; i < node->input_count(); ++i) {
+      node->input(i).clear();
+    }
+    node->OverwriteWith(Opcode::kDead);
+  }
+
+  ZoneUnorderedMap<KnownNodeAspects::LoadedContextSlotsKey, Node*>
+      unobserved_context_slot_stores_;
 };
 
 }  // namespace maglev
diff --git a/deps/v8/src/maglev/maglev-graph-printer.cc b/deps/v8/src/maglev/maglev-graph-printer.cc
index 4d4df67074137d..708af92e859bf9 100644
--- a/deps/v8/src/maglev/maglev-graph-printer.cc
+++ b/deps/v8/src/maglev/maglev-graph-printer.cc
@@ -313,7 +313,8 @@ void MaglevPrintingVisitor::PreProcessGraph(Graph* graph) {
                      [](BasicBlock* block) { return block == nullptr; }));
 }
 
-void MaglevPrintingVisitor::PreProcessBasicBlock(BasicBlock* block) {
+BlockProcessResult MaglevPrintingVisitor::PreProcessBasicBlock(
+    BasicBlock* block) {
   size_t loop_position = static_cast<size_t>(-1);
   if (loop_headers_.erase(block) > 0) {
     loop_position = AddTarget(targets_, block);
@@ -370,6 +371,7 @@ void MaglevPrintingVisitor::PreProcessBasicBlock(BasicBlock* block) {
   os_ << "\n";
 
   MaglevPrintingVisitorOstream::cast(os_for_additional_info_)->set_padding(1);
+  return BlockProcessResult::kContinue;
 }
 
 namespace {
@@ -759,6 +761,9 @@ ProcessResult MaglevPrintingVisitor::Process(Phi* phi,
     case ValueRepresentation::kIntPtr:
       UNREACHABLE();
   }
+  if (phi->uses_require_31_bit_value()) {
+    os_ << "ⁱ";
+  }
   if (phi->input_count() == 0) {
     os_ << "ₑ " << (phi->owner().is_valid() ? phi->owner().ToString() : "VO");
   } else {
@@ -936,6 +941,9 @@ ProcessResult MaglevPrintingVisitor::Process(ControlNode* control_node,
           case ValueRepresentation::kIntPtr:
             UNREACHABLE();
         }
+        if (phi->uses_require_31_bit_value()) {
+          os_ << "ⁱ";
+        }
         os_ << " " << (phi->owner().is_valid() ? phi->owner().ToString() : "VO")
             << " " << phi->result().operand() << "\n";
       }
diff --git a/deps/v8/src/maglev/maglev-graph-printer.h b/deps/v8/src/maglev/maglev-graph-printer.h
index 1bcc61cd66cb79..ad8906212e9a55 100644
--- a/deps/v8/src/maglev/maglev-graph-printer.h
+++ b/deps/v8/src/maglev/maglev-graph-printer.h
@@ -38,7 +38,8 @@ class MaglevPrintingVisitor {
 
   void PreProcessGraph(Graph* graph);
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block);
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block);
+  void PostPhiProcessing() {}
   ProcessResult Process(Phi* phi, const ProcessingState& state);
   ProcessResult Process(Node* node, const ProcessingState& state);
   ProcessResult Process(ControlNode* node, const ProcessingState& state);
@@ -100,7 +101,10 @@ class MaglevPrintingVisitor {
 
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
   ProcessResult Process(Phi* phi, const ProcessingState& state) {
     return ProcessResult::kContinue;
   }
diff --git a/deps/v8/src/maglev/maglev-graph-processor.h b/deps/v8/src/maglev/maglev-graph-processor.h
index ca72ecabf46a83..0d4a9bb2198354 100644
--- a/deps/v8/src/maglev/maglev-graph-processor.h
+++ b/deps/v8/src/maglev/maglev-graph-processor.h
@@ -32,7 +32,7 @@ namespace maglev {
 //   void PostProcessGraph(Graph* graph);
 //
 //   // A function that processes each basic block before its nodes are walked.
-//   void PreProcessBasicBlock(BasicBlock* block);
+//   BlockProcessResult PreProcessBasicBlock(BasicBlock* block);
 //
 //   // Process methods for each Node type. The GraphProcessor switches over
 //   // the Node's opcode, casts it to the appropriate FooNode, and dispatches
@@ -44,13 +44,23 @@ namespace maglev {
 template <typename NodeProcessor, bool visit_identity_nodes = false>
 class GraphProcessor;
 
+enum class BlockProcessResult {
+  kContinue,  // Process exited normally.
+  kSkip,      // Skip processing this block (no MultiProcessor support).
+};
+
 enum class ProcessResult {
-  kContinue,  // Process exited normally, and the following processors will be
-              // called on the node.
-  kRemove,    // Remove the current node from the graph (and do not call the
-              // following processors).
-  kAbort,     // Stop processing now, do not process subsequent nodes/blocks.
-              // Should not be used when processing Constants.
+  kContinue,   // Process exited normally, and the following processors will be
+               // called on the node.
+  kRemove,     // Remove the current node from the graph (and do not call the
+               // following processors).
+  kHoist,      // Hoist the current instruction to the parent basic block
+               // and reset the current instruction to the beginning of the
+               // block. Parent block must be dominating.
+  kAbort,      // Stop processing now, do not process subsequent nodes/blocks.
+               // Should not be used when processing Constants.
+  kSkipBlock,  // Stop processing this block and skip the remaining nodes (no
+               // MultiProcessor support).
 };
 
 class ProcessingState {
@@ -92,11 +102,17 @@ class GraphProcessor {
       for (auto it = map.begin(); it != map.end();) {
         ProcessResult result =
             node_processor_.Process(it->second, GetCurrentState());
-        DCHECK_NE(result, ProcessResult::kAbort);
-        if (V8_UNLIKELY(result == ProcessResult::kRemove)) {
-          it = map.erase(it);
-        } else {
-          ++it;
+        switch (result) {
+          [[likely]] case ProcessResult::kContinue:
+            ++it;
+            break;
+          case ProcessResult::kRemove:
+            it = map.erase(it);
+            break;
+          case ProcessResult::kHoist:
+          case ProcessResult::kAbort:
+          case ProcessResult::kSkipBlock:
+            UNREACHABLE();
         }
       }
     };
@@ -108,11 +124,19 @@ class GraphProcessor {
     process_constants(graph->uint32());
     process_constants(graph->float64());
     process_constants(graph->external_references());
+    process_constants(graph->trusted_constants());
 
     for (block_it_ = graph->begin(); block_it_ != graph->end(); ++block_it_) {
       BasicBlock* block = *block_it_;
 
-      node_processor_.PreProcessBasicBlock(block);
+      BlockProcessResult preprocess_result =
+          node_processor_.PreProcessBasicBlock(block);
+      switch (preprocess_result) {
+        [[likely]] case BlockProcessResult::kContinue:
+          break;
+        case BlockProcessResult::kSkip:
+          continue;
+      }
 
       if (block->has_phi()) {
         auto& phis = *block->phis();
@@ -120,37 +144,71 @@ class GraphProcessor {
           Phi* phi = *it;
           ProcessResult result =
               node_processor_.Process(phi, GetCurrentState());
-          if (V8_LIKELY(result == ProcessResult::kContinue)) {
-            ++it;
-          } else if (result == ProcessResult::kRemove) {
-            it = phis.RemoveAt(it);
-          } else {
-            DCHECK_EQ(result, ProcessResult::kAbort);
-            return;
+          switch (result) {
+            [[likely]] case ProcessResult::kContinue:
+              ++it;
+              break;
+            case ProcessResult::kRemove:
+              it = phis.RemoveAt(it);
+              break;
+            case ProcessResult::kAbort:
+              return;
+            case ProcessResult::kSkipBlock:
+              goto skip_block;
+            case ProcessResult::kHoist:
+              UNREACHABLE();
           }
         }
       }
 
+      node_processor_.PostPhiProcessing();
+
       for (node_it_ = block->nodes().begin();
            node_it_ != block->nodes().end();) {
         Node* node = *node_it_;
         ProcessResult result = ProcessNodeBase(node, GetCurrentState());
-        if (V8_LIKELY(result == ProcessResult::kContinue)) {
-          ++node_it_;
-        } else if (result == ProcessResult::kRemove) {
-          node_it_ = block->nodes().RemoveAt(node_it_);
-        } else {
-          DCHECK_EQ(result, ProcessResult::kAbort);
-          return;
+        switch (result) {
+          [[likely]] case ProcessResult::kContinue:
+            ++node_it_;
+            break;
+          case ProcessResult::kRemove:
+            node_it_ = block->nodes().RemoveAt(node_it_);
+            break;
+          case ProcessResult::kHoist: {
+            DCHECK(block->predecessor_count() == 1 ||
+                   (block->predecessor_count() == 2 && block->is_loop()));
+            BasicBlock* target = block->predecessor_at(0);
+            DCHECK(target->successors().size() == 1);
+            Node* cur = *node_it_;
+            cur->set_owner(target);
+            block->nodes().RemoveAt(node_it_);
+            target->nodes().Add(cur);
+            node_it_ = block->nodes().begin();
+            break;
+          }
+          case ProcessResult::kAbort:
+            return;
+          case ProcessResult::kSkipBlock:
+            goto skip_block;
         }
       }
 
-      ProcessResult control_result =
-          ProcessNodeBase(block->control_node(), GetCurrentState());
-      DCHECK_NE(control_result, ProcessResult::kRemove);
-      if (V8_UNLIKELY(control_result == ProcessResult::kAbort)) {
-        return;
+      {
+        ProcessResult control_result =
+            ProcessNodeBase(block->control_node(), GetCurrentState());
+        switch (control_result) {
+          [[likely]] case ProcessResult::kContinue:
+          case ProcessResult::kSkipBlock:
+            break;
+          case ProcessResult::kAbort:
+            return;
+          case ProcessResult::kRemove:
+          case ProcessResult::kHoist:
+            UNREACHABLE();
+        }
       }
+    skip_block:
+      continue;
     }
 
     node_processor_.PostProcessGraph(graph);
@@ -198,10 +256,14 @@ class NodeMultiProcessor<> {
  public:
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
-  ProcessResult Process(NodeBase* node, const ProcessingState& state) {
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  V8_INLINE ProcessResult Process(NodeBase* node,
+                                  const ProcessingState& state) {
     return ProcessResult::kContinue;
   }
+  void PostPhiProcessing() {}
 };
 
 template <typename Processor, typename... Processors>
@@ -220,11 +282,19 @@ class NodeMultiProcessor<Processor, Processors...>
 
   template <typename Node>
   ProcessResult Process(Node* node, const ProcessingState& state) {
-    if (V8_UNLIKELY(processor_.Process(node, state) ==
-                    ProcessResult::kRemove)) {
-      return ProcessResult::kRemove;
+    auto res = processor_.Process(node, state);
+    switch (res) {
+      [[likely]] case ProcessResult::kContinue:
+        return Base::Process(node, state);
+      case ProcessResult::kAbort:
+      case ProcessResult::kRemove:
+        return res;
+      case ProcessResult::kHoist:
+      case ProcessResult::kSkipBlock:
+        // TODO(olivf): How to combine these with multiple processors depends on
+        // the needs of the actual processors. Implement once needed.
+        UNREACHABLE();
     }
-    return Base::Process(node, state);
   }
   void PreProcessGraph(Graph* graph) {
     processor_.PreProcessGraph(graph);
@@ -235,9 +305,20 @@ class NodeMultiProcessor<Processor, Processors...>
     Base::PostProcessGraph(graph);
     processor_.PostProcessGraph(graph);
   }
-  void PreProcessBasicBlock(BasicBlock* block) {
-    processor_.PreProcessBasicBlock(block);
-    Base::PreProcessBasicBlock(block);
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    BlockProcessResult res = processor_.PreProcessBasicBlock(block);
+    switch (res) {
+      [[likely]] case BlockProcessResult::kContinue:
+        return Base::PreProcessBasicBlock(block);
+      case BlockProcessResult::kSkip:
+        // TODO(olivf): How to combine this with multiple processors depends on
+        // the needs of the actual processors. Implement once needed.
+        UNREACHABLE();
+    }
+  }
+  void PostPhiProcessing() {
+    processor_.PostPhiProcessing();
+    Base::PostPhiProcessing();
   }
 
  private:
diff --git a/deps/v8/src/maglev/maglev-graph-verifier.h b/deps/v8/src/maglev/maglev-graph-verifier.h
index 388f32def9a72f..343b39523927bb 100644
--- a/deps/v8/src/maglev/maglev-graph-verifier.h
+++ b/deps/v8/src/maglev/maglev-graph-verifier.h
@@ -28,7 +28,10 @@ class MaglevGraphVerifier {
 
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
   template <typename NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
diff --git a/deps/v8/src/maglev/maglev-graph.h b/deps/v8/src/maglev/maglev-graph.h
index f6dbf6ceaacbc6..ae9d735c6b9fa2 100644
--- a/deps/v8/src/maglev/maglev-graph.h
+++ b/deps/v8/src/maglev/maglev-graph.h
@@ -39,9 +39,11 @@ class Graph final : public ZoneObject {
         float_(zone),
         external_references_(zone),
         parameters_(zone),
-        allocations_(zone),
+        allocations_escape_map_(zone),
+        allocations_elide_map_(zone),
         register_inputs_(),
         constants_(zone),
+        trusted_constants_(zone),
         inlined_functions_(zone),
         is_osr_(is_osr),
         scope_infos_(zone) {}
@@ -106,16 +108,31 @@ class Graph final : public ZoneObject {
     return external_references_;
   }
   ZoneVector<InitialValue*>& parameters() { return parameters_; }
+
   // Running JS2, 99.99% of the cases, we have less than 2 dependencies.
-  using AllocationDependencies = SmallZoneVector<InlinedAllocation*, 2>;
-  ZoneMap<InlinedAllocation*, AllocationDependencies>& allocations() {
-    return allocations_;
+  using SmallAllocationVector = SmallZoneVector<InlinedAllocation*, 2>;
+
+  // If the key K of the map escape, all the set allocations_escape_map[K] must
+  // also escape.
+  ZoneMap<InlinedAllocation*, SmallAllocationVector>& allocations_escape_map() {
+    return allocations_escape_map_;
+  }
+  // The K of the map can be elided if it hasn't escaped and all the set
+  // allocations_elide_map[K] can also be elided.
+  ZoneMap<InlinedAllocation*, SmallAllocationVector>& allocations_elide_map() {
+    return allocations_elide_map_;
   }
 
   RegList& register_inputs() { return register_inputs_; }
   compiler::ZoneRefMap<compiler::ObjectRef, Constant*>& constants() {
     return constants_;
   }
+
+  compiler::ZoneRefMap<compiler::HeapObjectRef, TrustedConstant*>&
+  trusted_constants() {
+    return trusted_constants_;
+  }
+
   ZoneVector<OptimizedCompilationInfo::InlinedFunctionHolder>&
   inlined_functions() {
     return inlined_functions_;
@@ -134,6 +151,9 @@ class Graph final : public ZoneObject {
 
   uint32_t NewObjectId() { return object_ids_++; }
 
+  void set_has_resumable_generator() { has_resumable_generator_ = true; }
+  bool has_resumable_generator() const { return has_resumable_generator_; }
+
   // Resolve the scope info of a context value.
   // An empty result means we don't statically know the context's scope.
   compiler::OptionalScopeInfoRef TryGetScopeInfo(
@@ -146,7 +166,7 @@ class Graph final : public ZoneObject {
     if (auto context_const = context->TryCast<Constant>()) {
       res = context_const->object().AsContext().scope_info(broker);
       DCHECK(res->HasContext());
-    } else if (auto load = context->TryCast<LoadTaggedField>()) {
+    } else if (auto load = context->TryCast<LoadTaggedFieldForContextSlot>()) {
       compiler::OptionalScopeInfoRef cur =
           TryGetScopeInfo(load->input(0).node(), broker);
       DCHECK(load->offset() ==
@@ -206,15 +226,19 @@ class Graph final : public ZoneObject {
   ZoneMap<uint64_t, Float64Constant*> float_;
   ZoneMap<Address, ExternalConstant*> external_references_;
   ZoneVector<InitialValue*> parameters_;
-  ZoneMap<InlinedAllocation*, AllocationDependencies> allocations_;
+  ZoneMap<InlinedAllocation*, SmallAllocationVector> allocations_escape_map_;
+  ZoneMap<InlinedAllocation*, SmallAllocationVector> allocations_elide_map_;
   RegList register_inputs_;
   compiler::ZoneRefMap<compiler::ObjectRef, Constant*> constants_;
+  compiler::ZoneRefMap<compiler::HeapObjectRef, TrustedConstant*>
+      trusted_constants_;
   ZoneVector<OptimizedCompilationInfo::InlinedFunctionHolder>
       inlined_functions_;
   bool has_recursive_calls_ = false;
   int total_inlined_bytecode_size_ = 0;
   bool is_osr_ = false;
   uint32_t object_ids_ = 0;
+  bool has_resumable_generator_ = false;
   ZoneUnorderedMap<ValueNode*, compiler::OptionalScopeInfoRef> scope_infos_;
 };
 
diff --git a/deps/v8/src/maglev/maglev-interpreter-frame-state.cc b/deps/v8/src/maglev/maglev-interpreter-frame-state.cc
index 46c901182f1e4f..ac7684deefde3a 100644
--- a/deps/v8/src/maglev/maglev-interpreter-frame-state.cc
+++ b/deps/v8/src/maglev/maglev-interpreter-frame-state.cc
@@ -105,6 +105,20 @@ bool NextInIgnoreList(typename ZoneSet<Key>::const_iterator& ignore,
 
 }  // namespace
 
+void KnownNodeAspects::ClearUnstableNodeAspects() {
+  if (v8_flags.trace_maglev_graph_building) {
+    std::cout << "  ! Clearing unstable node aspects" << std::endl;
+  }
+  ClearUnstableMaps();
+  // Side-effects can change object contents, so we have to clear
+  // our known loaded properties -- however, constant properties are known
+  // to not change (and we added a dependency on this), so we don't have to
+  // clear those.
+  loaded_properties.clear();
+  loaded_context_slots.clear();
+  may_have_aliasing_contexts = KnownNodeAspects::ContextSlotLoadsAlias::None;
+}
+
 KnownNodeAspects* KnownNodeAspects::CloneForLoopHeader(
     Zone* zone, bool optimistic, LoopEffects* loop_effects) const {
   KnownNodeAspects* clone = zone->New<KnownNodeAspects>(zone);
@@ -183,13 +197,15 @@ namespace {
 // Takes two ordered maps and ensures that every element in `as` is
 //  * also present in `bs` and
 //  * `Compare(a, b)` holds for each value.
-template <typename As, typename Bs, typename Function, bool kSkipEmpty = false>
-bool AspectIncludes(const As& as, const Bs& bs, const Function& Compare) {
+template <typename As, typename Bs, typename CompareFunction,
+          typename IsEmptyFunction = std::nullptr_t>
+bool AspectIncludes(const As& as, const Bs& bs, const CompareFunction& Compare,
+                    const IsEmptyFunction IsEmpty = nullptr) {
   typename As::const_iterator a = as.begin();
   typename Bs::const_iterator b = bs.begin();
   while (a != as.end()) {
-    if constexpr (kSkipEmpty) {
-      if (a->second.empty()) {
+    if constexpr (!std::is_same<IsEmptyFunction, std::nullptr_t>::value) {
+      if (IsEmpty(a->second)) {
         ++a;
         continue;
       }
@@ -214,17 +230,16 @@ bool AspectIncludes(const As& as, const Bs& bs, const Function& Compare) {
 template <typename As, typename Bs, typename Function>
 bool MaybeEmptyAspectIncludes(const As& as, const Bs& bs,
                               const Function& Compare) {
-  return AspectIncludes<As, Bs, Function, true>(as, bs, Compare);
+  return AspectIncludes<As, Bs, Function>(as, bs, Compare,
+                                          [](auto x) { return x.empty(); });
 }
 
 bool NodeInfoIncludes(const NodeInfo& before, const NodeInfo& after) {
   if (!NodeTypeIs(after.type(), before.type())) {
     return false;
   }
-  if (before.possible_maps_are_known()) {
-    if (!after.possible_maps_are_known() ||
-        (!before.possible_maps_are_unstable() &&
-         after.possible_maps_are_unstable())) {
+  if (before.possible_maps_are_known() && before.any_map_is_unstable()) {
+    if (!after.possible_maps_are_known()) {
       return false;
     }
     if (!before.possible_maps().contains(after.possible_maps())) {
@@ -234,6 +249,10 @@ bool NodeInfoIncludes(const NodeInfo& before, const NodeInfo& after) {
   return true;
 }
 
+bool NodeInfoIsEmpty(const NodeInfo& info) {
+  return info.type() == NodeType::kUnknown && !info.possible_maps_are_known();
+}
+
 bool NodeInfoTypeIs(const NodeInfo& before, const NodeInfo& after) {
   return NodeTypeIs(after.type(), before.type());
 }
@@ -249,7 +268,11 @@ bool KnownNodeAspects::IsCompatibleWithLoopHeader(
   bool had_effects = effect_epoch() != loop_header.effect_epoch();
 
   if (!had_effects) {
-    if (!AspectIncludes(loop_header.node_infos, node_infos, NodeInfoTypeIs)) {
+    if (!AspectIncludes(loop_header.node_infos, node_infos, NodeInfoTypeIs,
+                        NodeInfoIsEmpty)) {
+      if (V8_UNLIKELY(v8_flags.trace_maglev_loop_speeling)) {
+        std::cout << "KNA after effectless loop has incompatible node_infos\n";
+      }
       return false;
     }
     // In debug builds we do a full comparison to ensure that without an effect
@@ -259,7 +282,8 @@ bool KnownNodeAspects::IsCompatibleWithLoopHeader(
 #endif
   }
 
-  if (!AspectIncludes(loop_header.node_infos, node_infos, NodeInfoIncludes)) {
+  if (!AspectIncludes(loop_header.node_infos, node_infos, NodeInfoIncludes,
+                      NodeInfoIsEmpty)) {
     if (V8_UNLIKELY(v8_flags.trace_maglev_loop_speeling)) {
       std::cout << "KNA after loop has incompatible node_infos\n";
     }
@@ -332,7 +356,7 @@ MergePointInterpreterFrameState* MergePointInterpreterFrameState::NewForLoop(
           BasicBlockType::kLoopHeader, liveness);
   state->bitfield_ =
       kIsLoopWithPeeledIterationBit::update(state->bitfield_, has_been_peeled);
-  state->loop_info_ = loop_info;
+  state->loop_metadata_ = LoopMetadata{loop_info, nullptr};
   if (loop_info->resumable()) {
     state->known_node_aspects_ =
         info.zone()->New<KnownNodeAspects>(info.zone());
@@ -504,6 +528,7 @@ void MergePointInterpreterFrameState::MergeVirtualObject(
   // Currently, the graph builder will never change the VO map.
   DCHECK(unmerged->map().equals(merged->map()));
   DCHECK_EQ(merged->slot_count(), unmerged->slot_count());
+  DCHECK_EQ(merged->allocation(), unmerged->allocation());
 
   if (v8_flags.trace_maglev_graph_building) {
     std::cout << " - Merging VOS: "
@@ -518,27 +543,15 @@ void MergePointInterpreterFrameState::MergeVirtualObject(
   VirtualObject* result = builder->CreateVirtualObjectForMerge(
       unmerged->map(), unmerged->slot_count());
   for (uint32_t i = 0; i < merged->slot_count(); i++) {
-    // If a nested allocation doesn't point to the same object in both lists,
-    // then we currently give up merging them and escape the allocation.
-    if (InlinedAllocation* nested = unmerged->TryCast<InlinedAllocation>()) {
-      VirtualObject* nested_merged =
-          frame_state_.virtual_objects().FindAllocatedWith(nested);
-      if (nested_merged) {
-        VirtualObject* nested_unmerged = unmerged_vos.FindAllocatedWith(nested);
-        if (nested_merged == nested_unmerged) {
-          result->set_by_index(i, nested_merged);
-          continue;
-        }
-      }
-      // We should escape this object and abort the merge! The {result} object
-      // was created and it is in the list, but it does not point to any inlined
-      // allocation.
+    std::optional<ValueNode*> merged_value_opt = MergeVirtualObjectValue(
+        builder, unmerged_aspects, merged->get_by_index(i),
+        unmerged->get_by_index(i));
+    if (!merged_value_opt.has_value()) {
+      // Merge failed, we should escape the allocation instead.
       unmerged->allocation()->ForceEscaping();
       return;
     }
-    result->set_by_index(i, MergeVirtualObjectValue(builder, unmerged_aspects,
-                                                    merged->get_by_index(i),
-                                                    unmerged->get_by_index(i)));
+    result->set_by_index(i, merged_value_opt.value());
   }
   result->set_allocation(unmerged->allocation());
   result->Snapshot();
@@ -639,6 +652,13 @@ void MergePointInterpreterFrameState::InitializeLoop(
   predecessors_so_far_ = 1;
 }
 
+void MergePointInterpreterFrameState::InitializeWithBasicBlock(
+    BasicBlock* block) {
+  for (Phi* phi : phis_) {
+    phi->set_owner(block);
+  }
+}
+
 void MergePointInterpreterFrameState::Merge(
     MaglevGraphBuilder* builder, MaglevCompilationUnit& compilation_unit,
     InterpreterFrameState& unmerged, BasicBlock* predecessor) {
@@ -727,11 +747,40 @@ bool MergePointInterpreterFrameState::TryMergeLoop(
   DCHECK_NOT_NULL(known_node_aspects_);
   DCHECK(v8_flags.maglev_optimistic_peeled_loops);
 
+  // TODO(olivf): This could be done faster by consulting loop_effects_
   if (!loop_end_state.known_node_aspects()->IsCompatibleWithLoopHeader(
           *known_node_aspects_)) {
     if (v8_flags.trace_maglev_graph_building) {
       std::cout << "Merging failed, peeling loop instead... " << std::endl;
     }
+    ClearLoopInfo();
+    return false;
+  }
+
+  bool phis_can_merge = true;
+  frame_state_.ForEachValue(compilation_unit, [&](ValueNode* value,
+                                                  interpreter::Register reg) {
+    if (!value->Is<Phi>()) return;
+    Phi* phi = value->Cast<Phi>();
+    if (!phi->is_loop_phi()) return;
+    if (phi->merge_state() != this) return;
+    NodeType old_type = GetNodeType(builder->broker(), builder->local_isolate(),
+                                    *known_node_aspects_, phi);
+    if (old_type != NodeType::kUnknown) {
+      NodeType new_type = GetNodeType(
+          builder->broker(), builder->local_isolate(),
+          *loop_end_state.known_node_aspects(), loop_end_state.get(reg));
+      if (!NodeTypeIs(new_type, old_type)) {
+        if (v8_flags.trace_maglev_loop_speeling) {
+          std::cout << "Cannot merge " << new_type << " into " << old_type
+                    << " for r" << reg.index() << "\n";
+        }
+        phis_can_merge = false;
+      }
+    }
+  });
+  if (!phis_can_merge) {
+    ClearLoopInfo();
     return false;
   }
 
@@ -754,9 +803,23 @@ bool MergePointInterpreterFrameState::TryMergeLoop(
       });
   predecessors_so_far_++;
   DCHECK_EQ(predecessors_so_far_, predecessor_count_);
+  ClearLoopInfo();
   return true;
 }
 
+void MergePointInterpreterFrameState::set_loop_effects(
+    LoopEffects* loop_effects) {
+  DCHECK(is_loop());
+  DCHECK(loop_metadata_.has_value());
+  loop_metadata_->loop_effects = loop_effects;
+}
+
+const LoopEffects* MergePointInterpreterFrameState::loop_effects() {
+  DCHECK(is_loop());
+  DCHECK(loop_metadata_.has_value());
+  return loop_metadata_->loop_effects;
+}
+
 void MergePointInterpreterFrameState::MergeThrow(
     MaglevGraphBuilder* builder, const MaglevCompilationUnit* handler_unit,
     const KnownNodeAspects& known_node_aspects,
@@ -832,9 +895,13 @@ ValueNode* FromInt32ToTagged(const MaglevGraphBuilder* builder,
   ValueNode* tagged;
   if (value->Is<Int32Constant>()) {
     int32_t constant = value->Cast<Int32Constant>()->value();
-    return builder->GetSmiConstant(constant);
-  } else if (value->Is<StringLength>() ||
-             value->Is<BuiltinStringPrototypeCharCodeOrCodePointAt>()) {
+    if (Smi::IsValid(constant)) {
+      return builder->GetSmiConstant(constant);
+    }
+  }
+
+  if (value->Is<StringLength>() ||
+      value->Is<BuiltinStringPrototypeCharCodeOrCodePointAt>()) {
     static_assert(String::kMaxLength <= kSmiMaxValue,
                   "String length must fit into a Smi");
     tagged = Node::New<UnsafeSmiTagInt32>(builder->zone(), {value});
@@ -982,21 +1049,17 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
         // happened to be true before allowing the loop to conclude in
         // `TryMergeLoop`. Some types which are known to cause issues are
         // generalized here.
-        auto GetInitialOptimisticType = [](NodeType unmerged_type) {
-          if (unmerged_type == NodeType::kSmi) return NodeType::kNumber;
-          if (unmerged_type == NodeType::kInternalizedString)
-            return NodeType::kString;
-          return unmerged_type;
-        };
-        known_node_aspects_
-            ->GetOrCreateInfoFor(result, builder->broker(),
-                                 builder->local_isolate())
-            ->CombineType(GetInitialOptimisticType(unmerged_type));
+        NodeType initial_optimistic_type =
+            (unmerged_type == NodeType::kInternalizedString) ? NodeType::kString
+                                                             : unmerged_type;
+        result->set_type(initial_optimistic_type);
       }
     } else {
       if (optimistic_loop_phis) {
-        known_node_aspects_->TryGetInfoFor(result)->IntersectType(
-            unmerged_type);
+        if (NodeInfo* node_info = known_node_aspects_->TryGetInfoFor(result)) {
+          node_info->IntersectType(unmerged_type);
+        }
+        result->merge_type(unmerged_type);
       }
       result->merge_post_loop_type(unmerged_type);
     }
@@ -1010,6 +1073,11 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
     // Don't set inputs on exception phis.
     DCHECK_EQ(result->is_exception_phi(), is_exception_handler());
     if (is_exception_handler()) {
+      // If an inlined allocation flows to an exception phi, we should consider
+      // as an use.
+      if (unmerged->Is<InlinedAllocation>()) {
+        unmerged->add_use();
+      }
       return result;
     }
 
@@ -1028,24 +1096,6 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
     return result;
   }
 
-  if (InlinedAllocation* unmerged_allocation =
-          unmerged->TryCast<InlinedAllocation>()) {
-    if (merged == unmerged_allocation->object()) {
-      return merged;
-    }
-    if (VirtualObject* merged_vobject = merged->TryCast<VirtualObject>()) {
-      // If the objects have different allocations, we are merging distinct
-      // objects, we should fallback to a phi node.
-      if (unmerged_allocation == merged_vobject->allocation()) {
-        // The objects should have already been merged into the current
-        // virtual_objects list, we can just look for its value.
-        merged = frame_state_.virtual_objects().FindAllocatedWith(
-            unmerged_allocation);
-        return merged;
-      }
-    }
-  }
-
   if (merged == unmerged) {
     // Cache the alternative representations of the unmerged node.
     if (per_predecessor_alternatives) {
@@ -1084,6 +1134,13 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
 
   // For exception phis, just allocate exception handlers.
   if (is_exception_handler()) {
+    // ... and add an use if inputs are inlined allocation.
+    if (merged->Is<InlinedAllocation>()) {
+      merged->add_use();
+    }
+    if (unmerged->Is<InlinedAllocation>()) {
+      unmerged->add_use();
+    }
     return NewExceptionPhi(builder->zone(), owner);
   }
 
@@ -1094,13 +1151,6 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
     }
   }
 
-  // If merge is a VirtualObject, we should force the object to escape and patch
-  // back the inlined allocation, before adding it to the Phi.
-  if (VirtualObject* merged_vobject = merged->TryCast<VirtualObject>()) {
-    merged_vobject->allocation()->ForceEscaping();
-    merged = merged_vobject->allocation();
-  }
-
   NodeType merged_type =
       StaticTypeForNode(builder->broker(), builder->local_isolate(), merged);
 
@@ -1145,7 +1195,8 @@ ValueNode* MergePointInterpreterFrameState::MergeValue(
   return result;
 }
 
-ValueNode* MergePointInterpreterFrameState::MergeVirtualObjectValue(
+std::optional<ValueNode*>
+MergePointInterpreterFrameState::MergeVirtualObjectValue(
     const MaglevGraphBuilder* builder, const KnownNodeAspects& unmerged_aspects,
     ValueNode* merged, ValueNode* unmerged) {
   DCHECK_NOT_NULL(merged);
@@ -1169,6 +1220,24 @@ ValueNode* MergePointInterpreterFrameState::MergeVirtualObjectValue(
     return merged;
   }
 
+  if (InlinedAllocation* merged_nested_alloc =
+          merged->TryCast<InlinedAllocation>()) {
+    if (InlinedAllocation* unmerged_nested_alloc =
+            unmerged->TryCast<InlinedAllocation>()) {
+      // If a nested allocation doesn't point to the same object in both
+      // objects, then we currently give up merging them and escape the
+      // allocation.
+      if (merged_nested_alloc != unmerged_nested_alloc) {
+        return {};
+      }
+    }
+  }
+
+  // We don't support exception phis inside a virtual object.
+  if (is_exception_handler()) {
+    return {};
+  }
+
   result = Node::New<Phi>(builder->zone(), predecessor_count_, this,
                           interpreter::Register::invalid_value());
   if (v8_flags.trace_maglev_graph_building) {
@@ -1210,12 +1279,12 @@ void MergePointInterpreterFrameState::MergeLoopValue(
     return;
   }
   DCHECK_EQ(result->owner(), owner);
+  NodeType type = GetNodeType(builder->broker(), builder->local_isolate(),
+                              unmerged_aspects, unmerged);
   unmerged = EnsureTagged(builder, unmerged_aspects, unmerged,
                           predecessors_[predecessors_so_far_]);
   result->set_input(predecessor_count_ - 1, unmerged);
 
-  NodeType type = GetNodeType(builder->broker(), builder->local_isolate(),
-                              unmerged_aspects, unmerged);
   result->merge_post_loop_type(type);
   // We've just merged the backedge, which means that future uses of this Phi
   // will be after the loop, so we can now promote `post_loop_type` to the
@@ -1226,6 +1295,12 @@ void MergePointInterpreterFrameState::MergeLoopValue(
   if (Phi* unmerged_phi = unmerged->TryCast<Phi>()) {
     // Propagating the `uses_repr` from {result} to {unmerged_phi}.
     builder->RecordUseReprHint(unmerged_phi, result->get_uses_repr_hints());
+
+    // Soundness of the loop phi Smi type relies on the back-edge static types
+    // sminess.
+    if (result->uses_require_31_bit_value()) {
+      unmerged_phi->SetUseRequires31BitValue();
+    }
   }
 }
 
diff --git a/deps/v8/src/maglev/maglev-interpreter-frame-state.h b/deps/v8/src/maglev/maglev-interpreter-frame-state.h
index 136f3e98ab01d9..0f84499a4f6050 100644
--- a/deps/v8/src/maglev/maglev-interpreter-frame-state.h
+++ b/deps/v8/src/maglev/maglev-interpreter-frame-state.h
@@ -5,6 +5,8 @@
 #ifndef V8_MAGLEV_MAGLEV_INTERPRETER_FRAME_STATE_H_
 #define V8_MAGLEV_MAGLEV_INTERPRETER_FRAME_STATE_H_
 
+#include <optional>
+
 #include "src/base/threaded-list.h"
 #include "src/compiler/bytecode-analysis.h"
 #include "src/compiler/bytecode-liveness-map.h"
@@ -217,15 +219,17 @@ class NodeInfo {
   }
 
   void SetPossibleMaps(const PossibleMaps& possible_maps,
-                       bool any_map_is_unstable, NodeType possible_type) {
+                       bool any_map_is_unstable, NodeType possible_type,
+                       compiler::JSHeapBroker* broker) {
     possible_maps_ = possible_maps;
     possible_maps_are_known_ = true;
     any_map_is_unstable_ = any_map_is_unstable;
 #ifdef DEBUG
     if (possible_maps.size()) {
-      NodeType expected = StaticTypeForMap(*possible_maps.begin());
+      NodeType expected = StaticTypeForMap(*possible_maps.begin(), broker);
       for (auto map : possible_maps) {
-        expected = maglev::IntersectType(StaticTypeForMap(map), expected);
+        expected =
+            maglev::IntersectType(StaticTypeForMap(map, broker), expected);
       }
       // Ensure the claimed type is not narrower than what can be learned from
       // the map checks.
@@ -288,6 +292,8 @@ struct KnownNodeAspects {
                                        bool optimistic_initial_state,
                                        LoopEffects* loop_effects) const;
 
+  void ClearUnstableNodeAspects();
+
   void ClearUnstableMaps() {
     // A side effect could change existing objects' maps. For stable maps we
     // know this hasn't happened (because we added a dependency on the maps
@@ -369,18 +375,27 @@ struct KnownNodeAspects {
       // kName must be zero so that pointers are unaffected.
       kName = 0,
       kElements,
-      kTypedArrayLength
+      kTypedArrayLength,
+      // TODO(leszeks): We could probably share kStringLength with
+      // kTypedArrayLength if needed.
+      kStringLength
     };
     static constexpr int kTypeMask = 0x3;
     static_assert((kName & ~kTypeMask) == 0);
+    static_assert((kElements & ~kTypeMask) == 0);
     static_assert((kTypedArrayLength & ~kTypeMask) == 0);
+    static_assert((kStringLength & ~kTypeMask) == 0);
+
+    static LoadedPropertyMapKey Elements() {
+      return LoadedPropertyMapKey(kElements);
+    }
 
     static LoadedPropertyMapKey TypedArrayLength() {
       return LoadedPropertyMapKey(kTypedArrayLength);
     }
 
-    static LoadedPropertyMapKey Elements() {
-      return LoadedPropertyMapKey(kElements);
+    static LoadedPropertyMapKey StringLength() {
+      return LoadedPropertyMapKey(kStringLength);
     }
 
     // Allow implicit conversion from NameRef to key, so that callers in the
@@ -726,6 +741,7 @@ class CompactInterpreterFrameState {
 
 class MergePointRegisterState {
 #ifdef V8_ENABLE_MAGLEV
+
  public:
   bool is_initialized() const { return values_[0].GetPayload().is_initialized; }
 
@@ -791,6 +807,7 @@ class MergePointInterpreterFrameState {
                       InterpreterFrameState& unmerged, BasicBlock* predecessor,
                       bool optimistic_initial_state = false,
                       LoopEffects* loop_effects = nullptr);
+  void InitializeWithBasicBlock(BasicBlock* current_block);
 
   // Merges an unmerged framestate with a possibly merged framestate into |this|
   // framestate.
@@ -801,6 +818,8 @@ class MergePointInterpreterFrameState {
                  MaglevCompilationUnit& compilation_unit,
                  InterpreterFrameState& loop_end_state,
                  BasicBlock* loop_end_block);
+  void set_loop_effects(LoopEffects* loop_effects);
+  const LoopEffects* loop_effects();
   // Merges a frame-state that might not be mergable, in which case we need to
   // re-compile the loop again. Calls FinishBlock only if the merge succeeded.
   bool TryMergeLoop(MaglevGraphBuilder* graph_builder,
@@ -931,11 +950,14 @@ class MergePointInterpreterFrameState {
   DeoptFrame* backedge_deopt_frame() const { return backedge_deopt_frame_; }
 
   const compiler::LoopInfo* loop_info() const {
-    DCHECK(loop_info_.has_value());
-    return loop_info_.value();
+    DCHECK(loop_metadata_.has_value());
+    DCHECK_NOT_NULL(loop_metadata_->loop_info);
+    return loop_metadata_->loop_info;
+  }
+  void ClearLoopInfo() { loop_metadata_->loop_info = nullptr; }
+  bool HasLoopInfo() const {
+    return loop_metadata_.has_value() && loop_metadata_->loop_info;
   }
-  void ClearLoopInfo() { loop_info_.reset(); }
-  bool HasLoopInfo() const { return loop_info_.has_value(); }
 
   interpreter::Register catch_block_context_register() const {
     DCHECK(is_exception_handler());
@@ -1008,9 +1030,10 @@ class MergePointInterpreterFrameState {
                           const KnownNodeAspects& unmerged_aspects,
                           VirtualObject* merged, VirtualObject* unmerged);
 
-  ValueNode* MergeVirtualObjectValue(const MaglevGraphBuilder* graph_builder,
-                                     const KnownNodeAspects& unmerged_aspects,
-                                     ValueNode* merged, ValueNode* unmerged);
+  std::optional<ValueNode*> MergeVirtualObjectValue(
+      const MaglevGraphBuilder* graph_builder,
+      const KnownNodeAspects& unmerged_aspects, ValueNode* merged,
+      ValueNode* unmerged);
 
   void MergeLoopValue(MaglevGraphBuilder* graph_builder,
                       interpreter::Register owner,
@@ -1057,22 +1080,54 @@ class MergePointInterpreterFrameState {
     interpreter::Register catch_block_context_register_;
   };
 
-  base::Optional<const compiler::LoopInfo*> loop_info_ = base::nullopt;
+  struct LoopMetadata {
+    const compiler::LoopInfo* loop_info;
+    const LoopEffects* loop_effects;
+  };
+  std::optional<LoopMetadata> loop_metadata_ = std::nullopt;
 };
 
 struct LoopEffects {
-  explicit LoopEffects(Zone* zone)
-      : context_slot_written(zone), objects_written(zone), keys_cleared(zone) {}
+  explicit LoopEffects(int loop_header, Zone* zone)
+      :
+#ifdef DEBUG
+        loop_header(loop_header),
+#endif
+        context_slot_written(zone),
+        objects_written(zone),
+        keys_cleared(zone),
+        allocations(zone) {
+  }
+#ifdef DEBUG
+  int loop_header;
+#endif
   ZoneSet<KnownNodeAspects::LoadedContextSlotsKey> context_slot_written;
   ZoneSet<ValueNode*> objects_written;
   ZoneSet<KnownNodeAspects::LoadedPropertyMapKey> keys_cleared;
+  ZoneSet<InlinedAllocation*> allocations;
   bool unstable_aspects_cleared = false;
+  bool may_have_aliasing_contexts = false;
   void Clear() {
     context_slot_written.clear();
     objects_written.clear();
     keys_cleared.clear();
+    allocations.clear();
     unstable_aspects_cleared = false;
   }
+  void Merge(const LoopEffects* other) {
+    if (!unstable_aspects_cleared) {
+      unstable_aspects_cleared = other->unstable_aspects_cleared;
+    }
+    if (!may_have_aliasing_contexts) {
+      may_have_aliasing_contexts = other->may_have_aliasing_contexts;
+    }
+    context_slot_written.insert(other->context_slot_written.begin(),
+                                other->context_slot_written.end());
+    objects_written.insert(other->objects_written.begin(),
+                           other->objects_written.end());
+    keys_cleared.insert(other->keys_cleared.begin(), other->keys_cleared.end());
+    allocations.insert(other->allocations.begin(), other->allocations.end());
+  }
 };
 
 void InterpreterFrameState::CopyFrom(const MaglevCompilationUnit& info,
diff --git a/deps/v8/src/maglev/maglev-ir-inl.h b/deps/v8/src/maglev/maglev-ir-inl.h
index 5c7d17c8110c0e..2bcc0b36ed0390 100644
--- a/deps/v8/src/maglev/maglev-ir-inl.h
+++ b/deps/v8/src/maglev/maglev-ir-inl.h
@@ -116,7 +116,8 @@ void DeepForVirtualObject(VirtualObject* vobject,
                                      f);
         } else {
           f(alloc, input_location);
-          input_location += alloc->object()->InputLocationSizeNeeded() + 1;
+          input_location +=
+              alloc->object()->InputLocationSizeNeeded(virtual_objects) + 1;
         }
         break;
       }
@@ -152,7 +153,7 @@ void DeepForEachInputAndVirtualObject(
                                           virtual_objects, f);
       } else {
         f(alloc, input_location);
-        input_location += vobject->InputLocationSizeNeeded() + 1;
+        input_location += vobject->InputLocationSizeNeeded(virtual_objects) + 1;
       }
     } else {
       f(node, input_location);
diff --git a/deps/v8/src/maglev/maglev-ir.cc b/deps/v8/src/maglev/maglev-ir.cc
index b8b2ad1d4c89ba..d66577cc00cec7 100644
--- a/deps/v8/src/maglev/maglev-ir.cc
+++ b/deps/v8/src/maglev/maglev-ir.cc
@@ -6,6 +6,7 @@
 
 #include <cmath>
 #include <limits>
+#include <optional>
 
 #include "src/base/bounds.h"
 #include "src/base/logging.h"
@@ -26,6 +27,7 @@
 #include "src/objects/instance-type.h"
 #include "src/objects/js-array.h"
 #include "src/objects/js-generator.h"
+#include "src/roots/static-roots.h"
 #ifdef V8_ENABLE_MAGLEV
 #include "src/maglev/maglev-assembler-inl.h"
 #include "src/maglev/maglev-assembler.h"
@@ -83,6 +85,8 @@ int StaticInputCount(NodeBase*) { UNREACHABLE(); }
 
 void NodeBase::CheckCanOverwriteWith(Opcode new_opcode,
                                      OpProperties new_properties) {
+  if (new_opcode == Opcode::kDead) return;
+
   DCHECK_IMPLIES(new_properties.can_eager_deopt(),
                  properties().can_eager_deopt());
   DCHECK_IMPLIES(new_properties.can_lazy_deopt(),
@@ -271,7 +275,7 @@ class MaybeUnparkForPrint {
   }
 
  private:
-  base::Optional<UnparkedScope> scope_;
+  std::optional<UnparkedScope> scope_;
 };
 
 template <typename NodeT>
@@ -287,25 +291,6 @@ void PrintImpl(std::ostream& os, MaglevGraphLabeller* graph_labeller,
   }
 }
 
-size_t GetInputLocationArraySizeFor(base::Vector<ValueNode*> array) {
-  size_t size = 0;
-  for (ValueNode* value : array) {
-    size += value->GetInputLocationsArraySize();
-  }
-  return size;
-}
-
-size_t GetInputLocationArraySizeFor(const MaglevCompilationUnit& unit,
-                                    const CompactInterpreterFrameState* frame) {
-  size_t size = 0;
-  frame->ForEachValue(unit, [&size](ValueNode* value, interpreter::Register) {
-    if (value != nullptr) {
-      size += value->GetInputLocationsArraySize();
-    }
-  });
-  return size;
-}
-
 bool RootToBoolean(RootIndex index) {
   switch (index) {
     case RootIndex::kFalseValue:
@@ -344,23 +329,60 @@ bool CheckToBooleanOnAllRoots(LocalIsolate* local_isolate) {
 }
 #endif
 
-size_t NestedInputLocationSizeNeeded(ValueNode* node) {
+size_t GetInputLocationSizeForValueNode(VirtualObject::List virtual_objects,
+                                        ValueNode* value) {
+  // We allocate the space needed for the Virtual Object plus one location
+  // used if the allocation escapes.
+  DCHECK(!value->Is<VirtualObject>());
+  if (const InlinedAllocation* alloc = value->TryCast<InlinedAllocation>()) {
+    VirtualObject* vobject = virtual_objects.FindAllocatedWith(alloc);
+    CHECK_NOT_NULL(vobject);
+    return vobject->InputLocationSizeNeeded(virtual_objects) + 1;
+  }
+  return 1;
+}
+
+size_t GetInputLocationSizeForArray(VirtualObject::List virtual_objects,
+                                    base::Vector<ValueNode*> array) {
+  size_t size = 0;
+  for (ValueNode* value : array) {
+    size += GetInputLocationSizeForValueNode(virtual_objects, value);
+  }
+  return size;
+}
+
+size_t GetInputLocationSizeForCompactFrame(
+    const MaglevCompilationUnit& unit, VirtualObject::List virtual_objects,
+    const CompactInterpreterFrameState* frame) {
+  size_t size = 0;
+  frame->ForEachValue(unit, [&](ValueNode* value, interpreter::Register) {
+    if (value != nullptr) {
+      size += GetInputLocationSizeForValueNode(virtual_objects, value);
+    }
+  });
+  return size;
+}
+
+size_t GetInputLocationSizeForVirtualObjectSlot(
+    VirtualObject::List virtual_objects, ValueNode* node) {
   if (IsConstantNode(node->opcode()) ||
       node->opcode() == Opcode::kArgumentsElements ||
       node->opcode() == Opcode::kArgumentsLength ||
       node->opcode() == Opcode::kRestLength) {
     return 0;
   }
-  return node->GetInputLocationsArraySize();
+  return GetInputLocationSizeForValueNode(virtual_objects, node);
 }
 
 }  // namespace
 
-size_t VirtualObject::InputLocationSizeNeeded() const {
+size_t VirtualObject::InputLocationSizeNeeded(
+    VirtualObject::List virtual_objects) const {
   if (type() != kDefault) return 0;
   size_t size = 0;
   for (uint32_t i = 0; i < slot_count(); i++) {
-    size += NestedInputLocationSizeNeeded(slots_.data[i]);
+    size += GetInputLocationSizeForVirtualObjectSlot(virtual_objects,
+                                                     slots_.data[i]);
   }
   return size;
 }
@@ -376,48 +398,38 @@ void VirtualObject::List::Print(std::ostream& os, const char* prefix,
   os << std::endl;
 }
 
-size_t ValueNode::GetInputLocationsArraySize() const {
-  // We allocate the space needed for the Virtual Object plus one location
-  // used if the allocation escapes.
-  if (const InlinedAllocation* alloc = TryCast<InlinedAllocation>()) {
-    return alloc->object()->InputLocationSizeNeeded() + 1;
-  } else if (const VirtualObject* vobj = TryCast<VirtualObject>()) {
-    return vobj->InputLocationSizeNeeded() + 1;
-  }
-  return 1;
-}
-
 size_t DeoptFrame::GetInputLocationsArraySize() const {
   size_t size = 0;
   const DeoptFrame* frame = this;
+  VirtualObject::List virtual_objects = GetVirtualObjects(*this);
   do {
     switch (frame->type()) {
       case DeoptFrame::FrameType::kInterpretedFrame:
-        size +=
-            frame->as_interpreted().closure()->GetInputLocationsArraySize() +
-            GetInputLocationArraySizeFor(frame->as_interpreted().unit(),
-                                         frame->as_interpreted().frame_state());
+        size += GetInputLocationSizeForValueNode(
+                    virtual_objects, frame->as_interpreted().closure()) +
+                GetInputLocationSizeForCompactFrame(
+                    frame->as_interpreted().unit(), virtual_objects,
+                    frame->as_interpreted().frame_state());
         break;
       case DeoptFrame::FrameType::kInlinedArgumentsFrame:
-        size += frame->as_inlined_arguments()
-                    .closure()
-                    ->GetInputLocationsArraySize() +
-                GetInputLocationArraySizeFor(
-                    frame->as_inlined_arguments().arguments());
+        size += GetInputLocationSizeForValueNode(
+                    virtual_objects, frame->as_inlined_arguments().closure()) +
+                GetInputLocationSizeForArray(
+                    virtual_objects, frame->as_inlined_arguments().arguments());
         break;
       case DeoptFrame::FrameType::kConstructInvokeStubFrame:
-        size +=
-            frame->as_construct_stub()
-                .receiver()
-                ->GetInputLocationsArraySize() +
-            frame->as_construct_stub().context()->GetInputLocationsArraySize();
+        size += GetInputLocationSizeForValueNode(
+                    virtual_objects, frame->as_construct_stub().receiver()) +
+                GetInputLocationSizeForValueNode(
+                    virtual_objects, frame->as_construct_stub().context());
         break;
       case DeoptFrame::FrameType::kBuiltinContinuationFrame:
-        size += GetInputLocationArraySizeFor(
-                    frame->as_builtin_continuation().parameters()) +
-                frame->as_builtin_continuation()
-                    .context()
-                    ->GetInputLocationsArraySize();
+        size +=
+            GetInputLocationSizeForArray(
+                virtual_objects,
+                frame->as_builtin_continuation().parameters()) +
+            GetInputLocationSizeForValueNode(
+                virtual_objects, frame->as_builtin_continuation().context());
         break;
     }
     frame = frame->parent();
@@ -451,6 +463,11 @@ bool FromConstantToBool(LocalIsolate* local_isolate, ValueNode* node) {
   }
 }
 
+void Input::clear() {
+  node_->remove_use();
+  node_ = nullptr;
+}
+
 DeoptInfo::DeoptInfo(Zone* zone, const DeoptFrame top_frame,
                      compiler::FeedbackSource feedback_to_update,
                      size_t input_locations_size)
@@ -935,6 +952,10 @@ Handle<Object> Constant::DoReify(LocalIsolate* isolate) const {
   return object_.object();
 }
 
+Handle<Object> TrustedConstant::DoReify(LocalIsolate* isolate) const {
+  return object_.object();
+}
+
 Handle<Object> RootConstant::DoReify(LocalIsolate* isolate) const {
   return isolate->root_handle(index());
 }
@@ -1046,6 +1067,10 @@ void RootConstant::DoLoadToRegister(MaglevAssembler* masm, Register reg) {
   __ LoadRoot(reg, index());
 }
 
+void TrustedConstant::DoLoadToRegister(MaglevAssembler* masm, Register reg) {
+  __ Move(reg, object_.object());
+}
+
 // ---
 // Arch agnostic nodes
 // ---
@@ -1080,6 +1105,14 @@ void Constant::SetValueLocationConstraints() { DefineAsConstant(this); }
 void Constant::GenerateCode(MaglevAssembler* masm,
                             const ProcessingState& state) {}
 
+void TrustedConstant::SetValueLocationConstraints() { DefineAsConstant(this); }
+void TrustedConstant::GenerateCode(MaglevAssembler* masm,
+                                   const ProcessingState& state) {
+#ifndef V8_ENABLE_SANDBOX
+  UNREACHABLE();
+#endif
+}
+
 void RootConstant::SetValueLocationConstraints() { DefineAsConstant(this); }
 void RootConstant::GenerateCode(MaglevAssembler* masm,
                                 const ProcessingState& state) {}
@@ -1248,7 +1281,7 @@ void AllocateElementsArray::GenerateCode(MaglevAssembler* masm,
   Register length = ToRegister(length_input());
   Register elements = ToRegister(result());
   Label allocate_elements, done;
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   // Be sure to save the length in the register snapshot.
   RegisterSnapshot snapshot = register_snapshot();
@@ -1517,7 +1550,7 @@ void CheckHoleyFloat64IsSmi::SetValueLocationConstraints() {
 void CheckHoleyFloat64IsSmi::GenerateCode(MaglevAssembler* masm,
                                           const ProcessingState& state) {
   DoubleRegister value = ToDoubleRegister(input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Label* fail = __ GetDeoptLabel(this, DeoptimizeReason::kNotASmi);
   __ TryTruncateDoubleToInt32(scratch, value, fail);
@@ -1615,33 +1648,61 @@ namespace {
 void JumpToFailIfNotHeapNumberOrOddball(
     MaglevAssembler* masm, Register value,
     TaggedToFloat64ConversionType conversion_type, Label* fail) {
+  if (!fail && !v8_flags.debug_code) return;
+
+  static_assert(InstanceType::HEAP_NUMBER_TYPE + 1 ==
+                InstanceType::ODDBALL_TYPE);
   switch (conversion_type) {
+    case TaggedToFloat64ConversionType::kNumberOrBoolean: {
+      // Check if HeapNumber or Boolean, jump to fail otherwise.
+      MaglevAssembler::TemporaryRegisterScope temps(masm);
+      Register map = temps.AcquireScratch();
+
+#if V8_STATIC_ROOTS_BOOL
+      static_assert(StaticReadOnlyRoot::kBooleanMap + Map::kSize ==
+                    StaticReadOnlyRoot::kHeapNumberMap);
+      __ LoadMapForCompare(map, value);
+      if (fail) {
+        __ JumpIfObjectNotInRange(map, StaticReadOnlyRoot::kBooleanMap,
+                                  StaticReadOnlyRoot::kHeapNumberMap, fail);
+      } else {
+        __ AssertObjectInRange(map, StaticReadOnlyRoot::kBooleanMap,
+                               StaticReadOnlyRoot::kHeapNumberMap,
+                               AbortReason::kUnexpectedValue);
+      }
+#else
+      Label done;
+      __ LoadMap(map, value);
+      __ CompareRoot(map, RootIndex::kHeapNumberMap);
+      __ JumpIf(kEqual, &done);
+      __ CompareRoot(map, RootIndex::kBooleanMap);
+      if (fail) {
+        __ JumpIf(kNotEqual, fail);
+      } else {
+        __ Assert(kEqual, AbortReason::kUnexpectedValue);
+      }
+      __ bind(&done);
+#endif
+      break;
+    }
     case TaggedToFloat64ConversionType::kNumberOrOddball:
       // Check if HeapNumber or Oddball, jump to fail otherwise.
-      static_assert(InstanceType::HEAP_NUMBER_TYPE + 1 ==
-                    InstanceType::ODDBALL_TYPE);
       if (fail) {
-        __ CompareObjectTypeRange(value, InstanceType::HEAP_NUMBER_TYPE,
-                                  InstanceType::ODDBALL_TYPE);
-        __ JumpIf(kUnsignedGreaterThan, fail);
+        __ JumpIfObjectTypeNotInRange(value, InstanceType::HEAP_NUMBER_TYPE,
+                                      InstanceType::ODDBALL_TYPE, fail);
       } else {
-        if (v8_flags.debug_code) {
-          __ CompareObjectTypeRange(value, InstanceType::HEAP_NUMBER_TYPE,
-                                    InstanceType::ODDBALL_TYPE);
-          __ Assert(kUnsignedLessThanEqual, AbortReason::kUnexpectedValue);
-        }
+        __ AssertObjectTypeInRange(value, InstanceType::HEAP_NUMBER_TYPE,
+                                   InstanceType::ODDBALL_TYPE,
+                                   AbortReason::kUnexpectedValue);
       }
       break;
     case TaggedToFloat64ConversionType::kOnlyNumber:
       // Check if HeapNumber, jump to fail otherwise.
       if (fail) {
-        __ CompareObjectTypeAndJumpIf(value, InstanceType::HEAP_NUMBER_TYPE,
-                                      kNotEqual, fail);
+        __ JumpIfNotObjectType(value, InstanceType::HEAP_NUMBER_TYPE, fail);
       } else {
-        if (v8_flags.debug_code) {
-          __ CompareObjectTypeAndAssert(value, InstanceType::HEAP_NUMBER_TYPE,
-                                        kEqual, AbortReason::kUnexpectedValue);
-        }
+        __ AssertObjectType(value, InstanceType::HEAP_NUMBER_TYPE,
+                            AbortReason::kUnexpectedValue);
       }
       break;
   }
@@ -1674,9 +1735,9 @@ void CheckedNumberOrOddballToFloat64::SetValueLocationConstraints() {
 void CheckedNumberOrOddballToFloat64::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
   Register value = ToRegister(input());
-  TryUnboxNumberOrOddball(
-      masm, ToDoubleRegister(result()), value, conversion_type(),
-      __ GetDeoptLabel(this, DeoptimizeReason::kNotANumberOrOddball));
+  TryUnboxNumberOrOddball(masm, ToDoubleRegister(result()), value,
+                          conversion_type(),
+                          __ GetDeoptLabel(this, deoptimize_reason()));
 }
 
 void UncheckedNumberOrOddballToFloat64::SetValueLocationConstraints() {
@@ -1704,8 +1765,8 @@ void EmitTruncateNumberOrOddballToInt32(
   __ bind(&is_not_smi);
   JumpToFailIfNotHeapNumberOrOddball(masm, value, conversion_type,
                                      not_a_number);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  DoubleRegister double_value = temps.GetDefaultScratchDoubleRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  DoubleRegister double_value = temps.AcquireScratchDouble();
   __ LoadHeapNumberOrOddballValue(double_value, value);
   __ TruncateDoubleToInt32(result_reg, double_value);
   __ bind(&done);
@@ -1728,8 +1789,8 @@ void CheckedObjectToIndex::GenerateCode(MaglevAssembler* masm,
       __ MakeDeferredCode(
           [](MaglevAssembler* masm, Register object, Register result_reg,
              ZoneLabelRef done, CheckedObjectToIndex* node) {
-            MaglevAssembler::ScratchRegisterScope temps(masm);
-            Register map = temps.GetDefaultScratchRegister();
+            MaglevAssembler::TemporaryRegisterScope temps(masm);
+            Register map = temps.AcquireScratch();
             Label check_string;
             __ LoadMapForCompare(map, object);
             __ JumpIfNotRoot(
@@ -1888,7 +1949,7 @@ void CheckMapsWithMigration::GenerateCode(MaglevAssembler* masm,
   // intersection is empty.
   DCHECK(!maps().is_empty());
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(receiver_input());
 
   bool maps_include_heap_number = compiler::AnyMapIsHeapNumber(maps());
@@ -1977,7 +2038,7 @@ void MigrateMapIfNeeded::SetValueLocationConstraints() {
 
 void MigrateMapIfNeeded::GenerateCode(MaglevAssembler* masm,
                                       const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(object_input());
   Register map = ToRegister(map_input());
   DCHECK_EQ(map, ToRegister(result()));
@@ -2196,7 +2257,7 @@ void Float64ToBoolean::SetValueLocationConstraints() {
 }
 void Float64ToBoolean::GenerateCode(MaglevAssembler* masm,
                                     const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   DoubleRegister double_scratch = temps.AcquireDouble();
   Register result = ToRegister(this->result());
   Label is_false, end;
@@ -2222,7 +2283,7 @@ void CheckedHoleyFloat64ToFloat64::SetValueLocationConstraints() {
 }
 void CheckedHoleyFloat64ToFloat64::GenerateCode(MaglevAssembler* masm,
                                                 const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   __ JumpIfHoleNan(ToDoubleRegister(input()), temps.Acquire(),
                    __ GetDeoptLabel(this, DeoptimizeReason::kHole));
 }
@@ -2234,7 +2295,7 @@ void LoadDoubleField::SetValueLocationConstraints() {
 }
 void LoadDoubleField::GenerateCode(MaglevAssembler* masm,
                                    const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register tmp = temps.Acquire();
   Register object = ToRegister(object_input());
   __ AssertNotSmi(object);
@@ -2243,12 +2304,14 @@ void LoadDoubleField::GenerateCode(MaglevAssembler* masm,
   __ LoadHeapNumberValue(ToDoubleRegister(result()), tmp);
 }
 
-void LoadTaggedField::SetValueLocationConstraints() {
+template <typename T>
+void AbstractLoadTaggedField<T>::SetValueLocationConstraints() {
   UseRegister(object_input());
   DefineAsRegister(this);
 }
-void LoadTaggedField::GenerateCode(MaglevAssembler* masm,
-                                   const ProcessingState& state) {
+template <typename T>
+void AbstractLoadTaggedField<T>::GenerateCode(MaglevAssembler* masm,
+                                              const ProcessingState& state) {
   Register object = ToRegister(object_input());
   __ AssertNotSmi(object);
   if (this->decompresses_tagged_result()) {
@@ -2400,7 +2463,7 @@ void LoadTaggedFieldByFieldIndex::GenerateCode(MaglevAssembler* masm,
 
             __ bind(&if_outofobject);
             {
-              MaglevAssembler::ScratchRegisterScope temps(masm);
+              MaglevAssembler::TemporaryRegisterScope temps(masm);
               Register property_array = temps.Acquire();
               // Load the property array.
               __ LoadTaggedField(
@@ -2422,7 +2485,7 @@ void LoadTaggedFieldByFieldIndex::GenerateCode(MaglevAssembler* masm,
             // this is a HeapNumber -- otherwise the load is fine and we don't
             // need to copy anything anyway.
             __ JumpIfSmi(result_reg, *done);
-            MaglevAssembler::ScratchRegisterScope temps(masm);
+            MaglevAssembler::TemporaryRegisterScope temps(masm);
             Register map = temps.Acquire();
             // Hack: The temporary allocated for `map` might alias the result
             // register. If it does, use the field_index register as a temporary
@@ -2467,7 +2530,7 @@ void LoadTaggedFieldByFieldIndex::GenerateCode(MaglevAssembler* masm,
 
     __ bind(&if_outofobject);
     {
-      MaglevAssembler::ScratchRegisterScope temps(masm);
+      MaglevAssembler::TemporaryRegisterScope temps(masm);
       Register property_array = temps.Acquire();
       // Load the property array.
       __ LoadTaggedField(
@@ -2539,7 +2602,7 @@ void LoadHoleyFixedDoubleArrayElementCheckedNotHole::
 }
 void LoadHoleyFixedDoubleArrayElementCheckedNotHole::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register elements = ToRegister(elements_input());
   Register index = ToRegister(index_input());
   DoubleRegister result_reg = ToDoubleRegister(result());
@@ -2559,8 +2622,8 @@ void StoreFixedDoubleArrayElement::GenerateCode(MaglevAssembler* masm,
   Register index = ToRegister(index_input());
   DoubleRegister value = ToDoubleRegister(value_input());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(elements, FIXED_DOUBLE_ARRAY_TYPE, kEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(elements, FIXED_DOUBLE_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
     __ CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                              AbortReason::kUnexpectedNegativeValue);
   }
@@ -2576,7 +2639,7 @@ void StoreMap::SetValueLocationConstraints() {
 }
 void StoreMap::GenerateCode(MaglevAssembler* masm,
                             const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   // TODO(leszeks): Consider making this an arbitrary register and push/popping
   // in the deferred path.
   Register object = WriteBarrierDescriptor::ObjectRegister();
@@ -2617,6 +2680,28 @@ void StoreTaggedFieldWithWriteBarrier::GenerateCode(
       MaglevAssembler::kValueCanBeSmi);
 }
 
+int StoreTrustedPointerFieldWithWriteBarrier::MaxCallStackArgs() const {
+  return WriteBarrierDescriptor::GetStackParameterCount();
+}
+void StoreTrustedPointerFieldWithWriteBarrier::SetValueLocationConstraints() {
+  UseFixed(object_input(), WriteBarrierDescriptor::ObjectRegister());
+  UseRegister(value_input());
+}
+void StoreTrustedPointerFieldWithWriteBarrier::GenerateCode(
+    MaglevAssembler* masm, const ProcessingState& state) {
+#ifdef V8_ENABLE_SANDBOX
+  // TODO(leszeks): Consider making this an arbitrary register and push/popping
+  // in the deferred path.
+  Register object = WriteBarrierDescriptor::ObjectRegister();
+  DCHECK_EQ(object, ToRegister(object_input()));
+  Register value = ToRegister(value_input());
+  __ StoreTrustedPointerFieldWithWriteBarrier(object, offset(), value,
+                                              register_snapshot(), tag());
+#else
+  UNREACHABLE();
+#endif
+}
+
 void LoadSignedIntDataViewElement::SetValueLocationConstraints() {
   UseRegister(object_input());
   UseRegister(index_input());
@@ -2635,16 +2720,16 @@ void LoadSignedIntDataViewElement::GenerateCode(MaglevAssembler* masm,
   Register index = ToRegister(index_input());
   Register result_reg = ToRegister(result());
 
-  __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE,
-                                  kUnsignedGreaterThanEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectTypeInRange(object,
+                               FIRST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               LAST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               AbortReason::kUnexpectedValue);
   }
 
   int element_size = compiler::ExternalArrayElementSize(type_);
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register data_pointer = temps.Acquire();
 
   // We need to make sure we don't clobber is_little_endian_input by writing to
@@ -2709,11 +2794,11 @@ void StoreSignedIntDataViewElement::GenerateCode(MaglevAssembler* masm,
   Register index = ToRegister(index_input());
   Register value = ToRegister(value_input());
 
-  __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE,
-                                  kUnsignedGreaterThanEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectTypeInRange(object,
+                               FIRST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               LAST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               AbortReason::kUnexpectedValue);
   }
 
   int element_size = compiler::ExternalArrayElementSize(type_);
@@ -2737,7 +2822,7 @@ void StoreSignedIntDataViewElement::GenerateCode(MaglevAssembler* masm,
     }
   }
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register data_pointer = temps.Acquire();
   __ LoadExternalPointerField(
       data_pointer, FieldMemOperand(object, JSDataView::kDataPointerOffset));
@@ -2758,17 +2843,17 @@ void LoadDoubleDataViewElement::SetValueLocationConstraints() {
 }
 void LoadDoubleDataViewElement::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(object_input());
   Register index = ToRegister(index_input());
   DoubleRegister result_reg = ToDoubleRegister(result());
   Register data_pointer = temps.Acquire();
 
-  __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE,
-                                  kUnsignedGreaterThanEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectTypeInRange(object,
+                               FIRST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               LAST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               AbortReason::kUnexpectedValue);
   }
 
   // Load data pointer.
@@ -2819,14 +2904,14 @@ void StoreDoubleDataViewElement::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(object_input());
   Register index = ToRegister(index_input());
   DoubleRegister value = ToDoubleRegister(value_input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register data_pointer = temps.Acquire();
 
-  __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE,
-                                  kUnsignedGreaterThanEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectTypeInRange(object,
+                               FIRST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               LAST_JS_DATA_VIEW_OR_RAB_GSAB_DATA_VIEW_TYPE,
+                               AbortReason::kUnexpectedValue);
   }
 
   // Load data pointer.
@@ -2865,7 +2950,7 @@ namespace {
 template <typename NodeT, typename Function, typename... Args>
 void EmitPolymorphicAccesses(MaglevAssembler* masm, NodeT* node,
                              Register object, Function&& f, Args&&... args) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object_map = temps.Acquire();
   Label done;
   Label is_number;
@@ -3026,7 +3111,7 @@ void CheckValueEqualsFloat64::SetValueLocationConstraints() {
 void CheckValueEqualsFloat64::GenerateCode(MaglevAssembler* masm,
                                            const ProcessingState& state) {
   Label* fail = __ GetDeoptLabel(this, DeoptimizeReason::kWrongValue);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   DoubleRegister scratch = temps.AcquireDouble();
   DoubleRegister target = ToDoubleRegister(target_input());
   __ Move(scratch, value());
@@ -3133,16 +3218,12 @@ void CheckSymbol::GenerateCode(MaglevAssembler* masm,
   } else {
     __ EmitEagerDeoptIfSmi(this, object, DeoptimizeReason::kNotASymbol);
   }
-  __ CompareObjectTypeAndJumpIf(
-      object, SYMBOL_TYPE, kNotEqual,
-      __ GetDeoptLabel(this, DeoptimizeReason::kNotASymbol));
+  __ JumpIfNotObjectType(object, SYMBOL_TYPE,
+                         __ GetDeoptLabel(this, DeoptimizeReason::kNotASymbol));
 }
 
 void CheckInstanceType::SetValueLocationConstraints() {
   UseRegister(receiver_input());
-  if (first_instance_type_ != last_instance_type_) {
-    set_temporaries_needed(1);
-  }
 }
 void CheckInstanceType::GenerateCode(MaglevAssembler* masm,
                                      const ProcessingState& state) {
@@ -3153,17 +3234,13 @@ void CheckInstanceType::GenerateCode(MaglevAssembler* masm,
     __ EmitEagerDeoptIfSmi(this, object, DeoptimizeReason::kWrongInstanceType);
   }
   if (first_instance_type_ == last_instance_type_) {
-    __ CompareObjectTypeAndJumpIf(
-        object, first_instance_type_, kNotEqual,
+    __ JumpIfNotObjectType(
+        object, first_instance_type_,
         __ GetDeoptLabel(this, DeoptimizeReason::kWrongInstanceType));
   } else {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    Register map = temps.Acquire();
-    __ LoadMap(map, object);
-    __ CompareInstanceTypeRange(map, map, first_instance_type_,
-                                last_instance_type_);
-    __ EmitEagerDeoptIf(kUnsignedGreaterThan,
-                        DeoptimizeReason::kWrongInstanceType, this);
+    __ JumpIfObjectTypeNotInRange(
+        object, first_instance_type_, last_instance_type_,
+        __ GetDeoptLabel(this, DeoptimizeReason::kWrongInstanceType));
   }
 }
 
@@ -3178,10 +3255,8 @@ void CheckCacheIndicesNotCleared::GenerateCode(MaglevAssembler* masm,
   __ AssertNotSmi(indices);
 
   if (v8_flags.debug_code) {
-    Label ok;
-    __ CompareObjectTypeAndAssert(indices, FIXED_ARRAY_TYPE, kEqual,
-                                  AbortReason::kOperandIsNotAFixedArray);
-    __ bind(&ok);
+    __ AssertObjectType(indices, FIXED_ARRAY_TYPE,
+                        AbortReason::kOperandIsNotAFixedArray);
   }
   Label done;
   // If the cache length is zero, we don't have any indices, so we know this is
@@ -3227,7 +3302,7 @@ void CheckConstTrackingLetCell::SetValueLocationConstraints() {
 void CheckConstTrackingLetCell::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
   __ RecordComment("CheckConstTrackingLetCell");
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Label done;
 
   Register context = ToRegister(context_input());
@@ -3248,7 +3323,7 @@ void CheckConstTrackingLetCellTagged::SetValueLocationConstraints() {
 void CheckConstTrackingLetCellTagged::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
   __ RecordComment("CheckConstTrackingLetCellTagged");
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Label done;
 
   Register context = ToRegister(context_input());
@@ -3290,7 +3365,7 @@ void CheckDetectableCallable::SetValueLocationConstraints() {
 void CheckDetectableCallable::GenerateCode(MaglevAssembler* masm,
                                            const ProcessingState& state) {
   Register object = ToRegister(receiver_input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   auto deopt = __ GetDeoptLabel(this, DeoptimizeReason::kNotDetectableReceiver);
   __ JumpIfNotCallable(object, scratch, check_type(), deopt);
@@ -3300,13 +3375,10 @@ void CheckDetectableCallable::GenerateCode(MaglevAssembler* masm,
 
 void CheckNotHole::SetValueLocationConstraints() {
   UseRegister(object_input());
-  DefineSameAsFirst(this);
 }
 void CheckNotHole::GenerateCode(MaglevAssembler* masm,
                                 const ProcessingState& state) {
-  DCHECK_EQ(ToRegister(object_input()), ToRegister(result()));
-  Register reg = ToRegister(object_input());
-  __ CompareRoot(reg, RootIndex::kTheHoleValue);
+  __ CompareRoot(ToRegister(object_input()), RootIndex::kTheHoleValue);
   __ EmitEagerDeoptIf(kEqual, DeoptimizeReason::kHole, this);
 }
 
@@ -3667,7 +3739,7 @@ void HasInPrototypeChain::SetValueLocationConstraints() {
 }
 void HasInPrototypeChain::GenerateCode(MaglevAssembler* masm,
                                        const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object_reg = ToRegister(object());
   Register result_reg = ToRegister(result());
 
@@ -3902,8 +3974,7 @@ void UpdateJSArrayLength::GenerateCode(MaglevAssembler* masm,
 
   Label done, tag_length;
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_ARRAY_TYPE, kEqual,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     static_assert(Internals::IsValidSmi(FixedArray::kMaxLength),
                   "MaxLength not a Smi");
     __ CompareInt32AndAssert(index, FixedArray::kMaxLength, kUnsignedLessThan,
@@ -3931,7 +4002,7 @@ void EnsureWritableFastElements::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(object_input());
   Register elements = ToRegister(elements_input());
   DCHECK_EQ(elements, ToRegister(result()));
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ EnsureWritableFastElements(register_snapshot(), elements, object, scratch);
 }
@@ -4006,17 +4077,12 @@ void ExtendPropertiesBackingStore::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(object_input());
   Register old_property_array = ToRegister(property_array_input());
   Register result_reg = ToRegister(result());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register new_property_array =
       result_reg == object || result_reg == old_property_array ? temps.Acquire()
                                                                : result_reg;
   Register scratch = temps.Acquire();
-  DCHECK_NE(object, old_property_array);
-  DCHECK_NE(object, new_property_array);
-  DCHECK_NE(object, scratch);
-  DCHECK_NE(old_property_array, new_property_array);
-  DCHECK_NE(old_property_array, scratch);
-  DCHECK_NE(new_property_array, scratch);
+  DCHECK(!AreAliased(object, old_property_array, new_property_array, scratch));
 
   int new_length = old_length_ + JSObject::kFieldsAdded;
 
@@ -4038,12 +4104,24 @@ void ExtendPropertiesBackingStore::GenerateCode(MaglevAssembler* masm,
   }
 
   // Copy existing properties over.
-  for (int i = 0; i < old_length_; ++i) {
-    __ LoadTaggedField(scratch, old_property_array,
-                       PropertyArray::OffsetOfElementAt(i));
+  {
+    RegisterSnapshot snapshot = register_snapshot();
+    snapshot.live_registers.set(object);
+    snapshot.live_registers.set(old_property_array);
+    snapshot.live_registers.set(new_property_array);
+    snapshot.live_tagged_registers.set(object);
+    snapshot.live_tagged_registers.set(old_property_array);
+    snapshot.live_tagged_registers.set(new_property_array);
 
-    __ StoreTaggedFieldNoWriteBarrier(
-        new_property_array, PropertyArray::OffsetOfElementAt(i), scratch);
+    for (int i = 0; i < old_length_; ++i) {
+      __ LoadTaggedFieldWithoutDecompressing(
+          scratch, old_property_array, PropertyArray::OffsetOfElementAt(i));
+
+      __ StoreTaggedFieldWithWriteBarrier(
+          new_property_array, PropertyArray::OffsetOfElementAt(i), scratch,
+          snapshot, MaglevAssembler::kValueIsCompressed,
+          MaglevAssembler::kValueCanBeSmi);
+    }
   }
 
   // Initialize new properties to undefined.
@@ -4185,7 +4263,7 @@ void GeneratorRestoreRegister::SetValueLocationConstraints() {
 }
 void GeneratorRestoreRegister::GenerateCode(MaglevAssembler* masm,
                                             const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register temp = temps.Acquire();
   Register array = ToRegister(array_input());
   Register stale = ToRegister(stale_input());
@@ -4308,26 +4386,34 @@ void Int32ToNumber::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(result());
   Register value = ToRegister(input());
   ZoneLabelRef done(masm);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  // Object is not allowed to alias value, because SmiTagInt32AndJumpIfFail will
+  // clobber `object` even if the tagging fails, and we don't want it to clobber
+  // `value`.
   bool input_output_alias = (object == value);
   Register res = object;
   if (input_output_alias) {
-    res = temps.GetDefaultScratchRegister();
+    res = temps.AcquireScratch();
   }
   __ SmiTagInt32AndJumpIfFail(
       res, value,
       __ MakeDeferredCode(
           [](MaglevAssembler* masm, Register object, Register value,
-             ZoneLabelRef done, Int32ToNumber* node) {
-            MaglevAssembler::ScratchRegisterScope temps(masm);
-            DoubleRegister double_value =
-                temps.GetDefaultScratchDoubleRegister();
+             Register scratch, ZoneLabelRef done, Int32ToNumber* node) {
+            MaglevAssembler::TemporaryRegisterScope temps(masm);
+            // AllocateHeapNumber needs a scratch register, and the res scratch
+            // register isn't needed anymore, so return it to the pool.
+            if (scratch.is_valid()) {
+              temps.IncludeScratch(scratch);
+            }
+            DoubleRegister double_value = temps.AcquireScratchDouble();
             __ Int32ToDouble(double_value, value);
             __ AllocateHeapNumber(node->register_snapshot(), object,
                                   double_value);
             __ Jump(*done);
           },
-          object, value, done, this));
+          object, value, input_output_alias ? res : Register::no_reg(), done,
+          this));
   if (input_output_alias) {
     __ Move(object, res);
   }
@@ -4348,14 +4434,16 @@ void Uint32ToNumber::GenerateCode(MaglevAssembler* masm,
   ZoneLabelRef done(masm);
   Register value = ToRegister(input());
   Register object = ToRegister(result());
+  // Unlike Int32ToNumber, object is allowed to alias value here (indeed, the
+  // code is better if it does). The difference is that Uint32 smi tagging first
+  // does a range check, and doesn't clobber `object` on failure.
   __ SmiTagUint32AndJumpIfFail(
       object, value,
       __ MakeDeferredCode(
           [](MaglevAssembler* masm, Register object, Register value,
              ZoneLabelRef done, Uint32ToNumber* node) {
-            MaglevAssembler::ScratchRegisterScope temps(masm);
-            DoubleRegister double_value =
-                temps.GetDefaultScratchDoubleRegister();
+            MaglevAssembler::TemporaryRegisterScope temps(masm);
+            DoubleRegister double_value = temps.AcquireScratchDouble();
             __ Uint32ToDouble(double_value, value);
             __ AllocateHeapNumber(node->register_snapshot(), object,
                                   double_value);
@@ -4498,7 +4586,7 @@ void StringAt::SetValueLocationConstraints() {
 }
 void StringAt::GenerateCode(MaglevAssembler* masm,
                             const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register result_string = ToRegister(result());
   Register string = ToRegister(string_input());
@@ -4535,7 +4623,7 @@ void BuiltinStringPrototypeCharCodeOrCodePointAt::
 }
 void BuiltinStringPrototypeCharCodeOrCodePointAt::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch1 = temps.Acquire();
   Register scratch2 = Register::no_reg();
   if (mode_ == BuiltinStringPrototypeCharCodeOrCodePointAt::kCodePointAt) {
@@ -4590,7 +4678,7 @@ void StringEqual::GenerateCode(MaglevAssembler* masm,
   Label done, if_equal, if_not_equal;
   Register left = ToRegister(lhs());
   Register right = ToRegister(rhs());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register left_length = temps.Acquire();
   Register right_length = D::GetRegisterParameter(D::kLength);
 
@@ -4692,6 +4780,12 @@ void TestTypeOf::SetValueLocationConstraints() {
 }
 void TestTypeOf::GenerateCode(MaglevAssembler* masm,
                               const ProcessingState& state) {
+#ifdef V8_TARGET_ARCH_ARM
+  // Arm32 needs one extra scratch register for TestTypeOf, so take a maglev
+  // temporary and allow it to be used as a macro assembler scratch register.
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  temps.IncludeScratch(temps.Acquire());
+#endif
   Register object = ToRegister(value());
   Label is_true, is_false, done;
   __ TestTypeOf(object, literal_, &is_true, Label::Distance::kNear, true,
@@ -4778,7 +4872,7 @@ void ToNumberOrNumeric::GenerateCode(MaglevAssembler* masm,
   Register result_reg = ToRegister(result());
 
   __ JumpIfSmi(object, &move_and_return, Label::kNear);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ CompareMapWithRoot(object, RootIndex::kHeapNumberMap, scratch);
   __ JumpToDeferredIf(
@@ -4860,8 +4954,8 @@ void ToString::GenerateCode(MaglevAssembler* masm,
   __ JumpIfSmi(value, &call_builtin, Label::Distance::kNear);
   __ JumpIfString(value, &done, Label::Distance::kNear);
   if (mode() == kConvertSymbol) {
-    __ CompareObjectTypeAndJumpIf(value, SYMBOL_TYPE, kNotEqual, &call_builtin,
-                                  Label::Distance::kNear);
+    __ JumpIfNotObjectType(value, SYMBOL_TYPE, &call_builtin,
+                           Label::Distance::kNear);
     __ Push(value);
     __ CallRuntime(Runtime::kSymbolDescriptiveString, 1);
     __ Jump(&done, Label::kNear);
@@ -4955,7 +5049,7 @@ void ThrowIfNotCallable::GenerateCode(MaglevAssembler* masm,
       this);
 
   Register value_reg = ToRegister(value());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ JumpIfNotCallable(value_reg, scratch, CheckType::kCheckHeapObject,
                        if_not_callable);
@@ -4969,7 +5063,7 @@ void ThrowIfNotSuperConstructor::SetValueLocationConstraints() {
 }
 void ThrowIfNotSuperConstructor::GenerateCode(MaglevAssembler* masm,
                                               const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ LoadMap(scratch, ToRegister(constructor()));
   static_assert(Map::kBitFieldOffsetEnd + 1 - Map::kBitFieldOffset == 1);
@@ -5139,8 +5233,8 @@ void CheckNumber::SetValueLocationConstraints() {
 void CheckNumber::GenerateCode(MaglevAssembler* masm,
                                const ProcessingState& state) {
   Label done;
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   Register value = ToRegister(receiver_input());
   // If {value} is a Smi or a HeapNumber, we're done.
   __ JumpIfSmi(
@@ -5169,8 +5263,8 @@ void CheckedInternalizedString::SetValueLocationConstraints() {
 void CheckedInternalizedString::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
   Register object = ToRegister(object_input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register instance_type = temps.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register instance_type = temps.AcquireScratch();
   if (check_type() == CheckType::kOmitHeapObjectCheck) {
     __ AssertNotSmi(object);
   } else {
@@ -5225,7 +5319,7 @@ void CheckedNumberToUint8Clamped::GenerateCode(MaglevAssembler* masm,
                                                const ProcessingState& state) {
   Register value = ToRegister(input());
   Register result_reg = ToRegister(result());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   DoubleRegister double_value = temps.AcquireDouble();
   Label is_not_smi, min, max, done;
@@ -5384,7 +5478,7 @@ void CallSelf::SetValueLocationConstraints() {
 
 void CallSelf::GenerateCode(MaglevAssembler* masm,
                             const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   int actual_parameter_count = num_args() + 1;
   if (actual_parameter_count < expected_parameter_count_) {
@@ -5422,7 +5516,7 @@ void CallKnownJSFunction::SetValueLocationConstraints() {
 
 void CallKnownJSFunction::GenerateCode(MaglevAssembler* masm,
                                        const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   int actual_parameter_count = num_args() + 1;
   if (actual_parameter_count < expected_parameter_count_) {
@@ -5482,7 +5576,7 @@ void CallKnownApiFunction::SetValueLocationConstraints() {
 
 void CallKnownApiFunction::GenerateCode(MaglevAssembler* masm,
                                         const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   __ PushReverse(receiver(), args());
 
   // From here on, we're going to do a call, so all registers are valid temps,
@@ -5542,7 +5636,7 @@ void CallKnownApiFunction::GenerateCode(MaglevAssembler* masm,
 
 void CallKnownApiFunction::GenerateCallApiCallbackOptimizedInline(
     MaglevAssembler* masm, const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   Register scratch2 = temps.Acquire();
 
@@ -5783,7 +5877,7 @@ void CallCPPBuiltin::GenerateCode(MaglevAssembler* masm,
   constexpr Register kArityReg = D::GetRegisterParameter(D::kArity);
   constexpr Register kCFunctionReg = D::GetRegisterParameter(D::kCFunction);
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ LoadRoot(scratch, RootIndex::kTheHoleValue);
 
@@ -5960,8 +6054,8 @@ void SetPendingMessage::GenerateCode(MaglevAssembler* masm,
                                      const ProcessingState& state) {
   Register new_message = ToRegister(value());
   Register return_value = ToRegister(result());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   MemOperand pending_message_operand = __ ExternalReferenceAsOperand(
       ExternalReference::address_of_pending_message(masm->isolate()), scratch);
   if (new_message != return_value) {
@@ -5983,8 +6077,8 @@ void StoreDoubleField::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(object_input());
   DoubleRegister value = ToDoubleRegister(value_input());
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register tmp = temps.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register tmp = temps.AcquireScratch();
 
   __ AssertNotSmi(object);
   __ LoadTaggedField(tmp, object, offset());
@@ -6048,7 +6142,7 @@ void TransitionElementsKind::SetValueLocationConstraints() {
 
 void TransitionElementsKind::GenerateCode(MaglevAssembler* masm,
                                           const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(object_input());
   Register map = temps.Acquire();
 
@@ -6073,7 +6167,7 @@ void TransitionElementsKindOrCheckMap::SetValueLocationConstraints() {
 
 void TransitionElementsKindOrCheckMap::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(object_input());
 
   ZoneLabelRef done(masm);
@@ -6103,7 +6197,7 @@ void CheckTypedArrayNotDetached::SetValueLocationConstraints() {
 
 void CheckTypedArrayNotDetached::GenerateCode(MaglevAssembler* masm,
                                               const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(object_input());
   Register scratch = temps.Acquire();
   __ DeoptIfBufferDetached(object, scratch, this);
@@ -6116,7 +6210,7 @@ void GetContinuationPreservedEmbedderData::SetValueLocationConstraints() {
 void GetContinuationPreservedEmbedderData::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
   Register result = ToRegister(this->result());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   MemOperand reference = __ ExternalReferenceAsOperand(
       IsolateFieldId::kContinuationPreservedEmbedderData);
   __ Move(result, reference);
@@ -6129,7 +6223,7 @@ void SetContinuationPreservedEmbedderData::SetValueLocationConstraints() {
 void SetContinuationPreservedEmbedderData::GenerateCode(
     MaglevAssembler* masm, const ProcessingState& state) {
   Register data = ToRegister(data_input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   MemOperand reference = __ ExternalReferenceAsOperand(
       IsolateFieldId::kContinuationPreservedEmbedderData);
   __ Move(reference, data);
@@ -6143,12 +6237,12 @@ void GenerateTypedArrayLoad(MaglevAssembler* masm, NodeT* node, Register object,
                             ElementsKind kind) {
   __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    __ CompareObjectTypeAndAssert(object, JS_TYPED_ARRAY_TYPE, kEqual,
-                                  AbortReason::kUnexpectedValue);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    __ AssertObjectType(object, JS_TYPED_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
 
   Register data_pointer = scratch;
@@ -6189,12 +6283,12 @@ void GenerateTypedArrayStore(MaglevAssembler* masm, NodeT* node,
                              ElementsKind kind) {
   __ AssertNotSmi(object);
   if (v8_flags.debug_code) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    __ CompareObjectTypeAndAssert(object, JS_TYPED_ARRAY_TYPE, kEqual,
-                                  AbortReason::kUnexpectedValue);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    __ AssertObjectType(object, JS_TYPED_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
 
   Register data_pointer = scratch;
@@ -6388,7 +6482,7 @@ void TryOnStackReplacement::SetValueLocationConstraints() {
 }
 void TryOnStackReplacement::GenerateCode(MaglevAssembler* masm,
                                          const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch0 = temps.Acquire();
   Register scratch1 = temps.Acquire();
 
@@ -6478,7 +6572,7 @@ void BranchIfFloat64ToBooleanTrue::SetValueLocationConstraints() {
 }
 void BranchIfFloat64ToBooleanTrue::GenerateCode(MaglevAssembler* masm,
                                                 const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   DoubleRegister double_scratch = temps.AcquireDouble();
 
   __ Move(double_scratch, 0.0);
@@ -6493,7 +6587,7 @@ void BranchIfFloat64IsHole::SetValueLocationConstraints() {
 }
 void BranchIfFloat64IsHole::GenerateCode(MaglevAssembler* masm,
                                          const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   DoubleRegister input = ToDoubleRegister(condition_input());
   // See MaglevAssembler::Branch.
@@ -6524,7 +6618,7 @@ void HoleyFloat64IsHole::SetValueLocationConstraints() {
 }
 void HoleyFloat64IsHole::GenerateCode(MaglevAssembler* masm,
                                       const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   DoubleRegister value = ToDoubleRegister(input());
   Label done, if_not_hole;
@@ -6606,7 +6700,7 @@ void BranchIfUndetectable::SetValueLocationConstraints() {
 void BranchIfUndetectable::GenerateCode(MaglevAssembler* masm,
                                         const ProcessingState& state) {
   Register value = ToRegister(condition_input());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
 
   auto* next_block = state.next_block();
@@ -6629,7 +6723,7 @@ void TestUndetectable::GenerateCode(MaglevAssembler* masm,
                                     const ProcessingState& state) {
   Register object = ToRegister(value());
   Register return_value = ToRegister(result());
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
 
   Label return_false, done;
@@ -6675,7 +6769,7 @@ void Switch::SetValueLocationConstraints() {
   set_temporaries_needed(1);
 }
 void Switch::GenerateCode(MaglevAssembler* masm, const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   std::unique_ptr<Label*[]> labels = std::make_unique<Label*[]>(size());
   for (int i = 0; i < size(); i++) {
@@ -6717,8 +6811,8 @@ void HandleNoHeapWritesInterrupt::GenerateCode(MaglevAssembler* masm,
       },
       done, this);
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.GetDefaultScratchRegister();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   MemOperand check = __ ExternalReferenceAsOperand(
       ExternalReference::address_of_no_heap_write_interrupt_request(
           masm->isolate()),
@@ -6781,6 +6875,11 @@ void Constant::PrintParams(std::ostream& os,
   os << "(" << *object_.object() << ")";
 }
 
+void TrustedConstant::PrintParams(std::ostream& os,
+                                  MaglevGraphLabeller* graph_labeller) const {
+  os << "(" << *object_.object() << ")";
+}
+
 void DeleteProperty::PrintParams(std::ostream& os,
                                  MaglevGraphLabeller* graph_labeller) const {
   os << "(" << LanguageMode2String(mode()) << ")";
@@ -6973,8 +7072,9 @@ void TruncateNumberOrOddballToInt32::PrintParams(
   os << "(" << conversion_type() << ")";
 }
 
-void LoadTaggedField::PrintParams(std::ostream& os,
-                                  MaglevGraphLabeller* graph_labeller) const {
+template <typename T>
+void AbstractLoadTaggedField<T>::PrintParams(
+    std::ostream& os, MaglevGraphLabeller* graph_labeller) const {
   os << "(0x" << std::hex << offset() << std::dec;
   // Print compression status only after the result is allocated, since that's
   // when we do decompression marking.
@@ -7046,6 +7146,11 @@ void StoreTaggedFieldWithWriteBarrier::PrintParams(
   os << "(0x" << std::hex << offset() << std::dec << ")";
 }
 
+void StoreTrustedPointerFieldWithWriteBarrier::PrintParams(
+    std::ostream& os, MaglevGraphLabeller* graph_labeller) const {
+  os << "(0x" << std::hex << offset() << std::dec << ")";
+}
+
 void LoadNamedGeneric::PrintParams(std::ostream& os,
                                    MaglevGraphLabeller* graph_labeller) const {
   os << "(" << *name_.object() << ")";
@@ -7274,19 +7379,7 @@ void NodeBase::ClearUnstableNodeAspects(KnownNodeAspects& known_node_aspects) {
   DCHECK(properties().can_write());
   DCHECK(!IsSimpleFieldStore(opcode()));
   DCHECK(!IsElementsArrayWrite(opcode()));
-
-  if (v8_flags.trace_maglev_graph_building) {
-    std::cout << "  ! Clearing unstable node aspects" << std::endl;
-  }
-  known_node_aspects.ClearUnstableMaps();
-  // Side-effects can change object contents, so we have to clear
-  // our known loaded properties -- however, constant properties are known
-  // to not change (and we added a dependency on this), so we don't have to
-  // clear those.
-  known_node_aspects.loaded_properties.clear();
-  known_node_aspects.loaded_context_slots.clear();
-  known_node_aspects.may_have_aliasing_contexts =
-      KnownNodeAspects::ContextSlotLoadsAlias::None;
+  known_node_aspects.ClearUnstableNodeAspects();
 }
 
 void StoreMap::ClearUnstableNodeAspects(KnownNodeAspects& known_node_aspects) {
@@ -7333,6 +7426,10 @@ void MigrateMapIfNeeded::ClearUnstableNodeAspects(
   // themselves, so cached values are still valid.
 }
 
+template class AbstractLoadTaggedField<LoadTaggedField>;
+template class AbstractLoadTaggedField<LoadTaggedFieldForContextSlot>;
+template class AbstractLoadTaggedField<LoadTaggedFieldForProperty>;
+
 }  // namespace maglev
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/maglev/maglev-ir.h b/deps/v8/src/maglev/maglev-ir.h
index 944e8a66ae57a5..6c3d98f1ad5923 100644
--- a/deps/v8/src/maglev/maglev-ir.h
+++ b/deps/v8/src/maglev/maglev-ir.h
@@ -5,6 +5,8 @@
 #ifndef V8_MAGLEV_MAGLEV_IR_H_
 #define V8_MAGLEV_MAGLEV_IR_H_
 
+#include <optional>
+
 #include "src/base/bit-field.h"
 #include "src/base/bits.h"
 #include "src/base/bounds.h"
@@ -140,7 +142,8 @@ class ExceptionHandlerInfo;
   V(Uint32Constant)                 \
   V(RootConstant)                   \
   V(SmiConstant)                    \
-  V(TaggedIndexConstant)
+  V(TaggedIndexConstant)            \
+  V(TrustedConstant)
 
 #define INLINE_BUILTIN_NODE_LIST(V) \
   V(BuiltinStringFromCharCode)      \
@@ -165,7 +168,6 @@ class ExceptionHandlerInfo;
   V(Construct)                                      \
   V(CheckConstructResult)                           \
   V(CheckDerivedConstructResult)                    \
-  V(CheckNotHole)                                   \
   V(ConstructWithSpread)                            \
   V(ConvertReceiver)                                \
   V(ConvertHoleToUndefined)                         \
@@ -190,6 +192,8 @@ class ExceptionHandlerInfo;
   V(HasInPrototypeChain)                            \
   V(InitialValue)                                   \
   V(LoadTaggedField)                                \
+  V(LoadTaggedFieldForProperty)                     \
+  V(LoadTaggedFieldForContextSlot)                  \
   V(LoadDoubleField)                                \
   V(LoadTaggedFieldByFieldIndex)                    \
   V(LoadFixedArrayElement)                          \
@@ -287,61 +291,64 @@ class ExceptionHandlerInfo;
   V(ConstantGapMove)          \
   V(GapMove)
 
-#define NODE_LIST(V)                        \
-  V(AssertInt32)                            \
-  V(CheckConstTrackingLetCell)              \
-  V(CheckConstTrackingLetCellTagged)        \
-  V(CheckDynamicValue)                      \
-  V(CheckInt32IsSmi)                        \
-  V(CheckUint32IsSmi)                       \
-  V(CheckHoleyFloat64IsSmi)                 \
-  V(CheckHeapObject)                        \
-  V(CheckInt32Condition)                    \
-  V(CheckCacheIndicesNotCleared)            \
-  V(CheckFloat64IsNan)                      \
-  V(CheckJSDataViewBounds)                  \
-  V(CheckTypedArrayBounds)                  \
-  V(CheckTypedArrayNotDetached)             \
-  V(CheckMaps)                              \
-  V(CheckMapsWithMigration)                 \
-  V(CheckDetectableCallable)                \
-  V(CheckNumber)                            \
-  V(CheckSmi)                               \
-  V(CheckString)                            \
-  V(CheckSymbol)                            \
-  V(CheckValue)                             \
-  V(CheckValueEqualsInt32)                  \
-  V(CheckValueEqualsFloat64)                \
-  V(CheckValueEqualsString)                 \
-  V(CheckInstanceType)                      \
-  V(DebugBreak)                             \
-  V(FunctionEntryStackCheck)                \
-  V(GeneratorStore)                         \
-  V(TryOnStackReplacement)                  \
-  V(StoreMap)                               \
-  V(StoreDoubleField)                       \
-  V(StoreFixedArrayElementWithWriteBarrier) \
-  V(StoreFixedArrayElementNoWriteBarrier)   \
-  V(StoreFixedDoubleArrayElement)           \
-  V(StoreFloat64)                           \
-  V(StoreIntTypedArrayElement)              \
-  V(StoreDoubleTypedArrayElement)           \
-  V(StoreSignedIntDataViewElement)          \
-  V(StoreDoubleDataViewElement)             \
-  V(StoreTaggedFieldNoWriteBarrier)         \
-  V(StoreTaggedFieldWithWriteBarrier)       \
-  V(HandleNoHeapWritesInterrupt)            \
-  V(ReduceInterruptBudgetForLoop)           \
-  V(ReduceInterruptBudgetForReturn)         \
-  V(ThrowReferenceErrorIfHole)              \
-  V(ThrowSuperNotCalledIfHole)              \
-  V(ThrowSuperAlreadyCalledIfNotHole)       \
-  V(ThrowIfNotCallable)                     \
-  V(ThrowIfNotSuperConstructor)             \
-  V(TransitionElementsKind)                 \
-  V(TransitionElementsKindOrCheckMap)       \
-  V(SetContinuationPreservedEmbedderData)   \
-  GAP_MOVE_NODE_LIST(V)                     \
+#define NODE_LIST(V)                          \
+  V(AssertInt32)                              \
+  V(CheckConstTrackingLetCell)                \
+  V(CheckConstTrackingLetCellTagged)          \
+  V(CheckDynamicValue)                        \
+  V(CheckInt32IsSmi)                          \
+  V(CheckUint32IsSmi)                         \
+  V(CheckHoleyFloat64IsSmi)                   \
+  V(CheckHeapObject)                          \
+  V(CheckInt32Condition)                      \
+  V(CheckCacheIndicesNotCleared)              \
+  V(CheckFloat64IsNan)                        \
+  V(CheckJSDataViewBounds)                    \
+  V(CheckTypedArrayBounds)                    \
+  V(CheckTypedArrayNotDetached)               \
+  V(CheckMaps)                                \
+  V(CheckMapsWithMigration)                   \
+  V(CheckDetectableCallable)                  \
+  V(CheckNotHole)                             \
+  V(CheckNumber)                              \
+  V(CheckSmi)                                 \
+  V(CheckString)                              \
+  V(CheckSymbol)                              \
+  V(CheckValue)                               \
+  V(CheckValueEqualsInt32)                    \
+  V(CheckValueEqualsFloat64)                  \
+  V(CheckValueEqualsString)                   \
+  V(CheckInstanceType)                        \
+  V(Dead)                                     \
+  V(DebugBreak)                               \
+  V(FunctionEntryStackCheck)                  \
+  V(GeneratorStore)                           \
+  V(TryOnStackReplacement)                    \
+  V(StoreMap)                                 \
+  V(StoreDoubleField)                         \
+  V(StoreFixedArrayElementWithWriteBarrier)   \
+  V(StoreFixedArrayElementNoWriteBarrier)     \
+  V(StoreFixedDoubleArrayElement)             \
+  V(StoreFloat64)                             \
+  V(StoreIntTypedArrayElement)                \
+  V(StoreDoubleTypedArrayElement)             \
+  V(StoreSignedIntDataViewElement)            \
+  V(StoreDoubleDataViewElement)               \
+  V(StoreTaggedFieldNoWriteBarrier)           \
+  V(StoreTaggedFieldWithWriteBarrier)         \
+  V(StoreTrustedPointerFieldWithWriteBarrier) \
+  V(HandleNoHeapWritesInterrupt)              \
+  V(ReduceInterruptBudgetForLoop)             \
+  V(ReduceInterruptBudgetForReturn)           \
+  V(ThrowReferenceErrorIfHole)                \
+  V(ThrowSuperNotCalledIfHole)                \
+  V(ThrowSuperAlreadyCalledIfNotHole)         \
+  V(ThrowIfNotCallable)                       \
+  V(ThrowIfNotSuperConstructor)               \
+  V(TransitionElementsKind)                   \
+  V(TransitionElementsKindOrCheckMap)         \
+  V(SetContinuationPreservedEmbedderData)     \
+  GAP_MOVE_NODE_LIST(V)                       \
   VALUE_NODE_LIST(V)
 
 #define BRANCH_CONTROL_NODE_LIST(V) \
@@ -508,7 +515,8 @@ constexpr bool IsSimpleFieldStore(Opcode opcode) {
          opcode == Opcode::kUpdateJSArrayLength ||
          opcode == Opcode::kStoreFixedArrayElementWithWriteBarrier ||
          opcode == Opcode::kStoreFixedArrayElementNoWriteBarrier ||
-         opcode == Opcode::kStoreFixedDoubleArrayElement;
+         opcode == Opcode::kStoreFixedDoubleArrayElement ||
+         opcode == Opcode::kStoreTrustedPointerFieldWithWriteBarrier;
 }
 constexpr bool IsElementsArrayWrite(Opcode opcode) {
   return opcode == Opcode::kMaybeGrowFastElements ||
@@ -552,29 +560,35 @@ inline constexpr bool IsDoubleRepresentation(ValueRepresentation repr) {
  * Here is a diagram of the relations between the types, where (*) means that
  * they have the kAnyHeapObject bit set.
  *
- *    NumberOrOddball           JSReceiver*                 Name*
- *     /         \               /       \                  /    \
- *  Oddball*     Number      Callable* JSArray*     String*  Symbol*
- *    |          /    \                                |
+ *      NumberOrOddball
+ *       /     |      \
+ *      /      |       NumberOrBoolean
+ *      |      |   ___/  /
+ *      |      \ /      /
+ *      |       X      /         JSReceiver*                 Name*
+ *     /       / \    |          /       \                  /    \
+ *  Oddball*  /  Number      Callable* JSArray*     String*  Symbol*
+ *    |      /   /    \                                |
  *  Boolean*    Smi   HeapNumber*              InternalizedString*
  *
  */
 
-#define NODE_TYPE_LIST(V)                                  \
-  V(Unknown, 0)                                            \
-  V(NumberOrOddball, (1 << 1))                             \
-  V(Number, (1 << 2) | kNumberOrOddball)                   \
-  V(Smi, (1 << 4) | kNumber)                               \
-  V(AnyHeapObject, (1 << 5))                               \
-  V(Oddball, (1 << 6) | kAnyHeapObject | kNumberOrOddball) \
-  V(Boolean, (1 << 7) | kOddball)                          \
-  V(Name, (1 << 8) | kAnyHeapObject)                       \
-  V(String, (1 << 9) | kName)                              \
-  V(InternalizedString, (1 << 10) | kString)               \
-  V(Symbol, (1 << 11) | kName)                             \
-  V(JSReceiver, (1 << 12) | kAnyHeapObject)                \
-  V(JSArray, (1 << 13) | kJSReceiver)                      \
-  V(Callable, (1 << 14) | kJSReceiver)                     \
+#define NODE_TYPE_LIST(V)                                   \
+  V(Unknown, 0)                                             \
+  V(NumberOrOddball, (1 << 1))                              \
+  V(NumberOrBoolean, (1 << 2) | kNumberOrOddball)           \
+  V(Number, (1 << 3) | kNumberOrOddball | kNumberOrBoolean) \
+  V(Smi, (1 << 4) | kNumber)                                \
+  V(AnyHeapObject, (1 << 5))                                \
+  V(Oddball, (1 << 6) | kAnyHeapObject | kNumberOrOddball)  \
+  V(Boolean, (1 << 7) | kOddball | kNumberOrBoolean)        \
+  V(Name, (1 << 8) | kAnyHeapObject)                        \
+  V(String, (1 << 9) | kName)                               \
+  V(InternalizedString, (1 << 10) | kString)                \
+  V(Symbol, (1 << 11) | kName)                              \
+  V(JSReceiver, (1 << 12) | kAnyHeapObject)                 \
+  V(JSArray, (1 << 13) | kJSReceiver)                       \
+  V(Callable, (1 << 14) | kJSReceiver)                      \
   V(HeapNumber, kAnyHeapObject | kNumber)
 
 enum class NodeType : uint32_t {
@@ -596,11 +610,13 @@ inline bool NodeTypeIs(NodeType type, NodeType to_check) {
   return (static_cast<int>(type) & right) == right;
 }
 
-inline NodeType StaticTypeForMap(compiler::MapRef map) {
+inline NodeType StaticTypeForMap(compiler::MapRef map,
+                                 compiler::JSHeapBroker* broker) {
   if (map.IsHeapNumberMap()) return NodeType::kHeapNumber;
   if (map.IsInternalizedStringMap()) return NodeType::kInternalizedString;
   if (map.IsStringMap()) return NodeType::kString;
   if (map.IsJSArrayMap()) return NodeType::kJSArray;
+  if (map.IsBooleanMap(broker)) return NodeType::kBoolean;
   if (map.IsOddballMap()) return NodeType::kOddball;
   if (map.IsJSReceiverMap()) return NodeType::kJSReceiver;
   return NodeType::kAnyHeapObject;
@@ -609,7 +625,7 @@ inline NodeType StaticTypeForMap(compiler::MapRef map) {
 inline NodeType StaticTypeForConstant(compiler::JSHeapBroker* broker,
                                       compiler::ObjectRef ref) {
   if (ref.IsSmi()) return NodeType::kSmi;
-  return StaticTypeForMap(ref.AsHeapObject().map(broker));
+  return StaticTypeForMap(ref.AsHeapObject().map(broker), broker);
 }
 
 inline bool IsInstanceOfNodeType(compiler::MapRef map, NodeType type,
@@ -617,6 +633,8 @@ inline bool IsInstanceOfNodeType(compiler::MapRef map, NodeType type,
   switch (type) {
     case NodeType::kUnknown:
       return true;
+    case NodeType::kNumberOrBoolean:
+      return map.IsHeapNumberMap() || map.IsBooleanMap(broker);
     case NodeType::kNumberOrOddball:
       return map.IsHeapNumberMap() || map.IsOddballMap();
     case NodeType::kSmi:
@@ -629,8 +647,7 @@ inline bool IsInstanceOfNodeType(compiler::MapRef map, NodeType type,
     case NodeType::kOddball:
       return map.IsOddballMap();
     case NodeType::kBoolean:
-      return map.IsOddballMap() &&
-             map.oddball_type(broker) == compiler::OddballType::kBoolean;
+      return map.IsBooleanMap(broker);
     case NodeType::kName:
       return map.IsNameMap();
     case NodeType::kString:
@@ -696,6 +713,7 @@ inline bool NodeTypeMayBeNullOrUndefined(NodeType type) {
 
 enum class TaggedToFloat64ConversionType : uint8_t {
   kOnlyNumber,
+  kNumberOrBoolean,
   kNumberOrOddball,
 };
 
@@ -741,6 +759,8 @@ inline std::ostream& operator<<(
   switch (conversion_type) {
     case TaggedToFloat64ConversionType::kOnlyNumber:
       return os << "Number";
+    case TaggedToFloat64ConversionType::kNumberOrBoolean:
+      return os << "NumberOrBoolean";
     case TaggedToFloat64ConversionType::kNumberOrOddball:
       return os << "NumberOrOddball";
   }
@@ -793,8 +813,8 @@ NODE_BASE_LIST(DEF_FORWARD_DECLARATION)
 #undef DEF_FORWARD_DECLARATION
 
 using NodeIdT = uint32_t;
-static constexpr uint32_t kInvalidNodeId = 0;
-static constexpr uint32_t kFirstValidNodeId = 1;
+static constexpr NodeIdT kInvalidNodeId = 0;
+static constexpr NodeIdT kFirstValidNodeId = 1;
 
 // Represents either a direct BasicBlock pointer, or an entry in a list of
 // unresolved BasicBlockRefs which will be mutated (in place) at some point into
@@ -1034,6 +1054,10 @@ class OpProperties {
     return OpProperties(
         kValueRepresentationBits::encode(ValueRepresentation::kIntPtr));
   }
+  static constexpr OpProperties TrustedPointer() {
+    return OpProperties(
+        kValueRepresentationBits::encode(ValueRepresentation::kTagged));
+  }
   static constexpr OpProperties ConversionNode() {
     return OpProperties(kIsConversionBit::encode(true));
   }
@@ -1185,6 +1209,7 @@ class Input : public InputLocation {
  public:
   explicit Input(ValueNode* node) : node_(node) {}
   ValueNode* node() const { return node_; }
+  void clear();
 
  private:
   ValueNode* node_;
@@ -1785,23 +1810,14 @@ class NodeBase : public ZoneObject {
 
   template <typename RegisterT>
   RegListBase<RegisterT>& temporaries() {
-    if constexpr (std::is_same_v<RegisterT, Register>) {
-      return temporaries_;
-    } else {
-      return double_temporaries_;
-    }
+    return owner_or_temporaries_.temporaries<RegisterT>();
   }
-
-  RegList& general_temporaries() { return temporaries_; }
-  DoubleRegList& double_temporaries() { return double_temporaries_; }
+  RegList& general_temporaries() { return temporaries<Register>(); }
+  DoubleRegList& double_temporaries() { return temporaries<DoubleRegister>(); }
 
   template <typename RegisterT>
   void assign_temporaries(RegListBase<RegisterT> list) {
-    if constexpr (std::is_same_v<RegisterT, Register>) {
-      temporaries_ = list;
-    } else {
-      double_temporaries_ = list;
-    }
+    owner_or_temporaries_.temporaries<RegisterT>() = list;
   }
 
   enum class InputAllocationPolicy { kFixedRegister, kArbitraryRegister, kAny };
@@ -1883,7 +1899,7 @@ class NodeBase : public ZoneObject {
 
   void OverwriteWith(
       Opcode new_opcode,
-      base::Optional<OpProperties> maybe_new_properties = base::nullopt) {
+      std::optional<OpProperties> maybe_new_properties = std::nullopt) {
     OpProperties new_properties = maybe_new_properties.has_value()
                                       ? maybe_new_properties.value()
                                       : StaticPropertiesForOpcode(new_opcode);
@@ -1899,6 +1915,12 @@ class NodeBase : public ZoneObject {
   void ClearUnstableNodeAspects(KnownNodeAspects&);
   void ClearElementsProperties(KnownNodeAspects&);
 
+  void set_owner(BasicBlock* block) { owner_or_temporaries_ = block; }
+
+  BasicBlock* owner() const { return owner_or_temporaries_.owner(); }
+
+  void InitTemporaries() { owner_or_temporaries_.InitReglist(); }
+
  protected:
   explicit NodeBase(uint64_t bitfield) : bitfield_(bitfield) {}
 
@@ -1959,10 +1981,12 @@ class NodeBase : public ZoneObject {
 
   // Require that a specific register is free (and therefore clobberable) by the
   // entry into this node.
-  void RequireSpecificTemporary(Register reg) { temporaries_.set(reg); }
+  void RequireSpecificTemporary(Register reg) {
+    general_temporaries().set(reg);
+  }
 
   void RequireSpecificDoubleTemporary(DoubleRegister reg) {
-    double_temporaries_.set(reg);
+    double_temporaries().set(reg);
   }
 
  private:
@@ -2052,8 +2076,63 @@ class NodeBase : public ZoneObject {
 
   uint64_t bitfield_;
   NodeIdT id_ = kInvalidNodeId;
-  RegList temporaries_;
-  DoubleRegList double_temporaries_;
+
+  struct OwnerOrTemporaries {
+    BasicBlock* owner() const {
+      DCHECK_NE(store_.owner_, nullptr);
+      DCHECK_EQ(state_, State::kOwner);
+      return store_.owner_;
+    }
+
+    template <typename RegisterT>
+    RegListBase<RegisterT>& temporaries() {
+      DCHECK_EQ(state_, State::kReglist);
+      if constexpr (std::is_same_v<RegisterT, Register>) {
+        return store_.regs_.temporaries_;
+      } else {
+        return store_.regs_.double_temporaries_;
+      }
+    }
+
+    BasicBlock* operator=(BasicBlock* owner) {
+#ifdef DEBUG
+      DCHECK(state_ == State::kNull || state_ == State::kOwner);
+      state_ = State::kOwner;
+#endif
+      return store_.owner_ = owner;
+    }
+
+    void InitReglist() {
+#ifdef DEBUG
+      DCHECK(state_ == State::kNull || state_ == State::kOwner);
+      state_ = State::kReglist;
+#endif
+      store_.regs_.temporaries_ = RegList();
+      store_.regs_.double_temporaries_ = DoubleRegList();
+    }
+
+   private:
+    struct Regs {
+      RegList temporaries_;
+      DoubleRegList double_temporaries_;
+    };
+    union Store {
+      Store() : owner_(nullptr) {}
+      BasicBlock* owner_;
+      Regs regs_;
+    };
+    Store store_;
+#ifdef DEBUG
+    enum class State{
+        kNull,
+        kOwner,
+        kReglist,
+    };
+    State state_ = State::kNull;
+#endif
+  };
+
+  OwnerOrTemporaries owner_or_temporaries_;
 
   NodeBase() = delete;
   NodeBase(const NodeBase&) = delete;
@@ -3895,11 +3974,17 @@ class CheckedNumberOrOddballToFloat64
     return TaggedToFloat64ConversionTypeOffset::decode(bitfield());
   }
 
+  DeoptimizeReason deoptimize_reason() const {
+    return conversion_type() == TaggedToFloat64ConversionType::kNumberOrBoolean
+               ? DeoptimizeReason::kNotANumberOrBoolean
+               : DeoptimizeReason::kNotANumberOrOddball;
+  }
+
   auto options() const { return std::tuple{conversion_type()}; }
 
  private:
   using TaggedToFloat64ConversionTypeOffset =
-      NextBitField<TaggedToFloat64ConversionType, 1>;
+      NextBitField<TaggedToFloat64ConversionType, 2>;
 };
 
 class UncheckedNumberOrOddballToFloat64
@@ -3931,7 +4016,7 @@ class UncheckedNumberOrOddballToFloat64
 
  private:
   using TaggedToFloat64ConversionTypeOffset =
-      NextBitField<TaggedToFloat64ConversionType, 1>;
+      NextBitField<TaggedToFloat64ConversionType, 2>;
 };
 
 class CheckedHoleyFloat64ToFloat64
@@ -4018,7 +4103,7 @@ class TruncateNumberOrOddballToInt32
 
  private:
   using TaggedToFloat64ConversionTypeOffset =
-      NextBitField<TaggedToFloat64ConversionType, 1>;
+      NextBitField<TaggedToFloat64ConversionType, 2>;
 };
 
 class CheckedTruncateNumberOrOddballToInt32
@@ -4050,7 +4135,7 @@ class CheckedTruncateNumberOrOddballToInt32
 
  private:
   using TaggedToFloat64ConversionTypeOffset =
-      NextBitField<TaggedToFloat64ConversionType, 1>;
+      NextBitField<TaggedToFloat64ConversionType, 2>;
 };
 
 class LogicalNot : public FixedInputValueNodeT<1, LogicalNot> {
@@ -4818,6 +4903,35 @@ class RootConstant : public FixedInputValueNodeT<0, RootConstant> {
   const RootIndex index_;
 };
 
+class TrustedConstant : public FixedInputValueNodeT<0, TrustedConstant> {
+  using Base = FixedInputValueNodeT<0, TrustedConstant>;
+
+ public:
+  using OutputRegister = Register;
+
+  explicit TrustedConstant(uint64_t bitfield, compiler::HeapObjectRef object,
+                           IndirectPointerTag tag)
+      : Base(bitfield), object_(object), tag_(tag) {}
+
+  static constexpr OpProperties kProperties = OpProperties::TrustedPointer();
+
+  bool ToBoolean(LocalIsolate* local_isolate) const { UNREACHABLE(); }
+
+  void SetValueLocationConstraints();
+  void GenerateCode(MaglevAssembler*, const ProcessingState&);
+  void PrintParams(std::ostream&, MaglevGraphLabeller*) const;
+
+  compiler::HeapObjectRef object() const { return object_; }
+  IndirectPointerTag tag() const { return tag_; }
+
+  void DoLoadToRegister(MaglevAssembler*, OutputRegister);
+  Handle<Object> DoReify(LocalIsolate* isolate) const;
+
+ private:
+  const compiler::HeapObjectRef object_;
+  const IndirectPointerTag tag_;
+};
+
 class CreateArrayLiteral : public FixedInputValueNodeT<0, CreateArrayLiteral> {
   using Base = FixedInputValueNodeT<0, CreateArrayLiteral>;
 
@@ -5000,7 +5114,7 @@ class VirtualObject : public FixedInputValueNodeT<0, VirtualObject> {
   void GenerateCode(MaglevAssembler*, const ProcessingState&) { UNREACHABLE(); }
   void PrintParams(std::ostream&, MaglevGraphLabeller*) const;
 
-  size_t InputLocationSizeNeeded() const;
+  size_t InputLocationSizeNeeded(VirtualObject::List) const;
 
   compiler::MapRef map() const { return map_; }
   Type type() const { return type_; }
@@ -5629,6 +5743,9 @@ class AssertInt32 : public FixedInputNodeT<2, AssertInt32> {
 
   auto options() const { return std::tuple{condition_, reason_}; }
 
+  AssertCondition condition() const { return condition_; }
+  AbortReason reason() const { return reason_; }
+
  private:
   AssertCondition condition_;
   AbortReason reason_;
@@ -6324,6 +6441,20 @@ class DebugBreak : public FixedInputNodeT<0, DebugBreak> {
   void PrintParams(std::ostream&, MaglevGraphLabeller*) const {}
 };
 
+class Dead : public NodeT<Dead> {
+  using Base = NodeT<Dead>;
+
+ public:
+  void SetValueLocationConstraints() {}
+  void GenerateCode(MaglevAssembler*, const ProcessingState&) { UNREACHABLE(); }
+  void PrintParams(std::ostream&, MaglevGraphLabeller*) const {}
+  void VerifyInputs(MaglevGraphLabeller*) const {}
+  void MarkTaggedInputsAsDecompressing() { UNREACHABLE(); }
+
+ private:
+  explicit Dead(uint64_t bitfield) : Base(bitfield) {}
+};
+
 class FunctionEntryStackCheck
     : public FixedInputNodeT<0, FunctionEntryStackCheck> {
   using Base = FixedInputNodeT<0, FunctionEntryStackCheck>;
@@ -6703,11 +6834,13 @@ class PolymorphicAccessInfo {
   };
 };
 
-class LoadTaggedField : public FixedInputValueNodeT<1, LoadTaggedField> {
-  using Base = FixedInputValueNodeT<1, LoadTaggedField>;
+template <typename Derived = LoadTaggedField>
+class AbstractLoadTaggedField : public FixedInputValueNodeT<1, Derived> {
+  using Base = FixedInputValueNodeT<1, Derived>;
+  using Base::result;
 
  public:
-  explicit LoadTaggedField(uint64_t bitfield, const int offset)
+  explicit AbstractLoadTaggedField(uint64_t bitfield, const int offset)
       : Base(bitfield), offset_(offset) {}
 
   static constexpr OpProperties kProperties = OpProperties::CanRead();
@@ -6716,6 +6849,7 @@ class LoadTaggedField : public FixedInputValueNodeT<1, LoadTaggedField> {
 
   int offset() const { return offset_; }
 
+  using Base::input;
   static constexpr int kObjectIndex = 0;
   Input& object_input() { return input(kObjectIndex); }
 
@@ -6725,10 +6859,45 @@ class LoadTaggedField : public FixedInputValueNodeT<1, LoadTaggedField> {
 
   auto options() const { return std::tuple{offset()}; }
 
+  using Base::decompresses_tagged_result;
+
  private:
   const int offset_;
 };
 
+class LoadTaggedField : public AbstractLoadTaggedField<LoadTaggedField> {
+  using Base = AbstractLoadTaggedField<LoadTaggedField>;
+
+ public:
+  explicit LoadTaggedField(uint64_t bitfield, const int offset)
+      : Base(bitfield, offset) {}
+};
+
+class LoadTaggedFieldForProperty
+    : public AbstractLoadTaggedField<LoadTaggedFieldForProperty> {
+  using Base = AbstractLoadTaggedField<LoadTaggedFieldForProperty>;
+
+ public:
+  explicit LoadTaggedFieldForProperty(uint64_t bitfield, const int offset,
+                                      compiler::NameRef name)
+      : Base(bitfield, offset), name_(name) {}
+  compiler::NameRef name() { return name_; }
+
+  auto options() const { return std::tuple{offset(), name_}; }
+
+ private:
+  compiler::NameRef name_;
+};
+
+class LoadTaggedFieldForContextSlot
+    : public AbstractLoadTaggedField<LoadTaggedFieldForContextSlot> {
+  using Base = AbstractLoadTaggedField<LoadTaggedFieldForContextSlot>;
+
+ public:
+  explicit LoadTaggedFieldForContextSlot(uint64_t bitfield, const int offset)
+      : Base(bitfield, offset) {}
+};
+
 class LoadDoubleField : public FixedInputValueNodeT<1, LoadDoubleField> {
   using Base = FixedInputValueNodeT<1, LoadDoubleField>;
 
@@ -6858,6 +7027,8 @@ class ExtendPropertiesBackingStore
   void GenerateCode(MaglevAssembler*, const ProcessingState&);
   void PrintParams(std::ostream&, MaglevGraphLabeller*) const;
 
+  int old_length() const { return old_length_; }
+
  private:
   const int old_length_;
 };
@@ -7494,6 +7665,55 @@ class StoreTaggedFieldWithWriteBarrier
   const int offset_;
 };
 
+class StoreTrustedPointerFieldWithWriteBarrier
+    : public FixedInputNodeT<2, StoreTrustedPointerFieldWithWriteBarrier> {
+  using Base = FixedInputNodeT<2, StoreTrustedPointerFieldWithWriteBarrier>;
+
+ public:
+  explicit StoreTrustedPointerFieldWithWriteBarrier(uint64_t bitfield,
+                                                    int offset,
+                                                    IndirectPointerTag tag,
+                                                    StoreTaggedMode store_mode)
+      : Base(bitfield | InitializingOrTransitioningField::encode(
+                            IsInitializingOrTransitioning(store_mode))),
+        offset_(offset),
+        tag_(tag) {}
+
+  static constexpr OpProperties kProperties =
+      OpProperties::CanWrite() | OpProperties::DeferredCall();
+  static constexpr typename Base::InputTypes kInputTypes{
+      ValueRepresentation::kTagged, ValueRepresentation::kTagged};
+
+  int offset() const { return offset_; }
+  IndirectPointerTag tag() const { return tag_; }
+  bool initializing_or_transitioning() const {
+    return InitializingOrTransitioningField::decode(bitfield());
+  }
+
+  static constexpr int kObjectIndex = 0;
+  static constexpr int kValueIndex = 1;
+  Input& object_input() { return input(kObjectIndex); }
+  Input& value_input() { return input(kValueIndex); }
+
+#ifdef V8_COMPRESS_POINTERS
+  void MarkTaggedInputsAsDecompressing() {
+    object_input().node()->SetTaggedResultNeedsDecompress();
+    // value is never compressed.
+  }
+#endif
+
+  int MaxCallStackArgs() const;
+  void SetValueLocationConstraints();
+  void GenerateCode(MaglevAssembler*, const ProcessingState&);
+  void PrintParams(std::ostream&, MaglevGraphLabeller*) const;
+
+ private:
+  using InitializingOrTransitioningField = NextBitField<bool, 1>;
+
+  const int offset_;
+  const IndirectPointerTag tag_;
+};
+
 class LoadGlobal : public FixedInputValueNodeT<1, LoadGlobal> {
   using Base = FixedInputValueNodeT<1, LoadGlobal>;
 
@@ -8099,7 +8319,7 @@ class Phi : public ValueNodeT<Phi> {
   void promote_post_loop_type() {
     DCHECK(!has_key());
     DCHECK(is_unmerged_loop_phi());
-    DCHECK_EQ(type_, NodeType::kUnknown);
+    DCHECK(NodeTypeIs(post_loop_type_, type_));
     type_ = post_loop_type_;
   }
 
@@ -8398,7 +8618,7 @@ class CallBuiltin : public ValueNodeT<CallBuiltin> {
   void PushFeedbackAndArguments(MaglevAssembler*);
 
   Builtin builtin_;
-  base::Optional<compiler::FeedbackSource> feedback_;
+  std::optional<compiler::FeedbackSource> feedback_;
   FeedbackSlotType slot_type_ = kTaggedIndex;
 };
 
@@ -9018,8 +9238,8 @@ class CheckDerivedConstructResult
   void PrintParams(std::ostream&, MaglevGraphLabeller*) const {}
 };
 
-class CheckNotHole : public FixedInputValueNodeT<1, CheckNotHole> {
-  using Base = FixedInputValueNodeT<1, CheckNotHole>;
+class CheckNotHole : public FixedInputNodeT<1, CheckNotHole> {
+  using Base = FixedInputNodeT<1, CheckNotHole>;
 
  public:
   explicit CheckNotHole(uint64_t bitfield) : Base(bitfield) {}
@@ -9617,7 +9837,7 @@ class Switch : public FixedInputNodeTMixin<1, ConditionalControlNode, Switch> {
   const int value_base_;
   BasicBlockRef* targets_;
   const int size_;
-  base::Optional<BasicBlockRef> fallthrough_;
+  std::optional<BasicBlockRef> fallthrough_;
 };
 
 class BranchIfSmi : public BranchControlNodeT<1, BranchIfSmi> {
diff --git a/deps/v8/src/maglev/maglev-phi-representation-selector.cc b/deps/v8/src/maglev/maglev-phi-representation-selector.cc
index 21952ebd089860..7785d0fa7e4c9d 100644
--- a/deps/v8/src/maglev/maglev-phi-representation-selector.cc
+++ b/deps/v8/src/maglev/maglev-phi-representation-selector.cc
@@ -4,6 +4,8 @@
 
 #include "src/maglev/maglev-phi-representation-selector.h"
 
+#include <optional>
+
 #include "src/base/enum-set.h"
 #include "src/base/logging.h"
 #include "src/base/small-vector.h"
@@ -24,7 +26,8 @@ namespace maglev {
     }                                             \
   } while (false)
 
-void MaglevPhiRepresentationSelector::PreProcessBasicBlock(BasicBlock* block) {
+BlockProcessResult MaglevPhiRepresentationSelector::PreProcessBasicBlock(
+    BasicBlock* block) {
   MergeNewNodesInBlock(current_block_);
   PreparePhiTaggings(current_block_, block);
   current_block_ = block;
@@ -60,6 +63,8 @@ void MaglevPhiRepresentationSelector::PreProcessBasicBlock(BasicBlock* block) {
       }
     }
   }
+
+  return BlockProcessResult::kContinue;
 }
 
 bool MaglevPhiRepresentationSelector::CanHoistUntaggingTo(BasicBlock* block) {
@@ -889,7 +894,7 @@ ProcessResult MaglevPhiRepresentationSelector::UpdateNodePhiInput(
 
 ValueNode* MaglevPhiRepresentationSelector::EnsurePhiTagged(
     Phi* phi, BasicBlock* block, NewNodePosition pos,
-    base::Optional<int> predecessor_index) {
+    std::optional<int> predecessor_index) {
   if (phi->value_representation() == ValueRepresentation::kTagged) {
     return phi;
   }
diff --git a/deps/v8/src/maglev/maglev-phi-representation-selector.h b/deps/v8/src/maglev/maglev-phi-representation-selector.h
index 5c93a3a351b8db..f54d6a2e62ec46 100644
--- a/deps/v8/src/maglev/maglev-phi-representation-selector.h
+++ b/deps/v8/src/maglev/maglev-phi-representation-selector.h
@@ -5,6 +5,8 @@
 #ifndef V8_MAGLEV_MAGLEV_PHI_REPRESENTATION_SELECTOR_H_
 #define V8_MAGLEV_MAGLEV_PHI_REPRESENTATION_SELECTOR_H_
 
+#include <optional>
+
 #include "src/base/small-vector.h"
 #include "src/compiler/turboshaft/snapshot-table.h"
 #include "src/maglev/maglev-compilation-info.h"
@@ -43,7 +45,8 @@ class MaglevPhiRepresentationSelector {
       StdoutStream{} << "\n";
     }
   }
-  void PreProcessBasicBlock(BasicBlock* block);
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block);
+  void PostPhiProcessing() {}
 
   enum ProcessPhiResult { kNone, kRetryOnChange, kChanged };
   ProcessPhiResult ProcessPhi(Phi* node);
@@ -59,6 +62,10 @@ class MaglevPhiRepresentationSelector {
     return ProcessResult::kContinue;
   }
 
+  ProcessResult Process(Dead* node, const ProcessingState& state) {
+    return ProcessResult::kRemove;
+  }
+
   template <class NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
     return UpdateNodeInputs(node, state);
@@ -183,7 +190,7 @@ class MaglevPhiRepresentationSelector {
   // of the current block.
   ValueNode* EnsurePhiTagged(
       Phi* phi, BasicBlock* block, NewNodePosition pos,
-      base::Optional<int> predecessor_index = base::nullopt);
+      std::optional<int> predecessor_index = std::nullopt);
 
   ValueNode* AddNode(ValueNode* node, BasicBlock* block, NewNodePosition pos,
                      DeoptFrame* deopt_frame = nullptr);
diff --git a/deps/v8/src/maglev/maglev-post-hoc-optimizations-processors.h b/deps/v8/src/maglev/maglev-post-hoc-optimizations-processors.h
index 8b708dd9007cac..101cfe05c1901b 100644
--- a/deps/v8/src/maglev/maglev-post-hoc-optimizations-processors.h
+++ b/deps/v8/src/maglev/maglev-post-hoc-optimizations-processors.h
@@ -5,26 +5,180 @@
 #ifndef V8_MAGLEV_MAGLEV_POST_HOC_OPTIMIZATIONS_PROCESSORS_H_
 #define V8_MAGLEV_MAGLEV_POST_HOC_OPTIMIZATIONS_PROCESSORS_H_
 
+#include "src/compiler/heap-refs.h"
 #include "src/maglev/maglev-compilation-info.h"
+#include "src/maglev/maglev-graph-builder.h"
 #include "src/maglev/maglev-graph-printer.h"
 #include "src/maglev/maglev-graph-processor.h"
 #include "src/maglev/maglev-graph.h"
+#include "src/maglev/maglev-interpreter-frame-state.h"
 #include "src/maglev/maglev-ir.h"
+#include "src/objects/js-function.h"
 
 namespace v8::internal::maglev {
 
+// Optimizations involving loops which cannot be done at graph building time.
+// Currently mainly loop invariant code motion.
+class LoopOptimizationProcessor {
+ public:
+  explicit LoopOptimizationProcessor(MaglevGraphBuilder* builder)
+      : zone(builder->zone()) {
+    was_deoptimized =
+        builder->compilation_unit()->feedback().was_once_deoptimized();
+  }
+
+  void PreProcessGraph(Graph* graph) {}
+  void PostPhiProcessing() {}
+
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    current_block = block;
+    if (current_block->is_loop()) {
+      loop_effects = current_block->state()->loop_effects();
+      if (loop_effects) return BlockProcessResult::kContinue;
+    } else {
+      // TODO(olivf): Some dominance analysis would allow us to keep loop
+      // effects longer than just the first block of the loop.
+      loop_effects = nullptr;
+    }
+    return BlockProcessResult::kSkip;
+  }
+
+  bool IsLoopPhi(Node* input) {
+    DCHECK(current_block->is_loop());
+    if (auto phi = input->TryCast<Phi>()) {
+      if (phi->is_loop_phi() && phi->merge_state() == current_block->state()) {
+        return true;
+      }
+    }
+    return false;
+  }
+
+  bool CanHoist(Node* candidate) {
+    DCHECK_EQ(candidate->input_count(), 1);
+    DCHECK(current_block->is_loop());
+    ValueNode* input = candidate->input(0).node();
+    DCHECK(!IsLoopPhi(input));
+    // For hoisting an instruction we need:
+    // * A unique loop entry block.
+    // * Inputs live before the loop (i.e., not defined inside the loop).
+    // * No hoisting over checks (done eagerly by clearing loop_effects).
+    // TODO(olivf): We should enforce loops having a unique entry block at graph
+    // building time.
+    if (current_block->predecessor_count() != 2) return false;
+    BasicBlock* loop_entry = current_block->predecessor_at(0);
+    if (loop_entry->successors().size() != 1) {
+      return false;
+    }
+    if (IsConstantNode(input->opcode())) return true;
+    return input->owner() != current_block;
+  }
+
+  ProcessResult Process(LoadTaggedFieldForContextSlot* ltf,
+                        const ProcessingState& state) {
+    DCHECK(loop_effects);
+    ValueNode* object = ltf->object_input().node();
+    if (IsLoopPhi(object)) {
+      return ProcessResult::kContinue;
+    }
+    auto key = std::tuple{object, ltf->offset()};
+    if (!loop_effects->may_have_aliasing_contexts &&
+        !loop_effects->unstable_aspects_cleared &&
+        !loop_effects->context_slot_written.count(key) && CanHoist(ltf)) {
+      return ProcessResult::kHoist;
+    }
+    return ProcessResult::kContinue;
+  }
+
+  ProcessResult Process(LoadTaggedFieldForProperty* ltf,
+                        const ProcessingState& state) {
+    return ProcessNamedLoad(ltf, ltf->object_input().node(), ltf->name());
+  }
+
+  ProcessResult Process(StringLength* len, const ProcessingState& state) {
+    return ProcessNamedLoad(
+        len, len->object_input().node(),
+        KnownNodeAspects::LoadedPropertyMapKey::StringLength());
+  }
+
+  ProcessResult Process(LoadTypedArrayLength* len,
+                        const ProcessingState& state) {
+    return ProcessNamedLoad(
+        len, len->receiver_input().node(),
+        KnownNodeAspects::LoadedPropertyMapKey::TypedArrayLength());
+  }
+
+  ProcessResult ProcessNamedLoad(Node* load, ValueNode* object,
+                                 KnownNodeAspects::LoadedPropertyMapKey name) {
+    DCHECK(!load->properties().can_deopt());
+    if (!loop_effects) return ProcessResult::kContinue;
+    if (IsLoopPhi(object)) {
+      return ProcessResult::kContinue;
+    }
+    if (!loop_effects->unstable_aspects_cleared &&
+        !loop_effects->keys_cleared.count(name) &&
+        !loop_effects->objects_written.count(object) && CanHoist(load)) {
+      return ProcessResult::kHoist;
+    }
+    return ProcessResult::kContinue;
+  }
+
+  ProcessResult Process(CheckMaps* maps, const ProcessingState& state) {
+    DCHECK(loop_effects);
+    // Conservatively not hoist map checks if we ever deoptimized this function
+    // to avoid deopt loops.
+    if (was_deoptimized) return ProcessResult::kContinue;
+    ValueNode* object = maps->receiver_input().node();
+    if (IsLoopPhi(object)) {
+      return ProcessResult::kContinue;
+    }
+    if (!loop_effects->unstable_aspects_cleared && CanHoist(maps)) {
+      if (auto j = current_block->predecessor_at(0)
+                       ->control_node()
+                       ->TryCast<CheckpointedJump>()) {
+        maps->SetEagerDeoptInfo(zone, j->eager_deopt_info()->top_frame(),
+                                maps->eager_deopt_info()->feedback_to_update());
+      } else {
+        return ProcessResult::kContinue;
+      }
+      return ProcessResult::kHoist;
+    }
+    return ProcessResult::kContinue;
+  }
+
+  template <typename NodeT>
+  ProcessResult Process(NodeT* node, const ProcessingState& state) {
+    // Ensure we are not hoisting over checks.
+    if (node->properties().can_eager_deopt()) {
+      loop_effects = nullptr;
+      return ProcessResult::kSkipBlock;
+    }
+    return ProcessResult::kContinue;
+  }
+
+  void PostProcessGraph(Graph* graph) {}
+
+  Zone* zone;
+  BasicBlock* current_block;
+  const LoopEffects* loop_effects;
+  bool was_deoptimized;
+};
+
 template <typename NodeT>
 constexpr bool CanBeStoreToNonEscapedObject() {
   return std::is_same_v<NodeT, StoreMap> ||
          std::is_same_v<NodeT, StoreTaggedFieldWithWriteBarrier> ||
          std::is_same_v<NodeT, StoreTaggedFieldNoWriteBarrier> ||
+         std::is_same_v<NodeT, StoreTrustedPointerFieldWithWriteBarrier> ||
          std::is_same_v<NodeT, StoreFloat64>;
 }
 
 class AnyUseMarkingProcessor {
  public:
   void PreProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
   template <typename NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
@@ -48,6 +202,12 @@ class AnyUseMarkingProcessor {
     return ProcessResult::kContinue;
   }
 
+#ifdef DEBUG
+  ProcessResult Process(Dead* node, const ProcessingState& state) {
+    UNREACHABLE();
+  }
+#endif  // DEBUG
+
   void PostProcessGraph(Graph* graph) {
     RunEscapeAnalysis(graph);
     DropUseOfValueInStoresToCapturedAllocations();
@@ -57,17 +217,18 @@ class AnyUseMarkingProcessor {
   std::vector<Node*> stores_to_allocations_;
 
   void EscapeAllocation(Graph* graph, InlinedAllocation* alloc,
-                        Graph::AllocationDependencies& deps) {
+                        Graph::SmallAllocationVector& deps) {
     if (alloc->HasBeenAnalysed() && alloc->HasEscaped()) return;
     alloc->SetEscaped();
     for (auto dep : deps) {
-      EscapeAllocation(graph, dep, graph->allocations().find(dep)->second);
+      EscapeAllocation(graph, dep,
+                       graph->allocations_escape_map().find(dep)->second);
     }
   }
 
   void VerifyEscapeAnalysis(Graph* graph) {
 #ifdef DEBUG
-    for (auto it : graph->allocations()) {
+    for (auto it : graph->allocations_escape_map()) {
       auto alloc = it.first;
       DCHECK(alloc->HasBeenAnalysed());
       if (alloc->HasEscaped()) {
@@ -80,7 +241,7 @@ class AnyUseMarkingProcessor {
   }
 
   void RunEscapeAnalysis(Graph* graph) {
-    for (auto it : graph->allocations()) {
+    for (auto it : graph->allocations_escape_map()) {
       auto alloc = it.first;
       if (alloc->HasBeenAnalysed()) continue;
       // Check if all its uses are non escaping.
@@ -143,7 +304,10 @@ class DeadNodeSweepingProcessor {
 
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
   ProcessResult Process(AllocationBlock* node, const ProcessingState& state) {
     // Note: this need to be done before ValueLocationConstraintProcessor, since
diff --git a/deps/v8/src/maglev/maglev-pre-regalloc-codegen-processors.h b/deps/v8/src/maglev/maglev-pre-regalloc-codegen-processors.h
index ac60c98d7b3e99..0e514c7fe3b77e 100644
--- a/deps/v8/src/maglev/maglev-pre-regalloc-codegen-processors.h
+++ b/deps/v8/src/maglev/maglev-pre-regalloc-codegen-processors.h
@@ -17,10 +17,14 @@ class ValueLocationConstraintProcessor {
  public:
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
 #define DEF_PROCESS_NODE(NAME)                                      \
   ProcessResult Process(NAME* node, const ProcessingState& state) { \
+    node->InitTemporaries();                                        \
     node->SetValueLocationConstraints();                            \
     return ProcessResult::kContinue;                                \
   }
@@ -32,7 +36,10 @@ class DecompressedUseMarkingProcessor {
  public:
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) {}
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
   template <typename NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
@@ -50,7 +57,10 @@ class MaxCallDepthProcessor {
     graph->set_max_call_stack_args(max_call_stack_args_);
     graph->set_max_deopted_stack_size(max_deopted_stack_size_);
   }
-  void PreProcessBasicBlock(BasicBlock* block) {}
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    return BlockProcessResult::kContinue;
+  }
+  void PostPhiProcessing() {}
 
   template <typename NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
@@ -137,13 +147,15 @@ class LiveRangeAndNextUseProcessor {
 
   void PreProcessGraph(Graph* graph) {}
   void PostProcessGraph(Graph* graph) { DCHECK(loop_used_nodes_.empty()); }
-  void PreProcessBasicBlock(BasicBlock* block) {
-    if (!block->has_state()) return;
+  BlockProcessResult PreProcessBasicBlock(BasicBlock* block) {
+    if (!block->has_state()) return BlockProcessResult::kContinue;
     if (block->state()->is_loop()) {
       loop_used_nodes_.push_back(
           LoopUsedNodes{{}, kInvalidNodeId, kInvalidNodeId, block});
     }
+    return BlockProcessResult::kContinue;
   }
+  void PostPhiProcessing() {}
 
   template <typename NodeT>
   ProcessResult Process(NodeT* node, const ProcessingState& state) {
diff --git a/deps/v8/src/maglev/maglev-regalloc.cc b/deps/v8/src/maglev/maglev-regalloc.cc
index 37954cbd8457df..d21bc5128b9b8d 100644
--- a/deps/v8/src/maglev/maglev-regalloc.cc
+++ b/deps/v8/src/maglev/maglev-regalloc.cc
@@ -393,6 +393,10 @@ void StraightForwardRegisterAllocator::AllocateRegisters() {
     constant->SetConstantLocation();
     USE(address);
   }
+  for (const auto& [ref, constant] : graph_->trusted_constants()) {
+    constant->SetConstantLocation();
+    USE(ref);
+  }
 
   for (block_it_ = graph_->begin(); block_it_ != graph_->end(); ++block_it_) {
     BasicBlock* block = *block_it_;
@@ -1174,6 +1178,7 @@ void StraightForwardRegisterAllocator::AddMoveBeforeCurrentNode(
         Node::New<GapMove>(compilation_info_->zone(), 0,
                            compiler::AllocatedOperand::cast(source), target);
   }
+  gap_move->InitTemporaries();
   if (compilation_info_->has_graph_labeller()) {
     graph_labeller()->RegisterNode(gap_move);
   }
diff --git a/deps/v8/src/maglev/s390/maglev-assembler-s390-inl.h b/deps/v8/src/maglev/s390/maglev-assembler-s390-inl.h
index e5ec06985debeb..76d0006bddc4c2 100644
--- a/deps/v8/src/maglev/s390/maglev-assembler-s390-inl.h
+++ b/deps/v8/src/maglev/s390/maglev-assembler-s390-inl.h
@@ -40,50 +40,57 @@ inline int ShiftFromScale(int n) {
   }
 }
 
-class MaglevAssembler::ScratchRegisterScope {
+class MaglevAssembler::TemporaryRegisterScope
+    : public TemporaryRegisterScopeBase<TemporaryRegisterScope> {
+  using Base = TemporaryRegisterScopeBase<TemporaryRegisterScope>;
+
  public:
-  explicit ScratchRegisterScope(MaglevAssembler* masm)
-      : wrapped_scope_(masm),
-        masm_(masm),
-        prev_scope_(masm->scratch_register_scope_) {
-    masm_->scratch_register_scope_ = this;
+  struct SavedData : public Base::SavedData {
+    RegList available_scratch_;
+    DoubleRegList available_fp_scratch_;
+  };
+
+  explicit TemporaryRegisterScope(MaglevAssembler* masm)
+      : Base(masm), scratch_scope_(masm) {
     if (prev_scope_ == nullptr) {
       // Add extra scratch register if no previous scope.
-      // wrapped_scope_.Include(kMaglevExtraScratchRegister);
+      // scratch_scope_.Include(kMaglevExtraScratchRegister);
     }
   }
-
-  ~ScratchRegisterScope() { masm_->scratch_register_scope_ = prev_scope_; }
-
-  void ResetToDefault() {
-    SetAvailable(Assembler::DefaultTmpList());
-    SetAvailableDouble(Assembler::DefaultFPTmpList());
+  explicit TemporaryRegisterScope(MaglevAssembler* masm,
+                                  const SavedData& saved_data)
+      : Base(masm, saved_data), scratch_scope_(masm) {
+    scratch_scope_.SetAvailable(saved_data.available_scratch_);
+    scratch_scope_.SetAvailableDoubleRegList(saved_data.available_fp_scratch_);
   }
 
-  Register GetDefaultScratchRegister() { return Acquire(); }
-  DoubleRegister GetDefaultScratchDoubleRegister() { return AcquireDouble(); }
-
-  Register Acquire() { return wrapped_scope_.Acquire(); }
-  void Include(Register reg) { wrapped_scope_.Include(reg); }
-  void Include(const RegList list) { wrapped_scope_.Include(list); }
-
-  DoubleRegister AcquireDouble() { return wrapped_scope_.AcquireDouble(); }
-  void IncludeDouble(const DoubleRegList list) { wrapped_scope_.Include(list); }
-
-  RegList Available() { return wrapped_scope_.Available(); }
-  void SetAvailable(RegList list) { wrapped_scope_.SetAvailable(list); }
-
-  DoubleRegList AvailableDouble() {
-    return wrapped_scope_.AvailableDoubleRegList();
+  Register AcquireScratch() {
+    Register reg = scratch_scope_.Acquire();
+    CHECK(!available_.has(reg));
+    return reg;
+  }
+  DoubleRegister AcquireScratchDouble() {
+    DoubleRegister reg = scratch_scope_.AcquireDouble();
+    CHECK(!available_double_.has(reg));
+    return reg;
+  }
+  void IncludeScratch(Register reg) { scratch_scope_.Include(reg); }
+
+  SavedData CopyForDefer() {
+    return SavedData{
+        CopyForDeferBase(),
+        scratch_scope_.Available(),
+        scratch_scope_.AvailableDoubleRegList(),
+    };
   }
-  void SetAvailableDouble(DoubleRegList list) {
-    wrapped_scope_.SetAvailableDoubleRegList(list);
+
+  void ResetToDefaultImpl() {
+    scratch_scope_.SetAvailable(Assembler::DefaultTmpList());
+    scratch_scope_.SetAvailableDoubleRegList(Assembler::DefaultFPTmpList());
   }
 
  private:
-  UseScratchRegisterScope wrapped_scope_;
-  MaglevAssembler* masm_;
-  ScratchRegisterScope* prev_scope_;
+  UseScratchRegisterScope scratch_scope_;
 };
 
 inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
@@ -96,8 +103,8 @@ inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
 
 void MapCompare::Generate(Handle<Map> map, Condition cond, Label* if_true,
                           Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(masm_);
-  Register temp = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm_);
+  Register temp = temps.AcquireScratch();
   masm_->Move(temp, map);
   masm_->CmpS64(map_, temp);
   CHECK(is_signed(cond));
@@ -121,8 +128,8 @@ struct PushAllHelper<> {
 
 inline void PushInput(MaglevAssembler* masm, const Input& input) {
   if (input.operand().IsConstant()) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    Register scratch = temps.Acquire();
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    Register scratch = temps.AcquireScratch();
     input.node()->LoadToRegister(masm, scratch);
     masm->Push(scratch);
   } else {
@@ -272,8 +279,8 @@ inline Condition MaglevAssembler::IsRootConstant(Input input,
     CompareRoot(ToRegister(input), root_index);
   } else {
     DCHECK(input.operand().IsStackSlot());
-    ScratchRegisterScope temps(this);
-    Register scratch = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register scratch = temps.AcquireScratch();
     LoadU64(scratch, ToMemOperand(input), scratch);
     CompareRoot(scratch, root_index);
   }
@@ -308,7 +315,7 @@ inline void MaglevAssembler::BuildTypedArrayDataPointer(Register data_pointer,
       data_pointer,
       FieldMemOperand(object, JSTypedArray::kExternalPointerOffset));
   if (JSTypedArray::kMaxSizeInHeap == 0) return;
-  // ScratchRegisterScope temps(this);
+  // TemporaryRegisterScope temps(this);
   Register base = r0;
   if (COMPRESS_POINTERS_BOOL) {
     LoadU32(base, FieldMemOperand(object, JSTypedArray::kBasePointerOffset));
@@ -320,7 +327,7 @@ inline void MaglevAssembler::BuildTypedArrayDataPointer(Register data_pointer,
 
 inline MemOperand MaglevAssembler::TypedArrayElementOperand(
     Register data_pointer, Register index, int element_size) {
-  // ScratchRegisterScope temps(this);
+  // TemporaryRegisterScope temps(this);
   Register temp = r0;
   ShiftLeftU64(temp, index, Operand(ShiftFromScale(element_size)));
   AddU64(data_pointer, data_pointer, temp);
@@ -355,8 +362,7 @@ inline void MaglevAssembler::LoadExternalPointerField(Register result,
 void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
                                             Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -367,14 +373,13 @@ void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
 void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
     Register result, Register array, Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
   int times_tagged_size = (kTaggedSize == 8) ? 3 : 2;
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   ShiftLeftU64(scratch, index, Operand(times_tagged_size));
   MacroAssembler::LoadTaggedFieldWithoutDecompressing(
       result, FieldMemOperand(array, scratch, FixedArray::kHeaderSize));
@@ -383,11 +388,11 @@ void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
 void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
                                                   Register array,
                                                   Register index) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_DOUBLE_ARRAY_TYPE, eq,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_DOUBLE_ARRAY_TYPE,
+                     AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -398,8 +403,8 @@ void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
 
 inline void MaglevAssembler::StoreFixedDoubleArrayElement(
     Register array, Register index, DoubleRegister value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   ShiftLeftU64(scratch, index, Operand(kDoubleSizeLog2));
   StoreF64(value,
            FieldMemOperand(array, scratch, FixedDoubleArray::kHeaderSize));
@@ -438,7 +443,7 @@ inline void MaglevAssembler::SetSlotAddressForTaggedField(Register slot_reg,
 
 inline void MaglevAssembler::SetSlotAddressForFixedArrayElement(
     Register slot_reg, Register object, Register index) {
-  // ScratchRegisterScope temps(this);
+  // TemporaryRegisterScope temps(this);
   Register scratch = r0;
   mov(slot_reg, object);
   AddU64(slot_reg, Operand(FixedArray::kHeaderSize - kHeapObjectTag));
@@ -454,8 +459,8 @@ inline void MaglevAssembler::StoreTaggedFieldNoWriteBarrier(Register object,
 
 inline void MaglevAssembler::StoreFixedArrayElementNoWriteBarrier(
     Register array, Register index, Register value) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   ShiftLeftU64(scratch, index, Operand(kTaggedSizeLog2));
   AddU64(scratch, scratch, array);
   MacroAssembler::StoreTaggedField(
@@ -470,7 +475,7 @@ inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
 
 inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
                                                     Tagged<Smi> value) {
-  ScratchRegisterScope scope(this);
+  TemporaryRegisterScope scope(this);
   Register scratch = r0;
   Move(scratch, value);
   MacroAssembler::StoreTaggedField(scratch, FieldMemOperand(object, offset));
@@ -478,7 +483,7 @@ inline void MaglevAssembler::StoreTaggedSignedField(Register object, int offset,
 
 inline void MaglevAssembler::StoreInt32Field(Register object, int offset,
                                              int32_t value) {
-  ScratchRegisterScope scope(this);
+  TemporaryRegisterScope scope(this);
   Register scratch = r0;
   Move(scratch, value);
   StoreU32(scratch, FieldMemOperand(object, offset));
@@ -599,13 +604,13 @@ inline void MaglevAssembler::Move(Register dst, int32_t i) {
   mov(dst, Operand(i));
 }
 inline void MaglevAssembler::Move(DoubleRegister dst, double n) {
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch();
   MacroAssembler::LoadF64(dst, n, scratch);
 }
 inline void MaglevAssembler::Move(DoubleRegister dst, Float64 n) {
-  ScratchRegisterScope scope(this);
-  Register scratch = scope.Acquire();
+  TemporaryRegisterScope scope(this);
+  Register scratch = scope.AcquireScratch();
   MacroAssembler::LoadF64(dst, n, scratch);
 }
 inline void MaglevAssembler::Move(Register dst, Handle<HeapObject> obj) {
@@ -630,8 +635,8 @@ inline void MaglevAssembler::LoadFloat32(DoubleRegister dst, MemOperand src) {
   MacroAssembler::LoadF32AsF64(dst, src);
 }
 inline void MaglevAssembler::StoreFloat32(MemOperand dst, DoubleRegister src) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
-  DoubleRegister double_scratch = temps.AcquireDouble();
+  MaglevAssembler::TemporaryRegisterScope temps(this);
+  DoubleRegister double_scratch = temps.AcquireScratchDouble();
   ledbr(double_scratch, src);
   MacroAssembler::StoreF32(double_scratch, dst);
 }
@@ -649,7 +654,7 @@ inline void MaglevAssembler::LoadUnalignedFloat64(DoubleRegister dst,
 }
 inline void MaglevAssembler::LoadUnalignedFloat64AndReverseByteOrder(
     DoubleRegister dst, Register base, Register index) {
-  ScratchRegisterScope scope(this);
+  TemporaryRegisterScope scope(this);
   Register scratch = r0;
   LoadU64(scratch, MemOperand(base, index));
   lrvgr(scratch, scratch);
@@ -662,7 +667,7 @@ inline void MaglevAssembler::StoreUnalignedFloat64(Register base,
 }
 inline void MaglevAssembler::ReverseByteOrderAndStoreUnalignedFloat64(
     Register base, Register index, DoubleRegister src) {
-  ScratchRegisterScope scope(this);
+  TemporaryRegisterScope scope(this);
   Register scratch = r0;
   lgdr(scratch, src);
   lrvgr(scratch, scratch);
@@ -681,8 +686,8 @@ inline void MaglevAssembler::NegateInt32(Register val) {
 inline void MaglevAssembler::ToUint8Clamped(Register result,
                                             DoubleRegister value, Label* min,
                                             Label* max, Label* done) {
-  ScratchRegisterScope temps(this);
-  DoubleRegister scratch = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister scratch = temps.AcquireScratchDouble();
   lzdr(kDoubleRegZero);
   CmpF64(kDoubleRegZero, value);
   // Set to 0 if NaN.
@@ -737,54 +742,91 @@ inline void MaglevAssembler::LoadInstanceType(Register instance_type,
           FieldMemOperand(instance_type, Map::kInstanceTypeOffset));
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndJumpIf(
-    Register heap_object, InstanceType type, Condition cond, Label* target,
-    Label::Distance distance) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else if (is_signed(cond)) {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType<true>(heap_object, scratch, scratch, type);
-  }
-  JumpIf(cond, target, distance);
+inline void MaglevAssembler::JumpIfObjectType(Register heap_object,
+                                              InstanceType type, Label* target,
+                                              Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfNotObjectType(Register heap_object,
+                                                 InstanceType type,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  JumpIf(kNotEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndAssert(Register heap_object,
-                                                        InstanceType type,
-                                                        Condition cond,
-                                                        AbortReason reason) {
+inline void MaglevAssembler::AssertObjectType(Register heap_object,
+                                              InstanceType type,
+                                              AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   AssertNotSmi(heap_object);
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else if (is_signed(cond)) {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType<true>(heap_object, scratch, scratch, type);
-  }
-  Assert(cond, reason);
+  CompareObjectType(heap_object, scratch, scratch, type);
+  Assert(kEqual, reason);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndBranch(
-    Register heap_object, InstanceType type, Condition condition,
+inline void MaglevAssembler::BranchOnObjectType(
+    Register heap_object, InstanceType type, Label* if_true,
+    Label::Distance true_distance, bool fallthrough_when_true, Label* if_false,
+    Label::Distance false_distance, bool fallthrough_when_false) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectType(heap_object, scratch, scratch, type);
+  Branch(kEqual, if_true, true_distance, fallthrough_when_true, if_false,
+         false_distance, fallthrough_when_false);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     Label* target,
+                                                     Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeNotInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
+    Label* target, Label::Distance distance) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  JumpIf(kUnsignedGreaterThan, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     AbortReason reason) {
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  AssertNotSmi(heap_object);
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+
+inline void MaglevAssembler::BranchOnObjectTypeInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
     Label* if_true, Label::Distance true_distance, bool fallthrough_when_true,
     Label* if_false, Label::Distance false_distance,
     bool fallthrough_when_false) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  if (condition == kEqual || condition == kNotEqual) {
-    IsObjectType(heap_object, scratch, scratch, type);
-  } else if (is_signed(condition)) {
-    CompareObjectType(heap_object, scratch, scratch, type);
-  } else {
-    CompareObjectType<true>(heap_object, scratch, scratch, type);
-  }
-  Branch(condition, if_true, true_distance, fallthrough_when_true, if_false,
-         false_distance, fallthrough_when_false);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  CompareObjectTypeRange(heap_object, scratch, scratch, scratch, lower_limit,
+                         higher_limit);
+  Branch(kUnsignedLessThanEqual, if_true, true_distance, fallthrough_when_true,
+         if_false, false_distance, fallthrough_when_false);
 }
 
 inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
@@ -792,29 +834,13 @@ inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
   // If the type of the result (stored in its map) is less than
   // FIRST_JS_RECEIVER_TYPE, it is not an object in the ECMA sense.
   static_assert(LAST_JS_RECEIVER_TYPE == LAST_TYPE);
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::CompareObjectType<true>(heap_object, scratch, scratch,
                                           FIRST_JS_RECEIVER_TYPE);
   JumpIf(ge, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
-  CompareObjectTypeRange(heap_object, scratch, lower_limit, higher_limit);
-}
-
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    Register scratch,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  LoadMap(scratch, heap_object);
-  CompareInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
-}
-
 inline void MaglevAssembler::CompareMapWithRoot(Register object,
                                                 RootIndex index,
                                                 Register scratch) {
@@ -824,16 +850,18 @@ inline void MaglevAssembler::CompareMapWithRoot(Register object,
 
 inline void MaglevAssembler::CompareInstanceType(Register map,
                                                  InstanceType instance_type) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::CompareInstanceType(map, scratch, instance_type);
 }
 
 inline void MaglevAssembler::CompareInstanceTypeRange(
     Register map, Register instance_type_out, InstanceType lower_limit,
     InstanceType higher_limit) {
-  MacroAssembler::CompareInstanceTypeRange(map, instance_type_out, lower_limit,
-                                           higher_limit);
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
+  MacroAssembler::CompareInstanceTypeRange(map, instance_type_out, scratch,
+                                           lower_limit, higher_limit);
 }
 
 inline void MaglevAssembler::CompareFloat64AndJumpIf(
@@ -855,8 +883,8 @@ inline void MaglevAssembler::CompareFloat64AndBranch(
 
 inline void MaglevAssembler::PrepareCallCFunction(int num_reg_arguments,
                                                   int num_double_registers) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MacroAssembler::PrepareCallCFunction(num_reg_arguments, num_double_registers,
                                        scratch);
 }
@@ -914,7 +942,7 @@ inline void MaglevAssembler::JumpIfNotSmi(Register src, Label* on_smi,
 
 void MaglevAssembler::JumpIfByte(Condition cc, Register value, int32_t byte,
                                  Label* target, Label::Distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
+  MaglevAssembler::TemporaryRegisterScope temps(this);
   Register scratch = r0;
   mov(scratch, Operand(byte));
   LoadS8(scratch, scratch);
@@ -953,7 +981,7 @@ void MaglevAssembler::JumpIfHoleNan(DoubleRegister value, Register scratch,
 void MaglevAssembler::JumpIfNotHoleNan(DoubleRegister value, Register scratch,
                                        Label* target,
                                        Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
+  MaglevAssembler::TemporaryRegisterScope temps(this);
   CmpF64(value, value);
   JumpIf(ordered, target, distance);
 
@@ -964,7 +992,7 @@ void MaglevAssembler::JumpIfNotHoleNan(DoubleRegister value, Register scratch,
 
 void MaglevAssembler::JumpIfNotHoleNan(MemOperand operand, Label* target,
                                        Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
+  MaglevAssembler::TemporaryRegisterScope temps(this);
   Register scratch = r0;
   mov(scratch, Operand(kHoleNanInt64));
   CmpU32(scratch, operand);
@@ -1077,12 +1105,21 @@ inline void MaglevAssembler::CompareSmiAndJumpIf(Register r1, Tagged<Smi> value,
   JumpIf(cond, target);
 }
 
+inline void MaglevAssembler::CompareSmiAndAssert(Register r1, Tagged<Smi> value,
+                                                 Condition cond,
+                                                 AbortReason reason) {
+  if (!v8_flags.debug_code) return;
+  AssertSmi(r1);
+  CompareTagged(r1, Operand(value));
+  Assert(cond, reason);
+}
+
 inline void MaglevAssembler::CompareByteAndJumpIf(MemOperand left, int8_t right,
                                                   Condition cond,
                                                   Register scratch,
                                                   Label* target,
                                                   Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
+  MaglevAssembler::TemporaryRegisterScope temps(this);
   Register scratch2 = r0;
   LoadS8(scratch, left);
   mov(scratch2, Operand(right));
@@ -1106,7 +1143,7 @@ inline void MaglevAssembler::CompareTaggedAndJumpIf(Register reg,
                                                     Condition cond,
                                                     Label* target,
                                                     Label::Distance distance) {
-  MaglevAssembler::ScratchRegisterScope temps(this);
+  MaglevAssembler::TemporaryRegisterScope temps(this);
   Register scratch = r0;
   MacroAssembler::Move(scratch, obj,
                        COMPRESS_POINTERS_BOOL
@@ -1196,8 +1233,8 @@ inline void MaglevAssembler::AssertStackSizeCorrect() {
 
 inline Condition MaglevAssembler::FunctionEntryStackCheck(
     int stack_check_offset) {
-  ScratchRegisterScope temps(this);
-  Register interrupt_stack_limit = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register interrupt_stack_limit = temps.AcquireScratch();
   LoadStackLimit(interrupt_stack_limit, StackLimitKind::kInterruptStackLimit);
 
   Register stack_cmp_reg = sp;
@@ -1255,8 +1292,8 @@ inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
 template <>
 inline void MaglevAssembler::MoveRepr(MachineRepresentation repr,
                                       MemOperand dst, MemOperand src) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
   MoveRepr(repr, scratch, src);
   MoveRepr(repr, dst, scratch);
 }
diff --git a/deps/v8/src/maglev/s390/maglev-assembler-s390.cc b/deps/v8/src/maglev/s390/maglev-assembler-s390.cc
index 32ddb4d4b1e6a1..93563d11960660 100644
--- a/deps/v8/src/maglev/s390/maglev-assembler-s390.cc
+++ b/deps/v8/src/maglev/s390/maglev-assembler-s390.cc
@@ -41,8 +41,8 @@ void AllocateRaw(MaglevAssembler* masm, Isolate* isolate,
   ExternalReference top = SpaceAllocationTopAddress(isolate, alloc_type);
   ExternalReference limit = SpaceAllocationLimitAddress(isolate, alloc_type);
   ZoneLabelRef done(masm);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   // We are a bit short on registers, so we use the same register for {object}
   // and {new_top}. Once we have defined {new_top}, we don't use {object} until
   // {new_top} is used for the last time. And there (at the end of this
@@ -82,8 +82,8 @@ void MaglevAssembler::Allocate(RegisterSnapshot register_snapshot,
 }
 
 void MaglevAssembler::OSRPrologue(Graph* graph) {
-  ScratchRegisterScope temps(this);
-  Register scratch = temps.Acquire();
+  TemporaryRegisterScope temps(this);
+  Register scratch = temps.AcquireScratch();
 
   DCHECK(graph->is_osr());
   CHECK(!graph->has_recursive_calls());
@@ -126,9 +126,9 @@ void MaglevAssembler::OSRPrologue(Graph* graph) {
 }
 
 void MaglevAssembler::Prologue(Graph* graph) {
-  ScratchRegisterScope temps(this);
+  TemporaryRegisterScope temps(this);
   temps.Include({r6, r8});
-  Register scratch = temps.Acquire();
+  Register scratch = temps.AcquireScratch();
   DCHECK(!graph->is_osr());
 
   BailoutIfDeoptimized(scratch);
@@ -183,7 +183,7 @@ void MaglevAssembler::Prologue(Graph* graph) {
       for (int i = 0; i < first_slots; ++i) {
         Push(scratch);
       }
-      Register unroll_counter = temps.Acquire();
+      Register unroll_counter = temps.AcquireScratch();
       Move(unroll_counter, tagged_slots / kLoopUnrollSize);
       // We enter the loop unconditionally, so make sure we need to loop at
       // least once.
@@ -313,14 +313,11 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   bind(&loop);
 
   if (v8_flags.debug_code) {
-    Register scratch = instance_type;
-
     // Check if {string} is a string.
-    AssertNotSmi(string);
-    LoadMap(scratch, string);
-    CompareInstanceTypeRange(scratch, scratch, FIRST_STRING_TYPE,
-                             LAST_STRING_TYPE);
-    Check(le, AbortReason::kUnexpectedValue);
+    AssertObjectTypeInRange(string, FIRST_STRING_TYPE, LAST_STRING_TYPE,
+                            AbortReason::kUnexpectedValue);
+
+    Register scratch = instance_type;
 
     LoadU32(scratch, FieldMemOperand(string, offsetof(String, length_)));
     CmpS32(index, scratch);
@@ -331,8 +328,8 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   LoadInstanceType(instance_type, string);
 
   {
-    ScratchRegisterScope temps(this);
-    Register representation = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register representation = temps.AcquireScratch();
 
     // TODO(victorgomes): Add fast path for external strings.
     And(representation, instance_type, Operand(kStringRepresentationMask));
@@ -356,8 +353,8 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
 
   bind(&sliced_string);
   {
-    ScratchRegisterScope temps(this);
-    Register offset = temps.Acquire();
+    TemporaryRegisterScope temps(this);
+    Register offset = temps.AcquireScratch();
 
     LoadAndUntagTaggedSignedField(offset, string,
                                   offsetof(SlicedString, offset_));
@@ -483,8 +480,8 @@ void MaglevAssembler::TruncateDoubleToInt32(Register dst, DoubleRegister src) {
 
 void MaglevAssembler::TryTruncateDoubleToInt32(Register dst, DoubleRegister src,
                                                Label* fail) {
-  UseScratchRegisterScope temps(this);
-  DoubleRegister temp = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister temp = temps.AcquireScratchDouble();
   Label done;
 
   // Convert the input float64 value to int32.
@@ -516,8 +513,8 @@ void MaglevAssembler::TryTruncateDoubleToInt32(Register dst, DoubleRegister src,
 void MaglevAssembler::TryTruncateDoubleToUint32(Register dst,
                                                 DoubleRegister src,
                                                 Label* fail) {
-  UseScratchRegisterScope temps(this);
-  DoubleRegister temp = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister temp = temps.AcquireScratchDouble();
   Label done;
 
   // Convert the input float64 value to uint32.
@@ -549,8 +546,8 @@ void MaglevAssembler::TryTruncateDoubleToUint32(Register dst,
 void MaglevAssembler::TryChangeFloat64ToIndex(Register result,
                                               DoubleRegister value,
                                               Label* success, Label* fail) {
-  UseScratchRegisterScope temps(this);
-  DoubleRegister temp = temps.AcquireDouble();
+  TemporaryRegisterScope temps(this);
+  DoubleRegister temp = temps.AcquireScratchDouble();
   // Convert the input float64 value to int32.
   ConvertDoubleToInt32(result, value);
   // Convert that int32 value back to float64.
diff --git a/deps/v8/src/maglev/s390/maglev-ir-s390.cc b/deps/v8/src/maglev/s390/maglev-ir-s390.cc
index 2d44d5a8950807..41b6fb0b511abc 100644
--- a/deps/v8/src/maglev/s390/maglev-ir-s390.cc
+++ b/deps/v8/src/maglev/s390/maglev-ir-s390.cc
@@ -102,8 +102,8 @@ void BuiltinStringFromCharCode::SetValueLocationConstraints() {
 }
 void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
                                              const ProcessingState& state) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   Register result_string = ToRegister(result());
   if (Int32Constant* constant = code_input().node()->TryCast<Int32Constant>()) {
     int32_t char_code = constant->value() & 0xFFFF;
@@ -114,7 +114,7 @@ void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
       // store will fail.
       bool reallocate_result = (scratch == result_string);
       if (reallocate_result) {
-        result_string = temps.Acquire();
+        result_string = temps.AcquireScratch();
       }
       DCHECK(scratch != result_string);
       __ AllocateTwoByteString(register_snapshot(), result_string, 1);
@@ -228,8 +228,8 @@ void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
 
   // TODO(leszeks): peephole optimise multiplication by a constant.
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register temp = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register temp = temps.AcquireScratch();
   __ Or(temp, left, right);
   __ MulS32(out, left, right);
   __ LoadS32(out, out);
@@ -386,8 +386,8 @@ void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
       done, lhs, rhs, out, this);
 
   Label rhs_not_power_of_2;
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register mask = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register mask = temps.AcquireScratch();
   __ AddS32(mask, rhs, Operand(-1));
   __ And(r0, mask, rhs);
   __ JumpIf(ne, &rhs_not_power_of_2);
@@ -396,7 +396,7 @@ void Int32ModulusWithOverflow::GenerateCode(MaglevAssembler* masm,
   __ And(out, mask, lhs);
   __ Jump(*done);
   // {mask} can be reused from now on.
-  temps.Include(mask);
+  temps.IncludeScratch(mask);
 
   __ bind(&rhs_not_power_of_2);
   __ ModU32(out, lhs, rhs);
@@ -448,8 +448,8 @@ DEF_BITWISE_BINOP(Int32BitwiseXor, Xor)
       __ opcode(out, left, Operand(shift));                      \
       __ LoadS32(out, out);                                      \
     } else {                                                     \
-      MaglevAssembler::ScratchRegisterScope temps(masm);         \
-      Register scratch = temps.Acquire();                        \
+      MaglevAssembler::TemporaryRegisterScope temps(masm);       \
+      Register scratch = temps.AcquireScratch();                 \
       Register right = ToRegister(right_input());                \
       __ And(scratch, right, Operand(31));                       \
       __ opcode(out, left, scratch);                             \
@@ -565,9 +565,9 @@ void Float64Round::GenerateCode(MaglevAssembler* masm,
   DoubleRegister in = ToDoubleRegister(input());
   DoubleRegister out = ToDoubleRegister(result());
   if (kind_ == Kind::kNearest) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
-    DoubleRegister temp = temps.AcquireDouble();
-    DoubleRegister temp2 = temps.AcquireDouble();
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
+    DoubleRegister temp = temps.AcquireScratchDouble();
+    DoubleRegister temp2 = temps.AcquireScratchDouble();
     __ Move(temp, in);
     __ NearestIntF64(out, in);
     __ SubF64(temp, temp, out);
@@ -620,8 +620,8 @@ void LoadTypedArrayLength::GenerateCode(MaglevAssembler* masm,
   Register object = ToRegister(receiver_input());
   Register result_register = ToRegister(result());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_TYPED_ARRAY_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_TYPED_ARRAY_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
   __ LoadBoundedSizeFromObject(result_register, object,
@@ -644,16 +644,16 @@ void CheckJSDataViewBounds::SetValueLocationConstraints() {
 void CheckJSDataViewBounds::GenerateCode(MaglevAssembler* masm,
                                          const ProcessingState& state) {
   USE(element_type_);
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register object = ToRegister(receiver_input());
   Register index = ToRegister(index_input());
   if (v8_flags.debug_code) {
-    __ CompareObjectTypeAndAssert(object, JS_DATA_VIEW_TYPE, eq,
-                                  AbortReason::kUnexpectedValue);
+    __ AssertObjectType(object, JS_DATA_VIEW_TYPE,
+                        AbortReason::kUnexpectedValue);
   }
 
   // Normal DataView (backed by AB / SAB) or non-length tracking backed by GSAB.
-  Register byte_length = temps.Acquire();
+  Register byte_length = temps.AcquireScratch();
   __ LoadBoundedSizeFromObject(byte_length, object,
                                JSDataView::kRawByteLengthOffset);
 
@@ -739,10 +739,10 @@ void HandleInterruptsAndTiering(MaglevAssembler* masm, ZoneLabelRef done,
 
 void GenerateReduceInterruptBudget(MaglevAssembler* masm, Node* node,
                                    ReduceInterruptBudgetType type, int amount) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
-  Register scratch = temps.Acquire();
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
+  Register scratch = temps.AcquireScratch();
   Register feedback_cell = scratch;
-  Register budget = temps.Acquire();
+  Register budget = temps.AcquireScratch();
   __ LoadU64(feedback_cell,
              MemOperand(fp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(
diff --git a/deps/v8/src/maglev/x64/maglev-assembler-x64-inl.h b/deps/v8/src/maglev/x64/maglev-assembler-x64-inl.h
index 983f81a341b74b..4be20e02dd94ee 100644
--- a/deps/v8/src/maglev/x64/maglev-assembler-x64-inl.h
+++ b/deps/v8/src/maglev/x64/maglev-assembler-x64-inl.h
@@ -57,50 +57,59 @@ inline ScaleFactor ScaleFactorFromInt(int n) {
   }
 }
 
-class MaglevAssembler::ScratchRegisterScope {
+class MaglevAssembler::TemporaryRegisterScope
+    : public TemporaryRegisterScopeBase<TemporaryRegisterScope> {
+  using Base = TemporaryRegisterScopeBase<TemporaryRegisterScope>;
+
  public:
-  explicit ScratchRegisterScope(MaglevAssembler* masm)
-      : masm_(masm),
-        prev_scope_(masm->scratch_register_scope_),
-        available_(masm->scratch_register_scope_
-                       ? masm_->scratch_register_scope_->available_
-                       : RegList()),
-        available_double_(
-            masm->scratch_register_scope_
-                ? masm_->scratch_register_scope_->available_double_
-                : DoubleRegList()) {
-    masm_->scratch_register_scope_ = this;
+  struct SavedData : public Base::SavedData {
+    bool has_scratch_register_;
+    bool has_double_scratch_register_;
+  };
+
+  explicit TemporaryRegisterScope(MaglevAssembler* masm)
+      : Base(masm),
+        has_scratch_register_(prev_scope_ ? prev_scope_->has_scratch_register_
+                                          : true),
+        has_double_scratch_register_(
+            prev_scope_ ? prev_scope_->has_double_scratch_register_ : true) {}
+  explicit TemporaryRegisterScope(MaglevAssembler* masm,
+                                  const SavedData& saved_data)
+      : Base(masm, saved_data),
+        has_scratch_register_(saved_data.has_scratch_register_),
+        has_double_scratch_register_(saved_data.has_double_scratch_register_) {}
+
+  Register AcquireScratch() {
+    CHECK(has_scratch_register_);
+    has_scratch_register_ = false;
+    return kScratchRegister;
   }
-  ~ScratchRegisterScope() { masm_->scratch_register_scope_ = prev_scope_; }
-
-  void ResetToDefault() {
-    available_ = {};
-    available_double_ = {};
+  DoubleRegister AcquireScratchDouble() {
+    CHECK(has_double_scratch_register_);
+    has_double_scratch_register_ = false;
+    return kScratchDoubleReg;
   }
-
-  Register GetDefaultScratchRegister() { return kScratchRegister; }
-  DoubleRegister GetDefaultScratchDoubleRegister() { return kScratchDoubleReg; }
-
-  Register Acquire() { return available_.PopFirst(); }
-  void Include(Register reg) { available_.set(reg); }
-  void Include(const RegList list) { available_ = available_ | list; }
-
-  DoubleRegister AcquireDouble() { return available_double_.PopFirst(); }
-  void IncludeDouble(const DoubleRegList list) {
-    available_double_ = available_double_ | list;
+  void IncludeScratch(Register reg) {
+    DCHECK_EQ(reg, kScratchRegister);
+    has_scratch_register_ = true;
   }
 
-  RegList Available() { return available_; }
-  void SetAvailable(RegList list) { available_ = list; }
+  SavedData CopyForDefer() {
+    return SavedData{
+        CopyForDeferBase(),
+        has_scratch_register_,
+        has_double_scratch_register_,
+    };
+  }
 
-  DoubleRegList AvailableDouble() { return available_double_; }
-  void SetAvailableDouble(DoubleRegList list) { available_double_ = list; }
+  void ResetToDefaultImpl() {
+    has_scratch_register_ = true;
+    has_double_scratch_register_ = true;
+  }
 
  private:
-  MaglevAssembler* masm_;
-  ScratchRegisterScope* prev_scope_;
-  RegList available_;
-  DoubleRegList available_double_;
+  bool has_scratch_register_;
+  bool has_double_scratch_register_;
 };
 
 inline MapCompare::MapCompare(MaglevAssembler* masm, Register object,
@@ -381,8 +390,7 @@ inline void MaglevAssembler::LoadExternalPointerField(Register result,
 void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
                                             Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -393,8 +401,7 @@ void MaglevAssembler::LoadFixedArrayElement(Register result, Register array,
 void MaglevAssembler::LoadFixedArrayElementWithoutDecompressing(
     Register result, Register array, Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_ARRAY_TYPE, AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -407,8 +414,8 @@ void MaglevAssembler::LoadFixedDoubleArrayElement(DoubleRegister result,
                                                   Register array,
                                                   Register index) {
   if (v8_flags.debug_code) {
-    CompareObjectTypeAndAssert(array, FIXED_DOUBLE_ARRAY_TYPE, kEqual,
-                               AbortReason::kUnexpectedValue);
+    AssertObjectType(array, FIXED_DOUBLE_ARRAY_TYPE,
+                     AbortReason::kUnexpectedValue);
     CompareInt32AndAssert(index, 0, kUnsignedGreaterThanEqual,
                           AbortReason::kUnexpectedNegativeValue);
   }
@@ -499,6 +506,15 @@ inline void MaglevAssembler::StoreField(Operand operand, Register value,
   }
 }
 
+#ifdef V8_ENABLE_SANDBOX
+
+inline void MaglevAssembler::StoreTrustedPointerFieldNoWriteBarrier(
+    Register object, int offset, Register value) {
+  MacroAssembler::StoreTrustedPointerField(FieldOperand(object, offset), value);
+}
+
+#endif  // V8_ENABLE_SANDBOX
+
 inline void MaglevAssembler::ReverseByteOrder(Register value, int size) {
   if (size == 2) {
     bswapl(value);
@@ -605,6 +621,10 @@ inline void MaglevAssembler::Move(Register dst, uint32_t i) {
   MacroAssembler::Move(dst, i);
 }
 
+inline void MaglevAssembler::Move(Register dst, IndirectPointerTag i) {
+  MacroAssembler::Move(dst, i);
+}
+
 inline void MaglevAssembler::Move(DoubleRegister dst, double n) {
   MacroAssembler::Move(dst, n);
 }
@@ -727,45 +747,71 @@ inline void MaglevAssembler::LoadInstanceType(Register instance_type,
   movzxwl(instance_type, FieldOperand(instance_type, Map::kInstanceTypeOffset));
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndJumpIf(
-    Register heap_object, InstanceType type, Condition cond, Label* target,
-    Label::Distance distance) {
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, type, kScratchRegister);
-  } else {
-    LoadMap(kScratchRegister, heap_object);
-    CmpInstanceType(kScratchRegister, type);
-  }
-  JumpIf(cond, target, distance);
+inline void MaglevAssembler::JumpIfObjectType(Register heap_object,
+                                              InstanceType type, Label* target,
+                                              Label::Distance distance) {
+  IsObjectType(heap_object, type, kScratchRegister);
+  JumpIf(kEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfNotObjectType(Register heap_object,
+                                                 InstanceType type,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  IsObjectType(heap_object, type, kScratchRegister);
+  JumpIf(kNotEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndAssert(Register heap_object,
-                                                        InstanceType type,
-                                                        Condition cond,
-                                                        AbortReason reason) {
+inline void MaglevAssembler::AssertObjectType(Register heap_object,
+                                              InstanceType type,
+                                              AbortReason reason) {
   AssertNotSmi(heap_object);
-  if (cond == kEqual || cond == kNotEqual) {
-    IsObjectType(heap_object, type, kScratchRegister);
-  } else {
-    LoadMap(kScratchRegister, heap_object);
-    CmpInstanceType(kScratchRegister, type);
-  }
-  Assert(cond, reason);
+  IsObjectType(heap_object, type, kScratchRegister);
+  Assert(kEqual, reason);
 }
 
-inline void MaglevAssembler::CompareObjectTypeAndBranch(
-    Register heap_object, InstanceType type, Condition condition,
+inline void MaglevAssembler::BranchOnObjectType(
+    Register heap_object, InstanceType type, Label* if_true,
+    Label::Distance true_distance, bool fallthrough_when_true, Label* if_false,
+    Label::Distance false_distance, bool fallthrough_when_false) {
+  IsObjectType(heap_object, type, kScratchRegister);
+  Branch(kEqual, if_true, true_distance, fallthrough_when_true, if_false,
+         false_distance, fallthrough_when_false);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     Label* target,
+                                                     Label::Distance distance) {
+  IsObjectTypeInRange(heap_object, lower_limit, higher_limit, kScratchRegister);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
+}
+
+inline void MaglevAssembler::JumpIfObjectTypeNotInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
+    Label* target, Label::Distance distance) {
+  IsObjectTypeInRange(heap_object, lower_limit, higher_limit, kScratchRegister);
+  JumpIf(kUnsignedGreaterThan, target, distance);
+}
+
+inline void MaglevAssembler::AssertObjectTypeInRange(Register heap_object,
+                                                     InstanceType lower_limit,
+                                                     InstanceType higher_limit,
+                                                     AbortReason reason) {
+  AssertNotSmi(heap_object);
+  IsObjectTypeInRange(heap_object, lower_limit, higher_limit, kScratchRegister);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+
+inline void MaglevAssembler::BranchOnObjectTypeInRange(
+    Register heap_object, InstanceType lower_limit, InstanceType higher_limit,
     Label* if_true, Label::Distance true_distance, bool fallthrough_when_true,
     Label* if_false, Label::Distance false_distance,
     bool fallthrough_when_false) {
-  if (condition == kEqual || condition == kNotEqual) {
-    IsObjectType(heap_object, type, kScratchRegister);
-  } else {
-    LoadMap(kScratchRegister, heap_object);
-    CmpInstanceType(kScratchRegister, type);
-  }
-  Branch(condition, if_true, true_distance, fallthrough_when_true, if_false,
-         false_distance, fallthrough_when_false);
+  IsObjectTypeInRange(heap_object, lower_limit, higher_limit, kScratchRegister);
+  Branch(kUnsignedLessThanEqual, if_true, true_distance, fallthrough_when_true,
+         if_false, false_distance, fallthrough_when_false);
 }
 
 inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
@@ -774,21 +820,46 @@ inline void MaglevAssembler::JumpIfJSAnyIsNotPrimitive(
                                             target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  CompareObjectTypeRange(heap_object, kScratchRegister, lower_limit,
-                         higher_limit);
+#if V8_STATIC_ROOTS_BOOL
+inline void MaglevAssembler::JumpIfObjectInRange(Register heap_object,
+                                                 Tagged_t lower_limit,
+                                                 Tagged_t higher_limit,
+                                                 Label* target,
+                                                 Label::Distance distance) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, lower_limit, higher_limit);
+  JumpIf(kUnsignedLessThanEqual, target, distance);
 }
 
-inline void MaglevAssembler::CompareObjectTypeRange(Register heap_object,
-                                                    Register scratch,
-                                                    InstanceType lower_limit,
-                                                    InstanceType higher_limit) {
-  LoadMap(scratch, heap_object);
-  CmpInstanceTypeRange(scratch, scratch, lower_limit, higher_limit);
+inline void MaglevAssembler::JumpIfObjectNotInRange(Register heap_object,
+                                                    Tagged_t lower_limit,
+                                                    Tagged_t higher_limit,
+                                                    Label* target,
+                                                    Label::Distance distance) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, lower_limit, higher_limit);
+  JumpIf(kUnsignedGreaterThan, target, distance);
 }
 
+inline void MaglevAssembler::AssertObjectInRange(Register heap_object,
+                                                 Tagged_t lower_limit,
+                                                 Tagged_t higher_limit,
+                                                 AbortReason reason) {
+  // Only allowed for comparisons against RORoots.
+  DCHECK_LE(lower_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  DCHECK_LE(higher_limit, StaticReadOnlyRoot::kLastAllocatedRoot);
+  AssertNotSmi(heap_object);
+  CompareRange(heap_object, lower_limit, higher_limit);
+  Assert(kUnsignedLessThanEqual, reason);
+}
+#endif
+
 inline void MaglevAssembler::CompareMapWithRoot(Register object,
                                                 RootIndex index,
                                                 Register scratch) {
@@ -1040,6 +1111,15 @@ inline void MaglevAssembler::CompareSmiAndJumpIf(Register r1, Tagged<Smi> value,
   JumpIf(cond, target, distance);
 }
 
+inline void MaglevAssembler::CompareSmiAndAssert(Register r1, Tagged<Smi> value,
+                                                 Condition cond,
+                                                 AbortReason reason) {
+  if (!v8_flags.debug_code) return;
+  AssertSmi(r1);
+  Cmp(r1, value);
+  Assert(cond, reason);
+}
+
 inline void MaglevAssembler::CompareByteAndJumpIf(MemOperand left, int8_t right,
                                                   Condition cond,
                                                   Register scratch,
diff --git a/deps/v8/src/maglev/x64/maglev-assembler-x64.cc b/deps/v8/src/maglev/x64/maglev-assembler-x64.cc
index 00bd70a546000c..fb5fcd1f982fdb 100644
--- a/deps/v8/src/maglev/x64/maglev-assembler-x64.cc
+++ b/deps/v8/src/maglev/x64/maglev-assembler-x64.cc
@@ -12,6 +12,7 @@
 #include "src/maglev/maglev-graph.h"
 #include "src/maglev/maglev-ir.h"
 #include "src/objects/heap-number.h"
+#include "src/objects/instance-type-inl.h"
 
 namespace v8 {
 namespace internal {
@@ -176,8 +177,6 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
       },
       mode, register_snapshot, done, result, string, index);
 
-  Register instance_type = scratch1;
-
   // We might need to try more than one time for ConsString, SlicedString and
   // ThinString.
   Label loop;
@@ -196,10 +195,47 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
     Check(below, AbortReason::kUnexpectedValue);
   }
 
+#if V8_STATIC_ROOTS_BOOL
+  Register map = scratch1;
+  LoadMapForCompare(map, string);
+#else
+  Register instance_type = scratch1;
   // Get instance type.
   LoadInstanceType(instance_type, string);
+#endif
 
   {
+#if V8_STATIC_ROOTS_BOOL
+    using StringTypeRange = InstanceTypeChecker::kUniqueMapRangeOfStringType;
+    // Check the string map ranges in dense increasing order, to avoid needing
+    // to subtract away the lower bound.
+    static_assert(StringTypeRange::kSeqString.first == 0);
+    CompareInt32AndJumpIf(map, StringTypeRange::kSeqString.second,
+                          kUnsignedLessThanEqual, &seq_string, Label::kNear);
+
+    static_assert(StringTypeRange::kSeqString.second + Map::kSize ==
+                  StringTypeRange::kExternalString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kExternalString.second,
+                          kUnsignedLessThanEqual, deferred_runtime_call);
+    // TODO(victorgomes): Add fast path for external strings.
+
+    static_assert(StringTypeRange::kExternalString.second + Map::kSize ==
+                  StringTypeRange::kConsString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kConsString.second,
+                          kUnsignedLessThanEqual, &cons_string, Label::kNear);
+
+    static_assert(StringTypeRange::kConsString.second + Map::kSize ==
+                  StringTypeRange::kSlicedString.first);
+    CompareInt32AndJumpIf(map, StringTypeRange::kSlicedString.second,
+                          kUnsignedLessThanEqual, &sliced_string, Label::kNear);
+
+    static_assert(StringTypeRange::kSlicedString.second + Map::kSize ==
+                  StringTypeRange::kThinString.first);
+    // No need to check for thin strings, they're the last string map.
+    static_assert(StringTypeRange::kThinString.second ==
+                  InstanceTypeChecker::kStringMapUpperBound);
+    // Fallthrough to thin string.
+#else
     // TODO(victorgomes): Add fast path for external strings.
     Register representation = kScratchRegister;
     movl(representation, instance_type);
@@ -213,6 +249,7 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
     cmpl(representation, Immediate(kThinStringTag));
     j(not_equal, deferred_runtime_call);
     // Fallthrough to thin string.
+#endif
   }
 
   // Is a thin string.
@@ -243,9 +280,20 @@ void MaglevAssembler::StringCharCodeOrCodePointAt(
   bind(&seq_string);
   {
     Label two_byte_string;
+#if V8_STATIC_ROOTS_BOOL
+    if (InstanceTypeChecker::kTwoByteStringMapBit == 0) {
+      TestInt32AndJumpIfAllClear(map,
+                                 InstanceTypeChecker::kStringMapEncodingMask,
+                                 &two_byte_string, Label::kNear);
+    } else {
+      TestInt32AndJumpIfAnySet(map, InstanceTypeChecker::kStringMapEncodingMask,
+                               &two_byte_string, Label::kNear);
+    }
+#else
     andl(instance_type, Immediate(kStringEncodingMask));
     cmpl(instance_type, Immediate(kTwoByteStringTag));
     j(equal, &two_byte_string, Label::kNear);
+#endif
     // The result of one-byte string will be the same for both modes
     // (CharCodeAt/CodePointAt), since it cannot be the first half of a
     // surrogate pair.
diff --git a/deps/v8/src/maglev/x64/maglev-ir-x64.cc b/deps/v8/src/maglev/x64/maglev-ir-x64.cc
index 1d0f7ade36e4f5..b5b42b86b7ffca 100644
--- a/deps/v8/src/maglev/x64/maglev-ir-x64.cc
+++ b/deps/v8/src/maglev/x64/maglev-ir-x64.cc
@@ -148,7 +148,7 @@ void BuiltinStringFromCharCode::GenerateCode(MaglevAssembler* masm,
           Immediate(char_code));
     }
   } else {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     Register scratch = temps.Acquire();
     Register char_code = ToRegister(code_input());
     __ StringFromCharCode(register_snapshot(), nullptr, result_string,
@@ -206,7 +206,7 @@ void Int32MultiplyWithOverflow::GenerateCode(MaglevAssembler* masm,
   Register right = ToRegister(right_input());
   DCHECK_EQ(result, ToRegister(left_input()));
 
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register saved_left = temps.Acquire();
   __ movl(saved_left, result);
   // TODO(leszeks): peephole optimise multiplication by a constant.
@@ -640,7 +640,7 @@ void Float64Round::GenerateCode(MaglevAssembler* masm,
   DoubleRegister out = ToDoubleRegister(result());
 
   if (kind_ == Kind::kNearest) {
-    MaglevAssembler::ScratchRegisterScope temps(masm);
+    MaglevAssembler::TemporaryRegisterScope temps(masm);
     DoubleRegister temp = temps.AcquireDouble();
     __ Move(temp, in);
     __ Roundsd(out, in, kRoundToNearest);
@@ -753,7 +753,7 @@ void HandleInterruptsAndTiering(MaglevAssembler* masm, ZoneLabelRef done,
 
 void GenerateReduceInterruptBudget(MaglevAssembler* masm, Node* node,
                                    ReduceInterruptBudgetType type, int amount) {
-  MaglevAssembler::ScratchRegisterScope temps(masm);
+  MaglevAssembler::TemporaryRegisterScope temps(masm);
   Register scratch = temps.Acquire();
   __ movq(scratch, MemOperand(rbp, StandardFrameConstants::kFunctionOffset));
   __ LoadTaggedField(scratch,
diff --git a/deps/v8/src/numbers/conversions.cc b/deps/v8/src/numbers/conversions.cc
index a69913f1551783..811bd7f747831a 100644
--- a/deps/v8/src/numbers/conversions.cc
+++ b/deps/v8/src/numbers/conversions.cc
@@ -8,6 +8,7 @@
 #include <stdarg.h>
 
 #include <cmath>
+#include <optional>
 
 #include "src/base/numbers/dtoa.h"
 #include "src/base/numbers/strtod.h"
@@ -155,8 +156,9 @@ inline bool isDigit(int x, int radix) {
 
 inline bool isBinaryDigit(int x) { return x == '0' || x == '1'; }
 
-template <class Iterator, class EndMark>
-bool SubStringEquals(Iterator* current, EndMark end, const char* substring) {
+template <class Char>
+bool SubStringEquals(const Char** current, const Char* end,
+                     const char* substring) {
   DCHECK(**current == *substring);
   for (substring++; *substring != '\0'; substring++) {
     ++*current;
@@ -168,8 +170,8 @@ bool SubStringEquals(Iterator* current, EndMark end, const char* substring) {
 
 // Returns true if a nonspace character has been found and false if the
 // end was been reached before finding a nonspace character.
-template <class Iterator, class EndMark>
-inline bool AdvanceToNonspace(Iterator* current, EndMark end) {
+template <class Char>
+inline bool AdvanceToNonspace(const Char** current, const Char* end) {
   while (*current != end) {
     if (!IsWhiteSpaceOrLineTerminator(**current)) return true;
     ++*current;
@@ -178,10 +180,11 @@ inline bool AdvanceToNonspace(Iterator* current, EndMark end) {
 }
 
 // Parsing integers with radix 2, 4, 8, 16, 32. Assumes current != end.
-template <int radix_log_2, class Iterator, class EndMark>
-double InternalStringToIntDouble(Iterator current, EndMark end, bool negative,
-                                 bool allow_trailing_junk) {
-  DCHECK(current != end);
+template <int radix_log_2, class Char>
+double InternalStringToIntDouble(const Char* start, const Char* end,
+                                 bool negative, bool allow_trailing_junk) {
+  const Char* current = start;
+  DCHECK_NE(current, end);
 
   // Skip leading 0s.
   while (*current == '0') {
@@ -191,11 +194,11 @@ double InternalStringToIntDouble(Iterator current, EndMark end, bool negative,
 
   int64_t number = 0;
   int exponent = 0;
-  const int radix = (1 << radix_log_2);
+  constexpr int radix = (1 << radix_log_2);
 
-  int lim_0 = '0' + (radix < 10 ? radix : 10);
-  int lim_a = 'a' + (radix - 10);
-  int lim_A = 'A' + (radix - 10);
+  constexpr int lim_0 = '0' + (radix < 10 ? radix : 10);
+  constexpr int lim_a = 'a' + (radix - 10);
+  constexpr int lim_A = 'A' + (radix - 10);
 
   do {
     int digit;
@@ -206,11 +209,10 @@ double InternalStringToIntDouble(Iterator current, EndMark end, bool negative,
     } else if (*current >= 'A' && *current < lim_A) {
       digit = static_cast<char>(*current) - 'A' + 10;
     } else {
-      if (allow_trailing_junk || !AdvanceToNonspace(&current, end)) {
-        break;
-      } else {
-        return JunkStringValue();
-      }
+      // We've not found any digits, this must be junk.
+      if (current == start) return JunkStringValue();
+      if (allow_trailing_junk || !AdvanceToNonspace(&current, end)) break;
+      return JunkStringValue();
     }
 
     number = number * radix + digit;
@@ -362,7 +364,7 @@ class StringToIntHelper {
 
  private:
   template <class Char>
-  void DetectRadixInternal(Char current, int length);
+  void DetectRadixInternal(const Char* current, int length);
 
   Handle<String> subject_;
   const uint8_t* raw_one_byte_subject_ = nullptr;
@@ -393,10 +395,10 @@ void StringToIntHelper::ParseInt() {
 }
 
 template <class Char>
-void StringToIntHelper::DetectRadixInternal(Char current, int length) {
-  Char start = current;
+void StringToIntHelper::DetectRadixInternal(const Char* current, int length) {
+  const Char* start = current;
   length_ = length;
-  Char end = start + length;
+  const Char* end = start + length;
 
   if (!AdvanceToNonspace(&current, end)) {
     return set_state(State::kEmpty);
@@ -460,6 +462,10 @@ void StringToIntHelper::DetectRadixInternal(Char current, int length) {
     ++current;
     if (current == end) return set_state(State::kZero);
   }
+  // Detect leading zeros with junk after them, if allowed.
+  if (leading_zero_ && allow_trailing_junk_ && !isDigit(*current, radix_)) {
+    return set_state(State::kZero);
+  }
 
   if (!leading_zero_ && !isDigit(*current, radix_)) {
     return set_state(State::kJunk);
@@ -482,9 +488,9 @@ class NumberParseIntHelper : public StringToIntHelper {
       : StringToIntHelper(string, radix, length) {}
 
   template <class Char>
-  void ParseInternal(Char start) {
-    Char current = start + cursor();
-    Char end = start + length();
+  void ParseInternal(const Char* start) {
+    const Char* current = start + cursor();
+    const Char* end = start + length();
 
     if (radix() == 10) return HandleBaseTenCase(current, end);
     if (base::bits::IsPowerOfTwo(radix())) {
@@ -518,10 +524,10 @@ class NumberParseIntHelper : public StringToIntHelper {
 
  private:
   template <class Char>
-  void HandleGenericCase(Char current, Char end);
+  void HandleGenericCase(const Char* current, const Char* end);
 
   template <class Char>
-  double HandlePowerOfTwoCase(Char current, Char end) {
+  double HandlePowerOfTwoCase(const Char* current, const Char* end) {
     const bool allow_trailing_junk = true;
     // GetResult() will take care of the sign bit, so ignore it for now.
     const bool negative = false;
@@ -549,7 +555,7 @@ class NumberParseIntHelper : public StringToIntHelper {
   }
 
   template <class Char>
-  void HandleBaseTenCase(Char current, Char end) {
+  void HandleBaseTenCase(const Char* current, const Char* end) {
     // Parsing with strtod.
     const int kMaxSignificantDigits = 309;  // Doubles are less than 1.8e308.
     // The buffer may contain up to kMaxSignificantDigits + 1 digits and a zero
@@ -579,7 +585,8 @@ class NumberParseIntHelper : public StringToIntHelper {
 };
 
 template <class Char>
-void NumberParseIntHelper::HandleGenericCase(Char current, Char end) {
+void NumberParseIntHelper::HandleGenericCase(const Char* current,
+                                             const Char* end) {
   // The following code causes accumulating rounding error for numbers greater
   // than ~2^56. It's explicitly allowed in the spec: "if R is not 2, 4, 8, 10,
   // 16, or 32, then mathInt may be an implementation-dependent approximation to
@@ -638,14 +645,10 @@ void NumberParseIntHelper::HandleGenericCase(Char current, Char end) {
   return set_state(State::kDone);
 }
 
-// Converts a string to a double value. Assumes the Iterator supports
-// the following operations:
-// 1. current == end (other ops are not allowed), current != end.
-// 2. *current - gets the current character in the sequence.
-// 3. ++current (advances the position).
-template <class Iterator, class EndMark>
-double InternalStringToDouble(Iterator current, EndMark end, int flags,
-                              double empty_string_val) {
+// Converts a string to a double value.
+template <class Char>
+double InternalStringToDouble(const Char* current, const Char* end,
+                              ConversionFlag flag, double empty_string_val) {
   // To make sure that iterator dereferencing is valid the following
   // convention is used:
   // 1. Each '++current' statement is followed by check for equality to 'end'.
@@ -658,7 +661,36 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
     return empty_string_val;
   }
 
-  const bool allow_trailing_junk = (flags & ALLOW_TRAILING_JUNK) != 0;
+  // The non-decimal prefix has to be the first thing after any whitespace,
+  // so check for this first.
+  if (flag == ALLOW_NON_DECIMAL_PREFIX) {
+    // Copy the current iterator, so that on a failure to find the prefix, we
+    // rewind to the start.
+    const Char* prefixed = current;
+    if (*prefixed == '0') {
+      ++prefixed;
+      if (prefixed == end) return 0;
+
+      if (*prefixed == 'x' || *prefixed == 'X') {
+        ++prefixed;
+        if (prefixed == end) return JunkStringValue();  // "0x".
+        return InternalStringToIntDouble<4>(prefixed, end, false, false);
+      } else if (*prefixed == 'o' || *prefixed == 'O') {
+        ++prefixed;
+        if (prefixed == end) return JunkStringValue();  // "0o".
+        return InternalStringToIntDouble<3>(prefixed, end, false, false);
+      } else if (*prefixed == 'b' || *prefixed == 'B') {
+        ++prefixed;
+        if (prefixed == end) return JunkStringValue();  // "0b".
+        return InternalStringToIntDouble<1>(prefixed, end, false, false);
+      }
+    }
+  }
+
+  // From here we are parsing a StrDecimalLiteral, as per
+  // https://tc39.es/ecma262/#sec-tonumber-applied-to-the-string-type
+
+  const bool allow_trailing_junk = flag == ALLOW_TRAILING_JUNK;
 
   // Maximum number of significant digits in decimal representation.
   // The longest possible double in decimal representation is
@@ -710,53 +742,16 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
     return (sign == Sign::kNegative) ? -V8_INFINITY : V8_INFINITY;
   }
 
+  // Ignore leading zeros in the integer part.
   bool leading_zero = false;
   if (*current == '0') {
-    ++current;
-    if (current == end) return SignedZero(sign == Sign::kNegative);
-
-    leading_zero = true;
-
-    // It could be hexadecimal value.
-    if ((flags & ALLOW_HEX) && (*current == 'x' || *current == 'X')) {
-      ++current;
-      if (current == end || !isDigit(*current, 16) || sign != Sign::kNone) {
-        return JunkStringValue();  // "0x".
-      }
-
-      return InternalStringToIntDouble<4>(current, end, false,
-                                          allow_trailing_junk);
-
-      // It could be an explicit octal value.
-    } else if ((flags & ALLOW_OCTAL) && (*current == 'o' || *current == 'O')) {
-      ++current;
-      if (current == end || !isDigit(*current, 8) || sign != Sign::kNone) {
-        return JunkStringValue();  // "0o".
-      }
-
-      return InternalStringToIntDouble<3>(current, end, false,
-                                          allow_trailing_junk);
-
-      // It could be a binary value.
-    } else if ((flags & ALLOW_BINARY) && (*current == 'b' || *current == 'B')) {
-      ++current;
-      if (current == end || !isBinaryDigit(*current) || sign != Sign::kNone) {
-        return JunkStringValue();  // "0b".
-      }
-
-      return InternalStringToIntDouble<1>(current, end, false,
-                                          allow_trailing_junk);
-    }
-
-    // Ignore leading zeros in the integer part.
-    while (*current == '0') {
-      ++current;
+    do {
+      current++;
       if (current == end) return SignedZero(sign == Sign::kNegative);
-    }
+    } while (*current == '0');
+    leading_zero = true;
   }
 
-  bool octal = leading_zero && (flags & ALLOW_IMPLICIT_OCTAL) != 0;
-
   // Copy significant digits of the integer part (if any) to the buffer.
   while (*current >= '0' && *current <= '9') {
     if (significant_digits < kMaxSignificantDigits) {
@@ -768,19 +763,11 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
       insignificant_digits++;  // Move the digit into the exponential part.
       nonzero_digit_dropped = nonzero_digit_dropped || *current != '0';
     }
-    octal = octal && *current < '8';
     ++current;
     if (current == end) goto parsing_done;
   }
 
-  if (significant_digits == 0) {
-    octal = false;
-  }
-
   if (*current == '.') {
-    if (octal && !allow_trailing_junk) return JunkStringValue();
-    if (octal) goto parsing_done;
-
     ++current;
     if (current == end) {
       if (significant_digits == 0 && !leading_zero) {
@@ -828,7 +815,6 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
 
   // Parse exponential part.
   if (*current == 'e' || *current == 'E') {
-    if (octal) return JunkStringValue();
     ++current;
     if (current == end) {
       if (allow_trailing_junk) {
@@ -883,12 +869,6 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
 parsing_done:
   exponent += insignificant_digits;
 
-  if (octal) {
-    return InternalStringToIntDouble<3>(buffer, buffer + buffer_pos,
-                                        sign == Sign::kNegative,
-                                        allow_trailing_junk);
-  }
-
   if (nonzero_digit_dropped) {
     buffer[buffer_pos++] = '1';
     exponent--;
@@ -902,25 +882,48 @@ double InternalStringToDouble(Iterator current, EndMark end, int flags,
   return (sign == Sign::kNegative) ? -converted : converted;
 }
 
-double StringToDouble(const char* str, int flags, double empty_string_val) {
+double StringToDouble(const char* str, ConversionFlag flags,
+                      double empty_string_val) {
   // We use {base::OneByteVector} instead of {base::CStrVector} to avoid
   // instantiating the InternalStringToDouble() template for {const char*} as
   // well.
   return StringToDouble(base::OneByteVector(str), flags, empty_string_val);
 }
 
-double StringToDouble(base::Vector<const uint8_t> str, int flags,
+double StringToDouble(base::Vector<const uint8_t> str, ConversionFlag flags,
                       double empty_string_val) {
   return InternalStringToDouble(str.begin(), str.end(), flags,
                                 empty_string_val);
 }
 
-double StringToDouble(base::Vector<const base::uc16> str, int flags,
+double StringToDouble(base::Vector<const base::uc16> str, ConversionFlag flags,
                       double empty_string_val) {
   const base::uc16* end = str.begin() + str.length();
   return InternalStringToDouble(str.begin(), end, flags, empty_string_val);
 }
 
+double BinaryStringToDouble(base::Vector<const uint8_t> str) {
+  DCHECK_EQ(str[0], '0');
+  DCHECK_EQ(tolower(str[1]), 'b');
+  return InternalStringToIntDouble<1>(str.begin() + 2, str.end(), false, false);
+}
+
+double OctalStringToDouble(base::Vector<const uint8_t> str) {
+  DCHECK_EQ(str[0], '0');
+  DCHECK_EQ(tolower(str[1]), 'o');
+  return InternalStringToIntDouble<3>(str.begin() + 2, str.end(), false, false);
+}
+
+double HexStringToDouble(base::Vector<const uint8_t> str) {
+  DCHECK_EQ(str[0], '0');
+  DCHECK_EQ(tolower(str[1]), 'x');
+  return InternalStringToIntDouble<4>(str.begin() + 2, str.end(), false, false);
+}
+
+double ImplicitOctalStringToDouble(base::Vector<const uint8_t> str) {
+  return InternalStringToIntDouble<3>(str.begin(), str.end(), false, false);
+}
+
 double StringToInt(Isolate* isolate, Handle<String> string, int radix) {
   NumberParseIntHelper helper(string, radix);
   return helper.GetResult();
@@ -1007,10 +1010,10 @@ class StringToBigIntHelper : public StringToIntHelper {
 
  private:
   template <class Char>
-  void ParseInternal(Char start) {
+  void ParseInternal(const Char* start) {
     using Result = bigint::FromStringAccumulator::Result;
-    Char current = start + cursor();
-    Char end = start + length();
+    const Char* current = start + cursor();
+    const Char* end = start + length();
     current = accumulator_.Parse(current, end, radix());
 
     Result result = accumulator_.result();
@@ -1442,49 +1445,48 @@ char* DoubleToRadixCString(double value, int radix) {
 }
 
 // ES6 18.2.4 parseFloat(string)
-double StringToDouble(Isolate* isolate, Handle<String> string, int flags,
-                      double empty_string_val) {
+double StringToDouble(Isolate* isolate, Handle<String> string,
+                      ConversionFlag flag, double empty_string_val) {
   DirectHandle<String> flattened = String::Flatten(isolate, string);
-  return FlatStringToDouble(*flattened, flags, empty_string_val);
+  return FlatStringToDouble(*flattened, flag, empty_string_val);
 }
 
-double FlatStringToDouble(Tagged<String> string, int flags,
+double FlatStringToDouble(Tagged<String> string, ConversionFlag flag,
                           double empty_string_val) {
   DisallowGarbageCollection no_gc;
   DCHECK(string->IsFlat());
   String::FlatContent flat = string->GetFlatContent(no_gc);
   DCHECK(flat.IsFlat());
   if (flat.IsOneByte()) {
-    return StringToDouble(flat.ToOneByteVector(), flags, empty_string_val);
+    return StringToDouble(flat.ToOneByteVector(), flag, empty_string_val);
   } else {
-    return StringToDouble(flat.ToUC16Vector(), flags, empty_string_val);
+    return StringToDouble(flat.ToUC16Vector(), flag, empty_string_val);
   }
 }
 
-base::Optional<double> TryStringToDouble(LocalIsolate* isolate,
-                                         DirectHandle<String> object,
-                                         int max_length_for_conversion) {
+std::optional<double> TryStringToDouble(LocalIsolate* isolate,
+                                        DirectHandle<String> object,
+                                        int max_length_for_conversion) {
   DisallowGarbageCollection no_gc;
   int length = object->length();
   if (length > max_length_for_conversion) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
-  const int flags = ALLOW_HEX | ALLOW_OCTAL | ALLOW_BINARY;
   auto buffer = std::make_unique<base::uc16[]>(max_length_for_conversion);
   SharedStringAccessGuardIfNeeded access_guard(isolate);
   String::WriteToFlat(*object, buffer.get(), 0, length, access_guard);
   base::Vector<const base::uc16> v(buffer.get(), length);
-  return StringToDouble(v, flags);
+  return StringToDouble(v, ALLOW_NON_DECIMAL_PREFIX);
 }
 
-base::Optional<double> TryStringToInt(LocalIsolate* isolate,
-                                      DirectHandle<String> object, int radix) {
+std::optional<double> TryStringToInt(LocalIsolate* isolate,
+                                     DirectHandle<String> object, int radix) {
   DisallowGarbageCollection no_gc;
   const int kMaxLengthForConversion = 20;
   int length = object->length();
   if (length > kMaxLengthForConversion) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   if (String::IsOneByteRepresentationUnderneath(*object)) {
@@ -1556,7 +1558,7 @@ bool IsSpecialIndex(Tagged<String> string,
   }
   // Slow path: test DoubleToString(StringToDouble(string)) == string.
   base::Vector<const uint16_t> vector(buffer, length);
-  double d = StringToDouble(vector, NO_CONVERSION_FLAGS);
+  double d = StringToDouble(vector, NO_CONVERSION_FLAG);
   if (std::isnan(d)) return false;
   // Compute reverse string.
   char reverse_buffer[kBufferSize + 1];  // Result will be /0 terminated.
diff --git a/deps/v8/src/numbers/conversions.h b/deps/v8/src/numbers/conversions.h
index 05bd4a6a372d8b..7a0da00c63ff4b 100644
--- a/deps/v8/src/numbers/conversions.h
+++ b/deps/v8/src/numbers/conversions.h
@@ -5,10 +5,11 @@
 #ifndef V8_NUMBERS_CONVERSIONS_H_
 #define V8_NUMBERS_CONVERSIONS_H_
 
+#include <optional>
+
 #include "src/base/export-template.h"
 #include "src/base/logging.h"
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/base/strings.h"
 #include "src/base/vector.h"
 #include "src/common/globals.h"
@@ -121,26 +122,41 @@ inline uint32_t DoubleToUint32(double x);
 inline int64_t DoubleToInt64(double x);
 inline uint64_t DoubleToUint64(double x);
 
-// Enumeration for allowing octals and ignoring junk when converting
-// strings to numbers.
-enum ConversionFlags {
-  NO_CONVERSION_FLAGS = 0,
-  ALLOW_HEX = 1,
-  ALLOW_OCTAL = 2,
-  ALLOW_IMPLICIT_OCTAL = 4,
-  ALLOW_BINARY = 8,
-  ALLOW_TRAILING_JUNK = 16
+// Enumeration for allowing radix prefixes or ignoring junk when converting
+// strings to numbers. We never need to be able to allow both.
+enum ConversionFlag {
+  NO_CONVERSION_FLAG,
+  ALLOW_NON_DECIMAL_PREFIX,
+  ALLOW_TRAILING_JUNK
 };
 
 // Converts a string into a double value according to ECMA-262 9.3.1
-double StringToDouble(base::Vector<const uint8_t> str, int flags,
+double StringToDouble(base::Vector<const uint8_t> str, ConversionFlag flag,
                       double empty_string_val = 0);
-double StringToDouble(base::Vector<const base::uc16> str, int flags,
+double StringToDouble(base::Vector<const base::uc16> str, ConversionFlag flag,
                       double empty_string_val = 0);
 // This version expects a zero-terminated character array.
-double V8_EXPORT_PRIVATE StringToDouble(const char* str, int flags,
+double V8_EXPORT_PRIVATE StringToDouble(const char* str, ConversionFlag flag,
                                         double empty_string_val = 0);
 
+// Converts a binary string (of the form `0b[0-1]*`) into a double value
+// according to https://tc39.es/ecma262/#sec-numericvalue
+double V8_EXPORT_PRIVATE BinaryStringToDouble(base::Vector<const uint8_t> str);
+
+// Converts an octal string (of the form `0o[0-8]*`) into a double value
+// according to https://tc39.es/ecma262/#sec-numericvalue
+double V8_EXPORT_PRIVATE OctalStringToDouble(base::Vector<const uint8_t> str);
+
+// Converts a hex string (of the form `0x[0-9a-f]*`) into a double value
+// according to https://tc39.es/ecma262/#sec-numericvalue
+double V8_EXPORT_PRIVATE HexStringToDouble(base::Vector<const uint8_t> str);
+
+// Converts an implicit octal string (a.k.a. LegacyOctalIntegerLiteral, of the
+// form `0[0-7]*`) into a double value according to
+// https://tc39.es/ecma262/#sec-numericvalue
+double V8_EXPORT_PRIVATE
+ImplicitOctalStringToDouble(base::Vector<const uint8_t> str);
+
 double StringToInt(Isolate* isolate, Handle<String> string, int radix);
 
 // This follows https://tc39.github.io/proposal-bigint/#sec-string-to-bigint
@@ -211,21 +227,21 @@ inline uint32_t NumberToUint32(Tagged<Object> number);
 inline int64_t NumberToInt64(Tagged<Object> number);
 inline uint64_t PositiveNumberToUint64(Tagged<Object> number);
 
-double StringToDouble(Isolate* isolate, Handle<String> string, int flags,
-                      double empty_string_val = 0.0);
-double FlatStringToDouble(Tagged<String> string, int flags,
+double StringToDouble(Isolate* isolate, Handle<String> string,
+                      ConversionFlag flags, double empty_string_val = 0.0);
+double FlatStringToDouble(Tagged<String> string, ConversionFlag flags,
                           double empty_string_val);
 
 // String to double helper without heap allocation.
-// Returns base::nullopt if the string is longer than
+// Returns std::nullopt if the string is longer than
 // {max_length_for_conversion}. 23 was chosen because any representable double
 // can be represented using a string of length 23.
-V8_EXPORT_PRIVATE base::Optional<double> TryStringToDouble(
+V8_EXPORT_PRIVATE std::optional<double> TryStringToDouble(
     LocalIsolate* isolate, DirectHandle<String> object,
     int max_length_for_conversion = 23);
 
-// Return base::nullopt if the string is longer than 20.
-V8_EXPORT_PRIVATE base::Optional<double> TryStringToInt(
+// Return std::nullopt if the string is longer than 20.
+V8_EXPORT_PRIVATE std::optional<double> TryStringToInt(
     LocalIsolate* isolate, DirectHandle<String> object, int radix);
 
 inline bool TryNumberToSize(Tagged<Object> number, size_t* result);
diff --git a/deps/v8/src/numbers/integer-literal.h b/deps/v8/src/numbers/integer-literal.h
index 5ac3ae76eeecc9..0cedae7e424539 100644
--- a/deps/v8/src/numbers/integer-literal.h
+++ b/deps/v8/src/numbers/integer-literal.h
@@ -5,7 +5,8 @@
 #ifndef V8_NUMBERS_INTEGER_LITERAL_H_
 #define V8_NUMBERS_INTEGER_LITERAL_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/common/globals.h"
 
 namespace v8 {
@@ -43,9 +44,9 @@ class IntegerLiteral {
   }
 
   template <typename T>
-  base::Optional<T> TryTo() const {
+  std::optional<T> TryTo() const {
     static_assert(std::is_integral<T>::value, "Integral type required");
-    if (!IsRepresentableAs<T>()) return base::nullopt;
+    if (!IsRepresentableAs<T>()) return std::nullopt;
     return To<T>();
   }
 
diff --git a/deps/v8/src/objects/backing-store.cc b/deps/v8/src/objects/backing-store.cc
index e023ffd1384af7..6ffaf4218ef37d 100644
--- a/deps/v8/src/objects/backing-store.cc
+++ b/deps/v8/src/objects/backing-store.cc
@@ -5,6 +5,7 @@
 #include "src/objects/backing-store.h"
 
 #include <cstring>
+#include <optional>
 
 #include "src/base/bits.h"
 #include "src/execution/isolate.h"
@@ -26,8 +27,7 @@
     if (v8_flags.trace_backing_store) PrintF(__VA_ARGS__); \
   } while (false)
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 
@@ -471,9 +471,9 @@ std::unique_ptr<BackingStore> BackingStore::CopyWasmMemory(
 }
 
 // Try to grow the size of a wasm memory in place, without realloc + copy.
-base::Optional<size_t> BackingStore::GrowWasmMemoryInPlace(Isolate* isolate,
-                                                           size_t delta_pages,
-                                                           size_t max_pages) {
+std::optional<size_t> BackingStore::GrowWasmMemoryInPlace(Isolate* isolate,
+                                                          size_t delta_pages,
+                                                          size_t max_pages) {
   // This function grows wasm memory by
   // * changing the permissions of additional {delta_pages} pages to kReadWrite;
   // * increment {byte_length_};
@@ -911,7 +911,6 @@ void GlobalBackingStoreRegistry::UpdateSharedWasmMemoryObjects(
 }
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #undef TRACE_BS
diff --git a/deps/v8/src/objects/backing-store.h b/deps/v8/src/objects/backing-store.h
index dbfb2a8f6be6c6..33eb0b0d2aa682 100644
--- a/deps/v8/src/objects/backing-store.h
+++ b/deps/v8/src/objects/backing-store.h
@@ -6,14 +6,13 @@
 #define V8_OBJECTS_BACKING_STORE_H_
 
 #include <memory>
+#include <optional>
 
 #include "include/v8-array-buffer.h"
 #include "include/v8-internal.h"
-#include "src/base/optional.h"
 #include "src/handles/handles.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class Isolate;
 class WasmMemoryObject;
@@ -111,9 +110,9 @@ class V8_EXPORT_PRIVATE BackingStore : public BackingStoreBase {
 
 #if V8_ENABLE_WEBASSEMBLY
   // Attempt to grow this backing store in place.
-  base::Optional<size_t> GrowWasmMemoryInPlace(Isolate* isolate,
-                                               size_t delta_pages,
-                                               size_t max_pages);
+  std::optional<size_t> GrowWasmMemoryInPlace(Isolate* isolate,
+                                              size_t delta_pages,
+                                              size_t max_pages);
 
   // Allocate a new, larger, backing store for this Wasm memory and copy the
   // contents of this backing store into it.
@@ -258,7 +257,6 @@ class GlobalBackingStoreRegistry {
   static void UpdateSharedWasmMemoryObjects(Isolate* isolate);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_OBJECTS_BACKING_STORE_H_
diff --git a/deps/v8/src/objects/bytecode-array-inl.h b/deps/v8/src/objects/bytecode-array-inl.h
index 667c9f794d7f60..0922d3e1c255cc 100644
--- a/deps/v8/src/objects/bytecode-array-inl.h
+++ b/deps/v8/src/objects/bytecode-array-inl.h
@@ -181,11 +181,6 @@ OBJECT_CONSTRUCTORS_IMPL(BytecodeWrapper, Struct)
 TRUSTED_POINTER_ACCESSORS(BytecodeWrapper, bytecode, BytecodeArray,
                           kBytecodeOffset, kBytecodeArrayIndirectPointerTag)
 
-void BytecodeWrapper::clear_padding() {
-  WriteField<int32_t>(kPadding1Offset, 0);
-  WriteField<int32_t>(kPadding2Offset, 0);
-}
-
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/src/objects/bytecode-array.h b/deps/v8/src/objects/bytecode-array.h
index dc65a612dc2626..fa9bc00da0e089 100644
--- a/deps/v8/src/objects/bytecode-array.h
+++ b/deps/v8/src/objects/bytecode-array.h
@@ -162,22 +162,14 @@ class BytecodeWrapper : public Struct {
   DECL_PRINTER(BytecodeWrapper)
   DECL_VERIFIER(BytecodeWrapper)
 
-  // When flushing bytecode, we in-place convert the wrapper object to an
-  // UncompiledData object (we cannot convert the BytecodeArray itself as that
-  // lives in trusted space). As such, the wrapper object must be at least as
-  // large as an UncompiledData object and therefore requires padding.
 #define FIELD_LIST(V)                     \
   V(kBytecodeOffset, kTrustedPointerSize) \
-  V(kPadding1Offset, kInt32Size)          \
-  V(kPadding2Offset, kInt32Size)          \
   V(kHeaderSize, 0)                       \
   V(kSize, 0)
 
   DEFINE_FIELD_OFFSET_CONSTANTS(Struct::kHeaderSize, FIELD_LIST)
 #undef FIELD_LIST
 
-  inline void clear_padding();
-
   class BodyDescriptor;
 
   OBJECT_CONSTRUCTORS(BytecodeWrapper, Struct);
diff --git a/deps/v8/src/objects/bytecode-array.tq b/deps/v8/src/objects/bytecode-array.tq
index e228d887a158f6..d98cd235907ab2 100644
--- a/deps/v8/src/objects/bytecode-array.tq
+++ b/deps/v8/src/objects/bytecode-array.tq
@@ -25,10 +25,7 @@ extern class BytecodeArray extends ExposedTrustedObject {
 // for example because it is stored inside an array of tagged values.
 @cppObjectDefinition
 extern class BytecodeWrapper extends Struct {
-  @if(V8_ENABLE_SANDBOX) bytecode: IndirectPointer<BytecodeArray>;
-  @ifnot(V8_ENABLE_SANDBOX) bytecode: BytecodeArray;
-  padding1: int32;
-  padding2: int32;
+  bytecode: TrustedPointer<BytecodeArray>;
 }
 
 extern class Code extends ExposedTrustedObject;
diff --git a/deps/v8/src/objects/call-site-info-inl.h b/deps/v8/src/objects/call-site-info-inl.h
index ee8b136fbd8669..605eebd093f80a 100644
--- a/deps/v8/src/objects/call-site-info-inl.h
+++ b/deps/v8/src/objects/call-site-info-inl.h
@@ -26,6 +26,10 @@ BOOL_GETTER(CallSiteInfo, flags, IsWasm, IsWasmBit::kShift)
 BOOL_GETTER(CallSiteInfo, flags, IsAsmJsWasm, IsAsmJsWasmBit::kShift)
 BOOL_GETTER(CallSiteInfo, flags, IsAsmJsAtNumberConversion,
             IsAsmJsAtNumberConversionBit::kShift)
+#if V8_ENABLE_DRUMBRAKE
+BOOL_GETTER(CallSiteInfo, flags, IsWasmInterpretedFrame,
+            IsWasmInterpretedFrameBit::kShift)
+#endif  // V8_ENABLE_DRUMBRAKE
 BOOL_GETTER(CallSiteInfo, flags, IsBuiltin, IsBuiltinBit::kShift)
 #endif  // V8_ENABLE_WEBASSEMBLY
 BOOL_GETTER(CallSiteInfo, flags, IsStrict, IsStrictBit::kShift)
@@ -33,7 +37,7 @@ BOOL_GETTER(CallSiteInfo, flags, IsConstructor, IsConstructorBit::kShift)
 BOOL_GETTER(CallSiteInfo, flags, IsAsync, IsAsyncBit::kShift)
 
 Tagged<HeapObject> CallSiteInfo::code_object(IsolateForSandbox isolate) const {
-  DCHECK(!IsTrustedPointerFieldCleared(kCodeObjectOffset));
+  DCHECK(!IsTrustedPointerFieldEmpty(kCodeObjectOffset));
   // The field can contain either a Code or a BytecodeArray, so we need to use
   // the kUnknownIndirectPointerTag. Since we can then no longer rely on the
   // type-checking mechanism of trusted pointers we need to perform manual type
diff --git a/deps/v8/src/objects/call-site-info.cc b/deps/v8/src/objects/call-site-info.cc
index ebe16b47d699cb..5ffc856e41ab06 100644
--- a/deps/v8/src/objects/call-site-info.cc
+++ b/deps/v8/src/objects/call-site-info.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/call-site-info.h"
 
+#include <optional>
+
 #include "src/base/strings.h"
 #include "src/objects/call-site-info-inl.h"
 #include "src/objects/shared-function-info.h"
@@ -13,8 +15,7 @@
 #include "src/debug/debug-wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 bool CallSiteInfo::IsPromiseAll() const {
   if (!IsAsync()) return false;
@@ -604,12 +605,23 @@ int CallSiteInfo::ComputeSourcePosition(DirectHandle<CallSiteInfo> info,
                                         int offset) {
   Isolate* isolate = info->GetIsolate();
 #if V8_ENABLE_WEBASSEMBLY
-  if (info->IsWasm()) {
-    auto module = info->GetWasmInstance()->trusted_data(isolate)->module();
+#if V8_ENABLE_DRUMBRAKE
+  if (info->IsWasmInterpretedFrame()) {
+    auto module = info->GetWasmInstance()->module();
     uint32_t func_index = info->GetWasmFunctionIndex();
     return wasm::GetSourcePosition(module, func_index, offset,
                                    info->IsAsmJsAtNumberConversion());
+  } else {
+#endif  // V8_ENABLE_DRUMBRAKE
+    if (info->IsWasm()) {
+      auto module = info->GetWasmInstance()->trusted_data(isolate)->module();
+      uint32_t func_index = info->GetWasmFunctionIndex();
+      return wasm::GetSourcePosition(module, func_index, offset,
+                                     info->IsAsmJsAtNumberConversion());
+    }
+#if V8_ENABLE_DRUMBRAKE
   }
+#endif  // V8_ENABLE_DRUMBRAKE
   if (info->IsBuiltin()) {
     return 0;
   }
@@ -621,7 +633,7 @@ int CallSiteInfo::ComputeSourcePosition(DirectHandle<CallSiteInfo> info,
   return Cast<AbstractCode>(code)->SourcePosition(isolate, offset);
 }
 
-base::Optional<Tagged<Script>> CallSiteInfo::GetScript() const {
+std::optional<Tagged<Script>> CallSiteInfo::GetScript() const {
 #if V8_ENABLE_WEBASSEMBLY
   if (IsWasm()) {
     return GetWasmInstance()
@@ -630,12 +642,12 @@ base::Optional<Tagged<Script>> CallSiteInfo::GetScript() const {
         ->script();
   }
   if (IsBuiltin()) {
-    return base::nullopt;
+    return std::nullopt;
   }
 #endif  // V8_ENABLE_WEBASSEMBLY
   Tagged<Object> script = GetSharedFunctionInfo()->script();
   if (IsScript(script)) return Cast<Script>(script);
-  return base::nullopt;
+  return std::nullopt;
 }
 
 Tagged<SharedFunctionInfo> CallSiteInfo::GetSharedFunctionInfo() const {
@@ -661,7 +673,7 @@ bool IsNonEmptyString(DirectHandle<Object> object) {
   return (IsString(*object) && Cast<String>(*object)->length() > 0);
 }
 
-void AppendFileLocation(Isolate* isolate, Handle<CallSiteInfo> frame,
+void AppendFileLocation(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
                         IncrementalStringBuilder* builder) {
   Handle<Object> script_name_or_source_url(frame->GetScriptNameOrSourceURL(),
                                            isolate);
@@ -771,7 +783,7 @@ void AppendMethodCall(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
   }
 }
 
-void SerializeJSStackFrame(Isolate* isolate, Handle<CallSiteInfo> frame,
+void SerializeJSStackFrame(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
                            IncrementalStringBuilder* builder) {
   Handle<Object> function_name = CallSiteInfo::GetFunctionName(frame);
   if (frame->IsAsync()) {
@@ -807,7 +819,7 @@ void SerializeJSStackFrame(Isolate* isolate, Handle<CallSiteInfo> frame,
 }
 
 #if V8_ENABLE_WEBASSEMBLY
-void SerializeWasmStackFrame(Isolate* isolate, Handle<CallSiteInfo> frame,
+void SerializeWasmStackFrame(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
                              IncrementalStringBuilder* builder) {
   Handle<Object> module_name = CallSiteInfo::GetWasmModuleName(frame);
   Handle<Object> function_name = CallSiteInfo::GetFunctionName(frame);
@@ -856,7 +868,7 @@ void SerializeBuiltinStackFrame(Isolate* isolate,
 
 }  // namespace
 
-void SerializeCallSiteInfo(Isolate* isolate, Handle<CallSiteInfo> frame,
+void SerializeCallSiteInfo(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
                            IncrementalStringBuilder* builder) {
 #if V8_ENABLE_WEBASSEMBLY
   if (frame->IsWasm() && !frame->IsAsmJsWasm()) {
@@ -872,11 +884,10 @@ void SerializeCallSiteInfo(Isolate* isolate, Handle<CallSiteInfo> frame,
 }
 
 MaybeHandle<String> SerializeCallSiteInfo(Isolate* isolate,
-                                          Handle<CallSiteInfo> frame) {
+                                          DirectHandle<CallSiteInfo> frame) {
   IncrementalStringBuilder builder(isolate);
   SerializeCallSiteInfo(isolate, frame, &builder);
   return indirect_handle(builder.Finish(), isolate);
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/call-site-info.h b/deps/v8/src/objects/call-site-info.h
index 1dd7111a13e431..1652d977ff869a 100644
--- a/deps/v8/src/objects/call-site-info.h
+++ b/deps/v8/src/objects/call-site-info.h
@@ -5,14 +5,15 @@
 #ifndef V8_OBJECTS_CALL_SITE_INFO_H_
 #define V8_OBJECTS_CALL_SITE_INFO_H_
 
+#include <optional>
+
 #include "src/objects/struct.h"
 #include "torque-generated/bit-fields.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class MessageLocation;
 class WasmInstanceObject;
@@ -29,6 +30,9 @@ class CallSiteInfo : public TorqueGeneratedCallSiteInfo<CallSiteInfo, Struct> {
   inline bool IsWasm() const;
   inline bool IsAsmJsWasm() const;
   inline bool IsAsmJsAtNumberConversion() const;
+#if V8_ENABLE_DRUMBRAKE
+  inline bool IsWasmInterpretedFrame() const;
+#endif  // V8_ENABLE_DRUMBRAKE
   inline bool IsBuiltin() const;
 #endif  // V8_ENABLE_WEBASSEMBLY
 
@@ -102,21 +106,20 @@ class CallSiteInfo : public TorqueGeneratedCallSiteInfo<CallSiteInfo, Struct> {
  private:
   static int ComputeSourcePosition(DirectHandle<CallSiteInfo> info, int offset);
 
-  base::Optional<Tagged<Script>> GetScript() const;
+  std::optional<Tagged<Script>> GetScript() const;
   Tagged<SharedFunctionInfo> GetSharedFunctionInfo() const;
 
   TQ_OBJECT_CONSTRUCTORS(CallSiteInfo)
 };
 
 class IncrementalStringBuilder;
-void SerializeCallSiteInfo(Isolate* isolate, Handle<CallSiteInfo> frame,
+void SerializeCallSiteInfo(Isolate* isolate, DirectHandle<CallSiteInfo> frame,
                            IncrementalStringBuilder* builder);
 V8_EXPORT_PRIVATE
 MaybeHandle<String> SerializeCallSiteInfo(Isolate* isolate,
-                                          Handle<CallSiteInfo> frame);
+                                          DirectHandle<CallSiteInfo> frame);
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/call-site-info.tq b/deps/v8/src/objects/call-site-info.tq
index caef2a7a2c8bd2..69417b4e80aa58 100644
--- a/deps/v8/src/objects/call-site-info.tq
+++ b/deps/v8/src/objects/call-site-info.tq
@@ -9,6 +9,7 @@ bitfield struct CallSiteInfoFlags extends uint31 {
   is_constructor: bool: 1 bit;
   is_asm_js_at_number_conversion: bool: 1 bit;
   is_async: bool: 1 bit;
+  @if(V8_ENABLE_DRUMBRAKE) is_wasm_interpreted_frame: bool: 1 bit;
   is_builtin: bool: 1 bit;
 
   // whether offset_or_source_position contains the source position.
@@ -18,8 +19,7 @@ bitfield struct CallSiteInfoFlags extends uint31 {
 extern class CallSiteInfo extends Struct {
   // A direct (sandbox off) or indirect (sandbox on) pointer to a Code or a
   // BytecodeArray object. May be empty, in which case it contains Smi::zero().
-  @if(V8_ENABLE_SANDBOX) code_object: IndirectPointer;
-  @ifnot(V8_ENABLE_SANDBOX) code_object: Object;
+  code_object: TrustedPointer<Code|BytecodeArray>;
   receiver_or_instance: JSAny;
   function: JSFunction|Smi;
   code_offset_or_source_position: Smi;
diff --git a/deps/v8/src/objects/code-inl.h b/deps/v8/src/objects/code-inl.h
index fb7d53a7991f6e..874ca61d4ad5d8 100644
--- a/deps/v8/src/objects/code-inl.h
+++ b/deps/v8/src/objects/code-inl.h
@@ -120,7 +120,7 @@ inline void Code::clear_deoptimization_data_and_interpreter_data() {
 }
 
 inline bool Code::has_deoptimization_data_or_interpreter_data() const {
-  return !IsProtectedPointerFieldCleared(
+  return !IsProtectedPointerFieldEmpty(
       kDeoptimizationDataOrInterpreterDataOffset);
 }
 
diff --git a/deps/v8/src/objects/compilation-cache-table-inl.h b/deps/v8/src/objects/compilation-cache-table-inl.h
index 1de0646ce5e547..fdb05a13074c66 100644
--- a/deps/v8/src/objects/compilation-cache-table-inl.h
+++ b/deps/v8/src/objects/compilation-cache-table-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_COMPILATION_CACHE_TABLE_INL_H_
 #define V8_OBJECTS_COMPILATION_CACHE_TABLE_INL_H_
 
+#include <optional>
+
 #include "src/objects/compilation-cache-table.h"
 #include "src/objects/name-inl.h"
 #include "src/objects/script-inl.h"
@@ -15,8 +17,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 CompilationCacheTable::CompilationCacheTable(Address ptr)
     : HashTable<CompilationCacheTable, CompilationCacheShape>(ptr) {
@@ -77,7 +78,7 @@ class ScriptCacheKey : public HashTableKey {
   Handle<Object> AsHandle(Isolate* isolate,
                           DirectHandle<SharedFunctionInfo> shared);
 
-  static base::Optional<Tagged<String>> SourceFromObject(Tagged<Object> obj) {
+  static std::optional<Tagged<String>> SourceFromObject(Tagged<Object> obj) {
     DisallowGarbageCollection no_gc;
     DCHECK(IsWeakFixedArray(obj));
     Tagged<WeakFixedArray> array = Cast<WeakFixedArray>(obj);
@@ -148,25 +149,27 @@ uint32_t CompilationCacheShape::HashForObject(ReadOnlyRoots roots,
         Cast<WeakFixedArray>(object)->get(ScriptCacheKey::kHash).ToSmi()));
   }
 
-  // Eval: See EvalCacheKey::ToHandle for the encoding.
-  Tagged<FixedArray> val = Cast<FixedArray>(object);
-  if (val->map() == roots.fixed_cow_array_map()) {
-    DCHECK_EQ(4, val->length());
-    Tagged<String> source = Cast<String>(val->get(1));
-    int language_unchecked = Smi::ToInt(val->get(2));
-    DCHECK(is_valid_language_mode(language_unchecked));
-    LanguageMode language_mode = static_cast<LanguageMode>(language_unchecked);
-    int position = Smi::ToInt(val->get(3));
-    Tagged<Object> shared = val->get(0);
-    return EvalHash(source, Cast<SharedFunctionInfo>(shared), language_mode,
-                    position);
+  // RegExpData: The key field (and the value field) contains the RegExpData
+  // object.
+  if (IsRegExpDataWrapper(object)) {
+    Tagged<RegExpDataWrapper> re_wrapper = Cast<RegExpDataWrapper>(object);
+    Isolate* isolate = GetIsolateFromWritableObject(re_wrapper);
+    Tagged<RegExpData> data = re_wrapper->data(isolate);
+    return RegExpHash(data->source(), Smi::FromInt(data->flags()));
   }
 
-  // RegExp: The key field (and the value field) contains the
-  // JSRegExp::data fixed array.
-  DCHECK_GE(val->length(), JSRegExp::kMinDataArrayLength);
-  return RegExpHash(Cast<String>(val->get(JSRegExp::kSourceIndex)),
-                    Cast<Smi>(val->get(JSRegExp::kFlagsIndex)));
+  // Eval: See EvalCacheKey::ToHandle for the encoding.
+  Tagged<FixedArray> val = Cast<FixedArray>(object);
+  DCHECK_EQ(val->map(), roots.fixed_cow_array_map());
+  DCHECK_EQ(4, val->length());
+  Tagged<String> source = Cast<String>(val->get(1));
+  int language_unchecked = Smi::ToInt(val->get(2));
+  DCHECK(is_valid_language_mode(language_unchecked));
+  LanguageMode language_mode = static_cast<LanguageMode>(language_unchecked);
+  int position = Smi::ToInt(val->get(3));
+  Tagged<Object> shared = val->get(0);
+  return EvalHash(source, Cast<SharedFunctionInfo>(shared), language_mode,
+                  position);
 }
 
 InfoCellPair::InfoCellPair(Isolate* isolate, Tagged<SharedFunctionInfo> shared,
@@ -176,8 +179,7 @@ InfoCellPair::InfoCellPair(Isolate* isolate, Tagged<SharedFunctionInfo> shared,
       shared_(shared),
       feedback_cell_(feedback_cell) {}
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/compilation-cache-table.cc b/deps/v8/src/objects/compilation-cache-table.cc
index d3af85add303ee..b3a51ca55823aa 100644
--- a/deps/v8/src/objects/compilation-cache-table.cc
+++ b/deps/v8/src/objects/compilation-cache-table.cc
@@ -196,24 +196,27 @@ class EvalCacheKey : public HashTableKey {
 // RegExpKey carries the source and flags of a regular expression as key.
 class RegExpKey : public HashTableKey {
  public:
-  RegExpKey(Handle<String> string, JSRegExp::Flags flags)
+  RegExpKey(Isolate* isolate, Handle<String> string, JSRegExp::Flags flags)
       : HashTableKey(
             CompilationCacheShape::RegExpHash(*string, Smi::FromInt(flags))),
+        isolate_(isolate),
         string_(string),
-        flags_(Smi::FromInt(flags)) {}
+        flags_(flags) {}
 
   // Rather than storing the key in the hash table, a pointer to the
   // stored value is stored where the key should be.  IsMatch then
   // compares the search key to the found object, rather than comparing
   // a key to a key.
+  // TODO(pthier): Loading the data via TrustedPointerTable on every key check
+  // is not great.
   bool IsMatch(Tagged<Object> obj) override {
-    Tagged<FixedArray> val = Cast<FixedArray>(obj);
-    return string_->Equals(Cast<String>(val->get(JSRegExp::kSourceIndex))) &&
-           (flags_ == val->get(JSRegExp::kFlagsIndex));
+    Tagged<RegExpData> val = Cast<RegExpDataWrapper>(obj)->data(isolate_);
+    return string_->Equals(val->source()) && (flags_ == val->flags());
   }
 
+  Isolate* isolate_;
   Handle<String> string_;
-  Tagged<Smi> flags_;
+  JSRegExp::Flags flags_;
 };
 
 // CodeKey carries the SharedFunctionInfo key associated with a
@@ -482,7 +485,7 @@ Handle<Object> CompilationCacheTable::LookupRegExp(Handle<String> src,
                                                    JSRegExp::Flags flags) {
   Isolate* isolate = GetIsolate();
   DisallowGarbageCollection no_gc;
-  RegExpKey key(src, flags);
+  RegExpKey key(isolate, src, flags);
   InternalIndex entry = FindEntry(isolate, &key);
   if (entry.is_not_found()) return isolate->factory()->undefined_value();
   return Handle<Object>(PrimaryValueAt(entry), isolate);
@@ -601,14 +604,14 @@ Handle<CompilationCacheTable> CompilationCacheTable::PutEval(
 
 Handle<CompilationCacheTable> CompilationCacheTable::PutRegExp(
     Isolate* isolate, Handle<CompilationCacheTable> cache, Handle<String> src,
-    JSRegExp::Flags flags, DirectHandle<FixedArray> value) {
-  RegExpKey key(src, flags);
+    JSRegExp::Flags flags, DirectHandle<RegExpData> value) {
+  RegExpKey key(isolate, src, flags);
   cache = EnsureCapacity(isolate, cache);
   InternalIndex entry = cache->FindInsertionEntry(isolate, key.Hash());
   // We store the value in the key slot, and compare the search key
   // to the stored value with a custom IsMatch function during lookups.
-  cache->SetKeyAt(entry, *value);
-  cache->SetPrimaryValueAt(entry, *value);
+  cache->SetKeyAt(entry, value->wrapper());
+  cache->SetPrimaryValueAt(entry, value->wrapper());
   cache->ElementAdded();
   return cache;
 }
diff --git a/deps/v8/src/objects/compilation-cache-table.h b/deps/v8/src/objects/compilation-cache-table.h
index cbaf567a7bc43b..2e5515949d9d00 100644
--- a/deps/v8/src/objects/compilation-cache-table.h
+++ b/deps/v8/src/objects/compilation-cache-table.h
@@ -147,11 +147,11 @@ class CompilationCacheTable
       DirectHandle<Context> native_context,
       DirectHandle<FeedbackCell> feedback_cell, int position);
 
-  // The RegExp cache contains JSRegExp::data fixed arrays.
+  // The RegExp cache contains RegExpData objects.
   Handle<Object> LookupRegExp(Handle<String> source, JSRegExp::Flags flags);
   static Handle<CompilationCacheTable> PutRegExp(
       Isolate* isolate, Handle<CompilationCacheTable> cache, Handle<String> src,
-      JSRegExp::Flags flags, DirectHandle<FixedArray> value);
+      JSRegExp::Flags flags, DirectHandle<RegExpData> value);
 
   void Remove(Tagged<Object> value);
   void RemoveEntry(InternalIndex entry);
diff --git a/deps/v8/src/objects/contexts.cc b/deps/v8/src/objects/contexts.cc
index c21b2258b59bf8..8aaa104e1ff361 100644
--- a/deps/v8/src/objects/contexts.cc
+++ b/deps/v8/src/objects/contexts.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/contexts.h"
 
+#include <optional>
+
 #include "src/ast/modules.h"
 #include "src/debug/debug.h"
 #include "src/execution/isolate-inl.h"
@@ -12,8 +14,7 @@
 #include "src/objects/module-inl.h"
 #include "src/objects/string-set-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // static
 Handle<ScriptContextTable> ScriptContextTable::New(Isolate* isolate,
@@ -24,7 +25,7 @@ Handle<ScriptContextTable> ScriptContextTable::New(Isolate* isolate,
 
   auto names = NameToIndexHashTable::New(isolate, 16);
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<ScriptContextTable> result =
       Allocate(isolate, capacity, &no_gc, allocation);
   result->set_length(0, kReleaseStore);
@@ -699,5 +700,4 @@ void NativeContext::RunPromiseHook(PromiseHookType type,
 }
 #endif
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/contexts.h b/deps/v8/src/objects/contexts.h
index 66733a72048dfb..6f5b49722aeef5 100644
--- a/deps/v8/src/objects/contexts.h
+++ b/deps/v8/src/objects/contexts.h
@@ -84,6 +84,10 @@ enum ContextLookupFlags {
   V(RAB_GSAB_BIGINT64_ARRAY_MAP_INDEX, Map, rab_gsab_bigint64_array_map)       \
   V(RAB_GSAB_FLOAT16_ARRAY_MAP_INDEX, Map, rab_gsab_float16_array_map)         \
   /* Below is alpha-sorted */                                                  \
+  V(ABSTRACT_MODULE_SOURCE_FUNCTION_INDEX, JSFunction,                         \
+    abstract_module_source_function)                                           \
+  V(ABSTRACT_MODULE_SOURCE_PROTOTYPE_INDEX, JSObject,                          \
+    abstract_module_source_prototype)                                          \
   V(ACCESSOR_PROPERTY_DESCRIPTOR_MAP_INDEX, Map,                               \
     accessor_property_descriptor_map)                                          \
   V(ALLOW_CODE_GEN_FROM_STRINGS_INDEX, Object, allow_code_gen_from_strings)    \
diff --git a/deps/v8/src/objects/debug-objects.tq b/deps/v8/src/objects/debug-objects.tq
index facb6a4160c341..c1e186f4817b40 100644
--- a/deps/v8/src/objects/debug-objects.tq
+++ b/deps/v8/src/objects/debug-objects.tq
@@ -42,18 +42,11 @@ extern class DebugInfo extends Struct {
   // The original uninstrumented bytecode array for functions with break
   // points - the instrumented bytecode is held in the shared function info.
   // Can contain Smi::zero() if cleared.
-  @ifnot(V8_ENABLE_SANDBOX)
-      @cppAcquireLoad @cppReleaseStore original_bytecode_array: Smi
-      |BytecodeArray;
-  @if(V8_ENABLE_SANDBOX) original_bytecode_array:
-      IndirectPointer<BytecodeArray>;
+  original_bytecode_array: TrustedPointer<BytecodeArray>;
   // The debug instrumented bytecode array for functions with break points
   // - also pointed to by the shared function info.
   // Can contain Smi::zero() if cleared.
-  @ifnot(V8_ENABLE_SANDBOX)
-      @cppAcquireLoad @cppReleaseStore debug_bytecode_array: Smi|BytecodeArray;
-  @if(V8_ENABLE_SANDBOX) debug_bytecode_array:
-      IndirectPointer<BytecodeArray>;
+  debug_bytecode_array: TrustedPointer<BytecodeArray>;
 }
 
 @export
diff --git a/deps/v8/src/objects/deoptimization-data-inl.h b/deps/v8/src/objects/deoptimization-data-inl.h
index 0c6d5535a75d75..10906fe9cee20c 100644
--- a/deps/v8/src/objects/deoptimization-data-inl.h
+++ b/deps/v8/src/objects/deoptimization-data-inl.h
@@ -8,6 +8,7 @@
 #include "src/common/ptr-compr-inl.h"
 #include "src/objects/deoptimization-data.h"
 #include "src/objects/fixed-array-inl.h"
+#include "src/objects/js-regexp-inl.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
@@ -94,6 +95,14 @@ inline void DeoptimizationLiteralArray::set(int index, Tagged<Object> value) {
     // a fixed array. However, we can use the BytecodeArray's wrapper object,
     // which exists for exactly this purpose.
     maybe = Cast<BytecodeArray>(value)->wrapper();
+#ifdef V8_ENABLE_SANDBOX
+  } else if (IsRegExpData(value)) {
+    // Store the RegExpData wrapper if the sandbox is enabled, as data lives in
+    // trusted space. We can't store a tagged value to a trusted space object
+    // inside the sandbox, we'd need to go through the trusted pointer table.
+    // Otherwise we can store the RegExpData object directly.
+    maybe = Cast<RegExpData>(value)->wrapper();
+#endif
   } else if (Code::IsWeakObjectInDeoptimizationLiteralArray(value)) {
     maybe = MakeWeak(maybe);
   }
diff --git a/deps/v8/src/objects/deoptimization-data.cc b/deps/v8/src/objects/deoptimization-data.cc
index c255621e1d7928..37b9f2d0b790e9 100644
--- a/deps/v8/src/objects/deoptimization-data.cc
+++ b/deps/v8/src/objects/deoptimization-data.cc
@@ -35,6 +35,10 @@ Handle<Object> DeoptimizationLiteral::Reify(Isolate* isolate) const {
     case DeoptimizationLiteralKind::kUnsignedBigInt64: {
       return BigInt::FromUint64(isolate, uint64_);
     }
+    case DeoptimizationLiteralKind::kHoleNaN: {
+      // Hole NaNs that made it to here represent the undefined value.
+      return isolate->factory()->undefined_value();
+    }
     case DeoptimizationLiteralKind::kWasmI31Ref:
     case DeoptimizationLiteralKind::kWasmInt32:
     case DeoptimizationLiteralKind::kWasmFloat32:
diff --git a/deps/v8/src/objects/deoptimization-data.h b/deps/v8/src/objects/deoptimization-data.h
index ab918bcc8d1bee..c6c113ee14e9bc 100644
--- a/deps/v8/src/objects/deoptimization-data.h
+++ b/deps/v8/src/objects/deoptimization-data.h
@@ -42,6 +42,7 @@ enum class DeoptimizationLiteralKind {
   kNumber,
   kSignedBigInt64,
   kUnsignedBigInt64,
+  kHoleNaN,
   kInvalid,
 
   // These kinds are used by wasm only (as unoptimized JS doesn't have these
@@ -81,6 +82,12 @@ class DeoptimizationLiteral {
   explicit DeoptimizationLiteral(Tagged<Smi> smi)
       : kind_(DeoptimizationLiteralKind::kWasmI31Ref), int64_(smi.value()) {}
 
+  static DeoptimizationLiteral HoleNaN() {
+    DeoptimizationLiteral literal;
+    literal.kind_ = DeoptimizationLiteralKind::kHoleNaN;
+    return literal;
+  }
+
   Handle<Object> object() const { return object_; }
 
   bool operator==(const DeoptimizationLiteral& other) const {
@@ -99,6 +106,8 @@ class DeoptimizationLiteral {
         return int64_ == other.int64_;
       case DeoptimizationLiteralKind::kUnsignedBigInt64:
         return uint64_ == other.uint64_;
+      case DeoptimizationLiteralKind::kHoleNaN:
+        return other.kind() == DeoptimizationLiteralKind::kHoleNaN;
       case DeoptimizationLiteralKind::kInvalid:
         return true;
       case DeoptimizationLiteralKind::kWasmFloat32:
diff --git a/deps/v8/src/objects/descriptor-array-inl.h b/deps/v8/src/objects/descriptor-array-inl.h
index 1992aa0cf05d97..8d52d4dafc8412 100644
--- a/deps/v8/src/objects/descriptor-array-inl.h
+++ b/deps/v8/src/objects/descriptor-array-inl.h
@@ -223,6 +223,7 @@ Tagged<FieldType> DescriptorArray::GetFieldType(
 
 void DescriptorArray::Set(InternalIndex descriptor_number, Tagged<Name> key,
                           Tagged<MaybeObject> value, PropertyDetails details) {
+  CHECK_LT(descriptor_number.as_int(), number_of_descriptors());
   SetKey(descriptor_number, key);
   SetDetails(descriptor_number, details);
   SetValue(descriptor_number, value);
diff --git a/deps/v8/src/objects/dictionary-inl.h b/deps/v8/src/objects/dictionary-inl.h
index ddc982a0e007ea..966996b3eeaf03 100644
--- a/deps/v8/src/objects/dictionary-inl.h
+++ b/deps/v8/src/objects/dictionary-inl.h
@@ -5,7 +5,8 @@
 #ifndef V8_OBJECTS_DICTIONARY_INL_H_
 #define V8_OBJECTS_DICTIONARY_INL_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/execution/isolate-utils-inl.h"
 #include "src/numbers/hash-seed-inl.h"
 #include "src/objects/dictionary.h"
@@ -17,8 +18,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 template <typename Derived, typename Shape>
 Dictionary<Derived, Shape>::Dictionary(Address ptr)
@@ -53,7 +53,7 @@ Tagged<Object> Dictionary<Derived, Shape>::ValueAt(PtrComprCageBase cage_base,
 }
 
 template <typename Derived, typename Shape>
-base::Optional<Tagged<Object>> Dictionary<Derived, Shape>::TryValueAt(
+std::optional<Tagged<Object>> Dictionary<Derived, Shape>::TryValueAt(
     InternalIndex entry) {
 #if DEBUG
   Isolate* isolate;
@@ -405,8 +405,7 @@ void GlobalDictionaryShape::DetailsAtPut(Tagged<Dictionary> dict,
   dict->CellAt(entry)->UpdatePropertyDetailsExceptCellType(value);
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/dictionary.h b/deps/v8/src/objects/dictionary.h
index 2836f5cdd7e787..dcf88440d6ec60 100644
--- a/deps/v8/src/objects/dictionary.h
+++ b/deps/v8/src/objects/dictionary.h
@@ -5,8 +5,9 @@
 #ifndef V8_OBJECTS_DICTIONARY_H_
 #define V8_OBJECTS_DICTIONARY_H_
 
+#include <optional>
+
 #include "src/base/export-template.h"
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/objects/hash-table.h"
 #include "src/objects/property-array.h"
@@ -16,8 +17,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #ifdef V8_ENABLE_SWISS_NAME_DICTIONARY
 class SwissNameDictionary;
@@ -41,7 +41,7 @@ class EXPORT_TEMPLATE_DECLARE(V8_EXPORT_PRIVATE) Dictionary
   inline Tagged<Object> ValueAt(PtrComprCageBase cage_base, InternalIndex entry,
                                 SeqCstAccessTag);
   // Returns {} if we would be reading out of the bounds of the object.
-  inline base::Optional<Tagged<Object>> TryValueAt(InternalIndex entry);
+  inline std::optional<Tagged<Object>> TryValueAt(InternalIndex entry);
 
   // Set the value for entry.
   inline void ValueAtPut(InternalIndex entry, Tagged<Object> value);
@@ -306,7 +306,7 @@ class V8_EXPORT_PRIVATE GlobalDictionary
   inline Tagged<Name> NameAt(PtrComprCageBase cage_base, InternalIndex entry);
   inline void ValueAtPut(InternalIndex entry, Tagged<Object> value);
 
-  base::Optional<Tagged<PropertyCell>>
+  std::optional<Tagged<PropertyCell>>
   TryFindPropertyCellForConcurrentLookupIterator(Isolate* isolate,
                                                  DirectHandle<Name> name,
                                                  RelaxedLoadTag tag);
@@ -453,8 +453,7 @@ struct EnumIndexComparator {
   Tagged<Dictionary> dict;
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/elements.cc b/deps/v8/src/objects/elements.cc
index 7c4ea2b0707eca..f35c23b8d49248 100644
--- a/deps/v8/src/objects/elements.cc
+++ b/deps/v8/src/objects/elements.cc
@@ -752,8 +752,9 @@ class ElementsAccessorBase : public InternalElementsAccessor {
     UNREACHABLE();
   }
 
-  Maybe<bool> Add(Handle<JSObject> object, uint32_t index, Handle<Object> value,
-                  PropertyAttributes attributes, uint32_t new_capacity) final {
+  Maybe<bool> Add(Handle<JSObject> object, uint32_t index,
+                  DirectHandle<Object> value, PropertyAttributes attributes,
+                  uint32_t new_capacity) final {
     return Subclass::AddImpl(object, index, value, attributes, new_capacity);
   }
 
@@ -809,7 +810,7 @@ class ElementsAccessorBase : public InternalElementsAccessor {
 
   static Maybe<bool> SetLengthImpl(Isolate* isolate, Handle<JSArray> array,
                                    uint32_t length,
-                                   Handle<FixedArrayBase> backing_store) {
+                                   DirectHandle<FixedArrayBase> backing_store) {
     DCHECK(!array->SetLengthWouldNormalize(length));
     DCHECK(IsFastElementsKind(array->GetElementsKind()));
     uint32_t old_length = 0;
@@ -932,7 +933,7 @@ class ElementsAccessorBase : public InternalElementsAccessor {
   }
 
   static Maybe<bool> TransitionElementsKindImpl(Handle<JSObject> object,
-                                                Handle<Map> to_map) {
+                                                DirectHandle<Map> to_map) {
     Isolate* isolate = object->GetIsolate();
     DirectHandle<Map> from_map(object->map(), isolate);
     ElementsKind from_kind = from_map->elements_kind();
@@ -1006,7 +1007,8 @@ class ElementsAccessorBase : public InternalElementsAccessor {
     if (IsHoleyElementsKind(from_kind)) {
       to_kind = GetHoleyElementsKind(to_kind);
     }
-    Handle<Map> new_map = JSObject::GetElementsTransitionMap(object, to_kind);
+    DirectHandle<Map> new_map =
+        JSObject::GetElementsTransitionMap(object, to_kind);
     JSObject::SetMapAndElements(object, new_map, elements);
 
     // Transition through the allocation site as well if present.
@@ -1074,9 +1076,10 @@ class ElementsAccessorBase : public InternalElementsAccessor {
     UNREACHABLE();
   }
 
-  void CopyElements(Tagged<JSObject> from_holder, uint32_t from_start,
-                    ElementsKind from_kind, Handle<FixedArrayBase> to,
-                    uint32_t to_start, int copy_size) final {
+  void CopyElements(Isolate* isolate, Tagged<JSObject> from_holder,
+                    uint32_t from_start, ElementsKind from_kind,
+                    Handle<FixedArrayBase> to, uint32_t to_start,
+                    int copy_size) final {
     int packed_size = kPackedSizeNotKnown;
     bool is_packed =
         IsFastPackedElementsKind(from_kind) && IsJSArray(from_holder);
@@ -1096,8 +1099,8 @@ class ElementsAccessorBase : public InternalElementsAccessor {
     // copying from object with fast double elements to object with object
     // elements. In all the other cases there are no allocations performed and
     // handle creation causes noticeable performance degradation of the builtin.
-    Subclass::CopyElementsImpl(from_holder->GetIsolate(), from, from_start, *to,
-                               from_kind, to_start, packed_size, copy_size);
+    Subclass::CopyElementsImpl(isolate, from, from_start, *to, from_kind,
+                               to_start, packed_size, copy_size);
   }
 
   void CopyElements(Isolate* isolate, Handle<FixedArrayBase> source,
@@ -1867,7 +1870,7 @@ class DictionaryElementsAccessor
     }
     ElementsKind original_elements_kind = receiver->GetElementsKind();
     USE(original_elements_kind);
-    Handle<NumberDictionary> dictionary(
+    DirectHandle<NumberDictionary> dictionary(
         Cast<NumberDictionary>(receiver->elements()), isolate);
     // Iterate through the entire range, as accessing elements out of order is
     // observable.
@@ -2824,8 +2827,8 @@ class FastNonextensibleObjectElementsAccessor
                         : array->GetElementsAccessor()->Normalize(array);
 
     // Migrate map.
-    Handle<Map> new_map = Map::Copy(isolate, handle(array->map(), isolate),
-                                    "SlowCopyForSetLengthImpl");
+    DirectHandle<Map> new_map = Map::Copy(
+        isolate, handle(array->map(), isolate), "SlowCopyForSetLengthImpl");
     new_map->set_is_extensible(false);
     new_map->set_elements_kind(DICTIONARY_ELEMENTS);
     JSObject::MigrateToMap(isolate, array, new_map);
@@ -2877,7 +2880,8 @@ class FastSealedObjectElementsAccessor
   }
 
   static void DeleteAtEnd(DirectHandle<JSObject> obj,
-                          Handle<BackingStore> backing_store, uint32_t entry) {
+                          DirectHandle<BackingStore> backing_store,
+                          uint32_t entry) {
     UNREACHABLE();
   }
 
@@ -2922,8 +2926,8 @@ class FastSealedObjectElementsAccessor
                         : array->GetElementsAccessor()->Normalize(array);
 
     // Migrate map.
-    Handle<Map> new_map = Map::Copy(isolate, handle(array->map(), isolate),
-                                    "SlowCopyForSetLengthImpl");
+    DirectHandle<Map> new_map = Map::Copy(
+        isolate, handle(array->map(), isolate), "SlowCopyForSetLengthImpl");
     new_map->set_is_extensible(false);
     new_map->set_elements_kind(DICTIONARY_ELEMENTS);
     JSObject::MigrateToMap(isolate, array, new_map);
@@ -3025,7 +3029,8 @@ class FastFrozenObjectElementsAccessor
   }
 
   static void DeleteAtEnd(DirectHandle<JSObject> obj,
-                          Handle<BackingStore> backing_store, uint32_t entry) {
+                          DirectHandle<BackingStore> backing_store,
+                          uint32_t entry) {
     UNREACHABLE();
   }
 
@@ -3483,7 +3488,7 @@ class TypedElementsAccessor
       DirectHandle<FixedArrayBase> elements(object->elements(), isolate);
       size_t length = AccessorClass::GetCapacityImpl(*object, *elements);
       for (size_t index = 0; index < length; ++index) {
-        Handle<Object> value = AccessorClass::GetInternalImpl(
+        DirectHandle<Object> value = AccessorClass::GetInternalImpl(
             isolate, object, InternalIndex(index));
         if (get_entries) {
           value = MakeEntryPair(isolate, index, value);
@@ -5118,7 +5123,7 @@ class SlowSloppyArgumentsElementsAccessor
 
   static void ReconfigureImpl(DirectHandle<JSObject> object,
                               Handle<FixedArrayBase> store, InternalIndex entry,
-                              Handle<Object> value,
+                              DirectHandle<Object> value,
                               PropertyAttributes attributes) {
     Isolate* isolate = object->GetIsolate();
     auto elements = Cast<SloppyArgumentsElements>(store);
@@ -5238,7 +5243,7 @@ class FastSloppyArgumentsElementsAccessor
 
   static void ReconfigureImpl(Handle<JSObject> object,
                               Handle<FixedArrayBase> store, InternalIndex entry,
-                              Handle<Object> value,
+                              DirectHandle<Object> value,
                               PropertyAttributes attributes) {
     DCHECK_EQ(object->elements(), *store);
     DirectHandle<SloppyArgumentsElements> elements(
@@ -5280,7 +5285,7 @@ class FastSloppyArgumentsElementsAccessor
         isolate, arguments,
         ConvertElementsWithCapacity(object, old_arguments, from_kind, capacity),
         Nothing<bool>());
-    Handle<Map> new_map = JSObject::GetElementsTransitionMap(
+    DirectHandle<Map> new_map = JSObject::GetElementsTransitionMap(
         object, FAST_SLOPPY_ARGUMENTS_ELEMENTS);
     JSObject::MigrateToMap(isolate, object, new_map);
     elements->set_arguments(Cast<FixedArray>(*arguments));
@@ -5363,7 +5368,7 @@ class StringWrapperElementsAccessor
   }
 
   static Maybe<bool> AddImpl(Handle<JSObject> object, uint32_t index,
-                             Handle<Object> value,
+                             DirectHandle<Object> value,
                              PropertyAttributes attributes,
                              uint32_t new_capacity) {
     DCHECK(index >= static_cast<uint32_t>(GetString(*object)->length()));
@@ -5716,7 +5721,8 @@ Handle<JSArray> ElementsAccessor::Concat(Isolate* isolate,
     Object::ToArrayLength(array->length(), &len);
     if (len == 0) continue;
     ElementsKind from_kind = array->GetElementsKind();
-    accessor->CopyElements(array, 0, from_kind, storage, insertion_index, len);
+    accessor->CopyElements(isolate, array, 0, from_kind, storage,
+                           insertion_index, len);
     insertion_index += len;
   }
 
diff --git a/deps/v8/src/objects/elements.h b/deps/v8/src/objects/elements.h
index 7cfa42f4db78ca..678746474fe3b4 100644
--- a/deps/v8/src/objects/elements.h
+++ b/deps/v8/src/objects/elements.h
@@ -136,7 +136,7 @@ class ElementsAccessor {
 
   V8_WARN_UNUSED_RESULT virtual Maybe<bool> Add(Handle<JSObject> object,
                                                 uint32_t index,
-                                                Handle<Object> value,
+                                                DirectHandle<Object> value,
                                                 PropertyAttributes attributes,
                                                 uint32_t new_capacity) = 0;
 
@@ -231,7 +231,7 @@ class ElementsAccessor {
   // raw pointer parameter |source_holder| in the function that allocates.
   // This is done intentionally to avoid ArrayConcat() builtin performance
   // degradation.
-  virtual void CopyElements(Tagged<JSObject> source_holder,
+  virtual void CopyElements(Isolate* isolate, Tagged<JSObject> source_holder,
                             uint32_t source_start, ElementsKind source_kind,
                             Handle<FixedArrayBase> destination,
                             uint32_t destination_start, int copy_size) = 0;
diff --git a/deps/v8/src/objects/feedback-cell-inl.h b/deps/v8/src/objects/feedback-cell-inl.h
index 7669a6eb9564a9..d4b959d95f629f 100644
--- a/deps/v8/src/objects/feedback-cell-inl.h
+++ b/deps/v8/src/objects/feedback-cell-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_FEEDBACK_CELL_INL_H_
 #define V8_OBJECTS_FEEDBACK_CELL_INL_H_
 
+#include <optional>
+
 #include "src/execution/tiering-manager.h"
 #include "src/heap/heap-write-barrier-inl.h"
 #include "src/objects/feedback-cell.h"
@@ -15,8 +17,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/feedback-cell-tq-inl.inc"
 
@@ -32,8 +33,8 @@ void FeedbackCell::clear_padding() {
 }
 
 void FeedbackCell::reset_feedback_vector(
-    base::Optional<std::function<void(
-        Tagged<HeapObject> object, ObjectSlot slot, Tagged<HeapObject> target)>>
+    std::optional<std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
+                                     Tagged<HeapObject> target)>>
         gc_notify_updated_slot) {
   clear_interrupt_budget();
   if (IsUndefined(value()) || IsClosureFeedbackCellArray(value())) return;
@@ -63,9 +64,15 @@ void FeedbackCell::clear_dispatch_handle() {
   WriteField<JSDispatchHandle>(kDispatchHandleOffset, kNullJSDispatchHandle);
 }
 
-JSDispatchHandle FeedbackCell::dispatch_handle() {
+JSDispatchHandle FeedbackCell::dispatch_handle() const {
   return ReadField<JSDispatchHandle>(kDispatchHandleOffset);
 }
+
+void FeedbackCell::set_dispatch_handle(JSDispatchHandle new_handle) {
+  DCHECK_EQ(dispatch_handle(), kNullJSDispatchHandle);
+  WriteField<JSDispatchHandle>(kDispatchHandleOffset, new_handle);
+  JS_DISPATCH_HANDLE_WRITE_BARRIER(*this, new_handle);
+}
 #endif  // V8_ENABLE_LEAPTIERING
 
 void FeedbackCell::IncrementClosureCount(Isolate* isolate) {
@@ -79,8 +86,7 @@ void FeedbackCell::IncrementClosureCount(Isolate* isolate) {
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/feedback-cell.h b/deps/v8/src/objects/feedback-cell.h
index a4980d983652f7..ff1df29dd05ad3 100644
--- a/deps/v8/src/objects/feedback-cell.h
+++ b/deps/v8/src/objects/feedback-cell.h
@@ -5,13 +5,14 @@
 #ifndef V8_OBJECTS_FEEDBACK_CELL_H_
 #define V8_OBJECTS_FEEDBACK_CELL_H_
 
+#include <optional>
+
 #include "src/objects/struct.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class Undefined;
 
@@ -41,15 +42,16 @@ class FeedbackCell : public TorqueGeneratedFeedbackCell<FeedbackCell, Struct> {
   inline void initialize_dispatch_handle(IsolateForSandbox isolate,
                                          uint16_t parameter_count);
   inline void clear_dispatch_handle();
-  inline JSDispatchHandle dispatch_handle();
+  inline JSDispatchHandle dispatch_handle() const;
+  inline void set_dispatch_handle(JSDispatchHandle new_handle);
 #endif  // V8_ENABLE_LEAPTIERING
 
   inline void clear_padding();
   inline void reset_feedback_vector(
-      base::Optional<
+      std::optional<
           std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
                              Tagged<HeapObject> target)>>
-          gc_notify_updated_slot = base::nullopt);
+          gc_notify_updated_slot = std::nullopt);
 
   // The closure count is encoded in the cell's map, which distinguishes
   // between zero, one, or many closures. This function records a new closure
@@ -61,8 +63,7 @@ class FeedbackCell : public TorqueGeneratedFeedbackCell<FeedbackCell, Struct> {
   TQ_OBJECT_CONSTRUCTORS(FeedbackCell)
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/feedback-cell.tq b/deps/v8/src/objects/feedback-cell.tq
index f56544cfbf3c6b..84359ad1838aa5 100644
--- a/deps/v8/src/objects/feedback-cell.tq
+++ b/deps/v8/src/objects/feedback-cell.tq
@@ -4,6 +4,6 @@
 
 extern class FeedbackCell extends Struct {
   value: Undefined|FeedbackVector|ClosureFeedbackCellArray;
-  interrupt_budget: int32;
   @if(V8_ENABLE_LEAPTIERING) dispatch_handle: int32;
+  interrupt_budget: int32;
 }
diff --git a/deps/v8/src/objects/feedback-vector-inl.h b/deps/v8/src/objects/feedback-vector-inl.h
index 1aa5325031d214..91547d10b2a7f1 100644
--- a/deps/v8/src/objects/feedback-vector-inl.h
+++ b/deps/v8/src/objects/feedback-vector-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_FEEDBACK_VECTOR_INL_H_
 #define V8_OBJECTS_FEEDBACK_VECTOR_INL_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/heap/heap-write-barrier-inl.h"
 #include "src/objects/code-inl.h"
@@ -20,8 +22,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/feedback-vector-tq-inl.inc"
 
@@ -42,22 +43,34 @@ int32_t FeedbackMetadata::slot_count(AcquireLoadTag) const {
   return ACQUIRE_READ_INT32_FIELD(*this, kSlotCountOffset);
 }
 
+int32_t FeedbackMetadata::create_closure_slot_count(AcquireLoadTag) const {
+  return ACQUIRE_READ_INT32_FIELD(*this, kCreateClosureSlotCountOffset);
+}
+
 int32_t FeedbackMetadata::get(int index) const {
-  CHECK_LT(static_cast<unsigned>(index), static_cast<unsigned>(length()));
+  CHECK_LT(static_cast<unsigned>(index), static_cast<unsigned>(word_count()));
   int offset = kHeaderSize + index * kInt32Size;
   return ReadField<int32_t>(offset);
 }
 
 void FeedbackMetadata::set(int index, int32_t value) {
-  DCHECK_LT(static_cast<unsigned>(index), static_cast<unsigned>(length()));
+  DCHECK_LT(static_cast<unsigned>(index), static_cast<unsigned>(word_count()));
   int offset = kHeaderSize + index * kInt32Size;
   WriteField<int32_t>(offset, value);
 }
 
-bool FeedbackMetadata::is_empty() const { return slot_count() == 0; }
+bool FeedbackMetadata::is_empty() const {
+  DCHECK_IMPLIES(slot_count() == 0, create_closure_slot_count() == 0);
+  return slot_count() == 0;
+}
+
+int FeedbackMetadata::AllocatedSize() {
+  return SizeFor(slot_count(kAcquireLoad),
+                 create_closure_slot_count(kAcquireLoad));
+}
 
-int FeedbackMetadata::length() const {
-  return FeedbackMetadata::length(slot_count());
+int FeedbackMetadata::word_count() const {
+  return FeedbackMetadata::word_count(slot_count());
 }
 
 int FeedbackMetadata::GetSlotSize(FeedbackSlotKind kind) {
@@ -221,7 +234,17 @@ void FeedbackVector::set_interrupt_budget_reset_by_ic_change(bool value) {
   set_flags(InterruptBudgetResetByIcChangeBit::update(flags(), value));
 }
 
-base::Optional<Tagged<Code>> FeedbackVector::GetOptimizedOsrCode(
+bool FeedbackVector::was_once_deoptimized() const {
+  return invocation_count_before_stable(kRelaxedLoad) ==
+         kInvocationCountBeforeStableDeoptSentinel;
+}
+
+void FeedbackVector::set_was_once_deoptimized() {
+  set_invocation_count_before_stable(kInvocationCountBeforeStableDeoptSentinel,
+                                     kRelaxedStore);
+}
+
+std::optional<Tagged<Code>> FeedbackVector::GetOptimizedOsrCode(
     Isolate* isolate, FeedbackSlot slot) {
   Tagged<MaybeObject> maybe_code = Get(isolate, slot);
   if (maybe_code.IsCleared()) return {};
@@ -450,15 +473,15 @@ void NexusConfig::SetFeedback(Tagged<FeedbackVector> vector, FeedbackSlot slot,
 }
 
 Tagged<MaybeObject> FeedbackNexus::UninitializedSentinel() const {
-  return *FeedbackVector::UninitializedSentinel(GetIsolate());
+  return *FeedbackVector::UninitializedSentinel(config()->isolate());
 }
 
 Tagged<MaybeObject> FeedbackNexus::MegamorphicSentinel() const {
-  return *FeedbackVector::MegamorphicSentinel(GetIsolate());
+  return *FeedbackVector::MegamorphicSentinel(config()->isolate());
 }
 
 Tagged<MaybeObject> FeedbackNexus::MegaDOMSentinel() const {
-  return *FeedbackVector::MegaDOMSentinel(GetIsolate());
+  return *FeedbackVector::MegaDOMSentinel(config()->isolate());
 }
 
 Tagged<MaybeObject> FeedbackNexus::FromHandle(MaybeObjectHandle slot) const {
@@ -514,9 +537,7 @@ void FeedbackNexus::SetFeedback(Tagged<FeedbackType> feedback,
                             mode_extra);
 }
 
-Isolate* FeedbackNexus::GetIsolate() const { return vector()->GetIsolate(); }
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/feedback-vector.cc b/deps/v8/src/objects/feedback-vector.cc
index d4a7d7e6e93ddb..4ca2ad3d701604 100644
--- a/deps/v8/src/objects/feedback-vector.cc
+++ b/deps/v8/src/objects/feedback-vector.cc
@@ -5,8 +5,8 @@
 #include "src/objects/feedback-vector.h"
 
 #include <bit>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/deoptimizer/deoptimizer.h"
 #include "src/diagnostics/code-tracer.h"
@@ -20,8 +20,7 @@
 #include "src/objects/map-inl.h"
 #include "src/objects/objects.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 FeedbackSlot FeedbackVectorSpec::AddSlot(FeedbackSlotKind kind) {
   int slot = slot_count();
@@ -65,21 +64,32 @@ void FeedbackMetadata::SetKind(FeedbackSlot slot, FeedbackSlotKind kind) {
   set(index, new_data);
 }
 
+uint16_t FeedbackMetadata::GetCreateClosureParameterCount(int index) const {
+  DCHECK_LT(index, create_closure_slot_count());
+  int offset = kHeaderSize + word_count() * kInt32Size + index * kUInt16Size;
+  return ReadField<uint16_t>(offset);
+}
+
+void FeedbackMetadata::SetCreateClosureParameterCount(
+    int index, uint16_t parameter_count) {
+  DCHECK_LT(index, create_closure_slot_count());
+  int offset = kHeaderSize + word_count() * kInt32Size + index * kUInt16Size;
+  return WriteField<uint16_t>(offset, parameter_count);
+}
+
 // static
 template <typename IsolateT>
 Handle<FeedbackMetadata> FeedbackMetadata::New(IsolateT* isolate,
                                                const FeedbackVectorSpec* spec) {
   auto* factory = isolate->factory();
 
-  const int slot_count = spec == nullptr ? 0 : spec->slot_count();
-  const int create_closure_slot_count =
-      spec == nullptr ? 0 : spec->create_closure_slot_count();
+  const int slot_count = spec->slot_count();
+  const int create_closure_slot_count = spec->create_closure_slot_count();
   if (slot_count == 0 && create_closure_slot_count == 0) {
     return factory->empty_feedback_metadata();
   }
 #ifdef DEBUG
   for (int i = 0; i < slot_count;) {
-    DCHECK(spec);
     FeedbackSlotKind kind = spec->GetKind(FeedbackSlot(i));
     int entry_size = FeedbackMetadata::GetSlotSize(kind);
     for (int j = 1; j < entry_size; j++) {
@@ -96,12 +106,16 @@ Handle<FeedbackMetadata> FeedbackMetadata::New(IsolateT* isolate,
   // Initialize the slots. The raw data section has already been pre-zeroed in
   // NewFeedbackMetadata.
   for (int i = 0; i < slot_count; i++) {
-    DCHECK(spec);
     FeedbackSlot slot(i);
     FeedbackSlotKind kind = spec->GetKind(slot);
     metadata->SetKind(slot, kind);
   }
 
+  for (int i = 0; i < create_closure_slot_count; i++) {
+    uint16_t parameter_count = spec->GetCreateClosureParameterCount(i);
+    metadata->SetCreateClosureParameterCount(i, parameter_count);
+  }
+
   return metadata;
 }
 
@@ -210,10 +224,16 @@ Handle<ClosureFeedbackCellArray> ClosureFeedbackCellArray::New(
   DirectHandleVector<FeedbackCell> cells(isolate);
   cells.reserve(length);
   for (int i = 0; i < length; i++) {
-    cells.push_back(isolate->factory()->NewNoClosuresCell());
+    Handle<FeedbackCell> cell = isolate->factory()->NewNoClosuresCell();
+#ifdef V8_ENABLE_LEAPTIERING
+    uint16_t parameter_count =
+        shared->feedback_metadata()->GetCreateClosureParameterCount(i);
+    cell->initialize_dispatch_handle(isolate, parameter_count);
+#endif
+    cells.push_back(cell);
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   auto result = Allocate(isolate, length, &no_gc, allocation);
   for (int i = 0; i < length; i++) {
     result->set(i, *cells[i]);
@@ -472,7 +492,7 @@ bool FeedbackVector::ClearSlots(Isolate* isolate, ClearBehavior behavior) {
 
     Tagged<MaybeObject> obj = Get(slot);
     if (obj != uninitialized_sentinel) {
-      FeedbackNexus nexus(*this, slot);
+      FeedbackNexus nexus(isolate, *this, slot);
       feedback_updated |= nexus.Clear(behavior);
     }
   }
@@ -550,19 +570,19 @@ NexusConfig::GetFeedbackPair(Tagged<FeedbackVector> vector,
   return std::make_pair(feedback, feedback_extra);
 }
 
-FeedbackNexus::FeedbackNexus(Handle<FeedbackVector> vector, FeedbackSlot slot)
+FeedbackNexus::FeedbackNexus(Isolate* isolate, Handle<FeedbackVector> vector,
+                             FeedbackSlot slot)
     : vector_handle_(vector),
       slot_(slot),
-      config_(NexusConfig::FromMainThread(
-          vector.is_null() ? nullptr : vector->GetIsolate())) {
+      config_(NexusConfig::FromMainThread(isolate)) {
   kind_ = vector.is_null() ? FeedbackSlotKind::kInvalid : vector->GetKind(slot);
 }
 
-FeedbackNexus::FeedbackNexus(Tagged<FeedbackVector> vector, FeedbackSlot slot)
+FeedbackNexus::FeedbackNexus(Isolate* isolate, Tagged<FeedbackVector> vector,
+                             FeedbackSlot slot)
     : vector_(vector),
       slot_(slot),
-      config_(NexusConfig::FromMainThread(
-          vector.is_null() ? nullptr : vector->GetIsolate())) {
+      config_(NexusConfig::FromMainThread(isolate)) {
   kind_ = vector.is_null() ? FeedbackSlotKind::kInvalid : vector->GetKind(slot);
 }
 
@@ -576,12 +596,12 @@ FeedbackNexus::FeedbackNexus(Handle<FeedbackVector> vector, FeedbackSlot slot,
 Handle<WeakFixedArray> FeedbackNexus::CreateArrayOfSize(int length) {
   DCHECK(config()->can_write());
   Handle<WeakFixedArray> array =
-      GetIsolate()->factory()->NewWeakFixedArray(length);
+      config()->isolate()->factory()->NewWeakFixedArray(length);
   return array;
 }
 
 void FeedbackNexus::ConfigureUninitialized() {
-  Isolate* isolate = GetIsolate();
+  Isolate* isolate = config()->isolate();
   switch (kind()) {
     case FeedbackSlotKind::kStoreGlobalSloppy:
     case FeedbackSlotKind::kStoreGlobalStrict:
@@ -677,7 +697,7 @@ bool FeedbackNexus::Clear(ClearBehavior behavior) {
 
 bool FeedbackNexus::ConfigureMegamorphic() {
   DisallowGarbageCollection no_gc;
-  Isolate* isolate = GetIsolate();
+  Isolate* isolate = config()->isolate();
   Tagged<MaybeObject> sentinel = MegamorphicSentinel();
   if (GetFeedback() != sentinel) {
     SetFeedback(sentinel, SKIP_WRITE_BARRIER, ClearedValue(isolate));
@@ -939,7 +959,7 @@ bool FeedbackNexus::ConfigureLexicalVarMode(int script_context_index,
 void FeedbackNexus::ConfigureHandlerMode(const MaybeObjectHandle& handler) {
   DCHECK(IsGlobalICKind(kind()));
   DCHECK(IC::IsHandler(*handler));
-  SetFeedback(ClearedValue(GetIsolate()), UPDATE_WRITE_BARRIER, *handler,
+  SetFeedback(ClearedValue(config()->isolate()), UPDATE_WRITE_BARRIER, *handler,
               UPDATE_WRITE_BARRIER);
 }
 
@@ -955,7 +975,7 @@ void FeedbackNexus::ConfigureCloneObject(
     return MakeWeak(*handler_handle);
   };
   DCHECK(config()->can_write());
-  Isolate* isolate = GetIsolate();
+  Isolate* isolate = config()->isolate();
   Handle<HeapObject> feedback;
   {
     Tagged<MaybeObject> maybe_feedback = GetFeedback();
@@ -990,7 +1010,7 @@ void FeedbackNexus::ConfigureCloneObject(
     case InlineCacheState::POLYMORPHIC: {
       const int kMaxElements = v8_flags.max_valid_polymorphic_map_count *
                                kCloneObjectPolymorphicEntrySize;
-      Handle<WeakFixedArray> array = Cast<WeakFixedArray>(feedback);
+      DirectHandle<WeakFixedArray> array = Cast<WeakFixedArray>(feedback);
       int i = 0;
       for (; i < array->length(); i += kCloneObjectPolymorphicEntrySize) {
         Tagged<MaybeObject> feedback_map = array->get(i);
@@ -1011,7 +1031,7 @@ void FeedbackNexus::ConfigureCloneObject(
         }
 
         // Grow polymorphic feedback array.
-        Handle<WeakFixedArray> new_array = CreateArrayOfSize(
+        DirectHandle<WeakFixedArray> new_array = CreateArrayOfSize(
             array->length() + kCloneObjectPolymorphicEntrySize);
         for (int j = 0; j < array->length(); ++j) {
           new_array->set(j, array->get(j));
@@ -1470,5 +1490,4 @@ void FeedbackIterator::AdvancePolymorphic() {
   CHECK_EQ(index_, length);
   done_ = true;
 }
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/feedback-vector.h b/deps/v8/src/objects/feedback-vector.h
index a5e07c99271049..3e091e9182b721 100644
--- a/deps/v8/src/objects/feedback-vector.h
+++ b/deps/v8/src/objects/feedback-vector.h
@@ -5,6 +5,7 @@
 #ifndef V8_OBJECTS_FEEDBACK_VECTOR_H_
 #define V8_OBJECTS_FEEDBACK_VECTOR_H_
 
+#include <optional>
 #include <vector>
 
 #include "src/base/bit-field.h"
@@ -22,8 +23,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class IsCompiledScope;
 class FeedbackVectorSpec;
@@ -254,6 +254,10 @@ class FeedbackVector
   using TorqueGeneratedFeedbackVector::set_invocation_count_before_stable;
   DECL_RELAXED_UINT8_ACCESSORS(invocation_count_before_stable)
 
+  // In case a function deoptimizes we set invocation_count_before_stable to
+  // this sentinel.
+  static constexpr uint8_t kInvocationCountBeforeStableDeoptSentinel = 0xff;
+
   // The [osr_urgency] controls when OSR is attempted, and is incremented as
   // the function becomes hotter. When the current loop depth is less than the
   // osr_urgency, JumpLoop calls into runtime to attempt OSR optimization.
@@ -297,8 +301,8 @@ class FeedbackVector
 
   // Optimized OSR'd code is cached in JumpLoop feedback vector slots. The
   // slots either contain a Code object or the ClearedValue.
-  inline base::Optional<Tagged<Code>> GetOptimizedOsrCode(Isolate* isolate,
-                                                          FeedbackSlot slot);
+  inline std::optional<Tagged<Code>> GetOptimizedOsrCode(Isolate* isolate,
+                                                         FeedbackSlot slot);
   void SetOptimizedOsrCode(Isolate* isolate, FeedbackSlot slot,
                            Tagged<Code> code);
 
@@ -312,6 +316,13 @@ class FeedbackVector
   inline bool interrupt_budget_reset_by_ic_change() const;
   inline void set_interrupt_budget_reset_by_ic_change(bool value);
 
+  // Check if this function was ever deoptimized. This flag can be used as a
+  // blanked bailout for optimizations which are not guaranteed to be deopt-loop
+  // free (such as hoisting checks out of loops).
+  // TODO(olivf): Have a more granular (e.g., per loop) mechanism.
+  inline bool was_once_deoptimized() const;
+  inline void set_was_once_deoptimized();
+
   void reset_flags();
 
   // Conversion from a slot to an integer index to the underlying array.
@@ -448,14 +459,24 @@ class FeedbackVector
 
 class V8_EXPORT_PRIVATE FeedbackVectorSpec {
  public:
-  explicit FeedbackVectorSpec(Zone* zone) : slot_kinds_(zone) {
+  explicit FeedbackVectorSpec(Zone* zone)
+      : slot_kinds_(zone), create_closure_parameter_counts_(zone) {
     slot_kinds_.reserve(16);
   }
 
   int slot_count() const { return static_cast<int>(slot_kinds_.size()); }
-  int create_closure_slot_count() const { return create_closure_slot_count_; }
+  int create_closure_slot_count() const {
+    return static_cast<int>(create_closure_parameter_counts_.size());
+  }
 
-  int AddCreateClosureSlot() { return create_closure_slot_count_++; }
+  int AddCreateClosureParameterCount(uint16_t parameter_count) {
+    create_closure_parameter_counts_.push_back(parameter_count);
+    return create_closure_slot_count() - 1;
+  }
+
+  uint16_t GetCreateClosureParameterCount(int index) const {
+    return create_closure_parameter_counts_.at(index);
+  }
 
   FeedbackSlotKind GetKind(FeedbackSlot slot) const {
     return slot_kinds_.at(slot.ToInt());
@@ -566,7 +587,8 @@ class V8_EXPORT_PRIVATE FeedbackVectorSpec {
 
   static_assert(sizeof(FeedbackSlotKind) == sizeof(uint8_t));
   ZoneVector<FeedbackSlotKind> slot_kinds_;
-  int create_closure_slot_count_ = 0;
+  // A vector containing the parameter count for every create closure slot.
+  ZoneVector<uint16_t> create_closure_parameter_counts_;
 
   friend class SharedFeedbackSlot;
 };
@@ -594,6 +616,13 @@ class SharedFeedbackSlot {
 // of int32 data. The length is never stored - it is always calculated from
 // slot_count. All instances are created through the static New function, and
 // the number of slots is static once an instance is created.
+//
+// Besides the feedback slots, the FeedbackMetadata also stores the parameter
+// count for every CreateClosure slot as that is required for allocating the
+// FeedbackCells for the closres. This data doesn't necessarily need to live in
+// this object (it could, for example, also be stored on the Bytecode), but
+// keeping it here is somewhat efficient as the uint16s can just be stored
+// after the int32s of the slots.
 class FeedbackMetadata : public HeapObject {
  public:
   // The number of slots that this metadata contains. Stored as an int32.
@@ -608,6 +637,9 @@ class FeedbackMetadata : public HeapObject {
   // Get slot_count using an acquire load.
   inline int32_t slot_count(AcquireLoadTag) const;
 
+  // Get create_closure_slot_count using an acquire load.
+  inline int32_t create_closure_slot_count(AcquireLoadTag) const;
+
   // Returns number of feedback vector elements used by given slot kind.
   static inline int GetSlotSize(FeedbackSlotKind kind);
 
@@ -618,10 +650,14 @@ class FeedbackMetadata : public HeapObject {
   // Returns slot kind for given slot.
   V8_EXPORT_PRIVATE FeedbackSlotKind GetKind(FeedbackSlot slot) const;
 
+  // Returns the parameter count for the create closure slot with the given
+  // index.
+  V8_EXPORT_PRIVATE uint16_t GetCreateClosureParameterCount(int index) const;
+
   // If {spec} is null, then it is considered empty.
   template <typename IsolateT>
   V8_EXPORT_PRIVATE static Handle<FeedbackMetadata> New(
-      IsolateT* isolate, const FeedbackVectorSpec* spec = nullptr);
+      IsolateT* isolate, const FeedbackVectorSpec* spec);
 
   DECL_PRINTER(FeedbackMetadata)
   DECL_VERIFIER(FeedbackMetadata)
@@ -631,8 +667,12 @@ class FeedbackMetadata : public HeapObject {
   // Garbage collection support.
   // This includes any necessary padding at the end of the object for pointer
   // size alignment.
-  static int SizeFor(int slot_count) {
-    return OBJECT_POINTER_ALIGN(kHeaderSize + length(slot_count) * kInt32Size);
+  inline int AllocatedSize();
+
+  static int SizeFor(int slot_count, int create_closure_slot_count) {
+    return OBJECT_POINTER_ALIGN(kHeaderSize +
+                                word_count(slot_count) * kInt32Size +
+                                create_closure_slot_count * kUInt16Size);
   }
 
 #define FIELDS(V)                              \
@@ -654,16 +694,18 @@ class FeedbackMetadata : public HeapObject {
 
   // The number of int32 data fields needed to store {slot_count} slots.
   // Does not include any extra padding for pointer size alignment.
-  static int length(int slot_count) {
+  static int word_count(int slot_count) {
     return VectorICComputer::word_count(slot_count);
   }
-  inline int length() const;
+  inline int word_count() const;
 
   static const int kFeedbackSlotKindBits = 5;
   static_assert(kFeedbackSlotKindCount <= (1 << kFeedbackSlotKindBits));
 
   void SetKind(FeedbackSlot slot, FeedbackSlotKind kind);
 
+  void SetCreateClosureParameterCount(int index, uint16_t parameter_count);
+
   using VectorICComputer =
       base::BitSetComputer<FeedbackSlotKind, kFeedbackSlotKindBits,
                            kInt32Size * kBitsPerByte, uint32_t>;
@@ -733,11 +775,13 @@ class FeedbackMetadataIterator {
 class V8_EXPORT_PRIVATE NexusConfig {
  public:
   static NexusConfig FromMainThread(Isolate* isolate) {
+    DCHECK_NOT_NULL(isolate);
     return NexusConfig(isolate);
   }
 
   static NexusConfig FromBackgroundThread(Isolate* isolate,
                                           LocalHeap* local_heap) {
+    DCHECK_NOT_NULL(isolate);
     return NexusConfig(isolate, local_heap);
   }
 
@@ -782,8 +826,9 @@ class V8_EXPORT_PRIVATE NexusConfig {
 class V8_EXPORT_PRIVATE FeedbackNexus final {
  public:
   // For use on the main thread. A null {vector} is accepted as well.
-  FeedbackNexus(Handle<FeedbackVector> vector, FeedbackSlot slot);
-  FeedbackNexus(Tagged<FeedbackVector> vector, FeedbackSlot slot);
+  FeedbackNexus(Isolate* isolate, Handle<FeedbackVector> vector,
+                FeedbackSlot slot);
+  FeedbackNexus(Isolate*, Tagged<FeedbackVector> vector, FeedbackSlot slot);
 
   // For use on the main or background thread as configured by {config}.
   // {vector} must be valid.
@@ -853,8 +898,6 @@ class V8_EXPORT_PRIVATE FeedbackNexus final {
   inline std::pair<Tagged<MaybeObject>, Tagged<MaybeObject>> GetFeedbackPair()
       const;
 
-  inline Isolate* GetIsolate() const;
-
   void ConfigureMonomorphic(Handle<Name> name, DirectHandle<Map> receiver_map,
                             const MaybeObjectHandle& handler);
 
@@ -950,9 +993,10 @@ class V8_EXPORT_PRIVATE FeedbackNexus final {
   FeedbackSlotKind kind_;
   // When using the background-thread configuration, a cache is used to
   // guarantee a consistent view of the feedback to FeedbackNexus methods.
-  mutable base::Optional<std::pair<MaybeObjectHandle, MaybeObjectHandle>>
+  mutable std::optional<std::pair<MaybeObjectHandle, MaybeObjectHandle>>
       feedback_cache_;
   NexusConfig config_;
+  Isolate* isolate_;
 };
 
 class V8_EXPORT_PRIVATE FeedbackIterator final {
@@ -997,8 +1041,7 @@ inline BinaryOperationHint BinaryOperationHintFromFeedback(int type_feedback);
 inline CompareOperationHint CompareOperationHintFromFeedback(int type_feedback);
 inline ForInHint ForInHintFromFeedback(ForInFeedback type_feedback);
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/fixed-array-inl.h b/deps/v8/src/objects/fixed-array-inl.h
index b26f0c8b9a8868..a2009f069b11f6 100644
--- a/deps/v8/src/objects/fixed-array-inl.h
+++ b/deps/v8/src/objects/fixed-array-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_FIXED_ARRAY_INL_H_
 #define V8_OBJECTS_FIXED_ARRAY_INL_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/handles/handles-inl.h"
 #include "src/heap/heap-write-barrier-inl.h"
@@ -25,8 +27,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/fixed-array-tq-inl.inc"
 
@@ -305,7 +306,7 @@ Handle<FixedArray> FixedArray::New(IsolateT* isolate, int capacity,
     return isolate->factory()->empty_fixed_array();
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<FixedArray> result =
       Cast<FixedArray>(Allocate(isolate, capacity, &no_gc, allocation));
   ReadOnlyRoots roots{isolate};
@@ -328,7 +329,7 @@ Handle<TrustedFixedArray> TrustedFixedArray::New(IsolateT* isolate,
   // (mutable) empty_trusted_fixed_array will be created via this function.
   // The same is true for the other trusted-space arrays below.
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<TrustedFixedArray> result = Cast<TrustedFixedArray>(
       Allocate(isolate, capacity, &no_gc, AllocationType::kTrusted));
   MemsetTagged((*result)->RawFieldOfFirstElement(), Smi::zero(), capacity);
@@ -345,7 +346,7 @@ Handle<ProtectedFixedArray> ProtectedFixedArray::New(IsolateT* isolate,
           capacity);
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<ProtectedFixedArray> result = Cast<ProtectedFixedArray>(
       Allocate(isolate, capacity, &no_gc, AllocationType::kTrusted));
   MemsetTagged((*result)->RawFieldOfFirstElement(), Smi::zero(), capacity);
@@ -357,7 +358,7 @@ template <class D, class S, class P>
 template <class IsolateT>
 Handle<D> TaggedArrayBase<D, S, P>::Allocate(
     IsolateT* isolate, int capacity,
-    base::Optional<DisallowGarbageCollection>* no_gc_out,
+    std::optional<DisallowGarbageCollection>* no_gc_out,
     AllocationType allocation) {
   // Note 0-capacity is explicitly allowed since not all subtypes can be
   // assumed to have canonical 0-capacity instances.
@@ -706,7 +707,7 @@ Handle<FixedArrayBase> FixedDoubleArray::New(IsolateT* isolate, int length,
     return isolate->factory()->empty_fixed_array();
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   return Cast<FixedDoubleArray>(Allocate(isolate, length, &no_gc, allocation));
 }
 
@@ -715,7 +716,7 @@ template <class D, class S, class P>
 template <class IsolateT>
 Handle<D> PrimitiveArrayBase<D, S, P>::Allocate(
     IsolateT* isolate, int length,
-    base::Optional<DisallowGarbageCollection>* no_gc_out,
+    std::optional<DisallowGarbageCollection>* no_gc_out,
     AllocationType allocation) {
   // Note 0-length is explicitly allowed since not all subtypes can be
   // assumed to have canonical 0-length instances.
@@ -801,18 +802,21 @@ void FixedDoubleArray::FillWithHoles(int from, int to) {
 // static
 template <class IsolateT>
 Handle<WeakFixedArray> WeakFixedArray::New(IsolateT* isolate, int capacity,
-                                           AllocationType allocation) {
+                                           AllocationType allocation,
+                                           MaybeHandle<Object> initial_value) {
   CHECK_LE(static_cast<unsigned>(capacity), kMaxCapacity);
 
   if (V8_UNLIKELY(capacity == 0)) {
     return isolate->factory()->empty_weak_fixed_array();
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<WeakFixedArray> result =
       Cast<WeakFixedArray>(Allocate(isolate, capacity, &no_gc, allocation));
   ReadOnlyRoots roots{isolate};
-  MemsetTagged((*result)->RawFieldOfFirstElement(), roots.undefined_value(),
+  MemsetTagged((*result)->RawFieldOfFirstElement(),
+               initial_value.is_null() ? roots.undefined_value()
+                                       : *initial_value.ToHandleChecked(),
                capacity);
   return result;
 }
@@ -826,7 +830,7 @@ Handle<TrustedWeakFixedArray> TrustedWeakFixedArray::New(IsolateT* isolate,
           capacity);
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<TrustedWeakFixedArray> result = Cast<TrustedWeakFixedArray>(
       Allocate(isolate, capacity, &no_gc, AllocationType::kTrusted));
   MemsetTagged((*result)->RawFieldOfFirstElement(), Smi::zero(), capacity);
@@ -894,7 +898,7 @@ Handle<ArrayList> ArrayList::New(IsolateT* isolate, int capacity,
   DCHECK_GT(capacity, 0);
   DCHECK_LE(capacity, kMaxCapacity);
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<ArrayList> result =
       Cast<ArrayList>(Allocate(isolate, capacity, &no_gc, allocation));
   result->set_length(0);
@@ -914,7 +918,7 @@ Handle<ByteArray> ByteArray::New(IsolateT* isolate, int length,
     return isolate->factory()->empty_byte_array();
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<ByteArray> result =
       Cast<ByteArray>(Allocate(isolate, length, &no_gc, allocation));
 
@@ -946,7 +950,7 @@ Handle<TrustedByteArray> TrustedByteArray::New(IsolateT* isolate, int length,
     FATAL("Fatal JavaScript invalid size error %d", length);
   }
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<TrustedByteArray> result = Cast<TrustedByteArray>(
       Allocate(isolate, length, &no_gc, allocation_type));
 
@@ -1099,8 +1103,7 @@ template <class T>
 TrustedPodArray<T>::TrustedPodArray(Address ptr)
     : PodArrayBase<T, TrustedByteArray>(ptr) {}
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/fixed-array.h b/deps/v8/src/objects/fixed-array.h
index 9592cd9ea12cff..67cd8abd82ecb2 100644
--- a/deps/v8/src/objects/fixed-array.h
+++ b/deps/v8/src/objects/fixed-array.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_FIXED_ARRAY_H_
 #define V8_OBJECTS_FIXED_ARRAY_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/handles/maybe-handles.h"
 #include "src/objects/heap-object.h"
@@ -20,8 +22,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/fixed-array-tq.inc"
 
@@ -159,7 +160,7 @@ class TaggedArrayBase : public Super {
   template <class IsolateT>
   static Handle<Derived> Allocate(
       IsolateT* isolate, int capacity,
-      base::Optional<DisallowGarbageCollection>* no_gc_out,
+      std::optional<DisallowGarbageCollection>* no_gc_out,
       AllocationType allocation = AllocationType::kYoung);
 
   static constexpr int NewCapacityForIndex(int index, int old_capacity);
@@ -448,7 +449,7 @@ class PrimitiveArrayBase : public Super {
   template <class IsolateT>
   static Handle<Derived> Allocate(
       IsolateT* isolate, int length,
-      base::Optional<DisallowGarbageCollection>* no_gc_out,
+      std::optional<DisallowGarbageCollection>* no_gc_out,
       AllocationType allocation = AllocationType::kYoung);
 
   inline bool IsInBounds(int index) const;
@@ -533,7 +534,8 @@ class WeakFixedArray
   template <class IsolateT>
   static inline Handle<WeakFixedArray> New(
       IsolateT* isolate, int capacity,
-      AllocationType allocation = AllocationType::kYoung);
+      AllocationType allocation = AllocationType::kYoung,
+      MaybeHandle<Object> initial_value = {});
 
   DECL_PRINTER(WeakFixedArray)
   DECL_VERIFIER(WeakFixedArray)
@@ -884,7 +886,7 @@ class FixedIntegerArrayBase : public Base {
 
   inline int length() const;
 
-  OBJECT_CONSTRUCTORS(FixedIntegerArrayBase<T LITERAL_COMMA Base>, Base);
+  OBJECT_CONSTRUCTORS(FixedIntegerArrayBase, Base);
 };
 
 using FixedInt8Array = FixedIntegerArrayBase<int8_t, ByteArray>;
@@ -913,7 +915,7 @@ class FixedAddressArrayBase : public FixedIntegerArrayBase<Address, Base> {
   static inline Handle<FixedAddressArrayBase> New(Isolate* isolate, int length,
                                                   MoreArgs&&... more_args);
 
-  OBJECT_CONSTRUCTORS(FixedAddressArrayBase<Base>, Underlying);
+  OBJECT_CONSTRUCTORS(FixedAddressArrayBase, Underlying);
 };
 
 using FixedAddressArray = FixedAddressArrayBase<ByteArray>;
@@ -1010,7 +1012,7 @@ class PodArray : public PodArrayBase<T, ByteArray> {
       LocalIsolate* isolate, int length,
       AllocationType allocation = AllocationType::kOld);
 
-  OBJECT_CONSTRUCTORS(PodArray<T>, PodArrayBase<T, ByteArray>);
+  OBJECT_CONSTRUCTORS(PodArray, PodArrayBase<T, ByteArray>);
 };
 
 template <class T>
@@ -1019,11 +1021,10 @@ class TrustedPodArray : public PodArrayBase<T, TrustedByteArray> {
   static Handle<TrustedPodArray<T>> New(Isolate* isolate, int length);
   static Handle<TrustedPodArray<T>> New(LocalIsolate* isolate, int length);
 
-  OBJECT_CONSTRUCTORS(TrustedPodArray<T>, PodArrayBase<T, TrustedByteArray>);
+  OBJECT_CONSTRUCTORS(TrustedPodArray, PodArrayBase<T, TrustedByteArray>);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/heap-object.h b/deps/v8/src/objects/heap-object.h
index 4823c73ab6307f..b03b3c47408f68 100644
--- a/deps/v8/src/objects/heap-object.h
+++ b/deps/v8/src/objects/heap-object.h
@@ -241,14 +241,16 @@ class HeapObject : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
   V8_EXPORT_PRIVATE int SizeFromMap(Tagged<Map> map) const;
 
   template <class T, typename std::enable_if<std::is_arithmetic<T>::value ||
-                                                 std::is_enum<T>::value,
+                                                 std::is_enum<T>::value ||
+                                                 std::is_pointer<T>::value,
                                              int>::type = 0>
   inline T ReadField(size_t offset) const {
     return ReadMaybeUnalignedValue<T>(field_address(offset));
   }
 
   template <class T, typename std::enable_if<std::is_arithmetic<T>::value ||
-                                                 std::is_enum<T>::value,
+                                                 std::is_enum<T>::value ||
+                                                 std::is_pointer<T>::value,
                                              int>::type = 0>
   inline void WriteField(size_t offset, T value) const {
     return WriteMaybeUnalignedValue<T>(field_address(offset), value);
@@ -334,18 +336,11 @@ class HeapObject : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
   //
   // Indirect pointers.
   //
-  // These are only available when the sandbox is enabled.
+  // These are only available when the sandbox is enabled, in which case they
+  // are the under-the-hood implementation of trusted pointers.
   inline void InitSelfIndirectPointerField(size_t offset,
                                            IsolateForSandbox isolate);
 
-  template <IndirectPointerTag tag>
-  inline Tagged<Object> ReadIndirectPointerField(
-      size_t offset, IsolateForSandbox isolate) const;
-
-  template <IndirectPointerTag tag>
-  inline void WriteIndirectPointerField(size_t offset,
-                                        Tagged<ExposedTrustedObject> value);
-
   // Trusted pointers.
   //
   // A pointer to a trusted object. When the sandbox is enabled, these are
@@ -357,16 +352,26 @@ class HeapObject : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
   inline Tagged<ExposedTrustedObject> ReadTrustedPointerField(
       size_t offset, IsolateForSandbox isolate) const;
   template <IndirectPointerTag tag>
+  inline Tagged<ExposedTrustedObject> ReadTrustedPointerField(
+      size_t offset, IsolateForSandbox isolate, AcquireLoadTag) const;
+  // Like ReadTrustedPointerField, but if the field is cleared, this will
+  // return Smi::zero().
+  template <IndirectPointerTag tag>
+  inline Tagged<Object> ReadMaybeEmptyTrustedPointerField(
+      size_t offset, IsolateForSandbox isolate, AcquireLoadTag) const;
+
+  template <IndirectPointerTag tag>
   inline void WriteTrustedPointerField(size_t offset,
                                        Tagged<ExposedTrustedObject> value);
 
-  // Trusted pointer fields can be cleared, in which case they no longer point
-  // to any object. When the sandbox is enabled, this will set the fields
-  // indirect pointer handle to the null handle (referencing the zeroth entry in
-  // the TrustedPointerTable which just contains nullptr). When the sandbox is
-  // disabled, this will set the field to Smi::zero().
-  inline bool IsTrustedPointerFieldCleared(size_t offset) const;
+  // Trusted pointer fields can be cleared/empty, in which case they no longer
+  // point to any object. When the sandbox is enabled, this will set the fields
+  // indirect pointer handle to the null handle (referencing the zeroth entry
+  // in the TrustedPointerTable which just contains nullptr). When the sandbox
+  // is disabled, this will set the field to Smi::zero().
+  inline bool IsTrustedPointerFieldEmpty(size_t offset) const;
   inline void ClearTrustedPointerField(size_t offest);
+  inline void ClearTrustedPointerField(size_t offest, ReleaseStoreTag);
 
   // Code pointers.
   //
@@ -378,7 +383,7 @@ class HeapObject : public TaggedImpl<HeapObjectReferenceType::STRONG, Address> {
                                            IsolateForSandbox isolate) const;
   inline void WriteCodePointerField(size_t offset, Tagged<Code> value);
 
-  inline bool IsCodePointerFieldCleared(size_t offset) const;
+  inline bool IsCodePointerFieldEmpty(size_t offset) const;
   inline void ClearCodePointerField(size_t offest);
 
   inline Address ReadCodeEntrypointViaCodePointerField(
diff --git a/deps/v8/src/objects/instance-type-checker.h b/deps/v8/src/objects/instance-type-checker.h
index fb331f7e8b0c13..82f722662467ce 100644
--- a/deps/v8/src/objects/instance-type-checker.h
+++ b/deps/v8/src/objects/instance-type-checker.h
@@ -65,14 +65,16 @@ constexpr Tagged_t kNonJsReceiverMapLimit =
         RootIndex::kFirstJSReceiverMapRoot)] &
     ~0xFFF;
 
-// Maps for strings allocated as the first maps in r/o space. If we have a
-// receiver and need to distinguish whether it is a string or not, it suffices
-// to check whether it is less-than-equal to the following value.
-constexpr Tagged_t kLastStringMap =
-    StaticReadOnlyRoot::kSharedSeqOneByteStringMap;
+// Maps for strings allocated as the first maps in r/o space, so their lower
+// bound is zero.
+constexpr Tagged_t kStringMapLowerBound = 0;
+// If we have a receiver and need to distinguish whether it is a string or not,
+// it suffices to check whether it is less-than-equal to the following value.
+constexpr Tagged_t kStringMapUpperBound =
+    StaticReadOnlyRoot::kThinOneByteStringMap;
 
 #define ASSERT_IS_LAST_STRING_MAP(instance_type, size, name, Name) \
-  static_assert(StaticReadOnlyRoot::k##Name##Map <= kLastStringMap);
+  static_assert(StaticReadOnlyRoot::k##Name##Map <= kStringMapUpperBound);
 STRING_TYPE_LIST(ASSERT_IS_LAST_STRING_MAP)
 #undef ASSERT_IS_LAST_STRING_MAP
 
diff --git a/deps/v8/src/objects/instance-type-inl.h b/deps/v8/src/objects/instance-type-inl.h
index 5f2a7c793dcfc8..ae25608a1e0d70 100644
--- a/deps/v8/src/objects/instance-type-inl.h
+++ b/deps/v8/src/objects/instance-type-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_INSTANCE_TYPE_INL_H_
 #define V8_OBJECTS_INSTANCE_TYPE_INL_H_
 
+#include <optional>
+
 #include "src/base/bounds.h"
 #include "src/execution/isolate-utils-inl.h"
 #include "src/objects/instance-type-checker.h"
@@ -14,8 +16,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace InstanceTypeChecker {
 
@@ -39,20 +40,20 @@ HEAP_OBJECT_TYPE_LIST(DECL_TYPE)
 // Instance types which are associated with one unique map.
 
 template <class type>
-V8_INLINE constexpr base::Optional<RootIndex> UniqueMapOfInstanceTypeCheck() {
+V8_INLINE constexpr std::optional<RootIndex> UniqueMapOfInstanceTypeCheck() {
   return {};
 }
 
 #define INSTANCE_TYPE_MAP(V, rootIndexName, rootAccessorName, class_name) \
   template <>                                                             \
-  V8_INLINE constexpr base::Optional<RootIndex>                           \
+  V8_INLINE constexpr std::optional<RootIndex>                            \
   UniqueMapOfInstanceTypeCheck<InstanceTypeTraits::class_name>() {        \
     return {RootIndex::k##rootIndexName};                                 \
   }
 UNIQUE_INSTANCE_TYPE_MAP_LIST_GENERATOR(INSTANCE_TYPE_MAP, _)
 #undef INSTANCE_TYPE_MAP
 
-V8_INLINE constexpr base::Optional<RootIndex> UniqueMapOfInstanceType(
+V8_INLINE constexpr std::optional<RootIndex> UniqueMapOfInstanceType(
     InstanceType type) {
 #define INSTANCE_TYPE_CHECK(it, forinstancetype)              \
   if (type == forinstancetype) {                              \
@@ -71,9 +72,8 @@ constexpr bool kHasUniqueMapOfInstanceType =
 
 template <InstanceType type>
 constexpr RootIndex kUniqueMapOfInstanceType =
-  kHasUniqueMapOfInstanceType<type>?
-    *UniqueMapOfInstanceType(type):
-    RootIndex::kRootListLength;
+    kHasUniqueMapOfInstanceType<type> ? *UniqueMapOfInstanceType(type)
+                                      : RootIndex::kRootListLength;
 
 // Manually curated list of instance type ranges which are associated with a
 // unique range of map addresses on the read only heap. Both ranges are
@@ -83,17 +83,24 @@ using InstanceTypeRange = std::pair<InstanceType, InstanceType>;
 using TaggedAddressRange = std::pair<Tagged_t, Tagged_t>;
 
 #if V8_STATIC_ROOTS_BOOL
-constexpr std::array<std::pair<InstanceTypeRange, TaggedAddressRange>, 6>
+constexpr std::array<std::pair<InstanceTypeRange, TaggedAddressRange>, 9>
     kUniqueMapRangeOfInstanceTypeRangeList = {
         {{{ALLOCATION_SITE_TYPE, ALLOCATION_SITE_TYPE},
           {StaticReadOnlyRoot::kAllocationSiteWithWeakNextMap,
            StaticReadOnlyRoot::kAllocationSiteWithoutWeakNextMap}},
          {{FIRST_STRING_TYPE, LAST_STRING_TYPE},
-          {StaticReadOnlyRoot::kSeqTwoByteStringMap,
-           StaticReadOnlyRoot::kSharedSeqOneByteStringMap}},
+          {InstanceTypeChecker::kStringMapLowerBound,
+           InstanceTypeChecker::kStringMapUpperBound}},
          {{FIRST_NAME_TYPE, LAST_NAME_TYPE},
           {StaticReadOnlyRoot::kSeqTwoByteStringMap,
            StaticReadOnlyRoot::kSymbolMap}},
+         {{ODDBALL_TYPE, ODDBALL_TYPE},
+          {StaticReadOnlyRoot::kUndefinedMap, StaticReadOnlyRoot::kBooleanMap}},
+         {{HEAP_NUMBER_TYPE, ODDBALL_TYPE},
+          {StaticReadOnlyRoot::kUndefinedMap,
+           StaticReadOnlyRoot::kHeapNumberMap}},
+         {{BIGINT_TYPE, HEAP_NUMBER_TYPE},
+          {StaticReadOnlyRoot::kHeapNumberMap, StaticReadOnlyRoot::kBigIntMap}},
          {{FIRST_SMALL_ORDERED_HASH_TABLE_TYPE,
            LAST_SMALL_ORDERED_HASH_TABLE_TYPE},
           {StaticReadOnlyRoot::kSmallOrderedHashMapMap,
@@ -107,18 +114,44 @@ constexpr std::array<std::pair<InstanceTypeRange, TaggedAddressRange>, 6>
            StaticReadOnlyRoot::kTurbofanOtherNumberConstantTypeMap}}}};
 
 struct kUniqueMapRangeOfStringType {
-  static constexpr TaggedAddressRange kInternalizedString = {
-      StaticReadOnlyRoot::kExternalInternalizedTwoByteStringMap,
+  static constexpr TaggedAddressRange kSeqString = {
+      InstanceTypeChecker::kStringMapLowerBound,
       StaticReadOnlyRoot::kInternalizedOneByteStringMap};
-  static constexpr TaggedAddressRange kExternalString = {
-      StaticReadOnlyRoot::kExternalTwoByteStringMap,
+  static constexpr TaggedAddressRange kInternalizedString = {
+      StaticReadOnlyRoot::kInternalizedTwoByteStringMap,
       StaticReadOnlyRoot::kUncachedExternalInternalizedOneByteStringMap};
+  static constexpr TaggedAddressRange kExternalString = {
+      StaticReadOnlyRoot::kExternalInternalizedTwoByteStringMap,
+      StaticReadOnlyRoot::kSharedExternalOneByteStringMap};
+  static constexpr TaggedAddressRange kUncachedExternalString = {
+      StaticReadOnlyRoot::kUncachedExternalInternalizedTwoByteStringMap,
+      StaticReadOnlyRoot::kSharedUncachedExternalOneByteStringMap};
+  static constexpr TaggedAddressRange kConsString = {
+      StaticReadOnlyRoot::kConsTwoByteStringMap,
+      StaticReadOnlyRoot::kConsOneByteStringMap};
+  static constexpr TaggedAddressRange kSlicedString = {
+      StaticReadOnlyRoot::kSlicedTwoByteStringMap,
+      StaticReadOnlyRoot::kSlicedOneByteStringMap};
   static constexpr TaggedAddressRange kThinString = {
       StaticReadOnlyRoot::kThinTwoByteStringMap,
       StaticReadOnlyRoot::kThinOneByteStringMap};
 };
 
-inline constexpr base::Optional<TaggedAddressRange>
+// This one is very sneaky. String maps are laid out sequentially, and
+// alternate between two-byte and one-byte. Since they're sequential, each
+// address is one Map::kSize larger than the previous. This means that the LSB
+// of the map size alternates being set and unset for alternating string map
+// addresses, and therefore is on/off for all two-byte/one-byte strings. Which
+// of the two has the on-bit depends on the current RO heap layout, so just
+// sniff this by checking an arbitrary one-byte map's value.
+static constexpr int kStringMapEncodingMask =
+    1 << base::bits::CountTrailingZerosNonZero(Map::kSize);
+static constexpr int kOneByteStringMapBit =
+    StaticReadOnlyRoot::kSeqOneByteStringMap & kStringMapEncodingMask;
+static constexpr int kTwoByteStringMapBit =
+    StaticReadOnlyRoot::kSeqTwoByteStringMap & kStringMapEncodingMask;
+
+inline constexpr std::optional<TaggedAddressRange>
 UniqueMapRangeOfInstanceTypeRange(InstanceType first, InstanceType last) {
   // Doesn't use range based for loop due to LLVM <11 bug re. constexpr
   // functions.
@@ -131,7 +164,8 @@ UniqueMapRangeOfInstanceTypeRange(InstanceType first, InstanceType last) {
   return {};
 }
 
-constexpr inline TaggedAddressRange NULL_ADDRESS_RANGE{kNullAddress, kNullAddress};
+constexpr inline TaggedAddressRange NULL_ADDRESS_RANGE{kNullAddress,
+                                                       kNullAddress};
 
 template <InstanceType first, InstanceType last>
 constexpr bool kHasUniqueMapRangeOfInstanceTypeRange =
@@ -139,12 +173,12 @@ constexpr bool kHasUniqueMapRangeOfInstanceTypeRange =
 
 template <InstanceType first, InstanceType last>
 constexpr TaggedAddressRange kUniqueMapRangeOfInstanceTypeRange =
-  kHasUniqueMapRangeOfInstanceTypeRange<first, last>?
-    *UniqueMapRangeOfInstanceTypeRange(first, last):
-    NULL_ADDRESS_RANGE;
+    kHasUniqueMapRangeOfInstanceTypeRange<first, last>
+        ? *UniqueMapRangeOfInstanceTypeRange(first, last)
+        : NULL_ADDRESS_RANGE;
 
-inline constexpr base::Optional<TaggedAddressRange>
-UniqueMapRangeOfInstanceType(InstanceType type) {
+inline constexpr std::optional<TaggedAddressRange> UniqueMapRangeOfInstanceType(
+    InstanceType type) {
   return UniqueMapRangeOfInstanceTypeRange(type, type);
 }
 
@@ -154,9 +188,8 @@ constexpr bool kHasUniqueMapRangeOfInstanceType =
 
 template <InstanceType type>
 constexpr TaggedAddressRange kUniqueMapRangeOfInstanceType =
-  kHasUniqueMapRangeOfInstanceType<type>?
-    *UniqueMapRangeOfInstanceType(type):
-    NULL_ADDRESS_RANGE;
+    kHasUniqueMapRangeOfInstanceType<type> ? *UniqueMapRangeOfInstanceType(type)
+                                           : NULL_ADDRESS_RANGE;
 
 inline bool MayHaveMapCheckFastCase(InstanceType type) {
   if (UniqueMapOfInstanceType(type)) return true;
@@ -312,6 +345,20 @@ V8_INLINE bool IsInternalizedString(Tagged<Map> map_object) {
 #endif
 }
 
+V8_INLINE constexpr bool IsSeqString(InstanceType instance_type) {
+  return (instance_type & (kIsNotStringMask | kStringRepresentationMask)) ==
+         kSeqStringTag;
+}
+
+V8_INLINE bool IsSeqString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  return CheckInstanceMapRange(kUniqueMapRangeOfStringType::kSeqString,
+                               map_object);
+#else
+  return IsSeqString(map_object->instance_type());
+#endif
+}
+
 V8_INLINE constexpr bool IsExternalString(InstanceType instance_type) {
   return (instance_type & (kIsNotStringMask | kStringRepresentationMask)) ==
          kExternalStringTag;
@@ -326,6 +373,47 @@ V8_INLINE bool IsExternalString(Tagged<Map> map_object) {
 #endif
 }
 
+V8_INLINE constexpr bool IsUncachedExternalString(InstanceType instance_type) {
+  return (instance_type & (kIsNotStringMask | kUncachedExternalStringMask |
+                           kStringRepresentationMask)) ==
+         (kExternalStringTag | kUncachedExternalStringTag);
+}
+
+V8_INLINE bool IsUncachedExternalString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  return CheckInstanceMapRange(
+      kUniqueMapRangeOfStringType::kUncachedExternalString, map_object);
+#else
+  return IsUncachedExternalString(map_object->instance_type());
+#endif
+}
+
+V8_INLINE constexpr bool IsConsString(InstanceType instance_type) {
+  return (instance_type & kStringRepresentationMask) == kConsStringTag;
+}
+
+V8_INLINE bool IsConsString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  return CheckInstanceMapRange(kUniqueMapRangeOfStringType::kConsString,
+                               map_object);
+#else
+  return IsConsString(map_object->instance_type());
+#endif
+}
+
+V8_INLINE constexpr bool IsSlicedString(InstanceType instance_type) {
+  return (instance_type & kStringRepresentationMask) == kSlicedStringTag;
+}
+
+V8_INLINE bool IsSlicedString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  return CheckInstanceMapRange(kUniqueMapRangeOfStringType::kSlicedString,
+                               map_object);
+#else
+  return IsSlicedString(map_object->instance_type());
+#endif
+}
+
 V8_INLINE constexpr bool IsThinString(InstanceType instance_type) {
   return (instance_type & kStringRepresentationMask) == kThinStringTag;
 }
@@ -339,6 +427,38 @@ V8_INLINE bool IsThinString(Tagged<Map> map_object) {
 #endif
 }
 
+V8_INLINE constexpr bool IsOneByteString(InstanceType instance_type) {
+  DCHECK(IsString(instance_type));
+  return (instance_type & kStringEncodingMask) == kOneByteStringTag;
+}
+
+V8_INLINE bool IsOneByteString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  DCHECK(IsStringMap(map_object));
+
+  Tagged_t ptr = V8HeapCompressionScheme::CompressObject(map_object.ptr());
+  return (ptr & kStringMapEncodingMask) == kOneByteStringMapBit;
+#else
+  return IsOneByteString(map_object->instance_type());
+#endif
+}
+
+V8_INLINE constexpr bool IsTwoByteString(InstanceType instance_type) {
+  DCHECK(IsString(instance_type));
+  return (instance_type & kStringEncodingMask) == kTwoByteStringTag;
+}
+
+V8_INLINE bool IsTwoByteString(Tagged<Map> map_object) {
+#if V8_STATIC_ROOTS_BOOL
+  DCHECK(IsStringMap(map_object));
+
+  Tagged_t ptr = V8HeapCompressionScheme::CompressObject(map_object.ptr());
+  return (ptr & kStringMapEncodingMask) == kTwoByteStringMapBit;
+#else
+  return IsTwoByteString(map_object->instance_type());
+#endif
+}
+
 V8_INLINE constexpr bool IsReferenceComparable(InstanceType instance_type) {
   return !IsString(instance_type) && !IsBigInt(instance_type) &&
          instance_type != HEAP_NUMBER_TYPE;
@@ -414,8 +534,7 @@ V8_INLINE bool IsNativeContextSpecificMap(Tagged<Map> map_object) {
 INSTANCE_TYPE_CHECKERS(TYPE_CHECKER)
 #undef TYPE_CHECKER
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/instruction-stream-inl.h b/deps/v8/src/objects/instruction-stream-inl.h
index 441c9dd636d407..70100c057dfdb7 100644
--- a/deps/v8/src/objects/instruction-stream-inl.h
+++ b/deps/v8/src/objects/instruction-stream-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_INSTRUCTION_STREAM_INL_H_
 #define V8_OBJECTS_INSTRUCTION_STREAM_INL_H_
 
+#include <optional>
+
 #include "src/common/ptr-compr-inl.h"
 #include "src/heap/heap-write-barrier-inl.h"
 #include "src/objects/code.h"
@@ -14,8 +16,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 OBJECT_CONSTRUCTORS_IMPL(InstructionStream, TrustedObject)
 NEVER_READ_ONLY_SPACE_IMPL(InstructionStream)
@@ -119,7 +120,7 @@ void InstructionStream::Finalize(Tagged<Code> code,
                                  Tagged<TrustedByteArray> reloc_info,
                                  CodeDesc desc, Heap* heap) {
   DisallowGarbageCollection no_gc;
-  base::Optional<WriteBarrierPromise> promise;
+  std::optional<WriteBarrierPromise> promise;
 
   // Copy the relocation info first before we unlock the Jit allocation.
   // TODO(sroettger): reloc info should live in protected memory.
@@ -274,8 +275,7 @@ PtrComprCageBase InstructionStream::main_cage_base() {
 #endif
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/intl-objects.cc b/deps/v8/src/objects/intl-objects.cc
index 10707d65a7117d..66eb391176c3cf 100644
--- a/deps/v8/src/objects/intl-objects.cc
+++ b/deps/v8/src/objects/intl-objects.cc
@@ -2,15 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef V8_INTL_SUPPORT
-#error Internationalization is expected to be enabled.
-#endif  // V8_INTL_SUPPORT
-
 #include "src/objects/intl-objects.h"
 
 #include <algorithm>
 #include <limits>
 #include <memory>
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -55,6 +52,10 @@
 #include "unicode/ustring.h"
 #include "unicode/uvernum.h"  // U_ICU_VERSION_MAJOR_NUM
 
+#ifndef V8_INTL_SUPPORT
+#error Internationalization is expected to be enabled.
+#endif  // V8_INTL_SUPPORT
+
 #define XSTR(s) STR(s)
 #define STR(s) #s
 static_assert(
@@ -63,8 +64,7 @@ static_assert(
 #undef STR
 #undef XSTR
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 
@@ -497,8 +497,9 @@ MaybeHandle<String> Intl::ToString(Isolate* isolate,
 namespace {
 
 Handle<JSObject> InnerAddElement(Isolate* isolate, Handle<JSArray> array,
-                                 int index, Handle<String> field_type_string,
-                                 Handle<String> value) {
+                                 int index,
+                                 DirectHandle<String> field_type_string,
+                                 DirectHandle<String> value) {
   // let element = $array[$index] = {
   //   type: $field_type_string,
   //   value: $value
@@ -522,15 +523,17 @@ Handle<JSObject> InnerAddElement(Isolate* isolate, Handle<JSArray> array,
 }  // namespace
 
 void Intl::AddElement(Isolate* isolate, Handle<JSArray> array, int index,
-                      Handle<String> field_type_string, Handle<String> value) {
+                      DirectHandle<String> field_type_string,
+                      DirectHandle<String> value) {
   // Same as $array[$index] = {type: $field_type_string, value: $value};
   InnerAddElement(isolate, array, index, field_type_string, value);
 }
 
 void Intl::AddElement(Isolate* isolate, Handle<JSArray> array, int index,
-                      Handle<String> field_type_string, Handle<String> value,
+                      DirectHandle<String> field_type_string,
+                      DirectHandle<String> value,
                       Handle<String> additional_property_name,
-                      Handle<String> additional_property_value) {
+                      DirectHandle<String> additional_property_value) {
   // Same as $array[$index] = {
   //   type: $field_type_string, value: $value,
   //   $additional_property_name: $additional_property_value
@@ -984,7 +987,7 @@ template Intl::CompareStringsOptions Intl::CompareStringsOptionsFor(
 template Intl::CompareStringsOptions Intl::CompareStringsOptionsFor(
     LocalIsolate*, DirectHandle<Object>, DirectHandle<Object>);
 
-base::Optional<int> Intl::StringLocaleCompare(
+std::optional<int> Intl::StringLocaleCompare(
     Isolate* isolate, Handle<String> string1, Handle<String> string2,
     Handle<Object> locales, Handle<Object> options, const char* method_name) {
   // We only cache the instance when locales is a string/undefined and
@@ -1111,7 +1114,7 @@ struct FastCompareStringsData {
   int first_diff_at = 0;  // The first relevant diff (L1 if exists, else L3).
   bool has_diff = false;
 
-  base::Optional<UCollationResult> FastCompareFailed(
+  std::optional<UCollationResult> FastCompareFailed(
       int* processed_until_out) const {
     if (has_diff) {
       // Found some difference, continue there to ensure the generic algorithm
@@ -1353,7 +1356,7 @@ bool CollatorAllowsFastComparison(const icu::Collator& icu_collator) {
 //
 //   return UCOL_EQUAL;
 // }
-base::Optional<UCollationResult> TryFastCompareStrings(
+std::optional<UCollationResult> TryFastCompareStrings(
     Isolate* isolate, const icu::Collator& icu_collator,
     DirectHandle<String> string1, DirectHandle<String> string2,
     int* processed_until_out) {
@@ -1448,7 +1451,7 @@ int Intl::CompareStrings(Isolate* isolate, const icu::Collator& icu_collator,
 
   int processed_until = 0;
   if (compare_strings_options == CompareStringsOptions::kTryFastPath) {
-    base::Optional<int> maybe_result = TryFastCompareStrings(
+    std::optional<int> maybe_result = TryFastCompareStrings(
         isolate, icu_collator, string1, string2, &processed_until);
     if (maybe_result.has_value()) return maybe_result.value();
   }
@@ -2087,7 +2090,7 @@ MaybeHandle<JSArray> CreateArrayFromList(Isolate* isolate,
   for (uint32_t i = 0; i < length; i++) {
     // a. Let status be CreateDataProperty(array, ! ToString(n), e).
     const std::string& part = elements[i];
-    Handle<String> value =
+    DirectHandle<String> value =
         factory->NewStringFromUtf8(base::CStrVector(part.c_str()))
             .ToHandleChecked();
     MAYBE_RETURN(JSObject::AddDataElement(array, i, value, attr),
@@ -3224,5 +3227,4 @@ int64_t Intl::GetTimeZoneOffsetNanoseconds(Isolate* isolate,
   return static_cast<int64_t>(raw_offset + dst_offset) * 1000000;
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/intl-objects.h b/deps/v8/src/objects/intl-objects.h
index 84e303fd45d7b6..d070f99258f164 100644
--- a/deps/v8/src/objects/intl-objects.h
+++ b/deps/v8/src/objects/intl-objects.h
@@ -2,15 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef V8_INTL_SUPPORT
-#error Internationalization is expected to be enabled.
-#endif  // V8_INTL_SUPPORT
-
 #ifndef V8_OBJECTS_INTL_OBJECTS_H_
 #define V8_OBJECTS_INTL_OBJECTS_H_
 
 #include <map>
 #include <memory>
+#include <optional>
 #include <set>
 #include <string>
 
@@ -21,6 +18,10 @@
 #include "unicode/locid.h"
 #include "unicode/uversion.h"
 
+#ifndef V8_INTL_SUPPORT
+#error Internationalization is expected to be enabled.
+#endif  // V8_INTL_SUPPORT
+
 #define V8_MINIMUM_ICU_VERSION 73
 
 namespace U_ICU_NAMESPACE {
@@ -41,8 +42,7 @@ class LocalizedNumberFormatter;
 }  //  namespace number
 }  // namespace U_ICU_NAMESPACE
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #define ICU_EXTERNAL_POINTER_TAG_LIST(V)                              \
   V(icu::UnicodeString, kIcuUnicodeStringTag)                         \
@@ -145,7 +145,7 @@ class Intl {
   V8_WARN_UNUSED_RESULT static MaybeHandle<String> ConvertToLower(
       Isolate* isolate, Handle<String> s);
 
-  V8_WARN_UNUSED_RESULT static base::Optional<int> StringLocaleCompare(
+  V8_WARN_UNUSED_RESULT static std::optional<int> StringLocaleCompare(
       Isolate* isolate, Handle<String> s1, Handle<String> s2,
       Handle<Object> locales, Handle<Object> options, const char* method_name);
 
@@ -246,8 +246,8 @@ class Intl {
   // A helper function to implement formatToParts which add element to array as
   // $array[$index] = { type: $field_type_string, value: $value }
   static void AddElement(Isolate* isolate, Handle<JSArray> array, int index,
-                         Handle<String> field_type_string,
-                         Handle<String> value);
+                         DirectHandle<String> field_type_string,
+                         DirectHandle<String> value);
 
   // A helper function to implement formatToParts which add element to array as
   // $array[$index] = {
@@ -255,15 +255,16 @@ class Intl {
   //   $additional_property_name: $additional_property_value
   // }
   static void AddElement(Isolate* isolate, Handle<JSArray> array, int index,
-                         Handle<String> field_type_string, Handle<String> value,
+                         DirectHandle<String> field_type_string,
+                         DirectHandle<String> value,
                          Handle<String> additional_property_name,
-                         Handle<String> additional_property_value);
+                         DirectHandle<String> additional_property_value);
 
   // A helper function to implement formatToParts which add element to array
   static Maybe<int> AddNumberElements(Isolate* isolate,
                                       const icu::FormattedValue& formatted,
                                       Handle<JSArray> result, int start_index,
-                                      Handle<String> unit);
+                                      DirectHandle<String> unit);
 
   // In ECMA 402 v1, Intl constructors supported a mode of operation
   // where calling them with an existing object as a receiver would
@@ -459,7 +460,6 @@ class Intl {
       Isolate* isolate, Handle<Object> options, const char* service);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_OBJECTS_INTL_OBJECTS_H_
diff --git a/deps/v8/src/objects/js-atomics-synchronization.cc b/deps/v8/src/objects/js-atomics-synchronization.cc
index da413f7417f23a..d091021dbd55f3 100644
--- a/deps/v8/src/objects/js-atomics-synchronization.cc
+++ b/deps/v8/src/objects/js-atomics-synchronization.cc
@@ -511,11 +511,11 @@ Tagged<Object> JSSynchronizationPrimitive::NumWaitersForTesting(
 // result object, like we do for the iterator result object.
 // static
 Handle<JSObject> JSAtomicsMutex::CreateResultObject(Isolate* isolate,
-                                                    Handle<Object> value,
+                                                    DirectHandle<Object> value,
                                                     bool success) {
   Handle<JSObject> result =
       isolate->factory()->NewJSObject(isolate->object_function());
-  Handle<Object> success_value = isolate->factory()->ToBoolean(success);
+  DirectHandle<Object> success_value = isolate->factory()->ToBoolean(success);
   JSObject::AddProperty(isolate, result, "value", value,
                         PropertyAttributes::NONE);
   JSObject::AddProperty(isolate, result, "success", success_value,
diff --git a/deps/v8/src/objects/js-atomics-synchronization.h b/deps/v8/src/objects/js-atomics-synchronization.h
index 2950abed24f2fd..9674707fbf6004 100644
--- a/deps/v8/src/objects/js-atomics-synchronization.h
+++ b/deps/v8/src/objects/js-atomics-synchronization.h
@@ -216,7 +216,7 @@ class JSAtomicsMutex
   EXPORT_DECL_VERIFIER(JSAtomicsMutex)
 
   static Handle<JSObject> CreateResultObject(Isolate* isolate,
-                                             Handle<Object> value,
+                                             DirectHandle<Object> value,
                                              bool success);
 
   // Lock the mutex, blocking if it's currently owned by another thread.
diff --git a/deps/v8/src/objects/js-break-iterator.cc b/deps/v8/src/objects/js-break-iterator.cc
index 75f36109fb74e1..b365f482733aeb 100644
--- a/deps/v8/src/objects/js-break-iterator.cc
+++ b/deps/v8/src/objects/js-break-iterator.cc
@@ -175,7 +175,7 @@ Handle<JSObject> JSV8BreakIterator::ResolvedOptions(
   Type type = GetType(break_iterator->break_iterator()->raw());
 
   Handle<JSObject> result = factory->NewJSObject(isolate->object_function());
-  Handle<String> locale(break_iterator->locale(), isolate);
+  DirectHandle<String> locale(break_iterator->locale(), isolate);
 
   JSObject::AddProperty(isolate, result, factory->locale_string(), locale,
                         NONE);
diff --git a/deps/v8/src/objects/js-date-time-format.cc b/deps/v8/src/objects/js-date-time-format.cc
index 25fbb3b2053fc4..038929afeb0c83 100644
--- a/deps/v8/src/objects/js-date-time-format.cc
+++ b/deps/v8/src/objects/js-date-time-format.cc
@@ -2,21 +2,17 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#ifndef V8_INTL_SUPPORT
-#error Internationalization is expected to be enabled.
-#endif  // V8_INTL_SUPPORT
-
 #include "src/objects/js-date-time-format.h"
 
 #include <algorithm>
 #include <map>
 #include <memory>
+#include <optional>
 #include <string>
 #include <utility>
 #include <vector>
 
 #include "src/base/bit-field.h"
-#include "src/base/optional.h"
 #include "src/date/date.h"
 #include "src/execution/isolate.h"
 #include "src/heap/factory.h"
@@ -33,8 +29,11 @@
 #include "unicode/smpdtfmt.h"
 #include "unicode/unistr.h"
 
-namespace v8 {
-namespace internal {
+#ifndef V8_INTL_SUPPORT
+#error Internationalization is expected to be enabled.
+#endif  // V8_INTL_SUPPORT
+
+namespace v8::internal {
 
 namespace {
 
@@ -1106,7 +1105,7 @@ Maybe<DateTimeValueRecord> HandleDateTimeTemporalTime(
 
   // 3. Let isoCalendar be ! GetISO8601Calendar().
 
-  Handle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
+  DirectHandle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
   // 4. Let plainDateTime be ? CreateTemporalDateTime(1970, 1, 1,
   // temporalTime.[[ISOHour]], temporalTime.[[ISOMinute]],
   // temporalTime.[[ISOSecond]], temporalTime.[[ISOMillisecond]],
@@ -1643,15 +1642,15 @@ MaybeHandle<JSDateTimeFormat> JSDateTimeFormat::UnwrapDateTimeFormat(
 // Convert the input in the form of
 // [+-\u2212]hh:?mm  to the ID acceptable for SimpleTimeZone
 // GMT[+-]hh or GMT[+-]hh:mm or empty
-base::Optional<std::string> GetOffsetTimeZone(Isolate* isolate,
-                                              Handle<String> time_zone) {
+std::optional<std::string> GetOffsetTimeZone(Isolate* isolate,
+                                             Handle<String> time_zone) {
   time_zone = String::Flatten(isolate, time_zone);
   DisallowGarbageCollection no_gc;
   const String::FlatContent& flat = time_zone->GetFlatContent(no_gc);
   int32_t len = flat.length();
   if (len < 3) {
     // Error
-    return base::nullopt;
+    return std::nullopt;
   }
   std::string tz("GMT");
   switch (flat.Get(0)) {
@@ -1664,7 +1663,7 @@ base::Optional<std::string> GetOffsetTimeZone(Isolate* isolate,
       break;
     default:
       // Error
-      return base::nullopt;
+      return std::nullopt;
   }
   // 00 - 23
   uint16_t h0 = flat.Get(1);
@@ -1676,7 +1675,7 @@ base::Optional<std::string> GetOffsetTimeZone(Isolate* isolate,
     tz += h1;
   } else {
     // Error
-    return base::nullopt;
+    return std::nullopt;
   }
   if (len == 3) {
     return tz;
@@ -1690,7 +1689,7 @@ base::Optional<std::string> GetOffsetTimeZone(Isolate* isolate,
   }
   if (len - p != 2) {
     // Error
-    return base::nullopt;
+    return std::nullopt;
   }
   uint16_t m1 = flat.Get(p + 1);
   if (m0 >= '0' && m0 <= '5' && m1 >= '0' && m1 <= '9') {
@@ -1699,13 +1698,13 @@ base::Optional<std::string> GetOffsetTimeZone(Isolate* isolate,
     return tz;
   }
   // Error
-  return base::nullopt;
+  return std::nullopt;
 }
 std::unique_ptr<icu::TimeZone> JSDateTimeFormat::CreateTimeZone(
     Isolate* isolate, Handle<String> time_zone_string) {
   // Create time zone as specified by the user. We have to re-create time zone
   // since calendar takes ownership.
-  base::Optional<std::string> offsetTimeZone =
+  std::optional<std::string> offsetTimeZone =
       GetOffsetTimeZone(isolate, time_zone_string);
   if (offsetTimeZone.has_value()) {
     std::unique_ptr<icu::TimeZone> tz(
@@ -2913,7 +2912,7 @@ Maybe<bool> AddPartForFormatRange(
 // If this function return a value, it could be a throw of TypeError, or normal
 // formatted string. If it return a nullopt the caller should call the fallback
 // function.
-base::Optional<MaybeHandle<String>> FormattedToString(
+std::optional<MaybeHandle<String>> FormattedToString(
     Isolate* isolate, const icu::FormattedValue& formatted) {
   UErrorCode status = U_ZERO_ERROR;
   icu::UnicodeString result = formatted.toString(status);
@@ -2926,7 +2925,7 @@ base::Optional<MaybeHandle<String>> FormattedToString(
       return Intl::ToString(isolate, result);
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // A helper function to convert the FormattedDateInterval to a
@@ -2934,7 +2933,7 @@ base::Optional<MaybeHandle<String>> FormattedToString(
 // If this function return a value, it could be a throw of TypeError, or normal
 // formatted parts in JSArray. If it return a nullopt the caller should call
 // the fallback function.
-base::Optional<MaybeHandle<JSArray>> FormattedDateIntervalToJSArray(
+std::optional<MaybeHandle<JSArray>> FormattedDateIntervalToJSArray(
     Isolate* isolate, const icu::FormattedValue& formatted) {
   UErrorCode status = U_ZERO_ERROR;
   icu::UnicodeString result = formatted.toString(status);
@@ -2989,19 +2988,19 @@ base::Optional<MaybeHandle<JSArray>> FormattedDateIntervalToJSArray(
 
   JSObject::ValidateElements(*array);
   if (output_range) return array;
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // The shared code between formatRange and formatRangeToParts
-template <typename T, base::Optional<MaybeHandle<T>> (*Format)(
+template <typename T, std::optional<MaybeHandle<T>> (*Format)(
                           Isolate*, const icu::FormattedValue&)>
-base::Optional<MaybeHandle<T>> CallICUFormatRange(
+std::optional<MaybeHandle<T>> CallICUFormatRange(
     Isolate* isolate, const icu::DateIntervalFormat* format,
     const icu::Calendar* calendar, double x, double y);
 // #sec-partitiondatetimerangepattern
-template <typename T, base::Optional<MaybeHandle<T>> (*Format)(
+template <typename T, std::optional<MaybeHandle<T>> (*Format)(
                           Isolate*, const icu::FormattedValue&)>
-base::Optional<MaybeHandle<T>> PartitionDateTimeRangePattern(
+std::optional<MaybeHandle<T>> PartitionDateTimeRangePattern(
     Isolate* isolate, DirectHandle<JSDateTimeFormat> date_time_format, double x,
     double y, const char* method_name) {
   // 1. Let x be TimeClip(x).
@@ -3028,9 +3027,9 @@ base::Optional<MaybeHandle<T>> PartitionDateTimeRangePattern(
   return CallICUFormatRange<T, Format>(isolate, format.get(), calendar, x, y);
 }
 
-template <typename T, base::Optional<MaybeHandle<T>> (*Format)(
+template <typename T, std::optional<MaybeHandle<T>> (*Format)(
                           Isolate*, const icu::FormattedValue&)>
-base::Optional<MaybeHandle<T>> CallICUFormatRange(
+std::optional<MaybeHandle<T>> CallICUFormatRange(
     Isolate* isolate, const icu::DateIntervalFormat* format,
     const icu::Calendar* calendar, double x, double y) {
   UErrorCode status = U_ZERO_ERROR;
@@ -3051,8 +3050,8 @@ base::Optional<MaybeHandle<T>> CallICUFormatRange(
 }
 
 template <typename T,
-          base::Optional<MaybeHandle<T>> (*Format)(Isolate*,
-                                                   const icu::FormattedValue&),
+          std::optional<MaybeHandle<T>> (*Format)(Isolate*,
+                                                  const icu::FormattedValue&),
           MaybeHandle<T> (*Fallback)(Isolate*, const icu::SimpleDateFormat&,
                                      PatternKind, double)>
 MaybeHandle<T> FormatRangeCommonWithTemporalSupport(
@@ -3097,7 +3096,7 @@ MaybeHandle<T> FormatRangeCommonWithTemporalSupport(
   const icu::Calendar* calendar =
       date_time_format->icu_simple_date_format()->raw()->getCalendar();
 
-  base::Optional<MaybeHandle<T>> result = CallICUFormatRange<T, Format>(
+  std::optional<MaybeHandle<T>> result = CallICUFormatRange<T, Format>(
       isolate, format.get(), calendar, x_record.epoch_milliseconds,
       y_record.epoch_milliseconds);
   if (result.has_value()) return *result;
@@ -3106,8 +3105,8 @@ MaybeHandle<T> FormatRangeCommonWithTemporalSupport(
 }
 
 template <typename T,
-          base::Optional<MaybeHandle<T>> (*Format)(Isolate*,
-                                                   const icu::FormattedValue&),
+          std::optional<MaybeHandle<T>> (*Format)(Isolate*,
+                                                  const icu::FormattedValue&),
           MaybeHandle<T> (*Fallback)(Isolate*, const icu::SimpleDateFormat&,
                                      double)>
 MaybeHandle<T> FormatRangeCommon(Isolate* isolate,
@@ -3121,7 +3120,7 @@ MaybeHandle<T> FormatRangeCommon(Isolate* isolate,
   ASSIGN_RETURN_ON_EXCEPTION(isolate, y_obj, Object::ToNumber(isolate, y_obj));
   double y = Object::NumberValue(*y_obj);
 
-  base::Optional<MaybeHandle<T>> result =
+  std::optional<MaybeHandle<T>> result =
       PartitionDateTimeRangePattern<T, Format>(isolate, date_time_format, x, y,
                                                method_name);
   if (result.has_value()) return *result;
@@ -3165,5 +3164,4 @@ MaybeHandle<JSArray> JSDateTimeFormat::FormatRangeToParts(
       isolate, date_time_format, x, y, method_name);
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/js-disposable-stack.cc b/deps/v8/src/objects/js-disposable-stack.cc
index 2ef47a072436d1..c2e0c94a70c0d7 100644
--- a/deps/v8/src/objects/js-disposable-stack.cc
+++ b/deps/v8/src/objects/js-disposable-stack.cc
@@ -23,70 +23,6 @@
 namespace v8 {
 namespace internal {
 
-// We implement async resources disposal by promise chaining in
-// `DisposeResourcesAwaitPoint`.
-Handle<JSReceiver> JSDisposableStackBase::DisposeResourcesAwaitPoint(
-    Isolate* isolate, DirectHandle<JSDisposableStackBase> disposable_stack,
-    int length, MaybeHandle<Object> result, MaybeHandle<Object> maybe_error) {
-  disposable_stack->set_length(length);
-  Handle<JSReceiver> promise = isolate->factory()->NewJSPromise();
-
-  Handle<Object> result_handle;
-  Handle<Object> existing_error;
-
-  if (result.ToHandle(&result_handle)) {
-    Handle<JSFunction> promise_function = isolate->promise_function();
-    Handle<Object> argv[] = {result_handle};
-    Handle<Object> resolve_result =
-        Execution::CallBuiltin(isolate, isolate->promise_resolve(),
-                               promise_function, arraysize(argv), argv)
-            .ToHandleChecked();
-    promise = Cast<JSReceiver>(resolve_result);
-  } else {
-    UNIMPLEMENTED();
-  }
-
-  Handle<Context> async_disposable_stack_context =
-      isolate->factory()->NewBuiltinContext(
-          isolate->native_context(),
-          static_cast<int>(AsyncDisposableStackContextSlots::kLength));
-  async_disposable_stack_context->set(
-      static_cast<int>(AsyncDisposableStackContextSlots::kStack),
-      *disposable_stack);
-
-  if (maybe_error.ToHandle(&existing_error)) {
-    async_disposable_stack_context->set(
-        static_cast<int>(AsyncDisposableStackContextSlots::kError),
-        *existing_error);
-  } else {
-    async_disposable_stack_context->set(
-        static_cast<int>(AsyncDisposableStackContextSlots::kError),
-        ReadOnlyRoots(isolate).the_hole_value());
-  }
-
-  Handle<JSFunction> on_fulfilled =
-      Factory::JSFunctionBuilder{
-          isolate,
-          isolate->factory()->async_disposable_stack_on_fulfilled_shared_fun(),
-          async_disposable_stack_context}
-          .Build();
-
-  Handle<JSFunction> on_rejected =
-      Factory::JSFunctionBuilder{
-          isolate,
-          isolate->factory()->async_disposable_stack_on_rejected_shared_fun(),
-          async_disposable_stack_context}
-          .Build();
-
-  Handle<Object> argv[] = {on_fulfilled, on_rejected};
-
-  Handle<Object> then_result =
-      Execution::CallBuiltin(isolate, isolate->promise_then(), promise,
-                             arraysize(argv), argv)
-          .ToHandleChecked();
-  return Cast<JSReceiver>(then_result);
-}
-
 // https://arai-a.github.io/ecma262-compare/?pr=3000&id=sec-disposeresources
 // (TODO:rezvan):
 // https://github.com/tc39/proposal-explicit-resource-management/pull/219
@@ -131,10 +67,22 @@ MaybeHandle<Object> JSDisposableStackBase::DisposeResources(
                                ReadOnlyRoots(isolate).undefined_value_handle(),
                                1, argv);
     }
+    Handle<Object> result_handle;
     if (hint == DisposeMethodHint::kAsyncDispose) {
       DCHECK_NE(resources_type, DisposableStackResourcesType::kAllSync);
-      return DisposeResourcesAwaitPoint(isolate, disposable_stack, length,
-                                        result, maybe_error);
+
+      if (result.ToHandle(&result_handle)) {
+        disposable_stack->set_length(length);
+        Handle<JSFunction> promise_function = isolate->promise_function();
+        Handle<Object> argv[] = {result_handle};
+        Handle<Object> resolve_result =
+            Execution::CallBuiltin(isolate, isolate->promise_resolve(),
+                                   promise_function, arraysize(argv), argv)
+                .ToHandleChecked();
+        return Cast<JSReceiver>(resolve_result);
+      } else {
+        UNIMPLEMENTED();
+      }
     }
 
     //  b. If result is a throw completion, then
diff --git a/deps/v8/src/objects/js-duration-format.cc b/deps/v8/src/objects/js-duration-format.cc
index 80816570772844..69ec2e43ae503f 100644
--- a/deps/v8/src/objects/js-duration-format.cc
+++ b/deps/v8/src/objects/js-duration-format.cc
@@ -1076,7 +1076,7 @@ MaybeHandle<JSArray> FormattedListToJSArray(
                              separator_string);
           } break;
           case Part::Type::kFormatted:
-            Handle<String> type_string =
+            DirectHandle<String> type_string =
                 factory->NewStringFromAsciiChecked(it.type.c_str());
             Maybe<int> index_after_add = Intl::AddNumberElements(
                 isolate, it.formatted, array, index, type_string);
diff --git a/deps/v8/src/objects/js-function-inl.h b/deps/v8/src/objects/js-function-inl.h
index 0986b1cd0c290f..9b16535fe29bb8 100644
--- a/deps/v8/src/objects/js-function-inl.h
+++ b/deps/v8/src/objects/js-function-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_JS_FUNCTION_INL_H_
 #define V8_OBJECTS_JS_FUNCTION_INL_H_
 
+#include <optional>
+
 #include "src/objects/js-function.h"
 
 // Include other inline headers *after* including js-function.h, such that e.g.
@@ -22,8 +24,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/js-function-tq-inl.inc"
 
@@ -118,6 +119,21 @@ Tagged<Object> JSFunction::raw_code(IsolateForSandbox isolate,
 #endif  // V8_ENABLE_SANDBOX
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+void JSFunction::initialize_dispatch_handle(IsolateForSandbox isolate,
+                                            uint16_t parameter_count) {
+  InitJSDispatchHandleField(kDispatchHandleOffset, isolate, parameter_count);
+}
+
+void JSFunction::clear_dispatch_handle() {
+  WriteField<JSDispatchHandle>(kDispatchHandleOffset, kNullJSDispatchHandle);
+}
+
+JSDispatchHandle JSFunction::dispatch_handle() {
+  return ReadField<JSDispatchHandle>(kDispatchHandleOffset);
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 RELEASE_ACQUIRE_ACCESSORS(JSFunction, context, Tagged<Context>, kContextOffset)
 
 Address JSFunction::instruction_start(IsolateForSandbox isolate) const {
@@ -288,8 +304,8 @@ bool JSFunction::NeedsResetDueToFlushedBaselineCode(IsolateForSandbox isolate) {
 
 void JSFunction::ResetIfCodeFlushed(
     IsolateForSandbox isolate,
-    base::Optional<std::function<void(
-        Tagged<HeapObject> object, ObjectSlot slot, Tagged<HeapObject> target)>>
+    std::optional<std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
+                                     Tagged<HeapObject> target)>>
         gc_notify_updated_slot) {
   const bool kBytecodeCanFlush =
       v8_flags.flush_bytecode || v8_flags.stress_snapshot;
@@ -314,8 +330,7 @@ void JSFunction::ResetIfCodeFlushed(
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/js-function.cc b/deps/v8/src/objects/js-function.cc
index 2c88a521a5aa57..f704d6d6522f31 100644
--- a/deps/v8/src/objects/js-function.cc
+++ b/deps/v8/src/objects/js-function.cc
@@ -4,7 +4,8 @@
 
 #include "src/objects/js-function.h"
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/baseline/baseline-batch-compiler.h"
 #include "src/codegen/compiler.h"
 #include "src/common/globals.h"
@@ -21,8 +22,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 CodeKinds JSFunction::GetAttachedCodeKinds(IsolateForSandbox isolate) const {
   const CodeKind kind = code(isolate)->kind();
@@ -123,7 +123,7 @@ V8_WARN_UNUSED_RESULT bool HighestTierOf(CodeKinds kinds,
 
 }  // namespace
 
-base::Optional<CodeKind> JSFunction::GetActiveTier(
+std::optional<CodeKind> JSFunction::GetActiveTier(
     IsolateForSandbox isolate) const {
 #if V8_ENABLE_WEBASSEMBLY
   // Asm/Wasm functions are currently not supported. For simplicity, this
@@ -238,7 +238,7 @@ void JSFunction::MarkForOptimization(Isolate* isolate, CodeKind target_kind,
 }
 
 void JSFunction::SetInterruptBudget(
-    Isolate* isolate, base::Optional<CodeKind> override_active_tier) {
+    Isolate* isolate, std::optional<CodeKind> override_active_tier) {
   raw_feedback_cell()->set_interrupt_budget(
       TieringManager::InterruptBudgetFor(isolate, *this, override_active_tier));
 }
@@ -330,8 +330,8 @@ Maybe<bool> JSFunctionOrBoundFunctionOrWrappedFunction::CopyNameAndLength(
 }
 
 // static
-MaybeHandle<String> JSBoundFunction::GetName(Isolate* isolate,
-                                             Handle<JSBoundFunction> function) {
+MaybeHandle<String> JSBoundFunction::GetName(
+    Isolate* isolate, DirectHandle<JSBoundFunction> function) {
   Handle<String> prefix = isolate->factory()->bound__string();
   Handle<String> target_name = prefix;
   Factory* factory = isolate->factory();
@@ -362,7 +362,7 @@ MaybeHandle<String> JSBoundFunction::GetName(Isolate* isolate,
 
 // static
 Maybe<int> JSBoundFunction::GetLength(Isolate* isolate,
-                                      Handle<JSBoundFunction> function) {
+                                      DirectHandle<JSBoundFunction> function) {
   int nof_bound_arguments = function->bound_arguments()->length();
   while (IsJSBoundFunction(function->bound_target_function())) {
     function = handle(Cast<JSBoundFunction>(function->bound_target_function()),
@@ -555,9 +555,14 @@ void JSFunction::EnsureClosureFeedbackCellArray(
     DirectHandle<FeedbackCell> feedback_cell =
         isolate->factory()->NewOneClosureCell(feedback_cell_array);
 #ifdef V8_ENABLE_LEAPTIERING
-    Tagged<BytecodeArray> bytecode = shared->GetBytecodeArray(isolate);
-    feedback_cell->initialize_dispatch_handle(isolate,
-                                              bytecode->parameter_count());
+    // This is a rare case where we copy the dispatch entry from a JSFunction
+    // to its FeedbackCell instead of the other way around.
+    // TODO(42204201): investigate whether this can be avoided so that we only
+    // ever copy a dispatch handle from a FeedbackCell to a JSFunction. That
+    // would probably require refactoring the way JSFunctions are built so that
+    // we always allocate a FeedbackCell up front (if needed).
+    DCHECK_NE(function->dispatch_handle(), kNullJSDispatchHandle);
+    feedback_cell->set_dispatch_handle(function->dispatch_handle());
 #endif  // V8_ENABLE_LEAPTIERING
     function->set_raw_feedback_cell(*feedback_cell, kReleaseStore);
     function->SetInterruptBudget(isolate);
@@ -617,7 +622,7 @@ void JSFunction::CreateAndAttachFeedbackVector(
 
 // static
 void JSFunction::InitializeFeedbackCell(
-    Handle<JSFunction> function, IsCompiledScope* is_compiled_scope,
+    DirectHandle<JSFunction> function, IsCompiledScope* is_compiled_scope,
     bool reset_budget_for_feedback_allocation) {
   Isolate* const isolate = function->GetIsolate();
 #if V8_ENABLE_WEBASSEMBLY
@@ -647,8 +652,7 @@ void JSFunction::InitializeFeedbackCell(
       // profile and more precise code coverage.
       v8_flags.log_function_events ||
       !isolate->is_best_effort_code_coverage() ||
-      function->shared()->cached_tiering_decision() !=
-          CachedTieringDecision::kPending;
+      function->shared()->sparkplug_compiled();
 
   if (needs_feedback_vector) {
     CreateAndAttachFeedbackVector(isolate, function, is_compiled_scope);
@@ -658,8 +662,7 @@ void JSFunction::InitializeFeedbackCell(
   }
 #ifdef V8_ENABLE_SPARKPLUG
   // TODO(jgruber): Unduplicate these conditions from tiering-manager.cc.
-  if (function->shared()->cached_tiering_decision() !=
-          CachedTieringDecision::kPending &&
+  if (function->shared()->sparkplug_compiled() &&
       CanCompileWithBaseline(isolate, function->shared()) &&
       function->ActiveTierIsIgnition(isolate)) {
     if (v8_flags.baseline_batch_compilation) {
@@ -673,27 +676,18 @@ void JSFunction::InitializeFeedbackCell(
   }
 #endif  // V8_ENABLE_SPARKPLUG
 
-  if (v8_flags.profile_guided_optimization) {
-    // kEarlyMaglevPending implies the function has been tiered up to Maglev and
-    // has not been tiered up to Turbofan, we set kEarlyMaglev for delaying
-    // turbofan compilation only in this case.
+  if (v8_flags.profile_guided_optimization &&
+      v8_flags.profile_guided_optimization_for_empty_feedback_vector &&
+      function->has_feedback_vector() &&
+      function->feedback_vector()->length() == 0) {
     if (function->shared()->cached_tiering_decision() ==
-        CachedTieringDecision::kEarlyMaglevPending) {
-      function->shared()->set_cached_tiering_decision(
-          CachedTieringDecision::kEarlyMaglev);
-    }
-    if (v8_flags.profile_guided_optimization_for_empty_feedback_vector &&
-        function->has_feedback_vector() &&
-        function->feedback_vector()->length() == 0) {
-      if (function->shared()->cached_tiering_decision() ==
-          CachedTieringDecision::kEarlyMaglev) {
-        function->MarkForOptimization(isolate, CodeKind::MAGLEV,
-                                      ConcurrencyMode::kConcurrent);
-      } else if (function->shared()->cached_tiering_decision() ==
-                 CachedTieringDecision::kEarlyTurbofan) {
-        function->MarkForOptimization(isolate, CodeKind::TURBOFAN,
-                                      ConcurrencyMode::kConcurrent);
-      }
+        CachedTieringDecision::kEarlyMaglev) {
+      function->MarkForOptimization(isolate, CodeKind::MAGLEV,
+                                    ConcurrencyMode::kConcurrent);
+    } else if (function->shared()->cached_tiering_decision() ==
+               CachedTieringDecision::kEarlyTurbofan) {
+      function->MarkForOptimization(isolate, CodeKind::TURBOFAN,
+                                    ConcurrencyMode::kConcurrent);
     }
   }
 }
@@ -748,7 +742,7 @@ void SetInstancePrototype(Isolate* isolate, DirectHandle<JSFunction> function,
 
 }  // anonymous namespace
 
-void JSFunction::SetPrototype(Handle<JSFunction> function,
+void JSFunction::SetPrototype(DirectHandle<JSFunction> function,
                               Handle<Object> value) {
   DCHECK(IsConstructor(*function) ||
          IsGeneratorFunction(function->shared()->kind()));
@@ -763,7 +757,7 @@ void JSFunction::SetPrototype(Handle<JSFunction> function,
     // Copy the map so this does not affect unrelated functions.
     // Remove map transitions because they point to maps with a
     // different prototype.
-    Handle<Map> new_map =
+    DirectHandle<Map> new_map =
         Map::Copy(isolate, handle(function->map(), isolate), "SetPrototype");
 
     // Create a new {constructor, non-instance_prototype} tuple and store it
@@ -1461,7 +1455,6 @@ void JSFunction::ClearAllTypeFeedbackInfoForTesting() {
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
diff --git a/deps/v8/src/objects/js-function.h b/deps/v8/src/objects/js-function.h
index f8a126c1468157..7e9481c72260bc 100644
--- a/deps/v8/src/objects/js-function.h
+++ b/deps/v8/src/objects/js-function.h
@@ -5,15 +5,15 @@
 #ifndef V8_OBJECTS_JS_FUNCTION_H_
 #define V8_OBJECTS_JS_FUNCTION_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/objects/code-kind.h"
 #include "src/objects/js-objects.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class AbstractCode;
 class ClosureFeedbackCellArray;
@@ -46,9 +46,9 @@ class JSBoundFunction
           JSBoundFunction, JSFunctionOrBoundFunctionOrWrappedFunction> {
  public:
   static MaybeHandle<String> GetName(Isolate* isolate,
-                                     Handle<JSBoundFunction> function);
+                                     DirectHandle<JSBoundFunction> function);
   static Maybe<int> GetLength(Isolate* isolate,
-                              Handle<JSBoundFunction> function);
+                              DirectHandle<JSBoundFunction> function);
 
   // Dispatched behavior.
   DECL_PRINTER(JSBoundFunction)
@@ -140,6 +140,13 @@ class JSFunction : public TorqueGeneratedJSFunction<
   template <typename IsolateT>
   inline Tagged<AbstractCode> abstract_code(IsolateT* isolate);
 
+#ifdef V8_ENABLE_LEAPTIERING
+  inline void initialize_dispatch_handle(IsolateForSandbox isolate,
+                                         uint16_t parameter_count);
+  inline void clear_dispatch_handle();
+  inline JSDispatchHandle dispatch_handle();
+#endif  // V8_ENABLE_LEAPTIERING
+
   // The predicates for querying code kinds related to this function have
   // specific terminology:
   //
@@ -172,7 +179,7 @@ class JSFunction : public TorqueGeneratedJSFunction<
   bool HasAttachedCodeKind(IsolateForSandbox isolate, CodeKind kind) const;
   bool HasAvailableCodeKind(IsolateForSandbox isolate, CodeKind kind) const;
 
-  base::Optional<CodeKind> GetActiveTier(IsolateForSandbox isolate) const;
+  std::optional<CodeKind> GetActiveTier(IsolateForSandbox isolate) const;
   V8_EXPORT_PRIVATE bool ActiveTierIsIgnition(IsolateForSandbox isolate) const;
   bool ActiveTierIsBaseline(IsolateForSandbox isolate) const;
   bool ActiveTierIsMaglev(IsolateForSandbox isolate) const;
@@ -202,7 +209,7 @@ class JSFunction : public TorqueGeneratedJSFunction<
   // Sets the interrupt budget based on whether the function has a feedback
   // vector and any optimized code.
   void SetInterruptBudget(Isolate* isolate,
-                          base::Optional<CodeKind> override_active_tier = {});
+                          std::optional<CodeKind> override_active_tier = {});
 
   // If slack tracking is active, it computes instance size of the initial map
   // with minimum permissible object slack.  If it is not active, it simply
@@ -249,7 +256,7 @@ class JSFunction : public TorqueGeneratedJSFunction<
   // initialized to the closure feedback cell array that holds the feedback
   // cells for create closure calls from this function. In the regular mode,
   // this allocates feedback vector.
-  static void InitializeFeedbackCell(Handle<JSFunction> function,
+  static void InitializeFeedbackCell(DirectHandle<JSFunction> function,
                                      IsCompiledScope* compiled_scope,
                                      bool reset_budget_for_feedback_allocation);
 
@@ -261,10 +268,10 @@ class JSFunction : public TorqueGeneratedJSFunction<
   inline bool NeedsResetDueToFlushedBytecode(IsolateForSandbox isolate);
   inline void ResetIfCodeFlushed(
       IsolateForSandbox isolate,
-      base::Optional<
+      std::optional<
           std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
                              Tagged<HeapObject> target)>>
-          gc_notify_updated_slot = base::nullopt);
+          gc_notify_updated_slot = std::nullopt);
 
   // Returns if the closure's code field has to be updated because it has
   // stale baseline code.
@@ -317,7 +324,8 @@ class JSFunction : public TorqueGeneratedJSFunction<
   DECL_GETTER(instance_prototype, Tagged<HeapObject>)
   DECL_GETTER(has_prototype_property, bool)
   DECL_GETTER(PrototypeRequiresRuntimeLookup, bool)
-  static void SetPrototype(Handle<JSFunction> function, Handle<Object> value);
+  static void SetPrototype(DirectHandle<JSFunction> function,
+                           Handle<Object> value);
 
   // Returns if this function has been compiled to native code yet.
   inline bool is_compiled(IsolateForSandbox isolate) const;
@@ -397,8 +405,7 @@ class JSFunction : public TorqueGeneratedJSFunction<
   TQ_OBJECT_CONSTRUCTORS(JSFunction)
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/js-function.tq b/deps/v8/src/objects/js-function.tq
index b274664622618d..e816ba56ee2c68 100644
--- a/deps/v8/src/objects/js-function.tq
+++ b/deps/v8/src/objects/js-function.tq
@@ -29,10 +29,9 @@ extern class JSWrappedFunction extends
 // here, please also update JSFunctionVerify in objects-debug.cc.
 @highestInstanceTypeWithinParentClassRange
 extern class JSFunction extends JSFunctionOrBoundFunctionOrWrappedFunction {
-  // When the sandbox is enabled, the Code object is referenced through an
-  // indirect pointer. Otherwise, it is a regular tagged pointer.
-  @if(V8_ENABLE_SANDBOX) code: IndirectPointer<Code>;
-  @ifnot(V8_ENABLE_SANDBOX) code: Code;
+  // TODO(saelo): drop this field once we call through the dispatch_handle.
+  code: TrustedPointer<Code>;
+  @if(V8_ENABLE_LEAPTIERING) dispatch_handle: int32;
   shared_function_info: SharedFunctionInfo;
   context: Context;
   feedback_cell: FeedbackCell;
diff --git a/deps/v8/src/objects/js-list-format.cc b/deps/v8/src/objects/js-list-format.cc
index 0f6b6090a8caee..7d5faeb0302ed0 100644
--- a/deps/v8/src/objects/js-list-format.cc
+++ b/deps/v8/src/objects/js-list-format.cc
@@ -158,7 +158,7 @@ Handle<JSObject> JSListFormat::ResolvedOptions(
   //  [[Locale]]       "locale"
   //  [[Type]]         "type"
   //  [[Style]]        "style"
-  Handle<String> locale(format->locale(), isolate);
+  DirectHandle<String> locale(format->locale(), isolate);
   JSObject::AddProperty(isolate, result, factory->locale_string(), locale,
                         NONE);
   JSObject::AddProperty(isolate, result, factory->type_string(),
diff --git a/deps/v8/src/objects/js-locale.cc b/deps/v8/src/objects/js-locale.cc
index 13ae084b900e42..7ffb91ebdeed9e 100644
--- a/deps/v8/src/objects/js-locale.cc
+++ b/deps/v8/src/objects/js-locale.cc
@@ -589,7 +589,7 @@ MaybeHandle<JSArray> JSLocale::GetHourCycles(Isolate* isolate,
   if (U_FAILURE(status)) {
     THROW_NEW_ERROR(isolate, NewRangeError(MessageTemplate::kIcuError));
   }
-  Handle<String> hour_cycle;
+  DirectHandle<String> hour_cycle;
 
   switch (hc) {
     case UDAT_HOUR_CYCLE_11:
diff --git a/deps/v8/src/objects/js-number-format.cc b/deps/v8/src/objects/js-number-format.cc
index 4799905d217dbc..efb04febbda706 100644
--- a/deps/v8/src/objects/js-number-format.cc
+++ b/deps/v8/src/objects/js-number-format.cc
@@ -1725,8 +1725,8 @@ Maybe<IntlMathematicalValue> IntlMathematicalValue::From(Isolate* isolate,
     uint16_t ch = string->Get(1);
     if (ch == 'b' || ch == 'B' || ch == 'o' || ch == 'O' || ch == 'x' ||
         ch == 'X') {
-      result.approx_ = StringToDouble(
-          isolate, string, ALLOW_HEX | ALLOW_OCTAL | ALLOW_BINARY, 0);
+      result.approx_ =
+          StringToDouble(isolate, string, ALLOW_NON_DECIMAL_PREFIX, 0);
       // If approx is within the precision, just return as Number.
       if (result.approx_ < kMaxSafeInteger) {
         result.value_ = isolate->factory()->NewNumber(result.approx_);
@@ -1746,7 +1746,7 @@ Maybe<IntlMathematicalValue> IntlMathematicalValue::From(Isolate* isolate,
   }
   // If it does not fit StrDecimalLiteral StrWhiteSpace_opt, StringToDouble will
   // parse it as NaN, in that case, return NaN.
-  result.approx_ = StringToDouble(isolate, string, NO_CONVERSION_FLAGS, 0);
+  result.approx_ = StringToDouble(isolate, string, NO_CONVERSION_FLAG, 0);
   if (std::isnan(result.approx_)) {
     result.value_ = factory->nan_value();
     return Just(result);
@@ -1909,7 +1909,7 @@ Maybe<int> ConstructParts(Isolate* isolate,
                           const icu::FormattedValue& formatted,
                           Handle<JSArray> result, int start_index,
                           bool style_is_unit, bool is_nan, bool output_source,
-                          bool output_unit, Handle<String> unit) {
+                          bool output_unit, DirectHandle<String> unit) {
   UErrorCode status = U_ZERO_ERROR;
   icu::UnicodeString formatted_text = formatted.toString(status);
   if (U_FAILURE(status)) {
@@ -1947,7 +1947,8 @@ Maybe<int> ConstructParts(Isolate* isolate,
 
   for (auto it = parts.begin(); it < parts.end(); it++) {
     NumberFormatSpan part = *it;
-    Handle<String> field_type_string = isolate->factory()->literal_string();
+    DirectHandle<String> field_type_string =
+        isolate->factory()->literal_string();
     if (part.field_id != -1) {
       if (style_is_unit && static_cast<UNumberFormatFields>(part.field_id) ==
                                UNUM_PERCENT_FIELD) {
@@ -1989,7 +1990,7 @@ Maybe<int> ConstructParts(Isolate* isolate,
 Maybe<int> Intl::AddNumberElements(Isolate* isolate,
                                    const icu::FormattedValue& formatted,
                                    Handle<JSArray> result, int start_index,
-                                   Handle<String> unit) {
+                                   DirectHandle<String> unit) {
   return ConstructParts(isolate, formatted, result, start_index, true, false,
                         false, true, unit);
 }
diff --git a/deps/v8/src/objects/js-objects-inl.h b/deps/v8/src/objects/js-objects-inl.h
index 7267f928a7d5fa..36dc60c7ef104a 100644
--- a/deps/v8/src/objects/js-objects-inl.h
+++ b/deps/v8/src/objects/js-objects-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_JS_OBJECTS_INL_H_
 #define V8_OBJECTS_JS_OBJECTS_INL_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/heap/heap-write-barrier.h"
 #include "src/objects/dictionary.h"
@@ -33,8 +35,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/js-objects-tq-inl.inc"
 
@@ -245,7 +246,7 @@ void JSObject::EnsureCanContainElements(Handle<JSObject> object,
 }
 
 void JSObject::SetMapAndElements(DirectHandle<JSObject> object,
-                                 Handle<Map> new_map,
+                                 DirectHandle<Map> new_map,
                                  DirectHandle<FixedArrayBase> value) {
   Isolate* isolate = object->GetIsolate();
   JSObject::MigrateToMap(isolate, object, new_map);
@@ -394,7 +395,7 @@ Tagged<JSAny> JSObject::RawFastPropertyAt(PtrComprCageBase cage_base,
   }
 }
 
-base::Optional<Tagged<Object>> JSObject::RawInobjectPropertyAt(
+std::optional<Tagged<Object>> JSObject::RawInobjectPropertyAt(
     PtrComprCageBase cage_base, Tagged<Map> original_map,
     FieldIndex index) const {
   CHECK(index.is_inobject());
@@ -906,7 +907,7 @@ DEF_GETTER(JSReceiver, property_array, Tagged<PropertyArray>) {
   return Cast<PropertyArray>(prop);
 }
 
-base::Optional<Tagged<NativeContext>> JSReceiver::GetCreationContext() {
+std::optional<Tagged<NativeContext>> JSReceiver::GetCreationContext() {
   DisallowGarbageCollection no_gc;
   Tagged<Map> meta_map = map()->map();
   DCHECK(IsMapMap(meta_map));
@@ -918,7 +919,7 @@ base::Optional<Tagged<NativeContext>> JSReceiver::GetCreationContext() {
 
 MaybeHandle<NativeContext> JSReceiver::GetCreationContext(Isolate* isolate) {
   DisallowGarbageCollection no_gc;
-  base::Optional<Tagged<NativeContext>> maybe_context = GetCreationContext();
+  std::optional<Tagged<NativeContext>> maybe_context = GetCreationContext();
   if (!maybe_context.has_value()) return {};
   return handle(maybe_context.value(), isolate);
 }
@@ -1041,8 +1042,7 @@ static inline bool ShouldConvertToSlowElements(Tagged<JSObject> object,
                                      *new_capacity);
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/js-objects.cc b/deps/v8/src/objects/js-objects.cc
index ef8360b9027820..b925e497eb9119 100644
--- a/deps/v8/src/objects/js-objects.cc
+++ b/deps/v8/src/objects/js-objects.cc
@@ -5,10 +5,10 @@
 #include "src/objects/js-objects.h"
 
 #include <limits>
+#include <optional>
 
 #include "src/api/api-arguments-inl.h"
 #include "src/api/api-natives.h"
-#include "src/base/optional.h"
 #include "src/common/assert-scope.h"
 #include "src/common/globals.h"
 #include "src/date/date.h"
@@ -37,47 +37,25 @@
 #include "src/objects/js-array-buffer-inl.h"
 #include "src/objects/js-array-inl.h"
 #include "src/objects/js-atomics-synchronization.h"
-#include "src/objects/lookup.h"
-#include "src/objects/map-updater.h"
-#include "src/objects/objects-body-descriptors-inl.h"
-#include "src/objects/objects-inl.h"
-#include "src/objects/tagged.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-break-iterator.h"
-#include "src/objects/js-collator.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-collection.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-date-time-format.h"
-#include "src/objects/js-display-names.h"
-#include "src/objects/js-duration-format.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-disposable-stack.h"
 #include "src/objects/js-generator-inl.h"
 #include "src/objects/js-iterator-helpers-inl.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-list-format.h"
-#include "src/objects/js-locale.h"
-#include "src/objects/js-number-format.h"
-#include "src/objects/js-plural-rules.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-promise.h"
+#include "src/objects/js-raw-json-inl.h"
 #include "src/objects/js-regexp-inl.h"
 #include "src/objects/js-regexp-string-iterator.h"
 #include "src/objects/js-shadow-realm.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-relative-time-format.h"
-#include "src/objects/js-segment-iterator.h"
-#include "src/objects/js-segmenter.h"
-#include "src/objects/js-segments.h"
-#endif  // V8_INTL_SUPPORT
-#include "src/objects/js-raw-json-inl.h"
 #include "src/objects/js-shared-array-inl.h"
 #include "src/objects/js-struct-inl.h"
 #include "src/objects/js-temporal-objects-inl.h"
 #include "src/objects/js-weak-refs.h"
+#include "src/objects/lookup.h"
 #include "src/objects/map-inl.h"
+#include "src/objects/map-updater.h"
 #include "src/objects/module.h"
+#include "src/objects/objects-body-descriptors-inl.h"
+#include "src/objects/objects-inl.h"
 #include "src/objects/oddball.h"
 #include "src/objects/property-cell.h"
 #include "src/objects/property-descriptor.h"
@@ -86,6 +64,7 @@
 #include "src/objects/prototype.h"
 #include "src/objects/shared-function-info.h"
 #include "src/objects/swiss-name-dictionary-inl.h"
+#include "src/objects/tagged.h"
 #include "src/objects/transitions.h"
 #include "src/strings/string-builder-inl.h"
 #include "src/strings/string-stream.h"
@@ -96,8 +75,23 @@
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+#ifdef V8_INTL_SUPPORT
+#include "src/objects/js-break-iterator.h"
+#include "src/objects/js-collator.h"
+#include "src/objects/js-date-time-format.h"
+#include "src/objects/js-display-names.h"
+#include "src/objects/js-duration-format.h"
+#include "src/objects/js-list-format.h"
+#include "src/objects/js-locale.h"
+#include "src/objects/js-number-format.h"
+#include "src/objects/js-plural-rules.h"
+#include "src/objects/js-relative-time-format.h"
+#include "src/objects/js-segment-iterator.h"
+#include "src/objects/js-segmenter.h"
+#include "src/objects/js-segments.h"
+#endif  // V8_INTL_SUPPORT
+
+namespace v8::internal {
 
 // static
 Maybe<bool> JSReceiver::HasProperty(LookupIterator* it) {
@@ -578,7 +572,7 @@ std::pair<MaybeHandle<JSFunction>, Handle<String>> GetConstructorHelper(
         return std::make_pair(constructor, name);
       }
     } else if (IsFunctionTemplateInfo(*maybe_constructor)) {
-      Handle<FunctionTemplateInfo> function_template =
+      DirectHandle<FunctionTemplateInfo> function_template =
           Cast<FunctionTemplateInfo>(maybe_constructor);
       if (!IsUndefined(function_template->class_name(), isolate)) {
         return std::make_pair(
@@ -1516,10 +1510,10 @@ Maybe<bool> JSReceiver::ValidateAndApplyPropertyDescriptor(
       if (it != nullptr) {
         if (!desc->has_enumerable()) desc->set_enumerable(false);
         if (!desc->has_configurable()) desc->set_configurable(false);
-        Handle<Object> getter(
+        DirectHandle<Object> getter(
             desc->has_get() ? desc->get()
                             : Cast<Object>(isolate->factory()->null_value()));
-        Handle<Object> setter(
+        DirectHandle<Object> setter(
             desc->has_set() ? desc->set()
                             : Cast<Object>(isolate->factory()->null_value()));
         MaybeHandle<Object> result =
@@ -1700,12 +1694,12 @@ Maybe<bool> JSReceiver::ValidateAndApplyPropertyDescriptor(
       DCHECK(desc_is_accessor_descriptor ||
              (desc_is_generic_descriptor &&
               PropertyDescriptor::IsAccessorDescriptor(current)));
-      Handle<Object> getter(
+      DirectHandle<Object> getter(
           desc->has_get() ? desc->get()
           : current->has_get()
               ? current->get()
               : Cast<Object>(isolate->factory()->null_value()));
-      Handle<Object> setter(
+      DirectHandle<Object> setter(
           desc->has_set() ? desc->set()
           : current->has_set()
               ? current->set()
@@ -1831,7 +1825,7 @@ Maybe<bool> GetPropertyDescriptorWithInterceptor(LookupIterator* it,
                                                  PropertyDescriptor* desc) {
   Handle<InterceptorInfo> interceptor;
 
-  if (it->state() == LookupIterator::ACCESS_CHECK) {
+  while (it->state() == LookupIterator::ACCESS_CHECK) {
     if (it->HasAccess()) {
       it->Next();
     } else {
@@ -1841,6 +1835,7 @@ Maybe<bool> GetPropertyDescriptorWithInterceptor(LookupIterator* it,
         return Just(false);
       }
       CHECK(!interceptor.is_null());
+      break;
     }
   }
   if (it->state() == LookupIterator::INTERCEPTOR) {
@@ -2629,8 +2624,6 @@ int JSObject::GetHeaderSize(InstanceType type,
       return WasmMemoryObject::kHeaderSize;
     case WASM_MODULE_OBJECT_TYPE:
       return WasmModuleObject::kHeaderSize;
-    case WASM_SUSPENDER_OBJECT_TYPE:
-      return WasmSuspenderObject::kHeaderSize;
     case WASM_TABLE_OBJECT_TYPE:
       return WasmTableObject::kHeaderSize;
     case WASM_VALUE_OBJECT_TYPE:
@@ -3030,7 +3023,7 @@ bool JSObject::IsUnmodifiedApiObject(FullObjectSlot o) {
 
 // static
 void JSObject::UpdatePrototypeUserRegistration(DirectHandle<Map> old_map,
-                                               Handle<Map> new_map,
+                                               DirectHandle<Map> new_map,
                                                Isolate* isolate) {
   DCHECK(old_map->is_prototype_map());
   DCHECK(new_map->is_prototype_map());
@@ -3055,8 +3048,8 @@ void JSObject::UpdatePrototypeUserRegistration(DirectHandle<Map> old_map,
 }
 
 // static
-void JSObject::NotifyMapChange(Handle<Map> old_map, Handle<Map> new_map,
-                               Isolate* isolate) {
+void JSObject::NotifyMapChange(DirectHandle<Map> old_map,
+                               DirectHandle<Map> new_map, Isolate* isolate) {
   if (!old_map->is_prototype_map()) return;
 
   InvalidatePrototypeChains(*old_map);
@@ -3129,7 +3122,7 @@ void MigrateFastToFast(Isolate* isolate, DirectHandle<JSObject> object,
         isolate->factory()->CopyPropertyArrayAndGrow(old_storage, grow_by);
 
     // Properly initialize newly added property.
-    Handle<Object> value;
+    DirectHandle<Object> value;
     if (details.representation().IsDouble()) {
       value = isolate->factory()->NewHeapNumberWithHoleNaN();
     } else {
@@ -3233,7 +3226,7 @@ void MigrateFastToFast(Isolate* isolate, DirectHandle<JSObject> object,
     PropertyDetails details = new_descriptors->GetDetails(i);
     if (details.location() != PropertyLocation::kField) continue;
     DCHECK_EQ(PropertyKind::kData, details.kind());
-    Handle<Object> value;
+    DirectHandle<Object> value;
     if (details.representation().IsDouble()) {
       value = isolate->factory()->NewHeapNumberWithHoleNaN();
     } else {
@@ -3406,10 +3399,10 @@ void MigrateFastToSlow(Isolate* isolate, DirectHandle<JSObject> object,
 }  // namespace
 
 void JSObject::MigrateToMap(Isolate* isolate, DirectHandle<JSObject> object,
-                            Handle<Map> new_map,
+                            DirectHandle<Map> new_map,
                             int expected_additional_properties) {
   if (object->map(isolate) == *new_map) return;
-  Handle<Map> old_map(object->map(isolate), isolate);
+  DirectHandle<Map> old_map(object->map(isolate), isolate);
   NotifyMapChange(old_map, new_map, isolate);
 
   if (old_map->is_dictionary_map()) {
@@ -3454,7 +3447,7 @@ void JSObject::ForceSetPrototype(Isolate* isolate,
                                  Handle<HeapObject> proto) {
   // object.__proto__ = proto;
   Handle<Map> old_map = Handle<Map>(object->map(), isolate);
-  Handle<Map> new_map = Map::Copy(isolate, old_map, "ForceSetPrototype");
+  DirectHandle<Map> new_map = Map::Copy(isolate, old_map, "ForceSetPrototype");
   Map::SetPrototype(isolate, new_map, proto);
   JSObject::MigrateToMap(isolate, object, new_map);
 }
@@ -3532,7 +3525,7 @@ void JSObject::AllocateStorageForMap(Handle<JSObject> object, Handle<Map> map) {
 void JSObject::MigrateInstance(Isolate* isolate,
                                DirectHandle<JSObject> object) {
   Handle<Map> original_map(object->map(), isolate);
-  Handle<Map> map = Map::Update(isolate, original_map);
+  DirectHandle<Map> map = Map::Update(isolate, original_map);
   map->set_is_migration_target(true);
   JSObject::MigrateToMap(isolate, object, map);
   if (v8_flags.trace_migration) {
@@ -3599,7 +3592,7 @@ bool TryFastAddDataProperty(Isolate* isolate, DirectHandle<JSObject> object,
 }  // namespace
 
 void JSObject::AddProperty(Isolate* isolate, Handle<JSObject> object,
-                           Handle<Name> name, Handle<Object> value,
+                           Handle<Name> name, DirectHandle<Object> value,
                            PropertyAttributes attributes) {
   name = isolate->factory()->InternalizeName(name);
   if (TryFastAddDataProperty(isolate, object, name, value, attributes)) {
@@ -3626,7 +3619,7 @@ void JSObject::AddProperty(Isolate* isolate, Handle<JSObject> object,
 }
 
 void JSObject::AddProperty(Isolate* isolate, Handle<JSObject> object,
-                           const char* name, Handle<Object> value,
+                           const char* name, DirectHandle<Object> value,
                            PropertyAttributes attributes) {
   JSObject::AddProperty(isolate, object,
                         isolate->factory()->InternalizeUtf8String(name), value,
@@ -3825,7 +3818,7 @@ void JSObject::NormalizeProperties(Isolate* isolate,
   if (!object->HasFastProperties()) return;
 
   Handle<Map> map(object->map(), isolate);
-  Handle<Map> new_map =
+  DirectHandle<Map> new_map =
       Map::Normalize(isolate, map, map->elements_kind(), Handle<HeapObject>(),
                      mode, use_cache, reason);
 
@@ -3842,7 +3835,7 @@ void JSObject::MigrateSlowToFast(DirectHandle<JSObject> object,
   Factory* factory = isolate->factory();
 
   Handle<NameDictionary> dictionary;
-  Handle<SwissNameDictionary> swiss_dictionary;
+  DirectHandle<SwissNameDictionary> swiss_dictionary;
   int number_of_elements;
   if constexpr (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
     swiss_dictionary = handle(object->property_dictionary_swiss(), isolate);
@@ -3856,7 +3849,7 @@ void JSObject::MigrateSlowToFast(DirectHandle<JSObject> object,
   // descriptors.
   if (number_of_elements > kMaxNumberOfDescriptors) return;
 
-  Handle<FixedArray> iteration_order;
+  DirectHandle<FixedArray> iteration_order;
   int iteration_length;
   if constexpr (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
     // |iteration_order| remains empty handle, we don't need it.
@@ -4080,7 +4073,8 @@ Handle<NumberDictionary> JSObject::NormalizeElements(Handle<JSObject> object) {
       is_sloppy_arguments                      ? SLOW_SLOPPY_ARGUMENTS_ELEMENTS
       : object->HasFastStringWrapperElements() ? SLOW_STRING_WRAPPER_ELEMENTS
                                                : DICTIONARY_ELEMENTS;
-  Handle<Map> new_map = JSObject::GetElementsTransitionMap(object, target_kind);
+  DirectHandle<Map> new_map =
+      JSObject::GetElementsTransitionMap(object, target_kind);
   // Set the new map first to satify the elements type assert in set_elements().
   JSObject::MigrateToMap(isolate, object, new_map);
 
@@ -4309,7 +4303,7 @@ Maybe<bool> JSObject::PreventExtensions(Isolate* isolate,
   // Do a map transition, other objects with this map may still
   // be extensible.
   // TODO(adamk): Extend the NormalizedMapCache to handle non-extensible maps.
-  Handle<Map> new_map =
+  DirectHandle<Map> new_map =
       Map::Copy(isolate, handle(object->map(), isolate), "PreventExtensions");
 
   new_map->set_is_extensible(false);
@@ -4488,9 +4482,9 @@ Maybe<bool> JSObject::PreventExtensionsWithTransition(
   Handle<Map> old_map(object->map(), isolate);
   old_map = Map::Update(isolate, old_map);
   Handle<Map> transition_map;
-  if (auto maybe_transition_map = TransitionsAccessor::SearchSpecial(
-          isolate, old_map, *transition_marker)) {
-    transition_map = *maybe_transition_map;
+  MaybeHandle<Map> maybe_transition_map =
+      TransitionsAccessor::SearchSpecial(isolate, old_map, *transition_marker);
+  if (maybe_transition_map.ToHandle(&transition_map)) {
     DCHECK(transition_map->has_dictionary_elements() ||
            transition_map->has_typed_array_or_rab_gsab_typed_array_elements() ||
            transition_map->elements_kind() == SLOW_STRING_WRAPPER_ELEMENTS ||
@@ -4502,7 +4496,7 @@ Maybe<bool> JSObject::PreventExtensionsWithTransition(
     JSObject::MigrateToMap(isolate, object, transition_map);
   } else if (TransitionsAccessor::CanHaveMoreTransitions(isolate, old_map)) {
     // Create a new descriptor array with the appropriate property attributes
-    Handle<Map> new_map = Map::CopyForPreventExtensions(
+    DirectHandle<Map> new_map = Map::CopyForPreventExtensions(
         isolate, old_map, attrs, transition_marker, "CopyForPreventExtensions");
     if (!new_map->has_any_nonextensible_elements()) {
       new_element_dictionary = CreateElementDictionary(isolate, object);
@@ -4516,8 +4510,9 @@ Maybe<bool> JSObject::PreventExtensionsWithTransition(
 
     // Create a new map, since other objects with this map may be extensible.
     // TODO(adamk): Extend the NormalizedMapCache to handle non-extensible maps.
-    Handle<Map> new_map = Map::Copy(isolate, handle(object->map(), isolate),
-                                    "SlowCopyForPreventExtensions");
+    DirectHandle<Map> new_map =
+        Map::Copy(isolate, handle(object->map(), isolate),
+                  "SlowCopyForPreventExtensions");
     new_map->set_is_extensible(false);
     new_element_dictionary = CreateElementDictionary(isolate, object);
     if (!new_element_dictionary.is_null()) {
@@ -4619,14 +4614,14 @@ Handle<Object> JSObject::DictionaryPropertyAt(Isolate* isolate,
 }
 
 // static
-base::Optional<Tagged<Object>> JSObject::DictionaryPropertyAt(
+std::optional<Tagged<Object>> JSObject::DictionaryPropertyAt(
     DirectHandle<JSObject> object, InternalIndex dict_index, Heap* heap) {
   Tagged<Object> backing_store = object->raw_properties_or_hash(kRelaxedLoad);
   if (!IsHeapObject(backing_store)) return {};
   if (heap->IsPendingAllocation(Cast<HeapObject>(backing_store))) return {};
 
   if (!IsPropertyDictionary(backing_store)) return {};
-  base::Optional<Tagged<Object>> maybe_obj =
+  std::optional<Tagged<Object>> maybe_obj =
       Cast<PropertyDictionary>(backing_store)->TryValueAt(dict_index);
 
   if (!maybe_obj) return {};
@@ -4718,8 +4713,8 @@ bool JSObject::HasEnumerableElements() {
 }
 
 MaybeHandle<Object> JSObject::DefineOwnAccessorIgnoreAttributes(
-    Handle<JSObject> object, Handle<Name> name, Handle<Object> getter,
-    Handle<Object> setter, PropertyAttributes attributes) {
+    Handle<JSObject> object, Handle<Name> name, DirectHandle<Object> getter,
+    DirectHandle<Object> setter, PropertyAttributes attributes) {
   Isolate* isolate = object->GetIsolate();
 
   PropertyKey key(isolate, name);
@@ -4734,7 +4729,7 @@ MaybeHandle<Object> JSObject::DefineOwnAccessorIgnoreAttributes(
 
   it->UpdateProtector();
 
-  if (it->state() == LookupIterator::ACCESS_CHECK) {
+  while (it->state() == LookupIterator::ACCESS_CHECK) {
     if (!it->HasAccess()) {
       RETURN_ON_EXCEPTION(
           isolate, isolate->ReportFailedAccessCheck(it->GetHolder<JSObject>()));
@@ -4769,7 +4764,7 @@ MaybeHandle<Object> JSObject::SetAccessor(Handle<JSObject> object,
 
   // Duplicate ACCESS_CHECK outside of GetPropertyAttributes for the case that
   // the FailedAccessCheckCallbackFunction doesn't throw an exception.
-  if (it.state() == LookupIterator::ACCESS_CHECK) {
+  while (it.state() == LookupIterator::ACCESS_CHECK) {
     if (!it.HasAccess()) {
       RETURN_ON_EXCEPTION(isolate, isolate->ReportFailedAccessCheck(object));
       UNREACHABLE();
@@ -4879,7 +4874,7 @@ void JSObject::MakePrototypesFast(Handle<Object> receiver,
        !iter.IsAtEnd(); iter.Advance()) {
     Handle<Object> current = PrototypeIterator::GetCurrent(iter);
     if (!IsJSObjectThatCanBeTrackedAsPrototype(*current)) return;
-    Handle<JSObject> current_obj = Cast<JSObject>(current);
+    DirectHandle<JSObject> current_obj = Cast<JSObject>(current);
     Tagged<Map> current_map = current_obj->map();
     if (current_map->is_prototype_map()) {
       // If the map is already marked as should be fast, we're done. Its
@@ -4904,7 +4899,7 @@ static bool PrototypeBenefitsFromNormalization(Tagged<JSObject> object) {
 }
 
 // static
-void JSObject::OptimizeAsPrototype(Handle<JSObject> object,
+void JSObject::OptimizeAsPrototype(DirectHandle<JSObject> object,
                                    bool enable_setup_mode) {
   DCHECK(IsJSObjectThatCanBeTrackedAsPrototype(*object));
   if (IsJSGlobalObject(*object)) return;
@@ -4924,7 +4919,7 @@ void JSObject::OptimizeAsPrototype(Handle<JSObject> object,
       JSObject::MigrateSlowToFast(object, 0, "OptimizeAsPrototype");
     }
   } else {
-    Handle<Map> new_map;
+    DirectHandle<Map> new_map;
     if (enable_setup_mode && PrototypeBenefitsFromNormalization(*object)) {
 #if DEBUG
       DirectHandle<Map> old_map(object->map(isolate), isolate);
@@ -4939,7 +4934,7 @@ void JSObject::OptimizeAsPrototype(Handle<JSObject> object,
       // A new map was created.
       DCHECK_NE(*old_map, object->map(isolate));
 
-      new_map = handle(object->map(isolate), isolate);
+      new_map = direct_handle(object->map(isolate), isolate);
     } else {
       new_map =
           Map::Copy(isolate, handle(object->map(), isolate), "CopyAsPrototype");
@@ -5002,7 +4997,7 @@ void JSObject::OptimizeAsPrototype(Handle<JSObject> object,
 }
 
 // static
-void JSObject::ReoptimizeIfPrototype(Handle<JSObject> object) {
+void JSObject::ReoptimizeIfPrototype(DirectHandle<JSObject> object) {
   {
     Tagged<Map> map = object->map();
     if (!map->is_prototype_map()) return;
@@ -5012,13 +5007,14 @@ void JSObject::ReoptimizeIfPrototype(Handle<JSObject> object) {
 }
 
 // static
-void JSObject::LazyRegisterPrototypeUser(Handle<Map> user, Isolate* isolate) {
+void JSObject::LazyRegisterPrototypeUser(DirectHandle<Map> user,
+                                         Isolate* isolate) {
   // Contract: In line with InvalidatePrototypeChains()'s requirements,
   // leaf maps don't need to register as users, only prototypes do.
   DCHECK(user->is_prototype_map());
 
-  Handle<Map> current_user = user;
-  Handle<PrototypeInfo> current_user_info =
+  DirectHandle<Map> current_user = user;
+  DirectHandle<PrototypeInfo> current_user_info =
       Map::GetOrCreatePrototypeInfo(user, isolate);
   for (PrototypeIterator iter(isolate, user); !iter.IsAtEnd(); iter.Advance()) {
     // Walk up the prototype chain as far as links haven't been registered yet.
@@ -5037,7 +5033,7 @@ void JSObject::LazyRegisterPrototypeUser(Handle<Map> user, Isolate* isolate) {
     // threadsafe.
     if (!IsJSObjectThatCanBeTrackedAsPrototype(*maybe_proto)) continue;
     auto proto = Cast<JSObject>(maybe_proto);
-    Handle<PrototypeInfo> proto_info =
+    DirectHandle<PrototypeInfo> proto_info =
         Map::GetOrCreatePrototypeInfo(proto, isolate);
     Handle<Object> maybe_registry(proto_info->prototype_users(), isolate);
     Handle<WeakArrayList> registry =
@@ -5288,7 +5284,7 @@ Maybe<bool> JSObject::SetPrototype(Isolate* isolate, Handle<JSObject> object,
 
   isolate->UpdateProtectorsOnSetPrototype(real_receiver, value);
 
-  Handle<Map> new_map =
+  DirectHandle<Map> new_map =
       v8_flags.move_prototype_transitions_first
           ? MapUpdater(isolate, map)
                 .ApplyPrototypeTransition(Cast<HeapObject>(value))
@@ -5397,7 +5393,7 @@ static ElementsKind BestFittingFastElementsKind(Tagged<JSObject> object) {
 
 // static
 Maybe<bool> JSObject::AddDataElement(Handle<JSObject> object, uint32_t index,
-                                     Handle<Object> value,
+                                     DirectHandle<Object> value,
                                      PropertyAttributes attributes) {
   Isolate* isolate = object->GetIsolate();
 
@@ -5509,7 +5505,7 @@ void JSObject::TransitionElementsKind(Handle<JSObject> object,
       IsDoubleElementsKind(from_kind) == IsDoubleElementsKind(to_kind)) {
     // No change is needed to the elements() buffer, the transition
     // only requires a map change.
-    Handle<Map> new_map = GetElementsTransitionMap(object, to_kind);
+    DirectHandle<Map> new_map = GetElementsTransitionMap(object, to_kind);
     JSObject::MigrateToMap(isolate, object, new_map);
     if (v8_flags.trace_elements_transitions) {
       DirectHandle<FixedArrayBase> elms(object->elements(), isolate);
@@ -5624,7 +5620,7 @@ Tagged<Object> JSObject::RawFastPropertyAtCompareAndSwap(
     SeqCstAccessTag tag) {
   return HeapObject::SeqCst_CompareAndSwapField(
       expected, value,
-      [=](Tagged<Object> expected_value, Tagged<Object> new_value) {
+      [=, this](Tagged<Object> expected_value, Tagged<Object> new_value) {
         return RawFastPropertyAtCompareAndSwapInternal(index, expected_value,
                                                        new_value, tag);
       });
@@ -5919,5 +5915,4 @@ Handle<String> JSMessageObject::GetSourceLine() const {
   return isolate->factory()->NewSubString(src, info.line_start, info.line_end);
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/js-objects.h b/deps/v8/src/objects/js-objects.h
index f88eebc2b7852c..bf7efb8b365ee6 100644
--- a/deps/v8/src/objects/js-objects.h
+++ b/deps/v8/src/objects/js-objects.h
@@ -5,7 +5,8 @@
 #ifndef V8_OBJECTS_JS_OBJECTS_H_
 #define V8_OBJECTS_JS_OBJECTS_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/handles/handles.h"
 #include "src/objects/embedder-data-slot.h"
@@ -17,8 +18,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // Enum for functions that offer a second mode that does not cause allocations.
 // Used in conjunction with LookupIterator and unboxed double fields.
@@ -261,7 +261,7 @@ class JSReceiver : public TorqueGeneratedJSReceiver<JSReceiver, HeapObject> {
   static Handle<String> GetConstructorName(Isolate* isolate,
                                            Handle<JSReceiver> receiver);
 
-  V8_EXPORT_PRIVATE inline base::Optional<Tagged<NativeContext>>
+  V8_EXPORT_PRIVATE inline std::optional<Tagged<NativeContext>>
   GetCreationContext();
   V8_EXPORT_PRIVATE inline MaybeHandle<NativeContext> GetCreationContext(
       Isolate* isolate);
@@ -372,7 +372,7 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
 
   inline void initialize_elements();
   static inline void SetMapAndElements(DirectHandle<JSObject> object,
-                                       Handle<Map> map,
+                                       DirectHandle<Map> map,
                                        DirectHandle<FixedArrayBase> elements);
   DECL_GETTER(GetElementsKind, ElementsKind)
   DECL_GETTER(GetElementsAccessor, ElementsAccessor*)
@@ -485,16 +485,16 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   V8_EXPORT_PRIVATE static void AddProperty(Isolate* isolate,
                                             Handle<JSObject> object,
                                             Handle<Name> name,
-                                            Handle<Object> value,
+                                            DirectHandle<Object> value,
                                             PropertyAttributes attributes);
 
   // {name} must be a UTF-8 encoded, null-terminated string.
   static void AddProperty(Isolate* isolate, Handle<JSObject> object,
-                          const char* name, Handle<Object> value,
+                          const char* name, DirectHandle<Object> value,
                           PropertyAttributes attributes);
 
   V8_EXPORT_PRIVATE static Maybe<bool> AddDataElement(
-      Handle<JSObject> receiver, uint32_t index, Handle<Object> value,
+      Handle<JSObject> receiver, uint32_t index, DirectHandle<Object> value,
       PropertyAttributes attributes);
 
   // Extend the receiver with a single fast property appeared first in the
@@ -520,14 +520,15 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
                                    Handle<Object> value,
                                    PropertyDetails details);
 
-  static void OptimizeAsPrototype(Handle<JSObject> object,
+  static void OptimizeAsPrototype(DirectHandle<JSObject> object,
                                   bool enable_setup_mode = true);
-  static void ReoptimizeIfPrototype(Handle<JSObject> object);
+  static void ReoptimizeIfPrototype(DirectHandle<JSObject> object);
   static void MakePrototypesFast(Handle<Object> receiver,
                                  WhereToStart where_to_start, Isolate* isolate);
-  static void LazyRegisterPrototypeUser(Handle<Map> user, Isolate* isolate);
+  static void LazyRegisterPrototypeUser(DirectHandle<Map> user,
+                                        Isolate* isolate);
   static void UpdatePrototypeUserRegistration(DirectHandle<Map> old_map,
-                                              Handle<Map> new_map,
+                                              DirectHandle<Map> new_map,
                                               Isolate* isolate);
   static bool UnregisterPrototypeUser(DirectHandle<Map> user, Isolate* isolate);
   static Tagged<Map> InvalidatePrototypeChains(Tagged<Map> map);
@@ -535,8 +536,8 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
 
   // Updates prototype chain tracking information when an object changes its
   // map from |old_map| to |new_map|.
-  static void NotifyMapChange(Handle<Map> old_map, Handle<Map> new_map,
-                              Isolate* isolate);
+  static void NotifyMapChange(DirectHandle<Map> old_map,
+                              DirectHandle<Map> new_map, Isolate* isolate);
 
   // Utility used by many Array builtins and runtime functions
   static inline bool PrototypeHasNoElements(Isolate* isolate,
@@ -559,8 +560,8 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   // Defines an AccessorPair property on the given object.
   V8_EXPORT_PRIVATE static MaybeHandle<Object>
   DefineOwnAccessorIgnoreAttributes(Handle<JSObject> object, Handle<Name> name,
-                                    Handle<Object> getter,
-                                    Handle<Object> setter,
+                                    DirectHandle<Object> getter,
+                                    DirectHandle<Object> setter,
                                     PropertyAttributes attributes);
   static MaybeHandle<Object> DefineOwnAccessorIgnoreAttributes(
       LookupIterator* it, DirectHandle<Object> getter,
@@ -671,8 +672,8 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   // |expected_additional_properties| is only used for fast-to-slow transitions
   // and ignored otherwise.
   V8_EXPORT_PRIVATE static void MigrateToMap(
-      Isolate* isolate, DirectHandle<JSObject> object, Handle<Map> new_map,
-      int expected_additional_properties = 0);
+      Isolate* isolate, DirectHandle<JSObject> object,
+      DirectHandle<Map> new_map, int expected_additional_properties = 0);
 
   // Forces a prototype without any of the checks that the regular SetPrototype
   // would do.
@@ -689,8 +690,9 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
       bool use_cache, const char* reason);
 
   V8_EXPORT_PRIVATE static void NormalizeProperties(
-      Isolate* isolate, Handle<JSObject> object, PropertyNormalizationMode mode,
-      int expected_additional_properties, const char* reason) {
+      Isolate* isolate, DirectHandle<JSObject> object,
+      PropertyNormalizationMode mode, int expected_additional_properties,
+      const char* reason) {
     const bool kUseCache = true;
     NormalizeProperties(isolate, object, mode, expected_additional_properties,
                         kUseCache, reason);
@@ -715,7 +717,7 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   // Same as above, but it will return {} if we would be reading out of the
   // bounds of the object or if the dictionary is pending allocation. Use this
   // version for concurrent access.
-  static base::Optional<Tagged<Object>> DictionaryPropertyAt(
+  static std::optional<Tagged<Object>> DictionaryPropertyAt(
       DirectHandle<JSObject> object, InternalIndex dict_index, Heap* heap);
 
   // Access fast-case object properties at index.
@@ -740,7 +742,7 @@ class JSObject : public TorqueGeneratedJSObject<JSObject, JSReceiver> {
   // in which this method is meant to be used, and what guarantees it
   // provides against invalid reads from another thread during object
   // mutation.
-  inline base::Optional<Tagged<Object>> RawInobjectPropertyAt(
+  inline std::optional<Tagged<Object>> RawInobjectPropertyAt(
       PtrComprCageBase cage_base, Tagged<Map> original_map,
       FieldIndex index) const;
 
@@ -1415,8 +1417,7 @@ class JSPromiseWithResolversResult : public JSObject {
   OBJECT_CONSTRUCTORS(JSPromiseWithResolversResult, JSObject);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/js-regexp-inl.h b/deps/v8/src/objects/js-regexp-inl.h
index 180fd841b6e3c6..b48ad31bdaa6e2 100644
--- a/deps/v8/src/objects/js-regexp-inl.h
+++ b/deps/v8/src/objects/js-regexp-inl.h
@@ -25,36 +25,12 @@ TQ_OBJECT_CONSTRUCTORS_IMPL(JSRegExpResult)
 TQ_OBJECT_CONSTRUCTORS_IMPL(JSRegExpResultIndices)
 TQ_OBJECT_CONSTRUCTORS_IMPL(JSRegExpResultWithIndices)
 
-ACCESSORS(JSRegExp, last_index, Tagged<Object>, kLastIndexOffset)
-
-JSRegExp::Type JSRegExp::type_tag() const {
-  Tagged<Object> data = this->data();
-  if (IsUndefined(data)) return JSRegExp::NOT_COMPILED;
-  Tagged<Smi> smi = Cast<Smi>(Cast<FixedArray>(data)->get(kTagIndex));
-  return static_cast<JSRegExp::Type>(smi.value());
-}
-
-int JSRegExp::capture_count() const {
-  switch (type_tag()) {
-    case ATOM:
-      return 0;
-    case EXPERIMENTAL:
-    case IRREGEXP:
-      return Smi::ToInt(DataAt(kIrregexpCaptureCountIndex));
-    default:
-      UNREACHABLE();
-  }
-}
-
-int JSRegExp::max_register_count() const {
-  CHECK_EQ(type_tag(), IRREGEXP);
-  return Smi::ToInt(DataAt(kIrregexpMaxRegisterCountIndex));
-}
+OBJECT_CONSTRUCTORS_IMPL(RegExpData, ExposedTrustedObject)
+OBJECT_CONSTRUCTORS_IMPL(AtomRegExpData, RegExpData)
+OBJECT_CONSTRUCTORS_IMPL(IrRegExpData, RegExpData)
+OBJECT_CONSTRUCTORS_IMPL(RegExpDataWrapper, Struct)
 
-Tagged<String> JSRegExp::atom_pattern() const {
-  DCHECK_EQ(type_tag(), ATOM);
-  return Cast<String>(DataAt(JSRegExp::kAtomPatternIndex));
-}
+ACCESSORS(JSRegExp, last_index, Tagged<Object>, kLastIndexOffset)
 
 Tagged<String> JSRegExp::source() const {
   return Cast<String>(TorqueGeneratedClass::source());
@@ -65,6 +41,9 @@ JSRegExp::Flags JSRegExp::flags() const {
   return Flags(smi.value());
 }
 
+TRUSTED_POINTER_ACCESSORS(JSRegExp, data, RegExpData, kDataOffset,
+                          kRegExpDataIndirectPointerTag)
+
 // static
 const char* JSRegExp::FlagsToString(Flags flags, FlagsBuffer* out_buffer) {
   int cursor = 0;
@@ -82,58 +61,98 @@ Tagged<String> JSRegExp::EscapedPattern() {
   return Cast<String>(source());
 }
 
-Tagged<Object> JSRegExp::capture_name_map() {
-  DCHECK(TypeSupportsCaptures(type_tag()));
-  Tagged<Object> value = DataAt(kIrregexpCaptureNameMapIndex);
-  DCHECK_NE(value, Smi::FromInt(JSRegExp::kUninitializedValue));
-  return value;
+RegExpData::Type RegExpData::type_tag() const {
+  Tagged<Smi> value = TaggedField<Smi, kTypeTagOffset>::load(*this);
+  return Type(value.value());
 }
 
-void JSRegExp::set_capture_name_map(Handle<FixedArray> capture_name_map) {
-  if (capture_name_map.is_null()) {
-    SetDataAt(JSRegExp::kIrregexpCaptureNameMapIndex, Smi::zero());
-  } else {
-    SetDataAt(JSRegExp::kIrregexpCaptureNameMapIndex, *capture_name_map);
-  }
+void RegExpData::set_type_tag(Type type) {
+  TaggedField<Smi, kTypeTagOffset>::store(
+      *this, Smi::FromInt(static_cast<uint8_t>(type)));
 }
 
-Tagged<Object> JSRegExp::DataAt(int index) const {
-  DCHECK(type_tag() != NOT_COMPILED);
-  return Cast<FixedArray>(data())->get(index);
+ACCESSORS(RegExpData, source, Tagged<String>, kSourceOffset)
+
+JSRegExp::Flags RegExpData::flags() const {
+  Tagged<Smi> value = TaggedField<Smi, kFlagsOffset>::load(*this);
+  return JSRegExp::Flags(value.value());
 }
 
-void JSRegExp::SetDataAt(int index, Tagged<Object> value) {
-  DCHECK(type_tag() != NOT_COMPILED);
-  // Only implementation data can be set this way.
-  DCHECK_GE(index, kFirstTypeSpecificIndex);
-  Cast<FixedArray>(data())->set(index, value);
+void RegExpData::set_flags(JSRegExp::Flags flags) {
+  TaggedField<Smi, kFlagsOffset>::store(*this, Smi::FromInt(flags));
 }
 
-bool JSRegExp::HasCompiledCode() const {
-  if (type_tag() != IRREGEXP) return false;
-  Tagged<Smi> uninitialized = Smi::FromInt(kUninitializedValue);
-#ifdef DEBUG
-  DCHECK(IsCodeWrapper(DataAt(kIrregexpLatin1CodeIndex)) ||
-         DataAt(kIrregexpLatin1CodeIndex) == uninitialized);
-  DCHECK(IsCodeWrapper(DataAt(kIrregexpUC16CodeIndex)) ||
-         DataAt(kIrregexpUC16CodeIndex) == uninitialized);
-  DCHECK(IsByteArray(DataAt(kIrregexpLatin1BytecodeIndex)) ||
-         DataAt(kIrregexpLatin1BytecodeIndex) == uninitialized);
-  DCHECK(IsByteArray(DataAt(kIrregexpUC16BytecodeIndex)) ||
-         DataAt(kIrregexpUC16BytecodeIndex) == uninitialized);
-#endif  // DEBUG
-  return (DataAt(kIrregexpLatin1CodeIndex) != uninitialized ||
-          DataAt(kIrregexpUC16CodeIndex) != uninitialized);
+ACCESSORS(RegExpData, wrapper, Tagged<RegExpDataWrapper>, kWrapperOffset)
+
+int RegExpData::capture_count() const {
+  switch (type_tag()) {
+    case Type::ATOM:
+      return 0;
+    case Type::EXPERIMENTAL:
+    case Type::IRREGEXP:
+      return Cast<IrRegExpData>(*this)->capture_count();
+  }
 }
 
-void JSRegExp::DiscardCompiledCodeForSerialization() {
-  DCHECK(HasCompiledCode());
-  Tagged<Smi> uninitialized = Smi::FromInt(kUninitializedValue);
-  SetDataAt(kIrregexpLatin1CodeIndex, uninitialized);
-  SetDataAt(kIrregexpUC16CodeIndex, uninitialized);
-  SetDataAt(kIrregexpLatin1BytecodeIndex, uninitialized);
-  SetDataAt(kIrregexpUC16BytecodeIndex, uninitialized);
+TRUSTED_POINTER_ACCESSORS(RegExpDataWrapper, data, RegExpData, kDataOffset,
+                          kRegExpDataIndirectPointerTag)
+
+ACCESSORS(AtomRegExpData, pattern, Tagged<String>, kPatternOffset)
+
+CODE_POINTER_ACCESSORS(IrRegExpData, latin1_code, kLatin1CodeOffset)
+CODE_POINTER_ACCESSORS(IrRegExpData, uc16_code, kUc16CodeOffset)
+bool IrRegExpData::has_code(bool is_one_byte) const {
+  return is_one_byte ? has_latin1_code() : has_uc16_code();
+}
+void IrRegExpData::set_code(bool is_one_byte, Tagged<Code> code) {
+  if (is_one_byte) {
+    set_latin1_code(code);
+  } else {
+    set_uc16_code(code);
+  }
+}
+Tagged<Code> IrRegExpData::code(IsolateForSandbox isolate,
+                                bool is_one_byte) const {
+  return is_one_byte ? latin1_code(isolate) : uc16_code(isolate);
+}
+PROTECTED_POINTER_ACCESSORS(IrRegExpData, latin1_bytecode, TrustedByteArray,
+                            kLatin1BytecodeOffset)
+PROTECTED_POINTER_ACCESSORS(IrRegExpData, uc16_bytecode, TrustedByteArray,
+                            kUc16BytecodeOffset)
+bool IrRegExpData::has_bytecode(bool is_one_byte) const {
+  return is_one_byte ? has_latin1_bytecode() : has_uc16_bytecode();
+}
+void IrRegExpData::clear_bytecode(bool is_one_byte) {
+  if (is_one_byte) {
+    clear_latin1_bytecode();
+  } else {
+    clear_uc16_bytecode();
+  }
+}
+void IrRegExpData::set_bytecode(bool is_one_byte,
+                                Tagged<TrustedByteArray> bytecode) {
+  if (is_one_byte) {
+    set_latin1_bytecode(bytecode);
+  } else {
+    set_uc16_bytecode(bytecode);
+  }
+}
+Tagged<TrustedByteArray> IrRegExpData::bytecode(bool is_one_byte) const {
+  return is_one_byte ? latin1_bytecode() : uc16_bytecode();
 }
+ACCESSORS(IrRegExpData, capture_name_map, Tagged<Object>, kCaptureNameMapOffset)
+void IrRegExpData::set_capture_name_map(Handle<FixedArray> capture_name_map) {
+  if (capture_name_map.is_null()) {
+    set_capture_name_map(Smi::zero());
+  } else {
+    set_capture_name_map(*capture_name_map);
+  }
+}
+
+SMI_ACCESSORS(IrRegExpData, max_register_count, kMaxRegisterCountOffset)
+SMI_ACCESSORS(IrRegExpData, capture_count, kCaptureCountOffset)
+SMI_ACCESSORS(IrRegExpData, ticks_until_tier_up, kTicksUntilTierUpOffset)
+SMI_ACCESSORS(IrRegExpData, backtrack_limit, kBacktrackLimitOffset)
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/objects/js-regexp.cc b/deps/v8/src/objects/js-regexp.cc
index 90f7f93d84006e..98ab3f08c7d881 100644
--- a/deps/v8/src/objects/js-regexp.cc
+++ b/deps/v8/src/objects/js-regexp.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/js-regexp.h"
 
+#include <optional>
+
 #include "src/base/strings.h"
 #include "src/common/globals.h"
 #include "src/objects/code.h"
@@ -11,8 +13,7 @@
 #include "src/objects/js-regexp-inl.h"
 #include "src/regexp/regexp.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 Handle<JSRegExpResultIndices> JSRegExpResultIndices::BuildIndices(
     Isolate* isolate, DirectHandle<RegExpMatchInfo> match_info,
@@ -118,14 +119,9 @@ Handle<JSRegExpResultIndices> JSRegExpResultIndices::BuildIndices(
   return indices;
 }
 
-uint32_t JSRegExp::backtrack_limit() const {
-  CHECK_EQ(type_tag(), IRREGEXP);
-  return static_cast<uint32_t>(Smi::ToInt(DataAt(kIrregexpBacktrackLimit)));
-}
-
 // static
-base::Optional<JSRegExp::Flags> JSRegExp::FlagsFromString(
-    Isolate* isolate, Handle<String> flags) {
+std::optional<JSRegExp::Flags> JSRegExp::FlagsFromString(Isolate* isolate,
+                                                         Handle<String> flags) {
   const int length = flags->length();
 
   // A longer flags string cannot be valid.
@@ -135,7 +131,7 @@ base::Optional<JSRegExp::Flags> JSRegExp::FlagsFromString(
   FlatStringReader reader(isolate, String::Flatten(isolate, flags));
 
   for (int i = 0; i < length; i++) {
-    base::Optional<RegExpFlag> flag = JSRegExp::FlagFromChar(reader.Get(i));
+    std::optional<RegExpFlag> flag = JSRegExp::FlagFromChar(reader.Get(i));
     if (!flag.has_value()) return {};
     if (value & flag.value()) return {};  // Duplicate.
     value |= flag.value();
@@ -159,93 +155,11 @@ MaybeHandle<JSRegExp> JSRegExp::New(Isolate* isolate, Handle<String> pattern,
   Handle<JSRegExp> regexp =
       Cast<JSRegExp>(isolate->factory()->NewJSObject(constructor));
 
-  return JSRegExp::Initialize(regexp, pattern, flags, backtrack_limit);
-}
-
-Tagged<Object> JSRegExp::code(IsolateForSandbox isolate, bool is_latin1) const {
-  DCHECK_EQ(type_tag(), JSRegExp::IRREGEXP);
-  Tagged<Object> value = DataAt(code_index(is_latin1));
-  DCHECK(IsSmi(value) || IsCodeWrapper(value));
-  // TODO(saelo): it would be nice if we could directly use a code pointer to
-  // reference our Code rather than use the CodeWrapper object. However, this
-  // is currently not possible since we use essentially a FixedArray to store
-  // all our fields, and a code pointer isn't a tagged pointer. Instead, we
-  // should consider adding a trusted pointer field that references either the
-  // bytecode or the native code in a sandbox-compatible way.
-  if (IsCodeWrapper(value)) {
-    value = Cast<CodeWrapper>(value)->code(isolate);
-  }
-  DCHECK(IsSmi(value) || IsCode(value));
-  return value;
-}
-
-void JSRegExp::set_code(bool is_latin1, DirectHandle<Code> code) {
-  SetDataAt(code_index(is_latin1), code->wrapper());
-}
-
-Tagged<Object> JSRegExp::bytecode(bool is_latin1) const {
-  DCHECK(type_tag() == JSRegExp::IRREGEXP ||
-         type_tag() == JSRegExp::EXPERIMENTAL);
-  return DataAt(bytecode_index(is_latin1));
-}
-
-void JSRegExp::set_bytecode_and_trampoline(Isolate* isolate,
-                                           DirectHandle<ByteArray> bytecode) {
-  SetDataAt(kIrregexpLatin1BytecodeIndex, *bytecode);
-  SetDataAt(kIrregexpUC16BytecodeIndex, *bytecode);
-
-  DirectHandle<Code> trampoline =
-      BUILTIN_CODE(isolate, RegExpExperimentalTrampoline);
-  SetDataAt(JSRegExp::kIrregexpLatin1CodeIndex, trampoline->wrapper());
-  SetDataAt(JSRegExp::kIrregexpUC16CodeIndex, trampoline->wrapper());
-}
-
-bool JSRegExp::ShouldProduceBytecode() {
-  return v8_flags.regexp_interpret_all ||
-         (v8_flags.regexp_tier_up && !MarkedForTierUp());
-}
-
-// Only irregexps are subject to tier-up.
-bool JSRegExp::CanTierUp() {
-  return v8_flags.regexp_tier_up && type_tag() == JSRegExp::IRREGEXP;
-}
-
-// An irregexp is considered to be marked for tier up if the tier-up ticks
-// value reaches zero.
-bool JSRegExp::MarkedForTierUp() {
-  DCHECK(IsFixedArray(data()));
-
-  if (!CanTierUp()) {
-    return false;
-  }
-
-  return Smi::ToInt(DataAt(kIrregexpTicksUntilTierUpIndex)) == 0;
-}
-
-void JSRegExp::ResetLastTierUpTick() {
-  DCHECK(v8_flags.regexp_tier_up);
-  DCHECK_EQ(type_tag(), JSRegExp::IRREGEXP);
-  int tier_up_ticks = Smi::ToInt(DataAt(kIrregexpTicksUntilTierUpIndex)) + 1;
-  Cast<FixedArray>(data())->set(JSRegExp::kIrregexpTicksUntilTierUpIndex,
-                                Smi::FromInt(tier_up_ticks));
-}
-
-void JSRegExp::TierUpTick() {
-  DCHECK(v8_flags.regexp_tier_up);
-  DCHECK_EQ(type_tag(), JSRegExp::IRREGEXP);
-  int tier_up_ticks = Smi::ToInt(DataAt(kIrregexpTicksUntilTierUpIndex));
-  if (tier_up_ticks == 0) {
-    return;
-  }
-  Cast<FixedArray>(data())->set(JSRegExp::kIrregexpTicksUntilTierUpIndex,
-                                Smi::FromInt(tier_up_ticks - 1));
-}
+  // Clear the data field, as a GC can be triggered before the field is set
+  // during compilation.
+  regexp->clear_data();
 
-void JSRegExp::MarkTierUpForNextExec() {
-  DCHECK(v8_flags.regexp_tier_up);
-  DCHECK_EQ(type_tag(), JSRegExp::IRREGEXP);
-  Cast<FixedArray>(data())->set(JSRegExp::kIrregexpTicksUntilTierUpIndex,
-                                Smi::zero());
+  return JSRegExp::Initialize(regexp, pattern, flags, backtrack_limit);
 }
 
 // static
@@ -253,8 +167,7 @@ MaybeHandle<JSRegExp> JSRegExp::Initialize(Handle<JSRegExp> regexp,
                                            Handle<String> source,
                                            Handle<String> flags_string) {
   Isolate* isolate = regexp->GetIsolate();
-  base::Optional<Flags> flags =
-      JSRegExp::FlagsFromString(isolate, flags_string);
+  std::optional<Flags> flags = JSRegExp::FlagsFromString(isolate, flags_string);
   if (!flags.has_value() ||
       !RegExp::VerifyFlags(JSRegExp::AsRegExpFlags(flags.value()))) {
     THROW_NEW_ERROR(
@@ -452,5 +365,69 @@ MaybeHandle<JSRegExp> JSRegExp::Initialize(Handle<JSRegExp> regexp,
   return regexp;
 }
 
-}  // namespace internal
-}  // namespace v8
+bool RegExpData::HasCompiledCode() const {
+  if (type_tag() != Type::IRREGEXP) return false;
+  Tagged<IrRegExpData> re_data = Cast<IrRegExpData>(*this);
+  return re_data->has_latin1_code() || re_data->has_uc16_code();
+}
+
+// Only irregexps are subject to tier-up.
+bool IrRegExpData::CanTierUp() {
+  return v8_flags.regexp_tier_up && type_tag() == Type::IRREGEXP;
+}
+
+// An irregexp is considered to be marked for tier up if the tier-up ticks
+// value reaches zero.
+bool IrRegExpData::MarkedForTierUp() {
+  if (!CanTierUp()) {
+    return false;
+  }
+
+  return ticks_until_tier_up() == 0;
+}
+
+void IrRegExpData::ResetLastTierUpTick() {
+  DCHECK(v8_flags.regexp_tier_up);
+  int tier_up_ticks = ticks_until_tier_up();
+  set_ticks_until_tier_up(tier_up_ticks + 1);
+}
+
+void IrRegExpData::TierUpTick() {
+  int tier_up_ticks = ticks_until_tier_up();
+  if (tier_up_ticks == 0) {
+    return;
+  }
+
+  set_ticks_until_tier_up(tier_up_ticks - 1);
+}
+
+void IrRegExpData::MarkTierUpForNextExec() {
+  DCHECK(v8_flags.regexp_tier_up);
+  set_ticks_until_tier_up(0);
+}
+
+bool IrRegExpData::ShouldProduceBytecode() {
+  return v8_flags.regexp_interpret_all ||
+         (v8_flags.regexp_tier_up && !MarkedForTierUp());
+}
+
+void IrRegExpData::DiscardCompiledCodeForSerialization() {
+  DCHECK(HasCompiledCode());
+  clear_latin1_code();
+  clear_uc16_code();
+  clear_latin1_bytecode();
+  clear_uc16_bytecode();
+}
+
+void IrRegExpData::SetBytecodeForExperimental(
+    Isolate* isolate, Tagged<TrustedByteArray> bytecode) {
+  set_latin1_bytecode(bytecode);
+  set_uc16_bytecode(bytecode);
+
+  Tagged<Code> trampoline =
+      *BUILTIN_CODE(isolate, RegExpExperimentalTrampoline);
+  set_latin1_code(trampoline);
+  set_uc16_code(trampoline);
+}
+
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/js-regexp.h b/deps/v8/src/objects/js-regexp.h
index c0f1fa3d5637d1..04d5f86fddd6e1 100644
--- a/deps/v8/src/objects/js-regexp.h
+++ b/deps/v8/src/objects/js-regexp.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_JS_REGEXP_H_
 #define V8_OBJECTS_JS_REGEXP_H_
 
+#include <optional>
+
 #include "include/v8-regexp.h"
 #include "src/objects/contexts.h"
 #include "src/objects/js-array.h"
@@ -14,35 +16,17 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
+
+class RegExpData;
 
 #include "torque-generated/src/objects/js-regexp-tq.inc"
 
+class RegExpData;
+
 // Regular expressions
-// The regular expression holds a single reference to a FixedArray in
-// the kDataOffset field.
-// The FixedArray contains the following data:
-// - tag : type of regexp implementation (not compiled yet, atom or irregexp)
-// - reference to the original source string
-// - reference to the original flag string
-// If it is an atom regexp
-// - a reference to a literal string to search for
-// If it is an irregexp regexp:
-// - a reference to code for Latin1 inputs (bytecode or compiled), or a smi
-// used for tracking the last usage (used for regexp code flushing).
-// - a reference to code for UC16 inputs (bytecode or compiled), or a smi
-// used for tracking the last usage (used for regexp code flushing).
-// - max number of registers used by irregexp implementations.
-// - number of capture registers (output values) of the regexp.
 class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
  public:
-  enum Type {
-    NOT_COMPILED,  // Initial value. No data array has been set yet.
-    ATOM,          // A simple string match.
-    IRREGEXP,      // Compiled with Irregexp (code or bytecode).
-    EXPERIMENTAL,  // Compiled to use the experimental linear time engine.
-  };
   DEFINE_TORQUE_GENERATED_JS_REG_EXP_FLAGS()
 
   V8_EXPORT_PRIVATE static MaybeHandle<JSRegExp> New(
@@ -62,26 +46,7 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
   inline Tagged<String> source() const;
   inline Flags flags() const;
 
-  // Data array field accessors.
-
-  inline Type type_tag() const;
-  inline Tagged<String> atom_pattern() const;
-  // This could be a Smi kUninitializedValue or InstructionStream.
-  V8_EXPORT_PRIVATE Tagged<Object> code(IsolateForSandbox isolate,
-                                        bool is_latin1) const;
-  V8_EXPORT_PRIVATE void set_code(bool is_unicode, DirectHandle<Code> code);
-  // This could be a Smi kUninitializedValue or ByteArray.
-  V8_EXPORT_PRIVATE Tagged<Object> bytecode(bool is_latin1) const;
-  // Sets the bytecode as well as initializing trampoline slots to the
-  // RegExpInterpreterTrampoline.
-  void set_bytecode_and_trampoline(Isolate* isolate,
-                                   DirectHandle<ByteArray> bytecode);
-  inline int max_register_count() const;
-  // Number of captures (without the match itself).
-  inline int capture_count() const;
-  inline Tagged<Object> capture_name_map();
-  inline void set_capture_name_map(Handle<FixedArray> capture_name_map);
-  uint32_t backtrack_limit() const;
+  DECL_TRUSTED_POINTER_ACCESSORS(data, RegExpData)
 
   static constexpr Flag AsJSRegExpFlag(RegExpFlag f) {
     return static_cast<Flag>(f);
@@ -93,8 +58,8 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
     return RegExpFlags{static_cast<int>(f)};
   }
 
-  static base::Optional<RegExpFlag> FlagFromChar(char c) {
-    base::Optional<RegExpFlag> f = TryRegExpFlagFromChar(c);
+  static std::optional<RegExpFlag> FlagFromChar(char c) {
+    std::optional<RegExpFlag> f = TryRegExpFlagFromChar(c);
     if (!f.has_value()) return f;
     if (f.value() == RegExpFlag::kLinear &&
         !v8_flags.enable_experimental_regexp_engine) {
@@ -113,28 +78,14 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
   static_assert(kFlagCount == v8::RegExp::kFlagCount);
   static_assert(kFlagCount == kRegExpFlagCount);
 
-  static base::Optional<Flags> FlagsFromString(Isolate* isolate,
-                                               Handle<String> flags);
+  static std::optional<Flags> FlagsFromString(Isolate* isolate,
+                                              Handle<String> flags);
 
   V8_EXPORT_PRIVATE static Handle<String> StringFromFlags(Isolate* isolate,
                                                           Flags flags);
 
   inline Tagged<String> EscapedPattern();
 
-  bool CanTierUp();
-  bool MarkedForTierUp();
-  void ResetLastTierUpTick();
-  void TierUpTick();
-  void MarkTierUpForNextExec();
-
-  bool ShouldProduceBytecode();
-  inline bool HasCompiledCode() const;
-  inline void DiscardCompiledCodeForSerialization();
-
-  static constexpr bool TypeSupportsCaptures(Type t) {
-    return t == IRREGEXP || t == EXPERIMENTAL;
-  }
-
   // Each capture (including the match itself) needs two registers.
   static constexpr int RegistersForCaptureCount(int count) {
     return (count + 1) * 2;
@@ -145,15 +96,6 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
     return (register_count - 2) / 2;
   }
 
-  static constexpr int code_index(bool is_latin1) {
-    return is_latin1 ? kIrregexpLatin1CodeIndex : kIrregexpUC16CodeIndex;
-  }
-
-  static constexpr int bytecode_index(bool is_latin1) {
-    return is_latin1 ? kIrregexpLatin1BytecodeIndex
-                     : kIrregexpUC16BytecodeIndex;
-  }
-
   // Dispatched behavior.
   DECL_PRINTER(JSRegExp)
   DECL_VERIFIER(JSRegExp)
@@ -165,69 +107,13 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
   // The initial value of the last_index field on a new JSRegExp instance.
   static constexpr int kInitialLastIndexValue = 0;
 
-  // Indices in the data array.
-  static constexpr int kTagIndex = 0;
-  static constexpr int kSourceIndex = kTagIndex + 1;
-  static constexpr int kFlagsIndex = kSourceIndex + 1;
-  static constexpr int kFirstTypeSpecificIndex = kFlagsIndex + 1;
-  static constexpr int kMinDataArrayLength = kFirstTypeSpecificIndex;
-
-  // The data fields are used in different ways depending on the
-  // value of the tag.
-  // Atom regexps (literal strings).
-  static constexpr int kAtomPatternIndex = kFirstTypeSpecificIndex;
-  static constexpr int kAtomDataSize = kAtomPatternIndex + 1;
-
-  // A InstructionStream object or a Smi marker value equal to
-  // kUninitializedValue.
-  static constexpr int kIrregexpLatin1CodeIndex = kFirstTypeSpecificIndex;
-  static constexpr int kIrregexpUC16CodeIndex = kIrregexpLatin1CodeIndex + 1;
-  // A ByteArray object or a Smi marker value equal to kUninitializedValue.
-  static constexpr int kIrregexpLatin1BytecodeIndex =
-      kIrregexpUC16CodeIndex + 1;
-  static constexpr int kIrregexpUC16BytecodeIndex =
-      kIrregexpLatin1BytecodeIndex + 1;
-  // Maximal number of registers used by either Latin1 or UC16.
-  // Only used to check that there is enough stack space
-  static constexpr int kIrregexpMaxRegisterCountIndex =
-      kIrregexpUC16BytecodeIndex + 1;
-  // Number of captures in the compiled regexp.
-  static constexpr int kIrregexpCaptureCountIndex =
-      kIrregexpMaxRegisterCountIndex + 1;
-  // Maps names of named capture groups (at indices 2i) to their corresponding
-  // (1-based) capture group indices (at indices 2i + 1).
-  static constexpr int kIrregexpCaptureNameMapIndex =
-      kIrregexpCaptureCountIndex + 1;
-  // Tier-up ticks are set to the value of the tier-up ticks flag. The value is
-  // decremented on each execution of the bytecode, so that the tier-up
-  // happens once the ticks reach zero.
-  // This value is ignored if the regexp-tier-up flag isn't turned on.
-  static constexpr int kIrregexpTicksUntilTierUpIndex =
-      kIrregexpCaptureNameMapIndex + 1;
-  // A smi containing either the backtracking limit or kNoBacktrackLimit.
-  // TODO(jgruber): If needed, this limit could be packed into other fields
-  // above to save space.
-  static constexpr int kIrregexpBacktrackLimit =
-      kIrregexpTicksUntilTierUpIndex + 1;
-  static constexpr int kIrregexpDataSize = kIrregexpBacktrackLimit + 1;
-
-  // TODO(mbid,v8:10765): At the moment the EXPERIMENTAL data array conforms
-  // to the format of an IRREGEXP data array, with most fields set to some
-  // default/uninitialized value. This is because EXPERIMENTAL and IRREGEXP
-  // regexps take the same code path in `RegExpExecInternal`, which reads off
-  // various fields from the data array. `RegExpExecInternal` should probably
-  // distinguish between EXPERIMENTAL and IRREGEXP, and then we can get rid of
-  // all the IRREGEXP only fields.
-  static constexpr int kExperimentalDataSize = kIrregexpDataSize;
-
   // In-object fields.
   static constexpr int kLastIndexFieldIndex = 0;
   static constexpr int kInObjectFieldCount = 1;
 
   // The actual object size including in-object fields.
-  static constexpr int Size() {
-    return kHeaderSize + kInObjectFieldCount * kTaggedSize;
-  }
+  static constexpr int kSize = kHeaderSize + kInObjectFieldCount * kTaggedSize;
+  static constexpr int Size() { return kSize; }
 
   // Descriptor array index to important methods in the prototype.
   static constexpr int kExecFunctionDescriptorIndex = 1;
@@ -250,18 +136,168 @@ class JSRegExp : public TorqueGeneratedJSRegExp<JSRegExp, JSObject> {
   // Maximum number of captures allowed.
   static constexpr int kMaxCaptures = 1 << 16;
 
+  class BodyDescriptor;
+
  private:
   using FlagsBuffer = base::EmbeddedVector<char, kFlagCount + 1>;
   inline static const char* FlagsToString(Flags flags, FlagsBuffer* out_buffer);
 
-  inline Tagged<Object> DataAt(int index) const;
-  inline void SetDataAt(int index, Tagged<Object> value);
+  friend class RegExpData;
 
   TQ_OBJECT_CONSTRUCTORS(JSRegExp)
 };
 
 DEFINE_OPERATORS_FOR_FLAGS(JSRegExp::Flags)
 
+class RegExpDataWrapper;
+
+class RegExpData : public ExposedTrustedObject {
+ public:
+  enum class Type : uint8_t {
+    ATOM,          // A simple string match.
+    IRREGEXP,      // Compiled with Irregexp (code or bytecode).
+    EXPERIMENTAL,  // Compiled to use the experimental linear time engine.
+  };
+
+  inline Type type_tag() const;
+  inline void set_type_tag(Type);
+
+  DECL_ACCESSORS(source, Tagged<String>)
+
+  inline JSRegExp::Flags flags() const;
+  inline void set_flags(JSRegExp::Flags flags);
+
+  DECL_ACCESSORS(wrapper, Tagged<RegExpDataWrapper>)
+
+  inline int capture_count() const;
+
+  static constexpr bool TypeSupportsCaptures(Type t) {
+    return t == Type::IRREGEXP || t == Type::EXPERIMENTAL;
+  }
+
+  V8_EXPORT_PRIVATE bool HasCompiledCode() const;
+
+  DECL_PRINTER(RegExpData)
+  DECL_VERIFIER(RegExpData)
+
+#define FIELD_LIST(V)            \
+  V(kTypeTagOffset, kTaggedSize) \
+  V(kSourceOffset, kTaggedSize)  \
+  V(kFlagsOffset, kTaggedSize)   \
+  V(kWrapperOffset, kTaggedSize) \
+  V(kHeaderSize, 0)              \
+  V(kSize, 0)
+
+  DEFINE_FIELD_OFFSET_CONSTANTS(ExposedTrustedObject::kHeaderSize, FIELD_LIST)
+
+#undef FIELD_LIST
+
+  class BodyDescriptor;
+
+  OBJECT_CONSTRUCTORS(RegExpData, ExposedTrustedObject);
+};
+
+class RegExpDataWrapper : public Struct {
+ public:
+  DECL_TRUSTED_POINTER_ACCESSORS(data, RegExpData)
+
+  DECL_PRINTER(RegExpDataWrapper)
+  DECL_VERIFIER(RegExpDataWrapper)
+
+#define FIELD_LIST(V)                 \
+  V(kDataOffset, kTrustedPointerSize) \
+  V(kHeaderSize, 0)                   \
+  V(kSize, 0)
+
+  DEFINE_FIELD_OFFSET_CONSTANTS(Struct::kHeaderSize, FIELD_LIST)
+#undef FIELD_LIST
+
+  class BodyDescriptor;
+
+  OBJECT_CONSTRUCTORS(RegExpDataWrapper, Struct);
+};
+
+class AtomRegExpData : public RegExpData {
+ public:
+  DECL_ACCESSORS(pattern, Tagged<String>)
+
+  DECL_PRINTER(AtomRegExpData)
+  DECL_VERIFIER(AtomRegExpData)
+
+#define FIELD_LIST(V)            \
+  V(kPatternOffset, kTaggedSize) \
+  V(kHeaderSize, 0)              \
+  V(kSize, 0)
+
+  DEFINE_FIELD_OFFSET_CONSTANTS(RegExpData::kHeaderSize, FIELD_LIST)
+
+#undef FIELD_LIST
+
+  class BodyDescriptor;
+
+  OBJECT_CONSTRUCTORS(AtomRegExpData, RegExpData);
+};
+
+class IrRegExpData : public RegExpData {
+ public:
+  DECL_CODE_POINTER_ACCESSORS(latin1_code)
+  DECL_CODE_POINTER_ACCESSORS(uc16_code)
+  inline bool has_code(bool is_one_byte) const;
+  inline void set_code(bool is_one_byte, Tagged<Code> code);
+  inline Tagged<Code> code(IsolateForSandbox isolate, bool is_one_byte) const;
+  DECL_PROTECTED_POINTER_ACCESSORS(latin1_bytecode, TrustedByteArray)
+  DECL_PROTECTED_POINTER_ACCESSORS(uc16_bytecode, TrustedByteArray)
+  inline bool has_bytecode(bool is_one_byte) const;
+  inline void clear_bytecode(bool is_one_byte);
+  inline void set_bytecode(bool is_one_byte, Tagged<TrustedByteArray> bytecode);
+  inline Tagged<TrustedByteArray> bytecode(bool is_one_byte) const;
+  DECL_ACCESSORS(capture_name_map, Tagged<Object>)
+  inline void set_capture_name_map(Handle<FixedArray> capture_name_map);
+  DECL_INT_ACCESSORS(max_register_count)
+  // Number of captures (without the match itself).
+  DECL_INT_ACCESSORS(capture_count)
+  DECL_INT_ACCESSORS(ticks_until_tier_up)
+  DECL_INT_ACCESSORS(backtrack_limit)
+
+  bool CanTierUp();
+  bool MarkedForTierUp();
+  void ResetLastTierUpTick();
+  void TierUpTick();
+  void MarkTierUpForNextExec();
+  bool ShouldProduceBytecode();
+
+  void DiscardCompiledCodeForSerialization();
+
+  // Sets the bytecode as well as initializing trampoline slots to the
+  // RegExpExperimentalTrampoline.
+  void SetBytecodeForExperimental(Isolate* isolate,
+                                  Tagged<TrustedByteArray> bytecode);
+
+  DECL_PRINTER(IrRegExpData)
+  DECL_VERIFIER(IrRegExpData)
+
+#define FIELD_LIST(V)                             \
+  V(kLatin1BytecodeOffset, kProtectedPointerSize) \
+  V(kUc16BytecodeOffset, kProtectedPointerSize)   \
+  V(kLatin1CodeOffset, kCodePointerSize)          \
+  V(kUc16CodeOffset, kCodePointerSize)            \
+  V(kCaptureNameMapOffset, kTaggedSize)           \
+  V(kMaxRegisterCountOffset, kTaggedSize)         \
+  V(kCaptureCountOffset, kTaggedSize)             \
+  V(kTicksUntilTierUpOffset, kTaggedSize)         \
+  V(kBacktrackLimitOffset, kTaggedSize)           \
+  V(kHeaderSize, 0)                               \
+  V(kSize, 0)
+
+  DEFINE_FIELD_OFFSET_CONSTANTS(RegExpData::kHeaderSize, FIELD_LIST)
+
+#undef FIELD_LIST
+
+  class BodyDescriptor;
+
+  OBJECT_CONSTRUCTORS(IrRegExpData, RegExpData);
+};
+
 // JSRegExpResult is just a JSArray with a specific initial map.
 // This initial map adds in-object properties for "index" and "input"
 // properties, as assigned by RegExp.prototype.exec, which allows
@@ -328,8 +364,7 @@ class JSRegExpResultIndices
   TQ_OBJECT_CONSTRUCTORS(JSRegExpResultIndices)
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/js-regexp.tq b/deps/v8/src/objects/js-regexp.tq
index 01ab15272cf35f..e19a85fafe7452 100644
--- a/deps/v8/src/objects/js-regexp.tq
+++ b/deps/v8/src/objects/js-regexp.tq
@@ -14,8 +14,41 @@ bitfield struct JSRegExpFlags extends uint31 {
   unicode_sets: bool: 1 bit;
 }
 
+@cppObjectDefinition
+extern class RegExpData extends ExposedTrustedObject {
+  type_tag: Smi;
+  source: String;
+  flags: Smi;
+  wrapper: RegExpDataWrapper;
+}
+
+@cppObjectDefinition
+extern class AtomRegExpData extends RegExpData {
+  const pattern: String;
+}
+
+@cppObjectDefinition
+extern class IrRegExpData extends RegExpData {
+  // TODO(pthier): Change code pointers to ProtectedPointer<Code> once builtins
+  // reside in trusted space.
+  latin1_bytecode: ProtectedPointer<TrustedByteArray>;
+  uc16_bytecode: ProtectedPointer<TrustedByteArray>;
+  latin1_code: TrustedPointer<Code>;
+  uc16_code: TrustedPointer<Code>;
+  capture_name_map: FixedArray;
+  max_register_count: Smi;
+  capture_count: Smi;
+  ticks_until_tier_up: Smi;
+  backtrack_limit: Smi;
+}
+
+@cppObjectDefinition
+extern class RegExpDataWrapper extends Struct {
+  data: TrustedPointer<RegExpData>;
+}
+
 extern class JSRegExp extends JSObject {
-  data: FixedArray|Undefined;
+  data: TrustedPointer<RegExpData>;
   source: String|Undefined;
   flags: SmiTagged<JSRegExpFlags>|Undefined;
 }
diff --git a/deps/v8/src/objects/js-relative-time-format.cc b/deps/v8/src/objects/js-relative-time-format.cc
index fe4633d4be83b0..a0f884b236ef06 100644
--- a/deps/v8/src/objects/js-relative-time-format.cc
+++ b/deps/v8/src/objects/js-relative-time-format.cc
@@ -252,8 +252,9 @@ Handle<JSObject> JSRelativeTimeFormat::ResolvedOptions(
       format_holder->icu_formatter()->raw();
   DCHECK_NOT_NULL(formatter);
   Handle<JSObject> result = factory->NewJSObject(isolate->object_function());
-  Handle<String> locale(format_holder->locale(), isolate);
-  Handle<String> numberingSystem(format_holder->numberingSystem(), isolate);
+  DirectHandle<String> locale(format_holder->locale(), isolate);
+  DirectHandle<String> numberingSystem(format_holder->numberingSystem(),
+                                       isolate);
   JSObject::AddProperty(isolate, result, factory->locale_string(), locale,
                         NONE);
   JSObject::AddProperty(
@@ -341,7 +342,7 @@ MaybeHandle<T> FormatCommon(
     Handle<Object> value_obj, Handle<Object> unit_obj, const char* func_name,
     MaybeHandle<T> (*formatToResult)(Isolate*,
                                      const icu::FormattedRelativeDateTime&,
-                                     Handle<String>, bool)) {
+                                     DirectHandle<String>, bool)) {
   // 3. Let value be ? ToNumber(value).
   Handle<Object> value;
   ASSIGN_RETURN_ON_EXCEPTION(isolate, value,
@@ -382,7 +383,7 @@ MaybeHandle<T> FormatCommon(
 
 MaybeHandle<String> FormatToString(
     Isolate* isolate, const icu::FormattedRelativeDateTime& formatted,
-    Handle<String> unit, bool is_nan) {
+    DirectHandle<String> unit, bool is_nan) {
   UErrorCode status = U_ZERO_ERROR;
   icu::UnicodeString result = formatted.toString(status);
   if (U_FAILURE(status)) {
@@ -405,7 +406,7 @@ Maybe<bool> AddLiteral(Isolate* isolate, Handle<JSArray> array,
 
 Maybe<bool> AddUnit(Isolate* isolate, Handle<JSArray> array,
                     const icu::UnicodeString& string, int32_t index,
-                    const NumberFormatSpan& part, Handle<String> unit,
+                    const NumberFormatSpan& part, DirectHandle<String> unit,
                     bool is_nan) {
   Handle<String> substring;
   ASSIGN_RETURN_ON_EXCEPTION_VALUE(
@@ -420,7 +421,7 @@ Maybe<bool> AddUnit(Isolate* isolate, Handle<JSArray> array,
 
 MaybeHandle<JSArray> FormatToJSArray(
     Isolate* isolate, const icu::FormattedRelativeDateTime& formatted,
-    Handle<String> unit, bool is_nan) {
+    DirectHandle<String> unit, bool is_nan) {
   UErrorCode status = U_ZERO_ERROR;
   icu::UnicodeString string = formatted.toString(status);
 
diff --git a/deps/v8/src/objects/js-segment-iterator.cc b/deps/v8/src/objects/js-segment-iterator.cc
index f279188ed9def0..caf915e96ac2d6 100644
--- a/deps/v8/src/objects/js-segment-iterator.cc
+++ b/deps/v8/src/objects/js-segment-iterator.cc
@@ -120,12 +120,12 @@ MaybeHandle<JSReceiver> JSSegmentIterator::Next(
   if (segment_iterator->granularity() == JSSegmenter::Granularity::GRAPHEME &&
       start_index == end_index - 1) {
     // Fast path: use cached segment string and skip avoidable handle creations.
-    Handle<String> segment;
+    DirectHandle<String> segment;
     uint16_t code = segment_iterator->raw_string()->Get(start_index);
     if (code > unibrow::Latin1::kMaxChar) {
       segment = factory->LookupSingleCharacterStringFromCode(code);
     }
-    Handle<Number> index;
+    DirectHandle<Number> index;
     if (!Smi::IsValid(start_index)) index = factory->NewHeapNumber(start_index);
     DirectHandle<Map> map(
         isolate->native_context()->intl_segment_data_object_map(), isolate);
diff --git a/deps/v8/src/objects/js-segmenter.cc b/deps/v8/src/objects/js-segmenter.cc
index 544812e5dc6cbe..c3d7674a79724e 100644
--- a/deps/v8/src/objects/js-segmenter.cc
+++ b/deps/v8/src/objects/js-segmenter.cc
@@ -140,7 +140,7 @@ Handle<JSObject> JSSegmenter::ResolvedOptions(
   //     [[Locale]]                    "locale"
   //     [[SegmenterGranularity]]      "granularity"
 
-  Handle<String> locale(segmenter->locale(), isolate);
+  DirectHandle<String> locale(segmenter->locale(), isolate);
   JSObject::AddProperty(isolate, result, factory->locale_string(), locale,
                         NONE);
   JSObject::AddProperty(isolate, result, factory->granularity_string(),
diff --git a/deps/v8/src/objects/js-struct.cc b/deps/v8/src/objects/js-struct.cc
index b21cc6615d7b11..01207ed6b734b0 100644
--- a/deps/v8/src/objects/js-struct.cc
+++ b/deps/v8/src/objects/js-struct.cc
@@ -179,7 +179,7 @@ Handle<Map> JSSharedStruct::CreateInstanceMap(
   if (!maybe_registry_key.is_null()) num_descriptors++;
 
   // Create the DescriptorArray if there are fields or elements.
-  Handle<DescriptorArray> descriptors;
+  DirectHandle<DescriptorArray> descriptors;
   if (num_descriptors != 0) {
     descriptors = factory->NewDescriptorArray(num_descriptors, 0,
                                               AllocationType::kSharedOld);
diff --git a/deps/v8/src/objects/js-temporal-objects.cc b/deps/v8/src/objects/js-temporal-objects.cc
index 677e11008592e0..ea18b7fa5c3da6 100644
--- a/deps/v8/src/objects/js-temporal-objects.cc
+++ b/deps/v8/src/objects/js-temporal-objects.cc
@@ -4,37 +4,33 @@
 
 #include "src/objects/js-temporal-objects.h"
 
+#include <optional>
 #include <set>
 
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/date/date.h"
 #include "src/execution/isolate.h"
 #include "src/heap/factory.h"
 #include "src/numbers/conversions-inl.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/intl-objects.h"
-#include "src/objects/js-date-time-format.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-objects-inl.h"
 #include "src/objects/js-objects.h"
 #include "src/objects/js-temporal-objects-inl.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/managed-inl.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/objects-inl.h"
 #include "src/objects/option-utils.h"
 #include "src/objects/property-descriptor.h"
 #include "src/objects/string-set.h"
 #include "src/strings/string-builder-inl.h"
 #include "src/temporal/temporal-parser.h"
+
 #ifdef V8_INTL_SUPPORT
+#include "src/objects/intl-objects.h"
+#include "src/objects/js-date-time-format.h"
+#include "src/objects/managed-inl.h"
 #include "unicode/calendar.h"
 #include "unicode/unistr.h"
 #endif  // V8_INTL_SUPPORT
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 
@@ -920,7 +916,7 @@ MaybeHandle<JSTemporalPlainYearMonth> CreateTemporalYearMonth(
 // #sec-temporal-createtemporalzoneddatetime
 MaybeHandle<JSTemporalZonedDateTime> CreateTemporalZonedDateTime(
     Isolate* isolate, Handle<JSFunction> target, Handle<HeapObject> new_target,
-    Handle<BigInt> epoch_nanoseconds, DirectHandle<JSReceiver> time_zone,
+    DirectHandle<BigInt> epoch_nanoseconds, DirectHandle<JSReceiver> time_zone,
     DirectHandle<JSReceiver> calendar) {
   TEMPORAL_ENTER_FUNC();
   // 1. Assert: Type(epochNanoseconds) is BigInt.
@@ -946,7 +942,7 @@ MaybeHandle<JSTemporalZonedDateTime> CreateTemporalZonedDateTime(
 }
 
 MaybeHandle<JSTemporalZonedDateTime> CreateTemporalZonedDateTime(
-    Isolate* isolate, Handle<BigInt> epoch_nanoseconds,
+    Isolate* isolate, DirectHandle<BigInt> epoch_nanoseconds,
     DirectHandle<JSReceiver> time_zone, DirectHandle<JSReceiver> calendar) {
   TEMPORAL_ENTER_FUNC();
   return CreateTemporalZonedDateTime(isolate, CONSTRUCTOR(zoned_date_time),
@@ -1104,7 +1100,7 @@ namespace temporal {
 // #sec-temporal-createtemporalinstant
 MaybeHandle<JSTemporalInstant> CreateTemporalInstant(
     Isolate* isolate, Handle<JSFunction> target, Handle<HeapObject> new_target,
-    Handle<BigInt> epoch_nanoseconds) {
+    DirectHandle<BigInt> epoch_nanoseconds) {
   TEMPORAL_ENTER_FUNC();
   // 1. Assert: Type(epochNanoseconds) is BigInt.
   // 2. Assert: ! IsValidEpochNanoseconds(epochNanoseconds) is true.
@@ -1121,7 +1117,7 @@ MaybeHandle<JSTemporalInstant> CreateTemporalInstant(
 }
 
 MaybeHandle<JSTemporalInstant> CreateTemporalInstant(
-    Isolate* isolate, Handle<BigInt> epoch_nanoseconds) {
+    Isolate* isolate, DirectHandle<BigInt> epoch_nanoseconds) {
   TEMPORAL_ENTER_FUNC();
   return CreateTemporalInstant(isolate, CONSTRUCTOR(instant),
                                CONSTRUCTOR(instant), epoch_nanoseconds);
@@ -1235,7 +1231,7 @@ namespace {
 Handle<JSTemporalInstant> SystemInstant(Isolate* isolate) {
   TEMPORAL_ENTER_FUNC();
   // 1. Let ns be ! SystemUTCEpochNanoseconds().
-  Handle<BigInt> ns = SystemUTCEpochNanoseconds(isolate);
+  DirectHandle<BigInt> ns = SystemUTCEpochNanoseconds(isolate);
   // 2. Return ? CreateTemporalInstant(ns).
   return temporal::CreateTemporalInstant(isolate, ns).ToHandleChecked();
 }
@@ -1662,7 +1658,7 @@ Handle<String> TemporalTimeToString(
 namespace temporal {
 MaybeHandle<JSTemporalPlainDateTime> BuiltinTimeZoneGetPlainDateTimeFor(
     Isolate* isolate, Handle<JSReceiver> time_zone,
-    Handle<JSTemporalInstant> instant, Handle<JSReceiver> calendar,
+    Handle<JSTemporalInstant> instant, DirectHandle<JSReceiver> calendar,
     const char* method_name) {
   TEMPORAL_ENTER_FUNC();
   // 1. Let offsetNanoseconds be ? GetOffsetNanosecondsFor(timeZone, instant).
@@ -1808,7 +1804,7 @@ MaybeHandle<JSTemporalInstant> DisambiguatePossibleInstants(
 
   // 8. Let dayBeforeNs be epochNanoseconds - ℤ(nsPerDay).
   Handle<BigInt> one_day_in_ns = BigInt::FromUint64(isolate, 86400000000000ULL);
-  Handle<BigInt> day_before_ns =
+  DirectHandle<BigInt> day_before_ns =
       BigInt::Subtract(isolate, epoch_nanoseconds, one_day_in_ns)
           .ToHandleChecked();
   // 9. If ! IsValidEpochNanoseconds(dayBeforeNs) is false, throw a RangeError
@@ -1820,7 +1816,7 @@ MaybeHandle<JSTemporalInstant> DisambiguatePossibleInstants(
   Handle<JSTemporalInstant> day_before =
       temporal::CreateTemporalInstant(isolate, day_before_ns).ToHandleChecked();
   // 11. Let dayAfterNs be epochNanoseconds + ℤ(nsPerDay).
-  Handle<BigInt> day_after_ns =
+  DirectHandle<BigInt> day_after_ns =
       BigInt::Add(isolate, epoch_nanoseconds, one_day_in_ns).ToHandleChecked();
   // 12. If ! IsValidEpochNanoseconds(dayAfterNs) is false, throw a RangeError
   // exception.
@@ -2266,8 +2262,8 @@ MaybeHandle<JSTemporalInstant> ToTemporalInstant(Isolate* isolate,
   // b. If item has an [[InitializedTemporalZonedDateTime]] internal slot, then
   if (IsJSTemporalZonedDateTime(*item)) {
     // i. Return ! CreateTemporalInstant(item.[[Nanoseconds]]).
-    Handle<BigInt> nanoseconds =
-        handle(Cast<JSTemporalZonedDateTime>(*item)->nanoseconds(), isolate);
+    DirectHandle<BigInt> nanoseconds(
+        Cast<JSTemporalZonedDateTime>(*item)->nanoseconds(), isolate);
     return temporal::CreateTemporalInstant(isolate, nanoseconds)
         .ToHandleChecked();
   }
@@ -2970,7 +2966,7 @@ MaybeHandle<JSReceiver> ToTemporalTimeZone(
     Handle<String> name = Cast<String>(parse_result.name);
     // b. If ParseText(StringToCodePoints(name, TimeZoneNumericUTCOffset)) is
     // a List of errors, then
-    base::Optional<ParsedISO8601Result> parsed_offset =
+    std::optional<ParsedISO8601Result> parsed_offset =
         TemporalParser::ParseTimeZoneNumericUTCOffset(isolate, name);
     if (!parsed_offset.has_value()) {
       // i. If ! IsValidTimeZoneName(name) is false, throw a RangeError
@@ -3053,7 +3049,7 @@ MaybeHandle<JSTemporalZonedDateTime> SystemZonedDateTime(
       isolate, calendar,
       temporal::ToTemporalCalendar(isolate, calendar_like, method_name));
   // 4. Let ns be ! SystemUTCEpochNanoseconds().
-  Handle<BigInt> ns = SystemUTCEpochNanoseconds(isolate);
+  DirectHandle<BigInt> ns = SystemUTCEpochNanoseconds(isolate);
   // Return ? CreateTemporalZonedDateTime(ns, timeZone, calendar).
   return CreateTemporalZonedDateTime(isolate, ns, time_zone, calendar);
 }
@@ -3364,7 +3360,7 @@ Maybe<DateTimeRecordWithCalendar> ParseISODateTime(Isolate* isolate,
 
   // a. If parseResult is not a Parse Node, set parseResult to
   // ParseText(StringToCodePoints(isoString), goal).
-  base::Optional<ParsedISO8601Result> parsed;
+  std::optional<ParsedISO8601Result> parsed;
   if ((parsed =
            TemporalParser::ParseTemporalDateTimeString(isolate, iso_string))
           .has_value() ||
@@ -3549,7 +3545,7 @@ Maybe<TimeRecordWithCalendar> ParseTemporalTimeString(
   // 1. Assert: Type(isoString) is String.
   // 2. If isoString does not satisfy the syntax of a TemporalTimeString
   // (see 13.33), then
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalTimeString(isolate, iso_string);
   if (!parsed.has_value()) {
     // a. Throw a *RangeError* exception.
@@ -3586,7 +3582,7 @@ Maybe<InstantRecord> ParseTemporalInstantString(Isolate* isolate,
 
   // 1. If ParseText(StringToCodePoints(isoString), TemporalInstantString) is a
   // List of errors, throw a RangeError exception.
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalInstantString(isolate, iso_string);
   if (!parsed.has_value()) {
     THROW_NEW_ERROR_RETURN_VALUE(isolate,
@@ -3630,7 +3626,7 @@ Maybe<DateTimeRecordWithCalendar> ParseTemporalRelativeToString(
 
   // 1. If ParseText(StringToCodePoints(isoString), TemporalDateTimeString) is a
   // List of errors, throw a RangeError exception.
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalDateTimeString(isolate, iso_string);
   if (!parsed.has_value()) {
     // a. Throw a *RangeError* exception.
@@ -3692,7 +3688,7 @@ Maybe<DateTimeRecordWithCalendar> ParseTemporalZonedDateTimeString(
   TEMPORAL_ENTER_FUNC();
   // 1. If ParseText(StringToCodePoints(isoString), TemporalZonedDateTimeString)
   // is a List of errors, throw a RangeError exception.
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalZonedDateTimeString(isolate, iso_string);
   if (!parsed.has_value()) {
     THROW_NEW_ERROR_RETURN_VALUE(isolate,
@@ -3746,7 +3742,7 @@ Maybe<DurationRecord> ParseTemporalDurationString(Isolate* isolate,
   // DurationWholeMinutes, DurationMinutesFraction, DurationWholeSeconds, and
   // DurationSecondsFraction Parse Node enclosed by duration, or an empty
   // sequence of code points if not present.
-  base::Optional<ParsedISO8601Duration> parsed =
+  std::optional<ParsedISO8601Duration> parsed =
       TemporalParser::ParseTemporalDurationString(isolate, iso_string);
   if (!parsed.has_value()) {
     THROW_NEW_ERROR_RETURN_VALUE(isolate,
@@ -3875,7 +3871,7 @@ Maybe<TimeZoneRecord> ParseTemporalTimeZoneString(
 
   // 1. Let parseResult be ParseText(StringToCodePoints(timeZoneString),
   // TimeZoneIdentifier).
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTimeZoneIdentifier(isolate, time_zone_string);
   // 2. If parseResult is a Parse Node, then
   if (parsed.has_value()) {
@@ -3912,7 +3908,7 @@ Maybe<int64_t> ParseTimeZoneOffsetString(Isolate* isolate,
   // 1. Assert: Type(offsetString) is String.
   // 2. If offsetString does not satisfy the syntax of a
   // TimeZoneNumericUTCOffset (see 13.33), then
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTimeZoneNumericUTCOffset(isolate, iso_string);
   if (!parsed.has_value()) {
     /* a. Throw a RangeError exception. */
@@ -3966,7 +3962,7 @@ bool IsValidTimeZoneNumericUTCOffsetString(Isolate* isolate,
                                            Handle<String> iso_string) {
   TEMPORAL_ENTER_FUNC();
 
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTimeZoneNumericUTCOffset(isolate, iso_string);
   return parsed.has_value();
 }
@@ -3997,7 +3993,7 @@ MaybeHandle<String> ParseTemporalCalendarString(Isolate* isolate,
     isolate->clear_exception();
     // a. Set parseResult to ParseText(StringToCodePoints(isoString),
     // CalendarName).
-    base::Optional<ParsedISO8601Result> parsed =
+    std::optional<ParsedISO8601Result> parsed =
         TemporalParser::ParseCalendarName(isolate, iso_string);
     // b. If parseResult is a List of errors, throw a RangeError exception.
     if (!parsed.has_value()) {
@@ -5178,7 +5174,7 @@ Maybe<BalancePossiblyInfiniteDurationResult> BalancePossiblyInfiniteDuration(
   DirectHandle<BigInt> thousand = BigInt::FromInt64(isolate, 1000);
   DirectHandle<BigInt> sixty = BigInt::FromInt64(isolate, 60);
   Handle<BigInt> zero = BigInt::FromInt64(isolate, 0);
-  Handle<BigInt> hours = zero;
+  DirectHandle<BigInt> hours = zero;
   Handle<BigInt> minutes = zero;
   Handle<BigInt> seconds = zero;
   Handle<BigInt> milliseconds = zero;
@@ -8202,7 +8198,7 @@ MaybeHandle<Object> ToRelativeTemporalObject(Isolate* isolate,
       // TimeZoneNumericUTCOffset) is a List of errors, then
       DCHECK(IsString(*time_zone_name_obj));
       Handle<String> time_zone_name = Cast<String>(time_zone_name_obj);
-      base::Optional<ParsedISO8601Result> parsed =
+      std::optional<ParsedISO8601Result> parsed =
           TemporalParser::ParseTimeZoneNumericUTCOffset(isolate,
                                                         time_zone_name);
       if (!parsed.has_value()) {
@@ -11001,7 +10997,7 @@ MaybeHandle<Object> GetTransition(Isolate* isolate,
     return isolate->factory()->null_value();
   }
   DCHECK(IsBigInt(*transition_obj));
-  Handle<BigInt> transition = Cast<BigInt>(transition_obj);
+  DirectHandle<BigInt> transition = Cast<BigInt>(transition_obj);
   // 7. Return ! CreateTemporalInstant(transition).
   return temporal::CreateTemporalInstant(isolate, transition).ToHandleChecked();
 }
@@ -11029,7 +11025,8 @@ MaybeHandle<JSArray> GetIANATimeZoneEpochValueAsArrayOfInstantForUTC(
     Isolate* isolate, const DateTimeRecord& date_time) {
   Factory* factory = isolate->factory();
   // 6. Let possibleInstants be a new empty List.
-  Handle<BigInt> epoch_nanoseconds = GetEpochFromISOParts(isolate, date_time);
+  DirectHandle<BigInt> epoch_nanoseconds =
+      GetEpochFromISOParts(isolate, date_time);
   DirectHandle<FixedArray> fixed_array = factory->NewFixedArray(1);
   // 7. For each value epochNanoseconds in possibleEpochNanoseconds, do
   // a. If ! IsValidEpochNanoseconds(epochNanoseconds) is false, throw a
@@ -11068,7 +11065,7 @@ MaybeHandle<JSArray> GetIANATimeZoneEpochValueAsArrayOfInstant(
   DirectHandle<FixedArray> fixed_array = factory->NewFixedArray(array_length);
 
   for (int32_t i = 0; i < array_length; i++) {
-    Handle<BigInt> epoch_nanoseconds =
+    DirectHandle<BigInt> epoch_nanoseconds =
         BigInt::Subtract(isolate, nanoseconds_in_local_time, possible_offset[i])
             .ToHandleChecked();
     // a. If ! IsValidEpochNanoseconds(epochNanoseconds) is false, throw a
@@ -11647,7 +11644,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalPlainDate::ToZonedDateTime(
   }
   // 5. If temporalTime is undefined, then
   Handle<JSTemporalPlainDateTime> temporal_date_time;
-  Handle<JSReceiver> calendar(temporal_date->calendar(), isolate);
+  DirectHandle<JSReceiver> calendar(temporal_date->calendar(), isolate);
   if (IsUndefined(*temporal_time_obj)) {
     // a. Let temporalDateTime be ?
     // CreateTemporalDateTime(temporalDate.[[ISOYear]],
@@ -12138,7 +12135,7 @@ Maybe<DateTimeRecordWithCalendar> ParseTemporalDateTimeString(
   // 1. Assert: Type(isoString) is String.
   // 2. If isoString does not satisfy the syntax of a TemporalDateTimeString
   // (see 13.33), then
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalDateTimeString(isolate, iso_string);
   if (!parsed.has_value()) {
     // a. Throw a *RangeError* exception.
@@ -13321,7 +13318,7 @@ Maybe<DateRecordWithCalendar> ParseTemporalMonthDayString(
   // 1. Assert: Type(isoString) is String.
   // 2. If isoString does not satisfy the syntax of a TemporalMonthDayString
   // (see 13.33), then
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalMonthDayString(isolate, iso_string);
   if (!parsed.has_value()) {
     // a. Throw a *RangeError* exception.
@@ -13795,7 +13792,7 @@ Maybe<DateRecordWithCalendar> ParseTemporalYearMonthString(
   // 1. Assert: Type(isoString) is String.
   // 2. If isoString does not satisfy the syntax of a TemporalYearMonthString
   // (see 13.33), then
-  base::Optional<ParsedISO8601Result> parsed =
+  std::optional<ParsedISO8601Result> parsed =
       TemporalParser::ParseTemporalYearMonthString(isolate, iso_string);
   if (!parsed.has_value()) {
     THROW_NEW_ERROR_RETURN_VALUE(isolate,
@@ -14447,7 +14444,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalPlainTime::ToZonedDateTime(
   // temporalTime.[[ISOMinute]], temporalTime.[[ISOSecond]],
   // temporalTime.[[ISOMillisecond]], temporalTime.[[ISOMicrosecond]],
   // temporalTime.[[ISONanosecond]], temporalDate.[[Calendar]]).
-  Handle<JSReceiver> calendar(temporal_date->calendar(), isolate);
+  DirectHandle<JSReceiver> calendar(temporal_date->calendar(), isolate);
   Handle<JSTemporalPlainDateTime> temporal_date_time;
   ASSIGN_RETURN_ON_EXCEPTION(
       isolate, temporal_date_time,
@@ -15651,7 +15648,7 @@ MaybeHandle<Object> JSTemporalZonedDateTime::HoursInDay(
           .ToHandleChecked();
 
   // 5. Let isoCalendar be ! GetISO8601Calendar().
-  Handle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
+  DirectHandle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
 
   // 6. Let temporalDateTime be ? BuiltinTimeZoneGetPlainDateTimeFor(timeZone,
   // instant, isoCalendar).
@@ -15840,7 +15837,7 @@ MaybeHandle<JSTemporalZonedDateTime> ToTemporalZonedDateTime(
 
     // f. If ParseText(StringToCodePoints(timeZoneName),
     // TimeZoneNumericUTCOffset) is a List of errors, then
-    base::Optional<ParsedISO8601Result> parsed =
+    std::optional<ParsedISO8601Result> parsed =
         TemporalParser::ParseTimeZoneNumericUTCOffset(isolate, time_zone_name);
     if (!parsed.has_value()) {
       // i. If ! IsValidTimeZoneName(timeZoneName) is false, throw a RangeError
@@ -16077,7 +16074,7 @@ MaybeHandle<BigInt> InterpretISODateTimeOffset(
 
   // 1. Assert: offsetNanoseconds is an integer or undefined.
   // 2. Let calendar be ! GetISO8601Calendar().
-  Handle<JSReceiver> calendar = temporal::GetISO8601Calendar(isolate);
+  DirectHandle<JSReceiver> calendar = temporal::GetISO8601Calendar(isolate);
 
   // 3. Let dateTime be ? CreateTemporalDateTime(year, month, day, hour, minute,
   // second, millisecond, microsecond, nanosecond, calendar).
@@ -16335,7 +16332,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::WithCalendar(
 
   // 4. Return ? CreateTemporalZonedDateTime(zonedDateTime.[[Nanoseconds]],
   // zonedDateTime.[[TimeZone]], calendar).
-  Handle<BigInt> nanoseconds(zoned_date_time->nanoseconds(), isolate);
+  DirectHandle<BigInt> nanoseconds(zoned_date_time->nanoseconds(), isolate);
   DirectHandle<JSReceiver> time_zone(zoned_date_time->time_zone(), isolate);
   return CreateTemporalZonedDateTime(isolate, nanoseconds, time_zone, calendar);
 }
@@ -16441,7 +16438,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::WithPlainTime(
           isolate, handle(zoned_date_time->nanoseconds(), isolate))
           .ToHandleChecked();
   // 7. Let calendar be zonedDateTime.[[Calendar]].
-  Handle<JSReceiver> calendar(zoned_date_time->calendar(), isolate);
+  DirectHandle<JSReceiver> calendar(zoned_date_time->calendar(), isolate);
   // 8. Let plainDateTime be ?
   // temporal::BuiltinTimeZoneGetPlainDateTimeFor(timeZone, instant, calendar).
   Handle<JSTemporalPlainDateTime> plain_date_time;
@@ -16495,7 +16492,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::WithTimeZone(
 
   // 4. Return ? CreateTemporalZonedDateTime(zonedDateTime.[[Nanoseconds]],
   // timeZone, zonedDateTime.[[Calendar]]).
-  Handle<BigInt> nanoseconds(zoned_date_time->nanoseconds(), isolate);
+  DirectHandle<BigInt> nanoseconds(zoned_date_time->nanoseconds(), isolate);
   DirectHandle<JSReceiver> calendar(zoned_date_time->calendar(), isolate);
   return CreateTemporalZonedDateTime(isolate, nanoseconds, time_zone, calendar);
 }
@@ -16578,7 +16575,7 @@ MaybeHandle<String> TemporalZonedDateTimeToString(
     Unit unit, RoundingMode rounding_mode, const char* method_name) {
   // 4. Let ns be ! RoundTemporalInstant(zonedDateTime.[[Nanoseconds]],
   // increment, unit, roundingMode).
-  Handle<BigInt> ns = RoundTemporalInstant(
+  DirectHandle<BigInt> ns = RoundTemporalInstant(
       isolate, handle(zoned_date_time->nanoseconds(), isolate), increment, unit,
       rounding_mode);
 
@@ -16873,7 +16870,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::Round(
       temporal::BuiltinTimeZoneGetPlainDateTimeFor(isolate, time_zone, instant,
                                                    calendar, method_name));
   // 13. Let isoCalendar be ! GetISO8601Calendar().
-  Handle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
+  DirectHandle<JSReceiver> iso_calendar = temporal::GetISO8601Calendar(isolate);
 
   // 14. Let dtStart be ? CreateTemporalDateTime(temporalDateTime.[[ISOYear]],
   // temporalDateTime.[[ISOMonth]], temporalDateTime.[[ISODay]], 0, 0, 0, 0, 0,
@@ -16904,7 +16901,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::Round(
       AddZonedDateTime(isolate, start_ns, time_zone, calendar,
                        {0, 0, 0, {1, 0, 0, 0, 0, 0, 0}}, method_name));
   // 18. Let dayLengthNs be ℝ(endNs - startNs).
-  Handle<BigInt> day_length_ns =
+  DirectHandle<BigInt> day_length_ns =
       BigInt::Subtract(isolate, end_ns, start_ns).ToHandleChecked();
   // 19. If dayLengthNs ≤ 0, then
   if (day_length_ns->IsNegative() || !day_length_ns->ToBoolean()) {
@@ -17347,7 +17344,7 @@ MaybeHandle<JSTemporalZonedDateTime> JSTemporalZonedDateTime::StartOfDay(
   // 3. Let timeZone be zonedDateTime.[[TimeZone]].
   Handle<JSReceiver> time_zone(zoned_date_time->time_zone(), isolate);
   // 4. Let calendar be zonedDateTime.[[Calendar]].
-  Handle<JSReceiver> calendar(zoned_date_time->calendar(), isolate);
+  DirectHandle<JSReceiver> calendar(zoned_date_time->calendar(), isolate);
   // 5. Let instant be ! CreateTemporalInstant(zonedDateTime.[[Nanoseconds]]).
   Handle<JSTemporalInstant> instant =
       temporal::CreateTemporalInstant(
@@ -17824,7 +17821,7 @@ MaybeHandle<JSTemporalInstant> JSTemporalInstant::Round(
       Handle<JSTemporalInstant>());
   // 15. Let roundedNs be ! RoundTemporalInstant(instant.[[Nanoseconds]],
   // roundingIncrement, smallestUnit, roundingMode).
-  Handle<BigInt> rounded_ns = RoundTemporalInstant(
+  DirectHandle<BigInt> rounded_ns = RoundTemporalInstant(
       isolate, Handle<BigInt>(handle->nanoseconds(), isolate),
       rounding_increment, smallest_unit, rounding_mode);
   // 16. Return ! CreateTemporalInstant(roundedNs).
@@ -18049,7 +18046,7 @@ MaybeHandle<String> JSTemporalInstant::ToString(
       Handle<String>());
   // 8. Let roundedNs be ! RoundTemporalInstant(instant.[[Nanoseconds]],
   // precision.[[Increment]], precision.[[Unit]], roundingMode).
-  Handle<BigInt> rounded_ns =
+  DirectHandle<BigInt> rounded_ns =
       RoundTemporalInstant(isolate, handle(instant->nanoseconds(), isolate),
                            precision.increment, precision.unit, rounding_mode);
 
@@ -18455,5 +18452,4 @@ MaybeHandle<JSTemporalInstant> BuiltinTimeZoneGetInstantForCompatible(
 }
 
 }  // namespace temporal
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/js-temporal-objects.h b/deps/v8/src/objects/js-temporal-objects.h
index 61ab3da6ae1d21..393d38cb5922db 100644
--- a/deps/v8/src/objects/js-temporal-objects.h
+++ b/deps/v8/src/objects/js-temporal-objects.h
@@ -1092,9 +1092,9 @@ MaybeHandle<JSTemporalTimeZone> CreateTemporalTimeZone(
 // #sec-temporal-createtemporalinstant
 V8_WARN_UNUSED_RESULT MaybeHandle<JSTemporalInstant> CreateTemporalInstant(
     Isolate* isolate, Handle<JSFunction> target, Handle<HeapObject> new_target,
-    Handle<BigInt> epoch_nanoseconds);
+    DirectHandle<BigInt> epoch_nanoseconds);
 V8_WARN_UNUSED_RESULT MaybeHandle<JSTemporalInstant> CreateTemporalInstant(
-    Isolate* isolate, Handle<BigInt> epoch_nanoseconds);
+    Isolate* isolate, DirectHandle<BigInt> epoch_nanoseconds);
 
 // #sec-temporal-calendaryear
 #define DECLARE_CALENDAR_ABSTRACT_INT_OPERATION(Name)    \
@@ -1133,7 +1133,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<JSTemporalPlainDateTime>
 BuiltinTimeZoneGetPlainDateTimeFor(Isolate* isolate,
                                    Handle<JSReceiver> time_zone,
                                    Handle<JSTemporalInstant> instant,
-                                   Handle<JSReceiver> calendar,
+                                   DirectHandle<JSReceiver> calendar,
                                    const char* method_name);
 
 V8_WARN_UNUSED_RESULT MaybeHandle<Object> InvokeCalendarMethod(
diff --git a/deps/v8/src/objects/keys.cc b/deps/v8/src/objects/keys.cc
index b76b409eba86e6..9d1cda45e4ed65 100644
--- a/deps/v8/src/objects/keys.cc
+++ b/deps/v8/src/objects/keys.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/keys.h"
 
+#include <optional>
+
 #include "src/api/api-arguments-inl.h"
 #include "src/api/api.h"
 #include "src/common/assert-scope.h"
@@ -25,8 +27,7 @@
 #include "src/utils/identity-map.h"
 #include "src/zone/zone-hashmap.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #define RETURN_NOTHING_IF_NOT_SUCCESSFUL(call) \
   do {                                         \
@@ -242,7 +243,7 @@ Maybe<bool> KeyAccumulator::AddKeysFromJSProxy(DirectHandle<JSProxy> proxy,
   return Just(true);
 }
 
-Maybe<bool> KeyAccumulator::CollectKeys(Handle<JSReceiver> receiver,
+Maybe<bool> KeyAccumulator::CollectKeys(DirectHandle<JSReceiver> receiver,
                                         Handle<JSReceiver> object) {
   // Proxies have no hidden prototype and we should not trigger the
   // [[GetPrototypeOf]] trap on the last iteration when using
@@ -538,7 +539,7 @@ Handle<FixedArray> FastKeyAccumulator::InitializeFastPropertyEnumCache(
   DCHECK_EQ(index, keys->length());
 
   // Optionally also create the indices array.
-  Handle<FixedArray> indices = isolate->factory()->empty_fixed_array();
+  DirectHandle<FixedArray> indices = isolate->factory()->empty_fixed_array();
   if (fields_only) {
     indices = isolate->factory()->NewFixedArray(enum_length, allocation);
     index = 0;
@@ -779,7 +780,7 @@ Maybe<bool> KeyAccumulator::CollectInterceptorKeys(
 }
 
 Maybe<bool> KeyAccumulator::CollectOwnElementIndices(
-    Handle<JSReceiver> receiver, Handle<JSObject> object) {
+    DirectHandle<JSReceiver> receiver, Handle<JSObject> object) {
   if (filter_ & SKIP_STRINGS || skip_indices_) return Just(true);
 
   ElementsAccessor* accessor = object->GetElementsAccessor();
@@ -791,7 +792,7 @@ Maybe<bool> KeyAccumulator::CollectOwnElementIndices(
 namespace {
 
 template <bool skip_symbols>
-base::Optional<int> CollectOwnPropertyNamesInternal(
+std::optional<int> CollectOwnPropertyNamesInternal(
     DirectHandle<JSObject> object, KeyAccumulator* keys,
     DirectHandle<DescriptorArray> descs, int start_index, int limit) {
   AllowGarbageCollection allow_gc;
@@ -823,7 +824,7 @@ base::Optional<int> CollectOwnPropertyNamesInternal(
       continue;
     } else {
       if (keys->AddKey(key, DO_NOT_CONVERT) != ExceptionStatus::kSuccess) {
-        return base::Optional<int>();
+        return std::optional<int>();
       }
     }
   }
@@ -1000,10 +1001,10 @@ ExceptionStatus CollectKeysFromDictionary(Handle<Dictionary> dictionary,
 
 }  // namespace
 
-Maybe<bool> KeyAccumulator::CollectOwnPropertyNames(Handle<JSReceiver> receiver,
-                                                    Handle<JSObject> object) {
+Maybe<bool> KeyAccumulator::CollectOwnPropertyNames(
+    DirectHandle<JSReceiver> receiver, Handle<JSObject> object) {
   if (filter_ == ENUMERABLE_STRINGS) {
-    Handle<FixedArray> enum_keys;
+    DirectHandle<FixedArray> enum_keys;
     if (object->HasFastProperties()) {
       enum_keys = KeyAccumulator::GetOwnEnumPropertyKeys(isolate_, object);
       // If the number of properties equals the length of enumerable properties
@@ -1052,7 +1053,7 @@ Maybe<bool> KeyAccumulator::CollectOwnPropertyNames(Handle<JSReceiver> receiver,
       DirectHandle<DescriptorArray> descs(
           object->map()->instance_descriptors(isolate_), isolate_);
       // First collect the strings,
-      base::Optional<int> first_symbol =
+      std::optional<int> first_symbol =
           CollectOwnPropertyNamesInternal<true>(object, this, descs, 0, limit);
       // then the symbols.
       RETURN_NOTHING_IF_NOT_SUCCESSFUL(first_symbol);
@@ -1124,7 +1125,7 @@ Maybe<bool> KeyAccumulator::CollectAccessCheckInterceptorKeys(
 
 // Returns |true| on success, |false| if prototype walking should be stopped,
 // |nothing| if an exception was thrown.
-Maybe<bool> KeyAccumulator::CollectOwnKeys(Handle<JSReceiver> receiver,
+Maybe<bool> KeyAccumulator::CollectOwnKeys(DirectHandle<JSReceiver> receiver,
                                            Handle<JSObject> object) {
   // Check access rights if required.
   if (IsAccessCheckNeeded(*object) &&
@@ -1206,7 +1207,7 @@ class NameComparator {
 // ES6 #sec-proxy-object-internal-methods-and-internal-slots-ownpropertykeys
 // Returns |true| on success, |nothing| in case of exception.
 Maybe<bool> KeyAccumulator::CollectOwnJSProxyKeys(
-    DirectHandle<JSReceiver> receiver, Handle<JSProxy> proxy) {
+    DirectHandle<JSReceiver> receiver, DirectHandle<JSProxy> proxy) {
   STACK_CHECK(isolate_, Nothing<bool>());
   if (filter_ == PRIVATE_NAMES_ONLY) {
     if (V8_ENABLE_SWISS_NAME_DICTIONARY_BOOL) {
@@ -1378,7 +1379,7 @@ Maybe<bool> KeyAccumulator::CollectOwnJSProxyKeys(
 }
 
 Maybe<bool> KeyAccumulator::CollectOwnJSProxyTargetKeys(
-    Handle<JSProxy> proxy, Handle<JSReceiver> target) {
+    DirectHandle<JSProxy> proxy, Handle<JSReceiver> target) {
   // TODO(cbruni): avoid creating another KeyAccumulator
   Handle<FixedArray> keys;
   ASSIGN_RETURN_ON_EXCEPTION_VALUE(
@@ -1393,5 +1394,4 @@ Maybe<bool> KeyAccumulator::CollectOwnJSProxyTargetKeys(
 
 #undef RETURN_NOTHING_IF_NOT_SUCCESSFUL
 #undef RETURN_FAILURE_IF_NOT_SUCCESSFUL
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/keys.h b/deps/v8/src/objects/keys.h
index 0254e79f0c3616..cfdc5429ec9b41 100644
--- a/deps/v8/src/objects/keys.h
+++ b/deps/v8/src/objects/keys.h
@@ -64,7 +64,7 @@ class KeyAccumulator final {
 
   Handle<FixedArray> GetKeys(
       GetKeysConversion convert = GetKeysConversion::kKeepNumbers);
-  Maybe<bool> CollectKeys(Handle<JSReceiver> receiver,
+  Maybe<bool> CollectKeys(DirectHandle<JSReceiver> receiver,
                           Handle<JSReceiver> object);
 
   // Might return directly the object's enum_cache, copy the result before using
@@ -109,15 +109,15 @@ class KeyAccumulator final {
                                      DirectHandle<JSObject> object,
                                      IndexedOrNamed type);
 
-  Maybe<bool> CollectOwnElementIndices(Handle<JSReceiver> receiver,
+  Maybe<bool> CollectOwnElementIndices(DirectHandle<JSReceiver> receiver,
                                        Handle<JSObject> object);
-  Maybe<bool> CollectOwnPropertyNames(Handle<JSReceiver> receiver,
+  Maybe<bool> CollectOwnPropertyNames(DirectHandle<JSReceiver> receiver,
                                       Handle<JSObject> object);
-  Maybe<bool> CollectOwnKeys(Handle<JSReceiver> receiver,
+  Maybe<bool> CollectOwnKeys(DirectHandle<JSReceiver> receiver,
                              Handle<JSObject> object);
   Maybe<bool> CollectOwnJSProxyKeys(DirectHandle<JSReceiver> receiver,
-                                    Handle<JSProxy> proxy);
-  Maybe<bool> CollectOwnJSProxyTargetKeys(Handle<JSProxy> proxy,
+                                    DirectHandle<JSProxy> proxy);
+  Maybe<bool> CollectOwnJSProxyTargetKeys(DirectHandle<JSProxy> proxy,
                                           Handle<JSReceiver> target);
 
   V8_WARN_UNUSED_RESULT ExceptionStatus FilterForEnumerableProperties(
diff --git a/deps/v8/src/objects/literal-objects-inl.h b/deps/v8/src/objects/literal-objects-inl.h
index 5ef31c1caa38d2..cc3690e9cba66e 100644
--- a/deps/v8/src/objects/literal-objects-inl.h
+++ b/deps/v8/src/objects/literal-objects-inl.h
@@ -5,15 +5,15 @@
 #ifndef V8_OBJECTS_LITERAL_OBJECTS_INL_H_
 #define V8_OBJECTS_LITERAL_OBJECTS_INL_H_
 
-#include "src/objects/literal-objects.h"
+#include <optional>
 
+#include "src/objects/literal-objects.h"
 #include "src/objects/objects-inl.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/literal-objects-tq-inl.inc"
 
@@ -44,7 +44,7 @@ Handle<ObjectBoilerplateDescription> ObjectBoilerplateDescription::New(
   // empty_object_boilerplate_description here since `flags` may be modified
   // even on empty descriptions.
 
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   auto result = Cast<ObjectBoilerplateDescription>(
       Allocate(isolate, capacity, &no_gc, allocation));
   result->set_flags(0);
@@ -120,10 +120,13 @@ bool ArrayBoilerplateDescription::is_empty() const {
 // RegExpBoilerplateDescription
 //
 
-TQ_OBJECT_CONSTRUCTORS_IMPL(RegExpBoilerplateDescription)
+OBJECT_CONSTRUCTORS_IMPL(RegExpBoilerplateDescription, Struct)
+TRUSTED_POINTER_ACCESSORS(RegExpBoilerplateDescription, data, RegExpData,
+                          kDataOffset, kRegExpDataIndirectPointerTag)
+ACCESSORS(RegExpBoilerplateDescription, source, Tagged<String>, kSourceOffset)
+SMI_ACCESSORS(RegExpBoilerplateDescription, flags, kFlagsOffset)
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/literal-objects.cc b/deps/v8/src/objects/literal-objects.cc
index 27c82eda7dc0f9..b74f5ccf88d165 100644
--- a/deps/v8/src/objects/literal-objects.cc
+++ b/deps/v8/src/objects/literal-objects.cc
@@ -123,8 +123,12 @@ Handle<NumberDictionary> DictionaryAddNoUpdateNextEnumerationIndex(
                                entry_out);
 }
 
-template <typename Dictionary>
-void DictionaryUpdateMaxNumberKey(Handle<Dictionary> dictionary,
+// TODO(42203211): The first parameter should be just DirectHandle<Dictionary>
+// but now it does not compile with implicit Handle to DirectHandle conversions.
+template <template <typename T> typename HandleType, typename Dictionary,
+          typename = std::enable_if_t<std::is_convertible_v<
+              HandleType<Dictionary>, DirectHandle<Dictionary>>>>
+void DictionaryUpdateMaxNumberKey(HandleType<Dictionary> dictionary,
                                   DirectHandle<Name> name) {
   static_assert((std::is_same<Dictionary, SwissNameDictionary>::value ||
                  std::is_same<Dictionary, NameDictionary>::value));
@@ -688,6 +692,8 @@ Handle<ClassBoilerplate> ClassBoilerplate::New(IsolateT* isolate,
           ++dynamic_argument_index;
         }
         continue;
+      case ClassLiteral::Property::AUTO_ACCESSOR:
+        UNIMPLEMENTED();
     }
 
     ObjectDescriptor<IsolateT>& desc =
@@ -750,7 +756,9 @@ void RegExpBoilerplateDescription::BriefPrintDetails(std::ostream& os) {
   static_assert(JSRegExp::kFlagsOffset ==
                 JSRegExp::kSourceOffset + kTaggedSize);
   static_assert(JSRegExp::kHeaderSize == JSRegExp::kFlagsOffset + kTaggedSize);
-  os << " " << Brief(data()) << ", " << Brief(source()) << ", " << flags();
+  Isolate* isolate = GetIsolateForSandbox(*this);
+  os << " " << Brief(data(isolate)) << ", " << Brief(source()) << ", "
+     << flags();
 }
 
 }  // namespace internal
diff --git a/deps/v8/src/objects/literal-objects.h b/deps/v8/src/objects/literal-objects.h
index 1ff3556dacc2cb..da198ac8a000c6 100644
--- a/deps/v8/src/objects/literal-objects.h
+++ b/deps/v8/src/objects/literal-objects.h
@@ -7,6 +7,7 @@
 
 #include "src/base/bit-field.h"
 #include "src/objects/fixed-array.h"
+#include "src/objects/objects-body-descriptors.h"
 #include "src/objects/struct.h"
 
 // Has to be the last include (doesn't have include guards):
@@ -108,17 +109,33 @@ class ArrayBoilerplateDescription
   TQ_OBJECT_CONSTRUCTORS(ArrayBoilerplateDescription)
 };
 
-class RegExpBoilerplateDescription
-    : public TorqueGeneratedRegExpBoilerplateDescription<
-          RegExpBoilerplateDescription, Struct> {
+class RegExpBoilerplateDescription : public Struct {
  public:
   // Dispatched behavior.
   void BriefPrintDetails(std::ostream& os);
 
-  using BodyDescriptor = StructBodyDescriptor;
+  DECL_TRUSTED_POINTER_ACCESSORS(data, RegExpData)
+  DECL_ACCESSORS(source, Tagged<String>)
+  DECL_INT_ACCESSORS(flags)
+
+  DECL_PRINTER(RegExpBoilerplateDescription)
+  DECL_VERIFIER(RegExpBoilerplateDescription)
+
+#define FIELD_LIST(V)                 \
+  V(kDataOffset, kTrustedPointerSize) \
+  V(kSourceOffset, kTaggedSize)       \
+  V(kFlagsOffset, kTaggedSize)        \
+  V(kHeaderSize, 0)                   \
+  V(kSize, 0)
+  DEFINE_FIELD_OFFSET_CONSTANTS(Struct::kHeaderSize, FIELD_LIST)
+#undef FIELD_LIST
+
+  using BodyDescriptor = StackedBodyDescriptor<
+      StructBodyDescriptor,
+      WithStrongTrustedPointer<kDataOffset, kRegExpDataIndirectPointerTag>>;
 
  private:
-  TQ_OBJECT_CONSTRUCTORS(RegExpBoilerplateDescription)
+  OBJECT_CONSTRUCTORS(RegExpBoilerplateDescription, Struct);
 };
 
 class ClassBoilerplate : public Struct {
diff --git a/deps/v8/src/objects/literal-objects.tq b/deps/v8/src/objects/literal-objects.tq
index c90abdd3b36c77..95cc34022dc9b5 100644
--- a/deps/v8/src/objects/literal-objects.tq
+++ b/deps/v8/src/objects/literal-objects.tq
@@ -15,8 +15,9 @@ extern class ArrayBoilerplateDescription extends Struct {
   constant_elements: FixedArrayBase;
 }
 
+@cppObjectDefinition
 extern class RegExpBoilerplateDescription extends Struct {
-  data: FixedArray;
+  data: TrustedPointer<RegExpData>;
   source: String;
   flags: SmiTagged<JSRegExpFlags>;
 }
diff --git a/deps/v8/src/objects/lookup.cc b/deps/v8/src/objects/lookup.cc
index 7ceee2ce7bad6b..86edccf7354aae 100644
--- a/deps/v8/src/objects/lookup.cc
+++ b/deps/v8/src/objects/lookup.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/lookup.h"
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/deoptimizer/deoptimizer.h"
 #include "src/execution/isolate-inl.h"
@@ -22,8 +24,7 @@
 #include "src/objects/property-details.h"
 #include "src/objects/struct-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 PropertyKey::PropertyKey(Isolate* isolate, Handle<Object> key, bool* success) {
   if (Object::ToIntegerIndex(*key, &index_)) {
@@ -675,7 +676,7 @@ void LookupIterator::ApplyTransitionToDataProperty(
     state_ = DATA;
     return;
   }
-  Handle<Map> transition = transition_map();
+  DirectHandle<Map> transition = transition_map();
   bool simple_transition =
       transition->GetBackPointer(isolate_) == receiver->map(isolate_);
 
@@ -789,7 +790,7 @@ void LookupIterator::TransitionToAccessorProperty(
     // interceptors.
     DCHECK_IMPLIES(!IsFound(), number_.is_not_found());
 
-    Handle<Map> new_map = Map::TransitionToAccessorProperty(
+    DirectHandle<Map> new_map = Map::TransitionToAccessorProperty(
         isolate_, old_map, name_, number_, getter, setter, attributes);
     bool simple_transition =
         new_map->GetBackPointer(isolate_) == receiver->map(isolate_);
@@ -1444,7 +1445,7 @@ bool LookupIterator::LookupCachedProperty(
   DCHECK(IsAccessorPair(*GetAccessors(), isolate_));
 
   Tagged<Object> getter = accessor_pair->getter(isolate_);
-  base::Optional<Tagged<Name>> maybe_name =
+  std::optional<Tagged<Name>> maybe_name =
       FunctionTemplateInfo::TryGetCachedPropertyName(isolate(), getter);
   if (!maybe_name.has_value()) return false;
 
@@ -1466,7 +1467,7 @@ bool LookupIterator::LookupCachedProperty(
 }
 
 // static
-base::Optional<Tagged<Object>> ConcurrentLookupIterator::TryGetOwnCowElement(
+std::optional<Tagged<Object>> ConcurrentLookupIterator::TryGetOwnCowElement(
     Isolate* isolate, Tagged<FixedArray> array_elements,
     ElementsKind elements_kind, int array_length, size_t index) {
   DisallowGarbageCollection no_gc;
@@ -1611,7 +1612,7 @@ ConcurrentLookupIterator::Result ConcurrentLookupIterator::TryGetOwnChar(
 }
 
 // static
-base::Optional<Tagged<PropertyCell>>
+std::optional<Tagged<PropertyCell>>
 ConcurrentLookupIterator::TryGetPropertyCell(
     Isolate* isolate, LocalIsolate* local_isolate,
     DirectHandle<JSGlobalObject> holder, DirectHandle<Name> name) {
@@ -1622,7 +1623,7 @@ ConcurrentLookupIterator::TryGetPropertyCell(
   if (holder_map->has_named_interceptor()) return {};
 
   Tagged<GlobalDictionary> dict = holder->global_dictionary(kAcquireLoad);
-  base::Optional<Tagged<PropertyCell>> maybe_cell =
+  std::optional<Tagged<PropertyCell>> maybe_cell =
       dict->TryFindPropertyCellForConcurrentLookupIterator(isolate, name,
                                                            kRelaxedLoad);
   if (!maybe_cell.has_value()) return {};
@@ -1632,7 +1633,7 @@ ConcurrentLookupIterator::TryGetPropertyCell(
     Tagged<Object> maybe_accessor_pair = cell->value(kAcquireLoad);
     if (!IsAccessorPair(maybe_accessor_pair)) return {};
 
-    base::Optional<Tagged<Name>> maybe_cached_property_name =
+    std::optional<Tagged<Name>> maybe_cached_property_name =
         FunctionTemplateInfo::TryGetCachedPropertyName(
             isolate, Cast<AccessorPair>(maybe_accessor_pair)
                          ->getter(isolate, kAcquireLoad));
@@ -1652,5 +1653,4 @@ ConcurrentLookupIterator::TryGetPropertyCell(
   return cell;
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/lookup.h b/deps/v8/src/objects/lookup.h
index 22c089f3ff7c1a..99c43f05c15d07 100644
--- a/deps/v8/src/objects/lookup.h
+++ b/deps/v8/src/objects/lookup.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_LOOKUP_H_
 #define V8_OBJECTS_LOOKUP_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/execution/isolate.h"
 #include "src/heap/factory.h"
@@ -17,8 +19,7 @@
 #include "src/wasm/value-type.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class PropertyKey {
  public:
@@ -388,7 +389,7 @@ class ConcurrentLookupIterator final : public AllStatic {
   // consistent among themselves (e.g. the elements kind may not match the
   // given elements backing store). We are thus extra-careful to handle
   // exceptional situations.
-  V8_EXPORT_PRIVATE static base::Optional<Tagged<Object>> TryGetOwnCowElement(
+  V8_EXPORT_PRIVATE static std::optional<Tagged<Object>> TryGetOwnCowElement(
       Isolate* isolate, Tagged<FixedArray> array_elements,
       ElementsKind elements_kind, int array_length, size_t index);
 
@@ -413,13 +414,12 @@ class ConcurrentLookupIterator final : public AllStatic {
   // LookupIterator it(holder, isolate, name, LookupIterator::OWN);
   // it.TryLookupCachedProperty();
   // if (it.state() == LookupIterator::DATA) it.GetPropertyCell();
-  V8_EXPORT_PRIVATE static base::Optional<Tagged<PropertyCell>>
+  V8_EXPORT_PRIVATE static std::optional<Tagged<PropertyCell>>
   TryGetPropertyCell(Isolate* isolate, LocalIsolate* local_isolate,
                      DirectHandle<JSGlobalObject> holder,
                      DirectHandle<Name> name);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_OBJECTS_LOOKUP_H_
diff --git a/deps/v8/src/objects/map-inl.h b/deps/v8/src/objects/map-inl.h
index 9cf91fcd6b8f40..1ef809a8a7421d 100644
--- a/deps/v8/src/objects/map-inl.h
+++ b/deps/v8/src/objects/map-inl.h
@@ -851,12 +851,8 @@ Tagged<Map> Map::GetMapFor(ReadOnlyRoots roots, InstanceType type) {
 // static
 Tagged<Map> Map::ElementsTransitionMap(Isolate* isolate,
                                        ConcurrencyMode cmode) {
-  if (auto res = TransitionsAccessor(isolate, *this, IsConcurrent(cmode))
-                     .SearchSpecial(
-                         ReadOnlyRoots(isolate).elements_transition_symbol())) {
-    return *res;
-  }
-  return Map();
+  return TransitionsAccessor(isolate, *this, IsConcurrent(cmode))
+      .SearchSpecial(ReadOnlyRoots(isolate).elements_transition_symbol());
 }
 
 ACCESSORS(Map, dependent_code, Tagged<DependentCode>, kDependentCodeOffset)
diff --git a/deps/v8/src/objects/map-updater.cc b/deps/v8/src/objects/map-updater.cc
index e2afdc506ccc32..f170db2ad2bd97 100644
--- a/deps/v8/src/objects/map-updater.cc
+++ b/deps/v8/src/objects/map-updater.cc
@@ -4,6 +4,7 @@
 
 #include "src/objects/map-updater.h"
 
+#include <optional>
 #include <queue>
 
 #include "src/base/platform/mutex.h"
@@ -18,8 +19,7 @@
 #include "src/objects/property-details.h"
 #include "src/objects/transitions.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 
@@ -223,7 +223,7 @@ Handle<Map> MapUpdater::ReconfigureToDataField(InternalIndex descriptor,
   if (ConstructNewMap() == kAtIntegrityLevelSource) {
     ConstructNewMapWithIntegrityLevelTransition();
   }
-  DCHECK_EQ(kEnd, state_);
+  CHECK_EQ(kEnd, state_);
   return result_map_;
 }
 
@@ -283,11 +283,10 @@ Handle<Map> MapUpdater::UpdateImpl() {
   if (ConstructNewMap() == kAtIntegrityLevelSource) {
     ConstructNewMapWithIntegrityLevelTransition();
   }
-  DCHECK_EQ(kEnd, state_);
+  CHECK_EQ(kEnd, state_);
   if (V8_UNLIKELY(v8_flags.fast_map_update && old_map_->is_deprecated())) {
     TransitionsAccessor::SetMigrationTarget(isolate_, old_map_, *result_map_);
   }
-  DCHECK_EQ(kEnd, state_);
   return result_map_;
 }
 
@@ -348,9 +347,9 @@ IntegrityLevelTransitionInfo DetectIntegrityLevelTransitions(
 }  // namespace
 
 // static
-base::Optional<Tagged<Map>> MapUpdater::TryUpdateNoLock(Isolate* isolate,
-                                                        Tagged<Map> old_map,
-                                                        ConcurrencyMode cmode) {
+std::optional<Tagged<Map>> MapUpdater::TryUpdateNoLock(Isolate* isolate,
+                                                       Tagged<Map> old_map,
+                                                       ConcurrencyMode cmode) {
   DisallowGarbageCollection no_gc;
 
   // Check the state of the root map.
@@ -406,21 +405,19 @@ base::Optional<Tagged<Map>> MapUpdater::TryUpdateNoLock(Isolate* isolate,
   }
 
   // Replay the transitions as they were before the integrity level transition.
-  Tagged<Map> replay = root_map->TryReplayPropertyTransitions(
+  Tagged<Map> result = root_map->TryReplayPropertyTransitions(
       isolate, info.integrity_level_source_map, cmode);
-  if (replay.is_null()) return {};
+  if (result.is_null()) return {};
 
-  std::optional<Tagged<Map>> result = replay;
   if (info.has_integrity_level_transition) {
     // Now replay the integrity level transition.
     result = TransitionsAccessor(isolate, *result, IsConcurrent(cmode))
                  .SearchSpecial(info.integrity_level_symbol);
   }
+  if (result.is_null()) return {};
 
-  if (result) {
-    DCHECK_EQ(old_map->elements_kind(), (*result)->elements_kind());
-    DCHECK_EQ(old_map->instance_type(), (*result)->instance_type());
-  }
+  CHECK_EQ(old_map->elements_kind(), (*result)->elements_kind());
+  CHECK_EQ(old_map->instance_type(), (*result)->instance_type());
   return result;
 }
 
@@ -449,7 +446,7 @@ MapUpdater::State MapUpdater::Normalize(const char* reason) {
 void MapUpdater::CompleteInobjectSlackTracking(Isolate* isolate,
                                                Tagged<Map> initial_map) {
   // Has to be an initial map.
-  DCHECK(IsUndefined(initial_map->GetBackPointer(), isolate));
+  CHECK(IsUndefined(initial_map->GetBackPointer(), isolate));
 
   const int slack = initial_map->ComputeMinObjectSlack(isolate);
   DCHECK_GE(slack, 0);
@@ -470,8 +467,9 @@ void MapUpdater::CompleteInobjectSlackTracking(Isolate* isolate,
     };
   } else {
     // Stop slack tracking for this map.
-    callback = [](Tagged<Map> map) {
+    callback = [&](Tagged<Map> map) {
       map->set_construction_counter(Map::kNoSlackTracking);
+      DCHECK(!TransitionsAccessor(isolate, map).HasSideStepTransitions());
     };
   }
 
@@ -777,9 +775,9 @@ MapUpdater::State MapUpdater::FindTargetMap() {
     }
 
     // We try to replay the integrity level transition here.
-    if (auto maybe_transition = TransitionsAccessor::SearchSpecial(
-            isolate_, target_map_, *integrity_level_symbol_)) {
-      result_map_ = *maybe_transition;
+    MaybeHandle<Map> maybe_transition = TransitionsAccessor::SearchSpecial(
+        isolate_, target_map_, *integrity_level_symbol_);
+    if (maybe_transition.ToHandle(&result_map_)) {
       state_ = kEnd;
       return state_;  // Done.
     }
@@ -1214,7 +1212,7 @@ void MapUpdater::UpdateFieldType(Isolate* isolate, DirectHandle<Map> map,
   PropertyDetails details =
       map->instance_descriptors(isolate)->GetDetails(descriptor);
   if (details.location() != PropertyLocation::kField) return;
-  DCHECK_EQ(PropertyKind::kData, details.kind());
+  CHECK_EQ(PropertyKind::kData, details.kind());
 
   if (new_constness != details.constness() && map->is_prototype_map()) {
     JSObject::InvalidatePrototypeChains(*map);
@@ -1230,23 +1228,18 @@ void MapUpdater::UpdateFieldType(Isolate* isolate, DirectHandle<Map> map,
     backlog.pop();
 
     TransitionsAccessor transitions(isolate, current);
-    transitions.ForEachTransitionWithKey(
-        &no_gc,
-        [&](Tagged<Name> key, Tagged<Map> target) {
-          if (TransitionsAccessor::IsSpecialSidestepTransition(roots, key)) {
-            if (!target->is_deprecated()) {
-              sidestep_transition.push_back(target);
-            }
-          } else {
-            backlog.push(target);
-          }
-        },
+    transitions.ForEachTransition(
+        &no_gc, [&](Tagged<Map> target) { backlog.push(target); },
         [&](Tagged<Map> target) {
           if (v8_flags.move_prototype_transitions_first) {
             backlog.push(target);
           }
         },
-        TransitionsAccessor::IterationMode::kIncludeSideStepTransitions);
+        [&](Tagged<Object> target) {
+          if (!target.IsSmi() && !Cast<Map>(target)->is_deprecated()) {
+            sidestep_transition.push_back(Cast<Map>(target));
+          }
+        });
 
     Tagged<DescriptorArray> descriptors =
         current->instance_descriptors(isolate);
@@ -1288,7 +1281,7 @@ void MapUpdater::UpdateFieldType(Isolate* isolate, DirectHandle<Map> map,
         details.representation(),
         handle(descriptors->GetFieldType(descriptor), isolate),
         cur_new_representation, new_type, isolate);
-    DCHECK(new_representation.fits_into(cur_new_representation));
+    CHECK(new_representation.fits_into(cur_new_representation));
     // Skip if we already updated the shared descriptor or the target was more
     // general in the first place.
     if (cur_new_constness != details.constness() ||
@@ -1308,7 +1301,7 @@ void MapUpdater::GeneralizeField(Isolate* isolate, DirectHandle<Map> map,
                                  PropertyConstness new_constness,
                                  Representation new_representation,
                                  Handle<FieldType> new_field_type) {
-  DCHECK(!map->is_deprecated());
+  CHECK(!map->is_deprecated());
 
   // Check if we actually need to generalize the field type at all.
   DirectHandle<DescriptorArray> old_descriptors(
@@ -1318,7 +1311,7 @@ void MapUpdater::GeneralizeField(Isolate* isolate, DirectHandle<Map> map,
   Representation old_representation = old_details.representation();
   Handle<FieldType> old_field_type(old_descriptors->GetFieldType(modify_index),
                                    isolate);
-  DCHECK_IMPLIES(IsClass(*old_field_type), old_representation.IsHeapObject());
+  CHECK_IMPLIES(IsClass(*old_field_type), old_representation.IsHeapObject());
 
   // Return if the current map is general enough to hold requested constness and
   // representation/field type.
@@ -1377,5 +1370,4 @@ void MapUpdater::GeneralizeField(Isolate* isolate, DirectHandle<Map> map,
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/map-updater.h b/deps/v8/src/objects/map-updater.h
index 834e21e0151ffb..5a2c77696249fa 100644
--- a/deps/v8/src/objects/map-updater.h
+++ b/deps/v8/src/objects/map-updater.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_MAP_UPDATER_H_
 #define V8_OBJECTS_MAP_UPDATER_H_
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/handles/handles.h"
 #include "src/objects/elements-kind.h"
@@ -12,8 +14,7 @@
 #include "src/objects/map.h"
 #include "src/objects/property-details.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // The |MapUpdater| class implements all sorts of map reconfigurations
 // including changes of elements kind, property attributes, property kind,
@@ -80,7 +81,7 @@ class V8_EXPORT_PRIVATE MapUpdater {
 
   // As above but does not mutate maps; instead, we attempt to replay existing
   // transitions to find an updated map. No lock is taken.
-  static base::Optional<Tagged<Map>> TryUpdateNoLock(
+  static std::optional<Tagged<Map>> TryUpdateNoLock(
       Isolate* isolate, Tagged<Map> old_map,
       ConcurrencyMode cmode) V8_WARN_UNUSED_RESULT;
 
@@ -255,7 +256,6 @@ class V8_EXPORT_PRIVATE MapUpdater {
   Handle<Object> new_value_;
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_OBJECTS_MAP_UPDATER_H_
diff --git a/deps/v8/src/objects/map.cc b/deps/v8/src/objects/map.cc
index bb2aad2d9087b8..447f20bb076154 100644
--- a/deps/v8/src/objects/map.cc
+++ b/deps/v8/src/objects/map.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/map.h"
 
+#include <optional>
+
 #include "src/common/assert-scope.h"
 #include "src/common/globals.h"
 #include "src/execution/frames.h"
@@ -29,8 +31,7 @@
 #include "src/utils/ostreams.h"
 #include "src/zone/zone-containers.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 Tagged<Map> Map::GetPrototypeChainRootMap(Isolate* isolate) const {
   DisallowGarbageCollection no_alloc;
@@ -48,7 +49,7 @@ Tagged<Map> Map::GetPrototypeChainRootMap(Isolate* isolate) const {
 }
 
 // static
-base::Optional<Tagged<JSFunction>> Map::GetConstructorFunction(
+std::optional<Tagged<JSFunction>> Map::GetConstructorFunction(
     Tagged<Map> map, Tagged<Context> native_context) {
   DisallowGarbageCollection no_gc;
   if (IsPrimitiveMap(map)) {
@@ -276,7 +277,6 @@ VisitorId Map::GetVisitorId(Tagged<Map> map) {
     case JS_PROMISE_PROTOTYPE_TYPE:
     case JS_REG_EXP_PROTOTYPE_TYPE:
     case JS_REG_EXP_STRING_ITERATOR_TYPE:
-    case JS_REG_EXP_TYPE:
     case JS_SET_ITERATOR_PROTOTYPE_TYPE:
     case JS_SET_KEY_VALUE_ITERATOR_TYPE:
     case JS_SET_PROTOTYPE_TYPE:
@@ -327,6 +327,8 @@ VisitorId Map::GetVisitorId(Tagged<Map> map) {
       CHECK_EQ(0, JSObject::GetEmbedderFieldCount(map));
       return kVisitJSObjectFast;
     }
+    case JS_REG_EXP_TYPE:
+      return kVisitJSRegExp;
 
     // Objects that are used as API wrapper objects and can have embedder
     // fields. Note that there's more of these kinds (e.g. JS_ARRAY_BUFFER_TYPE)
@@ -386,6 +388,12 @@ VisitorId Map::GetVisitorId(Tagged<Map> map) {
       if (instance_type == INTERPRETER_DATA_TYPE) {
         return kVisitInterpreterData;
       }
+      if (instance_type == REG_EXP_BOILERPLATE_DESCRIPTION_TYPE) {
+        return kVisitRegExpBoilerplateDescription;
+      }
+      if (instance_type == REG_EXP_DATA_WRAPPER_TYPE) {
+        return kVisitRegExpDataWrapper;
+      }
       return kVisitStruct;
 
     case LOAD_HANDLER_TYPE:
@@ -602,16 +610,14 @@ void Map::DeprecateTransitionTree(Isolate* isolate) {
   DisallowGarbageCollection no_gc;
   ReadOnlyRoots roots(isolate);
   TransitionsAccessor transitions(isolate, *this);
-  transitions.ForEachTransitionWithKey(
-      &no_gc,
-      [&](Tagged<Name> key, Tagged<Map> map) {
-        map->DeprecateTransitionTree(isolate);
-      },
+  transitions.ForEachTransition(
+      &no_gc, [&](Tagged<Map> map) { map->DeprecateTransitionTree(isolate); },
       [&](Tagged<Map> map) {
         if (v8_flags.move_prototype_transitions_first) {
           map->DeprecateTransitionTree(isolate);
         }
-      });
+      },
+      nullptr);
   DCHECK(!IsFunctionTemplateInfo(constructor_or_back_pointer()));
   DCHECK(CanBeDeprecated());
   set_is_deprecated(true);
@@ -720,7 +726,7 @@ MaybeHandle<Map> Map::TryUpdate(Isolate* isolate, Handle<Map> old_map) {
     }
   }
 
-  base::Optional<Tagged<Map>> new_map = MapUpdater::TryUpdateNoLock(
+  std::optional<Tagged<Map>> new_map = MapUpdater::TryUpdateNoLock(
       isolate, *old_map, ConcurrencyMode::kSynchronous);
   if (!new_map.has_value()) return MaybeHandle<Map>();
   if (v8_flags.fast_map_update) {
@@ -810,7 +816,7 @@ Handle<Map> Map::Update(Isolate* isolate, Handle<Map> map) {
 void Map::EnsureDescriptorSlack(Isolate* isolate, DirectHandle<Map> map,
                                 int slack) {
   // Only supports adding slack to owned descriptors.
-  DCHECK(map->owns_descriptors());
+  CHECK(map->owns_descriptors());
 
   DirectHandle<DescriptorArray> descriptors(map->instance_descriptors(isolate),
                                             isolate);
@@ -868,7 +874,7 @@ Handle<Map> Map::GetObjectCreateMap(Isolate* isolate,
     return isolate->slow_object_with_null_prototype_map();
   }
   if (IsJSObjectThatCanBeTrackedAsPrototype(*prototype)) {
-    Handle<JSObject> js_prototype = Cast<JSObject>(prototype);
+    DirectHandle<JSObject> js_prototype = Cast<JSObject>(prototype);
     if (!js_prototype->map()->is_prototype_map()) {
       JSObject::OptimizeAsPrototype(js_prototype);
     }
@@ -895,7 +901,7 @@ Handle<Map> Map::GetDerivedMap(Isolate* isolate, Handle<Map> from,
   DCHECK(IsUndefined(from->GetBackPointer()));
 
   if (IsJSObjectThatCanBeTrackedAsPrototype(*prototype)) {
-    Handle<JSObject> js_prototype = Cast<JSObject>(prototype);
+    DirectHandle<JSObject> js_prototype = Cast<JSObject>(prototype);
     if (!js_prototype->map()->is_prototype_map()) {
       JSObject::OptimizeAsPrototype(js_prototype);
     }
@@ -922,7 +928,7 @@ Handle<Map> Map::GetDerivedMap(Isolate* isolate, Handle<Map> from,
                                                        prototype);
 }
 
-static bool ContainsMap(MapHandles const& maps, Tagged<Map> map) {
+static bool ContainsMap(MapHandlesSpan maps, Tagged<Map> map) {
   DCHECK(!map.is_null());
   for (Handle<Map> current : maps) {
     if (!current.is_null() && *current == map) return true;
@@ -930,8 +936,7 @@ static bool ContainsMap(MapHandles const& maps, Tagged<Map> map) {
   return false;
 }
 
-static bool HasElementsKind(MapHandles const& maps,
-                            ElementsKind elements_kind) {
+static bool HasElementsKind(MapHandlesSpan maps, ElementsKind elements_kind) {
   for (Handle<Map> current : maps) {
     if (!current.is_null() && current->elements_kind() == elements_kind)
       return true;
@@ -940,7 +945,7 @@ static bool HasElementsKind(MapHandles const& maps,
 }
 
 Tagged<Map> Map::FindElementsKindTransitionedMap(Isolate* isolate,
-                                                 MapHandles const& candidates,
+                                                 MapHandlesSpan candidates,
                                                  ConcurrencyMode cmode) {
   DisallowGarbageCollection no_gc;
 
@@ -1109,10 +1114,10 @@ static Handle<Map> AddMissingElementsTransitions(Isolate* isolate,
 }
 
 // static
-base::Optional<Tagged<Map>> Map::TryAsElementsKind(Isolate* isolate,
-                                                   DirectHandle<Map> map,
-                                                   ElementsKind kind,
-                                                   ConcurrencyMode cmode) {
+std::optional<Tagged<Map>> Map::TryAsElementsKind(Isolate* isolate,
+                                                  DirectHandle<Map> map,
+                                                  ElementsKind kind,
+                                                  ConcurrencyMode cmode) {
   Tagged<Map> closest_map =
       FindClosestElementsTransition(isolate, *map, kind, cmode);
   if (closest_map->elements_kind() != kind) return {};
@@ -1250,7 +1255,7 @@ Handle<Map> Map::Normalize(Isolate* isolate, Handle<Map> fast_map,
   if (fast_map->is_prototype_map()) {
     use_cache = false;
   }
-  Handle<NormalizedMapCache> cache;
+  DirectHandle<NormalizedMapCache> cache;
   if (use_cache) {
     Tagged<Object> normalized_map_cache =
         meta_map->native_context()->normalized_map_cache();
@@ -1449,7 +1454,7 @@ Handle<Map> Map::CopyDropDescriptors(Isolate* isolate, Handle<Map> map) {
 }
 
 Handle<Map> Map::ShareDescriptor(Isolate* isolate, Handle<Map> map,
-                                 Handle<DescriptorArray> descriptors,
+                                 DirectHandle<DescriptorArray> descriptors,
                                  Descriptor* descriptor) {
   // Sanity check. This path is only to be taken if the map owns its descriptor
   // array, implying that its NumberOfOwnDescriptors equals the number of
@@ -1578,7 +1583,7 @@ Handle<Map> Map::AddMissingTransitions(
   DCHECK(descriptors->IsSortedNoDuplicates());
   int split_nof = split_map->NumberOfOwnDescriptors();
   int nof_descriptors = descriptors->number_of_descriptors();
-  DCHECK_LT(split_nof, nof_descriptors);
+  CHECK_LT(split_nof, nof_descriptors);
 
   // Start with creating last map which will own full descriptors array.
   // This is necessary to guarantee that GC will mark the whole descriptor
@@ -1703,9 +1708,10 @@ Handle<Map> Map::AsLanguageMode(Isolate* isolate, Handle<Map> initial_map,
   DCHECK_EQ(LanguageMode::kStrict, shared_info->language_mode());
   Handle<Symbol> transition_symbol =
       isolate->factory()->strict_function_transition_symbol();
-  if (auto maybe_transition = TransitionsAccessor::SearchSpecial(
-          isolate, initial_map, *transition_symbol)) {
-    return *maybe_transition;
+  MaybeHandle<Map> maybe_transition = TransitionsAccessor::SearchSpecial(
+      isolate, initial_map, *transition_symbol);
+  if (!maybe_transition.is_null()) {
+    return maybe_transition.ToHandleChecked();
   }
   initial_map->NotifyLeafMapLayoutChange(isolate);
 
@@ -2137,8 +2143,8 @@ Handle<Map> Map::TransitionToAccessorProperty(Isolate* isolate, Handle<Map> map,
 Handle<Map> Map::CopyAddDescriptor(Isolate* isolate, Handle<Map> map,
                                    Descriptor* descriptor,
                                    TransitionFlag flag) {
-  Handle<DescriptorArray> descriptors(map->instance_descriptors(isolate),
-                                      isolate);
+  DirectHandle<DescriptorArray> descriptors(map->instance_descriptors(isolate),
+                                            isolate);
 
   // Share descriptors only if map owns descriptors and is not an initial map.
   if (flag == INSERT_TRANSITION && map->owns_descriptors() &&
@@ -2160,8 +2166,8 @@ Handle<Map> Map::CopyAddDescriptor(Isolate* isolate, Handle<Map> map,
 Handle<Map> Map::CopyInsertDescriptor(Isolate* isolate, Handle<Map> map,
                                       Descriptor* descriptor,
                                       TransitionFlag flag) {
-  Handle<DescriptorArray> old_descriptors(map->instance_descriptors(isolate),
-                                          isolate);
+  DirectHandle<DescriptorArray> old_descriptors(
+      map->instance_descriptors(isolate), isolate);
 
   // We replace the key if it is already present.
   InternalIndex index =
@@ -2420,7 +2426,7 @@ void Map::SetPrototype(Isolate* isolate, DirectHandle<Map> map,
   RCS_SCOPE(isolate, RuntimeCallCounterId::kMap_SetPrototype);
 
   if (IsJSObjectThatCanBeTrackedAsPrototype(*prototype)) {
-    Handle<JSObject> prototype_jsobj = Cast<JSObject>(prototype);
+    DirectHandle<JSObject> prototype_jsobj = Cast<JSObject>(prototype);
     JSObject::OptimizeAsPrototype(prototype_jsobj, enable_prototype_setup_mode);
   } else {
     DCHECK(IsNull(*prototype, isolate) || IsJSProxy(*prototype) ||
@@ -2492,6 +2498,7 @@ MaybeHandle<Map> NormalizedMapCache::Get(DirectHandle<Map> fast_map,
   }
 
   Tagged<Map> normalized_map = Cast<Map>(heap_object);
+  CHECK(normalized_map->is_dictionary_map());
   if (!normalized_map->EquivalentToForNormalization(*fast_map, elements_kind,
                                                     prototype, mode)) {
     return MaybeHandle<Map>();
@@ -2507,5 +2514,4 @@ void NormalizedMapCache::Set(DirectHandle<Map> fast_map,
                       MakeWeak(*normalized_map));
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/map.h b/deps/v8/src/objects/map.h
index bfb1091086a6d8..e87e51c958252b 100644
--- a/deps/v8/src/objects/map.h
+++ b/deps/v8/src/objects/map.h
@@ -5,6 +5,9 @@
 #ifndef V8_OBJECTS_MAP_H_
 #define V8_OBJECTS_MAP_H_
 
+#include <optional>
+
+#include "include/v8-memory-span.h"
 #include "src/base/bit-field.h"
 #include "src/common/globals.h"
 #include "src/objects/code.h"
@@ -21,8 +24,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class WasmTypeInfo;
 
@@ -67,6 +69,7 @@ enum InstanceType : uint16_t;
   V(JSFunction)                      \
   V(JSObject)                        \
   V(JSObjectFast)                    \
+  V(JSRegExp)                        \
   V(JSSynchronizationPrimitive)      \
   V(JSTypedArray)                    \
   V(JSWeakCollection)                \
@@ -78,6 +81,8 @@ enum InstanceType : uint16_t;
   V(PropertyArray)                   \
   V(PropertyCell)                    \
   V(PrototypeInfo)                   \
+  V(RegExpBoilerplateDescription)    \
+  V(RegExpDataWrapper)               \
   V(SharedFunctionInfo)              \
   V(ShortcutCandidate)               \
   V(SlicedString)                    \
@@ -137,6 +142,7 @@ enum class ObjectFields {
 };
 
 using MapHandles = std::vector<Handle<Map>>;
+using MapHandlesSpan = v8::MemorySpan<Handle<Map>>;
 
 #include "torque-generated/src/objects/map-tq.inc"
 
@@ -247,7 +253,7 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   static const int kNoConstructorFunctionIndex = 0;
   inline int GetConstructorFunctionIndex() const;
   inline void SetConstructorFunctionIndex(int value);
-  static base::Optional<Tagged<JSFunction>> GetConstructorFunction(
+  static std::optional<Tagged<JSFunction>> GetConstructorFunction(
       Tagged<Map> map, Tagged<Context> native_context);
 
   // Retrieve interceptors.
@@ -764,10 +770,10 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   static Handle<Map> TransitionElementsTo(Isolate* isolate, Handle<Map> map,
                                           ElementsKind to_kind);
 
-  static base::Optional<Tagged<Map>> TryAsElementsKind(Isolate* isolate,
-                                                       DirectHandle<Map> map,
-                                                       ElementsKind kind,
-                                                       ConcurrencyMode cmode);
+  static std::optional<Tagged<Map>> TryAsElementsKind(Isolate* isolate,
+                                                      DirectHandle<Map> map,
+                                                      ElementsKind kind,
+                                                      ConcurrencyMode cmode);
   V8_EXPORT_PRIVATE static Handle<Map> AsElementsKind(Isolate* isolate,
                                                       DirectHandle<Map> map,
                                                       ElementsKind kind);
@@ -849,11 +855,11 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   // elements_kind that's found in |candidates|, or |nullptr| if no match is
   // found at all.
   V8_EXPORT_PRIVATE Tagged<Map> FindElementsKindTransitionedMap(
-      Isolate* isolate, MapHandles const& candidates, ConcurrencyMode cmode);
+      Isolate* isolate, MapHandlesSpan candidates, ConcurrencyMode cmode);
 
   inline bool CanTransition() const;
 
-  static constexpr base::Optional<RootIndex> TryGetMapRootIdxFor(
+  static constexpr std::optional<RootIndex> TryGetMapRootIdxFor(
       InstanceType type) {
     switch (type) {
 #define MAKE_CASE(TYPE, Name, name) \
@@ -981,7 +987,7 @@ class Map : public TorqueGeneratedMap<Map, HeapObject> {
   static Handle<Map> RawCopy(Isolate* isolate, Handle<Map> map,
                              int instance_size, int inobject_properties);
   static Handle<Map> ShareDescriptor(Isolate* isolate, Handle<Map> map,
-                                     Handle<DescriptorArray> descriptors,
+                                     DirectHandle<DescriptorArray> descriptors,
                                      Descriptor* descriptor);
   V8_EXPORT_PRIVATE static Handle<Map> AddMissingTransitions(
       Isolate* isolate, Handle<Map> map,
@@ -1075,8 +1081,7 @@ inline bool IsPrimitiveMap(Tagged<Map> map);
 inline bool IsSpecialReceiverMap(Tagged<Map> map);
 inline bool IsCustomElementsReceiverMap(Tagged<Map> map);
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/object-list-macros.h b/deps/v8/src/objects/object-list-macros.h
index 5f7d38ad0b7498..874049c5db325d 100644
--- a/deps/v8/src/objects/object-list-macros.h
+++ b/deps/v8/src/objects/object-list-macros.h
@@ -282,11 +282,6 @@ namespace internal {
   V(TurboshaftWord64RangeType)                  \
   V(TurboshaftWord64SetType)                    \
   V(TurboshaftWord64Type)                       \
-  V(UncompiledData)                             \
-  V(UncompiledDataWithPreparseData)             \
-  V(UncompiledDataWithoutPreparseData)          \
-  V(UncompiledDataWithPreparseDataAndJob)       \
-  V(UncompiledDataWithoutPreparseDataWithJob)   \
   V(Undetectable)                               \
   V(UniqueName)                                 \
   IF_WASM(V, WasmArray)                         \
@@ -344,29 +339,40 @@ namespace internal {
 #define ABSTRACT_TRUSTED_OBJECT_LIST_GENERATOR(APPLY, V) \
   APPLY(V, TrustedObject, TRUSTED_OBJECT)                \
   APPLY(V, ExposedTrustedObject, EXPOSED_TRUSTED_OBJECT) \
+  APPLY(V, UncompiledData, UNCOMPILED_DATA)              \
   IF_WASM(APPLY, V, WasmFunctionData, WASM_FUNCTION_DATA)
 
 // Concrete trusted objects. These must:
 // - (Transitively) inherit from TrustedObject
 // - Have a unique instance type
 // - Define a custom body descriptor
-#define CONCRETE_TRUSTED_OBJECT_LIST_GENERATOR(APPLY, V)                   \
-  APPLY(V, BytecodeArray, BYTECODE_ARRAY)                                  \
-  APPLY(V, Code, CODE)                                                     \
-  APPLY(V, InstructionStream, INSTRUCTION_STREAM)                          \
-  APPLY(V, InterpreterData, INTERPRETER_DATA)                              \
-  APPLY(V, SharedFunctionInfoWrapper, SHARED_FUNCTION_INFO_WRAPPER)        \
-  APPLY(V, ProtectedFixedArray, PROTECTED_FIXED_ARRAY)                     \
-  APPLY(V, TrustedByteArray, TRUSTED_BYTE_ARRAY)                           \
-  APPLY(V, TrustedFixedArray, TRUSTED_FIXED_ARRAY)                         \
-  APPLY(V, TrustedForeign, TRUSTED_FOREIGN)                                \
-  APPLY(V, TrustedWeakFixedArray, TRUSTED_WEAK_FIXED_ARRAY)                \
-  IF_WASM(APPLY, V, WasmApiFunctionRef, WASM_API_FUNCTION_REF)             \
-  IF_WASM(APPLY, V, WasmCapiFunctionData, WASM_CAPI_FUNCTION_DATA)         \
-  IF_WASM(APPLY, V, WasmDispatchTable, WASM_DISPATCH_TABLE)                \
-  IF_WASM(APPLY, V, WasmExportedFunctionData, WASM_EXPORTED_FUNCTION_DATA) \
-  IF_WASM(APPLY, V, WasmJSFunctionData, WASM_JS_FUNCTION_DATA)             \
-  IF_WASM(APPLY, V, WasmInternalFunction, WASM_INTERNAL_FUNCTION)          \
+#define CONCRETE_TRUSTED_OBJECT_LIST_GENERATOR(APPLY, V)                       \
+  APPLY(V, BytecodeArray, BYTECODE_ARRAY)                                      \
+  APPLY(V, Code, CODE)                                                         \
+  APPLY(V, InstructionStream, INSTRUCTION_STREAM)                              \
+  APPLY(V, InterpreterData, INTERPRETER_DATA)                                  \
+  APPLY(V, UncompiledDataWithPreparseData, UNCOMPILED_DATA_WITH_PREPARSE_DATA) \
+  APPLY(V, UncompiledDataWithoutPreparseData,                                  \
+        UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA)                                 \
+  APPLY(V, UncompiledDataWithPreparseDataAndJob,                               \
+        UNCOMPILED_DATA_WITH_PREPARSE_DATA_AND_JOB)                            \
+  APPLY(V, UncompiledDataWithoutPreparseDataWithJob,                           \
+        UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_WITH_JOB)                        \
+  APPLY(V, SharedFunctionInfoWrapper, SHARED_FUNCTION_INFO_WRAPPER)            \
+  APPLY(V, ProtectedFixedArray, PROTECTED_FIXED_ARRAY)                         \
+  APPLY(V, TrustedByteArray, TRUSTED_BYTE_ARRAY)                               \
+  APPLY(V, TrustedFixedArray, TRUSTED_FIXED_ARRAY)                             \
+  APPLY(V, TrustedForeign, TRUSTED_FOREIGN)                                    \
+  APPLY(V, TrustedWeakFixedArray, TRUSTED_WEAK_FIXED_ARRAY)                    \
+  APPLY(V, AtomRegExpData, ATOM_REG_EXP_DATA)                                  \
+  APPLY(V, IrRegExpData, IR_REG_EXP_DATA)                                      \
+  APPLY(V, RegExpData, REG_EXP_DATA)                                           \
+  IF_WASM(APPLY, V, WasmImportData, WASM_IMPORT_DATA)                          \
+  IF_WASM(APPLY, V, WasmCapiFunctionData, WASM_CAPI_FUNCTION_DATA)             \
+  IF_WASM(APPLY, V, WasmDispatchTable, WASM_DISPATCH_TABLE)                    \
+  IF_WASM(APPLY, V, WasmExportedFunctionData, WASM_EXPORTED_FUNCTION_DATA)     \
+  IF_WASM(APPLY, V, WasmJSFunctionData, WASM_JS_FUNCTION_DATA)                 \
+  IF_WASM(APPLY, V, WasmInternalFunction, WASM_INTERNAL_FUNCTION)              \
   IF_WASM(APPLY, V, WasmTrustedInstanceData, WASM_TRUSTED_INSTANCE_DATA)
 
 #define TRUSTED_OBJECT_LIST1_ADAPTER(V, Name, NAME) V(Name)
diff --git a/deps/v8/src/objects/object-macros.h b/deps/v8/src/objects/object-macros.h
index cdaa467ff635d1..960c18b8658a42 100644
--- a/deps/v8/src/objects/object-macros.h
+++ b/deps/v8/src/objects/object-macros.h
@@ -578,7 +578,7 @@
                                               mode);                           \
   }                                                                            \
   bool holder::has_##name() const {                                            \
-    return !IsTrustedPointerFieldCleared(offset);                              \
+    return !IsTrustedPointerFieldEmpty(offset);                                \
   }                                                                            \
   void holder::clear_##name() { ClearTrustedPointerField(offset); }
 
@@ -608,7 +608,7 @@
     CONDITIONAL_PROTECTED_POINTER_WRITE_BARRIER(*this, offset, value, mode); \
   }                                                                          \
   bool holder::has_##name() const {                                          \
-    return !IsProtectedPointerFieldCleared(offset);                          \
+    return !IsProtectedPointerFieldEmpty(offset);                            \
   }                                                                          \
   void holder::clear_##name() { return ClearProtectedPointerField(offset); }
 
@@ -632,7 +632,7 @@
     CONDITIONAL_PROTECTED_POINTER_WRITE_BARRIER(*this, offset, value, mode); \
   }                                                                          \
   bool holder::has_##name(AcquireLoadTag tag) const {                        \
-    return !IsProtectedPointerFieldCleared(offset, tag);                     \
+    return !IsProtectedPointerFieldEmpty(offset, tag);                       \
   }                                                                          \
   void holder::clear_##name(ReleaseStoreTag tag) {                           \
     return ClearProtectedPointerField(offset, tag);                          \
@@ -696,24 +696,24 @@
 #define WRITE_BARRIER(object, offset, value)
 #define WRITE_BARRIER_CPP(object, offset, value)
 #else
-#define WRITE_BARRIER(object, offset, value)                        \
-  do {                                                              \
-    DCHECK_NOT_NULL(GetHeapFromWritableObject(object));             \
-    static_assert(kTaggedCanConvertToRawObjects);                   \
-    CombinedWriteBarrier(object, (object)->RawField(offset), value, \
-                         UPDATE_WRITE_BARRIER);                     \
+#define WRITE_BARRIER(object, offset, value)                              \
+  do {                                                                    \
+    DCHECK_NOT_NULL(GetHeapFromWritableObject(object));                   \
+    static_assert(kTaggedCanConvertToRawObjects);                         \
+    CombinedWriteBarrier(object, Tagged(object)->RawField(offset), value, \
+                         UPDATE_WRITE_BARRIER);                           \
   } while (false)
 #endif
 
 #ifdef V8_DISABLE_WRITE_BARRIERS
 #define WEAK_WRITE_BARRIER(object, offset, value)
 #else
-#define WEAK_WRITE_BARRIER(object, offset, value)                            \
-  do {                                                                       \
-    DCHECK_NOT_NULL(GetHeapFromWritableObject(object));                      \
-    static_assert(kTaggedCanConvertToRawObjects);                            \
-    CombinedWriteBarrier(object, (object)->RawMaybeWeakField(offset), value, \
-                         UPDATE_WRITE_BARRIER);                              \
+#define WEAK_WRITE_BARRIER(object, offset, value)                           \
+  do {                                                                      \
+    DCHECK_NOT_NULL(GetHeapFromWritableObject(object));                     \
+    static_assert(kTaggedCanConvertToRawObjects);                           \
+    CombinedWriteBarrier(object, Tagged(object)->RawMaybeWeakField(offset), \
+                         value, UPDATE_WRITE_BARRIER);                      \
   } while (false)
 #endif
 
@@ -744,6 +744,16 @@
   } while (false)
 #endif
 
+#ifdef V8_DISABLE_WRITE_BARRIERS
+#define JS_DISPATCH_HANDLE_WRITE_BARRIER(object, handle)
+#else
+#define JS_DISPATCH_HANDLE_WRITE_BARRIER(object, handle)                \
+  do {                                                                  \
+    DCHECK_NOT_NULL(GetHeapFromWritableObject(object));                 \
+    JSDispatchHandleWriteBarrier(object, handle, UPDATE_WRITE_BARRIER); \
+  } while (false)
+#endif
+
 #ifdef V8_DISABLE_WRITE_BARRIERS
 #define CONDITIONAL_WRITE_BARRIER(object, offset, value, mode)
 #elif V8_ENABLE_UNCONDITIONAL_WRITE_BARRIERS
diff --git a/deps/v8/src/objects/objects-body-descriptors-inl.h b/deps/v8/src/objects/objects-body-descriptors-inl.h
index 11f086b3ac3a5b..a73e3d44fd83f1 100644
--- a/deps/v8/src/objects/objects-body-descriptors-inl.h
+++ b/deps/v8/src/objects/objects-body-descriptors-inl.h
@@ -280,6 +280,15 @@ void BodyDescriptorBase::IterateProtectedPointer(Tagged<HeapObject> obj,
   v->VisitProtectedPointer(host, host->RawProtectedPointerField(offset));
 }
 
+#ifdef V8_ENABLE_LEAPTIERING
+template <typename ObjectVisitor>
+void BodyDescriptorBase::IterateJSDispatchEntry(Tagged<HeapObject> obj,
+                                                int offset, ObjectVisitor* v) {
+  JSDispatchHandle handle = obj->Relaxed_ReadField<JSDispatchHandle>(offset);
+  v->VisitJSDispatchTableEntry(obj, handle);
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 class HeapNumber::BodyDescriptor final : public DataOnlyBodyDescriptor {
  public:
   static constexpr int SizeOf(Tagged<Map> map, Tagged<HeapObject> object) {
@@ -348,6 +357,94 @@ class JSDate::BodyDescriptor final : public BodyDescriptorBase {
   }
 };
 
+class JSRegExp::BodyDescriptor final : public BodyDescriptorBase {
+ public:
+  static const int kStartOffset = JSReceiver::kPropertiesOrHashOffset;
+
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IteratePointers(obj, kPropertiesOrHashOffset, JSObject::kHeaderSize, v);
+    IterateTrustedPointer(obj, kDataOffset, v, IndirectPointerMode::kStrong,
+                          kRegExpDataIndirectPointerTag);
+    IteratePointer(obj, kSourceOffset, v);
+    IterateJSObjectBodyImpl(map, obj, kHeaderSize, object_size, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> object) {
+    return map->instance_size();
+  }
+};
+
+class RegExpData::BodyDescriptor final : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kRegExpDataIndirectPointerTag, v);
+    IteratePointer(obj, kSourceOffset, v);
+    IteratePointer(obj, kWrapperOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> obj) {
+    return kSize;
+  }
+};
+
+class AtomRegExpData::BodyDescriptor final : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kRegExpDataIndirectPointerTag, v);
+
+    IteratePointer(obj, kSourceOffset, v);
+    IteratePointer(obj, kWrapperOffset, v);
+
+    IteratePointer(obj, kPatternOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> obj) {
+    return kSize;
+  }
+};
+
+class IrRegExpData::BodyDescriptor final : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kRegExpDataIndirectPointerTag, v);
+
+    IteratePointer(obj, kSourceOffset, v);
+    IteratePointer(obj, kWrapperOffset, v);
+
+    IterateCodePointer(obj, kLatin1CodeOffset, v, IndirectPointerMode::kStrong);
+    IterateCodePointer(obj, kUc16CodeOffset, v, IndirectPointerMode::kStrong);
+    IterateProtectedPointer(obj, kLatin1BytecodeOffset, v);
+    IterateProtectedPointer(obj, kUc16BytecodeOffset, v);
+    IteratePointer(obj, kCaptureNameMapOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> obj) {
+    return kSize;
+  }
+};
+
+class RegExpDataWrapper::BodyDescriptor final : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateTrustedPointer(obj, kDataOffset, v, IndirectPointerMode::kStrong,
+                          kRegExpDataIndirectPointerTag);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> obj) {
+    return kSize;
+  }
+};
+
 class WeakCell::BodyDescriptor final : public BodyDescriptorBase {
  public:
   template <typename ObjectVisitor>
@@ -437,10 +534,6 @@ class JSFunction::BodyDescriptor final : public BodyDescriptorBase {
     DCHECK_GE(object_size, header_size);
     IteratePointers(obj, kStartOffset, kCodeOffset, v);
 
-    // Iterate the code object pointer.
-    // When the sandbox is enabled, Code objects are referenced via indirect
-    // pointers through the code pointer table. Otherwise, the slot contains a
-    // regular tagged pointer.
     // The code field is treated as a custom weak pointer. This field
     // is visited as a weak pointer if the Code is baseline code
     // and the bytecode array corresponding to this function is old. In the rest
@@ -448,6 +541,11 @@ class JSFunction::BodyDescriptor final : public BodyDescriptorBase {
     // See MarkingVisitorBase::VisitJSFunction.
     IterateCodePointer(obj, kCodeOffset, v, IndirectPointerMode::kCustom);
     DCHECK_GE(header_size, kCodeOffset);
+
+#ifdef V8_ENABLE_LEAPTIERING
+    IterateJSDispatchEntry(obj, kDispatchHandleOffset, v);
+#endif
+
     // Iterate rest of the header fields
     IteratePointers(obj, kCodeOffset + kTaggedSize, header_size, v);
     // Iterate rest of the fields starting after the header.
@@ -708,8 +806,7 @@ class FixedDoubleArray::BodyDescriptor final : public DataOnlyBodyDescriptor {
 class FeedbackMetadata::BodyDescriptor final : public DataOnlyBodyDescriptor {
  public:
   static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> obj) {
-    return FeedbackMetadata::SizeFor(
-        UncheckedCast<FeedbackMetadata>(obj)->slot_count(kAcquireLoad));
+    return UncheckedCast<FeedbackMetadata>(obj)->AllocatedSize();
   }
 };
 
@@ -745,18 +842,76 @@ class InterpreterData::BodyDescriptor final : public BodyDescriptorBase {
   }
 };
 
+class UncompiledDataWithoutPreparseData::BodyDescriptor final
+    : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kUncompiledDataIndirectPointerTag, v);
+    IteratePointer(obj, kInferredNameOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> raw_object) {
+    return kSize;
+  }
+};
+
+class UncompiledDataWithPreparseData::BodyDescriptor final
+    : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kUncompiledDataIndirectPointerTag, v);
+    IteratePointer(obj, kInferredNameOffset, v);
+    IteratePointer(obj, kPreparseDataOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> raw_object) {
+    return kSize;
+  }
+};
+
+class UncompiledDataWithoutPreparseDataWithJob::BodyDescriptor final
+    : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kUncompiledDataIndirectPointerTag, v);
+    IteratePointer(obj, kInferredNameOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> raw_object) {
+    return kSize;
+  }
+};
+
+class UncompiledDataWithPreparseDataAndJob::BodyDescriptor final
+    : public BodyDescriptorBase {
+ public:
+  template <typename ObjectVisitor>
+  static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
+                                 int object_size, ObjectVisitor* v) {
+    IterateSelfIndirectPointer(obj, kUncompiledDataIndirectPointerTag, v);
+    IteratePointer(obj, kInferredNameOffset, v);
+    IteratePointer(obj, kPreparseDataOffset, v);
+  }
+
+  static inline int SizeOf(Tagged<Map> map, Tagged<HeapObject> raw_object) {
+    return kSize;
+  }
+};
+
 class SharedFunctionInfo::BodyDescriptor final : public BodyDescriptorBase {
  public:
   template <typename ObjectVisitor>
   static inline void IterateBody(Tagged<Map> map, Tagged<HeapObject> obj,
                                  int object_size, ObjectVisitor* v) {
-#ifdef V8_ENABLE_SANDBOX
     IterateTrustedPointer(obj, kTrustedFunctionDataOffset, v,
                           IndirectPointerMode::kCustom,
                           kUnknownIndirectPointerTag);
-#endif
-    IterateCustomWeakPointers(obj, kStartOfWeakFieldsOffset,
-                              kEndOfWeakFieldsOffset, v);
     IteratePointers(obj, kStartOfStrongFieldsOffset, kEndOfStrongFieldsOffset,
                     v);
   }
@@ -992,7 +1147,7 @@ class WasmDispatchTable::BodyDescriptor final : public BodyDescriptorBase {
                                  int object_size, ObjectVisitor* v) {
     int length = Cast<WasmDispatchTable>(obj)->length(kAcquireLoad);
     for (int i = 0; i < length; ++i) {
-      IterateProtectedPointer(obj, OffsetOf(i) + kRefBias, v);
+      IterateProtectedPointer(obj, OffsetOf(i) + kImplicitArgBias, v);
     }
   }
 
@@ -1378,7 +1533,6 @@ auto BodyDescriptorApply(InstanceType type, Args&&... args) {
     case JS_PROMISE_TYPE:
     case JS_REG_EXP_PROTOTYPE_TYPE:
     case JS_REG_EXP_STRING_ITERATOR_TYPE:
-    case JS_REG_EXP_TYPE:
     case JS_SET_ITERATOR_PROTOTYPE_TYPE:
     case JS_SET_KEY_VALUE_ITERATOR_TYPE:
     case JS_SET_PROTOTYPE_TYPE:
@@ -1511,6 +1665,8 @@ auto BodyDescriptorApply(InstanceType type, Args&&... args) {
       return CALL_APPLY(Oddball);
     case HOLE_TYPE:
       return CALL_APPLY(Hole);
+    case JS_REG_EXP_TYPE:
+      return CALL_APPLY(JSRegExp);
 
 #define MAKE_STRUCT_CASE(TYPE, Name, name) \
   case TYPE:                               \
@@ -1754,8 +1910,7 @@ class FeedbackCell::BodyDescriptor final : public BodyDescriptorBase {
     IteratePointer(obj, kValueOffset, v);
 
 #ifdef V8_ENABLE_LEAPTIERING
-    v->VisitJSDispatchTableEntry(
-        obj, obj->ReadField<JSDispatchHandle>(kDispatchHandleOffset));
+    IterateJSDispatchEntry(obj, kDispatchHandleOffset, v);
 #endif
   }
 
diff --git a/deps/v8/src/objects/objects-body-descriptors.h b/deps/v8/src/objects/objects-body-descriptors.h
index 9177366fb0f4f8..c33511bfaa9eb2 100644
--- a/deps/v8/src/objects/objects-body-descriptors.h
+++ b/deps/v8/src/objects/objects-body-descriptors.h
@@ -70,6 +70,11 @@ class BodyDescriptorBase {
   template <typename ObjectVisitor>
   static inline void IterateProtectedPointer(Tagged<HeapObject> obj, int offset,
                                              ObjectVisitor* v);
+#ifdef V8_ENABLE_LEAPTIERING
+  template <typename ObjectVisitor>
+  static inline void IterateJSDispatchEntry(Tagged<HeapObject> obj, int offset,
+                                            ObjectVisitor* v);
+#endif  // V8_ENABLE_LEAPTIERING
 
  protected:
   // Returns true for all header and embedder fields.
diff --git a/deps/v8/src/objects/objects-definitions.h b/deps/v8/src/objects/objects-definitions.h
index ab166d0ddd2b93..4d4c6122b6fa77 100644
--- a/deps/v8/src/objects/objects-definitions.h
+++ b/deps/v8/src/objects/objects-definitions.h
@@ -65,42 +65,27 @@ namespace internal {
 // them. The order matters for read only heap layout. The maps are placed such
 // that string types map to address ranges of maps.
 #define STRING_TYPE_LIST(V)                                                    \
+  /* Start sequential strings*/                                                \
   V(SEQ_TWO_BYTE_STRING_TYPE, kVariableSizeSentinel, seq_two_byte_string,      \
     SeqTwoByteString)                                                          \
   V(SEQ_ONE_BYTE_STRING_TYPE, kVariableSizeSentinel, seq_one_byte_string,      \
     SeqOneByteString)                                                          \
-  V(CONS_TWO_BYTE_STRING_TYPE, sizeof(ConsString), cons_two_byte_string,       \
-    ConsTwoByteString)                                                         \
-  V(CONS_ONE_BYTE_STRING_TYPE, sizeof(ConsString), cons_one_byte_string,       \
-    ConsOneByteString)                                                         \
-  V(SLICED_TWO_BYTE_STRING_TYPE, sizeof(SlicedString), sliced_two_byte_string, \
-    SlicedTwoByteString)                                                       \
-  V(SLICED_ONE_BYTE_STRING_TYPE, sizeof(SlicedString), sliced_one_byte_string, \
-    SlicedOneByteString)                                                       \
-  V(EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(ExternalTwoByteString),              \
-    external_two_byte_string, ExternalTwoByteString)                           \
-  V(EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(ExternalOneByteString),              \
-    external_one_byte_string, ExternalOneByteString)                           \
-  V(UNCACHED_EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(UncachedExternalString),    \
-    uncached_external_two_byte_string, UncachedExternalTwoByteString)          \
-  V(UNCACHED_EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(UncachedExternalString),    \
-    uncached_external_one_byte_string, UncachedExternalOneByteString)          \
-                                                                               \
-  V(SHARED_EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(ExternalTwoByteString),       \
-    shared_external_two_byte_string, SharedExternalTwoByteString)              \
-  V(SHARED_EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(ExternalOneByteString),       \
-    shared_external_one_byte_string, SharedExternalOneByteString)              \
-  V(SHARED_UNCACHED_EXTERNAL_TWO_BYTE_STRING_TYPE,                             \
-    sizeof(UncachedExternalString), shared_uncached_external_two_byte_string,  \
-    SharedUncachedExternalTwoByteString)                                       \
-  V(SHARED_UNCACHED_EXTERNAL_ONE_BYTE_STRING_TYPE,                             \
-    sizeof(UncachedExternalString), shared_uncached_external_one_byte_string,  \
-    SharedUncachedExternalOneByteString)                                       \
-                                                                               \
+  V(SHARED_SEQ_TWO_BYTE_STRING_TYPE, kVariableSizeSentinel,                    \
+    shared_seq_two_byte_string, SharedSeqTwoByteString)                        \
+  V(SHARED_SEQ_ONE_BYTE_STRING_TYPE, kVariableSizeSentinel,                    \
+    shared_seq_one_byte_string, SharedSeqOneByteString)                        \
+  /* Start internalized strings*/                                              \
+  V(INTERNALIZED_TWO_BYTE_STRING_TYPE, kVariableSizeSentinel,                  \
+    internalized_two_byte_string, InternalizedTwoByteString)                   \
+  V(INTERNALIZED_ONE_BYTE_STRING_TYPE, kVariableSizeSentinel,                  \
+    internalized_one_byte_string, InternalizedOneByteString)                   \
+  /* End sequential strings*/                                                  \
+  /* Start external strings*/                                                  \
   V(EXTERNAL_INTERNALIZED_TWO_BYTE_STRING_TYPE, sizeof(ExternalTwoByteString), \
     external_internalized_two_byte_string, ExternalInternalizedTwoByteString)  \
   V(EXTERNAL_INTERNALIZED_ONE_BYTE_STRING_TYPE, sizeof(ExternalOneByteString), \
     external_internalized_one_byte_string, ExternalInternalizedOneByteString)  \
+  /* Start uncached external strings*/                                         \
   V(UNCACHED_EXTERNAL_INTERNALIZED_TWO_BYTE_STRING_TYPE,                       \
     sizeof(UncachedExternalString),                                            \
     uncached_external_internalized_two_byte_string,                            \
@@ -109,20 +94,40 @@ namespace internal {
     sizeof(UncachedExternalString),                                            \
     uncached_external_internalized_one_byte_string,                            \
     UncachedExternalInternalizedOneByteString)                                 \
+  /* End internalized strings*/                                                \
+  V(UNCACHED_EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(UncachedExternalString),    \
+    uncached_external_two_byte_string, UncachedExternalTwoByteString)          \
+  V(UNCACHED_EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(UncachedExternalString),    \
+    uncached_external_one_byte_string, UncachedExternalOneByteString)          \
+  V(SHARED_UNCACHED_EXTERNAL_TWO_BYTE_STRING_TYPE,                             \
+    sizeof(UncachedExternalString), shared_uncached_external_two_byte_string,  \
+    SharedUncachedExternalTwoByteString)                                       \
+  V(SHARED_UNCACHED_EXTERNAL_ONE_BYTE_STRING_TYPE,                             \
+    sizeof(UncachedExternalString), shared_uncached_external_one_byte_string,  \
+    SharedUncachedExternalOneByteString)                                       \
+  /* End uncached external strings*/                                           \
+  V(EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(ExternalTwoByteString),              \
+    external_two_byte_string, ExternalTwoByteString)                           \
+  V(EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(ExternalOneByteString),              \
+    external_one_byte_string, ExternalOneByteString)                           \
+  V(SHARED_EXTERNAL_TWO_BYTE_STRING_TYPE, sizeof(ExternalTwoByteString),       \
+    shared_external_two_byte_string, SharedExternalTwoByteString)              \
+  V(SHARED_EXTERNAL_ONE_BYTE_STRING_TYPE, sizeof(ExternalOneByteString),       \
+    shared_external_one_byte_string, SharedExternalOneByteString)              \
+  /* End external strings*/                                                    \
                                                                                \
-  V(INTERNALIZED_TWO_BYTE_STRING_TYPE, kVariableSizeSentinel,                  \
-    internalized_two_byte_string, InternalizedTwoByteString)                   \
-  V(INTERNALIZED_ONE_BYTE_STRING_TYPE, kVariableSizeSentinel,                  \
-    internalized_one_byte_string, InternalizedOneByteString)                   \
-                                                                               \
+  V(CONS_TWO_BYTE_STRING_TYPE, sizeof(ConsString), cons_two_byte_string,       \
+    ConsTwoByteString)                                                         \
+  V(CONS_ONE_BYTE_STRING_TYPE, sizeof(ConsString), cons_one_byte_string,       \
+    ConsOneByteString)                                                         \
+  V(SLICED_TWO_BYTE_STRING_TYPE, sizeof(SlicedString), sliced_two_byte_string, \
+    SlicedTwoByteString)                                                       \
+  V(SLICED_ONE_BYTE_STRING_TYPE, sizeof(SlicedString), sliced_one_byte_string, \
+    SlicedOneByteString)                                                       \
   V(THIN_TWO_BYTE_STRING_TYPE, sizeof(ThinString), thin_two_byte_string,       \
     ThinTwoByteString)                                                         \
   V(THIN_ONE_BYTE_STRING_TYPE, sizeof(ThinString), thin_one_byte_string,       \
-    ThinOneByteString)                                                         \
-  V(SHARED_SEQ_TWO_BYTE_STRING_TYPE, kVariableSizeSentinel,                    \
-    shared_seq_two_byte_string, SharedSeqTwoByteString)                        \
-  V(SHARED_SEQ_ONE_BYTE_STRING_TYPE, kVariableSizeSentinel,                    \
-    shared_seq_one_byte_string, SharedSeqOneByteString)
+    ThinOneByteString)
 
 // A struct is a simple object a set of object-valued fields.  Including an
 // object type in this causes the compiler to generate most of the boilerplate
@@ -169,6 +174,7 @@ namespace internal {
   V(_, PROTOTYPE_INFO_TYPE, PrototypeInfo, prototype_info)                    \
   V(_, REG_EXP_BOILERPLATE_DESCRIPTION_TYPE, RegExpBoilerplateDescription,    \
     regexp_boilerplate_description)                                           \
+  V(_, REG_EXP_DATA_WRAPPER_TYPE, RegExpDataWrapper, regexp_data_wrapper)     \
   V(_, SCRIPT_TYPE, Script, script)                                           \
   V(_, SCRIPT_OR_MODULE_TYPE, ScriptOrModule, script_or_module)               \
   V(_, SOURCE_TEXT_MODULE_INFO_ENTRY_TYPE, SourceTextModuleInfoEntry,         \
diff --git a/deps/v8/src/objects/objects-inl.h b/deps/v8/src/objects/objects-inl.h
index 02c45bdc13877a..0728e301064b37 100644
--- a/deps/v8/src/objects/objects-inl.h
+++ b/deps/v8/src/objects/objects-inl.h
@@ -980,43 +980,50 @@ void HeapObject::InitSelfIndirectPointerField(size_t offset,
 }
 
 template <IndirectPointerTag tag>
-Tagged<Object> HeapObject::ReadIndirectPointerField(
+Tagged<ExposedTrustedObject> HeapObject::ReadTrustedPointerField(
     size_t offset, IsolateForSandbox isolate) const {
-  return i::ReadIndirectPointerField<tag>(field_address(offset), isolate);
+  // Currently, trusted pointer loads always use acquire semantics as the
+  // under-the-hood indirect pointer loads use acquire loads anyway.
+  return ReadTrustedPointerField<tag>(offset, isolate, kAcquireLoad);
 }
 
 template <IndirectPointerTag tag>
-void HeapObject::WriteIndirectPointerField(size_t offset,
-                                           Tagged<ExposedTrustedObject> value) {
-  return i::WriteIndirectPointerField<tag>(field_address(offset), value);
+Tagged<ExposedTrustedObject> HeapObject::ReadTrustedPointerField(
+    size_t offset, IsolateForSandbox isolate,
+    AcquireLoadTag acquire_load) const {
+  Tagged<Object> object =
+      ReadMaybeEmptyTrustedPointerField<tag>(offset, isolate, acquire_load);
+  DCHECK(IsExposedTrustedObject(object));
+  return Cast<ExposedTrustedObject>(object);
 }
 
 template <IndirectPointerTag tag>
-Tagged<ExposedTrustedObject> HeapObject::ReadTrustedPointerField(
-    size_t offset, IsolateForSandbox isolate) const {
+Tagged<Object> HeapObject::ReadMaybeEmptyTrustedPointerField(
+    size_t offset, IsolateForSandbox isolate,
+    AcquireLoadTag acquire_load) const {
 #ifdef V8_ENABLE_SANDBOX
-  Tagged<Object> object = ReadIndirectPointerField<tag>(offset, isolate);
-  DCHECK(IsExposedTrustedObject(object));
-  return Cast<ExposedTrustedObject>(object);
+  return i::ReadIndirectPointerField<tag>(field_address(offset), isolate,
+                                          acquire_load);
 #else
-  PtrComprCageBase cage_base = GetPtrComprCageBase(*this);
-  return TaggedField<ExposedTrustedObject>::Acquire_Load(
-      cage_base, *this, static_cast<int>(offset));
+  return TaggedField<Object>::Acquire_Load(*this, static_cast<int>(offset));
 #endif
 }
 
 template <IndirectPointerTag tag>
 void HeapObject::WriteTrustedPointerField(size_t offset,
                                           Tagged<ExposedTrustedObject> value) {
+  // Currently, trusted pointer stores always use release semantics as the
+  // under-the-hood indirect pointer stores use release stores anyway.
 #ifdef V8_ENABLE_SANDBOX
-  WriteIndirectPointerField<tag>(offset, value);
+  i::WriteIndirectPointerField<tag>(field_address(offset), value,
+                                    kReleaseStore);
 #else
   TaggedField<ExposedTrustedObject>::Release_Store(
       *this, static_cast<int>(offset), value);
 #endif
 }
 
-bool HeapObject::IsTrustedPointerFieldCleared(size_t offset) const {
+bool HeapObject::IsTrustedPointerFieldEmpty(size_t offset) const {
 #ifdef V8_ENABLE_SANDBOX
   IndirectPointerHandle handle = ACQUIRE_READ_UINT32_FIELD(*this, offset);
   return handle == kNullIndirectPointerHandle;
@@ -1035,6 +1042,10 @@ void HeapObject::ClearTrustedPointerField(size_t offset) {
 #endif
 }
 
+void HeapObject::ClearTrustedPointerField(size_t offset, ReleaseStoreTag) {
+  return ClearTrustedPointerField(offset);
+}
+
 Tagged<Code> HeapObject::ReadCodePointerField(size_t offset,
                                               IsolateForSandbox isolate) const {
   return Cast<Code>(
@@ -1045,8 +1056,8 @@ void HeapObject::WriteCodePointerField(size_t offset, Tagged<Code> value) {
   WriteTrustedPointerField<kCodeIndirectPointerTag>(offset, value);
 }
 
-bool HeapObject::IsCodePointerFieldCleared(size_t offset) const {
-  return IsTrustedPointerFieldCleared(offset);
+bool HeapObject::IsCodePointerFieldEmpty(size_t offset) const {
+  return IsTrustedPointerFieldEmpty(offset);
 }
 
 void HeapObject::ClearCodePointerField(size_t offset) {
diff --git a/deps/v8/src/objects/objects.cc b/deps/v8/src/objects/objects.cc
index 10ec0775ce3242..76e284e19a293c 100644
--- a/deps/v8/src/objects/objects.cc
+++ b/deps/v8/src/objects/objects.cc
@@ -7,6 +7,7 @@
 #include <algorithm>
 #include <cmath>
 #include <memory>
+#include <optional>
 #include <sstream>
 #include <vector>
 
@@ -23,6 +24,7 @@
 #include "src/builtins/accessors.h"
 #include "src/builtins/builtins.h"
 #include "src/codegen/compiler.h"
+#include "src/codegen/source-position-table.h"
 #include "src/common/globals.h"
 #include "src/common/message-template.h"
 #include "src/date/date.h"
@@ -69,51 +71,28 @@
 #include "src/objects/instance-type.h"
 #include "src/objects/js-array-buffer-inl.h"
 #include "src/objects/js-array-inl.h"
-#include "src/objects/js-disposable-stack-inl.h"
-#include "src/objects/keys.h"
-#include "src/objects/lookup-inl.h"
-#include "src/objects/map-updater.h"
-#include "src/objects/objects-body-descriptors-inl.h"
-#include "src/objects/objects-inl.h"
-#include "src/objects/promise.h"
-#include "src/objects/property-details.h"
-#include "src/roots/roots.h"
-#include "src/snapshot/deserializer.h"
-#include "src/utils/identity-map.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-break-iterator.h"
-#include "src/objects/js-collator.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-collection-inl.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-date-time-format.h"
-#endif  // V8_INTL_SUPPORT
+#include "src/objects/js-disposable-stack-inl.h"
 #include "src/objects/js-generator-inl.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-list-format.h"
-#include "src/objects/js-locale.h"
-#include "src/objects/js-number-format.h"
-#include "src/objects/js-plural-rules.h"
-#endif  // V8_INTL_SUPPORT
 #include "src/objects/js-regexp-inl.h"
 #include "src/objects/js-regexp-string-iterator.h"
-#ifdef V8_INTL_SUPPORT
-#include "src/objects/js-relative-time-format.h"
-#include "src/objects/js-segment-iterator.h"
-#include "src/objects/js-segmenter.h"
-#include "src/objects/js-segments.h"
-#endif  // V8_INTL_SUPPORT
-#include "src/codegen/source-position-table.h"
 #include "src/objects/js-weak-refs-inl.h"
+#include "src/objects/keys.h"
 #include "src/objects/literal-objects-inl.h"
+#include "src/objects/lookup-inl.h"
 #include "src/objects/map-inl.h"
+#include "src/objects/map-updater.h"
 #include "src/objects/map.h"
 #include "src/objects/megadom-handler-inl.h"
 #include "src/objects/microtask-inl.h"
 #include "src/objects/module-inl.h"
+#include "src/objects/objects-body-descriptors-inl.h"
+#include "src/objects/objects-inl.h"
 #include "src/objects/promise-inl.h"
+#include "src/objects/promise.h"
 #include "src/objects/property-descriptor-object-inl.h"
 #include "src/objects/property-descriptor.h"
+#include "src/objects/property-details.h"
 #include "src/objects/prototype.h"
 #include "src/objects/slots-atomic-inl.h"
 #include "src/objects/string-comparator.h"
@@ -123,12 +102,15 @@
 #include "src/objects/transitions-inl.h"
 #include "src/parsing/preparse-data.h"
 #include "src/regexp/regexp.h"
+#include "src/roots/roots.h"
+#include "src/snapshot/deserializer.h"
 #include "src/strings/string-builder-inl.h"
 #include "src/strings/string-search.h"
 #include "src/strings/string-stream.h"
 #include "src/strings/unicode-decoder.h"
 #include "src/strings/unicode-inl.h"
 #include "src/utils/hex-format.h"
+#include "src/utils/identity-map.h"
 #include "src/utils/ostreams.h"
 #include "src/utils/sha-256.h"
 #include "src/utils/utils-inl.h"
@@ -138,8 +120,21 @@
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+#ifdef V8_INTL_SUPPORT
+#include "src/objects/js-break-iterator.h"
+#include "src/objects/js-collator.h"
+#include "src/objects/js-date-time-format.h"
+#include "src/objects/js-list-format.h"
+#include "src/objects/js-locale.h"
+#include "src/objects/js-number-format.h"
+#include "src/objects/js-plural-rules.h"
+#include "src/objects/js-relative-time-format.h"
+#include "src/objects/js-segment-iterator.h"
+#include "src/objects/js-segmenter.h"
+#include "src/objects/js-segments.h"
+#endif  // V8_INTL_SUPPORT
+
+namespace v8::internal {
 
 ShouldThrow GetShouldThrow(Isolate* isolate, Maybe<ShouldThrow> should_throw) {
   if (should_throw.IsJust()) return should_throw.FromJust();
@@ -745,7 +740,7 @@ bool StrictNumberEquals(const Tagged<Number> x, const Tagged<Number> y) {
   return StrictNumberEquals(Object::NumberValue(x), Object::NumberValue(y));
 }
 
-bool StrictNumberEquals(Handle<Number> x, Handle<Number> y) {
+bool StrictNumberEquals(DirectHandle<Number> x, DirectHandle<Number> y) {
   return StrictNumberEquals(*x, *y);
 }
 
@@ -1931,8 +1926,7 @@ int HeapObject::SizeFromMap(Tagged<Map> map) const {
     return UncheckedCast<TrustedByteArray>(*this)->AllocatedSize();
   }
   if (instance_type == FEEDBACK_METADATA_TYPE) {
-    return FeedbackMetadata::SizeFor(
-        UncheckedCast<FeedbackMetadata>(*this)->slot_count(kAcquireLoad));
+    return UncheckedCast<FeedbackMetadata>(*this)->AllocatedSize();
   }
   if (base::IsInRange(instance_type, FIRST_DESCRIPTOR_ARRAY_TYPE,
                       LAST_DESCRIPTOR_ARRAY_TYPE)) {
@@ -2578,7 +2572,8 @@ Maybe<bool> Object::SetDataProperty(LookupIterator* it, Handle<Object> value) {
   return Just(true);
 }
 
-Maybe<bool> Object::AddDataProperty(LookupIterator* it, Handle<Object> value,
+Maybe<bool> Object::AddDataProperty(LookupIterator* it,
+                                    DirectHandle<Object> value,
                                     PropertyAttributes attributes,
                                     Maybe<ShouldThrow> should_throw,
                                     StoreOrigin store_origin,
@@ -2648,8 +2643,9 @@ Maybe<bool> Object::AddDataProperty(LookupIterator* it, Handle<Object> value,
 
 // static
 Maybe<bool> Object::TransitionAndWriteDataProperty(
-    LookupIterator* it, Handle<Object> value, PropertyAttributes attributes,
-    Maybe<ShouldThrow> should_throw, StoreOrigin store_origin) {
+    LookupIterator* it, DirectHandle<Object> value,
+    PropertyAttributes attributes, Maybe<ShouldThrow> should_throw,
+    StoreOrigin store_origin) {
   Handle<JSReceiver> receiver = it->GetStoreTarget<JSReceiver>();
   it->UpdateProtector();
   // Migrate to the most up-to-date map that will be able to store |value|
@@ -4521,7 +4517,7 @@ bool Script::GetLineColumnWithLineEnds(
   return true;
 }
 
-int Script::GetColumnNumber(Handle<Script> script, int code_pos) {
+int Script::GetColumnNumber(DirectHandle<Script> script, int code_pos) {
   PositionInfo info;
   GetPositionInfo(script, code_pos, &info);
   return info.column;
@@ -4533,7 +4529,7 @@ int Script::GetColumnNumber(int code_pos) const {
   return info.column;
 }
 
-int Script::GetLineNumber(Handle<Script> script, int code_pos) {
+int Script::GetLineNumber(DirectHandle<Script> script, int code_pos) {
   PositionInfo info;
   GetPositionInfo(script, code_pos, &info);
   return info.line;
@@ -4570,14 +4566,14 @@ Handle<String> Script::GetScriptHash(Isolate* isolate,
     }
   }
 
-  Handle<String> src_text;
+  DirectHandle<String> src_text;
   {
     Tagged<Object> maybe_script_source = script->source(cage_base);
 
     if (!IsString(maybe_script_source, cage_base)) {
       return isolate->factory()->empty_string();
     }
-    src_text = handle(Cast<String>(maybe_script_source), isolate);
+    src_text = direct_handle(Cast<String>(maybe_script_source), isolate);
   }
 
   char formatted_hash[kSizeOfFormattedSha256Digest];
@@ -4602,14 +4598,13 @@ MaybeHandle<SharedFunctionInfo> Script::FindSharedFunctionInfo(
     FunctionLiteral* function_literal) {
   DCHECK(function_literal->shared_function_info().is_null());
   int function_literal_id = function_literal->function_literal_id();
-  CHECK_NE(function_literal_id, kFunctionLiteralIdInvalid);
+  CHECK_NE(function_literal_id, kInvalidInfoId);
   // If this check fails, the problem is most probably the function id
   // renumbering done by AstFunctionLiteralIdReindexer; in particular, that
   // AstTraversalVisitor doesn't recurse properly in the construct which
   // triggers the mismatch.
-  CHECK_LT(function_literal_id, script->shared_function_info_count());
-  Tagged<MaybeObject> shared =
-      script->shared_function_infos()->get(function_literal_id);
+  CHECK_LT(function_literal_id, script->infos()->length());
+  Tagged<MaybeObject> shared = script->infos()->get(function_literal_id);
   Tagged<HeapObject> heap_object;
   if (!shared.GetHeapObject(&heap_object) ||
       IsUndefined(heap_object, isolate)) {
@@ -4873,7 +4868,7 @@ Handle<Object> JSPromise::Fulfill(DirectHandle<JSPromise> promise,
   CHECK_EQ(Promise::kPending, promise->status());
 
   // 2. Let reactions be promise.[[PromiseFulfillReactions]].
-  Handle<Object> reactions(promise->reactions(), isolate);
+  DirectHandle<Object> reactions(promise->reactions(), isolate);
 
   // 3. Set promise.[[PromiseResult]] to value.
   // 4. Set promise.[[PromiseFulfillReactions]] to undefined.
@@ -4922,7 +4917,7 @@ Handle<Object> JSPromise::Reject(Handle<JSPromise> promise,
   CHECK_EQ(Promise::kPending, promise->status());
 
   // 2. Let reactions be promise.[[PromiseRejectReactions]].
-  Handle<Object> reactions(promise->reactions(), isolate);
+  DirectHandle<Object> reactions(promise->reactions(), isolate);
 
   // 3. Set promise.[[PromiseResult]] to reason.
   // 4. Set promise.[[PromiseFulfillReactions]] to undefined.
@@ -5408,7 +5403,7 @@ InternalIndex HashTable<Derived, Shape>::FindInsertionEntry(
   }
 }
 
-base::Optional<Tagged<PropertyCell>>
+std::optional<Tagged<PropertyCell>>
 GlobalDictionary::TryFindPropertyCellForConcurrentLookupIterator(
     Isolate* isolate, DirectHandle<Name> name, RelaxedLoadTag tag) {
   // This reimplements HashTable::FindEntry for use in a concurrent setting.
@@ -6656,5 +6651,4 @@ EXTERN_DEFINE_BASE_NAME_DICTIONARY(GlobalDictionary, GlobalDictionaryShape)
 #undef EXTERN_DEFINE_DICTIONARY
 #undef EXTERN_DEFINE_BASE_NAME_DICTIONARY
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/objects.h b/deps/v8/src/objects/objects.h
index 8e66a61e4f73f7..e7d067c9b0aef9 100644
--- a/deps/v8/src/objects/objects.h
+++ b/deps/v8/src/objects/objects.h
@@ -360,13 +360,15 @@ class Object : public AllStatic {
   V8_WARN_UNUSED_RESULT static Maybe<bool> SetDataProperty(
       LookupIterator* it, Handle<Object> value);
   V8_EXPORT_PRIVATE V8_WARN_UNUSED_RESULT static Maybe<bool> AddDataProperty(
-      LookupIterator* it, Handle<Object> value, PropertyAttributes attributes,
-      Maybe<ShouldThrow> should_throw, StoreOrigin store_origin,
+      LookupIterator* it, DirectHandle<Object> value,
+      PropertyAttributes attributes, Maybe<ShouldThrow> should_throw,
+      StoreOrigin store_origin,
       EnforceDefineSemantics semantics = EnforceDefineSemantics::kSet);
 
   V8_WARN_UNUSED_RESULT static Maybe<bool> TransitionAndWriteDataProperty(
-      LookupIterator* it, Handle<Object> value, PropertyAttributes attributes,
-      Maybe<ShouldThrow> should_throw, StoreOrigin store_origin);
+      LookupIterator* it, DirectHandle<Object> value,
+      PropertyAttributes attributes, Maybe<ShouldThrow> should_throw,
+      StoreOrigin store_origin);
 
   V8_WARN_UNUSED_RESULT static inline MaybeHandle<Object> GetPropertyOrElement(
       Isolate* isolate, Handle<Object> object, Handle<Name> name);
diff --git a/deps/v8/src/objects/ordered-hash-table.cc b/deps/v8/src/objects/ordered-hash-table.cc
index fc0ac4ebf00529..00c1b3536c1a17 100644
--- a/deps/v8/src/objects/ordered-hash-table.cc
+++ b/deps/v8/src/objects/ordered-hash-table.cc
@@ -706,7 +706,8 @@ void SmallOrderedHashTable<Derived>::Initialize(Isolate* isolate,
 }
 
 MaybeHandle<SmallOrderedHashSet> SmallOrderedHashSet::Add(
-    Isolate* isolate, Handle<SmallOrderedHashSet> table, Handle<Object> key) {
+    Isolate* isolate, Handle<SmallOrderedHashSet> table,
+    DirectHandle<Object> key) {
   if (table->HasKey(isolate, key)) return table;
 
   if (table->UsedCapacity() >= table->Capacity()) {
@@ -751,8 +752,8 @@ bool SmallOrderedHashSet::HasKey(Isolate* isolate, DirectHandle<Object> key) {
 }
 
 MaybeHandle<SmallOrderedHashMap> SmallOrderedHashMap::Add(
-    Isolate* isolate, Handle<SmallOrderedHashMap> table, Handle<Object> key,
-    DirectHandle<Object> value) {
+    Isolate* isolate, Handle<SmallOrderedHashMap> table,
+    DirectHandle<Object> key, DirectHandle<Object> value) {
   if (table->HasKey(isolate, key)) return table;
 
   if (table->UsedCapacity() >= table->Capacity()) {
@@ -1227,7 +1228,7 @@ OrderedNameDictionaryHandler::AdjustRepresentation(
 
 MaybeHandle<HeapObject> OrderedHashMapHandler::Add(Isolate* isolate,
                                                    Handle<HeapObject> table,
-                                                   Handle<Object> key,
+                                                   DirectHandle<Object> key,
                                                    DirectHandle<Object> value) {
   if (IsSmallOrderedHashMap(*table)) {
     Handle<SmallOrderedHashMap> small_map = Cast<SmallOrderedHashMap>(table);
@@ -1250,7 +1251,7 @@ MaybeHandle<HeapObject> OrderedHashMapHandler::Add(Isolate* isolate,
 
 MaybeHandle<HeapObject> OrderedHashSetHandler::Add(Isolate* isolate,
                                                    Handle<HeapObject> table,
-                                                   Handle<Object> key) {
+                                                   DirectHandle<Object> key) {
   if (IsSmallOrderedHashSet(*table)) {
     Handle<SmallOrderedHashSet> small_set = Cast<SmallOrderedHashSet>(table);
     MaybeHandle<SmallOrderedHashSet> new_set =
diff --git a/deps/v8/src/objects/ordered-hash-table.h b/deps/v8/src/objects/ordered-hash-table.h
index db623ef1310297..cb944057a6dcf5 100644
--- a/deps/v8/src/objects/ordered-hash-table.h
+++ b/deps/v8/src/objects/ordered-hash-table.h
@@ -657,7 +657,8 @@ class SmallOrderedHashSet : public SmallOrderedHashTable<SmallOrderedHashSet> {
   // table is created. The original |table| is returned if there is
   // capacity to store |value| otherwise the new table is returned.
   V8_EXPORT_PRIVATE static MaybeHandle<SmallOrderedHashSet> Add(
-      Isolate* isolate, Handle<SmallOrderedHashSet> table, Handle<Object> key);
+      Isolate* isolate, Handle<SmallOrderedHashSet> table,
+      DirectHandle<Object> key);
   V8_EXPORT_PRIVATE static bool Delete(Isolate* isolate,
                                        Tagged<SmallOrderedHashSet> table,
                                        Tagged<Object> key);
@@ -689,8 +690,8 @@ class SmallOrderedHashMap : public SmallOrderedHashTable<SmallOrderedHashMap> {
   // table is created. The original |table| is returned if there is
   // capacity to store |value| otherwise the new table is returned.
   V8_EXPORT_PRIVATE static MaybeHandle<SmallOrderedHashMap> Add(
-      Isolate* isolate, Handle<SmallOrderedHashMap> table, Handle<Object> key,
-      DirectHandle<Object> value);
+      Isolate* isolate, Handle<SmallOrderedHashMap> table,
+      DirectHandle<Object> key, DirectHandle<Object> value);
   V8_EXPORT_PRIVATE static bool Delete(Isolate* isolate,
                                        Tagged<SmallOrderedHashMap> table,
                                        Tagged<Object> key);
@@ -736,7 +737,7 @@ class V8_EXPORT_PRIVATE OrderedHashMapHandler
     : public OrderedHashTableHandler<SmallOrderedHashMap, OrderedHashMap> {
  public:
   static MaybeHandle<HeapObject> Add(Isolate* isolate, Handle<HeapObject> table,
-                                     Handle<Object> key,
+                                     DirectHandle<Object> key,
                                      DirectHandle<Object> value);
   static MaybeHandle<OrderedHashMap> AdjustRepresentation(
       Isolate* isolate, DirectHandle<SmallOrderedHashMap> table);
@@ -749,7 +750,7 @@ class V8_EXPORT_PRIVATE OrderedHashSetHandler
     : public OrderedHashTableHandler<SmallOrderedHashSet, OrderedHashSet> {
  public:
   static MaybeHandle<HeapObject> Add(Isolate* isolate, Handle<HeapObject> table,
-                                     Handle<Object> key);
+                                     DirectHandle<Object> key);
   static MaybeHandle<OrderedHashSet> AdjustRepresentation(
       Isolate* isolate, DirectHandle<SmallOrderedHashSet> table);
 };
diff --git a/deps/v8/src/objects/regexp-match-info.cc b/deps/v8/src/objects/regexp-match-info.cc
index 248eefc03ef230..d330fc33cc097a 100644
--- a/deps/v8/src/objects/regexp-match-info.cc
+++ b/deps/v8/src/objects/regexp-match-info.cc
@@ -2,10 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/objects/regexp-match-info-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // static
 Handle<RegExpMatchInfo> RegExpMatchInfo::New(Isolate* isolate,
@@ -13,7 +14,7 @@ Handle<RegExpMatchInfo> RegExpMatchInfo::New(Isolate* isolate,
                                              AllocationType allocation) {
   int capacity = JSRegExp::RegistersForCaptureCount(capture_count);
   DCHECK_GE(capacity, kMinCapacity);
-  base::Optional<DisallowGarbageCollection> no_gc;
+  std::optional<DisallowGarbageCollection> no_gc;
   Handle<RegExpMatchInfo> result =
       Allocate(isolate, capacity, &no_gc, allocation);
 
@@ -40,5 +41,4 @@ Handle<RegExpMatchInfo> RegExpMatchInfo::ReserveCaptures(
   return match_info;
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/scope-info.cc b/deps/v8/src/objects/scope-info.cc
index a334e8af05a8cb..af425d7809b221 100644
--- a/deps/v8/src/objects/scope-info.cc
+++ b/deps/v8/src/objects/scope-info.cc
@@ -248,7 +248,8 @@ Handle<ScopeInfo> ScopeInfo::Create(IsolateT* isolate, Zone* zone, Scope* scope,
         PrivateNameLookupSkipsOuterClassBit::encode(
             scope->private_name_lookup_skips_outer_class()) |
         HasContextExtensionSlotBit::encode(scope->HasContextExtensionSlot()) |
-        HasLocalsBlockListBit::encode(false);
+        IsHiddenBit::encode(scope->is_hidden()) |
+        IsWrappedFunctionBit::encode(scope->is_wrapped_function());
     scope_info->set_flags(flags);
 
     scope_info->set_parameter_count(parameter_count);
@@ -449,8 +450,8 @@ Handle<ScopeInfo> ScopeInfo::CreateForWithScope(
       IsDebugEvaluateScopeBit::encode(false) |
       ForceContextAllocationBit::encode(false) |
       PrivateNameLookupSkipsOuterClassBit::encode(false) |
-      HasContextExtensionSlotBit::encode(true) |
-      HasLocalsBlockListBit::encode(false);
+      HasContextExtensionSlotBit::encode(true) | IsHiddenBit::encode(false) |
+      IsWrappedFunctionBit::encode(false);
   scope_info->set_flags(flags);
 
   scope_info->set_parameter_count(0);
@@ -464,7 +465,8 @@ Handle<ScopeInfo> ScopeInfo::CreateForWithScope(
   DCHECK_EQ(index, scope_info->InferredFunctionNameIndex());
   DCHECK(index == scope_info->OuterScopeInfoIndex());
   if (has_outer_scope_info) {
-    scope_info->set(index++, *outer_scope.ToHandleChecked());
+    Tagged<ScopeInfo> outer = *outer_scope.ToHandleChecked();
+    scope_info->set(index++, outer);
   }
   DCHECK_EQ(index, scope_info->length());
   DCHECK_EQ(0, scope_info->ParameterCount());
@@ -542,7 +544,7 @@ Handle<ScopeInfo> ScopeInfo::CreateForBootstrapping(Isolate* isolate,
       PrivateNameLookupSkipsOuterClassBit::encode(false) |
       HasContextExtensionSlotBit::encode(is_native_context ||
                                          has_const_tracking_let_side_data) |
-      HasLocalsBlockListBit::encode(false);
+      IsHiddenBit::encode(false) | IsWrappedFunctionBit::encode(false);
   Tagged<ScopeInfo> raw_scope_info = *scope_info;
   raw_scope_info->set_flags(flags);
   raw_scope_info->set_parameter_count(parameter_count);
@@ -639,41 +641,6 @@ int ScopeInfo::length() const {
   return (AllocatedSize() - HeapObject::kHeaderSize) / kTaggedSize;
 }
 
-// static
-Handle<ScopeInfo> ScopeInfo::RecreateWithBlockList(
-    Isolate* isolate, Handle<ScopeInfo> original,
-    DirectHandle<StringSet> blocklist) {
-  DCHECK(!original.is_null());
-  if (original->HasLocalsBlockList()) return original;
-
-  int length = original->length() + 1;
-  Handle<ScopeInfo> scope_info = isolate->factory()->NewScopeInfo(length);
-
-  // Copy the static part first and update the flags to include the
-  // blocklist field, so {LocalsBlockListIndex} returns the correct value.
-  scope_info->CopyElements(isolate, 0, *original, 0, kVariablePartIndex,
-                           WriteBarrierMode::UPDATE_WRITE_BARRIER);
-  scope_info->set_flags(
-      HasLocalsBlockListBit::update(scope_info->Flags(), true));
-  scope_info->set_position_info_start(original->position_info_start());
-  scope_info->set_position_info_end(original->position_info_end());
-
-  // Copy the dynamic part including the provided blocklist:
-  //   1) copy all the fields up to the blocklist index
-  //   2) add the blocklist
-  //   3) copy the remaining fields
-  scope_info->CopyElements(
-      isolate, kVariablePartIndex, *original, kVariablePartIndex,
-      scope_info->LocalsBlockListIndex() - kVariablePartIndex,
-      WriteBarrierMode::UPDATE_WRITE_BARRIER);
-  scope_info->set_locals_block_list(*blocklist);
-  scope_info->CopyElements(isolate, scope_info->LocalsBlockListIndex() + 1,
-                           *original, scope_info->LocalsBlockListIndex(),
-                           length - scope_info->LocalsBlockListIndex() - 1,
-                           WriteBarrierMode::UPDATE_WRITE_BARRIER);
-  return scope_info;
-}
-
 Tagged<ScopeInfo> ScopeInfo::Empty(Isolate* isolate) {
   return ReadOnlyRoots(isolate).empty_scope_info();
 }
@@ -725,6 +692,26 @@ int ScopeInfo::ContextLength() const {
          (function_name_context_slot ? 1 : 0);
 }
 
+// Needs to be kept in sync with Scope::UniqueIdInScript and
+// SharedFunctionInfo::UniqueIdInScript.
+int ScopeInfo::UniqueIdInScript() const {
+  DCHECK(!IsHiddenCatchScope());
+  // Script scopes start "before" the script to avoid clashing with a scope that
+  // starts on character 0.
+  if (is_script_scope() || scope_type() == EVAL_SCOPE ||
+      scope_type() == MODULE_SCOPE) {
+    return -2;
+  }
+  // Wrapped functions start before the function body, but after the script
+  // start, to avoid clashing with a scope starting on character 0.
+  if (IsWrappedFunctionScope()) {
+    return -1;
+  }
+  // Default constructors have the same start position as their parent class
+  // scope. Use the next char position to distinguish this scope.
+  return StartPosition() + IsDefaultConstructor(function_kind());
+}
+
 bool ScopeInfo::HasContextExtensionSlot() const {
   return HasContextExtensionSlotBit::decode(Flags());
 }
@@ -809,13 +796,14 @@ bool ScopeInfo::IsReplModeScope() const {
   return scope_type() == REPL_MODE_SCOPE;
 }
 
-bool ScopeInfo::HasLocalsBlockList() const {
-  return HasLocalsBlockListBit::decode(Flags());
+bool ScopeInfo::IsHiddenCatchScope() const {
+  return IsHiddenBit::decode(Flags()) && scope_type() == CATCH_SCOPE;
 }
 
-Tagged<StringSet> ScopeInfo::LocalsBlockList() const {
-  DCHECK(HasLocalsBlockList());
-  return Cast<StringSet>(locals_block_list());
+bool ScopeInfo::IsWrappedFunctionScope() const {
+  DCHECK_IMPLIES(IsWrappedFunctionBit::decode(Flags()),
+                 scope_type() == FUNCTION_SCOPE);
+  return IsWrappedFunctionBit::decode(Flags());
 }
 
 bool ScopeInfo::HasContext() const { return ContextLength() > 0; }
@@ -1068,10 +1056,6 @@ int ScopeInfo::OuterScopeInfoIndex() const {
   return ConvertOffsetToIndex(OuterScopeInfoOffset());
 }
 
-int ScopeInfo::LocalsBlockListIndex() const {
-  return ConvertOffsetToIndex(LocalsBlockListOffset());
-}
-
 int ScopeInfo::ModuleInfoIndex() const {
   return ConvertOffsetToIndex(ModuleInfoOffset());
 }
diff --git a/deps/v8/src/objects/scope-info.h b/deps/v8/src/objects/scope-info.h
index 56d50e63a27e06..c1113d29f25268 100644
--- a/deps/v8/src/objects/scope-info.h
+++ b/deps/v8/src/objects/scope-info.h
@@ -114,6 +114,10 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   // Does this scope belong to a function?
   bool HasPositionInfo() const;
 
+  bool IsHiddenCatchScope() const;
+
+  bool IsWrappedFunctionScope() const;
+
   // Return if contexts are allocated for this scope.
   bool HasContext() const;
 
@@ -138,6 +142,8 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   int EndPosition() const;
   void SetPositionInfo(int start, int end);
 
+  int UniqueIdInScript() const;
+
   Tagged<SourceTextModuleInfo> ModuleDescriptorInfo() const;
 
   // Return true if the local names are inlined in the scope info object.
@@ -231,14 +237,6 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
 
   bool is_script_scope() const;
 
-  // Returns true if this ScopeInfo has a blocklist attached containing stack
-  // allocated local variables.
-  V8_EXPORT_PRIVATE bool HasLocalsBlockList() const;
-  // Returns a list of stack-allocated locals of parent scopes.
-  // Used during local debug-evalute to decide whether a context lookup
-  // can continue upwards after checking this scope.
-  V8_EXPORT_PRIVATE Tagged<StringSet> LocalsBlockList() const;
-
   // Returns true if this ScopeInfo was created for a scope that skips the
   // closest outer class when resolving private names.
   bool PrivateNameLookupSkipsOuterClass() const;
@@ -269,13 +267,6 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   static Handle<ScopeInfo> CreateForShadowRealmNativeContext(Isolate* isolate);
   static Handle<ScopeInfo> CreateGlobalThisBinding(Isolate* isolate);
 
-  // Creates a copy of a {ScopeInfo} but with the provided locals blocklist
-  // attached. Does nothing if the original {ScopeInfo} already has a field
-  // for a blocklist reserved.
-  V8_EXPORT_PRIVATE static Handle<ScopeInfo> RecreateWithBlockList(
-      Isolate* isolate, Handle<ScopeInfo> original,
-      DirectHandle<StringSet> blocklist);
-
   // Serializes empty scope info.
   V8_EXPORT_PRIVATE static Tagged<ScopeInfo> Empty(Isolate* isolate);
 
@@ -315,7 +306,6 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   int FunctionVariableInfoIndex() const;
   int InferredFunctionNameIndex() const;
   int OuterScopeInfoIndex() const;
-  V8_EXPORT_PRIVATE int LocalsBlockListIndex() const;
   int ModuleInfoIndex() const;
   int ModuleVariableCountIndex() const;
   int ModuleVariablesIndex() const;
@@ -378,7 +368,6 @@ class ScopeInfo : public TorqueGeneratedScopeInfo<ScopeInfo, HeapObject> {
   friend std::ostream& operator<<(std::ostream& os, VariableAllocationInfo var);
 
   TQ_OBJECT_CONSTRUCTORS(ScopeInfo)
-  FRIEND_TEST(TestWithNativeContext, RecreateScopeInfoWithLocalsBlocklistWorks);
 };
 
 std::ostream& operator<<(std::ostream& os, VariableAllocationInfo var);
diff --git a/deps/v8/src/objects/scope-info.tq b/deps/v8/src/objects/scope-info.tq
index 919e97cf2f7c5b..a2b25c2facd66b 100644
--- a/deps/v8/src/objects/scope-info.tq
+++ b/deps/v8/src/objects/scope-info.tq
@@ -79,8 +79,9 @@ bitfield struct ScopeFlags extends uint32 {
   force_context_allocation: bool: 1 bit;
   private_name_lookup_skips_outer_class: bool: 1 bit;
   has_context_extension_slot: bool: 1 bit;
-  has_locals_block_list: bool: 1 bit;
+  is_hidden: bool: 1 bit;
   is_empty: bool: 1 bit;
+  is_wrapped_function: bool: 1 bit;
 }
 
 struct PositionInfo {
@@ -168,11 +169,6 @@ extern class ScopeInfo extends HeapObject {
 
   outer_scope_info?[flags.has_outer_scope_info]: ScopeInfo|TheHole;
 
-  // List of stack allocated local variables. Used by debug evaluate to properly
-  // abort variable lookup when a name clashes with a stack allocated local that
-  // can't be materialized.
-  locals_block_list?[flags.has_locals_block_list]: HashTable;
-
   // For a module scope, this part contains the SourceTextModuleInfo and the
   // metadata of module-allocated variables. For non-module scopes it is empty.
   module_info?
diff --git a/deps/v8/src/objects/script-inl.h b/deps/v8/src/objects/script-inl.h
index 4ea86c9a994b85..0aff9785c434e5 100644
--- a/deps/v8/src/objects/script-inl.h
+++ b/deps/v8/src/objects/script-inl.h
@@ -32,7 +32,7 @@ ACCESSORS_CHECKED(Script, wasm_breakpoint_infos, Tagged<FixedArray>,
 ACCESSORS_CHECKED(Script, wasm_managed_native_module, Tagged<Object>,
                   kEvalFromPositionOffset, this->type() == Type::kWasm)
 ACCESSORS_CHECKED(Script, wasm_weak_instance_list, Tagged<WeakArrayList>,
-                  kSharedFunctionInfosOffset, this->type() == Type::kWasm)
+                  kInfosOffset, this->type() == Type::kWasm)
 #define CHECK_SCRIPT_NOT_WASM this->type() != Type::kWasm
 #else
 #define CHECK_SCRIPT_NOT_WASM true
@@ -87,26 +87,21 @@ Tagged<FixedArray> Script::wrapped_arguments() const {
   return Cast<FixedArray>(eval_from_shared_or_wrapped_arguments());
 }
 
-DEF_GETTER(Script, shared_function_infos, Tagged<WeakFixedArray>) {
+DEF_GETTER(Script, infos, Tagged<WeakFixedArray>) {
 #if V8_ENABLE_WEBASSEMBLY
   if (type() == Type::kWasm) {
     return ReadOnlyRoots(GetHeap()).empty_weak_fixed_array();
   }
 #endif  // V8_ENABLE_WEBASSEMBLY
-  return TaggedField<WeakFixedArray, kSharedFunctionInfosOffset>::load(*this);
+  return TaggedField<WeakFixedArray, kInfosOffset>::load(*this);
 }
 
-void Script::set_shared_function_infos(Tagged<WeakFixedArray> value,
-                                       WriteBarrierMode mode) {
+void Script::set_infos(Tagged<WeakFixedArray> value, WriteBarrierMode mode) {
 #if V8_ENABLE_WEBASSEMBLY
   DCHECK_NE(Type::kWasm, type());
 #endif  // V8_ENABLE_WEBASSEMBLY
-  TaggedField<WeakFixedArray, kSharedFunctionInfosOffset>::store(*this, value);
-  CONDITIONAL_WRITE_BARRIER(*this, kSharedFunctionInfosOffset, value, mode);
-}
-
-int Script::shared_function_info_count() const {
-  return shared_function_infos()->length();
+  TaggedField<WeakFixedArray, kInfosOffset>::store(*this, value);
+  CONDITIONAL_WRITE_BARRIER(*this, kInfosOffset, value, mode);
 }
 
 #if V8_ENABLE_WEBASSEMBLY
@@ -223,6 +218,18 @@ bool Script::IsMaybeUnfinalized(Isolate* isolate) const {
          Cast<String>(source())->length() == 0;
 }
 
+Tagged<Script> Script::GetEvalOrigin() {
+  DisallowGarbageCollection no_gc;
+  Tagged<Script> origin_script = *this;
+  while (origin_script->has_eval_from_shared()) {
+    Tagged<HeapObject> maybe_script =
+        origin_script->eval_from_shared()->script();
+    CHECK(IsScript(maybe_script));
+    origin_script = Cast<Script>(maybe_script);
+  }
+  return origin_script;
+}
+
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/src/objects/script.h b/deps/v8/src/objects/script.h
index 6f666e5013040e..d80a99050b0467 100644
--- a/deps/v8/src/objects/script.h
+++ b/deps/v8/src/objects/script.h
@@ -83,11 +83,9 @@ class Script : public TorqueGeneratedScript<Script, Struct> {
   // code from which eval was called, as negative integer.
   DECL_INT_ACCESSORS(eval_from_position)
 
-  // [shared_function_infos]: weak fixed array containing all shared
-  // function infos created from this script.
-  DECL_ACCESSORS(shared_function_infos, Tagged<WeakFixedArray>)
-
-  inline int shared_function_info_count() const;
+  // [infos]: weak fixed array containing all shared function infos and scope
+  // infos for eval created from this script.
+  DECL_ACCESSORS(infos, Tagged<WeakFixedArray>)
 
 #if V8_ENABLE_WEBASSEMBLY
   // [wasm_breakpoint_infos]: the list of {BreakPointInfo} objects describing
@@ -172,6 +170,8 @@ class Script : public TorqueGeneratedScript<Script, Struct> {
   // Retrieve source position from where eval was called.
   static int GetEvalPosition(Isolate* isolate, DirectHandle<Script> script);
 
+  Tagged<Script> inline GetEvalOrigin();
+
   // Initialize line_ends array with source code positions of line ends if
   // it doesn't exist yet.
   static inline void InitLineEnds(Isolate* isolate,
@@ -237,9 +237,9 @@ class Script : public TorqueGeneratedScript<Script, Struct> {
   bool IsUserJavaScript() const;
 
   // Wrappers for GetPositionInfo
-  static int GetColumnNumber(Handle<Script> script, int code_offset);
+  static int GetColumnNumber(DirectHandle<Script> script, int code_offset);
   int GetColumnNumber(int code_pos) const;
-  V8_EXPORT_PRIVATE static int GetLineNumber(Handle<Script> script,
+  V8_EXPORT_PRIVATE static int GetLineNumber(DirectHandle<Script> script,
                                              int code_offset);
   int GetLineNumber(int code_pos) const;
 
diff --git a/deps/v8/src/objects/script.tq b/deps/v8/src/objects/script.tq
index 10b61fe483f74e..cb4335031081c5 100644
--- a/deps/v8/src/objects/script.tq
+++ b/deps/v8/src/objects/script.tq
@@ -47,7 +47,7 @@ extern class Script extends Struct {
   eval_from_shared_or_wrapped_arguments: SharedFunctionInfo|FixedArray|
       Undefined;
   eval_from_position: Smi|Foreign;  // Smi or Managed<wasm::NativeModule>
-  shared_function_infos: WeakFixedArray|WeakArrayList;
+  infos: WeakFixedArray|WeakArrayList;
 
   // [compiled_lazy_function_positions]: ArrayList containing SMIs marking
   // the start positions of lazy functions which got compiled.
diff --git a/deps/v8/src/objects/shared-function-info-inl.h b/deps/v8/src/objects/shared-function-info-inl.h
index 2f4bf56b1ea572..88c36cb742629d 100644
--- a/deps/v8/src/objects/shared-function-info-inl.h
+++ b/deps/v8/src/objects/shared-function-info-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_SHARED_FUNCTION_INFO_INL_H_
 #define V8_OBJECTS_SHARED_FUNCTION_INFO_INL_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
 #include "src/base/platform/mutex.h"
 #include "src/builtins/builtins.h"
@@ -24,16 +26,15 @@
 #include "src/objects/string.h"
 #include "src/objects/templates-inl.h"
 
+// Has to be the last include (doesn't have include guards):
+#include "src/objects/object-macros.h"
+
 #if V8_ENABLE_WEBASSEMBLY
 #include "src/wasm/wasm-module.h"
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-// Has to be the last include (doesn't have include guards):
-#include "src/objects/object-macros.h"
-
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/shared-function-info-tq-inl.inc"
 
@@ -117,95 +118,73 @@ RELEASE_ACQUIRE_ACCESSORS(SharedFunctionInfo, script, Tagged<HeapObject>,
 RELEASE_ACQUIRE_ACCESSORS(SharedFunctionInfo, raw_script, Tagged<Object>,
                           kScriptOffset)
 
-void SharedFunctionInfo::SetData(Tagged<Object> value, ReleaseStoreTag tag,
-                                 DataType type, WriteBarrierMode mode) {
-#ifdef V8_ENABLE_SANDBOX
-  if (type == DataType::kTrusted) {
-    DCHECK(IsExposedTrustedObject(value));
-    // Only one of trusted_function_data and function_data can be in use.
-    set_trusted_function_data(Cast<ExposedTrustedObject>(value), tag, mode);
-    clear_function_data(kReleaseStore);
-  } else {
-    DCHECK_EQ(type, DataType::kRegular);
-    // Only one of trusted_function_data and function_data can be in use.
-    set_function_data(value, tag, mode);
-    clear_trusted_function_data(kReleaseStore);
-  }
-#else
-  set_function_data(value, tag, mode);
-#endif  // V8_ENABLE_SANDBOX
-}
+void SharedFunctionInfo::SetTrustedData(Tagged<ExposedTrustedObject> value,
+                                        WriteBarrierMode mode) {
+  WriteTrustedPointerField<kUnknownIndirectPointerTag>(
+      kTrustedFunctionDataOffset, value);
 
-#ifdef V8_ENABLE_SANDBOX
-// TODO(saelo): consider using a unique magic value here instead. However,
-// using -1 has some benefits such as a recognizable crashing address if this
-// field was ever accidentally treated as a HeapObject.
-constexpr int kClearedFunctionDataValue = -1;
-void SharedFunctionInfo::clear_function_data(ReleaseStoreTag) {
-  TaggedField<Object, kFunctionDataOffset>::Release_Store(
-      *this, Smi::FromInt(kClearedFunctionDataValue));
-}
+  // Only one of trusted_function_data and untrusted_function_data can be in
+  // use, so clear the untrusted data field. Using -1 here as cleared data value
+  // allows HasBuiltinId to become quite simple, as it can just check if the
+  // untrusted data is a Smi containing a valid builtin ID.
+  constexpr int kClearedUntrustedFunctionDataValue = -1;
+  static_assert(!Builtins::IsBuiltinId(kClearedUntrustedFunctionDataValue));
+  TaggedField<Object, kUntrustedFunctionDataOffset>::Release_Store(
+      *this, Smi::FromInt(kClearedUntrustedFunctionDataValue));
 
-void SharedFunctionInfo::clear_trusted_function_data(ReleaseStoreTag) {
-  TaggedField<Object, kTrustedFunctionDataOffset>::Release_Store(*this,
-                                                                 Smi::zero());
+  CONDITIONAL_TRUSTED_POINTER_WRITE_BARRIER(*this, kTrustedFunctionDataOffset,
+                                            kUnknownIndirectPointerTag, value,
+                                            mode);
 }
 
-bool SharedFunctionInfo::has_trusted_function_data() const {
-  return TaggedField<Object, kTrustedFunctionDataOffset>::Relaxed_Load(*this) !=
-         Smi::zero();
-}
+void SharedFunctionInfo::SetUntrustedData(Tagged<Object> value,
+                                          WriteBarrierMode mode) {
+  TaggedField<Object, kUntrustedFunctionDataOffset>::Release_Store(*this,
+                                                                   value);
 
-Tagged<ExposedTrustedObject> SharedFunctionInfo::trusted_function_data(
-    IsolateForSandbox isolate, AcquireLoadTag) const {
-  Tagged<Object> trusted_data =
-      ReadIndirectPointerField<kUnknownIndirectPointerTag>(
-          kTrustedFunctionDataOffset, isolate);
-  return Cast<ExposedTrustedObject>(trusted_data);
-}
+  // Only one of trusted_function_data and untrusted_function_data can be in
+  // use, so clear the trusted data field.
+  ClearTrustedPointerField(kTrustedFunctionDataOffset, kReleaseStore);
 
-void SharedFunctionInfo::set_trusted_function_data(
-    Tagged<ExposedTrustedObject> value, ReleaseStoreTag,
-    WriteBarrierMode mode) {
-  WriteIndirectPointerField<kUnknownIndirectPointerTag>(
-      kTrustedFunctionDataOffset, value);
-  CONDITIONAL_INDIRECT_POINTER_WRITE_BARRIER(*this, kTrustedFunctionDataOffset,
-                                             kUnknownIndirectPointerTag, value,
-                                             mode);
+  CONDITIONAL_WRITE_BARRIER(*this, kUntrustedFunctionDataOffset, value, mode);
 }
 
-IndirectPointerHandle SharedFunctionInfo::trusted_function_data_handle(
-    AcquireLoadTag) const {
-  return RawIndirectPointerField(kTrustedFunctionDataOffset,
-                                 kUnknownIndirectPointerTag)
-      .Acquire_LoadHandle();
+bool SharedFunctionInfo::HasTrustedData() const {
+  return !IsTrustedPointerFieldEmpty(kTrustedFunctionDataOffset);
 }
-#endif  // V8_ENABLE_SANDBOX
 
-DEF_ACQUIRE_GETTER(SharedFunctionInfo, function_data, Tagged<Object>) {
-  Tagged<Object> value =
-      TaggedField<Object, kFunctionDataOffset>::Acquire_Load(cage_base, *this);
-  return value;
+bool SharedFunctionInfo::HasUntrustedData() const { return !HasTrustedData(); }
+
+Tagged<Object> SharedFunctionInfo::GetTrustedData(
+    IsolateForSandbox isolate) const {
+  return ReadMaybeEmptyTrustedPointerField<kUnknownIndirectPointerTag>(
+      kTrustedFunctionDataOffset, isolate, kAcquireLoad);
 }
 
-void SharedFunctionInfo::set_function_data(Tagged<Object> value,
-                                           ReleaseStoreTag,
-                                           WriteBarrierMode mode) {
-  TaggedField<Object, kFunctionDataOffset>::Release_Store(*this, value);
-  CONDITIONAL_WRITE_BARRIER(*this, kFunctionDataOffset, value, mode);
+template <typename T, IndirectPointerTag tag>
+Tagged<T> SharedFunctionInfo::GetTrustedData(IsolateForSandbox isolate) const {
+  static_assert(tag != kUnknownIndirectPointerTag);
+  return Cast<T>(ReadMaybeEmptyTrustedPointerField<tag>(
+      kTrustedFunctionDataOffset, isolate, kAcquireLoad));
 }
 
-Tagged<Object> SharedFunctionInfo::GetData(IsolateForSandbox isolate) const {
+Tagged<Object> SharedFunctionInfo::GetTrustedData() const {
 #ifdef V8_ENABLE_SANDBOX
   auto trusted_data_slot = RawIndirectPointerField(kTrustedFunctionDataOffset,
                                                    kUnknownIndirectPointerTag);
-  IndirectPointerHandle trusted_data_handle =
-      trusted_data_slot.Acquire_LoadHandle();
-  if (trusted_data_handle != kNullIndirectPointerHandle) {
-    return trusted_data_slot.ResolveHandle(trusted_data_handle, isolate);
-  }
+  // This routine is sometimes used for SFI's in read-only space (which never
+  // have trusted data). In that case, GetIsolateForSandbox cannot be used, so
+  // we need to return early in that case, before trying to obtain an Isolate.
+  IndirectPointerHandle handle = trusted_data_slot.Acquire_LoadHandle();
+  if (handle == kNullIndirectPointerHandle) return Smi::zero();
+  return trusted_data_slot.ResolveHandle(handle, GetIsolateForSandbox(*this));
+#else
+  return TaggedField<Object, kTrustedFunctionDataOffset>::Acquire_Load(*this);
 #endif
-  return function_data(kAcquireLoad);
+}
+
+Tagged<Object> SharedFunctionInfo::GetUntrustedData() const {
+  return TaggedField<Object, kUntrustedFunctionDataOffset>::Acquire_Load(*this);
 }
 
 DEF_GETTER(SharedFunctionInfo, script, Tagged<HeapObject>) {
@@ -382,6 +361,9 @@ BIT_FIELD_ACCESSORS(SharedFunctionInfo, flags2, is_sparkplug_compiling,
 BIT_FIELD_ACCESSORS(SharedFunctionInfo, flags2, maglev_compilation_failed,
                     SharedFunctionInfo::MaglevCompilationFailedBit)
 
+BIT_FIELD_ACCESSORS(SharedFunctionInfo, flags2, sparkplug_compiled,
+                    SharedFunctionInfo::SparkplugCompiledBit)
+
 BIT_FIELD_ACCESSORS(SharedFunctionInfo, flags2,
                     function_context_independent_compiled,
                     SharedFunctionInfo::FunctionContextIndependentCompiledBit)
@@ -584,9 +566,16 @@ void SharedFunctionInfo::SetScopeInfo(Tagged<ScopeInfo> scope_info,
     name = Cast<UnionOf<Smi, String>>(name_or_scope_info);
   }
   DCHECK(IsString(name) || name == kNoSharedNameSentinel);
-  // Only set the function name for function scopes.
-  scope_info->SetFunctionName(name);
-  if (HasInferredName() && inferred_name()->length() != 0) {
+  // ScopeInfo can get promoted to read-only space. Now that we reuse them after
+  // flushing bytecode, we'll actually reinstall read-only scopeinfos on
+  // SharedFunctionInfos if they required a context. The read-only scopeinfos
+  // should already be fully initialized though, and hence will already have the
+  // right FunctionName (and InferredName if relevant).
+  if (scope_info->FunctionName() != name) {
+    scope_info->SetFunctionName(name);
+  }
+  if (HasInferredName() && inferred_name()->length() != 0 &&
+      scope_info->InferredFunctionName() != inferred_name()) {
     scope_info->SetInferredFunctionName(inferred_name());
   }
   set_name_or_scope_info(scope_info, kReleaseStore, mode);
@@ -606,11 +595,12 @@ DEF_GETTER(SharedFunctionInfo, outer_scope_info, Tagged<HeapObject>) {
 
 bool SharedFunctionInfo::HasOuterScopeInfo() const {
   Tagged<ScopeInfo> outer_info;
-  if (!is_compiled()) {
+  Tagged<ScopeInfo> info = scope_info(kAcquireLoad);
+  if (info->IsEmpty()) {
+    if (is_compiled()) return false;
     if (!IsScopeInfo(outer_scope_info())) return false;
     outer_info = Cast<ScopeInfo>(outer_scope_info());
   } else {
-    Tagged<ScopeInfo> info = scope_info(kAcquireLoad);
     if (!info->HasOuterScopeInfo()) return false;
     outer_info = info->OuterScopeInfo();
   }
@@ -619,8 +609,9 @@ bool SharedFunctionInfo::HasOuterScopeInfo() const {
 
 Tagged<ScopeInfo> SharedFunctionInfo::GetOuterScopeInfo() const {
   DCHECK(HasOuterScopeInfo());
-  if (!is_compiled()) return Cast<ScopeInfo>(outer_scope_info());
-  return scope_info(kAcquireLoad)->OuterScopeInfo();
+  Tagged<ScopeInfo> info = scope_info(kAcquireLoad);
+  if (info->IsEmpty()) return Cast<ScopeInfo>(outer_scope_info());
+  return info->OuterScopeInfo();
 }
 
 void SharedFunctionInfo::set_outer_scope_info(Tagged<HeapObject> value,
@@ -628,6 +619,7 @@ void SharedFunctionInfo::set_outer_scope_info(Tagged<HeapObject> value,
   DCHECK(!is_compiled());
   DCHECK(IsTheHole(raw_outer_scope_info_or_feedback_metadata()));
   DCHECK(IsScopeInfo(value) || IsTheHole(value));
+  DCHECK(scope_info()->IsEmpty());
   set_raw_outer_scope_info_or_feedback_metadata(value, mode);
 }
 
@@ -653,9 +645,8 @@ RELEASE_ACQUIRE_ACCESSORS_CHECKED2(SharedFunctionInfo, feedback_metadata,
                                        IsFeedbackMetadata(value))
 
 bool SharedFunctionInfo::is_compiled() const {
-  Tagged<Object> data = function_data(kAcquireLoad);
-  return data != Smi::FromEnum(Builtin::kCompileLazy) &&
-         !IsUncompiledData(data);
+  return GetUntrustedData() != Smi::FromEnum(Builtin::kCompileLazy) &&
+         !HasUncompiledData();
 }
 
 template <typename IsolateT>
@@ -703,29 +694,20 @@ bool SharedFunctionInfo::CanCollectSourcePosition(Isolate* isolate) {
 }
 
 bool SharedFunctionInfo::IsApiFunction() const {
-  return IsFunctionTemplateInfo(function_data(kAcquireLoad));
+  return IsFunctionTemplateInfo(GetUntrustedData());
 }
 
 DEF_GETTER(SharedFunctionInfo, api_func_data, Tagged<FunctionTemplateInfo>) {
   DCHECK(IsApiFunction());
-  return Cast<FunctionTemplateInfo>(function_data(kAcquireLoad));
+  return Cast<FunctionTemplateInfo>(GetUntrustedData());
 }
 
 DEF_GETTER(SharedFunctionInfo, HasBytecodeArray, bool) {
-#ifdef V8_ENABLE_SANDBOX
-  // For builtin SFIs in read-only space, we cannot get the isolate.
-  // TODO(saelo): Can we find a way around the HasBuiltinId() check?
-  if (HasBuiltinId()) return false;
-  Tagged<Object> data = GetData(GetIsolateForSandbox(*this));
+  Tagged<Object> data = GetTrustedData();
+  // If the SFI has no trusted data, GetTrustedData() will return Smi::zero().
   if (IsSmi(data)) return false;
   InstanceType instance_type =
       Cast<HeapObject>(data)->map(cage_base)->instance_type();
-#else
-  Tagged<Object> data = function_data(kAcquireLoad);
-  if (!IsHeapObject(data)) return false;
-  InstanceType instance_type =
-      Cast<HeapObject>(data)->map(cage_base)->instance_type();
-#endif
   return InstanceTypeChecker::IsBytecodeArray(instance_type) ||
          InstanceTypeChecker::IsInterpreterData(instance_type) ||
          InstanceTypeChecker::IsCode(instance_type);
@@ -740,7 +722,7 @@ Tagged<BytecodeArray> SharedFunctionInfo::GetBytecodeArray(
   DCHECK(HasBytecodeArray());
 
   Isolate* main_isolate = isolate->GetMainThreadIsolateUnsafe();
-  base::Optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(main_isolate);
+  std::optional<Tagged<DebugInfo>> debug_info = TryGetDebugInfo(main_isolate);
   if (debug_info.has_value() &&
       debug_info.value()->HasInstrumentedBytecodeArray()) {
     return debug_info.value()->OriginalBytecodeArray(main_isolate);
@@ -751,24 +733,7 @@ Tagged<BytecodeArray> SharedFunctionInfo::GetBytecodeArray(
 
 Tagged<BytecodeArray> SharedFunctionInfo::GetActiveBytecodeArray(
     IsolateForSandbox isolate) const {
-#ifdef V8_ENABLE_SANDBOX
-  // When the sandbox is enabled, the bytecode array must be loaded via the
-  // trusted pointer field. Loading it from the (tagged) function_data field
-  // would not be safe. Here we can't use ReadTrustedPointerField but instead
-  // need an acquire load of the handle to synchronize with the release store in
-  // set_trusted_function_data. Technically, we'd only need memory_order_consume
-  // since we're dealing with dependent loads, but that ordering is not
-  // currently supported (and that's why ReadTrustedPointerField uses a relaxed
-  // load, but TSan doesn't like that).
-  auto trusted_data_slot = RawIndirectPointerField(kTrustedFunctionDataOffset,
-                                                   kUnknownIndirectPointerTag);
-  IndirectPointerHandle trusted_data_handle =
-      trusted_data_slot.Acquire_LoadHandle();
-  Tagged<Object> data =
-      trusted_data_slot.ResolveHandle(trusted_data_handle, isolate);
-#else
-  Tagged<Object> data = function_data(kAcquireLoad);
-#endif  // V8_ENABLE_SANDBOX
+  Tagged<Object> data = GetTrustedData(isolate);
   if (IsCode(data)) {
     Tagged<Code> baseline_code = Cast<Code>(data);
     data = baseline_code->bytecode_or_interpreter_data();
@@ -798,15 +763,15 @@ void SharedFunctionInfo::SetActiveBytecodeArray(Tagged<BytecodeArray> bytecode,
 }
 
 void SharedFunctionInfo::set_bytecode_array(Tagged<BytecodeArray> bytecode) {
-  DCHECK(function_data(kAcquireLoad) == Smi::FromEnum(Builtin::kCompileLazy) ||
+  DCHECK(GetUntrustedData() == Smi::FromEnum(Builtin::kCompileLazy) ||
          HasUncompiledData());
-  SetData(bytecode, kReleaseStore, DataType::kTrusted);
+  SetTrustedData(bytecode);
 }
 
 void SharedFunctionInfo::overwrite_bytecode_array(
     Tagged<BytecodeArray> bytecode) {
   DCHECK(HasBytecodeArray());
-  SetData(bytecode, kReleaseStore, DataType::kTrusted);
+  SetTrustedData(bytecode);
 }
 
 Tagged<Code> SharedFunctionInfo::InterpreterTrampoline(
@@ -816,7 +781,7 @@ Tagged<Code> SharedFunctionInfo::InterpreterTrampoline(
 }
 
 bool SharedFunctionInfo::HasInterpreterData(IsolateForSandbox isolate) const {
-  Tagged<Object> data = GetData(isolate);
+  Tagged<Object> data = GetTrustedData(isolate);
   if (IsCode(data)) {
     Tagged<Code> baseline_code = Cast<Code>(data);
     DCHECK_EQ(baseline_code->kind(), CodeKind::BASELINE);
@@ -828,16 +793,13 @@ bool SharedFunctionInfo::HasInterpreterData(IsolateForSandbox isolate) const {
 Tagged<InterpreterData> SharedFunctionInfo::interpreter_data(
     IsolateForSandbox isolate) const {
   DCHECK(HasInterpreterData(isolate));
-#ifdef V8_ENABLE_SANDBOX
-  Tagged<Object> data = trusted_function_data(isolate, kAcquireLoad);
-#else
-  Tagged<Object> data = function_data(kAcquireLoad);
-#endif
+  Tagged<Object> data = GetTrustedData(isolate);
   if (IsCode(data)) {
     Tagged<Code> baseline_code = Cast<Code>(data);
     DCHECK_EQ(baseline_code->kind(), CodeKind::BASELINE);
     data = baseline_code->bytecode_or_interpreter_data();
   }
+  SBXCHECK(IsInterpreterData(data));
   return Cast<InterpreterData>(data);
 }
 
@@ -845,97 +807,74 @@ void SharedFunctionInfo::set_interpreter_data(
     Tagged<InterpreterData> interpreter_data, WriteBarrierMode mode) {
   DCHECK(v8_flags.interpreted_frames_native_stack);
   DCHECK(!HasBaselineCode());
-  SetData(interpreter_data, kReleaseStore, DataType::kTrusted, mode);
+  SetTrustedData(interpreter_data, mode);
 }
 
 DEF_GETTER(SharedFunctionInfo, HasBaselineCode, bool) {
-#ifdef V8_ENABLE_SANDBOX
-  // Micro-optimization: we just need to look at the indirect pointer handle
-  // stored in the trusted_function_data field and check if that is a code
-  // pointer handle.
-  IndirectPointerHandle handle = trusted_function_data_handle(kAcquireLoad);
-  if (handle & kCodePointerHandleMarker) {
-    DCHECK_EQ(Cast<Code>(GetData(GetIsolateForSandbox(*this)))->kind(),
-              CodeKind::BASELINE);
-    return true;
-  }
-  return false;
-#else
-  Tagged<Object> data = function_data(cage_base, kAcquireLoad);
+  Tagged<Object> data = GetTrustedData();
   if (IsCode(data, cage_base)) {
     DCHECK_EQ(Cast<Code>(data)->kind(), CodeKind::BASELINE);
     return true;
   }
   return false;
-#endif
 }
 
 DEF_ACQUIRE_GETTER(SharedFunctionInfo, baseline_code, Tagged<Code>) {
   DCHECK(HasBaselineCode(cage_base));
-#ifdef V8_ENABLE_SANDBOX
-  return Cast<Code>(
-      trusted_function_data(GetIsolateForSandbox(*this), kAcquireLoad));
-#else
-  return Cast<Code>(function_data(cage_base, kAcquireLoad));
-#endif
+  IsolateForSandbox isolate = GetIsolateForSandbox(*this);
+  return GetTrustedData<Code, kCodeIndirectPointerTag>(isolate);
 }
 
 void SharedFunctionInfo::set_baseline_code(Tagged<Code> baseline_code,
                                            ReleaseStoreTag tag,
                                            WriteBarrierMode mode) {
   DCHECK_EQ(baseline_code->kind(), CodeKind::BASELINE);
-  SetData(baseline_code, tag, DataType::kTrusted, mode);
+  SetTrustedData(baseline_code, mode);
 }
 
 void SharedFunctionInfo::FlushBaselineCode() {
   DCHECK(HasBaselineCode());
-  SetData(baseline_code(kAcquireLoad)->bytecode_or_interpreter_data(),
-          kReleaseStore, DataType::kTrusted);
+  Tagged<TrustedObject> new_data =
+      baseline_code(kAcquireLoad)->bytecode_or_interpreter_data();
+  DCHECK(IsBytecodeArray(new_data) || IsInterpreterData(new_data));
+  SetTrustedData(Cast<ExposedTrustedObject>(new_data));
 }
 
 #if V8_ENABLE_WEBASSEMBLY
 bool SharedFunctionInfo::HasAsmWasmData() const {
-  return IsAsmWasmData(function_data(kAcquireLoad));
+  return IsAsmWasmData(GetUntrustedData());
 }
 
 bool SharedFunctionInfo::HasWasmFunctionData() const {
-  // For builtin SFIs in read-only space, we cannot get the isolate.
-  if (HasBuiltinId()) return false;
-  return IsWasmFunctionData(GetData(GetIsolateForSandbox(*this)));
+  return IsWasmFunctionData(GetTrustedData());
 }
 
 bool SharedFunctionInfo::HasWasmExportedFunctionData() const {
-  // For builtin SFIs in read-only space, we cannot get the isolate.
-  if (HasBuiltinId()) return false;
-  return IsWasmExportedFunctionData(GetData(GetIsolateForSandbox(*this)));
+  return IsWasmExportedFunctionData(GetTrustedData());
 }
 
 bool SharedFunctionInfo::HasWasmJSFunctionData() const {
-  // For builtin SFIs in read-only space, we cannot get the isolate.
-  if (HasBuiltinId()) return false;
-  return IsWasmJSFunctionData(GetData(GetIsolateForSandbox(*this)));
+  return IsWasmJSFunctionData(GetTrustedData());
 }
 
 bool SharedFunctionInfo::HasWasmCapiFunctionData() const {
-  // For builtin SFIs in read-only space, we cannot get the isolate.
-  if (HasBuiltinId()) return false;
-  return IsWasmCapiFunctionData(GetData(GetIsolateForSandbox(*this)));
+  return IsWasmCapiFunctionData(GetTrustedData());
 }
 
 bool SharedFunctionInfo::HasWasmResumeData() const {
-  return IsWasmResumeData(function_data(kAcquireLoad));
+  return IsWasmResumeData(GetUntrustedData());
 }
 
 DEF_GETTER(SharedFunctionInfo, asm_wasm_data, Tagged<AsmWasmData>) {
   DCHECK(HasAsmWasmData());
-  return Cast<AsmWasmData>(function_data(kAcquireLoad));
+  return Cast<AsmWasmData>(GetUntrustedData());
 }
 
 void SharedFunctionInfo::set_asm_wasm_data(Tagged<AsmWasmData> data,
                                            WriteBarrierMode mode) {
-  DCHECK(function_data(kAcquireLoad) == Smi::FromEnum(Builtin::kCompileLazy) ||
+  DCHECK(GetUntrustedData() == Smi::FromEnum(Builtin::kCompileLazy) ||
          HasUncompiledData() || HasAsmWasmData());
-  SetData(data, kReleaseStore, DataType::kRegular, mode);
+  SetUntrustedData(data, mode);
 }
 
 const wasm::WasmModule* SharedFunctionInfo::wasm_module() const {
@@ -965,75 +904,52 @@ int SharedFunctionInfo::wasm_function_index() const {
 
 DEF_GETTER(SharedFunctionInfo, wasm_function_data, Tagged<WasmFunctionData>) {
   DCHECK(HasWasmFunctionData());
-#ifdef V8_ENABLE_SANDBOX
   // TODO(saelo): It would be nicer if the caller provided an IsolateForSandbox.
-  return Cast<WasmFunctionData>(
-      trusted_function_data(GetIsolateForSandbox(*this), kAcquireLoad));
-#else
-  return Cast<WasmFunctionData>(function_data(cage_base, kAcquireLoad));
-#endif
+  return GetTrustedData<WasmFunctionData, kWasmFunctionDataIndirectPointerTag>(
+      GetIsolateForSandbox(*this));
 }
 
 DEF_GETTER(SharedFunctionInfo, wasm_exported_function_data,
            Tagged<WasmExportedFunctionData>) {
   DCHECK(HasWasmExportedFunctionData());
-#ifdef V8_ENABLE_SANDBOX
-  return Cast<WasmExportedFunctionData>(
-      trusted_function_data(GetIsolateForSandbox(*this), kAcquireLoad));
-#else
-  return Cast<WasmExportedFunctionData>(function_data(cage_base, kAcquireLoad));
-#endif
+  Tagged<WasmFunctionData> data = wasm_function_data();
+  // TODO(saelo): the SBXCHECKs here and below are only needed because our type
+  // tags don't currently support type hierarchies.
+  SBXCHECK(IsWasmExportedFunctionData(data));
+  return Cast<WasmExportedFunctionData>(data);
 }
 
 DEF_GETTER(SharedFunctionInfo, wasm_js_function_data,
            Tagged<WasmJSFunctionData>) {
   DCHECK(HasWasmJSFunctionData());
-#ifdef V8_ENABLE_SANDBOX
-  return Cast<WasmJSFunctionData>(
-      trusted_function_data(GetIsolateForSandbox(*this), kAcquireLoad));
-#else
-  return Cast<WasmJSFunctionData>(function_data(cage_base, kAcquireLoad));
-#endif
+  Tagged<WasmFunctionData> data = wasm_function_data();
+  SBXCHECK(IsWasmJSFunctionData(data));
+  return Cast<WasmJSFunctionData>(data);
 }
 
 DEF_GETTER(SharedFunctionInfo, wasm_capi_function_data,
            Tagged<WasmCapiFunctionData>) {
   DCHECK(HasWasmCapiFunctionData());
-#if V8_ENABLE_SANDBOX
-  return Cast<WasmCapiFunctionData>(
-      trusted_function_data(GetIsolateForSandbox(*this), kAcquireLoad));
-#else
-  return Cast<WasmCapiFunctionData>(function_data(cage_base, kAcquireLoad));
-#endif
+  Tagged<WasmFunctionData> data = wasm_function_data();
+  SBXCHECK(IsWasmCapiFunctionData(data));
+  return Cast<WasmCapiFunctionData>(data);
 }
 
 DEF_GETTER(SharedFunctionInfo, wasm_resume_data, Tagged<WasmResumeData>) {
   DCHECK(HasWasmResumeData());
-  return Cast<WasmResumeData>(function_data(cage_base, kAcquireLoad));
+  return Cast<WasmResumeData>(GetUntrustedData());
 }
 
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 bool SharedFunctionInfo::HasBuiltinId() const {
-#ifdef V8_ENABLE_SANDBOX
-  if (trusted_function_data_handle(kAcquireLoad) !=
-      kNullIndirectPointerHandle) {
-    return false;
-  }
-  // It can happen that SetData is called on another thread at this point and
-  // transitions from function_data to trusted_function_data. In this case,
-  // we'll see the kClearedFunctionDataValue Smi value here and so must be able
-  // to handle that, for example by checking that the id is a valid builtin id.
-  static_assert(!Builtins::IsBuiltinId(kClearedFunctionDataValue));
-  Tagged<Object> data = function_data(kAcquireLoad);
+  Tagged<Object> data = GetUntrustedData();
   return IsSmi(data) && Builtins::IsBuiltinId(Smi::ToInt(data));
-#endif
-  return IsSmi(function_data(kAcquireLoad));
 }
 
 Builtin SharedFunctionInfo::builtin_id() const {
   DCHECK(HasBuiltinId());
-  int id = Smi::ToInt(function_data(kAcquireLoad));
+  int id = Smi::ToInt(GetUntrustedData());
   // The builtin id is read from the heap and so must be assumed to be
   // untrusted in the sandbox attacker model. As it is considered trusted by
   // e.g. `GetCode` (when fetching the code for this SFI), we validate it here.
@@ -1043,51 +959,56 @@ Builtin SharedFunctionInfo::builtin_id() const {
 
 void SharedFunctionInfo::set_builtin_id(Builtin builtin) {
   DCHECK(Builtins::IsBuiltinId(builtin));
-  SetData(Smi::FromInt(static_cast<int>(builtin)), kReleaseStore,
-          DataType::kRegular, SKIP_WRITE_BARRIER);
+  SetUntrustedData(Smi::FromInt(static_cast<int>(builtin)), SKIP_WRITE_BARRIER);
 }
 
 bool SharedFunctionInfo::HasUncompiledData() const {
-  return IsUncompiledData(function_data(kAcquireLoad));
+  return IsUncompiledData(GetTrustedData());
 }
 
-DEF_GETTER(SharedFunctionInfo, uncompiled_data, Tagged<UncompiledData>) {
+Tagged<UncompiledData> SharedFunctionInfo::uncompiled_data(
+    IsolateForSandbox isolate) const {
   DCHECK(HasUncompiledData());
-  return Cast<UncompiledData>(function_data(cage_base, kAcquireLoad));
+  return GetTrustedData<UncompiledData, kUncompiledDataIndirectPointerTag>(
+      isolate);
 }
 
 void SharedFunctionInfo::set_uncompiled_data(
     Tagged<UncompiledData> uncompiled_data, WriteBarrierMode mode) {
-  DCHECK(function_data(kAcquireLoad) == Smi::FromEnum(Builtin::kCompileLazy) ||
-         HasUncompiledData() || HasBytecodeArray() || HasBaselineCode());
   DCHECK(IsUncompiledData(uncompiled_data));
-  SetData(uncompiled_data, kReleaseStore);
+  SetTrustedData(uncompiled_data, mode);
 }
 
 bool SharedFunctionInfo::HasUncompiledDataWithPreparseData() const {
-  return IsUncompiledDataWithPreparseData(function_data(kAcquireLoad));
+  return IsUncompiledDataWithPreparseData(GetTrustedData());
 }
 
 Tagged<UncompiledDataWithPreparseData>
-SharedFunctionInfo::uncompiled_data_with_preparse_data() const {
+SharedFunctionInfo::uncompiled_data_with_preparse_data(
+    IsolateForSandbox isolate) const {
   DCHECK(HasUncompiledDataWithPreparseData());
-  return Cast<UncompiledDataWithPreparseData>(function_data(kAcquireLoad));
+  Tagged<UncompiledData> data = uncompiled_data(isolate);
+  // TODO(saelo): this SBXCHECK is needed because our type tags don't currently
+  // support type hierarchies.
+  SBXCHECK(IsUncompiledDataWithPreparseData(data));
+  return Cast<UncompiledDataWithPreparseData>(data);
 }
 
 void SharedFunctionInfo::set_uncompiled_data_with_preparse_data(
     Tagged<UncompiledDataWithPreparseData> uncompiled_data_with_preparse_data,
     WriteBarrierMode mode) {
-  DCHECK(function_data(kAcquireLoad) == Smi::FromEnum(Builtin::kCompileLazy));
+  DCHECK_EQ(GetUntrustedData(), Smi::FromEnum(Builtin::kCompileLazy));
   DCHECK(IsUncompiledDataWithPreparseData(uncompiled_data_with_preparse_data));
-  SetData(uncompiled_data_with_preparse_data, kReleaseStore);
+  SetTrustedData(uncompiled_data_with_preparse_data, mode);
 }
 
 bool SharedFunctionInfo::HasUncompiledDataWithoutPreparseData() const {
-  return IsUncompiledDataWithoutPreparseData(function_data(kAcquireLoad));
+  return IsUncompiledDataWithoutPreparseData(GetTrustedData());
 }
 
-void SharedFunctionInfo::ClearUncompiledDataJobPointer() {
-  Tagged<UncompiledData> uncompiled_data = this->uncompiled_data();
+void SharedFunctionInfo::ClearUncompiledDataJobPointer(
+    IsolateForSandbox isolate) {
+  Tagged<UncompiledData> uncompiled_data = this->uncompiled_data(isolate);
   if (IsUncompiledDataWithPreparseDataAndJob(uncompiled_data)) {
     Cast<UncompiledDataWithPreparseDataAndJob>(uncompiled_data)
         ->set_job(kNullAddress);
@@ -1097,10 +1018,10 @@ void SharedFunctionInfo::ClearUncompiledDataJobPointer() {
   }
 }
 
-void SharedFunctionInfo::ClearPreparseData() {
+void SharedFunctionInfo::ClearPreparseData(IsolateForSandbox isolate) {
   DCHECK(HasUncompiledDataWithPreparseData());
   Tagged<UncompiledDataWithPreparseData> data =
-      uncompiled_data_with_preparse_data();
+      uncompiled_data_with_preparse_data(isolate);
 
   // Trim off the pre-parsed scope data from the uncompiled data by swapping the
   // map, leaving only an uncompiled data without pre-parsed scope.
@@ -1130,10 +1051,14 @@ void SharedFunctionInfo::ClearPreparseData() {
 }
 
 void UncompiledData::InitAfterBytecodeFlush(
-    Tagged<String> inferred_name, int start_position, int end_position,
+    IsolateForSandbox isolate, Tagged<String> inferred_name, int start_position,
+    int end_position,
     std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
                        Tagged<HeapObject> target)>
         gc_notify_updated_slot) {
+#ifdef V8_ENABLE_SANDBOX
+  init_self_indirect_pointer(isolate);
+#endif
   set_inferred_name(inferred_name);
   gc_notify_updated_slot(*this, RawField(UncompiledData::kInferredNameOffset),
                          inferred_name);
@@ -1162,7 +1087,8 @@ DEF_GETTER(SharedFunctionInfo, inferred_name, Tagged<String>) {
       if (IsString(name)) return Cast<String>(name);
     }
   } else if (HasUncompiledData()) {
-    return uncompiled_data(cage_base)->inferred_name(cage_base);
+    return uncompiled_data(GetIsolateForSandbox(*this))
+        ->inferred_name(cage_base);
   }
   return GetReadOnlyRoots().empty_string();
 }
@@ -1210,8 +1136,7 @@ OBJECT_CONSTRUCTORS_IMPL(SharedFunctionInfoWrapper, TrustedObject)
 ACCESSORS(SharedFunctionInfoWrapper, shared_info, Tagged<SharedFunctionInfo>,
           kSharedInfoOffset)
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/shared-function-info.cc b/deps/v8/src/objects/shared-function-info.cc
index fffd2a6076ac2d..db8fe6c02b8913 100644
--- a/deps/v8/src/objects/shared-function-info.cc
+++ b/deps/v8/src/objects/shared-function-info.cc
@@ -4,6 +4,8 @@
 
 #include "src/objects/shared-function-info.h"
 
+#include <optional>
+
 #include "src/ast/ast.h"
 #include "src/ast/scopes.h"
 #include "src/codegen/compilation-cache.h"
@@ -17,8 +19,7 @@
 #include "src/objects/shared-function-info-inl.h"
 #include "src/strings/string-builder-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 V8_EXPORT_PRIVATE constexpr Tagged<Smi>
     SharedFunctionInfo::kNoSharedNameSentinel;
@@ -50,7 +51,7 @@ void SharedFunctionInfo::Init(ReadOnlyRoots ro_roots, int unique_id) {
   set_raw_outer_scope_info_or_feedback_metadata(ro_roots.the_hole_value(),
                                                 SKIP_WRITE_BARRIER);
   set_script(ro_roots.undefined_value(), kReleaseStore, SKIP_WRITE_BARRIER);
-  set_function_literal_id(kFunctionLiteralIdInvalid);
+  set_function_literal_id(kInvalidInfoId);
   set_unique_id(unique_id);
 
   // Set integer fields (smi or int, depending on the architecture).
@@ -77,80 +78,92 @@ Tagged<Code> SharedFunctionInfo::GetCode(Isolate* isolate) const {
   // GetSharedFunctionInfoCode method in code-stub-assembler.cc.
   // ======
 
-  Tagged<Object> data = GetData(isolate);
-  if (IsSmi(data)) {
-    // Holding a Smi means we are a builtin.
-    DCHECK(HasBuiltinId());
-    return isolate->builtins()->code(builtin_id());
-  }
-  if (IsBytecodeArray(data)) {
-    // Having a bytecode array means we are a compiled, interpreted function.
-    DCHECK(HasBytecodeArray());
-    return isolate->builtins()->code(Builtin::kInterpreterEntryTrampoline);
-  }
-  if (IsCode(data)) {
-    // Having baseline Code means we are a compiled, baseline function.
-    DCHECK(HasBaselineCode());
-    return Cast<Code>(data);
-  }
+  Tagged<Object> data = GetTrustedData(isolate);
+  if (data != Smi::zero()) {
+    DCHECK(HasTrustedData());
+
+    if (IsBytecodeArray(data)) {
+      // Having a bytecode array means we are a compiled, interpreted function.
+      DCHECK(HasBytecodeArray());
+      return isolate->builtins()->code(Builtin::kInterpreterEntryTrampoline);
+    }
+    if (IsCode(data)) {
+      // Having baseline Code means we are a compiled, baseline function.
+      DCHECK(HasBaselineCode());
+      return Cast<Code>(data);
+    }
+    if (IsInterpreterData(data)) {
+      Tagged<Code> code = InterpreterTrampoline(isolate);
+      DCHECK(IsCode(code));
+      DCHECK(code->is_interpreter_trampoline_builtin());
+      return code;
+    }
+    if (IsUncompiledData(data)) {
+      // Having uncompiled data (with or without scope) means we need to
+      // compile.
+      DCHECK(HasUncompiledData());
+      return isolate->builtins()->code(Builtin::kCompileLazy);
+    }
 #if V8_ENABLE_WEBASSEMBLY
-  if (IsAsmWasmData(data)) {
-    // Having AsmWasmData means we are an asm.js/wasm function.
-    DCHECK(HasAsmWasmData());
-    return isolate->builtins()->code(Builtin::kInstantiateAsmJs);
-  }
-  if (IsWasmExportedFunctionData(data)) {
-    // Having a WasmExportedFunctionData means the code is in there.
-    DCHECK(HasWasmExportedFunctionData());
-    return wasm_exported_function_data()->wrapper_code(isolate);
-  }
-  if (IsWasmJSFunctionData(data)) {
-    return wasm_js_function_data()->wrapper_code(isolate);
-  }
-  if (IsWasmCapiFunctionData(data)) {
-    return wasm_capi_function_data()->wrapper_code(isolate);
-  }
-  if (IsWasmResumeData(data)) {
-    if (static_cast<wasm::OnResume>(wasm_resume_data()->on_resume()) ==
-        wasm::OnResume::kContinue) {
-      return isolate->builtins()->code(Builtin::kWasmResume);
-    } else {
-      return isolate->builtins()->code(Builtin::kWasmReject);
+    if (IsWasmExportedFunctionData(data)) {
+      // Having a WasmExportedFunctionData means the code is in there.
+      DCHECK(HasWasmExportedFunctionData());
+      return wasm_exported_function_data()->wrapper_code(isolate);
+    }
+    if (IsWasmJSFunctionData(data)) {
+      return wasm_js_function_data()->wrapper_code(isolate);
+    }
+    if (IsWasmCapiFunctionData(data)) {
+      return wasm_capi_function_data()->wrapper_code(isolate);
+    }
+#endif  // V8_ENABLE_WEBASSEMBLY
+  } else {
+    DCHECK(HasUntrustedData());
+    data = GetUntrustedData();
+
+    if (IsSmi(data)) {
+      // Holding a Smi means we are a builtin.
+      DCHECK(HasBuiltinId());
+      return isolate->builtins()->code(builtin_id());
+    }
+    if (IsFunctionTemplateInfo(data)) {
+      // Having a function template info means we are an API function.
+      DCHECK(IsApiFunction());
+      return isolate->builtins()->code(Builtin::kHandleApiCallOrConstruct);
+    }
+#if V8_ENABLE_WEBASSEMBLY
+    if (IsAsmWasmData(data)) {
+      // Having AsmWasmData means we are an asm.js/wasm function.
+      DCHECK(HasAsmWasmData());
+      return isolate->builtins()->code(Builtin::kInstantiateAsmJs);
+    }
+    if (IsWasmResumeData(data)) {
+      if (static_cast<wasm::OnResume>(wasm_resume_data()->on_resume()) ==
+          wasm::OnResume::kContinue) {
+        return isolate->builtins()->code(Builtin::kWasmResume);
+      } else {
+        return isolate->builtins()->code(Builtin::kWasmReject);
+      }
     }
-  }
 #endif  // V8_ENABLE_WEBASSEMBLY
-  if (IsUncompiledData(data)) {
-    // Having uncompiled data (with or without scope) means we need to compile.
-    DCHECK(HasUncompiledData());
-    return isolate->builtins()->code(Builtin::kCompileLazy);
-  }
-  if (IsFunctionTemplateInfo(data)) {
-    // Having a function template info means we are an API function.
-    DCHECK(IsApiFunction());
-    return isolate->builtins()->code(Builtin::kHandleApiCallOrConstruct);
-  }
-  if (IsInterpreterData(data)) {
-    Tagged<Code> code = InterpreterTrampoline(isolate);
-    DCHECK(IsCode(code));
-    DCHECK(code->is_interpreter_trampoline_builtin());
-    return code;
   }
+
   UNREACHABLE();
 }
 
 SharedFunctionInfo::ScriptIterator::ScriptIterator(Isolate* isolate,
                                                    Tagged<Script> script)
-    : ScriptIterator(handle(script->shared_function_infos(), isolate)) {}
+    : ScriptIterator(handle(script->infos(), isolate)) {}
 
-SharedFunctionInfo::ScriptIterator::ScriptIterator(
-    Handle<WeakFixedArray> shared_function_infos)
-    : shared_function_infos_(shared_function_infos), index_(0) {}
+SharedFunctionInfo::ScriptIterator::ScriptIterator(Handle<WeakFixedArray> infos)
+    : infos_(infos), index_(0) {}
 
 Tagged<SharedFunctionInfo> SharedFunctionInfo::ScriptIterator::Next() {
-  while (index_ < shared_function_infos_->length()) {
-    Tagged<MaybeObject> raw = shared_function_infos_->get(index_++);
+  while (index_ < infos_->length()) {
+    Tagged<MaybeObject> raw = infos_->get(index_++);
     Tagged<HeapObject> heap_object;
-    if (!raw.GetHeapObject(&heap_object) || IsUndefined(heap_object)) {
+    if (!raw.GetHeapObject(&heap_object) ||
+        !IsSharedFunctionInfo(heap_object)) {
       continue;
     }
     return Cast<SharedFunctionInfo>(heap_object);
@@ -160,11 +173,12 @@ Tagged<SharedFunctionInfo> SharedFunctionInfo::ScriptIterator::Next() {
 
 void SharedFunctionInfo::ScriptIterator::Reset(Isolate* isolate,
                                                Tagged<Script> script) {
-  shared_function_infos_ = handle(script->shared_function_infos(), isolate);
+  infos_ = handle(script->infos(), isolate);
   index_ = 0;
 }
 
-void SharedFunctionInfo::SetScript(ReadOnlyRoots roots,
+void SharedFunctionInfo::SetScript(IsolateForSandbox isolate,
+                                   ReadOnlyRoots roots,
                                    Tagged<HeapObject> script_object,
                                    int function_literal_id,
                                    bool reset_preparsed_scope_data) {
@@ -173,7 +187,7 @@ void SharedFunctionInfo::SetScript(ReadOnlyRoots roots,
   if (script() == script_object) return;
 
   if (reset_preparsed_scope_data && HasUncompiledDataWithPreparseData()) {
-    ClearPreparseData();
+    ClearPreparseData(isolate);
   }
 
   // Add shared function info to new script's list. If a collection occurs,
@@ -183,7 +197,7 @@ void SharedFunctionInfo::SetScript(ReadOnlyRoots roots,
   if (IsScript(script_object)) {
     DCHECK(!IsScript(script()));
     Tagged<Script> script = Cast<Script>(script_object);
-    Tagged<WeakFixedArray> list = script->shared_function_infos();
+    Tagged<WeakFixedArray> list = script->infos();
 #ifdef DEBUG
     DCHECK_LT(function_literal_id, list->length());
     Tagged<MaybeObject> maybe_object = list->get(function_literal_id);
@@ -201,14 +215,12 @@ void SharedFunctionInfo::SetScript(ReadOnlyRoots roots,
 
     // Due to liveedit, it might happen that the old_script doesn't know
     // about the SharedFunctionInfo, so we have to guard against that.
-    Tagged<WeakFixedArray> infos = old_script->shared_function_infos();
+    Tagged<WeakFixedArray> infos = old_script->infos();
     if (function_literal_id < infos->length()) {
-      Tagged<MaybeObject> raw =
-          old_script->shared_function_infos()->get(function_literal_id);
+      Tagged<MaybeObject> raw = old_script->infos()->get(function_literal_id);
       Tagged<HeapObject> heap_object;
       if (raw.GetHeapObjectIfWeak(&heap_object) && heap_object == *this) {
-        old_script->shared_function_infos()->set(function_literal_id,
-                                                 roots.undefined_value());
+        old_script->infos()->set(function_literal_id, roots.undefined_value());
       }
     }
   }
@@ -219,17 +231,13 @@ void SharedFunctionInfo::SetScript(ReadOnlyRoots roots,
 
 void SharedFunctionInfo::CopyFrom(Tagged<SharedFunctionInfo> other,
                                   IsolateForSandbox isolate) {
-  PtrComprCageBase cage_base = GetPtrComprCageBase(*this);
-#ifdef V8_ENABLE_SANDBOX
-  if (other->has_trusted_function_data()) {
-    set_trusted_function_data(
-        other->trusted_function_data(isolate, kAcquireLoad), kReleaseStore);
+  if (other->HasTrustedData()) {
+    SetTrustedData(Cast<ExposedTrustedObject>(other->GetTrustedData(isolate)));
   } else {
-    clear_trusted_function_data(kReleaseStore);
+    SetUntrustedData(other->GetUntrustedData());
   }
-#endif
-  set_function_data(other->function_data(cage_base, kAcquireLoad),
-                    kReleaseStore);
+
+  PtrComprCageBase cage_base = GetPtrComprCageBase(*this);
   set_name_or_scope_info(other->name_or_scope_info(cage_base, kAcquireLoad),
                          kReleaseStore);
   set_outer_scope_info_or_feedback_metadata(
@@ -267,11 +275,25 @@ bool SharedFunctionInfo::HasDebugInfo(Isolate* isolate) const {
   return isolate->debug()->HasDebugInfo(*this);
 }
 
+// Needs to be kept in sync with Scope::UniqueIdInScript and
+// ScopeInfo::UniqueIdInScript.
+int SharedFunctionInfo::UniqueIdInScript() const {
+  // Script scopes start "before" the script to avoid clashing with a scope that
+  // starts on character 0.
+  if (function_literal_id() == kFunctionLiteralIdTopLevel) return -2;
+  // Wrapped functions start before the function body, but after the script
+  // start, to avoid clashing with a scope starting on character 0.
+  if (syntax_kind() == FunctionSyntaxKind::kWrapped) return -1;
+  // Default constructors have the same start position as their parent class
+  // scope. Use the next char position to distinguish this scope.
+  return StartPosition() + IsDefaultConstructor(kind());
+}
+
 Tagged<DebugInfo> SharedFunctionInfo::GetDebugInfo(Isolate* isolate) const {
   return isolate->debug()->TryGetDebugInfo(*this).value();
 }
 
-base::Optional<Tagged<DebugInfo>> SharedFunctionInfo::TryGetDebugInfo(
+std::optional<Tagged<DebugInfo>> SharedFunctionInfo::TryGetDebugInfo(
     Isolate* isolate) const {
   return isolate->debug()->TryGetDebugInfo(*this);
 }
@@ -407,13 +429,13 @@ void SharedFunctionInfo::DiscardCompiled(
   if (shared_info->HasUncompiledDataWithPreparseData()) {
     // If this is uncompiled data with a pre-parsed scope data, we can just
     // clear out the scope data and keep the uncompiled data.
-    shared_info->ClearPreparseData();
+    shared_info->ClearPreparseData(isolate);
     DCHECK(data.is_null());
   } else {
     // Update the function data to point to the UncompiledData without preparse
     // data created above. Use the raw function data setter to avoid validity
     // checks, since we're performing the unusual task of decompiling.
-    shared_info->SetData(*data.ToHandleChecked(), kReleaseStore);
+    shared_info->SetTrustedData(*data.ToHandleChecked());
   }
 }
 
@@ -694,7 +716,7 @@ int SharedFunctionInfo::StartPosition() const {
   }
   if (HasUncompiledData()) {
     // Works with or without scope.
-    return uncompiled_data()->start_position();
+    return uncompiled_data(GetIsolateForSandbox(*this))->start_position();
   }
   if (IsApiFunction() || HasBuiltinId()) {
     DCHECK_IMPLIES(HasBuiltinId(), builtin_id() != Builtin::kCompileLazy);
@@ -722,7 +744,7 @@ int SharedFunctionInfo::EndPosition() const {
   }
   if (HasUncompiledData()) {
     // Works with or without scope.
-    return uncompiled_data()->end_position();
+    return uncompiled_data(GetIsolateForSandbox(*this))->end_position();
   }
   if (IsApiFunction() || HasBuiltinId()) {
     DCHECK_IMPLIES(HasBuiltinId(), builtin_id() != Builtin::kCompileLazy);
@@ -741,7 +763,7 @@ int SharedFunctionInfo::EndPosition() const {
 }
 
 void SharedFunctionInfo::UpdateFromFunctionLiteralForLiveEdit(
-    FunctionLiteral* lit) {
+    IsolateForSandbox isolate, FunctionLiteral* lit) {
   Tagged<Object> maybe_scope_info = name_or_scope_info(kAcquireLoad);
   if (IsScopeInfo(maybe_scope_info)) {
     // Updating the ScopeInfo is safe since they are identical modulo
@@ -752,10 +774,10 @@ void SharedFunctionInfo::UpdateFromFunctionLiteralForLiveEdit(
   } else if (!is_compiled()) {
     CHECK(HasUncompiledData());
     if (HasUncompiledDataWithPreparseData()) {
-      ClearPreparseData();
+      ClearPreparseData(isolate);
     }
-    uncompiled_data()->set_start_position(lit->start_position());
-    uncompiled_data()->set_end_position(lit->end_position());
+    uncompiled_data(isolate)->set_start_position(lit->start_position());
+    uncompiled_data(isolate)->set_end_position(lit->end_position());
 
     if (!is_toplevel()) {
       Scope* outer_scope = lit->scope()->GetOuterScopeWithContext();
@@ -799,7 +821,7 @@ void SharedFunctionInfo::EnsureBytecodeArrayAvailable(
 void SharedFunctionInfo::EnsureSourcePositionsAvailable(
     Isolate* isolate, Handle<SharedFunctionInfo> shared_info) {
   if (shared_info->CanCollectSourcePosition(isolate)) {
-    base::Optional<Isolate::ExceptionScope> exception_scope;
+    std::optional<Isolate::ExceptionScope> exception_scope;
     if (isolate->has_exception()) {
       exception_scope.emplace(isolate);
     }
@@ -868,5 +890,4 @@ bool SharedFunctionInfo::UniqueIdsAreUnique(Isolate* isolate) {
 }
 #endif  // DEBUG
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/shared-function-info.h b/deps/v8/src/objects/shared-function-info.h
index ec3138b5baf8a3..ab6b353dde901b 100644
--- a/deps/v8/src/objects/shared-function-info.h
+++ b/deps/v8/src/objects/shared-function-info.h
@@ -6,6 +6,7 @@
 #define V8_OBJECTS_SHARED_FUNCTION_INFO_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/base/bit-field.h"
 #include "src/builtins/builtins.h"
@@ -27,9 +28,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-
-namespace internal {
+namespace v8::internal {
 
 class AsmWasmData;
 class BytecodeArray;
@@ -117,10 +116,12 @@ class PreparseData
 // Abstract class representing extra data for an uncompiled function, which is
 // not stored in the SharedFunctionInfo.
 class UncompiledData
-    : public TorqueGeneratedUncompiledData<UncompiledData, HeapObject> {
+    : public TorqueGeneratedUncompiledData<UncompiledData,
+                                           ExposedTrustedObject> {
  public:
   inline void InitAfterBytecodeFlush(
-      Tagged<String> inferred_name, int start_position, int end_position,
+      IsolateForSandbox isolate, Tagged<String> inferred_name,
+      int start_position, int end_position,
       std::function<void(Tagged<HeapObject> object, ObjectSlot slot,
                          Tagged<HeapObject> target)>
           gc_notify_updated_slot);
@@ -222,7 +223,8 @@ class SharedFunctionInfo
 
   // Set up the link between shared function info and the script. The shared
   // function info is added to the list on the script.
-  V8_EXPORT_PRIVATE void SetScript(ReadOnlyRoots roots,
+  V8_EXPORT_PRIVATE void SetScript(IsolateForSandbox isolate,
+                                   ReadOnlyRoots roots,
                                    Tagged<HeapObject> script_object,
                                    int function_literal_id,
                                    bool reset_preparsed_scope_data = true);
@@ -267,7 +269,7 @@ class SharedFunctionInfo
   V8_EXPORT_PRIVATE int StartPosition() const;
 
   V8_EXPORT_PRIVATE void UpdateFromFunctionLiteralForLiveEdit(
-      FunctionLiteral* lit);
+      IsolateForSandbox isolate, FunctionLiteral* lit);
 
   // [outer scope info | feedback metadata] Shared storage for outer scope info
   // (on uncompiled functions) and feedback metadata (on compiled functions).
@@ -327,7 +329,7 @@ class SharedFunctionInfo
   inline void DontAdaptArguments();
   inline bool IsDontAdaptArguments() const;
 
-  // Returns the data associated with this SFI.
+  // Accessors for the data associated with this SFI.
   //
   // Currently it can be one of:
   //  - a FunctionTemplateInfo to make benefit the API [IsApiFunction()].
@@ -347,64 +349,42 @@ class SharedFunctionInfo
   //
   // If the (expected) type of data is known, prefer to use the specialized
   // accessors (e.g. bytecode_array(), uncompiled_data(), etc.).
-  //
-  // TODO(chromium:1490564): it might be nice if we could split this into a
-  // "code" and a "data" field. The code field is a trusted pointer to
-  // executable code (bytecode or machine code) to run when invoking the
-  // function. The "data" field on the other hand should only contain metadata
-  // about the function and might be empty. GetCode() would then always return
-  // the Code object based on the code field (and possibly lazily compute that
-  // based on the data field, e.g. the builtin id), and GetData() would always
-  // return the additional data, but never any code. This requires going
-  // through the callers of this method to see if they want the code or the
-  // data of the SFI (or both) and making them call GetCode() instead if that's
-  // what they are interested in. It would also mean that for code flushing,
-  // we'd then only have to load the code field, but then had to check if we're
-  // bytecode, baseline code, or builtin code (which is never flushed).
-  inline Tagged<Object> GetData(IsolateForSandbox isolate) const;
+  inline Tagged<Object> GetTrustedData(IsolateForSandbox isolate) const;
+  inline Tagged<Object> GetUntrustedData() const;
 
- private:
-  // When the sandbox is enabled, the function's data is split across two
-  // fields, with the "trusted" part containing a trusted pointer and the
-  // regular/untrusted part containing a tagged pointer. In that case, code
-  // accessing the data field will first load the trusted data field. If that
-  // is empty (i.e. kNullIndirectPointerHandle), it will then load the regular
-  // field. With that, the only racy transition would be a tagged -> trusted
-  // transition (one thread may first read the empty trusted pointer, then
-  // another thread transitions to the trusted field, clearing the tagged
-  // field, and then the first thread continues to load the tagged field). As
-  // such, this transition is only allowed on the main thread. From a GC
-  // perspective, both fields always contain a valid value and so can be
-  // processed unconditionally.
-  // Only one of these two fields should be in use at any time and the other
-  // field should be cleared. As such, when setting these fields prefer to use
-  // SetData() which automatically clears the inactive field.
-  // TODO(chromium:1490564): if we decide to do the refactoring described
-  // above, the trusted part would become the code field.
-#ifdef V8_ENABLE_SANDBOX
-  inline Tagged<ExposedTrustedObject> trusted_function_data(
-      IsolateForSandbox isolate, AcquireLoadTag) const;
-  inline void set_trusted_function_data(
-      Tagged<ExposedTrustedObject> value, ReleaseStoreTag,
-      WriteBarrierMode = UPDATE_WRITE_BARRIER);
-
-  // Direct access to the indirect pointer handle referencing the trusted
-  // object.
-  inline IndirectPointerHandle trusted_function_data_handle(
-      AcquireLoadTag) const;
-#endif
-  DECL_RELEASE_ACQUIRE_ACCESSORS(function_data, Tagged<Object>)
+  // Helper function for use when a specific data type is expected.
+  template <typename T, IndirectPointerTag tag>
+  inline Tagged<T> GetTrustedData(IsolateForSandbox isolate) const;
 
-  enum class DataType { kRegular, kTrusted };
-  inline void SetData(Tagged<Object> value, ReleaseStoreTag,
-                      DataType type = DataType::kRegular,
-                      WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
+  // Helper function when no Isolate is available. Prefer to use the variant
+  // with an isolate parameter if possible.
+  inline Tagged<Object> GetTrustedData() const;
 
-#ifdef V8_ENABLE_SANDBOX
-  inline void clear_function_data(ReleaseStoreTag);
-  inline void clear_trusted_function_data(ReleaseStoreTag);
-  inline bool has_trusted_function_data() const;
-#endif
+ private:
+  // For the sandbox, the function's data is split across two fields, with the
+  // "trusted" part containing a trusted pointer and the regular/untrusted part
+  // containing a tagged pointer. In that case, code accessing the data field
+  // will first load the trusted data field. If that is empty (i.e.
+  // kNullIndirectPointerHandle), it will then load the regular field. With
+  // that, the only racy transition would be a tagged -> trusted transition
+  // (one thread may first read the empty trusted pointer, then another thread
+  // transitions to the trusted field, clearing the tagged field, and then the
+  // first thread continues to load the tagged field). As such, this transition
+  // is only allowed on the main thread. From a GC perspective, both fields
+  // always contain a valid value and so can be processed unconditionally.
+  // Only one of these two fields should be in use at any time and the other
+  // field should be cleared. As such, when setting these fields use
+  // SetTrustedData() and SetUntrustedData() which automatically clear the
+  // inactive field.
+  // TODO(chromium:1490564): try to merge these two fields back together, for
+  // example by moving all data objects into trusted space.
+  inline void SetTrustedData(Tagged<ExposedTrustedObject> value,
+                             WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
+  inline void SetUntrustedData(Tagged<Object> value,
+                               WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
+
+  inline bool HasTrustedData() const;
+  inline bool HasUntrustedData() const;
 
  public:
   inline bool IsApiFunction() const;
@@ -445,8 +425,8 @@ class SharedFunctionInfo
   inline bool HasWasmResumeData() const;
   DECL_ACCESSORS(asm_wasm_data, Tagged<AsmWasmData>)
 
-  DECL_GETTER(wasm_exported_function_data, Tagged<WasmExportedFunctionData>)
   DECL_GETTER(wasm_function_data, Tagged<WasmFunctionData>)
+  DECL_GETTER(wasm_exported_function_data, Tagged<WasmExportedFunctionData>)
   DECL_GETTER(wasm_js_function_data, Tagged<WasmJSFunctionData>)
   DECL_GETTER(wasm_capi_function_data, Tagged<WasmCapiFunctionData>)
   DECL_GETTER(wasm_resume_data, Tagged<WasmResumeData>)
@@ -461,16 +441,22 @@ class SharedFunctionInfo
   DECL_PRIMITIVE_ACCESSORS(builtin_id, Builtin)
 
   inline bool HasUncompiledData() const;
-  DECL_ACCESSORS(uncompiled_data, Tagged<UncompiledData>)
+  inline Tagged<UncompiledData> uncompiled_data(
+      IsolateForSandbox isolate) const;
+  inline void set_uncompiled_data(Tagged<UncompiledData> data,
+                                  WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
   inline bool HasUncompiledDataWithPreparseData() const;
-  DECL_ACCESSORS(uncompiled_data_with_preparse_data,
-                 Tagged<UncompiledDataWithPreparseData>)
+  inline Tagged<UncompiledDataWithPreparseData>
+  uncompiled_data_with_preparse_data(IsolateForSandbox isolate) const;
+  inline void set_uncompiled_data_with_preparse_data(
+      Tagged<UncompiledDataWithPreparseData> data,
+      WriteBarrierMode mode = UPDATE_WRITE_BARRIER);
   inline bool HasUncompiledDataWithoutPreparseData() const;
-  inline void ClearUncompiledDataJobPointer();
+  inline void ClearUncompiledDataJobPointer(IsolateForSandbox isolate);
 
   // Clear out pre-parsed scope data from UncompiledDataWithPreparseData,
   // turning it into UncompiledDataWithoutPreparseData.
-  inline void ClearPreparseData();
+  inline void ClearPreparseData(IsolateForSandbox isolate);
 
   // The inferred_name is inferred from variable or property assignment of this
   // function. It is used to facilitate debugging and profiling of JavaScript
@@ -483,7 +469,7 @@ class SharedFunctionInfo
   // objects in a sidetable.
   bool HasDebugInfo(Isolate* isolate) const;
   V8_EXPORT_PRIVATE Tagged<DebugInfo> GetDebugInfo(Isolate* isolate) const;
-  V8_EXPORT_PRIVATE base::Optional<Tagged<DebugInfo>> TryGetDebugInfo(
+  V8_EXPORT_PRIVATE std::optional<Tagged<DebugInfo>> TryGetDebugInfo(
       Isolate* isolate) const;
   V8_EXPORT_PRIVATE bool HasBreakInfo(Isolate* isolate) const;
   bool BreakAtEntry(Isolate* isolate) const;
@@ -544,6 +530,8 @@ class SharedFunctionInfo
   DECL_BOOLEAN_ACCESSORS(is_sparkplug_compiling)
   DECL_BOOLEAN_ACCESSORS(maglev_compilation_failed)
 
+  DECL_BOOLEAN_ACCESSORS(sparkplug_compiled)
+
   CachedTieringDecision cached_tiering_decision();
   void set_cached_tiering_decision(CachedTieringDecision decision);
 
@@ -597,6 +585,8 @@ class SharedFunctionInfo
 
   inline FunctionKind kind() const;
 
+  int UniqueIdInScript() const;
+
   // Defines the index in a native context of closure's map instantiated using
   // this shared function info.
   DECL_INT_ACCESSORS(function_map_index)
@@ -758,7 +748,7 @@ class SharedFunctionInfo
   class ScriptIterator {
    public:
     V8_EXPORT_PRIVATE ScriptIterator(Isolate* isolate, Tagged<Script> script);
-    explicit ScriptIterator(Handle<WeakFixedArray> shared_function_infos);
+    explicit ScriptIterator(Handle<WeakFixedArray> infos);
     ScriptIterator(const ScriptIterator&) = delete;
     ScriptIterator& operator=(const ScriptIterator&) = delete;
     V8_EXPORT_PRIVATE Tagged<SharedFunctionInfo> Next();
@@ -768,7 +758,7 @@ class SharedFunctionInfo
     void Reset(Isolate* isolate, Tagged<Script> script);
 
    private:
-    Handle<WeakFixedArray> shared_function_infos_;
+    Handle<WeakFixedArray> infos_;
     int index_;
   };
 
@@ -862,13 +852,7 @@ class SharedFunctionInfoWrapper : public TrustedObject {
   OBJECT_CONSTRUCTORS(SharedFunctionInfoWrapper, TrustedObject);
 };
 
-#ifdef V8_ENABLE_SANDBOX
-// When the sandbox is enabled, the data field is split into a trusted pointer
-// part and a tagged part.
 static constexpr int kStaticRootsSFISize = 48;
-#else
-static constexpr int kStaticRootsSFISize = 44;
-#endif
 #ifdef V8_STATIC_ROOTS
 static_assert(SharedFunctionInfo::kSize == kStaticRootsSFISize);
 #endif  // V8_STATIC_ROOTS
@@ -901,8 +885,7 @@ class V8_NODISCARD IsCompiledScope {
 
 std::ostream& operator<<(std::ostream& os, const SourceCodeOf& v);
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/shared-function-info.tq b/deps/v8/src/objects/shared-function-info.tq
index 3b1044e9ad3cb8..581d7a107413ff 100644
--- a/deps/v8/src/objects/shared-function-info.tq
+++ b/deps/v8/src/objects/shared-function-info.tq
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+// TODO(saelo): Consider also moving this into trusted space as
+// UncompiledDataWithPreparseData is now in trusted space.
 extern class PreparseData extends HeapObject {
   // TODO(v8:8983): Add declaration for variable-sized region.
   data_length: int32;
@@ -9,14 +11,8 @@ extern class PreparseData extends HeapObject {
 }
 
 extern class InterpreterData extends ExposedTrustedObject {
-  // TODO(saelo): we should consider also moving InterpreterData out of the
-  // sandbox as it can often occur in places where BytecodeArrays are expected
-  // (which live outside of the sandbox). When we do this, this field can again
-  // always directly reference the BytecodeArray through a tagged pointer.
-  @if(V8_ENABLE_SANDBOX) bytecode_array: IndirectPointer<BytecodeArray>;
-  @ifnot(V8_ENABLE_SANDBOX) bytecode_array: BytecodeArray;
-  @if(V8_ENABLE_SANDBOX) interpreter_trampoline: IndirectPointer<Code>;
-  @ifnot(V8_ENABLE_SANDBOX) interpreter_trampoline: Code;
+  bytecode_array: ProtectedPointer<BytecodeArray>;
+  interpreter_trampoline: ProtectedPointer<Code>;
 }
 
 type FunctionKind extends uint8 constexpr 'FunctionKind';
@@ -49,31 +45,33 @@ bitfield struct SharedFunctionInfoFlags2 extends uint8 {
   class_scope_has_private_brand: bool: 1 bit;
   has_static_private_methods_or_accessors: bool: 1 bit;
   // In case another bit is needed here it should be possible to combine
-  // is_sparkplug_compiling, cached_tiering_decision, and
-  // function_context_independent_compiled into a SharedTieringState enum using
-  // only 4 bits.
+  // is_sparkplug_compiling, sparkplug_compiled, cached_tiering_decision, and
+  // function_context_independent_compiled into a SharedTieringState enum
+  // using only 4 bits.
   is_sparkplug_compiling: bool: 1 bit;
   maglev_compilation_failed: bool: 1 bit;
-  cached_tiering_decision: CachedTieringDecision: 3 bit;
+  sparkplug_compiled: bool: 1 bit;
+  cached_tiering_decision: CachedTieringDecision: 2 bit;
   function_context_independent_compiled: bool: 1 bit;
 }
 
 extern class SharedFunctionInfo extends HeapObject {
-  // When the sandbox is enabled, the SFI's function data is split into a
-  // trusted and an untrusted part.
+  // For the sandbox, the SFI's function data is split into a trusted and an
+  // untrusted part.
   // The field is treated as a custom weak pointer. We visit this field as a
   // weak pointer if there is aged bytecode. If there is no bytecode or if the
   // bytecode is young then we treat it as a strong pointer. This is done to
   // support flushing of bytecode.
-  // TODO(chromium:1490564) in the future, this field could be replaced by a
-  // generic code reference, which contains all information needed to (safely)
-  // invoke the function (Code/BytecodeArray, number of parameters, etc.).
-  // Then, function_data would only contain metadata used by the invoked code.
-  // With that, the function_data field would no longer require custom weak
-  // marking as that is only required for (byte)code flushing.
-  @if(V8_ENABLE_SANDBOX)
-      @customWeakMarking trusted_function_data: IndirectPointer;
-  @customWeakMarking function_data: Object;
+  // TODO(chromium:1490564): we should see if these two fields can again be
+  // merged into a single field (when all possible data objects are moved into
+  // trusted space), or if we can turn this into a trusted code and an
+  // untrusted data field.
+  @customWeakMarking
+  trusted_function_data: TrustedPointer<ExposedTrustedObject>;
+  // TODO(chromium:1490564): if we cannot merge this field with the
+  // trusted_function_data in the future (see TODO above), then maybe consider
+  // renaming this field as untrusted_function_data may be a bit awkward.
+  untrusted_function_data: Object;
   name_or_scope_info: String|NoSharedNameSentinel|ScopeInfo;
   outer_scope_info_or_feedback_metadata: HeapObject;
   script: Script|Undefined;
@@ -108,9 +106,6 @@ extern class SharedFunctionInfo extends HeapObject {
   padding: uint16;
 }
 
-extern operator '.data' macro LoadSharedFunctionInfoData(SharedFunctionInfo):
-    Object;
-
 // A wrapper around a SharedFunctionInfo in trusted space.
 // Can be useful in cases where a protected pointer reference to a
 // SharedFunctionInfo is required, for example because it is stored inside an
@@ -147,39 +142,33 @@ macro IsSharedFunctionInfoDontAdaptArguments(sfi: SharedFunctionInfo): bool {
 }
 
 @abstract
-extern class UncompiledData extends HeapObject {
+extern class UncompiledData extends ExposedTrustedObject {
   inferred_name: String;
   start_position: int32;
   end_position: int32;
 }
 
-@generateBodyDescriptor
 @generateUniqueMap
 @generateFactoryFunction
 extern class UncompiledDataWithoutPreparseData extends UncompiledData {}
 
-@generateBodyDescriptor
 @generateUniqueMap
 @generateFactoryFunction
 extern class UncompiledDataWithPreparseData extends UncompiledData {
   preparse_data: PreparseData;
 }
 
-@generateBodyDescriptor
 @generateUniqueMap
 @generateFactoryFunction
 extern class UncompiledDataWithoutPreparseDataWithJob extends
     UncompiledDataWithoutPreparseData {
-  // TODO(v8:10391): Define the field as ExternalPointer or move jobs into cage.
   job: RawPtr;
 }
 
-@generateBodyDescriptor
 @generateUniqueMap
 @generateFactoryFunction
 extern class UncompiledDataWithPreparseDataAndJob extends
     UncompiledDataWithPreparseData {
-  // TODO(v8:10391): Define the field as ExternalPointer or move jobs into cage.
   job: RawPtr;
 }
 
diff --git a/deps/v8/src/objects/smi.h b/deps/v8/src/objects/smi.h
index 605333caf61cb9..421039d1a86ec4 100644
--- a/deps/v8/src/objects/smi.h
+++ b/deps/v8/src/objects/smi.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_SMI_H_
 #define V8_OBJECTS_SMI_H_
 
+#include <type_traits>
+
 #include "src/common/globals.h"
 #include "src/objects/tagged.h"
 
@@ -60,11 +62,19 @@ class Smi : public AllStatic {
   }
 
   // Returns whether value can be represented in a Smi.
-  static inline bool constexpr IsValid(intptr_t value) {
+  template <typename T>
+  static inline std::enable_if_t<std::is_integral_v<T> && std::is_signed_v<T>,
+                                 bool> constexpr IsValid(T value) {
     DCHECK_EQ(Internals::IsValidSmi(value),
               value >= kMinValue && value <= kMaxValue);
     return Internals::IsValidSmi(value);
   }
+  template <typename T>
+  static inline std::enable_if_t<std::is_integral_v<T> && std::is_unsigned_v<T>,
+                                 bool> constexpr IsValid(T value) {
+    DCHECK_EQ(Internals::IsValidSmi(value), value <= kMaxValue);
+    return Internals::IsValidSmi(value);
+  }
 
   // Compare two Smis x, y as if they were converted to strings and then
   // compared lexicographically. Returns:
diff --git a/deps/v8/src/objects/source-text-module.cc b/deps/v8/src/objects/source-text-module.cc
index db7d66c9ed9b86..1b3999ac83c444 100644
--- a/deps/v8/src/objects/source-text-module.cc
+++ b/deps/v8/src/objects/source-text-module.cc
@@ -1030,9 +1030,15 @@ Maybe<bool> SourceTextModule::ExecuteAsyncModule(
   // 8. Perform ! PerformPromiseThen(capability.[[Promise]],
   //                                 onFulfilled, onRejected).
   Handle<Object> argv[] = {on_fulfilled, on_rejected};
-  Execution::CallBuiltin(isolate, isolate->promise_then(), capability,
-                         arraysize(argv), argv)
-      .ToHandleChecked();
+  if (V8_UNLIKELY(Execution::CallBuiltin(isolate, isolate->promise_then(),
+                                         capability, arraysize(argv), argv)
+                      .is_null())) {
+    // TODO(349961173): We assume the builtin call can only fail with a
+    // termination exception. If this check fails in the wild investigate why
+    // the call fails. Otherwise turn this into a DCHECK in the future.
+    CHECK(isolate->is_execution_terminating());
+    return Nothing<bool>();
+  }
 
   // 9. Perform ! module.ExecuteModule(capability).
   // Note: In V8 we have broken module.ExecuteModule into
@@ -1114,7 +1120,7 @@ MaybeHandle<Object> SourceTextModule::InnerModuleEvaluation(
   // 4. Assert: module.[[Status]] is LINKED.
   CHECK_EQ(module_status, kLinked);
 
-  Handle<FixedArray> requested_modules;
+  DirectHandle<FixedArray> requested_modules;
 
   {
     DisallowGarbageCollection no_gc;
@@ -1138,7 +1144,7 @@ MaybeHandle<Object> SourceTextModule::InnerModuleEvaluation(
     stack->push_front(module);
 
     // Recursion.
-    requested_modules = handle(raw_module->requested_modules(), isolate);
+    requested_modules = direct_handle(raw_module->requested_modules(), isolate);
   }
 
   // 11. For each String required of module.[[RequestedModules]], do
diff --git a/deps/v8/src/objects/string-inl.h b/deps/v8/src/objects/string-inl.h
index 61449009a2b6fd..4287acd0f03dcb 100644
--- a/deps/v8/src/objects/string-inl.h
+++ b/deps/v8/src/objects/string-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_STRING_INL_H_
 #define V8_OBJECTS_STRING_INL_H_
 
+#include <optional>
+
 #include "src/common/assert-scope.h"
 #include "src/common/globals.h"
 #include "src/execution/isolate-utils.h"
@@ -28,8 +30,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class V8_NODISCARD SharedStringAccessGuardIfNeeded {
  public:
@@ -112,7 +113,7 @@ class V8_NODISCARD SharedStringAccessGuardIfNeeded {
     return isolate;
   }
 
-  base::Optional<base::SharedMutexGuard<base::kShared>> mutex_guard;
+  std::optional<base::SharedMutexGuard<base::kShared>> mutex_guard;
 };
 
 int32_t String::length() const { return length_; }
@@ -685,7 +686,7 @@ Handle<String> String::Flatten(LocalIsolate* isolate, Handle<String> string,
 }
 
 // static
-base::Optional<String::FlatContent> String::TryGetFlatContentFromDirectString(
+std::optional<String::FlatContent> String::TryGetFlatContentFromDirectString(
     const DisallowGarbageCollection& no_gc, Tagged<String> string, int offset,
     int length, const SharedStringAccessGuardIfNeeded& access_guard) {
   DCHECK_GE(offset, 0);
@@ -769,7 +770,7 @@ uint32_t String::FlatContent::ComputeChecksum() const {
 String::FlatContent String::GetFlatContent(
     const DisallowGarbageCollection& no_gc,
     const SharedStringAccessGuardIfNeeded& access_guard) {
-  base::Optional<FlatContent> flat_content =
+  std::optional<FlatContent> flat_content =
       TryGetFlatContentFromDirectString(no_gc, this, 0, length(), access_guard);
   if (flat_content.has_value()) return flat_content.value();
   return SlowGetFlatContent(no_gc, access_guard);
@@ -1549,8 +1550,7 @@ class SeqTwoByteString::BodyDescriptor final : public DataOnlyBodyDescriptor {
   }
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/string.cc b/deps/v8/src/objects/string.cc
index 28e40672b19651..492145b0e3e6a0 100644
--- a/deps/v8/src/objects/string.cc
+++ b/deps/v8/src/objects/string.cc
@@ -719,86 +719,10 @@ bool String::LooksValid() {
   return chunk->heap()->Contains(this);
 }
 
-namespace {
-
-bool AreDigits(const uint8_t* s, int from, int to) {
-  for (int i = from; i < to; i++) {
-    if (s[i] < '0' || s[i] > '9') return false;
-  }
-
-  return true;
-}
-
-int ParseDecimalInteger(const uint8_t* s, int from, int to) {
-  DCHECK_LT(to - from, 10);  // Overflow is not possible.
-  DCHECK(from < to);
-  int d = s[from] - '0';
-
-  for (int i = from + 1; i < to; i++) {
-    d = 10 * d + (s[i] - '0');
-  }
-
-  return d;
-}
-
-}  // namespace
-
 // static
 Handle<Number> String::ToNumber(Isolate* isolate, Handle<String> subject) {
-  // Flatten {subject} string first.
-  subject = String::Flatten(isolate, subject);
-
-  // Fast array index case.
-  uint32_t index;
-  if (subject->AsArrayIndex(&index)) {
-    return isolate->factory()->NewNumberFromUint(index);
-  }
-
-  // Fast case: short integer or some sorts of junk values.
-  if (IsSeqOneByteString(*subject)) {
-    int len = subject->length();
-    if (len == 0) return handle(Smi::zero(), isolate);
-
-    DisallowGarbageCollection no_gc;
-    uint8_t const* data = Cast<SeqOneByteString>(subject)->GetChars(no_gc);
-    bool minus = (data[0] == '-');
-    int start_pos = (minus ? 1 : 0);
-
-    if (start_pos == len) {
-      return isolate->factory()->nan_value();
-    } else if (data[start_pos] > '9') {
-      // Fast check for a junk value. A valid string may start from a
-      // whitespace, a sign ('+' or '-'), the decimal point, a decimal digit
-      // or the 'I' character ('Infinity'). All of that have codes not greater
-      // than '9' except 'I' and &nbsp;.
-      if (data[start_pos] != 'I' && data[start_pos] != 0xA0) {
-        return isolate->factory()->nan_value();
-      }
-    } else if (len - start_pos < 10 && AreDigits(data, start_pos, len)) {
-      // The maximal/minimal smi has 10 digits. If the string has less digits
-      // we know it will fit into the smi-data type.
-      int d = ParseDecimalInteger(data, start_pos, len);
-      if (minus) {
-        if (d == 0) return isolate->factory()->minus_zero_value();
-        d = -d;
-      } else if (!subject->HasHashCode() && len <= String::kMaxArrayIndexSize &&
-                 (len == 1 || data[0] != '0')) {
-        // String hash is not calculated yet but all the data are present.
-        // Update the hash field to speed up sequential convertions.
-        uint32_t raw_hash_field = StringHasher::MakeArrayIndexHash(d, len);
-#ifdef DEBUG
-        subject->EnsureHash();  // Force hash calculation.
-        DCHECK_EQ(subject->raw_hash_field(), raw_hash_field);
-#endif
-        subject->set_raw_hash_field_if_empty(raw_hash_field);
-      }
-      return handle(Smi::FromInt(d), isolate);
-    }
-  }
-
-  // Slower case.
-  int flags = ALLOW_HEX | ALLOW_OCTAL | ALLOW_BINARY;
-  return isolate->factory()->NewNumber(StringToDouble(isolate, subject, flags));
+  return isolate->factory()->NewNumber(
+      StringToDouble(isolate, subject, ALLOW_NON_DECIMAL_PREFIX));
 }
 
 String::FlatContent String::SlowGetFlatContent(
diff --git a/deps/v8/src/objects/string.h b/deps/v8/src/objects/string.h
index 820c82f022782a..6678e8ce7551d1 100644
--- a/deps/v8/src/objects/string.h
+++ b/deps/v8/src/objects/string.h
@@ -6,6 +6,7 @@
 #define V8_OBJECTS_STRING_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/base/bits.h"
 #include "src/base/export-template.h"
@@ -24,8 +25,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace maglev {
 class CheckedInternalizedString;
@@ -35,7 +35,7 @@ class BuiltinStringFromCharCode;
 namespace wasm {
 namespace baseline {
 class LiftoffCompiler;
-}
+}  // namespace baseline
 }  // namespace wasm
 
 class SharedStringAccessGuardIfNeeded;
@@ -642,7 +642,7 @@ V8_OBJECT class String : public Name {
   V8_EXPORT_PRIVATE static Handle<String> SlowFlatten(
       Isolate* isolate, Handle<ConsString> cons, AllocationType allocation);
 
-  V8_EXPORT_PRIVATE V8_INLINE static base::Optional<FlatContent>
+  V8_EXPORT_PRIVATE V8_INLINE static std::optional<FlatContent>
   TryGetFlatContentFromDirectString(const DisallowGarbageCollection& no_gc,
                                     Tagged<String> string, int offset,
                                     int length,
@@ -755,8 +755,7 @@ class SeqString : public String {
   EXPORT_DECL_VERIFIER(SeqString)
 };
 
-V8_OBJECT class InternalizedString : public String{
-
+V8_OBJECT class InternalizedString : public String {
   // TODO(neis): Possibly move some stuff from String here.
 } V8_OBJECT_END;
 
@@ -1292,8 +1291,7 @@ struct CharTraits<uint16_t> {
   using ExternalString = ExternalTwoByteString;
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/swiss-name-dictionary-inl.h b/deps/v8/src/objects/swiss-name-dictionary-inl.h
index bc31f196427cfe..58ae3a96036198 100644
--- a/deps/v8/src/objects/swiss-name-dictionary-inl.h
+++ b/deps/v8/src/objects/swiss-name-dictionary-inl.h
@@ -6,9 +6,9 @@
 #define V8_OBJECTS_SWISS_NAME_DICTIONARY_INL_H_
 
 #include <algorithm>
+#include <optional>
 
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/execution/isolate-utils-inl.h"
 #include "src/heap/heap.h"
 #include "src/objects/fixed-array-inl.h"
@@ -22,8 +22,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #include "torque-generated/src/objects/swiss-name-dictionary-tq-inl.inc"
 
@@ -308,7 +307,7 @@ Tagged<Object> SwissNameDictionary::ValueAt(InternalIndex entry) {
   return ValueAtRaw(entry.as_int());
 }
 
-base::Optional<Tagged<Object>> SwissNameDictionary::TryValueAt(
+std::optional<Tagged<Object>> SwissNameDictionary::TryValueAt(
     InternalIndex entry) {
 #if DEBUG
   Isolate* isolate;
@@ -760,8 +759,7 @@ ACCESSORS_CHECKED2(SwissNameDictionary, meta_table, Tagged<ByteArray>,
                    MetaTablePointerOffset(), true,
                    value->length() >= kMetaTableEnumerationDataStartIndex)
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/swiss-name-dictionary.h b/deps/v8/src/objects/swiss-name-dictionary.h
index 8a4f84e1ac45b2..85f4683334f4cf 100644
--- a/deps/v8/src/objects/swiss-name-dictionary.h
+++ b/deps/v8/src/objects/swiss-name-dictionary.h
@@ -6,9 +6,9 @@
 #define V8_OBJECTS_SWISS_NAME_DICTIONARY_H_
 
 #include <cstdint>
+#include <optional>
 
 #include "src/base/export-template.h"
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/objects/fixed-array.h"
 #include "src/objects/internal-index.h"
@@ -19,8 +19,7 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // A property backing store based on Swiss Tables/Abseil's flat_hash_map. The
 // implementation is heavily based on Abseil's raw_hash_set.h.
@@ -104,7 +103,7 @@ class V8_EXPORT_PRIVATE SwissNameDictionary : public HeapObject {
   inline Tagged<Name> NameAt(InternalIndex entry);
   inline Tagged<Object> ValueAt(InternalIndex entry);
   // Returns {} if we would be reading out of the bounds of the object.
-  inline base::Optional<Tagged<Object>> TryValueAt(InternalIndex entry);
+  inline std::optional<Tagged<Object>> TryValueAt(InternalIndex entry);
   inline PropertyDetails DetailsAt(InternalIndex entry);
 
   inline void ValueAtPut(InternalIndex entry, Tagged<Object> value);
@@ -345,8 +344,7 @@ class V8_EXPORT_PRIVATE SwissNameDictionary : public HeapObject {
                                       int field_index);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/tagged-field.h b/deps/v8/src/objects/tagged-field.h
index 27cc61682a11aa..af09fe53441fc2 100644
--- a/deps/v8/src/objects/tagged-field.h
+++ b/deps/v8/src/objects/tagged-field.h
@@ -7,6 +7,7 @@
 
 #include "src/base/atomicops.h"
 #include "src/base/macros.h"
+#include "src/base/template-meta-programming/functional.h"
 #include "src/common/globals.h"
 #include "src/common/ptr-compr.h"
 #include "src/objects/tagged-value.h"
@@ -100,10 +101,12 @@ static_assert(sizeof(UnalignedDoubleMember) == sizeof(double));
 #define FLEXIBLE_ARRAY_MEMBER(Type, name)                     \
   using FlexibleDataReturnType = Type[0];                     \
   FlexibleDataReturnType& name() {                            \
+    static_assert(alignof(Type) <= alignof(decltype(*this))); \
     using ReturnType = Type[0];                               \
     return reinterpret_cast<ReturnType&>(*(this + 1));        \
   }                                                           \
   const FlexibleDataReturnType& name() const {                \
+    static_assert(alignof(Type) <= alignof(decltype(*this))); \
     using ReturnType = Type[0];                               \
     return reinterpret_cast<const ReturnType&>(*(this + 1));  \
   }                                                           \
@@ -112,13 +115,25 @@ static_assert(sizeof(UnalignedDoubleMember) == sizeof(double));
 // GCC and clang allow zero length arrays in base classes. Return the zero
 // length array by reference, to avoid array-to-pointer decay which can lose
 // aliasing information.
-#define FLEXIBLE_ARRAY_MEMBER(Type, name)                                \
-  using FlexibleDataReturnType = Type[0];                                \
-  FlexibleDataReturnType& name() { return flexible_array_member_data_; } \
-  const FlexibleDataReturnType& name() const {                           \
-    return flexible_array_member_data_;                                  \
-  }                                                                      \
-  Type flexible_array_member_data_[0];                                   \
+#define FLEXIBLE_ARRAY_MEMBER(Type, name)                                  \
+  using FlexibleDataReturnType = Type[0];                                  \
+  FlexibleDataReturnType& name() { return flexible_array_member_data_; }   \
+  const FlexibleDataReturnType& name() const {                             \
+    return flexible_array_member_data_;                                    \
+  }                                                                        \
+  Type flexible_array_member_data_[0];                                     \
+                                                                           \
+ public:                                                                   \
+  template <typename Class>                                                \
+  static constexpr auto OffsetOfDataStart() {                              \
+    /* Produce a compiler error if {Class} is not this class */            \
+    static_assert(base::tmp::lazy_true<                                    \
+                  decltype(std::declval<Class>()                           \
+                               .flexible_array_member_data_)>::value);     \
+    return static_cast<int>(offsetof(Class, flexible_array_member_data_)); \
+  }                                                                        \
+                                                                           \
+ private:                                                                  \
   using FlexibleDataType = Type
 #endif
 
@@ -127,7 +142,7 @@ static_assert(sizeof(UnalignedDoubleMember) == sizeof(double));
 #if V8_CC_MSVC && !defined(__clang__)
 #define OFFSET_OF_DATA_START(Type) sizeof(Type)
 #else
-#define OFFSET_OF_DATA_START(Type) offsetof(Type, flexible_array_member_data_)
+#define OFFSET_OF_DATA_START(Type) Type::OffsetOfDataStart<Type>()
 #endif
 
 // This helper static class represents a tagged field of type T at offset
diff --git a/deps/v8/src/objects/templates.cc b/deps/v8/src/objects/templates.cc
index 658947c1c6c2d2..ec41d9e30a6f60 100644
--- a/deps/v8/src/objects/templates.cc
+++ b/deps/v8/src/objects/templates.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <cstdint>
+#include <optional>
 
 #include "src/api/api-inl.h"
 #include "src/base/macros.h"
@@ -22,8 +23,7 @@
 #include "src/objects/shared-function-info-inl.h"
 #include "src/objects/string-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 bool FunctionTemplateInfo::HasInstanceType() {
   return instance_type() != kNoJSApiObjectType;
@@ -142,7 +142,7 @@ FunctionTemplateInfo::AllocateFunctionTemplateRareData(
   return *rare_data;
 }
 
-base::Optional<Tagged<Name>> FunctionTemplateInfo::TryGetCachedPropertyName(
+std::optional<Tagged<Name>> FunctionTemplateInfo::TryGetCachedPropertyName(
     Isolate* isolate, Tagged<Object> getter) {
   DisallowGarbageCollection no_gc;
   if (!IsFunctionTemplateInfo(getter)) {
@@ -164,24 +164,25 @@ int FunctionTemplateInfo::GetCFunctionsCount() const {
          kFunctionOverloadEntrySize;
 }
 
-Address FunctionTemplateInfo::GetCFunction(int index) const {
+Address FunctionTemplateInfo::GetCFunction(Isolate* isolate, int index) const {
   i::DisallowHeapAllocation no_gc;
   return v8::ToCData<kCFunctionTag>(
-      Cast<FixedArray>(GetCFunctionOverloads())
-          ->get(index * kFunctionOverloadEntrySize));
+      isolate, Cast<FixedArray>(GetCFunctionOverloads())
+                   ->get(index * kFunctionOverloadEntrySize));
 }
 
-const CFunctionInfo* FunctionTemplateInfo::GetCSignature(int index) const {
+const CFunctionInfo* FunctionTemplateInfo::GetCSignature(Isolate* isolate,
+                                                         int index) const {
   i::DisallowHeapAllocation no_gc;
   return v8::ToCData<CFunctionInfo*, kCFunctionInfoTag>(
-      Cast<FixedArray>(GetCFunctionOverloads())
-          ->get(index * kFunctionOverloadEntrySize + 1));
+      isolate, Cast<FixedArray>(GetCFunctionOverloads())
+                   ->get(index * kFunctionOverloadEntrySize + 1));
 }
 
 // static
 Handle<DictionaryTemplateInfo> DictionaryTemplateInfo::Create(
     Isolate* isolate, const v8::MemorySpan<const std::string_view>& names) {
-  Handle<FixedArray> property_names = isolate->factory()->NewFixedArray(
+  DirectHandle<FixedArray> property_names = isolate->factory()->NewFixedArray(
       static_cast<int>(names.size()), AllocationType::kOld);
   int index = 0;
   uint32_t unused_array_index;
@@ -339,5 +340,4 @@ Handle<JSObject> DictionaryTemplateInfo::NewInstance(
   return object;
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/templates.h b/deps/v8/src/objects/templates.h
index 0f4c30fc4bc6d3..7048661ce5e755 100644
--- a/deps/v8/src/objects/templates.h
+++ b/deps/v8/src/objects/templates.h
@@ -5,8 +5,10 @@
 #ifndef V8_OBJECTS_TEMPLATES_H_
 #define V8_OBJECTS_TEMPLATES_H_
 
+#include <optional>
 #include <string_view>
 
+#include "include/v8-exception.h"
 #include "include/v8-memory-span.h"
 #include "src/handles/handles.h"
 #include "src/objects/contexts.h"
@@ -216,12 +218,12 @@ class FunctionTemplateInfo
   bool HasInstanceType();
 
   // Helper function for cached accessors.
-  static base::Optional<Tagged<Name>> TryGetCachedPropertyName(
+  static std::optional<Tagged<Name>> TryGetCachedPropertyName(
       Isolate* isolate, Tagged<Object> getter);
   // Fast API overloads.
   int GetCFunctionsCount() const;
-  Address GetCFunction(int index) const;
-  const CFunctionInfo* GetCSignature(int index) const;
+  Address GetCFunction(Isolate* isolate, int index) const;
+  const CFunctionInfo* GetCSignature(Isolate* isolate, int index) const;
 
   // CFunction data for a set of overloads is stored into a FixedArray, as
   // [address_0, signature_0, ... address_n-1, signature_n-1].
diff --git a/deps/v8/src/objects/templates.tq b/deps/v8/src/objects/templates.tq
index faee1d0184de37..7ebc6c58a50467 100644
--- a/deps/v8/src/objects/templates.tq
+++ b/deps/v8/src/objects/templates.tq
@@ -44,6 +44,10 @@ bitfield struct FunctionTemplateInfoFlags extends uint32 {
 @generateUniqueMap
 extern class FunctionTemplateInfo extends TemplateInfo {
   class_name: String|Undefined;
+  // Experimental exception preprocessing Api (https://crbug.com/328104148).
+  // This value is provided as contextual information for embedder
+  // exception preprocessing.
+  interface_name: String|Undefined;
   // If the signature is a FunctionTemplateInfo it is used to check whether the
   // receiver calling the associated JSFunction is a compatible receiver, i.e.
   // it is an instance of the signature FunctionTemplateInfo or any of the
@@ -76,6 +80,14 @@ extern class FunctionTemplateInfo extends TemplateInfo {
   // this FunctionTemplateInfo.
   instance_type: InstanceType;
 
+  // Experimental exception preprocessing Api (https://crbug.com/328104148).
+  // Provides information on the type of FunctionTemplate for embedder
+  // exception preprocessing.
+  exception_context: uint32;
+
+  @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;
+  @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;
+
   // A callback invoked when calling an instance of this FunctionTemplateInfo.
   // For simulator builds this field contains the address of the trampoline
   // callable from generated code and for native builds - the address of
diff --git a/deps/v8/src/objects/transitions-inl.h b/deps/v8/src/objects/transitions-inl.h
index 21ddad72317802..5d279bf77585de 100644
--- a/deps/v8/src/objects/transitions-inl.h
+++ b/deps/v8/src/objects/transitions-inl.h
@@ -52,6 +52,54 @@ Tagged<WeakFixedArray> TransitionArray::GetPrototypeTransitions() {
   return Cast<WeakFixedArray>(prototype_transitions);
 }
 
+bool TransitionArray::HasSideStepTransitions() {
+  return get(kSideStepTransitionsIndex) != Smi::zero();
+}
+
+bool TransitionsAccessor::HasSideStepTransitions() {
+  if (encoding() != kFullTransitionArray) {
+    return false;
+  }
+  return transitions()->HasSideStepTransitions();
+}
+
+Tagged<Object> TransitionsAccessor::GetSideStepTransition(
+    SideStepTransition::Kind kind) {
+  DCHECK(HasSideStepTransitions());
+  auto res = transitions()->GetSideStepTransitions()->get(
+      SideStepTransition::index_of(kind));
+  if (res.IsSmi()) {
+    DCHECK(res == SideStepTransition::Empty ||
+           res == SideStepTransition::Unreachable);
+    return res.ToSmi();
+  }
+  Tagged<HeapObject> target;
+  if (res.GetHeapObjectIfWeak(&target)) return target;
+  DCHECK(res.IsCleared());
+  return SideStepTransition::Empty;
+}
+
+void TransitionsAccessor::SetSideStepTransition(SideStepTransition::Kind kind,
+                                                Tagged<Object> object) {
+  DCHECK(HasSideStepTransitions());
+  DCHECK(object == SideStepTransition::Unreachable || IsMap(object) ||
+         IsCell(object));
+  DCHECK_IMPLIES(IsCell(object),
+                 kind == SideStepTransition::Kind::kObjectAssignValidityCell);
+  DCHECK_LT(SideStepTransition::index_of(kind), SideStepTransition::kSize);
+  DCHECK_GE(SideStepTransition::index_of(kind), 0);
+  transitions()->GetSideStepTransitions()->set(
+      SideStepTransition::index_of(kind),
+      object.IsSmi() ? object : MakeWeak(object));
+}
+
+Tagged<WeakFixedArray> TransitionArray::GetSideStepTransitions() {
+  DCHECK(HasSideStepTransitions());  // Callers must check first.
+  Tagged<Object> transitions =
+      get(kSideStepTransitionsIndex).GetHeapObjectAssumeStrong();
+  return Cast<WeakFixedArray>(transitions);
+}
+
 HeapObjectSlot TransitionArray::GetKeySlot(int transition_number) {
   DCHECK(transition_number < number_of_transitions());
   return HeapObjectSlot(RawFieldOfElementAt(ToKeyIndex(transition_number)));
@@ -167,10 +215,7 @@ void TransitionArray::SetRawTarget(int transition_number,
   DCHECK(transition_number < number_of_transitions());
   DCHECK(value.IsWeakOrCleared());
   DCHECK(value.IsCleared() || IsMap(value.GetHeapObjectAssumeWeak()));
-  DCHECK_IMPLIES(value.IsCleared(),
-                 TransitionsAccessor::IsSpecialSidestepTransition(
-                     ReadOnlyRoots(GetIsolateFromWritableObject(*this)),
-                     GetKey(transition_number)));
+  DCHECK(!value.IsCleared());
   WeakFixedArray::set(ToTargetIndex(transition_number), value);
 }
 
@@ -190,9 +235,6 @@ bool TransitionArray::GetTargetIfExists(int transition_number, Isolate* isolate,
       IsUndefined(heap_object, isolate)) {
     return false;
   }
-  if (raw.IsCleared()) {
-    return false;
-  }
   *target = TransitionsAccessor::GetTargetFromRaw(raw);
   return true;
 }
@@ -281,12 +323,12 @@ MaybeHandle<Map> TransitionsAccessor::SearchTransition(
 }
 
 // static
-std::optional<Handle<Map>> TransitionsAccessor::SearchSpecial(
-    Isolate* isolate, DirectHandle<Map> map, Tagged<Symbol> name) {
-  if (auto result = TransitionsAccessor(isolate, *map).SearchSpecial(name)) {
-    return handle(*result, isolate);
-  }
-  return {};
+MaybeHandle<Map> TransitionsAccessor::SearchSpecial(Isolate* isolate,
+                                                    DirectHandle<Map> map,
+                                                    Tagged<Symbol> name) {
+  Tagged<Map> result = TransitionsAccessor(isolate, *map).SearchSpecial(name);
+  if (result.is_null()) return {};
+  return MaybeHandle<Map>(result, isolate);
 }
 
 int TransitionArray::number_of_transitions() const {
@@ -411,10 +453,12 @@ std::pair<Handle<String>, Handle<Map>> TransitionsAccessor::ExpectedTransition(
   UNREACHABLE();
 }
 
-template <typename Callback, typename ProtoCallback, bool with_key>
+template <typename Callback, typename ProtoCallback, typename SideStepCallback,
+          bool with_key>
 void TransitionsAccessor::ForEachTransitionWithKey(
     DisallowGarbageCollection* no_gc, Callback callback,
-    ProtoCallback proto_transition_callback, IterationMode filter) {
+    ProtoCallback proto_transition_callback,
+    SideStepCallback side_step_transition_callback) {
   switch (encoding()) {
     case kPrototypeInfo:
     case kUninitialized:
@@ -437,33 +481,11 @@ void TransitionsAccessor::ForEachTransitionWithKey(
       int num_transitions = transition_array->number_of_transitions();
       ReadOnlyRoots roots(isolate_);
       for (int i = 0; i < num_transitions; ++i) {
-        if (filter == IterationMode::kDefault &&
-            IsSpecialSidestepTransition(roots, transition_array->GetKey(i))) {
-          continue;
-        }
-        DCHECK_IMPLIES(
-            IsSpecialSidestepTransition(roots, transition_array->GetKey(i)),
-            filter == IterationMode::kIncludeSideStepTransitions ||
-                filter == IterationMode::kIncludeClearedSideStepTransitions);
-        Tagged<MaybeObject> target = transition_array->GetRawTarget(i);
-        if (target.IsCleared()) {
-          DCHECK(
-              IsSpecialSidestepTransition(roots, transition_array->GetKey(i)));
-          if (filter == IterationMode::kIncludeClearedSideStepTransitions) {
-            if constexpr (with_key) {
-              Tagged<Name> key = transition_array->GetKey(i);
-              callback(key, Tagged<Map>());
-            } else {
-              callback(Tagged<Map>());
-            }
-          }
-          continue;
-        }
         if constexpr (with_key) {
           Tagged<Name> key = transition_array->GetKey(i);
-          callback(key, TransitionsAccessor::GetTargetFromRaw(target));
+          callback(key, GetTarget(i));
         } else {
-          callback(TransitionsAccessor::GetTargetFromRaw(target));
+          callback(GetTarget(i));
         }
       }
       if constexpr (!std::is_same<ProtoCallback, std::nullptr_t>::value) {
@@ -472,7 +494,7 @@ void TransitionsAccessor::ForEachTransitionWithKey(
               transitions()->GetPrototypeTransitions();
           int length = TransitionArray::NumberOfPrototypeTransitions(cache);
           for (int i = 0; i < length; i++) {
-            auto target =
+            Tagged<MaybeObject> target =
                 cache->get(TransitionArray::kProtoTransitionHeaderSize + i);
             Tagged<HeapObject> heap_object;
             if (target.GetHeapObjectIfWeak(&heap_object)) {
@@ -481,6 +503,26 @@ void TransitionsAccessor::ForEachTransitionWithKey(
           }
         }
       }
+      if constexpr (!std::is_same<SideStepCallback, std::nullptr_t>::value) {
+        if (transitions()->HasSideStepTransitions()) {
+          Tagged<WeakFixedArray> cache =
+              transitions()->GetSideStepTransitions();
+          for (uint32_t i = SideStepTransition::kFirstMapIdx;
+               i <= SideStepTransition::kLastMapIdx; i++) {
+            Tagged<MaybeObject> target = cache->get(i);
+            if (target.IsWeak() || target == SideStepTransition::Unreachable) {
+              if constexpr (with_key) {
+                side_step_transition_callback(
+                    static_cast<SideStepTransition::Kind>(i),
+                    target.GetHeapObjectOrSmi());
+              } else {
+                side_step_transition_callback(target.GetHeapObjectOrSmi());
+              }
+            }
+          }
+        }
+      }
+
       return;
     }
   }
diff --git a/deps/v8/src/objects/transitions.cc b/deps/v8/src/objects/transitions.cc
index 02c73f747617a9..d6db1554986da1 100644
--- a/deps/v8/src/objects/transitions.cc
+++ b/deps/v8/src/objects/transitions.cc
@@ -11,8 +11,7 @@
 #include "src/objects/transitions-inl.h"
 #include "src/utils/utils.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // static
 Tagged<Map> TransitionsAccessor::GetSimpleTransition(Isolate* isolate,
@@ -41,41 +40,26 @@ bool TransitionsAccessor::HasSimpleTransitionTo(Tagged<Map> map) {
 }
 
 // static
-void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
+void TransitionsAccessor::InsertHelper(Isolate* isolate, DirectHandle<Map> map,
                                        DirectHandle<Name> name,
-                                       std::optional<DirectHandle<Map>> target,
+                                       DirectHandle<Map> target,
                                        TransitionKindFlag flag) {
   DCHECK_NE(flag, PROTOTYPE_TRANSITION);
   Encoding encoding = GetEncoding(isolate, map);
   DCHECK_NE(kPrototypeInfo, encoding);
   ReadOnlyRoots roots(isolate);
-  DCHECK_IMPLIES(IsSpecialSidestepTransition(roots, *name),
-                 v8_flags.clone_object_sidestep_transitions);
-  DCHECK_IMPLIES(IsSpecialSidestepTransition(roots, *name),
-                 flag == SPECIAL_TRANSITION);
-  DCHECK_IMPLIES(!target.has_value(),
-                 IsSpecialSidestepTransition(roots, *name));
-  if (flag != SPECIAL_TRANSITION ||
-      !IsSpecialSidestepTransition(roots, *name)) {
-    (*target)->SetBackPointer(*map);
-  }
-
-  auto GetWeakRef = [&]() -> Tagged<MaybeObject> {
-    if (!target.has_value()) {
-      return ClearedValue(isolate);
-    }
-    return MakeWeak(**target);
-  };
+  (*target)->SetBackPointer(*map);
+
   // If the map doesn't have any transitions at all yet, install the new one.
   if (encoding == kUninitialized || encoding == kMigrationTarget) {
     if (flag == SIMPLE_PROPERTY_TRANSITION) {
-      ReplaceTransitions(isolate, map, MakeWeak(**target));
+      ReplaceTransitions(isolate, map, MakeWeak(*target));
       return;
     }
     // If the flag requires a full TransitionArray, allocate one.
     DirectHandle<TransitionArray> result =
         isolate->factory()->NewTransitionArray(1, 0);
-    result->Set(0, *name, GetWeakRef());
+    result->Set(0, *name, MakeWeak(*target));
     ReplaceTransitions(isolate, map, result);
     DCHECK_EQ(kFullTransitionArray, GetEncoding(isolate, *result));
     return;
@@ -92,7 +76,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
       PropertyDetails new_details = GetTargetDetails(*name, **target);
       if (key->Equals(*name) && old_details.kind() == new_details.kind() &&
           old_details.attributes() == new_details.attributes()) {
-        ReplaceTransitions(isolate, map, MakeWeak(**target));
+        ReplaceTransitions(isolate, map, MakeWeak(*target));
         return;
       }
     }
@@ -105,7 +89,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
     // cleared.
     simple_transition = GetSimpleTransition(isolate, map);
     if (simple_transition.is_null()) {
-      result->Set(0, *name, GetWeakRef());
+      result->Set(0, *name, MakeWeak(*target));
       ReplaceTransitions(isolate, map, result);
       DCHECK_EQ(kFullTransitionArray, GetEncoding(isolate, *result));
       return;
@@ -137,7 +121,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
                   MakeWeak(simple_transition));
     }
     result->SetKey(insertion_index, *name);
-    result->SetRawTarget(insertion_index, GetWeakRef());
+    result->SetRawTarget(insertion_index, MakeWeak(*target));
 
     SLOW_DCHECK(result->IsSortedNoDuplicates());
     ReplaceTransitions(isolate, map, result);
@@ -171,7 +155,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
     if (index != kNotFound) {
       base::SharedMutexGuard<base::kExclusive> shared_mutex_guard(
           isolate->full_transition_array_access());
-      array->SetRawTarget(index, GetWeakRef());
+      array->SetRawTarget(index, MakeWeak(*target));
       return;
     }
 
@@ -190,7 +174,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
         array->SetRawTarget(i, array->GetRawTarget(i - 1));
       }
       array->SetKey(insertion_index, *name);
-      array->SetRawTarget(insertion_index, GetWeakRef());
+      array->SetRawTarget(insertion_index, MakeWeak(*target));
       SLOW_DCHECK(array->IsSortedNoDuplicates());
       return;
     }
@@ -232,7 +216,7 @@ void TransitionsAccessor::InsertHelper(Isolate* isolate, Handle<Map> map,
   for (int i = 0; i < insertion_index; ++i) {
     result->Set(i, array->GetKey(i), array->GetRawTarget(i));
   }
-  result->Set(insertion_index, *name, GetWeakRef());
+  result->Set(insertion_index, *name, MakeWeak(*target));
   for (int i = insertion_index; i < number_of_transitions; ++i) {
     result->Set(i + 1, array->GetKey(i), array->GetRawTarget(i));
   }
@@ -263,18 +247,13 @@ Tagged<Map> TransitionsAccessor::SearchTransition(
   UNREACHABLE();
 }
 
-std::optional<Tagged<Map>> TransitionsAccessor::SearchSpecial(
-    Tagged<Symbol> name) {
+Tagged<Map> TransitionsAccessor::SearchSpecial(Tagged<Symbol> name) {
   if (encoding() != kFullTransitionArray) return {};
   base::SharedMutexGuardIf<base::kShared> scope(
       isolate_->full_transition_array_access(), concurrent_access_);
   int transition = transitions()->SearchSpecial(name, concurrent_access_);
   if (transition == kNotFound) return {};
-  Tagged<MaybeObject> res = transitions()->GetRawTarget(transition);
-  if (res.IsCleared()) {
-    return Map();
-  }
-  return GetTargetFromRaw(res);
+  return transitions()->GetTarget(transition);
 }
 
 // static
@@ -284,15 +263,7 @@ bool TransitionsAccessor::IsSpecialTransition(ReadOnlyRoots roots,
   return name == roots.nonextensible_symbol() ||
          name == roots.sealed_symbol() || name == roots.frozen_symbol() ||
          name == roots.elements_transition_symbol() ||
-         name == roots.strict_function_transition_symbol() ||
-         IsSpecialSidestepTransition(roots, name);
-}
-
-// static
-bool TransitionsAccessor::IsSpecialSidestepTransition(ReadOnlyRoots roots,
-                                                      Tagged<Name> name) {
-  return name == roots.object_assign_clone_transition_symbol() ||
-         name == roots.clone_object_ic_transition_symbol();
+         name == roots.strict_function_transition_symbol();
 }
 
 MaybeHandle<Map> TransitionsAccessor::FindTransitionToField(
@@ -418,7 +389,7 @@ Handle<WeakFixedArray> TransitionArray::GrowPrototypeTransitionArray(
 
 // static
 bool TransitionsAccessor::PutPrototypeTransition(Isolate* isolate,
-                                                 Handle<Map> map,
+                                                 DirectHandle<Map> map,
                                                  DirectHandle<Object> prototype,
                                                  DirectHandle<Map> target_map) {
   DCHECK_IMPLIES(v8_flags.move_prototype_transitions_first,
@@ -432,7 +403,8 @@ bool TransitionsAccessor::PutPrototypeTransition(Isolate* isolate,
 
   const int header = TransitionArray::kProtoTransitionHeaderSize;
 
-  Handle<WeakFixedArray> cache(GetPrototypeTransitions(isolate, *map), isolate);
+  DirectHandle<WeakFixedArray> cache(GetPrototypeTransitions(isolate, *map),
+                                     isolate);
   int capacity = cache->length() - header;
   int transitions = TransitionArray::NumberOfPrototypeTransitions(*cache) + 1;
 
@@ -484,7 +456,7 @@ bool TransitionsAccessor::PutPrototypeTransition(Isolate* isolate,
 }
 
 // static
-base::Optional<Tagged<Map>> TransitionsAccessor::GetPrototypeTransition(
+std::optional<Tagged<Map>> TransitionsAccessor::GetPrototypeTransition(
     Isolate* isolate, Tagged<Map> map, Tagged<Object> prototype) {
   DisallowGarbageCollection no_gc;
   Tagged<WeakFixedArray> cache = GetPrototypeTransitions(isolate, map);
@@ -591,14 +563,14 @@ void TransitionsAccessor::ReplaceTransitions(
 
 // static
 void TransitionsAccessor::ReplaceTransitions(
-    Isolate* isolate, Handle<Map> map,
+    Isolate* isolate, DirectHandle<Map> map,
     DirectHandle<TransitionArray> new_transitions) {
   ReplaceTransitions(isolate, map, *new_transitions);
 }
 
 // static
 void TransitionsAccessor::SetPrototypeTransitions(
-    Isolate* isolate, Handle<Map> map,
+    Isolate* isolate, DirectHandle<Map> map,
     DirectHandle<WeakFixedArray> proto_transitions) {
   EnsureHasFullTransitionArray(isolate, map);
   GetTransitionArray(isolate, map->raw_transitions(isolate, kAcquireLoad))
@@ -607,7 +579,7 @@ void TransitionsAccessor::SetPrototypeTransitions(
 
 // static
 void TransitionsAccessor::EnsureHasFullTransitionArray(Isolate* isolate,
-                                                       Handle<Map> map) {
+                                                       DirectHandle<Map> map) {
   Encoding encoding =
       GetEncoding(isolate, map->raw_transitions(isolate, kAcquireLoad));
   if (encoding == kFullTransitionArray) return;
@@ -632,10 +604,7 @@ void TransitionsAccessor::EnsureHasFullTransitionArray(Isolate* isolate,
 }
 
 void TransitionsAccessor::TraverseTransitionTreeInternal(
-    const TraverseCallback& callback, DisallowGarbageCollection* no_gc,
-    IterationMode filter) {
-  DCHECK_NE(filter, IterationMode::kIncludeClearedSideStepTransitions);
-
+    const TraverseCallback& callback, DisallowGarbageCollection* no_gc) {
   // Mostly arbitrary but more than enough to run the test suite in static
   // memory.
   static constexpr int kStaticStackSize = 16;
@@ -684,17 +653,7 @@ void TransitionsAccessor::TraverseTransitionTreeInternal(
         }
         ReadOnlyRoots roots(isolate_);
         for (int i = 0; i < transitions->number_of_transitions(); ++i) {
-          if (TransitionsAccessor::IsSpecialSidestepTransition(
-                  roots, transitions->GetKey(i))) {
-            if (filter == IterationMode::kIncludeSideStepTransitions) {
-              Tagged<Map> target;
-              if (transitions->GetTargetIfExists(i, isolate_, &target)) {
-                stack.emplace_back(target);
-              }
-            }
-          } else {
-            stack.emplace_back(transitions->GetTarget(i));
-          }
+          stack.emplace_back(transitions->GetTarget(i));
         }
         break;
       }
@@ -882,5 +841,40 @@ bool TransitionsAccessor::HasIntegrityLevelTransitionTo(
   return true;
 }
 
-}  // namespace internal
-}  // namespace v8
+// static
+void TransitionsAccessor::EnsureHasSideStepTransitions(Isolate* isolate,
+                                                       DirectHandle<Map> map) {
+  EnsureHasFullTransitionArray(isolate, map);
+  Tagged<TransitionArray> transitions =
+      GetTransitionArray(isolate, map->raw_transitions());
+  if (transitions->HasSideStepTransitions()) return;
+  TransitionArray::CreateSideStepTransitions(isolate,
+                                             handle(transitions, isolate));
+}
+
+// static
+void TransitionArray::CreateSideStepTransitions(
+    Isolate* isolate, DirectHandle<TransitionArray> transitions) {
+  DCHECK(!transitions->HasSideStepTransitions());  // Callers must check first.
+  DirectHandle<WeakFixedArray> result = WeakFixedArray::New(
+      isolate, SideStepTransition::kSize, AllocationType::kYoung,
+      handle(SideStepTransition::Empty, isolate));
+  transitions->set(kSideStepTransitionsIndex, *result);
+}
+
+std::ostream& operator<<(std::ostream& os, SideStepTransition::Kind sidestep) {
+  switch (sidestep) {
+    case SideStepTransition::Kind::kObjectAssignValidityCell:
+      os << "Object.assign-validity-cell";
+      break;
+    case SideStepTransition::Kind::kObjectAssign:
+      os << "Object.assign-map";
+      break;
+    case SideStepTransition::Kind::kCloneObject:
+      os << "Clone-object-IC-map";
+      break;
+  }
+  return os;
+}
+
+}  // namespace v8::internal
diff --git a/deps/v8/src/objects/transitions.h b/deps/v8/src/objects/transitions.h
index 429a294e052354..b45f93d734d82d 100644
--- a/deps/v8/src/objects/transitions.h
+++ b/deps/v8/src/objects/transitions.h
@@ -5,6 +5,8 @@
 #ifndef V8_OBJECTS_TRANSITIONS_H_
 #define V8_OBJECTS_TRANSITIONS_H_
 
+#include <optional>
+
 #include "src/common/checks.h"
 #include "src/execution/isolate.h"
 #include "src/objects/descriptor-array.h"
@@ -17,16 +19,46 @@
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace third_party_heap {
 class Impl;
-}
+}  // namespace third_party_heap
 
 // Find all transitions with given name and calls the callback.
 using ForEachTransitionCallback = std::function<void(Tagged<Map>)>;
 
+// Descriptor for the contents of special side-step transition arrays.
+// Side-step transitions are accessed through the TransitionsAccessor which
+// enforces adherence to this format. The entries are either weak, Empty, or
+// Unreachable.
+struct SideStepTransition {
+  enum class Kind : uint32_t {
+    kCloneObject,
+    kObjectAssign,
+    kObjectAssignValidityCell,
+  };
+  static constexpr uint32_t kSize =
+      static_cast<uint32_t>(Kind::kObjectAssignValidityCell) + 1;
+
+  static constexpr Tagged<Smi> Empty = Smi::FromInt(0);
+  static constexpr Tagged<Smi> Unreachable = Smi::FromInt(1);
+
+ private:
+  static constexpr int index_of(Kind kind) {
+    return static_cast<uint32_t>(kind);
+  }
+  static constexpr uint32_t kFirstMapIdx =
+      static_cast<uint32_t>(Kind::kCloneObject);
+  static constexpr uint32_t kLastMapIdx =
+      static_cast<uint32_t>(Kind::kObjectAssign);
+  friend class TransitionsAccessor;
+  friend class TransitionArray;
+  friend class ObjectAssignAssembler;
+};
+
+std::ostream& operator<<(std::ostream& os, SideStepTransition::Kind sidestep);
+
 // TransitionsAccessor is a helper class to encapsulate access to the various
 // ways a Map can store transitions to other maps in its respective field at
 // Map::kTransitionsOrPrototypeInfo.
@@ -54,14 +86,14 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
 
   // Insert a new transition into |map|'s transition array, extending it
   // as necessary. This can trigger GC.
-  static void Insert(Isolate* isolate, Handle<Map> map, DirectHandle<Name> name,
-                     DirectHandle<Map> target, TransitionKindFlag flag) {
-    InsertHelper(isolate, map, name, std::optional<DirectHandle<Map>>(target),
-                 flag);
+  static void Insert(Isolate* isolate, DirectHandle<Map> map,
+                     DirectHandle<Name> name, DirectHandle<Map> target,
+                     TransitionKindFlag flag) {
+    InsertHelper(isolate, map, name, DirectHandle<Map>(target), flag);
   }
-  static void InsertNoneSentinel(Isolate* isolate, Handle<Map> map,
+  static void InsertNoneSentinel(Isolate* isolate, DirectHandle<Map> map,
                                  DirectHandle<Name> name) {
-    InsertHelper(isolate, map, name, std::optional<DirectHandle<Map>>(),
+    InsertHelper(isolate, map, name, DirectHandle<Map>(),
                  TransitionKindFlag::SPECIAL_TRANSITION);
   }
 
@@ -71,22 +103,15 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
       Isolate* isolate, DirectHandle<Map> map, Tagged<Name> name,
       PropertyKind kind, PropertyAttributes attributes);
 
-  // Searches for a transition with a special symbol. The emtpy result |{}| is
-  // used to indicate that the transition does not exist. The nullptr |{Map()}|
-  // is used to indicate that the transition exists but is a negative sentinel
-  // value inserted by |InsertNoneSentinel| (internally this is represented by
-  // the weak reference being a ClearedValue).
-  std::optional<Tagged<Map>> SearchSpecial(Tagged<Symbol> name);
-  static inline std::optional<Handle<Map>> SearchSpecial(Isolate* isolate,
-                                                         DirectHandle<Map> map,
-                                                         Tagged<Symbol> name);
+  // Searches for a transition with a special symbol.
+  Tagged<Map> SearchSpecial(Tagged<Symbol> name);
+  static inline MaybeHandle<Map> SearchSpecial(Isolate* isolate,
+                                               DirectHandle<Map> map,
+                                               Tagged<Symbol> name);
 
   // Returns true for non-property transitions like elements kind, or
   // or frozen/sealed transitions.
   static bool IsSpecialTransition(ReadOnlyRoots roots, Tagged<Name> name);
-  // Additional dependencies crossing between branches of the transition tree.
-  static bool IsSpecialSidestepTransition(ReadOnlyRoots roots,
-                                          Tagged<Name> name);
 
   MaybeHandle<Map> FindTransitionToField(DirectHandle<String> name);
 
@@ -108,30 +133,22 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
   inline std::pair<Handle<String>, Handle<Map>> ExpectedTransition(
       base::Vector<const Char> key_chars);
 
-  enum class IterationMode {
-    kDefault,
-    kIncludeSideStepTransitions,
-    kIncludeClearedSideStepTransitions,
-  };
-  template <typename Callback, typename ProtoCallback>
+  template <typename Callback, typename ProtoCallback,
+            typename SideStepCallback>
   void ForEachTransition(DisallowGarbageCollection* no_gc, Callback callback,
                          ProtoCallback proto_transition_callback,
-                         IterationMode filter = IterationMode::kDefault) {
-    ForEachTransitionWithKey<Callback, ProtoCallback, false>(
-        no_gc, callback, proto_transition_callback, filter);
+                         SideStepCallback side_step_transition_callback) {
+    ForEachTransitionWithKey<Callback, ProtoCallback, SideStepCallback, false>(
+        no_gc, callback, proto_transition_callback,
+        side_step_transition_callback);
   }
 
-  template <typename Callback>
-  void ForEachTransition(DisallowGarbageCollection* no_gc, Callback callback,
-                         IterationMode filter = IterationMode::kDefault) {
-    ForEachTransition(no_gc, callback, callback, filter);
-  }
-
-  template <typename Callback, typename ProtoCallback, bool with_key = true>
+  template <typename Callback, typename ProtoCallback,
+            typename SideStepCallback, bool with_key = true>
   void ForEachTransitionWithKey(DisallowGarbageCollection* no_gc,
                                 Callback callback,
                                 ProtoCallback proto_transition_callback,
-                                IterationMode filter = IterationMode::kDefault);
+                                SideStepCallback side_step_transition_callback);
 
   int NumberOfTransitions();
   // The size of transition arrays are limited so they do not end up in large
@@ -156,13 +173,12 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
   using TraverseCallback = std::function<void(Tagged<Map>)>;
 
   // Traverse the transition tree in preorder.
-  void TraverseTransitionTree(const TraverseCallback& callback,
-                              IterationMode filter = IterationMode::kDefault) {
+  void TraverseTransitionTree(const TraverseCallback& callback) {
     // Make sure that we do not allocate in the callback.
     DisallowGarbageCollection no_gc;
     base::SharedMutexGuardIf<base::kShared> scope(
         isolate_->full_transition_array_access(), concurrent_access_);
-    TraverseTransitionTreeInternal(callback, &no_gc, filter);
+    TraverseTransitionTreeInternal(callback, &no_gc);
   }
 
   // ===== PROTOTYPE TRANSITIONS =====
@@ -174,10 +190,10 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
   // transitions are in the form of a map where the keys are prototype objects
   // and the values are the maps they transition to.
   // PutPrototypeTransition can trigger GC.
-  static bool PutPrototypeTransition(Isolate* isolate, Handle<Map>,
+  static bool PutPrototypeTransition(Isolate* isolate, DirectHandle<Map>,
                                      DirectHandle<Object> prototype,
                                      DirectHandle<Map> target_map);
-  static base::Optional<Tagged<Map>> GetPrototypeTransition(
+  static std::optional<Tagged<Map>> GetPrototypeTransition(
       Isolate* isolate, Tagged<Map> map, Tagged<Object> prototype);
   bool HasPrototypeTransitions();
 
@@ -190,6 +206,13 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
                                  Tagged<Map> migration_target);
   Tagged<Map> GetMigrationTarget();
 
+  inline bool HasSideStepTransitions();
+  static void EnsureHasSideStepTransitions(Isolate* isolate,
+                                           DirectHandle<Map> map);
+  inline Tagged<Object> GetSideStepTransition(SideStepTransition::Kind i);
+  inline void SetSideStepTransition(SideStepTransition::Kind i,
+                                    Tagged<Object> target);
+
 #if DEBUG || OBJECT_PRINT
   void PrintTransitions(std::ostream& os);
   static void PrintOneTransition(std::ostream& os, Tagged<Name> key,
@@ -247,22 +270,22 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
 
   static inline Tagged<Map> GetTargetFromRaw(Tagged<MaybeObject> raw);
 
-  static void EnsureHasFullTransitionArray(Isolate* isolate, Handle<Map> map);
+  static void EnsureHasFullTransitionArray(Isolate* isolate,
+                                           DirectHandle<Map> map);
   static void SetPrototypeTransitions(
-      Isolate* isolate, Handle<Map> map,
+      Isolate* isolate, DirectHandle<Map> map,
       DirectHandle<WeakFixedArray> proto_transitions);
   static Tagged<WeakFixedArray> GetPrototypeTransitions(Isolate* isolate,
                                                         Tagged<Map> map);
 
-  static void InsertHelper(Isolate* isolate, Handle<Map> map,
-                           DirectHandle<Name> name,
-                           std::optional<DirectHandle<Map>> target,
+  static void InsertHelper(Isolate* isolate, DirectHandle<Map> map,
+                           DirectHandle<Name> name, DirectHandle<Map> target,
                            TransitionKindFlag flag);
 
   static inline void ReplaceTransitions(Isolate* isolate, DirectHandle<Map> map,
                                         Tagged<MaybeObject> new_transitions);
   static inline void ReplaceTransitions(
-      Isolate* isolate, Handle<Map> map,
+      Isolate* isolate, DirectHandle<Map> map,
       DirectHandle<TransitionArray> new_transitions);
 
   bool HasSimpleTransitionTo(Tagged<Map> map);
@@ -270,8 +293,7 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
   inline Tagged<Map> GetTargetMapFromWeakRef();
 
   void TraverseTransitionTreeInternal(const TraverseCallback& callback,
-                                      DisallowGarbageCollection* no_gc,
-                                      IterationMode filter);
+                                      DisallowGarbageCollection* no_gc);
 
   Isolate* isolate_;
   Tagged<Map> map_;
@@ -287,13 +309,15 @@ class V8_EXPORT_PRIVATE TransitionsAccessor {
 // The TransitionArray class exposes a very low-level interface. Most clients
 // should use TransitionsAccessors.
 // TransitionArrays have the following format:
-// [0] Link to next TransitionArray (for weak handling support) (strong ref)
-// [1] Tagged<Smi>(0) or WeakFixedArray of prototype transitions (strong ref)
+// [0] Tagged<Smi>(0) or WeakFixedArray of prototype transitions (strong ref)
+// [1] Tagged<Smi>(0) or WeakFixedArray of side-step transitions (strong ref)
 // [2] Number of transitions (can be zero after trimming)
 // [3] First transition key (strong ref)
 // [4] First transition target (weak ref)
 // ...
-// [3 + number of transitions * kTransitionSize]: start of slack
+// [4 + number of transitions * kTransitionSize]: start of slack
+// TODO(olivf): The slots for prototype transitions and side-steps could be
+// shared.
 class TransitionArray : public WeakFixedArray {
  public:
   inline Tagged<WeakFixedArray> GetPrototypeTransitions();
@@ -331,8 +355,9 @@ class TransitionArray : public WeakFixedArray {
 
   // Layout for full transition arrays.
   static const int kPrototypeTransitionsIndex = 0;
-  static const int kTransitionLengthIndex = 1;
-  static const int kFirstIndex = 2;
+  static const int kSideStepTransitionsIndex = 1;
+  static const int kTransitionLengthIndex = 2;
+  static const int kFirstIndex = 3;
 
   // Layout of map transition entries in full transition arrays.
   static const int kEntryKeyIndex = 0;
@@ -354,6 +379,11 @@ class TransitionArray : public WeakFixedArray {
   inline Tagged<Map> SearchAndGetTargetForTesting(
       PropertyKind kind, Tagged<Name> name, PropertyAttributes attributes);
 
+  // Accessors for side-step transitions.
+  inline bool HasSideStepTransitions();
+  static void CreateSideStepTransitions(
+      Isolate* isolate, DirectHandle<TransitionArray> transitions);
+
  private:
   friend class Factory;
   friend class MarkCompactCollector;
@@ -444,11 +474,12 @@ class TransitionArray : public WeakFixedArray {
   inline void Set(int transition_number, Tagged<Name> key,
                   Tagged<MaybeObject> target);
 
+  inline Tagged<WeakFixedArray> GetSideStepTransitions();
+
   OBJECT_CONSTRUCTORS(TransitionArray, WeakFixedArray);
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #include "src/objects/object-macros-undef.h"
 
diff --git a/deps/v8/src/objects/trusted-object-inl.h b/deps/v8/src/objects/trusted-object-inl.h
index 7167fcf536acb7..707e2f1264674c 100644
--- a/deps/v8/src/objects/trusted-object-inl.h
+++ b/deps/v8/src/objects/trusted-object-inl.h
@@ -43,13 +43,13 @@ void TrustedObject::WriteProtectedPointerField(int offset,
       *this, offset, value);
 }
 
-bool TrustedObject::IsProtectedPointerFieldCleared(int offset) const {
+bool TrustedObject::IsProtectedPointerFieldEmpty(int offset) const {
   return TaggedField<Object, 0, TrustedSpaceCompressionScheme>::load(
              *this, offset) == Smi::zero();
 }
 
-bool TrustedObject::IsProtectedPointerFieldCleared(int offset,
-                                                   AcquireLoadTag) const {
+bool TrustedObject::IsProtectedPointerFieldEmpty(int offset,
+                                                 AcquireLoadTag) const {
   return TaggedField<Object, 0, TrustedSpaceCompressionScheme>::Acquire_Load(
              *this, offset) == Smi::zero();
 }
diff --git a/deps/v8/src/objects/trusted-object.h b/deps/v8/src/objects/trusted-object.h
index 301610f40f7666..56613cdac4584e 100644
--- a/deps/v8/src/objects/trusted-object.h
+++ b/deps/v8/src/objects/trusted-object.h
@@ -50,8 +50,8 @@ class TrustedObject : public HeapObject {
   inline void WriteProtectedPointerField(int offset,
                                          Tagged<TrustedObject> value,
                                          ReleaseStoreTag);
-  inline bool IsProtectedPointerFieldCleared(int offset) const;
-  inline bool IsProtectedPointerFieldCleared(int offset, AcquireLoadTag) const;
+  inline bool IsProtectedPointerFieldEmpty(int offset) const;
+  inline bool IsProtectedPointerFieldEmpty(int offset, AcquireLoadTag) const;
   inline void ClearProtectedPointerField(int offset);
   inline void ClearProtectedPointerField(int offset, ReleaseStoreTag);
 
diff --git a/deps/v8/src/objects/trusted-object.tq b/deps/v8/src/objects/trusted-object.tq
index b93fe7897623f3..176a2325e683a3 100644
--- a/deps/v8/src/objects/trusted-object.tq
+++ b/deps/v8/src/objects/trusted-object.tq
@@ -9,5 +9,5 @@ extern class TrustedObject extends HeapObject {}
 @abstract
 @cppObjectDefinition
 extern class ExposedTrustedObject extends TrustedObject {
-  @if(V8_ENABLE_SANDBOX) self_indirect_pointer: IndirectPointer;
+  @if(V8_ENABLE_SANDBOX) self_indirect_pointer: TrustedPointer;
 }
diff --git a/deps/v8/src/objects/value-serializer.cc b/deps/v8/src/objects/value-serializer.cc
index e606ad4f8da446..89c0d96baff05c 100644
--- a/deps/v8/src/objects/value-serializer.cc
+++ b/deps/v8/src/objects/value-serializer.cc
@@ -1464,6 +1464,17 @@ Maybe<base::Vector<const uint8_t>> ValueDeserializer::ReadRawBytes(
   return Just(base::Vector<const uint8_t>(start, size));
 }
 
+Maybe<base::Vector<const base::uc16>> ValueDeserializer::ReadRawTwoBytes(
+    size_t size) {
+  if (size > static_cast<size_t>(end_ - position_) ||
+      size % sizeof(base::uc16) != 0) {
+    return Nothing<base::Vector<const base::uc16>>();
+  }
+  const base::uc16* start = (const base::uc16*)(position_);
+  position_ += size;
+  return Just(base::Vector<const base::uc16>(start, size / sizeof(base::uc16)));
+}
+
 bool ValueDeserializer::ReadByte(uint8_t* value) {
   if (static_cast<size_t>(end_ - position_) < sizeof(uint8_t)) return false;
   *value = *position_;
@@ -2239,7 +2250,7 @@ MaybeHandle<Object> ValueDeserializer::ReadJSError() {
   }
 
   // Check for message property.
-  Handle<Object> message = isolate_->factory()->undefined_value();
+  DirectHandle<Object> message = isolate_->factory()->undefined_value();
   if (static_cast<ErrorTag>(tag) == ErrorTag::kMessage) {
     Handle<String> message_string;
     if (!ReadString().ToHandle(&message_string)) {
@@ -2449,6 +2460,12 @@ Maybe<uint32_t> ValueDeserializer::ReadJSObjectProperties(
         return Just(static_cast<uint32_t>(properties.size()));
       }
 
+      // Determine the key to be used and the target map to transition to, if
+      // possible. Transitioning may abort if the key is not a string, or if no
+      // transition was found.
+      Handle<Object> key;
+      Handle<Map> target;
+      bool transition_was_found = false;
       const uint8_t* start_position = position_;
       uint32_t byte_length;
       if (!ReadTag().To(&tag) || !ReadVarint<uint32_t>().To(&byte_length)) {
@@ -2459,25 +2476,33 @@ Maybe<uint32_t> ValueDeserializer::ReadJSObjectProperties(
       CHECK_LE(byte_length,
                static_cast<uint32_t>(std::numeric_limits<int32_t>::max()));
 #endif  // V8_VALUE_DESERIALIZER_HARD_FAIL
-
-      // Determine the key to be used and the target map to transition to, if
-      // possible. Transitioning may abort if the key is not a string, or if no
-      // transition was found.
-      Handle<Object> key;
-      Handle<Map> target;
       std::pair<Handle<String>, Handle<Map>> expected_transition;
       {
         TransitionsAccessor transitions(isolate_, *map);
-        base::Vector<const uint8_t> key_chars(position_, byte_length);
-        auto expected_transition = transitions.ExpectedTransition(key_chars);
+        if (tag == SerializationTag::kOneByteString) {
+          base::Vector<const uint8_t> key_chars;
+          if (ReadRawBytes(byte_length).To(&key_chars)) {
+            expected_transition = transitions.ExpectedTransition(key_chars);
+          }
+        } else if (tag == SerializationTag::kTwoByteString) {
+          base::Vector<const base::uc16> key_chars;
+          if (ReadRawTwoBytes(byte_length).To(&key_chars)) {
+            expected_transition = transitions.ExpectedTransition(key_chars);
+          }
+        } else if (tag == SerializationTag::kUtf8String) {
+          base::Vector<const uint8_t> key_chars;
+          if (ReadRawBytes(byte_length).To(&key_chars) &&
+              String::IsAscii(key_chars.begin(), key_chars.length())) {
+            expected_transition = transitions.ExpectedTransition(key_chars);
+          }
+        }
         if (!expected_transition.first.is_null()) {
+          transition_was_found = true;
+          key = expected_transition.first;
           target = expected_transition.second;
         }
       }
-      if (!expected_transition.first.is_null()) {
-        key = expected_transition.first;
-        position_ += byte_length;
-      } else {
+      if (!transition_was_found) {
         position_ = start_position;
         if (!ReadObject().ToHandle(&key) || !IsValidObjectKey(*key, isolate_)) {
           return Nothing<uint32_t>();
diff --git a/deps/v8/src/objects/value-serializer.h b/deps/v8/src/objects/value-serializer.h
index 094210f286ab10..342c58be184d09 100644
--- a/deps/v8/src/objects/value-serializer.h
+++ b/deps/v8/src/objects/value-serializer.h
@@ -264,6 +264,8 @@ class ValueDeserializer {
   Maybe<double> ReadDouble() V8_WARN_UNUSED_RESULT;
   Maybe<base::Vector<const uint8_t>> ReadRawBytes(size_t size)
       V8_WARN_UNUSED_RESULT;
+  Maybe<base::Vector<const base::uc16>> ReadRawTwoBytes(size_t size)
+      V8_WARN_UNUSED_RESULT;
   MaybeHandle<Object> ReadObject() V8_WARN_UNUSED_RESULT;
 
   // Like ReadObject, but skips logic for special cases in simulating the
diff --git a/deps/v8/src/objects/visitors.h b/deps/v8/src/objects/visitors.h
index 19193e87a90d3f..33d794441e62b8 100644
--- a/deps/v8/src/objects/visitors.h
+++ b/deps/v8/src/objects/visitors.h
@@ -262,7 +262,7 @@ class ClientRootVisitor final : public RootVisitor {
                          FullObjectSlot start, FullObjectSlot end) final {
     for (FullObjectSlot p = start; p < end; ++p) {
       Tagged<Object> object = *p;
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
       if (object.ptr() == ValueHelper::kTaggedNullAddress) continue;
 #endif
       if (!IsSharedHeapObject(object)) continue;
diff --git a/deps/v8/src/parsing/func-name-inferrer.h b/deps/v8/src/parsing/func-name-inferrer.h
index 2c7f1d58179295..5dd7334354ae86 100644
--- a/deps/v8/src/parsing/func-name-inferrer.h
+++ b/deps/v8/src/parsing/func-name-inferrer.h
@@ -9,6 +9,7 @@
 
 #include "src/base/macros.h"
 #include "src/base/pointer-with-payload.h"
+#include "src/base/small-vector.h"
 
 namespace v8 {
 
@@ -58,7 +59,7 @@ class FuncNameInferrer {
     }
     ~State() {
       DCHECK(fni_->IsOpen());
-      fni_->names_stack_.resize(top_);
+      fni_->names_stack_.resize_no_init(top_);
       --fni_->scope_depth_;
     }
     State(const State&) = delete;
@@ -125,7 +126,7 @@ class FuncNameInferrer {
   void InferFunctionsNames();
 
   AstValueFactory* ast_value_factory_;
-  std::vector<Name> names_stack_;
+  base::SmallVector<Name, 8> names_stack_;
   std::vector<FunctionLiteral*> funcs_to_infer_;
   size_t scope_depth_ = 0;
 };
diff --git a/deps/v8/src/parsing/parse-info.cc b/deps/v8/src/parsing/parse-info.cc
index 2924e4df6193e9..88744cea23efdc 100644
--- a/deps/v8/src/parsing/parse-info.cc
+++ b/deps/v8/src/parsing/parse-info.cc
@@ -198,7 +198,7 @@ ParseInfo::ParseInfo(const UnoptimizedCompileFlags flags,
       script_scope_(nullptr),
       stack_limit_(stack_limit),
       parameters_end_pos_(kNoSourcePosition),
-      max_function_literal_id_(kFunctionLiteralIdInvalid),
+      max_info_id_(kInvalidInfoId),
       character_stream_(nullptr),
       function_name_(nullptr),
       runtime_call_stats_(runtime_call_stats),
@@ -210,7 +210,8 @@ ParseInfo::ParseInfo(const UnoptimizedCompileFlags flags,
 #endif  // V8_ENABLE_WEBASSEMBLY
       language_mode_(flags.outer_language_mode()),
       is_background_compilation_(false),
-      is_streaming_compilation_(false) {
+      is_streaming_compilation_(false),
+      has_module_in_scope_chain_(flags.is_module()) {
   if (flags.block_coverage_enabled()) {
     AllocateSourceRangeMap();
   }
diff --git a/deps/v8/src/parsing/parse-info.h b/deps/v8/src/parsing/parse-info.h
index 59de7059190c23..e7a75a4d6dde91 100644
--- a/deps/v8/src/parsing/parse-info.h
+++ b/deps/v8/src/parsing/parse-info.h
@@ -328,10 +328,8 @@ class V8_EXPORT_PRIVATE ParseInfo {
     return flags().function_syntax_kind() == FunctionSyntaxKind::kWrapped;
   }
 
-  int max_function_literal_id() const { return max_function_literal_id_; }
-  void set_max_function_literal_id(int max_function_literal_id) {
-    max_function_literal_id_ = max_function_literal_id;
-  }
+  int max_info_id() const { return max_info_id_; }
+  void set_max_info_id(int max_info_id) { max_info_id_ = max_info_id; }
 
   void AllocateSourceRangeMap();
   SourceRangeMap* source_range_map() const { return source_range_map_; }
@@ -349,6 +347,9 @@ class V8_EXPORT_PRIVATE ParseInfo {
 
   void set_is_streaming_compilation() { is_streaming_compilation_ = true; }
 
+  bool has_module_in_scope_chain() const { return has_module_in_scope_chain_; }
+  void set_has_module_in_scope_chain() { has_module_in_scope_chain_ = true; }
+
   void SetCompileHintCallbackAndData(CompileHintCallback callback, void* data) {
     DCHECK_NULL(compile_hint_callback_);
     DCHECK_NULL(compile_hint_callback_data_);
@@ -380,7 +381,7 @@ class V8_EXPORT_PRIVATE ParseInfo {
   DeclarationScope* script_scope_;
   uintptr_t stack_limit_;
   int parameters_end_pos_;
-  int max_function_literal_id_;
+  int max_info_id_;
 
   v8::CompileHintCallback compile_hint_callback_ = nullptr;
   void* compile_hint_callback_data_ = nullptr;
@@ -401,6 +402,7 @@ class V8_EXPORT_PRIVATE ParseInfo {
   LanguageMode language_mode_ : 1;
   bool is_background_compilation_ : 1;
   bool is_streaming_compilation_ : 1;
+  bool has_module_in_scope_chain_ : 1;
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/parsing/parser-base.h b/deps/v8/src/parsing/parser-base.h
index 54e4d8ecc96d7c..cab57b448cb9b8 100644
--- a/deps/v8/src/parsing/parser-base.h
+++ b/deps/v8/src/parsing/parser-base.h
@@ -7,6 +7,7 @@
 
 #include <stdint.h>
 
+#include <optional>
 #include <utility>
 #include <vector>
 
@@ -22,7 +23,6 @@
 #include "src/logging/log.h"
 #include "src/logging/runtime-call-stats-scope.h"
 #include "src/objects/function-kind.h"
-#include "src/objects/tagged-impl.h"
 #include "src/parsing/expression-scope.h"
 #include "src/parsing/func-name-inferrer.h"
 #include "src/parsing/parse-info.h"
@@ -31,8 +31,7 @@
 #include "src/regexp/regexp.h"
 #include "src/zone/zone-chunk-list.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class PreParserIdentifier;
 
@@ -185,6 +184,7 @@ template <typename Impl>
 struct ParserTypes;
 
 enum class ParsePropertyKind : uint8_t {
+  kAutoAccessorClassField,
   kAccessorGetter,
   kAccessorSetter,
   kValue,
@@ -263,13 +263,20 @@ class ParserBase {
         expression_scope_(nullptr),
         scanner_(scanner),
         flags_(flags),
-        function_literal_id_(0),
+        info_id_(0),
+        has_module_in_scope_chain_(flags_.is_module()),
         default_eager_compile_hint_(FunctionLiteral::kShouldLazyCompile) {
     pointer_buffer_.reserve(32);
     variable_buffer_.reserve(32);
   }
 
   const UnoptimizedCompileFlags& flags() const { return flags_; }
+  bool has_module_in_scope_chain() const { return has_module_in_scope_chain_; }
+
+  // DebugEvaluate code
+  bool IsParsingWhileDebugging() const {
+    return flags().parsing_while_debugging() == ParsingWhileDebugging::kYes;
+  }
 
   bool allow_eval_cache() const { return allow_eval_cache_; }
   void set_allow_eval_cache(bool allow) { allow_eval_cache_ = allow; }
@@ -292,13 +299,13 @@ class ParserBase {
   int loop_nesting_depth() const {
     return function_state_->loop_nesting_depth();
   }
-  int PeekNextFunctionLiteralId() { return function_literal_id_ + 1; }
-  int GetNextFunctionLiteralId() { return ++function_literal_id_; }
-  int GetLastFunctionLiteralId() const { return function_literal_id_; }
+  int PeekNextInfoId() { return info_id_ + 1; }
+  int GetNextInfoId() { return ++info_id_; }
+  int GetLastInfoId() const { return info_id_; }
 
-  void SkipFunctionLiterals(int delta) { function_literal_id_ += delta; }
+  void SkipInfos(int delta) { info_id_ += delta; }
 
-  void ResetFunctionLiteralId() { function_literal_id_ = 0; }
+  void ResetInfoId() { info_id_ = 0; }
 
   // The Zone where the parsing outputs are stored.
   Zone* main_zone() const { return ast_value_factory()->single_parse_zone(); }
@@ -620,7 +627,7 @@ class ParserBase {
             FunctionKind::kClassStaticInitializerFunction);
         static_elements_scope->SetLanguageMode(LanguageMode::kStrict);
         static_elements_scope->set_start_position(beg_pos);
-        static_elements_function_id = parser->GetNextFunctionLiteralId();
+        static_elements_function_id = parser->GetNextInfoId();
       }
       return static_elements_scope;
     }
@@ -632,7 +639,7 @@ class ParserBase {
             FunctionKind::kClassMembersInitializerFunction);
         instance_members_scope->SetLanguageMode(LanguageMode::kStrict);
         instance_members_scope->set_start_position(beg_pos);
-        instance_members_function_id = parser->GetNextFunctionLiteralId();
+        instance_members_function_id = parser->GetNextInfoId();
       }
       return instance_members_scope;
     }
@@ -641,6 +648,7 @@ class ParserBase {
     DeclarationScope* instance_members_scope = nullptr;
     Variable* home_object_variable = nullptr;
     Variable* static_home_object_variable = nullptr;
+    int autoaccessor_count = 0;
     int static_elements_function_id = -1;
     int instance_members_function_id = -1;
     int computed_field_count = 0;
@@ -754,6 +762,8 @@ class ParserBase {
 
   ClassLiteralProperty::Kind ClassPropertyKindFor(ParsePropertyKind kind) {
     switch (kind) {
+      case ParsePropertyKind::kAutoAccessorClassField:
+        return ClassLiteralProperty::AUTO_ACCESSOR;
       case ParsePropertyKind::kAccessorGetter:
         return ClassLiteralProperty::GETTER;
       case ParsePropertyKind::kAccessorSetter:
@@ -778,6 +788,8 @@ class ParserBase {
         return VariableMode::kPrivateGetterOnly;
       case ClassLiteralProperty::Kind::SETTER:
         return VariableMode::kPrivateSetterOnly;
+      case ClassLiteralProperty::Kind::AUTO_ACCESSOR:
+        return VariableMode::kPrivateGetterAndSetter;
     }
   }
 
@@ -787,6 +799,12 @@ class ParserBase {
     return ast_value_factory->GetOneByteString(name.c_str());
   }
 
+  const AstRawString* AutoAccessorVariableName(
+      AstValueFactory* ast_value_factory, int index) {
+    std::string name = ".accessor-storage-" + std::to_string(index);
+    return ast_value_factory->GetOneByteString(name.c_str());
+  }
+
   DeclarationScope* NewScriptScope(REPLMode repl_mode) const {
     return zone()->template New<DeclarationScope>(zone(), ast_value_factory(),
                                                   repl_mode);
@@ -1288,6 +1306,14 @@ class ParserBase {
 
   ExpressionT ParseProperty(ParsePropertyInfo* prop_info);
   ExpressionT ParseObjectLiteral();
+  V8_INLINE bool VerifyCanHaveAutoAccessorOrThrow(ParsePropertyInfo* prop_info,
+                                                  ExpressionT name_expression,
+                                                  int name_token_position);
+  V8_INLINE bool ParseCurrentSymbolAsClassFieldOrMethod(
+      ParsePropertyInfo* prop_info, ExpressionT* name_expression);
+  V8_INLINE bool ParseAccessorPropertyOrAutoAccessors(
+      ParsePropertyInfo* prop_info, ExpressionT* name_expression,
+      int* name_token_position);
   ClassLiteralPropertyT ParseClassPropertyDefinition(
       ClassInfo* class_info, ParsePropertyInfo* prop_info, bool has_extends);
   void CheckClassFieldName(IdentifierT name, bool is_static);
@@ -1333,7 +1359,6 @@ class ParserBase {
   ExpressionT ParseArrowFunctionLiteral(const FormalParametersT& parameters,
                                         int function_literal_id,
                                         bool could_be_immediately_invoked);
-  void ParseAsyncFunctionBody(Scope* scope, StatementListT* body);
   ExpressionT ParseAsyncFunctionLiteral();
   ExpressionT ParseClassExpression(Scope* outer_scope);
   ExpressionT ParseClassLiteral(Scope* outer_scope, IdentifierT name,
@@ -1557,17 +1582,15 @@ class ParserBase {
   // Keep track of eval() calls since they disable all local variable
   // optimizations. This checks if expression is an eval call, and if yes,
   // forwards the information to scope.
-  Call::PossiblyEval CheckPossibleEvalCall(ExpressionT expression,
-                                           bool is_optional_call,
-                                           Scope* scope) {
+  bool CheckPossibleEvalCall(ExpressionT expression, bool is_optional_call,
+                             Scope* scope) {
     if (impl()->IsIdentifier(expression) &&
         impl()->IsEval(impl()->AsIdentifier(expression)) && !is_optional_call) {
       function_state_->RecordFunctionOrEvalCall();
       scope->RecordEvalCall();
-
-      return Call::IS_POSSIBLY_EVAL;
+      return true;
     }
-    return Call::NOT_EVAL;
+    return false;
   }
 
   // Convenience method which determines the type of return statement to emit
@@ -1670,6 +1693,7 @@ class ParserBase {
   PendingCompilationErrorHandler* pending_error_handler_;
 
   // Parser base's private field members.
+  void set_has_module_in_scope_chain() { has_module_in_scope_chain_ = true; }
 
  private:
   Zone* zone_;
@@ -1681,7 +1705,9 @@ class ParserBase {
   Scanner* scanner_;
 
   const UnoptimizedCompileFlags flags_;
-  int function_literal_id_;
+  int info_id_;
+
+  bool has_module_in_scope_chain_ : 1;
 
   FunctionLiteral::EagerCompileHint default_eager_compile_hint_;
 
@@ -1890,7 +1916,7 @@ bool ParserBase<Impl>::IsExtraordinaryPrivateNameAccessAllowed() const {
         return true;
       // Top-level wrapper function scopes.
       case FUNCTION_SCOPE:
-        return function_literal_id_ == kFunctionLiteralIdTopLevel;
+        return info_id_ == kFunctionLiteralIdTopLevel;
       // Used by debug-evaluate. If the outer scope is top-level,
       // extraordinary private name access is allowed.
       case EVAL_SCOPE:
@@ -1977,7 +2003,7 @@ typename ParserBase<Impl>::ExpressionT ParserBase<Impl>::ParseRegExpLiteral() {
   }
 
   const AstRawString* pattern = GetNextSymbolForRegExpLiteral();
-  base::Optional<RegExpFlags> flags = scanner()->ScanRegExpFlags();
+  std::optional<RegExpFlags> flags = scanner()->ScanRegExpFlags();
   const AstRawString* flags_as_ast_raw_string = GetNextSymbolForRegExpLiteral();
   if (!flags.has_value() || !ValidateRegExpFlags(flags.value())) {
     Next();
@@ -2076,8 +2102,7 @@ ParserBase<Impl>::ParsePrimaryExpression() {
     }
 
     if (V8_UNLIKELY(peek() == Token::kArrow)) {
-      ArrowHeadParsingScope parsing_scope(impl(), kind,
-                                          PeekNextFunctionLiteralId());
+      ArrowHeadParsingScope parsing_scope(impl(), kind, PeekNextInfoId());
       IdentifierT name = ParseAndClassifyIdentifier(token);
       ClassifyParameter(name, beg_pos, end_position());
       ExpressionT result =
@@ -2144,8 +2169,7 @@ ParserBase<Impl>::ParsePrimaryExpression() {
         if (peek() != Token::kArrow) ReportUnexpectedToken(Token::kRightParen);
         next_arrow_function_info_.scope =
             NewFunctionScope(FunctionKind::kArrowFunction);
-        next_arrow_function_info_.function_literal_id =
-            PeekNextFunctionLiteralId();
+        next_arrow_function_info_.function_literal_id = PeekNextInfoId();
         next_arrow_function_info_.could_be_immediately_invoked =
             position_after_last_primary_expression_open_parenthesis_ == beg_pos;
         return factory()->NewEmptyParentheses(beg_pos);
@@ -2154,7 +2178,7 @@ ParserBase<Impl>::ParsePrimaryExpression() {
       bool could_be_immediately_invoked_arrow_function =
           position_after_last_primary_expression_open_parenthesis_ == beg_pos;
       ArrowHeadParsingScope maybe_arrow(impl(), FunctionKind::kArrowFunction,
-                                        PeekNextFunctionLiteralId());
+                                        PeekNextInfoId());
       position_after_last_primary_expression_open_parenthesis_ =
           peek_position();
       // Heuristically try to detect immediately called functions before
@@ -2532,6 +2556,66 @@ typename ParserBase<Impl>::ExpressionT ParserBase<Impl>::ParseProperty(
                         : factory()->NewStringLiteral(prop_info->name, pos);
 }
 
+template <typename Impl>
+bool ParserBase<Impl>::VerifyCanHaveAutoAccessorOrThrow(
+    ParsePropertyInfo* prop_info, ExpressionT name_expression,
+    int name_token_position) {
+  switch (prop_info->kind) {
+    case ParsePropertyKind::kAssign:
+    case ParsePropertyKind::kClassField:
+    case ParsePropertyKind::kShorthandOrClassField:
+    case ParsePropertyKind::kNotSet:
+      prop_info->kind = ParsePropertyKind::kAutoAccessorClassField;
+      return true;
+    default:
+      impl()->ReportUnexpectedTokenAt(
+          Scanner::Location(name_token_position, name_expression->position()),
+          Token::kAccessor);
+      return false;
+  }
+}
+
+template <typename Impl>
+bool ParserBase<Impl>::ParseCurrentSymbolAsClassFieldOrMethod(
+    ParsePropertyInfo* prop_info, ExpressionT* name_expression) {
+  if (peek() == Token::kLeftParen) {
+    prop_info->kind = ParsePropertyKind::kMethod;
+    prop_info->name = impl()->GetIdentifier();
+    *name_expression = factory()->NewStringLiteral(prop_info->name, position());
+    return true;
+  }
+  if (peek() == Token::kAssign || peek() == Token::kSemicolon ||
+      peek() == Token::kRightBrace) {
+    prop_info->name = impl()->GetIdentifier();
+    *name_expression = factory()->NewStringLiteral(prop_info->name, position());
+    return true;
+  }
+  return false;
+}
+
+template <typename Impl>
+bool ParserBase<Impl>::ParseAccessorPropertyOrAutoAccessors(
+    ParsePropertyInfo* prop_info, ExpressionT* name_expression,
+    int* name_token_position) {
+  // accessor [no LineTerminator here] ClassElementName[?Yield, ?Await]
+  // Initializer[~In, ?Yield, ?Await]opt ;
+  Consume(Token::kAccessor);
+  *name_token_position = scanner()->peek_location().beg_pos;
+  // If there is a line terminator here, it cannot be an auto-accessor.
+  if (scanner()->HasLineTerminatorBeforeNext()) {
+    prop_info->kind = ParsePropertyKind::kClassField;
+    prop_info->name = impl()->GetIdentifier();
+    *name_expression = factory()->NewStringLiteral(prop_info->name, position());
+    return true;
+  }
+  if (ParseCurrentSymbolAsClassFieldOrMethod(prop_info, name_expression)) {
+    return true;
+  }
+  *name_expression = ParseProperty(prop_info);
+  return VerifyCanHaveAutoAccessorOrThrow(prop_info, *name_expression,
+                                          *name_token_position);
+}
+
 template <typename Impl>
 typename ParserBase<Impl>::ClassLiteralPropertyT
 ParserBase<Impl>::ParseClassPropertyDefinition(ClassInfo* class_info,
@@ -2547,21 +2631,21 @@ ParserBase<Impl>::ParseClassPropertyDefinition(ClassInfo* class_info,
   if (name_token == Token::kStatic) {
     Consume(Token::kStatic);
     name_token_position = scanner()->peek_location().beg_pos;
-    if (peek() == Token::kLeftParen) {
-      prop_info->kind = ParsePropertyKind::kMethod;
-      // TODO(bakkot) specialize on 'static'
-      prop_info->name = impl()->GetIdentifier();
-      name_expression =
-          factory()->NewStringLiteral(prop_info->name, position());
-    } else if (peek() == Token::kAssign || peek() == Token::kSemicolon ||
-               peek() == Token::kRightBrace) {
-      // TODO(bakkot) specialize on 'static'
-      prop_info->name = impl()->GetIdentifier();
-      name_expression =
-          factory()->NewStringLiteral(prop_info->name, position());
-    } else {
+    if (!ParseCurrentSymbolAsClassFieldOrMethod(prop_info, &name_expression)) {
       prop_info->is_static = true;
-      name_expression = ParseProperty(prop_info);
+      if (v8_flags.js_decorators && peek() == Token::kAccessor) {
+        if (!ParseAccessorPropertyOrAutoAccessors(prop_info, &name_expression,
+                                                  &name_token_position)) {
+          return impl()->NullLiteralProperty();
+        }
+      } else {
+        name_expression = ParseProperty(prop_info);
+      }
+    }
+  } else if (v8_flags.js_decorators && name_token == Token::kAccessor) {
+    if (!ParseAccessorPropertyOrAutoAccessors(prop_info, &name_expression,
+                                              &name_token_position)) {
+      return impl()->NullLiteralProperty();
     }
   } else {
     name_expression = ParseProperty(prop_info);
@@ -2569,6 +2653,7 @@ ParserBase<Impl>::ParseClassPropertyDefinition(ClassInfo* class_info,
 
   switch (prop_info->kind) {
     case ParsePropertyKind::kAssign:
+    case ParsePropertyKind::kAutoAccessorClassField:
     case ParsePropertyKind::kClassField:
     case ParsePropertyKind::kShorthandOrClassField:
     case ParsePropertyKind::kNotSet: {  // This case is a name followed by a
@@ -2580,21 +2665,32 @@ ParserBase<Impl>::ParseClassPropertyDefinition(ClassInfo* class_info,
                                         // will be a syntax error after parsing
                                         // the first name as an uninitialized
                                         // field.
-      prop_info->kind = ParsePropertyKind::kClassField;
       DCHECK_IMPLIES(prop_info->is_computed_name, !prop_info->is_private);
 
       if (!prop_info->is_computed_name) {
         CheckClassFieldName(prop_info->name, prop_info->is_static);
       }
 
-      ExpressionT initializer = ParseMemberInitializer(
-          class_info, property_beg_pos, prop_info->is_static);
+      ExpressionT value = ParseMemberInitializer(class_info, property_beg_pos,
+                                                 prop_info->is_static);
       ExpectSemicolon();
 
-      ClassLiteralPropertyT result = factory()->NewClassLiteralProperty(
-          name_expression, initializer, ClassLiteralProperty::FIELD,
-          prop_info->is_static, prop_info->is_computed_name,
-          prop_info->is_private);
+      ClassLiteralPropertyT result;
+      if (prop_info->kind == ParsePropertyKind::kAutoAccessorClassField) {
+        // Declare the auto-accessor synthetic getter and setter here where we
+        // have access to the property position in parsing and preparsing.
+        result = impl()->NewClassLiteralPropertyWithAccessorInfo(
+            scope()->AsClassScope(), class_info, prop_info->name,
+            name_expression, value, prop_info->is_static,
+            prop_info->is_computed_name, prop_info->is_private,
+            property_beg_pos);
+      } else {
+        prop_info->kind = ParsePropertyKind::kClassField;
+        result = factory()->NewClassLiteralProperty(
+            name_expression, value, ClassLiteralProperty::FIELD,
+            prop_info->is_static, prop_info->is_computed_name,
+            prop_info->is_private);
+      }
       impl()->SetFunctionNameFromPropertyName(result, prop_info->name);
 
       return result;
@@ -2898,6 +2994,7 @@ ParserBase<Impl>::ParseObjectPropertyDefinition(ParsePropertyInfo* prop_info,
       return result;
     }
 
+    case ParsePropertyKind::kAutoAccessorClassField:
     case ParsePropertyKind::kClassField:
     case ParsePropertyKind::kNotSet:
       ReportUnexpectedToken(Next());
@@ -3139,7 +3236,7 @@ ParserBase<Impl>::ParseAssignmentExpressionCoverGrammarContinuation(
     // function, and checks whether it's still the function id we wanted. If
     // not, we'll reindex the arrow function formal parameters to shift them all
     // 1 down to make space for the arrow function.
-    if (function_literal_id != GetNextFunctionLiteralId()) {
+    if (function_literal_id != GetNextInfoId()) {
       impl()->ReindexArrowFunctionFormalParameters(&parameters);
     }
 
@@ -3511,8 +3608,7 @@ ParserBase<Impl>::ParseBinaryContinuation(ExpressionT x, int prec, int prec1) {
           // The comparison was negated - add a kNot.
           x = factory()->NewUnaryOperation(Token::kNot, x, pos);
         }
-      } else if (!impl()->ShortcutNumericLiteralBinaryExpression(&x, y, op,
-                                                                 pos) &&
+      } else if (!impl()->ShortcutLiteralBinaryExpression(&x, y, op, pos) &&
                  !impl()->CollapseNaryExpression(&x, y, op, pos, right_range)) {
         // We have a "normal" binary operation.
         x = factory()->NewBinaryOperation(op, x, y, pos);
@@ -3724,7 +3820,7 @@ ParserBase<Impl>::ParseLeftHandSideContinuation(ExpressionT result) {
     int pos = position();
 
     ArrowHeadParsingScope maybe_arrow(impl(), FunctionKind::kAsyncArrowFunction,
-                                      PeekNextFunctionLiteralId());
+                                      PeekNextInfoId());
     Scope::Snapshot scope_snapshot(scope());
 
     ExpressionListT args(pointer_buffer());
@@ -3830,11 +3926,13 @@ ParserBase<Impl>::ParseLeftHandSideContinuation(ExpressionT result) {
         // no explicit receiver.
         // These calls are marked as potentially direct eval calls. Whether
         // they are actually direct calls to eval is determined at run time.
-        Call::PossiblyEval is_possibly_eval =
-            CheckPossibleEvalCall(result, is_optional, scope());
+        int eval_scope_info_index = 0;
+        if (CheckPossibleEvalCall(result, is_optional, scope())) {
+          eval_scope_info_index = GetNextInfoId();
+        }
 
         result = factory()->NewCall(result, args, pos, has_spread,
-                                    is_possibly_eval, is_optional);
+                                    eval_scope_info_index, is_optional);
 
         fni_.RemoveLastFunction();
         break;
@@ -4010,7 +4108,7 @@ ParserBase<Impl>::ParseImportExpressions() {
     } else {
       ExpectContextualKeyword(ast_value_factory()->meta_string(), "import.meta",
                               pos);
-      if (!flags().is_module()) {
+      if (!flags().is_module() && !IsParsingWhileDebugging()) {
         impl()->ReportMessageAt(scanner()->location(),
                                 MessageTemplate::kImportMetaOutsideModule);
         return impl()->FailureExpression();
@@ -4667,15 +4765,11 @@ void ParserBase<Impl>::ParseFunctionBody(
   // TODO(verwaest): Rely on ArrowHeadParsingScope instead.
   if (V8_UNLIKELY(!parameters.is_simple)) {
     if (has_error()) return;
-    BlockT init_block = impl()->BuildParameterInitializationBlock(parameters);
-    if (IsAsyncFunction(kind) && !IsAsyncGeneratorFunction(kind)) {
-      init_block = impl()->BuildRejectPromiseOnException(init_block);
-    }
-    body->Add(init_block);
+    body->Add(impl()->BuildParameterInitializationBlock(parameters));
     if (has_error()) return;
 
     inner_scope = NewVarblockScope();
-    inner_scope->set_start_position(scanner()->location().beg_pos);
+    inner_scope->set_start_position(position());
   }
 
   StatementListT inner_body(pointer_buffer());
@@ -4685,14 +4779,7 @@ void ParserBase<Impl>::ParseFunctionBody(
 
     if (body_type == FunctionBodyType::kExpression) {
       ExpressionT expression = ParseAssignmentExpression();
-
-      if (IsAsyncFunction(kind)) {
-        BlockT block = factory()->NewBlock(1, true);
-        impl()->RewriteAsyncFunctionBody(&inner_body, block, expression);
-      } else {
-        inner_body.Add(
-            BuildReturnStatement(expression, expression->position()));
-      }
+      inner_body.Add(BuildReturnStatement(expression, expression->position()));
     } else {
       DCHECK(accept_IN_);
       DCHECK_EQ(FunctionBodyType::kBlock, body_type);
@@ -4707,11 +4794,14 @@ void ParserBase<Impl>::ParseFunctionBody(
         impl()->ParseAndRewriteAsyncGeneratorFunctionBody(pos, kind,
                                                           &inner_body);
       } else if (IsGeneratorFunction(kind)) {
-        impl()->ParseAndRewriteGeneratorFunctionBody(pos, kind, &inner_body);
-      } else if (IsAsyncFunction(kind)) {
-        ParseAsyncFunctionBody(inner_scope, &inner_body);
+        impl()->ParseGeneratorFunctionBody(pos, kind, &inner_body);
       } else {
         ParseStatementList(&inner_body, closing_token);
+        if (IsAsyncFunction(kind)) {
+          inner_scope->set_end_position(end_position());
+          function_state_ = AddOneSuspendPointIfBlockContainsAwaitUsing(
+              inner_scope, function_state_);
+        }
       }
       if (IsDerivedConstructor(kind)) {
         // Derived constructors are implemented by returning `this` when the
@@ -5154,6 +5244,7 @@ void ParserBase<Impl>::ParseClassLiteralBody(ClassInfo& class_info,
 
     ClassLiteralProperty::Kind property_kind =
         ClassPropertyKindFor(prop_info.kind);
+
     if (!class_info.has_static_computed_names && prop_info.is_static &&
         prop_info.is_computed_name) {
       class_info.has_static_computed_names = true;
@@ -5165,12 +5256,9 @@ void ParserBase<Impl>::ParseClassLiteralBody(ClassInfo& class_info,
     if (V8_UNLIKELY(prop_info.is_private)) {
       DCHECK(!is_constructor);
       class_info.requires_brand |= (!is_field && !prop_info.is_static);
-      if (prop_info.is_static) {
-        class_info.has_static_private_methods_or_accessors |=
-            property_kind == ClassLiteralProperty::METHOD ||
-            property_kind == ClassLiteralProperty::GETTER ||
-            property_kind == ClassLiteralProperty::SETTER;
-      }
+      class_info.has_static_private_methods_or_accessors |=
+          (prop_info.is_static && !is_field);
+
       impl()->DeclarePrivateClassMember(scope()->AsClassScope(), prop_info.name,
                                         property, property_kind,
                                         prop_info.is_static, &class_info);
@@ -5205,22 +5293,6 @@ void ParserBase<Impl>::ParseClassLiteralBody(ClassInfo& class_info,
   scope()->set_end_position(end_position());
 }
 
-template <typename Impl>
-void ParserBase<Impl>::ParseAsyncFunctionBody(Scope* scope,
-                                              StatementListT* body) {
-  BlockT block = impl()->NullBlock();
-  {
-    StatementListT statements(pointer_buffer());
-    ParseStatementList(&statements, Token::kRightBrace);
-    block = factory()->NewBlock(true, statements);
-  }
-  impl()->RewriteAsyncFunctionBody(
-      body, block, factory()->NewUndefinedLiteral(kNoSourcePosition));
-  scope->set_end_position(end_position());
-  function_state_ =
-      AddOneSuspendPointIfBlockContainsAwaitUsing(scope, function_state_);
-}
-
 template <typename Impl>
 typename ParserBase<Impl>::ExpressionT
 ParserBase<Impl>::ParseAsyncFunctionLiteral() {
@@ -6094,7 +6166,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseWithStatement(
   StatementT body = impl()->NullStatement();
   {
     BlockState block_state(&scope_, with_scope);
-    with_scope->set_start_position(scanner()->peek_location().beg_pos);
+    with_scope->set_start_position(position());
     body = ParseStatement(labels, nullptr);
     with_scope->set_end_position(end_position());
   }
@@ -6296,7 +6368,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseTryStatement() {
 
       if (has_binding) {
         catch_info.scope = NewScope(CATCH_SCOPE);
-        catch_info.scope->set_start_position(scanner()->location().beg_pos);
+        catch_info.scope->set_start_position(position());
 
         {
           BlockState catch_block_state(&scope_, catch_info.scope);
@@ -6306,7 +6378,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseTryStatement() {
           // as part of destructuring the catch parameter.
           {
             BlockState catch_variable_block_state(zone(), &scope_);
-            scope()->set_start_position(position());
+            scope()->set_start_position(peek_position());
 
             if (peek_any_identifier()) {
               IdentifierT identifier = ParseNonRestrictedIdentifier();
@@ -6423,6 +6495,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForStatement(
     // Create an inner block scope which will be the parent scope of scopes
     // possibly created by ParseVariableDeclarations.
     Scope* inner_block_scope = NewScope(BLOCK_SCOPE);
+    inner_block_scope->set_start_position(end_position());
     {
       BlockState inner_state(&scope_, inner_block_scope);
       ParseVariableDeclarations(kForStatement, &for_info.parsing_result,
@@ -6448,7 +6521,6 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForStatement(
     // above was parsed there. We'll finalize the unnecessary outer block scope
     // after parsing the rest of the loop.
     StatementT result = impl()->NullStatement();
-    inner_block_scope->set_start_position(scope()->start_position());
     {
       BlockState inner_state(&scope_, inner_block_scope);
       StatementT init =
@@ -6468,7 +6540,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForStatement(
     ParseVariableDeclarations(kForStatement, &for_info.parsing_result,
                               &for_info.bound_names);
     DCHECK_EQ(for_info.parsing_result.descriptor.mode, VariableMode::kVar);
-    for_info.position = scanner()->location().beg_pos;
+    for_info.position = position();
 
     if (CheckInOrOf(&for_info.mode)) {
       return ParseForEachStatementWithDeclarations(stmt_pos, &for_info, labels,
@@ -6575,10 +6647,6 @@ ParserBase<Impl>::ParseForEachStatementWithDeclarations(
 
   Expect(Token::kRightParen);
 
-  if (IsLexicalVariableMode(for_info->parsing_result.descriptor.mode)) {
-    inner_block_scope->set_start_position(position());
-  }
-
   ExpressionT each_variable = impl()->NullExpression();
   BlockT body_block = impl()->NullBlock();
   {
@@ -6757,7 +6825,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForAwaitStatement(
   Expect(Token::kFor);
   Expect(Token::kAwait);
   Expect(Token::kLeftParen);
-  scope()->set_start_position(scanner()->location().beg_pos);
+  scope()->set_start_position(position());
   scope()->set_is_hidden();
 
   auto loop = factory()->NewForOfStatement(stmt_pos, IteratorType::kAsync);
@@ -6771,6 +6839,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForAwaitStatement(
 
   bool has_declarations = false;
   Scope* inner_block_scope = NewScope(BLOCK_SCOPE);
+  inner_block_scope->set_start_position(peek_position());
 
   bool starts_with_let = peek() == Token::kLet;
   if (peek() == Token::kVar || peek() == Token::kConst ||
@@ -6787,7 +6856,7 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForAwaitStatement(
       ParseVariableDeclarations(kForStatement, &for_info.parsing_result,
                                 &for_info.bound_names);
     }
-    for_info.position = scanner()->location().beg_pos;
+    for_info.position = position();
 
     // Only a single declaration is allowed in for-await-of loops
     if (for_info.parsing_result.declarations.size() != 1) {
@@ -6842,7 +6911,6 @@ typename ParserBase<Impl>::StatementT ParserBase<Impl>::ParseForAwaitStatement(
   StatementT body = impl()->NullStatement();
   {
     BlockState block_state(&scope_, inner_block_scope);
-    scope()->set_start_position(scanner()->location().beg_pos);
 
     SourceRange body_range;
     {
@@ -6944,7 +7012,6 @@ void ParserBase<Impl>::CheckClassFieldName(IdentifierT name, bool is_static) {
 
 #undef RETURN_IF_PARSE_ERROR
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_PARSING_PARSER_BASE_H_
diff --git a/deps/v8/src/parsing/parser.cc b/deps/v8/src/parsing/parser.cc
index fb03e8e4516162..a7bdc72000c86d 100644
--- a/deps/v8/src/parsing/parser.cc
+++ b/deps/v8/src/parsing/parser.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <memory>
+#include <optional>
 
 #include "src/ast/ast-function-literal-id-reindexer.h"
 #include "src/ast/ast-traversal-visitor.h"
@@ -33,8 +34,7 @@
 #include "src/tracing/trace-event.h"
 #include "src/zone/zone-list-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 FunctionLiteral* Parser::DefaultConstructor(const AstRawString* name,
                                             bool call_super, int pos) {
@@ -80,10 +80,98 @@ FunctionLiteral* Parser::DefaultConstructor(const AstRawString* name,
       name, function_scope, body, expected_property_count, parameter_count,
       parameter_count, FunctionLiteral::kNoDuplicateParameters,
       FunctionSyntaxKind::kAnonymousExpression, default_eager_compile_hint(),
-      pos, true, GetNextFunctionLiteralId());
+      pos, true, GetNextInfoId());
   return function_literal;
 }
 
+FunctionLiteral* Parser::MakeAutoAccessorGetter(VariableProxy* name_proxy,
+                                                const AstRawString* name,
+                                                bool is_static, int pos) {
+  ScopedPtrList<Statement> body(pointer_buffer());
+  DeclarationScope* function_scope =
+      NewFunctionScope(is_static ? FunctionKind::kGetterFunction
+                                 : FunctionKind::kStaticGetterFunction);
+  SetLanguageMode(function_scope, LanguageMode::kStrict);
+  function_scope->set_start_position(pos);
+  function_scope->set_end_position(pos);
+  {
+    FunctionState function_state(&function_state_, &scope_, function_scope);
+    body.Add(factory()->NewAutoAccessorGetterBody(name_proxy, pos));
+  }
+  // TODO(42202709): Enable lazy compilation by adding custom handling in
+  //                 `Parser::DoParseFunction`.
+  FunctionLiteral* getter = factory()->NewFunctionLiteral(
+      nullptr, function_scope, body, 0, 0, 0,
+      FunctionLiteral::kNoDuplicateParameters,
+      FunctionSyntaxKind::kAccessorOrMethod,
+      FunctionLiteral::kShouldEagerCompile, pos, true, GetNextInfoId());
+  const AstRawString* prefix =
+      name ? ast_value_factory()->get_space_string() : nullptr;
+  SetFunctionName(getter, name, prefix);
+  return getter;
+}
+
+FunctionLiteral* Parser::MakeAutoAccessorSetter(VariableProxy* name_proxy,
+                                                const AstRawString* name,
+                                                bool is_static, int pos) {
+  ScopedPtrList<Statement> body(pointer_buffer());
+  DeclarationScope* function_scope =
+      NewFunctionScope(is_static ? FunctionKind::kSetterFunction
+                                 : FunctionKind::kStaticSetterFunction);
+  SetLanguageMode(function_scope, LanguageMode::kStrict);
+  function_scope->set_start_position(pos);
+  function_scope->set_end_position(pos);
+  function_scope->DeclareParameter(ast_value_factory()->empty_string(),
+                                   VariableMode::kTemporary, false, false,
+                                   ast_value_factory(), kNoSourcePosition);
+  {
+    FunctionState function_state(&function_state_, &scope_, function_scope);
+    body.Add(factory()->NewAutoAccessorSetterBody(name_proxy, pos));
+  }
+  // TODO(42202709): Enable lazy compilation by adding custom handling in
+  //                 `Parser::DoParseFunction`.
+  FunctionLiteral* setter = factory()->NewFunctionLiteral(
+      nullptr, function_scope, body, 0, 1, 0,
+      FunctionLiteral::kNoDuplicateParameters,
+      FunctionSyntaxKind::kAccessorOrMethod,
+      FunctionLiteral::kShouldEagerCompile, pos, true, GetNextInfoId());
+  const AstRawString* prefix =
+      name ? ast_value_factory()->set_space_string() : nullptr;
+  SetFunctionName(setter, name, prefix);
+  return setter;
+}
+
+AutoAccessorInfo* Parser::NewAutoAccessorInfo(ClassScope* scope,
+                                              ClassInfo* class_info,
+                                              const AstRawString* name,
+                                              bool is_static, int pos) {
+  VariableProxy* accessor_storage_name_proxy =
+      CreateSyntheticContextVariableProxy(
+          scope, class_info,
+          AutoAccessorVariableName(ast_value_factory(),
+                                   class_info->autoaccessor_count++),
+          is_static);
+  // The property value position will match the beginning of the "accessor"
+  // keyword, which can be the same as the start of the parent class scope, use
+  // the position of the next two characters to distinguish them.
+  FunctionLiteral* getter = MakeAutoAccessorGetter(accessor_storage_name_proxy,
+                                                   name, is_static, pos + 1);
+  FunctionLiteral* setter = MakeAutoAccessorSetter(accessor_storage_name_proxy,
+                                                   name, is_static, pos + 2);
+  return factory()->NewAutoAccessorInfo(getter, setter,
+                                        accessor_storage_name_proxy);
+}
+
+ClassLiteralProperty* Parser::NewClassLiteralPropertyWithAccessorInfo(
+    ClassScope* scope, ClassInfo* class_info, const AstRawString* name,
+    Expression* key, Expression* value, bool is_static, bool is_computed_name,
+    bool is_private, int pos) {
+  AutoAccessorInfo* accessor_info =
+      NewAutoAccessorInfo(scope, class_info, name, is_static, pos);
+  return factory()->NewClassLiteralProperty(
+      key, value, accessor_info, is_static, is_computed_name, is_private);
+}
+
 void Parser::ReportUnexpectedTokenAt(Scanner::Location location,
                                      Token::Value token,
                                      MessageTemplate message) {
@@ -151,9 +239,9 @@ void Parser::ReportUnexpectedTokenAt(Scanner::Location location,
 // ----------------------------------------------------------------------------
 // Implementation of Parser
 
-bool Parser::ShortcutNumericLiteralBinaryExpression(Expression** x,
-                                                    Expression* y,
-                                                    Token::Value op, int pos) {
+bool Parser::ShortcutLiteralBinaryExpression(Expression** x, Expression* y,
+                                             Token::Value op, int pos) {
+  // Constant fold numeric operations.
   if ((*x)->IsNumberLiteral() && y->IsNumberLiteral()) {
     double x_val = (*x)->AsLiteral()->AsNumber();
     double y_val = y->AsLiteral()->AsNumber();
@@ -213,6 +301,60 @@ bool Parser::ShortcutNumericLiteralBinaryExpression(Expression** x,
         break;
     }
   }
+
+  // Constant fold string concatenation.
+  if (op == Token::kAdd) {
+    // Only consider string concatenation of two strings.
+    // TODO(leszeks): We could also eagerly convert other literals to string if
+    // one side of the addition is a string.
+    if ((*x)->IsStringLiteral() && y->IsStringLiteral()) {
+      const AstRawString* x_val = (*x)->AsLiteral()->AsRawString();
+      const AstRawString* y_val = y->AsLiteral()->AsRawString();
+
+      int new_length = x_val->length() + y_val->length();
+      // Copy the strings into a new AstRawString.
+      // TODO(leszeks): We could avoid the string copy here by using an
+      // AstConsString, but then we'd need to make StringLiteral be able to hold
+      // different kinds of AstString, and we'd need to figure out if we want to
+      // later internalize the concatenated string (right now AstRawStrings are
+      // internalized but AstConsString is not).
+      const AstRawString* new_val;
+      if (x_val->is_one_byte() && y_val->is_one_byte()) {
+        // TODO(leszeks): The data will be copied again by the AstValueFactory.
+        // We could avoid the multiple copies by using a stack vector here, or
+        // by making GetOneByteString do the string concatenation as part of its
+        // string table lookup.
+        base::Vector<uint8_t> new_data =
+            zone()->AllocateVector<uint8_t>(new_length);
+        CopyChars(new_data.data(), x_val->raw_data(), x_val->length());
+        CopyChars(new_data.data() + x_val->length(), y_val->raw_data(),
+                  y_val->length());
+        new_val = ast_value_factory()->GetOneByteString(new_data);
+      } else {
+        base::Vector<uint16_t> new_data =
+            zone()->AllocateVector<uint16_t>(new_length);
+        if (x_val->is_one_byte()) {
+          CopyChars(new_data.data(), x_val->raw_data(), x_val->length());
+        } else {
+          CopyChars(new_data.data(),
+                    reinterpret_cast<const uint16_t*>(x_val->raw_data()),
+                    x_val->length());
+        }
+        if (y_val->is_one_byte()) {
+          CopyChars(new_data.data() + x_val->length(), y_val->raw_data(),
+                    y_val->length());
+        } else {
+          CopyChars(new_data.data() + x_val->length(),
+                    reinterpret_cast<const uint16_t*>(y_val->raw_data()),
+                    y_val->length());
+        }
+        new_val = ast_value_factory()->GetTwoByteString(new_data);
+      }
+
+      *x = factory()->NewStringLiteral(new_val, (*x)->position());
+      return true;
+    }
+  }
   return false;
 }
 
@@ -353,6 +495,12 @@ Expression* Parser::NewTargetExpression(int pos) {
 
 Expression* Parser::ImportMetaExpression(int pos) {
   ScopedPtrList<Expression> args(pointer_buffer());
+  if (!has_module_in_scope_chain()) {
+    DCHECK(IsParsingWhileDebugging());
+    // When debugging, we permit import.meta invocations -- however, they will
+    // never produce a non-undefined result outside of a module.
+    return factory()->NewUndefinedLiteral(pos);
+  }
   return factory()->NewCallRuntime(Runtime::kInlineGetImportMetaObject, args,
                                    pos);
 }
@@ -514,13 +662,16 @@ void Parser::DeserializeScopeChain(
     DCHECK_EQ(ThreadId::Current(), isolate->thread_id());
     original_scope_ = Scope::DeserializeScopeChain(
         isolate, zone(), *outer_scope_info, info->script_scope(),
-        ast_value_factory(), mode);
+        ast_value_factory(), mode, info);
     if (flags().is_eval() || IsArrowFunction(flags().function_kind()) ||
         flags().function_kind() ==
             FunctionKind::kClassStaticInitializerFunction) {
       original_scope_->GetReceiverScope()->DeserializeReceiver(
           ast_value_factory());
     }
+    if (info->has_module_in_scope_chain()) {
+      set_has_module_in_scope_chain();
+    }
   }
 }
 
@@ -601,7 +752,7 @@ FunctionLiteral* Parser::DoParseProgram(Isolate* isolate, ParseInfo* info) {
   DCHECK_NULL(scope_);
 
   ParsingModeScope mode(this, allow_lazy_ ? PARSE_LAZILY : PARSE_EAGERLY);
-  ResetFunctionLiteralId();
+  ResetInfoId();
 
   FunctionLiteral* result = nullptr;
   {
@@ -628,27 +779,12 @@ FunctionLiteral* Parser::DoParseProgram(Isolate* isolate, ParseInfo* info) {
           kNoSourcePosition, FunctionKind::kGeneratorFunction);
       body.Add(
           factory()->NewExpressionStatement(initial_yield, kNoSourcePosition));
-      // First parse statements into a buffer. Then, if there was a
-      // top level await, create an inner block and rewrite the body of the
-      // module as an async function. Otherwise merge the statements back
-      // into the main body.
-      BlockT block = impl()->NullBlock();
-      {
-        StatementListT statements(pointer_buffer());
-        ParseModuleItemList(&statements);
-        // Modules will always have an initial yield. If there are any
-        // additional suspends, they are awaits, and we treat the module as a
-        // ModuleWithTopLevelAwait.
-        if (function_state.suspend_count() > 1) {
-          scope->set_module_has_toplevel_await();
-          block = factory()->NewBlock(true, statements);
-        } else {
-          statements.MergeInto(&body);
-        }
-      }
-      if (IsModuleWithTopLevelAwait(scope->function_kind())) {
-        impl()->RewriteAsyncFunctionBody(
-            &body, block, factory()->NewUndefinedLiteral(kNoSourcePosition));
+      ParseModuleItemList(&body);
+      // Modules will always have an initial yield. If there are any
+      // additional suspends, they are awaits, and we treat the module as a
+      // ModuleWithTopLevelAwait.
+      if (function_state.suspend_count() > 1) {
+        scope->set_module_has_toplevel_await();
       }
       if (!has_error() &&
           !module()->Validate(this->scope()->AsModuleScope(),
@@ -706,7 +842,7 @@ FunctionLiteral* Parser::DoParseProgram(Isolate* isolate, ParseInfo* info) {
     result->set_suspend_count(function_state.suspend_count());
   }
 
-  info->set_max_function_literal_id(GetLastFunctionLiteralId());
+  info->set_max_info_id(GetLastInfoId());
 
   if (has_error()) return nullptr;
 
@@ -814,15 +950,17 @@ void Parser::ParseREPLProgram(ParseInfo* info, ScopedPtrList<Statement>* body,
 
   if (has_error()) return;
 
-  base::Optional<VariableProxy*> maybe_result =
+  std::optional<VariableProxy*> maybe_result =
       Rewriter::RewriteBody(info, scope, block->statements());
   Expression* result_value =
       (maybe_result && *maybe_result)
           ? static_cast<Expression*>(*maybe_result)
           : factory()->NewUndefinedLiteral(kNoSourcePosition);
-
-  impl()->RewriteAsyncFunctionBody(body, block, WrapREPLResult(result_value),
-                                   REPLMode::kYes);
+  Expression* wrapped_result_value = WrapREPLResult(result_value);
+  block->statements()->Add(factory()->NewAsyncReturnStatement(
+                               wrapped_result_value, kNoSourcePosition),
+                           zone());
+  body->Add(block);
 }
 
 Expression* Parser::WrapREPLResult(Expression* value) {
@@ -896,7 +1034,7 @@ void Parser::ParseFunction(Isolate* isolate, ParseInfo* info,
     result = ParseClassForMemberInitialization(
         function_kind, start_position, function_literal_id, end_position,
         info->function_name());
-
+    info->set_max_info_id(GetLastInfoId());
   } else if (V8_UNLIKELY(shared_info->private_name_lookup_skips_outer_class() &&
                          original_scope_->is_class_scope())) {
     // If the function skips the outer class and the outer scope is a class, the
@@ -937,9 +1075,9 @@ FunctionLiteral* Parser::DoParseFunction(Isolate* isolate, ParseInfo* info,
   DCHECK(ast_value_factory());
   fni_.PushEnclosingName(raw_name);
 
-  ResetFunctionLiteralId();
+  ResetInfoId();
   DCHECK_LT(0, function_literal_id);
-  SkipFunctionLiterals(function_literal_id - 1);
+  SkipInfos(function_literal_id - 1);
 
   ParsingModeScope parsing_mode(this, PARSE_EAGERLY);
 
@@ -973,7 +1111,7 @@ FunctionLiteral* Parser::DoParseFunction(Isolate* isolate, ParseInfo* info,
         }
       }
 
-      CHECK_EQ(function_literal_id, GetNextFunctionLiteralId());
+      CHECK_EQ(function_literal_id, GetNextInfoId());
 
       // TODO(adamk): We should construct this scope from the ScopeInfo.
       DeclarationScope* scope = NewFunctionScope(kind);
@@ -1046,6 +1184,8 @@ FunctionLiteral* Parser::DoParseFunction(Isolate* isolate, ParseInfo* info,
         flags().has_static_private_methods_or_accessors());
   }
 
+  info->set_max_info_id(GetLastInfoId());
+
   DCHECK_IMPLIES(result, function_literal_id == result->function_literal_id());
   return result;
 }
@@ -1064,8 +1204,8 @@ FunctionLiteral* Parser::ParseClassForMemberInitialization(
   FunctionState function_state(&function_state_, &scope_, nearest_decl_scope);
 
   // We will reindex the function literals later.
-  ResetFunctionLiteralId();
-  SkipFunctionLiterals(initializer_id - 1);
+  ResetInfoId();
+  SkipInfos(initializer_id - 1);
 
   // We preparse the class members that are not fields with initializers
   // in order to collect the function literal ids.
@@ -2046,8 +2186,8 @@ Statement* Parser::RewriteTryStatement(Block* try_block, Block* catch_block,
   }
 }
 
-void Parser::ParseAndRewriteGeneratorFunctionBody(
-    int pos, FunctionKind kind, ScopedPtrList<Statement>* body) {
+void Parser::ParseGeneratorFunctionBody(int pos, FunctionKind kind,
+                                        ScopedPtrList<Statement>* body) {
   // For ES6 Generators, we just prepend the initial yield.
   Expression* initial_yield = BuildInitialYield(pos, kind);
   body->Add(
@@ -2730,7 +2870,7 @@ FunctionLiteral* Parser::ParseFunctionLiteral(
   int num_parameters = -1;
   int function_length = -1;
   bool has_duplicate_parameters = false;
-  int function_literal_id = GetNextFunctionLiteralId();
+  int function_literal_id = GetNextInfoId();
   ProducedPreparseData* produced_preparse_data = nullptr;
 
   // Inner functions will be parsed using a temporary Zone. After parsing, we
@@ -2739,6 +2879,9 @@ FunctionLiteral* Parser::ParseFunctionLiteral(
   // This Scope lives in the main zone. We'll migrate data into that zone later.
   DeclarationScope* scope = NewFunctionScope(kind, parse_zone);
   SetLanguageMode(scope, language_mode);
+  if (is_wrapped) {
+    scope->set_is_wrapped_function();
+  }
 #ifdef DEBUG
   scope->SetScopeName(function_name);
 #endif
@@ -2844,7 +2987,7 @@ bool Parser::SkipFunction(const AstRawString* function_name, FunctionKind kind,
   if (consumed_preparse_data_) {
     int end_position;
     LanguageMode language_mode;
-    int num_inner_functions;
+    int num_inner_infos;
     bool uses_super_property;
     if (stack_overflow()) return true;
     {
@@ -2852,7 +2995,7 @@ bool Parser::SkipFunction(const AstRawString* function_name, FunctionKind kind,
       *produced_preparse_data =
           consumed_preparse_data_->GetDataForSkippableFunction(
               main_zone(), function_scope->start_position(), &end_position,
-              num_parameters, function_length, &num_inner_functions,
+              num_parameters, function_length, &num_inner_infos,
               &uses_super_property, &language_mode);
     }
 
@@ -2865,7 +3008,7 @@ bool Parser::SkipFunction(const AstRawString* function_name, FunctionKind kind,
     if (uses_super_property) {
       function_scope->RecordSuperPropertyUsage();
     }
-    SkipFunctionLiterals(num_inner_functions);
+    SkipInfos(num_inner_infos);
     function_scope->ResetAfterPreparsing(ast_value_factory_, false);
     return true;
   }
@@ -2922,7 +3065,7 @@ bool Parser::SkipFunction(const AstRawString* function_name, FunctionKind kind,
         function_scope->end_position() - function_scope->start_position();
     *num_parameters = logger->num_parameters();
     *function_length = logger->function_length();
-    SkipFunctionLiterals(logger->num_inner_functions());
+    SkipInfos(logger->num_inner_infos());
     if (!private_name_scope_iter.Done()) {
       private_name_scope_iter.GetScope()->MigrateUnresolvedPrivateNameTail(
           factory(), unresolved_private_tail);
@@ -2965,8 +3108,13 @@ Block* Parser::BuildParameterInitializationBlock(
   return factory()->NewBlock(true, init_statements);
 }
 
+// TODO(verwaest): Consider building these try/catches in the bytecode generator
+// without hidden scopes.
 Scope* Parser::NewHiddenCatchScope() {
+  DCHECK(scope()->is_declaration_scope());
   Scope* catch_scope = NewScopeWithParent(scope(), CATCH_SCOPE);
+  catch_scope->set_start_position(position());
+  catch_scope->set_end_position(end_position());
   bool was_added;
   catch_scope->DeclareLocal(ast_value_factory()->dot_catch_string(),
                             VariableMode::kVar, NORMAL_VARIABLE, &was_added);
@@ -2975,46 +3123,6 @@ Scope* Parser::NewHiddenCatchScope() {
   return catch_scope;
 }
 
-Block* Parser::BuildRejectPromiseOnException(Block* inner_block,
-                                             REPLMode repl_mode) {
-  // try {
-  //   <inner_block>
-  // } catch (.catch) {
-  //   return %_AsyncFunctionReject(.generator_object, .catch, can_suspend);
-  // }
-  Block* result = factory()->NewBlock(1, true);
-
-  // catch (.catch) {
-  //   return %_AsyncFunctionReject(.generator_object, .catch, can_suspend)
-  // }
-  Scope* catch_scope = NewHiddenCatchScope();
-
-  Expression* reject_promise;
-  {
-    ScopedPtrList<Expression> args(pointer_buffer());
-    args.Add(factory()->NewVariableProxy(
-        function_state_->scope()->generator_object_var()));
-    args.Add(factory()->NewVariableProxy(catch_scope->catch_variable()));
-    reject_promise = factory()->NewCallRuntime(
-        Runtime::kInlineAsyncFunctionReject, args, kNoSourcePosition);
-  }
-  Block* catch_block = IgnoreCompletion(factory()->NewReturnStatement(
-      reject_promise, kNoSourcePosition, kNoSourcePosition));
-
-  // Treat the exception for REPL mode scripts as UNCAUGHT. This will
-  // keep the corresponding JSMessageObject alive on the Isolate. The
-  // message object is used by the inspector to provide better error
-  // messages for REPL inputs that throw.
-  TryStatement* try_catch_statement =
-      repl_mode == REPLMode::kYes
-          ? factory()->NewTryCatchStatementForReplAsyncAwait(
-                inner_block, catch_scope, catch_block, kNoSourcePosition)
-          : factory()->NewTryCatchStatementForAsyncAwait(
-                inner_block, catch_scope, catch_block, kNoSourcePosition);
-  result->statements()->Add(try_catch_statement, zone());
-  return result;
-}
-
 Expression* Parser::BuildInitialYield(int pos, FunctionKind kind) {
   Expression* yield_result = factory()->NewVariableProxy(
       function_state_->scope()->generator_object_var());
@@ -3086,7 +3194,7 @@ void Parser::ParseFunction(
         }
       }
       Expect(Token::kRightParen);
-      int formals_end_position = scanner()->location().end_pos;
+      int formals_end_position = end_position();
 
       CheckArityRestrictions(formals.arity, kind, formals.has_rest,
                              function_scope->start_position(),
@@ -3125,8 +3233,16 @@ void Parser::DeclareClassVariable(ClassScope* scope, const AstRawString* name,
   declaration->set_var(class_variable);
 }
 
-VariableProxy* Parser::CreateSyntheticContextVariable(
-    const AstRawString* name) {
+VariableProxy* Parser::CreateSyntheticContextVariableProxy(
+    ClassScope* scope, ClassInfo* class_info, const AstRawString* name,
+    bool is_static) {
+  if (scope->is_reparsed()) {
+    DeclarationScope* declaration_scope =
+        is_static ? class_info->static_elements_scope
+                  : class_info->instance_members_scope;
+    return declaration_scope->NewUnresolved(factory()->ast_node_factory(), name,
+                                            position());
+  }
   VariableProxy* proxy =
       DeclareBoundVariable(name, VariableMode::kConst, kNoSourcePosition);
   proxy->var()->ForceContextAllocation();
@@ -3167,15 +3283,8 @@ void Parser::DeclarePublicClassField(ClassScope* scope,
     // analysis doesn't dedupe the vars.
     const AstRawString* name = ClassFieldVariableName(
         ast_value_factory(), class_info->computed_field_count);
-    VariableProxy* proxy;
-    if (scope->is_reparsed()) {
-      DeclarationScope* scope = is_static ? class_info->static_elements_scope
-                                          : class_info->instance_members_scope;
-      proxy =
-          scope->NewUnresolved(factory()->ast_node_factory(), name, position());
-    } else {
-      proxy = CreateSyntheticContextVariable(name);
-    }
+    VariableProxy* proxy =
+        CreateSyntheticContextVariableProxy(scope, class_info, name, is_static);
     property->set_computed_name_proxy(proxy);
     class_info->public_members->Add(property, zone());
   }
@@ -3186,7 +3295,8 @@ void Parser::DeclarePrivateClassMember(ClassScope* scope,
                                        ClassLiteralProperty* property,
                                        ClassLiteralProperty::Kind kind,
                                        bool is_static, ClassInfo* class_info) {
-  if (kind == ClassLiteralProperty::Kind::FIELD) {
+  if (kind == ClassLiteralProperty::Kind::FIELD ||
+      kind == ClassLiteralProperty::Kind::AUTO_ACCESSOR) {
     if (is_static) {
       class_info->static_elements->Add(
           factory()->NewClassLiteralStaticElement(property), zone());
@@ -3212,7 +3322,7 @@ void Parser::DeclarePrivateClassMember(ClassScope* scope,
     }
     proxy->var()->set_initializer_position(pos);
   }
-  property->set_private_name_proxy(proxy);
+  property->SetPrivateNameProxy(proxy);
 }
 
 // This method declares a property of the given class.  It updates the
@@ -3468,7 +3578,7 @@ void Parser::UpdateStatistics(
 }
 
 void Parser::ParseOnBackground(LocalIsolate* isolate, ParseInfo* info,
-                               Handle<Script> script, int start_position,
+                               DirectHandle<Script> script, int start_position,
                                int end_position, int function_literal_id) {
   RCS_SCOPE(isolate, RuntimeCallCounterId::kParseProgram,
             RuntimeCallStats::CounterMode::kThreadSpecific);
@@ -3498,7 +3608,7 @@ void Parser::ParseOnBackground(LocalIsolate* isolate, ParseInfo* info,
       DCHECK_EQ(function_literal_id, kFunctionLiteralIdTopLevel);
       result = DoParseProgram(/* isolate = */ nullptr, info);
     } else {
-      base::Optional<ClassScope::HeritageParsingScope> heritage;
+      std::optional<ClassScope::HeritageParsingScope> heritage;
       if (V8_UNLIKELY(flags().private_name_lookup_skips_outer_class() &&
                       original_scope_->is_class_scope())) {
         // If the function skips the outer class and the outer scope is a class,
@@ -3609,25 +3719,6 @@ Expression* Parser::ExpressionListToExpression(
   return result;
 }
 
-// This method completes the desugaring of the body of async_function.
-void Parser::RewriteAsyncFunctionBody(ScopedPtrList<Statement>* body,
-                                      Block* block, Expression* return_value,
-                                      REPLMode repl_mode) {
-  // function async_function() {
-  //   .generator_object = %_AsyncFunctionEnter();
-  //   BuildRejectPromiseOnException({
-  //     ... block ...
-  //     return %_AsyncFunctionResolve(.generator_object, expr);
-  //   })
-  // }
-
-  block->statements()->Add(factory()->NewSyntheticAsyncReturnStatement(
-                               return_value, return_value->position()),
-                           zone());
-  block = BuildRejectPromiseOnException(block, repl_mode);
-  body->Add(block);
-}
-
 void Parser::SetFunctionNameFromPropertyName(LiteralProperty* property,
                                              const AstRawString* name,
                                              const AstRawString* prefix) {
@@ -3700,5 +3791,4 @@ void Parser::SetFunctionName(Expression* value, const AstRawString* name,
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/parsing/parser.h b/deps/v8/src/parsing/parser.h
index 95aacfb851e69c..04239abdf03cc9 100644
--- a/deps/v8/src/parsing/parser.h
+++ b/deps/v8/src/parsing/parser.h
@@ -141,7 +141,7 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
 
   // Sets the literal on |info| if parsing succeeded.
   void ParseOnBackground(LocalIsolate* isolate, ParseInfo* info,
-                         Handle<Script> script, int start_position,
+                         DirectHandle<Script> script, int start_position,
                          int end_position, int function_literal_id);
 
   // Initializes an empty scope chain for top-level scripts, or scopes which
@@ -179,8 +179,9 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
   friend class i::ParameterDeclarationParsingScope<ParserTypes<Parser>>;
   friend class i::ArrowHeadParsingScope<ParserTypes<Parser>>;
   friend bool v8::internal::parsing::ParseProgram(
-      ParseInfo*, Handle<Script>, MaybeHandle<ScopeInfo> maybe_outer_scope_info,
-      Isolate*, parsing::ReportStatisticsMode stats_mode);
+      ParseInfo*, DirectHandle<Script>,
+      MaybeHandle<ScopeInfo> maybe_outer_scope_info, Isolate*,
+      parsing::ReportStatisticsMode stats_mode);
   friend bool v8::internal::parsing::ParseFunction(
       ParseInfo*, Handle<SharedFunctionInfo> shared_info, Isolate*,
       parsing::ReportStatisticsMode stats_mode);
@@ -311,8 +312,8 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
                                  Block* finally_block,
                                  const SourceRange& finally_range,
                                  const CatchInfo& catch_info, int pos);
-  void ParseAndRewriteGeneratorFunctionBody(int pos, FunctionKind kind,
-                                            ScopedPtrList<Statement>* body);
+  void ParseGeneratorFunctionBody(int pos, FunctionKind kind,
+                                  ScopedPtrList<Statement>* body);
   void ParseAndRewriteAsyncGeneratorFunctionBody(
       int pos, FunctionKind kind, ScopedPtrList<Statement>* body);
   void DeclareFunctionNameVar(const AstRawString* function_name,
@@ -323,8 +324,10 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
                              FunctionLiteral* function, VariableMode mode,
                              VariableKind kind, int beg_pos, int end_pos,
                              ZonePtrList<const AstRawString>* names);
-  VariableProxy* CreateSyntheticContextVariable(
-      const AstRawString* synthetic_name);
+  VariableProxy* CreateSyntheticContextVariableProxy(ClassScope* scope,
+                                                     ClassInfo* class_info,
+                                                     const AstRawString* name,
+                                                     bool is_static);
   VariableProxy* CreatePrivateNameVariable(ClassScope* scope, VariableMode mode,
                                            IsStaticFlag is_static_flag,
                                            const AstRawString* name);
@@ -435,6 +438,23 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
   FunctionLiteral* DefaultConstructor(const AstRawString* name, bool call_super,
                                       int pos);
 
+  FunctionLiteral* MakeAutoAccessorGetter(VariableProxy* name_proxy,
+                                          const AstRawString* name,
+                                          bool is_static, int pos);
+
+  FunctionLiteral* MakeAutoAccessorSetter(VariableProxy* name_proxy,
+                                          const AstRawString* name,
+                                          bool is_static, int pos);
+
+  AutoAccessorInfo* NewAutoAccessorInfo(ClassScope* scope,
+                                        ClassInfo* class_info,
+                                        const AstRawString* name,
+                                        bool is_static, int pos);
+  ClassLiteralProperty* NewClassLiteralPropertyWithAccessorInfo(
+      ClassScope* scope, ClassInfo* class_info, const AstRawString* name,
+      Expression* key, Expression* value, bool is_static, bool is_computed_name,
+      bool is_private, int pos);
+
   // Skip over a lazy function, either using cached data if we have it, or
   // by parsing the function with PreParser. Consumes the ending }.
   // In case the preparser detects an error it cannot identify, it resets the
@@ -452,8 +472,6 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
 
   Block* BuildParameterInitializationBlock(
       const ParserFormalParameters& parameters);
-  Block* BuildRejectPromiseOnException(Block* block,
-                                       REPLMode repl_mode = REPLMode::kNo);
 
   void ParseFunction(
       ScopedPtrList<Statement>* body, const AstRawString* function_name,
@@ -526,10 +544,6 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
                             MessageTemplate message, const AstRawString* arg,
                             int pos);
 
-  void RewriteAsyncFunctionBody(ScopedPtrList<Statement>* body, Block* block,
-                                Expression* return_value,
-                                REPLMode repl_mode = REPLMode::kNo);
-
   void AddArrowFunctionFormalParameters(ParserFormalParameters* parameters,
                                         Expression* params, int end_pos);
   void SetFunctionName(Expression* value, const AstRawString* name,
@@ -668,11 +682,10 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
     }
   }
 
-  // Returns true if we have a binary expression between two numeric
-  // literals. In that case, *x will be changed to an expression which is the
-  // computed value.
-  bool ShortcutNumericLiteralBinaryExpression(Expression** x, Expression* y,
-                                              Token::Value op, int pos);
+  // Returns true if we have a binary expression between two literals. In that
+  // case, *x will be changed to an expression which is the computed value.
+  bool ShortcutLiteralBinaryExpression(Expression** x, Expression* y,
+                                       Token::Value op, int pos);
 
   bool CollapseConditionalChain(Expression** x, Expression* cond,
                                 Expression* then_expression,
@@ -827,13 +840,6 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
     return scope->DeclareCatchVariableName(name);
   }
 
-  V8_INLINE ZonePtrList<Expression>* NewExpressionList(int size) const {
-    return zone()->New<ZonePtrList<Expression>>(size, zone());
-  }
-  V8_INLINE ZonePtrList<ObjectLiteral::Property>* NewObjectPropertyList(
-      int size) const {
-    return zone()->New<ZonePtrList<ObjectLiteral::Property>>(size, zone());
-  }
   V8_INLINE ZonePtrList<ClassLiteral::Property>* NewClassPropertyList(
       int size) const {
     return zone()->New<ZonePtrList<ClassLiteral::Property>>(size, zone());
@@ -842,9 +848,6 @@ class V8_EXPORT_PRIVATE Parser : public NON_EXPORTED_BASE(ParserBase<Parser>) {
       int size) const {
     return zone()->New<ZonePtrList<ClassLiteral::StaticElement>>(size, zone());
   }
-  V8_INLINE ZonePtrList<Statement>* NewStatementList(int size) const {
-    return zone()->New<ZonePtrList<Statement>>(size, zone());
-  }
 
   Expression* NewV8Intrinsic(const AstRawString* name,
                              const ScopedPtrList<Expression>& args, int pos);
diff --git a/deps/v8/src/parsing/parsing.cc b/deps/v8/src/parsing/parsing.cc
index ec93ce82d08182..f76886ca5f4c4f 100644
--- a/deps/v8/src/parsing/parsing.cc
+++ b/deps/v8/src/parsing/parsing.cc
@@ -36,7 +36,7 @@ void MaybeReportStatistics(ParseInfo* info, DirectHandle<Script> script,
 
 }  // namespace
 
-bool ParseProgram(ParseInfo* info, Handle<Script> script,
+bool ParseProgram(ParseInfo* info, DirectHandle<Script> script,
                   MaybeHandle<ScopeInfo> maybe_outer_scope_info,
                   Isolate* isolate, ReportStatisticsMode mode) {
   DCHECK(info->flags().is_toplevel());
@@ -59,8 +59,8 @@ bool ParseProgram(ParseInfo* info, Handle<Script> script,
   return info->literal() != nullptr;
 }
 
-bool ParseProgram(ParseInfo* info, Handle<Script> script, Isolate* isolate,
-                  ReportStatisticsMode mode) {
+bool ParseProgram(ParseInfo* info, DirectHandle<Script> script,
+                  Isolate* isolate, ReportStatisticsMode mode) {
   return ParseProgram(info, script, kNullMaybeHandle, isolate, mode);
 }
 
@@ -73,11 +73,16 @@ bool ParseFunction(ParseInfo* info, Handle<SharedFunctionInfo> shared_info,
   VMState<PARSER> state(isolate);
 
   // Create a character stream for the parser.
-  Handle<Script> script(Cast<Script>(shared_info->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(shared_info->script()), isolate);
   Handle<String> source(Cast<String>(script->source()), isolate);
+  int start_pos = shared_info->StartPosition();
+  int end_pos = shared_info->EndPosition();
+  if (end_pos > source->length()) {
+    isolate->PushStackTraceAndDie(reinterpret_cast<void*>(script->ptr()),
+                                  reinterpret_cast<void*>(source->ptr()));
+  }
   std::unique_ptr<Utf16CharacterStream> stream(
-      ScannerStream::For(isolate, source, shared_info->StartPosition(),
-                         shared_info->EndPosition()));
+      ScannerStream::For(isolate, source, start_pos, end_pos));
   info->set_character_stream(std::move(stream));
 
   Parser parser(isolate->main_thread_local_isolate(), info);
diff --git a/deps/v8/src/parsing/parsing.h b/deps/v8/src/parsing/parsing.h
index f105b630d4ff5d..2bfb6547168016 100644
--- a/deps/v8/src/parsing/parsing.h
+++ b/deps/v8/src/parsing/parsing.h
@@ -20,7 +20,8 @@ enum class ReportStatisticsMode { kYes, kNo };
 // Parses the top-level source code represented by the parse info and sets its
 // function literal. Returns false (and deallocates any allocated AST nodes) if
 // parsing failed.
-V8_EXPORT_PRIVATE bool ParseProgram(ParseInfo* info, Handle<Script> script,
+V8_EXPORT_PRIVATE bool ParseProgram(ParseInfo* info,
+                                    DirectHandle<Script> script,
                                     Isolate* isolate,
                                     ReportStatisticsMode mode);
 
@@ -28,7 +29,8 @@ V8_EXPORT_PRIVATE bool ParseProgram(ParseInfo* info, Handle<Script> script,
 // function literal. Allows passing an |outer_scope| for programs that exist in
 // another scope (e.g. eval). Returns false (and deallocates any allocated AST
 // nodes) if parsing failed.
-V8_EXPORT_PRIVATE bool ParseProgram(ParseInfo* info, Handle<Script> script,
+V8_EXPORT_PRIVATE bool ParseProgram(ParseInfo* info,
+                                    DirectHandle<Script> script,
                                     MaybeHandle<ScopeInfo> outer_scope,
                                     Isolate* isolate,
                                     ReportStatisticsMode mode);
diff --git a/deps/v8/src/parsing/preparser-logger.h b/deps/v8/src/parsing/preparser-logger.h
index daa89a9ed82f47..b3bc56f5b33389 100644
--- a/deps/v8/src/parsing/preparser-logger.h
+++ b/deps/v8/src/parsing/preparser-logger.h
@@ -14,27 +14,27 @@ class PreParserLogger final {
       : end_(-1),
         num_parameters_(-1),
         function_length_(-1),
-        num_inner_functions_(-1) {}
+        num_inner_infos_(-1) {}
 
   void LogFunction(int end, int num_parameters, int function_length,
-                   int num_inner_functions) {
+                   int num_inner_infos) {
     end_ = end;
     num_parameters_ = num_parameters;
     function_length_ = function_length;
-    num_inner_functions_ = num_inner_functions;
+    num_inner_infos_ = num_inner_infos;
   }
 
   int end() const { return end_; }
   int num_parameters() const { return num_parameters_; }
   int function_length() const { return function_length_; }
-  int num_inner_functions() const { return num_inner_functions_; }
+  int num_inner_infos() const { return num_inner_infos_; }
 
  private:
   int end_;
   // For function entries.
   int num_parameters_;
   int function_length_;
-  int num_inner_functions_;
+  int num_inner_infos_;
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/parsing/preparser.cc b/deps/v8/src/parsing/preparser.cc
index 8e1e1e6595b8ed..4955045227c425 100644
--- a/deps/v8/src/parsing/preparser.cc
+++ b/deps/v8/src/parsing/preparser.cc
@@ -113,7 +113,7 @@ PreParser::PreParseResult PreParser::PreParseFunction(
   // In the preparser, we use the function literal ids to count how many
   // FunctionLiterals were encountered. The PreParser doesn't actually persist
   // FunctionLiterals, so there IDs don't matter.
-  ResetFunctionLiteralId();
+  ResetInfoId();
 
   // The caller passes the function_scope which is not yet inserted into the
   // scope stack. All scopes above the function_scope are ignored by the
@@ -277,7 +277,7 @@ PreParser::Expression PreParser::ParseFunctionLiteral(
 
   DeclarationScope* function_scope = NewFunctionScope(kind);
   function_scope->SetLanguageMode(language_mode);
-  int func_id = GetNextFunctionLiteralId();
+  int func_id = GetNextInfoId();
   bool skippable_function = false;
 
   // Start collecting data for a new function which might contain skippable
@@ -330,8 +330,7 @@ PreParser::Expression PreParser::ParseFunctionLiteral(
     }
     if (skippable_function) {
       preparse_data_builder_scope.SetSkippableFunction(
-          function_scope, formals.function_length,
-          GetLastFunctionLiteralId() - func_id);
+          function_scope, formals.function_length, GetLastInfoId() - func_id);
     }
   }
 
@@ -367,7 +366,7 @@ void PreParser::ParseStatementListAndLogFunction(
   int body_end = scanner()->peek_location().end_pos;
   DCHECK_EQ(this->scope()->is_function_scope(), formals->is_simple);
   log_.LogFunction(body_end, formals->num_parameters(),
-                   formals->function_length, GetLastFunctionLiteralId());
+                   formals->function_length, GetLastInfoId());
 }
 
 PreParserBlock PreParser::BuildParameterInitializationBlock(
diff --git a/deps/v8/src/parsing/preparser.h b/deps/v8/src/parsing/preparser.h
index dbb338aee749f6..a086d268df25db 100644
--- a/deps/v8/src/parsing/preparser.h
+++ b/deps/v8/src/parsing/preparser.h
@@ -581,10 +581,9 @@ class PreParserFactory {
   }
   PreParserExpression NewCall(PreParserExpression expression,
                               const PreParserExpressionList& arguments, int pos,
-                              bool has_spread,
-                              Call::PossiblyEval possibly_eval = Call::NOT_EVAL,
+                              bool has_spread, int eval_scope_info_index = 0,
                               bool optional_chain = false) {
-    if (possibly_eval == Call::IS_POSSIBLY_EVAL) {
+    if (eval_scope_info_index > 0) {
       DCHECK(expression.IsIdentifier() && expression.AsIdentifier().IsEval());
       DCHECK(!optional_chain);
       return PreParserExpression::CallEval();
@@ -975,9 +974,6 @@ class PreParser : public ParserBase<PreParser> {
   V8_INLINE void SetAsmModule() {}
 
   V8_INLINE void PrepareGeneratorVariables() {}
-  V8_INLINE void RewriteAsyncFunctionBody(
-      const PreParserScopedStatementList* body, PreParserStatement block,
-      const PreParserExpression& return_value) {}
 
   V8_INLINE PreParserStatement
   RewriteSwitchStatement(PreParserStatement switch_statement, Scope* scope) {
@@ -1050,7 +1046,7 @@ class PreParser : public ParserBase<PreParser> {
       MessageTemplate message = MessageTemplate::kUnexpectedToken) {
     ReportUnidentifiableError();
   }
-  V8_INLINE void ParseAndRewriteGeneratorFunctionBody(
+  V8_INLINE void ParseGeneratorFunctionBody(
       int pos, FunctionKind kind, PreParserScopedStatementList* body) {
     ParseStatementList(body, Token::kRightBrace);
   }
@@ -1158,26 +1154,30 @@ class PreParser : public ParserBase<PreParser> {
     DCHECK(class_info->has_static_elements());
   }
 
+  V8_INLINE void AddSyntheticFunctionDeclaration(FunctionKind kind, int pos) {
+    // Creating and disposing of a FunctionState makes tracking of
+    // next_function_is_likely_called match what Parser does. TODO(marja):
+    // Make the lazy function + next_function_is_likely_called + default ctor
+    // logic less surprising. Default ctors shouldn't affect the laziness of
+    // functions.
+    DeclarationScope* function_scope = NewFunctionScope(kind);
+    SetLanguageMode(function_scope, LanguageMode::kStrict);
+    function_scope->set_start_position(pos);
+    function_scope->set_end_position(pos);
+    FunctionState function_state(&function_state_, &scope_, function_scope);
+    GetNextInfoId();
+  }
+
   V8_INLINE PreParserExpression
   RewriteClassLiteral(ClassScope* scope, const PreParserIdentifier& name,
                       ClassInfo* class_info, int pos) {
     bool has_default_constructor = !class_info->has_seen_constructor;
     // Account for the default constructor.
     if (has_default_constructor) {
-      // Creating and disposing of a FunctionState makes tracking of
-      // next_function_is_likely_called match what Parser does. TODO(marja):
-      // Make the lazy function + next_function_is_likely_called + default ctor
-      // logic less surprising. Default ctors shouldn't affect the laziness of
-      // functions.
       bool has_extends = class_info->extends.IsNull();
       FunctionKind kind = has_extends ? FunctionKind::kDefaultDerivedConstructor
                                       : FunctionKind::kDefaultBaseConstructor;
-      DeclarationScope* function_scope = NewFunctionScope(kind);
-      SetLanguageMode(function_scope, LanguageMode::kStrict);
-      function_scope->set_start_position(pos);
-      function_scope->set_end_position(pos);
-      FunctionState function_state(&function_state_, &scope_, function_scope);
-      GetNextFunctionLiteralId();
+      AddSyntheticFunctionDeclaration(kind, pos);
     }
     return PreParserExpression::Default();
   }
@@ -1187,9 +1187,6 @@ class PreParser : public ParserBase<PreParser> {
     return PreParserStatement::Default();
   }
 
-  V8_INLINE void QueueDestructuringAssignmentForRewriting(
-      PreParserExpression assignment) {}
-
   // Helper functions for recursive descent.
   V8_INLINE bool IsEval(const PreParserIdentifier& identifier) const {
     return identifier.IsEval();
@@ -1279,9 +1276,9 @@ class PreParser : public ParserBase<PreParser> {
   V8_INLINE static void CheckAssigningFunctionLiteralToProperty(
       const PreParserExpression& left, const PreParserExpression& right) {}
 
-  V8_INLINE bool ShortcutNumericLiteralBinaryExpression(
-      PreParserExpression* x, const PreParserExpression& y, Token::Value op,
-      int pos) {
+  V8_INLINE bool ShortcutLiteralBinaryExpression(PreParserExpression* x,
+                                                 const PreParserExpression& y,
+                                                 Token::Value op, int pos) {
     return false;
   }
 
@@ -1351,11 +1348,6 @@ class PreParser : public ParserBase<PreParser> {
   PreParserBlock BuildParameterInitializationBlock(
       const PreParserFormalParameters& parameters);
 
-  V8_INLINE PreParserBlock
-  BuildRejectPromiseOnException(PreParserStatement init_block) {
-    return PreParserBlock::Default();
-  }
-
   V8_INLINE void InsertSloppyBlockFunctionVarBindings(DeclarationScope* scope) {
     scope->HoistSloppyBlockFunctions(nullptr);
   }
@@ -1518,6 +1510,29 @@ class PreParser : public ParserBase<PreParser> {
     return PreParserStatementList();
   }
 
+  V8_INLINE PreParserExpression NewClassLiteralPropertyWithAccessorInfo(
+      ClassScope* scope, ClassInfo* class_info, const PreParserIdentifier& name,
+      const PreParserExpression& key, const PreParserExpression& value,
+      bool is_static, bool is_computed_name, bool is_private, int pos) {
+    // Declare the accessor storage name variable and generated getter and
+    // setter.
+    bool was_added;
+    DeclareVariableName(
+        AutoAccessorVariableName(ast_value_factory(),
+                                 class_info->autoaccessor_count++),
+        VariableMode::kConst, scope, &was_added);
+    DCHECK(was_added);
+    FunctionKind kind = is_static ? FunctionKind::kGetterFunction
+                                  : FunctionKind::kStaticGetterFunction;
+    AddSyntheticFunctionDeclaration(kind, pos + 1);
+    kind = is_static ? FunctionKind::kSetterFunction
+                     : FunctionKind::kStaticSetterFunction;
+    AddSyntheticFunctionDeclaration(kind, pos + 2);
+    return factory()->NewClassLiteralProperty(
+        key, value, ClassLiteralProperty::Kind::AUTO_ACCESSOR, is_static,
+        is_computed_name, is_private);
+  }
+
   V8_INLINE PreParserExpression
   NewV8Intrinsic(const PreParserIdentifier& name,
                  const PreParserExpressionList& arguments, int pos) {
diff --git a/deps/v8/src/parsing/rewriter.cc b/deps/v8/src/parsing/rewriter.cc
index 463a4e7a98a423..317ef27132284d 100644
--- a/deps/v8/src/parsing/rewriter.cc
+++ b/deps/v8/src/parsing/rewriter.cc
@@ -4,6 +4,8 @@
 
 #include "src/parsing/rewriter.h"
 
+#include <optional>
+
 #include "src/ast/ast.h"
 #include "src/ast/scopes.h"
 #include "src/logging/runtime-call-stats-scope.h"
@@ -18,8 +20,7 @@
   Visit(param);                                   \
   if (CheckStackOverflow()) return;
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class Processor final : public AstVisitor<Processor> {
  public:
@@ -358,6 +359,14 @@ void Processor::VisitInitializeClassStaticElementsStatement(
   replacement_ = node;
 }
 
+void Processor::VisitAutoAccessorGetterBody(AutoAccessorGetterBody* node) {
+  replacement_ = node;
+}
+
+void Processor::VisitAutoAccessorSetterBody(AutoAccessorSetterBody* node) {
+  replacement_ = node;
+}
+
 // Expressions are never visited.
 #define DEF_VISIT(type)                                         \
   void Processor::Visit##type(type* expr) { UNREACHABLE(); }
@@ -395,7 +404,7 @@ bool Rewriter::Rewrite(ParseInfo* info) {
   return RewriteBody(info, scope, body).has_value();
 }
 
-base::Optional<VariableProxy*> Rewriter::RewriteBody(
+std::optional<VariableProxy*> Rewriter::RewriteBody(
     ParseInfo* info, Scope* scope, ZonePtrList<Statement>* body) {
   DisallowGarbageCollection no_gc;
   DisallowHandleAllocation no_handles;
@@ -415,8 +424,17 @@ base::Optional<VariableProxy*> Rewriter::RewriteBody(
       VariableProxy* result_value =
           processor.factory()->NewVariableProxy(result, pos);
       if (!info->flags().is_repl_mode()) {
-        Statement* result_statement =
-            processor.factory()->NewReturnStatement(result_value, pos);
+        Statement* result_statement;
+        if (scope->is_module_scope() &&
+            IsModuleWithTopLevelAwait(
+                scope->AsDeclarationScope()->function_kind())) {
+          result_statement = processor.factory()->NewAsyncReturnStatement(
+              result_value, pos,
+              ReturnStatement::kFunctionLiteralReturnPosition);
+        } else {
+          result_statement =
+              processor.factory()->NewReturnStatement(result_value, pos);
+        }
         body->Add(result_statement, info->zone());
       }
       return result_value;
@@ -424,7 +442,7 @@ base::Optional<VariableProxy*> Rewriter::RewriteBody(
 
     if (processor.HasStackOverflow()) {
       info->pending_error_handler()->set_stack_overflow();
-      return base::nullopt;
+      return std::nullopt;
     }
   }
   return nullptr;
@@ -432,5 +450,4 @@ base::Optional<VariableProxy*> Rewriter::RewriteBody(
 
 #undef VISIT_AND_RETURN_IF_STACK_OVERFLOW
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/parsing/rewriter.h b/deps/v8/src/parsing/rewriter.h
index e2095b74f66205..7443ccaa0c80a4 100644
--- a/deps/v8/src/parsing/rewriter.h
+++ b/deps/v8/src/parsing/rewriter.h
@@ -5,12 +5,12 @@
 #ifndef V8_PARSING_REWRITER_H_
 #define V8_PARSING_REWRITER_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/zone/zone-type-traits.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class AstValueFactory;
 class Isolate;
@@ -34,13 +34,11 @@ class Rewriter {
   // Helper that does the actual re-writing. Extracted so REPL scripts can
   // rewrite the body but then use the ".result" VariableProxy to resolve
   // the async promise that is the result of running a REPL script.
-  // Returns base::nullopt in case something went wrong.
-  static base::Optional<VariableProxy*> RewriteBody(
+  // Returns std::nullopt in case something went wrong.
+  static std::optional<VariableProxy*> RewriteBody(
       ParseInfo* info, Scope* scope, ZonePtrList<Statement>* body);
 };
 
-
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_PARSING_REWRITER_H_
diff --git a/deps/v8/src/parsing/scanner-character-streams.cc b/deps/v8/src/parsing/scanner-character-streams.cc
index e0deed9119637c..699987b7d7e510 100644
--- a/deps/v8/src/parsing/scanner-character-streams.cc
+++ b/deps/v8/src/parsing/scanner-character-streams.cc
@@ -861,9 +861,9 @@ Utf16CharacterStream* ScannerStream::For(Isolate* isolate,
 
 Utf16CharacterStream* ScannerStream::For(Isolate* isolate, Handle<String> data,
                                          int start_pos, int end_pos) {
-  DCHECK_GE(start_pos, 0);
-  DCHECK_LE(start_pos, end_pos);
-  DCHECK_LE(end_pos, data->length());
+  CHECK_GE(start_pos, 0);
+  CHECK_LE(start_pos, end_pos);
+  CHECK_LE(end_pos, data->length());
   size_t start_offset = 0;
   if (IsSlicedString(*data)) {
     Tagged<SlicedString> string = Cast<SlicedString>(*data);
diff --git a/deps/v8/src/parsing/scanner.cc b/deps/v8/src/parsing/scanner.cc
index 26b2a8a9807428..1fe000046ebf8a 100644
--- a/deps/v8/src/parsing/scanner.cc
+++ b/deps/v8/src/parsing/scanner.cc
@@ -9,17 +9,18 @@
 #include <stdint.h>
 
 #include <cmath>
+#include <optional>
 
 #include "src/ast/ast-value-factory.h"
 #include "src/base/strings.h"
 #include "src/numbers/conversions-inl.h"
+#include "src/numbers/conversions.h"
 #include "src/objects/bigint.h"
 #include "src/parsing/parse-info.h"
 #include "src/parsing/scanner-inl.h"
 #include "src/zone/zone.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class Scanner::ErrorState {
  public:
@@ -748,7 +749,7 @@ bool Scanner::ScanOctalDigits() {
 
 bool Scanner::ScanImplicitOctalDigits(int start_pos,
                                       Scanner::NumberKind* kind) {
-  *kind = IMPLICIT_OCTAL;
+  DCHECK_EQ(*kind, IMPLICIT_OCTAL);
 
   while (true) {
     // (possible) octal number
@@ -842,7 +843,7 @@ Token::Value Scanner::ScanNumber(bool seen_period) {
 
         if (next().literal_chars.one_byte_literal().length() <= 10 &&
             value <= Smi::kMaxValue && c0_ != '.' && !IsIdentifierStart(c0_)) {
-          next().smi_value_ = static_cast<uint32_t>(value);
+          next().smi_value = static_cast<uint32_t>(value);
 
           if (kind == DECIMAL_WITH_LEADING_ZERO) {
             octal_pos_ = Location(start_pos, source_pos());
@@ -883,7 +884,7 @@ Token::Value Scanner::ScanNumber(bool seen_period) {
     Advance();
   } else if (AsciiAlphaToLower(c0_) == 'e') {
     // scan exponent, if any
-    DCHECK(kind != HEX);  // 'e'/'E' must be scanned as part of the hex number
+    DCHECK_NE(kind, HEX);  // 'e'/'E' must be scanned as part of the hex number
 
     if (!IsDecimalNumberKind(kind)) return Token::kIllegal;
 
@@ -906,6 +907,7 @@ Token::Value Scanner::ScanNumber(bool seen_period) {
     octal_message_ = MessageTemplate::kStrictDecimalWithLeadingZero;
   }
 
+  next().number_kind = kind;
   return is_bigint ? Token::kBigInt : Token::kNumber;
 }
 
@@ -1028,13 +1030,13 @@ bool Scanner::ScanRegExpPattern() {
   return true;
 }
 
-base::Optional<RegExpFlags> Scanner::ScanRegExpFlags() {
+std::optional<RegExpFlags> Scanner::ScanRegExpFlags() {
   DCHECK_EQ(Token::kRegExpLiteral, next().token);
 
   RegExpFlags flags;
   next().literal_chars.Start();
   while (IsIdentifierPart(c0_)) {
-    base::Optional<RegExpFlag> maybe_flag = JSRegExp::FlagFromChar(c0_);
+    std::optional<RegExpFlag> maybe_flag = JSRegExp::FlagFromChar(c0_);
     if (!maybe_flag.has_value()) return {};
     RegExpFlag flag = maybe_flag.value();
     if (flags & flag) return {};
@@ -1073,9 +1075,19 @@ const AstRawString* Scanner::CurrentRawSymbol(
 
 double Scanner::DoubleValue() {
   DCHECK(is_literal_one_byte());
-  return StringToDouble(
-      literal_one_byte_string(),
-      ALLOW_HEX | ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL | ALLOW_BINARY);
+  switch (current().number_kind) {
+    case IMPLICIT_OCTAL:
+      return ImplicitOctalStringToDouble(literal_one_byte_string());
+    case BINARY:
+      return BinaryStringToDouble(literal_one_byte_string());
+    case OCTAL:
+      return OctalStringToDouble(literal_one_byte_string());
+    case HEX:
+      return HexStringToDouble(literal_one_byte_string());
+    case DECIMAL:
+    case DECIMAL_WITH_LEADING_ZERO:
+      return StringToDouble(literal_one_byte_string(), NO_CONVERSION_FLAG);
+  }
 }
 
 const char* Scanner::CurrentLiteralAsCString(Zone* zone) const {
@@ -1109,5 +1121,4 @@ void Scanner::SeekNext(size_t position) {
   DCHECK_EQ(next().location.beg_pos, static_cast<int>(position));
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/parsing/scanner.h b/deps/v8/src/parsing/scanner.h
index 33501450288c71..6c497ba61a8f78 100644
--- a/deps/v8/src/parsing/scanner.h
+++ b/deps/v8/src/parsing/scanner.h
@@ -9,6 +9,7 @@
 
 #include <algorithm>
 #include <memory>
+#include <optional>
 
 #include "src/base/logging.h"
 #include "src/base/strings.h"
@@ -22,8 +23,7 @@
 #include "src/strings/unicode.h"
 #include "src/utils/allocation.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class AstRawString;
 class AstValueFactory;
@@ -386,7 +386,7 @@ class V8_EXPORT_PRIVATE Scanner {
   MessageTemplate octal_message() const { return octal_message_; }
 
   // Returns the value of the last smi that was scanned.
-  uint32_t smi_value() const { return current().smi_value_; }
+  uint32_t smi_value() const { return current().smi_value; }
 
   // Seek forward to the given position.  This operation does not
   // work in general, for instance when there are pushed back
@@ -416,7 +416,7 @@ class V8_EXPORT_PRIVATE Scanner {
   // Returns true if a pattern is scanned.
   bool ScanRegExpPattern();
   // Scans the input as regular expression flags. Returns the flags on success.
-  base::Optional<RegExpFlags> ScanRegExpFlags();
+  std::optional<RegExpFlags> ScanRegExpFlags();
 
   // Scans the input as a template literal
   Token::Value ScanTemplateContinuation() {
@@ -448,6 +448,15 @@ class V8_EXPORT_PRIVATE Scanner {
   // escape sequences are allowed.
   class ErrorState;
 
+  enum NumberKind {
+    IMPLICIT_OCTAL,
+    BINARY,
+    OCTAL,
+    HEX,
+    DECIMAL,
+    DECIMAL_WITH_LEADING_ZERO
+  };
+
   // The current and look-ahead tokens.
   struct TokenDesc {
     Location location = {0, 0};
@@ -456,7 +465,8 @@ class V8_EXPORT_PRIVATE Scanner {
     Token::Value token = Token::kUninitialized;
     MessageTemplate invalid_template_escape_message = MessageTemplate::kNone;
     Location invalid_template_escape_location;
-    uint32_t smi_value_ = 0;
+    NumberKind number_kind;
+    uint32_t smi_value = 0;
     bool after_line_terminator = false;
 
 #ifdef DEBUG
@@ -475,15 +485,6 @@ class V8_EXPORT_PRIVATE Scanner {
 #endif  // DEBUG
   };
 
-  enum NumberKind {
-    IMPLICIT_OCTAL,
-    BINARY,
-    OCTAL,
-    HEX,
-    DECIMAL,
-    DECIMAL_WITH_LEADING_ZERO
-  };
-
   inline bool IsValidBigIntKind(NumberKind kind) {
     return base::IsInRange(kind, BINARY, DECIMAL);
   }
@@ -772,7 +773,6 @@ class V8_EXPORT_PRIVATE Scanner {
   Location scanner_error_location_;
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_PARSING_SCANNER_H_
diff --git a/deps/v8/src/profiler/allocation-tracker.cc b/deps/v8/src/profiler/allocation-tracker.cc
index c18e701d377121..337de283675e86 100644
--- a/deps/v8/src/profiler/allocation-tracker.cc
+++ b/deps/v8/src/profiler/allocation-tracker.cc
@@ -232,7 +232,7 @@ AllocationTracker::ScriptData::ScriptData(Tagged<Script> script,
       line_ends_(Script::GetLineEnds(isolate, handle(script, isolate))),
       tracker_(tracker) {
   DirectHandle<Script> script_direct_handle(script, isolate);
-  auto local_script = ToApiHandle<debug::Script>(script_direct_handle, isolate);
+  auto local_script = ToApiHandle<debug::Script>(script_direct_handle);
   script_.Reset(local_script->GetIsolate(), local_script);
   script_.SetWeak(this, &HandleWeakScript, v8::WeakCallbackType::kParameter);
 }
diff --git a/deps/v8/src/profiler/heap-profiler.cc b/deps/v8/src/profiler/heap-profiler.cc
index 8683d7e5f14478..7c8c9089fe8a18 100644
--- a/deps/v8/src/profiler/heap-profiler.cc
+++ b/deps/v8/src/profiler/heap-profiler.cc
@@ -5,10 +5,10 @@
 #include "src/profiler/heap-profiler.h"
 
 #include <fstream>
+#include <optional>
 
 #include "include/v8-profiler.h"
 #include "src/api/api-inl.h"
-#include "src/base/optional.h"
 #include "src/debug/debug.h"
 #include "src/heap/combined-heap.h"
 #include "src/heap/heap-inl.h"
@@ -18,8 +18,7 @@
 #include "src/profiler/heap-snapshot-generator-inl.h"
 #include "src/profiler/sampling-heap-profiler.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 HeapProfiler::HeapProfiler(Heap* heap)
     : ids_(new HeapObjectsMap(heap)),
@@ -49,6 +48,33 @@ void HeapProfiler::RemoveSnapshot(HeapSnapshot* snapshot) {
                    }));
 }
 
+std::vector<v8::Local<v8::Value>> HeapProfiler::GetDetachedJSWrapperObjects() {
+  heap()->CollectAllAvailableGarbage(GarbageCollectionReason::kHeapProfiler);
+
+  std::vector<v8::Local<v8::Value>> js_objects_found;
+  HeapObjectIterator iterator(heap());
+  for (Tagged<HeapObject> obj = iterator.Next(); !obj.is_null();
+       obj = iterator.Next()) {
+    if (IsCodeSpaceObject(obj)) continue;
+    if (!IsJSApiWrapperObject(obj)) continue;
+    // Ensure object is wrappable, otherwise GetDetachedness() can crash
+    JSApiWrapper wrapper = JSApiWrapper(Cast<JSObject>(obj));
+    if (!wrapper.GetCppHeapWrappable(isolate(), kAnyCppHeapPointer)) continue;
+
+    v8::Local<v8::Value> data(
+        Utils::ToLocal(handle(Cast<JSObject>(obj), isolate())));
+    v8::EmbedderGraph::Node::Detachedness detachedness =
+        GetDetachedness(data, 0);
+
+    if (detachedness != v8::EmbedderGraph::Node::Detachedness::kDetached)
+      continue;
+
+    js_objects_found.push_back(data);
+  }
+
+  return js_objects_found;
+}
+
 void HeapProfiler::AddBuildEmbedderGraphCallback(
     v8::HeapProfiler::BuildEmbedderGraphCallback callback, void* data) {
   build_embedder_graph_callbacks_.push_back({callback, data});
@@ -98,7 +124,7 @@ HeapSnapshot* HeapProfiler::TakeSnapshot(
   // The garbage collection and the filling of references in GenerateSnapshot
   // should scan the same part of the stack.
   heap()->stack().SetMarkerIfNeededAndCallback([this, &options, &result]() {
-    base::Optional<CppClassNamesAsHeapObjectNameScope> use_cpp_class_name;
+    std::optional<CppClassNamesAsHeapObjectNameScope> use_cpp_class_name;
     if (result->expose_internals() && heap()->cpp_heap()) {
       use_cpp_class_name.emplace(heap()->cpp_heap());
     }
@@ -346,5 +372,4 @@ void HeapProfiler::QueryObjects(DirectHandle<Context> context,
   });
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/profiler/heap-profiler.h b/deps/v8/src/profiler/heap-profiler.h
index cc34b395bad408..482b2770c7eee1 100644
--- a/deps/v8/src/profiler/heap-profiler.h
+++ b/deps/v8/src/profiler/heap-profiler.h
@@ -91,6 +91,8 @@ class HeapProfiler : public HeapObjectAllocationTracker {
   void DeleteAllSnapshots();
   void RemoveSnapshot(HeapSnapshot* snapshot);
 
+  std::vector<v8::Local<v8::Value>> GetDetachedJSWrapperObjects();
+
   void ObjectMoveEvent(Address from, Address to, int size,
                        bool is_native_object);
 
diff --git a/deps/v8/src/profiler/heap-snapshot-generator.cc b/deps/v8/src/profiler/heap-snapshot-generator.cc
index fc690f911e9db5..7e2089e1f1abbd 100644
--- a/deps/v8/src/profiler/heap-snapshot-generator.cc
+++ b/deps/v8/src/profiler/heap-snapshot-generator.cc
@@ -4,10 +4,10 @@
 
 #include "src/profiler/heap-snapshot-generator.h"
 
+#include <optional>
 #include <utility>
 
 #include "src/api/api-inl.h"
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "src/codegen/assembler-inl.h"
 #include "src/common/assert-scope.h"
@@ -49,8 +49,7 @@
 #include "src/wasm/wasm-objects.h"
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #ifdef V8_ENABLE_HEAP_SNAPSHOT_VERIFY
 class HeapEntryVerifier {
@@ -1690,9 +1689,12 @@ void V8HeapExplorer::ExtractSharedFunctionInfoReferences(
                        SharedFunctionInfo::kNameOrScopeInfoOffset);
   SetInternalReference(entry, "script", shared->script(kAcquireLoad),
                        SharedFunctionInfo::kScriptOffset);
-  SetInternalReference(entry, "function_data",
-                       shared->function_data(kAcquireLoad),
-                       SharedFunctionInfo::kFunctionDataOffset);
+  SetInternalReference(entry, "trusted_function_data",
+                       shared->GetTrustedData(isolate()),
+                       SharedFunctionInfo::kTrustedFunctionDataOffset);
+  SetInternalReference(entry, "untrusted_function_data",
+                       shared->GetUntrustedData(),
+                       SharedFunctionInfo::kUntrustedFunctionDataOffset);
   SetInternalReference(
       entry, "raw_outer_scope_info_or_feedback_metadata",
       shared->raw_outer_scope_info_or_feedback_metadata(),
@@ -1709,8 +1711,7 @@ void V8HeapExplorer::ExtractScriptReferences(HeapEntry* entry,
   TagObject(script->line_ends(), "(script line ends)", HeapEntry::kCode);
   SetInternalReference(entry, "line_ends", script->line_ends(),
                        Script::kLineEndsOffset);
-  TagObject(script->shared_function_infos(), "(shared function infos)",
-            HeapEntry::kCode);
+  TagObject(script->infos(), "(infos)", HeapEntry::kCode);
   TagObject(script->host_defined_options(), "(host-defined options)",
             HeapEntry::kCode);
 #if V8_ENABLE_WEBASSEMBLY
@@ -1724,7 +1725,7 @@ void V8HeapExplorer::ExtractScriptReferences(HeapEntry* entry,
                          Script::kEvalFromPositionOffset);
     SetInternalReference(entry, "wasm_weak_instance_list",
                          script->wasm_weak_instance_list(),
-                         Script::kSharedFunctionInfosOffset);
+                         Script::kInfosOffset);
   }
 #endif
 }
@@ -1871,7 +1872,7 @@ void V8HeapExplorer::ExtractArrayBoilerplateDescriptionReferences(
 
 void V8HeapExplorer::ExtractRegExpBoilerplateDescriptionReferences(
     HeapEntry* entry, Tagged<RegExpBoilerplateDescription> value) {
-  TagObject(value->data(), "(RegExp data)", HeapEntry::kCode);
+  TagObject(value->data(isolate()), "(RegExpData)", HeapEntry::kCode);
 }
 
 class JSArrayBufferDataEntryAllocator : public HeapEntriesAllocator {
@@ -2351,7 +2352,7 @@ class RootsReferencesExtractor : public RootVisitor {
   void VisitRootPointer(Root root, const char* description,
                         FullObjectSlot p) override {
     Tagged<Object> object = *p;
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
     if (object.ptr() == kTaggedNullAddress) return;
 #endif
     if (root == Root::kBuiltins) {
@@ -2612,7 +2613,7 @@ void V8HeapExplorer::SetWeakReference(
 
 void V8HeapExplorer::SetWeakReference(HeapEntry* parent_entry, int index,
                                       Tagged<Object> child_obj,
-                                      base::Optional<int> field_offset) {
+                                      std::optional<int> field_offset) {
   if (!IsEssentialObject(child_obj)) {
     return;
   }
@@ -2739,7 +2740,7 @@ const char* V8HeapExplorer::GetStrongGcSubrootName(Tagged<HeapObject> object) {
 }
 
 void V8HeapExplorer::TagObject(Tagged<Object> obj, const char* tag,
-                               base::Optional<HeapEntry::Type> type,
+                               std::optional<HeapEntry::Type> type,
                                bool overwrite_existing_name) {
   if (IsEssentialObject(obj)) {
     HeapEntry* entry = GetEntry(obj);
@@ -3710,5 +3711,4 @@ void HeapSnapshotJSONSerializer::SerializeLocations() {
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/profiler/heap-snapshot-generator.h b/deps/v8/src/profiler/heap-snapshot-generator.h
index f624eaacf4a5bb..16f5b670347a97 100644
--- a/deps/v8/src/profiler/heap-snapshot-generator.h
+++ b/deps/v8/src/profiler/heap-snapshot-generator.h
@@ -7,6 +7,7 @@
 
 #include <deque>
 #include <memory>
+#include <optional>
 #include <unordered_map>
 #include <unordered_set>
 #include <vector>
@@ -29,8 +30,7 @@
 #include "src/heap/reference-summarizer.h"
 #endif
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 class AllocationTraceNode;
 class HeapEntry;
@@ -556,7 +556,7 @@ class V8_EXPORT_PRIVATE V8HeapExplorer : public HeapEntriesAllocator {
       HeapEntry::ReferenceVerification verification = HeapEntry::kVerify);
   void SetWeakReference(HeapEntry* parent_entry, int index,
                         Tagged<Object> child_obj,
-                        base::Optional<int> field_offset);
+                        std::optional<int> field_offset);
   void SetPropertyReference(HeapEntry* parent_entry,
                             Tagged<Name> reference_name, Tagged<Object> child,
                             const char* name_format_string = nullptr,
@@ -573,7 +573,7 @@ class V8_EXPORT_PRIVATE V8HeapExplorer : public HeapEntriesAllocator {
                              Tagged<Object> child);
   const char* GetStrongGcSubrootName(Tagged<HeapObject> object);
   void TagObject(Tagged<Object> obj, const char* tag,
-                 base::Optional<HeapEntry::Type> type = {},
+                 std::optional<HeapEntry::Type> type = {},
                  bool overwrite_existing_name = false);
   void RecursivelyTagConstantPool(Tagged<Object> obj, const char* tag,
                                   HeapEntry::Type type, int recursion_limit);
@@ -782,8 +782,6 @@ class HeapSnapshotJSONSerializer {
   friend class HeapSnapshotJSONSerializerIterator;
 };
 
-
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_PROFILER_HEAP_SNAPSHOT_GENERATOR_H_
diff --git a/deps/v8/src/profiler/sampling-heap-profiler.cc b/deps/v8/src/profiler/sampling-heap-profiler.cc
index 345c10d2fd6e85..43d05d39f273e8 100644
--- a/deps/v8/src/profiler/sampling-heap-profiler.cc
+++ b/deps/v8/src/profiler/sampling-heap-profiler.cc
@@ -244,7 +244,7 @@ v8::AllocationProfile::Node* SamplingHeapProfiler::TranslateAllocationNode(
   if (node->script_id_ != v8::UnboundScript::kNoScriptId) {
     auto script_iterator = scripts.find(node->script_id_);
     if (script_iterator != scripts.end()) {
-      Handle<Script> script = script_iterator->second;
+      DirectHandle<Script> script = script_iterator->second;
       if (IsName(script->name())) {
         Tagged<Name> name = Cast<Name>(script->name());
         script_name = ToApiHandle<v8::String>(
diff --git a/deps/v8/src/regexp/experimental/experimental-interpreter.cc b/deps/v8/src/regexp/experimental/experimental-interpreter.cc
index 30bd24325c3a55..649dce7855d5a3 100644
--- a/deps/v8/src/regexp/experimental/experimental-interpreter.cc
+++ b/deps/v8/src/regexp/experimental/experimental-interpreter.cc
@@ -4,9 +4,9 @@
 
 #include "src/regexp/experimental/experimental-interpreter.h"
 
+#include <optional>
 #include <string>
 
-#include "src/base/optional.h"
 #include "src/base/strings.h"
 #include "src/common/assert-scope.h"
 #include "src/flags/flags.h"
@@ -59,7 +59,8 @@ bool SatisfiesAssertion(RegExpAssertion::Type type,
 }
 
 base::Vector<RegExpInstruction> ToInstructionVector(
-    Tagged<ByteArray> raw_bytes, const DisallowGarbageCollection& no_gc) {
+    Tagged<TrustedByteArray> raw_bytes,
+    const DisallowGarbageCollection& no_gc) {
   RegExpInstruction* inst_begin =
       reinterpret_cast<RegExpInstruction*>(raw_bytes->begin());
   int inst_num = raw_bytes->length() / sizeof(RegExpInstruction);
@@ -275,8 +276,9 @@ class NfaInterpreter {
   // ACCEPTing thread with highest priority.
  public:
   NfaInterpreter(Isolate* isolate, RegExp::CallOrigin call_origin,
-                 Tagged<ByteArray> bytecode, int register_count_per_match,
-                 Tagged<String> input, int32_t input_index, Zone* zone)
+                 Tagged<TrustedByteArray> bytecode,
+                 int register_count_per_match, Tagged<String> input,
+                 int32_t input_index, Zone* zone)
       : isolate_(isolate),
         call_origin_(call_origin),
         bytecode_object_(bytecode),
@@ -461,7 +463,8 @@ class NfaInterpreter {
     } else {
       DCHECK(call_origin_ == RegExp::CallOrigin::kFromRuntime);
       HandleScope handles(isolate_);
-      DirectHandle<ByteArray> bytecode_handle(bytecode_object_, isolate_);
+      DirectHandle<TrustedByteArray> bytecode_handle(bytecode_object_,
+                                                     isolate_);
       DirectHandle<String> input_handle(input_object_, isolate_);
 
       if (check.JsHasOverflowed()) {
@@ -1014,7 +1017,7 @@ class NfaInterpreter {
 
   DisallowGarbageCollection no_gc_;
 
-  Tagged<ByteArray> bytecode_object_;
+  Tagged<TrustedByteArray> bytecode_object_;
   base::Vector<const RegExpInstruction> bytecode_;
 
   // Number of registers used per thread.
@@ -1095,7 +1098,7 @@ class NfaInterpreter {
 
 int ExperimentalRegExpInterpreter::FindMatches(
     Isolate* isolate, RegExp::CallOrigin call_origin,
-    Tagged<ByteArray> bytecode, int register_count_per_match,
+    Tagged<TrustedByteArray> bytecode, int register_count_per_match,
     Tagged<String> input, int start_index, int32_t* output_registers,
     int output_register_count, Zone* zone) {
   DCHECK(input->IsFlat());
diff --git a/deps/v8/src/regexp/experimental/experimental-interpreter.h b/deps/v8/src/regexp/experimental/experimental-interpreter.h
index 0c2fa4b8457f60..1158ece2d61a35 100644
--- a/deps/v8/src/regexp/experimental/experimental-interpreter.h
+++ b/deps/v8/src/regexp/experimental/experimental-interpreter.h
@@ -11,7 +11,7 @@
 namespace v8 {
 namespace internal {
 
-class ByteArray;
+class TrustedByteArray;
 class String;
 class Zone;
 
@@ -24,7 +24,7 @@ class ExperimentalRegExpInterpreter final : public AllStatic {
   // are written to `matches_out`.  Provided in variants for one-byte and
   // two-byte strings.
   static int FindMatches(Isolate* isolate, RegExp::CallOrigin call_origin,
-                         Tagged<ByteArray> bytecode, int capture_count,
+                         Tagged<TrustedByteArray> bytecode, int capture_count,
                          Tagged<String> input, int start_index,
                          int32_t* output_registers, int output_register_count,
                          Zone* zone);
diff --git a/deps/v8/src/regexp/experimental/experimental.cc b/deps/v8/src/regexp/experimental/experimental.cc
index 0e0f74d2f97e69..883d940bcdf712 100644
--- a/deps/v8/src/regexp/experimental/experimental.cc
+++ b/deps/v8/src/regexp/experimental/experimental.cc
@@ -4,6 +4,8 @@
 
 #include "src/regexp/experimental/experimental.h"
 
+#include <optional>
+
 #include "src/common/assert-scope.h"
 #include "src/objects/js-regexp-inl.h"
 #include "src/regexp/experimental/experimental-compiler.h"
@@ -11,8 +13,7 @@
 #include "src/regexp/regexp-parser.h"
 #include "src/utils/ostreams.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 bool ExperimentalRegExp::CanBeHandled(RegExpTree* tree, Handle<String> pattern,
                                       RegExpFlags flags, int capture_count) {
@@ -40,24 +41,26 @@ void ExperimentalRegExp::Initialize(Isolate* isolate, DirectHandle<JSRegExp> re,
       re, source, JSRegExp::AsJSRegExpFlags(flags), capture_count);
 }
 
-bool ExperimentalRegExp::IsCompiled(DirectHandle<JSRegExp> re,
+bool ExperimentalRegExp::IsCompiled(DirectHandle<IrRegExpData> re_data,
                                     Isolate* isolate) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
-  DCHECK_EQ(re->type_tag(), JSRegExp::EXPERIMENTAL);
+  DCHECK_EQ(re_data->type_tag(), RegExpData::Type::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  if (v8_flags.verify_heap) re->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) re_data->IrRegExpDataVerify(isolate);
 #endif
 
   static constexpr bool kIsLatin1 = true;
-  return re->bytecode(kIsLatin1) != Smi::FromInt(JSRegExp::kUninitializedValue);
+  return re_data->has_bytecode(kIsLatin1);
 }
 
 template <class T>
-Handle<ByteArray> VectorToByteArray(Isolate* isolate, base::Vector<T> data) {
+Handle<TrustedByteArray> VectorToByteArray(Isolate* isolate,
+                                           base::Vector<T> data) {
   static_assert(std::is_trivial<T>::value);
 
   int byte_length = sizeof(T) * data.length();
-  Handle<ByteArray> byte_array = isolate->factory()->NewByteArray(byte_length);
+  Handle<TrustedByteArray> byte_array =
+      isolate->factory()->NewTrustedByteArray(byte_length);
   DisallowGarbageCollection no_gc;
   MemCopy(byte_array->begin(), data.begin(), byte_length);
   return byte_array;
@@ -66,35 +69,35 @@ Handle<ByteArray> VectorToByteArray(Isolate* isolate, base::Vector<T> data) {
 namespace {
 
 struct CompilationResult {
-  Handle<ByteArray> bytecode;
+  Handle<TrustedByteArray> bytecode;
   Handle<FixedArray> capture_name_map;
 };
 
 // Compiles source pattern, but doesn't change the regexp object.
-base::Optional<CompilationResult> CompileImpl(Isolate* isolate,
-                                              DirectHandle<JSRegExp> regexp) {
+std::optional<CompilationResult> CompileImpl(
+    Isolate* isolate, DirectHandle<IrRegExpData> re_data) {
   Zone zone(isolate->allocator(), ZONE_NAME);
 
-  Handle<String> source(regexp->source(), isolate);
+  Handle<String> source(re_data->source(), isolate);
 
   // Parse and compile the regexp source.
   RegExpCompileData parse_result;
   DCHECK(!isolate->has_exception());
 
-  RegExpFlags flags = JSRegExp::AsRegExpFlags(regexp->flags());
+  RegExpFlags flags = JSRegExp::AsRegExpFlags(re_data->flags());
   bool parse_success = RegExpParser::ParseRegExpFromHeapString(
       isolate, &zone, source, flags, &parse_result);
   if (!parse_success) {
     // The pattern was already parsed successfully during initialization, so
     // the only way parsing can fail now is because of stack overflow.
     DCHECK_EQ(parse_result.error, RegExpError::kStackOverflow);
-    USE(RegExp::ThrowRegExpException(isolate, regexp, flags, source,
+    USE(RegExp::ThrowRegExpException(isolate, flags, source,
                                      parse_result.error));
-    return base::nullopt;
+    return std::nullopt;
   }
 
   ZoneList<RegExpInstruction> bytecode = ExperimentalRegExpCompiler::Compile(
-      parse_result.tree, JSRegExp::AsRegExpFlags(regexp->flags()), &zone);
+      parse_result.tree, JSRegExp::AsRegExpFlags(re_data->flags()), &zone);
 
   CompilationResult result;
   result.bytecode = VectorToByteArray(isolate, bytecode.ToVector());
@@ -105,33 +108,34 @@ base::Optional<CompilationResult> CompileImpl(Isolate* isolate,
 
 }  // namespace
 
-bool ExperimentalRegExp::Compile(Isolate* isolate, DirectHandle<JSRegExp> re) {
+bool ExperimentalRegExp::Compile(Isolate* isolate,
+                                 DirectHandle<IrRegExpData> re_data) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
-  DCHECK_EQ(re->type_tag(), JSRegExp::EXPERIMENTAL);
+  DCHECK_EQ(re_data->type_tag(), RegExpData::Type::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  if (v8_flags.verify_heap) re->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) re_data->IrRegExpDataVerify(isolate);
 #endif
 
-  DirectHandle<String> source(re->source(), isolate);
+  DirectHandle<String> source(re_data->source(), isolate);
   if (v8_flags.trace_experimental_regexp_engine) {
     StdoutStream{} << "Compiling experimental regexp " << *source << std::endl;
   }
 
-  base::Optional<CompilationResult> compilation_result =
-      CompileImpl(isolate, re);
+  std::optional<CompilationResult> compilation_result =
+      CompileImpl(isolate, re_data);
   if (!compilation_result.has_value()) {
     DCHECK(isolate->has_exception());
     return false;
   }
 
-  re->set_bytecode_and_trampoline(isolate, compilation_result->bytecode);
-  re->set_capture_name_map(compilation_result->capture_name_map);
+  re_data->SetBytecodeForExperimental(isolate, *compilation_result->bytecode);
+  re_data->set_capture_name_map(compilation_result->capture_name_map);
 
   return true;
 }
 
 base::Vector<RegExpInstruction> AsInstructionSequence(
-    Tagged<ByteArray> raw_bytes) {
+    Tagged<TrustedByteArray> raw_bytes) {
   RegExpInstruction* inst_begin =
       reinterpret_cast<RegExpInstruction*>(raw_bytes->begin());
   int inst_num = raw_bytes->length() / sizeof(RegExpInstruction);
@@ -142,7 +146,7 @@ base::Vector<RegExpInstruction> AsInstructionSequence(
 namespace {
 
 int32_t ExecRawImpl(Isolate* isolate, RegExp::CallOrigin call_origin,
-                    Tagged<ByteArray> bytecode, Tagged<String> subject,
+                    Tagged<TrustedByteArray> bytecode, Tagged<String> subject,
                     int capture_count, int32_t* output_registers,
                     int32_t output_register_count, int32_t subject_index) {
   DisallowGarbageCollection no_gc;
@@ -164,30 +168,33 @@ int32_t ExecRawImpl(Isolate* isolate, RegExp::CallOrigin call_origin,
 }  // namespace
 
 // Returns the number of matches.
-int32_t ExperimentalRegExp::ExecRaw(
-    Isolate* isolate, RegExp::CallOrigin call_origin, Tagged<JSRegExp> regexp,
-    Tagged<String> subject, int32_t* output_registers,
-    int32_t output_register_count, int32_t subject_index) {
+int32_t ExperimentalRegExp::ExecRaw(Isolate* isolate,
+                                    RegExp::CallOrigin call_origin,
+                                    Tagged<IrRegExpData> regexp_data,
+                                    Tagged<String> subject,
+                                    int32_t* output_registers,
+                                    int32_t output_register_count,
+                                    int32_t subject_index) {
   CHECK(v8_flags.enable_experimental_regexp_engine);
   DisallowGarbageCollection no_gc;
 
   if (v8_flags.trace_experimental_regexp_engine) {
-    StdoutStream{} << "Executing experimental regexp " << regexp->source()
+    StdoutStream{} << "Executing experimental regexp " << regexp_data->source()
                    << std::endl;
   }
 
   static constexpr bool kIsLatin1 = true;
-  Tagged<ByteArray> bytecode = Cast<ByteArray>(regexp->bytecode(kIsLatin1));
+  Tagged<TrustedByteArray> bytecode = regexp_data->bytecode(kIsLatin1);
 
   return ExecRawImpl(isolate, call_origin, bytecode, subject,
-                     regexp->capture_count(), output_registers,
+                     regexp_data->capture_count(), output_registers,
                      output_register_count, subject_index);
 }
 
 int32_t ExperimentalRegExp::MatchForCallFromJs(
     Address subject, int32_t start_position, Address input_start,
     Address input_end, int* output_registers, int32_t output_register_count,
-    RegExp::CallOrigin call_origin, Isolate* isolate, Address regexp) {
+    RegExp::CallOrigin call_origin, Isolate* isolate, Address regexp_data) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
   DCHECK_NOT_NULL(isolate);
   DCHECK_NOT_NULL(output_registers);
@@ -200,32 +207,33 @@ int32_t ExperimentalRegExp::MatchForCallFromJs(
 
   Tagged<String> subject_string = Cast<String>(Tagged<Object>(subject));
 
-  Tagged<JSRegExp> regexp_obj = Cast<JSRegExp>(Tagged<Object>(regexp));
+  Tagged<IrRegExpData> regexp_data_obj =
+      Cast<IrRegExpData>(Tagged<Object>(regexp_data));
 
-  return ExecRaw(isolate, RegExp::kFromJs, regexp_obj, subject_string,
+  return ExecRaw(isolate, RegExp::kFromJs, regexp_data_obj, subject_string,
                  output_registers, output_register_count, start_position);
 }
 
 MaybeHandle<Object> ExperimentalRegExp::Exec(
-    Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
-    int subject_index, Handle<RegExpMatchInfo> last_match_info,
-    RegExp::ExecQuirks exec_quirks) {
+    Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+    Handle<String> subject, int subject_index,
+    Handle<RegExpMatchInfo> last_match_info, RegExp::ExecQuirks exec_quirks) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
-  DCHECK_EQ(regexp->type_tag(), JSRegExp::EXPERIMENTAL);
+  DCHECK_EQ(regexp_data->type_tag(), RegExpData::Type::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  if (v8_flags.verify_heap) regexp->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) regexp_data->IrRegExpDataVerify(isolate);
 #endif
 
-  if (!IsCompiled(regexp, isolate) && !Compile(isolate, regexp)) {
+  if (!IsCompiled(regexp_data, isolate) && !Compile(isolate, regexp_data)) {
     DCHECK(isolate->has_exception());
     return MaybeHandle<Object>();
   }
 
-  DCHECK(IsCompiled(regexp, isolate));
+  DCHECK(IsCompiled(regexp_data, isolate));
 
   subject = String::Flatten(isolate, subject);
 
-  int capture_count = regexp->capture_count();
+  int capture_count = regexp_data->capture_count();
   int output_register_count = JSRegExp::RegistersForCaptureCount(capture_count);
 
   int32_t* output_registers;
@@ -239,7 +247,7 @@ MaybeHandle<Object> ExperimentalRegExp::Exec(
 
   do {
     int num_matches =
-        ExecRaw(isolate, RegExp::kFromRuntime, *regexp, *subject,
+        ExecRaw(isolate, RegExp::kFromRuntime, *regexp_data, *subject,
                 output_registers, output_register_count, subject_index);
 
     if (num_matches > 0) {
@@ -266,38 +274,35 @@ MaybeHandle<Object> ExperimentalRegExp::Exec(
   UNREACHABLE();
 }
 
-int32_t ExperimentalRegExp::OneshotExecRaw(Isolate* isolate,
-                                           DirectHandle<JSRegExp> regexp,
-                                           DirectHandle<String> subject,
-                                           int32_t* output_registers,
-                                           int32_t output_register_count,
-                                           int32_t subject_index) {
+int32_t ExperimentalRegExp::OneshotExecRaw(
+    Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+    DirectHandle<String> subject, int32_t* output_registers,
+    int32_t output_register_count, int32_t subject_index) {
   CHECK(v8_flags.enable_experimental_regexp_engine_on_excessive_backtracks);
 
   if (v8_flags.trace_experimental_regexp_engine) {
     StdoutStream{} << "Experimental execution (oneshot) of regexp "
-                   << regexp->source() << std::endl;
+                   << regexp_data->source() << std::endl;
   }
 
-  base::Optional<CompilationResult> compilation_result =
-      CompileImpl(isolate, regexp);
+  std::optional<CompilationResult> compilation_result =
+      CompileImpl(isolate, regexp_data);
   if (!compilation_result.has_value()) return RegExp::kInternalRegExpException;
 
   DisallowGarbageCollection no_gc;
   return ExecRawImpl(isolate, RegExp::kFromRuntime,
                      *compilation_result->bytecode, *subject,
-                     regexp->capture_count(), output_registers,
+                     regexp_data->capture_count(), output_registers,
                      output_register_count, subject_index);
 }
 
 MaybeHandle<Object> ExperimentalRegExp::OneshotExec(
-    Isolate* isolate, Handle<JSRegExp> regexp, DirectHandle<String> subject,
-    int subject_index, Handle<RegExpMatchInfo> last_match_info,
-    RegExp::ExecQuirks exec_quirks) {
+    Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+    DirectHandle<String> subject, int subject_index,
+    Handle<RegExpMatchInfo> last_match_info, RegExp::ExecQuirks exec_quirks) {
   DCHECK(v8_flags.enable_experimental_regexp_engine_on_excessive_backtracks);
-  DCHECK_NE(regexp->type_tag(), JSRegExp::NOT_COMPILED);
 
-  int capture_count = regexp->capture_count();
+  int capture_count = regexp_data->capture_count();
   int output_register_count = JSRegExp::RegistersForCaptureCount(capture_count);
 
   int32_t* output_registers;
@@ -310,8 +315,9 @@ MaybeHandle<Object> ExperimentalRegExp::OneshotExec(
   }
 
   do {
-    int num_matches = OneshotExecRaw(isolate, regexp, subject, output_registers,
-                                     output_register_count, subject_index);
+    int num_matches =
+        OneshotExecRaw(isolate, regexp_data, subject, output_registers,
+                       output_register_count, subject_index);
 
     if (num_matches > 0) {
       DCHECK_EQ(num_matches, 1);
@@ -337,5 +343,4 @@ MaybeHandle<Object> ExperimentalRegExp::OneshotExec(
   UNREACHABLE();
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/regexp/experimental/experimental.h b/deps/v8/src/regexp/experimental/experimental.h
index 654d92344d7307..01ff9da4e71480 100644
--- a/deps/v8/src/regexp/experimental/experimental.h
+++ b/deps/v8/src/regexp/experimental/experimental.h
@@ -25,9 +25,9 @@ class ExperimentalRegExp final : public AllStatic {
   static void Initialize(Isolate* isolate, DirectHandle<JSRegExp> re,
                          DirectHandle<String> pattern, RegExpFlags flags,
                          int capture_count);
-  static bool IsCompiled(DirectHandle<JSRegExp> re, Isolate* isolate);
+  static bool IsCompiled(DirectHandle<IrRegExpData> re_data, Isolate* isolate);
   V8_WARN_UNUSED_RESULT
-  static bool Compile(Isolate* isolate, DirectHandle<JSRegExp> re);
+  static bool Compile(Isolate* isolate, DirectHandle<IrRegExpData> re_data);
 
   // Execution:
   static int32_t MatchForCallFromJs(Address subject, int32_t start_position,
@@ -35,23 +35,26 @@ class ExperimentalRegExp final : public AllStatic {
                                     int* output_registers,
                                     int32_t output_register_count,
                                     RegExp::CallOrigin call_origin,
-                                    Isolate* isolate, Address regexp);
+                                    Isolate* isolate, Address regexp_data);
   static MaybeHandle<Object> Exec(
-      Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
-      int index, Handle<RegExpMatchInfo> last_match_info,
+      Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+      Handle<String> subject, int index,
+      Handle<RegExpMatchInfo> last_match_info,
       RegExp::ExecQuirks exec_quirks = RegExp::ExecQuirks::kNone);
   static int32_t ExecRaw(Isolate* isolate, RegExp::CallOrigin call_origin,
-                         Tagged<JSRegExp> regexp, Tagged<String> subject,
-                         int32_t* output_registers,
+                         Tagged<IrRegExpData> regexp_data,
+                         Tagged<String> subject, int32_t* output_registers,
                          int32_t output_register_count, int32_t subject_index);
 
   // Compile and execute a regexp with the experimental engine, regardless of
   // its type tag.  The regexp itself is not changed (apart from lastIndex).
   static MaybeHandle<Object> OneshotExec(
-      Isolate* isolate, Handle<JSRegExp> regexp, DirectHandle<String> subject,
-      int index, Handle<RegExpMatchInfo> last_match_info,
+      Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+      DirectHandle<String> subject, int index,
+      Handle<RegExpMatchInfo> last_match_info,
       RegExp::ExecQuirks exec_quirks = RegExp::ExecQuirks::kNone);
-  static int32_t OneshotExecRaw(Isolate* isolate, DirectHandle<JSRegExp> regexp,
+  static int32_t OneshotExecRaw(Isolate* isolate,
+                                DirectHandle<IrRegExpData> regexp_data,
                                 DirectHandle<String> subject,
                                 int32_t* output_registers,
                                 int32_t output_register_count,
diff --git a/deps/v8/src/regexp/regexp-ast.h b/deps/v8/src/regexp/regexp-ast.h
index f7a4a741e91257..03aa35f39d45e0 100644
--- a/deps/v8/src/regexp/regexp-ast.h
+++ b/deps/v8/src/regexp/regexp-ast.h
@@ -5,17 +5,19 @@
 #ifndef V8_REGEXP_REGEXP_AST_H_
 #define V8_REGEXP_REGEXP_AST_H_
 
+#include <optional>
+
 #include "src/base/strings.h"
 #include "src/regexp/regexp-flags.h"
 #include "src/zone/zone-containers.h"
 #include "src/zone/zone-list.h"
 #include "src/zone/zone.h"
+
 #ifdef V8_INTL_SUPPORT
 #include "unicode/uniset.h"
 #endif  // V8_INTL_SUPPORT
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 #define FOR_EACH_REG_EXP_TREE_TYPE(VISIT) \
   VISIT(Disjunction)                      \
@@ -297,7 +299,7 @@ class CharacterSet final {
 
  private:
   ZoneList<CharacterRange>* ranges_ = nullptr;
-  base::Optional<StandardCharacterSet> standard_set_type_;
+  std::optional<StandardCharacterSet> standard_set_type_;
 };
 
 class RegExpClassRanges final : public RegExpTree {
@@ -736,8 +738,7 @@ class RegExpEmpty final : public RegExpTree {
   int max_match() override { return 0; }
 };
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #undef DECL_BOILERPLATE
 
diff --git a/deps/v8/src/regexp/regexp-bytecode-generator.cc b/deps/v8/src/regexp/regexp-bytecode-generator.cc
index b35e8c9efb7f19..16f9466a4c43f9 100644
--- a/deps/v8/src/regexp/regexp-bytecode-generator.cc
+++ b/deps/v8/src/regexp/regexp-bytecode-generator.cc
@@ -379,12 +379,12 @@ Handle<HeapObject> RegExpBytecodeGenerator::GetCode(Handle<String> source) {
   Bind(&backtrack_);
   Backtrack();
 
-  Handle<ByteArray> array;
+  Handle<TrustedByteArray> array;
   if (v8_flags.regexp_peephole_optimization) {
     array = RegExpBytecodePeepholeOptimization::OptimizeBytecode(
         isolate_, zone(), source, buffer_.data(), length(), jump_edges_);
   } else {
-    array = isolate_->factory()->NewByteArray(length());
+    array = isolate_->factory()->NewTrustedByteArray(length());
     Copy(array->begin());
   }
 
diff --git a/deps/v8/src/regexp/regexp-bytecode-peephole.cc b/deps/v8/src/regexp/regexp-bytecode-peephole.cc
index 89b173705ba230..51e965cbdf2573 100644
--- a/deps/v8/src/regexp/regexp-bytecode-peephole.cc
+++ b/deps/v8/src/regexp/regexp-bytecode-peephole.cc
@@ -1011,13 +1011,14 @@ Zone* RegExpBytecodePeephole::zone() const { return zone_; }
 }  // namespace
 
 // static
-Handle<ByteArray> RegExpBytecodePeepholeOptimization::OptimizeBytecode(
+Handle<TrustedByteArray> RegExpBytecodePeepholeOptimization::OptimizeBytecode(
     Isolate* isolate, Zone* zone, DirectHandle<String> source,
     const uint8_t* bytecode, int length,
     const ZoneUnorderedMap<int, int>& jump_edges) {
   RegExpBytecodePeephole peephole(zone, length, jump_edges);
   bool did_optimize = peephole.OptimizeBytecode(bytecode, length);
-  Handle<ByteArray> array = isolate->factory()->NewByteArray(peephole.Length());
+  Handle<TrustedByteArray> array =
+      isolate->factory()->NewTrustedByteArray(peephole.Length());
   peephole.CopyOptimizedBytecode(array->begin());
 
   if (did_optimize && v8_flags.trace_regexp_peephole_optimization) {
diff --git a/deps/v8/src/regexp/regexp-bytecode-peephole.h b/deps/v8/src/regexp/regexp-bytecode-peephole.h
index b11d6cf7234a00..253c60a24ba1f0 100644
--- a/deps/v8/src/regexp/regexp-bytecode-peephole.h
+++ b/deps/v8/src/regexp/regexp-bytecode-peephole.h
@@ -11,7 +11,7 @@
 namespace v8 {
 namespace internal {
 
-class ByteArray;
+class TrustedByteArray;
 
 // Peephole optimization for regexp interpreter bytecode.
 // Pre-defined bytecode sequences occuring in the bytecode generated by the
@@ -20,7 +20,7 @@ class RegExpBytecodePeepholeOptimization : public AllStatic {
  public:
   // Performs peephole optimization on the given bytecode and returns the
   // optimized bytecode.
-  static Handle<ByteArray> OptimizeBytecode(
+  static Handle<TrustedByteArray> OptimizeBytecode(
       Isolate* isolate, Zone* zone, DirectHandle<String> source,
       const uint8_t* bytecode, int length,
       const ZoneUnorderedMap<int, int>& jump_edges);
diff --git a/deps/v8/src/regexp/regexp-compiler.cc b/deps/v8/src/regexp/regexp-compiler.cc
index c2cb5e5d79c8f9..d10583a43013f2 100644
--- a/deps/v8/src/regexp/regexp-compiler.cc
+++ b/deps/v8/src/regexp/regexp-compiler.cc
@@ -4,6 +4,8 @@
 
 #include "src/regexp/regexp-compiler.h"
 
+#include <optional>
+
 #include "src/base/safe_conversions.h"
 #include "src/execution/isolate.h"
 #include "src/objects/fixed-array-inl.h"
@@ -18,8 +20,7 @@
 #include "unicode/utypes.h"
 #endif  // V8_INTL_SUPPORT
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 using namespace regexp_compiler_constants;  // NOLINT(build/namespaces)
 
@@ -1372,7 +1373,7 @@ bool RegExpNode::KeepRecursing(RegExpCompiler* compiler) {
 
 void ActionNode::FillInBMInfo(Isolate* isolate, int offset, int budget,
                               BoyerMooreLookahead* bm, bool not_at_start) {
-  base::Optional<RegExpFlags> old_flags;
+  std::optional<RegExpFlags> old_flags;
   if (action_type_ == MODIFY_FLAGS) {
     // It is not guaranteed that we hit the resetting modify flags node, due to
     // recursion budget limitation for filling in BMInfo. Therefore we reset the
@@ -3275,7 +3276,7 @@ void ChoiceNode::EmitChoices(RegExpCompiler* compiler,
     }
     alt_gen->expects_preload = preload->preload_is_current_;
     bool generate_full_check_inline = false;
-    if (compiler->optimize() &&
+    if (v8_flags.regexp_optimization &&
         try_to_emit_quick_check_for_alternative(i == 0) &&
         alternative.node()->EmitQuickCheck(
             compiler, trace, &new_trace, preload->preload_has_checked_bounds_,
@@ -3986,5 +3987,4 @@ void RegExpCompiler::ToNodeCheckForStackOverflow() {
   }
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/regexp/regexp-error.h b/deps/v8/src/regexp/regexp-error.h
index 1cec4294353a21..8d17ee658d770c 100644
--- a/deps/v8/src/regexp/regexp-error.h
+++ b/deps/v8/src/regexp/regexp-error.h
@@ -38,7 +38,6 @@ namespace internal {
   T(DuplicateCaptureGroupName, "Duplicate capture group name")            \
   T(InvalidNamedReference, "Invalid named reference")                     \
   T(InvalidNamedCaptureReference, "Invalid named capture referenced")     \
-  T(InvalidClassEscape, "Invalid class escape")                           \
   T(InvalidClassPropertyName, "Invalid property name in character class") \
   T(InvalidCharacterClass, "Invalid character class")                     \
   T(UnterminatedCharacterClass, "Unterminated character class")           \
diff --git a/deps/v8/src/regexp/regexp-flags.h b/deps/v8/src/regexp/regexp-flags.h
index 770cb790f7e34b..7cee03273f7563 100644
--- a/deps/v8/src/regexp/regexp-flags.h
+++ b/deps/v8/src/regexp/regexp-flags.h
@@ -5,11 +5,11 @@
 #ifndef V8_REGEXP_REGEXP_FLAGS_H_
 #define V8_REGEXP_REGEXP_FLAGS_H_
 
+#include <optional>
+
 #include "src/base/flags.h"
-#include "src/base/optional.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 // TODO(jgruber,pthier): Decouple more parts of the codebase from
 // JSRegExp::Flags. Consider removing JSRegExp::Flags.
@@ -64,15 +64,14 @@ constexpr bool IsEitherUnicode(RegExpFlags f) {
 // clang-format off
 #define V(Lower, Camel, LowerCamel, Char, Bit) \
   c == Char ? RegExpFlag::k##Camel :
-constexpr base::Optional<RegExpFlag> TryRegExpFlagFromChar(char c) {
-  return REGEXP_FLAG_LIST(V) base::Optional<RegExpFlag>{};
+constexpr std::optional<RegExpFlag> TryRegExpFlagFromChar(char c) {
+  return REGEXP_FLAG_LIST(V) std::optional<RegExpFlag>{};
 }
 #undef V
 // clang-format on
 
 std::ostream& operator<<(std::ostream& os, RegExpFlags flags);
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_REGEXP_REGEXP_FLAGS_H_
diff --git a/deps/v8/src/regexp/regexp-interpreter.cc b/deps/v8/src/regexp/regexp-interpreter.cc
index d294ce83dc78d9..331d5b22e8fbb1 100644
--- a/deps/v8/src/regexp/regexp-interpreter.cc
+++ b/deps/v8/src/regexp/regexp-interpreter.cc
@@ -237,10 +237,10 @@ IrregexpInterpreter::Result MaybeThrowStackOverflow(
 
 template <typename Char>
 void UpdateCodeAndSubjectReferences(
-    Isolate* isolate, DirectHandle<ByteArray> code_array,
-    DirectHandle<String> subject_string, Tagged<ByteArray>* code_array_out,
-    const uint8_t** code_base_out, const uint8_t** pc_out,
-    Tagged<String>* subject_string_out,
+    Isolate* isolate, DirectHandle<TrustedByteArray> code_array,
+    DirectHandle<String> subject_string,
+    Tagged<TrustedByteArray>* code_array_out, const uint8_t** code_base_out,
+    const uint8_t** pc_out, Tagged<String>* subject_string_out,
     base::Vector<const Char>* subject_string_vector_out) {
   DisallowGarbageCollection no_gc;
 
@@ -262,8 +262,8 @@ void UpdateCodeAndSubjectReferences(
 template <typename Char>
 IrregexpInterpreter::Result HandleInterrupts(
     Isolate* isolate, RegExp::CallOrigin call_origin,
-    Tagged<ByteArray>* code_array_out, Tagged<String>* subject_string_out,
-    const uint8_t** code_base_out,
+    Tagged<TrustedByteArray>* code_array_out,
+    Tagged<String>* subject_string_out, const uint8_t** code_base_out,
     base::Vector<const Char>* subject_string_vector_out,
     const uint8_t** pc_out) {
   DisallowGarbageCollection no_gc;
@@ -286,7 +286,7 @@ IrregexpInterpreter::Result HandleInterrupts(
     DCHECK(call_origin == RegExp::CallOrigin::kFromRuntime);
     // Prepare for possible GC.
     HandleScope handles(isolate);
-    Handle<ByteArray> code_handle(*code_array_out, isolate);
+    Handle<TrustedByteArray> code_handle(*code_array_out, isolate);
     Handle<String> subject_handle(*subject_string_out, isolate);
 
     if (js_has_overflowed) {
@@ -393,7 +393,7 @@ bool IndexIsInBounds(int index, int length) {
 
 template <typename Char>
 IrregexpInterpreter::Result RawMatch(
-    Isolate* isolate, Tagged<ByteArray> code_array,
+    Isolate* isolate, Tagged<TrustedByteArray> code_array,
     Tagged<String> subject_string, base::Vector<const Char> subject,
     int* output_registers, int output_register_count, int total_register_count,
     int current, uint32_t current_char, RegExp::CallOrigin call_origin,
@@ -1065,30 +1065,29 @@ IrregexpInterpreter::Result RawMatch(
 
 // static
 IrregexpInterpreter::Result IrregexpInterpreter::Match(
-    Isolate* isolate, Tagged<JSRegExp> regexp, Tagged<String> subject_string,
-    int* output_registers, int output_register_count, int start_position,
+    Isolate* isolate, Tagged<IrRegExpData> regexp_data,
+    Tagged<String> subject_string, int* output_registers,
+    int output_register_count, int start_position,
     RegExp::CallOrigin call_origin) {
-  if (v8_flags.regexp_tier_up) regexp->TierUpTick();
+  if (v8_flags.regexp_tier_up) regexp_data->TierUpTick();
 
   bool is_one_byte = String::IsOneByteRepresentationUnderneath(subject_string);
-  Tagged<ByteArray> code_array = Cast<ByteArray>(regexp->bytecode(is_one_byte));
-  int total_register_count = regexp->max_register_count();
+  Tagged<TrustedByteArray> code_array = regexp_data->bytecode(is_one_byte);
+  int total_register_count = regexp_data->max_register_count();
 
   return MatchInternal(isolate, code_array, subject_string, output_registers,
                        output_register_count, total_register_count,
-                       start_position, call_origin, regexp->backtrack_limit());
+                       start_position, call_origin,
+                       regexp_data->backtrack_limit());
 }
 
 IrregexpInterpreter::Result IrregexpInterpreter::MatchInternal(
-    Isolate* isolate, Tagged<ByteArray> code_array,
+    Isolate* isolate, Tagged<TrustedByteArray> code_array,
     Tagged<String> subject_string, int* output_registers,
     int output_register_count, int total_register_count, int start_position,
     RegExp::CallOrigin call_origin, uint32_t backtrack_limit) {
   DCHECK(subject_string->IsFlat());
 
-  // TODO(chromium:1262676): Remove this CHECK once fixed.
-  CHECK(IsByteArray(code_array));
-
   // Note: Heap allocation *is* allowed in two situations if calling from
   // Runtime:
   // 1. When creating & throwing a stack overflow exception. The interpreter
@@ -1130,7 +1129,7 @@ IrregexpInterpreter::Result IrregexpInterpreter::MatchInternal(
 IrregexpInterpreter::Result IrregexpInterpreter::MatchForCallFromJs(
     Address subject, int32_t start_position, Address, Address,
     int* output_registers, int32_t output_register_count,
-    RegExp::CallOrigin call_origin, Isolate* isolate, Address regexp) {
+    RegExp::CallOrigin call_origin, Isolate* isolate, Address regexp_data) {
   DCHECK_NOT_NULL(isolate);
   DCHECK_NOT_NULL(output_registers);
   DCHECK(call_origin == RegExp::CallOrigin::kFromJs);
@@ -1141,25 +1140,26 @@ IrregexpInterpreter::Result IrregexpInterpreter::MatchForCallFromJs(
   DisallowHandleDereference no_deref;
 
   Tagged<String> subject_string = Cast<String>(Tagged<Object>(subject));
-  Tagged<JSRegExp> regexp_obj = Cast<JSRegExp>(Tagged<Object>(regexp));
+  Tagged<IrRegExpData> regexp_data_obj =
+      Cast<IrRegExpData>(Tagged<Object>(regexp_data));
 
-  if (regexp_obj->MarkedForTierUp()) {
+  if (regexp_data_obj->MarkedForTierUp()) {
     // Returning RETRY will re-enter through runtime, where actual recompilation
     // for tier-up takes place.
     return IrregexpInterpreter::RETRY;
   }
 
-  return Match(isolate, regexp_obj, subject_string, output_registers,
+  return Match(isolate, regexp_data_obj, subject_string, output_registers,
                output_register_count, start_position, call_origin);
 }
 
 #endif  // !COMPILING_IRREGEXP_FOR_EXTERNAL_EMBEDDER
 
 IrregexpInterpreter::Result IrregexpInterpreter::MatchForCallFromRuntime(
-    Isolate* isolate, DirectHandle<JSRegExp> regexp,
+    Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
     DirectHandle<String> subject_string, int* output_registers,
     int output_register_count, int start_position) {
-  return Match(isolate, *regexp, *subject_string, output_registers,
+  return Match(isolate, *regexp_data, *subject_string, output_registers,
                output_register_count, start_position,
                RegExp::CallOrigin::kFromRuntime);
 }
diff --git a/deps/v8/src/regexp/regexp-interpreter.h b/deps/v8/src/regexp/regexp-interpreter.h
index 8dd8c5845c2548..0b68d960a4ac8b 100644
--- a/deps/v8/src/regexp/regexp-interpreter.h
+++ b/deps/v8/src/regexp/regexp-interpreter.h
@@ -12,7 +12,7 @@
 namespace v8 {
 namespace internal {
 
-class ByteArray;
+class TrustedByteArray;
 
 class V8_EXPORT_PRIVATE IrregexpInterpreter : public AllStatic {
  public:
@@ -27,7 +27,7 @@ class V8_EXPORT_PRIVATE IrregexpInterpreter : public AllStatic {
   // In case a StackOverflow occurs, a StackOverflowException is created and
   // EXCEPTION is returned.
   static Result MatchForCallFromRuntime(Isolate* isolate,
-                                        DirectHandle<JSRegExp> regexp,
+                                        DirectHandle<IrRegExpData> regexp_data,
                                         DirectHandle<String> subject_string,
                                         int* output_registers,
                                         int output_register_count,
@@ -50,9 +50,10 @@ class V8_EXPORT_PRIVATE IrregexpInterpreter : public AllStatic {
                                    int* output_registers,
                                    int32_t output_register_count,
                                    RegExp::CallOrigin call_origin,
-                                   Isolate* isolate, Address regexp);
+                                   Isolate* isolate, Address regexp_data);
 
-  static Result MatchInternal(Isolate* isolate, Tagged<ByteArray> code_array,
+  static Result MatchInternal(Isolate* isolate,
+                              Tagged<TrustedByteArray> code_array,
                               Tagged<String> subject_string,
                               int* output_registers, int output_register_count,
                               int total_register_count, int start_position,
@@ -60,7 +61,7 @@ class V8_EXPORT_PRIVATE IrregexpInterpreter : public AllStatic {
                               uint32_t backtrack_limit);
 
  private:
-  static Result Match(Isolate* isolate, Tagged<JSRegExp> regexp,
+  static Result Match(Isolate* isolate, Tagged<IrRegExpData> regexp_data,
                       Tagged<String> subject_string, int* output_registers,
                       int output_register_count, int start_position,
                       RegExp::CallOrigin call_origin);
diff --git a/deps/v8/src/regexp/regexp-macro-assembler.cc b/deps/v8/src/regexp/regexp-macro-assembler.cc
index 03e0efc0101fba..7cc488757e5528 100644
--- a/deps/v8/src/regexp/regexp-macro-assembler.cc
+++ b/deps/v8/src/regexp/regexp-macro-assembler.cc
@@ -366,7 +366,7 @@ int NativeRegExpMacroAssembler::CheckStackGuardState(
 }
 
 // Returns a {Result} sentinel, or the number of successful matches.
-int NativeRegExpMacroAssembler::Match(DirectHandle<JSRegExp> regexp,
+int NativeRegExpMacroAssembler::Match(DirectHandle<IrRegExpData> regexp_data,
                                       DirectHandle<String> subject,
                                       int* offsets_vector,
                                       int offsets_vector_length,
@@ -410,7 +410,7 @@ int NativeRegExpMacroAssembler::Match(DirectHandle<JSRegExp> regexp,
   int byte_length = char_length << char_size_shift;
   const uint8_t* input_end = input_start + byte_length;
   return Execute(*subject, start_offset, input_start, input_end, offsets_vector,
-                 offsets_vector_length, isolate, *regexp);
+                 offsets_vector_length, isolate, *regexp_data);
 }
 
 // static
@@ -418,34 +418,35 @@ int NativeRegExpMacroAssembler::ExecuteForTesting(
     Tagged<String> input, int start_offset, const uint8_t* input_start,
     const uint8_t* input_end, int* output, int output_size, Isolate* isolate,
     Tagged<JSRegExp> regexp) {
+  Tagged<RegExpData> data = regexp->data(isolate);
+  SBXCHECK(Is<IrRegExpData>(data));
   return Execute(input, start_offset, input_start, input_end, output,
-                 output_size, isolate, regexp);
+                 output_size, isolate, Cast<IrRegExpData>(data));
 }
 
 // Returns a {Result} sentinel, or the number of successful matches.
-// TODO(pthier): The JSRegExp object is passed to native irregexp code to match
-// the signature of the interpreter. We should get rid of JS objects passed to
-// internal methods.
 int NativeRegExpMacroAssembler::Execute(
     Tagged<String>
         input,  // This needs to be the unpacked (sliced, cons) string.
     int start_offset, const uint8_t* input_start, const uint8_t* input_end,
-    int* output, int output_size, Isolate* isolate, Tagged<JSRegExp> regexp) {
+    int* output, int output_size, Isolate* isolate,
+    Tagged<IrRegExpData> regexp_data) {
   RegExpStackScope stack_scope(isolate);
 
   bool is_one_byte = String::IsOneByteRepresentationUnderneath(input);
-  Tagged<Code> code = Cast<Code>(regexp->code(isolate, is_one_byte));
+  Tagged<Code> code = regexp_data->code(isolate, is_one_byte);
   RegExp::CallOrigin call_origin = RegExp::CallOrigin::kFromRuntime;
 
   using RegexpMatcherSig =
       // NOLINTNEXTLINE(readability/casting)
       int(Address input_string, int start_offset, const uint8_t* input_start,
           const uint8_t* input_end, int* output, int output_size,
-          int call_origin, Isolate* isolate, Address regexp);
+          int call_origin, Isolate* isolate, Address regexp_data);
 
   auto fn = GeneratedCode<RegexpMatcherSig>::FromCode(isolate, code);
-  int result = fn.Call(input.ptr(), start_offset, input_start, input_end,
-                       output, output_size, call_origin, isolate, regexp.ptr());
+  int result =
+      fn.Call(input.ptr(), start_offset, input_start, input_end, output,
+              output_size, call_origin, isolate, regexp_data.ptr());
   DCHECK_GE(result, SMALLEST_REGEXP_RESULT);
 
   if (result == EXCEPTION && !isolate->has_exception()) {
diff --git a/deps/v8/src/regexp/regexp-macro-assembler.h b/deps/v8/src/regexp/regexp-macro-assembler.h
index 06236098329e34..2f73f94987653e 100644
--- a/deps/v8/src/regexp/regexp-macro-assembler.h
+++ b/deps/v8/src/regexp/regexp-macro-assembler.h
@@ -298,9 +298,10 @@ class NativeRegExpMacroAssembler: public RegExpMacroAssembler {
   ~NativeRegExpMacroAssembler() override = default;
 
   // Returns a {Result} sentinel, or the number of successful matches.
-  static int Match(DirectHandle<JSRegExp> regexp, DirectHandle<String> subject,
-                   int* offsets_vector, int offsets_vector_length,
-                   int previous_index, Isolate* isolate);
+  static int Match(DirectHandle<IrRegExpData> regexp_data,
+                   DirectHandle<String> subject, int* offsets_vector,
+                   int offsets_vector_length, int previous_index,
+                   Isolate* isolate);
 
   V8_EXPORT_PRIVATE static int ExecuteForTesting(
       Tagged<String> input, int start_offset, const uint8_t* input_start,
@@ -350,7 +351,7 @@ class NativeRegExpMacroAssembler: public RegExpMacroAssembler {
   static int Execute(Tagged<String> input, int start_offset,
                      const uint8_t* input_start, const uint8_t* input_end,
                      int* output, int output_size, Isolate* isolate,
-                     Tagged<JSRegExp> regexp);
+                     Tagged<IrRegExpData> regexp_data);
 
   ZoneUnorderedMap<uint32_t, Handle<FixedUInt16Array>> range_array_cache_;
 };
diff --git a/deps/v8/src/regexp/regexp-parser.cc b/deps/v8/src/regexp/regexp-parser.cc
index 24e0d08ce76183..2581ef57d91ab6 100644
--- a/deps/v8/src/regexp/regexp-parser.cc
+++ b/deps/v8/src/regexp/regexp-parser.cc
@@ -2383,7 +2383,7 @@ base::uc32 RegExpParserImpl<CharT>::ParseCharacterEscape(
       if (IsUnicodeMode()) {
         // With /u or /v, decimal escape is not interpreted as octal character
         // code.
-        ReportError(RegExpError::kInvalidClassEscape);
+        ReportError(RegExpError::kInvalidDecimalEscape);
         return 0;
       }
       return ParseOctalLiteral();
diff --git a/deps/v8/src/regexp/regexp.cc b/deps/v8/src/regexp/regexp.cc
index 8f76e533cec452..568dcfd8ec255e 100644
--- a/deps/v8/src/regexp/regexp.cc
+++ b/deps/v8/src/regexp/regexp.cc
@@ -48,19 +48,21 @@ class RegExpImpl final : public AllStatic {
   // Returns the number of integer spaces required by IrregexpExecOnce
   // as its "registers" argument.  If the regexp cannot be compiled,
   // an exception is thrown as indicated by a negative return value.
-  static int IrregexpPrepare(Isolate* isolate, Handle<JSRegExp> regexp,
+  static int IrregexpPrepare(Isolate* isolate,
+                             DirectHandle<IrRegExpData> regexp_data,
                              Handle<String> subject);
 
   static void AtomCompile(Isolate* isolate, DirectHandle<JSRegExp> re,
                           DirectHandle<String> pattern, RegExpFlags flags,
                           DirectHandle<String> match_pattern);
 
-  static int AtomExecRaw(Isolate* isolate, DirectHandle<JSRegExp> regexp,
+  static int AtomExecRaw(Isolate* isolate,
+                         DirectHandle<AtomRegExpData> regexp_data,
                          Handle<String> subject, int index, int32_t* output,
                          int output_size);
 
   static Handle<Object> AtomExec(Isolate* isolate,
-                                 DirectHandle<JSRegExp> regexp,
+                                 DirectHandle<AtomRegExpData> regexp_data,
                                  Handle<String> subject, int index,
                                  Handle<RegExpMatchInfo> last_match_info);
 
@@ -70,7 +72,8 @@ class RegExpImpl final : public AllStatic {
   // The captures and subcaptures are stored into the registers vector.
   // If matching fails, returns RE_FAILURE.
   // If execution fails, sets a exception and returns RE_EXCEPTION.
-  static int IrregexpExecRaw(Isolate* isolate, Handle<JSRegExp> regexp,
+  static int IrregexpExecRaw(Isolate* isolate,
+                             DirectHandle<IrRegExpData> regexp_data,
                              Handle<String> subject, int index, int32_t* output,
                              int output_size);
 
@@ -79,14 +82,16 @@ class RegExpImpl final : public AllStatic {
   // captured positions.  On a failure, the result is the null value.
   // Returns an empty handle in case of an exception.
   V8_WARN_UNUSED_RESULT static MaybeHandle<Object> IrregexpExec(
-      Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
-      int index, Handle<RegExpMatchInfo> last_match_info,
+      Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+      Handle<String> subject, int index,
+      Handle<RegExpMatchInfo> last_match_info,
       RegExp::ExecQuirks exec_quirks = RegExp::ExecQuirks::kNone);
 
-  static bool CompileIrregexp(Isolate* isolate, DirectHandle<JSRegExp> re,
+  static bool CompileIrregexp(Isolate* isolate,
+                              DirectHandle<IrRegExpData> re_data,
                               Handle<String> sample_subject, bool is_one_byte);
   static inline bool EnsureCompiledIrregexp(Isolate* isolate,
-                                            Handle<JSRegExp> re,
+                                            DirectHandle<IrRegExpData> re_data,
                                             Handle<String> sample_subject,
                                             bool is_one_byte);
 
@@ -95,16 +100,6 @@ class RegExpImpl final : public AllStatic {
                       RegExpFlags flags, Handle<String> pattern,
                       Handle<String> sample_subject, bool is_one_byte,
                       uint32_t& backtrack_limit);
-
-  // For acting on the JSRegExp data FixedArray.
-  static int IrregexpMaxRegisterCount(Tagged<FixedArray> re);
-  static void SetIrregexpMaxRegisterCount(Tagged<FixedArray> re, int value);
-  static int IrregexpNumberOfCaptures(Tagged<FixedArray> re);
-  static Tagged<ByteArray> IrregexpByteCode(Tagged<FixedArray> re,
-                                            bool is_one_byte);
-  static Tagged<Code> IrregexpNativeCode(IsolateForSandbox isolate,
-                                         Tagged<FixedArray> re,
-                                         bool is_one_byte);
 };
 
 // static
@@ -140,7 +135,6 @@ template bool RegExp::VerifySyntax<base::uc16>(
     RegExpError* regexp_error_out, const DisallowGarbageCollection&);
 
 MaybeHandle<Object> RegExp::ThrowRegExpException(Isolate* isolate,
-                                                 DirectHandle<JSRegExp> re,
                                                  RegExpFlags flags,
                                                  Handle<String> pattern,
                                                  RegExpError error) {
@@ -156,10 +150,12 @@ MaybeHandle<Object> RegExp::ThrowRegExpException(Isolate* isolate,
                                           pattern, flag_string, error_text));
 }
 
-void RegExp::ThrowRegExpException(Isolate* isolate, DirectHandle<JSRegExp> re,
+void RegExp::ThrowRegExpException(Isolate* isolate,
+                                  DirectHandle<RegExpData> re_data,
                                   RegExpError error_text) {
-  USE(ThrowRegExpException(isolate, re, JSRegExp::AsRegExpFlags(re->flags()),
-                           Handle<String>(re->source(), isolate), error_text));
+  USE(ThrowRegExpException(isolate, JSRegExp::AsRegExpFlags(re_data->flags()),
+                           Handle<String>(re_data->source(), isolate),
+                           error_text));
 }
 
 bool RegExp::IsUnmodifiedRegExp(Isolate* isolate,
@@ -211,9 +207,9 @@ MaybeHandle<Object> RegExp::Compile(Isolate* isolate, Handle<JSRegExp> re,
   CompilationCache* compilation_cache = nullptr;
   if (is_compilation_cache_enabled) {
     compilation_cache = isolate->compilation_cache();
-    MaybeHandle<FixedArray> maybe_cached = compilation_cache->LookupRegExp(
+    MaybeHandle<RegExpData> maybe_cached = compilation_cache->LookupRegExp(
         pattern, JSRegExp::AsJSRegExpFlags(flags));
-    Handle<FixedArray> cached;
+    Handle<RegExpData> cached;
     if (maybe_cached.ToHandle(&cached)) {
       re->set_data(*cached);
       return re;
@@ -226,7 +222,7 @@ MaybeHandle<Object> RegExp::Compile(Isolate* isolate, Handle<JSRegExp> re,
   if (!RegExpParser::ParseRegExpFromHeapString(isolate, &zone, pattern, flags,
                                                &parse_result)) {
     // Throw an exception if we fail to parse the pattern.
-    return RegExp::ThrowRegExpException(isolate, re, flags, pattern,
+    return RegExp::ThrowRegExpException(isolate, flags, pattern,
                                         parse_result.error);
   }
 
@@ -245,7 +241,7 @@ MaybeHandle<Object> RegExp::Compile(Isolate* isolate, Handle<JSRegExp> re,
                                           parse_result.capture_count)) {
       // TODO(mbid): The error could provide a reason for why the regexp can't
       // be executed in linear time (e.g. due to back references).
-      return RegExp::ThrowRegExpException(isolate, re, flags, pattern,
+      return RegExp::ThrowRegExpException(isolate, flags, pattern,
                                           RegExpError::kNotLinear);
     }
     ExperimentalRegExp::Initialize(isolate, re, pattern, flags,
@@ -275,10 +271,9 @@ MaybeHandle<Object> RegExp::Compile(Isolate* isolate, Handle<JSRegExp> re,
     RegExpImpl::IrregexpInitialize(isolate, re, pattern, flags,
                                    parse_result.capture_count, backtrack_limit);
   }
-  DCHECK(IsFixedArray(re->data()));
   // Compilation succeeded so the data is set on the regexp
   // and we can store it in the cache.
-  Handle<FixedArray> data(Cast<FixedArray>(re->data()), isolate);
+  DirectHandle<RegExpData> data(re->data(isolate), isolate);
   if (is_compilation_cache_enabled) {
     compilation_cache->PutRegExp(pattern, JSRegExp::AsJSRegExpFlags(flags),
                                  data);
@@ -288,55 +283,62 @@ MaybeHandle<Object> RegExp::Compile(Isolate* isolate, Handle<JSRegExp> re,
 }
 
 // static
-bool RegExp::EnsureFullyCompiled(Isolate* isolate, Handle<JSRegExp> re,
+bool RegExp::EnsureFullyCompiled(Isolate* isolate,
+                                 DirectHandle<RegExpData> re_data,
                                  Handle<String> subject) {
-  switch (re->type_tag()) {
-    case JSRegExp::NOT_COMPILED:
-      UNREACHABLE();
-    case JSRegExp::ATOM:
+  switch (re_data->type_tag()) {
+    case RegExpData::Type::ATOM:
       return true;
-    case JSRegExp::IRREGEXP:
-      if (RegExpImpl::IrregexpPrepare(isolate, re, subject) == -1) {
+    case RegExpData::Type::IRREGEXP:
+      if (RegExpImpl::IrregexpPrepare(isolate, Cast<IrRegExpData>(re_data),
+                                      subject) == -1) {
         DCHECK(isolate->has_exception());
         return false;
       }
       return true;
-    case JSRegExp::EXPERIMENTAL:
-      if (!ExperimentalRegExp::IsCompiled(re, isolate) &&
-          !ExperimentalRegExp::Compile(isolate, re)) {
+    case RegExpData::Type::EXPERIMENTAL:
+      if (!ExperimentalRegExp::IsCompiled(Cast<IrRegExpData>(re_data),
+                                          isolate) &&
+          !ExperimentalRegExp::Compile(isolate, Cast<IrRegExpData>(re_data))) {
         DCHECK(isolate->has_exception());
         return false;
       }
       return true;
   }
+  UNREACHABLE();
 }
 
 // static
 MaybeHandle<Object> RegExp::ExperimentalOneshotExec(
-    Isolate* isolate, Handle<JSRegExp> regexp, DirectHandle<String> subject,
-    int index, Handle<RegExpMatchInfo> last_match_info,
-    RegExp::ExecQuirks exec_quirks) {
-  return ExperimentalRegExp::OneshotExec(isolate, regexp, subject, index,
-                                         last_match_info, exec_quirks);
+    Isolate* isolate, DirectHandle<JSRegExp> regexp,
+    DirectHandle<String> subject, int index,
+    Handle<RegExpMatchInfo> last_match_info, RegExp::ExecQuirks exec_quirks) {
+  DirectHandle<RegExpData> data = direct_handle(regexp->data(isolate), isolate);
+  SBXCHECK(Is<IrRegExpData>(*data));
+  return ExperimentalRegExp::OneshotExec(isolate, Cast<IrRegExpData>(data),
+                                         subject, index, last_match_info,
+                                         exec_quirks);
 }
 
 // static
-MaybeHandle<Object> RegExp::Exec(Isolate* isolate, Handle<JSRegExp> regexp,
+MaybeHandle<Object> RegExp::Exec(Isolate* isolate,
+                                 DirectHandle<JSRegExp> regexp,
                                  Handle<String> subject, int index,
                                  Handle<RegExpMatchInfo> last_match_info,
                                  ExecQuirks exec_quirks) {
-  switch (regexp->type_tag()) {
-    case JSRegExp::NOT_COMPILED:
-      UNREACHABLE();
-    case JSRegExp::ATOM:
-      return RegExpImpl::AtomExec(isolate, regexp, subject, index,
-                                  last_match_info);
-    case JSRegExp::IRREGEXP:
-      return RegExpImpl::IrregexpExec(isolate, regexp, subject, index,
-                                      last_match_info, exec_quirks);
-    case JSRegExp::EXPERIMENTAL:
-      return ExperimentalRegExp::Exec(isolate, regexp, subject, index,
-                                      last_match_info, exec_quirks);
+  DirectHandle<RegExpData> data = direct_handle(regexp->data(isolate), isolate);
+  switch (data->type_tag()) {
+    case RegExpData::Type::ATOM:
+      return RegExpImpl::AtomExec(isolate, Cast<AtomRegExpData>(data), subject,
+                                  index, last_match_info);
+    case RegExpData::Type::IRREGEXP:
+      return RegExpImpl::IrregexpExec(isolate, Cast<IrRegExpData>(data),
+                                      subject, index, last_match_info,
+                                      exec_quirks);
+    case RegExpData::Type::EXPERIMENTAL:
+      return ExperimentalRegExp::Exec(isolate, Cast<IrRegExpData>(data),
+                                      subject, index, last_match_info,
+                                      exec_quirks);
   }
   // This UNREACHABLE() is necessary because we don't return a value here,
   // which causes the compiler to emit potentially unsafe code for the switch
@@ -368,7 +370,8 @@ void SetAtomLastCapture(Isolate* isolate,
 
 }  // namespace
 
-int RegExpImpl::AtomExecRaw(Isolate* isolate, DirectHandle<JSRegExp> regexp,
+int RegExpImpl::AtomExecRaw(Isolate* isolate,
+                            DirectHandle<AtomRegExpData> regexp_data,
                             Handle<String> subject, int index, int32_t* output,
                             int output_size) {
   DCHECK_LE(0, index);
@@ -377,7 +380,7 @@ int RegExpImpl::AtomExecRaw(Isolate* isolate, DirectHandle<JSRegExp> regexp,
   subject = String::Flatten(isolate, subject);
   DisallowGarbageCollection no_gc;  // ensure vectors stay valid
 
-  Tagged<String> needle = regexp->atom_pattern();
+  Tagged<String> needle = regexp_data->pattern(isolate);
   int needle_len = needle->length();
   DCHECK(needle->IsFlat());
   DCHECK_LT(0, needle_len);
@@ -415,15 +418,16 @@ int RegExpImpl::AtomExecRaw(Isolate* isolate, DirectHandle<JSRegExp> regexp,
   return output_size / 2;
 }
 
-Handle<Object> RegExpImpl::AtomExec(Isolate* isolate, DirectHandle<JSRegExp> re,
+Handle<Object> RegExpImpl::AtomExec(Isolate* isolate,
+                                    DirectHandle<AtomRegExpData> re_data,
                                     Handle<String> subject, int index,
                                     Handle<RegExpMatchInfo> last_match_info) {
   static const int kNumRegisters = 2;
   static_assert(kNumRegisters <= Isolate::kJSRegexpStaticOffsetsVectorSize);
   int32_t* output_registers = isolate->jsregexp_static_offsets_vector();
 
-  int res =
-      AtomExecRaw(isolate, re, subject, index, output_registers, kNumRegisters);
+  int res = AtomExecRaw(isolate, re_data, subject, index, output_registers,
+                        kNumRegisters);
 
   if (res == RegExp::RE_FAILURE) return isolate->factory()->null_value();
 
@@ -442,61 +446,46 @@ Handle<Object> RegExpImpl::AtomExec(Isolate* isolate, DirectHandle<JSRegExp> re,
 // from the source pattern.
 // If compilation fails, an exception is thrown and this function
 // returns false.
-bool RegExpImpl::EnsureCompiledIrregexp(Isolate* isolate, Handle<JSRegExp> re,
+bool RegExpImpl::EnsureCompiledIrregexp(Isolate* isolate,
+                                        DirectHandle<IrRegExpData> re_data,
                                         Handle<String> sample_subject,
                                         bool is_one_byte) {
-  Tagged<Object> compiled_code = re->code(isolate, is_one_byte);
-  Tagged<Object> bytecode = re->bytecode(is_one_byte);
-  bool needs_initial_compilation =
-      compiled_code == Smi::FromInt(JSRegExp::kUninitializedValue);
+  bool has_bytecode = re_data->has_bytecode(is_one_byte);
+  bool needs_initial_compilation = !re_data->has_code(is_one_byte);
   // Recompile is needed when we're dealing with the first execution of the
   // regexp after the decision to tier up has been made. If the tiering up
   // strategy is not in use, this value is always false.
-  bool needs_tier_up_compilation =
-      re->MarkedForTierUp() && IsByteArray(bytecode);
+  bool needs_tier_up_compilation = re_data->MarkedForTierUp() && has_bytecode;
 
   if (v8_flags.trace_regexp_tier_up && needs_tier_up_compilation) {
-    PrintF("JSRegExp object %p needs tier-up compilation\n",
-           reinterpret_cast<void*>(re->ptr()));
+    PrintF("JSRegExp object (data: %p) needs tier-up compilation\n",
+           reinterpret_cast<void*>(re_data->ptr()));
   }
 
   if (!needs_initial_compilation && !needs_tier_up_compilation) {
-    DCHECK(IsCode(compiled_code));
-    DCHECK_IMPLIES(v8_flags.regexp_interpret_all, IsByteArray(bytecode));
+    DCHECK(re_data->has_code(is_one_byte));
+    DCHECK_IMPLIES(v8_flags.regexp_interpret_all, has_bytecode);
     return true;
   }
 
-  DCHECK_IMPLIES(needs_tier_up_compilation, IsByteArray(bytecode));
+  DCHECK_IMPLIES(needs_tier_up_compilation, has_bytecode);
 
-  return CompileIrregexp(isolate, re, sample_subject, is_one_byte);
+  return CompileIrregexp(isolate, re_data, sample_subject, is_one_byte);
 }
 
 namespace {
 
 #ifdef DEBUG
 bool RegExpCodeIsValidForPreCompilation(IsolateForSandbox isolate,
-                                        DirectHandle<JSRegExp> re,
+                                        DirectHandle<IrRegExpData> re_data,
                                         bool is_one_byte) {
-  Tagged<Object> entry = re->code(isolate, is_one_byte);
-  Tagged<Object> bytecode = re->bytecode(is_one_byte);
-  // If we're not using the tier-up strategy, entry can only be a smi
-  // representing an uncompiled regexp here. If we're using the tier-up
-  // strategy, entry can still be a smi representing an uncompiled regexp, when
-  // compiling the regexp before the tier-up, or it can contain a trampoline to
-  // the regexp interpreter, in which case the bytecode field contains compiled
-  // bytecode, when recompiling the regexp after the tier-up. If the
-  // tier-up was forced, which happens for global replaces, entry is a smi
-  // representing an uncompiled regexp, even though we're "recompiling" after
-  // the tier-up.
-  if (re->ShouldProduceBytecode()) {
-    DCHECK(IsSmi(entry));
-    DCHECK(IsSmi(bytecode));
-    int entry_value = Smi::ToInt(entry);
-    int bytecode_value = Smi::ToInt(bytecode);
-    DCHECK_EQ(JSRegExp::kUninitializedValue, entry_value);
-    DCHECK_EQ(JSRegExp::kUninitializedValue, bytecode_value);
+  bool has_code = re_data->has_code(is_one_byte);
+  bool has_bytecode = re_data->has_bytecode(is_one_byte);
+  if (re_data->ShouldProduceBytecode()) {
+    DCHECK(!has_code);
+    DCHECK(!has_bytecode);
   } else {
-    DCHECK(IsSmi(entry) || (IsCode(entry) && IsByteArray(bytecode)));
+    DCHECK_IMPLIES(has_code, has_bytecode);
   }
 
   return true;
@@ -547,25 +536,26 @@ Handle<FixedArray> RegExp::CreateCaptureNameMap(
   return array;
 }
 
-bool RegExpImpl::CompileIrregexp(Isolate* isolate, DirectHandle<JSRegExp> re,
+bool RegExpImpl::CompileIrregexp(Isolate* isolate,
+                                 DirectHandle<IrRegExpData> re_data,
                                  Handle<String> sample_subject,
                                  bool is_one_byte) {
   // Compile the RegExp.
   Zone zone(isolate->allocator(), ZONE_NAME);
   PostponeInterruptsScope postpone(isolate);
 
-  DCHECK(RegExpCodeIsValidForPreCompilation(isolate, re, is_one_byte));
+  DCHECK(RegExpCodeIsValidForPreCompilation(isolate, re_data, is_one_byte));
 
-  RegExpFlags flags = JSRegExp::AsRegExpFlags(re->flags());
+  RegExpFlags flags = JSRegExp::AsRegExpFlags(re_data->flags());
 
-  Handle<String> pattern(re->source(), isolate);
+  Handle<String> pattern(re_data->source(), isolate);
   pattern = String::Flatten(isolate, pattern);
   RegExpCompileData compile_data;
   if (!RegExpParser::ParseRegExpFromHeapString(isolate, &zone, pattern, flags,
                                                &compile_data)) {
     // Throw an exception if we fail to parse the pattern.
     // THIS SHOULD NOT HAPPEN. We already pre-parsed it successfully once.
-    USE(RegExp::ThrowRegExpException(isolate, re, flags, pattern,
+    USE(RegExp::ThrowRegExpException(isolate, flags, pattern,
                                      compile_data.error));
     return false;
   }
@@ -574,83 +564,57 @@ bool RegExpImpl::CompileIrregexp(Isolate* isolate, DirectHandle<JSRegExp> re,
   // happened yet. The compilation target is a kNative if we're using the
   // tier-up strategy and we need to recompile to tier-up, or if we're producing
   // native code for all regexp objects.
-  compile_data.compilation_target = re->ShouldProduceBytecode()
+  compile_data.compilation_target = re_data->ShouldProduceBytecode()
                                         ? RegExpCompilationTarget::kBytecode
                                         : RegExpCompilationTarget::kNative;
-  uint32_t backtrack_limit = re->backtrack_limit();
+  uint32_t backtrack_limit = re_data->backtrack_limit();
   const bool compilation_succeeded =
       Compile(isolate, &zone, &compile_data, flags, pattern, sample_subject,
               is_one_byte, backtrack_limit);
   if (!compilation_succeeded) {
     DCHECK(compile_data.error != RegExpError::kNone);
-    RegExp::ThrowRegExpException(isolate, re, compile_data.error);
+    RegExp::ThrowRegExpException(isolate, re_data, compile_data.error);
     return false;
   }
 
-  DirectHandle<FixedArray> data(Cast<FixedArray>(re->data()), isolate);
   if (compile_data.compilation_target == RegExpCompilationTarget::kNative) {
-    Tagged<Code> code = Cast<Code>(*compile_data.code);
-    data->set(JSRegExp::code_index(is_one_byte), code->wrapper());
+    re_data->set_code(is_one_byte, Cast<Code>(*compile_data.code));
 
     // Reset bytecode to uninitialized. In case we use tier-up we know that
     // tier-up has happened this way.
-    data->set(JSRegExp::bytecode_index(is_one_byte),
-              Smi::FromInt(JSRegExp::kUninitializedValue));
+    re_data->clear_bytecode(is_one_byte);
   } else {
     DCHECK_EQ(compile_data.compilation_target,
               RegExpCompilationTarget::kBytecode);
     // Store code generated by compiler in bytecode and trampoline to
     // interpreter in code.
-    data->set(JSRegExp::bytecode_index(is_one_byte), *compile_data.code);
+    re_data->set_bytecode(is_one_byte,
+                          Cast<TrustedByteArray>(*compile_data.code));
     DirectHandle<Code> trampoline =
         BUILTIN_CODE(isolate, RegExpInterpreterTrampoline);
-    data->set(JSRegExp::code_index(is_one_byte), trampoline->wrapper());
+    re_data->set_code(is_one_byte, *trampoline);
   }
   Handle<FixedArray> capture_name_map =
       RegExp::CreateCaptureNameMap(isolate, compile_data.named_captures);
-  re->set_capture_name_map(capture_name_map);
-  int register_max = IrregexpMaxRegisterCount(*data);
+  re_data->set_capture_name_map(capture_name_map);
+  int register_max = re_data->max_register_count();
   if (compile_data.register_count > register_max) {
-    SetIrregexpMaxRegisterCount(*data, compile_data.register_count);
+    re_data->set_max_register_count(compile_data.register_count);
   }
-  data->set(JSRegExp::kIrregexpBacktrackLimit, Smi::FromInt(backtrack_limit));
+  re_data->set_backtrack_limit(backtrack_limit);
 
   if (v8_flags.trace_regexp_tier_up) {
-    PrintF("JSRegExp object %p %s size: %d\n",
-           reinterpret_cast<void*>(re->ptr()),
-           re->ShouldProduceBytecode() ? "bytecode" : "native code",
-           re->ShouldProduceBytecode()
-               ? IrregexpByteCode(*data, is_one_byte)->AllocatedSize()
-               : IrregexpNativeCode(isolate, *data, is_one_byte)->Size());
+    PrintF("JSRegExp data object %p %s size: %d\n",
+           reinterpret_cast<void*>(re_data->ptr()),
+           re_data->ShouldProduceBytecode() ? "bytecode" : "native code",
+           re_data->ShouldProduceBytecode()
+               ? re_data->bytecode(is_one_byte)->AllocatedSize()
+               : re_data->code(isolate, is_one_byte)->Size());
   }
 
   return true;
 }
 
-int RegExpImpl::IrregexpMaxRegisterCount(Tagged<FixedArray> re) {
-  return Smi::ToInt(re->get(JSRegExp::kIrregexpMaxRegisterCountIndex));
-}
-
-void RegExpImpl::SetIrregexpMaxRegisterCount(Tagged<FixedArray> re, int value) {
-  re->set(JSRegExp::kIrregexpMaxRegisterCountIndex, Smi::FromInt(value));
-}
-
-int RegExpImpl::IrregexpNumberOfCaptures(Tagged<FixedArray> re) {
-  return Smi::ToInt(re->get(JSRegExp::kIrregexpCaptureCountIndex));
-}
-
-Tagged<ByteArray> RegExpImpl::IrregexpByteCode(Tagged<FixedArray> re,
-                                               bool is_one_byte) {
-  return Cast<ByteArray>(re->get(JSRegExp::bytecode_index(is_one_byte)));
-}
-
-Tagged<Code> RegExpImpl::IrregexpNativeCode(IsolateForSandbox isolate,
-                                            Tagged<FixedArray> re,
-                                            bool is_one_byte) {
-  return Cast<CodeWrapper>(re->get(JSRegExp::code_index(is_one_byte)))
-      ->code(isolate);
-}
-
 void RegExpImpl::IrregexpInitialize(Isolate* isolate, DirectHandle<JSRegExp> re,
                                     DirectHandle<String> pattern,
                                     RegExpFlags flags, int capture_count,
@@ -662,41 +626,43 @@ void RegExpImpl::IrregexpInitialize(Isolate* isolate, DirectHandle<JSRegExp> re,
 }
 
 // static
-int RegExpImpl::IrregexpPrepare(Isolate* isolate, Handle<JSRegExp> regexp,
+int RegExpImpl::IrregexpPrepare(Isolate* isolate,
+                                DirectHandle<IrRegExpData> re_data,
                                 Handle<String> subject) {
   DCHECK(subject->IsFlat());
 
   // Check representation of the underlying storage.
   bool is_one_byte = String::IsOneByteRepresentationUnderneath(*subject);
-  if (!RegExpImpl::EnsureCompiledIrregexp(isolate, regexp, subject,
+  if (!RegExpImpl::EnsureCompiledIrregexp(isolate, re_data, subject,
                                           is_one_byte)) {
     return -1;
   }
 
   // Only reserve room for output captures. Internal registers are allocated by
   // the engine.
-  return JSRegExp::RegistersForCaptureCount(regexp->capture_count());
+  return JSRegExp::RegistersForCaptureCount(re_data->capture_count());
 }
 
-int RegExpImpl::IrregexpExecRaw(Isolate* isolate, Handle<JSRegExp> regexp,
+int RegExpImpl::IrregexpExecRaw(Isolate* isolate,
+                                DirectHandle<IrRegExpData> regexp_data,
                                 Handle<String> subject, int index,
                                 int32_t* output, int output_size) {
   DCHECK_LE(0, index);
   DCHECK_LE(index, subject->length());
   DCHECK(subject->IsFlat());
   DCHECK_GE(output_size,
-            JSRegExp::RegistersForCaptureCount(regexp->capture_count()));
+            JSRegExp::RegistersForCaptureCount(regexp_data->capture_count()));
 
   bool is_one_byte = String::IsOneByteRepresentationUnderneath(*subject);
 
-  if (!regexp->ShouldProduceBytecode()) {
+  if (!regexp_data->ShouldProduceBytecode()) {
     do {
-      EnsureCompiledIrregexp(isolate, regexp, subject, is_one_byte);
+      EnsureCompiledIrregexp(isolate, regexp_data, subject, is_one_byte);
       // The stack is used to allocate registers for the compiled regexp code.
       // This means that in case of failure, the output registers array is left
       // untouched and contains the capture results from the previous successful
       // match.  We can use that to set the last match info lazily.
-      int res = NativeRegExpMacroAssembler::Match(regexp, subject, output,
+      int res = NativeRegExpMacroAssembler::Match(regexp_data, subject, output,
                                                   output_size, index, isolate);
       if (res != NativeRegExpMacroAssembler::RETRY) {
         DCHECK(res != NativeRegExpMacroAssembler::EXCEPTION ||
@@ -719,12 +685,12 @@ int RegExpImpl::IrregexpExecRaw(Isolate* isolate, Handle<JSRegExp> regexp,
     } while (true);
     UNREACHABLE();
   } else {
-    DCHECK(regexp->ShouldProduceBytecode());
+    DCHECK(regexp_data->ShouldProduceBytecode());
 
     do {
       IrregexpInterpreter::Result result =
           IrregexpInterpreter::MatchForCallFromRuntime(
-              isolate, regexp, subject, output, output_size, index);
+              isolate, regexp_data, subject, output, output_size, index);
       DCHECK_IMPLIES(result == IrregexpInterpreter::EXCEPTION,
                      isolate->has_exception());
 
@@ -738,9 +704,9 @@ int RegExpImpl::IrregexpExecRaw(Isolate* isolate, Handle<JSRegExp> regexp,
           // The string has changed representation, and we must restart the
           // match.
           // We need to reset the tier up to start over with compilation.
-          if (v8_flags.regexp_tier_up) regexp->ResetLastTierUpTick();
+          if (v8_flags.regexp_tier_up) regexp_data->ResetLastTierUpTick();
           is_one_byte = String::IsOneByteRepresentationUnderneath(*subject);
-          EnsureCompiledIrregexp(isolate, regexp, subject, is_one_byte);
+          EnsureCompiledIrregexp(isolate, regexp_data, subject, is_one_byte);
           break;
       }
     } while (true);
@@ -749,16 +715,15 @@ int RegExpImpl::IrregexpExecRaw(Isolate* isolate, Handle<JSRegExp> regexp,
 }
 
 MaybeHandle<Object> RegExpImpl::IrregexpExec(
-    Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
-    int previous_index, Handle<RegExpMatchInfo> last_match_info,
-    RegExp::ExecQuirks exec_quirks) {
-  DCHECK_EQ(regexp->type_tag(), JSRegExp::IRREGEXP);
-
+    Isolate* isolate, DirectHandle<IrRegExpData> regexp_data,
+    Handle<String> subject, int previous_index,
+    Handle<RegExpMatchInfo> last_match_info, RegExp::ExecQuirks exec_quirks) {
   subject = String::Flatten(isolate, subject);
 
 #ifdef DEBUG
-  if (v8_flags.trace_regexp_bytecodes && regexp->ShouldProduceBytecode()) {
-    PrintF("\n\nRegexp match:   /%s/\n\n", regexp->source()->ToCString().get());
+  if (v8_flags.trace_regexp_bytecodes && regexp_data->ShouldProduceBytecode()) {
+    PrintF("\n\nRegexp match:   /%s/\n\n",
+           regexp_data->source()->ToCString().get());
     PrintF("\n\nSubject string: '%s'\n\n", subject->ToCString().get());
   }
 #endif
@@ -769,7 +734,7 @@ MaybeHandle<Object> RegExpImpl::IrregexpExec(
   // subject string length is equal or greater than the given heuristic value.
   if (v8_flags.regexp_tier_up &&
       subject->length() >= JSRegExp::kTierUpForSubjectLengthValue) {
-    regexp->MarkTierUpForNextExec();
+    regexp_data->MarkTierUpForNextExec();
     if (v8_flags.trace_regexp_tier_up) {
       PrintF(
           "Forcing tier-up for very long strings in "
@@ -779,7 +744,7 @@ MaybeHandle<Object> RegExpImpl::IrregexpExec(
 
   // Prepare space for the return values.
   int required_registers =
-      RegExpImpl::IrregexpPrepare(isolate, regexp, subject);
+      RegExpImpl::IrregexpPrepare(isolate, regexp_data, subject);
   if (required_registers < 0) {
     // Compiling failed with an exception.
     DCHECK(isolate->has_exception());
@@ -796,7 +761,7 @@ MaybeHandle<Object> RegExpImpl::IrregexpExec(
   }
 
   int res =
-      RegExpImpl::IrregexpExecRaw(isolate, regexp, subject, previous_index,
+      RegExpImpl::IrregexpExecRaw(isolate, regexp_data, subject, previous_index,
                                   output_registers, required_registers);
 
   if (res == RegExp::RE_SUCCESS) {
@@ -805,11 +770,11 @@ MaybeHandle<Object> RegExpImpl::IrregexpExec(
         return isolate->factory()->null_value();
       }
     }
-    int capture_count = regexp->capture_count();
+    int capture_count = regexp_data->capture_count();
     return RegExp::SetLastMatchInfo(isolate, last_match_info, subject,
                                     capture_count, output_registers);
   } else if (res == RegExp::RE_FALLBACK_TO_EXPERIMENTAL) {
-    return ExperimentalRegExp::OneshotExec(isolate, regexp, subject,
+    return ExperimentalRegExp::OneshotExec(isolate, regexp_data, subject,
                                            previous_index, last_match_info);
   } else if (res == RegExp::RE_EXCEPTION) {
     DCHECK(isolate->has_exception());
@@ -1065,19 +1030,17 @@ bool RegExpImpl::Compile(Isolate* isolate, Zone* zone, RegExpCompileData* data,
   return result.Succeeded();
 }
 
-RegExpGlobalCache::RegExpGlobalCache(Handle<JSRegExp> regexp,
+RegExpGlobalCache::RegExpGlobalCache(Handle<RegExpData> regexp_data,
                                      Handle<String> subject, Isolate* isolate)
     : register_array_(nullptr),
       register_array_size_(0),
-      regexp_(regexp),
+      regexp_data_(regexp_data),
       subject_(subject),
       isolate_(isolate) {
-  DCHECK(IsGlobal(JSRegExp::AsRegExpFlags(regexp->flags())));
+  DCHECK(IsGlobal(JSRegExp::AsRegExpFlags(regexp_data->flags())));
 
-  switch (regexp_->type_tag()) {
-    case JSRegExp::NOT_COMPILED:
-      UNREACHABLE();
-    case JSRegExp::ATOM: {
+  switch (regexp_data_->type_tag()) {
+    case RegExpData::Type::ATOM: {
       // ATOM regexps do not have a global loop, so we search for one match at
       // a time.
       static const int kAtomRegistersPerMatch = 2;
@@ -1085,14 +1048,14 @@ RegExpGlobalCache::RegExpGlobalCache(Handle<JSRegExp> regexp,
       register_array_size_ = registers_per_match_;
       break;
     }
-    case JSRegExp::IRREGEXP: {
-      registers_per_match_ =
-          RegExpImpl::IrregexpPrepare(isolate_, regexp_, subject_);
+    case RegExpData::Type::IRREGEXP: {
+      registers_per_match_ = RegExpImpl::IrregexpPrepare(
+          isolate_, Cast<IrRegExpData>(regexp_data_), subject_);
       if (registers_per_match_ < 0) {
         num_matches_ = -1;  // Signal exception.
         return;
       }
-      if (regexp->ShouldProduceBytecode()) {
+      if (Cast<IrRegExpData>(regexp_data_)->ShouldProduceBytecode()) {
         // Global loop in interpreted regexp is not implemented.  We choose the
         // size of the offsets vector so that it can only store one match.
         register_array_size_ = registers_per_match_;
@@ -1103,15 +1066,17 @@ RegExpGlobalCache::RegExpGlobalCache(Handle<JSRegExp> regexp,
       }
       break;
     }
-    case JSRegExp::EXPERIMENTAL: {
-      if (!ExperimentalRegExp::IsCompiled(regexp, isolate_) &&
-          !ExperimentalRegExp::Compile(isolate_, regexp)) {
+    case RegExpData::Type::EXPERIMENTAL: {
+      if (!ExperimentalRegExp::IsCompiled(Cast<IrRegExpData>(regexp_data_),
+                                          isolate_) &&
+          !ExperimentalRegExp::Compile(isolate_,
+                                       Cast<IrRegExpData>(regexp_data_))) {
         DCHECK(isolate->has_exception());
         num_matches_ = -1;  // Signal exception.
         return;
       }
-      registers_per_match_ =
-          JSRegExp::RegistersForCaptureCount(regexp->capture_count());
+      registers_per_match_ = JSRegExp::RegistersForCaptureCount(
+          Cast<IrRegExpData>(regexp_data_)->capture_count());
       register_array_size_ = std::max(
           {registers_per_match_, Isolate::kJSRegexpStaticOffsetsVectorSize});
       break;
@@ -1147,7 +1112,7 @@ RegExpGlobalCache::~RegExpGlobalCache() {
 }
 
 int RegExpGlobalCache::AdvanceZeroLength(int last_index) {
-  if (IsEitherUnicode(JSRegExp::AsRegExpFlags(regexp_->flags())) &&
+  if (IsEitherUnicode(JSRegExp::AsRegExpFlags(regexp_data_->flags())) &&
       last_index + 1 < subject_->length() &&
       unibrow::Utf16::IsLeadSurrogate(subject_->Get(last_index)) &&
       unibrow::Utf16::IsTrailSurrogate(subject_->Get(last_index + 1))) {
@@ -1172,23 +1137,22 @@ int32_t* RegExpGlobalCache::FetchNext() {
         &register_array_[(current_match_index_ - 1) * registers_per_match_];
     int last_end_index = last_match[1];
 
-    switch (regexp_->type_tag()) {
-      case JSRegExp::NOT_COMPILED:
-        UNREACHABLE();
-      case JSRegExp::ATOM:
-        num_matches_ =
-            RegExpImpl::AtomExecRaw(isolate_, regexp_, subject_, last_end_index,
-                                    register_array_, register_array_size_);
+    switch (regexp_data_->type_tag()) {
+      case RegExpData::Type::ATOM:
+        num_matches_ = RegExpImpl::AtomExecRaw(
+            isolate_, Cast<AtomRegExpData>(regexp_data_), subject_,
+            last_end_index, register_array_, register_array_size_);
         break;
-      case JSRegExp::EXPERIMENTAL: {
-        DCHECK(ExperimentalRegExp::IsCompiled(regexp_, isolate_));
+      case RegExpData::Type::EXPERIMENTAL: {
+        DCHECK(ExperimentalRegExp::IsCompiled(Cast<IrRegExpData>(regexp_data_),
+                                              isolate_));
         DisallowGarbageCollection no_gc;
         num_matches_ = ExperimentalRegExp::ExecRaw(
-            isolate_, RegExp::kFromRuntime, *regexp_, *subject_,
-            register_array_, register_array_size_, last_end_index);
+            isolate_, RegExp::kFromRuntime, *Cast<IrRegExpData>(regexp_data_),
+            *subject_, register_array_, register_array_size_, last_end_index);
         break;
       }
-      case JSRegExp::IRREGEXP: {
+      case RegExpData::Type::IRREGEXP: {
         int last_start_index = last_match[0];
         if (last_start_index == last_end_index) {
           // Zero-length match. Advance by one code point.
@@ -1199,8 +1163,8 @@ int32_t* RegExpGlobalCache::FetchNext() {
           return nullptr;
         }
         num_matches_ = RegExpImpl::IrregexpExecRaw(
-            isolate_, regexp_, subject_, last_end_index, register_array_,
-            register_array_size_);
+            isolate_, Cast<IrRegExpData>(regexp_data_), subject_,
+            last_end_index, register_array_, register_array_size_);
         break;
       }
     }
@@ -1208,8 +1172,8 @@ int32_t* RegExpGlobalCache::FetchNext() {
     // Fall back to experimental engine if needed and possible.
     if (num_matches_ == RegExp::kInternalRegExpFallbackToExperimental) {
       num_matches_ = ExperimentalRegExp::OneshotExecRaw(
-          isolate_, regexp_, subject_, register_array_, register_array_size_,
-          last_end_index);
+          isolate_, Cast<IrRegExpData>(regexp_data_), subject_, register_array_,
+          register_array_size_, last_end_index);
     }
 
     if (num_matches_ <= 0) {
@@ -1252,7 +1216,7 @@ Tagged<Object> RegExpResultsCache::Lookup(Heap* heap, Tagged<String> key_string,
     cache = heap->string_split_cache();
   } else {
     DCHECK(type == REGEXP_MULTIPLE_INDICES);
-    DCHECK(IsFixedArray(key_pattern));
+    DCHECK(IsRegExpDataWrapper(key_pattern));
     cache = heap->regexp_multiple_cache();
   }
 
@@ -1280,7 +1244,7 @@ void RegExpResultsCache::Enter(Isolate* isolate,
                                DirectHandle<FixedArray> last_match_cache,
                                ResultsCacheType type) {
   Factory* factory = isolate->factory();
-  Handle<FixedArray> cache;
+  DirectHandle<FixedArray> cache;
   if (!IsInternalizedString(*key_string)) return;
   if (type == STRING_SPLIT_SUBSTRINGS) {
     DCHECK(IsString(*key_pattern));
@@ -1288,7 +1252,7 @@ void RegExpResultsCache::Enter(Isolate* isolate,
     cache = factory->string_split_cache();
   } else {
     DCHECK(type == REGEXP_MULTIPLE_INDICES);
-    DCHECK(IsFixedArray(*key_pattern));
+    DCHECK(IsRegExpDataWrapper(*key_pattern));
     cache = factory->regexp_multiple_cache();
   }
 
diff --git a/deps/v8/src/regexp/regexp.h b/deps/v8/src/regexp/regexp.h
index c1d89dbd610d6e..91452051f5a41c 100644
--- a/deps/v8/src/regexp/regexp.h
+++ b/deps/v8/src/regexp/regexp.h
@@ -16,6 +16,9 @@ namespace internal {
 
 class JSRegExp;
 class RegExpCapture;
+class RegExpData;
+class IrRegExpData;
+class AtomRegExpData;
 class RegExpMatchInfo;
 class RegExpNode;
 class RegExpTree;
@@ -92,9 +95,9 @@ class RegExp final : public AllStatic {
   // Ensures that a regexp is fully compiled and ready to be executed on a
   // subject string.  Returns true on success. Throw and return false on
   // failure.
-  V8_WARN_UNUSED_RESULT static bool EnsureFullyCompiled(Isolate* isolate,
-                                                        Handle<JSRegExp> re,
-                                                        Handle<String> subject);
+  V8_WARN_UNUSED_RESULT static bool EnsureFullyCompiled(
+      Isolate* isolate, DirectHandle<RegExpData> re_data,
+      Handle<String> subject);
 
   enum CallOrigin : int {
     kFromRuntime = 0,
@@ -114,12 +117,12 @@ class RegExp final : public AllStatic {
   // See ECMA-262 section 15.10.6.2.
   // This function calls the garbage collector if necessary.
   V8_EXPORT_PRIVATE V8_WARN_UNUSED_RESULT static MaybeHandle<Object> Exec(
-      Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
+      Isolate* isolate, DirectHandle<JSRegExp> regexp, Handle<String> subject,
       int index, Handle<RegExpMatchInfo> last_match_info,
       ExecQuirks exec_quirks = ExecQuirks::kNone);
 
   V8_EXPORT_PRIVATE V8_WARN_UNUSED_RESULT static MaybeHandle<Object>
-  ExperimentalOneshotExec(Isolate* isolate, Handle<JSRegExp> regexp,
+  ExperimentalOneshotExec(Isolate* isolate, DirectHandle<JSRegExp> regexp,
                           DirectHandle<String> subject, int index,
                           Handle<RegExpMatchInfo> last_match_info,
                           ExecQuirks exec_quirks = ExecQuirks::kNone);
@@ -157,11 +160,11 @@ class RegExp final : public AllStatic {
 
   V8_WARN_UNUSED_RESULT
   static MaybeHandle<Object> ThrowRegExpException(Isolate* isolate,
-                                                  DirectHandle<JSRegExp> re,
                                                   RegExpFlags flags,
                                                   Handle<String> pattern,
                                                   RegExpError error);
-  static void ThrowRegExpException(Isolate* isolate, DirectHandle<JSRegExp> re,
+  static void ThrowRegExpException(Isolate* isolate,
+                                   DirectHandle<RegExpData> re_data,
                                    RegExpError error_text);
 
   static bool IsUnmodifiedRegExp(Isolate* isolate,
@@ -176,7 +179,7 @@ class RegExp final : public AllStatic {
 // iterator over multiple results (retrieved batch-wise in advance).
 class RegExpGlobalCache final {
  public:
-  RegExpGlobalCache(Handle<JSRegExp> regexp, Handle<String> subject,
+  RegExpGlobalCache(Handle<RegExpData> regexp_data, Handle<String> subject,
                     Isolate* isolate);
 
   ~RegExpGlobalCache();
@@ -201,7 +204,7 @@ class RegExpGlobalCache final {
   // Pointer to the last set of captures.
   int32_t* register_array_;
   int register_array_size_;
-  Handle<JSRegExp> regexp_;
+  Handle<RegExpData> regexp_data_;
   Handle<String> subject_;
   Isolate* isolate_;
 };
diff --git a/deps/v8/src/roots/roots.h b/deps/v8/src/roots/roots.h
index ca8621dfb89f9f..288dee65e0467d 100644
--- a/deps/v8/src/roots/roots.h
+++ b/deps/v8/src/roots/roots.h
@@ -127,6 +127,9 @@ class RootVisitor;
   V(Map, property_array_map, PropertyArrayMap)                                 \
   V(Map, accessor_info_map, AccessorInfoMap)                                   \
   V(Map, regexp_match_info_map, RegExpMatchInfoMap)                            \
+  V(Map, regexp_data_map, RegExpDataMap)                                       \
+  V(Map, atom_regexp_data_map, AtomRegExpDataMap)                              \
+  V(Map, ir_regexp_data_map, IrRegExpDataMap)                                  \
   V(Map, simple_number_dictionary_map, SimpleNumberDictionaryMap)              \
   V(Map, small_ordered_hash_map_map, SmallOrderedHashMapMap)                   \
   V(Map, small_ordered_hash_set_map, SmallOrderedHashSetMap)                   \
@@ -134,7 +137,7 @@ class RootVisitor;
   V(Map, source_text_module_map, SourceTextModuleMap)                          \
   V(Map, swiss_name_dictionary_map, SwissNameDictionaryMap)                    \
   V(Map, synthetic_module_map, SyntheticModuleMap)                             \
-  IF_WASM(V, Map, wasm_api_function_ref_map, WasmApiFunctionRefMap)            \
+  IF_WASM(V, Map, wasm_import_data_map, WasmImportDataMap)                     \
   IF_WASM(V, Map, wasm_capi_function_data_map, WasmCapiFunctionDataMap)        \
   IF_WASM(V, Map, wasm_continuation_object_map, WasmContinuationObjectMap)     \
   IF_WASM(V, Map, wasm_dispatch_table_map, WasmDispatchTableMap)               \
@@ -145,6 +148,7 @@ class RootVisitor;
   IF_WASM(V, Map, wasm_js_function_data_map, WasmJSFunctionDataMap)            \
   IF_WASM(V, Map, wasm_null_map, WasmNullMap)                                  \
   IF_WASM(V, Map, wasm_resume_data_map, WasmResumeDataMap)                     \
+  IF_WASM(V, Map, wasm_suspender_object_map, WasmSuspenderObjectMap)           \
   IF_WASM(V, Map, wasm_trusted_instance_data_map, WasmTrustedInstanceDataMap)  \
   IF_WASM(V, Map, wasm_type_info_map, WasmTypeInfoMap)                         \
   V(Map, weak_fixed_array_map, WeakFixedArrayMap)                              \
@@ -256,6 +260,43 @@ class RootVisitor;
     EmptyTrustedWeakFixedArray)                                           \
   V(ProtectedFixedArray, empty_protected_fixed_array, EmptyProtectedFixedArray)
 
+#define BUILTINS_WITH_SFI_LIST_GENERATOR(APPLY, V)                             \
+  APPLY(V, ProxyRevoke, proxy_revoke)                                          \
+  APPLY(V, AsyncFromSyncIteratorCloseSyncAndRethrow,                           \
+        async_from_sync_iterator_close_sync_and_rethrow)                       \
+  APPLY(V, AsyncIteratorValueUnwrap, async_iterator_value_unwrap)              \
+  APPLY(V, ArrayFromAsyncArrayLikeOnFulfilled,                                 \
+        array_from_async_array_like_on_fulfilled)                              \
+  APPLY(V, ArrayFromAsyncArrayLikeOnRejected,                                  \
+        array_from_async_array_like_on_rejected)                               \
+  APPLY(V, ArrayFromAsyncIterableOnFulfilled,                                  \
+        array_from_async_iterable_on_fulfilled)                                \
+  APPLY(V, ArrayFromAsyncIterableOnRejected,                                   \
+        array_from_async_iterable_on_rejected)                                 \
+  APPLY(V, PromiseCapabilityDefaultResolve,                                    \
+        promise_capability_default_resolve)                                    \
+  APPLY(V, PromiseCapabilityDefaultReject, promise_capability_default_reject)  \
+  APPLY(V, PromiseGetCapabilitiesExecutor, promise_get_capabilities_executor)  \
+  APPLY(V, PromiseAllSettledResolveElementClosure,                             \
+        promise_all_settled_resolve_element_closure)                           \
+  APPLY(V, PromiseAllSettledRejectElementClosure,                              \
+        promise_all_settled_reject_element_closure)                            \
+  APPLY(V, PromiseAllResolveElementClosure,                                    \
+        promise_all_resolve_element_closure)                                   \
+  APPLY(V, PromiseAnyRejectElementClosure, promise_any_reject_element_closure) \
+  APPLY(V, PromiseThrowerFinally, promise_thrower_finally)                     \
+  APPLY(V, PromiseValueThunkFinally, promise_value_thunk_finally)              \
+  APPLY(V, PromiseThenFinally, promise_then_finally)                           \
+  APPLY(V, PromiseCatchFinally, promise_catch_finally)                         \
+  APPLY(V, ShadowRealmImportValueFulfilled, shadow_realm_import_value_fulfilled)
+
+#define BUILTINS_WITH_SFI_ROOTS_LIST_ADAPTER(V, CamelName, underscore_name, \
+                                             ...)                           \
+  V(SharedFunctionInfo, underscore_name##_shared_fun, CamelName##SharedFun)
+
+#define BUILTINS_WITH_SFI_ROOTS_LIST(V) \
+  BUILTINS_WITH_SFI_LIST_GENERATOR(BUILTINS_WITH_SFI_ROOTS_LIST_ADAPTER, V)
+
 // Mutable roots that are known to be immortal immovable, for which we can
 // safely skip write barriers.
 #define STRONG_MUTABLE_IMMOVABLE_ROOT_LIST(V)                                  \
@@ -314,60 +355,19 @@ class RootVisitor;
     AsyncGeneratorReturnClosedRejectSharedFun)                                 \
   V(SharedFunctionInfo, async_generator_return_closed_resolve_shared_fun,      \
     AsyncGeneratorReturnClosedResolveSharedFun)                                \
-  V(SharedFunctionInfo,                                                        \
-    async_from_sync_iterator_close_sync_and_rethrow_shared_fun,                \
-    AsyncFromSyncIteratorCloseSyncAndRethrowSharedFun)                         \
-  V(SharedFunctionInfo, async_iterator_value_unwrap_shared_fun,                \
-    AsyncIteratorValueUnwrapSharedFun)                                         \
-  V(SharedFunctionInfo, promise_all_resolve_element_shared_fun,                \
-    PromiseAllResolveElementSharedFun)                                         \
-  V(SharedFunctionInfo, promise_all_settled_resolve_element_shared_fun,        \
-    PromiseAllSettledResolveElementSharedFun)                                  \
-  V(SharedFunctionInfo, promise_all_settled_reject_element_shared_fun,         \
-    PromiseAllSettledRejectElementSharedFun)                                   \
-  V(SharedFunctionInfo, promise_any_reject_element_shared_fun,                 \
-    PromiseAnyRejectElementSharedFun)                                          \
-  V(SharedFunctionInfo, promise_capability_default_reject_shared_fun,          \
-    PromiseCapabilityDefaultRejectSharedFun)                                   \
-  V(SharedFunctionInfo, promise_capability_default_resolve_shared_fun,         \
-    PromiseCapabilityDefaultResolveSharedFun)                                  \
-  V(SharedFunctionInfo, promise_catch_finally_shared_fun,                      \
-    PromiseCatchFinallySharedFun)                                              \
-  V(SharedFunctionInfo, promise_get_capabilities_executor_shared_fun,          \
-    PromiseGetCapabilitiesExecutorSharedFun)                                   \
-  V(SharedFunctionInfo, promise_then_finally_shared_fun,                       \
-    PromiseThenFinallySharedFun)                                               \
-  V(SharedFunctionInfo, promise_thrower_finally_shared_fun,                    \
-    PromiseThrowerFinallySharedFun)                                            \
-  V(SharedFunctionInfo, promise_value_thunk_finally_shared_fun,                \
-    PromiseValueThunkFinallySharedFun)                                         \
-  V(SharedFunctionInfo, proxy_revoke_shared_fun, ProxyRevokeSharedFun)         \
-  V(SharedFunctionInfo, shadow_realm_import_value_fulfilled_sfi,               \
-    ShadowRealmImportValueFulfilledSFI)                                        \
   V(SharedFunctionInfo, source_text_module_execute_async_module_fulfilled_sfi, \
     SourceTextModuleExecuteAsyncModuleFulfilledSFI)                            \
   V(SharedFunctionInfo, source_text_module_execute_async_module_rejected_sfi,  \
     SourceTextModuleExecuteAsyncModuleRejectedSFI)                             \
-  V(SharedFunctionInfo, array_from_async_iterable_on_fulfilled_shared_fun,     \
-    ArrayFromAsyncIterableOnFulfilledSharedFun)                                \
-  V(SharedFunctionInfo, array_from_async_iterable_on_rejected_shared_fun,      \
-    ArrayFromAsyncIterableOnRejectedSharedFun)                                 \
-  V(SharedFunctionInfo, array_from_async_array_like_on_fulfilled_shared_fun,   \
-    ArrayFromAsyncArrayLikeOnFulfilledSharedFun)                               \
-  V(SharedFunctionInfo, array_from_async_array_like_on_rejected_shared_fun,    \
-    ArrayFromAsyncArrayLikeOnRejectedSharedFun)                                \
   V(SharedFunctionInfo, atomics_mutex_async_unlock_resolve_handler_sfi,        \
     AtomicsMutexAsyncUnlockResolveHandlerSFI)                                  \
   V(SharedFunctionInfo, atomics_mutex_async_unlock_reject_handler_sfi,         \
     AtomicsMutexAsyncUnlockRejectHandlerSFI)                                   \
   V(SharedFunctionInfo, atomics_condition_acquire_lock_sfi,                    \
     AtomicsConditionAcquireLockSFI)                                            \
-  V(SharedFunctionInfo, async_disposable_stack_on_fulfilled_shared_fun,        \
-    AsyncDisposableStackOnFulfilledSharedFun)                                  \
-  V(SharedFunctionInfo, async_disposable_stack_on_rejected_shared_fun,         \
-    AsyncDisposableStackOnRejectedSharedFun)                                   \
   V(SharedFunctionInfo, async_dispose_from_sync_dispose_shared_fun,            \
     AsyncDisposeFromSyncDisposeSharedFun)                                      \
+  BUILTINS_WITH_SFI_ROOTS_LIST(V)                                              \
   TRUSTED_ROOT_LIST(V)
 
 // These root references can be updated by the mutator.
diff --git a/deps/v8/src/roots/static-roots.h b/deps/v8/src/roots/static-roots.h
index 01a86562c9826a..707e93d1f54fdc 100644
--- a/deps/v8/src/roots/static-roots.h
+++ b/deps/v8/src/roots/static-roots.h
@@ -31,58 +31,58 @@ struct StaticReadOnlyRoot {
   static constexpr Tagged_t kTrueValue = 0xc9;
   static constexpr Tagged_t kSeqTwoByteStringMap = 0xe5;
   static constexpr Tagged_t kSeqOneByteStringMap = 0x10d;
-  static constexpr Tagged_t kConsTwoByteStringMap = 0x135;
-  static constexpr Tagged_t kConsOneByteStringMap = 0x15d;
-  static constexpr Tagged_t kSlicedTwoByteStringMap = 0x185;
-  static constexpr Tagged_t kSlicedOneByteStringMap = 0x1ad;
-  static constexpr Tagged_t kExternalTwoByteStringMap = 0x1d5;
-  static constexpr Tagged_t kExternalOneByteStringMap = 0x1fd;
-  static constexpr Tagged_t kUncachedExternalTwoByteStringMap = 0x225;
-  static constexpr Tagged_t kUncachedExternalOneByteStringMap = 0x24d;
-  static constexpr Tagged_t kSharedExternalTwoByteStringMap = 0x275;
-  static constexpr Tagged_t kSharedExternalOneByteStringMap = 0x29d;
-  static constexpr Tagged_t kSharedUncachedExternalTwoByteStringMap = 0x2c5;
-  static constexpr Tagged_t kSharedUncachedExternalOneByteStringMap = 0x2ed;
-  static constexpr Tagged_t kExternalInternalizedTwoByteStringMap = 0x315;
-  static constexpr Tagged_t kExternalInternalizedOneByteStringMap = 0x33d;
+  static constexpr Tagged_t kSharedSeqTwoByteStringMap = 0x135;
+  static constexpr Tagged_t kSharedSeqOneByteStringMap = 0x15d;
+  static constexpr Tagged_t kInternalizedTwoByteStringMap = 0x185;
+  static constexpr Tagged_t kInternalizedOneByteStringMap = 0x1ad;
+  static constexpr Tagged_t kExternalInternalizedTwoByteStringMap = 0x1d5;
+  static constexpr Tagged_t kExternalInternalizedOneByteStringMap = 0x1fd;
   static constexpr Tagged_t kUncachedExternalInternalizedTwoByteStringMap =
-      0x365;
+      0x225;
   static constexpr Tagged_t kUncachedExternalInternalizedOneByteStringMap =
-      0x38d;
-  static constexpr Tagged_t kInternalizedTwoByteStringMap = 0x3b5;
-  static constexpr Tagged_t kInternalizedOneByteStringMap = 0x3dd;
-  static constexpr Tagged_t kThinTwoByteStringMap = 0x405;
-  static constexpr Tagged_t kThinOneByteStringMap = 0x42d;
-  static constexpr Tagged_t kSharedSeqTwoByteStringMap = 0x455;
-  static constexpr Tagged_t kSharedSeqOneByteStringMap = 0x47d;
+      0x24d;
+  static constexpr Tagged_t kUncachedExternalTwoByteStringMap = 0x275;
+  static constexpr Tagged_t kUncachedExternalOneByteStringMap = 0x29d;
+  static constexpr Tagged_t kSharedUncachedExternalTwoByteStringMap = 0x2c5;
+  static constexpr Tagged_t kSharedUncachedExternalOneByteStringMap = 0x2ed;
+  static constexpr Tagged_t kExternalTwoByteStringMap = 0x315;
+  static constexpr Tagged_t kExternalOneByteStringMap = 0x33d;
+  static constexpr Tagged_t kSharedExternalTwoByteStringMap = 0x365;
+  static constexpr Tagged_t kSharedExternalOneByteStringMap = 0x38d;
+  static constexpr Tagged_t kConsTwoByteStringMap = 0x3b5;
+  static constexpr Tagged_t kConsOneByteStringMap = 0x3dd;
+  static constexpr Tagged_t kSlicedTwoByteStringMap = 0x405;
+  static constexpr Tagged_t kSlicedOneByteStringMap = 0x42d;
+  static constexpr Tagged_t kThinTwoByteStringMap = 0x455;
+  static constexpr Tagged_t kThinOneByteStringMap = 0x47d;
   static constexpr Tagged_t kSymbolMap = 0x4a5;
   static constexpr Tagged_t kMetaMap = 0x4cd;
   static constexpr Tagged_t kUndefinedMap = 0x4f5;
   static constexpr Tagged_t kNullMap = 0x51d;
   static constexpr Tagged_t kBooleanMap = 0x545;
-  static constexpr Tagged_t kFixedArrayMap = 0x56d;
-  static constexpr Tagged_t kTrustedFixedArrayMap = 0x595;
-  static constexpr Tagged_t kProtectedFixedArrayMap = 0x5bd;
-  static constexpr Tagged_t kWeakFixedArrayMap = 0x5e5;
-  static constexpr Tagged_t kTrustedWeakFixedArrayMap = 0x60d;
-  static constexpr Tagged_t kWeakArrayListMap = 0x635;
-  static constexpr Tagged_t kFixedCOWArrayMap = 0x65d;
-  static constexpr Tagged_t kDescriptorArrayMap = 0x685;
-  static constexpr Tagged_t kHoleMap = 0x6ad;
-  static constexpr Tagged_t kCallSiteInfoMap = 0x6d5;
-  static constexpr Tagged_t kEnumCacheMap = 0x6fd;
-  static constexpr Tagged_t kEmptyFixedArray = 0x725;
-  static constexpr Tagged_t kEmptyWeakFixedArray = 0x72d;
-  static constexpr Tagged_t kEmptyWeakArrayList = 0x735;
-  static constexpr Tagged_t kTheHoleValue = 0x741;
-  static constexpr Tagged_t kEmptyEnumCache = 0x74d;
-  static constexpr Tagged_t kEmptyDescriptorArray = 0x759;
-  static constexpr Tagged_t kScopeInfoMap = 0x769;
-  static constexpr Tagged_t kModuleInfoMap = 0x791;
-  static constexpr Tagged_t kClosureFeedbackCellArrayMap = 0x7b9;
-  static constexpr Tagged_t kFeedbackVectorMap = 0x7e1;
-  static constexpr Tagged_t kHeapNumberMap = 0x809;
-  static constexpr Tagged_t kBigIntMap = 0x831;
+  static constexpr Tagged_t kHeapNumberMap = 0x56d;
+  static constexpr Tagged_t kBigIntMap = 0x595;
+  static constexpr Tagged_t kFixedArrayMap = 0x5bd;
+  static constexpr Tagged_t kTrustedFixedArrayMap = 0x5e5;
+  static constexpr Tagged_t kProtectedFixedArrayMap = 0x60d;
+  static constexpr Tagged_t kWeakFixedArrayMap = 0x635;
+  static constexpr Tagged_t kTrustedWeakFixedArrayMap = 0x65d;
+  static constexpr Tagged_t kWeakArrayListMap = 0x685;
+  static constexpr Tagged_t kFixedCOWArrayMap = 0x6ad;
+  static constexpr Tagged_t kDescriptorArrayMap = 0x6d5;
+  static constexpr Tagged_t kHoleMap = 0x6fd;
+  static constexpr Tagged_t kCallSiteInfoMap = 0x725;
+  static constexpr Tagged_t kEnumCacheMap = 0x74d;
+  static constexpr Tagged_t kEmptyFixedArray = 0x775;
+  static constexpr Tagged_t kEmptyWeakFixedArray = 0x77d;
+  static constexpr Tagged_t kEmptyWeakArrayList = 0x785;
+  static constexpr Tagged_t kTheHoleValue = 0x791;
+  static constexpr Tagged_t kEmptyEnumCache = 0x79d;
+  static constexpr Tagged_t kEmptyDescriptorArray = 0x7a9;
+  static constexpr Tagged_t kScopeInfoMap = 0x7b9;
+  static constexpr Tagged_t kModuleInfoMap = 0x7e1;
+  static constexpr Tagged_t kClosureFeedbackCellArrayMap = 0x809;
+  static constexpr Tagged_t kFeedbackVectorMap = 0x831;
   static constexpr Tagged_t kForeignMap = 0x859;
   static constexpr Tagged_t kTrustedForeignMap = 0x881;
   static constexpr Tagged_t kMegaDomHandlerMap = 0x8a9;
@@ -130,673 +130,678 @@ struct StaticReadOnlyRoot {
   static constexpr Tagged_t kuninitialized_symbol = 0xe65;
   static constexpr Tagged_t kmegamorphic_symbol = 0xe75;
   static constexpr Tagged_t kelements_transition_symbol = 0xe85;
-  static constexpr Tagged_t kclone_object_ic_transition_symbol = 0xe95;
-  static constexpr Tagged_t kobject_assign_clone_transition_symbol = 0xea5;
-  static constexpr Tagged_t kmega_dom_symbol = 0xeb5;
-  static constexpr Tagged_t kEmptyPropertyDictionary = 0xec5;
-  static constexpr Tagged_t kEmptyOrderedPropertyDictionary = 0xef1;
-  static constexpr Tagged_t kEmptyByteArray = 0xf09;
-  static constexpr Tagged_t kEmptyScopeInfo = 0xf11;
-  static constexpr Tagged_t kEmptyPropertyArray = 0xf29;
-  static constexpr Tagged_t kMinusZeroValue = 0xf31;
-  static constexpr Tagged_t kNanValue = 0xf3d;
-  static constexpr Tagged_t kHoleNanValue = 0xf49;
-  static constexpr Tagged_t kInfinityValue = 0xf55;
-  static constexpr Tagged_t kMinusInfinityValue = 0xf61;
-  static constexpr Tagged_t kMaxSafeInteger = 0xf6d;
-  static constexpr Tagged_t kMaxUInt32 = 0xf79;
-  static constexpr Tagged_t kSmiMinValue = 0xf85;
-  static constexpr Tagged_t kSmiMaxValuePlusOne = 0xf91;
-  static constexpr Tagged_t kPromiseFulfillReactionJobTaskMap = 0xf9d;
-  static constexpr Tagged_t kPromiseRejectReactionJobTaskMap = 0xfc5;
-  static constexpr Tagged_t kCallableTaskMap = 0xfed;
-  static constexpr Tagged_t kCallbackTaskMap = 0x1015;
-  static constexpr Tagged_t kPromiseResolveThenableJobTaskMap = 0x103d;
-  static constexpr Tagged_t kAccessCheckInfoMap = 0x1065;
-  static constexpr Tagged_t kAccessorPairMap = 0x108d;
-  static constexpr Tagged_t kAliasedArgumentsEntryMap = 0x10b5;
-  static constexpr Tagged_t kAllocationMementoMap = 0x10dd;
-  static constexpr Tagged_t kArrayBoilerplateDescriptionMap = 0x1105;
-  static constexpr Tagged_t kAsmWasmDataMap = 0x112d;
-  static constexpr Tagged_t kAsyncGeneratorRequestMap = 0x1155;
-  static constexpr Tagged_t kBreakPointMap = 0x117d;
-  static constexpr Tagged_t kBreakPointInfoMap = 0x11a5;
-  static constexpr Tagged_t kBytecodeWrapperMap = 0x11cd;
-  static constexpr Tagged_t kClassBoilerplateMap = 0x11f5;
-  static constexpr Tagged_t kClassPositionsMap = 0x121d;
-  static constexpr Tagged_t kCodeWrapperMap = 0x1245;
-  static constexpr Tagged_t kDebugInfoMap = 0x126d;
-  static constexpr Tagged_t kErrorStackDataMap = 0x1295;
-  static constexpr Tagged_t kFunctionTemplateRareDataMap = 0x12bd;
-  static constexpr Tagged_t kInterceptorInfoMap = 0x12e5;
-  static constexpr Tagged_t kModuleRequestMap = 0x130d;
-  static constexpr Tagged_t kPromiseCapabilityMap = 0x1335;
-  static constexpr Tagged_t kPromiseReactionMap = 0x135d;
-  static constexpr Tagged_t kPropertyDescriptorObjectMap = 0x1385;
-  static constexpr Tagged_t kPrototypeInfoMap = 0x13ad;
-  static constexpr Tagged_t kRegExpBoilerplateDescriptionMap = 0x13d5;
-  static constexpr Tagged_t kScriptMap = 0x13fd;
-  static constexpr Tagged_t kScriptOrModuleMap = 0x1425;
-  static constexpr Tagged_t kSourceTextModuleInfoEntryMap = 0x144d;
-  static constexpr Tagged_t kStackFrameInfoMap = 0x1475;
-  static constexpr Tagged_t kTemplateObjectDescriptionMap = 0x149d;
-  static constexpr Tagged_t kTuple2Map = 0x14c5;
-  static constexpr Tagged_t kWasmExceptionTagMap = 0x14ed;
-  static constexpr Tagged_t kAllocationSiteWithWeakNextMap = 0x1515;
-  static constexpr Tagged_t kAllocationSiteWithoutWeakNextMap = 0x153d;
-  static constexpr Tagged_t kLoadHandler1Map = 0x1565;
-  static constexpr Tagged_t kLoadHandler2Map = 0x158d;
-  static constexpr Tagged_t kLoadHandler3Map = 0x15b5;
-  static constexpr Tagged_t kStoreHandler0Map = 0x15dd;
-  static constexpr Tagged_t kStoreHandler1Map = 0x1605;
-  static constexpr Tagged_t kStoreHandler2Map = 0x162d;
-  static constexpr Tagged_t kStoreHandler3Map = 0x1655;
-  static constexpr Tagged_t kFunctionTemplateInfoMap = 0x167d;
-  static constexpr Tagged_t kUncompiledDataWithoutPreparseDataMap = 0x16a5;
-  static constexpr Tagged_t kUncompiledDataWithPreparseDataMap = 0x16cd;
+  static constexpr Tagged_t kmega_dom_symbol = 0xe95;
+  static constexpr Tagged_t kEmptyPropertyDictionary = 0xea5;
+  static constexpr Tagged_t kEmptyOrderedPropertyDictionary = 0xed1;
+  static constexpr Tagged_t kEmptyByteArray = 0xee9;
+  static constexpr Tagged_t kEmptyScopeInfo = 0xef1;
+  static constexpr Tagged_t kEmptyPropertyArray = 0xf09;
+  static constexpr Tagged_t kMinusZeroValue = 0xf11;
+  static constexpr Tagged_t kNanValue = 0xf1d;
+  static constexpr Tagged_t kHoleNanValue = 0xf29;
+  static constexpr Tagged_t kInfinityValue = 0xf35;
+  static constexpr Tagged_t kMinusInfinityValue = 0xf41;
+  static constexpr Tagged_t kMaxSafeInteger = 0xf4d;
+  static constexpr Tagged_t kMaxUInt32 = 0xf59;
+  static constexpr Tagged_t kSmiMinValue = 0xf65;
+  static constexpr Tagged_t kSmiMaxValuePlusOne = 0xf71;
+  static constexpr Tagged_t kPromiseFulfillReactionJobTaskMap = 0xf7d;
+  static constexpr Tagged_t kPromiseRejectReactionJobTaskMap = 0xfa5;
+  static constexpr Tagged_t kCallableTaskMap = 0xfcd;
+  static constexpr Tagged_t kCallbackTaskMap = 0xff5;
+  static constexpr Tagged_t kPromiseResolveThenableJobTaskMap = 0x101d;
+  static constexpr Tagged_t kAccessCheckInfoMap = 0x1045;
+  static constexpr Tagged_t kAccessorPairMap = 0x106d;
+  static constexpr Tagged_t kAliasedArgumentsEntryMap = 0x1095;
+  static constexpr Tagged_t kAllocationMementoMap = 0x10bd;
+  static constexpr Tagged_t kArrayBoilerplateDescriptionMap = 0x10e5;
+  static constexpr Tagged_t kAsmWasmDataMap = 0x110d;
+  static constexpr Tagged_t kAsyncGeneratorRequestMap = 0x1135;
+  static constexpr Tagged_t kBreakPointMap = 0x115d;
+  static constexpr Tagged_t kBreakPointInfoMap = 0x1185;
+  static constexpr Tagged_t kBytecodeWrapperMap = 0x11ad;
+  static constexpr Tagged_t kClassBoilerplateMap = 0x11d5;
+  static constexpr Tagged_t kClassPositionsMap = 0x11fd;
+  static constexpr Tagged_t kCodeWrapperMap = 0x1225;
+  static constexpr Tagged_t kDebugInfoMap = 0x124d;
+  static constexpr Tagged_t kErrorStackDataMap = 0x1275;
+  static constexpr Tagged_t kFunctionTemplateRareDataMap = 0x129d;
+  static constexpr Tagged_t kInterceptorInfoMap = 0x12c5;
+  static constexpr Tagged_t kModuleRequestMap = 0x12ed;
+  static constexpr Tagged_t kPromiseCapabilityMap = 0x1315;
+  static constexpr Tagged_t kPromiseReactionMap = 0x133d;
+  static constexpr Tagged_t kPropertyDescriptorObjectMap = 0x1365;
+  static constexpr Tagged_t kPrototypeInfoMap = 0x138d;
+  static constexpr Tagged_t kRegExpBoilerplateDescriptionMap = 0x13b5;
+  static constexpr Tagged_t kRegExpDataWrapperMap = 0x13dd;
+  static constexpr Tagged_t kScriptMap = 0x1405;
+  static constexpr Tagged_t kScriptOrModuleMap = 0x142d;
+  static constexpr Tagged_t kSourceTextModuleInfoEntryMap = 0x1455;
+  static constexpr Tagged_t kStackFrameInfoMap = 0x147d;
+  static constexpr Tagged_t kTemplateObjectDescriptionMap = 0x14a5;
+  static constexpr Tagged_t kTuple2Map = 0x14cd;
+  static constexpr Tagged_t kWasmExceptionTagMap = 0x14f5;
+  static constexpr Tagged_t kAllocationSiteWithWeakNextMap = 0x151d;
+  static constexpr Tagged_t kAllocationSiteWithoutWeakNextMap = 0x1545;
+  static constexpr Tagged_t kLoadHandler1Map = 0x156d;
+  static constexpr Tagged_t kLoadHandler2Map = 0x1595;
+  static constexpr Tagged_t kLoadHandler3Map = 0x15bd;
+  static constexpr Tagged_t kStoreHandler0Map = 0x15e5;
+  static constexpr Tagged_t kStoreHandler1Map = 0x160d;
+  static constexpr Tagged_t kStoreHandler2Map = 0x1635;
+  static constexpr Tagged_t kStoreHandler3Map = 0x165d;
+  static constexpr Tagged_t kFunctionTemplateInfoMap = 0x1685;
+  static constexpr Tagged_t kUncompiledDataWithoutPreparseDataMap = 0x16ad;
+  static constexpr Tagged_t kUncompiledDataWithPreparseDataMap = 0x16d5;
   static constexpr Tagged_t kUncompiledDataWithoutPreparseDataWithJobMap =
-      0x16f5;
-  static constexpr Tagged_t kUncompiledDataWithPreparseDataAndJobMap = 0x171d;
-  static constexpr Tagged_t kOnHeapBasicBlockProfilerDataMap = 0x1745;
-  static constexpr Tagged_t kObjectTemplateInfoMap = 0x176d;
-  static constexpr Tagged_t kTurbofanBitsetTypeMap = 0x1795;
-  static constexpr Tagged_t kTurbofanUnionTypeMap = 0x17bd;
-  static constexpr Tagged_t kTurbofanRangeTypeMap = 0x17e5;
-  static constexpr Tagged_t kTurbofanHeapConstantTypeMap = 0x180d;
-  static constexpr Tagged_t kTurbofanOtherNumberConstantTypeMap = 0x1835;
-  static constexpr Tagged_t kTurboshaftWord32TypeMap = 0x185d;
-  static constexpr Tagged_t kTurboshaftWord32RangeTypeMap = 0x1885;
-  static constexpr Tagged_t kTurboshaftWord64TypeMap = 0x18ad;
-  static constexpr Tagged_t kTurboshaftWord64RangeTypeMap = 0x18d5;
-  static constexpr Tagged_t kTurboshaftFloat64TypeMap = 0x18fd;
-  static constexpr Tagged_t kTurboshaftFloat64RangeTypeMap = 0x1925;
-  static constexpr Tagged_t kInternalClassMap = 0x194d;
-  static constexpr Tagged_t kSmiPairMap = 0x1975;
-  static constexpr Tagged_t kSmiBoxMap = 0x199d;
-  static constexpr Tagged_t kExportedSubClassBaseMap = 0x19c5;
-  static constexpr Tagged_t kExportedSubClassMap = 0x19ed;
-  static constexpr Tagged_t kAbstractInternalClassSubclass1Map = 0x1a15;
-  static constexpr Tagged_t kAbstractInternalClassSubclass2Map = 0x1a3d;
-  static constexpr Tagged_t kExportedSubClass2Map = 0x1a65;
-  static constexpr Tagged_t kSortStateMap = 0x1a8d;
-  static constexpr Tagged_t kWasmFastApiCallDataMap = 0x1ab5;
-  static constexpr Tagged_t kWasmStringViewIterMap = 0x1add;
-  static constexpr Tagged_t kSloppyArgumentsElementsMap = 0x1b05;
-  static constexpr Tagged_t kStrongDescriptorArrayMap = 0x1b2d;
-  static constexpr Tagged_t kTurboshaftWord32SetTypeMap = 0x1b55;
-  static constexpr Tagged_t kTurboshaftWord64SetTypeMap = 0x1b7d;
-  static constexpr Tagged_t kTurboshaftFloat64SetTypeMap = 0x1ba5;
-  static constexpr Tagged_t kInternalClassWithStructElementsMap = 0x1bcd;
-  static constexpr Tagged_t kOrderedHashMapMap = 0x1bf5;
-  static constexpr Tagged_t kOrderedHashSetMap = 0x1c1d;
-  static constexpr Tagged_t kSimpleNumberDictionaryMap = 0x1c45;
-  static constexpr Tagged_t kNameToIndexHashTableMap = 0x1c6d;
-  static constexpr Tagged_t kEmbedderDataArrayMap = 0x1c95;
-  static constexpr Tagged_t kEphemeronHashTableMap = 0x1cbd;
-  static constexpr Tagged_t kScriptContextTableMap = 0x1ce5;
-  static constexpr Tagged_t kObjectBoilerplateDescriptionMap = 0x1d0d;
-  static constexpr Tagged_t kCoverageInfoMap = 0x1d35;
-  static constexpr Tagged_t kRegExpMatchInfoMap = 0x1d5d;
-  static constexpr Tagged_t kSourceTextModuleMap = 0x1d85;
-  static constexpr Tagged_t kSyntheticModuleMap = 0x1dad;
-  static constexpr Tagged_t kGlobalConstTrackingLetCellMap = 0x1dd5;
-  static constexpr Tagged_t kWasmApiFunctionRefMap = 0x1dfd;
-  static constexpr Tagged_t kWasmCapiFunctionDataMap = 0x1e25;
-  static constexpr Tagged_t kWasmExportedFunctionDataMap = 0x1e4d;
-  static constexpr Tagged_t kWasmInternalFunctionMap = 0x1e75;
-  static constexpr Tagged_t kWasmFuncRefMap = 0x1e9d;
-  static constexpr Tagged_t kWasmJSFunctionDataMap = 0x1ec5;
-  static constexpr Tagged_t kWasmResumeDataMap = 0x1eed;
-  static constexpr Tagged_t kWasmTypeInfoMap = 0x1f15;
-  static constexpr Tagged_t kWasmContinuationObjectMap = 0x1f3d;
-  static constexpr Tagged_t kWasmNullMap = 0x1f65;
-  static constexpr Tagged_t kWasmTrustedInstanceDataMap = 0x1f8d;
-  static constexpr Tagged_t kWasmDispatchTableMap = 0x1fb5;
-  static constexpr Tagged_t kWeakCellMap = 0x1fdd;
-  static constexpr Tagged_t kExternalPointerArrayMap = 0x2005;
-  static constexpr Tagged_t kInterpreterDataMap = 0x202d;
-  static constexpr Tagged_t kSharedFunctionInfoWrapperMap = 0x2055;
-  static constexpr Tagged_t kDictionaryTemplateInfoMap = 0x207d;
-  static constexpr Tagged_t kNoOpInterceptorInfo = 0x20a5;
-  static constexpr Tagged_t kEmptyArrayList = 0x20cd;
-  static constexpr Tagged_t kEmptyObjectBoilerplateDescription = 0x20d9;
-  static constexpr Tagged_t kEmptyArrayBoilerplateDescription = 0x20e9;
-  static constexpr Tagged_t kEmptyClosureFeedbackCellArray = 0x20f5;
-  static constexpr Tagged_t kEmptySwissPropertyDictionary = 0x2109;
-  static constexpr Tagged_t kSingleCharacterStringTable = 0x2129;
-  static constexpr Tagged_t kdot_string = 0x2811;
-  static constexpr Tagged_t kzero_string = 0x2831;
-  static constexpr Tagged_t kone_string = 0x2841;
-  static constexpr Tagged_t kadoptText_string = 0x3531;
-  static constexpr Tagged_t kapproximatelySign_string = 0x3549;
-  static constexpr Tagged_t kbaseName_string = 0x3569;
-  static constexpr Tagged_t kaccounting_string = 0x357d;
-  static constexpr Tagged_t kbreakType_string = 0x3595;
-  static constexpr Tagged_t kcalendars_string = 0x35ad;
-  static constexpr Tagged_t kcardinal_string = 0x35c5;
-  static constexpr Tagged_t kcaseFirst_string = 0x35d9;
-  static constexpr Tagged_t kceil_string = 0x35f1;
-  static constexpr Tagged_t kcompare_string = 0x3601;
-  static constexpr Tagged_t kcollation_string = 0x3615;
-  static constexpr Tagged_t kcollations_string = 0x362d;
-  static constexpr Tagged_t kcompact_string = 0x3645;
-  static constexpr Tagged_t kcompactDisplay_string = 0x3659;
-  static constexpr Tagged_t kcurrency_string = 0x3675;
-  static constexpr Tagged_t kcurrencyDisplay_string = 0x3689;
-  static constexpr Tagged_t kcurrencySign_string = 0x36a5;
-  static constexpr Tagged_t kdateStyle_string = 0x36bd;
-  static constexpr Tagged_t kdateTimeField_string = 0x36d5;
-  static constexpr Tagged_t kdayPeriod_string = 0x36f1;
-  static constexpr Tagged_t kdaysDisplay_string = 0x3709;
-  static constexpr Tagged_t kdecimal_string = 0x3721;
-  static constexpr Tagged_t kdialect_string = 0x3735;
-  static constexpr Tagged_t kdigital_string = 0x3749;
-  static constexpr Tagged_t kdirection_string = 0x375d;
-  static constexpr Tagged_t kendRange_string = 0x3775;
-  static constexpr Tagged_t kengineering_string = 0x3789;
-  static constexpr Tagged_t kexceptZero_string = 0x37a1;
-  static constexpr Tagged_t kexpand_string = 0x37b9;
-  static constexpr Tagged_t kexponentInteger_string = 0x37cd;
-  static constexpr Tagged_t kexponentMinusSign_string = 0x37e9;
-  static constexpr Tagged_t kexponentSeparator_string = 0x3809;
-  static constexpr Tagged_t kfallback_string = 0x3829;
-  static constexpr Tagged_t kfirst_string = 0x383d;
-  static constexpr Tagged_t kfirstDay_string = 0x3851;
-  static constexpr Tagged_t kfirstDayOfWeek_string = 0x3865;
-  static constexpr Tagged_t kfloor_string = 0x3881;
-  static constexpr Tagged_t kformat_string = 0x3895;
-  static constexpr Tagged_t kfraction_string = 0x38a9;
-  static constexpr Tagged_t kfractionalDigits_string = 0x38bd;
-  static constexpr Tagged_t kfractionalSecond_string = 0x38d9;
-  static constexpr Tagged_t kfull_string = 0x38f5;
-  static constexpr Tagged_t kgranularity_string = 0x3905;
-  static constexpr Tagged_t kgrapheme_string = 0x391d;
-  static constexpr Tagged_t kgroup_string = 0x3931;
-  static constexpr Tagged_t kh11_string = 0x3945;
-  static constexpr Tagged_t kh12_string = 0x3955;
-  static constexpr Tagged_t kh23_string = 0x3965;
-  static constexpr Tagged_t kh24_string = 0x3975;
-  static constexpr Tagged_t khalfCeil_string = 0x3985;
-  static constexpr Tagged_t khalfEven_string = 0x3999;
-  static constexpr Tagged_t khalfExpand_string = 0x39ad;
-  static constexpr Tagged_t khalfFloor_string = 0x39c5;
-  static constexpr Tagged_t khalfTrunc_string = 0x39dd;
-  static constexpr Tagged_t khour12_string = 0x39f5;
-  static constexpr Tagged_t khourCycle_string = 0x3a09;
-  static constexpr Tagged_t khourCycles_string = 0x3a21;
-  static constexpr Tagged_t khoursDisplay_string = 0x3a39;
-  static constexpr Tagged_t kideo_string = 0x3a51;
-  static constexpr Tagged_t kignorePunctuation_string = 0x3a61;
-  static constexpr Tagged_t kInvalid_Date_string = 0x3a81;
-  static constexpr Tagged_t kinteger_string = 0x3a99;
-  static constexpr Tagged_t kisWordLike_string = 0x3aad;
-  static constexpr Tagged_t kkana_string = 0x3ac5;
-  static constexpr Tagged_t klanguage_string = 0x3ad5;
-  static constexpr Tagged_t klanguageDisplay_string = 0x3ae9;
-  static constexpr Tagged_t klessPrecision_string = 0x3b05;
-  static constexpr Tagged_t kletter_string = 0x3b21;
-  static constexpr Tagged_t klist_string = 0x3b35;
-  static constexpr Tagged_t kliteral_string = 0x3b45;
-  static constexpr Tagged_t klocale_string = 0x3b59;
-  static constexpr Tagged_t kloose_string = 0x3b6d;
-  static constexpr Tagged_t klower_string = 0x3b81;
-  static constexpr Tagged_t kltr_string = 0x3b95;
-  static constexpr Tagged_t kmaximumFractionDigits_string = 0x3ba5;
-  static constexpr Tagged_t kmaximumSignificantDigits_string = 0x3bc9;
-  static constexpr Tagged_t kmicrosecondsDisplay_string = 0x3bed;
-  static constexpr Tagged_t kmillisecondsDisplay_string = 0x3c0d;
-  static constexpr Tagged_t kmin2_string = 0x3c2d;
-  static constexpr Tagged_t kminimalDays_string = 0x3c3d;
-  static constexpr Tagged_t kminimumFractionDigits_string = 0x3c55;
-  static constexpr Tagged_t kminimumIntegerDigits_string = 0x3c79;
-  static constexpr Tagged_t kminimumSignificantDigits_string = 0x3c99;
-  static constexpr Tagged_t kminus_0 = 0x3cbd;
-  static constexpr Tagged_t kminusSign_string = 0x3ccd;
-  static constexpr Tagged_t kminutesDisplay_string = 0x3ce5;
-  static constexpr Tagged_t kmonthsDisplay_string = 0x3d01;
-  static constexpr Tagged_t kmorePrecision_string = 0x3d1d;
-  static constexpr Tagged_t knan_string = 0x3d39;
-  static constexpr Tagged_t knanosecondsDisplay_string = 0x3d49;
-  static constexpr Tagged_t knarrowSymbol_string = 0x3d69;
-  static constexpr Tagged_t knegative_string = 0x3d81;
-  static constexpr Tagged_t knever_string = 0x3d95;
-  static constexpr Tagged_t knone_string = 0x3da9;
-  static constexpr Tagged_t knotation_string = 0x3db9;
-  static constexpr Tagged_t knormal_string = 0x3dcd;
-  static constexpr Tagged_t knumberingSystem_string = 0x3de1;
-  static constexpr Tagged_t knumberingSystems_string = 0x3dfd;
-  static constexpr Tagged_t knumeric_string = 0x3e19;
-  static constexpr Tagged_t kordinal_string = 0x3e2d;
-  static constexpr Tagged_t kpercentSign_string = 0x3e41;
-  static constexpr Tagged_t kplusSign_string = 0x3e59;
-  static constexpr Tagged_t kquarter_string = 0x3e6d;
-  static constexpr Tagged_t kregion_string = 0x3e81;
-  static constexpr Tagged_t krelatedYear_string = 0x3e95;
-  static constexpr Tagged_t kroundingMode_string = 0x3ead;
-  static constexpr Tagged_t kroundingPriority_string = 0x3ec5;
-  static constexpr Tagged_t krtl_string = 0x3ee1;
-  static constexpr Tagged_t kscientific_string = 0x3ef1;
-  static constexpr Tagged_t ksecondsDisplay_string = 0x3f09;
-  static constexpr Tagged_t ksegment_string = 0x3f25;
-  static constexpr Tagged_t kSegmentIterator_string = 0x3f39;
-  static constexpr Tagged_t kSegments_string = 0x3f55;
-  static constexpr Tagged_t ksensitivity_string = 0x3f69;
-  static constexpr Tagged_t ksep_string = 0x3f81;
-  static constexpr Tagged_t kshared_string = 0x3f91;
-  static constexpr Tagged_t ksignDisplay_string = 0x3fa5;
-  static constexpr Tagged_t kstandard_string = 0x3fbd;
-  static constexpr Tagged_t kstartRange_string = 0x3fd1;
-  static constexpr Tagged_t kstrict_string = 0x3fe9;
-  static constexpr Tagged_t kstripIfInteger_string = 0x3ffd;
-  static constexpr Tagged_t kstyle_string = 0x4019;
-  static constexpr Tagged_t kterm_string = 0x402d;
-  static constexpr Tagged_t ktextInfo_string = 0x403d;
-  static constexpr Tagged_t ktimeStyle_string = 0x4051;
-  static constexpr Tagged_t ktimeZones_string = 0x4069;
-  static constexpr Tagged_t ktimeZoneName_string = 0x4081;
-  static constexpr Tagged_t ktrailingZeroDisplay_string = 0x4099;
-  static constexpr Tagged_t ktrunc_string = 0x40b9;
-  static constexpr Tagged_t ktwo_digit_string = 0x40cd;
-  static constexpr Tagged_t ktype_string = 0x40e1;
-  static constexpr Tagged_t kunknown_string = 0x40f1;
-  static constexpr Tagged_t kupper_string = 0x4105;
-  static constexpr Tagged_t kusage_string = 0x4119;
-  static constexpr Tagged_t kuseGrouping_string = 0x412d;
-  static constexpr Tagged_t kunitDisplay_string = 0x4145;
-  static constexpr Tagged_t kweekday_string = 0x415d;
-  static constexpr Tagged_t kweekend_string = 0x4171;
-  static constexpr Tagged_t kweeksDisplay_string = 0x4185;
-  static constexpr Tagged_t kweekInfo_string = 0x419d;
-  static constexpr Tagged_t kyearName_string = 0x41b1;
-  static constexpr Tagged_t kyearsDisplay_string = 0x41c5;
-  static constexpr Tagged_t kadd_string = 0x41dd;
-  static constexpr Tagged_t kAggregateError_string = 0x41ed;
-  static constexpr Tagged_t kalways_string = 0x4209;
-  static constexpr Tagged_t kanonymous_string = 0x421d;
-  static constexpr Tagged_t kapply_string = 0x4235;
-  static constexpr Tagged_t kArguments_string = 0x4249;
-  static constexpr Tagged_t karguments_string = 0x4261;
-  static constexpr Tagged_t karguments_to_string = 0x4279;
-  static constexpr Tagged_t kArray_string = 0x4299;
-  static constexpr Tagged_t karray_to_string = 0x42ad;
-  static constexpr Tagged_t kArrayBuffer_string = 0x42c9;
-  static constexpr Tagged_t kArrayIterator_string = 0x42e1;
-  static constexpr Tagged_t kas_string = 0x42fd;
-  static constexpr Tagged_t kassert_string = 0x430d;
-  static constexpr Tagged_t kasync_string = 0x4321;
-  static constexpr Tagged_t kAtomicsCondition_string = 0x4335;
-  static constexpr Tagged_t kAtomicsMutex_string = 0x4355;
-  static constexpr Tagged_t kauto_string = 0x4371;
-  static constexpr Tagged_t kBigInt_string = 0x4381;
-  static constexpr Tagged_t kbigint_string = 0x4395;
-  static constexpr Tagged_t kBigInt64Array_string = 0x43a9;
-  static constexpr Tagged_t kBigUint64Array_string = 0x43c5;
-  static constexpr Tagged_t kbind_string = 0x43e1;
-  static constexpr Tagged_t kblank_string = 0x43f1;
-  static constexpr Tagged_t kBoolean_string = 0x4405;
-  static constexpr Tagged_t kboolean_string = 0x4419;
-  static constexpr Tagged_t kboolean_to_string = 0x442d;
-  static constexpr Tagged_t kbound__string = 0x4449;
-  static constexpr Tagged_t kbuffer_string = 0x445d;
-  static constexpr Tagged_t kbyte_length_string = 0x4471;
-  static constexpr Tagged_t kbyte_offset_string = 0x4489;
-  static constexpr Tagged_t kCompileError_string = 0x44a1;
-  static constexpr Tagged_t kcalendar_string = 0x44b9;
-  static constexpr Tagged_t kcallee_string = 0x44cd;
-  static constexpr Tagged_t kcaller_string = 0x44e1;
-  static constexpr Tagged_t kcause_string = 0x44f5;
-  static constexpr Tagged_t kcharacter_string = 0x4509;
-  static constexpr Tagged_t kcode_string = 0x4521;
-  static constexpr Tagged_t kcolumn_string = 0x4531;
-  static constexpr Tagged_t kcomputed_string = 0x4545;
-  static constexpr Tagged_t kconjunction_string = 0x455d;
-  static constexpr Tagged_t kconsole_string = 0x4575;
-  static constexpr Tagged_t kconstrain_string = 0x4589;
-  static constexpr Tagged_t kconstruct_string = 0x45a1;
-  static constexpr Tagged_t kcurrent_string = 0x45b9;
-  static constexpr Tagged_t kDate_string = 0x45cd;
-  static constexpr Tagged_t kdate_to_string = 0x45dd;
-  static constexpr Tagged_t kdateAdd_string = 0x45f9;
-  static constexpr Tagged_t kdateFromFields_string = 0x460d;
-  static constexpr Tagged_t kdateUntil_string = 0x4629;
-  static constexpr Tagged_t kday_string = 0x4641;
-  static constexpr Tagged_t kdayOfWeek_string = 0x4651;
-  static constexpr Tagged_t kdayOfYear_string = 0x4669;
-  static constexpr Tagged_t kdays_string = 0x4681;
-  static constexpr Tagged_t kdaysInMonth_string = 0x4691;
-  static constexpr Tagged_t kdaysInWeek_string = 0x46a9;
-  static constexpr Tagged_t kdaysInYear_string = 0x46c1;
-  static constexpr Tagged_t kdefault_string = 0x46d9;
-  static constexpr Tagged_t kdefineProperty_string = 0x46ed;
-  static constexpr Tagged_t kdeleteProperty_string = 0x4709;
-  static constexpr Tagged_t kdetached_string = 0x4725;
-  static constexpr Tagged_t kdisjunction_string = 0x4739;
-  static constexpr Tagged_t kdone_string = 0x4751;
-  static constexpr Tagged_t kdot_brand_string = 0x4761;
-  static constexpr Tagged_t kdot_catch_string = 0x4775;
-  static constexpr Tagged_t kdot_default_string = 0x4789;
-  static constexpr Tagged_t kdot_for_string = 0x479d;
-  static constexpr Tagged_t kdot_generator_object_string = 0x47ad;
-  static constexpr Tagged_t kdot_home_object_string = 0x47cd;
-  static constexpr Tagged_t kdot_new_target_string = 0x47e5;
-  static constexpr Tagged_t knew_target_string = 0x47e5;
-  static constexpr Tagged_t kdot_result_string = 0x47fd;
-  static constexpr Tagged_t kdot_repl_result_string = 0x4811;
-  static constexpr Tagged_t kdot_static_home_object_string = 0x4829;
-  static constexpr Tagged_t kdot_switch_tag_string = 0x4849;
-  static constexpr Tagged_t kdotAll_string = 0x4861;
-  static constexpr Tagged_t kError_string = 0x4875;
-  static constexpr Tagged_t kEvalError_string = 0x4889;
-  static constexpr Tagged_t kelement_string = 0x48a1;
-  static constexpr Tagged_t kepochMicroseconds_string = 0x48b5;
-  static constexpr Tagged_t kepochMilliseconds_string = 0x48d5;
-  static constexpr Tagged_t kepochNanoseconds_string = 0x48f5;
-  static constexpr Tagged_t kepochSeconds_string = 0x4911;
-  static constexpr Tagged_t kera_string = 0x4929;
-  static constexpr Tagged_t keraYear_string = 0x4939;
-  static constexpr Tagged_t kerror_string = 0x494d;
-  static constexpr Tagged_t kerrors_string = 0x4961;
-  static constexpr Tagged_t kerror_to_string = 0x4975;
-  static constexpr Tagged_t keval_string = 0x4991;
-  static constexpr Tagged_t kexception_string = 0x49a1;
-  static constexpr Tagged_t kexec_string = 0x49b9;
-  static constexpr Tagged_t kfalse_string = 0x49c9;
-  static constexpr Tagged_t kfields_string = 0x49dd;
-  static constexpr Tagged_t kFinalizationRegistry_string = 0x49f1;
-  static constexpr Tagged_t kflags_string = 0x4a11;
-  static constexpr Tagged_t kFloat16Array_string = 0x4a25;
-  static constexpr Tagged_t kFloat32Array_string = 0x4a3d;
-  static constexpr Tagged_t kFloat64Array_string = 0x4a55;
-  static constexpr Tagged_t kfractionalSecondDigits_string = 0x4a6d;
-  static constexpr Tagged_t kfrom_string = 0x4a91;
-  static constexpr Tagged_t kFunction_string = 0x4aa1;
-  static constexpr Tagged_t kfunction_native_code_string = 0x4ab5;
-  static constexpr Tagged_t kfunction_string = 0x4ae1;
-  static constexpr Tagged_t kfunction_to_string = 0x4af5;
-  static constexpr Tagged_t kGenerator_string = 0x4b15;
-  static constexpr Tagged_t kget_space_string = 0x4b2d;
-  static constexpr Tagged_t kget_string = 0x4b3d;
-  static constexpr Tagged_t kgetOffsetNanosecondsFor_string = 0x4b4d;
-  static constexpr Tagged_t kgetOwnPropertyDescriptor_string = 0x4b71;
-  static constexpr Tagged_t kgetPossibleInstantsFor_string = 0x4b95;
-  static constexpr Tagged_t kgetPrototypeOf_string = 0x4bb9;
-  static constexpr Tagged_t kglobal_string = 0x4bd5;
-  static constexpr Tagged_t kglobalThis_string = 0x4be9;
-  static constexpr Tagged_t kgroups_string = 0x4c01;
-  static constexpr Tagged_t kgrowable_string = 0x4c15;
-  static constexpr Tagged_t khas_string = 0x4c29;
-  static constexpr Tagged_t khasIndices_string = 0x4c39;
-  static constexpr Tagged_t khour_string = 0x4c51;
-  static constexpr Tagged_t khours_string = 0x4c61;
-  static constexpr Tagged_t khoursInDay_string = 0x4c75;
-  static constexpr Tagged_t kignoreCase_string = 0x4c8d;
-  static constexpr Tagged_t kid_string = 0x4ca5;
-  static constexpr Tagged_t killegal_access_string = 0x4cb5;
-  static constexpr Tagged_t killegal_argument_string = 0x4cd1;
-  static constexpr Tagged_t kinLeapYear_string = 0x4ced;
-  static constexpr Tagged_t kindex_string = 0x4d05;
-  static constexpr Tagged_t kindices_string = 0x4d19;
-  static constexpr Tagged_t kInfinity_string = 0x4d2d;
-  static constexpr Tagged_t kinfinity_string = 0x4d41;
-  static constexpr Tagged_t kinput_string = 0x4d55;
-  static constexpr Tagged_t kinstance_members_initializer_string = 0x4d69;
-  static constexpr Tagged_t kInt16Array_string = 0x4d95;
-  static constexpr Tagged_t kInt32Array_string = 0x4dad;
-  static constexpr Tagged_t kInt8Array_string = 0x4dc5;
-  static constexpr Tagged_t kisExtensible_string = 0x4ddd;
-  static constexpr Tagged_t kiso8601_string = 0x4df5;
-  static constexpr Tagged_t kisoDay_string = 0x4e09;
-  static constexpr Tagged_t kisoHour_string = 0x4e1d;
-  static constexpr Tagged_t kisoMicrosecond_string = 0x4e31;
-  static constexpr Tagged_t kisoMillisecond_string = 0x4e4d;
-  static constexpr Tagged_t kisoMinute_string = 0x4e69;
-  static constexpr Tagged_t kisoMonth_string = 0x4e81;
-  static constexpr Tagged_t kisoNanosecond_string = 0x4e95;
-  static constexpr Tagged_t kisoSecond_string = 0x4eb1;
-  static constexpr Tagged_t kisoYear_string = 0x4ec9;
-  static constexpr Tagged_t kIterator_string = 0x4edd;
-  static constexpr Tagged_t kjsMemoryEstimate_string = 0x4ef1;
-  static constexpr Tagged_t kjsMemoryRange_string = 0x4f0d;
-  static constexpr Tagged_t kkeys_string = 0x4f29;
-  static constexpr Tagged_t klargestUnit_string = 0x4f39;
-  static constexpr Tagged_t klastIndex_string = 0x4f51;
-  static constexpr Tagged_t klet_string = 0x4f69;
-  static constexpr Tagged_t kline_string = 0x4f79;
-  static constexpr Tagged_t klinear_string = 0x4f89;
-  static constexpr Tagged_t kLinkError_string = 0x4f9d;
-  static constexpr Tagged_t klong_string = 0x4fb5;
-  static constexpr Tagged_t kMap_string = 0x4fc5;
-  static constexpr Tagged_t kMapIterator_string = 0x4fd5;
-  static constexpr Tagged_t kmax_byte_length_string = 0x4fed;
-  static constexpr Tagged_t kmedium_string = 0x5009;
-  static constexpr Tagged_t kmergeFields_string = 0x501d;
-  static constexpr Tagged_t kmessage_string = 0x5035;
-  static constexpr Tagged_t kmeta_string = 0x5049;
-  static constexpr Tagged_t kminus_Infinity_string = 0x5059;
-  static constexpr Tagged_t kmicrosecond_string = 0x5071;
-  static constexpr Tagged_t kmicroseconds_string = 0x5089;
-  static constexpr Tagged_t kmillisecond_string = 0x50a1;
-  static constexpr Tagged_t kmilliseconds_string = 0x50b9;
-  static constexpr Tagged_t kminute_string = 0x50d1;
-  static constexpr Tagged_t kminutes_string = 0x50e5;
-  static constexpr Tagged_t kModule_string = 0x50f9;
-  static constexpr Tagged_t kmonth_string = 0x510d;
-  static constexpr Tagged_t kmonthDayFromFields_string = 0x5121;
-  static constexpr Tagged_t kmonths_string = 0x5141;
-  static constexpr Tagged_t kmonthsInYear_string = 0x5155;
-  static constexpr Tagged_t kmonthCode_string = 0x516d;
-  static constexpr Tagged_t kmultiline_string = 0x5185;
-  static constexpr Tagged_t kNaN_string = 0x519d;
-  static constexpr Tagged_t knanosecond_string = 0x51ad;
-  static constexpr Tagged_t knanoseconds_string = 0x51c5;
-  static constexpr Tagged_t knarrow_string = 0x51dd;
-  static constexpr Tagged_t knative_string = 0x51f1;
-  static constexpr Tagged_t kNFC_string = 0x5205;
-  static constexpr Tagged_t kNFD_string = 0x5215;
-  static constexpr Tagged_t kNFKC_string = 0x5225;
-  static constexpr Tagged_t kNFKD_string = 0x5235;
-  static constexpr Tagged_t knot_equal_string = 0x5245;
-  static constexpr Tagged_t knull_string = 0x525d;
-  static constexpr Tagged_t knull_to_string = 0x526d;
-  static constexpr Tagged_t kNumber_string = 0x5289;
-  static constexpr Tagged_t knumber_string = 0x529d;
-  static constexpr Tagged_t knumber_to_string = 0x52b1;
-  static constexpr Tagged_t kObject_string = 0x52cd;
-  static constexpr Tagged_t kobject_string = 0x52e1;
-  static constexpr Tagged_t kobject_to_string = 0x52f5;
-  static constexpr Tagged_t kObject_prototype_string = 0x5311;
-  static constexpr Tagged_t koffset_string = 0x532d;
-  static constexpr Tagged_t koffsetNanoseconds_string = 0x5341;
-  static constexpr Tagged_t kok_string = 0x5361;
-  static constexpr Tagged_t kother_string = 0x5371;
-  static constexpr Tagged_t koverflow_string = 0x5385;
-  static constexpr Tagged_t kownKeys_string = 0x5399;
-  static constexpr Tagged_t kpercent_string = 0x53ad;
-  static constexpr Tagged_t kplainDate_string = 0x53c1;
-  static constexpr Tagged_t kplainTime_string = 0x53d9;
-  static constexpr Tagged_t kposition_string = 0x53f1;
-  static constexpr Tagged_t kpreventExtensions_string = 0x5405;
-  static constexpr Tagged_t kprivate_constructor_string = 0x5425;
-  static constexpr Tagged_t kPromise_string = 0x543d;
-  static constexpr Tagged_t kpromise_string = 0x5451;
-  static constexpr Tagged_t kproto_string = 0x5465;
-  static constexpr Tagged_t kproxy_string = 0x547d;
-  static constexpr Tagged_t kProxy_string = 0x5491;
-  static constexpr Tagged_t kquery_colon_string = 0x54a5;
-  static constexpr Tagged_t kRangeError_string = 0x54b5;
-  static constexpr Tagged_t kraw_json_string = 0x54cd;
-  static constexpr Tagged_t kraw_string = 0x54e1;
-  static constexpr Tagged_t kReferenceError_string = 0x54f1;
-  static constexpr Tagged_t kReflectGet_string = 0x550d;
-  static constexpr Tagged_t kReflectHas_string = 0x5525;
-  static constexpr Tagged_t kRegExp_string = 0x553d;
-  static constexpr Tagged_t kregexp_to_string = 0x5551;
-  static constexpr Tagged_t kreject_string = 0x556d;
-  static constexpr Tagged_t krelativeTo_string = 0x5581;
-  static constexpr Tagged_t kresizable_string = 0x5599;
-  static constexpr Tagged_t kResizableArrayBuffer_string = 0x55b1;
-  static constexpr Tagged_t kreturn_string = 0x55d1;
-  static constexpr Tagged_t krevoke_string = 0x55e5;
-  static constexpr Tagged_t kroundingIncrement_string = 0x55f9;
-  static constexpr Tagged_t kRuntimeError_string = 0x5619;
-  static constexpr Tagged_t kWebAssemblyException_string = 0x5631;
-  static constexpr Tagged_t kScript_string = 0x5655;
-  static constexpr Tagged_t kscript_string = 0x5669;
-  static constexpr Tagged_t ksecond_string = 0x567d;
-  static constexpr Tagged_t kseconds_string = 0x5691;
-  static constexpr Tagged_t kshort_string = 0x56a5;
-  static constexpr Tagged_t kSet_string = 0x56b9;
-  static constexpr Tagged_t ksentence_string = 0x56c9;
-  static constexpr Tagged_t kset_space_string = 0x56dd;
-  static constexpr Tagged_t kset_string = 0x56ed;
-  static constexpr Tagged_t kSetIterator_string = 0x56fd;
-  static constexpr Tagged_t ksetPrototypeOf_string = 0x5715;
-  static constexpr Tagged_t kShadowRealm_string = 0x5731;
-  static constexpr Tagged_t kSharedArray_string = 0x5749;
-  static constexpr Tagged_t kSharedArrayBuffer_string = 0x5761;
-  static constexpr Tagged_t kSharedStruct_string = 0x5781;
-  static constexpr Tagged_t ksign_string = 0x5799;
-  static constexpr Tagged_t ksize_string = 0x57a9;
-  static constexpr Tagged_t ksmallestUnit_string = 0x57b9;
-  static constexpr Tagged_t ksource_string = 0x57d1;
-  static constexpr Tagged_t ksourceText_string = 0x57e5;
-  static constexpr Tagged_t kstack_string = 0x57fd;
-  static constexpr Tagged_t kstackTraceLimit_string = 0x5811;
-  static constexpr Tagged_t kstatic_initializer_string = 0x582d;
-  static constexpr Tagged_t ksticky_string = 0x584d;
-  static constexpr Tagged_t kString_string = 0x5861;
-  static constexpr Tagged_t kstring_string = 0x5875;
-  static constexpr Tagged_t kstring_to_string = 0x5889;
-  static constexpr Tagged_t ksuppressed_string = 0x58a5;
-  static constexpr Tagged_t kSuppressedError_string = 0x58bd;
-  static constexpr Tagged_t kSymbol_iterator_string = 0x58d9;
-  static constexpr Tagged_t kSymbol_match_all_string = 0x58f5;
-  static constexpr Tagged_t kSymbol_replace_string = 0x5911;
-  static constexpr Tagged_t ksymbol_species_string = 0x592d;
-  static constexpr Tagged_t kSymbol_species_string = 0x5949;
-  static constexpr Tagged_t kSymbol_split_string = 0x5965;
-  static constexpr Tagged_t kSymbol_string = 0x597d;
-  static constexpr Tagged_t ksymbol_string = 0x5991;
-  static constexpr Tagged_t kSyntaxError_string = 0x59a5;
-  static constexpr Tagged_t ktarget_string = 0x59bd;
-  static constexpr Tagged_t kthis_function_string = 0x59d1;
-  static constexpr Tagged_t kthis_string = 0x59ed;
-  static constexpr Tagged_t kthrow_string = 0x59fd;
-  static constexpr Tagged_t ktimed_out_string = 0x5a11;
-  static constexpr Tagged_t ktimeZone_string = 0x5a29;
-  static constexpr Tagged_t ktoJSON_string = 0x5a3d;
-  static constexpr Tagged_t ktoString_string = 0x5a51;
-  static constexpr Tagged_t ktrue_string = 0x5a65;
-  static constexpr Tagged_t ktotal_string = 0x5a75;
-  static constexpr Tagged_t kTypeError_string = 0x5a89;
-  static constexpr Tagged_t kUint16Array_string = 0x5aa1;
-  static constexpr Tagged_t kUint32Array_string = 0x5ab9;
-  static constexpr Tagged_t kUint8Array_string = 0x5ad1;
-  static constexpr Tagged_t kUint8ClampedArray_string = 0x5ae9;
-  static constexpr Tagged_t kundefined_string = 0x5b09;
-  static constexpr Tagged_t kundefined_to_string = 0x5b21;
-  static constexpr Tagged_t kunicode_string = 0x5b41;
-  static constexpr Tagged_t kunicodeSets_string = 0x5b55;
-  static constexpr Tagged_t kunit_string = 0x5b6d;
-  static constexpr Tagged_t kURIError_string = 0x5b7d;
-  static constexpr Tagged_t kUTC_string = 0x5b91;
-  static constexpr Tagged_t kWeakMap_string = 0x5ba1;
-  static constexpr Tagged_t kWeakRef_string = 0x5bb5;
-  static constexpr Tagged_t kWeakSet_string = 0x5bc9;
-  static constexpr Tagged_t kweek_string = 0x5bdd;
-  static constexpr Tagged_t kweeks_string = 0x5bed;
-  static constexpr Tagged_t kweekOfYear_string = 0x5c01;
-  static constexpr Tagged_t kwith_string = 0x5c19;
-  static constexpr Tagged_t kword_string = 0x5c29;
-  static constexpr Tagged_t kyearMonthFromFields_string = 0x5c39;
-  static constexpr Tagged_t kyear_string = 0x5c59;
-  static constexpr Tagged_t kyears_string = 0x5c69;
-  static constexpr Tagged_t kPropertyCellHoleValue = 0x5c7d;
-  static constexpr Tagged_t kHashTableHoleValue = 0x5c89;
-  static constexpr Tagged_t kPromiseHoleValue = 0x5c95;
-  static constexpr Tagged_t kUninitializedValue = 0x5ca1;
-  static constexpr Tagged_t kArgumentsMarker = 0x5cad;
-  static constexpr Tagged_t kTerminationException = 0x5cb9;
-  static constexpr Tagged_t kException = 0x5cc5;
-  static constexpr Tagged_t kOptimizedOut = 0x5cd1;
-  static constexpr Tagged_t kStaleRegister = 0x5cdd;
-  static constexpr Tagged_t kSelfReferenceMarker = 0x5ce9;
-  static constexpr Tagged_t kBasicBlockCountersMarker = 0x5cf5;
-  static constexpr Tagged_t karray_buffer_wasm_memory_symbol = 0x5d01;
-  static constexpr Tagged_t kcall_site_info_symbol = 0x5d11;
-  static constexpr Tagged_t kclass_fields_symbol = 0x5d21;
-  static constexpr Tagged_t kclass_positions_symbol = 0x5d31;
-  static constexpr Tagged_t kerror_end_pos_symbol = 0x5d41;
-  static constexpr Tagged_t kerror_message_symbol = 0x5d51;
-  static constexpr Tagged_t kerror_script_symbol = 0x5d61;
-  static constexpr Tagged_t kerror_stack_symbol = 0x5d71;
-  static constexpr Tagged_t kerror_start_pos_symbol = 0x5d81;
-  static constexpr Tagged_t kfrozen_symbol = 0x5d91;
-  static constexpr Tagged_t kinterpreter_trampoline_symbol = 0x5da1;
-  static constexpr Tagged_t knative_context_index_symbol = 0x5db1;
-  static constexpr Tagged_t knonextensible_symbol = 0x5dc1;
-  static constexpr Tagged_t kpromise_debug_message_symbol = 0x5dd1;
-  static constexpr Tagged_t kpromise_forwarding_handler_symbol = 0x5de1;
-  static constexpr Tagged_t kpromise_handled_by_symbol = 0x5df1;
-  static constexpr Tagged_t kpromise_awaited_by_symbol = 0x5e01;
-  static constexpr Tagged_t kregexp_result_names_symbol = 0x5e11;
-  static constexpr Tagged_t kregexp_result_regexp_input_symbol = 0x5e21;
-  static constexpr Tagged_t kregexp_result_regexp_last_index_symbol = 0x5e31;
-  static constexpr Tagged_t ksealed_symbol = 0x5e41;
+      0x16fd;
+  static constexpr Tagged_t kUncompiledDataWithPreparseDataAndJobMap = 0x1725;
+  static constexpr Tagged_t kOnHeapBasicBlockProfilerDataMap = 0x174d;
+  static constexpr Tagged_t kObjectTemplateInfoMap = 0x1775;
+  static constexpr Tagged_t kTurbofanBitsetTypeMap = 0x179d;
+  static constexpr Tagged_t kTurbofanUnionTypeMap = 0x17c5;
+  static constexpr Tagged_t kTurbofanRangeTypeMap = 0x17ed;
+  static constexpr Tagged_t kTurbofanHeapConstantTypeMap = 0x1815;
+  static constexpr Tagged_t kTurbofanOtherNumberConstantTypeMap = 0x183d;
+  static constexpr Tagged_t kTurboshaftWord32TypeMap = 0x1865;
+  static constexpr Tagged_t kTurboshaftWord32RangeTypeMap = 0x188d;
+  static constexpr Tagged_t kTurboshaftWord64TypeMap = 0x18b5;
+  static constexpr Tagged_t kTurboshaftWord64RangeTypeMap = 0x18dd;
+  static constexpr Tagged_t kTurboshaftFloat64TypeMap = 0x1905;
+  static constexpr Tagged_t kTurboshaftFloat64RangeTypeMap = 0x192d;
+  static constexpr Tagged_t kInternalClassMap = 0x1955;
+  static constexpr Tagged_t kSmiPairMap = 0x197d;
+  static constexpr Tagged_t kSmiBoxMap = 0x19a5;
+  static constexpr Tagged_t kExportedSubClassBaseMap = 0x19cd;
+  static constexpr Tagged_t kExportedSubClassMap = 0x19f5;
+  static constexpr Tagged_t kAbstractInternalClassSubclass1Map = 0x1a1d;
+  static constexpr Tagged_t kAbstractInternalClassSubclass2Map = 0x1a45;
+  static constexpr Tagged_t kExportedSubClass2Map = 0x1a6d;
+  static constexpr Tagged_t kSortStateMap = 0x1a95;
+  static constexpr Tagged_t kWasmFastApiCallDataMap = 0x1abd;
+  static constexpr Tagged_t kWasmStringViewIterMap = 0x1ae5;
+  static constexpr Tagged_t kSloppyArgumentsElementsMap = 0x1b0d;
+  static constexpr Tagged_t kStrongDescriptorArrayMap = 0x1b35;
+  static constexpr Tagged_t kTurboshaftWord32SetTypeMap = 0x1b5d;
+  static constexpr Tagged_t kTurboshaftWord64SetTypeMap = 0x1b85;
+  static constexpr Tagged_t kTurboshaftFloat64SetTypeMap = 0x1bad;
+  static constexpr Tagged_t kInternalClassWithStructElementsMap = 0x1bd5;
+  static constexpr Tagged_t kOrderedHashMapMap = 0x1bfd;
+  static constexpr Tagged_t kOrderedHashSetMap = 0x1c25;
+  static constexpr Tagged_t kSimpleNumberDictionaryMap = 0x1c4d;
+  static constexpr Tagged_t kNameToIndexHashTableMap = 0x1c75;
+  static constexpr Tagged_t kEmbedderDataArrayMap = 0x1c9d;
+  static constexpr Tagged_t kEphemeronHashTableMap = 0x1cc5;
+  static constexpr Tagged_t kScriptContextTableMap = 0x1ced;
+  static constexpr Tagged_t kObjectBoilerplateDescriptionMap = 0x1d15;
+  static constexpr Tagged_t kCoverageInfoMap = 0x1d3d;
+  static constexpr Tagged_t kRegExpMatchInfoMap = 0x1d65;
+  static constexpr Tagged_t kRegExpDataMap = 0x1d8d;
+  static constexpr Tagged_t kAtomRegExpDataMap = 0x1db5;
+  static constexpr Tagged_t kIrRegExpDataMap = 0x1ddd;
+  static constexpr Tagged_t kSourceTextModuleMap = 0x1e05;
+  static constexpr Tagged_t kSyntheticModuleMap = 0x1e2d;
+  static constexpr Tagged_t kGlobalConstTrackingLetCellMap = 0x1e55;
+  static constexpr Tagged_t kWasmImportDataMap = 0x1e7d;
+  static constexpr Tagged_t kWasmCapiFunctionDataMap = 0x1ea5;
+  static constexpr Tagged_t kWasmExportedFunctionDataMap = 0x1ecd;
+  static constexpr Tagged_t kWasmInternalFunctionMap = 0x1ef5;
+  static constexpr Tagged_t kWasmFuncRefMap = 0x1f1d;
+  static constexpr Tagged_t kWasmJSFunctionDataMap = 0x1f45;
+  static constexpr Tagged_t kWasmResumeDataMap = 0x1f6d;
+  static constexpr Tagged_t kWasmSuspenderObjectMap = 0x1f95;
+  static constexpr Tagged_t kWasmTypeInfoMap = 0x1fbd;
+  static constexpr Tagged_t kWasmContinuationObjectMap = 0x1fe5;
+  static constexpr Tagged_t kWasmNullMap = 0x200d;
+  static constexpr Tagged_t kWasmTrustedInstanceDataMap = 0x2035;
+  static constexpr Tagged_t kWasmDispatchTableMap = 0x205d;
+  static constexpr Tagged_t kWeakCellMap = 0x2085;
+  static constexpr Tagged_t kExternalPointerArrayMap = 0x20ad;
+  static constexpr Tagged_t kInterpreterDataMap = 0x20d5;
+  static constexpr Tagged_t kSharedFunctionInfoWrapperMap = 0x20fd;
+  static constexpr Tagged_t kDictionaryTemplateInfoMap = 0x2125;
+  static constexpr Tagged_t kNoOpInterceptorInfo = 0x214d;
+  static constexpr Tagged_t kEmptyArrayList = 0x2175;
+  static constexpr Tagged_t kEmptyObjectBoilerplateDescription = 0x2181;
+  static constexpr Tagged_t kEmptyArrayBoilerplateDescription = 0x2191;
+  static constexpr Tagged_t kEmptyClosureFeedbackCellArray = 0x219d;
+  static constexpr Tagged_t kEmptySwissPropertyDictionary = 0x21b1;
+  static constexpr Tagged_t kSingleCharacterStringTable = 0x21d1;
+  static constexpr Tagged_t kdot_string = 0x28b9;
+  static constexpr Tagged_t kzero_string = 0x28d9;
+  static constexpr Tagged_t kone_string = 0x28e9;
+  static constexpr Tagged_t kadoptText_string = 0x35d9;
+  static constexpr Tagged_t kapproximatelySign_string = 0x35f1;
+  static constexpr Tagged_t kbaseName_string = 0x3611;
+  static constexpr Tagged_t kaccounting_string = 0x3625;
+  static constexpr Tagged_t kbreakType_string = 0x363d;
+  static constexpr Tagged_t kcalendars_string = 0x3655;
+  static constexpr Tagged_t kcardinal_string = 0x366d;
+  static constexpr Tagged_t kcaseFirst_string = 0x3681;
+  static constexpr Tagged_t kceil_string = 0x3699;
+  static constexpr Tagged_t kcompare_string = 0x36a9;
+  static constexpr Tagged_t kcollation_string = 0x36bd;
+  static constexpr Tagged_t kcollations_string = 0x36d5;
+  static constexpr Tagged_t kcompact_string = 0x36ed;
+  static constexpr Tagged_t kcompactDisplay_string = 0x3701;
+  static constexpr Tagged_t kcurrency_string = 0x371d;
+  static constexpr Tagged_t kcurrencyDisplay_string = 0x3731;
+  static constexpr Tagged_t kcurrencySign_string = 0x374d;
+  static constexpr Tagged_t kdateStyle_string = 0x3765;
+  static constexpr Tagged_t kdateTimeField_string = 0x377d;
+  static constexpr Tagged_t kdayPeriod_string = 0x3799;
+  static constexpr Tagged_t kdaysDisplay_string = 0x37b1;
+  static constexpr Tagged_t kdecimal_string = 0x37c9;
+  static constexpr Tagged_t kdialect_string = 0x37dd;
+  static constexpr Tagged_t kdigital_string = 0x37f1;
+  static constexpr Tagged_t kdirection_string = 0x3805;
+  static constexpr Tagged_t kendRange_string = 0x381d;
+  static constexpr Tagged_t kengineering_string = 0x3831;
+  static constexpr Tagged_t kexceptZero_string = 0x3849;
+  static constexpr Tagged_t kexpand_string = 0x3861;
+  static constexpr Tagged_t kexponentInteger_string = 0x3875;
+  static constexpr Tagged_t kexponentMinusSign_string = 0x3891;
+  static constexpr Tagged_t kexponentSeparator_string = 0x38b1;
+  static constexpr Tagged_t kfallback_string = 0x38d1;
+  static constexpr Tagged_t kfirst_string = 0x38e5;
+  static constexpr Tagged_t kfirstDay_string = 0x38f9;
+  static constexpr Tagged_t kfirstDayOfWeek_string = 0x390d;
+  static constexpr Tagged_t kfloor_string = 0x3929;
+  static constexpr Tagged_t kformat_string = 0x393d;
+  static constexpr Tagged_t kfraction_string = 0x3951;
+  static constexpr Tagged_t kfractionalDigits_string = 0x3965;
+  static constexpr Tagged_t kfractionalSecond_string = 0x3981;
+  static constexpr Tagged_t kfull_string = 0x399d;
+  static constexpr Tagged_t kgranularity_string = 0x39ad;
+  static constexpr Tagged_t kgrapheme_string = 0x39c5;
+  static constexpr Tagged_t kgroup_string = 0x39d9;
+  static constexpr Tagged_t kh11_string = 0x39ed;
+  static constexpr Tagged_t kh12_string = 0x39fd;
+  static constexpr Tagged_t kh23_string = 0x3a0d;
+  static constexpr Tagged_t kh24_string = 0x3a1d;
+  static constexpr Tagged_t khalfCeil_string = 0x3a2d;
+  static constexpr Tagged_t khalfEven_string = 0x3a41;
+  static constexpr Tagged_t khalfExpand_string = 0x3a55;
+  static constexpr Tagged_t khalfFloor_string = 0x3a6d;
+  static constexpr Tagged_t khalfTrunc_string = 0x3a85;
+  static constexpr Tagged_t khour12_string = 0x3a9d;
+  static constexpr Tagged_t khourCycle_string = 0x3ab1;
+  static constexpr Tagged_t khourCycles_string = 0x3ac9;
+  static constexpr Tagged_t khoursDisplay_string = 0x3ae1;
+  static constexpr Tagged_t kideo_string = 0x3af9;
+  static constexpr Tagged_t kignorePunctuation_string = 0x3b09;
+  static constexpr Tagged_t kInvalid_Date_string = 0x3b29;
+  static constexpr Tagged_t kinteger_string = 0x3b41;
+  static constexpr Tagged_t kisWordLike_string = 0x3b55;
+  static constexpr Tagged_t kkana_string = 0x3b6d;
+  static constexpr Tagged_t klanguage_string = 0x3b7d;
+  static constexpr Tagged_t klanguageDisplay_string = 0x3b91;
+  static constexpr Tagged_t klessPrecision_string = 0x3bad;
+  static constexpr Tagged_t kletter_string = 0x3bc9;
+  static constexpr Tagged_t klist_string = 0x3bdd;
+  static constexpr Tagged_t kliteral_string = 0x3bed;
+  static constexpr Tagged_t klocale_string = 0x3c01;
+  static constexpr Tagged_t kloose_string = 0x3c15;
+  static constexpr Tagged_t klower_string = 0x3c29;
+  static constexpr Tagged_t kltr_string = 0x3c3d;
+  static constexpr Tagged_t kmaximumFractionDigits_string = 0x3c4d;
+  static constexpr Tagged_t kmaximumSignificantDigits_string = 0x3c71;
+  static constexpr Tagged_t kmicrosecondsDisplay_string = 0x3c95;
+  static constexpr Tagged_t kmillisecondsDisplay_string = 0x3cb5;
+  static constexpr Tagged_t kmin2_string = 0x3cd5;
+  static constexpr Tagged_t kminimalDays_string = 0x3ce5;
+  static constexpr Tagged_t kminimumFractionDigits_string = 0x3cfd;
+  static constexpr Tagged_t kminimumIntegerDigits_string = 0x3d21;
+  static constexpr Tagged_t kminimumSignificantDigits_string = 0x3d41;
+  static constexpr Tagged_t kminus_0 = 0x3d65;
+  static constexpr Tagged_t kminusSign_string = 0x3d75;
+  static constexpr Tagged_t kminutesDisplay_string = 0x3d8d;
+  static constexpr Tagged_t kmonthsDisplay_string = 0x3da9;
+  static constexpr Tagged_t kmorePrecision_string = 0x3dc5;
+  static constexpr Tagged_t knan_string = 0x3de1;
+  static constexpr Tagged_t knanosecondsDisplay_string = 0x3df1;
+  static constexpr Tagged_t knarrowSymbol_string = 0x3e11;
+  static constexpr Tagged_t knegative_string = 0x3e29;
+  static constexpr Tagged_t knever_string = 0x3e3d;
+  static constexpr Tagged_t knone_string = 0x3e51;
+  static constexpr Tagged_t knotation_string = 0x3e61;
+  static constexpr Tagged_t knormal_string = 0x3e75;
+  static constexpr Tagged_t knumberingSystem_string = 0x3e89;
+  static constexpr Tagged_t knumberingSystems_string = 0x3ea5;
+  static constexpr Tagged_t knumeric_string = 0x3ec1;
+  static constexpr Tagged_t kordinal_string = 0x3ed5;
+  static constexpr Tagged_t kpercentSign_string = 0x3ee9;
+  static constexpr Tagged_t kplusSign_string = 0x3f01;
+  static constexpr Tagged_t kquarter_string = 0x3f15;
+  static constexpr Tagged_t kregion_string = 0x3f29;
+  static constexpr Tagged_t krelatedYear_string = 0x3f3d;
+  static constexpr Tagged_t kroundingMode_string = 0x3f55;
+  static constexpr Tagged_t kroundingPriority_string = 0x3f6d;
+  static constexpr Tagged_t krtl_string = 0x3f89;
+  static constexpr Tagged_t kscientific_string = 0x3f99;
+  static constexpr Tagged_t ksecondsDisplay_string = 0x3fb1;
+  static constexpr Tagged_t ksegment_string = 0x3fcd;
+  static constexpr Tagged_t kSegmentIterator_string = 0x3fe1;
+  static constexpr Tagged_t kSegments_string = 0x3ffd;
+  static constexpr Tagged_t ksensitivity_string = 0x4011;
+  static constexpr Tagged_t ksep_string = 0x4029;
+  static constexpr Tagged_t kshared_string = 0x4039;
+  static constexpr Tagged_t ksignDisplay_string = 0x404d;
+  static constexpr Tagged_t kstandard_string = 0x4065;
+  static constexpr Tagged_t kstartRange_string = 0x4079;
+  static constexpr Tagged_t kstrict_string = 0x4091;
+  static constexpr Tagged_t kstripIfInteger_string = 0x40a5;
+  static constexpr Tagged_t kstyle_string = 0x40c1;
+  static constexpr Tagged_t kterm_string = 0x40d5;
+  static constexpr Tagged_t ktextInfo_string = 0x40e5;
+  static constexpr Tagged_t ktimeStyle_string = 0x40f9;
+  static constexpr Tagged_t ktimeZones_string = 0x4111;
+  static constexpr Tagged_t ktimeZoneName_string = 0x4129;
+  static constexpr Tagged_t ktrailingZeroDisplay_string = 0x4141;
+  static constexpr Tagged_t ktrunc_string = 0x4161;
+  static constexpr Tagged_t ktwo_digit_string = 0x4175;
+  static constexpr Tagged_t ktype_string = 0x4189;
+  static constexpr Tagged_t kunknown_string = 0x4199;
+  static constexpr Tagged_t kupper_string = 0x41ad;
+  static constexpr Tagged_t kusage_string = 0x41c1;
+  static constexpr Tagged_t kuseGrouping_string = 0x41d5;
+  static constexpr Tagged_t kunitDisplay_string = 0x41ed;
+  static constexpr Tagged_t kweekday_string = 0x4205;
+  static constexpr Tagged_t kweekend_string = 0x4219;
+  static constexpr Tagged_t kweeksDisplay_string = 0x422d;
+  static constexpr Tagged_t kweekInfo_string = 0x4245;
+  static constexpr Tagged_t kyearName_string = 0x4259;
+  static constexpr Tagged_t kyearsDisplay_string = 0x426d;
+  static constexpr Tagged_t kadd_string = 0x4285;
+  static constexpr Tagged_t kAggregateError_string = 0x4295;
+  static constexpr Tagged_t kalways_string = 0x42b1;
+  static constexpr Tagged_t kanonymous_string = 0x42c5;
+  static constexpr Tagged_t kapply_string = 0x42dd;
+  static constexpr Tagged_t kArguments_string = 0x42f1;
+  static constexpr Tagged_t karguments_string = 0x4309;
+  static constexpr Tagged_t karguments_to_string = 0x4321;
+  static constexpr Tagged_t kArray_string = 0x4341;
+  static constexpr Tagged_t karray_to_string = 0x4355;
+  static constexpr Tagged_t kArrayBuffer_string = 0x4371;
+  static constexpr Tagged_t kArrayIterator_string = 0x4389;
+  static constexpr Tagged_t kas_string = 0x43a5;
+  static constexpr Tagged_t kassert_string = 0x43b5;
+  static constexpr Tagged_t kasync_string = 0x43c9;
+  static constexpr Tagged_t kAtomicsCondition_string = 0x43dd;
+  static constexpr Tagged_t kAtomicsMutex_string = 0x43fd;
+  static constexpr Tagged_t kauto_string = 0x4419;
+  static constexpr Tagged_t kBigInt_string = 0x4429;
+  static constexpr Tagged_t kbigint_string = 0x443d;
+  static constexpr Tagged_t kBigInt64Array_string = 0x4451;
+  static constexpr Tagged_t kBigUint64Array_string = 0x446d;
+  static constexpr Tagged_t kbind_string = 0x4489;
+  static constexpr Tagged_t kblank_string = 0x4499;
+  static constexpr Tagged_t kBoolean_string = 0x44ad;
+  static constexpr Tagged_t kboolean_string = 0x44c1;
+  static constexpr Tagged_t kboolean_to_string = 0x44d5;
+  static constexpr Tagged_t kbound__string = 0x44f1;
+  static constexpr Tagged_t kbuffer_string = 0x4505;
+  static constexpr Tagged_t kbyte_length_string = 0x4519;
+  static constexpr Tagged_t kbyte_offset_string = 0x4531;
+  static constexpr Tagged_t kCompileError_string = 0x4549;
+  static constexpr Tagged_t kcalendar_string = 0x4561;
+  static constexpr Tagged_t kcallee_string = 0x4575;
+  static constexpr Tagged_t kcaller_string = 0x4589;
+  static constexpr Tagged_t kcause_string = 0x459d;
+  static constexpr Tagged_t kcharacter_string = 0x45b1;
+  static constexpr Tagged_t kcode_string = 0x45c9;
+  static constexpr Tagged_t kcolumn_string = 0x45d9;
+  static constexpr Tagged_t kcomputed_string = 0x45ed;
+  static constexpr Tagged_t kconjunction_string = 0x4605;
+  static constexpr Tagged_t kconsole_string = 0x461d;
+  static constexpr Tagged_t kconstrain_string = 0x4631;
+  static constexpr Tagged_t kconstruct_string = 0x4649;
+  static constexpr Tagged_t kcurrent_string = 0x4661;
+  static constexpr Tagged_t kDate_string = 0x4675;
+  static constexpr Tagged_t kdate_to_string = 0x4685;
+  static constexpr Tagged_t kdateAdd_string = 0x46a1;
+  static constexpr Tagged_t kdateFromFields_string = 0x46b5;
+  static constexpr Tagged_t kdateUntil_string = 0x46d1;
+  static constexpr Tagged_t kday_string = 0x46e9;
+  static constexpr Tagged_t kdayOfWeek_string = 0x46f9;
+  static constexpr Tagged_t kdayOfYear_string = 0x4711;
+  static constexpr Tagged_t kdays_string = 0x4729;
+  static constexpr Tagged_t kdaysInMonth_string = 0x4739;
+  static constexpr Tagged_t kdaysInWeek_string = 0x4751;
+  static constexpr Tagged_t kdaysInYear_string = 0x4769;
+  static constexpr Tagged_t kdefault_string = 0x4781;
+  static constexpr Tagged_t kdefineProperty_string = 0x4795;
+  static constexpr Tagged_t kdeleteProperty_string = 0x47b1;
+  static constexpr Tagged_t kdetached_string = 0x47cd;
+  static constexpr Tagged_t kdisjunction_string = 0x47e1;
+  static constexpr Tagged_t kdone_string = 0x47f9;
+  static constexpr Tagged_t kdot_brand_string = 0x4809;
+  static constexpr Tagged_t kdot_catch_string = 0x481d;
+  static constexpr Tagged_t kdot_default_string = 0x4831;
+  static constexpr Tagged_t kdot_for_string = 0x4845;
+  static constexpr Tagged_t kdot_generator_object_string = 0x4855;
+  static constexpr Tagged_t kdot_home_object_string = 0x4875;
+  static constexpr Tagged_t kdot_new_target_string = 0x488d;
+  static constexpr Tagged_t knew_target_string = 0x488d;
+  static constexpr Tagged_t kdot_result_string = 0x48a5;
+  static constexpr Tagged_t kdot_repl_result_string = 0x48b9;
+  static constexpr Tagged_t kdot_static_home_object_string = 0x48d1;
+  static constexpr Tagged_t kdot_switch_tag_string = 0x48f1;
+  static constexpr Tagged_t kdotAll_string = 0x4909;
+  static constexpr Tagged_t kError_string = 0x491d;
+  static constexpr Tagged_t kEvalError_string = 0x4931;
+  static constexpr Tagged_t kelement_string = 0x4949;
+  static constexpr Tagged_t kepochMicroseconds_string = 0x495d;
+  static constexpr Tagged_t kepochMilliseconds_string = 0x497d;
+  static constexpr Tagged_t kepochNanoseconds_string = 0x499d;
+  static constexpr Tagged_t kepochSeconds_string = 0x49b9;
+  static constexpr Tagged_t kera_string = 0x49d1;
+  static constexpr Tagged_t keraYear_string = 0x49e1;
+  static constexpr Tagged_t kerror_string = 0x49f5;
+  static constexpr Tagged_t kerrors_string = 0x4a09;
+  static constexpr Tagged_t kerror_to_string = 0x4a1d;
+  static constexpr Tagged_t keval_string = 0x4a39;
+  static constexpr Tagged_t kexception_string = 0x4a49;
+  static constexpr Tagged_t kexec_string = 0x4a61;
+  static constexpr Tagged_t kfalse_string = 0x4a71;
+  static constexpr Tagged_t kfields_string = 0x4a85;
+  static constexpr Tagged_t kFinalizationRegistry_string = 0x4a99;
+  static constexpr Tagged_t kflags_string = 0x4ab9;
+  static constexpr Tagged_t kFloat16Array_string = 0x4acd;
+  static constexpr Tagged_t kFloat32Array_string = 0x4ae5;
+  static constexpr Tagged_t kFloat64Array_string = 0x4afd;
+  static constexpr Tagged_t kfractionalSecondDigits_string = 0x4b15;
+  static constexpr Tagged_t kfrom_string = 0x4b39;
+  static constexpr Tagged_t kFunction_string = 0x4b49;
+  static constexpr Tagged_t kfunction_native_code_string = 0x4b5d;
+  static constexpr Tagged_t kfunction_string = 0x4b89;
+  static constexpr Tagged_t kfunction_to_string = 0x4b9d;
+  static constexpr Tagged_t kGenerator_string = 0x4bbd;
+  static constexpr Tagged_t kget_space_string = 0x4bd5;
+  static constexpr Tagged_t kget_string = 0x4be5;
+  static constexpr Tagged_t kgetOffsetNanosecondsFor_string = 0x4bf5;
+  static constexpr Tagged_t kgetOwnPropertyDescriptor_string = 0x4c19;
+  static constexpr Tagged_t kgetPossibleInstantsFor_string = 0x4c3d;
+  static constexpr Tagged_t kgetPrototypeOf_string = 0x4c61;
+  static constexpr Tagged_t kglobal_string = 0x4c7d;
+  static constexpr Tagged_t kglobalThis_string = 0x4c91;
+  static constexpr Tagged_t kgroups_string = 0x4ca9;
+  static constexpr Tagged_t kgrowable_string = 0x4cbd;
+  static constexpr Tagged_t khas_string = 0x4cd1;
+  static constexpr Tagged_t khasIndices_string = 0x4ce1;
+  static constexpr Tagged_t khour_string = 0x4cf9;
+  static constexpr Tagged_t khours_string = 0x4d09;
+  static constexpr Tagged_t khoursInDay_string = 0x4d1d;
+  static constexpr Tagged_t kignoreCase_string = 0x4d35;
+  static constexpr Tagged_t kid_string = 0x4d4d;
+  static constexpr Tagged_t killegal_access_string = 0x4d5d;
+  static constexpr Tagged_t killegal_argument_string = 0x4d79;
+  static constexpr Tagged_t kinLeapYear_string = 0x4d95;
+  static constexpr Tagged_t kindex_string = 0x4dad;
+  static constexpr Tagged_t kindices_string = 0x4dc1;
+  static constexpr Tagged_t kInfinity_string = 0x4dd5;
+  static constexpr Tagged_t kinfinity_string = 0x4de9;
+  static constexpr Tagged_t kinput_string = 0x4dfd;
+  static constexpr Tagged_t kinstance_members_initializer_string = 0x4e11;
+  static constexpr Tagged_t kInt16Array_string = 0x4e3d;
+  static constexpr Tagged_t kInt32Array_string = 0x4e55;
+  static constexpr Tagged_t kInt8Array_string = 0x4e6d;
+  static constexpr Tagged_t kisExtensible_string = 0x4e85;
+  static constexpr Tagged_t kiso8601_string = 0x4e9d;
+  static constexpr Tagged_t kisoDay_string = 0x4eb1;
+  static constexpr Tagged_t kisoHour_string = 0x4ec5;
+  static constexpr Tagged_t kisoMicrosecond_string = 0x4ed9;
+  static constexpr Tagged_t kisoMillisecond_string = 0x4ef5;
+  static constexpr Tagged_t kisoMinute_string = 0x4f11;
+  static constexpr Tagged_t kisoMonth_string = 0x4f29;
+  static constexpr Tagged_t kisoNanosecond_string = 0x4f3d;
+  static constexpr Tagged_t kisoSecond_string = 0x4f59;
+  static constexpr Tagged_t kisoYear_string = 0x4f71;
+  static constexpr Tagged_t kIterator_string = 0x4f85;
+  static constexpr Tagged_t kjsMemoryEstimate_string = 0x4f99;
+  static constexpr Tagged_t kjsMemoryRange_string = 0x4fb5;
+  static constexpr Tagged_t kkeys_string = 0x4fd1;
+  static constexpr Tagged_t klargestUnit_string = 0x4fe1;
+  static constexpr Tagged_t klastIndex_string = 0x4ff9;
+  static constexpr Tagged_t klet_string = 0x5011;
+  static constexpr Tagged_t kline_string = 0x5021;
+  static constexpr Tagged_t klinear_string = 0x5031;
+  static constexpr Tagged_t kLinkError_string = 0x5045;
+  static constexpr Tagged_t klong_string = 0x505d;
+  static constexpr Tagged_t kMap_string = 0x506d;
+  static constexpr Tagged_t kMapIterator_string = 0x507d;
+  static constexpr Tagged_t kmax_byte_length_string = 0x5095;
+  static constexpr Tagged_t kmedium_string = 0x50b1;
+  static constexpr Tagged_t kmergeFields_string = 0x50c5;
+  static constexpr Tagged_t kmessage_string = 0x50dd;
+  static constexpr Tagged_t kmeta_string = 0x50f1;
+  static constexpr Tagged_t kminus_Infinity_string = 0x5101;
+  static constexpr Tagged_t kmicrosecond_string = 0x5119;
+  static constexpr Tagged_t kmicroseconds_string = 0x5131;
+  static constexpr Tagged_t kmillisecond_string = 0x5149;
+  static constexpr Tagged_t kmilliseconds_string = 0x5161;
+  static constexpr Tagged_t kminute_string = 0x5179;
+  static constexpr Tagged_t kminutes_string = 0x518d;
+  static constexpr Tagged_t kModule_string = 0x51a1;
+  static constexpr Tagged_t kmonth_string = 0x51b5;
+  static constexpr Tagged_t kmonthDayFromFields_string = 0x51c9;
+  static constexpr Tagged_t kmonths_string = 0x51e9;
+  static constexpr Tagged_t kmonthsInYear_string = 0x51fd;
+  static constexpr Tagged_t kmonthCode_string = 0x5215;
+  static constexpr Tagged_t kmultiline_string = 0x522d;
+  static constexpr Tagged_t kNaN_string = 0x5245;
+  static constexpr Tagged_t knanosecond_string = 0x5255;
+  static constexpr Tagged_t knanoseconds_string = 0x526d;
+  static constexpr Tagged_t knarrow_string = 0x5285;
+  static constexpr Tagged_t knative_string = 0x5299;
+  static constexpr Tagged_t kNFC_string = 0x52ad;
+  static constexpr Tagged_t kNFD_string = 0x52bd;
+  static constexpr Tagged_t kNFKC_string = 0x52cd;
+  static constexpr Tagged_t kNFKD_string = 0x52dd;
+  static constexpr Tagged_t knot_equal_string = 0x52ed;
+  static constexpr Tagged_t knull_string = 0x5305;
+  static constexpr Tagged_t knull_to_string = 0x5315;
+  static constexpr Tagged_t kNumber_string = 0x5331;
+  static constexpr Tagged_t knumber_string = 0x5345;
+  static constexpr Tagged_t knumber_to_string = 0x5359;
+  static constexpr Tagged_t kObject_string = 0x5375;
+  static constexpr Tagged_t kobject_string = 0x5389;
+  static constexpr Tagged_t kobject_to_string = 0x539d;
+  static constexpr Tagged_t kObject_prototype_string = 0x53b9;
+  static constexpr Tagged_t koffset_string = 0x53d5;
+  static constexpr Tagged_t koffsetNanoseconds_string = 0x53e9;
+  static constexpr Tagged_t kok_string = 0x5409;
+  static constexpr Tagged_t kother_string = 0x5419;
+  static constexpr Tagged_t koverflow_string = 0x542d;
+  static constexpr Tagged_t kownKeys_string = 0x5441;
+  static constexpr Tagged_t kpercent_string = 0x5455;
+  static constexpr Tagged_t kplainDate_string = 0x5469;
+  static constexpr Tagged_t kplainTime_string = 0x5481;
+  static constexpr Tagged_t kposition_string = 0x5499;
+  static constexpr Tagged_t kpreventExtensions_string = 0x54ad;
+  static constexpr Tagged_t kprivate_constructor_string = 0x54cd;
+  static constexpr Tagged_t kPromise_string = 0x54e5;
+  static constexpr Tagged_t kpromise_string = 0x54f9;
+  static constexpr Tagged_t kproto_string = 0x550d;
+  static constexpr Tagged_t kproxy_string = 0x5525;
+  static constexpr Tagged_t kProxy_string = 0x5539;
+  static constexpr Tagged_t kquery_colon_string = 0x554d;
+  static constexpr Tagged_t kRangeError_string = 0x555d;
+  static constexpr Tagged_t kraw_json_string = 0x5575;
+  static constexpr Tagged_t kraw_string = 0x5589;
+  static constexpr Tagged_t kReferenceError_string = 0x5599;
+  static constexpr Tagged_t kReflectGet_string = 0x55b5;
+  static constexpr Tagged_t kReflectHas_string = 0x55cd;
+  static constexpr Tagged_t kRegExp_string = 0x55e5;
+  static constexpr Tagged_t kregexp_to_string = 0x55f9;
+  static constexpr Tagged_t kreject_string = 0x5615;
+  static constexpr Tagged_t krelativeTo_string = 0x5629;
+  static constexpr Tagged_t kresizable_string = 0x5641;
+  static constexpr Tagged_t kResizableArrayBuffer_string = 0x5659;
+  static constexpr Tagged_t kreturn_string = 0x5679;
+  static constexpr Tagged_t krevoke_string = 0x568d;
+  static constexpr Tagged_t kroundingIncrement_string = 0x56a1;
+  static constexpr Tagged_t kRuntimeError_string = 0x56c1;
+  static constexpr Tagged_t kWebAssemblyException_string = 0x56d9;
+  static constexpr Tagged_t kWebAssemblyModule_string = 0x56fd;
+  static constexpr Tagged_t kScript_string = 0x571d;
+  static constexpr Tagged_t kscript_string = 0x5731;
+  static constexpr Tagged_t ksecond_string = 0x5745;
+  static constexpr Tagged_t kseconds_string = 0x5759;
+  static constexpr Tagged_t kshort_string = 0x576d;
+  static constexpr Tagged_t kSet_string = 0x5781;
+  static constexpr Tagged_t ksentence_string = 0x5791;
+  static constexpr Tagged_t kset_space_string = 0x57a5;
+  static constexpr Tagged_t kset_string = 0x57b5;
+  static constexpr Tagged_t kSetIterator_string = 0x57c5;
+  static constexpr Tagged_t ksetPrototypeOf_string = 0x57dd;
+  static constexpr Tagged_t kShadowRealm_string = 0x57f9;
+  static constexpr Tagged_t kSharedArray_string = 0x5811;
+  static constexpr Tagged_t kSharedArrayBuffer_string = 0x5829;
+  static constexpr Tagged_t kSharedStruct_string = 0x5849;
+  static constexpr Tagged_t ksign_string = 0x5861;
+  static constexpr Tagged_t ksize_string = 0x5871;
+  static constexpr Tagged_t ksmallestUnit_string = 0x5881;
+  static constexpr Tagged_t ksource_string = 0x5899;
+  static constexpr Tagged_t ksourceText_string = 0x58ad;
+  static constexpr Tagged_t kstack_string = 0x58c5;
+  static constexpr Tagged_t kstackTraceLimit_string = 0x58d9;
+  static constexpr Tagged_t kstatic_initializer_string = 0x58f5;
+  static constexpr Tagged_t ksticky_string = 0x5915;
+  static constexpr Tagged_t kString_string = 0x5929;
+  static constexpr Tagged_t kstring_string = 0x593d;
+  static constexpr Tagged_t kstring_to_string = 0x5951;
+  static constexpr Tagged_t ksuppressed_string = 0x596d;
+  static constexpr Tagged_t kSuppressedError_string = 0x5985;
+  static constexpr Tagged_t kSymbol_iterator_string = 0x59a1;
+  static constexpr Tagged_t kSymbol_match_all_string = 0x59bd;
+  static constexpr Tagged_t kSymbol_replace_string = 0x59d9;
+  static constexpr Tagged_t ksymbol_species_string = 0x59f5;
+  static constexpr Tagged_t kSymbol_species_string = 0x5a11;
+  static constexpr Tagged_t kSymbol_split_string = 0x5a2d;
+  static constexpr Tagged_t kSymbol_string = 0x5a45;
+  static constexpr Tagged_t ksymbol_string = 0x5a59;
+  static constexpr Tagged_t kSyntaxError_string = 0x5a6d;
+  static constexpr Tagged_t ktarget_string = 0x5a85;
+  static constexpr Tagged_t kthis_function_string = 0x5a99;
+  static constexpr Tagged_t kthis_string = 0x5ab5;
+  static constexpr Tagged_t kthrow_string = 0x5ac5;
+  static constexpr Tagged_t ktimed_out_string = 0x5ad9;
+  static constexpr Tagged_t ktimeZone_string = 0x5af1;
+  static constexpr Tagged_t ktoJSON_string = 0x5b05;
+  static constexpr Tagged_t ktoString_string = 0x5b19;
+  static constexpr Tagged_t ktrue_string = 0x5b2d;
+  static constexpr Tagged_t ktotal_string = 0x5b3d;
+  static constexpr Tagged_t kTypeError_string = 0x5b51;
+  static constexpr Tagged_t kUint16Array_string = 0x5b69;
+  static constexpr Tagged_t kUint32Array_string = 0x5b81;
+  static constexpr Tagged_t kUint8Array_string = 0x5b99;
+  static constexpr Tagged_t kUint8ClampedArray_string = 0x5bb1;
+  static constexpr Tagged_t kundefined_string = 0x5bd1;
+  static constexpr Tagged_t kundefined_to_string = 0x5be9;
+  static constexpr Tagged_t kunicode_string = 0x5c09;
+  static constexpr Tagged_t kunicodeSets_string = 0x5c1d;
+  static constexpr Tagged_t kunit_string = 0x5c35;
+  static constexpr Tagged_t kURIError_string = 0x5c45;
+  static constexpr Tagged_t kUTC_string = 0x5c59;
+  static constexpr Tagged_t kWeakMap_string = 0x5c69;
+  static constexpr Tagged_t kWeakRef_string = 0x5c7d;
+  static constexpr Tagged_t kWeakSet_string = 0x5c91;
+  static constexpr Tagged_t kweek_string = 0x5ca5;
+  static constexpr Tagged_t kweeks_string = 0x5cb5;
+  static constexpr Tagged_t kweekOfYear_string = 0x5cc9;
+  static constexpr Tagged_t kwith_string = 0x5ce1;
+  static constexpr Tagged_t kword_string = 0x5cf1;
+  static constexpr Tagged_t kyearMonthFromFields_string = 0x5d01;
+  static constexpr Tagged_t kyear_string = 0x5d21;
+  static constexpr Tagged_t kyears_string = 0x5d31;
+  static constexpr Tagged_t kPropertyCellHoleValue = 0x5d45;
+  static constexpr Tagged_t kHashTableHoleValue = 0x5d51;
+  static constexpr Tagged_t kPromiseHoleValue = 0x5d5d;
+  static constexpr Tagged_t kUninitializedValue = 0x5d69;
+  static constexpr Tagged_t kArgumentsMarker = 0x5d75;
+  static constexpr Tagged_t kTerminationException = 0x5d81;
+  static constexpr Tagged_t kException = 0x5d8d;
+  static constexpr Tagged_t kOptimizedOut = 0x5d99;
+  static constexpr Tagged_t kStaleRegister = 0x5da5;
+  static constexpr Tagged_t kSelfReferenceMarker = 0x5db1;
+  static constexpr Tagged_t kBasicBlockCountersMarker = 0x5dbd;
+  static constexpr Tagged_t karray_buffer_wasm_memory_symbol = 0x5dc9;
+  static constexpr Tagged_t kcall_site_info_symbol = 0x5dd9;
+  static constexpr Tagged_t kclass_fields_symbol = 0x5de9;
+  static constexpr Tagged_t kclass_positions_symbol = 0x5df9;
+  static constexpr Tagged_t kerror_end_pos_symbol = 0x5e09;
+  static constexpr Tagged_t kerror_message_symbol = 0x5e19;
+  static constexpr Tagged_t kerror_script_symbol = 0x5e29;
+  static constexpr Tagged_t kerror_stack_symbol = 0x5e39;
+  static constexpr Tagged_t kerror_start_pos_symbol = 0x5e49;
+  static constexpr Tagged_t kfrozen_symbol = 0x5e59;
+  static constexpr Tagged_t kinterpreter_trampoline_symbol = 0x5e69;
+  static constexpr Tagged_t knative_context_index_symbol = 0x5e79;
+  static constexpr Tagged_t knonextensible_symbol = 0x5e89;
+  static constexpr Tagged_t kpromise_debug_message_symbol = 0x5e99;
+  static constexpr Tagged_t kpromise_forwarding_handler_symbol = 0x5ea9;
+  static constexpr Tagged_t kpromise_handled_by_symbol = 0x5eb9;
+  static constexpr Tagged_t kpromise_awaited_by_symbol = 0x5ec9;
+  static constexpr Tagged_t kregexp_result_names_symbol = 0x5ed9;
+  static constexpr Tagged_t kregexp_result_regexp_input_symbol = 0x5ee9;
+  static constexpr Tagged_t kregexp_result_regexp_last_index_symbol = 0x5ef9;
+  static constexpr Tagged_t ksealed_symbol = 0x5f09;
   static constexpr Tagged_t kshared_struct_map_elements_template_symbol =
-      0x5e51;
-  static constexpr Tagged_t kshared_struct_map_registry_key_symbol = 0x5e61;
-  static constexpr Tagged_t kstrict_function_transition_symbol = 0x5e71;
+      0x5f19;
+  static constexpr Tagged_t kshared_struct_map_registry_key_symbol = 0x5f29;
+  static constexpr Tagged_t kstrict_function_transition_symbol = 0x5f39;
   static constexpr Tagged_t ktemplate_literal_function_literal_id_symbol =
-      0x5e81;
-  static constexpr Tagged_t ktemplate_literal_slot_id_symbol = 0x5e91;
-  static constexpr Tagged_t kwasm_exception_tag_symbol = 0x5ea1;
-  static constexpr Tagged_t kwasm_exception_values_symbol = 0x5eb1;
-  static constexpr Tagged_t kwasm_uncatchable_symbol = 0x5ec1;
-  static constexpr Tagged_t kwasm_wrapped_object_symbol = 0x5ed1;
-  static constexpr Tagged_t kwasm_debug_proxy_cache_symbol = 0x5ee1;
-  static constexpr Tagged_t kwasm_debug_proxy_names_symbol = 0x5ef1;
-  static constexpr Tagged_t kasync_iterator_symbol = 0x5f01;
-  static constexpr Tagged_t kintl_fallback_symbol = 0x5f31;
-  static constexpr Tagged_t kmatch_symbol = 0x5f69;
-  static constexpr Tagged_t ksearch_symbol = 0x5f91;
-  static constexpr Tagged_t kunscopables_symbol = 0x5fbd;
-  static constexpr Tagged_t kdispose_symbol = 0x5fed;
-  static constexpr Tagged_t kasync_dispose_symbol = 0x6019;
-  static constexpr Tagged_t khas_instance_symbol = 0x6049;
-  static constexpr Tagged_t kto_string_tag_symbol = 0x6079;
-  static constexpr Tagged_t kconstructor_string = 0x60f1;
-  static constexpr Tagged_t knext_string = 0x6109;
-  static constexpr Tagged_t kresolve_string = 0x6119;
-  static constexpr Tagged_t kthen_string = 0x612d;
-  static constexpr Tagged_t kvalueOf_string = 0x613d;
-  static constexpr Tagged_t kiterator_symbol = 0x6151;
-  static constexpr Tagged_t kmatch_all_symbol = 0x6161;
-  static constexpr Tagged_t kreplace_symbol = 0x6171;
-  static constexpr Tagged_t kspecies_symbol = 0x6181;
-  static constexpr Tagged_t ksplit_symbol = 0x6191;
-  static constexpr Tagged_t kto_primitive_symbol = 0x61a1;
-  static constexpr Tagged_t kis_concat_spreadable_symbol = 0x61b1;
-  static constexpr Tagged_t kEmptySlowElementDictionary = 0x61c1;
-  static constexpr Tagged_t kEmptySymbolTable = 0x61e5;
-  static constexpr Tagged_t kEmptyOrderedHashMap = 0x6201;
-  static constexpr Tagged_t kEmptyOrderedHashSet = 0x6215;
-  static constexpr Tagged_t kEmptyFeedbackMetadata = 0x6229;
-  static constexpr Tagged_t kGlobalThisBindingScopeInfo = 0x6235;
-  static constexpr Tagged_t kEmptyFunctionScopeInfo = 0x6255;
-  static constexpr Tagged_t kNativeScopeInfo = 0x6279;
-  static constexpr Tagged_t kShadowRealmScopeInfo = 0x6291;
-  static constexpr Tagged_t kEmptyExternalPointerArray = 0x62a9;
-  static constexpr Tagged_t kWasmNullPadding = 0x62b1;
+      0x5f49;
+  static constexpr Tagged_t ktemplate_literal_slot_id_symbol = 0x5f59;
+  static constexpr Tagged_t kwasm_exception_tag_symbol = 0x5f69;
+  static constexpr Tagged_t kwasm_exception_values_symbol = 0x5f79;
+  static constexpr Tagged_t kwasm_uncatchable_symbol = 0x5f89;
+  static constexpr Tagged_t kwasm_wrapped_object_symbol = 0x5f99;
+  static constexpr Tagged_t kwasm_debug_proxy_cache_symbol = 0x5fa9;
+  static constexpr Tagged_t kwasm_debug_proxy_names_symbol = 0x5fb9;
+  static constexpr Tagged_t kasync_iterator_symbol = 0x5fc9;
+  static constexpr Tagged_t kintl_fallback_symbol = 0x5ff9;
+  static constexpr Tagged_t kmatch_symbol = 0x6031;
+  static constexpr Tagged_t ksearch_symbol = 0x6059;
+  static constexpr Tagged_t kunscopables_symbol = 0x6085;
+  static constexpr Tagged_t kdispose_symbol = 0x60b5;
+  static constexpr Tagged_t kasync_dispose_symbol = 0x60e1;
+  static constexpr Tagged_t khas_instance_symbol = 0x6111;
+  static constexpr Tagged_t kto_string_tag_symbol = 0x6141;
+  static constexpr Tagged_t kconstructor_string = 0x61b9;
+  static constexpr Tagged_t knext_string = 0x61d1;
+  static constexpr Tagged_t kresolve_string = 0x61e1;
+  static constexpr Tagged_t kthen_string = 0x61f5;
+  static constexpr Tagged_t kvalueOf_string = 0x6205;
+  static constexpr Tagged_t kiterator_symbol = 0x6219;
+  static constexpr Tagged_t kmatch_all_symbol = 0x6229;
+  static constexpr Tagged_t kreplace_symbol = 0x6239;
+  static constexpr Tagged_t kspecies_symbol = 0x6249;
+  static constexpr Tagged_t ksplit_symbol = 0x6259;
+  static constexpr Tagged_t kto_primitive_symbol = 0x6269;
+  static constexpr Tagged_t kis_concat_spreadable_symbol = 0x6279;
+  static constexpr Tagged_t kEmptySlowElementDictionary = 0x6289;
+  static constexpr Tagged_t kEmptySymbolTable = 0x62ad;
+  static constexpr Tagged_t kEmptyOrderedHashMap = 0x62c9;
+  static constexpr Tagged_t kEmptyOrderedHashSet = 0x62dd;
+  static constexpr Tagged_t kEmptyFeedbackMetadata = 0x62f1;
+  static constexpr Tagged_t kGlobalThisBindingScopeInfo = 0x62fd;
+  static constexpr Tagged_t kEmptyFunctionScopeInfo = 0x631d;
+  static constexpr Tagged_t kNativeScopeInfo = 0x6341;
+  static constexpr Tagged_t kShadowRealmScopeInfo = 0x6359;
+  static constexpr Tagged_t kEmptyExternalPointerArray = 0x6371;
+  static constexpr Tagged_t kWasmNullPadding = 0x6379;
   static constexpr Tagged_t kWasmNull = 0xfffd;
   static constexpr Tagged_t kJSSharedArrayMap = 0x20001;
   static constexpr Tagged_t kJSAtomicsMutexMap = 0x20045;
   static constexpr Tagged_t kJSAtomicsConditionMap = 0x2006d;
 
+  static constexpr Tagged_t kFirstAllocatedRoot = 0x69;
   static constexpr Tagged_t kLastAllocatedRoot = 0x2006d;
 };
 
-static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
+static constexpr std::array<Tagged_t, 767> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kFreeSpaceMap,
     StaticReadOnlyRoot::kOnePointerFillerMap,
     StaticReadOnlyRoot::kTwoPointerFillerMap,
@@ -864,6 +869,9 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kPropertyArrayMap,
     StaticReadOnlyRoot::kAccessorInfoMap,
     StaticReadOnlyRoot::kRegExpMatchInfoMap,
+    StaticReadOnlyRoot::kRegExpDataMap,
+    StaticReadOnlyRoot::kAtomRegExpDataMap,
+    StaticReadOnlyRoot::kIrRegExpDataMap,
     StaticReadOnlyRoot::kSimpleNumberDictionaryMap,
     StaticReadOnlyRoot::kSmallOrderedHashMapMap,
     StaticReadOnlyRoot::kSmallOrderedHashSetMap,
@@ -871,7 +879,7 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kSourceTextModuleMap,
     StaticReadOnlyRoot::kSwissNameDictionaryMap,
     StaticReadOnlyRoot::kSyntheticModuleMap,
-    StaticReadOnlyRoot::kWasmApiFunctionRefMap,
+    StaticReadOnlyRoot::kWasmImportDataMap,
     StaticReadOnlyRoot::kWasmCapiFunctionDataMap,
     StaticReadOnlyRoot::kWasmContinuationObjectMap,
     StaticReadOnlyRoot::kWasmDispatchTableMap,
@@ -881,6 +889,7 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kWasmJSFunctionDataMap,
     StaticReadOnlyRoot::kWasmNullMap,
     StaticReadOnlyRoot::kWasmResumeDataMap,
+    StaticReadOnlyRoot::kWasmSuspenderObjectMap,
     StaticReadOnlyRoot::kWasmTrustedInstanceDataMap,
     StaticReadOnlyRoot::kWasmTypeInfoMap,
     StaticReadOnlyRoot::kWeakFixedArrayMap,
@@ -1346,6 +1355,7 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kroundingIncrement_string,
     StaticReadOnlyRoot::kRuntimeError_string,
     StaticReadOnlyRoot::kWebAssemblyException_string,
+    StaticReadOnlyRoot::kWebAssemblyModule_string,
     StaticReadOnlyRoot::kScript_string,
     StaticReadOnlyRoot::kscript_string,
     StaticReadOnlyRoot::ksecond_string,
@@ -1422,8 +1432,6 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kuninitialized_symbol,
     StaticReadOnlyRoot::kmegamorphic_symbol,
     StaticReadOnlyRoot::kelements_transition_symbol,
-    StaticReadOnlyRoot::kclone_object_ic_transition_symbol,
-    StaticReadOnlyRoot::kobject_assign_clone_transition_symbol,
     StaticReadOnlyRoot::kmega_dom_symbol,
     StaticReadOnlyRoot::karray_buffer_wasm_memory_symbol,
     StaticReadOnlyRoot::kcall_site_info_symbol,
@@ -1496,6 +1504,7 @@ static constexpr std::array<Tagged_t, 763> StaticReadOnlyRootsPointerTable = {
     StaticReadOnlyRoot::kPropertyDescriptorObjectMap,
     StaticReadOnlyRoot::kPrototypeInfoMap,
     StaticReadOnlyRoot::kRegExpBoilerplateDescriptionMap,
+    StaticReadOnlyRoot::kRegExpDataWrapperMap,
     StaticReadOnlyRoot::kScriptMap,
     StaticReadOnlyRoot::kScriptOrModuleMap,
     StaticReadOnlyRoot::kSourceTextModuleInfoEntryMap,
diff --git a/deps/v8/src/runtime/runtime-array.cc b/deps/v8/src/runtime/runtime-array.cc
index 724ce29c4619c4..cacb03f04e319e 100644
--- a/deps/v8/src/runtime/runtime-array.cc
+++ b/deps/v8/src/runtime/runtime-array.cc
@@ -108,7 +108,7 @@ RUNTIME_FUNCTION(Runtime_NewArray) {
 
   // If we don't care to track arrays of to_kind ElementsKind, then
   // don't emit a memento for them.
-  Handle<AllocationSite> allocation_site;
+  DirectHandle<AllocationSite> allocation_site;
   if (AllocationSite::ShouldTrack(to_kind)) {
     allocation_site = site;
   }
diff --git a/deps/v8/src/runtime/runtime-atomics.cc b/deps/v8/src/runtime/runtime-atomics.cc
index bdcca8e1c0613c..dcef7c2a8fde8d 100644
--- a/deps/v8/src/runtime/runtime-atomics.cc
+++ b/deps/v8/src/runtime/runtime-atomics.cc
@@ -644,7 +644,8 @@ namespace {
 
 template <typename WriteOperation>
 Tagged<Object> AtomicFieldWrite(Isolate* isolate, Handle<JSObject> object,
-                                Handle<Name> field_name, Handle<Object> value,
+                                Handle<Name> field_name,
+                                DirectHandle<Object> value,
                                 WriteOperation write_operation) {
   LookupIterator it(isolate, object, PropertyKey(isolate, field_name),
                     LookupIterator::OWN);
diff --git a/deps/v8/src/runtime/runtime-bigint.cc b/deps/v8/src/runtime/runtime-bigint.cc
index 1c5f25ad08f209..4115f98381df9a 100644
--- a/deps/v8/src/runtime/runtime-bigint.cc
+++ b/deps/v8/src/runtime/runtime-bigint.cc
@@ -14,7 +14,7 @@ RUNTIME_FUNCTION(Runtime_BigIntCompareToNumber) {
   DCHECK_EQ(3, args.length());
   int mode = args.smi_value_at(0);
   DirectHandle<BigInt> lhs = args.at<BigInt>(1);
-  Handle<Object> rhs = args.at(2);
+  DirectHandle<Object> rhs = args.at(2);
   bool result = ComparisonResultToBool(static_cast<Operation>(mode),
                                        BigInt::CompareToNumber(lhs, rhs));
   return *isolate->factory()->ToBoolean(result);
@@ -65,7 +65,7 @@ RUNTIME_FUNCTION(Runtime_BigIntEqualToString) {
 RUNTIME_FUNCTION(Runtime_BigIntToNumber) {
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  Handle<BigInt> x = args.at<BigInt>(0);
+  DirectHandle<BigInt> x = args.at<BigInt>(0);
   return *BigInt::ToNumber(isolate, x);
 }
 
diff --git a/deps/v8/src/runtime/runtime-classes.cc b/deps/v8/src/runtime/runtime-classes.cc
index d06005564c341f..397ff9e5675a39 100644
--- a/deps/v8/src/runtime/runtime-classes.cc
+++ b/deps/v8/src/runtime/runtime-classes.cc
@@ -195,7 +195,7 @@ Handle<Dictionary> ShallowCopyDictionaryTemplate(
   for (InternalIndex i : dictionary->IterateEntries()) {
     Tagged<Object> value = dictionary->ValueAt(i);
     if (IsAccessorPair(value)) {
-      Handle<AccessorPair> pair(Cast<AccessorPair>(value), isolate);
+      DirectHandle<AccessorPair> pair(Cast<AccessorPair>(value), isolate);
       pair = AccessorPair::Copy(isolate, pair);
       dictionary->ValueAtPut(i, *pair);
     }
diff --git a/deps/v8/src/runtime/runtime-compiler.cc b/deps/v8/src/runtime/runtime-compiler.cc
index 9683573bd8d27c..e72e04ab53f7a5 100644
--- a/deps/v8/src/runtime/runtime-compiler.cc
+++ b/deps/v8/src/runtime/runtime-compiler.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/asmjs/asm-js.h"
 #include "src/codegen/compilation-cache.h"
 #include "src/codegen/compiler.h"
@@ -16,8 +18,7 @@
 #include "src/objects/objects-inl.h"
 #include "src/objects/shared-function-info.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 void LogExecution(Isolate* isolate, DirectHandle<JSFunction> function) {
@@ -229,7 +230,7 @@ namespace {
 bool TryGetOptimizedOsrCode(Isolate* isolate, Tagged<FeedbackVector> vector,
                             const interpreter::BytecodeArrayIterator& it,
                             Tagged<Code>* code_out) {
-  base::Optional<Tagged<Code>> maybe_code =
+  std::optional<Tagged<Code>> maybe_code =
       vector->GetOptimizedOsrCode(isolate, it.GetSlotOperand(2));
   if (maybe_code.has_value()) {
     *code_out = maybe_code.value();
@@ -626,7 +627,7 @@ static Tagged<Object> CompileGlobalEval(Isolate* isolate,
                                         Handle<i::Object> source_object,
                                         Handle<SharedFunctionInfo> outer_info,
                                         LanguageMode language_mode,
-                                        int eval_scope_position,
+                                        int eval_scope_info_index,
                                         int eval_position) {
   Handle<NativeContext> native_context = isolate->native_context();
 
@@ -655,11 +656,21 @@ static Tagged<Object> CompileGlobalEval(Isolate* isolate,
   static const ParseRestriction restriction = NO_PARSE_RESTRICTION;
   Handle<JSFunction> compiled;
   Handle<Context> context(isolate->context(), isolate);
+  if (!Is<NativeContext>(*context) && v8_flags.reuse_scope_infos) {
+    Tagged<WeakFixedArray> array = Cast<Script>(outer_info->script())->infos();
+    Tagged<ScopeInfo> stored_info;
+    if (array->get(eval_scope_info_index)
+            .GetHeapObjectIfWeak(isolate, &stored_info)) {
+      CHECK_EQ(stored_info, context->scope_info());
+    } else {
+      array->set(eval_scope_info_index, MakeWeak(context->scope_info()));
+    }
+  }
   ASSIGN_RETURN_ON_EXCEPTION_VALUE(
       isolate, compiled,
-      Compiler::GetFunctionFromEval(
-          source.ToHandleChecked(), outer_info, context, language_mode,
-          restriction, kNoSourcePosition, eval_scope_position, eval_position),
+      Compiler::GetFunctionFromEval(source.ToHandleChecked(), outer_info,
+                                    context, language_mode, restriction,
+                                    kNoSourcePosition, eval_position),
       ReadOnlyRoots(isolate).exception());
   return *compiled;
 }
@@ -685,5 +696,4 @@ RUNTIME_FUNCTION(Runtime_ResolvePossiblyDirectEval) {
                            args.smi_value_at(5));
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/runtime/runtime-debug.cc b/deps/v8/src/runtime/runtime-debug.cc
index 0ae291c9dc1e7b..928209642f3b6e 100644
--- a/deps/v8/src/runtime/runtime-debug.cc
+++ b/deps/v8/src/runtime/runtime-debug.cc
@@ -204,7 +204,7 @@ MaybeHandle<JSArray> Runtime::GetInternalProperties(Isolate* isolate,
     PrototypeIterator iter(isolate, Cast<JSObject>(object), kStartAtReceiver);
     if (iter.HasAccess()) {
       iter.Advance();
-      Handle<Object> prototype = PrototypeIterator::GetCurrent(iter);
+      DirectHandle<Object> prototype = PrototypeIterator::GetCurrent(iter);
       if (!iter.IsAtEnd() && iter.HasAccess() && IsJSGlobalProxy(*object)) {
         // Skip JSGlobalObject as the [[Prototype]].
         DCHECK(IsJSGlobalObject(*prototype));
@@ -510,7 +510,7 @@ RUNTIME_FUNCTION(Runtime_DebugGetLoadedScriptIds) {
   HandleScope scope(isolate);
   DCHECK_EQ(0, args.length());
 
-  Handle<FixedArray> instances;
+  DirectHandle<FixedArray> instances;
   {
     DebugScope debug_scope(isolate->debug());
     // Fill the script objects.
@@ -572,7 +572,8 @@ int ScriptLinePosition(DirectHandle<Script> script, int line) {
   return Smi::ToInt(line_ends_array->get(line - 1)) + 1;
 }
 
-int ScriptLinePositionWithOffset(Handle<Script> script, int line, int offset) {
+int ScriptLinePositionWithOffset(DirectHandle<Script> script, int line,
+                                 int offset) {
   if (line < 0 || offset < 0) return -1;
 
   if (line == 0 || offset == 0)
@@ -588,7 +589,7 @@ int ScriptLinePositionWithOffset(Handle<Script> script, int line, int offset) {
   return ScriptLinePosition(script, total_line);
 }
 
-Handle<Object> GetJSPositionInfo(Handle<Script> script, int position,
+Handle<Object> GetJSPositionInfo(DirectHandle<Script> script, int position,
                                  Script::OffsetFlag offset_flag,
                                  Isolate* isolate) {
   Script::PositionInfo info;
@@ -601,7 +602,7 @@ Handle<Object> GetJSPositionInfo(Handle<Script> script, int position,
 #else
   const bool is_wasm_script = false;
 #endif  // V8_ENABLE_WEBASSEMBLY
-  Handle<String> sourceText =
+  DirectHandle<String> sourceText =
       is_wasm_script ? isolate->factory()->empty_string()
                      : isolate->factory()->NewSubString(
                            handle(Cast<String>(script->source()), isolate),
@@ -625,7 +626,8 @@ Handle<Object> GetJSPositionInfo(Handle<Script> script, int position,
   return jsinfo;
 }
 
-Handle<Object> ScriptLocationFromLine(Isolate* isolate, Handle<Script> script,
+Handle<Object> ScriptLocationFromLine(Isolate* isolate,
+                                      DirectHandle<Script> script,
                                       DirectHandle<Object> opt_line,
                                       DirectHandle<Object> opt_column,
                                       int32_t offset) {
diff --git a/deps/v8/src/runtime/runtime-internal.cc b/deps/v8/src/runtime/runtime-internal.cc
index 94f651eb1cb1db..659e52d5b9f79c 100644
--- a/deps/v8/src/runtime/runtime-internal.cc
+++ b/deps/v8/src/runtime/runtime-internal.cc
@@ -378,7 +378,7 @@ Tagged<Object> BytecodeBudgetInterruptWithStackCheck(Isolate* isolate,
                                                      CodeKind code_kind) {
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  Handle<JSFunction> function = args.at<JSFunction>(0);
+  DirectHandle<JSFunction> function = args.at<JSFunction>(0);
   TRACE_EVENT0("v8.execute", "V8.BytecodeBudgetInterruptWithStackCheck");
 
   // Check for stack interrupts here so that we can fold the interrupt check
@@ -404,7 +404,7 @@ Tagged<Object> BytecodeBudgetInterrupt(Isolate* isolate, RuntimeArguments& args,
                                        CodeKind code_kind) {
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  Handle<JSFunction> function = args.at<JSFunction>(0);
+  DirectHandle<JSFunction> function = args.at<JSFunction>(0);
   TRACE_EVENT0("v8.execute", "V8.BytecodeBudgetInterrupt");
 
   isolate->tiering_manager()->OnInterruptTick(function, code_kind);
diff --git a/deps/v8/src/runtime/runtime-literals.cc b/deps/v8/src/runtime/runtime-literals.cc
index 9d9d8547821375..3e00eeb7ba1baf 100644
--- a/deps/v8/src/runtime/runtime-literals.cc
+++ b/deps/v8/src/runtime/runtime-literals.cc
@@ -635,8 +635,7 @@ RUNTIME_FUNCTION(Runtime_CreateRegExpLiteral) {
     return *regexp_instance;
   }
 
-  DirectHandle<FixedArray> data(Cast<FixedArray>(regexp_instance->data()),
-                                isolate);
+  DirectHandle<RegExpData> data(regexp_instance->data(isolate), isolate);
   DirectHandle<String> source(Cast<String>(regexp_instance->source()), isolate);
   DirectHandle<RegExpBoilerplateDescription> boilerplate =
       isolate->factory()->NewRegExpBoilerplateDescription(
diff --git a/deps/v8/src/runtime/runtime-module.cc b/deps/v8/src/runtime/runtime-module.cc
index ff570b770eb9c3..447be2c7cfe70e 100644
--- a/deps/v8/src/runtime/runtime-module.cc
+++ b/deps/v8/src/runtime/runtime-module.cc
@@ -9,19 +9,6 @@
 namespace v8 {
 namespace internal {
 
-namespace {
-Handle<Script> GetEvalOrigin(Isolate* isolate, Tagged<Script> origin_script) {
-  DisallowGarbageCollection no_gc;
-  while (origin_script->has_eval_from_shared()) {
-    Tagged<HeapObject> maybe_script =
-        origin_script->eval_from_shared()->script();
-    CHECK(IsScript(maybe_script));
-    origin_script = Cast<Script>(maybe_script);
-  }
-  return handle(origin_script, isolate);
-}
-}  // namespace
-
 RUNTIME_FUNCTION(Runtime_DynamicImportCall) {
   HandleScope scope(isolate);
   DCHECK_LE(2, args.length());
@@ -34,8 +21,8 @@ RUNTIME_FUNCTION(Runtime_DynamicImportCall) {
     import_options = args.at<Object>(2);
   }
 
-  Handle<Script> referrer_script =
-      GetEvalOrigin(isolate, Cast<Script>(function->shared()->script()));
+  Handle<Script> referrer_script = handle(
+      Cast<Script>(function->shared()->script())->GetEvalOrigin(), isolate);
   RETURN_RESULT_OR_FAILURE(isolate,
                            isolate->RunHostImportModuleDynamicallyCallback(
                                referrer_script, specifier, import_options));
diff --git a/deps/v8/src/runtime/runtime-object.cc b/deps/v8/src/runtime/runtime-object.cc
index 7128c3683a02a9..9a45b674a368d2 100644
--- a/deps/v8/src/runtime/runtime-object.cc
+++ b/deps/v8/src/runtime/runtime-object.cc
@@ -297,7 +297,7 @@ RUNTIME_FUNCTION(Runtime_AddPrivateBrand) {
   DCHECK_EQ(args.length(), 4);
   Handle<JSReceiver> receiver = args.at<JSReceiver>(0);
   Handle<Symbol> brand = args.at<Symbol>(1);
-  Handle<Context> context = args.at<Context>(2);
+  DirectHandle<Context> context = args.at<Context>(2);
   int depth = args.smi_value_at(3);
   DCHECK(brand->is_private_name());
 
@@ -474,7 +474,7 @@ RUNTIME_FUNCTION(Runtime_InternalSetPrototype) {
 RUNTIME_FUNCTION(Runtime_OptimizeObjectForAddingMultipleProperties) {
   HandleScope scope(isolate);
   DCHECK_EQ(2, args.length());
-  Handle<JSObject> object = args.at<JSObject>(0);
+  DirectHandle<JSObject> object = args.at<JSObject>(0);
   int properties = args.smi_value_at(1);
   // Conservative upper limit to prevent fuzz tests from going OOM.
   if (properties > 100000) return isolate->ThrowIllegalOperation();
@@ -898,7 +898,7 @@ RUNTIME_FUNCTION(Runtime_CompleteInobjectSlackTrackingForMap) {
 RUNTIME_FUNCTION(Runtime_TryMigrateInstance) {
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  Handle<JSObject> js_object = args.at<JSObject>(0);
+  DirectHandle<JSObject> js_object = args.at<JSObject>(0);
   // It could have been a DCHECK but we call this function directly from tests.
   if (!js_object->map()->is_deprecated()) return Smi::zero();
   // This call must not cause lazy deopts, because it's called from deferred
@@ -925,9 +925,9 @@ RUNTIME_FUNCTION(Runtime_DefineAccessorPropertyUnchecked) {
   Handle<JSObject> obj = args.at<JSObject>(0);
   CHECK(!IsNull(*obj, isolate));
   Handle<Name> name = args.at<Name>(1);
-  Handle<Object> getter = args.at(2);
+  DirectHandle<Object> getter = args.at(2);
   CHECK(IsValidAccessor(isolate, getter));
-  Handle<Object> setter = args.at(3);
+  DirectHandle<Object> setter = args.at(3);
   CHECK(IsValidAccessor(isolate, setter));
   auto attrs = PropertyAttributesFromInt(args.smi_value_at(4));
 
@@ -970,7 +970,7 @@ RUNTIME_FUNCTION(Runtime_DefineKeyedOwnPropertyInLiteral) {
     DCHECK(IsName(*name));
     DCHECK(IsFeedbackVector(*maybe_vector));
     Handle<FeedbackVector> vector = Cast<FeedbackVector>(maybe_vector);
-    FeedbackNexus nexus(vector, FeedbackVector::ToSlot(index));
+    FeedbackNexus nexus(isolate, vector, FeedbackVector::ToSlot(index));
     if (nexus.ic_state() == InlineCacheState::UNINITIALIZED) {
       if (IsUniqueName(*name)) {
         nexus.ConfigureMonomorphic(Cast<Name>(name),
diff --git a/deps/v8/src/runtime/runtime-promise.cc b/deps/v8/src/runtime/runtime-promise.cc
index 5b4b9c2e9de416..20ba437b34afd1 100644
--- a/deps/v8/src/runtime/runtime-promise.cc
+++ b/deps/v8/src/runtime/runtime-promise.cc
@@ -86,8 +86,10 @@ RUNTIME_FUNCTION(Runtime_RunMicrotaskCallback) {
   Tagged<Object> microtask_callback = args[0];
   Tagged<Object> microtask_data = args[1];
   MicrotaskCallback callback =
-      ToCData<MicrotaskCallback, kMicrotaskCallbackTag>(microtask_callback);
-  void* data = ToCData<void*, kMicrotaskCallbackDataTag>(microtask_data);
+      ToCData<MicrotaskCallback, kMicrotaskCallbackTag>(isolate,
+                                                        microtask_callback);
+  void* data =
+      ToCData<void*, kMicrotaskCallbackDataTag>(isolate, microtask_data);
   callback(data);
   RETURN_FAILURE_IF_EXCEPTION(isolate);
   return ReadOnlyRoots(isolate).undefined_value();
@@ -197,5 +199,22 @@ RUNTIME_FUNCTION(Runtime_ConstructInternalAggregateErrorHelper) {
   return *result;
 }
 
+RUNTIME_FUNCTION(Runtime_ConstructSuppressedError) {
+  HandleScope scope(isolate);
+  DCHECK_EQ(3, args.length());
+  Handle<JSFunction> target = args.at<JSFunction>(0);
+  Handle<Object> new_target = args.at(1);
+  DirectHandle<Object> message = args.at(2);
+
+  DCHECK_EQ(*target, *isolate->suppressed_error_function());
+
+  Handle<Object> result;
+  ASSIGN_RETURN_FAILURE_ON_EXCEPTION(
+      isolate, result,
+      ErrorUtils::Construct(isolate, target, new_target, message,
+                            isolate->factory()->undefined_value()));
+  return *result;
+}
+
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/runtime/runtime-regexp.cc b/deps/v8/src/runtime/runtime-regexp.cc
index 31a65659a2e3a9..e2e2a16a421984 100644
--- a/deps/v8/src/runtime/runtime-regexp.cc
+++ b/deps/v8/src/runtime/runtime-regexp.cc
@@ -84,8 +84,8 @@ class CompiledReplacement {
  public:
   // Return whether the replacement is simple.
   bool Compile(Isolate* isolate, DirectHandle<JSRegExp> regexp,
-               Handle<String> replacement, int capture_count,
-               int subject_length);
+               DirectHandle<RegExpData> regexp_data, Handle<String> replacement,
+               int capture_count, int subject_length);
 
   // Use Apply only if Compile returned false.
   void Apply(ReplacementStringBuilder* builder, int match_from, int match_to,
@@ -337,6 +337,7 @@ class CompiledReplacement {
 
 bool CompiledReplacement::Compile(Isolate* isolate,
                                   DirectHandle<JSRegExp> regexp,
+                                  DirectHandle<RegExpData> regexp_data,
                                   Handle<String> replacement, int capture_count,
                                   int subject_length) {
   {
@@ -346,8 +347,12 @@ bool CompiledReplacement::Compile(Isolate* isolate,
 
     Tagged<FixedArray> capture_name_map;
     if (capture_count > 0) {
-      DCHECK(JSRegExp::TypeSupportsCaptures(regexp->type_tag()));
-      Tagged<Object> maybe_capture_name_map = regexp->capture_name_map();
+      // capture_count > 0 implies IrRegExpData. Since capture_count is in
+      // trusted space, this is not a SBXCHECK.
+      DCHECK(Is<IrRegExpData>(*regexp_data));
+      Tagged<IrRegExpData> re_data = Cast<IrRegExpData>(*regexp_data);
+
+      Tagged<Object> maybe_capture_name_map = re_data->capture_name_map();
       if (IsFixedArray(maybe_capture_name_map)) {
         capture_name_map = Cast<FixedArray>(maybe_capture_name_map);
       }
@@ -559,14 +564,14 @@ V8_WARN_UNUSED_RESULT static Tagged<Object>
 StringReplaceGlobalAtomRegExpWithString(
     Isolate* isolate, DirectHandle<String> subject,
     DirectHandle<JSRegExp> pattern_regexp, DirectHandle<String> replacement,
-    Handle<RegExpMatchInfo> last_match_info) {
+    Handle<RegExpMatchInfo> last_match_info,
+    DirectHandle<AtomRegExpData> regexp_data) {
   DCHECK(subject->IsFlat());
   DCHECK(replacement->IsFlat());
 
   std::vector<int>* indices = GetRewoundRegexpIndicesList(isolate);
 
-  DCHECK_EQ(JSRegExp::ATOM, pattern_regexp->type_tag());
-  Tagged<String> pattern = pattern_regexp->atom_pattern();
+  Tagged<String> pattern = regexp_data->pattern();
   int subject_len = subject->length();
   int pattern_len = pattern->length();
   int replacement_len = replacement->length();
@@ -637,36 +642,40 @@ StringReplaceGlobalAtomRegExpWithString(
 }
 
 V8_WARN_UNUSED_RESULT static Tagged<Object> StringReplaceGlobalRegExpWithString(
-    Isolate* isolate, Handle<String> subject, Handle<JSRegExp> regexp,
-    Handle<String> replacement, Handle<RegExpMatchInfo> last_match_info) {
+    Isolate* isolate, Handle<String> subject, DirectHandle<JSRegExp> regexp,
+    DirectHandle<RegExpData> regexp_data, Handle<String> replacement,
+    Handle<RegExpMatchInfo> last_match_info) {
   DCHECK(subject->IsFlat());
   DCHECK(replacement->IsFlat());
 
-  int capture_count = regexp->capture_count();
+  int capture_count = regexp_data->capture_count();
   int subject_length = subject->length();
 
   // Ensure the RegExp is compiled so we can access the capture-name map.
-  if (!RegExp::EnsureFullyCompiled(isolate, regexp, subject)) {
+  if (!RegExp::EnsureFullyCompiled(isolate, regexp_data, subject)) {
     return ReadOnlyRoots(isolate).exception();
   }
 
   CompiledReplacement compiled_replacement;
   const bool simple_replace = compiled_replacement.Compile(
-      isolate, regexp, replacement, capture_count, subject_length);
+      isolate, regexp, regexp_data, replacement, capture_count, subject_length);
 
-  // Shortcut for simple non-regexp global replacements
-  if (regexp->type_tag() == JSRegExp::ATOM && simple_replace) {
+  // Shortcut for simple non-regexp global replacements.
+  if (regexp_data->type_tag() == RegExpData::Type::ATOM && simple_replace) {
     if (subject->IsOneByteRepresentation() &&
         replacement->IsOneByteRepresentation()) {
       return StringReplaceGlobalAtomRegExpWithString<SeqOneByteString>(
-          isolate, subject, regexp, replacement, last_match_info);
+          isolate, subject, regexp, replacement, last_match_info,
+          Cast<AtomRegExpData>(regexp_data));
     } else {
       return StringReplaceGlobalAtomRegExpWithString<SeqTwoByteString>(
-          isolate, subject, regexp, replacement, last_match_info);
+          isolate, subject, regexp, replacement, last_match_info,
+          Cast<AtomRegExpData>(regexp_data));
     }
   }
 
-  RegExpGlobalCache global_cache(regexp, subject, isolate);
+  RegExpGlobalCache global_cache(handle(*regexp_data, isolate), subject,
+                                 isolate);
   if (global_cache.HasException()) return ReadOnlyRoots(isolate).exception();
 
   int32_t* current_match = global_cache.FetchNext();
@@ -718,23 +727,27 @@ V8_WARN_UNUSED_RESULT static Tagged<Object> StringReplaceGlobalRegExpWithString(
 template <typename ResultSeqString>
 V8_WARN_UNUSED_RESULT static Tagged<Object>
 StringReplaceGlobalRegExpWithEmptyString(
-    Isolate* isolate, Handle<String> subject, Handle<JSRegExp> regexp,
+    Isolate* isolate, Handle<String> subject, DirectHandle<JSRegExp> regexp,
+    DirectHandle<RegExpData> regexp_data,
     Handle<RegExpMatchInfo> last_match_info) {
   DCHECK(subject->IsFlat());
 
-  // Shortcut for simple non-regexp global replacements
-  if (regexp->type_tag() == JSRegExp::ATOM) {
+  // Shortcut for simple non-regexp global replacements.
+  if (regexp_data->type_tag() == RegExpData::Type::ATOM) {
     DirectHandle<String> empty_string = isolate->factory()->empty_string();
     if (subject->IsOneByteRepresentation()) {
       return StringReplaceGlobalAtomRegExpWithString<SeqOneByteString>(
-          isolate, subject, regexp, empty_string, last_match_info);
+          isolate, subject, regexp, empty_string, last_match_info,
+          Cast<AtomRegExpData>(regexp_data));
     } else {
       return StringReplaceGlobalAtomRegExpWithString<SeqTwoByteString>(
-          isolate, subject, regexp, empty_string, last_match_info);
+          isolate, subject, regexp, empty_string, last_match_info,
+          Cast<AtomRegExpData>(regexp_data));
     }
   }
 
-  RegExpGlobalCache global_cache(regexp, subject, isolate);
+  RegExpGlobalCache global_cache(handle(*regexp_data, isolate), subject,
+                                 isolate);
   if (global_cache.HasException()) return ReadOnlyRoots(isolate).exception();
 
   int32_t* current_match = global_cache.FetchNext();
@@ -745,7 +758,7 @@ StringReplaceGlobalRegExpWithEmptyString(
 
   int start = current_match[0];
   int end = current_match[1];
-  int capture_count = regexp->capture_count();
+  int capture_count = regexp_data->capture_count();
   int subject_length = subject->length();
 
   int new_length = subject_length - (end - start);
@@ -899,7 +912,7 @@ RUNTIME_FUNCTION(Runtime_StringSplit) {
 
 namespace {
 
-MaybeHandle<Object> RegExpExec(Isolate* isolate, Handle<JSRegExp> regexp,
+MaybeHandle<Object> RegExpExec(Isolate* isolate, DirectHandle<JSRegExp> regexp,
                                Handle<String> subject, int32_t index,
                                Handle<RegExpMatchInfo> last_match_info,
                                RegExp::ExecQuirks exec_quirks) {
@@ -913,9 +926,9 @@ MaybeHandle<Object> RegExpExec(Isolate* isolate, Handle<JSRegExp> regexp,
 }
 
 MaybeHandle<Object> ExperimentalOneshotExec(
-    Isolate* isolate, Handle<JSRegExp> regexp, Handle<String> subject,
-    int32_t index, Handle<RegExpMatchInfo> last_match_info,
-    RegExp::ExecQuirks exec_quirks) {
+    Isolate* isolate, DirectHandle<JSRegExp> regexp,
+    DirectHandle<String> subject, int32_t index,
+    Handle<RegExpMatchInfo> last_match_info, RegExp::ExecQuirks exec_quirks) {
   // Due to the way the JS calls are constructed this must be less than the
   // length of a string, i.e. it is always a Smi.  We check anyway for security.
   CHECK_LE(0, index);
@@ -930,7 +943,7 @@ MaybeHandle<Object> ExperimentalOneshotExec(
 RUNTIME_FUNCTION(Runtime_RegExpExec) {
   HandleScope scope(isolate);
   DCHECK_EQ(4, args.length());
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(0);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(0);
   Handle<String> subject = args.at<String>(1);
   int32_t index = 0;
   CHECK(Object::ToInt32(args[2], &index));
@@ -943,7 +956,7 @@ RUNTIME_FUNCTION(Runtime_RegExpExec) {
 RUNTIME_FUNCTION(Runtime_RegExpExecTreatMatchAtEndAsFailure) {
   HandleScope scope(isolate);
   DCHECK_EQ(4, args.length());
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(0);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(0);
   Handle<String> subject = args.at<String>(1);
   int32_t index = 0;
   CHECK(Object::ToInt32(args[2], &index));
@@ -956,8 +969,8 @@ RUNTIME_FUNCTION(Runtime_RegExpExecTreatMatchAtEndAsFailure) {
 RUNTIME_FUNCTION(Runtime_RegExpExperimentalOneshotExec) {
   HandleScope scope(isolate);
   DCHECK_EQ(4, args.length());
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(0);
-  Handle<String> subject = args.at<String>(1);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(0);
+  DirectHandle<String> subject = args.at<String>(1);
   int32_t index = 0;
   CHECK(Object::ToInt32(args[2], &index));
   Handle<RegExpMatchInfo> last_match_info = args.at<RegExpMatchInfo>(3);
@@ -971,8 +984,8 @@ RUNTIME_FUNCTION(
     Runtime_RegExpExperimentalOneshotExecTreatMatchAtEndAsFailure) {
   HandleScope scope(isolate);
   DCHECK_EQ(4, args.length());
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(0);
-  Handle<String> subject = args.at<String>(1);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(0);
+  DirectHandle<String> subject = args.at<String>(1);
   int32_t index = 0;
   CHECK(Object::ToInt32(args[2], &index));
   Handle<RegExpMatchInfo> last_match_info = args.at<RegExpMatchInfo>(3);
@@ -1000,13 +1013,15 @@ namespace {
 class MatchInfoBackedMatch : public String::Match {
  public:
   MatchInfoBackedMatch(Isolate* isolate, DirectHandle<JSRegExp> regexp,
+                       DirectHandle<RegExpData> regexp_data,
                        Handle<String> subject,
                        Handle<RegExpMatchInfo> match_info)
       : isolate_(isolate), match_info_(match_info) {
     subject_ = String::Flatten(isolate, subject);
 
-    if (JSRegExp::TypeSupportsCaptures(regexp->type_tag())) {
-      Tagged<Object> o = regexp->capture_name_map();
+    if (RegExpData::TypeSupportsCaptures(regexp_data->type_tag())) {
+      DCHECK(Is<IrRegExpData>(*regexp_data));
+      Tagged<Object> o = Cast<IrRegExpData>(regexp_data)->capture_name_map();
       has_named_captures_ = IsFixedArray(o);
       if (has_named_captures_) {
         capture_name_map_ = handle(Cast<FixedArray>(o), isolate);
@@ -1163,9 +1178,13 @@ class VectorBackedMatch : public String::Match {
 
 // Create the groups object (see also the RegExp result creation in
 // RegExpBuiltinsAssembler::ConstructNewResultFromMatchInfo).
+// TODO(42203211): We cannot simply pass a std::function here, as the closure
+// may contain direct handles and they cannot be stored off-stack.
+template <typename FunctionType,
+          typename = std::enable_if_t<std::is_function_v<Tagged<Object>(int)>>>
 Handle<JSObject> ConstructNamedCaptureGroupsObject(
     Isolate* isolate, DirectHandle<FixedArray> capture_map,
-    const std::function<Tagged<Object>(int)>& f_get_capture) {
+    const FunctionType& f_get_capture) {
   Handle<JSObject> groups = isolate->factory()->NewJSObjectWithNullProto();
 
   const int named_capture_count = capture_map->length() >> 1;
@@ -1204,10 +1223,12 @@ Handle<JSObject> ConstructNamedCaptureGroupsObject(
 // separate last match info.  See comment on that function.
 template <bool has_capture>
 static Tagged<Object> SearchRegExpMultiple(
-    Isolate* isolate, Handle<String> subject, Handle<JSRegExp> regexp,
+    Isolate* isolate, Handle<String> subject, DirectHandle<JSRegExp> regexp,
+    DirectHandle<RegExpData> regexp_data,
     Handle<RegExpMatchInfo> last_match_array) {
   DCHECK(RegExpUtils::IsUnmodifiedRegExp(isolate, regexp));
-  DCHECK_NE(has_capture, regexp->capture_count() == 0);
+  DCHECK_NE(has_capture, regexp_data->capture_count() == 0);
+  DCHECK_IMPLIES(has_capture, Is<IrRegExpData>(*regexp_data));
   DCHECK(subject->IsFlat());
 
   // Force tier up to native code for global replaces. The global replace is
@@ -1215,15 +1236,16 @@ static Tagged<Object> SearchRegExpMultiple(
   // native code expects an array to store all the matches, and the bytecode
   // matches one at a time, so it's easier to tier-up to native code from the
   // start.
-  if (v8_flags.regexp_tier_up && regexp->type_tag() == JSRegExp::IRREGEXP) {
-    regexp->MarkTierUpForNextExec();
+  if (v8_flags.regexp_tier_up &&
+      regexp_data->type_tag() == RegExpData::Type::IRREGEXP) {
+    Cast<IrRegExpData>(regexp_data)->MarkTierUpForNextExec();
     if (v8_flags.trace_regexp_tier_up) {
       PrintF("Forcing tier-up of JSRegExp object %p in SearchRegExpMultiple\n",
              reinterpret_cast<void*>(regexp->ptr()));
     }
   }
 
-  int capture_count = regexp->capture_count();
+  int capture_count = regexp_data->capture_count();
   int subject_length = subject->length();
 
   static const int kMinLengthToCache = 0x1000;
@@ -1231,7 +1253,7 @@ static Tagged<Object> SearchRegExpMultiple(
   if (subject_length > kMinLengthToCache) {
     Tagged<FixedArray> last_match_cache;
     Tagged<Object> cached_answer = RegExpResultsCache::Lookup(
-        isolate->heap(), *subject, regexp->data(), &last_match_cache,
+        isolate->heap(), *subject, regexp_data->wrapper(), &last_match_cache,
         RegExpResultsCache::REGEXP_MULTIPLE_INDICES);
     if (IsFixedArray(cached_answer)) {
       int capture_registers = JSRegExp::RegistersForCaptureCount(capture_count);
@@ -1252,7 +1274,8 @@ static Tagged<Object> SearchRegExpMultiple(
     }
   }
 
-  RegExpGlobalCache global_cache(regexp, subject, isolate);
+  RegExpGlobalCache global_cache(handle(*regexp_data, isolate), subject,
+                                 isolate);
   if (global_cache.HasException()) return ReadOnlyRoots(isolate).exception();
 
   FixedArrayBuilder builder = FixedArrayBuilder::Lazy(isolate);
@@ -1278,7 +1301,7 @@ static Tagged<Object> SearchRegExpMultiple(
     {
       // Avoid accumulating new handles inside loop.
       HandleScope temp_scope(isolate);
-      Handle<String> match;
+      DirectHandle<String> match;
       if (!first) {
         match = isolate->factory()->NewProperSubString(subject, match_start,
                                                        match_end);
@@ -1293,13 +1316,16 @@ static Tagged<Object> SearchRegExpMultiple(
         // subject, i.e., 3 + capture count in total. If the RegExp contains
         // named captures, they are also passed as the last argument.
 
-        Handle<Object> maybe_capture_map(regexp->capture_name_map(), isolate);
+        // has_capture can only be true for IrRegExp.
+        Tagged<IrRegExpData> re_data = Cast<IrRegExpData>(*regexp_data);
+        Handle<Object> maybe_capture_map(re_data->capture_name_map(), isolate);
         const bool has_named_captures = IsFixedArray(*maybe_capture_map);
 
         const int argc =
             has_named_captures ? 4 + capture_count : 3 + capture_count;
 
-        Handle<FixedArray> elements = isolate->factory()->NewFixedArray(argc);
+        DirectHandle<FixedArray> elements =
+            isolate->factory()->NewFixedArray(argc);
         int cursor = 0;
 
         elements->set(cursor++, *match);
@@ -1365,8 +1391,9 @@ static Tagged<Object> SearchRegExpMultiple(
           isolate->factory()->CopyFixedArrayWithMap(
               result_fixed_array, isolate->factory()->fixed_array_map());
       RegExpResultsCache::Enter(
-          isolate, subject, handle(regexp->data(), isolate), copied_fixed_array,
-          last_match_cache, RegExpResultsCache::REGEXP_MULTIPLE_INDICES);
+          isolate, subject, handle(regexp->data(isolate)->wrapper(), isolate),
+          copied_fixed_array, last_match_cache,
+          RegExpResultsCache::REGEXP_MULTIPLE_INDICES);
     }
     return *builder.array();
   } else {
@@ -1391,6 +1418,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<String> RegExpReplace(
   replace = String::Flatten(isolate, replace);
 
   Handle<RegExpMatchInfo> last_match_info = isolate->regexp_last_match_info();
+  DirectHandle<RegExpData> data = direct_handle(regexp->data(isolate), isolate);
 
   if (!global) {
     // Non-global regexp search, string replace.
@@ -1432,7 +1460,7 @@ V8_WARN_UNUSED_RESULT MaybeHandle<String> RegExpReplace(
     builder.AppendString(factory->NewSubString(string, 0, start_index));
 
     if (replace->length() > 0) {
-      MatchInfoBackedMatch m(isolate, regexp, string, match_indices);
+      MatchInfoBackedMatch m(isolate, regexp, data, string, match_indices);
       Handle<String> replacement;
       ASSIGN_RETURN_ON_EXCEPTION(isolate, replacement,
                                  String::GetSubstitution(isolate, &m, replace));
@@ -1452,8 +1480,9 @@ V8_WARN_UNUSED_RESULT MaybeHandle<String> RegExpReplace(
     // native code expects an array to store all the matches, and the bytecode
     // matches one at a time, so it's easier to tier-up to native code from the
     // start.
-    if (v8_flags.regexp_tier_up && regexp->type_tag() == JSRegExp::IRREGEXP) {
-      regexp->MarkTierUpForNextExec();
+    if (v8_flags.regexp_tier_up &&
+        data->type_tag() == RegExpData::Type::IRREGEXP) {
+      Cast<IrRegExpData>(data)->MarkTierUpForNextExec();
       if (v8_flags.trace_regexp_tier_up) {
         PrintF("Forcing tier-up of JSRegExp object %p in RegExpReplace\n",
                reinterpret_cast<void*>(regexp->ptr()));
@@ -1464,18 +1493,18 @@ V8_WARN_UNUSED_RESULT MaybeHandle<String> RegExpReplace(
       if (string->IsOneByteRepresentation()) {
         Tagged<Object> result =
             StringReplaceGlobalRegExpWithEmptyString<SeqOneByteString>(
-                isolate, string, regexp, last_match_info);
+                isolate, string, regexp, data, last_match_info);
         return handle(Cast<String>(result), isolate);
       } else {
         Tagged<Object> result =
             StringReplaceGlobalRegExpWithEmptyString<SeqTwoByteString>(
-                isolate, string, regexp, last_match_info);
+                isolate, string, regexp, data, last_match_info);
         return handle(Cast<String>(result), isolate);
       }
     }
 
     Tagged<Object> result = StringReplaceGlobalRegExpWithString(
-        isolate, string, regexp, replace, last_match_info);
+        isolate, string, regexp, data, replace, last_match_info);
     if (IsString(result)) {
       return handle(Cast<String>(result), isolate);
     } else {
@@ -1493,22 +1522,24 @@ RUNTIME_FUNCTION(Runtime_RegExpExecMultiple) {
   HandleScope handles(isolate);
   DCHECK_EQ(3, args.length());
 
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(0);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(0);
   Handle<String> subject = args.at<String>(1);
   Handle<RegExpMatchInfo> last_match_info = args.at<RegExpMatchInfo>(2);
 
   DCHECK(RegExpUtils::IsUnmodifiedRegExp(isolate, regexp));
+  DirectHandle<RegExpData> regexp_data =
+      direct_handle(regexp->data(isolate), isolate);
 
   subject = String::Flatten(isolate, subject);
   CHECK(regexp->flags() & JSRegExp::kGlobal);
 
   Tagged<Object> result;
-  if (regexp->capture_count() == 0) {
-    result =
-        SearchRegExpMultiple<false>(isolate, subject, regexp, last_match_info);
+  if (regexp_data->capture_count() == 0) {
+    result = SearchRegExpMultiple<false>(isolate, subject, regexp, regexp_data,
+                                         last_match_info);
   } else {
-    result =
-        SearchRegExpMultiple<true>(isolate, subject, regexp, last_match_info);
+    result = SearchRegExpMultiple<true>(isolate, subject, regexp, regexp_data,
+                                        last_match_info);
   }
   DCHECK(RegExpUtils::IsUnmodifiedRegExp(isolate, regexp));
   return result;
@@ -1518,7 +1549,7 @@ RUNTIME_FUNCTION(Runtime_StringReplaceNonGlobalRegExpWithFunction) {
   HandleScope scope(isolate);
   DCHECK_EQ(3, args.length());
   Handle<String> subject = args.at<String>(0);
-  Handle<JSRegExp> regexp = args.at<JSRegExp>(1);
+  DirectHandle<JSRegExp> regexp = args.at<JSRegExp>(1);
   Handle<JSReceiver> replace_obj = args.at<JSReceiver>(2);
 
   DCHECK(RegExpUtils::IsUnmodifiedRegExp(isolate, regexp));
@@ -1526,6 +1557,7 @@ RUNTIME_FUNCTION(Runtime_StringReplaceNonGlobalRegExpWithFunction) {
 
   Factory* factory = isolate->factory();
   Handle<RegExpMatchInfo> last_match_info = isolate->regexp_last_match_info();
+  DirectHandle<RegExpData> data = direct_handle(regexp->data(isolate), isolate);
 
   const int flags = regexp->flags();
   DCHECK_EQ(flags & JSRegExp::kGlobal, 0);
@@ -1577,14 +1609,15 @@ RUNTIME_FUNCTION(Runtime_StringReplaceNonGlobalRegExpWithFunction) {
   const int m = match_indices->number_of_capture_registers() / 2;
 
   bool has_named_captures = false;
-  Handle<FixedArray> capture_map;
+  DirectHandle<FixedArray> capture_map;
   if (m > 1) {
-    DCHECK(JSRegExp::TypeSupportsCaptures(regexp->type_tag()));
+    SBXCHECK(Is<IrRegExpData>(*data));
 
-    Tagged<Object> maybe_capture_map = regexp->capture_name_map();
+    Tagged<Object> maybe_capture_map =
+        Cast<IrRegExpData>(data)->capture_name_map();
     if (IsFixedArray(maybe_capture_map)) {
       has_named_captures = true;
-      capture_map = handle(Cast<FixedArray>(maybe_capture_map), isolate);
+      capture_map = direct_handle(Cast<FixedArray>(maybe_capture_map), isolate);
     }
   }
 
diff --git a/deps/v8/src/runtime/runtime-scopes.cc b/deps/v8/src/runtime/runtime-scopes.cc
index 23a5b16b29308a..617b54c281b281 100644
--- a/deps/v8/src/runtime/runtime-scopes.cc
+++ b/deps/v8/src/runtime/runtime-scopes.cc
@@ -138,15 +138,11 @@ RUNTIME_FUNCTION(Runtime_DeclareModuleExports) {
   DirectHandle<FixedArray> declarations = args.at<FixedArray>(0);
   DirectHandle<JSFunction> closure = args.at<JSFunction>(1);
 
-  Handle<ClosureFeedbackCellArray> closure_feedback_cell_array =
-      Handle<ClosureFeedbackCellArray>::null();
-  if (closure->has_feedback_vector()) {
-    closure_feedback_cell_array = Handle<ClosureFeedbackCellArray>(
-        closure->feedback_vector()->closure_feedback_cell_array(), isolate);
-  } else {
-    closure_feedback_cell_array = Handle<ClosureFeedbackCellArray>(
-        closure->closure_feedback_cell_array(), isolate);
-  }
+  DirectHandle<ClosureFeedbackCellArray> closure_feedback_cell_array(
+      closure->has_feedback_vector()
+          ? closure->feedback_vector()->closure_feedback_cell_array()
+          : closure->closure_feedback_cell_array(),
+      isolate);
 
   Handle<Context> context(isolate->context(), isolate);
   DCHECK(context->IsModuleContext());
@@ -189,15 +185,11 @@ RUNTIME_FUNCTION(Runtime_DeclareGlobals) {
   Handle<JSGlobalObject> global(isolate->global_object());
   Handle<Context> context(isolate->context(), isolate);
 
-  Handle<ClosureFeedbackCellArray> closure_feedback_cell_array =
-      Handle<ClosureFeedbackCellArray>::null();
-  if (closure->has_feedback_vector()) {
-    closure_feedback_cell_array = Handle<ClosureFeedbackCellArray>(
-        closure->feedback_vector()->closure_feedback_cell_array(), isolate);
-  } else {
-    closure_feedback_cell_array = Handle<ClosureFeedbackCellArray>(
-        closure->closure_feedback_cell_array(), isolate);
-  }
+  DirectHandle<ClosureFeedbackCellArray> closure_feedback_cell_array(
+      closure->has_feedback_vector()
+          ? closure->feedback_vector()->closure_feedback_cell_array()
+          : closure->closure_feedback_cell_array(),
+      isolate);
 
   // Traverse the name/value pairs and set the properties.
   int length = declarations->length();
@@ -244,7 +236,7 @@ RUNTIME_FUNCTION(Runtime_InitializeDisposableStack) {
   HandleScope scope(isolate);
   DCHECK_EQ(0, args.length());
 
-  Handle<JSDisposableStackBase> disposable_stack =
+  DirectHandle<JSDisposableStackBase> disposable_stack =
       isolate->factory()->NewJSDisposableStackBase();
   JSDisposableStackBase::InitializeJSDisposableStackBase(isolate,
                                                          disposable_stack);
diff --git a/deps/v8/src/runtime/runtime-shadow-realm.cc b/deps/v8/src/runtime/runtime-shadow-realm.cc
index f7cc1f42160aee..d4a3c54c31ee24 100644
--- a/deps/v8/src/runtime/runtime-shadow-realm.cc
+++ b/deps/v8/src/runtime/runtime-shadow-realm.cc
@@ -43,12 +43,13 @@ RUNTIME_FUNCTION(Runtime_ShadowRealmThrow) {
   DCHECK_EQ(2, args.length());
   HandleScope scope(isolate);
   int message_id_smi = args.smi_value_at(0);
-  DirectHandle<Object> value = args.at(1);
+  Handle<Object> value = args.at(1);
 
   MessageTemplate message_id = MessageTemplateFromInt(message_id_smi);
 
   DirectHandle<String> string = Object::NoSideEffectsToString(isolate, value);
-  THROW_NEW_ERROR_RETURN_FAILURE(isolate, NewTypeError(message_id, string));
+  THROW_NEW_ERROR_RETURN_FAILURE(
+      isolate, ShadowRealmNewTypeErrorCopy(value, message_id, string));
 }
 
 }  // namespace internal
diff --git a/deps/v8/src/runtime/runtime-test-wasm.cc b/deps/v8/src/runtime/runtime-test-wasm.cc
index 0dd1905bfd8dc6..3b09083f819c2e 100644
--- a/deps/v8/src/runtime/runtime-test-wasm.cc
+++ b/deps/v8/src/runtime/runtime-test-wasm.cc
@@ -11,6 +11,7 @@
 #include "src/execution/arguments-inl.h"
 #include "src/execution/frames-inl.h"
 #include "src/heap/heap-inl.h"
+#include "src/objects/property-descriptor.h"
 #include "src/objects/smi.h"
 #include "src/trap-handler/trap-handler.h"
 #include "src/wasm/fuzzing/random-module-generation.h"
@@ -193,10 +194,9 @@ RUNTIME_FUNCTION(Runtime_HasUnoptimizedWasmToJSWrapper) {
   }
   Tagged<JSFunction> function = Cast<JSFunction>(args[0]);
   Tagged<SharedFunctionInfo> sfi = function->shared();
-  Tagged<Object> func_data = sfi->GetData(isolate);
-  if (!IsWasmFunctionData(func_data)) return isolate->heap()->ToBoolean(false);
-  Address call_target =
-      Cast<WasmFunctionData>(func_data)->internal()->call_target();
+  if (!sfi->HasWasmFunctionData()) return isolate->heap()->ToBoolean(false);
+  Tagged<WasmFunctionData> func_data = sfi->wasm_function_data();
+  Address call_target = func_data->internal()->call_target();
 
   Address wrapper = Builtins::EntryOf(Builtin::kWasmToJsWrapperAsm, isolate);
   return isolate->heap()->ToBoolean(call_target == wrapper);
@@ -248,6 +248,9 @@ RUNTIME_FUNCTION(Runtime_WasmTraceEnter) {
   DebuggableStackFrameIterator it(isolate);
   DCHECK(!it.done());
   DCHECK(it.is_wasm());
+#if V8_ENABLE_DRUMBRAKE
+  DCHECK(!it.is_wasm_interpreter_entry());
+#endif  // V8_ENABLE_DRUMBRAKE
   WasmFrame* frame = WasmFrame::cast(it.frame());
 
   // Find the function name.
@@ -286,6 +289,9 @@ RUNTIME_FUNCTION(Runtime_WasmTraceExit) {
   DebuggableStackFrameIterator it(isolate);
   DCHECK(!it.done());
   DCHECK(it.is_wasm());
+#if V8_ENABLE_DRUMBRAKE
+  DCHECK(!it.is_wasm_interpreter_entry());
+#endif  // V8_ENABLE_DRUMBRAKE
   WasmFrame* frame = WasmFrame::cast(it.frame());
   int func_index = frame->function_index();
   const wasm::WasmModule* module = frame->trusted_instance_data()->module();
@@ -378,6 +384,14 @@ RUNTIME_FUNCTION(Runtime_IsWasmCode) {
   Tagged<Code> code = function->code(isolate);
   bool is_js_to_wasm = code->kind() == CodeKind::JS_TO_WASM_FUNCTION ||
                        (code->builtin_id() == Builtin::kJSToWasmWrapper);
+#if V8_ENABLE_DRUMBRAKE
+  // TODO(paolosev@microsoft.com) - Implement an empty
+  // GenericJSToWasmInterpreterWrapper also when V8_ENABLE_DRUMBRAKE is not
+  // defined to get rid of these #ifdefs.
+  is_js_to_wasm =
+      is_js_to_wasm ||
+      (code->builtin_id() == Builtin::kGenericJSToWasmInterpreterWrapper);
+#endif  // V8_ENABLE_DRUMBRAKE
   return isolate->heap()->ToBoolean(is_js_to_wasm);
 }
 
@@ -562,6 +576,9 @@ RUNTIME_FUNCTION(Runtime_WasmTraceMemory) {
   DebuggableStackFrameIterator it(isolate);
   DCHECK(!it.done());
   DCHECK(it.is_wasm());
+#if V8_ENABLE_DRUMBRAKE
+  DCHECK(!it.is_wasm_interpreter_entry());
+#endif  // V8_ENABLE_DRUMBRAKE
   WasmFrame* frame = WasmFrame::cast(it.frame());
 
   // TODO(14259): Fix for multi-memory.
@@ -578,6 +595,8 @@ RUNTIME_FUNCTION(Runtime_WasmTraceMemory) {
 }
 
 RUNTIME_FUNCTION(Runtime_WasmTierUpFunction) {
+  DCHECK(!v8_flags.wasm_jitless);
+
   HandleScope scope(isolate);
   if (args.length() != 1 || !IsJSFunction(args[0])) {
     return CrashUnlessFuzzing(isolate);
@@ -595,10 +614,160 @@ RUNTIME_FUNCTION(Runtime_WasmTierUpFunction) {
 }
 
 RUNTIME_FUNCTION(Runtime_WasmNull) {
+  // This isn't exposed to fuzzers. (Wasm nulls may not appear in JS.)
   HandleScope scope(isolate);
   return ReadOnlyRoots(isolate).wasm_null();
 }
 
+static Tagged<Object> CreateWasmObject(
+    Isolate* isolate, base::Vector<const uint8_t> module_bytes) {
+  // Create and compile the wasm module.
+  wasm::ErrorThrower thrower(isolate, "CreateWasmObject");
+  wasm::ModuleWireBytes bytes(base::VectorOf(module_bytes));
+  wasm::WasmEngine* engine = wasm::GetWasmEngine();
+  MaybeHandle<WasmModuleObject> maybe_module_object =
+      engine->SyncCompile(isolate, wasm::WasmEnabledFeatures(),
+                          wasm::CompileTimeImports(), &thrower, bytes);
+  CHECK(!thrower.error());
+  Handle<WasmModuleObject> module_object;
+  if (!maybe_module_object.ToHandle(&module_object)) {
+    DCHECK(isolate->has_exception());
+    return ReadOnlyRoots(isolate).exception();
+  }
+  // Instantiate the module.
+  MaybeHandle<WasmInstanceObject> maybe_instance = engine->SyncInstantiate(
+      isolate, &thrower, module_object, Handle<JSReceiver>::null(),
+      MaybeHandle<JSArrayBuffer>());
+  CHECK(!thrower.error());
+  Handle<WasmInstanceObject> instance;
+  if (!maybe_instance.ToHandle(&instance)) {
+    DCHECK(isolate->has_exception());
+    return ReadOnlyRoots(isolate).exception();
+  }
+  // Get the exports.
+  Handle<Name> exports = isolate->factory()->InternalizeUtf8String("exports");
+  MaybeHandle<Object> maybe_exports =
+      JSObject::GetProperty(isolate, instance, exports);
+  Handle<Object> exports_object;
+  if (!maybe_exports.ToHandle(&exports_object)) {
+    DCHECK(isolate->has_exception());
+    return ReadOnlyRoots(isolate).exception();
+  }
+  // Get function and call it.
+  Handle<Name> main_name = isolate->factory()->NewStringFromAsciiChecked("f");
+  PropertyDescriptor desc;
+  Maybe<bool> property_found = JSReceiver::GetOwnPropertyDescriptor(
+      isolate, Cast<JSObject>(exports_object), main_name, &desc);
+  CHECK(property_found.FromMaybe(false));
+  CHECK(IsJSFunction(*desc.value()));
+  Handle<JSFunction> function = Cast<JSFunction>(desc.value());
+  MaybeHandle<Object> maybe_result = Execution::Call(
+      isolate, function, isolate->factory()->undefined_value(), 0, nullptr);
+  Handle<Object> result;
+  if (!maybe_result.ToHandle(&result)) {
+    DCHECK(isolate->has_exception());
+    return ReadOnlyRoots(isolate).exception();
+  }
+  return *result;
+}
+
+// Creates a new wasm struct with one i64 (value 0x7AADF00DBAADF00D).
+RUNTIME_FUNCTION(Runtime_WasmStruct) {
+  HandleScope scope(isolate);
+  /* Recreate with:
+    d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+    let builder = new WasmModuleBuilder();
+    let struct = builder.addStruct([makeField(kWasmI64, false)]);
+    builder.addFunction("f", makeSig([], [kWasmAnyRef]))
+      .addBody([
+        ...wasmI64Const(0x7AADF00DBAADF00Dn),
+        kGCPrefix, kExprStructNew, struct
+      ])
+      .exportFunc();
+    builder.instantiate();
+  */
+  static constexpr uint8_t wasm_module_bytes[] = {
+      0x00, 0x61, 0x73, 0x6d,  // wasm magic
+      0x01, 0x00, 0x00, 0x00,  // wasm version
+      0x01,                    // section kind: Type
+      0x0b,                    // section length 11
+      0x02,                    // types count 2
+      0x50, 0x00,              //  subtype extensible, supertype count 0
+      0x5f, 0x01, 0x7e, 0x00,  //  kind: struct, field count 1:  i64 immutable
+      0x60,                    //  kind: func
+      0x00,                    // param count 0
+      0x01, 0x6e,              // return count 1:  anyref
+      0x03,                    // section kind: Function
+      0x02,                    // section length 2
+      0x01, 0x01,              // functions count 1: 0 $f (result anyref)
+      0x07,                    // section kind: Export
+      0x05,                    // section length 5
+      0x01,                    // exports count 1: export # 0
+      0x01,                    // field name length:  1
+      0x66,                    // field name: f
+      0x00, 0x00,              // kind: function index:  0
+      0x0a,                    // section kind: Code
+      0x12,                    // section length 18
+      0x01,                    // functions count 1
+                               // function #0 $f
+      0x10,                    // body size 16
+      0x00,                    // 0 entries in locals list
+      0x42, 0x8d, 0xe0, 0xb7, 0xd5, 0xdb, 0x81, 0xfc, 0xd6, 0xfa,
+      0x00,              // i64.const 8839985585355354125
+      0xfb, 0x00, 0x00,  // struct.new $type0
+      0x0b,              // end
+  };
+  return CreateWasmObject(isolate, base::VectorOf(wasm_module_bytes));
+}
+
+// Creates a new wasm array of type i32 with two elements (2x 0xBAADF00D).
+RUNTIME_FUNCTION(Runtime_WasmArray) {
+  HandleScope scope(isolate);
+  /* Recreate with:
+    d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+    let builder = new WasmModuleBuilder();
+    let array = builder.addArray(kWasmI32, false);
+    builder.addFunction("f", makeSig([], [kWasmAnyRef]))
+      .addBody([
+        ...wasmI32Const(0xBAADF00D), kExprI32Const, 2,
+        kGCPrefix, kExprArrayNew, array
+      ])
+      .exportFunc();
+  */
+  static constexpr uint8_t wasm_module_bytes[] = {
+      0x00, 0x61, 0x73, 0x6d,  // wasm magic
+      0x01, 0x00, 0x00, 0x00,  // wasm version
+      0x01,                    // section kind: Type
+      0x0a,                    // section length 10
+      0x02,                    // types count 2
+      0x50, 0x00,              //  subtype extensible, supertype count 0
+      0x5e, 0x7f, 0x00,        //  kind: array i32 immutable
+      0x60,                    //  kind: func
+      0x00,                    // param count 0
+      0x01, 0x6e,              // return count 1:  anyref
+      0x03,                    // section kind: Function
+      0x02,                    // section length 2
+      0x01, 0x01,              // functions count 1: 0 $f (result anyref)
+      0x07,                    // section kind: Export
+      0x05,                    // section length 5
+      0x01,                    // exports count 1: export # 0
+      0x01,                    // field name length:  1
+      0x66,                    // field name: f
+      0x00, 0x00,              // kind: function index:  0
+      0x0a,                    // section kind: Code
+      0x0f,                    // section length 15
+      0x01,                    // functions count 1
+                               // function #0 $f
+      0x0d,                    // body size 13
+      0x00,                    // 0 entries in locals list
+      0x41, 0x8d, 0xe0, 0xb7, 0xd5, 0x7b,  // i32.const -1163005939
+      0x41, 0x02,                          // i32.const 2
+      0xfb, 0x06, 0x00,                    // array.new $type0
+      0x0b,                                // end
+  };
+  return CreateWasmObject(isolate, base::VectorOf(wasm_module_bytes));
+}
+
 RUNTIME_FUNCTION(Runtime_WasmEnterDebugging) {
   HandleScope scope(isolate);
   wasm::GetWasmEngine()->EnterDebuggingForIsolate(isolate);
@@ -683,9 +852,9 @@ RUNTIME_FUNCTION(Runtime_IsUncompiledWasmFunction) {
 }
 
 RUNTIME_FUNCTION(Runtime_FreezeWasmLazyCompilation) {
-  if (args.length() != 1 || !IsWasmInstanceObject(args[0])) {
-    return CrashUnlessFuzzing(isolate);
-  }
+  // This isn't exposed to fuzzers so doesn't need to handle invalid arguments.
+  DCHECK_EQ(args.length(), 1);
+  DCHECK(IsWasmInstanceObject(args[0]));
   DisallowGarbageCollection no_gc;
   auto instance_object = Cast<WasmInstanceObject>(args[0]);
 
diff --git a/deps/v8/src/runtime/runtime-test.cc b/deps/v8/src/runtime/runtime-test.cc
index c67550f82ef881..53026882ba62dc 100644
--- a/deps/v8/src/runtime/runtime-test.cc
+++ b/deps/v8/src/runtime/runtime-test.cc
@@ -146,12 +146,10 @@ RUNTIME_FUNCTION(Runtime_ConstructConsString) {
   DirectHandle<String> left = args.at<String>(0);
   DirectHandle<String> right = args.at<String>(1);
 
-  CHECK(left->IsOneByteRepresentation());
-  CHECK(right->IsOneByteRepresentation());
-
-  const bool kIsOneByte = true;
+  const bool is_one_byte =
+      left->IsOneByteRepresentation() && right->IsOneByteRepresentation();
   const int length = left->length() + right->length();
-  return *isolate->factory()->NewConsString(left, right, length, kIsOneByte);
+  return *isolate->factory()->NewConsString(left, right, length, is_one_byte);
 }
 
 RUNTIME_FUNCTION(Runtime_ConstructSlicedString) {
@@ -453,7 +451,7 @@ RUNTIME_FUNCTION(Runtime_BenchMaglev) {
   Handle<JSFunction> function = args.at<JSFunction>(0);
   int count = args.smi_value_at(1);
 
-  Handle<Code> code;
+  DirectHandle<Code> code;
   base::ElapsedTimer timer;
   timer.Start();
   code = Maglev::Compile(isolate, function, BytecodeOffset::None())
@@ -1021,9 +1019,23 @@ RUNTIME_FUNCTION(Runtime_ForceFlush) {
   Handle<Object> function_object = args.at(0);
   if (!IsJSFunction(*function_object)) return CrashUnlessFuzzing(isolate);
   auto function = Cast<JSFunction>(function_object);
+  Tagged<SharedFunctionInfo> sfi = function->shared(isolate);
+
+  // Don't try to flush functions that cannot be flushed.
+  if (!sfi->CanDiscardCompiled()) {
+    return CrashUnlessFuzzing(isolate);
+  }
+
+  // Don't flush functions that are active on the stack.
+  for (JavaScriptStackFrameIterator it(isolate); !it.done(); it.Advance()) {
+    std::vector<Tagged<SharedFunctionInfo>> infos;
+    it.frame()->GetFunctions(&infos);
+    for (auto it = infos.rbegin(); it != infos.rend(); ++it) {
+      if ((*it) == sfi) return CrashUnlessFuzzing(isolate);
+    }
+  }
 
-  SharedFunctionInfo::DiscardCompiled(
-      isolate, handle(function->shared(isolate), isolate));
+  SharedFunctionInfo::DiscardCompiled(isolate, handle(sfi, isolate));
   function->ResetIfCodeFlushed(isolate);
   return ReadOnlyRoots(isolate).undefined_value();
 }
@@ -1077,6 +1089,11 @@ void call_as_function(const v8::FunctionCallbackInfo<v8::Value>& info) {
 }
 }  // namespace
 
+RUNTIME_FUNCTION(Runtime_GetAbstractModuleSource) {
+  HandleScope scope(isolate);
+  return isolate->native_context()->abstract_module_source_function();
+}
+
 // Returns a callable object which redirects [[Call]] requests to
 // globalThis[target_function_name] function.
 RUNTIME_FUNCTION(Runtime_GetCallable) {
@@ -1101,9 +1118,8 @@ RUNTIME_FUNCTION(Runtime_GetCallable) {
 
 RUNTIME_FUNCTION(Runtime_ClearFunctionFeedback) {
   HandleScope scope(isolate);
-  if (args.length() != 1 || !IsJSFunction(args[0])) {
-    return CrashUnlessFuzzing(isolate);
-  }
+  // This isn't exposed to fuzzers so doesn't need to handle invalid arguments.
+  DCHECK_EQ(args.length(), 1);
   DirectHandle<JSFunction> function = args.at<JSFunction>(0);
   function->ClearAllTypeFeedbackInfoForTesting();
   return ReadOnlyRoots(isolate).undefined_value();
@@ -1622,7 +1638,7 @@ RUNTIME_FUNCTION(Runtime_PretenureAllocationSite) {
   Tagged<JSObject> object = Cast<JSObject>(arg);
 
   Heap* heap = object->GetHeap();
-  if (!heap->InYoungGeneration(object)) {
+  if (!v8_flags.sticky_mark_bits && !heap->InYoungGeneration(object)) {
     // Object is not in new space, thus there is no memento and nothing to do.
     return ReturnFuzzSafe(ReadOnlyRoots(isolate).false_value(), isolate);
   }
@@ -1668,11 +1684,12 @@ RUNTIME_FUNCTION(Runtime_RegexpHasBytecode) {
   }
   auto regexp = args.at<JSRegExp>(0);
   bool is_latin1 = args.at<Boolean>(1)->ToBool(isolate);
-  bool result;
-  if (regexp->type_tag() == JSRegExp::IRREGEXP) {
-    result = IsByteArray(regexp->bytecode(is_latin1));
-  } else {
-    result = false;
+  bool result = false;
+  if (regexp->has_data()) {
+    Tagged<RegExpData> data = regexp->data(isolate);
+    if (data->type_tag() == RegExpData::Type::IRREGEXP) {
+      result = Cast<IrRegExpData>(data)->has_bytecode(is_latin1);
+    }
   }
   return isolate->heap()->ToBoolean(result);
 }
@@ -1684,11 +1701,12 @@ RUNTIME_FUNCTION(Runtime_RegexpHasNativeCode) {
   }
   auto regexp = args.at<JSRegExp>(0);
   bool is_latin1 = args.at<Boolean>(1)->ToBool(isolate);
-  bool result;
-  if (regexp->type_tag() == JSRegExp::IRREGEXP) {
-    result = IsCode(regexp->code(isolate, is_latin1));
-  } else {
-    result = false;
+  bool result = false;
+  if (regexp->has_data()) {
+    Tagged<RegExpData> data = regexp->data(isolate);
+    if (data->type_tag() == RegExpData::Type::IRREGEXP) {
+      result = Cast<IrRegExpData>(data)->has_code(is_latin1);
+    }
   }
   return isolate->heap()->ToBoolean(result);
 }
@@ -1700,19 +1718,22 @@ RUNTIME_FUNCTION(Runtime_RegexpTypeTag) {
   }
   auto regexp = Cast<JSRegExp>(args[0]);
   const char* type_str;
-  switch (regexp->type_tag()) {
-    case JSRegExp::NOT_COMPILED:
-      type_str = "NOT_COMPILED";
-      break;
-    case JSRegExp::ATOM:
-      type_str = "ATOM";
-      break;
-    case JSRegExp::IRREGEXP:
-      type_str = "IRREGEXP";
-      break;
-    case JSRegExp::EXPERIMENTAL:
-      type_str = "EXPERIMENTAL";
-      break;
+  if (regexp->has_data()) {
+    switch (regexp->data(isolate)->type_tag()) {
+      case RegExpData::Type::ATOM:
+        type_str = "ATOM";
+        break;
+      case RegExpData::Type::IRREGEXP:
+        type_str = "IRREGEXP";
+        break;
+      case RegExpData::Type::EXPERIMENTAL:
+        type_str = "EXPERIMENTAL";
+        break;
+      default:
+        UNREACHABLE();
+    }
+  } else {
+    type_str = "NOT_COMPILED";
   }
   return *isolate->factory()->NewStringFromAsciiChecked(type_str);
 }
@@ -2115,9 +2136,68 @@ RUNTIME_FUNCTION(Runtime_SetBatterySaverMode) {
   return ReadOnlyRoots(isolate).true_value();
 }
 
-RUNTIME_FUNCTION(Runtime_IsolateCountForTesting) {
+// Returns true if the tiering state (liftoff, turbofan) of wasm functions can
+// be asserted in a predictable way.
+RUNTIME_FUNCTION(Runtime_IsWasmTieringPredictable) {
   DCHECK_EQ(args.length(), 0);
-  return Smi::FromInt(g_num_isolates_for_testing);
+  const bool single_isolate = g_num_isolates_for_testing == 1;
+  const bool stress_deopt = v8_flags.deopt_every_n_times > 0;
+  return ReadOnlyRoots(isolate).boolean_value(single_isolate && !stress_deopt);
+}
+
+RUNTIME_FUNCTION(Runtime_GetFeedback) {
+  HandleScope scope(isolate);
+  if (args.length() != 1) {
+    return CrashUnlessFuzzing(isolate);
+  }
+  Handle<Object> function_object = args.at(0);
+  if (!IsJSFunction(*function_object)) return CrashUnlessFuzzing(isolate);
+  Handle<JSFunction> function = Cast<JSFunction>(function_object);
+
+  if (!function->has_feedback_vector()) {
+    return CrashUnlessFuzzing(isolate);
+  }
+
+#ifdef OBJECT_PRINT
+  Handle<FeedbackVector> feedback_vector =
+      handle(function->feedback_vector(), isolate);
+
+  Handle<FixedArray> result =
+      isolate->factory()->NewFixedArray(feedback_vector->length());
+  int result_ix = 0;
+
+  FeedbackMetadataIterator iter(feedback_vector->metadata());
+  while (iter.HasNext()) {
+    FeedbackSlot slot = iter.Next();
+    FeedbackSlotKind kind = iter.kind();
+
+    Handle<FixedArray> sub_result = isolate->factory()->NewFixedArray(2);
+    {
+      std::ostringstream out;
+      out << kind;
+      Handle<String> kind_string =
+          isolate->factory()->NewStringFromAsciiChecked(out.str().c_str());
+      sub_result->set(0, *kind_string);
+    }
+
+    FeedbackNexus nexus(isolate, *feedback_vector, slot);
+    {
+      std::ostringstream out;
+      nexus.Print(out);
+      Handle<String> nexus_string =
+          isolate->factory()->NewStringFromAsciiChecked(out.str().c_str());
+      sub_result->set(1, *nexus_string);
+    }
+
+    Handle<JSArray> sub_result_array =
+        isolate->factory()->NewJSArrayWithElements(sub_result);
+    result->set(result_ix++, *sub_result_array);
+  }
+
+  return *isolate->factory()->NewJSArrayWithElements(result);
+#else
+  return ReadOnlyRoots(isolate).undefined_value();
+#endif  // OBJECT_PRINT
 }
 
 }  // namespace internal
diff --git a/deps/v8/src/runtime/runtime-wasm.cc b/deps/v8/src/runtime/runtime-wasm.cc
index 71e7f3504afdef..f247ff6469362e 100644
--- a/deps/v8/src/runtime/runtime-wasm.cc
+++ b/deps/v8/src/runtime/runtime-wasm.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/builtins/builtins-inl.h"
 #include "src/builtins/data-view-ops.h"
 #include "src/common/assert-scope.h"
@@ -29,8 +31,11 @@
 #include "src/wasm/wasm-subtyping.h"
 #include "src/wasm/wasm-value.h"
 
-namespace v8 {
-namespace internal {
+#if V8_ENABLE_WEBASSEMBLY && V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter.h"
+#endif  // V8_ENABLE_WEBASSEMBLY && V8_ENABLE_DRUMBRAKE
+
+namespace v8::internal {
 
 // TODO(13036): See if we can find a way to have the stack walker visit
 // tagged values being passed from Wasm to runtime functions. In the meantime,
@@ -105,12 +110,26 @@ class V8_NODISCARD ClearThreadInWasmScope {
     if (is_thread_in_wasm_) {
       trap_handler::ClearThreadInWasm();
     }
+
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      isolate->wasm_execution_timer()->Stop();
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
   }
   ~ClearThreadInWasmScope() {
     DCHECK_IMPLIES(trap_handler::IsTrapHandlerEnabled(),
                    !trap_handler::IsThreadInWasm());
     if (!isolate_->has_exception() && is_thread_in_wasm_) {
       trap_handler::SetThreadInWasm();
+
+#if V8_ENABLE_DRUMBRAKE
+      if (v8_flags.wasm_enable_exec_time_histograms &&
+          v8_flags.slow_histograms && !v8_flags.wasm_jitless) {
+        isolate_->wasm_execution_timer()->Start();
+      }
+#endif  // V8_ENABLE_DRUMBRAKE
     }
     // Otherwise we only want to set the flag if the exception is caught in
     // wasm. This is handled by the unwinder.
@@ -124,6 +143,14 @@ class V8_NODISCARD ClearThreadInWasmScope {
 Tagged<Object> ThrowWasmError(
     Isolate* isolate, MessageTemplate message,
     std::initializer_list<DirectHandle<Object>> args = {}) {
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    // Store the trap reason to be retrieved later when the interpreter will
+    // trap while detecting the thrown exception.
+    wasm::WasmInterpreterThread::SetRuntimeLastWasmError(isolate, message);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   Handle<JSObject> error_obj =
       isolate->factory()->NewWasmRuntimeError(message, base::VectorOf(args));
   JSObject::AddProperty(isolate, error_obj,
@@ -267,7 +294,6 @@ RUNTIME_FUNCTION(Runtime_TrapHandlerThrowWasmError) {
                    &wire_bytes.begin()[pos])
                .first;
     }
-    DCHECK(wasm::WasmOpcodes::IsMemoryAccessOpcode(op));
 #endif  // DEBUG
   }
   return ThrowWasmError(isolate, message);
@@ -292,6 +318,15 @@ RUNTIME_FUNCTION(Runtime_WasmThrowJSTypeError) {
   // The caller may be wasm or JS. Only clear the thread_in_wasm flag if the
   // caller is wasm, and let the unwinder set it back depending on the handler.
   if (trap_handler::IsTrapHandlerEnabled() && trap_handler::IsThreadInWasm()) {
+#if V8_ENABLE_DRUMBRAKE
+    // Transitioning from Wasm To JS.
+    if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms &&
+        !v8_flags.wasm_jitless) {
+      // Stop measuring the time spent running jitted Wasm.
+      isolate->wasm_execution_timer()->Stop();
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
+
     trap_handler::ClearThreadInWasm();
   }
   HandleScope scope(isolate);
@@ -578,52 +613,54 @@ RUNTIME_FUNCTION(Runtime_IsWasmExternalFunction) {
 RUNTIME_FUNCTION(Runtime_TierUpWasmToJSWrapper) {
   HandleScope scope(isolate);
   DCHECK_EQ(1, args.length());
-  DirectHandle<WasmApiFunctionRef> ref(Cast<WasmApiFunctionRef>(args[0]),
-                                       isolate);
+  DirectHandle<WasmImportData> import_data(Cast<WasmImportData>(args[0]),
+                                           isolate);
 
   DCHECK(isolate->context().is_null());
-  isolate->set_context(ref->native_context());
+  isolate->set_context(import_data->native_context());
 
   std::unique_ptr<wasm::ValueType[]> reps;
-  wasm::FunctionSig sig =
-      wasm::SerializedSignatureHelper::DeserializeSignature(ref->sig(), &reps);
-  DirectHandle<Object> origin(ref->call_origin(), isolate);
+  wasm::FunctionSig sig = wasm::SerializedSignatureHelper::DeserializeSignature(
+      import_data->sig(), &reps);
+  DirectHandle<Object> origin(import_data->call_origin(), isolate);
 
   if (IsWasmFuncRef(*origin)) {
     // The tierup for `WasmInternalFunction is special, as there may not be an
     // instance.
-    int suspender_count = ref->suspend() == wasm::kSuspendWithSuspender;
-    size_t expected_arity = sig.parameter_count() - suspender_count;
+    size_t expected_arity = sig.parameter_count();
     wasm::ImportCallKind kind = wasm::kDefaultImportCallKind;
-    if (IsJSFunction(ref->callable())) {
+    if (IsJSFunction(import_data->callable())) {
       Tagged<SharedFunctionInfo> shared =
-          Cast<JSFunction>(ref->callable())->shared();
+          Cast<JSFunction>(import_data->callable())->shared();
       expected_arity =
           shared->internal_formal_parameter_count_without_receiver();
-      if (expected_arity != sig.parameter_count() - suspender_count) {
+      if (expected_arity != sig.parameter_count()) {
         kind = wasm::ImportCallKind::kJSFunctionArityMismatch;
       }
     }
     const wasm::WasmModule* module =
-        ref->has_instance_data() ? ref->instance_data()->module() : nullptr;
+        import_data->has_instance_data()
+            ? import_data->instance_data()->module()
+            : nullptr;
 
     DirectHandle<Code> wasm_to_js_wrapper_code =
         compiler::CompileWasmToJSWrapper(
             isolate, module, &sig, kind, static_cast<int>(expected_arity),
-            static_cast<wasm::Suspend>(ref->suspend()))
+            static_cast<wasm::Suspend>(import_data->suspend()))
             .ToHandleChecked();
 
     // We have to install the optimized wrapper as `code`, as the generated
     // code may move. `call_target` would become stale then.
     DirectHandle<WasmInternalFunction> internal_function{
         Cast<WasmFuncRef>(*origin)->internal(isolate), isolate};
-    ref->set_code(*wasm_to_js_wrapper_code);
+    import_data->set_code(*wasm_to_js_wrapper_code);
     internal_function->set_call_target(
         Builtins::EntryOf(Builtin::kWasmToOnHeapWasmToJsTrampoline, isolate));
     return ReadOnlyRoots(isolate).undefined_value();
   }
 
-  Handle<WasmTrustedInstanceData> trusted_data(ref->instance_data(), isolate);
+  Handle<WasmTrustedInstanceData> trusted_data(import_data->instance_data(),
+                                               isolate);
   if (IsTuple2(*origin)) {
     auto tuple = Cast<Tuple2>(origin);
     trusted_data =
@@ -635,25 +672,26 @@ RUNTIME_FUNCTION(Runtime_TierUpWasmToJSWrapper) {
 
   // Get the function's canonical signature index.
   uint32_t canonical_sig_index = std::numeric_limits<uint32_t>::max();
-  if (WasmApiFunctionRef::CallOriginIsImportIndex(origin)) {
-    int func_index = WasmApiFunctionRef::CallOriginAsIndex(origin);
+  if (WasmImportData::CallOriginIsImportIndex(origin)) {
+    int func_index = WasmImportData::CallOriginAsIndex(origin);
     canonical_sig_index =
         module->isorecursive_canonical_type_ids[module->functions[func_index]
                                                     .sig_index];
   } else {
     // Indirect function table index.
-    int entry_index = WasmApiFunctionRef::CallOriginAsIndex(origin);
+    int entry_index = WasmImportData::CallOriginAsIndex(origin);
     int table_count = trusted_data->dispatch_tables()->length();
     // We have to find the table which contains the correct entry.
     for (int table_index = 0; table_index < table_count; ++table_index) {
       bool table_is_shared = module->tables[table_index].shared;
-      Handle<WasmTrustedInstanceData> maybe_shared_data =
-          table_is_shared ? handle(trusted_data->shared_part(), isolate)
+      DirectHandle<WasmTrustedInstanceData> maybe_shared_data =
+          table_is_shared ? direct_handle(trusted_data->shared_part(), isolate)
                           : trusted_data;
       if (!maybe_shared_data->has_dispatch_table(table_index)) continue;
       Tagged<WasmDispatchTable> table =
           maybe_shared_data->dispatch_table(table_index);
-      if (entry_index < table->length() && table->ref(entry_index) == *ref) {
+      if (entry_index < table->length() &&
+          table->implicit_arg(entry_index) == *import_data) {
         canonical_sig_index = table->sig(entry_index);
         break;
       }
@@ -662,22 +700,21 @@ RUNTIME_FUNCTION(Runtime_TierUpWasmToJSWrapper) {
   DCHECK_NE(canonical_sig_index, std::numeric_limits<uint32_t>::max());
 
   // Compile a wrapper for the target callable.
-  Handle<JSReceiver> callable(Cast<JSReceiver>(ref->callable()), isolate);
-  wasm::Suspend suspend = static_cast<wasm::Suspend>(ref->suspend());
+  Handle<JSReceiver> callable(Cast<JSReceiver>(import_data->callable()),
+                              isolate);
+  wasm::Suspend suspend = static_cast<wasm::Suspend>(import_data->suspend());
   wasm::WasmCodeRefScope code_ref_scope;
 
   wasm::NativeModule* native_module = trusted_data->native_module();
 
-  wasm::WasmImportData resolved({}, -1, callable, &sig, canonical_sig_index,
-                                wasm::WellKnownImport::kUninstantiated);
+  wasm::ResolvedWasmImport resolved({}, -1, callable, &sig, canonical_sig_index,
+                                    wasm::WellKnownImport::kUninstantiated);
   wasm::ImportCallKind kind = resolved.kind();
   callable = resolved.callable();  // Update to ultimate target.
   DCHECK_NE(wasm::ImportCallKind::kLinkError, kind);
   wasm::CompilationEnv env = wasm::CompilationEnv::ForModule(native_module);
   // {expected_arity} should only be used if kind != kJSFunctionArityMismatch.
-  int suspender_count = resolved.suspend() == wasm::kSuspendWithSuspender;
-  int expected_arity =
-      static_cast<int>(sig.parameter_count()) - suspender_count;
+  int expected_arity = static_cast<int>(sig.parameter_count());
   if (kind == wasm::ImportCallKind ::kJSFunctionArityMismatch) {
     expected_arity = Cast<JSFunction>(callable)
                          ->shared()
@@ -715,20 +752,21 @@ RUNTIME_FUNCTION(Runtime_TierUpWasmToJSWrapper) {
     cache_scope[key] = wasm_code;
   }
 
-  if (WasmApiFunctionRef::CallOriginIsImportIndex(origin)) {
-    int func_index = WasmApiFunctionRef::CallOriginAsIndex(origin);
+  if (WasmImportData::CallOriginIsImportIndex(origin)) {
+    int func_index = WasmImportData::CallOriginAsIndex(origin);
     ImportedFunctionEntry entry(trusted_data, func_index);
     entry.set_target(wasm_code->instruction_start());
   } else {
     // Indirect function table index.
-    int entry_index = WasmApiFunctionRef::CallOriginAsIndex(origin);
+    int entry_index = WasmImportData::CallOriginAsIndex(origin);
     int table_count = trusted_data->dispatch_tables()->length();
     // We have to find the table which contains the correct entry.
     for (int table_index = 0; table_index < table_count; ++table_index) {
       if (!trusted_data->has_dispatch_table(table_index)) continue;
       Tagged<WasmDispatchTable> table =
           trusted_data->dispatch_table(table_index);
-      if (entry_index < table->length() && table->ref(entry_index) == *ref) {
+      if (entry_index < table->length() &&
+          table->implicit_arg(entry_index) == *import_data) {
         table->SetTarget(entry_index, wasm_code->instruction_start());
         // {ref} is used in at most one table.
         break;
@@ -861,7 +899,7 @@ RUNTIME_FUNCTION(Runtime_WasmRefFunc) {
   ClearThreadInWasmScope flag_scope(isolate);
   HandleScope scope(isolate);
   DCHECK_EQ(2, args.length());
-  Handle<WasmTrustedInstanceData> trusted_instance_data(
+  DirectHandle<WasmTrustedInstanceData> trusted_instance_data(
       Cast<WasmTrustedInstanceData>(args[0]), isolate);
   uint32_t function_index = args.positive_smi_value_at(1);
 
@@ -956,7 +994,7 @@ RUNTIME_FUNCTION(Runtime_WasmTableInit) {
   DCHECK(!isolate->context().is_null());
 
   // TODO(14616): Pass the correct instance data.
-  base::Optional<MessageTemplate> opt_error =
+  std::optional<MessageTemplate> opt_error =
       WasmTrustedInstanceData::InitTableEntries(
           isolate, trusted_instance_data, trusted_instance_data, table_index,
           elem_segment_index, dst, src, count);
@@ -998,10 +1036,10 @@ RUNTIME_FUNCTION(Runtime_WasmTableGrow) {
   Tagged<WasmTrustedInstanceData> trusted_instance_data =
       Cast<WasmTrustedInstanceData>(args[0]);
   uint32_t table_index = args.positive_smi_value_at(1);
-  Handle<Object> value(args[2], isolate);
+  DirectHandle<Object> value(args[2], isolate);
   uint32_t delta = args.positive_smi_value_at(3);
 
-  Handle<WasmTableObject> table(
+  DirectHandle<WasmTableObject> table(
       Cast<WasmTableObject>(trusted_instance_data->tables()->get(table_index)),
       isolate);
   int result = WasmTableObject::Grow(isolate, table, delta, value);
@@ -1017,10 +1055,10 @@ RUNTIME_FUNCTION(Runtime_WasmTableFill) {
       Cast<WasmTrustedInstanceData>(args[0]), isolate);
   uint32_t table_index = args.positive_smi_value_at(1);
   uint32_t start = args.positive_smi_value_at(2);
-  Handle<Object> value(args[3], isolate);
+  DirectHandle<Object> value(args[3], isolate);
   uint32_t count = args.positive_smi_value_at(4);
 
-  Handle<WasmTableObject> table(
+  DirectHandle<WasmTableObject> table(
       Cast<WasmTableObject>(trusted_instance_data->tables()->get(table_index)),
       isolate);
 
@@ -1322,7 +1360,7 @@ RUNTIME_FUNCTION(Runtime_WasmArrayInitSegment) {
     AccountingAllocator allocator;
     Zone zone(&allocator, ZONE_NAME);
     // TODO(14616): Fix the instance data.
-    base::Optional<MessageTemplate> opt_error =
+    std::optional<MessageTemplate> opt_error =
         wasm::InitializeElementSegment(&zone, isolate, trusted_instance_data,
                                        trusted_instance_data, segment_index);
     if (opt_error.has_value()) {
@@ -1347,7 +1385,7 @@ RUNTIME_FUNCTION(Runtime_WasmArrayInitSegment) {
 RUNTIME_FUNCTION(Runtime_WasmAllocateSuspender) {
   HandleScope scope(isolate);
   DirectHandle<WasmSuspenderObject> suspender =
-      WasmSuspenderObject::New(isolate);
+      isolate->factory()->NewWasmSuspenderObject();
 
   // Update the continuation state.
   auto parent = handle(Cast<WasmContinuationObject>(
@@ -1972,6 +2010,32 @@ RUNTIME_FUNCTION(Runtime_WasmStringViewWtf8Slice) {
               .ToHandleChecked();
 }
 
+#ifdef V8_ENABLE_DRUMBRAKE
+RUNTIME_FUNCTION(Runtime_WasmTraceBeginExecution) {
+  DCHECK(v8_flags.slow_histograms && !v8_flags.wasm_jitless &&
+         v8_flags.wasm_enable_exec_time_histograms);
+  DCHECK_EQ(0, args.length());
+  HandleScope scope(isolate);
+
+  wasm::WasmExecutionTimer* timer = isolate->wasm_execution_timer();
+  timer->Start();
+
+  return ReadOnlyRoots(isolate).undefined_value();
+}
+
+RUNTIME_FUNCTION(Runtime_WasmTraceEndExecution) {
+  DCHECK(v8_flags.slow_histograms && !v8_flags.wasm_jitless &&
+         v8_flags.wasm_enable_exec_time_histograms);
+  DCHECK_EQ(0, args.length());
+  HandleScope scope(isolate);
+
+  wasm::WasmExecutionTimer* timer = isolate->wasm_execution_timer();
+  timer->Stop();
+
+  return ReadOnlyRoots(isolate).undefined_value();
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 RUNTIME_FUNCTION(Runtime_WasmStringFromCodePoint) {
   ClearThreadInWasmScope flag_scope(isolate);
   DCHECK_EQ(1, args.length());
@@ -2009,5 +2073,4 @@ RUNTIME_FUNCTION(Runtime_WasmStringHash) {
   return Smi::FromInt(static_cast<int>(hash));
 }
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/runtime/runtime.cc b/deps/v8/src/runtime/runtime.cc
index ea9d979c142dd3..0f0c4098169b14 100644
--- a/deps/v8/src/runtime/runtime.cc
+++ b/deps/v8/src/runtime/runtime.cc
@@ -241,6 +241,10 @@ bool Runtime::IsEnabledForFuzzing(FunctionId id) {
       case Runtime::kCompileBaseline:
 #if V8_ENABLE_WEBASSEMBLY && !OFFICIAL_BUILD
       case Runtime::kWasmGenerateRandomModule:
+#endif  // V8_ENABLE_WEBASSEMBLY && !OFFICIAL_BUILD
+#if V8_ENABLE_WEBASSEMBLY
+      case Runtime::kWasmStruct:
+      case Runtime::kWasmArray:
 #endif  // V8_ENABLE_WEBASSEMBLY
         return true;
 
@@ -264,11 +268,14 @@ bool Runtime::IsEnabledForFuzzing(FunctionId id) {
     case Runtime::kDisassembleFunction:
     case Runtime::kGetCallable:
     case Runtime::kTurbofanStaticAssert:
+    case Runtime::kClearFunctionFeedback:
 #ifdef V8_ENABLE_WEBASSEMBLY
     case Runtime::kWasmTraceEnter:
     case Runtime::kWasmTraceExit:
     case Runtime::kCheckIsOnCentralStack:
     case Runtime::kSetWasmInstantiateControls:
+    case Runtime::kWasmNull:
+    case Runtime::kFreezeWasmLazyCompilation:
 #endif  // V8_ENABLE_WEBASSEMBLY
     // TODO(353685107): investigate whether these should be exposed to fuzzers.
     case Runtime::kConstructDouble:
@@ -282,6 +289,8 @@ bool Runtime::IsEnabledForFuzzing(FunctionId id) {
     case Runtime::kCompleteInobjectSlackTracking:
     // TODO(354005312): investigate whether this should be exposed to fuzzers.
     case Runtime::kShareObject:
+    // TODO(354310130): investigate whether this should be exposed to fuzzers.
+    case Runtime::kForceFlush:
       return false;
 
     case Runtime::kLeakHole:
diff --git a/deps/v8/src/runtime/runtime.h b/deps/v8/src/runtime/runtime.h
index 3fa07b54517f80..56c685d3c2d4f1 100644
--- a/deps/v8/src/runtime/runtime.h
+++ b/deps/v8/src/runtime/runtime.h
@@ -399,6 +399,7 @@ namespace internal {
   F(ResolvePromise, 2, 1)                \
   F(PromiseRejectAfterResolved, 2, 1)    \
   F(PromiseResolveAfterResolved, 2, 1)   \
+  F(ConstructSuppressedError, 3, 1)      \
   F(ConstructAggregateErrorHelper, 4, 1) \
   F(ConstructInternalAggregateErrorHelper, -1 /* <= 5*/, 1)
 
@@ -528,7 +529,9 @@ namespace internal {
   F(EnsureFeedbackVectorForFunction, 1, 1)    \
   F(FinalizeOptimization, 0, 1)               \
   F(ForceFlush, 1, 1)                         \
+  F(GetAbstractModuleSource, 0, 1)            \
   F(GetCallable, 1, 1)                        \
+  F(GetFeedback, 1, 1)                        \
   F(GetFunctionForCurrentFrame, 0, 1)         \
   F(GetInitializerFunction, 1, 1)             \
   F(GetOptimizationStatus, 1, 1)              \
@@ -578,7 +581,7 @@ namespace internal {
   F(IsSharedString, 1, 1)                     \
   F(IsSparkplugEnabled, 0, 1)                 \
   F(IsTurbofanEnabled, 0, 1)                  \
-  F(IsolateCountForTesting, 0, 1)             \
+  F(IsWasmTieringPredictable, 0, 1)           \
   F(MapIteratorProtector, 0, 1)               \
   F(NeverOptimizeFunction, 1, 1)              \
   F(NewRegExpWithBacktrackLimit, 3, 1)        \
@@ -631,7 +634,14 @@ namespace internal {
   F(TypedArraySet, 2, 1)                       \
   F(TypedArraySortFast, 1, 1)
 
+#if V8_ENABLE_DRUMBRAKE
+#define FOR_EACH_INTRINSIC_WASM_DRUMBRAKE(F, I) F(WasmRunInterpreter, 3, 1)
+#else
+#define FOR_EACH_INTRINSIC_WASM_DRUMBRAKE(F, I)
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #define FOR_EACH_INTRINSIC_WASM(F, I)         \
+  FOR_EACH_INTRINSIC_WASM_DRUMBRAKE(F, I)     \
   F(ThrowBadSuspenderError, 0, 1)             \
   F(ThrowWasmError, 1, 1)                     \
   F(TrapHandlerThrowWasmError, 0, 1)          \
@@ -729,7 +739,13 @@ namespace internal {
   F(WasmTraceEnter, 0, 1)                                  \
   F(WasmTraceExit, 1, 1)                                   \
   F(WasmTraceMemory, 1, 1)                                 \
-  F(WasmNull, 0, 1)
+  F(WasmNull, 0, 1)                                        \
+  F(WasmArray, 0, 1)                                       \
+  F(WasmStruct, 0, 1)
+
+#define FOR_EACH_INTRINSIC_WASM_DRUMBRAKE_TEST(F, I) \
+  F(WasmTraceBeginExecution, 0, 1)                   \
+  F(WasmTraceEndExecution, 0, 1)
 
 #define FOR_EACH_INTRINSIC_WEAKREF(F, I)                             \
   F(JSFinalizationRegistryRegisterWeakCellWithUnregisterToken, 4, 1) \
@@ -773,39 +789,40 @@ namespace internal {
   F(HasElementWithInterceptor, 2, 1)         \
   F(ObjectAssignTryFastcase, 2, 1)
 
-#define FOR_EACH_INTRINSIC_RETURN_OBJECT_IMPL(F, I) \
-  FOR_EACH_INTRINSIC_ARRAY(F, I)                    \
-  FOR_EACH_INTRINSIC_ATOMICS(F, I)                  \
-  FOR_EACH_INTRINSIC_BIGINT(F, I)                   \
-  FOR_EACH_INTRINSIC_CLASSES(F, I)                  \
-  FOR_EACH_INTRINSIC_COLLECTIONS(F, I)              \
-  FOR_EACH_INTRINSIC_COMPILER(F, I)                 \
-  FOR_EACH_INTRINSIC_DATE(F, I)                     \
-  FOR_EACH_INTRINSIC_DEBUG(F, I)                    \
-  FOR_EACH_INTRINSIC_FORIN(F, I)                    \
-  FOR_EACH_INTRINSIC_FUNCTION(F, I)                 \
-  FOR_EACH_INTRINSIC_GENERATOR(F, I)                \
-  FOR_EACH_INTRINSIC_IC(F, I)                       \
-  FOR_EACH_INTRINSIC_INTERNAL(F, I)                 \
-  FOR_EACH_INTRINSIC_TRACE(F, I)                    \
-  FOR_EACH_INTRINSIC_INTL(F, I)                     \
-  FOR_EACH_INTRINSIC_LITERALS(F, I)                 \
-  FOR_EACH_INTRINSIC_MODULE(F, I)                   \
-  FOR_EACH_INTRINSIC_NUMBERS(F, I)                  \
-  FOR_EACH_INTRINSIC_OBJECT(F, I)                   \
-  FOR_EACH_INTRINSIC_OPERATORS(F, I)                \
-  FOR_EACH_INTRINSIC_PROMISE(F, I)                  \
-  FOR_EACH_INTRINSIC_PROXY(F, I)                    \
-  FOR_EACH_INTRINSIC_REGEXP(F, I)                   \
-  FOR_EACH_INTRINSIC_SCOPES(F, I)                   \
-  FOR_EACH_INTRINSIC_SHADOW_REALM(F, I)             \
-  FOR_EACH_INTRINSIC_STRINGS(F, I)                  \
-  FOR_EACH_INTRINSIC_SYMBOL(F, I)                   \
-  FOR_EACH_INTRINSIC_TEMPORAL(F, I)                 \
-  FOR_EACH_INTRINSIC_TEST(F, I)                     \
-  FOR_EACH_INTRINSIC_TYPEDARRAY(F, I)               \
-  IF_WASM(FOR_EACH_INTRINSIC_WASM, F, I)            \
-  IF_WASM(FOR_EACH_INTRINSIC_WASM_TEST, F, I)       \
+#define FOR_EACH_INTRINSIC_RETURN_OBJECT_IMPL(F, I)               \
+  FOR_EACH_INTRINSIC_ARRAY(F, I)                                  \
+  FOR_EACH_INTRINSIC_ATOMICS(F, I)                                \
+  FOR_EACH_INTRINSIC_BIGINT(F, I)                                 \
+  FOR_EACH_INTRINSIC_CLASSES(F, I)                                \
+  FOR_EACH_INTRINSIC_COLLECTIONS(F, I)                            \
+  FOR_EACH_INTRINSIC_COMPILER(F, I)                               \
+  FOR_EACH_INTRINSIC_DATE(F, I)                                   \
+  FOR_EACH_INTRINSIC_DEBUG(F, I)                                  \
+  FOR_EACH_INTRINSIC_FORIN(F, I)                                  \
+  FOR_EACH_INTRINSIC_FUNCTION(F, I)                               \
+  FOR_EACH_INTRINSIC_GENERATOR(F, I)                              \
+  FOR_EACH_INTRINSIC_IC(F, I)                                     \
+  FOR_EACH_INTRINSIC_INTERNAL(F, I)                               \
+  FOR_EACH_INTRINSIC_TRACE(F, I)                                  \
+  FOR_EACH_INTRINSIC_INTL(F, I)                                   \
+  FOR_EACH_INTRINSIC_LITERALS(F, I)                               \
+  FOR_EACH_INTRINSIC_MODULE(F, I)                                 \
+  FOR_EACH_INTRINSIC_NUMBERS(F, I)                                \
+  FOR_EACH_INTRINSIC_OBJECT(F, I)                                 \
+  FOR_EACH_INTRINSIC_OPERATORS(F, I)                              \
+  FOR_EACH_INTRINSIC_PROMISE(F, I)                                \
+  FOR_EACH_INTRINSIC_PROXY(F, I)                                  \
+  FOR_EACH_INTRINSIC_REGEXP(F, I)                                 \
+  FOR_EACH_INTRINSIC_SCOPES(F, I)                                 \
+  FOR_EACH_INTRINSIC_SHADOW_REALM(F, I)                           \
+  FOR_EACH_INTRINSIC_STRINGS(F, I)                                \
+  FOR_EACH_INTRINSIC_SYMBOL(F, I)                                 \
+  FOR_EACH_INTRINSIC_TEMPORAL(F, I)                               \
+  FOR_EACH_INTRINSIC_TEST(F, I)                                   \
+  FOR_EACH_INTRINSIC_TYPEDARRAY(F, I)                             \
+  IF_WASM(FOR_EACH_INTRINSIC_WASM, F, I)                          \
+  IF_WASM(FOR_EACH_INTRINSIC_WASM_TEST, F, I)                     \
+  IF_WASM_DRUMBRAKE(FOR_EACH_INTRINSIC_WASM_DRUMBRAKE_TEST, F, I) \
   FOR_EACH_INTRINSIC_WEAKREF(F, I)
 
 #define FOR_EACH_THROWING_INTRINSIC(F)       \
diff --git a/deps/v8/src/sandbox/check.h b/deps/v8/src/sandbox/check.h
index c2d7b82ffd9f79..14c7781a9344c7 100644
--- a/deps/v8/src/sandbox/check.h
+++ b/deps/v8/src/sandbox/check.h
@@ -27,7 +27,7 @@
 // will be inherently racy. If sandbox hardware support is enabled, we'll block
 // these accesses temporarily in debug builds.
 #define BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE \
-  auto block_access = SandboxHardwareSupport::MaybeBlockAccess()
+  auto block_access = v8::internal::SandboxHardwareSupport::MaybeBlockAccess()
 #else
 #define BLOCK_SANDBOX_ACCESS_IN_DEBUG_MODE
 #endif
diff --git a/deps/v8/src/sandbox/code-pointer-table-inl.h b/deps/v8/src/sandbox/code-pointer-table-inl.h
index 996bdf486cf915..99c573f04ff70c 100644
--- a/deps/v8/src/sandbox/code-pointer-table-inl.h
+++ b/deps/v8/src/sandbox/code-pointer-table-inl.h
@@ -104,6 +104,10 @@ Address CodePointerTable::GetEntrypoint(CodePointerHandle handle,
 
 Address CodePointerTable::GetCodeObject(CodePointerHandle handle) const {
   uint32_t index = HandleToIndex(handle);
+  // Due to the fact that we use the heap object tag as marking bit, this table
+  // (in contrast to the trusted pointer table) does not return Smi::zero() for
+  // the 0th entry. That entry must therefore not be accessed here.
+  DCHECK_NE(index, 0);
   return at(index).GetCodeObject();
 }
 
diff --git a/deps/v8/src/sandbox/code-pointer-table.cc b/deps/v8/src/sandbox/code-pointer-table.cc
index 61af01483cf6d3..817073347321fa 100644
--- a/deps/v8/src/sandbox/code-pointer-table.cc
+++ b/deps/v8/src/sandbox/code-pointer-table.cc
@@ -20,14 +20,6 @@ uint32_t CodePointerTable::Sweep(Space* space, Counters* counters) {
   return num_live_entries;
 }
 
-void CodePointerTable::Initialize() {
-  ExternalEntityTable<CodePointerTableEntry,
-                      kCodePointerTableReservationSize>::Initialize();
-  CHECK(ThreadIsolation::WriteProtectMemory(
-      base(), kCodePointerTableReservationSize,
-      PageAllocator::Permission::kNoAccess));
-}
-
 DEFINE_LAZY_LEAKY_OBJECT_GETTER(CodePointerTable,
                                 GetProcessWideCodePointerTable)
 
diff --git a/deps/v8/src/sandbox/code-pointer-table.h b/deps/v8/src/sandbox/code-pointer-table.h
index bb669e3fda1b26..3f7f769b15c1f4 100644
--- a/deps/v8/src/sandbox/code-pointer-table.h
+++ b/deps/v8/src/sandbox/code-pointer-table.h
@@ -119,6 +119,9 @@ static_assert(sizeof(CodePointerTableEntry) == kCodePointerTableEntrySize);
 class V8_EXPORT_PRIVATE CodePointerTable
     : public ExternalEntityTable<CodePointerTableEntry,
                                  kCodePointerTableReservationSize> {
+  using Base = ExternalEntityTable<CodePointerTableEntry,
+                                   kCodePointerTableReservationSize>;
+
  public:
   // Size of a CodePointerTable, for layout computation in IsolateData.
   static int constexpr kSize = 2 * kSystemPointerSize;
@@ -129,9 +132,7 @@ class V8_EXPORT_PRIVATE CodePointerTable
   CodePointerTable& operator=(const CodePointerTable&) = delete;
 
   // The Spaces used by a CodePointerTable.
-  using Space = ExternalEntityTable<
-      CodePointerTableEntry,
-      kCodePointerTableReservationSize>::SpaceWithBlackAllocationSupport;
+  using Space = Base::SpaceWithBlackAllocationSupport;
 
   // Retrieves the entrypoint of the entry referenced by the given handle.
   //
@@ -187,8 +188,6 @@ class V8_EXPORT_PRIVATE CodePointerTable
   // The base address of this table, for use in JIT compilers.
   Address base_address() const { return base(); }
 
-  void Initialize();
-
  private:
   inline uint32_t HandleToIndex(CodePointerHandle handle) const;
   inline CodePointerHandle IndexToHandle(uint32_t index) const;
diff --git a/deps/v8/src/sandbox/external-entity-table-inl.h b/deps/v8/src/sandbox/external-entity-table-inl.h
index f9be4358530603..6c51d2c45e6bd9 100644
--- a/deps/v8/src/sandbox/external-entity-table-inl.h
+++ b/deps/v8/src/sandbox/external-entity-table-inl.h
@@ -9,6 +9,7 @@
 #include "src/base/emulated-virtual-address-subspace.h"
 #include "src/base/iterator.h"
 #include "src/common/assert-scope.h"
+#include "src/common/segmented-table-inl.h"
 #include "src/sandbox/external-entity-table.h"
 #include "src/utils/allocation.h"
 
@@ -17,21 +18,6 @@
 namespace v8 {
 namespace internal {
 
-template <typename Entry, size_t size>
-typename ExternalEntityTable<Entry, size>::Segment
-ExternalEntityTable<Entry, size>::Segment::At(uint32_t offset) {
-  DCHECK(IsAligned(offset, kSegmentSize));
-  uint32_t number = offset / kSegmentSize;
-  return Segment(number);
-}
-
-template <typename Entry, size_t size>
-typename ExternalEntityTable<Entry, size>::Segment
-ExternalEntityTable<Entry, size>::Segment::Containing(uint32_t entry_index) {
-  uint32_t number = entry_index / kEntriesPerSegment;
-  return Segment(number);
-}
-
 template <typename Entry, size_t size>
 ExternalEntityTable<Entry, size>::Space::~Space() {
   // The segments belonging to this space must have already been deallocated
@@ -58,89 +44,32 @@ bool ExternalEntityTable<Entry, size>::Space::Contains(uint32_t index) {
   return segments_.find(segment) != segments_.end();
 }
 
-template <typename Entry, size_t size>
-Entry& ExternalEntityTable<Entry, size>::at(uint32_t index) {
-  return base_[index];
-}
-
-template <typename Entry, size_t size>
-const Entry& ExternalEntityTable<Entry, size>::at(uint32_t index) const {
-  return base_[index];
-}
-
-template <typename Entry, size_t size>
-typename ExternalEntityTable<Entry, size>::WriteIterator
-ExternalEntityTable<Entry, size>::iter_at(uint32_t index) {
-  return WriteIterator(base_, index);
-}
-
-template <typename Entry, size_t size>
-bool ExternalEntityTable<Entry, size>::is_initialized() const {
-  DCHECK(!base_ || reinterpret_cast<Address>(base_) == vas_->base());
-  return base_ != nullptr;
-}
-
-template <typename Entry, size_t size>
-Address ExternalEntityTable<Entry, size>::base() const {
-  DCHECK(is_initialized());
-  return reinterpret_cast<Address>(base_);
-}
-
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::Initialize() {
-  DCHECK(!is_initialized());
-  DCHECK_EQ(vas_, nullptr);
-
-  VirtualAddressSpace* root_space = GetPlatformVirtualAddressSpace();
-  DCHECK(IsAligned(kReservationSize, root_space->allocation_granularity()));
-
-  if (root_space->CanAllocateSubspaces()) {
-    auto subspace = root_space->AllocateSubspace(VirtualAddressSpace::kNoHint,
-                                                 kReservationSize, kSegmentSize,
-                                                 PagePermissions::kReadWrite);
-    vas_ = subspace.release();
-  } else {
-    // This may be required on old Windows versions that don't support
-    // VirtualAlloc2, which is required for subspaces. In that case, just use a
-    // fully-backed emulated subspace.
-    Address reservation_base = root_space->AllocatePages(
-        VirtualAddressSpace::kNoHint, kReservationSize, kSegmentSize,
-        PagePermissions::kNoAccess);
-    if (reservation_base) {
-      vas_ = new base::EmulatedVirtualAddressSubspace(
-          root_space, reservation_base, kReservationSize, kReservationSize);
-    }
-  }
-  if (!vas_) {
-    V8::FatalProcessOutOfMemory(
-        nullptr, "ExternalEntityTable::InitializeTable (subspace allocation)");
-  }
-  base_ = reinterpret_cast<Entry*>(vas_->base());
+  Base::Initialize();
 
   // Allocate the read-only segment of the table. This segment is always
   // located at offset 0, and contains the null entry (pointing at
   // kNullAddress) at index 0. It may later be temporarily marked read-write,
   // see UnsealedReadOnlySegmentScope.
-  Address first_segment = vas_->AllocatePages(
-      vas_->base(), kSegmentSize, kSegmentSize, PagePermissions::kRead);
-  if (first_segment != vas_->base()) {
+  Address first_segment = this->vas_->AllocatePages(
+      this->vas_->base(), kSegmentSize, kSegmentSize, PagePermissions::kRead);
+  if (first_segment != this->vas_->base()) {
     V8::FatalProcessOutOfMemory(
         nullptr,
         "ExternalEntityTable::InitializeTable (first segment allocation)");
   }
-  DCHECK_EQ(first_segment - vas_->base(), kInternalReadOnlySegmentOffset);
+  DCHECK_EQ(first_segment - this->vas_->base(), kInternalReadOnlySegmentOffset);
 }
 
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::TearDown() {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
 
   // Deallocate the (read-only) first segment.
-  vas_->FreePages(vas_->base(), kSegmentSize);
+  this->vas_->FreePages(this->vas_->base(), kSegmentSize);
 
-  base_ = nullptr;
-  delete vas_;
-  vas_ = nullptr;
+  Base::TearDown();
 }
 
 template <typename Entry, size_t size>
@@ -153,10 +82,10 @@ void ExternalEntityTable<Entry, size>::InitializeSpace(Space* space) {
 
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::TearDownSpace(Space* space) {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
   DCHECK(space->BelongsTo(this));
   for (auto segment : space->segments_) {
-    FreeTableSegment(segment);
+    this->FreeTableSegment(segment);
   }
   space->segments_.clear();
 }
@@ -164,7 +93,7 @@ void ExternalEntityTable<Entry, size>::TearDownSpace(Space* space) {
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::AttachSpaceToReadOnlySegment(
     Space* space) {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
   DCHECK(space->BelongsTo(this));
 
   DCHECK(!space->is_internal_read_only_space());
@@ -177,7 +106,14 @@ void ExternalEntityTable<Entry, size>::AttachSpaceToReadOnlySegment(
   {
     base::MutexGuard guard(&space->mutex_);
     DCHECK_EQ(space->segments_.size(), 0);
-    freelist = Extend(space, Segment::At(kInternalReadOnlySegmentOffset));
+    Segment segment = Segment::At(kInternalReadOnlySegmentOffset);
+    DCHECK_EQ(segment.first_entry(), kInternalNullEntryIndex);
+
+    // For the internal read-only segment, index 0 is reserved for the `null`
+    // entry, so start the freelist at offset 1.
+    freelist = Base::InitializeFreeList(segment, 1);
+
+    Extend(space, segment, freelist);
   }
 
   DCHECK(!freelist.is_empty());
@@ -188,7 +124,7 @@ void ExternalEntityTable<Entry, size>::AttachSpaceToReadOnlySegment(
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::DetachSpaceFromReadOnlySegment(
     Space* space) {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
   DCHECK(space->BelongsTo(this));
   // Remove the RO segment from the space's segment list without freeing it.
   // The table itself manages the RO segment's lifecycle.
@@ -199,23 +135,23 @@ void ExternalEntityTable<Entry, size>::DetachSpaceFromReadOnlySegment(
 
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::UnsealReadOnlySegment() {
-  DCHECK(is_initialized());
-  bool success = vas_->SetPagePermissions(vas_->base(), kSegmentSize,
-                                          PagePermissions::kReadWrite);
+  DCHECK(this->is_initialized());
+  bool success = this->vas_->SetPagePermissions(
+      this->vas_->base(), kSegmentSize, PagePermissions::kReadWrite);
   CHECK(success);
 }
 
 template <typename Entry, size_t size>
 void ExternalEntityTable<Entry, size>::SealReadOnlySegment() {
-  DCHECK(is_initialized());
-  bool success = vas_->SetPagePermissions(vas_->base(), kSegmentSize,
-                                          PagePermissions::kRead);
+  DCHECK(this->is_initialized());
+  bool success = this->vas_->SetPagePermissions(
+      this->vas_->base(), kSegmentSize, PagePermissions::kRead);
   CHECK(success);
 }
 
 template <typename Entry, size_t size>
 uint32_t ExternalEntityTable<Entry, size>::AllocateEntry(Space* space) {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
   DCHECK(space->BelongsTo(this));
 
   // We currently don't want entry allocation to trigger garbage collection as
@@ -262,7 +198,7 @@ uint32_t ExternalEntityTable<Entry, size>::AllocateEntry(Space* space) {
 template <typename Entry, size_t size>
 uint32_t ExternalEntityTable<Entry, size>::AllocateEntryBelow(
     Space* space, uint32_t threshold_index) {
-  DCHECK(is_initialized());
+  DCHECK(this->is_initialized());
 
   FreelistHead freelist;
   bool success = false;
@@ -287,7 +223,7 @@ bool ExternalEntityTable<Entry, size>::TryAllocateEntryFromFreelist(
   DCHECK(!freelist.is_empty());
   DCHECK(space->Contains(freelist.next()));
 
-  Entry& freelist_entry = at(freelist.next());
+  Entry& freelist_entry = this->at(freelist.next());
   uint32_t next_freelist_entry = freelist_entry.GetNextFreelistEntryIndex();
   FreelistHead new_freelist(next_freelist_entry, freelist.length() - 1);
   bool success = space->freelist_head_.compare_exchange_strong(
@@ -314,13 +250,14 @@ ExternalEntityTable<Entry, size>::Extend(Space* space) {
   DCHECK(!space->is_internal_read_only_space());
 
   // Allocate the new segment.
-  Segment segment = AllocateTableSegment();
-  return Extend(space, segment);
+  auto [segment, freelist_head] = this->AllocateAndInitializeSegment();
+  Extend(space, segment, freelist_head);
+  return freelist_head;
 }
 
 template <typename Entry, size_t size>
-typename ExternalEntityTable<Entry, size>::FreelistHead
-ExternalEntityTable<Entry, size>::Extend(Space* space, Segment segment) {
+void ExternalEntityTable<Entry, size>::Extend(Space* space, Segment segment,
+                                              FreelistHead freelist) {
   // Freelist should be empty when calling this method.
   DCHECK_EQ(space->freelist_length(), 0);
   // The caller must lock the space's mutex before extending it.
@@ -331,37 +268,22 @@ ExternalEntityTable<Entry, size>::Extend(Space* space, Segment segment) {
   DCHECK_EQ(space->is_internal_read_only_space(),
             segment.offset() == kInternalReadOnlySegmentOffset);
 
-  // Refill the freelist with the entries in the newly allocated segment.
-  uint32_t first = segment.first_entry();
-  uint32_t last = segment.last_entry();
   if (V8_UNLIKELY(space->is_internal_read_only_space())) {
     // For the internal read-only segment, index 0 is reserved for the `null`
     // entry. The underlying memory has been nulled by allocation, and is
     // therefore already initialized.
 #ifdef DEBUG
+    uint32_t first = segment.first_entry();
     CHECK_EQ(first, kInternalNullEntryIndex);
     static constexpr uint8_t kNullBytes[kEntrySize] = {0};
-    CHECK_EQ(memcmp(&at(first), kNullBytes, kEntrySize), 0);
+    CHECK_EQ(memcmp(&this->at(first), kNullBytes, kEntrySize), 0);
 #endif  // DEBUG
-    first = kInternalNullEntryIndex + 1;
-  }
-
-  {
-    WriteIterator it = iter_at(first);
-    while (it.index() != last) {
-      it->MakeFreelistEntry(it.index() + 1);
-      ++it;
-    }
-    it->MakeFreelistEntry(0);
   }
 
-  // This must be a release store to prevent reordering of the preceeding
-  // stores to the freelist from being reordered past this store. See
-  // AllocateEntry() for more details.
-  FreelistHead new_freelist_head(first, last - first + 1);
-  space->freelist_head_.store(new_freelist_head, std::memory_order_release);
-
-  return new_freelist_head;
+  // This must be a release store to prevent reordering of  of earlier stores to
+  // the freelist (for example during initialization of the segment) from being
+  // reordered past this store. See AllocateEntry() for more details.
+  space->freelist_head_.store(freelist, std::memory_order_release);
 }
 
 template <typename Entry, size_t size>
@@ -392,7 +314,7 @@ uint32_t ExternalEntityTable<Entry, size>::GenericSweep(Space* space) {
     uint32_t previous_freelist_length = current_freelist_length;
 
     // Process every entry in this segment, again going top to bottom.
-    for (WriteIterator it = iter_at(segment.last_entry());
+    for (WriteIterator it = this->iter_at(segment.last_entry());
          it.index() >= segment.first_entry(); --it) {
       if (!it->IsMarked()) {
         it->MakeFreelistEntry(current_freelist_head);
@@ -417,7 +339,9 @@ uint32_t ExternalEntityTable<Entry, size>::GenericSweep(Space* space) {
   // We cannot remove the segments while iterating over the segments set, so
   // defer that until now.
   for (auto segment : segments_to_deallocate) {
-    FreeTableSegment(segment);
+    // Segment zero is reserved.
+    DCHECK_NE(segment.number(), 0);
+    this->FreeTableSegment(segment);
     space->segments_.erase(segment);
   }
 
@@ -429,28 +353,6 @@ uint32_t ExternalEntityTable<Entry, size>::GenericSweep(Space* space) {
   return num_live_entries;
 }
 
-template <typename Entry, size_t size>
-typename ExternalEntityTable<Entry, size>::Segment
-ExternalEntityTable<Entry, size>::AllocateTableSegment() {
-  Address start =
-      vas_->AllocatePages(VirtualAddressSpace::kNoHint, kSegmentSize,
-                          kSegmentSize, PagePermissions::kReadWrite);
-  if (!start) {
-    V8::FatalProcessOutOfMemory(nullptr,
-                                "ExternalEntityTable::AllocateSegment");
-  }
-  uint32_t offset = static_cast<uint32_t>((start - vas_->base()));
-  return Segment::At(offset);
-}
-
-template <typename Entry, size_t size>
-void ExternalEntityTable<Entry, size>::FreeTableSegment(Segment segment) {
-  // Segment zero is reserved.
-  DCHECK_NE(segment.number(), 0);
-  Address segment_start = vas_->base() + segment.offset();
-  vas_->FreePages(segment_start, kSegmentSize);
-}
-
 template <typename Entry, size_t size>
 template <typename Callback>
 void ExternalEntityTable<Entry, size>::IterateEntriesIn(Space* space,
@@ -465,11 +367,6 @@ void ExternalEntityTable<Entry, size>::IterateEntriesIn(Space* space,
   }
 }
 
-template <typename Entry, size_t size>
-ExternalEntityTable<Entry, size>::WriteIterator::WriteIterator(Entry* base,
-                                                               uint32_t index)
-    : base_(base), index_(index), write_scope_("pointer table write") {}
-
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/src/sandbox/external-entity-table.h b/deps/v8/src/sandbox/external-entity-table.h
index c08a6f4ae7d367..ecc6ee3492b141 100644
--- a/deps/v8/src/sandbox/external-entity-table.h
+++ b/deps/v8/src/sandbox/external-entity-table.h
@@ -14,6 +14,7 @@
 #include "src/base/platform/mutex.h"
 #include "src/common/code-memory-access.h"
 #include "src/common/globals.h"
+#include "src/common/segmented-table.h"
 
 #ifdef V8_COMPRESS_POINTERS
 
@@ -43,92 +44,18 @@ class Isolate;
  * (for example 64kb memory chunks) that are grouped together in "Spaces". All
  * segments in a space share a freelist, and so entry allocation and garbage
  * collection happen on the level of spaces.
- *
- * The Entry type defines how the freelist is represented. For that, it must
- * implement the following methods:
- * - void MakeFreelistEntry(uint32_t next_entry_index)
- * - uint32_t GetNextFreelistEntry()
  */
 template <typename Entry, size_t size>
-class V8_EXPORT_PRIVATE ExternalEntityTable {
+class V8_EXPORT_PRIVATE ExternalEntityTable
+    : public SegmentedTable<Entry, size> {
  protected:
-  static constexpr bool IsWriteProtected = Entry::IsWriteProtected;
-  static constexpr int kEntrySize = sizeof(Entry);
-  static constexpr size_t kReservationSize = size;
-  static constexpr size_t kMaxCapacity = kReservationSize / kEntrySize;
-
-  // For managing the table's backing memory, the table is partitioned into
-  // segments of this size. Segments can then be allocated and freed using the
-  // AllocateTableSegment() and FreeTableSegment() routines.
-  static constexpr size_t kSegmentSize = 64 * KB;
-  static constexpr size_t kEntriesPerSegment = kSegmentSize / kEntrySize;
-
-  // Struct representing a segment of the table.
-  struct Segment {
-   public:
-    // Initialize a segment given its number.
-    explicit Segment(uint32_t number) : number_(number) {}
-
-    // Returns the segment starting at the specified offset from the base of the
-    // table.
-    static Segment At(uint32_t offset);
-
-    // Returns the segment containing the entry at the given index.
-    static Segment Containing(uint32_t entry_index);
-
-    // The segments of a table are numbered sequentially. This method returns
-    // the number of this segment.
-    uint32_t number() const { return number_; }
-
-    // Returns the offset of this segment from the table base.
-    uint32_t offset() const { return number_ * kSegmentSize; }
-
-    // Returns the index of the first entry in this segment.
-    uint32_t first_entry() const { return number_ * kEntriesPerSegment; }
-
-    // Return the index of the last entry in this segment.
-    uint32_t last_entry() const {
-      return first_entry() + kEntriesPerSegment - 1;
-    }
-
-    // Segments are ordered by their id/offset.
-    bool operator<(const Segment& other) const {
-      return number_ < other.number_;
-    }
-
-   private:
-    // A segment is identified by its number, which is its offset from the base
-    // of the table divided by the segment size.
-    const uint32_t number_;
-  };
-
-  // Struct representing the head of the freelist.
-  //
-  // An external entity table uses simple, singly-linked lists to manage free
-  // entries. Each entry on the freelist contains the 32-bit index of the next
-  // entry. The last entry points to zero.
-  struct FreelistHead {
-    constexpr FreelistHead() : next_(0), length_(0) {}
-    constexpr FreelistHead(uint32_t next, uint32_t length)
-        : next_(next), length_(length) {}
-
-    // Returns the index of the next entry on the freelist.
-    // If the freelist is empty, this returns zero.
-    uint32_t next() const { return next_; }
-
-    // Returns the total length of the freelist.
-    uint32_t length() const { return length_; }
-
-    bool is_empty() const { return length_ == 0; }
-
-   private:
-    uint32_t next_;
-    uint32_t length_;
-  };
-
-  // We expect the FreelistHead struct to fit into a single atomic word.
-  // Otherwise, access to it would be slow.
-  static_assert(std::atomic<FreelistHead>::is_always_lock_free);
+  using Base = SegmentedTable<Entry, size>;
+  using FreelistHead = Base::FreelistHead;
+  using Segment = Base::Segment;
+  using WriteIterator = Base::WriteIterator;
+  static constexpr size_t kSegmentSize = Base::kSegmentSize;
+  static constexpr size_t kEntriesPerSegment = Base::kEntriesPerSegment;
+  static constexpr size_t kEntrySize = Base::kEntrySize;
 
   // A collection of segments in an external entity table.
   //
@@ -230,49 +157,6 @@ class V8_EXPORT_PRIVATE ExternalEntityTable {
   ExternalEntityTable(const ExternalEntityTable&) = delete;
   ExternalEntityTable& operator=(const ExternalEntityTable&) = delete;
 
-  // This Iterator also acts as a scope object to temporarily lift any
-  // write-protection (if IsWriteProtected is true).
-  class WriteIterator {
-   public:
-    explicit WriteIterator(Entry* base, uint32_t index);
-
-    uint32_t index() const { return index_; }
-    Entry* operator->() { return &base_[index_]; }
-    Entry& operator*() { return base_[index_]; }
-    WriteIterator& operator++() {
-      index_++;
-      DCHECK_LT(index_, size);
-      return *this;
-    }
-    WriteIterator& operator--() {
-      DCHECK_GT(index_, 0);
-      index_--;
-      return *this;
-    }
-
-   private:
-    Entry* base_;
-    uint32_t index_;
-    std::conditional_t<IsWriteProtected, CFIMetadataWriteScope,
-                       NopRwxMemoryWriteScope>
-        write_scope_;
-  };
-
-  // Access the entry at the specified index.
-  Entry& at(uint32_t index);
-  const Entry& at(uint32_t index) const;
-
-  // Returns an iterator that can be used to perform multiple write operations
-  // without switching the write-protections all the time (if IsWriteProtected
-  // is true).
-  WriteIterator iter_at(uint32_t index);
-
-  // Returns true if this table has been initialized.
-  bool is_initialized() const;
-
-  // Returns the base address of this table.
-  Address base() const;
-
   // Allocates a new entry in the given space and return its index.
   //
   // If there are no free entries, then this will extend the space by
@@ -315,17 +199,6 @@ class V8_EXPORT_PRIVATE ExternalEntityTable {
   // Returns the number of live entries after sweeping.
   uint32_t GenericSweep(Space* space);
 
-  // Allocate a new segment in this table.
-  //
-  // The memory of the newly allocated segment is guaranteed to be
-  // zero-initialized.
-  Segment AllocateTableSegment();
-
-  // Free the specified segment of this table.
-  //
-  // The memory of this segment will afterwards be inaccessible.
-  void FreeTableSegment(Segment segment);
-
   // Iterate over all entries in the given space.
   //
   // The callback function will be invoked for every entry and be passed the
@@ -388,18 +261,7 @@ class V8_EXPORT_PRIVATE ExternalEntityTable {
   void SealReadOnlySegment();
 
   // Extends the given space with the given segment.
-  FreelistHead Extend(Space* space, Segment segment);
-
-  // The pointer to the base of the virtual address space backing this table.
-  // All entry accesses happen through this pointer.
-  // It is equivalent to |vas_->base()| and is effectively const after
-  // initialization since the backing memory is never reallocated.
-  Entry* base_ = nullptr;
-
-  // The virtual address space backing this table.
-  // This is used to manage the underlying OS pages, in particular to allocate
-  // and free the segments that make up the table.
-  VirtualAddressSpace* vas_ = nullptr;
+  void Extend(Space* space, Segment segment, FreelistHead freelist);
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/sandbox/indirect-pointer-inl.h b/deps/v8/src/sandbox/indirect-pointer-inl.h
index 4460db0dc0027c..43d0ae96db5180 100644
--- a/deps/v8/src/sandbox/indirect-pointer-inl.h
+++ b/deps/v8/src/sandbox/indirect-pointer-inl.h
@@ -65,18 +65,16 @@ V8_INLINE Tagged<Object> ResolveCodePointerHandle(
 
 template <IndirectPointerTag tag>
 V8_INLINE Tagged<Object> ReadIndirectPointerField(Address field_address,
-                                                  IsolateForSandbox isolate) {
+                                                  IsolateForSandbox isolate,
+                                                  AcquireLoadTag) {
 #ifdef V8_ENABLE_SANDBOX
   // Load the indirect pointer handle from the object.
+  // Technically, we could use memory_order_consume here as the loads are
+  // dependent, but that appears to be deprecated in favor of acquire ordering.
   auto location = reinterpret_cast<IndirectPointerHandle*>(field_address);
-  IndirectPointerHandle handle = base::AsAtomic32::Relaxed_Load(location);
-  DCHECK_NE(handle, kNullIndirectPointerHandle);
+  IndirectPointerHandle handle = base::AsAtomic32::Acquire_Load(location);
 
   // Resolve the handle. The tag implies the pointer table to use.
-  // Here we generally assume that the load from the table cannot be reordered
-  // before the load of the code object pointer due to the data dependency
-  // between the two loads and therefore use relaxed memory ordering, but
-  // technically we should use memory_order_consume here.
   if constexpr (tag == kUnknownIndirectPointerTag) {
     // In this case we need to check if the handle is a code pointer handle and
     // select the appropriate table based on that.
@@ -101,7 +99,8 @@ V8_INLINE Tagged<Object> ReadIndirectPointerField(Address field_address,
 
 template <IndirectPointerTag tag>
 V8_INLINE void WriteIndirectPointerField(Address field_address,
-                                         Tagged<ExposedTrustedObject> value) {
+                                         Tagged<ExposedTrustedObject> value,
+                                         ReleaseStoreTag) {
 #ifdef V8_ENABLE_SANDBOX
   static_assert(tag != kIndirectPointerNullTag);
   IndirectPointerHandle handle = value->self_indirect_pointer_handle();
diff --git a/deps/v8/src/sandbox/indirect-pointer-tag.h b/deps/v8/src/sandbox/indirect-pointer-tag.h
index bf8130eb67719e..6b364e14c3ad10 100644
--- a/deps/v8/src/sandbox/indirect-pointer-tag.h
+++ b/deps/v8/src/sandbox/indirect-pointer-tag.h
@@ -51,15 +51,15 @@ constexpr uint64_t kIndirectPointerTagMaskWithoutFreeEntryBit =
     0x7f7f000000000000;
 
 // Format is (name, instance type, tag id)
-#define INDIRECT_POINTER_TAG_LIST(V)                              \
-  V(kCodeIndirectPointerTag, CODE_TYPE, 1)                        \
-  V(kBytecodeArrayIndirectPointerTag, BYTECODE_ARRAY_TYPE, 2)     \
-  V(kInterpreterDataIndirectPointerTag, INTERPRETER_DATA_TYPE, 3) \
-  IF_WASM(V, kWasmTrustedInstanceDataIndirectPointerTag,          \
-          WASM_TRUSTED_INSTANCE_DATA_TYPE, 4)                     \
-  IF_WASM(V, kWasmInternalFunctionIndirectPointerTag,             \
-          WASM_INTERNAL_FUNCTION_TYPE, 5)                         \
-  IF_WASM(V, kWasmFunctionDataIndirectPointerTag, WASM_FUNCTION_DATA_TYPE, 6)
+#define INDIRECT_POINTER_TAG_LIST(V)                        \
+  V(kCodeIndirectPointerTag, 1)                             \
+  V(kBytecodeArrayIndirectPointerTag, 2)                    \
+  V(kInterpreterDataIndirectPointerTag, 3)                  \
+  V(kUncompiledDataIndirectPointerTag, 4)                   \
+  V(kRegExpDataIndirectPointerTag, 5)                       \
+  IF_WASM(V, kWasmTrustedInstanceDataIndirectPointerTag, 6) \
+  IF_WASM(V, kWasmInternalFunctionIndirectPointerTag, 7)    \
+  IF_WASM(V, kWasmFunctionDataIndirectPointerTag, 8)
 
 #define MAKE_TAG(i) \
   (kAllTagsForAndBasedTypeChecking[i] << kIndirectPointerTagShift)
@@ -108,14 +108,13 @@ enum IndirectPointerTag : uint64_t {
   kFreeTrustedPointerTableEntryTag = kTrustedPointerTableFreeEntryBit,
 
 // "Regular" tags. One per supported instance type.
-#define INDIRECT_POINTER_TAG_ENUM_DECL(name, instance_type, tag_id) \
-  name = MAKE_TAG(tag_id),
+#define INDIRECT_POINTER_TAG_ENUM_DECL(name, tag_id) name = MAKE_TAG(tag_id),
   INDIRECT_POINTER_TAG_LIST(INDIRECT_POINTER_TAG_ENUM_DECL)
 #undef INDIRECT_POINTER_TAG_ENUM_DECL
 };
 
-#define VALIDATE_INDIRECT_POINTER_TAG(name, instance_type, tag_id) \
-  static_assert((name & kIndirectPointerTagMask) == name);         \
+#define VALIDATE_INDIRECT_POINTER_TAG(name, tag_id)        \
+  static_assert((name & kIndirectPointerTagMask) == name); \
   static_assert((name & kIndirectPointerTagMaskWithoutFreeEntryBit) == name);
 INDIRECT_POINTER_TAG_LIST(VALIDATE_INDIRECT_POINTER_TAG)
 #undef VALIDATE_INDIRECT_POINTER_TAG
@@ -125,7 +124,7 @@ static_assert((kFreeTrustedPointerTableEntryTag &
                kIndirectPointerTagMaskWithoutFreeEntryBit) == 0);
 
 V8_INLINE constexpr bool IsValidIndirectPointerTag(IndirectPointerTag tag) {
-#define VALID_INDIRECT_POINTER_TAG_CASE(tag, instance_type, tag_id) case tag:
+#define VALID_INDIRECT_POINTER_TAG_CASE(tag, tag_id) case tag:
   switch (tag) {
     INDIRECT_POINTER_TAG_LIST(VALID_INDIRECT_POINTER_TAG_CASE)
     return true;
@@ -152,27 +151,41 @@ static_assert(!IsValidIndirectPointerTag(kIndirectPointerNullTag));
 
 V8_INLINE IndirectPointerTag
 IndirectPointerTagFromInstanceType(InstanceType instance_type) {
-  uint64_t raw = 0;
   switch (instance_type) {
-#define CASE(name, instance_type, tag_id) \
-  case instance_type:                     \
-    raw = MAKE_TAG(tag_id);               \
-    break;
-    INDIRECT_POINTER_TAG_LIST(CASE)
-#undef CASE
+    case CODE_TYPE:
+      return kCodeIndirectPointerTag;
+    case BYTECODE_ARRAY_TYPE:
+      return kBytecodeArrayIndirectPointerTag;
+    case INTERPRETER_DATA_TYPE:
+      return kInterpreterDataIndirectPointerTag;
+    case UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE:
+    case UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE:
+    case UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_WITH_JOB_TYPE:
+    case UNCOMPILED_DATA_WITH_PREPARSE_DATA_AND_JOB_TYPE:
+      // TODO(saelo): Consider adding support for inheritance hierarchies in
+      // our tag checking mechanism.
+      return kUncompiledDataIndirectPointerTag;
+    case ATOM_REG_EXP_DATA_TYPE:
+    case IR_REG_EXP_DATA_TYPE:
+      // TODO(saelo): Consider adding support for inheritance hierarchies in
+      // our tag checking mechanism.
+      return kRegExpDataIndirectPointerTag;
 #if V8_ENABLE_WEBASSEMBLY
+    case WASM_TRUSTED_INSTANCE_DATA_TYPE:
+      return kWasmTrustedInstanceDataIndirectPointerTag;
+    case WASM_INTERNAL_FUNCTION_TYPE:
+      return kWasmInternalFunctionIndirectPointerTag;
+    case WASM_FUNCTION_DATA_TYPE:
     case WASM_EXPORTED_FUNCTION_DATA_TYPE:
     case WASM_JS_FUNCTION_DATA_TYPE:
     case WASM_CAPI_FUNCTION_DATA_TYPE:
       // TODO(saelo): Consider adding support for inheritance hierarchies in
       // our tag checking mechanism.
-      raw = kWasmFunctionDataIndirectPointerTag;
-      break;
+      return kWasmFunctionDataIndirectPointerTag;
 #endif  // V8_ENABLE_WEBASSEMBLY
     default:
       UNREACHABLE();
   }
-  return static_cast<IndirectPointerTag>(raw);
 }
 
 V8_INLINE InstanceType
diff --git a/deps/v8/src/sandbox/indirect-pointer.h b/deps/v8/src/sandbox/indirect-pointer.h
index 8e8802845bfec9..51878631a0540d 100644
--- a/deps/v8/src/sandbox/indirect-pointer.h
+++ b/deps/v8/src/sandbox/indirect-pointer.h
@@ -43,7 +43,8 @@ V8_INLINE void InitSelfIndirectPointerField(Address field_address,
 // Only available when the sandbox is enabled.
 template <IndirectPointerTag tag>
 V8_INLINE Tagged<Object> ReadIndirectPointerField(Address field_address,
-                                                  IsolateForSandbox isolate);
+                                                  IsolateForSandbox isolate,
+                                                  AcquireLoadTag);
 
 // Loads the 'self' IndirectPointerHandle from the given object and stores it
 // into the indirect pointer field. In this way, the field becomes a (indirect)
@@ -52,7 +53,8 @@ V8_INLINE Tagged<Object> ReadIndirectPointerField(Address field_address,
 // Only available when the sandbox is enabled.
 template <IndirectPointerTag tag>
 V8_INLINE void WriteIndirectPointerField(Address field_address,
-                                         Tagged<ExposedTrustedObject> value);
+                                         Tagged<ExposedTrustedObject> value,
+                                         ReleaseStoreTag);
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/sandbox/isolate-inl.h b/deps/v8/src/sandbox/isolate-inl.h
index 25bf4e7f3f0271..2127bf61410597 100644
--- a/deps/v8/src/sandbox/isolate-inl.h
+++ b/deps/v8/src/sandbox/isolate-inl.h
@@ -36,22 +36,12 @@ ExternalPointerTable::Space* IsolateForSandbox::GetExternalPointerTableSpaceFor(
 
 ExternalBufferTable& IsolateForSandbox::GetExternalBufferTableFor(
     ExternalBufferTag tag) {
-  DCHECK_NE(tag, kExternalBufferNullTag);
-  return IsSharedExternalBufferType(tag)
-             ? isolate_->shared_external_buffer_table()
-             : isolate_->external_buffer_table();
+  UNIMPLEMENTED();
 }
 
 ExternalBufferTable::Space* IsolateForSandbox::GetExternalBufferTableSpaceFor(
     ExternalBufferTag tag, Address host) {
-  DCHECK_NE(tag, kExternalBufferNullTag);
-
-  if (V8_UNLIKELY(IsSharedExternalBufferType(tag))) {
-    DCHECK(!ReadOnlyHeap::Contains(host));
-    return isolate_->shared_external_buffer_space();
-  }
-
-  return isolate_->heap()->external_buffer_space();
+  UNIMPLEMENTED();
 }
 
 CodePointerTable::Space* IsolateForSandbox::GetCodePointerTableSpaceFor(
@@ -61,11 +51,6 @@ CodePointerTable::Space* IsolateForSandbox::GetCodePointerTableSpaceFor(
              : isolate_->heap()->code_pointer_space();
 }
 
-JSDispatchTable::Space* IsolateForSandbox::GetJSDispatchTableSpaceFor(
-    Address owning_slot) {
-  return isolate_->heap()->js_dispatch_table_space();
-}
-
 TrustedPointerTable& IsolateForSandbox::GetTrustedPointerTable() {
   return isolate_->trusted_pointer_table();
 }
@@ -76,6 +61,13 @@ TrustedPointerTable::Space* IsolateForSandbox::GetTrustedPointerTableSpace() {
 
 #endif  // V8_ENABLE_SANDBOX
 
+#ifdef V8_ENABLE_LEAPTIERING
+JSDispatchTable::Space* IsolateForSandbox::GetJSDispatchTableSpaceFor(
+    Address owning_slot) {
+  return isolate_->heap()->js_dispatch_table_space();
+}
+#endif  // V8_ENABLE_LEAPTIERING
+
 template <typename IsolateT>
 IsolateForPointerCompression::IsolateForPointerCompression(IsolateT* isolate)
 #ifdef V8_COMPRESS_POINTERS
diff --git a/deps/v8/src/sandbox/js-dispatch-table-inl.h b/deps/v8/src/sandbox/js-dispatch-table-inl.h
index f6710b04de9971..5fcbcd8c64d04a 100644
--- a/deps/v8/src/sandbox/js-dispatch-table-inl.h
+++ b/deps/v8/src/sandbox/js-dispatch-table-inl.h
@@ -111,18 +111,33 @@ uint16_t JSDispatchTable::GetParameterCount(JSDispatchHandle handle) {
   return at(index).GetParameterCount();
 }
 
-void JSDispatchTable::Mark(Space* space, JSDispatchHandle handle) {
-  DCHECK(space->BelongsTo(this));
+void JSDispatchTable::Mark(JSDispatchHandle handle) {
+  uint32_t index = HandleToIndex(handle);
+
   // The null entry is immortal and immutable, so no need to mark it as alive.
   if (handle == kNullJSDispatchHandle) return;
 
-  uint32_t index = HandleToIndex(handle);
-  DCHECK(space->Contains(index));
-
   CFIMetadataWriteScope write_scope("JSDispatchTable write");
   at(index).Mark();
 }
 
+#ifdef DEBUG
+void JSDispatchTable::VerifyEntry(JSDispatchHandle handle, Space* space,
+                                  Space* ro_space) {
+  DCHECK(space->BelongsTo(this));
+  DCHECK(ro_space->BelongsTo(this));
+  if (handle == kNullJSDispatchHandle) {
+    return;
+  }
+  uint32_t index = HandleToIndex(handle);
+  if (ro_space->Contains(index)) {
+    DCHECK(at(index).IsMarked());
+  } else {
+    DCHECK(space->Contains(index));
+  }
+}
+#endif  // DEBUG
+
 template <typename Callback>
 void JSDispatchTable::IterateActiveEntriesIn(Space* space, Callback callback) {
   IterateEntriesIn(space, [&](uint32_t index) {
diff --git a/deps/v8/src/sandbox/js-dispatch-table.cc b/deps/v8/src/sandbox/js-dispatch-table.cc
index 256150249b0876..e44a536405f1c6 100644
--- a/deps/v8/src/sandbox/js-dispatch-table.cc
+++ b/deps/v8/src/sandbox/js-dispatch-table.cc
@@ -15,14 +15,6 @@
 namespace v8 {
 namespace internal {
 
-void JSDispatchTable::Initialize() {
-  ExternalEntityTable<JSDispatchEntry,
-                      kJSDispatchTableReservationSize>::Initialize();
-  CHECK(ThreadIsolation::WriteProtectMemory(
-      base(), kJSDispatchTableReservationSize,
-      PageAllocator::Permission::kNoAccess));
-}
-
 Tagged<Code> JSDispatchTable::GetCode(JSDispatchHandle handle) {
   uint32_t index = HandleToIndex(handle);
   Address ptr = at(index).GetCodePointer();
@@ -43,6 +35,7 @@ void JSDispatchTable::SetCode(JSDispatchHandle handle, Tagged<Code> new_code) {
 
   uint32_t index = HandleToIndex(handle);
   Address new_entrypoint = new_code->instruction_start();
+  CFIMetadataWriteScope write_scope("JSDispatchTable update");
   at(index).SetCodeAndEntrypointPointer(new_code.ptr(), new_entrypoint);
 }
 
@@ -50,12 +43,18 @@ JSDispatchHandle JSDispatchTable::AllocateAndInitializeEntry(
     Space* space, uint16_t parameter_count) {
   DCHECK(space->BelongsTo(this));
   uint32_t index = AllocateEntry(space);
-  CFIMetadataWriteScope write_scope("JSDispatchTable write");
+  CFIMetadataWriteScope write_scope("JSDispatchTable initialize");
   at(index).MakeJSDispatchEntry(kNullAddress, kNullAddress, parameter_count,
                                 space->allocate_black());
   return IndexToHandle(index);
 }
 
+bool JSDispatchTable::HasCode(JSDispatchHandle handle) {
+  uint32_t index = HandleToIndex(handle);
+  Address ptr = at(index).GetCodePointer();
+  return ptr != kTaggedNullAddress;
+}
+
 uint32_t JSDispatchTable::Sweep(Space* space, Counters* counters) {
   uint32_t num_live_entries = GenericSweep(space);
   // TODO(saelo): once we actually store HeapObject pointers in table entries,
@@ -65,8 +64,6 @@ uint32_t JSDispatchTable::Sweep(Space* space, Counters* counters) {
   return num_live_entries;
 }
 
-DEFINE_LAZY_LEAKY_OBJECT_GETTER(JSDispatchTable, GetProcessWideJSDispatchTable)
-
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/src/sandbox/js-dispatch-table.h b/deps/v8/src/sandbox/js-dispatch-table.h
index 4ac28e79c48aeb..79e47da7b2f0f5 100644
--- a/deps/v8/src/sandbox/js-dispatch-table.h
+++ b/deps/v8/src/sandbox/js-dispatch-table.h
@@ -66,6 +66,8 @@ struct JSDispatchEntry {
   // Test whether this entry is currently marked as alive.
   inline bool IsMarked() const;
 
+  static constexpr uint32_t kObjectPointerShift = 16;
+
  private:
   friend class JSDispatchTable;
 
@@ -86,7 +88,6 @@ struct JSDispatchEntry {
   // +------------------------+-------------+-----------------+
   //
   static constexpr Address kMarkingBit = 1 << 16;
-  static constexpr uint32_t kObjectPointerShift = 16;
   static constexpr uint32_t kParameterCountMask = 0xffff;
   std::atomic<Address> encoded_word_;
 
@@ -121,6 +122,9 @@ static_assert(sizeof(JSDispatchEntry) == kJSDispatchTableEntrySize);
 class V8_EXPORT_PRIVATE JSDispatchTable
     : public ExternalEntityTable<JSDispatchEntry,
                                  kJSDispatchTableReservationSize> {
+  using Base =
+      ExternalEntityTable<JSDispatchEntry, kJSDispatchTableReservationSize>;
+
  public:
   // Size of a JSDispatchTable, for layout computation in IsolateData.
   static int constexpr kSize = 2 * kSystemPointerSize;
@@ -131,9 +135,7 @@ class V8_EXPORT_PRIVATE JSDispatchTable
   JSDispatchTable& operator=(const JSDispatchTable&) = delete;
 
   // The Spaces used by a JSDispatchTable.
-  using Space =
-      ExternalEntityTable<JSDispatchEntry, kJSDispatchTableReservationSize>::
-          SpaceWithBlackAllocationSupport;
+  using Space = Base::SpaceWithBlackAllocationSupport;
 
   // Retrieves the entrypoint of the entry referenced by the given handle.
   inline Address GetEntrypoint(JSDispatchHandle handle);
@@ -152,6 +154,7 @@ class V8_EXPORT_PRIVATE JSDispatchTable
   // entrypoint. The code must be compatible with the specified entry. In
   // particular, the two must use the same parameter count.
   void SetCode(JSDispatchHandle handle, Tagged<Code> new_code);
+  bool HasCode(JSDispatchHandle handle);
 
   // Allocates a new entry in the table and initialize it.
   //
@@ -162,7 +165,7 @@ class V8_EXPORT_PRIVATE JSDispatchTable
   // Marks the specified entry as alive.
   //
   // This method is atomic and can be called from background threads.
-  inline void Mark(Space* space, JSDispatchHandle handle);
+  inline void Mark(JSDispatchHandle handle);
 
   // Frees all unmarked entries in the given space.
   //
@@ -184,16 +187,50 @@ class V8_EXPORT_PRIVATE JSDispatchTable
   // The base address of this table, for use in JIT compilers.
   Address base_address() const { return base(); }
 
-  void Initialize();
+  static JSDispatchTable* instance() {
+    CheckInitialization(false);
+    return instance_nocheck();
+  }
+  static void Initialize() {
+    CheckInitialization(true);
+    instance_nocheck()->Base::Initialize();
+  }
+
+  static constexpr uintptr_t kEntryCodeObjectOffset =
+      offsetof(JSDispatchEntry, encoded_word_);
+  static constexpr uintptr_t kEntryEntrypointOffset =
+      offsetof(JSDispatchEntry, entrypoint_);
+
+#ifdef DEBUG
+  inline void VerifyEntry(JSDispatchHandle handle, Space* space,
+                          Space* ro_space);
+#endif  // DEBUG
 
  private:
+  static void CheckInitialization(bool is_initializing) {
+#ifdef DEBUG
+    static std::atomic<bool> initialized = false;
+    DCHECK_NE(is_initializing, initialized.load());
+    initialized.store(true);
+#endif
+  }
+
+  static JSDispatchTable* instance_nocheck() {
+    static ::v8::base::LeakyObject<JSDispatchTable> instance;
+    return instance.get();
+  }
+
   inline uint32_t HandleToIndex(JSDispatchHandle handle) const;
   inline JSDispatchHandle IndexToHandle(uint32_t index) const;
 };
 
 static_assert(sizeof(JSDispatchTable) == JSDispatchTable::kSize);
 
-V8_EXPORT_PRIVATE JSDispatchTable* GetProcessWideJSDispatchTable();
+// TODO(olivf): Remove this accessor and also unify implementation with
+// GetProcessWideCodePointerTable().
+V8_EXPORT_PRIVATE inline JSDispatchTable* GetProcessWideJSDispatchTable() {
+  return JSDispatchTable::instance();
+}
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/sandbox/trusted-pointer-table-inl.h b/deps/v8/src/sandbox/trusted-pointer-table-inl.h
index 122baa580883b5..58e150faf3f4d0 100644
--- a/deps/v8/src/sandbox/trusted-pointer-table-inl.h
+++ b/deps/v8/src/sandbox/trusted-pointer-table-inl.h
@@ -27,6 +27,11 @@ void TrustedPointerTableEntry::MakeFreelistEntry(uint32_t next_entry_index) {
   payload_.store(payload, std::memory_order_relaxed);
 }
 
+void TrustedPointerTableEntry::MakeZappedEntry() {
+  auto payload = Payload::ForZappedEntry();
+  payload_.store(payload, std::memory_order_relaxed);
+}
+
 Address TrustedPointerTableEntry::GetPointer(IndirectPointerTag tag) const {
   DCHECK(!IsFreelistEntry());
   return payload_.load(std::memory_order_relaxed).Untag(tag);
@@ -136,6 +141,11 @@ void TrustedPointerTable::Mark(Space* space, TrustedPointerHandle handle) {
   at(index).Mark();
 }
 
+void TrustedPointerTable::Zap(TrustedPointerHandle handle) {
+  uint32_t index = HandleToIndex(handle);
+  at(index).MakeZappedEntry();
+}
+
 template <typename Callback>
 void TrustedPointerTable::IterateActiveEntriesIn(Space* space,
                                                  Callback callback) {
diff --git a/deps/v8/src/sandbox/trusted-pointer-table.h b/deps/v8/src/sandbox/trusted-pointer-table.h
index b3204baecd801e..7a84cc1069d27f 100644
--- a/deps/v8/src/sandbox/trusted-pointer-table.h
+++ b/deps/v8/src/sandbox/trusted-pointer-table.h
@@ -37,6 +37,9 @@ struct TrustedPointerTableEntry {
   // on the freelist.
   inline void MakeFreelistEntry(uint32_t next_entry_index);
 
+  // Make this entry a zapped entry. Zapped entries contain invalid pointers.
+  inline void MakeZappedEntry();
+
   // Retrieve the pointer stored in this entry. This entry must be tagged with
   // the given tag, otherwise an inaccessible pointer will be returned.
   // This entry must not be a freelist entry.
@@ -97,6 +100,10 @@ struct TrustedPointerTableEntry {
       return Payload(next_entry, kFreeTrustedPointerTableEntryTag);
     }
 
+    static Payload ForZappedEntry() {
+      return Payload(0, kIndirectPointerNullTag);
+    }
+
    private:
     Payload(Address pointer, IndirectPointerTag tag)
         : TaggedPayload(pointer, tag) {}
@@ -169,6 +176,11 @@ class V8_EXPORT_PRIVATE TrustedPointerTable
   // Returns the number of live entries after sweeping.
   uint32_t Sweep(Space* space, Counters* counters);
 
+  // Zaps the content of the entry referenced by the given handle.
+  //
+  // Accessing a zapped entry will return an invalid pointer.
+  inline void Zap(TrustedPointerHandle handle);
+
   // Iterate over all active entries in the given space.
   //
   // The callback function will be invoked once for every entry that is
diff --git a/deps/v8/src/snapshot/code-serializer.cc b/deps/v8/src/snapshot/code-serializer.cc
index 04b71a59ca94e7..1f164b51de1274 100644
--- a/deps/v8/src/snapshot/code-serializer.cc
+++ b/deps/v8/src/snapshot/code-serializer.cc
@@ -124,8 +124,8 @@ void CodeSerializer::SerializeObjectImpl(Handle<HeapObject> obj,
   }
 
   if (InstanceTypeChecker::IsScript(instance_type)) {
-    Handle<FixedArray> host_options;
-    Handle<UnionOf<Smi, Symbol, Undefined>> context_data;
+    DirectHandle<FixedArray> host_options;
+    DirectHandle<UnionOf<Smi, Symbol, Undefined>> context_data;
     {
       DisallowGarbageCollection no_gc;
       Tagged<Script> script_obj = Cast<Script>(*obj);
@@ -140,10 +140,11 @@ void CodeSerializer::SerializeObjectImpl(Handle<HeapObject> obj,
           raw_context_data != roots.uninitialized_symbol()) {
         script_obj->set_context_data(roots.undefined_value());
       }
-      context_data = handle(raw_context_data, isolate());
+      context_data = direct_handle(raw_context_data, isolate());
       // We don't want to serialize host options to avoid serializing
       // unnecessary object graph.
-      host_options = handle(script_obj->host_defined_options(), isolate());
+      host_options =
+          direct_handle(script_obj->host_defined_options(), isolate());
       script_obj->set_host_defined_options(roots.empty_fixed_array());
     }
     SerializeGeneric(obj, slot_type);
@@ -155,7 +156,7 @@ void CodeSerializer::SerializeObjectImpl(Handle<HeapObject> obj,
     }
     return;
   } else if (InstanceTypeChecker::IsSharedFunctionInfo(instance_type)) {
-    Handle<DebugInfo> debug_info;
+    DirectHandle<DebugInfo> debug_info;
     CachedTieringDecision cached_tiering_decision;
     bool restore_bytecode = false;
     {
@@ -256,7 +257,7 @@ void CreateInterpreterDataForDeserializedCode(
     bool log_code_creation) {
   DCHECK_IMPLIES(log_code_creation, isolate->NeedsSourcePositions());
 
-  Handle<Script> script(Cast<Script>(result_sfi->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(result_sfi->script()), isolate);
   if (log_code_creation) Script::InitLineEnds(isolate, script);
 
   Tagged<String> name = ReadOnlyRoots(isolate).empty_string();
@@ -345,7 +346,7 @@ void FinalizeDeserialization(Isolate* isolate,
                                              log_code_creation);
   }
 
-  Handle<Script> script(Cast<Script>(result->script()), isolate);
+  DirectHandle<Script> script(Cast<Script>(result->script()), isolate);
   // Reset the script details, including host-defined options.
   {
     DisallowGarbageCollection no_gc;
@@ -402,8 +403,7 @@ void BaselineBatchCompileIfSparkplugCompiled(Isolate* isolate,
     SharedFunctionInfo::ScriptIterator iter(isolate, script);
     for (Tagged<SharedFunctionInfo> info = iter.Next(); !info.is_null();
          info = iter.Next()) {
-      if (info->cached_tiering_decision() != CachedTieringDecision::kPending &&
-          CanCompileWithBaseline(isolate, info)) {
+      if (info->sparkplug_compiled() && CanCompileWithBaseline(isolate, info)) {
         isolate->baseline_batch_compiler()->EnqueueSFI(info);
       }
     }
@@ -492,7 +492,7 @@ MaybeHandle<SharedFunctionInfo> CodeSerializer::Deserialize(
     BackgroundMergeTask merge;
     merge.SetUpOnMainThread(isolate, cached_script);
     CHECK(merge.HasPendingBackgroundWork());
-    Handle<Script> new_script = handle(Cast<Script>(result->script()), isolate);
+    DirectHandle<Script> new_script(Cast<Script>(result->script()), isolate);
     merge.BeginMergeInBackground(isolate->AsLocalIsolate(), new_script);
     CHECK(merge.HasPendingForegroundWork());
     result = merge.CompleteMergeInForeground(isolate, new_script);
@@ -618,14 +618,15 @@ MaybeHandle<SharedFunctionInfo> CodeSerializer::FinishOffThreadDeserialize(
   if (background_merge_task &&
       background_merge_task->HasPendingForegroundWork()) {
     DCHECK_EQ(data.scripts.size(), 1);
-    Handle<Script> script = data.scripts[0];
-    result = background_merge_task->CompleteMergeInForeground(isolate, script);
+    DirectHandle<Script> new_script = data.scripts[0];
+    result =
+        background_merge_task->CompleteMergeInForeground(isolate, new_script);
     DCHECK(Object::StrictEquals(Cast<Script>(result->script())->source(),
                                 *source));
     DCHECK(isolate->factory()->script_list()->Contains(
         MakeWeak(result->script())));
   } else {
-    Handle<Script> script(Cast<Script>(result->script()), isolate);
+    DirectHandle<Script> script(Cast<Script>(result->script()), isolate);
     // Fix up the source on the script. This should be the only deserialized
     // script, and the off-thread deserializer should have set its source to
     // the empty string.
diff --git a/deps/v8/src/snapshot/deserializer.cc b/deps/v8/src/snapshot/deserializer.cc
index 7bc0586cd37490..3d11f48c480162 100644
--- a/deps/v8/src/snapshot/deserializer.cc
+++ b/deps/v8/src/snapshot/deserializer.cc
@@ -622,16 +622,6 @@ void Deserializer<IsolateT>::PostProcessNewObject(DirectHandle<Map> map,
                                                        nullptr);
   } else if (InstanceTypeChecker::IsScript(instance_type)) {
     LogScriptEvents(Cast<Script>(*obj));
-  } else if (InstanceTypeChecker::IsFeedbackCell(instance_type)) {
-#ifdef V8_ENABLE_LEAPTIERING
-    // This is only needed for some serializer tests. Normally we will only see
-    // JSFunctions referencing the ManyClosuresCell here, which always has a
-    // null dispatch handle.
-    // For now it's fine to just clear the handle here. In the future, we may
-    // have to correctly copy the entry here, or when deserializing the
-    // corresponding JSFunction.
-    Cast<FeedbackCell>(raw_obj)->clear_dispatch_handle();
-#endif  // V8_ENABLE_LEAPTIERING
   }
 }
 
diff --git a/deps/v8/src/snapshot/embedded/embedded-empty.cc b/deps/v8/src/snapshot/embedded/embedded-empty.cc
index f518d52d94a7b3..94c6a584a4a2d1 100644
--- a/deps/v8/src/snapshot/embedded/embedded-empty.cc
+++ b/deps/v8/src/snapshot/embedded/embedded-empty.cc
@@ -15,3 +15,13 @@ const uint8_t v8_Default_embedded_blob_code_[1] = {0};
 uint32_t v8_Default_embedded_blob_code_size_ = 0;
 const uint8_t v8_Default_embedded_blob_data_[1] = {0};
 uint32_t v8_Default_embedded_blob_data_size_ = 0;
+
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/instruction-handlers.h"
+typedef void (*fun_ptr)();
+#define V(name)                       \
+  extern "C" fun_ptr Builtins_##name; \
+  fun_ptr Builtins_##name = nullptr;
+FOREACH_LOAD_STORE_INSTR_HANDLER(V)
+#undef V
+#endif  // V8_ENABLE_DRUMBRAKE
diff --git a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-base.h b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-base.h
index b89afc83dd880a..a2a1f9f0fe0b68 100644
--- a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-base.h
+++ b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-base.h
@@ -9,6 +9,10 @@
 #include <cstdio>  // For FILE.
 #include <memory>
 
+#if V8_ENABLE_DRUMBRAKE
+#include <string>
+#endif  // V8_ENABLE_DRUMBRAKE
+
 namespace v8 {
 namespace internal {
 
@@ -103,6 +107,16 @@ class PlatformEmbeddedFileWriterBase {
 std::unique_ptr<PlatformEmbeddedFileWriterBase> NewPlatformEmbeddedFileWriter(
     const char* target_arch, const char* target_os);
 
+#if V8_ENABLE_DRUMBRAKE
+inline bool IsDrumBrakeInstructionHandler(const char* name) {
+  std::string builtin_name(name);
+  return builtin_name.find("Builtins_r2r_") == 0 ||
+         builtin_name.find("Builtins_r2s_") == 0 ||
+         builtin_name.find("Builtins_s2r_") == 0 ||
+         builtin_name.find("Builtins_s2s_") == 0;
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-generic.cc b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-generic.cc
index 704109e6de42e9..c0ccc49203f112 100644
--- a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-generic.cc
+++ b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-generic.cc
@@ -114,7 +114,11 @@ void PlatformEmbeddedFileWriterGeneric::SourceInfo(int fileid,
 
 void PlatformEmbeddedFileWriterGeneric::DeclareFunctionBegin(const char* name,
                                                              uint32_t size) {
-  if (ENABLE_CONTROL_FLOW_INTEGRITY_BOOL) {
+  if (ENABLE_CONTROL_FLOW_INTEGRITY_BOOL
+#if V8_ENABLE_DRUMBRAKE
+      || IsDrumBrakeInstructionHandler(name)
+#endif  // V8_ENABLE_DRUMBRAKE
+  ) {
     DeclareSymbolGlobal(name);
   }
 
diff --git a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-win.cc b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-win.cc
index 39a99354a8a4f1..a1b389cc98e5a1 100644
--- a/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-win.cc
+++ b/deps/v8/src/snapshot/embedded/platform-embedded-file-writer-win.cc
@@ -655,7 +655,11 @@ void PlatformEmbeddedFileWriterWin::DeclareFunctionBegin(const char* name,
                                                          uint32_t size) {
   DeclareLabel(name);
 
-  if (target_arch_ == EmbeddedTargetArch::kArm64) {
+  if (target_arch_ == EmbeddedTargetArch::kArm64
+#if V8_ENABLE_DRUMBRAKE
+      || IsDrumBrakeInstructionHandler(name)
+#endif  // V8_ENABLE_DRUMBRAKE
+  ) {
     // Windows ARM64 assembly is in GAS syntax, but ".type" is invalid directive
     // in PE/COFF for Windows.
     DeclareSymbolGlobal(name);
diff --git a/deps/v8/src/snapshot/serializer.cc b/deps/v8/src/snapshot/serializer.cc
index 62de5cae66899e..ea593e96151056 100644
--- a/deps/v8/src/snapshot/serializer.cc
+++ b/deps/v8/src/snapshot/serializer.cc
@@ -1257,6 +1257,31 @@ void Serializer::ObjectSerializer::VisitProtectedPointer(
   sink_->Put(kProtectedPointerPrefix, "ProtectedPointer");
   serializer_->SerializeObject(object, SlotType::kAnySlot);
 }
+
+void Serializer::ObjectSerializer::VisitJSDispatchTableEntry(
+    Tagged<HeapObject> host, JSDispatchHandle handle) {
+#ifdef V8_ENABLE_LEAPTIERING
+  // New dispatch table entries will be allocated during deserialization if
+  // necessary. Here we just serialize an empty handle.
+  // TODO(saelo): we could also emit a kInitializeJSDispatchHandle opcode here
+  // and then allocate a dispatch entry during deserialization when we
+  // encounter that. That way we don't need to hook into object post
+  // processing. If the dispatch handle is empty, we would just skip it here
+  // (and would then serialize the raw null handle, which is correct).
+  // TODO(saelo): we might want to call OutputRawData here, but for that we
+  // first need to pass the slot address to this method (e.g. as part of a
+  // JSDispatchHandleSlot struct).
+  static_assert(kJSDispatchHandleSize % kTaggedSize == 0);
+  sink_->Put(
+      FixedRawDataWithSize::Encode(kJSDispatchHandleSize >> kTaggedSizeLog2),
+      "FixedRawData");
+  sink_->PutRaw(reinterpret_cast<const uint8_t*>(&kNullJSDispatchHandle),
+                kJSDispatchHandleSize, "empty js dispatch handle");
+  bytes_processed_so_far_ += kJSDispatchHandleSize;
+#else
+  UNREACHABLE();
+#endif  // V8_ENABLE_LEAPTIERING
+}
 namespace {
 
 // Similar to OutputRawData, but substitutes the given field with the given
diff --git a/deps/v8/src/snapshot/serializer.h b/deps/v8/src/snapshot/serializer.h
index 3db9afa295b6d2..d79c7ef5d4b1e5 100644
--- a/deps/v8/src/snapshot/serializer.h
+++ b/deps/v8/src/snapshot/serializer.h
@@ -497,6 +497,8 @@ class Serializer::ObjectSerializer : public ObjectVisitor {
                              ProtectedPointerSlot slot) override;
   void VisitCppHeapPointer(Tagged<HeapObject> host,
                            CppHeapPointerSlot slot) override;
+  void VisitJSDispatchTableEntry(Tagged<HeapObject> host,
+                                 JSDispatchHandle handle) override;
 
   Isolate* isolate() { return isolate_; }
 
diff --git a/deps/v8/src/snapshot/snapshot.cc b/deps/v8/src/snapshot/snapshot.cc
index e6afaf36d9e05a..3d82fc79c5567d 100644
--- a/deps/v8/src/snapshot/snapshot.cc
+++ b/deps/v8/src/snapshot/snapshot.cc
@@ -242,8 +242,12 @@ void Snapshot::ClearReconstructableDataForSerialization(
           }
         } else if (IsJSRegExp(o, cage_base)) {
           i::Tagged<i::JSRegExp> regexp = i::Cast<i::JSRegExp>(o);
-          if (regexp->HasCompiledCode()) {
-            regexp->DiscardCompiledCodeForSerialization();
+          if (regexp->has_data()) {
+            i::Tagged<i::RegExpData> data = regexp->data(isolate);
+            if (data->HasCompiledCode()) {
+              DCHECK(Is<IrRegExpData>(regexp->data(isolate)));
+              Cast<IrRegExpData>(data)->DiscardCompiledCodeForSerialization();
+            }
           }
         }
       }
diff --git a/deps/v8/src/snapshot/startup-serializer.cc b/deps/v8/src/snapshot/startup-serializer.cc
index 26c26f2638461d..4d4fb67e176ff7 100644
--- a/deps/v8/src/snapshot/startup-serializer.cc
+++ b/deps/v8/src/snapshot/startup-serializer.cc
@@ -139,7 +139,7 @@ void StartupSerializer::SerializeObjectImpl(Handle<HeapObject> obj,
     // Clear inferred name for native functions.
     auto shared = Cast<SharedFunctionInfo>(obj);
     if (!shared->IsSubjectToDebugging() && shared->HasUncompiledData()) {
-      shared->uncompiled_data()->set_inferred_name(
+      shared->uncompiled_data(isolate())->set_inferred_name(
           ReadOnlyRoots(isolate()).empty_string());
     }
   }
diff --git a/deps/v8/src/snapshot/static-roots-gen.cc b/deps/v8/src/snapshot/static-roots-gen.cc
index 8892c4b2ca9666..c689261991f7bb 100644
--- a/deps/v8/src/snapshot/static-roots-gen.cc
+++ b/deps/v8/src/snapshot/static-roots-gen.cc
@@ -114,6 +114,8 @@ void StaticRootsTableGen::write(Isolate* isolate, const char* file) {
   }
 
   out << "\n";
+  out << "  static constexpr Tagged_t kFirstAllocatedRoot = 0x" << std::hex
+      << gen.sorted_roots().cbegin()->first << std::dec << ";\n";
   out << "  static constexpr Tagged_t kLastAllocatedRoot = 0x" << std::hex
       << gen.sorted_roots().crbegin()->first << std::dec << ";\n";
   out << "};\n";
diff --git a/deps/v8/src/temporal/temporal-parser.cc b/deps/v8/src/temporal/temporal-parser.cc
index 229144e3d58784..f10626123441eb 100644
--- a/deps/v8/src/temporal/temporal-parser.cc
+++ b/deps/v8/src/temporal/temporal-parser.cc
@@ -4,13 +4,13 @@
 
 #include "src/temporal/temporal-parser.h"
 
+#include <optional>
+
 #include "src/base/bounds.h"
-#include "src/base/optional.h"
 #include "src/objects/string-inl.h"
 #include "src/strings/char-predicates-inl.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 namespace {
 
@@ -1373,23 +1373,23 @@ SATISIFY(TemporalDurationString, ParsedISO8601Duration)
 
 }  // namespace
 
-#define IMPL_PARSE_METHOD(R, NAME)                                           \
-  base::Optional<R> TemporalParser::Parse##NAME(Isolate* isolate,            \
-                                                Handle<String> iso_string) { \
-    bool valid;                                                              \
-    R parsed;                                                                \
-    iso_string = String::Flatten(isolate, iso_string);                       \
-    {                                                                        \
-      DisallowGarbageCollection no_gc;                                       \
-      String::FlatContent str_content = iso_string->GetFlatContent(no_gc);   \
-      if (str_content.IsOneByte()) {                                         \
-        valid = Satisfy##NAME(str_content.ToOneByteVector(), &parsed);       \
-      } else {                                                               \
-        valid = Satisfy##NAME(str_content.ToUC16Vector(), &parsed);          \
-      }                                                                      \
-    }                                                                        \
-    if (valid) return parsed;                                                \
-    return base::nullopt;                                                    \
+#define IMPL_PARSE_METHOD(R, NAME)                                          \
+  std::optional<R> TemporalParser::Parse##NAME(Isolate* isolate,            \
+                                               Handle<String> iso_string) { \
+    bool valid;                                                             \
+    R parsed;                                                               \
+    iso_string = String::Flatten(isolate, iso_string);                      \
+    {                                                                       \
+      DisallowGarbageCollection no_gc;                                      \
+      String::FlatContent str_content = iso_string->GetFlatContent(no_gc);  \
+      if (str_content.IsOneByte()) {                                        \
+        valid = Satisfy##NAME(str_content.ToOneByteVector(), &parsed);      \
+      } else {                                                              \
+        valid = Satisfy##NAME(str_content.ToUC16Vector(), &parsed);         \
+      }                                                                     \
+    }                                                                       \
+    if (valid) return parsed;                                               \
+    return std::nullopt;                                                    \
   }
 
 IMPL_PARSE_METHOD(ParsedISO8601Result, TemporalDateTimeString)
@@ -1403,5 +1403,4 @@ IMPL_PARSE_METHOD(ParsedISO8601Result, CalendarName)
 IMPL_PARSE_METHOD(ParsedISO8601Result, TimeZoneNumericUTCOffset)
 IMPL_PARSE_METHOD(ParsedISO8601Duration, TemporalDurationString)
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
diff --git a/deps/v8/src/temporal/temporal-parser.h b/deps/v8/src/temporal/temporal-parser.h
index bfcd90aef0e644..3f34d7e260fc29 100644
--- a/deps/v8/src/temporal/temporal-parser.h
+++ b/deps/v8/src/temporal/temporal-parser.h
@@ -5,11 +5,11 @@
 #ifndef V8_TEMPORAL_TEMPORAL_PARSER_H_
 #define V8_TEMPORAL_TEMPORAL_PARSER_H_
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/execution/isolate.h"
 
-namespace v8 {
-namespace internal {
+namespace v8::internal {
 
 /**
  * ParsedISO8601Result contains the parsed result of ISO 8601 grammar
@@ -133,8 +133,8 @@ struct ParsedISO8601Duration {
  */
 class V8_EXPORT_PRIVATE TemporalParser {
  public:
-#define DEFINE_PARSE_METHOD(R, NAME)                          \
-  V8_WARN_UNUSED_RESULT static base::Optional<R> Parse##NAME( \
+#define DEFINE_PARSE_METHOD(R, NAME)                         \
+  V8_WARN_UNUSED_RESULT static std::optional<R> Parse##NAME( \
       Isolate* isolate, Handle<String> iso_string)
   DEFINE_PARSE_METHOD(ParsedISO8601Result, TemporalDateString);
   DEFINE_PARSE_METHOD(ParsedISO8601Result, TemporalDateTimeString);
@@ -151,7 +151,6 @@ class V8_EXPORT_PRIVATE TemporalParser {
 };
 #undef DEFINE_PARSE_METHOD
 
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal
 
 #endif  // V8_TEMPORAL_TEMPORAL_PARSER_H_
diff --git a/deps/v8/src/torque/ast.h b/deps/v8/src/torque/ast.h
index 58e53d23eb6dcc..0371d25f4657b6 100644
--- a/deps/v8/src/torque/ast.h
+++ b/deps/v8/src/torque/ast.h
@@ -9,19 +9,17 @@
 #include <iostream>
 #include <map>
 #include <memory>
+#include <optional>
 #include <set>
 #include <string>
 #include <vector>
 
-#include "src/base/optional.h"
 #include "src/numbers/integer-literal.h"
 #include "src/torque/constants.h"
 #include "src/torque/source-positions.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 #define AST_EXPRESSION_NODE_KIND_LIST(V) \
   V(CallExpression)                      \
@@ -539,9 +537,9 @@ struct AssignmentExpression : Expression {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(AssignmentExpression)
   AssignmentExpression(SourcePosition pos, Expression* location,
                        Expression* value)
-      : AssignmentExpression(pos, location, base::nullopt, value) {}
+      : AssignmentExpression(pos, location, std::nullopt, value) {}
   AssignmentExpression(SourcePosition pos, Expression* location,
-                       base::Optional<std::string> op, Expression* value)
+                       std::optional<std::string> op, Expression* value)
       : Expression(kKind, pos),
         location(location),
         op(std::move(op)),
@@ -554,7 +552,7 @@ struct AssignmentExpression : Expression {
   }
 
   Expression* location;
-  base::Optional<std::string> op;
+  std::optional<std::string> op;
   Expression* value;
 };
 
@@ -704,7 +702,7 @@ struct ExpressionStatement : Statement {
 struct IfStatement : Statement {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(IfStatement)
   IfStatement(SourcePosition pos, bool is_constexpr, Expression* condition,
-              Statement* if_true, base::Optional<Statement*> if_false)
+              Statement* if_true, std::optional<Statement*> if_false)
       : Statement(kKind, pos),
         condition(condition),
         is_constexpr(is_constexpr),
@@ -713,7 +711,7 @@ struct IfStatement : Statement {
   Expression* condition;
   bool is_constexpr;
   Statement* if_true;
-  base::Optional<Statement*> if_false;
+  std::optional<Statement*> if_false;
 };
 
 struct WhileStatement : Statement {
@@ -726,9 +724,9 @@ struct WhileStatement : Statement {
 
 struct ReturnStatement : Statement {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(ReturnStatement)
-  ReturnStatement(SourcePosition pos, base::Optional<Expression*> value)
+  ReturnStatement(SourcePosition pos, std::optional<Expression*> value)
       : Statement(kKind, pos), value(value) {}
-  base::Optional<Expression*> value;
+  std::optional<Expression*> value;
 };
 
 struct DebugStatement : Statement {
@@ -762,10 +760,9 @@ struct TailCallStatement : Statement {
 
 struct VarDeclarationStatement : Statement {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(VarDeclarationStatement)
-  VarDeclarationStatement(
-      SourcePosition pos, bool const_qualified, Identifier* name,
-      base::Optional<TypeExpression*> type,
-      base::Optional<Expression*> initializer = base::nullopt)
+  VarDeclarationStatement(SourcePosition pos, bool const_qualified,
+                          Identifier* name, std::optional<TypeExpression*> type,
+                          std::optional<Expression*> initializer = std::nullopt)
       : Statement(kKind, pos),
         const_qualified(const_qualified),
         name(name),
@@ -773,8 +770,8 @@ struct VarDeclarationStatement : Statement {
         initializer(initializer) {}
   bool const_qualified;
   Identifier* name;
-  base::Optional<TypeExpression*> type;
-  base::Optional<Expression*> initializer;
+  std::optional<TypeExpression*> type;
+  std::optional<Expression*> initializer;
 };
 
 struct BreakStatement : Statement {
@@ -798,9 +795,9 @@ struct GotoStatement : Statement {
 
 struct ForLoopStatement : Statement {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(ForLoopStatement)
-  ForLoopStatement(SourcePosition pos, base::Optional<Statement*> declaration,
-                   base::Optional<Expression*> test,
-                   base::Optional<Statement*> action, Statement* body)
+  ForLoopStatement(SourcePosition pos, std::optional<Statement*> declaration,
+                   std::optional<Expression*> test,
+                   std::optional<Statement*> action, Statement* body)
       : Statement(kKind, pos),
         var_declaration(),
         test(std::move(test)),
@@ -809,9 +806,9 @@ struct ForLoopStatement : Statement {
     if (declaration)
       var_declaration = VarDeclarationStatement::cast(*declaration);
   }
-  base::Optional<VarDeclarationStatement*> var_declaration;
-  base::Optional<Expression*> test;
-  base::Optional<Statement*> action;
+  std::optional<VarDeclarationStatement*> var_declaration;
+  std::optional<Expression*> test;
+  std::optional<Statement*> action;
   Statement* body;
 };
 
@@ -877,8 +874,8 @@ struct AbstractTypeDeclaration : TypeDeclaration {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(AbstractTypeDeclaration)
   AbstractTypeDeclaration(SourcePosition pos, Identifier* name,
                           AbstractTypeFlags flags,
-                          base::Optional<TypeExpression*> extends,
-                          base::Optional<std::string> generates)
+                          std::optional<TypeExpression*> extends,
+                          std::optional<std::string> generates)
       : TypeDeclaration(kKind, pos, name),
         flags(flags),
         extends(extends),
@@ -891,8 +888,8 @@ struct AbstractTypeDeclaration : TypeDeclaration {
   bool IsTransient() const { return flags & AbstractTypeFlag::kTransient; }
 
   AbstractTypeFlags flags;
-  base::Optional<TypeExpression*> extends;
-  base::Optional<std::string> generates;
+  std::optional<TypeExpression*> extends;
+  std::optional<std::string> generates;
 };
 
 struct TypeAliasDeclaration : TypeDeclaration {
@@ -941,7 +938,7 @@ struct AnnotationParameter {
 
 struct Annotation {
   Identifier* name;
-  base::Optional<AnnotationParameter> param;
+  std::optional<AnnotationParameter> param;
 };
 
 struct ClassFieldIndexInfo {
@@ -955,7 +952,7 @@ struct ClassFieldIndexInfo {
 
 struct ClassFieldExpression {
   NameAndTypeExpression name_and_type;
-  base::Optional<ClassFieldIndexInfo> index;
+  std::optional<ClassFieldIndexInfo> index;
   std::vector<ConditionalAnnotation> conditions;
   bool custom_weak_marking;
   bool const_qualified;
@@ -992,7 +989,7 @@ struct CallableDeclaration : Declaration {
 struct MacroDeclaration : CallableDeclaration {
   DEFINE_AST_NODE_INNER_BOILERPLATE(MacroDeclaration)
   MacroDeclaration(AstNode::Kind kind, SourcePosition pos, bool transitioning,
-                   Identifier* name, base::Optional<std::string> op,
+                   Identifier* name, std::optional<std::string> op,
                    ParameterList parameters, TypeExpression* return_type,
                    const LabelAndTypesVector& labels)
       : CallableDeclaration(kind, pos, transitioning, name,
@@ -1003,14 +1000,14 @@ struct MacroDeclaration : CallableDeclaration {
           .Position(parameters.implicit_kind_pos);
     }
   }
-  base::Optional<std::string> op;
+  std::optional<std::string> op;
 };
 
 struct ExternalMacroDeclaration : MacroDeclaration {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(ExternalMacroDeclaration)
   ExternalMacroDeclaration(SourcePosition pos, bool transitioning,
                            std::string external_assembler_name,
-                           Identifier* name, base::Optional<std::string> op,
+                           Identifier* name, std::optional<std::string> op,
                            ParameterList parameters,
                            TypeExpression* return_type,
                            const LabelAndTypesVector& labels)
@@ -1035,16 +1032,16 @@ struct IntrinsicDeclaration : CallableDeclaration {
 struct TorqueMacroDeclaration : MacroDeclaration {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(TorqueMacroDeclaration)
   TorqueMacroDeclaration(SourcePosition pos, bool transitioning,
-                         Identifier* name, base::Optional<std::string> op,
+                         Identifier* name, std::optional<std::string> op,
                          ParameterList parameters, TypeExpression* return_type,
                          const LabelAndTypesVector& labels, bool export_to_csa,
-                         base::Optional<Statement*> body)
+                         std::optional<Statement*> body)
       : MacroDeclaration(kKind, pos, transitioning, name, std::move(op),
                          std::move(parameters), return_type, labels),
         export_to_csa(export_to_csa),
         body(body) {}
   bool export_to_csa;
-  base::Optional<Statement*> body;
+  std::optional<Statement*> body;
 };
 
 struct BuiltinDeclaration : CallableDeclaration {
@@ -1090,13 +1087,13 @@ struct TorqueBuiltinDeclaration : BuiltinDeclaration {
                            ParameterList parameters,
                            TypeExpression* return_type,
                            bool has_custom_interface_descriptor,
-                           base::Optional<Statement*> body)
+                           std::optional<Statement*> body)
       : BuiltinDeclaration(kKind, pos, javascript_linkage, transitioning, name,
                            std::move(parameters), return_type),
         has_custom_interface_descriptor(has_custom_interface_descriptor),
         body(body) {}
   bool has_custom_interface_descriptor;
-  base::Optional<Statement*> body;
+  std::optional<Statement*> body;
 };
 
 struct ExternalRuntimeDeclaration : CallableDeclaration {
@@ -1123,7 +1120,7 @@ struct ConstDeclaration : Declaration {
 
 struct GenericParameter {
   Identifier* name;
-  base::Optional<TypeExpression*> constraint;
+  std::optional<TypeExpression*> constraint;
 };
 
 using GenericParameters = std::vector<GenericParameter>;
@@ -1230,7 +1227,7 @@ struct ClassBody : AstNode {
 struct ClassDeclaration : TypeDeclaration {
   DEFINE_AST_NODE_LEAF_BOILERPLATE(ClassDeclaration)
   ClassDeclaration(SourcePosition pos, Identifier* name, ClassFlags flags,
-                   TypeExpression* super, base::Optional<std::string> generates,
+                   TypeExpression* super, std::optional<std::string> generates,
                    std::vector<Declaration*> methods,
                    std::vector<ClassFieldExpression> fields,
                    InstanceTypeConstraints instance_type_constraints)
@@ -1243,7 +1240,7 @@ struct ClassDeclaration : TypeDeclaration {
         instance_type_constraints(std::move(instance_type_constraints)) {}
   ClassFlags flags;
   TypeExpression* super;
-  base::Optional<std::string> generates;
+  std::optional<std::string> generates;
   std::vector<Declaration*> methods;
   std::vector<ClassFieldExpression> fields;
   InstanceTypeConstraints instance_type_constraints;
@@ -1324,7 +1321,7 @@ inline VarDeclarationStatement* MakeConstDeclarationStatement(
     std::string name, Expression* initializer) {
   return MakeNode<VarDeclarationStatement>(
       /*const_qualified=*/true, MakeNode<Identifier>(std::move(name)),
-      base::Optional<TypeExpression*>{}, initializer);
+      std::optional<TypeExpression*>{}, initializer);
 }
 
 inline BasicTypeExpression* MakeBasicTypeExpression(
@@ -1339,8 +1336,6 @@ inline StructExpression* MakeStructExpression(
   return MakeNode<StructExpression>(type, std::move(initializers));
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_AST_H_
diff --git a/deps/v8/src/torque/cc-generator.cc b/deps/v8/src/torque/cc-generator.cc
index 515116b3d2ff86..2a931f762148e7 100644
--- a/deps/v8/src/torque/cc-generator.cc
+++ b/deps/v8/src/torque/cc-generator.cc
@@ -4,17 +4,17 @@
 
 #include "src/torque/cc-generator.h"
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/torque/global-context.h"
 #include "src/torque/type-oracle.h"
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
-base::Optional<Stack<std::string>> CCGenerator::EmitGraph(
+std::optional<Stack<std::string>> CCGenerator::EmitGraph(
     Stack<std::string> parameters) {
   for (BottomOffset i = {0}; i < parameters.AboveTop(); ++i) {
     SetDefinitionVariable(DefinitionLocation::Parameter(i.offset),
@@ -35,7 +35,7 @@ base::Optional<Stack<std::string>> CCGenerator::EmitGraph(
     EmitBlock(block);
   }
 
-  base::Optional<Stack<std::string>> result;
+  std::optional<Stack<std::string>> result;
   if (cfg_.end()) {
     result = EmitBlock(*cfg_.end());
   }
@@ -448,7 +448,7 @@ void CCGenerator::EmitInstruction(const LoadBitFieldInstruction& instruction,
   decls() << "  " << instruction.bit_field.name_and_type.type->GetRuntimeType()
           << " " << result_name << "{}; USE(" << result_name << ");\n";
 
-  base::Optional<const Type*> smi_tagged_type =
+  std::optional<const Type*> smi_tagged_type =
       Type::MatchUnaryGeneric(struct_type, TypeOracle::GetSmiTaggedGeneric());
   if (smi_tagged_type) {
     // Get the untagged value and its type.
@@ -505,6 +505,4 @@ void CCGenerator::EmitCCValue(VisitResult result,
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/cc-generator.h b/deps/v8/src/torque/cc-generator.h
index 2b3031f228f450..c84252634af28d 100644
--- a/deps/v8/src/torque/cc-generator.h
+++ b/deps/v8/src/torque/cc-generator.h
@@ -5,18 +5,18 @@
 #ifndef V8_TORQUE_CC_GENERATOR_H_
 #define V8_TORQUE_CC_GENERATOR_H_
 
+#include <optional>
+
 #include "src/torque/torque-code-generator.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class CCGenerator : public TorqueCodeGenerator {
  public:
   CCGenerator(const ControlFlowGraph& cfg, std::ostream& out,
               bool is_cc_debug = false)
       : TorqueCodeGenerator(cfg, out), is_cc_debug_(is_cc_debug) {}
-  base::Optional<Stack<std::string>> EmitGraph(Stack<std::string> parameters);
+  std::optional<Stack<std::string>> EmitGraph(Stack<std::string> parameters);
 
   static void EmitCCValue(VisitResult result, const Stack<std::string>& values,
                           std::ostream& out);
@@ -42,8 +42,6 @@ class CCGenerator : public TorqueCodeGenerator {
 #undef EMIT_INSTRUCTION_DECLARATION
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_CC_GENERATOR_H_
diff --git a/deps/v8/src/torque/cfg.cc b/deps/v8/src/torque/cfg.cc
index 379e2d3e9736eb..13748bac1c0729 100644
--- a/deps/v8/src/torque/cfg.cc
+++ b/deps/v8/src/torque/cfg.cc
@@ -4,11 +4,11 @@
 
 #include "src/torque/cfg.h"
 
+#include <optional>
+
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 void Block::SetInputTypes(const Stack<const Type*>& input_types) {
   if (!input_types_) {
@@ -41,8 +41,8 @@ void Block::SetInputTypes(const Stack<const Type*>& input_types) {
   error << "incompatible types at branch:\n";
   for (intptr_t i = std::max(input_types_->Size(), input_types.Size()) - 1;
        i >= 0; --i) {
-    base::Optional<const Type*> left;
-    base::Optional<const Type*> right;
+    std::optional<const Type*> left;
+    std::optional<const Type*> right;
     if (static_cast<size_t>(i) < input_types.Size()) {
       left = input_types.Peek(BottomOffset{static_cast<size_t>(i)});
     }
@@ -112,7 +112,7 @@ void CfgAssembler::DropTo(BottomOffset new_level) {
 }
 
 StackRange CfgAssembler::Peek(StackRange range,
-                              base::Optional<const Type*> type) {
+                              std::optional<const Type*> type) {
   std::vector<const Type*> lowered_types;
   if (type) {
     lowered_types = LowerType(*type);
@@ -121,13 +121,13 @@ StackRange CfgAssembler::Peek(StackRange range,
   for (size_t i = 0; i < range.Size(); ++i) {
     Emit(PeekInstruction{
         range.begin() + i,
-        type ? lowered_types[i] : base::Optional<const Type*>{}});
+        type ? lowered_types[i] : std::optional<const Type*>{}});
   }
   return TopRange(range.Size());
 }
 
 void CfgAssembler::Poke(StackRange destination, StackRange origin,
-                        base::Optional<const Type*> type) {
+                        std::optional<const Type*> type) {
   DCHECK_EQ(destination.Size(), origin.Size());
   DCHECK_LE(destination.end(), origin.begin());
   DCHECK_EQ(origin.end(), CurrentStack().AboveTop());
@@ -139,7 +139,7 @@ void CfgAssembler::Poke(StackRange destination, StackRange origin,
   for (intptr_t i = origin.Size() - 1; i >= 0; --i) {
     Emit(PokeInstruction{
         destination.begin() + i,
-        type ? lowered_types[i] : base::Optional<const Type*>{}});
+        type ? lowered_types[i] : std::optional<const Type*>{}});
   }
 }
 
@@ -237,6 +237,4 @@ void CfgAssembler::ComputeInputDefinitions() {
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/cfg.h b/deps/v8/src/torque/cfg.h
index 33f803cc3acf7c..8cd6be3b3734a7 100644
--- a/deps/v8/src/torque/cfg.h
+++ b/deps/v8/src/torque/cfg.h
@@ -7,6 +7,7 @@
 
 #include <list>
 #include <memory>
+#include <optional>
 #include <unordered_map>
 #include <vector>
 
@@ -15,16 +16,14 @@
 #include "src/torque/source-positions.h"
 #include "src/torque/types.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class ControlFlowGraph;
 
 class Block {
  public:
   explicit Block(ControlFlowGraph* cfg, size_t id,
-                 base::Optional<Stack<const Type*>> input_types,
+                 std::optional<Stack<const Type*>> input_types,
                  bool is_deferred)
       : cfg_(cfg),
         input_types_(std::move(input_types)),
@@ -35,7 +34,7 @@ class Block {
     instructions_.push_back(std::move(instruction));
   }
 
-  bool HasInputTypes() const { return input_types_ != base::nullopt; }
+  bool HasInputTypes() const { return input_types_ != std::nullopt; }
   const Stack<const Type*>& InputTypes() const { return *input_types_; }
   void SetInputTypes(const Stack<const Type*>& input_types);
   void Retype() {
@@ -75,7 +74,7 @@ class Block {
     if (changed && worklist) worklist->Enqueue(this);
   }
   bool HasInputDefinitions() const {
-    return input_definitions_ != base::nullopt;
+    return input_definitions_ != std::nullopt;
   }
   const Stack<DefinitionLocation>& InputDefinitions() const {
     DCHECK(HasInputDefinitions());
@@ -87,8 +86,8 @@ class Block {
  private:
   ControlFlowGraph* cfg_;
   std::vector<Instruction> instructions_;
-  base::Optional<Stack<const Type*>> input_types_;
-  base::Optional<Stack<DefinitionLocation>> input_definitions_;
+  std::optional<Stack<const Type*>> input_types_;
+  std::optional<Stack<DefinitionLocation>> input_definitions_;
   const size_t id_;
   bool is_deferred_;
 };
@@ -100,7 +99,7 @@ class ControlFlowGraph {
     PlaceBlock(start_);
   }
 
-  Block* NewBlock(base::Optional<Stack<const Type*>> input_types,
+  Block* NewBlock(std::optional<Stack<const Type*>> input_types,
                   bool is_deferred) {
     blocks_.emplace_back(this, next_block_id_++, std::move(input_types),
                          is_deferred);
@@ -114,7 +113,7 @@ class ControlFlowGraph {
     placed_blocks_.erase(newEnd, placed_blocks_.end());
   }
   Block* start() const { return start_; }
-  base::Optional<Block*> end() const { return end_; }
+  std::optional<Block*> end() const { return end_; }
   void set_end(Block* end) { end_ = end; }
   void SetReturnType(TypeVector t) {
     if (!return_type_) {
@@ -140,8 +139,8 @@ class ControlFlowGraph {
   std::list<Block> blocks_;
   Block* start_;
   std::vector<Block*> placed_blocks_;
-  base::Optional<Block*> end_;
-  base::Optional<TypeVector> return_type_;
+  std::optional<Block*> end_;
+  std::optional<TypeVector> return_type_;
   size_t next_block_id_ = 0;
 };
 
@@ -160,9 +159,8 @@ class CfgAssembler {
     return cfg_;
   }
 
-  Block* NewBlock(
-      base::Optional<Stack<const Type*>> input_types = base::nullopt,
-      bool is_deferred = false) {
+  Block* NewBlock(std::optional<Stack<const Type*>> input_types = std::nullopt,
+                  bool is_deferred = false) {
     return cfg_.NewBlock(std::move(input_types), is_deferred);
   }
 
@@ -198,9 +196,9 @@ class CfgAssembler {
   // Delete the specified range of slots, moving upper slots to fill the gap.
   void DeleteRange(StackRange range);
   void DropTo(BottomOffset new_level);
-  StackRange Peek(StackRange range, base::Optional<const Type*> type);
+  StackRange Peek(StackRange range, std::optional<const Type*> type);
   void Poke(StackRange destination, StackRange origin,
-            base::Optional<const Type*> type);
+            std::optional<const Type*> type);
   void Print(std::string s);
   void AssertionFailure(std::string message);
   void Unreachable();
@@ -240,8 +238,6 @@ class V8_NODISCARD CfgAssemblerScopedTemporaryBlock {
   Block* saved_block_;
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_CFG_H_
diff --git a/deps/v8/src/torque/class-debug-reader-generator.cc b/deps/v8/src/torque/class-debug-reader-generator.cc
index f73234908c63bd..c38c16f41848c1 100644
--- a/deps/v8/src/torque/class-debug-reader-generator.cc
+++ b/deps/v8/src/torque/class-debug-reader-generator.cc
@@ -2,13 +2,13 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/flags/flags.h"
 #include "src/torque/implementation-visitor.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 constexpr char kTqObjectOverrideDecls[] =
     R"(  std::vector<std::unique_ptr<ObjectProperty>> GetProperties(
@@ -80,7 +80,7 @@ class ValueTypeFieldsRange {
   ValueTypeFieldIterator begin() { return {type_, 0}; }
   ValueTypeFieldIterator end() {
     size_t index = 0;
-    base::Optional<const StructType*> struct_type = type_->StructSupertype();
+    std::optional<const StructType*> struct_type = type_->StructSupertype();
     if (struct_type && *struct_type != TypeOracle::GetFloat64OrHoleType()) {
       index = (*struct_type)->fields().size();
     }
@@ -141,7 +141,7 @@ class DebugFieldType {
       return "";
     }
     if (IsTagged()) {
-      base::Optional<const ClassType*> field_class_type =
+      std::optional<const ClassType*> field_class_type =
           name_and_type_.type->ClassSupertype();
       std::string result =
           "v8::internal::" +
@@ -532,7 +532,12 @@ void ImplementationVisitor::GenerateClassDebugReaders(
     IncludeGuardScope include_guard(h_contents, file_name + ".h");
 
     h_contents << "#include <cstdint>\n";
-    h_contents << "#include <vector>\n";
+    h_contents << "#include <vector>\n\n";
+
+    for (const std::string& include_path : GlobalContext::CppIncludes()) {
+      h_contents << "#include " << StringLiteralQuote(include_path) << "\n";
+    }
+
     h_contents
         << "\n#include \"tools/debug_helper/debug-helper-internal.h\"\n\n";
 
@@ -572,6 +577,4 @@ void ImplementationVisitor::GenerateClassDebugReaders(
   WriteFile(output_directory + "/" + file_name + ".cc", cc_contents.str());
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/constants.h b/deps/v8/src/torque/constants.h
index 4073a0531b9d9d..1ff8734398b7e5 100644
--- a/deps/v8/src/torque/constants.h
+++ b/deps/v8/src/torque/constants.h
@@ -43,7 +43,7 @@ static const char* const UNINITIALIZED_HEAP_OBJECT_TYPE_STRING =
 static const char* const RAWPTR_TYPE_STRING = "RawPtr";
 static const char* const EXTERNALPTR_TYPE_STRING = "ExternalPointer";
 static const char* const CPPHEAPPTR_TYPE_STRING = "CppHeapPointer";
-static const char* const INDIRECTPTR_TYPE_STRING = "IndirectPointer";
+static const char* const TRUSTEDPTR_TYPE_STRING = "TrustedPointer";
 static const char* const PROTECTEDPTR_TYPE_STRING = "ProtectedPointer";
 static const char* const CONST_STRING_TYPE_STRING = "constexpr string";
 static const char* const STRING_TYPE_STRING = "String";
diff --git a/deps/v8/src/torque/csa-generator.cc b/deps/v8/src/torque/csa-generator.cc
index ec9eaccf79e291..cca54297017370 100644
--- a/deps/v8/src/torque/csa-generator.cc
+++ b/deps/v8/src/torque/csa-generator.cc
@@ -4,17 +4,17 @@
 
 #include "src/torque/csa-generator.h"
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/torque/global-context.h"
 #include "src/torque/type-oracle.h"
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
-base::Optional<Stack<std::string>> CSAGenerator::EmitGraph(
+std::optional<Stack<std::string>> CSAGenerator::EmitGraph(
     Stack<std::string> parameters) {
   for (BottomOffset i = {0}; i < parameters.AboveTop(); ++i) {
     SetDefinitionVariable(DefinitionLocation::Parameter(i.offset),
@@ -63,7 +63,7 @@ base::Optional<Stack<std::string>> CSAGenerator::EmitGraph(
     out() << "\n";
     return EmitBlock(*cfg_.end());
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 Stack<std::string> CSAGenerator::EmitBlock(const Block* block) {
@@ -643,7 +643,7 @@ void CSAGenerator::EmitInstruction(
 }
 
 std::string CSAGenerator::PreCallableExceptionPreparation(
-    base::Optional<Block*> catch_block) {
+    std::optional<Block*> catch_block) {
   std::string catch_name;
   if (catch_block) {
     catch_name = FreshCatchName();
@@ -657,8 +657,8 @@ std::string CSAGenerator::PreCallableExceptionPreparation(
 
 void CSAGenerator::PostCallableExceptionPreparation(
     const std::string& catch_name, const Type* return_type,
-    base::Optional<Block*> catch_block, Stack<std::string>* stack,
-    const base::Optional<DefinitionLocation>& exception_object_definition) {
+    std::optional<Block*> catch_block, Stack<std::string>* stack,
+    const std::optional<DefinitionLocation>& exception_object_definition) {
   if (catch_block) {
     DCHECK(exception_object_definition);
     std::string block_name = BlockName(*catch_block);
@@ -1060,6 +1060,4 @@ void CSAGenerator::EmitCSAValue(VisitResult result,
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/csa-generator.h b/deps/v8/src/torque/csa-generator.h
index c2400609d4edd6..0c6ee90638ca32 100644
--- a/deps/v8/src/torque/csa-generator.h
+++ b/deps/v8/src/torque/csa-generator.h
@@ -5,18 +5,18 @@
 #ifndef V8_TORQUE_CSA_GENERATOR_H_
 #define V8_TORQUE_CSA_GENERATOR_H_
 
+#include <optional>
+
 #include "src/torque/torque-code-generator.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class CSAGenerator : public TorqueCodeGenerator {
  public:
   CSAGenerator(const ControlFlowGraph& cfg, std::ostream& out,
-               base::Optional<Builtin::Kind> linkage = base::nullopt)
+               std::optional<Builtin::Kind> linkage = std::nullopt)
       : TorqueCodeGenerator(cfg, out), linkage_(linkage) {}
-  base::Optional<Stack<std::string>> EmitGraph(Stack<std::string> parameters);
+  std::optional<Stack<std::string>> EmitGraph(Stack<std::string> parameters);
 
   static constexpr const char* ARGUMENTS_VARIABLE_STRING = "arguments";
 
@@ -24,17 +24,17 @@ class CSAGenerator : public TorqueCodeGenerator {
                            std::ostream& out);
 
  private:
-  base::Optional<Builtin::Kind> linkage_;
+  std::optional<Builtin::Kind> linkage_;
 
   void EmitSourcePosition(SourcePosition pos,
                           bool always_emit = false) override;
 
   std::string PreCallableExceptionPreparation(
-      base::Optional<Block*> catch_block);
+      std::optional<Block*> catch_block);
   void PostCallableExceptionPreparation(
       const std::string& catch_name, const Type* return_type,
-      base::Optional<Block*> catch_block, Stack<std::string>* stack,
-      const base::Optional<DefinitionLocation>& exception_object_definition);
+      std::optional<Block*> catch_block, Stack<std::string>* stack,
+      const std::optional<DefinitionLocation>& exception_object_definition);
 
   std::vector<std::string> ProcessArgumentsCommon(
       const TypeVector& parameter_types,
@@ -48,8 +48,6 @@ class CSAGenerator : public TorqueCodeGenerator {
 #undef EMIT_INSTRUCTION_DECLARATION
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_CSA_GENERATOR_H_
diff --git a/deps/v8/src/torque/declarable.cc b/deps/v8/src/torque/declarable.cc
index a176a23ac249aa..c779e9f77155e8 100644
--- a/deps/v8/src/torque/declarable.cc
+++ b/deps/v8/src/torque/declarable.cc
@@ -6,15 +6,14 @@
 
 #include <fstream>
 #include <iostream>
+#include <optional>
 
 #include "src/torque/ast.h"
 #include "src/torque/global-context.h"
 #include "src/torque/type-inference.h"
 #include "src/torque/type-visitor.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 QualifiedName QualifiedName::Parse(std::string qualified_name) {
   std::vector<std::string> qualifications;
@@ -104,7 +103,7 @@ std::vector<Declarable*> Scope::Lookup(const QualifiedName& name) {
   return result;
 }
 
-base::Optional<std::string> TypeConstraint::IsViolated(const Type* type) const {
+std::optional<std::string> TypeConstraint::IsViolated(const Type* type) const {
   if (upper_bound && !type->IsSubtypeOf(*upper_bound)) {
     if (type->IsTopType()) {
       return TopType::cast(type)->reason();
@@ -113,10 +112,10 @@ base::Optional<std::string> TypeConstraint::IsViolated(const Type* type) const {
           ToString("expected ", *type, " to be a subtype of ", **upper_bound)};
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<std::string> FindConstraintViolation(
+std::optional<std::string> FindConstraintViolation(
     const std::vector<const Type*>& types,
     const std::vector<TypeConstraint>& constraints) {
   DCHECK_EQ(constraints.size(), types.size());
@@ -125,7 +124,7 @@ base::Optional<std::string> FindConstraintViolation(
       return {"Could not instantiate generic, " + *violation + "."};
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 std::vector<TypeConstraint> ComputeConstraints(
@@ -145,7 +144,7 @@ std::vector<TypeConstraint> ComputeConstraints(
 
 TypeArgumentInference GenericCallable::InferSpecializationTypes(
     const TypeVector& explicit_specialization_types,
-    const std::vector<base::Optional<const Type*>>& arguments) {
+    const std::vector<std::optional<const Type*>>& arguments) {
   const std::vector<TypeExpression*>& parameters =
       declaration()->parameters.types;
   CurrentScope::Scope generic_scope(ParentScope());
@@ -161,14 +160,14 @@ TypeArgumentInference GenericCallable::InferSpecializationTypes(
   return inference;
 }
 
-base::Optional<Statement*> GenericCallable::CallableBody() {
+std::optional<Statement*> GenericCallable::CallableBody() {
   if (auto* macro_decl = TorqueMacroDeclaration::DynamicCast(declaration())) {
     return macro_decl->body;
   } else if (auto* builtin_decl =
                  TorqueBuiltinDeclaration::DynamicCast(declaration())) {
     return builtin_decl->body;
   } else {
-    return base::nullopt;
+    return std::nullopt;
   }
 }
 
@@ -194,6 +193,4 @@ const Type* TypeAlias::Resolve() const {
   return *type_;
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/declarable.h b/deps/v8/src/torque/declarable.h
index 60110fec595943..2a86fa016ac2a9 100644
--- a/deps/v8/src/torque/declarable.h
+++ b/deps/v8/src/torque/declarable.h
@@ -6,6 +6,7 @@
 #define V8_TORQUE_DECLARABLE_H_
 
 #include <cassert>
+#include <optional>
 #include <string>
 #include <unordered_map>
 
@@ -15,9 +16,7 @@
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class Scope;
 class Namespace;
@@ -258,7 +257,7 @@ class Value : public Declarable {
  private:
   const Type* type_;
   Identifier* name_;
-  base::Optional<VisitResult> value_;
+  std::optional<VisitResult> value_;
 };
 
 class NamespaceConstant : public Value {
@@ -314,7 +313,7 @@ class Callable : public Scope {
   }
   void IncrementReturns() { ++returns_; }
   bool HasReturns() const { return returns_; }
-  base::Optional<Statement*> body() const { return body_; }
+  std::optional<Statement*> body() const { return body_; }
   bool IsExternal() const { return !body_.has_value(); }
   virtual bool ShouldBeInlined(OutputType output_type) const {
     // C++ output doesn't support exiting to labels, so functions with labels in
@@ -352,7 +351,7 @@ class Callable : public Scope {
  protected:
   Callable(Declarable::Kind kind, std::string external_name,
            std::string readable_name, Signature signature,
-           base::Optional<Statement*> body)
+           std::optional<Statement*> body)
       : Scope(kind),
         external_name_(std::move(external_name)),
 
@@ -368,7 +367,7 @@ class Callable : public Scope {
   std::string readable_name_;
   Signature signature_;
   size_t returns_;
-  base::Optional<Statement*> body_;
+  std::optional<Statement*> body_;
 };
 
 class Macro : public Callable {
@@ -392,7 +391,7 @@ class Macro : public Callable {
  protected:
   Macro(Declarable::Kind kind, std::string external_name,
         std::string readable_name, const Signature& signature,
-        base::Optional<Statement*> body)
+        std::optional<Statement*> body)
       : Callable(kind, std::move(external_name), std::move(readable_name),
                  signature, body),
         used_(false) {
@@ -428,7 +427,7 @@ class ExternMacro : public Macro {
   ExternMacro(const std::string& name, std::string external_assembler_name,
               Signature signature)
       : Macro(Declarable::kExternMacro, name, name, std::move(signature),
-              base::nullopt),
+              std::nullopt),
         external_assembler_name_(std::move(external_assembler_name)) {}
 
   std::string external_assembler_name_;
@@ -454,7 +453,7 @@ class TorqueMacro : public Macro {
  protected:
   TorqueMacro(Declarable::Kind kind, std::string external_name,
               std::string readable_name, const Signature& signature,
-              base::Optional<Statement*> body, bool is_user_defined,
+              std::optional<Statement*> body, bool is_user_defined,
               bool exported_to_csa)
       : Macro(kind, std::move(external_name), std::move(readable_name),
               signature, body),
@@ -465,7 +464,7 @@ class TorqueMacro : public Macro {
  private:
   friend class Declarations;
   TorqueMacro(std::string external_name, std::string readable_name,
-              const Signature& signature, base::Optional<Statement*> body,
+              const Signature& signature, std::optional<Statement*> body,
               bool is_user_defined, bool exported_to_csa)
       : TorqueMacro(Declarable::kTorqueMacro, std::move(external_name),
                     std::move(readable_name), signature, body, is_user_defined,
@@ -514,7 +513,7 @@ class Builtin : public Callable {
   friend class Declarations;
   Builtin(std::string external_name, std::string readable_name,
           Builtin::Kind kind, Flags flags, const Signature& signature,
-          base::Optional<Statement*> body)
+          std::optional<Statement*> body)
       : Callable(Declarable::kBuiltin, std::move(external_name),
                  std::move(readable_name), signature, body),
         kind_(kind),
@@ -532,7 +531,7 @@ class RuntimeFunction : public Callable {
   friend class Declarations;
   RuntimeFunction(const std::string& name, const Signature& signature)
       : Callable(Declarable::kRuntimeFunction, name, name, signature,
-                 base::nullopt) {}
+                 std::nullopt) {}
 };
 
 class Intrinsic : public Callable {
@@ -542,7 +541,7 @@ class Intrinsic : public Callable {
  private:
   friend class Declarations;
   Intrinsic(std::string name, const Signature& signature)
-      : Callable(Declarable::kIntrinsic, name, name, signature, base::nullopt) {
+      : Callable(Declarable::kIntrinsic, name, name, signature, std::nullopt) {
     if (signature.parameter_types.var_args) {
       ReportError("Varargs are not supported for intrinsics.");
     }
@@ -551,7 +550,7 @@ class Intrinsic : public Callable {
 
 class TypeConstraint {
  public:
-  base::Optional<std::string> IsViolated(const Type*) const;
+  std::optional<std::string> IsViolated(const Type*) const;
 
   static TypeConstraint Unconstrained() { return {}; }
   static TypeConstraint SubtypeConstraint(const Type* upper_bound) {
@@ -561,10 +560,10 @@ class TypeConstraint {
   }
 
  private:
-  base::Optional<const Type*> upper_bound;
+  std::optional<const Type*> upper_bound;
 };
 
-base::Optional<std::string> FindConstraintViolation(
+std::optional<std::string> FindConstraintViolation(
     const std::vector<const Type*>& types,
     const std::vector<TypeConstraint>& constraints);
 
@@ -587,11 +586,11 @@ class GenericDeclarable : public Declarable {
     }
     specializations_[type_arguments] = specialization;
   }
-  base::Optional<SpecializationType> GetSpecialization(
+  std::optional<SpecializationType> GetSpecialization(
       const TypeVector& type_arguments) const {
     auto it = specializations_.find(type_arguments);
     if (it != specializations_.end()) return it->second;
-    return base::nullopt;
+    return std::nullopt;
   }
 
   using iterator = typename Map::const_iterator;
@@ -623,7 +622,7 @@ class GenericDeclarable : public Declarable {
   std::string name_;
   DeclarationType generic_declaration_;
   Map specializations_;
-  base::Optional<std::vector<TypeConstraint>> constraints_;
+  std::optional<std::vector<TypeConstraint>> constraints_;
 };
 
 class GenericCallable
@@ -631,11 +630,11 @@ class GenericCallable
  public:
   DECLARE_DECLARABLE_BOILERPLATE(GenericCallable, generic_callable)
 
-  base::Optional<Statement*> CallableBody();
+  std::optional<Statement*> CallableBody();
 
   TypeArgumentInference InferSpecializationTypes(
       const TypeVector& explicit_specialization_types,
-      const std::vector<base::Optional<const Type*>>& arguments);
+      const std::vector<std::optional<const Type*>>& arguments);
 
  private:
   friend class Declarations;
@@ -692,8 +691,8 @@ class TypeAlias : public Declarable {
         declaration_position_(declaration_position) {}
 
   mutable bool being_resolved_ = false;
-  mutable base::Optional<TypeDeclaration*> delayed_;
-  mutable base::Optional<const Type*> type_;
+  mutable std::optional<TypeDeclaration*> delayed_;
+  mutable std::optional<const Type*> type_;
   bool redeclaration_;
   const SourcePosition declaration_position_;
 };
@@ -705,8 +704,6 @@ std::ostream& operator<<(std::ostream& os, const GenericCallable& g);
 
 #undef DECLARE_DECLARABLE_BOILERPLATE
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_DECLARABLE_H_
diff --git a/deps/v8/src/torque/declaration-visitor.cc b/deps/v8/src/torque/declaration-visitor.cc
index 5109a699d8ceee..62e228e2fc53f2 100644
--- a/deps/v8/src/torque/declaration-visitor.cc
+++ b/deps/v8/src/torque/declaration-visitor.cc
@@ -4,15 +4,15 @@
 
 #include "src/torque/declaration-visitor.h"
 
+#include <optional>
+
 #include "src/torque/ast.h"
 #include "src/torque/kythe-data.h"
 #include "src/torque/server-data.h"
 #include "src/torque/type-inference.h"
 #include "src/torque/type-visitor.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 Namespace* GetOrCreateNamespace(const std::string& name) {
   std::vector<Namespace*> existing_namespaces = FilterDeclarables<Namespace>(
@@ -62,7 +62,7 @@ Builtin* DeclarationVisitor::CreateBuiltin(BuiltinDeclaration* decl,
                                            std::string external_name,
                                            std::string readable_name,
                                            Signature signature,
-                                           base::Optional<Statement*> body) {
+                                           std::optional<Statement*> body) {
   const bool javascript = decl->javascript_linkage;
   const bool varargs = decl->parameters.has_varargs;
   Builtin::Kind kind = !javascript ? Builtin::kStub
@@ -143,7 +143,7 @@ Builtin* DeclarationVisitor::CreateBuiltin(BuiltinDeclaration* decl,
 void DeclarationVisitor::Visit(ExternalBuiltinDeclaration* decl) {
   Builtin* builtin =
       CreateBuiltin(decl, decl->name->value, decl->name->value,
-                    TypeVisitor::MakeSignature(decl), base::nullopt);
+                    TypeVisitor::MakeSignature(decl), std::nullopt);
   builtin->SetIdentifierPosition(decl->name->pos);
   Declarations::Declare(decl->name->value, builtin);
 }
@@ -191,7 +191,7 @@ void DeclarationVisitor::Visit(ExternalRuntimeDeclaration* decl) {
 void DeclarationVisitor::Visit(ExternalMacroDeclaration* decl) {
   Macro* macro = Declarations::DeclareMacro(
       decl->name->value, true, decl->external_assembler_name,
-      TypeVisitor::MakeSignature(decl), base::nullopt, decl->op);
+      TypeVisitor::MakeSignature(decl), std::nullopt, decl->op);
   macro->SetIdentifierPosition(decl->name->pos);
   macro->SetPosition(decl->pos);
   if (GlobalContext::collect_kythe_data()) {
@@ -209,7 +209,7 @@ void DeclarationVisitor::Visit(TorqueBuiltinDeclaration* decl) {
 
 void DeclarationVisitor::Visit(TorqueMacroDeclaration* decl) {
   Macro* macro = Declarations::DeclareMacro(
-      decl->name->value, decl->export_to_csa, base::nullopt,
+      decl->name->value, decl->export_to_csa, std::nullopt,
       TypeVisitor::MakeSignature(decl), decl->body, decl->op);
   macro->SetIdentifierPosition(decl->name->pos);
   macro->SetPosition(decl->pos);
@@ -348,7 +348,7 @@ Signature DeclarationVisitor::MakeSpecializedSignature(
 
 Callable* DeclarationVisitor::SpecializeImplicit(
     const SpecializationKey<GenericCallable>& key) {
-  base::Optional<Statement*> body = key.generic->CallableBody();
+  std::optional<Statement*> body = key.generic->CallableBody();
   if (!body && IntrinsicDeclaration::DynamicCast(key.generic->declaration()) ==
                    nullptr) {
     ReportError("missing specialization of ", key.generic->name(),
@@ -358,7 +358,7 @@ Callable* DeclarationVisitor::SpecializeImplicit(
   SpecializationRequester requester{CurrentSourcePosition::Get(),
                                     CurrentScope::Get(), ""};
   CurrentScope::Scope generic_scope(key.generic->ParentScope());
-  Callable* result = Specialize(key, key.generic->declaration(), base::nullopt,
+  Callable* result = Specialize(key, key.generic->declaration(), std::nullopt,
                                 body, CurrentSourcePosition::Get());
   result->SetIsUserDefined(false);
   requester.name = result->ReadableName();
@@ -371,8 +371,8 @@ Callable* DeclarationVisitor::SpecializeImplicit(
 Callable* DeclarationVisitor::Specialize(
     const SpecializationKey<GenericCallable>& key,
     CallableDeclaration* declaration,
-    base::Optional<const SpecializationDeclaration*> explicit_specialization,
-    base::Optional<Statement*> body, SourcePosition position) {
+    std::optional<const SpecializationDeclaration*> explicit_specialization,
+    std::optional<Statement*> body, SourcePosition position) {
   CurrentSourcePosition::Scope pos_scope(position);
   size_t generic_parameter_count = key.generic->generic_parameters().size();
   if (generic_parameter_count != key.specialized_types.size()) {
@@ -435,6 +435,4 @@ void PredeclarationVisitor::ResolvePredeclarations() {
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/declaration-visitor.h b/deps/v8/src/torque/declaration-visitor.h
index b03d49fb34d60f..0b9efc149eb781 100644
--- a/deps/v8/src/torque/declaration-visitor.h
+++ b/deps/v8/src/torque/declaration-visitor.h
@@ -5,6 +5,7 @@
 #ifndef V8_TORQUE_DECLARATION_VISITOR_H_
 #define V8_TORQUE_DECLARATION_VISITOR_H_
 
+#include <optional>
 #include <string>
 
 #include "src/base/macros.h"
@@ -14,9 +15,7 @@
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 Namespace* GetOrCreateNamespace(const std::string& name);
 
@@ -86,7 +85,7 @@ class DeclarationVisitor {
   static Builtin* CreateBuiltin(BuiltinDeclaration* decl,
                                 std::string external_name,
                                 std::string readable_name, Signature signature,
-                                base::Optional<Statement*> body);
+                                std::optional<Statement*> body);
 
   static void Visit(ExternalBuiltinDeclaration* decl);
   static void Visit(ExternalRuntimeDeclaration* decl);
@@ -113,16 +112,14 @@ class DeclarationVisitor {
   static Callable* Specialize(
       const SpecializationKey<GenericCallable>& key,
       CallableDeclaration* declaration,
-      base::Optional<const SpecializationDeclaration*> explicit_specialization,
-      base::Optional<Statement*> body, SourcePosition position);
+      std::optional<const SpecializationDeclaration*> explicit_specialization,
+      std::optional<Statement*> body, SourcePosition position);
 
  private:
   static void DeclareSpecializedTypes(
       const SpecializationKey<GenericCallable>& key);
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_DECLARATION_VISITOR_H_
diff --git a/deps/v8/src/torque/declarations.cc b/deps/v8/src/torque/declarations.cc
index c4414af8a2c6ee..a4df54484b9f72 100644
--- a/deps/v8/src/torque/declarations.cc
+++ b/deps/v8/src/torque/declarations.cc
@@ -3,14 +3,15 @@
 // found in the LICENSE file.
 
 #include "src/torque/declarations.h"
+
+#include <optional>
+
 #include "src/torque/declarable.h"
 #include "src/torque/global-context.h"
 #include "src/torque/server-data.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 namespace {
 
 template <class T>
@@ -76,10 +77,10 @@ const Type* Declarations::LookupType(const Identifier* name) {
   return alias->type();
 }
 
-base::Optional<const Type*> Declarations::TryLookupType(
+std::optional<const Type*> Declarations::TryLookupType(
     const QualifiedName& name) {
   auto decls = FilterDeclarables<TypeAlias>(TryLookup(name));
-  if (decls.empty()) return base::nullopt;
+  if (decls.empty()) return std::nullopt;
   return EnsureUnique(std::move(decls), name, "type")->type();
 }
 
@@ -120,10 +121,10 @@ Macro* Declarations::TryLookupMacro(const std::string& name,
   return nullptr;
 }
 
-base::Optional<Builtin*> Declarations::TryLookupBuiltin(
+std::optional<Builtin*> Declarations::TryLookupBuiltin(
     const QualifiedName& name) {
   std::vector<Builtin*> builtins = TryLookup<Builtin>(name);
-  if (builtins.empty()) return base::nullopt;
+  if (builtins.empty()) return std::nullopt;
   return EnsureUnique(builtins, name.name, "builtin");
 }
 
@@ -151,10 +152,10 @@ GenericType* Declarations::LookupGlobalUniqueGenericType(
       name, "generic type");
 }
 
-base::Optional<GenericType*> Declarations::TryLookupGenericType(
+std::optional<GenericType*> Declarations::TryLookupGenericType(
     const QualifiedName& name) {
   std::vector<GenericType*> results = TryLookup<GenericType>(name);
-  if (results.empty()) return base::nullopt;
+  if (results.empty()) return std::nullopt;
   return EnsureUnique(results, name.name, "generic type");
 }
 
@@ -177,12 +178,9 @@ TypeAlias* Declarations::PredeclareTypeAlias(const Identifier* name,
   return Declare(name->value, std::move(alias_ptr));
 }
 
-TorqueMacro* Declarations::CreateTorqueMacro(std::string external_name,
-                                             std::string readable_name,
-                                             bool exported_to_csa,
-                                             Signature signature,
-                                             base::Optional<Statement*> body,
-                                             bool is_user_defined) {
+TorqueMacro* Declarations::CreateTorqueMacro(
+    std::string external_name, std::string readable_name, bool exported_to_csa,
+    Signature signature, std::optional<Statement*> body, bool is_user_defined) {
   external_name = GlobalContext::MakeUniqueName(external_name);
   return RegisterDeclarable(std::unique_ptr<TorqueMacro>(new TorqueMacro(
       std::move(external_name), std::move(readable_name), std::move(signature),
@@ -199,9 +197,9 @@ ExternMacro* Declarations::CreateExternMacro(
 
 Macro* Declarations::DeclareMacro(
     const std::string& name, bool accessible_from_csa,
-    base::Optional<std::string> external_assembler_name,
-    const Signature& signature, base::Optional<Statement*> body,
-    base::Optional<std::string> op, bool is_user_defined) {
+    std::optional<std::string> external_assembler_name,
+    const Signature& signature, std::optional<Statement*> body,
+    std::optional<std::string> op, bool is_user_defined) {
   if (Macro* existing_macro =
           TryLookupMacro(name, signature.GetExplicitTypes())) {
     if (existing_macro->ParentScope() == CurrentScope::Get()) {
@@ -258,7 +256,7 @@ Builtin* Declarations::CreateBuiltin(std::string external_name,
                                      std::string readable_name,
                                      Builtin::Kind kind, Builtin::Flags flags,
                                      Signature signature,
-                                     base::Optional<Statement*> body) {
+                                     std::optional<Statement*> body) {
   return RegisterDeclarable(std::unique_ptr<Builtin>(
       new Builtin(std::move(external_name), std::move(readable_name), kind,
                   flags, std::move(signature), body)));
@@ -267,7 +265,7 @@ Builtin* Declarations::CreateBuiltin(std::string external_name,
 Builtin* Declarations::DeclareBuiltin(const std::string& name,
                                       Builtin::Kind kind, Builtin::Flags flags,
                                       const Signature& signature,
-                                      base::Optional<Statement*> body) {
+                                      std::optional<Statement*> body) {
   CheckAlreadyDeclared<Builtin>(name, "builtin");
   return Declare(name, CreateBuiltin(name, name, kind, flags, signature, body));
 }
@@ -325,6 +323,4 @@ Macro* Declarations::DeclareOperator(const std::string& name, Macro* m) {
   return m;
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/declarations.h b/deps/v8/src/torque/declarations.h
index 4aa71e113baaef..ed5ef0292e31d7 100644
--- a/deps/v8/src/torque/declarations.h
+++ b/deps/v8/src/torque/declarations.h
@@ -6,14 +6,13 @@
 #define V8_TORQUE_DECLARATIONS_H_
 
 #include <memory>
+#include <optional>
 #include <string>
 
 #include "src/torque/declarable.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 static constexpr const char* const kFromConstexprMacroName = "FromConstexpr";
 static constexpr const char* kMacroEndLabelName = "__macro_end";
@@ -70,7 +69,7 @@ class Declarations {
   static const TypeAlias* LookupTypeAlias(const QualifiedName& name);
   static const Type* LookupType(const QualifiedName& name);
   static const Type* LookupType(const Identifier* identifier);
-  static base::Optional<const Type*> TryLookupType(const QualifiedName& name);
+  static std::optional<const Type*> TryLookupType(const QualifiedName& name);
   static const Type* LookupGlobalType(const QualifiedName& name);
 
   static Builtin* FindSomeInternalBuiltinWithType(
@@ -80,14 +79,14 @@ class Declarations {
 
   static Macro* TryLookupMacro(const std::string& name,
                                const TypeVector& types);
-  static base::Optional<Builtin*> TryLookupBuiltin(const QualifiedName& name);
+  static std::optional<Builtin*> TryLookupBuiltin(const QualifiedName& name);
 
   static std::vector<GenericCallable*> LookupGeneric(const std::string& name);
   static GenericCallable* LookupUniqueGeneric(const QualifiedName& name);
 
   static GenericType* LookupUniqueGenericType(const QualifiedName& name);
   static GenericType* LookupGlobalUniqueGenericType(const std::string& name);
-  static base::Optional<GenericType*> TryLookupGenericType(
+  static std::optional<GenericType*> TryLookupGenericType(
       const QualifiedName& name);
 
   static Namespace* DeclareNamespace(const std::string& name);
@@ -100,16 +99,17 @@ class Declarations {
                                         std::string readable_name,
                                         bool exported_to_csa,
                                         Signature signature,
-                                        base::Optional<Statement*> body,
+                                        std::optional<Statement*> body,
                                         bool is_user_defined);
   static ExternMacro* CreateExternMacro(std::string name,
                                         std::string external_assembler_name,
                                         Signature signature);
-  static Macro* DeclareMacro(
-      const std::string& name, bool accessible_from_csa,
-      base::Optional<std::string> external_assembler_name,
-      const Signature& signature, base::Optional<Statement*> body,
-      base::Optional<std::string> op = {}, bool is_user_defined = true);
+  static Macro* DeclareMacro(const std::string& name, bool accessible_from_csa,
+                             std::optional<std::string> external_assembler_name,
+                             const Signature& signature,
+                             std::optional<Statement*> body,
+                             std::optional<std::string> op = {},
+                             bool is_user_defined = true);
 
   static Method* CreateMethod(AggregateType* class_type,
                               const std::string& name, Signature signature,
@@ -124,11 +124,11 @@ class Declarations {
   static Builtin* CreateBuiltin(std::string external_name,
                                 std::string readable_name, Builtin::Kind kind,
                                 Builtin::Flags flags, Signature signature,
-                                base::Optional<Statement*> body);
+                                std::optional<Statement*> body);
   static Builtin* DeclareBuiltin(const std::string& name, Builtin::Kind kind,
                                  Builtin::Flags flags,
                                  const Signature& signature,
-                                 base::Optional<Statement*> body);
+                                 std::optional<Statement*> body);
 
   static RuntimeFunction* DeclareRuntimeFunction(const std::string& name,
                                                  const Signature& signature);
@@ -161,8 +161,6 @@ class Declarations {
       const std::string& name, const TypeVector& specialized_types);
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_DECLARATIONS_H_
diff --git a/deps/v8/src/torque/earley-parser.cc b/deps/v8/src/torque/earley-parser.cc
index adb7e771532fa5..fce9bf9d6562ce 100644
--- a/deps/v8/src/torque/earley-parser.cc
+++ b/deps/v8/src/torque/earley-parser.cc
@@ -2,18 +2,18 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "src/torque/earley-parser.h"
+
 #include <algorithm>
+#include <optional>
 #include <set>
 #include <unordered_map>
 #include <unordered_set>
 
 #include "src/torque/ast.h"
-#include "src/torque/earley-parser.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 namespace {
 
@@ -42,12 +42,12 @@ struct LineAndColumnTracker {
 
 }  // namespace
 
-base::Optional<ParseResult> Rule::RunAction(const Item* completed_item,
-                                            const LexerResult& tokens) const {
+std::optional<ParseResult> Rule::RunAction(const Item* completed_item,
+                                           const LexerResult& tokens) const {
   std::vector<ParseResult> results;
   for (const Item* child : completed_item->Children()) {
     if (!child) continue;
-    base::Optional<ParseResult> child_result =
+    std::optional<ParseResult> child_result =
         child->left()->RunAction(child, tokens);
     if (child_result) results.push_back(std::move(*child_result));
   }
@@ -316,6 +316,4 @@ bool Grammar::MatchAnyChar(InputPosition* pos) {
   return MatchChar([](char c) { return true; }, pos);
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/earley-parser.h b/deps/v8/src/torque/earley-parser.h
index 1a89115e56f8ca..0c0dc3d24920a0 100644
--- a/deps/v8/src/torque/earley-parser.h
+++ b/deps/v8/src/torque/earley-parser.h
@@ -7,16 +7,14 @@
 
 #include <map>
 #include <memory>
+#include <optional>
 #include <vector>
 
 #include "src/base/contextual.h"
-#include "src/base/optional.h"
 #include "src/torque/source-positions.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class Symbol;
 class Item;
@@ -193,17 +191,17 @@ struct LexerResult {
 };
 
 using Action =
-    base::Optional<ParseResult> (*)(ParseResultIterator* child_results);
+    std::optional<ParseResult> (*)(ParseResultIterator* child_results);
 
-inline base::Optional<ParseResult> DefaultAction(
+inline std::optional<ParseResult> DefaultAction(
     ParseResultIterator* child_results) {
-  if (!child_results->HasNext()) return base::nullopt;
+  if (!child_results->HasNext()) return std::nullopt;
   return child_results->Next();
 }
 
 template <class T, Action action>
 inline Action AsSingletonVector() {
-  return [](ParseResultIterator* child_results) -> base::Optional<ParseResult> {
+  return [](ParseResultIterator* child_results) -> std::optional<ParseResult> {
     auto result = action(child_results);
     if (!result) return result;
     return ParseResult{std::vector<T>{(*result).Cast<T>()}};
@@ -229,7 +227,7 @@ class Rule final {
     left_hand_side_ = left_hand_side;
   }
 
-  V8_EXPORT_PRIVATE base::Optional<ParseResult> RunAction(
+  V8_EXPORT_PRIVATE std::optional<ParseResult> RunAction(
       const Item* completed_item, const LexerResult& tokens) const;
 
  private:
@@ -265,7 +263,7 @@ class Symbol {
     rules_.back()->SetLeftHandSide(this);
   }
 
-  V8_EXPORT_PRIVATE base::Optional<ParseResult> RunAction(
+  V8_EXPORT_PRIVATE std::optional<ParseResult> RunAction(
       const Item* item, const LexerResult& tokens);
 
  private:
@@ -361,8 +359,8 @@ class Item {
   const Item* child_ = nullptr;
 };
 
-inline base::Optional<ParseResult> Symbol::RunAction(
-    const Item* item, const LexerResult& tokens) {
+inline std::optional<ParseResult> Symbol::RunAction(const Item* item,
+                                                    const LexerResult& tokens) {
   DCHECK(item->IsComplete());
   DCHECK_EQ(item->left(), this);
   return item->rule()->RunAction(item, tokens);
@@ -372,8 +370,8 @@ V8_EXPORT_PRIVATE const Item* RunEarleyAlgorithm(
     Symbol* start, const LexerResult& tokens,
     std::unordered_set<Item, base::hash<Item>>* processed);
 
-inline base::Optional<ParseResult> ParseTokens(Symbol* start,
-                                               const LexerResult& tokens) {
+inline std::optional<ParseResult> ParseTokens(Symbol* start,
+                                              const LexerResult& tokens) {
   std::unordered_set<Item, base::hash<Item>> table;
   const Item* final_item = RunEarleyAlgorithm(start, tokens, &table);
   return start->RunAction(final_item, tokens);
@@ -421,7 +419,7 @@ class Grammar {
 
   explicit Grammar(Symbol* start) : start_(start) {}
 
-  base::Optional<ParseResult> Parse(const std::string& input) {
+  std::optional<ParseResult> Parse(const std::string& input) {
     LexerResult tokens = lexer().RunLexer(input);
     return ParseTokens(start_, tokens);
   }
@@ -451,7 +449,7 @@ class Grammar {
 
   // The action MatchInput() produces the input matched by the rule as
   // result.
-  static base::Optional<ParseResult> YieldMatchedInput(
+  static std::optional<ParseResult> YieldMatchedInput(
       ParseResultIterator* child_results) {
     return ParseResult{child_results->matched_input().ToString()};
   }
@@ -463,19 +461,19 @@ class Grammar {
   }
 
   template <class T, T value>
-  static base::Optional<ParseResult> YieldIntegralConstant(
+  static std::optional<ParseResult> YieldIntegralConstant(
       ParseResultIterator* child_results) {
     return ParseResult{value};
   }
 
   template <class T>
-  static base::Optional<ParseResult> YieldDefaultValue(
+  static std::optional<ParseResult> YieldDefaultValue(
       ParseResultIterator* child_results) {
     return ParseResult{T{}};
   }
 
   template <class From, class To>
-  static base::Optional<ParseResult> CastParseResult(
+  static std::optional<ParseResult> CastParseResult(
       ParseResultIterator* child_results) {
     To result = child_results->NextAs<From>();
     return ParseResult{std::move(result)};
@@ -490,7 +488,7 @@ class Grammar {
   }
 
   template <class T>
-  static base::Optional<ParseResult> MakeSingletonVector(
+  static std::optional<ParseResult> MakeSingletonVector(
       ParseResultIterator* child_results) {
     T x = child_results->NextAs<T>();
     std::vector<T> result;
@@ -499,7 +497,7 @@ class Grammar {
   }
 
   template <class T>
-  static base::Optional<ParseResult> MakeExtendedVector(
+  static std::optional<ParseResult> MakeExtendedVector(
       ParseResultIterator* child_results) {
     std::vector<T> l = child_results->NextAs<std::vector<T>>();
     T x = child_results->NextAs<T>();
@@ -510,8 +508,7 @@ class Grammar {
   // For example, NonemptyList(Token("A"), Token(",")) parses any of
   // A or A,A or A,A,A and so on.
   template <class T>
-  Symbol* NonemptyList(Symbol* element,
-                       base::Optional<Symbol*> separator = {}) {
+  Symbol* NonemptyList(Symbol* element, std::optional<Symbol*> separator = {}) {
     Symbol* list = NewSymbol();
     *list = {Rule({element}, MakeSingletonVector<T>),
              separator
@@ -521,13 +518,13 @@ class Grammar {
   }
 
   template <class T>
-  Symbol* List(Symbol* element, base::Optional<Symbol*> separator = {}) {
+  Symbol* List(Symbol* element, std::optional<Symbol*> separator = {}) {
     return TryOrDefault<std::vector<T>>(NonemptyList<T>(element, separator));
   }
 
   template <class T>
   Symbol* Optional(Symbol* x) {
-    return TryOrDefault<base::Optional<T>, T>(x);
+    return TryOrDefault<std::optional<T>, T>(x);
   }
 
   Symbol* CheckIf(Symbol* x) {
@@ -543,8 +540,6 @@ class Grammar {
   Symbol* start_;
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_EARLEY_PARSER_H_
diff --git a/deps/v8/src/torque/global-context.cc b/deps/v8/src/torque/global-context.cc
index 8067fd4f1077ce..d171f83fce64da 100644
--- a/deps/v8/src/torque/global-context.cc
+++ b/deps/v8/src/torque/global-context.cc
@@ -32,8 +32,7 @@ TargetArchitecture::TargetArchitecture(bool force_32bit)
                                      : kExternalPointerSlotSize),
       cppheap_ptr_size_(force_32bit ? sizeof(int32_t)
                                     : kCppHeapPointerSlotSize),
-      indirect_ptr_size_(force_32bit ? sizeof(int32_t) : kIndirectPointerSize) {
-}
+      trusted_ptr_size_(force_32bit ? sizeof(int32_t) : kTrustedPointerSize) {}
 
 }  // namespace torque
 }  // namespace internal
diff --git a/deps/v8/src/torque/global-context.h b/deps/v8/src/torque/global-context.h
index a6b3871f4e913b..db27b49d58afce 100644
--- a/deps/v8/src/torque/global-context.h
+++ b/deps/v8/src/torque/global-context.h
@@ -163,7 +163,7 @@ class TargetArchitecture : public base::ContextualClass<TargetArchitecture> {
   static size_t RawPtrSize() { return Get().raw_ptr_size_; }
   static size_t ExternalPointerSize() { return Get().external_ptr_size_; }
   static size_t CppHeapPointerSize() { return Get().cppheap_ptr_size_; }
-  static size_t IndirectPointerSize() { return Get().indirect_ptr_size_; }
+  static size_t TrustedPointerSize() { return Get().trusted_ptr_size_; }
   static size_t ProtectedPointerSize() { return TaggedSize(); }
   static size_t MaxHeapAlignment() { return TaggedSize(); }
   static bool ArePointersCompressed() { return TaggedSize() < RawPtrSize(); }
@@ -175,7 +175,7 @@ class TargetArchitecture : public base::ContextualClass<TargetArchitecture> {
   const int smi_tag_and_shift_size_;
   const size_t external_ptr_size_;
   const size_t cppheap_ptr_size_;
-  const size_t indirect_ptr_size_;
+  const size_t trusted_ptr_size_;
 };
 
 }  // namespace torque
diff --git a/deps/v8/src/torque/implementation-visitor.cc b/deps/v8/src/torque/implementation-visitor.cc
index 731a2b149f5229..fbd05706acd423 100644
--- a/deps/v8/src/torque/implementation-visitor.cc
+++ b/deps/v8/src/torque/implementation-visitor.cc
@@ -6,9 +6,9 @@
 
 #include <algorithm>
 #include <iomanip>
+#include <optional>
 #include <string>
 
-#include "src/base/optional.h"
 #include "src/common/globals.h"
 #include "src/numbers/integer-literal-inl.h"
 #include "src/torque/cc-generator.h"
@@ -27,9 +27,7 @@
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 uint64_t next_unique_binding_index = 0;
 
@@ -222,8 +220,8 @@ void ImplementationVisitor::EndDebugMacrosFile() {
 }
 
 void ImplementationVisitor::Visit(NamespaceConstant* decl) {
-  Signature signature{{}, base::nullopt, {{}, false}, 0, decl->type(),
-                      {}, false};
+  Signature signature{{},           std::nullopt, {{}, false}, 0,
+                      decl->type(), {},           false};
 
   BindingsManagersScope bindings_managers_scope;
 
@@ -246,7 +244,7 @@ void ImplementationVisitor::Visit(NamespaceConstant* decl) {
     CSAGenerator csa_generator{assembler().Result(), stream};
     Stack<std::string> values = *csa_generator.EmitGraph(Stack<std::string>{});
 
-    assembler_ = base::nullopt;
+    assembler_ = std::nullopt;
 
     stream << "  return ";
     CSAGenerator::EmitCSAValue(return_result, values, stream);
@@ -283,7 +281,7 @@ class ImplementationVisitor::MacroInliningScope {
 };
 
 VisitResult ImplementationVisitor::InlineMacro(
-    Macro* macro, base::Optional<LocationReference> this_reference,
+    Macro* macro, std::optional<LocationReference> this_reference,
     const std::vector<VisitResult>& arguments,
     const std::vector<Block*> label_blocks) {
   MacroInliningScope macro_inlining_scope(this, macro);
@@ -342,7 +340,7 @@ VisitResult ImplementationVisitor::InlineMacro(
   }
 
   Block* macro_end;
-  base::Optional<Binding<LocalLabel>> macro_end_binding;
+  std::optional<Binding<LocalLabel>> macro_end_binding;
   if (can_return) {
     Stack<const Type*> stack = assembler().CurrentStack();
     std::vector<const Type*> lowered_return_types = LowerType(return_type);
@@ -419,7 +417,7 @@ void ImplementationVisitor::VisitMacroCommon(Macro* macro) {
   // Avoid multiple-definition errors since it is possible for multiple
   // generated -inl.inc files to all contain function definitions for the same
   // Torque macro.
-  base::Optional<cpp::IncludeGuardScope> include_guard;
+  std::optional<cpp::IncludeGuardScope> include_guard;
   if (output_type_ == OutputType::kCC) {
     include_guard.emplace(&csa_cc, "V8_INTERNAL_DEFINED_"s + macro->CCName());
   } else if (output_type_ == OutputType::kCCDebug) {
@@ -444,7 +442,7 @@ void ImplementationVisitor::VisitMacroCommon(Macro* macro) {
 
   std::vector<VisitResult> arguments;
 
-  base::Optional<LocationReference> this_reference;
+  std::optional<LocationReference> this_reference;
   if (Method* method = Method::DynamicCast(macro)) {
     const Type* this_type = method->aggregate_type();
     LowerParameter(this_type, ExternalParameterName(kThisParameterName),
@@ -519,7 +517,7 @@ void ImplementationVisitor::VisitMacroCommon(Macro* macro) {
     assembler().Bind(end);
   }
 
-  base::Optional<Stack<std::string>> values;
+  std::optional<Stack<std::string>> values;
   if (output_type_ == OutputType::kCC) {
     CCGenerator cc_generator{assembler().Result(), csa_ccfile()};
     values = cc_generator.EmitGraph(lowered_parameters);
@@ -531,7 +529,7 @@ void ImplementationVisitor::VisitMacroCommon(Macro* macro) {
     values = csa_generator.EmitGraph(lowered_parameters);
   }
 
-  assembler_ = base::nullopt;
+  assembler_ = std::nullopt;
 
   if (has_return_value) {
     csa_ccfile() << "  return ";
@@ -732,7 +730,7 @@ void ImplementationVisitor::Visit(Builtin* builtin) {
   CSAGenerator csa_generator{assembler().Result(), csa_ccfile(),
                              builtin->kind()};
   csa_generator.EmitGraph(parameters);
-  assembler_ = base::nullopt;
+  assembler_ = std::nullopt;
   csa_ccfile() << "}\n\n";
 }
 
@@ -748,11 +746,11 @@ const Type* ImplementationVisitor::Visit(
     ReportError("local constant \"", stmt->name, "\" is not initialized.");
   }
 
-  base::Optional<const Type*> type;
+  std::optional<const Type*> type;
   if (stmt->type) {
     type = TypeVisitor::ComputeType(*stmt->type);
   }
-  base::Optional<VisitResult> init_result;
+  std::optional<VisitResult> init_result;
   if (stmt->initializer) {
     StackScope scope(this);
     init_result = Visit(*stmt->initializer);
@@ -1722,7 +1720,7 @@ VisitResult ImplementationVisitor::Visit(NewExpression* expr) {
 }
 
 const Type* ImplementationVisitor::Visit(BreakStatement* stmt) {
-  base::Optional<Binding<LocalLabel>*> break_label =
+  std::optional<Binding<LocalLabel>*> break_label =
       TryLookupLabel(kBreakLabelName);
   if (!break_label) {
     ReportError("break used outside of loop");
@@ -1732,7 +1730,7 @@ const Type* ImplementationVisitor::Visit(BreakStatement* stmt) {
 }
 
 const Type* ImplementationVisitor::Visit(ContinueStatement* stmt) {
-  base::Optional<Binding<LocalLabel>*> continue_label =
+  std::optional<Binding<LocalLabel>*> continue_label =
       TryLookupLabel(kContinueLabelName);
   if (!continue_label) {
     ReportError("continue used outside of loop");
@@ -1977,7 +1975,7 @@ void FailCallableLookup(
 
 Callable* GetOrCreateSpecialization(
     const SpecializationKey<GenericCallable>& key) {
-  if (base::Optional<Callable*> specialization =
+  if (std::optional<Callable*> specialization =
           key.generic->GetSpecialization(key.specialized_types)) {
     return *specialization;
   }
@@ -1986,19 +1984,19 @@ Callable* GetOrCreateSpecialization(
 
 }  // namespace
 
-base::Optional<Binding<LocalValue>*> ImplementationVisitor::TryLookupLocalValue(
+std::optional<Binding<LocalValue>*> ImplementationVisitor::TryLookupLocalValue(
     const std::string& name) {
   return ValueBindingsManager::Get().TryLookup(name);
 }
 
-base::Optional<Binding<LocalLabel>*> ImplementationVisitor::TryLookupLabel(
+std::optional<Binding<LocalLabel>*> ImplementationVisitor::TryLookupLabel(
     const std::string& name) {
   return LabelBindingsManager::Get().TryLookup(name);
 }
 
 Binding<LocalLabel>* ImplementationVisitor::LookupLabel(
     const std::string& name) {
-  base::Optional<Binding<LocalLabel>*> label = TryLookupLabel(name);
+  std::optional<Binding<LocalLabel>*> label = TryLookupLabel(name);
   if (!label) ReportError("cannot find label ", name);
   return *label;
 }
@@ -2025,14 +2023,14 @@ bool ImplementationVisitor::TestLookupCallable(
 TypeArgumentInference ImplementationVisitor::InferSpecializationTypes(
     GenericCallable* generic, const TypeVector& explicit_specialization_types,
     const TypeVector& explicit_arguments) {
-  std::vector<base::Optional<const Type*>> all_arguments;
+  std::vector<std::optional<const Type*>> all_arguments;
   const ParameterList& parameters = generic->declaration()->parameters;
   for (size_t i = 0; i < parameters.implicit_count; ++i) {
-    base::Optional<Binding<LocalValue>*> val =
+    std::optional<Binding<LocalValue>*> val =
         TryLookupLocalValue(parameters.names[i]->value);
     all_arguments.push_back(
         val ? (*val)->GetLocationReference(*val).ReferencedType()
-            : base::nullopt);
+            : std::nullopt);
   }
   for (const Type* explicit_argument : explicit_arguments) {
     all_arguments.push_back(explicit_argument);
@@ -2278,7 +2276,7 @@ LocationReference ImplementationVisitor::GetLocationReference(
 
 LocationReference ImplementationVisitor::GenerateFieldAccess(
     LocationReference reference, const std::string& fieldname,
-    bool ignore_stuct_field_constness, base::Optional<SourcePosition> pos) {
+    bool ignore_stuct_field_constness, std::optional<SourcePosition> pos) {
   if (reference.IsVariableAccess() &&
       reference.variable().type()->StructSupertype()) {
     const StructType* type = *reference.variable().type()->StructSupertype();
@@ -2309,8 +2307,7 @@ LocationReference ImplementationVisitor::GenerateFieldAccess(
         ProjectStructField(reference.temporary(), fieldname),
         reference.temporary_description());
   }
-  if (base::Optional<const Type*> referenced_type =
-          reference.ReferencedType()) {
+  if (std::optional<const Type*> referenced_type = reference.ReferencedType()) {
     if ((*referenced_type)->IsBitFieldStructType()) {
       const BitFieldStructType* bitfield_struct =
           BitFieldStructType::cast(*referenced_type);
@@ -2374,7 +2371,7 @@ LocationReference ImplementationVisitor::GenerateFieldAccess(
     }
   }
   VisitResult object_result = GenerateFetchFromLocation(reference);
-  if (base::Optional<const ClassType*> class_type =
+  if (std::optional<const ClassType*> class_type =
           object_result.type()->ClassSupertype()) {
     // This is a hack to distinguish the situation where we want to use
     // overloaded field accessors from when we want to create a reference.
@@ -2423,7 +2420,7 @@ LocationReference ImplementationVisitor::GenerateReferenceToItemInHeapSlice(
 LocationReference ImplementationVisitor::GetLocationReference(
     IdentifierExpression* expr) {
   if (expr->namespace_qualification.empty()) {
-    if (base::Optional<Binding<LocalValue>*> value =
+    if (std::optional<Binding<LocalValue>*> value =
             TryLookupLocalValue(expr->name->value)) {
       if (GlobalContext::collect_language_server_data()) {
         LanguageServerData::AddDefinition(expr->name->pos,
@@ -2449,7 +2446,7 @@ LocationReference ImplementationVisitor::GetLocationReference(
   }
   QualifiedName name =
       QualifiedName(expr->namespace_qualification, expr->name->value);
-  if (base::Optional<Builtin*> builtin = Declarations::TryLookupBuiltin(name)) {
+  if (std::optional<Builtin*> builtin = Declarations::TryLookupBuiltin(name)) {
     if (GlobalContext::collect_language_server_data()) {
       LanguageServerData::AddDefinition(expr->name->pos,
                                         (*builtin)->Position());
@@ -2735,7 +2732,7 @@ std::pair<std::string, std::string> GetClassInstanceTypeRange(
 }  // namespace
 
 VisitResult ImplementationVisitor::GenerateCall(
-    Callable* callable, base::Optional<LocationReference> this_reference,
+    Callable* callable, std::optional<LocationReference> this_reference,
     Arguments arguments, const TypeVector& specialization_types,
     bool is_tailcall) {
   CHECK(callable->Position().source.IsValid());
@@ -2761,7 +2758,7 @@ VisitResult ImplementationVisitor::GenerateCall(
   std::vector<VisitResult> implicit_arguments;
   for (size_t i = 0; i < callable->signature().implicit_count; ++i) {
     std::string implicit_name = callable->signature().parameter_names[i]->value;
-    base::Optional<Binding<LocalValue>*> val =
+    std::optional<Binding<LocalValue>*> val =
         TryLookupLocalValue(implicit_name);
     if (val) {
       implicit_arguments.push_back(
@@ -2847,7 +2844,7 @@ VisitResult ImplementationVisitor::GenerateCall(
   }
 
   if (auto* builtin = Builtin::DynamicCast(callable)) {
-    base::Optional<Block*> catch_block = GetCatchBlock();
+    std::optional<Block*> catch_block = GetCatchBlock();
     assembler().Emit(CallBuiltinInstruction{
         is_tailcall, builtin, argument_range.Size(), catch_block});
     GenerateCatchBlock(catch_block);
@@ -2946,14 +2943,14 @@ VisitResult ImplementationVisitor::GenerateCall(
                          label_blocks);
     } else if (arguments.labels.empty() &&
                return_type != TypeOracle::GetNeverType()) {
-      base::Optional<Block*> catch_block = GetCatchBlock();
+      std::optional<Block*> catch_block = GetCatchBlock();
       assembler().Emit(
           CallCsaMacroInstruction{macro, constexpr_arguments, catch_block});
       GenerateCatchBlock(catch_block);
       size_t return_slot_count = LoweredSlotCount(return_type);
       return VisitResult(return_type, assembler().TopRange(return_slot_count));
     } else {
-      base::Optional<Block*> return_continuation;
+      std::optional<Block*> return_continuation;
       if (return_type != TypeOracle::GetNeverType()) {
         return_continuation = assembler().NewBlock();
       }
@@ -2963,7 +2960,7 @@ VisitResult ImplementationVisitor::GenerateCall(
       for (size_t i = 0; i < label_count; ++i) {
         label_blocks.push_back(assembler().NewBlock());
       }
-      base::Optional<Block*> catch_block = GetCatchBlock();
+      std::optional<Block*> catch_block = GetCatchBlock();
       assembler().Emit(CallCsaMacroAndBranchInstruction{
           macro, constexpr_arguments, return_continuation, label_blocks,
           catch_block});
@@ -3008,7 +3005,7 @@ VisitResult ImplementationVisitor::GenerateCall(
       }
     }
   } else if (auto* runtime_function = RuntimeFunction::DynamicCast(callable)) {
-    base::Optional<Block*> catch_block = GetCatchBlock();
+    std::optional<Block*> catch_block = GetCatchBlock();
     assembler().Emit(CallRuntimeInstruction{
         is_tailcall, runtime_function, argument_range.Size(), catch_block});
     GenerateCatchBlock(catch_block);
@@ -3028,7 +3025,7 @@ VisitResult ImplementationVisitor::GenerateCall(
       }
       const Type* type = specialization_types[0];
       std::string size_string;
-      if (base::Optional<std::tuple<size_t, std::string>> size = SizeOf(type)) {
+      if (std::optional<std::tuple<size_t, std::string>> size = SizeOf(type)) {
         size_string = std::get<1>(*size);
       } else {
         Error("size of ", *type, " is not known.");
@@ -3208,7 +3205,7 @@ VisitResult ImplementationVisitor::GenerateCall(
   Callable* callable =
       LookupCallable(callable_name, Declarations::Lookup(callable_name),
                      arguments, specialization_types);
-  return GenerateCall(callable, base::nullopt, arguments, specialization_types,
+  return GenerateCall(callable, std::nullopt, arguments, specialization_types,
                       is_tailcall);
 }
 
@@ -3369,7 +3366,7 @@ VisitResult ImplementationVisitor::GenerateImplicitConvert(
 }
 
 StackRange ImplementationVisitor::GenerateLabelGoto(
-    LocalLabel* label, base::Optional<StackRange> arguments) {
+    LocalLabel* label, std::optional<StackRange> arguments) {
   return assembler().Goto(label->block, arguments ? arguments->Size() : 0);
 }
 
@@ -3396,7 +3393,7 @@ std::vector<Binding<LocalLabel>*> ImplementationVisitor::LabelsFromIdentifiers(
 StackRange ImplementationVisitor::LowerParameter(
     const Type* type, const std::string& parameter_name,
     Stack<std::string>* lowered_parameters) {
-  if (base::Optional<const StructType*> struct_type = type->StructSupertype()) {
+  if (std::optional<const StructType*> struct_type = type->StructSupertype()) {
     StackRange range = lowered_parameters->TopRange(0);
     for (auto& field : (*struct_type)->fields()) {
       StackRange parameter_range = LowerParameter(
@@ -3414,7 +3411,7 @@ StackRange ImplementationVisitor::LowerParameter(
 void ImplementationVisitor::LowerLabelParameter(
     const Type* type, const std::string& parameter_name,
     std::vector<std::string>* lowered_parameters) {
-  if (base::Optional<const StructType*> struct_type = type->StructSupertype()) {
+  if (std::optional<const StructType*> struct_type = type->StructSupertype()) {
     for (auto& field : (*struct_type)->fields()) {
       LowerLabelParameter(
           field.name_and_type.type,
@@ -3458,18 +3455,18 @@ bool IsCompatibleSignature(const Signature& sig, const TypeVector& types,
   return true;
 }
 
-base::Optional<Block*> ImplementationVisitor::GetCatchBlock() {
-  base::Optional<Block*> catch_block;
+std::optional<Block*> ImplementationVisitor::GetCatchBlock() {
+  std::optional<Block*> catch_block;
   if (TryLookupLabel(kCatchLabelName)) {
-    catch_block = assembler().NewBlock(base::nullopt, true);
+    catch_block = assembler().NewBlock(std::nullopt, true);
   }
   return catch_block;
 }
 
 void ImplementationVisitor::GenerateCatchBlock(
-    base::Optional<Block*> catch_block) {
+    std::optional<Block*> catch_block) {
   if (catch_block) {
-    base::Optional<Binding<LocalLabel>*> catch_handler =
+    std::optional<Binding<LocalLabel>*> catch_handler =
         TryLookupLabel(kCatchLabelName);
     // Reset the local scopes to prevent the macro calls below from using the
     // current catch handler.
@@ -3534,7 +3531,7 @@ void ImplementationVisitor::VisitAllDeclarables() {
 }
 
 void ImplementationVisitor::Visit(Declarable* declarable,
-                                  base::Optional<SourceId> file) {
+                                  std::optional<SourceId> file) {
   CurrentScope::Scope current_scope(declarable->ParentScope());
   CurrentSourcePosition::Scope current_source_position(declarable->Position());
   CurrentFileStreams::Scope current_file_streams(
@@ -4102,7 +4099,7 @@ class CppClassGenerator {
   std::ostream& impl_;
 };
 
-base::Optional<std::vector<Field>> GetOrderedUniqueIndexFields(
+std::optional<std::vector<Field>> GetOrderedUniqueIndexFields(
     const ClassType& type) {
   std::vector<Field> result;
   std::set<std::string> index_names;
@@ -4110,7 +4107,7 @@ base::Optional<std::vector<Field>> GetOrderedUniqueIndexFields(
     if (field.index) {
       auto name_and_type = ExtractSimpleFieldArraySize(type, field.index->expr);
       if (!name_and_type) {
-        return base::nullopt;
+        return std::nullopt;
       }
       index_names.insert(name_and_type->name);
     }
@@ -4291,7 +4288,7 @@ void CppClassGenerator::GenerateClass() {
     // requirements: the generated file must go before the hand-written
     // definition of the base class, but it must also go after that same
     // hand-written definition.
-    base::Optional<const ClassType*> parent = type_->parent()->ClassSupertype();
+    std::optional<const ClassType*> parent = type_->parent()->ClassSupertype();
     while (parent) {
       if ((*parent)->ShouldGenerateCppClassDefinitions() &&
           !(*parent)->ShouldGenerateFullClassDefinition() &&
@@ -4438,7 +4435,7 @@ void GenerateBoundsDCheck(std::ostream& os, const std::string& index,
                           const ClassType* type, const Field& f) {
   os << "  DCHECK_GE(" << index << ", 0);\n";
   std::string length_expression;
-  if (base::Optional<NameAndType> array_length =
+  if (std::optional<NameAndType> array_length =
           ExtractSimpleFieldArraySize(*type, f.index->expr)) {
     length_expression = "this ->" + array_length->name + "()";
   } else {
@@ -4457,7 +4454,7 @@ bool CanGenerateFieldAccessors(const Type* field_type) {
   return field_type != TypeOracle::GetVoidType() &&
          field_type != TypeOracle::GetFloat64OrHoleType() &&
          !field_type->IsSubtypeOf(TypeOracle::GetExternalPointerType()) &&
-         !field_type->IsSubtypeOf(TypeOracle::GetIndirectPointerType()) &&
+         !field_type->IsSubtypeOf(TypeOracle::GetTrustedPointerType()) &&
          !field_type->IsSubtypeOf(TypeOracle::GetProtectedPointerType());
 }
 }  // namespace
@@ -4830,6 +4827,7 @@ void ImplementationVisitor::GenerateClassDefinitions(
         std::stringstream parameters;
         for (const Field& f : type->ComputeAllFields()) {
           if (f.name_and_type.name == "map") continue;
+          if (f.name_and_type.name == "self_indirect_pointer") continue;
           if (!f.index) {
             std::string type_string =
                 f.name_and_type.type->HandlifiedCppTypeName(
@@ -4882,7 +4880,11 @@ void ImplementationVisitor::GenerateClassDefinitions(
 
         for (const Field& f : type->ComputeAllFields()) {
           if (f.name_and_type.name == "map") continue;
-          if (!f.index) {
+          if (f.name_and_type.name == "self_indirect_pointer") {
+            factory_impl << "  "
+                            "result->init_self_indirect_pointer(factory()->"
+                            "isolate());\n";
+          } else if (!f.index) {
             factory_impl << "  result->TorqueGeneratedClass::set_"
                          << SnakeifyString(f.name_and_type.name) << "(";
             if (f.name_and_type.type->IsSubtypeOf(
@@ -5024,7 +5026,7 @@ void ImplementationVisitor::GeneratePrintDefinitions(
   WriteFile(output_directory + "/" + file_name, new_contents);
 }
 
-base::Optional<std::string> MatchSimpleBodyDescriptor(const ClassType* type) {
+std::optional<std::string> MatchSimpleBodyDescriptor(const ClassType* type) {
   std::vector<ObjectSlotKind> slots = type->ComputeHeaderSlotKinds();
   if (!type->HasStaticSize()) {
     slots.push_back(*type->ComputeArraySlotKind());
@@ -5044,12 +5046,12 @@ base::Optional<std::string> MatchSimpleBodyDescriptor(const ClassType* type) {
     } else if (slots[i] == ObjectSlotKind::kNoPointer) {
       break;
     } else {
-      return base::nullopt;
+      return std::nullopt;
     }
   }
   size_t end_index = i;
   for (; i < slots.size(); ++i) {
-    if (slots[i] != ObjectSlotKind::kNoPointer) return base::nullopt;
+    if (slots[i] != ObjectSlotKind::kNoPointer) return std::nullopt;
   }
   size_t start_offset = start_index * TargetArchitecture::TaggedSize();
   size_t end_offset = end_index * TargetArchitecture::TaggedSize();
@@ -5063,7 +5065,7 @@ base::Optional<std::string> MatchSimpleBodyDescriptor(const ClassType* type) {
     return ToString("FixedRangeBodyDescriptor<", start_offset, ", ", end_offset,
                     ">");
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 void ImplementationVisitor::GenerateBodyDescriptors(
@@ -5078,7 +5080,7 @@ void ImplementationVisitor::GenerateBodyDescriptors(
       bool has_array_fields = !type->HasStaticSize();
       std::vector<ObjectSlotKind> header_slot_kinds =
           type->ComputeHeaderSlotKinds();
-      base::Optional<ObjectSlotKind> array_slot_kind =
+      std::optional<ObjectSlotKind> array_slot_kind =
           type->ComputeArraySlotKind();
       DCHECK_EQ(has_array_fields, array_slot_kind.has_value());
 
@@ -5105,7 +5107,7 @@ void ImplementationVisitor::GenerateBodyDescriptors(
         size_t end_offset = start_offset;
         ObjectSlotKind section_kind;
         for (size_t i = 0; i <= slots.size(); ++i) {
-          base::Optional<ObjectSlotKind> next_section_kind;
+          std::optional<ObjectSlotKind> next_section_kind;
           bool finished_section = false;
           if (i == 0) {
             next_section_kind = slots[i];
@@ -5124,7 +5126,7 @@ void ImplementationVisitor::GenerateBodyDescriptors(
             bool multiple_slots =
                 is_array_slot ||
                 (end_offset - start_offset > TargetArchitecture::TaggedSize());
-            base::Optional<std::string> iterate_command;
+            std::optional<std::string> iterate_command;
             switch (section_kind) {
               case ObjectSlotKind::kStrongPointer:
                 iterate_command = "IteratePointer";
@@ -5572,6 +5574,4 @@ void ReportAllUnusedMacros() {
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/implementation-visitor.h b/deps/v8/src/torque/implementation-visitor.h
index 36c9ca452e4cde..048b1f869614bd 100644
--- a/deps/v8/src/torque/implementation-visitor.h
+++ b/deps/v8/src/torque/implementation-visitor.h
@@ -6,6 +6,7 @@
 #define V8_TORQUE_IMPLEMENTATION_VISITOR_H_
 
 #include <memory>
+#include <optional>
 #include <string>
 
 #include "src/base/macros.h"
@@ -18,9 +19,7 @@
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 template <typename T>
 class Binding;
@@ -37,7 +36,7 @@ class LocationReference {
   // An assignable stack range.
   static LocationReference VariableAccess(
       VisitResult variable,
-      base::Optional<Binding<LocalValue>*> binding = base::nullopt) {
+      std::optional<Binding<LocalValue>*> binding = std::nullopt) {
     DCHECK(variable.IsOnStack());
     LocationReference result;
     result.variable_ = std::move(variable);
@@ -140,7 +139,7 @@ class LocationReference {
     return *bit_field_;
   }
 
-  base::Optional<const Type*> ReferencedType() const {
+  std::optional<const Type*> ReferencedType() const {
     if (IsHeapReference()) {
       return *TypeOracle::MatchReferenceGeneric(heap_reference().type());
     }
@@ -158,7 +157,7 @@ class LocationReference {
     if (IsVariableAccess() || IsHeapSlice() || IsTemporary()) {
       return GetVisitResult().type();
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   const VisitResult& GetVisitResult() const {
@@ -191,28 +190,28 @@ class LocationReference {
     DCHECK(IsCallAccess());
     return *assign_function_;
   }
-  base::Optional<Binding<LocalValue>*> binding() const {
+  std::optional<Binding<LocalValue>*> binding() const {
     DCHECK(IsVariableAccess());
     return binding_;
   }
 
  private:
-  base::Optional<VisitResult> variable_;
-  base::Optional<VisitResult> temporary_;
-  base::Optional<std::string> temporary_description_;
-  base::Optional<VisitResult> heap_reference_;
-  base::Optional<VisitResult> heap_slice_;
-  base::Optional<std::string> eval_function_;
-  base::Optional<std::string> assign_function_;
+  std::optional<VisitResult> variable_;
+  std::optional<VisitResult> temporary_;
+  std::optional<std::string> temporary_description_;
+  std::optional<VisitResult> heap_reference_;
+  std::optional<VisitResult> heap_slice_;
+  std::optional<std::string> eval_function_;
+  std::optional<std::string> assign_function_;
   VisitResultVector call_arguments_;
-  base::Optional<Binding<LocalValue>*> binding_;
+  std::optional<Binding<LocalValue>*> binding_;
 
   // The location of the bitfield struct that contains this bitfield, if this
   // reference is a bitfield access. Uses a shared_ptr so that LocationReference
   // is copyable, allowing us to set this field equal to a copy of a
   // stack-allocated LocationReference.
   std::shared_ptr<const LocationReference> bit_field_struct_;
-  base::Optional<BitField> bit_field_;
+  std::optional<BitField> bit_field_;
 
   LocationReference() = default;
 };
@@ -236,7 +235,7 @@ class Binding;
 template <class T>
 class BindingsManager {
  public:
-  base::Optional<Binding<T>*> TryLookup(const std::string& name) {
+  std::optional<Binding<T>*> TryLookup(const std::string& name) {
     if (StartsWithSingleUnderscore(name)) {
       Error("Trying to reference '", name, "' which is marked as unused.")
           .Throw();
@@ -250,8 +249,7 @@ class BindingsManager {
 
  private:
   friend class Binding<T>;
-  std::unordered_map<std::string, base::Optional<Binding<T>*>>
-      current_bindings_;
+  std::unordered_map<std::string, std::optional<Binding<T>*>> current_bindings_;
 };
 
 template <class T>
@@ -310,7 +308,7 @@ class Binding : public T {
 
   BindingsManager<T>* manager_;
   const std::string name_;
-  base::Optional<Binding*> previous_binding_;
+  std::optional<Binding*> previous_binding_;
   SourcePosition declaration_position_ = CurrentSourcePosition::Get();
   bool used_;
   bool written_;
@@ -394,8 +392,8 @@ class LocalValue {
   bool IsAccessibleNonLazy() const { return value.has_value(); }
 
  private:
-  base::Optional<LocationReference> value;
-  base::Optional<std::function<LocationReference()>> lazy;
+  std::optional<LocationReference> value;
+  std::optional<std::function<LocationReference()>> lazy;
   std::string inaccessible_explanation;
 };
 
@@ -516,7 +514,7 @@ class ImplementationVisitor {
   LocationReference GenerateFieldAccess(
       LocationReference reference, const std::string& fieldname,
       bool ignore_stuct_field_constness = false,
-      base::Optional<SourcePosition> pos = {});
+      std::optional<SourcePosition> pos = {});
   LocationReference GetLocationReference(ElementAccessExpression* expr);
   LocationReference GenerateReferenceToItemInHeapSlice(LocationReference slice,
                                                        VisitResult index);
@@ -529,10 +527,10 @@ class ImplementationVisitor {
   VisitResult Visit(FieldAccessExpression* expr);
 
   void VisitAllDeclarables();
-  void Visit(Declarable* delarable, base::Optional<SourceId> file = {});
+  void Visit(Declarable* delarable, std::optional<SourceId> file = {});
   void Visit(TypeAlias* decl);
   VisitResult InlineMacro(Macro* macro,
-                          base::Optional<LocationReference> this_reference,
+                          std::optional<LocationReference> this_reference,
                           const std::vector<VisitResult>& arguments,
                           const std::vector<Block*> label_blocks);
   void VisitMacroCommon(Macro* macro);
@@ -592,7 +590,7 @@ class ImplementationVisitor {
   DECLARE_CONTEXTUAL_VARIABLE(CurrentCallable, Callable*);
   DECLARE_CONTEXTUAL_VARIABLE(CurrentFileStreams,
                               GlobalContext::PerFileStreams*);
-  DECLARE_CONTEXTUAL_VARIABLE(CurrentReturnValue, base::Optional<VisitResult>);
+  DECLARE_CONTEXTUAL_VARIABLE(CurrentReturnValue, std::optional<VisitResult>);
 
   // A BindingsManagersScope has to be active for local bindings to be created.
   // Shadowing an existing BindingsManagersScope by creating a new one hides all
@@ -605,8 +603,8 @@ class ImplementationVisitor {
   void SetDryRun(bool is_dry_run) { is_dry_run_ = is_dry_run; }
 
  private:
-  base::Optional<Block*> GetCatchBlock();
-  void GenerateCatchBlock(base::Optional<Block*> catch_block);
+  std::optional<Block*> GetCatchBlock();
+  void GenerateCatchBlock(std::optional<Block*> catch_block);
 
   // {StackScope} records the stack height at creation time and reconstructs it
   // when being destructed by emitting a {DeleteRangeInstruction}, except for
@@ -684,9 +682,9 @@ class ImplementationVisitor {
     Binding<LocalLabel> continue_binding_;
   };
 
-  base::Optional<Binding<LocalValue>*> TryLookupLocalValue(
+  std::optional<Binding<LocalValue>*> TryLookupLocalValue(
       const std::string& name);
-  base::Optional<Binding<LocalLabel>*> TryLookupLabel(const std::string& name);
+  std::optional<Binding<LocalLabel>*> TryLookupLabel(const std::string& name);
   Binding<LocalLabel>* LookupLabel(const std::string& name);
   Block* LookupSimpleLabel(const std::string& name);
   template <class Container>
@@ -729,7 +727,7 @@ class ImplementationVisitor {
                         bool inline_macro);
 
   VisitResult GenerateCall(Callable* callable,
-                           base::Optional<LocationReference> this_parameter,
+                           std::optional<LocationReference> this_parameter,
                            Arguments parameters,
                            const TypeVector& specialization_types = {},
                            bool tail_call = false);
@@ -765,7 +763,7 @@ class ImplementationVisitor {
                                       VisitResult source);
 
   StackRange GenerateLabelGoto(LocalLabel* label,
-                               base::Optional<StackRange> arguments = {});
+                               std::optional<StackRange> arguments = {});
 
   VisitResult GenerateSetBitField(const Type* bitfield_struct_type,
                                   const BitField& bitfield,
@@ -821,7 +819,7 @@ class ImplementationVisitor {
   CfgAssembler& assembler() { return *assembler_; }
 
   void SetReturnValue(VisitResult return_value) {
-    base::Optional<VisitResult>& current_return_value =
+    std::optional<VisitResult>& current_return_value =
         CurrentReturnValue::Get();
     DCHECK_IMPLIES(current_return_value, *current_return_value == return_value);
     current_return_value = std::move(return_value);
@@ -829,7 +827,7 @@ class ImplementationVisitor {
 
   VisitResult GetAndClearReturnValue() {
     VisitResult return_value = *CurrentReturnValue::Get();
-    CurrentReturnValue::Get() = base::nullopt;
+    CurrentReturnValue::Get() = std::nullopt;
     return return_value;
   }
 
@@ -855,7 +853,7 @@ class ImplementationVisitor {
 
   class MacroInliningScope;
 
-  base::Optional<CfgAssembler> assembler_;
+  std::optional<CfgAssembler> assembler_;
   NullOStream null_stream_;
   bool is_dry_run_;
 
@@ -881,8 +879,6 @@ class ImplementationVisitor {
 
 void ReportAllUnusedMacros();
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_IMPLEMENTATION_VISITOR_H_
diff --git a/deps/v8/src/torque/instance-type-generator.cc b/deps/v8/src/torque/instance-type-generator.cc
index b4ae333495d682..7b8d0b81b7ed17 100644
--- a/deps/v8/src/torque/instance-type-generator.cc
+++ b/deps/v8/src/torque/instance-type-generator.cc
@@ -2,11 +2,11 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/torque/implementation-visitor.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 namespace {
 
@@ -257,7 +257,7 @@ int SolveInstanceTypeConstraints(
   }
   root->num_values = root->end - root->start + 1;
   root->type->InitializeInstanceTypes(
-      root->value == -1 ? base::Optional<int>{} : root->value,
+      root->value == -1 ? std::optional<int>{} : root->value,
       std::make_pair(root->start, root->end));
 
   if (root->num_values > 0) {
@@ -506,6 +506,4 @@ void ImplementationVisitor::GenerateInstanceTypes(
   GlobalContext::SetInstanceTypesInitialized();
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/instructions.cc b/deps/v8/src/torque/instructions.cc
index a96a563c8f25d1..bef568b6a43e82 100644
--- a/deps/v8/src/torque/instructions.cc
+++ b/deps/v8/src/torque/instructions.cc
@@ -3,12 +3,13 @@
 // found in the LICENSE file.
 
 #include "src/torque/instructions.h"
+
+#include <optional>
+
 #include "src/torque/cfg.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 #define TORQUE_INSTRUCTION_BOILERPLATE_DEFINITIONS(Name)        \
   const InstructionKind Name::kKind = InstructionKind::k##Name; \
@@ -248,9 +249,9 @@ void CallCsaMacroInstruction::RecomputeDefinitionLocations(
   }
 }
 
-base::Optional<DefinitionLocation>
+std::optional<DefinitionLocation>
 CallCsaMacroInstruction::GetExceptionObjectDefinition() const {
-  if (!catch_block) return base::nullopt;
+  if (!catch_block) return std::nullopt;
   return DefinitionLocation::Instruction(this, GetValueDefinitionCount());
 }
 
@@ -313,12 +314,12 @@ void CallCsaMacroAndBranchInstruction::TypeInstruction(
   if (macro->signature().return_type != TypeOracle::GetNeverType()) {
     Stack<const Type*> return_stack = *stack;
     return_stack.PushMany(LowerType(macro->signature().return_type));
-    if (return_continuation == base::nullopt) {
+    if (return_continuation == std::nullopt) {
       ReportError("missing return continuation.");
     }
     (*return_continuation)->SetInputTypes(return_stack);
   } else {
-    if (return_continuation != base::nullopt) {
+    if (return_continuation != std::nullopt) {
       ReportError("unreachable return continuation.");
     }
   }
@@ -390,9 +391,9 @@ DefinitionLocation CallCsaMacroAndBranchInstruction::GetValueDefinition(
   return DefinitionLocation::Instruction(this, index);
 }
 
-base::Optional<DefinitionLocation>
+std::optional<DefinitionLocation>
 CallCsaMacroAndBranchInstruction::GetExceptionObjectDefinition() const {
-  if (!catch_block) return base::nullopt;
+  if (!catch_block) return std::nullopt;
   return DefinitionLocation::Instruction(this, GetValueDefinitionCount());
 }
 
@@ -461,9 +462,9 @@ DefinitionLocation CallBuiltinInstruction::GetValueDefinition(
   return DefinitionLocation::Instruction(this, index);
 }
 
-base::Optional<DefinitionLocation>
+std::optional<DefinitionLocation>
 CallBuiltinInstruction::GetExceptionObjectDefinition() const {
-  if (!catch_block) return base::nullopt;
+  if (!catch_block) return std::nullopt;
   return DefinitionLocation::Instruction(this, GetValueDefinitionCount());
 }
 
@@ -567,9 +568,9 @@ DefinitionLocation CallRuntimeInstruction::GetValueDefinition(
   return DefinitionLocation::Instruction(this, index);
 }
 
-base::Optional<DefinitionLocation>
+std::optional<DefinitionLocation>
 CallRuntimeInstruction::GetExceptionObjectDefinition() const {
-  if (!catch_block) return base::nullopt;
+  if (!catch_block) return std::nullopt;
   return DefinitionLocation::Instruction(this, GetValueDefinitionCount());
 }
 
@@ -804,6 +805,4 @@ bool CallRuntimeInstruction::IsBlockTerminator() const {
                             TypeOracle::GetNeverType();
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/instructions.h b/deps/v8/src/torque/instructions.h
index 6981759d541e26..c284dd2ad0658b 100644
--- a/deps/v8/src/torque/instructions.h
+++ b/deps/v8/src/torque/instructions.h
@@ -6,15 +6,14 @@
 #define V8_TORQUE_INSTRUCTIONS_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/torque/ast.h"
 #include "src/torque/source-positions.h"
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class Block;
 class Builtin;
@@ -281,11 +280,11 @@ class Instruction {
 struct PeekInstruction : InstructionBase {
   TORQUE_INSTRUCTION_BOILERPLATE()
 
-  PeekInstruction(BottomOffset slot, base::Optional<const Type*> widened_type)
+  PeekInstruction(BottomOffset slot, std::optional<const Type*> widened_type)
       : slot(slot), widened_type(widened_type) {}
 
   BottomOffset slot;
-  base::Optional<const Type*> widened_type;
+  std::optional<const Type*> widened_type;
 };
 
 inline std::ostream& operator<<(std::ostream& os,
@@ -300,11 +299,11 @@ inline std::ostream& operator<<(std::ostream& os,
 struct PokeInstruction : InstructionBase {
   TORQUE_INSTRUCTION_BOILERPLATE()
 
-  PokeInstruction(BottomOffset slot, base::Optional<const Type*> widened_type)
+  PokeInstruction(BottomOffset slot, std::optional<const Type*> widened_type)
       : slot(slot), widened_type(widened_type) {}
 
   BottomOffset slot;
-  base::Optional<const Type*> widened_type;
+  std::optional<const Type*> widened_type;
 };
 
 inline std::ostream& operator<<(std::ostream& os,
@@ -474,7 +473,7 @@ struct CallCsaMacroInstruction : InstructionBase {
   TORQUE_INSTRUCTION_BOILERPLATE()
   CallCsaMacroInstruction(Macro* macro,
                           std::vector<std::string> constexpr_arguments,
-                          base::Optional<Block*> catch_block)
+                          std::optional<Block*> catch_block)
       : macro(macro),
         constexpr_arguments(constexpr_arguments),
         catch_block(catch_block) {}
@@ -482,13 +481,13 @@ struct CallCsaMacroInstruction : InstructionBase {
     if (catch_block) block_list->push_back(*catch_block);
   }
 
-  base::Optional<DefinitionLocation> GetExceptionObjectDefinition() const;
+  std::optional<DefinitionLocation> GetExceptionObjectDefinition() const;
   std::size_t GetValueDefinitionCount() const;
   DefinitionLocation GetValueDefinition(std::size_t index) const;
 
   Macro* macro;
   std::vector<std::string> constexpr_arguments;
-  base::Optional<Block*> catch_block;
+  std::optional<Block*> catch_block;
 };
 
 std::ostream& operator<<(std::ostream& os,
@@ -498,9 +497,9 @@ struct CallCsaMacroAndBranchInstruction : InstructionBase {
   TORQUE_INSTRUCTION_BOILERPLATE()
   CallCsaMacroAndBranchInstruction(Macro* macro,
                                    std::vector<std::string> constexpr_arguments,
-                                   base::Optional<Block*> return_continuation,
+                                   std::optional<Block*> return_continuation,
                                    std::vector<Block*> label_blocks,
-                                   base::Optional<Block*> catch_block)
+                                   std::optional<Block*> catch_block)
       : macro(macro),
         constexpr_arguments(constexpr_arguments),
         return_continuation(return_continuation),
@@ -519,13 +518,13 @@ struct CallCsaMacroAndBranchInstruction : InstructionBase {
                                              std::size_t index) const;
   std::size_t GetValueDefinitionCount() const;
   DefinitionLocation GetValueDefinition(std::size_t index) const;
-  base::Optional<DefinitionLocation> GetExceptionObjectDefinition() const;
+  std::optional<DefinitionLocation> GetExceptionObjectDefinition() const;
 
   Macro* macro;
   std::vector<std::string> constexpr_arguments;
-  base::Optional<Block*> return_continuation;
+  std::optional<Block*> return_continuation;
   std::vector<Block*> label_blocks;
-  base::Optional<Block*> catch_block;
+  std::optional<Block*> catch_block;
 };
 
 std::ostream& operator<<(std::ostream& os,
@@ -553,7 +552,7 @@ struct CallBuiltinInstruction : InstructionBase {
   TORQUE_INSTRUCTION_BOILERPLATE()
   bool IsBlockTerminator() const override { return is_tailcall; }
   CallBuiltinInstruction(bool is_tailcall, Builtin* builtin, size_t argc,
-                         base::Optional<Block*> catch_block)
+                         std::optional<Block*> catch_block)
       : is_tailcall(is_tailcall),
         builtin(builtin),
         argc(argc),
@@ -564,12 +563,12 @@ struct CallBuiltinInstruction : InstructionBase {
 
   std::size_t GetValueDefinitionCount() const;
   DefinitionLocation GetValueDefinition(std::size_t index) const;
-  base::Optional<DefinitionLocation> GetExceptionObjectDefinition() const;
+  std::optional<DefinitionLocation> GetExceptionObjectDefinition() const;
 
   bool is_tailcall;
   Builtin* builtin;
   size_t argc;
-  base::Optional<Block*> catch_block;
+  std::optional<Block*> catch_block;
 };
 
 std::ostream& operator<<(std::ostream& os,
@@ -605,7 +604,7 @@ struct CallRuntimeInstruction : InstructionBase {
   bool IsBlockTerminator() const override;
 
   CallRuntimeInstruction(bool is_tailcall, RuntimeFunction* runtime_function,
-                         size_t argc, base::Optional<Block*> catch_block)
+                         size_t argc, std::optional<Block*> catch_block)
       : is_tailcall(is_tailcall),
         runtime_function(runtime_function),
         argc(argc),
@@ -616,12 +615,12 @@ struct CallRuntimeInstruction : InstructionBase {
 
   std::size_t GetValueDefinitionCount() const;
   DefinitionLocation GetValueDefinition(std::size_t index) const;
-  base::Optional<DefinitionLocation> GetExceptionObjectDefinition() const;
+  std::optional<DefinitionLocation> GetExceptionObjectDefinition() const;
 
   bool is_tailcall;
   RuntimeFunction* runtime_function;
   size_t argc;
-  base::Optional<Block*> catch_block;
+  std::optional<Block*> catch_block;
 };
 
 std::ostream& operator<<(std::ostream& os,
@@ -770,8 +769,6 @@ inline std::ostream& operator<<(std::ostream& os,
   return os << "UnsafeCast " << *instruction.destination_type;
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_INSTRUCTIONS_H_
diff --git a/deps/v8/src/torque/ls/json-parser.cc b/deps/v8/src/torque/ls/json-parser.cc
index c13449bfcc5d0d..301e1adee6a927 100644
--- a/deps/v8/src/torque/ls/json-parser.cc
+++ b/deps/v8/src/torque/ls/json-parser.cc
@@ -5,11 +5,11 @@
 #include "src/torque/ls/json-parser.h"
 
 #include <cctype>
+#include <optional>
+
 #include "src/torque/earley-parser.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<ls::JsonValue>::id =
@@ -35,37 +35,35 @@ namespace ls {
 using JsonMember = std::pair<std::string, JsonValue>;
 
 template <bool value>
-base::Optional<ParseResult> MakeBoolLiteral(
-    ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeBoolLiteral(ParseResultIterator* child_results) {
   return ParseResult{JsonValue::From(value)};
 }
 
-base::Optional<ParseResult> MakeNullLiteral(
-    ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeNullLiteral(ParseResultIterator* child_results) {
   JsonValue result;
   result.tag = JsonValue::IS_NULL;
   return ParseResult{std::move(result)};
 }
 
-base::Optional<ParseResult> MakeNumberLiteral(
+std::optional<ParseResult> MakeNumberLiteral(
     ParseResultIterator* child_results) {
   auto number = child_results->NextAs<std::string>();
   double d = std::stod(number.c_str());
   return ParseResult{JsonValue::From(d)};
 }
 
-base::Optional<ParseResult> MakeStringLiteral(
+std::optional<ParseResult> MakeStringLiteral(
     ParseResultIterator* child_results) {
   std::string literal = child_results->NextAs<std::string>();
   return ParseResult{JsonValue::From(StringLiteralUnquote(literal))};
 }
 
-base::Optional<ParseResult> MakeArray(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeArray(ParseResultIterator* child_results) {
   JsonArray array = child_results->NextAs<JsonArray>();
   return ParseResult{JsonValue::From(std::move(array))};
 }
 
-base::Optional<ParseResult> MakeMember(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeMember(ParseResultIterator* child_results) {
   JsonMember result;
   std::string key = child_results->NextAs<std::string>();
   result.first = StringLiteralUnquote(key);
@@ -73,7 +71,7 @@ base::Optional<ParseResult> MakeMember(ParseResultIterator* child_results) {
   return ParseResult{std::move(result)};
 }
 
-base::Optional<ParseResult> MakeObject(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeObject(ParseResultIterator* child_results) {
   using MemberList = std::vector<JsonMember>;
   MemberList members = child_results->NextAs<MemberList>();
 
@@ -198,6 +196,4 @@ JsonParserResult ParseJson(const std::string& input) {
 }
 
 }  // namespace ls
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/ls/json-parser.h b/deps/v8/src/torque/ls/json-parser.h
index 1c5fd3f1470987..0f90f6bd703871 100644
--- a/deps/v8/src/torque/ls/json-parser.h
+++ b/deps/v8/src/torque/ls/json-parser.h
@@ -5,26 +5,21 @@
 #ifndef V8_TORQUE_LS_JSON_PARSER_H_
 #define V8_TORQUE_LS_JSON_PARSER_H_
 
+#include <optional>
+
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/torque/ls/json.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
-namespace ls {
+namespace v8::internal::torque::ls {
 
 struct JsonParserResult {
   JsonValue value;
-  base::Optional<TorqueMessage> error;
+  std::optional<TorqueMessage> error;
 };
 
 V8_EXPORT_PRIVATE JsonParserResult ParseJson(const std::string& input);
 
-}  // namespace ls
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque::ls
 
 #endif  // V8_TORQUE_LS_JSON_PARSER_H_
diff --git a/deps/v8/src/torque/parameter-difference.h b/deps/v8/src/torque/parameter-difference.h
index aaa1745af29657..d1eb7b0e7a475c 100644
--- a/deps/v8/src/torque/parameter-difference.h
+++ b/deps/v8/src/torque/parameter-difference.h
@@ -5,13 +5,12 @@
 #ifndef V8_TORQUE_PARAMETER_DIFFERENCE_H_
 #define V8_TORQUE_PARAMETER_DIFFERENCE_H_
 
+#include <optional>
 #include <vector>
 
 #include "src/torque/types.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class ParameterDifference {
  public:
@@ -37,8 +36,8 @@ class ParameterDifference {
     DCHECK_EQ(difference_.size(), other.difference_.size());
     bool better_parameter_found = false;
     for (size_t i = 0; i < difference_.size(); ++i) {
-      base::Optional<const Type*> a = difference_[i];
-      base::Optional<const Type*> b = other.difference_[i];
+      std::optional<const Type*> a = difference_[i];
+      std::optional<const Type*> b = other.difference_[i];
       if (a == b) {
         continue;
       } else if (a && b && a != b && (*a)->IsSubtypeOf(*b)) {
@@ -55,23 +54,21 @@ class ParameterDifference {
 
  private:
   // Pointwise difference between call arguments and a signature.
-  // {base::nullopt} means that an implicit conversion was necessary,
+  // {std::nullopt} means that an implicit conversion was necessary,
   // otherwise we store the supertype found in the signature.
-  std::vector<base::Optional<const Type*>> difference_;
+  std::vector<std::optional<const Type*>> difference_;
 
   void AddParameter(const Type* to, const Type* from) {
     if (from->IsSubtypeOf(to)) {
       difference_.push_back(to);
     } else if (IsAssignableFrom(to, from)) {
-      difference_.push_back(base::nullopt);
+      difference_.push_back(std::nullopt);
     } else {
       UNREACHABLE();
     }
   }
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_PARAMETER_DIFFERENCE_H_
diff --git a/deps/v8/src/torque/server-data.cc b/deps/v8/src/torque/server-data.cc
index 853beb05f55ef3..bea0090cad5461 100644
--- a/deps/v8/src/torque/server-data.cc
+++ b/deps/v8/src/torque/server-data.cc
@@ -4,34 +4,34 @@
 
 #include "src/torque/server-data.h"
 
+#include <optional>
+
 #include "src/base/macros.h"
 #include "src/torque/declarable.h"
 #include "src/torque/implementation-visitor.h"
 
 EXPORT_CONTEXTUAL_VARIABLE(v8::internal::torque::LanguageServerData)
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 void LanguageServerData::AddDefinition(SourcePosition token,
                                        SourcePosition definition) {
   Get().definitions_map_[token.source].emplace_back(token, definition);
 }
 
-base::Optional<SourcePosition> LanguageServerData::FindDefinition(
+std::optional<SourcePosition> LanguageServerData::FindDefinition(
     SourceId source, LineAndColumn pos) {
-  if (!source.IsValid()) return base::nullopt;
+  if (!source.IsValid()) return std::nullopt;
 
   auto iter = Get().definitions_map_.find(source);
-  if (iter == Get().definitions_map_.end()) return base::nullopt;
+  if (iter == Get().definitions_map_.end()) return std::nullopt;
 
   for (const DefinitionMapping& mapping : iter->second) {
     SourcePosition current = mapping.first;
     if (current.Contains(pos)) return mapping.second;
   }
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
 void LanguageServerData::PrepareAllDeclarableSymbols() {
@@ -48,6 +48,4 @@ void LanguageServerData::PrepareAllDeclarableSymbols() {
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/server-data.h b/deps/v8/src/torque/server-data.h
index 89d4308d418e64..154d9c3f859831 100644
--- a/deps/v8/src/torque/server-data.h
+++ b/deps/v8/src/torque/server-data.h
@@ -7,18 +7,16 @@
 
 #include <map>
 #include <memory>
+#include <optional>
 #include <vector>
 
 #include "src/base/macros.h"
-#include "src/base/optional.h"
 #include "src/torque/declarable.h"
 #include "src/torque/global-context.h"
 #include "src/torque/source-positions.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 // The definition of the token in the first element, can be found at the second.
 using DefinitionMapping = std::pair<SourcePosition, SourcePosition>;
@@ -43,7 +41,7 @@ class LanguageServerData : public base::ContextualClass<LanguageServerData> {
   V8_EXPORT_PRIVATE static void AddDefinition(SourcePosition token,
                                               SourcePosition definition);
 
-  V8_EXPORT_PRIVATE static base::Optional<SourcePosition> FindDefinition(
+  V8_EXPORT_PRIVATE static std::optional<SourcePosition> FindDefinition(
       SourceId source, LineAndColumn pos);
 
   static void SetGlobalContext(GlobalContext global_context) {
@@ -70,8 +68,6 @@ class LanguageServerData : public base::ContextualClass<LanguageServerData> {
   std::unique_ptr<TypeOracle> type_oracle_;
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_SERVER_DATA_H_
diff --git a/deps/v8/src/torque/torque-compiler.cc b/deps/v8/src/torque/torque-compiler.cc
index 62e1314188d0c0..960866d9f6bf6d 100644
--- a/deps/v8/src/torque/torque-compiler.cc
+++ b/deps/v8/src/torque/torque-compiler.cc
@@ -5,6 +5,8 @@
 #include "src/torque/torque-compiler.h"
 
 #include <fstream>
+#include <optional>
+
 #include "src/torque/declarable.h"
 #include "src/torque/declaration-visitor.h"
 #include "src/torque/global-context.h"
@@ -12,15 +14,13 @@
 #include "src/torque/torque-parser.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 namespace {
 
-base::Optional<std::string> ReadFile(const std::string& path) {
+std::optional<std::string> ReadFile(const std::string& path) {
   std::ifstream file_stream(path);
-  if (!file_stream.good()) return base::nullopt;
+  if (!file_stream.good()) return std::nullopt;
 
   return std::string{std::istreambuf_iterator<char>(file_stream),
                      std::istreambuf_iterator<char>()};
@@ -198,6 +198,4 @@ TorqueCompilerResult CompileTorqueForKythe(
   return result;
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/torque-compiler.h b/deps/v8/src/torque/torque-compiler.h
index 42f54d65d0dc26..196aafc6298937 100644
--- a/deps/v8/src/torque/torque-compiler.h
+++ b/deps/v8/src/torque/torque-compiler.h
@@ -5,6 +5,8 @@
 #ifndef V8_TORQUE_TORQUE_COMPILER_H_
 #define V8_TORQUE_TORQUE_COMPILER_H_
 
+#include <optional>
+
 #include "src/base/contextual.h"
 #include "src/torque/ast.h"
 #include "src/torque/kythe-data.h"
@@ -12,9 +14,7 @@
 #include "src/torque/source-positions.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 struct TorqueCompilerOptions {
   std::string output_directory = "";
@@ -44,7 +44,7 @@ struct TorqueCompilerResult {
   // Map translating SourceIds to filenames. This field is
   // set on errors, so the SourcePosition of the error can be
   // resolved.
-  base::Optional<SourceFileMap> source_file_map;
+  std::optional<SourceFileMap> source_file_map;
 
   // Eagerly collected data needed for the LanguageServer.
   // Set the corresponding options flag to enable.
@@ -67,8 +67,6 @@ V8_EXPORT_PRIVATE TorqueCompilerResult CompileTorqueForKythe(
     std::vector<TorqueCompilationUnit> units, TorqueCompilerOptions options,
     KytheConsumer* kythe_consumer);
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_TORQUE_COMPILER_H_
diff --git a/deps/v8/src/torque/torque-parser.cc b/deps/v8/src/torque/torque-parser.cc
index 3805a2c504715d..c555bca554f864 100644
--- a/deps/v8/src/torque/torque-parser.cc
+++ b/deps/v8/src/torque/torque-parser.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <cctype>
+#include <optional>
 #include <set>
 #include <stdexcept>
 #include <unordered_map>
@@ -20,9 +21,7 @@
 #include "src/torque/global-context.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 using TypeList = std::vector<TypeExpression*>;
 
@@ -33,15 +32,15 @@ struct ExpressionWithSource {
 
 struct TypeswitchCase {
   SourcePosition pos;
-  base::Optional<Identifier*> name;
+  std::optional<Identifier*> name;
   TypeExpression* type;
   Statement* block;
 };
 
 struct EnumEntry {
   Identifier* name;
-  base::Optional<TypeExpression*> type;
-  base::Optional<std::string> alias_entry;
+  std::optional<TypeExpression*> type;
+  std::optional<std::string> alias_entry;
 };
 
 class BuildFlags : public base::ContextualClass<BuildFlags> {
@@ -81,6 +80,11 @@ class BuildFlags : public base::ContextualClass<BuildFlags> {
     build_flags_["V8_ENABLE_SANDBOX"] = V8_ENABLE_SANDBOX_BOOL;
     build_flags_["V8_ENABLE_LEAPTIERING"] = V8_ENABLE_LEAPTIERING_BOOL;
     build_flags_["DEBUG"] = DEBUG_BOOL;
+#ifdef V8_ENABLE_DRUMBRAKE
+    build_flags_["V8_ENABLE_DRUMBRAKE"] = true;
+#else
+    build_flags_["V8_ENABLE_DRUMBRAKE"] = false;
+#endif
   }
   static bool GetFlag(const std::string& name, const char* production) {
     auto it = Get().build_flags_.find(name);
@@ -123,7 +127,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kTypeExpressionPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<TypeExpression*>>::id =
+    ParseResultHolder<std::optional<TypeExpression*>>::id =
         ParseResultTypeId::kOptionalTypeExpressionPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<TryHandler*>::id =
@@ -136,7 +140,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<Identifier*>::id =
     ParseResultTypeId::kIdentifierPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<Identifier*>>::id =
+    ParseResultHolder<std::optional<Identifier*>>::id =
         ParseResultTypeId::kOptionalIdentifierPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<Statement*>::id =
@@ -169,7 +173,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kAnnotationParameter;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<AnnotationParameter>>::id =
+    ParseResultHolder<std::optional<AnnotationParameter>>::id =
         ParseResultTypeId::kOptionalAnnotationParameter;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
@@ -193,7 +197,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kImplicitParameters;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<ImplicitParameters>>::id =
+    ParseResultHolder<std::optional<ImplicitParameters>>::id =
         ParseResultTypeId::kOptionalImplicitParameters;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
@@ -217,7 +221,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kIncrementDecrementOperator;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<std::string>>::id =
+    ParseResultHolder<std::optional<std::string>>::id =
         ParseResultTypeId::kOptionalStdString;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
@@ -247,7 +251,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<TypeList>::id =
     ParseResultTypeId::kTypeList;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<TypeList>>::id =
+    ParseResultHolder<std::optional<TypeList>>::id =
         ParseResultTypeId::kOptionalTypeList;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId ParseResultHolder<LabelAndTypes>::id =
@@ -262,11 +266,11 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kStdVectorOfTryHandlerPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<Statement*>>::id =
+    ParseResultHolder<std::optional<Statement*>>::id =
         ParseResultTypeId::kOptionalStatementPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<Expression*>>::id =
+    ParseResultHolder<std::optional<Expression*>>::id =
         ParseResultTypeId::kOptionalExpressionPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
@@ -281,7 +285,7 @@ V8_EXPORT_PRIVATE const ParseResultTypeId
         ParseResultTypeId::kStdVectorOfIdentifierPtr;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
-    ParseResultHolder<base::Optional<ClassBody*>>::id =
+    ParseResultHolder<std::optional<ClassBody*>>::id =
         ParseResultTypeId::kOptionalClassBody;
 template <>
 V8_EXPORT_PRIVATE const ParseResultTypeId
@@ -296,13 +300,13 @@ namespace {
 
 bool ProcessIfAnnotation(ParseResultIterator* child_results);
 
-base::Optional<ParseResult> AddGlobalDeclarations(
+std::optional<ParseResult> AddGlobalDeclarations(
     ParseResultIterator* child_results) {
   auto declarations = child_results->NextAs<std::vector<Declaration*>>();
   for (Declaration* declaration : declarations) {
     CurrentAst::Get().declarations().push_back(declaration);
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 void NamingConventionError(const std::string& type, const std::string& name,
@@ -327,7 +331,7 @@ void LintGenericParameters(const GenericParameters& parameters) {
   }
 }
 
-base::Optional<ParseResult> ConcatList(ParseResultIterator* child_results) {
+std::optional<ParseResult> ConcatList(ParseResultIterator* child_results) {
   auto list_of_lists =
       child_results->NextAs<std::vector<std::vector<Declaration*>>>();
   std::vector<Declaration*> result;
@@ -358,7 +362,7 @@ TypeExpression* AddConstexpr(TypeExpression* type) {
 }
 
 Expression* MakeCall(IdentifierExpression* callee,
-                     base::Optional<Expression*> target,
+                     std::optional<Expression*> target,
                      std::vector<Expression*> arguments,
                      const std::vector<Statement*>& otherwise) {
   std::vector<Identifier*> labels;
@@ -408,18 +412,18 @@ Expression* MakeCall(Identifier* callee,
                      const std::vector<Expression*>& arguments,
                      const std::vector<Statement*>& otherwise) {
   return MakeCall(MakeNode<IdentifierExpression>(callee, generic_arguments),
-                  base::nullopt, arguments, otherwise);
+                  std::nullopt, arguments, otherwise);
 }
 
-base::Optional<ParseResult> MakeCall(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeCall(ParseResultIterator* child_results) {
   auto callee = child_results->NextAs<Expression*>();
   auto args = child_results->NextAs<std::vector<Expression*>>();
   auto otherwise = child_results->NextAs<std::vector<Statement*>>();
   IdentifierExpression* target = IdentifierExpression::cast(callee);
-  return ParseResult{MakeCall(target, base::nullopt, args, otherwise)};
+  return ParseResult{MakeCall(target, std::nullopt, args, otherwise)};
 }
 
-base::Optional<ParseResult> MakeMethodCall(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeMethodCall(ParseResultIterator* child_results) {
   auto this_arg = child_results->NextAs<Expression*>();
   auto callee = child_results->NextAs<Identifier*>();
   auto args = child_results->NextAs<std::vector<Expression*>>();
@@ -428,7 +432,7 @@ base::Optional<ParseResult> MakeMethodCall(ParseResultIterator* child_results) {
                               args, otherwise)};
 }
 
-base::Optional<ParseResult> MakeNewExpression(
+std::optional<ParseResult> MakeNewExpression(
     ParseResultIterator* child_results) {
   bool pretenured = child_results->NextAs<bool>();
   bool clear_padding = child_results->NextAs<bool>();
@@ -441,7 +445,7 @@ base::Optional<ParseResult> MakeNewExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeBinaryOperator(
+std::optional<ParseResult> MakeBinaryOperator(
     ParseResultIterator* child_results) {
   auto left = child_results->NextAs<Expression*>();
   auto op = child_results->NextAs<Identifier*>();
@@ -451,7 +455,7 @@ base::Optional<ParseResult> MakeBinaryOperator(
                               std::vector<Statement*>{})};
 }
 
-base::Optional<ParseResult> MakeIntrinsicCallExpression(
+std::optional<ParseResult> MakeIntrinsicCallExpression(
     ParseResultIterator* child_results) {
   auto callee = child_results->NextAs<Identifier*>();
   auto generic_arguments =
@@ -462,7 +466,7 @@ base::Optional<ParseResult> MakeIntrinsicCallExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeUnaryOperator(
+std::optional<ParseResult> MakeUnaryOperator(
     ParseResultIterator* child_results) {
   auto op = child_results->NextAs<Identifier*>();
   auto e = child_results->NextAs<Expression*>();
@@ -470,14 +474,14 @@ base::Optional<ParseResult> MakeUnaryOperator(
                               std::vector<Statement*>{})};
 }
 
-base::Optional<ParseResult> MakeSpreadExpression(
+std::optional<ParseResult> MakeSpreadExpression(
     ParseResultIterator* child_results) {
   auto spreadee = child_results->NextAs<Expression*>();
   Expression* result = MakeNode<SpreadExpression>(spreadee);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeImplicitParameterList(
+std::optional<ParseResult> MakeImplicitParameterList(
     ParseResultIterator* child_results) {
   auto kind = child_results->NextAs<Identifier*>();
   auto parameters = child_results->NextAs<std::vector<NameAndTypeExpression>>();
@@ -494,10 +498,10 @@ void AddParameter(ParameterList* parameter_list,
 }
 
 template <bool has_varargs, bool has_explicit_parameter_names>
-base::Optional<ParseResult> MakeParameterList(
+std::optional<ParseResult> MakeParameterList(
     ParseResultIterator* child_results) {
   auto implicit_params =
-      child_results->NextAs<base::Optional<ImplicitParameters>>();
+      child_results->NextAs<std::optional<ImplicitParameters>>();
   ParameterList result;
   result.has_varargs = has_varargs;
   result.implicit_count = 0;
@@ -535,7 +539,7 @@ base::Optional<ParseResult> MakeParameterList(
   return ParseResult{std::move(result)};
 }
 
-base::Optional<ParseResult> MakeAssertStatement(
+std::optional<ParseResult> MakeAssertStatement(
     ParseResultIterator* child_results) {
   auto kind_string = child_results->NextAs<Identifier*>()->value;
   auto expr_with_source = child_results->NextAs<ExpressionWithSource>();
@@ -560,7 +564,7 @@ base::Optional<ParseResult> MakeAssertStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeDebugStatement(
+std::optional<ParseResult> MakeDebugStatement(
     ParseResultIterator* child_results) {
   auto kind = child_results->NextAs<Identifier*>()->value;
   DCHECK(kind == "unreachable" || kind == "debug");
@@ -570,7 +574,7 @@ base::Optional<ParseResult> MakeDebugStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> DeprecatedMakeVoidType(
+std::optional<ParseResult> DeprecatedMakeVoidType(
     ParseResultIterator* child_results) {
   Error("Default void return types are deprecated. Add `: void`.");
   TypeExpression* result = MakeNode<BasicTypeExpression>(
@@ -579,12 +583,12 @@ base::Optional<ParseResult> DeprecatedMakeVoidType(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeExternalMacro(
+std::optional<ParseResult> MakeExternalMacro(
     ParseResultIterator* child_results) {
   auto transitioning = child_results->NextAs<bool>();
-  auto operator_name = child_results->NextAs<base::Optional<std::string>>();
+  auto operator_name = child_results->NextAs<std::optional<std::string>>();
   auto external_assembler_name =
-      child_results->NextAs<base::Optional<std::string>>();
+      child_results->NextAs<std::optional<std::string>>();
   auto name = child_results->NextAs<Identifier*>();
   auto generic_parameters = child_results->NextAs<GenericParameters>();
   LintGenericParameters(generic_parameters);
@@ -603,7 +607,7 @@ base::Optional<ParseResult> MakeExternalMacro(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIntrinsicDeclaration(
+std::optional<ParseResult> MakeIntrinsicDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   auto generic_parameters = child_results->NextAs<GenericParameters>();
@@ -611,12 +615,12 @@ base::Optional<ParseResult> MakeIntrinsicDeclaration(
 
   auto args = child_results->NextAs<ParameterList>();
   auto return_type = child_results->NextAs<TypeExpression*>();
-  auto body = child_results->NextAs<base::Optional<Statement*>>();
+  auto body = child_results->NextAs<std::optional<Statement*>>();
   LabelAndTypesVector labels;
   CallableDeclaration* declaration;
   if (body) {
     declaration = MakeNode<TorqueMacroDeclaration>(
-        false, name, base::Optional<std::string>{}, args, return_type, labels,
+        false, name, std::optional<std::string>{}, args, return_type, labels,
         false, body);
   } else {
     declaration = MakeNode<IntrinsicDeclaration>(name, args, return_type);
@@ -649,11 +653,11 @@ bool HasExportAnnotation(ParseResultIterator* child_results,
 }
 }  // namespace
 
-base::Optional<ParseResult> MakeTorqueMacroDeclaration(
+std::optional<ParseResult> MakeTorqueMacroDeclaration(
     ParseResultIterator* child_results) {
   bool export_to_csa = HasExportAnnotation(child_results, "macro");
   auto transitioning = child_results->NextAs<bool>();
-  auto operator_name = child_results->NextAs<base::Optional<std::string>>();
+  auto operator_name = child_results->NextAs<std::optional<std::string>>();
   auto name = child_results->NextAs<Identifier*>();
   if (!IsUpperCamelCase(name->value)) {
     NamingConventionError("Macro", name, "UpperCamelCase");
@@ -665,7 +669,7 @@ base::Optional<ParseResult> MakeTorqueMacroDeclaration(
   auto args = child_results->NextAs<ParameterList>();
   auto return_type = child_results->NextAs<TypeExpression*>();
   auto labels = child_results->NextAs<LabelAndTypesVector>();
-  auto body = child_results->NextAs<base::Optional<Statement*>>();
+  auto body = child_results->NextAs<std::optional<Statement*>>();
   CallableDeclaration* declaration = MakeNode<TorqueMacroDeclaration>(
       transitioning, name, operator_name, args, return_type, labels,
       export_to_csa, body);
@@ -680,7 +684,7 @@ base::Optional<ParseResult> MakeTorqueMacroDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeConstDeclaration(
+std::optional<ParseResult> MakeConstDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   if (!IsValidNamespaceConstName(name->value)) {
@@ -693,7 +697,7 @@ base::Optional<ParseResult> MakeConstDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeExternConstDeclaration(
+std::optional<ParseResult> MakeExternConstDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   auto type = child_results->NextAs<TypeExpression*>();
@@ -703,7 +707,7 @@ base::Optional<ParseResult> MakeExternConstDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeTypeAliasDeclaration(
+std::optional<ParseResult> MakeTypeAliasDeclaration(
     ParseResultIterator* child_results) {
   bool enabled = ProcessIfAnnotation(child_results);
   auto name = child_results->NextAs<Identifier*>();
@@ -713,7 +717,7 @@ base::Optional<ParseResult> MakeTypeAliasDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeAbstractTypeDeclaration(
+std::optional<ParseResult> MakeAbstractTypeDeclaration(
     ParseResultIterator* child_results) {
   bool use_parent_type_checker = HasAnnotation(
       child_results, ANNOTATION_USE_PARENT_TYPE_CHECKER, "abstract type");
@@ -723,8 +727,8 @@ base::Optional<ParseResult> MakeAbstractTypeDeclaration(
     NamingConventionError("Type", name, "UpperCamelCase");
   }
   auto generic_parameters = child_results->NextAs<GenericParameters>();
-  auto extends = child_results->NextAs<base::Optional<TypeExpression*>>();
-  auto generates = child_results->NextAs<base::Optional<std::string>>();
+  auto extends = child_results->NextAs<std::optional<TypeExpression*>>();
+  auto generates = child_results->NextAs<std::optional<std::string>>();
   AbstractTypeFlags flags(AbstractTypeFlag::kNone);
   if (transient) flags |= AbstractTypeFlag::kTransient;
   if (use_parent_type_checker) flags |= AbstractTypeFlag::kUseParentTypeChecker;
@@ -736,7 +740,7 @@ base::Optional<ParseResult> MakeAbstractTypeDeclaration(
   }
 
   auto constexpr_generates =
-      child_results->NextAs<base::Optional<std::string>>();
+      child_results->NextAs<std::optional<std::string>>();
   std::vector<Declaration*> result{decl};
 
   if (constexpr_generates) {
@@ -745,7 +749,7 @@ base::Optional<ParseResult> MakeAbstractTypeDeclaration(
         MakeNode<Identifier>(CONSTEXPR_TYPE_PREFIX + name->value);
     constexpr_name->pos = name->pos;
 
-    base::Optional<TypeExpression*> constexpr_extends;
+    std::optional<TypeExpression*> constexpr_extends;
     if (extends) {
       constexpr_extends = AddConstexpr(*extends);
     }
@@ -764,10 +768,10 @@ base::Optional<ParseResult> MakeAbstractTypeDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeMethodDeclaration(
+std::optional<ParseResult> MakeMethodDeclaration(
     ParseResultIterator* child_results) {
   auto transitioning = child_results->NextAs<bool>();
-  auto operator_name = child_results->NextAs<base::Optional<std::string>>();
+  auto operator_name = child_results->NextAs<std::optional<std::string>>();
   auto name = child_results->NextAs<Identifier*>();
   if (!IsUpperCamelCase(name->value)) {
     NamingConventionError("Method", name, "UpperCamelCase");
@@ -824,7 +828,7 @@ class AnnotationSet {
   bool Contains(const std::string& s) const {
     return set_.find(s) != set_.end();
   }
-  base::Optional<std::string> GetStringParam(const std::string& s) const {
+  std::optional<std::string> GetStringParam(const std::string& s) const {
     auto it = map_.find(s);
     if (it == map_.end()) {
       return {};
@@ -835,7 +839,7 @@ class AnnotationSet {
     }
     return it->second.first.string_value;
   }
-  base::Optional<int32_t> GetIntParam(const std::string& s) const {
+  std::optional<int32_t> GetIntParam(const std::string& s) const {
     auto it = map_.find(s);
     if (it == map_.end()) {
       return {};
@@ -855,18 +859,18 @@ class AnnotationSet {
 bool ProcessIfAnnotation(ParseResultIterator* child_results) {
   AnnotationSet annotations(child_results, {},
                             {ANNOTATION_IF, ANNOTATION_IFNOT});
-  if (base::Optional<std::string> condition =
+  if (std::optional<std::string> condition =
           annotations.GetStringParam(ANNOTATION_IF)) {
     if (!BuildFlags::GetFlag(*condition, ANNOTATION_IF)) return false;
   }
-  if (base::Optional<std::string> condition =
+  if (std::optional<std::string> condition =
           annotations.GetStringParam(ANNOTATION_IFNOT)) {
     if (BuildFlags::GetFlag(*condition, ANNOTATION_IFNOT)) return false;
   }
   return true;
 }
 
-base::Optional<ParseResult> YieldInt32(ParseResultIterator* child_results) {
+std::optional<ParseResult> YieldInt32(ParseResultIterator* child_results) {
   std::string value = child_results->matched_input().ToString();
   size_t num_chars_converted = 0;
   int result = 0;
@@ -884,7 +888,7 @@ base::Optional<ParseResult> YieldInt32(ParseResultIterator* child_results) {
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> YieldDouble(ParseResultIterator* child_results) {
+std::optional<ParseResult> YieldDouble(ParseResultIterator* child_results) {
   std::string value = child_results->matched_input().ToString();
   size_t num_chars_converted = 0;
   double result = 0;
@@ -899,7 +903,7 @@ base::Optional<ParseResult> YieldDouble(ParseResultIterator* child_results) {
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> YieldIntegerLiteral(
+std::optional<ParseResult> YieldIntegerLiteral(
     ParseResultIterator* child_results) {
   std::string value = child_results->matched_input().ToString();
   // Consume a leading minus.
@@ -921,14 +925,14 @@ base::Optional<ParseResult> YieldIntegerLiteral(
   return ParseResult(IntegerLiteral(negative, absolute_value));
 }
 
-base::Optional<ParseResult> MakeStringAnnotationParameter(
+std::optional<ParseResult> MakeStringAnnotationParameter(
     ParseResultIterator* child_results) {
   std::string value = child_results->NextAs<std::string>();
   AnnotationParameter result{value, 0, false};
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIntAnnotationParameter(
+std::optional<ParseResult> MakeIntAnnotationParameter(
     ParseResultIterator* child_results) {
   int32_t value = child_results->NextAs<int32_t>();
   AnnotationParameter result{"", value, true};
@@ -941,7 +945,7 @@ int GetAnnotationValue(const AnnotationSet& annotations, const char* name,
   return opt_value.has_value() ? *opt_value : default_value;
 }
 
-base::Optional<ParseResult> MakeTorqueBuiltinDeclaration(
+std::optional<ParseResult> MakeTorqueBuiltinDeclaration(
     ParseResultIterator* child_results) {
   AnnotationSet annotations(
       child_results, {ANNOTATION_CUSTOM_INTERFACE_DESCRIPTOR}, {ANNOTATION_IF});
@@ -959,7 +963,7 @@ base::Optional<ParseResult> MakeTorqueBuiltinDeclaration(
 
   auto args = child_results->NextAs<ParameterList>();
   auto return_type = child_results->NextAs<TypeExpression*>();
-  auto body = child_results->NextAs<base::Optional<Statement*>>();
+  auto body = child_results->NextAs<std::optional<Statement*>>();
   CallableDeclaration* declaration = MakeNode<TorqueBuiltinDeclaration>(
       transitioning, javascript_linkage, name, args, return_type,
       has_custom_interface_descriptor, body);
@@ -971,7 +975,7 @@ base::Optional<ParseResult> MakeTorqueBuiltinDeclaration(
         MakeNode<GenericCallableDeclaration>(generic_parameters, declaration);
   }
   std::vector<Declaration*> results;
-  if (base::Optional<std::string> condition =
+  if (std::optional<std::string> condition =
           annotations.GetStringParam(ANNOTATION_IF)) {
     if (!BuildFlags::GetFlag(*condition, ANNOTATION_IF)) {
       return ParseResult{std::move(results)};
@@ -991,15 +995,15 @@ InstanceTypeConstraints MakeInstanceTypeConstraints(
   return result;
 }
 
-base::Optional<ParseResult> MakeClassBody(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeClassBody(ParseResultIterator* child_results) {
   auto methods = child_results->NextAs<std::vector<Declaration*>>();
   auto fields = child_results->NextAs<std::vector<ClassFieldExpression>>();
-  base::Optional<ClassBody*> result =
+  std::optional<ClassBody*> result =
       MakeNode<ClassBody>(std::move(methods), std::move(fields));
   return ParseResult(result);
 }
 
-base::Optional<ParseResult> MakeClassDeclaration(
+std::optional<ParseResult> MakeClassDeclaration(
     ParseResultIterator* child_results) {
   AnnotationSet annotations(
       child_results,
@@ -1084,8 +1088,8 @@ base::Optional<ParseResult> MakeClassDeclaration(
   if (!BasicTypeExpression::DynamicCast(extends)) {
     ReportError("Expected type name in extends clause.");
   }
-  auto generates = child_results->NextAs<base::Optional<std::string>>();
-  auto body = child_results->NextAs<base::Optional<ClassBody*>>();
+  auto generates = child_results->NextAs<std::optional<std::string>>();
+  auto body = child_results->NextAs<std::optional<ClassBody*>>();
   std::vector<Declaration*> methods;
   std::vector<ClassFieldExpression> fields_raw;
   if (body.has_value()) {
@@ -1166,7 +1170,7 @@ base::Optional<ParseResult> MakeClassDeclaration(
     Expression* argument = MakeNode<IdentifierExpression>(
         std::vector<std::string>{}, MakeNode<Identifier>("obj"));
 
-    auto value = MakeCall(internal_downcast_target, base::nullopt,
+    auto value = MakeCall(internal_downcast_target, std::nullopt,
                           std::vector<Expression*>{argument},
                           std::vector<Statement*>{MakeNode<ExpressionStatement>(
                               internal_downcast_otherwise)});
@@ -1186,7 +1190,7 @@ base::Optional<ParseResult> MakeClassDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeNamespaceDeclaration(
+std::optional<ParseResult> MakeNamespaceDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<std::string>();
   if (!IsSnakeCase(name)) {
@@ -1198,7 +1202,7 @@ base::Optional<ParseResult> MakeNamespaceDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeSpecializationDeclaration(
+std::optional<ParseResult> MakeSpecializationDeclaration(
     ParseResultIterator* child_results) {
   auto transitioning = child_results->NextAs<bool>();
   auto name = child_results->NextAs<Identifier*>();
@@ -1215,7 +1219,7 @@ base::Optional<ParseResult> MakeSpecializationDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeStructDeclaration(
+std::optional<ParseResult> MakeStructDeclaration(
     ParseResultIterator* child_results) {
   bool is_export = HasExportAnnotation(child_results, "Struct");
 
@@ -1239,7 +1243,7 @@ base::Optional<ParseResult> MakeStructDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeBitFieldStructDeclaration(
+std::optional<ParseResult> MakeBitFieldStructDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   if (!IsValidTypeName(name->value)) {
@@ -1252,7 +1256,7 @@ base::Optional<ParseResult> MakeBitFieldStructDeclaration(
   return ParseResult{decl};
 }
 
-base::Optional<ParseResult> MakeCppIncludeDeclaration(
+std::optional<ParseResult> MakeCppIncludeDeclaration(
     ParseResultIterator* child_results) {
   auto include_path = child_results->NextAs<std::string>();
   Declaration* result =
@@ -1260,7 +1264,7 @@ base::Optional<ParseResult> MakeCppIncludeDeclaration(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> ProcessTorqueImportDeclaration(
+std::optional<ParseResult> ProcessTorqueImportDeclaration(
     ParseResultIterator* child_results) {
   auto import_path = child_results->NextAs<std::string>();
   if (!SourceFileMap::FileRelativeToV8RootExists(import_path)) {
@@ -1276,10 +1280,10 @@ base::Optional<ParseResult> ProcessTorqueImportDeclaration(
 
   CurrentAst::Get().DeclareImportForCurrentFile(import_id);
 
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<ParseResult> MakeExternalBuiltin(
+std::optional<ParseResult> MakeExternalBuiltin(
     ParseResultIterator* child_results) {
   auto transitioning = child_results->NextAs<bool>();
   auto js_linkage = child_results->NextAs<bool>();
@@ -1297,7 +1301,7 @@ base::Optional<ParseResult> MakeExternalBuiltin(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeExternalRuntime(
+std::optional<ParseResult> MakeExternalRuntime(
     ParseResultIterator* child_results) {
   auto transitioning = child_results->NextAs<bool>();
   auto name = child_results->NextAs<Identifier*>();
@@ -1308,13 +1312,13 @@ base::Optional<ParseResult> MakeExternalRuntime(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> StringLiteralUnquoteAction(
+std::optional<ParseResult> StringLiteralUnquoteAction(
     ParseResultIterator* child_results) {
   return ParseResult{
       StringLiteralUnquote(child_results->NextAs<std::string>())};
 }
 
-base::Optional<ParseResult> MakeBasicTypeExpression(
+std::optional<ParseResult> MakeBasicTypeExpression(
     ParseResultIterator* child_results) {
   auto namespace_qualification =
       child_results->NextAs<std::vector<std::string>>();
@@ -1330,7 +1334,7 @@ base::Optional<ParseResult> MakeBasicTypeExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeFunctionTypeExpression(
+std::optional<ParseResult> MakeFunctionTypeExpression(
     ParseResultIterator* child_results) {
   auto parameters = child_results->NextAs<std::vector<TypeExpression*>>();
   auto return_type = child_results->NextAs<TypeExpression*>();
@@ -1339,7 +1343,7 @@ base::Optional<ParseResult> MakeFunctionTypeExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeReferenceTypeExpression(
+std::optional<ParseResult> MakeReferenceTypeExpression(
     ParseResultIterator* child_results) {
   auto is_const = child_results->NextAs<bool>();
   auto referenced_type = child_results->NextAs<TypeExpression*>();
@@ -1354,7 +1358,7 @@ base::Optional<ParseResult> MakeReferenceTypeExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeUnionTypeExpression(
+std::optional<ParseResult> MakeUnionTypeExpression(
     ParseResultIterator* child_results) {
   auto a = child_results->NextAs<TypeExpression*>();
   auto b = child_results->NextAs<TypeExpression*>();
@@ -1362,26 +1366,25 @@ base::Optional<ParseResult> MakeUnionTypeExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeGenericParameter(
+std::optional<ParseResult> MakeGenericParameter(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
-  auto constraint = child_results->NextAs<base::Optional<TypeExpression*>>();
+  auto constraint = child_results->NextAs<std::optional<TypeExpression*>>();
   return ParseResult{GenericParameter{name, constraint}};
 }
 
-base::Optional<ParseResult> MakeExpressionStatement(
+std::optional<ParseResult> MakeExpressionStatement(
     ParseResultIterator* child_results) {
   auto expression = child_results->NextAs<Expression*>();
   Statement* result = MakeNode<ExpressionStatement>(expression);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIfStatement(
-    ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeIfStatement(ParseResultIterator* child_results) {
   auto is_constexpr = child_results->NextAs<bool>();
   auto condition = child_results->NextAs<Expression*>();
   auto if_true = child_results->NextAs<Statement*>();
-  auto if_false = child_results->NextAs<base::Optional<Statement*>>();
+  auto if_false = child_results->NextAs<std::optional<Statement*>>();
 
   if (if_false && !(BlockStatement::DynamicCast(if_true) &&
                     (BlockStatement::DynamicCast(*if_false) ||
@@ -1399,15 +1402,15 @@ base::Optional<ParseResult> MakeIfStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeEnumDeclaration(
+std::optional<ParseResult> MakeEnumDeclaration(
     ParseResultIterator* child_results) {
   const bool is_extern = child_results->NextAs<bool>();
   auto name_identifier = child_results->NextAs<Identifier*>();
   auto name = name_identifier->value;
   auto base_type_expression =
-      child_results->NextAs<base::Optional<TypeExpression*>>();
+      child_results->NextAs<std::optional<TypeExpression*>>();
   auto constexpr_generates_opt =
-      child_results->NextAs<base::Optional<std::string>>();
+      child_results->NextAs<std::optional<std::string>>();
   auto entries = child_results->NextAs<std::vector<EnumEntry>>();
   const bool is_open = child_results->NextAs<bool>();
   CurrentSourcePosition::Scope current_source_position(
@@ -1444,7 +1447,7 @@ base::Optional<ParseResult> MakeEnumDeclaration(
       //   }
       auto type_decl = MakeNode<AbstractTypeDeclaration>(
           name_identifier, AbstractTypeFlag::kNone, base_type_expression,
-          base::nullopt);
+          std::nullopt);
 
       TypeExpression* name_type_expression =
           MakeNode<BasicTypeExpression>(name_identifier);
@@ -1455,7 +1458,7 @@ base::Optional<ParseResult> MakeEnumDeclaration(
       for (const auto& entry : entries) {
         entry_decls.push_back(MakeNode<AbstractTypeDeclaration>(
             entry.name, AbstractTypeFlag::kNone,
-            entry.type.value_or(name_type_expression), base::nullopt));
+            entry.type.value_or(name_type_expression), std::nullopt));
       }
 
       result.push_back(type_decl);
@@ -1475,7 +1478,7 @@ base::Optional<ParseResult> MakeEnumDeclaration(
       for (const auto& entry : entries) {
         entry_decls.push_back(MakeNode<AbstractTypeDeclaration>(
             entry.name, AbstractTypeFlag::kNone,
-            entry.type.value_or(*base_type_expression), base::nullopt));
+            entry.type.value_or(*base_type_expression), std::nullopt));
 
         auto entry_type = MakeNode<BasicTypeExpression>(
             std::vector<std::string>{name}, entry.name,
@@ -1507,8 +1510,8 @@ base::Optional<ParseResult> MakeEnumDeclaration(
         MakeNode<Identifier>(std::string(CONSTEXPR_TYPE_PREFIX) + name);
     TypeExpression* constexpr_type_expression = MakeNode<BasicTypeExpression>(
         MakeNode<Identifier>(std::string(CONSTEXPR_TYPE_PREFIX) + name));
-    base::Optional<TypeExpression*> base_constexpr_type_expression =
-        base::nullopt;
+    std::optional<TypeExpression*> base_constexpr_type_expression =
+        std::nullopt;
     if (base_type_expression) {
       base_constexpr_type_expression = AddConstexpr(*base_type_expression);
     }
@@ -1634,7 +1637,7 @@ base::Optional<ParseResult> MakeEnumDeclaration(
   return ParseResult{std::move(result)};
 }
 
-base::Optional<ParseResult> MakeTypeswitchStatement(
+std::optional<ParseResult> MakeTypeswitchStatement(
     ParseResultIterator* child_results) {
   auto expression = child_results->NextAs<Expression*>();
   auto cases = child_results->NextAs<std::vector<TypeswitchCase>>();
@@ -1672,7 +1675,7 @@ base::Optional<ParseResult> MakeTypeswitchStatement(
   {
     CurrentSourcePosition::Scope current_source_position(expression->pos);
     current_block->statements.push_back(MakeNode<VarDeclarationStatement>(
-        true, MakeNode<Identifier>("__value"), base::nullopt, expression));
+        true, MakeNode<Identifier>("__value"), std::nullopt, expression));
   }
 
   TypeExpression* accumulated_types;
@@ -1719,16 +1722,16 @@ base::Optional<ParseResult> MakeTypeswitchStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeTypeswitchCase(
+std::optional<ParseResult> MakeTypeswitchCase(
     ParseResultIterator* child_results) {
-  auto name = child_results->NextAs<base::Optional<Identifier*>>();
+  auto name = child_results->NextAs<std::optional<Identifier*>>();
   auto type = child_results->NextAs<TypeExpression*>();
   auto block = child_results->NextAs<Statement*>();
   return ParseResult{
       TypeswitchCase{child_results->matched_input().pos, name, type, block}};
 }
 
-base::Optional<ParseResult> MakeWhileStatement(
+std::optional<ParseResult> MakeWhileStatement(
     ParseResultIterator* child_results) {
   auto condition = child_results->NextAs<Expression*>();
   auto body = child_results->NextAs<Statement*>();
@@ -1737,21 +1740,21 @@ base::Optional<ParseResult> MakeWhileStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeReturnStatement(
+std::optional<ParseResult> MakeReturnStatement(
     ParseResultIterator* child_results) {
-  auto value = child_results->NextAs<base::Optional<Expression*>>();
+  auto value = child_results->NextAs<std::optional<Expression*>>();
   Statement* result = MakeNode<ReturnStatement>(value);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeTailCallStatement(
+std::optional<ParseResult> MakeTailCallStatement(
     ParseResultIterator* child_results) {
   auto value = child_results->NextAs<Expression*>();
   Statement* result = MakeNode<TailCallStatement>(CallExpression::cast(value));
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeVarDeclarationStatement(
+std::optional<ParseResult> MakeVarDeclarationStatement(
     ParseResultIterator* child_results) {
   auto kind = child_results->NextAs<Identifier*>();
   bool const_qualified = kind->value == "const";
@@ -1761,8 +1764,8 @@ base::Optional<ParseResult> MakeVarDeclarationStatement(
     NamingConventionError("Variable", name, "lowerCamelCase");
   }
 
-  auto type = child_results->NextAs<base::Optional<TypeExpression*>>();
-  base::Optional<Expression*> initializer;
+  auto type = child_results->NextAs<std::optional<TypeExpression*>>();
+  std::optional<Expression*> initializer;
   if (child_results->HasNext())
     initializer = child_results->NextAs<Expression*>();
   if (!initializer && !type) {
@@ -1773,19 +1776,19 @@ base::Optional<ParseResult> MakeVarDeclarationStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeBreakStatement(
+std::optional<ParseResult> MakeBreakStatement(
     ParseResultIterator* child_results) {
   Statement* result = MakeNode<BreakStatement>();
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeContinueStatement(
+std::optional<ParseResult> MakeContinueStatement(
     ParseResultIterator* child_results) {
   Statement* result = MakeNode<ContinueStatement>();
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeGotoStatement(
+std::optional<ParseResult> MakeGotoStatement(
     ParseResultIterator* child_results) {
   auto label = child_results->NextAs<Identifier*>();
   auto arguments = child_results->NextAs<std::vector<Expression*>>();
@@ -1793,7 +1796,7 @@ base::Optional<ParseResult> MakeGotoStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeBlockStatement(
+std::optional<ParseResult> MakeBlockStatement(
     ParseResultIterator* child_results) {
   auto deferred = child_results->NextAs<bool>();
   auto statements = child_results->NextAs<std::vector<Statement*>>();
@@ -1804,7 +1807,7 @@ base::Optional<ParseResult> MakeBlockStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeTryLabelExpression(
+std::optional<ParseResult> MakeTryLabelExpression(
     ParseResultIterator* child_results) {
   auto try_block = child_results->NextAs<Statement*>();
   CheckNotDeferredStatement(try_block);
@@ -1828,12 +1831,12 @@ base::Optional<ParseResult> MakeTryLabelExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeForLoopStatement(
+std::optional<ParseResult> MakeForLoopStatement(
     ParseResultIterator* child_results) {
-  auto var_decl = child_results->NextAs<base::Optional<Statement*>>();
-  auto test = child_results->NextAs<base::Optional<Expression*>>();
-  auto action = child_results->NextAs<base::Optional<Expression*>>();
-  base::Optional<Statement*> action_stmt;
+  auto var_decl = child_results->NextAs<std::optional<Statement*>>();
+  auto test = child_results->NextAs<std::optional<Expression*>>();
+  auto action = child_results->NextAs<std::optional<Expression*>>();
+  std::optional<Statement*> action_stmt;
   if (action) action_stmt = MakeNode<ExpressionStatement>(*action);
   auto body = child_results->NextAs<Statement*>();
   CheckNotDeferredStatement(body);
@@ -1842,7 +1845,7 @@ base::Optional<ParseResult> MakeForLoopStatement(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeLabelBlock(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeLabelBlock(ParseResultIterator* child_results) {
   auto label = child_results->NextAs<Identifier*>();
   if (!IsUpperCamelCase(label->value)) {
     NamingConventionError("Label", label, "UpperCamelCase");
@@ -1854,7 +1857,7 @@ base::Optional<ParseResult> MakeLabelBlock(ParseResultIterator* child_results) {
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeCatchBlock(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeCatchBlock(ParseResultIterator* child_results) {
   auto parameter_names = child_results->NextAs<std::vector<std::string>>();
   auto body = child_results->NextAs<Statement*>();
   for (const std::string& variable : parameter_names) {
@@ -1888,26 +1891,26 @@ base::Optional<ParseResult> MakeCatchBlock(ParseResultIterator* child_results) {
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeExpressionWithSource(
+std::optional<ParseResult> MakeExpressionWithSource(
     ParseResultIterator* child_results) {
   auto e = child_results->NextAs<Expression*>();
   return ParseResult{
       ExpressionWithSource{e, child_results->matched_input().ToString()}};
 }
 
-base::Optional<ParseResult> MakeIdentifier(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeIdentifier(ParseResultIterator* child_results) {
   auto name = child_results->NextAs<std::string>();
   Identifier* result = MakeNode<Identifier>(std::move(name));
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIdentifierFromMatchedInput(
+std::optional<ParseResult> MakeIdentifierFromMatchedInput(
     ParseResultIterator* child_results) {
   return ParseResult{
       MakeNode<Identifier>(child_results->matched_input().ToString())};
 }
 
-base::Optional<ParseResult> MakeRightShiftIdentifier(
+std::optional<ParseResult> MakeRightShiftIdentifier(
     ParseResultIterator* child_results) {
   std::string str = child_results->matched_input().ToString();
   for (auto character : str) {
@@ -1918,7 +1921,7 @@ base::Optional<ParseResult> MakeRightShiftIdentifier(
   return ParseResult{MakeNode<Identifier>(str)};
 }
 
-base::Optional<ParseResult> MakeNamespaceQualification(
+std::optional<ParseResult> MakeNamespaceQualification(
     ParseResultIterator* child_results) {
   bool global_namespace = child_results->NextAs<bool>();
   auto namespace_qualification =
@@ -1929,7 +1932,7 @@ base::Optional<ParseResult> MakeNamespaceQualification(
   return ParseResult(std::move(namespace_qualification));
 }
 
-base::Optional<ParseResult> MakeIdentifierExpression(
+std::optional<ParseResult> MakeIdentifierExpression(
     ParseResultIterator* child_results) {
   auto namespace_qualification =
       child_results->NextAs<std::vector<std::string>>();
@@ -1941,7 +1944,7 @@ base::Optional<ParseResult> MakeIdentifierExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeFieldAccessExpression(
+std::optional<ParseResult> MakeFieldAccessExpression(
     ParseResultIterator* child_results) {
   auto object = child_results->NextAs<Expression*>();
   auto field = child_results->NextAs<Identifier*>();
@@ -1949,7 +1952,7 @@ base::Optional<ParseResult> MakeFieldAccessExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeReferenceFieldAccessExpression(
+std::optional<ParseResult> MakeReferenceFieldAccessExpression(
     ParseResultIterator* child_results) {
   auto object = child_results->NextAs<Expression*>();
   auto field = child_results->NextAs<Identifier*>();
@@ -1959,7 +1962,7 @@ base::Optional<ParseResult> MakeReferenceFieldAccessExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeElementAccessExpression(
+std::optional<ParseResult> MakeElementAccessExpression(
     ParseResultIterator* child_results) {
   auto object = child_results->NextAs<Expression*>();
   auto field = child_results->NextAs<Expression*>();
@@ -1967,14 +1970,14 @@ base::Optional<ParseResult> MakeElementAccessExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeDereferenceExpression(
+std::optional<ParseResult> MakeDereferenceExpression(
     ParseResultIterator* child_results) {
   auto reference = child_results->NextAs<Expression*>();
   Expression* result = MakeNode<DereferenceExpression>(reference);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeStructExpression(
+std::optional<ParseResult> MakeStructExpression(
     ParseResultIterator* child_results) {
   auto type = child_results->NextAs<TypeExpression*>();
   auto initializers = child_results->NextAs<std::vector<NameAndExpression>>();
@@ -1983,38 +1986,38 @@ base::Optional<ParseResult> MakeStructExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeAssignmentExpression(
+std::optional<ParseResult> MakeAssignmentExpression(
     ParseResultIterator* child_results) {
   auto location = child_results->NextAs<Expression*>();
-  auto op = child_results->NextAs<base::Optional<std::string>>();
+  auto op = child_results->NextAs<std::optional<std::string>>();
   auto value = child_results->NextAs<Expression*>();
   Expression* result =
       MakeNode<AssignmentExpression>(location, std::move(op), value);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeFloatingPointLiteralExpression(
+std::optional<ParseResult> MakeFloatingPointLiteralExpression(
     ParseResultIterator* child_results) {
   auto value = child_results->NextAs<double>();
   Expression* result = MakeNode<FloatingPointLiteralExpression>(value);
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIntegerLiteralExpression(
+std::optional<ParseResult> MakeIntegerLiteralExpression(
     ParseResultIterator* child_results) {
   auto value = child_results->NextAs<IntegerLiteral>();
   Expression* result = MakeNode<IntegerLiteralExpression>(std::move(value));
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeStringLiteralExpression(
+std::optional<ParseResult> MakeStringLiteralExpression(
     ParseResultIterator* child_results) {
   auto literal = child_results->NextAs<std::string>();
   Expression* result = MakeNode<StringLiteralExpression>(std::move(literal));
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIncrementDecrementExpressionPostfix(
+std::optional<ParseResult> MakeIncrementDecrementExpressionPostfix(
     ParseResultIterator* child_results) {
   auto location = child_results->NextAs<Expression*>();
   auto op = child_results->NextAs<IncrementDecrementOperator>();
@@ -2023,7 +2026,7 @@ base::Optional<ParseResult> MakeIncrementDecrementExpressionPostfix(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeIncrementDecrementExpressionPrefix(
+std::optional<ParseResult> MakeIncrementDecrementExpressionPrefix(
     ParseResultIterator* child_results) {
   auto op = child_results->NextAs<IncrementDecrementOperator>();
   auto location = child_results->NextAs<Expression*>();
@@ -2032,7 +2035,7 @@ base::Optional<ParseResult> MakeIncrementDecrementExpressionPrefix(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeLogicalOrExpression(
+std::optional<ParseResult> MakeLogicalOrExpression(
     ParseResultIterator* child_results) {
   auto left = child_results->NextAs<Expression*>();
   auto right = child_results->NextAs<Expression*>();
@@ -2040,7 +2043,7 @@ base::Optional<ParseResult> MakeLogicalOrExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeLogicalAndExpression(
+std::optional<ParseResult> MakeLogicalAndExpression(
     ParseResultIterator* child_results) {
   auto left = child_results->NextAs<Expression*>();
   auto right = child_results->NextAs<Expression*>();
@@ -2048,7 +2051,7 @@ base::Optional<ParseResult> MakeLogicalAndExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeConditionalExpression(
+std::optional<ParseResult> MakeConditionalExpression(
     ParseResultIterator* child_results) {
   auto condition = child_results->NextAs<Expression*>();
   auto if_true = child_results->NextAs<Expression*>();
@@ -2058,7 +2061,7 @@ base::Optional<ParseResult> MakeConditionalExpression(
   return ParseResult{result};
 }
 
-base::Optional<ParseResult> MakeLabelAndTypes(
+std::optional<ParseResult> MakeLabelAndTypes(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   if (!IsUpperCamelCase(name->value)) {
@@ -2068,32 +2071,31 @@ base::Optional<ParseResult> MakeLabelAndTypes(
   return ParseResult{LabelAndTypes{name, std::move(types)}};
 }
 
-base::Optional<ParseResult> MakeNameAndType(
-    ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeNameAndType(ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   auto type = child_results->NextAs<TypeExpression*>();
   return ParseResult{NameAndTypeExpression{name, type}};
 }
 
-base::Optional<ParseResult> MakeEnumEntry(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeEnumEntry(ParseResultIterator* child_results) {
   AnnotationSet annotations(child_results, {}, {ANNOTATION_SAME_ENUM_VALUE_AS});
   std::vector<ConditionalAnnotation> conditions;
-  base::Optional<std::string> alias_entry =
+  std::optional<std::string> alias_entry =
       annotations.GetStringParam(ANNOTATION_SAME_ENUM_VALUE_AS);
 
   auto name = child_results->NextAs<Identifier*>();
-  auto type = child_results->NextAs<base::Optional<TypeExpression*>>();
+  auto type = child_results->NextAs<std::optional<TypeExpression*>>();
   return ParseResult{EnumEntry{name, type, alias_entry}};
 }
 
-base::Optional<ParseResult> MakeNameAndExpression(
+std::optional<ParseResult> MakeNameAndExpression(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   auto expression = child_results->NextAs<Expression*>();
   return ParseResult{NameAndExpression{name, expression}};
 }
 
-base::Optional<ParseResult> MakeNameAndExpressionFromExpression(
+std::optional<ParseResult> MakeNameAndExpressionFromExpression(
     ParseResultIterator* child_results) {
   auto expression = child_results->NextAs<Expression*>();
   if (auto* id = IdentifierExpression::DynamicCast(expression)) {
@@ -2106,13 +2108,13 @@ base::Optional<ParseResult> MakeNameAndExpressionFromExpression(
   ReportError("Constructor parameters need to be named.");
 }
 
-base::Optional<ParseResult> MakeAnnotation(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeAnnotation(ParseResultIterator* child_results) {
   return ParseResult{
       Annotation{child_results->NextAs<Identifier*>(),
-                 child_results->NextAs<base::Optional<AnnotationParameter>>()}};
+                 child_results->NextAs<std::optional<AnnotationParameter>>()}};
 }
 
-base::Optional<ParseResult> MakeClassField(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeClassField(ParseResultIterator* child_results) {
   AnnotationSet annotations(
       child_results,
       {ANNOTATION_CPP_RELAXED_STORE, ANNOTATION_CPP_RELAXED_LOAD,
@@ -2132,9 +2134,9 @@ base::Optional<ParseResult> MakeClassField(ParseResultIterator* child_results) {
     read_synchronization = FieldSynchronization::kRelaxed;
   }
   std::vector<ConditionalAnnotation> conditions;
-  base::Optional<std::string> if_condition =
+  std::optional<std::string> if_condition =
       annotations.GetStringParam(ANNOTATION_IF);
-  base::Optional<std::string> ifnot_condition =
+  std::optional<std::string> ifnot_condition =
       annotations.GetStringParam(ANNOTATION_IFNOT);
   if (if_condition.has_value()) {
     conditions.push_back({*if_condition, ConditionalAnnotationType::kPositive});
@@ -2156,13 +2158,13 @@ base::Optional<ParseResult> MakeClassField(ParseResultIterator* child_results) {
   auto const_qualified = child_results->NextAs<bool>();
   auto name = child_results->NextAs<Identifier*>();
   auto optional = child_results->NextAs<bool>();
-  auto index = child_results->NextAs<base::Optional<Expression*>>();
+  auto index = child_results->NextAs<std::optional<Expression*>>();
   if (optional && !index) {
     Error(
         "Fields using optional specifier must also provide an expression "
         "indicating the condition for whether the field is present");
   }
-  base::Optional<ClassFieldIndexInfo> index_info;
+  std::optional<ClassFieldIndexInfo> index_info;
   if (index) {
     if (optional) {
       // Internally, an optional field is just an indexed field where the count
@@ -2194,15 +2196,14 @@ base::Optional<ParseResult> MakeClassField(ParseResultIterator* child_results) {
                                           write_synchronization}};
 }
 
-base::Optional<ParseResult> MakeStructField(
-    ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeStructField(ParseResultIterator* child_results) {
   auto const_qualified = child_results->NextAs<bool>();
   auto name = child_results->NextAs<Identifier*>();
   auto type = child_results->NextAs<TypeExpression*>();
   return ParseResult{StructFieldExpression{{name, type}, const_qualified}};
 }
 
-base::Optional<ParseResult> MakeBitFieldDeclaration(
+std::optional<ParseResult> MakeBitFieldDeclaration(
     ParseResultIterator* child_results) {
   auto name = child_results->NextAs<Identifier*>();
   auto type = child_results->NextAs<TypeExpression*>();
@@ -2210,10 +2211,10 @@ base::Optional<ParseResult> MakeBitFieldDeclaration(
   return ParseResult{BitFieldDeclaration{{name, type}, num_bits}};
 }
 
-base::Optional<ParseResult> ExtractAssignmentOperator(
+std::optional<ParseResult> ExtractAssignmentOperator(
     ParseResultIterator* child_results) {
   auto op = child_results->NextAs<Identifier*>();
-  base::Optional<std::string> result =
+  std::optional<std::string> result =
       std::string(op->value.begin(), op->value.end() - 1);
   return ParseResult(std::move(result));
 }
@@ -2332,7 +2333,7 @@ struct TorqueGrammar : Grammar {
   }
 
   template <class T, bool first>
-  static base::Optional<ParseResult> MakeExtendedVectorIfAnnotation(
+  static std::optional<ParseResult> MakeExtendedVectorIfAnnotation(
       ParseResultIterator* child_results) {
     std::vector<T> l = {};
     if (!first) l = child_results->NextAs<std::vector<T>>();
@@ -2344,8 +2345,8 @@ struct TorqueGrammar : Grammar {
   }
 
   template <class T>
-  Symbol* NonemptyListAllowIfAnnotation(
-      Symbol* element, base::Optional<Symbol*> separator = {}) {
+  Symbol* NonemptyListAllowIfAnnotation(Symbol* element,
+                                        std::optional<Symbol*> separator = {}) {
     Symbol* list = NewSymbol();
     *list = {
         Rule({annotations, element}, MakeExtendedVectorIfAnnotation<T, true>),
@@ -2358,7 +2359,7 @@ struct TorqueGrammar : Grammar {
 
   template <class T>
   Symbol* ListAllowIfAnnotation(Symbol* element,
-                                base::Optional<Symbol*> separator = {}) {
+                                std::optional<Symbol*> separator = {}) {
     return TryOrDefault<std::vector<T>>(
         NonemptyListAllowIfAnnotation<T>(element, separator));
   }
@@ -2462,7 +2463,7 @@ struct TorqueGrammar : Grammar {
   Symbol genericSpecializationTypeList = {
       Rule({Token("<"), typeList, Token(">")})};
 
-  // Result: base::Optional<GenericParameters>
+  // Result: std::optional<GenericParameters>
   Symbol* optionalGenericParameters = Optional<TypeList>(&genericParameters);
 
   Symbol implicitParameterList{
@@ -2505,7 +2506,7 @@ struct TorqueGrammar : Grammar {
   // Result: NameAndTypeExpression
   Symbol nameAndType = {Rule({&name, Token(":"), &type}, MakeNameAndType)};
 
-  // Result: base::Optional<Expression*>
+  // Result: std::optional<Expression*>
   Symbol* optionalArraySpecifier =
       Optional<Expression*>(Sequence({Token("["), expression, Token("]")}));
 
@@ -2692,9 +2693,9 @@ struct TorqueGrammar : Grammar {
             &conditionalExpression},
            MakeConditionalExpression)};
 
-  // Result: base::Optional<std::string>
+  // Result: std::optional<std::string>
   Symbol assignmentOperator = {
-      Rule({Token("=")}, YieldDefaultValue<base::Optional<std::string>>),
+      Rule({Token("=")}, YieldDefaultValue<std::optional<std::string>>),
       Rule({OneOf({"*=", "/=", "%=", "+=", "-=", "<<=", ">>=", ">>>=", "&=",
                    "^=", "|="})},
            ExtractAssignmentOperator)};
@@ -2795,10 +2796,10 @@ struct TorqueGrammar : Grammar {
             Token(")"), Token(":"), &block},
            MakeTypeswitchCase)};
 
-  // Result: base::Optional<Statement*>
+  // Result: std::optional<Statement*>
   Symbol optionalBody = {
-      Rule({&block}, CastParseResult<Statement*, base::Optional<Statement*>>),
-      Rule({Token(";")}, YieldDefaultValue<base::Optional<Statement*>>)};
+      Rule({&block}, CastParseResult<Statement*, std::optional<Statement*>>),
+      Rule({Token(";")}, YieldDefaultValue<std::optional<Statement*>>)};
 
   // Result: Declaration*
   Symbol method = {Rule(
@@ -2808,12 +2809,12 @@ struct TorqueGrammar : Grammar {
        optionalLabelList, &block},
       MakeMethodDeclaration)};
 
-  // Result: base::Optional<ClassBody*>
+  // Result: std::optional<ClassBody*>
   Symbol optionalClassBody = {
       Rule({Token("{"), List<Declaration*>(&method),
             List<ClassFieldExpression>(&classField), Token("}")},
            MakeClassBody),
-      Rule({Token(";")}, YieldDefaultValue<base::Optional<ClassBody*>>)};
+      Rule({Token(";")}, YieldDefaultValue<std::optional<ClassBody*>>)};
 
   // Result: std::vector<Declaration*>
   Symbol declaration = {
@@ -2918,6 +2919,4 @@ void ParseTorque(const std::string& input) {
   TorqueGrammar().Parse(input);
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/type-inference.cc b/deps/v8/src/torque/type-inference.cc
index 3cffa73ce90a06..9af59f942dcbcb 100644
--- a/deps/v8/src/torque/type-inference.cc
+++ b/deps/v8/src/torque/type-inference.cc
@@ -4,15 +4,15 @@
 
 #include "src/torque/type-inference.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+#include <optional>
+
+namespace v8::internal::torque {
 
 TypeArgumentInference::TypeArgumentInference(
     const GenericParameters& type_parameters,
     const TypeVector& explicit_type_arguments,
     const std::vector<TypeExpression*>& term_parameters,
-    const std::vector<base::Optional<const Type*>>& term_argument_types)
+    const std::vector<std::optional<const Type*>>& term_argument_types)
     : num_explicit_(explicit_type_arguments.size()),
       type_parameter_from_name_(type_parameters.size()),
       inferred_(type_parameters.size()) {
@@ -51,7 +51,7 @@ TypeVector TypeArgumentInference::GetResult() const {
   TypeVector result(inferred_.size());
   std::transform(
       inferred_.begin(), inferred_.end(), result.begin(),
-      [](base::Optional<const Type*> maybe_type) { return *maybe_type; });
+      [](std::optional<const Type*> maybe_type) { return *maybe_type; });
   return result;
 }
 
@@ -67,7 +67,7 @@ void TypeArgumentInference::Match(TypeExpression* parameter,
         if (type_parameter_index < num_explicit_) {
           return;
         }
-        base::Optional<const Type*>& maybe_inferred =
+        std::optional<const Type*>& maybe_inferred =
             inferred_[type_parameter_index];
         if (maybe_inferred && *maybe_inferred != argument_type) {
           Fail("found conflicting types for generic parameter");
@@ -114,6 +114,4 @@ void TypeArgumentInference::MatchGeneric(BasicTypeExpression* parameter,
   }
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/type-inference.h b/deps/v8/src/torque/type-inference.h
index 8d531d81ec4477..48c4c92b46d722 100644
--- a/deps/v8/src/torque/type-inference.h
+++ b/deps/v8/src/torque/type-inference.h
@@ -5,17 +5,15 @@
 #ifndef V8_TORQUE_TYPE_INFERENCE_H_
 #define V8_TORQUE_TYPE_INFERENCE_H_
 
+#include <optional>
 #include <string>
 #include <unordered_map>
 
-#include "src/base/optional.h"
 #include "src/torque/ast.h"
 #include "src/torque/declarations.h"
 #include "src/torque/types.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 // Type argument inference computes a potential instantiation of a generic
 // callable given some concrete argument types. As an example, consider the
@@ -59,7 +57,7 @@ class TypeArgumentInference {
       const GenericParameters& type_parameters,
       const TypeVector& explicit_type_arguments,
       const std::vector<TypeExpression*>& term_parameters,
-      const std::vector<base::Optional<const Type*>>& term_argument_types);
+      const std::vector<std::optional<const Type*>>& term_argument_types);
 
   bool HasFailed() const { return failure_reason_.has_value(); }
   const std::string& GetFailureReason() { return *failure_reason_; }
@@ -72,12 +70,10 @@ class TypeArgumentInference {
 
   size_t num_explicit_;
   std::unordered_map<std::string, size_t> type_parameter_from_name_;
-  std::vector<base::Optional<const Type*>> inferred_;
-  base::Optional<std::string> failure_reason_;
+  std::vector<std::optional<const Type*>> inferred_;
+  std::optional<std::string> failure_reason_;
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_TYPE_INFERENCE_H_
diff --git a/deps/v8/src/torque/type-oracle.cc b/deps/v8/src/torque/type-oracle.cc
index 7cd9dd2a527b6b..1baaa1dfbd8fce 100644
--- a/deps/v8/src/torque/type-oracle.cc
+++ b/deps/v8/src/torque/type-oracle.cc
@@ -3,13 +3,13 @@
 // found in the LICENSE file.
 
 #include "src/torque/type-oracle.h"
-#include "src/base/optional.h"
+
+#include <optional>
+
 #include "src/torque/type-visitor.h"
 #include "src/torque/types.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 // static
 const std::vector<std::unique_ptr<AggregateType>>&
@@ -79,7 +79,7 @@ std::vector<const ClassType*> TypeOracle::GetClasses() {
   return result;
 }
 
-base::Optional<const Type*> TypeOracle::MatchReferenceGeneric(
+std::optional<const Type*> TypeOracle::MatchReferenceGeneric(
     const Type* reference_type, bool* is_const) {
   if (auto type = Type::MatchUnaryGeneric(reference_type,
                                           GetMutableReferenceGeneric())) {
@@ -91,9 +91,7 @@ base::Optional<const Type*> TypeOracle::MatchReferenceGeneric(
     if (is_const) *is_const = true;
     return type;
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/type-oracle.h b/deps/v8/src/torque/type-oracle.h
index 2f9640854ab69f..9c41a1b10b06ba 100644
--- a/deps/v8/src/torque/type-oracle.h
+++ b/deps/v8/src/torque/type-oracle.h
@@ -6,6 +6,7 @@
 #define V8_TORQUE_TYPE_ORACLE_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/base/contextual.h"
 #include "src/torque/constants.h"
@@ -14,9 +15,7 @@
 #include "src/torque/types.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class TypeOracle : public base::ContextualClass<TypeOracle> {
  public:
@@ -95,7 +94,7 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
     return GetReferenceGeneric(false);
   }
 
-  static base::Optional<const Type*> MatchReferenceGeneric(
+  static std::optional<const Type*> MatchReferenceGeneric(
       const Type* reference_type, bool* is_const = nullptr);
 
   static GenericType* GetMutableSliceGeneric() {
@@ -144,7 +143,7 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
   }
 
   static const Type* GetUnionType(UnionType type) {
-    if (base::Optional<const Type*> single = type.GetSingleMember()) {
+    if (std::optional<const Type*> single = type.GetSingleMember()) {
       return *single;
     }
     return Get().union_types_.Add(std::move(type));
@@ -206,8 +205,8 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
     return Get().GetBuiltinType(CPPHEAPPTR_TYPE_STRING);
   }
 
-  static const Type* GetIndirectPointerType() {
-    return Get().GetBuiltinType(INDIRECTPTR_TYPE_STRING);
+  static const Type* GetTrustedPointerType() {
+    return Get().GetBuiltinType(TRUSTEDPTR_TYPE_STRING);
   }
 
   static const Type* GetProtectedPointerType() {
@@ -368,12 +367,12 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
     return Get().GetBuiltinType(FIXED_ARRAY_BASE_TYPE_STRING);
   }
 
-  static base::Optional<const Type*> ImplicitlyConvertableFrom(
+  static std::optional<const Type*> ImplicitlyConvertableFrom(
       const Type* to, const Type* from) {
     while (from != nullptr) {
       for (GenericCallable* from_constexpr :
            Declarations::LookupGeneric(kFromConstexprMacroName)) {
-        if (base::Optional<const Callable*> specialization =
+        if (std::optional<const Callable*> specialization =
                 from_constexpr->GetSpecialization({to, from})) {
           if ((*specialization)->signature().GetExplicitTypes() ==
               TypeVector{from}) {
@@ -383,7 +382,7 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
       }
       from = from->parent();
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   static const std::vector<std::unique_ptr<AggregateType>>& GetAggregateTypes();
@@ -420,8 +419,6 @@ class TypeOracle : public base::ContextualClass<TypeOracle> {
   size_t next_type_id_ = 0;
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_TYPE_ORACLE_H_
diff --git a/deps/v8/src/torque/type-visitor.cc b/deps/v8/src/torque/type-visitor.cc
index 7ca916f4ff0464..841197d3712529 100644
--- a/deps/v8/src/torque/type-visitor.cc
+++ b/deps/v8/src/torque/type-visitor.cc
@@ -4,6 +4,8 @@
 
 #include "src/torque/type-visitor.h"
 
+#include <optional>
+
 #include "src/common/globals.h"
 #include "src/torque/declarable.h"
 #include "src/torque/global-context.h"
@@ -12,9 +14,7 @@
 #include "src/torque/type-inference.h"
 #include "src/torque/type-oracle.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 const Type* TypeVisitor::ComputeType(TypeDeclaration* decl,
                                      MaybeSpecializationKey specialized_from,
@@ -59,7 +59,7 @@ const Type* TypeVisitor::ComputeType(TypeAliasDeclaration* decl,
 }
 
 namespace {
-std::string ComputeGeneratesType(base::Optional<std::string> opt_gen,
+std::string ComputeGeneratesType(std::optional<std::string> opt_gen,
                                  bool enforce_tnode_type) {
   if (!opt_gen) return "";
   const std::string& generates = *opt_gen;
@@ -206,7 +206,7 @@ const StructType* TypeVisitor::ComputeType(
     }
     Field f{field.name_and_type.name->pos,
             struct_type,
-            base::nullopt,
+            std::nullopt,
             {field.name_and_type.name->value, field_type},
             offset.SingleValue(),
             false,
@@ -399,7 +399,7 @@ Signature TypeVisitor::MakeSignature(const CallableDeclaration* declaration) {
     LabelDeclaration def = {label.name, ComputeTypeVector(label.types)};
     definition_vector.push_back(def);
   }
-  base::Optional<std::string> arguments_variable;
+  std::optional<std::string> arguments_variable;
   if (declaration->parameters.has_varargs)
     arguments_variable = declaration->parameters.arguments_variable;
   Signature result{declaration->parameters.names,
@@ -439,7 +439,7 @@ void TypeVisitor::VisitClassFieldsAndMethods(
         ReportError("in-object properties cannot use @customWeakMarking");
       }
     }
-    base::Optional<ClassFieldIndexInfo> array_length = field_expression.index;
+    std::optional<ClassFieldIndexInfo> array_length = field_expression.index;
     const Field& field = class_type->RegisterField(
         {field_expression.name_and_type.name->pos,
          class_type,
@@ -502,7 +502,7 @@ const Type* TypeVisitor::ComputeTypeForStructExpression(
 
   QualifiedName qualified_name{basic->namespace_qualification,
                                basic->name->value};
-  base::Optional<GenericType*> maybe_generic_type =
+  std::optional<GenericType*> maybe_generic_type =
       Declarations::TryLookupGenericType(qualified_name);
 
   StructDeclaration* decl =
@@ -534,7 +534,7 @@ const Type* TypeVisitor::ComputeTypeForStructExpression(
   TypeArgumentInference inference(
       generic_type->generic_parameters(), explicit_type_arguments,
       term_parameters,
-      TransformVector<base::Optional<const Type*>>(term_argument_types));
+      TransformVector<std::optional<const Type*>>(term_argument_types));
 
   if (inference.HasFailed()) {
     ReportError("failed to infer type arguments for struct ", basic->name,
@@ -548,6 +548,4 @@ const Type* TypeVisitor::ComputeTypeForStructExpression(
       TypeOracle::GetGenericTypeInstance(generic_type, inference.GetResult()));
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/type-visitor.h b/deps/v8/src/torque/type-visitor.h
index f183be3a7abe59..62c31b0508eb8d 100644
--- a/deps/v8/src/torque/type-visitor.h
+++ b/deps/v8/src/torque/type-visitor.h
@@ -5,12 +5,12 @@
 #ifndef V8_TORQUE_TYPE_VISITOR_H_
 #define V8_TORQUE_TYPE_VISITOR_H_
 
+#include <optional>
+
 #include "src/torque/ast.h"
 #include "src/torque/types.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class Scope;
 
@@ -41,7 +41,7 @@ class TypeVisitor {
   friend class TypeOracle;
   static const Type* ComputeType(
       TypeDeclaration* decl,
-      MaybeSpecializationKey specialized_from = base::nullopt,
+      MaybeSpecializationKey specialized_from = std::nullopt,
       Scope* specialization_requester = nullptr);
   static const AbstractType* ComputeType(
       AbstractTypeDeclaration* decl, MaybeSpecializationKey specialized_from);
@@ -55,8 +55,6 @@ class TypeVisitor {
                                       MaybeSpecializationKey specialized_from);
 };
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_TYPE_VISITOR_H_
diff --git a/deps/v8/src/torque/types.cc b/deps/v8/src/torque/types.cc
index a869ddfe9eaa38..ed5bac482750af 100644
--- a/deps/v8/src/torque/types.cc
+++ b/deps/v8/src/torque/types.cc
@@ -6,9 +6,9 @@
 
 #include <cmath>
 #include <iostream>
+#include <optional>
 
 #include "src/base/bits.h"
-#include "src/base/optional.h"
 #include "src/torque/ast.h"
 #include "src/torque/declarable.h"
 #include "src/torque/global-context.h"
@@ -16,9 +16,7 @@
 #include "src/torque/type-oracle.h"
 #include "src/torque/type-visitor.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 // This custom copy constructor doesn't copy aliases_ and id_ because they
 // should be distinct for each type.
@@ -123,31 +121,31 @@ std::string Type::GetConstexprGeneratedTypeName() const {
   return constexpr_version->GetGeneratedTypeName();
 }
 
-base::Optional<const ClassType*> Type::ClassSupertype() const {
+std::optional<const ClassType*> Type::ClassSupertype() const {
   for (const Type* t = this; t != nullptr; t = t->parent()) {
     if (auto* class_type = ClassType::DynamicCast(t)) {
       return class_type;
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<const StructType*> Type::StructSupertype() const {
+std::optional<const StructType*> Type::StructSupertype() const {
   for (const Type* t = this; t != nullptr; t = t->parent()) {
     if (auto* struct_type = StructType::DynamicCast(t)) {
       return struct_type;
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
-base::Optional<const AggregateType*> Type::AggregateSupertype() const {
+std::optional<const AggregateType*> Type::AggregateSupertype() const {
   for (const Type* t = this; t != nullptr; t = t->parent()) {
     if (auto* aggregate_type = AggregateType::DynamicCast(t)) {
       return aggregate_type;
     }
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 // static
@@ -201,7 +199,7 @@ std::string AbstractType::GetGeneratedTypeNameImpl() const {
   // A special case that is not very well represented by the "generates"
   // syntax in the .tq files: Lazy<T> represents a std::function that
   // produces a TNode of the wrapped type.
-  if (base::Optional<const Type*> type_wrapped_in_lazy =
+  if (std::optional<const Type*> type_wrapped_in_lazy =
           Type::MatchUnaryGeneric(this, TypeOracle::GetLazyGeneric())) {
     DCHECK(!IsConstexpr());
     return "std::function<" + (*type_wrapped_in_lazy)->GetGeneratedTypeName() +
@@ -340,7 +338,7 @@ std::string UnionType::GetConstexprGeneratedTypeName() const {
   std::set<std::string> names;
   for (const Type* t : types_) {
     InsertConstexprGeneratedTypeName(names, t);
-  };
+  }
   std::stringstream result;
   result << "Union<";
   bool first = true;
@@ -543,15 +541,15 @@ std::string Type::ComputeName(const std::string& basename,
 std::string StructType::SimpleNameImpl() const { return decl_->name->value; }
 
 // static
-base::Optional<const Type*> Type::MatchUnaryGeneric(const Type* type,
-                                                    GenericType* generic) {
+std::optional<const Type*> Type::MatchUnaryGeneric(const Type* type,
+                                                   GenericType* generic) {
   DCHECK_EQ(generic->generic_parameters().size(), 1);
   if (!type->GetSpecializedFrom()) {
-    return base::nullopt;
+    return std::nullopt;
   }
   auto& key = type->GetSpecializedFrom().value();
   if (key.generic != generic || key.specialized_types.size() != 1) {
-    return base::nullopt;
+    return std::nullopt;
   }
   return {key.specialized_types[0]};
 }
@@ -656,19 +654,19 @@ std::vector<Field> ClassType::ComputeArrayFields() const {
 }
 
 void ClassType::InitializeInstanceTypes(
-    base::Optional<int> own, base::Optional<std::pair<int, int>> range) const {
+    std::optional<int> own, std::optional<std::pair<int, int>> range) const {
   DCHECK(!own_instance_type_.has_value());
   DCHECK(!instance_type_range_.has_value());
   own_instance_type_ = own;
   instance_type_range_ = range;
 }
 
-base::Optional<int> ClassType::OwnInstanceType() const {
+std::optional<int> ClassType::OwnInstanceType() const {
   DCHECK(GlobalContext::IsInstanceTypesInitialized());
   return own_instance_type_;
 }
 
-base::Optional<std::pair<int, int>> ClassType::InstanceTypeRange() const {
+std::optional<std::pair<int, int>> ClassType::InstanceTypeRange() const {
   DCHECK(GlobalContext::IsInstanceTypesInitialized());
   return instance_type_range_;
 }
@@ -727,10 +725,10 @@ std::vector<ObjectSlotKind> ClassType::ComputeHeaderSlotKinds() const {
   return result;
 }
 
-base::Optional<ObjectSlotKind> ClassType::ComputeArraySlotKind() const {
+std::optional<ObjectSlotKind> ClassType::ComputeArraySlotKind() const {
   std::vector<ObjectSlotKind> kinds;
   ComputeSlotKindsHelper(&kinds, 0, ComputeArrayFields());
-  if (kinds.empty()) return base::nullopt;
+  if (kinds.empty()) return std::nullopt;
   std::sort(kinds.begin(), kinds.end());
   if (kinds.front() == kinds.back()) return {kinds.front()};
   if (kinds.front() == ObjectSlotKind::kStrongPointer &&
@@ -850,8 +848,8 @@ void ClassType::GenerateAccessors() {
           MakeNode<ElementAccessExpression>(load_expression, index);
     }
     Statement* load_body = MakeNode<ReturnStatement>(load_expression);
-    Declarations::DeclareMacro(load_macro_name, true, base::nullopt,
-                               load_signature, load_body, base::nullopt);
+    Declarations::DeclareMacro(load_macro_name, true, std::nullopt,
+                               load_signature, load_body, std::nullopt);
 
     // Store accessor
     if (!field.const_qualified) {
@@ -878,8 +876,8 @@ void ClassType::GenerateAccessors() {
       }
       Statement* store_body = MakeNode<ExpressionStatement>(
           MakeNode<AssignmentExpression>(store_expression, value));
-      Declarations::DeclareMacro(store_macro_name, true, base::nullopt,
-                                 store_signature, store_body, base::nullopt,
+      Declarations::DeclareMacro(store_macro_name, true, std::nullopt,
+                                 store_signature, store_body, std::nullopt,
                                  false);
     }
   }
@@ -1006,8 +1004,8 @@ void ClassType::GenerateSliceAccessor(size_t field_index) {
   Statement* block =
       MakeNode<BlockStatement>(/*deferred=*/false, std::move(statements));
 
-  Macro* macro = Declarations::DeclareMacro(macro_name, true, base::nullopt,
-                                            signature, block, base::nullopt);
+  Macro* macro = Declarations::DeclareMacro(macro_name, true, std::nullopt,
+                                            signature, block, std::nullopt);
   if (this->ShouldGenerateCppObjectLayoutDefinitionAsserts()) {
     GlobalContext::EnsureInCCDebugOutputList(TorqueMacro::cast(macro),
                                              macro->Position().source);
@@ -1170,7 +1168,7 @@ namespace {
 void AppendLoweredTypes(const Type* type, std::vector<const Type*>* result) {
   if (type->IsConstexpr()) return;
   if (type->IsVoidOrNever()) return;
-  if (base::Optional<const StructType*> s = type->StructSupertype()) {
+  if (std::optional<const StructType*> s = type->StructSupertype()) {
     for (const Field& field : (*s)->fields()) {
       AppendLoweredTypes(field.name_and_type.type, result);
     }
@@ -1244,8 +1242,8 @@ size_t AbstractType::AlignmentLog2() const {
     alignment = TargetArchitecture::ExternalPointerSize();
   } else if (this == TypeOracle::GetCppHeapPointerType()) {
     alignment = TargetArchitecture::CppHeapPointerSize();
-  } else if (this == TypeOracle::GetIndirectPointerType()) {
-    alignment = TargetArchitecture::IndirectPointerSize();
+  } else if (this == TypeOracle::GetTrustedPointerType()) {
+    alignment = TargetArchitecture::TrustedPointerSize();
   } else if (this == TypeOracle::GetProtectedPointerType()) {
     alignment = TargetArchitecture::ProtectedPointerSize();
   } else if (this == TypeOracle::GetVoidType()) {
@@ -1289,7 +1287,7 @@ size_t StructType::AlignmentLog2() const {
 
 void Field::ValidateAlignment(ResidueClass at_offset) const {
   const Type* type = name_and_type.type;
-  base::Optional<const StructType*> struct_type = type->StructSupertype();
+  std::optional<const StructType*> struct_type = type->StructSupertype();
   if (struct_type && struct_type != TypeOracle::GetFloat64OrHoleType()) {
     for (const Field& field : (*struct_type)->fields()) {
       field.ValidateAlignment(at_offset);
@@ -1306,7 +1304,7 @@ void Field::ValidateAlignment(ResidueClass at_offset) const {
   }
 }
 
-base::Optional<std::tuple<size_t, std::string>> SizeOf(const Type* type) {
+std::optional<std::tuple<size_t, std::string>> SizeOf(const Type* type) {
   std::string size_string;
   size_t size;
   if (type->IsSubtypeOf(TypeOracle::GetTaggedType())) {
@@ -1321,9 +1319,9 @@ base::Optional<std::tuple<size_t, std::string>> SizeOf(const Type* type) {
   } else if (type->IsSubtypeOf(TypeOracle::GetCppHeapPointerType())) {
     size = TargetArchitecture::CppHeapPointerSize();
     size_string = "kCppHeapPointerSlotSize";
-  } else if (type->IsSubtypeOf(TypeOracle::GetIndirectPointerType())) {
-    size = TargetArchitecture::IndirectPointerSize();
-    size_string = "kIndirectPointerSize";
+  } else if (type->IsSubtypeOf(TypeOracle::GetTrustedPointerType())) {
+    size = TargetArchitecture::TrustedPointerSize();
+    size_string = "kTrustedPointerSize";
   } else if (type->IsSubtypeOf(TypeOracle::GetProtectedPointerType())) {
     size = TargetArchitecture::ProtectedPointerSize();
     size_string = "kTaggedSize";
@@ -1402,7 +1400,7 @@ bool Is32BitIntegralType(const Type* type) {
          type->IsSubtypeOf(TypeOracle::GetBoolType());
 }
 
-base::Optional<NameAndType> ExtractSimpleFieldArraySize(
+std::optional<NameAndType> ExtractSimpleFieldArraySize(
     const ClassType& class_type, Expression* array_size) {
   IdentifierExpression* identifier =
       IdentifierExpression::DynamicCast(array_size);
@@ -1418,7 +1416,7 @@ std::string Type::GetRuntimeType() const {
   if (IsSubtypeOf(TypeOracle::GetTaggedType())) {
     return "Tagged<" + GetGeneratedTNodeTypeName() + ">";
   }
-  if (base::Optional<const StructType*> struct_type = StructSupertype()) {
+  if (std::optional<const StructType*> struct_type = StructSupertype()) {
     std::stringstream result;
     result << "std::tuple<";
     bool first = true;
@@ -1438,7 +1436,7 @@ std::string Type::GetDebugType() const {
   if (IsSubtypeOf(TypeOracle::GetTaggedType())) {
     return "uintptr_t";
   }
-  if (base::Optional<const StructType*> struct_type = StructSupertype()) {
+  if (std::optional<const StructType*> struct_type = StructSupertype()) {
     std::stringstream result;
     result << "std::tuple<";
     bool first = true;
@@ -1453,6 +1451,4 @@ std::string Type::GetDebugType() const {
   return ConstexprVersion()->GetGeneratedTypeName();
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/types.h b/deps/v8/src/torque/types.h
index 8a008bbc195faf..3ce7eeb98bad0f 100644
--- a/deps/v8/src/torque/types.h
+++ b/deps/v8/src/torque/types.h
@@ -6,19 +6,17 @@
 #define V8_TORQUE_TYPES_H_
 
 #include <algorithm>
+#include <optional>
 #include <set>
 #include <string>
 #include <vector>
 
-#include "src/base/optional.h"
 #include "src/torque/ast.h"
 #include "src/torque/constants.h"
 #include "src/torque/source-positions.h"
 #include "src/torque/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 class AggregateType;
 struct Identifier;
@@ -92,7 +90,7 @@ struct SpecializationKey {
   TypeVector specialized_types;
 };
 
-using MaybeSpecializationKey = base::Optional<SpecializationKey<GenericType>>;
+using MaybeSpecializationKey = std::optional<SpecializationKey<GenericType>>;
 
 struct TypeChecker {
   // The type of the object. This string is not guaranteed to correspond to a
@@ -142,9 +140,9 @@ class V8_EXPORT_PRIVATE Type : public TypeBase {
   virtual bool IsTransient() const { return false; }
   virtual const Type* NonConstexprVersion() const { return this; }
   virtual std::string GetConstexprGeneratedTypeName() const;
-  base::Optional<const ClassType*> ClassSupertype() const;
-  base::Optional<const StructType*> StructSupertype() const;
-  base::Optional<const AggregateType*> AggregateSupertype() const;
+  std::optional<const ClassType*> ClassSupertype() const;
+  std::optional<const StructType*> StructSupertype() const;
+  std::optional<const AggregateType*> AggregateSupertype() const;
   virtual std::vector<TypeChecker> GetTypeCheckers() const { return {}; }
   virtual std::string GetRuntimeType() const;
   virtual std::string GetDebugType() const;
@@ -155,8 +153,8 @@ class V8_EXPORT_PRIVATE Type : public TypeBase {
     return specialized_from_;
   }
 
-  static base::Optional<const Type*> MatchUnaryGeneric(const Type* type,
-                                                       GenericType* generic);
+  static std::optional<const Type*> MatchUnaryGeneric(const Type* type,
+                                                      GenericType* generic);
 
   static std::string ComputeName(const std::string& basename,
                                  MaybeSpecializationKey specialized_from);
@@ -175,7 +173,7 @@ class V8_EXPORT_PRIVATE Type : public TypeBase {
 
  protected:
   Type(TypeBase::Kind kind, const Type* parent,
-       MaybeSpecializationKey specialized_from = base::nullopt);
+       MaybeSpecializationKey specialized_from = std::nullopt);
   Type(const Type& other) V8_NOEXCEPT;
   void set_parent(const Type* t) { parent_ = t; }
   int Depth() const;
@@ -220,7 +218,7 @@ struct Field {
 
   SourcePosition pos;
   const AggregateType* aggregate;
-  base::Optional<ClassFieldIndexInfo> index;
+  std::optional<ClassFieldIndexInfo> index;
   NameAndType name_and_type;
 
   // The byte offset of this field from the beginning of the containing class or
@@ -229,7 +227,7 @@ struct Field {
   // irrelevant.
   // The offset may be unknown because the field is after an indexed field or
   // because we don't support the struct field for on-heap layouts.
-  base::Optional<size_t> offset;
+  std::optional<size_t> offset;
 
   bool custom_weak_marking;
   bool const_qualified;
@@ -411,12 +409,12 @@ class V8_EXPORT_PRIVATE UnionType final : public Type {
     return types_ == other.types_;
   }
 
-  base::Optional<const Type*> GetSingleMember() const {
+  std::optional<const Type*> GetSingleMember() const {
     if (types_.size() == 1) {
       DCHECK_EQ(*types_.begin(), parent());
       return *types_.begin();
     }
-    return base::nullopt;
+    return std::nullopt;
   }
 
   bool IsSubtypeOf(const Type* other) const override {
@@ -581,7 +579,7 @@ class AggregateType : public Type {
   }
 
   const Field& LastField() const {
-    for (base::Optional<const AggregateType*> current = this;
+    for (std::optional<const AggregateType*> current = this;
          current.has_value();
          current = (*current)->parent()->AggregateSupertype()) {
       const std::vector<Field>& fields = (*current)->fields_;
@@ -593,7 +591,7 @@ class AggregateType : public Type {
  protected:
   AggregateType(Kind kind, const Type* parent, Namespace* nspace,
                 const std::string& name,
-                MaybeSpecializationKey specialized_from = base::nullopt)
+                MaybeSpecializationKey specialized_from = std::nullopt)
       : Type(kind, parent, specialized_from),
         is_finalized_(false),
         namespace_(nspace),
@@ -641,7 +639,7 @@ class StructType final : public AggregateType {
  private:
   friend class TypeOracle;
   StructType(Namespace* nspace, const StructDeclaration* decl,
-             MaybeSpecializationKey specialized_from = base::nullopt);
+             MaybeSpecializationKey specialized_from = std::nullopt);
 
   void Finalize() const override;
   std::string ToExplicitString() const override;
@@ -660,14 +658,14 @@ enum class ObjectSlotKind : uint8_t {
   kCustomWeakPointer
 };
 
-inline base::Optional<ObjectSlotKind> Combine(ObjectSlotKind a,
-                                              ObjectSlotKind b) {
+inline std::optional<ObjectSlotKind> Combine(ObjectSlotKind a,
+                                             ObjectSlotKind b) {
   if (a == b) return {a};
   if (std::min(a, b) == ObjectSlotKind::kStrongPointer &&
       std::max(a, b) == ObjectSlotKind::kMaybeObjectPointer) {
     return {ObjectSlotKind::kMaybeObjectPointer};
   }
-  return base::nullopt;
+  return std::nullopt;
 }
 
 class ClassType final : public AggregateType {
@@ -758,7 +756,7 @@ class ClassType final : public AggregateType {
   // that may or may not require GC visiting. These helper functions determine
   // what kind of GC visiting the individual slots require.
   std::vector<ObjectSlotKind> ComputeHeaderSlotKinds() const;
-  base::Optional<ObjectSlotKind> ComputeArraySlotKind() const;
+  std::optional<ObjectSlotKind> ComputeArraySlotKind() const;
   bool HasNoPointerSlotsExceptMap() const;
   bool HasIndexedFieldsIncludingInParents() const;
   const Field* GetFieldPreceding(size_t field_index) const;
@@ -787,10 +785,10 @@ class ClassType final : public AggregateType {
   // TODO(turbofan): We should no longer pass around types as const pointers, so
   // that we can avoid mutable fields and const initializers for
   // late-initialized portions of types like this one.
-  void InitializeInstanceTypes(base::Optional<int> own,
-                               base::Optional<std::pair<int, int>> range) const;
-  base::Optional<int> OwnInstanceType() const;
-  base::Optional<std::pair<int, int>> InstanceTypeRange() const;
+  void InitializeInstanceTypes(std::optional<int> own,
+                               std::optional<std::pair<int, int>> range) const;
+  std::optional<int> OwnInstanceType() const;
+  std::optional<std::pair<int, int>> InstanceTypeRange() const;
 
  private:
   friend class TypeOracle;
@@ -807,8 +805,8 @@ class ClassType final : public AggregateType {
   const std::string generates_;
   const ClassDeclaration* decl_;
   const TypeAlias* alias_;
-  mutable base::Optional<int> own_instance_type_;
-  mutable base::Optional<std::pair<int, int>> instance_type_range_;
+  mutable std::optional<int> own_instance_type_;
+  mutable std::optional<std::pair<int, int>> instance_type_range_;
 };
 
 inline std::ostream& operator<<(std::ostream& os, const Type& t) {
@@ -848,7 +846,7 @@ class VisitResult {
   const std::string& constexpr_value() const { return *constexpr_value_; }
   const StackRange& stack_range() const { return *stack_range_; }
   void SetType(const Type* new_type) { type_ = new_type; }
-  bool IsOnStack() const { return stack_range_ != base::nullopt; }
+  bool IsOnStack() const { return stack_range_ != std::nullopt; }
   bool operator==(const VisitResult& other) const {
     return type_ == other.type_ && constexpr_value_ == other.constexpr_value_ &&
            stack_range_ == other.stack_range_;
@@ -856,8 +854,8 @@ class VisitResult {
 
  private:
   const Type* type_ = nullptr;
-  base::Optional<std::string> constexpr_value_;
-  base::Optional<StackRange> stack_range_;
+  std::optional<std::string> constexpr_value_;
+  std::optional<StackRange> stack_range_;
 };
 
 VisitResult ProjectStructField(VisitResult structure,
@@ -907,7 +905,7 @@ enum class ParameterMode { kProcessImplicit, kIgnoreImplicit };
 using NameVector = std::vector<Identifier*>;
 
 struct Signature {
-  Signature(NameVector n, base::Optional<std::string> arguments_variable,
+  Signature(NameVector n, std::optional<std::string> arguments_variable,
             ParameterTypes p, size_t i, const Type* r, LabelDeclarationVector l,
             bool transitioning)
       : parameter_names(std::move(n)),
@@ -920,7 +918,7 @@ struct Signature {
   Signature() = default;
   const TypeVector& types() const { return parameter_types.types; }
   NameVector parameter_names;
-  base::Optional<std::string> arguments_variable;
+  std::optional<std::string> arguments_variable;
   ParameterTypes parameter_types;
   size_t implicit_count = 0;
   size_t ExplicitCount() const { return types().size() - implicit_count; }
@@ -952,17 +950,15 @@ TypeVector LowerParameterTypes(const TypeVector& parameters);
 TypeVector LowerParameterTypes(const ParameterTypes& parameter_types,
                                size_t vararg_count = 0);
 
-base::Optional<std::tuple<size_t, std::string>> SizeOf(const Type* type);
+std::optional<std::tuple<size_t, std::string>> SizeOf(const Type* type);
 bool IsAnyUnsignedInteger(const Type* type);
 bool IsAllowedAsBitField(const Type* type);
 bool IsPointerSizeIntegralType(const Type* type);
 bool Is32BitIntegralType(const Type* type);
 
-base::Optional<NameAndType> ExtractSimpleFieldArraySize(
+std::optional<NameAndType> ExtractSimpleFieldArraySize(
     const ClassType& class_type, Expression* array_size);
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_TYPES_H_
diff --git a/deps/v8/src/torque/utils.cc b/deps/v8/src/torque/utils.cc
index b9b47193fae0a8..60a765d2a55b79 100644
--- a/deps/v8/src/torque/utils.cc
+++ b/deps/v8/src/torque/utils.cc
@@ -2,9 +2,12 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include "src/torque/utils.h"
+
 #include <algorithm>
 #include <fstream>
 #include <iostream>
+#include <optional>
 #include <string>
 
 #include "src/base/bits.h"
@@ -12,13 +15,10 @@
 #include "src/torque/ast.h"
 #include "src/torque/constants.h"
 #include "src/torque/declarable.h"
-#include "src/torque/utils.h"
 
 EXPORT_CONTEXTUAL_VARIABLE(v8::internal::torque::TorqueMessages)
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 std::string StringLiteralUnquote(const std::string& s) {
   DCHECK(('"' == s.front() && '"' == s.back()) ||
@@ -91,9 +91,9 @@ static int HexCharToInt(unsigned char c) {
   return c - 'a' + 10;
 }
 
-base::Optional<std::string> FileUriDecode(const std::string& uri) {
+std::optional<std::string> FileUriDecode(const std::string& uri) {
   // Abort decoding of URIs that don't start with "file://".
-  if (uri.rfind(kFileUriPrefix) != 0) return base::nullopt;
+  if (uri.rfind(kFileUriPrefix) != 0) return std::nullopt;
 
   const std::string path = uri.substr(kFileUriPrefixLength);
   std::ostringstream decoded;
@@ -108,11 +108,11 @@ base::Optional<std::string> FileUriDecode(const std::string& uri) {
     }
 
     // If '%' is not followed by at least two hex digits, we abort.
-    if (std::distance(iter, end) <= 2) return base::nullopt;
+    if (std::distance(iter, end) <= 2) return std::nullopt;
 
     unsigned char first = (*++iter);
     unsigned char second = (*++iter);
-    if (!isxdigit(first) || !isxdigit(second)) return base::nullopt;
+    if (!isxdigit(first) || !isxdigit(second)) return std::nullopt;
 
     // An escaped hex value needs converting.
     unsigned char value = HexCharToInt(first) * 16 + HexCharToInt(second);
@@ -124,7 +124,7 @@ base::Optional<std::string> FileUriDecode(const std::string& uri) {
 
 MessageBuilder::MessageBuilder(const std::string& message,
                                TorqueMessage::Kind kind) {
-  base::Optional<SourcePosition> position;
+  std::optional<SourcePosition> position;
   if (CurrentSourcePosition::HasScope()) {
     position = CurrentSourcePosition::Get();
   }
@@ -381,6 +381,4 @@ std::ostream& operator<<(std::ostream& os, const ResidueClass& a) {
   return os << "[" << a.value_ << " mod 2^" << a.modulus_log_2_ << "]";
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
diff --git a/deps/v8/src/torque/utils.h b/deps/v8/src/torque/utils.h
index 63eb764c71b16c..c0cacb28c94b5a 100644
--- a/deps/v8/src/torque/utils.h
+++ b/deps/v8/src/torque/utils.h
@@ -6,6 +6,7 @@
 #define V8_TORQUE_UTILS_H_
 
 #include <algorithm>
+#include <optional>
 #include <ostream>
 #include <queue>
 #include <streambuf>
@@ -14,26 +15,23 @@
 
 #include "src/base/contextual.h"
 #include "src/base/functional.h"
-#include "src/base/optional.h"
 #include "src/torque/source-positions.h"
 
-namespace v8 {
-namespace internal {
-namespace torque {
+namespace v8::internal::torque {
 
 std::string StringLiteralUnquote(const std::string& s);
 std::string StringLiteralQuote(const std::string& s);
 
 // Decodes "file://" URIs into file paths which can then be used
 // with the standard stream API.
-V8_EXPORT_PRIVATE base::Optional<std::string> FileUriDecode(
+V8_EXPORT_PRIVATE std::optional<std::string> FileUriDecode(
     const std::string& s);
 
 struct TorqueMessage {
   enum class Kind { kError, kLint };
 
   std::string message;
-  base::Optional<SourcePosition> position;
+  std::optional<SourcePosition> position;
   Kind kind;
 };
 
@@ -439,9 +437,9 @@ class ResidueClass {
 
   // If the modulus corresponds to the size of size_t, it represents a concrete
   // value.
-  base::Optional<size_t> SingleValue() const {
+  std::optional<size_t> SingleValue() const {
     if (modulus_log_2_ == kMaxModulusLog2) return value_;
-    return base::nullopt;
+    return std::nullopt;
   }
 
   friend ResidueClass operator+(const ResidueClass& a, const ResidueClass& b) {
@@ -535,8 +533,6 @@ std::vector<T> TransformVector(const std::vector<U>& v) {
   return TransformVector<T>(v, [](const U& x) -> T { return x; });
 }
 
-}  // namespace torque
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::torque
 
 #endif  // V8_TORQUE_UTILS_H_
diff --git a/deps/v8/src/trap-handler/handler-inside.cc b/deps/v8/src/trap-handler/handler-inside.cc
index 7fee744af95082..dcb2cdfc2954da 100644
--- a/deps/v8/src/trap-handler/handler-inside.cc
+++ b/deps/v8/src/trap-handler/handler-inside.cc
@@ -59,6 +59,17 @@ bool IsFaultAddressCovered(uintptr_t fault_addr) {
       // ProtectedInstructionData::instr_offset.
       TH_DCHECK(base + offset == fault_addr);
 
+#ifdef V8_ENABLE_DRUMBRAKE
+      // Ignore the protected instruction offsets if we are running in the Wasm
+      // interpreter.
+      if (data->num_protected_instructions == 0) {
+        gRecoveredTrapCount.store(
+            gRecoveredTrapCount.load(std::memory_order_relaxed) + 1,
+            std::memory_order_relaxed);
+        return true;
+      }
+#endif  // V8_ENABLE_DRUMBRAKE
+
       for (unsigned j = 0; j < data->num_protected_instructions; ++j) {
         if (data->instructions[j].instr_offset == offset) {
           // Hurray again, we found the actual instruction.
diff --git a/deps/v8/src/trap-handler/handler-outside.cc b/deps/v8/src/trap-handler/handler-outside.cc
index baa73fc2e8c171..1eea57234d6057 100644
--- a/deps/v8/src/trap-handler/handler-outside.cc
+++ b/deps/v8/src/trap-handler/handler-outside.cc
@@ -122,8 +122,10 @@ CodeProtectionInfo* CreateHandlerData(
   data->size = size;
   data->num_protected_instructions = num_protected_instructions;
 
-  memcpy(data->instructions, protected_instructions,
-         num_protected_instructions * sizeof(ProtectedInstructionData));
+  if (num_protected_instructions > 0) {
+    memcpy(data->instructions, protected_instructions,
+           num_protected_instructions * sizeof(ProtectedInstructionData));
+  }
 
   return data;
 }
diff --git a/deps/v8/src/utils/hex-format.cc b/deps/v8/src/utils/hex-format.cc
index 7a0fbb8bc84184..7c286d876c42bc 100644
--- a/deps/v8/src/utils/hex-format.cc
+++ b/deps/v8/src/utils/hex-format.cc
@@ -21,7 +21,8 @@ void FormatBytesToHex(char* formatted, size_t size_of_formatted,
 
   for (size_t index = 0; index < size_of_val; index++) {
     size_t dest_index = index << 1;
-    snprintf(&formatted[dest_index], size_of_formatted - dest_index, "%02x", val[index]);
+    snprintf(&formatted[dest_index], size_of_formatted - dest_index, "%02x",
+             val[index]);
   }
 }
 
diff --git a/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h b/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h
index d5964af013d7c3..7c9a3c198ec7e8 100644
--- a/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h
+++ b/deps/v8/src/wasm/baseline/arm/liftoff-assembler-arm-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_WASM_BASELINE_ARM_LIFTOFF_ASSEMBLER_ARM_INL_H_
 #define V8_WASM_BASELINE_ARM_LIFTOFF_ASSEMBLER_ARM_INL_H_
 
+#include <optional>
+
 #include "src/codegen/arm/assembler-arm-inl.h"
 #include "src/codegen/arm/register-arm.h"
 #include "src/common/globals.h"
@@ -1081,7 +1083,7 @@ inline void AtomicBinop32(LiftoffAssembler* lasm, Register dst_addr,
 inline void AtomicOp64(LiftoffAssembler* lasm, Register dst_addr,
                        Register offset_reg, uint32_t offset_imm,
                        LiftoffRegister value,
-                       base::Optional<LiftoffRegister> result,
+                       std::optional<LiftoffRegister> result,
                        void (*op)(LiftoffAssembler*, LiftoffRegister,
                                   LiftoffRegister, LiftoffRegister)) {
   // strexd loads a 64 bit word into two registers. The first register needs
@@ -4444,6 +4446,152 @@ bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
   return false;
 }
 
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
diff --git a/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64-inl.h b/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64-inl.h
index 519050ed60eb88..fa9e51c171c14d 100644
--- a/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64-inl.h
+++ b/deps/v8/src/wasm/baseline/arm64/liftoff-assembler-arm64-inl.h
@@ -716,9 +716,12 @@ void LiftoffAssembler::Load(LiftoffRegister dst, Register src_addr,
     case LoadType::kF32Load:
       Ldr(dst.fp().S(), src_op);
       break;
-    case LoadType::kF32LoadF16:
-      UNIMPLEMENTED();
+    case LoadType::kF32LoadF16: {
+      CpuFeatureScope scope(this, FP16);
+      Ldr(dst.fp().H(), src_op);
+      Fcvt(dst.fp().S(), dst.fp().H());
       break;
+    }
     case LoadType::kF64Load:
       Ldr(dst.fp().D(), src_op);
       break;
@@ -755,9 +758,12 @@ void LiftoffAssembler::Store(Register dst_addr, Register offset_reg,
     case StoreType::kI64Store:
       Str(src.gp().X(), dst_op);
       break;
-    case StoreType::kF32StoreF16:
-      UNIMPLEMENTED();
+    case StoreType::kF32StoreF16: {
+      CpuFeatureScope scope(this, FP16);
+      Fcvt(src.fp().H(), src.fp().S());
+      Str(src.fp().H(), dst_op);
       break;
+    }
     case StoreType::kF32Store:
       Str(src.fp().S(), dst_op);
       break;
@@ -3679,19 +3685,39 @@ void LiftoffAssembler::emit_i64x2_abs(LiftoffRegister dst,
 #define EMIT_QFMOP(instr, format)                                              \
   if (dst == src3) {                                                           \
     instr(dst.fp().V##format(), src1.fp().V##format(), src2.fp().V##format()); \
-    return;                                                                    \
-  }                                                                            \
-  if (dst != src1 && dst != src2) {                                            \
+  } else if (dst != src1 && dst != src2) {                                     \
     Mov(dst.fp().V##format(), src3.fp().V##format());                          \
     instr(dst.fp().V##format(), src1.fp().V##format(), src2.fp().V##format()); \
-    return;                                                                    \
-  }                                                                            \
-  DCHECK(dst == src1 || dst == src2);                                          \
-  UseScratchRegisterScope temps(this);                                         \
-  VRegister tmp = temps.AcquireV(kFormat##format);                             \
-  Mov(tmp, src3.fp().V##format());                                             \
-  instr(tmp, src1.fp().V##format(), src2.fp().V##format());                    \
-  Mov(dst.fp().V##format(), tmp);
+  } else {                                                                     \
+    DCHECK(dst == src1 || dst == src2);                                        \
+    UseScratchRegisterScope temps(this);                                       \
+    VRegister tmp = temps.AcquireV(kFormat##format);                           \
+    Mov(tmp, src3.fp().V##format());                                           \
+    instr(tmp, src1.fp().V##format(), src2.fp().V##format());                  \
+    Mov(dst.fp().V##format(), tmp);                                            \
+  }
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  EMIT_QFMOP(Fmla, 8H);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  EMIT_QFMOP(Fmls, 8H);
+  return true;
+}
 
 void LiftoffAssembler::emit_f32x4_qfma(LiftoffRegister dst,
                                        LiftoffRegister src1,
@@ -3725,20 +3751,312 @@ void LiftoffAssembler::emit_f64x2_qfms(LiftoffRegister dst,
 
 bool LiftoffAssembler::emit_f16x8_splat(LiftoffRegister dst,
                                         LiftoffRegister src) {
-  return false;
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcvt(dst.fp().H(), src.fp().S());
+  Dup(dst.fp().V8H(), dst.fp().H(), 0);
+  return true;
 }
 
 bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
                                                LiftoffRegister lhs,
                                                uint8_t imm_lane_idx) {
-  return false;
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Mov(dst.fp().H(), lhs.fp().V8H(), imm_lane_idx);
+  Fcvt(dst.fp().S(), dst.fp().H());
+  return true;
 }
 
 bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
                                                LiftoffRegister src1,
                                                LiftoffRegister src2,
                                                uint8_t imm_lane_idx) {
-  return false;
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  if (dst != src1) {
+    Mov(dst.fp().V8H(), src1.fp().V8H());
+  }
+  UseScratchRegisterScope temps(this);
+
+  VRegister tmp = temps.AcquireV(kFormat8H);
+  Fcvt(tmp.H(), src2.fp().S());
+  Mov(dst.fp().V8H(), imm_lane_idx, tmp.V8H(), 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fabs(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fneg(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fsqrt(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Frintp(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Frintm(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Frintz(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Frintn(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcmeq(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcmeq(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  Mvn(dst.fp().V8H(), dst.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcmgt(dst.fp().V8H(), rhs.fp().V8H(), lhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcmge(dst.fp().V8H(), rhs.fp().V8H(), lhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fadd(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fsub(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fmul(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fdiv(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fmin(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fmax(dst.fp().V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  UseScratchRegisterScope temps(this);
+
+  VRegister tmp = dst.fp();
+  if (dst == lhs || dst == rhs) {
+    tmp = temps.AcquireV(kFormat8H);
+  }
+
+  Fcmgt(tmp.V8H(), lhs.fp().V8H(), rhs.fp().V8H());
+  Bsl(tmp.V16B(), rhs.fp().V16B(), lhs.fp().V16B());
+
+  if (dst == lhs || dst == rhs) {
+    Mov(dst.fp().V8H(), tmp);
+  }
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  UseScratchRegisterScope temps(this);
+
+  VRegister tmp = dst.fp();
+  if (dst == lhs || dst == rhs) {
+    tmp = temps.AcquireV(kFormat8H);
+  }
+
+  Fcmgt(tmp.V8H(), rhs.fp().V8H(), lhs.fp().V8H());
+  Bsl(tmp.V16B(), rhs.fp().V16B(), lhs.fp().V16B());
+
+  if (dst == lhs || dst == rhs) {
+    Mov(dst.fp().V8H(), tmp);
+  }
+  return true;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcvtzs(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcvtzu(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Scvtf(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Ucvtf(dst.fp().V8H(), src.fp().V8H());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcvtn(dst.fp().V4H(), src.fp().V4S());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  // There is no vector f64 -> f16 conversion instruction,
+  // so convert them by component using scalar version.
+  // Convert high double to a temp reg first, because dst and src
+  // can overlap.
+  Mov(fp_scratch.D(), src.fp().V2D(), 1);
+  Fcvt(fp_scratch.H(), fp_scratch.D());
+
+  Fcvt(dst.fp().H(), src.fp().D());
+  Mov(dst.fp().V8H(), 1, fp_scratch.V8H(), 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(FP16)) {
+    return false;
+  }
+  Fcvtl(dst.fp().V4S(), src.fp().V4H());
+  return true;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() {
+  return CpuFeatures::IsSupported(FP16);
 }
 
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
diff --git a/deps/v8/src/wasm/baseline/ia32/liftoff-assembler-ia32-inl.h b/deps/v8/src/wasm/baseline/ia32/liftoff-assembler-ia32-inl.h
index 4beba5ddb4bcb7..cc472d42ac44c2 100644
--- a/deps/v8/src/wasm/baseline/ia32/liftoff-assembler-ia32-inl.h
+++ b/deps/v8/src/wasm/baseline/ia32/liftoff-assembler-ia32-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_WASM_BASELINE_IA32_LIFTOFF_ASSEMBLER_IA32_INL_H_
 #define V8_WASM_BASELINE_IA32_LIFTOFF_ASSEMBLER_IA32_INL_H_
 
+#include <optional>
+
 #include "src/codegen/assembler.h"
 #include "src/heap/mutable-page-metadata.h"
 #include "src/wasm/baseline/liftoff-assembler.h"
@@ -2749,14 +2751,14 @@ template <void (Assembler::*avx_op)(XMMRegister, XMMRegister, XMMRegister),
           void (Assembler::*sse_op)(XMMRegister, XMMRegister)>
 void EmitSimdCommutativeBinOp(
     LiftoffAssembler* assm, LiftoffRegister dst, LiftoffRegister lhs,
-    LiftoffRegister rhs, base::Optional<CpuFeature> feature = base::nullopt) {
+    LiftoffRegister rhs, std::optional<CpuFeature> feature = std::nullopt) {
   if (CpuFeatures::IsSupported(AVX)) {
     CpuFeatureScope scope(assm, AVX);
     (assm->*avx_op)(dst.fp(), lhs.fp(), rhs.fp());
     return;
   }
 
-  base::Optional<CpuFeatureScope> sse_scope;
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   if (dst.fp() == rhs.fp()) {
@@ -2771,14 +2773,14 @@ template <void (Assembler::*avx_op)(XMMRegister, XMMRegister, XMMRegister),
           void (Assembler::*sse_op)(XMMRegister, XMMRegister)>
 void EmitSimdNonCommutativeBinOp(
     LiftoffAssembler* assm, LiftoffRegister dst, LiftoffRegister lhs,
-    LiftoffRegister rhs, base::Optional<CpuFeature> feature = base::nullopt) {
+    LiftoffRegister rhs, std::optional<CpuFeature> feature = std::nullopt) {
   if (CpuFeatures::IsSupported(AVX)) {
     CpuFeatureScope scope(assm, AVX);
     (assm->*avx_op)(dst.fp(), lhs.fp(), rhs.fp());
     return;
   }
 
-  base::Optional<CpuFeatureScope> sse_scope;
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   if (dst.fp() == rhs.fp()) {
@@ -2838,8 +2840,8 @@ inline void EmitAnyTrue(LiftoffAssembler* assm, LiftoffRegister dst,
 template <void (SharedMacroAssemblerBase::*pcmp)(XMMRegister, XMMRegister)>
 inline void EmitAllTrue(LiftoffAssembler* assm, LiftoffRegister dst,
                         LiftoffRegister src,
-                        base::Optional<CpuFeature> feature = base::nullopt) {
-  base::Optional<CpuFeatureScope> sse_scope;
+                        std::optional<CpuFeature> feature = std::nullopt) {
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   Register tmp = assm->GetUnusedRegister(kGpReg, LiftoffRegList{dst}).gp();
@@ -3555,7 +3557,7 @@ void LiftoffAssembler::emit_i8x16_min_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminsb, &Assembler::pminsb>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i8x16_min_u(LiftoffRegister dst,
@@ -3569,7 +3571,7 @@ void LiftoffAssembler::emit_i8x16_max_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxsb, &Assembler::pmaxsb>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i8x16_max_u(LiftoffRegister dst,
@@ -3699,7 +3701,7 @@ void LiftoffAssembler::emit_i16x8_min_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminuw, &Assembler::pminuw>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i16x8_max_s(LiftoffRegister dst,
@@ -3713,7 +3715,7 @@ void LiftoffAssembler::emit_i16x8_max_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxuw, &Assembler::pmaxuw>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i16x8_extadd_pairwise_i8x16_s(LiftoffRegister dst,
@@ -3864,35 +3866,35 @@ void LiftoffAssembler::emit_i32x4_sub(LiftoffRegister dst, LiftoffRegister lhs,
 void LiftoffAssembler::emit_i32x4_mul(LiftoffRegister dst, LiftoffRegister lhs,
                                       LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmulld, &Assembler::pmulld>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i32x4_min_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminsd, &Assembler::pminsd>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i32x4_min_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminud, &Assembler::pminud>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i32x4_max_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxsd, &Assembler::pmaxsd>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i32x4_max_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxud, &Assembler::pmaxud>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, SSE4_1);
 }
 
 void LiftoffAssembler::emit_i32x4_dot_i16x8_s(LiftoffRegister dst,
@@ -4675,6 +4677,152 @@ bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
   return false;
 }
 
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.cc b/deps/v8/src/wasm/baseline/liftoff-assembler.cc
index 52e9cfe7c56247..e1ca02f7adc84a 100644
--- a/deps/v8/src/wasm/baseline/liftoff-assembler.cc
+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.cc
@@ -4,9 +4,9 @@
 
 #include "src/wasm/baseline/liftoff-assembler.h"
 
+#include <optional>
 #include <sstream>
 
-#include "src/base/optional.h"
 #include "src/base/platform/memory.h"
 #include "src/codegen/assembler-inl.h"
 #include "src/codegen/macro-assembler-inl.h"
@@ -41,7 +41,7 @@ class RegisterReuseMap {
     map_.emplace_back(dst);
   }
 
-  base::Optional<LiftoffRegister> Lookup(LiftoffRegister src) {
+  std::optional<LiftoffRegister> Lookup(LiftoffRegister src) {
     for (auto it = map_.begin(), end = map_.end(); it != end; it += 2) {
       if (it->is_gp_pair() == src.is_gp_pair() &&
           it->is_fp_pair() == src.is_fp_pair() && *it == src)
@@ -108,7 +108,7 @@ void InitMergeRegion(LiftoffAssembler::CacheState* target_state,
       DCHECK(!new_stack_offset);
       continue;
     }
-    base::Optional<LiftoffRegister> reg;
+    std::optional<LiftoffRegister> reg;
     bool needs_reg_transfer = true;
     if (allow_registers) {
       // First try: Keep the same register, if it's free.
diff --git a/deps/v8/src/wasm/baseline/liftoff-assembler.h b/deps/v8/src/wasm/baseline/liftoff-assembler.h
index 9b109846b50116..274c78c2ed4b9d 100644
--- a/deps/v8/src/wasm/baseline/liftoff-assembler.h
+++ b/deps/v8/src/wasm/baseline/liftoff-assembler.h
@@ -1072,6 +1072,14 @@ class LiftoffAssembler : public MacroAssembler {
                               LiftoffRegister rhs);
   inline void emit_i64x2_ge_s(LiftoffRegister dst, LiftoffRegister lhs,
                               LiftoffRegister rhs);
+  inline bool emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                            LiftoffRegister rhs);
+  inline bool emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                            LiftoffRegister rhs);
+  inline bool emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                            LiftoffRegister rhs);
+  inline bool emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                            LiftoffRegister rhs);
   inline void emit_f32x4_eq(LiftoffRegister dst, LiftoffRegister lhs,
                             LiftoffRegister rhs);
   inline void emit_f32x4_ne(LiftoffRegister dst, LiftoffRegister lhs,
@@ -1288,6 +1296,29 @@ class LiftoffAssembler : public MacroAssembler {
                                             LiftoffRegister src);
   inline void emit_i64x2_uconvert_i32x4_high(LiftoffRegister dst,
                                              LiftoffRegister src);
+  inline bool emit_f16x8_abs(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_neg(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_sqrt(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_ceil(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_floor(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_trunc(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_nearest_int(LiftoffRegister dst, LiftoffRegister src);
+  inline bool emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                             LiftoffRegister rhs);
+  inline bool emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                              LiftoffRegister rhs);
+  inline bool emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                              LiftoffRegister rhs);
   inline void emit_f32x4_abs(LiftoffRegister dst, LiftoffRegister src);
   inline void emit_f32x4_neg(LiftoffRegister dst, LiftoffRegister src);
   inline void emit_f32x4_sqrt(LiftoffRegister dst, LiftoffRegister src);
@@ -1362,6 +1393,20 @@ class LiftoffAssembler : public MacroAssembler {
                                         LiftoffRegister src);
   inline void emit_f32x4_uconvert_i32x4(LiftoffRegister dst,
                                         LiftoffRegister src);
+  inline bool emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                           LiftoffRegister src);
+  inline bool emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                           LiftoffRegister src);
+  inline bool emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                           LiftoffRegister src);
+  inline bool emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                        LiftoffRegister src);
+  inline bool emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                        LiftoffRegister src);
+  inline bool emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                        LiftoffRegister src);
+  inline bool emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                        LiftoffRegister src);
   inline void emit_i8x16_sconvert_i16x8(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs);
@@ -1445,6 +1490,10 @@ class LiftoffAssembler : public MacroAssembler {
   inline void emit_f64x2_replace_lane(LiftoffRegister dst, LiftoffRegister src1,
                                       LiftoffRegister src2,
                                       uint8_t imm_lane_idx);
+  inline bool emit_f16x8_qfma(LiftoffRegister dst, LiftoffRegister src1,
+                              LiftoffRegister src2, LiftoffRegister src3);
+  inline bool emit_f16x8_qfms(LiftoffRegister dst, LiftoffRegister src1,
+                              LiftoffRegister src2, LiftoffRegister src3);
   inline void emit_f32x4_qfma(LiftoffRegister dst, LiftoffRegister src1,
                               LiftoffRegister src2, LiftoffRegister src3);
   inline void emit_f32x4_qfms(LiftoffRegister dst, LiftoffRegister src1,
@@ -1510,6 +1559,8 @@ class LiftoffAssembler : public MacroAssembler {
                                    Register tmp_gp, LiftoffRegister tmp_s128,
                                    ValueKind lane_kind);
 
+  inline bool supports_f16_mem_access();
+
   ////////////////////////////////////
   // End of platform-specific part. //
   ////////////////////////////////////
diff --git a/deps/v8/src/wasm/baseline/liftoff-compiler.cc b/deps/v8/src/wasm/baseline/liftoff-compiler.cc
index 250426abf8de46..71c3ad9aa1742b 100644
--- a/deps/v8/src/wasm/baseline/liftoff-compiler.cc
+++ b/deps/v8/src/wasm/baseline/liftoff-compiler.cc
@@ -4,8 +4,9 @@
 
 #include "src/wasm/baseline/liftoff-compiler.h"
 
+#include <optional>
+
 #include "src/base/enum-set.h"
-#include "src/base/optional.h"
 #include "src/codegen/assembler-inl.h"
 // TODO(clemensb): Remove dependences on compiler stuff.
 #include "src/codegen/external-reference.h"
@@ -758,7 +759,6 @@ class LiftoffCompiler {
       input_idx_ = kFirstInputIdx;
       while (NextParam()) {
         LiftoffRegister reg = LoadToReg(param_regs_);
-#if V8_ENABLE_SANDBOX
         // In-sandbox corruption can replace one function's code with another's.
         // That's mostly safe, but certain signature mismatches can violate
         // security-relevant invariants later. To maintain such invariants,
@@ -767,7 +767,10 @@ class LiftoffCompiler {
         // 'clear_i32_upper_half' is empty on LoongArch64, MIPS64 and riscv64,
         // because they will explicitly zero-extend their lower halves before
         // using them for memory accesses anyway.
-        static_assert(kSystemPointerSize == 8);
+        // In addition, the generic js-to-wasm wrapper does a sign-extension
+        // of i32 parameters, so clearing the upper half is required for
+        // correctness in this case.
+#if V8_TARGET_ARCH_64_BIT
         if (kind_ == kI32 && location_.IsRegister()) {
           compiler_->asm_.clear_i32_upper_half(reg.gp());
         }
@@ -1786,7 +1789,7 @@ class LiftoffCompiler {
   // Before emitting the conditional branch, {will_freeze} will be initialized
   // to prevent cache state changes in conditionally executed code.
   void JumpIfFalse(FullDecoder* decoder, Label* false_dst,
-                   base::Optional<FreezeCacheState>& will_freeze) {
+                   std::optional<FreezeCacheState>& will_freeze) {
     DCHECK(!will_freeze.has_value());
     Condition cond =
         test_and_reset_outstanding_op(kExprI32Eqz) ? kNotZero : kZero;
@@ -1839,7 +1842,7 @@ class LiftoffCompiler {
     if_block->else_state = zone_->New<ElseState>(zone_);
 
     // Test the condition on the value stack, jump to else if zero.
-    base::Optional<FreezeCacheState> frozen;
+    std::optional<FreezeCacheState> frozen;
     JumpIfFalse(decoder, if_block->else_state->label.get(), frozen);
     frozen.reset();
 
@@ -1946,9 +1949,10 @@ class LiftoffCompiler {
   LiftoffRegister GenerateCCall(ValueKind return_kind,
                                 const std::initializer_list<VarState> args,
                                 ExternalReference ext_ref) {
-    SCOPED_CODE_COMMENT(std::string{"Call extref: "} +
-                        ExternalReferenceTable::NameOfIsolateIndependentAddress(
-                            ext_ref.address()));
+    SCOPED_CODE_COMMENT(
+        std::string{"Call extref: "} +
+        ExternalReferenceTable::NameOfIsolateIndependentAddress(
+            ext_ref.address(), IsolateGroup::current()->external_ref_table()));
     __ SpillAllRegisters();
     __ CallC(args, ext_ref);
     if (needs_gp_reg_pair(return_kind)) {
@@ -1962,9 +1966,10 @@ class LiftoffCompiler {
                                     ValueKind out_argument_kind,
                                     const std::initializer_list<VarState> args,
                                     ExternalReference ext_ref) {
-    SCOPED_CODE_COMMENT(std::string{"Call extref: "} +
-                        ExternalReferenceTable::NameOfIsolateIndependentAddress(
-                            ext_ref.address()));
+    SCOPED_CODE_COMMENT(
+        std::string{"Call extref: "} +
+        ExternalReferenceTable::NameOfIsolateIndependentAddress(
+            ext_ref.address(), IsolateGroup::current()->external_ref_table()));
 
     // Before making a call, spill all cache registers.
     __ SpillAllRegisters();
@@ -3190,7 +3195,7 @@ class LiftoffCompiler {
     Label cont_false;
 
     // Test the condition on the value stack, jump to {cont_false} if zero.
-    base::Optional<FreezeCacheState> frozen;
+    std::optional<FreezeCacheState> frozen;
     JumpIfFalse(decoder, &cont_false, frozen);
 
     BrOrRet(decoder, depth);
@@ -3618,7 +3623,8 @@ class LiftoffCompiler {
                Value* result) {
     DCHECK_EQ(type.value_type().kind(), result->type.kind());
     bool needs_f16_to_f32_conv = false;
-    if (type.value() == LoadType::kF32LoadF16) {
+    if (type.value() == LoadType::kF32LoadF16 &&
+        !asm_.supports_f16_mem_access()) {
       needs_f16_to_f32_conv = true;
       type = LoadType::kI32Load16U;
     }
@@ -3793,7 +3799,8 @@ class LiftoffCompiler {
     LiftoffRegList pinned;
     LiftoffRegister value = pinned.set(__ PopToRegister());
 
-    if (type.value() == StoreType::kF32StoreF16) {
+    if (type.value() == StoreType::kF32StoreF16 &&
+        !asm_.supports_f16_mem_access()) {
       type = StoreType::kI32Store16;
       // {value} is always a float, so can't alias with {i16}.
       DCHECK_EQ(kF32, kind);
@@ -4295,6 +4302,31 @@ class LiftoffCompiler {
     __ PushRegister(kS128, dst);
   }
 
+  template <ValueKind result_lane_kind, bool swap_lhs_rhs = false>
+  void EmitSimdFloatBinOpWithCFallback(
+      bool (LiftoffAssembler::*emit_fn)(LiftoffRegister, LiftoffRegister,
+                                        LiftoffRegister),
+      ExternalReference (*ext_ref)()) {
+    static constexpr RegClass rc = reg_class_for(kS128);
+    LiftoffRegister src2 = __ PopToRegister();
+    LiftoffRegister src1 = __ PopToRegister(LiftoffRegList{src2});
+    LiftoffRegister dst = __ GetUnusedRegister(rc, {src1, src2}, {});
+
+    if (swap_lhs_rhs) std::swap(src1, src2);
+
+    if (!(asm_.*emit_fn)(dst, src1, src2)) {
+      // Return v128 via stack for ARM.
+      GenerateCCallWithStackBuffer(
+          &dst, kVoid, kS128,
+          {VarState{kS128, src1, 0}, VarState{kS128, src2, 0}}, ext_ref());
+    }
+    if (V8_UNLIKELY(nondeterminism_)) {
+      LiftoffRegList pinned{dst};
+      CheckS128Nan(dst, pinned, result_lane_kind);
+    }
+    __ PushRegister(kS128, dst);
+  }
+
   template <ValueKind result_lane_kind, typename EmitFn>
   void EmitSimdFmaOp(EmitFn emit_fn) {
     LiftoffRegList pinned;
@@ -4311,6 +4343,30 @@ class LiftoffCompiler {
     __ PushRegister(kS128, dst);
   }
 
+  template <ValueKind result_lane_kind, typename EmitFn>
+  void EmitSimdFmaOpWithCFallback(EmitFn emit_fn,
+                                  ExternalReference (*ext_ref)()) {
+    LiftoffRegList pinned;
+    LiftoffRegister src3 = pinned.set(__ PopToRegister(pinned));
+    LiftoffRegister src2 = pinned.set(__ PopToRegister(pinned));
+    LiftoffRegister src1 = pinned.set(__ PopToRegister(pinned));
+    static constexpr RegClass dst_rc = reg_class_for(kS128);
+    LiftoffRegister dst = __ GetUnusedRegister(dst_rc, {});
+    if (!(asm_.*emit_fn)(dst, src1, src2, src3)) {
+      // Return v128 via stack for ARM.
+      GenerateCCallWithStackBuffer(
+          &dst, kVoid, kS128,
+          {VarState{kS128, src1, 0}, VarState{kS128, src2, 0},
+           VarState{kS128, src3, 0}},
+          ext_ref());
+    }
+    if (V8_UNLIKELY(nondeterminism_)) {
+      LiftoffRegList pinned{dst};
+      CheckS128Nan(dst, pinned, result_lane_kind);
+    }
+    __ PushRegister(kS128, dst);
+  }
+
   void SimdOp(FullDecoder* decoder, WasmOpcode opcode, const Value* /* args */,
               Value* /* result */) {
     CHECK(CpuFeatures::SupportsWasmSimd128());
@@ -4432,6 +4488,24 @@ class LiftoffCompiler {
             &LiftoffAssembler::emit_i64x2_ge_s);
       case wasm::kExprI64x2GeS:
         return EmitBinOp<kS128, kS128>(&LiftoffAssembler::emit_i64x2_ge_s);
+      case wasm::kExprF16x8Eq:
+        return EmitSimdFloatBinOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_f16x8_eq, ExternalReference::wasm_f16x8_eq);
+      case wasm::kExprF16x8Ne:
+        return EmitSimdFloatBinOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_f16x8_ne, ExternalReference::wasm_f16x8_ne);
+      case wasm::kExprF16x8Lt:
+        return EmitSimdFloatBinOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_f16x8_lt, ExternalReference::wasm_f16x8_lt);
+      case wasm::kExprF16x8Gt:
+        return EmitSimdFloatBinOpWithCFallback<kI16, true>(
+            &LiftoffAssembler::emit_f16x8_lt, ExternalReference::wasm_f16x8_lt);
+      case wasm::kExprF16x8Le:
+        return EmitSimdFloatBinOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_f16x8_le, ExternalReference::wasm_f16x8_le);
+      case wasm::kExprF16x8Ge:
+        return EmitSimdFloatBinOpWithCFallback<kI16, true>(
+            &LiftoffAssembler::emit_f16x8_le, ExternalReference::wasm_f16x8_le);
       case wasm::kExprF32x4Eq:
         return EmitBinOp<kS128, kS128>(&LiftoffAssembler::emit_f32x4_eq);
       case wasm::kExprF32x4Ne:
@@ -4656,6 +4730,66 @@ class LiftoffCompiler {
       case wasm::kExprI64x2UConvertI32x4High:
         return EmitUnOp<kS128, kS128>(
             &LiftoffAssembler::emit_i64x2_uconvert_i32x4_high);
+      case wasm::kExprF16x8Abs:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_abs,
+            &ExternalReference::wasm_f16x8_abs);
+      case wasm::kExprF16x8Neg:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_neg,
+            &ExternalReference::wasm_f16x8_neg);
+      case wasm::kExprF16x8Sqrt:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_sqrt,
+            &ExternalReference::wasm_f16x8_sqrt);
+      case wasm::kExprF16x8Ceil:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_ceil,
+            &ExternalReference::wasm_f16x8_ceil);
+      case wasm::kExprF16x8Floor:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_floor,
+            ExternalReference::wasm_f16x8_floor);
+      case wasm::kExprF16x8Trunc:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_trunc,
+            ExternalReference::wasm_f16x8_trunc);
+      case wasm::kExprF16x8NearestInt:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_nearest_int,
+            ExternalReference::wasm_f16x8_nearest_int);
+      case wasm::kExprF16x8Add:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_add,
+            ExternalReference::wasm_f16x8_add);
+      case wasm::kExprF16x8Sub:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_sub,
+            ExternalReference::wasm_f16x8_sub);
+      case wasm::kExprF16x8Mul:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_mul,
+            ExternalReference::wasm_f16x8_mul);
+      case wasm::kExprF16x8Div:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_div,
+            ExternalReference::wasm_f16x8_div);
+      case wasm::kExprF16x8Min:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_min,
+            ExternalReference::wasm_f16x8_min);
+      case wasm::kExprF16x8Max:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_max,
+            ExternalReference::wasm_f16x8_max);
+      case wasm::kExprF16x8Pmin:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_pmin,
+            ExternalReference::wasm_f16x8_pmin);
+      case wasm::kExprF16x8Pmax:
+        return EmitSimdFloatBinOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_pmax,
+            ExternalReference::wasm_f16x8_pmax);
       case wasm::kExprF32x4Abs:
         return EmitUnOp<kS128, kS128, kF32>(&LiftoffAssembler::emit_f32x4_abs);
       case wasm::kExprF32x4Neg:
@@ -4760,6 +4894,34 @@ class LiftoffCompiler {
       case wasm::kExprF32x4UConvertI32x4:
         return EmitUnOp<kS128, kS128, kF32>(
             &LiftoffAssembler::emit_f32x4_uconvert_i32x4);
+      case wasm::kExprF32x4PromoteLowF16x8:
+        return EmitSimdFloatRoundingOpWithCFallback<kF32>(
+            &LiftoffAssembler::emit_f32x4_promote_low_f16x8,
+            &ExternalReference::wasm_f32x4_promote_low_f16x8);
+      case wasm::kExprF16x8DemoteF32x4Zero:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_demote_f32x4_zero,
+            &ExternalReference::wasm_f16x8_demote_f32x4_zero);
+      case wasm::kExprF16x8DemoteF64x2Zero:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_demote_f64x2_zero,
+            &ExternalReference::wasm_f16x8_demote_f64x2_zero);
+      case wasm::kExprI16x8SConvertF16x8:
+        return EmitSimdFloatRoundingOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_i16x8_sconvert_f16x8,
+            &ExternalReference::wasm_i16x8_sconvert_f16x8);
+      case wasm::kExprI16x8UConvertF16x8:
+        return EmitSimdFloatRoundingOpWithCFallback<kI16>(
+            &LiftoffAssembler::emit_i16x8_uconvert_f16x8,
+            &ExternalReference::wasm_i16x8_uconvert_f16x8);
+      case wasm::kExprF16x8SConvertI16x8:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_sconvert_i16x8,
+            &ExternalReference::wasm_f16x8_sconvert_i16x8);
+      case wasm::kExprF16x8UConvertI16x8:
+        return EmitSimdFloatRoundingOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_uconvert_i16x8,
+            &ExternalReference::wasm_f16x8_uconvert_i16x8);
       case wasm::kExprI8x16SConvertI16x8:
         return EmitBinOp<kS128, kS128>(
             &LiftoffAssembler::emit_i8x16_sconvert_i16x8);
@@ -4830,6 +4992,14 @@ class LiftoffCompiler {
       case wasm::kExprI32x4TruncSatF64x2UZero:
         return EmitUnOp<kS128, kS128>(
             &LiftoffAssembler::emit_i32x4_trunc_sat_f64x2_u_zero);
+      case wasm::kExprF16x8Qfma:
+        return EmitSimdFmaOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_qfma,
+            &ExternalReference::wasm_f16x8_qfma);
+      case wasm::kExprF16x8Qfms:
+        return EmitSimdFmaOpWithCFallback<kF16>(
+            &LiftoffAssembler::emit_f16x8_qfms,
+            &ExternalReference::wasm_f16x8_qfms);
       case wasm::kExprF32x4Qfma:
         return EmitSimdFmaOp<kF32>(&LiftoffAssembler::emit_f32x4_qfma);
       case wasm::kExprF32x4Qfms:
@@ -8165,7 +8335,7 @@ class LiftoffCompiler {
       // A direct call to an imported function.
       FUZZER_HEAVY_INSTRUCTION;
       LiftoffRegList pinned;
-      Register imported_function_ref =
+      Register implicit_arg =
           pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
       Register target = pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
 
@@ -8175,9 +8345,9 @@ class LiftoffCompiler {
         LOAD_PROTECTED_PTR_INSTANCE_FIELD(dispatch_table,
                                           DispatchTableForImports, pinned);
         __ LoadProtectedPointer(
-            imported_function_ref, dispatch_table,
+            implicit_arg, dispatch_table,
             ObjectAccess::ToTagged(WasmDispatchTable::OffsetOf(imm.index) +
-                                   WasmDispatchTable::kRefBias));
+                                   WasmDispatchTable::kImplicitArgBias));
 
         __ LoadFullPointer(
             target, dispatch_table,
@@ -8185,7 +8355,7 @@ class LiftoffCompiler {
                                    WasmDispatchTable::kTargetBias));
       }
 
-      __ PrepareCall(&sig, call_descriptor, &target, imported_function_ref);
+      __ PrepareCall(&sig, call_descriptor, &target, implicit_arg);
       if (tail_call) {
         __ PrepareTailCall(
             static_cast<int>(call_descriptor->ParameterSlotCount()),
@@ -8225,13 +8395,6 @@ class LiftoffCompiler {
         source_position_table_builder_.AddPosition(
             __ pc_offset(), SourcePosition(decoder->position()), true);
         __ CallNativeWasmCode(addr);
-        if (v8_flags.wasm_deopt &&
-            env_->deopt_info_bytecode_offset == decoder->pc_offset()) {
-          DCHECK_EQ(env_->deopt_location_kind,
-                    LocationKindForDeopt::kInlinedCall);
-          // TODO(mliedtke): Should we do this in `FinishCall` instead?
-          StoreFrameDescriptionForDeopt(decoder);
-        }
         FinishCall(decoder, &sig, call_descriptor);
       }
     }
@@ -8493,15 +8656,15 @@ class LiftoffCompiler {
       SCOPED_CODE_COMMENT("Execute indirect call");
 
       // The first parameter will be either a WasmTrustedInstanceData or a
-      // WasmApiFunctionRef.
-      Register first_param = temps.Acquire(kGpReg).gp();
+      // WasmImportData.
+      Register implicit_arg = temps.Acquire(kGpReg).gp();
       Register target = temps.Acquire(kGpReg).gp();
 
       {
-        SCOPED_CODE_COMMENT("Load ref and target from dispatch table");
+        SCOPED_CODE_COMMENT("Load implicit arg and target from dispatch table");
         __ LoadProtectedPointer(
-            first_param, dispatch_table_base.gp_reg(),
-            dispatch_table_offset + WasmDispatchTable::kRefBias);
+            implicit_arg, dispatch_table_base.gp_reg(),
+            dispatch_table_offset + WasmDispatchTable::kImplicitArgBias);
         __ Load(LiftoffRegister(target), dispatch_table_base.gp_reg(), no_reg,
                 dispatch_table_offset + WasmDispatchTable::kTargetBias,
                 LoadType::ForValueKind(kIntPtrKind));
@@ -8542,25 +8705,25 @@ class LiftoffCompiler {
         // All in all, let's keep it simple at first, i.e., share the maximum
         // amount of code when inlining is enabled vs. not.
         VarState target_var(kIntPtrKind, LiftoffRegister(target), 0);
-        VarState first_param_var(kRef, LiftoffRegister(first_param), 0);
+        VarState implicit_arg_var(kRef, LiftoffRegister(implicit_arg), 0);
 
         // CallIndirectIC(vector: FixedArray, vectorIndex: int32,
         //                target: RawPtr,
-        //                ref: WasmTrustedInstanceData|WasmApiFunctionRef)
-        //               -> <target, ref>
+        //                ref: WasmTrustedInstanceData|WasmImportData)
+        //               -> <target, implicit_arg>
         CallBuiltin(Builtin::kCallIndirectIC,
                     MakeSig::Returns(kIntPtrKind, kIntPtrKind)
                         .Params(kRef, kI32, kIntPtrKind, kRef),
-                    {vector_var, index_var, target_var, first_param_var},
+                    {vector_var, index_var, target_var, implicit_arg_var},
                     decoder->position());
         target = kReturnRegister0;
-        first_param = kReturnRegister1;
+        implicit_arg = kReturnRegister1;
       }
 
       auto call_descriptor = compiler::GetWasmCallDescriptor(zone_, imm.sig);
       call_descriptor = GetLoweredCallDescriptor(zone_, call_descriptor);
 
-      __ PrepareCall(&sig, call_descriptor, &target, first_param);
+      __ PrepareCall(&sig, call_descriptor, &target, implicit_arg);
       if (tail_call) {
         __ PrepareTailCall(
             static_cast<int>(call_descriptor->ParameterSlotCount()),
@@ -8571,13 +8734,6 @@ class LiftoffCompiler {
         source_position_table_builder_.AddPosition(
             __ pc_offset(), SourcePosition(decoder->position()), true);
         __ CallIndirect(&sig, call_descriptor, target);
-
-        if (v8_flags.wasm_deopt &&
-            env_->deopt_info_bytecode_offset == decoder->pc_offset() &&
-            env_->deopt_location_kind == LocationKindForDeopt::kInlinedCall) {
-          StoreFrameDescriptionForDeopt(decoder);
-        }
-
         FinishCall(decoder, &sig, call_descriptor);
       }
     }
@@ -8638,7 +8794,7 @@ class LiftoffCompiler {
     call_descriptor = GetLoweredCallDescriptor(zone_, call_descriptor);
 
     Register target_reg = no_reg;
-    Register first_param_reg = no_reg;
+    Register implicit_arg_reg = no_reg;
 
     if (inlining_enabled(decoder)) {
       if (v8_flags.wasm_deopt &&
@@ -8676,14 +8832,14 @@ class LiftoffCompiler {
 
       // CallRefIC(vector: FixedArray, vectorIndex: int32,
       //           signatureHash: uintptr,
-      //           funcref: WasmFuncRef) -> <target, ref>
+      //           funcref: WasmFuncRef) -> <target, implicit_arg>
       CallBuiltin(Builtin::kCallRefIC,
                   MakeSig::Returns(kIntPtrKind, kIntPtrKind)
                       .Params(kRef, kI32, kIntPtrKind, kRef),
                   {vector_var, index_var, sig_hash_var, func_ref_var},
                   decoder->position());
       target_reg = LiftoffRegister(kReturnRegister0).gp();
-      first_param_reg = kReturnRegister1;
+      implicit_arg_reg = kReturnRegister1;
     } else {  // inlining_enabled(decoder)
       // Non-feedback-collecting version.
       // Executing a write barrier needs temp registers; doing this on a
@@ -8694,7 +8850,7 @@ class LiftoffCompiler {
       LiftoffRegList pinned;
       Register func_ref = pinned.set(__ PopToModifiableRegister(pinned)).gp();
       MaybeEmitNullCheck(decoder, func_ref, pinned, func_ref_type);
-      first_param_reg = pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
+      implicit_arg_reg = pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
       target_reg = pinned.set(__ GetUnusedRegister(kGpReg, pinned)).gp();
 
       // Load the WasmInternalFunction from the WasmFuncRef.
@@ -8704,22 +8860,23 @@ class LiftoffCompiler {
           ObjectAccess::ToTagged(WasmFuncRef::kTrustedInternalOffset),
           kWasmInternalFunctionIndirectPointerTag);
 
-      // Load "ref" (WasmTrustedInstanceData or WasmApiFunctionRef) and target.
-      Register ref = first_param_reg;
-      __ LoadProtectedPointer(ref, internal_function,
-                              wasm::ObjectAccess::ToTagged(
-                                  WasmInternalFunction::kProtectedRefOffset));
+      // Load the implicit argument (WasmTrustedInstanceData or WasmImportData)
+      // and target.
+      __ LoadProtectedPointer(
+          implicit_arg_reg, internal_function,
+          wasm::ObjectAccess::ToTagged(
+              WasmInternalFunction::kProtectedImplicitArgOffset));
 
       __ LoadFullPointer(target_reg, internal_function,
                          wasm::ObjectAccess::ToTagged(
                              WasmInternalFunction::kCallTargetOffset));
 
       // Now the call target is in {target_reg} and the first parameter
-      // (WasmTrustedInstanceData or WasmApiFunctionRef) is in
-      // {first_param_reg}.
+      // (WasmTrustedInstanceData or WasmImportData) is in
+      // {implicit_arg_reg}.
     }  // inlining_enabled(decoder)
 
-    __ PrepareCall(&sig, call_descriptor, &target_reg, first_param_reg);
+    __ PrepareCall(&sig, call_descriptor, &target_reg, implicit_arg_reg);
     if (tail_call) {
       __ PrepareTailCall(
           static_cast<int>(call_descriptor->ParameterSlotCount()),
@@ -8730,13 +8887,6 @@ class LiftoffCompiler {
       source_position_table_builder_.AddPosition(
           __ pc_offset(), SourcePosition(decoder->position()), true);
       __ CallIndirect(&sig, call_descriptor, target_reg);
-
-      if (v8_flags.wasm_deopt &&
-          env_->deopt_info_bytecode_offset == decoder->pc_offset() &&
-          env_->deopt_location_kind == LocationKindForDeopt::kInlinedCall) {
-        StoreFrameDescriptionForDeopt(decoder);
-      }
-
       FinishCall(decoder, &sig, call_descriptor);
     }
   }
@@ -8897,6 +9047,12 @@ class LiftoffCompiler {
 
   void FinishCall(FullDecoder* decoder, ValueKindSig* sig,
                   compiler::CallDescriptor* call_descriptor) {
+    if (v8_flags.wasm_deopt &&
+        env_->deopt_info_bytecode_offset == decoder->pc_offset() &&
+        env_->deopt_location_kind == LocationKindForDeopt::kInlinedCall) {
+      StoreFrameDescriptionForDeopt(decoder);
+    }
+
     DefineSafepoint();
     RegisterDebugSideTableEntry(decoder, DebugSideTableBuilder::kDidSpill);
     int pc_offset = __ pc_offset();
diff --git a/deps/v8/src/wasm/baseline/loong64/liftoff-assembler-loong64-inl.h b/deps/v8/src/wasm/baseline/loong64/liftoff-assembler-loong64-inl.h
index 32e592f186686d..3b6f63792d6253 100644
--- a/deps/v8/src/wasm/baseline/loong64/liftoff-assembler-loong64-inl.h
+++ b/deps/v8/src/wasm/baseline/loong64/liftoff-assembler-loong64-inl.h
@@ -3162,6 +3162,152 @@ bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
   return false;
 }
 
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
diff --git a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64-inl.h b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64-inl.h
index 10461e06947c95..c7a04acaf7415e 100644
--- a/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64-inl.h
+++ b/deps/v8/src/wasm/baseline/mips64/liftoff-assembler-mips64-inl.h
@@ -3680,6 +3680,152 @@ bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
   return false;
 }
 
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
diff --git a/deps/v8/src/wasm/baseline/ppc/liftoff-assembler-ppc-inl.h b/deps/v8/src/wasm/baseline/ppc/liftoff-assembler-ppc-inl.h
index c40d9106205f42..8f5d4485ee8178 100644
--- a/deps/v8/src/wasm/baseline/ppc/liftoff-assembler-ppc-inl.h
+++ b/deps/v8/src/wasm/baseline/ppc/liftoff-assembler-ppc-inl.h
@@ -2220,6 +2220,84 @@ SIMD_RELAXED_UNOP_LIST(SIMD_VISIT_RELAXED_UNOP)
 #undef SIMD_VISIT_RELAXED_UNOP
 #undef SIMD_RELAXED_UNOP_LIST
 
+#define F16_UNOP_LIST(V)     \
+  V(f16x8_splat)             \
+  V(f16x8_abs)               \
+  V(f16x8_neg)               \
+  V(f16x8_sqrt)              \
+  V(f16x8_ceil)              \
+  V(f16x8_floor)             \
+  V(f16x8_trunc)             \
+  V(f16x8_nearest_int)       \
+  V(i16x8_sconvert_f16x8)    \
+  V(i16x8_uconvert_f16x8)    \
+  V(f16x8_sconvert_i16x8)    \
+  V(f16x8_uconvert_i16x8)    \
+  V(f16x8_demote_f32x4_zero) \
+  V(f32x4_promote_low_f16x8) \
+  V(f16x8_demote_f64x2_zero)
+
+#define VISIT_F16_UNOP(name)                                \
+  bool LiftoffAssembler::emit_##name(LiftoffRegister dst,   \
+                                     LiftoffRegister src) { \
+    return false;                                           \
+  }
+F16_UNOP_LIST(VISIT_F16_UNOP)
+#undef VISIT_F16_UNOP
+#undef F16_UNOP_LIST
+
+#define F16_BINOP_LIST(V) \
+  V(f16x8_eq)             \
+  V(f16x8_ne)             \
+  V(f16x8_lt)             \
+  V(f16x8_le)             \
+  V(f16x8_add)            \
+  V(f16x8_sub)            \
+  V(f16x8_mul)            \
+  V(f16x8_div)            \
+  V(f16x8_min)            \
+  V(f16x8_max)            \
+  V(f16x8_pmin)           \
+  V(f16x8_pmax)
+
+#define VISIT_F16_BINOP(name)                                                  \
+  bool LiftoffAssembler::emit_##name(LiftoffRegister dst, LiftoffRegister lhs, \
+                                     LiftoffRegister rhs) {                    \
+    return false;                                                              \
+  }
+F16_BINOP_LIST(VISIT_F16_BINOP)
+#undef VISIT_F16_BINOP
+#undef F16_BINOP_LIST
+
+bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
+                                               LiftoffRegister lhs,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
+                                               LiftoffRegister src1,
+                                               LiftoffRegister src2,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 void LiftoffAssembler::emit_f64x2_splat(LiftoffRegister dst,
                                         LiftoffRegister src) {
   F64x2Splat(dst.fp().toSimd(), src.fp(), r0);
@@ -2622,24 +2700,6 @@ void LiftoffAssembler::emit_i32x4_uconvert_i16x8_high(LiftoffRegister dst,
                          kScratchSimd128Reg);
 }
 
-bool LiftoffAssembler::emit_f16x8_splat(LiftoffRegister dst,
-                                        LiftoffRegister src) {
-  return false;
-}
-
-bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
-                                               LiftoffRegister lhs,
-                                               uint8_t imm_lane_idx) {
-  return false;
-}
-
-bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
-                                               LiftoffRegister src1,
-                                               LiftoffRegister src2,
-                                               uint8_t imm_lane_idx) {
-  return false;
-}
-
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
diff --git a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv-inl.h b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv-inl.h
index 2970ac1d43c435..d7c743005cae55 100644
--- a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv-inl.h
+++ b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv-inl.h
@@ -2368,6 +2368,144 @@ void LiftoffAssembler::CallFrameSetupStub(int declared_function_index) {
   CallBuiltin(Builtin::kWasmLiftoffFrameSetup);
 }
 
+bool LiftoffAssembler::emit_f16x8_splat(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
+                                               LiftoffRegister lhs,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
+                                               LiftoffRegister src1,
+                                               LiftoffRegister src2,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
 }  // namespace v8::internal::wasm
 
 #endif  // V8_WASM_BASELINE_RISCV_LIFTOFF_ASSEMBLER_RISCV_INL_H_
diff --git a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv32-inl.h b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv32-inl.h
index b7a7bad8d6be7c..24d813513486f8 100644
--- a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv32-inl.h
+++ b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv32-inl.h
@@ -365,6 +365,9 @@ void LiftoffAssembler::Load(LiftoffRegister dst, Register src_addr,
       vl(dst.fp().toV(), src_reg, 0, E8);
       break;
     }
+    case LoadType::kF32LoadF16:
+      UNIMPLEMENTED();
+      break;
     default:
       UNREACHABLE();
   }
@@ -2329,6 +2332,8 @@ void LiftoffStackSlots::Construct(int param_slots) {
   }
 }
 
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 }  // namespace v8::internal::wasm
 
 #endif  // V8_WASM_BASELINE_RISCV_LIFTOFF_ASSEMBLER_RISCV32_INL_H_
diff --git a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv64-inl.h b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv64-inl.h
index 5a46fd1b3985c3..43e94aabe555ea 100644
--- a/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv64-inl.h
+++ b/deps/v8/src/wasm/baseline/riscv/liftoff-assembler-riscv64-inl.h
@@ -399,6 +399,9 @@ void LiftoffAssembler::Load(LiftoffRegister dst, Register src_addr,
       vl(dst.fp().toV(), src_reg, 0, E8);
       break;
     }
+    case LoadType::kF32LoadF16:
+      UNIMPLEMENTED();
+      break;
     default:
       UNREACHABLE();
   }
@@ -1926,6 +1929,8 @@ void LiftoffStackSlots::Construct(int param_slots) {
   }
 }
 
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
 }  // namespace v8::internal::wasm
 
 #endif  // V8_WASM_BASELINE_RISCV_LIFTOFF_ASSEMBLER_RISCV64_INL_H_
diff --git a/deps/v8/src/wasm/baseline/s390/liftoff-assembler-s390-inl.h b/deps/v8/src/wasm/baseline/s390/liftoff-assembler-s390-inl.h
index 7935d1d5c836f9..cb6271926d2892 100644
--- a/deps/v8/src/wasm/baseline/s390/liftoff-assembler-s390-inl.h
+++ b/deps/v8/src/wasm/baseline/s390/liftoff-assembler-s390-inl.h
@@ -2690,6 +2690,84 @@ SIMD_RELAXED_UNOP_LIST(SIMD_VISIT_RELAXED_UNOP)
 #undef SIMD_VISIT_RELAXED_UNOP
 #undef SIMD_RELAXED_UNOP_LIST
 
+#define F16_UNOP_LIST(V)     \
+  V(f16x8_splat)             \
+  V(f16x8_abs)               \
+  V(f16x8_neg)               \
+  V(f16x8_sqrt)              \
+  V(f16x8_ceil)              \
+  V(f16x8_floor)             \
+  V(f16x8_trunc)             \
+  V(f16x8_nearest_int)       \
+  V(i16x8_sconvert_f16x8)    \
+  V(i16x8_uconvert_f16x8)    \
+  V(f16x8_sconvert_i16x8)    \
+  V(f16x8_uconvert_i16x8)    \
+  V(f16x8_demote_f32x4_zero) \
+  V(f32x4_promote_low_f16x8) \
+  V(f16x8_demote_f64x2_zero)
+
+#define VISIT_F16_UNOP(name)                                \
+  bool LiftoffAssembler::emit_##name(LiftoffRegister dst,   \
+                                     LiftoffRegister src) { \
+    return false;                                           \
+  }
+F16_UNOP_LIST(VISIT_F16_UNOP)
+#undef VISIT_F16_UNOP
+#undef F16_UNOP_LIST
+
+#define F16_BINOP_LIST(V) \
+  V(f16x8_eq)             \
+  V(f16x8_ne)             \
+  V(f16x8_lt)             \
+  V(f16x8_le)             \
+  V(f16x8_add)            \
+  V(f16x8_sub)            \
+  V(f16x8_mul)            \
+  V(f16x8_div)            \
+  V(f16x8_min)            \
+  V(f16x8_max)            \
+  V(f16x8_pmin)           \
+  V(f16x8_pmax)
+
+#define VISIT_F16_BINOP(name)                                                  \
+  bool LiftoffAssembler::emit_##name(LiftoffRegister dst, LiftoffRegister lhs, \
+                                     LiftoffRegister rhs) {                    \
+    return false;                                                              \
+  }
+F16_BINOP_LIST(VISIT_F16_BINOP)
+#undef VISIT_F16_BINOP
+#undef F16_BINOP_LIST
+
+bool LiftoffAssembler::supports_f16_mem_access() { return false; }
+
+bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
+                                               LiftoffRegister lhs,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
+                                               LiftoffRegister src1,
+                                               LiftoffRegister src2,
+                                               uint8_t imm_lane_idx) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  return false;
+}
+
 void LiftoffAssembler::LoadTransform(LiftoffRegister dst, Register src_addr,
                                      Register offset_reg, uintptr_t offset_imm,
                                      LoadType type,
@@ -3002,24 +3080,6 @@ void LiftoffAssembler::emit_s128_relaxed_laneselect(LiftoffRegister dst,
   emit_s128_select(dst, src1, src2, mask);
 }
 
-bool LiftoffAssembler::emit_f16x8_splat(LiftoffRegister dst,
-                                        LiftoffRegister src) {
-  return false;
-}
-
-bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
-                                               LiftoffRegister lhs,
-                                               uint8_t imm_lane_idx) {
-  return false;
-}
-
-bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
-                                               LiftoffRegister src1,
-                                               LiftoffRegister src2,
-                                               uint8_t imm_lane_idx) {
-  return false;
-}
-
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   UNREACHABLE();
@@ -3092,7 +3152,7 @@ void LiftoffAssembler::CallCWithStackBuffer(
   int arg_offset = 0;
   for (const VarState& arg : args) {
     MemOperand dst{sp, arg_offset};
-    liftoff::StoreToMemory(this, dst, arg, r0);
+    liftoff::StoreToMemory(this, dst, arg, ip);
     arg_offset += value_kind_size(arg.kind());
   }
   DCHECK_LE(arg_offset, stack_bytes);
@@ -3137,7 +3197,7 @@ void LiftoffAssembler::CallCWithStackBuffer(
         LoadF64(result_reg->fp(), MemOperand(sp));
         break;
       case kS128:
-        LoadV128(result_reg->fp(), MemOperand(sp), r0);
+        LoadV128(result_reg->fp(), MemOperand(sp), ip);
         break;
       default:
         UNREACHABLE();
@@ -3169,7 +3229,7 @@ void LiftoffAssembler::CallC(const std::initializer_list<VarState> args,
       int offset =
           (kStackFrameExtraParamSlot + stack_args) * kSystemPointerSize;
       MemOperand dst{sp, offset + bias};
-      liftoff::StoreToMemory(this, dst, arg, r0);
+      liftoff::StoreToMemory(this, dst, arg, ip);
       ++stack_args;
     }
   }
diff --git a/deps/v8/src/wasm/baseline/x64/liftoff-assembler-x64-inl.h b/deps/v8/src/wasm/baseline/x64/liftoff-assembler-x64-inl.h
index 4837a9f6f31c79..63ca052fe7a217 100644
--- a/deps/v8/src/wasm/baseline/x64/liftoff-assembler-x64-inl.h
+++ b/deps/v8/src/wasm/baseline/x64/liftoff-assembler-x64-inl.h
@@ -5,6 +5,8 @@
 #ifndef V8_WASM_BASELINE_X64_LIFTOFF_ASSEMBLER_X64_INL_H_
 #define V8_WASM_BASELINE_X64_LIFTOFF_ASSEMBLER_X64_INL_H_
 
+#include <optional>
+
 #include "src/codegen/assembler.h"
 #include "src/codegen/cpu-features.h"
 #include "src/codegen/machine-type.h"
@@ -538,9 +540,13 @@ void LiftoffAssembler::Load(LiftoffRegister dst, Register src_addr,
     case LoadType::kF32Load:
       Movss(dst.fp(), src_op);
       break;
-    case LoadType::kF32LoadF16:
-      UNIMPLEMENTED();
+    case LoadType::kF32LoadF16: {
+      CpuFeatureScope f16c_scope(this, F16C);
+      CpuFeatureScope avx2_scope(this, AVX2);
+      vpbroadcastw(dst.fp(), src_op);
+      vcvtph2ps(dst.fp(), dst.fp());
       break;
+    }
     case LoadType::kF64Load:
       Movsd(dst.fp(), src_op);
       break;
@@ -577,9 +583,12 @@ void LiftoffAssembler::Store(Register dst_addr, Register offset_reg,
     case StoreType::kF32Store:
       Movss(dst_op, src.fp());
       break;
-    case StoreType::kF32StoreF16:
-      UNIMPLEMENTED();
+    case StoreType::kF32StoreF16: {
+      CpuFeatureScope fscope(this, F16C);
+      vcvtps2ph(kScratchDoubleReg, src.fp(), 0);
+      Pextrw(dst_op, kScratchDoubleReg, static_cast<uint8_t>(0));
       break;
+    }
     case StoreType::kF64Store:
       Movsd(dst_op, src.fp());
       break;
@@ -2392,14 +2401,14 @@ template <void (Assembler::*avx_op)(XMMRegister, XMMRegister, XMMRegister),
           void (Assembler::*sse_op)(XMMRegister, XMMRegister)>
 void EmitSimdCommutativeBinOp(
     LiftoffAssembler* assm, LiftoffRegister dst, LiftoffRegister lhs,
-    LiftoffRegister rhs, base::Optional<CpuFeature> feature = base::nullopt) {
+    LiftoffRegister rhs, std::optional<CpuFeature> feature = std::nullopt) {
   if (CpuFeatures::IsSupported(AVX)) {
     CpuFeatureScope scope(assm, AVX);
     (assm->*avx_op)(dst.fp(), lhs.fp(), rhs.fp());
     return;
   }
 
-  base::Optional<CpuFeatureScope> sse_scope;
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   if (dst.fp() == rhs.fp()) {
@@ -2414,14 +2423,14 @@ template <void (Assembler::*avx_op)(XMMRegister, XMMRegister, XMMRegister),
           void (Assembler::*sse_op)(XMMRegister, XMMRegister)>
 void EmitSimdNonCommutativeBinOp(
     LiftoffAssembler* assm, LiftoffRegister dst, LiftoffRegister lhs,
-    LiftoffRegister rhs, base::Optional<CpuFeature> feature = base::nullopt) {
+    LiftoffRegister rhs, std::optional<CpuFeature> feature = std::nullopt) {
   if (CpuFeatures::IsSupported(AVX)) {
     CpuFeatureScope scope(assm, AVX);
     (assm->*avx_op)(dst.fp(), lhs.fp(), rhs.fp());
     return;
   }
 
-  base::Optional<CpuFeatureScope> sse_scope;
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   if (dst.fp() == rhs.fp()) {
@@ -2476,8 +2485,8 @@ inline void EmitAnyTrue(LiftoffAssembler* assm, LiftoffRegister dst,
 template <void (SharedMacroAssemblerBase::*pcmp)(XMMRegister, XMMRegister)>
 inline void EmitAllTrue(LiftoffAssembler* assm, LiftoffRegister dst,
                         LiftoffRegister src,
-                        base::Optional<CpuFeature> feature = base::nullopt) {
-  base::Optional<CpuFeatureScope> sse_scope;
+                        std::optional<CpuFeature> feature = std::nullopt) {
+  std::optional<CpuFeatureScope> sse_scope;
   if (feature.has_value()) sse_scope.emplace(assm, *feature);
 
   XMMRegister tmp = kScratchDoubleReg;
@@ -3141,7 +3150,7 @@ void LiftoffAssembler::emit_i8x16_min_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminsb, &Assembler::pminsb>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i8x16_min_u(LiftoffRegister dst,
@@ -3155,7 +3164,7 @@ void LiftoffAssembler::emit_i8x16_max_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxsb, &Assembler::pmaxsb>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i8x16_max_u(LiftoffRegister dst,
@@ -3285,7 +3294,7 @@ void LiftoffAssembler::emit_i16x8_min_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminuw, &Assembler::pminuw>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i16x8_max_s(LiftoffRegister dst,
@@ -3299,7 +3308,7 @@ void LiftoffAssembler::emit_i16x8_max_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxuw, &Assembler::pmaxuw>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i16x8_extadd_pairwise_i8x16_s(LiftoffRegister dst,
@@ -3454,35 +3463,35 @@ void LiftoffAssembler::emit_i32x4_sub(LiftoffRegister dst, LiftoffRegister lhs,
 void LiftoffAssembler::emit_i32x4_mul(LiftoffRegister dst, LiftoffRegister lhs,
                                       LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmulld, &Assembler::pmulld>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i32x4_min_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminsd, &Assembler::pminsd>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i32x4_min_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpminud, &Assembler::pminud>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i32x4_max_s(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxsd, &Assembler::pmaxsd>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i32x4_max_u(LiftoffRegister dst,
                                         LiftoffRegister lhs,
                                         LiftoffRegister rhs) {
   liftoff::EmitSimdCommutativeBinOp<&Assembler::vpmaxud, &Assembler::pmaxud>(
-      this, dst, lhs, rhs, base::Optional<CpuFeature>(SSE4_1));
+      this, dst, lhs, rhs, std::optional<CpuFeature>(SSE4_1));
 }
 
 void LiftoffAssembler::emit_i32x4_dot_i16x8_s(LiftoffRegister dst,
@@ -4221,22 +4230,376 @@ void LiftoffAssembler::emit_f64x2_qfms(LiftoffRegister dst,
 
 bool LiftoffAssembler::emit_f16x8_splat(LiftoffRegister dst,
                                         LiftoffRegister src) {
-  return false;
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx2_scope(this, AVX2);
+  vcvtps2ph(dst.fp(), src.fp(), 0);
+  vpbroadcastw(dst.fp(), dst.fp());
+  return true;
 }
 
 bool LiftoffAssembler::emit_f16x8_extract_lane(LiftoffRegister dst,
                                                LiftoffRegister lhs,
                                                uint8_t imm_lane_idx) {
-  return false;
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  Pextrw(kScratchRegister, lhs.fp(), imm_lane_idx);
+  vmovd(dst.fp(), kScratchRegister);
+  vcvtph2ps(dst.fp(), dst.fp());
+  return true;
 }
 
 bool LiftoffAssembler::emit_f16x8_replace_lane(LiftoffRegister dst,
                                                LiftoffRegister src1,
                                                LiftoffRegister src2,
                                                uint8_t imm_lane_idx) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  vcvtps2ph(kScratchDoubleReg, src2.fp(), 0);
+  vmovd(kScratchRegister, kScratchDoubleReg);
+  vpinsrw(dst.fp(), src1.fp(), kScratchRegister, imm_lane_idx);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_abs(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope avx_scope(this, AVX);
+  Absph(dst.fp(), src.fp(), kScratchRegister);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_neg(LiftoffRegister dst,
+                                      LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope avx_scope(this, AVX);
+  Negph(dst.fp(), src.fp(), kScratchRegister);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_sqrt(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  vsqrtps(ydst, ydst);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_ceil(LiftoffRegister dst,
+                                       LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  vroundps(ydst, ydst, kRoundUp);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_floor(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  vroundps(ydst, ydst, kRoundDown);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_trunc(LiftoffRegister dst,
+                                        LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  vroundps(ydst, ydst, kRoundToZero);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_nearest_int(LiftoffRegister dst,
+                                              LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  vroundps(ydst, ydst, kRoundToNearest);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+template <void (Assembler::*avx_op)(YMMRegister, YMMRegister, YMMRegister)>
+bool F16x8CmpOpViaF32(LiftoffAssembler* assm, LiftoffRegister dst,
+                      LiftoffRegister lhs, LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX) ||
+      !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(assm, F16C);
+  CpuFeatureScope avx_scope(assm, AVX);
+  CpuFeatureScope avx2_scope(assm, AVX2);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  assm->vcvtph2ps(ydst, lhs.fp());
+  assm->vcvtph2ps(kScratchSimd256Reg, rhs.fp());
+  (assm->*avx_op)(ydst, ydst, kScratchSimd256Reg);
+  assm->vpackssdw(ydst, ydst, ydst);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_eq(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return F16x8CmpOpViaF32<&Assembler::vcmpeqps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_ne(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return F16x8CmpOpViaF32<&Assembler::vcmpneqps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_lt(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return F16x8CmpOpViaF32<&Assembler::vcmpltps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_le(LiftoffRegister dst, LiftoffRegister lhs,
+                                     LiftoffRegister rhs) {
+  return F16x8CmpOpViaF32<&Assembler::vcmpleps>(this, dst, lhs, rhs);
+}
+
+template <void (Assembler::*avx_op)(YMMRegister, YMMRegister, YMMRegister)>
+bool F16x8BinOpViaF32(LiftoffAssembler* assm, LiftoffRegister dst,
+                      LiftoffRegister lhs, LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(assm, F16C);
+  CpuFeatureScope avx_scope(assm, AVX);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  assm->vcvtph2ps(ydst, lhs.fp());
+  assm->vcvtph2ps(kScratchSimd256Reg, rhs.fp());
+  (assm->*avx_op)(ydst, ydst, kScratchSimd256Reg);
+  assm->vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_add(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return F16x8BinOpViaF32<&Assembler::vaddps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_sub(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return F16x8BinOpViaF32<&Assembler::vsubps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_mul(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return F16x8BinOpViaF32<&Assembler::vmulps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_div(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  return F16x8BinOpViaF32<&Assembler::vdivps>(this, dst, lhs, rhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_min(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+  static constexpr RegClass res_rc = reg_class_for(kS128);
+  LiftoffRegister tmp =
+      GetUnusedRegister(res_rc, LiftoffRegList{dst, lhs, rhs});
+  YMMRegister ytmp = YMMRegister::from_code(tmp.fp().code());
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  F16x8Min(ydst, lhs.fp(), rhs.fp(), kScratchSimd256Reg, ytmp);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_max(LiftoffRegister dst, LiftoffRegister lhs,
+                                      LiftoffRegister rhs) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+  static constexpr RegClass res_rc = reg_class_for(kS128);
+  LiftoffRegister tmp =
+      GetUnusedRegister(res_rc, LiftoffRegList{dst, lhs, rhs});
+  YMMRegister ytmp = YMMRegister::from_code(tmp.fp().code());
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  F16x8Max(ydst, lhs.fp(), rhs.fp(), kScratchSimd256Reg, ytmp);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_pmin(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  // Due to the way minps works, pmin(a, b) = minps(b, a).
+  return F16x8BinOpViaF32<&Assembler::vminps>(this, dst, rhs, lhs);
+}
+
+bool LiftoffAssembler::emit_f16x8_pmax(LiftoffRegister dst, LiftoffRegister lhs,
+                                       LiftoffRegister rhs) {
+  // Due to the way maxps works, pmax(a, b) = maxps(b, a).
+  return F16x8BinOpViaF32<&Assembler::vmaxps>(this, dst, rhs, lhs);
+}
+
+bool LiftoffAssembler::emit_i16x8_sconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX) ||
+      !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  I16x8SConvertF16x8(ydst, src.fp(), kScratchSimd256Reg, kScratchRegister);
+  return true;
+}
+
+bool LiftoffAssembler::emit_i16x8_uconvert_f16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX) ||
+      !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  I16x8TruncF16x8U(ydst, src.fp(), kScratchSimd256Reg);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_sconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX) ||
+      !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vpmovsxwd(ydst, src.fp());
+  vcvtdq2ps(ydst, ydst);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_uconvert_i16x8(LiftoffRegister dst,
+                                                 LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(AVX) ||
+      !CpuFeatures::IsSupported(AVX2)) {
+    return false;
+  }
+
+  CpuFeatureScope f16c_scope(this, F16C);
+  CpuFeatureScope avx_scope(this, AVX);
+  CpuFeatureScope avx2_scope(this, AVX2);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vpmovzxwd(ydst, src.fp());
+  vcvtdq2ps(ydst, ydst);
+  vcvtps2ph(dst.fp(), ydst, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f32x4_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  YMMRegister ysrc = YMMRegister::from_code(src.fp().code());
+  vcvtps2ph(dst.fp(), ysrc, 0);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_demote_f64x2_zero(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
   return false;
 }
 
+bool LiftoffAssembler::emit_f32x4_promote_low_f16x8(LiftoffRegister dst,
+                                                    LiftoffRegister src) {
+  if (!CpuFeatures::IsSupported(F16C)) {
+    return false;
+  }
+  CpuFeatureScope f16c_scope(this, F16C);
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  vcvtph2ps(ydst, src.fp());
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfma(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(FMA3)) {
+    return false;
+  }
+
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  YMMRegister tmp = YMMRegister::from_code(kScratchDoubleReg.code());
+  YMMRegister tmp2 = YMMRegister::from_code(liftoff::kScratchDoubleReg2.code());
+  F16x8Qfma(ydst, src1.fp(), src2.fp(), src3.fp(), tmp, tmp2);
+  return true;
+}
+
+bool LiftoffAssembler::emit_f16x8_qfms(LiftoffRegister dst,
+                                       LiftoffRegister src1,
+                                       LiftoffRegister src2,
+                                       LiftoffRegister src3) {
+  if (!CpuFeatures::IsSupported(F16C) || !CpuFeatures::IsSupported(FMA3)) {
+    return false;
+  }
+
+  YMMRegister ydst = YMMRegister::from_code(dst.fp().code());
+  YMMRegister tmp = YMMRegister::from_code(kScratchDoubleReg.code());
+  YMMRegister tmp2 = YMMRegister::from_code(liftoff::kScratchDoubleReg2.code());
+  F16x8Qfms(ydst, src1.fp(), src2.fp(), src3.fp(), tmp, tmp2);
+  return true;
+}
+
+bool LiftoffAssembler::supports_f16_mem_access() {
+  return CpuFeatures::IsSupported(F16C) && CpuFeatures::IsSupported(AVX2);
+}
+
 void LiftoffAssembler::set_trap_on_oob_mem64(Register index, uint64_t oob_size,
                                              uint64_t oob_index) {
   Label done;
diff --git a/deps/v8/src/wasm/c-api.cc b/deps/v8/src/wasm/c-api.cc
index 657c22b1b4290b..97ab52657c5fac 100644
--- a/deps/v8/src/wasm/c-api.cc
+++ b/deps/v8/src/wasm/c-api.cc
@@ -1519,8 +1519,8 @@ auto make_func(Store* store_abs, std::shared_ptr<FuncData> data) -> own<Func> {
       isolate, reinterpret_cast<i::Address>(&FuncData::v8_callback),
       embedder_data, SignatureHelper::Serialize(isolate, data->type.get()),
       signature_hash);
-  i::Cast<i::WasmApiFunctionRef>(
-      function->shared()->wasm_capi_function_data()->internal()->ref())
+  i::Cast<i::WasmImportData>(
+      function->shared()->wasm_capi_function_data()->internal()->implicit_arg())
       ->set_callable(*function);
   auto func = implement<Func>::type::make(store, function);
   return func;
@@ -1714,7 +1714,7 @@ i::Handle<i::JSReceiver> GetProperException(
     return i::Cast<i::JSReceiver>(maybe_exception);
   }
   if (v8::internal::IsTerminationException(*maybe_exception)) {
-    i::Handle<i::String> string =
+    i::DirectHandle<i::String> string =
         isolate->factory()->NewStringFromAsciiChecked("TerminationException");
     return isolate->factory()->NewError(isolate->error_function(), string);
   }
@@ -1741,7 +1741,7 @@ auto Func::call(const Val args[], Val results[]) const -> own<Trap> {
   v8::Isolate::Scope isolate_scope(store->isolate());
   i::HandleScope handle_scope(isolate);
   i::Tagged<i::Object> raw_function_data =
-      func->v8_object()->shared()->GetData(isolate);
+      func->v8_object()->shared()->GetTrustedData(isolate);
 
   // WasmCapiFunctions can be called directly.
   if (IsWasmCapiFunctionData(raw_function_data)) {
@@ -1749,7 +1749,7 @@ auto Func::call(const Val args[], Val results[]) const -> own<Trap> {
         i::Cast<i::WasmCapiFunctionData>(raw_function_data), args, results);
   }
 
-  DCHECK(IsWasmExportedFunctionData(raw_function_data));
+  SBXCHECK(IsWasmExportedFunctionData(raw_function_data));
   i::DirectHandle<i::WasmExportedFunctionData> function_data{
       i::Cast<i::WasmExportedFunctionData>(raw_function_data), isolate};
   i::DirectHandle<i::WasmTrustedInstanceData> instance_data{
@@ -1766,15 +1766,16 @@ auto Func::call(const Val args[], Val results[]) const -> own<Trap> {
   i::wasm::CWasmArgumentsPacker packer(function_data->packed_args_size());
   PushArgs(sig, args, &packer, store);
 
-  i::Handle<i::Object> object_ref;
+  i::DirectHandle<i::Object> object_ref;
   if (function_index < static_cast<int>(module->num_imported_functions)) {
-    object_ref = i::handle(
-        instance_data->dispatch_table_for_imports()->ref(function_index),
-        isolate);
-    if (IsWasmApiFunctionRef(*object_ref)) {
+    object_ref =
+        i::handle(instance_data->dispatch_table_for_imports()->implicit_arg(
+                      function_index),
+                  isolate);
+    if (IsWasmImportData(*object_ref)) {
       i::Tagged<i::JSFunction> jsfunc = i::Cast<i::JSFunction>(
-          i::Cast<i::WasmApiFunctionRef>(*object_ref)->callable());
-      i::Tagged<i::Object> data = jsfunc->shared()->GetData(isolate);
+          i::Cast<i::WasmImportData>(*object_ref)->callable());
+      i::Tagged<i::Object> data = jsfunc->shared()->GetTrustedData(isolate);
       if (IsWasmCapiFunctionData(data)) {
         return CallWasmCapiFunction(i::Cast<i::WasmCapiFunctionData>(data),
                                     args, results);
@@ -2122,7 +2123,7 @@ auto Table::get(size_t index) const -> own<Ref> {
 }
 
 auto Table::set(size_t index, const Ref* ref) -> bool {
-  i::Handle<i::WasmTableObject> table = impl(this)->v8_object();
+  i::DirectHandle<i::WasmTableObject> table = impl(this)->v8_object();
   if (index >= static_cast<size_t>(table->current_length())) return false;
   i::Isolate* isolate = impl(this)->isolate();
   v8::Isolate::Scope isolate_scope(reinterpret_cast<v8::Isolate*>(isolate));
@@ -2145,13 +2146,13 @@ auto Table::size() const -> size_t {
 }
 
 auto Table::grow(size_t delta, const Ref* ref) -> bool {
-  i::Handle<i::WasmTableObject> table = impl(this)->v8_object();
+  i::DirectHandle<i::WasmTableObject> table = impl(this)->v8_object();
   i::Isolate* isolate = impl(this)->isolate();
   v8::Isolate::Scope isolate_scope(reinterpret_cast<v8::Isolate*>(isolate));
   i::HandleScope scope(isolate);
   i::Handle<i::Object> obj = WasmRefToV8(isolate, ref);
   const char* error_message;
-  i::Handle<i::Object> obj_as_wasm =
+  i::DirectHandle<i::Object> obj_as_wasm =
       i::wasm::JSToWasmObject(isolate, nullptr, obj, table->type(),
                               &error_message)
           .ToHandleChecked();
diff --git a/deps/v8/src/wasm/canonical-types.cc b/deps/v8/src/wasm/canonical-types.cc
index 5b8acb75e74e05..9309a64ee007f6 100644
--- a/deps/v8/src/wasm/canonical-types.cc
+++ b/deps/v8/src/wasm/canonical-types.cc
@@ -354,11 +354,11 @@ int TypeCanonicalizer::FindCanonicalGroup(const CanonicalSingletonGroup& group,
 }
 
 size_t TypeCanonicalizer::EstimateCurrentMemoryConsumption() const {
-  UPDATE_WHEN_CLASS_CHANGES(TypeCanonicalizer, 312);
-  size_t result = ContentSize(canonical_supertypes_);
+  UPDATE_WHEN_CLASS_CHANGES(TypeCanonicalizer, 296);
   // The storage of the canonical group's types is accounted for via the
   // allocator below (which tracks the zone memory).
   base::MutexGuard mutex_guard(&mutex_);
+  size_t result = ContentSize(canonical_supertypes_);
   result += ContentSize(canonical_groups_);
   result += ContentSize(canonical_singleton_groups_);
   result += ContentSize(canonical_sigs_);
diff --git a/deps/v8/src/wasm/compilation-environment.h b/deps/v8/src/wasm/compilation-environment.h
index d9c1f41dafad7f..afaf34cc44a3ab 100644
--- a/deps/v8/src/wasm/compilation-environment.h
+++ b/deps/v8/src/wasm/compilation-environment.h
@@ -10,6 +10,7 @@
 #define V8_WASM_COMPILATION_ENVIRONMENT_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/wasm/wasm-features.h"
 #include "src/wasm/wasm-limits.h"
@@ -104,7 +105,7 @@ class WireBytesStorage {
   virtual base::Vector<const uint8_t> GetCode(WireBytesRef) const = 0;
   // Returns the ModuleWireBytes corresponding to the underlying module if
   // available. Not supported if the wire bytes are owned by a StreamingDecoder.
-  virtual base::Optional<ModuleWireBytes> GetModuleBytes() const = 0;
+  virtual std::optional<ModuleWireBytes> GetModuleBytes() const = 0;
 };
 
 // Callbacks will receive either {kFailedCompilation} or
diff --git a/deps/v8/src/wasm/function-body-decoder-impl.h b/deps/v8/src/wasm/function-body-decoder-impl.h
index 19e31c9d6b59f3..6d04e16d783439 100644
--- a/deps/v8/src/wasm/function-body-decoder-impl.h
+++ b/deps/v8/src/wasm/function-body-decoder-impl.h
@@ -617,11 +617,13 @@ struct SelectTypeImmediate {
   }
 };
 
+static constexpr uint32_t kInlineSignatureSentinel = UINT_MAX;
+
 struct BlockTypeImmediate {
   uint32_t length = 1;
   // After decoding, either {sig_index} is set XOR {sig} points to
   // {single_return_sig_storage}.
-  uint32_t sig_index;
+  uint32_t sig_index = kInlineSignatureSentinel;
   FunctionSig sig{0, 0, single_return_sig_storage};
   // Internal field, potentially pointed to by {sig}. Do not access directly.
   ValueType single_return_sig_storage[1];
@@ -4678,7 +4680,37 @@ class WasmFullDecoder : public WasmDecoder<ValidationTag, decoding_mode> {
       }
       case kExprS128Const:
         return SimdConstOp(opcode_length);
-      case kExprF16x8Splat: {
+      case kExprF16x8Splat:
+      case kExprF16x8Abs:
+      case kExprF16x8Neg:
+      case kExprF16x8Sqrt:
+      case kExprF16x8Ceil:
+      case kExprF16x8Floor:
+      case kExprF16x8Trunc:
+      case kExprF16x8NearestInt:
+      case kExprF16x8Eq:
+      case kExprF16x8Ne:
+      case kExprF16x8Lt:
+      case kExprF16x8Gt:
+      case kExprF16x8Le:
+      case kExprF16x8Ge:
+      case kExprF16x8Add:
+      case kExprF16x8Sub:
+      case kExprF16x8Mul:
+      case kExprF16x8Div:
+      case kExprF16x8Min:
+      case kExprF16x8Max:
+      case kExprF16x8Pmin:
+      case kExprF16x8Pmax:
+      case kExprI16x8SConvertF16x8:
+      case kExprI16x8UConvertF16x8:
+      case kExprF16x8SConvertI16x8:
+      case kExprF16x8UConvertI16x8:
+      case kExprF16x8DemoteF32x4Zero:
+      case kExprF16x8DemoteF64x2Zero:
+      case kExprF32x4PromoteLowF16x8:
+      case kExprF16x8Qfma:
+      case kExprF16x8Qfms: {
         if (!v8_flags.experimental_wasm_fp16) {
           this->DecodeError(
               "invalid simd opcode: 0x%x, "
diff --git a/deps/v8/src/wasm/function-compiler.cc b/deps/v8/src/wasm/function-compiler.cc
index 4244cb1630c3bf..84fe7a7df024d7 100644
--- a/deps/v8/src/wasm/function-compiler.cc
+++ b/deps/v8/src/wasm/function-compiler.cc
@@ -4,6 +4,8 @@
 
 #include "src/wasm/function-compiler.h"
 
+#include <optional>
+
 #include "src/codegen/compiler.h"
 #include "src/codegen/optimized-compilation-info.h"
 #include "src/compiler/turboshaft/wasm-turboshaft-compiler.h"
@@ -33,10 +35,11 @@ WasmCompilationResult WasmCompilationUnit::ExecuteCompilation(
   }
 
   if (result.succeeded() && counters) {
-    // TODO(mliedtke): Add counter for deopt data size.
     counters->wasm_generated_code_size()->Increment(
         result.code_desc.instr_size);
     counters->wasm_reloc_size()->Increment(result.code_desc.reloc_size);
+    counters->wasm_deopt_data_size()->Increment(
+        static_cast<int>(result.deopt_data.size()));
   }
 
   result.func_index = func_index_;
@@ -66,8 +69,8 @@ WasmCompilationResult WasmCompilationUnit::ExecuteFunctionCompilation(
   wasm::FunctionBody func_body{func->sig, func->code.offset(), code.begin(),
                                code.end(), is_shared};
 
-  base::Optional<TimedHistogramScope> wasm_compile_function_time_scope;
-  base::Optional<TimedHistogramScope> wasm_compile_huge_function_time_scope;
+  std::optional<TimedHistogramScope> wasm_compile_function_time_scope;
+  std::optional<TimedHistogramScope> wasm_compile_huge_function_time_scope;
   if (counters && base::TimeTicks::IsHighResolution()) {
     if (func_body.end - func_body.start >= 100 * KB) {
       auto huge_size_histogram = SELECT_WASM_COUNTER(
@@ -113,6 +116,9 @@ WasmCompilationResult WasmCompilationUnit::ExecuteFunctionCompilation(
 
   switch (tier_) {
     case ExecutionTier::kNone:
+#if V8_ENABLE_DRUMBRAKE
+    case ExecutionTier::kInterpreter:
+#endif  // V8_ENABLE_DRUMBRAKE
       UNREACHABLE();
 
     case ExecutionTier::kLiftoff: {
@@ -215,19 +221,23 @@ JSToWasmWrapperCompilationUnit::JSToWasmWrapperCompilationUnit(
     : isolate_(isolate),
       sig_(sig),
       canonical_sig_index_(canonical_sig_index),
-      job_(compiler::NewJSToWasmCompilationJob(isolate, sig, module,
-                                               enabled_features)) {
-  OptimizedCompilationInfo* info =
-      v8_flags.turboshaft_wasm_wrappers
-          ? static_cast<compiler::turboshaft::TurboshaftCompilationJob*>(
-                job_.get())
-                ->compilation_info()
-          : static_cast<TurbofanCompilationJob*>(job_.get())
-                ->compilation_info();
-  if (info->trace_turbo_graph()) {
-    // Make sure that code tracer is initialized on the main thread if tracing
-    // is enabled.
-    isolate->GetCodeTracer();
+      job_(v8_flags.wasm_jitless
+               ? nullptr
+               : compiler::NewJSToWasmCompilationJob(isolate, sig, module,
+                                                     enabled_features)) {
+  if (!v8_flags.wasm_jitless) {
+    OptimizedCompilationInfo* info =
+        v8_flags.turboshaft_wasm_wrappers
+            ? static_cast<compiler::turboshaft::TurboshaftCompilationJob*>(
+                  job_.get())
+                  ->compilation_info()
+            : static_cast<TurbofanCompilationJob*>(job_.get())
+                  ->compilation_info();
+    if (info->trace_turbo_graph()) {
+      // Make sure that code tracer is initialized on the main thread if tracing
+      // is enabled.
+      isolate->GetCodeTracer();
+    }
   }
 }
 
@@ -236,11 +246,20 @@ JSToWasmWrapperCompilationUnit::~JSToWasmWrapperCompilationUnit() = default;
 void JSToWasmWrapperCompilationUnit::Execute() {
   TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.wasm.detailed"),
                "wasm.CompileJSToWasmWrapper");
-  CompilationJob::Status status = job_->ExecuteJob(nullptr);
-  CHECK_EQ(status, CompilationJob::SUCCEEDED);
+  if (!v8_flags.wasm_jitless) {
+    CompilationJob::Status status = job_->ExecuteJob(nullptr);
+    CHECK_EQ(status, CompilationJob::SUCCEEDED);
+  }
 }
 
 Handle<Code> JSToWasmWrapperCompilationUnit::Finalize() {
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    return isolate_->builtins()->code_handle(
+        Builtin::kGenericJSToWasmInterpreterWrapper);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   CompilationJob::Status status = job_->FinalizeJob(isolate_);
   CHECK_EQ(status, CompilationJob::SUCCEEDED);
   OptimizedCompilationInfo* info =
diff --git a/deps/v8/src/wasm/function-compiler.h b/deps/v8/src/wasm/function-compiler.h
index 9d5e483c0fec20..c7ba3f8a804718 100644
--- a/deps/v8/src/wasm/function-compiler.h
+++ b/deps/v8/src/wasm/function-compiler.h
@@ -66,6 +66,9 @@ struct WasmCompilationResult {
   enum Kind : int8_t {
     kFunction,
     kWasmToJsWrapper,
+#if V8_ENABLE_DRUMBRAKE
+    kInterpreterEntry,
+#endif  // V8_ENABLE_DRUMBRAKE
   };
 
   bool succeeded() const { return code_desc.buffer != nullptr; }
@@ -168,8 +171,9 @@ class V8_EXPORT_PRIVATE JSToWasmWrapperCompilationUnit final {
 
 inline bool CanUseGenericJsToWasmWrapper(const WasmModule* module,
                                          const FunctionSig* sig) {
-#if (V8_TARGET_ARCH_X64 || V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_IA32 || \
-     V8_TARGET_ARCH_ARM || V8_TARGET_ARCH_S390X || V8_TARGET_ARCH_PPC64)
+#if (V8_TARGET_ARCH_X64 || V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_IA32 ||  \
+     V8_TARGET_ARCH_ARM || V8_TARGET_ARCH_S390X || V8_TARGET_ARCH_PPC64 || \
+     V8_TARGET_ARCH_LOONG64)
   // We don't use the generic wrapper for asm.js, because it creates invalid
   // stack traces.
   return !is_asmjs_module(module) && v8_flags.wasm_generic_wrapper &&
diff --git a/deps/v8/src/wasm/fuzzing/random-module-generation.cc b/deps/v8/src/wasm/fuzzing/random-module-generation.cc
index 872e7bdfb1143d..bff091e6e96f8e 100644
--- a/deps/v8/src/wasm/fuzzing/random-module-generation.cc
+++ b/deps/v8/src/wasm/fuzzing/random-module-generation.cc
@@ -6,6 +6,7 @@
 
 #include <algorithm>
 #include <array>
+#include <optional>
 
 #include "src/base/small-vector.h"
 #include "src/base/utils/random-number-generator.h"
@@ -539,11 +540,8 @@ class BodyGen {
     catch_blocks_.push_back(control_depth);
     for (int i = 0; i < num_catch; ++i) {
       const FunctionSig* exception_type = builder_->builder()->GetTagType(i);
-      auto exception_type_vec =
-          base::VectorOf(exception_type->parameters().begin(),
-                         exception_type->parameter_count());
       builder_->EmitWithU32V(kExprCatch, i);
-      ConsumeAndGenerate(exception_type_vec, return_type_vec, data);
+      ConsumeAndGenerate(exception_type->parameters(), return_type_vec, data);
     }
     if (has_catch_all) {
       builder_->Emit(kExprCatchAll);
@@ -623,7 +621,7 @@ class BodyGen {
     if (has_ref) block_returns.last() = kWasmExnRef;
     {
       BlockScope block(this, kExprBlock, param_types, block_returns,
-                       base::VectorOf(block_returns));
+                       block_returns);
       try_table_rec(param_types, return_types, catch_cases, i + 1, data);
     }
     // Catch label. Consume the unpacked values and exnref (if any), produce
@@ -687,9 +685,9 @@ class BodyGen {
     // There is always at least the block representing the function body.
     DCHECK(!blocks_.empty());
     const uint32_t target_block = data->get<uint8_t>() % blocks_.size();
-    const auto break_types = blocks_[target_block];
+    const auto break_types = base::VectorOf(blocks_[target_block]);
 
-    Generate(base::VectorOf(break_types), data);
+    Generate(break_types, data);
     builder_->EmitWithI32V(
         kExprBr, static_cast<uint32_t>(blocks_.size()) - 1 - target_block);
   }
@@ -748,7 +746,7 @@ class BodyGen {
         kExprBrOnNonNull,
         static_cast<uint32_t>(blocks_.size()) - 1 - target_block);
     ConsumeAndGenerate(
-        base::VectorOf(break_types.data(), break_types.size() - 1),
+        break_types.SubVector(0, break_types.size() - 1),
         wanted_kind == kVoid
             ? base::Vector<ValueType>{}
             : base::VectorOf({ValueType::Primitive(wanted_kind)}),
@@ -807,7 +805,7 @@ class BodyGen {
 
   void return_op(DataRange* data) {
     auto returns = builder_->signature()->returns();
-    Generate(base::VectorOf(returns.begin(), returns.size()), data);
+    Generate(returns, data);
     builder_->Emit(kExprReturn);
   }
 
@@ -1119,11 +1117,9 @@ class BodyGen {
       }
       return;
     }
-    auto return_types =
-        base::VectorOf(sig->returns().begin(), sig->return_count());
     auto wanted_types =
         base::VectorOf(&wanted_kind, wanted_kind == kWasmVoid ? 0 : 1);
-    ConsumeAndGenerate(return_types, wanted_types, data);
+    ConsumeAndGenerate(sig->returns(), wanted_types, data);
   }
 
   struct Var {
@@ -1252,10 +1248,7 @@ class BodyGen {
     } else {
       int tag = data->get<uint8_t>() % builder_->builder()->NumTags();
       const FunctionSig* exception_sig = builder_->builder()->GetTagType(tag);
-      base::Vector<const ValueType> exception_types(
-          exception_sig->parameters().begin(),
-          exception_sig->parameter_count());
-      Generate(exception_types, data);
+      Generate(exception_sig->parameters(), data);
       builder_->EmitWithU32V(kExprThrow, tag);
     }
   }
@@ -1879,7 +1872,7 @@ class BodyGen {
       return false;
     }
 
-    Generate(base::VectorOf(break_types.data(), break_types.size() - 1), data);
+    Generate(break_types.SubVector(0, break_types.size() - 1), data);
     if (data->get<bool>()) {
       // br_on_cast
       HeapType source_type = top_type(break_type.heap_type());
@@ -1896,8 +1889,7 @@ class BodyGen {
       // Fallthrough: The type has been up-cast to the source type of the
       // br_on_cast instruction! (If the type on the stack was more specific,
       // this loses type information.)
-      base::SmallVector<ValueType, 32> fallthrough_types(
-          base::VectorOf(break_types));
+      base::SmallVector<ValueType, 32> fallthrough_types(break_types);
       fallthrough_types.back() = ValueType::RefMaybeNull(
           source_type, source_is_nullable ? kNullable : kNonNullable);
       ConsumeAndGenerate(base::VectorOf(fallthrough_types), {}, data);
@@ -1920,8 +1912,7 @@ class BodyGen {
       builder_->EmitI32V(source_type.code());
       builder_->EmitI32V(target_type.code());
       // Fallthrough: The type has been cast to the target type.
-      base::SmallVector<ValueType, 32> fallthrough_types(
-          base::VectorOf(break_types));
+      base::SmallVector<ValueType, 32> fallthrough_types(break_types);
       fallthrough_types.back() = ValueType::RefMaybeNull(
           target_type, target_is_nullable ? kNullable : kNonNullable);
       ConsumeAndGenerate(base::VectorOf(fallthrough_types), {}, data);
@@ -3065,7 +3056,7 @@ class BodyGen {
 
   void GenerateRef(HeapType type, DataRange* data,
                    Nullability nullability = kNullable) {
-    base::Optional<GeneratorRecursionScope> rec_scope;
+    std::optional<GeneratorRecursionScope> rec_scope;
     if (nullability) {
       rec_scope.emplace(this);
     }
@@ -4404,9 +4395,16 @@ void EmitDeoptAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f,
                               const FunctionSig* target_sig,
                               uint32_t target_sig_index, uint32_t global_index,
                               uint32_t table_index, DataRange* data) {
-  gen_body.Generate(base::VectorOf(target_sig->parameters().begin(),
-                                   target_sig->parameters().size()),
-                    data);
+  base::Vector<const ValueType> return_types = f->signature()->returns();
+  // Split the return types randomly and generate some values before the
+  // deopting call and some afterwards. (This makes sure that we have deopts
+  // where there are values on the wasm value stack which are not used by the
+  // deopting call itself.)
+  uint32_t returns_split = data->get<uint8_t>() % (return_types.size() + 1);
+  if (returns_split) {
+    gen_body.Generate(return_types.SubVector(0, returns_split), data);
+  }
+  gen_body.Generate(target_sig->parameters(), data);
   f->EmitWithU32V(kExprGlobalGet, global_index);
   // Tail calls can only be emitted if the return types match.
   bool same_returns = HasSameReturns(target_sig, f->signature());
@@ -4441,11 +4439,8 @@ void EmitDeoptAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f,
     default:
       UNREACHABLE();
   }
-  gen_body.ConsumeAndGenerate(base::VectorOf(target_sig->returns().begin(),
-                                             target_sig->returns().size()),
-                              base::VectorOf(f->signature()->returns().begin(),
-                                             f->signature()->return_count()),
-                              data);
+  gen_body.ConsumeAndGenerate(target_sig->returns(),
+                              return_types.SubVectorFrom(returns_split), data);
 }
 
 template <WasmModuleGenerationOptions options>
@@ -4455,9 +4450,15 @@ void EmitCallAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f,
   const FunctionSig* callee_sig = callee->signature();
   uint32_t callee_index =
       callee->func_index() + gen_body.NumImportedFunctions();
-  gen_body.Generate(base::VectorOf(callee_sig->parameters().begin(),
-                                   callee_sig->parameters().size()),
-                    data);
+
+  base::Vector<const ValueType> return_types = f->signature()->returns();
+  // Split the return types randomly and generate some values before the
+  // deopting call and some afterwards to create more interesting test cases.
+  uint32_t returns_split = data->get<uint8_t>() % (return_types.size() + 1);
+  if (returns_split) {
+    gen_body.Generate(return_types.SubVector(0, returns_split), data);
+  }
+  gen_body.Generate(callee_sig->parameters(), data);
   // Tail calls can only be emitted if the return types match.
   bool same_returns = HasSameReturns(callee_sig, f->signature());
   size_t option_count = (same_returns + 1) * 3;
@@ -4493,11 +4494,8 @@ void EmitCallAndReturnValues(BodyGen<options> gen_body, WasmFunctionBuilder* f,
     default:
       UNREACHABLE();
   }
-  gen_body.ConsumeAndGenerate(base::VectorOf(callee_sig->returns().begin(),
-                                             callee_sig->returns().size()),
-                              base::VectorOf(f->signature()->returns().begin(),
-                                             f->signature()->return_count()),
-                              data);
+  gen_body.ConsumeAndGenerate(callee_sig->returns(),
+                              return_types.SubVectorFrom(returns_split), data);
 }
 }  // anonymous namespace
 
diff --git a/deps/v8/src/wasm/interpreter/OWNERS b/deps/v8/src/wasm/interpreter/OWNERS
new file mode 100644
index 00000000000000..ee475bed334460
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/OWNERS
@@ -0,0 +1,3 @@
+chohan@microsoft.com
+paolosev@microsoft.com
+sethb@microsoft.com
diff --git a/deps/v8/src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc b/deps/v8/src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc
new file mode 100644
index 00000000000000..d6db0980cb1723
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/arm64/interpreter-builtins-arm64.cc
@@ -0,0 +1,1816 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/codegen/code-factory.h"
+#include "src/codegen/interface-descriptors-inl.h"
+#include "src/codegen/macro-assembler-inl.h"
+#include "src/codegen/register-configuration.h"
+#include "src/codegen/signature.h"
+#include "src/execution/frame-constants.h"
+#include "src/execution/isolate.h"
+
+#if V8_ENABLE_WEBASSEMBLY
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#include "src/wasm/object-access.h"
+#include "src/wasm/wasm-objects.h"
+#endif  // V8_ENABLE_WEBASSEMBLY
+
+namespace v8 {
+namespace internal {
+
+#define __ ACCESS_MASM(masm)
+
+#if V8_ENABLE_WEBASSEMBLY
+
+namespace {
+// Helper functions for the GenericJSToWasmInterpreterWrapper.
+
+void PrepareForJsToWasmConversionBuiltinCall(MacroAssembler* masm,
+                                             Register current_param_slot,
+                                             Register valuetypes_array_ptr,
+                                             Register wasm_instance,
+                                             Register function_data) {
+  UseScratchRegisterScope temps(masm);
+  Register GCScanCount = temps.AcquireX();
+  // Pushes and puts the values in order onto the stack before builtin calls for
+  // the GenericJSToWasmInterpreterWrapper.
+  // The last two slots contain tagged objects that need to be visited during
+  // GC.
+  __ Mov(GCScanCount, 2);
+  __ Str(
+      GCScanCount,
+      MemOperand(
+          fp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset));
+  __ Push(current_param_slot, valuetypes_array_ptr, wasm_instance,
+          function_data);
+  // We had to prepare the parameters for the Call: we have to put the context
+  // into x27.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag);
+  __ LoadTaggedField(
+      kContextRegister,  // cp(x27)
+      MemOperand(wasm_trusted_instance,
+                 wasm::ObjectAccess::ToTagged(
+                     WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterJsToWasmConversionBuiltinCall(MacroAssembler* masm,
+                                               Register function_data,
+                                               Register wasm_instance,
+                                               Register valuetypes_array_ptr,
+                                               Register current_param_slot) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ Pop(function_data, wasm_instance, valuetypes_array_ptr,
+         current_param_slot);
+  __ Str(
+      xzr,
+      MemOperand(
+          fp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset));
+}
+
+void PrepareForBuiltinCall(MacroAssembler* masm, Register array_start,
+                           Register return_count, Register wasm_instance) {
+  UseScratchRegisterScope temps(masm);
+  Register GCScanCount = temps.AcquireX();
+  // Pushes and puts the values in order onto the stack before builtin calls for
+  // the GenericJSToWasmInterpreterWrapper.
+  __ Mov(GCScanCount, 1);
+  __ Str(
+      GCScanCount,
+      MemOperand(
+          fp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset));
+  // The last slot contains a tagged object that need to be visited during GC.
+  __ Push(array_start, return_count, xzr, wasm_instance);
+  // We had to prepare the parameters for the Call: we have to put the context
+  // into x27.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag);
+  __ LoadTaggedField(
+      kContextRegister,  // cp(x27)
+      MemOperand(wasm_trusted_instance,
+                 wasm::ObjectAccess::ToTagged(
+                     WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterBuiltinCall(MacroAssembler* masm, Register wasm_instance,
+                             Register return_count, Register array_start) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ Pop(wasm_instance, xzr, return_count, array_start);
+}
+
+void PrepareForWasmToJsConversionBuiltinCall(
+    MacroAssembler* masm, Register return_count, Register result_index,
+    Register current_return_slot, Register valuetypes_array_ptr,
+    Register wasm_instance, Register fixed_array, Register jsarray) {
+  UseScratchRegisterScope temps(masm);
+  Register GCScanCount = temps.AcquireX();
+  // Pushes and puts the values in order onto the stack before builtin calls
+  // for the GenericJSToWasmInterpreterWrapper.
+  __ Mov(GCScanCount, 3);
+  __ Str(
+      GCScanCount,
+      MemOperand(
+          fp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset));
+  __ Push(return_count, result_index, current_return_slot, valuetypes_array_ptr,
+          xzr, wasm_instance, fixed_array, jsarray);
+  // Put the context into x27.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag);
+  __ LoadTaggedField(
+      kContextRegister,  // cp(x27)
+      MemOperand(wasm_trusted_instance,
+                 wasm::ObjectAccess::ToTagged(
+                     WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterWasmToJsConversionBuiltinCall(
+    MacroAssembler* masm, Register jsarray, Register fixed_array,
+    Register wasm_instance, Register valuetypes_array_ptr,
+    Register current_return_slot, Register result_index,
+    Register return_count) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ Pop(jsarray, fixed_array, wasm_instance, xzr, valuetypes_array_ptr,
+         current_return_slot, result_index, return_count);
+}
+
+}  // namespace
+
+void Builtins::Generate_WasmInterpreterEntry(MacroAssembler* masm) {
+  // Input registers:
+  //  x7 (kWasmInstanceRegister): wasm_instance
+  //  x12: array_start
+  //  w15: function_index
+  Register array_start = x12;
+  Register function_index = x15;
+
+  // Set up the stackframe:
+  //
+  // fp-0x10  wasm_instance
+  // fp-0x08  Marker(StackFrame::WASM_INTERPRETER_ENTRY)
+  // fp       Old RBP
+  __ EnterFrame(StackFrame::WASM_INTERPRETER_ENTRY);
+
+  __ Str(kWasmInstanceRegister, MemOperand(sp, 0));
+  __ Push(function_index, array_start);
+  __ Mov(kWasmInstanceRegister, xzr);
+  __ CallRuntime(Runtime::kWasmRunInterpreter, 3);
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::WASM_INTERPRETER_ENTRY);
+  __ Ret();
+}
+
+void LoadFunctionDataAndWasmInstance(MacroAssembler* masm,
+                                     Register function_data,
+                                     Register wasm_instance) {
+  Register closure = function_data;
+  Register shared_function_info = closure;
+  __ LoadTaggedField(
+      shared_function_info,
+      MemOperand(
+          closure,
+          wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
+  closure = no_reg;
+  __ LoadTrustedPointerField(
+      function_data,
+      FieldMemOperand(shared_function_info,
+                      SharedFunctionInfo::kTrustedFunctionDataOffset),
+
+      kUnknownIndirectPointerTag);
+  shared_function_info = no_reg;
+
+  Register trusted_instance_data = wasm_instance;
+#if V8_ENABLE_SANDBOX
+  __ DecompressProtected(
+      trusted_instance_data,
+      MemOperand(function_data,
+                 WasmExportedFunctionData::kProtectedInstanceDataOffset -
+                     kHeapObjectTag));
+#else
+  __ LoadTaggedField(
+      trusted_instance_data,
+      MemOperand(function_data,
+                 WasmExportedFunctionData::kProtectedInstanceDataOffset -
+                     kHeapObjectTag));
+#endif
+  __ LoadTaggedField(
+      wasm_instance,
+      FieldMemOperand(trusted_instance_data,
+                      WasmTrustedInstanceData::kInstanceObjectOffset));
+}
+
+void LoadFromSignature(MacroAssembler* masm, Register valuetypes_array_ptr,
+                       Register return_count, Register param_count) {
+  Register signature = valuetypes_array_ptr;
+  __ Ldr(return_count,
+         MemOperand(signature, wasm::FunctionSig::kReturnCountOffset));
+  __ Ldr(param_count,
+         MemOperand(signature, wasm::FunctionSig::kParameterCountOffset));
+  valuetypes_array_ptr = signature;
+  __ Ldr(valuetypes_array_ptr,
+         MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+}
+
+void LoadValueTypesArray(MacroAssembler* masm, Register function_data,
+                         Register valuetypes_array_ptr, Register return_count,
+                         Register param_count, Register signature_data) {
+  __ LoadTaggedField(
+      signature_data,
+      FieldMemOperand(function_data,
+                      WasmExportedFunctionData::kPackedArgsSizeOffset));
+  __ SmiToInt32(signature_data);
+
+  Register signature = valuetypes_array_ptr;
+  __ Ldr(signature,
+         MemOperand(function_data,
+                    WasmExportedFunctionData::kSigOffset - kHeapObjectTag));
+  LoadFromSignature(masm, valuetypes_array_ptr, return_count, param_count);
+}
+
+class RegisterAllocator {
+ public:
+  class Scoped {
+   public:
+    Scoped(RegisterAllocator* allocator, Register* reg)
+        : allocator_(allocator), reg_(reg) {}
+    ~Scoped() { allocator_->Free(reg_); }
+
+   private:
+    RegisterAllocator* allocator_;
+    Register* reg_;
+  };
+
+  explicit RegisterAllocator(const CPURegList& registers)
+      : initial_(registers), available_(registers) {}
+  void Ask(Register* reg) {
+    DCHECK_EQ(*reg, no_reg);
+    DCHECK(!available_.IsEmpty());
+    *reg = available_.PopLowestIndex().X();
+    allocated_registers_.push_back(reg);
+  }
+
+  void Pinned(const Register& requested, Register* reg) {
+    DCHECK(available_.IncludesAliasOf(requested));
+    *reg = requested;
+    Reserve(requested);
+    allocated_registers_.push_back(reg);
+  }
+
+  void Free(Register* reg) {
+    DCHECK_NE(*reg, no_reg);
+    available_.Combine(*reg);
+    *reg = no_reg;
+    allocated_registers_.erase(
+        find(allocated_registers_.begin(), allocated_registers_.end(), reg));
+  }
+
+  void Reserve(const Register& reg) {
+    if (reg == NoReg) {
+      return;
+    }
+    DCHECK(available_.IncludesAliasOf(reg));
+    available_.Remove(reg);
+  }
+
+  void Reserve(const Register& reg1, const Register& reg2,
+               const Register& reg3 = NoReg, const Register& reg4 = NoReg,
+               const Register& reg5 = NoReg, const Register& reg6 = NoReg) {
+    Reserve(reg1);
+    Reserve(reg2);
+    Reserve(reg3);
+    Reserve(reg4);
+    Reserve(reg5);
+    Reserve(reg6);
+  }
+
+  bool IsUsed(const Register& reg) {
+    return initial_.IncludesAliasOf(reg) && !available_.IncludesAliasOf(reg);
+  }
+
+  void ResetExcept(const Register& reg1 = NoReg, const Register& reg2 = NoReg,
+                   const Register& reg3 = NoReg, const Register& reg4 = NoReg,
+                   const Register& reg5 = NoReg, const Register& reg6 = NoReg,
+                   const Register& reg7 = NoReg) {
+    available_ = initial_;
+    if (reg1 != NoReg) {
+      available_.Remove(reg1, reg2, reg3, reg4);
+    }
+    if (reg5 != NoReg) {
+      available_.Remove(reg5, reg6, reg7);
+    }
+    auto it = allocated_registers_.begin();
+    while (it != allocated_registers_.end()) {
+      if (available_.IncludesAliasOf(**it)) {
+        **it = no_reg;
+        allocated_registers_.erase(it);
+      } else {
+        it++;
+      }
+    }
+  }
+
+  static RegisterAllocator WithAllocatableGeneralRegisters() {
+    CPURegList list(kXRegSizeInBits, RegList());
+    // Only use registers x0-x15, which are volatile (caller-saved).
+    // Mksnapshot would fail to compile the GenericJSToWasmInterpreterWrapper
+    // and GenericWasmToJSInterpreterWrapper if they needed more registers.
+    list.set_bits(0xffff);  // (The default value is 0x0bf8ffff).
+    return RegisterAllocator(list);
+  }
+
+ private:
+  std::vector<Register*> allocated_registers_;
+  const CPURegList initial_;
+  CPURegList available_;
+};
+
+#define DEFINE_REG(Name)  \
+  Register Name = no_reg; \
+  regs.Ask(&Name);
+
+#define DEFINE_REG_W(Name) \
+  DEFINE_REG(Name);        \
+  Name = Name.W();
+
+#define ASSIGN_REG(Name) regs.Ask(&Name);
+
+#define ASSIGN_REG_W(Name) \
+  ASSIGN_REG(Name);        \
+  Name = Name.W();
+
+#define DEFINE_PINNED(Name, Reg) \
+  Register Name = no_reg;        \
+  regs.Pinned(Reg, &Name);
+
+#define DEFINE_SCOPED(Name) \
+  DEFINE_REG(Name)          \
+  RegisterAllocator::Scoped scope_##Name(&regs, &Name);
+
+#define FREE_REG(Name) regs.Free(&Name);
+
+// TODO(paolosev@microsoft.com): this should be converted into a Torque builtin,
+// like it was done for GenericJSToWasmWrapper.
+void Builtins::Generate_GenericJSToWasmInterpreterWrapper(
+    MacroAssembler* masm) {
+  auto regs = RegisterAllocator::WithAllocatableGeneralRegisters();
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::JS_TO_WASM);
+
+  // -------------------------------------------
+  // Compute offsets and prepare for GC.
+  // -------------------------------------------
+  // GenericJSToWasmInterpreterWrapperFrame:
+  // fp-N     Args/retvals array for Wasm call
+  // ...       ...
+  // fp-0x58  (to align to 16 bytes)
+  // fp-0x50  SignatureData
+  // fp-0x48  CurrentIndex
+  // fp-0x40  ArgRetsIsArgs
+  // fp-0x38  ArgRetsAddress
+  // fp-0x30  ValueTypesArray
+  // fp-0x28  ReturnCount
+  // fp-0x20  ParamCount
+  // fp-0x18  InParamCount
+  // fp-0x10  GCScanSlotCount
+  // fp-0x08  Marker(StackFrame::JS_TO_WASM)
+  // fp       Old RBP
+
+  constexpr int kMarkerOffset =
+      BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset +
+      kSystemPointerSize;
+  // The number of parameters passed to this function.
+  constexpr int kInParamCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset -
+      kSystemPointerSize;
+  // The number of parameters according to the signature.
+  constexpr int kParamCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kParamCountOffset;
+  constexpr int kReturnCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kReturnCountOffset;
+  constexpr int kValueTypesArrayStartOffset =
+      BuiltinWasmInterpreterWrapperConstants::kValueTypesArrayStartOffset;
+  // Array for arguments and return values. They will be scanned by GC.
+  constexpr int kArgRetsAddressOffset =
+      BuiltinWasmInterpreterWrapperConstants::kArgRetsAddressOffset;
+  // Arg/Return arrays use the same stack address. So, we should keep a flag
+  // whether we are using the array for args or returns. (1 = Args, 0 = Rets)
+  constexpr int kArgRetsIsArgsOffset =
+      BuiltinWasmInterpreterWrapperConstants::kArgRetsIsArgsOffset;
+  // The index of the argument being converted.
+  constexpr int kCurrentIndexOffset =
+      BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset;
+  // Precomputed signature data, a uint32_t with the format:
+  // bit 0-14: PackedArgsSize
+  // bit 15:   HasRefArgs
+  // bit 16:   HasRefRets
+  constexpr int kSignatureDataOffset =
+      BuiltinWasmInterpreterWrapperConstants::kSignatureDataOffset;
+  // We set and use this slot only when moving parameters into the parameter
+  // registers (so no GC scan is needed).
+  constexpr int kNumSpillSlots =
+      (kMarkerOffset - kSignatureDataOffset) / kSystemPointerSize;
+  constexpr int kNum16BytesAlignedSpillSlots = 2 * ((kNumSpillSlots + 1) / 2);
+
+  __ Sub(sp, sp, Immediate(kNum16BytesAlignedSpillSlots * kSystemPointerSize));
+  // Put the in_parameter count on the stack, we only  need it at the very end
+  // when we pop the parameters off the stack.
+  __ Sub(kJavaScriptCallArgCountRegister, kJavaScriptCallArgCountRegister, 1);
+  __ Str(kJavaScriptCallArgCountRegister, MemOperand(fp, kInParamCountOffset));
+
+  // -------------------------------------------
+  // Load the Wasm exported function data and the Wasm instance.
+  // -------------------------------------------
+  DEFINE_PINNED(function_data, kJSFunctionRegister);    // x1
+  DEFINE_PINNED(wasm_instance, kWasmInstanceRegister);  // x7
+  LoadFunctionDataAndWasmInstance(masm, function_data, wasm_instance);
+
+  regs.ResetExcept(function_data, wasm_instance);
+
+  // -------------------------------------------
+  // Load values from the signature.
+  // -------------------------------------------
+
+  // Param should be x0 for calling Runtime in the conversion loop.
+  DEFINE_PINNED(param, x0);
+  // These registers stays alive until we load params to param registers.
+  // To prevent aliasing assign higher register here.
+  DEFINE_PINNED(valuetypes_array_ptr, x11);
+
+  DEFINE_REG(return_count);
+  DEFINE_REG(param_count);
+  DEFINE_REG(signature_data);
+  DEFINE_REG(scratch);
+
+  // -------------------------------------------
+  // Load values from the signature.
+  // -------------------------------------------
+  LoadValueTypesArray(masm, function_data, valuetypes_array_ptr, return_count,
+                      param_count, signature_data);
+  __ Str(signature_data, MemOperand(fp, kSignatureDataOffset));
+  Register array_size = signature_data;
+  __ And(array_size, array_size,
+         Immediate(wasm::WasmInterpreterRuntime::PackedArgsSizeField::kMask));
+  // -------------------------------------------
+  // Store signature-related values to the stack.
+  // -------------------------------------------
+  // We store values on the stack to restore them after function calls.
+  // We cannot push values onto the stack right before the wasm call. The wasm
+  // function expects the parameters, that didn't fit into the registers, on the
+  // top of the stack.
+  __ Str(param_count, MemOperand(fp, kParamCountOffset));
+  __ Str(return_count, MemOperand(fp, kReturnCountOffset));
+  __ Str(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+
+  // -------------------------------------------
+  // Allocate array for args and return value.
+  // -------------------------------------------
+
+  // Leave space for WasmInstance.
+  __ Add(array_size, array_size, Immediate(kSystemPointerSize));
+  // Ensure that the array is 16-bytes aligned.
+  __ Add(scratch, array_size, Immediate(8));
+  __ And(array_size, scratch, Immediate(-16));
+
+  DEFINE_PINNED(array_start, x12);
+  __ Sub(array_start, sp, array_size);
+  __ Mov(sp, array_start);
+
+  __ Mov(scratch, 1);
+  __ Str(scratch, MemOperand(fp, kArgRetsIsArgsOffset));
+
+  __ Str(xzr, MemOperand(fp, kCurrentIndexOffset));
+
+  // Set the current_param_slot to point to the start of the section, after the
+  // WasmInstance object.
+  DEFINE_PINNED(current_param_slot, x13);
+  __ Add(current_param_slot, array_start, Immediate(kSystemPointerSize));
+  __ Str(current_param_slot, MemOperand(fp, kArgRetsAddressOffset));
+
+  Label prepare_for_wasm_call;
+  __ Cmp(param_count, 0);
+
+  // IF we have 0 params: jump through parameter handling.
+  __ B(&prepare_for_wasm_call, eq);
+
+  // Create a section on the stack to pass the evaluated parameters to the
+  // interpreter and to receive the results. This section represents the array
+  // expected as argument by the Runtime_WasmRunInterpreter.
+  // Arguments are stored one after the other without holes, starting at the
+  // beginning of the array, and the interpreter puts the returned values in the
+  // same array, also starting at the beginning.
+
+  // Loop through the params starting with the first.
+  // 'fp + kFPOnStackSize + kPCOnStackSize + kReceiverOnStackSize' points to the
+  // first JS parameter we are processing.
+
+  // We have to check the types of the params. The ValueType array contains
+  // first the return then the param types.
+
+  // Set the ValueType array pointer to point to the first parameter.
+  constexpr int kValueTypeSize = sizeof(wasm::ValueType);
+  static_assert(kValueTypeSize == 4);
+  const int32_t kValueTypeSizeLog2 = log2(kValueTypeSize);
+  // Set the ValueType array pointer to point to the first parameter.
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr,
+         Operand(return_count, LSL, kValueTypeSizeLog2));
+
+  DEFINE_REG(current_index);
+  __ Mov(current_index, xzr);
+
+  // -------------------------------------------
+  // Param evaluation loop.
+  // -------------------------------------------
+  Label loop_through_params;
+  __ bind(&loop_through_params);
+
+  constexpr int kReceiverOnStackSize = kSystemPointerSize;
+  constexpr int kArgsOffset =
+      kFPOnStackSize + kPCOnStackSize + kReceiverOnStackSize;
+  // Read JS argument into 'param'.
+  __ Add(scratch, fp, kArgsOffset);
+  __ Ldr(param,
+         MemOperand(scratch, current_index, LSL, kSystemPointerSizeLog2));
+  __ Str(current_index, MemOperand(fp, kCurrentIndexOffset));
+
+  DEFINE_REG_W(valuetype);
+  __ Ldr(valuetype,
+         MemOperand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  // -------------------------------------------
+  // Param conversion.
+  // -------------------------------------------
+  // If param is a Smi we can easily convert it. Otherwise we'll call a builtin
+  // for conversion.
+  Label param_conversion_done;
+  Label check_ref_param;
+  Label convert_param;
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&check_ref_param, ne);
+  __ JumpIfNotSmi(param, &convert_param);
+
+  // Change the param from Smi to int32.
+  __ SmiUntag(param);
+  // Place the param into the proper slot in Integer section.
+  __ Str(param, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(sizeof(int32_t)));
+  __ jmp(&param_conversion_done);
+
+  Label handle_ref_param;
+  __ bind(&check_ref_param);
+
+  // wasm::ValueKind::kRefNull is not representable as a cmp immediate operand.
+  __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ B(&handle_ref_param, eq);
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ B(&convert_param, ne);
+
+  // Place the reference param into the proper slot.
+  __ bind(&handle_ref_param);
+  // Make sure slot for ref args are 64-bit aligned.
+  __ And(scratch, current_param_slot, Immediate(0x04));
+  __ Add(current_param_slot, current_param_slot, scratch);
+  __ Str(param, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(kSystemPointerSize));
+
+  // -------------------------------------------
+  // Param conversion done.
+  // -------------------------------------------
+  __ bind(&param_conversion_done);
+
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr, kValueTypeSize);
+
+  __ Ldr(current_index, MemOperand(fp, kCurrentIndexOffset));
+  __ Ldr(scratch, MemOperand(fp, kParamCountOffset));
+  __ Add(current_index, current_index, 1);
+  __ cmp(current_index, scratch);
+  __ B(&loop_through_params, lt);
+  __ Str(current_index, MemOperand(fp, kCurrentIndexOffset));
+  __ jmp(&prepare_for_wasm_call);
+
+  // -------------------------------------------
+  // Param conversion builtins.
+  // -------------------------------------------
+  __ bind(&convert_param);
+  // The order of pushes is important. We want the heap objects, that should be
+  // scanned by GC, to be on the top of the stack.
+  // We have to set the indicating value for the GC to the number of values on
+  // the top of the stack that have to be scanned before calling the builtin
+  // function.
+  // We don't need the JS context for these builtin calls.
+  // The builtin expects the parameter to be in register param = rax.
+
+  PrepareForJsToWasmConversionBuiltinCall(masm, current_param_slot,
+                                          valuetypes_array_ptr, wasm_instance,
+                                          function_data);
+
+  Label param_kWasmI32_not_smi, param_kWasmI64, param_kWasmF32, param_kWasmF64,
+      throw_type_error;
+
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&param_kWasmI32_not_smi, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ B(&param_kWasmI64, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ B(&param_kWasmF32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ B(&param_kWasmF64, eq);
+
+  __ cmp(valuetype, Immediate(wasm::kWasmS128.raw_bit_field()));
+  // Simd arguments cannot be passed from JavaScript.
+  __ B(&throw_type_error, eq);
+
+  // Invalid type.
+  __ DebugBreak();
+
+  __ bind(&param_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedNonSmiToInt32),
+          RelocInfo::CODE_TARGET);
+  // Param is the result of the builtin.
+  RestoreAfterJsToWasmConversionBuiltinCall(masm, function_data, wasm_instance,
+                                            valuetypes_array_ptr,
+                                            current_param_slot);
+  __ Str(param, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(sizeof(int32_t)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmI64);
+  __ Call(BUILTIN_CODE(masm->isolate(), BigIntToI64), RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(masm, function_data, wasm_instance,
+                                            valuetypes_array_ptr,
+                                            current_param_slot);
+  __ Str(param, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(sizeof(int64_t)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmF32);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat32),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(masm, function_data, wasm_instance,
+                                            valuetypes_array_ptr,
+                                            current_param_slot);
+  __ Str(kFPReturnRegister0, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(sizeof(float)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmF64);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat64),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(masm, function_data, wasm_instance,
+                                            valuetypes_array_ptr,
+                                            current_param_slot);
+  __ Str(kFPReturnRegister0, MemOperand(current_param_slot, 0));
+  __ Add(current_param_slot, current_param_slot, Immediate(sizeof(double)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&throw_type_error);
+  // CallRuntime expects kRootRegister (x26) to contain the root.
+  __ CallRuntime(Runtime::kWasmThrowJSTypeError);
+  __ DebugBreak();  // Should not return.
+
+  // -------------------------------------------
+  // Prepare for the Wasm call.
+  // -------------------------------------------
+
+  regs.ResetExcept(function_data, wasm_instance, array_start, scratch);
+
+  __ bind(&prepare_for_wasm_call);
+
+  // Set thread_in_wasm_flag.
+  DEFINE_REG_W(scratch32);
+  __ Ldr(scratch, MemOperand(kRootRegister,
+                             Isolate::thread_in_wasm_flag_address_offset()));
+  __ Mov(scratch32, 1);  // 32 bit.
+  __ Str(scratch32, MemOperand(scratch, 0));
+
+  DEFINE_PINNED(function_index, w15);
+  __ Ldr(
+      function_index,
+      MemOperand(function_data, WasmExportedFunctionData::kFunctionIndexOffset -
+                                    kHeapObjectTag));
+  // We pass function_index as Smi.
+
+  // One tagged object (the wasm_instance) to be visited if there is a GC
+  // during the call.
+  constexpr int kWasmCallGCScanSlotCount = 1;
+  __ Mov(scratch, kWasmCallGCScanSlotCount);
+  __ Str(
+      scratch,
+      MemOperand(
+          fp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset));
+
+  // -------------------------------------------
+  // Call the Wasm function.
+  // -------------------------------------------
+
+  // Here array_start == sp.
+  __ Str(wasm_instance, MemOperand(sp));
+  // Skip wasm_instance.
+  __ Ldr(array_start, MemOperand(fp, kArgRetsAddressOffset));
+  // Here array_start == sp + kSystemPointerSize.
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInterpreterEntry),
+          RelocInfo::CODE_TARGET);
+  __ Ldr(wasm_instance, MemOperand(sp));
+  __ Ldr(array_start, MemOperand(fp, kArgRetsAddressOffset));
+
+  __ Str(xzr, MemOperand(fp, kArgRetsIsArgsOffset));
+
+  // Unset thread_in_wasm_flag.
+  __ Ldr(scratch, MemOperand(kRootRegister,
+                             Isolate::thread_in_wasm_flag_address_offset()));
+  __ Str(wzr, MemOperand(scratch, 0));  // 32 bit.
+
+  regs.ResetExcept(wasm_instance, array_start, scratch);
+
+  // -------------------------------------------
+  // Return handling.
+  // -------------------------------------------
+  DEFINE_PINNED(return_value, kReturnRegister0);  // x0
+  ASSIGN_REG(return_count);
+  __ Ldr(return_count, MemOperand(fp, kReturnCountOffset));
+
+  // All return values are already in the packed array.
+  __ Str(return_count,
+         MemOperand(
+             fp, BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset));
+
+  DEFINE_PINNED(fixed_array, x14);
+  __ Mov(fixed_array, xzr);
+  DEFINE_PINNED(jsarray, x15);
+  __ Mov(jsarray, xzr);
+
+  Label all_results_conversion_done, start_return_conversion, return_jsarray;
+
+  __ cmp(return_count, 1);
+  __ B(&start_return_conversion, eq);
+  __ B(&return_jsarray, gt);
+
+  // If no return value, load undefined.
+  __ LoadRoot(return_value, RootIndex::kUndefinedValue);
+  __ jmp(&all_results_conversion_done);
+
+  // If we have more than one return value, we need to return a JSArray.
+  __ bind(&return_jsarray);
+  PrepareForBuiltinCall(masm, array_start, return_count, wasm_instance);
+  __ Mov(return_value, return_count);
+  __ SmiTag(return_value);
+
+  // Create JSArray to hold results.
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmAllocateJSArray),
+          RelocInfo::CODE_TARGET);
+  __ Mov(jsarray, return_value);
+
+  RestoreAfterBuiltinCall(masm, wasm_instance, return_count, array_start);
+  __ LoadTaggedField(fixed_array, MemOperand(jsarray, JSArray::kElementsOffset -
+                                                          kHeapObjectTag));
+
+  __ bind(&start_return_conversion);
+  Register current_return_slot = array_start;
+
+  DEFINE_PINNED(result_index, x13);
+  __ Mov(result_index, xzr);
+
+  // -------------------------------------------
+  // Return conversions.
+  // -------------------------------------------
+  Label convert_return_value;
+  __ bind(&convert_return_value);
+  // We have to make sure that the kGCScanSlotCount is set correctly when we
+  // call the builtins for conversion. For these builtins it's the same as for
+  // the Wasm call, that is, kGCScanSlotCount = 0, so we don't have to reset it.
+  // We don't need the JS context for these builtin calls.
+
+  ASSIGN_REG(valuetypes_array_ptr);
+  __ Ldr(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+
+  // The first valuetype of the array is the return's valuetype.
+  ASSIGN_REG_W(valuetype);
+  __ Ldr(valuetype,
+         MemOperand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  Label return_kWasmI32, return_kWasmI64, return_kWasmF32, return_kWasmF64,
+      return_kWasmRef;
+
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&return_kWasmI32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ B(&return_kWasmI64, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ B(&return_kWasmF32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ B(&return_kWasmF64, eq);
+
+  {
+    __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+    __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+    __ B(&return_kWasmRef, eq);
+    __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+    __ B(&return_kWasmRef, eq);
+
+    // Invalid type. Wasm cannot return Simd results to JavaScript.
+    __ DebugBreak();
+  }
+
+  Label return_value_done;
+
+  Label to_heapnumber;
+  {
+    __ bind(&return_kWasmI32);
+    __ Ldr(return_value, MemOperand(current_return_slot, 0));
+    __ Add(current_return_slot, current_return_slot,
+           Immediate(sizeof(int32_t)));
+    // If pointer compression is disabled, we can convert the return to a smi.
+    if (SmiValuesAre32Bits()) {
+      __ SmiTag(return_value);
+    } else {
+      // Double the return value to test if it can be a Smi.
+      __ Adds(wzr, return_value.W(), return_value.W());
+      // If there was overflow, convert the return value to a HeapNumber.
+      __ B(&to_heapnumber, vs);
+      // If there was no overflow, we can convert to Smi.
+      __ SmiTag(return_value);
+    }
+  }
+  __ jmp(&return_value_done);
+
+  // Handle the conversion of the I32 return value to HeapNumber when it cannot
+  // be a smi.
+  __ bind(&to_heapnumber);
+
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInt32ToHeapNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmI64);
+  __ Ldr(return_value, MemOperand(current_return_slot, 0));
+  __ Add(current_return_slot, current_return_slot, Immediate(sizeof(int64_t)));
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), I64ToBigInt), RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmF32);
+  __ Ldr(v0, MemOperand(current_return_slot, 0));
+  __ Add(current_return_slot, current_return_slot, Immediate(sizeof(float)));
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat32ToNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmF64);
+  __ Ldr(d0, MemOperand(current_return_slot, 0));
+  __ Add(current_return_slot, current_return_slot, Immediate(sizeof(double)));
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat64ToNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmRef);
+  // Make sure slot for ref args are 64-bit aligned.
+  __ And(scratch, current_return_slot, Immediate(0x04));
+  __ Add(current_return_slot, current_return_slot, scratch);
+  __ Ldr(return_value, MemOperand(current_return_slot, 0));
+  __ Add(current_return_slot, current_return_slot,
+         Immediate(kSystemPointerSize));
+  // It might be cleaner to call Builtins_WasmFuncRefToJS here to extract
+  // func.external from the ref object if the type is kWasmFuncRef.
+
+  Label next_return_value;
+
+  __ bind(&return_value_done);
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ Str(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+  __ cmp(fixed_array, xzr);
+  __ B(&next_return_value, eq);
+
+  // Store result in JSArray
+  DEFINE_REG(array_items);
+  __ Add(array_items, fixed_array, FixedArray::kHeaderSize - kHeapObjectTag);
+  __ StoreTaggedField(return_value, MemOperand(array_items, result_index, LSL,
+                                               kTaggedSizeLog2));
+
+  __ bind(&next_return_value);
+  __ Add(result_index, result_index, 1);
+  __ cmp(result_index, return_count);
+  __ B(&convert_return_value, lt);
+
+  __ bind(&all_results_conversion_done);
+  ASSIGN_REG(param_count);
+  __ Ldr(param_count, MemOperand(fp, kParamCountOffset));  // ???
+
+  Label do_return;
+  __ cmp(fixed_array, xzr);
+  __ B(&do_return, eq);
+  // The result is jsarray.
+  __ Mov(return_value, jsarray);
+
+  __ bind(&do_return);
+  // Calculate the number of parameters we have to pop off the stack. This
+  // number is max(in_param_count, param_count).
+  DEFINE_REG(in_param_count);
+  __ Ldr(in_param_count, MemOperand(fp, kInParamCountOffset));
+  __ cmp(param_count, in_param_count);
+  __ csel(param_count, in_param_count, param_count, lt);
+
+  // -------------------------------------------
+  // Deconstruct the stack frame.
+  // -------------------------------------------
+  __ LeaveFrame(StackFrame::JS_TO_WASM);
+
+  // We have to remove the caller frame slots:
+  //  - JS arguments
+  //  - the receiver
+  // and transfer the control to the return address (the return address is
+  // expected to be on the top of the stack).
+  // We cannot use just the ret instruction for this, because we cannot pass the
+  // number of slots to remove in a Register as an argument.
+  __ DropArguments(param_count);
+  __ Ret(lr);
+}
+
+void Builtins::Generate_WasmInterpreterCWasmEntry(MacroAssembler* masm) {
+  Label invoke, handler_entry, exit;
+
+  __ EnterFrame(StackFrame::C_WASM_ENTRY);
+
+  // Space to store c_entry_fp and current sp (used by exception handler).
+  __ Push(xzr, xzr);
+
+  {
+    NoRootArrayScope no_root_array(masm);
+
+    // Push callee saved registers.
+    __ Push(d14, d15);
+    __ Push(d12, d13);
+    __ Push(d10, d11);
+    __ Push(d8, d9);
+    __ Push(x27, x28);
+    __ Push(x25, x26);
+    __ Push(x23, x24);
+    __ Push(x21, x22);
+    __ Push(x19, x20);
+
+    // Set up the reserved register for 0.0.
+    __ Fmov(fp_zero, 0.0);
+
+    // Initialize the root register.
+    __ Mov(kRootRegister, x2);
+
+#ifdef V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+    // Initialize the pointer cage base register.
+    __ LoadRootRelative(kPtrComprCageBaseRegister,
+                        IsolateData::cage_base_offset());
+#endif
+  }
+
+  {
+    UseScratchRegisterScope temps(masm);
+    Register scratch = temps.AcquireX();
+    __ Mov(scratch, sp);
+    __ Str(scratch,
+           MemOperand(fp, WasmInterpreterCWasmEntryConstants::kSPFPOffset));
+  }
+
+  __ Mov(x11, ExternalReference::Create(IsolateAddressId::kCEntryFPAddress,
+                                        masm->isolate()));
+  __ Ldr(x10, MemOperand(x11));  // x10 = C entry FP.
+
+  __ Str(x10,
+         MemOperand(fp, WasmInterpreterCWasmEntryConstants::kCEntryFPOffset));
+
+  // Jump to a faked try block that does the invoke, with a faked catch
+  // block that sets the pending exception.
+  __ B(&invoke);
+
+  // Prevent the constant pool from being emitted between the record of the
+  // handler_entry position and the first instruction of the sequence here.
+  // There is no risk because Assembler::Emit() emits the instruction before
+  // checking for constant pool emission, but we do not want to depend on
+  // that.
+  {
+    Assembler::BlockPoolsScope block_pools(masm);
+
+    __ BindExceptionHandler(&handler_entry);
+
+    // Store the current pc as the handler offset. It's used later to create the
+    // handler table.
+    masm->isolate()->builtins()->SetCWasmInterpreterEntryHandlerOffset(
+        handler_entry.pos());
+  }
+  __ B(&exit);
+
+  // Invoke: Link this frame into the handler chain.
+  __ Bind(&invoke);
+
+  // Link the current handler as the next handler.
+  __ Mov(x11, ExternalReference::Create(IsolateAddressId::kHandlerAddress,
+                                        masm->isolate()));
+  __ Ldr(x10, MemOperand(x11));
+  __ Push(padreg, x10);
+
+  // Set this new handler as the current one.
+  {
+    UseScratchRegisterScope temps(masm);
+    Register scratch = temps.AcquireX();
+    __ Mov(scratch, sp);
+    __ Str(scratch, MemOperand(x11));
+  }
+
+  // Invoke the JS function through the GenericWasmToJSInterpreterWrapper.
+  __ Call(BUILTIN_CODE(masm->isolate(), GenericWasmToJSInterpreterWrapper),
+          RelocInfo::CODE_TARGET);
+
+  // Pop the stack handler and unlink this frame from the handler chain.
+  static_assert(StackHandlerConstants::kNextOffset == 0 * kSystemPointerSize,
+                "Unexpected offset for StackHandlerConstants::kNextOffset");
+  __ Pop(x10, padreg);
+  __ Mov(x11, ExternalReference::Create(IsolateAddressId::kHandlerAddress,
+                                        masm->isolate()));
+  __ Drop(StackHandlerConstants::kSlotCount - 2);
+  __ Str(x10, MemOperand(x11));
+
+  __ Bind(&exit);
+
+  // Pop callee saved registers.
+  __ Pop(x20, x19);
+  __ Pop(x22, x21);
+  __ Pop(x24, x23);
+  __ Pop(x26, x25);
+  __ Pop(x28, x27);
+  __ Pop(d9, d8);
+  __ Pop(d11, d10);
+  __ Pop(d13, d12);
+  __ Pop(d15, d14);
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::C_WASM_ENTRY);
+  __ Ret();
+}
+
+void Builtins::Generate_GenericWasmToJSInterpreterWrapper(
+    MacroAssembler* masm) {
+  auto regs = RegisterAllocator::WithAllocatableGeneralRegisters();
+
+  DEFINE_PINNED(target_js_function, x0);
+  DEFINE_PINNED(packed_args, x1);
+  DEFINE_PINNED(signature, x3);
+  DEFINE_PINNED(callable, x5);
+
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::WASM_TO_JS);
+
+  // -------------------------------------------
+  // Compute offsets and prepare for GC.
+  // -------------------------------------------
+  // GenericJSToWasmInterpreterWrapperFrame:
+  // sp = fp-N receiver                      ^
+  // ...       JS arg 0                      |
+  // ...       ...                           | Tagged
+  // ...       JS arg n-1                    | objects
+  // ...       (padding if num args is odd)  |
+  // ...       context                       |
+  // fp-0x58   callable                      v
+  // -------------------------------------------
+  // fp-0x50   current_param_offset/current_result_offset
+  // fp-0x48   valuetypes_array_ptr
+  //
+  // fp-0x40   param_index/return_index
+  // fp-0x38   signature
+  //
+  // fp-0x30   param_count
+  // fp-0x28   return_count
+  //
+  // fp-0x20   packed_array
+  // fp-0x18   GC_SP
+  //
+  // fp-0x10   GCScanSlotCount
+  // fp-0x08   Marker(StackFrame::WASM_TO_JS)
+  //
+  // fp        Old fp
+  // fp+0x08   return address
+
+  static_assert(WasmToJSInterpreterFrameConstants::kGCSPOffset ==
+                WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset -
+                    kSystemPointerSize);
+  constexpr int kPackedArrayOffset =
+      WasmToJSInterpreterFrameConstants::kGCSPOffset - kSystemPointerSize;
+  constexpr int kReturnCountOffset = kPackedArrayOffset - kSystemPointerSize;
+  constexpr int kParamCountOffset = kReturnCountOffset - kSystemPointerSize;
+  constexpr int kSignatureOffset = kParamCountOffset - kSystemPointerSize;
+  constexpr int kParamIndexOffset = kSignatureOffset - kSystemPointerSize;
+  // Reuse this slot when iterating over return values.
+  constexpr int kResultIndexOffset = kParamIndexOffset;
+  constexpr int kValueTypesArrayStartOffset =
+      kParamIndexOffset - kSystemPointerSize;
+  constexpr int kCurrentParamOffset =
+      kValueTypesArrayStartOffset - kSystemPointerSize;
+  // Reuse this slot when iterating over return values.
+  constexpr int kCurrentResultOffset = kCurrentParamOffset;
+  constexpr int kNumSpillSlots =
+      (WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset -
+       kCurrentParamOffset) /
+      kSystemPointerSize;
+  static_assert((kNumSpillSlots % 2) == 0);  // 16-bytes aligned.
+
+  constexpr int kCallableOffset = kCurrentParamOffset - kSystemPointerSize;
+
+  __ Sub(sp, sp, Immediate(kNumSpillSlots * kSystemPointerSize));
+
+  __ Str(packed_args, MemOperand(fp, kPackedArrayOffset));
+
+  // Store null into the stack slot that will contain sp to be used in GCs that
+  // happen during the JS function call. See WasmToJsFrame::Iterate.
+  __ Str(xzr, MemOperand(fp, WasmToJSInterpreterFrameConstants::kGCSPOffset));
+
+  // Count the number of tagged objects at the top of the stack that need to be
+  // visited during GC.
+  __ Str(xzr,
+         MemOperand(fp,
+                    WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  DEFINE_REG(shared_function_info);
+  __ LoadTaggedField(
+      shared_function_info,
+      MemOperand(
+          target_js_function,
+          wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
+
+  // Set the context of the function; the call has to run in the function
+  // context.
+  DEFINE_REG(context);
+  __ LoadTaggedField(
+      context, FieldMemOperand(target_js_function, JSFunction::kContextOffset));
+  __ Mov(cp, context);
+
+  // Load global receiver if sloppy else use undefined.
+  Label receiver_undefined;
+  Label calculate_js_function_arity;
+  DEFINE_REG(receiver);
+  DEFINE_REG(flags);
+  __ Ldr(flags, FieldMemOperand(shared_function_info,
+                                SharedFunctionInfo::kFlagsOffset));
+  __ Tst(flags, Immediate(SharedFunctionInfo::IsNativeBit::kMask |
+                          SharedFunctionInfo::IsStrictBit::kMask));
+  FREE_REG(flags);
+  __ B(&receiver_undefined, ne);
+  __ LoadGlobalProxy(receiver);
+  __ B(&calculate_js_function_arity);
+
+  __ bind(&receiver_undefined);
+  __ LoadRoot(receiver, RootIndex::kUndefinedValue);
+
+  __ bind(&calculate_js_function_arity);
+
+  // Load values from the signature.
+  DEFINE_REG(return_count);
+  DEFINE_REG(param_count);
+  __ Str(signature, MemOperand(fp, kSignatureOffset));
+  Register valuetypes_array_ptr = signature;
+  LoadFromSignature(masm, valuetypes_array_ptr, return_count, param_count);
+  __ Str(param_count, MemOperand(fp, kParamCountOffset));
+  FREE_REG(shared_function_info);
+
+  // Store callable and context.
+  __ Push(callable, context);
+
+  // Make room to pass the args and the receiver.
+  DEFINE_REG(array_size);
+  DEFINE_REG(scratch);
+  __ Add(array_size, param_count, Immediate(1));
+  // Ensure that the array is 16-bytes aligned.
+  __ Add(scratch, array_size, Immediate(1));
+  __ And(array_size, scratch, Immediate(-2));
+  __ Sub(sp, sp, Operand(array_size, LSL, kSystemPointerSizeLog2));
+
+  // The number of arguments at the top of the stack that need to be visited
+  // during GC, also counting callable and context.
+  __ Add(scratch, array_size, Immediate(2));
+  __ Str(scratch,
+         MemOperand(fp,
+                    WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  // Make sure that the padding slot (if present) is reset to zero. The other
+  // slots will be initialized with the arguments.
+  __ Sub(scratch, array_size, Immediate(1));
+  __ Str(xzr, MemOperand(sp, scratch, LSL, kSystemPointerSizeLog2));
+  FREE_REG(array_size);
+
+  DEFINE_REG(param_index);
+  __ Mov(param_index, xzr);
+
+  // Store the receiver at the top of the stack.
+  __ Str(receiver, MemOperand(sp, 0));
+
+  // -------------------------------------------
+  // Store signature-related values to the stack.
+  // -------------------------------------------
+  // We store values on the stack to restore them after function calls.
+  __ Str(return_count, MemOperand(fp, kReturnCountOffset));
+  __ Str(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+
+  Label prepare_for_js_call;
+  __ Cmp(param_count, 0);
+  // If we have 0 params: jump through parameter handling.
+  __ B(&prepare_for_js_call, eq);
+
+  // Loop through the params starting with the first.
+  DEFINE_REG(current_param_slot_offset);
+  __ Mov(current_param_slot_offset, Immediate(0));
+
+  // We have to check the types of the params. The ValueType array contains
+  // first the return then the param types.
+
+  // Set the ValueType array pointer to point to the first parameter.
+  constexpr int kValueTypeSize = sizeof(wasm::ValueType);
+  static_assert(kValueTypeSize == 4);
+  const int32_t kValueTypeSizeLog2 = log2(kValueTypeSize);
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr,
+         Operand(return_count, LSL, kValueTypeSizeLog2));
+  DEFINE_REG_W(valuetype);
+
+  // -------------------------------------------
+  // Copy reference type params first and initialize the stack for JS arguments.
+  // -------------------------------------------
+
+  // Heap pointers for ref type values in packed_args can be invalidated if GC
+  // is triggered when converting wasm numbers to JS numbers and allocating
+  // heap numbers. So, we have to move them to the stack first.
+  Register param = target_js_function;  // x0
+  {
+    Label loop_copy_param_ref, load_ref_param, set_and_move;
+
+    __ bind(&loop_copy_param_ref);
+    __ Ldr(valuetype, MemOperand(valuetypes_array_ptr,
+                                 wasm::ValueType::bit_field_offset()));
+    __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+    __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+    __ B(&load_ref_param, eq);
+    __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+    __ B(&load_ref_param, eq);
+
+    // Initialize non-ref type slots to zero since they can be visited by GC
+    // when converting wasm numbers into heap numbers.
+    __ Mov(param, Smi::zero());
+
+    Label inc_param_32bit;
+    __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+    __ B(&inc_param_32bit, eq);
+    __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+    __ B(&inc_param_32bit, eq);
+
+    Label inc_param_64bit;
+    __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+    __ B(&inc_param_64bit, eq);
+    __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+    __ B(&inc_param_64bit, eq);
+
+    // Invalid type. Wasm cannot pass Simd arguments to JavaScript.
+    __ DebugBreak();
+
+    __ bind(&inc_param_32bit);
+    __ Add(current_param_slot_offset, current_param_slot_offset,
+           Immediate(sizeof(int32_t)));
+    __ B(&set_and_move);
+
+    __ bind(&inc_param_64bit);
+    __ Add(current_param_slot_offset, current_param_slot_offset,
+           Immediate(sizeof(int64_t)));
+    __ B(&set_and_move);
+
+    __ bind(&load_ref_param);
+    // No need to align packed_args for ref values in wasm-to-js, because the
+    // alignment is only required for GC code that visits the stack, and in this
+    // case we are storing into the stack only heap (or Smi) objects, always
+    // aligned.
+    __ Ldr(param, MemOperand(packed_args, current_param_slot_offset));
+    __ Add(current_param_slot_offset, current_param_slot_offset,
+           Immediate(kSystemPointerSize));
+
+    __ bind(&set_and_move);
+    __ Add(param_index, param_index, 1);
+    // Pre-increment param_index to skip receiver slot.
+    __ Str(param, MemOperand(sp, param_index, LSL, kSystemPointerSizeLog2));
+    __ Add(valuetypes_array_ptr, valuetypes_array_ptr,
+           Immediate(kValueTypeSize));
+    __ Cmp(param_index, param_count);
+    __ B(&loop_copy_param_ref, lt);
+  }
+
+  // Reset pointers for the second param conversion loop.
+  __ Ldr(return_count, MemOperand(fp, kReturnCountOffset));
+  __ Ldr(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr,
+         Operand(return_count, LSL, kValueTypeSizeLog2));
+  __ Mov(current_param_slot_offset, xzr);
+  __ Mov(param_index, xzr);
+
+  // -------------------------------------------
+  // Param evaluation loop.
+  // -------------------------------------------
+  Label loop_through_params;
+  __ bind(&loop_through_params);
+
+  __ Ldr(valuetype,
+         MemOperand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  // -------------------------------------------
+  // Param conversion.
+  // -------------------------------------------
+  // If param is a Smi we can easily convert it. Otherwise we'll call a builtin
+  // for conversion.
+  Label param_conversion_done, check_ref_param, skip_ref_param, convert_param;
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&check_ref_param, ne);
+
+  // I32 param: change to Smi.
+  __ Ldr(param.W(), MemOperand(packed_args, current_param_slot_offset));
+
+  // If pointer compression is disabled, we can convert to a smi.
+  if (SmiValuesAre32Bits()) {
+    __ SmiTag(param);
+  } else {
+    // Double the return value to test if it can be a Smi.
+    __ Adds(wzr, param.W(), param.W());
+    // If there was overflow, convert the return value to a HeapNumber.
+    __ B(&convert_param, vs);
+    // If there was no overflow, we can convert to Smi.
+    __ SmiTag(param);
+  }
+
+  // Place the param into the proper slot.
+  // Pre-increment param_index to skip the receiver slot.
+  __ Add(param_index, param_index, 1);
+  __ Str(param, MemOperand(sp, param_index, LSL, kSystemPointerSizeLog2));
+  __ Add(current_param_slot_offset, current_param_slot_offset, sizeof(int32_t));
+
+  __ B(&param_conversion_done);
+
+  // Skip Ref params. We already copied reference params in the first loop.
+  __ bind(&check_ref_param);
+  __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ B(&skip_ref_param, eq);
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ B(&convert_param, ne);
+
+  __ bind(&skip_ref_param);
+  __ Add(param_index, param_index, 1);
+  __ Add(current_param_slot_offset, current_param_slot_offset,
+         Immediate(kSystemPointerSize));
+  __ B(&param_conversion_done);
+
+  // -------------------------------------------------
+  // Param conversion builtins (Wasm type -> JS type).
+  // -------------------------------------------------
+  __ bind(&convert_param);
+
+  // Prepare for builtin call.
+
+  // Need to specify how many heap objects, that should be scanned by GC, are
+  // on the top of the stack. (Only the context).
+  // The builtin expects the parameter to be in register param = rax.
+
+  __ Str(param_index, MemOperand(fp, kParamIndexOffset));
+  __ Str(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+  __ Str(current_param_slot_offset, MemOperand(fp, kCurrentParamOffset));
+
+  Label param_kWasmI32_not_smi;
+  Label param_kWasmI64;
+  Label param_kWasmF32;
+  Label param_kWasmF64;
+  Label finish_param_conversion;
+
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&param_kWasmI32_not_smi, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ B(&param_kWasmI64, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ B(&param_kWasmF32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ B(&param_kWasmF64, eq);
+
+  // Invalid type. Wasm cannot pass Simd arguments to JavaScript.
+  __ DebugBreak();
+
+  Register increment = scratch;
+  __ bind(&param_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInt32ToHeapNumber),
+          RelocInfo::CODE_TARGET);
+  // Param is the result of the builtin.
+  __ Mov(increment, Immediate(sizeof(int32_t)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmI64);
+  __ Ldr(param, MemOperand(packed_args, current_param_slot_offset));
+  __ Call(BUILTIN_CODE(masm->isolate(), I64ToBigInt), RelocInfo::CODE_TARGET);
+  __ Mov(increment, Immediate(sizeof(int64_t)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmF32);
+  __ Ldr(v0, MemOperand(packed_args, current_param_slot_offset));
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat32ToNumber),
+          RelocInfo::CODE_TARGET);
+  __ Mov(increment, Immediate(sizeof(float)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmF64);
+  __ Ldr(d0, MemOperand(packed_args, current_param_slot_offset));
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat64ToNumber),
+          RelocInfo::CODE_TARGET);
+  __ Mov(increment, Immediate(sizeof(double)));
+
+  // Restore after builtin call.
+  __ bind(&finish_param_conversion);
+
+  __ Ldr(current_param_slot_offset, MemOperand(fp, kCurrentParamOffset));
+  __ Add(current_param_slot_offset, current_param_slot_offset, increment);
+  __ Ldr(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+  __ Ldr(param_index, MemOperand(fp, kParamIndexOffset));
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(param_count, MemOperand(fp, kParamCountOffset));
+
+  __ Add(param_index, param_index, 1);
+  __ Str(param, MemOperand(sp, param_index, LSL, kSystemPointerSizeLog2));
+
+  // -------------------------------------------
+  // Param conversion done.
+  // -------------------------------------------
+  __ bind(&param_conversion_done);
+
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ Cmp(param_index, param_count);
+  __ B(&loop_through_params, lt);
+
+  // -------------------------------------------
+  // Prepare for the function call.
+  // -------------------------------------------
+  __ bind(&prepare_for_js_call);
+
+  // Reset thread_in_wasm_flag.
+  __ Ldr(scratch, MemOperand(kRootRegister,
+                             Isolate::thread_in_wasm_flag_address_offset()));
+  __ Str(wzr, MemOperand(scratch, 0));  // 32 bit.
+
+  regs.ResetExcept(param, packed_args, valuetypes_array_ptr, context,
+                   return_count, valuetype, scratch);
+
+  // -------------------------------------------
+  // Call the JS function.
+  // -------------------------------------------
+  // Call_ReceiverIsAny expects the arguments in the stack in this order:
+  // sp + (n * 0x08)  JS arg n-1
+  // ...              ...
+  // sp + 0x08        JS arg 0
+  // sp               Receiver
+  //
+  // It also expects two arguments passed in registers:
+  // x0: number of arguments + 1 (receiver)
+  // x1: target (JSFunction|JSBoundFunction|...)
+
+  // We are calling Call_ReceiverIsAny which can call
+  // AdaptorWithBuiltinExitFrame, which adds
+  // BuiltinExitFrameConstants::kNumExtraArgsWithoutReceiver additional tagged
+  // arguments to the stack. We must also scan these additional args in case of
+  // GC. We store the current stack pointer to be able to detect when this
+  // happens.
+  __ Mov(scratch, sp);
+  __ Str(scratch,
+         MemOperand(fp, WasmToJSInterpreterFrameConstants::kGCSPOffset));
+
+  // x0: Receiver.
+  __ Ldr(x0, MemOperand(fp, kParamCountOffset));
+  __ Add(x0, x0, 1);  // Add 1 to count receiver.
+
+  // x1: callable.
+  __ Ldr(kJSFunctionRegister, MemOperand(fp, kCallableOffset));
+
+  __ Call(BUILTIN_CODE(masm->isolate(), Call_ReceiverIsAny),
+          RelocInfo::CODE_TARGET);
+
+  // After the call sp points to the saved context.
+  __ Ldr(cp, MemOperand(sp, 0));
+
+  // The JS function returns its result in register x0.
+  Register return_reg = kReturnRegister0;
+
+  // No slots to visit during GC.
+  __ Str(xzr,
+         MemOperand(fp,
+                    WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  __ Str(xzr, MemOperand(fp, WasmToJSInterpreterFrameConstants::kGCSPOffset));
+
+  // -------------------------------------------
+  // Return handling.
+  // -------------------------------------------
+  __ Ldr(return_count, MemOperand(fp, kReturnCountOffset));
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(signature, MemOperand(fp, kSignatureOffset));
+  __ Ldr(valuetypes_array_ptr,
+         MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+
+  DEFINE_REG(result_index);
+  __ Mov(result_index, xzr);
+  DEFINE_REG(current_result_offset);
+  __ Mov(current_result_offset, xzr);
+
+  // If we have return values, convert them from JS types back to Wasm types.
+  Label convert_return;
+  Label return_done;
+  Label all_done;
+  Label loop_copy_return_refs;
+  __ cmp(return_count, Immediate(1));
+  __ B(&all_done, lt);
+  __ B(&convert_return, eq);
+
+  // We have multiple results. Convert the result into a FixedArray.
+  DEFINE_REG(fixed_array);
+  __ Mov(fixed_array, xzr);
+
+  // The builtin expects three args:
+  // x0: object.
+  // x1: return_count as Smi.
+  // x27 (cp): context.
+  __ Ldr(x1, MemOperand(fp, kReturnCountOffset));
+  __ Add(x1, x1, x1);
+  // One tagged object at the top of the stack (the context).
+  __ Mov(scratch, Immediate(1));
+  __ Str(scratch,
+         MemOperand(fp,
+                    WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  __ Call(BUILTIN_CODE(masm->isolate(), IterableToFixedArrayForWasm),
+          RelocInfo::CODE_TARGET);
+  __ Mov(fixed_array, kReturnRegister0);
+
+  // Store fixed_array at the second top of the stack (in place of callable).
+  __ Str(fixed_array, MemOperand(sp, kSystemPointerSize));
+  __ Mov(scratch, Immediate(2));
+  __ Str(scratch,
+         MemOperand(fp,
+                    WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  __ Ldr(return_count, MemOperand(fp, kReturnCountOffset));
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(signature, MemOperand(fp, kSignatureOffset));
+  __ Ldr(valuetypes_array_ptr,
+         MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+  __ Mov(result_index, xzr);
+  __ Mov(current_result_offset, xzr);
+
+  __ Add(scratch, fixed_array, FixedArray::kHeaderSize - kHeapObjectTag);
+  __ LoadTaggedField(return_reg,
+                     MemOperand(scratch, result_index, LSL, kTaggedSizeLog2));
+
+  // -------------------------------------------
+  // Return conversions (JS type -> Wasm type).
+  // -------------------------------------------
+  __ bind(&convert_return);
+
+  // Save registers in the stack before the builtin call.
+  __ Str(current_result_offset, MemOperand(fp, kCurrentResultOffset));
+  __ Str(result_index, MemOperand(fp, kResultIndexOffset));
+  __ Str(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+
+  // The builtin expects the parameter to be in register param = x0.
+
+  // The first valuetype of the array is the return's valuetype.
+  __ Ldr(valuetype,
+         MemOperand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  Label return_kWasmI32;
+  Label return_kWasmI32_not_smi;
+  Label return_kWasmI64;
+  Label return_kWasmF32;
+  Label return_kWasmF64;
+  Label return_kWasmRef;
+
+  // Prepare for builtin call.
+
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&return_kWasmI32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ B(&return_kWasmI64, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ B(&return_kWasmF32, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ B(&return_kWasmF64, eq);
+
+  __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ B(&return_kWasmRef, eq);
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ B(&return_kWasmRef, eq);
+
+  // Invalid type. JavaScript cannot return Simd results to WebAssembly.
+  __ DebugBreak();
+
+  __ bind(&return_kWasmI32);
+  __ JumpIfNotSmi(return_reg, &return_kWasmI32_not_smi);
+  // Change the param from Smi to int32.
+  __ SmiUntag(return_reg);
+  __ AssertZeroExtended(return_reg);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Str(return_reg.W(), MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(int32_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedNonSmiToInt32),
+          RelocInfo::CODE_TARGET);
+  __ AssertZeroExtended(return_reg);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(current_result_offset, MemOperand(fp, kCurrentResultOffset));
+  __ Str(return_reg.W(), MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(int32_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmI64);
+  __ Call(BUILTIN_CODE(masm->isolate(), BigIntToI64), RelocInfo::CODE_TARGET);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(current_result_offset, MemOperand(fp, kCurrentResultOffset));
+  __ Str(return_reg, MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(int64_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmF32);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat32),
+          RelocInfo::CODE_TARGET);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(current_result_offset, MemOperand(fp, kCurrentResultOffset));
+  __ Str(kFPReturnRegister0, MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(float)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmF64);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat64),
+          RelocInfo::CODE_TARGET);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(current_result_offset, MemOperand(fp, kCurrentResultOffset));
+  __ Str(kFPReturnRegister0, MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(double)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmRef);
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Str(return_reg,
+         MemOperand(packed_args, result_index, LSL, kSystemPointerSizeLog2));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(double)));
+
+  // A result converted.
+  __ bind(&return_done);
+
+  // Restore after builtin call
+  __ Ldr(cp, MemOperand(sp, 0));
+  __ Ldr(fixed_array, MemOperand(sp, kSystemPointerSize));
+  __ Ldr(valuetypes_array_ptr, MemOperand(fp, kValueTypesArrayStartOffset));
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ Ldr(result_index, MemOperand(fp, kResultIndexOffset));
+  __ Add(result_index, result_index, Immediate(1));
+  __ Ldr(scratch, MemOperand(fp, kReturnCountOffset));
+  __ cmp(result_index, scratch);  // result_index == return_count?
+  __ B(&loop_copy_return_refs, ge);
+
+  __ Add(scratch, fixed_array, FixedArray::kHeaderSize - kHeapObjectTag);
+  __ LoadTaggedField(return_reg,
+                     MemOperand(scratch, result_index, LSL, kTaggedSizeLog2));
+  __ jmp(&convert_return);
+
+  // -------------------------------------------
+  // Update refs after calling all builtins.
+  // -------------------------------------------
+
+  // Some builtin calls for return value conversion may trigger GC, and some
+  // heap pointers of ref types might become invalid in the conversion loop.
+  // Thus, copy the ref values again after finishing all the conversions.
+  __ bind(&loop_copy_return_refs);
+
+  // If there is only one return value, there should be no heap pointer in the
+  // packed_args while calling any builtin. So, we don't need to update refs.
+  __ Ldr(return_count, MemOperand(fp, kReturnCountOffset));
+  __ cmp(return_count, Immediate(1));
+  __ B(&all_done, eq);
+
+  Label copy_return_if_ref, copy_return_ref, done_copy_return_ref;
+  __ Ldr(packed_args, MemOperand(fp, kPackedArrayOffset));
+  __ Ldr(signature, MemOperand(fp, kSignatureOffset));
+  __ Ldr(valuetypes_array_ptr,
+         MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+  __ Mov(result_index, xzr);
+  __ Mov(current_result_offset, xzr);
+
+  // Copy if the current return value is a ref type.
+  __ bind(&copy_return_if_ref);
+  __ Ldr(valuetype,
+         MemOperand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  __ And(valuetype, valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ B(&copy_return_ref, eq);
+  __ cmp(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ B(&copy_return_ref, eq);
+
+  Label inc_result_32bit;
+  __ cmp(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ B(&inc_result_32bit, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ B(&inc_result_32bit, eq);
+
+  Label inc_result_64bit;
+  __ cmp(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ B(&inc_result_64bit, eq);
+  __ cmp(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ B(&inc_result_64bit, eq);
+
+  // Invalid type. JavaScript cannot return Simd values to WebAssembly.
+  __ DebugBreak();
+
+  __ bind(&inc_result_32bit);
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(int32_t)));
+  __ jmp(&done_copy_return_ref);
+
+  __ bind(&inc_result_64bit);
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(sizeof(int64_t)));
+  __ jmp(&done_copy_return_ref);
+
+  __ bind(&copy_return_ref);
+  __ Add(scratch, fixed_array, FixedArray::kHeaderSize - kHeapObjectTag);
+  __ LoadTaggedField(return_reg,
+                     MemOperand(scratch, result_index, LSL, kTaggedSizeLog2));
+  __ Str(return_reg, MemOperand(packed_args, current_result_offset));
+  __ Add(current_result_offset, current_result_offset,
+         Immediate(kSystemPointerSize));
+
+  // Move pointers.
+  __ bind(&done_copy_return_ref);
+  __ Add(valuetypes_array_ptr, valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ Add(result_index, result_index, Immediate(1));
+  __ cmp(result_index, return_count);
+  __ B(&copy_return_if_ref, lt);
+
+  // -------------------------------------------
+  // All done.
+  // -------------------------------------------
+
+  __ bind(&all_done);
+  // Set thread_in_wasm_flag.
+  DEFINE_REG_W(scratch32);
+  __ Ldr(scratch, MemOperand(kRootRegister,
+                             Isolate::thread_in_wasm_flag_address_offset()));
+  __ Mov(scratch32, Immediate(1));
+  __ Str(scratch32, MemOperand(scratch, 0));  // 32 bit.
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::WASM_TO_JS);
+
+  __ Mov(x0, xzr);
+  __ Ret(lr);
+}
+
+#endif  // V8_ENABLE_WEBASSEMBLY
+
+#undef __
+
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/interpreter/instruction-handlers.h b/deps/v8/src/wasm/interpreter/instruction-handlers.h
new file mode 100644
index 00000000000000..3ce7c85357e341
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/instruction-handlers.h
@@ -0,0 +1,1256 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_INSTRUCTION_HANDLERS_H_
+#define V8_WASM_INTERPRETER_INSTRUCTION_HANDLERS_H_
+
+#define FOREACH_LOAD_STORE_INSTR_HANDLER(V) \
+  /* LoadMem */                             \
+  V(r2r_I32LoadMem8S)                       \
+  V(r2r_I32LoadMem8U)                       \
+  V(r2r_I32LoadMem16S)                      \
+  V(r2r_I32LoadMem16U)                      \
+  V(r2r_I64LoadMem8S)                       \
+  V(r2r_I64LoadMem8U)                       \
+  V(r2r_I64LoadMem16S)                      \
+  V(r2r_I64LoadMem16U)                      \
+  V(r2r_I64LoadMem32S)                      \
+  V(r2r_I64LoadMem32U)                      \
+  V(r2r_I32LoadMem)                         \
+  V(r2r_I64LoadMem)                         \
+  V(r2r_F32LoadMem)                         \
+  V(r2r_F64LoadMem)                         \
+  V(r2s_I32LoadMem8S)                       \
+  V(r2s_I32LoadMem8U)                       \
+  V(r2s_I32LoadMem16S)                      \
+  V(r2s_I32LoadMem16U)                      \
+  V(r2s_I64LoadMem8S)                       \
+  V(r2s_I64LoadMem8U)                       \
+  V(r2s_I64LoadMem16S)                      \
+  V(r2s_I64LoadMem16U)                      \
+  V(r2s_I64LoadMem32S)                      \
+  V(r2s_I64LoadMem32U)                      \
+  V(r2s_I32LoadMem)                         \
+  V(r2s_I64LoadMem)                         \
+  V(r2s_F32LoadMem)                         \
+  V(r2s_F64LoadMem)                         \
+  V(s2r_I32LoadMem8S)                       \
+  V(s2r_I32LoadMem8U)                       \
+  V(s2r_I32LoadMem16S)                      \
+  V(s2r_I32LoadMem16U)                      \
+  V(s2r_I64LoadMem8S)                       \
+  V(s2r_I64LoadMem8U)                       \
+  V(s2r_I64LoadMem16S)                      \
+  V(s2r_I64LoadMem16U)                      \
+  V(s2r_I64LoadMem32S)                      \
+  V(s2r_I64LoadMem32U)                      \
+  V(s2r_I32LoadMem)                         \
+  V(s2r_I64LoadMem)                         \
+  V(s2r_F32LoadMem)                         \
+  V(s2r_F64LoadMem)                         \
+  V(s2s_I32LoadMem8S)                       \
+  V(s2s_I32LoadMem8U)                       \
+  V(s2s_I32LoadMem16S)                      \
+  V(s2s_I32LoadMem16U)                      \
+  V(s2s_I64LoadMem8S)                       \
+  V(s2s_I64LoadMem8U)                       \
+  V(s2s_I64LoadMem16S)                      \
+  V(s2s_I64LoadMem16U)                      \
+  V(s2s_I64LoadMem32S)                      \
+  V(s2s_I64LoadMem32U)                      \
+  V(s2s_I32LoadMem)                         \
+  V(s2s_I64LoadMem)                         \
+  V(s2s_F32LoadMem)                         \
+  V(s2s_F64LoadMem)                         \
+  /* LoadMem_LocalSet */                    \
+  V(s2s_I32LoadMem8S_LocalSet)              \
+  V(s2s_I32LoadMem8U_LocalSet)              \
+  V(s2s_I32LoadMem16S_LocalSet)             \
+  V(s2s_I32LoadMem16U_LocalSet)             \
+  V(s2s_I64LoadMem8S_LocalSet)              \
+  V(s2s_I64LoadMem8U_LocalSet)              \
+  V(s2s_I64LoadMem16S_LocalSet)             \
+  V(s2s_I64LoadMem16U_LocalSet)             \
+  V(s2s_I64LoadMem32S_LocalSet)             \
+  V(s2s_I64LoadMem32U_LocalSet)             \
+  V(s2s_I32LoadMem_LocalSet)                \
+  V(s2s_I64LoadMem_LocalSet)                \
+  V(s2s_F32LoadMem_LocalSet)                \
+  V(s2s_F64LoadMem_LocalSet)                \
+  /* StoreMem */                            \
+  V(r2s_I32StoreMem8)                       \
+  V(r2s_I32StoreMem16)                      \
+  V(r2s_I64StoreMem8)                       \
+  V(r2s_I64StoreMem16)                      \
+  V(r2s_I64StoreMem32)                      \
+  V(r2s_I32StoreMem)                        \
+  V(r2s_I64StoreMem)                        \
+  V(r2s_F32StoreMem)                        \
+  V(r2s_F64StoreMem)                        \
+  V(s2s_I32StoreMem8)                       \
+  V(s2s_I32StoreMem16)                      \
+  V(s2s_I64StoreMem8)                       \
+  V(s2s_I64StoreMem16)                      \
+  V(s2s_I64StoreMem32)                      \
+  V(s2s_I32StoreMem)                        \
+  V(s2s_I64StoreMem)                        \
+  V(s2s_F32StoreMem)                        \
+  V(s2s_F64StoreMem)                        \
+  /* LoadStoreMem */                        \
+  V(r2s_I32LoadStoreMem)                    \
+  V(r2s_I64LoadStoreMem)                    \
+  V(r2s_F32LoadStoreMem)                    \
+  V(r2s_F64LoadStoreMem)                    \
+  V(s2s_I32LoadStoreMem)                    \
+  V(s2s_I64LoadStoreMem)                    \
+  V(s2s_F32LoadStoreMem)                    \
+  V(s2s_F64LoadStoreMem)
+
+#define FOREACH_LOAD_STORE_DUPLICATED_INSTR_HANDLER(V) \
+  /* LoadMem_LocalSet */                               \
+  V(r2s_I32LoadMem8S_LocalSet)                         \
+  V(r2s_I32LoadMem8U_LocalSet)                         \
+  V(r2s_I32LoadMem16S_LocalSet)                        \
+  V(r2s_I32LoadMem16U_LocalSet)                        \
+  V(r2s_I64LoadMem8S_LocalSet)                         \
+  V(r2s_I64LoadMem8U_LocalSet)                         \
+  V(r2s_I64LoadMem16S_LocalSet)                        \
+  V(r2s_I64LoadMem16U_LocalSet)                        \
+  V(r2s_I64LoadMem32S_LocalSet)                        \
+  V(r2s_I64LoadMem32U_LocalSet)                        \
+  V(r2s_I32LoadMem_LocalSet)                           \
+  V(r2s_I64LoadMem_LocalSet)                           \
+  V(r2s_F32LoadMem_LocalSet)                           \
+  V(r2s_F64LoadMem_LocalSet)                           \
+  /* LocalGet_StoreMem */                              \
+  V(s2s_LocalGet_I32StoreMem8)                         \
+  V(s2s_LocalGet_I32StoreMem16)                        \
+  V(s2s_LocalGet_I64StoreMem8)                         \
+  V(s2s_LocalGet_I64StoreMem16)                        \
+  V(s2s_LocalGet_I64StoreMem32)                        \
+  V(s2s_LocalGet_I32StoreMem)                          \
+  V(s2s_LocalGet_I64StoreMem)                          \
+  V(s2s_LocalGet_F32StoreMem)                          \
+  V(s2s_LocalGet_F64StoreMem)
+
+#define FOREACH_NO_BOUNDSCHECK_INSTR_HANDLER(V) \
+  /* GlobalGet */                               \
+  V(s2r_I32GlobalGet)                           \
+  V(s2r_I64GlobalGet)                           \
+  V(s2r_F32GlobalGet)                           \
+  V(s2r_F64GlobalGet)                           \
+  V(s2s_I32GlobalGet)                           \
+  V(s2s_I64GlobalGet)                           \
+  V(s2s_F32GlobalGet)                           \
+  V(s2s_F64GlobalGet)                           \
+  V(s2s_S128GlobalGet)                          \
+  V(s2s_RefGlobalGet)                           \
+  /* GlobalSet */                               \
+  V(r2s_I32GlobalSet)                           \
+  V(r2s_I64GlobalSet)                           \
+  V(r2s_F32GlobalSet)                           \
+  V(r2s_F64GlobalSet)                           \
+  V(s2s_I32GlobalSet)                           \
+  V(s2s_I64GlobalSet)                           \
+  V(s2s_F32GlobalSet)                           \
+  V(s2s_F64GlobalSet)                           \
+  V(s2s_S128GlobalSet)                          \
+  V(s2s_RefGlobalSet)                           \
+  /* Drop */                                    \
+  V(r2s_I32Drop)                                \
+  V(r2s_I64Drop)                                \
+  V(r2s_F32Drop)                                \
+  V(r2s_F64Drop)                                \
+  V(r2s_RefDrop)                                \
+  V(s2s_I32Drop)                                \
+  V(s2s_I64Drop)                                \
+  V(s2s_F32Drop)                                \
+  V(s2s_F64Drop)                                \
+  V(s2s_S128Drop)                               \
+  V(s2s_RefDrop)                                \
+  /* Select */                                  \
+  V(r2r_I32Select)                              \
+  V(r2r_I64Select)                              \
+  V(r2r_F32Select)                              \
+  V(r2r_F64Select)                              \
+  V(r2s_I32Select)                              \
+  V(r2s_I64Select)                              \
+  V(r2s_F32Select)                              \
+  V(r2s_F64Select)                              \
+  V(r2s_S128Select)                             \
+  V(r2s_RefSelect)                              \
+  V(s2r_I32Select)                              \
+  V(s2r_I64Select)                              \
+  V(s2r_F32Select)                              \
+  V(s2r_F64Select)                              \
+  V(s2s_I32Select)                              \
+  V(s2s_I64Select)                              \
+  V(s2s_F32Select)                              \
+  V(s2s_F64Select)                              \
+  V(s2s_S128Select)                             \
+  V(s2s_RefSelect)                              \
+  /* Binary arithmetic operators. */            \
+  V(r2r_I32Add)                                 \
+  V(r2r_I32Sub)                                 \
+  V(r2r_I32Mul)                                 \
+  V(r2r_I32And)                                 \
+  V(r2r_I32Ior)                                 \
+  V(r2r_I32Xor)                                 \
+  V(r2r_I64Add)                                 \
+  V(r2r_I64Sub)                                 \
+  V(r2r_I64Mul)                                 \
+  V(r2r_I64And)                                 \
+  V(r2r_I64Ior)                                 \
+  V(r2r_I64Xor)                                 \
+  V(r2r_F32Add)                                 \
+  V(r2r_F32Sub)                                 \
+  V(r2r_F32Mul)                                 \
+  V(r2r_F64Add)                                 \
+  V(r2r_F64Sub)                                 \
+  V(r2r_F64Mul)                                 \
+  V(r2r_I32DivS)                                \
+  V(r2r_I64DivS)                                \
+  V(r2r_I32DivU)                                \
+  V(r2r_I64DivU)                                \
+  V(r2r_F32Div)                                 \
+  V(r2r_F64Div)                                 \
+  V(r2r_I32RemS)                                \
+  V(r2r_I64RemS)                                \
+  V(r2r_I32RemU)                                \
+  V(r2r_I64RemU)                                \
+  V(r2s_I32Add)                                 \
+  V(r2s_I32Sub)                                 \
+  V(r2s_I32Mul)                                 \
+  V(r2s_I32And)                                 \
+  V(r2s_I32Ior)                                 \
+  V(r2s_I32Xor)                                 \
+  V(r2s_I64Add)                                 \
+  V(r2s_I64Sub)                                 \
+  V(r2s_I64Mul)                                 \
+  V(r2s_I64And)                                 \
+  V(r2s_I64Ior)                                 \
+  V(r2s_I64Xor)                                 \
+  V(r2s_F32Add)                                 \
+  V(r2s_F32Sub)                                 \
+  V(r2s_F32Mul)                                 \
+  V(r2s_F64Add)                                 \
+  V(r2s_F64Sub)                                 \
+  V(r2s_F64Mul)                                 \
+  V(r2s_I32DivS)                                \
+  V(r2s_I64DivS)                                \
+  V(r2s_I32DivU)                                \
+  V(r2s_I64DivU)                                \
+  V(r2s_F32Div)                                 \
+  V(r2s_F64Div)                                 \
+  V(r2s_I32RemS)                                \
+  V(r2s_I64RemS)                                \
+  V(r2s_I32RemU)                                \
+  V(r2s_I64RemU)                                \
+  V(s2r_I32Add)                                 \
+  V(s2r_I32Sub)                                 \
+  V(s2r_I32Mul)                                 \
+  V(s2r_I32And)                                 \
+  V(s2r_I32Ior)                                 \
+  V(s2r_I32Xor)                                 \
+  V(s2r_I64Add)                                 \
+  V(s2r_I64Sub)                                 \
+  V(s2r_I64Mul)                                 \
+  V(s2r_I64And)                                 \
+  V(s2r_I64Ior)                                 \
+  V(s2r_I64Xor)                                 \
+  V(s2r_F32Add)                                 \
+  V(s2r_F32Sub)                                 \
+  V(s2r_F32Mul)                                 \
+  V(s2r_F64Add)                                 \
+  V(s2r_F64Sub)                                 \
+  V(s2r_F64Mul)                                 \
+  V(s2r_I32DivS)                                \
+  V(s2r_I64DivS)                                \
+  V(s2r_I32DivU)                                \
+  V(s2r_I64DivU)                                \
+  V(s2r_F32Div)                                 \
+  V(s2r_F64Div)                                 \
+  V(s2r_I32RemS)                                \
+  V(s2r_I64RemS)                                \
+  V(s2r_I32RemU)                                \
+  V(s2r_I64RemU)                                \
+  V(s2s_I32Add)                                 \
+  V(s2s_I32Sub)                                 \
+  V(s2s_I32Mul)                                 \
+  V(s2s_I32And)                                 \
+  V(s2s_I32Ior)                                 \
+  V(s2s_I32Xor)                                 \
+  V(s2s_I64Add)                                 \
+  V(s2s_I64Sub)                                 \
+  V(s2s_I64Mul)                                 \
+  V(s2s_I64And)                                 \
+  V(s2s_I64Ior)                                 \
+  V(s2s_I64Xor)                                 \
+  V(s2s_F32Add)                                 \
+  V(s2s_F32Sub)                                 \
+  V(s2s_F32Mul)                                 \
+  V(s2s_F64Add)                                 \
+  V(s2s_F64Sub)                                 \
+  V(s2s_F64Mul)                                 \
+  V(s2s_I32DivS)                                \
+  V(s2s_I64DivS)                                \
+  V(s2s_I32DivU)                                \
+  V(s2s_I64DivU)                                \
+  V(s2s_F32Div)                                 \
+  V(s2s_F64Div)                                 \
+  V(s2s_I32RemS)                                \
+  V(s2s_I64RemS)                                \
+  V(s2s_I32RemU)                                \
+  V(s2s_I64RemU)                                \
+  /* Comparison operators. */                   \
+  V(r2r_I32Eq)                                  \
+  V(r2r_I32Ne)                                  \
+  V(r2r_I32LtU)                                 \
+  V(r2r_I32LeU)                                 \
+  V(r2r_I32GtU)                                 \
+  V(r2r_I32GeU)                                 \
+  V(r2r_I32LtS)                                 \
+  V(r2r_I32LeS)                                 \
+  V(r2r_I32GtS)                                 \
+  V(r2r_I32GeS)                                 \
+  V(r2r_I64Eq)                                  \
+  V(r2r_I64Ne)                                  \
+  V(r2r_I64LtU)                                 \
+  V(r2r_I64LeU)                                 \
+  V(r2r_I64GtU)                                 \
+  V(r2r_I64GeU)                                 \
+  V(r2r_I64LtS)                                 \
+  V(r2r_I64LeS)                                 \
+  V(r2r_I64GtS)                                 \
+  V(r2r_I64GeS)                                 \
+  V(r2r_F32Eq)                                  \
+  V(r2r_F32Ne)                                  \
+  V(r2r_F32Lt)                                  \
+  V(r2r_F32Le)                                  \
+  V(r2r_F32Gt)                                  \
+  V(r2r_F32Ge)                                  \
+  V(r2r_F64Eq)                                  \
+  V(r2r_F64Ne)                                  \
+  V(r2r_F64Lt)                                  \
+  V(r2r_F64Le)                                  \
+  V(r2r_F64Gt)                                  \
+  V(r2r_F64Ge)                                  \
+  V(r2s_I32Eq)                                  \
+  V(r2s_I32Ne)                                  \
+  V(r2s_I32LtU)                                 \
+  V(r2s_I32LeU)                                 \
+  V(r2s_I32GtU)                                 \
+  V(r2s_I32GeU)                                 \
+  V(r2s_I32LtS)                                 \
+  V(r2s_I32LeS)                                 \
+  V(r2s_I32GtS)                                 \
+  V(r2s_I32GeS)                                 \
+  V(r2s_I64Eq)                                  \
+  V(r2s_I64Ne)                                  \
+  V(r2s_I64LtU)                                 \
+  V(r2s_I64LeU)                                 \
+  V(r2s_I64GtU)                                 \
+  V(r2s_I64GeU)                                 \
+  V(r2s_I64LtS)                                 \
+  V(r2s_I64LeS)                                 \
+  V(r2s_I64GtS)                                 \
+  V(r2s_I64GeS)                                 \
+  V(r2s_F32Eq)                                  \
+  V(r2s_F32Ne)                                  \
+  V(r2s_F32Lt)                                  \
+  V(r2s_F32Le)                                  \
+  V(r2s_F32Gt)                                  \
+  V(r2s_F32Ge)                                  \
+  V(r2s_F64Eq)                                  \
+  V(r2s_F64Ne)                                  \
+  V(r2s_F64Lt)                                  \
+  V(r2s_F64Le)                                  \
+  V(r2s_F64Gt)                                  \
+  V(r2s_F64Ge)                                  \
+  V(s2r_I32Eq)                                  \
+  V(s2r_I32Ne)                                  \
+  V(s2r_I32LtU)                                 \
+  V(s2r_I32LeU)                                 \
+  V(s2r_I32GtU)                                 \
+  V(s2r_I32GeU)                                 \
+  V(s2r_I32LtS)                                 \
+  V(s2r_I32LeS)                                 \
+  V(s2r_I32GtS)                                 \
+  V(s2r_I32GeS)                                 \
+  V(s2r_I64Eq)                                  \
+  V(s2r_I64Ne)                                  \
+  V(s2r_I64LtU)                                 \
+  V(s2r_I64LeU)                                 \
+  V(s2r_I64GtU)                                 \
+  V(s2r_I64GeU)                                 \
+  V(s2r_I64LtS)                                 \
+  V(s2r_I64LeS)                                 \
+  V(s2r_I64GtS)                                 \
+  V(s2r_I64GeS)                                 \
+  V(s2r_F32Eq)                                  \
+  V(s2r_F32Ne)                                  \
+  V(s2r_F32Lt)                                  \
+  V(s2r_F32Le)                                  \
+  V(s2r_F32Gt)                                  \
+  V(s2r_F32Ge)                                  \
+  V(s2r_F64Eq)                                  \
+  V(s2r_F64Ne)                                  \
+  V(s2r_F64Lt)                                  \
+  V(s2r_F64Le)                                  \
+  V(s2r_F64Gt)                                  \
+  V(s2r_F64Ge)                                  \
+  V(s2s_I32Eq)                                  \
+  V(s2s_I32Ne)                                  \
+  V(s2s_I32LtU)                                 \
+  V(s2s_I32LeU)                                 \
+  V(s2s_I32GtU)                                 \
+  V(s2s_I32GeU)                                 \
+  V(s2s_I32LtS)                                 \
+  V(s2s_I32LeS)                                 \
+  V(s2s_I32GtS)                                 \
+  V(s2s_I32GeS)                                 \
+  V(s2s_I64Eq)                                  \
+  V(s2s_I64Ne)                                  \
+  V(s2s_I64LtU)                                 \
+  V(s2s_I64LeU)                                 \
+  V(s2s_I64GtU)                                 \
+  V(s2s_I64GeU)                                 \
+  V(s2s_I64LtS)                                 \
+  V(s2s_I64LeS)                                 \
+  V(s2s_I64GtS)                                 \
+  V(s2s_I64GeS)                                 \
+  V(s2s_F32Eq)                                  \
+  V(s2s_F32Ne)                                  \
+  V(s2s_F32Lt)                                  \
+  V(s2s_F32Le)                                  \
+  V(s2s_F32Gt)                                  \
+  V(s2s_F32Ge)                                  \
+  V(s2s_F64Eq)                                  \
+  V(s2s_F64Ne)                                  \
+  V(s2s_F64Lt)                                  \
+  V(s2s_F64Le)                                  \
+  V(s2s_F64Gt)                                  \
+  V(s2s_F64Ge)                                  \
+  /* More binary operators. */                  \
+  V(r2r_I32Shl)                                 \
+  V(r2r_I32ShrU)                                \
+  V(r2r_I32ShrS)                                \
+  V(r2r_I64Shl)                                 \
+  V(r2r_I64ShrU)                                \
+  V(r2r_I64ShrS)                                \
+  V(r2r_I32Rol)                                 \
+  V(r2r_I32Ror)                                 \
+  V(r2r_I64Rol)                                 \
+  V(r2r_I64Ror)                                 \
+  V(r2r_F32Min)                                 \
+  V(r2r_F32Max)                                 \
+  V(r2r_F64Min)                                 \
+  V(r2r_F64Max)                                 \
+  V(r2r_F32CopySign)                            \
+  V(r2r_F64CopySign)                            \
+  V(r2s_I32Shl)                                 \
+  V(r2s_I32ShrU)                                \
+  V(r2s_I32ShrS)                                \
+  V(r2s_I64Shl)                                 \
+  V(r2s_I64ShrU)                                \
+  V(r2s_I64ShrS)                                \
+  V(r2s_I32Rol)                                 \
+  V(r2s_I32Ror)                                 \
+  V(r2s_I64Rol)                                 \
+  V(r2s_I64Ror)                                 \
+  V(r2s_F32Min)                                 \
+  V(r2s_F32Max)                                 \
+  V(r2s_F64Min)                                 \
+  V(r2s_F64Max)                                 \
+  V(r2s_F32CopySign)                            \
+  V(r2s_F64CopySign)                            \
+  V(s2r_I32Shl)                                 \
+  V(s2r_I32ShrU)                                \
+  V(s2r_I32ShrS)                                \
+  V(s2r_I64Shl)                                 \
+  V(s2r_I64ShrU)                                \
+  V(s2r_I64ShrS)                                \
+  V(s2r_I32Rol)                                 \
+  V(s2r_I32Ror)                                 \
+  V(s2r_I64Rol)                                 \
+  V(s2r_I64Ror)                                 \
+  V(s2r_F32Min)                                 \
+  V(s2r_F32Max)                                 \
+  V(s2r_F64Min)                                 \
+  V(s2r_F64Max)                                 \
+  V(s2r_F32CopySign)                            \
+  V(s2r_F64CopySign)                            \
+  V(s2s_I32Shl)                                 \
+  V(s2s_I32ShrU)                                \
+  V(s2s_I32ShrS)                                \
+  V(s2s_I64Shl)                                 \
+  V(s2s_I64ShrU)                                \
+  V(s2s_I64ShrS)                                \
+  V(s2s_I32Rol)                                 \
+  V(s2s_I32Ror)                                 \
+  V(s2s_I64Rol)                                 \
+  V(s2s_I64Ror)                                 \
+  V(s2s_F32Min)                                 \
+  V(s2s_F32Max)                                 \
+  V(s2s_F64Min)                                 \
+  V(s2s_F64Max)                                 \
+  V(s2s_F32CopySign)                            \
+  V(s2s_F64CopySign)                            \
+  /* Unary operators. */                        \
+  V(r2r_F32Abs)                                 \
+  V(r2r_F32Neg)                                 \
+  V(r2r_F32Ceil)                                \
+  V(r2r_F32Floor)                               \
+  V(r2r_F32Trunc)                               \
+  V(r2r_F32NearestInt)                          \
+  V(r2r_F32Sqrt)                                \
+  V(r2r_F64Abs)                                 \
+  V(r2r_F64Neg)                                 \
+  V(r2r_F64Ceil)                                \
+  V(r2r_F64Floor)                               \
+  V(r2r_F64Trunc)                               \
+  V(r2r_F64NearestInt)                          \
+  V(r2r_F64Sqrt)                                \
+  V(r2s_F32Abs)                                 \
+  V(r2s_F32Neg)                                 \
+  V(r2s_F32Ceil)                                \
+  V(r2s_F32Floor)                               \
+  V(r2s_F32Trunc)                               \
+  V(r2s_F32NearestInt)                          \
+  V(r2s_F32Sqrt)                                \
+  V(r2s_F64Abs)                                 \
+  V(r2s_F64Neg)                                 \
+  V(r2s_F64Ceil)                                \
+  V(r2s_F64Floor)                               \
+  V(r2s_F64Trunc)                               \
+  V(r2s_F64NearestInt)                          \
+  V(r2s_F64Sqrt)                                \
+  V(s2r_F32Abs)                                 \
+  V(s2r_F32Neg)                                 \
+  V(s2r_F32Ceil)                                \
+  V(s2r_F32Floor)                               \
+  V(s2r_F32Trunc)                               \
+  V(s2r_F32NearestInt)                          \
+  V(s2r_F32Sqrt)                                \
+  V(s2r_F64Abs)                                 \
+  V(s2r_F64Neg)                                 \
+  V(s2r_F64Ceil)                                \
+  V(s2r_F64Floor)                               \
+  V(s2r_F64Trunc)                               \
+  V(s2r_F64NearestInt)                          \
+  V(s2r_F64Sqrt)                                \
+  V(s2s_F32Abs)                                 \
+  V(s2s_F32Neg)                                 \
+  V(s2s_F32Ceil)                                \
+  V(s2s_F32Floor)                               \
+  V(s2s_F32Trunc)                               \
+  V(s2s_F32NearestInt)                          \
+  V(s2s_F32Sqrt)                                \
+  V(s2s_F64Abs)                                 \
+  V(s2s_F64Neg)                                 \
+  V(s2s_F64Ceil)                                \
+  V(s2s_F64Floor)                               \
+  V(s2s_F64Trunc)                               \
+  V(s2s_F64NearestInt)                          \
+  V(s2s_F64Sqrt)                                \
+  /* Numeric conversion operators. */           \
+  V(r2r_I32ConvertI64)                          \
+  V(r2r_I64SConvertF32)                         \
+  V(r2r_I64SConvertF64)                         \
+  V(r2r_I64UConvertF32)                         \
+  V(r2r_I64UConvertF64)                         \
+  V(r2r_I32SConvertF32)                         \
+  V(r2r_I32UConvertF32)                         \
+  V(r2r_I32SConvertF64)                         \
+  V(r2r_I32UConvertF64)                         \
+  V(r2r_I64SConvertI32)                         \
+  V(r2r_I64UConvertI32)                         \
+  V(r2r_F32SConvertI32)                         \
+  V(r2r_F32UConvertI32)                         \
+  V(r2r_F32SConvertI64)                         \
+  V(r2r_F32UConvertI64)                         \
+  V(r2r_F32ConvertF64)                          \
+  V(r2r_F64SConvertI32)                         \
+  V(r2r_F64UConvertI32)                         \
+  V(r2r_F64SConvertI64)                         \
+  V(r2r_F64UConvertI64)                         \
+  V(r2r_F64ConvertF32)                          \
+  V(r2s_I32ConvertI64)                          \
+  V(r2s_I64SConvertF32)                         \
+  V(r2s_I64SConvertF64)                         \
+  V(r2s_I64UConvertF32)                         \
+  V(r2s_I64UConvertF64)                         \
+  V(r2s_I32SConvertF32)                         \
+  V(r2s_I32UConvertF32)                         \
+  V(r2s_I32SConvertF64)                         \
+  V(r2s_I32UConvertF64)                         \
+  V(r2s_I64SConvertI32)                         \
+  V(r2s_I64UConvertI32)                         \
+  V(r2s_F32SConvertI32)                         \
+  V(r2s_F32UConvertI32)                         \
+  V(r2s_F32SConvertI64)                         \
+  V(r2s_F32UConvertI64)                         \
+  V(r2s_F32ConvertF64)                          \
+  V(r2s_F64SConvertI32)                         \
+  V(r2s_F64UConvertI32)                         \
+  V(r2s_F64SConvertI64)                         \
+  V(r2s_F64UConvertI64)                         \
+  V(r2s_F64ConvertF32)                          \
+  V(s2r_I32ConvertI64)                          \
+  V(s2r_I64SConvertF32)                         \
+  V(s2r_I64SConvertF64)                         \
+  V(s2r_I64UConvertF32)                         \
+  V(s2r_I64UConvertF64)                         \
+  V(s2r_I32SConvertF32)                         \
+  V(s2r_I32UConvertF32)                         \
+  V(s2r_I32SConvertF64)                         \
+  V(s2r_I32UConvertF64)                         \
+  V(s2r_I64SConvertI32)                         \
+  V(s2r_I64UConvertI32)                         \
+  V(s2r_F32SConvertI32)                         \
+  V(s2r_F32UConvertI32)                         \
+  V(s2r_F32SConvertI64)                         \
+  V(s2r_F32UConvertI64)                         \
+  V(s2r_F32ConvertF64)                          \
+  V(s2r_F64SConvertI32)                         \
+  V(s2r_F64UConvertI32)                         \
+  V(s2r_F64SConvertI64)                         \
+  V(s2r_F64UConvertI64)                         \
+  V(s2r_F64ConvertF32)                          \
+  V(s2s_I32ConvertI64)                          \
+  V(s2s_I64SConvertF32)                         \
+  V(s2s_I64SConvertF64)                         \
+  V(s2s_I64UConvertF32)                         \
+  V(s2s_I64UConvertF64)                         \
+  V(s2s_I32SConvertF32)                         \
+  V(s2s_I32UConvertF32)                         \
+  V(s2s_I32SConvertF64)                         \
+  V(s2s_I32UConvertF64)                         \
+  V(s2s_I64SConvertI32)                         \
+  V(s2s_I64UConvertI32)                         \
+  V(s2s_F32SConvertI32)                         \
+  V(s2s_F32UConvertI32)                         \
+  V(s2s_F32SConvertI64)                         \
+  V(s2s_F32UConvertI64)                         \
+  V(s2s_F32ConvertF64)                          \
+  V(s2s_F64SConvertI32)                         \
+  V(s2s_F64UConvertI32)                         \
+  V(s2s_F64SConvertI64)                         \
+  V(s2s_F64UConvertI64)                         \
+  V(s2s_F64ConvertF32)                          \
+  /* Numeric reinterpret operators. */          \
+  V(r2r_F32ReinterpretI32)                      \
+  V(r2r_F64ReinterpretI64)                      \
+  V(r2r_I32ReinterpretF32)                      \
+  V(r2r_I64ReinterpretF64)                      \
+  V(r2s_F32ReinterpretI32)                      \
+  V(r2s_F64ReinterpretI64)                      \
+  V(r2s_I32ReinterpretF32)                      \
+  V(r2s_I64ReinterpretF64)                      \
+  V(s2r_F32ReinterpretI32)                      \
+  V(s2r_F64ReinterpretI64)                      \
+  V(s2r_I32ReinterpretF32)                      \
+  V(s2r_I64ReinterpretF64)                      \
+  V(s2s_F32ReinterpretI32)                      \
+  V(s2s_F64ReinterpretI64)                      \
+  V(s2s_I32ReinterpretF32)                      \
+  V(s2s_I64ReinterpretF64)                      \
+  /* Bit operators. */                          \
+  V(r2r_I32Clz)                                 \
+  V(r2r_I32Ctz)                                 \
+  V(r2r_I32Popcnt)                              \
+  V(r2r_I32Eqz)                                 \
+  V(r2r_I64Clz)                                 \
+  V(r2r_I64Ctz)                                 \
+  V(r2r_I64Popcnt)                              \
+  V(r2r_I64Eqz)                                 \
+  V(r2s_I32Clz)                                 \
+  V(r2s_I32Ctz)                                 \
+  V(r2s_I32Popcnt)                              \
+  V(r2s_I32Eqz)                                 \
+  V(r2s_I64Clz)                                 \
+  V(r2s_I64Ctz)                                 \
+  V(r2s_I64Popcnt)                              \
+  V(r2s_I64Eqz)                                 \
+  V(s2r_I32Clz)                                 \
+  V(s2r_I32Ctz)                                 \
+  V(s2r_I32Popcnt)                              \
+  V(s2r_I32Eqz)                                 \
+  V(s2r_I64Clz)                                 \
+  V(s2r_I64Ctz)                                 \
+  V(s2r_I64Popcnt)                              \
+  V(s2r_I64Eqz)                                 \
+  V(s2s_I32Clz)                                 \
+  V(s2s_I32Ctz)                                 \
+  V(s2s_I32Popcnt)                              \
+  V(s2s_I32Eqz)                                 \
+  V(s2s_I64Clz)                                 \
+  V(s2s_I64Ctz)                                 \
+  V(s2s_I64Popcnt)                              \
+  V(s2s_I64Eqz)                                 \
+  /* Sign extension operators. */               \
+  V(r2r_I32SExtendI8)                           \
+  V(r2r_I32SExtendI16)                          \
+  V(r2r_I64SExtendI8)                           \
+  V(r2r_I64SExtendI16)                          \
+  V(r2r_I64SExtendI32)                          \
+  V(r2s_I32SExtendI8)                           \
+  V(r2s_I32SExtendI16)                          \
+  V(r2s_I64SExtendI8)                           \
+  V(r2s_I64SExtendI16)                          \
+  V(r2s_I64SExtendI32)                          \
+  V(s2r_I32SExtendI8)                           \
+  V(s2r_I32SExtendI16)                          \
+  V(s2r_I64SExtendI8)                           \
+  V(s2r_I64SExtendI16)                          \
+  V(s2r_I64SExtendI32)                          \
+  V(s2s_I32SExtendI8)                           \
+  V(s2s_I32SExtendI16)                          \
+  V(s2s_I64SExtendI8)                           \
+  V(s2s_I64SExtendI16)                          \
+  V(s2s_I64SExtendI32)                          \
+  /* Saturated truncation operators. */         \
+  V(r2r_I32SConvertSatF32)                      \
+  V(r2r_I32UConvertSatF32)                      \
+  V(r2r_I32SConvertSatF64)                      \
+  V(r2r_I32UConvertSatF64)                      \
+  V(r2r_I64SConvertSatF32)                      \
+  V(r2r_I64UConvertSatF32)                      \
+  V(r2r_I64SConvertSatF64)                      \
+  V(r2r_I64UConvertSatF64)                      \
+  V(r2s_I32SConvertSatF32)                      \
+  V(r2s_I32UConvertSatF32)                      \
+  V(r2s_I32SConvertSatF64)                      \
+  V(r2s_I32UConvertSatF64)                      \
+  V(r2s_I64SConvertSatF32)                      \
+  V(r2s_I64UConvertSatF32)                      \
+  V(r2s_I64SConvertSatF64)                      \
+  V(r2s_I64UConvertSatF64)                      \
+  V(s2r_I32SConvertSatF32)                      \
+  V(s2r_I32UConvertSatF32)                      \
+  V(s2r_I32SConvertSatF64)                      \
+  V(s2r_I32UConvertSatF64)                      \
+  V(s2r_I64SConvertSatF32)                      \
+  V(s2r_I64UConvertSatF32)                      \
+  V(s2r_I64SConvertSatF64)                      \
+  V(s2r_I64UConvertSatF64)                      \
+  V(s2s_I32SConvertSatF32)                      \
+  V(s2s_I32UConvertSatF32)                      \
+  V(s2s_I32SConvertSatF64)                      \
+  V(s2s_I32UConvertSatF64)                      \
+  V(s2s_I64SConvertSatF32)                      \
+  V(s2s_I64UConvertSatF32)                      \
+  V(s2s_I64SConvertSatF64)                      \
+  V(s2s_I64UConvertSatF64)                      \
+  /* Other instruction handlers. */             \
+  V(s2s_MemoryGrow)                             \
+  V(s2s_MemorySize)                             \
+  V(s2s_Return)                                 \
+  V(s2s_Branch)                                 \
+  V(r2s_BranchIf)                               \
+  V(s2s_BranchIf)                               \
+  V(r2s_BranchIfWithParams)                     \
+  V(s2s_BranchIfWithParams)                     \
+  V(r2s_If)                                     \
+  V(s2s_If)                                     \
+  V(s2s_Else)                                   \
+  V(s2s_CallFunction)                           \
+  V(s2s_ReturnCall)                             \
+  V(s2s_CallImportedFunction)                   \
+  V(s2s_ReturnCallImportedFunction)             \
+  V(s2s_CallIndirect)                           \
+  V(s2s_ReturnCallIndirect)                     \
+  V(r2s_BrTable)                                \
+  V(s2s_BrTable)                                \
+  V(s2s_CopySlotMulti)                          \
+  V(s2s_CopySlot_ll)                            \
+  V(s2s_CopySlot_lq)                            \
+  V(s2s_CopySlot_ql)                            \
+  V(s2s_CopySlot_qq)                            \
+  V(s2s_CopySlot32)                             \
+  V(s2s_CopySlot32x2)                           \
+  V(s2s_CopySlot64)                             \
+  V(s2s_CopySlot64x2)                           \
+  V(s2s_CopySlot128)                            \
+  V(s2s_CopySlotRef)                            \
+  V(s2s_PreserveCopySlot32)                     \
+  V(s2s_PreserveCopySlot64)                     \
+  V(s2s_PreserveCopySlot128)                    \
+  V(s2s_PreserveCopySlotRef)                    \
+  V(r2s_CopyR0ToSlot32)                         \
+  V(r2s_CopyR0ToSlot64)                         \
+  V(r2s_CopyFp0ToSlot32)                        \
+  V(r2s_CopyFp0ToSlot64)                        \
+  V(r2s_PreserveCopyR0ToSlot32)                 \
+  V(r2s_PreserveCopyR0ToSlot64)                 \
+  V(r2s_PreserveCopyFp0ToSlot32)                \
+  V(r2s_PreserveCopyFp0ToSlot64)                \
+  V(s2s_RefNull)                                \
+  V(s2s_RefIsNull)                              \
+  V(s2s_RefFunc)                                \
+  V(s2s_RefEq)                                  \
+  V(s2s_MemoryInit)                             \
+  V(s2s_DataDrop)                               \
+  V(s2s_MemoryCopy)                             \
+  V(s2s_MemoryFill)                             \
+  V(s2s_TableGet)                               \
+  V(s2s_TableSet)                               \
+  V(s2s_TableInit)                              \
+  V(s2s_ElemDrop)                               \
+  V(s2s_TableCopy)                              \
+  V(s2s_TableGrow)                              \
+  V(s2s_TableSize)                              \
+  V(s2s_TableFill)                              \
+  V(s2s_Unreachable)                            \
+  V(s2s_Unwind)                                 \
+  V(s2s_OnLoopBackwardJump)                     \
+  V(s2s_Nop)                                    \
+  /* Exception handling */                      \
+  V(s2s_Throw)                                  \
+  V(s2s_Rethrow)                                \
+  V(s2s_Catch)                                  \
+  /* Atomics */                                 \
+  V(s2s_AtomicNotify)                           \
+  V(s2s_I32AtomicWait)                          \
+  V(s2s_I64AtomicWait)                          \
+  V(s2s_AtomicFence)                            \
+  V(s2s_I32AtomicAdd)                           \
+  V(s2s_I32AtomicAdd8U)                         \
+  V(s2s_I32AtomicAdd16U)                        \
+  V(s2s_I32AtomicSub)                           \
+  V(s2s_I32AtomicSub8U)                         \
+  V(s2s_I32AtomicSub16U)                        \
+  V(s2s_I32AtomicAnd)                           \
+  V(s2s_I32AtomicAnd8U)                         \
+  V(s2s_I32AtomicAnd16U)                        \
+  V(s2s_I32AtomicOr)                            \
+  V(s2s_I32AtomicOr8U)                          \
+  V(s2s_I32AtomicOr16U)                         \
+  V(s2s_I32AtomicXor)                           \
+  V(s2s_I32AtomicXor8U)                         \
+  V(s2s_I32AtomicXor16U)                        \
+  V(s2s_I32AtomicExchange)                      \
+  V(s2s_I32AtomicExchange8U)                    \
+  V(s2s_I32AtomicExchange16U)                   \
+  V(s2s_I64AtomicAdd)                           \
+  V(s2s_I64AtomicAdd8U)                         \
+  V(s2s_I64AtomicAdd16U)                        \
+  V(s2s_I64AtomicAdd32U)                        \
+  V(s2s_I64AtomicSub)                           \
+  V(s2s_I64AtomicSub8U)                         \
+  V(s2s_I64AtomicSub16U)                        \
+  V(s2s_I64AtomicSub32U)                        \
+  V(s2s_I64AtomicAnd)                           \
+  V(s2s_I64AtomicAnd8U)                         \
+  V(s2s_I64AtomicAnd16U)                        \
+  V(s2s_I64AtomicAnd32U)                        \
+  V(s2s_I64AtomicOr)                            \
+  V(s2s_I64AtomicOr8U)                          \
+  V(s2s_I64AtomicOr16U)                         \
+  V(s2s_I64AtomicOr32U)                         \
+  V(s2s_I64AtomicXor)                           \
+  V(s2s_I64AtomicXor8U)                         \
+  V(s2s_I64AtomicXor16U)                        \
+  V(s2s_I64AtomicXor32U)                        \
+  V(s2s_I64AtomicExchange)                      \
+  V(s2s_I64AtomicExchange8U)                    \
+  V(s2s_I64AtomicExchange16U)                   \
+  V(s2s_I64AtomicExchange32U)                   \
+  V(s2s_I32AtomicCompareExchange)               \
+  V(s2s_I32AtomicCompareExchange8U)             \
+  V(s2s_I32AtomicCompareExchange16U)            \
+  V(s2s_I64AtomicCompareExchange)               \
+  V(s2s_I64AtomicCompareExchange8U)             \
+  V(s2s_I64AtomicCompareExchange16U)            \
+  V(s2s_I64AtomicCompareExchange32U)            \
+  V(s2s_I32AtomicLoad)                          \
+  V(s2s_I32AtomicLoad8U)                        \
+  V(s2s_I32AtomicLoad16U)                       \
+  V(s2s_I64AtomicLoad)                          \
+  V(s2s_I64AtomicLoad8U)                        \
+  V(s2s_I64AtomicLoad16U)                       \
+  V(s2s_I64AtomicLoad32U)                       \
+  V(s2s_I32AtomicStore)                         \
+  V(s2s_I32AtomicStore8U)                       \
+  V(s2s_I32AtomicStore16U)                      \
+  V(s2s_I64AtomicStore)                         \
+  V(s2s_I64AtomicStore8U)                       \
+  V(s2s_I64AtomicStore16U)                      \
+  V(s2s_I64AtomicStore32U)                      \
+  /* SIMD */                                    \
+  V(s2s_SimdF64x2Splat)                         \
+  V(s2s_SimdF32x4Splat)                         \
+  V(s2s_SimdI64x2Splat)                         \
+  V(s2s_SimdI32x4Splat)                         \
+  V(s2s_SimdI16x8Splat)                         \
+  V(s2s_SimdI8x16Splat)                         \
+  V(s2s_SimdF64x2ExtractLane)                   \
+  V(s2s_SimdF32x4ExtractLane)                   \
+  V(s2s_SimdI64x2ExtractLane)                   \
+  V(s2s_SimdI32x4ExtractLane)                   \
+  V(s2s_SimdI16x8ExtractLaneS)                  \
+  V(s2s_SimdI16x8ExtractLaneU)                  \
+  V(s2s_SimdI8x16ExtractLaneS)                  \
+  V(s2s_SimdI8x16ExtractLaneU)                  \
+  V(s2s_SimdF64x2Add)                           \
+  V(s2s_SimdF64x2Sub)                           \
+  V(s2s_SimdF64x2Mul)                           \
+  V(s2s_SimdF64x2Div)                           \
+  V(s2s_SimdF64x2Min)                           \
+  V(s2s_SimdF64x2Max)                           \
+  V(s2s_SimdF64x2Pmin)                          \
+  V(s2s_SimdF64x2Pmax)                          \
+  V(s2s_SimdF32x4RelaxedMin)                    \
+  V(s2s_SimdF32x4RelaxedMax)                    \
+  V(s2s_SimdF64x2RelaxedMin)                    \
+  V(s2s_SimdF64x2RelaxedMax)                    \
+  V(s2s_SimdF32x4Add)                           \
+  V(s2s_SimdF32x4Sub)                           \
+  V(s2s_SimdF32x4Mul)                           \
+  V(s2s_SimdF32x4Div)                           \
+  V(s2s_SimdF32x4Min)                           \
+  V(s2s_SimdF32x4Max)                           \
+  V(s2s_SimdF32x4Pmin)                          \
+  V(s2s_SimdF32x4Pmax)                          \
+  V(s2s_SimdI64x2Add)                           \
+  V(s2s_SimdI64x2Sub)                           \
+  V(s2s_SimdI64x2Mul)                           \
+  V(s2s_SimdI32x4Add)                           \
+  V(s2s_SimdI32x4Sub)                           \
+  V(s2s_SimdI32x4Mul)                           \
+  V(s2s_SimdI32x4MinS)                          \
+  V(s2s_SimdI32x4MinU)                          \
+  V(s2s_SimdI32x4MaxS)                          \
+  V(s2s_SimdI32x4MaxU)                          \
+  V(s2s_SimdS128And)                            \
+  V(s2s_SimdS128Or)                             \
+  V(s2s_SimdS128Xor)                            \
+  V(s2s_SimdS128AndNot)                         \
+  V(s2s_SimdI16x8Add)                           \
+  V(s2s_SimdI16x8Sub)                           \
+  V(s2s_SimdI16x8Mul)                           \
+  V(s2s_SimdI16x8MinS)                          \
+  V(s2s_SimdI16x8MinU)                          \
+  V(s2s_SimdI16x8MaxS)                          \
+  V(s2s_SimdI16x8MaxU)                          \
+  V(s2s_SimdI16x8AddSatS)                       \
+  V(s2s_SimdI16x8AddSatU)                       \
+  V(s2s_SimdI16x8SubSatS)                       \
+  V(s2s_SimdI16x8SubSatU)                       \
+  V(s2s_SimdI16x8RoundingAverageU)              \
+  V(s2s_SimdI16x8Q15MulRSatS)                   \
+  V(s2s_SimdI16x8RelaxedQ15MulRS)               \
+  V(s2s_SimdI8x16Add)                           \
+  V(s2s_SimdI8x16Sub)                           \
+  V(s2s_SimdI8x16MinS)                          \
+  V(s2s_SimdI8x16MinU)                          \
+  V(s2s_SimdI8x16MaxS)                          \
+  V(s2s_SimdI8x16MaxU)                          \
+  V(s2s_SimdI8x16AddSatS)                       \
+  V(s2s_SimdI8x16AddSatU)                       \
+  V(s2s_SimdI8x16SubSatS)                       \
+  V(s2s_SimdI8x16SubSatU)                       \
+  V(s2s_SimdI8x16RoundingAverageU)              \
+  V(s2s_SimdF64x2Abs)                           \
+  V(s2s_SimdF64x2Neg)                           \
+  V(s2s_SimdF64x2Sqrt)                          \
+  V(s2s_SimdF64x2Ceil)                          \
+  V(s2s_SimdF64x2Floor)                         \
+  V(s2s_SimdF64x2Trunc)                         \
+  V(s2s_SimdF64x2NearestInt)                    \
+  V(s2s_SimdF32x4Abs)                           \
+  V(s2s_SimdF32x4Neg)                           \
+  V(s2s_SimdF32x4Sqrt)                          \
+  V(s2s_SimdF32x4Ceil)                          \
+  V(s2s_SimdF32x4Floor)                         \
+  V(s2s_SimdF32x4Trunc)                         \
+  V(s2s_SimdF32x4NearestInt)                    \
+  V(s2s_SimdI64x2Neg)                           \
+  V(s2s_SimdI32x4Neg)                           \
+  V(s2s_SimdI64x2Abs)                           \
+  V(s2s_SimdI32x4Abs)                           \
+  V(s2s_SimdS128Not)                            \
+  V(s2s_SimdI16x8Neg)                           \
+  V(s2s_SimdI16x8Abs)                           \
+  V(s2s_SimdI8x16Neg)                           \
+  V(s2s_SimdI8x16Abs)                           \
+  V(s2s_SimdI8x16Popcnt)                        \
+  V(s2s_SimdI8x16BitMask)                       \
+  V(s2s_SimdI16x8BitMask)                       \
+  V(s2s_SimdI32x4BitMask)                       \
+  V(s2s_SimdI64x2BitMask)                       \
+  V(s2s_SimdF64x2Eq)                            \
+  V(s2s_SimdF64x2Ne)                            \
+  V(s2s_SimdF64x2Gt)                            \
+  V(s2s_SimdF64x2Ge)                            \
+  V(s2s_SimdF64x2Lt)                            \
+  V(s2s_SimdF64x2Le)                            \
+  V(s2s_SimdF32x4Eq)                            \
+  V(s2s_SimdF32x4Ne)                            \
+  V(s2s_SimdF32x4Gt)                            \
+  V(s2s_SimdF32x4Ge)                            \
+  V(s2s_SimdF32x4Lt)                            \
+  V(s2s_SimdF32x4Le)                            \
+  V(s2s_SimdI64x2Eq)                            \
+  V(s2s_SimdI64x2Ne)                            \
+  V(s2s_SimdI64x2LtS)                           \
+  V(s2s_SimdI64x2GtS)                           \
+  V(s2s_SimdI64x2LeS)                           \
+  V(s2s_SimdI64x2GeS)                           \
+  V(s2s_SimdI32x4Eq)                            \
+  V(s2s_SimdI32x4Ne)                            \
+  V(s2s_SimdI32x4GtS)                           \
+  V(s2s_SimdI32x4GeS)                           \
+  V(s2s_SimdI32x4LtS)                           \
+  V(s2s_SimdI32x4LeS)                           \
+  V(s2s_SimdI32x4GtU)                           \
+  V(s2s_SimdI32x4GeU)                           \
+  V(s2s_SimdI32x4LtU)                           \
+  V(s2s_SimdI32x4LeU)                           \
+  V(s2s_SimdI16x8Eq)                            \
+  V(s2s_SimdI16x8Ne)                            \
+  V(s2s_SimdI16x8GtS)                           \
+  V(s2s_SimdI16x8GeS)                           \
+  V(s2s_SimdI16x8LtS)                           \
+  V(s2s_SimdI16x8LeS)                           \
+  V(s2s_SimdI16x8GtU)                           \
+  V(s2s_SimdI16x8GeU)                           \
+  V(s2s_SimdI16x8LtU)                           \
+  V(s2s_SimdI16x8LeU)                           \
+  V(s2s_SimdI8x16Eq)                            \
+  V(s2s_SimdI8x16Ne)                            \
+  V(s2s_SimdI8x16GtS)                           \
+  V(s2s_SimdI8x16GeS)                           \
+  V(s2s_SimdI8x16LtS)                           \
+  V(s2s_SimdI8x16LeS)                           \
+  V(s2s_SimdI8x16GtU)                           \
+  V(s2s_SimdI8x16GeU)                           \
+  V(s2s_SimdI8x16LtU)                           \
+  V(s2s_SimdI8x16LeU)                           \
+  V(s2s_SimdF64x2ReplaceLane)                   \
+  V(s2s_SimdF32x4ReplaceLane)                   \
+  V(s2s_SimdI64x2ReplaceLane)                   \
+  V(s2s_SimdI32x4ReplaceLane)                   \
+  V(s2s_SimdI16x8ReplaceLane)                   \
+  V(s2s_SimdI8x16ReplaceLane)                   \
+  V(s2s_SimdS128LoadMem)                        \
+  V(s2s_SimdS128StoreMem)                       \
+  V(s2s_SimdI64x2Shl)                           \
+  V(s2s_SimdI64x2ShrS)                          \
+  V(s2s_SimdI64x2ShrU)                          \
+  V(s2s_SimdI32x4Shl)                           \
+  V(s2s_SimdI32x4ShrS)                          \
+  V(s2s_SimdI32x4ShrU)                          \
+  V(s2s_SimdI16x8Shl)                           \
+  V(s2s_SimdI16x8ShrS)                          \
+  V(s2s_SimdI16x8ShrU)                          \
+  V(s2s_SimdI8x16Shl)                           \
+  V(s2s_SimdI8x16ShrS)                          \
+  V(s2s_SimdI8x16ShrU)                          \
+  V(s2s_SimdI16x8ExtMulLowI8x16S)               \
+  V(s2s_SimdI16x8ExtMulHighI8x16S)              \
+  V(s2s_SimdI16x8ExtMulLowI8x16U)               \
+  V(s2s_SimdI16x8ExtMulHighI8x16U)              \
+  V(s2s_SimdI32x4ExtMulLowI16x8S)               \
+  V(s2s_SimdI32x4ExtMulHighI16x8S)              \
+  V(s2s_SimdI32x4ExtMulLowI16x8U)               \
+  V(s2s_SimdI32x4ExtMulHighI16x8U)              \
+  V(s2s_SimdI64x2ExtMulLowI32x4S)               \
+  V(s2s_SimdI64x2ExtMulHighI32x4S)              \
+  V(s2s_SimdI64x2ExtMulLowI32x4U)               \
+  V(s2s_SimdI64x2ExtMulHighI32x4U)              \
+  V(s2s_SimdF32x4SConvertI32x4)                 \
+  V(s2s_SimdF32x4UConvertI32x4)                 \
+  V(s2s_SimdI32x4SConvertF32x4)                 \
+  V(s2s_SimdI32x4UConvertF32x4)                 \
+  V(s2s_SimdI32x4RelaxedTruncF32x4S)            \
+  V(s2s_SimdI32x4RelaxedTruncF32x4U)            \
+  V(s2s_SimdI64x2SConvertI32x4Low)              \
+  V(s2s_SimdI64x2SConvertI32x4High)             \
+  V(s2s_SimdI64x2UConvertI32x4Low)              \
+  V(s2s_SimdI64x2UConvertI32x4High)             \
+  V(s2s_SimdI32x4SConvertI16x8High)             \
+  V(s2s_SimdI32x4UConvertI16x8High)             \
+  V(s2s_SimdI32x4SConvertI16x8Low)              \
+  V(s2s_SimdI32x4UConvertI16x8Low)              \
+  V(s2s_SimdI16x8SConvertI8x16High)             \
+  V(s2s_SimdI16x8UConvertI8x16High)             \
+  V(s2s_SimdI16x8SConvertI8x16Low)              \
+  V(s2s_SimdI16x8UConvertI8x16Low)              \
+  V(s2s_SimdF64x2ConvertLowI32x4S)              \
+  V(s2s_SimdF64x2ConvertLowI32x4U)              \
+  V(s2s_SimdI32x4TruncSatF64x2SZero)            \
+  V(s2s_SimdI32x4TruncSatF64x2UZero)            \
+  V(s2s_SimdI32x4RelaxedTruncF64x2SZero)        \
+  V(s2s_SimdI32x4RelaxedTruncF64x2UZero)        \
+  V(s2s_SimdF32x4DemoteF64x2Zero)               \
+  V(s2s_SimdF64x2PromoteLowF32x4)               \
+  V(s2s_SimdI16x8SConvertI32x4)                 \
+  V(s2s_SimdI16x8UConvertI32x4)                 \
+  V(s2s_SimdI8x16SConvertI16x8)                 \
+  V(s2s_SimdI8x16UConvertI16x8)                 \
+  V(s2s_SimdI8x16RelaxedLaneSelect)             \
+  V(s2s_SimdI16x8RelaxedLaneSelect)             \
+  V(s2s_SimdI32x4RelaxedLaneSelect)             \
+  V(s2s_SimdI64x2RelaxedLaneSelect)             \
+  V(s2s_SimdS128Select)                         \
+  V(s2s_SimdI32x4DotI16x8S)                     \
+  V(s2s_SimdI16x8DotI8x16I7x16S)                \
+  V(s2s_SimdI32x4DotI8x16I7x16AddS)             \
+  V(s2s_SimdI8x16RelaxedSwizzle)                \
+  V(s2s_SimdI8x16Swizzle)                       \
+  V(s2s_SimdV128AnyTrue)                        \
+  V(s2s_SimdI8x16Shuffle)                       \
+  V(s2s_SimdI64x2AllTrue)                       \
+  V(s2s_SimdI32x4AllTrue)                       \
+  V(s2s_SimdI16x8AllTrue)                       \
+  V(s2s_SimdI8x16AllTrue)                       \
+  V(s2s_SimdF32x4Qfma)                          \
+  V(s2s_SimdF32x4Qfms)                          \
+  V(s2s_SimdF64x2Qfma)                          \
+  V(s2s_SimdF64x2Qfms)                          \
+  V(s2s_SimdS128Load8Splat)                     \
+  V(s2s_SimdS128Load16Splat)                    \
+  V(s2s_SimdS128Load32Splat)                    \
+  V(s2s_SimdS128Load64Splat)                    \
+  V(s2s_SimdS128Load8x8S)                       \
+  V(s2s_SimdS128Load8x8U)                       \
+  V(s2s_SimdS128Load16x4S)                      \
+  V(s2s_SimdS128Load16x4U)                      \
+  V(s2s_SimdS128Load32x2S)                      \
+  V(s2s_SimdS128Load32x2U)                      \
+  V(s2s_SimdS128Load32Zero)                     \
+  V(s2s_SimdS128Load64Zero)                     \
+  V(s2s_SimdS128Load8Lane)                      \
+  V(s2s_SimdS128Load16Lane)                     \
+  V(s2s_SimdS128Load32Lane)                     \
+  V(s2s_SimdS128Load64Lane)                     \
+  V(s2s_SimdS128Store8Lane)                     \
+  V(s2s_SimdS128Store16Lane)                    \
+  V(s2s_SimdS128Store32Lane)                    \
+  V(s2s_SimdS128Store64Lane)                    \
+  V(s2s_SimdI32x4ExtAddPairwiseI16x8S)          \
+  V(s2s_SimdI32x4ExtAddPairwiseI16x8U)          \
+  V(s2s_SimdI16x8ExtAddPairwiseI8x16S)          \
+  V(s2s_SimdI16x8ExtAddPairwiseI8x16U)          \
+  /* GC */                                      \
+  V(s2s_BranchOnNull)                           \
+  V(s2s_BranchOnNullWithParams)                 \
+  V(s2s_BranchOnNonNull)                        \
+  V(s2s_BranchOnNonNullWithParams)              \
+  V(s2s_BranchOnCast)                           \
+  V(s2s_BranchOnCastFail)                       \
+  V(s2s_StructNew)                              \
+  V(s2s_StructNewDefault)                       \
+  V(s2s_I8SStructGet)                           \
+  V(s2s_I8UStructGet)                           \
+  V(s2s_I16SStructGet)                          \
+  V(s2s_I16UStructGet)                          \
+  V(s2s_I32StructGet)                           \
+  V(s2s_I64StructGet)                           \
+  V(s2s_F32StructGet)                           \
+  V(s2s_F64StructGet)                           \
+  V(s2s_S128StructGet)                          \
+  V(s2s_RefStructGet)                           \
+  V(s2s_I8StructSet)                            \
+  V(s2s_I16StructSet)                           \
+  V(s2s_I32StructSet)                           \
+  V(s2s_I64StructSet)                           \
+  V(s2s_F32StructSet)                           \
+  V(s2s_F64StructSet)                           \
+  V(s2s_S128StructSet)                          \
+  V(s2s_RefStructSet)                           \
+  V(s2s_I8ArrayNew)                             \
+  V(s2s_I16ArrayNew)                            \
+  V(s2s_I32ArrayNew)                            \
+  V(s2s_I64ArrayNew)                            \
+  V(s2s_F32ArrayNew)                            \
+  V(s2s_F64ArrayNew)                            \
+  V(s2s_S128ArrayNew)                           \
+  V(s2s_RefArrayNew)                            \
+  V(s2s_ArrayNewDefault)                        \
+  V(s2s_ArrayNewFixed)                          \
+  V(s2s_ArrayNewData)                           \
+  V(s2s_ArrayNewElem)                           \
+  V(s2s_ArrayInitData)                          \
+  V(s2s_ArrayInitElem)                          \
+  V(s2s_ArrayLen)                               \
+  V(s2s_ArrayCopy)                              \
+  V(s2s_I8SArrayGet)                            \
+  V(s2s_I8UArrayGet)                            \
+  V(s2s_I16SArrayGet)                           \
+  V(s2s_I16UArrayGet)                           \
+  V(s2s_I32ArrayGet)                            \
+  V(s2s_I64ArrayGet)                            \
+  V(s2s_F32ArrayGet)                            \
+  V(s2s_F64ArrayGet)                            \
+  V(s2s_S128ArrayGet)                           \
+  V(s2s_RefArrayGet)                            \
+  V(s2s_I8ArraySet)                             \
+  V(s2s_I16ArraySet)                            \
+  V(s2s_I32ArraySet)                            \
+  V(s2s_I64ArraySet)                            \
+  V(s2s_F32ArraySet)                            \
+  V(s2s_F64ArraySet)                            \
+  V(s2s_S128ArraySet)                           \
+  V(s2s_RefArraySet)                            \
+  V(s2s_I8ArrayFill)                            \
+  V(s2s_I16ArrayFill)                           \
+  V(s2s_I32ArrayFill)                           \
+  V(s2s_I64ArrayFill)                           \
+  V(s2s_F32ArrayFill)                           \
+  V(s2s_F64ArrayFill)                           \
+  V(s2s_S128ArrayFill)                          \
+  V(s2s_RefArrayFill)                           \
+  V(s2s_RefI31)                                 \
+  V(s2s_I31GetS)                                \
+  V(s2s_I31GetU)                                \
+  V(s2s_RefCast)                                \
+  V(s2s_RefCastNull)                            \
+  V(s2s_RefTest)                                \
+  V(s2s_RefTestNull)                            \
+  V(s2s_RefAsNonNull)                           \
+  V(s2s_CallRef)                                \
+  V(s2s_ReturnCallRef)                          \
+  V(s2s_AnyConvertExtern)                       \
+  V(s2s_ExternConvertAny)                       \
+  V(s2s_AssertNullTypecheck)                    \
+  V(s2s_AssertNotNullTypecheck)                 \
+  V(s2s_TrapIllegalCast)                        \
+  V(s2s_RefTestSucceeds)                        \
+  V(s2s_RefTestFails)                           \
+  V(s2s_RefIsNonNull)
+
+#ifdef V8_DRUMBRAKE_BOUNDS_CHECKS
+#define FOREACH_INSTR_HANDLER(V)                 \
+  FOREACH_LOAD_STORE_INSTR_HANDLER(V)            \
+  FOREACH_LOAD_STORE_DUPLICATED_INSTR_HANDLER(V) \
+  FOREACH_NO_BOUNDSCHECK_INSTR_HANDLER(V)
+#else
+#define FOREACH_INSTR_HANDLER(V)      \
+  FOREACH_LOAD_STORE_INSTR_HANDLER(V) \
+  FOREACH_NO_BOUNDSCHECK_INSTR_HANDLER(V)
+#endif  // V8_DRUMBRAKE_BOUNDS_CHECKS
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+#define FOREACH_TRACE_INSTR_HANDLER(V) \
+  /* Tracing instruction handlers. */  \
+  V(s2s_TraceInstruction)              \
+  V(trace_UpdateStack)                 \
+  V(trace_PushConstI32Slot)            \
+  V(trace_PushConstI64Slot)            \
+  V(trace_PushConstF32Slot)            \
+  V(trace_PushConstF64Slot)            \
+  V(trace_PushConstS128Slot)           \
+  V(trace_PushConstRefSlot)            \
+  V(trace_PushCopySlot)                \
+  V(trace_PopSlot)                     \
+  V(trace_SetSlotType)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+#endif  // V8_WASM_INTERPRETER_INSTRUCTION_HANDLERS_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-inl.h b/deps/v8/src/wasm/interpreter/wasm-interpreter-inl.h
new file mode 100644
index 00000000000000..cc932a10f2fa19
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-inl.h
@@ -0,0 +1,713 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_INL_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_INL_H_
+
+#include "src/handles/handles-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#include "src/wasm/interpreter/wasm-interpreter.h"
+#include "src/wasm/wasm-module.h"
+
+namespace v8 {
+namespace internal {
+namespace wasm {
+
+inline InterpreterCode* WasmInterpreter::CodeMap::GetCode(
+    uint32_t function_index) {
+  DCHECK_LT(function_index, interpreter_code_.size());
+  InterpreterCode* code = &interpreter_code_[function_index];
+  if (V8_UNLIKELY(!code->bytecode && code->start)) {
+    Preprocess(function_index);
+  }
+  return code;
+}
+
+inline WasmBytecode* WasmInterpreter::CodeMap::GetFunctionBytecode(
+    uint32_t func_index) {
+  DCHECK_LT(func_index, interpreter_code_.size());
+
+  // This precompiles the target function.
+  InterpreterCode* code = GetCode(func_index);
+  return code->bytecode.get();
+}
+
+inline void WasmInterpreter::CodeMap::AddFunction(const WasmFunction* function,
+                                                  const uint8_t* code_start,
+                                                  const uint8_t* code_end) {
+  DCHECK_EQ(interpreter_code_.size(), function->func_index);
+  interpreter_code_.emplace_back(function, BodyLocalDecls(),
+                                 const_cast<uint8_t*>(code_start),
+                                 const_cast<uint8_t*>(code_end));
+}
+
+inline Isolate* WasmInterpreterThread::Activation::GetIsolate() const {
+  return wasm_runtime_->GetIsolate();
+}
+
+inline WasmInterpreterThread::Activation*
+WasmInterpreterThread::StartActivation(WasmInterpreterRuntime* wasm_runtime,
+                                       Address frame_pointer,
+                                       uint8_t* interpreter_fp,
+                                       const FrameState& frame_state) {
+  Run();
+  activations_.emplace_back(std::make_unique<Activation>(
+      this, wasm_runtime, frame_pointer, interpreter_fp, frame_state));
+  return activations_.back().get();
+}
+
+inline void WasmInterpreterThread::FinishActivation() {
+  DCHECK(!activations_.empty());
+  activations_.pop_back();
+  if (activations_.empty()) {
+    if (state_ != State::TRAPPED && state_ != State::STOPPED) {
+      Finish();
+    }
+  }
+}
+
+inline const FrameState* WasmInterpreterThread::GetCurrentActivationFor(
+    const WasmInterpreterRuntime* wasm_runtime) const {
+  for (int i = static_cast<int>(activations_.size()) - 1; i >= 0; i--) {
+    if (activations_[i]->GetWasmRuntime() == wasm_runtime) {
+      return &activations_[i]->GetCurrentFrame();
+    }
+  }
+  return nullptr;
+}
+
+inline void WasmInterpreter::BeginExecution(
+    WasmInterpreterThread* thread, uint32_t function_index,
+    Address frame_pointer, uint8_t* interpreter_fp, uint32_t ref_stack_offset,
+    const std::vector<WasmValue>& args) {
+  codemap_.GetCode(function_index);
+  wasm_runtime_->BeginExecution(thread, function_index, frame_pointer,
+                                interpreter_fp, ref_stack_offset, &args);
+}
+
+inline void WasmInterpreter::BeginExecution(WasmInterpreterThread* thread,
+                                            uint32_t function_index,
+                                            Address frame_pointer,
+                                            uint8_t* interpreter_fp) {
+  codemap_.GetCode(function_index);
+  wasm_runtime_->BeginExecution(thread, function_index, frame_pointer,
+                                interpreter_fp, 0);
+}
+
+inline WasmValue WasmInterpreter::GetReturnValue(int index) const {
+  return wasm_runtime_->GetReturnValue(index);
+}
+
+inline std::vector<WasmInterpreterStackEntry>
+WasmInterpreter::GetInterpretedStack(Address frame_pointer) {
+  return wasm_runtime_->GetInterpretedStack(frame_pointer);
+}
+
+inline int WasmInterpreter::GetFunctionIndex(Address frame_pointer,
+                                             int index) const {
+  return wasm_runtime_->GetFunctionIndex(frame_pointer, index);
+}
+
+inline void WasmInterpreter::SetTrapFunctionIndex(int32_t func_index) {
+  wasm_runtime_->SetTrapFunctionIndex(func_index);
+}
+
+template <typename T>
+inline T Read(const uint8_t*& code) {
+  T res = base::ReadUnalignedValue<T>(reinterpret_cast<Address>(code));
+  code += sizeof(T);
+  return res;
+}
+
+// Returns the maximum of the two parameters according to JavaScript semantics.
+template <typename T>
+inline T JSMax(T x, T y) {
+  if (std::isnan(x) || std::isnan(y)) {
+    return std::numeric_limits<T>::quiet_NaN();
+  }
+  if (std::signbit(x) < std::signbit(y)) return x;
+  return x > y ? x : y;
+}
+
+// Returns the minimum of the two parameters according to JavaScript semantics.
+template <typename T>
+inline T JSMin(T x, T y) {
+  if (std::isnan(x) || std::isnan(y)) {
+    return std::numeric_limits<T>::quiet_NaN();
+  }
+  if (std::signbit(x) < std::signbit(y)) return y;
+  return x > y ? y : x;
+}
+
+inline uint8_t* ReadMemoryAddress(uint8_t*& code) {
+  Address res =
+      base::ReadUnalignedValue<Address>(reinterpret_cast<Address>(code));
+  code += sizeof(Address);
+  return reinterpret_cast<uint8_t*>(res);
+}
+
+inline uint32_t ReadGlobalIndex(const uint8_t*& code) {
+  uint32_t res =
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(code));
+  code += sizeof(uint32_t);
+  return res;
+}
+
+template <typename T>
+inline void push(uint32_t*& sp, const uint8_t*& code,
+                 WasmInterpreterRuntime* wasm_runtime, T val) {
+  uint32_t offset = Read<int32_t>(code);
+  base::WriteUnalignedValue<T>(reinterpret_cast<Address>(sp + offset), val);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution)
+    wasm_runtime->TracePush<T>(offset * kSlotSize);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+template <>
+inline void push(uint32_t*& sp, const uint8_t*& code,
+                 WasmInterpreterRuntime* wasm_runtime, WasmRef ref) {
+  uint32_t offset = Read<int32_t>(code);
+  uint32_t ref_stack_index = Read<int32_t>(code);
+  base::WriteUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + offset),
+                                      kSlotsZapValue);
+  //*reinterpret_cast<uint64_t*>(sp + offset) = kSlotsZapValue;
+  wasm_runtime->StoreWasmRef(ref_stack_index, ref);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution)
+    wasm_runtime->TracePush<WasmRef>(offset * kSlotSize);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+template <typename T>
+inline T pop(uint32_t*& sp, const uint8_t*& code,
+             WasmInterpreterRuntime* wasm_runtime) {
+  uint32_t offset = Read<int32_t>(code);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) wasm_runtime->TracePop();
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  return base::ReadUnalignedValue<T>(reinterpret_cast<Address>(sp + offset));
+}
+
+template <>
+inline WasmRef pop(uint32_t*& sp, const uint8_t*& code,
+                   WasmInterpreterRuntime* wasm_runtime) {
+  uint32_t ref_stack_index = Read<int32_t>(code);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) wasm_runtime->TracePop();
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  return wasm_runtime->ExtractWasmRef(ref_stack_index);
+}
+
+template <typename T>
+inline T ExecuteRemS(T lval, T rval) {
+  if (rval == -1) return 0;
+  return lval % rval;
+}
+
+template <typename T>
+inline T ExecuteRemU(T lval, T rval) {
+  return lval % rval;
+}
+
+inline ValueType WasmBytecode::return_type(size_t index) const {
+  DCHECK_LT(index, return_count());
+  return signature_->GetReturn(index);
+}
+
+inline ValueType WasmBytecode::arg_type(size_t index) const {
+  DCHECK_LT(index, args_count());
+  return signature_->GetParam(index);
+}
+
+inline ValueType WasmBytecode::local_type(size_t index) const {
+  DCHECK_LT(index, locals_count());
+  DCHECK_LT(index, interpreter_code_->locals.num_locals);
+  return interpreter_code_->locals.local_types[index];
+}
+
+inline uint32_t GetValueSizeInSlots(ValueKind kind) {
+  switch (kind) {
+    case kI32:
+      return sizeof(int32_t) / kSlotSize;
+    case kI64:
+      return sizeof(int64_t) / kSlotSize;
+    case kF32:
+      return sizeof(float) / kSlotSize;
+    case kF64:
+      return sizeof(double) / kSlotSize;
+    case kS128:
+      return sizeof(Simd128) / kSlotSize;
+    case kRef:
+    case kRefNull:
+      return sizeof(WasmRef) / kSlotSize;
+    default:
+      UNREACHABLE();
+  }
+}
+
+inline void FrameState::ResetHandleScope(Isolate* isolate) {
+  DCHECK_NOT_NULL(handle_scope_);
+  {
+    HandleScope old(std::move(*handle_scope_));
+    // The HandleScope destructor cleans up the old HandleScope.
+  }
+  // Now that the old HandleScope has been destroyed, make a new one.
+  *handle_scope_ = HandleScope(isolate);
+}
+
+inline uint32_t WasmBytecode::ArgsSizeInSlots(const FunctionSig* sig) {
+  uint32_t args_slots_size = 0;
+  size_t args_count = sig->parameter_count();
+  for (size_t i = 0; i < args_count; i++) {
+    args_slots_size += GetValueSizeInSlots(sig->GetParam(i).kind());
+  }
+  return args_slots_size;
+}
+
+inline uint32_t WasmBytecode::RetsSizeInSlots(const FunctionSig* sig) {
+  uint32_t rets_slots_size = 0;
+  size_t return_count = static_cast<uint32_t>(sig->return_count());
+  for (size_t i = 0; i < return_count; i++) {
+    rets_slots_size += GetValueSizeInSlots(sig->GetReturn(i).kind());
+  }
+  return rets_slots_size;
+}
+
+inline uint32_t WasmBytecode::RefArgsCount(const FunctionSig* sig) {
+  uint32_t refs_args_count = 0;
+  size_t args_count = static_cast<uint32_t>(sig->parameter_count());
+  for (size_t i = 0; i < args_count; i++) {
+    ValueKind kind = sig->GetParam(i).kind();
+    if (wasm::is_reference(kind)) refs_args_count++;
+  }
+  return refs_args_count;
+}
+
+inline uint32_t WasmBytecode::RefRetsCount(const FunctionSig* sig) {
+  uint32_t refs_rets_count = 0;
+  size_t return_count = static_cast<uint32_t>(sig->return_count());
+  for (size_t i = 0; i < return_count; i++) {
+    ValueKind kind = sig->GetReturn(i).kind();
+    if (wasm::is_reference(kind)) refs_rets_count++;
+  }
+  return refs_rets_count;
+}
+
+inline bool WasmBytecode::ContainsSimd(const FunctionSig* sig) {
+  size_t args_count = static_cast<uint32_t>(sig->parameter_count());
+  for (size_t i = 0; i < args_count; i++) {
+    if (sig->GetParam(i).kind() == kS128) return true;
+  }
+
+  size_t return_count = static_cast<uint32_t>(sig->return_count());
+  for (size_t i = 0; i < return_count; i++) {
+    if (sig->GetReturn(i).kind() == kS128) return true;
+  }
+
+  return false;
+}
+
+inline bool WasmBytecode::HasRefOrSimdArgs(const FunctionSig* sig) {
+  size_t args_count = static_cast<uint32_t>(sig->parameter_count());
+  for (size_t i = 0; i < args_count; i++) {
+    ValueKind kind = sig->GetParam(i).kind();
+    if (wasm::is_reference(kind) || kind == kS128) return true;
+  }
+  return false;
+}
+
+inline uint32_t WasmBytecode::JSToWasmWrapperPackedArraySize(
+    const FunctionSig* sig) {
+  static_assert(kSystemPointerSize == 8);
+
+  uint32_t args_size = 0;
+  size_t args_count = static_cast<uint32_t>(sig->parameter_count());
+  for (size_t i = 0; i < args_count; i++) {
+    switch (sig->GetParam(i).kind()) {
+      case kI32:
+      case kF32:
+        args_size += sizeof(int32_t);
+        break;
+      case kI64:
+      case kF64:
+        args_size += sizeof(int64_t);
+        break;
+      case kS128:
+        args_size += sizeof(Simd128);
+        break;
+      case kRef:
+      case kRefNull:
+        // Make sure Ref slots are 64-bit aligned.
+        args_size += (args_size & 0x04);
+        args_size += sizeof(WasmRef);
+        break;
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  uint32_t rets_size = 0;
+  size_t rets_count = static_cast<uint32_t>(sig->return_count());
+  for (size_t i = 0; i < rets_count; i++) {
+    switch (sig->GetReturn(i).kind()) {
+      case kI32:
+      case kF32:
+        rets_size += sizeof(int32_t);
+        break;
+      case kI64:
+      case kF64:
+        rets_size += sizeof(int64_t);
+        break;
+      case kS128:
+        rets_size += sizeof(Simd128);
+        break;
+      case kRef:
+      case kRefNull:
+        // Make sure Ref slots are 64-bit aligned.
+        rets_size += (rets_size & 0x04);
+        rets_size += sizeof(WasmRef);
+        break;
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  uint32_t size = std::max(args_size, rets_size);
+  // Make sure final size is 64-bit aligned.
+  size += (size & 0x04);
+  return size;
+}
+
+inline uint32_t WasmBytecode::RefLocalsCount(const InterpreterCode* wasm_code) {
+  uint32_t refs_locals_count = 0;
+  size_t locals_count = wasm_code->locals.num_locals;
+  for (size_t i = 0; i < locals_count; i++) {
+    ValueKind kind = wasm_code->locals.local_types[i].kind();
+    if (wasm::is_reference(kind)) {
+      refs_locals_count++;
+    }
+  }
+  return refs_locals_count;
+}
+
+inline uint32_t WasmBytecode::LocalsSizeInSlots(
+    const InterpreterCode* wasm_code) {
+  uint32_t locals_slots_size = 0;
+  size_t locals_count = wasm_code->locals.num_locals;
+  for (size_t i = 0; i < locals_count; i++) {
+    locals_slots_size +=
+        GetValueSizeInSlots(wasm_code->locals.local_types[i].kind());
+  }
+  return locals_slots_size;
+}
+
+inline bool WasmBytecode::InitializeSlots(uint8_t* sp,
+                                          size_t stack_space) const {
+  // Check for overflow
+  if (total_frame_size_in_bytes_ > stack_space) {
+    return false;
+  }
+
+  uint32_t args_slots_size_in_bytes = args_slots_size() * kSlotSize;
+  uint32_t rets_slots_size_in_bytes = rets_slots_size() * kSlotSize;
+  uint32_t const_slots_size_in_bytes = this->const_slots_size_in_bytes();
+
+  uint8_t* start_const_area =
+      sp + args_slots_size_in_bytes + rets_slots_size_in_bytes;
+
+  // Initialize const slots
+  if (const_slots_size_in_bytes) {
+    memcpy(start_const_area, const_slots_values_.data(),
+           const_slots_size_in_bytes);
+  }
+
+  // Initialize local slots
+  memset(start_const_area + const_slots_size_in_bytes, 0,
+         locals_slots_size() * kSlotSize);
+
+  return true;
+}
+
+inline bool WasmBytecodeGenerator::ToRegisterIsAllowed(
+    const WasmInstruction& instr) {
+  if (!instr.SupportsToRegister()) return false;
+
+  // Even if the instruction is marked as supporting ToRegister, reference
+  // values should not be stored in the register.
+  switch (instr.opcode) {
+    case kExprGlobalGet: {
+      ValueKind kind = GetGlobalType(instr.optional.index);
+      return !wasm::is_reference(kind) && kind != kS128;
+    }
+    case kExprSelect:
+    case kExprSelectWithType: {
+      DCHECK_GE(stack_size(), 2);
+      ValueKind kind = slots_[stack_[stack_size() - 2]].kind();
+      return !wasm::is_reference(kind) && kind != kS128;
+    }
+    default:
+      return true;
+  }
+}
+
+inline void WasmBytecodeGenerator::I32Push(bool emit) {
+  uint32_t slot_index = _PushSlot(kWasmI32);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) Emit(&slot_offset, sizeof(uint32_t));
+}
+
+inline void WasmBytecodeGenerator::I64Push(bool emit) {
+  uint32_t slot_index = _PushSlot(kWasmI64);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) Emit(&slot_offset, sizeof(uint32_t));
+}
+
+inline void WasmBytecodeGenerator::F32Push(bool emit) {
+  uint32_t slot_index = _PushSlot(kWasmF32);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) Emit(&slot_offset, sizeof(uint32_t));
+}
+
+inline void WasmBytecodeGenerator::F64Push(bool emit) {
+  uint32_t slot_index = _PushSlot(kWasmF64);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) Emit(&slot_offset, sizeof(uint32_t));
+}
+
+inline void WasmBytecodeGenerator::S128Push(bool emit) {
+  uint32_t slot_index = _PushSlot(kWasmS128);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) Emit(&slot_offset, sizeof(uint32_t));
+}
+
+inline void WasmBytecodeGenerator::RefPush(ValueType type, bool emit) {
+  uint32_t slot_index = _PushSlot(type);
+  uint32_t slot_offset = slots_[slot_index].slot_offset;
+  if (emit) {
+    Emit(&slot_offset, sizeof(uint32_t));
+    Emit(&slots_[slot_index].ref_stack_index, sizeof(uint32_t));
+  }
+}
+
+inline void WasmBytecodeGenerator::Push(ValueType type) {
+  switch (type.kind()) {
+    case kI32:
+      I32Push();
+      break;
+    case kI64:
+      I64Push();
+      break;
+    case kF32:
+      F32Push();
+      break;
+    case kF64:
+      F64Push();
+      break;
+    case kS128:
+      S128Push();
+      break;
+    case kRef:
+    case kRefNull:
+      RefPush(type);
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+inline void WasmBytecodeGenerator::PushCopySlot(uint32_t from) {
+  DCHECK_LT(from, stack_.size());
+  PushSlot(stack_[from]);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  TracePushCopySlot(from);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+inline void WasmBytecodeGenerator::PushConstSlot(uint32_t slot_index) {
+  PushSlot(slot_index);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  TracePushConstSlot(slot_index);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+inline bool WasmBytecodeGenerator::HasVoidSignature(
+    const WasmBytecodeGenerator::BlockData& block_data) const {
+  if (block_data.signature_.value_type() == kWasmBottom) {
+    const FunctionSig* sig =
+        module_->signature(block_data.signature_.sig_index);
+    return 0 == (sig->parameter_count() + sig->return_count());
+  } else if (block_data.signature_.value_type() == kWasmVoid) {
+    return true;
+  }
+  return false;
+}
+
+inline uint32_t WasmBytecodeGenerator::ParamsCount(
+    const WasmBytecodeGenerator::BlockData& block_data) const {
+  if (block_data.signature_.value_type() == kWasmBottom) {
+    const FunctionSig* sig =
+        module_->signature(block_data.signature_.sig_index);
+    return static_cast<uint32_t>(sig->parameter_count());
+  }
+  return 0;
+}
+
+inline ValueType WasmBytecodeGenerator::GetParamType(
+    const WasmBytecodeGenerator::BlockData& block_data, size_t index) const {
+  DCHECK_EQ(block_data.signature_.value_type(), kWasmBottom);
+  const FunctionSig* sig = module_->signature(block_data.signature_.sig_index);
+  return sig->GetParam(index);
+}
+
+inline uint32_t WasmBytecodeGenerator::ReturnsCount(
+    const WasmBytecodeGenerator::BlockData& block_data) const {
+  if (block_data.signature_.value_type() == kWasmBottom) {
+    const FunctionSig* sig =
+        module_->signature(block_data.signature_.sig_index);
+    return static_cast<uint32_t>(sig->return_count());
+  } else if (block_data.signature_.value_type() == kWasmVoid) {
+    return 0;
+  }
+  return 1;
+}
+
+inline ValueType WasmBytecodeGenerator::GetReturnType(
+    const WasmBytecodeGenerator::BlockData& block_data, size_t index) const {
+  DCHECK_NE(block_data.signature_.value_type(), kWasmVoid);
+  if (block_data.signature_.value_type() == kWasmBottom) {
+    const FunctionSig* sig =
+        module_->signature(block_data.signature_.sig_index);
+    return sig->GetReturn(index);
+  }
+  DCHECK_EQ(index, 0);
+  return block_data.signature_.value_type();
+}
+
+inline ValueKind WasmBytecodeGenerator::GetGlobalType(uint32_t index) const {
+  return module_->globals[index].type.kind();
+}
+
+inline bool WasmBytecodeGenerator::IsMemory64() const {
+  return !module_->memories.empty() && module_->memories[0].is_memory64;
+}
+
+inline bool WasmBytecodeGenerator::IsMultiMemory() const {
+  return module_->memories.size() > 1;
+}
+
+inline void WasmBytecodeGenerator::EmitGlobalIndex(uint32_t index) {
+  Emit(&index, sizeof(index));
+}
+
+inline uint32_t WasmBytecodeGenerator::GetCurrentBranchDepth() const {
+  DCHECK_GE(current_block_index_, 0);
+  int index = blocks_[current_block_index_].parent_block_index_;
+  uint32_t depth = 0;
+  while (index >= 0) {
+    depth++;
+    index = blocks_[index].parent_block_index_;
+  }
+  return depth;
+}
+
+inline int32_t WasmBytecodeGenerator::GetTargetBranch(uint32_t delta) const {
+  int index = current_block_index_;
+  while (delta--) {
+    DCHECK_GE(index, 0);
+    index = blocks_[index].parent_block_index_;
+  }
+  return index;
+}
+
+inline void WasmBytecodeGenerator::EmitBranchOffset(uint32_t delta) {
+  int32_t target_branch_index = GetTargetBranch(delta);
+  DCHECK_GE(target_branch_index, 0);
+  blocks_[target_branch_index].branch_code_offsets_.emplace_back(
+      CurrentCodePos());
+
+  const uint32_t current_code_offset = CurrentCodePos();
+  Emit(&current_code_offset, sizeof(current_code_offset));
+}
+
+inline void WasmBytecodeGenerator::EmitBranchTableOffset(uint32_t delta,
+                                                         uint32_t code_pos) {
+  int32_t target_branch_index = GetTargetBranch(delta);
+  DCHECK_GE(target_branch_index, 0);
+  blocks_[target_branch_index].branch_code_offsets_.emplace_back(code_pos);
+
+  Emit(&code_pos, sizeof(code_pos));
+}
+
+inline void WasmBytecodeGenerator::EmitIfElseBranchOffset() {
+  // Initially emits offset to jump the end of the 'if' block. If we meet an
+  // 'else' instruction later, this offset needs to be updated with the offset
+  // to the beginning of that 'else' block.
+  blocks_[current_block_index_].branch_code_offsets_.emplace_back(
+      CurrentCodePos());
+
+  const uint32_t current_code_offset = CurrentCodePos();
+  Emit(&current_code_offset, sizeof(current_code_offset));
+}
+
+inline void WasmBytecodeGenerator::EmitTryCatchBranchOffset() {
+  // Initially emits offset to jump the end of the 'try/catch' blocks. When we
+  // meet the corresponding 'end' instruction later, this offset needs to be
+  // updated with the offset to the 'end' instruction.
+  blocks_[current_block_index_].branch_code_offsets_.emplace_back(
+      CurrentCodePos());
+
+  const uint32_t current_code_offset = CurrentCodePos();
+  Emit(&current_code_offset, sizeof(current_code_offset));
+}
+
+inline void WasmBytecodeGenerator::BeginElseBlock(uint32_t if_block_index,
+                                                  bool dummy) {
+  EndBlock(kExprElse);  // End matching if block.
+  RestoreIfElseParams(if_block_index);
+
+  int32_t else_block_index =
+      BeginBlock(kExprElse, blocks_[if_block_index].signature_);
+  blocks_[if_block_index].if_else_block_index_ = else_block_index;
+  blocks_[else_block_index].if_else_block_index_ = if_block_index;
+  blocks_[else_block_index].first_block_index_ =
+      blocks_[if_block_index].first_block_index_;
+}
+
+inline const FunctionSig* WasmBytecodeGenerator::GetFunctionSignature(
+    uint32_t function_index) const {
+  return module_->functions[function_index].sig;
+}
+
+inline ValueKind WasmBytecodeGenerator::GetTopStackType(
+    RegMode reg_mode) const {
+  switch (reg_mode) {
+    case RegMode::kNoReg:
+      if (stack_.empty()) return kI32;  // not used
+      return slots_[stack_[stack_top_index()]].kind();
+    case RegMode::kI32Reg:
+      return kI32;
+    case RegMode::kI64Reg:
+      return kI64;
+    case RegMode::kF32Reg:
+      return kF32;
+    case RegMode::kF64Reg:
+      return kF64;
+    case RegMode::kAnyReg:
+    default:
+      UNREACHABLE();
+  }
+}
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_INL_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-objects-inl.h b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects-inl.h
new file mode 100644
index 00000000000000..dc1e4e068ce558
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects-inl.h
@@ -0,0 +1,52 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_INL_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_INL_H_
+
+#include "src/execution/isolate-utils-inl.h"
+#include "src/heap/heap-write-barrier-inl.h"
+#include "src/objects/cell.h"
+#include "src/objects/heap-number.h"
+#include "src/objects/objects-inl.h"
+#include "src/objects/tagged-field-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-objects.h"
+#include "src/wasm/wasm-objects.h"
+
+namespace v8 {
+namespace internal {
+
+// static
+inline Tagged<WasmInstanceObject> WasmInterpreterObject::get_wasm_instance(
+    Tagged<Tuple2> interpreter_object) {
+  return Cast<WasmInstanceObject>(interpreter_object->value1());
+}
+// static
+inline void WasmInterpreterObject::set_wasm_instance(
+    Tagged<Tuple2> interpreter_object,
+    Tagged<WasmInstanceObject> wasm_instance) {
+  return interpreter_object->set_value1(wasm_instance);
+}
+
+// static
+inline Tagged<Object> WasmInterpreterObject::get_interpreter_handle(
+    Tagged<Tuple2> interpreter_object) {
+  return interpreter_object->value2();
+}
+
+// static
+inline void WasmInterpreterObject::set_interpreter_handle(
+    Tagged<Tuple2> interpreter_object, Tagged<Object> interpreter_handle) {
+  DCHECK(IsForeign(interpreter_handle));
+  return interpreter_object->set_value2(interpreter_handle);
+}
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_INL_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.cc b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.cc
new file mode 100644
index 00000000000000..311d5dbed340c4
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.cc
@@ -0,0 +1,97 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/wasm/interpreter/wasm-interpreter-objects.h"
+
+#include "src/objects/heap-object-inl.h"
+#include "src/objects/objects-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-objects-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#include "src/wasm/wasm-objects-inl.h"
+
+namespace v8 {
+namespace internal {
+
+// static
+Handle<Tuple2> WasmInterpreterObject::New(Handle<WasmInstanceObject> instance) {
+  DCHECK(v8_flags.wasm_jitless);
+  Isolate* isolate = instance->GetIsolate();
+  Factory* factory = isolate->factory();
+  Handle<WasmTrustedInstanceData> trusted_data =
+      handle(instance->trusted_data(isolate), isolate);
+  DCHECK(!trusted_data->has_interpreter_object());
+  Handle<Tuple2> interpreter_object = factory->NewTuple2(
+      instance, factory->undefined_value(), AllocationType::kOld);
+  trusted_data->set_interpreter_object(*interpreter_object);
+  return interpreter_object;
+}
+
+// static
+bool WasmInterpreterObject::RunInterpreter(
+    Isolate* isolate, Address frame_pointer,
+    Handle<WasmInstanceObject> instance, int func_index,
+    const std::vector<wasm::WasmValue>& argument_values,
+    std::vector<wasm::WasmValue>& return_values) {
+  DCHECK_LE(0, func_index);
+
+  wasm::WasmInterpreterThread* thread =
+      wasm::WasmInterpreterThread::GetCurrentInterpreterThread(isolate);
+  DCHECK_NOT_NULL(thread);
+
+  // Assume an instance can run in only one thread.
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetInterpreterObject(instance);
+  wasm::InterpreterHandle* handle =
+      wasm::GetOrCreateInterpreterHandle(isolate, interpreter_object);
+
+  return handle->Execute(thread, frame_pointer,
+                         static_cast<uint32_t>(func_index), argument_values,
+                         return_values);
+}
+
+// static
+bool WasmInterpreterObject::RunInterpreter(Isolate* isolate,
+                                           Address frame_pointer,
+                                           Handle<WasmInstanceObject> instance,
+                                           int func_index,
+                                           uint8_t* interpreter_sp) {
+  DCHECK_LE(0, func_index);
+
+  wasm::WasmInterpreterThread* thread =
+      wasm::WasmInterpreterThread::GetCurrentInterpreterThread(isolate);
+  DCHECK_NOT_NULL(thread);
+
+  // Assume an instance can run in only one thread.
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetInterpreterObject(instance);
+  wasm::InterpreterHandle* handle =
+      wasm::GetInterpreterHandle(isolate, interpreter_object);
+
+  return handle->Execute(thread, frame_pointer,
+                         static_cast<uint32_t>(func_index), interpreter_sp);
+}
+
+// static
+std::vector<WasmInterpreterStackEntry>
+WasmInterpreterObject::GetInterpretedStack(Tagged<Tuple2> interpreter_object,
+                                           Address frame_pointer) {
+  Tagged<Object> handle_obj = get_interpreter_handle(interpreter_object);
+  DCHECK(!IsUndefined(handle_obj));
+  return Cast<Managed<wasm::InterpreterHandle>>(handle_obj)
+      ->raw()
+      ->GetInterpretedStack(frame_pointer);
+}
+
+// static
+int WasmInterpreterObject::GetFunctionIndex(Tagged<Tuple2> interpreter_object,
+                                            Address frame_pointer, int index) {
+  Tagged<Object> handle_obj = get_interpreter_handle(interpreter_object);
+  DCHECK(!IsUndefined(handle_obj));
+  return Cast<Managed<wasm::InterpreterHandle>>(handle_obj)
+      ->raw()
+      ->GetFunctionIndex(frame_pointer, index);
+}
+
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.h b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.h
new file mode 100644
index 00000000000000..2bb6fb539a4b10
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-objects.h
@@ -0,0 +1,86 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_H_
+
+#include "src/objects/struct.h"
+#include "src/wasm/wasm-value.h"
+
+namespace v8 {
+namespace internal {
+class Isolate;
+class WasmInstanceObject;
+
+namespace wasm {
+class InterpreterHandle;
+}  // namespace wasm
+
+struct WasmInterpreterStackEntry {
+  int function_index;
+  int byte_offset;
+};
+
+// This class should declare a heap Object, and should derive from Struct. But,
+// in order to avoid issues in static-roots.h with the DrumBrake build flag,
+// it is better not to introduce DrumBrake-specific types. Therefore we use a
+// Tuple2 as WasmInterpreterObject and class WasmInterpreterObject only has
+// static methods that receive a Tagged<Tuple2> or Handle<Tuple2> as argument.
+//
+class WasmInterpreterObject {
+ public:
+  static inline Tagged<WasmInstanceObject> get_wasm_instance(
+      Tagged<Tuple2> interpreter_object);
+  static inline void set_wasm_instance(
+      Tagged<Tuple2> interpreter_object,
+      Tagged<WasmInstanceObject> wasm_instance);
+
+  static inline Tagged<Object> get_interpreter_handle(
+      Tagged<Tuple2> interpreter_object);
+  static inline void set_interpreter_handle(Tagged<Tuple2> interpreter_object,
+                                            Tagged<Object> interpreter_handle);
+
+  static Handle<Tuple2> New(Handle<WasmInstanceObject>);
+
+  // Execute the specified function in the interpreter. Read arguments from the
+  // {argument_values} vector and write to {return_values} on regular exit.
+  // The frame_pointer will be used to identify the new activation of the
+  // interpreter for unwinding and frame inspection.
+  // Returns true if exited regularly, false if a trap occurred. In the latter
+  // case, a pending exception will have been set on the isolate.
+  static bool RunInterpreter(
+      Isolate* isolate, Address frame_pointer,
+      Handle<WasmInstanceObject> instance, int func_index,
+      const std::vector<wasm::WasmValue>& argument_values,
+      std::vector<wasm::WasmValue>& return_values);
+  static bool RunInterpreter(Isolate* isolate, Address frame_pointer,
+                             Handle<WasmInstanceObject> instance,
+                             int func_index, uint8_t* interpreter_sp);
+
+  // Get the stack of the wasm interpreter as pairs of {function index, byte
+  // offset}. The list is ordered bottom-to-top, i.e. caller before callee.
+  static std::vector<WasmInterpreterStackEntry> GetInterpretedStack(
+      Tagged<Tuple2> interpreter_object, Address frame_pointer);
+
+  // Get the function index for the index-th frame in the Activation identified
+  // by a given frame_pointer.
+  static int GetFunctionIndex(Tagged<Tuple2> interpreter_object,
+                              Address frame_pointer, int index);
+};
+
+namespace wasm {
+V8_EXPORT_PRIVATE InterpreterHandle* GetInterpreterHandle(
+    Isolate* isolate, Handle<Tuple2> interpreter_object);
+V8_EXPORT_PRIVATE InterpreterHandle* GetOrCreateInterpreterHandle(
+    Isolate* isolate, Handle<Tuple2> interpreter_object);
+}  // namespace wasm
+
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_OBJECTS_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime-inl.h b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime-inl.h
new file mode 100644
index 00000000000000..625e7fb8e09545
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime-inl.h
@@ -0,0 +1,165 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_INL_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_INL_H_
+
+#include "src/execution/arguments-inl.h"
+#include "src/objects/objects-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#include "src/wasm/wasm-objects.h"
+
+namespace v8 {
+namespace internal {
+namespace wasm {
+
+inline Address WasmInterpreterRuntime::EffectiveAddress(uint64_t index) const {
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  DCHECK_GE(std::numeric_limits<uintptr_t>::max(),
+            trusted_data->memory0_size());
+  DCHECK_GE(trusted_data->memory0_size(), index);
+  // Compute the effective address of the access, making sure to condition
+  // the index even in the in-bounds case.
+  return reinterpret_cast<Address>(trusted_data->memory0_start()) + index;
+}
+
+inline bool WasmInterpreterRuntime::BoundsCheckMemRange(
+    uint64_t index, uint64_t* size, Address* out_address) const {
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  DCHECK_GE(std::numeric_limits<uintptr_t>::max(),
+            trusted_data->memory0_size());
+  if (!base::ClampToBounds<uint64_t>(index, size,
+                                     trusted_data->memory0_size())) {
+    return false;
+  }
+  *out_address = EffectiveAddress(index);
+  return true;
+}
+
+inline uint8_t* WasmInterpreterRuntime::GetGlobalAddress(uint32_t index) {
+  DCHECK_LT(index, module_->globals.size());
+  return global_addresses_[index];
+}
+
+inline Handle<Object> WasmInterpreterRuntime::GetGlobalRef(
+    uint32_t index) const {
+  // This function assumes that it is executed in a HandleScope.
+  const wasm::WasmGlobal& global = module_->globals[index];
+  DCHECK(global.type.is_reference());
+  Tagged<FixedArray> global_buffer;  // The buffer of the global.
+  uint32_t global_index = 0;         // The index into the buffer.
+  std::tie(global_buffer, global_index) =
+      wasm_trusted_instance_data()->GetGlobalBufferAndIndex(global);
+  return Handle<Object>(global_buffer->get(global_index), isolate_);
+}
+
+inline void WasmInterpreterRuntime::SetGlobalRef(uint32_t index,
+                                                 Handle<Object> ref) const {
+  // This function assumes that it is executed in a HandleScope.
+  const wasm::WasmGlobal& global = module_->globals[index];
+  DCHECK(global.type.is_reference());
+  Tagged<FixedArray> global_buffer;  // The buffer of the global.
+  uint32_t global_index = 0;         // The index into the buffer.
+  std::tie(global_buffer, global_index) =
+      wasm_trusted_instance_data()->GetGlobalBufferAndIndex(global);
+  global_buffer->set(global_index, *ref);
+}
+
+inline void WasmInterpreterRuntime::InitMemoryAddresses() {
+  memory_start_ = wasm_trusted_instance_data()->memory0_start();
+}
+
+inline uint64_t WasmInterpreterRuntime::MemorySize() const {
+  return wasm_trusted_instance_data()->memory0_size() / kWasmPageSize;
+}
+
+inline bool WasmInterpreterRuntime::IsMemory64() const {
+  return !module_->memories.empty() && module_->memories[0].is_memory64;
+}
+
+inline size_t WasmInterpreterRuntime::GetMemorySize() const {
+  return wasm_trusted_instance_data()->memory0_size();
+}
+
+inline void WasmInterpreterRuntime::DataDrop(uint32_t index) {
+  wasm_trusted_instance_data()->data_segment_sizes()->set(index, 0);
+}
+
+inline void WasmInterpreterRuntime::ElemDrop(uint32_t index) {
+  wasm_trusted_instance_data()->element_segments()->set(
+      index, *isolate_->factory()->empty_fixed_array());
+}
+
+inline WasmBytecode* WasmInterpreterRuntime::GetFunctionBytecode(
+    uint32_t func_index) {
+  return codemap_->GetFunctionBytecode(func_index);
+}
+
+inline bool WasmInterpreterRuntime::IsNullTypecheck(
+    const WasmRef obj, const ValueType obj_type) const {
+  return IsNull(isolate_, obj, obj_type);
+}
+
+// static
+inline Tagged<Object> WasmInterpreterRuntime::GetNullValue(
+    const ValueType obj_type) const {
+  if (obj_type == kWasmExternRef || obj_type == kWasmNullExternRef) {
+    return *isolate_->factory()->null_value();
+  } else {
+    return *isolate_->factory()->wasm_null();
+  }
+}
+
+// static
+inline bool WasmInterpreterRuntime::IsNull(Isolate* isolate, const WasmRef obj,
+                                           const ValueType obj_type) {
+  if (obj_type == kWasmExternRef || obj_type == kWasmNullExternRef) {
+    return i::IsNull(*obj, isolate);
+  } else {
+    return i::IsWasmNull(*obj, isolate);
+  }
+}
+
+inline bool WasmInterpreterRuntime::IsRefNull(Handle<Object> object) const {
+  // This function assumes that it is executed in a HandleScope.
+  return i::IsNull(*object, isolate_) || IsWasmNull(*object, isolate_);
+}
+
+inline Handle<Object> WasmInterpreterRuntime::GetFunctionRef(
+    uint32_t index) const {
+  // This function assumes that it is executed in a HandleScope.
+  return WasmTrustedInstanceData::GetOrCreateFuncRef(
+      isolate_, wasm_trusted_instance_data(), index);
+}
+
+inline const ArrayType* WasmInterpreterRuntime::GetArrayType(
+    uint32_t array_index) const {
+  return module_->array_type(array_index);
+}
+
+inline WasmRef WasmInterpreterRuntime::GetWasmArrayRefElement(
+    Tagged<WasmArray> array, uint32_t index) const {
+  return WasmArray::GetElement(isolate_, handle(array, isolate_), index);
+}
+
+inline Handle<WasmTrustedInstanceData>
+WasmInterpreterRuntime::wasm_trusted_instance_data() const {
+  return handle(instance_object_->trusted_data(isolate_), isolate_);
+}
+
+inline WasmInterpreterThread::State InterpreterHandle::ContinueExecution(
+    WasmInterpreterThread* thread, bool called_from_js) {
+  return interpreter_.ContinueExecution(thread, called_from_js);
+}
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_INL_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.cc b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.cc
new file mode 100644
index 00000000000000..ccd6bab71c8367
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.cc
@@ -0,0 +1,3065 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+
+#include <optional>
+
+#include "src/execution/frames-inl.h"
+#include "src/execution/isolate.h"
+#include "src/objects/managed-inl.h"
+#include "src/runtime/runtime-utils.h"
+#include "src/wasm/interpreter/wasm-interpreter-objects-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime-inl.h"
+#include "src/wasm/wasm-arguments.h"
+#include "src/wasm/wasm-opcodes-inl.h"
+#include "src/wasm/wasm-subtyping.h"
+
+namespace v8 {
+namespace internal {
+
+namespace wasm {
+
+// Similar to STACK_CHECK in isolate.h.
+#define WASM_STACK_CHECK(isolate, code)                      \
+  do {                                                       \
+    StackLimitCheck stack_check(isolate);                    \
+    if (stack_check.InterruptRequested()) {                  \
+      if (stack_check.HasOverflowed()) {                     \
+        ClearThreadInWasmScope clear_wasm_flag(isolate);     \
+        SealHandleScope shs(isolate);                        \
+        current_frame_.current_function_ = nullptr;          \
+        SetTrap(TrapReason::kTrapUnreachable, code);         \
+        isolate->StackOverflow();                            \
+        return;                                              \
+      }                                                      \
+      if (isolate->stack_guard()->HasTerminationRequest()) { \
+        ClearThreadInWasmScope clear_wasm_flag(isolate);     \
+        SealHandleScope shs(isolate);                        \
+        current_frame_.current_function_ = nullptr;          \
+        SetTrap(TrapReason::kTrapUnreachable, code);         \
+        isolate->TerminateExecution();                       \
+        return;                                              \
+      }                                                      \
+    }                                                        \
+  } while (false)
+
+class V8_EXPORT_PRIVATE ValueTypes {
+ public:
+  static inline int ElementSizeInBytes(ValueType type) {
+    switch (type.kind()) {
+      case kI32:
+      case kF32:
+        return 4;
+      case kI64:
+      case kF64:
+        return 8;
+      case kS128:
+        return 16;
+      case kRef:
+      case kRefNull:
+        return kSystemPointerSize;
+      default:
+        UNREACHABLE();
+    }
+  }
+};
+
+}  // namespace wasm
+
+namespace {
+
+// Find the frame pointer of the interpreter frame on the stack.
+Address FindInterpreterEntryFramePointer(Isolate* isolate) {
+  StackFrameIterator it(isolate, isolate->thread_local_top());
+  // On top: C entry stub.
+  DCHECK_EQ(StackFrame::EXIT, it.frame()->type());
+  it.Advance();
+  // Next: the wasm interpreter entry.
+  DCHECK_EQ(StackFrame::WASM_INTERPRETER_ENTRY, it.frame()->type());
+  return it.frame()->fp();
+}
+
+}  // namespace
+
+RUNTIME_FUNCTION(Runtime_WasmRunInterpreter) {
+  DCHECK_EQ(3, args.length());
+  HandleScope scope(isolate);
+  Handle<WasmInstanceObject> instance = args.at<WasmInstanceObject>(0);
+  Handle<WasmTrustedInstanceData> trusted_data(instance->trusted_data(isolate),
+                                               isolate);
+  int32_t func_index = NumberToInt32(args[1]);
+  Handle<Object> arg_buffer_obj = args.at(2);
+
+  // The arg buffer is the raw pointer to the caller's stack. It looks like a
+  // Smi (lowest bit not set, as checked by IsSmi), but is no valid Smi. We just
+  // cast it back to the raw pointer.
+  CHECK(!IsHeapObject(*arg_buffer_obj));
+  CHECK(IsSmi(*arg_buffer_obj));
+  Address arg_buffer = (*arg_buffer_obj).ptr();
+
+  // Reserve buffers for argument and return values.
+  DCHECK_GT(trusted_data->module()->functions.size(), func_index);
+  const wasm::FunctionSig* sig =
+      trusted_data->module()->functions[func_index].sig;
+  DCHECK_GE(kMaxInt, sig->parameter_count());
+  int num_params = static_cast<int>(sig->parameter_count());
+  std::vector<wasm::WasmValue> wasm_args(num_params);
+  DCHECK_GE(kMaxInt, sig->return_count());
+  int num_returns = static_cast<int>(sig->return_count());
+  std::vector<wasm::WasmValue> wasm_rets(num_returns);
+
+  // Set the current isolate's context.
+  isolate->set_context(trusted_data->native_context());
+
+  // Make sure the WasmInterpreterObject and InterpreterHandle for this instance
+  // exist.
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetOrCreateInterpreterObject(instance);
+  wasm::InterpreterHandle* interpreter_handle =
+      wasm::GetOrCreateInterpreterHandle(isolate, interpreter_object);
+
+  if (wasm::WasmBytecode::ContainsSimd(sig)) {
+    wasm::ClearThreadInWasmScope clear_wasm_flag(isolate);
+
+    interpreter_handle->SetTrapFunctionIndex(func_index);
+    isolate->Throw(*isolate->factory()->NewTypeError(
+        MessageTemplate::kWasmTrapJSTypeError));
+    return ReadOnlyRoots(isolate).exception();
+  }
+
+  Address frame_pointer = FindInterpreterEntryFramePointer(isolate);
+
+  // If there are Ref arguments or return values, we store their pointers into
+  // an array of bytes so we need to disable GC until they are unpacked by the
+  // callee.
+  {
+    DisallowHeapAllocation no_gc;
+
+    // Copy the arguments for the {arg_buffer} into a vector of {WasmValue}.
+    // This also boxes reference types into handles, which needs to happen
+    // before any methods that could trigger a GC are being called.
+    Address arg_buf_ptr = arg_buffer;
+    for (int i = 0; i < num_params; ++i) {
+#define CASE_ARG_TYPE(type, ctype)                                     \
+  case wasm::type:                                                     \
+    DCHECK_EQ(wasm::ValueTypes::ElementSizeInBytes(sig->GetParam(i)),  \
+              sizeof(ctype));                                          \
+    wasm_args[i] =                                                     \
+        wasm::WasmValue(base::ReadUnalignedValue<ctype>(arg_buf_ptr)); \
+    arg_buf_ptr += sizeof(ctype);                                      \
+    break;
+
+      wasm::ValueType value_type = sig->GetParam(i);
+      wasm::ValueKind kind = value_type.kind();
+      switch (kind) {
+        CASE_ARG_TYPE(kWasmI32.kind(), uint32_t)
+        CASE_ARG_TYPE(kWasmI64.kind(), uint64_t)
+        CASE_ARG_TYPE(kWasmF32.kind(), float)
+        CASE_ARG_TYPE(kWasmF64.kind(), double)
+#undef CASE_ARG_TYPE
+        case wasm::kWasmRefString.kind():
+        case wasm::kWasmAnyRef.kind(): {
+          const bool anyref = (kind == wasm::kWasmAnyRef.kind());
+          DCHECK_EQ(wasm::ValueTypes::ElementSizeInBytes(sig->GetParam(i)),
+                    kSystemPointerSize);
+          // MarkCompactCollector::RootMarkingVisitor requires ref slots to be
+          // 64-bit aligned.
+          arg_buf_ptr += (arg_buf_ptr & 0x04);
+
+          Handle<Object> ref(
+              base::ReadUnalignedValue<Tagged<Object>>(arg_buf_ptr), isolate);
+
+          const wasm::WasmInterpreterRuntime* wasm_runtime =
+              interpreter_handle->interpreter()->GetWasmRuntime();
+          ref = wasm_runtime->JSToWasmObject(ref, value_type);
+          if (isolate->has_exception()) {
+            interpreter_handle->SetTrapFunctionIndex(func_index);
+            return ReadOnlyRoots(isolate).exception();
+          }
+
+          if ((value_type != wasm::kWasmExternRef &&
+               value_type != wasm::kWasmNullExternRef) &&
+              IsNull(*ref, isolate)) {
+            ref = isolate->factory()->wasm_null();
+          }
+
+          wasm_args[i] = wasm::WasmValue(
+              ref, anyref ? wasm::kWasmAnyRef : wasm::kWasmRefString);
+          arg_buf_ptr += kSystemPointerSize;
+          break;
+        }
+        case wasm::kWasmS128.kind():
+        default:
+          UNREACHABLE();
+      }
+    }
+
+    // Run the function in the interpreter. Note that neither the
+    // {WasmInterpreterObject} nor the {InterpreterHandle} have to exist,
+    // because interpretation might have been triggered by another Isolate
+    // sharing the same WasmEngine.
+    bool success = WasmInterpreterObject::RunInterpreter(
+        isolate, frame_pointer, instance, func_index, wasm_args, wasm_rets);
+
+    // Early return on failure.
+    if (!success) {
+      DCHECK(isolate->has_exception());
+      return ReadOnlyRoots(isolate).exception();
+    }
+
+    // Copy return values from the vector of {WasmValue} into {arg_buffer}. This
+    // also un-boxes reference types from handles into raw pointers.
+    arg_buf_ptr = arg_buffer;
+
+    for (int i = 0; i < num_returns; ++i) {
+#define CASE_RET_TYPE(type, ctype)                                           \
+  case wasm::type:                                                           \
+    DCHECK_EQ(wasm::ValueTypes::ElementSizeInBytes(sig->GetReturn(i)),       \
+              sizeof(ctype));                                                \
+    base::WriteUnalignedValue<ctype>(arg_buf_ptr, wasm_rets[i].to<ctype>()); \
+    arg_buf_ptr += sizeof(ctype);                                            \
+    break;
+
+      switch (sig->GetReturn(i).kind()) {
+        CASE_RET_TYPE(kWasmI32.kind(), uint32_t)
+        CASE_RET_TYPE(kWasmI64.kind(), uint64_t)
+        CASE_RET_TYPE(kWasmF32.kind(), float)
+        CASE_RET_TYPE(kWasmF64.kind(), double)
+#undef CASE_RET_TYPE
+        case wasm::kWasmRefString.kind():
+        case wasm::kWasmAnyRef.kind(): {
+          DCHECK_EQ(wasm::ValueTypes::ElementSizeInBytes(sig->GetReturn(i)),
+                    kSystemPointerSize);
+          Handle<Object> ref = wasm_rets[i].to_ref();
+          // Note: WasmToJSObject(ref) already called in ContinueExecution or
+          // CallExternalJSFunction.
+
+          // Make sure ref slots are 64-bit aligned.
+          arg_buf_ptr += (arg_buf_ptr & 0x04);
+          base::WriteUnalignedValue<Tagged<Object>>(arg_buf_ptr, *ref);
+          arg_buf_ptr += kSystemPointerSize;
+          break;
+        }
+        case wasm::kWasmS128.kind():
+        default:
+          UNREACHABLE();
+      }
+    }
+
+    return ReadOnlyRoots(isolate).undefined_value();
+  }
+}
+
+namespace wasm {
+
+V8_EXPORT_PRIVATE InterpreterHandle* GetInterpreterHandle(
+    Isolate* isolate, Handle<Tuple2> interpreter_object) {
+  Handle<Object> handle(
+      WasmInterpreterObject::get_interpreter_handle(*interpreter_object),
+      isolate);
+  CHECK(!IsUndefined(*handle, isolate));
+  return Cast<Managed<InterpreterHandle>>(handle)->raw();
+}
+
+V8_EXPORT_PRIVATE InterpreterHandle* GetOrCreateInterpreterHandle(
+    Isolate* isolate, Handle<Tuple2> interpreter_object) {
+  Handle<Object> handle(
+      WasmInterpreterObject::get_interpreter_handle(*interpreter_object),
+      isolate);
+  if (IsUndefined(*handle, isolate)) {
+    // Use the maximum stack size to estimate the maximum size of the
+    // interpreter. The interpreter keeps its own stack internally, and the size
+    // of the stack should dominate the overall size of the interpreter. We
+    // multiply by '2' to account for the growing strategy for the backing store
+    // of the stack.
+    size_t interpreter_size = v8_flags.stack_size * KB * 2;
+    handle = Managed<InterpreterHandle>::From(
+        isolate, interpreter_size,
+        std::make_shared<InterpreterHandle>(isolate, interpreter_object));
+    WasmInterpreterObject::set_interpreter_handle(*interpreter_object, *handle);
+  }
+
+  return Cast<Managed<InterpreterHandle>>(handle)->raw();
+}
+
+// A helper for an entry in an indirect function table (IFT).
+// The underlying storage in the instance is used by generated code to
+// call functions indirectly at runtime.
+// Each entry has the following fields:
+// - implicit_arg = A WasmTrustedInstanceData or a WasmImportData.
+// - sig_id = signature id of function.
+// - target = entrypoint to Wasm code or import wrapper code.
+// - function_index = function index, if a Wasm function, or
+// WasmDispatchTable::kInvalidFunctionIndex otherwise.
+class IndirectFunctionTableEntry {
+ public:
+  inline IndirectFunctionTableEntry(Handle<WasmInstanceObject>, int table_index,
+                                    int entry_index);
+
+  inline Tagged<Object> implicit_arg() const {
+    return table_->implicit_arg(index_);
+  }
+  inline int sig_id() const { return table_->sig(index_); }
+  inline Address target() const { return table_->target(index_); }
+  inline uint32_t function_index() const {
+    return table_->function_index(index_);
+  }
+
+ private:
+  Handle<WasmDispatchTable> const table_;
+  int const index_;
+};
+
+IndirectFunctionTableEntry::IndirectFunctionTableEntry(
+    Handle<WasmInstanceObject> instance, int table_index, int entry_index)
+    : table_(table_index != 0
+                 ? handle(Cast<WasmDispatchTable>(
+                              instance->trusted_data(instance->GetIsolate())
+                                  ->dispatch_tables()
+                                  ->get(table_index)),
+                          instance->GetIsolate())
+                 : handle(Cast<WasmDispatchTable>(
+                              instance->trusted_data(instance->GetIsolate())
+                                  ->dispatch_table0()),
+                          instance->GetIsolate())),
+      index_(entry_index) {
+  DCHECK_GE(entry_index, 0);
+  DCHECK_LT(entry_index, table_->length());
+}
+
+WasmInterpreterRuntime::WasmInterpreterRuntime(
+    const WasmModule* module, Isolate* isolate,
+    Handle<WasmInstanceObject> instance_object,
+    WasmInterpreter::CodeMap* codemap)
+    : isolate_(isolate),
+      module_(module),
+      instance_object_(instance_object),
+      codemap_(codemap),
+      start_function_index_(UINT_MAX),
+      trap_function_index_(-1),
+      trap_pc_(0),
+
+      // The old Wasm interpreter used a {ReferenceStackScope} and stated in a
+      // comment that a global handle was not an option because it can lead to a
+      // memory leak if a reference to the {WasmInstanceObject} is put onto the
+      // reference stack and thereby transitively keeps the interpreter alive.
+      // The current Wasm interpreter (located under test/common/wasm) instead
+      // uses a global handle. TODO(paolosev@microsoft.com): verify if this
+      // works.
+      reference_stack_(isolate_->global_handles()->Create(
+          ReadOnlyRoots(isolate_).empty_fixed_array())),
+      current_ref_stack_size_(0),
+      current_thread_(nullptr),
+
+      memory_start_(nullptr),
+      instruction_table_(kInstructionTable),
+      generic_wasm_to_js_interpreter_wrapper_fn_(
+          GeneratedCode<WasmToJSCallSig>::FromAddress(isolate, {}))
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      ,
+      shadow_stack_(nullptr)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+{
+  DCHECK(v8_flags.wasm_jitless);
+
+  InitGlobalAddressCache();
+  InitMemoryAddresses();
+  InitIndirectFunctionTables();
+
+  // Initialize address of GenericWasmToJSInterpreterWrapper builtin.
+  Address wasm_to_js_code_addr_addr =
+      isolate->isolate_root() +
+      IsolateData::BuiltinEntrySlotOffset(Builtin::kWasmInterpreterCWasmEntry);
+  Address wasm_to_js_code_addr =
+      *reinterpret_cast<Address*>(wasm_to_js_code_addr_addr);
+  generic_wasm_to_js_interpreter_wrapper_fn_ =
+      GeneratedCode<WasmToJSCallSig>::FromAddress(isolate,
+                                                  wasm_to_js_code_addr);
+}
+
+WasmInterpreterRuntime::~WasmInterpreterRuntime() {
+  GlobalHandles::Destroy(reference_stack_.location());
+}
+
+void WasmInterpreterRuntime::Reset() {
+  start_function_index_ = UINT_MAX;
+  current_frame_ = {};
+  function_result_ = {};
+  trap_function_index_ = -1;
+  trap_pc_ = 0;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  shadow_stack_ = nullptr;
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+void WasmInterpreterRuntime::InitGlobalAddressCache() {
+  global_addresses_.resize(module_->globals.size());
+  for (size_t index = 0; index < module_->globals.size(); index++) {
+    const WasmGlobal& global = module_->globals[index];
+    if (!global.type.is_reference()) {
+      global_addresses_[index] =
+          wasm_trusted_instance_data()->GetGlobalStorage(global);
+    }
+  }
+}
+
+// static
+void WasmInterpreterRuntime::UpdateMemoryAddress(
+    Handle<WasmInstanceObject> instance) {
+  Isolate* isolate = instance->GetIsolate();
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetOrCreateInterpreterObject(instance);
+  InterpreterHandle* handle =
+      GetOrCreateInterpreterHandle(isolate, interpreter_object);
+  WasmInterpreterRuntime* wasm_runtime =
+      handle->interpreter()->GetWasmRuntime();
+  wasm_runtime->InitMemoryAddresses();
+}
+
+int32_t WasmInterpreterRuntime::MemoryGrow(uint32_t delta_pages) {
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+  // TODO(paolosev@microsoft.com): Support multiple memories.
+  uint32_t memory_index = 0;
+  Handle<WasmMemoryObject> memory(
+      wasm_trusted_instance_data()->memory_object(memory_index), isolate_);
+  int32_t result = WasmMemoryObject::Grow(isolate_, memory, delta_pages);
+  InitMemoryAddresses();
+  return result;
+}
+
+void WasmInterpreterRuntime::InitIndirectFunctionTables() {
+  int table_count = static_cast<int>(module_->tables.size());
+  indirect_call_tables_.resize(table_count);
+  for (int table_index = 0; table_index < table_count; ++table_index) {
+    PurgeIndirectCallCache(table_index);
+  }
+}
+
+bool WasmInterpreterRuntime::TableGet(const uint8_t*& current_code,
+                                      uint32_t table_index,
+                                      uint32_t entry_index,
+                                      Handle<Object>* result) {
+  // This function assumes that it is executed in a HandleScope.
+
+  auto table =
+      handle(Cast<WasmTableObject>(
+                 wasm_trusted_instance_data()->tables()->get(table_index)),
+             isolate_);
+  uint32_t table_size = table->current_length();
+  if (entry_index >= table_size) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+    return false;
+  }
+
+  *result = WasmTableObject::Get(isolate_, table, entry_index);
+  return true;
+}
+
+void WasmInterpreterRuntime::TableSet(const uint8_t*& current_code,
+                                      uint32_t table_index,
+                                      uint32_t entry_index,
+                                      Handle<Object> ref) {
+  // This function assumes that it is executed in a HandleScope.
+
+  auto table =
+      handle(Cast<WasmTableObject>(
+                 wasm_trusted_instance_data()->tables()->get(table_index)),
+             isolate_);
+  uint32_t table_size = table->current_length();
+  if (entry_index >= table_size) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+  } else {
+    WasmTableObject::Set(isolate_, table, entry_index, ref);
+  }
+}
+
+void WasmInterpreterRuntime::TableInit(const uint8_t*& current_code,
+                                       uint32_t table_index,
+                                       uint32_t element_segment_index,
+                                       uint32_t dst, uint32_t src,
+                                       uint32_t size) {
+  HandleScope scope(isolate_);  // Avoid leaking handles.
+
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  auto table =
+      handle(Cast<WasmTableObject>(trusted_data->tables()->get(table_index)),
+             isolate_);
+  if (IsSubtypeOf(table->type(), kWasmFuncRef, module_)) {
+    PurgeIndirectCallCache(table_index);
+  }
+
+  std::optional<MessageTemplate> msg_template =
+      WasmTrustedInstanceData::InitTableEntries(
+          instance_object_->GetIsolate(), trusted_data, trusted_data,
+          table_index, element_segment_index, dst, src, size);
+  // See WasmInstanceObject::InitTableEntries.
+  if (msg_template == MessageTemplate::kWasmTrapTableOutOfBounds) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+  } else if (msg_template ==
+             MessageTemplate::kWasmTrapElementSegmentOutOfBounds) {
+    SetTrap(TrapReason::kTrapElementSegmentOutOfBounds, current_code);
+  }
+}
+
+void WasmInterpreterRuntime::TableCopy(const uint8_t*& current_code,
+                                       uint32_t dst_table_index,
+                                       uint32_t src_table_index, uint32_t dst,
+                                       uint32_t src, uint32_t size) {
+  HandleScope scope(isolate_);  // Avoid leaking handles.
+
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  auto table_dst = handle(
+      Cast<WasmTableObject>(trusted_data->tables()->get(dst_table_index)),
+      isolate_);
+  if (IsSubtypeOf(table_dst->type(), kWasmFuncRef, module_)) {
+    PurgeIndirectCallCache(dst_table_index);
+  }
+
+  if (!WasmTrustedInstanceData::CopyTableEntries(
+          isolate_, trusted_data, dst_table_index, src_table_index, dst, src,
+          size)) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+  }
+}
+
+uint32_t WasmInterpreterRuntime::TableGrow(uint32_t table_index, uint32_t delta,
+                                           Handle<Object> value) {
+  // This function assumes that it is executed in a HandleScope.
+
+  auto table =
+      handle(Cast<WasmTableObject>(
+                 wasm_trusted_instance_data()->tables()->get(table_index)),
+             isolate_);
+  return WasmTableObject::Grow(isolate_, table, delta, value);
+}
+
+uint32_t WasmInterpreterRuntime::TableSize(uint32_t table_index) {
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+  auto table =
+      handle(Cast<WasmTableObject>(
+                 wasm_trusted_instance_data()->tables()->get(table_index)),
+             isolate_);
+  return table->current_length();
+}
+
+void WasmInterpreterRuntime::TableFill(const uint8_t*& current_code,
+                                       uint32_t table_index, uint32_t count,
+                                       Handle<Object> value, uint32_t start) {
+  // This function assumes that it is executed in a HandleScope.
+
+  auto table =
+      handle(Cast<WasmTableObject>(
+                 wasm_trusted_instance_data()->tables()->get(table_index)),
+             isolate_);
+  uint32_t table_size = table->current_length();
+  if (start + count < start ||  // Check for overflow.
+      start + count > table_size) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+    return;
+  }
+
+  if (count == 0) {
+    return;
+  }
+
+  WasmTableObject::Fill(isolate_, table, start, value, count);
+}
+
+bool WasmInterpreterRuntime::MemoryInit(const uint8_t*& current_code,
+                                        uint32_t data_segment_index,
+                                        uint64_t dst, uint64_t src,
+                                        uint64_t size) {
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  Address dst_addr;
+  uint64_t src_max =
+      trusted_data->data_segment_sizes()->get(data_segment_index);
+  if (!BoundsCheckMemRange(dst, &size, &dst_addr) ||
+      !base::IsInBounds(src, size, src_max)) {
+    SetTrap(TrapReason::kTrapMemOutOfBounds, current_code);
+    return false;
+  }
+
+  Address src_addr =
+      trusted_data->data_segment_starts()->get(data_segment_index) + src;
+  std::memmove(reinterpret_cast<void*>(dst_addr),
+               reinterpret_cast<void*>(src_addr), size);
+  return true;
+}
+
+bool WasmInterpreterRuntime::MemoryCopy(const uint8_t*& current_code,
+                                        uint64_t dst, uint64_t src,
+                                        uint64_t size) {
+  Address dst_addr;
+  Address src_addr;
+  if (!BoundsCheckMemRange(dst, &size, &dst_addr) ||
+      !BoundsCheckMemRange(src, &size, &src_addr)) {
+    SetTrap(TrapReason::kTrapMemOutOfBounds, current_code);
+    return false;
+  }
+
+  std::memmove(reinterpret_cast<void*>(dst_addr),
+               reinterpret_cast<void*>(src_addr), size);
+  return true;
+}
+
+bool WasmInterpreterRuntime::MemoryFill(const uint8_t*& current_code,
+                                        uint64_t dst, uint32_t value,
+                                        uint64_t size) {
+  Address dst_addr;
+  if (!BoundsCheckMemRange(dst, &size, &dst_addr)) {
+    SetTrap(TrapReason::kTrapMemOutOfBounds, current_code);
+    return false;
+  }
+
+  std::memset(reinterpret_cast<void*>(dst_addr), value, size);
+  return true;
+}
+
+// Unpack the values encoded in the given exception. The exception values are
+// pushed onto the operand stack.
+void WasmInterpreterRuntime::UnpackException(
+    uint32_t* sp, const WasmTag& tag, Handle<Object> exception_object,
+    uint32_t first_param_slot_index, uint32_t first_param_ref_stack_index) {
+  Handle<FixedArray> encoded_values =
+      Cast<FixedArray>(WasmExceptionPackage::GetExceptionValues(
+          isolate_, Cast<WasmExceptionPackage>(exception_object)));
+  // Decode the exception values from the given exception package and push
+  // them onto the operand stack. This encoding has to be in sync with other
+  // backends so that exceptions can be passed between them.
+  const WasmTagSig* sig = tag.sig;
+  uint32_t encoded_index = 0;
+  uint32_t* p = sp + first_param_slot_index;
+  for (size_t i = 0; i < sig->parameter_count(); ++i) {
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_execution) {
+      TracePush(sig->GetParam(i).kind(), static_cast<uint32_t>(p - sp));
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+    WasmValue value;
+    switch (sig->GetParam(i).kind()) {
+      case kI32: {
+        uint32_t u32 = 0;
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &u32);
+        base::WriteUnalignedValue<uint32_t>(reinterpret_cast<Address>(p), u32);
+        p += sizeof(uint32_t) / kSlotSize;
+        break;
+      }
+      case kF32: {
+        uint32_t f32_bits = 0;
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &f32_bits);
+        float f32 = Float32::FromBits(f32_bits).get_scalar();
+        base::WriteUnalignedValue<float>(reinterpret_cast<Address>(p), f32);
+        p += sizeof(float) / kSlotSize;
+        break;
+      }
+      case kI64: {
+        uint64_t u64 = 0;
+        DecodeI64ExceptionValue(encoded_values, &encoded_index, &u64);
+        base::WriteUnalignedValue<uint64_t>(reinterpret_cast<Address>(p), u64);
+        p += sizeof(uint64_t) / kSlotSize;
+        break;
+      }
+      case kF64: {
+        uint64_t f64_bits = 0;
+        DecodeI64ExceptionValue(encoded_values, &encoded_index, &f64_bits);
+        float f64 = Float64::FromBits(f64_bits).get_scalar();
+        base::WriteUnalignedValue<double>(reinterpret_cast<Address>(p), f64);
+        p += sizeof(double) / kSlotSize;
+        break;
+      }
+      case kS128: {
+        int32x4 s128 = {0, 0, 0, 0};
+        uint32_t* vals = reinterpret_cast<uint32_t*>(s128.val);
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &vals[0]);
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &vals[1]);
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &vals[2]);
+        DecodeI32ExceptionValue(encoded_values, &encoded_index, &vals[3]);
+        base::WriteUnalignedValue<Simd128>(reinterpret_cast<Address>(p),
+                                           Simd128(s128));
+        p += sizeof(Simd128) / kSlotSize;
+        break;
+      }
+      case kRef:
+      case kRefNull: {
+        Handle<Object> ref(encoded_values->get(encoded_index++), isolate_);
+        if (sig->GetParam(i).value_type_code() == wasm::kFuncRefCode &&
+            i::IsNull(*ref, isolate_)) {
+          ref = isolate_->factory()->wasm_null();
+        }
+        StoreWasmRef(first_param_ref_stack_index++, ref);
+        base::WriteUnalignedValue<WasmRef>(reinterpret_cast<Address>(p), ref);
+        p += sizeof(WasmRef) / kSlotSize;
+        break;
+      }
+      default:
+        UNREACHABLE();
+    }
+  }
+  DCHECK_EQ(WasmExceptionPackage::GetEncodedSize(&tag), encoded_index);
+}
+
+namespace {
+void RedirectCodeToUnwindHandler(const uint8_t*& code) {
+  // Resume execution from s2s_Unwind, which unwinds the Wasm stack frames
+  code = reinterpret_cast<uint8_t*>(&s_unwind_code);
+}
+}  // namespace
+
+// Allocate, initialize and throw a new exception. The exception values are
+// being popped off the operand stack.
+void WasmInterpreterRuntime::ThrowException(const uint8_t*& code, uint32_t* sp,
+                                            uint32_t tag_index) {
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+  Handle<WasmTrustedInstanceData> trusted_data = wasm_trusted_instance_data();
+  Handle<WasmExceptionTag> exception_tag(
+      Cast<WasmExceptionTag>(trusted_data->tags_table()->get(tag_index)),
+      isolate_);
+  const WasmTag& tag = module_->tags[tag_index];
+  uint32_t encoded_size = WasmExceptionPackage::GetEncodedSize(&tag);
+  Handle<WasmExceptionPackage> exception_object =
+      WasmExceptionPackage::New(isolate_, exception_tag, encoded_size);
+  Handle<FixedArray> encoded_values = Cast<FixedArray>(
+      WasmExceptionPackage::GetExceptionValues(isolate_, exception_object));
+
+  // Encode the exception values on the operand stack into the exception
+  // package allocated above. This encoding has to be in sync with other
+  // backends so that exceptions can be passed between them.
+  const WasmTagSig* sig = tag.sig;
+  uint32_t encoded_index = 0;
+  for (size_t index = 0; index < sig->parameter_count(); index++) {
+    switch (sig->GetParam(index).kind()) {
+      case kI32: {
+        uint32_t u32 = pop<uint32_t>(sp, code, this);
+        EncodeI32ExceptionValue(encoded_values, &encoded_index, u32);
+        break;
+      }
+      case kF32: {
+        float f32 = pop<float>(sp, code, this);
+        EncodeI32ExceptionValue(encoded_values, &encoded_index,
+                                *reinterpret_cast<uint32_t*>(&f32));
+        break;
+      }
+      case kI64: {
+        uint64_t u64 = pop<uint64_t>(sp, code, this);
+        EncodeI64ExceptionValue(encoded_values, &encoded_index, u64);
+        break;
+      }
+      case kF64: {
+        double f64 = pop<double>(sp, code, this);
+        EncodeI64ExceptionValue(encoded_values, &encoded_index,
+                                *reinterpret_cast<uint64_t*>(&f64));
+        break;
+      }
+      case kS128: {
+        int32x4 s128 = pop<Simd128>(sp, code, this).to_i32x4();
+        EncodeI32ExceptionValue(encoded_values, &encoded_index, s128.val[0]);
+        EncodeI32ExceptionValue(encoded_values, &encoded_index, s128.val[1]);
+        EncodeI32ExceptionValue(encoded_values, &encoded_index, s128.val[2]);
+        EncodeI32ExceptionValue(encoded_values, &encoded_index, s128.val[3]);
+        break;
+      }
+      case kRef:
+      case kRefNull: {
+        Handle<Object> ref = pop<WasmRef>(sp, code, this);
+        if (IsWasmNull(*ref, isolate_)) {
+          ref = handle(ReadOnlyRoots(isolate_).null_value(), isolate_);
+        }
+        encoded_values->set(encoded_index++, *ref);
+        break;
+      }
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  // Keep track of the code offset of the current instruction, which we'll need
+  // to calculate the stack trace from Isolate::Throw.
+  current_frame_.current_bytecode_ = code;
+
+  DCHECK_NOT_NULL(current_thread_);
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  // Now that the exception is ready, set it as pending.
+  {
+    wasm::ClearThreadInWasmScope clear_wasm_flag(isolate_);
+    isolate_->Throw(*exception_object);
+    if (HandleException(sp, code) != WasmInterpreterThread::HANDLED) {
+      RedirectCodeToUnwindHandler(code);
+    }
+  }
+}
+
+// Throw a given existing exception caught by the catch block specified.
+void WasmInterpreterRuntime::RethrowException(const uint8_t*& code,
+                                              uint32_t* sp,
+                                              uint32_t catch_block_index) {
+  // Keep track of the code offset of the current instruction, which we'll need
+  // to calculate the stack trace from Isolate::Throw.
+  current_frame_.current_bytecode_ = code;
+
+  DCHECK_NOT_NULL(current_thread_);
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  // Now that the exception is ready, set it as pending.
+  {
+    wasm::ClearThreadInWasmScope clear_wasm_flag(isolate_);
+    Handle<Object> exception_object =
+        current_frame_.GetCaughtException(isolate_, catch_block_index);
+    DCHECK(!IsTheHole(*exception_object));
+    isolate_->Throw(*exception_object);
+    if (HandleException(sp, code) != WasmInterpreterThread::HANDLED) {
+      RedirectCodeToUnwindHandler(code);
+    }
+  }
+}
+
+// Handle a thrown exception. Returns whether the exception was handled inside
+// of wasm. Unwinds the interpreted stack accordingly.
+WasmInterpreterThread::ExceptionHandlingResult
+WasmInterpreterRuntime::HandleException(uint32_t* sp,
+                                        const uint8_t*& current_code) {
+  DCHECK_IMPLIES(current_code, current_frame_.current_function_);
+  DCHECK_IMPLIES(!current_code, !current_frame_.current_function_);
+  DCHECK(isolate_->has_exception());
+
+  bool catchable = current_frame_.current_function_ &&
+                   isolate_->is_catchable_by_wasm(isolate_->exception());
+  if (catchable) {
+    HandleScope scope(isolate_);
+    Handle<Object> exception = handle(isolate_->exception(), isolate_);
+    Tagged<WasmTrustedInstanceData> trusted_data =
+        *wasm_trusted_instance_data();
+
+    // We might need to allocate a new FixedArray<Object> to store the caught
+    // exception.
+    DCHECK(AllowHeapAllocation::IsAllowed());
+
+    size_t current_code_offset =
+        current_code - current_frame_.current_function_->GetCode();
+    const WasmEHData::TryBlock* try_block =
+        current_frame_.current_function_->GetTryBlock(current_code_offset);
+    while (try_block) {
+      for (const auto& catch_handler : try_block->catch_handlers) {
+        if (catch_handler.tag_index < 0) {
+          // Catch all.
+          current_code = current_frame_.current_function_->GetCode() +
+                         catch_handler.code_offset;
+          current_frame_.SetCaughtException(
+              isolate_, catch_handler.catch_block_index, exception);
+          isolate_->clear_exception();
+          return WasmInterpreterThread::HANDLED;
+        } else if (IsWasmExceptionPackage(*exception, isolate_)) {
+          // The exception was thrown by Wasm code and it's wrapped in a
+          // WasmExceptionPackage.
+          Handle<Object> caught_tag = WasmExceptionPackage::GetExceptionTag(
+              isolate_, Cast<WasmExceptionPackage>(exception));
+          Handle<Object> expected_tag =
+              handle(trusted_data->tags_table()->get(catch_handler.tag_index),
+                     isolate_);
+          DCHECK(IsWasmExceptionTag(*expected_tag));
+          // Determines whether the given exception has a tag matching the
+          // expected tag for the given index within the exception table of the
+          // current instance.
+          if (expected_tag.is_identical_to(caught_tag)) {
+            current_code = current_frame_.current_function_->GetCode() +
+                           catch_handler.code_offset;
+            DCHECK_LT(catch_handler.tag_index, module_->tags.size());
+            const WasmTag& tag = module_->tags[catch_handler.tag_index];
+            auto exception_payload_slot_offsets =
+                current_frame_.current_function_
+                    ->GetExceptionPayloadStartSlotOffsets(
+                        catch_handler.catch_block_index);
+            UnpackException(
+                sp, tag, exception,
+                exception_payload_slot_offsets.first_param_slot_offset,
+                exception_payload_slot_offsets.first_param_ref_stack_index);
+            current_frame_.SetCaughtException(
+                isolate_, catch_handler.catch_block_index, exception);
+            isolate_->clear_exception();
+            return WasmInterpreterThread::HANDLED;
+          }
+        } else {
+          // Check for the special case where the tag is WebAssembly.JSTag and
+          // the exception is not a WebAssembly.Exception. In this case the
+          // exception is caught and pushed on the operand stack.
+          // Only perform this check if the tag signature is the same as
+          // the JSTag signature, i.e. a single externref, otherwise we know
+          // statically that it cannot be the JSTag.
+          DCHECK_LT(catch_handler.tag_index, module_->tags.size());
+          const WasmTagSig* sig = module_->tags[catch_handler.tag_index].sig;
+          if (sig->return_count() != 0 || sig->parameter_count() != 1 ||
+              (sig->GetParam(0).kind() != kRefNull &&
+               sig->GetParam(0).kind() != kRef)) {
+            continue;
+          }
+
+          Handle<JSObject> js_tag_object =
+              handle(isolate_->native_context()->wasm_js_tag(), isolate_);
+          Handle<WasmTagObject> wasm_tag_object(
+              Cast<WasmTagObject>(*js_tag_object), isolate_);
+          Handle<Object> caught_tag = handle(wasm_tag_object->tag(), isolate_);
+          Handle<Object> expected_tag =
+              handle(trusted_data->tags_table()->get(catch_handler.tag_index),
+                     isolate_);
+          if (!expected_tag.is_identical_to(caught_tag)) {
+            continue;
+          }
+
+          current_code = current_frame_.current_function_->GetCode() +
+                         catch_handler.code_offset;
+          // Push exception on the operand stack.
+          auto exception_payload_slot_offsets =
+              current_frame_.current_function_
+                  ->GetExceptionPayloadStartSlotOffsets(
+                      catch_handler.catch_block_index);
+          StoreWasmRef(
+              exception_payload_slot_offsets.first_param_ref_stack_index,
+              exception);
+          base::WriteUnalignedValue<WasmRef>(
+              reinterpret_cast<Address>(
+                  sp + exception_payload_slot_offsets.first_param_slot_offset),
+              exception);
+
+          current_frame_.SetCaughtException(
+              isolate_, catch_handler.catch_block_index, exception);
+          isolate_->clear_exception();
+          return WasmInterpreterThread::HANDLED;
+        }
+      }
+      try_block =
+          current_frame_.current_function_->GetParentTryBlock(try_block);
+    }
+  }
+
+  DCHECK_NOT_NULL(current_thread_);
+  current_thread_->Unwinding();
+  return WasmInterpreterThread::UNWOUND;
+}
+
+bool WasmInterpreterRuntime::AllowsAtomicsWait() const {
+  return !module_->memories.empty() && module_->memories[0].is_shared &&
+         isolate_->allow_atomics_wait();
+}
+
+int32_t WasmInterpreterRuntime::AtomicNotify(uint64_t buffer_offset,
+                                             int32_t val) {
+  if (module_->memories.empty() || !module_->memories[0].is_shared) {
+    return 0;
+  } else {
+    HandleScope handle_scope(isolate_);
+    // TODO(paolosev@microsoft.com): Support multiple memories.
+    uint32_t memory_index = 0;
+    Handle<JSArrayBuffer> array_buffer(wasm_trusted_instance_data()
+                                           ->memory_object(memory_index)
+                                           ->array_buffer(),
+                                       isolate_);
+    int result = FutexEmulation::Wake(*array_buffer, buffer_offset, val);
+    return result;
+  }
+}
+
+int32_t WasmInterpreterRuntime::I32AtomicWait(uint64_t buffer_offset,
+                                              int32_t val, int64_t timeout) {
+  HandleScope handle_scope(isolate_);
+  // TODO(paolosev@microsoft.com): Support multiple memories.
+  uint32_t memory_index = 0;
+  Handle<JSArrayBuffer> array_buffer(
+      wasm_trusted_instance_data()->memory_object(memory_index)->array_buffer(),
+      isolate_);
+  auto result = FutexEmulation::WaitWasm32(isolate_, array_buffer,
+                                           buffer_offset, val, timeout);
+  return result.ToSmi().value();
+}
+
+int32_t WasmInterpreterRuntime::I64AtomicWait(uint64_t buffer_offset,
+                                              int64_t val, int64_t timeout) {
+  HandleScope handle_scope(isolate_);
+  // TODO(paolosev@microsoft.com): Support multiple memories.
+  uint32_t memory_index = 0;
+  Handle<JSArrayBuffer> array_buffer(
+      wasm_trusted_instance_data()->memory_object(memory_index)->array_buffer(),
+      isolate_);
+  auto result = FutexEmulation::WaitWasm64(isolate_, array_buffer,
+                                           buffer_offset, val, timeout);
+  return result.ToSmi().value();
+}
+
+void WasmInterpreterRuntime::BeginExecution(
+    WasmInterpreterThread* thread, uint32_t func_index, Address frame_pointer,
+    uint8_t* interpreter_fp, uint32_t ref_stack_offset,
+    const std::vector<WasmValue>* argument_values) {
+  current_thread_ = thread;
+  start_function_index_ = func_index;
+
+  thread->StartActivation(this, frame_pointer, interpreter_fp, current_frame_);
+
+  current_frame_.current_function_ = nullptr;
+  current_frame_.previous_frame_ = nullptr;
+  current_frame_.current_bytecode_ = nullptr;
+  current_frame_.current_sp_ = interpreter_fp;
+  current_frame_.ref_array_current_sp_ = ref_stack_offset;
+  current_frame_.thread_ = thread;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  current_frame_.current_stack_start_args_ = thread->CurrentStackFrameStart();
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  const FunctionSig* sig = module_->functions[func_index].sig;
+  size_t args_count = 0;
+  uint32_t rets_slots_size = 0;
+  uint32_t ref_rets_count = 0;
+  uint32_t ref_args_count = 0;
+  WasmBytecode* target_function = GetFunctionBytecode(func_index);
+  if (target_function) {
+    args_count = target_function->args_count();
+    rets_slots_size = target_function->rets_slots_size();
+    ref_rets_count = target_function->ref_rets_count();
+    ref_args_count = target_function->ref_args_count();
+  } else {
+    // We begin execution by calling an imported function.
+    args_count = sig->parameter_count();
+    rets_slots_size = WasmBytecode::RetsSizeInSlots(sig);
+    ref_rets_count = WasmBytecode::RefRetsCount(sig);
+    ref_args_count = WasmBytecode::RefArgsCount(sig);
+  }
+
+  // Here GC is disabled, we cannot "resize" the reference_stack_ FixedArray
+  // before having created Handles for the Ref arguments passed in
+  // argument_values.
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+
+  std::vector<Handle<Object>> ref_args;
+  if (ref_args_count > 0) {
+    ref_args.reserve(ref_args_count);
+  }
+
+  uint8_t* p = interpreter_fp + rets_slots_size * kSlotSize;
+
+  // Check stack overflow.
+  const uint8_t* stack_limit = thread->StackLimitAddress();
+  if (V8_UNLIKELY(p + (ref_rets_count + ref_args_count) * sizeof(WasmRef) >=
+                  stack_limit)) {
+    size_t additional_required_size =
+        p + (ref_rets_count + ref_args_count) * sizeof(WasmRef) - stack_limit;
+    if (!thread->ExpandStack(additional_required_size)) {
+      // TODO(paolosev@microsoft.com) - Calculate initial function offset.
+      ClearThreadInWasmScope clear_wasm_flag(isolate_);
+      SealHandleScope shs(isolate_);
+      isolate_->StackOverflow();
+      const pc_t trap_pc = 0;
+      SetTrap(TrapReason::kTrapUnreachable, trap_pc);
+      thread->FinishActivation();
+      return;
+    }
+  }
+
+  if (argument_values) {
+    // We are being called from JS, arguments are passed in the
+    // {argument_values} vector.
+    for (size_t i = 0; i < argument_values->size(); i++) {
+      const WasmValue& value = (*argument_values)[i];
+      switch (value.type().kind()) {
+        case kI32:
+          base::WriteUnalignedValue<int32_t>(reinterpret_cast<Address>(p),
+                                             value.to<int32_t>());
+          p += sizeof(int32_t);
+          break;
+        case kI64:
+          base::WriteUnalignedValue<int64_t>(reinterpret_cast<Address>(p),
+                                             value.to<int64_t>());
+          p += sizeof(int64_t);
+          break;
+        case kF32:
+          base::WriteUnalignedValue<float>(reinterpret_cast<Address>(p),
+                                           value.to<float>());
+          p += sizeof(float);
+          break;
+        case kF64:
+          base::WriteUnalignedValue<double>(reinterpret_cast<Address>(p),
+                                            value.to<double>());
+          p += sizeof(double);
+          break;
+        case kRef:
+        case kRefNull: {
+          Handle<Object> ref = value.to_ref();
+          if (IsJSFunction(*ref, isolate_)) {
+            Tagged<SharedFunctionInfo> sfi = Cast<JSFunction>(ref)->shared();
+            if (sfi->HasWasmExportedFunctionData()) {
+              Tagged<WasmExportedFunctionData> wasm_exported_function_data =
+                  sfi->wasm_exported_function_data();
+              ref = handle(
+                  wasm_exported_function_data->func_ref()->internal(isolate_),
+                  isolate_);
+            }
+          }
+          ref_args.push_back(ref);
+          base::WriteUnalignedValue<WasmRef>(reinterpret_cast<Address>(p),
+                                             WasmRef(nullptr));
+          p += sizeof(WasmRef);
+          break;
+        }
+        case kS128:
+        default:
+          UNREACHABLE();
+      }
+    }
+  } else {
+    // We are being called from Wasm, arguments are already in the stack.
+    for (size_t i = 0; i < args_count; i++) {
+      switch (sig->GetParam(i).kind()) {
+        case kI32:
+          p += sizeof(int32_t);
+          break;
+        case kI64:
+          p += sizeof(int64_t);
+          break;
+        case kF32:
+          p += sizeof(float);
+          break;
+        case kF64:
+          p += sizeof(double);
+          break;
+        case kS128:
+          p += sizeof(Simd128);
+          break;
+        case kRef:
+        case kRefNull: {
+          Handle<Object> ref = base::ReadUnalignedValue<Handle<Object>>(
+              reinterpret_cast<Address>(p));
+          ref_args.push_back(ref);
+          p += sizeof(WasmRef);
+          break;
+        }
+        default:
+          UNREACHABLE();
+      }
+    }
+  }
+
+  {
+    // Once we have read ref argument passed on the stack and we have stored
+    // them into the ref_args vector of Handles, we can re-enable the GC.
+    AllowHeapAllocation allow_gc;
+
+    if (ref_rets_count + ref_args_count > 0) {
+      // Reserve space for reference args and return values in the
+      // reference_stack_.
+      EnsureRefStackSpace(current_frame_.ref_array_length_ + ref_rets_count +
+                          ref_args_count);
+
+      uint32_t ref_stack_arg_index = ref_rets_count;
+      for (uint32_t ref_arg_index = 0; ref_arg_index < ref_args_count;
+           ref_arg_index++) {
+        StoreWasmRef(ref_stack_arg_index++, ref_args[ref_arg_index]);
+      }
+    }
+  }
+}
+
+void WasmInterpreterRuntime::ContinueExecution(WasmInterpreterThread* thread,
+                                               bool called_from_js) {
+  DCHECK_NE(start_function_index_, UINT_MAX);
+
+  uint32_t start_function_index = start_function_index_;
+  FrameState current_frame = current_frame_;
+
+  const uint8_t* code = nullptr;
+  const FunctionSig* sig = nullptr;
+  uint32_t return_count = 0;
+  WasmBytecode* target_function = GetFunctionBytecode(start_function_index_);
+  if (target_function) {
+    sig = target_function->GetFunctionSignature();
+    return_count = target_function->return_count();
+    ExecuteFunction(code, start_function_index_, target_function->args_count(),
+                    0, 0, 0);
+  } else {
+    sig = module_->functions[start_function_index_].sig;
+    return_count = static_cast<uint32_t>(sig->return_count());
+    ExecuteImportedFunction(code, start_function_index_,
+                            static_cast<uint32_t>(sig->parameter_count()), 0, 0,
+                            0);
+  }
+
+  // If there are Ref types in the set of result types defined in the function
+  // signature, they are located from the first ref_stack_ slot of the current
+  // Activation.
+  uint32_t ref_result_slot_index = 0;
+
+  if (state() == WasmInterpreterThread::State::RUNNING) {
+    if (return_count > 0) {
+      uint32_t* dst = reinterpret_cast<uint32_t*>(current_frame_.current_sp_);
+
+      if (called_from_js) {
+        // We are returning the results to a JS caller, we need to store them
+        // into the {function_result_} vector and they will be retrieved via
+        // {GetReturnValue}.
+        function_result_.resize(return_count);
+        for (size_t index = 0; index < return_count; index++) {
+          switch (sig->GetReturn(index).kind()) {
+            case kI32:
+              function_result_[index] =
+                  WasmValue(base::ReadUnalignedValue<int32_t>(
+                      reinterpret_cast<Address>(dst)));
+              dst += sizeof(uint32_t) / kSlotSize;
+              break;
+            case kI64:
+              function_result_[index] =
+                  WasmValue(base::ReadUnalignedValue<int64_t>(
+                      reinterpret_cast<Address>(dst)));
+              dst += sizeof(uint64_t) / kSlotSize;
+              break;
+            case kF32:
+              function_result_[index] =
+                  WasmValue(base::ReadUnalignedValue<float>(
+                      reinterpret_cast<Address>(dst)));
+              dst += sizeof(float) / kSlotSize;
+              break;
+            case kF64:
+              function_result_[index] =
+                  WasmValue(base::ReadUnalignedValue<double>(
+                      reinterpret_cast<Address>(dst)));
+              dst += sizeof(double) / kSlotSize;
+              break;
+            case kRef:
+            case kRefNull: {
+              Handle<Object> ref = ExtractWasmRef(ref_result_slot_index++);
+              ref = WasmToJSObject(ref);
+              function_result_[index] = WasmValue(
+                  ref, sig->GetReturn(index).kind() == kRef ? kWasmRefString
+                                                            : kWasmAnyRef);
+              dst += sizeof(WasmRef) / kSlotSize;
+              break;
+            }
+            case kS128:
+            default:
+              UNREACHABLE();
+          }
+        }
+      } else {
+        // We are returning the results on the stack
+        for (size_t index = 0; index < return_count; index++) {
+          switch (sig->GetReturn(index).kind()) {
+            case kI32:
+              dst += sizeof(uint32_t) / kSlotSize;
+              break;
+            case kI64:
+              dst += sizeof(uint64_t) / kSlotSize;
+              break;
+            case kF32:
+              dst += sizeof(float) / kSlotSize;
+              break;
+            case kF64:
+              dst += sizeof(double) / kSlotSize;
+              break;
+            case kS128:
+              dst += sizeof(Simd128) / kSlotSize;
+              break;
+            case kRef:
+            case kRefNull: {
+              // Make sure the ref result is termporarily stored in a stack
+              // slot, to be retrieved by the caller.
+              Handle<Object> ref = ExtractWasmRef(ref_result_slot_index++);
+              base::WriteUnalignedValue<WasmRef>(reinterpret_cast<Address>(dst),
+                                                 ref);
+              dst += sizeof(WasmRef) / kSlotSize;
+              break;
+            }
+            default:
+              UNREACHABLE();
+          }
+        }
+      }
+    }
+
+    if (ref_result_slot_index > 0) {
+      ClearRefStackValues(current_frame_.ref_array_current_sp_,
+                          ref_result_slot_index);
+    }
+
+    DCHECK(current_frame_.caught_exceptions_.is_null());
+
+    start_function_index_ = start_function_index;
+    current_frame_ = current_frame;
+  } else if (state() == WasmInterpreterThread::State::TRAPPED) {
+    MessageTemplate message_id =
+        WasmOpcodes::TrapReasonToMessageId(thread->GetTrapReason());
+    thread->RaiseException(isolate_, message_id);
+  } else if (state() == WasmInterpreterThread::State::EH_UNWINDING) {
+    // Uncaught exception.
+    thread->Stop();
+  } else {
+    DCHECK_EQ(state(), WasmInterpreterThread::State::STOPPED);
+  }
+
+  thread->FinishActivation();
+  const FrameState* frame_state = thread->GetCurrentActivationFor(this);
+  current_frame_ = frame_state ? *frame_state : FrameState();
+}
+
+void WasmInterpreterRuntime::StoreWasmRef(uint32_t ref_stack_index,
+                                          const WasmRef& ref) {
+  uint32_t index = ref_stack_index + current_frame_.ref_array_current_sp_;
+  if (ref.is_null()) {
+    reference_stack_->set_the_hole(isolate_, index);
+  } else {
+    reference_stack_->set(index, *ref);
+  }
+}
+
+WasmRef WasmInterpreterRuntime::ExtractWasmRef(uint32_t ref_stack_index) {
+  int index =
+      static_cast<int>(ref_stack_index) + current_frame_.ref_array_current_sp_;
+  Handle<Object> ref(reference_stack_->get(index), isolate_);
+  DCHECK(!IsTheHole(*ref, isolate_));
+  return WasmRef(ref);
+}
+
+void WasmInterpreterRuntime::EnsureRefStackSpace(size_t new_size) {
+  if (V8_LIKELY(current_ref_stack_size_ >= new_size)) return;
+  size_t requested_size = base::bits::RoundUpToPowerOfTwo64(new_size);
+  new_size = std::max(size_t{8},
+                      std::max(2 * current_ref_stack_size_, requested_size));
+  int grow_by = static_cast<int>(new_size - current_ref_stack_size_);
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+  Handle<FixedArray> new_ref_stack =
+      isolate_->factory()->CopyFixedArrayAndGrow(reference_stack_, grow_by);
+  new_ref_stack->FillWithHoles(static_cast<int>(current_ref_stack_size_),
+                               static_cast<int>(new_size));
+  isolate_->global_handles()->Destroy(reference_stack_.location());
+  reference_stack_ = isolate_->global_handles()->Create(*new_ref_stack);
+  current_ref_stack_size_ = new_size;
+}
+
+void WasmInterpreterRuntime::ClearRefStackValues(size_t index, size_t count) {
+  reference_stack_->FillWithHoles(static_cast<int>(index),
+                                  static_cast<int>(index + count));
+}
+
+// A tail call should not add an additional stack frame to the interpreter
+// stack. This is implemented by unwinding the current stack frame just before
+// the tail call.
+void WasmInterpreterRuntime::UnwindCurrentStackFrame(
+    uint32_t* sp, uint32_t slot_offset, uint32_t rets_size, uint32_t args_size,
+    uint32_t rets_refs, uint32_t args_refs, uint32_t ref_stack_fp_offset) {
+  // At the moment of the call the interpreter stack is as in the diagram below.
+  // A new interpreter frame for the callee function has been initialized, with
+  // `R` slots to contain the R return values, followed by {args_size} slots to
+  // contain the callee arguments.
+  //
+  // In order to unwind an interpreter stack frame we just copy the content of
+  // the slots that contain the callee arguments into the caller stack frame,
+  // just after the slots of the return values. Note that the return call is
+  // invalid if the number and types of the return values of the callee function
+  // do not exactly match the number and types of the return values of the
+  // caller function. Instead, the number of types of the caller and callee
+  // functions arguments can differ.
+  //
+  // The other slots in the caller frame, for const values and locals, will be
+  // initialized later in ExecuteFunction().
+  //
+  // +----------------------+
+  // | argA-1               |      ^         ^
+  // | ...                  |      |         | ->-----+
+  // | ...                  |      |         |        |
+  // | arg0                 |    callee      v        |
+  // | retR-1               |    frame                |
+  // | ...                  |      |                  |
+  // | ret0                 |      v                  | copy
+  // +----------------------+ (slot_offset)           |
+  // | ...                  |      ^                  V
+  // | <stack slots>        |      |                  |
+  // | <locals slots>       |      |                  |
+  // | <const slots>        |      |         ^        |
+  // | argN-1               |    caller      | <------+
+  // | ...                  |    frame       |
+  // | arg0                 |      |         v
+  // | retR-1               |      |
+  // | ...                  |      |
+  // | ret0                 |      v
+  // +----------------------+ (0)
+
+  uint8_t* next_sp = reinterpret_cast<uint8_t*>(sp);
+  uint8_t* prev_sp = next_sp + slot_offset;
+  // Here {args_size} is the number of arguments expected by the function we are
+  // calling, which can be different from the number of args of the caller
+  // function.
+  ::memmove(next_sp + rets_size, prev_sp, args_size);
+
+  // If some of the argument-slots contain Ref values, we need to move them
+  // accordingly, in the {reference_stack_}.
+  if (rets_refs) {
+    ClearRefStackValues(current_frame_.ref_array_current_sp_, rets_refs);
+  }
+  // Here {args_refs} is the number of reference args expected by the function
+  // we are calling, which can be different from the number of reference args of
+  // the caller function.
+  for (uint32_t i = 0; i < args_refs; i++) {
+    StoreWasmRef(rets_refs + i, ExtractWasmRef(ref_stack_fp_offset + i));
+  }
+  if (ref_stack_fp_offset > rets_refs + args_refs) {
+    ClearRefStackValues(
+        current_frame_.ref_array_current_sp_ + rets_refs + args_refs,
+        ref_stack_fp_offset - rets_refs - args_refs);
+  }
+}
+
+void WasmInterpreterRuntime::StoreRefArgsIntoStackSlots(
+    uint8_t* sp, uint32_t ref_stack_fp_index, const FunctionSig* sig) {
+  // Argument values of type Ref, if present, are already stored in the
+  // reference_stack_ starting at index ref_stack_fp_index + RefRetsCount(sig).
+  // We want to temporarily copy the pointers to these object also in the stack
+  // slots, because functions WasmInterpreter::RunInterpreter() and
+  // WasmInterpreter::CallExternalJSFunction gets all arguments from the stack.
+
+  // TODO(paolosev@microsoft.com) - Too slow?
+  ref_stack_fp_index += WasmBytecode::RefRetsCount(sig);
+
+  size_t args_count = sig->parameter_count();
+  sp += WasmBytecode::RetsSizeInSlots(sig) * kSlotSize;
+  for (size_t i = 0; i < args_count; i++) {
+    switch (sig->GetParam(i).kind()) {
+      case kI32:
+      case kF32:
+        sp += sizeof(int32_t);
+        break;
+      case kI64:
+      case kF64:
+        sp += sizeof(int64_t);
+        break;
+      case kS128:
+        sp += sizeof(Simd128);
+        break;
+      case kRef:
+      case kRefNull: {
+        WasmRef ref = ExtractWasmRef(ref_stack_fp_index++);
+        base::WriteUnalignedValue<WasmRef>(reinterpret_cast<Address>(sp), ref);
+        sp += sizeof(WasmRef);
+        break;
+      }
+      default:
+        UNREACHABLE();
+    }
+  }
+}
+
+void WasmInterpreterRuntime::StoreRefResultsIntoRefStack(
+    uint8_t* sp, uint32_t ref_stack_fp_index, const FunctionSig* sig) {
+  size_t rets_count = sig->return_count();
+  for (size_t i = 0; i < rets_count; i++) {
+    switch (sig->GetReturn(i).kind()) {
+      case kI32:
+      case kF32:
+        sp += sizeof(int32_t);
+        break;
+      case kI64:
+      case kF64:
+        sp += sizeof(int64_t);
+        break;
+      case kS128:
+        sp += sizeof(Simd128);
+        break;
+      case kRef:
+      case kRefNull:
+        StoreWasmRef(ref_stack_fp_index++, base::ReadUnalignedValue<WasmRef>(
+                                               reinterpret_cast<Address>(sp)));
+        sp += sizeof(WasmRef);
+        break;
+      default:
+        UNREACHABLE();
+    }
+  }
+}
+
+void WasmInterpreterRuntime::ExecuteImportedFunction(
+    const uint8_t*& code, uint32_t func_index, uint32_t current_stack_size,
+    uint32_t ref_stack_fp_index, uint32_t slot_offset,
+    uint32_t return_slot_offset) {
+  WasmInterpreterThread* thread = this->thread();
+  DCHECK_NOT_NULL(thread);
+
+  // Store a pointer to the current FrameState before leaving the current
+  // Activation.
+  current_frame_.current_bytecode_ = code;
+  thread->SetCurrentFrame(current_frame_);
+  thread->SetCurrentActivationFrame(
+      reinterpret_cast<uint32_t*>(current_frame_.current_sp_ + slot_offset),
+      slot_offset, current_stack_size, ref_stack_fp_index);
+
+  ExternalCallResult result = CallImportedFunction(
+      code, func_index,
+      reinterpret_cast<uint32_t*>(current_frame_.current_sp_ + slot_offset),
+      current_stack_size, ref_stack_fp_index, slot_offset);
+
+  if (result == ExternalCallResult::EXTERNAL_EXCEPTION) {
+    if (HandleException(reinterpret_cast<uint32_t*>(current_frame_.current_sp_),
+                        code) ==
+        WasmInterpreterThread::ExceptionHandlingResult::HANDLED) {
+      // The exception was caught by Wasm EH. Resume execution,
+      // {HandleException} has already updated {code} to point to the first
+      // instruction in the catch handler.
+      thread->Run();
+    } else {  // ExceptionHandlingResult::UNWRAPPED
+      if (thread->state() != WasmInterpreterThread::State::EH_UNWINDING) {
+        thread->Stop();
+      }
+      // Resume execution from s2s_Unwind, which unwinds the Wasm stack frames.
+      RedirectCodeToUnwindHandler(code);
+    }
+  }
+}
+
+inline DISABLE_CFI_ICALL void CallThroughDispatchTable(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  kInstructionTable[ReadFnId(code) & kInstructionTableMask](
+      code, sp, wasm_runtime, r0, fp0);
+}
+
+// Sets up the current interpreter stack frame to start executing a new function
+// with a tail call. Do not move the stack pointer for the interpreter stack,
+// and avoids calling WasmInterpreterRuntime::ExecuteFunction(), which would add
+// a new C++ stack frame.
+void WasmInterpreterRuntime::PrepareTailCall(const uint8_t*& code,
+                                             uint32_t func_index,
+                                             uint32_t current_stack_size,
+                                             uint32_t return_slot_offset) {
+  // TODO(paolosev@microsoft.com): avoid to duplicate code from ExecuteFunction?
+
+  WASM_STACK_CHECK(isolate_, code);
+
+  WasmBytecode* target_function = GetFunctionBytecode(func_index);
+  DCHECK_NOT_NULL(target_function);
+
+  current_frame_.current_bytecode_ = code;
+
+  current_frame_.current_function_ = target_function;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  current_frame_.current_stack_start_locals_ =
+      current_frame_.current_stack_start_args_ + target_function->args_count();
+  current_frame_.current_stack_start_stack_ =
+      current_frame_.current_stack_start_locals_ +
+      target_function->locals_count();
+
+  if (v8_flags.trace_drumbrake_execution) {
+    Trace("\nTailCallFunction: %d\n", func_index);
+    Trace("= > PushFrame #%d(#%d @%d)\n", current_frame_.current_stack_height_,
+          func_index, 0);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  const uint8_t* stack_limit = current_frame_.thread_->StackLimitAddress();
+  if (V8_UNLIKELY(stack_limit <= current_frame_.current_sp_ ||
+                  !target_function->InitializeSlots(
+                      current_frame_.current_sp_,
+                      stack_limit - current_frame_.current_sp_))) {
+    // Try to resize the stack.
+    size_t additional_required_space =
+        target_function->frame_size() -
+        (stack_limit - current_frame_.current_sp_);
+    // Try again.
+    if (!current_frame_.thread_->ExpandStack(additional_required_space) ||
+        !target_function->InitializeSlots(
+            current_frame_.current_sp_,
+            (stack_limit = current_frame_.thread_->StackLimitAddress()) -
+                current_frame_.current_sp_)) {
+      ClearThreadInWasmScope clear_wasm_flag(isolate_);
+      SealHandleScope shs(isolate_);
+      SetTrap(TrapReason::kTrapUnreachable, code);
+      isolate_->StackOverflow();
+      return;
+    }
+  }
+
+  uint32_t ref_slots_count = target_function->ref_slots_count();
+  if (V8_UNLIKELY(ref_slots_count > 0)) {
+    current_frame_.ref_array_length_ =
+        current_frame_.ref_array_current_sp_ + ref_slots_count;
+    EnsureRefStackSpace(current_frame_.ref_array_length_);
+
+    // Initialize locals of ref types.
+    if (V8_UNLIKELY(target_function->ref_locals_count() > 0)) {
+      uint32_t ref_stack_index =
+          target_function->ref_rets_count() + target_function->ref_args_count();
+      for (uint32_t i = 0; i < target_function->ref_locals_count(); i++) {
+        StoreWasmRef(ref_stack_index++,
+                     WasmRef(isolate_->factory()->null_value()));
+      }
+    }
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  uint32_t shadow_stack_offset = 0;
+  if (v8_flags.trace_drumbrake_execution) {
+    shadow_stack_offset = target_function->rets_slots_size() * kSlotSize;
+    for (uint32_t i = 0; i < target_function->args_count(); i++) {
+      shadow_stack_offset +=
+          TracePush(target_function->arg_type(i).kind(), shadow_stack_offset);
+    }
+
+    // Make room for locals in shadow stack
+    shadow_stack_offset += target_function->const_slots_size_in_bytes();
+    for (size_t i = 0; i < target_function->locals_count(); i++) {
+      shadow_stack_offset +=
+          TracePush(target_function->local_type(i).kind(), shadow_stack_offset);
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  code = target_function->GetCode();
+}
+
+void WasmInterpreterRuntime::ExecuteFunction(const uint8_t*& code,
+                                             uint32_t func_index,
+                                             uint32_t current_stack_size,
+                                             uint32_t ref_stack_fp_offset,
+                                             uint32_t slot_offset,
+                                             uint32_t return_slot_offset) {
+  WASM_STACK_CHECK(isolate_, code);
+
+  // Execute an internal call.
+  WasmBytecode* target_function = GetFunctionBytecode(func_index);
+  DCHECK_NOT_NULL(target_function);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  ShadowStack* prev_shadow_stack = shadow_stack_;
+  ShadowStack shadow_stack;
+  if (v8_flags.trace_drumbrake_execution) {
+    shadow_stack_ = &shadow_stack;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // This HandleScope is used for all handles created in instruction handlers.
+  // We reset it every time we get to a backward jump in a loop.
+  HandleScope handle_scope(GetIsolate());
+
+  current_frame_.current_bytecode_ = code;
+  FrameState prev_frame_state = current_frame_;
+  current_frame_.current_sp_ += slot_offset;
+  current_frame_.handle_scope_ = &handle_scope;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  current_frame_.current_stack_start_args_ +=
+      (current_stack_size - target_function->args_count());
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  current_frame_.current_function_ = target_function;
+  current_frame_.previous_frame_ = &prev_frame_state;
+  current_frame_.caught_exceptions_ = Handle<FixedArray>::null();
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  current_frame_.current_stack_height_++;
+  current_frame_.current_stack_start_locals_ =
+      current_frame_.current_stack_start_args_ + target_function->args_count();
+  current_frame_.current_stack_start_stack_ =
+      current_frame_.current_stack_start_locals_ +
+      target_function->locals_count();
+
+  if (v8_flags.trace_drumbrake_execution) {
+    Trace("\nCallFunction: %d\n", func_index);
+    Trace("= > PushFrame #%d(#%d @%d)\n", current_frame_.current_stack_height_,
+          func_index, 0);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  const uint8_t* stack_limit = current_frame_.thread_->StackLimitAddress();
+  if (V8_UNLIKELY(stack_limit <= current_frame_.current_sp_ ||
+                  !target_function->InitializeSlots(
+                      current_frame_.current_sp_,
+                      stack_limit - current_frame_.current_sp_))) {
+    // Try to resize the stack.
+    size_t additional_required_space =
+        target_function->frame_size() -
+        (stack_limit - current_frame_.current_sp_);
+    // Try again.
+    if (!current_frame_.thread_->ExpandStack(additional_required_space) ||
+        !target_function->InitializeSlots(
+            current_frame_.current_sp_,
+            (stack_limit = current_frame_.thread_->StackLimitAddress()) -
+                current_frame_.current_sp_)) {
+      ClearThreadInWasmScope clear_wasm_flag(isolate_);
+      SealHandleScope shs(isolate_);
+      SetTrap(TrapReason::kTrapUnreachable, code);
+      isolate_->StackOverflow();
+      return;
+    }
+  }
+
+  uint32_t ref_slots_count = target_function->ref_slots_count();
+  current_frame_.ref_array_current_sp_ += ref_stack_fp_offset;
+  if (V8_UNLIKELY(ref_slots_count > 0)) {
+    current_frame_.ref_array_length_ =
+        current_frame_.ref_array_current_sp_ + ref_slots_count;
+    EnsureRefStackSpace(current_frame_.ref_array_length_);
+
+    // Initialize locals of ref types.
+    if (V8_UNLIKELY(target_function->ref_locals_count() > 0)) {
+      uint32_t ref_stack_index =
+          target_function->ref_rets_count() + target_function->ref_args_count();
+      for (uint32_t i = 0; i < target_function->locals_count(); i++) {
+        ValueType local_type = target_function->local_type(i);
+        if (local_type == kWasmExternRef || local_type == kWasmNullExternRef) {
+          StoreWasmRef(ref_stack_index++,
+                       WasmRef(isolate_->factory()->null_value()));
+        } else if (local_type.is_reference()) {
+          StoreWasmRef(ref_stack_index++,
+                       WasmRef(isolate_->factory()->wasm_null()));
+        }
+      }
+    }
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  uint32_t shadow_stack_offset = 0;
+  if (v8_flags.trace_drumbrake_execution) {
+    shadow_stack_offset = target_function->rets_slots_size() * kSlotSize;
+    for (uint32_t i = 0; i < target_function->args_count(); i++) {
+      shadow_stack_offset +=
+          TracePush(target_function->arg_type(i).kind(), shadow_stack_offset);
+    }
+
+    // Make room for locals in shadow stack
+    shadow_stack_offset += target_function->const_slots_size_in_bytes();
+    for (size_t i = 0; i < target_function->locals_count(); i++) {
+      shadow_stack_offset +=
+          TracePush(target_function->local_type(i).kind(), shadow_stack_offset);
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  const uint8_t* callee_code = target_function->GetCode();
+  int64_t r0 = 0;
+  double fp0 = .0;
+
+  // Execute function
+  CallThroughDispatchTable(
+      callee_code, reinterpret_cast<uint32_t*>(current_frame_.current_sp_),
+      this, r0, fp0);
+
+  uint32_t ref_slots_to_clear =
+      ref_slots_count - target_function->ref_rets_count();
+  if (V8_UNLIKELY(ref_slots_to_clear > 0)) {
+    ClearRefStackValues(current_frame_.ref_array_current_sp_ +
+                            target_function->ref_rets_count(),
+                        ref_slots_to_clear);
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  shadow_stack_ = prev_shadow_stack;
+
+  if (v8_flags.trace_drumbrake_execution && shadow_stack_ != nullptr &&
+      prev_frame_state.current_function_) {
+    for (size_t i = 0; i < target_function->args_count(); i++) {
+      TracePop();
+    }
+
+    for (size_t i = 0; i < target_function->return_count(); i++) {
+      return_slot_offset +=
+          TracePush(target_function->return_type(i).kind(), return_slot_offset);
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  current_frame_.handle_scope_ = nullptr;
+  current_frame_.DisposeCaughtExceptionsArray(isolate_);
+  current_frame_ = prev_frame_state;
+
+  // Check state.
+  WasmInterpreterThread::State current_state = state();
+  if (V8_UNLIKELY(current_state != WasmInterpreterThread::State::RUNNING)) {
+    switch (current_state) {
+      case WasmInterpreterThread::State::EH_UNWINDING:
+        DCHECK(isolate_->has_exception());
+        if (!current_frame_.current_function_) {
+          // We unwound the whole call stack without finding a catch handler.
+          current_frame_.thread_->Stop();
+          RedirectCodeToUnwindHandler(code);
+        } else if (HandleException(
+                       reinterpret_cast<uint32_t*>(current_frame_.current_sp_),
+                       code) == WasmInterpreterThread::HANDLED) {
+          trap_handler::SetThreadInWasm();
+          current_frame_.thread_->Run();
+        } else {
+          RedirectCodeToUnwindHandler(code);
+        }
+        break;
+
+      case WasmInterpreterThread::State::TRAPPED:
+      case WasmInterpreterThread::State::STOPPED:
+        RedirectCodeToUnwindHandler(code);
+        break;
+
+      default:
+        UNREACHABLE();
+    }
+  }
+  // TODO(paolosev@microsoft.com): StackCheck.
+}
+
+void WasmInterpreterRuntime::PurgeIndirectCallCache(uint32_t table_index) {
+  DCHECK_LT(table_index, indirect_call_tables_.size());
+  const WasmTable& table = module_->tables[table_index];
+  if (IsSubtypeOf(table.type, kWasmFuncRef, module_)) {
+    size_t length =
+        Tagged<WasmDispatchTable>::cast(
+            wasm_trusted_instance_data()->dispatch_tables()->get(table_index))
+            ->length();
+    indirect_call_tables_[table_index].resize(length);
+    for (size_t i = 0; i < length; i++) {
+      indirect_call_tables_[table_index][i] = {};
+    }
+  }
+}
+
+// static
+void WasmInterpreterRuntime::ClearIndirectCallCacheEntry(
+    Isolate* isolate, Handle<WasmInstanceObject> instance, uint32_t table_index,
+    uint32_t entry_index) {
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetOrCreateInterpreterObject(instance);
+  InterpreterHandle* handle =
+      GetOrCreateInterpreterHandle(isolate, interpreter_object);
+  WasmInterpreterRuntime* wasm_runtime =
+      handle->interpreter()->GetWasmRuntime();
+  DCHECK_LT(table_index, wasm_runtime->indirect_call_tables_.size());
+  DCHECK_LT(entry_index,
+            wasm_runtime->indirect_call_tables_[table_index].size());
+  wasm_runtime->indirect_call_tables_[table_index][entry_index] = {};
+}
+
+// static
+void WasmInterpreterRuntime::UpdateIndirectCallTable(
+    Isolate* isolate, Handle<WasmInstanceObject> instance,
+    uint32_t table_index) {
+  Handle<Tuple2> interpreter_object =
+      WasmTrustedInstanceData::GetOrCreateInterpreterObject(instance);
+  InterpreterHandle* handle =
+      GetOrCreateInterpreterHandle(isolate, interpreter_object);
+  WasmInterpreterRuntime* wasm_runtime =
+      handle->interpreter()->GetWasmRuntime();
+  wasm_runtime->PurgeIndirectCallCache(table_index);
+}
+
+bool WasmInterpreterRuntime::CheckIndirectCallSignature(
+    uint32_t table_index, uint32_t entry_index, uint32_t sig_index) const {
+  const WasmTable& table = module_->tables[table_index];
+  bool needs_type_check = !EquivalentTypes(
+      table.type.AsNonNull(), ValueType::Ref(sig_index), module_, module_);
+  bool needs_null_check = table.type.is_nullable();
+
+  // Copied from Liftoff.
+  // We do both the type check and the null check by checking the signature,
+  // so this shares most code. For the null check we then only check if the
+  // stored signature is != -1.
+  if (needs_type_check || needs_null_check) {
+    const IndirectCallTable& dispatch_table =
+        indirect_call_tables_[table_index];
+    uint32_t real_sig_id = dispatch_table[entry_index].sig_index;
+    uint32_t canonical_sig_id =
+        module_->isorecursive_canonical_type_ids[sig_index];
+    if (!needs_type_check) {
+      // Only check for -1 (nulled table entry).
+      if (real_sig_id == uint32_t(-1)) return false;
+    } else if (!module_->types[sig_index].is_final) {
+      if (real_sig_id == canonical_sig_id) return true;
+      if (needs_null_check && (real_sig_id == uint32_t(-1))) return false;
+
+      Tagged<Map> rtt = Tagged<Map>::cast(isolate_->heap()
+                                              ->wasm_canonical_rtts()
+                                              ->Get(real_sig_id)
+                                              .GetHeapObject());
+      Handle<Map> formal_rtt = RttCanon(sig_index);
+      return SubtypeCheck(rtt, *formal_rtt, sig_index);
+    } else {
+      if (real_sig_id != canonical_sig_id) return false;
+    }
+  }
+
+  return true;
+}
+
+void WasmInterpreterRuntime::ExecuteIndirectCall(
+    const uint8_t*& current_code, uint32_t table_index, uint32_t sig_index,
+    uint32_t entry_index, uint32_t stack_pos, uint32_t* sp,
+    uint32_t ref_stack_fp_offset, uint32_t slot_offset,
+    uint32_t return_slot_offset, bool is_tail_call) {
+  DCHECK_LT(table_index, indirect_call_tables_.size());
+
+  IndirectCallTable& table = indirect_call_tables_[table_index];
+
+  // Bounds check against table size.
+  DCHECK_GE(
+      table.size(),
+      Tagged<WasmDispatchTable>::cast(
+          wasm_trusted_instance_data()->dispatch_tables()->get(table_index))
+          ->length());
+  if (entry_index >= table.size()) {
+    SetTrap(TrapReason::kTrapTableOutOfBounds, current_code);
+    return;
+  }
+
+  if (!table[entry_index]) {
+    HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+
+    IndirectFunctionTableEntry entry(instance_object_, table_index,
+                                     entry_index);
+    const FunctionSig* signature = module_->signature(sig_index);
+
+    Handle<Object> object_implicit_arg = handle(entry.implicit_arg(), isolate_);
+    if (IsWasmTrustedInstanceData(*object_implicit_arg)) {
+      Tagged<WasmTrustedInstanceData> trusted_instance_object =
+          Cast<WasmTrustedInstanceData>(*object_implicit_arg);
+      Handle<WasmInstanceObject> instance_object = handle(
+          Cast<WasmInstanceObject>(trusted_instance_object->instance_object()),
+          isolate_);
+      if (instance_object_.is_identical_to(instance_object)) {
+        // Call to an import.
+        uint32_t func_index = entry.function_index();
+        table[entry_index] = IndirectCallValue(func_index, entry.sig_id());
+      } else {
+        // Cross-instance call.
+        table[entry_index] = IndirectCallValue(signature, entry.sig_id());
+      }
+    } else {
+      // Call JS function.
+      table[entry_index] = IndirectCallValue(signature, entry.sig_id());
+    }
+  }
+
+  if (!CheckIndirectCallSignature(table_index, entry_index, sig_index)) {
+    SetTrap(TrapReason::kTrapFuncSigMismatch, current_code);
+    return;
+  }
+
+  IndirectCallValue indirect_call = table[entry_index];
+  DCHECK(indirect_call);
+
+  if (indirect_call.mode == IndirectCallValue::Mode::kInternalCall) {
+    if (is_tail_call) {
+      PrepareTailCall(current_code, indirect_call.func_index, stack_pos,
+                      return_slot_offset);
+    } else {
+      ExecuteFunction(current_code, indirect_call.func_index, stack_pos,
+                      ref_stack_fp_offset, slot_offset, return_slot_offset);
+      if (state() == WasmInterpreterThread::State::TRAPPED ||
+          state() == WasmInterpreterThread::State::STOPPED ||
+          state() == WasmInterpreterThread::State::EH_UNWINDING) {
+        RedirectCodeToUnwindHandler(current_code);
+      }
+    }
+  } else {
+    // ExternalCall
+    HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+
+    DCHECK_NOT_NULL(indirect_call.signature);
+
+    // Store a pointer to the current FrameState before leaving the current
+    // Activation.
+    WasmInterpreterThread* thread = this->thread();
+    current_frame_.current_bytecode_ = current_code;
+    thread->SetCurrentFrame(current_frame_);
+    thread->SetCurrentActivationFrame(sp, slot_offset, stack_pos,
+                                      ref_stack_fp_offset);
+
+    // TODO(paolosev@microsoft.com): Optimize this code.
+    IndirectFunctionTableEntry entry(instance_object_, table_index,
+                                     entry_index);
+    Handle<Object> object_implicit_arg = handle(entry.implicit_arg(), isolate_);
+
+    if (IsWasmTrustedInstanceData(*object_implicit_arg)) {
+      // Call Wasm function in a different instance.
+
+      // Note that tail calls across WebAssembly module boundaries should
+      // guarantee tail behavior, so this implementation does not conform to the
+      // spec for a tail call. But it is really difficult to implement
+      // cross-instance calls in the interpreter without recursively adding C++
+      // stack frames.
+      Handle<WasmInstanceObject> target_instance =
+          handle(Cast<WasmInstanceObject>(
+                     Cast<WasmTrustedInstanceData>(*object_implicit_arg)
+                         ->instance_object()),
+                 isolate_);
+
+      // Make sure the target WasmInterpreterObject and InterpreterHandle exist.
+      Handle<Tuple2> interpreter_object =
+          WasmTrustedInstanceData::GetOrCreateInterpreterObject(
+              target_instance);
+      GetOrCreateInterpreterHandle(isolate_, interpreter_object);
+
+      Address frame_pointer = FindInterpreterEntryFramePointer(isolate_);
+
+      {
+        // We should not allocate anything in the heap and avoid GCs after we
+        // store ref arguments into stack slots.
+        DisallowHeapAllocation no_gc;
+
+        uint8_t* fp = reinterpret_cast<uint8_t*>(sp) + slot_offset;
+        StoreRefArgsIntoStackSlots(fp, ref_stack_fp_offset,
+                                   indirect_call.signature);
+        bool success = WasmInterpreterObject::RunInterpreter(
+            isolate_, frame_pointer, target_instance, entry.function_index(),
+            fp);
+        if (success) {
+          StoreRefResultsIntoRefStack(fp, ref_stack_fp_offset,
+                                      indirect_call.signature);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+          // Update shadow stack
+          if (v8_flags.trace_drumbrake_execution && shadow_stack_ != nullptr) {
+            for (size_t i = 0; i < indirect_call.signature->parameter_count();
+                 i++) {
+              TracePop();
+            }
+
+            for (size_t i = 0; i < indirect_call.signature->return_count();
+                 i++) {
+              return_slot_offset +=
+                  TracePush(indirect_call.signature->GetReturn(i).kind(),
+                            return_slot_offset);
+            }
+          }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+        } else {
+          thread->Stop();
+          RedirectCodeToUnwindHandler(current_code);
+        }
+      }
+    } else {
+      // We should not allocate anything in the heap and avoid GCs after we
+      // store ref arguments into stack slots.
+      DisallowHeapAllocation no_gc;
+
+      // Note that tail calls to host functions do not have to guarantee tail
+      // behaviour, so it is ok to recursively allocate C++ stack frames here.
+      uint8_t* fp = reinterpret_cast<uint8_t*>(sp) + slot_offset;
+      StoreRefArgsIntoStackSlots(fp, ref_stack_fp_offset,
+                                 indirect_call.signature);
+      ExternalCallResult result = CallExternalJSFunction(
+          current_code, module_, object_implicit_arg, indirect_call.signature,
+          sp + slot_offset / kSlotSize, slot_offset);
+      if (result == ExternalCallResult::EXTERNAL_RETURNED) {
+        StoreRefResultsIntoRefStack(fp, ref_stack_fp_offset,
+                                    indirect_call.signature);
+      } else {  // ExternalCallResult::EXTERNAL_EXCEPTION
+        AllowHeapAllocation allow_gc;
+
+        if (HandleException(sp, current_code) ==
+            WasmInterpreterThread::ExceptionHandlingResult::UNWOUND) {
+          thread->Stop();
+          RedirectCodeToUnwindHandler(current_code);
+        }
+      }
+    }
+  }
+}
+
+void WasmInterpreterRuntime::ExecuteCallRef(
+    const uint8_t*& current_code, WasmRef func_ref, uint32_t sig_index,
+    uint32_t stack_pos, uint32_t* sp, uint32_t ref_stack_fp_offset,
+    uint32_t slot_offset, uint32_t return_slot_offset, bool is_tail_call) {
+  if (IsWasmFuncRef(*func_ref)) {
+    func_ref =
+        handle(Cast<WasmFuncRef>(*func_ref)->internal(isolate_), isolate_);
+  }
+  if (IsWasmInternalFunction(*func_ref)) {
+    Tagged<WasmInternalFunction> wasm_internal_function =
+        Cast<WasmInternalFunction>(*func_ref);
+    Tagged<Object> ref = wasm_internal_function->implicit_arg();
+    if (IsWasmImportData(ref)) {
+      func_ref = handle(ref, isolate_);
+    } else {
+      DCHECK(IsWasmTrustedInstanceData(ref));
+      func_ref = WasmInternalFunction::GetOrCreateExternal(
+          handle(wasm_internal_function, isolate_));
+      DCHECK(IsJSFunction(*func_ref) || IsUndefined(*func_ref));
+    }
+  }
+
+  const FunctionSig* signature = module_->signature(sig_index);
+
+  // ExternalCall
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+
+  // Store a pointer to the current FrameState before leaving the current
+  // Activation.
+  WasmInterpreterThread* thread = this->thread();
+  current_frame_.current_bytecode_ = current_code;
+  thread->SetCurrentFrame(current_frame_);
+  thread->SetCurrentActivationFrame(sp, slot_offset, stack_pos,
+                                    ref_stack_fp_offset);
+
+  // We should not allocate anything in the heap and avoid GCs after we
+  // store ref arguments into stack slots.
+  DisallowHeapAllocation no_gc;
+
+  // Note that tail calls to host functions do not have to guarantee tail
+  // behaviour, so it is ok to recursively allocate C++ stack frames here.
+  uint8_t* fp = reinterpret_cast<uint8_t*>(sp) + slot_offset;
+  StoreRefArgsIntoStackSlots(fp, ref_stack_fp_offset, signature);
+  ExternalCallResult result =
+      CallExternalJSFunction(current_code, module_, func_ref, signature,
+                             sp + slot_offset / kSlotSize, slot_offset);
+  if (result == ExternalCallResult::EXTERNAL_RETURNED) {
+    StoreRefResultsIntoRefStack(fp, ref_stack_fp_offset, signature);
+  } else {  // ExternalCallResult::EXTERNAL_EXCEPTION
+    AllowHeapAllocation allow_gc;
+
+    if (HandleException(sp, current_code) ==
+        WasmInterpreterThread::ExceptionHandlingResult::UNWOUND) {
+      thread->Stop();
+      RedirectCodeToUnwindHandler(current_code);
+    }
+  }
+}
+
+ExternalCallResult WasmInterpreterRuntime::CallImportedFunction(
+    const uint8_t*& current_code, uint32_t function_index, uint32_t* sp,
+    uint32_t current_stack_size, uint32_t ref_stack_fp_offset,
+    uint32_t current_slot_offset) {
+  DCHECK_GT(module_->num_imported_functions, function_index);
+  HandleScope handle_scope(isolate_);  // Avoid leaking handles.
+
+  const FunctionSig* sig = module_->functions[function_index].sig;
+
+  ImportedFunctionEntry entry(wasm_trusted_instance_data(), function_index);
+  int target_function_index = entry.function_index_in_called_module();
+  if (target_function_index >= 0) {
+    // WasmToWasm call.
+    DCHECK(IsWasmTrustedInstanceData(entry.implicit_arg()));
+    Handle<WasmInstanceObject> target_instance =
+        handle(Cast<WasmInstanceObject>(
+                   Cast<WasmTrustedInstanceData>(entry.implicit_arg())
+                       ->instance_object()),
+               isolate_);
+
+    // Make sure the WasmInterpreterObject and InterpreterHandle for this
+    // instance exist.
+    Handle<Tuple2> interpreter_object =
+        WasmTrustedInstanceData::GetOrCreateInterpreterObject(target_instance);
+    GetOrCreateInterpreterHandle(isolate_, interpreter_object);
+
+    Address frame_pointer = FindInterpreterEntryFramePointer(isolate_);
+
+    {
+      // We should not allocate anything in the heap and avoid GCs after we
+      // store ref arguments into stack slots.
+      DisallowHeapAllocation no_gc;
+
+      uint8_t* fp = reinterpret_cast<uint8_t*>(sp);
+      StoreRefArgsIntoStackSlots(fp, ref_stack_fp_offset, sig);
+      // Note that tail calls across WebAssembly module boundaries should
+      // guarantee tail behavior, so this implementation does not conform to the
+      // spec for a tail call. But it is really difficult to implement
+      // cross-instance calls in the interpreter without recursively adding C++
+      // stack frames.
+
+      // TODO(paolosev@microsoft.com) - Is it possible to short-circuit this in
+      // the case where we are calling a function in the same Wasm instance,
+      // with a simple call to WasmInterpreterRuntime::ExecuteFunction()?
+      bool success = WasmInterpreterObject::RunInterpreter(
+          isolate_, frame_pointer, target_instance, target_function_index, fp);
+      if (success) {
+        StoreRefResultsIntoRefStack(fp, ref_stack_fp_offset, sig);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+        // Update shadow stack
+        if (v8_flags.trace_drumbrake_execution && shadow_stack_ != nullptr) {
+          for (size_t i = 0; i < sig->parameter_count(); i++) {
+            TracePop();
+          }
+
+          for (size_t i = 0; i < sig->return_count(); i++) {
+            current_slot_offset +=
+                TracePush(sig->GetReturn(i).kind(), current_slot_offset);
+          }
+        }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+        return ExternalCallResult::EXTERNAL_RETURNED;
+      }
+      return ExternalCallResult::EXTERNAL_EXCEPTION;
+    }
+  } else {
+    // WasmToJS call.
+
+    // Note that tail calls to host functions do not have to guarantee tail
+    // behaviour, so it is ok to recursively allocate C++ stack frames here.
+
+    Handle<Object> object_implicit_arg(entry.implicit_arg(), isolate_);
+
+    // We should not allocate anything in the heap and avoid GCs after we store
+    // ref arguments into stack slots.
+    DisallowHeapAllocation no_gc;
+
+    uint8_t* fp = reinterpret_cast<uint8_t*>(sp);
+    StoreRefArgsIntoStackSlots(fp, ref_stack_fp_offset, sig);
+    ExternalCallResult result =
+        CallExternalJSFunction(current_code, module_, object_implicit_arg, sig,
+                               sp, current_slot_offset);
+    if (result == ExternalCallResult::EXTERNAL_RETURNED) {
+      StoreRefResultsIntoRefStack(fp, ref_stack_fp_offset, sig);
+    }
+    return result;
+  }
+}
+
+// static
+int WasmInterpreterRuntime::memory_start_offset() {
+  return OFFSET_OF(WasmInterpreterRuntime, memory_start_);
+}
+
+// static
+int WasmInterpreterRuntime::instruction_table_offset() {
+  return OFFSET_OF(WasmInterpreterRuntime, instruction_table_);
+}
+
+struct StackHandlerMarker {
+  Address next;
+  Address padding;
+};
+
+void WasmInterpreterRuntime::CallWasmToJSBuiltin(Isolate* isolate,
+                                                 Handle<Object> object_ref,
+                                                 Address packed_args,
+                                                 const FunctionSig* sig) {
+  DCHECK(!WasmBytecode::ContainsSimd(sig));
+  Handle<Object> callable;
+  if (IsWasmImportData(*object_ref)) {
+    callable = handle(Cast<WasmImportData>(*object_ref)->callable(), isolate);
+  } else {
+    callable = object_ref;
+    DCHECK(!IsUndefined(*callable));
+  }
+
+  // TODO(paolosev@microsoft.com) - Can callable be a JSProxy?
+  Handle<Object> js_function = callable;
+  while (IsJSBoundFunction(*js_function, isolate_)) {
+    if (IsJSBoundFunction(*js_function, isolate_)) {
+      js_function = handle(
+          Cast<JSBoundFunction>(js_function)->bound_target_function(), isolate);
+    }
+  }
+
+  if (IsJSProxy(*js_function, isolate_)) {
+    do {
+      Tagged<HeapObject> target = Cast<JSProxy>(js_function)->target(isolate);
+      js_function = Handle<Object>(target, isolate);
+    } while (IsJSProxy(*js_function, isolate_));
+  }
+
+  if (!IsJSFunction(*js_function, isolate_)) {
+    AllowHeapAllocation allow_gc;
+    trap_handler::ClearThreadInWasm();
+
+    isolate->set_exception(*isolate_->factory()->NewTypeError(
+        MessageTemplate::kWasmTrapJSTypeError));
+    return;
+  }
+
+  // Save and restore context around invocation and block the
+  // allocation of handles without explicit handle scopes.
+  SaveContext save(isolate);
+  SealHandleScope shs(isolate);
+
+  Address saved_c_entry_fp = *isolate->c_entry_fp_address();
+  Address saved_js_entry_sp = *isolate->js_entry_sp_address();
+  if (saved_js_entry_sp == kNullAddress) {
+    *isolate->js_entry_sp_address() = GetCurrentStackPosition();
+  }
+  StackHandlerMarker stack_handler;
+  stack_handler.next = isolate->thread_local_top()->handler_;
+#ifdef V8_USE_ADDRESS_SANITIZER
+  stack_handler.padding = GetCurrentStackPosition();
+#else
+  stack_handler.padding = 0;
+#endif
+  isolate->thread_local_top()->handler_ =
+      reinterpret_cast<Address>(&stack_handler);
+  if (trap_handler::IsThreadInWasm()) {
+    trap_handler::ClearThreadInWasm();
+  }
+
+  {
+    RCS_SCOPE(isolate, RuntimeCallCounterId::kJS_Execution);
+    Address result = generic_wasm_to_js_interpreter_wrapper_fn_.Call(
+        (*js_function).ptr(), packed_args, isolate->isolate_root(), sig,
+        saved_c_entry_fp, (*callable).ptr());
+    if (result != kNullAddress) {
+      isolate->set_exception(Tagged<Object>(result));
+      if (trap_handler::IsThreadInWasm()) {
+        trap_handler::ClearThreadInWasm();
+      }
+    } else {
+      current_thread_->Run();
+      if (!trap_handler::IsThreadInWasm()) {
+        trap_handler::SetThreadInWasm();
+      }
+    }
+  }
+
+  isolate->thread_local_top()->handler_ = stack_handler.next;
+  if (saved_js_entry_sp == kNullAddress) {
+    *isolate->js_entry_sp_address() = saved_js_entry_sp;
+  }
+  *isolate->c_entry_fp_address() = saved_c_entry_fp;
+}
+
+ExternalCallResult WasmInterpreterRuntime::CallExternalJSFunction(
+    const uint8_t*& current_code, const WasmModule* module,
+    Handle<Object> object_ref, const FunctionSig* sig, uint32_t* sp,
+    uint32_t current_stack_slot) {
+  // TODO(paolosev@microsoft.com) Cache IsJSCompatibleSignature result?
+  if (!IsJSCompatibleSignature(sig)) {
+    AllowHeapAllocation allow_gc;
+    ClearThreadInWasmScope clear_wasm_flag(isolate_);
+
+    isolate_->Throw(*isolate_->factory()->NewTypeError(
+        MessageTemplate::kWasmTrapJSTypeError));
+    return ExternalCallResult::EXTERNAL_EXCEPTION;
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    Trace("  => Calling external function\n");
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // Copy the arguments to one buffer.
+  CWasmArgumentsPacker packer(CWasmArgumentsPacker::TotalSize(sig));
+  uint32_t* p = sp + WasmBytecode::RetsSizeInSlots(sig);
+  for (size_t i = 0; i < sig->parameter_count(); ++i) {
+    switch (sig->GetParam(i).kind()) {
+      case kI32:
+        packer.Push(
+            base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(p)));
+        p += sizeof(int32_t) / kSlotSize;
+        break;
+      case kI64:
+        packer.Push(
+            base::ReadUnalignedValue<int64_t>(reinterpret_cast<Address>(p)));
+        p += sizeof(int64_t) / kSlotSize;
+        break;
+      case kF32:
+        packer.Push(
+            base::ReadUnalignedValue<float>(reinterpret_cast<Address>(p)));
+        p += sizeof(float) / kSlotSize;
+        break;
+      case kF64:
+        packer.Push(
+            base::ReadUnalignedValue<double>(reinterpret_cast<Address>(p)));
+        p += sizeof(double) / kSlotSize;
+        break;
+      case kRef:
+      case kRefNull: {
+        Handle<Object> ref =
+            base::ReadUnalignedValue<WasmRef>(reinterpret_cast<Address>(p));
+        ref = WasmToJSObject(ref);
+        packer.Push(*ref);
+        p += sizeof(WasmRef) / kSlotSize;
+        break;
+      }
+      case kS128:
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  DCHECK_NOT_NULL(current_thread_);
+  current_thread_->StopExecutionTimer();
+  {
+    // If there were Ref values passed as arguments they have already been read
+    // in BeginExecution(), so we can re-enable GC.
+    AllowHeapAllocation allow_gc;
+
+    CallWasmToJSBuiltin(isolate_, object_ref, packer.argv(), sig);
+  }
+  current_thread_->StartExecutionTimer();
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    Trace("  => External wasm function returned%s\n",
+          isolate_->has_exception() ? " with exception" : "");
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  if (V8_UNLIKELY(isolate_->has_exception())) {
+    return ExternalCallResult::EXTERNAL_EXCEPTION;
+  }
+
+  // Push return values.
+  if (sig->return_count() > 0) {
+    packer.Reset();
+    for (size_t i = 0; i < sig->return_count(); i++) {
+      switch (sig->GetReturn(i).kind()) {
+        case kI32:
+          base::WriteUnalignedValue<int32_t>(reinterpret_cast<Address>(sp),
+                                             packer.Pop<uint32_t>());
+          sp += sizeof(uint32_t) / kSlotSize;
+          break;
+        case kI64:
+          base::WriteUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp),
+                                              packer.Pop<uint64_t>());
+          sp += sizeof(uint64_t) / kSlotSize;
+          break;
+        case kF32:
+          base::WriteUnalignedValue<float>(reinterpret_cast<Address>(sp),
+                                           packer.Pop<float>());
+          sp += sizeof(float) / kSlotSize;
+          break;
+        case kF64:
+          base::WriteUnalignedValue<double>(reinterpret_cast<Address>(sp),
+                                            packer.Pop<double>());
+          sp += sizeof(double) / kSlotSize;
+          break;
+        case kRef:
+        case kRefNull:
+          // TODO(paolosev@microsoft.com): Handle WasmNull case?
+#ifdef V8_COMPRESS_POINTERS
+        {
+          Address address = packer.Pop<Address>();
+          Handle<Object> ref(Tagged<Object>(address), isolate_);
+          if (sig->GetReturn(i).value_type_code() == wasm::kFuncRefCode &&
+              i::IsNull(*ref, isolate_)) {
+            ref = isolate_->factory()->wasm_null();
+          }
+          ref = JSToWasmObject(ref, sig->GetReturn(i));
+          if (isolate_->has_exception()) {
+            return ExternalCallResult::EXTERNAL_EXCEPTION;
+          }
+          base::WriteUnalignedValue<Handle<Object>>(
+              reinterpret_cast<Address>(sp), ref);
+          sp += sizeof(WasmRef) / kSlotSize;
+        }
+#else
+          CHECK(false);  // Not supported.
+#endif  // V8_COMPRESS_POINTERS
+        break;
+        case kS128:
+        default:
+          UNREACHABLE();
+      }
+    }
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  uint32_t return_slot_offset = 0;
+  if (v8_flags.trace_drumbrake_execution && shadow_stack_ != nullptr) {
+    for (size_t i = 0; i < sig->parameter_count(); i++) {
+      TracePop();
+    }
+
+    for (size_t i = 0; i < sig->return_count(); i++) {
+      return_slot_offset +=
+          TracePush(sig->GetReturn(i).kind(), return_slot_offset);
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  return ExternalCallResult::EXTERNAL_RETURNED;
+}
+
+Handle<Map> WasmInterpreterRuntime::RttCanon(uint32_t type_index) const {
+  Handle<Map> rtt{
+      Cast<Map>(
+          wasm_trusted_instance_data()->managed_object_maps()->get(type_index)),
+      isolate_};
+  return rtt;
+}
+
+std::pair<Handle<WasmStruct>, const StructType*>
+WasmInterpreterRuntime::StructNewUninitialized(uint32_t index) const {
+  const StructType* struct_type = module_->struct_type(index);
+  Handle<Map> rtt = RttCanon(index);
+  return {isolate_->factory()->NewWasmStructUninitialized(struct_type, rtt),
+          struct_type};
+}
+
+std::pair<Handle<WasmArray>, const ArrayType*>
+WasmInterpreterRuntime::ArrayNewUninitialized(uint32_t length,
+                                              uint32_t array_index) const {
+  const ArrayType* array_type = GetArrayType(array_index);
+  if (V8_UNLIKELY(static_cast<int>(length) < 0 ||
+                  static_cast<int>(length) >
+                      WasmArray::MaxLength(array_type))) {
+    return {};
+  }
+
+  Handle<Map> rtt = RttCanon(array_index);
+  return {
+      {isolate_->factory()->NewWasmArrayUninitialized(length, rtt), isolate_},
+      array_type};
+}
+
+WasmRef WasmInterpreterRuntime::WasmArrayNewSegment(uint32_t array_index,
+                                                    uint32_t segment_index,
+                                                    uint32_t offset,
+                                                    uint32_t length) {
+  Handle<Map> rtt = RttCanon(array_index);
+  // Call runtime function Runtime_WasmArrayNewSegment. Store the arguments in
+  // reverse order and pass a pointer to the first argument, which is the last
+  // on the stack.
+  //
+  // args[args_length] -> |       rtt        |
+  //                      |      length      |
+  //                      |      offset      |
+  //                      |  segment_index   |
+  //    first_arg_addr -> | trusted_instance |
+  //
+  constexpr size_t kArgsLength = 5;
+  Address args[kArgsLength] = {rtt->ptr(), IntToSmi(length), IntToSmi(offset),
+                               IntToSmi(segment_index),
+                               wasm_trusted_instance_data()->ptr()};
+  Address* first_arg_addr = &args[kArgsLength - 1];
+
+  // A runtime function can throw, therefore we need to make sure that the
+  // current activation is up-to-date, if we need to traverse the call stack.
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  Address result =
+      Runtime_WasmArrayNewSegment(kArgsLength, first_arg_addr, isolate_);
+  if (isolate_->has_exception()) return {};
+
+  return handle(Tagged<Object>(result), isolate_);
+}
+
+bool WasmInterpreterRuntime::WasmArrayInitSegment(uint32_t segment_index,
+                                                  WasmRef wasm_array,
+                                                  uint32_t array_offset,
+                                                  uint32_t segment_offset,
+                                                  uint32_t length) {
+  // Call runtime function Runtime_WasmArrayInitSegment. Store the arguments in
+  // reverse order and pass a pointer to the first argument, which is the last
+  // on the stack.
+  //
+  // args[args_length] -> |      length       |
+  //                      |  segment_offset   |
+  //                      |   array_offset    |
+  //                      |    wasm_array     |
+  //                      |   segment_index   |
+  //    first_arg_addr -> | trusted_instance  |
+  //
+  constexpr size_t kArgsLength = 6;
+  Address args[kArgsLength] = {
+      IntToSmi(length),        IntToSmi(segment_offset),
+      IntToSmi(array_offset),  (*wasm_array).ptr(),
+      IntToSmi(segment_index), wasm_trusted_instance_data()->ptr()};
+  Address* first_arg_addr = &args[kArgsLength - 1];
+
+  // A runtime function can throw, therefore we need to make sure that the
+  // current activation is up-to-date, if we need to traverse the call stack.
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  Runtime_WasmArrayInitSegment(kArgsLength, first_arg_addr, isolate_);
+  return (!isolate_->has_exception());
+}
+
+bool WasmInterpreterRuntime::WasmArrayCopy(WasmRef dest_wasm_array,
+                                           uint32_t dest_index,
+                                           WasmRef src_wasm_array,
+                                           uint32_t src_index,
+                                           uint32_t length) {
+  // Call runtime function Runtime_WasmArrayCopy. Store the arguments in reverse
+  // order and pass a pointer to the first argument, which is the last on the
+  // stack.
+  //
+  // args[args_length] -> |     length     |
+  //                      |   src_index    |
+  //                      |   src_array    |
+  //                      |   dest_index   |
+  //    first_arg_addr -> |   dest_array   |
+  //
+  constexpr size_t kArgsLength = 5;
+  Address args[kArgsLength] = {IntToSmi(length), IntToSmi(src_index),
+                               (*src_wasm_array).ptr(), IntToSmi(dest_index),
+                               (*dest_wasm_array).ptr()};
+  Address* first_arg_addr = &args[kArgsLength - 1];
+
+  // A runtime function can throw, therefore we need to make sure that the
+  // current activation is up-to-date, if we need to traverse the call stack.
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  Runtime_WasmArrayCopy(kArgsLength, first_arg_addr, isolate_);
+  return (!isolate_->has_exception());
+}
+
+WasmRef WasmInterpreterRuntime::WasmJSToWasmObject(
+    WasmRef extern_ref, ValueType value_type, uint32_t canonical_index) const {
+  // Call runtime function Runtime_WasmJSToWasmObject. Store the arguments in
+  // reverse order and pass a pointer to the first argument, which is the last
+  // on the stack.
+  //
+  // args[args_length] -> | canonical type index |
+  //                      | value_type represent.|
+  //    first_arg_addr -> |      extern_ref      |
+  //
+  constexpr size_t kArgsLength = 3;
+  Address args[kArgsLength] = {
+      IntToSmi(canonical_index),  // TODO(paolosev@microsoft.com)
+      IntToSmi(value_type.raw_bit_field()), (*extern_ref).ptr()};
+  Address* first_arg_addr = &args[kArgsLength - 1];
+
+  // A runtime function can throw, therefore we need to make sure that the
+  // current activation is up-to-date, if we need to traverse the call stack.
+  current_thread_->SetCurrentFrame(current_frame_);
+
+  Address result =
+      Runtime_WasmJSToWasmObject(kArgsLength, first_arg_addr, isolate_);
+  if (isolate_->has_exception()) return {};
+
+  return handle(Tagged<Object>(result), isolate_);
+}
+
+WasmRef WasmInterpreterRuntime::JSToWasmObject(WasmRef extern_ref,
+                                               ValueType type) const {
+  uint32_t canonical_index = 0;
+  if (type.has_index()) {
+    canonical_index =
+        module_->isorecursive_canonical_type_ids[type.ref_index()];
+    type = wasm::ValueType::RefMaybeNull(canonical_index, type.nullability());
+  }
+  const char* error_message;
+  {
+    Handle<Object> result;
+    if (wasm::JSToWasmObject(isolate_, extern_ref, type, canonical_index,
+                             &error_message)
+            .ToHandle(&result)) {
+      return result;
+    }
+  }
+
+  {
+    // Only in case of exception it can allocate.
+    AllowHeapAllocation allow_gc;
+
+    if (v8_flags.wasm_jitless && trap_handler::IsThreadInWasm()) {
+      trap_handler::ClearThreadInWasm();
+    }
+    Tagged<Object> result = isolate_->Throw(*isolate_->factory()->NewTypeError(
+        MessageTemplate::kWasmTrapJSTypeError));
+    return handle(result, isolate_);
+  }
+}
+
+WasmRef WasmInterpreterRuntime::WasmToJSObject(WasmRef value) const {
+  if (IsWasmFuncRef(*value)) {
+    value = handle(Cast<WasmFuncRef>(*value)->internal(isolate_), isolate_);
+  }
+  if (IsWasmInternalFunction(*value)) {
+    Handle<WasmInternalFunction> internal = Cast<WasmInternalFunction>(value);
+    return WasmInternalFunction::GetOrCreateExternal(internal);
+  }
+  if (IsWasmNull(*value)) {
+    return handle(ReadOnlyRoots(isolate_).null_value(), isolate_);
+  }
+  return value;
+}
+
+// Implementation similar to Liftoff's SubtypeCheck in
+// src\wasm\baseline\liftoff-compiler.cc.
+bool WasmInterpreterRuntime::SubtypeCheck(Tagged<Map> rtt,
+                                          Tagged<Map> formal_rtt,
+                                          uint32_t type_index) const {
+  // Constant-time subtyping check: load exactly one candidate RTT from the
+  // supertypes list.
+  // Step 1: load the WasmTypeInfo.
+  Tagged<WasmTypeInfo> type_info = rtt->wasm_type_info();
+
+  // Step 2: check the list's length if needed.
+  uint32_t rtt_depth = GetSubtypingDepth(module_, type_index);
+  if (rtt_depth >= kMinimumSupertypeArraySize &&
+      static_cast<uint32_t>(type_info->supertypes_length()) <= rtt_depth) {
+    return false;
+  }
+
+  // Step 3: load the candidate list slot into {tmp1}, and compare it.
+  Tagged<Object> supertype = type_info->supertypes(rtt_depth);
+  if (formal_rtt != supertype) return false;
+  return true;
+}
+
+// Implementation similar to Liftoff's SubtypeCheck in
+// src\wasm\baseline\liftoff-compiler.cc.
+bool WasmInterpreterRuntime::SubtypeCheck(const WasmRef obj,
+                                          const ValueType obj_type,
+                                          const Handle<Map> rtt,
+                                          const ValueType rtt_type,
+                                          bool null_succeeds) const {
+  bool is_cast_from_any = obj_type.is_reference_to(HeapType::kAny);
+
+  // Skip the null check if casting from any and not {null_succeeds}.
+  // In that case the instance type check will identify null as not being a
+  // wasm object and fail.
+  if (obj_type.is_nullable() && (!is_cast_from_any || null_succeeds)) {
+    if (obj_type == kWasmExternRef || obj_type == kWasmNullExternRef) {
+      if (i::IsNull(*obj, isolate_)) return null_succeeds;
+    } else {
+      if (i::IsWasmNull(*obj, isolate_)) return null_succeeds;
+    }
+  }
+
+  // Add Smi check if the source type may store a Smi (i31ref or JS Smi).
+  ValueType i31ref = ValueType::Ref(HeapType::kI31);
+  // Ref.extern can also contain Smis, however there isn't any type that
+  // could downcast to ref.extern.
+  DCHECK(!rtt_type.is_reference_to(HeapType::kExtern));
+  // Ref.i31 check has its own implementation.
+  DCHECK(!rtt_type.is_reference_to(HeapType::kI31));
+  if (IsSmi(*obj)) {
+    return IsSubtypeOf(i31ref, rtt_type, module_);
+  }
+
+  if (!IsHeapObject(*obj)) return false;
+  Tagged<Map> obj_map = Cast<HeapObject>(obj)->map();
+
+  if (module_->types[rtt_type.ref_index()].is_final) {
+    // In this case, simply check for map equality.
+    if (*obj_map != *rtt) {
+      return false;
+    }
+  } else {
+    // Check for rtt equality, and if not, check if the rtt is a struct/array
+    // rtt.
+    if (*obj_map == *rtt) {
+      return true;
+    }
+
+    if (is_cast_from_any) {
+      // Check for map being a map for a wasm object (struct, array, func).
+      InstanceType obj_type = obj_map->instance_type();
+      if (obj_type < FIRST_WASM_OBJECT_TYPE ||
+          obj_type > LAST_WASM_OBJECT_TYPE) {
+        return false;
+      }
+    }
+
+    return SubtypeCheck(obj_map, *rtt, rtt_type.ref_index());
+  }
+
+  return true;
+}
+
+using TypeChecker = bool (*)(const WasmRef obj);
+
+template <TypeChecker type_checker>
+bool AbstractTypeCast(Isolate* isolate, const WasmRef obj,
+                      const ValueType obj_type, bool null_succeeds) {
+  if (null_succeeds && obj_type.is_nullable() &&
+      WasmInterpreterRuntime::IsNull(isolate, obj, obj_type)) {
+    return true;
+  }
+  return type_checker(obj);
+}
+
+static bool EqCheck(const WasmRef obj) {
+  if (IsSmi(*obj)) {
+    return true;
+  }
+  if (!IsHeapObject(*obj)) return false;
+  InstanceType instance_type = Cast<HeapObject>(obj)->map()->instance_type();
+  return instance_type >= FIRST_WASM_OBJECT_TYPE &&
+         instance_type <= LAST_WASM_OBJECT_TYPE;
+}
+bool WasmInterpreterRuntime::RefIsEq(const WasmRef obj,
+                                     const ValueType obj_type,
+                                     bool null_succeeds) const {
+  return AbstractTypeCast<&EqCheck>(isolate_, obj, obj_type, null_succeeds);
+}
+
+static bool I31Check(const WasmRef obj) { return IsSmi(*obj); }
+bool WasmInterpreterRuntime::RefIsI31(const WasmRef obj,
+                                      const ValueType obj_type,
+                                      bool null_succeeds) const {
+  return AbstractTypeCast<&I31Check>(isolate_, obj, obj_type, null_succeeds);
+}
+
+static bool StructCheck(const WasmRef obj) {
+  if (IsSmi(*obj)) {
+    return false;
+  }
+  if (!IsHeapObject(*obj)) return false;
+  InstanceType instance_type = Cast<HeapObject>(obj)->map()->instance_type();
+  return instance_type == WASM_STRUCT_TYPE;
+}
+bool WasmInterpreterRuntime::RefIsStruct(const WasmRef obj,
+                                         const ValueType obj_type,
+                                         bool null_succeeds) const {
+  return AbstractTypeCast<&StructCheck>(isolate_, obj, obj_type, null_succeeds);
+}
+
+static bool ArrayCheck(const WasmRef obj) {
+  if (IsSmi(*obj)) {
+    return false;
+  }
+  if (!IsHeapObject(*obj)) return false;
+  InstanceType instance_type = Cast<HeapObject>(obj)->map()->instance_type();
+  return instance_type == WASM_ARRAY_TYPE;
+}
+bool WasmInterpreterRuntime::RefIsArray(const WasmRef obj,
+                                        const ValueType obj_type,
+                                        bool null_succeeds) const {
+  return AbstractTypeCast<&ArrayCheck>(isolate_, obj, obj_type, null_succeeds);
+}
+
+static bool StringCheck(const WasmRef obj) {
+  if (IsSmi(*obj)) {
+    return false;
+  }
+  if (!IsHeapObject(*obj)) return false;
+  InstanceType instance_type = Cast<HeapObject>(obj)->map()->instance_type();
+  return instance_type < FIRST_NONSTRING_TYPE;
+}
+bool WasmInterpreterRuntime::RefIsString(const WasmRef obj,
+                                         const ValueType obj_type,
+                                         bool null_succeeds) const {
+  return AbstractTypeCast<&StringCheck>(isolate_, obj, obj_type, null_succeeds);
+}
+
+void WasmInterpreterRuntime::SetTrap(TrapReason trap_reason, pc_t trap_pc) {
+  trap_function_index_ =
+      current_frame_.current_function_
+          ? current_frame_.current_function_->GetFunctionIndex()
+          : 0;
+  DCHECK_GE(trap_function_index_, 0);
+  DCHECK_LT(trap_function_index_, module_->functions.size());
+
+  trap_pc_ = trap_pc;
+  thread()->Trap(trap_reason, trap_function_index_, static_cast<int>(trap_pc_),
+                 current_frame_);
+}
+
+void WasmInterpreterRuntime::SetTrap(TrapReason trap_reason,
+                                     const uint8_t*& code) {
+  SetTrap(trap_reason,
+          current_frame_.current_function_
+              ? current_frame_.current_function_->GetPcFromTrapCode(code)
+              : 0);
+  RedirectCodeToUnwindHandler(code);
+}
+
+void WasmInterpreterRuntime::ResetCurrentHandleScope() {
+  current_frame_.ResetHandleScope(isolate_);
+}
+
+std::vector<WasmInterpreterStackEntry>
+WasmInterpreterRuntime::GetInterpretedStack(Address frame_pointer) const {
+  // The current thread can be nullptr if we throw an exception before calling
+  // {BeginExecution}.
+  if (current_thread_) {
+    WasmInterpreterThread::Activation* activation =
+        current_thread_->GetActivation(frame_pointer);
+    if (activation) {
+      return activation->GetStackTrace();
+    }
+
+    // DCHECK_GE(trap_function_index_, 0);
+    return {{trap_function_index_, static_cast<int>(trap_pc_)}};
+  }
+
+  // It is possible to throw before entering a Wasm function, while converting
+  // the args from JS to Wasm, with JSToWasmObject.
+  return {{0, 0}};
+}
+
+int WasmInterpreterRuntime::GetFunctionIndex(Address frame_pointer,
+                                             int index) const {
+  if (current_thread_) {
+    WasmInterpreterThread::Activation* activation =
+        current_thread_->GetActivation(frame_pointer);
+    if (activation) {
+      return activation->GetFunctionIndex(index);
+    }
+  }
+  return -1;
+}
+
+void WasmInterpreterRuntime::SetTrapFunctionIndex(int32_t func_index) {
+  trap_function_index_ = func_index;
+  trap_pc_ = 0;
+}
+
+void WasmInterpreterRuntime::PrintStack(uint32_t* sp, RegMode reg_mode,
+                                        int64_t r0, double fp0) {
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (tracer_ && tracer_->ShouldTraceFunction(
+                     current_frame_.current_function_->GetFunctionIndex())) {
+    shadow_stack_->Print(this, sp, current_frame_.current_stack_start_args_,
+                         current_frame_.current_stack_start_locals_,
+                         current_frame_.current_stack_start_stack_, reg_mode,
+                         r0, fp0);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+InterpreterTracer* WasmInterpreterRuntime::GetTracer() {
+  if (tracer_ == nullptr) tracer_.reset(new InterpreterTracer(-1));
+  return tracer_.get();
+}
+
+void WasmInterpreterRuntime::Trace(const char* format, ...) {
+  if (!current_frame_.current_function_) {
+    // This can happen when the entry function is an imported JS function.
+    return;
+  }
+  InterpreterTracer* tracer = GetTracer();
+  if (tracer->ShouldTraceFunction(
+          current_frame_.current_function_->GetFunctionIndex())) {
+    va_list arguments;
+    va_start(arguments, format);
+    base::OS::VFPrint(tracer->file(), format, arguments);
+    va_end(arguments);
+    tracer->CheckFileSize();
+  }
+}
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+// static
+ModuleWireBytes InterpreterHandle::GetBytes(Tagged<Tuple2> interpreter_object) {
+  Tagged<WasmInstanceObject> wasm_instance =
+      WasmInterpreterObject::get_wasm_instance(interpreter_object);
+  NativeModule* native_module = wasm_instance->module_object()->native_module();
+  return ModuleWireBytes{native_module->wire_bytes()};
+}
+
+InterpreterHandle::InterpreterHandle(Isolate* isolate,
+                                     Handle<Tuple2> interpreter_object)
+    : isolate_(isolate),
+      module_(WasmInterpreterObject::get_wasm_instance(*interpreter_object)
+                  ->module_object()
+                  ->module()),
+      interpreter_(
+          isolate, module_, GetBytes(*interpreter_object),
+          handle(WasmInterpreterObject::get_wasm_instance(*interpreter_object),
+                 isolate)) {}
+
+inline WasmInterpreterThread::State InterpreterHandle::RunExecutionLoop(
+    WasmInterpreterThread* thread, bool called_from_js) {
+  // If there were Ref values passed as arguments they have already been read
+  // in BeginExecution(), so we can re-enable GC.
+  AllowHeapAllocation allow_gc;
+
+  bool finished = false;
+  WasmInterpreterThread::State state = thread->state();
+  if (state != WasmInterpreterThread::State::RUNNING) {
+    return state;
+  }
+
+  while (!finished) {
+    state = ContinueExecution(thread, called_from_js);
+    switch (state) {
+      case WasmInterpreterThread::State::FINISHED:
+      case WasmInterpreterThread::State::RUNNING:
+        // Perfect, just break the switch and exit the loop.
+        finished = true;
+        break;
+      case WasmInterpreterThread::State::TRAPPED: {
+        if (!isolate_->has_exception()) {
+          // An exception handler was found, keep running the loop.
+          if (!trap_handler::IsThreadInWasm()) {
+            trap_handler::SetThreadInWasm();
+          }
+          break;
+        }
+        thread->Stop();
+        [[fallthrough]];
+      }
+      case WasmInterpreterThread::State::STOPPED:
+        // An exception happened, and the current activation was unwound
+        // without hitting a local exception handler. All that remains to be
+        // done is finish the activation and let the exception propagate.
+        DCHECK(isolate_->has_exception());
+        return state;  // Either STOPPED or TRAPPED.
+      case WasmInterpreterThread::State::EH_UNWINDING: {
+        thread->Stop();
+        return WasmInterpreterThread::State::STOPPED;
+      }
+    }
+  }
+  return state;
+}
+
+V8_EXPORT_PRIVATE bool InterpreterHandle::Execute(
+    WasmInterpreterThread* thread, Address frame_pointer, uint32_t func_index,
+    const std::vector<WasmValue>& argument_values,
+    std::vector<WasmValue>& return_values) {
+  DCHECK_GT(module()->functions.size(), func_index);
+  const FunctionSig* sig = module()->functions[func_index].sig;
+  DCHECK_EQ(sig->parameter_count(), argument_values.size());
+  DCHECK_EQ(sig->return_count(), return_values.size());
+
+  thread->StartExecutionTimer();
+  interpreter_.BeginExecution(thread, func_index, frame_pointer,
+                              thread->NextFrameAddress(),
+                              thread->NextRefStackOffset(), argument_values);
+
+  WasmInterpreterThread::State state = RunExecutionLoop(thread, true);
+  thread->StopExecutionTimer();
+
+  switch (state) {
+    case WasmInterpreterThread::RUNNING:
+    case WasmInterpreterThread::FINISHED:
+      for (unsigned i = 0; i < sig->return_count(); ++i) {
+        return_values[i] = interpreter_.GetReturnValue(i);
+      }
+      return true;
+
+    case WasmInterpreterThread::TRAPPED:
+      for (unsigned i = 0; i < sig->return_count(); ++i) {
+        return_values[i] = WasmValue(0xDEADBEEF);
+      }
+      return false;
+
+    case WasmInterpreterThread::STOPPED:
+      return false;
+
+    case WasmInterpreterThread::EH_UNWINDING:
+      UNREACHABLE();
+  }
+}
+
+bool InterpreterHandle::Execute(WasmInterpreterThread* thread,
+                                Address frame_pointer, uint32_t func_index,
+                                uint8_t* interpreter_fp) {
+  DCHECK_GT(module()->functions.size(), func_index);
+
+  interpreter_.BeginExecution(thread, func_index, frame_pointer,
+                              interpreter_fp);
+  WasmInterpreterThread::State state = RunExecutionLoop(thread, false);
+  return (state == WasmInterpreterThread::RUNNING ||
+          state == WasmInterpreterThread::FINISHED);
+}
+
+Handle<WasmInstanceObject> InterpreterHandle::GetInstanceObject() {
+  DebuggableStackFrameIterator it(isolate_);
+  WasmInterpreterEntryFrame* frame =
+      WasmInterpreterEntryFrame::cast(it.frame());
+  Handle<WasmInstanceObject> instance_obj(frame->wasm_instance(), isolate_);
+  // Check that this is indeed the instance which is connected to this
+  // interpreter.
+  DCHECK_EQ(this,
+            Cast<Managed<InterpreterHandle>>(
+                WasmInterpreterObject::get_interpreter_handle(
+                    instance_obj->trusted_data(isolate_)->interpreter_object()))
+                ->raw());
+  return instance_obj;
+}
+
+std::vector<WasmInterpreterStackEntry> InterpreterHandle::GetInterpretedStack(
+    Address frame_pointer) {
+  return interpreter_.GetInterpretedStack(frame_pointer);
+}
+
+int InterpreterHandle::GetFunctionIndex(Address frame_pointer,
+                                        int index) const {
+  return interpreter_.GetFunctionIndex(frame_pointer, index);
+}
+
+void InterpreterHandle::SetTrapFunctionIndex(int32_t func_index) {
+  interpreter_.SetTrapFunctionIndex(func_index);
+}
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.h b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.h
new file mode 100644
index 00000000000000..fd9419579d64b7
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-runtime.h
@@ -0,0 +1,461 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_H_
+
+#include <memory>
+#include <vector>
+
+#include "src/base/vector.h"
+#include "src/execution/simulator.h"
+#include "src/wasm/interpreter/wasm-interpreter.h"
+
+namespace v8 {
+
+namespace internal {
+class WasmInstanceObject;
+
+namespace wasm {
+class InterpreterTracer;
+class WasmBytecodeGenerator;
+struct WasmTag;
+
+class WasmInterpreterRuntime {
+ public:
+  WasmInterpreterRuntime(const WasmModule* module, Isolate* isolate,
+                         Handle<WasmInstanceObject> instance_object,
+                         WasmInterpreter::CodeMap* codemap);
+  ~WasmInterpreterRuntime();
+
+  void Reset();
+
+  inline WasmBytecode* GetFunctionBytecode(uint32_t func_index);
+
+  std::vector<WasmInterpreterStackEntry> GetInterpretedStack(
+      Address frame_pointer) const;
+
+  int GetFunctionIndex(Address frame_pointer, int index) const;
+
+  void SetTrapFunctionIndex(int32_t func_index);
+
+  inline Isolate* GetIsolate() const { return isolate_; }
+
+  inline uint8_t* GetGlobalAddress(uint32_t index);
+  inline Handle<Object> GetGlobalRef(uint32_t index) const;
+  inline void SetGlobalRef(uint32_t index, Handle<Object> ref) const;
+
+  int32_t MemoryGrow(uint32_t delta_pages);
+  inline uint64_t MemorySize() const;
+  inline bool IsMemory64() const;
+  inline uint8_t* GetMemoryStart() const { return memory_start_; }
+  inline size_t GetMemorySize() const;
+
+  bool MemoryInit(const uint8_t*& current_code, uint32_t data_segment_index,
+                  uint64_t dst, uint64_t src, uint64_t size);
+  bool MemoryCopy(const uint8_t*& current_code, uint64_t dst, uint64_t src,
+                  uint64_t size);
+  bool MemoryFill(const uint8_t*& current_code, uint64_t dst, uint32_t value,
+                  uint64_t size);
+
+  bool AllowsAtomicsWait() const;
+  int32_t AtomicNotify(uint64_t effective_index, int32_t val);
+  int32_t I32AtomicWait(uint64_t effective_index, int32_t val, int64_t timeout);
+  int32_t I64AtomicWait(uint64_t effective_index, int64_t val, int64_t timeout);
+
+  bool TableGet(const uint8_t*& current_code, uint32_t table_index,
+                uint32_t entry_index, Handle<Object>* result);
+  void TableSet(const uint8_t*& current_code, uint32_t table_index,
+                uint32_t entry_index, Handle<Object> ref);
+  void TableInit(const uint8_t*& current_code, uint32_t table_index,
+                 uint32_t element_segment_index, uint32_t dst, uint32_t src,
+                 uint32_t size);
+  void TableCopy(const uint8_t*& current_code, uint32_t dst_table_index,
+                 uint32_t src_table_index, uint32_t dst, uint32_t src,
+                 uint32_t size);
+  uint32_t TableGrow(uint32_t table_index, uint32_t delta,
+                     Handle<Object> value);
+  uint32_t TableSize(uint32_t table_index);
+  void TableFill(const uint8_t*& current_code, uint32_t table_index,
+                 uint32_t count, Handle<Object> value, uint32_t start);
+
+  static void UpdateIndirectCallTable(Isolate* isolate,
+                                      Handle<WasmInstanceObject> instance,
+                                      uint32_t table_index);
+  static void ClearIndirectCallCacheEntry(Isolate* isolate,
+                                          Handle<WasmInstanceObject> instance,
+                                          uint32_t table_index,
+                                          uint32_t entry_index);
+
+  static void UpdateMemoryAddress(Handle<WasmInstanceObject> instance);
+
+  inline void DataDrop(uint32_t index);
+  inline void ElemDrop(uint32_t index);
+
+  void UnpackException(uint32_t* sp, const WasmTag& tag,
+                       Handle<Object> exception_object,
+                       uint32_t first_param_slot_index,
+                       uint32_t first_param_ref_stack_index);
+  void ThrowException(const uint8_t*& code, uint32_t* sp, uint32_t tag_index);
+  void RethrowException(const uint8_t*& code, uint32_t* sp,
+                        uint32_t catch_block_index);
+
+  void BeginExecution(WasmInterpreterThread* thread, uint32_t function_index,
+                      Address frame_pointer, uint8_t* interpreter_fp,
+                      uint32_t ref_stack_offset,
+                      const std::vector<WasmValue>* argument_values = nullptr);
+  void ContinueExecution(WasmInterpreterThread* thread, bool called_from_js);
+
+  void ExecuteImportedFunction(const uint8_t*& code, uint32_t func_index,
+                               uint32_t current_stack_size,
+                               uint32_t ref_stack_fp_offset,
+                               uint32_t slot_offset,
+                               uint32_t return_slot_offset);
+
+  void PrepareTailCall(const uint8_t*& code, uint32_t func_index,
+                       uint32_t current_stack_size,
+                       uint32_t return_slot_offset);
+
+  void ExecuteFunction(const uint8_t*& code, uint32_t function_index,
+                       uint32_t current_stack_size,
+                       uint32_t ref_stack_fp_offset, uint32_t slot_offset,
+                       uint32_t return_slot_offset);
+
+  void ExecuteIndirectCall(const uint8_t*& current_code, uint32_t table_index,
+                           uint32_t sig_index, uint32_t entry_index,
+                           uint32_t stack_pos, uint32_t* sp,
+                           uint32_t ref_stack_fp_offset, uint32_t slot_offset,
+                           uint32_t return_slot_offset, bool is_tail_call);
+
+  void ExecuteCallRef(const uint8_t*& current_code, WasmRef func_ref,
+                      uint32_t sig_index, uint32_t stack_pos, uint32_t* sp,
+                      uint32_t ref_stack_fp_offset, uint32_t slot_offset,
+                      uint32_t return_slot_offset, bool is_tail_call);
+
+  const WasmValue& GetReturnValue(size_t index) const {
+    DCHECK_LT(index, function_result_.size());
+    return function_result_[index];
+  }
+
+  inline bool IsRefNull(Handle<Object> ref) const;
+  inline Handle<Object> GetFunctionRef(uint32_t index) const;
+  void StoreWasmRef(uint32_t ref_stack_index, const WasmRef& ref);
+  WasmRef ExtractWasmRef(uint32_t ref_stack_index);
+  void UnwindCurrentStackFrame(uint32_t* sp, uint32_t slot_offset,
+                               uint32_t rets_size, uint32_t args_size,
+                               uint32_t rets_refs, uint32_t args_refs,
+                               uint32_t ref_stack_fp_offset);
+
+  void PrintStack(uint32_t* sp, RegMode reg_mode, int64_t r0, double fp0);
+
+  void SetTrap(TrapReason trap_reason, pc_t trap_pc);
+  void SetTrap(TrapReason trap_reason, const uint8_t*& current_code);
+
+  // GC helpers.
+  Handle<Map> RttCanon(uint32_t type_index) const;
+  std::pair<Handle<WasmStruct>, const StructType*> StructNewUninitialized(
+      uint32_t index) const;
+  std::pair<Handle<WasmArray>, const ArrayType*> ArrayNewUninitialized(
+      uint32_t length, uint32_t array_index) const;
+  WasmRef WasmArrayNewSegment(uint32_t array_index, uint32_t segment_index,
+                              uint32_t offset, uint32_t length);
+  bool WasmArrayInitSegment(uint32_t segment_index, WasmRef wasm_array,
+                            uint32_t array_offset, uint32_t segment_offset,
+                            uint32_t length);
+  bool WasmArrayCopy(WasmRef dest_wasm_array, uint32_t dest_index,
+                     WasmRef src_wasm_array, uint32_t src_index,
+                     uint32_t length);
+  WasmRef WasmJSToWasmObject(WasmRef extern_ref, ValueType value_type,
+                             uint32_t canonical_index) const;
+  WasmRef JSToWasmObject(WasmRef extern_ref, ValueType value_type) const;
+  WasmRef WasmToJSObject(WasmRef ref) const;
+
+  inline const ArrayType* GetArrayType(uint32_t array_index) const;
+  inline WasmRef GetWasmArrayRefElement(Tagged<WasmArray> array,
+                                        uint32_t index) const;
+  bool SubtypeCheck(const WasmRef obj, const ValueType obj_type,
+                    const Handle<Map> rtt, const ValueType rtt_type,
+                    bool null_succeeds) const;
+  bool RefIsEq(const WasmRef obj, const ValueType obj_type,
+               bool null_succeeds) const;
+  bool RefIsI31(const WasmRef obj, const ValueType obj_type,
+                bool null_succeeds) const;
+  bool RefIsStruct(const WasmRef obj, const ValueType obj_type,
+                   bool null_succeeds) const;
+  bool RefIsArray(const WasmRef obj, const ValueType obj_type,
+                  bool null_succeeds) const;
+  bool RefIsString(const WasmRef obj, const ValueType obj_type,
+                   bool null_succeeds) const;
+  inline bool IsNullTypecheck(const WasmRef obj,
+                              const ValueType obj_type) const;
+  inline static bool IsNull(Isolate* isolate, const WasmRef obj,
+                            const ValueType obj_type);
+  inline Tagged<Object> GetNullValue(const ValueType obj_type) const;
+
+  static int memory_start_offset();
+  static int instruction_table_offset();
+
+  size_t TotalBytecodeSize() const { return codemap_->TotalBytecodeSize(); }
+
+  void ResetCurrentHandleScope();
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  void Trace(const char* format, ...);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // Stored in WasmExportedFunctionData::packed_args_size; used by
+  // JSToWasmInterpreterWrapper and WasmToJSInterpreterWrapper builtins.
+  // Note that the max size of the packed array of args is 16000, which fits
+  // into 14 bits (kV8MaxWasmFunctionParams == 1000).
+  static_assert(sizeof(Simd128) * kV8MaxWasmFunctionParams < (1 << 14));
+  using PackedArgsSizeField = base::BitField<uint32_t, 0, 14>;
+  using HasRefArgsField = base::BitField<bool, 14, 1>;
+  using HasRefRetsField = base::BitField<bool, 15, 1>;
+
+ private:
+  ExternalCallResult CallImportedFunction(const uint8_t*& current_code,
+                                          uint32_t function_index, uint32_t* sp,
+                                          uint32_t current_stack_size,
+                                          uint32_t ref_stack_fp_index,
+                                          uint32_t current_slot_offset);
+  void PurgeIndirectCallCache(uint32_t table_index);
+
+  ExternalCallResult CallExternalJSFunction(const uint8_t*& current_code,
+                                            const WasmModule* module,
+                                            Handle<Object> object_ref,
+                                            const FunctionSig* sig,
+                                            uint32_t* sp,
+                                            uint32_t current_stack_slot);
+
+  inline Address EffectiveAddress(uint64_t index) const;
+
+  // Checks if [index, index+size) is in range [0, WasmMemSize), where
+  // WasmMemSize is the size of the Memory object associated to
+  // {instance_object_}. (Notice that only a single memory is supported).
+  // If not in range, {size} is clamped to its valid range.
+  // It in range, out_address contains the (virtual memory) address of the
+  // {index}th memory location in the Wasm memory.
+  inline bool BoundsCheckMemRange(uint64_t index, uint64_t* size,
+                                  Address* out_address) const;
+
+  void InitGlobalAddressCache();
+  inline void InitMemoryAddresses();
+  void InitIndirectFunctionTables();
+  bool CheckIndirectCallSignature(uint32_t table_index, uint32_t entry_index,
+                                  uint32_t sig_index) const;
+
+  void EnsureRefStackSpace(size_t new_size);
+  void ClearRefStackValues(size_t index, size_t count);
+
+  void StoreRefArgsIntoStackSlots(uint8_t* sp, uint32_t ref_stack_fp_index,
+                                  const FunctionSig* sig);
+  void StoreRefResultsIntoRefStack(uint8_t* sp, uint32_t ref_stack_fp_index,
+                                   const FunctionSig* sig);
+
+  WasmInterpreterThread::ExceptionHandlingResult HandleException(
+      uint32_t* sp, const uint8_t*& current_code);
+  bool MatchingExceptionTag(Handle<Object> exception_object,
+                            uint32_t index) const;
+
+  bool SubtypeCheck(Tagged<Map> rtt, Tagged<Map> formal_rtt,
+                    uint32_t type_index) const;
+
+  WasmInterpreterThread* thread() const {
+    DCHECK_NOT_NULL(current_thread_);
+    return current_thread_;
+  }
+  WasmInterpreterThread::State state() const { return thread()->state(); }
+
+  void CallWasmToJSBuiltin(Isolate* isolate, Handle<Object> object_ref,
+                           Address packed_args, const FunctionSig* sig);
+
+  inline Handle<WasmTrustedInstanceData> wasm_trusted_instance_data() const;
+
+  Isolate* isolate_;
+  const WasmModule* module_;
+  Handle<WasmInstanceObject> instance_object_;
+  WasmInterpreter::CodeMap* codemap_;
+
+  uint32_t start_function_index_;
+  FrameState current_frame_;
+  std::vector<WasmValue> function_result_;
+
+  int trap_function_index_;
+  pc_t trap_pc_;
+
+  // References are kept on an on-heap stack. It would not be any good to store
+  // reference object pointers into stack slots because the pointers obviously
+  // could be invalidated if the object moves in a GC. Furthermore we need to
+  // make sure that the reference objects in the Wasm stack are marked as alive
+  // for GC. This is why in each Wasm thread we instantiate a FixedArray that
+  // contains all the reference objects present in the execution stack.
+  // Only while calling JS functions or Wasm functions in a separate instance we
+  // need to store temporarily the reference objects pointers into stack slots,
+  // and in this case we need to make sure to temporarily disallow GC and avoid
+  // object allocation while the reference arguments are being passed to the
+  // callee and while the reference return values are being passed back to the
+  // caller.
+  Handle<FixedArray> reference_stack_;
+  size_t current_ref_stack_size_;
+
+  WasmInterpreterThread* current_thread_;
+
+  uint8_t* memory_start_;
+
+#ifdef __clang__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wunused-private-field"
+#endif  // __clang__
+  PWasmOp* const* instruction_table_;
+#ifdef __clang__
+#pragma clang diagnostic pop
+#endif  // __clang__
+
+  std::vector<uint8_t*> global_addresses_;
+
+  struct IndirectCallValue {
+    enum class Mode { kInvalid, kInternalCall, kExternalCall };
+
+    static const uint32_t kInlineSignatureSentinel = UINT_MAX;
+    static const uint32_t kInvalidFunctionIndex = UINT_MAX;
+
+    IndirectCallValue()
+        : mode(Mode::kInvalid),
+          func_index(kInvalidFunctionIndex),
+          sig_index(kInlineSignatureSentinel),
+          signature(nullptr) {}
+    IndirectCallValue(uint32_t func_index_, uint32_t sig_index)
+        : mode(Mode::kInternalCall),
+          func_index(func_index_),
+          sig_index(sig_index),
+          signature(nullptr) {}
+    IndirectCallValue(const FunctionSig* signature_, uint32_t sig_index)
+        : mode(Mode::kExternalCall),
+          func_index(kInvalidFunctionIndex),
+          sig_index(sig_index),
+          signature(signature_) {}
+
+    operator bool() const { return mode != Mode::kInvalid; }
+
+    Mode mode;
+    uint32_t func_index;
+    uint32_t sig_index;
+    const FunctionSig* signature;
+  };
+  typedef std::vector<IndirectCallValue> IndirectCallTable;
+  std::vector<IndirectCallTable> indirect_call_tables_;
+
+  using WasmToJSCallSig =
+      // NOLINTNEXTLINE(readability/casting)
+      Address(Address js_function, Address packed_args,
+              Address saved_c_entry_fp, const FunctionSig* sig,
+              Address c_entry_fp, Address callable);
+  GeneratedCode<WasmToJSCallSig> generic_wasm_to_js_interpreter_wrapper_fn_;
+
+ public:
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  void TracePop() { shadow_stack_->TracePop(); }
+
+  size_t TracePush(ValueKind kind, uint32_t slot_offset) {
+    switch (kind) {
+      case kI32:
+        return TracePush<int32_t>(slot_offset);
+      case kI64:
+        return TracePush<int64_t>(slot_offset);
+      case kF32:
+        return TracePush<float>(slot_offset);
+      case kF64:
+        return TracePush<double>(slot_offset);
+      case kS128:
+        return TracePush<Simd128>(slot_offset);
+      case kRef:
+      case kRefNull:
+        return TracePush<WasmRef>(slot_offset);
+      default:
+        UNREACHABLE();
+    }
+  }
+  template <typename T>
+  size_t TracePush(uint32_t slot_offset) {
+    shadow_stack_->TracePush<T>(slot_offset);
+    return sizeof(T);
+  }
+
+  void TracePushCopy(uint32_t from_index) {
+    shadow_stack_->TracePushCopy(from_index);
+  }
+
+  void TraceUpdate(uint32_t stack_index, uint32_t slot_offset) {
+    shadow_stack_->TraceUpdate(stack_index, slot_offset);
+  }
+
+  void TraceSetSlotType(uint32_t stack_index, uint32_t type) {
+    shadow_stack_->TraceSetSlotType(stack_index, type);
+  }
+
+  // Used to redirect tracing output from {stdout} to a file.
+  InterpreterTracer* GetTracer();
+
+  std::unique_ptr<InterpreterTracer> tracer_;
+  ShadowStack* shadow_stack_;
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  WasmInterpreterRuntime(const WasmInterpreterRuntime&) = delete;
+  WasmInterpreterRuntime& operator=(const WasmInterpreterRuntime&) = delete;
+};
+
+class V8_EXPORT_PRIVATE InterpreterHandle {
+ public:
+  static constexpr ExternalPointerTag kManagedTag = kGenericManagedTag;
+
+  InterpreterHandle(Isolate* isolate, Handle<Tuple2> interpreter_object);
+
+  WasmInterpreter* interpreter() { return &interpreter_; }
+  const WasmModule* module() const { return module_; }
+
+  // Returns true if exited regularly, false if a trap/exception occurred and
+  // was not handled inside this activation. In the latter case, a pending
+  // exception will have been set on the isolate.
+  bool Execute(WasmInterpreterThread* thread, Address frame_pointer,
+               uint32_t func_index,
+               const std::vector<WasmValue>& argument_values,
+               std::vector<WasmValue>& return_values);
+  bool Execute(WasmInterpreterThread* thread, Address frame_pointer,
+               uint32_t func_index, uint8_t* interpreter_fp);
+
+  inline WasmInterpreterThread::State ContinueExecution(
+      WasmInterpreterThread* thread, bool called_from_js);
+
+  Handle<WasmInstanceObject> GetInstanceObject();
+
+  std::vector<WasmInterpreterStackEntry> GetInterpretedStack(
+      Address frame_pointer);
+
+  int GetFunctionIndex(Address frame_pointer, int index) const;
+
+  void SetTrapFunctionIndex(int32_t func_index);
+
+ private:
+  InterpreterHandle(const InterpreterHandle&) = delete;
+  InterpreterHandle& operator=(const InterpreterHandle&) = delete;
+
+  static ModuleWireBytes GetBytes(Tagged<Tuple2> interpreter_object);
+
+  inline WasmInterpreterThread::State RunExecutionLoop(
+      WasmInterpreterThread* thread, bool called_from_js);
+
+  Isolate* isolate_;
+  const WasmModule* module_;
+  WasmInterpreter interpreter_;
+};
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_RUNTIME_H_
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter-simd.cc b/deps/v8/src/wasm/interpreter/wasm-interpreter-simd.cc
new file mode 100644
index 00000000000000..f797c08b8d9946
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter-simd.cc
@@ -0,0 +1,361 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/wasm/decoder.h"
+#include "src/wasm/function-body-decoder-impl.h"
+#include "src/wasm/interpreter/wasm-interpreter-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter.h"
+#include "src/wasm/wasm-opcodes-inl.h"
+
+namespace v8 {
+namespace internal {
+namespace wasm {
+
+constexpr Decoder::NoValidationTag kNoValidate;
+
+bool WasmBytecodeGenerator::DecodeSimdOp(WasmOpcode opcode,
+                                         WasmInstruction::Optional* optional,
+                                         Decoder* decoder,
+                                         InterpreterCode* code, pc_t pc,
+                                         int* const len) {
+  static const bool kIsReservedSimdOpcode[256] = {
+      // simdop  Instruction                   Immediate operands
+      // --------------------------------------------------------
+      false,  // 0x00    v128.load                     m:memarg
+      false,  // 0x01    v128.load8x8_s                m:memarg
+      false,  // 0x02    v128.load8x8_u                m:memarg
+      false,  // 0x03    v128.load16x4_s               m:memarg
+      false,  // 0x04    v128.load16x4_u               m:memarg
+      false,  // 0x05    v128.load32x2_s               m:memarg
+      false,  // 0x06    v128.load32x2_u               m:memarg
+      false,  // 0x07    v128.load8_splat              m:memarg
+      false,  // 0x08    v128.load16_splat             m:memarg
+      false,  // 0x09    v128.load32_splat             m:memarg
+      false,  // 0x0a    v128.load64_splat             m:memarg
+      false,  // 0x0b    v128.store                    m:memarg
+      false,  // 0x0c    v128.const                    i:ImmByte[16]
+      false,  // 0x0d    i8x16.shuffle                 s:ImmLaneIdx32[16]
+      false,  // 0x0e    i8x16.swizzle                 -
+      false,  // 0x0f    i8x16.splat                   -
+      false,  // 0x10    i16x8.splat                   -
+      false,  // 0x11    i32x4.splat                   -
+      false,  // 0x12    i64x2.splat                   -
+      false,  // 0x13    f32x4.splat                   -
+      false,  // 0x14    f64x2.splat                   -
+      false,  // 0x15    i8x16.extract_lane_s          i:ImmLaneIdx16
+      false,  // 0x16    i8x16.extract_lane_u          i:ImmLaneIdx16
+      false,  // 0x17    i8x16.replace_lane            i:ImmLaneIdx16
+      false,  // 0x18    i16x8.extract_lane_s          i:ImmLaneIdx8
+      false,  // 0x19    i16x8.extract_lane_u          i:ImmLaneIdx8
+      false,  // 0x1a    i16x8.replace_lane            i:ImmLaneIdx8
+      false,  // 0x1b    i32x4.extract_lane            i:ImmLaneIdx4
+      false,  // 0x1c    i32x4.replace_lane            i:ImmLaneIdx4
+      false,  // 0x1d    i64x2.extract_lane            i:ImmLaneIdx2
+      false,  // 0x1e    i64x2.replace_lane            i:ImmLaneIdx2
+      false,  // 0x1f    f32x4.extract_lane            i:ImmLaneIdx4
+      false,  // 0x20    f32x4.replace_lane            i:ImmLaneIdx4
+      false,  // 0x21    f64x2.extract_lane            i:ImmLaneIdx2
+      false,  // 0x22    f64x2.replace_lane            i:ImmLaneIdx2
+      false,  // 0x23    i8x16.eq                      -
+      false,  // 0x24    i8x16.ne                      -
+      false,  // 0x25    i8x16.lt_s                    -
+      false,  // 0x26    i8x16.lt_u                    -
+      false,  // 0x27    i8x16.gt_s                    -
+      false,  // 0x28    i8x16.gt_u                    -
+      false,  // 0x29    i8x16.le_s                    -
+      false,  // 0x2a    i8x16.le_u                    -
+      false,  // 0x2b    i8x16.ge_s                    -
+      false,  // 0x2c    i8x16.ge_u                    -
+      false,  // 0x2d    i16x8.eq                      -
+      false,  // 0x2e    i16x8.ne                      -
+      false,  // 0x2f    i16x8.lt_s                    -
+      false,  // 0x30    i16x8.lt_u                    -
+      false,  // 0x31    i16x8.gt_s                    -
+      false,  // 0x32    i16x8.gt_u                    -
+      false,  // 0x33    i16x8.le_s                    -
+      false,  // 0x34    i16x8.le_u                    -
+      false,  // 0x35    i16x8.ge_s                    -
+      false,  // 0x36    i16x8.ge_u                    -
+      false,  // 0x37    i32x4.eq                      -
+      false,  // 0x38    i32x4.ne                      -
+      false,  // 0x39    i32x4.lt_s                    -
+      false,  // 0x3a    i32x4.lt_u                    -
+      false,  // 0x3b    i32x4.gt_s                    -
+      false,  // 0x3c    i32x4.gt_u                    -
+      false,  // 0x3d    i32x4.le_s                    -
+      false,  // 0x3e    i32x4.le_u                    -
+      false,  // 0x3f    i32x4.ge_s                    -
+      false,  // 0x40    i32x4.ge_u                    -
+      false,  // 0x41    f32x4.eq                      -
+      false,  // 0x42    f32x4.ne                      -
+      false,  // 0x43    f32x4.lt                      -
+      false,  // 0x44    f32x4.gt                      -
+      false,  // 0x45    f32x4.le                      -
+      false,  // 0x46    f32x4.ge                      -
+      false,  // 0x47    f64x2.eq                      -
+      false,  // 0x48    f64x2.ne                      -
+      false,  // 0x49    f64x2.lt                      -
+      false,  // 0x4a    f64x2.gt                      -
+      false,  // 0x4b    f64x2.le                      -
+      false,  // 0x4c    f64x2.ge                      -
+      false,  // 0x4d    v128.not                      -
+      false,  // 0x4e    v128.and                      -
+      false,  // 0x4f    v128.andnot                   -
+      false,  // 0x50    v128.or                       -
+      false,  // 0x51    v128.xor                      -
+      false,  // 0x52    v128.bitselect                -
+      false,  // 0x53    v128.any_true                 -
+      false,  // 0x54    v128.load8_lane               m:memarg, i:ImmLaneIdx16
+      false,  // 0x55    v128.load16_lane              m:memarg, i:ImmLaneIdx8
+      false,  // 0x56    v128.load32_lane              m:memarg, i:ImmLaneIdx4
+      false,  // 0x57    v128.load64_lane              m:memarg, i:ImmLaneIdx2
+      false,  // 0x58    v128.store8_lane              m:memarg, i:ImmLaneIdx16
+      false,  // 0x59    v128.store16_lane             m:memarg, i:ImmLaneIdx8
+      false,  // 0x5a    v128.store32_lane             m:memarg, i:ImmLaneIdx4
+      false,  // 0x5b    v128.store64_lane             m:memarg, i:ImmLaneIdx2
+      false,  // 0x5c    v128.load32_zero              m:memarg
+      false,  // 0x5d    v128.load64_zero              m:memarg
+      false,  // 0x5e    f32x4.demote_f64x2_zero       -
+      false,  // 0x5f    f64x2.promote_low_f32x4       -
+      false,  // 0x60    i8x16.abs                     -
+      false,  // 0x61    i8x16.neg                     -
+      false,  // 0x62    i8x16.popcnt                  -
+      false,  // 0x63    i8x16.all_true                -
+      false,  // 0x64    i8x16.bitmask                 -
+      false,  // 0x65    i8x16.narrow_i16x8_s          -
+      false,  // 0x66    i8x16.narrow_i16x8_u          -
+      false,  // 0x67    f32x4.ceil                    -
+      false,  // 0x68    f32x4.floor                   -
+      false,  // 0x69    f32x4.trunc                   -
+      false,  // 0x6a    f32x4.nearest                 -
+      false,  // 0x6b    i8x16.shl                     -
+      false,  // 0x6c    i8x16.shr_s                   -
+      false,  // 0x6d    i8x16.shr_u                   -
+      false,  // 0x6e    i8x16.add                     -
+      false,  // 0x6f    i8x16.add_sat_s               -
+      false,  // 0x70    i8x16.add_sat_u               -
+      false,  // 0x71    i8x16.sub                     -
+      false,  // 0x72    i8x16.sub_sat_s               -
+      false,  // 0x73    i8x16.sub_sat_u               -
+      false,  // 0x74    f64x2.ceil                    -
+      false,  // 0x75    f64x2.floor                   -
+      false,  // 0x76    i8x16.min_s                   -
+      false,  // 0x77    i8x16.min_u                   -
+      false,  // 0x78    i8x16.max_s                   -
+      false,  // 0x79    i8x16.max_u                   -
+      false,  // 0x7a    f64x2.trunc                   -
+      false,  // 0x7b    i8x16.avgr_u                  -
+      false,  // 0x7c    i16x8.extadd_pairwise_i8x16_s -
+      false,  // 0x7d    i16x8.extadd_pairwise_i8x16_u -
+      false,  // 0x7e    i32x4.extadd_pairwise_i16x8_s -
+      false,  // 0x7f    i32x4.extadd_pairwise_i16x8_u -
+      false,  // 0x80    i16x8.abs                     -
+      false,  // 0x81    i16x8.neg                     -
+      false,  // 0x82    i16x8.q15mulr_sat_s           -
+      false,  // 0x83    i16x8.all_true                -
+      false,  // 0x84    i16x8.bitmask                 -
+      false,  // 0x85    i16x8.narrow_i32x4_s          -
+      false,  // 0x86    i16x8.narrow_i32x4_u          -
+      false,  // 0x87    i16x8.extend_low_i8x16_s      -
+      false,  // 0x88    i16x8.extend_high_i8x16_s     -
+      false,  // 0x89    i16x8.extend_low_i8x16_u      -
+      false,  // 0x8a    i16x8.extend_high_i8x16_u     -
+      false,  // 0x8b    i16x8.shl                     -
+      false,  // 0x8c    i16x8.shr_s                   -
+      false,  // 0x8d    i16x8.shr_u                   -
+      false,  // 0x8e    i16x8.add                     -
+      false,  // 0x8f    i16x8.add_sat_s               -
+      false,  // 0x90    i16x8.add_sat_u               -
+      false,  // 0x91    i16x8.sub                     -
+      false,  // 0x92    i16x8.sub_sat_s               -
+      false,  // 0x93    i16x8.sub_sat_u               -
+      false,  // 0x94    f64x2.nearest                 -
+      false,  // 0x95    i16x8.mul                     -
+      false,  // 0x96    i16x8.min_s                   -
+      false,  // 0x97    i16x8.min_u                   -
+      false,  // 0x98    i16x8.max_s                   -
+      false,  // 0x99    i16x8.max_u                   -
+      true,   // 0x9a    (reserved)
+      false,  // 0x9b    i16x8.avgr_u                  -
+      false,  // 0x9c    i16x8.extmul_low_i8x16_s      -
+      false,  // 0x9d    i16x8.extmul_high_i8x16_s     -
+      false,  // 0x9e    i16x8.extmul_low_i8x16_u      -
+      false,  // 0x9f    i16x8.extmul_high_i8x16_u     -
+      false,  // 0xa0    i32x4.abs                     -
+      false,  // 0xa1    i32x4.neg                     -
+      true,   // 0xa2    (reserved)
+      false,  // 0xa3    i32x4.all_true                -
+      false,  // 0xa4    i32x4.bitmask                 -
+      true,   // 0xa5    (reserved)
+      true,   // 0xa6    (reserved)
+      false,  // 0xa7    i32x4.extend_low_i16x8_s      -
+      false,  // 0xa8    i32x4.extend_high_i16x8_s     -
+      false,  // 0xa9    i32x4.extend_low_i16x8_u      -
+      false,  // 0xaa    i32x4.extend_high_i16x8_u     -
+      false,  // 0xab    i32x4.shl                     -
+      false,  // 0xac    i32x4.shr_s                   -
+      false,  // 0xad    i32x4.shr_u                   -
+      false,  // 0xae    i32x4.add                     -
+      true,   // 0xaf    (reserved)
+      true,   // 0xb0    (reserved)
+      false,  // 0xb1    i32x4.sub                     -
+      true,   // 0xb2    (reserved)
+      true,   // 0xb3    (reserved)
+      true,   // 0xb4    (reserved)
+      false,  // 0xb5    i32x4.mul                     -
+      false,  // 0xb6    i32x4.min_s                   -
+      false,  // 0xb7    i32x4.min_u                   -
+      false,  // 0xb8    i32x4.max_s                   -
+      false,  // 0xb9    i32x4.max_u                   -
+      false,  // 0xba    i32x4.dot_i16x8_s             -
+      true,   // 0xbb    (reserved)
+      false,  // 0xbc    i32x4.extmul_low_i16x8_s      -
+      false,  // 0xbd    i32x4.extmul_high_i16x8_s     -
+      false,  // 0xbe    i32x4.extmul_low_i16x8_u      -
+      false,  // 0xbf    i32x4.extmul_high_i16x8_u     -
+      false,  // 0xc0    i64x2.abs                     -
+      false,  // 0xc1    i64x2.neg                     -
+      true,   // 0xc2    (reserved)
+      false,  // 0xc3    i64x2.all_true                -
+      false,  // 0xc4    i64x2.bitmask                 -
+      true,   // 0xc5    (reserved)
+      true,   // 0xc6    (reserved)
+      false,  // 0xc7    i64x2.extend_low_i32x4_s      -
+      false,  // 0xc8    i64x2.extend_high_i32x4_s     -
+      false,  // 0xc9    i64x2.extend_low_i32x4_u      -
+      false,  // 0xca    i64x2.extend_high_i32x4_u     -
+      false,  // 0xcb    i64x2.shl                     -
+      false,  // 0xcc    i64x2.shr_s                   -
+      false,  // 0xcd    i64x2.shr_u                   -
+      false,  // 0xce    i64x2.add                     -
+      true,   // 0xcf    (reserved)
+      true,   // 0xd0    (reserved)
+      false,  // 0xd1    i64x2.sub                     -
+      true,   // 0xd2    (reserved)
+      true,   // 0xd3    (reserved)
+      true,   // 0xd4    (reserved)
+      false,  // 0xd5    i64x2.mul                     -
+      false,  // 0xd6    i64x2.eq                      -
+      false,  // 0xd7    i64x2.ne                      -
+      false,  // 0xd8    i64x2.lt_s                    -
+      false,  // 0xd9    i64x2.gt_s                    -
+      false,  // 0xda    i64x2.le_s                    -
+      false,  // 0xdb    i64x2.ge_s                    -
+      false,  // 0xdc    i64x2.extmul_low_i32x4_s      -
+      false,  // 0xdd    i64x2.extmul_high_i32x4_s     -
+      false,  // 0xde    i64x2.extmul_low_i32x4_u      -
+      false,  // 0xdf    i64x2.extmul_high_i32x4_u     -
+      false,  // 0xe0    f32x4.abs                     -
+      false,  // 0xe1    f32x4.neg                     -
+      true,   // 0xe2    (reserved)
+      false,  // 0xe3    f32x4.sqrt                    -
+      false,  // 0xe4    f32x4.add                     -
+      false,  // 0xe5    f32x4.sub                     -
+      false,  // 0xe6    f32x4.mul                     -
+      false,  // 0xe7    f32x4.div                     -
+      false,  // 0xe8    f32x4.min                     -
+      false,  // 0xe9    f32x4.max                     -
+      false,  // 0xea    f32x4.pmin                    -
+      false,  // 0xeb    f32x4.pmax                    -
+      false,  // 0xec    f64x2.abs                     -
+      false,  // 0xed    f64x2.neg                     -
+      false,  // 0xef    f64x2.sqrt                    -
+      false,  // 0xf0    f64x2.add                     -
+      false,  // 0xf1    f64x2.sub                     -
+      false,  // 0xf2    f64x2.mul                     -
+      false,  // 0xf3    f64x2.div                     -
+      false,  // 0xf4    f64x2.min                     -
+      false,  // 0xf5    f64x2.max                     -
+      false,  // 0xf6    f64x2.pmin                    -
+      false,  // 0xf7    f64x2.pmax                    -
+      false,  // 0xf8    i32x4.trunc_sat_f32x4_s       -
+      false,  // 0xf9    i32x4.trunc_sat_f32x4_u       -
+      false,  // 0xfa    f32x4.convert_i32x4_s         -
+      false,  // 0xfb    f32x4.convert_i32x4_u         -
+      false,  // 0xfc    i32x4.trunc_sat_f64x2_s_zero  -
+      false,  // 0xfd    i32x4.trunc_sat_f64x2_u_zero  -
+      false,  // 0xfe    f64x2.convert_low_i32x4_s     -
+      false   // 0xff    f64x2.convert_low_i32x4_u     -
+  };
+
+  if ((opcode >= kExprS128LoadMem && opcode <= kExprS128StoreMem) ||
+      opcode == kExprS128Load32Zero || opcode == kExprS128Load64Zero) {
+    MemoryAccessImmediate imm(decoder, code->at(pc + *len), 64, IsMemory64(),
+                              Decoder::kNoValidation);
+    optional->offset = imm.offset;
+    *len += imm.length;
+  } else if (opcode == kExprS128Const) {
+    Simd128Immediate imm(decoder, code->at(pc + *len), kNoValidate);
+    optional->simd_immediate_index = simd_immediates_.size();
+    simd_immediates_.push_back(
+        Simd128(imm.value));  // TODO(paolosev@microsoft.com): avoid duplicates?
+    *len += 16;
+  } else if (opcode == kExprI8x16Shuffle) {
+    Simd128Immediate imm(decoder, code->at(pc + *len), kNoValidate);
+    optional->simd_immediate_index = simd_immediates_.size();
+    simd_immediates_.push_back(
+        Simd128(imm.value));  // TODO(paolosev@microsoft.com): avoid duplicates?
+    *len += 16;
+  } else if ((opcode >= kExprI8x16ExtractLaneS) &&
+             (opcode <= kExprF64x2ReplaceLane)) {
+    SimdLaneImmediate imm(decoder, code->at(pc + *len), kNoValidate);
+    if (imm.lane >= kSimd128Size) {
+      return false;
+    }
+    optional->simd_lane = imm.lane;
+    *len += 1;
+  } else if ((opcode >= kExprS128Load8Lane) &&
+             (opcode <= kExprS128Store64Lane)) {
+    MemoryAccessImmediate mem_imm(decoder, code->at(pc + *len), 64,
+                                  IsMemory64(), Decoder::kNoValidation);
+    if (mem_imm.offset >= ((uint64_t)1 << 48)) {
+      return false;
+    }
+    *len += mem_imm.length;
+
+    SimdLaneImmediate lane_imm(decoder, code->at(pc + *len), kNoValidate);
+    if (lane_imm.lane >= kSimd128Size) {
+      return false;
+    }
+
+    optional->simd_loadstore_lane.offset = mem_imm.offset;
+    optional->simd_loadstore_lane.lane = lane_imm.lane;
+    *len += lane_imm.length;
+  } else if (WasmOpcodes::IsRelaxedSimdOpcode(opcode)) {
+    // Relaxed SIMD opcodes:
+    // 0x100   i8x16.relaxed_swizzle         -
+    // 0x101   i32x4.relaxed_trunc_f32x4_s   -
+    // 0x102   i32x4.relaxed_trunc_f32x4_u   -
+    // 0x103   i32x4.relaxed_trunc_f64x2_s_zero -
+    // 0x104   i32x4.relaxed_trunc_f64x2_u_zero -
+    // 0x105   f32x4.relaxed_madd            -
+    // 0x106   f32x4.relaxed_nmadd           -
+    // 0x107   f64x2.relaxed_madd            -
+    // 0x108   f64x2.relaxed_nmadd           -
+    // 0x109   i8x16.relaxed_laneselect      -
+    // 0x10a   i16x8.relaxed_laneselect      -
+    // 0x10b   i32x4.relaxed_laneselect      -
+    // 0x10c   i64x2.relaxed_laneselect      -
+    // 0x10d   f32x4.relaxed_min             -
+    // 0x10e   f32x4.relaxed_max             -
+    // 0x10f   f64x2.relaxed_min             -
+    // 0x110   f64x2.relaxed_max             -
+    // 0x111   i16x8.relaxed_q15mulr_s       -
+    // 0x112   i16x8.relaxed_dot_i8x16_i7x16_s -
+    // 0x113   i32x4.relaxed_dot_i8x16_i7x16_add_s -
+    return opcode <= 0xfd113;
+    // Handle relaxed SIMD opcodes (in [0xfd100, 0xfd1ff]).
+  } else if (opcode >= 0xfd200 || kIsReservedSimdOpcode[opcode & 0xff]) {
+    FATAL("Unknown or unimplemented opcode #%d:%s", code->start[pc],
+          WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(code->start[pc])));
+    UNREACHABLE();
+  } else {
+    // No immediate operands.
+  }
+  return true;
+}
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter.cc b/deps/v8/src/wasm/interpreter/wasm-interpreter.cc
new file mode 100644
index 00000000000000..933660b11aa3ef
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter.cc
@@ -0,0 +1,11408 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/wasm/interpreter/wasm-interpreter.h"
+
+#include <atomic>
+#include <limits>
+#include <optional>
+#include <type_traits>
+
+#include "include/v8-metrics.h"
+#include "src/base/overflowing-math.h"
+#include "src/builtins/builtins.h"
+#include "src/handles/global-handles-inl.h"
+#include "src/snapshot/embedded/embedded-data-inl.h"
+#include "src/wasm/decoder.h"
+#include "src/wasm/function-body-decoder-impl.h"
+#include "src/wasm/interpreter/wasm-interpreter-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime-inl.h"
+#include "src/wasm/object-access.h"
+#include "src/wasm/wasm-objects-inl.h"
+#include "src/wasm/wasm-opcodes-inl.h"
+
+namespace v8 {
+namespace internal {
+namespace wasm {
+
+#define EMIT_INSTR_HANDLER(name) EmitFnId(k_##name);
+#define EMIT_INSTR_HANDLER_WITH_PC(name, pc) EmitFnId(k_##name, pc);
+
+static auto ReadI16 = Read<int16_t>;
+static auto ReadI32 = Read<int32_t>;
+
+WasmInterpreter::CodeMap::CodeMap(Isolate* isolate, const WasmModule* module,
+                                  const uint8_t* module_start, Zone* zone)
+    : zone_(zone),
+      isolate_(isolate),
+      module_(module),
+      interpreter_code_(zone),
+      bytecode_generation_time_(),
+      generated_code_size_(0) {
+  if (module == nullptr) return;
+  interpreter_code_.reserve(module->functions.size());
+  for (const WasmFunction& function : module->functions) {
+    if (function.imported) {
+      DCHECK(!function.code.is_set());
+      AddFunction(&function, nullptr, nullptr);
+    } else {
+      AddFunction(&function, module_start + function.code.offset(),
+                  module_start + function.code.end_offset());
+    }
+  }
+}
+
+void WasmInterpreter::CodeMap::SetFunctionCode(const WasmFunction* function,
+                                               const uint8_t* start,
+                                               const uint8_t* end) {
+  DCHECK_LT(function->func_index, interpreter_code_.size());
+  InterpreterCode* code = &interpreter_code_[function->func_index];
+  DCHECK_EQ(function, code->function);
+  code->start = const_cast<uint8_t*>(start);
+  code->end = const_cast<uint8_t*>(end);
+  Preprocess(function->func_index);
+}
+
+void WasmInterpreter::CodeMap::Preprocess(uint32_t function_index) {
+  InterpreterCode* code = &interpreter_code_[function_index];
+  DCHECK_EQ(code->function->imported, code->start == nullptr);
+  DCHECK(!code->bytecode && code->start);
+
+  base::TimeTicks start_time = base::TimeTicks::Now();
+
+  // Compute the control targets map and the local declarations.
+  BytecodeIterator it(code->start, code->end, &code->locals, zone_);
+
+  WasmBytecodeGenerator bytecode_generator(function_index, code, module_);
+  code->bytecode = bytecode_generator.GenerateBytecode();
+
+  // Generate histogram sample to measure the time spent generating the
+  // bytecode. Reuse the WasmCompileModuleMicroSeconds.wasm that is currently
+  // obsolete.
+  if (base::TimeTicks::IsHighResolution()) {
+    base::TimeDelta duration = base::TimeTicks::Now() - start_time;
+    bytecode_generation_time_ += duration;
+    int bytecode_generation_time_usecs =
+        static_cast<int>(bytecode_generation_time_.InMicroseconds());
+
+    // TODO(paolosev@microsoft.com) Do not add a sample for each function!
+    isolate_->counters()->wasm_compile_wasm_module_time()->AddSample(
+        bytecode_generation_time_usecs);
+  }
+
+  // Generate histogram sample to measure the bytecode size. Reuse the
+  // V8.WasmModuleCodeSizeMiB (see {NativeModule::SampleCodeSize}).
+  int prev_code_size_mb = generated_code_size_ == 0
+                              ? -1
+                              : static_cast<int>(generated_code_size_ / MB);
+  generated_code_size_.fetch_add(code->bytecode->GetCodeSize());
+  int code_size_mb = static_cast<int>(generated_code_size_ / MB);
+  if (prev_code_size_mb < code_size_mb) {
+    Histogram* histogram = isolate_->counters()->wasm_module_code_size_mb();
+    histogram->AddSample(code_size_mb);
+  }
+}
+
+// static
+WasmInterpreterThreadMap* WasmInterpreterThread::thread_interpreter_map_s =
+    nullptr;
+
+WasmInterpreterThread* WasmInterpreterThreadMap::GetCurrentInterpreterThread(
+    Isolate* isolate) {
+  const int current_thread_id = ThreadId::Current().ToInteger();
+  {
+    base::MutexGuard guard(&mutex_);
+
+    auto it = map_.find(current_thread_id);
+    if (it == map_.end()) {
+      map_[current_thread_id] =
+          std::make_unique<WasmInterpreterThread>(isolate);
+      it = map_.find(current_thread_id);
+    }
+    return it->second.get();
+  }
+}
+
+void WasmInterpreterThreadMap::NotifyIsolateDisposal(Isolate* isolate) {
+  base::MutexGuard guard(&mutex_);
+
+  auto it = map_.begin();
+  while (it != map_.end()) {
+    WasmInterpreterThread* thread = it->second.get();
+    if (thread->GetIsolate() == isolate) {
+      thread->TerminateExecutionTimers();
+      it = map_.erase(it);
+    } else {
+      ++it;
+    }
+  }
+}
+
+void FrameState::SetCaughtException(Isolate* isolate,
+                                    uint32_t catch_block_index,
+                                    Handle<Object> exception) {
+  if (caught_exceptions_.is_null()) {
+    DCHECK_NOT_NULL(current_function_);
+    uint32_t blocks_count = current_function_->GetBlocksCount();
+    Handle<FixedArray> caught_exceptions =
+        isolate->factory()->NewFixedArrayWithHoles(blocks_count);
+    caught_exceptions_ = isolate->global_handles()->Create(*caught_exceptions);
+  }
+  caught_exceptions_->set(catch_block_index, *exception);
+}
+
+Handle<Object> FrameState::GetCaughtException(
+    Isolate* isolate, uint32_t catch_block_index) const {
+  Handle<Object> exception =
+      handle(caught_exceptions_->get(catch_block_index), isolate);
+  DCHECK(!IsTheHole(*exception));
+  return exception;
+}
+
+void FrameState::DisposeCaughtExceptionsArray(Isolate* isolate) {
+  if (!caught_exceptions_.is_null()) {
+    isolate->global_handles()->Destroy(caught_exceptions_.location());
+    caught_exceptions_ = Handle<FixedArray>::null();
+  }
+}
+
+WasmExecutionTimer::WasmExecutionTimer(Isolate* isolate,
+                                       bool track_jitless_wasm)
+    : execute_ratio_histogram_(
+          track_jitless_wasm
+              ? isolate->counters()->wasm_jitless_execution_ratio()
+              : isolate->counters()->wasm_jit_execution_ratio()),
+      slow_wasm_histogram_(
+          track_jitless_wasm
+              ? isolate->counters()->wasm_jitless_execution_too_slow()
+              : isolate->counters()->wasm_jit_execution_too_slow()),
+      window_has_started_(false),
+      next_interval_time_(),
+      start_interval_time_(),
+      window_running_time_(),
+      sample_duration_(base::TimeDelta::FromMilliseconds(std::max(
+          0, v8_flags.wasm_exec_time_histogram_sample_duration.value()))),
+      slow_threshold_(v8_flags.wasm_exec_time_histogram_slow_threshold.value()),
+      slow_threshold_samples_count_(std::max(
+          1, v8_flags.wasm_exec_time_slow_threshold_samples_count.value())),
+      isolate_(isolate) {
+  int cooldown_interval_in_msec = std::max(
+      0, v8_flags.wasm_exec_time_histogram_sample_period.value() -
+             v8_flags.wasm_exec_time_histogram_sample_duration.value());
+  cooldown_interval_ =
+      base::TimeDelta::FromMilliseconds(cooldown_interval_in_msec);
+}
+
+void WasmExecutionTimer::BeginInterval(bool start_timer) {
+  window_has_started_ = true;
+  start_interval_time_ = base::TimeTicks::Now();
+  window_running_time_ = base::TimeDelta();
+  if (start_timer) {
+    window_execute_timer_.Start();
+  }
+}
+
+void WasmExecutionTimer::EndInterval() {
+  window_has_started_ = false;
+  base::TimeTicks now = base::TimeTicks::Now();
+  next_interval_time_ = now + cooldown_interval_;
+  int running_ratio = kMaxPercentValue *
+                      window_running_time_.TimesOf(now - start_interval_time_);
+  AddSample(running_ratio);
+}
+
+void WasmExecutionTimer::AddSample(int running_ratio) {
+  DCHECK(v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms);
+
+  execute_ratio_histogram_->AddSample(running_ratio);
+
+  // Emit a Jit[less]WasmExecutionTooSlow sample if the average of the last
+  // {v8_flags.wasm_exec_time_slow_threshold_samples_count} samples is above
+  // {v8_flags.wasm_exec_time_histogram_slow_threshold}.
+  samples_.push_back(running_ratio);
+  if (samples_.size() == slow_threshold_samples_count_) {
+    int sum = 0;
+    for (int sample : samples_) sum += sample;
+    int average = sum / slow_threshold_samples_count_;
+    if (average >= slow_threshold_) {
+      slow_wasm_histogram_->AddSample(average);
+
+      if (isolate_ && !isolate_->context().is_null()) {
+        // Skip this event because not(yet) supported by Chromium.
+
+        // HandleScope scope(isolate_);
+        // v8::metrics::WasmInterpreterSlowExecution event;
+        // event.slow_execution = true;
+        // event.jitless = v8_flags.wasm_jitless;
+        // event.cpu_percentage = average;
+        // v8::metrics::Recorder::ContextId context_id =
+        //     isolate_->GetOrRegisterRecorderContextId(
+        //         isolate_->native_context());
+        // isolate_->metrics_recorder()->DelayMainThreadEvent(event,
+        // context_id);
+      }
+    }
+
+    samples_.clear();
+  }
+}
+
+void WasmExecutionTimer::StartInternal() {
+  DCHECK(v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms);
+  DCHECK(!window_execute_timer_.IsStarted());
+
+  base::TimeTicks now = base::TimeTicks::Now();
+  if (window_has_started_) {
+    if (now - start_interval_time_ > sample_duration_) {
+      EndInterval();
+    } else {
+      window_execute_timer_.Start();
+    }
+  } else {
+    if (now >= next_interval_time_) {
+      BeginInterval(true);
+    } else {
+      // Ignore this start event.
+    }
+  }
+}
+
+void WasmExecutionTimer::StopInternal() {
+  DCHECK(v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms);
+
+  base::TimeTicks now = base::TimeTicks::Now();
+  if (window_has_started_) {
+    DCHECK(window_execute_timer_.IsStarted());
+    base::TimeDelta elapsed = window_execute_timer_.Elapsed();
+    window_running_time_ += elapsed;
+    window_execute_timer_.Stop();
+    if (now - start_interval_time_ > sample_duration_) {
+      EndInterval();
+    }
+  } else {
+    if (now >= next_interval_time_) {
+      BeginInterval(false);
+    } else {
+      // Ignore this stop event.
+    }
+  }
+}
+
+void WasmExecutionTimer::Terminate() {
+  if (execute_ratio_histogram_->Enabled()) {
+    if (window_has_started_) {
+      if (window_execute_timer_.IsStarted()) {
+        window_execute_timer_.Stop();
+      }
+      EndInterval();
+    }
+  }
+}
+
+namespace {
+void NopFinalizer(const v8::WeakCallbackInfo<void>& data) {
+  Address* global_handle_location =
+      reinterpret_cast<Address*>(data.GetParameter());
+  GlobalHandles::Destroy(global_handle_location);
+}
+
+Handle<WasmInstanceObject> MakeWeak(
+    Isolate* isolate, Handle<WasmInstanceObject> instance_object) {
+  Handle<WasmInstanceObject> weak_instance =
+      isolate->global_handles()->Create<WasmInstanceObject>(*instance_object);
+  Address* global_handle_location = weak_instance.location();
+  GlobalHandles::MakeWeak(global_handle_location, global_handle_location,
+                          &NopFinalizer, v8::WeakCallbackType::kParameter);
+  return weak_instance;
+}
+
+std::optional<wasm::ValueType> GetWasmReturnTypeFromSignature(
+    const FunctionSig* wasm_signature) {
+  if (wasm_signature->return_count() == 0) return {};
+
+  DCHECK_EQ(wasm_signature->return_count(), 1);
+  return wasm_signature->GetReturn(0);
+}
+
+}  // namespace
+
+// Build the interpreter call stack for the current activation. For each stack
+// frame we need to calculate the Wasm function index and the original Wasm
+// bytecode location, calculated from the current WasmBytecode offset.
+std::vector<WasmInterpreterStackEntry>
+WasmInterpreterThread::Activation::CaptureStackTrace(
+    const TrapStatus* trap_status) const {
+  std::vector<WasmInterpreterStackEntry> stack_trace;
+  const FrameState* frame_state = &current_frame_state_;
+  DCHECK_NOT_NULL(frame_state);
+
+  if (trap_status) {
+    stack_trace.push_back(WasmInterpreterStackEntry{
+        trap_status->trap_function_index, trap_status->trap_pc});
+  } else {
+    if (frame_state->current_function_) {
+      stack_trace.push_back(WasmInterpreterStackEntry{
+          frame_state->current_function_->GetFunctionIndex(),
+          frame_state->current_bytecode_
+              ? static_cast<int>(
+                    frame_state->current_function_->GetPcFromTrapCode(
+                        frame_state->current_bytecode_))
+              : 0});
+    }
+  }
+
+  frame_state = frame_state->previous_frame_;
+  while (frame_state && frame_state->current_function_) {
+    stack_trace.insert(
+        stack_trace.begin(),
+        WasmInterpreterStackEntry{
+            frame_state->current_function_->GetFunctionIndex(),
+            frame_state->current_bytecode_
+                ? static_cast<int>(
+                      frame_state->current_function_->GetPcFromTrapCode(
+                          frame_state->current_bytecode_))
+                : 0});
+    frame_state = frame_state->previous_frame_;
+  }
+
+  return stack_trace;
+}
+
+int WasmInterpreterThread::Activation::GetFunctionIndex(int index) const {
+  std::vector<int> function_indexes;
+  const FrameState* frame_state = &current_frame_state_;
+  // TODO(paolosev@microsoft.com) - Too slow?
+  while (frame_state->current_function_) {
+    function_indexes.push_back(
+        frame_state->current_function_->GetFunctionIndex());
+    frame_state = frame_state->previous_frame_;
+  }
+
+  if (static_cast<size_t>(index) < function_indexes.size()) {
+    return function_indexes[function_indexes.size() - index - 1];
+  }
+  return -1;
+}
+
+void WasmInterpreterThread::RaiseException(Isolate* isolate,
+                                           MessageTemplate message) {
+  DCHECK_EQ(WasmInterpreterThread::TRAPPED, state_);
+  if (!isolate->has_exception()) {
+    ClearThreadInWasmScope wasm_flag(isolate);
+    Handle<JSObject> error_obj =
+        isolate->factory()->NewWasmRuntimeError(message);
+    JSObject::AddProperty(isolate, error_obj,
+                          isolate->factory()->wasm_uncatchable_symbol(),
+                          isolate->factory()->true_value(), NONE);
+    isolate->Throw(*error_obj);
+  }
+}
+
+// static
+void WasmInterpreterThread::SetRuntimeLastWasmError(Isolate* isolate,
+                                                    MessageTemplate message) {
+  WasmInterpreterThread* current_thread = GetCurrentInterpreterThread(isolate);
+  current_thread->trap_reason_ = WasmOpcodes::MessageIdToTrapReason(message);
+}
+
+// static
+TrapReason WasmInterpreterThread::GetRuntimeLastWasmError(Isolate* isolate) {
+  WasmInterpreterThread* current_thread = GetCurrentInterpreterThread(isolate);
+  // TODO(paolosev@microsoft.com): store in new data member?
+  return current_thread->trap_reason_;
+}
+
+void WasmInterpreterThread::StartExecutionTimer() {
+  if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms) {
+    execution_timer_.Start();
+  }
+}
+
+void WasmInterpreterThread::StopExecutionTimer() {
+  if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms) {
+    execution_timer_.Stop();
+  }
+}
+
+void WasmInterpreterThread::TerminateExecutionTimers() {
+  if (v8_flags.wasm_enable_exec_time_histograms && v8_flags.slow_histograms) {
+    execution_timer_.Terminate();
+  }
+}
+
+#if !defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+
+enum BoundsCheckedHandlersCounter {
+#define ITEM_ENUM_DEFINE(name) name##counter,
+  FOREACH_LOAD_STORE_INSTR_HANDLER(ITEM_ENUM_DEFINE)
+#undef ITEM_ENUM_DEFINE
+      kTotalItems
+};
+
+V8_DECLARE_ONCE(init_instruction_table_once);
+V8_DECLARE_ONCE(init_trap_handlers_once);
+
+// A subset of the Wasm instruction handlers is implemented as ASM builtins, and
+// not with normal C++ functions. This is done only for LoadMem and StoreMem
+// builtins, which can trap for out of bounds accesses.
+// V8 already implements out of bounds trap handling for compiled Wasm code and
+// allocates two large guard pages before and after each Wasm memory region to
+// detect out of bounds memory accesses. Once an access violation exception
+// arises, the V8 exception filter intercepts the exception and checks whether
+// it originates from Wasm code.
+// The Wasm interpreter reuses the same logic, and
+// WasmInterpreter::HandleWasmTrap is called by the SEH exception handler to
+// check whether the access violation was caused by an interpreter instruction
+// handler. It is necessary that these handlers are Wasm builtins for two
+// reasons:
+// 1. We want to know precisely the start and end address of each handler to
+// verify if the AV happened inside one of the Load/Store builtins and can be
+// handled with a Wasm trap.
+// 2. If the exception is handled, we interrupt the execution of
+// TrapMemOutOfBounds, which sets the TRAPPED state and breaks the execution of
+// the chain of instruction handlers with a x64 'ret'. This only works if there
+// is no stack cleanup to do in the handler that caused the failure (no
+// registers to pop from the stack before the 'ret'). Therefore we cannot rely
+// on the compiler, we can only make sure that this is the case if we implement
+// the handlers in assembly.
+
+// Forward declaration
+INSTRUCTION_HANDLER_FUNC TrapMemOutOfBounds(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0);
+
+void InitTrapHandlersOnce(Isolate* isolate) {
+  CHECK_LE(kInstructionCount, kInstructionTableSize);
+
+  ClearThreadInWasmScope wasm_flag(isolate);
+
+  // Overwrites the instruction handlers that access memory and can cause an
+  // out-of-bounds trap with builtin versions that don't have explicit bounds
+  // check but rely on a trap handler to intercept the access violation and
+  // transform it into a trap.
+  EmbeddedData embedded_data = EmbeddedData::FromBlob();
+#define V(name)                                               \
+  trap_handler::RegisterHandlerData(                          \
+      reinterpret_cast<Address>(kInstructionTable[k_##name]), \
+      embedded_data.InstructionSizeOf(Builtin::k##name), 0, nullptr);
+  FOREACH_LOAD_STORE_INSTR_HANDLER(V)
+#undef V
+}
+
+void InitInstructionTableOnce(Isolate* isolate) {
+  size_t index = 0;
+#define V(name)                                            \
+  kInstructionTable[index++] = reinterpret_cast<PWasmOp*>( \
+      isolate->builtins()->code(Builtin::k##name)->instruction_start());
+#ifdef __clang__
+#pragma clang diagnostic push
+#pragma clang diagnostic ignored "-Wcast-calling-convention"
+#endif  // __clang__
+  FOREACH_LOAD_STORE_INSTR_HANDLER(V)
+#ifdef __clang__
+#pragma clang diagnostic pop
+#endif  // __clang__
+#undef V
+}
+#endif  // !V8_DRUMBRAKE_BOUNDS_CHECKS
+
+WasmInterpreter::WasmInterpreter(Isolate* isolate, const WasmModule* module,
+                                 const ModuleWireBytes& wire_bytes,
+                                 Handle<WasmInstanceObject> instance_object)
+    : zone_(isolate->allocator(), ZONE_NAME),
+      instance_object_(MakeWeak(isolate, instance_object)),
+      module_bytes_(wire_bytes.start(), wire_bytes.end(), &zone_),
+      codemap_(isolate, module, module_bytes_.data(), &zone_) {
+  wasm_runtime_ = std::make_shared<WasmInterpreterRuntime>(
+      module, isolate, instance_object_, &codemap_);
+  module->SetWasmInterpreter(wasm_runtime_);
+
+#if !defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+  // TODO(paolosev@microsoft.com) - For modules that have 64-bit Wasm memory we
+  // need to use explicit bound checks; memory guard pages only work with 32-bit
+  // memories. This could be implemented by allocating a different dispatch
+  // table for each instance (probably in the WasmInterpreterRuntime object) and
+  // patching the entries of Load/Store instructions with bultin handlers only
+  // for instances related to modules that have 32-bit memories. 64-bit memories
+  // are not supported yet by DrumBrake.
+  base::CallOnce(&init_instruction_table_once, &InitInstructionTableOnce,
+                 isolate);
+  base::CallOnce(&init_trap_handlers_once, &InitTrapHandlersOnce, isolate);
+
+  trap_handler::SetLandingPad(reinterpret_cast<Address>(TrapMemOutOfBounds));
+#endif  // !V8_DRUMBRAKE_BOUNDS_CHECKS
+}
+
+WasmInterpreterThread::State WasmInterpreter::ContinueExecution(
+    WasmInterpreterThread* thread, bool called_from_js) {
+  wasm_runtime_->ContinueExecution(thread, called_from_js);
+  return thread->state();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// DrumBrake: implementation of an interpreter for WebAssembly.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+constexpr uint32_t kFloat32SignBitMask = uint32_t{1} << 31;
+constexpr uint64_t kFloat64SignBitMask = uint64_t{1} << 63;
+
+#ifdef DRUMBRAKE_ENABLE_PROFILING
+
+static const char* prev_op_name_s = nullptr;
+static std::map<std::pair<const char*, const char*>, uint64_t>*
+    ops_pairs_count_s = nullptr;
+static std::map<const char*, uint64_t>* ops_count_s = nullptr;
+static void ProfileOp(const char* op_name) {
+  if (!ops_pairs_count_s) {
+    ops_pairs_count_s =
+        new std::map<std::pair<const char*, const char*>, uint64_t>();
+    ops_count_s = new std::map<const char*, uint64_t>();
+  }
+  if (prev_op_name_s) {
+    (*ops_pairs_count_s)[{prev_op_name_s, op_name}]++;
+  }
+  (*ops_count_s)[op_name]++;
+  prev_op_name_s = op_name;
+}
+
+template <typename A, typename B>
+std::pair<B, A> flip_pair(const std::pair<A, B>& p) {
+  return std::pair<B, A>(p.second, p.first);
+}
+template <typename A, typename B>
+std::multimap<B, A> flip_map(const std::map<A, B>& src) {
+  std::multimap<B, A> dst;
+  std::transform(src.begin(), src.end(), std::inserter(dst, dst.begin()),
+                 flip_pair<A, B>);
+  return dst;
+}
+
+static void PrintOpsCount() {
+  std::multimap<uint64_t, const char*> count_ops_map = flip_map(*ops_count_s);
+  uint64_t total_count = 0;
+  for (auto& pair : count_ops_map) {
+    printf("%10lld, %s\n", pair.first, pair.second);
+    total_count += pair.first;
+  }
+  printf("Total count: %10lld\n\n", total_count);
+
+  std::multimap<uint64_t, std::pair<const char*, const char*>>
+      count_pairs_ops_map = flip_map(*ops_pairs_count_s);
+  for (auto& pair : count_pairs_ops_map) {
+    printf("%10lld, %s -> %s\n", pair.first, pair.second.first,
+           pair.second.second);
+  }
+}
+
+static void PrintAndClearProfilingData() {
+  PrintOpsCount();
+  delete ops_count_s;
+  ops_count_s = nullptr;
+  delete ops_pairs_count_s;
+  ops_pairs_count_s = nullptr;
+}
+
+#define NextOp()                                                             \
+  ProfileOp(__FUNCTION__);                                                   \
+  MUSTTAIL return kInstructionTable[ReadFnId(code) & kInstructionTableMask]( \
+      code, sp, wasm_runtime, r0, fp0)
+
+#else  // DRUMBRAKE_ENABLE_PROFILING
+
+#define NextOp()                                                             \
+  MUSTTAIL return kInstructionTable[ReadFnId(code) & kInstructionTableMask]( \
+      code, sp, wasm_runtime, r0, fp0)
+
+#endif  // DRUMBRAKE_ENABLE_PROFILING
+
+namespace {
+INSTRUCTION_HANDLER_FUNC Trap(const uint8_t* code, uint32_t* sp,
+                              WasmInterpreterRuntime* wasm_runtime, int64_t r0,
+                              double fp0) {
+  TrapReason trap_reason = static_cast<TrapReason>(r0);
+  wasm_runtime->SetTrap(trap_reason, code);
+  MUSTTAIL return s_unwind_func_addr(code, sp, wasm_runtime, trap_reason, .0);
+}
+}  // namespace
+
+#define TRAP(trap_reason) \
+  MUSTTAIL return Trap(code, sp, wasm_runtime, trap_reason, fp0);
+
+#define INLINED_TRAP(trap_reason)           \
+  wasm_runtime->SetTrap(trap_reason, code); \
+  MUSTTAIL return s_unwind_func_addr(code, sp, wasm_runtime, trap_reason, .0);
+
+////////////////////////////////////////////////////////////////////////////////
+// GlobalGet
+
+template <typename IntT>
+INSTRUCTION_HANDLER_FUNC s2r_GlobalGetI(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* src_addr = wasm_runtime->GetGlobalAddress(index);
+  r0 = base::ReadUnalignedValue<IntT>(reinterpret_cast<Address>(src_addr));
+
+  NextOp();
+}
+static auto s2r_I32GlobalGet = s2r_GlobalGetI<int32_t>;
+static auto s2r_I64GlobalGet = s2r_GlobalGetI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC s2r_GlobalGetF(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* src_addr = wasm_runtime->GetGlobalAddress(index);
+  fp0 = base::ReadUnalignedValue<FloatT>(reinterpret_cast<Address>(src_addr));
+
+  NextOp();
+}
+static auto s2r_F32GlobalGet = s2r_GlobalGetF<float>;
+static auto s2r_F64GlobalGet = s2r_GlobalGetF<double>;
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC s2s_GlobalGet(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* src_addr = wasm_runtime->GetGlobalAddress(index);
+  push<T>(sp, code, wasm_runtime,
+          base::ReadUnalignedValue<T>(reinterpret_cast<Address>(src_addr)));
+
+  NextOp();
+}
+static auto s2s_I32GlobalGet = s2s_GlobalGet<int32_t>;
+static auto s2s_I64GlobalGet = s2s_GlobalGet<int64_t>;
+static auto s2s_F32GlobalGet = s2s_GlobalGet<float>;
+static auto s2s_F64GlobalGet = s2s_GlobalGet<double>;
+static auto s2s_S128GlobalGet = s2s_GlobalGet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefGlobalGet(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  push<WasmRef>(sp, code, wasm_runtime, wasm_runtime->GetGlobalRef(index));
+
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// GlobalSet
+
+template <typename IntT>
+INSTRUCTION_HANDLER_FUNC r2s_GlobalSetI(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* dst_addr = wasm_runtime->GetGlobalAddress(index);
+  base::WriteUnalignedValue<IntT>(reinterpret_cast<Address>(dst_addr),
+                                  static_cast<IntT>(r0));  // r0: value
+  NextOp();
+}
+static auto r2s_I32GlobalSet = r2s_GlobalSetI<int32_t>;
+static auto r2s_I64GlobalSet = r2s_GlobalSetI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC r2s_GlobalSetF(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* dst_addr = wasm_runtime->GetGlobalAddress(index);
+  base::WriteUnalignedValue<FloatT>(reinterpret_cast<Address>(dst_addr),
+                                    static_cast<FloatT>(fp0));  // fp0: value
+  NextOp();
+}
+static auto r2s_F32GlobalSet = r2s_GlobalSetF<float>;
+static auto r2s_F64GlobalSet = r2s_GlobalSetF<double>;
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC s2s_GlobalSet(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  uint8_t* dst_addr = wasm_runtime->GetGlobalAddress(index);
+  base::WriteUnalignedValue<T>(reinterpret_cast<Address>(dst_addr),
+                               pop<T>(sp, code, wasm_runtime));
+  NextOp();
+}
+static auto s2s_I32GlobalSet = s2s_GlobalSet<int32_t>;
+static auto s2s_I64GlobalSet = s2s_GlobalSet<int64_t>;
+static auto s2s_F32GlobalSet = s2s_GlobalSet<float>;
+static auto s2s_F64GlobalSet = s2s_GlobalSet<double>;
+static auto s2s_S128GlobalSet = s2s_GlobalSet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefGlobalSet(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t index = ReadGlobalIndex(code);
+  wasm_runtime->SetGlobalRef(index, pop<WasmRef>(sp, code, wasm_runtime));
+
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Drop
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC r2s_Drop(const uint8_t* code, uint32_t* sp,
+                                  WasmInterpreterRuntime* wasm_runtime,
+                                  int64_t r0, double fp0) {
+  NextOp();
+}
+static auto r2s_I32Drop = r2s_Drop<int32_t>;
+static auto r2s_I64Drop = r2s_Drop<int64_t>;
+static auto r2s_F32Drop = r2s_Drop<float>;
+static auto r2s_F64Drop = r2s_Drop<double>;
+
+INSTRUCTION_HANDLER_FUNC r2s_RefDrop(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  UNREACHABLE();
+}
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC s2s_Drop(const uint8_t* code, uint32_t* sp,
+                                  WasmInterpreterRuntime* wasm_runtime,
+                                  int64_t r0, double fp0) {
+  pop<T>(sp, code, wasm_runtime);
+
+  NextOp();
+}
+static auto s2s_I32Drop = s2s_Drop<int32_t>;
+static auto s2s_I64Drop = s2s_Drop<int64_t>;
+static auto s2s_F32Drop = s2s_Drop<float>;
+static auto s2s_F64Drop = s2s_Drop<double>;
+static auto s2s_S128Drop = s2s_Drop<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefDrop(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  pop<WasmRef>(sp, code, wasm_runtime);
+
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// LoadMem
+
+#if defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+
+template <typename IntT, typename IntU = IntT>
+INSTRUCTION_HANDLER_FUNC r2r_LoadMemI(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = r0;
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(IntU),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  IntU value =
+      base::ReadUnalignedValue<IntU>(reinterpret_cast<Address>(address));
+  r0 = static_cast<IntT>(value);
+
+  NextOp();
+}
+static auto r2r_I32LoadMem8S = r2r_LoadMemI<int32_t, int8_t>;
+static auto r2r_I32LoadMem8U = r2r_LoadMemI<int32_t, uint8_t>;
+static auto r2r_I32LoadMem16S = r2r_LoadMemI<int32_t, int16_t>;
+static auto r2r_I32LoadMem16U = r2r_LoadMemI<int32_t, uint16_t>;
+static auto r2r_I64LoadMem8S = r2r_LoadMemI<int64_t, int8_t>;
+static auto r2r_I64LoadMem8U = r2r_LoadMemI<int64_t, uint8_t>;
+static auto r2r_I64LoadMem16S = r2r_LoadMemI<int64_t, int16_t>;
+static auto r2r_I64LoadMem16U = r2r_LoadMemI<int64_t, uint16_t>;
+static auto r2r_I64LoadMem32S = r2r_LoadMemI<int64_t, int32_t>;
+static auto r2r_I64LoadMem32U = r2r_LoadMemI<int64_t, uint32_t>;
+static auto r2r_I32LoadMem = r2r_LoadMemI<int32_t>;
+static auto r2r_I64LoadMem = r2r_LoadMemI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC r2r_LoadMemF(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = r0;
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(FloatT),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  fp0 = base::ReadUnalignedValue<FloatT>(reinterpret_cast<Address>(address));
+
+  NextOp();
+}
+static auto r2r_F32LoadMem = r2r_LoadMemF<float>;
+static auto r2r_F64LoadMem = r2r_LoadMemF<double>;
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC r2s_LoadMem(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = r0;
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  U value = base::ReadUnalignedValue<U>(reinterpret_cast<Address>(address));
+
+  push<T>(sp, code, wasm_runtime, value);
+
+  NextOp();
+}
+static auto r2s_I32LoadMem8S = r2s_LoadMem<int32_t, int8_t>;
+static auto r2s_I32LoadMem8U = r2s_LoadMem<int32_t, uint8_t>;
+static auto r2s_I32LoadMem16S = r2s_LoadMem<int32_t, int16_t>;
+static auto r2s_I32LoadMem16U = r2s_LoadMem<int32_t, uint16_t>;
+static auto r2s_I64LoadMem8S = r2s_LoadMem<int64_t, int8_t>;
+static auto r2s_I64LoadMem8U = r2s_LoadMem<int64_t, uint8_t>;
+static auto r2s_I64LoadMem16S = r2s_LoadMem<int64_t, int16_t>;
+static auto r2s_I64LoadMem16U = r2s_LoadMem<int64_t, uint16_t>;
+static auto r2s_I64LoadMem32S = r2s_LoadMem<int64_t, int32_t>;
+static auto r2s_I64LoadMem32U = r2s_LoadMem<int64_t, uint32_t>;
+static auto r2s_I32LoadMem = r2s_LoadMem<int32_t>;
+static auto r2s_I64LoadMem = r2s_LoadMem<int64_t>;
+static auto r2s_F32LoadMem = r2s_LoadMem<float>;
+static auto r2s_F64LoadMem = r2s_LoadMem<double>;
+
+template <typename IntT, typename IntU = IntT>
+INSTRUCTION_HANDLER_FUNC s2r_LoadMemI(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(IntU),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  r0 = static_cast<IntT>(
+      base::ReadUnalignedValue<IntU>(reinterpret_cast<Address>(address)));
+
+  NextOp();
+}
+static auto s2r_I32LoadMem8S = s2r_LoadMemI<int32_t, int8_t>;
+static auto s2r_I32LoadMem8U = s2r_LoadMemI<int32_t, uint8_t>;
+static auto s2r_I32LoadMem16S = s2r_LoadMemI<int32_t, int16_t>;
+static auto s2r_I32LoadMem16U = s2r_LoadMemI<int32_t, uint16_t>;
+static auto s2r_I64LoadMem8S = s2r_LoadMemI<int64_t, int8_t>;
+static auto s2r_I64LoadMem8U = s2r_LoadMemI<int64_t, uint8_t>;
+static auto s2r_I64LoadMem16S = s2r_LoadMemI<int64_t, int16_t>;
+static auto s2r_I64LoadMem16U = s2r_LoadMemI<int64_t, uint16_t>;
+static auto s2r_I64LoadMem32S = s2r_LoadMemI<int64_t, int32_t>;
+static auto s2r_I64LoadMem32U = s2r_LoadMemI<int64_t, uint32_t>;
+static auto s2r_I32LoadMem = s2r_LoadMemI<int32_t>;
+static auto s2r_I64LoadMem = s2r_LoadMemI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC s2r_LoadMemF(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(FloatT),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  fp0 = static_cast<FloatT>(
+      base::ReadUnalignedValue<FloatT>(reinterpret_cast<Address>(address)));
+
+  NextOp();
+}
+static auto s2r_F32LoadMem = s2r_LoadMemF<float>;
+static auto s2r_F64LoadMem = s2r_LoadMemF<double>;
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_LoadMem(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  U value = base::ReadUnalignedValue<U>(reinterpret_cast<Address>(address));
+
+  push<T>(sp, code, wasm_runtime, value);
+
+  NextOp();
+}
+static auto s2s_I32LoadMem8S = s2s_LoadMem<int32_t, int8_t>;
+static auto s2s_I32LoadMem8U = s2s_LoadMem<int32_t, uint8_t>;
+static auto s2s_I32LoadMem16S = s2s_LoadMem<int32_t, int16_t>;
+static auto s2s_I32LoadMem16U = s2s_LoadMem<int32_t, uint16_t>;
+static auto s2s_I64LoadMem8S = s2s_LoadMem<int64_t, int8_t>;
+static auto s2s_I64LoadMem8U = s2s_LoadMem<int64_t, uint8_t>;
+static auto s2s_I64LoadMem16S = s2s_LoadMem<int64_t, int16_t>;
+static auto s2s_I64LoadMem16U = s2s_LoadMem<int64_t, uint16_t>;
+static auto s2s_I64LoadMem32S = s2s_LoadMem<int64_t, int32_t>;
+static auto s2s_I64LoadMem32U = s2s_LoadMem<int64_t, uint32_t>;
+static auto s2s_I32LoadMem = s2s_LoadMem<int32_t>;
+static auto s2s_I64LoadMem = s2s_LoadMem<int64_t>;
+static auto s2s_F32LoadMem = s2s_LoadMem<float>;
+static auto s2s_F64LoadMem = s2s_LoadMem<double>;
+
+////////////////////////////////////////////////////////////////////////////////
+// LoadMem_LocalSet
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC r2s_LoadMem_LocalSet(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = r0;
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  U value = base::ReadUnalignedValue<U>(reinterpret_cast<Address>(address));
+
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<T>(reinterpret_cast<Address>(sp + to),
+                               static_cast<T>(value));
+
+  NextOp();
+}
+static auto r2s_I32LoadMem8S_LocalSet = r2s_LoadMem_LocalSet<int32_t, int8_t>;
+static auto r2s_I32LoadMem8U_LocalSet = r2s_LoadMem_LocalSet<int32_t, uint8_t>;
+static auto r2s_I32LoadMem16S_LocalSet = r2s_LoadMem_LocalSet<int32_t, int16_t>;
+static auto r2s_I32LoadMem16U_LocalSet =
+    r2s_LoadMem_LocalSet<int32_t, uint16_t>;
+static auto r2s_I64LoadMem8S_LocalSet = r2s_LoadMem_LocalSet<int64_t, int8_t>;
+static auto r2s_I64LoadMem8U_LocalSet = r2s_LoadMem_LocalSet<int64_t, uint8_t>;
+static auto r2s_I64LoadMem16S_LocalSet = r2s_LoadMem_LocalSet<int64_t, int16_t>;
+static auto r2s_I64LoadMem16U_LocalSet =
+    r2s_LoadMem_LocalSet<int64_t, uint16_t>;
+static auto r2s_I64LoadMem32S_LocalSet = r2s_LoadMem_LocalSet<int64_t, int32_t>;
+static auto r2s_I64LoadMem32U_LocalSet =
+    r2s_LoadMem_LocalSet<int64_t, uint32_t>;
+static auto r2s_I32LoadMem_LocalSet = r2s_LoadMem_LocalSet<int32_t>;
+static auto r2s_I64LoadMem_LocalSet = r2s_LoadMem_LocalSet<int64_t>;
+static auto r2s_F32LoadMem_LocalSet = r2s_LoadMem_LocalSet<float>;
+static auto r2s_F64LoadMem_LocalSet = r2s_LoadMem_LocalSet<double>;
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_LoadMem_LocalSet(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<int32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  U value = base::ReadUnalignedValue<U>(reinterpret_cast<Address>(address));
+
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<T>(reinterpret_cast<Address>(sp + to),
+                               static_cast<T>(value));
+
+  NextOp();
+}
+static auto s2s_I32LoadMem8S_LocalSet = s2s_LoadMem_LocalSet<int32_t, int8_t>;
+static auto s2s_I32LoadMem8U_LocalSet = s2s_LoadMem_LocalSet<int32_t, uint8_t>;
+static auto s2s_I32LoadMem16S_LocalSet = s2s_LoadMem_LocalSet<int32_t, int16_t>;
+static auto s2s_I32LoadMem16U_LocalSet =
+    s2s_LoadMem_LocalSet<int32_t, uint16_t>;
+static auto s2s_I64LoadMem8S_LocalSet = s2s_LoadMem_LocalSet<int64_t, int8_t>;
+static auto s2s_I64LoadMem8U_LocalSet = s2s_LoadMem_LocalSet<int64_t, uint8_t>;
+static auto s2s_I64LoadMem16S_LocalSet = s2s_LoadMem_LocalSet<int64_t, int16_t>;
+static auto s2s_I64LoadMem16U_LocalSet =
+    s2s_LoadMem_LocalSet<int64_t, uint16_t>;
+static auto s2s_I64LoadMem32S_LocalSet = s2s_LoadMem_LocalSet<int64_t, int32_t>;
+static auto s2s_I64LoadMem32U_LocalSet =
+    s2s_LoadMem_LocalSet<int64_t, uint32_t>;
+static auto s2s_I32LoadMem_LocalSet = s2s_LoadMem_LocalSet<int32_t>;
+static auto s2s_I64LoadMem_LocalSet = s2s_LoadMem_LocalSet<int64_t>;
+static auto s2s_F32LoadMem_LocalSet = s2s_LoadMem_LocalSet<float>;
+static auto s2s_F64LoadMem_LocalSet = s2s_LoadMem_LocalSet<double>;
+
+////////////////////////////////////////////////////////////////////////////////
+// StoreMem
+
+template <typename IntT, typename IntU = IntT>
+INSTRUCTION_HANDLER_FUNC r2s_StoreMemI(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  IntT value = static_cast<IntT>(r0);
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(IntU),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  base::WriteUnalignedValue<IntU>(
+      reinterpret_cast<Address>(address),
+      base::ReadUnalignedValue<IntU>(reinterpret_cast<Address>(&value)));
+
+  NextOp();
+}
+static auto r2s_I32StoreMem8 = r2s_StoreMemI<int32_t, int8_t>;
+static auto r2s_I32StoreMem16 = r2s_StoreMemI<int32_t, int16_t>;
+static auto r2s_I64StoreMem8 = r2s_StoreMemI<int64_t, int8_t>;
+static auto r2s_I64StoreMem16 = r2s_StoreMemI<int64_t, int16_t>;
+static auto r2s_I64StoreMem32 = r2s_StoreMemI<int64_t, int32_t>;
+static auto r2s_I32StoreMem = r2s_StoreMemI<int32_t>;
+static auto r2s_I64StoreMem = r2s_StoreMemI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC r2s_StoreMemF(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  FloatT value = static_cast<FloatT>(fp0);
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(FloatT),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  base::WriteUnalignedValue<FloatT>(
+      reinterpret_cast<Address>(address),
+      base::ReadUnalignedValue<FloatT>(reinterpret_cast<Address>(&value)));
+
+  NextOp();
+}
+static auto r2s_F32StoreMem = r2s_StoreMemF<float>;
+static auto r2s_F64StoreMem = r2s_StoreMemF<double>;
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_StoreMem(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  T value = pop<T>(sp, code, wasm_runtime);
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  base::WriteUnalignedValue<U>(
+      reinterpret_cast<Address>(address),
+      base::ReadUnalignedValue<U>(reinterpret_cast<Address>(&value)));
+
+  NextOp();
+}
+static auto s2s_I32StoreMem8 = s2s_StoreMem<int32_t, int8_t>;
+static auto s2s_I32StoreMem16 = s2s_StoreMem<int32_t, int16_t>;
+static auto s2s_I64StoreMem8 = s2s_StoreMem<int64_t, int8_t>;
+static auto s2s_I64StoreMem16 = s2s_StoreMem<int64_t, int16_t>;
+static auto s2s_I64StoreMem32 = s2s_StoreMem<int64_t, int32_t>;
+static auto s2s_I32StoreMem = s2s_StoreMem<int32_t>;
+static auto s2s_I64StoreMem = s2s_StoreMem<int64_t>;
+static auto s2s_F32StoreMem = s2s_StoreMem<float>;
+static auto s2s_F64StoreMem = s2s_StoreMem<double>;
+
+////////////////////////////////////////////////////////////////////////////////
+// LocalGet_StoreMem
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_LocalGet_StoreMem(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  T value = base::ReadUnalignedValue<T>(reinterpret_cast<Address>(sp + from));
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(U),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+
+  base::WriteUnalignedValue<U>(
+      reinterpret_cast<Address>(address),
+      base::ReadUnalignedValue<U>(reinterpret_cast<Address>(&value)));
+
+  NextOp();
+}
+static auto s2s_LocalGet_I32StoreMem8 = s2s_LocalGet_StoreMem<int32_t, int8_t>;
+static auto s2s_LocalGet_I32StoreMem16 =
+    s2s_LocalGet_StoreMem<int32_t, int16_t>;
+static auto s2s_LocalGet_I64StoreMem8 = s2s_LocalGet_StoreMem<int64_t, int8_t>;
+static auto s2s_LocalGet_I64StoreMem16 =
+    s2s_LocalGet_StoreMem<int64_t, int16_t>;
+static auto s2s_LocalGet_I64StoreMem32 =
+    s2s_LocalGet_StoreMem<int64_t, int32_t>;
+static auto s2s_LocalGet_I32StoreMem = s2s_LocalGet_StoreMem<int32_t>;
+static auto s2s_LocalGet_I64StoreMem = s2s_LocalGet_StoreMem<int64_t>;
+static auto s2s_LocalGet_F32StoreMem = s2s_LocalGet_StoreMem<float>;
+static auto s2s_LocalGet_F64StoreMem = s2s_LocalGet_StoreMem<double>;
+
+////////////////////////////////////////////////////////////////////////////////
+// LoadStoreMem
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC r2s_LoadStoreMem(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+
+  uint64_t load_offset = Read<uint64_t>(code);
+  uint64_t load_index = r0;
+  uint64_t effective_load_index = load_offset + load_index;
+
+  uint64_t store_offset = Read<uint64_t>(code);
+  uint64_t store_index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_store_index = store_offset + store_index;
+
+  if (V8_UNLIKELY(effective_load_index < load_index ||
+                  !base::IsInBounds<uint64_t>(effective_load_index, sizeof(T),
+                                              wasm_runtime->GetMemorySize()) ||
+                  effective_store_index < store_offset ||
+                  !base::IsInBounds<uint64_t>(effective_store_index, sizeof(T),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* load_address = memory_start + effective_load_index;
+  uint8_t* store_address = memory_start + effective_store_index;
+
+  base::WriteUnalignedValue<T>(
+      reinterpret_cast<Address>(store_address),
+      base::ReadUnalignedValue<T>(reinterpret_cast<Address>(load_address)));
+
+  NextOp();
+}
+static auto r2s_I32LoadStoreMem = r2s_LoadStoreMem<int32_t>;
+static auto r2s_I64LoadStoreMem = r2s_LoadStoreMem<int64_t>;
+static auto r2s_F32LoadStoreMem = r2s_LoadStoreMem<float>;
+static auto r2s_F64LoadStoreMem = r2s_LoadStoreMem<double>;
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC s2s_LoadStoreMem(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+
+  uint64_t load_offset = Read<uint64_t>(code);
+  uint64_t load_index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_load_index = load_offset + load_index;
+
+  uint64_t store_offset = Read<uint64_t>(code);
+  uint64_t store_index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_store_index = store_offset + store_index;
+
+  if (V8_UNLIKELY(effective_load_index < load_index ||
+                  !base::IsInBounds<uint64_t>(effective_load_index, sizeof(T),
+                                              wasm_runtime->GetMemorySize()) ||
+                  effective_store_index < store_offset ||
+                  !base::IsInBounds<uint64_t>(effective_store_index, sizeof(T),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* load_address = memory_start + effective_load_index;
+  uint8_t* store_address = memory_start + effective_store_index;
+
+  base::WriteUnalignedValue<T>(
+      reinterpret_cast<Address>(store_address),
+      base::ReadUnalignedValue<T>(reinterpret_cast<Address>(load_address)));
+
+  NextOp();
+}
+static auto s2s_I32LoadStoreMem = s2s_LoadStoreMem<int32_t>;
+static auto s2s_I64LoadStoreMem = s2s_LoadStoreMem<int64_t>;
+static auto s2s_F32LoadStoreMem = s2s_LoadStoreMem<float>;
+static auto s2s_F64LoadStoreMem = s2s_LoadStoreMem<double>;
+
+#endif  // V8_DRUMBRAKE_BOUNDS_CHECKS
+
+////////////////////////////////////////////////////////////////////////////////
+// Select
+
+template <typename IntT>
+INSTRUCTION_HANDLER_FUNC r2r_SelectI(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  IntT val2 = pop<IntT>(sp, code, wasm_runtime);
+  IntT val1 = pop<IntT>(sp, code, wasm_runtime);
+
+  // r0: condition
+  r0 = r0 ? val1 : val2;
+
+  NextOp();
+}
+static auto r2r_I32Select = r2r_SelectI<int32_t>;
+static auto r2r_I64Select = r2r_SelectI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC r2r_SelectF(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  FloatT val2 = pop<FloatT>(sp, code, wasm_runtime);
+  FloatT val1 = pop<FloatT>(sp, code, wasm_runtime);
+
+  // r0: condition
+  fp0 = r0 ? val1 : val2;
+
+  NextOp();
+}
+static auto r2r_F32Select = r2r_SelectF<float>;
+static auto r2r_F64Select = r2r_SelectF<double>;
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC r2s_Select(const uint8_t* code, uint32_t* sp,
+                                    WasmInterpreterRuntime* wasm_runtime,
+                                    int64_t r0, double fp0) {
+  T val2 = pop<T>(sp, code, wasm_runtime);
+  T val1 = pop<T>(sp, code, wasm_runtime);
+
+  push<T>(sp, code, wasm_runtime, r0 ? val1 : val2);
+
+  NextOp();
+}
+static auto r2s_I32Select = r2s_Select<int32_t>;
+static auto r2s_I64Select = r2s_Select<int64_t>;
+static auto r2s_F32Select = r2s_Select<float>;
+static auto r2s_F64Select = r2s_Select<double>;
+static auto r2s_S128Select = r2s_Select<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC r2s_RefSelect(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  WasmRef val2 = pop<WasmRef>(sp, code, wasm_runtime);
+  WasmRef val1 = pop<WasmRef>(sp, code, wasm_runtime);
+  push<WasmRef>(sp, code, wasm_runtime, r0 ? val1 : val2);
+
+  NextOp();
+}
+
+template <typename IntT>
+INSTRUCTION_HANDLER_FUNC s2r_SelectI(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+  IntT val2 = pop<IntT>(sp, code, wasm_runtime);
+  IntT val1 = pop<IntT>(sp, code, wasm_runtime);
+
+  r0 = cond ? val1 : val2;
+
+  NextOp();
+}
+static auto s2r_I32Select = s2r_SelectI<int32_t>;
+static auto s2r_I64Select = s2r_SelectI<int64_t>;
+
+template <typename FloatT>
+INSTRUCTION_HANDLER_FUNC s2r_SelectF(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+  FloatT val2 = pop<FloatT>(sp, code, wasm_runtime);
+  FloatT val1 = pop<FloatT>(sp, code, wasm_runtime);
+
+  fp0 = cond ? val1 : val2;
+
+  NextOp();
+}
+static auto s2r_F32Select = s2r_SelectF<float>;
+static auto s2r_F64Select = s2r_SelectF<double>;
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC s2s_Select(const uint8_t* code, uint32_t* sp,
+                                    WasmInterpreterRuntime* wasm_runtime,
+                                    int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+  T val2 = pop<T>(sp, code, wasm_runtime);
+  T val1 = pop<T>(sp, code, wasm_runtime);
+
+  push<T>(sp, code, wasm_runtime, cond ? val1 : val2);
+
+  NextOp();
+}
+static auto s2s_I32Select = s2s_Select<int32_t>;
+static auto s2s_I64Select = s2s_Select<int64_t>;
+static auto s2s_F32Select = s2s_Select<float>;
+static auto s2s_F64Select = s2s_Select<double>;
+static auto s2s_S128Select = s2s_Select<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefSelect(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+  WasmRef val2 = pop<WasmRef>(sp, code, wasm_runtime);
+  WasmRef val1 = pop<WasmRef>(sp, code, wasm_runtime);
+  push<WasmRef>(sp, code, wasm_runtime, cond ? val1 : val2);
+
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Binary arithmetic operators
+
+#define FOREACH_ARITHMETIC_BINOP(V) \
+  V(I32Add, uint32_t, r0, +, I32)   \
+  V(I32Sub, uint32_t, r0, -, I32)   \
+  V(I32Mul, uint32_t, r0, *, I32)   \
+  V(I32And, uint32_t, r0, &, I32)   \
+  V(I32Ior, uint32_t, r0, |, I32)   \
+  V(I32Xor, uint32_t, r0, ^, I32)   \
+  V(I64Add, uint64_t, r0, +, I64)   \
+  V(I64Sub, uint64_t, r0, -, I64)   \
+  V(I64Mul, uint64_t, r0, *, I64)   \
+  V(I64And, uint64_t, r0, &, I64)   \
+  V(I64Ior, uint64_t, r0, |, I64)   \
+  V(I64Xor, uint64_t, r0, ^, I64)   \
+  V(F32Add, float, fp0, +, F32)     \
+  V(F32Sub, float, fp0, -, F32)     \
+  V(F32Mul, float, fp0, *, F32)     \
+  V(F32Div, float, fp0, /, F32)     \
+  V(F64Add, double, fp0, +, F64)    \
+  V(F64Sub, double, fp0, -, F64)    \
+  V(F64Mul, double, fp0, *, F64)    \
+  V(F64Div, double, fp0, /, F64)
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    reg = static_cast<ctype>(lval op rval);                                 \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<ctype>(sp, code, wasm_runtime, lval op rval);                      \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    reg = static_cast<ctype>(lval op rval);                                 \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<ctype>(sp, code, wasm_runtime, lval op rval);                      \
+    NextOp();                                                               \
+  }
+FOREACH_ARITHMETIC_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Binary arithmetic operators that can trap
+
+#define FOREACH_SIGNED_DIV_BINOP(V) \
+  V(I32DivS, int32_t, r0, /, I32)   \
+  V(I64DivS, int64_t, r0, /, I64)
+
+#define FOREACH_UNSIGNED_DIV_BINOP(V) \
+  V(I32DivU, uint32_t, r0, /, I32)    \
+  V(I64DivU, uint64_t, r0, /, I64)
+
+#define FOREACH_REM_BINOP(V)                 \
+  V(I32RemS, int32_t, r0, ExecuteRemS, I32)  \
+  V(I64RemS, int64_t, r0, ExecuteRemS, I64)  \
+  V(I32RemU, uint32_t, r0, ExecuteRemU, I32) \
+  V(I64RemU, uint64_t, r0, ExecuteRemU, I64)
+
+#define FOREACH_TRAPPING_BINOP(V) \
+  FOREACH_SIGNED_DIV_BINOP(V)     \
+  FOREACH_UNSIGNED_DIV_BINOP(V)   \
+  FOREACH_REM_BINOP(V)
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else if (rval == -1 && lval == std::numeric_limits<ctype>::min()) {   \
+      TRAP(TrapReason::kTrapDivUnrepresentable)                             \
+    } else {                                                                \
+      reg = static_cast<ctype>(lval op rval);                               \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else if (rval == -1 && lval == std::numeric_limits<ctype>::min()) {   \
+      TRAP(TrapReason::kTrapDivUnrepresentable)                             \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, lval op rval);                    \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else if (rval == -1 && lval == std::numeric_limits<ctype>::min()) {   \
+      TRAP(TrapReason::kTrapDivUnrepresentable)                             \
+    } else {                                                                \
+      reg = static_cast<ctype>(lval op rval);                               \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else if (rval == -1 && lval == std::numeric_limits<ctype>::min()) {   \
+      TRAP(TrapReason::kTrapDivUnrepresentable)                             \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, lval op rval);                    \
+    }                                                                       \
+    NextOp();                                                               \
+  }
+FOREACH_SIGNED_DIV_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else {                                                                \
+      reg = static_cast<ctype>(lval op rval);                               \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, lval op rval);                    \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else {                                                                \
+      reg = static_cast<ctype>(lval op rval);                               \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapDivByZero)                                      \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, lval op rval);                    \
+    }                                                                       \
+    NextOp();                                                               \
+  }
+FOREACH_UNSIGNED_DIV_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapRemByZero)                                      \
+    } else {                                                                \
+      reg = static_cast<ctype>(op(lval, rval));                             \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapRemByZero)                                      \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, op(lval, rval));                  \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapRemByZero);                                     \
+    } else {                                                                \
+      reg = static_cast<ctype>(op(lval, rval));                             \
+    }                                                                       \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    if (rval == 0) {                                                        \
+      TRAP(TrapReason::kTrapRemByZero)                                      \
+    } else {                                                                \
+      push<ctype>(sp, code, wasm_runtime, op(lval, rval));                  \
+    }                                                                       \
+    NextOp();                                                               \
+  }
+FOREACH_REM_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Comparison operators
+
+#define FOREACH_COMPARISON_BINOP(V) \
+  V(I32Eq, uint32_t, r0, ==, I32)   \
+  V(I32Ne, uint32_t, r0, !=, I32)   \
+  V(I32LtU, uint32_t, r0, <, I32)   \
+  V(I32LeU, uint32_t, r0, <=, I32)  \
+  V(I32GtU, uint32_t, r0, >, I32)   \
+  V(I32GeU, uint32_t, r0, >=, I32)  \
+  V(I32LtS, int32_t, r0, <, I32)    \
+  V(I32LeS, int32_t, r0, <=, I32)   \
+  V(I32GtS, int32_t, r0, >, I32)    \
+  V(I32GeS, int32_t, r0, >=, I32)   \
+  V(I64Eq, uint64_t, r0, ==, I64)   \
+  V(I64Ne, uint64_t, r0, !=, I64)   \
+  V(I64LtU, uint64_t, r0, <, I64)   \
+  V(I64LeU, uint64_t, r0, <=, I64)  \
+  V(I64GtU, uint64_t, r0, >, I64)   \
+  V(I64GeU, uint64_t, r0, >=, I64)  \
+  V(I64LtS, int64_t, r0, <, I64)    \
+  V(I64LeS, int64_t, r0, <=, I64)   \
+  V(I64GtS, int64_t, r0, >, I64)    \
+  V(I64GeS, int64_t, r0, >=, I64)   \
+  V(F32Eq, float, fp0, ==, F32)     \
+  V(F32Ne, float, fp0, !=, F32)     \
+  V(F32Lt, float, fp0, <, F32)      \
+  V(F32Le, float, fp0, <=, F32)     \
+  V(F32Gt, float, fp0, >, F32)      \
+  V(F32Ge, float, fp0, >=, F32)     \
+  V(F64Eq, double, fp0, ==, F64)    \
+  V(F64Ne, double, fp0, !=, F64)    \
+  V(F64Lt, double, fp0, <, F64)     \
+  V(F64Le, double, fp0, <=, F64)    \
+  V(F64Gt, double, fp0, >, F64)     \
+  V(F64Ge, double, fp0, >=, F64)
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    r0 = (lval op rval) ? 1 : 0;                                            \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<int32_t>(sp, code, wasm_runtime, lval op rval ? 1 : 0);            \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    r0 = (lval op rval) ? 1 : 0;                                            \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<int32_t>(sp, code, wasm_runtime, lval op rval ? 1 : 0);            \
+    NextOp();                                                               \
+  }
+FOREACH_COMPARISON_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+////////////////////////////////////////////////////////////////////////////////
+// More binary operators
+
+#define FOREACH_MORE_BINOP(V)                                                \
+  V(I32Shl, uint32_t, r0, (lval << (rval & 31)), I32)                        \
+  V(I32ShrU, uint32_t, r0, (lval >> (rval & 31)), I32)                       \
+  V(I32ShrS, int32_t, r0, (lval >> (rval & 31)), I32)                        \
+  V(I64Shl, uint64_t, r0, (lval << (rval & 63)), I64)                        \
+  V(I64ShrU, uint64_t, r0, (lval >> (rval & 63)), I64)                       \
+  V(I64ShrS, int64_t, r0, (lval >> (rval & 63)), I64)                        \
+  V(I32Rol, uint32_t, r0, (base::bits::RotateLeft32(lval, rval & 31)), I32)  \
+  V(I32Ror, uint32_t, r0, (base::bits::RotateRight32(lval, rval & 31)), I32) \
+  V(I64Rol, uint64_t, r0, (base::bits::RotateLeft64(lval, rval & 63)), I64)  \
+  V(I64Ror, uint64_t, r0, (base::bits::RotateRight64(lval, rval & 63)), I64) \
+  V(F32Min, float, fp0, (JSMin<float>(lval, rval)), F32)                     \
+  V(F32Max, float, fp0, (JSMax<float>(lval, rval)), F32)                     \
+  V(F64Min, double, fp0, (JSMin<double>(lval, rval)), F64)                   \
+  V(F64Max, double, fp0, (JSMax<double>(lval, rval)), F64)                   \
+  V(F32CopySign, float, fp0,                                                 \
+    Float32::FromBits((base::ReadUnalignedValue<uint32_t>(                   \
+                           reinterpret_cast<Address>(&lval)) &               \
+                       ~kFloat32SignBitMask) |                               \
+                      (base::ReadUnalignedValue<uint32_t>(                   \
+                           reinterpret_cast<Address>(&rval)) &               \
+                       kFloat32SignBitMask))                                 \
+        .get_scalar(),                                                       \
+    F32)                                                                     \
+  V(F64CopySign, double, fp0,                                                \
+    Float64::FromBits((base::ReadUnalignedValue<uint64_t>(                   \
+                           reinterpret_cast<Address>(&lval)) &               \
+                       ~kFloat64SignBitMask) |                               \
+                      (base::ReadUnalignedValue<uint64_t>(                   \
+                           reinterpret_cast<Address>(&rval)) &               \
+                       kFloat64SignBitMask))                                 \
+        .get_scalar(),                                                       \
+    F64)
+
+#define DEFINE_BINOP(name, ctype, reg, op, type)                            \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    reg = static_cast<ctype>(op);                                           \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = static_cast<ctype>(reg);                                   \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<ctype>(sp, code, wasm_runtime, op);                                \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    reg = static_cast<ctype>(op);                                           \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype rval = pop<ctype>(sp, code, wasm_runtime);                        \
+    ctype lval = pop<ctype>(sp, code, wasm_runtime);                        \
+    push<ctype>(sp, code, wasm_runtime, op);                                \
+    NextOp();                                                               \
+  }
+FOREACH_MORE_BINOP(DEFINE_BINOP)
+#undef DEFINE_BINOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Unary operators
+
+#define FOREACH_SIMPLE_UNOP(V)                       \
+  V(F32Abs, float, fp0, abs(val), F32)               \
+  V(F32Neg, float, fp0, -val, F32)                   \
+  V(F32Ceil, float, fp0, ceilf(val), F32)            \
+  V(F32Floor, float, fp0, floorf(val), F32)          \
+  V(F32Trunc, float, fp0, truncf(val), F32)          \
+  V(F32NearestInt, float, fp0, nearbyintf(val), F32) \
+  V(F32Sqrt, float, fp0, sqrt(val), F32)             \
+  V(F64Abs, double, fp0, abs(val), F64)              \
+  V(F64Neg, double, fp0, (-val), F64)                \
+  V(F64Ceil, double, fp0, ceil(val), F64)            \
+  V(F64Floor, double, fp0, floor(val), F64)          \
+  V(F64Trunc, double, fp0, trunc(val), F64)          \
+  V(F64NearestInt, double, fp0, nearbyint(val), F64) \
+  V(F64Sqrt, double, fp0, sqrt(val), F64)
+
+#define DEFINE_UNOP(name, ctype, reg, op, type)                             \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = static_cast<ctype>(reg);                                    \
+    reg = static_cast<ctype>(op);                                           \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = static_cast<ctype>(reg);                                    \
+    push<ctype>(sp, code, wasm_runtime, op);                                \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = pop<ctype>(sp, code, wasm_runtime);                         \
+    reg = static_cast<ctype>(op);                                           \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = pop<ctype>(sp, code, wasm_runtime);                         \
+    push<ctype>(sp, code, wasm_runtime, op);                                \
+    NextOp();                                                               \
+  }
+FOREACH_SIMPLE_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Numeric conversion operators
+
+#define FOREACH_ADDITIONAL_CONVERT_UNOP(V) \
+  V(I32ConvertI64, int64_t, I64, r0, int32_t, I32, r0)
+
+INSTRUCTION_HANDLER_FUNC r2r_I32ConvertI64(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  r0 &= 0xffffffff;
+  NextOp();
+}
+INSTRUCTION_HANDLER_FUNC r2s_I32ConvertI64(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  push<int32_t>(sp, code, wasm_runtime, r0 & 0xffffffff);
+  NextOp();
+}
+INSTRUCTION_HANDLER_FUNC s2r_I32ConvertI64(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  r0 = 0xffffffff & pop<int64_t>(sp, code, wasm_runtime);
+  NextOp();
+}
+INSTRUCTION_HANDLER_FUNC s2s_I32ConvertI64(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  push<int32_t>(sp, code, wasm_runtime,
+                0xffffffff & pop<int64_t>(sp, code, wasm_runtime));
+  NextOp();
+}
+
+#define FOREACH_I64_CONVERT_FROM_FLOAT_UNOP(V)          \
+  V(I64SConvertF32, float, F32, fp0, int64_t, I64, r0)  \
+  V(I64SConvertF64, double, F64, fp0, int64_t, I64, r0) \
+  V(I64UConvertF32, float, F32, fp0, uint64_t, I64, r0) \
+  V(I64UConvertF64, double, F64, fp0, uint64_t, I64, r0)
+
+#define FOREACH_I32_CONVERT_FROM_FLOAT_UNOP(V)          \
+  V(I32SConvertF32, float, F32, fp0, int32_t, I32, r0)  \
+  V(I32UConvertF32, float, F32, fp0, uint32_t, I32, r0) \
+  V(I32SConvertF64, double, F64, fp0, int32_t, I32, r0) \
+  V(I32UConvertF64, double, F64, fp0, uint32_t, I32, r0)
+
+#define FOREACH_OTHER_CONVERT_UNOP(V)                     \
+  V(I64SConvertI32, int32_t, I32, r0, int64_t, I64, r0)   \
+  V(I64UConvertI32, uint32_t, I32, r0, uint64_t, I64, r0) \
+  V(F32SConvertI32, int32_t, I32, r0, float, F32, fp0)    \
+  V(F32UConvertI32, uint32_t, I32, r0, float, F32, fp0)   \
+  V(F32SConvertI64, int64_t, I64, r0, float, F32, fp0)    \
+  V(F32UConvertI64, uint64_t, I64, r0, float, F32, fp0)   \
+  V(F32ConvertF64, double, F64, fp0, float, F32, fp0)     \
+  V(F64SConvertI32, int32_t, I32, r0, double, F64, fp0)   \
+  V(F64UConvertI32, uint32_t, I32, r0, double, F64, fp0)  \
+  V(F64SConvertI64, int64_t, I64, r0, double, F64, fp0)   \
+  V(F64UConvertI64, uint64_t, I64, r0, double, F64, fp0)  \
+  V(F64ConvertF32, float, F32, fp0, double, F64, fp0)
+
+#define FOREACH_CONVERT_UNOP(V)          \
+  FOREACH_I64_CONVERT_FROM_FLOAT_UNOP(V) \
+  FOREACH_I32_CONVERT_FROM_FLOAT_UNOP(V) \
+  FOREACH_OTHER_CONVERT_UNOP(V)
+
+#define DEFINE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                    to_reg)                                                   \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    if (!base::IsValueInRangeForNumericType<to_ctype>(from_reg)) {            \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_reg = static_cast<to_ctype>(static_cast<from_ctype>(from_reg));      \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    if (!base::IsValueInRangeForNumericType<to_ctype>(from_reg)) {            \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_ctype val = static_cast<from_ctype>(from_reg);                       \
+      push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    from_ctype from_val = pop<from_ctype>(sp, code, wasm_runtime);            \
+    if (!base::IsValueInRangeForNumericType<to_ctype>(from_val)) {            \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_reg = static_cast<to_ctype>(from_val);                               \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    from_ctype from_val = pop<from_ctype>(sp, code, wasm_runtime);            \
+    if (!base::IsValueInRangeForNumericType<to_ctype>(from_val)) {            \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_ctype val = static_cast<to_ctype>(from_val);                         \
+      push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    }                                                                         \
+    NextOp();                                                                 \
+  }
+FOREACH_I64_CONVERT_FROM_FLOAT_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+#define DEFINE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                    to_reg)                                                   \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    if (!is_inbounds<to_ctype>(from_reg)) {                                   \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_reg = static_cast<to_ctype>(static_cast<from_ctype>(from_reg));      \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    if (!is_inbounds<to_ctype>(from_reg)) {                                   \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_ctype val = static_cast<from_ctype>(from_reg);                       \
+      push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    from_ctype from_val = pop<from_ctype>(sp, code, wasm_runtime);            \
+    if (!is_inbounds<to_ctype>(from_val)) {                                   \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_reg = static_cast<to_ctype>(from_val);                               \
+    }                                                                         \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    from_ctype from_val = pop<from_ctype>(sp, code, wasm_runtime);            \
+    if (!is_inbounds<to_ctype>(from_val)) {                                   \
+      TRAP(TrapReason::kTrapFloatUnrepresentable)                             \
+    } else {                                                                  \
+      to_ctype val = static_cast<to_ctype>(from_val);                         \
+      push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    }                                                                         \
+    NextOp();                                                                 \
+  }
+FOREACH_I32_CONVERT_FROM_FLOAT_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+#define DEFINE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                    to_reg)                                                   \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_reg = static_cast<to_ctype>(static_cast<from_ctype>(from_reg));        \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_ctype val = static_cast<from_ctype>(from_reg);                         \
+    push<to_ctype>(sp, code, wasm_runtime, val);                              \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_reg = static_cast<to_ctype>(pop<from_ctype>(sp, code, wasm_runtime));  \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_ctype val = pop<from_ctype>(sp, code, wasm_runtime);                   \
+    push<to_ctype>(sp, code, wasm_runtime, val);                              \
+    NextOp();                                                                 \
+  }
+FOREACH_OTHER_CONVERT_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Numeric reinterpret operators
+
+#define FOREACH_REINTERPRET_UNOP(V)                        \
+  V(F32ReinterpretI32, int32_t, I32, r0, float, F32, fp0)  \
+  V(F64ReinterpretI64, int64_t, I64, r0, double, F64, fp0) \
+  V(I32ReinterpretF32, float, F32, fp0, int32_t, I32, r0)  \
+  V(I64ReinterpretF64, double, F64, fp0, int64_t, I64, r0)
+
+#define DEFINE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type,  \
+                    to_reg)                                                    \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,       \
+                                      WasmInterpreterRuntime* wasm_runtime,    \
+                                      int64_t r0, double fp0) {                \
+    from_ctype value = static_cast<from_ctype>(from_reg);                      \
+    to_reg =                                                                   \
+        base::ReadUnalignedValue<to_ctype>(reinterpret_cast<Address>(&value)); \
+    NextOp();                                                                  \
+  }                                                                            \
+                                                                               \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,       \
+                                      WasmInterpreterRuntime* wasm_runtime,    \
+                                      int64_t r0, double fp0) {                \
+    from_ctype val = static_cast<from_ctype>(from_reg);                        \
+    push<to_ctype>(                                                            \
+        sp, code, wasm_runtime,                                                \
+        base::ReadUnalignedValue<to_ctype>(reinterpret_cast<Address>(&val)));  \
+    NextOp();                                                                  \
+  }                                                                            \
+                                                                               \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,       \
+                                      WasmInterpreterRuntime* wasm_runtime,    \
+                                      int64_t r0, double fp0) {                \
+    from_ctype val = pop<from_ctype>(sp, code, wasm_runtime);                  \
+    to_reg =                                                                   \
+        base::ReadUnalignedValue<to_ctype>(reinterpret_cast<Address>(&val));   \
+    NextOp();                                                                  \
+  }                                                                            \
+                                                                               \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,       \
+                                      WasmInterpreterRuntime* wasm_runtime,    \
+                                      int64_t r0, double fp0) {                \
+    from_ctype val = pop<from_ctype>(sp, code, wasm_runtime);                  \
+    push<to_ctype>(                                                            \
+        sp, code, wasm_runtime,                                                \
+        base::ReadUnalignedValue<to_ctype>(reinterpret_cast<Address>(&val)));  \
+    NextOp();                                                                  \
+  }
+FOREACH_REINTERPRET_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Bit operators
+
+#define FOREACH_BITS_UNOP(V)                                                   \
+  V(I32Clz, uint32_t, I32, uint32_t, I32, base::bits::CountLeadingZeros(val))  \
+  V(I32Ctz, uint32_t, I32, uint32_t, I32, base::bits::CountTrailingZeros(val)) \
+  V(I32Popcnt, uint32_t, I32, uint32_t, I32, base::bits::CountPopulation(val)) \
+  V(I32Eqz, uint32_t, I32, int32_t, I32, val == 0 ? 1 : 0)                     \
+  V(I64Clz, uint64_t, I64, uint64_t, I64, base::bits::CountLeadingZeros(val))  \
+  V(I64Ctz, uint64_t, I64, uint64_t, I64, base::bits::CountTrailingZeros(val)) \
+  V(I64Popcnt, uint64_t, I64, uint64_t, I64, base::bits::CountPopulation(val)) \
+  V(I64Eqz, uint64_t, I64, int32_t, I32, val == 0 ? 1 : 0)
+
+#define DEFINE_REG_BINOP(name, from_ctype, from_type, to_ctype, to_type, op) \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,     \
+                                      WasmInterpreterRuntime* wasm_runtime,  \
+                                      int64_t r0, double fp0) {              \
+    from_ctype val = static_cast<from_ctype>(r0);                            \
+    r0 = static_cast<to_ctype>(op);                                          \
+    NextOp();                                                                \
+  }                                                                          \
+                                                                             \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,     \
+                                      WasmInterpreterRuntime* wasm_runtime,  \
+                                      int64_t r0, double fp0) {              \
+    from_ctype val = static_cast<from_ctype>(r0);                            \
+    push<to_ctype>(sp, code, wasm_runtime, op);                              \
+    NextOp();                                                                \
+  }                                                                          \
+                                                                             \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,     \
+                                      WasmInterpreterRuntime* wasm_runtime,  \
+                                      int64_t r0, double fp0) {              \
+    from_ctype val = pop<from_ctype>(sp, code, wasm_runtime);                \
+    r0 = op;                                                                 \
+    NextOp();                                                                \
+  }                                                                          \
+                                                                             \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,     \
+                                      WasmInterpreterRuntime* wasm_runtime,  \
+                                      int64_t r0, double fp0) {              \
+    from_ctype val = pop<from_ctype>(sp, code, wasm_runtime);                \
+    push<to_ctype>(sp, code, wasm_runtime, op);                              \
+    NextOp();                                                                \
+  }
+FOREACH_BITS_UNOP(DEFINE_REG_BINOP)
+#undef DEFINE_REG_BINOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Sign extension operators
+
+#define FOREACH_EXTENSION_UNOP(V)              \
+  V(I32SExtendI8, int8_t, I32, int32_t, I32)   \
+  V(I32SExtendI16, int16_t, I32, int32_t, I32) \
+  V(I64SExtendI8, int8_t, I64, int64_t, I64)   \
+  V(I64SExtendI16, int16_t, I64, int64_t, I64) \
+  V(I64SExtendI32, int32_t, I64, int64_t, I64)
+
+#define DEFINE_UNOP(name, from_ctype, from_type, to_ctype, to_type)         \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    from_ctype val = static_cast<from_ctype>(static_cast<to_ctype>(r0));    \
+    r0 = static_cast<to_ctype>(val);                                        \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    from_ctype val = static_cast<from_ctype>(static_cast<to_ctype>(r0));    \
+    push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    from_ctype val =                                                        \
+        static_cast<from_ctype>(pop<to_ctype>(sp, code, wasm_runtime));     \
+    r0 = static_cast<to_ctype>(val);                                        \
+    NextOp();                                                               \
+  }                                                                         \
+                                                                            \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    from_ctype val =                                                        \
+        static_cast<from_ctype>(pop<to_ctype>(sp, code, wasm_runtime));     \
+    push<to_ctype>(sp, code, wasm_runtime, val);                            \
+    NextOp();                                                               \
+  }
+FOREACH_EXTENSION_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+////////////////////////////////////////////////////////////////////////////////
+// Saturated truncation operators
+
+#define FOREACH_TRUNCSAT_UNOP(V)                            \
+  V(I32SConvertSatF32, float, F32, fp0, int32_t, I32, r0)   \
+  V(I32UConvertSatF32, float, F32, fp0, uint32_t, I32, r0)  \
+  V(I32SConvertSatF64, double, F64, fp0, int32_t, I32, r0)  \
+  V(I32UConvertSatF64, double, F64, fp0, uint32_t, I32, r0) \
+  V(I64SConvertSatF32, float, F32, fp0, int64_t, I64, r0)   \
+  V(I64UConvertSatF32, float, F32, fp0, uint64_t, I64, r0)  \
+  V(I64SConvertSatF64, double, F64, fp0, int64_t, I64, r0)  \
+  V(I64UConvertSatF64, double, F64, fp0, uint64_t, I64, r0)
+
+#define DEFINE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                    to_reg)                                                   \
+  INSTRUCTION_HANDLER_FUNC r2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_reg =                                                                  \
+        base::saturated_cast<to_ctype>(static_cast<from_ctype>(from_reg));    \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC r2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_ctype val =                                                            \
+        base::saturated_cast<to_ctype>(static_cast<from_ctype>(from_reg));    \
+    push<to_ctype>(sp, code, wasm_runtime, val);                              \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2r_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_reg = base::saturated_cast<to_ctype>(                                  \
+        pop<from_ctype>(sp, code, wasm_runtime));                             \
+    NextOp();                                                                 \
+  }                                                                           \
+                                                                              \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,      \
+                                      WasmInterpreterRuntime* wasm_runtime,   \
+                                      int64_t r0, double fp0) {               \
+    to_ctype val = base::saturated_cast<to_ctype>(                            \
+        pop<from_ctype>(sp, code, wasm_runtime));                             \
+    push<to_ctype>(sp, code, wasm_runtime, val);                              \
+    NextOp();                                                                 \
+  }
+FOREACH_TRUNCSAT_UNOP(DEFINE_UNOP)
+#undef DEFINE_UNOP
+
+////////////////////////////////////////////////////////////////////////////////
+
+INSTRUCTION_HANDLER_FUNC s2s_MemoryGrow(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t delta_pages = pop<uint32_t>(sp, code, wasm_runtime);
+
+  int32_t result = wasm_runtime->MemoryGrow(delta_pages);
+
+  push<int32_t>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_MemorySize(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint64_t result = wasm_runtime->MemorySize();
+  if (wasm_runtime->IsMemory64()) {
+    push<uint64_t>(sp, code, wasm_runtime, result);
+  } else {
+    push<uint32_t>(sp, code, wasm_runtime, static_cast<uint32_t>(result));
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Return(const uint8_t* code, uint32_t* sp,
+                                    WasmInterpreterRuntime* wasm_runtime,
+                                    int64_t r0, double fp0) {
+  // Break the chain of calls.
+  ReadI32(code);
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Branch(const uint8_t* code, uint32_t* sp,
+                                    WasmInterpreterRuntime* wasm_runtime,
+                                    int64_t r0, double fp0) {
+  int32_t target_offset = ReadI32(code);
+  code += (target_offset - kCodeOffsetSize);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_BranchIf(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  int64_t cond = r0;
+
+  int32_t if_true_offset = ReadI32(code);
+  if (cond) {
+    // If condition is true, jump to the target branch.
+    code += (if_true_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BranchIf(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+
+  int32_t if_true_offset = ReadI32(code);
+  if (cond) {
+    // If condition is true, jump to the target branch.
+    code += (if_true_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_BranchIfWithParams(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int64_t cond = r0;
+
+  int32_t if_false_offset = ReadI32(code);
+  if (!cond) {
+    // If condition is not true, jump to the false branch.
+    code += (if_false_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BranchIfWithParams(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+
+  int32_t if_false_offset = ReadI32(code);
+  if (!cond) {
+    // If condition is not true, jump to the false branch.
+    code += (if_false_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_If(const uint8_t* code, uint32_t* sp,
+                                WasmInterpreterRuntime* wasm_runtime,
+                                int64_t r0, double fp0) {
+  int64_t cond = r0;
+
+  int32_t target_offset = ReadI32(code);
+  if (!cond) {
+    code += (target_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_If(const uint8_t* code, uint32_t* sp,
+                                WasmInterpreterRuntime* wasm_runtime,
+                                int64_t r0, double fp0) {
+  int32_t cond = pop<int32_t>(sp, code, wasm_runtime);
+
+  int32_t target_offset = ReadI32(code);
+  if (!cond) {
+    code += (target_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Else(const uint8_t* code, uint32_t* sp,
+                                  WasmInterpreterRuntime* wasm_runtime,
+                                  int64_t r0, double fp0) {
+  int32_t target_offset = ReadI32(code);
+  code += (target_offset - kCodeOffsetSize);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Catch(const uint8_t* code, uint32_t* sp,
+                                   WasmInterpreterRuntime* wasm_runtime,
+                                   int64_t r0, double fp0) {
+  int32_t target_offset = ReadI32(code);
+  code += (target_offset - kCodeOffsetSize);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CallFunction(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t function_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  wasm_runtime->ExecuteFunction(code, function_index, stack_pos,
+                                ref_stack_fp_offset, slot_offset,
+                                return_slot_offset);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ReturnCall(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t rets_size = ReadI32(code);
+  uint32_t args_size = ReadI32(code);
+  uint32_t rets_refs = ReadI32(code);
+  uint32_t args_refs = ReadI32(code);
+  uint32_t function_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // Moves back the stack frame to the caller stack frame.
+  wasm_runtime->UnwindCurrentStackFrame(sp, slot_offset, rets_size, args_size,
+                                        rets_refs, args_refs,
+                                        ref_stack_fp_offset);
+
+  // Do not call wasm_runtime->ExecuteFunction(), which would add a
+  // new C++ stack frame.
+  wasm_runtime->PrepareTailCall(code, function_index, stack_pos,
+                                return_slot_offset);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CallImportedFunction(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t function_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  wasm_runtime->ExecuteImportedFunction(code, function_index, stack_pos,
+                                        ref_stack_fp_offset, slot_offset,
+                                        return_slot_offset);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ReturnCallImportedFunction(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t rets_size = ReadI32(code);
+  uint32_t args_size = ReadI32(code);
+  uint32_t rets_refs = ReadI32(code);
+  uint32_t args_refs = ReadI32(code);
+  uint32_t function_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // Moves back the stack frame to the caller stack frame.
+  wasm_runtime->UnwindCurrentStackFrame(sp, slot_offset, rets_size, args_size,
+                                        rets_refs, args_refs,
+                                        ref_stack_fp_offset);
+
+  wasm_runtime->ExecuteImportedFunction(code, function_index, stack_pos, 0, 0,
+                                        return_slot_offset);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CallIndirect(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t entry_index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint32_t table_index = ReadI32(code);
+  uint32_t sig_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // This function can trap.
+  wasm_runtime->ExecuteIndirectCall(code, table_index, sig_index, entry_index,
+                                    stack_pos, sp, ref_stack_fp_offset,
+                                    slot_offset, return_slot_offset, false);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ReturnCallIndirect(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t rets_size = ReadI32(code);
+  uint32_t args_size = ReadI32(code);
+  uint32_t rets_refs = ReadI32(code);
+  uint32_t args_refs = ReadI32(code);
+  uint32_t entry_index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint32_t table_index = ReadI32(code);
+  uint32_t sig_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  // Moves back the stack frame to the caller stack frame.
+  wasm_runtime->UnwindCurrentStackFrame(sp, slot_offset, rets_size, args_size,
+                                        rets_refs, args_refs,
+                                        ref_stack_fp_offset);
+
+  // This function can trap.
+  wasm_runtime->ExecuteIndirectCall(code, table_index, sig_index, entry_index,
+                                    stack_pos, sp, 0, 0, return_slot_offset,
+                                    true);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_BrTable(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint32_t cond = static_cast<int32_t>(r0);
+
+  uint32_t table_length = ReadI32(code);
+  uint32_t index = cond < table_length ? cond : table_length;
+
+  int32_t target_offset = base::ReadUnalignedValue<int32_t>(
+      reinterpret_cast<Address>(code + index * kCodeOffsetSize));
+  code += (target_offset + index * kCodeOffsetSize);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BrTable(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint32_t cond = pop<uint32_t>(sp, code, wasm_runtime);
+
+  uint32_t table_length = ReadI32(code);
+  uint32_t index = cond < table_length ? cond : table_length;
+
+  int32_t target_offset = base::ReadUnalignedValue<int32_t>(
+      reinterpret_cast<Address>(code + index * kCodeOffsetSize));
+  code += (target_offset + index * kCodeOffsetSize);
+
+  NextOp();
+}
+
+const uint32_t kCopySlotMultiIs64Flag = 0x80000000;
+const uint32_t kCopySlotMultiIs64Mask = ~kCopySlotMultiIs64Flag;
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlotMulti(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  uint32_t params_count = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  for (uint32_t i = 0; i < params_count; i++) {
+    uint32_t from = ReadI32(code);
+    bool is_64 = from & kCopySlotMultiIs64Flag;
+    from &= kCopySlotMultiIs64Mask;
+    if (is_64) {
+      base::WriteUnalignedValue<uint64_t>(
+          reinterpret_cast<Address>(sp + to),
+          base::ReadUnalignedValue<uint64_t>(
+              reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution &&
+          v8_flags.trace_drumbrake_execution_verbose) {
+        wasm_runtime->Trace("COPYSLOT64 %d %d %" PRIx64 "\n", from, to,
+                            base::ReadUnalignedValue<uint64_t>(
+                                reinterpret_cast<Address>(sp + to)));
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+      to += sizeof(uint64_t) / sizeof(uint32_t);
+    } else {
+      base::WriteUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(sp + to),
+          base::ReadUnalignedValue<uint32_t>(
+              reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution &&
+          v8_flags.trace_drumbrake_execution_verbose) {
+        wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from, to,
+                            *reinterpret_cast<int32_t*>(sp + to));
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+      to += sizeof(uint32_t) / sizeof(uint32_t);
+    }
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot_ll(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t from0 = ReadI32(code);
+  uint32_t from1 = ReadI32(code);
+
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(sp + from0)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from0, to,
+                        *reinterpret_cast<int32_t*>(sp + to));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  to += sizeof(uint32_t) / sizeof(uint32_t);
+
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(sp + from1)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from1, to,
+                        *reinterpret_cast<int32_t*>(sp + to));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot_lq(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t from0 = ReadI32(code);
+  uint32_t from1 = ReadI32(code);
+
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(
+          reinterpret_cast<Address>(sp + from0)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from0, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  to += sizeof(uint64_t) / sizeof(uint32_t);
+
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(sp + from1)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from1, to,
+                        *reinterpret_cast<int32_t*>(sp + to));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot_ql(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t from0 = ReadI32(code);
+  uint32_t from1 = ReadI32(code);
+
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(sp + from0)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from0, to,
+                        *reinterpret_cast<int32_t*>(sp + to));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  to += sizeof(uint32_t) / sizeof(uint32_t);
+
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(
+          reinterpret_cast<Address>(sp + from1)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from1, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot_qq(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t from0 = ReadI32(code);
+  uint32_t from1 = ReadI32(code);
+
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(
+          reinterpret_cast<Address>(sp + from0)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from0, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  to += sizeof(uint64_t) / sizeof(uint32_t);
+
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(
+          reinterpret_cast<Address>(sp + from1)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from1, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot32(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOT32 %d %d %08x\n", from, to,
+                        *reinterpret_cast<int32_t*>(sp + to));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot32x2(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + from)));
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT32 %d %d %08x\n", from, to,
+        base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  from = ReadI32(code);
+  to = ReadI32(code);
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + from)));
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT32 %d %d %08x\n", from, to,
+        base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot64(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot128(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<Simd128>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<Simd128>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT128 %d %d %" PRIx64 "`%" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)),
+        base::ReadUnalignedValue<uint64_t>(
+            reinterpret_cast<Address>(sp + to + sizeof(uint64_t))));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlot64x2(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + from)));
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  from = ReadI32(code);
+  to = ReadI32(code);
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + from)));
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYSLOT64 %d %d %" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CopySlotRef(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  wasm_runtime->StoreWasmRef(to, wasm_runtime->ExtractWasmRef(from));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("COPYSLOTREF %d %d\n", from, to);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_PreserveCopySlot32(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<uint32_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYSLOT32 %d %d %08x\n", from, to,
+        base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_PreserveCopySlot64(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<uint64_t>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYSLOT64 %d %d %" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_PreserveCopySlot128(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+
+  base::WriteUnalignedValue<Simd128>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<Simd128>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<Simd128>(
+      reinterpret_cast<Address>(sp + to),
+      base::ReadUnalignedValue<Simd128>(reinterpret_cast<Address>(sp + from)));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYSLOT64 %d %d %" PRIx64 "`%" PRIx64 "\n", from, to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)),
+        base::ReadUnalignedValue<uint64_t>(
+            reinterpret_cast<Address>(sp + to + sizeof(uint64_t))));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_PreserveCopySlotRef(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t from = ReadI32(code);
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+
+  wasm_runtime->StoreWasmRef(preserve, wasm_runtime->ExtractWasmRef(to));
+  wasm_runtime->StoreWasmRef(to, wasm_runtime->ExtractWasmRef(from));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace("PRESERVECOPYSLOTREF %d %d\n", from, to);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_CopyR0ToSlot32(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to),
+                                     static_cast<int32_t>(r0));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYR0TOSLOT32 %d %08x\n", to,
+        base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_CopyR0ToSlot64(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<int64_t>(reinterpret_cast<Address>(sp + to), r0);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYR0TOSLOT64 %d %" PRIx64 "\n", to,
+        base::ReadUnalignedValue<int64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_CopyFp0ToSlot32(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<float>(reinterpret_cast<Address>(sp + to),
+                                   static_cast<float>(fp0));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYFP0TOSLOT32 %d %08x\n", to,
+        base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_CopyFp0ToSlot64(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  base::WriteUnalignedValue<double>(reinterpret_cast<Address>(sp + to), fp0);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "COPYFP0TOSLOT64 %d %" PRIx64 "\n", to,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_PreserveCopyR0ToSlot32(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+  base::WriteUnalignedValue<int32_t>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<int32_t>(reinterpret_cast<Address>(sp + to),
+                                     static_cast<int32_t>(r0));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYR0TOSLOT32 %d %d %08x\n", to, preserve,
+        base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_PreserveCopyR0ToSlot64(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+  base::WriteUnalignedValue<int64_t>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<int64_t>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<int64_t>(reinterpret_cast<Address>(sp + to), r0);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYR0TOSLOT64 %d %d %" PRIx64 "\n", to, preserve,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_PreserveCopyFp0ToSlot32(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+  base::WriteUnalignedValue<float>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<float>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<float>(reinterpret_cast<Address>(sp + to),
+                                   static_cast<float>(fp0));
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYFP0TOSLOT32 %d %d %08x\n", to, preserve,
+        base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC r2s_PreserveCopyFp0ToSlot64(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t to = ReadI32(code);
+  uint32_t preserve = ReadI32(code);
+  base::WriteUnalignedValue<double>(
+      reinterpret_cast<Address>(sp + preserve),
+      base::ReadUnalignedValue<double>(reinterpret_cast<Address>(sp + to)));
+  base::WriteUnalignedValue<double>(reinterpret_cast<Address>(sp + to), fp0);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    wasm_runtime->Trace(
+        "PRESERVECOPYFP0TOSLOT64 %d %d %" PRIx64 "\n", to, preserve,
+        base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(sp + to)));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefNull(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  push<WasmRef>(
+      sp, code, wasm_runtime,
+      handle(wasm_runtime->GetNullValue(ref_type), wasm_runtime->GetIsolate()));
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefIsNull(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, wasm_runtime->IsRefNull(ref) ? 1 : 0);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefFunc(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+  push<WasmRef>(sp, code, wasm_runtime, wasm_runtime->GetFunctionRef(index));
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefEq(const uint8_t* code, uint32_t* sp,
+                                   WasmInterpreterRuntime* wasm_runtime,
+                                   int64_t r0, double fp0) {
+  WasmRef lhs = pop<WasmRef>(sp, code, wasm_runtime);
+  WasmRef rhs = pop<WasmRef>(sp, code, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, lhs.is_identical_to(rhs) ? 1 : 0);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_MemoryInit(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint32_t data_segment_index = ReadI32(code);
+  uint64_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t src = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t dst = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->MemoryInit(code, data_segment_index, dst, src, size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_DataDrop(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+
+  wasm_runtime->DataDrop(index);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_MemoryCopy(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint64_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t src = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t dst = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->MemoryCopy(code, dst, src, size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_MemoryFill(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0) {
+  uint64_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  uint32_t value = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t dst = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->MemoryFill(code, dst, value, size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableGet(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+  uint32_t entry_index = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  WasmRef ref;
+  if (wasm_runtime->TableGet(code, table_index, entry_index, &ref)) {
+    push<WasmRef>(sp, code, wasm_runtime, ref);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableSet(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  uint32_t entry_index = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->TableSet(code, table_index, entry_index, ref);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableInit(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+  uint32_t element_segment_index = ReadI32(code);
+  uint32_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  uint32_t src = pop<uint32_t>(sp, code, wasm_runtime);
+  uint32_t dst = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->TableInit(code, table_index, element_segment_index, dst, src,
+                          size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ElemDrop(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+
+  wasm_runtime->ElemDrop(index);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableCopy(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t dst_table_index = ReadI32(code);
+  uint32_t src_table_index = ReadI32(code);
+  auto size = pop<uint32_t>(sp, code, wasm_runtime);
+  auto src = pop<uint32_t>(sp, code, wasm_runtime);
+  auto dst = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->TableCopy(code, dst_table_index, src_table_index, dst, src,
+                          size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableGrow(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+  uint32_t delta = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef value = pop<WasmRef>(sp, code, wasm_runtime);
+
+  uint32_t result = wasm_runtime->TableGrow(table_index, delta, value);
+  push<int32_t>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableSize(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+
+  uint32_t size = wasm_runtime->TableSize(table_index);
+  push<int32_t>(sp, code, wasm_runtime, size);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TableFill(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t table_index = ReadI32(code);
+  uint32_t count = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef value = pop<WasmRef>(sp, code, wasm_runtime);
+  uint32_t start = pop<uint32_t>(sp, code, wasm_runtime);
+
+  // This function can trap.
+  wasm_runtime->TableFill(code, table_index, count, value, start);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Unreachable(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0){
+    TRAP(TrapReason::kTrapUnreachable)}
+
+INSTRUCTION_HANDLER_FUNC
+    s2s_Unwind(const uint8_t* code, uint32_t* sp,
+               WasmInterpreterRuntime* wasm_runtime, int64_t r0, double fp0) {
+  // Break the chain of calls.
+}
+PWasmOp* s_unwind_func_addr = s2s_Unwind;
+InstructionHandler s_unwind_code = InstructionHandler::k_s2s_Unwind;
+
+INSTRUCTION_HANDLER_FUNC s2s_OnLoopBackwardJump(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  wasm_runtime->ResetCurrentHandleScope();
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Nop(const uint8_t* code, uint32_t* sp,
+                                 WasmInterpreterRuntime* wasm_runtime,
+                                 int64_t r0, double fp0) {
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// Atomics operators
+
+INSTRUCTION_HANDLER_FUNC s2s_AtomicNotify(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  int32_t val = pop<int32_t>(sp, code, wasm_runtime);
+
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+  // Check alignment.
+  const uint32_t align_mask = sizeof(int32_t) - 1;
+  if (V8_UNLIKELY((effective_index & align_mask) != 0)) {
+    TRAP(TrapReason::kTrapUnalignedAccess)
+  }
+  // Check bounds.
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(uint64_t),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  int32_t result = wasm_runtime->AtomicNotify(effective_index, val);
+  push<int32_t>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_I32AtomicWait(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  int64_t timeout = pop<int64_t>(sp, code, wasm_runtime);
+  int32_t val = pop<int32_t>(sp, code, wasm_runtime);
+
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+  // Check alignment.
+  const uint32_t align_mask = sizeof(int32_t) - 1;
+  if (V8_UNLIKELY((effective_index & align_mask) != 0)) {
+    TRAP(TrapReason::kTrapUnalignedAccess)
+  }
+  // Check bounds.
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(uint64_t),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+  // Check atomics wait allowed.
+  if (!wasm_runtime->AllowsAtomicsWait()) {
+    TRAP(TrapReason::kTrapUnreachable)
+  }
+
+  int32_t result = wasm_runtime->I32AtomicWait(effective_index, val, timeout);
+  push<int32_t>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_I64AtomicWait(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  int64_t timeout = pop<int64_t>(sp, code, wasm_runtime);
+  int64_t val = pop<int64_t>(sp, code, wasm_runtime);
+
+  uint64_t offset = Read<uint64_t>(code);
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+  // Check alignment.
+  const uint32_t align_mask = sizeof(int64_t) - 1;
+  if (V8_UNLIKELY((effective_index & align_mask) != 0)) {
+    TRAP(TrapReason::kTrapUnalignedAccess)
+  }
+  // Check bounds.
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(uint64_t),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+  // Check atomics wait allowed.
+  if (!wasm_runtime->AllowsAtomicsWait()) {
+    TRAP(TrapReason::kTrapUnreachable)
+  }
+
+  int32_t result = wasm_runtime->I64AtomicWait(effective_index, val, timeout);
+  push<int32_t>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_AtomicFence(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  std::atomic_thread_fence(std::memory_order_seq_cst);
+  NextOp();
+}
+
+#define FOREACH_ATOMIC_BINOP(V)                                                \
+  V(I32AtomicAdd, Uint32, uint32_t, I32, uint32_t, I32, std::atomic_fetch_add) \
+  V(I32AtomicAdd8U, Uint8, uint8_t, I32, uint32_t, I32, std::atomic_fetch_add) \
+  V(I32AtomicAdd16U, Uint16, uint16_t, I32, uint32_t, I32,                     \
+    std::atomic_fetch_add)                                                     \
+  V(I32AtomicSub, Uint32, uint32_t, I32, uint32_t, I32, std::atomic_fetch_sub) \
+  V(I32AtomicSub8U, Uint8, uint8_t, I32, uint32_t, I32, std::atomic_fetch_sub) \
+  V(I32AtomicSub16U, Uint16, uint16_t, I32, uint32_t, I32,                     \
+    std::atomic_fetch_sub)                                                     \
+  V(I32AtomicAnd, Uint32, uint32_t, I32, uint32_t, I32, std::atomic_fetch_and) \
+  V(I32AtomicAnd8U, Uint8, uint8_t, I32, uint32_t, I32, std::atomic_fetch_and) \
+  V(I32AtomicAnd16U, Uint16, uint16_t, I32, uint32_t, I32,                     \
+    std::atomic_fetch_and)                                                     \
+  V(I32AtomicOr, Uint32, uint32_t, I32, uint32_t, I32, std::atomic_fetch_or)   \
+  V(I32AtomicOr8U, Uint8, uint8_t, I32, uint32_t, I32, std::atomic_fetch_or)   \
+  V(I32AtomicOr16U, Uint16, uint16_t, I32, uint32_t, I32,                      \
+    std::atomic_fetch_or)                                                      \
+  V(I32AtomicXor, Uint32, uint32_t, I32, uint32_t, I32, std::atomic_fetch_xor) \
+  V(I32AtomicXor8U, Uint8, uint8_t, I32, uint32_t, I32, std::atomic_fetch_xor) \
+  V(I32AtomicXor16U, Uint16, uint16_t, I32, uint32_t, I32,                     \
+    std::atomic_fetch_xor)                                                     \
+  V(I32AtomicExchange, Uint32, uint32_t, I32, uint32_t, I32,                   \
+    std::atomic_exchange)                                                      \
+  V(I32AtomicExchange8U, Uint8, uint8_t, I32, uint32_t, I32,                   \
+    std::atomic_exchange)                                                      \
+  V(I32AtomicExchange16U, Uint16, uint16_t, I32, uint32_t, I32,                \
+    std::atomic_exchange)                                                      \
+  V(I64AtomicAdd, Uint64, uint64_t, I64, uint64_t, I64, std::atomic_fetch_add) \
+  V(I64AtomicAdd8U, Uint8, uint8_t, I32, uint64_t, I64, std::atomic_fetch_add) \
+  V(I64AtomicAdd16U, Uint16, uint16_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_add)                                                     \
+  V(I64AtomicAdd32U, Uint32, uint32_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_add)                                                     \
+  V(I64AtomicSub, Uint64, uint64_t, I64, uint64_t, I64, std::atomic_fetch_sub) \
+  V(I64AtomicSub8U, Uint8, uint8_t, I32, uint64_t, I64, std::atomic_fetch_sub) \
+  V(I64AtomicSub16U, Uint16, uint16_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_sub)                                                     \
+  V(I64AtomicSub32U, Uint32, uint32_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_sub)                                                     \
+  V(I64AtomicAnd, Uint64, uint64_t, I64, uint64_t, I64, std::atomic_fetch_and) \
+  V(I64AtomicAnd8U, Uint8, uint8_t, I32, uint64_t, I64, std::atomic_fetch_and) \
+  V(I64AtomicAnd16U, Uint16, uint16_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_and)                                                     \
+  V(I64AtomicAnd32U, Uint32, uint32_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_and)                                                     \
+  V(I64AtomicOr, Uint64, uint64_t, I64, uint64_t, I64, std::atomic_fetch_or)   \
+  V(I64AtomicOr8U, Uint8, uint8_t, I32, uint64_t, I64, std::atomic_fetch_or)   \
+  V(I64AtomicOr16U, Uint16, uint16_t, I32, uint64_t, I64,                      \
+    std::atomic_fetch_or)                                                      \
+  V(I64AtomicOr32U, Uint32, uint32_t, I32, uint64_t, I64,                      \
+    std::atomic_fetch_or)                                                      \
+  V(I64AtomicXor, Uint64, uint64_t, I64, uint64_t, I64, std::atomic_fetch_xor) \
+  V(I64AtomicXor8U, Uint8, uint8_t, I32, uint64_t, I64, std::atomic_fetch_xor) \
+  V(I64AtomicXor16U, Uint16, uint16_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_xor)                                                     \
+  V(I64AtomicXor32U, Uint32, uint32_t, I32, uint64_t, I64,                     \
+    std::atomic_fetch_xor)                                                     \
+  V(I64AtomicExchange, Uint64, uint64_t, I64, uint64_t, I64,                   \
+    std::atomic_exchange)                                                      \
+  V(I64AtomicExchange8U, Uint8, uint8_t, I32, uint64_t, I64,                   \
+    std::atomic_exchange)                                                      \
+  V(I64AtomicExchange16U, Uint16, uint16_t, I32, uint64_t, I64,                \
+    std::atomic_exchange)                                                      \
+  V(I64AtomicExchange32U, Uint32, uint32_t, I32, uint64_t, I64,                \
+    std::atomic_exchange)
+
+#define ATOMIC_BINOP(name, Type, ctype, type, op_ctype, op_type, operation) \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = static_cast<ctype>(pop<op_ctype>(sp, code, wasm_runtime));  \
+                                                                            \
+    uint64_t offset = Read<uint64_t>(code);                                 \
+    uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);                 \
+    uint64_t effective_index = offset + index;                              \
+    /* Check alignment. */                                                  \
+    if (V8_UNLIKELY(!IsAligned(effective_index, sizeof(ctype)))) {          \
+      TRAP(TrapReason::kTrapUnalignedAccess)                                \
+    }                                                                       \
+    /* Check bounds. */                                                     \
+    if (V8_UNLIKELY(                                                        \
+            effective_index < index ||                                      \
+            !base::IsInBounds<uint64_t>(effective_index, sizeof(ctype),     \
+                                        wasm_runtime->GetMemorySize()))) {  \
+      TRAP(TrapReason::kTrapMemOutOfBounds)                                 \
+    }                                                                       \
+    static_assert(sizeof(std::atomic<ctype>) == sizeof(ctype),              \
+                  "Size mismatch for types std::atomic<" #ctype             \
+                  ">, and " #ctype);                                        \
+                                                                            \
+    uint8_t* memory_start = wasm_runtime->GetMemoryStart();                 \
+    uint8_t* address = memory_start + effective_index;                      \
+    op_ctype result = static_cast<op_ctype>(                                \
+        operation(reinterpret_cast<std::atomic<ctype>*>(address), val));    \
+    push<op_ctype>(sp, code, wasm_runtime, result);                         \
+    NextOp();                                                               \
+  }
+FOREACH_ATOMIC_BINOP(ATOMIC_BINOP)
+#undef ATOMIC_BINOP
+
+#define FOREACH_ATOMIC_COMPARE_EXCHANGE_OP(V)                          \
+  V(I32AtomicCompareExchange, Uint32, uint32_t, I32, uint32_t, I32)    \
+  V(I32AtomicCompareExchange8U, Uint8, uint8_t, I32, uint32_t, I32)    \
+  V(I32AtomicCompareExchange16U, Uint16, uint16_t, I32, uint32_t, I32) \
+  V(I64AtomicCompareExchange, Uint64, uint64_t, I64, uint64_t, I64)    \
+  V(I64AtomicCompareExchange8U, Uint8, uint8_t, I32, uint64_t, I64)    \
+  V(I64AtomicCompareExchange16U, Uint16, uint16_t, I32, uint64_t, I64) \
+  V(I64AtomicCompareExchange32U, Uint32, uint32_t, I32, uint64_t, I64)
+
+#define ATOMIC_COMPARE_EXCHANGE_OP(name, Type, ctype, type, op_ctype, op_type) \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,       \
+                                      WasmInterpreterRuntime* wasm_runtime,    \
+                                      int64_t r0, double fp0) {                \
+    ctype new_val = static_cast<ctype>(pop<op_ctype>(sp, code, wasm_runtime)); \
+    ctype old_val = static_cast<ctype>(pop<op_ctype>(sp, code, wasm_runtime)); \
+                                                                               \
+    uint64_t offset = Read<uint64_t>(code);                                    \
+    uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);                    \
+    uint64_t effective_index = offset + index;                                 \
+    /* Check alignment. */                                                     \
+    if (V8_UNLIKELY(!IsAligned(effective_index, sizeof(ctype)))) {             \
+      TRAP(TrapReason::kTrapUnalignedAccess)                                   \
+    }                                                                          \
+    /* Check bounds. */                                                        \
+    if (V8_UNLIKELY(                                                           \
+            effective_index < index ||                                         \
+            !base::IsInBounds<uint64_t>(effective_index, sizeof(ctype),        \
+                                        wasm_runtime->GetMemorySize()))) {     \
+      TRAP(TrapReason::kTrapMemOutOfBounds)                                    \
+    }                                                                          \
+    static_assert(sizeof(std::atomic<ctype>) == sizeof(ctype),                 \
+                  "Size mismatch for types std::atomic<" #ctype                \
+                  ">, and " #ctype);                                           \
+                                                                               \
+    uint8_t* memory_start = wasm_runtime->GetMemoryStart();                    \
+    uint8_t* address = memory_start + effective_index;                         \
+                                                                               \
+    std::atomic_compare_exchange_strong(                                       \
+        reinterpret_cast<std::atomic<ctype>*>(address), &old_val, new_val);    \
+    push<op_ctype>(sp, code, wasm_runtime, static_cast<op_ctype>(old_val));    \
+    NextOp();                                                                  \
+  }
+FOREACH_ATOMIC_COMPARE_EXCHANGE_OP(ATOMIC_COMPARE_EXCHANGE_OP)
+#undef ATOMIC_COMPARE_EXCHANGE_OP
+
+#define FOREACH_ATOMIC_LOAD_OP(V)                           \
+  V(I32AtomicLoad, Uint32, uint32_t, I32, uint32_t, I32)    \
+  V(I32AtomicLoad8U, Uint8, uint8_t, I32, uint32_t, I32)    \
+  V(I32AtomicLoad16U, Uint16, uint16_t, I32, uint32_t, I32) \
+  V(I64AtomicLoad, Uint64, uint64_t, I64, uint64_t, I64)    \
+  V(I64AtomicLoad8U, Uint8, uint8_t, I32, uint64_t, I64)    \
+  V(I64AtomicLoad16U, Uint16, uint16_t, I32, uint64_t, I64) \
+  V(I64AtomicLoad32U, Uint32, uint32_t, I32, uint64_t, I64)
+
+#define ATOMIC_LOAD_OP(name, Type, ctype, type, op_ctype, op_type)          \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    uint64_t offset = Read<uint64_t>(code);                                 \
+    uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);                 \
+    uint64_t effective_index = offset + index;                              \
+    /* Check alignment. */                                                  \
+    if (V8_UNLIKELY(!IsAligned(effective_index, sizeof(ctype)))) {          \
+      TRAP(TrapReason::kTrapUnalignedAccess)                                \
+    }                                                                       \
+    /* Check bounds. */                                                     \
+    if (V8_UNLIKELY(                                                        \
+            effective_index < index ||                                      \
+            !base::IsInBounds<uint64_t>(effective_index, sizeof(ctype),     \
+                                        wasm_runtime->GetMemorySize()))) {  \
+      TRAP(TrapReason::kTrapMemOutOfBounds)                                 \
+    }                                                                       \
+    static_assert(sizeof(std::atomic<ctype>) == sizeof(ctype),              \
+                  "Size mismatch for types std::atomic<" #ctype             \
+                  ">, and " #ctype);                                        \
+                                                                            \
+    uint8_t* memory_start = wasm_runtime->GetMemoryStart();                 \
+    uint8_t* address = memory_start + effective_index;                      \
+                                                                            \
+    ctype val =                                                             \
+        std::atomic_load(reinterpret_cast<std::atomic<ctype>*>(address));   \
+    push<op_ctype>(sp, code, wasm_runtime, static_cast<op_ctype>(val));     \
+    NextOp();                                                               \
+  }
+FOREACH_ATOMIC_LOAD_OP(ATOMIC_LOAD_OP)
+#undef ATOMIC_LOAD_OP
+
+#define FOREACH_ATOMIC_STORE_OP(V)                           \
+  V(I32AtomicStore, Uint32, uint32_t, I32, uint32_t, I32)    \
+  V(I32AtomicStore8U, Uint8, uint8_t, I32, uint32_t, I32)    \
+  V(I32AtomicStore16U, Uint16, uint16_t, I32, uint32_t, I32) \
+  V(I64AtomicStore, Uint64, uint64_t, I64, uint64_t, I64)    \
+  V(I64AtomicStore8U, Uint8, uint8_t, I32, uint64_t, I64)    \
+  V(I64AtomicStore16U, Uint16, uint16_t, I32, uint64_t, I64) \
+  V(I64AtomicStore32U, Uint32, uint32_t, I32, uint64_t, I64)
+
+#define ATOMIC_STORE_OP(name, Type, ctype, type, op_ctype, op_type)         \
+  INSTRUCTION_HANDLER_FUNC s2s_##name(const uint8_t* code, uint32_t* sp,    \
+                                      WasmInterpreterRuntime* wasm_runtime, \
+                                      int64_t r0, double fp0) {             \
+    ctype val = static_cast<ctype>(pop<op_ctype>(sp, code, wasm_runtime));  \
+                                                                            \
+    uint64_t offset = Read<uint64_t>(code);                                 \
+    uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);                 \
+    uint64_t effective_index = offset + index;                              \
+    /* Check alignment. */                                                  \
+    if (V8_UNLIKELY(!IsAligned(effective_index, sizeof(ctype)))) {          \
+      TRAP(TrapReason::kTrapUnalignedAccess)                                \
+    }                                                                       \
+    /* Check bounds. */                                                     \
+    if (V8_UNLIKELY(                                                        \
+            effective_index < index ||                                      \
+            !base::IsInBounds<uint64_t>(effective_index, sizeof(ctype),     \
+                                        wasm_runtime->GetMemorySize()))) {  \
+      TRAP(TrapReason::kTrapMemOutOfBounds)                                 \
+    }                                                                       \
+    static_assert(sizeof(std::atomic<ctype>) == sizeof(ctype),              \
+                  "Size mismatch for types std::atomic<" #ctype             \
+                  ">, and " #ctype);                                        \
+                                                                            \
+    uint8_t* memory_start = wasm_runtime->GetMemoryStart();                 \
+    uint8_t* address = memory_start + effective_index;                      \
+                                                                            \
+    std::atomic_store(reinterpret_cast<std::atomic<ctype>*>(address), val); \
+    NextOp();                                                               \
+  }
+FOREACH_ATOMIC_STORE_OP(ATOMIC_STORE_OP)
+#undef ATOMIC_STORE_OP
+
+////////////////////////////////////////////////////////////////////////////////
+// SIMD instructions.
+
+#if V8_TARGET_BIG_ENDIAN
+#define LANE(i, type) ((sizeof(type.val) / sizeof(type.val[0])) - (i)-1)
+#else
+#define LANE(i, type) (i)
+#endif
+
+#define SPLAT_CASE(format, stype, valType, op_type, num)                       \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##format##Splat(                            \
+      const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime, \
+      int64_t r0, double fp0) {                                                \
+    valType v = pop<valType>(sp, code, wasm_runtime);                          \
+    stype s;                                                                   \
+    for (int i = 0; i < num; i++) s.val[i] = v;                                \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(s));                         \
+    NextOp();                                                                  \
+  }
+SPLAT_CASE(F64x2, float64x2, double, F64, 2)
+SPLAT_CASE(F32x4, float32x4, float, F32, 4)
+SPLAT_CASE(I64x2, int64x2, int64_t, I64, 2)
+SPLAT_CASE(I32x4, int32x4, int32_t, I32, 4)
+SPLAT_CASE(I16x8, int16x8, int32_t, I32, 8)
+SPLAT_CASE(I8x16, int8x16, int32_t, I32, 16)
+#undef SPLAT_CASE
+
+#define EXTRACT_LANE_CASE(format, stype, op_type, name)                        \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##format##ExtractLane(                      \
+      const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime, \
+      int64_t r0, double fp0) {                                                \
+    uint16_t lane = ReadI16(code);                                             \
+    DCHECK_LT(lane, 4);                                                        \
+    Simd128 v = pop<Simd128>(sp, code, wasm_runtime);                          \
+    stype s = v.to_##name();                                                   \
+    push(sp, code, wasm_runtime, s.val[LANE(lane, s)]);                        \
+    NextOp();                                                                  \
+  }
+EXTRACT_LANE_CASE(F64x2, float64x2, F64, f64x2)
+EXTRACT_LANE_CASE(F32x4, float32x4, F32, f32x4)
+EXTRACT_LANE_CASE(I64x2, int64x2, I64, i64x2)
+EXTRACT_LANE_CASE(I32x4, int32x4, I32, i32x4)
+#undef EXTRACT_LANE_CASE
+
+// Unsigned extracts require a bit more care. The underlying array in Simd128 is
+// signed (see wasm-value.h), so when casted to uint32_t it will be signed
+// extended, e.g. int8_t -> int32_t -> uint32_t. So for unsigned extracts, we
+// will cast it int8_t -> uint8_t -> uint32_t. We add the DCHECK to ensure that
+// if the array type changes, we know to change this function.
+#define EXTRACT_LANE_EXTEND_CASE(format, stype, name, sign, extended_type)     \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##format##ExtractLane##sign(                \
+      const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime, \
+      int64_t r0, double fp0) {                                                \
+    uint16_t lane = ReadI16(code);                                             \
+    DCHECK_LT(lane, 16);                                                       \
+    Simd128 s = pop<Simd128>(sp, code, wasm_runtime);                          \
+    stype ss = s.to_##name();                                                  \
+    auto res = ss.val[LANE(lane, ss)];                                         \
+    DCHECK(std::is_signed<decltype(res)>::value);                              \
+    if (std::is_unsigned<extended_type>::value) {                              \
+      using unsigned_type = std::make_unsigned<decltype(res)>::type;           \
+      push(sp, code, wasm_runtime,                                             \
+           static_cast<extended_type>(static_cast<unsigned_type>(res)));       \
+    } else {                                                                   \
+      push(sp, code, wasm_runtime, static_cast<extended_type>(res));           \
+    }                                                                          \
+    NextOp();                                                                  \
+  }
+EXTRACT_LANE_EXTEND_CASE(I16x8, int16x8, i16x8, S, int32_t)
+EXTRACT_LANE_EXTEND_CASE(I16x8, int16x8, i16x8, U, uint32_t)
+EXTRACT_LANE_EXTEND_CASE(I8x16, int8x16, i8x16, S, int32_t)
+EXTRACT_LANE_EXTEND_CASE(I8x16, int8x16, i8x16, U, uint32_t)
+#undef EXTRACT_LANE_EXTEND_CASE
+
+#define BINOP_CASE(op, name, stype, count, expr)                              \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype s2 = pop<Simd128>(sp, code, wasm_runtime).to_##name();              \
+    stype s1 = pop<Simd128>(sp, code, wasm_runtime).to_##name();              \
+    stype res;                                                                \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      auto a = s1.val[LANE(i, s1)];                                           \
+      auto b = s2.val[LANE(i, s2)];                                           \
+      res.val[LANE(i, res)] = expr;                                           \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+BINOP_CASE(F64x2Add, f64x2, float64x2, 2, a + b)
+BINOP_CASE(F64x2Sub, f64x2, float64x2, 2, a - b)
+BINOP_CASE(F64x2Mul, f64x2, float64x2, 2, a* b)
+BINOP_CASE(F64x2Div, f64x2, float64x2, 2, base::Divide(a, b))
+BINOP_CASE(F64x2Min, f64x2, float64x2, 2, JSMin(a, b))
+BINOP_CASE(F64x2Max, f64x2, float64x2, 2, JSMax(a, b))
+BINOP_CASE(F64x2Pmin, f64x2, float64x2, 2, std::min(a, b))
+BINOP_CASE(F64x2Pmax, f64x2, float64x2, 2, std::max(a, b))
+BINOP_CASE(F32x4RelaxedMin, f32x4, float32x4, 4, std::min(a, b))
+BINOP_CASE(F32x4RelaxedMax, f32x4, float32x4, 4, std::max(a, b))
+BINOP_CASE(F64x2RelaxedMin, f64x2, float64x2, 2, std::min(a, b))
+BINOP_CASE(F64x2RelaxedMax, f64x2, float64x2, 2, std::max(a, b))
+BINOP_CASE(F32x4Add, f32x4, float32x4, 4, a + b)
+BINOP_CASE(F32x4Sub, f32x4, float32x4, 4, a - b)
+BINOP_CASE(F32x4Mul, f32x4, float32x4, 4, a* b)
+BINOP_CASE(F32x4Div, f32x4, float32x4, 4, a / b)
+BINOP_CASE(F32x4Min, f32x4, float32x4, 4, JSMin(a, b))
+BINOP_CASE(F32x4Max, f32x4, float32x4, 4, JSMax(a, b))
+BINOP_CASE(F32x4Pmin, f32x4, float32x4, 4, std::min(a, b))
+BINOP_CASE(F32x4Pmax, f32x4, float32x4, 4, std::max(a, b))
+BINOP_CASE(I64x2Add, i64x2, int64x2, 2, base::AddWithWraparound(a, b))
+BINOP_CASE(I64x2Sub, i64x2, int64x2, 2, base::SubWithWraparound(a, b))
+BINOP_CASE(I64x2Mul, i64x2, int64x2, 2, base::MulWithWraparound(a, b))
+BINOP_CASE(I32x4Add, i32x4, int32x4, 4, base::AddWithWraparound(a, b))
+BINOP_CASE(I32x4Sub, i32x4, int32x4, 4, base::SubWithWraparound(a, b))
+BINOP_CASE(I32x4Mul, i32x4, int32x4, 4, base::MulWithWraparound(a, b))
+BINOP_CASE(I32x4MinS, i32x4, int32x4, 4, a < b ? a : b)
+BINOP_CASE(I32x4MinU, i32x4, int32x4, 4,
+           static_cast<uint32_t>(a) < static_cast<uint32_t>(b) ? a : b)
+BINOP_CASE(I32x4MaxS, i32x4, int32x4, 4, a > b ? a : b)
+BINOP_CASE(I32x4MaxU, i32x4, int32x4, 4,
+           static_cast<uint32_t>(a) > static_cast<uint32_t>(b) ? a : b)
+BINOP_CASE(S128And, i32x4, int32x4, 4, a& b)
+BINOP_CASE(S128Or, i32x4, int32x4, 4, a | b)
+BINOP_CASE(S128Xor, i32x4, int32x4, 4, a ^ b)
+BINOP_CASE(S128AndNot, i32x4, int32x4, 4, a & ~b)
+BINOP_CASE(I16x8Add, i16x8, int16x8, 8, base::AddWithWraparound(a, b))
+BINOP_CASE(I16x8Sub, i16x8, int16x8, 8, base::SubWithWraparound(a, b))
+BINOP_CASE(I16x8Mul, i16x8, int16x8, 8, base::MulWithWraparound(a, b))
+BINOP_CASE(I16x8MinS, i16x8, int16x8, 8, a < b ? a : b)
+BINOP_CASE(I16x8MinU, i16x8, int16x8, 8,
+           static_cast<uint16_t>(a) < static_cast<uint16_t>(b) ? a : b)
+BINOP_CASE(I16x8MaxS, i16x8, int16x8, 8, a > b ? a : b)
+BINOP_CASE(I16x8MaxU, i16x8, int16x8, 8,
+           static_cast<uint16_t>(a) > static_cast<uint16_t>(b) ? a : b)
+BINOP_CASE(I16x8AddSatS, i16x8, int16x8, 8, SaturateAdd<int16_t>(a, b))
+BINOP_CASE(I16x8AddSatU, i16x8, int16x8, 8, SaturateAdd<uint16_t>(a, b))
+BINOP_CASE(I16x8SubSatS, i16x8, int16x8, 8, SaturateSub<int16_t>(a, b))
+BINOP_CASE(I16x8SubSatU, i16x8, int16x8, 8, SaturateSub<uint16_t>(a, b))
+BINOP_CASE(I16x8RoundingAverageU, i16x8, int16x8, 8,
+           RoundingAverageUnsigned<uint16_t>(a, b))
+BINOP_CASE(I16x8Q15MulRSatS, i16x8, int16x8, 8,
+           SaturateRoundingQMul<int16_t>(a, b))
+BINOP_CASE(I16x8RelaxedQ15MulRS, i16x8, int16x8, 8,
+           SaturateRoundingQMul<int16_t>(a, b))
+BINOP_CASE(I8x16Add, i8x16, int8x16, 16, base::AddWithWraparound(a, b))
+BINOP_CASE(I8x16Sub, i8x16, int8x16, 16, base::SubWithWraparound(a, b))
+BINOP_CASE(I8x16MinS, i8x16, int8x16, 16, a < b ? a : b)
+BINOP_CASE(I8x16MinU, i8x16, int8x16, 16,
+           static_cast<uint8_t>(a) < static_cast<uint8_t>(b) ? a : b)
+BINOP_CASE(I8x16MaxS, i8x16, int8x16, 16, a > b ? a : b)
+BINOP_CASE(I8x16MaxU, i8x16, int8x16, 16,
+           static_cast<uint8_t>(a) > static_cast<uint8_t>(b) ? a : b)
+BINOP_CASE(I8x16AddSatS, i8x16, int8x16, 16, SaturateAdd<int8_t>(a, b))
+BINOP_CASE(I8x16AddSatU, i8x16, int8x16, 16, SaturateAdd<uint8_t>(a, b))
+BINOP_CASE(I8x16SubSatS, i8x16, int8x16, 16, SaturateSub<int8_t>(a, b))
+BINOP_CASE(I8x16SubSatU, i8x16, int8x16, 16, SaturateSub<uint8_t>(a, b))
+BINOP_CASE(I8x16RoundingAverageU, i8x16, int8x16, 16,
+           RoundingAverageUnsigned<uint8_t>(a, b))
+#undef BINOP_CASE
+
+#define UNOP_CASE(op, name, stype, count, expr)                               \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype s = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    stype res;                                                                \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      auto a = s.val[LANE(i, s)];                                             \
+      res.val[LANE(i, res)] = expr;                                           \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+UNOP_CASE(F64x2Abs, f64x2, float64x2, 2, std::abs(a))
+UNOP_CASE(F64x2Neg, f64x2, float64x2, 2, -a)
+UNOP_CASE(F64x2Sqrt, f64x2, float64x2, 2, std::sqrt(a))
+UNOP_CASE(F64x2Ceil, f64x2, float64x2, 2, ceil(a))
+UNOP_CASE(F64x2Floor, f64x2, float64x2, 2, floor(a))
+UNOP_CASE(F64x2Trunc, f64x2, float64x2, 2, trunc(a))
+UNOP_CASE(F64x2NearestInt, f64x2, float64x2, 2, nearbyint(a))
+UNOP_CASE(F32x4Abs, f32x4, float32x4, 4, std::abs(a))
+UNOP_CASE(F32x4Neg, f32x4, float32x4, 4, -a)
+UNOP_CASE(F32x4Sqrt, f32x4, float32x4, 4, std::sqrt(a))
+UNOP_CASE(F32x4Ceil, f32x4, float32x4, 4, ceilf(a))
+UNOP_CASE(F32x4Floor, f32x4, float32x4, 4, floorf(a))
+UNOP_CASE(F32x4Trunc, f32x4, float32x4, 4, truncf(a))
+UNOP_CASE(F32x4NearestInt, f32x4, float32x4, 4, nearbyintf(a))
+UNOP_CASE(I64x2Neg, i64x2, int64x2, 2, base::NegateWithWraparound(a))
+UNOP_CASE(I32x4Neg, i32x4, int32x4, 4, base::NegateWithWraparound(a))
+// Use llabs which will work correctly on both 64-bit and 32-bit.
+UNOP_CASE(I64x2Abs, i64x2, int64x2, 2, std::llabs(a))
+UNOP_CASE(I32x4Abs, i32x4, int32x4, 4, std::abs(a))
+UNOP_CASE(S128Not, i32x4, int32x4, 4, ~a)
+UNOP_CASE(I16x8Neg, i16x8, int16x8, 8, base::NegateWithWraparound(a))
+UNOP_CASE(I16x8Abs, i16x8, int16x8, 8, std::abs(a))
+UNOP_CASE(I8x16Neg, i8x16, int8x16, 16, base::NegateWithWraparound(a))
+UNOP_CASE(I8x16Abs, i8x16, int8x16, 16, std::abs(a))
+UNOP_CASE(I8x16Popcnt, i8x16, int8x16, 16,
+          base::bits::CountPopulation<uint8_t>(a))
+#undef UNOP_CASE
+
+#define BITMASK_CASE(op, name, stype, count)                                  \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype s = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    int32_t res = 0;                                                          \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      bool sign = std::signbit(static_cast<double>(s.val[LANE(i, s)]));       \
+      res |= (sign << i);                                                     \
+    }                                                                         \
+    push<int32_t>(sp, code, wasm_runtime, res);                               \
+    NextOp();                                                                 \
+  }
+BITMASK_CASE(I8x16BitMask, i8x16, int8x16, 16)
+BITMASK_CASE(I16x8BitMask, i16x8, int16x8, 8)
+BITMASK_CASE(I32x4BitMask, i32x4, int32x4, 4)
+BITMASK_CASE(I64x2BitMask, i64x2, int64x2, 2)
+#undef BITMASK_CASE
+
+#define CMPOP_CASE(op, name, stype, out_stype, count, expr)                   \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype s2 = pop<Simd128>(sp, code, wasm_runtime).to_##name();              \
+    stype s1 = pop<Simd128>(sp, code, wasm_runtime).to_##name();              \
+    out_stype res;                                                            \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      auto a = s1.val[LANE(i, s1)];                                           \
+      auto b = s2.val[LANE(i, s2)];                                           \
+      auto result = expr;                                                     \
+      res.val[LANE(i, res)] = result ? -1 : 0;                                \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+
+CMPOP_CASE(F64x2Eq, f64x2, float64x2, int64x2, 2, a == b)
+CMPOP_CASE(F64x2Ne, f64x2, float64x2, int64x2, 2, a != b)
+CMPOP_CASE(F64x2Gt, f64x2, float64x2, int64x2, 2, a > b)
+CMPOP_CASE(F64x2Ge, f64x2, float64x2, int64x2, 2, a >= b)
+CMPOP_CASE(F64x2Lt, f64x2, float64x2, int64x2, 2, a < b)
+CMPOP_CASE(F64x2Le, f64x2, float64x2, int64x2, 2, a <= b)
+CMPOP_CASE(F32x4Eq, f32x4, float32x4, int32x4, 4, a == b)
+CMPOP_CASE(F32x4Ne, f32x4, float32x4, int32x4, 4, a != b)
+CMPOP_CASE(F32x4Gt, f32x4, float32x4, int32x4, 4, a > b)
+CMPOP_CASE(F32x4Ge, f32x4, float32x4, int32x4, 4, a >= b)
+CMPOP_CASE(F32x4Lt, f32x4, float32x4, int32x4, 4, a < b)
+CMPOP_CASE(F32x4Le, f32x4, float32x4, int32x4, 4, a <= b)
+CMPOP_CASE(I64x2Eq, i64x2, int64x2, int64x2, 2, a == b)
+CMPOP_CASE(I64x2Ne, i64x2, int64x2, int64x2, 2, a != b)
+CMPOP_CASE(I64x2LtS, i64x2, int64x2, int64x2, 2, a < b)
+CMPOP_CASE(I64x2GtS, i64x2, int64x2, int64x2, 2, a > b)
+CMPOP_CASE(I64x2LeS, i64x2, int64x2, int64x2, 2, a <= b)
+CMPOP_CASE(I64x2GeS, i64x2, int64x2, int64x2, 2, a >= b)
+CMPOP_CASE(I32x4Eq, i32x4, int32x4, int32x4, 4, a == b)
+CMPOP_CASE(I32x4Ne, i32x4, int32x4, int32x4, 4, a != b)
+CMPOP_CASE(I32x4GtS, i32x4, int32x4, int32x4, 4, a > b)
+CMPOP_CASE(I32x4GeS, i32x4, int32x4, int32x4, 4, a >= b)
+CMPOP_CASE(I32x4LtS, i32x4, int32x4, int32x4, 4, a < b)
+CMPOP_CASE(I32x4LeS, i32x4, int32x4, int32x4, 4, a <= b)
+CMPOP_CASE(I32x4GtU, i32x4, int32x4, int32x4, 4,
+           static_cast<uint32_t>(a) > static_cast<uint32_t>(b))
+CMPOP_CASE(I32x4GeU, i32x4, int32x4, int32x4, 4,
+           static_cast<uint32_t>(a) >= static_cast<uint32_t>(b))
+CMPOP_CASE(I32x4LtU, i32x4, int32x4, int32x4, 4,
+           static_cast<uint32_t>(a) < static_cast<uint32_t>(b))
+CMPOP_CASE(I32x4LeU, i32x4, int32x4, int32x4, 4,
+           static_cast<uint32_t>(a) <= static_cast<uint32_t>(b))
+CMPOP_CASE(I16x8Eq, i16x8, int16x8, int16x8, 8, a == b)
+CMPOP_CASE(I16x8Ne, i16x8, int16x8, int16x8, 8, a != b)
+CMPOP_CASE(I16x8GtS, i16x8, int16x8, int16x8, 8, a > b)
+CMPOP_CASE(I16x8GeS, i16x8, int16x8, int16x8, 8, a >= b)
+CMPOP_CASE(I16x8LtS, i16x8, int16x8, int16x8, 8, a < b)
+CMPOP_CASE(I16x8LeS, i16x8, int16x8, int16x8, 8, a <= b)
+CMPOP_CASE(I16x8GtU, i16x8, int16x8, int16x8, 8,
+           static_cast<uint16_t>(a) > static_cast<uint16_t>(b))
+CMPOP_CASE(I16x8GeU, i16x8, int16x8, int16x8, 8,
+           static_cast<uint16_t>(a) >= static_cast<uint16_t>(b))
+CMPOP_CASE(I16x8LtU, i16x8, int16x8, int16x8, 8,
+           static_cast<uint16_t>(a) < static_cast<uint16_t>(b))
+CMPOP_CASE(I16x8LeU, i16x8, int16x8, int16x8, 8,
+           static_cast<uint16_t>(a) <= static_cast<uint16_t>(b))
+CMPOP_CASE(I8x16Eq, i8x16, int8x16, int8x16, 16, a == b)
+CMPOP_CASE(I8x16Ne, i8x16, int8x16, int8x16, 16, a != b)
+CMPOP_CASE(I8x16GtS, i8x16, int8x16, int8x16, 16, a > b)
+CMPOP_CASE(I8x16GeS, i8x16, int8x16, int8x16, 16, a >= b)
+CMPOP_CASE(I8x16LtS, i8x16, int8x16, int8x16, 16, a < b)
+CMPOP_CASE(I8x16LeS, i8x16, int8x16, int8x16, 16, a <= b)
+CMPOP_CASE(I8x16GtU, i8x16, int8x16, int8x16, 16,
+           static_cast<uint8_t>(a) > static_cast<uint8_t>(b))
+CMPOP_CASE(I8x16GeU, i8x16, int8x16, int8x16, 16,
+           static_cast<uint8_t>(a) >= static_cast<uint8_t>(b))
+CMPOP_CASE(I8x16LtU, i8x16, int8x16, int8x16, 16,
+           static_cast<uint8_t>(a) < static_cast<uint8_t>(b))
+CMPOP_CASE(I8x16LeU, i8x16, int8x16, int8x16, 16,
+           static_cast<uint8_t>(a) <= static_cast<uint8_t>(b))
+#undef CMPOP_CASE
+
+#define REPLACE_LANE_CASE(format, name, stype, ctype, op_type)                 \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##format##ReplaceLane(                      \
+      const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime, \
+      int64_t r0, double fp0) {                                                \
+    uint16_t lane = ReadI16(code);                                             \
+    DCHECK_LT(lane, 16);                                                       \
+    ctype new_val = pop<ctype>(sp, code, wasm_runtime);                        \
+    Simd128 simd_val = pop<Simd128>(sp, code, wasm_runtime);                   \
+    stype s = simd_val.to_##name();                                            \
+    s.val[LANE(lane, s)] = new_val;                                            \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(s));                         \
+    NextOp();                                                                  \
+  }
+REPLACE_LANE_CASE(F64x2, f64x2, float64x2, double, F64)
+REPLACE_LANE_CASE(F32x4, f32x4, float32x4, float, F32)
+REPLACE_LANE_CASE(I64x2, i64x2, int64x2, int64_t, I64)
+REPLACE_LANE_CASE(I32x4, i32x4, int32x4, int32_t, I32)
+REPLACE_LANE_CASE(I16x8, i16x8, int16x8, int32_t, I32)
+REPLACE_LANE_CASE(I8x16, i8x16, int8x16, int32_t, I32)
+#undef REPLACE_LANE_CASE
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdS128LoadMem(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(Simd128),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  Simd128 s =
+      base::ReadUnalignedValue<Simd128>(reinterpret_cast<Address>(address));
+  push<Simd128>(sp, code, wasm_runtime, Simd128(s));
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdS128StoreMem(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  Simd128 val = pop<Simd128>(sp, code, wasm_runtime);
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(Simd128),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  base::WriteUnalignedValue<Simd128>(reinterpret_cast<Address>(address), val);
+
+  NextOp();
+}
+
+#define SHIFT_CASE(op, name, stype, count, expr)                              \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    uint32_t shift = pop<uint32_t>(sp, code, wasm_runtime);                   \
+    stype s = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    stype res;                                                                \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      auto a = s.val[LANE(i, s)];                                             \
+      res.val[LANE(i, res)] = expr;                                           \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+SHIFT_CASE(I64x2Shl, i64x2, int64x2, 2,
+           static_cast<uint64_t>(a) << (shift % 64))
+SHIFT_CASE(I64x2ShrS, i64x2, int64x2, 2, a >> (shift % 64))
+SHIFT_CASE(I64x2ShrU, i64x2, int64x2, 2,
+           static_cast<uint64_t>(a) >> (shift % 64))
+SHIFT_CASE(I32x4Shl, i32x4, int32x4, 4,
+           static_cast<uint32_t>(a) << (shift % 32))
+SHIFT_CASE(I32x4ShrS, i32x4, int32x4, 4, a >> (shift % 32))
+SHIFT_CASE(I32x4ShrU, i32x4, int32x4, 4,
+           static_cast<uint32_t>(a) >> (shift % 32))
+SHIFT_CASE(I16x8Shl, i16x8, int16x8, 8,
+           static_cast<uint16_t>(a) << (shift % 16))
+SHIFT_CASE(I16x8ShrS, i16x8, int16x8, 8, a >> (shift % 16))
+SHIFT_CASE(I16x8ShrU, i16x8, int16x8, 8,
+           static_cast<uint16_t>(a) >> (shift % 16))
+SHIFT_CASE(I8x16Shl, i8x16, int8x16, 16, static_cast<uint8_t>(a) << (shift % 8))
+SHIFT_CASE(I8x16ShrS, i8x16, int8x16, 16, a >> (shift % 8))
+SHIFT_CASE(I8x16ShrU, i8x16, int8x16, 16,
+           static_cast<uint8_t>(a) >> (shift % 8))
+#undef SHIFT_CASE
+
+template <typename s_type, typename d_type, typename narrow, typename wide,
+          uint32_t start>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdExtMul(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  s_type s2 = pop<Simd128>(sp, code, wasm_runtime).to<s_type>();
+  s_type s1 = pop<Simd128>(sp, code, wasm_runtime).to<s_type>();
+  auto end = start + (kSimd128Size / sizeof(wide));
+  d_type res;
+  uint32_t i = start;
+  for (size_t dst = 0; i < end; ++i, ++dst) {
+    // Need static_cast for unsigned narrow types.
+    res.val[LANE(dst, res)] =
+        MultiplyLong<wide>(static_cast<narrow>(s1.val[LANE(start, s1)]),
+                           static_cast<narrow>(s2.val[LANE(start, s2)]));
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+static auto s2s_SimdI16x8ExtMulLowI8x16S =
+    s2s_DoSimdExtMul<int8x16, int16x8, int8_t, int16_t, 0>;
+static auto s2s_SimdI16x8ExtMulHighI8x16S =
+    s2s_DoSimdExtMul<int8x16, int16x8, int8_t, int16_t, 8>;
+static auto s2s_SimdI16x8ExtMulLowI8x16U =
+    s2s_DoSimdExtMul<int8x16, int16x8, uint8_t, uint16_t, 0>;
+static auto s2s_SimdI16x8ExtMulHighI8x16U =
+    s2s_DoSimdExtMul<int8x16, int16x8, uint8_t, uint16_t, 8>;
+static auto s2s_SimdI32x4ExtMulLowI16x8S =
+    s2s_DoSimdExtMul<int16x8, int32x4, int16_t, int32_t, 0>;
+static auto s2s_SimdI32x4ExtMulHighI16x8S =
+    s2s_DoSimdExtMul<int16x8, int32x4, int16_t, int32_t, 4>;
+static auto s2s_SimdI32x4ExtMulLowI16x8U =
+    s2s_DoSimdExtMul<int16x8, int32x4, uint16_t, uint32_t, 0>;
+static auto s2s_SimdI32x4ExtMulHighI16x8U =
+    s2s_DoSimdExtMul<int16x8, int32x4, uint16_t, uint32_t, 4>;
+static auto s2s_SimdI64x2ExtMulLowI32x4S =
+    s2s_DoSimdExtMul<int32x4, int64x2, int32_t, int64_t, 0>;
+static auto s2s_SimdI64x2ExtMulHighI32x4S =
+    s2s_DoSimdExtMul<int32x4, int64x2, int32_t, int64_t, 2>;
+static auto s2s_SimdI64x2ExtMulLowI32x4U =
+    s2s_DoSimdExtMul<int32x4, int64x2, uint32_t, uint64_t, 0>;
+static auto s2s_SimdI64x2ExtMulHighI32x4U =
+    s2s_DoSimdExtMul<int32x4, int64x2, uint32_t, uint64_t, 2>;
+#undef EXT_MUL_CASE
+
+#define CONVERT_CASE(op, src_type, name, dst_type, count, start_index, ctype, \
+                     expr)                                                    \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    src_type s = pop<Simd128>(sp, code, wasm_runtime).to_##name();            \
+    dst_type res = {0};                                                       \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      ctype a = s.val[LANE(start_index + i, s)];                              \
+      res.val[LANE(i, res)] = expr;                                           \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+CONVERT_CASE(F32x4SConvertI32x4, int32x4, i32x4, float32x4, 4, 0, int32_t,
+             static_cast<float>(a))
+CONVERT_CASE(F32x4UConvertI32x4, int32x4, i32x4, float32x4, 4, 0, uint32_t,
+             static_cast<float>(a))
+CONVERT_CASE(I32x4SConvertF32x4, float32x4, f32x4, int32x4, 4, 0, float,
+             base::saturated_cast<int32_t>(a))
+CONVERT_CASE(I32x4UConvertF32x4, float32x4, f32x4, int32x4, 4, 0, float,
+             base::saturated_cast<uint32_t>(a))
+CONVERT_CASE(I32x4RelaxedTruncF32x4S, float32x4, f32x4, int32x4, 4, 0, float,
+             base::saturated_cast<int32_t>(a))
+CONVERT_CASE(I32x4RelaxedTruncF32x4U, float32x4, f32x4, int32x4, 4, 0, float,
+             base::saturated_cast<uint32_t>(a))
+CONVERT_CASE(I64x2SConvertI32x4Low, int32x4, i32x4, int64x2, 2, 0, int32_t, a)
+CONVERT_CASE(I64x2SConvertI32x4High, int32x4, i32x4, int64x2, 2, 2, int32_t, a)
+CONVERT_CASE(I64x2UConvertI32x4Low, int32x4, i32x4, int64x2, 2, 0, uint32_t, a)
+CONVERT_CASE(I64x2UConvertI32x4High, int32x4, i32x4, int64x2, 2, 2, uint32_t, a)
+CONVERT_CASE(I32x4SConvertI16x8High, int16x8, i16x8, int32x4, 4, 4, int16_t, a)
+CONVERT_CASE(I32x4UConvertI16x8High, int16x8, i16x8, int32x4, 4, 4, uint16_t, a)
+CONVERT_CASE(I32x4SConvertI16x8Low, int16x8, i16x8, int32x4, 4, 0, int16_t, a)
+CONVERT_CASE(I32x4UConvertI16x8Low, int16x8, i16x8, int32x4, 4, 0, uint16_t, a)
+CONVERT_CASE(I16x8SConvertI8x16High, int8x16, i8x16, int16x8, 8, 8, int8_t, a)
+CONVERT_CASE(I16x8UConvertI8x16High, int8x16, i8x16, int16x8, 8, 8, uint8_t, a)
+CONVERT_CASE(I16x8SConvertI8x16Low, int8x16, i8x16, int16x8, 8, 0, int8_t, a)
+CONVERT_CASE(I16x8UConvertI8x16Low, int8x16, i8x16, int16x8, 8, 0, uint8_t, a)
+CONVERT_CASE(F64x2ConvertLowI32x4S, int32x4, i32x4, float64x2, 2, 0, int32_t,
+             static_cast<double>(a))
+CONVERT_CASE(F64x2ConvertLowI32x4U, int32x4, i32x4, float64x2, 2, 0, uint32_t,
+             static_cast<double>(a))
+CONVERT_CASE(I32x4TruncSatF64x2SZero, float64x2, f64x2, int32x4, 2, 0, double,
+             base::saturated_cast<int32_t>(a))
+CONVERT_CASE(I32x4TruncSatF64x2UZero, float64x2, f64x2, int32x4, 2, 0, double,
+             base::saturated_cast<uint32_t>(a))
+CONVERT_CASE(I32x4RelaxedTruncF64x2SZero, float64x2, f64x2, int32x4, 2, 0,
+             double, base::saturated_cast<int32_t>(a))
+CONVERT_CASE(I32x4RelaxedTruncF64x2UZero, float64x2, f64x2, int32x4, 2, 0,
+             double, base::saturated_cast<uint32_t>(a))
+CONVERT_CASE(F32x4DemoteF64x2Zero, float64x2, f64x2, float32x4, 2, 0, float,
+             DoubleToFloat32(a))
+CONVERT_CASE(F64x2PromoteLowF32x4, float32x4, f32x4, float64x2, 2, 0, float,
+             static_cast<double>(a))
+#undef CONVERT_CASE
+
+#define PACK_CASE(op, src_type, name, dst_type, count, dst_ctype)             \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    src_type s2 = pop<Simd128>(sp, code, wasm_runtime).to_##name();           \
+    src_type s1 = pop<Simd128>(sp, code, wasm_runtime).to_##name();           \
+    dst_type res;                                                             \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      int64_t v = i < count / 2 ? s1.val[LANE(i, s1)]                         \
+                                : s2.val[LANE(i - count / 2, s2)];            \
+      res.val[LANE(i, res)] = base::saturated_cast<dst_ctype>(v);             \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+PACK_CASE(I16x8SConvertI32x4, int32x4, i32x4, int16x8, 8, int16_t)
+PACK_CASE(I16x8UConvertI32x4, int32x4, i32x4, int16x8, 8, uint16_t)
+PACK_CASE(I8x16SConvertI16x8, int16x8, i16x8, int8x16, 16, int8_t)
+PACK_CASE(I8x16UConvertI16x8, int16x8, i16x8, int8x16, 16, uint8_t)
+#undef PACK_CASE
+
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdSelect(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  int32x4 bool_val = pop<Simd128>(sp, code, wasm_runtime).to_i32x4();
+  int32x4 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i32x4();
+  int32x4 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i32x4();
+  int32x4 res;
+  for (size_t i = 0; i < 4; ++i) {
+    res.val[LANE(i, res)] =
+        v2.val[LANE(i, v2)] ^ ((v1.val[LANE(i, v1)] ^ v2.val[LANE(i, v2)]) &
+                               bool_val.val[LANE(i, bool_val)]);
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+// Do these 5 instructions really have the same implementation?
+static auto s2s_SimdI8x16RelaxedLaneSelect = s2s_DoSimdSelect;
+static auto s2s_SimdI16x8RelaxedLaneSelect = s2s_DoSimdSelect;
+static auto s2s_SimdI32x4RelaxedLaneSelect = s2s_DoSimdSelect;
+static auto s2s_SimdI64x2RelaxedLaneSelect = s2s_DoSimdSelect;
+static auto s2s_SimdS128Select = s2s_DoSimdSelect;
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdI32x4DotI16x8S(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int16x8 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i16x8();
+  int16x8 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i16x8();
+  int32x4 res;
+  for (size_t i = 0; i < 4; i++) {
+    int32_t lo = (v1.val[LANE(i * 2, v1)] * v2.val[LANE(i * 2, v2)]);
+    int32_t hi = (v1.val[LANE(i * 2 + 1, v1)] * v2.val[LANE(i * 2 + 1, v2)]);
+    res.val[LANE(i, res)] = base::AddWithWraparound(lo, hi);
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdI16x8DotI8x16I7x16S(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int8x16 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int16x8 res;
+  for (size_t i = 0; i < 8; i++) {
+    int16_t lo = (v1.val[LANE(i * 2, v1)] * v2.val[LANE(i * 2, v2)]);
+    int16_t hi = (v1.val[LANE(i * 2 + 1, v1)] * v2.val[LANE(i * 2 + 1, v2)]);
+    res.val[LANE(i, res)] = base::AddWithWraparound(lo, hi);
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdI32x4DotI8x16I7x16AddS(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int32x4 v3 = pop<Simd128>(sp, code, wasm_runtime).to_i32x4();
+  int8x16 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int32x4 res;
+  for (size_t i = 0; i < 4; i++) {
+    int32_t a = (v1.val[LANE(i * 4, v1)] * v2.val[LANE(i * 4, v2)]);
+    int32_t b = (v1.val[LANE(i * 4 + 1, v1)] * v2.val[LANE(i * 4 + 1, v2)]);
+    int32_t c = (v1.val[LANE(i * 4 + 2, v1)] * v2.val[LANE(i * 4 + 2, v2)]);
+    int32_t d = (v1.val[LANE(i * 4 + 3, v1)] * v2.val[LANE(i * 4 + 3, v2)]);
+    int32_t acc = v3.val[LANE(i, v3)];
+    // a + b + c + d should not wrap
+    res.val[LANE(i, res)] = base::AddWithWraparound(a + b + c + d, acc);
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdI8x16Swizzle(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int8x16 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 res;
+  for (size_t i = 0; i < kSimd128Size; ++i) {
+    int lane = v2.val[LANE(i, v2)];
+    res.val[LANE(i, res)] =
+        lane < kSimd128Size && lane >= 0 ? v1.val[LANE(lane, v1)] : 0;
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+static auto s2s_SimdI8x16RelaxedSwizzle = s2s_SimdI8x16Swizzle;
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdI8x16Shuffle(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int8x16 value = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 v2 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 v1 = pop<Simd128>(sp, code, wasm_runtime).to_i8x16();
+  int8x16 res;
+  for (size_t i = 0; i < kSimd128Size; ++i) {
+    int lane = value.val[i];
+    res.val[LANE(i, res)] = lane < kSimd128Size
+                                ? v1.val[LANE(lane, v1)]
+                                : v2.val[LANE(lane - kSimd128Size, v2)];
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_SimdV128AnyTrue(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  int32x4 s = pop<Simd128>(sp, code, wasm_runtime).to_i32x4();
+  bool res = s.val[LANE(0, s)] | s.val[LANE(1, s)] | s.val[LANE(2, s)] |
+             s.val[LANE(3, s)];
+  push<int32_t>(sp, code, wasm_runtime, res);
+  NextOp();
+}
+
+#define REDUCTION_CASE(op, name, stype, count)                                \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype s = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    bool res = true;                                                          \
+    for (size_t i = 0; i < count; ++i) {                                      \
+      res = res & static_cast<bool>(s.val[LANE(i, s)]);                       \
+    }                                                                         \
+    push<int32_t>(sp, code, wasm_runtime, res);                               \
+    NextOp();                                                                 \
+  }
+REDUCTION_CASE(I64x2AllTrue, i64x2, int64x2, 2)
+REDUCTION_CASE(I32x4AllTrue, i32x4, int32x4, 4)
+REDUCTION_CASE(I16x8AllTrue, i16x8, int16x8, 8)
+REDUCTION_CASE(I8x16AllTrue, i8x16, int8x16, 16)
+#undef REDUCTION_CASE
+
+#define QFM_CASE(op, name, stype, count, operation)                           \
+  INSTRUCTION_HANDLER_FUNC s2s_Simd##op(const uint8_t* code, uint32_t* sp,    \
+                                        WasmInterpreterRuntime* wasm_runtime, \
+                                        int64_t r0, double fp0) {             \
+    stype c = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    stype b = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    stype a = pop<Simd128>(sp, code, wasm_runtime).to_##name();               \
+    stype res;                                                                \
+    for (size_t i = 0; i < count; i++) {                                      \
+      res.val[LANE(i, res)] =                                                 \
+          operation(a.val[LANE(i, a)] * b.val[LANE(i, b)]) +                  \
+          c.val[LANE(i, c)];                                                  \
+    }                                                                         \
+    push<Simd128>(sp, code, wasm_runtime, Simd128(res));                      \
+    NextOp();                                                                 \
+  }
+QFM_CASE(F32x4Qfma, f32x4, float32x4, 4, +)
+QFM_CASE(F32x4Qfms, f32x4, float32x4, 4, -)
+QFM_CASE(F64x2Qfma, f64x2, float64x2, 2, +)
+QFM_CASE(F64x2Qfms, f64x2, float64x2, 2, -)
+#undef QFM_CASE
+
+template <typename s_type, typename load_type>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdLoadSplat(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index,
+                                              sizeof(load_type),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  load_type v =
+      base::ReadUnalignedValue<load_type>(reinterpret_cast<Address>(address));
+  s_type s;
+  for (size_t i = 0; i < arraysize(s.val); i++) {
+    s.val[LANE(i, s)] = v;
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(s));
+
+  NextOp();
+}
+static auto s2s_SimdS128Load8Splat = s2s_DoSimdLoadSplat<int8x16, int8_t>;
+static auto s2s_SimdS128Load16Splat = s2s_DoSimdLoadSplat<int16x8, int16_t>;
+static auto s2s_SimdS128Load32Splat = s2s_DoSimdLoadSplat<int32x4, int32_t>;
+static auto s2s_SimdS128Load64Splat = s2s_DoSimdLoadSplat<int64x2, int64_t>;
+
+template <typename s_type, typename wide_type, typename narrow_type>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdLoadExtend(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  static_assert(sizeof(wide_type) == sizeof(narrow_type) * 2,
+                "size mismatch for wide and narrow types");
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index, sizeof(uint64_t),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  uint64_t v =
+      base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(address));
+  constexpr int lanes = kSimd128Size / sizeof(wide_type);
+  s_type s;
+  for (int i = 0; i < lanes; i++) {
+    uint8_t shift = i * (sizeof(narrow_type) * 8);
+    narrow_type el = static_cast<narrow_type>(v >> shift);
+    s.val[LANE(i, s)] = static_cast<wide_type>(el);
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(s));
+
+  NextOp();
+}
+static auto s2s_SimdS128Load8x8S =
+    s2s_DoSimdLoadExtend<int16x8, int16_t, int8_t>;
+static auto s2s_SimdS128Load8x8U =
+    s2s_DoSimdLoadExtend<int16x8, uint16_t, uint8_t>;
+static auto s2s_SimdS128Load16x4S =
+    s2s_DoSimdLoadExtend<int32x4, int32_t, int16_t>;
+static auto s2s_SimdS128Load16x4U =
+    s2s_DoSimdLoadExtend<int32x4, uint32_t, uint16_t>;
+static auto s2s_SimdS128Load32x2S =
+    s2s_DoSimdLoadExtend<int64x2, int64_t, int32_t>;
+static auto s2s_SimdS128Load32x2U =
+    s2s_DoSimdLoadExtend<int64x2, uint64_t, uint32_t>;
+
+template <typename s_type, typename load_type>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdLoadZeroExtend(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index,
+                                              sizeof(load_type),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  load_type v =
+      base::ReadUnalignedValue<load_type>(reinterpret_cast<Address>(address));
+  s_type s;
+  // All lanes are 0.
+  for (size_t i = 0; i < arraysize(s.val); i++) {
+    s.val[LANE(i, s)] = 0;
+  }
+  // Lane 0 is set to the loaded value.
+  s.val[LANE(0, s)] = v;
+  push<Simd128>(sp, code, wasm_runtime, Simd128(s));
+
+  NextOp();
+}
+static auto s2s_SimdS128Load32Zero =
+    s2s_DoSimdLoadZeroExtend<int32x4, uint32_t>;
+static auto s2s_SimdS128Load64Zero =
+    s2s_DoSimdLoadZeroExtend<int64x2, uint64_t>;
+
+template <typename s_type, typename result_type, typename load_type>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdLoadLane(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  s_type value = pop<Simd128>(sp, code, wasm_runtime).to<s_type>();
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index,
+                                              sizeof(load_type),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+
+  uint8_t* address = memory_start + effective_index;
+  result_type loaded =
+      base::ReadUnalignedValue<load_type>(reinterpret_cast<Address>(address));
+  uint16_t lane = Read<uint16_t>(code);
+  value.val[LANE(lane, value)] = loaded;
+  push<Simd128>(sp, code, wasm_runtime, Simd128(value));
+
+  NextOp();
+}
+static auto s2s_SimdS128Load8Lane =
+    s2s_DoSimdLoadLane<int8x16, int32_t, int8_t>;
+static auto s2s_SimdS128Load16Lane =
+    s2s_DoSimdLoadLane<int16x8, int32_t, int16_t>;
+static auto s2s_SimdS128Load32Lane =
+    s2s_DoSimdLoadLane<int32x4, int32_t, int32_t>;
+static auto s2s_SimdS128Load64Lane =
+    s2s_DoSimdLoadLane<int64x2, int64_t, int64_t>;
+
+template <typename s_type, typename result_type, typename load_type>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdStoreLane(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  // Extract a single lane, push it onto the stack, then store the lane.
+  s_type value = pop<Simd128>(sp, code, wasm_runtime).to<s_type>();
+
+  uint8_t* memory_start = wasm_runtime->GetMemoryStart();
+  uint64_t offset = Read<uint64_t>(code);
+
+  uint64_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  uint64_t effective_index = offset + index;
+
+  if (V8_UNLIKELY(effective_index < index ||
+                  !base::IsInBounds<uint64_t>(effective_index,
+                                              sizeof(load_type),
+                                              wasm_runtime->GetMemorySize()))) {
+    TRAP(TrapReason::kTrapMemOutOfBounds)
+  }
+  uint8_t* address = memory_start + effective_index;
+
+  uint16_t lane = Read<uint16_t>(code);
+  result_type res = value.val[LANE(lane, value)];
+  base::WriteUnalignedValue<result_type>(reinterpret_cast<Address>(address),
+                                         res);
+
+  NextOp();
+}
+static auto s2s_SimdS128Store8Lane =
+    s2s_DoSimdStoreLane<int8x16, int32_t, int8_t>;
+static auto s2s_SimdS128Store16Lane =
+    s2s_DoSimdStoreLane<int16x8, int32_t, int16_t>;
+static auto s2s_SimdS128Store32Lane =
+    s2s_DoSimdStoreLane<int32x4, int32_t, int32_t>;
+static auto s2s_SimdS128Store64Lane =
+    s2s_DoSimdStoreLane<int64x2, int64_t, int64_t>;
+
+template <typename DstSimdType, typename SrcSimdType, typename Wide,
+          typename Narrow>
+INSTRUCTION_HANDLER_FUNC s2s_DoSimdExtAddPairwise(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  constexpr int lanes = kSimd128Size / sizeof(DstSimdType::val[0]);
+  auto v = pop<Simd128>(sp, code, wasm_runtime).to<SrcSimdType>();
+  DstSimdType res;
+  for (int i = 0; i < lanes; ++i) {
+    res.val[LANE(i, res)] =
+        AddLong<Wide>(static_cast<Narrow>(v.val[LANE(i * 2, v)]),
+                      static_cast<Narrow>(v.val[LANE(i * 2 + 1, v)]));
+  }
+  push<Simd128>(sp, code, wasm_runtime, Simd128(res));
+
+  NextOp();
+}
+static auto s2s_SimdI32x4ExtAddPairwiseI16x8S =
+    s2s_DoSimdExtAddPairwise<int32x4, int16x8, int32_t, int16_t>;
+static auto s2s_SimdI32x4ExtAddPairwiseI16x8U =
+    s2s_DoSimdExtAddPairwise<int32x4, int16x8, uint32_t, uint16_t>;
+static auto s2s_SimdI16x8ExtAddPairwiseI8x16S =
+    s2s_DoSimdExtAddPairwise<int16x8, int8x16, int16_t, int8_t>;
+static auto s2s_SimdI16x8ExtAddPairwiseI8x16U =
+    s2s_DoSimdExtAddPairwise<int16x8, int8x16, uint16_t, uint8_t>;
+
+////////////////////////////////////////////////////////////////////////////////
+
+INSTRUCTION_HANDLER_FUNC s2s_Throw(const uint8_t* code, uint32_t* sp,
+                                   WasmInterpreterRuntime* wasm_runtime,
+                                   int64_t r0, double fp0) {
+  uint32_t tag_index = ReadI32(code);
+
+  // This will advance the code pointer.
+  wasm_runtime->ThrowException(code, sp, tag_index);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_Rethrow(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  uint32_t catch_block_index = ReadI32(code);
+  wasm_runtime->RethrowException(code, sp, catch_block_index);
+
+  NextOp();
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// GC instruction handlers.
+
+int StructFieldOffset(const StructType* struct_type, int field_index) {
+  return wasm::ObjectAccess::ToTagged(WasmStruct::kHeaderSize +
+                                      struct_type->field_offset(field_index));
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnNull(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  // TODO(paolosev@microsoft.com): Implement peek<T>?
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  int32_t if_null_offset = ReadI32(code);
+  if (wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    // If condition is true (ref is null), jump to the target branch.
+    code += (if_null_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+/*
+ * Notice that in s2s_BranchOnNullWithParams the branch happens when the
+ * condition is false, not true, as follows:
+ *
+ *   > s2s_BranchOnNullWithParams
+ *       pop - ref
+ *       i32: ref value_tye
+ *       push - ref
+ *       branch_offset (if NOT NULL)  ----+
+ *   > s2s_CopySlot                       |
+ *       ....                             |
+ *   > s2s_Branch (gets here if NULL)     |
+ *       branch_offset                    |
+ *   > (next instruction) <---------------+
+ */
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnNullWithParams(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  // TO(paolosev@microsoft.com): Implement peek<T>?
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  int32_t if_null_offset = ReadI32(code);
+  if (!wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    // If condition is false (ref is not null), jump to the false branch.
+    code += (if_null_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnNonNull(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  // TO(paolosev@microsoft.com): Implement peek<T>?
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  int32_t if_non_null_offset = ReadI32(code);
+  if (!wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    // If condition is true (ref is not null), jump to the target branch.
+    code += (if_non_null_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnNonNullWithParams(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  // TO(paolosev@microsoft.com): Implement peek<T>?
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  int32_t if_non_null_offset = ReadI32(code);
+  if (wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    // If condition is false (ref is null), jump to the false branch.
+    code += (if_non_null_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+bool DoRefCast(WasmRef ref, ValueType ref_type, HeapType target_type,
+               bool null_succeeds, WasmInterpreterRuntime* wasm_runtime) {
+  if (target_type.is_index()) {
+    Handle<Map> rtt = wasm_runtime->RttCanon(target_type.ref_index());
+    return wasm_runtime->SubtypeCheck(ref, ref_type, rtt,
+                                      ValueType::Rtt(target_type.ref_index()),
+                                      null_succeeds);
+  } else {
+    switch (target_type.representation()) {
+      case HeapType::kEq:
+        return wasm_runtime->RefIsEq(ref, ref_type, null_succeeds);
+      case HeapType::kI31:
+        return wasm_runtime->RefIsI31(ref, ref_type, null_succeeds);
+      case HeapType::kStruct:
+        return wasm_runtime->RefIsStruct(ref, ref_type, null_succeeds);
+      case HeapType::kArray:
+        return wasm_runtime->RefIsArray(ref, ref_type, null_succeeds);
+      case HeapType::kString:
+        return wasm_runtime->RefIsString(ref, ref_type, null_succeeds);
+      case HeapType::kNone:
+      case HeapType::kNoExtern:
+      case HeapType::kNoFunc:
+        DCHECK(null_succeeds);
+        return wasm_runtime->IsNullTypecheck(ref, ref_type);
+      case HeapType::kAny:
+        // Any may never need a cast as it is either implicitly convertible or
+        // never convertible for any given type.
+      default:
+        UNREACHABLE();
+    }
+  }
+}
+
+/*
+ * Notice that in s2s_BranchOnCast the branch happens when the condition is
+ * false, not true, as follows:
+ *
+ *   > s2s_BranchOnCast
+ *       i32: null_succeeds
+ *       i32: target_type HeapType representation
+ *       pop - ref
+ *       i32: ref value_tye
+ *       push - ref
+ *       branch_offset (if CAST FAILS) --------+
+ *   > s2s_CopySlot                            |
+ *       ....                                  |
+ *   > s2s_Branch (gets here if CAST SUCCEEDS) |
+ *       branch_offset                         |
+ *   > (next instruction) <--------------------+
+ */
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnCast(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  bool null_succeeds = ReadI32(code);
+  HeapType target_type(ReadI32(code));
+
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+  int32_t no_branch_offset = ReadI32(code);
+
+  if (!DoRefCast(ref, ref_type, target_type, null_succeeds, wasm_runtime)) {
+    // If condition is not true, jump to the 'false' branch.
+    code += (no_branch_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+/*
+ * Notice that in s2s_BranchOnCastFail the branch happens when the condition is
+ * false, not true, as follows:
+ *
+ *   > s2s_BranchOnCastFail
+ *       i32: null_succeeds
+ *       i32: target_type HeapType representation
+ *       pop - ref
+ *       i32: ref value_tye
+ *       push - ref
+ *       branch_offset (if CAST SUCCEEDS) --+
+ *   > s2s_CopySlot                         |
+ *       ....                               |
+ *   > s2s_Branch (gets here if CAST FAILS) |
+ *       branch_offset                      |
+ *   > (next instruction) <-----------------+
+ */
+INSTRUCTION_HANDLER_FUNC s2s_BranchOnCastFail(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  bool null_succeeds = ReadI32(code);
+  HeapType target_type(ReadI32(code));
+
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+  int32_t branch_offset = ReadI32(code);
+
+  if (DoRefCast(ref, ref_type, target_type, null_succeeds, wasm_runtime)) {
+    // If condition is true, jump to the 'true' branch.
+    code += (branch_offset - kCodeOffsetSize);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_CallRef(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  WasmRef func_ref = pop<WasmRef>(sp, code, wasm_runtime);
+  uint32_t sig_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(func_ref))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+
+  // This can trap.
+  wasm_runtime->ExecuteCallRef(code, func_ref, sig_index, stack_pos, sp,
+                               ref_stack_fp_offset, slot_offset,
+                               return_slot_offset, false);
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ReturnCallRef(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  uint32_t rets_size = ReadI32(code);
+  uint32_t args_size = ReadI32(code);
+  uint32_t rets_refs = ReadI32(code);
+  uint32_t args_refs = ReadI32(code);
+
+  WasmRef func_ref = pop<WasmRef>(sp, code, wasm_runtime);
+  uint32_t sig_index = ReadI32(code);
+  uint32_t stack_pos = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  uint32_t ref_stack_fp_offset = ReadI32(code);
+  uint32_t return_slot_offset = 0;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_execution) {
+    return_slot_offset = ReadI32(code);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(func_ref))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+
+  // Moves back the stack frame to the caller stack frame.
+  wasm_runtime->UnwindCurrentStackFrame(sp, slot_offset, rets_size, args_size,
+                                        rets_refs, args_refs,
+                                        ref_stack_fp_offset);
+
+  // TODO(paolosev@microsoft.com) - This calls adds a new C++ stack frame, which
+  // is not ideal in a tail-call.
+  wasm_runtime->ExecuteCallRef(code, func_ref, sig_index, stack_pos, sp, 0, 0,
+                               return_slot_offset, true);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_StructNew(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+  std::pair<Handle<WasmStruct>, const StructType*> struct_new_result =
+      wasm_runtime->StructNewUninitialized(index);
+  Handle<Object> struct_obj = struct_new_result.first;
+  const StructType* struct_type = struct_new_result.second;
+
+  {
+    // The new struct is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    for (uint32_t i = struct_type->field_count(); i > 0;) {
+      i--;
+      int offset = StructFieldOffset(struct_type, i);
+      Address field_addr = (*struct_obj).ptr() + offset;
+
+      ValueKind kind = struct_type->field(i).kind();
+      switch (kind) {
+        case kI8:
+          *reinterpret_cast<int8_t*>(field_addr) =
+              pop<int32_t>(sp, code, wasm_runtime);
+          break;
+        case kI16:
+          base::WriteUnalignedValue<int16_t>(
+              field_addr, pop<int32_t>(sp, code, wasm_runtime));
+          break;
+        case kI32:
+          base::WriteUnalignedValue<int32_t>(
+              field_addr, pop<int32_t>(sp, code, wasm_runtime));
+          break;
+        case kI64:
+          base::WriteUnalignedValue<int64_t>(
+              field_addr, pop<int64_t>(sp, code, wasm_runtime));
+          break;
+        case kF32:
+          base::WriteUnalignedValue<float>(field_addr,
+                                           pop<float>(sp, code, wasm_runtime));
+          break;
+        case kF64:
+          base::WriteUnalignedValue<double>(
+              field_addr, pop<double>(sp, code, wasm_runtime));
+          break;
+        case kS128:
+          base::WriteUnalignedValue<Simd128>(
+              field_addr, pop<Simd128>(sp, code, wasm_runtime));
+          break;
+        case kRef:
+        case kRefNull: {
+          WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+          base::WriteUnalignedValue<Tagged_t>(
+              field_addr,
+              V8HeapCompressionScheme::CompressObject((*ref).ptr()));
+          break;
+        }
+        default:
+          UNREACHABLE();
+      }
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, struct_obj);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_StructNewDefault(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+  std::pair<Handle<WasmStruct>, const StructType*> struct_new_result =
+      wasm_runtime->StructNewUninitialized(index);
+  Handle<Object> struct_obj = struct_new_result.first;
+  const StructType* struct_type = struct_new_result.second;
+
+  {
+    // The new struct is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    for (uint32_t i = struct_type->field_count(); i > 0;) {
+      i--;
+      int offset = StructFieldOffset(struct_type, i);
+      Address field_addr = (*struct_obj).ptr() + offset;
+
+      const ValueType value_type = struct_type->field(i);
+      const ValueKind kind = value_type.kind();
+      switch (kind) {
+        case kI8:
+          *reinterpret_cast<int8_t*>(field_addr) = int8_t{};
+          break;
+        case kI16:
+          base::WriteUnalignedValue<int16_t>(field_addr, int16_t{});
+          break;
+        case kI32:
+          base::WriteUnalignedValue<int32_t>(field_addr, int32_t{});
+          break;
+        case kI64:
+          base::WriteUnalignedValue<int64_t>(field_addr, int64_t{});
+          break;
+        case kF32:
+          base::WriteUnalignedValue<float>(field_addr, float{});
+          break;
+        case kF64:
+          base::WriteUnalignedValue<double>(field_addr, double{});
+          break;
+        case kS128:
+          base::WriteUnalignedValue<Simd128>(field_addr, Simd128{});
+          break;
+        case kRef:
+        case kRefNull:
+          base::WriteUnalignedValue<Tagged_t>(
+              field_addr, static_cast<Tagged_t>(
+                              wasm_runtime->GetNullValue(value_type).ptr()));
+          break;
+        default:
+          UNREACHABLE();
+      }
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, struct_obj);
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_StructGet(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  WasmRef struct_obj = pop<WasmRef>(sp, code, wasm_runtime);
+
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(struct_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  int offset = ReadI32(code);
+  Address field_addr = (*struct_obj).ptr() + offset;
+  push<T>(sp, code, wasm_runtime, base::ReadUnalignedValue<U>(field_addr));
+
+  NextOp();
+}
+static auto s2s_I8SStructGet = s2s_StructGet<int32_t, int8_t>;
+static auto s2s_I8UStructGet = s2s_StructGet<uint32_t, uint8_t>;
+static auto s2s_I16SStructGet = s2s_StructGet<int32_t, int16_t>;
+static auto s2s_I16UStructGet = s2s_StructGet<uint32_t, uint16_t>;
+static auto s2s_I32StructGet = s2s_StructGet<int32_t>;
+static auto s2s_I64StructGet = s2s_StructGet<int64_t>;
+static auto s2s_F32StructGet = s2s_StructGet<float>;
+static auto s2s_F64StructGet = s2s_StructGet<double>;
+static auto s2s_S128StructGet = s2s_StructGet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefStructGet(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  WasmRef struct_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(struct_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  int offset = ReadI32(code);
+  Address field_addr = (*struct_obj).ptr() + offset;
+  // DrumBrake expects pointer compression.
+  Tagged_t ref_tagged = base::ReadUnalignedValue<uint32_t>(field_addr);
+  Isolate* isolate = wasm_runtime->GetIsolate();
+  Tagged<Object> ref_uncompressed(
+      V8HeapCompressionScheme::DecompressTagged(isolate, ref_tagged));
+  WasmRef ref_handle = handle(ref_uncompressed, isolate);
+  push<WasmRef>(sp, code, wasm_runtime, ref_handle);
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_StructSet(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  int offset = ReadI32(code);
+  T value = pop<T>(sp, code, wasm_runtime);
+  WasmRef struct_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(struct_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  Address field_addr = (*struct_obj).ptr() + offset;
+  base::WriteUnalignedValue<U>(field_addr, value);
+
+  NextOp();
+}
+static auto s2s_I8StructSet = s2s_StructSet<int32_t, int8_t>;
+static auto s2s_I16StructSet = s2s_StructSet<int32_t, int16_t>;
+static auto s2s_I32StructSet = s2s_StructSet<int32_t>;
+static auto s2s_I64StructSet = s2s_StructSet<int64_t>;
+static auto s2s_F32StructSet = s2s_StructSet<float>;
+static auto s2s_F64StructSet = s2s_StructSet<double>;
+static auto s2s_S128StructSet = s2s_StructSet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefStructSet(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  int offset = ReadI32(code);
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  WasmRef struct_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(struct_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  Address field_addr = (*struct_obj).ptr() + offset;
+  base::WriteUnalignedValue<Tagged_t>(
+      field_addr, V8HeapCompressionScheme::CompressObject((*ref).ptr()));
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_ArrayNew(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  const uint32_t elem_count = pop<int32_t>(sp, code, wasm_runtime);
+  const T value = pop<T>(sp, code, wasm_runtime);
+
+  std::pair<Handle<WasmArray>, const ArrayType*> array_new_result =
+      wasm_runtime->ArrayNewUninitialized(elem_count, array_index);
+  Handle<WasmArray> array = array_new_result.first;
+  if (V8_UNLIKELY(array.is_null())) {
+    TRAP(TrapReason::kTrapArrayTooLarge)
+  }
+
+  {
+    // The new array is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    const ArrayType* array_type = array_new_result.second;
+    const ValueKind kind = array_type->element_type().kind();
+    const uint32_t element_size = value_kind_size(kind);
+    DCHECK_EQ(element_size, sizeof(U));
+
+    Address element_addr = array->ElementAddress(0);
+    for (uint32_t i = 0; i < elem_count; i++) {
+      base::WriteUnalignedValue<U>(element_addr, value);
+      element_addr += element_size;
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, array);
+
+  NextOp();
+}
+static auto s2s_I8ArrayNew = s2s_ArrayNew<int32_t, int8_t>;
+static auto s2s_I16ArrayNew = s2s_ArrayNew<int32_t, int16_t>;
+static auto s2s_I32ArrayNew = s2s_ArrayNew<int32_t>;
+static auto s2s_I64ArrayNew = s2s_ArrayNew<int64_t>;
+static auto s2s_F32ArrayNew = s2s_ArrayNew<float>;
+static auto s2s_F64ArrayNew = s2s_ArrayNew<double>;
+static auto s2s_S128ArrayNew = s2s_ArrayNew<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefArrayNew(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  const uint32_t elem_count = pop<int32_t>(sp, code, wasm_runtime);
+  const WasmRef value = pop<WasmRef>(sp, code, wasm_runtime);
+
+  std::pair<Handle<WasmArray>, const ArrayType*> array_new_result =
+      wasm_runtime->ArrayNewUninitialized(elem_count, array_index);
+  Handle<WasmArray> array = array_new_result.first;
+  if (V8_UNLIKELY(array.is_null())) {
+    TRAP(TrapReason::kTrapArrayTooLarge)
+  }
+
+#if DEBUG
+  const ArrayType* array_type = array_new_result.second;
+  DCHECK_EQ(value_kind_size(array_type->element_type().kind()),
+            sizeof(Tagged_t));
+#endif
+
+  {
+    // The new array is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    Address element_addr = array->ElementAddress(0);
+    for (uint32_t i = 0; i < elem_count; i++) {
+      base::WriteUnalignedValue<Tagged_t>(
+          element_addr,
+          V8HeapCompressionScheme::CompressObject((*value).ptr()));
+      element_addr += sizeof(Tagged_t);
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, array);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ArrayNewFixed(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  const uint32_t elem_count = ReadI32(code);
+
+  std::pair<Handle<WasmArray>, const ArrayType*> array_new_result =
+      wasm_runtime->ArrayNewUninitialized(elem_count, array_index);
+  Handle<WasmArray> array = array_new_result.first;
+  if (V8_UNLIKELY(array.is_null())) {
+    TRAP(TrapReason::kTrapArrayTooLarge)
+  }
+
+  {
+    // The new array is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    if (elem_count > 0) {
+      const ArrayType* array_type = array_new_result.second;
+      const ValueKind kind = array_type->element_type().kind();
+      const uint32_t element_size = value_kind_size(kind);
+
+      Address element_addr = array->ElementAddress(elem_count - 1);
+      for (uint32_t i = 0; i < elem_count; i++) {
+        switch (kind) {
+          case kI8:
+            *reinterpret_cast<int8_t*>(element_addr) =
+                pop<int32_t>(sp, code, wasm_runtime);
+            break;
+          case kI16:
+            base::WriteUnalignedValue<int16_t>(
+                element_addr, pop<int32_t>(sp, code, wasm_runtime));
+            break;
+          case kI32:
+            base::WriteUnalignedValue<int32_t>(
+                element_addr, pop<int32_t>(sp, code, wasm_runtime));
+            break;
+          case kI64:
+            base::WriteUnalignedValue<int64_t>(
+                element_addr, pop<int64_t>(sp, code, wasm_runtime));
+            break;
+          case kF32:
+            base::WriteUnalignedValue<float>(
+                element_addr, pop<float>(sp, code, wasm_runtime));
+            break;
+          case kF64:
+            base::WriteUnalignedValue<double>(
+                element_addr, pop<double>(sp, code, wasm_runtime));
+            break;
+          case kS128:
+            base::WriteUnalignedValue<Simd128>(
+                element_addr, pop<Simd128>(sp, code, wasm_runtime));
+            break;
+          case kRef:
+          case kRefNull: {
+            WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+            base::WriteUnalignedValue<Tagged_t>(
+                element_addr,
+                V8HeapCompressionScheme::CompressObject((*ref).ptr()));
+            break;
+          }
+          default:
+            UNREACHABLE();
+        }
+        element_addr -= element_size;
+      }
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, array);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC
+s2s_ArrayNewDefault(const uint8_t* code, uint32_t* sp,
+                    WasmInterpreterRuntime* wasm_runtime, int64_t r0,
+                    double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  const uint32_t elem_count = pop<int32_t>(sp, code, wasm_runtime);
+
+  std::pair<Handle<WasmArray>, const ArrayType*> array_new_result =
+      wasm_runtime->ArrayNewUninitialized(elem_count, array_index);
+  Handle<WasmArray> array = array_new_result.first;
+  if (V8_UNLIKELY(array.is_null())) {
+    TRAP(TrapReason::kTrapArrayTooLarge)
+  }
+
+  {
+    // The new array is uninitialized, which means GC might fail until
+    // initialization.
+    DisallowHeapAllocation no_gc;
+
+    const ArrayType* array_type = array_new_result.second;
+    const ValueType element_type = array_type->element_type();
+    const ValueKind kind = element_type.kind();
+    const uint32_t element_size = value_kind_size(kind);
+
+    Address element_addr = array->ElementAddress(0);
+    for (uint32_t i = 0; i < elem_count; i++) {
+      switch (kind) {
+        case kI8:
+          *reinterpret_cast<int8_t*>(element_addr) = int8_t{};
+          break;
+        case kI16:
+          base::WriteUnalignedValue<int16_t>(element_addr, int16_t{});
+          break;
+        case kI32:
+          base::WriteUnalignedValue<int32_t>(element_addr, int32_t{});
+          break;
+        case kI64:
+          base::WriteUnalignedValue<int64_t>(element_addr, int64_t{});
+          break;
+        case kF32:
+          base::WriteUnalignedValue<float>(element_addr, float{});
+          break;
+        case kF64:
+          base::WriteUnalignedValue<double>(element_addr, double{});
+          break;
+        case kS128:
+          base::WriteUnalignedValue<Simd128>(element_addr, Simd128{});
+          break;
+        case kRef:
+        case kRefNull:
+          base::WriteUnalignedValue<Tagged_t>(
+              element_addr,
+              static_cast<Tagged_t>(
+                  wasm_runtime->GetNullValue(element_type).ptr()));
+          break;
+        default:
+          UNREACHABLE();
+      }
+      element_addr += element_size;
+    }
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, array);
+
+  NextOp();
+}
+
+template <TrapReason OutOfBoundsError>
+INSTRUCTION_HANDLER_FUNC s2s_ArrayNewSegment(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  // TODO(paolosev@microsoft.com): already validated?
+  if (V8_UNLIKELY(!Smi::IsValid(array_index))) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  const uint32_t data_index = ReadI32(code);
+  // TODO(paolosev@microsoft.com): already validated?
+  if (V8_UNLIKELY(!Smi::IsValid(data_index))) {
+    TRAP(OutOfBoundsError)
+  }
+
+  uint32_t length = pop<int32_t>(sp, code, wasm_runtime);
+  uint32_t offset = pop<int32_t>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(!Smi::IsValid(offset))) {
+    TRAP(OutOfBoundsError)
+  }
+  if (V8_UNLIKELY(length >= static_cast<uint32_t>(WasmArray::MaxLength(
+                                wasm_runtime->GetArrayType(array_index))))) {
+    TRAP(TrapReason::kTrapArrayTooLarge)
+  }
+
+  WasmRef result = wasm_runtime->WasmArrayNewSegment(array_index, data_index,
+                                                     offset, length);
+  if (V8_UNLIKELY(result.is_null())) {
+    wasm::TrapReason reason = WasmInterpreterThread::GetRuntimeLastWasmError(
+        wasm_runtime->GetIsolate());
+    INLINED_TRAP(reason)
+  }
+  push<WasmRef>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+// The instructions array.new_data and array.new_elem have the same
+// implementation after validation. The only difference is that array.init_elem
+// is used with arrays that contain elements of reference types, and
+// array.init_data with arrays that contain elements of numeric types.
+static auto s2s_ArrayNewData = s2s_ArrayNewSegment<kTrapDataSegmentOutOfBounds>;
+static auto s2s_ArrayNewElem =
+    s2s_ArrayNewSegment<kTrapElementSegmentOutOfBounds>;
+
+template <bool init_data>
+INSTRUCTION_HANDLER_FUNC s2s_ArrayInitSegment(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  const uint32_t array_index = ReadI32(code);
+  // TODO(paolosev@microsoft.com): already validated?
+  if (V8_UNLIKELY(!Smi::IsValid(array_index))) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  const uint32_t data_index = ReadI32(code);
+  // TODO(paolosev@microsoft.com): already validated?
+  if (V8_UNLIKELY(!Smi::IsValid(data_index))) {
+    TRAP(TrapReason::kTrapElementSegmentOutOfBounds)
+  }
+
+  uint32_t size = pop<int32_t>(sp, code, wasm_runtime);
+  uint32_t src_offset = pop<int32_t>(sp, code, wasm_runtime);
+  uint32_t dest_offset = pop<int32_t>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(!Smi::IsValid(size)) || !Smi::IsValid(dest_offset)) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+  if (V8_UNLIKELY(!Smi::IsValid(src_offset))) {
+    TrapReason reason = init_data ? TrapReason::kTrapDataSegmentOutOfBounds
+                                  : TrapReason::kTrapElementSegmentOutOfBounds;
+    INLINED_TRAP(reason);
+  }
+
+  WasmRef array = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+
+  bool ok = wasm_runtime->WasmArrayInitSegment(data_index, array, dest_offset,
+                                               src_offset, size);
+  if (V8_UNLIKELY(!ok)) {
+    TrapReason reason = WasmInterpreterThread::GetRuntimeLastWasmError(
+        wasm_runtime->GetIsolate());
+    INLINED_TRAP(reason)
+  }
+
+  NextOp();
+}
+// The instructions array.init_data and array.init_elem have the same
+// implementation after validation. The only difference is that array.init_elem
+// is used with arrays that contain elements of reference types, and
+// array.init_data with arrays that contain elements of numeric types.
+static auto s2s_ArrayInitData = s2s_ArrayInitSegment<true>;
+static auto s2s_ArrayInitElem = s2s_ArrayInitSegment<false>;
+
+INSTRUCTION_HANDLER_FUNC s2s_ArrayLen(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  push<int32_t>(sp, code, wasm_runtime, array->length());
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ArrayCopy(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  const uint32_t dest_array_index = ReadI32(code);
+  const uint32_t src_array_index = ReadI32(code);
+  // TODO(paolosev@microsoft.com): already validated?
+  if (V8_UNLIKELY(!Smi::IsValid(dest_array_index) ||
+                  !Smi::IsValid(src_array_index))) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  uint32_t size = pop<int32_t>(sp, code, wasm_runtime);
+  uint32_t src_offset = pop<int32_t>(sp, code, wasm_runtime);
+  WasmRef src_array = pop<WasmRef>(sp, code, wasm_runtime);
+  uint32_t dest_offset = pop<int32_t>(sp, code, wasm_runtime);
+  WasmRef dest_array = pop<WasmRef>(sp, code, wasm_runtime);
+
+  if (V8_UNLIKELY(!Smi::IsValid(src_offset)) || !Smi::IsValid(dest_offset)) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  } else if (V8_UNLIKELY(wasm_runtime->IsRefNull(dest_array))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  } else if (V8_UNLIKELY(dest_offset + size >
+                         Cast<WasmArray>(*dest_array)->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  } else if (V8_UNLIKELY(wasm_runtime->IsRefNull(src_array))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  } else if (V8_UNLIKELY(src_offset + size >
+                         Cast<WasmArray>(*src_array)->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  bool ok = true;
+  if (size > 0) {
+    ok = wasm_runtime->WasmArrayCopy(dest_array, dest_offset, src_array,
+                                     src_offset, size);
+  }
+
+  if (V8_UNLIKELY(!ok)) {
+    wasm::TrapReason reason = WasmInterpreterThread::GetRuntimeLastWasmError(
+        wasm_runtime->GetIsolate());
+    INLINED_TRAP(reason)
+  }
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_ArrayGet(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  uint32_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(index >= array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  Address element_addr = array->ElementAddress(index);
+  push<T>(sp, code, wasm_runtime, base::ReadUnalignedValue<U>(element_addr));
+
+  NextOp();
+}
+static auto s2s_I8SArrayGet = s2s_ArrayGet<int32_t, int8_t>;
+static auto s2s_I8UArrayGet = s2s_ArrayGet<uint32_t, uint8_t>;
+static auto s2s_I16SArrayGet = s2s_ArrayGet<int32_t, int16_t>;
+static auto s2s_I16UArrayGet = s2s_ArrayGet<uint32_t, uint16_t>;
+static auto s2s_I32ArrayGet = s2s_ArrayGet<int32_t>;
+static auto s2s_I64ArrayGet = s2s_ArrayGet<int64_t>;
+static auto s2s_F32ArrayGet = s2s_ArrayGet<float>;
+static auto s2s_F64ArrayGet = s2s_ArrayGet<double>;
+static auto s2s_S128ArrayGet = s2s_ArrayGet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefArrayGet(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  uint32_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(index >= array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime,
+                wasm_runtime->GetWasmArrayRefElement(array, index));
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_ArraySet(const uint8_t* code, uint32_t* sp,
+                                      WasmInterpreterRuntime* wasm_runtime,
+                                      int64_t r0, double fp0) {
+  const T value = pop<T>(sp, code, wasm_runtime);
+  const uint32_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(index >= array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  Address element_addr = array->ElementAddress(index);
+  base::WriteUnalignedValue<U>(element_addr, value);
+
+  NextOp();
+}
+static auto s2s_I8ArraySet = s2s_ArraySet<int32_t, int8_t>;
+static auto s2s_I16ArraySet = s2s_ArraySet<int32_t, int16_t>;
+static auto s2s_I32ArraySet = s2s_ArraySet<int32_t>;
+static auto s2s_I64ArraySet = s2s_ArraySet<int64_t>;
+static auto s2s_F32ArraySet = s2s_ArraySet<float>;
+static auto s2s_F64ArraySet = s2s_ArraySet<double>;
+static auto s2s_S128ArraySet = s2s_ArraySet<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefArraySet(const uint8_t* code, uint32_t* sp,
+                                         WasmInterpreterRuntime* wasm_runtime,
+                                         int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  const uint32_t index = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(index >= array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  Address element_addr = array->ElementAddress(index);
+  base::WriteUnalignedValue<Tagged_t>(
+      element_addr, V8HeapCompressionScheme::CompressObject((*ref).ptr()));
+
+  NextOp();
+}
+
+template <typename T, typename U = T>
+INSTRUCTION_HANDLER_FUNC s2s_ArrayFill(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  uint32_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  T value = pop<U>(sp, code, wasm_runtime);
+  uint32_t offset = pop<uint32_t>(sp, code, wasm_runtime);
+
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(static_cast<uint64_t>(offset) + size > array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  Address element_addr = array->ElementAddress(offset);
+  for (uint32_t i = 0; i < size; i++) {
+    base::WriteUnalignedValue<T>(element_addr, value);
+    element_addr += sizeof(T);
+  }
+
+  NextOp();
+}
+static auto s2s_I8ArrayFill = s2s_ArrayFill<int8_t, int32_t>;
+static auto s2s_I16ArrayFill = s2s_ArrayFill<int16_t, int32_t>;
+static auto s2s_I32ArrayFill = s2s_ArrayFill<int32_t>;
+static auto s2s_I64ArrayFill = s2s_ArrayFill<int64_t>;
+static auto s2s_F32ArrayFill = s2s_ArrayFill<float>;
+static auto s2s_F64ArrayFill = s2s_ArrayFill<double>;
+static auto s2s_S128ArrayFill = s2s_ArrayFill<Simd128>;
+
+INSTRUCTION_HANDLER_FUNC s2s_RefArrayFill(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  // DrumBrake currently only works with pointer compression.
+  static_assert(COMPRESS_POINTERS_BOOL);
+
+  uint32_t size = pop<uint32_t>(sp, code, wasm_runtime);
+  WasmRef value = pop<WasmRef>(sp, code, wasm_runtime);
+  Tagged<Object> tagged_value = *value;
+  uint32_t offset = pop<uint32_t>(sp, code, wasm_runtime);
+
+  WasmRef array_obj = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(array_obj))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsWasmArray(*array_obj));
+
+  Tagged<WasmArray> array = Cast<WasmArray>(*array_obj);
+  if (V8_UNLIKELY(static_cast<uint64_t>(offset) + size > array->length())) {
+    TRAP(TrapReason::kTrapArrayOutOfBounds)
+  }
+
+  Address element_addr = array->ElementAddress(offset);
+  for (uint32_t i = 0; i < size; i++) {
+    // Only stores the lower 32-bit.
+    base::WriteUnalignedValue<Tagged_t>(
+        element_addr, static_cast<Tagged_t>(tagged_value.ptr()));
+    element_addr += kTaggedSize;
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefI31(const uint8_t* code, uint32_t* sp,
+                                    WasmInterpreterRuntime* wasm_runtime,
+                                    int64_t r0, double fp0) {
+  uint32_t value = pop<int32_t>(sp, code, wasm_runtime);
+
+  // Truncate high bit.
+  Tagged<Smi> smi(Internals::IntToSmi(value & 0x7fffffff));
+  push<WasmRef>(sp, code, wasm_runtime,
+                handle(smi, wasm_runtime->GetIsolate()));
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_I31GetS(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(ref))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsSmi(*ref));
+  push<int32_t>(sp, code, wasm_runtime, i::Smi::ToInt(*ref));
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_I31GetU(const uint8_t* code, uint32_t* sp,
+                                     WasmInterpreterRuntime* wasm_runtime,
+                                     int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(ref))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  DCHECK(IsSmi(*ref));
+  push<uint32_t>(sp, code, wasm_runtime,
+                 0x7fffffff & static_cast<uint32_t>(i::Smi::ToInt(*ref)));
+
+  NextOp();
+}
+
+template <bool null_succeeds>
+INSTRUCTION_HANDLER_FUNC RefCast(const uint8_t* code, uint32_t* sp,
+                                 WasmInterpreterRuntime* wasm_runtime,
+                                 int64_t r0, double fp0) {
+  HeapType target_type(ReadI32(code));
+
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  if (!DoRefCast(ref, ref_type, target_type, null_succeeds, wasm_runtime)) {
+    TRAP(TrapReason::kTrapIllegalCast)
+  }
+
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  NextOp();
+}
+static auto s2s_RefCast = RefCast<false>;
+static auto s2s_RefCastNull = RefCast<true>;
+
+template <bool null_succeeds>
+INSTRUCTION_HANDLER_FUNC RefTest(const uint8_t* code, uint32_t* sp,
+                                 WasmInterpreterRuntime* wasm_runtime,
+                                 int64_t r0, double fp0) {
+  HeapType target_type(ReadI32(code));
+
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+
+  bool cast_succeeds =
+      DoRefCast(ref, ref_type, target_type, null_succeeds, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, cast_succeeds ? 1 : 0);
+
+  NextOp();
+}
+static auto s2s_RefTest = RefTest<false>;
+static auto s2s_RefTestNull = RefTest<true>;
+
+INSTRUCTION_HANDLER_FUNC s2s_AssertNullTypecheck(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+  if (!wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    TRAP(TrapReason::kTrapIllegalCast)
+  }
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_AssertNotNullTypecheck(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  const uint32_t ref_bitfield = ReadI32(code);
+  ValueType ref_type = ValueType::FromRawBitField(ref_bitfield);
+  if (wasm_runtime->IsNullTypecheck(ref, ref_type)) {
+    TRAP(TrapReason::kTrapIllegalCast)
+  }
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_TrapIllegalCast(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0){TRAP(TrapReason::kTrapIllegalCast)}
+
+INSTRUCTION_HANDLER_FUNC
+    s2s_RefTestSucceeds(const uint8_t* code, uint32_t* sp,
+                        WasmInterpreterRuntime* wasm_runtime, int64_t r0,
+                        double fp0) {
+  pop<WasmRef>(sp, code, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, 1);  // true
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC
+s2s_RefTestFails(const uint8_t* code, uint32_t* sp,
+                 WasmInterpreterRuntime* wasm_runtime, int64_t r0, double fp0) {
+  pop<WasmRef>(sp, code, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, 0);  // false
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefIsNonNull(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  push<int32_t>(sp, code, wasm_runtime, wasm_runtime->IsRefNull(ref) ? 0 : 1);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_RefAsNonNull(const uint8_t* code, uint32_t* sp,
+                                          WasmInterpreterRuntime* wasm_runtime,
+                                          int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+  if (V8_UNLIKELY(wasm_runtime->IsRefNull(ref))) {
+    TRAP(TrapReason::kTrapNullDereference)
+  }
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_AnyConvertExtern(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  WasmRef extern_ref = pop<WasmRef>(sp, code, wasm_runtime);
+  // Pass 0 as canonical type index; see implementation of builtin
+  // WasmAnyConvertExtern.
+  WasmRef result = wasm_runtime->WasmJSToWasmObject(
+      extern_ref, kWasmAnyRef, 0 /* canonical type index */);
+  if (V8_UNLIKELY(result.is_null())) {
+    wasm::TrapReason reason = WasmInterpreterThread::GetRuntimeLastWasmError(
+        wasm_runtime->GetIsolate());
+    INLINED_TRAP(reason)
+  }
+  push<WasmRef>(sp, code, wasm_runtime, result);
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC s2s_ExternConvertAny(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  WasmRef ref = pop<WasmRef>(sp, code, wasm_runtime);
+
+  if (wasm_runtime->IsNullTypecheck(ref, kWasmAnyRef)) {
+    ref = handle(wasm_runtime->GetNullValue(kWasmExternRef),
+                 wasm_runtime->GetIsolate());
+  }
+  push<WasmRef>(sp, code, wasm_runtime, ref);
+
+  NextOp();
+}
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+
+INSTRUCTION_HANDLER_FUNC s2s_TraceInstruction(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t pc = ReadI32(code);
+  uint32_t opcode = ReadI32(code);
+  uint32_t reg_mode = ReadI32(code);
+
+  if (v8_flags.trace_drumbrake_execution) {
+    wasm_runtime->Trace(
+        "@%-3u:         %-24s: ", pc,
+        wasm::WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(opcode)));
+    wasm_runtime->PrintStack(sp, static_cast<RegMode>(reg_mode), r0, fp0);
+  }
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC trace_UpdateStack(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  uint32_t stack_index = ReadI32(code);
+  uint32_t slot_offset = ReadI32(code);
+  wasm_runtime->TraceUpdate(stack_index, slot_offset);
+
+  NextOp();
+}
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC trace_PushConstSlot(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t slot_offset = ReadI32(code);
+  wasm_runtime->TracePush<T>(slot_offset * kSlotSize);
+
+  NextOp();
+}
+static auto trace_PushConstI32Slot = trace_PushConstSlot<int32_t>;
+static auto trace_PushConstI64Slot = trace_PushConstSlot<int64_t>;
+static auto trace_PushConstF32Slot = trace_PushConstSlot<float>;
+static auto trace_PushConstF64Slot = trace_PushConstSlot<double>;
+static auto trace_PushConstS128Slot = trace_PushConstSlot<Simd128>;
+static auto trace_PushConstRefSlot = trace_PushConstSlot<WasmRef>;
+
+void WasmBytecodeGenerator::TracePushConstSlot(uint32_t slot_index) {
+  if (v8_flags.trace_drumbrake_execution) {
+    switch (slots_[slot_index].kind()) {
+      case kI32:
+        EMIT_INSTR_HANDLER(trace_PushConstI32Slot);
+        break;
+      case kI64:
+        EMIT_INSTR_HANDLER(trace_PushConstI64Slot);
+        break;
+      case kF32:
+        EMIT_INSTR_HANDLER(trace_PushConstF32Slot);
+        break;
+      case kF64:
+        EMIT_INSTR_HANDLER(trace_PushConstF64Slot);
+        break;
+      case kS128:
+        EMIT_INSTR_HANDLER(trace_PushConstS128Slot);
+        break;
+      case kRef:
+      case kRefNull:
+        EMIT_INSTR_HANDLER(trace_PushConstRefSlot);
+        break;
+      default:
+        UNREACHABLE();
+    }
+    EmitI32Const(slots_[slot_index].slot_offset);
+  }
+}
+
+INSTRUCTION_HANDLER_FUNC trace_PushCopySlot(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0) {
+  uint32_t index = ReadI32(code);
+
+  wasm_runtime->TracePushCopy(index);
+
+  NextOp();
+}
+
+void WasmBytecodeGenerator::TracePushCopySlot(uint32_t from) {
+  if (v8_flags.trace_drumbrake_execution) {
+    EMIT_INSTR_HANDLER(trace_PushCopySlot);
+    EmitI32Const(from);
+  }
+}
+
+INSTRUCTION_HANDLER_FUNC trace_PopSlot(const uint8_t* code, uint32_t* sp,
+                                       WasmInterpreterRuntime* wasm_runtime,
+                                       int64_t r0, double fp0) {
+  wasm_runtime->TracePop();
+
+  NextOp();
+}
+
+INSTRUCTION_HANDLER_FUNC trace_SetSlotType(const uint8_t* code, uint32_t* sp,
+                                           WasmInterpreterRuntime* wasm_runtime,
+                                           int64_t r0, double fp0) {
+  uint32_t stack_index = ReadI32(code);
+  uint32_t type = ReadI32(code);
+  wasm_runtime->TraceSetSlotType(stack_index, type);
+
+  NextOp();
+}
+
+void WasmBytecodeGenerator::TraceSetSlotType(uint32_t stack_index,
+                                             ValueType type) {
+  if (v8_flags.trace_drumbrake_execution) {
+    EMIT_INSTR_HANDLER(trace_SetSlotType);
+    EmitI32Const(stack_index);
+    EmitI32Const(type.raw_bit_field());
+  }
+}
+
+void ShadowStack::Print(WasmInterpreterRuntime* wasm_runtime,
+                        const uint32_t* sp, size_t start_params,
+                        size_t start_locals, size_t start_stack,
+                        RegMode reg_mode, int64_t r0, double fp0) const {
+  for (size_t i = 0; i < stack_.size(); i++) {
+    char slot_kind = i < start_locals - start_params  ? 'p'
+                     : i < start_stack - start_params ? 'l'
+                                                      : 's';
+    const uint8_t* addr =
+        reinterpret_cast<const uint8_t*>(sp) + stack_[i].slot_offset_;
+    stack_[i].Print(wasm_runtime, start_params + i, slot_kind, addr);
+  }
+
+  switch (reg_mode) {
+    case RegMode::kI32Reg:
+      ShadowStack::Slot::Print(wasm_runtime, kWasmI32,
+                               start_params + stack_.size(), 'R',
+                               reinterpret_cast<const uint8_t*>(&r0));
+      break;
+    case RegMode::kI64Reg:
+      ShadowStack::Slot::Print(wasm_runtime, kWasmI64,
+                               start_params + stack_.size(), 'R',
+                               reinterpret_cast<const uint8_t*>(&r0));
+      break;
+    case RegMode::kF32Reg: {
+      float f = static_cast<float>(fp0);
+      ShadowStack::Slot::Print(wasm_runtime, kWasmF32,
+                               start_params + stack_.size(), 'R',
+                               reinterpret_cast<const uint8_t*>(&f));
+    } break;
+    case RegMode::kF64Reg:
+      ShadowStack::Slot::Print(wasm_runtime, kWasmF64,
+                               start_params + stack_.size(), 'R',
+                               reinterpret_cast<const uint8_t*>(&fp0));
+      break;
+    default:
+      break;
+  }
+
+  wasm_runtime->Trace("\n");
+}
+
+// static
+void ShadowStack::Slot::Print(WasmInterpreterRuntime* wasm_runtime,
+                              ValueType type, size_t index, char kind,
+                              const uint8_t* addr) {
+  switch (type.kind()) {
+    case kI32:
+      wasm_runtime->Trace(
+          "%c%zu:i32:%d ", kind, index,
+          base::ReadUnalignedValue<int32_t>(reinterpret_cast<Address>(addr)));
+      break;
+    case kI64:
+      wasm_runtime->Trace(
+          "%c%zu:i64:%" PRId64, kind, index,
+          base::ReadUnalignedValue<int64_t>(reinterpret_cast<Address>(addr)));
+      break;
+    case kF32: {
+      float f =
+          base::ReadUnalignedValue<float>(reinterpret_cast<Address>(addr));
+      wasm_runtime->Trace("%c%zu:f32:%f ", kind, index, static_cast<double>(f));
+    } break;
+    case kF64:
+      wasm_runtime->Trace(
+          "%c%zu:f64:%f ", kind, index,
+          base::ReadUnalignedValue<double>(reinterpret_cast<Address>(addr)));
+      break;
+    case kS128: {
+      // This defaults to tracing all S128 values as i32x4 values for now,
+      // when there is more state to know what type of values are on the
+      // stack, the right format should be printed here.
+      int32x4 s;
+      s.val[0] =
+          base::ReadUnalignedValue<uint32_t>(reinterpret_cast<Address>(addr));
+      s.val[1] = base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(addr + 4));
+      s.val[2] = base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(addr + 8));
+      s.val[3] = base::ReadUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(addr + 12));
+      wasm_runtime->Trace("%c%zu:s128:%08x,%08x,%08x,%08x ", kind, index,
+                          s.val[0], s.val[1], s.val[2], s.val[3]);
+      break;
+    }
+    case kRef:
+    case kRefNull:
+      DCHECK_EQ(sizeof(uint64_t), sizeof(WasmRef));
+      // TODO(paolosev@microsoft.com): Extract actual ref value from
+      // reference_stack_.
+      wasm_runtime->Trace(
+          "%c%zu:ref:%" PRIx64, kind, index,
+          base::ReadUnalignedValue<uint64_t>(reinterpret_cast<Address>(addr)));
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+PWasmOp* kInstructionTable[kInstructionTableSize] = {
+#ifndef V8_DRUMBRAKE_BOUNDS_CHECKS
+// For this case, this table will be initialized in
+// InitInstructionTableOnce.
+#define V(_) nullptr,
+    FOREACH_LOAD_STORE_INSTR_HANDLER(V)
+#undef V
+
+#else
+#define V(name) name,
+    FOREACH_LOAD_STORE_INSTR_HANDLER(V)
+        FOREACH_LOAD_STORE_DUPLICATED_INSTR_HANDLER(V)
+#undef V
+
+#endif  // V8_DRUMBRAKE_BOUNDS_CHECKS
+
+#define V(name) name,
+        FOREACH_NO_BOUNDSCHECK_INSTR_HANDLER(V)
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+            FOREACH_TRACE_INSTR_HANDLER(V)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+#undef V
+};
+
+////////////////////////////////////////////////////////////////////////////////
+////////////////////////////////////////////////////////////////////////////////
+
+const WasmEHData::TryBlock* WasmEHData::GetTryBlock(
+    CodeOffset code_offset) const {
+  const auto& catch_it = code_trycatch_map_.find(code_offset);
+  if (catch_it == code_trycatch_map_.end()) return nullptr;
+  BlockIndex try_block_index = catch_it->second;
+
+  const auto& try_it = try_blocks_.find(try_block_index);
+  DCHECK_NE(try_it, try_blocks_.end());
+  const WasmEHData::TryBlock* try_block = &try_it->second;
+  if (try_block->IsTryDelegate()) {
+    try_block = GetDelegateTryBlock(try_block);
+  }
+  return try_block;
+}
+
+const WasmEHData::TryBlock* WasmEHData::GetParentTryBlock(
+    const WasmEHData::TryBlock* try_block) const {
+  const auto& try_it =
+      try_blocks_.find(try_block->parent_or_matching_try_block);
+  return try_it != try_blocks_.end() ? &try_it->second : nullptr;
+}
+
+const WasmEHData::TryBlock* WasmEHData::GetDelegateTryBlock(
+    const WasmEHData::TryBlock* try_block) const {
+  DCHECK_GE(try_block->delegate_try_index, 0);
+  if (try_block->delegate_try_index == WasmEHData::kDelegateToCallerIndex) {
+    return nullptr;
+  }
+  const auto& try_it = try_blocks_.find(try_block->delegate_try_index);
+  DCHECK_NE(try_it, try_blocks_.end());
+  return &try_it->second;
+}
+
+size_t WasmEHData::GetEndInstructionOffsetFor(
+    WasmEHData::BlockIndex catch_block_index) const {
+  int try_block_index = GetTryBranchOf(catch_block_index);
+  DCHECK_GE(try_block_index, 0);
+
+  const auto& it = try_blocks_.find(try_block_index);
+  DCHECK_NE(it, try_blocks_.end());
+  return it->second.end_instruction_code_offset;
+}
+
+WasmEHData::ExceptionPayloadSlotOffsets
+WasmEHData::GetExceptionPayloadStartSlotOffsets(
+    WasmEHData::BlockIndex catch_block_index) const {
+  const auto& it = catch_blocks_.find(catch_block_index);
+  DCHECK_NE(it, catch_blocks_.end());
+  return {it->second.first_param_slot_offset,
+          it->second.first_param_ref_stack_index};
+}
+
+WasmEHData::BlockIndex WasmEHData::GetTryBranchOf(
+    WasmEHData::BlockIndex catch_block_index) const {
+  const auto& it = catch_blocks_.find(catch_block_index);
+  if (it == catch_blocks_.end()) return -1;
+  return it->second.try_block_index;
+}
+
+void WasmEHDataGenerator::AddTryBlock(
+    BlockIndex try_block_index, BlockIndex parent_or_matching_try_block_index,
+    BlockIndex ancestor_try_block_index) {
+  DCHECK_EQ(try_blocks_.find(try_block_index), try_blocks_.end());
+  try_blocks_.insert(
+      {try_block_index,
+       TryBlock{parent_or_matching_try_block_index, ancestor_try_block_index}});
+  current_try_block_index_ = try_block_index;
+}
+
+void WasmEHDataGenerator::AddCatchBlock(BlockIndex catch_block_index,
+                                        int tag_index,
+                                        uint32_t first_param_slot_offset,
+                                        uint32_t first_param_ref_stack_index,
+                                        CodeOffset code_offset) {
+  DCHECK_EQ(catch_blocks_.find(catch_block_index), catch_blocks_.end());
+  catch_blocks_.insert(
+      {catch_block_index,
+       CatchBlock{current_try_block_index_, first_param_slot_offset,
+                  first_param_ref_stack_index}});
+
+  auto it = try_blocks_.find(current_try_block_index_);
+  DCHECK_NE(it, try_blocks_.end());
+  it->second.catch_handlers.emplace_back(
+      CatchHandler{catch_block_index, tag_index, code_offset});
+}
+
+void WasmEHDataGenerator::AddDelegatedBlock(
+    BlockIndex delegate_try_block_index) {
+  auto it = try_blocks_.find(current_try_block_index_);
+  DCHECK_NE(it, try_blocks_.end());
+  TryBlock& try_block = it->second;
+  DCHECK(try_block.catch_handlers.empty());
+  try_block.SetDelegated(delegate_try_block_index);
+}
+
+WasmEHData::BlockIndex WasmEHDataGenerator::EndTryCatchBlocks(
+    WasmEHData::BlockIndex block_index, CodeOffset code_offset) {
+  WasmEHData::BlockIndex try_block_index = GetTryBranchOf(block_index);
+  if (try_block_index < 0) {
+    // No catch/catch_all blocks.
+    try_block_index = block_index;
+  }
+
+  const auto& try_it = try_blocks_.find(try_block_index);
+  DCHECK_NE(try_it, try_blocks_.end());
+  try_it->second.end_instruction_code_offset = code_offset;
+  current_try_block_index_ = try_it->second.parent_or_matching_try_block;
+  return try_block_index;
+}
+
+void WasmEHDataGenerator::RecordPotentialExceptionThrowingInstruction(
+    WasmOpcode opcode, CodeOffset code_offset) {
+  if (current_try_block_index_ < 0) {
+    return;  // Not inside a try block.
+  }
+
+  BlockIndex try_block_index = current_try_block_index_;
+  const auto& try_it = try_blocks_.find(current_try_block_index_);
+  DCHECK_NE(try_it, try_blocks_.end());
+  const TryBlock& try_block = try_it->second;
+
+  bool inside_catch_handler = !try_block.catch_handlers.empty();
+  if (inside_catch_handler) {
+    // If we are throwing from inside a catch block, the exception should only
+    // be caught by the catch handler of an ancestor try block.
+    try_block_index = try_block.ancestor_try_index;
+    if (try_block_index < 0) return;
+  }
+
+  code_trycatch_map_[code_offset] = try_block_index;
+}
+
+WasmBytecode::WasmBytecode(int func_index, const uint8_t* code_data,
+                           size_t code_length, uint32_t stack_frame_size,
+                           const FunctionSig* signature,
+                           const InterpreterCode* interpreter_code,
+                           size_t blocks_count, const uint8_t* const_slots_data,
+                           size_t const_slots_length, uint32_t ref_slots_count,
+                           const WasmEHData&& eh_data,
+                           const std::map<CodeOffset, pc_t>&& code_pc_map)
+    : code_(code_data, code_data + code_length),
+      code_bytes_(code_.data()),
+      signature_(signature),
+      interpreter_code_(interpreter_code),
+      const_slots_values_(const_slots_data,
+                          const_slots_data + const_slots_length),
+      func_index_(func_index),
+      blocks_count_(static_cast<uint32_t>(blocks_count)),
+      args_count_(static_cast<uint32_t>(signature_->parameter_count())),
+      args_slots_size_(ArgsSizeInSlots(signature_)),
+      return_count_(static_cast<uint32_t>(signature_->return_count())),
+      rets_slots_size_(RetsSizeInSlots(signature_)),
+      locals_count_(
+          static_cast<uint32_t>(interpreter_code_->locals.num_locals)),
+      locals_slots_size_(LocalsSizeInSlots(interpreter_code_)),
+      total_frame_size_in_bytes_(stack_frame_size * kSlotSize +
+                                 args_slots_size_ * kSlotSize +
+                                 rets_slots_size_ * kSlotSize),
+      ref_args_count_(RefArgsCount(signature_)),
+      ref_rets_count_(RefRetsCount(signature_)),
+      ref_locals_count_(RefLocalsCount(interpreter_code)),
+      ref_slots_count_(ref_slots_count),
+      eh_data_(eh_data),
+      code_pc_map_(code_pc_map) {}
+
+pc_t WasmBytecode::GetPcFromTrapCode(const uint8_t* current_code) const {
+  DCHECK_GE(current_code, code_bytes_);
+  size_t code_offset = current_code - code_bytes_;
+
+  auto it = code_pc_map_.lower_bound(code_offset);
+  if (it == code_pc_map_.begin()) return 0;
+  it--;
+
+  return it->second;
+}
+
+WasmBytecodeGenerator::WasmBytecodeGenerator(uint32_t function_index,
+                                             InterpreterCode* wasm_code,
+                                             const WasmModule* module)
+    : const_slot_offset_(0),
+      slot_offset_(0),
+      ref_slots_count_(0),
+      function_index_(function_index),
+      wasm_code_(wasm_code),
+      args_count_(0),
+      args_slots_size_(0),
+      return_count_(0),
+      rets_slots_size_(0),
+      locals_count_(0),
+      current_block_index_(-1),
+      is_instruction_reachable_(true),
+      unreachable_block_count_(0),
+#ifdef DEBUG
+      was_current_instruction_reachable_(true),
+#endif  // DEBUG
+      module_(module),
+      last_instr_offset_(kInvalidCodeOffset) {
+  DCHECK(v8_flags.wasm_jitless);
+
+  size_t wasm_code_size = wasm_code_->end - wasm_code_->start;
+  code_.reserve(wasm_code_size * 6);
+  slots_.reserve(wasm_code_size / 2);
+  stack_.reserve(wasm_code_size / 4);
+  blocks_.reserve(wasm_code_size / 8);
+
+  const FunctionSig* sig = module_->functions[function_index].sig;
+  args_count_ = static_cast<uint32_t>(sig->parameter_count());
+  args_slots_size_ = WasmBytecode::ArgsSizeInSlots(sig);
+  return_count_ = static_cast<uint32_t>(sig->return_count());
+  rets_slots_size_ = WasmBytecode::RetsSizeInSlots(sig);
+  locals_count_ = static_cast<uint32_t>(wasm_code->locals.num_locals);
+}
+
+size_t WasmBytecodeGenerator::Simd128Hash::operator()(
+    const Simd128& s128) const {
+  static_assert(sizeof(size_t) == sizeof(uint64_t));
+  const int64x2 s = s128.to_i64x2();
+  return s.val[0] ^ s.val[1];
+}
+
+// Look if the slot that hold the value at {stack_index} is being shared with
+// other slots. This can happen if there are multiple load.get operations that
+// copy from the same local.
+bool WasmBytecodeGenerator::HasSharedSlot(uint32_t stack_index) const {
+  // Only consider stack entries added in the current block.
+  // We don't need to consider ancestor blocks because if a block has a
+  // non-empty signature we always pass arguments and results into separate
+  // slots, emitting CopySlot operations.
+  uint32_t start_slot_index = blocks_[current_block_index_].stack_size_;
+
+  for (uint32_t i = start_slot_index; i < stack_.size(); i++) {
+    if (stack_[i] == stack_[stack_index]) {
+      return true;
+    }
+  }
+  return false;
+}
+
+// Look if the slot that hold the value at {stack_index} is being shared with
+// other slots. This can happen if there are multiple load.get operations that
+// copy from the same local. In this case when we modify the value of the slot
+// with a local.set or local.tee we need to first duplicate the slot to make
+// sure that the old value is preserved in the other shared slots.
+bool WasmBytecodeGenerator::FindSharedSlot(uint32_t stack_index,
+                                           uint32_t* new_slot_index) {
+  *new_slot_index = UINT_MAX;
+  ValueType value_type = slots_[stack_[stack_index]].value_type;
+  if (value_type.is_reference()) return false;
+
+  // Only consider stack entries added in the current block.
+  // We don't need to consider ancestor blocks because if a block has a
+  // non-empty signature we always pass arguments and results into separate
+  // slots, emitting CopySlot operations.
+  uint32_t start_slot_index = blocks_[current_block_index_].stack_size_;
+
+  for (uint32_t i = start_slot_index; i < stack_.size(); i++) {
+    if (stack_[i] == stack_[stack_index]) {
+      // Allocate new slot to preserve the old value of a shared slot.
+      *new_slot_index = CreateSlot(value_type);
+      break;
+    }
+  }
+
+  if (*new_slot_index == UINT_MAX) return false;
+
+  // If there was a collision and we allocated a new slot to preserve the old
+  // value, we need to do two things to keep the state up to date:
+  // 1. For each shared slot, we update the stack value to refer to the new
+  // slot. This track the change at bytecode generation time.
+  // 2. We return {true} to indicate that the slot was shared and the caller
+  // should emit a 's2s_PreserveCopySlot...' instruction to copy the old slot
+  // value into the new slot, at runtime.
+
+  // This loop works because stack_index is always greater or equal to the index
+  // of args/globals.
+  DCHECK_GT(start_slot_index, stack_index);
+  for (uint32_t i = start_slot_index; i < stack_.size(); i++) {
+    if (stack_[i] == stack_[stack_index]) {
+      // Copy value into the new slot.
+      UpdateStack(i, *new_slot_index);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution &&
+          v8_flags.trace_drumbrake_execution_verbose) {
+        EMIT_INSTR_HANDLER(trace_UpdateStack);
+        EmitI32Const(i);
+        EmitI32Const(slots_[*new_slot_index].slot_offset * kSlotSize);
+        printf("Preserve UpdateStack: [%d] = %d\n", i,
+               slots_[*new_slot_index].slot_offset);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+    }
+  }
+
+  return true;
+}
+
+void WasmBytecodeGenerator::EmitCopySlot(ValueType value_type,
+                                         uint32_t from_slot_index,
+                                         uint32_t to_slot_index,
+                                         bool copy_from_reg) {
+  const ValueKind kind = value_type.kind();
+  switch (kind) {
+    case kI32:
+      if (copy_from_reg) {
+        EMIT_INSTR_HANDLER(r2s_CopyR0ToSlot32);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_CopySlot32);
+      }
+      break;
+    case kI64:
+      if (copy_from_reg) {
+        EMIT_INSTR_HANDLER(r2s_CopyR0ToSlot64);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_CopySlot64);
+      }
+      break;
+    case kF32:
+      if (copy_from_reg) {
+        EMIT_INSTR_HANDLER(r2s_CopyFp0ToSlot32);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_CopySlot32);
+      }
+      break;
+    case kF64:
+      if (copy_from_reg) {
+        EMIT_INSTR_HANDLER(r2s_CopyFp0ToSlot64);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_CopySlot64);
+      }
+      break;
+    case kS128:
+      DCHECK(!copy_from_reg);
+      EMIT_INSTR_HANDLER(s2s_CopySlot128);
+      break;
+    case kRef:
+    case kRefNull:
+      DCHECK(!copy_from_reg);
+      EMIT_INSTR_HANDLER(s2s_CopySlotRef);
+      break;
+    default:
+      UNREACHABLE();
+  }
+
+  if (kind == kRefNull || kind == kRef) {
+    DCHECK(!copy_from_reg);
+    EmitI32Const(slots_[from_slot_index].ref_stack_index);
+    EmitI32Const(slots_[to_slot_index].ref_stack_index);
+  } else {
+    if (!copy_from_reg) {
+      EmitI32Const(slots_[from_slot_index].slot_offset);
+    }
+    EmitI32Const(slots_[to_slot_index].slot_offset);
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_bytecode_generator &&
+      v8_flags.trace_drumbrake_execution_verbose) {
+    printf("emit CopySlot: %d(%d) -> %d(%d)\n", from_slot_index,
+           slots_[from_slot_index].slot_offset, to_slot_index,
+           slots_[to_slot_index].slot_offset);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+}
+
+// When a Wasm function starts the values for the function args and locals are
+// already present in the Wasm stack. The stack entries for args and locals
+// can be directly accessed with {local.get} and modified with {local.set} and
+// {local.tee}, but they can never be popped, they are always present until
+// the function returns.
+// During the execution of the function other values are then pushed/popped
+// into/from the stack, but these other entries are only accessible indirectly
+// as operands/results of operations, not directly with local.get/set
+// instructions.
+//
+// DrumBrake implements a "args/locals propagation" optimization that allows the
+// stack slots for "local" stack entries to be shared with other stack entries
+// (using the {stack_} and {slots_} arrays), in order to avoid emitting calls to
+// 'local.get' instruction handlers.
+
+// When an arg/local value is modified, and its slot is shared with other
+// entries in the stack, we need to preserve the old value of the stack entry in
+// a new slot.
+void WasmBytecodeGenerator::CopyToSlot(ValueType value_type,
+                                       uint32_t from_slot_index,
+                                       uint32_t to_stack_index,
+                                       bool copy_from_reg) {
+  const ValueKind kind = value_type.kind();
+  uint32_t to_slot_index = stack_[to_stack_index];
+  DCHECK(copy_from_reg || CheckEqualKind(kind, slots_[from_slot_index].kind()));
+  DCHECK(CheckEqualKind(slots_[to_slot_index].kind(), kind));
+
+  uint32_t new_slot_index;
+  // If the slot is shared {FindSharedSlot} creates a new slot and makes all the
+  // 'non-locals' stack entries that shared the old slot point to this new slot.
+  // We need to emit a {PreserveCopySlot} instruction to dynamically copy the
+  // old value into the new slot.
+  if (FindSharedSlot(to_stack_index, &new_slot_index)) {
+    switch (kind) {
+      case kI32:
+        if (copy_from_reg) {
+          EMIT_INSTR_HANDLER(r2s_PreserveCopyR0ToSlot32);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_PreserveCopySlot32);
+        }
+        break;
+      case kI64:
+        if (copy_from_reg) {
+          EMIT_INSTR_HANDLER(r2s_PreserveCopyR0ToSlot64);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_PreserveCopySlot64);
+        }
+        break;
+      case kF32:
+        if (copy_from_reg) {
+          EMIT_INSTR_HANDLER(r2s_PreserveCopyFp0ToSlot32);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_PreserveCopySlot32);
+        }
+        break;
+      case kF64:
+        if (copy_from_reg) {
+          EMIT_INSTR_HANDLER(r2s_PreserveCopyFp0ToSlot64);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_PreserveCopySlot64);
+        }
+        break;
+      case kS128:
+        DCHECK(!copy_from_reg);
+        EMIT_INSTR_HANDLER(s2s_PreserveCopySlot128);
+        break;
+      case kRef:
+      case kRefNull:
+        DCHECK(!copy_from_reg);
+        EMIT_INSTR_HANDLER(s2s_PreserveCopySlotRef);
+        break;
+      default:
+        UNREACHABLE();
+    }
+
+    if (kind == kRefNull || kind == kRef) {
+      DCHECK(!copy_from_reg);
+      EmitI32Const(slots_[from_slot_index].ref_stack_index);
+      EmitI32Const(slots_[to_slot_index].ref_stack_index);
+      EmitI32Const(slots_[new_slot_index].ref_stack_index);
+    } else {
+      if (!copy_from_reg) {
+        EmitI32Const(slots_[from_slot_index].slot_offset);
+      }
+      EmitI32Const(slots_[to_slot_index].slot_offset);
+      EmitI32Const(slots_[new_slot_index].slot_offset);
+    }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_execution &&
+        v8_flags.trace_drumbrake_execution_verbose) {
+      printf("emit s2s_PreserveCopySlot: %d %d %d\n",
+             slots_[from_slot_index].slot_offset,
+             slots_[to_slot_index].slot_offset,
+             slots_[new_slot_index].slot_offset);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  } else {
+    EmitCopySlot(value_type, from_slot_index, to_slot_index, copy_from_reg);
+  }
+}
+
+// Used for 'local.tee' and 'local.set' instructions.
+void WasmBytecodeGenerator::CopyToSlotAndPop(ValueType value_type,
+                                             uint32_t to_stack_index,
+                                             bool is_tee, bool copy_from_reg) {
+  DCHECK(!stack_.empty());
+  DCHECK_LT(to_stack_index, stack_.size() - (copy_from_reg ? 0 : 1));
+
+  // LocalGet uses a "copy-on-write" mechanism: the arg/local value is not
+  // copied and instead the stack entry references the same slot. When the
+  // arg/local value is modified, we need to preserve the old value of the stack
+  // entry in a new slot.
+  CopyToSlot(value_type, stack_.back(), to_stack_index, copy_from_reg);
+
+  if (!is_tee && !copy_from_reg) {
+    PopSlot();
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_execution) {
+      EMIT_INSTR_HANDLER(trace_PopSlot);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  }
+}
+
+// This function is called when we enter a new 'block', 'loop' or 'if' block
+// statement. Checks whether any of the 'non-locals' stack entries share a slot
+// with an arg/local stack entry. In that case stop make sure the local stack
+// entry will get its own slot. This is necessary because at runtime we could
+// jump at the block after having modified the local value in some other code
+// path.
+// TODO(paolosev@microsoft.com) - Understand why this is not required only for
+// 'loop' blocks.
+void WasmBytecodeGenerator::PreserveArgsAndLocals() {
+  uint32_t num_args_and_locals = args_count_ + locals_count_;
+
+  // If there are only args/locals entries in the stack, nothing to do.
+  if (num_args_and_locals >= stack_size()) return;
+
+  for (uint32_t local_index = 0; local_index < num_args_and_locals;
+       ++local_index) {
+    uint32_t new_slot_index;
+    if (FindSharedSlot(local_index, &new_slot_index)) {
+      ValueType value_type = slots_[stack_[local_index]].value_type;
+      EmitCopySlot(value_type, stack_[local_index], new_slot_index);
+    }
+  }
+}
+
+uint32_t WasmBytecodeGenerator::ReserveBlockSlots(
+    uint8_t opcode, const WasmInstruction::Optional::Block& block_data,
+    size_t* rets_slots_count, size_t* params_slots_count) {
+  uint32_t first_slot_index = 0;
+  *rets_slots_count = 0;
+  *params_slots_count = 0;
+  bool first_slot_found = false;
+  const ValueType value_type = block_data.value_type();
+  if (value_type == kWasmBottom) {
+    const FunctionSig* sig = module_->signature(block_data.sig_index);
+    *rets_slots_count = sig->return_count();
+    for (uint32_t i = 0; i < *rets_slots_count; i++) {
+      uint32_t slot_index = CreateSlot(sig->GetReturn(i));
+      if (!first_slot_found) {
+        first_slot_index = slot_index;
+        first_slot_found = true;
+      }
+    }
+    *params_slots_count = sig->parameter_count();
+    for (uint32_t i = 0; i < *params_slots_count; i++) {
+      uint32_t slot_index = CreateSlot(sig->GetParam(i));
+      if (!first_slot_found) {
+        first_slot_index = slot_index;
+        first_slot_found = true;
+      }
+    }
+  } else if (value_type != kWasmVoid) {
+    *rets_slots_count = 1;
+    first_slot_index = CreateSlot(value_type);
+  }
+  return first_slot_index;
+}
+
+void WasmBytecodeGenerator::StoreBlockParamsIntoSlots(
+    uint32_t target_block_index, bool update_stack) {
+  const WasmBytecodeGenerator::BlockData& target_block_data =
+      blocks_[target_block_index];
+  DCHECK_EQ(target_block_data.opcode_, kExprLoop);
+
+  uint32_t params_count = ParamsCount(target_block_data);
+  uint32_t rets_count = ReturnsCount(target_block_data);
+  uint32_t first_param_slot_index =
+      target_block_data.first_block_index_ + rets_count;
+  for (uint32_t i = 0; i < params_count; i++) {
+    uint32_t from_slot_index =
+        stack_[stack_top_index() - (params_count - 1) + i];
+    uint32_t to_slot_index = first_param_slot_index + i;
+    if (from_slot_index != to_slot_index) {
+      EmitCopySlot(GetParamType(target_block_data, i), from_slot_index,
+                   to_slot_index);
+      if (update_stack) {
+        DCHECK_EQ(GetParamType(target_block_data, i),
+                  slots_[first_param_slot_index + i].value_type);
+        UpdateStack(stack_top_index() - (params_count - 1) + i,
+                    first_param_slot_index + i);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+        if (v8_flags.trace_drumbrake_execution) {
+          EMIT_INSTR_HANDLER(trace_UpdateStack);
+          EmitI32Const(stack_top_index() - (params_count - 1) + i);
+          EmitI32Const(slots_[first_param_slot_index + i].slot_offset *
+                       kSlotSize);
+        }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+      }
+    }
+  }
+}
+
+void WasmBytecodeGenerator::StoreBlockParamsAndResultsIntoSlots(
+    uint32_t target_block_index, WasmOpcode opcode) {
+  bool is_branch = kExprBr == opcode || kExprBrIf == opcode ||
+                   kExprBrTable == opcode || kExprBrOnNull == opcode ||
+                   kExprBrOnNonNull == opcode || kExprBrOnCast == opcode;
+  const WasmBytecodeGenerator::BlockData& target_block_data =
+      blocks_[target_block_index];
+  bool is_target_loop_block = target_block_data.opcode_ == kExprLoop;
+  if (is_target_loop_block && is_branch) {
+    StoreBlockParamsIntoSlots(target_block_index, false);
+  }
+
+  // Ignore params if this is the function main block.
+  uint32_t params_count =
+      target_block_index == 0 ? 0 : ParamsCount(target_block_data);
+  uint32_t rets_count = ReturnsCount(target_block_data);
+
+  // There could be valid code where there are not enough elements in the
+  // stack if some code in unreachable (for example if a 'i32.const 0' is
+  // followed by a 'br_if' the if branch is never reachable).
+  uint32_t count = std::min(static_cast<uint32_t>(stack_.size()), rets_count);
+  for (uint32_t i = 0; i < count; i++) {
+    uint32_t from_slot_index = stack_[stack_top_index() - (count - 1) + i];
+    uint32_t to_slot_index = target_block_data.first_block_index_ + i;
+    if (from_slot_index != to_slot_index) {
+      EmitCopySlot(GetReturnType(target_block_data, i), from_slot_index,
+                   to_slot_index);
+    }
+  }
+
+  bool is_else = (kExprElse == opcode);
+  bool is_return = (kExprReturn == opcode);
+  bool is_catch = (kExprCatch == opcode || kExprCatchAll == opcode);
+  if (!is_branch && !is_return && !is_else && !is_catch) {
+    uint32_t new_stack_height =
+        target_block_data.stack_size_ - params_count + rets_count;
+    DCHECK(new_stack_height <= stack_.size() ||
+           !was_current_instruction_reachable_);
+    stack_.resize(new_stack_height);
+
+    for (uint32_t i = 0; i < rets_count; i++) {
+      DCHECK_EQ(GetReturnType(target_block_data, i),
+                slots_[target_block_data.first_block_index_ + i].value_type);
+      UpdateStack(target_block_data.stack_size_ - params_count + i,
+                  target_block_data.first_block_index_ + i);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution) {
+        EMIT_INSTR_HANDLER(trace_UpdateStack);
+        EmitI32Const(target_block_data.stack_size_ - params_count + i);
+        EmitI32Const(
+            slots_[target_block_data.first_block_index_ + i].slot_offset *
+            kSlotSize);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+    }
+  }
+}
+
+void WasmBytecodeGenerator::RestoreIfElseParams(uint32_t if_block_index) {
+  const WasmBytecodeGenerator::BlockData& if_block_data =
+      blocks_[if_block_index];
+  DCHECK_EQ(if_block_data.opcode_, kExprIf);
+
+  stack_.resize(blocks_[if_block_index].stack_size_);
+  uint32_t params_count = if_block_index == 0 ? 0 : ParamsCount(if_block_data);
+  for (uint32_t i = 0; i < params_count; i++) {
+    UpdateStack(if_block_data.stack_size_ - params_count + i,
+                if_block_data.GetParam(i), GetParamType(if_block_data, i));
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_execution) {
+      EMIT_INSTR_HANDLER(trace_UpdateStack);
+      EmitI32Const(if_block_data.stack_size_ - params_count + i);
+      EmitI32Const(slots_[if_block_data.GetParam(i)].slot_offset * kSlotSize);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  }
+}
+
+uint32_t WasmBytecodeGenerator::ScanConstInstructions() const {
+  Decoder decoder(wasm_code_->start, wasm_code_->end);
+  uint32_t const_slots_size = 0;
+  pc_t pc = wasm_code_->locals.encoded_size;
+  pc_t limit = wasm_code_->end - wasm_code_->start;
+  while (pc < limit) {
+    uint32_t opcode = wasm_code_->start[pc];
+    if (opcode == kExprI32Const || opcode == kExprF32Const) {
+      const_slots_size += sizeof(uint32_t) / kSlotSize;
+    } else if (opcode == kExprI64Const || opcode == kExprF64Const) {
+      const_slots_size += sizeof(uint64_t) / kSlotSize;
+    } else if (opcode == kSimdPrefix) {
+      auto [opcode_index, opcode_len] =
+          decoder.read_u32v<Decoder::BooleanValidationTag>(
+              wasm_code_->start + pc + 1, "prefixed opcode index");
+      opcode = (kSimdPrefix << 8) | opcode_index;
+      if (opcode == kExprS128Const || opcode == kExprI8x16Shuffle) {
+        const_slots_size += sizeof(Simd128) / kSlotSize;
+      }
+    }
+    pc++;
+  }
+  return const_slots_size;
+}
+
+int32_t WasmBytecodeGenerator::EndBlock(WasmOpcode opcode) {
+  WasmBytecodeGenerator::BlockData& block_data = blocks_[current_block_index_];
+  bool is_try_catch =
+      block_data.IsTry() || block_data.IsCatch() || block_data.IsCatchAll();
+
+  StoreBlockParamsAndResultsIntoSlots(current_block_index_, opcode);
+
+  if (block_data.IsLoop()) {
+    loop_end_code_offsets_.push_back(static_cast<uint32_t>(code_.size()));
+    EMIT_INSTR_HANDLER(s2s_OnLoopBackwardJump);
+  }
+
+  block_data.end_code_offset_ = CurrentCodePos();
+  if (opcode == kExprEnd && block_data.IsElse()) {
+    DCHECK_GT(block_data.if_else_block_index_, 0);
+    blocks_[block_data.if_else_block_index_].end_code_offset_ =
+        CurrentCodePos();
+  }
+
+  if (!is_try_catch) {
+    current_block_index_ = blocks_[current_block_index_].parent_block_index_;
+  }
+
+  if (is_try_catch && (opcode == kExprEnd || opcode == kExprDelegate)) {
+    int32_t try_block_index =
+        eh_data_.EndTryCatchBlocks(current_block_index_, CurrentCodePos());
+    DCHECK_GE(try_block_index, 0);
+    current_block_index_ = blocks_[try_block_index].parent_block_index_;
+  }
+
+  last_instr_offset_ = kInvalidCodeOffset;
+
+  return current_block_index_;
+}
+
+void WasmBytecodeGenerator::Return() {
+  if (current_block_index_ >= 0) {
+    StoreBlockParamsAndResultsIntoSlots(0, kExprReturn);
+  }
+
+  EMIT_INSTR_HANDLER(s2s_Return);
+
+  const WasmBytecodeGenerator::BlockData& target_block_data = blocks_[0];
+  uint32_t final_stack_size =
+      target_block_data.stack_size_ + ReturnsCount(target_block_data);
+  EmitI32Const(final_stack_size);
+}
+
+WasmInstruction WasmBytecodeGenerator::DecodeInstruction(pc_t pc,
+                                                         Decoder& decoder) {
+  pc_t limit = wasm_code_->end - wasm_code_->start;
+  if (pc >= limit) return WasmInstruction();
+
+  int len = 1;
+  uint8_t orig = wasm_code_->start[pc];
+  WasmOpcode opcode = static_cast<WasmOpcode>(orig);
+  if (WasmOpcodes::IsPrefixOpcode(opcode)) {
+    uint32_t prefixed_opcode_length;
+    std::tie(opcode, prefixed_opcode_length) =
+        decoder.read_prefixed_opcode<Decoder::NoValidationTag>(
+            wasm_code_->at(pc));
+    // skip breakpoint by switching on original code.
+    len = prefixed_opcode_length;
+  }
+
+  WasmInstruction::Optional optional;
+  switch (orig) {
+    case kExprUnreachable:
+      break;
+    case kExprNop:
+      break;
+    case kExprBlock:
+    case kExprLoop:
+    case kExprIf:
+    case kExprTry: {
+      BlockTypeImmediate imm(WasmEnabledFeatures::All(), &decoder,
+                             wasm_code_->at(pc + 1), Decoder::kNoValidation);
+      if (imm.sig_index != kInlineSignatureSentinel) {
+        // The block has at least one argument or at least two results, its
+        // signature is identified by sig_index.
+        optional.block.sig_index = imm.sig_index;
+        optional.block.value_type_bitfield = kWasmBottom.raw_bit_field();
+      } else if (imm.sig.return_count() + imm.sig.parameter_count() == 0) {
+        // Void signature: no arguments and no results.
+        optional.block.sig_index = kInlineSignatureSentinel;
+        optional.block.value_type_bitfield = kWasmVoid.raw_bit_field();
+      } else {
+        // No arguments and one result.
+        optional.block.sig_index = kInlineSignatureSentinel;
+        std::optional<wasm::ValueType> wasm_return_type =
+            GetWasmReturnTypeFromSignature(&imm.sig);
+        DCHECK(wasm_return_type.has_value());
+        optional.block.value_type_bitfield =
+            wasm_return_type.value().raw_bit_field();
+      }
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprElse:
+      break;
+    case kExprCatch: {
+      TagIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                            Decoder::kNoValidation);
+      optional.index = imm.index;
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprCatchAll:
+      break;
+    case kExprEnd:
+      break;
+    case kExprThrow: {
+      TagIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                            Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprRethrow:
+    case kExprBr:
+    case kExprBrIf:
+    case kExprBrOnNull:
+    case kExprBrOnNonNull:
+    case kExprDelegate: {
+      BranchDepthImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.depth = imm.depth;
+      break;
+    }
+    case kExprBrTable: {
+      BranchTableImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      BranchTableIterator<Decoder::NoValidationTag> iterator(&decoder, imm);
+      optional.br_table.table_count = imm.table_count;
+      optional.br_table.labels_index =
+          static_cast<uint32_t>(br_table_labels_.size());
+      for (uint32_t i = 0; i <= imm.table_count; i++) {
+        DCHECK(iterator.has_next());
+        br_table_labels_.emplace_back(iterator.next());
+      }
+      len = static_cast<int>(1 + iterator.pc() - imm.start);
+      break;
+    }
+    case kExprReturn:
+      break;
+    case kExprCallFunction:
+    case kExprReturnCall: {
+      CallFunctionImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                                Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprCallIndirect:
+    case kExprReturnCallIndirect: {
+      CallIndirectImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                                Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.indirect_call.table_index = imm.table_imm.index;
+      optional.indirect_call.sig_index = imm.sig_imm.index;
+      break;
+    }
+    case kExprDrop:
+      break;
+    case kExprSelect:
+      break;
+    case kExprSelectWithType: {
+      SelectTypeImmediate imm(WasmEnabledFeatures::All(), &decoder,
+                              wasm_code_->at(pc + 1), Decoder::kNoValidation);
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprLocalGet: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "local index",
+                         Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprLocalSet: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "local index",
+                         Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprLocalTee: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "local index",
+                         Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprGlobalGet: {
+      GlobalIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprGlobalSet: {
+      GlobalIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprTableGet: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "table index",
+                         Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+    case kExprTableSet: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "table index",
+                         Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.index = imm.index;
+      break;
+    }
+
+#define LOAD_CASE(name, ctype, mtype, rep, type)                        \
+  case kExpr##name: {                                                   \
+    MemoryAccessImmediate imm(                                          \
+        &decoder, wasm_code_->at(pc + 1), sizeof(ctype),                \
+        !module_->memories.empty() && module_->memories[0].is_memory64, \
+        Decoder::kNoValidation);                                        \
+    len = 1 + imm.length;                                               \
+    optional.offset = imm.offset;                                       \
+    break;                                                              \
+  }
+      LOAD_CASE(I32LoadMem8S, int32_t, int8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem8U, int32_t, uint8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem16S, int32_t, int16_t, kWord16, I32);
+      LOAD_CASE(I32LoadMem16U, int32_t, uint16_t, kWord16, I32);
+      LOAD_CASE(I64LoadMem8S, int64_t, int8_t, kWord8, I64);
+      LOAD_CASE(I64LoadMem8U, int64_t, uint8_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16S, int64_t, int16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16U, int64_t, uint16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem32S, int64_t, int32_t, kWord32, I64);
+      LOAD_CASE(I64LoadMem32U, int64_t, uint32_t, kWord32, I64);
+      LOAD_CASE(I32LoadMem, int32_t, int32_t, kWord32, I32);
+      LOAD_CASE(I64LoadMem, int64_t, int64_t, kWord64, I64);
+      LOAD_CASE(F32LoadMem, Float32, uint32_t, kFloat32, F32);
+      LOAD_CASE(F64LoadMem, Float64, uint64_t, kFloat64, F64);
+#undef LOAD_CASE
+
+#define STORE_CASE(name, ctype, mtype, rep, type)                       \
+  case kExpr##name: {                                                   \
+    MemoryAccessImmediate imm(                                          \
+        &decoder, wasm_code_->at(pc + 1), sizeof(ctype),                \
+        !module_->memories.empty() && module_->memories[0].is_memory64, \
+        Decoder::kNoValidation);                                        \
+    len = 1 + imm.length;                                               \
+    optional.offset = imm.offset;                                       \
+    break;                                                              \
+  }
+      STORE_CASE(I32StoreMem8, int32_t, int8_t, kWord8, I32);
+      STORE_CASE(I32StoreMem16, int32_t, int16_t, kWord16, I32);
+      STORE_CASE(I64StoreMem8, int64_t, int8_t, kWord8, I64);
+      STORE_CASE(I64StoreMem16, int64_t, int16_t, kWord16, I64);
+      STORE_CASE(I64StoreMem32, int64_t, int32_t, kWord32, I64);
+      STORE_CASE(I32StoreMem, int32_t, int32_t, kWord32, I32);
+      STORE_CASE(I64StoreMem, int64_t, int64_t, kWord64, I64);
+      STORE_CASE(F32StoreMem, Float32, uint32_t, kFloat32, F32);
+      STORE_CASE(F64StoreMem, Float64, uint64_t, kFloat64, F64);
+#undef STORE_CASE
+
+    case kExprMemorySize: {
+      MemoryIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprMemoryGrow: {
+      MemoryIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                               Decoder::kNoValidation);
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprI32Const: {
+      ImmI32Immediate imm(&decoder, wasm_code_->at(pc + 1),
+                          Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.i32 = imm.value;
+      break;
+    }
+    case kExprI64Const: {
+      ImmI64Immediate imm(&decoder, wasm_code_->at(pc + 1),
+                          Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.i64 = imm.value;
+      break;
+    }
+    case kExprF32Const: {
+      ImmF32Immediate imm(&decoder, wasm_code_->at(pc + 1),
+                          Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.f32 = imm.value;
+      break;
+    }
+    case kExprF64Const: {
+      ImmF64Immediate imm(&decoder, wasm_code_->at(pc + 1),
+                          Decoder::kNoValidation);
+      len = 1 + imm.length;
+      optional.f64 = imm.value;
+      break;
+    }
+
+#define EXECUTE_BINOP(name, ctype, reg, op, type) \
+  case kExpr##name:                               \
+    break;
+
+      FOREACH_COMPARISON_BINOP(EXECUTE_BINOP)
+      FOREACH_ARITHMETIC_BINOP(EXECUTE_BINOP)
+      FOREACH_TRAPPING_BINOP(EXECUTE_BINOP)
+      FOREACH_MORE_BINOP(EXECUTE_BINOP)
+#undef EXECUTE_BINOP
+
+#define EXECUTE_UNOP(name, ctype, reg, op, type) \
+  case kExpr##name:                              \
+    break;
+
+      FOREACH_SIMPLE_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                     to_reg)                                                   \
+  case kExpr##name:                                                            \
+    break;
+
+      FOREACH_ADDITIONAL_CONVERT_UNOP(EXECUTE_UNOP)
+      FOREACH_CONVERT_UNOP(EXECUTE_UNOP)
+      FOREACH_REINTERPRET_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, to_ctype, to_type, op) \
+  case kExpr##name:                                                      \
+    break;
+
+      FOREACH_BITS_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, to_ctype, to_type) \
+  case kExpr##name:                                                  \
+    break;
+
+      FOREACH_EXTENSION_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+    case kExprRefNull: {
+      HeapTypeImmediate imm(WasmEnabledFeatures::All(), &decoder,
+                            wasm_code_->at(pc + 1), Decoder::kNoValidation);
+      optional.ref_type = imm.type.representation();
+      len = 1 + imm.length;
+      break;
+    }
+    case kExprRefIsNull:
+    case kExprRefEq:
+    case kExprRefAsNonNull: {
+      len = 1;
+      break;
+    }
+    case kExprRefFunc: {
+      IndexImmediate imm(&decoder, wasm_code_->at(pc + 1), "function index",
+                         Decoder::kNoValidation);
+      optional.index = imm.index;
+      len = 1 + imm.length;
+      break;
+    }
+
+    case kGCPrefix:
+      DecodeGCOp(opcode, &optional, &decoder, wasm_code_, pc, &len);
+      break;
+
+    case kNumericPrefix:
+      DecodeNumericOp(opcode, &optional, &decoder, wasm_code_, pc, &len);
+      break;
+
+    case kAtomicPrefix:
+      DecodeAtomicOp(opcode, &optional, &decoder, wasm_code_, pc, &len);
+      break;
+
+    case kSimdPrefix: {
+      bool is_valid_simd_op =
+          DecodeSimdOp(opcode, &optional, &decoder, wasm_code_, pc, &len);
+      if (V8_UNLIKELY(!is_valid_simd_op)) {
+        UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprCallRef:
+    case kExprReturnCallRef: {
+      SigIndexImmediate imm(&decoder, wasm_code_->at(pc + 1),
+                            Decoder::kNoValidation);
+      optional.index = imm.index;
+      len = 1 + imm.length;
+      break;
+    }
+
+    default:
+      // Not implemented yet
+      UNREACHABLE();
+  }
+
+  return WasmInstruction{orig, opcode, len, static_cast<uint32_t>(pc),
+                         optional};
+}
+
+void WasmBytecodeGenerator::DecodeGCOp(WasmOpcode opcode,
+                                       WasmInstruction::Optional* optional,
+                                       Decoder* decoder, InterpreterCode* code,
+                                       pc_t pc, int* const len) {
+  switch (opcode) {
+    case kExprStructNew:
+    case kExprStructNewDefault: {
+      StructIndexImmediate imm(decoder, code->at(pc + *len),
+                               Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprStructGet:
+    case kExprStructGetS:
+    case kExprStructGetU:
+    case kExprStructSet: {
+      FieldImmediate imm(decoder, code->at(pc + *len), Decoder::kNoValidation);
+      optional->gc_field_immediate = {imm.struct_imm.index,
+                                      imm.field_imm.index};
+      *len += imm.length;
+      break;
+    }
+    case kExprArrayNew:
+    case kExprArrayNewDefault:
+    case kExprArrayGet:
+    case kExprArrayGetS:
+    case kExprArrayGetU:
+    case kExprArraySet:
+    case kExprArrayFill: {
+      ArrayIndexImmediate imm(decoder, code->at(pc + *len),
+                              Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+
+    case kExprArrayNewFixed: {
+      ArrayIndexImmediate array_imm(decoder, code->at(pc + *len),
+                                    Decoder::kNoValidation);
+      optional->gc_array_new_fixed.array_index = array_imm.index;
+      *len += array_imm.length;
+      IndexImmediate data_imm(decoder, code->at(pc + *len), "array length",
+                              Decoder::kNoValidation);
+      optional->gc_array_new_fixed.length = data_imm.index;
+      *len += data_imm.length;
+      break;
+    }
+
+    case kExprArrayNewData:
+    case kExprArrayNewElem:
+    case kExprArrayInitData:
+    case kExprArrayInitElem: {
+      ArrayIndexImmediate array_imm(decoder, code->at(pc + *len),
+                                    Decoder::kNoValidation);
+      optional->gc_array_new_or_init_data.array_index = array_imm.index;
+      *len += array_imm.length;
+      IndexImmediate data_imm(decoder, code->at(pc + *len), "segment index",
+                              Decoder::kNoValidation);
+      optional->gc_array_new_or_init_data.data_index = data_imm.index;
+      *len += data_imm.length;
+      break;
+    }
+
+    case kExprArrayCopy: {
+      ArrayIndexImmediate dest_array_imm(decoder, code->at(pc + *len),
+                                         Decoder::kNoValidation);
+      optional->gc_array_copy.dest_array_index = dest_array_imm.index;
+      *len += dest_array_imm.length;
+      ArrayIndexImmediate src_array_imm(decoder, code->at(pc + *len),
+                                        Decoder::kNoValidation);
+      optional->gc_array_copy.src_array_index = src_array_imm.index;
+      *len += src_array_imm.length;
+      break;
+    }
+
+    case kExprRefI31:
+    case kExprI31GetS:
+    case kExprI31GetU:
+    case kExprAnyConvertExtern:
+    case kExprExternConvertAny:
+    case kExprArrayLen:
+      break;
+
+    case kExprRefCast:
+    case kExprRefCastNull:
+    case kExprRefTest:
+    case kExprRefTestNull: {
+      HeapTypeImmediate imm(WasmEnabledFeatures::All(), decoder,
+                            code->at(pc + *len), Decoder::kNoValidation);
+      optional->gc_heap_type_immediate.length = imm.length;
+      optional->gc_heap_type_immediate.type_representation =
+          imm.type.representation();
+      *len += imm.length;
+      break;
+    }
+
+    case kExprBrOnCast:
+    case kExprBrOnCastFail: {
+      BrOnCastImmediate flags_imm(decoder, code->at(pc + *len),
+                                  Decoder::kNoValidation);
+      *len += flags_imm.length;
+      BranchDepthImmediate branch(decoder, code->at(pc + *len),
+                                  Decoder::kNoValidation);
+      *len += branch.length;
+      HeapTypeImmediate source_imm(WasmEnabledFeatures::All(), decoder,
+                                   code->at(pc + *len), Decoder::kNoValidation);
+      *len += source_imm.length;
+      HeapTypeImmediate target_imm(WasmEnabledFeatures::All(), decoder,
+                                   code->at(pc + *len), Decoder::kNoValidation);
+      *len += target_imm.length;
+      optional->br_on_cast_data = BranchOnCastData{
+          branch.depth, flags_imm.flags.src_is_null,
+          flags_imm.flags.res_is_null, target_imm.type.representation()};
+      break;
+    }
+
+    default:
+      FATAL("Unknown or unimplemented opcode #%d:%s", code->start[pc],
+            WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(code->start[pc])));
+      UNREACHABLE();
+  }
+}
+
+void WasmBytecodeGenerator::DecodeNumericOp(WasmOpcode opcode,
+                                            WasmInstruction::Optional* optional,
+                                            Decoder* decoder,
+                                            InterpreterCode* code, pc_t pc,
+                                            int* const len) {
+  switch (opcode) {
+#define DECODE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                    to_reg)                                                   \
+  case kExpr##name:                                                           \
+    break;
+
+    FOREACH_TRUNCSAT_UNOP(DECODE_UNOP)
+#undef DECODE_UNOP
+
+    case kExprMemoryInit: {
+      MemoryInitImmediate imm(decoder, code->at(pc + *len),
+                              Decoder::kNoValidation);
+      DCHECK_LT(imm.data_segment.index, module_->num_declared_data_segments);
+      optional->index = imm.data_segment.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprDataDrop: {
+      IndexImmediate imm(decoder, code->at(pc + *len), "data segment index",
+                         Decoder::kNoValidation);
+      DCHECK_LT(imm.index, module_->num_declared_data_segments);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprMemoryCopy: {
+      MemoryCopyImmediate imm(decoder, code->at(pc + *len),
+                              Decoder::kNoValidation);
+      *len += imm.length;
+      break;
+    }
+    case kExprMemoryFill: {
+      MemoryIndexImmediate imm(decoder, code->at(pc + *len),
+                               Decoder::kNoValidation);
+      *len += imm.length;
+      break;
+    }
+    case kExprTableInit: {
+      TableInitImmediate imm(decoder, code->at(pc + *len),
+                             Decoder::kNoValidation);
+      optional->table_init.table_index = imm.table.index;
+      optional->table_init.element_segment_index = imm.element_segment.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprElemDrop: {
+      IndexImmediate imm(decoder, code->at(pc + *len), "element segment index",
+                         Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprTableCopy: {
+      TableCopyImmediate imm(decoder, code->at(pc + *len),
+                             Decoder::kNoValidation);
+      optional->table_copy.dst_table_index = imm.table_dst.index;
+      optional->table_copy.src_table_index = imm.table_src.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprTableGrow: {
+      IndexImmediate imm(decoder, code->at(pc + *len), "table index",
+                         Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprTableSize: {
+      IndexImmediate imm(decoder, code->at(pc + *len), "table index",
+                         Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    case kExprTableFill: {
+      IndexImmediate imm(decoder, code->at(pc + *len), "table index",
+                         Decoder::kNoValidation);
+      optional->index = imm.index;
+      *len += imm.length;
+      break;
+    }
+    default:
+      FATAL("Unknown or unimplemented opcode #%d:%s", code->start[pc],
+            WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(code->start[pc])));
+      UNREACHABLE();
+  }
+}
+
+void WasmBytecodeGenerator::DecodeAtomicOp(WasmOpcode opcode,
+                                           WasmInstruction::Optional* optional,
+                                           Decoder* decoder,
+                                           InterpreterCode* code, pc_t pc,
+                                           int* const len) {
+  switch (opcode) {
+    case kExprAtomicNotify:
+    case kExprI32AtomicWait: {
+      MachineType memtype = MachineType::Uint32();
+      MemoryAccessImmediate imm(decoder, code->at(pc + *len),
+                                ElementSizeLog2Of(memtype.representation()),
+                                IsMemory64(), Decoder::kNoValidation);
+      optional->offset = imm.offset;
+      *len += imm.length;
+      break;
+    }
+    case kExprI64AtomicWait: {
+      MachineType memtype = MachineType::Uint64();
+      MemoryAccessImmediate imm(decoder, code->at(pc + *len),
+                                ElementSizeLog2Of(memtype.representation()),
+                                IsMemory64(), Decoder::kNoValidation);
+      optional->offset = imm.offset;
+      *len += imm.length;
+      break;
+    }
+    case kExprAtomicFence:
+      *len += 1;
+      break;
+
+#define ATOMIC_BINOP(name, Type, ctype, type, op_ctype, op_type, operation) \
+  case kExpr##name: {                                                       \
+    MachineType memtype = MachineType::Type();                              \
+    MemoryAccessImmediate imm(decoder, code->at(pc + *len),                 \
+                              ElementSizeLog2Of(memtype.representation()),  \
+                              IsMemory64(), Decoder::kNoValidation);        \
+    optional->offset = imm.offset;                                          \
+    *len += imm.length;                                                     \
+    break;                                                                  \
+  }
+      FOREACH_ATOMIC_BINOP(ATOMIC_BINOP)
+#undef ATOMIC_BINOP
+
+#define ATOMIC_OP(name, Type, ctype, type, op_ctype, op_type)              \
+  case kExpr##name: {                                                      \
+    MachineType memtype = MachineType::Type();                             \
+    MemoryAccessImmediate imm(decoder, code->at(pc + *len),                \
+                              ElementSizeLog2Of(memtype.representation()), \
+                              IsMemory64(), Decoder::kNoValidation);       \
+    optional->offset = imm.offset;                                         \
+    *len += imm.length;                                                    \
+    break;                                                                 \
+  }
+      FOREACH_ATOMIC_COMPARE_EXCHANGE_OP(ATOMIC_OP)
+      FOREACH_ATOMIC_LOAD_OP(ATOMIC_OP)
+      FOREACH_ATOMIC_STORE_OP(ATOMIC_OP)
+#undef ATOMIC_OP
+
+    default:
+      FATAL("Unknown or unimplemented opcode #%d:%s", code->start[pc],
+            WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(code->start[pc])));
+      UNREACHABLE();
+  }
+}
+
+const char* GetRegModeString(RegMode reg_mode) {
+  switch (reg_mode) {
+    case RegMode::kNoReg:
+      return "NoReg";
+    case RegMode::kAnyReg:
+      return "AnyReg";
+    case RegMode::kI32Reg:
+      return "I32Reg";
+    case RegMode::kI64Reg:
+      return "I64Reg";
+    case RegMode::kF32Reg:
+      return "F32Reg";
+    case RegMode::kF64Reg:
+      return "F64Reg";
+    default:
+      UNREACHABLE();
+  }
+}
+
+const char* GetOperatorModeString(OperatorMode mode) {
+  switch (mode) {
+    case kR2R:
+      return "R2R";
+    case kR2S:
+      return "R2S";
+    case kS2R:
+      return "S2R";
+    case kS2S:
+      return "S2S";
+    default:
+      UNREACHABLE();
+  }
+}
+
+#if !defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+INSTRUCTION_HANDLER_FUNC
+TrapMemOutOfBounds(const uint8_t* code, uint32_t* sp,
+                   WasmInterpreterRuntime* wasm_runtime, int64_t r0,
+                   double fp0) {
+  TRAP(TrapReason::kTrapMemOutOfBounds)
+}
+#endif  // !defined(V8_DRUMBRAKE_BOUNDS_CHECKS)
+
+// static
+void WasmInterpreter::InitializeOncePerProcess() {
+  WasmInterpreterThread::Initialize();
+}
+
+// static
+void WasmInterpreter::GlobalTearDown() {
+  // TODO(paolosev@microsoft.com): Support multithreading.
+
+#ifdef DRUMBRAKE_ENABLE_PROFILING
+  PrintAndClearProfilingData();
+#endif  // DRUMBRAKE_ENABLE_PROFILING
+
+  WasmInterpreterThread::Terminate();
+}
+
+void WasmBytecodeGenerator::InitSlotsForFunctionArgs(const FunctionSig* sig,
+                                                     bool is_indirect_call) {
+  size_t stack_index;
+  if (is_indirect_call) {
+    // Subtract one to discard the function index on the top of the stack.
+    DCHECK_LE(sig->parameter_count(), stack_.size() - 1);
+    stack_index = stack_.size() - sig->parameter_count() - 1;
+  } else {
+    DCHECK_LE(sig->parameter_count(), stack_.size());
+    stack_index = stack_.size() - sig->parameter_count();
+  }
+
+  bool fast_path =
+      sig->parameter_count() > 1 && !WasmBytecode::HasRefOrSimdArgs(sig);
+  if (fast_path) {
+    if (sig->parameter_count() == 2) {
+      const ValueType type0 = sig->GetParam(0);
+      const ValueKind kind0 = type0.kind();
+      ValueType type1 = sig->GetParam(1);
+      const ValueKind kind1 = type1.kind();
+      uint32_t to = CreateSlot(type0);
+      CreateSlot(type1);
+
+      uint32_t copyslot32_two_args_func_id =
+          ((kind0 == kI64 || kind0 == kF64) ? 0x01 : 0x00) |
+          ((kind1 == kI64 || kind1 == kF64) ? 0x02 : 0x00);
+      static const InstructionHandler kCopySlot32TwoArgFuncs[4] = {
+          k_s2s_CopySlot_ll, k_s2s_CopySlot_lq, k_s2s_CopySlot_ql,
+          k_s2s_CopySlot_qq};
+
+      EmitFnId(kCopySlot32TwoArgFuncs[copyslot32_two_args_func_id]);
+      EmitI32Const(slots_[to].slot_offset);
+      EmitI32Const(slots_[stack_[stack_index]].slot_offset);
+      stack_index++;
+      EmitI32Const(slots_[stack_[stack_index]].slot_offset);
+      stack_index++;
+    } else {
+      EMIT_INSTR_HANDLER(s2s_CopySlotMulti);
+      EmitI32Const(static_cast<uint32_t>(sig->parameter_count()));
+
+      uint32_t to = 0;
+      for (size_t index = 0; index < sig->parameter_count(); index++) {
+        const ValueType value_type = sig->GetParam(index);
+        const ValueKind kind = value_type.kind();
+        to = CreateSlot(value_type);
+        if (index == 0) {
+          EmitI32Const(slots_[to].slot_offset);
+        }
+
+        uint32_t flag_64 = 0;
+        switch (kind) {
+          case kI32:
+          case kF32:
+            break;
+          case kI64:
+          case kF64:
+            flag_64 = kCopySlotMultiIs64Flag;
+            break;
+          case kRef:
+          case kRefNull:
+          default:
+            UNREACHABLE();
+        }
+
+        EmitI32Const(flag_64 | slots_[stack_[stack_index]].slot_offset);
+        stack_index++;
+      }
+    }
+  } else {
+    for (size_t index = 0; index < sig->parameter_count(); index++) {
+      ValueType value_type = sig->GetParam(index);
+      uint32_t to = CreateSlot(value_type);
+      EmitCopySlot(value_type, stack_[stack_index], to);
+      stack_index++;
+    }
+  }
+}
+
+// static
+void WasmInterpreter::NotifyIsolateDisposal(Isolate* isolate) {
+  WasmInterpreterThread::NotifyIsolateDisposal(isolate);
+}
+
+// Checks if {obj} is a subtype of type, thus checking will always
+// succeed.
+bool WasmBytecodeGenerator::TypeCheckAlwaysSucceeds(ValueType obj_type,
+                                                    HeapType type) const {
+  return IsSubtypeOf(obj_type, ValueType::RefNull(type), module_);
+}
+
+// Returns true if type checking will always fail, either because the types
+// are unrelated or because the target_type is one of the null sentinels and
+// conversion to null does not succeed.
+bool WasmBytecodeGenerator::TypeCheckAlwaysFails(ValueType obj_type,
+                                                 HeapType expected_type,
+                                                 bool null_succeeds) const {
+  bool types_unrelated =
+      !IsSubtypeOf(ValueType::Ref(expected_type), obj_type, module_) &&
+      !IsSubtypeOf(obj_type, ValueType::RefNull(expected_type), module_);
+  // (Comment copied from function-body-decoder-impl.h).
+  // For "unrelated" types the check can still succeed for the null value on
+  // instructions treating null as a successful check.
+  // TODO(12868): For string views, this implementation anticipates that
+  // https://github.com/WebAssembly/stringref/issues/40 will be resolved
+  // by making the views standalone types.
+  return (types_unrelated &&
+          (!null_succeeds || !obj_type.is_nullable() ||
+           obj_type.is_string_view() || expected_type.is_string_view())) ||
+         (!null_succeeds &&
+          (expected_type.representation() == HeapType::kNone ||
+           expected_type.representation() == HeapType::kNoFunc ||
+           expected_type.representation() == HeapType::kNoExtern));
+}
+
+RegMode WasmBytecodeGenerator::EncodeInstruction(const WasmInstruction& instr,
+                                                 RegMode curr_reg_mode,
+                                                 RegMode next_reg_mode) {
+  DCHECK(curr_reg_mode != RegMode::kAnyReg);
+
+#ifdef DEBUG
+  was_current_instruction_reachable_ = is_instruction_reachable_;
+#endif  // DEBUG
+  if (!is_instruction_reachable_) {
+    if (instr.opcode == kExprBlock || instr.opcode == kExprLoop ||
+        instr.opcode == kExprIf || instr.opcode == kExprTry) {
+      unreachable_block_count_++;
+    } else if (instr.opcode == kExprEnd || instr.opcode == kExprDelegate) {
+      DCHECK_GT(unreachable_block_count_, 0);
+      if (0 == --unreachable_block_count_) {
+        is_instruction_reachable_ = true;
+      }
+    } else if (instr.opcode == kExprElse || instr.opcode == kExprCatch ||
+               instr.opcode == kExprCatchAll) {
+      if (1 == unreachable_block_count_) {
+        is_instruction_reachable_ = true;
+        unreachable_block_count_ = 0;
+      }
+    }
+  }
+  if (!is_instruction_reachable_) return RegMode::kNoReg;
+
+  ValueKind top_stack_slot_type = GetTopStackType(curr_reg_mode);
+
+  OperatorMode mode = kS2S;
+  if (v8_flags.drumbrake_register_optimization) {
+    switch (next_reg_mode) {
+      case RegMode::kNoReg:
+        if (curr_reg_mode != RegMode::kNoReg) {
+          mode = kR2S;
+        }
+        break;
+      case RegMode::kAnyReg:
+      default:  // kI32Reg|kI64Reg|kF32Reg|kF64Reg
+        if (curr_reg_mode == RegMode::kNoReg) {
+          if (ToRegisterIsAllowed(instr)) {
+            mode = kS2R;
+          } else {
+            mode = kS2S;
+          }
+        } else {
+          if (ToRegisterIsAllowed(instr)) {
+            mode = kR2R;
+          } else {
+            mode = kR2S;
+          }
+        }
+        break;
+    }
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_bytecode_generator) {
+    printf("PRE   @%-3u:         %-24s: %3s %-7s -> %-7s\n", instr.pc,
+           wasm::WasmOpcodes::OpcodeName(static_cast<WasmOpcode>(instr.opcode)),
+           GetOperatorModeString(mode), GetRegModeString(curr_reg_mode),
+           GetRegModeString(next_reg_mode));
+  }
+
+  if (v8_flags.trace_drumbrake_execution) {
+    EMIT_INSTR_HANDLER(s2s_TraceInstruction);
+    EmitI32Const(instr.pc);
+    EmitI32Const(instr.opcode);
+    EmitI32Const(static_cast<int>(curr_reg_mode));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  switch (instr.opcode) {
+    case kExprUnreachable: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_Unreachable, instr.pc);
+      SetUnreachableMode();
+      break;
+    }
+    case kExprNop:
+      break;
+    case kExprBlock:
+    case kExprLoop: {
+      PreserveArgsAndLocals();
+      BeginBlock(instr.opcode, instr.optional.block);
+      break;
+    }
+    case kExprTry: {
+      PreserveArgsAndLocals();
+      int parent_or_matching_try_block_index = GetCurrentTryBlockIndex(true);
+      int ancestor_try_block_index = GetCurrentTryBlockIndex(false);
+      int try_block_index = BeginBlock(instr.opcode, instr.optional.block);
+      eh_data_.AddTryBlock(try_block_index, parent_or_matching_try_block_index,
+                           ancestor_try_block_index);
+      break;
+    }
+    case kExprIf: {
+      PreserveArgsAndLocals();
+      if (mode == kR2S) {
+        EMIT_INSTR_HANDLER(r2s_If);
+      } else {
+        DCHECK_EQ(mode, kS2S);
+        EMIT_INSTR_HANDLER(s2s_If);
+        I32Pop();  // cond
+      }
+      BeginBlock(instr.opcode, instr.optional.block);
+      EmitIfElseBranchOffset();
+      break;
+    }
+    case kExprElse: {
+      DCHECK_GT(current_block_index_, 0);
+      DCHECK(blocks_[current_block_index_].IsIf());
+      BeginElseBlock(current_block_index_, false);
+      EMIT_INSTR_HANDLER(s2s_Else);
+      EmitIfElseBranchOffset();  // Jumps to the end of the 'else' block.
+      break;
+    }
+    case kExprCatch:
+    case kExprCatchAll: {
+      DCHECK_GT(current_block_index_, 0);
+
+      int try_block_index = eh_data_.GetCurrentTryBlockIndex();
+      DCHECK_GT(try_block_index, 0);
+
+      EndBlock(instr.opcode);  // End previous try or catch.
+
+      stack_.resize(blocks_[try_block_index].stack_size_);
+      int32_t catch_block_index =
+          BeginBlock(instr.opcode, blocks_[try_block_index].signature_);
+
+      EMIT_INSTR_HANDLER(s2s_Catch);
+      EmitTryCatchBranchOffset();  // Jumps to the end of the try/catch blocks.
+
+      uint32_t first_param_slot_index = UINT_MAX;
+      uint32_t first_ref_param_slot_index = UINT_MAX;
+      if (instr.opcode == kExprCatch) {
+        // Exception arguments are pushed into the stack.
+        const WasmTag& tag = module_->tags[instr.optional.index];
+        const FunctionSig* sig = tag.sig;
+        for (size_t i = 0; i < sig->parameter_count(); ++i) {
+          const ValueType value_type = sig->GetParam(i);
+          const ValueKind kind = value_type.kind();
+          switch (kind) {
+            case kI32:
+            case kI64:
+            case kF32:
+            case kF64:
+            case kS128:
+            case kRef:
+            case kRefNull: {
+              uint32_t slot_index = CreateSlot(value_type);
+              if (first_param_slot_index == UINT_MAX) {
+                first_param_slot_index = slot_index;
+              }
+              if ((kind == kRefNull || kind == kRef) &&
+                  first_ref_param_slot_index == UINT_MAX) {
+                first_ref_param_slot_index = slot_index;
+              }
+              PushSlot(slot_index);
+              slots_[slot_index].value_type = value_type;
+              break;
+            }
+            default:
+              UNREACHABLE();
+          }
+        }
+      }
+
+      blocks_[catch_block_index].first_block_index_ =
+          blocks_[try_block_index].first_block_index_;
+
+      if (instr.opcode == kExprCatch) {
+        eh_data_.AddCatchBlock(
+            current_block_index_, instr.optional.index,
+            first_param_slot_index == UINT_MAX
+                ? 0
+                : slots_[first_param_slot_index].slot_offset,
+            first_ref_param_slot_index == UINT_MAX
+                ? 0
+                : slots_[first_ref_param_slot_index].ref_stack_index,
+            static_cast<int>(code_.size()));
+      } else {  // kExprCatchAll
+        eh_data_.AddCatchBlock(current_block_index_,
+                               WasmEHData::kCatchAllTagIndex, 0, 0,
+                               static_cast<int>(code_.size()));
+      }
+
+      break;
+    }
+    case kExprDelegate: {
+      int32_t target_block_index = GetTargetBranch(instr.optional.depth + 1);
+      DCHECK_LT(target_block_index, blocks_.size());
+      int32_t delegated_try_block_index = WasmEHData::kDelegateToCallerIndex;
+      if (target_block_index > 0) {
+        const BlockData& target_block = blocks_[target_block_index];
+        delegated_try_block_index = target_block.IsTry()
+                                        ? target_block_index
+                                        : target_block.parent_try_block_index_;
+      }
+      eh_data_.AddDelegatedBlock(delegated_try_block_index);
+      EndBlock(kExprDelegate);
+      break;
+    }
+    case kExprThrow: {
+      EMIT_INSTR_HANDLER(s2s_Throw);
+      EmitI32Const(instr.optional.index);
+
+      // Exception arguments are popped from the stack (in reverse order!)
+      const WasmTag& tag = module_->tags[instr.optional.index];
+      const WasmTagSig* sig = tag.sig;
+      DCHECK_GE(stack_.size(), sig->parameter_count());
+      size_t stack_index = stack_.size() - sig->parameter_count();
+      for (size_t index = 0; index < sig->parameter_count();
+           index++, stack_index++) {
+        ValueKind kind = sig->GetParam(index).kind();
+        DCHECK(CheckEqualKind(kind, slots_[stack_[stack_index]].kind()));
+        switch (kind) {
+          case kI32:
+          case kI64:
+          case kF32:
+          case kF64:
+          case kS128: {
+            uint32_t slot_offset = slots_[stack_[stack_index]].slot_offset;
+            Emit(&slot_offset, sizeof(uint32_t));
+            break;
+          }
+          case kRef:
+          case kRefNull: {
+            uint32_t ref_index = slots_[stack_[stack_index]].ref_stack_index;
+            Emit(&ref_index, sizeof(uint32_t));
+            break;
+          }
+          default:
+            UNREACHABLE();
+        }
+      }
+
+      stack_.resize(stack_.size() - sig->parameter_count());
+      eh_data_.RecordPotentialExceptionThrowingInstruction(instr.opcode,
+                                                           CurrentCodePos());
+      SetUnreachableMode();
+      break;
+    }
+    case kExprRethrow: {
+      EMIT_INSTR_HANDLER(s2s_Rethrow);
+      int32_t target_branch_index = GetTargetBranch(instr.optional.depth);
+      DCHECK(blocks_[target_branch_index].IsCatch() ||
+             blocks_[target_branch_index].IsCatchAll());
+      Emit(&target_branch_index, sizeof(int32_t));
+      eh_data_.RecordPotentialExceptionThrowingInstruction(instr.opcode,
+                                                           CurrentCodePos());
+      SetUnreachableMode();
+      break;
+    }
+    case kExprEnd: {
+      // If there is an 'if...end' statement without an 'else' branch, create
+      // a dummy else branch used to store results.
+      if (blocks_[current_block_index_].IsIf()) {
+        uint32_t if_block_index = current_block_index_;
+        DCHECK(!blocks_[if_block_index].HasElseBranch());
+        uint32_t params_count = ParamsCount(blocks_[if_block_index]);
+        if (params_count > 0) {
+          BeginElseBlock(if_block_index, true);
+          EMIT_INSTR_HANDLER(s2s_Else);
+          EmitIfElseBranchOffset();  // Jumps to the end of the 'else' block.
+        }
+      }
+
+      if (EndBlock(kExprEnd) < 0) {
+        Return();
+      }
+      break;
+    }
+    case kExprBr: {
+      int32_t target_branch_index = GetTargetBranch(instr.optional.depth);
+      StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBr);
+
+      EMIT_INSTR_HANDLER(s2s_Branch);
+      EmitBranchOffset(instr.optional.depth);
+      SetUnreachableMode();
+      break;
+    }
+    case kExprBrIf: {
+      int32_t target_branch_index = GetTargetBranch(instr.optional.depth);
+      const WasmBytecodeGenerator::BlockData& target_block_data =
+          blocks_[target_branch_index];
+      if (HasVoidSignature(target_block_data)) {
+        if (mode == kR2S) {
+          EMIT_INSTR_HANDLER(r2s_BranchIf);
+        } else {
+          DCHECK_EQ(mode, kS2S);
+          EMIT_INSTR_HANDLER(s2s_BranchIf);
+          I32Pop();  // condition
+        }
+        // Emit code offset to branch to if the condition is true.
+        EmitBranchOffset(instr.optional.depth);
+      } else {
+        if (mode == kR2S) {
+          EMIT_INSTR_HANDLER(r2s_BranchIfWithParams);
+        } else {
+          DCHECK_EQ(mode, kS2S);
+          EMIT_INSTR_HANDLER(s2s_BranchIfWithParams);
+          I32Pop();  // condition
+        }
+
+        // Emit code offset to branch to if the condition is not true.
+        const uint32_t if_false_code_offset = CurrentCodePos();
+        Emit(&if_false_code_offset, sizeof(if_false_code_offset));
+
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrIf);
+
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(instr.optional.depth);
+
+        // Patch the 'if-false' offset with the correct jump offset.
+        int32_t delta = CurrentCodePos() - if_false_code_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + if_false_code_offset),
+            delta);
+      }
+      break;
+    }
+    case kExprBrOnNull: {
+      DCHECK_EQ(mode, kS2S);
+      int32_t target_branch_index = GetTargetBranch(instr.optional.depth);
+      const WasmBytecodeGenerator::BlockData& target_block_data =
+          blocks_[target_branch_index];
+      if (HasVoidSignature(target_block_data)) {
+        EMIT_INSTR_HANDLER(s2s_BranchOnNull);
+        ValueType value_type = RefPop();  // pop condition
+        EmitI32Const(value_type.raw_bit_field());
+        // Remove nullability.
+        if (value_type.kind() == kRefNull) {
+          value_type = ValueType::Ref(value_type.heap_type());
+        }
+        RefPush(value_type);  // re-push condition value
+        // Emit code offset to branch to if the condition is true.
+        EmitBranchOffset(instr.optional.depth);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_BranchOnNullWithParams);
+        ValueType value_type = RefPop();  // pop condition
+        EmitI32Const(value_type.raw_bit_field());
+        // Remove nullability.
+        if (value_type.kind() == kRefNull) {
+          value_type = ValueType::Ref(value_type.heap_type());
+        }
+        RefPush(value_type);  // re-push condition value
+
+        // Emit code offset to branch to if the condition is not true.
+        const uint32_t if_false_code_offset = CurrentCodePos();
+        Emit(&if_false_code_offset, sizeof(if_false_code_offset));
+
+        uint32_t stack_top = stack_.back();
+        RefPop(false);  // Drop the null reference.
+
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrIf);
+
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(instr.optional.depth);
+
+        stack_.push_back(stack_top);  // re-push non-null ref on top of stack
+
+        // Patch the 'if-false' offset with the correct jump offset.
+        int32_t delta = CurrentCodePos() - if_false_code_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + if_false_code_offset),
+            delta);
+      }
+      break;
+    }
+    case kExprBrOnNonNull: {
+      DCHECK_EQ(mode, kS2S);
+      int32_t target_branch_index = GetTargetBranch(instr.optional.depth);
+      const WasmBytecodeGenerator::BlockData& target_block_data =
+          blocks_[target_branch_index];
+      if (HasVoidSignature(target_block_data)) {
+        EMIT_INSTR_HANDLER(s2s_BranchOnNonNull);
+        ValueType value_type = RefPop();  // pop condition
+        EmitI32Const(value_type.raw_bit_field());
+        RefPush(value_type);  // re-push condition value
+        // Emit code offset to branch to if the condition is true.
+        EmitBranchOffset(instr.optional.depth);
+      } else {
+        EMIT_INSTR_HANDLER(s2s_BranchOnNonNullWithParams);
+        ValueType value_type = RefPop();  // pop condition
+        EmitI32Const(value_type.raw_bit_field());
+        RefPush(value_type);  // re-push condition value
+
+        // Emit code offset to branch to if the condition is not true.
+        const uint32_t if_false_code_offset = CurrentCodePos();
+        Emit(&if_false_code_offset, sizeof(if_false_code_offset));
+
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrIf);
+
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(instr.optional.depth);
+
+        // Patch the 'if-false' offset with the correct jump offset.
+        int32_t delta = CurrentCodePos() - if_false_code_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + if_false_code_offset),
+            delta);
+
+        RefPop(false);  // Drop the null reference.
+      }
+      break;
+    }
+    case kExprBrOnCast: {
+      const BranchOnCastData& br_on_cast_data = instr.optional.br_on_cast_data;
+      const int32_t target_branch_index =
+          GetTargetBranch(br_on_cast_data.label_depth);
+      bool null_succeeds = br_on_cast_data.res_is_null;
+      const ValueType target_type =
+          ValueType::RefMaybeNull(br_on_cast_data.target_type,
+                                  null_succeeds ? kNullable : kNonNullable);
+
+      const ValueType obj_type = slots_[stack_.back()].value_type;
+      DCHECK(obj_type.is_object_reference());
+
+      // This logic ensures that code generation can assume that functions can
+      // only be cast to function types, and data objects to data types.
+      if (V8_UNLIKELY(
+              TypeCheckAlwaysSucceeds(obj_type, target_type.heap_type()))) {
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrOnCast);
+        // The branch will still not be taken on null if not {null_succeeds}.
+        if (obj_type.is_nullable() && !null_succeeds) {
+          EMIT_INSTR_HANDLER(s2s_BranchOnNull);
+          RefPop();  // pop condition
+          EmitI32Const(obj_type.raw_bit_field());
+          RefPush(target_type);  // re-push condition value with a new HeapType.
+          EmitBranchOffset(br_on_cast_data.label_depth);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_Branch);
+          EmitBranchOffset(br_on_cast_data.label_depth);
+        }
+      } else if (V8_LIKELY(!TypeCheckAlwaysFails(
+                     obj_type, target_type.heap_type(), null_succeeds))) {
+        EMIT_INSTR_HANDLER(s2s_BranchOnCast);
+        EmitI32Const(null_succeeds);
+        HeapType br_on_cast_data_target_type(br_on_cast_data.target_type);
+        EmitI32Const(br_on_cast_data_target_type.is_index()
+                         ? br_on_cast_data_target_type.representation()
+                         : target_type.heap_type().representation());
+        ValueType value_type = RefPop();
+        EmitI32Const(value_type.raw_bit_field());
+        RefPush(value_type);
+        // Emit code offset to branch to if the condition is not true.
+        const uint32_t no_branch_code_offset = CurrentCodePos();
+        Emit(&no_branch_code_offset, sizeof(no_branch_code_offset));
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrOnCast);
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(br_on_cast_data.label_depth);
+        // Patch the 'if-false' offset with the correct jump offset.
+        int32_t delta = CurrentCodePos() - no_branch_code_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + no_branch_code_offset),
+            delta);
+      }
+      break;
+    }
+    case kExprBrOnCastFail: {
+      const BranchOnCastData& br_on_cast_data = instr.optional.br_on_cast_data;
+      int32_t target_branch_index =
+          GetTargetBranch(br_on_cast_data.label_depth);
+      bool null_succeeds = br_on_cast_data.res_is_null;
+      HeapType br_on_cast_data_target_type(br_on_cast_data.target_type);
+      const ValueType target_type =
+          ValueType::RefMaybeNull(br_on_cast_data_target_type,
+                                  null_succeeds ? kNullable : kNonNullable);
+
+      const ValueType obj_type = slots_[stack_.back()].value_type;
+      DCHECK(obj_type.is_object_reference());
+
+      // This logic ensures that code generation can assume that functions can
+      // only be cast to function types, and data objects to data types.
+      if (V8_UNLIKELY(TypeCheckAlwaysFails(obj_type, target_type.heap_type(),
+                                           null_succeeds))) {
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrOnCast);
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(br_on_cast_data.label_depth);
+      } else if (V8_UNLIKELY(TypeCheckAlwaysSucceeds(
+                     obj_type, target_type.heap_type()))) {
+        // The branch can still be taken on null.
+        if (obj_type.is_nullable() && !null_succeeds) {
+          StoreBlockParamsAndResultsIntoSlots(target_branch_index,
+                                              kExprBrOnCast);
+          EMIT_INSTR_HANDLER(s2s_BranchOnNull);
+          RefPop();  // pop condition
+          EmitI32Const(obj_type.raw_bit_field());
+          RefPush(target_type);  // re-push condition value with a new HeapType.
+          EmitBranchOffset(br_on_cast_data.label_depth);
+        } else {
+          // Fallthrough.
+        }
+      } else {
+        EMIT_INSTR_HANDLER(s2s_BranchOnCastFail);
+        EmitI32Const(null_succeeds);
+        EmitI32Const(br_on_cast_data_target_type.is_index()
+                         ? br_on_cast_data_target_type.representation()
+                         : target_type.heap_type().representation());
+        ValueType value_type = RefPop();
+        EmitI32Const(value_type.raw_bit_field());
+        RefPush(value_type);
+        // Emit code offset to branch to if the condition is not true.
+        const uint32_t no_branch_code_offset = CurrentCodePos();
+        Emit(&no_branch_code_offset, sizeof(no_branch_code_offset));
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrOnCast);
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchOffset(br_on_cast_data.label_depth);
+        // Patch the 'if-false' offset with the correct jump offset.
+        int32_t delta = CurrentCodePos() - no_branch_code_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + no_branch_code_offset),
+            delta);
+      }
+      break;
+    }
+    case kExprBrTable: {
+      if (mode == kR2S) {
+        EMIT_INSTR_HANDLER(r2s_BrTable);
+      } else {
+        DCHECK_EQ(mode, kS2S);
+        EMIT_INSTR_HANDLER(s2s_BrTable);
+        I32Pop();  // branch label
+      }
+
+      // We emit the following bytecode for a br_table instruction:
+      // s2s_BrTable handler id
+      // (uint32) labels_count
+      // (uint32) offset branch 0
+      // (uint32) offset branch 1
+      // ...
+      // (uint32) offset branch labels_count - 1
+      // (uint32) offset branch labels_count (default branch)
+      // { Branch 0 slots }
+      // { Branch 1 slots }
+      // ...
+      // { Branch labels_count slots }
+      //
+      // Where each {Branch i slots} contains the slots to execute a Branch
+      // instruction:
+      // { CopySlots for branch results, if present }
+      // s2s_Branch handler id
+      // (uint32) branch_offset (to be patched later)
+      //
+      const uint32_t labels_count = instr.optional.br_table.table_count;
+      EmitI32Const(labels_count);
+      uint32_t labels_offset_start = CurrentCodePos();
+      for (uint32_t i = 0; i <= labels_count; i++) {
+        // Here we don't know what will be the offset of this branch yet, so we
+        // pass the current bytecode position as offset. This value will be
+        // overwritten in the next loop.
+        const uint32_t label_offset = CurrentCodePos();
+        Emit(&label_offset, sizeof(label_offset));
+      }
+      for (uint32_t i = 0; i <= labels_count; i++) {
+        uint32_t label =
+            br_table_labels_[instr.optional.br_table.labels_index + i];
+        int32_t target_branch_index = GetTargetBranch(label);
+        uint32_t branch_code_start = CurrentCodePos();
+        StoreBlockParamsAndResultsIntoSlots(target_branch_index, kExprBrTable);
+
+        EMIT_INSTR_HANDLER(s2s_Branch);
+        EmitBranchTableOffset(label, CurrentCodePos());
+
+        // Patch the branch offset with the correct jump offset.
+        uint32_t label_offset = labels_offset_start + i * sizeof(uint32_t);
+        int32_t delta = branch_code_start - label_offset;
+        base::WriteUnalignedValue<uint32_t>(
+            reinterpret_cast<Address>(code_.data() + label_offset), delta);
+      }
+      SetUnreachableMode();
+      break;
+    }
+    case kExprReturn: {
+      Return();
+      SetUnreachableMode();
+      break;
+    }
+    case kExprCallFunction:
+    case kExprReturnCall: {
+      uint32_t function_index = instr.optional.index;
+      const FunctionSig* sig = GetFunctionSignature(function_index);
+
+      // Layout of a frame:
+      // ------------------
+      // stack slot #N-1 ‾\
+      // ...              |
+      // stack slot #0   _/
+      // local #L-1      ‾\
+      // ...              |
+      // local #0        _/
+      // const #C-1      ‾\
+      // ...              |
+      // const #0        _/
+      // param #P-1      ‾\
+      // ...              |
+      // param #0        _/
+      // return #R-1     ‾\
+      // ...              |
+      // return #0       _/
+      // ------------------
+
+      const bool is_imported = (module_->functions[function_index].imported);
+      const bool is_tail_call = (instr.opcode == kExprReturnCall);
+      uint32_t slot_offset = GetStackFrameSize() * kSlotSize;
+      uint32_t ref_stack_fp_offset = ref_slots_count_;
+
+      std::vector<uint32_t> rets_slots;
+      rets_slots.resize(sig->return_count());
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        rets_slots[index] = is_tail_call ? static_cast<uint32_t>(index)
+                                         : CreateSlot(sig->GetReturn(index));
+      }
+
+      InitSlotsForFunctionArgs(sig, false);
+
+      if (is_imported) {
+        if (is_tail_call) {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_ReturnCallImportedFunction, instr.pc);
+          EmitI32Const(WasmBytecode::RetsSizeInSlots(sig) * kSlotSize);
+          EmitI32Const(WasmBytecode::ArgsSizeInSlots(sig) * kSlotSize);
+          EmitI32Const(WasmBytecode::RefRetsCount(sig));
+          EmitI32Const(WasmBytecode::RefArgsCount(sig));
+        } else {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_CallImportedFunction, instr.pc);
+        }
+      } else {
+        if (is_tail_call) {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_ReturnCall, instr.pc);
+          EmitI32Const(WasmBytecode::RetsSizeInSlots(sig) * kSlotSize);
+          EmitI32Const(WasmBytecode::ArgsSizeInSlots(sig) * kSlotSize);
+          EmitI32Const(WasmBytecode::RefRetsCount(sig));
+          EmitI32Const(WasmBytecode::RefArgsCount(sig));
+        } else {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_CallFunction, instr.pc);
+        }
+      }
+      EmitI32Const(function_index);
+      EmitI32Const(static_cast<uint32_t>(stack_.size()));
+      EmitI32Const(slot_offset);
+      EmitI32Const(ref_stack_fp_offset);
+
+      // Function arguments are popped from the stack.
+      for (size_t index = sig->parameter_count(); index > 0; index--) {
+        Pop(sig->GetParam(index - 1).kind(), false);
+      }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution) {
+        EmitI32Const(rets_slots.empty()
+                         ? 0
+                         : slots_[rets_slots[0]].slot_offset * kSlotSize);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+      if (!is_tail_call) {
+        eh_data_.RecordPotentialExceptionThrowingInstruction(instr.opcode,
+                                                             CurrentCodePos());
+      }
+
+      // Function results are pushed to the stack.
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        const ValueType value_type = sig->GetReturn(index);
+        const ValueKind kind = value_type.kind();
+        switch (kind) {
+          case kI32:
+          case kI64:
+          case kF32:
+          case kF64:
+          case kS128:
+          case kRef:
+          case kRefNull:
+            PushSlot(rets_slots[index]);
+            SetSlotType(stack_top_index(), value_type);
+            break;
+          default:
+            UNREACHABLE();
+        }
+      }
+
+      // If this is a tail call, the following instructions in this block are
+      // unreachable.
+      if (is_tail_call) {
+        SetUnreachableMode();
+      }
+
+      return RegMode::kNoReg;
+    }
+    case kExprCallIndirect:
+    case kExprReturnCallIndirect: {
+      const FunctionSig* sig =
+          module_->signature(instr.optional.indirect_call.sig_index);
+
+      const bool is_tail_call = (instr.opcode == kExprReturnCallIndirect);
+      uint32_t slot_offset = GetStackFrameSize() * kSlotSize;
+      uint32_t ref_stack_fp_offset = ref_slots_count_;
+
+      // Reserve space for return values.
+      std::vector<uint32_t> rets_slots;
+      rets_slots.resize(sig->return_count());
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        rets_slots[index] = is_tail_call ? static_cast<uint32_t>(index)
+                                         : CreateSlot(sig->GetReturn(index));
+      }
+
+      InitSlotsForFunctionArgs(sig, true);
+
+      if (is_tail_call) {
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_ReturnCallIndirect, instr.pc);
+        EmitI32Const(WasmBytecode::RetsSizeInSlots(sig) * kSlotSize);
+        EmitI32Const(WasmBytecode::ArgsSizeInSlots(sig) * kSlotSize);
+        EmitI32Const(WasmBytecode::RefRetsCount(sig));
+        EmitI32Const(WasmBytecode::RefArgsCount(sig));
+      } else {
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_CallIndirect, instr.pc);
+      }
+
+      // Pops the index of the function to call.
+      I32Pop();
+
+      EmitI32Const(instr.optional.indirect_call.table_index);
+      EmitI32Const(instr.optional.indirect_call.sig_index);
+
+      EmitI32Const(stack_size());
+      EmitI32Const(slot_offset);
+      EmitI32Const(ref_stack_fp_offset);
+
+      // Function arguments are popped from the stack.
+      for (size_t index = sig->parameter_count(); index > 0; index--) {
+        Pop(sig->GetParam(index - 1).kind(), false);
+      }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution) {
+        EmitI32Const(rets_slots.empty()
+                         ? 0
+                         : slots_[rets_slots[0]].slot_offset * kSlotSize);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+      if (!is_tail_call) {
+        eh_data_.RecordPotentialExceptionThrowingInstruction(instr.opcode,
+                                                             CurrentCodePos());
+      }
+
+      // Function result is pushed to the stack.
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        ValueType value_type = sig->GetReturn(index);
+        switch (value_type.kind()) {
+          case kI32:
+          case kI64:
+          case kF32:
+          case kF64:
+          case kS128:
+          case kRef:
+          case kRefNull:
+            PushSlot(rets_slots[index]);
+            SetSlotType(stack_top_index(), value_type);
+            break;
+          default:
+            UNREACHABLE();
+        }
+      }
+
+      // If this is a tail call, the following instructions in this block are
+      // unreachable.
+      if (is_tail_call) {
+        SetUnreachableMode();
+      }
+
+      return RegMode::kNoReg;
+    }
+
+    case kExprCallRef:
+    case kExprReturnCallRef: {
+      const FunctionSig* sig = module_->signature(instr.optional.index);
+      const bool is_tail_call = (instr.opcode == kExprReturnCallRef);
+      uint32_t slot_offset = GetStackFrameSize() * kSlotSize;
+      uint32_t ref_stack_fp_offset = ref_slots_count_;
+
+      // Reserve space for return values.
+      std::vector<uint32_t> rets_slots;
+      rets_slots.resize(sig->return_count());
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        rets_slots[index] = is_tail_call ? static_cast<uint32_t>(index)
+                                         : CreateSlot(sig->GetReturn(index));
+      }
+
+      InitSlotsForFunctionArgs(sig, true);
+
+      if (is_tail_call) {
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_ReturnCallRef, instr.pc);
+        EmitI32Const(WasmBytecode::RetsSizeInSlots(sig) * kSlotSize);
+        EmitI32Const(WasmBytecode::ArgsSizeInSlots(sig) * kSlotSize);
+        EmitI32Const(WasmBytecode::RefRetsCount(sig));
+        EmitI32Const(WasmBytecode::RefArgsCount(sig));
+      } else {
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_CallRef, instr.pc);
+      }
+
+      // Pops the function to call.
+      RefPop();
+
+      EmitI32Const(instr.optional.index);  // Signature index.
+      EmitI32Const(stack_size());
+      EmitI32Const(slot_offset);
+      EmitI32Const(ref_stack_fp_offset);
+
+      // Function arguments are popped from the stack.
+      for (size_t index = sig->parameter_count(); index > 0; index--) {
+        Pop(sig->GetParam(index - 1).kind(), false);
+      }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      if (v8_flags.trace_drumbrake_execution) {
+        EmitI32Const(rets_slots.empty()
+                         ? 0
+                         : slots_[rets_slots[0]].slot_offset * kSlotSize);
+      }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+      if (!is_tail_call) {
+        eh_data_.RecordPotentialExceptionThrowingInstruction(instr.opcode,
+                                                             CurrentCodePos());
+      }
+
+      // Function result is pushed to the stack.
+      for (size_t index = 0; index < sig->return_count(); index++) {
+        const ValueType value_type = sig->GetReturn(index);
+        const ValueKind kind = value_type.kind();
+        switch (kind) {
+          case kI32:
+          case kI64:
+          case kF32:
+          case kF64:
+          case kS128:
+          case kRef:
+          case kRefNull:
+            PushSlot(rets_slots[index]);
+            SetSlotType(stack_top_index(), value_type);
+            break;
+          default:
+            UNREACHABLE();
+        }
+      }
+
+      // If this is a tail call, the following instructions in this block are
+      // unreachable.
+      if (is_tail_call) {
+        SetUnreachableMode();
+      }
+
+      return RegMode::kNoReg;
+    }
+
+    case kExprDrop: {
+      switch (top_stack_slot_type) {
+        case kI32:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I32Drop);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I32Drop);
+              I32Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kI64:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I64Drop);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I64Drop);
+              I64Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF32:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F32Drop);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F32Drop);
+              F32Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF64:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F64Drop);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F64Drop);
+              F64Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_S128Drop);
+              S128Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_RefDrop);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_RefDrop);
+              RefPop();
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+    case kExprSelect:
+    case kExprSelectWithType: {
+      DCHECK_GE(stack_size(), 2);
+      switch (slots_[stack_[stack_size() - 2]].kind()) {
+        case kI32:
+          switch (mode) {
+            case kR2R:
+              EMIT_INSTR_HANDLER(r2r_I32Select);
+              I32Pop();  // val2
+              I32Pop();  // val1
+              return RegMode::kI32Reg;
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I32Select);
+              I32Pop();   // val2
+              I32Pop();   // val1
+              I32Push();  // result
+              return RegMode::kNoReg;
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_I32Select);
+              I32Pop();  // condition
+              I32Pop();  // val2
+              I32Pop();  // val1
+              return RegMode::kI32Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I32Select);
+              I32Pop();   // condition
+              I32Pop();   // val2
+              I32Pop();   // val1
+              I32Push();  // result
+              return RegMode::kNoReg;
+          }
+          break;
+        case kI64:
+          switch (mode) {
+            case kR2R:
+              EMIT_INSTR_HANDLER(r2r_I64Select);
+              I64Pop();  // val2
+              I64Pop();  // val1
+              return RegMode::kI64Reg;
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I64Select);
+              I64Pop();   // val2
+              I64Pop();   // val1
+              I64Push();  // result
+              return RegMode::kNoReg;
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_I64Select);
+              I32Pop();  // condition
+              I64Pop();  // val2
+              I64Pop();  // val1
+              return RegMode::kI64Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I64Select);
+              I32Pop();  // condition
+              I64Pop();
+              I64Pop();
+              I64Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF32:
+          switch (mode) {
+            case kR2R:
+              EMIT_INSTR_HANDLER(r2r_F32Select);
+              F32Pop();  // val2
+              F32Pop();  // val1
+              return RegMode::kF32Reg;
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F32Select);
+              F32Pop();   // val2
+              F32Pop();   // val1
+              F32Push();  // result
+              return RegMode::kNoReg;
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_F32Select);
+              I32Pop();  // condition
+              F32Pop();  // val2
+              F32Pop();  // val1
+              return RegMode::kF32Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F32Select);
+              I32Pop();  // condition
+              F32Pop();
+              F32Pop();
+              F32Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF64:
+          switch (mode) {
+            case kR2R:
+              EMIT_INSTR_HANDLER(r2r_F64Select);
+              F64Pop();  // val2
+              F64Pop();  // val1
+              return RegMode::kF64Reg;
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F64Select);
+              F64Pop();   // val2
+              F64Pop();   // val1
+              F64Push();  // result
+              return RegMode::kNoReg;
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_F64Select);
+              I32Pop();  // condition
+              F64Pop();  // val2
+              F64Pop();  // val1
+              return RegMode::kF64Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F64Select);
+              I32Pop();  // condition
+              F64Pop();
+              F64Pop();
+              F64Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_S128Select);
+              S128Pop();
+              S128Pop();
+              S128Push();
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_S128Select);
+              I32Pop();  // condition
+              S128Pop();
+              S128Pop();
+              S128Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S: {
+              EMIT_INSTR_HANDLER(r2s_RefSelect);
+              RefPop();                   // val2
+              ValueType type = RefPop();  // val1
+              RefPush(type);              // result
+              return RegMode::kNoReg;
+            }
+            case kS2S: {
+              EMIT_INSTR_HANDLER(s2s_RefSelect);
+              I32Pop();  // condition
+              RefPop();
+              ValueType type = RefPop();
+              RefPush(type);
+              return RegMode::kNoReg;
+            }
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprLocalGet: {
+      switch (slots_[stack_[instr.optional.index]].kind()) {
+        case kI32:
+        case kI64:
+        case kF32:
+        case kF64:
+        case kS128:
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              PushCopySlot(instr.optional.index);
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+    case kExprLocalSet: {
+      DCHECK_LE(instr.optional.index, stack_size());
+      // Validation ensures that the target slot type must be the same as the
+      // stack top slot type.
+      const ValueType value_type =
+          slots_[stack_[instr.optional.index]].value_type;
+      const ValueKind kind = value_type.kind();
+      DCHECK(CheckEqualKind(kind, top_stack_slot_type));
+      switch (kind) {
+        case kI32:
+        case kI64:
+        case kF32:
+        case kF64:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              CopyToSlotAndPop(value_type, instr.optional.index, false, true);
+              return RegMode::kNoReg;
+            case kS2S:
+              CopyToSlotAndPop(value_type, instr.optional.index, false, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              CopyToSlotAndPop(value_type, instr.optional.index, false, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              CopyToSlotAndPop(slots_[stack_.back()].value_type,
+                               instr.optional.index, false, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+    case kExprLocalTee: {
+      DCHECK_LE(instr.optional.index, stack_size());
+      // Validation ensures that the target slot type must be the same as the
+      // stack top slot type.
+      const ValueType value_type =
+          slots_[stack_[instr.optional.index]].value_type;
+      const ValueKind kind = value_type.kind();
+      DCHECK(CheckEqualKind(kind, top_stack_slot_type));
+      switch (kind) {
+        case kI32:
+        case kI64:
+        case kF32:
+        case kF64:
+          switch (mode) {
+            case kR2R:
+              CopyToSlotAndPop(value_type, instr.optional.index, true, true);
+              return GetRegMode(value_type.kind());
+            case kR2S:
+              UNREACHABLE();
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              CopyToSlotAndPop(value_type, instr.optional.index, true, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              CopyToSlotAndPop(value_type, instr.optional.index, true, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              CopyToSlotAndPop(slots_[stack_.back()].value_type,
+                               instr.optional.index, true, false);
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+    case kExprGlobalGet: {
+      switch (GetGlobalType(instr.optional.index)) {
+        case kI32:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+              UNREACHABLE();
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_I32GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kI32Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I32GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              I32Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kI64:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+              UNREACHABLE();
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_I64GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kI64Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I64GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              I64Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF32:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+              UNREACHABLE();
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_F32GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kF32Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F32GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              F32Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF64:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+              UNREACHABLE();
+            case kS2R:
+              EMIT_INSTR_HANDLER(s2r_F64GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kF64Reg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F64GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              F64Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_S128GlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              S128Push();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_RefGlobalGet);
+              EmitGlobalIndex(instr.optional.index);
+              RefPush(module_->globals[instr.optional.index].type);
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+    case kExprGlobalSet: {
+      switch (top_stack_slot_type) {
+        case kI32:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I32GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I32GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              I32Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kI64:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_I64GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_I64GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              I64Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF32:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F32GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F32GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              F32Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kF64:
+          switch (mode) {
+            case kR2R:
+            case kS2R:
+              UNREACHABLE();
+            case kR2S:
+              EMIT_INSTR_HANDLER(r2s_F64GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              return RegMode::kNoReg;
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_F64GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              F64Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kS128:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_S128GlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              S128Pop();
+              return RegMode::kNoReg;
+          }
+          break;
+        case kRef:
+        case kRefNull:
+          switch (mode) {
+            case kR2R:
+            case kR2S:
+            case kS2R:
+              UNREACHABLE();
+            case kS2S:
+              EMIT_INSTR_HANDLER(s2s_RefGlobalSet);
+              EmitGlobalIndex(instr.optional.index);
+              RefPop();
+              return RegMode::kNoReg;
+          }
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprTableGet: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_TableGet, instr.pc);
+      EmitI32Const(instr.optional.index);
+      I32Pop();
+      RefPush(module_->tables[instr.optional.index].type);
+      break;
+    }
+
+    case kExprTableSet: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_TableSet, instr.pc);
+      EmitI32Const(instr.optional.index);
+      RefPop();
+      I32Pop();
+      break;
+    }
+
+#define LOAD_CASE(name, ctype, mtype, rep, type)          \
+  case kExpr##name: {                                     \
+    switch (mode) {                                       \
+      case kR2R:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(r2r_##name, instr.pc); \
+        EmitI64Const(instr.optional.offset);              \
+        return RegMode::k##type##Reg;                     \
+      case kR2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(r2s_##name, instr.pc); \
+        EmitI64Const(instr.optional.offset);              \
+        type##Push();                                     \
+        return RegMode::kNoReg;                           \
+      case kS2R:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(s2r_##name, instr.pc); \
+        EmitI64Const(instr.optional.offset);              \
+        I32Pop();                                         \
+        return RegMode::k##type##Reg;                     \
+      case kS2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc); \
+        EmitI64Const(instr.optional.offset);              \
+        I32Pop();                                         \
+        type##Push();                                     \
+        return RegMode::kNoReg;                           \
+    }                                                     \
+    break;                                                \
+  }
+      LOAD_CASE(I32LoadMem8S, int32_t, int8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem8U, int32_t, uint8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem16S, int32_t, int16_t, kWord16, I32);
+      LOAD_CASE(I32LoadMem16U, int32_t, uint16_t, kWord16, I32);
+      LOAD_CASE(I64LoadMem8S, int64_t, int8_t, kWord8, I64);
+      LOAD_CASE(I64LoadMem8U, int64_t, uint8_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16S, int64_t, int16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16U, int64_t, uint16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem32S, int64_t, int32_t, kWord32, I64);
+      LOAD_CASE(I64LoadMem32U, int64_t, uint32_t, kWord32, I64);
+      LOAD_CASE(I32LoadMem, int32_t, int32_t, kWord32, I32);
+      LOAD_CASE(I64LoadMem, int64_t, int64_t, kWord64, I64);
+      LOAD_CASE(F32LoadMem, Float32, uint32_t, kFloat32, F32);
+      LOAD_CASE(F64LoadMem, Float64, uint64_t, kFloat64, F64);
+#undef LOAD_CASE
+
+#define STORE_CASE(name, ctype, mtype, rep, type)         \
+  case kExpr##name: {                                     \
+    switch (mode) {                                       \
+      case kR2R:                                          \
+      case kS2R:                                          \
+        UNREACHABLE();                                    \
+        break;                                            \
+      case kR2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(r2s_##name, instr.pc); \
+        EmitI64Const(instr.optional.offset);              \
+        I32Pop();                                         \
+        return RegMode::kNoReg;                           \
+      case kS2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc); \
+        type##Pop();                                      \
+        EmitI64Const(instr.optional.offset);              \
+        I32Pop();                                         \
+        return RegMode::kNoReg;                           \
+    }                                                     \
+    break;                                                \
+  }
+      STORE_CASE(I32StoreMem8, int32_t, int8_t, kWord8, I32);
+      STORE_CASE(I32StoreMem16, int32_t, int16_t, kWord16, I32);
+      STORE_CASE(I64StoreMem8, int64_t, int8_t, kWord8, I64);
+      STORE_CASE(I64StoreMem16, int64_t, int16_t, kWord16, I64);
+      STORE_CASE(I64StoreMem32, int64_t, int32_t, kWord32, I64);
+      STORE_CASE(I32StoreMem, int32_t, int32_t, kWord32, I32);
+      STORE_CASE(I64StoreMem, int64_t, int64_t, kWord64, I64);
+      STORE_CASE(F32StoreMem, Float32, uint32_t, kFloat32, F32);
+      STORE_CASE(F64StoreMem, Float64, uint64_t, kFloat64, F64);
+#undef STORE_CASE
+
+    case kExprMemoryGrow: {
+      EMIT_INSTR_HANDLER(s2s_MemoryGrow);
+      I32Pop();
+      I32Push();
+      break;
+    }
+    case kExprMemorySize:
+      EMIT_INSTR_HANDLER(s2s_MemorySize);
+      if (IsMemory64()) {
+        I64Push();
+      } else {
+        I32Push();
+      }
+      break;
+
+    case kExprI32Const: {
+      switch (mode) {
+        case kR2R:
+        case kR2S:
+        case kS2R:
+          UNREACHABLE();
+        case kS2S:
+          PushConstSlot<int32_t>(instr.optional.i32);
+          return RegMode::kNoReg;
+      }
+      break;
+    }
+    case kExprI64Const: {
+      switch (mode) {
+        case kR2R:
+        case kR2S:
+        case kS2R:
+          UNREACHABLE();
+        case kS2S:
+          PushConstSlot<int64_t>(instr.optional.i64);
+          return RegMode::kNoReg;
+      }
+      break;
+    }
+    case kExprF32Const: {
+      switch (mode) {
+        case kR2R:
+        case kR2S:
+        case kS2R:
+          UNREACHABLE();
+        case kS2S:
+          PushConstSlot<float>(instr.optional.f32);
+          return RegMode::kNoReg;
+      }
+      break;
+    }
+    case kExprF64Const: {
+      switch (mode) {
+        case kR2R:
+        case kR2S:
+        case kS2R:
+          UNREACHABLE();
+        case kS2S:
+          PushConstSlot<double>(instr.optional.f64);
+          return RegMode::kNoReg;
+      }
+      break;
+    }
+
+#define EXECUTE_BINOP(name, ctype, reg, op, type) \
+  case kExpr##name: {                             \
+    switch (mode) {                               \
+      case kR2R:                                  \
+        EMIT_INSTR_HANDLER(r2r_##name);           \
+        type##Pop();                              \
+        return RegMode::kI32Reg;                  \
+      case kR2S:                                  \
+        EMIT_INSTR_HANDLER(r2s_##name);           \
+        type##Pop();                              \
+        I32Push();                                \
+        return RegMode::kNoReg;                   \
+      case kS2R:                                  \
+        EMIT_INSTR_HANDLER(s2r_##name);           \
+        type##Pop();                              \
+        type##Pop();                              \
+        return RegMode::kI32Reg;                  \
+      case kS2S:                                  \
+        EMIT_INSTR_HANDLER(s2s_##name);           \
+        type##Pop();                              \
+        type##Pop();                              \
+        I32Push();                                \
+        return RegMode::kNoReg;                   \
+    }                                             \
+    break;                                        \
+  }
+      FOREACH_COMPARISON_BINOP(EXECUTE_BINOP)
+#undef EXECUTE_BINOP
+
+#define EXECUTE_BINOP(name, ctype, reg, op, type) \
+  case kExpr##name: {                             \
+    switch (mode) {                               \
+      case kR2R:                                  \
+        EMIT_INSTR_HANDLER(r2r_##name);           \
+        type##Pop();                              \
+        return RegMode::k##type##Reg;             \
+      case kR2S:                                  \
+        EMIT_INSTR_HANDLER(r2s_##name);           \
+        type##Pop();                              \
+        type##Push();                             \
+        return RegMode::kNoReg;                   \
+      case kS2R:                                  \
+        EMIT_INSTR_HANDLER(s2r_##name);           \
+        type##Pop();                              \
+        type##Pop();                              \
+        return RegMode::k##type##Reg;             \
+      case kS2S:                                  \
+        EMIT_INSTR_HANDLER(s2s_##name);           \
+        type##Pop();                              \
+        type##Pop();                              \
+        type##Push();                             \
+        return RegMode::kNoReg;                   \
+    }                                             \
+    break;                                        \
+  }
+      FOREACH_ARITHMETIC_BINOP(EXECUTE_BINOP)
+      FOREACH_MORE_BINOP(EXECUTE_BINOP)
+#undef EXECUTE_BINOP
+
+#define EXECUTE_BINOP(name, ctype, reg, op, type)         \
+  case kExpr##name: {                                     \
+    switch (mode) {                                       \
+      case kR2R:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(r2r_##name, instr.pc); \
+        type##Pop();                                      \
+        return RegMode::k##type##Reg;                     \
+      case kR2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(r2s_##name, instr.pc); \
+        type##Pop();                                      \
+        type##Push();                                     \
+        return RegMode::kNoReg;                           \
+      case kS2R:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(s2r_##name, instr.pc); \
+        type##Pop();                                      \
+        type##Pop();                                      \
+        return RegMode::k##type##Reg;                     \
+      case kS2S:                                          \
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc); \
+        type##Pop();                                      \
+        type##Pop();                                      \
+        type##Push();                                     \
+        return RegMode::kNoReg;                           \
+    }                                                     \
+    break;                                                \
+  }
+      FOREACH_TRAPPING_BINOP(EXECUTE_BINOP)
+#undef EXECUTE_BINOP
+
+#define EXECUTE_UNOP(name, ctype, reg, op, type) \
+  case kExpr##name: {                            \
+    switch (mode) {                              \
+      case kR2R:                                 \
+        EMIT_INSTR_HANDLER(r2r_##name);          \
+        return RegMode::k##type##Reg;            \
+      case kR2S:                                 \
+        EMIT_INSTR_HANDLER(r2s_##name);          \
+        type##Push();                            \
+        return RegMode::kNoReg;                  \
+      case kS2R:                                 \
+        EMIT_INSTR_HANDLER(s2r_##name);          \
+        type##Pop();                             \
+        return RegMode::k##type##Reg;            \
+      case kS2S:                                 \
+        EMIT_INSTR_HANDLER(s2s_##name);          \
+        type##Pop();                             \
+        type##Push();                            \
+        return RegMode::kNoReg;                  \
+    }                                            \
+    break;                                       \
+  }
+      FOREACH_SIMPLE_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                     to_reg)                                                   \
+  case kExpr##name: {                                                          \
+    switch (mode) {                                                            \
+      case kR2R:                                                               \
+        EMIT_INSTR_HANDLER(r2r_##name);                                        \
+        return RegMode::k##to_type##Reg;                                       \
+      case kR2S:                                                               \
+        EMIT_INSTR_HANDLER(r2s_##name);                                        \
+        to_type##Push();                                                       \
+        return RegMode::kNoReg;                                                \
+      case kS2R:                                                               \
+        EMIT_INSTR_HANDLER(s2r_##name);                                        \
+        from_type##Pop();                                                      \
+        return RegMode::k##to_type##Reg;                                       \
+      case kS2S:                                                               \
+        EMIT_INSTR_HANDLER(s2s_##name);                                        \
+        from_type##Pop();                                                      \
+        to_type##Push();                                                       \
+        return RegMode::kNoReg;                                                \
+    }                                                                          \
+    break;                                                                     \
+  }
+      FOREACH_ADDITIONAL_CONVERT_UNOP(EXECUTE_UNOP)
+      FOREACH_OTHER_CONVERT_UNOP(EXECUTE_UNOP)
+      FOREACH_REINTERPRET_UNOP(EXECUTE_UNOP)
+      FOREACH_TRUNCSAT_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, from_reg, to_ctype, to_type, \
+                     to_reg)                                                   \
+  case kExpr##name: {                                                          \
+    switch (mode) {                                                            \
+      case kR2R:                                                               \
+        EMIT_INSTR_HANDLER_WITH_PC(r2r_##name, instr.pc);                      \
+        return RegMode::k##to_type##Reg;                                       \
+      case kR2S:                                                               \
+        EMIT_INSTR_HANDLER_WITH_PC(r2s_##name, instr.pc);                      \
+        to_type##Push();                                                       \
+        return RegMode::kNoReg;                                                \
+      case kS2R:                                                               \
+        EMIT_INSTR_HANDLER_WITH_PC(s2r_##name, instr.pc);                      \
+        from_type##Pop();                                                      \
+        return RegMode::k##to_type##Reg;                                       \
+      case kS2S:                                                               \
+        EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc);                      \
+        from_type##Pop();                                                      \
+        to_type##Push();                                                       \
+        return RegMode::kNoReg;                                                \
+    }                                                                          \
+    break;                                                                     \
+  }
+      FOREACH_I64_CONVERT_FROM_FLOAT_UNOP(EXECUTE_UNOP)
+      FOREACH_I32_CONVERT_FROM_FLOAT_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, to_ctype, to_type, op) \
+  case kExpr##name: {                                                    \
+    switch (mode) {                                                      \
+      case kR2R:                                                         \
+        EMIT_INSTR_HANDLER(r2r_##name);                                  \
+        return RegMode::k##to_type##Reg;                                 \
+      case kR2S:                                                         \
+        EMIT_INSTR_HANDLER(r2s_##name);                                  \
+        to_type##Push();                                                 \
+        return RegMode::kNoReg;                                          \
+      case kS2R:                                                         \
+        EMIT_INSTR_HANDLER(s2r_##name);                                  \
+        from_type##Pop();                                                \
+        return RegMode::k##to_type##Reg;                                 \
+      case kS2S:                                                         \
+        EMIT_INSTR_HANDLER(s2s_##name);                                  \
+        from_type##Pop();                                                \
+        to_type##Push();                                                 \
+        return RegMode::kNoReg;                                          \
+    }                                                                    \
+    break;                                                               \
+  }
+      FOREACH_BITS_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+#define EXECUTE_UNOP(name, from_ctype, from_type, to_ctype, to_type) \
+  case kExpr##name: {                                                \
+    switch (mode) {                                                  \
+      case kR2R:                                                     \
+        EMIT_INSTR_HANDLER(r2r_##name);                              \
+        return RegMode::k##to_type##Reg;                             \
+      case kR2S:                                                     \
+        EMIT_INSTR_HANDLER(r2s_##name);                              \
+        to_type##Push();                                             \
+        return RegMode::kNoReg;                                      \
+      case kS2R:                                                     \
+        EMIT_INSTR_HANDLER(s2r_##name);                              \
+        from_type##Pop();                                            \
+        return RegMode::k##to_type##Reg;                             \
+      case kS2S:                                                     \
+        EMIT_INSTR_HANDLER(s2s_##name);                              \
+        from_type##Pop();                                            \
+        to_type##Push();                                             \
+        return RegMode::kNoReg;                                      \
+    }                                                                \
+    break;                                                           \
+  }
+      FOREACH_EXTENSION_UNOP(EXECUTE_UNOP)
+#undef EXECUTE_UNOP
+
+    case kExprRefNull: {
+      EMIT_INSTR_HANDLER(s2s_RefNull);
+      ValueType value_type =
+          ValueType::RefNull(HeapType(instr.optional.ref_type));
+      EmitI32Const(value_type.raw_bit_field());
+      RefPush(value_type);
+      break;
+    }
+
+    case kExprRefIsNull:
+      EMIT_INSTR_HANDLER(s2s_RefIsNull);
+      RefPop();
+      I32Push();
+      break;
+
+    case kExprRefFunc: {
+      EMIT_INSTR_HANDLER(s2s_RefFunc);
+      EmitI32Const(instr.optional.index);
+      ValueType value_type =
+          ValueType::Ref(module_->functions[instr.optional.index].sig_index);
+      RefPush(value_type);
+      break;
+    }
+
+    case kExprRefEq:
+      EMIT_INSTR_HANDLER(s2s_RefEq);
+      RefPop();
+      RefPop();
+      I32Push();
+      break;
+
+    case kExprRefAsNonNull: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_RefAsNonNull, instr.pc);
+      ValueType value_type = RefPop();
+      RefPush(value_type);
+      break;
+    }
+
+    case kExprStructNew: {
+      EMIT_INSTR_HANDLER(s2s_StructNew);
+      EmitI32Const(instr.optional.index);
+      // Pops args
+      const StructType* struct_type =
+          module_->struct_type(instr.optional.gc_field_immediate.struct_index);
+      for (uint32_t i = struct_type->field_count(); i > 0;) {
+        i--;
+        ValueKind kind = struct_type->field(i).kind();
+        Pop(kind);
+      }
+
+      RefPush(ValueType::Ref(instr.optional.index));
+      break;
+    }
+
+    case kExprStructNewDefault: {
+      EMIT_INSTR_HANDLER(s2s_StructNewDefault);
+      EmitI32Const(instr.optional.index);
+      RefPush(ValueType::Ref(instr.optional.index));
+      break;
+    }
+
+    case kExprStructGet:
+    case kExprStructGetS:
+    case kExprStructGetU: {
+      bool is_signed = (instr.opcode == wasm::kExprStructGetS);
+      const StructType* struct_type =
+          module_->struct_type(instr.optional.gc_field_immediate.struct_index);
+      uint32_t field_index = instr.optional.gc_field_immediate.field_index;
+      ValueType value_type = struct_type->field(field_index);
+      ValueKind kind = value_type.kind();
+      int offset = StructFieldOffset(struct_type, field_index);
+      switch (kind) {
+        case kI8:
+          if (is_signed) {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I8SStructGet, instr.pc);
+          } else {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I8UStructGet, instr.pc);
+          }
+          RefPop();
+          EmitI32Const(offset);
+          I32Push();
+          break;
+        case kI16:
+          if (is_signed) {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I16SStructGet, instr.pc);
+          } else {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I16UStructGet, instr.pc);
+          }
+          RefPop();
+          EmitI32Const(offset);
+          I32Push();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32StructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          I32Push();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64StructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          I64Push();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32StructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          F32Push();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64StructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          F64Push();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128StructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          S128Push();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefStructGet, instr.pc);
+          RefPop();
+          EmitI32Const(offset);
+          RefPush(value_type);
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprStructSet: {
+      const StructType* struct_type =
+          module_->struct_type(instr.optional.gc_field_immediate.struct_index);
+      uint32_t field_index = instr.optional.gc_field_immediate.field_index;
+      int offset = StructFieldOffset(struct_type, field_index);
+      ValueKind kind = struct_type->field(field_index).kind();
+      switch (kind) {
+        case kI8:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I8StructSet, instr.pc);
+          EmitI32Const(offset);
+          I32Pop();
+          break;
+        case kI16:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I16StructSet, instr.pc);
+          EmitI32Const(offset);
+          I32Pop();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32StructSet, instr.pc);
+          EmitI32Const(offset);
+          I32Pop();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64StructSet, instr.pc);
+          EmitI32Const(offset);
+          I64Pop();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32StructSet, instr.pc);
+          EmitI32Const(offset);
+          F32Pop();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64StructSet, instr.pc);
+          EmitI32Const(offset);
+          F64Pop();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128StructSet, instr.pc);
+          EmitI32Const(offset);
+          S128Pop();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefStructSet, instr.pc);
+          EmitI32Const(offset);
+          RefPop();
+          break;
+        default:
+          UNREACHABLE();
+      }
+      RefPop();  // The object to set the field to.
+      break;
+    }
+
+    case kExprArrayNew: {
+      uint32_t array_index = instr.optional.gc_array_new_fixed.array_index;
+      const ArrayType* array_type = module_->array_type(array_index);
+      ValueType element_type = array_type->element_type();
+      ValueKind kind = element_type.kind();
+
+      // Pop a single value to be used to initialize the array.
+      switch (kind) {
+        case kI8:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I8ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();  // Array length.
+          I32Pop();  // Initialization value.
+          break;
+        case kI16:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I16ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          I32Pop();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          I32Pop();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          I64Pop();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          F32Pop();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          F64Pop();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128ArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          S128Pop();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefArrayNew, instr.pc);
+          EmitI32Const(array_index);
+          I32Pop();
+          RefPop();
+          break;
+        default:
+          UNREACHABLE();
+      }
+      RefPush(ValueType::Ref(array_index));  // Push the new array.
+      break;
+    }
+
+    case kExprArrayNewFixed: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayNewFixed, instr.pc);
+      uint32_t length = instr.optional.gc_array_new_fixed.length;
+      uint32_t array_index = instr.optional.gc_array_new_fixed.array_index;
+      EmitI32Const(array_index);
+      EmitI32Const(length);
+      const ArrayType* array_type = module_->array_type(array_index);
+      ValueType element_type = array_type->element_type();
+      ValueKind kind = element_type.kind();
+      // Pop values to initialize the array.
+      for (uint32_t i = 0; i < length; i++) {
+        switch (kind) {
+          case kI8:
+          case kI16:
+          case kI32:
+            I32Pop();
+            break;
+          case kI64:
+            I64Pop();
+            break;
+          case kF32:
+            F32Pop();
+            break;
+          case kF64:
+            F64Pop();
+            break;
+          case kS128:
+            S128Pop();
+            break;
+          case kRef:
+          case kRefNull:
+            RefPop();
+            break;
+          default:
+            UNREACHABLE();
+        }
+      }
+      RefPush(ValueType::Ref(array_index));  // Push the new array.
+      break;
+    }
+
+    case kExprArrayNewDefault: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayNewDefault, instr.pc);
+      EmitI32Const(instr.optional.index);
+      I32Pop();
+      RefPush(ValueType::Ref(instr.optional.index));  // Push the new array.
+      break;
+    }
+
+    case kExprArrayNewData: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayNewData, instr.pc);
+      uint32_t array_index =
+          instr.optional.gc_array_new_or_init_data.array_index;
+      EmitI32Const(array_index);
+      uint32_t data_index = instr.optional.gc_array_new_or_init_data.data_index;
+      EmitI32Const(data_index);
+      I32Pop();
+      I32Pop();
+      RefPush(ValueType::Ref(array_index));  // Push the new array.
+      break;
+    }
+
+    case kExprArrayNewElem: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayNewElem, instr.pc);
+      uint32_t array_index =
+          instr.optional.gc_array_new_or_init_data.array_index;
+      EmitI32Const(array_index);
+      uint32_t data_index = instr.optional.gc_array_new_or_init_data.data_index;
+      EmitI32Const(data_index);
+      I32Pop();
+      I32Pop();
+      RefPush(ValueType::Ref(array_index));  // Push the new array.
+      break;
+    }
+
+    case kExprArrayInitData: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayInitData, instr.pc);
+      uint32_t array_index =
+          instr.optional.gc_array_new_or_init_data.array_index;
+      EmitI32Const(array_index);
+      uint32_t data_index = instr.optional.gc_array_new_or_init_data.data_index;
+      EmitI32Const(data_index);
+      I32Pop();  // size
+      I32Pop();  // src offset
+      I32Pop();  // dest offset
+      RefPop();  // array to initialize
+      break;
+    }
+
+    case kExprArrayInitElem: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayInitElem, instr.pc);
+      uint32_t array_index =
+          instr.optional.gc_array_new_or_init_data.array_index;
+      EmitI32Const(array_index);
+      uint32_t data_index = instr.optional.gc_array_new_or_init_data.data_index;
+      EmitI32Const(data_index);
+      I32Pop();  // size
+      I32Pop();  // src offset
+      I32Pop();  // dest offset
+      RefPop();  // array to initialize
+      break;
+    }
+
+    case kExprArrayLen: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayLen, instr.pc);
+      RefPop();
+      I32Push();
+      break;
+    }
+
+    case kExprArrayCopy: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_ArrayCopy, instr.pc);
+      EmitI32Const(instr.optional.gc_array_copy.dest_array_index);
+      EmitI32Const(instr.optional.gc_array_copy.src_array_index);
+      I32Pop();  // size
+      I32Pop();  // src offset
+      RefPop();  // src array
+      I32Pop();  // dest offset
+      RefPop();  // dest array
+      break;
+    }
+
+    case kExprArrayGet:
+    case kExprArrayGetS:
+    case kExprArrayGetU: {
+      bool is_signed = (instr.opcode == wasm::kExprArrayGetS);
+      const ArrayType* array_type = module_->array_type(instr.optional.index);
+      ValueType element_type = array_type->element_type();
+      ValueKind kind = element_type.kind();
+      switch (kind) {
+        case kI8:
+          if (is_signed) {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I8SArrayGet, instr.pc);
+          } else {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I8UArrayGet, instr.pc);
+          }
+          I32Pop();
+          RefPop();
+          I32Push();
+          break;
+        case kI16:
+          if (is_signed) {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I16SArrayGet, instr.pc);
+          } else {
+            EMIT_INSTR_HANDLER_WITH_PC(s2s_I16UArrayGet, instr.pc);
+          }
+          I32Pop();
+          RefPop();
+          I32Push();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32ArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          I32Push();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64ArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          I64Push();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32ArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          F32Push();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64ArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          F64Push();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128ArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          S128Push();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefArrayGet, instr.pc);
+          I32Pop();
+          RefPop();
+          RefPush(element_type);
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprArraySet: {
+      const ArrayType* array_type = module_->array_type(instr.optional.index);
+      ValueKind kind = array_type->element_type().kind();
+      switch (kind) {
+        case kI8:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I8ArraySet, instr.pc);
+          I32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kI16:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I16ArraySet, instr.pc);
+          I32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32ArraySet, instr.pc);
+          I32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64ArraySet, instr.pc);
+          I64Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32ArraySet, instr.pc);
+          F32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64ArraySet, instr.pc);
+          F64Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128ArraySet, instr.pc);
+          S128Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefArraySet, instr.pc);
+          RefPop();
+          I32Pop();
+          RefPop();
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprArrayFill: {
+      const ArrayType* array_type = module_->array_type(instr.optional.index);
+      ValueKind kind = array_type->element_type().kind();
+      switch (kind) {
+        case kI8:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I8ArrayFill, instr.pc);
+          I32Pop();  // The size of the filled slice.
+          I32Pop();  // The value with which to fill the array.
+          I32Pop();  // The offset at which to begin filling.
+          RefPop();  // The array to fill.
+          break;
+        case kI16:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I16ArrayFill, instr.pc);
+          I32Pop();
+          I32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kI32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I32ArrayFill, instr.pc);
+          I32Pop();
+          I32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kI64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_I64ArrayFill, instr.pc);
+          I32Pop();
+          I64Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kF32:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F32ArrayFill, instr.pc);
+          I32Pop();
+          F32Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kF64:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_F64ArrayFill, instr.pc);
+          I32Pop();
+          F64Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kS128:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_S128ArrayFill, instr.pc);
+          I32Pop();
+          S128Pop();
+          I32Pop();
+          RefPop();
+          break;
+        case kRef:
+        case kRefNull:
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefArrayFill, instr.pc);
+          I32Pop();
+          RefPop();
+          I32Pop();
+          RefPop();
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    }
+
+    case kExprRefI31: {
+      EMIT_INSTR_HANDLER(s2s_RefI31);
+      I32Pop();
+      RefPush(ValueType::Ref(HeapType::kI31));
+      break;
+    }
+
+    case kExprI31GetS: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I31GetS, instr.pc);
+      RefPop();
+      I32Push();
+      break;
+    }
+
+    case kExprI31GetU: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I31GetU, instr.pc);
+      RefPop();
+      I32Push();
+      break;
+    }
+
+    case kExprRefCast:
+    case kExprRefCastNull: {
+      bool null_succeeds = (instr.opcode == kExprRefCastNull);
+      HeapType target_type = instr.optional.gc_heap_type_immediate.type();
+      ValueType resulting_value_type = ValueType::RefMaybeNull(
+          target_type, null_succeeds ? kNullable : kNonNullable);
+
+      ValueType obj_type = slots_[stack_.back()].value_type;
+      DCHECK(obj_type.is_object_reference());
+
+      // This logic ensures that code generation can assume that functions
+      // can only be cast to function types, and data objects to data types.
+      if (V8_UNLIKELY(TypeCheckAlwaysSucceeds(obj_type, target_type))) {
+        if (obj_type.is_nullable() && !null_succeeds) {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_AssertNotNullTypecheck, instr.pc);
+          ValueType value_type = RefPop();
+          EmitI32Const(value_type.raw_bit_field());
+          RefPush(resulting_value_type);
+        } else {
+          // Just forward the ref object.
+        }
+      } else if (V8_UNLIKELY(TypeCheckAlwaysFails(obj_type, target_type,
+                                                  null_succeeds))) {
+        // Unrelated types. The only way this will not trap is if the object
+        // is null.
+        if (obj_type.is_nullable() && null_succeeds) {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_AssertNullTypecheck, instr.pc);
+          ValueType value_type = RefPop();
+          EmitI32Const(value_type.raw_bit_field());
+          RefPush(resulting_value_type);
+        } else {
+          // In this case we just trap.
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_TrapIllegalCast, instr.pc);
+        }
+      } else {
+        if (instr.opcode == kExprRefCast) {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefCast, instr.pc);
+        } else {
+          EMIT_INSTR_HANDLER_WITH_PC(s2s_RefCastNull, instr.pc);
+        }
+        EmitI32Const(instr.optional.gc_heap_type_immediate.type_representation);
+        ValueType value_type = RefPop();
+        EmitI32Const(value_type.raw_bit_field());
+        RefPush(resulting_value_type);
+      }
+      break;
+    }
+
+    case kExprRefTest:
+    case kExprRefTestNull: {
+      bool null_succeeds = (instr.opcode == kExprRefTestNull);
+      HeapType target_type = instr.optional.gc_heap_type_immediate.type();
+
+      ValueType obj_type = slots_[stack_.back()].value_type;
+      DCHECK(obj_type.is_object_reference());
+
+      // This logic ensures that code generation can assume that functions
+      // can only be cast to function types, and data objects to data types.
+      if (V8_UNLIKELY(TypeCheckAlwaysSucceeds(obj_type, target_type))) {
+        // Type checking can still fail for null.
+        if (obj_type.is_nullable() && !null_succeeds) {
+          EMIT_INSTR_HANDLER(s2s_RefIsNonNull);
+          RefPop();
+          I32Push();  // bool
+        } else {
+          EMIT_INSTR_HANDLER(s2s_RefTestSucceeds);
+          RefPop();
+          I32Push();  // bool=true
+        }
+      } else if (V8_UNLIKELY(TypeCheckAlwaysFails(obj_type, target_type,
+                                                  null_succeeds))) {
+        EMIT_INSTR_HANDLER(s2s_RefTestFails);
+        RefPop();
+        I32Push();  // bool=false
+      } else {
+        if (instr.opcode == kExprRefTest) {
+          EMIT_INSTR_HANDLER(s2s_RefTest);
+        } else {
+          EMIT_INSTR_HANDLER(s2s_RefTestNull);
+        }
+        EmitI32Const(instr.optional.gc_heap_type_immediate.type_representation);
+        ValueType value_type = RefPop();
+        EmitI32Const(value_type.raw_bit_field());
+        I32Push();  // bool
+      }
+      break;
+    }
+
+    case kExprAnyConvertExtern: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_AnyConvertExtern, instr.pc);
+      ValueType extern_val = RefPop();
+      ValueType intern_type = ValueType::RefMaybeNull(
+          HeapType::kAny, Nullability(extern_val.is_nullable()));
+      RefPush(intern_type);
+      break;
+    }
+
+    case kExprExternConvertAny: {
+      EMIT_INSTR_HANDLER(s2s_ExternConvertAny);
+      ValueType value_type = RefPop();
+      ValueType extern_type = ValueType::RefMaybeNull(
+          HeapType::kExtern, Nullability(value_type.is_nullable()));
+      RefPush(extern_type);
+      break;
+    }
+
+    case kExprMemoryInit:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_MemoryInit, instr.pc);
+      EmitI32Const(instr.optional.index);
+      I32Pop();
+      I32Pop();
+      I32Pop();
+      break;
+
+    case kExprDataDrop:
+      EMIT_INSTR_HANDLER(s2s_DataDrop);
+      EmitI32Const(instr.optional.index);
+      break;
+
+    case kExprMemoryCopy:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_MemoryCopy, instr.pc);
+      I32Pop();
+      I32Pop();
+      I32Pop();
+      break;
+
+    case kExprMemoryFill:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_MemoryFill, instr.pc);
+      I32Pop();
+      I32Pop();
+      I32Pop();
+      break;
+
+    case kExprTableInit:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_TableInit, instr.pc);
+      EmitI32Const(instr.optional.table_init.table_index);
+      EmitI32Const(instr.optional.table_init.element_segment_index);
+      I32Pop();
+      I32Pop();
+      I32Pop();
+      break;
+
+    case kExprElemDrop:
+      EMIT_INSTR_HANDLER(s2s_ElemDrop);
+      EmitI32Const(instr.optional.index);
+      break;
+
+    case kExprTableCopy:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_TableCopy, instr.pc);
+      EmitI32Const(instr.optional.table_copy.dst_table_index);
+      EmitI32Const(instr.optional.table_copy.src_table_index);
+      I32Pop();
+      I32Pop();
+      I32Pop();
+      break;
+
+    case kExprTableGrow:
+      EMIT_INSTR_HANDLER(s2s_TableGrow);
+      EmitI32Const(instr.optional.index);
+      I32Pop();
+      RefPop();
+      I32Push();
+      break;
+
+    case kExprTableSize:
+      EMIT_INSTR_HANDLER(s2s_TableSize);
+      EmitI32Const(instr.optional.index);
+      I32Push();
+      break;
+
+    case kExprTableFill:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_TableFill, instr.pc);
+      EmitI32Const(instr.optional.index);
+      I32Pop();
+      RefPop();
+      I32Pop();
+      break;
+
+    case kExprAtomicNotify:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_AtomicNotify, instr.pc);
+      I32Pop();  // val
+      EmitI64Const(instr.optional.offset);
+      I32Pop();  // memory index
+      I32Push();
+      break;
+
+    case kExprI32AtomicWait:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I32AtomicWait, instr.pc);
+      I64Pop();  // timeout
+      I32Pop();  // val
+      EmitI64Const(instr.optional.offset);
+      I32Pop();  // memory index
+      I32Push();
+      break;
+
+    case kExprI64AtomicWait:
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I64AtomicWait, instr.pc);
+      I64Pop();  // timeout
+      I64Pop();  // val
+      EmitI64Const(instr.optional.offset);
+      I32Pop();  // memory index
+      I32Push();
+      break;
+
+    case kExprAtomicFence:
+      EMIT_INSTR_HANDLER(s2s_AtomicFence);
+      break;
+
+#define ATOMIC_BINOP(name, Type, ctype, type, op_ctype, op_type, operation) \
+  case kExpr##name: {                                                       \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc);                       \
+    op_type##Pop();                                                         \
+    EmitI64Const(instr.optional.offset);                                    \
+    I32Pop();                                                               \
+    op_type##Push();                                                        \
+    return RegMode::kNoReg;                                                 \
+  }
+      FOREACH_ATOMIC_BINOP(ATOMIC_BINOP)
+#undef ATOMIC_BINOP
+
+#define ATOMIC_COMPARE_EXCHANGE_OP(name, Type, ctype, type, op_ctype, op_type) \
+  case kExpr##name: {                                                          \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc);                          \
+    op_type##Pop();                                                            \
+    op_type##Pop();                                                            \
+    EmitI64Const(instr.optional.offset);                                       \
+    I32Pop();                                                                  \
+    op_type##Push();                                                           \
+    return RegMode::kNoReg;                                                    \
+  }
+      FOREACH_ATOMIC_COMPARE_EXCHANGE_OP(ATOMIC_COMPARE_EXCHANGE_OP)
+#undef ATOMIC_COMPARE_EXCHANGE_OP
+
+#define ATOMIC_LOAD_OP(name, Type, ctype, type, op_ctype, op_type) \
+  case kExpr##name: {                                              \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc);              \
+    EmitI64Const(instr.optional.offset);                           \
+    I32Pop();                                                      \
+    op_type##Push();                                               \
+    return RegMode::kNoReg;                                        \
+  }
+      FOREACH_ATOMIC_LOAD_OP(ATOMIC_LOAD_OP)
+#undef ATOMIC_LOAD_OP
+
+#define ATOMIC_STORE_OP(name, Type, ctype, type, op_ctype, op_type) \
+  case kExpr##name: {                                               \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, instr.pc);               \
+    op_type##Pop();                                                 \
+    EmitI64Const(instr.optional.offset);                            \
+    I32Pop();                                                       \
+    return RegMode::kNoReg;                                         \
+  }
+      FOREACH_ATOMIC_STORE_OP(ATOMIC_STORE_OP)
+#undef ATOMIC_STORE_OP
+
+#define SPLAT_CASE(format, stype, valType, op_type, num) \
+  case kExpr##format##Splat: {                           \
+    EMIT_INSTR_HANDLER(s2s_Simd##format##Splat);         \
+    op_type##Pop();                                      \
+    S128Push();                                          \
+    return RegMode::kNoReg;                              \
+  }
+      SPLAT_CASE(F64x2, float64x2, double, F64, 2)
+      SPLAT_CASE(F32x4, float32x4, float, F32, 4)
+      SPLAT_CASE(I64x2, int64x2, int64_t, I64, 2)
+      SPLAT_CASE(I32x4, int32x4, int32_t, I32, 4)
+      SPLAT_CASE(I16x8, int16x8, int32_t, I32, 8)
+      SPLAT_CASE(I8x16, int8x16, int32_t, I32, 16)
+#undef SPLAT_CASE
+
+#define EXTRACT_LANE_CASE(format, stype, op_type, name) \
+  case kExpr##format##ExtractLane: {                    \
+    EMIT_INSTR_HANDLER(s2s_Simd##format##ExtractLane);  \
+    /* emit 8 bits ? */                                 \
+    EmitI16Const(instr.optional.simd_lane);             \
+    S128Pop();                                          \
+    op_type##Push();                                    \
+    return RegMode::kNoReg;                             \
+  }
+      EXTRACT_LANE_CASE(F64x2, float64x2, F64, f64x2)
+      EXTRACT_LANE_CASE(F32x4, float32x4, F32, f32x4)
+      EXTRACT_LANE_CASE(I64x2, int64x2, I64, i64x2)
+      EXTRACT_LANE_CASE(I32x4, int32x4, I32, i32x4)
+#undef EXTRACT_LANE_CASE
+
+#define EXTRACT_LANE_EXTEND_CASE(format, stype, name, sign, extended_type) \
+  case kExpr##format##ExtractLane##sign: {                                 \
+    EMIT_INSTR_HANDLER(s2s_Simd##format##ExtractLane##sign);               \
+    /* emit 8 bits ? */                                                    \
+    EmitI16Const(instr.optional.simd_lane);                                \
+    S128Pop();                                                             \
+    I32Push();                                                             \
+    return RegMode::kNoReg;                                                \
+  }
+      EXTRACT_LANE_EXTEND_CASE(I16x8, int16x8, i16x8, S, int32_t)
+      EXTRACT_LANE_EXTEND_CASE(I16x8, int16x8, i16x8, U, uint32_t)
+      EXTRACT_LANE_EXTEND_CASE(I8x16, int8x16, i8x16, S, int32_t)
+      EXTRACT_LANE_EXTEND_CASE(I8x16, int8x16, i8x16, U, uint32_t)
+#undef EXTRACT_LANE_EXTEND_CASE
+
+#define BINOP_CASE(op, name, stype, count, expr) \
+  case kExpr##op: {                              \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);            \
+    S128Pop();                                   \
+    S128Pop();                                   \
+    S128Push();                                  \
+    return RegMode::kNoReg;                      \
+  }
+      BINOP_CASE(F64x2Add, f64x2, float64x2, 2, a + b)
+      BINOP_CASE(F64x2Sub, f64x2, float64x2, 2, a - b)
+      BINOP_CASE(F64x2Mul, f64x2, float64x2, 2, a * b)
+      BINOP_CASE(F64x2Div, f64x2, float64x2, 2, base::Divide(a, b))
+      BINOP_CASE(F64x2Min, f64x2, float64x2, 2, JSMin(a, b))
+      BINOP_CASE(F64x2Max, f64x2, float64x2, 2, JSMax(a, b))
+      BINOP_CASE(F64x2Pmin, f64x2, float64x2, 2, std::min(a, b))
+      BINOP_CASE(F64x2Pmax, f64x2, float64x2, 2, std::max(a, b))
+      BINOP_CASE(F32x4RelaxedMin, f32x4, float32x4, 4, std::min(a, b))
+      BINOP_CASE(F32x4RelaxedMax, f32x4, float32x4, 4, std::max(a, b))
+      BINOP_CASE(F64x2RelaxedMin, f64x2, float64x2, 2, std::min(a, b))
+      BINOP_CASE(F64x2RelaxedMax, f64x2, float64x2, 2, std::max(a, b))
+      BINOP_CASE(F32x4Add, f32x4, float32x4, 4, a + b)
+      BINOP_CASE(F32x4Sub, f32x4, float32x4, 4, a - b)
+      BINOP_CASE(F32x4Mul, f32x4, float32x4, 4, a * b)
+      BINOP_CASE(F32x4Div, f32x4, float32x4, 4, a / b)
+      BINOP_CASE(F32x4Min, f32x4, float32x4, 4, JSMin(a, b))
+      BINOP_CASE(F32x4Max, f32x4, float32x4, 4, JSMax(a, b))
+      BINOP_CASE(F32x4Pmin, f32x4, float32x4, 4, std::min(a, b))
+      BINOP_CASE(F32x4Pmax, f32x4, float32x4, 4, std::max(a, b))
+      BINOP_CASE(I64x2Add, i64x2, int64x2, 2, base::AddWithWraparound(a, b))
+      BINOP_CASE(I64x2Sub, i64x2, int64x2, 2, base::SubWithWraparound(a, b))
+      BINOP_CASE(I64x2Mul, i64x2, int64x2, 2, base::MulWithWraparound(a, b))
+      BINOP_CASE(I32x4Add, i32x4, int32x4, 4, base::AddWithWraparound(a, b))
+      BINOP_CASE(I32x4Sub, i32x4, int32x4, 4, base::SubWithWraparound(a, b))
+      BINOP_CASE(I32x4Mul, i32x4, int32x4, 4, base::MulWithWraparound(a, b))
+      BINOP_CASE(I32x4MinS, i32x4, int32x4, 4, a < b ? a : b)
+      BINOP_CASE(I32x4MinU, i32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) < static_cast<uint32_t>(b) ? a : b)
+      BINOP_CASE(I32x4MaxS, i32x4, int32x4, 4, a > b ? a : b)
+      BINOP_CASE(I32x4MaxU, i32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) > static_cast<uint32_t>(b) ? a : b)
+      BINOP_CASE(S128And, i32x4, int32x4, 4, a & b)
+      BINOP_CASE(S128Or, i32x4, int32x4, 4, a | b)
+      BINOP_CASE(S128Xor, i32x4, int32x4, 4, a ^ b)
+      BINOP_CASE(S128AndNot, i32x4, int32x4, 4, a & ~b)
+      BINOP_CASE(I16x8Add, i16x8, int16x8, 8, base::AddWithWraparound(a, b))
+      BINOP_CASE(I16x8Sub, i16x8, int16x8, 8, base::SubWithWraparound(a, b))
+      BINOP_CASE(I16x8Mul, i16x8, int16x8, 8, base::MulWithWraparound(a, b))
+      BINOP_CASE(I16x8MinS, i16x8, int16x8, 8, a < b ? a : b)
+      BINOP_CASE(I16x8MinU, i16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) < static_cast<uint16_t>(b) ? a : b)
+      BINOP_CASE(I16x8MaxS, i16x8, int16x8, 8, a > b ? a : b)
+      BINOP_CASE(I16x8MaxU, i16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) > static_cast<uint16_t>(b) ? a : b)
+      BINOP_CASE(I16x8AddSatS, i16x8, int16x8, 8, SaturateAdd<int16_t>(a, b))
+      BINOP_CASE(I16x8AddSatU, i16x8, int16x8, 8, SaturateAdd<uint16_t>(a, b))
+      BINOP_CASE(I16x8SubSatS, i16x8, int16x8, 8, SaturateSub<int16_t>(a, b))
+      BINOP_CASE(I16x8SubSatU, i16x8, int16x8, 8, SaturateSub<uint16_t>(a, b))
+      BINOP_CASE(I16x8RoundingAverageU, i16x8, int16x8, 8,
+                 RoundingAverageUnsigned<uint16_t>(a, b))
+      BINOP_CASE(I16x8Q15MulRSatS, i16x8, int16x8, 8,
+                 SaturateRoundingQMul<int16_t>(a, b))
+      BINOP_CASE(I16x8RelaxedQ15MulRS, i16x8, int16x8, 8,
+                 SaturateRoundingQMul<int16_t>(a, b))
+      BINOP_CASE(I8x16Add, i8x16, int8x16, 16, base::AddWithWraparound(a, b))
+      BINOP_CASE(I8x16Sub, i8x16, int8x16, 16, base::SubWithWraparound(a, b))
+      BINOP_CASE(I8x16MinS, i8x16, int8x16, 16, a < b ? a : b)
+      BINOP_CASE(I8x16MinU, i8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) < static_cast<uint8_t>(b) ? a : b)
+      BINOP_CASE(I8x16MaxS, i8x16, int8x16, 16, a > b ? a : b)
+      BINOP_CASE(I8x16MaxU, i8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) > static_cast<uint8_t>(b) ? a : b)
+      BINOP_CASE(I8x16AddSatS, i8x16, int8x16, 16, SaturateAdd<int8_t>(a, b))
+      BINOP_CASE(I8x16AddSatU, i8x16, int8x16, 16, SaturateAdd<uint8_t>(a, b))
+      BINOP_CASE(I8x16SubSatS, i8x16, int8x16, 16, SaturateSub<int8_t>(a, b))
+      BINOP_CASE(I8x16SubSatU, i8x16, int8x16, 16, SaturateSub<uint8_t>(a, b))
+      BINOP_CASE(I8x16RoundingAverageU, i8x16, int8x16, 16,
+                 RoundingAverageUnsigned<uint8_t>(a, b))
+#undef BINOP_CASE
+
+#define UNOP_CASE(op, name, stype, count, expr) \
+  case kExpr##op: {                             \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);           \
+    S128Pop();                                  \
+    S128Push();                                 \
+    return RegMode::kNoReg;                     \
+  }
+      UNOP_CASE(F64x2Abs, f64x2, float64x2, 2, std::abs(a))
+      UNOP_CASE(F64x2Neg, f64x2, float64x2, 2, -a)
+      UNOP_CASE(F64x2Sqrt, f64x2, float64x2, 2, std::sqrt(a))
+      UNOP_CASE(F64x2Ceil, f64x2, float64x2, 2,
+                (AixFpOpWorkaround<double, &ceil>(a)))
+      UNOP_CASE(F64x2Floor, f64x2, float64x2, 2,
+                (AixFpOpWorkaround<double, &floor>(a)))
+      UNOP_CASE(F64x2Trunc, f64x2, float64x2, 2,
+                (AixFpOpWorkaround<double, &trunc>(a)))
+      UNOP_CASE(F64x2NearestInt, f64x2, float64x2, 2,
+                (AixFpOpWorkaround<double, &nearbyint>(a)))
+      UNOP_CASE(F32x4Abs, f32x4, float32x4, 4, std::abs(a))
+      UNOP_CASE(F32x4Neg, f32x4, float32x4, 4, -a)
+      UNOP_CASE(F32x4Sqrt, f32x4, float32x4, 4, std::sqrt(a))
+      UNOP_CASE(F32x4Ceil, f32x4, float32x4, 4,
+                (AixFpOpWorkaround<float, &ceilf>(a)))
+      UNOP_CASE(F32x4Floor, f32x4, float32x4, 4,
+                (AixFpOpWorkaround<float, &floorf>(a)))
+      UNOP_CASE(F32x4Trunc, f32x4, float32x4, 4,
+                (AixFpOpWorkaround<float, &truncf>(a)))
+      UNOP_CASE(F32x4NearestInt, f32x4, float32x4, 4,
+                (AixFpOpWorkaround<float, &nearbyintf>(a)))
+      UNOP_CASE(I64x2Neg, i64x2, int64x2, 2, base::NegateWithWraparound(a))
+      UNOP_CASE(I32x4Neg, i32x4, int32x4, 4, base::NegateWithWraparound(a))
+      // Use llabs which will work correctly on both 64-bit and 32-bit.
+      UNOP_CASE(I64x2Abs, i64x2, int64x2, 2, std::llabs(a))
+      UNOP_CASE(I32x4Abs, i32x4, int32x4, 4, std::abs(a))
+      UNOP_CASE(S128Not, i32x4, int32x4, 4, ~a)
+      UNOP_CASE(I16x8Neg, i16x8, int16x8, 8, base::NegateWithWraparound(a))
+      UNOP_CASE(I16x8Abs, i16x8, int16x8, 8, std::abs(a))
+      UNOP_CASE(I8x16Neg, i8x16, int8x16, 16, base::NegateWithWraparound(a))
+      UNOP_CASE(I8x16Abs, i8x16, int8x16, 16, std::abs(a))
+      UNOP_CASE(I8x16Popcnt, i8x16, int8x16, 16,
+                base::bits::CountPopulation<uint8_t>(a))
+#undef UNOP_CASE
+
+#define BITMASK_CASE(op, name, stype, count) \
+  case kExpr##op: {                          \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);        \
+    S128Pop();                               \
+    I32Push();                               \
+    return RegMode::kNoReg;                  \
+  }
+      BITMASK_CASE(I8x16BitMask, i8x16, int8x16, 16)
+      BITMASK_CASE(I16x8BitMask, i16x8, int16x8, 8)
+      BITMASK_CASE(I32x4BitMask, i32x4, int32x4, 4)
+      BITMASK_CASE(I64x2BitMask, i64x2, int64x2, 2)
+#undef BITMASK_CASE
+
+#define CMPOP_CASE(op, name, stype, out_stype, count, expr) \
+  case kExpr##op: {                                         \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);                       \
+    S128Pop();                                              \
+    S128Pop();                                              \
+    S128Push();                                             \
+    return RegMode::kNoReg;                                 \
+  }
+      CMPOP_CASE(F64x2Eq, f64x2, float64x2, int64x2, 2, a == b)
+      CMPOP_CASE(F64x2Ne, f64x2, float64x2, int64x2, 2, a != b)
+      CMPOP_CASE(F64x2Gt, f64x2, float64x2, int64x2, 2, a > b)
+      CMPOP_CASE(F64x2Ge, f64x2, float64x2, int64x2, 2, a >= b)
+      CMPOP_CASE(F64x2Lt, f64x2, float64x2, int64x2, 2, a < b)
+      CMPOP_CASE(F64x2Le, f64x2, float64x2, int64x2, 2, a <= b)
+      CMPOP_CASE(F32x4Eq, f32x4, float32x4, int32x4, 4, a == b)
+      CMPOP_CASE(F32x4Ne, f32x4, float32x4, int32x4, 4, a != b)
+      CMPOP_CASE(F32x4Gt, f32x4, float32x4, int32x4, 4, a > b)
+      CMPOP_CASE(F32x4Ge, f32x4, float32x4, int32x4, 4, a >= b)
+      CMPOP_CASE(F32x4Lt, f32x4, float32x4, int32x4, 4, a < b)
+      CMPOP_CASE(F32x4Le, f32x4, float32x4, int32x4, 4, a <= b)
+      CMPOP_CASE(I64x2Eq, i64x2, int64x2, int64x2, 2, a == b)
+      CMPOP_CASE(I64x2Ne, i64x2, int64x2, int64x2, 2, a != b)
+      CMPOP_CASE(I64x2LtS, i64x2, int64x2, int64x2, 2, a < b)
+      CMPOP_CASE(I64x2GtS, i64x2, int64x2, int64x2, 2, a > b)
+      CMPOP_CASE(I64x2LeS, i64x2, int64x2, int64x2, 2, a <= b)
+      CMPOP_CASE(I64x2GeS, i64x2, int64x2, int64x2, 2, a >= b)
+      CMPOP_CASE(I32x4Eq, i32x4, int32x4, int32x4, 4, a == b)
+      CMPOP_CASE(I32x4Ne, i32x4, int32x4, int32x4, 4, a != b)
+      CMPOP_CASE(I32x4GtS, i32x4, int32x4, int32x4, 4, a > b)
+      CMPOP_CASE(I32x4GeS, i32x4, int32x4, int32x4, 4, a >= b)
+      CMPOP_CASE(I32x4LtS, i32x4, int32x4, int32x4, 4, a < b)
+      CMPOP_CASE(I32x4LeS, i32x4, int32x4, int32x4, 4, a <= b)
+      CMPOP_CASE(I32x4GtU, i32x4, int32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) > static_cast<uint32_t>(b))
+      CMPOP_CASE(I32x4GeU, i32x4, int32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) >= static_cast<uint32_t>(b))
+      CMPOP_CASE(I32x4LtU, i32x4, int32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) < static_cast<uint32_t>(b))
+      CMPOP_CASE(I32x4LeU, i32x4, int32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) <= static_cast<uint32_t>(b))
+      CMPOP_CASE(I16x8Eq, i16x8, int16x8, int16x8, 8, a == b)
+      CMPOP_CASE(I16x8Ne, i16x8, int16x8, int16x8, 8, a != b)
+      CMPOP_CASE(I16x8GtS, i16x8, int16x8, int16x8, 8, a > b)
+      CMPOP_CASE(I16x8GeS, i16x8, int16x8, int16x8, 8, a >= b)
+      CMPOP_CASE(I16x8LtS, i16x8, int16x8, int16x8, 8, a < b)
+      CMPOP_CASE(I16x8LeS, i16x8, int16x8, int16x8, 8, a <= b)
+      CMPOP_CASE(I16x8GtU, i16x8, int16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) > static_cast<uint16_t>(b))
+      CMPOP_CASE(I16x8GeU, i16x8, int16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) >= static_cast<uint16_t>(b))
+      CMPOP_CASE(I16x8LtU, i16x8, int16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) < static_cast<uint16_t>(b))
+      CMPOP_CASE(I16x8LeU, i16x8, int16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) <= static_cast<uint16_t>(b))
+      CMPOP_CASE(I8x16Eq, i8x16, int8x16, int8x16, 16, a == b)
+      CMPOP_CASE(I8x16Ne, i8x16, int8x16, int8x16, 16, a != b)
+      CMPOP_CASE(I8x16GtS, i8x16, int8x16, int8x16, 16, a > b)
+      CMPOP_CASE(I8x16GeS, i8x16, int8x16, int8x16, 16, a >= b)
+      CMPOP_CASE(I8x16LtS, i8x16, int8x16, int8x16, 16, a < b)
+      CMPOP_CASE(I8x16LeS, i8x16, int8x16, int8x16, 16, a <= b)
+      CMPOP_CASE(I8x16GtU, i8x16, int8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) > static_cast<uint8_t>(b))
+      CMPOP_CASE(I8x16GeU, i8x16, int8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) >= static_cast<uint8_t>(b))
+      CMPOP_CASE(I8x16LtU, i8x16, int8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) < static_cast<uint8_t>(b))
+      CMPOP_CASE(I8x16LeU, i8x16, int8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) <= static_cast<uint8_t>(b))
+#undef CMPOP_CASE
+
+#define REPLACE_LANE_CASE(format, name, stype, ctype, op_type) \
+  case kExpr##format##ReplaceLane: {                           \
+    EMIT_INSTR_HANDLER(s2s_Simd##format##ReplaceLane);         \
+    /* emit 8 bits ? */                                        \
+    EmitI16Const(instr.optional.simd_lane);                    \
+    op_type##Pop();                                            \
+    S128Pop();                                                 \
+    S128Push();                                                \
+    return RegMode::kNoReg;                                    \
+  }
+      REPLACE_LANE_CASE(F64x2, f64x2, float64x2, double, F64)
+      REPLACE_LANE_CASE(F32x4, f32x4, float32x4, float, F32)
+      REPLACE_LANE_CASE(I64x2, i64x2, int64x2, int64_t, I64)
+      REPLACE_LANE_CASE(I32x4, i32x4, int32x4, int32_t, I32)
+      REPLACE_LANE_CASE(I16x8, i16x8, int16x8, int32_t, I32)
+      REPLACE_LANE_CASE(I8x16, i8x16, int8x16, int32_t, I32)
+#undef REPLACE_LANE_CASE
+
+    case kExprS128LoadMem: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128LoadMem, instr.pc);
+      EmitI64Const(instr.optional.offset);
+      I32Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprS128StoreMem: {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128StoreMem, instr.pc);
+      S128Pop();
+      EmitI64Const(instr.optional.offset);
+      I32Pop();
+      return RegMode::kNoReg;
+    }
+
+#define SHIFT_CASE(op, name, stype, count, expr) \
+  case kExpr##op: {                              \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);            \
+    I32Pop();                                    \
+    S128Pop();                                   \
+    S128Push();                                  \
+    return RegMode::kNoReg;                      \
+  }
+      SHIFT_CASE(I64x2Shl, i64x2, int64x2, 2,
+                 static_cast<uint64_t>(a) << (shift % 64))
+      SHIFT_CASE(I64x2ShrS, i64x2, int64x2, 2, a >> (shift % 64))
+      SHIFT_CASE(I64x2ShrU, i64x2, int64x2, 2,
+                 static_cast<uint64_t>(a) >> (shift % 64))
+      SHIFT_CASE(I32x4Shl, i32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) << (shift % 32))
+      SHIFT_CASE(I32x4ShrS, i32x4, int32x4, 4, a >> (shift % 32))
+      SHIFT_CASE(I32x4ShrU, i32x4, int32x4, 4,
+                 static_cast<uint32_t>(a) >> (shift % 32))
+      SHIFT_CASE(I16x8Shl, i16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) << (shift % 16))
+      SHIFT_CASE(I16x8ShrS, i16x8, int16x8, 8, a >> (shift % 16))
+      SHIFT_CASE(I16x8ShrU, i16x8, int16x8, 8,
+                 static_cast<uint16_t>(a) >> (shift % 16))
+      SHIFT_CASE(I8x16Shl, i8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) << (shift % 8))
+      SHIFT_CASE(I8x16ShrS, i8x16, int8x16, 16, a >> (shift % 8))
+      SHIFT_CASE(I8x16ShrU, i8x16, int8x16, 16,
+                 static_cast<uint8_t>(a) >> (shift % 8))
+#undef SHIFT_CASE
+
+#define EXT_MUL_CASE(op)              \
+  case kExpr##op: {                   \
+    EMIT_INSTR_HANDLER(s2s_Simd##op); \
+    S128Pop();                        \
+    S128Pop();                        \
+    S128Push();                       \
+    return RegMode::kNoReg;           \
+  }
+      EXT_MUL_CASE(I16x8ExtMulLowI8x16S)
+      EXT_MUL_CASE(I16x8ExtMulHighI8x16S)
+      EXT_MUL_CASE(I16x8ExtMulLowI8x16U)
+      EXT_MUL_CASE(I16x8ExtMulHighI8x16U)
+      EXT_MUL_CASE(I32x4ExtMulLowI16x8S)
+      EXT_MUL_CASE(I32x4ExtMulHighI16x8S)
+      EXT_MUL_CASE(I32x4ExtMulLowI16x8U)
+      EXT_MUL_CASE(I32x4ExtMulHighI16x8U)
+      EXT_MUL_CASE(I64x2ExtMulLowI32x4S)
+      EXT_MUL_CASE(I64x2ExtMulHighI32x4S)
+      EXT_MUL_CASE(I64x2ExtMulLowI32x4U)
+      EXT_MUL_CASE(I64x2ExtMulHighI32x4U)
+#undef EXT_MUL_CASE
+
+#define CONVERT_CASE(op, src_type, name, dst_type, count, start_index, ctype, \
+                     expr)                                                    \
+  case kExpr##op: {                                                           \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);                                         \
+    S128Pop();                                                                \
+    S128Push();                                                               \
+    return RegMode::kNoReg;                                                   \
+  }
+      CONVERT_CASE(F32x4SConvertI32x4, int32x4, i32x4, float32x4, 4, 0, int32_t,
+                   static_cast<float>(a))
+      CONVERT_CASE(F32x4UConvertI32x4, int32x4, i32x4, float32x4, 4, 0,
+                   uint32_t, static_cast<float>(a))
+      CONVERT_CASE(I32x4SConvertF32x4, float32x4, f32x4, int32x4, 4, 0, float,
+                   base::saturated_cast<int32_t>(a))
+      CONVERT_CASE(I32x4UConvertF32x4, float32x4, f32x4, int32x4, 4, 0, float,
+                   base::saturated_cast<uint32_t>(a))
+      CONVERT_CASE(I32x4RelaxedTruncF32x4S, float32x4, f32x4, int32x4, 4, 0,
+                   float, base::saturated_cast<int32_t>(a))
+      CONVERT_CASE(I32x4RelaxedTruncF32x4U, float32x4, f32x4, int32x4, 4, 0,
+                   float, base::saturated_cast<uint32_t>(a))
+      CONVERT_CASE(I64x2SConvertI32x4Low, int32x4, i32x4, int64x2, 2, 0,
+                   int32_t, a)
+      CONVERT_CASE(I64x2SConvertI32x4High, int32x4, i32x4, int64x2, 2, 2,
+                   int32_t, a)
+      CONVERT_CASE(I64x2UConvertI32x4Low, int32x4, i32x4, int64x2, 2, 0,
+                   uint32_t, a)
+      CONVERT_CASE(I64x2UConvertI32x4High, int32x4, i32x4, int64x2, 2, 2,
+                   uint32_t, a)
+      CONVERT_CASE(I32x4SConvertI16x8High, int16x8, i16x8, int32x4, 4, 4,
+                   int16_t, a)
+      CONVERT_CASE(I32x4UConvertI16x8High, int16x8, i16x8, int32x4, 4, 4,
+                   uint16_t, a)
+      CONVERT_CASE(I32x4SConvertI16x8Low, int16x8, i16x8, int32x4, 4, 0,
+                   int16_t, a)
+      CONVERT_CASE(I32x4UConvertI16x8Low, int16x8, i16x8, int32x4, 4, 0,
+                   uint16_t, a)
+      CONVERT_CASE(I16x8SConvertI8x16High, int8x16, i8x16, int16x8, 8, 8,
+                   int8_t, a)
+      CONVERT_CASE(I16x8UConvertI8x16High, int8x16, i8x16, int16x8, 8, 8,
+                   uint8_t, a)
+      CONVERT_CASE(I16x8SConvertI8x16Low, int8x16, i8x16, int16x8, 8, 0, int8_t,
+                   a)
+      CONVERT_CASE(I16x8UConvertI8x16Low, int8x16, i8x16, int16x8, 8, 0,
+                   uint8_t, a)
+      CONVERT_CASE(F64x2ConvertLowI32x4S, int32x4, i32x4, float64x2, 2, 0,
+                   int32_t, static_cast<double>(a))
+      CONVERT_CASE(F64x2ConvertLowI32x4U, int32x4, i32x4, float64x2, 2, 0,
+                   uint32_t, static_cast<double>(a))
+      CONVERT_CASE(I32x4TruncSatF64x2SZero, float64x2, f64x2, int32x4, 2, 0,
+                   double, base::saturated_cast<int32_t>(a))
+      CONVERT_CASE(I32x4TruncSatF64x2UZero, float64x2, f64x2, int32x4, 2, 0,
+                   double, base::saturated_cast<uint32_t>(a))
+      CONVERT_CASE(I32x4RelaxedTruncF64x2SZero, float64x2, f64x2, int32x4, 2, 0,
+                   double, base::saturated_cast<int32_t>(a))
+      CONVERT_CASE(I32x4RelaxedTruncF64x2UZero, float64x2, f64x2, int32x4, 2, 0,
+                   double, base::saturated_cast<uint32_t>(a))
+      CONVERT_CASE(F32x4DemoteF64x2Zero, float64x2, f64x2, float32x4, 2, 0,
+                   float, DoubleToFloat32(a))
+      CONVERT_CASE(F64x2PromoteLowF32x4, float32x4, f32x4, float64x2, 2, 0,
+                   float, static_cast<double>(a))
+#undef CONVERT_CASE
+
+#define PACK_CASE(op, src_type, name, dst_type, count, dst_ctype) \
+  case kExpr##op: {                                               \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);                             \
+    S128Pop();                                                    \
+    S128Pop();                                                    \
+    S128Push();                                                   \
+    return RegMode::kNoReg;                                       \
+  }
+      PACK_CASE(I16x8SConvertI32x4, int32x4, i32x4, int16x8, 8, int16_t)
+      PACK_CASE(I16x8UConvertI32x4, int32x4, i32x4, int16x8, 8, uint16_t)
+      PACK_CASE(I8x16SConvertI16x8, int16x8, i16x8, int8x16, 16, int8_t)
+      PACK_CASE(I8x16UConvertI16x8, int16x8, i16x8, int8x16, 16, uint8_t)
+#undef PACK_CASE
+
+#define SELECT_CASE(op)               \
+  case kExpr##op: {                   \
+    EMIT_INSTR_HANDLER(s2s_Simd##op); \
+    S128Pop();                        \
+    S128Pop();                        \
+    S128Pop();                        \
+    S128Push();                       \
+    return RegMode::kNoReg;           \
+  }
+      SELECT_CASE(I8x16RelaxedLaneSelect)
+      SELECT_CASE(I16x8RelaxedLaneSelect)
+      SELECT_CASE(I32x4RelaxedLaneSelect)
+      SELECT_CASE(I64x2RelaxedLaneSelect)
+      SELECT_CASE(S128Select)
+#undef SELECT_CASE
+
+    case kExprI32x4DotI16x8S: {
+      EMIT_INSTR_HANDLER(s2s_SimdI32x4DotI16x8S);
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprS128Const: {
+      PushConstSlot<Simd128>(
+          simd_immediates_[instr.optional.simd_immediate_index]);
+      return RegMode::kNoReg;
+    }
+
+    case kExprI16x8DotI8x16I7x16S: {
+      EMIT_INSTR_HANDLER(s2s_SimdI16x8DotI8x16I7x16S);
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprI32x4DotI8x16I7x16AddS: {
+      EMIT_INSTR_HANDLER(s2s_SimdI32x4DotI8x16I7x16AddS);
+      S128Pop();
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprI8x16RelaxedSwizzle: {
+      EMIT_INSTR_HANDLER(s2s_SimdI8x16RelaxedSwizzle);
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprI8x16Swizzle: {
+      EMIT_INSTR_HANDLER(s2s_SimdI8x16Swizzle);
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprI8x16Shuffle: {
+      uint32_t slot_index = CreateConstSlot(
+          simd_immediates_[instr.optional.simd_immediate_index]);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      TracePushConstSlot(slot_index);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+      EMIT_INSTR_HANDLER(s2s_SimdI8x16Shuffle);
+      PushSlot(slot_index);
+      S128Pop();
+      S128Pop();
+      S128Pop();
+      S128Push();
+      return RegMode::kNoReg;
+    }
+
+    case kExprV128AnyTrue: {
+      EMIT_INSTR_HANDLER(s2s_SimdV128AnyTrue);
+      S128Pop();
+      I32Push();
+      return RegMode::kNoReg;
+    }
+
+#define REDUCTION_CASE(op, name, stype, count, operation) \
+  case kExpr##op: {                                       \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);                     \
+    S128Pop();                                            \
+    I32Push();                                            \
+    return RegMode::kNoReg;                               \
+  }
+      REDUCTION_CASE(I64x2AllTrue, i64x2, int64x2, 2, &)
+      REDUCTION_CASE(I32x4AllTrue, i32x4, int32x4, 4, &)
+      REDUCTION_CASE(I16x8AllTrue, i16x8, int16x8, 8, &)
+      REDUCTION_CASE(I8x16AllTrue, i8x16, int8x16, 16, &)
+#undef REDUCTION_CASE
+
+#define QFM_CASE(op, name, stype, count, operation) \
+  case kExpr##op: {                                 \
+    EMIT_INSTR_HANDLER(s2s_Simd##op);               \
+    S128Pop();                                      \
+    S128Pop();                                      \
+    S128Pop();                                      \
+    S128Push();                                     \
+    return RegMode::kNoReg;                         \
+  }
+      QFM_CASE(F32x4Qfma, f32x4, float32x4, 4, +)
+      QFM_CASE(F32x4Qfms, f32x4, float32x4, 4, -)
+      QFM_CASE(F64x2Qfma, f64x2, float64x2, 2, +)
+      QFM_CASE(F64x2Qfms, f64x2, float64x2, 2, -)
+#undef QFM_CASE
+
+#define LOAD_SPLAT_CASE(op)                                 \
+  case kExprS128##op: {                                     \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128##op, instr.pc); \
+    EmitI64Const(instr.optional.offset);                    \
+    I32Pop();                                               \
+    S128Push();                                             \
+    return RegMode::kNoReg;                                 \
+  }
+      LOAD_SPLAT_CASE(Load8Splat)
+      LOAD_SPLAT_CASE(Load16Splat)
+      LOAD_SPLAT_CASE(Load32Splat)
+      LOAD_SPLAT_CASE(Load64Splat)
+#undef LOAD_SPLAT_CASE
+
+#define LOAD_EXTEND_CASE(op)                                \
+  case kExprS128##op: {                                     \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128##op, instr.pc); \
+    EmitI64Const(instr.optional.offset);                    \
+    I32Pop();                                               \
+    S128Push();                                             \
+    return RegMode::kNoReg;                                 \
+  }
+      LOAD_EXTEND_CASE(Load8x8S)
+      LOAD_EXTEND_CASE(Load8x8U)
+      LOAD_EXTEND_CASE(Load16x4S)
+      LOAD_EXTEND_CASE(Load16x4U)
+      LOAD_EXTEND_CASE(Load32x2S)
+      LOAD_EXTEND_CASE(Load32x2U)
+#undef LOAD_EXTEND_CASE
+
+#define LOAD_ZERO_EXTEND_CASE(op, load_type)                \
+  case kExprS128##op: {                                     \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128##op, instr.pc); \
+    EmitI64Const(instr.optional.offset);                    \
+    I32Pop();                                               \
+    S128Push();                                             \
+    return RegMode::kNoReg;                                 \
+  }
+      LOAD_ZERO_EXTEND_CASE(Load32Zero, I32)
+      LOAD_ZERO_EXTEND_CASE(Load64Zero, I64)
+#undef LOAD_ZERO_EXTEND_CASE
+
+#define LOAD_LANE_CASE(op)                                   \
+  case kExprS128##op: {                                      \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128##op, instr.pc);  \
+    S128Pop();                                               \
+    EmitI64Const(instr.optional.simd_loadstore_lane.offset); \
+    I32Pop();                                                \
+    /* emit 8 bits ? */                                      \
+    EmitI16Const(instr.optional.simd_loadstore_lane.lane);   \
+    S128Push();                                              \
+    return RegMode::kNoReg;                                  \
+  }
+      LOAD_LANE_CASE(Load8Lane)
+      LOAD_LANE_CASE(Load16Lane)
+      LOAD_LANE_CASE(Load32Lane)
+      LOAD_LANE_CASE(Load64Lane)
+#undef LOAD_LANE_CASE
+
+#define STORE_LANE_CASE(op)                                  \
+  case kExprS128##op: {                                      \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_SimdS128##op, instr.pc);  \
+    S128Pop();                                               \
+    EmitI64Const(instr.optional.simd_loadstore_lane.offset); \
+    I32Pop();                                                \
+    /* emit 8 bits ? */                                      \
+    EmitI16Const(instr.optional.simd_loadstore_lane.lane);   \
+    return RegMode::kNoReg;                                  \
+  }
+      STORE_LANE_CASE(Store8Lane)
+      STORE_LANE_CASE(Store16Lane)
+      STORE_LANE_CASE(Store32Lane)
+      STORE_LANE_CASE(Store64Lane)
+#undef STORE_LANE_CASE
+
+#define EXT_ADD_PAIRWISE_CASE(op)     \
+  case kExpr##op: {                   \
+    EMIT_INSTR_HANDLER(s2s_Simd##op); \
+    S128Pop();                        \
+    S128Push();                       \
+    return RegMode::kNoReg;           \
+  }
+      EXT_ADD_PAIRWISE_CASE(I32x4ExtAddPairwiseI16x8S)
+      EXT_ADD_PAIRWISE_CASE(I32x4ExtAddPairwiseI16x8U)
+      EXT_ADD_PAIRWISE_CASE(I16x8ExtAddPairwiseI8x16S)
+      EXT_ADD_PAIRWISE_CASE(I16x8ExtAddPairwiseI8x16U)
+#undef EXT_ADD_PAIRWISE_CASE
+
+    default:
+      FATAL("Unknown or unimplemented opcode #%d:%s",
+            wasm_code_->start[instr.pc],
+            WasmOpcodes::OpcodeName(
+                static_cast<WasmOpcode>(wasm_code_->start[instr.pc])));
+      UNREACHABLE();
+  }
+
+  return RegMode::kNoReg;
+}
+
+bool WasmBytecodeGenerator::EncodeSuperInstruction(
+    RegMode& reg_mode, const WasmInstruction& curr_instr,
+    const WasmInstruction& next_instr) {
+  if (curr_instr.orig >= kExprI32LoadMem &&
+      curr_instr.orig <= kExprI64LoadMem32U &&
+      next_instr.orig == kExprLocalSet) {
+    // Do not optimize if we are updating a shared slot.
+    uint32_t to_stack_index = next_instr.optional.index;
+    if (HasSharedSlot(to_stack_index)) return false;
+
+    switch (curr_instr.orig) {
+// The implementation of r2s_LoadMem_LocalSet is identical to the
+// implementation of r2s_LoadMem, so we can reuse the same builtin.
+#define LOAD_CASE(name, ctype, mtype, rep, type)                        \
+  case kExpr##name: {                                                   \
+    if (reg_mode == RegMode::kNoReg) {                                  \
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_##name##_LocalSet, curr_instr.pc); \
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));  \
+      I32Pop();                                                         \
+      EmitI32Const(slots_[stack_[to_stack_index]].slot_offset);         \
+      reg_mode = RegMode::kNoReg;                                       \
+    } else {                                                            \
+      EMIT_INSTR_HANDLER_WITH_PC(r2s_##name, curr_instr.pc);            \
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));  \
+      EmitI32Const(slots_[stack_[to_stack_index]].slot_offset);         \
+      reg_mode = RegMode::kNoReg;                                       \
+    }                                                                   \
+    return true;                                                        \
+  }
+      LOAD_CASE(I32LoadMem8S, int32_t, int8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem8U, int32_t, uint8_t, kWord8, I32);
+      LOAD_CASE(I32LoadMem16S, int32_t, int16_t, kWord16, I32);
+      LOAD_CASE(I32LoadMem16U, int32_t, uint16_t, kWord16, I32);
+      LOAD_CASE(I64LoadMem8S, int64_t, int8_t, kWord8, I64);
+      LOAD_CASE(I64LoadMem8U, int64_t, uint8_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16S, int64_t, int16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem16U, int64_t, uint16_t, kWord16, I64);
+      LOAD_CASE(I64LoadMem32S, int64_t, int32_t, kWord32, I64);
+      LOAD_CASE(I64LoadMem32U, int64_t, uint32_t, kWord32, I64);
+      LOAD_CASE(I32LoadMem, int32_t, int32_t, kWord32, I32);
+      LOAD_CASE(I64LoadMem, int64_t, int64_t, kWord64, I64);
+      LOAD_CASE(F32LoadMem, Float32, uint32_t, kFloat32, F32);
+      LOAD_CASE(F64LoadMem, Float64, uint64_t, kFloat64, F64);
+#undef LOAD_CASE
+
+      default:
+        return false;
+    }
+  } else if (curr_instr.orig == kExprI32LoadMem &&
+             next_instr.orig == kExprI32StoreMem) {
+    if (reg_mode == RegMode::kNoReg) {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I32LoadStoreMem, curr_instr.pc);
+      EmitI64Const(
+          static_cast<uint64_t>(curr_instr.optional.offset));  // load_offset
+      I32Pop();                                                // load_index
+    } else {
+      EMIT_INSTR_HANDLER_WITH_PC(r2s_I32LoadStoreMem, curr_instr.pc);
+      EmitI64Const(
+          static_cast<uint64_t>(curr_instr.optional.offset));  // load_offset
+    }
+    EmitI64Const(
+        static_cast<uint64_t>(next_instr.optional.offset));  // store_offset
+    I32Pop();                                                // store_index
+    reg_mode = RegMode::kNoReg;
+    return true;
+  } else if (curr_instr.orig == kExprI64LoadMem &&
+             next_instr.orig == kExprI64StoreMem) {
+    if (reg_mode == RegMode::kNoReg) {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_I64LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+      I32Pop();
+    } else {
+      EMIT_INSTR_HANDLER_WITH_PC(r2s_I64LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+    }
+    EmitI64Const(static_cast<uint64_t>(next_instr.optional.offset));
+    I32Pop();
+    reg_mode = RegMode::kNoReg;
+    return true;
+  } else if (curr_instr.orig == kExprF32LoadMem &&
+             next_instr.orig == kExprF32StoreMem) {
+    if (reg_mode == RegMode::kNoReg) {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_F32LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+      I32Pop();
+    } else {
+      EMIT_INSTR_HANDLER_WITH_PC(r2s_F32LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+    }
+    EmitI64Const(static_cast<uint64_t>(next_instr.optional.offset));
+    I32Pop();
+    reg_mode = RegMode::kNoReg;
+    return true;
+  } else if (curr_instr.orig == kExprF64LoadMem &&
+             next_instr.orig == kExprF64StoreMem) {
+    if (reg_mode == RegMode::kNoReg) {
+      EMIT_INSTR_HANDLER_WITH_PC(s2s_F64LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+      I32Pop();
+    } else {
+      EMIT_INSTR_HANDLER_WITH_PC(r2s_F64LoadStoreMem, curr_instr.pc);
+      EmitI64Const(static_cast<uint64_t>(curr_instr.optional.offset));
+    }
+    EmitI64Const(static_cast<uint64_t>(next_instr.optional.offset));
+    I32Pop();
+    reg_mode = RegMode::kNoReg;
+    return true;
+  } else if (curr_instr.orig >= kExprI32Const &&
+             curr_instr.orig <= kExprF32Const &&
+             next_instr.orig == kExprLocalSet) {
+    uint32_t to_stack_index = next_instr.optional.index;
+    switch (curr_instr.orig) {
+      case kExprI32Const: {
+        uint32_t from_slot_index =
+            CreateConstSlot<int32_t>(curr_instr.optional.i32);
+        CopyToSlot(kWasmI32, from_slot_index, to_stack_index, false);
+        reg_mode = RegMode::kNoReg;
+        return true;
+      }
+      case kExprI64Const: {
+        uint32_t from_slot_index =
+            CreateConstSlot<int64_t>(curr_instr.optional.i64);
+        CopyToSlot(kWasmI64, from_slot_index, to_stack_index, false);
+        reg_mode = RegMode::kNoReg;
+        return true;
+      }
+      case kExprF32Const: {
+        uint32_t from_slot_index =
+            CreateConstSlot<float>(curr_instr.optional.f32);
+        CopyToSlot(kWasmF32, from_slot_index, to_stack_index, false);
+        reg_mode = RegMode::kNoReg;
+        return true;
+      }
+      case kExprF64Const: {
+        uint32_t from_slot_index =
+            CreateConstSlot<double>(curr_instr.optional.f64);
+        CopyToSlot(kWasmF64, from_slot_index, to_stack_index, false);
+        reg_mode = RegMode::kNoReg;
+        return true;
+      }
+      default:
+        return false;
+    }
+  } else if (curr_instr.orig == kExprLocalGet &&
+             next_instr.orig >= kExprI32StoreMem &&
+             next_instr.orig <= kExprI64StoreMem32) {
+    switch (next_instr.orig) {
+// The implementation of r2s_LocalGet_StoreMem is identical to the
+// implementation of r2s_StoreMem, so we can reuse the same builtin.
+#define STORE_CASE(name, ctype, mtype, rep, type)                        \
+  case kExpr##name: {                                                    \
+    EMIT_INSTR_HANDLER_WITH_PC(s2s_##name, curr_instr.pc);               \
+    EmitI32Const(slots_[stack_[curr_instr.optional.index]].slot_offset); \
+    EmitI64Const(static_cast<uint64_t>(next_instr.optional.offset));     \
+    I32Pop();                                                            \
+    reg_mode = RegMode::kNoReg;                                          \
+    return true;                                                         \
+  }
+      STORE_CASE(I32StoreMem8, int32_t, int8_t, kWord8, I32);
+      STORE_CASE(I32StoreMem16, int32_t, int16_t, kWord16, I32);
+      STORE_CASE(I64StoreMem8, int64_t, int8_t, kWord8, I64);
+      STORE_CASE(I64StoreMem16, int64_t, int16_t, kWord16, I64);
+      STORE_CASE(I64StoreMem32, int64_t, int32_t, kWord32, I64);
+      STORE_CASE(I32StoreMem, int32_t, int32_t, kWord32, I32);
+      STORE_CASE(I64StoreMem, int64_t, int64_t, kWord64, I64);
+      STORE_CASE(F32StoreMem, Float32, uint32_t, kFloat32, F32);
+      STORE_CASE(F64StoreMem, Float64, uint64_t, kFloat64, F64);
+#undef STORE_CASE
+
+      default:
+        return false;
+    }
+  }
+
+  return false;
+}
+
+std::unique_ptr<WasmBytecode> WasmBytecodeGenerator::GenerateBytecode() {
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  if (v8_flags.trace_drumbrake_bytecode_generator) {
+    printf("\nGenerate bytecode for function: %d\n", function_index_);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  uint32_t const_slots = ScanConstInstructions();
+  const_slots_values_.resize(const_slots * kSlotSize);
+
+  pc_t pc = wasm_code_->locals.encoded_size;
+  RegMode reg_mode = RegMode::kNoReg;
+
+  Decoder decoder(wasm_code_->start, wasm_code_->end);
+
+  current_block_index_ = -1;
+
+  // Init stack_ with return values, args and local types.
+
+  for (uint32_t index = 0; index < return_count_; index++) {
+    CreateSlot(wasm_code_->function->sig->GetReturn(index));
+  }
+
+  for (uint32_t index = 0; index < args_count_; index++) {
+    _PushSlot(wasm_code_->function->sig->GetParam(index));
+  }
+
+  // Reserve space for const slots
+  slot_offset_ += const_slots;
+
+  for (uint32_t index = 0; index < wasm_code_->locals.num_locals; index++) {
+    _PushSlot(wasm_code_->locals.local_types[index]);
+  }
+
+  current_block_index_ =
+      BeginBlock(kExprBlock, {wasm_code_->function->sig_index, kBottom});
+
+  WasmInstruction curr_instr;
+  WasmInstruction next_instr;
+
+  pc_t limit = wasm_code_->end - wasm_code_->start;
+  while (pc < limit) {
+    DCHECK_NOT_NULL(wasm_code_->start);
+
+    if (!curr_instr) {
+      curr_instr = DecodeInstruction(pc, decoder);
+      if (curr_instr) pc += curr_instr.length;
+    }
+    if (!curr_instr) break;
+    DCHECK(!next_instr);
+    next_instr = DecodeInstruction(pc, decoder);
+    if (next_instr) pc += next_instr.length;
+
+    if (next_instr) {
+      if (v8_flags.drumbrake_super_instructions && is_instruction_reachable_ &&
+          EncodeSuperInstruction(reg_mode, curr_instr, next_instr)) {
+        curr_instr = {};
+        next_instr = {};
+      } else {
+        reg_mode =
+            EncodeInstruction(curr_instr, reg_mode, next_instr.InputRegMode());
+        curr_instr = next_instr;
+        next_instr = {};
+      }
+    } else {
+      reg_mode = EncodeInstruction(curr_instr, reg_mode, RegMode::kNoReg);
+      curr_instr = {};
+    }
+
+    if (pc == limit && curr_instr) {
+      reg_mode = EncodeInstruction(curr_instr, reg_mode, RegMode::kNoReg);
+    }
+  }
+
+  PatchLoopJumpInstructions();
+  PatchBranchOffsets();
+
+  return std::make_unique<WasmBytecode>(
+      function_index_, code_.data(), code_.size(), slot_offset_,
+      module_->functions[function_index_].sig, wasm_code_, blocks_.size(),
+      const_slots_values_.data(), const_slots_values_.size(), ref_slots_count_,
+      std::move(eh_data_), std::move(code_pc_map_));
+}
+
+int32_t WasmBytecodeGenerator::BeginBlock(
+    WasmOpcode opcode, const WasmInstruction::Optional::Block signature) {
+  if (opcode == kExprLoop) {
+    last_instr_offset_ = kInvalidCodeOffset;
+  }
+
+  int32_t block_index = static_cast<int32_t>(blocks_.size());
+  uint32_t stack_size = this->stack_size();
+
+  uint32_t first_block_index = 0;
+  size_t rets_slots_count = 0;
+  size_t params_slots_count = 0;
+  if (block_index > 0 && (opcode != kExprElse && opcode != kExprCatch &&
+                          opcode != kExprCatchAll)) {
+    first_block_index = ReserveBlockSlots(opcode, signature, &rets_slots_count,
+                                          &params_slots_count);
+  }
+
+  uint32_t parent_block_index = current_block_index_;
+  if (opcode == kExprCatch || opcode == kExprCatchAll) {
+    parent_block_index =
+        blocks_[eh_data_.GetCurrentTryBlockIndex()].parent_block_index_;
+  }
+
+  blocks_.emplace_back(opcode, CurrentCodePos(), parent_block_index, stack_size,
+                       signature, first_block_index, rets_slots_count,
+                       params_slots_count, eh_data_.GetCurrentTryBlockIndex());
+  current_block_index_ = block_index;
+
+  if (opcode == kExprIf && params_slots_count > 0) {
+    DCHECK_GE(stack_size, params_slots_count);
+    blocks_.back().SaveParams(&stack_[stack_size - params_slots_count],
+                              params_slots_count);
+  }
+
+  if (opcode == kExprLoop) {
+    StoreBlockParamsIntoSlots(current_block_index_, true);
+    blocks_[current_block_index_].begin_code_offset_ = CurrentCodePos();
+    last_instr_offset_ = kInvalidCodeOffset;
+  }
+  return current_block_index_;
+}
+
+int WasmBytecodeGenerator::GetCurrentTryBlockIndex(
+    bool return_matching_try_for_catch_blocks) const {
+  DCHECK_GE(current_block_index_, 0);
+  int index = current_block_index_;
+  while (index >= 0) {
+    const auto& block = blocks_[index];
+    if (block.IsTry()) return index;
+    if (return_matching_try_for_catch_blocks &&
+        (block.IsCatch() || block.IsCatchAll())) {
+      return block.parent_try_block_index_;
+    }
+    index = blocks_[index].parent_block_index_;
+  }
+  return -1;
+}
+
+void WasmBytecodeGenerator::PatchLoopJumpInstructions() {
+  if (ref_slots_count_ == 0) {
+    for (size_t i = 0; i < loop_end_code_offsets_.size(); i++) {
+      base::WriteUnalignedValue<InstructionHandler>(
+          reinterpret_cast<Address>(code_.data() + loop_end_code_offsets_[i]),
+          k_s2s_Nop);
+    }
+  }
+}
+
+void WasmBytecodeGenerator::PatchBranchOffsets() {
+  static const uint32_t kElseBlockStartOffset =
+      sizeof(InstructionHandler) + sizeof(uint32_t);
+
+  for (int block_index = 0; block_index < static_cast<int>(blocks_.size());
+       block_index++) {
+    const BlockData block_data = blocks_[block_index];
+    for (size_t i = 0; i < block_data.branch_code_offsets_.size(); i++) {
+      uint32_t current_code_offset = block_data.branch_code_offsets_[i];
+      uint32_t target_offset = block_data.end_code_offset_;
+      if (block_data.IsLoop()) {
+        target_offset = block_data.begin_code_offset_;
+      } else if (block_data.IsIf() && block_data.if_else_block_index_ >= 0 &&
+                 current_code_offset == block_data.begin_code_offset_) {
+        // Jumps to the 'else' branch.
+        target_offset =
+            blocks_[block_data.if_else_block_index_].begin_code_offset_ +
+            kElseBlockStartOffset;
+      } else if ((block_data.IsCatch() || block_data.IsCatchAll()) &&
+                 current_code_offset == block_data.begin_code_offset_ +
+                                            sizeof(InstructionHandler)) {
+        // Jumps to the end of a sequence of 'try'/'catch' branches.
+        target_offset = static_cast<uint32_t>(
+            eh_data_.GetEndInstructionOffsetFor(block_index));
+      }
+
+      int32_t delta = target_offset - current_code_offset;
+      base::WriteUnalignedValue<uint32_t>(
+          reinterpret_cast<Address>(code_.data() + current_code_offset), delta);
+    }
+  }
+}
+
+bool WasmBytecodeGenerator::TryCompactInstructionHandler(
+    InstructionHandler func_id) {
+  if (last_instr_offset_ == kInvalidCodeOffset) return false;
+  InstructionHandler* prev_instr_addr =
+      reinterpret_cast<InstructionHandler*>(code_.data() + last_instr_offset_);
+  InstructionHandler prev_instr_handler = *prev_instr_addr;
+  if (func_id == k_s2s_CopySlot32 && prev_instr_handler == k_s2s_CopySlot32) {
+    // Tranforms:
+    //  [CopySlot32: InstrId][from: u32][to: u32]
+    // into:
+    //  [CopySlot32x2: InstrId][from0: u32][to0: u32][from1: u32][to1: u32]
+    base::WriteUnalignedValue<InstructionHandler>(
+        reinterpret_cast<Address>(prev_instr_addr), k_s2s_CopySlot32x2);
+    return true;
+  } else if (func_id == k_s2s_CopySlot64 &&
+             prev_instr_handler == k_s2s_CopySlot64) {
+    base::WriteUnalignedValue<InstructionHandler>(
+        reinterpret_cast<Address>(prev_instr_addr), k_s2s_CopySlot64x2);
+    return true;
+  }
+  return false;
+}
+
+ClearThreadInWasmScope::ClearThreadInWasmScope(Isolate* isolate)
+    : isolate_(isolate) {
+  DCHECK_IMPLIES(trap_handler::IsTrapHandlerEnabled(),
+                 trap_handler::IsThreadInWasm());
+  trap_handler::ClearThreadInWasm();
+}
+
+ClearThreadInWasmScope ::~ClearThreadInWasmScope() {
+  DCHECK_IMPLIES(trap_handler::IsTrapHandlerEnabled(),
+                 !trap_handler::IsThreadInWasm());
+  if (!isolate_->has_exception()) {
+    trap_handler::SetThreadInWasm();
+  }
+  // Otherwise we only want to set the flag if the exception is caught in
+  // wasm. This is handled by the unwinder.
+}
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/interpreter/wasm-interpreter.h b/deps/v8/src/wasm/interpreter/wasm-interpreter.h
new file mode 100644
index 00000000000000..7613625c693132
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/wasm-interpreter.h
@@ -0,0 +1,2068 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#if !V8_ENABLE_WEBASSEMBLY
+#error This header should only be included if WebAssembly is enabled.
+#endif  // !V8_ENABLE_WEBASSEMBLY
+
+#ifndef V8_WASM_INTERPRETER_WASM_INTERPRETER_H_
+#define V8_WASM_INTERPRETER_WASM_INTERPRETER_H_
+
+#include <atomic>
+#include <memory>
+#include <vector>
+
+#include "src/base/platform/time.h"
+#include "src/base/platform/wrappers.h"
+#include "src/base/small-vector.h"
+#include "src/base/vector.h"
+#include "src/common/simd128.h"
+#include "src/logging/counters.h"
+#include "src/wasm/function-body-decoder-impl.h"
+#include "src/wasm/interpreter/instruction-handlers.h"
+#include "src/wasm/interpreter/wasm-interpreter-objects.h"
+#include "src/wasm/wasm-value.h"
+
+////////////////////////////////////////////////////////////////////////////////
+//
+// DrumBrake: An interpreter for WebAssembly.
+//
+////////////////////////////////////////////////////////////////////////////////
+
+// Uncomment to enable profiling.
+// #define DRUMBRAKE_ENABLE_PROFILING true
+//
+
+#ifdef V8_HOST_ARCH_ARM64
+#define VECTORCALL
+#else
+#if defined(__clang__)
+#define VECTORCALL __vectorcall
+#else  // GCC or MSVC
+#define VECTORCALL
+#endif  // __clang__
+#endif  // V8_HOST_ARCH_ARM64
+
+typedef void InstrHandlerRetType;
+#define INSTRUCTION_HANDLER_FUNC \
+  static DISABLE_CFI_ICALL InstrHandlerRetType VECTORCALL
+
+namespace v8 {
+
+namespace internal {
+class Cell;
+class FixedArray;
+class WasmInstanceObject;
+
+namespace wasm {
+
+// Forward declarations.
+class Decoder;
+struct InterpreterCode;
+class InterpreterHandle;
+struct ModuleWireBytes;
+class WasmBytecode;
+class WasmBytecodeGenerator;
+class WasmCode;
+struct WasmFunction;
+struct WasmModule;
+class WasmInterpreterRuntime;
+class WasmInterpreterThread;
+
+using pc_t = size_t;
+using CodeOffset = size_t;
+using WasmRef = Handle<Object>;
+
+// We are using sizeof(WasmRef) and kSystemPointerSize interchangeably in the
+// interpreter code.
+static_assert(sizeof(WasmRef) == kSystemPointerSize);
+
+// Code and metadata needed to execute a function.
+struct InterpreterCode {
+  InterpreterCode(const WasmFunction* function, BodyLocalDecls locals,
+                  const uint8_t* start, const uint8_t* end)
+      : function(function), locals(locals), start(start), end(end) {}
+
+  const uint8_t* at(pc_t pc) { return start + pc; }
+
+  const WasmFunction* function;  // wasm function
+  BodyLocalDecls locals;         // local declarations
+  const uint8_t* start;          // start of code
+  const uint8_t* end;            // end of code
+  std::unique_ptr<WasmBytecode> bytecode;
+};
+
+struct FrameState {
+  FrameState()
+      : current_function_(nullptr),
+        previous_frame_(nullptr),
+        current_bytecode_(nullptr),
+        current_sp_(nullptr),
+        thread_(nullptr),
+        ref_array_current_sp_(0),
+        ref_array_length_(0),
+        handle_scope_(nullptr)
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+        ,
+        current_stack_height_(0),
+        current_stack_start_args_(0),
+        current_stack_start_locals_(0),
+        current_stack_start_stack_(0)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  {
+  }
+
+  const WasmBytecode* current_function_;
+  const FrameState* previous_frame_;
+  const uint8_t* current_bytecode_;
+  uint8_t* current_sp_;
+  WasmInterpreterThread* thread_;
+  uint32_t ref_array_current_sp_;
+  uint32_t ref_array_length_;
+  HandleScope* handle_scope_;
+
+  // Maintains a reference to the exceptions caught by each catch handler.
+  void SetCaughtException(Isolate* isolate, uint32_t catch_block_index,
+                          Handle<Object> exception);
+  Handle<Object> GetCaughtException(Isolate* isolate,
+                                    uint32_t catch_block_index) const;
+  void DisposeCaughtExceptionsArray(Isolate* isolate);
+  Handle<FixedArray> caught_exceptions_;
+
+  inline void ResetHandleScope(Isolate* isolate);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  uint32_t current_stack_height_;
+  uint32_t current_stack_start_args_;
+  uint32_t current_stack_start_locals_;
+  uint32_t current_stack_start_stack_;
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+};
+
+// Manages the calculations of the
+// V8.WasmInterpreterExecutionInTenSecondsPercentage histogram, which measures
+// the percentage of time spent executing in the Wasm interpreter in a 10
+// seconds window and it is useful to detect applications that are CPU-bound
+// and that could be visibly slowed down by the interpreter. Only about one
+// sample per minute is generated.
+class WasmExecutionTimer {
+ public:
+  WasmExecutionTimer(Isolate* isolate, bool track_jitless_wasm);
+
+  V8_INLINE void Start() {
+    if (execute_ratio_histogram_->Enabled()) StartInternal();
+  }
+
+  V8_INLINE void Stop() {
+    if (execute_ratio_histogram_->Enabled()) StopInternal();
+  }
+
+  void Terminate();
+
+ private:
+  void StartInternal();
+  void StopInternal();
+
+  void BeginInterval(bool start_timer);
+  void EndInterval();
+
+  void AddSample(int running_ratio);
+
+  Histogram* execute_ratio_histogram_;
+  Histogram* slow_wasm_histogram_;
+  base::ElapsedTimer window_execute_timer_;
+  bool window_has_started_;
+  base::TimeTicks next_interval_time_;
+  base::TimeTicks start_interval_time_;
+  base::TimeDelta window_running_time_;
+  const base::TimeDelta sample_duration_;
+  base::TimeDelta cooldown_interval_;  // Pause between samples.
+  const int slow_threshold_;
+  const size_t slow_threshold_samples_count_;
+  std::vector<int> samples_;
+  Isolate* isolate_;
+
+  static const int kMaxPercentValue = 100000;
+};
+
+class V8_EXPORT_PRIVATE WasmInterpreterThreadMap {
+ public:
+  WasmInterpreterThread* GetCurrentInterpreterThread(Isolate* isolate);
+
+  void NotifyIsolateDisposal(Isolate* isolate);
+
+ private:
+  typedef std::unordered_map<int, std::unique_ptr<WasmInterpreterThread>>
+      ThreadInterpreterMap;
+  ThreadInterpreterMap map_;
+  base::Mutex mutex_;
+};
+
+// Representation of a thread in the interpreter.
+class V8_EXPORT_PRIVATE WasmInterpreterThread {
+ public:
+  // State machine for a WasmInterpreterThread:
+  //
+  //               STOPPED
+  //                  |
+  //             Run()|
+  //                  V
+  //               RUNNING <-----------------------------------+
+  //                  |                                        |
+  //                  |                                        |
+  //    +-------------+---------------+---------------+        |
+  //    |Stop()       |Trap()         |Finish()       |        |
+  //    V             V               V               V        |
+  // STOPPED <---- TRAPPED         FINISHED     EH_UNWINDING --+
+  //    ^                                             |
+  //    +---------------------------------------------+
+  //
+  // In more detail:
+  // - For each loaded instance, an InterpreterHandler is created that owns a
+  //   WasmInterpreter that owns a WasmInterpreterRuntime object.
+  //
+  // - The WasmInterpreterThread is created in STOPPED state.
+  //
+  // - InterpreterHandle::Execute(func_index, ...) executes Wasm code in
+  // the interpreter:
+  //   - WasmInterpreter::BeginExecution ->
+  //       WasmInterpreterRuntime::BeginExecution ->
+  //         WasmInterpreterThread::StartActivation() -> Run() -> RUNNING
+  //         state.
+  //   - WasmInterpreter::ContinueExecution ->
+  //       WasmInterpreterRuntime::ContinueExecution ->
+  //         WasmInterpreterRuntime::ExecuteFunction
+  //
+  // WasmInterpreterRuntime::ExecuteFunction(..., func_index, ...) executes a
+  // specific Wasm function.
+  // If 'func_index' indicates an imported function, and the call fails ->
+  //   Stop() -> STOPPED state.
+  // If 'func_index' indicates an not-imported function, we start executing a
+  // sequence of instruction handlers. One of these handlers can cause a
+  //   Trap()  -> TRAPPED state.
+  // From these instructions sequence we can make several kinds of direct or
+  // indirect wasm calls to:
+  //  . An external JS function ->
+  //      WasmInterpreterRuntime::CallExternalJSFunction() ->
+  //      If the call fails -> Stop() -> STOPPED state.
+  //  . A Wasm function in the same module instance, recursively calling
+  //      WasmInterpreterRuntime::ExecuteFunction().
+  //  . A Wasm function in a different module instance. In this case we
+  //      recusively call InterpreterHandle::Execute with the
+  //      InterpreterHandle of that different instance. If the call fails ->
+  //      Stop() -> STOPPED state.
+  //
+  // After WasmInterpreterRuntime::ExecuteFunction() completes, if we ended up
+  // in the TRAPPED state we raise a JS exception  -> RaiseException() ->
+  // Stop() -> STOPPED state.
+  //
+  // If an exception can be handled by Wasm code, according to the Wasm
+  // Exception Handling proposal, the thread can go to the EH_UNWINDING state
+  // while looking for a Wasm function in the call stack that has a {catch}
+  // instruction that can handle that exception. If no such catch handler is
+  // found, the thread goes to STOPPED.
+  //
+  // If we are running the WasmInterpreter of instance A and we can call
+  // from a function of a different instance B (via
+  // InterpreterHandle::Execute()) the execution of instance A "suspends"
+  // waiting for the execution in the WasmInterpreter of instance B to
+  // complete. Instance B can call back into instance A, and so on... This
+  // means that in the call stack we might have a sequence of stack frames for
+  // the WasmInterpreter A followed by frames for instance B followed by
+  // more frames of instance A.
+  // To manage this case WasmInterpreterThread maintains a stack of
+  // Activations, which represents the set of StackFrames for a given module
+  // instance. Only when the last active Activation terminates we call
+  // Finish() -> FINISHED state.
+
+  enum State { STOPPED, RUNNING, FINISHED, TRAPPED, EH_UNWINDING };
+
+  enum ExceptionHandlingResult { HANDLED, UNWOUND };
+
+  struct TrapStatus {
+    //  bool has_trapped;
+    int trap_function_index;
+    int trap_pc;
+  };
+
+  class Activation {
+   public:
+    Activation(WasmInterpreterThread* thread,
+               WasmInterpreterRuntime* wasm_runtime, Address frame_pointer,
+               uint8_t* start_fp, const FrameState& callee_frame_state)
+        : thread_(thread),
+          wasm_runtime_(wasm_runtime),
+          frame_pointer_(frame_pointer),
+          current_frame_size_(0),
+          ref_stack_size_(0),
+          current_fp_(start_fp),
+          current_frame_state_(callee_frame_state)
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+          ,
+          current_stack_start_(callee_frame_state.current_stack_start_args_ +
+                               thread->CurrentStackFrameSize()),
+          current_stack_size_(0)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+    {
+    }
+
+    WasmInterpreterThread* thread() const { return thread_; }
+
+    inline Isolate* GetIsolate() const;
+
+    Address GetFramePointer() const { return frame_pointer_; }
+
+    void SetCurrentFrame(const FrameState& frame_state) {
+      current_frame_state_ = frame_state;
+    }
+    const FrameState& GetCurrentFrame() const { return current_frame_state_; }
+
+    void SetCurrentActivationFrame(uint8_t* current_fp,
+                                   uint32_t current_frame_size,
+                                   uint32_t current_stack_size,
+                                   uint32_t ref_stack_size) {
+      current_fp_ = current_fp;
+      current_frame_size_ = current_frame_size;
+      ref_stack_size_ = ref_stack_size;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      current_stack_size_ = current_stack_size;
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+    }
+
+    uint8_t* NextFrameAddress() const {
+      return current_fp_ + current_frame_size_;
+    }
+
+    uint32_t NextRefStackOffset() const { return ref_stack_size_; }
+
+    void SetTrapped(int trap_function_index, int trap_pc) {
+      // Capture the call stack at the moment of the trap and store it to be
+      // retrieved later. This works because, once an Activation has trapped,
+      // execution will never resume in it, given that Wasm EH is not
+      // supported yet.
+      TrapStatus trap_status{trap_function_index, trap_pc};
+      trap_stack_trace_ =
+          std::make_unique<std::vector<WasmInterpreterStackEntry>>(
+              CaptureStackTrace(&trap_status));
+    }
+
+    std::vector<WasmInterpreterStackEntry> GetStackTrace() {
+      if (trap_stack_trace_) {
+        return *trap_stack_trace_;
+      }
+
+      // If the Activation has not trapped, it is still executing so we need
+      // to capture the current call stack.
+      return CaptureStackTrace();
+    }
+
+    int GetFunctionIndex(int index) const;
+
+    const WasmInterpreterRuntime* GetWasmRuntime() const {
+      return wasm_runtime_;
+    }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    uint32_t CurrentStackFrameStart() const { return current_stack_start_; }
+    uint32_t CurrentStackFrameSize() const { return current_stack_size_; }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+   private:
+    std::vector<WasmInterpreterStackEntry> CaptureStackTrace(
+        const TrapStatus* trap_status = nullptr) const;
+
+    WasmInterpreterThread* thread_;
+    WasmInterpreterRuntime* wasm_runtime_;
+    Address frame_pointer_;
+    uint32_t current_frame_size_;
+    uint32_t ref_stack_size_;
+    uint8_t* current_fp_;
+    FrameState current_frame_state_;
+    std::unique_ptr<std::vector<WasmInterpreterStackEntry>> trap_stack_trace_;
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    uint32_t current_stack_start_;
+    uint32_t current_stack_size_;
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  };
+
+  explicit WasmInterpreterThread(Isolate* isolate)
+      : isolate_(isolate),
+        state_(State::STOPPED),
+        trap_reason_(TrapReason::kTrapUnreachable),
+        current_stack_size_(kInitialStackSize),
+        stack_mem_(nullptr),
+        execution_timer_(isolate, true) {
+    PageAllocator* page_allocator = GetPlatformPageAllocator();
+    stack_mem_ = AllocatePages(page_allocator, nullptr, kMaxStackSize,
+                               page_allocator->AllocatePageSize(),
+                               PageAllocator::kNoAccess);
+    if (!stack_mem_ ||
+        !SetPermissions(page_allocator, stack_mem_, current_stack_size_,
+                        PageAllocator::Permission::kReadWrite)) {
+      V8::FatalProcessOutOfMemory(
+          nullptr, "WasmInterpreterThread::WasmInterpreterThread",
+          "Cannot allocate Wasm interpreter stack");
+      UNREACHABLE();
+    }
+  }
+
+  ~WasmInterpreterThread() {
+    FreePages(GetPlatformPageAllocator(), stack_mem_, kMaxStackSize);
+  }
+
+  bool ExpandStack(size_t additional_required_size) {
+    if (current_stack_size_ + additional_required_size > kMaxStackSize) {
+      return false;
+    }
+
+    uint32_t new_size = current_stack_size_;
+    while (new_size < current_stack_size_ + additional_required_size) {
+      new_size = std::min(new_size + kStackSizeIncrement, kMaxStackSize);
+    }
+
+    if (SetPermissions(GetPlatformPageAllocator(), stack_mem_, new_size,
+                       PageAllocator::Permission::kReadWrite)) {
+      current_stack_size_ = new_size;
+      return true;
+    }
+    return false;
+  }
+
+  static void Initialize() {
+    // This function can be called multiple times by fuzzers.
+    if (thread_interpreter_map_s) return;
+    thread_interpreter_map_s = new WasmInterpreterThreadMap();
+  }
+
+  static void Terminate() {
+    delete thread_interpreter_map_s;
+    thread_interpreter_map_s = nullptr;
+  }
+
+  static void NotifyIsolateDisposal(Isolate* isolate) {
+    thread_interpreter_map_s->NotifyIsolateDisposal(isolate);
+  }
+
+  static WasmInterpreterThread* GetCurrentInterpreterThread(Isolate* isolate) {
+    DCHECK_NOT_NULL(thread_interpreter_map_s);
+    return thread_interpreter_map_s->GetCurrentInterpreterThread(isolate);
+  }
+
+  const Isolate* GetIsolate() const { return isolate_; }
+
+  State state() const { return state_; }
+
+  void Run() { state_ = State::RUNNING; }
+  void Stop() { state_ = State::STOPPED; }
+
+  void Trap(TrapReason trap_reason, int trap_function_index, int trap_pc,
+            const FrameState& current_frame) {
+    state_ = State::TRAPPED;
+    trap_reason_ = trap_reason;
+
+    DCHECK(!activations_.empty());
+    activations_.back()->SetCurrentFrame(current_frame);
+    activations_.back()->SetTrapped(trap_function_index, trap_pc);
+  }
+  TrapReason GetTrapReason() const { return trap_reason_; }
+
+  void Unwinding() { state_ = State::EH_UNWINDING; }
+
+  inline WasmInterpreterThread::Activation* StartActivation(
+      WasmInterpreterRuntime* wasm_runtime, Address frame_pointer,
+      uint8_t* interpreter_fp, const FrameState& frame_state);
+  inline void FinishActivation();
+  inline const FrameState* GetCurrentActivationFor(
+      const WasmInterpreterRuntime* wasm_runtime) const;
+
+  inline void SetCurrentFrame(const FrameState& frame_state) {
+    DCHECK(!activations_.empty());
+    activations_.back()->SetCurrentFrame(frame_state);
+  }
+
+  inline void SetCurrentActivationFrame(uint32_t* fp,
+                                        uint32_t current_frame_size,
+                                        uint32_t current_stack_size,
+                                        uint32_t ref_stack_size) {
+    DCHECK(!activations_.empty());
+    activations_.back()->SetCurrentActivationFrame(
+        reinterpret_cast<uint8_t*>(fp), current_frame_size, current_stack_size,
+        ref_stack_size);
+  }
+
+  WasmInterpreterThread::Activation* GetActivation(
+      Address frame_pointer) const {
+    for (size_t i = 0; i < activations_.size(); i++) {
+      if (activations_[i]->GetFramePointer() == frame_pointer) {
+        return activations_[i].get();
+      }
+    }
+    return nullptr;
+  }
+
+  uint8_t* NextFrameAddress() const {
+    if (activations_.empty()) {
+      return stack_mem();
+    } else {
+      return activations_.back()->NextFrameAddress();
+    }
+  }
+
+  uint32_t NextRefStackOffset() const {
+    if (activations_.empty()) {
+      return 0;
+    } else {
+      return activations_.back()->NextRefStackOffset();
+    }
+  }
+  const uint8_t* StackLimitAddress() const {
+    return stack_mem() + current_stack_size_;
+  }
+
+  void StartExecutionTimer();
+  void StopExecutionTimer();
+  void TerminateExecutionTimers();
+
+  static void SetRuntimeLastWasmError(Isolate* isolate,
+                                      MessageTemplate message);
+  static TrapReason GetRuntimeLastWasmError(Isolate* isolate);
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  uint32_t CurrentStackFrameStart() const {
+    if (activations_.empty()) {
+      return 0;
+    } else {
+      return activations_.back()->CurrentStackFrameStart();
+    }
+  }
+
+  uint32_t CurrentStackFrameSize() const {
+    if (activations_.empty()) {
+      return 0;
+    } else {
+      return activations_.back()->CurrentStackFrameSize();
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  void RaiseException(Isolate* isolate, MessageTemplate message);
+
+ private:
+  void Finish() { state_ = State::FINISHED; }
+
+  inline uint8_t* stack_mem() const {
+    return reinterpret_cast<uint8_t*>(stack_mem_);
+  }
+
+  static WasmInterpreterThreadMap* thread_interpreter_map_s;
+
+  Isolate* isolate_;
+  State state_;
+  TrapReason trap_reason_;
+
+  static constexpr uint32_t kInitialStackSize = 1 * MB;
+  static constexpr uint32_t kStackSizeIncrement = 1 * MB;
+  static constexpr uint32_t kMaxStackSize = 32 * MB;
+  uint32_t current_stack_size_;
+  void* stack_mem_;
+
+  std::vector<std::unique_ptr<Activation>> activations_;
+
+  WasmExecutionTimer execution_timer_;
+};
+
+// The interpreter interface.
+class V8_EXPORT_PRIVATE WasmInterpreter {
+ public:
+  // The main storage for interpreter code. It maps {WasmFunction} to the
+  // metadata needed to execute each function.
+  class CodeMap {
+   public:
+    CodeMap(Isolate* isolate, const WasmModule* module,
+            const uint8_t* module_start, Zone* zone);
+
+    const WasmModule* module() const { return module_; }
+
+    inline InterpreterCode* GetCode(uint32_t function_index);
+
+    inline WasmBytecode* GetFunctionBytecode(uint32_t func_index);
+
+    inline void AddFunction(const WasmFunction* function,
+                            const uint8_t* code_start, const uint8_t* code_end);
+
+    void SetFunctionCode(const WasmFunction* function, const uint8_t* start,
+                         const uint8_t* end);
+
+    size_t TotalBytecodeSize() {
+      return generated_code_size_.load(std::memory_order_relaxed);
+    }
+
+   private:
+    void Preprocess(uint32_t function_index);
+
+    Zone* zone_;
+    Isolate* isolate_;
+    const WasmModule* module_;
+    ZoneVector<InterpreterCode> interpreter_code_;
+
+    base::TimeDelta bytecode_generation_time_;
+    std::atomic<size_t> generated_code_size_;
+  };
+
+  WasmInterpreter(Isolate* isolate, const WasmModule* module,
+                  const ModuleWireBytes& wire_bytes,
+                  Handle<WasmInstanceObject> instance);
+
+  static void InitializeOncePerProcess();
+  static void GlobalTearDown();
+  static void NotifyIsolateDisposal(Isolate* isolate);
+
+  inline void BeginExecution(WasmInterpreterThread* thread,
+                             uint32_t function_index, Address frame_pointer,
+                             uint8_t* interpreter_fp, uint32_t ref_stack_offset,
+                             const std::vector<WasmValue>& argument_values);
+  inline void BeginExecution(WasmInterpreterThread* thread,
+                             uint32_t function_index, Address frame_pointer,
+                             uint8_t* interpreter_fp);
+
+  WasmInterpreterThread::State ContinueExecution(WasmInterpreterThread* thread,
+                                                 bool called_from_js);
+
+  inline WasmValue GetReturnValue(int index) const;
+
+  inline std::vector<WasmInterpreterStackEntry> GetInterpretedStack(
+      Address frame_pointer);
+
+  inline int GetFunctionIndex(Address frame_pointer, int index) const;
+
+  inline void SetTrapFunctionIndex(int32_t func_index);
+
+  inline WasmInterpreterRuntime* GetWasmRuntime() {
+    return wasm_runtime_.get();
+  }
+
+ private:
+  // This {Zone} has the lifespan of this {WasmInterpreter}, which should
+  // have the lifespan of the corresponding {WasmInstanceObject}.
+  // The zone is used to allocate the {module_bytes_} vector below and the
+  // {InterpreterCode} vector in the {CodeMap}. It is also passed to
+  // {WasmDecoder} used to parse the 'locals' in a Wasm function.
+  Zone zone_;
+  Handle<WasmInstanceObject> instance_object_;
+
+  // Create a copy of the module bytes for the interpreter, since the passed
+  // pointer might be invalidated after constructing the interpreter.
+  const ZoneVector<uint8_t> module_bytes_;
+
+  CodeMap codemap_;
+
+  // DrumBrake
+  std::shared_ptr<WasmInterpreterRuntime> wasm_runtime_;
+
+  WasmInterpreter(const WasmInterpreter&) = delete;
+  WasmInterpreter& operator=(const WasmInterpreter&) = delete;
+};
+
+typedef InstrHandlerRetType(VECTORCALL PWasmOp)(
+    const uint8_t* code, uint32_t* sp, WasmInterpreterRuntime* wasm_runtime,
+    int64_t r0, double fp0);
+#ifdef __clang__
+#define MUSTTAIL [[clang::musttail]]
+#else
+#define MUSTTAIL
+#endif  // __clang__
+
+extern PWasmOp* kInstructionTable[];
+
+// {OperatorMode}s are used for the
+// v8_flags.drumbrake_register_optimization. The prototype of instruction
+// handlers contains two arguments int64_t r0 and double fp0 that can be used to
+// pass in an integer or floating-point register the values that is at the top
+// of the Wasm execution stack.
+//
+// For this reasons, whenever possible we define four different versions of each
+// instruction handler, all identified by the following prefixes:
+//
+// - r2r_*: Wasm instruction handlers called when the stack top value is in a
+//          register and that put the result in a register.
+// - r2s_*: Wasm instruction handlers called when the stack top value is in a
+//          register and that push the result on the stack.
+// - s2r_*: Wasm instruction handlers called when the stack top value is not in
+//          a register and that put the result in a register.
+// - s2s_*: Wasm instruction handlers called when the stack top value is not in
+//          a register and that push the result on the stack.
+//
+enum OperatorMode { kR2R = 0, kR2S, kS2R, kS2S };
+static const size_t kOperatorModeCount = 4;
+
+// {RegMode} and {RegModeTransform} specifies how an instruction handler can
+// leverage the --drumbrake-register-optimization.
+//
+// {RegModeTransform} defines a pair of {RegMode}s, that specify whether an
+// instruction handler can take its input or provide its output from the stack
+// or from registers.
+//
+// For example:
+//    {kF32Reg, kI32Reg},  // 0x5b F32Eq
+// declares that the F32Eq instruction handler can read the stack top value from
+// a floating point register as a F32 and pass the result to the next handler in
+// an integer register as an I32, so saving one stack pop and one stack push
+// operations.
+enum class RegMode {
+  kNoReg,  // The instruction handler only gets inputs from stack slots or
+           // provide the result into a stack slot.
+
+  kI32Reg,  // The instruction handler can be optimized to work with the integer
+  kI64Reg,  // register 'r0'.
+
+  kF32Reg,  // The instruction handler can be optimized to work with the
+  kF64Reg,  // floating point register 'fp0'.
+
+  kAnyReg,  // The instruction handler can be optimized to work either with the
+            // integer or fp register; the specific register depends on the
+            // type of the type of the value at the top of the stack. This is
+            // used for instructions like 'drop', 'select' and 'local.set.
+};
+
+inline RegMode GetRegMode(ValueKind kind) {
+  switch (kind) {
+    case kI32:
+      return RegMode::kI32Reg;
+    case kI64:
+      return RegMode::kI64Reg;
+    case kF32:
+      return RegMode::kF32Reg;
+    case kF64:
+      return RegMode::kF64Reg;
+    default:
+      UNREACHABLE();
+  }
+}
+
+struct RegModeTransform {
+  RegMode from;
+  RegMode to;
+};
+
+static const RegModeTransform kRegModes[256] = {
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x00 Unreachable
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x01 Nop
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x02 Block
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x03 Loop
+    {RegMode::kI32Reg, RegMode::kNoReg},  // 0x04 If
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x05 Else
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x06 Try - eh_prototype
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x07 Catch - eh_prototype
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x08 Throw - eh_prototype
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x09 Rethrow - eh_prototype
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x0a (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x0b End
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x0c Br
+    {RegMode::kI32Reg, RegMode::kNoReg},  // 0x0d BrIf
+    {RegMode::kI32Reg, RegMode::kNoReg},  // 0x0e BrTable
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x0f Return
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x10 CallFunction
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x11 CallIndirect
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x12 ReturnCall
+    {RegMode::kNoReg, RegMode::kNoReg},   // 0x13 ReturnCallIndirect
+
+    {RegMode::kNoReg,
+     RegMode::kNoReg},  // 0x14 CallRef - typed_funcref prototype - NOTIMPL
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x15 ReturnCallRef - typed_funcref
+                                         // prototype - NOTIMPL
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x16 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x17 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x18 Delegate - eh_prototype
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x19 CatchAll - eh_prototype
+
+    {RegMode::kAnyReg, RegMode::kNoReg},   // 0x1a Drop
+    {RegMode::kI32Reg, RegMode::kAnyReg},  // 0x1b Select
+    {RegMode::kI32Reg, RegMode::kAnyReg},  // 0x1c SelectWithType
+
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x1d (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x1e (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x1f (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x20 LocalGet
+    {RegMode::kAnyReg, RegMode::kNoReg},   // 0x21 LocalSet
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x22 LocalTee
+    {RegMode::kNoReg, RegMode::kAnyReg},   // 0x23 GlobalGet
+    {RegMode::kAnyReg, RegMode::kNoReg},   // 0x24 GlobalSet
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x25 TableGet
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x26 TableSet
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x27 (reserved)
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x28 I32LoadMem
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x29 I64LoadMem
+    {RegMode::kI32Reg, RegMode::kF32Reg},  // 0x2a F32LoadMem
+    {RegMode::kI32Reg, RegMode::kF64Reg},  // 0x2b F64LoadMem
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x2c I32LoadMem8S
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x2d I32LoadMem8U
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x2e I32LoadMem16S
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x2f I32LoadMem16U
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x30 I64LoadMem8S
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x31 I64LoadMem8U
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x32 I64LoadMem16S
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x33 I64LoadMem16U
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x34 I64LoadMem32S
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0x35 I64LoadMem32U
+    {RegMode::kI32Reg, RegMode::kNoReg},   // 0x36 I32StoreMem
+    {RegMode::kI64Reg, RegMode::kNoReg},   // 0x37 I64StoreMem
+    {RegMode::kF32Reg, RegMode::kNoReg},   // 0x38 F32StoreMem
+    {RegMode::kF64Reg, RegMode::kNoReg},   // 0x39 F64StoreMem
+    {RegMode::kI32Reg, RegMode::kNoReg},   // 0x3a I32StoreMem8
+    {RegMode::kI32Reg, RegMode::kNoReg},   // 0x3b I32StoreMem16
+    {RegMode::kI64Reg, RegMode::kNoReg},   // 0x3c I64StoreMem8
+    {RegMode::kI64Reg, RegMode::kNoReg},   // 0x3d I64StoreMem16
+    {RegMode::kI64Reg, RegMode::kNoReg},   // 0x3e I64StoreMem32
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x3f MemorySize
+    {RegMode::kNoReg, RegMode::kNoReg},    // 0x40 MemoryGrow
+
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x41 I32Const
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x42 I64Const
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x43 F32Const
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0x44 F64Const
+
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x45 I32Eqz
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x46 I32Eq
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x47 I32Ne
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x48 I32LtS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x49 I32LtU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4a I32GtS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4b I32GtU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4c I32LeS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4d I32LeU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4e I32GeS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x4f I32GeU
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x50 I64Eqz
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x51 I64Eq
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x52 I64Ne
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x53 I64LtS
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x54 I64LtU
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x55 I64GtS
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x56 I64GtU
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x57 I64LeS
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x58 I64LeU
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x59 I64GeS
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x5a I64GeU
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x5b F32Eq
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x5c F32Ne
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x5d F32Lt
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x5e F32Gt
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x5f F32Le
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0x60 F32Ge
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x61 F64Eq
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x62 F64Ne
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x63 F64Lt
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x64 F64Gt
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x65 F64Le
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0x66 F64Ge
+
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x67 I32Clz
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x68 I32Ctz
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x69 I32Popcnt
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6a I32Add
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6b I32Sub
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6c I32Mul
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6d I32DivS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6e I32DivU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x6f I32RemS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x70 I32RemU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x71 I32And
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x72 I32Ior
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x73 I32Xor
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x74 I32Shl
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x75 I32ShrS
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x76 I32ShrU
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x77 I32Rol
+    {RegMode::kI32Reg, RegMode::kI32Reg},  // 0x78 I32Ror
+
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x79 I64Clz
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x7a I64Ctz
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0x7b I64Popcnt
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x7c I64Add
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x7d I64Sub
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x7e I64Mul
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x7f I64DivS
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x80 I64DivU
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x81 I64RemS
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x82 I64RemU
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x83 I64And
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x84 I64Ior
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x85 I64Xor
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x86 I64Shl
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x87 I64ShrS
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x88 I64ShrU
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x89 I64Rol
+    {RegMode::kI64Reg, RegMode::kI64Reg},  // 0x8a I64Ror
+
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x8b F32Abs
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x8c F32Neg
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x8d F32Ceil
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x8e F32Floor
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x8f F32Trunc
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x90 F32NearestInt
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x91 F32Sqrt
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x92 F32Add
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x93 F32Sub
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x94 F32Mul
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x95 F32Div
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x96 F32Min
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x97 F32Max
+    {RegMode::kF32Reg, RegMode::kF32Reg},  // 0x98 F32CopySign
+
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x99 F64Abs
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9a F64Neg
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9b F64Ceil
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9c F64Floor
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9d F64Trunc
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9e F64NearestInt
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0x9f F64Sqrt
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa0 F64Add
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa1 F64Sub
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa2 F64Mul
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa3 F64Div
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa4 F64Min
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa5 F64Max
+    {RegMode::kF64Reg, RegMode::kF64Reg},  // 0xa6 F64CopySign
+
+    {RegMode::kI64Reg, RegMode::kI32Reg},  // 0xa7 I32ConvertI64
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0xa8 I32SConvertF32
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0xa9 I32UConvertF32
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0xaa I32SConvertF64
+    {RegMode::kF64Reg, RegMode::kI32Reg},  // 0xab I32UConvertF64
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0xac I64SConvertI32
+    {RegMode::kI32Reg, RegMode::kI64Reg},  // 0xad I64UConvertI32
+    {RegMode::kF32Reg, RegMode::kI64Reg},  // 0xae I64SConvertF32
+    {RegMode::kF32Reg, RegMode::kI64Reg},  // 0xaf I64UConvertF32
+    {RegMode::kF64Reg, RegMode::kI64Reg},  // 0xb0 I64SConvertF64
+    {RegMode::kF64Reg, RegMode::kI64Reg},  // 0xb1 I64UConvertF64
+    {RegMode::kI32Reg, RegMode::kF32Reg},  // 0xb2 F32SConvertI32
+    {RegMode::kI32Reg, RegMode::kF32Reg},  // 0xb3 F32UConvertI32
+    {RegMode::kI64Reg, RegMode::kF32Reg},  // 0xb4 F32SConvertI64
+    {RegMode::kI64Reg, RegMode::kF32Reg},  // 0xb5 F32UConvertI64
+    {RegMode::kF64Reg, RegMode::kF32Reg},  // 0xb6 F32ConvertF64
+    {RegMode::kI32Reg, RegMode::kF64Reg},  // 0xb7 F64SConvertI32
+    {RegMode::kI32Reg, RegMode::kF64Reg},  // 0xb8 F64UConvertI32
+    {RegMode::kI64Reg, RegMode::kF64Reg},  // 0xb9 F64SConvertI64
+    {RegMode::kI64Reg, RegMode::kF64Reg},  // 0xba F64UConvertI64
+    {RegMode::kF32Reg, RegMode::kF64Reg},  // 0xbb F64ConvertF32
+    {RegMode::kF32Reg, RegMode::kI32Reg},  // 0xbc I32ReinterpretF32
+    {RegMode::kF64Reg, RegMode::kI64Reg},  // 0xbd I64ReinterpretF64
+    {RegMode::kI32Reg, RegMode::kF32Reg},  // 0xbe F32ReinterpretI32
+    {RegMode::kI64Reg, RegMode::kF64Reg},  // 0xbf F64ReinterpretI64
+
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc0 I32SExtendI8
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc1 I32SExtendI16
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc2 I64SExtendI8
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc3 I64SExtendI16
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc4 I64SExtendI32
+
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc5 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc6 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc7 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc8 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xc9 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xca (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xcb (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xcc (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xcd (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xce (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xcf (reserved)
+
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd0 RefNull - ref
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd1 RefIsNull - ref
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd2 RefFunc - ref
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd3 RefEq - ref
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd4 RefAsNonNull
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd5 BrOnNull
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd6 BrOnNonNull
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd7 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd8 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xd9 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xda (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xdb (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xdc (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xdd (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xde (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xdf (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe0 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe1 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe2 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe3 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe4 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe5 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe6 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe7 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe8 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xe9 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xea (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xeb (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xec (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xed (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xee (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xef (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf0 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf1 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf2 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf3 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf4 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf5 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf6 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf7 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf8 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xf9 (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xfa (reserved)
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xfb - GC prefix
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xfc - Numeric prefix
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xfd - Simd prefix
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xfe - Atomic prefix
+    {RegMode::kNoReg, RegMode::kNoReg},  // 0xff (reserved)
+};
+
+static const size_t kSlotSize = sizeof(int32_t);
+static const ptrdiff_t kCodeOffsetSize = sizeof(int32_t);
+
+enum ExternalCallResult {
+  // The function was executed and returned normally.
+  EXTERNAL_RETURNED,
+  // The function was executed, threw an exception.
+  EXTERNAL_EXCEPTION
+};
+
+struct BranchOnCastData {
+  uint32_t label_depth;
+  uint32_t src_is_null : 1;   //  BrOnCastFlags
+  uint32_t res_is_null : 1;   //  BrOnCastFlags
+  uint32_t target_type : 30;  //  HeapType
+};
+
+struct WasmInstruction {
+  union Optional {
+    uint32_t index;  // global/local/label/memory/table index
+    int32_t i32;
+    int64_t i64;
+    float f32;
+    double f64;
+    uint64_t offset;
+    uint32_t depth;
+    struct IndirectCall {
+      uint32_t table_index;
+      uint32_t sig_index;
+    } indirect_call;
+    struct BrTable {
+      uint32_t table_count;
+      uint32_t labels_index;
+    } br_table;
+    struct Block {
+      uint32_t sig_index;
+      uint32_t value_type_bitfield;  // return type or kVoid if no return type
+                                     // or kBottom if sig_index is valid.
+      constexpr ValueType value_type() const {
+        return ValueType::FromRawBitField(value_type_bitfield);
+      }
+    } block;
+    struct TableInit {
+      uint32_t table_index;
+      uint32_t element_segment_index;
+    } table_init;
+    struct TableCopy {
+      uint32_t dst_table_index;
+      uint32_t src_table_index;
+    } table_copy;
+    uint8_t simd_lane : 4;
+    struct SimdLaneLoad {
+      uint8_t lane : 4;
+      uint8_t : 0;
+      uint64_t offset : 48;
+    } simd_loadstore_lane;
+    struct GC_FieldImmediate {
+      uint32_t struct_index;
+      uint32_t field_index;
+    } gc_field_immediate;
+    struct GC_MemoryImmediate {
+      uint32_t memory_index;
+      uint32_t length;
+    } gc_memory_immediate;
+    struct GC_HeapTypeImmediate {
+      uint32_t length;
+      HeapType::Representation type_representation;
+      constexpr HeapType type() const { return HeapType(type_representation); }
+    } gc_heap_type_immediate;
+    struct GC_ArrayNewFixed {
+      uint32_t array_index;
+      uint32_t length;
+    } gc_array_new_fixed;
+    struct GC_ArrayNewOrInitData {
+      uint32_t array_index;
+      uint32_t data_index;
+    } gc_array_new_or_init_data;
+    struct GC_ArrayCopy {
+      uint32_t dest_array_index;
+      uint32_t src_array_index;
+    } gc_array_copy;
+    BranchOnCastData br_on_cast_data;
+    size_t simd_immediate_index;
+    HeapType::Representation ref_type;
+  };
+
+  WasmInstruction()
+      : orig(0x00), opcode(kExprUnreachable), length(0), pc(0), optional({}) {}
+  WasmInstruction(uint8_t orig, WasmOpcode opcode, int length, uint32_t pc,
+                  Optional optional)
+      : orig(orig),
+        opcode(opcode),
+        length(length),
+        pc(pc),
+        optional(optional) {}
+
+  operator bool() const { return length > 0; }
+
+  RegMode InputRegMode() const { return kRegModes[orig].from; }
+  bool SupportsToRegister() const {
+    return kRegModes[orig].to != RegMode::kNoReg;
+  }
+  uint8_t orig;
+  WasmOpcode opcode;
+  uint32_t length;
+  uint32_t pc;
+  Optional optional;
+};
+
+struct Slot {
+  ValueType value_type;
+  uint32_t slot_offset;
+  uint32_t ref_stack_index;
+
+  constexpr ValueKind kind() const { return value_type.kind(); }
+};
+
+template <typename T>
+INSTRUCTION_HANDLER_FUNC trace_PushSlot(const uint8_t* code, uint32_t* sp,
+                                        WasmInterpreterRuntime* wasm_runtime,
+                                        int64_t r0, double fp0);
+
+template <typename T>
+static inline ValueType value_type() {
+  UNREACHABLE();
+}
+template <>
+inline ValueType value_type<int32_t>() {
+  return kWasmI32;
+}
+template <>
+inline ValueType value_type<uint32_t>() {
+  return kWasmI32;
+}
+template <>
+inline ValueType value_type<int64_t>() {
+  return kWasmI64;
+}
+template <>
+inline ValueType value_type<uint64_t>() {
+  return kWasmI64;
+}
+template <>
+inline ValueType value_type<float>() {
+  return kWasmF32;
+}
+template <>
+inline ValueType value_type<double>() {
+  return kWasmF64;
+}
+template <>
+inline ValueType value_type<Simd128>() {
+  return kWasmS128;
+}
+template <>
+inline ValueType value_type<WasmRef>() {
+  return kWasmAnyRef;  // TODO(paolosev@microsoft.com)
+}
+
+static constexpr uint32_t kInstructionTableSize = 2048;
+static constexpr uint32_t kInstructionTableMask = kInstructionTableSize - 1;
+
+#define DEFINE_INSTR_HANDLER(name) k_##name,
+enum InstructionHandler : uint16_t {
+  FOREACH_INSTR_HANDLER(DEFINE_INSTR_HANDLER)
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+      FOREACH_TRACE_INSTR_HANDLER(DEFINE_INSTR_HANDLER)
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+          kInstructionCount
+};
+#undef DEFINE_INSTR_HANDLER
+
+inline InstructionHandler ReadFnId(const uint8_t*& code) {
+  InstructionHandler result = base::ReadUnalignedValue<InstructionHandler>(
+      reinterpret_cast<Address>(code));
+  code += sizeof(InstructionHandler);
+  return result;
+}
+
+extern PWasmOp* s_unwind_func_addr;
+extern InstructionHandler s_unwind_code;
+
+class WasmEHData {
+ public:
+  static const int kCatchAllTagIndex = -1;
+
+  // Zero is always the id of a function main block, so it cannot identify a
+  // try block.
+  static const int kDelegateToCallerIndex = 0;
+
+  typedef int BlockIndex;
+
+  struct CatchHandler {
+    BlockIndex catch_block_index;
+    int tag_index;
+    CodeOffset code_offset;
+  };
+
+  struct TryBlock {
+    TryBlock(BlockIndex parent_or_matching_try_block,
+             BlockIndex ancestor_try_index)
+        : ancestor_try_index(ancestor_try_index),
+          parent_or_matching_try_block(parent_or_matching_try_block),
+          delegate_try_index(-1),
+          end_instruction_code_offset(0) {}
+
+    void SetDelegated(BlockIndex delegate_try_index) {
+      this->delegate_try_index = delegate_try_index;
+    }
+    bool IsTryDelegate() const { return delegate_try_index >= 0; }
+
+    // The index of the first TryBlock that is a direct ancestor of this
+    // TryBlock.
+    BlockIndex ancestor_try_index;
+
+    // If this TryBlock is contained in a CatchBlock, this is the matching
+    // TryBlock index of the CatchBlock. Otherwise it matches
+    // ancestor_try_index.
+    BlockIndex parent_or_matching_try_block;
+
+    BlockIndex delegate_try_index;
+    std::vector<CatchHandler> catch_handlers;
+    size_t end_instruction_code_offset;
+  };
+
+  struct CatchBlock {
+    BlockIndex try_block_index;
+    uint32_t first_param_slot_offset;
+    uint32_t first_param_ref_stack_index;
+  };
+
+  const TryBlock* GetTryBlock(CodeOffset code_offset) const;
+  const TryBlock* GetParentTryBlock(const TryBlock* try_block) const;
+  const TryBlock* GetDelegateTryBlock(const TryBlock* try_block) const;
+
+  size_t GetEndInstructionOffsetFor(BlockIndex catch_block_index) const;
+
+  struct ExceptionPayloadSlotOffsets {
+    uint32_t first_param_slot_offset;
+    uint32_t first_param_ref_stack_index;
+  };
+  ExceptionPayloadSlotOffsets GetExceptionPayloadStartSlotOffsets(
+      BlockIndex catch_block_index) const;
+
+  void SetCaughtException(Isolate* isolate, BlockIndex catch_block_index,
+                          Handle<Object> exception);
+  Handle<Object> GetCaughtException(Isolate* isolate,
+                                    BlockIndex catch_block_index) const;
+
+ protected:
+  BlockIndex GetTryBranchOf(BlockIndex catch_block_index) const;
+
+  std::unordered_map<CodeOffset, BlockIndex> code_trycatch_map_;
+  std::unordered_map<BlockIndex, TryBlock> try_blocks_;
+  std::unordered_map<BlockIndex, CatchBlock> catch_blocks_;
+};
+
+class WasmEHDataGenerator : public WasmEHData {
+ public:
+  WasmEHDataGenerator() : current_try_block_index_(-1) {}
+
+  void AddTryBlock(BlockIndex try_block_index,
+                   BlockIndex parent_or_matching_try_block_index,
+                   BlockIndex ancestor_try_block_index);
+  void AddCatchBlock(BlockIndex catch_block_index, int tag_index,
+                     uint32_t first_param_slot_offset,
+                     uint32_t first_param_ref_stack_index,
+                     CodeOffset code_offset);
+  void AddDelegatedBlock(BlockIndex delegated_try_block_index);
+  BlockIndex EndTryCatchBlocks(BlockIndex block_index, CodeOffset code_offset);
+  void RecordPotentialExceptionThrowingInstruction(WasmOpcode opcode,
+                                                   CodeOffset code_offset);
+
+  BlockIndex GetCurrentTryBlockIndex() const {
+    return current_try_block_index_;
+  }
+
+ private:
+  BlockIndex current_try_block_index_;
+};
+
+class WasmBytecode {
+ public:
+  WasmBytecode(int func_index, const uint8_t* code_data, size_t code_length,
+               uint32_t stack_frame_size, const FunctionSig* signature,
+               const InterpreterCode* interpreter_code, size_t blocks_count,
+               const uint8_t* const_slots_data, size_t const_slots_length,
+               uint32_t ref_slots_count, const WasmEHData&& eh_data,
+               const std::map<CodeOffset, pc_t>&& code_pc_map);
+
+  inline const uint8_t* GetCode() const { return code_bytes_; }
+  inline size_t GetCodeSize() const { return code_.size(); }
+
+  inline bool InitializeSlots(uint8_t* sp, size_t stack_space) const;
+
+  pc_t GetPcFromTrapCode(const uint8_t* current_code) const;
+
+  inline int GetFunctionIndex() const { return func_index_; }
+
+  inline uint32_t GetBlocksCount() const { return blocks_count_; }
+
+  inline const FunctionSig* GetFunctionSignature() const { return signature_; }
+  inline ValueType return_type(size_t index) const;
+  inline ValueType arg_type(size_t index) const;
+  inline ValueType local_type(size_t index) const;
+
+  inline uint32_t args_count() const { return args_count_; }
+  inline uint32_t args_slots_size() const { return args_slots_size_; }
+  inline uint32_t return_count() const { return return_count_; }
+  inline uint32_t rets_slots_size() const { return rets_slots_size_; }
+  inline uint32_t locals_count() const { return locals_count_; }
+  inline uint32_t locals_slots_size() const { return locals_slots_size_; }
+  inline uint32_t const_slots_size_in_bytes() const {
+    return static_cast<uint32_t>(const_slots_values_.size());
+  }
+
+  inline uint32_t ref_args_count() const { return ref_args_count_; }
+  inline uint32_t ref_rets_count() const { return ref_rets_count_; }
+  inline uint32_t ref_locals_count() const { return ref_locals_count_; }
+  inline uint32_t ref_slots_count() const { return ref_slots_count_; }
+  inline uint32_t internal_ref_slots_count() const {
+    // Ref slots for arguments and return value are allocated by the caller and
+    // not counted in internal_ref_slots_count().
+    return ref_slots_count_ - ref_rets_count_ - ref_args_count_;
+  }
+
+  inline uint32_t frame_size() { return total_frame_size_in_bytes_; }
+
+  static inline uint32_t ArgsSizeInSlots(const FunctionSig* sig);
+  static inline uint32_t RetsSizeInSlots(const FunctionSig* sig);
+  static inline uint32_t RefArgsCount(const FunctionSig* sig);
+  static inline uint32_t RefRetsCount(const FunctionSig* sig);
+  static inline bool ContainsSimd(const FunctionSig* sig);
+  static inline bool HasRefOrSimdArgs(const FunctionSig* sig);
+  static inline uint32_t JSToWasmWrapperPackedArraySize(const FunctionSig* sig);
+  static inline uint32_t RefLocalsCount(const InterpreterCode* wasm_code);
+  static inline uint32_t LocalsSizeInSlots(const InterpreterCode* wasm_code);
+
+  const WasmEHData::TryBlock* GetTryBlock(CodeOffset code_offset) const {
+    return eh_data_.GetTryBlock(code_offset);
+  }
+  const WasmEHData::TryBlock* GetParentTryBlock(
+      const WasmEHData::TryBlock* try_block) const {
+    return eh_data_.GetParentTryBlock(try_block);
+  }
+  WasmEHData::ExceptionPayloadSlotOffsets GetExceptionPayloadStartSlotOffsets(
+      WasmEHData::BlockIndex catch_block_index) const {
+    return eh_data_.GetExceptionPayloadStartSlotOffsets(catch_block_index);
+  }
+  Handle<Object> GetCaughtException(Isolate* isolate,
+                                    uint32_t catch_block_index) const {
+    return eh_data_.GetCaughtException(isolate, catch_block_index);
+  }
+
+ private:
+  std::vector<uint8_t> code_;
+  const uint8_t* code_bytes_;
+  const FunctionSig* signature_;
+  const InterpreterCode* interpreter_code_;
+  std::vector<uint8_t> const_slots_values_;
+
+  int func_index_;
+  uint32_t blocks_count_;
+  uint32_t args_count_;
+  uint32_t args_slots_size_;
+  uint32_t return_count_;
+  uint32_t rets_slots_size_;
+  uint32_t locals_count_;
+  uint32_t locals_slots_size_;
+  uint32_t total_frame_size_in_bytes_;
+  uint32_t ref_args_count_;
+  uint32_t ref_rets_count_;
+  uint32_t ref_locals_count_;
+  uint32_t ref_slots_count_;
+
+  WasmEHData eh_data_;
+
+  // TODO(paolosev@microsoft.com) slow! Use std::unordered_map ?
+  std::map<CodeOffset, pc_t> code_pc_map_;
+};
+
+class WasmBytecodeGenerator {
+ public:
+  WasmBytecodeGenerator(uint32_t function_index, InterpreterCode* wasm_code,
+                        const WasmModule* module);
+
+  std::unique_ptr<WasmBytecode> GenerateBytecode();
+
+ private:
+  struct BlockData {
+    BlockData(WasmOpcode opcode, uint32_t begin_code_offset,
+              int32_t parent_block_index, uint32_t stack_size,
+              WasmInstruction::Optional::Block signature,
+              uint32_t first_block_index, uint32_t rets_slots_count,
+              uint32_t params_slots_count, int32_t parent_try_block_index)
+        : opcode_(opcode),
+          stack_size_(stack_size),
+          begin_code_offset_(begin_code_offset),
+          end_code_offset_(0),
+          parent_block_index_(parent_block_index),
+          if_else_block_index_(-1),
+          signature_(signature),
+          first_block_index_(first_block_index),
+          rets_slots_count_(rets_slots_count),
+          params_slots_count_(params_slots_count),
+          parent_try_block_index_(parent_try_block_index),
+          is_unreachable_(false) {}
+
+    bool IsRootBlock() const { return parent_block_index_ < 0; }
+    bool IsBlock() const { return opcode_ == kExprBlock; }
+    bool IsLoop() const { return opcode_ == kExprLoop; }
+    bool IsIf() const { return opcode_ == kExprIf; }
+    bool IsElse() const { return opcode_ == kExprElse; }
+    bool HasElseBranch() const { return if_else_block_index_ > 0; }
+    bool IsTry() const { return opcode_ == kExprTry; }
+    bool IsCatch() const { return opcode_ == kExprCatch; }
+    bool IsCatchAll() const { return opcode_ == kExprCatchAll; }
+
+    void SaveParams(uint32_t* from, size_t params_count) {
+      DCHECK(IsIf());
+      if_block_params_ = base::SmallVector<uint32_t, 4>(params_count);
+      for (size_t i = 0; i < params_count; i++) {
+        if_block_params_[i] = from[i];
+      }
+    }
+    uint32_t GetParam(size_t index) const {
+      DCHECK(IsIf());
+      DCHECK_LE(index, if_block_params_.size());
+      return if_block_params_[index];
+    }
+
+    WasmOpcode opcode_;
+    uint32_t stack_size_;
+    uint32_t begin_code_offset_;
+    uint32_t end_code_offset_;
+    int32_t parent_block_index_;
+    int32_t if_else_block_index_;
+    base::SmallVector<uint32_t, 4> branch_code_offsets_;
+    WasmInstruction::Optional::Block signature_;
+    uint32_t first_block_index_;
+    uint32_t rets_slots_count_;
+    uint32_t params_slots_count_;
+    int32_t parent_try_block_index_;
+    bool is_unreachable_;
+    base::SmallVector<uint32_t, 4> if_block_params_;
+  };
+
+  uint32_t const_slots_start() const {
+    return rets_slots_size_ + args_slots_size_;
+  }
+
+  inline uint32_t GetStackFrameSize() const { return slot_offset_; }
+
+  uint32_t CurrentCodePos() const {
+    return static_cast<uint32_t>(code_.size());
+  }
+
+  WasmInstruction DecodeInstruction(pc_t pc, Decoder& decoder);
+  void DecodeGCOp(WasmOpcode opcode, WasmInstruction::Optional* optional,
+                  Decoder* decoder, InterpreterCode* code, pc_t pc,
+                  int* const len);
+  void DecodeNumericOp(WasmOpcode opcode, WasmInstruction::Optional* optional,
+                       Decoder* decoder, InterpreterCode* code, pc_t pc,
+                       int* const len);
+  void DecodeAtomicOp(WasmOpcode opcode, WasmInstruction::Optional* optional,
+                      Decoder* decoder, InterpreterCode* code, pc_t pc,
+                      int* const len);
+  bool DecodeSimdOp(WasmOpcode opcode, WasmInstruction::Optional* optional,
+                    Decoder* decoder, InterpreterCode* code, pc_t pc,
+                    int* const len);
+
+  inline bool ToRegisterIsAllowed(const WasmInstruction& instr);
+  RegMode EncodeInstruction(const WasmInstruction& instr, RegMode curr_reg_mode,
+                            RegMode next_reg_mode);
+
+  bool EncodeSuperInstruction(RegMode& reg_mode,
+                              const WasmInstruction& curr_instr,
+                              const WasmInstruction& next_instr);
+
+  uint32_t ScanConstInstructions() const;
+
+  void Emit(const void* buff, size_t len) {
+    code_.insert(code_.end(), static_cast<const uint8_t*>(buff),
+                 static_cast<const uint8_t*>(buff) + len);
+  }
+
+  inline void I32Push(bool emit = true);
+  inline void I64Push(bool emit = true);
+  inline void F32Push(bool emit = true);
+  inline void F64Push(bool emit = true);
+  inline void S128Push(bool emit = true);
+  inline void RefPush(ValueType type, bool emit = true);
+  inline void Push(ValueType type);
+
+  inline void I32Pop(bool emit = true) { Pop(kI32, emit); }
+  inline void I64Pop(bool emit = true) { Pop(kI64, emit); }
+  inline void F32Pop(bool emit = true) { Pop(kF32, emit); }
+  inline void F64Pop(bool emit = true) { Pop(kF64, emit); }
+  inline void S128Pop(bool emit = true) { Pop(kS128, emit); }
+
+  inline ValueType RefPop(bool emit = true) {
+    DCHECK(wasm::is_reference(slots_[stack_.back()].kind()));
+    uint32_t ref_index = slots_[stack_.back()].ref_stack_index;
+    ValueType value_type = slots_[stack_.back()].value_type;
+    DCHECK(value_type.is_object_reference());
+    PopSlot();
+    if (emit) Emit(&ref_index, sizeof(uint32_t));
+    return value_type;
+  }
+
+#ifdef DEBUG
+  bool CheckEqualKind(ValueKind value_kind, ValueKind stack_slot_kind) {
+    if (is_reference(value_kind)) {
+      return is_reference(stack_slot_kind);
+    } else if (value_kind == kI8 || value_kind == kI16) {
+      return stack_slot_kind == kI32;
+    } else {
+      return value_kind == stack_slot_kind;
+    }
+  }
+#endif  // DEBUG
+
+  inline void Pop(ValueKind kind, bool emit = true) {
+    if (kind == kRefNull || kind == kRef) {
+      RefPop(emit);
+      return;
+    }
+    DCHECK(CheckEqualKind(kind, slots_[stack_.back()].kind()));
+    uint32_t slot_offset = PopSlot();
+    if (emit) Emit(&slot_offset, sizeof(uint32_t));
+  }
+
+  void EmitI16Const(int16_t value) { Emit(&value, sizeof(value)); }
+  void EmitI32Const(int32_t value) { Emit(&value, sizeof(value)); }
+  void EmitI64Const(int64_t value) { Emit(&value, sizeof(value)); }
+  void EmitF32Const(float value) { Emit(&value, sizeof(value)); }
+  void EmitF64Const(double value) { Emit(&value, sizeof(value)); }
+
+  inline void EmitFnId(InstructionHandler func, uint32_t pc = UINT_MAX) {
+    // If possible, compacts two consecutive CopySlot32 or CopySlot64
+    // instructions into a single instruction, to save one dispatch.
+    if (TryCompactInstructionHandler(func)) return;
+
+    if (pc != UINT_MAX) {
+      code_pc_map_[code_.size()] = pc;
+    }
+
+    last_instr_offset_ = CurrentCodePos();
+
+    Emit(&func, sizeof(func));
+  }
+
+  void EmitCopySlot(ValueType value_type, uint32_t from_slot_index,
+                    uint32_t to_slot_index, bool copy_from_reg = false);
+
+  inline bool IsMemory64() const;
+  inline bool IsMultiMemory() const;
+
+  inline ValueKind GetGlobalType(uint32_t index) const;
+  inline void EmitGlobalIndex(uint32_t index);
+
+  uint32_t ReserveBlockSlots(uint8_t opcode,
+                             const WasmInstruction::Optional::Block& block_data,
+                             size_t* rets_slots_count,
+                             size_t* params_slots_count);
+  void StoreBlockParamsIntoSlots(uint32_t target_block_index,
+                                 bool update_stack);
+  void StoreBlockParamsAndResultsIntoSlots(uint32_t target_block_index,
+                                           WasmOpcode opcode);
+
+  inline bool HasVoidSignature(
+      const WasmBytecodeGenerator::BlockData& block_data) const;
+  inline uint32_t ParamsCount(
+      const WasmBytecodeGenerator::BlockData& block_data) const;
+  inline ValueType GetParamType(
+      const WasmBytecodeGenerator::BlockData& block_data, size_t index) const;
+  inline uint32_t ReturnsCount(
+      const WasmBytecodeGenerator::BlockData& block_data) const;
+  inline ValueType GetReturnType(
+      const WasmBytecodeGenerator::BlockData& block_data, size_t index) const;
+
+  void PreserveArgsAndLocals();
+
+  int32_t BeginBlock(WasmOpcode opcode,
+                     const WasmInstruction::Optional::Block signature);
+  inline void BeginElseBlock(uint32_t if_block_index, bool dummy);
+  int32_t EndBlock(WasmOpcode opcode);
+
+  void Return();
+  inline void EmitBranchOffset(uint32_t delta);
+  inline void EmitIfElseBranchOffset();
+  inline void EmitTryCatchBranchOffset();
+  inline void EmitBranchTableOffset(uint32_t delta, uint32_t code_pos);
+  inline uint32_t GetCurrentBranchDepth() const;
+  inline int32_t GetTargetBranch(uint32_t delta) const;
+  int GetCurrentTryBlockIndex(bool return_matching_try_for_catch_blocks) const;
+  void PatchBranchOffsets();
+  void PatchLoopJumpInstructions();
+  void RestoreIfElseParams(uint32_t if_block_index);
+
+  bool HasSharedSlot(uint32_t stack_index) const;
+  bool FindSharedSlot(uint32_t stack_index, uint32_t* new_slot_index);
+
+  inline const FunctionSig* GetFunctionSignature(uint32_t function_index) const;
+
+  inline ValueKind GetTopStackType(RegMode reg_mode) const;
+
+  inline uint32_t function_index() const { return function_index_; }
+
+  std::vector<Slot> slots_;
+
+  inline uint32_t CreateSlot(ValueType value_type) {
+    switch (value_type.kind()) {
+      case kI32:
+        return CreateSlot<int32_t>(value_type);
+      case kI64:
+        return CreateSlot<int64_t>(value_type);
+      case kF32:
+        return CreateSlot<float>(value_type);
+      case kF64:
+        return CreateSlot<double>(value_type);
+      case kS128:
+        return CreateSlot<Simd128>(value_type);
+      case kRef:
+      case kRefNull:
+        return CreateSlot<WasmRef>(value_type);
+      default:
+        UNREACHABLE();
+    }
+  }
+
+  template <typename T>
+  inline uint32_t CreateSlot(ValueType value_type) {
+    // A gcc bug causes "error: explicit specialization in non-namespace scope"
+    // with explicit specializations here:
+    // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85282
+    if constexpr (std::is_same_v<T, WasmRef>) {
+      return CreateWasmRefSlot(value_type);
+    }
+    uint32_t slot_index = static_cast<uint32_t>(slots_.size());
+    slots_.push_back({value_type, slot_offset_, 0});
+    slot_offset_ += sizeof(T) / kSlotSize;
+    return slot_index;
+  }
+  inline uint32_t CreateWasmRefSlot(ValueType value_type) {
+    uint32_t slot_index = static_cast<uint32_t>(slots_.size());
+    slots_.push_back({value_type, slot_offset_, ref_slots_count_});
+    slot_offset_ += sizeof(WasmRef) / kSlotSize;
+    ref_slots_count_++;
+    return slot_index;
+  }
+
+  template <typename T>
+  inline uint32_t GetConstSlot(T value) {
+    if constexpr (std::is_same_v<T, int32_t>) {
+      return GetI32ConstSlot(value);
+    }
+    if constexpr (std::is_same_v<T, int64_t>) {
+      return GetI64ConstSlot(value);
+    }
+    if constexpr (std::is_same_v<T, float>) {
+      return GetF32ConstSlot(value);
+    }
+    if constexpr (std::is_same_v<T, double>) {
+      return GetF64ConstSlot(value);
+    }
+    if constexpr (std::is_same_v<T, Simd128>) {
+      return GetS128ConstSlot(value);
+    }
+    UNREACHABLE();
+  }
+  inline uint32_t GetI32ConstSlot(int32_t value) {
+    auto it = i32_const_cache_.find(value);
+    if (it != i32_const_cache_.end()) {
+      return it->second;
+    }
+    return UINT_MAX;
+  }
+  inline uint32_t GetI64ConstSlot(int64_t value) {
+    auto it = i64_const_cache_.find(value);
+    if (it != i64_const_cache_.end()) {
+      return it->second;
+    }
+    return UINT_MAX;
+  }
+  inline uint32_t GetF32ConstSlot(float value) {
+    auto it = f32_const_cache_.find(value);
+    if (it != f32_const_cache_.end()) {
+      return it->second;
+    }
+    return UINT_MAX;
+  }
+  inline uint32_t GetF64ConstSlot(double value) {
+    auto it = f64_const_cache_.find(value);
+    if (it != f64_const_cache_.end()) {
+      return it->second;
+    }
+    return UINT_MAX;
+  }
+  inline uint32_t GetS128ConstSlot(Simd128 value) {
+    auto it = s128_const_cache_.find(reinterpret_cast<Simd128&>(value));
+    if (it != s128_const_cache_.end()) {
+      return it->second;
+    }
+    return UINT_MAX;
+  }
+
+  template <typename T>
+  inline uint32_t CreateConstSlot(T value) {
+    if constexpr (std::is_same_v<T, WasmRef>) {
+      UNREACHABLE();
+    }
+    uint32_t slot_index = GetConstSlot(value);
+    if (slot_index == UINT_MAX) {
+      uint32_t offset = const_slot_offset_ * sizeof(uint32_t);
+      DCHECK_LE(offset + sizeof(T), const_slots_values_.size());
+
+      slot_index = static_cast<uint32_t>(slots_.size());
+      slots_.push_back(
+          {value_type<T>(), const_slots_start() + const_slot_offset_, 0});
+      base::WriteUnalignedValue<T>(
+          reinterpret_cast<Address>(const_slots_values_.data() + offset),
+          value);
+      const_slot_offset_ += sizeof(T) / kSlotSize;
+    }
+    return slot_index;
+  }
+
+  template <typename T>
+  inline uint32_t PushConstSlot(T value) {
+    uint32_t new_slot_index = CreateConstSlot(value);
+    PushConstSlot(new_slot_index);
+    return new_slot_index;
+  }
+  inline void PushConstSlot(uint32_t slot_index);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  void TracePushConstSlot(uint32_t slot_index);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  inline void PushSlot(uint32_t slot_index) {
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_bytecode_generator &&
+        v8_flags.trace_drumbrake_execution_verbose) {
+      printf("    push - slot[%d] = %d\n", stack_size(), slot_index);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+    stack_.push_back(slot_index);
+  }
+
+  inline uint32_t _PushSlot(ValueType value_type) {
+    PushSlot(static_cast<uint32_t>(slots_.size()));
+    return CreateSlot(value_type);
+  }
+
+  inline void PushCopySlot(uint32_t from);
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  void TracePushCopySlot(uint32_t from);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  inline uint32_t PopSlot() {
+    // TODO(paolosev@microsoft.com) - We should try to mark as 'invalid' and
+    // later reuse slots in the stack once we are sure they won't be referred
+    // again, which should be the case once a slot is popped. This could make
+    // the stack frame size smaller, especially for large Wasm functions.
+    uint32_t slot_offset = slots_[stack_.back()].slot_offset;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    if (v8_flags.trace_drumbrake_bytecode_generator &&
+        v8_flags.trace_drumbrake_execution_verbose) {
+      printf("    pop  - slot[%d] = %d\n", stack_size() - 1, stack_.back());
+    }
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+    stack_.pop_back();
+    return slot_offset;
+  }
+
+  void CopyToSlot(ValueType value_type, uint32_t from_slot_index,
+                  uint32_t to_stack_index, bool copy_from_reg);
+  void CopyToSlotAndPop(ValueType value_type, uint32_t to, bool is_tee,
+                        bool copy_from_reg);
+
+  inline void SetSlotType(uint32_t stack_index, ValueType type) {
+    DCHECK_LT(stack_index, stack_.size());
+
+    uint32_t slot_index = stack_[stack_index];
+    slots_[slot_index].value_type = type;
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+    TraceSetSlotType(stack_index, type);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+  }
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+  void TraceSetSlotType(uint32_t stack_index, ValueType typo);
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+  inline void UpdateStack(uint32_t index, uint32_t slot_index) {
+    DCHECK_LT(index, stack_.size());
+    stack_[index] = slot_index;
+  }
+  inline void UpdateStack(uint32_t index, uint32_t slot_index,
+                          ValueType value_type) {
+    DCHECK_LT(index, stack_.size());
+    stack_[index] = slot_index;
+    SetSlotType(index, value_type);
+  }
+
+  inline uint32_t stack_top_index() const {
+    DCHECK(!stack_.empty());
+    return static_cast<uint32_t>(stack_.size() - 1);
+  }
+  inline uint32_t stack_size() const {
+    return static_cast<uint32_t>(stack_.size());
+  }
+
+  inline void SetUnreachableMode() {
+    is_instruction_reachable_ = false;
+    unreachable_block_count_ = 1;
+
+    CHECK_GE(current_block_index_, 0);
+    blocks_[current_block_index_].is_unreachable_ = true;
+  }
+
+  // Create slots for arguments and generates run-time commands to initialize
+  // their values.
+  void InitSlotsForFunctionArgs(const FunctionSig* sig, bool is_indirect_call);
+
+  bool TryCompactInstructionHandler(InstructionHandler func_addr);
+
+  bool TypeCheckAlwaysSucceeds(ValueType obj_type, HeapType type) const;
+  bool TypeCheckAlwaysFails(ValueType obj_type, HeapType expected_type,
+                            bool null_succeeds) const;
+
+  std::vector<uint8_t> const_slots_values_;
+  uint32_t const_slot_offset_;
+  std::unordered_map<int32_t, uint32_t> i32_const_cache_;
+  std::unordered_map<int64_t, uint32_t> i64_const_cache_;
+  std::unordered_map<float, uint32_t> f32_const_cache_;
+  std::unordered_map<double, uint32_t> f64_const_cache_;
+
+  struct Simd128Hash {
+    size_t operator()(const Simd128& s128) const;
+  };
+  std::unordered_map<Simd128, uint32_t, Simd128Hash> s128_const_cache_;
+
+  std::vector<Simd128> simd_immediates_;
+  uint32_t slot_offset_;  // TODO(paolosev@microsoft.com): manage holes
+  std::vector<uint32_t> stack_;
+  uint32_t ref_slots_count_;
+
+  uint32_t function_index_;
+  InterpreterCode* wasm_code_;
+  uint32_t args_count_;
+  uint32_t args_slots_size_;
+  uint32_t return_count_;
+  uint32_t rets_slots_size_;
+  uint32_t locals_count_;
+
+  std::vector<uint8_t> code_;
+
+  std::vector<BlockData> blocks_;
+  int32_t current_block_index_;
+
+  bool is_instruction_reachable_;
+  uint32_t unreachable_block_count_;
+#ifdef DEBUG
+  bool was_current_instruction_reachable_;
+#endif  // DEBUG
+
+  base::SmallVector<uint32_t, 8> br_table_labels_;
+  base::SmallVector<uint32_t, 16> loop_end_code_offsets_;
+
+  const WasmModule* module_;
+
+  // TODO(paolosev@microsoft.com) - Using a map is relatively slow because of
+  // all the insertions that cause a ~10% performance hit in the generation of
+  // the interpreter bytecode. The bytecode generation time is not a huge factor
+  // when we run in purely jitless mode, because it is almost always dwarfed by
+  // the interpreter execution time. It could be an important factor, however,
+  // if we implemented a multi-tier strategy with the interpreter as a first
+  // tier. It would probably be better to replace this with a plain vector and
+  // use binary search for lookups.
+  std::map<CodeOffset, pc_t> code_pc_map_;
+
+  static const CodeOffset kInvalidCodeOffset = (CodeOffset)-1;
+  CodeOffset last_instr_offset_;
+
+  WasmEHDataGenerator eh_data_;
+
+  WasmBytecodeGenerator(const WasmBytecodeGenerator&) = delete;
+  WasmBytecodeGenerator& operator=(const WasmBytecodeGenerator&) = delete;
+};
+
+// TODO(paolosev@microsoft.com) Duplicated from src/runtime/runtime-wasm.cc
+class V8_NODISCARD ClearThreadInWasmScope {
+ public:
+  explicit ClearThreadInWasmScope(Isolate* isolate);
+  ~ClearThreadInWasmScope();
+
+ private:
+  Isolate* isolate_;
+};
+
+#ifdef V8_ENABLE_DRUMBRAKE_TRACING
+class InterpreterTracer final : public Malloced {
+ public:
+  explicit InterpreterTracer(int isolate_id)
+      : isolate_id_(isolate_id),
+        file_(nullptr),
+        current_chunk_index_(0),
+        write_count_(0) {
+    if (0 != strcmp(v8_flags.trace_drumbrake_filter.value(), "*")) {
+      std::stringstream s(v8_flags.trace_drumbrake_filter.value());
+      for (int i; s >> i;) {
+        traced_functions_.insert(i);
+        if (s.peek() == ',') s.ignore();
+      }
+    }
+
+    OpenFile();
+  }
+
+  ~InterpreterTracer() { CloseFile(); }
+
+  void OpenFile() {
+    if (!ShouldRedirect()) {
+      file_ = stdout;
+      return;
+    }
+
+    if (isolate_id_ >= 0) {
+      base::SNPrintF(filename_, "trace-%d-%d-%d.dbt",
+                     base::OS::GetCurrentProcessId(), isolate_id_,
+                     current_chunk_index_);
+    } else {
+      base::SNPrintF(filename_, "trace-%d-%d.dbt",
+                     base::OS::GetCurrentProcessId(), current_chunk_index_);
+    }
+    WriteChars(filename_.begin(), "", 0, false);
+
+    if (file_ == nullptr) {
+      file_ = base::OS::FOpen(filename_.begin(), "w");
+      CHECK_WITH_MSG(file_ != nullptr, "could not open file.");
+    }
+  }
+
+  void CloseFile() {
+    if (!ShouldRedirect()) {
+      return;
+    }
+
+    DCHECK_NOT_NULL(file_);
+    base::Fclose(file_);
+    file_ = nullptr;
+  }
+
+  bool ShouldTraceFunction(int function_index) const {
+    return traced_functions_.empty() ||
+           traced_functions_.find(function_index) != traced_functions_.end();
+  }
+
+  void PrintF(const char* format, ...);
+
+  void CheckFileSize() {
+    if (!ShouldRedirect()) {
+      return;
+    }
+
+    ::fflush(file_);
+    if (++write_count_ >= kWriteCountCheckInterval) {
+      write_count_ = 0;
+      ::fseek(file_, 0L, SEEK_END);
+      if (::ftell(file_) > kMaxFileSize) {
+        CloseFile();
+        current_chunk_index_ = (current_chunk_index_ + 1) % kFileChunksCount;
+        OpenFile();
+      }
+    }
+  }
+
+  FILE* file() const { return file_; }
+
+ private:
+  static bool ShouldRedirect() { return v8_flags.redirect_drumbrake_traces; }
+
+  int isolate_id_;
+  base::EmbeddedVector<char, 128> filename_;
+  FILE* file_;
+  std::unordered_set<int> traced_functions_;
+  int current_chunk_index_;
+  int64_t write_count_;
+
+  static const int64_t kWriteCountCheckInterval = 1000;
+  static const int kFileChunksCount = 10;
+  static const int64_t kMaxFileSize = 100 * MB;
+};
+
+class ShadowStack {
+ public:
+  void TracePop() { stack_.pop_back(); }
+
+  void TraceSetSlotType(uint32_t index, uint32_t type) {
+    if (stack_.size() <= index) stack_.resize(index + 1);
+    stack_[index].type_ = ValueType::FromRawBitField(type);
+  }
+
+  template <typename T>
+  void TracePush(uint32_t slot_offset) {
+    stack_.push_back({value_type<T>(), slot_offset});
+  }
+
+  void TracePushCopy(uint32_t index) { stack_.push_back(stack_[index]); }
+
+  void TraceUpdate(uint32_t stack_index, uint32_t slot_offset) {
+    if (stack_.size() <= stack_index) stack_.resize(stack_index + 1);
+    stack_[stack_index].slot_offset_ = slot_offset;
+  }
+
+  void Print(WasmInterpreterRuntime* wasm_runtime, const uint32_t* sp,
+             size_t start_params, size_t start_locals, size_t start_stack,
+             RegMode reg_mode, int64_t r0, double fp0) const;
+
+  struct Slot {
+    static void Print(WasmInterpreterRuntime* wasm_runtime, ValueType type,
+                      size_t index, char kind, const uint8_t* addr);
+    void Print(WasmInterpreterRuntime* wasm_runtime, size_t index, char kind,
+               const uint8_t* addr) const {
+      return Print(wasm_runtime, type_, index, kind, addr);
+    }
+
+    ValueType type_;
+    uint32_t slot_offset_;
+  };
+
+ private:
+  std::vector<Slot> stack_;
+};
+#endif  // V8_ENABLE_DRUMBRAKE_TRACING
+
+}  // namespace wasm
+}  // namespace internal
+}  // namespace v8
+
+#endif  // V8_WASM_INTERPRETER_WASM_INTERPRETER_H_
diff --git a/deps/v8/src/wasm/interpreter/x64/interpreter-builtins-x64.cc b/deps/v8/src/wasm/interpreter/x64/interpreter-builtins-x64.cc
new file mode 100644
index 00000000000000..869ac8cd4e4d5e
--- /dev/null
+++ b/deps/v8/src/wasm/interpreter/x64/interpreter-builtins-x64.cc
@@ -0,0 +1,2997 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/codegen/code-factory.h"
+#include "src/codegen/macro-assembler.h"
+#include "src/codegen/signature.h"
+#include "src/execution/frame-constants.h"
+#include "src/execution/isolate.h"
+
+#if V8_ENABLE_WEBASSEMBLY
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#include "src/wasm/object-access.h"
+#include "src/wasm/wasm-objects.h"
+#endif  // V8_ENABLE_WEBASSEMBLY
+
+namespace v8 {
+namespace internal {
+
+#define __ ACCESS_MASM(masm)
+
+#if V8_ENABLE_WEBASSEMBLY
+
+namespace {
+// Helper functions for the GenericJSToWasmInterpreterWrapper.
+
+void PrepareForJsToWasmConversionBuiltinCall(
+    MacroAssembler* masm, Register array_start, Register param_count,
+    Register current_param_slot, Register valuetypes_array_ptr,
+    Register wasm_instance, Register function_data) {
+  __ movq(
+      MemOperand(
+          rbp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset),
+      Immediate(2));
+
+  // Pushes and puts the values in order onto the stack before builtin calls for
+  // the GenericJSToWasmInterpreterWrapper.
+  __ pushq(array_start);
+  __ pushq(param_count);
+  __ pushq(current_param_slot);
+  __ pushq(valuetypes_array_ptr);
+  // The following two slots contain tagged objects that need to be visited
+  // during GC.
+  __ pushq(wasm_instance);
+  __ pushq(function_data);
+  // We had to prepare the parameters for the Call: we have to put the context
+  // into rsi.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag, kScratchRegister);
+  __ LoadTaggedField(
+      rsi, MemOperand(wasm_trusted_instance,
+                      wasm::ObjectAccess::ToTagged(
+                          WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterJsToWasmConversionBuiltinCall(
+    MacroAssembler* masm, Register function_data, Register wasm_instance,
+    Register valuetypes_array_ptr, Register current_param_slot,
+    Register param_count, Register array_start) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ popq(function_data);
+  __ popq(wasm_instance);
+  __ popq(valuetypes_array_ptr);
+  __ popq(current_param_slot);
+  __ popq(param_count);
+  __ popq(array_start);
+
+  __ movq(
+      MemOperand(
+          rbp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset),
+      Immediate(0));
+}
+
+void PrepareForBuiltinCall(MacroAssembler* masm, Register array_start,
+                           Register return_count, Register wasm_instance) {
+  // Pushes and puts the values in order onto the stack before builtin calls for
+  // the GenericJSToWasmInterpreterWrapper.
+  __ movq(
+      MemOperand(
+          rbp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset),
+      Immediate(1));
+
+  __ pushq(array_start);
+  __ pushq(return_count);
+  // The following slot contains a tagged object that need to be visited during
+  // GC.
+  __ pushq(wasm_instance);
+  // We had to prepare the parameters for the Call: we have to put the context
+  // into rsi.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag, kScratchRegister);
+  __ LoadTaggedField(
+      rsi, MemOperand(wasm_trusted_instance,
+                      wasm::ObjectAccess::ToTagged(
+                          WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterBuiltinCall(MacroAssembler* masm, Register wasm_instance,
+                             Register return_count, Register array_start) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ popq(wasm_instance);
+  __ popq(return_count);
+  __ popq(array_start);
+}
+
+void PrepareForWasmToJsConversionBuiltinCall(
+    MacroAssembler* masm, Register return_count, Register result_index,
+    Register current_return_slot, Register valuetypes_array_ptr,
+    Register wasm_instance, Register fixed_array, Register jsarray) {
+  __ movq(
+      MemOperand(
+          rbp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset),
+      Immediate(3));
+
+  // Pushes and puts the values in order onto the stack before builtin calls
+  // for the GenericJSToWasmInterpreterWrapper.
+  __ pushq(return_count);
+  __ pushq(result_index);
+  __ pushq(current_return_slot);
+  __ pushq(valuetypes_array_ptr);
+  // The following three slots contain tagged objects that need to be visited
+  // during GC.
+  __ pushq(wasm_instance);
+  __ pushq(fixed_array);
+  __ pushq(jsarray);
+  // Put the context into rsi.
+  Register wasm_trusted_instance = wasm_instance;
+  __ LoadTrustedPointerField(
+      wasm_trusted_instance,
+      FieldMemOperand(wasm_instance, WasmInstanceObject::kTrustedDataOffset),
+      kWasmTrustedInstanceDataIndirectPointerTag, kScratchRegister);
+  __ LoadTaggedField(
+      rsi, MemOperand(wasm_trusted_instance,
+                      wasm::ObjectAccess::ToTagged(
+                          WasmTrustedInstanceData::kNativeContextOffset)));
+}
+
+void RestoreAfterWasmToJsConversionBuiltinCall(
+    MacroAssembler* masm, Register jsarray, Register fixed_array,
+    Register wasm_instance, Register valuetypes_array_ptr,
+    Register current_return_slot, Register result_index,
+    Register return_count) {
+  // Pop and load values from the stack in order into the registers after
+  // builtin calls for the GenericJSToWasmInterpreterWrapper.
+  __ popq(jsarray);
+  __ popq(fixed_array);
+  __ popq(wasm_instance);
+  __ popq(valuetypes_array_ptr);
+  __ popq(current_return_slot);
+  __ popq(result_index);
+  __ popq(return_count);
+}
+
+}  // namespace
+
+void Builtins::Generate_WasmInterpreterEntry(MacroAssembler* masm) {
+  Register wasm_instance = rsi;
+  Register function_index = r12;
+  Register array_start = r15;
+
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::WASM_INTERPRETER_ENTRY);
+
+  __ pushq(wasm_instance);
+  __ pushq(function_index);
+  __ pushq(array_start);
+  __ Move(wasm_instance, 0);
+  __ CallRuntime(Runtime::kWasmRunInterpreter, 3);
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::WASM_INTERPRETER_ENTRY);
+  __ ret(0);
+}
+
+void LoadFunctionDataAndWasmInstance(MacroAssembler* masm,
+                                     Register function_data,
+                                     Register wasm_instance) {
+  Register closure = function_data;
+  Register shared_function_info = closure;
+  __ LoadTaggedField(
+      shared_function_info,
+      MemOperand(
+          closure,
+          wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
+  closure = no_reg;
+  __ LoadTrustedPointerField(
+      function_data,
+      FieldOperand(shared_function_info,
+                   SharedFunctionInfo::kTrustedFunctionDataOffset),
+      kUnknownIndirectPointerTag, kScratchRegister);
+  shared_function_info = no_reg;
+
+  Register trusted_instance_data = wasm_instance;
+#if V8_ENABLE_SANDBOX
+  __ DecompressProtected(
+      trusted_instance_data,
+      MemOperand(function_data,
+                 WasmExportedFunctionData::kProtectedInstanceDataOffset -
+                     kHeapObjectTag));
+#else
+  __ LoadTaggedField(
+      trusted_instance_data,
+      MemOperand(function_data,
+                 WasmExportedFunctionData::kProtectedInstanceDataOffset -
+                     kHeapObjectTag));
+#endif
+  __ LoadTaggedField(wasm_instance,
+                     MemOperand(trusted_instance_data,
+                                WasmTrustedInstanceData::kInstanceObjectOffset -
+                                    kHeapObjectTag));
+}
+
+void LoadFromSignature(MacroAssembler* masm, Register valuetypes_array_ptr,
+                       Register return_count, Register param_count) {
+  Register signature = valuetypes_array_ptr;
+  __ movq(return_count,
+          MemOperand(signature, wasm::FunctionSig::kReturnCountOffset));
+  __ movq(param_count,
+          MemOperand(signature, wasm::FunctionSig::kParameterCountOffset));
+  valuetypes_array_ptr = signature;
+  __ movq(valuetypes_array_ptr,
+          MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+}
+
+void LoadValueTypesArray(MacroAssembler* masm, Register function_data,
+                         Register valuetypes_array_ptr, Register return_count,
+                         Register param_count, Register signature_data) {
+  __ LoadTaggedField(
+      signature_data,
+      FieldOperand(function_data,
+                   WasmExportedFunctionData::kPackedArgsSizeOffset));
+  __ SmiToInt32(signature_data);
+
+  Register signature = valuetypes_array_ptr;
+  __ movq(signature,
+          MemOperand(function_data,
+                     WasmExportedFunctionData::kSigOffset - kHeapObjectTag));
+  LoadFromSignature(masm, valuetypes_array_ptr, return_count, param_count);
+}
+
+// TODO(paolosev@microsoft.com): this should be converted into a Torque builtin,
+// like it was done for GenericJSToWasmWrapper.
+void Builtins::Generate_GenericJSToWasmInterpreterWrapper(
+    MacroAssembler* masm) {
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::JS_TO_WASM);
+
+  // -------------------------------------------
+  // Compute offsets and prepare for GC.
+  // -------------------------------------------
+  // GenericJSToWasmInterpreterWrapperFrame:
+  // rbp-N     Args/retvals array for Wasm call
+  // ...       ...
+  // rbp-0x50  SignatureData (== rbp-N)
+  // rbp-0x48  CurrentIndex
+  // rbp-0x40  ArgRetsIsArgs
+  // rbp-0x38  ArgRetsAddress
+  // rbp-0x30  ValueTypesArray
+  // rbp-0x28  ReturnCount
+  // rbp-0x20  ParamCount
+  // rbp-0x18  InParamCount
+  // rbp-0x10  GCScanSlotCount
+  // rbp-0x08  Marker(StackFrame::JS_TO_WASM)
+  // rbp       Old RBP
+  // rbp+0x08  return address
+  // rbp+0x10  receiver
+  // rpb+0x18  arg
+
+  constexpr int kMarkerOffset =
+      BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset +
+      kSystemPointerSize;
+  // The number of parameters passed to this function.
+  constexpr int kInParamCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset -
+      kSystemPointerSize;
+  // The number of parameters according to the signature.
+  constexpr int kParamCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kParamCountOffset;
+  constexpr int kReturnCountOffset =
+      BuiltinWasmInterpreterWrapperConstants::kReturnCountOffset;
+  constexpr int kValueTypesArrayStartOffset =
+      BuiltinWasmInterpreterWrapperConstants::kValueTypesArrayStartOffset;
+  // Array for arguments and return values. They will be scanned by GC.
+  constexpr int kArgRetsAddressOffset =
+      BuiltinWasmInterpreterWrapperConstants::kArgRetsAddressOffset;
+  // Arg/Return arrays use the same stack address. So, we should keep a flag
+  // whether we are using the array for args or returns. (1 = Args, 0 = Rets)
+  constexpr int kArgRetsIsArgsOffset =
+      BuiltinWasmInterpreterWrapperConstants::kArgRetsIsArgsOffset;
+  // The index of the argument being converted.
+  constexpr int kCurrentIndexOffset =
+      BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset;
+  // Precomputed signature data, a uint32_t with the format:
+  // bit 0-14: PackedArgsSize
+  // bit 15:   HasRefArgs
+  // bit 16:   HasRefRets
+  constexpr int kSignatureDataOffset =
+      BuiltinWasmInterpreterWrapperConstants::kSignatureDataOffset;
+  // We set and use this slot only when moving parameters into the parameter
+  // registers (so no GC scan is needed).
+  constexpr int kNumSpillSlots =
+      (kMarkerOffset - kSignatureDataOffset) / kSystemPointerSize;
+  __ subq(rsp, Immediate(kNumSpillSlots * kSystemPointerSize));
+  // Put the in_parameter count on the stack, we only need it at the very end
+  // when we pop the parameters off the stack.
+  Register in_param_count = rax;
+  __ decq(in_param_count);
+  __ movq(MemOperand(rbp, kInParamCountOffset), in_param_count);
+  in_param_count = no_reg;
+
+  // -------------------------------------------
+  // Load the Wasm exported function data and the Wasm instance.
+  // -------------------------------------------
+  Register function_data = rdi;
+  Register wasm_instance = kWasmInstanceRegister;  // rsi
+  LoadFunctionDataAndWasmInstance(masm, function_data, wasm_instance);
+
+  // -------------------------------------------
+  // Load values from the signature.
+  // -------------------------------------------
+  Register valuetypes_array_ptr = r11;
+  Register return_count = r8;
+  Register param_count = rcx;
+  Register signature_data = r15;
+  LoadValueTypesArray(masm, function_data, valuetypes_array_ptr, return_count,
+                      param_count, signature_data);
+  __ movq(MemOperand(rbp, kSignatureDataOffset), signature_data);
+  Register array_size = signature_data;
+  signature_data = no_reg;
+  __ andq(array_size,
+          Immediate(wasm::WasmInterpreterRuntime::PackedArgsSizeField::kMask));
+
+  // -------------------------------------------
+  // Store signature-related values to the stack.
+  // -------------------------------------------
+  // We store values on the stack to restore them after function calls.
+  // We cannot push values onto the stack right before the wasm call. The wasm
+  // function expects the parameters, that didn't fit into the registers, on the
+  // top of the stack.
+  __ movq(MemOperand(rbp, kParamCountOffset), param_count);
+  __ movq(MemOperand(rbp, kReturnCountOffset), return_count);
+  __ movq(MemOperand(rbp, kValueTypesArrayStartOffset), valuetypes_array_ptr);
+
+  // -------------------------------------------
+  // Allocate array for args and return value.
+  // -------------------------------------------
+  Register array_start = array_size;
+  array_size = no_reg;
+  __ negq(array_start);
+  __ addq(array_start, rsp);
+  __ movq(rsp, array_start);
+  __ movq(MemOperand(rbp, kArgRetsAddressOffset), array_start);
+
+  __ movq(MemOperand(rbp, kArgRetsIsArgsOffset), Immediate(1));
+  __ Move(MemOperand(rbp, kCurrentIndexOffset), 0);
+
+  Label prepare_for_wasm_call;
+  __ Cmp(param_count, 0);
+
+  // If we have 0 params: jump through parameter handling.
+  __ j(equal, &prepare_for_wasm_call);
+
+  // Create a section on the stack to pass the evaluated parameters to the
+  // interpreter and to receive the results. This section represents the array
+  // expected as argument by the Runtime_WasmRunInterpreter.
+  // Arguments are stored one after the other without holes, starting at the
+  // beginning of the array, and the interpreter puts the returned values in the
+  // same array, also starting at the beginning.
+
+  // Set the current_param_slot to point to the start of the section.
+  Register current_param_slot = r10;
+  __ movq(current_param_slot, array_start);
+
+  // Loop through the params starting with the first.
+  // [rbp + 8 * current_index + kArgsOffset] gives us the JS argument we are
+  // processing. We iterate through half-open interval [1st param, rbp + 8 *
+  // param_count + kArgsOffset).
+
+  constexpr int kReceiverOnStackSize = kSystemPointerSize;
+  constexpr int kArgsOffset =
+      kFPOnStackSize + kPCOnStackSize + kReceiverOnStackSize;
+
+  Register param = rax;
+  // We have to check the types of the params. The ValueType array contains
+  // first the return then the param types.
+  constexpr int kValueTypeSize = sizeof(wasm::ValueType);
+  static_assert(kValueTypeSize == 4);
+  const int32_t kValueTypeSizeLog2 = log2(kValueTypeSize);
+  // Set the ValueType array pointer to point to the first parameter.
+  Register returns_size = return_count;
+  return_count = no_reg;
+  __ shlq(returns_size, Immediate(kValueTypeSizeLog2));
+  __ addq(valuetypes_array_ptr, returns_size);
+  returns_size = no_reg;
+
+  Register current_index = rbx;
+  __ Move(current_index, 0);
+
+  // -------------------------------------------
+  // Param evaluation loop.
+  // -------------------------------------------
+  Label loop_through_params;
+  __ bind(&loop_through_params);
+
+  __ movq(MemOperand(
+              rbp, BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset),
+          current_index);
+  __ movq(param, MemOperand(rbp, current_index, times_system_pointer_size,
+                            kArgsOffset));
+
+  Register valuetype = r12;
+  __ movl(valuetype,
+          Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  // -------------------------------------------
+  // Param conversion.
+  // -------------------------------------------
+  // If param is a Smi we can easily convert it. Otherwise we'll call a builtin
+  // for conversion.
+  Label param_conversion_done;
+  Label check_ref_param;
+  Label convert_param;
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(not_equal, &check_ref_param);
+  __ JumpIfNotSmi(param, &convert_param);
+
+  // Change the param from Smi to int32.
+  __ SmiUntag(param);
+  // Zero extend.
+  __ movl(param, param);
+  // Place the param into the proper slot in Integer section.
+  __ movq(MemOperand(current_param_slot, 0), param);
+  __ addq(current_param_slot, Immediate(sizeof(int32_t)));
+  __ jmp(&param_conversion_done);
+
+  Label handle_ref_param;
+  __ bind(&check_ref_param);
+  __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ j(equal, &handle_ref_param);
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ j(not_equal, &convert_param);
+
+  // Place the reference param into the proper slot.
+  __ bind(&handle_ref_param);
+  // Make sure slot for ref args are 64-bit aligned.
+  __ movq(r9, current_param_slot);
+  __ andq(r9, Immediate(0x04));
+  __ addq(current_param_slot, r9);
+  __ movq(MemOperand(current_param_slot, 0), param);
+  __ addq(current_param_slot, Immediate(kSystemPointerSize));
+
+  // -------------------------------------------
+  // Param conversion done.
+  // -------------------------------------------
+  __ bind(&param_conversion_done);
+
+  __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+
+  __ movq(
+      current_index,
+      MemOperand(rbp,
+                 BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset));
+  __ incq(current_index);
+  __ cmpq(current_index, param_count);
+  __ j(less, &loop_through_params);
+  __ movq(MemOperand(
+              rbp, BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset),
+          current_index);
+
+  // ----------- S t a t e -------------
+  //  -- r10 : current_param_slot
+  //  -- r11 : valuetypes_array_ptr
+  //  -- r15 : array_start
+  //  -- rdi : function_data
+  //  -- rsi : wasm_trusted_instance
+  //  -- GpParamRegisters = rax, rdx, rcx, rbx, r9
+  // -----------------------------------
+
+  __ bind(&prepare_for_wasm_call);
+  // -------------------------------------------
+  // Prepare for the Wasm call.
+  // -------------------------------------------
+  // Set thread_in_wasm_flag.
+  Register thread_in_wasm_flag_addr = r12;
+  __ movq(
+      thread_in_wasm_flag_addr,
+      MemOperand(kRootRegister, Isolate::thread_in_wasm_flag_address_offset()));
+  __ movl(MemOperand(thread_in_wasm_flag_addr, 0), Immediate(1));
+  thread_in_wasm_flag_addr = no_reg;
+
+  Register function_index = r12;
+  __ movl(
+      function_index,
+      MemOperand(function_data, WasmExportedFunctionData::kFunctionIndexOffset -
+                                    kHeapObjectTag));
+  // We pass function_index as Smi.
+
+  // One tagged object (the wasm_instance) to be visited if there is a GC
+  // during the call.
+  constexpr int kWasmCallGCScanSlotCount = 1;
+  __ Move(
+      MemOperand(
+          rbp, BuiltinWasmInterpreterWrapperConstants::kGCScanSlotCountOffset),
+      kWasmCallGCScanSlotCount);
+
+  // -------------------------------------------
+  // Call the Wasm function.
+  // -------------------------------------------
+  __ pushq(wasm_instance);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInterpreterEntry),
+          RelocInfo::CODE_TARGET);
+  __ popq(wasm_instance);
+  __ movq(array_start, MemOperand(rbp, kArgRetsAddressOffset));
+  __ Move(MemOperand(rbp, kArgRetsIsArgsOffset), 0);
+
+  function_index = no_reg;
+
+  // Unset thread_in_wasm_flag.
+  thread_in_wasm_flag_addr = r8;
+  __ movq(
+      thread_in_wasm_flag_addr,
+      MemOperand(kRootRegister, Isolate::thread_in_wasm_flag_address_offset()));
+  __ movl(MemOperand(thread_in_wasm_flag_addr, 0), Immediate(0));
+  thread_in_wasm_flag_addr = no_reg;
+
+  // -------------------------------------------
+  // Return handling.
+  //
+  // ----------- S t a t e -------------
+  //  -- r15 : array_start
+  //  -- rsi : wasm_instance
+  // -------------------------------------------
+  return_count = r8;
+  __ movq(return_count, MemOperand(rbp, kReturnCountOffset));
+
+  // All return values are already in the packed array.
+  __ movq(MemOperand(
+              rbp, BuiltinWasmInterpreterWrapperConstants::kCurrentIndexOffset),
+          return_count);
+
+  Register return_value = rax;
+  Register fixed_array = rdi;
+  __ Move(fixed_array, 0);
+  Register jsarray = rdx;
+  __ Move(jsarray, 0);
+
+  Label return_undefined;
+  __ cmpl(return_count, Immediate(1));
+  // If no return value, load undefined.
+  __ j(less, &return_undefined);
+
+  Label start_return_conversion;
+  // If we have more than one return value, we need to return a JSArray.
+  __ j(equal, &start_return_conversion);
+
+  PrepareForBuiltinCall(masm, array_start, return_count, wasm_instance);
+  __ movq(rax, return_count);
+  __ SmiTag(rax);
+  // Create JSArray to hold results.
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmAllocateJSArray),
+          RelocInfo::CODE_TARGET);
+  __ movq(jsarray, rax);
+  RestoreAfterBuiltinCall(masm, wasm_instance, return_count, array_start);
+  __ LoadTaggedField(fixed_array, MemOperand(jsarray, JSArray::kElementsOffset -
+                                                          kHeapObjectTag));
+
+  __ bind(&start_return_conversion);
+  Register current_return_slot = array_start;
+
+  Register result_index = r9;
+  __ xorq(result_index, result_index);
+
+  Label convert_return_value;
+  __ jmp(&convert_return_value);
+
+  __ bind(&return_undefined);
+  __ LoadRoot(return_value, RootIndex::kUndefinedValue);
+  Label all_results_conversion_done;
+  __ jmp(&all_results_conversion_done);
+
+  Label next_return_value;
+  __ bind(&next_return_value);
+  __ incq(result_index);
+  __ cmpq(result_index, return_count);
+  __ j(less, &convert_return_value);
+
+  __ bind(&all_results_conversion_done);
+  __ movq(param_count, MemOperand(rbp, kParamCountOffset));
+
+  Label do_return;
+  __ cmpq(fixed_array, Immediate(0));
+  __ j(equal, &do_return);
+  // The result is jsarray.
+  __ movq(rax, jsarray);
+
+  // Calculate the number of parameters we have to pop off the stack. This
+  // number is max(in_param_count, param_count).
+  __ bind(&do_return);
+  in_param_count = rdx;
+  __ movq(in_param_count, MemOperand(rbp, kInParamCountOffset));
+  __ cmpq(param_count, in_param_count);
+  __ cmovq(less, param_count, in_param_count);
+
+  // -------------------------------------------
+  // Deconstruct the stack frame.
+  // -------------------------------------------
+  __ LeaveFrame(StackFrame::JS_TO_WASM);
+
+  // We have to remove the caller frame slots:
+  //  - JS arguments
+  //  - the receiver
+  // and transfer the control to the return address (the return address is
+  // expected to be on the top of the stack).
+  // We cannot use just the ret instruction for this, because we cannot pass the
+  // number of slots to remove in a Register as an argument.
+  __ DropArguments(param_count, rbx);
+  __ ret(0);
+
+  // --------------------------------------------------------------------------
+  //                          Deferred code.
+  // --------------------------------------------------------------------------
+
+  // -------------------------------------------
+  // Param conversion builtins.
+  // -------------------------------------------
+  __ bind(&convert_param);
+  // The order of pushes is important. We want the heap objects, that should be
+  // scanned by GC, to be on the top of the stack.
+  // We have to set the indicating value for the GC to the number of values on
+  // the top of the stack that have to be scanned before calling the builtin
+  // function.
+  // We don't need the JS context for these builtin calls.
+  // The builtin expects the parameter to be in register param = rax.
+
+  PrepareForJsToWasmConversionBuiltinCall(
+      masm, array_start, param_count, current_param_slot, valuetypes_array_ptr,
+      wasm_instance, function_data);
+
+  Label param_kWasmI32_not_smi;
+  Label param_kWasmI64;
+  Label param_kWasmF32;
+  Label param_kWasmF64;
+  Label throw_type_error;
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(equal, &param_kWasmI32_not_smi);
+  __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ j(equal, &param_kWasmI64);
+  __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ j(equal, &param_kWasmF32);
+  __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ j(equal, &param_kWasmF64);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmS128.raw_bit_field()));
+  // Simd arguments cannot be passed from JavaScript.
+  __ j(equal, &throw_type_error);
+
+  __ int3();
+
+  __ bind(&param_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedNonSmiToInt32),
+          RelocInfo::CODE_TARGET);
+  // Param is the result of the builtin.
+  __ AssertZeroExtended(param);
+  RestoreAfterJsToWasmConversionBuiltinCall(
+      masm, function_data, wasm_instance, valuetypes_array_ptr,
+      current_param_slot, param_count, array_start);
+  __ movl(MemOperand(current_param_slot, 0), param);
+  __ addq(current_param_slot, Immediate(sizeof(int32_t)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmI64);
+  __ Call(BUILTIN_CODE(masm->isolate(), BigIntToI64), RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(
+      masm, function_data, wasm_instance, valuetypes_array_ptr,
+      current_param_slot, param_count, array_start);
+  __ movq(MemOperand(current_param_slot, 0), param);
+  __ addq(current_param_slot, Immediate(sizeof(int64_t)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmF32);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat32),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(
+      masm, function_data, wasm_instance, valuetypes_array_ptr,
+      current_param_slot, param_count, array_start);
+  __ Movsd(MemOperand(current_param_slot, 0), xmm0);
+  __ addq(current_param_slot, Immediate(sizeof(float)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&param_kWasmF64);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat64),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterJsToWasmConversionBuiltinCall(
+      masm, function_data, wasm_instance, valuetypes_array_ptr,
+      current_param_slot, param_count, array_start);
+  __ Movsd(MemOperand(current_param_slot, 0), xmm0);
+  __ addq(current_param_slot, Immediate(sizeof(double)));
+  __ jmp(&param_conversion_done);
+
+  __ bind(&throw_type_error);
+  // CallRuntime expects kRootRegister (r13) to contain the root.
+  __ CallRuntime(Runtime::kWasmThrowJSTypeError);
+  __ int3();  // Should not return.
+
+  // -------------------------------------------
+  // Return conversions.
+  // -------------------------------------------
+  __ bind(&convert_return_value);
+  // We have to make sure that the kGCScanSlotCount is set correctly when we
+  // call the builtins for conversion. For these builtins it's the same as for
+  // the Wasm call, that is, kGCScanSlotCount = 0, so we don't have to reset it.
+  // We don't need the JS context for these builtin calls.
+
+  __ movq(valuetypes_array_ptr, MemOperand(rbp, kValueTypesArrayStartOffset));
+  // The first valuetype of the array is the return's valuetype.
+  __ movl(valuetype,
+          Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  Label return_kWasmI32;
+  Label return_kWasmI64;
+  Label return_kWasmF32;
+  Label return_kWasmF64;
+  Label return_kWasmRef;
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(equal, &return_kWasmI32);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ j(equal, &return_kWasmI64);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ j(equal, &return_kWasmF32);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ j(equal, &return_kWasmF64);
+
+  __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ j(equal, &return_kWasmRef);
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ j(equal, &return_kWasmRef);
+
+  // Invalid type. Wasm cannot return Simd results to JavaScript.
+  __ int3();
+
+  Label return_value_done;
+
+  __ bind(&return_kWasmI32);
+  __ movl(return_value, MemOperand(current_return_slot, 0));
+  __ addq(current_return_slot, Immediate(sizeof(int32_t)));
+  Label to_heapnumber;
+  // If pointer compression is disabled, we can convert the return to a smi.
+  if (SmiValuesAre32Bits()) {
+    __ SmiTag(return_value);
+  } else {
+    Register temp = rbx;
+    __ movq(temp, return_value);
+    // Double the return value to test if it can be a Smi.
+    __ addl(temp, return_value);
+    temp = no_reg;
+    // If there was overflow, convert to a HeapNumber.
+    __ j(overflow, &to_heapnumber);
+    // If there was no overflow, we can convert to Smi.
+    __ SmiTag(return_value);
+  }
+  __ jmp(&return_value_done);
+
+  // Handle the conversion of the I32 return value to HeapNumber when it cannot
+  // be a smi.
+  __ bind(&to_heapnumber);
+
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInt32ToHeapNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmI64);
+  __ movq(return_value, MemOperand(current_return_slot, 0));
+  __ addq(current_return_slot, Immediate(sizeof(int64_t)));
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), I64ToBigInt), RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmF32);
+  __ movq(xmm1, MemOperand(current_return_slot, 0));
+  __ addq(current_return_slot, Immediate(sizeof(float)));
+  // The builtin expects the value to be in xmm0.
+  __ Movss(xmm0, xmm1);
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat32ToNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmF64);
+  // The builtin expects the value to be in xmm0.
+  __ movq(xmm0, MemOperand(current_return_slot, 0));
+  __ addq(current_return_slot, Immediate(sizeof(double)));
+  PrepareForWasmToJsConversionBuiltinCall(
+      masm, return_count, result_index, current_return_slot,
+      valuetypes_array_ptr, wasm_instance, fixed_array, jsarray);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat64ToNumber),
+          RelocInfo::CODE_TARGET);
+  RestoreAfterWasmToJsConversionBuiltinCall(
+      masm, jsarray, fixed_array, wasm_instance, valuetypes_array_ptr,
+      current_return_slot, result_index, return_count);
+  __ jmp(&return_value_done);
+
+  __ bind(&return_kWasmRef);
+  // Make sure slot for ref args are 64-bit aligned.
+  __ movq(rbx, current_return_slot);
+  __ andq(rbx, Immediate(0x04));
+  __ addq(current_return_slot, rbx);
+  __ movq(return_value, MemOperand(current_return_slot, 0));
+  __ addq(current_return_slot, Immediate(kSystemPointerSize));
+  // Do not modify the result in return_value.
+
+  __ bind(&return_value_done);
+  __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ movq(MemOperand(rbp, kValueTypesArrayStartOffset), valuetypes_array_ptr);
+  __ cmpq(fixed_array, Immediate(0));
+  __ j(equal, &next_return_value);
+
+  // Store result in JSArray
+  __ StoreTaggedField(FieldOperand(fixed_array, result_index,
+                                   static_cast<ScaleFactor>(kTaggedSizeLog2),
+                                   FixedArray::kHeaderSize),
+                      return_value);
+  __ jmp(&next_return_value);
+}
+
+// For compiled code, V8 generates signature-specific CWasmEntries that manage
+// the transition from C++ code to a JS function called from Wasm code and takes
+// care of handling exceptions that arise from JS (see
+// WasmWrapperGraphBuilder::BuildCWasmEntry()).
+// This builtin does the same for the Wasm interpreter and it is used for
+// Wasm-to-JS calls. It invokes GenericWasmToJSInterpreterWrapper and installs a
+// specific frame of type C_WASM_ENTRY which is used in
+// Isolate::UnwindAndFindHandler() to correctly unwind interpreter stack frames
+// and handle exceptions.
+void Builtins::Generate_WasmInterpreterCWasmEntry(MacroAssembler* masm) {
+  Label invoke, handler_entry, exit;
+  Register isolate_root = kCArgRegs[2];  // Windows: r8, Posix: rdx
+
+  // -------------------------------------------
+  // CWasmEntryFrame: (Win64)
+  // rbp-0xe8  rbx
+  // rbp-0xe0  rsi
+  // rbp-0xd8  rdi
+  // rbp-0xd0  r12
+  // rbp-0xc8  r13
+  // rbp-0xc0  r14
+  // rbp-0xb8  r15
+  // -------------------------------------------
+  // rbp-0xb0  xmm6
+  //           ...
+  // rbp-0x20  xmm15
+  // -------------------------------------------
+  // rbp-0x18  rsp
+  // rbp-0x10  CEntryFp
+  // rbp-0x08  Marker(StackFrame::C_WASM_ENTRY)
+  // rbp       Old RBP
+
+  // -------------------------------------------
+  // CWasmEntryFrame: (AMD64 ABI)
+  // rbp-0x40  rbx
+  // rbp-0x38  r12
+  // rbp-0x30  r13
+  // rbp-0x28  r14
+  // rbp-0x20  r15
+  // -------------------------------------------
+  // rbp-0x18  rsp
+  // rbp-0x10  CEntryFp
+  // rbp-0x08  Marker(StackFrame::C_WASM_ENTRY)
+  // rbp       Old RBP
+
+#ifndef V8_OS_POSIX
+  // Offsets for arguments passed in WasmToJSCallSig. See declaration of
+  // {WasmToJSCallSig} in src/wasm/interpreter/wasm-interpreter-runtime.h.
+  constexpr int kCEntryFpParameterOffset = 0x30;
+  constexpr int kCallableOffset = 0x38;
+#endif  // !V8_OS_POSIX
+
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::C_WASM_ENTRY);
+
+  // Space to store c_entry_fp and current rsp (used by exception handler).
+  __ subq(rsp, Immediate(0x10));
+
+  // Save registers
+#ifdef V8_TARGET_OS_WIN
+  // On Win64 XMM6-XMM15 are callee-save.
+  __ subq(rsp, Immediate(0xa0));
+  __ movdqu(Operand(rsp, 0x00), xmm6);
+  __ movdqu(Operand(rsp, 0x10), xmm7);
+  __ movdqu(Operand(rsp, 0x20), xmm8);
+  __ movdqu(Operand(rsp, 0x30), xmm9);
+  __ movdqu(Operand(rsp, 0x40), xmm10);
+  __ movdqu(Operand(rsp, 0x50), xmm11);
+  __ movdqu(Operand(rsp, 0x60), xmm12);
+  __ movdqu(Operand(rsp, 0x70), xmm13);
+  __ movdqu(Operand(rsp, 0x80), xmm14);
+  __ movdqu(Operand(rsp, 0x90), xmm15);
+#endif  // V8_TARGET_OS_WIN
+  __ pushq(r15);
+  __ pushq(r14);
+  __ pushq(r13);
+  __ pushq(r12);
+#ifdef V8_TARGET_OS_WIN
+  __ pushq(rdi);  // Only callee save in Win64 ABI, argument in AMD64 ABI.
+  __ pushq(rsi);  // Only callee save in Win64 ABI, argument in AMD64 ABI.
+#endif            // V8_TARGET_OS_WIN
+  __ pushq(rbx);
+
+  // InitializeRootRegister
+  __ movq(kRootRegister, isolate_root);  // kRootRegister: r13
+#ifdef V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+  __ LoadRootRelative(kPtrComprCageBaseRegister,
+                      IsolateData::cage_base_offset());
+#endif
+  isolate_root = no_reg;
+
+  Register callable = r8;
+#ifdef V8_OS_POSIX
+  __ movq(MemOperand(rbp, WasmInterpreterCWasmEntryConstants::kCEntryFPOffset),
+          r8);            // saved_c_entry_fp
+  __ movq(callable, r9);  // callable
+#else                     // Windows
+  // Store c_entry_fp into slot
+  __ movq(rbx, MemOperand(rbp, kCEntryFpParameterOffset));
+  __ movq(MemOperand(rbp, WasmInterpreterCWasmEntryConstants::kCEntryFPOffset),
+          rbx);
+  __ movq(callable, MemOperand(rbp, kCallableOffset));
+#endif                    // V8_OS_POSIX
+
+  // Jump to a faked try block that does the invoke, with a faked catch
+  // block that sets the pending exception.
+  __ jmp(&invoke);
+
+  // Handler.
+  __ bind(&handler_entry);
+
+  // Store the current pc as the handler offset. It's used later to create the
+  // handler table.
+  masm->isolate()->builtins()->SetCWasmInterpreterEntryHandlerOffset(
+      handler_entry.pos());
+  // Caught exception.
+  __ jmp(&exit);
+
+  // Invoke: Link this frame into the handler chain.
+  __ bind(&invoke);
+  __ movq(MemOperand(rbp, WasmInterpreterCWasmEntryConstants::kSPFPOffset),
+          rsp);
+  __ PushStackHandler();
+  __ Call(BUILTIN_CODE(masm->isolate(), GenericWasmToJSInterpreterWrapper),
+          RelocInfo::CODE_TARGET);
+
+  // Unlink this frame from the handler chain.
+  __ PopStackHandler();
+
+  __ bind(&exit);
+  // Restore registers.
+  __ popq(rbx);
+#ifdef V8_TARGET_OS_WIN
+  __ popq(rsi);
+  __ popq(rdi);
+#endif  // V8_TARGET_OS_WIN
+  __ popq(r12);
+  __ popq(r13);
+  __ popq(r14);
+  __ popq(r15);
+#ifdef V8_TARGET_OS_WIN
+  // On Win64 XMM6-XMM15 are callee-save.
+  __ movdqu(xmm15, Operand(rsp, 0x90));
+  __ movdqu(xmm14, Operand(rsp, 0x80));
+  __ movdqu(xmm13, Operand(rsp, 0x70));
+  __ movdqu(xmm12, Operand(rsp, 0x60));
+  __ movdqu(xmm11, Operand(rsp, 0x50));
+  __ movdqu(xmm10, Operand(rsp, 0x40));
+  __ movdqu(xmm9, Operand(rsp, 0x30));
+  __ movdqu(xmm8, Operand(rsp, 0x20));
+  __ movdqu(xmm7, Operand(rsp, 0x10));
+  __ movdqu(xmm6, Operand(rsp, 0x00));
+#endif  // V8_TARGET_OS_WIN
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::C_WASM_ENTRY);
+  __ ret(0);
+}
+
+void Builtins::Generate_GenericWasmToJSInterpreterWrapper(
+    MacroAssembler* masm) {
+  Register target_js_function = kCArgRegs[0];  // Win: rcx, Posix: rdi
+  Register packed_args = kCArgRegs[1];         // Win: rdx, Posix: rsi
+  Register callable = rdi;
+  Register signature = kCArgRegs[3];  // Win: r9, Posix: rcx
+
+  // Set up the stackframe.
+  __ EnterFrame(StackFrame::WASM_TO_JS);
+
+  // -------------------------------------------
+  // Compute offsets and prepare for GC.
+  // -------------------------------------------
+  // GenericWasmToJSInterpreterWrapperFrame:
+  // rbp-N     receiver               ^
+  // ...       JS arg 0               | Tagged
+  // ...       ...                    | objects
+  // rbp-0x68  JS arg n-1             |
+  // rbp-0x60  context                v
+  // -------------------------------------------
+  // rbp-0x58  current_param_slot_index
+  // rbp-0x50  valuetypes_array_ptr
+  // rbp-0x48  param_index/return_index
+  // rbp-0x40  signature
+  // rbp-0x38  param_count
+  // rbp-0x30  return_count
+  // rbp-0x28  expected_arity
+  // rbp-0x20  packed_array
+  // rbp-0x18  GC_SP
+  // rbp-0x10  GCScanSlotCount
+  // rbp-0x08  Marker(StackFrame::WASM_TO_JS)
+  // rbp       Old RBP
+
+  constexpr int kMarkerOffset =
+      WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset +
+      kSystemPointerSize;
+  static_assert(WasmToJSInterpreterFrameConstants::kGCSPOffset ==
+                WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset -
+                    kSystemPointerSize);
+  constexpr int kPackedArrayOffset =
+      WasmToJSInterpreterFrameConstants::kGCSPOffset - kSystemPointerSize;
+  constexpr int kExpectedArityOffset = kPackedArrayOffset - kSystemPointerSize;
+  constexpr int kReturnCountOffset = kExpectedArityOffset - kSystemPointerSize;
+  constexpr int kParamCountOffset = kReturnCountOffset - kSystemPointerSize;
+  constexpr int kSignatureOffset = kParamCountOffset - kSystemPointerSize;
+  constexpr int kParamIndexOffset = kSignatureOffset - kSystemPointerSize;
+  // Reuse this slot when iterating over return values.
+  constexpr int kResultIndexOffset = kParamIndexOffset;
+  constexpr int kValueTypesArrayStartOffset =
+      kParamIndexOffset - kSystemPointerSize;
+  constexpr int kCurrentParamOffset =
+      kValueTypesArrayStartOffset - kSystemPointerSize;
+  // Reuse this slot when iterating over return values.
+  constexpr int kCurrentResultAddressOffset = kCurrentParamOffset;
+  constexpr int kNumSpillSlots =
+      (kMarkerOffset - kCurrentResultAddressOffset) / kSystemPointerSize;
+  __ subq(rsp, Immediate(kNumSpillSlots * kSystemPointerSize));
+
+  __ movq(MemOperand(rbp, kPackedArrayOffset), packed_args);
+
+  // Store null into the stack slot that will contain rsp to be used in GCs that
+  // happen during the JS function call. See WasmToJsFrame::Iterate.
+  __ Move(MemOperand(rbp, WasmToJSInterpreterFrameConstants::kGCSPOffset), 0);
+
+  // Count the number of tagged objects at the top of the stack that need to be
+  // visited during GC.
+  __ Move(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          0);
+
+#if V8_OS_POSIX
+  // Windows has a different calling convention.
+  signature = r9;
+  __ movq(signature, kCArgRegs[3]);
+  target_js_function = rcx;
+  __ movq(target_js_function, kCArgRegs[0]);
+  packed_args = rdx;
+  __ movq(packed_args, kCArgRegs[1]);
+#endif                    // V8_OS_POSIX
+  __ movq(callable, r8);  // Callable passed in r8.
+
+  Register shared_function_info = r15;
+  __ LoadTaggedField(
+      shared_function_info,
+      MemOperand(
+          target_js_function,
+          wasm::ObjectAccess::SharedFunctionInfoOffsetInTaggedJSFunction()));
+
+  // Set the context of the function; the call has to run in the function
+  // context.
+  Register context = rsi;
+  __ LoadTaggedField(
+      context, FieldOperand(target_js_function, JSFunction::kContextOffset));
+  target_js_function = no_reg;
+
+  // Load global receiver if sloppy else use undefined.
+  Label receiver_undefined;
+  Label calculate_js_function_arity;
+  Register receiver = r11;
+  Register flags = rbx;
+  __ movl(flags,
+          FieldOperand(shared_function_info, SharedFunctionInfo::kFlagsOffset));
+  __ testq(flags, Immediate(SharedFunctionInfo::IsNativeBit::kMask |
+                            SharedFunctionInfo::IsStrictBit::kMask));
+  flags = no_reg;
+  __ j(not_equal, &receiver_undefined);
+  __ LoadGlobalProxy(receiver);
+  __ jmp(&calculate_js_function_arity);
+
+  __ bind(&receiver_undefined);
+  __ LoadRoot(receiver, RootIndex::kUndefinedValue);
+
+  __ bind(&calculate_js_function_arity);
+
+  // Load values from the signature.
+  __ movq(MemOperand(rbp, kSignatureOffset), signature);
+  Register valuetypes_array_ptr = signature;
+  Register return_count = r8;
+  Register param_count = rcx;
+  LoadFromSignature(masm, valuetypes_array_ptr, return_count, param_count);
+  __ movq(MemOperand(rbp, kParamCountOffset), param_count);
+  shared_function_info = no_reg;
+
+  // The arguments need to be visited during GC.
+  __ movq(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          param_count);
+
+  // Calculate target function arity.
+  Register expected_arity = rbx;
+  __ movq(expected_arity, param_count);
+
+  // Make room to pass args and store the context.
+  __ movq(rax, expected_arity);
+  __ incq(rax);  // To store the context.
+  __ shlq(rax, Immediate(kSystemPointerSizeLog2));
+  __ subq(rsp, rax);  // Args.
+
+  Register param_index = param_count;
+  __ Move(param_index, 0);
+
+  // -------------------------------------------
+  // Store signature-related values to the stack.
+  // -------------------------------------------
+  // We store values on the stack to restore them after function calls.
+  __ movq(MemOperand(rbp, kReturnCountOffset), return_count);
+  __ movq(MemOperand(rbp, kValueTypesArrayStartOffset), valuetypes_array_ptr);
+
+  Label prepare_for_js_call;
+  __ Cmp(expected_arity, 0);
+  // If we have 0 params: jump through parameter handling.
+  __ j(equal, &prepare_for_js_call);
+
+  // Loop through the params starting with the first.
+  Register current_param_slot_offset = r10;
+  __ Move(current_param_slot_offset, Immediate(0));
+  Register param = rax;
+
+  // We have to check the types of the params. The ValueType array contains
+  // first the return then the param types.
+  constexpr int kValueTypeSize = sizeof(wasm::ValueType);
+  static_assert(kValueTypeSize == 4);
+  const int32_t kValueTypeSizeLog2 = log2(kValueTypeSize);
+
+  // Set the ValueType array pointer to point to the first parameter.
+  Register returns_size = return_count;
+  return_count = no_reg;
+  __ shlq(returns_size, Immediate(kValueTypeSizeLog2));
+  __ addq(valuetypes_array_ptr, returns_size);
+  returns_size = no_reg;
+  Register valuetype = r12;
+
+  // -------------------------------------------
+  // Copy reference type params first and initialize the stack for JS arguments.
+  // -------------------------------------------
+
+  // Heap pointers for ref type values in packed_args can be invalidated if GC
+  // is triggered when converting wasm numbers to JS numbers and allocating
+  // heap numbers. So, we have to move them to the stack first.
+  {
+    Label loop_copy_param_ref, load_ref_param, set_and_move;
+
+    __ bind(&loop_copy_param_ref);
+    __ movl(valuetype,
+            Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+    __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+    __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+    __ j(equal, &load_ref_param);
+    __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+    __ j(equal, &load_ref_param);
+
+    // Initialize non-ref type slots to zero since they can be visited by GC
+    // when converting wasm numbers into heap numbers.
+    __ Move(param, Smi::zero());
+
+    Label inc_param_32bit;
+    __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+    __ j(equal, &inc_param_32bit);
+    __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+    __ j(equal, &inc_param_32bit);
+
+    Label inc_param_64bit;
+    __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+    __ j(equal, &inc_param_64bit);
+    __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+    __ j(equal, &inc_param_64bit);
+
+    // Invalid type. Wasm cannot pass Simd arguments to JavaScript.
+    __ int3();
+
+    __ bind(&inc_param_32bit);
+    __ addq(current_param_slot_offset, Immediate(sizeof(int32_t)));
+    __ jmp(&set_and_move);
+
+    __ bind(&inc_param_64bit);
+    __ addq(current_param_slot_offset, Immediate(sizeof(int64_t)));
+    __ jmp(&set_and_move);
+
+    __ bind(&load_ref_param);
+    __ movq(param,
+            MemOperand(packed_args, current_param_slot_offset, times_1, 0));
+    __ addq(current_param_slot_offset, Immediate(kSystemPointerSize));
+
+    __ bind(&set_and_move);
+    __ movq(MemOperand(rsp, param_index, times_system_pointer_size, 0), param);
+    __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+    __ incq(param_index);
+    __ cmpq(param_index, MemOperand(rbp, kParamCountOffset));
+    __ j(less, &loop_copy_param_ref);
+  }
+
+  // Reset pointers for the second param conversion loop.
+  returns_size = r8;
+  __ movq(returns_size, MemOperand(rbp, kReturnCountOffset));
+  __ shlq(returns_size, Immediate(kValueTypeSizeLog2));
+  __ movq(valuetypes_array_ptr, MemOperand(rbp, kValueTypesArrayStartOffset));
+  __ addq(valuetypes_array_ptr, returns_size);
+  returns_size = no_reg;
+  __ movq(current_param_slot_offset, Immediate(0));
+  __ movq(param_index, Immediate(0));
+
+  // -------------------------------------------
+  // Param evaluation loop.
+  // -------------------------------------------
+  Label loop_through_params;
+  __ bind(&loop_through_params);
+
+  __ movl(valuetype,
+          Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  // -------------------------------------------
+  // Param conversion.
+  // -------------------------------------------
+  // If param is a Smi we can easily convert it. Otherwise we'll call a builtin
+  // for conversion.
+  Label param_conversion_done, check_ref_param, skip_ref_param, convert_param;
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(not_equal, &check_ref_param);
+
+  // I32 param: change to Smi.
+  __ movl(param,
+          MemOperand(packed_args, current_param_slot_offset, times_1, 0));
+  // If pointer compression is disabled, we can convert to a Smi.
+  if (SmiValuesAre32Bits()) {
+    __ SmiTag(param);
+  } else {
+    Register temp = r15;
+    __ movq(temp, param);
+    // Double the return value to test if it can be a Smi.
+    __ addl(temp, param);
+    temp = no_reg;
+    // If there was overflow, convert the return value to a HeapNumber.
+    __ j(overflow, &convert_param);
+    // If there was no overflow, we can convert to Smi.
+    __ SmiTag(param);
+  }
+
+  // Place the param into the proper slot.
+  __ movq(MemOperand(rsp, param_index, times_system_pointer_size, 0), param);
+  __ addq(current_param_slot_offset, Immediate(sizeof(int32_t)));
+  __ jmp(&param_conversion_done);
+
+  // Skip Ref params. We already copied reference params in the first loop.
+  __ bind(&check_ref_param);
+  __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ j(equal, &skip_ref_param);
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ j(not_equal, &convert_param);
+
+  __ bind(&skip_ref_param);
+  __ addq(current_param_slot_offset, Immediate(kSystemPointerSize));
+
+  // -------------------------------------------
+  // Param conversion done.
+  // -------------------------------------------
+  __ bind(&param_conversion_done);
+  __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ incq(param_index);
+  __ decq(expected_arity);
+  __ j(equal, &prepare_for_js_call);
+  __ cmpq(param_index, MemOperand(rbp, kParamCountOffset));
+  __ j(not_equal, &loop_through_params);
+
+  // -------------------------------------------
+  // Prepare for the function call.
+  // -------------------------------------------
+  __ bind(&prepare_for_js_call);
+
+  // Store context to be retrieved after the call.
+  __ movq(Operand(rsp, param_index, times_system_pointer_size, 0), context);
+  __ incq(MemOperand(
+      rbp, WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  // Reset thread_in_wasm_flag.
+  Register thread_in_wasm_flag_addr = rcx;
+  __ movq(
+      thread_in_wasm_flag_addr,
+      MemOperand(kRootRegister, Isolate::thread_in_wasm_flag_address_offset()));
+  __ movl(MemOperand(thread_in_wasm_flag_addr, 0), Immediate(0));
+  thread_in_wasm_flag_addr = no_reg;
+
+  // -------------------------------------------
+  // Call the JS function.
+  // -------------------------------------------
+  // Call_ReceiverIsAny expects the arguments in the stack in this order:
+  // rsp + offset_PC  Receiver
+  // rsp + 0x10       JS arg 0
+  // ...              ...
+  // rsp + N          JS arg n-1
+  //
+  // It also expects two arguments passed in registers:
+  // rax: number of arguments + 1 (receiver)
+  // rdi: target JSFunction|JSBoundFunction|...
+  //
+  __ pushq(receiver);
+  __ incq(MemOperand(
+      rbp, WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+
+  // We are calling Call_ReceiverIsAny which can call
+  // AdaptorWithBuiltinExitFrame, which adds
+  // BuiltinExitFrameConstants::kNumExtraArgsWithoutReceiver additional tagged
+  // arguments to the stack. We must also scan these additional args in case of
+  // GC. We store the current stack pointer to be able to detect when this
+  // happens.
+  __ movq(MemOperand(rbp, WasmToJSInterpreterFrameConstants::kGCSPOffset), rsp);
+
+  __ movq(rax, MemOperand(rbp, kParamCountOffset));
+  __ incq(rax);  // Count receiver.
+  __ Call(BUILTIN_CODE(masm->isolate(), Call_ReceiverIsAny),
+          RelocInfo::CODE_TARGET);
+
+  __ movq(rsp, MemOperand(rbp, WasmToJSInterpreterFrameConstants::kGCSPOffset));
+  __ movq(MemOperand(rbp, WasmToJSInterpreterFrameConstants::kGCSPOffset),
+          Immediate(0));
+
+  __ popq(receiver);
+
+  // Retrieve context.
+  __ movq(context,  // param_count
+          MemOperand(
+              rbp, WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset));
+  __ subq(context, Immediate(2));  // do not count receiver and context.
+  __ movq(context, Operand(rsp, context, times_system_pointer_size, 0));
+
+  // -------------------------------------------
+  // Return handling.
+  // -------------------------------------------
+  Register return_reg = rax;
+  return_count = rcx;
+  __ movq(return_count, MemOperand(rbp, kReturnCountOffset));
+  __ movq(packed_args, MemOperand(rbp, kPackedArrayOffset));
+  __ movq(signature, MemOperand(rbp, kSignatureOffset));
+  __ movq(valuetypes_array_ptr,
+          MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+  Register result_index = r8;
+  __ movq(result_index, Immediate(0));
+
+  // If we have return values, convert them from JS types back to Wasm types.
+  Label convert_return;
+  Label return_done;
+  Label all_done;
+  Label loop_copy_return_refs;
+  Register fixed_array = r11;
+  __ movq(fixed_array, Immediate(0));
+  __ cmpl(return_count, Immediate(1));
+  __ j(less, &all_done);
+  __ j(equal, &convert_return);
+
+  // We have multiple results. Convert the result into a FixedArray.
+  // The builtin expects three args:
+  // rax: object.
+  // rbx: return_count as Smi.
+  // rsi: context.
+  __ movq(rbx, MemOperand(rbp, kReturnCountOffset));
+  __ addq(rbx, rbx);
+  __ pushq(context);
+  // One tagged object at the top of the stack (the context).
+  __ movq(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          Immediate(1));
+  __ Call(BUILTIN_CODE(masm->isolate(), IterableToFixedArrayForWasm),
+          RelocInfo::CODE_TARGET);
+  __ popq(context);
+  __ movq(fixed_array, rax);
+  __ movq(return_count, MemOperand(rbp, kReturnCountOffset));
+  __ movq(packed_args, MemOperand(rbp, kPackedArrayOffset));
+  __ movq(signature, MemOperand(rbp, kSignatureOffset));
+  __ movq(valuetypes_array_ptr,
+          MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+  __ movq(result_index, Immediate(0));
+
+  __ LoadTaggedField(return_reg,
+                     FieldOperand(fixed_array, result_index,
+                                  static_cast<ScaleFactor>(kTaggedSizeLog2),
+                                  FixedArray::kHeaderSize));
+  __ jmp(&convert_return);
+
+  // A result converted.
+  __ bind(&return_done);
+
+  // Restore after builtin call
+  __ popq(context);
+  __ popq(fixed_array);
+  __ movq(valuetypes_array_ptr, MemOperand(rbp, kValueTypesArrayStartOffset));
+
+  __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ movq(result_index, MemOperand(rbp, kResultIndexOffset));
+  __ incq(result_index);
+  __ cmpq(result_index, MemOperand(rbp, kReturnCountOffset));  // return_count
+  __ j(greater_equal, &loop_copy_return_refs);
+
+  __ LoadTaggedField(return_reg,
+                     FieldOperand(fixed_array, result_index,
+                                  static_cast<ScaleFactor>(kTaggedSizeLog2),
+                                  FixedArray::kHeaderSize));
+  __ jmp(&convert_return);
+
+  // -------------------------------------------
+  // Update refs after calling all builtins.
+  // -------------------------------------------
+
+  // Some builtin calls for return value conversion may trigger GC, and some
+  // heap pointers of ref types might become invalid in the conversion loop.
+  // Thus, copy the ref values again after finishing all the conversions.
+  __ bind(&loop_copy_return_refs);
+
+  // If there is only one return value, there should be no heap pointer in the
+  // packed_args while calling any builtin. So, we don't need to update refs.
+  __ movq(return_count, MemOperand(rbp, kReturnCountOffset));
+  __ cmpl(return_count, Immediate(1));
+  __ j(equal, &all_done);
+
+  Label copy_return_if_ref, copy_return_ref, done_copy_return_ref;
+  __ movq(packed_args, MemOperand(rbp, kPackedArrayOffset));
+  __ movq(signature, MemOperand(rbp, kSignatureOffset));
+  __ movq(valuetypes_array_ptr,
+          MemOperand(signature, wasm::FunctionSig::kRepsOffset));
+  __ movq(result_index, Immediate(0));
+
+  // Copy if the current return value is a ref type.
+  __ bind(&copy_return_if_ref);
+  __ movl(valuetype,
+          Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ j(equal, &copy_return_ref);
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ j(equal, &copy_return_ref);
+
+  Label inc_result_32bit;
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(equal, &inc_result_32bit);
+  __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ j(equal, &inc_result_32bit);
+
+  Label inc_result_64bit;
+  __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ j(equal, &inc_result_64bit);
+  __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ j(equal, &inc_result_64bit);
+
+  // Invalid type. JavaScript cannot return Simd values to WebAssembly.
+  __ int3();
+
+  __ bind(&inc_result_32bit);
+  __ addq(packed_args, Immediate(sizeof(int32_t)));
+  __ jmp(&done_copy_return_ref);
+
+  __ bind(&inc_result_64bit);
+  __ addq(packed_args, Immediate(sizeof(int64_t)));
+  __ jmp(&done_copy_return_ref);
+
+  __ bind(&copy_return_ref);
+  __ LoadTaggedField(return_reg,
+                     FieldOperand(fixed_array, result_index,
+                                  static_cast<ScaleFactor>(kTaggedSizeLog2),
+                                  FixedArray::kHeaderSize));
+  __ movq(MemOperand(packed_args, 0), return_reg);
+  __ addq(packed_args, Immediate(kSystemPointerSize));
+
+  // Move pointers.
+  __ bind(&done_copy_return_ref);
+  __ addq(valuetypes_array_ptr, Immediate(kValueTypeSize));
+  __ incq(result_index);
+  __ cmpq(result_index, MemOperand(rbp, kReturnCountOffset));
+  __ j(less, &copy_return_if_ref);
+
+  // -------------------------------------------
+  // All done.
+  // -------------------------------------------
+
+  __ bind(&all_done);
+  // Set thread_in_wasm_flag.
+  thread_in_wasm_flag_addr = rcx;
+  __ movq(
+      thread_in_wasm_flag_addr,
+      MemOperand(kRootRegister, Isolate::thread_in_wasm_flag_address_offset()));
+  __ movl(MemOperand(thread_in_wasm_flag_addr, 0), Immediate(1));
+  thread_in_wasm_flag_addr = no_reg;
+
+  // Deconstruct the stack frame.
+  __ LeaveFrame(StackFrame::WASM_TO_JS);
+
+  __ xorq(rax, rax);
+  __ ret(0);
+
+  // --------------------------------------------------------------------------
+  //                          Deferred code.
+  // --------------------------------------------------------------------------
+
+  // -------------------------------------------------
+  // Param conversion builtins (Wasm type -> JS type).
+  // -------------------------------------------------
+  __ bind(&convert_param);
+
+  // Prepare for builtin call.
+
+  // Need to specify how many heap objects, that should be scanned by GC, are
+  // on the top of the stack. (Only the context).
+  // The builtin expects the parameter to be in register param = rax.
+
+  __ movq(MemOperand(rbp, kExpectedArityOffset), expected_arity);
+  __ movq(MemOperand(rbp, kParamIndexOffset), param_index);
+  __ movq(MemOperand(rbp, kValueTypesArrayStartOffset), valuetypes_array_ptr);
+  __ movq(MemOperand(rbp, kCurrentParamOffset), current_param_slot_offset);
+
+  // When calling Wasm->JS conversion builtins, the top of the stack contains
+  // three additional tagged objects that should be visited during GC: receiver
+  // and callable.
+  __ addq(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          Immediate(3));
+  __ pushq(receiver);
+  __ pushq(callable);
+  __ pushq(context);
+
+  Label param_kWasmI32_not_smi;
+  Label param_kWasmI64;
+  Label param_kWasmF32;
+  Label param_kWasmF64;
+  Label finish_param_conversion;
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(equal, &param_kWasmI32_not_smi);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ j(equal, &param_kWasmI64);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ j(equal, &param_kWasmF32);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ j(equal, &param_kWasmF64);
+
+  // Invalid type. Wasm cannot pass Simd arguments to JavaScript.
+  __ int3();
+
+  __ bind(&param_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmInt32ToHeapNumber),
+          RelocInfo::CODE_TARGET);
+  // Param is the result of the builtin.
+  __ movq(rbx, Immediate(sizeof(int32_t)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmI64);
+  __ movq(param,
+          MemOperand(packed_args, current_param_slot_offset, times_1, 0));
+  __ Call(BUILTIN_CODE(masm->isolate(), I64ToBigInt), RelocInfo::CODE_TARGET);
+  __ movq(rbx, Immediate(sizeof(int64_t)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmF32);
+  __ Movsd(xmm0,
+           MemOperand(packed_args, current_param_slot_offset, times_1, 0));
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat32ToNumber),
+          RelocInfo::CODE_TARGET);
+  __ movq(rbx, Immediate(sizeof(float)));
+  __ jmp(&finish_param_conversion);
+
+  __ bind(&param_kWasmF64);
+  __ movq(xmm0, MemOperand(packed_args, current_param_slot_offset, times_1, 0));
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmFloat64ToNumber),
+          RelocInfo::CODE_TARGET);
+  __ movq(rbx, Immediate(sizeof(double)));
+
+  // Restore after builtin call.
+  __ bind(&finish_param_conversion);
+  __ popq(context);
+  __ popq(callable);
+  __ popq(receiver);
+
+  __ movq(current_param_slot_offset, MemOperand(rbp, kCurrentParamOffset));
+  __ addq(current_param_slot_offset, rbx);
+  __ movq(valuetypes_array_ptr, MemOperand(rbp, kValueTypesArrayStartOffset));
+  __ movq(param_index, MemOperand(rbp, kParamIndexOffset));
+  __ movq(expected_arity, MemOperand(rbp, kExpectedArityOffset));
+  __ movq(packed_args, MemOperand(rbp, kPackedArrayOffset));
+
+  __ movq(MemOperand(rsp, param_index, times_system_pointer_size, 0), param);
+  __ subq(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          Immediate(3));
+  __ jmp(&param_conversion_done);
+
+  // -------------------------------------------
+  // Return conversions (JS type -> Wasm type).
+  // -------------------------------------------
+  __ bind(&convert_return);
+
+  // Save registers in the stack before the builtin call.
+  __ movq(MemOperand(rbp, kResultIndexOffset), result_index);
+  __ movq(MemOperand(rbp, kValueTypesArrayStartOffset), valuetypes_array_ptr);
+  __ movq(MemOperand(rbp, kCurrentResultAddressOffset), packed_args);
+
+  // The following slots should be visited during GC.
+  __ Move(MemOperand(rbp,
+                     WasmToJSInterpreterFrameConstants::kGCScanSlotCountOffset),
+          2);
+  __ pushq(fixed_array);
+  __ pushq(context);
+
+  // The builtin expects the parameter to be in register param = rax.
+
+  // The first valuetype of the array is the return's valuetype.
+  __ movl(valuetype,
+          Operand(valuetypes_array_ptr, wasm::ValueType::bit_field_offset()));
+
+  Label return_kWasmI32;
+  Label return_kWasmI32_not_smi;
+  Label return_kWasmI64;
+  Label return_kWasmF32;
+  Label return_kWasmF64;
+  Label return_kWasmRef;
+
+  // Prepare for builtin call.
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI32.raw_bit_field()));
+  __ j(equal, &return_kWasmI32);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmI64.raw_bit_field()));
+  __ j(equal, &return_kWasmI64);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF32.raw_bit_field()));
+  __ j(equal, &return_kWasmF32);
+
+  __ cmpq(valuetype, Immediate(wasm::kWasmF64.raw_bit_field()));
+  __ j(equal, &return_kWasmF64);
+
+  __ andl(valuetype, Immediate(wasm::kWasmValueKindBitsMask));
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRefNull));
+  __ j(equal, &return_kWasmRef);
+  __ cmpq(valuetype, Immediate(wasm::ValueKind::kRef));
+  __ j(equal, &return_kWasmRef);
+
+  // Invalid type. JavaScript cannot return Simd results to WebAssembly.
+  __ int3();
+
+  __ bind(&return_kWasmI32);
+  __ JumpIfNotSmi(return_reg, &return_kWasmI32_not_smi);
+  // Change the param from Smi to int32.
+  __ SmiUntag(return_reg);
+  // Zero extend.
+  __ movl(return_reg, return_reg);
+  __ movl(MemOperand(packed_args, 0), return_reg);
+  __ addq(packed_args, Immediate(sizeof(int32_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmI32_not_smi);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedNonSmiToInt32),
+          RelocInfo::CODE_TARGET);
+  __ AssertZeroExtended(return_reg);
+  __ movq(packed_args, MemOperand(rbp, kCurrentResultAddressOffset));
+  __ movl(MemOperand(packed_args, 0), return_reg);
+  __ addq(packed_args, Immediate(sizeof(int32_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmI64);
+  __ Call(BUILTIN_CODE(masm->isolate(), BigIntToI64), RelocInfo::CODE_TARGET);
+  __ movq(packed_args, MemOperand(rbp, kCurrentResultAddressOffset));
+  __ movq(MemOperand(packed_args, 0), return_reg);
+  __ addq(packed_args, Immediate(sizeof(int64_t)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmF32);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat32),
+          RelocInfo::CODE_TARGET);
+  __ movq(packed_args, MemOperand(rbp, kCurrentResultAddressOffset));
+  __ Movss(MemOperand(packed_args, 0), xmm0);
+  __ addq(packed_args, Immediate(sizeof(float)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmF64);
+  __ Call(BUILTIN_CODE(masm->isolate(), WasmTaggedToFloat64),
+          RelocInfo::CODE_TARGET);
+  __ movq(packed_args, MemOperand(rbp, kCurrentResultAddressOffset));
+  __ Movsd(MemOperand(packed_args, 0), xmm0);
+  __ addq(packed_args, Immediate(sizeof(double)));
+  __ jmp(&return_done);
+
+  __ bind(&return_kWasmRef);
+  __ movq(MemOperand(packed_args, 0), return_reg);
+  __ addq(packed_args, Immediate(kSystemPointerSize));
+  __ jmp(&return_done);
+}
+
+#ifndef V8_DRUMBRAKE_BOUNDS_CHECKS
+
+namespace {
+
+enum IntMemoryType {
+  kIntS8,
+  kIntU8,
+  kIntS16,
+  kIntU16,
+  kIntS32,
+  kIntU32,
+  kInt64
+};
+
+enum IntValueType { kValueInt32, kValueInt64 };
+
+enum FloatType { kFloat32, kFloat64 };
+
+void EmitLoadInstruction(MacroAssembler* masm, Register result,
+                         Register memory_start, Register memory_index,
+                         IntValueType value_type, IntMemoryType memory_type) {
+  switch (memory_type) {
+    case kInt64:
+      switch (value_type) {
+        case kValueInt64:
+          __ movq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    case kIntS32:
+      switch (value_type) {
+        case kValueInt64:
+          __ movsxlq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        case kValueInt32:
+          __ movl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+      }
+      break;
+    case kIntU32:
+      switch (value_type) {
+        case kValueInt64:
+          __ movl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        default:
+          UNREACHABLE();
+      }
+      break;
+    case kIntS16:
+      switch (value_type) {
+        case kValueInt64:
+          __ movsxwq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        case kValueInt32:
+          __ movsxwl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+      }
+      break;
+    case kIntU16:
+      switch (value_type) {
+        case kValueInt64:
+          __ movzxwq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        case kValueInt32:
+          __ movzxwl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+      }
+      break;
+    case kIntS8:
+      switch (value_type) {
+        case kValueInt64:
+          __ movsxbq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        case kValueInt32:
+          __ movsxbl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+      }
+      break;
+    case kIntU8:
+      switch (value_type) {
+        case kValueInt64:
+          __ movzxbq(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+        case kValueInt32:
+          __ movzxbl(result, Operand(memory_start, memory_index, times_1, 0));
+          break;
+      }
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+void EmitLoadInstruction(MacroAssembler* masm, Register memory_start,
+                         Register memory_offset, XMMRegister result,
+                         FloatType float_type) {
+  switch (float_type) {
+    case kFloat32:
+      __ movss(xmm0, Operand(memory_start, memory_offset, times_1, 0));
+      __ cvtss2sd(result, xmm0);
+      break;
+    case kFloat64:
+      __ movsd(result, Operand(memory_start, memory_offset, times_1, 0));
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+void EmitLoadInstruction(MacroAssembler* masm, Register memory_start,
+                         Register memory_offset, Register sp,
+                         Register slot_offset, FloatType float_type) {
+  switch (float_type) {
+    case kFloat32:
+      __ movss(xmm0, Operand(memory_start, memory_offset, times_1, 0));
+      __ movss(Operand(sp, slot_offset, times_4, 0), xmm0);
+      break;
+    case kFloat64:
+      __ movsd(xmm0, Operand(memory_start, memory_offset, times_1, 0));
+      __ movsd(Operand(sp, slot_offset, times_4, 0), xmm0);
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+void WriteToSlot(MacroAssembler* masm, Register sp, Register slot_offset,
+                 Register value, IntValueType value_type) {
+  switch (value_type) {
+    case kValueInt64:
+      __ movq(Operand(sp, slot_offset, times_4, 0), value);
+      break;
+    case kValueInt32:
+      __ movl(Operand(sp, slot_offset, times_4, 0), value);
+      break;
+  }
+}
+
+void EmitStoreInstruction(MacroAssembler* masm, Register value,
+                          Register memory_start, Register memory_index,
+                          IntMemoryType memory_type) {
+  switch (memory_type) {
+    case kInt64:
+      __ movq(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    case kIntS32:
+      __ movl(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    case kIntS16:
+      __ movw(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    case kIntS8:
+      __ movb(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+void EmitStoreInstruction(MacroAssembler* masm, XMMRegister value,
+                          Register memory_start, Register memory_index,
+                          FloatType float_type) {
+  switch (float_type) {
+    case kFloat32:
+      __ movss(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    case kFloat64:
+      __ movsd(Operand(memory_start, memory_index, times_1, 0), value);
+      break;
+    default:
+      UNREACHABLE();
+  }
+}
+
+void EmitLoadNextInstructionId(MacroAssembler* masm, Register next_handler_id,
+                               Register code, uint32_t code_offset) {
+  // An InstructionHandler id is stored in the WasmBytecode as a uint16_t, so we
+  // need to move a 16-bit word here.
+  __ movzxwq(next_handler_id, MemOperand(code, code_offset));
+
+  // Currently, there cannot be more than kInstructionTableSize = 1024 different
+  // handlers, so (for additional security) we do a bitwise AND with 1023 to
+  // make sure some attacker might somehow generate invalid WasmBytecode data
+  // and force an indirect jump through memory outside the handler table.
+  __ andq(next_handler_id, Immediate(wasm::kInstructionTableMask));
+}
+
+void Generate_r2r_ILoadMem(MacroAssembler* masm, IntValueType value_type,
+                           IntMemoryType memory_type) {
+  Register code = rcx;
+  Register wasm_runtime = r8;
+  Register memory_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ movl(memory_index, memory_index);
+  __ addq(memory_offset, memory_index);
+
+  Register result = r9;
+  EmitLoadInstruction(masm, result, memory_start, memory_offset, value_type,
+                      memory_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x08);
+  __ addq(code, Immediate(0x0a));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2r_FLoadMem(MacroAssembler* masm, FloatType float_type) {
+  Register code = rcx;
+  Register wasm_runtime = r8;
+  Register memory_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ movl(memory_index, memory_index);
+  __ addq(memory_offset, memory_index);
+
+  EmitLoadInstruction(masm, memory_start, memory_offset, xmm4, float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x08);
+  __ addq(code, Immediate(0x0a));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_ILoadMem(MacroAssembler* masm, IntValueType value_type,
+                           IntMemoryType memory_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+  Register memory_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ movl(memory_index, memory_index);
+  __ addq(memory_offset, memory_index);
+
+  Register value = r10;
+  EmitLoadInstruction(masm, value, memory_start, memory_offset, value_type,
+                      memory_type);
+
+  Register slot_offset = rax;
+  __ movl(slot_offset, MemOperand(code, 0x08));
+
+  WriteToSlot(masm, sp, slot_offset, value, value_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_FLoadMem(MacroAssembler* masm, FloatType float_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+  Register memory_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ movl(memory_index, memory_index);
+  __ addq(memory_offset, memory_index);
+
+  Register slot_offset = r11;
+  __ movl(slot_offset, MemOperand(code, 0x08));
+
+  EmitLoadInstruction(masm, memory_start, memory_offset, sp, slot_offset,
+                      float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2r_ILoadMem(MacroAssembler* masm, IntValueType value_type,
+                           IntMemoryType memory_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r9;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_index_slot_offset = rax;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x08));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  Register value = r9;
+  EmitLoadInstruction(masm, value, memory_start, memory_offset, value_type,
+                      memory_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2r_FLoadMem(MacroAssembler* masm, FloatType float_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_index_slot_offset = rax;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x08));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  EmitLoadInstruction(masm, memory_start, memory_offset, xmm4, float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_ILoadMem(MacroAssembler* masm, IntValueType value_type,
+                           IntMemoryType memory_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register pop_slot_offset = rax;
+  __ movl(pop_slot_offset, MemOperand(code, 0x08));
+
+  Register push_slot_offset = r11;
+  __ movl(push_slot_offset, MemOperand(code, 0x0c));
+
+  Register memory_index = r9;
+  __ movl(memory_index, Operand(sp, pop_slot_offset, times_4, 0));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ addq(memory_offset, memory_index);
+
+  Register value = rax;
+  EmitLoadInstruction(masm, value, memory_start, memory_offset, value_type,
+                      memory_type);
+
+  WriteToSlot(masm, sp, push_slot_offset, value, value_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_FLoadMem(MacroAssembler* masm, FloatType float_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register slot_offset = rax;
+  __ movl(slot_offset, MemOperand(code, 0x08));
+
+  Register push_slot_offset = r11;
+  __ movl(push_slot_offset, MemOperand(code, 0x0c));
+
+  Register memory_index = r9;
+  __ movl(memory_index, Operand(sp, slot_offset, times_4, 0));
+
+  Register memory_offset = rax;
+  __ movq(memory_offset, MemOperand(code, 0x00));
+  __ addq(memory_offset, memory_index);
+
+  EmitLoadInstruction(masm, memory_start, memory_offset, sp, push_slot_offset,
+                      float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_ILoadMem_LocalSet(MacroAssembler* masm,
+                                    IntValueType value_type,
+                                    IntMemoryType memory_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register pop_slot_offset = rax;
+  __ movl(pop_slot_offset, MemOperand(code, 0x08));
+
+  Register push_slot_offset = r11;
+  __ movl(push_slot_offset, MemOperand(code, 0x0c));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, pop_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  Register value = rax;
+  EmitLoadInstruction(masm, value, memory_start, memory_offset, value_type,
+                      memory_type);
+
+  WriteToSlot(masm, sp, push_slot_offset, value, value_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_FLoadMem_LocalSet(MacroAssembler* masm,
+                                    FloatType float_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register pop_slot_offset = rax;
+  __ movl(pop_slot_offset, MemOperand(code, 0x08));
+
+  Register push_slot_offset = r11;
+  __ movl(push_slot_offset, MemOperand(code, 0x0c));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, pop_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  EmitLoadInstruction(masm, memory_start, memory_offset, sp, push_slot_offset,
+                      float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_IStoreMem(MacroAssembler* masm, IntValueType /*value_type*/,
+                            IntMemoryType memory_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+  Register value = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_index_slot_offset = rax;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x08));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  EmitStoreInstruction(masm, value, memory_start, memory_offset, memory_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_FStoreMem(MacroAssembler* masm, FloatType float_type) {
+  Register code = rcx;
+  Register sp = rdx;
+  Register wasm_runtime = r8;
+
+  XMMRegister value = xmm4;
+  if (float_type == kFloat32) {
+    __ cvtsd2ss(value, xmm4);
+  }
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_index_slot_offset = rax;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x08));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, Operand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x00));
+
+  EmitStoreInstruction(masm, value, memory_start, memory_offset, float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x0c);
+  __ addq(code, Immediate(0x0e));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_IStoreMem(MacroAssembler* masm, IntValueType /*value_type*/,
+                            IntMemoryType memory_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+
+  Register value_slot_offset = rax;
+  __ movl(value_slot_offset, MemOperand(code, 0x00));
+
+  Register memory_index_slot_offset = r10;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x0c));
+
+  Register value = r11;
+  switch (memory_type) {
+    case kInt64:
+      __ movq(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    case kIntS32:
+      __ movl(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    case kIntS16:
+      __ movw(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    case kIntS8:
+      __ movb(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    default:
+      UNREACHABLE();
+  }
+
+  Register memory_start = r9;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, MemOperand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x04));
+
+  EmitStoreInstruction(masm, value, memory_start, memory_offset, memory_type);
+
+  Register next_handler_id = rax;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = r9;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_FStoreMem(MacroAssembler* masm, FloatType float_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+
+  Register value_slot_offset = rax;
+  __ movl(value_slot_offset, MemOperand(code, 0x00));
+
+  Register memory_index_slot_offset = r10;
+  __ movl(memory_index_slot_offset, MemOperand(code, 0x0c));
+
+  XMMRegister value = xmm0;
+  switch (float_type) {
+    case kFloat32:
+      __ movss(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    case kFloat64:
+      __ movsd(value, MemOperand(sp, value_slot_offset, times_4, 0));
+      break;
+    default:
+      UNREACHABLE();
+  }
+
+  Register memory_start = r11;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register memory_offset = rax;
+  __ movl(memory_offset, MemOperand(sp, memory_index_slot_offset, times_4, 0));
+  __ addq(memory_offset, MemOperand(code, 0x04));
+
+  EmitStoreInstruction(masm, value, memory_start, memory_offset, float_type);
+
+  Register next_handler_id = r10;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x10);
+  __ addq(code, Immediate(0x12));
+
+  Register instr_table = rax;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_ILoadStoreMem(MacroAssembler* masm, IntValueType value_type,
+                                IntMemoryType memory_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+  Register load_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register load_offset = r11;
+  __ movq(load_offset, MemOperand(code, 0x00));
+  __ movl(load_index, load_index);
+  __ addq(load_offset, load_index);
+
+  Register value = rax;
+  EmitLoadInstruction(masm, value, memory_start, load_offset, value_type,
+                      memory_type);
+
+  Register store_index_slot_offset = r9;
+  __ movl(store_index_slot_offset, MemOperand(code, 0x10));
+
+  Register store_offset = r11;
+  __ movl(store_offset, MemOperand(sp, store_index_slot_offset, times_4, 0));
+  __ addq(store_offset, MemOperand(code, 0x08));
+
+  EmitStoreInstruction(masm, value, memory_start, store_offset, memory_type);
+
+  Register next_handler_id = rax;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x14);
+  __ addq(code, Immediate(0x16));
+
+  Register instr_table = r9;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_ILoadStoreMem(MacroAssembler* masm, IntValueType value_type,
+                                IntMemoryType memory_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register load_index_slot_offset = r9;
+  __ movl(load_index_slot_offset, MemOperand(code, 0x08));
+
+  Register load_offset = r11;
+  __ movl(load_offset, Operand(sp, load_index_slot_offset, times_4, 0));
+  __ addq(load_offset, MemOperand(code, 0x00));
+
+  Register value = rax;
+  EmitLoadInstruction(masm, value, memory_start, load_offset, value_type,
+                      memory_type);
+
+  Register store_index_slot_offset = r9;
+  __ movl(store_index_slot_offset, MemOperand(code, 0x14));
+
+  Register store_offset = r11;
+  __ movl(store_offset, MemOperand(sp, store_index_slot_offset, times_4, 0));
+  __ addq(store_offset, MemOperand(code, 0x0c));
+
+  EmitStoreInstruction(masm, value, memory_start, store_offset, memory_type);
+
+  Register next_handler_id = rax;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x18);
+  __ addq(code, Immediate(0x1a));
+
+  Register instr_table = r9;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_r2s_FLoadStoreMem(MacroAssembler* masm, FloatType float_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+  Register load_index = r9;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register load_offset = r11;
+  __ movq(load_offset, MemOperand(code, 0x00));
+  __ movl(load_index, load_index);
+  __ addq(load_offset, load_index);
+
+  XMMRegister value = xmm0;
+  switch (float_type) {
+    case kFloat32:
+      __ movss(value, Operand(memory_start, load_offset, times_1, 0));
+      break;
+    case kFloat64:
+      __ movsd(value, Operand(memory_start, load_offset, times_1, 0));
+      break;
+    default:
+      UNREACHABLE();
+  }
+
+  Register store_index_slot_offset = r9;
+  __ movl(store_index_slot_offset, MemOperand(code, 0x10));
+
+  Register store_offset = r11;
+  __ movl(store_offset, MemOperand(sp, store_index_slot_offset, times_4, 0));
+  __ addq(store_offset, MemOperand(code, 0x08));
+
+  EmitStoreInstruction(masm, value, memory_start, store_offset, float_type);
+
+  Register next_handler_id = rax;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x14);
+  __ addq(code, Immediate(0x16));
+
+  Register instr_table = r9;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+void Generate_s2s_FLoadStoreMem(MacroAssembler* masm, FloatType float_type) {
+  Register sp = rdx;
+  Register code = rcx;
+  Register wasm_runtime = r8;
+
+  Register memory_start = r10;
+  __ movq(memory_start,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::memory_start_offset()));
+
+  Register load_index_slot_offset = r9;
+  __ movl(load_index_slot_offset, MemOperand(code, 0x08));
+
+  Register load_offset = r11;
+  __ movl(load_offset, Operand(sp, load_index_slot_offset, times_4, 0));
+  __ addq(load_offset, MemOperand(code, 0x00));
+
+  XMMRegister value = xmm0;
+  switch (float_type) {
+    case kFloat32:
+      __ movss(value, Operand(memory_start, load_offset, times_1, 0));
+      break;
+    case kFloat64:
+      __ movsd(value, Operand(memory_start, load_offset, times_1, 0));
+      break;
+    default:
+      UNREACHABLE();
+  }
+
+  Register store_index_slot_offset = r9;
+  __ movl(store_index_slot_offset, MemOperand(code, 0x14));
+
+  Register store_offset = r11;
+  __ movl(store_offset, MemOperand(sp, store_index_slot_offset, times_4, 0));
+  __ addq(store_offset, MemOperand(code, 0x0c));
+
+  EmitStoreInstruction(masm, value, memory_start, store_offset, float_type);
+
+  Register next_handler_id = rax;
+  EmitLoadNextInstructionId(masm, next_handler_id, code, 0x18);
+  __ addq(code, Immediate(0x1a));
+
+  Register instr_table = r9;
+  __ movq(instr_table,
+          MemOperand(wasm_runtime,
+                     wasm::WasmInterpreterRuntime::instruction_table_offset()));
+
+  Register next_handler_addr = rax;
+  __ movq(next_handler_addr,
+          MemOperand(instr_table, next_handler_id, times_8, 0));
+  __ jmp(next_handler_addr);
+}
+
+}  // namespace
+
+void Builtins::Generate_r2r_I32LoadMem8S(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_r2r_I32LoadMem8U(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt32, kIntU8);
+}
+void Builtins::Generate_r2r_I32LoadMem16S(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_r2r_I32LoadMem16U(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt32, kIntU16);
+}
+void Builtins::Generate_r2r_I64LoadMem8S(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_r2r_I64LoadMem8U(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntU8);
+}
+void Builtins::Generate_r2r_I64LoadMem16S(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_r2r_I64LoadMem16U(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntU16);
+}
+void Builtins::Generate_r2r_I64LoadMem32S(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_r2r_I64LoadMem32U(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kIntU32);
+}
+void Builtins::Generate_r2r_I32LoadMem(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_r2r_I64LoadMem(MacroAssembler* masm) {
+  return Generate_r2r_ILoadMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_r2r_F32LoadMem(MacroAssembler* masm) {
+  return Generate_r2r_FLoadMem(masm, kFloat32);
+}
+void Builtins::Generate_r2r_F64LoadMem(MacroAssembler* masm) {
+  return Generate_r2r_FLoadMem(masm, kFloat64);
+}
+
+void Builtins::Generate_r2s_I32LoadMem8S(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_r2s_I32LoadMem8U(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt32, kIntU8);
+}
+void Builtins::Generate_r2s_I32LoadMem16S(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_r2s_I32LoadMem16U(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt32, kIntU16);
+}
+void Builtins::Generate_r2s_I64LoadMem8S(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_r2s_I64LoadMem8U(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntU8);
+}
+void Builtins::Generate_r2s_I64LoadMem16S(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_r2s_I64LoadMem16U(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntU16);
+}
+void Builtins::Generate_r2s_I64LoadMem32S(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_r2s_I64LoadMem32U(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kIntU32);
+}
+void Builtins::Generate_r2s_I32LoadMem(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_r2s_I64LoadMem(MacroAssembler* masm) {
+  return Generate_r2s_ILoadMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_r2s_F32LoadMem(MacroAssembler* masm) {
+  return Generate_r2s_FLoadMem(masm, kFloat32);
+}
+void Builtins::Generate_r2s_F64LoadMem(MacroAssembler* masm) {
+  return Generate_r2s_FLoadMem(masm, kFloat64);
+}
+
+void Builtins::Generate_s2r_I32LoadMem8S(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_s2r_I32LoadMem8U(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt32, kIntU8);
+}
+void Builtins::Generate_s2r_I32LoadMem16S(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_s2r_I32LoadMem16U(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt32, kIntU16);
+}
+void Builtins::Generate_s2r_I64LoadMem8S(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_s2r_I64LoadMem8U(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntU8);
+}
+void Builtins::Generate_s2r_I64LoadMem16S(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_s2r_I64LoadMem16U(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntU16);
+}
+void Builtins::Generate_s2r_I64LoadMem32S(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_s2r_I64LoadMem32U(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kIntU32);
+}
+void Builtins::Generate_s2r_I32LoadMem(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_s2r_I64LoadMem(MacroAssembler* masm) {
+  return Generate_s2r_ILoadMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_s2r_F32LoadMem(MacroAssembler* masm) {
+  return Generate_s2r_FLoadMem(masm, kFloat32);
+}
+void Builtins::Generate_s2r_F64LoadMem(MacroAssembler* masm) {
+  return Generate_s2r_FLoadMem(masm, kFloat64);
+}
+
+void Builtins::Generate_s2s_I32LoadMem8S(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_s2s_I32LoadMem8U(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt32, kIntU8);
+}
+void Builtins::Generate_s2s_I32LoadMem16S(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_s2s_I32LoadMem16U(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt32, kIntU16);
+}
+void Builtins::Generate_s2s_I64LoadMem8S(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_s2s_I64LoadMem8U(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntU8);
+}
+void Builtins::Generate_s2s_I64LoadMem16S(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_s2s_I64LoadMem16U(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntU16);
+}
+void Builtins::Generate_s2s_I64LoadMem32S(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_s2s_I64LoadMem32U(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kIntU32);
+}
+void Builtins::Generate_s2s_I32LoadMem(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_s2s_I64LoadMem(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_s2s_F32LoadMem(MacroAssembler* masm) {
+  return Generate_s2s_FLoadMem(masm, kFloat32);
+}
+void Builtins::Generate_s2s_F64LoadMem(MacroAssembler* masm) {
+  return Generate_s2s_FLoadMem(masm, kFloat64);
+}
+
+void Builtins::Generate_s2s_I32LoadMem8S_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_s2s_I32LoadMem8U_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt32, kIntU8);
+}
+void Builtins::Generate_s2s_I32LoadMem16S_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_s2s_I32LoadMem16U_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt32, kIntU16);
+}
+void Builtins::Generate_s2s_I64LoadMem8S_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_s2s_I64LoadMem8U_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntU8);
+}
+void Builtins::Generate_s2s_I64LoadMem16S_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_s2s_I64LoadMem16U_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntU16);
+}
+void Builtins::Generate_s2s_I64LoadMem32S_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_s2s_I64LoadMem32U_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kIntU32);
+}
+void Builtins::Generate_s2s_I32LoadMem_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_s2s_I64LoadMem_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_ILoadMem_LocalSet(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_s2s_F32LoadMem_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_FLoadMem_LocalSet(masm, kFloat32);
+}
+void Builtins::Generate_s2s_F64LoadMem_LocalSet(MacroAssembler* masm) {
+  return Generate_s2s_FLoadMem_LocalSet(masm, kFloat64);
+}
+
+void Builtins::Generate_r2s_I32StoreMem8(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_r2s_I32StoreMem16(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_r2s_I64StoreMem8(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_r2s_I64StoreMem16(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_r2s_I64StoreMem32(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_r2s_I32StoreMem(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_r2s_I64StoreMem(MacroAssembler* masm) {
+  return Generate_r2s_IStoreMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_r2s_F32StoreMem(MacroAssembler* masm) {
+  return Generate_r2s_FStoreMem(masm, kFloat32);
+}
+void Builtins::Generate_r2s_F64StoreMem(MacroAssembler* masm) {
+  return Generate_r2s_FStoreMem(masm, kFloat64);
+}
+
+void Builtins::Generate_s2s_I32StoreMem8(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt32, kIntS8);
+}
+void Builtins::Generate_s2s_I32StoreMem16(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt32, kIntS16);
+}
+void Builtins::Generate_s2s_I64StoreMem8(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt64, kIntS8);
+}
+void Builtins::Generate_s2s_I64StoreMem16(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt64, kIntS16);
+}
+void Builtins::Generate_s2s_I64StoreMem32(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt64, kIntS32);
+}
+void Builtins::Generate_s2s_I32StoreMem(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_s2s_I64StoreMem(MacroAssembler* masm) {
+  return Generate_s2s_IStoreMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_s2s_F32StoreMem(MacroAssembler* masm) {
+  return Generate_s2s_FStoreMem(masm, kFloat32);
+}
+void Builtins::Generate_s2s_F64StoreMem(MacroAssembler* masm) {
+  return Generate_s2s_FStoreMem(masm, kFloat64);
+}
+
+void Builtins::Generate_r2s_I32LoadStoreMem(MacroAssembler* masm) {
+  return Generate_r2s_ILoadStoreMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_r2s_I64LoadStoreMem(MacroAssembler* masm) {
+  return Generate_r2s_ILoadStoreMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_r2s_F32LoadStoreMem(MacroAssembler* masm) {
+  return Generate_r2s_FLoadStoreMem(masm, kFloat32);
+}
+void Builtins::Generate_r2s_F64LoadStoreMem(MacroAssembler* masm) {
+  return Generate_r2s_FLoadStoreMem(masm, kFloat64);
+}
+void Builtins::Generate_s2s_I32LoadStoreMem(MacroAssembler* masm) {
+  return Generate_s2s_ILoadStoreMem(masm, kValueInt32, kIntS32);
+}
+void Builtins::Generate_s2s_I64LoadStoreMem(MacroAssembler* masm) {
+  return Generate_s2s_ILoadStoreMem(masm, kValueInt64, kInt64);
+}
+void Builtins::Generate_s2s_F32LoadStoreMem(MacroAssembler* masm) {
+  return Generate_s2s_FLoadStoreMem(masm, kFloat32);
+}
+void Builtins::Generate_s2s_F64LoadStoreMem(MacroAssembler* masm) {
+  return Generate_s2s_FLoadStoreMem(masm, kFloat64);
+}
+
+#endif  // !V8_DRUMBRAKE_BOUNDS_CHECKS
+
+#endif  // V8_ENABLE_WEBASSEMBLY
+
+#undef __
+
+}  // namespace internal
+}  // namespace v8
diff --git a/deps/v8/src/wasm/memory-tracing.cc b/deps/v8/src/wasm/memory-tracing.cc
index ecf344add2894b..01a34f7be5aef4 100644
--- a/deps/v8/src/wasm/memory-tracing.cc
+++ b/deps/v8/src/wasm/memory-tracing.cc
@@ -10,11 +10,9 @@
 #include "src/base/strings.h"
 #include "src/base/vector.h"
 
-namespace v8 {
-namespace internal {
-namespace wasm {
+namespace v8::internal::wasm {
 
-void TraceMemoryOperation(base::Optional<ExecutionTier> tier,
+void TraceMemoryOperation(std::optional<ExecutionTier> tier,
                           const MemoryTracingInfo* info, int func_index,
                           int position, uint8_t* mem_start) {
   base::EmbeddedVector<char, 91> value;
@@ -55,6 +53,4 @@ void TraceMemoryOperation(base::Optional<ExecutionTier> tier,
          value.begin());
 }
 
-}  // namespace wasm
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::wasm
diff --git a/deps/v8/src/wasm/memory-tracing.h b/deps/v8/src/wasm/memory-tracing.h
index 450fc61d0d310d..dbb362798d0879 100644
--- a/deps/v8/src/wasm/memory-tracing.h
+++ b/deps/v8/src/wasm/memory-tracing.h
@@ -10,14 +10,12 @@
 #define V8_WASM_MEMORY_TRACING_H_
 
 #include <cstdint>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/codegen/machine-type.h"
 #include "src/wasm/wasm-tier.h"
 
-namespace v8 {
-namespace internal {
-namespace wasm {
+namespace v8::internal::wasm {
 
 // This struct is create in generated code, hence use low-level types.
 struct MemoryTracingInfo {
@@ -37,13 +35,11 @@ struct MemoryTracingInfo {
 
 // Callback for tracing a memory operation for debugging.
 // Triggered by --wasm-trace-memory.
-V8_EXPORT_PRIVATE void TraceMemoryOperation(base::Optional<ExecutionTier>,
+V8_EXPORT_PRIVATE void TraceMemoryOperation(std::optional<ExecutionTier>,
                                             const MemoryTracingInfo* info,
                                             int func_index, int position,
                                             uint8_t* mem_start);
 
-}  // namespace wasm
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::wasm
 
 #endif  // V8_WASM_MEMORY_TRACING_H_
diff --git a/deps/v8/src/wasm/module-compiler.cc b/deps/v8/src/wasm/module-compiler.cc
index 36cd5eb3113cd6..e2e2e3389721bd 100644
--- a/deps/v8/src/wasm/module-compiler.cc
+++ b/deps/v8/src/wasm/module-compiler.cc
@@ -11,7 +11,6 @@
 
 #include "src/api/api-inl.h"
 #include "src/base/enum-set.h"
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/base/platform/semaphore.h"
 #include "src/base/platform/time.h"
@@ -173,8 +172,8 @@ class CompilationUnitQueues {
     return queues_[task_id].get();
   }
 
-  base::Optional<WasmCompilationUnit> GetNextUnit(Queue* queue,
-                                                  CompilationTier tier) {
+  std::optional<WasmCompilationUnit> GetNextUnit(Queue* queue,
+                                                 CompilationTier tier) {
     DCHECK_LT(tier, CompilationTier::kNumTiers);
     if (auto unit = GetNextUnitOfTier(queue, tier)) {
       [[maybe_unused]] size_t old_units_count =
@@ -204,7 +203,7 @@ class CompilationUnitQueues {
     }
 
     base::MutexGuard guard(&queue->mutex);
-    base::Optional<base::MutexGuard> big_units_guard;
+    std::optional<base::MutexGuard> big_units_guard;
     for (auto pair :
          {std::make_pair(CompilationTier::kBaseline, baseline_units),
           std::make_pair(CompilationTier::kTopTier, top_tier_units)}) {
@@ -345,8 +344,8 @@ class CompilationUnitQueues {
     return next == static_cast<int>(num_queues) ? 0 : next;
   }
 
-  base::Optional<WasmCompilationUnit> GetNextUnitOfTier(Queue* public_queue,
-                                                        int tier) {
+  std::optional<WasmCompilationUnit> GetNextUnitOfTier(Queue* public_queue,
+                                                       int tier) {
     QueueImpl* queue = static_cast<QueueImpl*>(public_queue);
 
     // First check whether there is a priority unit. Execute that first.
@@ -391,7 +390,7 @@ class CompilationUnitQueues {
     return {};
   }
 
-  base::Optional<WasmCompilationUnit> GetBigUnitOfTier(int tier) {
+  std::optional<WasmCompilationUnit> GetBigUnitOfTier(int tier) {
     // Fast path without locking.
     if (!big_units_queue_.has_units[tier].load(std::memory_order_relaxed)) {
       return {};
@@ -406,7 +405,7 @@ class CompilationUnitQueues {
     return unit;
   }
 
-  base::Optional<WasmCompilationUnit> GetTopTierPriorityUnit(QueueImpl* queue) {
+  std::optional<WasmCompilationUnit> GetTopTierPriorityUnit(QueueImpl* queue) {
     // Fast path without locking.
     if (num_priority_units_.load(std::memory_order_relaxed) == 0) {
       return {};
@@ -452,13 +451,13 @@ class CompilationUnitQueues {
   // first stolen unit (rest put in queue of {task_id}), or {nullopt} if
   // {steal_from_task_id} had no units of {wanted_tier}.
   // Hold a shared lock on {queues_mutex_} when calling this method.
-  base::Optional<WasmCompilationUnit> StealUnitsAndGetFirst(
+  std::optional<WasmCompilationUnit> StealUnitsAndGetFirst(
       QueueImpl* queue, int steal_from_task_id, int wanted_tier) {
     auto* steal_queue = queues_[steal_from_task_id].get();
     // Cannot steal from own queue.
     if (steal_queue == queue) return {};
     std::vector<WasmCompilationUnit> stolen;
-    base::Optional<WasmCompilationUnit> returned_unit;
+    std::optional<WasmCompilationUnit> returned_unit;
     {
       base::MutexGuard guard(&steal_queue->mutex);
       auto* steal_from_vector = &steal_queue->units[wanted_tier];
@@ -479,12 +478,12 @@ class CompilationUnitQueues {
   // Steal one priority unit from {steal_from_task_id} to {task_id}. Return
   // stolen unit, or {nullopt} if {steal_from_task_id} had no priority units.
   // Hold a shared lock on {queues_mutex_} when calling this method.
-  base::Optional<WasmCompilationUnit> StealTopTierPriorityUnit(
+  std::optional<WasmCompilationUnit> StealTopTierPriorityUnit(
       QueueImpl* queue, int steal_from_task_id) {
     auto* steal_queue = queues_[steal_from_task_id].get();
     // Cannot steal from own queue.
     if (steal_queue == queue) return {};
-    base::Optional<WasmCompilationUnit> returned_unit;
+    std::optional<WasmCompilationUnit> returned_unit;
     {
       base::MutexGuard guard(&steal_queue->mutex);
       while (true) {
@@ -635,7 +634,7 @@ class CompilationStateImpl {
 
   CompilationUnitQueues::Queue* GetQueueForCompileTask(int task_id);
 
-  base::Optional<WasmCompilationUnit> GetNextCompilationUnit(
+  std::optional<WasmCompilationUnit> GetNextCompilationUnit(
       CompilationUnitQueues::Queue*, CompilationTier tier);
 
   JSToWasmWrapperCompilationUnit* GetJSToWasmWrapperCompilationUnit(
@@ -1088,12 +1087,6 @@ class CompilationUnitBuilder {
   explicit CompilationUnitBuilder(NativeModule* native_module)
       : native_module_(native_module) {}
 
-  void AddImportUnit(uint32_t func_index) {
-    DCHECK_GT(native_module_->module()->num_imported_functions, func_index);
-    baseline_units_.emplace_back(func_index, ExecutionTier::kNone,
-                                 kNotForDebugging);
-  }
-
   void AddJSToWasmWrapperUnit(JSToWasmWrapperCompilationUnit unit) {
     js_to_wasm_wrapper_units_.emplace_back(std::move(unit));
   }
@@ -1196,7 +1189,7 @@ bool CompileLazy(Isolate* isolate,
   // Put the timer scope around everything, including the {CodeSpaceWriteScope}
   // and its destruction, to measure complete overhead (apart from the runtime
   // function itself, which has constant overhead).
-  base::Optional<CompileLazyTimingScope> lazy_compile_time_scope;
+  std::optional<CompileLazyTimingScope> lazy_compile_time_scope;
   if (base::TimeTicks::IsHighResolution()) {
     lazy_compile_time_scope.emplace(counters, native_module);
   }
@@ -1370,7 +1363,7 @@ class FeedbackMaker {
     Tagged<WasmInternalFunction> internal_function =
         Cast<WasmFuncRef>(funcref)->internal(isolate_);
     // Only consider wasm function declared in this instance.
-    if (internal_function->ref() != instance_data_) {
+    if (internal_function->implicit_arg() != instance_data_) {
       has_non_inlineable_targets_ = true;
       return;
     }
@@ -1531,7 +1524,7 @@ void TransitiveTypeFeedbackProcessor::ProcessFunction(int func_index) {
       // if the call count is zero. Once TurboFan is gone, revisit if we can
       // avoid this (similar to how we do for call_ref/call_indirect today).
       fm.AddCall(static_cast<int>(sentinel_or_target), count);
-    } else if (IsSmi(first_slot) && Smi::ToInt(second_slot) == 0) {
+    } else if (IsSmi(second_slot) && Smi::ToInt(second_slot) == 0) {
       // Uninitialized call_ref or call_indirect.
       DCHECK_EQ(Smi::ToInt(first_slot), 0);
       if (v8_flags.trace_wasm_inlining) {
@@ -1928,9 +1921,13 @@ CompilationExecutionResult ExecuteCompilationUnits(
     std::weak_ptr<NativeModule> native_module, Counters* counters,
     JobDelegate* delegate, CompilationTier tier) {
   TRACE_EVENT0("v8.wasm", "wasm.ExecuteCompilationUnits");
+
+  // Compilation must be disabled in jitless mode.
+  CHECK(!v8_flags.wasm_jitless);
+
   // These fields are initialized in a {BackgroundCompileScope} before
   // starting compilation.
-  base::Optional<CompilationEnv> env;
+  std::optional<CompilationEnv> env;
   std::shared_ptr<WireBytesStorage> wire_bytes;
   std::shared_ptr<const WasmModule> module;
   // Task 0 is any main thread (there might be multiple from multiple isolates),
@@ -1939,7 +1936,7 @@ CompilationExecutionResult ExecuteCompilationUnits(
   int task_id = delegate ? (int{delegate->GetTaskId()} + 1) : kMainTaskId;
   DCHECK_LE(0, task_id);
   CompilationUnitQueues::Queue* queue;
-  base::Optional<WasmCompilationUnit> unit;
+  std::optional<WasmCompilationUnit> unit;
 
   WasmDetectedFeatures global_detected_features;
 
@@ -1972,6 +1969,10 @@ CompilationExecutionResult ExecuteCompilationUnits(
           unit->ExecuteCompilation(&env.value(), wire_bytes.get(), counters,
                                    &per_function_detected_features);
       global_detected_features.Add(per_function_detected_features);
+      bool compilation_succeeded = result.succeeded();
+      ExecutionTier result_tier = result.result_tier;
+      // We don't eagerly compile import wrappers any more.
+      DCHECK_GE(unit->func_index(), env->module->num_imported_functions);
       results_to_publish.emplace_back(std::move(result));
 
       bool yield = delegate && delegate->ShouldYield();
@@ -1980,12 +1981,12 @@ CompilationExecutionResult ExecuteCompilationUnits(
       BackgroundCompileScope compile_scope(native_module);
       if (compile_scope.cancelled()) return kYield;
 
-      if (!results_to_publish.back().succeeded()) {
+      if (!compilation_succeeded) {
         compile_scope.compilation_state()->SetError();
         return kNoMoreUnits;
       }
 
-      if (!unit->for_debugging() && result.result_tier != current_tier) {
+      if (!unit->for_debugging() && result_tier != current_tier) {
         compile_scope.native_module()->AddLiftoffBailout();
       }
 
@@ -2004,8 +2005,8 @@ CompilationExecutionResult ExecuteCompilationUnits(
         return yield ? kYield : kNoMoreUnits;
       }
 
-      // Publish after finishing a certain amount of units, to avoid contention
-      // when all threads publish at the end.
+      // Publish after finishing a certain amount of units, to avoid
+      // contention when all threads publish at the end.
       bool batch_full =
           queue->ShouldPublish(static_cast<int>(results_to_publish.size()));
       // Also publish each time the compilation tier changes from Liftoff to
@@ -2061,49 +2062,23 @@ int AddExportWrapperUnits(Isolate* isolate, NativeModule* native_module,
   return static_cast<int>(keys.size());
 }
 
-// Returns the number of units added.
-int AddImportWrapperUnits(NativeModule* native_module,
-                          CompilationUnitBuilder* builder) {
-  std::unordered_set<WasmImportWrapperCache::CacheKey,
-                     WasmImportWrapperCache::CacheKeyHash>
-      keys;
-  int num_imported_functions = native_module->num_imported_functions();
-  for (int func_index = 0; func_index < num_imported_functions; func_index++) {
-    const WasmFunction& function =
-        native_module->module()->functions[func_index];
-    if (!IsJSCompatibleSignature(function.sig)) continue;
-    uint32_t canonical_type_index =
-        native_module->module()
-            ->isorecursive_canonical_type_ids[function.sig_index];
-    WasmImportWrapperCache::CacheKey key(
-        kDefaultImportCallKind, canonical_type_index,
-        static_cast<int>(function.sig->parameter_count()), kNoSuspend);
-    auto it = keys.insert(key);
-    if (it.second) {
-      builder->AddImportUnit(func_index);
-    }
-  }
-  return static_cast<int>(keys.size());
-}
-
 std::unique_ptr<CompilationUnitBuilder> InitializeCompilation(
     Isolate* isolate, NativeModule* native_module,
     ProfileInformation* pgo_info) {
   CompilationStateImpl* compilation_state =
       Impl(native_module->compilation_state());
   auto builder = std::make_unique<CompilationUnitBuilder>(native_module);
-  // Assume that if the generic wasm-to-js wrapper is enabled, we won't compile
-  // too many wrappers at instantiation time, so add no units here
-  // speculatively.
-  int num_import_wrappers =
-      v8_flags.wasm_to_js_generic_wrapper
-          ? 0
-          : AddImportWrapperUnits(native_module, builder.get());
+  // Support for eagerly compiling import wrappers concurrently has been
+  // dropped. We usually use the generic wrapper. If we don't (for testing
+  // or unsupported signatures), we'll have to compile the required wrappers
+  // during instantiation.
+  int num_import_wrappers = 0;
   // Assume that the generic js-to-wasm wrapper can be used if it is enabled and
   // skip eager compilation of any export wrapper. Note that the generic
   // js-to-wasm wrapper does not support asm.js (yet).
   int num_export_wrappers =
-      v8_flags.wasm_generic_wrapper && !is_asmjs_module(native_module->module())
+      v8_flags.wasm_jitless || (v8_flags.wasm_generic_wrapper &&
+                                !is_asmjs_module(native_module->module()))
           ? 0
           : AddExportWrapperUnits(isolate, native_module, builder.get());
   compilation_state->InitializeCompilationProgress(
@@ -2230,7 +2205,7 @@ void CompileNativeModule(Isolate* isolate,
                          ErrorThrower* thrower,
                          std::shared_ptr<NativeModule> native_module,
                          ProfileInformation* pgo_info) {
-  CHECK(!v8_flags.jitless);
+  CHECK(!v8_flags.jitless || v8_flags.wasm_jitless);
   const WasmModule* module = native_module->module();
 
   // The callback captures a shared ptr to the semaphore.
@@ -2464,7 +2439,7 @@ std::shared_ptr<NativeModule> CompileToNativeModule(
     return native_module;
   }
 
-  base::Optional<TimedHistogramScope> wasm_compile_module_time_scope;
+  std::optional<TimedHistogramScope> wasm_compile_module_time_scope;
   if (base::TimeTicks::IsHighResolution()) {
     wasm_compile_module_time_scope.emplace(SELECT_WASM_COUNTER(
         isolate->counters(), module->origin, wasm_compile, module_time));
@@ -2491,7 +2466,9 @@ std::shared_ptr<NativeModule> CompileToNativeModule(
   native_module->SetWireBytes(std::move(wire_bytes_copy));
   native_module->compilation_state()->set_compilation_id(compilation_id);
 
-  CompileNativeModule(isolate, context_id, thrower, native_module, pgo_info);
+  if (!v8_flags.wasm_jitless) {
+    CompileNativeModule(isolate, context_id, thrower, native_module, pgo_info);
+  }
 
   if (thrower->error()) {
     engine->UpdateNativeModuleCache(true, std::move(native_module), isolate);
@@ -2507,6 +2484,11 @@ std::shared_ptr<NativeModule> CompileToNativeModule(
     module.reset();
     native_module.reset();
     return cached_native_module;
+#if V8_ENABLE_DRUMBRAKE
+  } else if (v8_flags.wasm_jitless) {
+    CompileJsToWasmWrappers(isolate, cached_native_module->module());
+    return native_module;
+#endif  // V8_ENABLE_DRUMBRAKE
   }
 
   // Ensure that the code objects are logged before returning.
@@ -2534,7 +2516,7 @@ AsyncCompileJob::AsyncCompileJob(
   TRACE_EVENT0(TRACE_DISABLED_BY_DEFAULT("v8.wasm.detailed"),
                "wasm.AsyncCompileJob");
   CHECK(v8_flags.wasm_async_compilation);
-  CHECK(!v8_flags.jitless);
+  CHECK(!v8_flags.jitless || v8_flags.wasm_jitless);
   v8::Isolate* v8_isolate = reinterpret_cast<v8::Isolate*>(isolate);
   v8::Platform* platform = V8::GetCurrentPlatform();
   foreground_task_runner_ = platform->GetForegroundTaskRunner(v8_isolate);
@@ -2843,7 +2825,7 @@ void AsyncCompileJob::FinishCompile(bool is_after_cache_hit) {
 
   DCHECK(!isolate_->context().is_null());
   // Finish the wasm script now and make it public to the debugger.
-  Handle<Script> script(module_object_->script(), isolate_);
+  DirectHandle<Script> script(module_object_->script(), isolate_);
   if (script->type() == Script::Type::kWasm &&
       module->debug_symbols.type == WasmDebugSymbols::Type::SourceMap &&
       !module->debug_symbols.external_url.is_empty()) {
@@ -2970,7 +2952,7 @@ class AsyncCompileJob::CompilationStateCallback
 #ifdef DEBUG
   // This will be modified by different threads, but they externally
   // synchronize, so no explicit synchronization (currently) needed here.
-  base::Optional<CompilationEvent> last_event_;
+  std::optional<CompilationEvent> last_event_;
 #endif
 };
 
@@ -3228,7 +3210,7 @@ class AsyncCompileJob::PrepareAndStartCompile : public CompileStep {
       // In single-threaded mode there are no worker tasks that will do the
       // compilation. We call {WaitForCompilationEvent} here so that the main
       // thread participates and finishes the compilation.
-      if (v8_flags.wasm_num_compilation_tasks == 0) {
+      if (v8_flags.wasm_num_compilation_tasks == 0 || v8_flags.wasm_jitless) {
         compilation_state->WaitForCompilationEvent(
             CompilationEvent::kFinishedBaselineCompilation);
       }
@@ -3415,10 +3397,12 @@ bool AsyncStreamingProcessor::ProcessFunctionBody(
   const bool lazy_module = v8_flags.wasm_lazy_compilation;
   CompileStrategy strategy =
       GetCompileStrategy(module, enabled_features, func_index, lazy_module);
+  CHECK_IMPLIES(v8_flags.wasm_jitless, !v8_flags.wasm_lazy_validation);
   bool validate_lazily_compiled_function =
-      !v8_flags.wasm_lazy_validation &&
-      (strategy == CompileStrategy::kLazy ||
-       strategy == CompileStrategy::kLazyBaselineEagerTopTier);
+      v8_flags.wasm_jitless ||
+      (!v8_flags.wasm_lazy_validation &&
+       (strategy == CompileStrategy::kLazy ||
+        strategy == CompileStrategy::kLazyBaselineEagerTopTier));
   if (validate_lazily_compiled_function) {
     // {bytes} is part of a section buffer owned by the streaming decoder. The
     // streaming decoder is held alive by the {AsyncCompileJob}, so we can just
@@ -3593,7 +3577,7 @@ bool AsyncStreamingProcessor::Deserialize(
     base::Vector<const uint8_t> module_bytes,
     base::Vector<const uint8_t> wire_bytes) {
   TRACE_EVENT0("v8.wasm", "wasm.Deserialize");
-  base::Optional<TimedHistogramScope> time_scope;
+  std::optional<TimedHistogramScope> time_scope;
   if (base::TimeTicks::IsHighResolution()) {
     time_scope.emplace(job_->isolate()->counters()->wasm_deserialization_time(),
                        job_->isolate());
@@ -3810,49 +3794,54 @@ void CompilationStateImpl::InitializeCompilationProgress(
     int num_import_wrappers, int num_export_wrappers,
     ProfileInformation* pgo_info) {
   DCHECK(!failed());
-  auto* module = native_module_->module();
 
   base::MutexGuard guard(&callbacks_mutex_);
-  DCHECK_EQ(0, outstanding_baseline_units_);
-  DCHECK(!has_outstanding_export_wrappers_);
-
-  // Compute the default compilation progress for all functions, and set it.
-  const ExecutionTierPair default_tiers = GetDefaultTiersPerModule(
-      native_module_, dynamic_tiering_, native_module_->IsInDebugState(),
-      IsLazyModule(module));
-  const uint8_t default_progress =
-      RequiredBaselineTierField::encode(default_tiers.baseline_tier) |
-      RequiredTopTierField::encode(default_tiers.top_tier) |
-      ReachedTierField::encode(ExecutionTier::kNone);
-  compilation_progress_.assign(module->num_declared_functions,
-                               default_progress);
-  if (default_tiers.baseline_tier != ExecutionTier::kNone) {
-    outstanding_baseline_units_ += module->num_declared_functions;
-  }
-
-  // Apply compilation hints, if enabled.
-  if (native_module_->enabled_features().has_compilation_hints()) {
-    size_t num_hints = std::min(module->compilation_hints.size(),
-                                size_t{module->num_declared_functions});
-    for (size_t hint_idx = 0; hint_idx < num_hints; ++hint_idx) {
-      const auto& hint = module->compilation_hints[hint_idx];
-      ApplyCompilationHintToInitialProgress(hint, hint_idx);
+
+  if (!v8_flags.wasm_jitless) {
+    auto* module = native_module_->module();
+
+    DCHECK_EQ(0, outstanding_baseline_units_);
+    DCHECK(!has_outstanding_export_wrappers_);
+
+    // Compute the default compilation progress for all functions, and set it.
+    const ExecutionTierPair default_tiers = GetDefaultTiersPerModule(
+        native_module_, dynamic_tiering_, native_module_->IsInDebugState(),
+        IsLazyModule(module));
+    const uint8_t default_progress =
+        RequiredBaselineTierField::encode(default_tiers.baseline_tier) |
+        RequiredTopTierField::encode(default_tiers.top_tier) |
+        ReachedTierField::encode(ExecutionTier::kNone);
+    compilation_progress_.assign(module->num_declared_functions,
+                                 default_progress);
+    if (default_tiers.baseline_tier != ExecutionTier::kNone) {
+      outstanding_baseline_units_ += module->num_declared_functions;
     }
-  }
 
-  // Transform --wasm-eager-tier-up-function, if given, into a fake
-  // compilation hint.
-  if (V8_UNLIKELY(v8_flags.wasm_eager_tier_up_function >= 0 &&
-                  static_cast<uint32_t>(v8_flags.wasm_eager_tier_up_function) >=
-                      module->num_imported_functions &&
-                  static_cast<uint32_t>(v8_flags.wasm_eager_tier_up_function) <
-                      module->functions.size())) {
-    uint32_t func_idx =
-        v8_flags.wasm_eager_tier_up_function - module->num_imported_functions;
-    WasmCompilationHint hint{WasmCompilationHintStrategy::kEager,
-                             WasmCompilationHintTier::kOptimized,
-                             WasmCompilationHintTier::kOptimized};
-    ApplyCompilationHintToInitialProgress(hint, func_idx);
+    // Apply compilation hints, if enabled.
+    if (native_module_->enabled_features().has_compilation_hints()) {
+      size_t num_hints = std::min(module->compilation_hints.size(),
+                                  size_t{module->num_declared_functions});
+      for (size_t hint_idx = 0; hint_idx < num_hints; ++hint_idx) {
+        const auto& hint = module->compilation_hints[hint_idx];
+        ApplyCompilationHintToInitialProgress(hint, hint_idx);
+      }
+    }
+
+    // Transform --wasm-eager-tier-up-function, if given, into a fake
+    // compilation hint.
+    if (V8_UNLIKELY(
+            v8_flags.wasm_eager_tier_up_function >= 0 &&
+            static_cast<uint32_t>(v8_flags.wasm_eager_tier_up_function) >=
+                module->num_imported_functions &&
+            static_cast<uint32_t>(v8_flags.wasm_eager_tier_up_function) <
+                module->functions.size())) {
+      uint32_t func_idx =
+          v8_flags.wasm_eager_tier_up_function - module->num_imported_functions;
+      WasmCompilationHint hint{WasmCompilationHintStrategy::kEager,
+                               WasmCompilationHintTier::kOptimized,
+                               WasmCompilationHintTier::kOptimized};
+      ApplyCompilationHintToInitialProgress(hint, func_idx);
+    }
   }
 
   // Apply PGO information, if available.
@@ -3889,14 +3878,17 @@ void CompilationStateImpl::AddCompilationUnitInternal(
 
 void CompilationStateImpl::InitializeCompilationUnits(
     std::unique_ptr<CompilationUnitBuilder> builder) {
-  int offset = native_module_->module()->num_imported_functions;
-  {
-    base::MutexGuard guard(&callbacks_mutex_);
+  if (!v8_flags.wasm_jitless) {
+    int offset = native_module_->module()->num_imported_functions;
+    {
+      base::MutexGuard guard(&callbacks_mutex_);
 
-    for (size_t i = 0, e = compilation_progress_.size(); i < e; ++i) {
-      uint8_t function_progress = compilation_progress_[i];
-      int func_index = offset + static_cast<int>(i);
-      AddCompilationUnitInternal(builder.get(), func_index, function_progress);
+      for (size_t i = 0, e = compilation_progress_.size(); i < e; ++i) {
+        uint8_t function_progress = compilation_progress_[i];
+        int func_index = offset + static_cast<int>(i);
+        AddCompilationUnitInternal(builder.get(), func_index,
+                                   function_progress);
+      }
     }
   }
   builder->Commit();
@@ -3906,8 +3898,8 @@ void CompilationStateImpl::AddCompilationUnit(CompilationUnitBuilder* builder,
                                               int func_index) {
   int offset = native_module_->module()->num_imported_functions;
   int progress_index = func_index - offset;
-  uint8_t function_progress;
-  {
+  uint8_t function_progress = 0;
+  if (!v8_flags.wasm_jitless) {
     // TODO(ahaas): This lock may cause overhead. If so, we could get rid of the
     // lock as follows:
     // 1) Make compilation_progress_ an array of atomic<uint8_t>, and access it
@@ -3926,7 +3918,7 @@ void CompilationStateImpl::InitializeCompilationProgressAfterDeserialization(
   TRACE_EVENT2("v8.wasm", "wasm.CompilationAfterDeserialization",
                "num_lazy_functions", lazy_functions.size(),
                "num_eager_functions", eager_functions.size());
-  base::Optional<TimedHistogramScope> lazy_compile_time_scope;
+  std::optional<TimedHistogramScope> lazy_compile_time_scope;
   if (base::TimeTicks::IsHighResolution()) {
     lazy_compile_time_scope.emplace(
         counters()->wasm_compile_after_deserialize());
@@ -4091,8 +4083,7 @@ CompilationUnitQueues::Queue* CompilationStateImpl::GetQueueForCompileTask(
   return compilation_unit_queues_.GetQueueForTask(task_id);
 }
 
-base::Optional<WasmCompilationUnit>
-CompilationStateImpl::GetNextCompilationUnit(
+std::optional<WasmCompilationUnit> CompilationStateImpl::GetNextCompilationUnit(
     CompilationUnitQueues::Queue* queue, CompilationTier tier) {
   return compilation_unit_queues_.GetNextUnit(queue, tier);
 }
@@ -4110,8 +4101,10 @@ void CompilationStateImpl::OnFinishedUnits(
                     ExecutionTier::kLiftoff < ExecutionTier::kTurbofan,
                 "Assume an order on execution tiers");
 
-  DCHECK_EQ(compilation_progress_.size(),
-            native_module_->module()->num_declared_functions);
+  if (!v8_flags.wasm_jitless) {
+    DCHECK_EQ(compilation_progress_.size(),
+              native_module_->module()->num_declared_functions);
+  }
 
   bool has_top_tier_code = false;
 
@@ -4170,9 +4163,13 @@ void CompilationStateImpl::OnFinishedUnits(
       // NativeModule::allocation_mutex_ first and then
       // CompilationStateImpl::callbacks_mutex_!
       const bool is_liftoff = code->tier() == ExecutionTier::kLiftoff;
+      auto published_code_is_liftoff = [this](int index) {
+        WasmCode* code = native_module_->GetCode(index);
+        if (code == nullptr) return false;
+        return code->is_liftoff();
+      };
       if (v8_flags.wasm_deopt &&
-          (is_liftoff ||
-           native_module_->GetCode(code->index())->is_liftoff())) {
+          (is_liftoff || published_code_is_liftoff(code->index()))) {
         compilation_progress_[slot_index] = ReachedTierField::update(
             compilation_progress_[slot_index], ExecutionTier::kLiftoff);
         compilation_unit_queues_.AllowAnotherTopTierJob(code->index());
@@ -4400,39 +4397,14 @@ void CompilationStateImpl::PublishCompilationResults(
     std::vector<std::unique_ptr<WasmCode>> unpublished_code) {
   if (unpublished_code.empty()) return;
 
-  // For import wrapper compilation units, add result to the cache.
-  int num_imported_functions = native_module_->num_imported_functions();
-  {
-    base::Optional<WasmImportWrapperCache::ModificationScope>
-        import_wrapper_cache_modification_scope;
-    for (const auto& code : unpublished_code) {
-      int func_index = code->index();
-      DCHECK_LE(0, func_index);
-      DCHECK_LT(func_index, native_module_->num_functions());
-      if (func_index < num_imported_functions) {
-        const WasmFunction& function =
-            native_module_->module()->functions[func_index];
-        uint32_t canonical_type_index =
-            native_module_->module()
-                ->isorecursive_canonical_type_ids[function.sig_index];
-        WasmImportWrapperCache::CacheKey key(
-            kDefaultImportCallKind, canonical_type_index,
-            static_cast<int>(function.sig->parameter_count()), kNoSuspend);
-        if (!import_wrapper_cache_modification_scope.has_value()) {
-          import_wrapper_cache_modification_scope.emplace(
-              native_module_->import_wrapper_cache());
-        }
-        // If two imported functions have the same key, only one of them should
-        // have been added as a compilation unit. So it is always the first time
-        // we compile a wrapper for this key here.
-        WasmCode*& cache_slot =
-            import_wrapper_cache_modification_scope.value()[key];
-        DCHECK_NULL(cache_slot);
-        cache_slot = code.get();
-        code->IncRef();
-      }
-    }
+#if DEBUG
+  // We don't compile import wrappers eagerly.
+  for (const auto& code : unpublished_code) {
+    int func_index = code->index();
+    DCHECK_LE(native_module_->num_imported_functions(), func_index);
+    DCHECK_LT(func_index, native_module_->num_functions());
   }
+#endif
   PublishCode(base::VectorOf(unpublished_code));
 }
 
@@ -4651,7 +4623,8 @@ void CompileJsToWasmWrappers(Isolate* isolate, const WasmModule* module) {
     JSToWasmWrapperCompilationUnit* unit = pair.second.get();
     DCHECK_EQ(isolate, unit->isolate());
     DirectHandle<Code> code = unit->Finalize();
-    DCHECK(!code->is_builtin());
+    DCHECK(!code->is_builtin() || v8_flags.wasm_jitless);
+    if (v8_flags.wasm_jitless) continue;
     isolate->heap()->js_to_wasm_wrappers()->Set(key, code->wrapper());
     // Do not increase code stats for non-jitted wrappers.
     RecordStats(*code, isolate->counters());
@@ -4671,27 +4644,33 @@ WasmCode* CompileImportWrapper(
   DCHECK_NULL((*cache_scope)[key]);
   bool source_positions = is_asmjs_module(native_module->module());
   // Keep the {WasmCode} alive until we explicitly call {IncRef}.
-  WasmCodeRefScope code_ref_scope;
-  CompilationEnv env = CompilationEnv::ForModule(native_module);
-  WasmCompilationResult result = compiler::CompileWasmImportCallWrapper(
-      &env, kind, sig, source_positions, expected_arity, suspend);
-
-  DCHECK(result.inlining_positions.empty());
-  DCHECK(result.deopt_data.empty());
-
-  std::unique_ptr<WasmCode> wasm_code = native_module->AddCode(
-      result.func_index, result.code_desc, result.frame_slot_count,
-      result.ool_spill_count, result.tagged_parameter_slots,
-      result.protected_instructions_data.as_vector(),
-      result.source_positions.as_vector(),
-      result.inlining_positions.as_vector(), result.deopt_data.as_vector(),
-      GetCodeKind(result), ExecutionTier::kNone, kNotForDebugging);
-  WasmCode* published_code = native_module->PublishCode(std::move(wasm_code));
-  (*cache_scope)[key] = published_code;
-  published_code->IncRef();
-  counters->wasm_generated_code_size()->Increment(
-      published_code->instructions().length());
-  counters->wasm_reloc_size()->Increment(published_code->reloc_info().length());
+  WasmCode* published_code = nullptr;
+  if (v8_flags.wasm_jitless) {
+    DCHECK_NULL((*cache_scope)[key]);
+  } else {
+    WasmCodeRefScope code_ref_scope;
+    CompilationEnv env = CompilationEnv::ForModule(native_module);
+    WasmCompilationResult result = compiler::CompileWasmImportCallWrapper(
+        &env, kind, sig, source_positions, expected_arity, suspend);
+
+    DCHECK(result.inlining_positions.empty());
+    DCHECK(result.deopt_data.empty());
+
+    std::unique_ptr<WasmCode> wasm_code = native_module->AddCode(
+        result.func_index, result.code_desc, result.frame_slot_count,
+        result.ool_spill_count, result.tagged_parameter_slots,
+        result.protected_instructions_data.as_vector(),
+        result.source_positions.as_vector(),
+        result.inlining_positions.as_vector(), result.deopt_data.as_vector(),
+        GetCodeKind(result), ExecutionTier::kNone, kNotForDebugging);
+    published_code = native_module->PublishCode(std::move(wasm_code));
+    (*cache_scope)[key] = published_code;
+    published_code->IncRef();
+    counters->wasm_generated_code_size()->Increment(
+        published_code->instructions().length());
+    counters->wasm_reloc_size()->Increment(
+        published_code->reloc_info().length());
+  }
   return published_code;
 }
 
diff --git a/deps/v8/src/wasm/module-compiler.h b/deps/v8/src/wasm/module-compiler.h
index b567c7d3635667..77ae4e18bcd85b 100644
--- a/deps/v8/src/wasm/module-compiler.h
+++ b/deps/v8/src/wasm/module-compiler.h
@@ -12,9 +12,9 @@
 #include <atomic>
 #include <functional>
 #include <memory>
+#include <optional>
 
 #include "include/v8-metrics.h"
-#include "src/base/optional.h"
 #include "src/base/platform/time.h"
 #include "src/common/globals.h"
 #include "src/tasks/cancelable-task.h"
@@ -97,40 +97,6 @@ V8_EXPORT_PRIVATE void TierUpNowForTesting(Isolate*,
 V8_EXPORT_PRIVATE void TierUpAllForTesting(Isolate*,
                                            Tagged<WasmTrustedInstanceData>);
 
-template <typename Key, typename KeyInfo, typename Hash>
-class WrapperQueue {
- public:
-  // Removes an arbitrary key from the queue and returns it.
-  // If the queue is empty, returns nullopt.
-  // Thread-safe.
-  base::Optional<std::pair<Key, KeyInfo>> pop() {
-    base::Optional<std::pair<Key, KeyInfo>> key = base::nullopt;
-    base::MutexGuard lock(&mutex_);
-    auto it = queue_.begin();
-    if (it != queue_.end()) {
-      key = *it;
-      queue_.erase(it);
-    }
-    return key;
-  }
-
-  // Add the given key to the queue and returns true iff the insert was
-  // successful.
-  // Not thread-safe.
-  bool insert(const Key& key, KeyInfo key_info) {
-    return queue_.insert({key, key_info}).second;
-  }
-
-  size_t size() {
-    base::MutexGuard lock(&mutex_);
-    return queue_.size();
-  }
-
- private:
-  base::Mutex mutex_;
-  std::unordered_map<Key, KeyInfo, Hash> queue_;
-};
-
 // Encapsulates all the state and steps of an asynchronous compilation.
 // An asynchronous compile job consists of a number of tasks that are executed
 // as foreground and background tasks. Any phase that touches the V8 heap or
diff --git a/deps/v8/src/wasm/module-instantiate.cc b/deps/v8/src/wasm/module-instantiate.cc
index ede77b6f08ac3e..9fe72a0e5d347c 100644
--- a/deps/v8/src/wasm/module-instantiate.cc
+++ b/deps/v8/src/wasm/module-instantiate.cc
@@ -49,54 +49,9 @@ uint8_t* raw_buffer_ptr(MaybeHandle<JSArrayBuffer> buffer, int offset) {
          offset;
 }
 
-using ImportWrapperQueue =
-    WrapperQueue<WasmImportWrapperCache::CacheKey, const FunctionSig*,
-                 WasmImportWrapperCache::CacheKeyHash>;
-
-class CompileImportWrapperJob final : public JobTask {
- public:
-  CompileImportWrapperJob(
-      Counters* counters, NativeModule* native_module,
-      ImportWrapperQueue* queue,
-      WasmImportWrapperCache::ModificationScope* cache_scope)
-      : counters_(counters),
-        native_module_(native_module),
-        queue_(queue),
-        cache_scope_(cache_scope) {}
-
-  size_t GetMaxConcurrency(size_t worker_count) const override {
-    size_t flag_limit = static_cast<size_t>(
-        std::max(1, v8_flags.wasm_num_compilation_tasks.value()));
-    // Add {worker_count} to the queue size because workers might still be
-    // processing units that have already been popped from the queue.
-    return std::min(flag_limit, worker_count + queue_->size());
-  }
-
-  void Run(JobDelegate* delegate) override {
-    TRACE_EVENT0("v8.wasm", "wasm.CompileImportWrapperJob.Run");
-    while (base::Optional<std::pair<const WasmImportWrapperCache::CacheKey,
-                                    const FunctionSig*>>
-               key = queue_->pop()) {
-      // TODO(wasm): Batch code publishing, to avoid repeated locking and
-      // permission switching.
-      CompileImportWrapper(native_module_, counters_, key->first.kind,
-                           key->second, key->first.canonical_type_index,
-                           key->first.expected_arity, key->first.suspend,
-                           cache_scope_);
-      if (delegate->ShouldYield()) return;
-    }
-  }
-
- private:
-  Counters* const counters_;
-  NativeModule* const native_module_;
-  ImportWrapperQueue* const queue_;
-  WasmImportWrapperCache::ModificationScope* const cache_scope_;
-};
-
 Handle<Map> CreateStructMap(Isolate* isolate, const WasmModule* module,
                             int struct_index, Handle<Map> opt_rtt_parent,
-                            Handle<WasmTrustedInstanceData> trusted_data,
+                            DirectHandle<WasmTrustedInstanceData> trusted_data,
                             Handle<WasmInstanceObject> instance) {
   const wasm::StructType* type = module->struct_type(struct_index);
   const int inobject_properties = 0;
@@ -123,7 +78,7 @@ Handle<Map> CreateStructMap(Isolate* isolate, const WasmModule* module,
 
 Handle<Map> CreateArrayMap(Isolate* isolate, const WasmModule* module,
                            int array_index, Handle<Map> opt_rtt_parent,
-                           Handle<WasmTrustedInstanceData> trusted_data,
+                           DirectHandle<WasmTrustedInstanceData> trusted_data,
                            Handle<WasmInstanceObject> instance) {
   const wasm::ArrayType* type = module->array_type(array_index);
   const int inobject_properties = 0;
@@ -155,12 +110,13 @@ void CreateMapForType(Isolate* isolate, const WasmModule* module,
   // Recursive calls for supertypes may already have created this map.
   if (IsMap(maybe_shared_maps->get(type_index))) return;
 
-  Handle<WeakArrayList> canonical_rtts;
+  DirectHandle<WeakArrayList> canonical_rtts;
   uint32_t canonical_type_index =
       module->isorecursive_canonical_type_ids[type_index];
 
   // Try to find the canonical map for this type in the isolate store.
-  canonical_rtts = handle(isolate->heap()->wasm_canonical_rtts(), isolate);
+  canonical_rtts =
+      direct_handle(isolate->heap()->wasm_canonical_rtts(), isolate);
   DCHECK_GT(static_cast<uint32_t>(canonical_rtts->length()),
             canonical_type_index);
   Tagged<MaybeObject> maybe_canonical_map =
@@ -185,7 +141,7 @@ void CreateMapForType(Isolate* isolate, const WasmModule* module,
     // inherit from a shared type and vice verca.
     rtt_parent = handle(Cast<Map>(maybe_shared_maps->get(supertype)), isolate);
   }
-  Handle<Map> map;
+  DirectHandle<Map> map;
   switch (module->types[type_index].kind) {
     case TypeDefinition::kStruct:
       map = CreateStructMap(isolate, module, type_index, rtt_parent,
@@ -274,7 +230,7 @@ bool IsSupportedWasmFastApiFunction(Isolate* isolate,
   for (int c_func_id = 0, end = shared->api_func_data()->GetCFunctionsCount();
        c_func_id < end; ++c_func_id) {
     const CFunctionInfo* info =
-        shared->api_func_data()->GetCSignature(c_func_id);
+        shared->api_func_data()->GetCSignature(isolate, c_func_id);
     if (!compiler::IsFastCallSupportedSignature(info)) {
       log_imported_function_mismatch(c_func_id,
                                      "signature not supported by the fast API");
@@ -494,13 +450,14 @@ WellKnownImport CheckForWellKnownImport(
     Tagged<FunctionTemplateInfo> func_data = sfi->api_func_data();
     NativeModule* native_module = trusted_instance_data->native_module();
     if (!native_module->TrySetFastApiCallTarget(
-            func_index, func_data->GetCFunction(out_api_function_index))) {
+            func_index,
+            func_data->GetCFunction(isolate, out_api_function_index))) {
       return kGeneric;
     }
 #ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
-    Address c_functions[] = {func_data->GetCFunction(0)};
+    Address c_functions[] = {func_data->GetCFunction(isolate, 0)};
     const v8::CFunctionInfo* const c_signatures[] = {
-        func_data->GetCSignature(0)};
+        func_data->GetCSignature(isolate, 0)};
     isolate->simulator_data()->RegisterFunctionsAndSignatures(c_functions,
                                                               c_signatures, 1);
 #endif  //  V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
@@ -514,9 +471,10 @@ WellKnownImport CheckForWellKnownImport(
     // would store the same signature to the native module.
     if (!native_module->has_fast_api_signature(func_index)) {
       native_module->set_fast_api_signature(
-          func_index, GetFunctionSigForFastApiImport(
-                          &native_module->module()->signature_zone,
-                          func_data->GetCSignature(out_api_function_index)));
+          func_index,
+          GetFunctionSigForFastApiImport(
+              &native_module->module()->signature_zone,
+              func_data->GetCSignature(isolate, out_api_function_index)));
     }
 
     DirectHandle<HeapObject> js_signature(sfi->api_func_data()->signature(),
@@ -709,7 +667,7 @@ WellKnownImport CheckForWellKnownImport(
 
 }  // namespace
 
-WasmImportData::WasmImportData(
+ResolvedWasmImport::ResolvedWasmImport(
     DirectHandle<WasmTrustedInstanceData> trusted_instance_data, int func_index,
     Handle<JSReceiver> callable, const wasm::FunctionSig* expected_sig,
     uint32_t expected_canonical_type_index, WellKnownImport preknown_import) {
@@ -718,12 +676,12 @@ WasmImportData::WasmImportData(
                       expected_canonical_type_index, preknown_import);
 }
 
-void WasmImportData::SetCallable(Isolate* isolate,
-                                 Tagged<JSReceiver> callable) {
+void ResolvedWasmImport::SetCallable(Isolate* isolate,
+                                     Tagged<JSReceiver> callable) {
   SetCallable(isolate, handle(callable, isolate));
 }
-void WasmImportData::SetCallable(Isolate* isolate,
-                                 Handle<JSReceiver> callable) {
+void ResolvedWasmImport::SetCallable(Isolate* isolate,
+                                     Handle<JSReceiver> callable) {
   callable_ = callable;
   trusted_function_data_ = {};
   if (!IsJSFunction(*callable)) return;
@@ -733,7 +691,7 @@ void WasmImportData::SetCallable(Isolate* isolate,
   }
 }
 
-ImportCallKind WasmImportData::ComputeKind(
+ImportCallKind ResolvedWasmImport::ComputeKind(
     DirectHandle<WasmTrustedInstanceData> trusted_instance_data, int func_index,
     const wasm::FunctionSig* expected_sig,
     uint32_t expected_canonical_type_index, WellKnownImport preknown_import) {
@@ -863,9 +821,8 @@ ImportCallKind WasmImportData::ComputeKind(
       return ImportCallKind::kUseCallBuiltin;
     }
 
-    int suspender_count = suspend_ == kSuspendWithSuspender ? 1 : 0;
     if (shared->internal_formal_parameter_count_without_receiver() ==
-        expected_sig->parameter_count() - suspender_count) {
+        expected_sig->parameter_count()) {
       return ImportCallKind::kJSFunctionArityMatch;
     }
 
@@ -985,11 +942,6 @@ class InstanceBuilder {
       int import_index, const WasmGlobal& global,
       DirectHandle<WasmGlobalObject> global_object);
 
-  // Compile import wrappers in parallel. The result goes into the native
-  // module's import_wrapper_cache.
-  void CompileImportWrappers(
-      DirectHandle<WasmTrustedInstanceData> trusted_instance_data);
-
   // Process the imports, including functions, tables, globals, and memory, in
   // order, loading them from the {ffi_} object. Returns the number of imported
   // functions, or {-1} on error.
@@ -1553,6 +1505,16 @@ MaybeHandle<WasmInstanceObject> InstanceBuilder::Build() {
     isolate_->metrics_recorder()->DelayMainThreadEvent(wasm_module_instantiated,
                                                        context_id_);
   }
+
+#if V8_ENABLE_DRUMBRAKE
+  // Skip this event because not (yet) supported by Chromium.
+
+  // v8::metrics::WasmInterpreterJitStatus jit_status;
+  // jit_status.jitless = v8_flags.wasm_jitless;
+  // isolate_->metrics_recorder()->DelayMainThreadEvent(jit_status,
+  // context_id_);
+#endif  // V8_ENABLE_DRUMBRAKE
+
   return instance_object;
 }
 
@@ -1901,8 +1863,9 @@ bool InstanceBuilder::ProcessImportedFunction(
   uint32_t sig_index = module_->functions[func_index].sig_index;
   uint32_t canonical_type_index =
       module_->isorecursive_canonical_type_ids[sig_index];
-  WasmImportData resolved(trusted_instance_data, func_index, js_receiver,
-                          expected_sig, canonical_type_index, preknown_import);
+  ResolvedWasmImport resolved(trusted_instance_data, func_index, js_receiver,
+                              expected_sig, canonical_type_index,
+                              preknown_import);
   if (resolved.well_known_status() != WellKnownImport::kGeneric &&
       v8_flags.trace_wasm_inlining) {
     PrintF("[import %d is well-known built-in %s]\n", import_index,
@@ -1916,8 +1879,8 @@ bool InstanceBuilder::ProcessImportedFunction(
   ImportedFunctionEntry imported_entry(trusted_instance_data, func_index);
   switch (kind) {
     case ImportCallKind::kRuntimeTypeError:
-      imported_entry.SetWasmToJs(isolate_, js_receiver, resolved.suspend(),
-                                 expected_sig);
+      imported_entry.SetGenericWasmToJs(isolate_, js_receiver,
+                                        resolved.suspend(), expected_sig);
       break;
     case ImportCallKind::kLinkError:
       thrower_->LinkError(
@@ -1933,7 +1896,12 @@ bool InstanceBuilder::ProcessImportedFunction(
           function_data->instance_data();
       Address imported_target =
           instance_data->GetCallTarget(function_data->function_index());
-      imported_entry.SetWasmToWasm(instance_data, imported_target);
+      imported_entry.SetWasmToWasm(instance_data, imported_target
+#if V8_ENABLE_DRUMBRAKE
+                                   ,
+                                   function_data->function_index()
+#endif  // V8_ENABLE_DRUMBRAKE
+      );
       break;
     }
     case ImportCallKind::kWasmToCapi: {
@@ -1962,10 +1930,10 @@ bool InstanceBuilder::ProcessImportedFunction(
             wasm_code->reloc_info().length());
       }
 
-      // We re-use the SetWasmToJs infrastructure because it passes the
+      // We re-use the SetCompiledWasmToJs infrastructure because it passes the
       // callable to the wrapper, which we need to get the function data.
-      imported_entry.SetWasmToJs(isolate_, js_receiver, wasm_code, kNoSuspend,
-                                 expected_sig);
+      imported_entry.SetCompiledWasmToJs(isolate_, js_receiver, wasm_code,
+                                         kNoSuspend, expected_sig);
       break;
     }
     case ImportCallKind::kWasmToJSFastApi: {
@@ -1974,8 +1942,8 @@ bool InstanceBuilder::ProcessImportedFunction(
       WasmCodeRefScope code_ref_scope;
       WasmCode* wasm_code = compiler::CompileWasmJSFastCallWrapper(
           native_module, expected_sig, js_receiver);
-      imported_entry.SetWasmToJs(isolate_, js_receiver, wasm_code, kNoSuspend,
-                                 expected_sig);
+      imported_entry.SetCompiledWasmToJs(isolate_, js_receiver, wasm_code,
+                                         kNoSuspend, expected_sig);
       break;
     }
     default: {
@@ -1983,13 +1951,11 @@ bool InstanceBuilder::ProcessImportedFunction(
       if (UseGenericWasmToJSWrapper(kind, expected_sig, resolved.suspend())) {
         DCHECK(kind == ImportCallKind::kJSFunctionArityMatch ||
                kind == ImportCallKind::kJSFunctionArityMismatch);
-        imported_entry.SetWasmToJs(isolate_, js_receiver, resolved.suspend(),
-                                   expected_sig);
+        imported_entry.SetGenericWasmToJs(isolate_, js_receiver,
+                                          resolved.suspend(), expected_sig);
         break;
       }
-      int suspender_count = resolved.suspend() == kSuspendWithSuspender ? 1 : 0;
-      int expected_arity =
-          static_cast<int>(expected_sig->parameter_count()) - suspender_count;
+      int expected_arity = static_cast<int>(expected_sig->parameter_count());
       if (kind == ImportCallKind::kJSFunctionArityMismatch) {
         auto function = Cast<JSFunction>(js_receiver);
         Tagged<SharedFunctionInfo> shared = function->shared();
@@ -2001,19 +1967,44 @@ bool InstanceBuilder::ProcessImportedFunction(
       uint32_t canonical_type_index =
           module_->isorecursive_canonical_type_ids
               [module_->functions[func_index].sig_index];
-      WasmCode* wasm_code = native_module->import_wrapper_cache()->Get(
+      WasmCode* wasm_code = native_module->import_wrapper_cache()->MaybeGet(
           kind, canonical_type_index, expected_arity, resolved.suspend());
-      DCHECK_NOT_NULL(wasm_code);
-      if (wasm_code->kind() == WasmCode::kWasmToJsWrapper) {
+      if (!v8_flags.wasm_jitless && wasm_code == nullptr) {
+        WasmImportWrapperCache::ModificationScope cache_scope(
+            native_module->import_wrapper_cache());
+        // Now that we have the lock (in the form of the cache_scope), check
+        // again whether another thread has just created the wrapper.
+        WasmImportWrapperCache::CacheKey key(
+            kind, canonical_type_index, expected_arity, resolved.suspend());
+        wasm_code = cache_scope[key];
+        if (wasm_code == nullptr) {
+          wasm_code = CompileImportWrapper(native_module, isolate_->counters(),
+                                           kind, expected_sig,
+                                           canonical_type_index, expected_arity,
+                                           resolved.suspend(), &cache_scope);
+          if (native_module->log_code()) {
+            GetWasmEngine()->LogCode({&wasm_code, 1});
+            GetWasmEngine()->LogOutstandingCodesForIsolate(isolate_);
+          }
+        }
+      }
+      DCHECK(v8_flags.wasm_jitless || wasm_code != nullptr);
+      if (v8_flags.wasm_jitless ||
+          wasm_code->kind() == WasmCode::kWasmToJsWrapper) {
         // Wasm to JS wrappers are treated specially in the import table.
-        imported_entry.SetWasmToJs(isolate_, js_receiver, wasm_code,
-                                   resolved.suspend(), expected_sig);
+        imported_entry.SetCompiledWasmToJs(isolate_, js_receiver, wasm_code,
+                                           resolved.suspend(), expected_sig);
       } else {
         // Wasm math intrinsics are compiled as regular Wasm functions.
         DCHECK(kind >= ImportCallKind::kFirstMathIntrinsic &&
                kind <= ImportCallKind::kLastMathIntrinsic);
         imported_entry.SetWasmToWasm(*trusted_instance_data,
-                                     wasm_code->instruction_start());
+                                     wasm_code->instruction_start()
+#if V8_ENABLE_DRUMBRAKE
+                                         ,
+                                     -1
+#endif  // V8_ENABLE_DRUMBRAKE
+        );
       }
       break;
     }
@@ -2058,27 +2049,35 @@ bool InstanceBuilder::InitializeImportedIndirectFunctionTable(
     const WasmModule* target_module = target_instance_data->module();
     const WasmFunction& function = target_module->functions[function_index];
 
-    FunctionTargetAndRef entry(isolate_, target_instance_data, function_index);
-    Handle<Object> ref = entry.ref();
-    if (v8_flags.wasm_to_js_generic_wrapper && IsWasmApiFunctionRef(*ref)) {
-      auto orig_ref = Cast<WasmApiFunctionRef>(ref);
-      Handle<WasmApiFunctionRef> new_ref =
-          isolate_->factory()->NewWasmApiFunctionRef(orig_ref);
+    FunctionTargetAndImplicitArg entry(isolate_, target_instance_data,
+                                       function_index);
+    Handle<Object> implicit_arg = entry.implicit_arg();
+    if (v8_flags.wasm_to_js_generic_wrapper &&
+        IsWasmImportData(*implicit_arg)) {
+      auto orig_import_data = Cast<WasmImportData>(implicit_arg);
+      Handle<WasmImportData> new_import_data =
+          isolate_->factory()->NewWasmImportData(orig_import_data);
       // TODO(42204563): Avoid crashing if the instance object is not available.
       CHECK(trusted_instance_data->has_instance_object());
-      WasmApiFunctionRef::SetCrossInstanceTableIndexAsCallOrigin(
-          isolate_, new_ref,
+      WasmImportData::SetCrossInstanceTableIndexAsCallOrigin(
+          isolate_, new_import_data,
           direct_handle(trusted_instance_data->instance_object(), isolate_), i);
-      ref = new_ref;
+      implicit_arg = new_import_data;
     }
 
     uint32_t canonical_sig_index =
         target_module->isorecursive_canonical_type_ids[function.sig_index];
+#if !V8_ENABLE_DRUMBRAKE
     SBXCHECK(FunctionSigMatchesTable(
         canonical_sig_index, trusted_instance_data->module(), table_index));
 
     trusted_instance_data->dispatch_table(table_index)
-        ->Set(i, *ref, entry.call_target(), canonical_sig_index);
+        ->Set(i, *implicit_arg, entry.call_target(), canonical_sig_index);
+#else   // !V8_ENABLE_DRUMBRAKE
+    trusted_instance_data->dispatch_table(table_index)
+        ->Set(i, *implicit_arg, entry.call_target(), canonical_sig_index,
+              entry.target_func_index());
+#endif  // !V8_ENABLE_DRUMBRAKE
   }
   return true;
 }
@@ -2093,7 +2092,7 @@ bool InstanceBuilder::ProcessImportedTable(
   }
   const WasmTable& table = module_->tables[table_index];
 
-  Handle<WasmTableObject> table_object = Cast<WasmTableObject>(value);
+  DirectHandle<WasmTableObject> table_object = Cast<WasmTableObject>(value);
 
   uint32_t imported_table_size =
       static_cast<uint32_t>(table_object->current_length());
@@ -2339,76 +2338,6 @@ bool InstanceBuilder::ProcessImportedGlobal(
   return false;
 }
 
-void InstanceBuilder::CompileImportWrappers(
-    DirectHandle<WasmTrustedInstanceData> trusted_instance_data) {
-  int num_imports = static_cast<int>(module_->import_table.size());
-  TRACE_EVENT1("v8.wasm", "wasm.CompileImportWrappers", "num_imports",
-               num_imports);
-  NativeModule* native_module = trusted_instance_data->native_module();
-  WasmImportWrapperCache::ModificationScope cache_scope(
-      native_module->import_wrapper_cache());
-  const WellKnownImportsList& preknown_imports =
-      module_->type_feedback.well_known_imports;
-
-  // Compilation is done in two steps:
-  // 1) Insert nullptr entries in the cache for wrappers that need to be
-  // compiled. 2) Compile wrappers in background tasks using the
-  // ImportWrapperQueue. This way the cache won't invalidate other iterators
-  // when inserting a new WasmCode, since the key will already be there.
-  ImportWrapperQueue import_wrapper_queue;
-  for (int index = 0; index < num_imports; ++index) {
-    Handle<Object> value = sanitized_imports_[index];
-    if (module_->import_table[index].kind != kExternalFunction ||
-        (!IsCallable(*value) && !IsWasmSuspendingObject(*value))) {
-      continue;
-    }
-    auto js_receiver = Cast<JSReceiver>(value);
-    uint32_t func_index = module_->import_table[index].index;
-    const FunctionSig* sig = module_->functions[func_index].sig;
-    uint32_t sig_index = module_->functions[func_index].sig_index;
-    uint32_t canonical_type_index =
-        module_->isorecursive_canonical_type_ids[sig_index];
-    WasmImportData resolved({}, func_index, js_receiver, sig,
-                            canonical_type_index,
-                            preknown_imports.get(func_index));
-    if (UseGenericWasmToJSWrapper(resolved.kind(), sig, resolved.suspend())) {
-      continue;
-    }
-    ImportCallKind kind = resolved.kind();
-    if (kind == ImportCallKind::kWasmToWasm ||
-        kind == ImportCallKind::kLinkError ||
-        kind == ImportCallKind::kWasmToCapi ||
-        kind == ImportCallKind::kWasmToJSFastApi) {
-      continue;
-    }
-
-    int suspender_count = resolved.suspend() == kSuspendWithSuspender ? 1 : 0;
-    int expected_arity =
-        static_cast<int>(sig->parameter_count() - suspender_count);
-    if (kind == ImportCallKind::kJSFunctionArityMismatch) {
-      auto function = Cast<JSFunction>(resolved.callable());
-      Tagged<SharedFunctionInfo> shared = function->shared();
-      expected_arity =
-          shared->internal_formal_parameter_count_without_receiver();
-    }
-    WasmImportWrapperCache::CacheKey key(kind, canonical_type_index,
-                                         expected_arity, resolved.suspend());
-    if (cache_scope[key] != nullptr) {
-      // Cache entry already exists, no need to compile it again.
-      continue;
-    }
-    import_wrapper_queue.insert(key, sig);
-  }
-
-  auto compile_job_task = std::make_unique<CompileImportWrapperJob>(
-      isolate_->counters(), native_module, &import_wrapper_queue, &cache_scope);
-  auto compile_job = V8::GetCurrentPlatform()->CreateJob(
-      TaskPriority::kUserVisible, std::move(compile_job_task));
-
-  // Wait for the job to finish, while contributing in this thread.
-  compile_job->Join();
-}
-
 // Process the imports, including functions, tables, globals, and memory, in
 // order, loading them from the {ffi_} object. Returns the number of imported
 // functions.
@@ -2420,7 +2349,6 @@ int InstanceBuilder::ProcessImports(
 
   DCHECK_EQ(module_->import_table.size(), sanitized_imports_.size());
 
-  CompileImportWrappers(trusted_instance_data);
   const WellKnownImportsList& preknown_imports =
       module_->type_feedback.well_known_imports;
   int num_imports = static_cast<int>(module_->import_table.size());
@@ -2855,7 +2783,8 @@ void InstanceBuilder::ProcessExports(
 
 namespace {
 V8_INLINE void SetFunctionTablePlaceholder(
-    Isolate* isolate, Handle<WasmTrustedInstanceData> trusted_instance_data,
+    Isolate* isolate,
+    DirectHandle<WasmTrustedInstanceData> trusted_instance_data,
     DirectHandle<WasmTableObject> table_object, uint32_t entry_index,
     uint32_t func_index) {
   const WasmModule* module = trusted_instance_data->module();
@@ -2868,7 +2797,12 @@ V8_INLINE void SetFunctionTablePlaceholder(
         isolate, table_object, entry_index, trusted_instance_data, func_index);
   }
   WasmTableObject::UpdateDispatchTables(isolate, table_object, entry_index,
-                                        function, trusted_instance_data);
+                                        function, trusted_instance_data
+#if V8_ENABLE_DRUMBRAKE
+                                        ,
+                                        func_index
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
 }
 
 V8_INLINE void SetFunctionTableNullEntry(
@@ -3018,7 +2952,7 @@ ValueOrError ConsumeElementSegmentEntry(
 
 }  // namespace
 
-base::Optional<MessageTemplate> InitializeElementSegment(
+std::optional<MessageTemplate> InitializeElementSegment(
     Zone* zone, Isolate* isolate,
     Handle<WasmTrustedInstanceData> trusted_instance_data,
     Handle<WasmTrustedInstanceData> shared_trusted_instance_data,
@@ -3086,7 +3020,7 @@ void InstanceBuilder::LoadTableSegments(
 
     const size_t count = elem_segment.element_count;
 
-    Handle<WasmTableObject> table_object = handle(
+    DirectHandle<WasmTableObject> table_object(
         Cast<WasmTableObject>((table->shared ? shared_trusted_instance_data
                                              : trusted_instance_data)
                                   ->tables()
diff --git a/deps/v8/src/wasm/module-instantiate.h b/deps/v8/src/wasm/module-instantiate.h
index 50d6310aa289df..06f3ebedc879bc 100644
--- a/deps/v8/src/wasm/module-instantiate.h
+++ b/deps/v8/src/wasm/module-instantiate.h
@@ -11,7 +11,8 @@
 
 #include <stdint.h>
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/common/message-template.h"
 #include "src/objects/code-kind.h"
 #include "src/wasm/wasm-value.h"
@@ -30,8 +31,8 @@ class Zone;
 
 namespace wasm {
 class ErrorThrower;
-enum Suspend : int { kSuspend, kSuspendWithSuspender, kNoSuspend };
-enum Promise : int { kPromise, kPromiseWithSuspender, kNoPromise };
+enum Suspend : int { kSuspend, kNoSuspend };
+enum Promise : int { kPromise, kNoPromise };
 struct WasmModule;
 
 // Calls to Wasm imports are handled in several different ways, depending on the
@@ -85,9 +86,9 @@ constexpr ImportCallKind kDefaultImportCallKind =
 // suspender object if applicable. Note that some callables (e.g. a
 // {WasmExportedFunction} or {WasmJSFunction}) just wrap another target, which
 // is why the ultimate target is provided as well.
-class WasmImportData {
+class ResolvedWasmImport {
  public:
-  V8_EXPORT_PRIVATE WasmImportData(
+  V8_EXPORT_PRIVATE ResolvedWasmImport(
       DirectHandle<WasmTrustedInstanceData> trusted_instance_data,
       int func_index, Handle<JSReceiver> callable, const wasm::FunctionSig* sig,
       uint32_t expected_canonical_type_index, WellKnownImport preknown_import);
@@ -128,7 +129,7 @@ MaybeHandle<WasmInstanceObject> InstantiateToInstanceObject(
 // {instance}. If successful, returns the empty {Optional}, otherwise an
 // {Optional} that contains the error message. Exits early if the segment is
 // already initialized.
-base::Optional<MessageTemplate> InitializeElementSegment(
+std::optional<MessageTemplate> InitializeElementSegment(
     Zone* zone, Isolate* isolate,
     Handle<WasmTrustedInstanceData> trusted_instance_data,
     Handle<WasmTrustedInstanceData> shared_trusted_instance_data,
diff --git a/deps/v8/src/wasm/names-provider.cc b/deps/v8/src/wasm/names-provider.cc
index f33681d9e7f788..7e046e2d5fbcb0 100644
--- a/deps/v8/src/wasm/names-provider.cc
+++ b/deps/v8/src/wasm/names-provider.cc
@@ -441,11 +441,14 @@ size_t NamesProvider::EstimateCurrentMemoryConsumption() const {
     result += names->field_names_.EstimateCurrentMemoryConsumption();
     result += names->tag_names_.EstimateCurrentMemoryConsumption();
   }
-  result += StringMapSize(import_export_function_names_);
-  result += StringMapSize(import_export_table_names_);
-  result += StringMapSize(import_export_memory_names_);
-  result += StringMapSize(import_export_global_names_);
-  result += StringMapSize(import_export_tag_names_);
+  {
+    base::MutexGuard lock(&mutex_);
+    result += StringMapSize(import_export_function_names_);
+    result += StringMapSize(import_export_table_names_);
+    result += StringMapSize(import_export_memory_names_);
+    result += StringMapSize(import_export_global_names_);
+    result += StringMapSize(import_export_tag_names_);
+  }
   if (v8_flags.trace_wasm_offheap_memory) {
     PrintF("NamesProvider: %zu\n", result);
   }
diff --git a/deps/v8/src/wasm/names-provider.h b/deps/v8/src/wasm/names-provider.h
index 695615f576bf77..f51c279b6012d5 100644
--- a/deps/v8/src/wasm/names-provider.h
+++ b/deps/v8/src/wasm/names-provider.h
@@ -82,7 +82,7 @@ class V8_EXPORT_PRIVATE NamesProvider {
 
   // Lazy loading must guard against concurrent modifications from multiple
   // {WasmModuleObject}s.
-  base::Mutex mutex_;
+  mutable base::Mutex mutex_;
   bool has_decoded_{false};
   bool has_computed_function_import_names_{false};
   bool has_computed_import_names_{false};
diff --git a/deps/v8/src/wasm/simd-shuffle.cc b/deps/v8/src/wasm/simd-shuffle.cc
index 24b37f499e0dcc..1ac6c14537596a 100644
--- a/deps/v8/src/wasm/simd-shuffle.cc
+++ b/deps/v8/src/wasm/simd-shuffle.cc
@@ -82,6 +82,35 @@ bool SimdShuffle::TryMatch32x4OneLaneSwizzle(const uint8_t* shuffle32x4,
   return false;
 }
 
+bool SimdShuffle::TryMatch64x2Shuffle(const uint8_t* shuffle,
+                                      uint8_t* shuffle64x2) {
+  constexpr std::array<uint64_t, 2> element_patterns = {
+      0x0706050403020100,  // 0
+      0x0f0e0d0c0b0a0908   // 1
+  };
+  uint64_t low_shuffle = reinterpret_cast<const uint64_t*>(shuffle)[0];
+  uint64_t high_shuffle = reinterpret_cast<const uint64_t*>(shuffle)[1];
+#ifdef V8_TARGET_BIG_ENDIAN
+  low_shuffle = base::bits::ReverseBytes(low_shuffle);
+  high_shuffle = base::bits::ReverseBytes(high_shuffle);
+#endif
+  if (element_patterns[0] == low_shuffle) {
+    shuffle64x2[0] = 0;
+  } else if (element_patterns[1] == low_shuffle) {
+    shuffle64x2[0] = 1;
+  } else {
+    return false;
+  }
+  if (element_patterns[0] == high_shuffle) {
+    shuffle64x2[1] = 0;
+  } else if (element_patterns[1] == high_shuffle) {
+    shuffle64x2[1] = 1;
+  } else {
+    return false;
+  }
+  return true;
+}
+
 bool SimdShuffle::TryMatch32x4Shuffle(const uint8_t* shuffle,
                                       uint8_t* shuffle32x4) {
   for (int i = 0; i < 4; ++i) {
@@ -151,6 +180,103 @@ bool SimdShuffle::TryMatchByteToDwordZeroExtend(const uint8_t* shuffle) {
   return true;
 }
 
+namespace {
+// Try to match the first step in a 32x4 pairwise shuffle.
+bool TryMatch32x4Pairwise(const uint8_t* shuffle) {
+  // Pattern to select 32-bit element 1.
+  constexpr uint8_t low_pattern_arr[4] = {4, 5, 6, 7};
+  // And we'll check that element 1 is shuffled into element 0.
+  uint32_t low_shuffle = reinterpret_cast<const uint32_t*>(shuffle)[0];
+  // Pattern to select 32-bit element 3.
+  constexpr uint8_t high_pattern_arr[4] = {12, 13, 14, 15};
+  // And we'll check that element 3 is shuffled into element 2.
+  uint32_t high_shuffle = reinterpret_cast<const uint32_t*>(shuffle)[2];
+  uint32_t low_pattern = *reinterpret_cast<const uint32_t*>(low_pattern_arr);
+  uint32_t high_pattern = *reinterpret_cast<const uint32_t*>(high_pattern_arr);
+  return low_shuffle == low_pattern && high_shuffle == high_pattern;
+}
+
+// Try to match the final step in a 32x4, now 32x2, pairwise shuffle.
+bool TryMatch32x2Pairwise(const uint8_t* shuffle) {
+  // Pattern to select 32-bit element 2.
+  constexpr uint8_t pattern_arr[4] = {8, 9, 10, 11};
+  // And we'll check that element 2 is shuffled to element 0.
+  uint32_t low_shuffle = reinterpret_cast<const uint32_t*>(shuffle)[0];
+  uint32_t pattern = *reinterpret_cast<const uint32_t*>(pattern_arr);
+  return low_shuffle == pattern;
+}
+
+// Try to match the first step in a upper-to-lower half shuffle.
+bool TryMatchUpperToLowerFirst(const uint8_t* shuffle) {
+  // There's 16 'active' bytes, so the pattern to select the upper half starts
+  // at byte 8.
+  constexpr uint8_t low_pattern_arr[8] = {8, 9, 10, 11, 12, 13, 14, 15};
+  // And we'll check that the top half is shuffled into the lower.
+  uint64_t low_shuffle = reinterpret_cast<const uint64_t*>(shuffle)[0];
+  uint64_t low_pattern = *reinterpret_cast<const uint64_t*>(low_pattern_arr);
+  return low_shuffle == low_pattern;
+}
+
+// Try to match the second step in a upper-to-lower half shuffle.
+bool TryMatchUpperToLowerSecond(const uint8_t* shuffle) {
+  // There's 8 'active' bytes, so the pattern to select the upper half starts
+  // at byte 4.
+  constexpr uint8_t low_pattern_arr[4] = {4, 5, 6, 7};
+  // And we'll check that the top half is shuffled into the lower.
+  uint32_t low_shuffle = reinterpret_cast<const uint32_t*>(shuffle)[0];
+  uint32_t low_pattern = *reinterpret_cast<const uint32_t*>(low_pattern_arr);
+  return low_shuffle == low_pattern;
+}
+
+// Try to match the third step in a upper-to-lower half shuffle.
+bool TryMatchUpperToLowerThird(const uint8_t* shuffle) {
+  // The vector now has 4 'active' bytes, select the top two.
+  constexpr uint8_t low_pattern_arr[2] = {2, 3};
+  // And check they're shuffled to the lower half.
+  uint16_t low_shuffle = reinterpret_cast<const uint16_t*>(shuffle)[0];
+  uint16_t low_pattern = *reinterpret_cast<const uint16_t*>(low_pattern_arr);
+  return low_shuffle == low_pattern;
+}
+
+// Try to match the fourth step in a upper-to-lower half shuffle.
+bool TryMatchUpperToLowerFourth(const uint8_t* shuffle) {
+  return shuffle[0] == 1;
+}
+}  // end namespace
+
+bool SimdShuffle::TryMatch8x16UpperToLowerReduce(const uint8_t* shuffle1,
+                                                 const uint8_t* shuffle2,
+                                                 const uint8_t* shuffle3,
+                                                 const uint8_t* shuffle4) {
+  return TryMatchUpperToLowerFirst(shuffle1) &&
+         TryMatchUpperToLowerSecond(shuffle2) &&
+         TryMatchUpperToLowerThird(shuffle3) &&
+         TryMatchUpperToLowerFourth(shuffle4);
+}
+
+bool SimdShuffle::TryMatch16x8UpperToLowerReduce(const uint8_t* shuffle1,
+                                                 const uint8_t* shuffle2,
+                                                 const uint8_t* shuffle3) {
+  return TryMatchUpperToLowerFirst(shuffle1) &&
+         TryMatchUpperToLowerSecond(shuffle2) &&
+         TryMatchUpperToLowerThird(shuffle3);
+}
+
+bool SimdShuffle::TryMatch32x4UpperToLowerReduce(const uint8_t* shuffle1,
+                                                 const uint8_t* shuffle2) {
+  return TryMatchUpperToLowerFirst(shuffle1) &&
+         TryMatchUpperToLowerSecond(shuffle2);
+}
+
+bool SimdShuffle::TryMatch32x4PairwiseReduce(const uint8_t* shuffle1,
+                                             const uint8_t* shuffle2) {
+  return TryMatch32x4Pairwise(shuffle1) && TryMatch32x2Pairwise(shuffle2);
+}
+
+bool SimdShuffle::TryMatch64x2Reduce(const uint8_t* shuffle64x2) {
+  return shuffle64x2[0] == 1;
+}
+
 uint8_t SimdShuffle::PackShuffle4(uint8_t* shuffle) {
   return (shuffle[0] & 3) | ((shuffle[1] & 3) << 2) | ((shuffle[2] & 3) << 4) |
          ((shuffle[3] & 3) << 6);
diff --git a/deps/v8/src/wasm/simd-shuffle.h b/deps/v8/src/wasm/simd-shuffle.h
index 7d423e2de4b5ba..3a4b2f966989d6 100644
--- a/deps/v8/src/wasm/simd-shuffle.h
+++ b/deps/v8/src/wasm/simd-shuffle.h
@@ -135,6 +135,11 @@ class V8_EXPORT_PRIVATE SimdShuffle {
   static bool TryMatch32x4OneLaneSwizzle(const uint8_t* shuffle32x4,
                                          uint8_t* from, uint8_t* to);
 
+  // Tries to match an 8x16 byte shuffle to an equivalent 64x2 shuffle. If
+  // successful, it writes the 64x2 shuffle word indices. E.g.
+  // [8 9 10 11 12 13 14 15 0 1 2 3 4 5 6 7] == [1 0]
+  static bool TryMatch64x2Shuffle(const uint8_t* shuffle, uint8_t* shuffle64x2);
+
   // Tries to match an 8x16 byte shuffle to an equivalent 32x4 shuffle. If
   // successful, it writes the 32x4 shuffle word indices. E.g.
   // [0 1 2 3 8 9 10 11 4 5 6 7 12 13 14 15] == [0 2 1 3]
@@ -169,6 +174,37 @@ class V8_EXPORT_PRIVATE SimdShuffle {
   // should be zero.
   static bool TryMatchByteToDwordZeroExtend(const uint8_t* shuffle);
 
+  // Tries to match a four-step reduction shuffle where, in each step, the
+  // upper half of the vector is shuffled into the bottom half. This is only
+  // valid when only lane 0 of the final shuffle result is used.
+  static bool TryMatch8x16UpperToLowerReduce(const uint8_t* shuffle1,
+                                             const uint8_t* shuffle2,
+                                             const uint8_t* shuffle3,
+                                             const uint8_t* shuffle4);
+
+  // Tries to match a three-step reduction shuffle where, in each step, the
+  // upper half of the vector is shuffled into the bottom half. This is only
+  // valid when only lane 0 of the final shuffle result is used.
+  static bool TryMatch16x8UpperToLowerReduce(const uint8_t* shuffle1,
+                                             const uint8_t* shuffle2,
+                                             const uint8_t* shuffle3);
+
+  // Tries to match a two-step reduction shuffle where, in each step, the
+  // upper half of the vector is shuffled into the bottom half. This is only
+  // valid when only lane 0 of the final shuffle result is used.
+  static bool TryMatch32x4UpperToLowerReduce(const uint8_t* shuffle1,
+                                             const uint8_t* shuffle2);
+
+  // Tries to match a 32x4 pairwise shuffle chain where, in each step, every
+  // other element is shuffled into the lower adjacent position. This is only
+  // valid when only lane 0 of the final shuffle result is used.
+  static bool TryMatch32x4PairwiseReduce(const uint8_t* shuffle1,
+                                         const uint8_t* shuffle2);
+
+  // Tries to match a 64-bit reduction, where element 1 is shuffled into 0.
+  // This is only valid when only lane 0 of the result is used.
+  static bool TryMatch64x2Reduce(const uint8_t* shuffle64x2);
+
   // Packs a 4 lane shuffle into a single imm8 suitable for use by pshufd,
   // pshuflw, and pshufhw.
   static uint8_t PackShuffle4(uint8_t* shuffle);
diff --git a/deps/v8/src/wasm/streaming-decoder.cc b/deps/v8/src/wasm/streaming-decoder.cc
index 786c5aa250f055..40a11803e4d506 100644
--- a/deps/v8/src/wasm/streaming-decoder.cc
+++ b/deps/v8/src/wasm/streaming-decoder.cc
@@ -4,6 +4,8 @@
 
 #include "src/wasm/streaming-decoder.h"
 
+#include <optional>
+
 #include "src/logging/counters.h"
 #include "src/wasm/decoder.h"
 #include "src/wasm/leb-helper.h"
@@ -18,9 +20,7 @@
     if (v8_flags.trace_wasm_streaming) PrintF(__VA_ARGS__); \
   } while (false)
 
-namespace v8 {
-namespace internal {
-namespace wasm {
+namespace v8::internal::wasm {
 
 class V8_EXPORT_PRIVATE AsyncStreamingDecoder : public StreamingDecoder {
  public:
@@ -75,7 +75,7 @@ class V8_EXPORT_PRIVATE AsyncStreamingDecoder : public StreamingDecoder {
                                offset_in_code_buffer + ref.length());
     }
 
-    base::Optional<ModuleWireBytes> GetModuleBytes() const final { return {}; }
+    std::optional<ModuleWireBytes> GetModuleBytes() const final { return {}; }
 
     uint32_t module_offset() const { return module_offset_; }
     base::Vector<uint8_t> bytes() const { return bytes_.as_vector(); }
@@ -757,8 +757,6 @@ std::unique_ptr<StreamingDecoder> StreamingDecoder::CreateAsyncStreamingDecoder(
   return std::make_unique<AsyncStreamingDecoder>(std::move(processor));
 }
 
-}  // namespace wasm
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::wasm
 
 #undef TRACE_STREAMING
diff --git a/deps/v8/src/wasm/streaming-decoder.h b/deps/v8/src/wasm/streaming-decoder.h
index 6e9d8dda11c548..92602144936abf 100644
--- a/deps/v8/src/wasm/streaming-decoder.h
+++ b/deps/v8/src/wasm/streaming-decoder.h
@@ -18,9 +18,8 @@
 #include "src/wasm/wasm-engine.h"
 #include "src/wasm/wasm-result.h"
 
-namespace v8 {
-namespace internal {
-namespace wasm {
+namespace v8::internal::wasm {
+
 class NativeModule;
 
 // This class is an interface for the StreamingDecoder to start the processing
@@ -129,8 +128,6 @@ class V8_EXPORT_PRIVATE StreamingDecoder {
   base::Vector<const uint8_t> compiled_module_bytes_;
 };
 
-}  // namespace wasm
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::wasm
 
 #endif  // V8_WASM_STREAMING_DECODER_H_
diff --git a/deps/v8/src/wasm/turboshaft-graph-interface.cc b/deps/v8/src/wasm/turboshaft-graph-interface.cc
index ab43f5af363ece..ea1b4baf4d5895 100644
--- a/deps/v8/src/wasm/turboshaft-graph-interface.cc
+++ b/deps/v8/src/wasm/turboshaft-graph-interface.cc
@@ -4,6 +4,8 @@
 
 #include "src/wasm/turboshaft-graph-interface.h"
 
+#include <optional>
+
 #include "absl/container/btree_map.h"
 #include "include/v8-fast-api-calls.h"
 #include "src/base/logging.h"
@@ -192,7 +194,7 @@ V<BigInt> WasmGraphBuilderBase::BuildChangeInt64ToBigInt(
 }
 
 std::pair<V<WordPtr>, V<HeapObject>>
-WasmGraphBuilderBase::BuildImportedFunctionTargetAndRef(
+WasmGraphBuilderBase::BuildImportedFunctionTargetAndImplicitArg(
     ConstOrV<Word32> func_index,
     V<WasmTrustedInstanceData> trusted_instance_data) {
   V<WasmDispatchTable> dispatch_table = LOAD_IMMUTABLE_PROTECTED_INSTANCE_FIELD(
@@ -204,10 +206,11 @@ WasmGraphBuilderBase::BuildImportedFunctionTargetAndRef(
     V<WordPtr> target = __ Load(dispatch_table, LoadOp::Kind::TaggedBase(),
                                 MemoryRepresentation::UintPtr(),
                                 offset + WasmDispatchTable::kTargetBias);
-    V<ExposedTrustedObject> ref = V<ExposedTrustedObject>::Cast(
-        __ LoadProtectedPointerField(dispatch_table, LoadOp::Kind::TaggedBase(),
-                                     offset + WasmDispatchTable::kRefBias));
-    return {target, ref};
+    V<ExposedTrustedObject> implicit_arg =
+        V<ExposedTrustedObject>::Cast(__ LoadProtectedPointerField(
+            dispatch_table, LoadOp::Kind::TaggedBase(),
+            offset + WasmDispatchTable::kImplicitArgBias));
+    return {target, implicit_arg};
   }
 
   V<WordPtr> dispatch_table_entry_offset =
@@ -217,21 +220,22 @@ WasmGraphBuilderBase::BuildImportedFunctionTargetAndRef(
       dispatch_table, dispatch_table_entry_offset, LoadOp::Kind::TaggedBase(),
       MemoryRepresentation::UintPtr(),
       WasmDispatchTable::kEntriesOffset + WasmDispatchTable::kTargetBias);
-  V<ExposedTrustedObject> ref =
-      V<ExposedTrustedObject>::Cast(__ LoadProtectedPointerField(
-          dispatch_table, dispatch_table_entry_offset,
-          LoadOp::Kind::TaggedBase(),
-          WasmDispatchTable::kEntriesOffset + WasmDispatchTable::kRefBias, 0));
-  return {target, ref};
+  V<ExposedTrustedObject> implicit_arg = V<ExposedTrustedObject>::Cast(
+      __ LoadProtectedPointerField(dispatch_table, dispatch_table_entry_offset,
+                                   LoadOp::Kind::TaggedBase(),
+                                   WasmDispatchTable::kEntriesOffset +
+                                       WasmDispatchTable::kImplicitArgBias,
+                                   0));
+  return {target, implicit_arg};
 }
 
 std::pair<V<WordPtr>, V<ExposedTrustedObject>>
-WasmGraphBuilderBase::BuildFunctionTargetAndRef(
+WasmGraphBuilderBase::BuildFunctionTargetAndImplicitArg(
     V<WasmInternalFunction> internal_function, uint64_t expected_sig_hash) {
-  V<ExposedTrustedObject> ref =
+  V<ExposedTrustedObject> implicit_arg =
       V<ExposedTrustedObject>::Cast(__ LoadProtectedPointerField(
           internal_function, LoadOp::Kind::TaggedBase().Immutable(),
-          WasmInternalFunction::kProtectedRefOffset));
+          WasmInternalFunction::kProtectedImplicitArgOffset));
 
 #if V8_ENABLE_SANDBOX
   V<Word64> actual_sig_hash =
@@ -251,7 +255,7 @@ WasmGraphBuilderBase::BuildFunctionTargetAndRef(
                               MemoryRepresentation::UintPtr(),
                               WasmInternalFunction::kCallTargetOffset);
 
-  return {target, ref};
+  return {target, implicit_arg};
 }
 
 RegisterRepresentation WasmGraphBuilderBase::RepresentationFor(ValueType type) {
@@ -758,8 +762,8 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       }
     }
 
-    base::Optional<uint32_t> default_target_;
-    base::Optional<uint32_t> primary_target_;
+    std::optional<uint32_t> default_target_;
+    std::optional<uint32_t> primary_target_;
     CaseVector primary_indices_;
     TargetMap other_targets_;
   };
@@ -1400,6 +1404,12 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
   void LoadMem(FullDecoder* decoder, LoadType type,
                const MemoryAccessImmediate& imm, const Value& index,
                Value* result) {
+    bool needs_f16_to_f32_conv = false;
+    if (type.value() == LoadType::kF32LoadF16 &&
+        !SupportedOperations::float16()) {
+      needs_f16_to_f32_conv = true;
+      type = LoadType::kI32Load16U;
+    }
     MemoryRepresentation repr =
         MemoryRepresentation::FromMachineType(type.mem_type());
 
@@ -1423,11 +1433,16 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     load = BuildChangeEndiannessLoad(load, type.mem_type(), type.value_type());
 #endif
 
-    OpIndex extended_load =
-        (type.value_type() == kWasmI64 && repr.SizeInBytes() < 8)
-            ? (repr.IsSigned() ? __ ChangeInt32ToInt64(load)
-                               : __ ChangeUint32ToUint64(load))
-            : load;
+    if (type.value_type() == kWasmI64 && repr.SizeInBytes() < 8) {
+      load = repr.IsSigned() ? __ ChangeInt32ToInt64(load)
+                             : __ ChangeUint32ToUint64(load);
+    }
+
+    if (needs_f16_to_f32_conv) {
+      load = CallCStackSlotToStackSlot(
+          load, ExternalReference::wasm_float16_to_float32(),
+          MemoryRepresentation::Uint16(), MemoryRepresentation::Float32());
+    }
 
     if (v8_flags.trace_wasm_memory) {
       // TODO(14259): Implement memory tracing for multiple memories.
@@ -1435,7 +1450,7 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       TraceMemoryOperation(decoder, false, repr, final_index, imm.offset);
     }
 
-    result->op = extended_load;
+    result->op = load;
   }
 
   void LoadTransform(FullDecoder* decoder, LoadType type,
@@ -1559,6 +1574,12 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
   void StoreMem(FullDecoder* decoder, StoreType type,
                 const MemoryAccessImmediate& imm, const Value& index,
                 const Value& value) {
+    bool needs_f32_to_f16_conv = false;
+    if (type.value() == StoreType::kF32StoreF16 &&
+        !SupportedOperations::float16()) {
+      needs_f32_to_f16_conv = true;
+      type = StoreType::kI32Store16;
+    }
     MemoryRepresentation repr =
         MemoryRepresentation::FromMachineRepresentation(type.mem_rep());
 
@@ -1577,6 +1598,11 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     if (value.type == kWasmI64 && repr.SizeInBytes() <= 4) {
       store_value = __ TruncateWord64ToWord32(store_value);
     }
+    if (needs_f32_to_f16_conv) {
+      store_value = CallCStackSlotToStackSlot(
+          store_value, ExternalReference::wasm_float32_to_float16(),
+          MemoryRepresentation::Float32(), MemoryRepresentation::Int16());
+    }
 
 #if defined(V8_TARGET_BIG_ENDIAN)
     store_value = BuildChangeEndiannessStore(store_value, type.mem_rep(),
@@ -2202,8 +2228,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     Label<> done(&asm_);
     GOTO(done);
     BIND(value_out_of_range);
-    auto [target, ref] = BuildImportedFunctionTargetAndRef(decoder, imm.index);
-    BuildWasmCall(decoder, imm.sig, target, ref, args, returns);
+    auto [target, implicit_arg] =
+        BuildImportedFunctionTargetAndImplicitArg(decoder, imm.index);
+    BuildWasmCall(decoder, imm.sig, target, implicit_arg, args, returns);
     __ Unreachable();
     BIND(done);
     if (sig->return_count()) {
@@ -2600,9 +2627,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       if (HandleWellKnownImport(decoder, imm, args, returns)) {
         return;
       }
-      auto [target, ref] =
-          BuildImportedFunctionTargetAndRef(decoder, imm.index);
-      BuildWasmCall(decoder, imm.sig, target, ref, args, returns);
+      auto [target, implicit_arg] =
+          BuildImportedFunctionTargetAndImplicitArg(decoder, imm.index);
+      BuildWasmCall(decoder, imm.sig, target, implicit_arg, args, returns);
     } else {
       // Locally defined function.
       if (inlining_enabled(decoder) &&
@@ -2629,9 +2656,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
                   const Value args[]) {
     feedback_slot_++;
     if (imm.index < decoder->module_->num_imported_functions) {
-      auto [target, ref] =
-          BuildImportedFunctionTargetAndRef(decoder, imm.index);
-      BuildWasmMaybeReturnCall(decoder, imm.sig, target, ref, args);
+      auto [target, implicit_arg] =
+          BuildImportedFunctionTargetAndImplicitArg(decoder, imm.index);
+      BuildWasmMaybeReturnCall(decoder, imm.sig, target, implicit_arg, args);
     } else {
       // Locally defined function.
       if (inlining_enabled(decoder) &&
@@ -2660,6 +2687,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
                     Value returns[]) {
     if (v8_flags.wasm_inlining_call_indirect) {
       feedback_slot_++;
+      // In case of being unreachable, skip it because it tries to accesss nodes
+      // which might be non-existent (OpIndex::Invalid()) in unreachable code.
+      if (__ generating_unreachable_operations()) return;
 
       if (should_inline(decoder, feedback_slot_,
                         std::numeric_limits<int>::max())) {
@@ -2672,7 +2702,7 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         // we know already from the static check on the inlinee (see below) that
         // the inlined code has the right signature.
         constexpr bool kNeedsTypeOrNullCheck = false;
-        auto [target, _ref] = BuildIndirectCallTargetAndRef(
+        auto [target, _implicit_arg] = BuildIndirectCallTargetAndImplicitArg(
             decoder, index_wordptr, imm, kNeedsTypeOrNullCheck);
 
         size_t return_count = imm.sig->return_count();
@@ -2708,10 +2738,6 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
             // Do not use the deopt slowpath if we decided to not inline (at
             // least) one call target.
             // Otherwise, this could lead to a deopt loop.
-            // TODO(42204618): In case of only one known target it might make
-            // sense to still emit a `DeoptIfNot` and have a direct call for the
-            // non-inlined known call target. Evaluate the performance
-            // characteristics of this.
             use_deopt_slowpath = false;
             continue;
           }
@@ -2719,9 +2745,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
           // Ensure that we only inline if the inlinee's signature is compatible
           // with the call_indirect. In other words, perform the type check that
           // would normally be done dynamically (see above
-          // `BuildIndirectCallTargetAndRef`) statically on the inlined target.
-          // This can fail, e.g., because the mapping of feedback back to
-          // function indices may produce spurious targets, or because the
+          // `BuildIndirectCallTargetAndImplicitArg`) statically on the inlined
+          // target. This can fail, e.g., because the mapping of feedback back
+          // to function indices may produce spurious targets, or because the
           // feedback in the JS heap has been corrupted by a vulnerability.
           if (!InlineTargetIsTypeCompatible(
                   decoder->module_, imm.sig,
@@ -2816,11 +2842,11 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
           TSBlock* no_inline_block = case_blocks.back();
           __ Bind(no_inline_block);
           instance_cache_.RestoreFromSnapshot(saved_cache);
-          auto [target, ref] =
-              BuildIndirectCallTargetAndRef(decoder, index_wordptr, imm);
+          auto [target, implicit_arg] = BuildIndirectCallTargetAndImplicitArg(
+              decoder, index_wordptr, imm);
           SmallZoneVector<Value, 4> indirect_returns(return_count,
                                                      decoder->zone_);
-          BuildWasmCall(decoder, imm.sig, target, ref, args,
+          BuildWasmCall(decoder, imm.sig, target, implicit_arg, args,
                         indirect_returns.data());
           for (size_t ret = 0; ret < indirect_returns.size(); ret++) {
             case_returns[ret].push_back(indirect_returns[ret].op);
@@ -2847,9 +2873,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     // Didn't inline.
     V<WordPtr> index_wordptr =
         TableIndexToUintPtrOrOOBTrap(imm.table_imm.table->is_table64, index.op);
-    auto [target, ref] =
-        BuildIndirectCallTargetAndRef(decoder, index_wordptr, imm);
-    BuildWasmCall(decoder, imm.sig, target, ref, args, returns);
+    auto [target, implicit_arg] =
+        BuildIndirectCallTargetAndImplicitArg(decoder, index_wordptr, imm);
+    BuildWasmCall(decoder, imm.sig, target, implicit_arg, args, returns);
   }
 
   void ReturnCallIndirect(FullDecoder* decoder, const Value& index,
@@ -2869,7 +2895,7 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         // we know already from the static check on the inlinee (see below) that
         // the inlined code has the right signature.
         constexpr bool kNeedsTypeOrNullCheck = false;
-        auto [target, _ref] = BuildIndirectCallTargetAndRef(
+        auto [target, _implicit_arg] = BuildIndirectCallTargetAndImplicitArg(
             decoder, index_wordptr, imm, kNeedsTypeOrNullCheck);
 
         base::Vector<InliningTree*> feedback_cases =
@@ -2894,9 +2920,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
           // Ensure that we only inline if the inlinee's signature is compatible
           // with the call_indirect. In other words, perform the type check that
           // would normally be done dynamically (see above
-          // `BuildIndirectCallTargetAndRef`) statically on the inlined target.
-          // This can fail, e.g., because the mapping of feedback back to
-          // function indices may produce spurious targets, or because the
+          // `BuildIndirectCallTargetAndImplicitArg`) statically on the inlined
+          // target. This can fail, e.g., because the mapping of feedback back
+          // to function indices may produce spurious targets, or because the
           // feedback in the JS heap has been corrupted by a vulnerability.
           if (!InlineTargetIsTypeCompatible(
                   decoder->module_, imm.sig,
@@ -2952,14 +2978,19 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     // Didn't inline.
     V<WordPtr> index_wordptr =
         TableIndexToUintPtrOrOOBTrap(imm.table_imm.table->is_table64, index.op);
-    auto [target, ref] =
-        BuildIndirectCallTargetAndRef(decoder, index_wordptr, imm);
-    BuildWasmMaybeReturnCall(decoder, imm.sig, target, ref, args);
+    auto [target, implicit_arg] =
+        BuildIndirectCallTargetAndImplicitArg(decoder, index_wordptr, imm);
+    BuildWasmMaybeReturnCall(decoder, imm.sig, target, implicit_arg, args);
   }
 
   void CallRef(FullDecoder* decoder, const Value& func_ref,
                const FunctionSig* sig, const Value args[], Value returns[]) {
+    // TODO(14108): As the slot needs to be aligned with Liftoff, ideally the
+    // stack slot index would be provided by the decoder and passed to both
+    // Liftoff and Turbofan.
     feedback_slot_++;
+    // In case of being unreachable, skip it because it tries to accesss nodes
+    // which might be non-existent (OpIndex::Invalid()) in unreachable code.
     if (__ generating_unreachable_operations()) return;
 
 #if V8_ENABLE_SANDBOX
@@ -3012,10 +3043,6 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
           __ Goto(case_blocks[i + 1]);
           // Do not use the deopt slowpath if we decided to not inline (at
           // least) one call target. Otherwise, this could lead to a deopt loop.
-          // TODO(42204618): In case of only one known target it might make
-          // sense to still emit a `DeoptIfNot` and have a direct call for the
-          // non-inlined known call target. Evaluate the performance
-          // characteristics of this.
           use_deopt_slowpath = false;
           continue;
         }
@@ -3091,10 +3118,12 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         TSBlock* no_inline_block = case_blocks.back();
         __ Bind(no_inline_block);
         instance_cache_.RestoreFromSnapshot(saved_cache);
-        auto [target, ref] = BuildFunctionReferenceTargetAndRef(
-            func_ref.op, func_ref.type, signature_hash);
+        auto [target, implicit_arg] =
+            BuildFunctionReferenceTargetAndImplicitArg(
+                func_ref.op, func_ref.type, signature_hash);
         SmallZoneVector<Value, 4> ref_returns(return_count, decoder->zone_);
-        BuildWasmCall(decoder, sig, target, ref, args, ref_returns.data());
+        BuildWasmCall(decoder, sig, target, implicit_arg, args,
+                      ref_returns.data());
         for (size_t ret = 0; ret < ref_returns.size(); ret++) {
           case_returns[ret].push_back(ref_returns[ret].op);
         }
@@ -3113,9 +3142,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         instance_cache_.set_mutable_field_value(i, phi);
       }
     } else {
-      auto [target, ref] = BuildFunctionReferenceTargetAndRef(
+      auto [target, implicit_arg] = BuildFunctionReferenceTargetAndImplicitArg(
           func_ref.op, func_ref.type, signature_hash);
-      BuildWasmCall(decoder, sig, target, ref, args, returns);
+      BuildWasmCall(decoder, sig, target, implicit_arg, args, returns);
     }
   }
 
@@ -3145,6 +3174,9 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       constexpr int kSlowpathCase = 1;
       base::SmallVector<TSBlock*, wasm::kMaxPolymorphism + kSlowpathCase>
           case_blocks;
+
+      InstanceCache::Snapshot instance_cache_snapshot =
+          instance_cache_.SaveState();
       for (size_t i = 0; i < feedback_cases.size() + kSlowpathCase; i++) {
         case_blocks.push_back(__ NewBlock());
       }
@@ -3184,14 +3216,16 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
 
         // An inlined tail call should still terminate execution.
         DCHECK_NULL(__ current_block());
+        // Restore the instance cache for the next inlinee or the default case.
+        instance_cache_.RestoreFromSnapshot(instance_cache_snapshot);
       }
 
       TSBlock* no_inline_block = case_blocks.back();
       __ Bind(no_inline_block);
     }
-    auto [target, ref] = BuildFunctionReferenceTargetAndRef(
+    auto [target, implicit_arg] = BuildFunctionReferenceTargetAndImplicitArg(
         func_ref.op, func_ref.type, signature_hash);
-    BuildWasmMaybeReturnCall(decoder, sig, target, ref, args);
+    BuildWasmMaybeReturnCall(decoder, sig, target, implicit_arg, args);
   }
 
   void BrOnNull(FullDecoder* decoder, const Value& ref_object, uint32_t depth,
@@ -3221,8 +3255,53 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
                         V<compiler::turboshaft::Simd128>::Cast(args[1].op),   \
                         compiler::turboshaft::Simd128BinopOp::Kind::k##kind); \
     break;
-      FOREACH_SIMD_128_BINARY_OPCODE(HANDLE_BINARY_OPCODE)
+      FOREACH_SIMD_128_BINARY_MANDATORY_OPCODE(HANDLE_BINARY_OPCODE)
 #undef HANDLE_BINARY_OPCODE
+#define HANDLE_F16X8_BIN_OPTIONAL_OPCODE(kind, extern_ref)                     \
+  case kExprF16x8##kind:                                                       \
+    if (SupportedOperations::float16()) {                                      \
+      result->op = __ Simd128Binop(                                            \
+          V<compiler::turboshaft::Simd128>::Cast(args[0].op),                  \
+          V<compiler::turboshaft::Simd128>::Cast(args[1].op),                  \
+          compiler::turboshaft::Simd128BinopOp::Kind::kF16x8##kind);           \
+    } else {                                                                   \
+      result->op = CallCStackSlotToStackSlot(args[0].op, args[1].op,           \
+                                             ExternalReference::extern_ref(),  \
+                                             MemoryRepresentation::Simd128()); \
+    }                                                                          \
+    break;
+
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Add, wasm_f16x8_add)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Sub, wasm_f16x8_sub)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Mul, wasm_f16x8_mul)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Div, wasm_f16x8_div)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Min, wasm_f16x8_min)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Max, wasm_f16x8_max)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Pmin, wasm_f16x8_pmin)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Pmax, wasm_f16x8_pmax)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Eq, wasm_f16x8_eq)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Ne, wasm_f16x8_ne)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Lt, wasm_f16x8_lt)
+      HANDLE_F16X8_BIN_OPTIONAL_OPCODE(Le, wasm_f16x8_le)
+#undef HANDLE_F16X8_BIN_OPCODE
+
+#define HANDLE_F16X8_INVERSE_COMPARISON(kind, ts_kind, extern_ref)             \
+  case kExprF16x8##kind:                                                       \
+    if (SupportedOperations::float16()) {                                      \
+      result->op = __ Simd128Binop(                                            \
+          V<compiler::turboshaft::Simd128>::Cast(args[1].op),                  \
+          V<compiler::turboshaft::Simd128>::Cast(args[0].op),                  \
+          compiler::turboshaft::Simd128BinopOp::Kind::kF16x8##ts_kind);        \
+    } else {                                                                   \
+      result->op = CallCStackSlotToStackSlot(args[1].op, args[0].op,           \
+                                             ExternalReference::extern_ref(),  \
+                                             MemoryRepresentation::Simd128()); \
+    }                                                                          \
+    break;
+
+      HANDLE_F16X8_INVERSE_COMPARISON(Gt, Lt, wasm_f16x8_lt)
+      HANDLE_F16X8_INVERSE_COMPARISON(Ge, Le, wasm_f16x8_le)
+#undef HANDLE_F16X8_INVERSE_COMPARISON
 
 #define HANDLE_INVERSE_COMPARISON(wasm_kind, ts_kind)            \
   case kExpr##wasm_kind:                                         \
@@ -3279,6 +3358,28 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
           MemoryRepresentation::Simd128());                       \
     }                                                             \
     break;
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Abs, float16, wasm_f16x8_abs)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Neg, float16, wasm_f16x8_neg)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Sqrt, float16, wasm_f16x8_sqrt)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Ceil, float16, wasm_f16x8_ceil)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Floor, float16, wasm_f16x8_floor)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8Trunc, float16, wasm_f16x8_trunc)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8NearestInt, float16,
+                                   wasm_f16x8_nearest_int)
+      HANDLE_UNARY_OPTIONAL_OPCODE(I16x8SConvertF16x8, float16,
+                                   wasm_i16x8_sconvert_f16x8)
+      HANDLE_UNARY_OPTIONAL_OPCODE(I16x8UConvertF16x8, float16,
+                                   wasm_i16x8_uconvert_f16x8)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8SConvertI16x8, float16,
+                                   wasm_f16x8_sconvert_i16x8)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8UConvertI16x8, float16,
+                                   wasm_f16x8_uconvert_i16x8)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8DemoteF32x4Zero, float16,
+                                   wasm_f16x8_demote_f32x4_zero)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F16x8DemoteF64x2Zero, float64_to_float16,
+                                   wasm_f16x8_demote_f64x2_zero)
+      HANDLE_UNARY_OPTIONAL_OPCODE(F32x4PromoteLowF16x8, float16,
+                                   wasm_f32x4_promote_low_f16x8)
       HANDLE_UNARY_OPTIONAL_OPCODE(F32x4Ceil, float32_round_up, wasm_f32x4_ceil)
       HANDLE_UNARY_OPTIONAL_OPCODE(F32x4Floor, float32_round_down,
                                    wasm_f32x4_floor)
@@ -3320,8 +3421,22 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         __ Simd128Splat(V<Any>::Cast(args[0].op),                             \
                         compiler::turboshaft::Simd128SplatOp::Kind::k##kind); \
     break;
-      FOREACH_SIMD_128_SPLAT_OPCODE(HANDLE_SPLAT_OPCODE)
+      FOREACH_SIMD_128_SPLAT_MANDATORY_OPCODE(HANDLE_SPLAT_OPCODE)
 #undef HANDLE_SPLAT_OPCODE
+      case kExprF16x8Splat:
+        if (SupportedOperations::float16()) {
+          result->op = __ Simd128Splat(
+              V<Any>::Cast(args[0].op),
+              compiler::turboshaft::Simd128SplatOp::Kind::kF16x8);
+        } else {
+          auto f16 = CallCStackSlotToStackSlot(
+              args[0].op, ExternalReference::wasm_float32_to_float16(),
+              MemoryRepresentation::Float32(), MemoryRepresentation::Int16());
+          result->op = __ Simd128Splat(
+              V<Any>::Cast(f16),
+              compiler::turboshaft::Simd128SplatOp::Kind::kI16x8);
+        }
+        break;
 
 // Ternary mask operators put the mask as first input.
 #define HANDLE_TERNARY_MASK_OPCODE(kind)                        \
@@ -3346,6 +3461,25 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       FOREACH_SIMD_128_TERNARY_OTHER_OPCODE(HANDLE_TERNARY_OTHER_OPCODE)
 #undef HANDLE_TERNARY_OTHER_OPCODE
 
+#define HANDLE_F16X8_TERN_OPCODE(kind, extern_ref)                          \
+  case kExpr##kind:                                                         \
+    if (SupportedOperations::float16()) {                                   \
+      result->op = __ Simd128Ternary(                                       \
+          V<compiler::turboshaft::Simd128>::Cast(args[0].op),               \
+          V<compiler::turboshaft::Simd128>::Cast(args[1].op),               \
+          V<compiler::turboshaft::Simd128>::Cast(args[2].op),               \
+          compiler::turboshaft::Simd128TernaryOp::Kind::k##kind);           \
+    } else {                                                                \
+      result->op = CallCStackSlotToStackSlot(                               \
+          ExternalReference::extern_ref(), MemoryRepresentation::Simd128(), \
+          {{args[0].op, MemoryRepresentation::Simd128()},                   \
+           {args[1].op, MemoryRepresentation::Simd128()},                   \
+           {args[2].op, MemoryRepresentation::Simd128()}});                 \
+    }                                                                       \
+    break;
+        HANDLE_F16X8_TERN_OPCODE(F16x8Qfma, wasm_f16x8_qfma)
+        HANDLE_F16X8_TERN_OPCODE(F16x8Qfms, wasm_f16x8_qfms)
+#undef HANDLE_F16X8_TERN_OPCODE
       default:
         UNREACHABLE();
     }
@@ -3383,6 +3517,18 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         result->op = __ Simd128ExtractLane(
             input_val, Simd128ExtractLaneOp::Kind::kI64x2, imm.lane);
         break;
+      case kExprF16x8ExtractLane:
+        if (SupportedOperations::float16()) {
+          result->op = __ Simd128ExtractLane(
+              input_val, Simd128ExtractLaneOp::Kind::kF16x8, imm.lane);
+        } else {
+          auto f16 = __ Simd128ExtractLane(
+              input_val, Simd128ExtractLaneOp::Kind::kI16x8S, imm.lane);
+          result->op = CallCStackSlotToStackSlot(
+              f16, ExternalReference::wasm_float16_to_float32(),
+              MemoryRepresentation::Int16(), MemoryRepresentation::Float32());
+        }
+        break;
       case kExprF32x4ExtractLane:
         result->op = __ Simd128ExtractLane(
             input_val, Simd128ExtractLaneOp::Kind::kF32x4, imm.lane);
@@ -3411,6 +3557,20 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
             __ Simd128ReplaceLane(input_val, V<Any>::Cast(inputs[1].op),
                                   Simd128ReplaceLaneOp::Kind::kI64x2, imm.lane);
         break;
+      case kExprF16x8ReplaceLane:
+        if (SupportedOperations::float16()) {
+          result->op = __ Simd128ReplaceLane(
+              input_val, V<Any>::Cast(inputs[1].op),
+              Simd128ReplaceLaneOp::Kind::kF16x8, imm.lane);
+        } else {
+          auto f16 = CallCStackSlotToStackSlot(
+              inputs[1].op, ExternalReference::wasm_float32_to_float16(),
+              MemoryRepresentation::Float32(), MemoryRepresentation::Int16());
+          result->op = __ Simd128ReplaceLane(input_val, V<Any>::Cast(f16),
+                                             Simd128ReplaceLaneOp::Kind::kI16x8,
+                                             imm.lane);
+        }
+        break;
       case kExprF32x4ReplaceLane:
         result->op =
             __ Simd128ReplaceLane(input_val, V<Any>::Cast(inputs[1].op),
@@ -5468,7 +5628,7 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
 
     // Default ctor and later initialization for function returns.
     explicit BlockPhis(Zone* zone) : incoming_exceptions_(zone) {}
-    void InitReturnPhis(base::iterator_range<const ValueType*> return_types,
+    void InitReturnPhis(base::Vector<const ValueType> return_types,
                         InstanceCache& instance_cache) {
       // For `return_phis_`, nobody should have inserted into `this` before
       // calling `InitReturnPhis`.
@@ -5577,7 +5737,8 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
       CHECK_EQ(phi_inputs_total_, phi_count() * inputs_per_phi_);
       CHECK_EQ(phi_count(), input_count_per_phi_.size());
       CHECK(std::all_of(input_count_per_phi_.begin(),
-                        input_count_per_phi_.end(), [=](uint32_t input_count) {
+                        input_count_per_phi_.end(),
+                        [=, this](uint32_t input_count) {
                           return input_count == inputs_per_phi_;
                         }));
     }
@@ -5821,7 +5982,7 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
                          wasm_local_count - callee_sig->return_count();
     local_count += args != nullptr ? callee_sig->parameter_count() : 0;
     Handle<SharedFunctionInfo> shared_info;
-    Zone* zone = Asm().data()->shared_zone();
+    Zone* zone = Asm().data()->compilation_zone();
     auto* function_info = zone->New<compiler::FrameStateFunctionInfo>(
         compiler::FrameStateType::kLiftoffFunction,
         static_cast<uint16_t>(param_count), 0, static_cast<int>(local_count),
@@ -6998,15 +7159,6 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
         enforce_bounds_check ==
             compiler::EnforceBoundsCheck::kCanOmitBoundsCheck) {
       if (memory->is_memory64) {
-        if (static_cast<bool>(alignment_check) && align_mask != 0 &&
-            ((offset & align_mask) != 0)) {
-          // The index will be set to max_memory_size, and it is certainly
-          // aligned; if offset is unaligned we need to directly trap because we
-          // might cause a spurious unaligned access and a DCHECK failure if we
-          // are running in the simulator.
-          __ TrapIf(__ Word32Constant(1), TrapId::kTrapMemOutOfBounds);
-        }
-
         V<Word32> cond = __ __ Uint64LessThan(
             V<Word64>::Cast(converted_index),
             __ Word64Constant(memory->GetMemory64GuardsSize()));
@@ -7117,19 +7269,22 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
   }
 
  private:
-  std::pair<V<WordPtr>, V<HeapObject>> BuildImportedFunctionTargetAndRef(
-      FullDecoder* decoder, uint32_t function_index) {
+  std::pair<V<WordPtr>, V<HeapObject>>
+  BuildImportedFunctionTargetAndImplicitArg(FullDecoder* decoder,
+                                            uint32_t function_index) {
     uint32_t sig_index = decoder->module_->functions[function_index].sig_index;
     bool shared = decoder->module_->types[sig_index].is_shared;
-    return WasmGraphBuilderBase::BuildImportedFunctionTargetAndRef(
+    return WasmGraphBuilderBase::BuildImportedFunctionTargetAndImplicitArg(
         function_index, trusted_instance_data(shared));
   }
 
-  // Returns the call target and the ref (WasmTrustedInstanceData or
-  // WasmApiFunctionRef) for an indirect call.
-  std::pair<V<WordPtr>, V<ExposedTrustedObject>> BuildIndirectCallTargetAndRef(
-      FullDecoder* decoder, V<WordPtr> index_wordptr, CallIndirectImmediate imm,
-      bool needs_type_or_null_check = true) {
+  // Returns the call target and the implicit argument (WasmTrustedInstanceData
+  // or WasmImportData) for an indirect call.
+  std::pair<V<WordPtr>, V<ExposedTrustedObject>>
+  BuildIndirectCallTargetAndImplicitArg(FullDecoder* decoder,
+                                        V<WordPtr> index_wordptr,
+                                        CallIndirectImmediate imm,
+                                        bool needs_type_or_null_check = true) {
     static_assert(kV8MaxWasmTableSize < size_t{kMaxInt});
     const WasmTable* table = imm.table_imm.table;
 
@@ -7260,19 +7415,21 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     V<WordPtr> target = __ Load(
         dispatch_table, dispatch_table_entry_offset, LoadOp::Kind::TaggedBase(),
         MemoryRepresentation::UintPtr(), WasmDispatchTable::kTargetBias);
-    V<ExposedTrustedObject> ref =
+    V<ExposedTrustedObject> implicit_arg =
         V<ExposedTrustedObject>::Cast(__ LoadProtectedPointerField(
             dispatch_table, dispatch_table_entry_offset,
-            LoadOp::Kind::TaggedBase(), WasmDispatchTable::kRefBias, 0));
+            LoadOp::Kind::TaggedBase(), WasmDispatchTable::kImplicitArgBias,
+            0));
 
-    return {target, ref};
+    return {target, implicit_arg};
   }
 
-  // Load the call target and ref (WasmTrustedInstanceData or
-  // WasmApiFunctionRef) from a function reference.
+  // Load the call target and implicit arg (WasmTrustedInstanceData or
+  // WasmImportData) from a function reference.
   std::pair<V<WordPtr>, V<ExposedTrustedObject>>
-  BuildFunctionReferenceTargetAndRef(V<WasmFuncRef> func_ref, ValueType type,
-                                     uint64_t expected_sig_hash) {
+  BuildFunctionReferenceTargetAndImplicitArg(V<WasmFuncRef> func_ref,
+                                             ValueType type,
+                                             uint64_t expected_sig_hash) {
     if (type.is_nullable() &&
         null_check_strategy_ == compiler::NullCheckStrategy::kExplicit) {
       func_ref = V<WasmFuncRef>::Cast(
@@ -7290,7 +7447,8 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
             func_ref, load_kind, kWasmInternalFunctionIndirectPointerTag,
             WasmFuncRef::kTrustedInternalOffset));
 
-    return BuildFunctionTargetAndRef(internal_function, expected_sig_hash);
+    return BuildFunctionTargetAndImplicitArg(internal_function,
+                                             expected_sig_hash);
   }
 
   OpIndex AnnotateResultIfReference(OpIndex result, wasm::ValueType type) {
@@ -7536,32 +7694,44 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     return CallC(&sig, ref, stack_slot_param);
   }
 
-  OpIndex CallCStackSlotToStackSlot(OpIndex arg, ExternalReference ref,
-                                    MemoryRepresentation arg_type) {
-    V<WordPtr> stack_slot =
-        __ StackSlot(arg_type.SizeInBytes(), arg_type.SizeInBytes());
-    __ Store(stack_slot, arg, StoreOp::Kind::RawAligned(), arg_type,
-             compiler::WriteBarrierKind::kNoWriteBarrier);
+  OpIndex CallCStackSlotToStackSlot(
+      ExternalReference ref, MemoryRepresentation res_type,
+      std::initializer_list<std::pair<OpIndex, MemoryRepresentation>> args) {
+    int slot_size = 0;
+    for (auto arg : args) slot_size += arg.second.SizeInBytes();
+    // Since we are storing the arguments unaligned anyway, we do not need
+    // alignment > 0.
+    slot_size = std::max<int>(slot_size, res_type.SizeInBytes());
+    V<WordPtr> stack_slot_param = __ StackSlot(slot_size, 0);
+    int offset = 0;
+    for (auto arg : args) {
+      __ Store(stack_slot_param, arg.first,
+               StoreOp::Kind::MaybeUnaligned(arg.second), arg.second,
+               compiler::WriteBarrierKind::kNoWriteBarrier, offset);
+      offset += arg.second.SizeInBytes();
+    }
     MachineType reps[]{MachineType::Pointer()};
     MachineSignature sig(0, 1, reps);
-    CallC(&sig, ref, stack_slot);
-    return __ Load(stack_slot, LoadOp::Kind::RawAligned(), arg_type);
+    CallC(&sig, ref, stack_slot_param);
+    return __ Load(stack_slot_param, LoadOp::Kind::RawAligned(), res_type);
+  }
+
+  OpIndex CallCStackSlotToStackSlot(OpIndex arg, ExternalReference ref,
+                                    MemoryRepresentation arg_type) {
+    return CallCStackSlotToStackSlot(arg, ref, arg_type, arg_type);
+  }
+
+  OpIndex CallCStackSlotToStackSlot(OpIndex arg, ExternalReference ref,
+                                    MemoryRepresentation arg_type,
+                                    MemoryRepresentation res_type) {
+    return CallCStackSlotToStackSlot(ref, res_type, {{arg, arg_type}});
   }
 
   OpIndex CallCStackSlotToStackSlot(OpIndex arg0, OpIndex arg1,
                                     ExternalReference ref,
                                     MemoryRepresentation arg_type) {
-    V<WordPtr> stack_slot =
-        __ StackSlot(2 * arg_type.SizeInBytes(), arg_type.SizeInBytes());
-    __ Store(stack_slot, arg0, StoreOp::Kind::RawAligned(), arg_type,
-             compiler::WriteBarrierKind::kNoWriteBarrier);
-    __ Store(stack_slot, arg1, StoreOp::Kind::RawAligned(), arg_type,
-             compiler::WriteBarrierKind::kNoWriteBarrier,
-             arg_type.SizeInBytes());
-    MachineType reps[]{MachineType::Pointer()};
-    MachineSignature sig(0, 1, reps);
-    CallC(&sig, ref, stack_slot);
-    return __ Load(stack_slot, LoadOp::Kind::RawAligned(), arg_type);
+    return CallCStackSlotToStackSlot(ref, arg_type,
+                                     {{arg0, arg_type}, {arg1, arg_type}});
   }
 
   V<WordPtr> MemOrTableIndexToUintPtrOrOOBTrap(bool index_type_is_64bit,
@@ -8113,6 +8283,11 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     inlinee_decoder.interface().set_inlining_id(
         static_cast<uint8_t>(inlining_positions_->size() - 1));
     inlinee_decoder.interface().set_parent_position(call_position);
+    // Explicitly disable deopts if it has already been disabled for this
+    // function.
+    if (!deopts_enabled_) {
+      inlinee_decoder.interface().disable_deopts();
+    }
     if (v8_flags.liftoff) {
       if (inlining_decisions_ && inlining_decisions_->feedback_found()) {
         inlinee_decoder.interface().set_inlining_decisions(
@@ -8299,6 +8474,8 @@ class TurboshaftGraphBuildingInterface : public WasmGraphBuilderBase {
     no_liftoff_inlining_budget_ = no_liftoff_inlining_budget;
   }
 
+  void disable_deopts() { deopts_enabled_ = false; }
+
   V<WasmTrustedInstanceData> trusted_instance_data(bool element_is_shared) {
     DCHECK_IMPLIES(shared_, element_is_shared);
     return (element_is_shared && !shared_)
diff --git a/deps/v8/src/wasm/turboshaft-graph-interface.h b/deps/v8/src/wasm/turboshaft-graph-interface.h
index d75c2319f9e26f..26c4691b0be161 100644
--- a/deps/v8/src/wasm/turboshaft-graph-interface.h
+++ b/deps/v8/src/wasm/turboshaft-graph-interface.h
@@ -103,12 +103,14 @@ class V8_EXPORT_PRIVATE WasmGraphBuilderBase {
   V<WordPtr> GetTargetForBuiltinCall(Builtin builtin, StubCallMode stub_mode);
   V<BigInt> BuildChangeInt64ToBigInt(V<Word64> input, StubCallMode stub_mode);
 
-  std::pair<V<WordPtr>, V<HeapObject>> BuildImportedFunctionTargetAndRef(
+  std::pair<V<WordPtr>, V<HeapObject>>
+  BuildImportedFunctionTargetAndImplicitArg(
       ConstOrV<Word32> func_index,
       V<WasmTrustedInstanceData> trusted_instance_data);
 
-  std::pair<V<WordPtr>, V<ExposedTrustedObject>> BuildFunctionTargetAndRef(
-      V<WasmInternalFunction> internal_function, uint64_t expected_sig_hash);
+  std::pair<V<WordPtr>, V<ExposedTrustedObject>>
+  BuildFunctionTargetAndImplicitArg(V<WasmInternalFunction> internal_function,
+                                    uint64_t expected_sig_hash);
 
   RegisterRepresentation RepresentationFor(ValueType type);
   V<WasmTrustedInstanceData> LoadTrustedDataFromInstanceObject(
diff --git a/deps/v8/src/wasm/value-type.cc b/deps/v8/src/wasm/value-type.cc
index 780d4e579f7154..8376cd6faff710 100644
--- a/deps/v8/src/wasm/value-type.cc
+++ b/deps/v8/src/wasm/value-type.cc
@@ -7,11 +7,9 @@
 #include "src/codegen/signature.h"
 #include "src/utils/utils.h"
 
-namespace v8 {
-namespace internal {
-namespace wasm {
+namespace v8::internal::wasm {
 
-base::Optional<wasm::ValueKind> WasmReturnTypeFromSignature(
+std::optional<wasm::ValueKind> WasmReturnTypeFromSignature(
     const FunctionSig* wasm_signature) {
   if (wasm_signature->return_count() == 0) return {};
 
@@ -35,6 +33,44 @@ V8_EXPORT_PRIVATE extern void PrintFunctionSig(const wasm::FunctionSig* sig) {
 }
 #endif
 
-}  // namespace wasm
-}  // namespace internal
-}  // namespace v8
+namespace {
+const wasm::FunctionSig* ReplaceTypeInSig(Zone* zone,
+                                          const wasm::FunctionSig* sig,
+                                          wasm::ValueType from,
+                                          wasm::ValueType to,
+                                          size_t num_replacements) {
+  size_t param_occurences =
+      std::count(sig->parameters().begin(), sig->parameters().end(), from);
+  size_t return_occurences =
+      std::count(sig->returns().begin(), sig->returns().end(), from);
+  if (param_occurences == 0 && return_occurences == 0) return sig;
+
+  wasm::FunctionSig::Builder builder(
+      zone, sig->return_count() + return_occurences * (num_replacements - 1),
+      sig->parameter_count() + param_occurences * (num_replacements - 1));
+
+  for (wasm::ValueType ret : sig->returns()) {
+    if (ret == from) {
+      for (size_t i = 0; i < num_replacements; i++) builder.AddReturn(to);
+    } else {
+      builder.AddReturn(ret);
+    }
+  }
+
+  for (wasm::ValueType param : sig->parameters()) {
+    if (param == from) {
+      for (size_t i = 0; i < num_replacements; i++) builder.AddParam(to);
+    } else {
+      builder.AddParam(param);
+    }
+  }
+
+  return builder.Build();
+}
+}  // namespace
+
+const wasm::FunctionSig* GetI32Sig(Zone* zone, const wasm::FunctionSig* sig) {
+  return ReplaceTypeInSig(zone, sig, wasm::kWasmI64, wasm::kWasmI32, 2);
+}
+
+}  // namespace v8::internal::wasm
diff --git a/deps/v8/src/wasm/value-type.h b/deps/v8/src/wasm/value-type.h
index eb69c8542e78e5..48021da1db587d 100644
--- a/deps/v8/src/wasm/value-type.h
+++ b/deps/v8/src/wasm/value-type.h
@@ -9,8 +9,9 @@
 #ifndef V8_WASM_VALUE_TYPE_H_
 #define V8_WASM_VALUE_TYPE_H_
 
+#include <optional>
+
 #include "src/base/bit-field.h"
-#include "src/base/optional.h"
 #include "src/codegen/machine-type.h"
 #include "src/wasm/wasm-constants.h"
 #include "src/wasm/wasm-limits.h"
@@ -23,6 +24,7 @@ class Signature;
 
 // Type for holding simd values, defined in simd128.h.
 class Simd128;
+class Zone;
 
 namespace wasm {
 
@@ -1146,9 +1148,14 @@ class StoreType {
   };
 };
 
-base::Optional<wasm::ValueKind> WasmReturnTypeFromSignature(
+std::optional<wasm::ValueKind> WasmReturnTypeFromSignature(
     const FunctionSig* wasm_signature);
 
+// Lowers a signature for 32 bit platforms by replacing i64 parameters and
+// returns with two i32s each.
+V8_EXPORT_PRIVATE const wasm::FunctionSig* GetI32Sig(
+    Zone* zone, const wasm::FunctionSig* sig);
+
 }  // namespace wasm
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/src/wasm/wasm-code-manager.cc b/deps/v8/src/wasm/wasm-code-manager.cc
index 3a0780dac4c6f9..75bf8a4bdeb1cd 100644
--- a/deps/v8/src/wasm/wasm-code-manager.cc
+++ b/deps/v8/src/wasm/wasm-code-manager.cc
@@ -7,6 +7,7 @@
 #include <algorithm>
 #include <iomanip>
 #include <numeric>
+#include <optional>
 
 #include "src/base/atomicops.h"
 #include "src/base/build_config.h"
@@ -48,6 +49,10 @@
 #include "src/wasm/wasm-objects.h"
 #include "src/wasm/well-known-imports.h"
 
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #if defined(V8_OS_WIN64)
 #include "src/diagnostics/unwinding-info-win64.h"
 #endif  // V8_OS_WIN64
@@ -240,6 +245,10 @@ std::string WasmCode::DebugName() const {
       return "jump-table";
     case kWasmToJsWrapper:
       return "wasm-to-js";
+#if V8_ENABLE_DRUMBRAKE
+    case kInterpreterEntry:
+      return "interpreter entry";
+#endif  // V8_ENABLE_DRUMBRAKE
     case kWasmFunction:
       // Gets handled below
       break;
@@ -512,6 +521,10 @@ const char* GetWasmCodeKindAsString(WasmCode::Kind kind) {
       return "wasm-to-capi";
     case WasmCode::kWasmToJsWrapper:
       return "wasm-to-js";
+#if V8_ENABLE_DRUMBRAKE
+    case WasmCode::kInterpreterEntry:
+      return "interpreter entry";
+#endif  // V8_ENABLE_DRUMBRAKE
     case WasmCode::kJumpTable:
       return "jump table";
   }
@@ -892,8 +905,11 @@ NativeModule::NativeModule(WasmEnabledFeatures enabled,
     std::fill_n(tiering_budgets_.get(), module_->num_declared_functions,
                 v8_flags.wasm_tiering_budget);
   }
-  // Even though there cannot be another thread using this object (since we are
-  // just constructing it), we need to hold the mutex to fulfill the
+
+  if (v8_flags.wasm_jitless) return;
+
+  // Even though there cannot be another thread using this object (since we
+  // are just constructing it), we need to hold the mutex to fulfill the
   // precondition of {WasmCodeAllocator::Init}, which calls
   // {NativeModule::AddCodeSpaceLocked}.
   base::RecursiveMutexGuard guard{&allocation_mutex_};
@@ -903,6 +919,8 @@ NativeModule::NativeModule(WasmEnabledFeatures enabled,
 }
 
 void NativeModule::ReserveCodeTableForTesting(uint32_t max_functions) {
+  if (v8_flags.wasm_jitless) return;
+
   WasmCodeRefScope code_ref_scope;
   CHECK_LE(module_->num_declared_functions, max_functions);
   auto new_table = std::make_unique<WasmCode*[]>(max_functions);
@@ -1268,6 +1286,10 @@ WasmCode::Kind GetCodeKind(const WasmCompilationResult& result) {
   switch (result.kind) {
     case WasmCompilationResult::kWasmToJsWrapper:
       return WasmCode::Kind::kWasmToJsWrapper;
+#if V8_ENABLE_DRUMBRAKE
+    case WasmCompilationResult::kInterpreterEntry:
+      return WasmCode::Kind::kInterpreterEntry;
+#endif  // V8_ENABLE_DRUMBRAKE
     case WasmCompilationResult::kFunction:
       return WasmCode::Kind::kWasmFunction;
     default:
@@ -1294,9 +1316,6 @@ WasmCode* NativeModule::PublishCodeLocked(
 
   code->RegisterTrapHandlerData();
 
-  // Put the code in the debugging cache, if needed.
-  if (V8_UNLIKELY(cached_code_)) InsertToCodeCache(code);
-
   // Assume an order of execution tiers that represents the quality of their
   // generated code.
   static_assert(ExecutionTier::kNone < ExecutionTier::kLiftoff &&
@@ -1715,8 +1734,8 @@ class NativeModuleWireBytesStorage final : public WireBytesStorage {
         .SubVector(ref.offset(), ref.end_offset());
   }
 
-  base::Optional<ModuleWireBytes> GetModuleBytes() const final {
-    return base::Optional<ModuleWireBytes>(
+  std::optional<ModuleWireBytes> GetModuleBytes() const final {
+    return std::optional<ModuleWireBytes>(
         std::atomic_load(&wire_bytes_)->as_vector());
   }
 
@@ -1774,22 +1793,6 @@ void NativeModule::TransferNewOwnedCodeLocked() const {
   new_owned_code_.clear();
 }
 
-void NativeModule::InsertToCodeCache(WasmCode* code) {
-  allocation_mutex_.AssertHeld();
-  DCHECK_NOT_NULL(cached_code_);
-  if (code->IsAnonymous()) return;
-  // Only cache Liftoff debugging code or TurboFan code (no breakpoints or
-  // stepping).
-  if (code->tier() == ExecutionTier::kLiftoff &&
-      code->for_debugging() != kForDebugging) {
-    return;
-  }
-  auto key = std::make_pair(code->tier(), code->index());
-  if (cached_code_->insert(std::make_pair(key, code)).second) {
-    code->IncRef();
-  }
-}
-
 WasmCode* NativeModule::Lookup(Address pc) const {
   base::RecursiveMutexGuard lock(&allocation_mutex_);
   if (!new_owned_code_.empty()) TransferNewOwnedCodeLocked();
@@ -2229,6 +2232,21 @@ std::shared_ptr<NativeModule> WasmCodeManager::NewNativeModule(
     Isolate* isolate, WasmEnabledFeatures enabled,
     CompileTimeImports compile_imports, size_t code_size_estimate,
     std::shared_ptr<const WasmModule> module) {
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    VirtualMemory code_space;
+    std::shared_ptr<NativeModule> ret;
+    new NativeModule(enabled, compile_imports,
+                     DynamicTiering{v8_flags.wasm_dynamic_tiering.value()},
+                     std::move(code_space), std::move(module),
+                     isolate->async_counters(), &ret);
+    // The constructor initialized the shared_ptr.
+    DCHECK_NOT_NULL(ret);
+    TRACE_HEAP("New NativeModule (wasm-jitless) %p\n", ret.get());
+    return ret;
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   if (total_committed_code_space_.load() >
       critical_committed_code_space_.load()) {
     // Flush Liftoff code and record the flushed code size.
@@ -2303,13 +2321,39 @@ std::shared_ptr<NativeModule> WasmCodeManager::NewNativeModule(
 void NativeModule::SampleCodeSize(Counters* counters) const {
   size_t code_size = code_allocator_.committed_code_space();
   int code_size_mb = static_cast<int>(code_size / MB);
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    base::MutexGuard lock(&module_->interpreter_mutex_);
+    if (auto interpreter = module_->interpreter_.lock()) {
+      code_size_mb = static_cast<int>(interpreter->TotalBytecodeSize() / MB);
+    }
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
   counters->wasm_module_code_size_mb()->AddSample(code_size_mb);
   int code_size_kb = static_cast<int>(code_size / KB);
   counters->wasm_module_code_size_kb()->AddSample(code_size_kb);
-  // Record the size of meta data.
-  int metadata_size_kb =
-      static_cast<int>(EstimateCurrentMemoryConsumption() / KB);
-  counters->wasm_module_metadata_size_kb()->AddSample(metadata_size_kb);
+  // Record the size of metadata.
+  Histogram* metadata_histogram = counters->wasm_module_metadata_size_kb();
+  if (metadata_histogram->Enabled()) {
+    // TODO(349610478): EstimateCurrentMemoryConsumption() acquires a large
+    // amount of locks per NativeModule. This estimation is run on every
+    // mark-compact GC. Reconsider whether this should be run less frequently.
+    // (Probably incomplete) list of locks acquired:
+    // - TypeFeedbackStorage::mutex
+    // - LazilyGeneratedNames::mutex_
+    // - CompilationStateImpl::mutex_
+    // - CompilationUnitQueues::queues_mutex_
+    //   - per queue: QueueImpl::mutex
+    // - BigUnitsQueue::mutex
+    // - WasmImportWrapperCache::mutex_
+    // - NativeModule::allocation_mutex_
+    // - LazilyGeneratedNames::mutex_
+    // - DebugInfoImpl::debug_side_tables_mutex_
+    // - DebugInfoImpl::mutex_
+    int metadata_size_kb =
+        static_cast<int>(EstimateCurrentMemoryConsumption() / KB);
+    metadata_histogram->AddSample(metadata_size_kb);
+  }
   // If this is a wasm module of >= 2MB, also sample the freed code size,
   // absolute and relative. Code GC does not happen on asm.js
   // modules, and small modules will never trigger GC anyway.
@@ -2531,7 +2575,7 @@ NamesProvider* NativeModule::GetNamesProvider() {
 }
 
 size_t NativeModule::EstimateCurrentMemoryConsumption() const {
-  UPDATE_WHEN_CLASS_CHANGES(NativeModule, 568);
+  UPDATE_WHEN_CLASS_CHANGES(NativeModule, 552);
   size_t result = sizeof(NativeModule);
   result += module_->EstimateCurrentMemoryConsumption();
 
@@ -2580,9 +2624,6 @@ size_t NativeModule::EstimateCurrentMemoryConsumption() const {
     if (names_provider_) {
       result += names_provider_->EstimateCurrentMemoryConsumption();
     }
-    if (cached_code_) {
-      result += ContentSize(*cached_code_);
-    }
   }
   if (debug_info) {
     result += debug_info->EstimateCurrentMemoryConsumption();
diff --git a/deps/v8/src/wasm/wasm-code-manager.h b/deps/v8/src/wasm/wasm-code-manager.h
index 1da322ed896c05..91329354a132ca 100644
--- a/deps/v8/src/wasm/wasm-code-manager.h
+++ b/deps/v8/src/wasm/wasm-code-manager.h
@@ -85,7 +85,15 @@ class V8_EXPORT_PRIVATE DisjointAllocationPool final {
 
 class V8_EXPORT_PRIVATE WasmCode final {
  public:
-  enum Kind { kWasmFunction, kWasmToCapiWrapper, kWasmToJsWrapper, kJumpTable };
+  enum Kind {
+    kWasmFunction,
+    kWasmToCapiWrapper,
+    kWasmToJsWrapper,
+#if V8_ENABLE_DRUMBRAKE
+    kInterpreterEntry,
+#endif  // V8_ENABLE_DRUMBRAKE
+    kJumpTable
+  };
 
   static constexpr Builtin GetRecordWriteBuiltin(SaveFPRegsMode fp_mode) {
     switch (fp_mode) {
@@ -417,7 +425,12 @@ class V8_EXPORT_PRIVATE WasmCode final {
 
   const uint8_t flags_;  // Bit field, see below.
   // Bits encoded in {flags_}:
+#if !V8_ENABLE_DRUMBRAKE
   using KindField = base::BitField8<Kind, 0, 2>;
+#else   // !V8_ENABLE_DRUMBRAKE
+  // We have an additional kind: Wasm interpreter.
+  using KindField = base::BitField8<Kind, 0, 3>;
+#endif  // !V8_ENABLE_DRUMBRAKE
   using ExecutionTierField = KindField::Next<ExecutionTier, 2>;
   using ForDebuggingField = ExecutionTierField::Next<ForDebugging, 2>;
   using FrameHasFeedbackSlotField = ForDebuggingField::Next<bool, 1>;
@@ -738,7 +751,7 @@ class V8_EXPORT_PRIVATE NativeModule final {
   };
   // Remove all compiled code based on the `filter` from the {NativeModule},
   // replace it with {CompileLazy} builtins and return the sizes of the removed
-  // (executable) code and the removed meta data.
+  // (executable) code and the removed metadata.
   std::pair<size_t, size_t> RemoveCompiledCode(RemoveFilter filter);
 
   // Returns the code size of all Liftoff compiled functions.
@@ -895,10 +908,6 @@ class V8_EXPORT_PRIVATE NativeModule final {
   // Transfer owned code from {new_owned_code_} to {owned_code_}.
   void TransferNewOwnedCodeLocked() const;
 
-  // Add code to the code cache, if it meets criteria for being cached and we do
-  // not have code in the cache yet.
-  void InsertToCodeCache(WasmCode* code);
-
   bool should_update_code_table(WasmCode* new_code, WasmCode* prior_code) const;
 
   // -- Fields of {NativeModule} start here.
@@ -995,12 +1004,6 @@ class V8_EXPORT_PRIVATE NativeModule final {
 
   DebugState debug_state_ = kNotDebugging;
 
-  // Cache both baseline and top-tier code if we are debugging, to speed up
-  // repeated enabling/disabling of the debugger or profiler.
-  // Maps <tier, function_index> to WasmCode.
-  std::unique_ptr<std::map<std::pair<ExecutionTier, int>, WasmCode*>>
-      cached_code_;
-
   // End of fields protected by {allocation_mutex_}.
   //////////////////////////////////////////////////////////////////////////////
 
@@ -1071,8 +1074,8 @@ class V8_EXPORT_PRIVATE WasmCodeManager final {
                                              int code_section_length,
                                              bool include_liftoff,
                                              DynamicTiering dynamic_tiering);
-  // Estimate the size of meta data needed for the NativeModule, excluding
-  // generated code. This data still be stored on the C++ heap.
+  // Estimate the size of metadata needed for the NativeModule, excluding
+  // generated code. This data is stored on the C++ heap.
   static size_t EstimateNativeModuleMetaDataSize(const WasmModule* module);
 
   // Returns true if there is hardware support for PKU. Use
diff --git a/deps/v8/src/wasm/wasm-debug.cc b/deps/v8/src/wasm/wasm-debug.cc
index 3ab9012c0d322b..dcd20791d5d7d2 100644
--- a/deps/v8/src/wasm/wasm-debug.cc
+++ b/deps/v8/src/wasm/wasm-debug.cc
@@ -191,7 +191,14 @@ class DebugInfoImpl {
   int DeadBreakpoint(int func_index, base::Vector<const int> breakpoints,
                      Isolate* isolate) {
     DebuggableStackFrameIterator it(isolate);
+#if !V8_ENABLE_DRUMBRAKE
     if (it.done() || !it.is_wasm()) return 0;
+#else   // !V8_ENABLE_DRUMBRAKE
+    // TODO(paolosev@microsoft.com) - Implement for Wasm interpreter.
+    if (it.done() || !it.is_wasm() || it.is_wasm_interpreter_entry()) {
+      return 0;
+    }
+#endif  // !V8_ENABLE_DRUMBRAKE
     auto* wasm_frame = WasmFrame::cast(it.frame());
     if (static_cast<int>(wasm_frame->function_index()) != func_index) return 0;
     return DeadBreakpoint(wasm_frame, breakpoints);
@@ -691,7 +698,12 @@ class DebugInfoImpl {
          it.Advance(), return_location = kAfterWasmCall) {
       // We still need the flooded function for stepping.
       if (it.frame()->id() == stepping_frame) continue;
+#if !V8_ENABLE_DRUMBRAKE
       if (!it.is_wasm()) continue;
+#else   // !V8_ENABLE_DRUMBRAKE
+      // TODO(paolosev@microsoft.com) - Implement for Wasm interpreter.
+      if (!it.is_wasm() || it.is_wasm_interpreter_entry()) continue;
+#endif  // !V8_ENABLE_DRUMBRAKE
       WasmFrame* frame = WasmFrame::cast(it.frame());
       if (frame->native_module() != new_code->native_module()) continue;
       if (frame->function_index() != new_code->index()) continue;
@@ -895,7 +907,7 @@ void SetBreakOnEntryFlag(Tagged<Script> script, bool enabled) {
 
 // static
 bool WasmScript::SetBreakPoint(DirectHandle<Script> script, int* position,
-                               Handle<BreakPoint> break_point) {
+                               DirectHandle<BreakPoint> break_point) {
   DCHECK_NE(kOnEntryBreakpointPosition, *position);
 
   // Find the function for this breakpoint.
@@ -927,7 +939,7 @@ void WasmScript::SetInstrumentationBreakpoint(
 // static
 bool WasmScript::SetBreakPointOnFirstBreakableForFunction(
     DirectHandle<Script> script, int func_index,
-    Handle<BreakPoint> break_point) {
+    DirectHandle<BreakPoint> break_point) {
   if (func_index < 0) return false;
   int offset_in_func = 0;
 
diff --git a/deps/v8/src/wasm/wasm-engine.cc b/deps/v8/src/wasm/wasm-engine.cc
index 117f33e8fc46dc..f09af199169731 100644
--- a/deps/v8/src/wasm/wasm-engine.cc
+++ b/deps/v8/src/wasm/wasm-engine.cc
@@ -4,6 +4,8 @@
 
 #include "src/wasm/wasm-engine.h"
 
+#include <optional>
+
 #include "src/base/functional.h"
 #include "src/base/platform/time.h"
 #include "src/base/small-vector.h"
@@ -35,6 +37,10 @@
 #include "src/wasm/wasm-limits.h"
 #include "src/wasm/wasm-objects-inl.h"
 
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter-inl.h"
+#endif  // V8_ENABLE_DRUMBRAKE
+
 #ifdef V8_ENABLE_WASM_GDB_REMOTE_DEBUGGING
 #include "src/debug/wasm/gdb-server/gdb-server.h"
 #endif  // V8_ENABLE_WASM_GDB_REMOTE_DEBUGGING
@@ -142,12 +148,10 @@ class WasmEngine::LogCodesTask : public CancelableTask {
   friend class WasmEngine;
 
  public:
-  LogCodesTask(Isolate* isolate) : CancelableTask(isolate), isolate_(isolate) {}
-
-  ~LogCodesTask() override { GetWasmEngine()->DeregisterCodeLoggingTask(this); }
+  explicit LogCodesTask(Isolate* isolate)
+      : CancelableTask(isolate), isolate_(isolate) {}
 
   void RunInternal() override {
-    GetWasmEngine()->DeregisterCodeLoggingTask(this);
     GetWasmEngine()->LogOutstandingCodesForIsolate(isolate_);
   }
 
@@ -209,7 +213,7 @@ class ClearWeakScriptHandleTask : public CancelableTask {
 
 class WeakScriptHandle {
  public:
-  WeakScriptHandle(Handle<Script> script, Isolate* isolate)
+  WeakScriptHandle(DirectHandle<Script> script, Isolate* isolate)
       : script_id_(script->id()), isolate_(isolate) {
     DCHECK(IsString(script->name()) || IsUndefined(script->name()));
     if (IsString(script->name())) {
@@ -298,7 +302,7 @@ std::shared_ptr<NativeModule> NativeModuleCache::MaybeGetNativeModule(
       // Insert a {nullopt} entry to let other threads know that this
       // {NativeModule} is already being created on another thread.
       [[maybe_unused]] auto [iterator, inserted] =
-          map_.emplace(key, base::nullopt);
+          map_.emplace(key, std::nullopt);
       DCHECK(inserted);
       return nullptr;
     }
@@ -328,7 +332,7 @@ bool NativeModuleCache::GetStreamingCompilationOwnership(
   }
   Key key{prefix_hash, compile_imports, {}};
   DCHECK_EQ(0, map_.count(key));
-  map_.emplace(key, base::nullopt);
+  map_.emplace(key, std::nullopt);
   return true;
 }
 
@@ -372,7 +376,7 @@ std::shared_ptr<NativeModule> NativeModuleCache::Update(
     // so that it stays valid until the native module is freed and erased from
     // the map.
     [[maybe_unused]] auto [iterator, inserted] = map_.emplace(
-        key, base::Optional<std::weak_ptr<NativeModule>>(native_module));
+        key, std::optional<std::weak_ptr<NativeModule>>(native_module));
     DCHECK(inserted);
   }
   cache_cv_.NotifyAll();
@@ -482,9 +486,6 @@ struct WasmEngine::IsolateInfo {
   // Caches whether code needs to be logged on this isolate.
   bool log_codes;
 
-  // The currently scheduled LogCodesTask.
-  LogCodesTask* log_codes_task = nullptr;
-
   // Maps script ID to vector of code objects that still need to be logged, and
   // the respective source URL.
   struct CodeToLogPerScript {
@@ -532,20 +533,6 @@ struct WasmEngine::NativeModuleInfo {
 
   // Set of isolates using this NativeModule.
   std::unordered_set<Isolate*> isolates;
-
-  // Set of potentially dead code. This set holds one ref for each code object,
-  // until code is detected to be really dead. At that point, the ref count is
-  // decremented and code is move to the {dead_code} set. If the code is finally
-  // deleted, it is also removed from {dead_code}.
-  std::unordered_set<WasmCode*> potentially_dead_code;
-
-  // Code that is not being executed in any isolate any more, but the ref count
-  // did not drop to zero yet.
-  std::unordered_set<WasmCode*> dead_code;
-
-  // Number of code GCs triggered because code in this native module became
-  // potentially dead.
-  int8_t num_code_gcs_triggered = 0;
 };
 
 WasmEngine::WasmEngine() : call_descriptors_(&allocator_) {}
@@ -593,7 +580,7 @@ bool WasmEngine::SyncValidate(Isolate* isolate, WasmEnabledFeatures enabled,
 
 MaybeHandle<AsmWasmData> WasmEngine::SyncCompileTranslatedAsmJs(
     Isolate* isolate, ErrorThrower* thrower, ModuleWireBytes bytes,
-    Handle<Script> script,
+    DirectHandle<Script> script,
     base::Vector<const uint8_t> asm_js_offset_table_bytes,
     DirectHandle<HeapNumber> uses_bitset, LanguageMode language_mode) {
   int compilation_id = next_compilation_id_.fetch_add(1);
@@ -666,9 +653,13 @@ MaybeHandle<WasmModuleObject> WasmEngine::SyncCompile(
       isolate->GetOrRegisterRecorderContextId(isolate->native_context());
   std::shared_ptr<WasmModule> module;
   {
+    // Normally modules are validated in {CompileToNativeModule} but in jitless
+    // mode the only opportunity of validatiom is during decoding.
+    bool validate_module = v8_flags.wasm_jitless;
     ModuleResult result = DecodeWasmModule(
-        enabled, bytes.module_bytes(), false, kWasmOrigin, isolate->counters(),
-        isolate->metrics_recorder(), context_id, DecodingMethod::kSync);
+        enabled, bytes.module_bytes(), validate_module, kWasmOrigin,
+        isolate->counters(), isolate->metrics_recorder(), context_id,
+        DecodingMethod::kSync);
     if (result.failed()) {
       thrower->CompileFailed(result.error());
       return {};
@@ -706,7 +697,7 @@ MaybeHandle<WasmModuleObject> WasmEngine::SyncCompile(
 #endif
 
   constexpr base::Vector<const char> kNoSourceUrl;
-  Handle<Script> script =
+  DirectHandle<Script> script =
       GetOrCreateScript(isolate, native_module, kNoSourceUrl);
 
   native_module->LogWasmCodes(isolate, *script);
@@ -773,7 +764,7 @@ void WasmEngine::AsyncCompile(
     bool is_shared, const char* api_method_name_for_errors) {
   int compilation_id = next_compilation_id_.fetch_add(1);
   TRACE_EVENT1("v8.wasm", "wasm.AsyncCompile", "id", compilation_id);
-  if (!v8_flags.wasm_async_compilation) {
+  if (!v8_flags.wasm_async_compilation || v8_flags.wasm_jitless) {
     // Asynchronous compilation disabled; fall back on synchronous compilation.
     ErrorThrower thrower(isolate, api_method_name_for_errors);
     MaybeHandle<WasmModuleObject> module_object;
@@ -862,6 +853,8 @@ std::shared_ptr<StreamingDecoder> WasmEngine::StartStreamingCompilation(
 void WasmEngine::CompileFunction(Counters* counters,
                                  NativeModule* native_module,
                                  uint32_t function_index, ExecutionTier tier) {
+  DCHECK(!v8_flags.wasm_jitless);
+
   // Note we assume that "one-off" compilations can discard detected features.
   WasmDetectedFeatures detected;
   WasmCompilationUnit::CompileWasmFunction(
@@ -870,6 +863,8 @@ void WasmEngine::CompileFunction(Counters* counters,
 }
 
 void WasmEngine::EnterDebuggingForIsolate(Isolate* isolate) {
+  if (v8_flags.wasm_jitless) return;
+
   std::vector<std::shared_ptr<NativeModule>> native_modules;
   // {mutex_} gets taken both here and in {RemoveCompiledCode} in
   // {AddPotentiallyDeadCode}. Therefore {RemoveCompiledCode} has to be
@@ -986,7 +981,7 @@ Handle<Script> CreateWasmScript(Isolate* isolate,
                     .ToHandleChecked();
     }
   }
-  Handle<PrimitiveHeapObject> source_map_url =
+  DirectHandle<PrimitiveHeapObject> source_map_url =
       isolate->factory()->undefined_value();
   const WasmDebugSymbols& debug_symbols = module->debug_symbols;
   if (debug_symbols.type == WasmDebugSymbols::Type::SourceMap &&
@@ -1049,7 +1044,7 @@ Handle<WasmModuleObject> WasmEngine::ImportNativeModule(
     base::Vector<const char> source_url) {
   NativeModule* native_module = shared_native_module.get();
   ModuleWireBytes wire_bytes(native_module->wire_bytes());
-  Handle<Script> script =
+  DirectHandle<Script> script =
       GetOrCreateScript(isolate, shared_native_module, source_url);
   native_module->LogWasmCodes(isolate, *script);
   Handle<WasmModuleObject> module_object =
@@ -1247,10 +1242,22 @@ void WasmEngine::AddIsolate(Isolate* isolate) {
     Isolate* isolate = reinterpret_cast<Isolate*>(v8_isolate);
     Counters* counters = isolate->counters();
     WasmEngine* engine = GetWasmEngine();
-    base::MutexGuard lock(&engine->mutex_);
-    DCHECK_EQ(1, engine->isolates_.count(isolate));
-    for (auto* native_module : engine->isolates_[isolate]->native_modules) {
-      native_module->SampleCodeSize(counters);
+    {
+      base::MutexGuard lock(&engine->mutex_);
+      DCHECK_EQ(1, engine->isolates_.count(isolate));
+      for (auto* native_module : engine->isolates_[isolate]->native_modules) {
+        native_module->SampleCodeSize(counters);
+      }
+    }
+    // Also sample overall metadata size (this includes the metadata size of
+    // individual NativeModules; we are summing that up twice, which could be
+    // improved performance-wise).
+    // The engine-wide metadata also includes global storage e.g. for the type
+    // canonicalizer.
+    Histogram* metadata_histogram = counters->wasm_engine_metadata_size_kb();
+    if (metadata_histogram->Enabled()) {
+      size_t engine_meta_data = engine->EstimateCurrentMemoryConsumption();
+      metadata_histogram->AddSample(static_cast<int>(engine_meta_data / KB));
     }
   };
   isolate->heap()->AddGCEpilogueCallback(callback, v8::kGCTypeMarkSweepCompact,
@@ -1272,6 +1279,10 @@ void WasmEngine::RemoveIsolate(Isolate* isolate) {
 
   // Keep a WasmCodeRefScope which dies after the {mutex_} is released, to avoid
   // deadlock when code actually dies, as that requires taking the {mutex_}.
+  // Also, keep the NativeModules themselves alive. The isolate is shutting
+  // down, so the heap will not do that any more.
+  std::map<NativeModule*, std::shared_ptr<NativeModule>>
+      native_modules_with_code_to_log;
   WasmCodeRefScope code_ref_scope_for_dead_code;
 
   base::MutexGuard guard(&mutex_);
@@ -1318,6 +1329,17 @@ void WasmEngine::RemoveIsolate(Isolate* isolate) {
   // Clear the {code_to_log} vector.
   for (auto& [script_id, code_to_log] : isolate_info->code_to_log) {
     for (WasmCode* code : code_to_log.code) {
+      if (!native_modules_with_code_to_log.count(code->native_module())) {
+        std::shared_ptr<NativeModule> shared_native_module =
+            native_modules_[code->native_module()]->weak_ptr.lock();
+        if (!shared_native_module) {
+          // The module is dying already; there's no need to decrement the ref
+          // count and add the code to the WasmCodeRefScope.
+          continue;
+        }
+        native_modules_with_code_to_log.insert(std::make_pair(
+            code->native_module(), std::move(shared_native_module)));
+      }
       // Keep a reference in the {code_ref_scope_for_dead_code} such that the
       // code cannot become dead immediately.
       WasmCodeRefScope::AddRef(code);
@@ -1352,10 +1374,13 @@ void WasmEngine::LogCode(base::Vector<WasmCode*> code_vec) {
       // weak handle is cleared already, we also don't need to log any more.
       if (script_it == info->scripts.end()) continue;
 
-      // If this is the first code to log in that isolate, request an interrupt
-      // to log the newly added code as soon as possible.
+      // If there is no code scheduled to be logged already in that isolate,
+      // then schedule a new task and also set an interrupt to log the newly
+      // added code as soon as possible.
       if (info->code_to_log.empty()) {
         isolate->stack_guard()->RequestLogWasmCode();
+        to_schedule.emplace_back(info->foreground_task_runner,
+                                 std::make_unique<LogCodesTask>(isolate));
       }
 
       WeakScriptHandle& weak_script_handle = script_it->second;
@@ -1371,22 +1396,6 @@ void WasmEngine::LogCode(base::Vector<WasmCode*> code_vec) {
         DCHECK_EQ(native_module, code->native_module());
         code->IncRef();
       }
-
-      if (info->log_codes_task == nullptr) {
-        auto new_task = std::make_unique<LogCodesTask>(isolate);
-        info->log_codes_task = new_task.get();
-        // Store the LogCodeTasks to post them outside the WasmEngine::mutex_.
-        // Posting the task in the mutex can cause the following deadlock (only
-        // in d8): When d8 shuts down, it sets a terminate to the task runner.
-        // When the terminate flag in the taskrunner is set, all newly posted
-        // tasks get destroyed immediately. When the LogCodesTask gets
-        // destroyed, it takes the WasmEngine::mutex_ lock to deregister itself
-        // from the IsolateInfo. Therefore, as the LogCodesTask may get
-        // destroyed immediately when it gets posted, it cannot get posted when
-        // the WasmEngine::mutex_ lock is held.
-        to_schedule.emplace_back(info->foreground_task_runner,
-                                 std::move(new_task));
-      }
     }
   }
   for (auto& [runner, task] : to_schedule) {
@@ -1434,17 +1443,6 @@ void WasmEngine::LogOutstandingCodesForIsolate(Isolate* isolate) {
   }
 }
 
-void WasmEngine::DeregisterCodeLoggingTask(LogCodesTask* task) {
-  base::MutexGuard engine_mutex_guard(&mutex_);
-  Isolate* isolate = task->isolate_;
-  auto it = isolates_.find(isolate);
-  // If the isolate died already, the IsolateInfo can not be found.
-  if (it == isolates_.end()) return;
-  IsolateInfo* info = it->second.get();
-  DCHECK(info->log_codes_task == nullptr || info->log_codes_task == task);
-  info->log_codes_task = nullptr;
-}
-
 std::shared_ptr<NativeModule> WasmEngine::NewNativeModule(
     Isolate* isolate, WasmEnabledFeatures enabled,
     CompileTimeImports compile_imports,
@@ -1592,6 +1590,9 @@ void WasmEngine::FreeNativeModule(NativeModule* native_module) {
   base::MutexGuard guard(&mutex_);
   auto module = native_modules_.find(native_module);
   DCHECK_NE(native_modules_.end(), module);
+  auto part_of_native_module = [native_module](WasmCode* code) {
+    return code->native_module() == native_module;
+  };
   for (Isolate* isolate : module->second->isolates) {
     DCHECK_EQ(1, isolates_.count(isolate));
     IsolateInfo* info = isolates_[isolate].get();
@@ -1608,9 +1609,6 @@ void WasmEngine::FreeNativeModule(NativeModule* native_module) {
     // outstanding to be logged in this isolate, remove them. Decrementing the
     // ref count is not needed, since the {NativeModule} dies anyway.
     for (auto& log_entry : info->code_to_log) {
-      auto part_of_native_module = [native_module](WasmCode* code) {
-        return code->native_module() == native_module;
-      };
       std::vector<WasmCode*>& code = log_entry.second.code;
       auto new_end =
           std::remove_if(code.begin(), code.end(), part_of_native_module);
@@ -1641,6 +1639,11 @@ void WasmEngine::FreeNativeModule(NativeModule* native_module) {
     TRACE_CODE_GC("Native module %p died, reducing dead code objects to %zu.\n",
                   native_module, current_gc_info_->dead_code.size());
   }
+  // If any code objects are currently tracked as dead or near-dead, remove
+  // references belonging to the NativeModule that's being deleted.
+  std::erase_if(dead_code_, part_of_native_module);
+  std::erase_if(potentially_dead_code_, part_of_native_module);
+
   native_module_cache_.Erase(native_module);
   native_modules_.erase(module);
 }
@@ -1716,11 +1719,8 @@ void WasmEngine::ReportLiveCodeFromStackForGC(Isolate* isolate) {
 
 bool WasmEngine::AddPotentiallyDeadCode(WasmCode* code) {
   base::MutexGuard guard(&mutex_);
-  auto it = native_modules_.find(code->native_module());
-  DCHECK_NE(native_modules_.end(), it);
-  NativeModuleInfo* info = it->second.get();
-  if (info->dead_code.count(code)) return false;  // Code is already dead.
-  auto added = info->potentially_dead_code.insert(code);
+  if (dead_code_.contains(code)) return false;  // Code is already dead.
+  auto added = potentially_dead_code_.insert(code);
   if (!added.second) return false;  // An entry already existed.
   new_potentially_dead_code_size_ += code->instructions().size();
   if (v8_flags.wasm_code_gc) {
@@ -1731,20 +1731,20 @@ bool WasmEngine::AddPotentiallyDeadCode(WasmCode* code) {
             : 64 * KB + GetWasmCodeManager()->committed_code_space() / 10;
     if (new_potentially_dead_code_size_ > dead_code_limit) {
       bool inc_gc_count =
-          info->num_code_gcs_triggered < std::numeric_limits<int8_t>::max();
+          num_code_gcs_triggered_ < std::numeric_limits<int8_t>::max();
       if (current_gc_info_ == nullptr) {
-        if (inc_gc_count) ++info->num_code_gcs_triggered;
+        if (inc_gc_count) ++num_code_gcs_triggered_;
         TRACE_CODE_GC(
             "Triggering GC (potentially dead: %zu bytes; limit: %zu bytes).\n",
             new_potentially_dead_code_size_, dead_code_limit);
-        TriggerGC(info->num_code_gcs_triggered);
+        TriggerGC(num_code_gcs_triggered_);
       } else if (current_gc_info_->next_gc_sequence_index == 0) {
-        if (inc_gc_count) ++info->num_code_gcs_triggered;
+        if (inc_gc_count) ++num_code_gcs_triggered_;
         TRACE_CODE_GC(
             "Scheduling another GC after the current one (potentially dead: "
             "%zu bytes; limit: %zu bytes).\n",
             new_potentially_dead_code_size_, dead_code_limit);
-        current_gc_info_->next_gc_sequence_index = info->num_code_gcs_triggered;
+        current_gc_info_->next_gc_sequence_index = num_code_gcs_triggered_;
         DCHECK_NE(0, current_gc_info_->next_gc_sequence_index);
       }
     }
@@ -1763,13 +1763,12 @@ void WasmEngine::FreeDeadCodeLocked(const DeadCodeMap& dead_code) {
   for (auto& dead_code_entry : dead_code) {
     NativeModule* native_module = dead_code_entry.first;
     const std::vector<WasmCode*>& code_vec = dead_code_entry.second;
-    DCHECK_EQ(1, native_modules_.count(native_module));
-    auto* info = native_modules_[native_module].get();
+    DCHECK(native_modules_.contains(native_module));
     TRACE_CODE_GC("Freeing %zu code object%s of module %p.\n", code_vec.size(),
                   code_vec.size() == 1 ? "" : "s", native_module);
     for (WasmCode* code : code_vec) {
-      DCHECK_EQ(1, info->dead_code.count(code));
-      info->dead_code.erase(code);
+      DCHECK(dead_code_.contains(code));
+      dead_code_.erase(code);
     }
     native_module->FreeCode(base::VectorOf(code_vec));
   }
@@ -1816,24 +1815,22 @@ void WasmEngine::TriggerGC(int8_t gc_sequence_index) {
   new_potentially_dead_code_size_ = 0;
   current_gc_info_.reset(new CurrentGCInfo(gc_sequence_index));
   // Add all potentially dead code to this GC, and trigger a GC task in each
-  // isolate.
-  for (auto& entry : native_modules_) {
-    NativeModuleInfo* info = entry.second.get();
-    if (info->potentially_dead_code.empty()) continue;
-    for (auto* isolate : native_modules_[entry.first]->isolates) {
-      auto& gc_task = current_gc_info_->outstanding_isolates[isolate];
-      if (!gc_task) {
-        auto new_task = std::make_unique<WasmGCForegroundTask>(isolate);
-        gc_task = new_task.get();
-        DCHECK_EQ(1, isolates_.count(isolate));
-        isolates_[isolate]->foreground_task_runner->PostTask(
-            std::move(new_task));
-      }
-      isolate->stack_guard()->RequestWasmCodeGC();
-    }
-    for (WasmCode* code : info->potentially_dead_code) {
-      current_gc_info_->dead_code.insert(code);
+  // known isolate. We can't limit the isolates to those that contributed
+  // potentially-dead WasmCode objects, because wrappers don't point back
+  // at a NativeModule or Isolate.
+  for (WasmCode* code : potentially_dead_code_) {
+    current_gc_info_->dead_code.insert(code);
+  }
+  for (const auto& entry : isolates_) {
+    Isolate* isolate = entry.first;
+    auto& gc_task = current_gc_info_->outstanding_isolates[isolate];
+    if (!gc_task) {
+      auto new_task = std::make_unique<WasmGCForegroundTask>(isolate);
+      gc_task = new_task.get();
+      DCHECK_EQ(1, isolates_.count(isolate));
+      isolates_[isolate]->foreground_task_runner->PostTask(std::move(new_task));
     }
+    isolate->stack_guard()->RequestWasmCodeGC();
   }
   TRACE_CODE_GC(
       "Starting GC (nr %d). Number of potentially dead code objects: %zu\n",
@@ -1867,12 +1864,10 @@ void WasmEngine::PotentiallyFinishCurrentGC() {
   size_t num_freed = 0;
   DeadCodeMap dead_code;
   for (WasmCode* code : current_gc_info_->dead_code) {
-    DCHECK_EQ(1, native_modules_.count(code->native_module()));
-    auto* native_module_info = native_modules_[code->native_module()].get();
-    DCHECK_EQ(1, native_module_info->potentially_dead_code.count(code));
-    native_module_info->potentially_dead_code.erase(code);
-    DCHECK_EQ(0, native_module_info->dead_code.count(code));
-    native_module_info->dead_code.insert(code);
+    DCHECK(potentially_dead_code_.contains(code));
+    potentially_dead_code_.erase(code);
+    DCHECK(!dead_code_.contains(code));
+    dead_code_.insert(code);
     if (code->DecRefOnDeadCode()) {
       dead_code[code->native_module()].push_back(code);
       ++num_freed;
@@ -1891,9 +1886,9 @@ void WasmEngine::PotentiallyFinishCurrentGC() {
 }
 
 size_t WasmEngine::EstimateCurrentMemoryConsumption() const {
-  UPDATE_WHEN_CLASS_CHANGES(WasmEngine, 760);
-  UPDATE_WHEN_CLASS_CHANGES(IsolateInfo, 192);
-  UPDATE_WHEN_CLASS_CHANGES(NativeModuleInfo, 144);
+  UPDATE_WHEN_CLASS_CHANGES(WasmEngine, 800);
+  UPDATE_WHEN_CLASS_CHANGES(IsolateInfo, 184);
+  UPDATE_WHEN_CLASS_CHANGES(NativeModuleInfo, 56);
   UPDATE_WHEN_CLASS_CHANGES(CurrentGCInfo, 96);
   size_t result = sizeof(WasmEngine);
   result += type_canonicalizer_.EstimateCurrentMemoryConsumption();
@@ -1901,6 +1896,8 @@ size_t WasmEngine::EstimateCurrentMemoryConsumption() const {
     base::MutexGuard lock(&mutex_);
     result += ContentSize(async_compile_jobs_);
     result += async_compile_jobs_.size() * sizeof(AsyncCompileJob);
+    result += ContentSize(potentially_dead_code_);
+    result += ContentSize(dead_code_);
 
     // TODO(14106): Do we care about {compilation_stats_}?
     // TODO(14106): Do we care about {code_tracer_}?
@@ -1918,8 +1915,6 @@ size_t WasmEngine::EstimateCurrentMemoryConsumption() const {
     for (const auto& [native_module, native_module_info] : native_modules_) {
       result += native_module->EstimateCurrentMemoryConsumption();
       result += ContentSize(native_module_info->isolates);
-      result += ContentSize(native_module_info->potentially_dead_code);
-      result += ContentSize(native_module_info->dead_code);
     }
 
     if (current_gc_info_) {
@@ -1961,10 +1956,22 @@ GlobalWasmState* global_wasm_state = nullptr;
 void WasmEngine::InitializeOncePerProcess() {
   DCHECK_NULL(global_wasm_state);
   global_wasm_state = new GlobalWasmState();
+
+#ifdef V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    WasmInterpreter::InitializeOncePerProcess();
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
 }
 
 // static
 void WasmEngine::GlobalTearDown() {
+#ifdef V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    WasmInterpreter::GlobalTearDown();
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   // Note: This can be called multiple times in a row (see
   // test-api/InitializeAndDisposeMultiple). This is fine, as
   // {global_wasm_engine} will be nullptr then.
diff --git a/deps/v8/src/wasm/wasm-engine.h b/deps/v8/src/wasm/wasm-engine.h
index 4d9fce22e05b24..5e18e90779c087 100644
--- a/deps/v8/src/wasm/wasm-engine.h
+++ b/deps/v8/src/wasm/wasm-engine.h
@@ -12,6 +12,7 @@
 #include <algorithm>
 #include <map>
 #include <memory>
+#include <optional>
 #include <unordered_map>
 #include <unordered_set>
 
@@ -144,7 +145,7 @@ class NativeModuleCache {
   // before trying to get it from the cache.
   // By contrast, an expired {weak_ptr} indicates that the native module died
   // and will soon be cleaned up from the cache.
-  std::map<Key, base::Optional<std::weak_ptr<NativeModule>>> map_;
+  std::map<Key, std::optional<std::weak_ptr<NativeModule>>> map_;
 
   base::Mutex mutex_;
 
@@ -174,7 +175,7 @@ class V8_EXPORT_PRIVATE WasmEngine {
   // asm.js module.
   MaybeHandle<AsmWasmData> SyncCompileTranslatedAsmJs(
       Isolate* isolate, ErrorThrower* thrower, ModuleWireBytes bytes,
-      Handle<Script> script,
+      DirectHandle<Script> script,
       base::Vector<const uint8_t> asm_js_offset_table_bytes,
       DirectHandle<HeapNumber> uses_bitset, LanguageMode language_mode);
   Handle<WasmModuleObject> FinalizeTranslatedAsmJs(
@@ -236,7 +237,7 @@ class V8_EXPORT_PRIVATE WasmEngine {
       base::Vector<const char> source_url);
 
   // Flushes all Liftoff code and returns the sizes of the removed
-  // (executable) code and the removed meta data.
+  // (executable) code and the removed metadata.
   std::pair<size_t, size_t> FlushLiftoffCode();
 
   // Returns the code size of all Liftoff compiled functions in all modules.
@@ -298,10 +299,6 @@ class V8_EXPORT_PRIVATE WasmEngine {
   // outstanding code objects (added via {LogCode}).
   void LogOutstandingCodesForIsolate(Isolate*);
 
-  // Code logging is done via a separate task per isolate. This deregisters a
-  // task after execution (or destruction because of isolate shutdown).
-  void DeregisterCodeLoggingTask(LogCodesTask*);
-
   // Create a new NativeModule. The caller is responsible for its
   // lifetime. The native module will be given some memory for code,
   // which will be page size aligned. The size of the initial memory
@@ -480,6 +477,15 @@ class V8_EXPORT_PRIVATE WasmEngine {
   // Size of code that became dead since the last GC. If this exceeds a certain
   // threshold, a new GC is triggered.
   size_t new_potentially_dead_code_size_ = 0;
+  // Set of potentially dead code. This set holds one ref for each code object,
+  // until code is detected to be really dead. At that point, the ref count is
+  // decremented and code is moved to the {dead_code} set. If the code is
+  // finally deleted, it is also removed from {dead_code}.
+  std::unordered_set<WasmCode*> potentially_dead_code_;
+  // Code that is not being executed in any isolate any more, but the ref count
+  // did not drop to zero yet.
+  std::unordered_set<WasmCode*> dead_code_;
+  int8_t num_code_gcs_triggered_ = 0;
 
   // If an engine-wide GC is currently running, this pointer stores information
   // about that.
diff --git a/deps/v8/src/wasm/wasm-external-refs.cc b/deps/v8/src/wasm/wasm-external-refs.cc
index d0ff84326b96d8..a53cda5cb329d3 100644
--- a/deps/v8/src/wasm/wasm-external-refs.cc
+++ b/deps/v8/src/wasm/wasm-external-refs.cc
@@ -12,6 +12,7 @@
 #include "src/base/ieee754.h"
 #include "src/base/safe_conversions.h"
 #include "src/common/assert-scope.h"
+#include "src/numbers/conversions.h"
 #include "src/roots/roots-inl.h"
 #include "src/utils/memcopy.h"
 #include "src/wasm/float16.h"
@@ -35,6 +36,7 @@
 #endif
 
 #include "src/base/memory.h"
+#include "src/base/overflowing-math.h"
 #include "src/utils/utils.h"
 #include "src/wasm/wasm-external-refs.h"
 
@@ -406,6 +408,298 @@ void f32x4_nearest_int_wrapper(Address data) {
   simd_float_round_wrapper<float, &nearbyintf>(data);
 }
 
+Float16 f16_abs(Float16 a) {
+  return Float16::FromFloat32(std::abs(a.ToFloat32()));
+}
+
+void f16x8_abs_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_abs>(data);
+}
+
+Float16 f16_neg(Float16 a) { return Float16::FromFloat32(-(a.ToFloat32())); }
+
+void f16x8_neg_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_neg>(data);
+}
+
+Float16 f16_sqrt(Float16 a) {
+  return Float16::FromFloat32(std::sqrt(a.ToFloat32()));
+}
+
+void f16x8_sqrt_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_sqrt>(data);
+}
+
+Float16 f16_ceil(Float16 a) {
+  return Float16::FromFloat32(ceilf(a.ToFloat32()));
+}
+
+void f16x8_ceil_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_ceil>(data);
+}
+
+Float16 f16_floor(Float16 a) {
+  return Float16::FromFloat32(floorf(a.ToFloat32()));
+}
+
+void f16x8_floor_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_floor>(data);
+}
+
+Float16 f16_trunc(Float16 a) {
+  return Float16::FromFloat32(truncf(a.ToFloat32()));
+}
+
+void f16x8_trunc_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_trunc>(data);
+}
+
+Float16 f16_nearest_int(Float16 a) {
+  return Float16::FromFloat32(nearbyintf(a.ToFloat32()));
+}
+
+void f16x8_nearest_int_wrapper(Address data) {
+  simd_float_round_wrapper<Float16, &f16_nearest_int>(data);
+}
+
+template <typename R, R (*float_bin_op)(Float16, Float16)>
+void simd_float16_bin_wrapper(Address data) {
+  constexpr int n = kSimd128Size / sizeof(Float16);
+  for (int i = 0; i < n; i++) {
+    Float16 lhs = Float16::Read(data + (i * sizeof(Float16)));
+    Float16 rhs = Float16::Read(data + kSimd128Size + (i * sizeof(Float16)));
+    R value = float_bin_op(lhs, rhs);
+    WriteUnalignedValue<R>(data + (i * sizeof(R)), value);
+  }
+}
+
+int16_t f16_eq(Float16 a, Float16 b) {
+  return a.ToFloat32() == b.ToFloat32() ? -1 : 0;
+}
+
+void f16x8_eq_wrapper(Address data) {
+  simd_float16_bin_wrapper<int16_t, &f16_eq>(data);
+}
+
+int16_t f16_ne(Float16 a, Float16 b) {
+  return a.ToFloat32() != b.ToFloat32() ? -1 : 0;
+}
+
+void f16x8_ne_wrapper(Address data) {
+  simd_float16_bin_wrapper<int16_t, &f16_ne>(data);
+}
+
+int16_t f16_lt(Float16 a, Float16 b) {
+  return a.ToFloat32() < b.ToFloat32() ? -1 : 0;
+}
+
+void f16x8_lt_wrapper(Address data) {
+  simd_float16_bin_wrapper<int16_t, &f16_lt>(data);
+}
+
+int16_t f16_le(Float16 a, Float16 b) {
+  return a.ToFloat32() <= b.ToFloat32() ? -1 : 0;
+}
+
+void f16x8_le_wrapper(Address data) {
+  simd_float16_bin_wrapper<int16_t, &f16_le>(data);
+}
+
+Float16 f16_add(Float16 a, Float16 b) {
+  return Float16::FromFloat32(a.ToFloat32() + b.ToFloat32());
+}
+
+void f16x8_add_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_add>(data);
+}
+
+Float16 f16_sub(Float16 a, Float16 b) {
+  return Float16::FromFloat32(a.ToFloat32() - b.ToFloat32());
+}
+
+void f16x8_sub_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_sub>(data);
+}
+
+Float16 f16_mul(Float16 a, Float16 b) {
+  return Float16::FromFloat32(a.ToFloat32() * b.ToFloat32());
+}
+
+void f16x8_mul_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_mul>(data);
+}
+
+Float16 f16_div(Float16 a, Float16 b) {
+  return Float16::FromFloat32(base::Divide(a.ToFloat32(), b.ToFloat32()));
+}
+
+void f16x8_div_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_div>(data);
+}
+
+Float16 f16_min(Float16 a, Float16 b) {
+  return Float16::FromFloat32(JSMin(a.ToFloat32(), b.ToFloat32()));
+}
+
+void f16x8_min_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_min>(data);
+}
+
+Float16 f16_max(Float16 a, Float16 b) {
+  return Float16::FromFloat32(JSMax(a.ToFloat32(), b.ToFloat32()));
+}
+
+void f16x8_max_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_max>(data);
+}
+
+Float16 f16_pmin(Float16 a, Float16 b) {
+  return Float16::FromFloat32(std::min(a.ToFloat32(), b.ToFloat32()));
+}
+
+void f16x8_pmin_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_pmin>(data);
+}
+
+Float16 f16_pmax(Float16 a, Float16 b) {
+  return Float16::FromFloat32(std::max(a.ToFloat32(), b.ToFloat32()));
+}
+
+void f16x8_pmax_wrapper(Address data) {
+  simd_float16_bin_wrapper<Float16, &f16_pmax>(data);
+}
+
+template <typename T, typename R, R (*float_un_op)(T)>
+void simd_float_un_wrapper(Address data) {
+  constexpr int n = kSimd128Size / sizeof(T);
+  for (int i = 0; i < n; i++) {
+    T input = ReadUnalignedValue<T>(data + (i * sizeof(T)));
+    R value = float_un_op(input);
+    WriteUnalignedValue<R>(data + (i * sizeof(T)), value);
+  }
+}
+
+int16_t ConvertToIntS(Float16 val) {
+  float f32 = val.ToFloat32();
+  if (std::isnan(f32)) return 0;
+  if (f32 > float{kMaxInt16}) return kMaxInt16;
+  if (f32 < float{kMinInt16}) return kMinInt16;
+  return static_cast<int16_t>(f32);
+}
+
+uint16_t ConvertToIntU(Float16 val) {
+  float f32 = val.ToFloat32();
+  if (std::isnan(f32)) return 0;
+  if (f32 > float{kMaxUInt16}) return kMaxUInt16;
+  if (f32 < float{0}) return 0;
+  return static_cast<uint16_t>(f32);
+}
+
+void i16x8_sconvert_f16x8_wrapper(Address data) {
+  simd_float_un_wrapper<Float16, int16_t, &ConvertToIntS>(data);
+}
+
+void i16x8_uconvert_f16x8_wrapper(Address data) {
+  simd_float_un_wrapper<Float16, uint16_t, &ConvertToIntU>(data);
+}
+
+Float16 ConvertToF16S(int16_t val) { return Float16::FromFloat32(val); }
+
+void f16x8_sconvert_i16x8_wrapper(Address data) {
+  simd_float_un_wrapper<int16_t, Float16, &ConvertToF16S>(data);
+}
+
+Float16 ConvertToF16U(uint16_t val) { return Float16::FromFloat32(val); }
+
+void f16x8_uconvert_i16x8_wrapper(Address data) {
+  simd_float_un_wrapper<uint16_t, Float16, &ConvertToF16U>(data);
+}
+
+void f32x4_promote_low_f16x8_wrapper(Address data) {
+  // Result is stored in the same buffer, so read all values to local
+  // stack variables first.
+  Float16 a = Float16::Read(data);
+  Float16 b = Float16::Read(data + sizeof(Float16));
+  Float16 c = Float16::Read(data + 2 * sizeof(Float16));
+  Float16 d = Float16::Read(data + 3 * sizeof(Float16));
+
+  WriteUnalignedValue<float>(data, a.ToFloat32());
+  WriteUnalignedValue<float>(data + sizeof(float), b.ToFloat32());
+  WriteUnalignedValue<float>(data + (2 * sizeof(float)), c.ToFloat32());
+  WriteUnalignedValue<float>(data + (3 * sizeof(float)), d.ToFloat32());
+}
+
+void f16x8_demote_f32x4_zero_wrapper(Address data) {
+#if V8_TARGET_BIG_ENDIAN
+  for (int i = 3, j = 7; i >= 0; i--, j--) {
+    float input = ReadUnalignedValue<float>(data + (i * sizeof(float)));
+    Float16::FromFloat32(input).Write(data + (j * sizeof(Float16)));
+  }
+  for (int i = 0; i < 4; i++) {
+    WriteUnalignedValue<Float16>(data + (i * sizeof(Float16)),
+                                 Float16::FromFloat32(0));
+  }
+#else
+  for (int i = 0; i < 4; i++) {
+    float input = ReadUnalignedValue<float>(data + (i * sizeof(float)));
+    Float16::FromFloat32(input).Write(data + (i * sizeof(Float16)));
+  }
+  for (int i = 4; i < 8; i++) {
+    WriteUnalignedValue<Float16>(data + (i * sizeof(Float16)),
+                                 Float16::FromFloat32(0));
+  }
+#endif
+}
+
+void f16x8_demote_f64x2_zero_wrapper(Address data) {
+#if V8_TARGET_BIG_ENDIAN
+  for (int i = 1, j = 7; i >= 0; i--, j--) {
+    double input = ReadUnalignedValue<double>(data + (i * sizeof(double)));
+    WriteUnalignedValue<uint16_t>(data + (j * sizeof(uint16_t)),
+                                  DoubleToFloat16(input));
+  }
+  for (int i = 0; i < 6; i++) {
+    WriteUnalignedValue<Float16>(data + (i * sizeof(Float16)),
+                                 Float16::FromFloat32(0));
+  }
+#else
+  for (int i = 0; i < 2; i++) {
+    double input = ReadUnalignedValue<double>(data + (i * sizeof(double)));
+    WriteUnalignedValue<uint16_t>(data + (i * sizeof(uint16_t)),
+                                  DoubleToFloat16(input));
+  }
+  for (int i = 2; i < 8; i++) {
+    WriteUnalignedValue<Float16>(data + (i * sizeof(Float16)),
+                                 Float16::FromFloat32(0));
+  }
+#endif
+}
+
+template <float (*float_fma_op)(float, float, float)>
+void simd_float16_fma_wrapper(Address data) {
+  constexpr int n = kSimd128Size / sizeof(Float16);
+  for (int i = 0; i < n; i++) {
+    Address offset = data + i * sizeof(Float16);
+    Float16 a = Float16::Read(offset);
+    Float16 b = Float16::Read(offset + kSimd128Size);
+    Float16 c = Float16::Read(offset + 2 * kSimd128Size);
+    float value = float_fma_op(a.ToFloat32(), b.ToFloat32(), c.ToFloat32());
+    Float16::FromFloat32(value).Write(offset);
+  }
+}
+
+float Qfma(float a, float b, float c) { return a * b + c; }
+
+void f16x8_qfma_wrapper(Address data) {
+  return simd_float16_fma_wrapper<&Qfma>(data);
+}
+
+float Qfms(float a, float b, float c) { return -(a * b) + c; }
+
+void f16x8_qfms_wrapper(Address data) {
+  return simd_float16_fma_wrapper<&Qfms>(data);
+}
+
 namespace {
 class V8_NODISCARD ThreadNotInWasmScope {
 // Asan on Windows triggers exceptions to allocate shadow memory lazily. When
diff --git a/deps/v8/src/wasm/wasm-external-refs.h b/deps/v8/src/wasm/wasm-external-refs.h
index fbce45a8562356..35ebea95afcf1c 100644
--- a/deps/v8/src/wasm/wasm-external-refs.h
+++ b/deps/v8/src/wasm/wasm-external-refs.h
@@ -100,6 +100,62 @@ V8_EXPORT_PRIVATE void f32x4_trunc_wrapper(Address data);
 
 V8_EXPORT_PRIVATE void f32x4_nearest_int_wrapper(Address data);
 
+V8_EXPORT_PRIVATE void f16x8_abs_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_neg_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_sqrt_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_ceil_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_floor_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_trunc_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_nearest_int_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_eq_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_ne_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_lt_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_le_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_add_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_sub_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_mul_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_div_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_min_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_max_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_pmin_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_pmax_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void i16x8_sconvert_f16x8_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void i16x8_uconvert_f16x8_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_sconvert_i16x8_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_uconvert_i16x8_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f32x4_promote_low_f16x8_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_demote_f32x4_zero_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_demote_f64x2_zero_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_qfma_wrapper(Address data);
+
+V8_EXPORT_PRIVATE void f16x8_qfms_wrapper(Address data);
+
 // The return type is {int32_t} instead of {bool} to enforce the compiler to
 // zero-extend the result in the return register.
 int32_t memory_init_wrapper(Address instance_addr, uint32_t mem_index,
diff --git a/deps/v8/src/wasm/wasm-features.cc b/deps/v8/src/wasm/wasm-features.cc
index b0122904e81c35..17a038304fb747 100644
--- a/deps/v8/src/wasm/wasm-features.cc
+++ b/deps/v8/src/wasm/wasm-features.cc
@@ -16,8 +16,18 @@ namespace wasm {
 // static
 WasmEnabledFeatures WasmEnabledFeatures::FromFlags() {
   WasmEnabledFeatures features = WasmEnabledFeatures::None();
-#define CHECK_FEATURE_FLAG(feat, ...) \
-  if (v8_flags.experimental_wasm_##feat) features.Add(WasmEnabledFeature::feat);
+
+#if V8_ENABLE_DRUMBRAKE
+  // The only Wasm experimental features supported by DrumBrake is the legacy
+  // exception handling.
+  if (v8_flags.wasm_jitless) {
+    features.Add(WasmEnabledFeature::legacy_eh);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
+#define CHECK_FEATURE_FLAG(feat, ...)                              \
+  if (!v8_flags.wasm_jitless && v8_flags.experimental_wasm_##feat) \
+    features.Add(WasmEnabledFeature::feat);
   FOREACH_WASM_FEATURE_FLAG(CHECK_FEATURE_FLAG)
 #undef CHECK_FEATURE_FLAG
   return features;
@@ -32,18 +42,20 @@ WasmEnabledFeatures WasmEnabledFeatures::FromIsolate(Isolate* isolate) {
 WasmEnabledFeatures WasmEnabledFeatures::FromContext(
     Isolate* isolate, Handle<NativeContext> context) {
   WasmEnabledFeatures features = WasmEnabledFeatures::FromFlags();
-  if (isolate->IsWasmStringRefEnabled(context)) {
-    features.Add(WasmEnabledFeature::stringref);
-  }
-  if (isolate->IsWasmInliningEnabled(context)) {
-    features.Add(WasmEnabledFeature::inlining);
-  }
-  if (isolate->IsWasmImportedStringsEnabled(context)) {
-    features.Add(WasmEnabledFeature::imported_strings);
-  }
-  if (isolate->IsWasmJSPIEnabled(context)) {
-    features.Add(WasmEnabledFeature::jspi);
-    features.Add(WasmEnabledFeature::type_reflection);
+  if (!v8_flags.wasm_jitless) {
+    if (isolate->IsWasmStringRefEnabled(context)) {
+      features.Add(WasmEnabledFeature::stringref);
+    }
+    if (isolate->IsWasmInliningEnabled(context)) {
+      features.Add(WasmEnabledFeature::inlining);
+    }
+    if (isolate->IsWasmImportedStringsEnabled(context)) {
+      features.Add(WasmEnabledFeature::imported_strings);
+    }
+    if (isolate->IsWasmJSPIEnabled(context)) {
+      features.Add(WasmEnabledFeature::jspi);
+      features.Add(WasmEnabledFeature::type_reflection);
+    }
   }
   // This space intentionally left blank for future Wasm origin trials.
   return features;
diff --git a/deps/v8/src/wasm/wasm-js.cc b/deps/v8/src/wasm/wasm-js.cc
index 2ed1cdc10678a7..e1d7bc808ce82c 100644
--- a/deps/v8/src/wasm/wasm-js.cc
+++ b/deps/v8/src/wasm/wasm-js.cc
@@ -6,6 +6,7 @@
 
 #include <cinttypes>
 #include <cstring>
+#include <optional>
 
 #include "include/v8-function.h"
 #include "include/v8-persistent-handle.h"
@@ -1909,36 +1910,6 @@ void WebAssemblyTagImpl(const v8::FunctionCallbackInfo<v8::Value>& info) {
   info.GetReturnValue().Set(Utils::ToLocal(tag_object));
 }
 
-// WebAssembly.Suspender
-void WebAssemblySuspender(const v8::FunctionCallbackInfo<v8::Value>& info) {
-  DCHECK(i::ValidateCallbackInfo(info));
-  v8::Isolate* isolate = info.GetIsolate();
-  i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
-  HandleScope scope(isolate);
-
-  ErrorThrower thrower(i_isolate, "WebAssembly.Suspender()");
-  if (!info.IsConstructCall()) {
-    thrower.TypeError("WebAssembly.Suspender must be invoked with 'new'");
-    return;
-  }
-
-  i::Handle<i::JSObject> suspender = i::WasmSuspenderObject::New(i_isolate);
-
-  // The infrastructure for `new Foo` calls allocates an object, which is
-  // available here as {info.This()}. We're going to discard this object
-  // and use {suspender} instead, but it does have the correct prototype,
-  // which we must harvest from it. This makes a difference when the JS
-  // constructor function wasn't {WebAssembly.Suspender} directly, but some
-  // subclass: {suspender} has {WebAssembly.Suspender}'s prototype at this
-  // point, so we must overwrite that with the correct prototype for {Foo}.
-  if (!TransferPrototype(i_isolate, suspender,
-                         Utils::OpenHandle(*info.This()))) {
-    DCHECK(i_isolate->has_exception());
-    return;
-  }
-  info.GetReturnValue().Set(Utils::ToLocal(suspender));
-}
-
 namespace {
 
 uint32_t GetEncodedSize(i::DirectHandle<i::WasmTagObject> tag_object) {
@@ -2075,7 +2046,7 @@ void WebAssemblyExceptionImpl(const v8::FunctionCallbackInfo<v8::Value>& info) {
   i::Handle<i::WasmExceptionPackage> runtime_exception =
       i::WasmExceptionPackage::New(i_isolate, tag, size);
   // The constructor above should guarantee that the cast below succeeds.
-  i::Handle<i::FixedArray> values =
+  i::DirectHandle<i::FixedArray> values =
       i::Cast<i::FixedArray>(i::WasmExceptionPackage::GetExceptionValues(
           i_isolate, runtime_exception));
   i::DirectHandle<i::PodArray<i::wasm::ValueType>> signature(
@@ -2113,81 +2084,9 @@ void WebAssemblyExceptionImpl(const v8::FunctionCallbackInfo<v8::Value>& info) {
       Utils::ToLocal(i::Cast<i::Object>(runtime_exception)));
 }
 
-namespace {
-bool HasJSPromiseIntegrationFlag(Isolate* isolate, Local<Object> usage_obj,
-                                 ErrorThrower* thrower, const char* flag_name) {
-  Local<Context> context = isolate->GetCurrentContext();
-  Local<String> flag_str = v8_str(isolate, flag_name);
-  Local<String> first_str = v8_str(isolate, "first");
-  Local<String> last_str = v8_str(isolate, "last");
-  Local<String> none_str = v8_str(isolate, "none");
-  v8::MaybeLocal<v8::Value> maybe_flag = usage_obj->Get(context, flag_str);
-  v8::Local<Value> flag_value;
-  v8::Local<String> flag_value_str;
-  if (maybe_flag.ToLocal(&flag_value) && !flag_value->IsUndefined() &&
-      flag_value->ToString(context).ToLocal(&flag_value_str)) {
-    if (!flag_value_str->StringEquals(first_str) &&
-        !flag_value_str->StringEquals(last_str) &&
-        !flag_value_str->StringEquals(none_str)) {
-      thrower->TypeError(
-          "JS Promise Integration: Expected suspender "
-          "position to be \"first\", \"last\" or \"none\"");
-      return false;
-    } else if (flag_value_str->StringEquals(last_str)) {
-      // TODO(thibaudm): Support the "last" position.
-      UNIMPLEMENTED();
-    } else if (flag_value_str->StringEquals(first_str)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-// Given {inner_sig}: [ti*] -> [to*]
-// {outer_sig} must be: [externref ti*] -> [to*]
-bool IsSuspendingSignature(const i::wasm::FunctionSig* inner_sig,
-                           const i::wasm::FunctionSig* outer_sig) {
-  // Checked by the caller.
-  DCHECK_GT(outer_sig->parameter_count(), 0);
-  DCHECK_EQ(outer_sig->GetParam(0), i::wasm::kWasmExternRef);
-  if (inner_sig->parameter_count() + 1 != outer_sig->parameter_count()) {
-    return false;
-  }
-  if (inner_sig->return_count() != outer_sig->return_count()) {
-    return false;
-  }
-  for (size_t i = 1; i < outer_sig->parameter_count(); ++i) {
-    if (outer_sig->GetParam(i) != inner_sig->GetParam(i - 1)) return false;
-  }
-  for (size_t i = 0; i < outer_sig->return_count(); ++i) {
-    if (outer_sig->GetReturn(i) != inner_sig->GetReturn(i)) return false;
-  }
-  return true;
-}
-
-// Given {inner_sig}: externref [ti*] -> [to*]
-// {outer_sig} must be: [ti*] -> [externref]
-bool IsPromisingSignature(const i::wasm::FunctionSig* inner_sig,
-                          const i::wasm::FunctionSig* outer_sig) {
-  if (inner_sig->parameter_count() != outer_sig->parameter_count() + 1) {
-    return false;
-  }
-  if (outer_sig->return_count() != 1) {
-    return false;
-  }
-  if (inner_sig->GetParam(0) != i::wasm::kWasmExternRef) return false;
-  for (size_t i = 0; i < outer_sig->parameter_count(); ++i) {
-    if (outer_sig->GetParam(i) != inner_sig->GetParam(i + 1)) return false;
-  }
-  if (outer_sig->GetReturn(0) != i::wasm::kWasmExternRef) return false;
-  return true;
-}
-
-}  // namespace
-
 i::Handle<i::JSFunction> NewPromisingWasmExportedFunction(
     i::Isolate* i_isolate, i::DirectHandle<i::WasmExportedFunctionData> data,
-    ErrorThrower& thrower, bool with_suspender_param) {
+    ErrorThrower& thrower) {
   i::DirectHandle<i::WasmTrustedInstanceData> trusted_instance_data{
       data->instance_data(), i_isolate};
   int func_index = data->function_index();
@@ -2201,9 +2100,7 @@ i::Handle<i::JSFunction> NewPromisingWasmExportedFunction(
     wrapper =
         i::DirectHandle<i::Code>(data->wrapper_code(i_isolate), i_isolate);
   } else {
-    wrapper = with_suspender_param
-                  ? BUILTIN_CODE(i_isolate, WasmPromisingWithSuspender)
-                  : BUILTIN_CODE(i_isolate, WasmPromising);
+    wrapper = BUILTIN_CODE(i_isolate, WasmPromising);
   }
 
   // TODO(14034): Create funcref RTTs lazily?
@@ -2217,9 +2114,9 @@ i::Handle<i::JSFunction> NewPromisingWasmExportedFunction(
   if (func_index >= num_imported_functions) {
     ref = trusted_instance_data;
   } else {
-    ref = i_isolate->factory()->NewWasmApiFunctionRef(direct_handle(
-        i::Cast<i::WasmApiFunctionRef>(
-            trusted_instance_data->dispatch_table_for_imports()->ref(
+    ref = i_isolate->factory()->NewWasmImportData(direct_handle(
+        i::Cast<i::WasmImportData>(
+            trusted_instance_data->dispatch_table_for_imports()->implicit_arg(
                 func_index)),
         i_isolate));
   }
@@ -2238,7 +2135,7 @@ i::Handle<i::JSFunction> NewPromisingWasmExportedFunction(
       i_isolate->factory()->NewWasmFuncRef(internal, rtt);
   internal->set_call_target(trusted_instance_data->GetCallTarget(func_index));
   if (func_index < num_imported_functions) {
-    i::Cast<i::WasmApiFunctionRef>(ref)->set_call_origin(*func_ref);
+    i::Cast<i::WasmImportData>(ref)->set_call_origin(*func_ref);
   }
 
   i::Handle<i::JSFunction> result = i::WasmExportedFunction::New(
@@ -2340,7 +2237,6 @@ void WebAssemblyFunction(const v8::FunctionCallbackInfo<v8::Value>& info) {
   }
   const i::wasm::FunctionSig* sig = builder.Build();
   i::wasm::Suspend suspend = i::wasm::kNoSuspend;
-  i::wasm::Promise promise = i::wasm::kNoPromise;
 
   i::Handle<i::JSReceiver> callable = Utils::OpenHandle(*info[1].As<Object>());
   if (i::IsWasmSuspendingObject(*callable)) {
@@ -2353,78 +2249,6 @@ void WebAssemblyFunction(const v8::FunctionCallbackInfo<v8::Value>& info) {
     return;
   }
 
-  if (i_isolate->IsWasmJSPIEnabled(i_isolate->native_context())) {
-    // Optional third argument for JS Promise Integration.
-    if (!info[2]->IsNullOrUndefined() && !info[2]->IsObject()) {
-      thrower.TypeError(
-          "Expected argument 3 to be an object with a "
-          "'suspending' or 'promising' property");
-      return;
-    }
-    if (info[2]->IsObject()) {
-      Local<Object> usage_obj = Local<Object>::Cast(info[2]);
-      if (HasJSPromiseIntegrationFlag(isolate, usage_obj, &thrower,
-                                      "suspending")) {
-        suspend = i::wasm::kSuspendWithSuspender;
-        i_isolate->CountUsage(v8::Isolate::kWasmJavaScriptPromiseIntegration);
-      }
-      if (HasJSPromiseIntegrationFlag(isolate, usage_obj, &thrower,
-                                      "promising")) {
-        promise = i::wasm::kPromiseWithSuspender;
-        i_isolate->CountUsage(v8::Isolate::kWasmJavaScriptPromiseIntegration);
-      }
-    }
-  }
-
-  bool is_wasm_exported_function =
-      i::WasmExportedFunction::IsWasmExportedFunction(*callable);
-  bool is_wasm_js_function = i::WasmJSFunction::IsWasmJSFunction(*callable);
-
-  if (is_wasm_exported_function && suspend != i::wasm::kNoSuspend) {
-    // TODO(thibaudm): Support wasm-to-wasm calls with suspending behavior, and
-    // also with combined promising+suspending behavior.
-    UNIMPLEMENTED();
-  }
-  if (is_wasm_exported_function && promise != i::wasm::kNoPromise) {
-    auto wasm_exported_function = i::Cast<i::WasmExportedFunction>(*callable);
-    i::DirectHandle<i::WasmExportedFunctionData> data(
-        wasm_exported_function->shared()->wasm_exported_function_data(),
-        i_isolate);
-    if (!IsPromisingSignature(data->sig(), sig)) {
-      thrower.TypeError("Incompatible signature for promising function");
-      return;
-    }
-    bool with_suspender_param = promise == i::wasm::kPromiseWithSuspender;
-    i::Handle<i::JSFunction> result = NewPromisingWasmExportedFunction(
-        i_isolate, data, thrower, with_suspender_param);
-    info.GetReturnValue().Set(Utils::ToLocal(result));
-    return;
-  }
-  if (is_wasm_js_function && promise != i::wasm::kNoPromise) {
-    // TODO(thibaudm): This case has no practical use. The generated suspender
-    // would be unusable since the stack would always contain at least one JS
-    // frame. But for now the spec would require us to add specific JS-to-JS and
-    // wasm-to-JS wrappers to support this case. Leave this unimplemented for
-    // now.
-    UNIMPLEMENTED();
-  }
-  if (suspend == internal::wasm::kSuspendWithSuspender) {
-    if (sig->parameter_count() == 0 ||
-        sig->GetParam(0) != i::wasm::kWasmExternRef) {
-      thrower.TypeError("Incompatible signature for suspending function");
-      return;
-    }
-    if (is_wasm_js_function) {
-      // Check that the rest of the signature matches.
-      auto wasm_js_function = i::Cast<i::WasmJSFunction>(*callable);
-      const i::wasm::FunctionSig* inner_sig =
-          wasm_js_function->shared()->wasm_js_function_data()->GetSignature();
-      if (!IsSuspendingSignature(inner_sig, sig)) {
-        thrower.TypeError("Incompatible signature for suspending function");
-        return;
-      }
-    }
-  }
   i::Handle<i::JSFunction> result =
       i::WasmJSFunction::New(i_isolate, sig, callable, suspend);
   info.GetReturnValue().Set(Utils::ToLocal(result));
@@ -2457,9 +2281,8 @@ void WebAssemblyPromising(const v8::FunctionCallbackInfo<v8::Value>& info) {
     thrower.TypeError("Argument 0 must be a WebAssembly exported function");
     return;
   }
-  bool with_suspender_param = false;
   i::Handle<i::JSFunction> result =
-      NewPromisingWasmExportedFunction(i_isolate, data, thrower, with_suspender_param);
+      NewPromisingWasmExportedFunction(i_isolate, data, thrower);
   info.GetReturnValue().Set(Utils::ToLocal(i::Cast<i::JSObject>(result)));
   return;
 }
@@ -2510,21 +2333,12 @@ void WebAssemblyFunctionType(const v8::FunctionCallbackInfo<v8::Value>& info) {
         data->instance_data()->module()->functions[data->function_index()].sig;
     i::wasm::Promise promise_flags =
         i::WasmFunctionData::PromiseField::decode(data->js_promise_flags());
-    if (promise_flags != i::wasm::kNoPromise) {
-      // If this export is "promising", the first parameter of the original
-      // function is an externref (suspender) which does not appear in the
-      // wrapper function's signature. The wrapper function also returns a
-      // promise as an externref instead of the original return type.
+    if (promise_flags == i::wasm::kPromise) {
+      // The wrapper function returns a promise as an externref instead of the
+      // original return type.
       size_t param_count = sig->parameter_count();
-      int suspender_count =
-          promise_flags == internal::wasm::kPromiseWithSuspender ? 1 : 0;
-      if (suspender_count == 1) {
-        DCHECK_GE(param_count, 1);
-        DCHECK_EQ(sig->GetParam(0), i::wasm::kWasmExternRef);
-      }
-      i::wasm::FunctionSig::Builder builder(&zone, 1,
-                                            param_count - suspender_count);
-      for (size_t i = suspender_count; i < param_count; ++i) {
+      i::wasm::FunctionSig::Builder builder(&zone, 1, param_count);
+      for (size_t i = 0; i < param_count; ++i) {
         builder.AddParam(sig->GetParam(i));
       }
       builder.AddReturn(i::wasm::kWasmExternRef);
@@ -2738,7 +2552,7 @@ void WebAssemblyTableType(const v8::FunctionCallbackInfo<v8::Value>& info) {
   ErrorThrower thrower(i_isolate, "WebAssembly.Table.type()");
 
   EXTRACT_THIS(table, WasmTableObject);
-  base::Optional<uint32_t> max_size;
+  std::optional<uint32_t> max_size;
   if (!IsUndefined(table->maximum_length())) {
     uint64_t max_size64 = i::Object::NumberValue(table->maximum_length());
     DCHECK_LE(max_size64, std::numeric_limits<uint32_t>::max());
@@ -2828,7 +2642,7 @@ void WebAssemblyMemoryType(const v8::FunctionCallbackInfo<v8::Value>& info) {
   size_t curr_size = buffer->byte_length() / i::wasm::kWasmPageSize;
   DCHECK_LE(curr_size, std::numeric_limits<uint32_t>::max());
   uint32_t min_size = static_cast<uint32_t>(curr_size);
-  base::Optional<uint32_t> max_size;
+  std::optional<uint32_t> max_size;
   if (memory->has_maximum_pages()) {
     uint64_t max_size64 = memory->maximum_pages();
     DCHECK_LE(max_size64, std::numeric_limits<uint32_t>::max());
@@ -3189,9 +3003,16 @@ namespace {
 Handle<JSFunction> CreateFunc(
     Isolate* isolate, Handle<String> name, FunctionCallback func,
     bool has_prototype,
-    SideEffectType side_effect_type = SideEffectType::kHasSideEffect) {
+    SideEffectType side_effect_type = SideEffectType::kHasSideEffect,
+    Handle<FunctionTemplateInfo> parent = {}) {
   Handle<FunctionTemplateInfo> temp =
       NewFunctionTemplate(isolate, func, has_prototype, side_effect_type);
+
+  if (!parent.is_null()) {
+    DCHECK(has_prototype);
+    FunctionTemplateInfo::SetParentTemplate(isolate, temp, parent);
+  }
+
   Handle<JSFunction> function =
       ApiNatives::InstantiateFunction(isolate, temp, name).ToHandleChecked();
   DCHECK(function->shared()->HasSharedName());
@@ -3345,22 +3166,7 @@ void WasmJs::PrepareForSnapshot(Isolate* isolate) {
   }
 
   // Create the Module object.
-  {
-    Handle<JSFunction> module_constructor = InstallConstructorFunc(
-        isolate, webassembly, "Module", wasm::WebAssemblyModule);
-    SetupConstructor(isolate, module_constructor, WASM_MODULE_OBJECT_TYPE,
-                     WasmModuleObject::kHeaderSize, "WebAssembly.Module");
-    native_context->set_wasm_module_constructor(*module_constructor);
-    InstallFunc(isolate, module_constructor, "imports",
-                wasm::WebAssemblyModuleImports, 1, false, NONE,
-                SideEffectType::kHasNoSideEffect);
-    InstallFunc(isolate, module_constructor, "exports",
-                wasm::WebAssemblyModuleExports, 1, false, NONE,
-                SideEffectType::kHasNoSideEffect);
-    InstallFunc(isolate, module_constructor, "customSections",
-                wasm::WebAssemblyModuleCustomSections, 2, false, NONE,
-                SideEffectType::kHasNoSideEffect);
-  }
+  InstallModule(isolate, webassembly);
 
   // Create the Instance object.
   {
@@ -3430,7 +3236,7 @@ void WasmJs::PrepareForSnapshot(Isolate* isolate) {
     // Note the canonical_type_index is reset in WasmJs::Install s.t.
     // type_canonicalizer bookkeeping remains valid.
     static constexpr uint32_t kInitialCanonicalTypeIndex = 0;
-    Handle<JSObject> js_tag_object = WasmTagObject::New(
+    DirectHandle<JSObject> js_tag_object = WasmTagObject::New(
         isolate, &kWasmExceptionTagSignature, kInitialCanonicalTypeIndex,
         js_tag, Handle<WasmTrustedInstanceData>());
     native_context->set_wasm_js_tag(*js_tag_object);
@@ -3480,21 +3286,68 @@ void WasmJs::PrepareForSnapshot(Isolate* isolate) {
 
   // Setup errors.
   {
-    Handle<JSFunction> compile_error(
+    DirectHandle<JSFunction> compile_error(
         native_context->wasm_compile_error_function(), isolate);
     JSObject::AddProperty(isolate, webassembly, f->CompileError_string(),
                           compile_error, DONT_ENUM);
-    Handle<JSFunction> link_error(native_context->wasm_link_error_function(),
-                                  isolate);
+    DirectHandle<JSFunction> link_error(
+        native_context->wasm_link_error_function(), isolate);
     JSObject::AddProperty(isolate, webassembly, f->LinkError_string(),
                           link_error, DONT_ENUM);
-    Handle<JSFunction> runtime_error(
+    DirectHandle<JSFunction> runtime_error(
         native_context->wasm_runtime_error_function(), isolate);
     JSObject::AddProperty(isolate, webassembly, f->RuntimeError_string(),
                           runtime_error, DONT_ENUM);
   }
 }
 
+void WasmJs::InstallModule(Isolate* isolate, Handle<JSObject> webassembly) {
+  Handle<JSGlobalObject> global = isolate->global_object();
+  Handle<NativeContext> native_context(global->native_context(), isolate);
+
+  Handle<JSFunction> module_constructor;
+  if (v8_flags.js_source_phase_imports) {
+    Handle<FunctionTemplateInfo>
+        intrinsic_abstract_module_source_interface_template =
+            NewFunctionTemplate(isolate, nullptr, false);
+    Handle<JSObject> abstract_module_source_prototype = Handle<JSObject>(
+        native_context->abstract_module_source_prototype(), isolate);
+    ApiNatives::AddDataProperty(
+        isolate, intrinsic_abstract_module_source_interface_template,
+        v8_str(isolate, "prototype"), abstract_module_source_prototype, NONE);
+
+    // Check that this is a reinstallation of the Module object.
+    Handle<String> name = v8_str(isolate, "Module");
+    DCHECK(
+        JSObject::HasRealNamedProperty(isolate, webassembly, name).ToChecked());
+    // Reinstall the Module object with AbstractModuleSource as prototype.
+    module_constructor =
+        CreateFunc(isolate, name, wasm::WebAssemblyModule, true,
+                   SideEffectType::kHasNoSideEffect,
+                   intrinsic_abstract_module_source_interface_template);
+    module_constructor->shared()->set_length(1);
+    JSObject::SetOwnPropertyIgnoreAttributes(webassembly, name,
+                                             module_constructor, DONT_ENUM)
+        .Assert();
+  } else {
+    module_constructor = InstallConstructorFunc(isolate, webassembly, "Module",
+                                                wasm::WebAssemblyModule);
+  }
+  SetupConstructor(isolate, module_constructor, WASM_MODULE_OBJECT_TYPE,
+                   WasmModuleObject::kHeaderSize, "WebAssembly.Module");
+  native_context->set_wasm_module_constructor(*module_constructor);
+
+  InstallFunc(isolate, module_constructor, "imports",
+              wasm::WebAssemblyModuleImports, 1, false, NONE,
+              SideEffectType::kHasNoSideEffect);
+  InstallFunc(isolate, module_constructor, "exports",
+              wasm::WebAssemblyModuleExports, 1, false, NONE,
+              SideEffectType::kHasNoSideEffect);
+  InstallFunc(isolate, module_constructor, "customSections",
+              wasm::WebAssemblyModuleCustomSections, 2, false, NONE,
+              SideEffectType::kHasNoSideEffect);
+}
+
 // static
 void WasmJs::Install(Isolate* isolate, bool exposed_on_global_object) {
   Handle<JSGlobalObject> global = isolate->global_object();
@@ -3509,6 +3362,10 @@ void WasmJs::Install(Isolate* isolate, bool exposed_on_global_object) {
   // lookup.
   Handle<JSObject> webassembly(native_context->wasm_webassembly_object(),
                                isolate);
+  if (v8_flags.js_source_phase_imports) {
+    // Reinstall the Module object with the experimental interface.
+    InstallModule(isolate, webassembly);
+  }
 
   // Expose the API on the global object if configured to do so.
   if (exposed_on_global_object) {
@@ -3615,11 +3472,6 @@ bool WasmJs::InstallJSPromiseIntegration(Isolate* isolate,
           .FromMaybe(true)) {
     return false;
   }
-  Handle<JSFunction> suspender_constructor = InstallConstructorFunc(
-      isolate, webassembly, "Suspender", WebAssemblySuspender);
-  context->set_wasm_suspender_constructor(*suspender_constructor);
-  SetupConstructor(isolate, suspender_constructor, WASM_SUSPENDER_OBJECT_TYPE,
-                   WasmSuspenderObject::kHeaderSize, "WebAssembly.Suspender");
   Handle<JSFunction> suspending_constructor = InstallConstructorFunc(
       isolate, webassembly, "Suspending", WebAssemblySuspendingImpl);
   context->set_wasm_suspending_constructor(*suspending_constructor);
diff --git a/deps/v8/src/wasm/wasm-js.h b/deps/v8/src/wasm/wasm-js.h
index fa3e3f3cef4384..db7fa4ea6605ab 100644
--- a/deps/v8/src/wasm/wasm-js.h
+++ b/deps/v8/src/wasm/wasm-js.h
@@ -74,6 +74,8 @@ class WasmJs {
   // - creates API objects and properties that depend on runtime-enabled flags.
   V8_EXPORT_PRIVATE static void Install(Isolate* isolate,
                                         bool exposed_on_global_object);
+  V8_EXPORT_PRIVATE static void InstallModule(Isolate* isolate,
+                                              Handle<JSObject> webassembly);
 
   V8_EXPORT_PRIVATE static void InstallConditionalFeatures(
       Isolate* isolate, Handle<NativeContext> context);
diff --git a/deps/v8/src/wasm/wasm-module-builder.h b/deps/v8/src/wasm/wasm-module-builder.h
index db1b73a964ca90..f517aef6c340ba 100644
--- a/deps/v8/src/wasm/wasm-module-builder.h
+++ b/deps/v8/src/wasm/wasm-module-builder.h
@@ -9,6 +9,8 @@
 #ifndef V8_WASM_WASM_MODULE_BUILDER_H_
 #define V8_WASM_WASM_MODULE_BUILDER_H_
 
+#include <optional>
+
 #include "src/base/memory.h"
 #include "src/base/platform/wrappers.h"
 #include "src/base/vector.h"
@@ -486,7 +488,7 @@ class V8_EXPORT_PRIVATE WasmModuleBuilder : public ZoneObject {
     bool has_maximum = false;
     bool is_shared = false;
     bool is_table64 = false;
-    base::Optional<WasmInitExpr> init = {};
+    std::optional<WasmInitExpr> init = {};
   };
 
   struct WasmMemory {
diff --git a/deps/v8/src/wasm/wasm-module.cc b/deps/v8/src/wasm/wasm-module.cc
index 706b83dad610eb..5123c181e37f46 100644
--- a/deps/v8/src/wasm/wasm-module.cc
+++ b/deps/v8/src/wasm/wasm-module.cc
@@ -280,7 +280,7 @@ Handle<JSObject> GetTypeForFunction(Isolate* isolate, const FunctionSig* sig,
   // Create the resulting {FunctionType} object.
   Handle<JSFunction> object_function = isolate->object_function();
   Handle<JSObject> object = factory->NewJSObject(object_function);
-  Handle<JSArray> params = factory->NewJSArrayWithElements(param_values);
+  DirectHandle<JSArray> params = factory->NewJSArrayWithElements(param_values);
   Handle<String> params_string = factory->InternalizeUtf8String("parameters");
   Handle<String> results_string = factory->InternalizeUtf8String("results");
   JSObject::AddProperty(isolate, object, params_string, params, NONE);
@@ -297,7 +297,8 @@ Handle<JSObject> GetTypeForFunction(Isolate* isolate, const FunctionSig* sig,
       DirectHandle<String> type_value = ToValueTypeString(isolate, type);
       result_values->set(result_index++, *type_value);
     }
-    Handle<JSArray> results = factory->NewJSArrayWithElements(result_values);
+    DirectHandle<JSArray> results =
+        factory->NewJSArrayWithElements(result_values);
     JSObject::AddProperty(isolate, object, results_string, results, NONE);
   }
 
@@ -321,8 +322,8 @@ Handle<JSObject> GetTypeForGlobal(Isolate* isolate, bool is_mutable,
 }
 
 Handle<JSObject> GetTypeForMemory(Isolate* isolate, uint32_t min_size,
-                                  base::Optional<uint32_t> max_size,
-                                  bool shared, bool is_memory64) {
+                                  std::optional<uint32_t> max_size, bool shared,
+                                  bool is_memory64) {
   Factory* factory = isolate->factory();
 
   Handle<JSFunction> object_function = isolate->object_function();
@@ -349,11 +350,11 @@ Handle<JSObject> GetTypeForMemory(Isolate* isolate, uint32_t min_size,
 
 Handle<JSObject> GetTypeForTable(Isolate* isolate, ValueType type,
                                  uint32_t min_size,
-                                 base::Optional<uint32_t> max_size,
+                                 std::optional<uint32_t> max_size,
                                  bool is_table64) {
   Factory* factory = isolate->factory();
 
-  Handle<String> element =
+  DirectHandle<String> element =
       factory->InternalizeUtf8String(base::VectorOf(type.name()));
 
   Handle<JSFunction> object_function = isolate->object_function();
@@ -434,7 +435,7 @@ Handle<JSArray> GetImports(Isolate* isolate,
       case kExternalTable:
         if (enabled_features.has_type_reflection()) {
           auto& table = module->tables[import.index];
-          base::Optional<uint32_t> maximum_size;
+          std::optional<uint32_t> maximum_size;
           if (table.has_maximum_size) maximum_size.emplace(table.maximum_size);
           type_value = GetTypeForTable(isolate, table.type, table.initial_size,
                                        maximum_size, table.is_table64);
@@ -444,7 +445,7 @@ Handle<JSArray> GetImports(Isolate* isolate,
       case kExternalMemory:
         if (enabled_features.has_type_reflection()) {
           auto& memory = module->memories[import.index];
-          base::Optional<uint32_t> maximum_size;
+          std::optional<uint32_t> maximum_size;
           if (memory.has_maximum_pages) {
             maximum_size.emplace(memory.maximum_pages);
           }
@@ -476,11 +477,11 @@ Handle<JSArray> GetImports(Isolate* isolate,
     }
     DCHECK(!import_kind.is_null());
 
-    Handle<String> import_module =
+    DirectHandle<String> import_module =
         WasmModuleObject::ExtractUtf8StringFromModuleBytes(
             isolate, module_object, import.module_name, kInternalize);
 
-    Handle<String> import_name =
+    DirectHandle<String> import_name =
         WasmModuleObject::ExtractUtf8StringFromModuleBytes(
             isolate, module_object, import.field_name, kInternalize);
 
@@ -507,11 +508,11 @@ Handle<JSArray> GetExports(Isolate* isolate,
   Handle<String> kind_string = factory->InternalizeUtf8String("kind");
   Handle<String> type_string = factory->InternalizeUtf8String("type");
 
-  Handle<String> function_string = factory->function_string();
-  Handle<String> table_string = factory->InternalizeUtf8String("table");
-  Handle<String> memory_string = factory->InternalizeUtf8String("memory");
-  Handle<String> global_string = factory->global_string();
-  Handle<String> tag_string = factory->InternalizeUtf8String("tag");
+  DirectHandle<String> function_string = factory->function_string();
+  DirectHandle<String> table_string = factory->InternalizeUtf8String("table");
+  DirectHandle<String> memory_string = factory->InternalizeUtf8String("memory");
+  DirectHandle<String> global_string = factory->global_string();
+  DirectHandle<String> tag_string = factory->InternalizeUtf8String("tag");
 
   // Create the result array.
   const WasmModule* module = module_object->module();
@@ -528,7 +529,7 @@ Handle<JSArray> GetExports(Isolate* isolate,
   for (int index = 0; index < num_exports; ++index) {
     const WasmExport& exp = module->export_table[index];
 
-    Handle<String> export_kind;
+    DirectHandle<String> export_kind;
     Handle<JSObject> type_value;
     switch (exp.kind) {
       case kExternalFunction:
@@ -541,7 +542,7 @@ Handle<JSArray> GetExports(Isolate* isolate,
       case kExternalTable:
         if (enabled_features.has_type_reflection()) {
           auto& table = module->tables[exp.index];
-          base::Optional<uint32_t> maximum_size;
+          std::optional<uint32_t> maximum_size;
           if (table.has_maximum_size) maximum_size.emplace(table.maximum_size);
           type_value = GetTypeForTable(isolate, table.type, table.initial_size,
                                        maximum_size, table.is_table64);
@@ -551,7 +552,7 @@ Handle<JSArray> GetExports(Isolate* isolate,
       case kExternalMemory:
         if (enabled_features.has_type_reflection()) {
           auto& memory = module->memories[exp.index];
-          base::Optional<uint32_t> maximum_size;
+          std::optional<uint32_t> maximum_size;
           if (memory.has_maximum_pages) {
             maximum_size.emplace(memory.maximum_pages);
           }
@@ -578,7 +579,7 @@ Handle<JSArray> GetExports(Isolate* isolate,
 
     Handle<JSObject> entry = factory->NewJSObject(object_function);
 
-    Handle<String> export_name =
+    DirectHandle<String> export_name =
         WasmModuleObject::ExtractUtf8StringFromModuleBytes(
             isolate, module_object, exp.name, kNoInternalize);
 
@@ -664,7 +665,13 @@ int GetSourcePosition(const WasmModule* module, uint32_t func_index,
 }
 
 size_t WasmModule::EstimateStoredSize() const {
-  UPDATE_WHEN_CLASS_CHANGES(WasmModule, 856);
+  UPDATE_WHEN_CLASS_CHANGES(WasmModule,
+#if V8_ENABLE_DRUMBRAKE
+                            920
+#else   // V8_ENABLE_DRUMBRAKE
+                            856
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
   return sizeof(WasmModule) +                            // --
          signature_zone.allocation_size_for_tracing() +  // --
          ContentSize(types) +                            // --
@@ -737,7 +744,13 @@ size_t TypeFeedbackStorage::EstimateCurrentMemoryConsumption() const {
 }
 
 size_t WasmModule::EstimateCurrentMemoryConsumption() const {
-  UPDATE_WHEN_CLASS_CHANGES(WasmModule, 856);
+  UPDATE_WHEN_CLASS_CHANGES(WasmModule,
+#if V8_ENABLE_DRUMBRAKE
+                            920
+#else   // V8_ENABLE_DRUMBRAKE
+                            856
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
   size_t result = EstimateStoredSize();
 
   result += type_feedback.EstimateCurrentMemoryConsumption();
diff --git a/deps/v8/src/wasm/wasm-module.h b/deps/v8/src/wasm/wasm-module.h
index a69fa94c61f2d2..9e30aa152ff747 100644
--- a/deps/v8/src/wasm/wasm-module.h
+++ b/deps/v8/src/wasm/wasm-module.h
@@ -11,8 +11,8 @@
 
 #include <map>
 #include <memory>
+#include <optional>
 
-#include "src/base/optional.h"
 #include "src/base/platform/mutex.h"
 #include "src/base/vector.h"
 #include "src/codegen/signature.h"
@@ -37,6 +37,9 @@ using WasmName = base::Vector<const char>;
 
 struct AsmJsOffsets;
 class ErrorThrower;
+#if V8_ENABLE_DRUMBRAKE
+class WasmInterpreterRuntime;
+#endif  // V8_ENABLE_DRUMBRAKE
 class WellKnownImportsList;
 
 // Reference to a string in the wire bytes.
@@ -854,6 +857,16 @@ struct V8_EXPORT_PRIVATE WasmModule {
     return base::VectorOf(functions) + num_imported_functions;
   }
 
+#if V8_ENABLE_DRUMBRAKE
+  void SetWasmInterpreter(
+      std::shared_ptr<WasmInterpreterRuntime> interpreter) const {
+    base::MutexGuard lock(&interpreter_mutex_);
+    interpreter_ = interpreter;
+  }
+  mutable std::weak_ptr<WasmInterpreterRuntime> interpreter_;
+  mutable base::Mutex interpreter_mutex_;
+#endif  // V8_ENABLE_DRUMBRAKE
+
   size_t EstimateStoredSize() const;                // No tracing.
   size_t EstimateCurrentMemoryConsumption() const;  // With tracing.
 };
@@ -948,11 +961,11 @@ Handle<JSObject> GetTypeForFunction(Isolate* isolate, const FunctionSig* sig,
 Handle<JSObject> GetTypeForGlobal(Isolate* isolate, bool is_mutable,
                                   ValueType type);
 Handle<JSObject> GetTypeForMemory(Isolate* isolate, uint32_t min_size,
-                                  base::Optional<uint32_t> max_size,
-                                  bool shared, bool is_memory64);
+                                  std::optional<uint32_t> max_size, bool shared,
+                                  bool is_memory64);
 Handle<JSObject> GetTypeForTable(Isolate* isolate, ValueType type,
                                  uint32_t min_size,
-                                 base::Optional<uint32_t> max_size,
+                                 std::optional<uint32_t> max_size,
                                  bool is_table64);
 Handle<JSArray> GetImports(Isolate* isolate,
                            DirectHandle<WasmModuleObject> module);
diff --git a/deps/v8/src/wasm/wasm-objects-inl.h b/deps/v8/src/wasm/wasm-objects-inl.h
index 850a05910c453b..005d53e573fbe6 100644
--- a/deps/v8/src/wasm/wasm-objects-inl.h
+++ b/deps/v8/src/wasm/wasm-objects-inl.h
@@ -29,6 +29,10 @@
 #include "src/wasm/wasm-objects.h"
 #include "third_party/fp16/src/include/fp16.h"
 
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter-objects.h"
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // Has to be the last include (doesn't have include guards)
 #include "src/objects/object-macros.h"
 
@@ -37,7 +41,6 @@ namespace v8::internal {
 #include "torque-generated/src/wasm/wasm-objects-tq-inl.inc"
 
 TQ_OBJECT_CONSTRUCTORS_IMPL(AsmWasmData)
-TQ_OBJECT_CONSTRUCTORS_IMPL(WasmApiFunctionRef)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmArray)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmCapiFunctionData)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmContinuationObject)
@@ -46,6 +49,7 @@ TQ_OBJECT_CONSTRUCTORS_IMPL(WasmExportedFunctionData)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmFunctionData)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmFuncRef)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmGlobalObject)
+TQ_OBJECT_CONSTRUCTORS_IMPL(WasmImportData)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmInstanceObject)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmInternalFunction)
 TQ_OBJECT_CONSTRUCTORS_IMPL(WasmJSFunctionData)
@@ -201,6 +205,10 @@ PRIMITIVE_ACCESSORS(WasmTrustedInstanceData, globals_start, uint8_t*,
                     kGlobalsStartOffset)
 ACCESSORS(WasmTrustedInstanceData, imported_mutable_globals,
           Tagged<FixedAddressArray>, kImportedMutableGlobalsOffset)
+#if V8_ENABLE_DRUMBRAKE
+ACCESSORS(WasmTrustedInstanceData, imported_function_indices,
+          Tagged<FixedInt32Array>, kImportedFunctionIndicesOffset)
+#endif  // V8_ENABLE_DRUMBRAKE
 PRIMITIVE_ACCESSORS(WasmTrustedInstanceData, jump_table_start, Address,
                     kJumpTableStartOffset)
 PRIMITIVE_ACCESSORS(WasmTrustedInstanceData, hook_on_function_call_address,
@@ -233,6 +241,10 @@ OPTIONAL_ACCESSORS(WasmTrustedInstanceData, imported_mutable_globals_buffers,
                    Tagged<FixedArray>, kImportedMutableGlobalsBuffersOffset)
 OPTIONAL_ACCESSORS(WasmTrustedInstanceData, tables, Tagged<FixedArray>,
                    kTablesOffset)
+#if V8_ENABLE_DRUMBRAKE
+OPTIONAL_ACCESSORS(WasmTrustedInstanceData, interpreter_object, Tagged<Tuple2>,
+                   kInterpreterObjectOffset)
+#endif  // V8_ENABLE_DRUMBRAKE
 PROTECTED_POINTER_ACCESSORS(WasmTrustedInstanceData, shared_part,
                             WasmTrustedInstanceData, kProtectedSharedPartOffset)
 PROTECTED_POINTER_ACCESSORS(WasmTrustedInstanceData, dispatch_table0,
@@ -252,6 +264,8 @@ ACCESSORS(WasmTrustedInstanceData, feedback_vectors, Tagged<FixedArray>,
           kFeedbackVectorsOffset)
 ACCESSORS(WasmTrustedInstanceData, well_known_imports, Tagged<FixedArray>,
           kWellKnownImportsOffset)
+PRIMITIVE_ACCESSORS(WasmTrustedInstanceData, stress_deopt_counter_address,
+                    Address, kStressDeoptCounterOffset)
 
 void WasmTrustedInstanceData::clear_padding() {
   constexpr int kPaddingBytes = FIELD_SIZE(kOptionalPaddingOffset);
@@ -348,16 +362,18 @@ int WasmDispatchTable::capacity() const {
   return ReadField<int>(kCapacityOffset);
 }
 
-inline Tagged<Object> WasmDispatchTable::ref(int index) const {
+inline Tagged<Object> WasmDispatchTable::implicit_arg(int index) const {
   DCHECK_LT(index, length());
-  Tagged<Object> ref = ReadProtectedPointerField(OffsetOf(index) + kRefBias);
-  DCHECK(IsWasmTrustedInstanceData(ref) || IsWasmApiFunctionRef(ref) ||
-         ref == Smi::zero());
-  return ref;
+  Tagged<Object> implicit_arg =
+      ReadProtectedPointerField(OffsetOf(index) + kImplicitArgBias);
+  DCHECK(IsWasmTrustedInstanceData(implicit_arg) ||
+         IsWasmImportData(implicit_arg) || implicit_arg == Smi::zero());
+  return implicit_arg;
 }
 
 inline Address WasmDispatchTable::target(int index) const {
   DCHECK_LT(index, length());
+  if (v8_flags.wasm_jitless) return kNullAddress;
   return ReadField<Address>(OffsetOf(index) + kTargetBias);
 }
 
@@ -366,6 +382,14 @@ inline int WasmDispatchTable::sig(int index) const {
   return ReadField<int>(OffsetOf(index) + kSigBias);
 }
 
+#if V8_ENABLE_DRUMBRAKE
+inline uint32_t WasmDispatchTable::function_index(int index) const {
+  DCHECK_LT(index, length());
+  if (!v8_flags.wasm_jitless) return UINT_MAX;
+  return ReadField<uint32_t>(OffsetOf(index) + kFunctionIndexBias);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // WasmExceptionPackage
 OBJECT_CONSTRUCTORS_IMPL(WasmExceptionPackage, JSObject)
 
@@ -384,19 +408,19 @@ struct CastTraits<WasmExportedFunction> {
   }
 };
 
-// WasmApiFunctionRef
+// WasmImportData
 
-CODE_POINTER_ACCESSORS(WasmApiFunctionRef, code, kCodeOffset)
+CODE_POINTER_ACCESSORS(WasmImportData, code, kCodeOffset)
 
-PROTECTED_POINTER_ACCESSORS(WasmApiFunctionRef, instance_data,
+PROTECTED_POINTER_ACCESSORS(WasmImportData, instance_data,
                             WasmTrustedInstanceData,
                             kProtectedInstanceDataOffset)
 
 // WasmInternalFunction
 
-// {ref} will be a WasmTrustedInstanceData or a WasmApiFunctionRef.
-PROTECTED_POINTER_ACCESSORS(WasmInternalFunction, ref, TrustedObject,
-                            kProtectedRefOffset)
+// {implicit_arg} will be a WasmTrustedInstanceData or a WasmImportData.
+PROTECTED_POINTER_ACCESSORS(WasmInternalFunction, implicit_arg, TrustedObject,
+                            kProtectedImplicitArgOffset)
 
 // WasmFuncRef
 TRUSTED_POINTER_ACCESSORS(WasmFuncRef, internal, WasmInternalFunction,
diff --git a/deps/v8/src/wasm/wasm-objects.cc b/deps/v8/src/wasm/wasm-objects.cc
index a729e479ad1bac..b37eb06f7803a4 100644
--- a/deps/v8/src/wasm/wasm-objects.cc
+++ b/deps/v8/src/wasm/wasm-objects.cc
@@ -4,6 +4,8 @@
 
 #include "src/wasm/wasm-objects.h"
 
+#include <optional>
+
 #include "src/base/iterator.h"
 #include "src/base/vector.h"
 #include "src/builtins/builtins-inl.h"
@@ -14,6 +16,7 @@
 #include "src/objects/objects-inl.h"
 #include "src/objects/oddball.h"
 #include "src/objects/shared-function-info.h"
+#include "src/roots/roots-inl.h"
 #include "src/utils/utils.h"
 #include "src/wasm/code-space-access.h"
 #include "src/wasm/compilation-environment-inl.h"
@@ -32,6 +35,11 @@
 #include "src/wasm/wasm-subtyping.h"
 #include "src/wasm/wasm-value.h"
 
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter-inl.h"
+#include "src/wasm/interpreter/wasm-interpreter-runtime.h"
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // Needs to be last so macros do not get undefined.
 #include "src/objects/object-macros.h"
 
@@ -206,7 +214,7 @@ void WasmTableObject::AddUse(Isolate* isolate,
   table_obj->set_uses(*new_uses);
 }
 
-int WasmTableObject::Grow(Isolate* isolate, Handle<WasmTableObject> table,
+int WasmTableObject::Grow(Isolate* isolate, DirectHandle<WasmTableObject> table,
                           uint32_t count, DirectHandle<Object> init_value) {
   uint32_t old_size = table->current_length();
   if (count == 0) return old_size;  // Degenerate case: nothing to do.
@@ -265,6 +273,15 @@ int WasmTableObject::Grow(Isolate* isolate, Handle<WasmTableObject> table,
               trusted_instance_data->dispatch_table(table_index)->length());
     WasmTrustedInstanceData::EnsureMinimumDispatchTableSize(
         isolate, trusted_instance_data, table_index, new_size);
+
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_jitless &&
+        trusted_instance_data->has_interpreter_object()) {
+      wasm::WasmInterpreterRuntime::UpdateIndirectCallTable(
+          isolate, handle(trusted_instance_data->instance_object(), isolate),
+          table_index);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
   }
 
   for (uint32_t entry = old_size; entry < new_size; ++entry) {
@@ -303,14 +320,19 @@ void WasmTableObject::SetFunctionTableEntry(Isolate* isolate,
   if (WasmExportedFunction::IsWasmExportedFunction(*external)) {
     auto exported_function = Cast<WasmExportedFunction>(external);
     auto func_data = exported_function->shared()->wasm_exported_function_data();
-    Handle<WasmTrustedInstanceData> target_instance_data(
+    DirectHandle<WasmTrustedInstanceData> target_instance_data(
         func_data->instance_data(), isolate);
     int func_index = func_data->function_index();
     const WasmModule* module = target_instance_data->module();
     SBXCHECK_BOUNDS(func_index, module->functions.size());
     auto* wasm_function = module->functions.data() + func_index;
     UpdateDispatchTables(isolate, table, entry_index, wasm_function,
-                         target_instance_data);
+                         target_instance_data
+#if V8_ENABLE_DRUMBRAKE
+                         ,
+                         func_index
+#endif  // V8_ENABLE_DRUMBRAKE
+    );
   } else if (WasmJSFunction::IsWasmJSFunction(*external)) {
     UpdateDispatchTables(isolate, table, entry_index,
                          Cast<WasmJSFunction>(external));
@@ -323,7 +345,7 @@ void WasmTableObject::SetFunctionTableEntry(Isolate* isolate,
 }
 
 // Note: This needs to be handlified because it transitively calls
-// {ImportWasmJSFunctionIntoTable} which calls {NewWasmApiFunctionRef}.
+// {ImportWasmJSFunctionIntoTable} which calls {NewWasmImportData}.
 void WasmTableObject::Set(Isolate* isolate, DirectHandle<WasmTableObject> table,
                           uint32_t index, DirectHandle<Object> entry) {
   // Callers need to perform bounds checks, type check, and error handling.
@@ -432,9 +454,9 @@ Handle<Object> WasmTableObject::Get(Isolate* isolate,
   return func_ref;
 }
 
-void WasmTableObject::Fill(Isolate* isolate, Handle<WasmTableObject> table,
-                           uint32_t start, DirectHandle<Object> entry,
-                           uint32_t count) {
+void WasmTableObject::Fill(Isolate* isolate,
+                           DirectHandle<WasmTableObject> table, uint32_t start,
+                           DirectHandle<Object> entry, uint32_t count) {
   // Bounds checks must be done by the caller.
   DCHECK_LE(start, table->current_length());
   DCHECK_LE(count, table->current_length());
@@ -473,7 +495,12 @@ bool FunctionSigMatchesTable(uint32_t canonical_sig_id,
 void WasmTableObject::UpdateDispatchTables(
     Isolate* isolate, DirectHandle<WasmTableObject> table, int entry_index,
     const wasm::WasmFunction* func,
-    DirectHandle<WasmTrustedInstanceData> target_instance_data) {
+    DirectHandle<WasmTrustedInstanceData> target_instance_data
+#if V8_ENABLE_DRUMBRAKE
+    ,
+    int target_func_index
+#endif  // V8_ENABLE_DRUMBRAKE
+) {
   // We simply need to update the IFTs for each instance that imports
   // this table.
   DirectHandle<FixedArray> uses(table->uses(), isolate);
@@ -483,15 +510,23 @@ void WasmTableObject::UpdateDispatchTables(
       func->imported
           // The function in the target instance was imported. Use its imports
           // table to look up the ref.
-          ? direct_handle(
-                Cast<TrustedObject>(
-                    target_instance_data->dispatch_table_for_imports()->ref(
-                        func->func_index)),
-                isolate)
+          ? direct_handle(Cast<TrustedObject>(
+                              target_instance_data->dispatch_table_for_imports()
+                                  ->implicit_arg(func->func_index)),
+                          isolate)
           // For wasm functions, just pass the target instance data.
           : target_instance_data;
   Address call_target = target_instance_data->GetCallTarget(func->func_index);
 
+#if V8_ENABLE_DRUMBRAKE
+  if (target_func_index <
+      static_cast<int>(
+          target_instance_data->module()->num_imported_functions)) {
+    target_func_index = target_instance_data->imported_function_indices()->get(
+        target_func_index);
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   const WasmModule* target_module = target_instance_data->module();
   uint32_t canonical_sig_id =
       target_module->isorecursive_canonical_type_ids[func->sig_index];
@@ -501,15 +536,14 @@ void WasmTableObject::UpdateDispatchTables(
     DirectHandle<WasmInstanceObject> instance_object(
         Cast<WasmInstanceObject>(uses->get(i + TableUses::kInstanceOffset)),
         isolate);
-    if (v8_flags.wasm_to_js_generic_wrapper &&
-        IsWasmApiFunctionRef(*call_ref)) {
-      auto orig_ref = Cast<WasmApiFunctionRef>(call_ref);
-      DirectHandle<WasmApiFunctionRef> new_ref =
-          isolate->factory()->NewWasmApiFunctionRef(orig_ref);
+    if (v8_flags.wasm_to_js_generic_wrapper && IsWasmImportData(*call_ref)) {
+      auto orig_ref = Cast<WasmImportData>(call_ref);
+      DirectHandle<WasmImportData> new_ref =
+          isolate->factory()->NewWasmImportData(orig_ref);
       if (new_ref->instance_data() == instance_object->trusted_data(isolate)) {
-        WasmApiFunctionRef::SetIndexInTableAsCallOrigin(new_ref, entry_index);
+        WasmImportData::SetIndexInTableAsCallOrigin(new_ref, entry_index);
       } else {
-        WasmApiFunctionRef::SetCrossInstanceTableIndexAsCallOrigin(
+        WasmImportData::SetCrossInstanceTableIndexAsCallOrigin(
             isolate, new_ref, instance_object, entry_index);
       }
       call_ref = new_ref;
@@ -520,10 +554,22 @@ void WasmTableObject::UpdateDispatchTables(
     Tagged<WasmTrustedInstanceData> target_instance_data =
         is_shared ? non_shared_instance_data->shared_part()
                   : non_shared_instance_data;
+#if !V8_ENABLE_DRUMBRAKE
     SBXCHECK(FunctionSigMatchesTable(
         canonical_sig_id, target_instance_data->module(), table_index));
     target_instance_data->dispatch_table(table_index)
         ->Set(entry_index, *call_ref, call_target, canonical_sig_id);
+#else   // !V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_jitless &&
+        instance_object->trusted_data(isolate)->has_interpreter_object()) {
+      Handle<WasmInstanceObject> instance_handle(*instance_object, isolate);
+      wasm::WasmInterpreterRuntime::UpdateIndirectCallTable(
+          isolate, instance_handle, table_index);
+    }
+    target_instance_data->dispatch_table(table_index)
+        ->Set(entry_index, *call_ref, call_target, canonical_sig_id,
+              target_func_index);
+#endif  // !V8_ENABLE_DRUMBRAKE
   }
 }
 
@@ -586,11 +632,18 @@ void WasmTableObject::UpdateDispatchTables(
       isolate->counters()->wasm_reloc_size()->Increment(
           wasm_code->reloc_info().length());
     }
-    Tagged<HeapObject> ref =
-        capi_function->shared()->wasm_capi_function_data()->internal()->ref();
+    Tagged<HeapObject> implicit_arg = capi_function->shared()
+                                          ->wasm_capi_function_data()
+                                          ->internal()
+                                          ->implicit_arg();
     Address call_target = wasm_code->instruction_start();
     trusted_instance_data->dispatch_table(table_index)
-        ->Set(entry_index, ref, call_target, canonical_type_index);
+        ->Set(entry_index, implicit_arg, call_target, canonical_type_index
+#if V8_ENABLE_DRUMBRAKE
+              ,
+              WasmDispatchTable::kInvalidFunctionIndex
+#endif  // V8_ENABLE_DRUMBRAKE
+        );
   }
 }
 
@@ -611,6 +664,15 @@ void WasmTableObject::ClearDispatchTables(int index) {
         is_shared ? non_shared_instance_data->shared_part()
                   : non_shared_instance_data;
     target_instance_data->dispatch_table(table_index)->Clear(index);
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_jitless &&
+        non_shared_instance_data->has_interpreter_object()) {
+      Handle<WasmInstanceObject> instance_handle(*target_instance_object,
+                                                 isolate);
+      wasm::WasmInterpreterRuntime::ClearIndirectCallCacheEntry(
+          isolate, instance_handle, table_index, index);
+    }
+#endif  // V8_ENABLE_DRUMBRAKE
   }
 }
 
@@ -719,6 +781,17 @@ void SetInstanceMemory(Tagged<WasmTrustedInstanceData> trusted_instance_data,
   trusted_instance_data->SetRawMemory(
       memory_index, reinterpret_cast<uint8_t*>(buffer->backing_store()),
       byte_length);
+
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless &&
+      trusted_instance_data->has_interpreter_object()) {
+    AllowHeapAllocation allow_heap;
+    Isolate* isolate = trusted_instance_data->instance_object()->GetIsolate();
+    HandleScope scope(isolate);
+    wasm::WasmInterpreterRuntime::UpdateMemoryAddress(
+        handle(trusted_instance_data->instance_object(), isolate));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
 }
 
 }  // namespace
@@ -887,10 +960,10 @@ int32_t WasmMemoryObject::Grow(Isolate* isolate,
   const bool try_grow_in_place =
       must_grow_in_place || !v8_flags.stress_wasm_memory_moving;
 
-  base::Optional<size_t> result_inplace =
+  std::optional<size_t> result_inplace =
       try_grow_in_place
           ? backing_store->GrowWasmMemoryInPlace(isolate, pages, max_pages)
-          : base::nullopt;
+          : std::nullopt;
   if (must_grow_in_place && !result_inplace.has_value()) {
     // There are different limits per platform, thus crash if the correctness
     // fuzzer is running.
@@ -1034,29 +1107,36 @@ MaybeHandle<WasmGlobalObject> WasmGlobalObject::New(
   return global_obj;
 }
 
-FunctionTargetAndRef::FunctionTargetAndRef(
+FunctionTargetAndImplicitArg::FunctionTargetAndImplicitArg(
     Isolate* isolate, Handle<WasmTrustedInstanceData> target_instance_data,
     int target_func_index) {
-  ref_ = target_instance_data;
+  implicit_arg_ = target_instance_data;
   if (target_func_index <
       static_cast<int>(
           target_instance_data->module()->num_imported_functions)) {
     // The function in the target instance was imported. Load the ref from the
     // dispatch table for imports.
-    ref_ = handle(Cast<TrustedObject>(
-                      target_instance_data->dispatch_table_for_imports()->ref(
-                          target_func_index)),
-                  isolate);
+    implicit_arg_ = handle(
+        Cast<TrustedObject>(
+            target_instance_data->dispatch_table_for_imports()->implicit_arg(
+                target_func_index)),
+        isolate);
+#if V8_ENABLE_DRUMBRAKE
+    target_func_index_ = target_instance_data->imported_function_indices()->get(
+        target_func_index);
+#endif  // V8_ENABLE_DRUMBRAKE
   } else {
     // The function in the target instance was not imported.
+#if V8_ENABLE_DRUMBRAKE
+    target_func_index_ = target_func_index;
+#endif  // V8_ENABLE_DRUMBRAKE
   }
   call_target_ = target_instance_data->GetCallTarget(target_func_index);
 }
 
-void ImportedFunctionEntry::SetWasmToJs(Isolate* isolate,
-                                        DirectHandle<JSReceiver> callable,
-                                        wasm::Suspend suspend,
-                                        const wasm::FunctionSig* sig) {
+void ImportedFunctionEntry::SetGenericWasmToJs(
+    Isolate* isolate, DirectHandle<JSReceiver> callable, wasm::Suspend suspend,
+    const wasm::FunctionSig* sig) {
   Address wrapper_entry;
   if (wasm::IsJSCompatibleSignature(sig)) {
     DCHECK(
@@ -1069,43 +1149,58 @@ void ImportedFunctionEntry::SetWasmToJs(Isolate* isolate,
   TRACE_IFT("Import callable 0x%" PRIxPTR "[%d] = {callable=0x%" PRIxPTR
             ", target=0x%" PRIxPTR "}\n",
             instance_data_->ptr(), index_, callable->ptr(), wrapper_entry);
-  DirectHandle<WasmApiFunctionRef> ref =
-      isolate->factory()->NewWasmApiFunctionRef(
+  DirectHandle<WasmImportData> import_data =
+      isolate->factory()->NewWasmImportData(
           callable, suspend, instance_data_,
           wasm::SerializedSignatureHelper::SerializeSignature(isolate, sig));
-  WasmApiFunctionRef::SetImportIndexAsCallOrigin(ref, index_);
+  WasmImportData::SetImportIndexAsCallOrigin(import_data, index_);
   DisallowGarbageCollection no_gc;
 
-  instance_data_->dispatch_table_for_imports()->SetForImport(index_, *ref,
-                                                             wrapper_entry);
+  instance_data_->dispatch_table_for_imports()->SetForImport(
+      index_, *import_data, wrapper_entry);
+#if V8_ENABLE_DRUMBRAKE
+  instance_data_->imported_function_indices()->set(index_, -1);
+#endif  // V8_ENABLE_DRUMBRAKE
 }
 
-void ImportedFunctionEntry::SetWasmToJs(
+void ImportedFunctionEntry::SetCompiledWasmToJs(
     Isolate* isolate, DirectHandle<JSReceiver> callable,
     const wasm::WasmCode* wasm_to_js_wrapper, wasm::Suspend suspend,
     const wasm::FunctionSig* sig) {
   TRACE_IFT("Import callable 0x%" PRIxPTR "[%d] = {callable=0x%" PRIxPTR
             ", target=%p}\n",
             instance_data_->ptr(), index_, callable->ptr(),
-            wasm_to_js_wrapper->instructions().begin());
-  DCHECK(wasm_to_js_wrapper->kind() == wasm::WasmCode::kWasmToJsWrapper ||
+            wasm_to_js_wrapper ? nullptr
+                               : wasm_to_js_wrapper->instructions().begin());
+  DCHECK(v8_flags.wasm_jitless ||
+         wasm_to_js_wrapper->kind() == wasm::WasmCode::kWasmToJsWrapper ||
          wasm_to_js_wrapper->kind() == wasm::WasmCode::kWasmToCapiWrapper);
-  DirectHandle<WasmApiFunctionRef> ref =
-      isolate->factory()->NewWasmApiFunctionRef(
-          callable, suspend, instance_data_,
-          wasm::SerializedSignatureHelper::SerializeSignature(isolate, sig));
+  DirectHandle<WasmImportData> ref = isolate->factory()->NewWasmImportData(
+      callable, suspend, instance_data_,
+      wasm::SerializedSignatureHelper::SerializeSignature(isolate, sig));
   // The wasm-to-js wrapper is already optimized, the call_origin should never
   // be accessed.
-  ref->set_call_origin(Smi::FromInt(WasmApiFunctionRef::kInvalidCallOrigin));
+  ref->set_call_origin(Smi::FromInt(WasmImportData::kInvalidCallOrigin));
   DisallowGarbageCollection no_gc;
   Tagged<WasmDispatchTable> dispatch_table =
       instance_data_->dispatch_table_for_imports();
   dispatch_table->SetForImport(index_, *ref,
-                               wasm_to_js_wrapper->instruction_start());
+                               v8_flags.wasm_jitless
+                                   ? Address()
+                                   : wasm_to_js_wrapper->instruction_start());
+
+#if V8_ENABLE_DRUMBRAKE
+  instance_data_->imported_function_indices()->set(index_, -1);
+#endif  // V8_ENABLE_DRUMBRAKE
 }
 
 void ImportedFunctionEntry::SetWasmToWasm(
-    Tagged<WasmTrustedInstanceData> target_instance_data, Address call_target) {
+    Tagged<WasmTrustedInstanceData> target_instance_data, Address call_target
+#if V8_ENABLE_DRUMBRAKE
+    ,
+    int exported_function_index
+#endif  // V8_ENABLE_DRUMBRAKE
+) {
   TRACE_IFT("Import Wasm 0x%" PRIxPTR "[%d] = {instance_data=0x%" PRIxPTR
             ", target=0x%" PRIxPTR "}\n",
             instance_data_->ptr(), index_, target_instance_data.ptr(),
@@ -1114,22 +1209,27 @@ void ImportedFunctionEntry::SetWasmToWasm(
   Tagged<WasmDispatchTable> dispatch_table =
       instance_data_->dispatch_table_for_imports();
   dispatch_table->SetForImport(index_, target_instance_data, call_target);
+
+#if V8_ENABLE_DRUMBRAKE
+  instance_data_->imported_function_indices()->set(index_,
+                                                   exported_function_index);
+#endif  // V8_ENABLE_DRUMBRAKE
 }
 
 // Returns an empty Tagged<Object>() if no callable is available, a JSReceiver
 // otherwise.
 Tagged<Object> ImportedFunctionEntry::maybe_callable() {
-  Tagged<Object> value = object_ref();
-  if (!IsWasmApiFunctionRef(value)) return Tagged<Object>();
-  return Cast<JSReceiver>(Cast<WasmApiFunctionRef>(value)->callable());
+  Tagged<Object> data = implicit_arg();
+  if (!IsWasmImportData(data)) return Tagged<Object>();
+  return Cast<JSReceiver>(Cast<WasmImportData>(data)->callable());
 }
 
 Tagged<JSReceiver> ImportedFunctionEntry::callable() {
-  return Cast<JSReceiver>(Cast<WasmApiFunctionRef>(object_ref())->callable());
+  return Cast<JSReceiver>(Cast<WasmImportData>(implicit_arg())->callable());
 }
 
-Tagged<Object> ImportedFunctionEntry::object_ref() {
-  return instance_data_->dispatch_table_for_imports()->ref(index_);
+Tagged<Object> ImportedFunctionEntry::implicit_arg() {
+  return instance_data_->dispatch_table_for_imports()->implicit_arg(index_);
 }
 
 Address ImportedFunctionEntry::target() {
@@ -1141,10 +1241,17 @@ void ImportedFunctionEntry::set_target(Address new_target) {
                                                                  new_target);
 }
 
+#if V8_ENABLE_DRUMBRAKE
+int ImportedFunctionEntry::function_index_in_called_module() {
+  return instance_data_->imported_function_indices()->get(index_);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 // static
-constexpr std::array<uint16_t, 16> WasmTrustedInstanceData::kTaggedFieldOffsets;
+constexpr std::array<uint16_t, WasmTrustedInstanceData::kTaggedFieldsCount>
+    WasmTrustedInstanceData::kTaggedFieldOffsets;
 // static
-constexpr std::array<const char*, 16>
+constexpr std::array<const char*, WasmTrustedInstanceData::kTaggedFieldsCount>
     WasmTrustedInstanceData::kTaggedFieldNames;
 // static
 constexpr std::array<uint16_t, 6>
@@ -1190,6 +1297,32 @@ void WasmTrustedInstanceData::SetRawMemory(int memory_index, uint8_t* mem_start,
   }
 }
 
+#if V8_ENABLE_DRUMBRAKE
+Handle<Tuple2> WasmTrustedInstanceData::GetOrCreateInterpreterObject(
+    Handle<WasmInstanceObject> instance) {
+  DCHECK(v8_flags.wasm_jitless);
+  Isolate* isolate = instance->GetIsolate();
+  Handle<WasmTrustedInstanceData> trusted_data =
+      handle(instance->trusted_data(isolate), isolate);
+  if (trusted_data->has_interpreter_object()) {
+    return handle(trusted_data->interpreter_object(), isolate);
+  }
+  Handle<Tuple2> new_interpreter = WasmInterpreterObject::New(instance);
+  DCHECK(trusted_data->has_interpreter_object());
+  return new_interpreter;
+}
+
+Handle<Tuple2> WasmTrustedInstanceData::GetInterpreterObject(
+    Handle<WasmInstanceObject> instance) {
+  DCHECK(v8_flags.wasm_jitless);
+  Isolate* isolate = instance->GetIsolate();
+  Handle<WasmTrustedInstanceData> trusted_data =
+      handle(instance->trusted_data(isolate), isolate);
+  CHECK(trusted_data->has_interpreter_object());
+  return handle(trusted_data->interpreter_object(), isolate);
+}
+#endif  // V8_ENABLE_DRUMBRAKE
+
 Handle<WasmTrustedInstanceData> WasmTrustedInstanceData::New(
     Isolate* isolate, DirectHandle<WasmModuleObject> module_object,
     bool shared) {
@@ -1229,6 +1362,11 @@ Handle<WasmTrustedInstanceData> WasmTrustedInstanceData::New(
   DirectHandle<FixedUInt32Array> data_segment_sizes =
       FixedUInt32Array::New(isolate, num_data_segments);
 
+#if V8_ENABLE_DRUMBRAKE
+  Handle<FixedInt32Array> imported_function_indices =
+      FixedInt32Array::New(isolate, num_imported_functions);
+#endif  // V8_ENABLE_DRUMBRAKE
+
   static_assert(wasm::kV8MaxWasmMemories < kMaxInt / 2);
   int num_memories = static_cast<int>(module->memories.size());
   DirectHandle<FixedArray> memory_objects =
@@ -1284,6 +1422,9 @@ Handle<WasmTrustedInstanceData> WasmTrustedInstanceData::New(
     trusted_data->set_old_allocation_top_address(
         isolate->heap()->OldSpaceAllocationTopAddress());
     trusted_data->set_globals_start(empty_backing_store_buffer);
+#if V8_ENABLE_DRUMBRAKE
+    trusted_data->set_imported_function_indices(*imported_function_indices);
+#endif  // V8_ENABLE_DRUMBRAKE
     trusted_data->set_native_context(*isolate->native_context());
     trusted_data->set_jump_table_start(native_module->jump_table_start());
     trusted_data->set_hook_on_function_call_address(
@@ -1302,6 +1443,8 @@ Handle<WasmTrustedInstanceData> WasmTrustedInstanceData::New(
     trusted_data->set_memory0_size(0);
     trusted_data->set_memory_objects(*memory_objects);
     trusted_data->set_memory_bases_and_sizes(*memory_bases_and_sizes);
+    trusted_data->set_stress_deopt_counter_address(
+        ExternalReference::stress_deopt_count(isolate).address());
 
     for (int i = 0; i < num_memories; ++i) {
       memory_bases_and_sizes->set(
@@ -1375,8 +1518,10 @@ Address WasmTrustedInstanceData::GetCallTarget(uint32_t func_index) {
   if (func_index < native_module->num_imported_functions()) {
     return dispatch_table_for_imports()->target(func_index);
   }
-  return jump_table_start() +
-         JumpTableOffset(native_module->module(), func_index);
+  return v8_flags.wasm_jitless
+             ? 0
+             : jump_table_start() +
+                   JumpTableOffset(native_module->module(), func_index);
 }
 
 // static
@@ -1418,7 +1563,7 @@ bool WasmTrustedInstanceData::CopyTableEntries(
 }
 
 // static
-base::Optional<MessageTemplate> WasmTrustedInstanceData::InitTableEntries(
+std::optional<MessageTemplate> WasmTrustedInstanceData::InitTableEntries(
     Isolate* isolate, Handle<WasmTrustedInstanceData> trusted_instance_data,
     Handle<WasmTrustedInstanceData> shared_trusted_instance_data,
     uint32_t table_index, uint32_t segment_index, uint32_t dst, uint32_t src,
@@ -1434,7 +1579,7 @@ base::Optional<MessageTemplate> WasmTrustedInstanceData::InitTableEntries(
   bool table_is_shared = module->tables[table_index].shared;
   bool segment_is_shared = module->elem_segments[segment_index].shared;
 
-  Handle<WasmTableObject> table_object(
+  DirectHandle<WasmTableObject> table_object(
       Cast<WasmTableObject>((table_is_shared ? shared_trusted_instance_data
                                              : trusted_instance_data)
                                 ->tables()
@@ -1442,7 +1587,7 @@ base::Optional<MessageTemplate> WasmTrustedInstanceData::InitTableEntries(
       isolate);
 
   // If needed, try to lazily initialize the element segment.
-  base::Optional<MessageTemplate> opt_error = wasm::InitializeElementSegment(
+  std::optional<MessageTemplate> opt_error = wasm::InitializeElementSegment(
       &zone, isolate, trusted_instance_data, shared_trusted_instance_data,
       segment_index);
   if (opt_error.has_value()) return opt_error;
@@ -1492,40 +1637,35 @@ Handle<WasmFuncRef> WasmTrustedInstanceData::GetOrCreateFuncRef(
       function_index < static_cast<int>(module->num_imported_functions);
   uint32_t sig_index = module->functions[function_index].sig_index;
   const wasm::FunctionSig* sig = module->signature(sig_index);
-  DirectHandle<TrustedObject> ref =
-      is_import
-          ? direct_handle(
-                Cast<TrustedObject>(
-                    trusted_instance_data->dispatch_table_for_imports()->ref(
-                        function_index)),
-                isolate)
-          : trusted_instance_data;
+  DirectHandle<TrustedObject> implicit_arg =
+      is_import ? direct_handle(
+                      Cast<TrustedObject>(
+                          trusted_instance_data->dispatch_table_for_imports()
+                              ->implicit_arg(function_index)),
+                      isolate)
+                : trusted_instance_data;
 
   bool setup_new_ref_with_generic_wrapper = false;
-  if (v8_flags.wasm_generic_wrapper && IsWasmApiFunctionRef(*ref)) {
+  if (v8_flags.wasm_generic_wrapper && IsWasmImportData(*implicit_arg)) {
     // Only set up the generic wrapper if it is compatible with the import call
     // kind, which we compute below.
-    auto wafr = Cast<WasmApiFunctionRef>(ref);
+    auto import_data = Cast<WasmImportData>(implicit_arg);
     const wasm::WellKnownImportsList& preknown_imports =
         module->type_feedback.well_known_imports;
     uint32_t canonical_type_index =
         module->isorecursive_canonical_type_ids[sig_index];
     auto callable =
-        handle<JSReceiver>(Cast<JSReceiver>(wafr->callable()), isolate);
-    wasm::WasmImportData resolved(trusted_instance_data, function_index,
-                                  callable, sig, canonical_type_index,
-                                  preknown_imports.get(function_index));
+        handle<JSReceiver>(Cast<JSReceiver>(import_data->callable()), isolate);
+    wasm::ResolvedWasmImport resolved(trusted_instance_data, function_index,
+                                      callable, sig, canonical_type_index,
+                                      preknown_imports.get(function_index));
     setup_new_ref_with_generic_wrapper =
         UseGenericWasmToJSWrapper(resolved.kind(), sig, resolved.suspend());
   }
 
   if (setup_new_ref_with_generic_wrapper) {
-    auto wafr = Cast<WasmApiFunctionRef>(ref);
-    ref = isolate->factory()->NewWasmApiFunctionRef(
-        direct_handle(wafr->callable(), isolate),
-        static_cast<wasm::Suspend>(wafr->suspend()),
-        direct_handle(wafr->instance_data(), isolate),
-        direct_handle(wafr->sig(), isolate));
+    auto import_data = Cast<WasmImportData>(implicit_arg);
+    implicit_arg = isolate->factory()->NewWasmImportData(import_data);
   }
 
   // TODO(14034): Create funcref RTTs lazily?
@@ -1541,20 +1681,20 @@ Handle<WasmFuncRef> WasmTrustedInstanceData::GetOrCreateFuncRef(
 #endif
 
   DirectHandle<WasmInternalFunction> internal_function =
-      isolate->factory()->NewWasmInternalFunction(ref, function_index,
+      isolate->factory()->NewWasmInternalFunction(implicit_arg, function_index,
                                                   signature_hash);
   Handle<WasmFuncRef> func_ref =
       isolate->factory()->NewWasmFuncRef(internal_function, rtt);
   trusted_instance_data->func_refs()->set(function_index, *func_ref);
 
   if (setup_new_ref_with_generic_wrapper) {
-    auto wafr = Cast<WasmApiFunctionRef>(ref);
+    auto import_data = Cast<WasmImportData>(implicit_arg);
     const wasm::FunctionSig* sig = module->signature(sig_index);
     Address wrapper_entry;
     if (wasm::IsJSCompatibleSignature(sig)) {
       DCHECK(UseGenericWasmToJSWrapper(wasm::kDefaultImportCallKind, sig,
                                        wasm::Suspend::kNoSuspend));
-      WasmApiFunctionRef::SetFuncRefAsCallOrigin(wafr, func_ref);
+      WasmImportData::SetFuncRefAsCallOrigin(import_data, func_ref);
       wrapper_entry = Builtins::EntryOf(Builtin::kWasmToJsWrapperAsm, isolate);
     } else {
       wrapper_entry =
@@ -1588,16 +1728,16 @@ Handle<JSFunction> WasmInternalFunction::GetOrCreateExternal(
   }
 
   // {this} can either be:
-  // - a declared function, i.e. {ref()} is a WasmTrustedInstanceData,
-  // - or an imported callable, i.e. {ref()} is a WasmApiFunctionRef which
+  // - a declared function, i.e. {implicit_arg()} is a WasmTrustedInstanceData,
+  // - or an imported callable, i.e. {implicit_arg()} is a WasmImportData which
   //   refers to the imported instance.
   // It cannot be a JS/C API function as for those, the external function is set
   // at creation.
-  DirectHandle<TrustedObject> ref{internal->ref(), isolate};
+  DirectHandle<TrustedObject> implicit_arg{internal->implicit_arg(), isolate};
   DirectHandle<WasmTrustedInstanceData> instance_data =
-      IsWasmTrustedInstanceData(*ref)
-          ? Cast<WasmTrustedInstanceData>(ref)
-          : direct_handle(Cast<WasmApiFunctionRef>(*ref)->instance_data(),
+      IsWasmTrustedInstanceData(*implicit_arg)
+          ? Cast<WasmTrustedInstanceData>(implicit_arg)
+          : direct_handle(Cast<WasmImportData>(*implicit_arg)->instance_data(),
                           isolate);
   const WasmModule* module = instance_data->module();
   const WasmFunction& function = module->functions[internal->function_index()];
@@ -1616,6 +1756,11 @@ Handle<JSFunction> WasmInternalFunction::GetOrCreateExternal(
   if (entry.IsStrongOrWeak() && IsCodeWrapper(entry.GetHeapObject())) {
     wrapper_code = direct_handle(
         Cast<CodeWrapper>(entry.GetHeapObject())->code(isolate), isolate);
+#if V8_ENABLE_DRUMBRAKE
+  } else if (v8_flags.wasm_jitless) {
+    wrapper_code = isolate->builtins()->code_handle(
+        Builtin::kGenericJSToWasmInterpreterWrapper);
+#endif  // V8_ENABLE_DRUMBRAKE
   } else if (CanUseGenericJsToWasmWrapper(module, function.sig)) {
     wrapper_code = isolate->builtins()->code_handle(Builtin::kJSToWasmWrapper);
   } else {
@@ -1645,31 +1790,30 @@ Handle<JSFunction> WasmInternalFunction::GetOrCreateExternal(
 }
 
 // static
-void WasmApiFunctionRef::SetImportIndexAsCallOrigin(
-    DirectHandle<WasmApiFunctionRef> ref, int entry_index) {
+void WasmImportData::SetImportIndexAsCallOrigin(
+    DirectHandle<WasmImportData> ref, int entry_index) {
   ref->set_call_origin(Smi::FromInt(-entry_index - 1));
 }
 
 // static
-void WasmApiFunctionRef::SetIndexInTableAsCallOrigin(
-    DirectHandle<WasmApiFunctionRef> ref, int entry_index) {
+void WasmImportData::SetIndexInTableAsCallOrigin(
+    DirectHandle<WasmImportData> ref, int entry_index) {
   ref->set_call_origin(Smi::FromInt(entry_index + 1));
 }
 
 // static
-bool WasmApiFunctionRef::CallOriginIsImportIndex(
-    DirectHandle<Object> call_origin) {
+bool WasmImportData::CallOriginIsImportIndex(DirectHandle<Object> call_origin) {
   return Cast<Smi>(*call_origin).value() < 0;
 }
 
 // static
-bool WasmApiFunctionRef::CallOriginIsIndexInTable(
+bool WasmImportData::CallOriginIsIndexInTable(
     DirectHandle<Object> call_origin) {
   return Cast<Smi>(*call_origin).value() > 0;
 }
 
 // static
-int WasmApiFunctionRef::CallOriginAsIndex(DirectHandle<Object> call_origin) {
+int WasmImportData::CallOriginAsIndex(DirectHandle<Object> call_origin) {
   int raw_index = Cast<Smi>(*call_origin).value();
   CHECK_NE(raw_index, kInvalidCallOrigin);
   if (raw_index < 0) {
@@ -1679,8 +1823,8 @@ int WasmApiFunctionRef::CallOriginAsIndex(DirectHandle<Object> call_origin) {
 }
 
 // static
-void WasmApiFunctionRef::SetCrossInstanceTableIndexAsCallOrigin(
-    Isolate* isolate, DirectHandle<WasmApiFunctionRef> ref,
+void WasmImportData::SetCrossInstanceTableIndexAsCallOrigin(
+    Isolate* isolate, DirectHandle<WasmImportData> ref,
     DirectHandle<WasmInstanceObject> instance_object, int entry_index) {
   DirectHandle<Tuple2> tuple = isolate->factory()->NewTuple2(
       instance_object, direct_handle(Smi::FromInt(entry_index + 1), isolate),
@@ -1689,8 +1833,8 @@ void WasmApiFunctionRef::SetCrossInstanceTableIndexAsCallOrigin(
 }
 
 // static
-void WasmApiFunctionRef::SetFuncRefAsCallOrigin(
-    DirectHandle<WasmApiFunctionRef> ref, DirectHandle<WasmFuncRef> func_ref) {
+void WasmImportData::SetFuncRefAsCallOrigin(
+    DirectHandle<WasmImportData> ref, DirectHandle<WasmFuncRef> func_ref) {
   ref->set_call_origin(*func_ref);
 }
 
@@ -1728,13 +1872,12 @@ void WasmTrustedInstanceData::ImportWasmJSFunctionIntoTable(
   }
 
   wasm::NativeModule* native_module = trusted_instance_data->native_module();
-  wasm::WasmImportData resolved({}, -1, callable, sig, canonical_sig_index,
-                                wasm::WellKnownImport::kUninstantiated);
+  wasm::ResolvedWasmImport resolved({}, -1, callable, sig, canonical_sig_index,
+                                    wasm::WellKnownImport::kUninstantiated);
   wasm::ImportCallKind kind = resolved.kind();
   callable = resolved.callable();  // Update to ultimate target.
   DCHECK_NE(wasm::ImportCallKind::kLinkError, kind);
-  int num_suspender = resolved.suspend() == wasm::kSuspendWithSuspender ? 1 : 0;
-  int expected_arity = static_cast<int>(sig->parameter_count()) - num_suspender;
+  int expected_arity = static_cast<int>(sig->parameter_count());
   if (kind == wasm::ImportCallKind ::kJSFunctionArityMismatch) {
     expected_arity = Cast<JSFunction>(callable)
                          ->shared()
@@ -1777,15 +1920,20 @@ void WasmTrustedInstanceData::ImportWasmJSFunctionIntoTable(
   // Update the dispatch table.
   int sig_id = static_cast<int>(
       std::distance(module_canonical_ids.begin(), sig_in_module));
-  DirectHandle<WasmApiFunctionRef> ref =
-      isolate->factory()->NewWasmApiFunctionRef(
-          callable, suspend, trusted_instance_data,
-          wasm::SerializedSignatureHelper::SerializeSignature(
-              isolate, module->signature(sig_id)));
+  DirectHandle<WasmImportData> ref = isolate->factory()->NewWasmImportData(
+      callable, suspend, trusted_instance_data,
+      wasm::SerializedSignatureHelper::SerializeSignature(
+          isolate, module->signature(sig_id)));
 
-  WasmApiFunctionRef::SetIndexInTableAsCallOrigin(ref, entry_index);
+  WasmImportData::SetIndexInTableAsCallOrigin(ref, entry_index);
+#if !V8_ENABLE_DRUMBRAKE
   trusted_instance_data->dispatch_table(table_index)
       ->Set(entry_index, *ref, call_target, canonical_sig_index);
+#else   // !V8_ENABLE_DRUMBRAKE
+  trusted_instance_data->dispatch_table(table_index)
+      ->Set(entry_index, *ref, call_target, canonical_sig_index,
+            WasmDispatchTable::kInvalidFunctionIndex);
+#endif  // !V8_ENABLE_DRUMBRAKE
 }
 
 uint8_t* WasmTrustedInstanceData::GetGlobalStorage(
@@ -1945,35 +2093,54 @@ const wasm::FunctionSig* WasmCapiFunction::GetSignature(Zone* zone) const {
       zone, function_data->serialized_signature());
 }
 
-void WasmDispatchTable::Set(int index, Tagged<Object> ref, Address call_target,
-                            int sig_id) {
-  if (ref == Smi::zero()) {
+void WasmDispatchTable::Set(int index, Tagged<Object> implicit_arg,
+                            Address call_target, int sig_id
+#if V8_ENABLE_DRUMBRAKE
+                            ,
+                            uint32_t function_index
+#endif  // V8_ENABLE_DRUMBRAKE
+) {
+  if (implicit_arg == Smi::zero()) {
     DCHECK_EQ(kNullAddress, call_target);
     Clear(index);
     return;
   }
 
   SBXCHECK_BOUNDS(index, length());
-  DCHECK(IsWasmApiFunctionRef(ref) || IsWasmTrustedInstanceData(ref));
-  DCHECK_EQ(ref == Smi::zero(), call_target == kNullAddress);
+  DCHECK(IsWasmImportData(implicit_arg) ||
+         IsWasmTrustedInstanceData(implicit_arg));
   const int offset = OffsetOf(index);
-  WriteProtectedPointerField(offset + kRefBias, Cast<TrustedObject>(ref));
-  CONDITIONAL_WRITE_BARRIER(*this, offset + kRefBias, ref,
+  WriteProtectedPointerField(offset + kImplicitArgBias,
+                             Cast<TrustedObject>(implicit_arg));
+  CONDITIONAL_WRITE_BARRIER(*this, offset + kImplicitArgBias, implicit_arg,
                             UPDATE_WRITE_BARRIER);
-  WriteField<Address>(offset + kTargetBias, call_target);
+  if (v8_flags.wasm_jitless) {
+#if V8_ENABLE_DRUMBRAKE
+    // Ignore call_target, not used in jitless mode.
+    WriteField<int>(offset + kFunctionIndexBias, function_index);
+#endif  // V8_ENABLE_DRUMBRAKE
+  } else {
+    WriteField<Address>(offset + kTargetBias, call_target);
+  }
   WriteField<int>(offset + kSigBias, sig_id);
 }
 
-void WasmDispatchTable::SetForImport(int index, Tagged<TrustedObject> ref,
+void WasmDispatchTable::SetForImport(int index,
+                                     Tagged<TrustedObject> implicit_arg,
                                      Address call_target) {
   SBXCHECK_BOUNDS(index, length());
-  DCHECK(IsWasmApiFunctionRef(ref) || IsWasmTrustedInstanceData(ref));
-  DCHECK_NE(kNullAddress, call_target);
+  DCHECK(IsWasmImportData(implicit_arg) ||
+         IsWasmTrustedInstanceData(implicit_arg));
+  DCHECK(kNullAddress != call_target || v8_flags.wasm_jitless);
   const int offset = OffsetOf(index);
-  WriteProtectedPointerField(offset + kRefBias, Cast<TrustedObject>(ref));
-  CONDITIONAL_WRITE_BARRIER(*this, offset + kRefBias, ref,
+  WriteProtectedPointerField(offset + kImplicitArgBias,
+                             Cast<TrustedObject>(implicit_arg));
+  CONDITIONAL_WRITE_BARRIER(*this, offset + kImplicitArgBias, implicit_arg,
                             UPDATE_WRITE_BARRIER);
-  WriteField<Address>(offset + kTargetBias, call_target);
+  if (!v8_flags.wasm_jitless) {
+    // Ignore call_target, not used in jitless mode.
+    WriteField<Address>(offset + kTargetBias, call_target);
+  }
   // Leave the signature untouched, it is unused for imports.
   DCHECK_EQ(-1, ReadField<int>(offset + kSigBias));
 }
@@ -1981,15 +2148,17 @@ void WasmDispatchTable::SetForImport(int index, Tagged<TrustedObject> ref,
 void WasmDispatchTable::Clear(int index) {
   SBXCHECK_BOUNDS(index, length());
   const int offset = OffsetOf(index);
-  ClearProtectedPointerField(offset + kRefBias);
+  ClearProtectedPointerField(offset + kImplicitArgBias);
   WriteField<Address>(offset + kTargetBias, kNullAddress);
   WriteField<int>(offset + kSigBias, -1);
 }
 
 void WasmDispatchTable::SetTarget(int index, Address call_target) {
   SBXCHECK_BOUNDS(index, length());
-  const int offset = OffsetOf(index) + kTargetBias;
-  WriteField<Address>(offset, call_target);
+  if (!v8_flags.wasm_jitless) {
+    const int offset = OffsetOf(index) + kTargetBias;
+    WriteField<Address>(offset, call_target);
+  }
 }
 
 // static
@@ -2027,8 +2196,13 @@ Handle<WasmDispatchTable> WasmDispatchTable::Grow(
   // object.
   new_table->WriteField<int>(kLengthOffset, new_length);
   for (int i = 0; i < old_length; ++i) {
-    new_table->Set(i, old_table->ref(i), old_table->target(i),
-                   old_table->sig(i));
+    new_table->Set(i, old_table->implicit_arg(i), old_table->target(i),
+                   old_table->sig(i)
+#if V8_ENABLE_DRUMBRAKE
+                       ,
+                   old_table->function_index(i)
+#endif  // V8_ENABLE_DRUMBRAKE
+    );
   }
   return new_table;
 }
@@ -2164,42 +2338,6 @@ Handle<WasmContinuationObject> WasmContinuationObject::New(
   auto parent = ReadOnlyRoots(isolate).undefined_value();
   return New(isolate, stack, state, handle(parent, isolate), allocation_type);
 }
-
-// static
-Handle<WasmSuspenderObject> WasmSuspenderObject::New(Isolate* isolate) {
-  Handle<JSFunction> suspender_cons(
-      isolate->native_context()->wasm_suspender_constructor(), isolate);
-  DirectHandle<JSPromise> promise = isolate->factory()->NewJSPromise();
-  auto suspender = Cast<WasmSuspenderObject>(
-      isolate->factory()->NewJSObject(suspender_cons));
-  // Fields are pre-initialized to undefined, but undefined is not a valid value
-  // for has_js_frames (Smi), state (Smi) and promise (JSPromise). Ensure
-  // that they are initialized before the allocation below.
-  suspender->set_has_js_frames(0);
-  suspender->set_promise(*promise);
-  suspender->set_state(kInactive);
-  // Instantiate the callable object which resumes this Suspender. This will be
-  // used implicitly as the onFulfilled callback of the returned JS promise.
-  DirectHandle<WasmResumeData> resume_data =
-      isolate->factory()->NewWasmResumeData(suspender,
-                                            wasm::OnResume::kContinue);
-  Handle<SharedFunctionInfo> resume_sfi =
-      isolate->factory()->NewSharedFunctionInfoForWasmResume(resume_data);
-  Handle<Context> context(isolate->native_context());
-  DirectHandle<JSObject> resume =
-      Factory::JSFunctionBuilder{isolate, resume_sfi, context}.Build();
-
-  DirectHandle<WasmResumeData> reject_data =
-      isolate->factory()->NewWasmResumeData(suspender, wasm::OnResume::kThrow);
-  Handle<SharedFunctionInfo> reject_sfi =
-      isolate->factory()->NewSharedFunctionInfoForWasmResume(reject_data);
-  DirectHandle<JSObject> reject =
-      Factory::JSFunctionBuilder{isolate, reject_sfi, context}.Build();
-  suspender->set_resume(*resume);
-  suspender->set_reject(*reject);
-  return suspender;
-}
-
 #ifdef DEBUG
 
 namespace {
@@ -2262,9 +2400,11 @@ bool WasmExportedFunction::IsWasmExportedFunction(Tagged<Object> object) {
   Tagged<JSFunction> js_function = Cast<JSFunction>(object);
   Tagged<Code> code = js_function->code(GetIsolateForSandbox(js_function));
   if (CodeKind::JS_TO_WASM_FUNCTION != code->kind() &&
+#if V8_ENABLE_DRUMBRAKE
+      code->builtin_id() != Builtin::kGenericJSToWasmInterpreterWrapper &&
+#endif  // V8_ENABLE_DRUMBRAKE
       code->builtin_id() != Builtin::kJSToWasmWrapper &&
-      code->builtin_id() != Builtin::kWasmPromising &&
-      code->builtin_id() != Builtin::kWasmPromisingWithSuspender) {
+      code->builtin_id() != Builtin::kWasmPromising) {
     return false;
   }
   DCHECK(js_function->shared()->HasWasmExportedFunctionData());
@@ -2315,21 +2455,22 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
     DirectHandle<WasmFuncRef> func_ref,
     DirectHandle<WasmInternalFunction> internal_function, int arity,
     DirectHandle<Code> export_wrapper) {
-  DCHECK(
-      CodeKind::JS_TO_WASM_FUNCTION == export_wrapper->kind() ||
-      (export_wrapper->is_builtin() &&
-       (export_wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
-        export_wrapper->builtin_id() == Builtin::kWasmPromising ||
-        export_wrapper->builtin_id() == Builtin::kWasmPromisingWithSuspender)));
+  DCHECK(CodeKind::JS_TO_WASM_FUNCTION == export_wrapper->kind() ||
+         (export_wrapper->is_builtin() &&
+          (export_wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
+#if V8_ENABLE_DRUMBRAKE
+           export_wrapper->builtin_id() ==
+               Builtin::kGenericJSToWasmInterpreterWrapper ||
+#endif  // V8_ENABLE_DRUMBRAKE
+           export_wrapper->builtin_id() == Builtin::kWasmPromising)));
   int func_index = internal_function->function_index();
   Factory* factory = isolate->factory();
   const wasm::WasmModule* module = instance_data->module();
   const wasm::FunctionSig* sig = module->functions[func_index].sig;
   DirectHandle<Map> rtt;
   wasm::Promise promise =
-      export_wrapper->builtin_id() == Builtin::kWasmPromising ? wasm::kPromise
-      : export_wrapper->builtin_id() == Builtin::kWasmPromisingWithSuspender
-          ? wasm::kPromiseWithSuspender
+      export_wrapper->builtin_id() == Builtin::kWasmPromising
+          ? wasm::kPromise
           : wasm::kNoPromise;
   uint32_t sig_index = module->functions[func_index].sig_index;
   uint32_t canonical_type_index =
@@ -2339,6 +2480,20 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
           export_wrapper, instance_data, func_ref, internal_function, sig,
           canonical_type_index, v8_flags.wasm_wrapper_tiering_budget, promise);
 
+#if V8_ENABLE_DRUMBRAKE
+  if (v8_flags.wasm_jitless) {
+    uint32_t aligned_size =
+        wasm::WasmBytecode::JSToWasmWrapperPackedArraySize(sig);
+    bool hasRefArgs = wasm::WasmBytecode::RefArgsCount(sig) > 0;
+    bool hasRefRets = wasm::WasmBytecode::RefRetsCount(sig) > 0;
+    function_data->set_packed_args_size(
+        wasm::WasmInterpreterRuntime::PackedArgsSizeField::encode(
+            aligned_size) |
+        wasm::WasmInterpreterRuntime::HasRefArgsField::encode(hasRefArgs) |
+        wasm::WasmInterpreterRuntime::HasRefRetsField::encode(hasRefRets));
+  }
+#endif  // V8_ENABLE_DRUMBRAKE
+
   MaybeHandle<String> maybe_name;
   bool is_asm_js_module = is_asmjs_module(module);
   if (is_asm_js_module) {
@@ -2373,6 +2528,9 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
   Handle<SharedFunctionInfo> shared =
       factory->NewSharedFunctionInfoForWasmExportedFunction(name,
                                                             function_data);
+  shared->set_length(arity);
+  shared->set_internal_formal_parameter_count(JSParameterCount(arity));
+
   Handle<JSFunction> js_function =
       Factory::JSFunctionBuilder{isolate, shared, context}
           .set_map(function_map)
@@ -2381,8 +2539,6 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
   // According to the spec, exported functions should not have a [[Construct]]
   // method. This does not apply to functions exported from asm.js however.
   DCHECK_EQ(is_asm_js_module, IsConstructor(*js_function));
-  shared->set_length(arity);
-  shared->set_internal_formal_parameter_count(JSParameterCount(arity));
   if (instance_data->has_instance_object()) {
     shared->set_script(instance_data->module_object()->script(), kReleaseStore);
   } else {
@@ -2445,7 +2601,7 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
       wasm::SerializedSignatureHelper::SerializeSignature(isolate, sig);
   Factory* factory = isolate->factory();
 
-  Handle<Map> rtt;
+  DirectHandle<Map> rtt;
   Handle<NativeContext> context(isolate->native_context());
 
   uint32_t canonical_type_index =
@@ -2461,7 +2617,8 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
 
   if (maybe_canonical_map.IsStrongOrWeak() &&
       IsMap(maybe_canonical_map.GetHeapObject())) {
-    rtt = handle(Cast<Map>(maybe_canonical_map.GetHeapObject()), isolate);
+    rtt =
+        direct_handle(Cast<Map>(maybe_canonical_map.GetHeapObject()), isolate);
   } else {
     rtt = CreateFuncRefMap(isolate, Handle<Map>());
     canonical_rtts->Set(canonical_type_index, MakeWeak(*rtt));
@@ -2493,36 +2650,45 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
     internal_function->set_call_target(
         Builtins::EntryOf(Builtin::kWasmToJsWrapperAsm, isolate));
   } else {
-    int suspender_count = suspend == wasm::kSuspendWithSuspender ? 1 : 0;
-    int expected_arity = parameter_count - suspender_count;
+    int expected_arity = parameter_count;
     wasm::ImportCallKind kind = wasm::kDefaultImportCallKind;
     if (IsJSFunction(*callable)) {
       Tagged<SharedFunctionInfo> shared = Cast<JSFunction>(callable)->shared();
       expected_arity =
           shared->internal_formal_parameter_count_without_receiver();
-      if (expected_arity != parameter_count - suspender_count) {
+      if (expected_arity != parameter_count) {
         kind = wasm::ImportCallKind::kJSFunctionArityMismatch;
       }
     }
     // TODO(wasm): Think about caching and sharing the wasm-to-JS wrappers per
     // signature instead of compiling a new one for every instantiation.
-    if (UseGenericWasmToJSWrapper(kind, sig, suspend)) {
-      internal_function->set_call_target(
-          Builtins::EntryOf(Builtin::kWasmToJsWrapperAsm, isolate));
+#if V8_ENABLE_DRUMBRAKE
+    if (v8_flags.wasm_jitless) {
+      function_data->func_ref()->internal(isolate)->set_call_target(
+          Builtins::EntryOf(Builtin::kGenericWasmToJSInterpreterWrapper,
+                            isolate));
     } else {
-      // The Code object can be moved during compaction, so do not store a
-      // call_target directly but load the target from the code object at
-      // runtime.
-      DirectHandle<Code> wrapper_code =
-          compiler::CompileWasmToJSWrapper(isolate, nullptr, sig, kind,
-                                           expected_arity, suspend)
-              .ToHandleChecked();
-      DirectHandle<WasmApiFunctionRef> api_function_ref{
-          Cast<WasmApiFunctionRef>(internal_function->ref()), isolate};
-      api_function_ref->set_code(*wrapper_code);
-      internal_function->set_call_target(
-          Builtins::EntryOf(Builtin::kWasmToOnHeapWasmToJsTrampoline, isolate));
+#endif  // V8_ENABLE_DRUMBRAKE
+      if (UseGenericWasmToJSWrapper(kind, sig, suspend)) {
+        internal_function->set_call_target(
+            Builtins::EntryOf(Builtin::kWasmToJsWrapperAsm, isolate));
+      } else {
+        // The Code object can be moved during compaction, so do not store a
+        // call_target directly but load the target from the code object at
+        // runtime.
+        DirectHandle<Code> wrapper_code =
+            compiler::CompileWasmToJSWrapper(isolate, nullptr, sig, kind,
+                                             expected_arity, suspend)
+                .ToHandleChecked();
+        DirectHandle<WasmImportData> import_data{
+            Cast<WasmImportData>(internal_function->implicit_arg()), isolate};
+        import_data->set_code(*wrapper_code);
+        internal_function->set_call_target(Builtins::EntryOf(
+            Builtin::kWasmToOnHeapWasmToJsTrampoline, isolate));
+      }
+#if V8_ENABLE_DRUMBRAKE
     }
+#endif  // V8_ENABLE_DRUMBRAKE
   }
 
   Handle<String> name = factory->Function_string();
@@ -2532,24 +2698,24 @@ Handle<WasmJSFunction> WasmJSFunction::New(Isolate* isolate,
   }
   Handle<SharedFunctionInfo> shared =
       factory->NewSharedFunctionInfoForWasmJSFunction(name, function_data);
+  shared->set_internal_formal_parameter_count(
+      JSParameterCount(parameter_count));
   Handle<JSFunction> js_function =
       Factory::JSFunctionBuilder{isolate, shared, context}
           .set_map(isolate->wasm_exported_function_map())
           .Build();
-  js_function->shared()->set_internal_formal_parameter_count(
-      JSParameterCount(parameter_count));
   internal_function->set_external(*js_function);
   return Cast<WasmJSFunction>(js_function);
 }
 
 Tagged<JSReceiver> WasmJSFunctionData::GetCallable() const {
   return Cast<JSReceiver>(
-      Cast<WasmApiFunctionRef>(internal()->ref())->callable());
+      Cast<WasmImportData>(internal()->implicit_arg())->callable());
 }
 
 wasm::Suspend WasmJSFunctionData::GetSuspend() const {
   return static_cast<wasm::Suspend>(
-      Cast<WasmApiFunctionRef>(internal()->ref())->suspend());
+      Cast<WasmImportData>(internal()->implicit_arg())->suspend());
 }
 
 const wasm::FunctionSig* WasmJSFunctionData::GetSignature() const {
diff --git a/deps/v8/src/wasm/wasm-objects.h b/deps/v8/src/wasm/wasm-objects.h
index aaa4e7df128063..14bbb4acfec95e 100644
--- a/deps/v8/src/wasm/wasm-objects.h
+++ b/deps/v8/src/wasm/wasm-objects.h
@@ -10,6 +10,7 @@
 #define V8_WASM_WASM_OBJECTS_H_
 
 #include <memory>
+#include <optional>
 
 #include "src/base/bit-field.h"
 #include "src/debug/interface-types.h"
@@ -72,18 +73,26 @@ class TrustedManaged;
   DECL_GETTER(has_##name, bool)             \
   DECL_ACCESSORS(name, type)
 
-class V8_EXPORT_PRIVATE FunctionTargetAndRef {
+class V8_EXPORT_PRIVATE FunctionTargetAndImplicitArg {
  public:
-  FunctionTargetAndRef(Isolate* isolate,
-                       Handle<WasmTrustedInstanceData> target_instance_data,
-                       int target_func_index);
-  // The "ref" will be a WasmTrustedInstanceData or a WasmApiFunctionRef.
-  Handle<TrustedObject> ref() { return ref_; }
+  FunctionTargetAndImplicitArg(
+      Isolate* isolate, Handle<WasmTrustedInstanceData> target_instance_data,
+      int target_func_index);
+  // The "implicit_arg" will be a WasmTrustedInstanceData or a WasmImportData.
+  Handle<TrustedObject> implicit_arg() { return implicit_arg_; }
   Address call_target() { return call_target_; }
 
+#if V8_ENABLE_DRUMBRAKE
+  int target_func_index() { return target_func_index_; }
+#endif  // V8_ENABLE_DRUMBRAKE
+
  private:
-  Handle<TrustedObject> ref_;
+  Handle<TrustedObject> implicit_arg_;
   Address call_target_;
+
+#if V8_ENABLE_DRUMBRAKE
+  int target_func_index_;
+#endif  // V8_ENABLE_DRUMBRAKE
 };
 
 namespace wasm {
@@ -95,7 +104,7 @@ enum class OnResume : int { kContinue, kThrow };
 // call imported functions at runtime.
 // Each entry is either:
 //   - Wasm to JS, which has fields
-//      - object = a WasmApiFunctionRef
+//      - object = a WasmImportData
 //      - target = entrypoint to import wrapper code
 //   - Wasm to Wasm, which has fields
 //      - object = target instance data
@@ -107,25 +116,33 @@ class ImportedFunctionEntry {
   inline ImportedFunctionEntry(Handle<WasmTrustedInstanceData>, int index);
 
   // Initialize this entry as a Wasm to JS call. This accepts the isolate as a
-  // parameter, since it must allocate a tuple.
-  void SetWasmToJs(Isolate*, DirectHandle<JSReceiver> callable,
-                   wasm::Suspend suspend, const wasm::FunctionSig* sig);
-  V8_EXPORT_PRIVATE void SetWasmToJs(Isolate*,
-                                     DirectHandle<JSReceiver> callable,
-                                     const wasm::WasmCode* wasm_to_js_wrapper,
-                                     wasm::Suspend suspend,
-                                     const wasm::FunctionSig* sig);
+  // parameter since it allocates a WasmImportData.
+  void SetGenericWasmToJs(Isolate*, DirectHandle<JSReceiver> callable,
+                          wasm::Suspend suspend, const wasm::FunctionSig* sig);
+  V8_EXPORT_PRIVATE void SetCompiledWasmToJs(
+      Isolate*, DirectHandle<JSReceiver> callable,
+      const wasm::WasmCode* wasm_to_js_wrapper, wasm::Suspend suspend,
+      const wasm::FunctionSig* sig);
 
   // Initialize this entry as a Wasm to Wasm call.
-  void SetWasmToWasm(Tagged<WasmTrustedInstanceData> target_instance_data,
-                     Address call_target);
+  void SetWasmToWasm(Tagged<WasmTrustedInstanceData> target_instance_object,
+                     Address call_target
+#if V8_ENABLE_DRUMBRAKE
+                     ,
+                     int exported_function_index
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
 
   Tagged<JSReceiver> callable();
   Tagged<Object> maybe_callable();
-  Tagged<Object> object_ref();
+  Tagged<Object> implicit_arg();
   Address target();
   void set_target(Address new_target);
 
+#if V8_ENABLE_DRUMBRAKE
+  int function_index_in_called_module();
+#endif  // V8_ENABLE_DRUMBRAKE
+
  private:
   Handle<WasmTrustedInstanceData> const instance_data_;
   int const index_;
@@ -201,7 +218,7 @@ class WasmTableObject
   DECL_TRUSTED_POINTER_ACCESSORS(trusted_data, WasmTrustedInstanceData)
 
   V8_EXPORT_PRIVATE static int Grow(Isolate* isolate,
-                                    Handle<WasmTableObject> table,
+                                    DirectHandle<WasmTableObject> table,
                                     uint32_t count,
                                     DirectHandle<Object> init_value);
 
@@ -238,7 +255,7 @@ class WasmTableObject
       Isolate* isolate, DirectHandle<WasmTableObject> table, uint32_t index);
 
   V8_EXPORT_PRIVATE static void Fill(Isolate* isolate,
-                                     Handle<WasmTableObject> table,
+                                     DirectHandle<WasmTableObject> table,
                                      uint32_t start, DirectHandle<Object> entry,
                                      uint32_t count);
 
@@ -246,7 +263,12 @@ class WasmTableObject
   static void UpdateDispatchTables(
       Isolate* isolate, DirectHandle<WasmTableObject> table, int entry_index,
       const wasm::WasmFunction* func,
-      DirectHandle<WasmTrustedInstanceData> target_instance);
+      DirectHandle<WasmTrustedInstanceData> target_instance
+#if V8_ENABLE_DRUMBRAKE
+      ,
+      int target_func_index
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
   static void UpdateDispatchTables(Isolate* isolate,
                                    DirectHandle<WasmTableObject> table,
                                    int entry_index,
@@ -374,6 +396,9 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   DECL_OPTIONAL_ACCESSORS(instance_object, Tagged<WasmInstanceObject>)
   DECL_ACCESSORS(native_context, Tagged<Context>)
   DECL_ACCESSORS(memory_objects, Tagged<FixedArray>)
+#if V8_ENABLE_DRUMBRAKE
+  DECL_OPTIONAL_ACCESSORS(interpreter_object, Tagged<Tuple2>)
+#endif  // V8_ENABLE_DRUMBRAKE
   DECL_OPTIONAL_ACCESSORS(untagged_globals_buffer, Tagged<JSArrayBuffer>)
   DECL_OPTIONAL_ACCESSORS(tagged_globals_buffer, Tagged<FixedArray>)
   DECL_OPTIONAL_ACCESSORS(imported_mutable_globals_buffers, Tagged<FixedArray>)
@@ -382,6 +407,12 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   DECL_PROTECTED_POINTER_ACCESSORS(dispatch_table_for_imports,
                                    WasmDispatchTable)
   DECL_ACCESSORS(imported_mutable_globals, Tagged<FixedAddressArray>)
+#if V8_ENABLE_DRUMBRAKE
+  // Points to an array that contains the function index for each imported Wasm
+  // function. This is required to call imported functions from the Wasm
+  // interpreter.
+  DECL_ACCESSORS(imported_function_indices, Tagged<FixedInt32Array>)
+#endif  // V8_ENABLE_DRUMBRAKE
   DECL_PROTECTED_POINTER_ACCESSORS(shared_part, WasmTrustedInstanceData)
   DECL_PROTECTED_POINTER_ACCESSORS(dispatch_table0, WasmDispatchTable)
   DECL_PROTECTED_POINTER_ACCESSORS(dispatch_tables, ProtectedFixedArray)
@@ -408,6 +439,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   DECL_ACCESSORS(data_segment_sizes, Tagged<FixedUInt32Array>)
   DECL_ACCESSORS(element_segments, Tagged<FixedArray>)
   DECL_PRIMITIVE_ACCESSORS(break_on_entry, uint8_t)
+  DECL_PRIMITIVE_ACCESSORS(stress_deopt_counter_address, Address)
 
   // Clear uninitialized padding space. This ensures that the snapshot content
   // is deterministic. Depending on the V8 build mode there could be no padding.
@@ -433,6 +465,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   V(kProtectedDispatchTable0Offset, kTaggedSize)                          \
   V(kProtectedDispatchTableForImportsOffset, kTaggedSize)                 \
   V(kImportedMutableGlobalsOffset, kTaggedSize)                           \
+  IF_WASM_DRUMBRAKE(V, kImportedFunctionIndicesOffset, kTaggedSize)       \
   /* Optional padding to align system pointer size fields */              \
   V(kOptionalPaddingOffset, POINTER_SIZE_PADDING(kOptionalPaddingOffset)) \
   V(kMemory0StartOffset, kSystemPointerSize)                              \
@@ -447,6 +480,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   V(kOldAllocationTopAddressOffset, kSystemPointerSize)                   \
   V(kHookOnFunctionCallAddressOffset, kSystemPointerSize)                 \
   V(kTieringBudgetArrayOffset, kSystemPointerSize)                        \
+  V(kStressDeoptCounterOffset, kSystemPointerSize)                        \
   /* Less than system pointer size aligned fields are below. */           \
   V(kProtectedMemoryBasesAndSizesOffset, kTaggedSize)                     \
   V(kDataSegmentStartsOffset, kTaggedSize)                                \
@@ -459,6 +493,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   V(kUntaggedGlobalsBufferOffset, kTaggedSize)                            \
   V(kTaggedGlobalsBufferOffset, kTaggedSize)                              \
   V(kImportedMutableGlobalsBuffersOffset, kTaggedSize)                    \
+  IF_WASM_DRUMBRAKE(V, kInterpreterObjectOffset, kTaggedSize)             \
   V(kTablesOffset, kTaggedSize)                                           \
   V(kProtectedDispatchTablesOffset, kTaggedSize)                          \
   V(kTagsTableOffset, kTaggedSize)                                        \
@@ -496,6 +531,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   V(kUntaggedGlobalsBufferOffset, "untagged_globals_buffer")                  \
   V(kTaggedGlobalsBufferOffset, "tagged_globals_buffer")                      \
   V(kImportedMutableGlobalsBuffersOffset, "imported_mutable_globals_buffers") \
+  IF_WASM_DRUMBRAKE(V, kInterpreterObjectOffset, "interpreter_object")        \
   V(kTablesOffset, "tables")                                                  \
   V(kTagsTableOffset, "tags_table")                                           \
   V(kFuncRefsOffset, "func_refs")                                             \
@@ -503,6 +539,8 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   V(kFeedbackVectorsOffset, "feedback_vectors")                               \
   V(kWellKnownImportsOffset, "well_known_imports")                            \
   V(kImportedMutableGlobalsOffset, "imported_mutable_globals")                \
+  IF_WASM_DRUMBRAKE(V, kImportedFunctionIndicesOffset,                        \
+                    "imported_function_indices")                              \
   V(kDataSegmentStartsOffset, "data_segment_starts")                          \
   V(kDataSegmentSizesOffset, "data_segment_sizes")                            \
   V(kElementSegmentsOffset, "element_segments")
@@ -517,10 +555,20 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
 #define WASM_INSTANCE_FIELD_OFFSET(offset, _) offset,
 #define WASM_INSTANCE_FIELD_NAME(_, name) name,
 
-  static constexpr std::array<uint16_t, 16> kTaggedFieldOffsets = {
-      WASM_TAGGED_INSTANCE_DATA_FIELDS(WASM_INSTANCE_FIELD_OFFSET)};
-  static constexpr std::array<const char*, 16> kTaggedFieldNames = {
-      WASM_TAGGED_INSTANCE_DATA_FIELDS(WASM_INSTANCE_FIELD_NAME)};
+#if V8_ENABLE_DRUMBRAKE
+  static constexpr size_t kWasmInterpreterAdditionalFields = 2;
+#else
+  static constexpr size_t kWasmInterpreterAdditionalFields = 0;
+#endif  // V8_ENABLE_DRUMBRAKE
+  static constexpr size_t kTaggedFieldsCount =
+      16 + kWasmInterpreterAdditionalFields;
+
+  static constexpr std::array<uint16_t, kTaggedFieldsCount>
+      kTaggedFieldOffsets = {
+          WASM_TAGGED_INSTANCE_DATA_FIELDS(WASM_INSTANCE_FIELD_OFFSET)};
+  static constexpr std::array<const char*, kTaggedFieldsCount>
+      kTaggedFieldNames = {
+          WASM_TAGGED_INSTANCE_DATA_FIELDS(WASM_INSTANCE_FIELD_NAME)};
   static constexpr std::array<uint16_t, 6> kProtectedFieldOffsets = {
       WASM_PROTECTED_INSTANCE_DATA_FIELDS(WASM_INSTANCE_FIELD_OFFSET)};
   static constexpr std::array<const char*, 6> kProtectedFieldNames = {
@@ -543,6 +591,14 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
 
   void SetRawMemory(int memory_index, uint8_t* mem_start, size_t mem_size);
 
+#if V8_ENABLE_DRUMBRAKE
+  // Get the interpreter object associated with the given wasm object.
+  // If no interpreter object exists yet, it is created automatically.
+  static Handle<Tuple2> GetOrCreateInterpreterObject(
+      Handle<WasmInstanceObject>);
+  static Handle<Tuple2> GetInterpreterObject(Handle<WasmInstanceObject>);
+#endif  // V8_ENABLE_DRUMBRAKE
+
   static Handle<WasmTrustedInstanceData> New(Isolate*,
                                              DirectHandle<WasmModuleObject>,
                                              bool shared);
@@ -562,7 +618,7 @@ class V8_EXPORT_PRIVATE WasmTrustedInstanceData : public ExposedTrustedObject {
   // Loads a range of elements from element segment into a table.
   // Returns the empty {Optional} if the operation succeeds, or an {Optional}
   // with the error {MessageTemplate} if it fails.
-  static base::Optional<MessageTemplate> InitTableEntries(
+  static std::optional<MessageTemplate> InitTableEntries(
       Isolate* isolate, Handle<WasmTrustedInstanceData> trusted_instance_data,
       Handle<WasmTrustedInstanceData> shared_trusted_instance_data,
       uint32_t table_index, uint32_t segment_index, uint32_t dst, uint32_t src,
@@ -650,10 +706,11 @@ class WasmTagObject
 // The dispatch table is referenced from a WasmTableObject and from every
 // WasmTrustedInstanceData which uses the table. It is used from generated code
 // for executing indirect calls.
-// The WasmDispatchTable lives in trusted space and holds tuples of
-// <ref, target, sig>.
 class WasmDispatchTable : public TrustedObject {
  public:
+#if V8_ENABLE_DRUMBRAKE
+  static const uint32_t kInvalidFunctionIndex = UINT_MAX;
+#endif  // V8_ENABLE_DRUMBRAKE
   class BodyDescriptor;
 
   static constexpr size_t kLengthOffset = kHeaderSize;
@@ -662,11 +719,19 @@ class WasmDispatchTable : public TrustedObject {
 
   // Entries consist of
   // - target (pointer)
-  // - ref (protected pointer, tagged sized)
+#if V8_ENABLE_DRUMBRAKE
+  // - function_index (uint32_t) (located in place of target pointer).
+#endif  // V8_ENABLE_DRUMBRAKE
+  // - implicit_arg (protected pointer, tagged sized)
   // - sig (int32_t); unused for imports which check the signature statically.
   static constexpr size_t kTargetBias = 0;
-  static constexpr size_t kRefBias = kTargetBias + kSystemPointerSize;
-  static constexpr size_t kSigBias = kRefBias + kTaggedSize;
+#if V8_ENABLE_DRUMBRAKE
+  // In jitless mode, reuse the 'target' field storage to hold the (uint32_t)
+  // function index.
+  static constexpr size_t kFunctionIndexBias = kTargetBias;
+#endif  // V8_ENABLE_DRUMBRAKE
+  static constexpr size_t kImplicitArgBias = kTargetBias + kSystemPointerSize;
+  static constexpr size_t kSigBias = kImplicitArgBias + kTaggedSize;
   static constexpr size_t kEntryPaddingOffset = kSigBias + kInt32Size;
   static constexpr size_t kEntryPaddingBytes =
       kEntryPaddingOffset % kTaggedSize;
@@ -677,7 +742,7 @@ class WasmDispatchTable : public TrustedObject {
   static_assert(IsAligned(kEntriesOffset, kTaggedSize));
   static_assert(IsAligned(kEntrySize, kTaggedSize));
   static_assert(IsAligned(kTargetBias, kTaggedSize));
-  static_assert(IsAligned(kRefBias, kTaggedSize));
+  static_assert(IsAligned(kImplicitArgBias, kTaggedSize));
 
   // TODO(clemensb): If we ever enable allocation alignment we will needs to add
   // more padding to make the "target" fields system-pointer-size aligned.
@@ -708,21 +773,31 @@ class WasmDispatchTable : public TrustedObject {
   inline int capacity() const;
 
   // Accessors.
-  // {ref} will be a WasmApiFunctionRef, a WasmInstanceObject, or Smi::zero()
-  // (if the entry was cleared).
-  inline Tagged<Object> ref(int index) const;
+  // {implicit_arg} will be a WasmImportData, a WasmTrustedInstanceData, or
+  // Smi::zero() (if the entry was cleared).
+  inline Tagged<Object> implicit_arg(int index) const;
   inline Address target(int index) const;
   inline int sig(int index) const;
 
   // Set an entry for indirect calls.
-  // {ref} has to be a WasmApiFunctionRef, a WasmInstanceObject, or Smi::zero().
-  void V8_EXPORT_PRIVATE Set(int index, Tagged<Object> ref, Address call_target,
-                             int sig_id);
+  // {implicit_arg} has to be a WasmImportData, a WasmTrustedInstanceData, or
+  // Smi::zero().
+  void V8_EXPORT_PRIVATE Set(int index, Tagged<Object> implicit_arg,
+                             Address call_target, int sig_id
+#if V8_ENABLE_DRUMBRAKE
+                             ,
+                             uint32_t function_index
+#endif  // V8_ENABLE_DRUMBRAKE
+  );
+#if V8_ENABLE_DRUMBRAKE
+  inline uint32_t function_index(int index) const;
+#endif  // V8_ENABLE_DRUMBRAKE
 
   // Set an entry for an import. We check signatures statically there, so the
   // signature is not updated in the dispatch table.
-  // {ref} has to be a WasmApiFunctionRef or a WasmInstanceObject.
-  void V8_EXPORT_PRIVATE SetForImport(int index, Tagged<TrustedObject> ref,
+  // {implicit_arg} has to be a WasmImportData or a WasmTrustedInstanceData.
+  void V8_EXPORT_PRIVATE SetForImport(int index,
+                                      Tagged<TrustedObject> implicit_arg,
                                       Address call_target);
 
   void Clear(int index);
@@ -905,12 +980,11 @@ class WasmExportedFunctionData
   TQ_OBJECT_CONSTRUCTORS(WasmExportedFunctionData)
 };
 
-class WasmApiFunctionRef
-    : public TorqueGeneratedWasmApiFunctionRef<WasmApiFunctionRef,
-                                               TrustedObject> {
+class WasmImportData
+    : public TorqueGeneratedWasmImportData<WasmImportData, TrustedObject> {
  public:
   // Dispatched behavior.
-  DECL_PRINTER(WasmApiFunctionRef)
+  DECL_PRINTER(WasmImportData)
 
   DECL_CODE_POINTER_ACCESSORS(code)
 
@@ -918,7 +992,7 @@ class WasmApiFunctionRef
 
   static constexpr int kInvalidCallOrigin = 0;
 
-  static void SetImportIndexAsCallOrigin(DirectHandle<WasmApiFunctionRef> ref,
+  static void SetImportIndexAsCallOrigin(DirectHandle<WasmImportData> ref,
                                          int entry_index);
 
   static bool CallOriginIsImportIndex(DirectHandle<Object> call_origin);
@@ -927,22 +1001,22 @@ class WasmApiFunctionRef
 
   static int CallOriginAsIndex(DirectHandle<Object> call_origin);
 
-  static void SetIndexInTableAsCallOrigin(DirectHandle<WasmApiFunctionRef> ref,
+  static void SetIndexInTableAsCallOrigin(DirectHandle<WasmImportData> ref,
                                           int entry_index);
 
   static void SetCrossInstanceTableIndexAsCallOrigin(
-      Isolate* isolate, DirectHandle<WasmApiFunctionRef> ref,
+      Isolate* isolate, DirectHandle<WasmImportData> ref,
       DirectHandle<WasmInstanceObject> instance_object, int entry_index);
 
-  static void SetFuncRefAsCallOrigin(DirectHandle<WasmApiFunctionRef> ref,
+  static void SetFuncRefAsCallOrigin(DirectHandle<WasmImportData> ref,
                                      DirectHandle<WasmFuncRef> func_ref);
 
   using BodyDescriptor =
-      StackedBodyDescriptor<FixedBodyDescriptorFor<WasmApiFunctionRef>,
+      StackedBodyDescriptor<FixedBodyDescriptorFor<WasmImportData>,
                             WithProtectedPointer<kProtectedInstanceDataOffset>,
                             WithStrongCodePointer<kCodeOffset>>;
 
-  TQ_OBJECT_CONSTRUCTORS(WasmApiFunctionRef)
+  TQ_OBJECT_CONSTRUCTORS(WasmImportData)
 };
 
 class WasmInternalFunction
@@ -956,7 +1030,7 @@ class WasmInternalFunction
   V8_EXPORT_PRIVATE static Handle<JSFunction> GetOrCreateExternal(
       DirectHandle<WasmInternalFunction> internal);
 
-  DECL_PROTECTED_POINTER_ACCESSORS(ref, TrustedObject)
+  DECL_PROTECTED_POINTER_ACCESSORS(implicit_arg, TrustedObject)
 
   // Dispatched behavior.
   DECL_PRINTER(WasmInternalFunction)
@@ -964,7 +1038,7 @@ class WasmInternalFunction
   using BodyDescriptor = StackedBodyDescriptor<
       FixedExposedTrustedObjectBodyDescriptor<
           WasmInternalFunction, kWasmInternalFunctionIndirectPointerTag>,
-      WithProtectedPointer<kProtectedRefOffset>>;
+      WithProtectedPointer<kProtectedImplicitArgOffset>>;
 
   TQ_OBJECT_CONSTRUCTORS(WasmInternalFunction)
 };
@@ -1040,9 +1114,9 @@ class WasmScript : public AllStatic {
   // location inside the same function.
   // If it points outside a function, or behind the last breakable location,
   // this function returns false and does not set any breakpoint.
-  V8_EXPORT_PRIVATE static bool SetBreakPoint(DirectHandle<Script>,
-                                              int* position,
-                                              Handle<BreakPoint> break_point);
+  V8_EXPORT_PRIVATE static bool SetBreakPoint(
+      DirectHandle<Script>, int* position,
+      DirectHandle<BreakPoint> break_point);
 
   // Set an "on entry" breakpoint (a.k.a. instrumentation breakpoint) inside
   // the given module. This will affect all live and future instances of the
@@ -1054,7 +1128,8 @@ class WasmScript : public AllStatic {
   // inside the given module. This will affect all live and future instances of
   // the module.
   V8_EXPORT_PRIVATE static bool SetBreakPointOnFirstBreakableForFunction(
-      DirectHandle<Script>, int function_index, Handle<BreakPoint> break_point);
+      DirectHandle<Script>, int function_index,
+      DirectHandle<BreakPoint> break_point);
 
   // Set a breakpoint at the breakable offset of the given function index
   // inside the given module. This will affect all live and future instances of
@@ -1268,10 +1343,11 @@ class WasmContinuationObject
 // The suspender object provides an API to suspend and resume wasm code using
 // promises. See: https://github.com/WebAssembly/js-promise-integration.
 class WasmSuspenderObject
-    : public TorqueGeneratedWasmSuspenderObject<WasmSuspenderObject, JSObject> {
+    : public TorqueGeneratedWasmSuspenderObject<WasmSuspenderObject,
+                                                HeapObject> {
  public:
+  using BodyDescriptor = FixedBodyDescriptorFor<WasmSuspenderObject>;
   enum State : int { kInactive = 0, kActive, kSuspended };
-  static Handle<WasmSuspenderObject> New(Isolate* isolate);
   DECL_PRINTER(WasmSuspenderObject)
   TQ_OBJECT_CONSTRUCTORS(WasmSuspenderObject)
 };
diff --git a/deps/v8/src/wasm/wasm-objects.tq b/deps/v8/src/wasm/wasm-objects.tq
index fe6cbe21ef8432..91f2cedcb46380 100644
--- a/deps/v8/src/wasm/wasm-objects.tq
+++ b/deps/v8/src/wasm/wasm-objects.tq
@@ -2,6 +2,9 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+// For wasm::FunctionSig.
+#include "src/wasm/value-type.h"
+
 @useParentTypeChecker
 type PodArrayOfWasmValueType extends ByteArray
     constexpr 'PodArray<wasm::ValueType>';
@@ -9,23 +12,23 @@ type PodArrayOfWasmValueType extends ByteArray
 type ManagedWasmNativeModule extends Foreign
     constexpr 'Managed<wasm::NativeModule>';
 
+type RawFunctionSigPtr extends RawPtr constexpr 'const wasm::FunctionSig*';
+
 // Trusted instance data, exposed via WasmInstanceObject::trusted_data.
 extern class WasmTrustedInstanceData extends ExposedTrustedObject;
 
 extern class WasmInstanceObject extends JSObject {
-  @if(V8_ENABLE_SANDBOX) trusted_data:
-      IndirectPointer<WasmTrustedInstanceData>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_data: WasmTrustedInstanceData;
+  trusted_data: TrustedPointer<WasmTrustedInstanceData>;
   module_object: WasmModuleObject;
   exports_object: JSObject;
 }
 
-// Represents the context of a function that is defined through the JS or C
-// APIs. Corresponds to the WasmInstanceObject passed to a Wasm function
-// reference.
-extern class WasmApiFunctionRef extends TrustedObject {
-  // Present when compiling JSFastApiCall wrappers, needed
-  // to load memory start/size fields.
+// The WasmImportData is passed to non-wasm imports in place of the
+// WasmTrustedInstanceData.
+extern class WasmImportData extends TrustedObject {
+  // The instance data is used to load memory start/size for fast API calls, and
+  // for tier-up of wasm-to-js wrappers.
+  // Use the '.instance_data' macro to read this from torque code.
   protected_instance_data: ProtectedPointer<WasmTrustedInstanceData>;
   native_context: NativeContext;
   callable: JSReceiver|Undefined;
@@ -35,12 +38,11 @@ extern class WasmApiFunctionRef extends TrustedObject {
   // The signature is needed for the generic wasm-to-js wrapper.
   sig: PodArrayOfWasmValueType;
   // This field is used by the WasmToOnHeapWasmToJSTrampoline.
-  @if(V8_ENABLE_SANDBOX) code: IndirectPointer<Code>;
-  @ifnot(V8_ENABLE_SANDBOX) code: Code;
+  code: TrustedPointer<Code>;
 }
 
-extern operator '.instance_data' macro LoadInstanceDataFromWasmApiFunctionRef(
-    WasmApiFunctionRef): WasmTrustedInstanceData|Smi;
+extern operator '.instance_data' macro LoadInstanceDataFromWasmImportData(
+    WasmImportData): WasmTrustedInstanceData|Smi;
 
 class WasmFastApiCallData extends HeapObject {
   signature: HeapObject;
@@ -51,16 +53,18 @@ class WasmFastApiCallData extends HeapObject {
 // This is the representation that is used internally by wasm to represent
 // function references. It is "exposed" via the WasmFuncRef.
 extern class WasmInternalFunction extends ExposedTrustedObject {
-  // This is the "reference" value that must be passed along in the "instance"
-  // register when calling the given function. It is either the target instance
-  // data (for wasm functions), or a WasmApiFunctionRef object (for functions
-  // defined through the JS or C APIs). For imported functions, this value
-  // equals the respective entry in the module's imported_function_refs array.
-  // Torque code should use the '.ref' macro to access the value.
-  protected_ref: ProtectedPointer<WasmTrustedInstanceData|WasmApiFunctionRef>;
+  // This is the implicit first argument that must be passed along in the
+  // "instance" register when calling the given function. It is either the
+  // target instance data (for wasm functions), or a WasmImportData object (for
+  // non-wasm imports). For imported functions, this value equals the respective
+  // entry in the module's dispatch_table_for_imports.
+  // Torque code should use the '.implicit_arg' macro to access the value.
+  protected_implicit_arg:
+      ProtectedPointer<WasmTrustedInstanceData|WasmImportData>;
   // The external (JS) representation of this function reference.
   external: JSFunction|Undefined;
-  // The function index if ref is a WasmTrustedInstanceData, -1 otherwise.
+  // The function index if implicit_arg is a WasmTrustedInstanceData, -1
+  // otherwise.
   function_index: Smi;
   // The call target, stored as raw pointer in this trusted object.
   call_target: RawPtr;
@@ -71,16 +75,14 @@ extern class WasmInternalFunction extends ExposedTrustedObject {
   @if(V8_ENABLE_SANDBOX) signature_hash: uintptr;
 }
 
-extern operator '.ref' macro LoadRefFromWasmInternalFunction(
-    WasmInternalFunction): WasmTrustedInstanceData|WasmApiFunctionRef;
+extern operator '.implicit_arg' macro LoadImplicitArgFromWasmInternalFunction(
+    WasmInternalFunction): WasmTrustedInstanceData|WasmImportData;
 
 // WasmFuncRef is the type of function references. They are stored on-heap and
 // link to a WasmInternalFunction which contains the actual information.
 extern class WasmFuncRef extends HeapObject {
   // Note: Torque code uses the '.internal' macro below to access the reference.
-  @if(V8_ENABLE_SANDBOX) trusted_internal:
-      IndirectPointer<WasmInternalFunction>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_internal: WasmInternalFunction;
+  trusted_internal: TrustedPointer<WasmInternalFunction>;
 }
 
 extern operator '.internal' macro LoadWasmInternalFunctionFromFuncRef(
@@ -89,8 +91,7 @@ extern operator '.internal' macro LoadWasmInternalFunctionFromFuncRef(
 // Exposed via SharedFunctionInfo::trusted_function_data.
 extern class WasmFunctionData extends ExposedTrustedObject {
   // Used for calling this function from JavaScript.
-  @if(V8_ENABLE_SANDBOX) wrapper_code: IndirectPointer<Code>;
-  @ifnot(V8_ENABLE_SANDBOX) wrapper_code: Code;
+  wrapper_code: TrustedPointer<Code>;
   // The function reference for this function object. This is used when
   // converting a JS function back to the wasm-side func ref.
   func_ref: WasmFuncRef;
@@ -107,7 +108,7 @@ extern operator '.internal' macro LoadWasmInternalFunctionFromFunctionData(
 extern class WasmExportedFunctionData extends WasmFunctionData {
   // This is the instance that exported the function (which in case of
   // imported and re-exported functions is different from the instance
-  // where the function is defined -- for the latter see WasmFunctionData::ref).
+  // where the function is defined).
   protected_instance_data: ProtectedPointer<WasmTrustedInstanceData>;
   function_index: Smi;
   // Contains a Smi; boxed so that generated code can update the value.
@@ -118,10 +119,9 @@ extern class WasmExportedFunctionData extends WasmFunctionData {
   // The contract is that they are lazily populated, and either both will be
   // present or neither.
   packed_args_size: Smi;
-  @if(V8_ENABLE_SANDBOX) c_wrapper_code: IndirectPointer<Code>;
-  @ifnot(V8_ENABLE_SANDBOX) c_wrapper_code: Code;
+  c_wrapper_code: TrustedPointer<Code>;
 
-  sig: RawPtr;  // wasm::FunctionSig*
+  sig: RawFunctionSigPtr;
 }
 
 extern operator '.instance_data' macro
@@ -148,7 +148,7 @@ extern class WasmContinuationObject extends HeapObject {
   jmpbuf: ExternalPointer;  // Direct access to the stack's jump buffer.
 }
 
-extern class WasmSuspenderObject extends JSObject {
+extern class WasmSuspenderObject extends HeapObject {
   continuation: WasmContinuationObject|Undefined;
   parent: WasmSuspenderObject|Undefined;
   promise: JSPromise;
@@ -197,9 +197,7 @@ extern class WasmTableObject extends JSObject {
   // The instance in which this WasmTableObject is defined.
   // This field is undefined if the table is defined outside any Wasm module,
   // i.e., through the JS API (WebAssembly.Table).
-  @if(V8_ENABLE_SANDBOX) trusted_data:
-      IndirectPointer<WasmTrustedInstanceData>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_data: WasmTrustedInstanceData|Smi;
+  trusted_data: TrustedPointer<WasmTrustedInstanceData>;
 }
 
 extern class WasmMemoryObject extends JSObject {
@@ -213,9 +211,7 @@ extern class WasmGlobalObject extends JSObject {
   // The instance in which this WasmGlobalObject is defined.
   // This field is undefined if the global is defined outside any Wasm module,
   // i.e., through the JS API (WebAssembly.Global).
-  @if(V8_ENABLE_SANDBOX) trusted_data:
-      IndirectPointer<WasmTrustedInstanceData>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_data: WasmTrustedInstanceData|Smi;
+  trusted_data: TrustedPointer<WasmTrustedInstanceData>;
   untagged_buffer: JSArrayBuffer|Undefined;
   tagged_buffer: FixedArray|Undefined;
   offset: Smi;
@@ -229,9 +225,7 @@ extern class WasmTagObject extends JSObject {
   serialized_signature: PodArrayOfWasmValueType;
   tag: HeapObject;
   canonical_type_index: Smi;
-  @if(V8_ENABLE_SANDBOX) trusted_data:
-      IndirectPointer<WasmTrustedInstanceData>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_data: WasmTrustedInstanceData|Smi;
+  trusted_data: TrustedPointer<WasmTrustedInstanceData>;
 }
 
 type WasmExportedFunction extends JSFunction;
@@ -255,9 +249,7 @@ extern class WasmTypeInfo extends HeapObject {
   @if(TAGGED_SIZE_8_BYTES) optional_padding: uint32;
   @ifnot(TAGGED_SIZE_8_BYTES) optional_padding: void;
   // Is undefined for WasmExternalFunctions referring to WasmJSFunctions.
-  @if(V8_ENABLE_SANDBOX) trusted_data:
-      IndirectPointer<WasmTrustedInstanceData>;
-  @ifnot(V8_ENABLE_SANDBOX) trusted_data: WasmTrustedInstanceData|Smi;
+  trusted_data: TrustedPointer<WasmTrustedInstanceData>;
   const supertypes_length: Smi;
   supertypes[supertypes_length]: Object;
 }
diff --git a/deps/v8/src/wasm/wasm-opcodes-inl.h b/deps/v8/src/wasm/wasm-opcodes-inl.h
index 4c0e26f797ba0f..d283e85e4ecfea 100644
--- a/deps/v8/src/wasm/wasm-opcodes-inl.h
+++ b/deps/v8/src/wasm/wasm-opcodes-inl.h
@@ -137,7 +137,7 @@ constexpr bool WasmOpcodes::IsRelaxedSimdOpcode(WasmOpcode opcode) {
 }
 
 constexpr bool WasmOpcodes::IsFP16SimdOpcode(WasmOpcode opcode) {
-  return opcode >= kExprF16x8Splat && opcode <= kExprF16x8ReplaceLane;
+  return opcode >= kExprF16x8Splat && opcode <= kExprF16x8Qfms;
 }
 
 #if DEBUG
diff --git a/deps/v8/src/wasm/wasm-opcodes.h b/deps/v8/src/wasm/wasm-opcodes.h
index 48f4b52677634d..ad4ec7a51de5dd 100644
--- a/deps/v8/src/wasm/wasm-opcodes.h
+++ b/deps/v8/src/wasm/wasm-opcodes.h
@@ -550,7 +550,37 @@ V8_EXPORT_PRIVATE bool IsJSCompatibleSignature(const FunctionSig* sig);
   V(I16x8RelaxedQ15MulRS, 0xfd111, s_ss, "i16x8.relaxed_q15mulr_s")        \
   V(I16x8DotI8x16I7x16S, 0xfd112, s_ss, "i16x8.dot_i8x16_i7x16_s")         \
   V(I32x4DotI8x16I7x16AddS, 0xfd113, s_sss, "i32x4.dot_i8x16_i7x16_add_s") \
-  V(F16x8Splat, 0xfd120, s_f, "f16x8.splat")
+  V(F16x8Splat, 0xfd120, s_f, "f16x8.splat")                               \
+  V(F16x8Abs, 0xfd130, s_s, "f16x8.abs")                                   \
+  V(F16x8Neg, 0xfd131, s_s, "f16x8.neg")                                   \
+  V(F16x8Sqrt, 0xfd132, s_s, "f16x8.sqrt")                                 \
+  V(F16x8Ceil, 0xfd133, s_s, "f16x8.ceil")                                 \
+  V(F16x8Floor, 0xfd134, s_s, "f16x8.floor")                               \
+  V(F16x8Trunc, 0xfd135, s_s, "f16x8.trunc")                               \
+  V(F16x8NearestInt, 0xfd136, s_s, "f16x8.nearest")                        \
+  V(F16x8Eq, 0xfd137, s_ss, "f16x8.eq")                                    \
+  V(F16x8Ne, 0xfd138, s_ss, "f16x8.ne")                                    \
+  V(F16x8Lt, 0xfd139, s_ss, "f16x8.lt")                                    \
+  V(F16x8Gt, 0xfd13a, s_ss, "f16x8.gt")                                    \
+  V(F16x8Le, 0xfd13b, s_ss, "f16x8.le")                                    \
+  V(F16x8Ge, 0xfd13c, s_ss, "f16x8.ge")                                    \
+  V(F16x8Add, 0xfd13d, s_ss, "f16x8.add")                                  \
+  V(F16x8Sub, 0xfd13e, s_ss, "f16x8.sub")                                  \
+  V(F16x8Mul, 0xfd13f, s_ss, "f16x8.mul")                                  \
+  V(F16x8Div, 0xfd140, s_ss, "f16x8.div")                                  \
+  V(F16x8Min, 0xfd141, s_ss, "f16x8.min")                                  \
+  V(F16x8Max, 0xfd142, s_ss, "f16x8.max")                                  \
+  V(F16x8Pmin, 0xfd143, s_ss, "f16x8.pmin")                                \
+  V(F16x8Pmax, 0xfd144, s_ss, "f16x8.pmax")                                \
+  V(I16x8SConvertF16x8, 0xfd145, s_s, "i16x8.trunc_sat_f16x8_s")           \
+  V(I16x8UConvertF16x8, 0xfd146, s_s, "i16x8.trunc_sat_f16x8_u")           \
+  V(F16x8SConvertI16x8, 0xfd147, s_s, "f16x8.convert_i16x8_s")             \
+  V(F16x8UConvertI16x8, 0xfd148, s_s, "f16x8.convert_i16x8_u")             \
+  V(F16x8DemoteF32x4Zero, 0xfd149, s_s, "f16x8.demote_f32x4_zero")         \
+  V(F16x8DemoteF64x2Zero, 0xfd14a, s_s, "f16x8.demote_f64x2_zero")         \
+  V(F32x4PromoteLowF16x8, 0xfd14b, s_s, "f32x4.promote_low_f16x8")         \
+  V(F16x8Qfma, 0xfd14e, s_sss, "f16x8.madd")                               \
+  V(F16x8Qfms, 0xfd14f, s_sss, "f16x8.nmadd")
 
 #define FOREACH_SIMD_1_OPERAND_1_PARAM_OPCODE(V)          \
   V(I8x16ExtractLaneS, 0xfd15, _, "i8x16.extract_lane_s") \
diff --git a/deps/v8/src/wasm/wasm-serialization.cc b/deps/v8/src/wasm/wasm-serialization.cc
index e05c54908cf63f..8e647fcc63d9d2 100644
--- a/deps/v8/src/wasm/wasm-serialization.cc
+++ b/deps/v8/src/wasm/wasm-serialization.cc
@@ -564,8 +564,11 @@ bool NativeModuleSerializer::Write(Writer* writer) {
   for (WasmCode* code : code_table_) {
     WriteCode(code, writer);
   }
-  // If not a single function was written, serialization was not successful.
-  if (num_turbofan_functions_ == 0) return false;
+  // No TurboFan-compiled functions in jitless mode.
+  if (!v8_flags.wasm_jitless) {
+    // If not a single function was written, serialization was not successful.
+    if (num_turbofan_functions_ == 0) return false;
+  }
 
   // Make sure that the serialized total code size was correct.
   CHECK_EQ(total_written_code_, total_code_size);
@@ -1065,7 +1068,7 @@ MaybeHandle<WasmModuleObject> DeserializeNativeModule(
     wasm_engine->UpdateNativeModuleCache(error, shared_native_module, isolate);
   }
 
-  Handle<Script> script =
+  DirectHandle<Script> script =
       wasm_engine->GetOrCreateScript(isolate, shared_native_module, source_url);
   Handle<WasmModuleObject> module_object =
       WasmModuleObject::New(isolate, shared_native_module, script);
diff --git a/deps/v8/src/wasm/wasm-tier.h b/deps/v8/src/wasm/wasm-tier.h
index afd106b0176f60..0da5e85429e166 100644
--- a/deps/v8/src/wasm/wasm-tier.h
+++ b/deps/v8/src/wasm/wasm-tier.h
@@ -18,6 +18,9 @@ namespace wasm {
 // All the tiers of Wasm execution.
 enum class ExecutionTier : int8_t {
   kNone,
+#if V8_ENABLE_DRUMBRAKE
+  kInterpreter,
+#endif  // V8_ENABLE_DRUMBRAKE
   kLiftoff,
   kTurbofan,
 };
@@ -28,6 +31,10 @@ inline const char* ExecutionTierToString(ExecutionTier tier) {
       return "turbofan";
     case ExecutionTier::kLiftoff:
       return "liftoff";
+#if V8_ENABLE_DRUMBRAKE
+    case ExecutionTier::kInterpreter:
+      return "interpreter";
+#endif  // V8_ENABLE_DRUMBRAKE
     case ExecutionTier::kNone:
       return "none";
   }
diff --git a/deps/v8/src/wasm/wrappers.cc b/deps/v8/src/wasm/wrappers.cc
index fd1ab9a320df2d..eb6326d26c3d9a 100644
--- a/deps/v8/src/wasm/wrappers.cc
+++ b/deps/v8/src/wasm/wrappers.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/small-vector.h"
 #include "src/codegen/bailout-reason.h"
 #include "src/codegen/interface-descriptors-inl.h"
@@ -12,6 +14,7 @@
 #include "src/wasm/turboshaft-graph-interface.h"
 #include "src/wasm/wasm-engine.h"
 #include "src/wasm/wasm-module.h"
+#include "src/wasm/wasm-objects.h"
 #include "src/zone/zone.h"
 
 namespace v8::internal::wasm {
@@ -40,8 +43,7 @@ using compiler::turboshaft::Word32;
 using compiler::turboshaft::WordPtr;
 
 namespace {
-const TSCallDescriptor* GetBuiltinCallDescriptor(Builtin name, Zone* zone,
-                                                 StubCallMode stub_mode) {
+const TSCallDescriptor* GetBuiltinCallDescriptor(Builtin name, Zone* zone) {
   CallInterfaceDescriptor interface_descriptor =
       Builtins::CallInterfaceDescriptorFor(name);
   CallDescriptor* call_desc = compiler::Linkage::GetStubCallDescriptor(
@@ -50,7 +52,7 @@ const TSCallDescriptor* GetBuiltinCallDescriptor(Builtin name, Zone* zone,
       interface_descriptor.GetStackParameterCount(),  // stack parameter count
       CallDescriptor::kNoFlags,                       // flags
       compiler::Operator::kNoProperties,              // properties
-      stub_mode);                                     // stub call mode
+      StubCallMode::kCallBuiltinPointer);             // stub call mode
   return TSCallDescriptor::Create(call_desc, compiler::CanThrow::kNo,
                                   compiler::LazyDeoptOnThrow::kNo, zone);
 }
@@ -62,10 +64,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
                             const WasmModule* module,
                             const wasm::FunctionSig* sig,
                             StubCallMode stub_mode)
-      : WasmGraphBuilderBase(zone, assembler),
-        module_(module),
-        sig_(sig),
-        stub_mode_(stub_mode) {}
+      : WasmGraphBuilderBase(zone, assembler), module_(module), sig_(sig) {}
 
   void AbortIfNot(V<Word32> condition, AbortReason abort_reason) {
     if (!v8_flags.debug_code) return;
@@ -125,7 +124,8 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
   }
 
   V<WordPtr> GetTargetForBuiltinCall(Builtin builtin) {
-    return WasmGraphBuilderBase::GetTargetForBuiltinCall(builtin, stub_mode_);
+    return WasmGraphBuilderBase::GetTargetForBuiltinCall(
+        builtin, StubCallMode::kCallBuiltinPointer);
   }
 
   template <typename Descriptor, typename... Args>
@@ -135,7 +135,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
         __ graph_zone(), Descriptor(), 0,
         frame_state.valid() ? CallDescriptor::kNeedsFrameState
                             : CallDescriptor::kNoFlags,
-        Operator::kNoProperties, stub_mode_);
+        Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
     const TSCallDescriptor* ts_call_descriptor = TSCallDescriptor::Create(
         call_descriptor, compiler::CanThrow::kNo,
         compiler::LazyDeoptOnThrow::kNo, __ graph_zone());
@@ -149,7 +149,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
                       Args... args) {
     auto call_descriptor = compiler::Linkage::GetStubCallDescriptor(
         __ graph_zone(), Descriptor(), 0, CallDescriptor::kNoFlags,
-        Operator::kNoProperties, stub_mode_);
+        Operator::kNoProperties, StubCallMode::kCallBuiltinPointer);
     const TSCallDescriptor* ts_call_descriptor = TSCallDescriptor::Create(
         call_descriptor, compiler::CanThrow::kNo,
         compiler::LazyDeoptOnThrow::kNo, __ graph_zone());
@@ -197,7 +197,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
       case wasm::kI32:
         return BuildChangeInt32ToNumber(ret);
       case wasm::kI64:
-        return BuildChangeInt64ToBigInt(ret, stub_mode_);
+        return BuildChangeInt64ToBigInt(ret, StubCallMode::kCallBuiltinPointer);
       case wasm::kF32:
         return BuildChangeFloat32ToNumber(ret);
       case wasm::kF64:
@@ -369,7 +369,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
 
     // Set the ThreadInWasm flag before we do the actual call.
     {
-      base::Optional<ModifyThreadInWasmFlagScope>
+      std::optional<ModifyThreadInWasmFlagScope>
           modify_thread_in_wasm_flag_builder;
       if (set_in_wasm_flag) {
         modify_thread_in_wasm_flag_builder.emplace(this, Asm());
@@ -379,9 +379,10 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
           V<WasmInternalFunction>::Cast(__ LoadProtectedPointerField(
               function_data, LoadOp::Kind::TaggedBase().Immutable(),
               WasmExportedFunctionData::kProtectedInternalOffset));
-      auto [target, ref] =
-          BuildFunctionTargetAndRef(internal, expected_sig_hash);
-      BuildCallWasmFromWrapper(__ phase_zone(), sig_, target, ref, args, rets);
+      auto [target, implicit_arg] =
+          BuildFunctionTargetAndImplicitArg(internal, expected_sig_hash);
+      BuildCallWasmFromWrapper(__ phase_zone(), sig_, target, implicit_arg,
+                               args, rets);
     }
 
     V<Object> jsval;
@@ -429,18 +430,16 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
         __ Load(js_closure, LoadOp::Kind::TaggedBase(),
                 MemoryRepresentation::TaggedPointer(),
                 JSFunction::kSharedFunctionInfoOffset);
-#if V8_ENABLE_SANDBOX
-    static constexpr int kOffset =
-        SharedFunctionInfo::kTrustedFunctionDataOffset;
+#ifdef V8_ENABLE_SANDBOX
     uint64_t signature_hash = SignatureHasher::Hash(sig_);
 #else
-    static constexpr int kOffset = SharedFunctionInfo::kFunctionDataOffset;
     uint64_t signature_hash = 0;
 #endif
     V<WasmFunctionData> function_data =
         V<WasmFunctionData>::Cast(__ LoadTrustedPointerField(
             shared, LoadOp::Kind::TaggedBase(),
-            kWasmFunctionDataIndirectPointerTag, kOffset));
+            kWasmFunctionDataIndirectPointerTag,
+            SharedFunctionInfo::kTrustedFunctionDataOffset));
 
     if (!wasm::IsJSCompatibleSignature(sig_)) {
       // Throw a TypeError. Use the js_context of the calling javascript
@@ -526,25 +525,19 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
 
   void BuildWasmToJSWrapper(wasm::ImportCallKind kind, int expected_arity,
                             wasm::Suspend suspend, const WasmModule* module) {
-    int suspender_count = suspend == kSuspendWithSuspender ? 1 : 0;
-    int wasm_count =
-        static_cast<int>(sig_->parameter_count()) - suspender_count;
+    int wasm_count = static_cast<int>(sig_->parameter_count());
 
     __ Bind(__ NewBlock());
     base::SmallVector<OpIndex, 16> wasm_params(wasm_count);
     OpIndex ref = __ Parameter(0, RegisterRepresentation::Tagged());
-    V<HeapObject> suspender =
-        suspender_count == 1 ? __ Parameter(1, RegisterRepresentation::Tagged())
-                             : OpIndex::Invalid();
     for (int i = 0; i < wasm_count; ++i) {
-      RegisterRepresentation rep =
-          RepresentationFor(sig_->GetParam(i + suspender_count));
-      wasm_params[i] = (__ Parameter(1 + suspender_count + i, rep));
+      RegisterRepresentation rep = RepresentationFor(sig_->GetParam(i));
+      wasm_params[i] = (__ Parameter(1 + i, rep));
     }
 
-    V<Context> native_context = __ Load(
-        ref, LoadOp::Kind::TaggedBase(), MemoryRepresentation::TaggedPointer(),
-        WasmApiFunctionRef::kNativeContextOffset);
+    V<Context> native_context = __ Load(ref, LoadOp::Kind::TaggedBase(),
+                                        MemoryRepresentation::TaggedPointer(),
+                                        WasmImportData::kNativeContextOffset);
 
     if (kind == wasm::ImportCallKind::kRuntimeTypeError) {
       // =======================================================================
@@ -561,17 +554,15 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
     base::SmallVector<OpIndex, 16> args(pushed_count + 4);
     // Position of the first wasm argument in the JS arguments.
     int pos = kind == ImportCallKind::kUseCallBuiltin ? 3 : 1;
-    // If {suspender_count} is 1, {wasm_count} includes the suspender argument,
-    // which is dropped in {AddArgumentNodes}.
     pos = AddArgumentNodes(base::VectorOf(args), pos, wasm_params, sig_,
-                           native_context, suspender_count);
+                           native_context);
     for (int i = wasm_count; i < expected_arity; ++i) {
       args[pos++] = undefined_node;
     }
 
     V<JSFunction> callable_node = __ Load(ref, LoadOp::Kind::TaggedBase(),
                                           MemoryRepresentation::TaggedPointer(),
-                                          WasmApiFunctionRef::kCallableOffset);
+                                          WasmImportData::kCallableOffset);
     OpIndex old_sp = BuildSwitchToTheCentralStackIfNeeded();
     BuildModifyThreadInWasmFlag(__ phase_zone(), false);
     OpIndex call = OpIndex::Invalid();
@@ -644,8 +635,6 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
 
     if (suspend == kSuspend) {
       call = BuildSuspend(call, LOAD_ROOT(ActiveSuspender), ref, &old_sp);
-    } else if (suspend == kSuspendWithSuspender) {
-      call = BuildSuspend(call, suspender, ref, &old_sp);
     }
 
     // Convert the return value(s) back.
@@ -711,19 +700,14 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
       offset += type.value_kind_size();
     }
 
-    V<Object> function_node = __ LoadTaggedField(
-        incoming_params[0], WasmApiFunctionRef::kCallableOffset);
+    V<Object> function_node =
+        __ LoadTaggedField(incoming_params[0], WasmImportData::kCallableOffset);
     V<HeapObject> shared = LoadSharedFunctionInfo(function_node);
-#if V8_ENABLE_SANDBOX
-    static constexpr int kOffset =
-        SharedFunctionInfo::kTrustedFunctionDataOffset;
-#else
-    static constexpr int kOffset = SharedFunctionInfo::kFunctionDataOffset;
-#endif
     V<WasmFunctionData> function_data =
         V<WasmFunctionData>::Cast(__ LoadTrustedPointerField(
             shared, LoadOp::Kind::TaggedBase(),
-            kWasmFunctionDataIndirectPointerTag, kOffset));
+            kWasmFunctionDataIndirectPointerTag,
+            SharedFunctionInfo::kTrustedFunctionDataOffset));
     V<Object> host_data_foreign = __ LoadTaggedField(
         function_data, WasmCapiFunctionData::kEmbedderDataOffset);
 
@@ -761,7 +745,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
       V<Context> context =
           __ Load(incoming_params[0], LoadOp::Kind::TaggedBase(),
                   MemoryRepresentation::TaggedPointer(),
-                  WasmApiFunctionRef::kNativeContextOffset);
+                  WasmImportData::kNativeContextOffset);
       __ Call(call_target, {return_value, context}, ts_call_descriptor);
       __ Unreachable();
     }
@@ -915,7 +899,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
 
   CallDescriptor* GetBigIntToI64CallDescriptor(bool needs_frame_state) {
     return wasm::GetWasmEngine()->call_descriptors()->GetBigIntToI64Descriptor(
-        stub_mode_, needs_frame_state);
+        needs_frame_state);
   }
 
   OpIndex BuildChangeBigIntToInt64(
@@ -1103,12 +1087,10 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
   // Must be called in the first block to emit the Parameter ops.
   int AddArgumentNodes(base::Vector<OpIndex> args, int pos,
                        base::SmallVector<OpIndex, 16> wasm_params,
-                       const wasm::FunctionSig* sig, V<Context> context,
-                       int suspender_count) {
+                       const wasm::FunctionSig* sig, V<Context> context) {
     // Convert wasm numbers to JS values.
     for (size_t i = 0; i < wasm_params.size(); ++i) {
-      args[pos++] =
-          ToJS(wasm_params[i], sig->GetParam(i + suspender_count), context);
+      args[pos++] = ToJS(wasm_params[i], sig->GetParam(i), context);
     }
     return pos;
   }
@@ -1208,17 +1190,16 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
   }
 
   OpIndex BuildSuspend(OpIndex value, V<Object> suspender,
-                       V<Object> api_function_ref, OpIndex* old_sp) {
-    V<Context> native_context =
-        __ Load(api_function_ref, LoadOp::Kind::TaggedBase(),
-                MemoryRepresentation::TaggedPointer(),
-                WasmApiFunctionRef::kNativeContextOffset);
+                       V<Object> import_data, OpIndex* old_sp) {
+    V<Context> native_context = __ Load(import_data, LoadOp::Kind::TaggedBase(),
+                                        MemoryRepresentation::TaggedPointer(),
+                                        WasmImportData::kNativeContextOffset);
     OpIndex active_suspender = LOAD_ROOT(ActiveSuspender);
 
     // If value is a promise, suspend to the js-to-wasm prompt, and resume later
     // with the promise's resolved value.
     ScopedVar<Object> result(this, value);
-    ScopedVar<WordPtr> old_sp_var(this, __ IntPtrConstant(0));
+    ScopedVar<WordPtr> old_sp_var(this, *old_sp);
     IF_NOT (__ IsSmi(value)) {
       IF (__ HasInstanceType(value, JS_PROMISE_TYPE)) {
         IF (__ TaggedEqual(active_suspender, LOAD_ROOT(UndefinedValue))) {
@@ -1259,8 +1240,7 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
         OpIndex promise_then =
             GetBuiltinPointerTarget(Builtin::kPerformPromiseThen);
         auto* then_call_desc = GetBuiltinCallDescriptor(
-            Builtin::kPerformPromiseThen, __ graph_zone(),
-            StubCallMode::kCallBuiltinPointer);
+            Builtin::kPerformPromiseThen, __ graph_zone());
         base::SmallVector<OpIndex, 16> args{value, on_fulfilled, on_rejected,
                                             LOAD_ROOT(UndefinedValue),
                                             native_context};
@@ -1268,8 +1248,8 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
                 then_call_desc);
 
         OpIndex suspend = GetTargetForBuiltinCall(Builtin::kWasmSuspend);
-        auto* suspend_call_descriptor = GetBuiltinCallDescriptor(
-            Builtin::kWasmSuspend, __ graph_zone(), stub_mode_);
+        auto* suspend_call_descriptor =
+            GetBuiltinCallDescriptor(Builtin::kWasmSuspend, __ graph_zone());
         BuildSwitchBackFromCentralStack(*old_sp);
         OpIndex resolved =
             __ Call(suspend, {suspender}, suspend_call_descriptor);
@@ -1339,7 +1319,6 @@ class WasmWrapperTSGraphBuilder : public WasmGraphBuilderBase {
  private:
   const WasmModule* module_;
   const wasm::FunctionSig* const sig_;
-  StubCallMode stub_mode_;
 };
 
 void BuildWasmWrapper(compiler::turboshaft::PipelineData* data,
diff --git a/deps/v8/src/zone/accounting-allocator.cc b/deps/v8/src/zone/accounting-allocator.cc
index fabee899d387d4..e0fe5a58e5df8f 100644
--- a/deps/v8/src/zone/accounting-allocator.cc
+++ b/deps/v8/src/zone/accounting-allocator.cc
@@ -65,11 +65,7 @@ std::unique_ptr<v8::base::BoundedPageAllocator> CreateBoundedAllocator(
 
 }  // namespace
 
-AccountingAllocator::AccountingAllocator()
-    : zone_backing_malloc_(
-          V8::GetCurrentPlatform()->GetZoneBackingAllocator()->GetMallocFn()),
-      zone_backing_free_(
-          V8::GetCurrentPlatform()->GetZoneBackingAllocator()->GetFreeFn()) {
+AccountingAllocator::AccountingAllocator() {
   if (COMPRESS_ZONES_BOOL) {
     v8::PageAllocator* platform_page_allocator = GetPlatformPageAllocator();
     VirtualMemory memory = ReserveAddressSpace(platform_page_allocator);
diff --git a/deps/v8/src/zone/accounting-allocator.h b/deps/v8/src/zone/accounting-allocator.h
index 7fdc86da7d255e..4e1f9442ff45e2 100644
--- a/deps/v8/src/zone/accounting-allocator.h
+++ b/deps/v8/src/zone/accounting-allocator.h
@@ -72,9 +72,6 @@ class V8_EXPORT_PRIVATE AccountingAllocator {
 
   std::unique_ptr<VirtualMemory> reserved_area_;
   std::unique_ptr<base::BoundedPageAllocator> bounded_page_allocator_;
-
-  ZoneBackingAllocator::MallocFn zone_backing_malloc_ = nullptr;
-  ZoneBackingAllocator::FreeFn zone_backing_free_ = nullptr;
 };
 
 }  // namespace internal
diff --git a/deps/v8/src/zone/zone-compact-set.h b/deps/v8/src/zone/zone-compact-set.h
index 780bf9d5de620b..d2828fe4e62007 100644
--- a/deps/v8/src/zone/zone-compact-set.h
+++ b/deps/v8/src/zone/zone-compact-set.h
@@ -90,6 +90,10 @@ class ZoneCompactSet final {
     }
   }
 
+  ZoneCompactSet<T> Clone(Zone* zone) const {
+    return ZoneCompactSet<T>(begin(), end(), zone);
+  }
+
   bool is_empty() const { return data_ == EmptyValue(); }
 
   size_t size() const {
@@ -333,6 +337,11 @@ class ZoneCompactSet<T>::const_iterator {
   }
   const_iterator operator++(int);
 
+  difference_type operator-(const const_iterator& other) const {
+    DCHECK_EQ(set_, other.set_);
+    return current_ - other.current_;
+  }
+
  private:
   friend class ZoneCompactSet<T>;
 
diff --git a/deps/v8/test/cctest/cctest.cc b/deps/v8/test/cctest/cctest.cc
index c040e816c175dc..5c128101c03394 100644
--- a/deps/v8/test/cctest/cctest.cc
+++ b/deps/v8/test/cctest/cctest.cc
@@ -37,7 +37,6 @@
 #include "include/v8-locker.h"
 #include "src/base/lazy-instance.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/platform/condition-variable.h"
 #include "src/base/platform/mutex.h"
 #include "src/base/platform/semaphore.h"
diff --git a/deps/v8/test/cctest/cctest.h b/deps/v8/test/cctest/cctest.h
index 59899e447a23f3..a0d884c2b8e2d9 100644
--- a/deps/v8/test/cctest/cctest.h
+++ b/deps/v8/test/cctest/cctest.h
@@ -285,6 +285,17 @@ class ApiTestFuzzer: public v8::base::Thread {
   bool active_;
 };
 
+// In threaded cctests, control flow alternates between different threads, each
+// of which runs a single test. All threaded cctests share the same isolate and
+// a heap. With conservative stack scanning (CSS), whenever a thread invokes a
+// GC for the common heap, the stacks of all threads are scanned. In this
+// setting, it is not possible to disable CSS without losing correctness.
+// Therefore, tests defined with THREADED_TEST:
+//
+// 1.  must not explicitly disable CSS, using the scope
+//     internal::DisableConservativeStackScanningScopeForTesting, and
+// 2.  cannot rely on the assumption that garbage collection will reclaim all
+//     non-live objects.
 
 #define THREADED_TEST(Name)                                          \
   static void Test##Name();                                          \
@@ -385,7 +396,7 @@ static inline v8::Local<v8::Boolean> v8_bool(bool val) {
   return v8::Boolean::New(v8::Isolate::GetCurrent(), val);
 }
 
-static inline v8::Local<v8::Value> v8_num(double x) {
+static inline v8::Local<v8::Number> v8_num(double x) {
   return v8::Number::New(v8::Isolate::GetCurrent(), x);
 }
 
diff --git a/deps/v8/test/cctest/cctest.status b/deps/v8/test/cctest/cctest.status
index 9e558d9e38b555..84f0e12e4dd5f8 100644
--- a/deps/v8/test/cctest/cctest.status
+++ b/deps/v8/test/cctest/cctest.status
@@ -397,6 +397,8 @@
   'test-run-wasm/RunWasmTurbofan_F32ReinterpretI32': [SKIP],
 
   'test-serialize/StaticRootsPredictableSnapshot': ['pointer_compression', SKIP],
+
+  'test-run-wasm-f16/*': [SKIP],
 }],  # 'arch == riscv64 or (arch == riscv32)'
 ['arch == riscv32', {
   # Some wasm functionality is not implemented yet.
@@ -435,6 +437,16 @@
   'test-code-generator/FuzzAssemble*': [PASS, ['(mode == debug) and optimize_for_size', SKIP]],
 }],  # 'system != android and arch in [arm, arm64] and not simulator_run'
 
+##############################################################################
+['arch == ppc64', {
+  # Generated instructions could differ due to codegen non-determinism
+  # which periodically fails this test on ppc. Test is also only targeting
+  # builds with static-roots enabled which is off by default on ppc.
+  # BUG(v8:42204346)
+  'test-serialize/StaticRootsPredictableSnapshot': [SKIP]
+
+}],  # 'arch == ppc64'
+
 ##############################################################################
 ['system == aix or (arch == ppc64 and byteorder == big)', {
 
@@ -540,6 +552,19 @@
   'wasm-run-utils/*': [SKIP],
 }],  # not has_webassembly or variant == jitless
 
+##############################################################################
+['has_wasm_interpreter', {
+  # Skip tests that require Wasm experimental features not supported by the
+  # Wasm interpreter.
+
+  # --experimental-wasm-memory64
+  'test-run-wasm-memory64/*': [SKIP],
+
+  # --experimental-wasm-fp16
+  'test-run-wasm-f16/*': [SKIP],
+
+ }],  # has_wasm_interpreter
+
 ##############################################################################
 ['lite_mode or variant == jitless', {
 
diff --git a/deps/v8/test/cctest/compiler/function-tester.h b/deps/v8/test/cctest/compiler/function-tester.h
index b0763f3846b473..9caf230edc9875 100644
--- a/deps/v8/test/cctest/compiler/function-tester.h
+++ b/deps/v8/test/cctest/compiler/function-tester.h
@@ -63,11 +63,13 @@ class FunctionTester : public InitializedHandleScope {
     return CheckCall(expected, a, b, undefined());
   }
 
-  void CheckCall(Handle<Object> expected, Handle<Object> a) {
+  void CheckCall(DirectHandle<Object> expected, Handle<Object> a) {
     CheckCall(expected, a, undefined());
   }
 
-  void CheckCall(Handle<Object> expected) { CheckCall(expected, undefined()); }
+  void CheckCall(DirectHandle<Object> expected) {
+    CheckCall(expected, undefined());
+  }
 
   void CheckCall(double expected, double a, double b) {
     CheckCall(Val(expected), Val(a), Val(b));
diff --git a/deps/v8/test/cctest/compiler/test-code-generator.cc b/deps/v8/test/cctest/compiler/test-code-generator.cc
index 964536f03521c0..1960c6927a4475 100644
--- a/deps/v8/test/cctest/compiler/test-code-generator.cc
+++ b/deps/v8/test/cctest/compiler/test-code-generator.cc
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 #include <algorithm>
+#include <optional>
 
 #include "src/base/utils/random-number-generator.h"
 #include "src/codegen/assembler-inl.h"
@@ -787,18 +788,18 @@ class TestEnvironment : public HandleAndZoneScope {
     if (from.IsConstant()) {
       Constant constant = instructions_.GetConstant(
           ConstantOperand::cast(from).virtual_register());
-      Handle<Object> constant_value;
+      DirectHandle<Object> constant_value;
       switch (constant.type()) {
         case Constant::kInt32:
           constant_value =
-              Handle<Smi>(Tagged<Smi>(static_cast<Address>(
-                              static_cast<intptr_t>(constant.ToInt32()))),
-                          main_isolate());
+              direct_handle(Tagged<Smi>(static_cast<Address>(
+                                static_cast<intptr_t>(constant.ToInt32()))),
+                            main_isolate());
           break;
         case Constant::kInt64:
-          constant_value =
-              Handle<Smi>(Tagged<Smi>(static_cast<Address>(constant.ToInt64())),
-                          main_isolate());
+          constant_value = direct_handle(
+              Tagged<Smi>(static_cast<Address>(constant.ToInt64())),
+              main_isolate());
           break;
         case Constant::kFloat32:
           constant_value = main_isolate()->factory()->NewHeapNumber(
@@ -1155,7 +1156,7 @@ class CodeGeneratorTester {
     generator_ = new CodeGenerator(
         environment->main_zone(), &frame_, &linkage_,
         environment->instructions(), &info_, environment->main_isolate(),
-        base::Optional<OsrHelper>(), kNoSourcePosition, nullptr,
+        std::optional<OsrHelper>(), kNoSourcePosition, nullptr,
         AssemblerOptions::Default(environment->main_isolate()),
         Builtin::kNoBuiltinId, kMaxUnoptimizedFrameHeight,
         kMaxPushedArgumentCount);
@@ -1449,7 +1450,7 @@ TEST(FuzzAssembleMoveAndSwap) {
   TestEnvironment env;
 
   Handle<FixedArray> state_in = env.GenerateInitialState();
-  Handle<FixedArray> expected =
+  DirectHandle<FixedArray> expected =
       env.main_isolate()->factory()->NewFixedArray(state_in->length());
 
   // Test small and potentially large ranges separately.
diff --git a/deps/v8/test/cctest/compiler/test-concurrent-shared-function-info.cc b/deps/v8/test/cctest/compiler/test-concurrent-shared-function-info.cc
index 0d5b5c7eb33f16..8f07d99dc4c5b1 100644
--- a/deps/v8/test/cctest/compiler/test-concurrent-shared-function-info.cc
+++ b/deps/v8/test/cctest/compiler/test-concurrent-shared-function-info.cc
@@ -32,7 +32,7 @@ enum class SfiState {
 void ExpectSharedFunctionInfoState(Isolate* isolate,
                                    Tagged<SharedFunctionInfo> sfi,
                                    SfiState expectedState) {
-  Tagged<Object> function_data = sfi->GetData(isolate);
+  Tagged<Object> function_data = sfi->GetTrustedData(isolate);
   Tagged<HeapObject> script = sfi->script(kAcquireLoad);
   switch (expectedState) {
     case SfiState::Compiled:
diff --git a/deps/v8/test/cctest/compiler/test-run-native-calls.cc b/deps/v8/test/cctest/compiler/test-run-native-calls.cc
index ca248b9c49fd08..5d2e0285aa9604 100644
--- a/deps/v8/test/cctest/compiler/test-run-native-calls.cc
+++ b/deps/v8/test/cctest/compiler/test-run-native-calls.cc
@@ -440,7 +440,7 @@ class Computer {
 
     {
       // constant mode.
-      Handle<Code> wrapper;
+      DirectHandle<Code> wrapper;
       {
         // Wrap the above code with a callable function that passes constants.
         Zone zone(isolate->allocator(), ZONE_NAME, kCompressGraphZone);
@@ -474,7 +474,7 @@ class Computer {
 
     {
       // buffer mode.
-      Handle<Code> wrapper;
+      DirectHandle<Code> wrapper;
       {
         // Wrap the above code with a callable function that loads from {input}.
         Zone zone(isolate->allocator(), ZONE_NAME, kCompressGraphZone);
@@ -574,7 +574,7 @@ static void CopyTwentyInt32(CallDescriptor* desc) {
   }
 
   CSignatureOf<int32_t> csig;
-  Handle<Code> wrapper;
+  DirectHandle<Code> wrapper;
   {
     // Loads parameters from the input buffer and calls the above code.
     Zone zone(isolate->allocator(), ZONE_NAME, kCompressGraphZone);
@@ -1051,7 +1051,7 @@ void MixedParamTest(int start) {
 
     {
       // call the select.
-      Handle<Code> wrapper;
+      DirectHandle<Code> wrapper;
       int32_t expected_ret;
       char bytes[kDoubleSize];
       alignas(8) char output[kDoubleSize];
diff --git a/deps/v8/test/cctest/compiler/test-run-variables.cc b/deps/v8/test/cctest/compiler/test-run-variables.cc
index 59137f4fe12bea..bfe7992d25c3a0 100644
--- a/deps/v8/test/cctest/compiler/test-run-variables.cc
+++ b/deps/v8/test/cctest/compiler/test-run-variables.cc
@@ -66,7 +66,8 @@ static void RunVariableTests(const char* source, const char* tests[]) {
 
     // Check function with non-falsey parameter.
     if (tests[i + 1] != throws) {
-      Handle<Object> r = v8::Utils::OpenHandle(*CompileRun(tests[i + 1]));
+      DirectHandle<Object> r =
+          v8::Utils::OpenDirectHandle(*CompileRun(tests[i + 1]));
       T.CheckCall(r, T.Val(123), T.Val("result"));
     } else {
       T.CheckThrows(T.Val(123), T.Val("result"));
@@ -74,7 +75,8 @@ static void RunVariableTests(const char* source, const char* tests[]) {
 
     // Check function with falsey parameter.
     if (tests[i + 2] != throws) {
-      Handle<Object> r = v8::Utils::OpenHandle(*CompileRun(tests[i + 2]));
+      DirectHandle<Object> r =
+          v8::Utils::OpenDirectHandle(*CompileRun(tests[i + 2]));
       T.CheckCall(r, T.Val(0.0), T.Val("result"));
     } else {
       T.CheckThrows(T.Val(0.0), T.Val("result"));
diff --git a/deps/v8/test/cctest/heap/test-compaction.cc b/deps/v8/test/cctest/heap/test-compaction.cc
index 13b26806c258fa..354177359f7409 100644
--- a/deps/v8/test/cctest/heap/test-compaction.cc
+++ b/deps/v8/test/cctest/heap/test-compaction.cc
@@ -215,7 +215,7 @@ HEAP_TEST(CompactionPartiallyAbortedPageIntraAbortedPointers) {
   heap->AddNearHeapLimitCallback(reset_oom, heap);
   {
     HandleScope scope1(isolate);
-    Handle<FixedArray> root_array =
+    IndirectHandle<FixedArray> root_array =
         isolate->factory()->NewFixedArray(10, AllocationType::kOld);
 
     heap::SealCurrentObjects(heap);
@@ -269,10 +269,10 @@ HEAP_TEST(CompactionPartiallyAbortedPageIntraAbortedPointers) {
       // The following check makes sure that we compacted "some" objects, while
       // leaving others in place.
       bool in_place = true;
-      Handle<FixedArray> current = root_array;
+      IndirectHandle<FixedArray> current = root_array;
       while (current->get(0) != ReadOnlyRoots(heap).undefined_value()) {
-        current =
-            Handle<FixedArray>(Cast<FixedArray>(current->get(0)), isolate);
+        current = IndirectHandle<FixedArray>(Cast<FixedArray>(current->get(0)),
+                                             isolate);
         CHECK(IsFixedArray(*current));
         if (PageMetadata::FromHeapObject(*current) != to_be_aborted_page) {
           in_place = false;
@@ -321,7 +321,7 @@ HEAP_TEST(CompactionPartiallyAbortedPageWithRememberedSetEntries) {
   heap->AddNearHeapLimitCallback(reset_oom, heap);
   {
     HandleScope scope1(isolate);
-    Handle<FixedArray> root_array =
+    IndirectHandle<FixedArray> root_array =
         isolate->factory()->NewFixedArray(10, AllocationType::kOld);
     heap::SealCurrentObjects(heap);
 
@@ -380,10 +380,10 @@ HEAP_TEST(CompactionPartiallyAbortedPageWithRememberedSetEntries) {
       // The following check makes sure that we compacted "some" objects, while
       // leaving others in place.
       bool in_place = true;
-      Handle<FixedArray> current = root_array;
+      IndirectHandle<FixedArray> current = root_array;
       while (current->get(0) != ReadOnlyRoots(heap).undefined_value()) {
-        current =
-            Handle<FixedArray>(Cast<FixedArray>(current->get(0)), isolate);
+        current = IndirectHandle<FixedArray>(Cast<FixedArray>(current->get(0)),
+                                             isolate);
         CHECK(!Heap::InYoungGeneration(*current));
         CHECK(IsFixedArray(*current));
         if (PageMetadata::FromHeapObject(*current) != to_be_aborted_page) {
@@ -401,7 +401,7 @@ HEAP_TEST(CompactionPartiallyAbortedPageWithRememberedSetEntries) {
       CheckInvariantsOfAbortedPage(to_be_aborted_page);
 
       // Allocate a new object in new space.
-      DirectHandle<FixedArray> holder =
+      IndirectHandle<FixedArray> holder =
           isolate->factory()->NewFixedArray(10, AllocationType::kYoung);
       // Create a broken address that looks like a tagged pointer to a new space
       // object.
@@ -410,7 +410,7 @@ HEAP_TEST(CompactionPartiallyAbortedPageWithRememberedSetEntries) {
       base::Vector<const uint8_t> string_to_broken_addresss(
           reinterpret_cast<const uint8_t*>(&broken_address), kTaggedSize);
 
-      Handle<String> string;
+      IndirectHandle<String> string;
       do {
         // We know that the interesting slot will be on the aborted page and
         // hence we allocate until we get our string on the aborted page.
diff --git a/deps/v8/test/cctest/heap/test-heap.cc b/deps/v8/test/cctest/heap/test-heap.cc
index 26a788f01844bc..d80a6b1838964b 100644
--- a/deps/v8/test/cctest/heap/test-heap.cc
+++ b/deps/v8/test/cctest/heap/test-heap.cc
@@ -263,7 +263,7 @@ TEST(HeapObjects) {
   Heap* heap = isolate->heap();
 
   HandleScope sc(isolate);
-  Handle<Object> value = factory->NewNumber(1.000123);
+  DirectHandle<Object> value = factory->NewNumber(1.000123);
   CHECK(IsHeapNumber(*value));
   CHECK(IsNumber(*value));
   CHECK_EQ(1.000123, Object::NumberValue(*value));
@@ -509,8 +509,8 @@ TEST(WeakGlobalUnmodifiedApiHandlesScavenge) {
 
   WeakPointerCleared = false;
 
-  Handle<Object> h1;
-  Handle<Object> h2;
+  IndirectHandle<Object> h1;
+  IndirectHandle<Object> h2;
 
   {
     HandleScope scope(isolate);
@@ -555,8 +555,8 @@ TEST(WeakGlobalHandlesMark) {
 
   WeakPointerCleared = false;
 
-  Handle<Object> h1;
-  Handle<Object> h2;
+  IndirectHandle<Object> h1;
+  IndirectHandle<Object> h2;
 
   {
     HandleScope scope(isolate);
@@ -599,7 +599,7 @@ TEST(DeleteWeakGlobalHandle) {
   GlobalHandles* global_handles = isolate->global_handles();
 
   WeakPointerCleared = false;
-  Handle<Object> h;
+  IndirectHandle<Object> h;
   {
     HandleScope scope(isolate);
 
@@ -719,7 +719,7 @@ static void CheckInternalizedStrings(const char** strings) {
         isolate->factory()->InternalizeUtf8String(base::CStrVector(string));
     // InternalizeUtf8String may return a failure if a GC is needed.
     CHECK(IsInternalizedString(*a));
-    Handle<String> b = factory->InternalizeUtf8String(string);
+    DirectHandle<String> b = factory->InternalizeUtf8String(string);
     CHECK_EQ(*b, *a);
     CHECK(b->IsOneByteEqualTo(base::CStrVector(string)));
     b = isolate->factory()->InternalizeUtf8String(base::CStrVector(string));
@@ -873,7 +873,7 @@ TEST(JSArray) {
   Handle<JSFunction> function = Cast<JSFunction>(fun_obj);
 
   // Allocate the object.
-  Handle<Object> element;
+  DirectHandle<Object> element;
   Handle<JSObject> object = factory->NewJSObject(function);
   Handle<JSArray> array = Cast<JSArray>(object);
   // We just initialized the VM, no heap allocation failure yet.
@@ -938,7 +938,7 @@ TEST(JSObjectCopy) {
   Object::SetElement(isolate, obj, 1, second, ShouldThrow::kDontThrow).Check();
 
   // Make the clone.
-  Handle<Object> value1, value2;
+  DirectHandle<Object> value1, value2;
   Handle<JSObject> clone = factory->CopyJSObject(obj);
   CHECK(!clone.is_identical_to(obj));
 
@@ -1187,7 +1187,7 @@ static void TestMultiReferencedBytecodeFlushing(bool sparkplug_compile) {
     }
 
     // Check function is compiled.
-    Handle<Object> func_value =
+    IndirectHandle<Object> func_value =
         Object::GetProperty(i_isolate, i_isolate->global_object(), foo_name)
             .ToHandleChecked();
     CHECK(IsJSFunction(*func_value));
@@ -1271,7 +1271,7 @@ HEAP_TEST(Regress10560) {
         Object::GetProperty(i_isolate, i_isolate->global_object(), foo_name)
             .ToHandleChecked();
     CHECK(IsJSFunction(*func_value));
-    Handle<JSFunction> function = Cast<JSFunction>(func_value);
+    DirectHandle<JSFunction> function = Cast<JSFunction>(func_value);
     CHECK(function->shared()->is_compiled());
     CHECK(!function->has_feedback_vector());
 
@@ -1569,7 +1569,7 @@ void CompilationCacheCachingBehavior(bool retain_script) {
                                            "  var y = 42;"
                                            "  var z = x + y;"
                                            "})();";
-  Handle<String> source = factory->InternalizeUtf8String(raw_source);
+  IndirectHandle<String> source = factory->InternalizeUtf8String(raw_source);
 
   {
     v8::HandleScope scope(CcTest::isolate());
@@ -1782,7 +1782,7 @@ void CompilationCacheRegeneration(bool retain_root_sfi, bool flush_root_sfi,
     DirectHandle<Script> script(Cast<Script>(lazy_sfi->script()), isolate);
     bool root_sfi_still_exists = false;
     Tagged<MaybeObject> maybe_root_sfi =
-        script->shared_function_infos()->get(kFunctionLiteralIdTopLevel);
+        script->infos()->get(kFunctionLiteralIdTopLevel);
     if (Tagged<HeapObject> sfi_or_undefined;
         maybe_root_sfi.GetHeapObject(&sfi_or_undefined)) {
       root_sfi_still_exists = !IsUndefined(sfi_or_undefined);
@@ -2309,6 +2309,7 @@ TEST(TestAlignedOverAllocation) {
 
 TEST(HeapNumberAlignment) {
   if (!v8_flags.allocation_site_pretenuring) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -2741,6 +2742,7 @@ HEAP_TEST(Regress845060) {
   v8_flags.allow_natives_syntax = true;
   v8_flags.stress_incremental_marking = false;
   v8_flags.stress_compaction = false;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   LocalContext context;
   v8::HandleScope scope(CcTest::isolate());
@@ -3180,6 +3182,7 @@ TEST(OptimizedPretenuringNestedDoubleLiterals) {
 // Test regular array literals allocation.
 TEST(OptimizedAllocationArrayLiterals) {
   v8_flags.allow_natives_syntax = true;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   if (!CcTest::i_isolate()->use_optimizer() || v8_flags.always_turbofan) return;
   if (v8_flags.gc_global || v8_flags.stress_compaction ||
@@ -3308,7 +3311,7 @@ TEST(TransitionArrayShrinksDuringAllocToZero) {
   CompileRun("function F() { }");
   AddTransitions(transitions_count);
   CompileRun("var root = new F;");
-  Handle<JSObject> root = GetByName("root");
+  IndirectHandle<JSObject> root = GetByName("root");
 
   // Count number of live transitions before marking.
   int transitions_before = CountMapTransitions(i_isolate, root->map());
@@ -3346,7 +3349,7 @@ TEST(TransitionArrayShrinksDuringAllocToOne) {
   CompileRun("function F() {}");
   AddTransitions(transitions_count);
   CompileRun("var root = new F;");
-  Handle<JSObject> root = GetByName("root");
+  IndirectHandle<JSObject> root = GetByName("root");
 
   // Count number of live transitions before marking.
   int transitions_before = CountMapTransitions(i_isolate, root->map());
@@ -3570,7 +3573,7 @@ static void CheckVectorIC(DirectHandle<JSFunction> f, int slot_index,
       Handle<FeedbackVector>(f->feedback_vector(), f->GetIsolate());
   FeedbackVectorHelper helper(vector);
   FeedbackSlot slot = helper.slot(slot_index);
-  FeedbackNexus nexus(vector, slot);
+  FeedbackNexus nexus(CcTest::i_isolate(), vector, slot);
   CHECK(nexus.ic_state() == desired_state);
 }
 
@@ -4115,6 +4118,7 @@ TEST(PersistentHandles) {
 
 static void TestFillersFromPersistentHandles(bool promote) {
   // We assume that the fillers can only arise when left-trimming arrays.
+  ManualGCScope manual_gc_scope;
   Isolate* isolate = CcTest::i_isolate();
   Heap* heap = isolate->heap();
   v8::HandleScope scope(reinterpret_cast<v8::Isolate*>(isolate));
@@ -4429,7 +4433,7 @@ TEST(CellsInOptimizedCodeAreWeak) {
 
   if (!isolate->use_optimizer()) return;
   HandleScope outer_scope(heap->isolate());
-  Handle<Code> code;
+  IndirectHandle<Code> code;
   {
     LocalContext context;
     HandleScope scope(heap->isolate());
@@ -4478,7 +4482,7 @@ TEST(ObjectsInOptimizedCodeAreWeak) {
 
   if (!isolate->use_optimizer()) return;
   HandleScope outer_scope(heap->isolate());
-  Handle<Code> code;
+  IndirectHandle<Code> code;
   {
     LocalContext context;
     HandleScope scope(heap->isolate());
@@ -4519,13 +4523,14 @@ TEST(ObjectsInOptimizedCodeAreWeak) {
 TEST(NewSpaceObjectsInOptimizedCode) {
   if (v8_flags.always_turbofan || v8_flags.single_generation) return;
   v8_flags.allow_natives_syntax = true;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   v8::internal::Heap* heap = CcTest::heap();
 
   if (!isolate->use_optimizer()) return;
   HandleScope outer_scope(isolate);
-  Handle<Code> code;
+  IndirectHandle<Code> code;
   {
     LocalContext context;
     HandleScope scope(isolate);
@@ -4591,7 +4596,7 @@ TEST(ObjectsInEagerlyDeoptimizedCodeAreWeak) {
 
   if (!isolate->use_optimizer()) return;
   HandleScope outer_scope(heap->isolate());
-  Handle<Code> code;
+  IndirectHandle<Code> code;
   {
     LocalContext context;
     HandleScope scope(heap->isolate());
@@ -4939,7 +4944,7 @@ void CheckIC(DirectHandle<JSFunction> function, int slot_index,
              InlineCacheState state) {
   Tagged<FeedbackVector> vector = function->feedback_vector();
   FeedbackSlot slot(slot_index);
-  FeedbackNexus nexus(vector, slot);
+  FeedbackNexus nexus(CcTest::i_isolate(), vector, slot);
   CHECK_EQ(nexus.ic_state(), state);
 }
 
@@ -5149,6 +5154,7 @@ TEST(Regress357137) {
 
 TEST(Regress507979) {
   const int kFixedArrayLen = 10;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   HandleScope handle_scope(isolate);
@@ -5187,7 +5193,7 @@ TEST(Regress388880) {
   Handle<Map> map1 = Map::Create(isolate, 1);
   Handle<String> name = factory->NewStringFromStaticChars("foo");
   name = factory->InternalizeString(name);
-  Handle<Map> map2 =
+  DirectHandle<Map> map2 =
       Map::CopyWithField(isolate, map1, name, FieldType::Any(isolate), NONE,
                          PropertyConstness::kMutable, Representation::Tagged(),
                          OMIT_TRANSITION)
@@ -5469,6 +5475,7 @@ void AllocateInSpace(Isolate* isolate, size_t bytes, AllocationSpace space) {
 
 TEST(NewSpaceAllocationCounter) {
   if (v8_flags.single_generation) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   Isolate* isolate = CcTest::i_isolate();
@@ -5846,7 +5853,7 @@ TEST(Regress598319) {
       {
         // Temporary scope to avoid getting any other objects into the root set.
         v8::HandleScope new_scope(CcTest::isolate());
-        Handle<FixedArray> tmp = isolate->factory()->NewFixedArray(
+        DirectHandle<FixedArray> tmp = isolate->factory()->NewFixedArray(
             number_of_objects, AllocationType::kOld);
         root->set(0, *tmp);
         for (int i = 0; i < get()->length(); i++) {
@@ -6170,6 +6177,7 @@ TEST(Regress618958) {
 
 TEST(YoungGenerationLargeObjectAllocationScavenge) {
   if (v8_flags.minor_ms) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   Heap* heap = CcTest::heap();
@@ -6202,6 +6210,7 @@ TEST(YoungGenerationLargeObjectAllocationScavenge) {
 
 TEST(YoungGenerationLargeObjectAllocationMarkCompact) {
   if (v8_flags.minor_ms) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   Heap* heap = CcTest::heap();
@@ -6576,19 +6585,19 @@ HEAP_TEST(RegressMissingWriteBarrierInAllocate) {
   Isolate* isolate = heap->isolate();
   heap::InvokeMajorGC(heap);
   heap::SimulateIncrementalMarking(heap, false);
-  Handle<Map> map;
+  DirectHandle<Map> map;
   {
     AlwaysAllocateScopeForTesting always_allocate(heap);
     map = isolate->factory()->NewContextfulMapForCurrentContext(
         JS_OBJECT_TYPE, JSObject::kHeaderSize);
   }
   CHECK(heap->incremental_marking()->black_allocation());
-  Handle<JSObject> object;
+  DirectHandle<JSObject> object;
   {
     AlwaysAllocateScopeForTesting always_allocate(heap);
-    object = handle(Cast<JSObject>(isolate->factory()->NewForTest(
-                        map, AllocationType::kOld)),
-                    isolate);
+    object = direct_handle(Cast<JSObject>(isolate->factory()->NewForTest(
+                               map, AllocationType::kOld)),
+                           isolate);
   }
   // Initialize backing stores to ensure object is valid.
   ReadOnlyRoots roots(isolate);
@@ -6763,6 +6772,7 @@ HEAP_TEST(Regress779503) {
   if (v8_flags.single_generation) return;
   v8_flags.stress_concurrent_allocation = false;  // For SealCurrentObjects.
   const int kArraySize = 2048;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Heap* heap = CcTest::heap();
@@ -7075,7 +7085,7 @@ TEST(CodeObjectRegistry) {
   Isolate* isolate = CcTest::i_isolate();
   Heap* heap = isolate->heap();
 
-  Handle<InstructionStream> code1;
+  DirectHandle<InstructionStream> code1;
   HandleScope outer_scope(heap->isolate());
   Address code2_address;
   {
@@ -7374,7 +7384,7 @@ TEST(Regress10900) {
   CodeDesc desc;
   masm.GetCode(isolate, &desc);
   {
-    Handle<Code> code;
+    DirectHandle<Code> code;
     for (int i = 0; i < 100; i++) {
       // Generate multiple code pages.
       code = Factory::CodeBuilder(isolate, desc, CodeKind::FOR_TESTING).Build();
diff --git a/deps/v8/test/cctest/heap/test-memory-measurement.cc b/deps/v8/test/cctest/heap/test-memory-measurement.cc
index 62783f0711dc09..cffe96c10a9d11 100644
--- a/deps/v8/test/cctest/heap/test-memory-measurement.cc
+++ b/deps/v8/test/cctest/heap/test-memory-measurement.cc
@@ -42,7 +42,7 @@ TEST(NativeContextInferrerJSFunction) {
       GetNativeContext(isolate, env.local());
   v8::Local<v8::Value> result = CompileRun("(function () { return 1; })");
   Handle<Object> object = Utils::OpenHandle(*result);
-  Handle<HeapObject> function = Cast<HeapObject>(object);
+  DirectHandle<HeapObject> function = Cast<HeapObject>(object);
   NativeContextInferrer inferrer;
   Address inferred_context = 0;
   CHECK(inferrer.Infer(isolate, function->map(), *function, &inferred_context));
@@ -57,7 +57,7 @@ TEST(NativeContextInferrerJSObject) {
       GetNativeContext(isolate, env.local());
   v8::Local<v8::Value> result = CompileRun("({a : 10})");
   Handle<Object> object = Utils::OpenHandle(*result);
-  Handle<HeapObject> function = Cast<HeapObject>(object);
+  DirectHandle<HeapObject> function = Cast<HeapObject>(object);
   NativeContextInferrer inferrer;
   Address inferred_context = 0;
   CHECK(inferrer.Infer(isolate, function->map(), *function, &inferred_context));
@@ -71,7 +71,8 @@ TEST(NativeContextStatsMerge) {
   DirectHandle<NativeContext> native_context =
       GetNativeContext(isolate, env.local());
   v8::Local<v8::Value> result = CompileRun("({a : 10})");
-  Handle<HeapObject> object = Cast<HeapObject>(Utils::OpenHandle(*result));
+  DirectHandle<HeapObject> object =
+      Cast<HeapObject>(Utils::OpenDirectHandle(*result));
   NativeContextStats stats1, stats2;
   stats1.IncrementSize(native_context->ptr(), object->map(), *object, 10);
   stats2.IncrementSize(native_context->ptr(), object->map(), *object, 20);
diff --git a/deps/v8/test/cctest/heap/test-weak-references.cc b/deps/v8/test/cctest/heap/test-weak-references.cc
index f34c12616f576f..8894abcec1fe2f 100644
--- a/deps/v8/test/cctest/heap/test-weak-references.cc
+++ b/deps/v8/test/cctest/heap/test-weak-references.cc
@@ -28,6 +28,7 @@ Handle<LoadHandler> CreateLoadHandlerForTest(
 }
 
 TEST(WeakReferencesBasic) {
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -112,6 +113,7 @@ TEST(WeakReferencesOldToNew) {
   // Like WeakReferencesBasic, but the updated weak slot is in the old space,
   // and referring to an new space object.
   if (v8_flags.single_generation) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -138,6 +140,7 @@ TEST(WeakReferencesOldToNewScavenged) {
   if (v8_flags.single_generation) return;
   // Like WeakReferencesBasic, but the updated weak slot is in the old space,
   // and referring to an new space object, which is then scavenged.
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -259,6 +262,7 @@ TEST(ObjectWithWeakFieldDies) {
 
 TEST(ObjectWithWeakReferencePromoted) {
   if (v8_flags.single_generation) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -284,6 +288,7 @@ TEST(ObjectWithWeakReferencePromoted) {
 
 TEST(ObjectWithClearedWeakReferencePromoted) {
   if (v8_flags.single_generation || v8_flags.stress_incremental_marking) return;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
diff --git a/deps/v8/test/cctest/test-api-incumbent.cc b/deps/v8/test/cctest/test-api-incumbent.cc
index 0ec380b1a3782e..754ed354c8f585 100644
--- a/deps/v8/test/cctest/test-api-incumbent.cc
+++ b/deps/v8/test/cctest/test-api-incumbent.cc
@@ -2,9 +2,10 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "include/v8-function-callback.h"
 #include "include/v8-function.h"
-#include "src/base/optional.h"
 #include "src/base/strings.h"
 #include "test/cctest/cctest.h"
 
@@ -238,7 +239,7 @@ void IncumbentContextTest_Api(bool with_api_incumbent) {
     Local<Context> context0 = contexts[0];
     Local<Context> context2 = contexts[2];
 
-    v8::base::Optional<Context::BackupIncumbentScope> incumbent_scope;
+    std::optional<Context::BackupIncumbentScope> incumbent_scope;
 
     if (with_api_incumbent) {
       // context -> set incumbent (context2) -> context0.
diff --git a/deps/v8/test/cctest/test-api.cc b/deps/v8/test/cctest/test-api.cc
index bc5f440ae6137d..f140b5e3535264 100644
--- a/deps/v8/test/cctest/test-api.cc
+++ b/deps/v8/test/cctest/test-api.cc
@@ -31,6 +31,7 @@
 #include <csignal>
 #include <map>
 #include <memory>
+#include <optional>
 #include <sstream>
 #include <string>
 
@@ -52,7 +53,6 @@
 #include "include/v8-util.h"
 #include "src/api/api-inl.h"
 #include "src/base/bounds.h"
-#include "src/base/optional.h"
 #include "src/base/overflowing-math.h"
 #include "src/base/platform/platform.h"
 #include "src/base/strings.h"
@@ -597,8 +597,7 @@ class TestOneByteResource : public String::ExternalOneByteStringResource {
   int* counter_;
 };
 
-
-THREADED_TEST(ScriptUsingStringResource) {
+TEST(ScriptUsingStringResource) {
   int dispose_count = 0;
   const char* c_source = "1 + 2 * 3";
   uint16_t* two_byte_source = AsciiToTwoByteString(c_source);
@@ -635,8 +634,7 @@ THREADED_TEST(ScriptUsingStringResource) {
   CHECK_EQ(1, dispose_count);
 }
 
-
-THREADED_TEST(ScriptUsingOneByteStringResource) {
+TEST(ScriptUsingOneByteStringResource) {
   int dispose_count = 0;
   const char* c_source = "1 + 2 * 3";
   {
@@ -674,8 +672,7 @@ THREADED_TEST(ScriptUsingOneByteStringResource) {
   CHECK_EQ(1, dispose_count);
 }
 
-
-THREADED_TEST(ScriptMakingExternalString) {
+TEST(ScriptMakingExternalString) {
   int dispose_count = 0;
   uint16_t* two_byte_source = AsciiToTwoByteString(u"1 + 2 * 3 /* π */");
   {
@@ -713,8 +710,7 @@ THREADED_TEST(ScriptMakingExternalString) {
   CHECK_EQ(1, dispose_count);
 }
 
-
-THREADED_TEST(ScriptMakingExternalOneByteString) {
+TEST(ScriptMakingExternalOneByteString) {
   int dispose_count = 0;
   const char* c_source = "1 + 2 * 3";
   {
@@ -744,7 +740,6 @@ THREADED_TEST(ScriptMakingExternalOneByteString) {
   CHECK_EQ(1, dispose_count);
 }
 
-
 TEST(MakingExternalStringConditions) {
   LocalContext env;
   v8::HandleScope scope(env->GetIsolate());
@@ -8171,7 +8166,7 @@ void InternalFieldCallback(bool global_gc) {
   delete t2;
 }
 
-THREADED_TEST(InternalFieldCallback) {
+TEST(InternalFieldCallback) {
   InternalFieldCallback(false);
   InternalFieldCallback(true);
 }
@@ -8233,7 +8228,7 @@ void i::heap::HeapTester::ResetWeakHandle(bool global_gc) {
   CHECK(object_b.flag);
 }
 
-THREADED_HEAP_TEST(ResetWeakHandle) {
+TEST(ResetWeakHandle) {
   i::heap::HeapTester::ResetWeakHandle(false);
   i::heap::HeapTester::ResetWeakHandle(true);
 }
@@ -8258,7 +8253,7 @@ static void ForceFullGC1(const v8::WeakCallbackInfo<FlagAndPersistent>& data) {
   data.SetSecondPassCallback(ForceFullGC2);
 }
 
-THREADED_TEST(GCFromWeakCallbacks) {
+TEST(GCFromWeakCallbacks) {
   v8::Isolate* isolate = CcTest::isolate();
   v8::Locker locker(CcTest::isolate());
   LocalContext env;
@@ -8311,7 +8306,6 @@ THREADED_TEST(GCFromWeakCallbacks) {
   }
 }
 
-
 static void ArgumentsTestCallback(
     const v8::FunctionCallbackInfo<v8::Value>& args) {
   ApiTestFuzzer::Fuzz();
@@ -10882,7 +10876,7 @@ THREADED_TEST(ShadowObjectAndDataProperty) {
                                        .ToLocalChecked()));
   CHECK(foo->has_feedback_vector());
   i::FeedbackSlot slot = i::FeedbackVector::ToSlot(0);
-  i::FeedbackNexus nexus(foo->feedback_vector(), slot);
+  i::FeedbackNexus nexus(CcTest::i_isolate(), foo->feedback_vector(), slot);
   CHECK_EQ(i::FeedbackSlotKind::kStoreGlobalSloppy, nexus.kind());
   CompileRun("foo(1)");
   CHECK_EQ(i::InlineCacheState::MONOMORPHIC, nexus.ic_state());
@@ -10932,7 +10926,7 @@ THREADED_TEST(ShadowObjectAndDataPropertyTurbo) {
                                        .ToLocalChecked()));
   CHECK(foo->has_feedback_vector());
   i::FeedbackSlot slot = i::FeedbackVector::ToSlot(0);
-  i::FeedbackNexus nexus(foo->feedback_vector(), slot);
+  i::FeedbackNexus nexus(CcTest::i_isolate(), foo->feedback_vector(), slot);
   CHECK_EQ(i::FeedbackSlotKind::kStoreGlobalSloppy, nexus.kind());
   CompileRun("%OptimizeFunctionOnNextCall(foo); foo(1)");
   CHECK_EQ(i::InlineCacheState::MONOMORPHIC, nexus.ic_state());
@@ -13752,8 +13746,7 @@ void NewPersistentHandleCallback1(
   data.SetSecondPassCallback(NewPersistentHandleCallback2);
 }
 
-
-THREADED_TEST(NewPersistentHandleFromWeakCallback) {
+TEST(NewPersistentHandleFromWeakCallback) {
   LocalContext context;
   v8::Isolate* isolate = context->GetIsolate();
 
@@ -13782,7 +13775,6 @@ THREADED_TEST(NewPersistentHandleFromWeakCallback) {
   }
 }
 
-
 v8::Persistent<v8::Object> to_be_disposed;
 
 
@@ -13799,8 +13791,7 @@ void DisposeAndForceGcCallback1(
   data.SetSecondPassCallback(DisposeAndForceGcCallback2);
 }
 
-
-THREADED_TEST(DoNotUseDeletedNodesInSecondLevelGc) {
+TEST(DoNotUseDeletedNodesInSecondLevelGc) {
   LocalContext context;
   v8::Isolate* isolate = context->GetIsolate();
 
@@ -13842,8 +13833,7 @@ void HandleCreatingCallback1(
   data.SetSecondPassCallback(HandleCreatingCallback2);
 }
 
-
-THREADED_TEST(NoGlobalHandlesOrphaningDueToWeakCallback) {
+TEST(NoGlobalHandlesOrphaningDueToWeakCallback) {
   v8::Locker locker(CcTest::isolate());
   LocalContext context;
   v8::Isolate* isolate = context->GetIsolate();
@@ -17197,11 +17187,12 @@ TEST(NumberOfDetachedContexts) {
 }
 
 TEST(ExternalizeOldSpaceTwoByteCons) {
+  i::v8_flags.allow_natives_syntax = true;
   v8::Isolate* isolate = CcTest::isolate();
   LocalContext env;
   v8::HandleScope scope(isolate);
   v8::Local<v8::String> cons =
-      CompileRun("'Romeo Montague ' + 'Juliet Capulet ❤️'")
+      CompileRun("%ConstructConsString('Romeo Montague ', 'Juliet Capulet ❤️')")
           ->ToString(env.local())
           .ToLocalChecked();
   CHECK(IsConsString(*v8::Utils::OpenDirectHandle(*cons)));
@@ -17223,11 +17214,12 @@ TEST(ExternalizeOldSpaceTwoByteCons) {
 
 
 TEST(ExternalizeOldSpaceOneByteCons) {
+  i::v8_flags.allow_natives_syntax = true;
   v8::Isolate* isolate = CcTest::isolate();
   LocalContext env;
   v8::HandleScope scope(isolate);
   v8::Local<v8::String> cons =
-      CompileRun("'Romeo Montague ' + 'Juliet Capulet'")
+      CompileRun("%ConstructConsString('Romeo Montague ', 'Juliet Capulet')")
           ->ToString(env.local())
           .ToLocalChecked();
   CHECK(IsConsString(*v8::Utils::OpenDirectHandle(*cons)));
@@ -19811,7 +19803,7 @@ static int CountLiveMapsInMapCache(i::Tagged<i::Context> context) {
   return count;
 }
 
-THREADED_TEST(Regress1516) {
+TEST(Regress1516) {
   LocalContext context;
   v8::HandleScope scope(context->GetIsolate());
 
@@ -19842,7 +19834,6 @@ THREADED_TEST(Regress1516) {
   CHECK_GT(elements, CountLiveMapsInMapCache(CcTest::i_isolate()->context()));
 }
 
-
 static void TestReceiver(Local<Value> expected_result,
                          Local<Value> expected_receiver,
                          const char* code) {
@@ -23935,8 +23926,8 @@ void StreamingWithIsolateScriptCache(bool run_gc) {
   v8::ScriptOrigin origin(v8_str("http://foo.com"), 0, 0, false, -1,
                           v8::Local<v8::Value>(), false, false, false);
   v8::Local<Value> first_function_untyped;
-  i::Handle<i::JSFunction> first_function;
-  i::Handle<i::JSFunction> second_function;
+  i::DirectHandle<i::JSFunction> first_function;
+  i::DirectHandle<i::JSFunction> second_function;
 
   // Run the script using streaming.
   {
@@ -23971,8 +23962,8 @@ void StreamingWithIsolateScriptCache(bool run_gc) {
     }
   }
 
-  first_function =
-      i::Cast<i::JSFunction>(v8::Utils::OpenHandle(*first_function_untyped));
+  first_function = i::Cast<i::JSFunction>(
+      v8::Utils::OpenDirectHandle(*first_function_untyped));
 
   // Run the same script in another Context without streaming.
   {
@@ -23994,7 +23985,8 @@ void StreamingWithIsolateScriptCache(bool run_gc) {
              run_gc ? v8::ScriptCompiler::InMemoryCacheResult::kPartial
                     : v8::ScriptCompiler::InMemoryCacheResult::kHit);
     v8::Local<Value> result(script->Run(env.local()).ToLocalChecked());
-    second_function = i::Cast<i::JSFunction>(v8::Utils::OpenHandle(*result));
+    second_function =
+        i::Cast<i::JSFunction>(v8::Utils::OpenDirectHandle(*result));
   }
 
   // The functions created by both copies of the script should refer to the same
@@ -24955,6 +24947,57 @@ TEST(StreamingScriptWithSourceMappingURLInTheMiddle) {
                    nullptr, "bar2.js");
 }
 
+void GetCurrentHostDefinedOptionsTest(
+    const v8::FunctionCallbackInfo<Value>& info) {
+  v8::Local<v8::Data> host_defined_options =
+      info.GetIsolate()->GetCurrentHostDefinedOptions().ToLocalChecked();
+  CHECK(host_defined_options.As<v8::PrimitiveArray>()
+            ->Get(info.GetIsolate(), 0)
+            ->StrictEquals(v8_num(4.2)));
+}
+
+THREADED_TEST(TestGetCurrentHostDefinedOptions) {
+  LocalContext env;
+  v8::Isolate* isolate = CcTest::isolate();
+  v8::HandleScope scope(isolate);
+  v8::Local<v8::Context> context = isolate->GetCurrentContext();
+
+  context->Global()
+      ->Set(context, v8_str("test"),
+            v8::Function::New(context, GetCurrentHostDefinedOptionsTest)
+                .ToLocalChecked())
+      .ToChecked();
+
+  {
+    v8::Local<v8::PrimitiveArray> host_defined_options =
+        v8::PrimitiveArray::New(isolate, 1);
+    host_defined_options->Set(isolate, 0, v8_num(4.2));
+    v8::ScriptOrigin origin(v8_str(""), 0, 0, false, -1, Local<v8::Value>(),
+                            false, false, false, host_defined_options);
+    v8::ScriptCompiler::Source source(
+        v8::String::NewFromUtf8Literal(isolate, "eval('[1].forEach(test)')"),
+        origin);
+    v8::Local<v8::Script> script =
+        v8::ScriptCompiler::Compile(context, &source).ToLocalChecked();
+    script->Run(context).ToLocalChecked();
+  }
+
+  {
+    v8::Local<v8::PrimitiveArray> host_defined_options =
+        v8::PrimitiveArray::New(isolate, 1);
+    host_defined_options->Set(isolate, 0, v8_num(4.2));
+    v8::ScriptOrigin origin(v8_str(""), 0, 0, false, -1, Local<v8::Value>(),
+                            false, false, true, host_defined_options);
+    v8::ScriptCompiler::Source source(
+        v8::String::NewFromUtf8Literal(isolate, "eval('[1].forEach(test)')"),
+        origin);
+    v8::Local<v8::Module> module =
+        v8::ScriptCompiler::CompileModule(isolate, &source).ToLocalChecked();
+    module->InstantiateModule(context, UnexpectedModuleResolveCallback)
+        .ToChecked();
+    module->Evaluate(context).ToLocalChecked();
+  }
+}
 
 TEST(NewStringRangeError) {
   // This test uses a lot of memory and fails with flaky OOM when run
@@ -27905,8 +27948,8 @@ struct BasicApiChecker {
     CHECK_EQ(Local<v8::Number>::Cast(options.data)->Value(), 42.5);
     return Impl::FastCallback(receiver, argument, options);
   }
-  static Ret FastCallbackNoFallback(v8::Local<v8::Object> receiver,
-                                    Value argument) {
+  static Ret FastCallbackNoOptions(v8::Local<v8::Object> receiver,
+                                   Value argument) {
     v8::FastApiCallbackOptions options =
         v8::FastApiCallbackOptions::CreateForTesting(v8::Isolate::GetCurrent());
     return Impl::FastCallback(receiver, argument, options);
@@ -27942,8 +27985,8 @@ static v8::AnyCType FastCallbackPatch(v8::AnyCType receiver,
 }
 template <typename Value, typename Impl, typename Ret,
           typename = std::enable_if_t<!std::is_void<Ret>::value>>
-static v8::AnyCType FastCallbackNoFallbackWrapper(v8::AnyCType receiver,
-                                                  v8::AnyCType argument) {
+static v8::AnyCType FastCallbackNoOptionsWrapper(v8::AnyCType receiver,
+                                                 v8::AnyCType argument) {
   v8::FastApiCallbackOptions options =
       v8::FastApiCallbackOptions::CreateForTesting(v8::Isolate::GetCurrent());
   v8::AnyCType ret = PrimitiveToMixedType<Ret>(Impl::FastCallback(
@@ -27960,8 +28003,8 @@ static void FastCallbackPatch(v8::AnyCType receiver, v8::AnyCType argument,
 }
 template <typename Value, typename Impl, typename Ret,
           typename = std::enable_if_t<std::is_void<Ret>::value>>
-static void FastCallbackNoFallbackWrapper(v8::AnyCType receiver,
-                                          v8::AnyCType argument) {
+static void FastCallbackNoOptionsWrapper(v8::AnyCType receiver,
+                                         v8::AnyCType argument) {
   v8::FastApiCallbackOptions options =
       v8::FastApiCallbackOptions::CreateForTesting(v8::Isolate::GetCurrent());
   return Impl::FastCallback(receiver.object_value,
@@ -28090,16 +28133,16 @@ struct ApiObjectChecker
 template <typename Value, typename Impl, typename Ret>
 bool SetupTest(v8::Local<v8::Value> initial_value, LocalContext* env,
                BasicApiChecker<Value, Impl, Ret>* checker,
-               const char* source_code, bool supports_fallback = true,
+               const char* source_code, bool has_options = true,
                bool accept_any_receiver = true, bool setup_try_catch = true) {
   v8::Isolate* isolate = CcTest::isolate();
-  v8::base::Optional<v8::TryCatch> try_catch;
+  std::optional<v8::TryCatch> try_catch;
   if (setup_try_catch) {
     try_catch.emplace(isolate);
   }
 
   v8::CFunction c_func;
-  if (supports_fallback) {
+  if (has_options) {
 #ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
     c_func =
         v8::CFunction::Make(BasicApiChecker<Value, Impl, Ret>::FastCallback,
@@ -28111,11 +28154,11 @@ bool SetupTest(v8::Local<v8::Value> initial_value, LocalContext* env,
   } else {
 #ifdef V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
     c_func = v8::CFunction::Make(
-        BasicApiChecker<Value, Impl, Ret>::FastCallbackNoFallback,
-        FastCallbackNoFallbackWrapper<Value, Impl, Ret>);
+        BasicApiChecker<Value, Impl, Ret>::FastCallbackNoOptions,
+        FastCallbackNoOptionsWrapper<Value, Impl, Ret>);
 #else   // V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
     c_func = v8::CFunction::Make(
-        BasicApiChecker<Value, Impl, Ret>::FastCallbackNoFallback);
+        BasicApiChecker<Value, Impl, Ret>::FastCallbackNoOptions);
 #endif  // V8_USE_SIMULATOR_WITH_GENERIC_C_CALLS
   }
   CHECK_EQ(c_func.ArgumentInfo(0).GetType(), v8::CTypeInfo::Type::kV8Value);
@@ -28283,7 +28326,7 @@ void CallAndCheck(T expected_value, Behavior expected_behavior,
   }
   if (expected_path == ApiCheckerResult::kFastCalled) {
     if (checker.DidCallSlow()) {
-      error_msg << "Default path was called when no fallback was expected. ";
+      error_msg << "Default path was called when fast path was expected. ";
     }
   }
   if (error_msg.str().length() > 0) {
@@ -28556,7 +28599,7 @@ void CallAndDeopt() {
   CHECK(ifunction->HasAttachedOptimizedCode(CcTest::i_isolate()));
 }
 
-void CallNoFallback(int32_t expected_value) {
+void CallNoOptions(int32_t expected_value) {
   LocalContext env;
   v8::Local<v8::Value> initial_value(v8_num(42));
   ApiNumberChecker<int32_t> checker(expected_value, Behavior::kNoException);
@@ -28938,6 +28981,7 @@ TEST(FastApiCalls) {
   i::v8_flags.turbofan = true;
   i::v8_flags.turbo_fast_api_calls = true;
   i::v8_flags.allow_natives_syntax = true;
+  i::v8_flags.fast_api_allow_float_in_sim = true;
   // Disable --always_turbofan, otherwise we haven't generated the necessary
   // feedback to go down the "best optimization" path for the fast call.
   i::v8_flags.always_turbofan = false;
@@ -29354,24 +29398,18 @@ TEST(FastApiCalls) {
   // Check for the deopt loop protection
   CallAndDeopt();
 
-  // Test callbacks without a fallback support
-  CallNoFallback(42);
+  // Test callbacks without options
+  CallNoOptions(42);
 
   // Test callback requesting access checks
   CallNoConvertReceiver(42);
 
   CheckDynamicTypeInfo();
 
-  // Fallback to slow call and throw an exception.
+  // Throw an exception.
   CallAndCheck<int32_t>(42, Behavior::kException, ApiCheckerResult::kFastCalled,
                         v8_num(42), Behavior::kException);
 
-  // Fallback to slow call and don't throw an exception.
-  CallAndCheck<int32_t>(43, Behavior::kNoException,
-                        ApiCheckerResult::kFastCalled, v8_num(43),
-                        Behavior::kNoException);
-
-  // Doesn't fallback to slow call, so don't throw an exception.
   CallAndCheck<int32_t>(44, Behavior::kNoException,
                         ApiCheckerResult::kFastCalled, v8_num(44),
                         Behavior::kNoException);
@@ -29409,6 +29447,7 @@ TEST(FastApiCallsFromWasm) {
   i::v8_flags.wasm_fast_api = true;
   i::v8_flags.turbo_fast_api_calls = true;
   i::v8_flags.wasm_lazy_compilation = true;
+  i::v8_flags.fast_api_allow_float_in_sim = true;
   i::FlagList::EnforceFlagImplications();
 
   CcTest::InitializeVM();
@@ -29613,7 +29652,7 @@ TEST(FastApiOverloadResolution) {
 #endif  // !defined(V8_LITE_MODE) && defined(V8_ENABLE_TURBOFAN)
 }
 
-THREADED_TEST(Recorder_GetContext) {
+TEST(Recorder_GetContext) {
   using v8::Context;
   using v8::Local;
   using v8::MaybeLocal;
@@ -30930,3 +30969,41 @@ TEST(ContinuationPreservedEmbedderData_Thenable) {
   isolate->PerformMicrotaskCheckpoint();
   CHECK(did_thenable_callback_run);
 }
+
+TEST(WrappedFunctionWithClass) {
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  v8::HandleScope scope(isolate);
+  v8::Local<v8::Context> context = env.local();
+
+  // Compile a wrapped function whose first character is the start of a class.
+  // This will mean that both the wrapped function and class's start position
+  // will be character 0 -- things should still work.
+  v8::ScriptCompiler::Source source{v8_str("class C{}; return C;")};
+  v8::Local<v8::Function> wrapped_function =
+      v8::ScriptCompiler::CompileFunction(context, &source, 0, nullptr)
+          .ToLocalChecked();
+  v8::Local<v8::Value> result =
+      wrapped_function->Call(context, context->Global(), 0, nullptr)
+          .ToLocalChecked();
+
+  CHECK(result->IsFunction());
+  v8::Local<v8::Function> the_class = v8::Local<v8::Function>::Cast(result);
+  CHECK(the_class->IsConstructor());
+
+  v8::MaybeLocal<v8::Object> maybe_instance =
+      the_class->NewInstance(context, 0, nullptr);
+  CHECK(!maybe_instance.IsEmpty());
+
+  // Make sure the class still works after bytecode flushing.
+  i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
+  i::Handle<i::JSFunction> i_class =
+      Cast<i::JSFunction>(v8::Utils::OpenHandle(*the_class));
+  CHECK(i_class->shared()->CanDiscardCompiled());
+  i::SharedFunctionInfo::DiscardCompiled(i_isolate,
+                                         handle(i_class->shared(), i_isolate));
+  i_class->ResetIfCodeFlushed(i_isolate);
+
+  maybe_instance = the_class->NewInstance(context, 0, nullptr);
+  CHECK(!maybe_instance.IsEmpty());
+}
diff --git a/deps/v8/test/cctest/test-assembler-mips64.cc b/deps/v8/test/cctest/test-assembler-mips64.cc
index 90133f2242ae78..0712c8ff2ddf90 100644
--- a/deps/v8/test/cctest/test-assembler-mips64.cc
+++ b/deps/v8/test/cctest/test-assembler-mips64.cc
@@ -1583,7 +1583,7 @@ TEST(seleqz_selnez) {
       18446744073709551621.0, -18446744073709551621.0};
     float tests_S[test_size*2] = {2.9, 2.8, -2.9, -2.8,
       18446744073709551616.0, 18446746272732807168.0};
-    for (int j=0; j < test_size; j+=2) {
+    for (int j = 0; j < test_size; j += 2) {
       for (int i=0; i < input_size; i++) {
         test.e = inputs_D[i];
         test.f = tests_D[j];
@@ -1846,7 +1846,7 @@ TEST(sel) {
       18446744073709551616.0, 18446744073709555712.0};
     float tests_S[test_size*2] = {2.9, 2.8, -2.9, -2.8,
       18446744073709551616.0, 18446746272732807168.0};
-    for (int j=0; j < test_size; j+=2) {
+    for (int j = 0; j < test_size; j += 2) {
       for (int i=0; i < input_size; i++) {
         test.dt = inputs_dt[i];
         test.dd = tests_D[j];
diff --git a/deps/v8/test/cctest/test-assembler-riscv64.cc b/deps/v8/test/cctest/test-assembler-riscv64.cc
index 73775e5c5e443c..a747a16e0102d3 100644
--- a/deps/v8/test/cctest/test-assembler-riscv64.cc
+++ b/deps/v8/test/cctest/test-assembler-riscv64.cc
@@ -685,6 +685,34 @@ TEST(RISCV0) {
   }
 }
 
+TEST(RISCVZicond) {
+  CcTest::InitializeVM();
+
+  FOR_INT64_INPUTS(i) {
+    FOR_INT64_INPUTS(j) {
+      auto fn = [i, j](MacroAssembler& assm) {
+        __ li(a1, i);
+        __ li(a2, j);
+        __ czero_eqz(a0, a1, a2);
+      };
+      auto res = GenAndRunTest(fn);
+      CHECK_EQ(j == 0 ? 0 : i, res);
+    }
+  }
+
+  FOR_INT64_INPUTS(i) {
+    FOR_INT64_INPUTS(j) {
+      auto fn = [i, j](MacroAssembler& assm) {
+        __ li(a1, i);
+        __ li(a2, j);
+        __ czero_nez(a0, a1, a2);
+      };
+      auto res = GenAndRunTest(fn);
+      CHECK_EQ(j != 0 ? 0 : i, res);
+    }
+  }
+}
+
 TEST(RISCVLi) {
   CcTest::InitializeVM();
 
@@ -1745,6 +1773,15 @@ TEST(TARGET_ADDR) {
   Isolate* isolate = CcTest::i_isolate();
   HandleScope scope(isolate);
 
+#ifdef RISCV_USE_SV39
+  // This is the series of instructions to load 39 bit address 0x00304abfe961
+  uint32_t buffer[4] = {0x304ac537, 0xfe950513, 0x851513, 0x6156513};
+  MacroAssembler assm(isolate, v8::internal::CodeObjectRequired::kYes);
+
+  uintptr_t addr = reinterpret_cast<uintptr_t>(&buffer[0]);
+  Address res = __ target_address_at(static_cast<Address>(addr));
+  CHECK_EQ(0x00304abfe961L, res);
+#else
   // This is the series of instructions to load 48 bit address 0x0123456789ab
   uint32_t buffer[6] = {0x091ab37,  0x2b330213, 0x00b21213,
                         0x62626213, 0x00621213, 0x02b26213};
@@ -1753,6 +1790,7 @@ TEST(TARGET_ADDR) {
   uintptr_t addr = reinterpret_cast<uintptr_t>(&buffer[0]);
   Address res = __ target_address_at(static_cast<Address>(addr));
   CHECK_EQ(0x0123456789abL, res);
+#endif
 }
 
 TEST(SET_TARGET_ADDR) {
@@ -1760,6 +1798,18 @@ TEST(SET_TARGET_ADDR) {
   Isolate* isolate = CcTest::i_isolate();
   HandleScope scope(isolate);
 
+#ifdef RISCV_USE_SV39
+  // This is the series of instructions to load 39 bit address 0x00304abfe961
+  uint32_t buffer[4] = {0x304ac537, 0xfe950513, 0x851513, 0x6156513};
+
+  MacroAssembler assm(isolate, v8::internal::CodeObjectRequired::kYes);
+
+  uintptr_t addr = reinterpret_cast<uintptr_t>(&buffer[0]);
+  __ set_target_value_at(static_cast<Address>(addr), 0x00304abfe961L,
+                         FLUSH_ICACHE_IF_NEEDED);
+  Address res = __ target_address_at(static_cast<Address>(addr));
+  CHECK_EQ(0x00304abfe961L, res);
+#else
   // This is the series of instructions to load 48 bit address 0xba9876543210
   uint32_t buffer[6] = {0x091ab37,  0x2b330213, 0x00b21213,
                         0x62626213, 0x00621213, 0x02b26213};
@@ -1771,6 +1821,7 @@ TEST(SET_TARGET_ADDR) {
                          FLUSH_ICACHE_IF_NEEDED);
   Address res = __ target_address_at(static_cast<Address>(addr));
   CHECK_EQ(0xba9876543210L, res);
+#endif
 }
 
 // pair.first is the F_TYPE input to test, pair.second is I_TYPE expected
diff --git a/deps/v8/test/cctest/test-code-stub-assembler.cc b/deps/v8/test/cctest/test-code-stub-assembler.cc
index 6c8f34d1847e47..95aea025dd8c07 100644
--- a/deps/v8/test/cctest/test-code-stub-assembler.cc
+++ b/deps/v8/test/cctest/test-code-stub-assembler.cc
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 #include <cmath>
+#include <optional>
 
 #include "src/api/api-inl.h"
 #include "src/base/strings.h"
@@ -154,9 +155,9 @@ TEST(NumberToString) {
   for (int i = 0; i < test_count; i++) {
     int cache_length_before_addition = factory->number_string_cache()->length();
     Handle<Object> input = factory->NewNumber(inputs[i]);
-    Handle<String> expected = factory->NumberToString(input);
+    DirectHandle<String> expected = factory->NumberToString(input);
 
-    Handle<Object> result = ft.Call(input).ToHandleChecked();
+    DirectHandle<Object> result = ft.Call(input).ToHandleChecked();
     if (IsUndefined(*result, isolate)) {
       // Query may fail if cache was resized, in which case the entry is not
       // added to the cache.
@@ -519,7 +520,7 @@ TEST(ToString) {
   DirectHandle<FixedArray> test_cases = isolate->factory()->NewFixedArray(5);
   DirectHandle<FixedArray> smi_test = isolate->factory()->NewFixedArray(2);
   smi_test->set(0, Smi::FromInt(42));
-  Handle<String> str(isolate->factory()->InternalizeUtf8String("42"));
+  DirectHandle<String> str(isolate->factory()->InternalizeUtf8String("42"));
   smi_test->set(1, *str);
   test_cases->set(0, *smi_test);
 
@@ -1149,7 +1150,7 @@ void AddProperties(Handle<JSObject> object, Handle<Name> names[],
                    size_t count) {
   Isolate* isolate = object->GetIsolate();
   for (size_t i = 0; i < count; i++) {
-    Handle<Object> value(Smi::FromInt(static_cast<int>(42 + i)), isolate);
+    DirectHandle<Object> value(Smi::FromInt(static_cast<int>(42 + i)), isolate);
     JSObject::AddProperty(isolate, object, names[i], value, NONE);
   }
 }
@@ -1175,8 +1176,8 @@ void AddProperties(Handle<JSObject> object, Handle<Name> names[],
     Handle<Object> value = values[(seed + i) % values_count];
     if (IsAccessorPair(*value)) {
       DirectHandle<AccessorPair> pair = Cast<AccessorPair>(value);
-      Handle<Object> getter(pair->getter(), isolate);
-      Handle<Object> setter(pair->setter(), isolate);
+      DirectHandle<Object> getter(pair->getter(), isolate);
+      DirectHandle<Object> setter(pair->setter(), isolate);
       JSObject::DefineOwnAccessorIgnoreAttributes(object, names[i], getter,
                                                   setter, NONE)
           .Check();
@@ -1598,7 +1599,8 @@ TEST(TryGetOwnProperty) {
 
 namespace {
 
-void AddElement(Handle<JSObject> object, uint32_t index, Handle<Object> value,
+void AddElement(Handle<JSObject> object, uint32_t index,
+                DirectHandle<Object> value,
                 PropertyAttributes attributes = NONE) {
   JSObject::AddDataElement(object, index, value, attributes);
 }
@@ -1889,9 +1891,8 @@ TEST(AllocateJSObjectFromMap) {
 
   {
     // TODO(cbruni): handle in-object properties
-    Handle<JSObject> object = Cast<JSObject>(
-        v8::Utils::OpenHandle(*CompileRun("var object = {a:1,b:2, 1:1, 2:2}; "
-                                          "object")));
+    DirectHandle<JSObject> object = Cast<JSObject>(v8::Utils::OpenDirectHandle(
+        *CompileRun("var object = {a:1,b:2, 1:1, 2:2}; object")));
     JSObject::NormalizeProperties(isolate, object, KEEP_INOBJECT_PROPERTIES, 0,
                                   "Normalize");
     Handle<HeapObject> properties =
@@ -2165,7 +2166,7 @@ void CallFunctionWithStackPointerChecks(Isolate* isolate,
   }
   FunctionTester ft(asm_tester.GenerateCode(), 1);
 
-  Handle<Object> result;
+  DirectHandle<Object> result;
   for (int test_count = 0; test_count < 100; ++test_count) {
     result = ft.Call().ToHandleChecked();
     CHECK_EQ(Smi::FromInt(42), *result);
@@ -2181,19 +2182,19 @@ TEST(PopAndReturnConstant) {
   using Descriptor = JSTrampolineDescriptor;
   CodeAssemblerTester asm_tester(isolate, Descriptor());
 
-  const int kNumParams = 4 + kJSArgcReceiverSlots;
+  const int kFormalParams = 0;
+  const int kActualParams = 4 + kJSArgcReceiverSlots;
   {
     CodeStubAssembler m(asm_tester.state());
     TNode<Int32T> argc =
         m.UncheckedParameter<Int32T>(Descriptor::kActualArgumentsCount);
-    CSA_CHECK(&m, m.Word32Equal(argc, m.Int32Constant(kNumParams)));
+    CSA_CHECK(&m, m.Word32Equal(argc, m.Int32Constant(kActualParams)));
 
-    int pop_count = kNumParams;
+    int pop_count = kActualParams;
     m.PopAndReturn(m.IntPtrConstant(pop_count), m.SmiConstant(1234));
   }
 
-  FunctionTester ft(asm_tester.GenerateCode(), 0);
-  ft.function->shared()->DontAdaptArguments();
+  FunctionTester ft(asm_tester.GenerateCode(), kFormalParams);
 
   // Now call this function multiple time also checking that the stack pointer
   // didn't change after the calls.
@@ -2201,7 +2202,7 @@ TEST(PopAndReturnConstant) {
   Handle<Smi> expected_result(Smi::FromInt(1234), isolate);
   CallFunctionWithStackPointerChecks(isolate, expected_result, ft.function,
                                      receiver,
-                                     // Pass kNumParams arguments.
+                                     // Pass kActualParams arguments.
                                      Handle<Smi>(Smi::FromInt(1), isolate),
                                      Handle<Smi>(Smi::FromInt(2), isolate),
                                      Handle<Smi>(Smi::FromInt(3), isolate),
@@ -2215,19 +2216,19 @@ TEST(PopAndReturnVariable) {
   using Descriptor = JSTrampolineDescriptor;
   CodeAssemblerTester asm_tester(isolate, Descriptor());
 
-  const int kNumParams = 4 + kJSArgcReceiverSlots;
+  const int kFormalParams = 0;
+  const int kActualParams = 4 + kJSArgcReceiverSlots;
   {
     CodeStubAssembler m(asm_tester.state());
     TNode<Int32T> argc =
         m.UncheckedParameter<Int32T>(Descriptor::kActualArgumentsCount);
-    CSA_CHECK(&m, m.Word32Equal(argc, m.Int32Constant(kNumParams)));
+    CSA_CHECK(&m, m.Word32Equal(argc, m.Int32Constant(kActualParams)));
 
-    int pop_count = kNumParams;
+    int pop_count = kActualParams;
     m.PopAndReturn(m.IntPtrConstant(pop_count), m.SmiConstant(1234));
   }
 
-  FunctionTester ft(asm_tester.GenerateCode(), 0);
-  ft.function->shared()->DontAdaptArguments();
+  FunctionTester ft(asm_tester.GenerateCode(), kFormalParams);
 
   // Now call this function multiple time also checking that the stack pointer
   // didn't change after the calls.
@@ -2235,7 +2236,7 @@ TEST(PopAndReturnVariable) {
   Handle<Smi> expected_result(Smi::FromInt(1234), isolate);
   CallFunctionWithStackPointerChecks(isolate, expected_result, ft.function,
                                      receiver,
-                                     // Pass kNumParams arguments.
+                                     // Pass kActualParams arguments.
                                      Handle<Smi>(Smi::FromInt(1), isolate),
                                      Handle<Smi>(Smi::FromInt(2), isolate),
                                      Handle<Smi>(Smi::FromInt(3), isolate),
@@ -2395,9 +2396,8 @@ TEST(Arguments) {
   }
 
   FunctionTester ft(asm_tester.GenerateCode(), 0);
-  ft.function->shared()->DontAdaptArguments();
 
-  Handle<Object> result;
+  DirectHandle<Object> result;
   result = ft.Call(Handle<Smi>(Smi::FromInt(12), isolate),
                    Handle<Smi>(Smi::FromInt(13), isolate),
                    Handle<Smi>(Smi::FromInt(14), isolate))
@@ -2452,9 +2452,8 @@ TEST(ArgumentsForEach) {
   }
 
   FunctionTester ft(asm_tester.GenerateCode(), 0);
-  ft.function->shared()->DontAdaptArguments();
 
-  Handle<Object> result;
+  DirectHandle<Object> result;
   result = ft.Call(Handle<Smi>(Smi::FromInt(12), isolate),
                    Handle<Smi>(Smi::FromInt(13), isolate),
                    Handle<Smi>(Smi::FromInt(14), isolate))
@@ -2497,7 +2496,7 @@ TEST(IsDebugActive) {
 
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
   CHECK(!isolate->debug()->is_active());
-  Handle<Object> result =
+  DirectHandle<Object> result =
       ft.Call(isolate->factory()->undefined_value()).ToHandleChecked();
   CHECK_EQ(ReadOnlyRoots(isolate).false_value(), *result);
 
@@ -2566,7 +2565,7 @@ TEST(CallBuiltin) {
 
   Factory* factory = isolate->factory();
   Handle<Name> name = factory->InternalizeUtf8String("a");
-  Handle<Object> value(Smi::FromInt(153), isolate);
+  DirectHandle<Object> value(Smi::FromInt(153), isolate);
   Handle<JSObject> object = factory->NewJSObjectWithNullProto();
   JSObject::AddProperty(isolate, object, name, value, NONE);
 
@@ -2593,7 +2592,7 @@ TEST(TailCallBuiltin) {
 
   Factory* factory = isolate->factory();
   Handle<Name> name = factory->InternalizeUtf8String("a");
-  Handle<Object> value(Smi::FromInt(153), isolate);
+  DirectHandle<Object> value(Smi::FromInt(153), isolate);
   Handle<JSObject> object = factory->NewJSObjectWithNullProto();
   JSObject::AddProperty(isolate, object, name, value, NONE);
 
@@ -2639,7 +2638,7 @@ class AppendJSArrayCodeStubAssembler : public CodeStubAssembler {
     CHECK_EQ(kind_, array->GetElementsKind());
     CHECK_EQ(result_size, i::Cast<Smi>(*result).value());
     CHECK_EQ(result_size, Smi::ToInt(array->length()));
-    Handle<Object> obj =
+    DirectHandle<Object> obj =
         JSObject::GetElement(isolate, array, 2).ToHandleChecked();
     DirectHandle<HeapObject> undefined_value(
         ReadOnlyRoots(isolate).undefined_value(), isolate);
@@ -2758,7 +2757,7 @@ TEST(IsPromiseHookEnabled) {
           m.IsIsolatePromiseHookEnabledOrHasAsyncEventDelegate()));
 
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
-  Handle<Object> result =
+  DirectHandle<Object> result =
       ft.Call(isolate->factory()->undefined_value()).ToHandleChecked();
   CHECK_EQ(ReadOnlyRoots(isolate).false_value(), *result);
 
@@ -2821,7 +2820,7 @@ TEST(IsSymbol) {
   m.Return(m.SelectBooleanConstant(m.IsSymbol(symbol)));
 
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
-  Handle<Object> result =
+  DirectHandle<Object> result =
       ft.Call(isolate->factory()->NewSymbol()).ToHandleChecked();
   CHECK_EQ(ReadOnlyRoots(isolate).true_value(), *result);
 
@@ -2840,7 +2839,7 @@ TEST(IsPrivateSymbol) {
   m.Return(m.SelectBooleanConstant(m.IsPrivateSymbol(symbol)));
 
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
-  Handle<Object> result =
+  DirectHandle<Object> result =
       ft.Call(isolate->factory()->NewSymbol()).ToHandleChecked();
   CHECK_EQ(ReadOnlyRoots(isolate).false_value(), *result);
 
@@ -2988,7 +2987,7 @@ TEST(NewElementsCapacitySmi) {
       static_cast<int>(JSObject::NewElementsCapacity((*test_value).value())));
 }
 
-TEST(AllocateFunctionWithMapAndContext) {
+TEST(AllocateRootFunctionWithContext) {
   Isolate* isolate(CcTest::InitIsolateOnce());
 
   const int kNumParams = 1;
@@ -3001,12 +3000,8 @@ TEST(AllocateFunctionWithMapAndContext) {
       m.NewJSPromise(context, m.UndefinedConstant());
   TNode<Context> promise_context = m.CreatePromiseResolvingFunctionsContext(
       context, promise, m.BooleanConstant(false), native_context);
-  TNode<Object> resolve_info =
-      m.PromiseCapabilityDefaultResolveSharedFunConstant();
-  const TNode<Object> map = m.LoadContextElement(
-      native_context, Context::STRICT_FUNCTION_WITHOUT_PROTOTYPE_MAP_INDEX);
-  const TNode<JSFunction> resolve = m.AllocateFunctionWithMapAndContext(
-      m.CAST(map), m.CAST(resolve_info), promise_context);
+  const TNode<JSFunction> resolve = m.AllocateRootFunctionWithContext(
+      RootIndex::kPromiseCapabilityDefaultResolveSharedFun, promise_context);
   m.Return(resolve);
 
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
@@ -3149,7 +3144,7 @@ TEST(NewPromiseCapability) {
         isolate->factory()->NewStringFromAsciiChecked("rejectedStr");
 
     Handle<Object> argv1[] = {resolved_str};
-    Handle<Object> ret =
+    DirectHandle<Object> ret =
         Execution::Call(isolate, handle(result->resolve(), isolate),
                         isolate->factory()->undefined_value(), 1, argv1)
             .ToHandleChecked();
@@ -3382,7 +3377,7 @@ TEST(IsWhiteSpaceOrLineTerminator) {
   Handle<Object> false_value = ft.false_value();
 
   for (base::uc16 c = 0; c < 0xFFFF; c++) {
-    Handle<Object> expected_value =
+    DirectHandle<Object> expected_value =
         IsWhiteSpaceOrLineTerminator(c) ? true_value : false_value;
     ft.CheckCall(expected_value, handle(Smi::FromInt(c), isolate));
   }
@@ -3632,10 +3627,10 @@ TEST(ExtractFixedArrayCOWForceCopy) {
     CodeStubAssembler m(asm_tester.state());
     CodeStubAssembler::ExtractFixedArrayFlags flags;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kAllFixedArrays;
-    base::Optional<TNode<Smi>> constant(m.SmiConstant(0));
+    std::optional<TNode<Smi>> constant(m.SmiConstant(0));
     m.Return(m.ExtractFixedArray(m.Parameter<FixedArrayBase>(1), constant,
-                                 base::Optional<TNode<Smi>>(base::nullopt),
-                                 base::Optional<TNode<Smi>>(base::nullopt),
+                                 std::optional<TNode<Smi>>(std::nullopt),
+                                 std::optional<TNode<Smi>>(std::nullopt),
                                  flags));
   }
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
@@ -3663,11 +3658,11 @@ TEST(ExtractFixedArraySimple) {
     CodeStubAssembler::ExtractFixedArrayFlags flags;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kAllFixedArrays;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kDontCopyCOW;
-    base::Optional<TNode<IntPtrT>> p1_untagged(m.SmiUntag(m.Parameter<Smi>(2)));
-    base::Optional<TNode<IntPtrT>> p2_untagged(m.SmiUntag(m.Parameter<Smi>(3)));
+    std::optional<TNode<IntPtrT>> p1_untagged(m.SmiUntag(m.Parameter<Smi>(2)));
+    std::optional<TNode<IntPtrT>> p2_untagged(m.SmiUntag(m.Parameter<Smi>(3)));
     m.Return(m.ExtractFixedArray(
         m.Parameter<FixedArrayBase>(1), p1_untagged, p2_untagged,
-        base::Optional<TNode<IntPtrT>>(base::nullopt), flags));
+        std::optional<TNode<IntPtrT>>(std::nullopt), flags));
   }
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
 
@@ -3692,11 +3687,11 @@ TEST(ExtractFixedArraySimpleSmiConstant) {
     CodeStubAssembler::ExtractFixedArrayFlags flags;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kAllFixedArrays;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kDontCopyCOW;
-    base::Optional<TNode<Smi>> constant_1(m.SmiConstant(1));
-    base::Optional<TNode<Smi>> constant_2(m.SmiConstant(2));
+    std::optional<TNode<Smi>> constant_1(m.SmiConstant(1));
+    std::optional<TNode<Smi>> constant_2(m.SmiConstant(2));
     m.Return(m.ExtractFixedArray(
         m.Parameter<FixedArrayBase>(1), constant_1, constant_2,
-        base::Optional<TNode<Smi>>(base::nullopt), flags));
+        std::optional<TNode<Smi>>(std::nullopt), flags));
   }
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
 
@@ -3718,11 +3713,11 @@ TEST(ExtractFixedArraySimpleIntPtrConstant) {
     CodeStubAssembler::ExtractFixedArrayFlags flags;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kAllFixedArrays;
     flags |= CodeStubAssembler::ExtractFixedArrayFlag::kDontCopyCOW;
-    base::Optional<TNode<IntPtrT>> constant_1(m.IntPtrConstant(1));
-    base::Optional<TNode<IntPtrT>> constant_2(m.IntPtrConstant(2));
+    std::optional<TNode<IntPtrT>> constant_1(m.IntPtrConstant(1));
+    std::optional<TNode<IntPtrT>> constant_2(m.IntPtrConstant(2));
     m.Return(m.ExtractFixedArray(
         m.Parameter<FixedArrayBase>(1), constant_1, constant_2,
-        base::Optional<TNode<IntPtrT>>(base::nullopt), flags));
+        std::optional<TNode<IntPtrT>>(std::nullopt), flags));
   }
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
 
@@ -3741,11 +3736,11 @@ TEST(ExtractFixedArraySimpleIntPtrConstantNoDoubles) {
   CodeAssemblerTester asm_tester(isolate, JSParameterCount(kNumParams));
   {
     CodeStubAssembler m(asm_tester.state());
-    base::Optional<TNode<IntPtrT>> constant_1(m.IntPtrConstant(1));
-    base::Optional<TNode<IntPtrT>> constant_2(m.IntPtrConstant(2));
+    std::optional<TNode<IntPtrT>> constant_1(m.IntPtrConstant(1));
+    std::optional<TNode<IntPtrT>> constant_2(m.IntPtrConstant(2));
     m.Return(m.ExtractFixedArray(
         m.Parameter<FixedArrayBase>(1), constant_1, constant_2,
-        base::Optional<TNode<IntPtrT>>(base::nullopt),
+        std::optional<TNode<IntPtrT>>(std::nullopt),
         CodeStubAssembler::ExtractFixedArrayFlag::kFixedArrays));
   }
   FunctionTester ft(asm_tester.GenerateCode(), kNumParams);
@@ -3765,8 +3760,8 @@ TEST(ExtractFixedArraySimpleIntPtrParameters) {
   CodeAssemblerTester asm_tester(isolate, JSParameterCount(kNumParams));
   {
     CodeStubAssembler m(asm_tester.state());
-    base::Optional<TNode<IntPtrT>> p1_untagged(m.SmiUntag(m.Parameter<Smi>(2)));
-    base::Optional<TNode<IntPtrT>> p2_untagged(m.SmiUntag(m.Parameter<Smi>(3)));
+    std::optional<TNode<IntPtrT>> p1_untagged(m.SmiUntag(m.Parameter<Smi>(2)));
+    std::optional<TNode<IntPtrT>> p2_untagged(m.SmiUntag(m.Parameter<Smi>(3)));
     m.Return(m.ExtractFixedArray(m.Parameter<FixedArrayBase>(1), p1_untagged,
                                  p2_untagged));
   }
diff --git a/deps/v8/test/cctest/test-debug.cc b/deps/v8/test/cctest/test-debug.cc
index fd266706cd6e6e..b7ca79af8ca15e 100644
--- a/deps/v8/test/cctest/test-debug.cc
+++ b/deps/v8/test/cctest/test-debug.cc
@@ -103,14 +103,12 @@ static i::Handle<i::BreakPoint> SetBreakPoint(v8::Local<v8::Function> fun,
   return break_point;
 }
 
-
-static void ClearBreakPoint(i::Handle<i::BreakPoint> break_point) {
+static void ClearBreakPoint(i::DirectHandle<i::BreakPoint> break_point) {
   v8::internal::Isolate* isolate = CcTest::i_isolate();
   v8::internal::Debug* debug = isolate->debug();
   debug->ClearBreakPoint(break_point);
 }
 
-
 // Change break on exception.
 static void ChangeBreakOnException(v8::Isolate* isolate, bool caught,
                                    bool uncaught) {
@@ -304,12 +302,12 @@ TEST(DebugInfo) {
   CHECK(!HasBreakInfo(bar));
   EnableDebugger(env->GetIsolate());
   // One function (foo) is debugged.
-  i::Handle<i::BreakPoint> bp1 = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp1 = SetBreakPoint(foo, 0);
   CHECK_EQ(1, v8::internal::GetDebuggedFunctions()->length());
   CHECK(HasBreakInfo(foo));
   CHECK(!HasBreakInfo(bar));
   // Two functions are debugged.
-  i::Handle<i::BreakPoint> bp2 = SetBreakPoint(bar, 0);
+  i::DirectHandle<i::BreakPoint> bp2 = SetBreakPoint(bar, 0);
   CHECK_EQ(2, v8::internal::GetDebuggedFunctions()->length());
   CHECK(HasBreakInfo(foo));
   CHECK(HasBreakInfo(bar));
@@ -343,7 +341,7 @@ TEST(BreakPointICStore) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
   CHECK_EQ(1, break_point_hit_count);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
@@ -374,7 +372,7 @@ TEST(BreakPointCondition) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0, "a == true");
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0, "a == true");
   CompileRun("foo()");
   CHECK_EQ(0, break_point_hit_count);
 
@@ -408,7 +406,7 @@ TEST(BreakPointICLoad) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint.
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
   CHECK_EQ(1, break_point_hit_count);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
@@ -440,7 +438,7 @@ TEST(BreakPointICCall) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
   CHECK_EQ(1, break_point_hit_count);
   foo->Call(env.local(), env->Global(), 0, nullptr).ToLocalChecked();
@@ -476,7 +474,7 @@ TEST(BreakPointICCallWithGC) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint.
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
   CHECK_EQ(1, foo->Call(context, env->Global(), 0, nullptr)
                   .ToLocalChecked()
                   ->Int32Value(context)
@@ -518,7 +516,7 @@ TEST(BreakPointConstructCallWithGC) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint.
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
   CHECK_EQ(1, foo->Call(context, env->Global(), 0, nullptr)
                   .ToLocalChecked()
                   ->Int32Value(context)
@@ -548,7 +546,7 @@ TEST(BreakPointBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test simple builtin ===
   break_point_hit_count = 0;
@@ -682,7 +680,7 @@ TEST(BreakPointJSBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test JS builtin ===
   break_point_hit_count = 0;
@@ -713,7 +711,7 @@ TEST(BreakPointBoundBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test bound function from a builtin ===
   break_point_hit_count = 0;
@@ -746,7 +744,7 @@ TEST(BreakPointConstructorBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test Promise constructor ===
   break_point_hit_count = 0;
@@ -809,7 +807,7 @@ TEST(BreakPointInlinedBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test inlined builtin ===
   break_point_hit_count = 0;
@@ -853,7 +851,7 @@ TEST(BreakPointInlineBoundBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test inlined bound builtin ===
   break_point_hit_count = 0;
@@ -901,7 +899,7 @@ TEST(BreakPointInlinedConstructorBuiltin) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test inlined constructor builtin (regular construct builtin) ===
   break_point_hit_count = 0;
@@ -945,7 +943,7 @@ TEST(BreakPointBuiltinConcurrentOpt) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test concurrent optimization ===
   break_point_hit_count = 0;
@@ -986,7 +984,7 @@ TEST(BreakPointBuiltinTFOperator) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test builtin represented as operator ===
   break_point_hit_count = 0;
@@ -1029,9 +1027,9 @@ TEST(BreakPointBuiltinNewContext) {
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
-// === Test builtin from a new context ===
+  // === Test builtin from a new context ===
   break_point_hit_count = 0;
   builtin = CompileRun("String.prototype.repeat").As<v8::Function>();
   CompileRun("'a'.repeat(10)");
@@ -1074,7 +1072,7 @@ TEST(BreakPointApiFunction) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(env->GetIsolate(), NoOpFunctionCallback);
@@ -1116,7 +1114,7 @@ TEST(BreakPointApiConstructor) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(env->GetIsolate(), NoOpFunctionCallback);
@@ -1165,7 +1163,7 @@ TEST(BreakPointApiGetter) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(env->GetIsolate(), NoOpFunctionCallback);
@@ -1219,7 +1217,7 @@ TEST(BreakPointApiSetter) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(env->GetIsolate(), NoOpFunctionCallback);
@@ -1286,7 +1284,7 @@ TEST(BreakPointApiAccessor) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // Create 'foo' class, with a hidden property.
   v8::Local<v8::ObjectTemplate> obj_template =
@@ -1365,7 +1363,7 @@ TEST(Regress1163547) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   auto constructor_tmpl = v8::FunctionTemplate::New(env->GetIsolate());
   auto prototype_tmpl = constructor_tmpl->PrototypeTemplate();
@@ -1477,7 +1475,7 @@ TEST(BreakPointInlineApiFunction) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
 
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   v8::Local<v8::FunctionTemplate> function_template =
       v8::FunctionTemplate::New(env->GetIsolate(), NoOpFunctionCallback);
@@ -1523,7 +1521,7 @@ TEST(BreakPointConditionBuiltin) {
   DebugEventCounter delegate;
   v8::debug::SetDebugDelegate(env->GetIsolate(), &delegate);
   v8::Local<v8::Function> builtin;
-  i::Handle<i::BreakPoint> bp;
+  i::DirectHandle<i::BreakPoint> bp;
 
   // === Test global variable ===
   break_point_hit_count = 0;
@@ -1664,7 +1662,7 @@ TEST(BreakPointInlining) {
   CHECK_EQ(0, break_point_hit_count);
 
   // Run with breakpoint.
-  i::Handle<i::BreakPoint> bp = SetBreakPoint(inlinee, 0);
+  i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(inlinee, 0);
   CompileRun("f(0.1);");
   CHECK_EQ(1, break_point_hit_count);
   CompileRun("test(0.2);");
@@ -1882,7 +1880,7 @@ TEST(DebuggerStatementBreakpoint) {
     foo->Call(context, env->Global(), 0, nullptr).ToLocalChecked();
     CHECK_EQ(1, break_point_hit_count);
 
-    i::Handle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
+    i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(foo, 0);
 
     // Set breakpoint does not duplicate hits
     foo->Call(context, env->Global(), 0, nullptr).ToLocalChecked();
@@ -3150,7 +3148,7 @@ class DebugScopingListener : public v8::debug::DebugDelegate {
 
     auto scopes = stack_traces->GetScopeIterator();
     CHECK_EQ(v8::debug::ScopeIterator::ScopeTypeWith, scopes->GetType());
-    CHECK_EQ(20, scopes->GetStartLocation().GetColumnNumber());
+    CHECK_EQ(19, scopes->GetStartLocation().GetColumnNumber());
     CHECK_EQ(31, scopes->GetEndLocation().GetColumnNumber());
 
     scopes->Advance();
@@ -3437,7 +3435,7 @@ TEST(DebugScriptLineEndsAreAscending) {
           .ToLocalChecked();
   USE(script);
 
-  Handle<v8::internal::FixedArray> instances;
+  DirectHandle<v8::internal::FixedArray> instances;
   {
     v8::internal::Debug* debug = CcTest::i_isolate()->debug();
     instances = debug->GetLoadedScripts();
@@ -4380,7 +4378,7 @@ UNINITIALIZED_TEST(Bug1511649UnlockerRestoreDebug) {
 
     v8::Local<v8::Function> test =
         CompileFunction(isolate, "function test() {}", "test");
-    i::Handle<i::BreakPoint> bp = SetBreakPoint(test, 0);
+    i::DirectHandle<i::BreakPoint> bp = SetBreakPoint(test, 0);
 
     {
       isolate->Exit();
@@ -4830,6 +4828,82 @@ TEST(DebugEvaluateLocalSharedCrossOrigin) {
   v8::debug::SetDebugDelegate(isolate, nullptr);
 }
 
+TEST(DebugEvaluateImportMetaInScript) {
+  struct BreakProgramDelegate : public v8::debug::DebugDelegate {
+    void BreakProgramRequested(v8::Local<v8::Context> context,
+                               std::vector<v8::debug::BreakpointId> const&,
+                               v8::debug::BreakReasons) final {
+      v8::Isolate* isolate = context->GetIsolate();
+      v8::TryCatch tryCatch(isolate);
+      tryCatch.SetCaptureMessage(true);
+      std::unique_ptr<v8::debug::StackTraceIterator> it =
+          v8::debug::StackTraceIterator::Create(isolate);
+      auto result =
+          it->Evaluate(v8_str(isolate, "import.meta"), false).ToLocalChecked();
+
+      // Within the context of a devtools evaluation, import.meta is
+      // always permitted, and will return `undefined` when outside of a
+      // module.
+      CHECK(result->IsUndefined());
+      CHECK(!tryCatch.HasCaught());
+    }
+  } delegate;
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  v8::HandleScope scope(isolate);
+  v8::debug::SetDebugDelegate(isolate, &delegate);
+  v8::Script::Compile(env.local(), v8_str(isolate, "debugger;"))
+      .ToLocalChecked()
+      ->Run(env.local())
+      .ToLocalChecked();
+  v8::debug::SetDebugDelegate(isolate, nullptr);
+}
+
+static v8::MaybeLocal<v8::Module> UnexpectedModuleResolveCallback(
+    v8::Local<v8::Context> context, v8::Local<v8::String> specifier,
+    v8::Local<v8::FixedArray> import_assertions,
+    v8::Local<v8::Module> referrer) {
+  CHECK_WITH_MSG(false, "Unexpected call to resolve callback");
+}
+
+TEST(DebugEvaluateImportMetaInModule) {
+  struct BreakProgramDelegate : public v8::debug::DebugDelegate {
+    void BreakProgramRequested(v8::Local<v8::Context> context,
+                               std::vector<v8::debug::BreakpointId> const&,
+                               v8::debug::BreakReasons) final {
+      v8::Isolate* isolate = context->GetIsolate();
+      v8::TryCatch tryCatch(isolate);
+      tryCatch.SetCaptureMessage(true);
+      std::unique_ptr<v8::debug::StackTraceIterator> it =
+          v8::debug::StackTraceIterator::Create(isolate);
+      auto result =
+          it->Evaluate(v8_str(isolate, "import.meta"), false).ToLocalChecked();
+      CHECK(result->IsObject());
+      CHECK(!tryCatch.HasCaught());
+    }
+  } delegate;
+  LocalContext env;
+  v8::Isolate* isolate = env->GetIsolate();
+  v8::HandleScope scope(isolate);
+  v8::debug::SetDebugDelegate(isolate, &delegate);
+
+  v8::ScriptOrigin script_origin(v8_str("test"), 0, 0, false, -1,
+                                 v8::Local<v8::Value>(), false, false, true);
+  v8::ScriptCompiler::Source script_compiler_source(v8_str("debugger;"),
+                                                    script_origin);
+  v8::Local<v8::Module> module =
+      v8::ScriptCompiler::CompileModule(isolate, &script_compiler_source)
+          .ToLocalChecked();
+
+  CHECK_EQ(
+      module->InstantiateModule(env.local(), UnexpectedModuleResolveCallback)
+          .ToChecked(),
+      true);
+  module->Evaluate(env.local()).ToLocalChecked();
+
+  v8::debug::SetDebugDelegate(isolate, nullptr);
+}
+
 namespace {
 i::MaybeHandle<i::Script> FindScript(
     i::Isolate* isolate, const std::vector<i::Handle<i::Script>>& scripts,
@@ -4926,7 +5000,7 @@ TEST(SourceInfo) {
       "}\n";
   v8::Local<v8::Script> v8_script =
       v8::Script::Compile(env.local(), v8_str(source)).ToLocalChecked();
-  i::Handle<i::Script> i_script(
+  i::DirectHandle<i::Script> i_script(
       i::Cast<i::Script>(
           v8::Utils::OpenDirectHandle(*v8_script)->shared()->script()),
       CcTest::i_isolate());
@@ -5559,6 +5633,177 @@ TEST(GetPrivateStaticAndInstanceMethodsAndAccessors) {
   }
 }
 
+TEST(GetPrivateAutoAccessors) {
+  i::v8_flags.js_decorators = true;
+  LocalContext env;
+  v8::Isolate* v8_isolate = CcTest::isolate();
+  v8::HandleScope scope(v8_isolate);
+  v8::Local<v8::Context> context = env.local();
+  v8::Local<v8::String> source = v8_str(
+      "var Y = class {\n"
+      "  static accessor #static_base_field = 4;\n"
+      "  accessor #base_field = 3;\n"
+      "}\n"
+      "var X = class extends Y{\n"
+      "  static accessor #static_field = 2\n;"
+      "  accessor #field = 1;\n"
+      "}\n"
+      "var y = new Y();\n"
+      "var x = new X();");
+  CompileRun(source);
+  int field_filter =
+      static_cast<int>(v8::debug::PrivateMemberFilter::kPrivateFields);
+  int accessor_filter =
+      static_cast<int>(v8::debug::PrivateMemberFilter::kPrivateAccessors);
+
+  v8::Local<v8::Object> object = v8::Local<v8::Object>::Cast(
+      env->Global()
+          ->Get(context, v8_str(env->GetIsolate(), "Y"))
+          .ToLocalChecked());
+  v8::LocalVector<v8::Value> names(v8_isolate);
+  v8::LocalVector<v8::Value> values(v8_isolate);
+  CHECK(v8::debug::GetPrivateMembers(context, object, field_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK_EQ(name_str, ".accessor-storage-0");
+    CHECK(values[0]->Equals(context, v8_num(4)).FromJust());
+  }
+
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, accessor_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK(v8::debug::AccessorPair::IsAccessorPair(values[0]));
+    v8::Local<v8::debug::AccessorPair> accessors =
+        values[0].As<v8::debug::AccessorPair>();
+    CHECK_EQ(name_str, "#static_base_field");
+    CHECK(accessors->getter()->IsFunction());
+    CHECK(accessors->setter()->IsFunction());
+  }
+
+  object = v8::Local<v8::Object>::Cast(
+      env->Global()
+          ->Get(context, v8_str(env->GetIsolate(), "y"))
+          .ToLocalChecked());
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, field_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK_EQ(name_str, ".accessor-storage-1");
+    CHECK(values[0]->Equals(context, v8_num(3)).FromJust());
+  }
+
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, accessor_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK(v8::debug::AccessorPair::IsAccessorPair(values[0]));
+    v8::Local<v8::debug::AccessorPair> accessors =
+        values[0].As<v8::debug::AccessorPair>();
+    CHECK_EQ(name_str, "#base_field");
+    CHECK(accessors->getter()->IsFunction());
+    CHECK(accessors->setter()->IsFunction());
+  }
+
+  object = v8::Local<v8::Object>::Cast(
+      env->Global()
+          ->Get(context, v8_str(env->GetIsolate(), "X"))
+          .ToLocalChecked());
+  names.clear();
+  values.clear();
+
+  CHECK(v8::debug::GetPrivateMembers(context, object, field_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK_EQ(name_str, ".accessor-storage-0");
+    CHECK(values[0]->Equals(context, v8_num(2)).FromJust());
+  }
+
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, accessor_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 1);
+  CHECK(names[0]->IsString());
+  {
+    std::string name_str = FromString(v8_isolate, names[0].As<v8::String>());
+    CHECK(v8::debug::AccessorPair::IsAccessorPair(values[0]));
+    v8::Local<v8::debug::AccessorPair> accessors =
+        values[0].As<v8::debug::AccessorPair>();
+    CHECK_EQ(name_str, "#static_field");
+    CHECK(accessors->getter()->IsFunction());
+    CHECK(accessors->setter()->IsFunction());
+  }
+
+  object = v8::Local<v8::Object>::Cast(
+      env->Global()
+          ->Get(context, v8_str(env->GetIsolate(), "x"))
+          .ToLocalChecked());
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, field_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 2);
+  int expected[2] = {/*#base_field=*/3, /*#field=*/1};
+  for (int i = 0; i < 2; i++) {
+    v8::Local<v8::Value> name = names[i];
+    v8::Local<v8::Value> value = values[i];
+    CHECK(name->IsString());
+    std::string name_str = FromString(v8_isolate, name.As<v8::String>());
+    CHECK_EQ(name_str, ".accessor-storage-1");
+    CHECK(value->Equals(context, v8_num(expected[i])).FromJust());
+  }
+
+  names.clear();
+  values.clear();
+  CHECK(v8::debug::GetPrivateMembers(context, object, accessor_filter, &names,
+                                     &values));
+
+  CHECK_EQ(names.size(), 2);
+  for (int i = 0; i < 2; i++) {
+    v8::Local<v8::Value> name = names[i];
+    v8::Local<v8::Value> value = values[i];
+    CHECK(name->IsString());
+    std::string name_str = FromString(v8_isolate, name.As<v8::String>());
+    CHECK(v8::debug::AccessorPair::IsAccessorPair(value));
+    v8::Local<v8::debug::AccessorPair> accessors =
+        value.As<v8::debug::AccessorPair>();
+    if (name_str == "#base_field") {
+      CHECK(accessors->getter()->IsFunction());
+      CHECK(accessors->setter()->IsFunction());
+    } else {
+      CHECK_EQ(name_str, "#field");
+      CHECK(accessors->getter()->IsFunction());
+      CHECK(accessors->setter()->IsFunction());
+    }
+  }
+}
+
 namespace {
 class SetTerminateOnResumeDelegate : public v8::debug::DebugDelegate {
  public:
diff --git a/deps/v8/test/cctest/test-field-type-tracking.cc b/deps/v8/test/cctest/test-field-type-tracking.cc
index bd596b9186dff7..668fde1965d10a 100644
--- a/deps/v8/test/cctest/test-field-type-tracking.cc
+++ b/deps/v8/test/cctest/test-field-type-tracking.cc
@@ -533,7 +533,7 @@ TEST(ReconfigureAccessorToNonExistingDataField) {
   CHECK_EQ(*new_map, *new_map2);
 
   DirectHandle<Object> value(Smi::zero(), isolate);
-  Handle<Map> prepared_map = Map::PrepareForDataProperty(
+  DirectHandle<Map> prepared_map = Map::PrepareForDataProperty(
       isolate, new_map, first, PropertyConstness::kConst, value);
   // None to Smi generalization is trivial, map does not change.
   CHECK_EQ(*new_map, *prepared_map);
@@ -1026,7 +1026,7 @@ TEST(GeneralizeFieldWithAccessorProperties) {
   CHECK(!active_map->is_deprecated());
 
   // Update all deprecated maps and check that they are now the same.
-  Handle<Map> updated_map = Map::Update(isolate, map);
+  DirectHandle<Map> updated_map = Map::Update(isolate, map);
   CHECK_EQ(*active_map, *updated_map);
   CheckMigrationTarget(isolate, *map, *updated_map);
   for (int i = 0; i < kPropCount; i++) {
@@ -1841,8 +1841,7 @@ static void TestReconfigureElementsKind_GeneralizeFieldInPlace(
   // Ensure Map::FindElementsKindTransitionedMap() is able to find the
   // transitioned map.
   {
-    MapHandles map_list;
-    map_list.push_back(updated_map);
+    Handle<Map> map_list[1]{updated_map};
     Tagged<Map> transitioned_map = map2->FindElementsKindTransitionedMap(
         isolate, map_list, ConcurrencyMode::kSynchronous);
     CHECK_EQ(*updated_map, transitioned_map);
@@ -2062,7 +2061,7 @@ TEST(ReconfigurePropertySplitMapTransitionsOverflow) {
 
   // Generalize representation of property at index |kSplitProp|.
   const int kSplitProp = kPropCount / 2;
-  Handle<Map> split_map;
+  DirectHandle<Map> split_map;
   Handle<Map> map2 = initial_map;
   {
     for (int i = 0; i < kSplitProp + 1; i++) {
@@ -2283,7 +2282,7 @@ static void TestGeneralizeFieldWithSpecialTransition(
   Handle<Map> old_map = direction == UpdateDirectionCheck::kFwd ? map_a : map_b;
   CHECK(!active_map->is_deprecated());
   // Update all deprecated maps and check that they are now the same.
-  Handle<Map> updated_map = Map::Update(isolate, old_map);
+  DirectHandle<Map> updated_map = Map::Update(isolate, old_map);
   CHECK_EQ(*active_map, *updated_map);
   CheckMigrationTarget(isolate, *map_a, *updated_map);
   for (int i = 0; i < kPropCount; i++) {
@@ -2695,7 +2694,7 @@ static void TestGeneralizeFieldWithSpecialTransitionLegacy(
         CHECK(i == 0 || maps[i - 1]->is_deprecated());
         CHECK(expectations.Check(*new_map));
 
-        Handle<Map> new_map2 = Map::Update(isolate, map2);
+        DirectHandle<Map> new_map2 = Map::Update(isolate, map2);
         CHECK(!new_map2->is_deprecated());
         CHECK(!new_map2->is_dictionary_map());
 
@@ -2747,11 +2746,11 @@ static void TestGeneralizeFieldWithSpecialTransitionLegacy(
     }
   }
 
-  Handle<Map> active_map = maps[kPropCount - 1];
+  DirectHandle<Map> active_map = maps[kPropCount - 1];
   CHECK(!active_map->is_deprecated());
 
   // Update all deprecated maps and check that they are now the same.
-  Handle<Map> updated_map = Map::Update(isolate, map);
+  DirectHandle<Map> updated_map = Map::Update(isolate, map);
   CHECK_EQ(*active_map, *updated_map);
   CheckMigrationTarget(isolate, *map, *updated_map);
   for (int i = 0; i < kPropCount; i++) {
@@ -3309,7 +3308,7 @@ TEST(HoleyHeapNumber) {
   // Ensure that new storage for uninitialized value or mutable heap number
   // with uninitialized sentinel (kHoleNanInt64) is a mutable heap number
   // with uninitialized sentinel.
-  Handle<Object> obj =
+  DirectHandle<Object> obj =
       Object::NewStorageFor(isolate, isolate->factory()->uninitialized_value(),
                             Representation::Double());
   CHECK(IsHeapNumber(*obj));
diff --git a/deps/v8/test/cctest/test-func-name-inference.cc b/deps/v8/test/cctest/test-func-name-inference.cc
index f3df3726bdce0d..618d4fdcceaa73 100644
--- a/deps/v8/test/cctest/test-func-name-inference.cc
+++ b/deps/v8/test/cctest/test-func-name-inference.cc
@@ -51,14 +51,10 @@ static void CheckFunctionName(v8::Local<v8::Script> script,
 
   // Get script source.
   DirectHandle<i::Object> obj = v8::Utils::OpenDirectHandle(*script);
-  Handle<SharedFunctionInfo> shared_function;
-  if (IsSharedFunctionInfo(*obj)) {
-    shared_function =
-        Handle<SharedFunctionInfo>(Cast<SharedFunctionInfo>(*obj), isolate);
-  } else {
-    shared_function =
-        Handle<SharedFunctionInfo>(Cast<JSFunction>(*obj)->shared(), isolate);
-  }
+  DirectHandle<SharedFunctionInfo> shared_function(
+      IsSharedFunctionInfo(*obj) ? Cast<SharedFunctionInfo>(*obj)
+                                 : Cast<JSFunction>(*obj)->shared(),
+      isolate);
   Handle<i::Script> i_script(i::Cast<i::Script>(shared_function->script()),
                              isolate);
   CHECK(IsString(i_script->source()));
diff --git a/deps/v8/test/cctest/test-heap-profiler.cc b/deps/v8/test/cctest/test-heap-profiler.cc
index 9d9b7e6c27f674..7e3887317dfe5e 100644
--- a/deps/v8/test/cctest/test-heap-profiler.cc
+++ b/deps/v8/test/cctest/test-heap-profiler.cc
@@ -30,6 +30,7 @@
 #include <ctype.h>
 
 #include <memory>
+#include <optional>
 #include <vector>
 
 #include "include/v8-function.h"
@@ -38,7 +39,6 @@
 #include "src/api/api-inl.h"
 #include "src/base/hashmap.h"
 #include "src/base/logging.h"
-#include "src/base/optional.h"
 #include "src/base/strings.h"
 #include "src/codegen/assembler-inl.h"
 #include "src/debug/debug.h"
@@ -63,8 +63,8 @@ using i::AllocationTraceTree;
 using i::AllocationTracker;
 using i::EntrySourceLocation;
 using i::heap::GrowNewSpaceToMaximumCapacity;
+using std::optional;
 using v8::base::ArrayVector;
-using v8::base::Optional;
 using v8::base::OS;
 using v8::base::Vector;
 using v8::base::VectorOf;
@@ -169,18 +169,18 @@ static const v8::HeapGraphNode* GetRootChild(const v8::HeapSnapshot* snapshot,
   return GetChildByName(snapshot->GetRoot(), name);
 }
 
-static Optional<EntrySourceLocation> GetLocation(
+static optional<EntrySourceLocation> GetLocation(
     const v8::HeapSnapshot* s, const v8::HeapGraphNode* node) {
   const i::HeapSnapshot* snapshot = reinterpret_cast<const i::HeapSnapshot*>(s);
   const std::vector<EntrySourceLocation>& locations = snapshot->locations();
   const i::HeapEntry* entry = reinterpret_cast<const i::HeapEntry*>(node);
   for (const auto& loc : locations) {
     if (loc.entry_index == entry->index()) {
-      return Optional<EntrySourceLocation>(loc);
+      return optional<EntrySourceLocation>(loc);
     }
   }
 
-  return Optional<EntrySourceLocation>();
+  return optional<EntrySourceLocation>();
 }
 
 static const v8::HeapGraphNode* GetProperty(v8::Isolate* isolate,
@@ -343,7 +343,7 @@ TEST(HeapSnapshotLocations) {
       GetProperty(env->GetIsolate(), global, v8::HeapGraphEdge::kProperty, "x");
   CHECK(x);
 
-  Optional<EntrySourceLocation> x_loc = GetLocation(snapshot, x);
+  optional<EntrySourceLocation> x_loc = GetLocation(snapshot, x);
   CHECK(x_loc);
   CHECK_EQ(0, x_loc->line);
   CHECK_EQ(31, x_loc->col);
@@ -352,7 +352,7 @@ TEST(HeapSnapshotLocations) {
       GetProperty(env->GetIsolate(), global, v8::HeapGraphEdge::kProperty, "g");
   CHECK(x);
 
-  Optional<EntrySourceLocation> g_loc = GetLocation(snapshot, g);
+  optional<EntrySourceLocation> g_loc = GetLocation(snapshot, g);
   CHECK(g_loc);
   CHECK_EQ(1, g_loc->line);
   CHECK_EQ(15, g_loc->col);
@@ -361,7 +361,7 @@ TEST(HeapSnapshotLocations) {
       GetProperty(env->GetIsolate(), global, v8::HeapGraphEdge::kProperty, "o");
   CHECK(x);
 
-  Optional<EntrySourceLocation> o_loc = GetLocation(snapshot, o);
+  optional<EntrySourceLocation> o_loc = GetLocation(snapshot, o);
   CHECK(o_loc);
   CHECK_EQ(2, o_loc->line);
   CHECK_EQ(0, o_loc->col);
@@ -651,7 +651,7 @@ TEST(HeapSnapshotConsString) {
   i::Factory* factory = CcTest::i_isolate()->factory();
   i::Handle<i::String> first = factory->NewStringFromStaticChars("0123456789");
   i::Handle<i::String> second = factory->NewStringFromStaticChars("0123456789");
-  i::Handle<i::String> cons_string =
+  i::DirectHandle<i::String> cons_string =
       factory->NewConsString(first, second).ToHandleChecked();
 
   global_proxy->SetInternalField(0, v8::ToApiHandle<v8::String>(cons_string));
diff --git a/deps/v8/test/cctest/test-inobject-slack-tracking.cc b/deps/v8/test/cctest/test-inobject-slack-tracking.cc
index 286863ae39a5c8..6b078cfcdc4f29 100644
--- a/deps/v8/test/cctest/test-inobject-slack-tracking.cc
+++ b/deps/v8/test/cctest/test-inobject-slack-tracking.cc
@@ -187,9 +187,9 @@ TEST(JSObjectComplex) {
   // Zero instances were created so far.
   CHECK(!func->has_initial_map());
 
-  Handle<JSObject> obj1 = CompileRunI<JSObject>("new A(1);");
-  Handle<JSObject> obj3 = CompileRunI<JSObject>("new A(3);");
-  Handle<JSObject> obj5 = CompileRunI<JSObject>("new A(5);");
+  DirectHandle<JSObject> obj1 = CompileRunI<JSObject>("new A(1);");
+  DirectHandle<JSObject> obj3 = CompileRunI<JSObject>("new A(3);");
+  DirectHandle<JSObject> obj5 = CompileRunI<JSObject>("new A(5);");
 
   CHECK(func->has_initial_map());
   DirectHandle<Map> initial_map(func->initial_map(), func->GetIsolate());
@@ -1294,7 +1294,7 @@ TEST(Regress8853_ClassConstructor) {
 
   // For classes without any this.prop assignments in their
   // constructors we start out with 10 inobject properties.
-  Handle<JSObject> obj = CompileRunI<JSObject>("new (class {});\n");
+  DirectHandle<JSObject> obj = CompileRunI<JSObject>("new (class {});\n");
   CHECK(obj->map()->IsInobjectSlackTrackingInProgress());
   CHECK(IsObjectShrinkable(*obj));
   CHECK_EQ(10, obj->map()->GetInObjectProperties());
@@ -1338,7 +1338,7 @@ TEST(Regress8853_FunctionConstructor) {
 
   // For constructor functions without any this.prop assignments in
   // them we start out with 10 inobject properties.
-  Handle<JSObject> obj = CompileRunI<JSObject>("new (function() {});\n");
+  DirectHandle<JSObject> obj = CompileRunI<JSObject>("new (function() {});\n");
   CHECK(obj->map()->IsInobjectSlackTrackingInProgress());
   CHECK(IsObjectShrinkable(*obj));
   CHECK_EQ(10, obj->map()->GetInObjectProperties());
diff --git a/deps/v8/test/cctest/test-js-weak-refs.cc b/deps/v8/test/cctest/test-js-weak-refs.cc
index bc0907922df127..e6375ead11c756 100644
--- a/deps/v8/test/cctest/test-js-weak-refs.cc
+++ b/deps/v8/test/cctest/test-js-weak-refs.cc
@@ -704,14 +704,15 @@ TEST(TestJSWeakRef) {
   i::DisableConservativeStackScanningScopeForTesting no_stack_scanning(
       CcTest::heap());
   HandleScope outer_scope(isolate);
-  Handle<JSWeakRef> weak_ref;
+  IndirectHandle<JSWeakRef> weak_ref;
   {
     HandleScope inner_scope(isolate);
 
-    DirectHandle<JSObject> js_object =
+    IndirectHandle<JSObject> js_object =
         isolate->factory()->NewJSObject(isolate->object_function());
     // This doesn't add the target into the KeepDuringJob set.
-    Handle<JSWeakRef> inner_weak_ref = ConstructJSWeakRef(js_object, isolate);
+    IndirectHandle<JSWeakRef> inner_weak_ref =
+        ConstructJSWeakRef(js_object, isolate);
 
     heap::InvokeMajorGC(CcTest::heap());
     CHECK(!IsUndefined(inner_weak_ref->target(), isolate));
@@ -738,14 +739,15 @@ TEST(TestJSWeakRefIncrementalMarking) {
   Heap* heap = isolate->heap();
   i::DisableConservativeStackScanningScopeForTesting no_stack_scanning(heap);
   HandleScope outer_scope(isolate);
-  Handle<JSWeakRef> weak_ref;
+  IndirectHandle<JSWeakRef> weak_ref;
   {
     HandleScope inner_scope(isolate);
 
-    DirectHandle<JSObject> js_object =
+    IndirectHandle<JSObject> js_object =
         isolate->factory()->NewJSObject(isolate->object_function());
     // This doesn't add the target into the KeepDuringJob set.
-    Handle<JSWeakRef> inner_weak_ref = ConstructJSWeakRef(js_object, isolate);
+    IndirectHandle<JSWeakRef> inner_weak_ref =
+        ConstructJSWeakRef(js_object, isolate);
 
     heap::SimulateIncrementalMarking(heap, true);
     heap::InvokeMajorGC(heap);
@@ -771,7 +773,7 @@ TEST(TestJSWeakRefKeepDuringJob) {
       CcTest::heap());
 
   HandleScope outer_scope(isolate);
-  Handle<JSWeakRef> weak_ref = MakeWeakRefAndKeepDuringJob(isolate);
+  IndirectHandle<JSWeakRef> weak_ref = MakeWeakRefAndKeepDuringJob(isolate);
   CHECK(!IsUndefined(weak_ref->target(), isolate));
   heap::InvokeMajorGC(CcTest::heap());
   CHECK(!IsUndefined(weak_ref->target(), isolate));
@@ -905,14 +907,15 @@ TEST(JSWeakRefScavengedInWorklist) {
 
   {
     HandleScope outer_scope(isolate);
-    Handle<JSWeakRef> weak_ref;
+    IndirectHandle<JSWeakRef> weak_ref;
 
     // Make a WeakRef that points to a target, both of which become unreachable.
     {
       HandleScope inner_scope(isolate);
-      DirectHandle<JSObject> js_object =
+      IndirectHandle<JSObject> js_object =
           isolate->factory()->NewJSObject(isolate->object_function());
-      Handle<JSWeakRef> inner_weak_ref = ConstructJSWeakRef(js_object, isolate);
+      IndirectHandle<JSWeakRef> inner_weak_ref =
+          ConstructJSWeakRef(js_object, isolate);
       CHECK(Heap::InYoungGeneration(*js_object));
       CHECK(Heap::InYoungGeneration(*inner_weak_ref));
 
@@ -956,14 +959,15 @@ TEST(JSWeakRefTenuredInWorklist) {
   i::DisableConservativeStackScanningScopeForTesting no_stack_scanning(heap);
 
   HandleScope outer_scope(isolate);
-  Handle<JSWeakRef> weak_ref;
+  IndirectHandle<JSWeakRef> weak_ref;
 
   // Make a WeakRef that points to a target. The target becomes unreachable.
   {
     HandleScope inner_scope(isolate);
-    DirectHandle<JSObject> js_object =
+    IndirectHandle<JSObject> js_object =
         isolate->factory()->NewJSObject(isolate->object_function());
-    Handle<JSWeakRef> inner_weak_ref = ConstructJSWeakRef(js_object, isolate);
+    IndirectHandle<JSWeakRef> inner_weak_ref =
+        ConstructJSWeakRef(js_object, isolate);
     CHECK(Heap::InYoungGeneration(*js_object));
     CHECK(Heap::InYoungGeneration(*inner_weak_ref));
 
diff --git a/deps/v8/test/cctest/test-macro-assembler-loong64.cc b/deps/v8/test/cctest/test-macro-assembler-loong64.cc
index b962634646ac0f..0266727511ba79 100644
--- a/deps/v8/test/cctest/test-macro-assembler-loong64.cc
+++ b/deps/v8/test/cctest/test-macro-assembler-loong64.cc
@@ -60,9 +60,7 @@ TEST(BYTESWAP) {
   struct T {
     uint64_t s8;
     uint64_t s4;
-    uint64_t s2;
     uint64_t u4;
-    uint64_t u2;
   };
 
   T t;
@@ -82,25 +80,17 @@ TEST(BYTESWAP) {
   MacroAssembler* masm = &assembler;
 
   __ Ld_d(a4, MemOperand(a0, offsetof(T, s8)));
-  __ ByteSwapSigned(a4, a4, 8);
+  __ ByteSwap(a4, a4, 8);
   __ St_d(a4, MemOperand(a0, offsetof(T, s8)));
 
   __ Ld_d(a4, MemOperand(a0, offsetof(T, s4)));
-  __ ByteSwapSigned(a4, a4, 4);
+  __ ByteSwap(a4, a4, 4);
   __ St_d(a4, MemOperand(a0, offsetof(T, s4)));
 
-  __ Ld_d(a4, MemOperand(a0, offsetof(T, s2)));
-  __ ByteSwapSigned(a4, a4, 2);
-  __ St_d(a4, MemOperand(a0, offsetof(T, s2)));
-
   __ Ld_d(a4, MemOperand(a0, offsetof(T, u4)));
-  __ ByteSwapSigned(a4, a4, 4);
+  __ ByteSwap(a4, a4, 4);
   __ St_d(a4, MemOperand(a0, offsetof(T, u4)));
 
-  __ Ld_d(a4, MemOperand(a0, offsetof(T, u2)));
-  __ ByteSwapSigned(a4, a4, 2);
-  __ St_d(a4, MemOperand(a0, offsetof(T, u2)));
-
   __ jirl(zero_reg, ra, 0);
 
   CodeDesc desc;
@@ -111,23 +101,17 @@ TEST(BYTESWAP) {
 
   for (size_t i = 0; i < arraysize(test_values); i++) {
     int32_t in_s4 = static_cast<int32_t>(test_values[i]);
-    int16_t in_s2 = static_cast<int16_t>(test_values[i]);
     uint32_t in_u4 = static_cast<uint32_t>(test_values[i]);
-    uint16_t in_u2 = static_cast<uint16_t>(test_values[i]);
 
     t.s8 = test_values[i];
     t.s4 = static_cast<uint64_t>(in_s4);
-    t.s2 = static_cast<uint64_t>(in_s2);
     t.u4 = static_cast<uint64_t>(in_u4);
-    t.u2 = static_cast<uint64_t>(in_u2);
 
     f.Call(&t, 0, 0, 0, 0);
 
     CHECK_EQ(ByteReverse<uint64_t>(test_values[i]), t.s8);
     CHECK_EQ(ByteReverse<int32_t>(in_s4), static_cast<int32_t>(t.s4));
-    CHECK_EQ(ByteReverse<int16_t>(in_s2), static_cast<int16_t>(t.s2));
     CHECK_EQ(ByteReverse<uint32_t>(in_u4), static_cast<uint32_t>(t.u4));
-    CHECK_EQ(ByteReverse<uint16_t>(in_u2), static_cast<uint16_t>(t.u2));
   }
 }
 
diff --git a/deps/v8/test/cctest/test-macro-assembler-riscv32.cc b/deps/v8/test/cctest/test-macro-assembler-riscv32.cc
index 68c1e72d3aa91f..2bd2a1ac0d7c1c 100644
--- a/deps/v8/test/cctest/test-macro-assembler-riscv32.cc
+++ b/deps/v8/test/cctest/test-macro-assembler-riscv32.cc
@@ -1198,10 +1198,26 @@ TEST(Ctz32) {
   }
 }
 
+template <bool USE_SCRATCH>
+static void ByteSwapHelper() {
+  Func fn;
+  if (USE_SCRATCH) {
+    fn = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, 4, t0); };
+  } else {
+    fn = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, 4); };
+  }
+
+  CHECK_EQ((int32_t)0x89ab'cdef, GenAndRunTest<int32_t>(0xefcd'ab89, fn));
+}
+
 TEST(ByteSwap) {
   CcTest::InitializeVM();
-  auto fn0 = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, 4, t0); };
-  CHECK_EQ((int32_t)0x89ab'cdef, GenAndRunTest<int32_t>(0xefcd'ab89, fn0));
+  ByteSwapHelper<true>();
+}
+
+TEST(ByteSwap_no_scratch) {
+  CcTest::InitializeVM();
+  ByteSwapHelper<false>();
 }
 
 TEST(Popcnt) {
diff --git a/deps/v8/test/cctest/test-macro-assembler-riscv64.cc b/deps/v8/test/cctest/test-macro-assembler-riscv64.cc
index 09cfa32ff9610a..2ba76077c0c0f0 100644
--- a/deps/v8/test/cctest/test-macro-assembler-riscv64.cc
+++ b/deps/v8/test/cctest/test-macro-assembler-riscv64.cc
@@ -158,9 +158,15 @@ TEST(LoadAddress) {
                 RelocInfo::INTERNAL_REFERENCE_ENCODED),
         ADDRESS_LOAD);
   int check_size = masm.InstructionsGeneratedSince(&skip);
+#ifdef RISCV_USE_SV39
+  // NOTE (RISCV): current li generates 4 instructions, if the sequence is
+  // changed, need to adjust the CHECK_EQ value too
+  CHECK_EQ(4, check_size);
+#else
   // NOTE (RISCV): current li generates 6 instructions, if the sequence is
   // changed, need to adjust the CHECK_EQ value too
   CHECK_EQ(6, check_size);
+#endif
   __ jr(a4);
   __ nop();
   __ stop();
@@ -1384,13 +1390,34 @@ TEST(Ctz64) {
   }
 }
 
+template <int NBYTES, bool USE_SCRATCH>
+static void ByteSwapHelper() {
+  DCHECK(NBYTES == 4 || NBYTES == 8);
+  Func fn;
+  if (USE_SCRATCH) {
+    fn = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, NBYTES, t0); };
+  } else {
+    fn = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, NBYTES); };
+  }
+
+  if (NBYTES == 4) {
+    CHECK_EQ((int32_t)0x89ab'cdef, GenAndRunTest<int32_t>(0xefcd'ab89, fn));
+  } else {
+    CHECK_EQ((int64_t)0x0123'4567'89ab'cdef,
+             GenAndRunTest<int64_t>(0xefcd'ab89'6745'2301, fn));
+  }
+}
+
 TEST(ByteSwap) {
   CcTest::InitializeVM();
-  auto fn0 = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, 4, t0); };
-  CHECK_EQ((int32_t)0x89ab'cdef, GenAndRunTest<int32_t>(0xefcd'ab89, fn0));
-  auto fn1 = [](MacroAssembler& masm) { __ ByteSwap(a0, a0, 8, t0); };
-  CHECK_EQ((int64_t)0x0123'4567'89ab'cdef,
-           GenAndRunTest<int64_t>(0xefcd'ab89'6745'2301, fn1));
+  ByteSwapHelper<4, true>();
+  ByteSwapHelper<8, true>();
+}
+
+TEST(ByteSwap_no_scratch) {
+  CcTest::InitializeVM();
+  ByteSwapHelper<4, false>();
+  ByteSwapHelper<8, false>();
 }
 
 TEST(Dpopcnt) {
diff --git a/deps/v8/test/cctest/test-orderedhashtable.cc b/deps/v8/test/cctest/test-orderedhashtable.cc
index c3773ba35e5a83..372fb0825b6a92 100644
--- a/deps/v8/test/cctest/test-orderedhashtable.cc
+++ b/deps/v8/test/cctest/test-orderedhashtable.cc
@@ -101,7 +101,7 @@ TEST(SmallOrderedHashSetInsertion) {
   CHECK_EQ(0, set->NumberOfElements());
 
   // Add a new key.
-  Handle<Smi> key1(Smi::FromInt(1), isolate);
+  DirectHandle<Smi> key1(Smi::FromInt(1), isolate);
   CHECK(!set->HasKey(isolate, key1));
   set = SmallOrderedHashSet::Add(isolate, set, key1).ToHandleChecked();
   Verify(isolate, set);
@@ -116,7 +116,7 @@ TEST(SmallOrderedHashSetInsertion) {
   CHECK_EQ(1, set->NumberOfElements());
   CHECK(set->HasKey(isolate, key1));
 
-  Handle<String> key2 = factory->NewStringFromAsciiChecked("foo");
+  DirectHandle<String> key2 = factory->NewStringFromAsciiChecked("foo");
   CHECK(!set->HasKey(isolate, key2));
   set = SmallOrderedHashSet::Add(isolate, set, key2).ToHandleChecked();
   Verify(isolate, set);
@@ -132,7 +132,7 @@ TEST(SmallOrderedHashSetInsertion) {
   CHECK(set->HasKey(isolate, key1));
   CHECK(set->HasKey(isolate, key2));
 
-  Handle<Symbol> key3 = factory->NewSymbol();
+  DirectHandle<Symbol> key3 = factory->NewSymbol();
   CHECK(!set->HasKey(isolate, key3));
   set = SmallOrderedHashSet::Add(isolate, set, key3).ToHandleChecked();
   Verify(isolate, set);
@@ -150,7 +150,7 @@ TEST(SmallOrderedHashSetInsertion) {
   CHECK(set->HasKey(isolate, key2));
   CHECK(set->HasKey(isolate, key3));
 
-  Handle<Object> key4 = factory->NewHeapNumber(42.0);
+  DirectHandle<Object> key4 = factory->NewHeapNumber(42.0);
   CHECK(!set->HasKey(isolate, key4));
   set = SmallOrderedHashSet::Add(isolate, set, key4).ToHandleChecked();
   Verify(isolate, set);
@@ -183,7 +183,7 @@ TEST(SmallOrderedHashMapInsertion) {
   CHECK_EQ(0, map->NumberOfElements());
 
   // Add a new key.
-  Handle<Smi> key1(Smi::FromInt(1), isolate);
+  DirectHandle<Smi> key1(Smi::FromInt(1), isolate);
   DirectHandle<Smi> value1(Smi::FromInt(1), isolate);
   CHECK(!map->HasKey(isolate, key1));
   map = SmallOrderedHashMap::Add(isolate, map, key1, value1).ToHandleChecked();
@@ -199,7 +199,7 @@ TEST(SmallOrderedHashMapInsertion) {
   CHECK_EQ(1, map->NumberOfElements());
   CHECK(map->HasKey(isolate, key1));
 
-  Handle<String> key2 = factory->NewStringFromAsciiChecked("foo");
+  DirectHandle<String> key2 = factory->NewStringFromAsciiChecked("foo");
   DirectHandle<String> value = factory->NewStringFromAsciiChecked("foo");
   CHECK(!map->HasKey(isolate, key2));
   map = SmallOrderedHashMap::Add(isolate, map, key2, value).ToHandleChecked();
@@ -216,7 +216,7 @@ TEST(SmallOrderedHashMapInsertion) {
   CHECK(map->HasKey(isolate, key1));
   CHECK(map->HasKey(isolate, key2));
 
-  Handle<Symbol> key3 = factory->NewSymbol();
+  DirectHandle<Symbol> key3 = factory->NewSymbol();
   CHECK(!map->HasKey(isolate, key3));
   map = SmallOrderedHashMap::Add(isolate, map, key3, value).ToHandleChecked();
   Verify(isolate, map);
@@ -234,7 +234,7 @@ TEST(SmallOrderedHashMapInsertion) {
   CHECK(map->HasKey(isolate, key2));
   CHECK(map->HasKey(isolate, key3));
 
-  Handle<Object> key4 = factory->NewHeapNumber(42.0);
+  DirectHandle<Object> key4 = factory->NewHeapNumber(42.0);
   CHECK(!map->HasKey(isolate, key4));
   map = SmallOrderedHashMap::Add(isolate, map, key4, value).ToHandleChecked();
   Verify(isolate, map);
@@ -262,14 +262,14 @@ TEST(SmallOrderedHashSetDuplicateHashCode) {
   HandleScope scope(isolate);
 
   Handle<SmallOrderedHashSet> set = factory->NewSmallOrderedHashSet();
-  Handle<JSObject> key1 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key1 = factory->NewJSObjectWithNullProto();
   set = SmallOrderedHashSet::Add(isolate, set, key1).ToHandleChecked();
   Verify(isolate, set);
   CHECK_EQ(2, set->NumberOfBuckets());
   CHECK_EQ(1, set->NumberOfElements());
   CHECK(set->HasKey(isolate, key1));
 
-  Handle<JSObject> key2 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key2 = factory->NewJSObjectWithNullProto();
   CopyHashCode(key1, key2);
 
   set = SmallOrderedHashSet::Add(isolate, set, key2).ToHandleChecked();
@@ -288,14 +288,14 @@ TEST(SmallOrderedHashMapDuplicateHashCode) {
 
   Handle<SmallOrderedHashMap> map = factory->NewSmallOrderedHashMap();
   DirectHandle<JSObject> value = factory->NewJSObjectWithNullProto();
-  Handle<JSObject> key1 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key1 = factory->NewJSObjectWithNullProto();
   map = SmallOrderedHashMap::Add(isolate, map, key1, value).ToHandleChecked();
   Verify(isolate, map);
   CHECK_EQ(2, map->NumberOfBuckets());
   CHECK_EQ(1, map->NumberOfElements());
   CHECK(map->HasKey(isolate, key1));
 
-  Handle<JSObject> key2 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key2 = factory->NewJSObjectWithNullProto();
   CopyHashCode(key1, key2);
 
   CHECK(!Object::SameValue(*key1, *key2));
@@ -804,7 +804,7 @@ TEST(SmallOrderedHashMapDeletion) {
   CHECK_EQ(0, map->NumberOfDeletedElements());
 
   // Delete from an empty hash table
-  Handle<Smi> key1(Smi::FromInt(1), isolate);
+  DirectHandle<Smi> key1(Smi::FromInt(1), isolate);
   CHECK(!SmallOrderedHashMap::Delete(isolate, *map, *key1));
   Verify(isolate, map);
   CHECK_EQ(2, map->NumberOfBuckets());
@@ -834,7 +834,7 @@ TEST(SmallOrderedHashMapDeletion) {
   CHECK_EQ(1, map->NumberOfDeletedElements());
   CHECK(map->HasKey(isolate, key1));
 
-  Handle<String> key2 = factory->NewStringFromAsciiChecked("foo");
+  DirectHandle<String> key2 = factory->NewStringFromAsciiChecked("foo");
   CHECK(!map->HasKey(isolate, key2));
   map = SmallOrderedHashMap::Add(isolate, map, key2, value).ToHandleChecked();
   Verify(isolate, map);
@@ -843,7 +843,7 @@ TEST(SmallOrderedHashMapDeletion) {
   CHECK_EQ(1, map->NumberOfDeletedElements());
   CHECK(map->HasKey(isolate, key2));
 
-  Handle<Symbol> key3 = factory->NewSymbol();
+  DirectHandle<Symbol> key3 = factory->NewSymbol();
   CHECK(!map->HasKey(isolate, key3));
   map = SmallOrderedHashMap::Add(isolate, map, key3, value).ToHandleChecked();
   Verify(isolate, map);
@@ -947,7 +947,7 @@ TEST(SmallOrderedHashMapDuplicateHashCodeDeletion) {
   HandleScope scope(isolate);
 
   Handle<SmallOrderedHashMap> map = factory->NewSmallOrderedHashMap();
-  Handle<JSObject> key1 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key1 = factory->NewJSObjectWithNullProto();
   DirectHandle<JSObject> value = factory->NewJSObjectWithNullProto();
   map = SmallOrderedHashMap::Add(isolate, map, key1, value).ToHandleChecked();
   Verify(isolate, map);
@@ -956,7 +956,7 @@ TEST(SmallOrderedHashMapDuplicateHashCodeDeletion) {
   CHECK_EQ(0, map->NumberOfDeletedElements());
   CHECK(map->HasKey(isolate, key1));
 
-  Handle<JSObject> key2 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key2 = factory->NewJSObjectWithNullProto();
   CopyHashCode(key1, key2);
 
   // We shouldn't be able to delete the key!
@@ -1103,7 +1103,7 @@ TEST(SmallOrderedHashSetDeletion) {
   CHECK_EQ(0, set->NumberOfDeletedElements());
 
   // Delete from an empty hash table
-  Handle<Smi> key1(Smi::FromInt(1), isolate);
+  DirectHandle<Smi> key1(Smi::FromInt(1), isolate);
   CHECK(!SmallOrderedHashSet::Delete(isolate, *set, *key1));
   Verify(isolate, set);
   CHECK_EQ(2, set->NumberOfBuckets());
@@ -1133,7 +1133,7 @@ TEST(SmallOrderedHashSetDeletion) {
   CHECK_EQ(1, set->NumberOfDeletedElements());
   CHECK(set->HasKey(isolate, key1));
 
-  Handle<String> key2 = factory->NewStringFromAsciiChecked("foo");
+  DirectHandle<String> key2 = factory->NewStringFromAsciiChecked("foo");
   CHECK(!set->HasKey(isolate, key2));
   set = SmallOrderedHashSet::Add(isolate, set, key2).ToHandleChecked();
   Verify(isolate, set);
@@ -1142,7 +1142,7 @@ TEST(SmallOrderedHashSetDeletion) {
   CHECK_EQ(1, set->NumberOfDeletedElements());
   CHECK(set->HasKey(isolate, key2));
 
-  Handle<Symbol> key3 = factory->NewSymbol();
+  DirectHandle<Symbol> key3 = factory->NewSymbol();
   CHECK(!set->HasKey(isolate, key3));
   set = SmallOrderedHashSet::Add(isolate, set, key3).ToHandleChecked();
   Verify(isolate, set);
@@ -1245,7 +1245,7 @@ TEST(SmallOrderedHashSetDuplicateHashCodeDeletion) {
   HandleScope scope(isolate);
 
   Handle<SmallOrderedHashSet> set = factory->NewSmallOrderedHashSet();
-  Handle<JSObject> key1 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key1 = factory->NewJSObjectWithNullProto();
   set = SmallOrderedHashSet::Add(isolate, set, key1).ToHandleChecked();
   Verify(isolate, set);
   CHECK_EQ(2, set->NumberOfBuckets());
@@ -1253,7 +1253,7 @@ TEST(SmallOrderedHashSetDuplicateHashCodeDeletion) {
   CHECK_EQ(0, set->NumberOfDeletedElements());
   CHECK(set->HasKey(isolate, key1));
 
-  Handle<JSObject> key2 = factory->NewJSObjectWithNullProto();
+  DirectHandle<JSObject> key2 = factory->NewJSObjectWithNullProto();
   CopyHashCode(key1, key2);
 
   // We shouldn't be able to delete the key!
@@ -1289,7 +1289,7 @@ TEST(OrderedHashSetHandlerInsertion) {
   CHECK(SmallOrderedHashSet::Is(set));
 
   for (int i = 0; i < 1024; i++) {
-    Handle<Smi> key_i(Smi::FromInt(i), isolate);
+    DirectHandle<Smi> key_i(Smi::FromInt(i), isolate);
     set = OrderedHashSetHandler::Add(isolate, set, key_i).ToHandleChecked();
     Verify(isolate, set);
     for (int j = 0; j <= i; j++) {
@@ -1326,7 +1326,7 @@ TEST(OrderedHashMapHandlerInsertion) {
   CHECK(SmallOrderedHashMap::Is(map));
 
   for (int i = 0; i < 1024; i++) {
-    Handle<Smi> key_i(Smi::FromInt(i), isolate);
+    DirectHandle<Smi> key_i(Smi::FromInt(i), isolate);
     DirectHandle<Smi> value_i(Smi::FromInt(i), isolate);
     map = OrderedHashMapHandler::Add(isolate, map, key_i, value_i)
               .ToHandleChecked();
@@ -1516,7 +1516,7 @@ TEST(OrderedNameDictionaryValueAtAndValueAtPut) {
   CHECK_EQ(InternalIndex(0), dict->FindEntry(isolate, *key1));
 
   InternalIndex entry = dict->FindEntry(isolate, *key1);
-  Handle<Object> found = handle(dict->ValueAt(entry), isolate);
+  DirectHandle<Object> found(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
@@ -1525,7 +1525,7 @@ TEST(OrderedNameDictionaryValueAtAndValueAtPut) {
   dict->ValueAtPut(entry, *other_value);
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 
   DirectHandle<Symbol> key2 = factory->NewSymbol();
@@ -1539,18 +1539,18 @@ TEST(OrderedNameDictionaryValueAtAndValueAtPut) {
   CHECK_EQ(InternalIndex(1), dict->FindEntry(isolate, *key2));
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 
   entry = dict->FindEntry(isolate, *key2);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
   dict->ValueAtPut(entry, *other_value);
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 }
 
@@ -1738,7 +1738,7 @@ TEST(SmallOrderedNameDictionaryValueAtAndValueAtPut) {
   CHECK_EQ(InternalIndex(0), dict->FindEntry(isolate, *key1));
 
   InternalIndex entry = dict->FindEntry(isolate, *key1);
-  Handle<Object> found = handle(dict->ValueAt(entry), isolate);
+  DirectHandle<Object> found(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
@@ -1747,7 +1747,7 @@ TEST(SmallOrderedNameDictionaryValueAtAndValueAtPut) {
   dict->ValueAtPut(entry, *other_value);
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 
   DirectHandle<Symbol> key2 = factory->NewSymbol();
@@ -1761,18 +1761,18 @@ TEST(SmallOrderedNameDictionaryValueAtAndValueAtPut) {
   CHECK_EQ(InternalIndex(1), dict->FindEntry(isolate, *key2));
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 
   entry = dict->FindEntry(isolate, *key2);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
   dict->ValueAtPut(entry, *other_value);
 
   entry = dict->FindEntry(isolate, *key1);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
 }
 
@@ -1895,7 +1895,7 @@ TEST(OrderedNameDictionaryHandlerInsertion) {
 
   // Add a new key.
   DirectHandle<String> value = isolate->factory()->InternalizeUtf8String("bar");
-  Handle<String> key = isolate->factory()->InternalizeUtf8String("foo");
+  DirectHandle<String> key = isolate->factory()->InternalizeUtf8String("foo");
   PropertyDetails details = PropertyDetails::Empty();
 
   table = OrderedNameDictionaryHandler::Add(isolate, table, key, value, details)
@@ -2002,7 +2002,7 @@ TEST(OrderedNameDictionarySetEntry) {
 
   InternalIndex entry = dict->FindEntry(isolate, *key);
   CHECK_EQ(InternalIndex(0), entry);
-  Handle<Object> found = handle(dict->ValueAt(entry), isolate);
+  DirectHandle<Object> found(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
@@ -2014,9 +2014,9 @@ TEST(OrderedNameDictionarySetEntry) {
 
   entry = dict->FindEntry(isolate, *key);
   CHECK_EQ(InternalIndex(0), entry);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
-  found = handle(dict->KeyAt(entry), isolate);
+  found = direct_handle(dict->KeyAt(entry), isolate);
   CHECK_EQ(*found, *key);
   PropertyDetails found_details = dict->DetailsAt(entry);
   CHECK_EQ(found_details.AsSmi(), other_details.AsSmi());
@@ -2047,7 +2047,7 @@ TEST(SmallOrderedNameDictionarySetEntry) {
 
   InternalIndex entry = dict->FindEntry(isolate, *key);
   CHECK_EQ(InternalIndex(0), entry);
-  Handle<Object> found = handle(dict->ValueAt(entry), isolate);
+  DirectHandle<Object> found(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *value);
 
   // Change the value
@@ -2058,9 +2058,9 @@ TEST(SmallOrderedNameDictionarySetEntry) {
 
   entry = dict->FindEntry(isolate, *key);
   CHECK_EQ(InternalIndex(0), entry);
-  found = handle(dict->ValueAt(entry), isolate);
+  found = direct_handle(dict->ValueAt(entry), isolate);
   CHECK_EQ(*found, *other_value);
-  found = handle(dict->KeyAt(entry), isolate);
+  found = direct_handle(dict->KeyAt(entry), isolate);
   CHECK_EQ(*found, *key);
   PropertyDetails found_details = dict->DetailsAt(entry);
   CHECK_EQ(found_details.AsSmi(), other_details.AsSmi());
@@ -2078,7 +2078,7 @@ TEST(OrderedNameDictionaryDeleteEntry) {
   CHECK_EQ(2, dict->NumberOfBuckets());
   CHECK_EQ(0, dict->NumberOfElements());
 
-  Handle<String> key = factory->InternalizeUtf8String("foo");
+  DirectHandle<String> key = factory->InternalizeUtf8String("foo");
   DirectHandle<String> value = factory->InternalizeUtf8String("bar");
   CHECK(dict->FindEntry(isolate, *key).is_not_found());
   PropertyDetails details = PropertyDetails::Empty();
@@ -2140,7 +2140,7 @@ TEST(SmallOrderedNameDictionaryDeleteEntry) {
   CHECK_EQ(2, dict->NumberOfBuckets());
   CHECK_EQ(0, dict->NumberOfElements());
 
-  Handle<String> key = factory->InternalizeUtf8String("foo");
+  DirectHandle<String> key = factory->InternalizeUtf8String("foo");
   DirectHandle<String> value = factory->InternalizeUtf8String("bar");
   CHECK(dict->FindEntry(isolate, *key).is_not_found());
   PropertyDetails details = PropertyDetails::Empty();
diff --git a/deps/v8/test/cctest/test-regexp.cc b/deps/v8/test/cctest/test-regexp.cc
index 7dee3b96afd282..56474969a53bb3 100644
--- a/deps/v8/test/cctest/test-regexp.cc
+++ b/deps/v8/test/cctest/test-regexp.cc
@@ -105,17 +105,15 @@ class InterruptTest {
   static void TwoByteSubjectToOneByte(Isolate* isolate, void* data) {
     auto instance = reinterpret_cast<InterruptTest*>(data);
     HandleScope scope(isolate);
+    i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(isolate);
     Local<RegExp> re = instance->regexp_handle_.Get(isolate);
     i::DirectHandle<i::JSRegExp> regexp = Utils::OpenDirectHandle(*re);
     // We executed on a two-byte subject so far, so we expect only bytecode for
     // two-byte to be present.
-    i::Tagged<i::Object> one_byte_code = regexp->bytecode(/* is_latin1 */ true);
-    CHECK(IsSmi(one_byte_code));
-    CHECK_EQ(i::Cast<i::Smi>(one_byte_code).value(),
-             i::JSRegExp::kUninitializedValue);
-    i::Tagged<i::Object> two_byte_code =
-        regexp->bytecode(/* is_latin1 */ false);
-    CHECK(IsByteArray(two_byte_code));
+    i::Tagged<i::IrRegExpData> re_data =
+        Cast<i::IrRegExpData>(regexp->data(i_isolate));
+    CHECK(!re_data->has_latin1_bytecode());
+    CHECK(re_data->has_uc16_bytecode());
 
     // Transition the subject string to one-byte by internalizing it.
     // It already contains only one-byte characters.
@@ -344,6 +342,7 @@ TEST(InterruptAndTransitionSubjectFromTwoByteToOneByte) {
   // installed during the interrupt.
   i::DirectHandle<i::JSRegExp> regexp =
       Utils::OpenDirectHandle(*test.GetRegExp());
-  i::Tagged<i::Object> one_byte_code = regexp->bytecode(/* is_latin1 */ true);
-  CHECK(IsByteArray(one_byte_code));
+  i::Tagged<i::IrRegExpData> data =
+      Cast<i::IrRegExpData>(regexp->data(i_isolate));
+  CHECK(data->has_latin1_bytecode());
 }
diff --git a/deps/v8/test/cctest/test-serialize.cc b/deps/v8/test/cctest/test-serialize.cc
index b9d9f24211af8d..fe07dc1b221b79 100644
--- a/deps/v8/test/cctest/test-serialize.cc
+++ b/deps/v8/test/cctest/test-serialize.cc
@@ -896,6 +896,7 @@ void TestCustomSnapshotDataBlobWithIrregexpCode(
 
   // Test-appropriate equivalent of v8::Isolate::New.
   v8::Isolate* isolate1 = TestSerializer::NewIsolate(params1);
+  Isolate* i_isolate1 = reinterpret_cast<Isolate*>(isolate1);
   {
     v8::Isolate::Scope i_scope(isolate1);
     v8::HandleScope h_scope(isolate1);
@@ -906,7 +907,7 @@ void TestCustomSnapshotDataBlobWithIrregexpCode(
       // serialization.
       i::DirectHandle<i::JSRegExp> re =
           Utils::OpenDirectHandle(*CompileRun("re1").As<v8::RegExp>());
-      CHECK(!re->HasCompiledCode());
+      CHECK(!re->data(i_isolate1)->HasCompiledCode());
     }
     {
       v8::Maybe<int32_t> result =
@@ -927,8 +928,9 @@ void TestCustomSnapshotDataBlobWithIrregexpCode(
       // Check that ATOM regexp remains valid.
       i::DirectHandle<i::JSRegExp> re =
           Utils::OpenDirectHandle(*CompileRun("re2").As<v8::RegExp>());
-      CHECK_EQ(re->type_tag(), JSRegExp::ATOM);
-      CHECK(!re->HasCompiledCode());
+      i::Tagged<i::RegExpData> data = re->data(i_isolate1);
+      CHECK_EQ(data->type_tag(), RegExpData::Type::ATOM);
+      CHECK(!data->HasCompiledCode());
     }
   }
   isolate1->Dispose();
@@ -1314,7 +1316,7 @@ UNINITIALIZED_TEST(CustomSnapshotDataBlobOnOrOffHeapTypedArray) {
     v8::Context::Scope c_scope(context);
     TestInt32Expectations(expectations);
 
-    i::Handle<i::JSArrayBuffer> buffer =
+    i::DirectHandle<i::JSArrayBuffer> buffer =
         GetBufferFromTypedArray(CompileRun("x"));
     // The resulting buffer should be on-heap.
     CHECK(buffer->IsEmpty());
@@ -1905,7 +1907,7 @@ TEST(CodeSerializerPromotedToCompilationCache) {
                                v8::ScriptCompiler::kNoCompileOptions,
                                ScriptCompiler::InMemoryCacheResult::kMiss);
 
-  Handle<SharedFunctionInfo> copy;
+  DirectHandle<SharedFunctionInfo> copy;
   {
     DisallowCompilation no_compile_expected(isolate);
     copy = CompileScript(isolate, src, default_script_details, cache,
@@ -2084,7 +2086,7 @@ TEST(CompileFunctionCompilationCache) {
     i_args->set(static_cast<int>(i), *arg);
   }
 
-  Handle<SharedFunctionInfo> sfi;
+  DirectHandle<SharedFunctionInfo> sfi;
   v8::ScriptCompiler::CachedData* cache;
   {
     v8::ScriptCompiler::Source script_source(src, origin);
@@ -2095,7 +2097,7 @@ TEST(CompileFunctionCompilationCache) {
             .ToLocalChecked();
     cache = v8::ScriptCompiler::CreateCodeCacheForFunction(fun);
     auto js_function = Cast<JSFunction>(Utils::OpenDirectHandle(*fun));
-    sfi = Handle<SharedFunctionInfo>(js_function->shared(), i_isolate);
+    sfi = direct_handle(js_function->shared(), i_isolate);
   }
 
   {
@@ -2252,7 +2254,7 @@ TEST(CompileFunctionCompilationCache) {
   }
 
   // Compile the function again with different options.
-  Handle<SharedFunctionInfo> other_sfi;
+  DirectHandle<SharedFunctionInfo> other_sfi;
   v8::Local<v8::Symbol> other_sym;
   {
     v8::Local<v8::PrimitiveArray> other_options =
@@ -2271,7 +2273,7 @@ TEST(CompileFunctionCompilationCache) {
             ScriptCompiler::kNoCacheNoReason)
             .ToLocalChecked();
     auto js_function = Cast<JSFunction>(Utils::OpenDirectHandle(*fun));
-    other_sfi = Handle<SharedFunctionInfo>(js_function->shared(), i_isolate);
+    other_sfi = direct_handle(js_function->shared(), i_isolate);
     CHECK_NE(*other_sfi, *sfi);
   }
 
@@ -2444,7 +2446,7 @@ TEST(CodeSerializerLargeCodeObjectWithIncrementalMarking) {
       isolate->factory()->NewStringFromUtf8(source).ToHandleChecked();
 
   // Create a string on an evacuation candidate in old space.
-  Handle<String> moving_object;
+  DirectHandle<String> moving_object;
   PageMetadata* ec_page;
   {
     AlwaysAllocateScopeForTesting always_allocate(heap);
@@ -2549,7 +2551,7 @@ TEST(CodeSerializerLargeStrings) {
           .ToHandleChecked();
 
   CHECK_EQ(6 * 1999999, Cast<String>(copy_result)->length());
-  Handle<Object> property = JSReceiver::GetDataProperty(
+  DirectHandle<Object> property = JSReceiver::GetDataProperty(
       isolate, isolate->global_object(), f->NewStringFromAsciiChecked("s"));
   CHECK(isolate->heap()->InSpace(Cast<HeapObject>(*property), LO_SPACE));
   property = JSReceiver::GetDataProperty(isolate, isolate->global_object(),
@@ -3308,7 +3310,7 @@ static void CodeSerializerMergeDeserializedScript(bool retain_toplevel_sfi) {
   Handle<String> source = isolate->factory()->NewStringFromAsciiChecked(
       "(function () {return 123;})");
   AlignedCachedData* cached_data = nullptr;
-  Handle<Script> script;
+  DirectHandle<Script> script;
   {
     HandleScope first_compilation_scope(isolate);
     DirectHandle<SharedFunctionInfo> shared = CompileScriptAndProduceCache(
@@ -3316,16 +3318,16 @@ static void CodeSerializerMergeDeserializedScript(bool retain_toplevel_sfi) {
         v8::ScriptCompiler::kNoCompileOptions,
         ScriptCompiler::InMemoryCacheResult::kMiss);
     SharedFunctionInfo::EnsureOldForTesting(*shared);
-    Handle<Script> local_script =
-        handle(Cast<Script>(shared->script()), isolate);
+    Handle<Script> local_script(Cast<Script>(shared->script()), isolate);
     script = first_compilation_scope.CloseAndEscape(local_script);
   }
 
-  Handle<HeapObject> retained_toplevel_sfi;
+  DirectHandle<HeapObject> retained_toplevel_sfi;
   if (retain_toplevel_sfi) {
-    retained_toplevel_sfi = handle(
-        script->shared_function_infos()->get(0).GetHeapObjectAssumeWeak(),
-        isolate);
+    retained_toplevel_sfi = direct_handle(script->infos()
+                                              ->get(kFunctionLiteralIdTopLevel)
+                                              .GetHeapObjectAssumeWeak(),
+                                          isolate);
   }
 
   // GC twice in case incremental marking had already marked the bytecode array.
@@ -5771,15 +5773,16 @@ UNINITIALIZED_TEST(ClassFieldsWithBindings) {
   FreeCurrentEmbeddedBlob();
 }
 
-void CheckSFIsAreWeak(Tagged<WeakFixedArray> sfis, Isolate* isolate) {
+void CheckInfosAreWeak(Tagged<WeakFixedArray> sfis, Isolate* isolate) {
   CHECK_GT(sfis->length(), 0);
   int no_of_weak = 0;
   for (int i = 0; i < sfis->length(); ++i) {
     Tagged<MaybeObject> maybe_object = sfis->get(i);
     Tagged<HeapObject> heap_object;
-    CHECK(maybe_object.IsWeakOrCleared() ||
+    CHECK(!maybe_object.GetHeapObjectIfWeak(isolate, &heap_object) ||
           (maybe_object.GetHeapObjectIfStrong(&heap_object) &&
-           IsUndefined(heap_object, isolate)));
+           IsUndefined(heap_object, isolate)) ||
+          Is<SharedFunctionInfo>(heap_object) || Is<ScopeInfo>(heap_object));
     if (maybe_object.IsWeak()) {
       ++no_of_weak;
     }
@@ -5831,10 +5834,10 @@ UNINITIALIZED_TEST(WeakArraySerializationInSnapshot) {
     DirectHandle<JSFunction> function =
         Cast<JSFunction>(v8::Utils::OpenDirectHandle(*x));
 
-    // Verify that the pointers in shared_function_infos are weak.
+    // Verify that the pointers in infos are weak.
     Tagged<WeakFixedArray> sfis =
-        Cast<Script>(function->shared()->script())->shared_function_infos();
-    CheckSFIsAreWeak(sfis, reinterpret_cast<i::Isolate*>(isolate));
+        Cast<Script>(function->shared()->script())->infos();
+    CheckInfosAreWeak(sfis, reinterpret_cast<i::Isolate*>(isolate));
   }
   isolate->Dispose();
   delete[] blob.data;
@@ -5864,10 +5867,9 @@ TEST(WeakArraySerializationInCodeCache) {
       CompileScript(isolate, src, script_details, cache,
                     v8::ScriptCompiler::kConsumeCodeCache);
 
-  // Verify that the pointers in shared_function_infos are weak.
-  Tagged<WeakFixedArray> sfis =
-      Cast<Script>(copy->script())->shared_function_infos();
-  CheckSFIsAreWeak(sfis, isolate);
+  // Verify that the pointers in infos are weak.
+  Tagged<WeakFixedArray> sfis = Cast<Script>(copy->script())->infos();
+  CheckInfosAreWeak(sfis, isolate);
 
   delete cache;
 }
diff --git a/deps/v8/test/cctest/test-shared-strings.cc b/deps/v8/test/cctest/test-shared-strings.cc
index 198f3450768a44..5ac17e4527c3a8 100644
--- a/deps/v8/test/cctest/test-shared-strings.cc
+++ b/deps/v8/test/cctest/test-shared-strings.cc
@@ -662,6 +662,7 @@ UNINITIALIZED_TEST(StringShare) {
 
   v8_flags.shared_string_table = true;
 
+  ManualGCScope manual_gc_scope;
   ExternalResourceFactory resource_factory;
   MultiClientIsolateTest test;
   Isolate* i_isolate = test.i_main_isolate();
@@ -1665,7 +1666,7 @@ void CreateExternalResources(Isolate* i_isolate,
   resources.reserve(strings->length());
   for (int i = 0; i < strings->length(); i++) {
     DirectHandle<String> input_string(Cast<String>(strings->get(i)), i_isolate);
-    CHECK(Utils::ToLocal(input_string, i_isolate)
+    CHECK(Utils::ToLocal(input_string)
               ->CanMakeExternal(v8::String::Encoding::ONE_BYTE_ENCODING));
     const int length = input_string->length();
     char* buffer = new char[length + 1];
@@ -2121,9 +2122,11 @@ UNINITIALIZED_TEST(SharedStringInClientGlobalHandle) {
 
 class ClientIsolateThreadForPagePromotions : public v8::base::Thread {
  public:
+  // Expects a ManualGCScope to be in scope while `Run()` is executed.
   ClientIsolateThreadForPagePromotions(const char* name,
                                        MultiClientIsolateTest* test,
-                                       Handle<String>* shared_string)
+                                       Handle<String>* shared_string,
+                                       const ManualGCScope& witness)
       : v8::base::Thread(base::Thread::Options(name)),
         test_(test),
         shared_string_(shared_string) {}
@@ -2208,7 +2211,8 @@ UNINITIALIZED_TEST(RegisterOldToSharedForPromotedPageFromClient) {
           raw_one_byte, AllocationType::kSharedOld);
   CHECK(shared_heap->Contains(*shared_string));
 
-  ClientIsolateThreadForPagePromotions thread("worker", &test, &shared_string);
+  ClientIsolateThreadForPagePromotions thread("worker", &test, &shared_string,
+                                              manual_gc_scope);
   CHECK(thread.Start());
 
   while (test.main_isolate_wakeup_counter() < 1) {
@@ -2263,7 +2267,8 @@ UNINITIALIZED_TEST(
                    i::GarbageCollectionReason::kTesting);
   }
 
-  ClientIsolateThreadForPagePromotions thread("worker", &test, &shared_string);
+  ClientIsolateThreadForPagePromotions thread("worker", &test, &shared_string,
+                                              manual_gc_scope);
   CHECK(thread.Start());
 
   while (test.main_isolate_wakeup_counter() < 1) {
@@ -2277,9 +2282,10 @@ UNINITIALIZED_TEST(
 
 class ClientIsolateThreadForRetainingByRememberedSet : public v8::base::Thread {
  public:
+  // Expects a ManualGCScope to be in scope while `Run()` is executed.
   ClientIsolateThreadForRetainingByRememberedSet(
       const char* name, MultiClientIsolateTest* test,
-      Persistent<v8::String>* weak_ref)
+      Persistent<v8::String>* weak_ref, const ManualGCScope& witness)
       : v8::base::Thread(base::Thread::Options(name)),
         test_(test),
         weak_ref_(weak_ref) {}
@@ -2418,8 +2424,8 @@ UNINITIALIZED_TEST(SharedObjectRetainedByClientRememberedSet) {
     dead_weak_ref.SetWeak();
   }
 
-  ClientIsolateThreadForRetainingByRememberedSet thread("worker", &test,
-                                                        &live_weak_ref);
+  ClientIsolateThreadForRetainingByRememberedSet thread(
+      "worker", &test, &live_weak_ref, manual_gc_scope);
   CHECK(thread.Start());
 
   // Wait for client isolate to allocate objects and start a GC.
diff --git a/deps/v8/test/cctest/test-strings.cc b/deps/v8/test/cctest/test-strings.cc
index c59f46cabe59cd..518911f4250ce1 100644
--- a/deps/v8/test/cctest/test-strings.cc
+++ b/deps/v8/test/cctest/test-strings.cc
@@ -1339,6 +1339,7 @@ class OneByteVectorResource : public v8::String::ExternalOneByteStringResource {
 
 TEST(InternalizeExternal) {
   v8_flags.stress_incremental_marking = false;
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   i::Isolate* isolate = CcTest::i_isolate();
   Factory* factory = isolate->factory();
@@ -1505,7 +1506,7 @@ TEST(SliceFromSlice) {
   CcTest::InitializeVM();
   v8::HandleScope scope(CcTest::isolate());
   v8::Local<v8::Value> result;
-  Handle<String> string;
+  DirectHandle<String> string;
   const char* init = "var str = 'abcdefghijklmnopqrstuvwxyz';";
   const char* slice = "var slice = ''; slice = str.slice(1,-1); slice";
   const char* slice_from_slice = "slice.slice(1,-1);";
@@ -1513,14 +1514,14 @@ TEST(SliceFromSlice) {
   CompileRun(init);
   result = CompileRun(slice);
   CHECK(result->IsString());
-  string = v8::Utils::OpenHandle(v8::String::Cast(*result));
+  string = v8::Utils::OpenDirectHandle(v8::String::Cast(*result));
   CHECK(IsSlicedString(*string));
   CHECK(IsSeqString(Cast<SlicedString>(*string)->parent()));
   CHECK_EQ(0, strcmp("bcdefghijklmnopqrstuvwxy", string->ToCString().get()));
 
   result = CompileRun(slice_from_slice);
   CHECK(result->IsString());
-  string = v8::Utils::OpenHandle(v8::String::Cast(*result));
+  string = v8::Utils::OpenDirectHandle(v8::String::Cast(*result));
   CHECK(IsSlicedString(*string));
   CHECK(IsSeqString(Cast<SlicedString>(*string)->parent()));
   CHECK_EQ(0, strcmp("cdefghijklmnopqrstuvwx", string->ToCString().get()));
diff --git a/deps/v8/test/cctest/test-swiss-name-dictionary-csa.cc b/deps/v8/test/cctest/test-swiss-name-dictionary-csa.cc
index 81eb12c0dba1f6..82efb2337a7f02 100644
--- a/deps/v8/test/cctest/test-swiss-name-dictionary-csa.cc
+++ b/deps/v8/test/cctest/test-swiss-name-dictionary-csa.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/codegen/code-stub-assembler-inl.h"
 #include "src/codegen/cpu-features.h"
 #include "src/objects/objects-inl.h"
@@ -55,8 +57,8 @@ class CSATestRunner {
   void Shrink();
 
   Handle<FixedArray> GetData(InternalIndex entry);
-  void CheckCounts(base::Optional<int> capacity, base::Optional<int> elements,
-                   base::Optional<int> deleted);
+  void CheckCounts(std::optional<int> capacity, std::optional<int> elements,
+                   std::optional<int> deleted);
   void CheckEnumerationOrder(const std::vector<std::string>& expected_keys);
   void CheckCopy();
   void VerifyHeap();
@@ -180,9 +182,9 @@ Handle<FixedArray> CSATestRunner::GetData(InternalIndex entry) {
       table, handle(Smi::FromInt(entry.as_int()), isolate_));
 }
 
-void CSATestRunner::CheckCounts(base::Optional<int> capacity,
-                                base::Optional<int> elements,
-                                base::Optional<int> deleted) {
+void CSATestRunner::CheckCounts(std::optional<int> capacity,
+                                std::optional<int> elements,
+                                std::optional<int> deleted) {
   DirectHandle<FixedArray> counts =
       get_counts_ft_.CallChecked<FixedArray>(table);
 
diff --git a/deps/v8/test/cctest/test-swiss-name-dictionary-infra.h b/deps/v8/test/cctest/test-swiss-name-dictionary-infra.h
index 5ba22c10e46edc..6f20599bb52d1e 100644
--- a/deps/v8/test/cctest/test-swiss-name-dictionary-infra.h
+++ b/deps/v8/test/cctest/test-swiss-name-dictionary-infra.h
@@ -6,6 +6,7 @@
 #define V8_TEST_CCTEST_TEST_SWISS_NAME_DICTIONARY_INFRA_H_
 
 #include <memory>
+#include <optional>
 #include <utility>
 
 #include "src/objects/objects-inl.h"
@@ -17,13 +18,13 @@ namespace internal {
 namespace test_swiss_hash_table {
 
 using Value = std::string;
-using ValueOpt = base::Optional<Value>;
-using PropertyDetailsOpt = base::Optional<PropertyDetails>;
-using IndexOpt = base::Optional<InternalIndex>;
+using ValueOpt = std::optional<Value>;
+using PropertyDetailsOpt = std::optional<PropertyDetails>;
+using IndexOpt = std::optional<InternalIndex>;
 
 static const ValueOpt kNoValue;
 static const PropertyDetailsOpt kNoDetails;
-static const base::Optional<int> kNoInt;
+static const std::optional<int> kNoInt;
 static const IndexOpt kIndexUnknown;
 
 static const std::vector<int> interesting_initial_capacities = {
@@ -76,8 +77,8 @@ struct FakeH2 {
   bool operator==(const FakeH2& other) const { return value == other.value; }
 };
 
-using FakeH1Opt = base::Optional<FakeH1>;
-using FakeH2Opt = base::Optional<FakeH2>;
+using FakeH1Opt = std::optional<FakeH1>;
+using FakeH2Opt = std::optional<FakeH2>;
 
 // Representation of keys used when writing test cases.
 struct Key {
@@ -186,7 +187,7 @@ class TestSequence {
   }
 
   void CheckDataAtKey(Handle<Name> key, IndexOpt expected_index_opt,
-                      base::Optional<Handle<Object>> expected_value_opt,
+                      std::optional<Handle<Object>> expected_value_opt,
                       PropertyDetailsOpt expected_details_opt) {
     InternalIndex actual_index = runner_.FindEntry(key);
 
@@ -212,7 +213,7 @@ class TestSequence {
                       ValueOpt expected_value = kNoValue,
                       PropertyDetailsOpt expected_details = kNoDetails) {
     Handle<Name> key_handle = CreateKeyWithHash(isolate, keys_, expected_key);
-    base::Optional<Handle<Object>> value_handle_opt;
+    std::optional<Handle<Object>> value_handle_opt;
     if (expected_value) {
       value_handle_opt = isolate->factory()->NewStringFromAsciiChecked(
           expected_value.value().c_str(), AllocationType::kYoung);
@@ -237,9 +238,9 @@ class TestSequence {
     CHECK(runner_.FindEntry(key_handle).is_found());
   }
 
-  void CheckCounts(base::Optional<int> capacity,
-                   base::Optional<int> elements = base::Optional<int>(),
-                   base::Optional<int> deleted = base::Optional<int>()) {
+  void CheckCounts(std::optional<int> capacity,
+                   std::optional<int> elements = std::optional<int>(),
+                   std::optional<int> deleted = std::optional<int>()) {
     runner_.CheckCounts(capacity, elements, deleted);
   }
 
diff --git a/deps/v8/test/cctest/test-swiss-name-dictionary-shared-tests.h b/deps/v8/test/cctest/test-swiss-name-dictionary-shared-tests.h
index 9d8affca27248b..841494a0593631 100644
--- a/deps/v8/test/cctest/test-swiss-name-dictionary-shared-tests.h
+++ b/deps/v8/test/cctest/test-swiss-name-dictionary-shared-tests.h
@@ -6,6 +6,7 @@
 #define V8_TEST_CCTEST_TEST_SWISS_HASH_TABLE_SHARED_TESTS_H_
 
 #include <algorithm>
+#include <optional>
 #include <string>
 
 #include "test/cctest/test-swiss-name-dictionary-infra.h"
@@ -401,7 +402,7 @@ struct SharedSwissTableTests {
 
         // We don't know the indices where the new entries will land.
         s.CheckDataAtKey(Key{key, FakeH1{entry + kBigModulus}},
-                         base::Optional<InternalIndex>(), value, d);
+                         std::optional<InternalIndex>(), value, d);
         count++;
       }
 
diff --git a/deps/v8/test/cctest/test-swiss-name-dictionary.cc b/deps/v8/test/cctest/test-swiss-name-dictionary.cc
index be473745bd7e9c..bcdc5be95b7f8f 100644
--- a/deps/v8/test/cctest/test-swiss-name-dictionary.cc
+++ b/deps/v8/test/cctest/test-swiss-name-dictionary.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/objects/swiss-name-dictionary-inl.h"
 #include "test/cctest/cctest.h"
 #include "test/cctest/test-swiss-name-dictionary-infra.h"
@@ -41,8 +43,8 @@ class RuntimeTestRunner {
 
   // Tests that the current table has the given capacity, and number of
   // (deleted) elements, based on which optional values are present.
-  void CheckCounts(base::Optional<int> capacity, base::Optional<int> elements,
-                   base::Optional<int> deleted);
+  void CheckCounts(std::optional<int> capacity, std::optional<int> elements,
+                   std::optional<int> deleted);
   // Checks that |expected_keys| contains exactly the keys in the current table,
   // in the given order.
   void CheckEnumerationOrder(const std::vector<std::string>& expected_keys);
@@ -95,9 +97,9 @@ void RuntimeTestRunner::Delete(InternalIndex entry) {
   table = table->DeleteEntry(isolate_, table, entry);
 }
 
-void RuntimeTestRunner::CheckCounts(base::Optional<int> capacity,
-                                    base::Optional<int> elements,
-                                    base::Optional<int> deleted) {
+void RuntimeTestRunner::CheckCounts(std::optional<int> capacity,
+                                    std::optional<int> elements,
+                                    std::optional<int> deleted) {
   if (capacity.has_value()) {
     CHECK_EQ(capacity.value(), table->Capacity());
   }
diff --git a/deps/v8/test/cctest/torque/test-torque.cc b/deps/v8/test/cctest/torque/test-torque.cc
index 7cc490a5520a1f..01b2a3c9e7adae 100644
--- a/deps/v8/test/cctest/torque/test-torque.cc
+++ b/deps/v8/test/cctest/torque/test-torque.cc
@@ -18,6 +18,7 @@
 #include "src/objects/torque-defined-classes-inl.h"
 #include "src/strings/char-predicates.h"
 #include "test/cctest/compiler/function-tester.h"
+#include "test/cctest/heap/heap-utils.h"
 #include "test/common/code-assembler-tester.h"
 
 namespace v8 {
@@ -854,6 +855,7 @@ TEST(TestGeneratedCastOperators) {
 }
 
 TEST(TestNewPretenured) {
+  ManualGCScope manual_gc_scope;
   CcTest::InitializeVM();
   Isolate* isolate(CcTest::i_isolate());
   i::HandleScope scope(isolate);
diff --git a/deps/v8/test/cctest/wasm/test-gc.cc b/deps/v8/test/cctest/wasm/test-gc.cc
index ff9e9ccf25c6c1..3fa7745a831d92 100644
--- a/deps/v8/test/cctest/wasm/test-gc.cc
+++ b/deps/v8/test/cctest/wasm/test-gc.cc
@@ -38,6 +38,10 @@ class WasmGCTester {
         flag_wasm_dynamic_tiering(&v8::internal::v8_flags.wasm_dynamic_tiering,
                                   v8::internal::v8_flags.liftoff_only != true),
         flag_tierup(&v8::internal::v8_flags.wasm_tier_up, false),
+        // Manually apply flag implication by disabling deopts in case of
+        // --no-liftoff.
+        flag_wasm_deopt(&v8::internal::v8_flags.wasm_deopt,
+                        v8_flags.wasm_deopt && v8_flags.liftoff),
         zone_(&allocator, ZONE_NAME),
         builder_(&zone_),
         isolate_(CcTest::InitIsolateOnce()),
@@ -207,6 +211,7 @@ class WasmGCTester {
   const FlagScope<bool> flag_liftoff_only;
   const FlagScope<bool> flag_wasm_dynamic_tiering;
   const FlagScope<bool> flag_tierup;
+  const FlagScope<bool> flag_wasm_deopt;
 
   uint8_t DefineFunctionImpl(WasmFunctionBuilder* fun,
                              std::initializer_list<ValueType> locals,
diff --git a/deps/v8/test/cctest/wasm/test-run-wasm-f16.cc b/deps/v8/test/cctest/wasm/test-run-wasm-f16.cc
index 5cecf6c66223c9..10f4e054633411 100644
--- a/deps/v8/test/cctest/wasm/test-run-wasm-f16.cc
+++ b/deps/v8/test/cctest/wasm/test-run-wasm-f16.cc
@@ -4,6 +4,7 @@
 
 #include "src/base/overflowing-math.h"
 #include "src/codegen/assembler-inl.h"
+#include "src/numbers/conversions.h"
 #include "src/wasm/wasm-opcodes.h"
 #include "test/cctest/cctest.h"
 #include "test/cctest/wasm/wasm-run-utils.h"
@@ -17,27 +18,30 @@ namespace internal {
 namespace wasm {
 namespace test_run_wasm_f16 {
 
-TEST(F16Load) {
+WASM_EXEC_TEST(F16Load) {
   i::v8_flags.experimental_wasm_fp16 = true;
-  WasmRunner<float> r(TestExecutionTier::kLiftoff);
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<float> r(execution_tier);
   uint16_t* memory = r.builder().AddMemoryElems<uint16_t>(4);
   r.Build({WASM_F16_LOAD_MEM(WASM_I32V_1(4))});
   r.builder().WriteMemory(&memory[2], fp16_ieee_from_fp32_value(2.75));
   CHECK_EQ(2.75f, r.Call());
 }
 
-TEST(F16Store) {
+WASM_EXEC_TEST(F16Store) {
   i::v8_flags.experimental_wasm_fp16 = true;
-  WasmRunner<int32_t> r(TestExecutionTier::kLiftoff);
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t> r(execution_tier);
   uint16_t* memory = r.builder().AddMemoryElems<uint16_t>(4);
   r.Build({WASM_F16_STORE_MEM(WASM_I32V_1(4), WASM_F32(2.75)), WASM_ZERO});
   r.Call();
   CHECK_EQ(r.builder().ReadMemory(&memory[2]), fp16_ieee_from_fp32_value(2.75));
 }
 
-TEST(F16x8Splat) {
+WASM_EXEC_TEST(F16x8Splat) {
   i::v8_flags.experimental_wasm_fp16 = true;
-  WasmRunner<int32_t, float> r(TestExecutionTier::kLiftoff);
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float> r(execution_tier);
   // Set up a global to hold output vector.
   uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
   uint8_t param1 = 0;
@@ -58,9 +62,10 @@ TEST(F16x8Splat) {
   }
 }
 
-TEST(F16x8ReplaceLane) {
+WASM_EXEC_TEST(F16x8ReplaceLane) {
   i::v8_flags.experimental_wasm_fp16 = true;
-  WasmRunner<int32_t> r(TestExecutionTier::kLiftoff);
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t> r(execution_tier);
   // Set up a global to hold output vector.
   uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
   // Build function to replace each lane with its (FP) index.
@@ -99,9 +104,10 @@ TEST(F16x8ReplaceLane) {
   }
 }
 
-TEST(F16x8ExtractLane) {
+WASM_EXEC_TEST(F16x8ExtractLane) {
   i::v8_flags.experimental_wasm_fp16 = true;
-  WasmRunner<int32_t> r(TestExecutionTier::kLiftoff);
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t> r(execution_tier);
   uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
   float* globals[8];
   for (int i = 0; i < 8; i++) {
@@ -126,6 +132,319 @@ TEST(F16x8ExtractLane) {
   }
 }
 
+#define UN_OP_LIST(V) \
+  V(Abs, std::abs)    \
+  V(Neg, -)           \
+  V(Sqrt, std::sqrt)  \
+  V(Ceil, ceilf)      \
+  V(Floor, floorf)    \
+  V(Trunc, truncf)    \
+  V(NearestInt, nearbyintf)
+
+#define TEST_UN_OP(WasmName, COp)                                          \
+  uint16_t WasmName##F16(uint16_t a) {                                     \
+    return fp16_ieee_from_fp32_value(COp(fp16_ieee_to_fp32_value(a)));     \
+  }                                                                        \
+  WASM_EXEC_TEST(F16x8##WasmName) {                                        \
+    i::v8_flags.experimental_wasm_fp16 = true;                             \
+    i::v8_flags.turboshaft_wasm = true;                                    \
+    RunF16x8UnOpTest(execution_tier, kExprF16x8##WasmName, WasmName##F16); \
+  }
+
+UN_OP_LIST(TEST_UN_OP)
+
+#undef TEST_UN_OP
+#undef UN_OP_LIST
+
+#define CMP_OP_LIST(V) \
+  V(Eq, ==)            \
+  V(Ne, !=)            \
+  V(Gt, >)             \
+  V(Ge, >=)            \
+  V(Lt, <)             \
+  V(Le, <=)
+
+#define TEST_CMP_OP(WasmName, COp)                                             \
+  int16_t WasmName(uint16_t a, uint16_t b) {                                   \
+    return fp16_ieee_to_fp32_value(a) COp fp16_ieee_to_fp32_value(b) ? -1 : 0; \
+  }                                                                            \
+  WASM_EXEC_TEST(F16x8##WasmName) {                                            \
+    i::v8_flags.experimental_wasm_fp16 = true;                                 \
+    i::v8_flags.turboshaft_wasm = true;                                        \
+    RunF16x8CompareOpTest(execution_tier, kExprF16x8##WasmName, WasmName);     \
+  }
+
+CMP_OP_LIST(TEST_CMP_OP)
+
+#undef TEST_CMP_OP
+#undef UN_CMP_LIST
+
+float Add(float a, float b) { return a + b; }
+float Sub(float a, float b) { return a - b; }
+float Mul(float a, float b) { return a * b; }
+
+#define BIN_OP_LIST(V) \
+  V(Add, Add)          \
+  V(Sub, Sub)          \
+  V(Mul, Mul)          \
+  V(Div, base::Divide) \
+  V(Min, JSMin)        \
+  V(Max, JSMax)        \
+  V(Pmin, Minimum)     \
+  V(Pmax, Maximum)
+
+#define TEST_BIN_OP(WasmName, COp)                                          \
+  uint16_t WasmName##F16(uint16_t a, uint16_t b) {                          \
+    return fp16_ieee_from_fp32_value(                                       \
+        COp(fp16_ieee_to_fp32_value(a), fp16_ieee_to_fp32_value(b)));       \
+  }                                                                         \
+  WASM_EXEC_TEST(F16x8##WasmName) {                                         \
+    i::v8_flags.experimental_wasm_fp16 = true;                              \
+    i::v8_flags.turboshaft_wasm = true;                                     \
+    RunF16x8BinOpTest(execution_tier, kExprF16x8##WasmName, WasmName##F16); \
+  }
+
+BIN_OP_LIST(TEST_BIN_OP)
+
+#undef TEST_BIN_OP
+#undef BIN_OP_LIST
+
+WASM_EXEC_TEST(F16x8ConvertI16x8) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, int32_t> r(execution_tier);
+  // Create two output vectors to hold signed and unsigned results.
+  uint16_t* g0 = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  uint16_t* g1 = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  // Build fn to splat test value, perform conversions, and write the results.
+  uint8_t value = 0;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_I16x8_SPLAT(WASM_LOCAL_GET(value))),
+           WASM_GLOBAL_SET(0, WASM_SIMD_UNOP(kExprF16x8SConvertI16x8,
+                                             WASM_LOCAL_GET(temp1))),
+           WASM_GLOBAL_SET(1, WASM_SIMD_UNOP(kExprF16x8UConvertI16x8,
+                                             WASM_LOCAL_GET(temp1))),
+           WASM_ONE});
+
+  FOR_INT16_INPUTS(x) {
+    r.Call(x);
+    uint16_t expected_signed = fp16_ieee_from_fp32_value(x);
+    uint16_t expected_unsigned =
+        fp16_ieee_from_fp32_value(static_cast<uint16_t>(x));
+    for (int i = 0; i < 8; i++) {
+      CHECK_EQ(expected_signed, LANE(g0, i));
+      CHECK_EQ(expected_unsigned, LANE(g1, i));
+    }
+  }
+}
+
+int16_t ConvertToInt(uint16_t f16, bool unsigned_result) {
+  float f32 = fp16_ieee_to_fp32_value(f16);
+  if (std::isnan(f32)) return 0;
+  if (unsigned_result) {
+    if (f32 > float{kMaxUInt16}) return static_cast<uint16_t>(kMaxUInt16);
+    if (f32 < 0) return 0;
+    return static_cast<uint16_t>(f32);
+  } else {
+    if (f32 > float{kMaxInt16}) return static_cast<int16_t>(kMaxInt16);
+    if (f32 < float{kMinInt16}) return static_cast<int16_t>(kMinInt16);
+    return static_cast<int16_t>(f32);
+  }
+}
+
+// Tests both signed and unsigned conversion.
+WASM_EXEC_TEST(I16x8ConvertF16x8) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float> r(execution_tier);
+  // Create two output vectors to hold signed and unsigned results.
+  int16_t* g0 = r.builder().AddGlobal<int16_t>(kWasmS128);
+  int16_t* g1 = r.builder().AddGlobal<int16_t>(kWasmS128);
+  // Build fn to splat test value, perform conversions, and write the results.
+  uint8_t value = 0;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value))),
+           WASM_GLOBAL_SET(0, WASM_SIMD_UNOP(kExprI16x8SConvertF16x8,
+                                             WASM_LOCAL_GET(temp1))),
+           WASM_GLOBAL_SET(1, WASM_SIMD_UNOP(kExprI16x8UConvertF16x8,
+                                             WASM_LOCAL_GET(temp1))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    if (!PlatformCanRepresent(x)) continue;
+    r.Call(x);
+    int16_t expected_signed = ConvertToInt(fp16_ieee_from_fp32_value(x), false);
+    int16_t expected_unsigned =
+        ConvertToInt(fp16_ieee_from_fp32_value(x), true);
+    for (int i = 0; i < 8; i++) {
+      CHECK_EQ(expected_signed, LANE(g0, i));
+      CHECK_EQ(expected_unsigned, LANE(g1, i));
+    }
+  }
+}
+
+WASM_EXEC_TEST(F16x8DemoteF32x4Zero) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float> r(execution_tier);
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  r.Build({WASM_GLOBAL_SET(
+               0, WASM_SIMD_UNOP(kExprF16x8DemoteF32x4Zero,
+                                 WASM_SIMD_F32x4_SPLAT(WASM_LOCAL_GET(0)))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    r.Call(x);
+    uint16_t expected = fp16_ieee_from_fp32_value(x);
+    for (int i = 0; i < 4; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x, x, expected, actual, true);
+    }
+    for (int i = 4; i < 8; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x, x, 0, actual, true);
+    }
+  }
+}
+
+WASM_EXEC_TEST(F16x8DemoteF64x2Zero) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, double> r(execution_tier);
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  r.Build({WASM_GLOBAL_SET(
+               0, WASM_SIMD_UNOP(kExprF16x8DemoteF64x2Zero,
+                                 WASM_SIMD_F64x2_SPLAT(WASM_LOCAL_GET(0)))),
+           WASM_ONE});
+
+  FOR_FLOAT64_INPUTS(x) {
+    r.Call(x);
+    uint16_t expected = DoubleToFloat16(x);
+    for (int i = 0; i < 2; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x, x, expected, actual, true);
+    }
+    for (int i = 2; i < 8; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x, x, 0, actual, true);
+    }
+  }
+}
+
+WASM_EXEC_TEST(F32x4PromoteLowF16x8) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float> r(execution_tier);
+  float* g = r.builder().AddGlobal<float>(kWasmS128);
+  r.Build({WASM_GLOBAL_SET(
+               0, WASM_SIMD_UNOP(kExprF32x4PromoteLowF16x8,
+                                 WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(0)))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    r.Call(x);
+    float expected = fp16_ieee_to_fp32_value(fp16_ieee_from_fp32_value(x));
+    for (int i = 0; i < 4; i++) {
+      float actual = LANE(g, i);
+      CheckFloatResult(x, x, expected, actual, true);
+    }
+  }
+}
+
+struct FMOperation {
+  const float a;
+  const float b;
+  const float c;
+  const float fused_result;
+};
+
+constexpr float large_n = 1e4;
+constexpr float finf = std::numeric_limits<float>::infinity();
+constexpr float qNan = std::numeric_limits<float>::quiet_NaN();
+
+// Fused Multiply-Add performs a * b + c.
+static FMOperation qfma_array[] = {
+    {2.0f, 3.0f, 1.0f, 7.0f},
+    // fused: a * b + c = (positive overflow) + -inf = -inf
+    // unfused: a * b + c = inf + -inf = NaN
+    {large_n, large_n, -finf, -finf},
+    // fused: a * b + c = (negative overflow) + inf = inf
+    // unfused: a * b + c = -inf + inf = NaN
+    {-large_n, large_n, finf, finf},
+    // NaN
+    {2.0f, 3.0f, qNan, qNan},
+    // -NaN
+    {2.0f, 3.0f, -qNan, qNan}};
+
+base::Vector<const FMOperation> qfma_vector() {
+  return base::ArrayVector(qfma_array);
+}
+
+// Fused Multiply-Subtract performs -(a * b) + c.
+static FMOperation qfms_array[]{
+    {2.0f, 3.0f, 1.0f, -5.0f},
+    // fused: -(a * b) + c = - (positive overflow) + inf = inf
+    // unfused: -(a * b) + c = - inf + inf = NaN
+    {large_n, large_n, finf, finf},
+    // fused: -(a * b) + c = (negative overflow) + -inf = -inf
+    // unfused: -(a * b) + c = -inf - -inf = NaN
+    {-large_n, large_n, -finf, -finf},
+    // NaN
+    {2.0f, 3.0f, qNan, qNan},
+    // -NaN
+    {2.0f, 3.0f, -qNan, qNan}};
+
+base::Vector<const FMOperation> qfms_vector() {
+  return base::ArrayVector(qfms_array);
+}
+
+WASM_EXEC_TEST(F16x8Qfma) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float, float, float> r(execution_tier);
+  // Set up global to hold output.
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  uint8_t value1 = 0, value2 = 1, value3 = 2;
+  r.Build(
+      {WASM_GLOBAL_SET(0, WASM_SIMD_F16x8_QFMA(
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value1)),
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value2)),
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value3)))),
+       WASM_ONE});
+  for (FMOperation x : qfma_vector()) {
+    r.Call(x.a, x.b, x.c);
+    uint16_t expected = fp16_ieee_from_fp32_value(x.fused_result);
+    for (int i = 0; i < 8; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x.a, x.b, x.c, expected, actual, true /* exact */);
+    }
+  }
+}
+
+WASM_EXEC_TEST(F16x8Qfms) {
+  i::v8_flags.experimental_wasm_fp16 = true;
+  i::v8_flags.turboshaft_wasm = true;
+  WasmRunner<int32_t, float, float, float> r(execution_tier);
+  // Set up global to hold output.
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  uint8_t value1 = 0, value2 = 1, value3 = 2;
+  r.Build(
+      {WASM_GLOBAL_SET(0, WASM_SIMD_F16x8_QFMS(
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value1)),
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value2)),
+                              WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value3)))),
+       WASM_ONE});
+
+  for (FMOperation x : qfms_vector()) {
+    r.Call(x.a, x.b, x.c);
+    uint16_t expected = fp16_ieee_from_fp32_value(x.fused_result);
+    for (int i = 0; i < 8; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x.a, x.b, x.c, expected, actual, true /* exact */);
+    }
+  }
+}
+
 }  // namespace test_run_wasm_f16
 }  // namespace wasm
 }  // namespace internal
diff --git a/deps/v8/test/cctest/wasm/test-run-wasm-simd.cc b/deps/v8/test/cctest/wasm/test-run-wasm-simd.cc
index 25c947b70f8785..5b5de8b84f5ff5 100644
--- a/deps/v8/test/cctest/wasm/test-run-wasm-simd.cc
+++ b/deps/v8/test/cctest/wasm/test-run-wasm-simd.cc
@@ -4939,6 +4939,39 @@ TEST(RunWasmTurbofan_LoadStoreExtractRevec) {
   CHECK_EQ(5.0f, r.Call(0, 32));
 }
 
+#ifdef V8_TARGET_ARCH_X64
+TEST(RunWasmTurbofan_LoadStoreExtract2Revec) {
+  EXPERIMENTAL_FLAG_SCOPE(revectorize);
+  if (!CpuFeatures::IsSupported(AVX2)) return;
+  WasmRunner<float, int32_t, int32_t> r(TestExecutionTier::kTurbofan);
+  float* memory =
+      r.builder().AddMemoryElems<float>(kWasmPageSize / sizeof(float));
+  uint8_t param1 = 0;
+  uint8_t param2 = 1;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  uint8_t temp2 = r.AllocateLocal(kWasmS128);
+  constexpr uint8_t offset = 16;
+  {
+    TSSimd256VerifyScope ts_scope(r.zone());
+    // Load two F32x4 vectors, store to memory, and sum up the two F32x4
+    // vectors. Revectorization still succeeds as we can omit the lane 0
+    // extract on x64.
+    r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_LOAD_MEM(WASM_LOCAL_GET(param1))),
+             WASM_LOCAL_SET(temp2, WASM_SIMD_LOAD_MEM_OFFSET(
+                                       offset, WASM_LOCAL_GET(param1))),
+             WASM_SIMD_STORE_MEM(WASM_LOCAL_GET(param2), WASM_LOCAL_GET(temp1)),
+             WASM_SIMD_STORE_MEM_OFFSET(offset, WASM_LOCAL_GET(param2),
+                                        WASM_LOCAL_GET(temp2)),
+             WASM_SIMD_F32x4_EXTRACT_LANE(
+                 1, WASM_SIMD_BINOP(kExprF32x4Add, WASM_LOCAL_GET(temp1),
+                                    WASM_LOCAL_GET(temp2)))});
+  }
+  r.builder().WriteMemory(&memory[1], 1.0f);
+  r.builder().WriteMemory(&memory[5], 2.0f);
+  CHECK_EQ(3.0f, r.Call(0, 32));
+}
+#endif  // V8_TARGET_ARCH_X64
+
 TEST(RunWasmTurbofan_ReversedLoadStoreExtractRevec) {
   EXPERIMENTAL_FLAG_SCOPE(revectorize);
   if (!CpuFeatures::IsSupported(AVX2)) return;
diff --git a/deps/v8/test/cctest/wasm/test-run-wasm-wrappers.cc b/deps/v8/test/cctest/wasm/test-run-wasm-wrappers.cc
index 2ef92bc4ad88f2..81b0125608403a 100644
--- a/deps/v8/test/cctest/wasm/test-run-wasm-wrappers.cc
+++ b/deps/v8/test/cctest/wasm/test-run-wasm-wrappers.cc
@@ -17,8 +17,9 @@ namespace test_run_wasm_wrappers {
 
 using testing::CompileAndInstantiateForTesting;
 
-#if V8_COMPRESS_POINTERS && (V8_TARGET_ARCH_X64 || V8_TARGET_ARCH_ARM64 || \
-                             V8_TARGET_ARCH_IA32 || V8_TARGET_ARCH_ARM)
+#if V8_COMPRESS_POINTERS &&                                               \
+    (V8_TARGET_ARCH_X64 || V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_IA32 || \
+     V8_TARGET_ARCH_ARM || V8_TARGET_ARCH_LOONG64)
 namespace {
 Handle<WasmInstanceObject> CompileModule(Zone* zone, Isolate* isolate,
                                          WasmModuleBuilder* builder) {
@@ -160,11 +161,11 @@ TEST(WrapperReplacement) {
 
     // Call the exported Wasm function as many times as required to almost
     // exhaust the remaining budget for using the generic wrapper.
-    Handle<Code> wrapper_before_call;
+    DirectHandle<Code> wrapper_before_call;
     for (int i = remaining_budget; i > 0; --i) {
       // Verify that the wrapper to be used is the generic one.
       wrapper_before_call =
-          handle(main_function_data->wrapper_code(isolate), isolate);
+          direct_handle(main_function_data->wrapper_code(isolate), isolate);
       CHECK(IsGeneric(*wrapper_before_call));
       // Call the function.
       Handle<Object> params[1] = {SmiHandle(isolate, i)};
diff --git a/deps/v8/test/cctest/wasm/test-wasm-breakpoints.cc b/deps/v8/test/cctest/wasm/test-wasm-breakpoints.cc
index 02b0670d188be4..7d676a643cb315 100644
--- a/deps/v8/test/cctest/wasm/test-wasm-breakpoints.cc
+++ b/deps/v8/test/cctest/wasm/test-wasm-breakpoints.cc
@@ -147,8 +147,8 @@ Handle<BreakPoint> SetBreakpoint(WasmRunnerBase* runner, int function_index,
   if (expected_set_byte_offset == -1) expected_set_byte_offset = byte_offset;
   DirectHandle<WasmInstanceObject> instance =
       runner->builder().instance_object();
-  Handle<Script> script(instance->module_object()->script(),
-                        runner->main_isolate());
+  DirectHandle<Script> script(instance->module_object()->script(),
+                              runner->main_isolate());
   static int break_index = 0;
   Handle<BreakPoint> break_point =
       runner->main_isolate()->factory()->NewBreakPoint(
diff --git a/deps/v8/test/cctest/wasm/test-wasm-stack.cc b/deps/v8/test/cctest/wasm/test-wasm-stack.cc
index ce57ff66290717..e1b6bc2cc3c32a 100644
--- a/deps/v8/test/cctest/wasm/test-wasm-stack.cc
+++ b/deps/v8/test/cctest/wasm/test-wasm-stack.cc
@@ -213,7 +213,7 @@ WASM_COMPILED_EXEC_TEST(CollectDetailedWasmStack_WasmUrl) {
   DirectHandle<FixedArray> stack_trace_object =
       isolate->GetSimpleStackTrace(Cast<JSReceiver>(exception));
   CHECK_NE(0, stack_trace_object->length());
-  Handle<CallSiteInfo> stack_frame(
+  DirectHandle<CallSiteInfo> stack_frame(
       Cast<CallSiteInfo>(stack_trace_object->get(0)), isolate);
 
   MaybeHandle<String> maybe_stack_trace_str =
diff --git a/deps/v8/test/cctest/wasm/test-wasm-trap-position.cc b/deps/v8/test/cctest/wasm/test-wasm-trap-position.cc
index 5b14470001548e..48f3421913bf0f 100644
--- a/deps/v8/test/cctest/wasm/test-wasm-trap-position.cc
+++ b/deps/v8/test/cctest/wasm/test-wasm-trap-position.cc
@@ -52,7 +52,7 @@ void CheckExceptionInfos(v8::internal::Isolate* isolate, Handle<Object> exc,
   CHECK_EQ(N, stack->length());
 
   for (int i = 0; i < N; ++i) {
-    Handle<CallSiteInfo> info(Cast<CallSiteInfo>(stack->get(i)), isolate);
+    DirectHandle<CallSiteInfo> info(Cast<CallSiteInfo>(stack->get(i)), isolate);
     auto func_name =
         Cast<String>(CallSiteInfo::GetFunctionName(info))->ToCString();
     CHECK_CSTREQ(excInfos[i].func_name, func_name.get());
diff --git a/deps/v8/test/cctest/wasm/wasm-run-utils.cc b/deps/v8/test/cctest/wasm/wasm-run-utils.cc
index c4d54e46982229..555e3d32bcf85e 100644
--- a/deps/v8/test/cctest/wasm/wasm-run-utils.cc
+++ b/deps/v8/test/cctest/wasm/wasm-run-utils.cc
@@ -4,7 +4,8 @@
 
 #include "test/cctest/wasm/wasm-run-utils.h"
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/codegen/assembler-inl.h"
 #include "src/compiler/pipeline.h"
 #include "src/diagnostics/code-tracer.h"
@@ -87,9 +88,9 @@ TestingModuleBuilder::TestingModuleBuilder(
     // Manually compile an import wrapper and insert it into the instance.
     uint32_t canonical_type_index =
         GetTypeCanonicalizer()->AddRecursiveGroup(sig);
-    WasmImportData resolved({}, -1, maybe_import->js_function, sig,
-                            canonical_type_index,
-                            WellKnownImport::kUninstantiated);
+    ResolvedWasmImport resolved({}, -1, maybe_import->js_function, sig,
+                                canonical_type_index,
+                                WellKnownImport::kUninstantiated);
     ImportCallKind kind = resolved.kind();
     DirectHandle<JSReceiver> callable = resolved.callable();
     WasmImportWrapperCache::ModificationScope cache_scope(
@@ -105,8 +106,8 @@ TestingModuleBuilder::TestingModuleBuilder(
     }
 
     ImportedFunctionEntry(trusted_instance_data_, maybe_import_index)
-        .SetWasmToJs(isolate_, callable, import_wrapper, resolved.suspend(),
-                     sig);
+        .SetCompiledWasmToJs(isolate_, callable, import_wrapper,
+                             resolved.suspend(), sig);
   }
 }
 
@@ -299,10 +300,16 @@ void TestingModuleBuilder::AddIndirectFunctionTable(
       WasmFunction& function = test_module_->functions[function_indexes[i]];
       int sig_id =
           test_module_->isorecursive_canonical_type_ids[function.sig_index];
-      FunctionTargetAndRef entry(isolate_, trusted_instance_data_,
-                                 function.func_index);
+      FunctionTargetAndImplicitArg entry(isolate_, trusted_instance_data_,
+                                         function.func_index);
+#if !V8_ENABLE_DRUMBRAKE
+      trusted_instance_data_->dispatch_table(table_index)
+          ->Set(i, *entry.implicit_arg(), entry.call_target(), sig_id);
+#else   // !V8_ENABLE_DRUMBRAKE
       trusted_instance_data_->dispatch_table(table_index)
-          ->Set(i, *entry.ref(), entry.call_target(), sig_id);
+          ->Set(i, *entry.implicit_arg(), entry.call_target(), sig_id,
+                function.func_index);
+#endif  // !V8_ENABLE_DRUMBRAKE
       WasmTableObject::SetFunctionTablePlaceholder(
           isolate_, table_obj, i, trusted_instance_data_, function_indexes[i]);
     }
@@ -342,7 +349,8 @@ uint32_t TestingModuleBuilder::AddException(const FunctionSig* sig) {
   uint32_t index = static_cast<uint32_t>(test_module_->tags.size());
   test_module_->tags.emplace_back(sig, AddSignature(sig));
   DirectHandle<WasmExceptionTag> tag = WasmExceptionTag::New(isolate_, index);
-  Handle<FixedArray> table(trusted_instance_data_->tags_table(), isolate_);
+  DirectHandle<FixedArray> table(trusted_instance_data_->tags_table(),
+                                 isolate_);
   table = isolate_->factory()->CopyFixedArrayAndGrow(table, 1);
   trusted_instance_data_->set_tags_table(*table);
   table->set(index, *tag);
@@ -434,8 +442,7 @@ Handle<WasmInstanceObject> TestingModuleBuilder::InitInstanceObject() {
   // Asm.js modules are expected to have "normal" scripts, not Wasm scripts.
   if (is_asmjs_module(native_module->module())) {
     script->set_type(Script::Type::kNormal);
-    script->set_shared_function_infos(
-        ReadOnlyRoots{isolate_}.empty_weak_fixed_array());
+    script->set_infos(ReadOnlyRoots{isolate_}.empty_weak_fixed_array());
   }
 
   DirectHandle<WasmModuleObject> module_object =
@@ -530,7 +537,9 @@ void WasmFunctionCompiler::Build(base::Vector<const uint8_t> bytes) {
     env.module->set_function_validated(function_->func_index);
   }
 
-  base::Optional<WasmCompilationResult> result;
+  if (v8_flags.wasm_jitless) return;
+
+  std::optional<WasmCompilationResult> result;
   if (builder_->test_execution_tier() ==
       TestExecutionTier::kLiftoffForFuzzing) {
     result.emplace(ExecuteLiftoffCompilation(
diff --git a/deps/v8/test/cctest/wasm/wasm-run-utils.h b/deps/v8/test/cctest/wasm/wasm-run-utils.h
index c3824076e7b863..a17ab2e553f827 100644
--- a/deps/v8/test/cctest/wasm/wasm-run-utils.h
+++ b/deps/v8/test/cctest/wasm/wasm-run-utils.h
@@ -39,9 +39,16 @@
 #include "test/common/value-helper.h"
 #include "test/common/wasm/flag-utils.h"
 
+#if V8_ENABLE_DRUMBRAKE
+#include "src/wasm/interpreter/wasm-interpreter.h"
+#endif  // V8_ENABLE_DRUMBRAKE
+
 namespace v8::internal::wasm {
 
 enum class TestExecutionTier : int8_t {
+#if V8_ENABLE_DRUMBRAKE
+  kInterpreter = static_cast<int8_t>(ExecutionTier::kInterpreter),
+#endif  // V8_ENABLE_DRUMBRAKE
   kLiftoff = static_cast<int8_t>(ExecutionTier::kLiftoff),
   kTurbofan = static_cast<int8_t>(ExecutionTier::kTurbofan),
   kLiftoffForFuzzing
@@ -251,6 +258,10 @@ class TestingModuleBuilder {
 
   ExecutionTier execution_tier() const {
     switch (execution_tier_) {
+#if V8_ENABLE_DRUMBRAKE
+      case TestExecutionTier::kInterpreter:
+        return ExecutionTier::kInterpreter;
+#endif  // V8_ENABLE_DRUMBRAKE
       case TestExecutionTier::kTurbofan:
         return ExecutionTier::kTurbofan;
       case TestExecutionTier::kLiftoff:
@@ -582,12 +593,24 @@ class WasmRunner : public WasmRunnerBase {
 };
 
 // A macro to define tests that run in different engine configurations.
+#if V8_ENABLE_DRUMBRAKE
+#define TEST_IF_DRUMBRAKE(name)                      \
+  TEST(RunWasmInterpreter_##name) {                  \
+    FLAG_SCOPE(wasm_jitless);                        \
+    WasmInterpreterThread::Initialize();             \
+    RunWasm_##name(TestExecutionTier::kInterpreter); \
+    WasmInterpreterThread::Terminate();              \
+  }
+#else
+#define TEST_IF_DRUMBRAKE(name)
+#endif  // V8_ENABLE_DRUMBRAKE
 #define WASM_EXEC_TEST(name)                                                   \
   void RunWasm_##name(TestExecutionTier execution_tier);                       \
   TEST(RunWasmTurbofan_##name) {                                               \
     RunWasm_##name(TestExecutionTier::kTurbofan);                              \
   }                                                                            \
   TEST(RunWasmLiftoff_##name) { RunWasm_##name(TestExecutionTier::kLiftoff); } \
+  TEST_IF_DRUMBRAKE(name)                                                      \
   void RunWasm_##name(TestExecutionTier execution_tier)
 
 #define UNINITIALIZED_WASM_EXEC_TEST(name)               \
diff --git a/deps/v8/test/cctest/wasm/wasm-simd-utils.cc b/deps/v8/test/cctest/wasm/wasm-simd-utils.cc
index a421e6486814d9..856e7b226747dd 100644
--- a/deps/v8/test/cctest/wasm/wasm-simd-utils.cc
+++ b/deps/v8/test/cctest/wasm/wasm-simd-utils.cc
@@ -446,6 +446,94 @@ void CheckFloat16LaneResult(float x, float y, float z, uint16_t expected,
   }
 }
 
+void RunF16x8UnOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                      HalfUnOp expected_op, bool exact) {
+  WasmRunner<int32_t, float> r(execution_tier);
+  // Global to hold output.
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  // Build fn to splat test value, perform unop, and write the result.
+  uint8_t value = 0;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value))),
+           WASM_GLOBAL_SET(0, WASM_SIMD_UNOP(opcode, WASM_LOCAL_GET(temp1))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    if (!PlatformCanRepresent(x)) continue;
+    // Extreme values have larger errors so skip them for approximation tests.
+    if (!exact && IsExtreme(x)) continue;
+    uint16_t expected = expected_op(fp16_ieee_from_fp32_value(x));
+    if (!PlatformCanRepresent(expected)) continue;
+    r.Call(x);
+    for (int i = 0; i < 8; i++) {
+      uint16_t actual = LANE(g, i);
+      CheckFloat16LaneResult(x, x, expected, actual, exact);
+    }
+  }
+}
+
+void RunF16x8BinOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                       HalfBinOp expected_op) {
+  WasmRunner<int32_t, float, float> r(execution_tier);
+  // Global to hold output.
+  uint16_t* g = r.builder().AddGlobal<uint16_t>(kWasmS128);
+  // Build fn to splat test values, perform binop, and write the result.
+  uint8_t value1 = 0, value2 = 1;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  uint8_t temp2 = r.AllocateLocal(kWasmS128);
+  r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value1))),
+           WASM_LOCAL_SET(temp2, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value2))),
+           WASM_GLOBAL_SET(0, WASM_SIMD_BINOP(opcode, WASM_LOCAL_GET(temp1),
+                                              WASM_LOCAL_GET(temp2))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    if (!PlatformCanRepresent(x)) continue;
+    FOR_FLOAT32_INPUTS(y) {
+      if (!PlatformCanRepresent(y)) continue;
+      uint16_t expected = expected_op(fp16_ieee_from_fp32_value(x),
+                                      fp16_ieee_from_fp32_value(y));
+      if (!PlatformCanRepresent(expected)) continue;
+      r.Call(x, y);
+      for (int i = 0; i < 8; i++) {
+        uint16_t actual = LANE(g, i);
+        CheckFloat16LaneResult(x, y, expected, actual, true /* exact */);
+      }
+    }
+  }
+}
+
+void RunF16x8CompareOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                           HalfCompareOp expected_op) {
+  WasmRunner<int32_t, float, float> r(execution_tier);
+  // Set up global to hold mask output.
+  int16_t* g = r.builder().AddGlobal<int16_t>(kWasmS128);
+  // Build fn to splat test values, perform compare op, and write the result.
+  uint8_t value1 = 0, value2 = 1;
+  uint8_t temp1 = r.AllocateLocal(kWasmS128);
+  uint8_t temp2 = r.AllocateLocal(kWasmS128);
+  r.Build({WASM_LOCAL_SET(temp1, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value1))),
+           WASM_LOCAL_SET(temp2, WASM_SIMD_F16x8_SPLAT(WASM_LOCAL_GET(value2))),
+           WASM_GLOBAL_SET(0, WASM_SIMD_BINOP(opcode, WASM_LOCAL_GET(temp1),
+                                              WASM_LOCAL_GET(temp2))),
+           WASM_ONE});
+
+  FOR_FLOAT32_INPUTS(x) {
+    if (!PlatformCanRepresent(x)) continue;
+    FOR_FLOAT32_INPUTS(y) {
+      if (!PlatformCanRepresent(y)) continue;
+      float diff = x - y;  // Model comparison as subtraction.
+      if (!PlatformCanRepresent(diff)) continue;
+      r.Call(x, y);
+      int16_t expected = expected_op(fp16_ieee_from_fp32_value(x),
+                                     fp16_ieee_from_fp32_value(y));
+      for (int i = 0; i < 8; i++) {
+        CHECK_EQ(expected, LANE(g, i));
+      }
+    }
+  }
+}
+
 bool IsExtreme(float x) {
   float abs_x = std::fabs(x);
   const float kSmallFloatThreshold = 1.0e-32f;
diff --git a/deps/v8/test/cctest/wasm/wasm-simd-utils.h b/deps/v8/test/cctest/wasm/wasm-simd-utils.h
index e15291b8b42d99..3d0b3604520b29 100644
--- a/deps/v8/test/cctest/wasm/wasm-simd-utils.h
+++ b/deps/v8/test/cctest/wasm/wasm-simd-utils.h
@@ -314,6 +314,13 @@ bool IsCanonical(double actual);
 void CheckDoubleResult(double x, double y, double expected, double actual,
                        bool exact = true);
 
+void RunF16x8UnOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                      HalfUnOp expected_op, bool exact = true);
+void RunF16x8BinOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                       HalfBinOp expected_op);
+void RunF16x8CompareOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
+                           HalfCompareOp expected_op);
+
 void RunF32x4UnOpTest(TestExecutionTier execution_tier, WasmOpcode opcode,
                       FloatUnOp expected_op, bool exact = true);
 
diff --git a/deps/v8/test/common/wasm/wasm-macro-gen.h b/deps/v8/test/common/wasm/wasm-macro-gen.h
index 0c3870a4c7bd18..9f04d6c12d0307 100644
--- a/deps/v8/test/common/wasm/wasm-macro-gen.h
+++ b/deps/v8/test/common/wasm/wasm-macro-gen.h
@@ -1041,6 +1041,8 @@ inline uint16_t ExtractPrefixedOpcodeBytes(WasmOpcode opcode) {
 #define WASM_SIMD_F64x2_QFMS(a, b, c) a, b, c, WASM_SIMD_OP(kExprF64x2Qfms)
 #define WASM_SIMD_F32x4_QFMA(a, b, c) a, b, c, WASM_SIMD_OP(kExprF32x4Qfma)
 #define WASM_SIMD_F32x4_QFMS(a, b, c) a, b, c, WASM_SIMD_OP(kExprF32x4Qfms)
+#define WASM_SIMD_F16x8_QFMA(a, b, c) a, b, c, WASM_SIMD_OP(kExprF16x8Qfma)
+#define WASM_SIMD_F16x8_QFMS(a, b, c) a, b, c, WASM_SIMD_OP(kExprF16x8Qfms)
 
 // Like WASM_SIMD_LOAD_MEM but needs the load opcode.
 #define WASM_SIMD_LOAD_OP(opcode, index) \
diff --git a/deps/v8/test/debugger/debug/compiler/regress-354005322.js b/deps/v8/test/debugger/debug/compiler/regress-354005322.js
new file mode 100644
index 00000000000000..03f9e8b685cbd5
--- /dev/null
+++ b/deps/v8/test/debugger/debug/compiler/regress-354005322.js
@@ -0,0 +1,38 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --no-turboshaft-loop-unrolling --expose-gc --enable-inspector
+
+var Debug = debug.Debug;
+
+Debug.setListener(function (event, exec_state, event_data, data) {
+  if (event == Debug.DebugEvent.Break) {
+    gc();
+  }
+});
+
+function foo(b) {
+  %ScheduleBreak();
+
+  // Allocating a first object.
+  let o1 = { x : 42 };
+
+  // Inserting a loop, in order to get a JSStackCheck.
+  let v = 0;
+  for (; v < 42; v = (v + 2) * 2) {}
+
+  // Allocating a second object. This should not get allocation-folded with the
+  // first allocation, because of the JSStackCheck's GC in the middle.
+  let o2 = { x : o1, y : v };
+
+  return o2;
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals({ x : { x : 42 }, y : 60 }, foo());
+assertEquals({ x : { x : 42 }, y : 60 }, foo());
+
+%OptimizeFunctionOnNextCall(foo);
+assertEquals({ x : { x : 42 }, y : 60 }, foo());
diff --git a/deps/v8/test/fuzzer/inspector-fuzzer.cc b/deps/v8/test/fuzzer/inspector-fuzzer.cc
index b53b9167b4e6da..559951b3a4434a 100644
--- a/deps/v8/test/fuzzer/inspector-fuzzer.cc
+++ b/deps/v8/test/fuzzer/inspector-fuzzer.cc
@@ -4,6 +4,7 @@
 
 #include <locale.h>
 
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -192,7 +193,7 @@ class UtilsExtension : public InspectorIsolateData::SetupGlobalTask {
     int context_group_id = info[0].As<v8::Int32>()->Value();
     bool is_fully_trusted =
         info.Length() == 3 || info[3].As<v8::Boolean>()->Value();
-    base::Optional<int> session_id;
+    std::optional<int> session_id;
     RunSyncTask(backend_runner_,
                 [context_group_id, &session_id, &channel, &state,
                  is_fully_trusted](InspectorIsolateData* data) {
@@ -631,7 +632,7 @@ void FuzzInspector(const uint8_t* data, size_t size) {
   // running background tasks to be properly joined.
 }
 
-}  //  namespace
+}  // namespace
 }  // namespace internal
 }  // namespace v8
 
diff --git a/deps/v8/test/fuzzer/regexp.cc b/deps/v8/test/fuzzer/regexp.cc
index 6678ffde552d11..166885446de8ea 100644
--- a/deps/v8/test/fuzzer/regexp.cc
+++ b/deps/v8/test/fuzzer/regexp.cc
@@ -19,7 +19,7 @@
 
 namespace i = v8::internal;
 
-void Test(v8::Isolate* isolate, i::Handle<i::JSRegExp> regexp,
+void Test(v8::Isolate* isolate, i::DirectHandle<i::JSRegExp> regexp,
           i::Handle<i::String> subject,
           i::Handle<i::RegExpMatchInfo> results_array) {
   v8::TryCatch try_catch(isolate);
diff --git a/deps/v8/test/fuzzer/wasm-deopt.cc b/deps/v8/test/fuzzer/wasm-deopt.cc
index 383b18c5fc514a..228be7a3e7b216 100644
--- a/deps/v8/test/fuzzer/wasm-deopt.cc
+++ b/deps/v8/test/fuzzer/wasm-deopt.cc
@@ -128,7 +128,6 @@ std::vector<ExecutionResult> PerformReferenceRun(
 
   NearHeapLimitCallbackScope near_heap_limit(isolate);
   for (uint32_t i = 0; i < callees.size(); ++i) {
-
     arguments[0] = handle(Smi::FromInt(i), isolate);
     std::unique_ptr<const char[]> exception;
     int32_t result = testing::CallWasmFunctionForTesting(
@@ -166,7 +165,6 @@ std::vector<ExecutionResult> PerformReferenceRun(
 }
 
 int FuzzIt(base::Vector<const uint8_t> data) {
-  int deopt_count_before = GetWasmEngine()->GetDeoptsExecutedCount();
   v8_fuzzer::FuzzerSupport* support = v8_fuzzer::FuzzerSupport::Get();
   v8::Isolate* isolate = support->GetIsolate();
 
@@ -250,7 +248,7 @@ int FuzzIt(base::Vector<const uint8_t> data) {
           ->SyncInstantiate(i_isolate, &thrower, module_object, {}, {})
           .ToHandleChecked();
 
-  Handle<WasmExportedFunction> main_function =
+  DirectHandle<WasmExportedFunction> main_function =
       testing::GetExportedFunction(i_isolate, instance, "main")
           .ToHandleChecked();
   int function_to_optimize =
@@ -263,6 +261,8 @@ int FuzzIt(base::Vector<const uint8_t> data) {
     function_to_optimize--;
   }
 
+  int deopt_count_begin = GetWasmEngine()->GetDeoptsExecutedCount();
+  int deopt_count_previous_iteration = deopt_count_begin;
   size_t num_callees = reference_results.size();
   for (uint32_t i = 0; i < num_callees; ++i) {
     auto arguments = base::OwnedVector<Handle<Object>>::New(1);
@@ -284,15 +284,21 @@ int FuzzIt(base::Vector<const uint8_t> data) {
       UNREACHABLE();
     }
 
+    int deopt_count = GetWasmEngine()->GetDeoptsExecutedCount();
+    if (i != 0 && deopt_count == deopt_count_previous_iteration) {
+      // No deopt triggered. Skip the rest of the run as it won't provide
+      // meaningful coverage for the deoptimizer.
+      // Return -1 to prevent adding this case to the corpus if not a single
+      // deopt was executed.
+      return deopt_count == deopt_count_begin ? -1 : 0;
+    }
+    deopt_count_previous_iteration = deopt_count;
+
     TierUpNowForTesting(i_isolate, instance->trusted_data(i_isolate),
                         function_to_optimize);
   }
 
-  // If no deopt was triggered, return -1 to prevent adding this case to the
-  // corpus.
-  bool deopt_triggered =
-      GetWasmEngine()->GetDeoptsExecutedCount() != deopt_count_before;
-  return deopt_triggered ? 0 : -1;
+  return 0;
 }
 
 }  // anonymous namespace
diff --git a/deps/v8/test/fuzzer/wasm-fuzzer-common.cc b/deps/v8/test/fuzzer/wasm-fuzzer-common.cc
index 8d1df549c0b504..f63c46495857d0 100644
--- a/deps/v8/test/fuzzer/wasm-fuzzer-common.cc
+++ b/deps/v8/test/fuzzer/wasm-fuzzer-common.cc
@@ -291,12 +291,17 @@ void EnableExperimentalWasmFeatures(v8::Isolate* isolate) {
       FOREACH_WASM_STAGING_FEATURE_FLAG(ENABLE_STAGED_FEATURES)
 #undef ENABLE_STAGED_FEATURES
 
-#if V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_X64
-      // Enable non-staged experimental features that we also want to fuzz.
-      v8_flags.wasm_memory64_trap_handling = true;
-#endif  // V8_TARGET_ARCH_ARM64 || V8_TARGET_ARCH_X64
-      // Note: If you add something here, you will also have to add the
-      // respective flag(s) to the mjsunit/wasm/generate-random-module test.
+      // Enable non-staged experimental features or other experimental flags
+      // that we also want to fuzz, e.g., new optimizations.
+      // Note: If you add a Wasm feature here, you will also have to add the
+      // respective flag(s) to the mjsunit/wasm/generate-random-module.js test,
+      // otherwise that fails on an unsupported feature.
+      // You may also want to add the flag(s) to the JS file header in
+      // `PrintModule()` of `mjsunit-module-disassembler-impl.h`, to make bugs
+      // easier to reproduce with generated mjsunit test cases.
+
+      // See https://crbug.com/335082212.
+      v8_flags.wasm_inlining_call_indirect = true;
 
       // Enforce implications from enabling features.
       FlagList::EnforceFlagImplications();
diff --git a/deps/v8/test/inspector/debugger/wasm-jspi-async-stack-expected.txt b/deps/v8/test/inspector/debugger/wasm-jspi-async-stack-expected.txt
index c0a6bd5d0a1894..f7545869699fc5 100644
--- a/deps/v8/test/inspector/debugger/wasm-jspi-async-stack-expected.txt
+++ b/deps/v8/test/inspector/debugger/wasm-jspi-async-stack-expected.txt
@@ -3,221 +3,221 @@ Test async stack traces with wasm jspi
 Running test: testAsyncStackTracesOnPauseAndError
 Testing async callstacks in JSPI with test function testSimple
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x5b)
-    at async wrapperFunc (test.js:44:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x52)
+    at async wrapperFunc (test.js:38:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x61)
-    at async wrapperFunc (test.js:44:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x56)
+    at async wrapperFunc (test.js:38:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:97)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:86)
 
 Returned result {"result":{"type":"number","value":3,"description":"3"}}
 
 Testing async callstacks in JSPI with test function testSetTimeout
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSetTimeout (test.js:83:3)
+    at doPause (test.js:45:34)
+    at testSetTimeout (test.js:77:3)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSetTimeout (test.js:82:2)
+doPause (test.js:45:2)
+testSetTimeout (test.js:76:2)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSetTimeout (test.js:83:3)
+    at doPause (test.js:45:34)
+    at testSetTimeout (test.js:77:3)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSetTimeout (test.js:82:2)
+doPause (test.js:45:2)
+testSetTimeout (test.js:76:2)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 -- setTimeout --
-result (test.js:81:40)
-testSetTimeout (test.js:81:23)
+result (test.js:75:40)
+testSetTimeout (test.js:75:23)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSetTimeout (test.js:83:3)
+    at doPause (test.js:45:34)
+    at testSetTimeout (test.js:77:3)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSetTimeout (test.js:82:2)
+doPause (test.js:45:2)
+testSetTimeout (test.js:76:2)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:97)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:86)
 -- setTimeout --
-result (test.js:81:40)
-testSetTimeout (test.js:81:23)
+result (test.js:75:40)
+testSetTimeout (test.js:75:23)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 -- setTimeout --
-result (test.js:81:40)
-testSetTimeout (test.js:81:23)
+result (test.js:75:40)
+testSetTimeout (test.js:75:23)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Returned result {"result":{"type":"number","value":3,"description":"3"}}
 
 Testing async callstacks in JSPI with test function testDoubleNested
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:90:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:84:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:89:4)
+doPause (test.js:45:2)
+innerPause (test.js:83:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:92:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:86:5)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:91:4)
+doPause (test.js:45:2)
+innerPause (test.js:85:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Debugger paused on caught exception
-innerPause (test.js:93:4)
+innerPause (test.js:87:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:90:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:84:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
-    at async wrapperFunc (test.js:44:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
+    at async wrapperFunc (test.js:38:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:89:4)
+doPause (test.js:45:2)
+innerPause (test.js:83:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:92:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:86:5)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:91:4)
+doPause (test.js:45:2)
+innerPause (test.js:85:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Debugger paused on caught exception
-innerPause (test.js:93:4)
+innerPause (test.js:87:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:90:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:84:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
-    at async wrapperFunc (test.js:44:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
+    at async wrapperFunc (test.js:38:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:89:4)
+doPause (test.js:45:2)
+innerPause (test.js:83:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at innerPause (test.js:92:5)
+    at doPause (test.js:45:34)
+    at innerPause (test.js:86:5)
     at async js_func (test.js:25:12)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-innerPause (test.js:91:4)
+doPause (test.js:45:2)
+innerPause (test.js:85:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Debugger paused on caught exception
-innerPause (test.js:93:4)
+innerPause (test.js:87:4)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Returned result {"result":{"type":"number","value":3,"description":"3"}}
 
@@ -225,151 +225,151 @@ Returned result {"result":{"type":"number","value":3,"description":"3"}}
 Running test: testAsyncStackTracesWithSwitching
 Testing async callstacks in JSPI with stack switching
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at alsoSimple (test.js:58:5)
+    at doPause (test.js:45:34)
+    at alsoSimple (test.js:52:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x55)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x4e)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-alsoSimple (test.js:57:4)
+doPause (test.js:45:2)
+alsoSimple (test.js:51:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
-    at thread3 (test.js:69:18)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
+    at thread3 (test.js:63:18)
     at async Promise.all (index 2)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
-thread3 (test.js:68:17)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
+thread3 (test.js:62:17)
 -- await --
-testStackSwitching (test.js:71:58)
+testStackSwitching (test.js:65:58)
 (anonymous) (test_framework.js:0:0)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x5b)
-    at async wrapperFunc (test.js:44:12)
-    at async thread1 (test.js:62:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x52)
+    at async wrapperFunc (test.js:38:12)
+    at async thread1 (test.js:56:12)
     at async Promise.all (index 0)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at alsoSimple (test.js:58:5)
+    at doPause (test.js:45:34)
+    at alsoSimple (test.js:52:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x5b)
-    at async wrapperFunc (test.js:44:12)
-    at async thread2 (test.js:65:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x52)
+    at async wrapperFunc (test.js:38:12)
+    at async thread2 (test.js:59:12)
     at async Promise.all (index 1)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-alsoSimple (test.js:57:4)
+doPause (test.js:45:2)
+alsoSimple (test.js:51:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
-    at thread3 (test.js:69:39)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
+    at thread3 (test.js:63:39)
     at async Promise.all (index 2)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
-thread3 (test.js:68:38)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
+thread3 (test.js:62:38)
 -- await --
-testStackSwitching (test.js:71:58)
+testStackSwitching (test.js:65:58)
 (anonymous) (test_framework.js:0:0)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
-    at thread3 (test.js:69:60)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
+    at thread3 (test.js:63:60)
     at async Promise.all (index 2)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
-thread3 (test.js:68:59)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
+thread3 (test.js:62:59)
 -- await --
-testStackSwitching (test.js:71:58)
+testStackSwitching (test.js:65:58)
 (anonymous) (test_framework.js:0:0)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at testSimple (test.js:77:3)
+    at doPause (test.js:45:34)
+    at testSimple (test.js:71:3)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x61)
-    at async wrapperFunc (test.js:44:12)
-    at async thread1 (test.js:62:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x56)
+    at async wrapperFunc (test.js:38:12)
+    at async thread1 (test.js:56:12)
     at async Promise.all (index 0)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-testSimple (test.js:76:2)
+doPause (test.js:45:2)
+testSimple (test.js:70:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:97)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:86)
 
 console: Error location: Error
-    at doPause (test.js:51:34)
-    at alsoSimple (test.js:58:5)
+    at doPause (test.js:45:34)
+    at alsoSimple (test.js:52:5)
     at js_func (test.js:25:18)
-    at wrappedWasm (wasm://wasm/bbce4a62:wasm-function[1]:0x4c)
-    at threeTimes (wasm://wasm/bbce4a62:wasm-function[2]:0x61)
-    at async wrapperFunc (test.js:44:12)
-    at async thread2 (test.js:65:12)
+    at wrappedWasm (wasm://wasm/fac94cc6:wasm-function[1]:0x47)
+    at threeTimes (wasm://wasm/fac94cc6:wasm-function[2]:0x56)
+    at async wrapperFunc (test.js:38:12)
+    at async thread2 (test.js:59:12)
     at async Promise.all (index 1)
-    at async testStackSwitching (test.js:72:18)
+    at async testStackSwitching (test.js:66:18)
 
 Debugger paused on debugger statement
-doPause (test.js:51:2)
-alsoSimple (test.js:57:4)
+doPause (test.js:45:2)
+alsoSimple (test.js:51:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:97)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:86)
 
 Returned result {"result":{"type":"string","value":"3,6,3"}}
 
@@ -377,10 +377,10 @@ Returned result {"result":{"type":"string","value":"3,6,3"}}
 Running test: testCatchPrediction
 Testing catch prediction through JSPI throwing from testSyncThrow to testCatch
 Debugger paused on uncaught exception
-testSyncThrow (test.js:103:2)
+testSyncThrow (test.js:97:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 console: caught: fail
@@ -390,11 +390,11 @@ PREDICTION MISMATCH: predicted uncaught=true actual uncaught=false
 Testing catch prediction through JSPI throwing from testAsyncThrow to testCatch
 console: Suspending wrapperFunc
 Debugger paused on caught exception
-testAsyncThrow (test.js:108:2)
+testAsyncThrow (test.js:102:2)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: caught: fail
 Returned result {"result":{"type":"undefined"}}
@@ -402,20 +402,20 @@ Returned result {"result":{"type":"undefined"}}
 Testing catch prediction through JSPI throwing from testSyncThrowAfterResume to testCatch
 console: Suspending wrapperFunc
 Debugger paused on caught exception
-testSyncThrowAfterResume (test.js:116:4)
+testSyncThrowAfterResume (test.js:110:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 
 console: caught: fail
 Returned result {"result":{"type":"undefined"}}
 
 Testing catch prediction through JSPI throwing from testSyncThrow to testDontCatch
 Debugger paused on uncaught exception
-testSyncThrow (test.js:103:2)
+testSyncThrow (test.js:97:2)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 console: Suspending wrapperFunc
 Returned result {"result":{"type":"undefined"}}
@@ -424,11 +424,11 @@ Exception was not caught
 Testing catch prediction through JSPI throwing from testAsyncThrow to testDontCatch
 console: Suspending wrapperFunc
 Debugger paused on uncaught exception
-testAsyncThrow (test.js:108:2)
+testAsyncThrow (test.js:102:2)
 -- await --
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:85)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:78)
 
 Returned result {"result":{"type":"undefined"}}
 Exception was not caught
@@ -436,10 +436,10 @@ Exception was not caught
 Testing catch prediction through JSPI throwing from testSyncThrowAfterResume to testDontCatch
 console: Suspending wrapperFunc
 Debugger paused on uncaught exception
-testSyncThrowAfterResume (test.js:116:4)
+testSyncThrowAfterResume (test.js:110:4)
 js_func (test.js:24:17)
-$wrappedWasm (wasm://wasm/bbce4a62:0:76)
-$threeTimes (wasm://wasm/bbce4a62:0:91)
+$wrappedWasm (wasm://wasm/fac94cc6:0:71)
+$threeTimes (wasm://wasm/fac94cc6:0:82)
 
 Returned result {"result":{"type":"undefined"}}
 Exception was not caught
diff --git a/deps/v8/test/inspector/debugger/wasm-jspi-async-stack.js b/deps/v8/test/inspector/debugger/wasm-jspi-async-stack.js
index 04d5be285e5409..a4ab074483b80a 100644
--- a/deps/v8/test/inspector/debugger/wasm-jspi-async-stack.js
+++ b/deps/v8/test/inspector/debugger/wasm-jspi-async-stack.js
@@ -23,17 +23,11 @@ function instantiateWasm(bytes) {
   async function js_func(f) {
     return await f();
   };
-  const wasmjs_func = new WebAssembly.Function(
-      {parameters:['externref', 'externref'], results:['i32']},
-      js_func,
-      {suspending: 'first'});
+  const wasmjs_func = new WebAssembly.Suspending(js_func);
 
   const instance = new WebAssembly.Instance(
       module, {env: {wrapped: wasmjs_func}});
-  const wasmWrapperFunc = new WebAssembly.Function(
-      {parameters: ['externref'], results:['externref']},
-      instance.exports.threeTimes,
-      {promising: 'first'});
+  const wasmWrapperFunc = WebAssembly.promising(instance.exports.threeTimes);
 
   async function wrapperFunc(f) {
     // JS function that calls wasm should show up on the call stack.
@@ -138,33 +132,28 @@ const kSig_i_rr = makeSig([kWasmExternRef, kWasmExternRef], [kWasmI32]);
 
 const builder = new WasmModuleBuilder();
 
-// All functions take a suspender, the js async function to call, and
-// return int.
+// All functions take the js async function to call, and return int.
 
 // Add two functions that will be suspended by calling an async
 // JS function
 
-const wrapped_js = builder.addImport('env', 'wrapped', kSig_i_rr);
+const wrapped_js = builder.addImport('env', 'wrapped', kSig_i_r);
 const wrapped_wasm = builder.addFunction(
-    'wrappedWasm', kSig_i_rr, ['suspender', 'js_func'])
+    'wrappedWasm', kSig_i_r, ['js_func'])
     .addBody([
       // Load a parameter and call the import.
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, wrapped_js,
     ]);
 
-const main = builder.addFunction('threeTimes', kSig_i_rr)
+const main = builder.addFunction('threeTimes', kSig_i_r)
     .addBody([
       // Call function 'wrappedWasm' three times.
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, 1,
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, wrapped_wasm.index,
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, 1,
       kExprI32Add,
       kExprI32Add,
diff --git a/deps/v8/test/inspector/inspector-test.cc b/deps/v8/test/inspector/inspector-test.cc
index 26ee727cee09ba..fe5490560b9c1a 100644
--- a/deps/v8/test/inspector/inspector-test.cc
+++ b/deps/v8/test/inspector/inspector-test.cc
@@ -4,6 +4,7 @@
 
 #include <locale.h>
 
+#include <optional>
 #include <string>
 #include <vector>
 
@@ -384,7 +385,7 @@ class UtilsExtension : public InspectorIsolateData::SetupGlobalTask {
     int context_group_id = info[0].As<v8::Int32>()->Value();
     bool is_fully_trusted =
         info.Length() == 3 || info[3].As<v8::Boolean>()->Value();
-    base::Optional<int> session_id;
+    std::optional<int> session_id;
     RunSyncTask(backend_runner_,
                 [context_group_id, &session_id, &channel, &state,
                  is_fully_trusted](InspectorIsolateData* data) {
diff --git a/deps/v8/test/inspector/isolate-data.cc b/deps/v8/test/inspector/isolate-data.cc
index f7285b92d11a37..c5c8b53243f38c 100644
--- a/deps/v8/test/inspector/isolate-data.cc
+++ b/deps/v8/test/inspector/isolate-data.cc
@@ -4,6 +4,8 @@
 
 #include "test/inspector/isolate-data.h"
 
+#include <optional>
+
 #include "include/v8-context.h"
 #include "include/v8-exception.h"
 #include "include/v8-microtask-queue.h"
@@ -185,10 +187,10 @@ v8::MaybeLocal<v8::Module> InspectorIsolateData::ModuleResolveCallback(
   return maybe_module;
 }
 
-base::Optional<int> InspectorIsolateData::ConnectSession(
+std::optional<int> InspectorIsolateData::ConnectSession(
     int context_group_id, const v8_inspector::StringView& state,
     std::unique_ptr<FrontendChannelImpl> channel, bool is_fully_trusted) {
-  if (contexts_.find(context_group_id) == contexts_.end()) return base::nullopt;
+  if (contexts_.find(context_group_id) == contexts_.end()) return std::nullopt;
 
   v8::SealHandleScope seal_handle_scope(isolate());
   int session_id = ++last_session_id_;
diff --git a/deps/v8/test/inspector/isolate-data.h b/deps/v8/test/inspector/isolate-data.h
index 3d5bdd69d215a0..c8d667ad432e17 100644
--- a/deps/v8/test/inspector/isolate-data.h
+++ b/deps/v8/test/inspector/isolate-data.h
@@ -7,6 +7,7 @@
 
 #include <map>
 #include <memory>
+#include <optional>
 #include <set>
 
 #include "include/v8-array-buffer.h"
@@ -14,7 +15,6 @@
 #include "include/v8-local-handle.h"
 #include "include/v8-locker.h"
 #include "include/v8-script.h"
-#include "src/base/optional.h"
 
 namespace v8 {
 
@@ -65,7 +65,7 @@ class InspectorIsolateData : public v8_inspector::V8InspectorClient {
                       v8::ScriptCompiler::Source* source);
 
   // Working with V8Inspector api.
-  base::Optional<int> ConnectSession(
+  std::optional<int> ConnectSession(
       int context_group_id, const v8_inspector::StringView& state,
       std::unique_ptr<FrontendChannelImpl> channel, bool is_fully_trusted);
   std::vector<uint8_t> DisconnectSession(int session_id,
@@ -162,7 +162,7 @@ class InspectorIsolateData : public v8_inspector::V8InspectorClient {
   std::unique_ptr<v8::Isolate, IsolateDeleter> isolate_;
   // The locker_ field has to come after isolate_ because the locker has to
   // outlive the isolate.
-  base::Optional<v8::Locker> locker_;
+  std::optional<v8::Locker> locker_;
   std::unique_ptr<v8_inspector::V8Inspector> inspector_;
   int last_context_group_id_ = 0;
   std::map<int, std::vector<v8::Global<v8::Context>>> contexts_;
diff --git a/deps/v8/test/message/message.status b/deps/v8/test/message/message.status
index 70a3632631f186..192ad623efb16d 100644
--- a/deps/v8/test/message/message.status
+++ b/deps/v8/test/message/message.status
@@ -70,13 +70,32 @@
 
 ##############################################################################
 # TODO(v8:7777): Change this once wasm is supported in jitless mode.
-['not has_webassembly or variant == jitless', {
+['not has_webassembly or (variant == jitless and not has_wasm_interpreter)', {
   'mjsunit/fail/assert-promise-result-wasm-compile-fail': [SKIP],
   'mjsunit/fail/assert-in-promise-fail-recursive': [FAIL],
   'fail/wasm-*': [SKIP],
   'wasm-*': [SKIP],
   'asm-*': [SKIP],
-}],  # not has_webassembly or variant == jitless
+}],  # not has_webassembly or (variant == jitless and not has_wasm_interpreter)
+
+##############################################################################
+['has_wasm_interpreter and variant == jitless', {
+  # Skip tests that require Wasm experimental features not supported by the
+  # Wasm interpreter, or that explicitly require compilation.
+
+  # Tests that require compilation
+  'fail/wasm-async-compile-fail': [SKIP],
+  'wasm-speculative-inlining': [SKIP],
+  'wasm-trace-turbofan': [SKIP],
+
+  # --trace-wasm-memory
+  'wasm-trace-memory64': [SKIP],
+  'wasm-trace-memory': [SKIP], # also --experimental-wasm-memory64
+
+  # Different error message
+  'fail/wasm-async-instantiate-fail': [SKIP],
+
+}],  # has_webassembly and variant == jitless
 
 ################################################################################
 ['variant == stress_snapshot', {
diff --git a/deps/v8/test/message/wasm-trace-deopt-32.out b/deps/v8/test/message/wasm-trace-deopt-32.out
index c8c6e3fd3b2c04..7889a15da7ce80 100644
--- a/deps/v8/test/message/wasm-trace-deopt-32.out
+++ b/deps/v8/test/message/wasm-trace-deopt-32.out
@@ -13,7 +13,7 @@
      10: 2 ; *(int32)*
      11: 3 ; *(int32)*
      12: {ADDRESS} ; * {ADDRESS} <Other heap object (WASM_FUNC_REF_TYPE)>
-  Liftoff stack & register state for function index 2
+  Liftoff stack & register state for function index 2, frame size {NUMBER}, total frame size {NUMBER}
      0: i32:*
      1: i32:*
      2: ref:*
diff --git a/deps/v8/test/message/wasm-trace-deopt-64.out b/deps/v8/test/message/wasm-trace-deopt-64.out
index 4c690dfcd4f7be..28e677a4c4e613 100644
--- a/deps/v8/test/message/wasm-trace-deopt-64.out
+++ b/deps/v8/test/message/wasm-trace-deopt-64.out
@@ -12,7 +12,7 @@
       9: 2 ; * (int32)
      10: 3 ; * (int32)
      11: {ADDRESS} ; * {ADDRESS} <Other heap object (WASM_FUNC_REF_TYPE)>
-  Liftoff stack & register state for function index 2
+  Liftoff stack & register state for function index 2, frame size {NUMBER}, total frame size {NUMBER}
      0: i32:*
      1: i32:*
      2: ref:*
diff --git a/deps/v8/test/mjsunit/baseline/flush-baseline-code.js b/deps/v8/test/mjsunit/baseline/flush-baseline-code.js
index db939682a6e946..081a37bcaf570e 100644
--- a/deps/v8/test/mjsunit/baseline/flush-baseline-code.js
+++ b/deps/v8/test/mjsunit/baseline/flush-baseline-code.js
@@ -24,20 +24,32 @@ function f() {
   return x.b + 10;
 }
 
-// Test bytecode gets flushed
-f();
-assertTrue(HasByteCode(f));
-gc();
-assertFalse(HasByteCode(f));
-
-// Test baseline code and bytecode gets flushed
-for (i = 1; i < 50; i++) {
+(async function () {
+  // Test bytecode gets flushed
   f();
-}
-assertTrue(HasBaselineCode(f));
-gc();
-assertFalse(HasBaselineCode(f));
-assertFalse(HasByteCode(f));
+  assertTrue(HasByteCode(f));
+  // We need to invoke GC asynchronously and wait for it to finish, so that
+  // it doesn't need to scan the stack. Otherwise, some objects may not be
+  // reclaimed because of conservative stack scanning and the test may not
+  // work as intended.
+  await gc({ type: 'major', execution: 'async' });
+  assertFalse(HasByteCode(f))
+})();
+
+(async function () {
+  // Test baseline code and bytecode gets flushed
+  for (i = 1; i < 50; i++) {
+    f();
+  }
+  assertTrue(HasBaselineCode(f));
+  // We need to invoke GC asynchronously and wait for it to finish, so that
+  // it doesn't need to scan the stack. Otherwise, some objects may not be
+  // reclaimed because of conservative stack scanning and the test may not
+  // work as intended.
+  await gc({ type: 'major', execution: 'async' });
+  assertFalse(HasBaselineCode(f));
+  assertFalse(HasByteCode(f));
+})();
 
 // Check bytecode isn't flushed if it's held strongly from somewhere but
 // baseline code is flushed.
@@ -48,6 +60,8 @@ function f1(should_recurse) {
       f1(false);
     }
     assertTrue(HasBaselineCode(f1));
+    // Here we are not checking whether some object was indeed reclaimed,
+    // so should not worry if conservative stack scanning is performed.
     gc();
     // TODO(jgruber, v8:12161): No longer true since we now always tier up to
     // available Sparkplug code as early as possible. By the time we reach this
@@ -59,15 +73,21 @@ function f1(should_recurse) {
   return x.b + 10;
 }
 
-f1(false);
-// Recurse first time so we have bytecode array on the stack that keeps
-// bytecode alive.
-f1(true);
+(async function () {
+  f1(false);
+  // Recurse first time so we have bytecode array on the stack that keeps
+  // bytecode alive.
+  f1(true);
 
-// Flush bytecode
-gc();
-assertFalse(HasBaselineCode(f1));
-assertFalse(HasByteCode(f1));
+  // Flush bytecode.
+  // We need to invoke GC asynchronously and wait for it to finish, so that
+  // it doesn't need to scan the stack. Otherwise, some objects may not be
+  // reclaimed because of conservative stack scanning and the test may not
+  // work as intended.
+  await gc({ type: 'major', execution: 'async' });
+  assertFalse(HasBaselineCode(f1));
+  assertFalse(HasByteCode(f1));
+})();
 
 // Check baseline code and bytecode aren't flushed if baseline code is on
 // stack.
@@ -75,15 +95,19 @@ function f2(should_recurse) {
   if (should_recurse) {
     assertTrue(HasBaselineCode(f2));
     f2(false);
+    // Here we are not checking whether some object was indeed reclaimed,
+    // so should not worry if conservative stack scanning is performed.
     gc();
     assertTrue(HasBaselineCode(f2));
   }
   return x.b + 10;
 }
 
-for (i = 1; i < 50; i++) {
-  f2(false);
-}
-assertTrue(HasBaselineCode(f2));
-// Recurse with baseline code on stack
-f2(true);
+(async function () {
+  for (i = 1; i < 50; i++) {
+    f2(false);
+  }
+  assertTrue(HasBaselineCode(f2));
+  // Recurse with baseline code on stack
+  f2(true);
+})();
diff --git a/deps/v8/test/mjsunit/baseline/flush-only-baseline-code.js b/deps/v8/test/mjsunit/baseline/flush-only-baseline-code.js
index 53cb059ce7eb69..303daf4b7a9add 100644
--- a/deps/v8/test/mjsunit/baseline/flush-only-baseline-code.js
+++ b/deps/v8/test/mjsunit/baseline/flush-only-baseline-code.js
@@ -24,36 +24,52 @@ function f() {
   return x.b + 10;
 }
 
-// Test bytecode gets flushed
-f();
-assertTrue(HasByteCode(f));
-gc();
-assertTrue(HasByteCode(f));
-
-// Test baseline code gets flushed but not bytecode.
-for (i = 1; i < 50; i++) {
+(async function () {
+  // Test bytecode gets flushed
   f();
-}
-assertTrue(HasBaselineCode(f));
-gc();
-assertFalse(HasBaselineCode(f));
-assertTrue(HasByteCode(f));
-
-// Check baseline code and bytecode aren't flushed if baseline code is on
-// stack.
-function f2(should_recurse) {
-  if (should_recurse) {
-    assertTrue(HasBaselineCode(f2));
-    f2(false);
-    gc();
-    assertTrue(HasBaselineCode(f2));
+  assertTrue(HasByteCode(f));
+  // We need to invoke GC asynchronously and wait for it to finish, so that
+  // it doesn't need to scan the stack. Otherwise, some objects may not be
+  // reclaimed because of conservative stack scanning and the test may not
+  // work as intended.
+  await gc({ type: 'major', execution: 'async' });
+  assertTrue(HasByteCode(f));
+})();
+
+(async function () {
+  // Test baseline code gets flushed but not bytecode.
+  for (i = 1; i < 50; i++) {
+    f();
   }
-  return x.b + 10;
-}
+  assertTrue(HasBaselineCode(f));
+  // We need to invoke GC asynchronously and wait for it to finish, so that
+  // it doesn't need to scan the stack. Otherwise, some objects may not be
+  // reclaimed because of conservative stack scanning and the test may not
+  // work as intended.
+  await gc({ type: 'major', execution: 'async' });
+  assertFalse(HasBaselineCode(f));
+  assertTrue(HasByteCode(f));
+})();
 
-for (i = 1; i < 50; i++) {
-  f2(false);
-}
-assertTrue(HasBaselineCode(f2));
-// Recurse with baseline code on stack
-f2(true);
+(async function () {
+  // Check baseline code and bytecode aren't flushed if baseline code is on
+  // stack.
+  function f2(should_recurse) {
+    if (should_recurse) {
+      assertTrue(HasBaselineCode(f2));
+      f2(false);
+      // Here we are not checking whether some object was indeed reclaimed,
+      // so should not worry if conservative stack scanning is performed.
+      gc();
+      assertTrue(HasBaselineCode(f2));
+    }
+    return x.b + 10;
+  }
+
+  for (i = 1; i < 50; i++) {
+    f2(false);
+  }
+  assertTrue(HasBaselineCode(f2));
+  // Recurse with baseline code on stack
+  f2(true);
+})();
diff --git a/deps/v8/test/mjsunit/comparison-throws-feedback.js b/deps/v8/test/mjsunit/comparison-throws-feedback.js
new file mode 100644
index 00000000000000..5a4787a07fbf47
--- /dev/null
+++ b/deps/v8/test/mjsunit/comparison-throws-feedback.js
@@ -0,0 +1,36 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turbofan --no-always-turbofan
+
+function testThrowsNoDeopt(fn) {
+  %PrepareFunctionForOptimization(fn);
+  for (let i = 0; i < 5; i++) assertThrows(fn, TypeError);
+  %OptimizeFunctionOnNextCall(fn);
+  assertThrows(fn, TypeError);
+  // Assert that the function is still optimized, i.e. no deopt happened when
+  // calling it.
+  assertOptimized(fn);
+}
+
+function testNoDeopt(fn, expected) {
+  %PrepareFunctionForOptimization(fn);
+  for (let i = 0; i < 5; i++) fn();
+  %OptimizeFunctionOnNextCall(fn);
+  assertEquals(expected, fn());
+  assertOptimized(fn);
+}
+
+let symbol = Symbol("test");
+testThrowsNoDeopt(() => 2 < symbol);
+testThrowsNoDeopt(() => 2 > symbol);
+testThrowsNoDeopt(() => 2 <= symbol);
+testThrowsNoDeopt(() => 2 >= symbol);
+testNoDeopt(() => 2 == symbol, false);
+let invalidValueOf = {valueOf: () => +2n};
+testThrowsNoDeopt(() => 2 < invalidValueOf);
+testThrowsNoDeopt(() => 2 > invalidValueOf);
+testThrowsNoDeopt(() => 2 <= invalidValueOf);
+testThrowsNoDeopt(() => 2 >= invalidValueOf);
+testThrowsNoDeopt(() => 2 == invalidValueOf);
diff --git a/deps/v8/test/mjsunit/compiler/dataview-get.js b/deps/v8/test/mjsunit/compiler/dataview-get.js
index 33e2ff14182741..0bd3490eda2a35 100644
--- a/deps/v8/test/mjsunit/compiler/dataview-get.js
+++ b/deps/v8/test/mjsunit/compiler/dataview-get.js
@@ -53,6 +53,22 @@ function readFloat64(offset, little_endian) {
   return dataview.getFloat64(offset, little_endian);
 }
 
+function readBigInt64Handled(offset, little_endian) {
+  try {
+    return dataview.getBigInt64(offset, little_endian);
+  } catch (e) {
+    return e;
+  }
+}
+
+function readBigUint64Handled(offset, little_endian) {
+  try {
+    return dataview.getBigUint64(offset, little_endian);
+  } catch(e) {
+    return e;
+  }
+}
+
 function warmup(f) {
   %PrepareFunctionForOptimization(f);
   f(0);
@@ -132,6 +148,24 @@ assertEquals(b4, readFloat64(16));
 dataview.setFloat64(16, b4, true);
 assertEquals(b4, readFloat64(16, true));
 
+// TurboFan valid getBigInt64.
+let b5 = -0x12345678912345n;
+dataview.setBigInt64(16, b5);
+warmup(readBigInt64Handled);
+assertOptimized(readBigInt64Handled);
+assertEquals(b5, readBigInt64Handled(16));
+dataview.setBigInt64(16, b5, true);
+assertEquals(b5, readBigInt64Handled(16, true));
+
+// TurboFan valid getBigUint64.
+let b6 = 0x12345678912345n;
+dataview.setBigUint64(16, b6);
+warmup(readBigUint64Handled);
+assertOptimized(readBigUint64Handled);
+assertEquals(b6, readBigUint64Handled(16));
+dataview.setBigUint64(16, b6, true);
+assertEquals(b6, readBigUint64Handled(16, true));
+
 // TurboFan out of bounds reads deopt.
 assertOptimized(readInt8Handled);
 assertInstanceof(readInt8Handled(24), RangeError);
diff --git a/deps/v8/test/mjsunit/compiler/dataview-set.js b/deps/v8/test/mjsunit/compiler/dataview-set.js
index 4ef6d9a583c9f5..a207e0ea7f7c98 100644
--- a/deps/v8/test/mjsunit/compiler/dataview-set.js
+++ b/deps/v8/test/mjsunit/compiler/dataview-set.js
@@ -43,13 +43,21 @@ function writeFloat64(offset, value, little_endian) {
   dataview.setFloat64(offset, value, little_endian);
 }
 
-function warmup(f) {
+function writeBigInt64(offset, value, little_endian) {
+  dataview.setBigInt64(offset, value, little_endian);
+}
+
+function writeBigUint64(offset, value, little_endian) {
+  dataview.setBigUint64(offset, value, little_endian);
+}
+
+function warmup(f, v = 0) {
   %PrepareFunctionForOptimization(f);
-  f(0, 0);
-  f(0, 1);
+  f(0, v++);
+  f(0, v++);
   %OptimizeFunctionOnNextCall(f);
-  f(0, 2);
-  f(0, 3);
+  f(0, v++);
+  f(0, v++);
 }
 
 // TurboFan valid setUint8.
@@ -118,6 +126,22 @@ assertEquals(b4, dataview.getFloat64(8));
 writeFloat64(8, b4, true);
 assertEquals(b4, dataview.getFloat64(8, true));
 
+// TurboFan valid setBigInt64.
+warmup(writeBigInt64, 0n);
+assertOptimized(writeBigInt64);
+writeBigInt64(0, -2401053088876216593n);
+assertEquals(0xdeadbeefdeadbeefn, dataview.getBigUint64(0));
+writeBigInt64(0, -1171307680053154338n, true);
+assertEquals(0xdeadbeefdeadbeefn, dataview.getBigUint64(0));
+
+// TurboFan valid setBigUint64.
+warmup(writeBigUint64, 0n);
+assertOptimized(writeBigUint64);
+writeBigUint64(0, 0xdeadbeefdeadbeefn);
+assertEquals(0xdeadbeefdeadbeefn, dataview.getBigUint64(0));
+writeBigUint64(0, 0xdeadbeefdeadbeefn, true);
+assertEquals(0xdeadbeefdeadbeefn, dataview.getBigUint64(0, true));
+
 // TurboFan out of bounds read, deopt.
 assertOptimized(writeInt8Handled);
 assertInstanceof(writeInt8Handled(24, 0), RangeError);
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-annotations.js b/deps/v8/test/mjsunit/compiler/fast-api-annotations.js
index d58dd258dd6630..1427d8c7692822 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-annotations.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-annotations.js
@@ -11,6 +11,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 const fast_c_api = new d8.test.FastCAPI();
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-64-bit-integer-values.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-64-bit-integer-values.js
index 71de05de8ea9b4..9e37d377ec5f90 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-64-bit-integer-values.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-64-bit-integer-values.js
@@ -12,6 +12,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 const fast_c_api = new d8.test.FastCAPI();
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-8args.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-8args.js
index 30fc49cf96ee02..3ae0661137c6d6 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-8args.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-8args.js
@@ -13,6 +13,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 const add_all_32bit_int_arg1 = -42;
 const add_all_32bit_int_arg2 = 45;
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-pointer.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-pointer.js
index 8a1da1d91b27bd..c15af89fc6a19a 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-pointer.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-pointer.js
@@ -12,6 +12,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 assertThrows(() => d8.test.FastCAPI());
 const fast_c_api = new d8.test.FastCAPI();
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-string.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-string.js
index 0f78f4c1e5a92a..9aa183b5e414d0 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-string.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-string.js
@@ -11,6 +11,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 assertThrows(() => d8.test.FastCAPI());
 const fast_c_api = new d8.test.FastCAPI();
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-throw.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-throw.js
index 07e100c003372c..a40698c667c7e6 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-throw.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-throw.js
@@ -14,6 +14,7 @@
 // --wasm-lazy-compilation is needed so that wellknown imports work in the
 // absence of dynamic tiering.
 // Flags: --wasm-lazy-compilation
+// Flags: --fast-api-allow-float-in-sim
 
 load('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls-wasm.js b/deps/v8/test/mjsunit/compiler/fast-api-calls-wasm.js
index fff28328f1c7e3..e15daad37045a9 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls-wasm.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls-wasm.js
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 // Flags: --turbo-fast-api-calls --expose-fast-api
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-calls.js b/deps/v8/test/mjsunit/compiler/fast-api-calls.js
index 06e159010c9940..441e7557812634 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-calls.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-calls.js
@@ -12,6 +12,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 assertThrows(() => d8.test.FastCAPI());
 const fast_c_api = new d8.test.FastCAPI();
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-clamp-annotations.js b/deps/v8/test/mjsunit/compiler/fast-api-clamp-annotations.js
index ee766d3dd94944..2d3370e0d00794 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-clamp-annotations.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-clamp-annotations.js
@@ -12,6 +12,7 @@
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
 // Flags: --enable-sse4-1 --enable-sse4-2
+// Flags: --fast-api-allow-float-in-sim
 
 const fast_c_api = new d8.test.FastCAPI();
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-interface-types.js b/deps/v8/test/mjsunit/compiler/fast-api-interface-types.js
index d4b991f1e699cc..426310e64dd5be 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-interface-types.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-interface-types.js
@@ -7,6 +7,7 @@
 // Flags: --turbo-fast-api-calls --expose-fast-api --allow-natives-syntax --turbofan
 // Flags: --no-always-turbofan
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 const fast_c_api = new d8.test.FastCAPI();
 // We create another API object to avoid migrating the map of fast_c_api
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-sequences-x64.js b/deps/v8/test/mjsunit/compiler/fast-api-sequences-x64.js
index 86f12ba05fff5f..558a35cb0abf73 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-sequences-x64.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-sequences-x64.js
@@ -11,6 +11,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/compiler/fast-api-helpers.js');
 
diff --git a/deps/v8/test/mjsunit/compiler/fast-api-sequences.js b/deps/v8/test/mjsunit/compiler/fast-api-sequences.js
index 3d583170f8cb07..4318f60fc70f0a 100644
--- a/deps/v8/test/mjsunit/compiler/fast-api-sequences.js
+++ b/deps/v8/test/mjsunit/compiler/fast-api-sequences.js
@@ -11,6 +11,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/compiler/fast-api-helpers.js');
 
diff --git a/deps/v8/test/mjsunit/compiler/regress-359729268.js b/deps/v8/test/mjsunit/compiler/regress-359729268.js
new file mode 100644
index 00000000000000..a216389f8bcc88
--- /dev/null
+++ b/deps/v8/test/mjsunit/compiler/regress-359729268.js
@@ -0,0 +1,21 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --always-turbofan
+
+let nop = function () { };
+function func(args) {
+  var bar = 0;
+  for (var arg in args) {
+    try {
+      for (var i = 0; i < 2; i++) {
+        nop();
+        bar += i[arg];
+      }
+    } catch (e) { }
+  }
+}
+%PrepareFunctionForOptimization(func);
+%OptimizeFunctionOnNextCall(func);
+func({x: 20, y: 11});
diff --git a/deps/v8/test/mjsunit/harmony/await-using-count-ticks.js b/deps/v8/test/mjsunit/harmony/await-using-count-ticks.js
new file mode 100644
index 00000000000000..2f3b45cea7469b
--- /dev/null
+++ b/deps/v8/test/mjsunit/harmony/await-using-count-ticks.js
@@ -0,0 +1,37 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --js-explicit-resource-management
+
+let values = [];
+
+(async () => {
+  for (let i = 0; i < 10; ++i) {
+    values.push(i);
+    await 0;
+  }
+})();
+
+async function TestCountTicks() {
+  await using x = {
+    value: 1,
+    [Symbol.asyncDispose]() {
+      values.push(42);
+    }
+  };
+  await using y = {
+    value: 1,
+    [Symbol.asyncDispose]() {
+      values.push(43);
+    }
+  };
+  values.push(44);
+}
+
+async function RunTest() {
+  await TestCountTicks();
+  assertSame('0,44,43,1,42,2,3', values.join(','));
+}
+
+RunTest();
diff --git a/deps/v8/test/mjsunit/harmony/modules-import-16.mjs b/deps/v8/test/mjsunit/harmony/modules-import-16.mjs
index 92f87632604f80..cf1ed9723c04cf 100644
--- a/deps/v8/test/mjsunit/harmony/modules-import-16.mjs
+++ b/deps/v8/test/mjsunit/harmony/modules-import-16.mjs
@@ -8,7 +8,7 @@ globalThis.ran = false;
 globalThis.x = undefined;
 
 let body = "import('modules-skip-1.mjs').then(ns => { x = ns.life();" +
-    " ran = true;} ).catch(err => %AbortJS(err))"
+    " ran = true;} ).catch(err => %AbortJS(err.toString()))"
 let func = new Function(body);
 func();
 
@@ -18,7 +18,7 @@ assertTrue(globalThis.ran);
 
 globalThis.ran = false;
 body = "import('modules-skip-1.mjs').then(ns => { x = ns.life();" +
-    " ran = true;} ).catch(err => %AbortJS(err))"
+    " ran = true;} ).catch(err => %AbortJS(err.toString()))"
 eval("var func = new Function(body); func();");
 
 %PerformMicrotaskCheckpoint();
@@ -27,7 +27,7 @@ assertTrue(globalThis.ran);
 
 globalThis.ran = false;
 body = "eval(import('modules-skip-1.mjs').then(ns => { x = ns.life();" +
-    " ran = true;} ).catch(err => %AbortJS(err)))"
+    " ran = true;} ).catch(err => %AbortJS(err.toString())))"
 func = new Function(body);
 func();
 
diff --git a/deps/v8/test/mjsunit/harmony/shadowrealm-skip-2-throw.mjs b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-2-throw.mjs
index d036f712cbabe6..ef576fcb90daf0 100644
--- a/deps/v8/test/mjsunit/harmony/shadowrealm-skip-2-throw.mjs
+++ b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-2-throw.mjs
@@ -1,2 +1,6 @@
 export const foo = 'bar';
-throw new Error('foobar');
+
+function myFunc() {
+  throw new Error('foobar');
+}
+myFunc();
diff --git a/deps/v8/test/mjsunit/harmony/shadowrealm-skip-3-throw-object.mjs b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-3-throw-object.mjs
index cc6c3fdd730ed0..79a216cc5ddcfc 100644
--- a/deps/v8/test/mjsunit/harmony/shadowrealm-skip-3-throw-object.mjs
+++ b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-3-throw-object.mjs
@@ -1,2 +1,6 @@
 export const foo = 'bar';
-throw { message: 'foobar' };
+
+function myFunc() {
+  throw { message: 'foobar' };
+}
+myFunc();
diff --git a/deps/v8/test/mjsunit/harmony/shadowrealm-skip-4-throw-string.mjs b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-4-throw-string.mjs
new file mode 100644
index 00000000000000..b326c838f21480
--- /dev/null
+++ b/deps/v8/test/mjsunit/harmony/shadowrealm-skip-4-throw-string.mjs
@@ -0,0 +1,6 @@
+export const foo = 'bar';
+
+function myFunc() {
+  throw 'foobar';
+}
+myFunc();
diff --git a/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-copy.js b/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-copy.js
new file mode 100644
index 00000000000000..9800c97b3e9585
--- /dev/null
+++ b/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-copy.js
@@ -0,0 +1,102 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --harmony-shadow-realm
+
+// Utility function for testing that the expected strings occur
+// in the stack trace produced when running the given function.
+function assertTrace(name, e, expected, unexpected) {
+  for (var i = 0; i < expected.length; i++) {
+    assertTrue(e.stack.indexOf(expected[i]) !== -1,
+               name + " doesn't contain expected[" + i + "] stack = " + e.stack);
+  }
+  if (unexpected) {
+    for (var i = 0; i < unexpected.length; i++) {
+      assertEquals(e.stack.indexOf(unexpected[i]), -1,
+                   name + " contains unexpected[" + i + "]");
+    }
+  }
+}
+
+function testTrace(name, fun, expected, unexpected) {
+  var threw = false;
+  try {
+    fun();
+  } catch (e) {
+    assertTrace(name, e, expected, unexpected);
+    threw = true;
+  }
+  assertTrue(threw, name + " didn't throw");
+}
+
+function promiseTestTrace(name, fun, expected, unexpected) {
+  var p = fun();
+  assertPromiseResult(p.then(() => {
+    assertUnreachable(name + " didn't throw");
+  }, (e) => {
+    assertTrace(name, e, expected, unexpected);
+  }));
+}
+
+var shadowRealm = new ShadowRealm();
+
+testTrace('ShadowRealm evaluate throw error', () => shadowRealm.evaluate(`
+throw new Error('foo');
+`), [
+  "Error: foo",
+  "at eval",
+  "at ShadowRealm.evaluate",
+]);
+
+testTrace('ShadowRealm evaluate throw string', () => shadowRealm.evaluate(`
+throw 'foo';
+`), [
+  // No inner stack trace, only the stacktrace at the realm boundary.
+  "TypeError: ShadowRealm evaluate threw (foo)",
+  "at ShadowRealm.evaluate",
+], [
+  // No inner stack trace.
+  "at eval",
+]);
+
+testTrace('ShadowRealm evaluate throw string', () => {
+  var wrappedFunction = shadowRealm.evaluate(`
+function myFunc() {
+  throw new Error('foo');
+}
+myFunc;
+`);
+  wrappedFunction();
+}, [
+  "Error: foo",
+  "at myFunc",
+]);
+
+promiseTestTrace(
+  'ShadowRealm importValue throw error',
+  () => shadowRealm.importValue('./shadowrealm-skip-2-throw.mjs', 'foo'),
+  [
+    "Error: foobar",
+    "at myFunc",
+  ]);
+
+promiseTestTrace(
+  'ShadowRealm importValue throw object',
+  () => shadowRealm.importValue('./shadowrealm-skip-3-throw-object.mjs', 'foo'),
+  [
+    "TypeError: Cannot import in ShadowRealm ([object Object])",
+  ], [
+    // No inner stack trace.
+    "at myFunc",
+  ]);
+
+promiseTestTrace(
+  'ShadowRealm importValue throw string',
+  () => shadowRealm.importValue('./shadowrealm-skip-4-throw-string.mjs', 'foo'),
+  [
+    "TypeError: Cannot import in ShadowRealm (foobar)",
+  ], [
+    // No inner stack trace.
+    "at myFunc",
+  ]);
diff --git a/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-prepare-stack-trace.js b/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-prepare-stack-trace.js
new file mode 100644
index 00000000000000..9a91eeda138cd8
--- /dev/null
+++ b/deps/v8/test/mjsunit/harmony/shadowrealm-type-error-prepare-stack-trace.js
@@ -0,0 +1,181 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --harmony-shadow-realm
+
+// Utility function for testing that the expected strings occur
+// in the stack trace produced when running the given function.
+function assertTrace(name, e, expected, unexpected) {
+  for (var i = 0; i < expected.length; i++) {
+    assertTrue(e.stack.indexOf(expected[i]) !== -1,
+               name + " doesn't contain expected[" + i + "] stack = " + e.stack);
+  }
+  if (unexpected) {
+    for (var i = 0; i < unexpected.length; i++) {
+      assertEquals(e.stack.indexOf(unexpected[i]), -1,
+                   name + " contains unexpected[" + i + "]");
+    }
+  }
+}
+
+function testTrace(name, fun, expected, unexpected) {
+  var threw = false;
+  try {
+    fun();
+  } catch (e) {
+    assertTrace(name, e, expected, unexpected);
+    threw = true;
+  }
+  assertTrue(threw, name + " didn't throw");
+}
+
+function promiseTestTrace(name, fun, expected, unexpected) {
+  var p = fun();
+  return assertPromiseResult(p.then(() => {
+    assertUnreachable(name + " didn't throw");
+  }, (e) => {
+    assertTrace(name, e, expected, unexpected);
+  }));
+}
+
+var shadowRealm = new ShadowRealm();
+Error.prepareStackTrace = (error) => {
+  assertTrue(error instanceof globalThis.Error);
+  return error.message + ' (outside realm)';
+}
+
+{
+  let shadowRealm = new ShadowRealm();
+  shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    globalThis.notRealmErrorCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      if (!(error instanceof Error)) {
+        globalThis.notRealmErrorCount++;
+      }
+      return error.message + ' (shadow realm)';
+    }
+  `);
+  testTrace('ShadowRealm prepareStackTrace parameters', () => shadowRealm.evaluate(`
+    throw new Error('foo');
+  `), [
+    "foo (shadow realm)",
+  ]);
+  assertEquals(1, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+  assertEquals(0, shadowRealm.evaluate(`globalThis.notRealmErrorCount`));
+}
+
+{
+  let shadowRealm = new ShadowRealm();
+  shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      return error.message + ' (shadow realm)';
+    }
+  `);
+  testTrace('ShadowRealm error with initialized stack property', () => shadowRealm.evaluate(`
+    const error = new Error('foo');
+    // Initialize the stack property.
+    error.stack;
+    throw error;
+  `), [
+    "foo (shadow realm)",
+  ]);
+  assertEquals(1, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+}
+
+{
+  let shadowRealm = new ShadowRealm();
+  shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      return error.message + ' (shadow realm)';
+    }
+  `);
+  testTrace('ShadowRealm error with string stack property', () => shadowRealm.evaluate(`
+    const error = new Error('foo');
+    error.stack = 'bar';
+    throw error;
+  `), [
+    "bar",
+  ]);
+  assertEquals(0, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+}
+
+{
+  let shadowRealm = new ShadowRealm();
+  testTrace('ShadowRealm prepareStackTrace return arbitrary objects', () => shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      return { arbitrary: 'object' };
+    }
+
+    throw new Error('foo');
+  `), [
+    "Error stack is not a string in ShadowRealm ([object Object]) (outside realm)",
+  ]);
+  assertEquals(1, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+}
+
+testTrace('ShadowRealm prepareStackTrace throws', () => new ShadowRealm().evaluate(`
+  Error.prepareStackTrace = (error) => {
+    throw 'malformed prepare stack trace';
+  }
+
+  throw new Error('foo');
+`), [
+  "Error stack getter threw in ShadowRealm (malformed prepare stack trace) (outside realm)",
+]);
+
+testTrace('ShadowRealm evaluate throw string', () => new ShadowRealm().evaluate(`
+  throw 'foo';
+`), [
+  // No inner stack trace, only the stacktrace at the realm boundary.
+  "ShadowRealm evaluate threw (foo) (outside realm)",
+]);
+
+{
+  let shadowRealm = new ShadowRealm();
+  shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      return error.message + ' (shadow realm)';
+    }
+  `);
+  let fn = shadowRealm.evaluate(`
+    function myFunc() {
+      throw new Error('foo');
+    }
+    myFunc;
+  `);
+  testTrace('WrappedFunction error stack', () => fn(), [
+    "foo (shadow realm)",
+  ]);
+  assertEquals(1, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+}
+
+{
+  let shadowRealm = new ShadowRealm();
+  shadowRealm.evaluate(`
+    globalThis.prepareStackTraceCount = 0;
+    Error.prepareStackTrace = (error) => {
+      globalThis.prepareStackTraceCount++;
+      return error.message + ' (shadow realm)';
+    }
+  `);
+  promiseTestTrace(
+    'ShadowRealm importValue error stack',
+    () => shadowRealm.importValue('./shadowrealm-skip-2-throw.mjs', 'foo')
+      .finally(() => {
+        assertEquals(1, shadowRealm.evaluate(`globalThis.prepareStackTraceCount`));
+      }),
+    [
+      "foobar (shadow realm)",
+    ]);
+}
diff --git a/deps/v8/test/mjsunit/harmony/suppressed-error.js b/deps/v8/test/mjsunit/harmony/suppressed-error.js
index e290e9d18fd063..def863d72aefdb 100644
--- a/deps/v8/test/mjsunit/harmony/suppressed-error.js
+++ b/deps/v8/test/mjsunit/harmony/suppressed-error.js
@@ -5,10 +5,22 @@
 // Flags: --js-explicit-resource-management
 
 (function TestSuppressedErrorAllParameters() {
-    const firstError = new Error('First error');
-    const secondrror = new Error('Second error');
-    let suppressedError = new SuppressedError(secondrror, firstError, "Test error");
-    assertEquals(secondrror, suppressedError.error);
-    assertEquals(firstError, suppressedError.suppressed);
-    assertEquals("Test error", suppressedError.message);
+  const firstError = new Error('First error');
+  const secondError = new Error('Second error');
+  let suppressedError =
+      new SuppressedError(secondError, firstError, 'Test error');
+  assertEquals(secondError, suppressedError.error);
+  assertEquals(firstError, suppressedError.suppressed);
+  assertEquals('Test error', suppressedError.message);
+})();
+
+(function TestSuppressedErrorNewTarget() {
+  class MySuppressedError extends SuppressedError {};
+  const firstError = new Error('First error');
+  const secondError = new Error('Second error');
+  let suppressedError =
+      new MySuppressedError(secondError, firstError, 'Test error');
+  assertEquals(secondError, suppressedError.error);
+  assertEquals(firstError, suppressedError.suppressed);
+  assertEquals("Test error", suppressedError.message);
 })();
diff --git a/deps/v8/test/mjsunit/maglev/api-setter-poly.js b/deps/v8/test/mjsunit/maglev/api-setter-poly.js
new file mode 100644
index 00000000000000..f77329dd3f6769
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/api-setter-poly.js
@@ -0,0 +1,32 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --maglev --no-always-turbofan
+
+function a() {
+}
+
+function b() {
+}
+
+Error.captureStackTrace(a);
+Error.captureStackTrace(b);
+
+function foo(f, s) {
+  // This calls an API setter.
+  f.stack = s;
+}
+%PrepareFunctionForOptimization(foo);
+
+foo(a, 'stack1');
+foo(b, 'stack2');
+foo(a, 'stack3');
+
+// Make the store polymorphic.
+foo({}, 'unrelated');
+
+%OptimizeMaglevOnNextCall(foo);
+
+foo(a, 'stack4');
+assertEquals('stack4', a.stack);
diff --git a/deps/v8/test/mjsunit/maglev/api-setter.js b/deps/v8/test/mjsunit/maglev/api-setter.js
new file mode 100644
index 00000000000000..5402180ad3baa7
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/api-setter.js
@@ -0,0 +1,29 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --maglev --no-always-turbofan
+
+function a() {
+}
+
+function b() {
+}
+
+Error.captureStackTrace(a);
+Error.captureStackTrace(b);
+
+function foo(f, s) {
+  // This calls an API setter.
+  f.stack = s;
+}
+%PrepareFunctionForOptimization(foo);
+
+foo(a, 'stack1');
+foo(b, 'stack2');
+foo(a, 'stack3');
+
+%OptimizeMaglevOnNextCall(foo);
+
+foo(a, 'stack4');
+assertEquals('stack4', a.stack);
diff --git a/deps/v8/test/mjsunit/maglev/context-object-tracking.js b/deps/v8/test/mjsunit/maglev/context-object-tracking.js
new file mode 100644
index 00000000000000..3544e956303035
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/context-object-tracking.js
@@ -0,0 +1,58 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+(function() {
+  function foo() {
+    let o = {x : 1};
+    with(o) {
+      x = 2;
+    }
+    return o.x;
+  }
+  %PrepareFunctionForOptimization(foo);
+  assertEquals(foo(), 2);
+  assertEquals(foo(), 2);
+  %OptimizeFunctionOnNextCall(foo);
+  assertEquals(foo(), 2);
+})();
+
+(function() {
+  function foo(args) {
+    var result = 0;
+    for (var i = 0; i < args.length; ++i) {
+        result += args[i];
+        args[i] += i;
+    }
+    return result;
+  }
+
+  function bar(a, b, c, d) {
+    return [foo(arguments), a, b, c, d];
+  }
+
+  function run(i) {
+    var result = bar(i, i + 1, i + 2, i + 3);
+    if (result.length != 5)
+        throw "Bad result length in " + result;
+    if (result[0] != i * 4 + 6)
+        throw "Bad first element in " + result + "; expected " + (i * 3 + 6);
+    if (result[1] != i)
+        throw "Bad second element in " + result + "; expected " + i;
+    if (result[2] != i + 1 + 1)
+        throw "Bad third element in " + result + "; expected " + (i + 1 + 1);
+    if (result[3] != i + 2 + 2)
+        throw "Bad fourth element in " + result + "; expected " + (i + 2 + 2);
+    if (result[4] != i + 3 + 3)
+        throw "Bad fifth element in " + result + "; expected " + (i + 3 + 3);
+  }
+
+  %PrepareFunctionForOptimization(bar);
+  %PrepareFunctionForOptimization(foo);
+  run(0);
+  run(1);
+  %OptimizeFunctionOnNextCall(bar);
+  run(2);
+})();
diff --git a/deps/v8/test/mjsunit/maglev/equals-number-boolean.js b/deps/v8/test/mjsunit/maglev/equals-number-boolean.js
new file mode 100644
index 00000000000000..39bd2e8efae9d7
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/equals-number-boolean.js
@@ -0,0 +1,52 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --maglev
+
+function equals(a, b) {
+  if (a == b) {
+    return 1;
+  }
+  return 0;
+}
+
+%PrepareFunctionForOptimization(equals);
+
+// Add the NumberOrBoolean feedback.
+equals(0, true);
+equals(true, 1);
+
+%OptimizeMaglevOnNextCall(equals);
+equals(0, true);
+
+assertEquals(0, equals(true, 0));
+assertEquals(1, equals(true, 1));
+assertEquals(0, equals(true, 3.14));
+
+assertEquals(1, equals(false, 0));
+assertEquals(0, equals(false, 1));
+assertEquals(0, equals(false, 2.72));
+
+assertEquals(0, equals(0, true));
+assertEquals(1, equals(1, true));
+assertEquals(0, equals(1.41, true));
+
+assertEquals(1, equals(0, false));
+assertEquals(0, equals(1, false));
+assertEquals(0, equals(1.62, false));
+
+assertEquals(1, equals(true, true));
+assertEquals(1, equals(false, false));
+assertEquals(1, equals(3, 3));
+
+assertEquals(0, equals(false, true));
+assertEquals(0, equals(true, false));
+assertEquals(0, equals(3, 4));
+
+assertTrue(isMaglevved(equals));
+
+// Passing a non-boolean oddball deopts.
+assertEquals(0, equals(undefined, true));
+
+assertFalse(isMaglevved(equals));
diff --git a/deps/v8/test/mjsunit/maglev/escape-loop-inline-call.js b/deps/v8/test/mjsunit/maglev/escape-loop-inline-call.js
new file mode 100644
index 00000000000000..fd0fc803d6cec5
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/escape-loop-inline-call.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function bar(o) {
+  o.x = o.x + 1;
+}
+
+function foo() {
+  let o = {x : 1};
+  for (let i = 0; i < 2; i++) {
+    bar(o);
+  }
+  return o.x;
+}
+
+%PrepareFunctionForOptimization(bar);
+%PrepareFunctionForOptimization(foo);
+assertEquals(foo(), 3);
+assertEquals(foo(), 3);
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(foo(), 3);
+assertEquals(foo(), 3);
diff --git a/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-1.js b/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-1.js
index 3a6246617a2463..8aa0006f10f1d4 100644
--- a/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-1.js
+++ b/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-1.js
@@ -3,7 +3,6 @@
 // found in the LICENSE file.
 //
 // Flags: --allow-natives-syntax --maglev
-// Flags: --maglev-extend-properties-backing-store
 
 const s = new Set();
 
diff --git a/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-2.js b/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-2.js
index 969f76119508bc..70564fa7083591 100644
--- a/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-2.js
+++ b/deps/v8/test/mjsunit/maglev/extend-properties-backing-store-2.js
@@ -3,7 +3,6 @@
 // found in the LICENSE file.
 //
 // Flags: --allow-natives-syntax --maglev
-// Flags: --maglev-extend-properties-backing-store
 
 function addProperties(o) {
   // Add enough properties to exhaust the slack, so that adding the property
diff --git a/deps/v8/test/mjsunit/maglev/regress-343069823.js b/deps/v8/test/mjsunit/maglev/regress-343069823.js
index b3b78a6da2584c..55fb0eb4da0e54 100644
--- a/deps/v8/test/mjsunit/maglev/regress-343069823.js
+++ b/deps/v8/test/mjsunit/maglev/regress-343069823.js
@@ -4,9 +4,10 @@
 //
 // Flags: --allow-natives-syntax --maglev
 
+const a = [1];
+a[3296295157] = 2;
+
 function foo() {
-  const a = [1];
-  a[3296295157] = 2;
   let [x] = a;
   return x;
 }
@@ -17,9 +18,4 @@ assertEquals(1, foo());
 
 %OptimizeMaglevOnNextCall(foo);
 assertEquals(1, foo());
-
-%OptimizeMaglevOnNextCall(foo);
-assertEquals(1, foo());
-// Check we don't have a deopt loop, ie, we don't try to optimize
-// ArrayProtoNext again.
 assertTrue(isOptimized(foo));
diff --git a/deps/v8/test/mjsunit/maglev/regress-353877558.js b/deps/v8/test/mjsunit/maglev/regress-353877558.js
new file mode 100644
index 00000000000000..f240bbf078bd1d
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-353877558.js
@@ -0,0 +1,18 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+class C0 {
+  constructor() {
+      for (let v3 = 0; v3 < 25; v3++) {
+      }
+      const t4 = [3.523949138304181e+307];
+      t4[4] = 256;
+  }
+}
+%PrepareFunctionForOptimization(C0);
+new C0;
+%OptimizeFunctionOnNextCall(C0);
+new C0();
diff --git a/deps/v8/test/mjsunit/maglev/regress-353928356.js b/deps/v8/test/mjsunit/maglev/regress-353928356.js
new file mode 100644
index 00000000000000..ba652a6d24c498
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-353928356.js
@@ -0,0 +1,17 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function f1() {
+  const v3 =[f1].entries();
+  with (v3) {
+      length = Int8Array;
+  }
+  v3.next();
+}
+%PrepareFunctionForOptimization(f1);
+f1();
+%OptimizeFunctionOnNextCall(f1);
+f1();
diff --git a/deps/v8/test/mjsunit/maglev/regress-354324160.js b/deps/v8/test/mjsunit/maglev/regress-354324160.js
new file mode 100644
index 00000000000000..cebfcb4088720d
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-354324160.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function f0() {
+  try {
+      for (let i5 = 0, i6 = 10;
+          (() => {
+              const v7 = [-4.0,-8.898103618409834];
+              v7.keys().next( i5);
+              i6--;
+              return i5 < i6;
+          })();
+          ) {
+      }
+      v1[Symbol]();
+  } catch(e17) {
+  }
+}
+%PrepareFunctionForOptimization(f0);
+f0();
+%OptimizeFunctionOnNextCall(f0);
+f0();
diff --git a/deps/v8/test/mjsunit/maglev/regress-354758514.js b/deps/v8/test/mjsunit/maglev/regress-354758514.js
new file mode 100644
index 00000000000000..bfb1e5cb55dfc5
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-354758514.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+__v_0 = new Proxy({}, {getOwnPropertyDescriptor:  {  }});
+
+function __f_0() {
+  throw 5;
+}
+function __f_1() {
+  try {
+    with ({ __v_6 : __v_0 + 42 }) {
+      __f_0();
+    }
+  } catch(e) {
+  }
+}
+
+%PrepareFunctionForOptimization(__f_1);
+__f_1();
+__f_1();
+%OptimizeFunctionOnNextCall(__f_1);
+__f_1();
diff --git a/deps/v8/test/mjsunit/maglev/regress-354800079.js b/deps/v8/test/mjsunit/maglev/regress-354800079.js
new file mode 100644
index 00000000000000..74049ac92c3394
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-354800079.js
@@ -0,0 +1,63 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+(function () {
+  const join = Array.prototype.join;
+  const map = Array.prototype.map;
+  const classOf = function () {
+  };
+  prettyPrinted = function prettyPrinted(value = 4) {
+    switch (typeof value) {
+      case "object":
+            return prettyPrintedObject(value);
+    }
+  };
+  function prettyPrintedObject(object, depth) {
+    const keys = Object.keys(object);
+    const prettyValues = map.call(keys, key => {
+      return `${key}: ${prettyPrinted(object[key], depth - 1)}`;
+    });
+    const content = join.call(prettyValues);
+    return `${object.constructor.name || "Object"}{${content}}`;
+  }
+  __prettyPrint = function (value = false) {
+    let str = prettyPrinted(value);
+    print(str);
+  };
+})();
+this.WScript = new Proxy({}, {
+});
+assertEquals = (expected, found) => {
+  __prettyPrint(found);
+};
+
+(async function () {
+  function __f_0() {
+    let __v_14 = {
+      next() {
+      }
+    };
+    return {
+    };
+  }
+  async function __f_6() {
+    let __v_59 = 0,
+        __v_60 = [];
+    try {
+      for await (var [__v_63 =  __v_62] of __f_0()) {
+      }
+    } catch (e) {
+    }
+    return {
+      keys: __v_60,
+    };
+  }
+  %PrepareFunctionForOptimization(__f_6);
+  __f_6();
+  __f_6();
+  %OptimizeMaglevOnNextCall(__f_6);
+  __f_6()
+})().catch();
diff --git a/deps/v8/test/mjsunit/maglev/regress-355493915.js b/deps/v8/test/mjsunit/maglev/regress-355493915.js
new file mode 100644
index 00000000000000..7f8d9aff687f1c
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-355493915.js
@@ -0,0 +1,17 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function foo() {
+  class C5 {}
+  try { [C5].forEach(C5); }
+  catch {}
+}
+
+%PrepareFunctionForOptimization(foo);
+foo();
+foo();
+%OptimizeFunctionOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/maglev/regress-356491694.js b/deps/v8/test/mjsunit/maglev/regress-356491694.js
new file mode 100644
index 00000000000000..fd22f63da65071
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-356491694.js
@@ -0,0 +1,15 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function f0() {
+  const t1 = [];
+  t1[10000] = 1;
+}
+
+%PrepareFunctionForOptimization(f0);
+f0();
+%OptimizeFunctionOnNextCall(f0);
+f0();
diff --git a/deps/v8/test/mjsunit/maglev/regress-356901453.js b/deps/v8/test/mjsunit/maglev/regress-356901453.js
new file mode 100644
index 00000000000000..bcb959a9902220
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-356901453.js
@@ -0,0 +1,15 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function foo(n, x) {
+  for (var i = 0; i < n; i++) {
+    x = 1 << 31 - i;
+  }
+}
+%PrepareFunctionForOptimization(foo);
+foo(1, 1);
+%OptimizeFunctionOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/maglev/regress-356913463.js b/deps/v8/test/mjsunit/maglev/regress-356913463.js
new file mode 100644
index 00000000000000..e24ba8099e818f
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-356913463.js
@@ -0,0 +1,40 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+(function() {
+  const bar = {};
+  function foo(a) {
+    a === a;
+    try {
+      a = 1;
+      bar();
+      arguments;
+    } catch {}
+  }
+
+  %PrepareFunctionForOptimization(foo);
+  foo();
+  foo();
+  %OptimizeFunctionOnNextCall(foo);
+  foo();
+}());
+
+(function() {
+  function bar() {}
+
+  const o = {};
+  function foo(x) {
+    bar();
+    let args = arguments;
+    ({"x":x,"y":y,...args} = o);
+  }
+
+  %PrepareFunctionForOptimization(foo);
+  foo();
+  foo();
+  %OptimizeFunctionOnNextCall(foo);
+  foo();
+}());
diff --git a/deps/v8/test/mjsunit/maglev/regress-356965810.js b/deps/v8/test/mjsunit/maglev/regress-356965810.js
new file mode 100644
index 00000000000000..05f037bae66b55
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-356965810.js
@@ -0,0 +1,16 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+var __v_12 = 1;
+function foo() {
+  return (__v_12 << -675) % __v_12;
+}
+
+%PrepareFunctionForOptimization(foo);
+foo();
+foo();
+%OptimizeMaglevOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/maglev/regress-357496257.js b/deps/v8/test/mjsunit/maglev/regress-357496257.js
new file mode 100644
index 00000000000000..eb79469c042b8c
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-357496257.js
@@ -0,0 +1,21 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function bar(a) {
+  a.push();
+}
+
+function foo() {
+  const n = -51978;
+  const a = Array(n ** n);
+  bar(a);
+}
+
+%PrepareFunctionForOptimization(foo);
+foo();
+foo();
+%OptimizeFunctionOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/maglev/regress-358071281.js b/deps/v8/test/mjsunit/maglev/regress-358071281.js
new file mode 100644
index 00000000000000..d19b2d96b96341
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-358071281.js
@@ -0,0 +1,17 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function f6(a7) {
+    a7 >>> a7;
+    const v12 = a7 == a7; // NumberOrBoolean
+    v12 || v12;
+}
+%PrepareFunctionForOptimization(f6);
+
+f6(false);
+f6(-8.45);
+%OptimizeMaglevOnNextCall(f6);
+f6();
diff --git a/deps/v8/test/mjsunit/maglev/regress-358399787.js b/deps/v8/test/mjsunit/maglev/regress-358399787.js
new file mode 100644
index 00000000000000..df214b33786799
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-358399787.js
@@ -0,0 +1,21 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function check(i) {
+  function inlined(a) {
+    a[2];
+  }
+  %PrepareFunctionForOptimization(inlined);
+  inlined([1,,""]);
+  inlined([]);
+  return i < 2;
+}
+
+%PrepareFunctionForOptimization(check);
+
+for (let i = 0; check(i); i++) {
+  %OptimizeFunctionOnNextCall(check);
+}
diff --git a/deps/v8/test/mjsunit/maglev/regress-358998538.js b/deps/v8/test/mjsunit/maglev/regress-358998538.js
new file mode 100644
index 00000000000000..5f598eb0c11596
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress-358998538.js
@@ -0,0 +1,27 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function bar() {
+  let x = undefined;
+  x++;
+  glo = x;
+  return x;
+}
+
+const o = {};
+o[Symbol.iterator] = bar;
+
+function foo() {
+  for (let i = 0; i < 2; i++) {
+    try { [] = o; } catch {}
+  }
+}
+
+%PrepareFunctionForOptimization(bar);
+%PrepareFunctionForOptimization(foo);
+foo();
+%OptimizeMaglevOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/maglev/regress/regress-355484345.js b/deps/v8/test/mjsunit/maglev/regress/regress-355484345.js
new file mode 100644
index 00000000000000..0990168bf93e9c
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress/regress-355484345.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --maglev
+
+const o1 = {
+    "type": "function",
+};
+function f2() {
+    for (let v5 = 0; v5 < 5; v5++) {
+        v5 **= 256;
+        const o6 = {
+            "type": v5,
+        };
+        const o8 = {
+            get b() {
+            },
+        };
+    }
+}
+%PrepareFunctionForOptimization(f2);
+f2(f2());
+%OptimizeFunctionOnNextCall(f2);
+f2();
diff --git a/deps/v8/test/mjsunit/maglev/regress/regress-356913290.js b/deps/v8/test/mjsunit/maglev/regress/regress-356913290.js
new file mode 100644
index 00000000000000..f73fa58f3e57c9
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress/regress-356913290.js
@@ -0,0 +1,24 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --maglev --allow-natives-syntax
+
+
+let v8 = -2147483649;
+function f9() {
+    let v10 = 0;
+    let v12 = -1024;
+    for (let v13 = 0; v13 < 25; v13++) {
+        let v16 =v10 - 5 | v8;
+        const v18 = v10 + 2147483647;
+        v10 = v18 | f9;
+        v8 = v13;
+        v16++;
+        v12 = ((v12 & v18) && v16) | 0;
+    }
+}
+%PrepareFunctionForOptimization(f9);
+f9();
+%OptimizeFunctionOnNextCall(f9);
+f9();
diff --git a/deps/v8/test/mjsunit/maglev/regress/regress-356913462.js b/deps/v8/test/mjsunit/maglev/regress/regress-356913462.js
new file mode 100644
index 00000000000000..33760e545cb5f6
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress/regress-356913462.js
@@ -0,0 +1,22 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --maglev
+
+
+function __f_1() {
+  var x = 2;
+  while (x-- > 0) {
+    x = x;
+    let o = {
+      get: function () {
+        x[638197]();
+      }
+    };
+    %OptimizeOsr();
+  }
+  return x;
+}
+%PrepareFunctionForOptimization(__f_1);
+assertTrue(__f_1() === -1);
diff --git a/deps/v8/test/mjsunit/maglev/regress/regress-356917015.js b/deps/v8/test/mjsunit/maglev/regress/regress-356917015.js
new file mode 100644
index 00000000000000..70a7dce163f356
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/regress/regress-356917015.js
@@ -0,0 +1,27 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function f0() {
+  function f1(a2) {
+      if (a2) {
+          throw_before_this_function_is_not_defined();
+      }
+  }
+  const v5 = %NeverOptimizeFunction(f1);
+  let v7 = undefined >>> undefined;
+  try {
+      f1();
+      v7 = 45;
+      f1(true);
+  } catch(e12) {
+      v7 + 3;
+  }
+  for (let v15 = 0; v15 < 100; v15++) {
+  }
+}
+const v16 = %PrepareFunctionForOptimization(f0);
+f0();
+f0();
diff --git a/deps/v8/test/mjsunit/maglev/strict-equals-number-boolean.js b/deps/v8/test/mjsunit/maglev/strict-equals-number-boolean.js
new file mode 100644
index 00000000000000..b7884994309ef6
--- /dev/null
+++ b/deps/v8/test/mjsunit/maglev/strict-equals-number-boolean.js
@@ -0,0 +1,45 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --maglev
+
+function strictEquals(a, b) {
+  if (a === b) {
+    return 1;
+  }
+  return 0;
+}
+
+%PrepareFunctionForOptimization(strictEquals);
+
+// Add the NumberOrBoolean feedback.
+strictEquals(0, true);
+strictEquals(true, 1);
+
+%OptimizeMaglevOnNextCall(strictEquals);
+strictEquals(0, true);
+
+assertEquals(0, strictEquals(true, 0));
+assertEquals(0, strictEquals(true, 1));
+assertEquals(0, strictEquals(true, 3.14));
+
+assertEquals(0, strictEquals(false, 0));
+assertEquals(0, strictEquals(false, 1));
+assertEquals(0, strictEquals(false, 2.72));
+
+assertEquals(0, strictEquals(0, true));
+assertEquals(0, strictEquals(1, true));
+assertEquals(0, strictEquals(1.41, true));
+
+assertEquals(0, strictEquals(0, false));
+assertEquals(0, strictEquals(1, false));
+assertEquals(0, strictEquals(1.62, false));
+
+assertEquals(1, strictEquals(true, true));
+assertEquals(1, strictEquals(false, false));
+assertEquals(1, strictEquals(3, 3));
+
+assertEquals(0, strictEquals(false, true));
+assertEquals(0, strictEquals(true, false));
+assertEquals(0, strictEquals(3, 4));
diff --git a/deps/v8/test/mjsunit/maglev/string-compare.js b/deps/v8/test/mjsunit/maglev/string-compare.js
index f30db42785e82f..3988216368e6d4 100644
--- a/deps/v8/test/mjsunit/maglev/string-compare.js
+++ b/deps/v8/test/mjsunit/maglev/string-compare.js
@@ -6,7 +6,7 @@
 // Flags: --no-always-use-string-forwarding-table
 
 let internalized1234 = %ConstructInternalizedString("1234123412341234");
-let nonInternalized1234 = "1234" + "1234" + "1234" + "1234";
+let nonInternalized1234 = %ConstructConsString("12341234", "12341234");
 let uniqueId = 0;
 
 function warmUpMaglevTestFn(test_fn_src) {
diff --git a/deps/v8/test/mjsunit/mjsunit.status b/deps/v8/test/mjsunit/mjsunit.status
index 1fb2786de576bd..e76861fed20866 100644
--- a/deps/v8/test/mjsunit/mjsunit.status
+++ b/deps/v8/test/mjsunit/mjsunit.status
@@ -452,7 +452,7 @@
 
 ##############################################################################
 # TODO(v8:7777): Change this once wasm is supported in jitless mode.
-['not has_webassembly or variant == jitless', {
+['not has_webassembly or (variant == jitless and not has_wasm_interpreter)', {
   # Skip tests that require webassembly.
   'regress/asm/*': [SKIP],
   'regress/wasm/*': [SKIP],
@@ -475,7 +475,249 @@
   'tools/compiler-trace-flags-wasm': [SKIP],
 
   'compiler/fast-api-calls-wasm': [SKIP],
-}],  # not has_webassembly or variant == jitless
+}],  # not has_webassembly or (variant == jitless and not has_wasm_interpreter)
+
+
+##############################################################################
+['not has_wasm_interpreter or variant != jitless', {
+  # Tests to run only with the Wasm interpreter.
+  'wasm/wasm-interpreter-memory-grow' : [SKIP],
+}],  # not has_wasm_interpreter or variant != jitless
+
+##############################################################################
+['not has_wasm_interpreter and variant == jitless', {
+  'wasm/*': [SKIP],
+  'regress/wasm/*': [SKIP],
+}],  # not has_wasm_interpreter and variant == jitless
+
+['has_wasm_interpreter and variant == jitless', {
+  # Skip tests that require Wasm experimental features not supported by the
+  # Wasm interpreter, or that explicitly require compilation.
+
+  # --experimental-wasm-inlining
+  'regress/wasm/regress-crbug-1510626': [SKIP],
+
+  # --experimental-wasm-typed-funcref
+  'regress/wasm/regress-1364036': [SKIP],
+  'regress/wasm/regress-1446221': [SKIP],
+  'regress/wasm/regress-1449208': [SKIP],
+  'regress/wasm/regress-crbug-1047368': [SKIP],
+  'regress/wasm/regress-crbug-1463219': [SKIP],
+  'wasm/imported-function-types': [SKIP],
+  'wasm/loop-unrolling': [SKIP],
+  'wasm/reference-tables': [SKIP],
+  'wasm/test-wasm-module-builder': [SKIP],
+
+  # --experimental-wasm-type-reflection
+  'regress/wasm/regress-crbug-1002388': [SKIP],
+  'regress/wasm/regress-crbug-1006631': [SKIP],
+  'regress/wasm/regress-14695': [SKIP],
+  'regress/wasm/regress-329130358': [SKIP],
+  'regress/wasm/regress-336358915*': [SKIP],
+  'wasm/call-ref': [SKIP],
+  'wasm/exceptions-type-reflection': [SKIP],
+  'wasm/externref-table': [SKIP],
+  'wasm/js-to-js': [SKIP],
+  'wasm/gc-casts-subtypes': [SKIP],
+  'wasm/log-wasm-to-js-wrapper-callref': [SKIP],
+  'wasm/ref-cast-js-function': [SKIP],
+  'wasm/type-reflection*': [SKIP],
+  'wasm/wasm-to-js-tierup': [SKIP],
+
+  # --experimental-wasm-exnref
+  'regress/wasm/regress-14689': [SKIP],
+  'regress/wasm/regress-1502837': [SKIP],
+  'regress/wasm/regress-1507743': [SKIP],
+  'regress/wasm/regress-336214779': [SKIP],
+  'wasm/exnref*': [SKIP],
+  'wasm/gc-casts-exnref': [SKIP],
+  'wasm/gc-casts-invalid': [SKIP],
+  'wasm/js-wrapper-typechecks': [SKIP],
+  'wasm/wasm-inlining-catch-unreachable': [SKIP],
+
+  #--experimental-wasm-ref-cast-nop
+  'wasm/gc-experiments': [SKIP],
+
+  # --experimental-wasm-compilation-hints
+  'wasm/compilation-hints*': [SKIP],
+
+  # --experimental-wasm-extended-const
+  'wasm/extended-constants': [SKIP],
+
+  # --experimental-wasm-memory64
+  'regress/wasm/regress-329706236': [SKIP],
+  'regress/wasm/regress-332939161': [SKIP],
+  'wasm/memory64': [SKIP],
+  'wasm/multi-memory64': [SKIP],
+  'wasm/simd-lane-memory64': [SKIP],
+  'wasm/table64*': [SKIP],
+
+  # --experimental-wasm-multi-memory
+  'regress/wasm/regress-1518257': [SKIP],
+  'regress/wasm/regress-1523740': [SKIP],
+  'regress/wasm/regress-343035068': [SKIP],
+  'wasm/atomic-wait-multi-memory': [SKIP],
+  'wasm/generate-random-module': [SKIP],
+  'wasm/js-api': [SKIP],
+  'wasm/multi-memory*': [SKIP],
+
+  # --experimental-wasm-stack-switching
+  'regress/wasm/regress-v8-14471': [SKIP],
+  'wasm/stack-switching*': [SKIP],
+
+  # --experimental-wasm-stringref
+  'regress/wasm/regress-324475066': [SKIP],
+  'regress/wasm/regress-324690505': [SKIP],
+  'regress/wasm/regress-330580823': [SKIP],
+  'regress/wasm/regress-336007398': [SKIP],
+  'regress/wasm/regress-crbug-1463232': [SKIP],
+  'regress/wasm/regress-crbug-1466312': [SKIP],
+  'regress/wasm/regress-v8-14710': [SKIP],
+  'wasm/gc-casts-from-any': [SKIP],
+  'wasm/origin-trial-flags': [SKIP],
+  'wasm/reference-globals-import': [SKIP],
+  'wasm/reference-table-js-interop': [SKIP],
+  'wasm/stringref*': [SKIP],
+  'wasm/stringview-valuestack': [SKIP],
+  'wasm/turboshaft/instruction-selection': [SKIP],
+
+  # --liftoff
+  'regress/wasm/regress-1045737': [SKIP],
+  'regress/wasm/regress-1046472': [SKIP],
+  'regress/wasm/regress-1125951': [SKIP],
+  'regress/wasm/regress-1185464': [SKIP],
+  'regress/wasm/regress-1220855': [SKIP],
+  'regress/wasm/regress-14113': [SKIP],
+  'regress/wasm/regress-14116': [SKIP],
+  'regress/wasm/regress-14118': [SKIP],
+  'regress/wasm/regress-14171': [SKIP],
+  'regress/wasm/regress-864509': [SKIP],
+  'regress/wasm/regress-9017': [SKIP],
+  'regress/wasm/regress-350779988': [SKIP],
+  'wasm/deopt/*': [SKIP],
+  'wasm/enter-debug-state': [SKIP],
+  'wasm/liftoff-trap-handler': [SKIP],
+  'wasm/serialization-with-compilation-hints': [SKIP],
+  'wasm/streaming-trap-location': [SKIP],
+
+  # --wasm_lazy_compilation
+  'regress/wasm/regress-1016515': [SKIP],
+  'regress/wasm/regress-1161555': [SKIP],
+  'regress/wasm/regress-1180690': [SKIP],
+  'regress/wasm/regress-1184964': [SKIP],
+  'regress/wasm/regress-724851': [SKIP],
+  'regress/wasm/regress-7353': [SKIP],
+  'regress/wasm/regress-736584': [SKIP],
+  'regress/wasm/regress-739768': [SKIP],
+  'regress/wasm/regress-803427': [SKIP],
+  'regress/wasm/regress-803788': [SKIP],
+  'regress/wasm/regress-808012': [SKIP],
+  'regress/wasm/regress-817380': [SKIP],
+  'regress/wasm/regress-834619': [SKIP],
+  'regress/wasm/regress-956771*': [SKIP],
+  'regress/wasm/regress-1430858': [SKIP],
+  'wasm/code-flushing*': [SKIP],
+  'wasm/lazy-compilation': [SKIP],
+  'wasm/lazy-feedback-vector-allocation': [SKIP],
+  'wasm/serialize-lazy-module': [SKIP],
+  'wasm/test-serialization-with-lazy-compilation': [SKIP],
+
+  # --wasm-lazy-validation
+  'regress/wasm/regress-334687959': [SKIP],
+
+  # --experimental-wasm-imported-strings
+  'wasm/imported-strings*': [SKIP],
+  'regress/wasm/regress-324747822': [SKIP],
+  'regress/wasm/regress-326091470': [SKIP],
+  'regress/wasm/regress-326260438': [SKIP],
+  'regress/wasm/regress-326156493': [SKIP],
+  'regress/wasm/regress-326273468': [SKIP],
+  'regress/wasm/regress-326894018': [SKIP],
+  'regress/wasm/regress-327517308': [SKIP],
+  'regress/wasm/regress-327643791': [SKIP],
+  'regress/wasm/regress-329464129': [SKIP],
+  'regress/wasm/regress-40258436': [SKIP],
+
+  # --experimental-wasm-shared
+  'wasm/shared-everything/basic': [SKIP],
+
+  # --experimental-wasm-jspi
+  'regress/wasm/regress-336852356': [SKIP],
+
+  # Module serialization tests expect compilation
+  'regress/wasm/regress-11024': [SKIP],
+  'regress/wasm/regress-7785': [SKIP],
+  'regress/wasm/regress-808848': [SKIP],
+  'regress/wasm/regress-808980': [SKIP],
+  'regress/wasm/regress-8896': [SKIP],
+  'wasm/compiled-module-serialization': [SKIP],
+  'wasm/print-code': [SKIP],
+
+  # Other tests that require compilation.
+  'compiler/fast-api-calls-wasm': [SKIP],
+  'wasm/async-compile': [SKIP],
+  'wasm/log-code-after-post-message': [SKIP],
+  'wasm/multiple-code-spaces': [SKIP],
+  'wasm/wrapper-compilation': [SKIP],
+
+  # Tests that expect different profiling samples.
+  'wasm/log-wasm-to-js-wrapper-indirect': [SKIP],
+
+  # Interpreter stack trace not fully implemented yet.
+  'wasm/function-names': [SKIP],
+  'wasm/stack': [SKIP],
+
+  # d8.exe --no-wasm-trap-handler.
+  'regress/wasm/regress-842501': [SKIP],
+
+  # TODO(paolosev): Support Wasm to JS calls to JSApiObjects.
+  'wasm/ffi': [SKIP],
+
+  # TODO(paolosev): Implement StackCheck in Wasm loops.
+  'wasm/grow-shared-memory': [SKIP],
+  'wasm/interrupt-worker-with-perf': [SKIP],
+  'wasm/worker-running-empty-loop-interruptible': [SKIP],
+
+  # Tests using %WasmTierUpFunction()
+  'regress/wasm/regress-1179065': [SKIP],
+  'regress/wasm/regress-13230': [SKIP],
+  'regress/wasm/regress-13290': [SKIP],
+  'regress/wasm/regress-13826': [SKIP],
+  'regress/wasm/regress-1403398': [SKIP],
+  'regress/wasm/regress-1511849': [SKIP],
+  'regress/wasm/regress-325372946': [SKIP],
+  'regress/wasm/regress-326904344': [SKIP],
+  'regress/wasm/regress-353582136': [SKIP],
+  'regress/wasm/regress-353913485': [SKIP],
+  'regress/wasm/regress-354324155*': [SKIP],
+  'regress/wasm/regress-crbug-1507751': [SKIP],
+  'wasm/bit-shift-right': [SKIP],
+  'wasm/bounds-check-turbofan': [SKIP],
+  'wasm/enter-and-leave-debug-state': [SKIP],
+  'wasm/recognize-imports': [SKIP],
+  'wasm/simd-relaxed-lane-select': [SKIP],
+  'wasm/speculative-inlining': [SKIP],
+  'wasm/stringrefs-regressions': [SKIP],
+
+  # --wasm_tier_up
+  'wasm/graceful_shutdown_during_tierup': [SKIP],
+
+  # asm.js tests
+  'asm/*': [SKIP],
+  'regress/asm/*': [SKIP],
+
+  # NaN representation
+  'wasm/nan-constant': [SKIP],
+
+ }],  # has_wasm_interpreter and variant == jitless
+
+['has_wasm_interpreter and variant == jitless and arch == arm64', {
+
+  # Trap handling not used for bounds checking on arm64, disable tests that use
+  # %GetWasmRecoveredTrapCount()
+  'wasm/module-memory': [SKIP],
+
+ }],  # has_wasm_interpreter and variant == jitless and arch == arm64
 
 ##############################################################################
 ['has_jitless', {
@@ -1775,6 +2017,7 @@
   'wasm/js-to-wasm-invalid-sig': [SKIP],
   'wasm/simd-*': [SKIP],
   'wasm/turboshaft/array-new-unreachable': [SKIP],
+  'wasm/turboshaft/reduction-shuffle': [SKIP],
   'regress/wasm/regress-9447': [SKIP],
   'regress/wasm/regress-10309': [SKIP],
   'regress/wasm/regress-10831': [SKIP],
@@ -1820,6 +2063,7 @@
   'regress/wasm/regress-344484969': [SKIP],
   'regress/wasm/regress-341947685': [SKIP],
   'regress/wasm/regress-343748812': [SKIP],
+  'regress/wasm/regress-353913485': [SKIP],
   'regress/wasm/regress-crbug-1338980': [SKIP],
   'regress/wasm/regress-crbug-1355070': [SKIP],
   'regress/wasm/regress-crbug-1356718': [SKIP],
@@ -1887,7 +2131,6 @@
   # These tests use %SimulateNewspaceFull, which only works in the young generation
   'regress/regress-1424415': [SKIP],
   'wasm/stack-switching': [SKIP],
-  'wasm/stack-switching-new-api': [SKIP],
   'wasm/stack-switching-conditional': [SKIP],
   'wasm/stack-switching-export': [SKIP],
   'wasm/stack-switching-generic-wrapper': [SKIP],
@@ -2038,23 +2281,16 @@
 }], # third_party_heap
 
 ##############################################################################
-['arch != x64 or gc_fuzzer or deopt_fuzzer or interrupt_fuzzer', {
-  # TODO(nicohartmann@): Instruction selection on turboshaft graph is
-  # currently only supported on x64.
-  'turboshaft/turboshaft-instruction-selection': [SKIP],
-}],  # arch != x64 or gc_fuzzer or deopt_fuzzer or interrupt_fuzzer
-
-##############################################################################
-['(arch != x64 and arch != arm64 and arch != ia32 and arch != arm and arch != riscv64) or (simulator_run and conservative_stack_scanning)', {
-  # Stack switching is only supported on x64/arm64/ia32/arm.
+['(arch != x64 and arch != arm64 and arch != ia32 and arch != arm and arch != riscv64 and arch != loong64) or (simulator_run and conservative_stack_scanning)', {
+  # Stack switching is only supported on x64/arm64/ia32/arm/riscv64/loong64.
   'wasm/stack-switching': [SKIP],
-  'wasm/stack-switching-new-api': [SKIP],
   'wasm/stack-switching-conditional': [SKIP],
   'wasm/stack-switching-export': [SKIP],
   'wasm/stack-switching-generic-wrapper': [SKIP],
   'regress/wasm/regress-v8-14471': [SKIP],
-  'regress/wasm/regress-336852356': [SKIP]
-}],  # (arch != x64 and arch != arm64 and arch != ia32 and arch != arm)
+  'regress/wasm/regress-336852356': [SKIP],
+  'regress/wasm/regress-336358915': [SKIP]
+}],  # (arch != x64 and arch != arm64 and arch != ia32 and arch != arm and arch != riscv64 and arch != loong64)
 
 ##############################################################################
 ['arch != x64 and arch != arm64 and arch != loong64 and arch != mips64', {
@@ -2079,6 +2315,7 @@
   'wasm/deopt/*': [SKIP],
   'regress/wasm/regress-350779988': [SKIP],
   'regress/wasm/regress-353582136': [SKIP],
+  'regress/wasm/regress-353913485': [SKIP],
 }],
 
 ##############################################################################
diff --git a/deps/v8/test/mjsunit/object-assign-regressions.js b/deps/v8/test/mjsunit/object-assign-regressions.js
index 56dc2417495000..f77b8bcd9af005 100644
--- a/deps/v8/test/mjsunit/object-assign-regressions.js
+++ b/deps/v8/test/mjsunit/object-assign-regressions.js
@@ -13,11 +13,45 @@
   Object.defineProperty(obj, "__proto__", { value: 0 });
 })();
 
-// TODO(olivf): Ensure object assign fastcase protects the object prototype.
-// (function() {
-//   var a = {};
-//   a.x = 42;
-//   Object.assign({}, a);
-//   Object.defineProperty(Object.prototype, "x", {set(v) {}});
-//   assertTrue(Object.assign({}, a).x === undefined);
-// })();
+(function() {
+  var a = {};
+  a.asdf = 42;
+  Object.defineProperty(Object.prototype, "asdf", {get(){assertTrue(false);},
+                                                   set(v){Object.defineProperty(this, "asdf", {value:100})}});
+  assertTrue(Object.assign({}, a).asdf === 100);
+  assertTrue(Object.assign({}, a).asdf === 100);
+  assertTrue(Object.assign({}, a).asdf === 100);
+})();
+
+(function() {
+  var a = {};
+  a.x = 42;
+  var b = {};
+  b.y = 42;
+  Object.assign({}, a);
+  Object.defineProperty(Object.prototype, "x", {set(v) {}, configurable: true});
+  assertTrue(Object.assign({}, a).x === undefined);
+  assertTrue(Object.assign({}, b).y === 42);
+  assertTrue(Object.assign({}, a).x === undefined);
+  assertTrue(Object.assign({}, b).y === 42);
+  Object.defineProperty(Object.prototype, "y", {set(v) {}, configurable: true});
+  assertTrue(Object.assign({}, a).x === undefined);
+  assertTrue(Object.assign({}, b).y === undefined);
+  assertTrue(Object.assign({}, a).x === undefined);
+  assertTrue(Object.assign({}, b).y === undefined);
+})();
+
+(function() {
+  let a = {};
+  a.qwer1 = 42;
+  Object.defineProperty(Object.prototype, "qwer1", { writable: false });
+  assertThrows(function(){ Object.assign({}, a) });
+  assertThrows(function(){ Object.assign({}, a) });
+  a = {};
+  a.qwer2 = 42;
+  Object.assign({}, a);
+  Object.assign({}, a);
+  Object.defineProperty(Object.prototype, "qwer2", { configurable: false });
+  assertThrows(function(){ Object.assign({}, a) });
+  assertThrows(function(){ Object.assign({}, a) });
+})();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-331358160.js b/deps/v8/test/mjsunit/regress-352402518.js
similarity index 53%
rename from deps/v8/test/mjsunit/regress/wasm/regress-331358160.js
rename to deps/v8/test/mjsunit/regress-352402518.js
index 7b87c66b9397f0..a712fbc4cfcd88 100644
--- a/deps/v8/test/mjsunit/regress/wasm/regress-331358160.js
+++ b/deps/v8/test/mjsunit/regress-352402518.js
@@ -2,10 +2,6 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-WebAssembly.Suspender = {};
-delete WebAssembly.Suspender;
-WebAssembly.Suspender = 1;
-var x = WebAssembly;
-WebAssembly = {};
+// Flags: --reuse-scope-infos
 
-d8.test.enableJSPI();
+with({}){function h(){}}
diff --git a/deps/v8/test/mjsunit/regress-352414652.js b/deps/v8/test/mjsunit/regress-352414652.js
new file mode 100644
index 00000000000000..d6fb72da9153ca
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-352414652.js
@@ -0,0 +1,13 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --reuse-scope-infos
+
+function __f_11() {
+  for (let i =  __f_26 = function() { return i }; i < 1; ++i) {
+  }
+}
+__f_11();
+  %ForceFlush(__f_11);
+      __f_11();
diff --git a/deps/v8/test/mjsunit/regress-352673356.js b/deps/v8/test/mjsunit/regress-352673356.js
new file mode 100644
index 00000000000000..4a40eda2917a83
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-352673356.js
@@ -0,0 +1,7 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --nolazy
+
+({a})=>{{let a = 10; return ()=>a}; let b = 10}
diff --git a/deps/v8/test/mjsunit/regress-352739458.js b/deps/v8/test/mjsunit/regress-352739458.js
new file mode 100644
index 00000000000000..6e265957e10c86
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-352739458.js
@@ -0,0 +1,13 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --reuse-scope-infos --allow-natives-syntax
+
+Realm.eval(Realm.current(), `function f(s) {
+  return eval(s);
+}
+let g = f("0,function(y) { return ()=>{ eval() } }");
+let i = g(1);
+%ForceFlush(g);
+print(g(2));`);
diff --git a/deps/v8/test/mjsunit/regress-353561476.js b/deps/v8/test/mjsunit/regress-353561476.js
new file mode 100644
index 00000000000000..04c78681bebc4b
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-353561476.js
@@ -0,0 +1,40 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --reuse-scope-infos --expose-gc --stress-flush-code
+
+  function executeCode(code) {
+    if (typeof code === 'function') return code();
+  }
+  assertThrows = function assertThrows(code) {
+      executeCode(code);
+  };
+function __getRandomProperty() {
+}
+(function () {
+  __callGC = function () {
+      gc();
+  };
+})();
+  var __v_25 = [];
+function __f_10(__v_29, __v_30) {
+    var __v_31 = Realm.create();
+  try {
+    assertThrows(function () {
+        Realm.eval(__v_31, __v_29[
+        __v_29.length - 1]);
+    }, Realm. __v_30);
+  } catch (e) {}
+    delete __v_25[__getRandomProperty()], __callGC();
+}
+  var __v_28 = [{
+    scripts: ['eval("function NaN() {}");'],
+  }, {
+    scripts: [`
+      `.replace()],
+  }];
+  __v_28.forEach(function (__v_33) {
+      __f_10(__v_33.scripts, __v_33.expectedError);
+      __f_10(__v_33.scripts, __v_33.expectedError);
+  });
diff --git a/deps/v8/test/mjsunit/regress-354310130.js b/deps/v8/test/mjsunit/regress-354310130.js
new file mode 100644
index 00000000000000..5d88fa486b6b10
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-354310130.js
@@ -0,0 +1,10 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --fuzzing
+
+function f0() {
+    const v1 = %ForceFlush(f0);
+}
+f0();
diff --git a/deps/v8/test/mjsunit/regress-4530868594868224.js b/deps/v8/test/mjsunit/regress-4530868594868224.js
new file mode 100644
index 00000000000000..ddd1363a9a12f9
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-4530868594868224.js
@@ -0,0 +1,22 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --fuzzing
+
+const __v_2 = [{
+  body: function () {
+  },
+  body: function () {
+  }
+}, {
+  body: function () {
+    const __v_11 = {
+    };
+  }
+}];
+  var __v_30 = [{
+    body: function () {
+        var __v_140 = async () => __v_147 = async () => __v_173 = 'str';
+    }
+  }];
diff --git a/deps/v8/test/mjsunit/regress-class-initializer-eval.js b/deps/v8/test/mjsunit/regress-class-initializer-eval.js
new file mode 100644
index 00000000000000..83cfc1007627d9
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress-class-initializer-eval.js
@@ -0,0 +1,12 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+let c = class {
+  x = eval("");
+};
+new c;
+%ForceFlush(%GetInitializerFunction(c));
+new c;
diff --git a/deps/v8/test/mjsunit/regress/regress-335548148.js b/deps/v8/test/mjsunit/regress/regress-335548148.js
index 4fd771ac895911..4725c48990767f 100644
--- a/deps/v8/test/mjsunit/regress/regress-335548148.js
+++ b/deps/v8/test/mjsunit/regress/regress-335548148.js
@@ -9,7 +9,7 @@
 // The test relies on optimizing/deoptimizing at predictable moments, so
 // it's not suitable for deoptimization fuzzing.
 // Flags: --deopt-every-n-times=0
-
+// Flags: --fast-api-allow-float-in-sim
 
 const __v_0 = new d8.test.FastCAPI();
 
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-1.js b/deps/v8/test/mjsunit/regress/regress-352690885-1.js
new file mode 100644
index 00000000000000..9a17a9c9b3dd18
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-1.js
@@ -0,0 +1,15 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+new class {
+  constructor() {
+      new class extends ((var_1) => {
+      eval(`
+              super.__proto__;
+          `);
+      return Object;
+      })() {
+      }
+  }
+};
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-2.js b/deps/v8/test/mjsunit/regress/regress-352690885-2.js
new file mode 100644
index 00000000000000..86b9f4cafc0d35
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-2.js
@@ -0,0 +1,11 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+new class {
+  constructor() {
+    new class {
+      [(() => {super[0x4141]})()] = super[0x4141];
+    }
+  }
+};
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-3.js b/deps/v8/test/mjsunit/regress/regress-352690885-3.js
new file mode 100644
index 00000000000000..5b6874f04bd6b6
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-3.js
@@ -0,0 +1,11 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+new class {
+  constructor() {
+    new class {
+      [eval('super.test')] = 1
+    }
+  }
+}
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-4.js b/deps/v8/test/mjsunit/regress/regress-352690885-4.js
new file mode 100644
index 00000000000000..c2fa88766e8324
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-4.js
@@ -0,0 +1,22 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --stress-lazy-source-positions
+
+new class {
+  constructor() {
+    new class {
+      [new class extends(() => {
+         try {
+           super.test = 0;
+         } catch {
+         }
+
+         return Array;
+       })() {
+
+      }()] = super.test;
+    };
+  }
+};
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-5.js b/deps/v8/test/mjsunit/regress/regress-352690885-5.js
new file mode 100644
index 00000000000000..beaf5527c5563b
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-5.js
@@ -0,0 +1,62 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-gc
+
+for (let j = 0; j < 10; j++) {
+  new class {
+    constructor() {
+      try {
+        new class {
+          [new class extends(() => {
+             super.__proto__;
+             return Object;
+           })() {}()] = eval();
+        }
+        ();
+      } catch (error) {
+        console.log(error);
+      }
+    }
+  }
+  ();
+
+  if (j == 8) {
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+  }
+}
diff --git a/deps/v8/test/mjsunit/regress/regress-352690885-6.js b/deps/v8/test/mjsunit/regress/regress-352690885-6.js
new file mode 100644
index 00000000000000..5fe37b3f7ab5c8
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-352690885-6.js
@@ -0,0 +1,86 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-gc
+
+let arrow_function;
+let value_inside_class;
+
+class C {
+  get x() {
+    return 900;
+  }
+};
+
+class D {
+  get x() {
+    return 800;
+  }
+};
+
+for (let j = 0; j < 10; j++) {
+  new class A extends D {
+    constructor() {
+      super();
+
+      try {
+        new class B extends C {
+          [new class extends(() => {
+             value_inside_class = super.x;
+
+             arrow_function = (() => {
+               return super.x;
+             });
+
+             return Array;
+           })() {}()] = eval();
+        }
+        ();
+
+      } catch (e) {
+      }
+    }
+  }
+  ();
+
+  if (j == 8) {
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+    gc();
+  }
+}
+
+assertSame(value_inside_class, arrow_function());
diff --git a/deps/v8/test/mjsunit/regress/regress-355683663.js b/deps/v8/test/mjsunit/regress/regress-355683663.js
new file mode 100644
index 00000000000000..d28ac2fd13ea83
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-355683663.js
@@ -0,0 +1,31 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+function foo() {
+    const v5 = false;
+    const o6 = {
+    };
+    const o7 = {
+    };
+    o7.b = v5;
+    const v8 = /7sQa[bc]d/msu;
+    Symbol.a = Symbol;
+    const o10 = {
+    };
+    for (const v11 in Symbol) {
+        o10[v11] = 2062;
+        v8.b = /f/yvms;
+        function f13() {
+            return v8;
+        }
+    }
+}
+
+%PrepareFunctionForOptimization(foo);
+foo();
+foo();
+%OptimizeFunctionOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/regress/regress-357651585.js b/deps/v8/test/mjsunit/regress/regress-357651585.js
new file mode 100644
index 00000000000000..1097752fc13eda
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-357651585.js
@@ -0,0 +1,26 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --nolazy-feedback-allocation
+// Flags: --move-prototype-transitions-first
+
+const v1 = new Set();
+for (let v2 = 0; v2 < 5; v2++) {
+    function F3() {
+        this.a = -869472841;
+    }
+    const v6 = new F3();
+    function f7(a8) {
+        const o12 = {
+            ...a8,
+            [a8]() {
+            },
+            __proto__: v1,
+            "c": a8,
+        };
+        return o12;
+    }
+    var a = f7(v6);
+    f7(a);
+}
diff --git a/deps/v8/test/mjsunit/regress/regress-359618508.js b/deps/v8/test/mjsunit/regress/regress-359618508.js
new file mode 100644
index 00000000000000..822179c5896b36
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/regress-359618508.js
@@ -0,0 +1,28 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax
+
+function foo(a3,  a6) {
+  a3.f = a6;
+  const v8 = new Int32Array();
+  v8[148] = v8;
+}
+
+function bar() {
+  return foo(/xvxyz{1,32}?(ab|cde)\1eFa\S/suimyg);
+}
+
+class C0 {
+}
+const v1 = new C0();
+
+%PrepareFunctionForOptimization(foo);
+%PrepareFunctionForOptimization(bar);
+foo(v1);
+
+for (let v13 = 0; v13 < 5; v13++) {
+  bar();
+  %OptimizeFunctionOnNextCall(bar);
+}
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-336358915-a.js b/deps/v8/test/mjsunit/regress/wasm/regress-336358915-a.js
deleted file mode 100644
index 825bf8ce5d4c79..00000000000000
--- a/deps/v8/test/mjsunit/regress/wasm/regress-336358915-a.js
+++ /dev/null
@@ -1,18 +0,0 @@
-// Copyright 2024 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Should result in an exception when trying to use JSPI.
-
-d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
-
-WebAssembly.Suspender = 'foo';
-
-d8.test.enableJSPI();
-let v0 = new WasmModuleBuilder();
-let v1 = v0.addType(kSig_r_r);
-let v2 = v0.addImport("mod", "func", kSig_r_v);
-v0.addFunction("main", v1).addBody([kExprCallFunction, v2]).exportFunc();
-let v3 = v0.instantiate({ mod: { func: () => {} } });
-
-assertThrows(()=>ToPromising(v3.exports.main), TypeError);
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-336358915.js b/deps/v8/test/mjsunit/regress/wasm/regress-336358915.js
index 3b4bb2776a045f..9301de3bae7581 100644
--- a/deps/v8/test/mjsunit/regress/wasm/regress-336358915.js
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-336358915.js
@@ -15,5 +15,5 @@ let v1 = v0.addType(kSig_r_r);
 let v2 = v0.addImport("mod", "func", kSig_r_v);
 v0.addFunction("main", v1).addBody([kExprCallFunction, v2]).exportFunc();
 let v3 = v0.instantiate({ mod: { func: () => {} } });
-let v4 = ToPromising(v3.exports.main);
+let v4 = WebAssembly.promising(v3.exports.main);
 v4();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-349402547.js b/deps/v8/test/mjsunit/regress/wasm/regress-349402547.js
new file mode 100644
index 00000000000000..4ae62006b98ae6
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-349402547.js
@@ -0,0 +1,30 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-staging
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+const builder = new WasmModuleBuilder();
+let $mem0 = builder.addMemory64(0, 32);
+
+builder.addFunction('grow', kSig_v_v).exportFunc().addBody([
+  kExprI64Const, 1,
+  kExprMemoryGrow, $mem0,
+  kExprDrop,
+]);
+
+builder.addFunction('main', makeSig([kWasmI64], [kWasmI32])).exportFunc()
+  .addBody([
+    kExprLocalGet, 0,
+    kExprI64Const, 1,
+    kAtomicPrefix, kExprI64AtomicAnd16U, 1, 1,
+    kExprI32ConvertI64,
+  ]);
+
+const instance = builder.instantiate({});
+instance.exports.grow();
+assertEquals(0, instance.exports.main(1n));
+assertTraps(kTrapUnalignedAccess, () => instance.exports.main(2n));
+assertTraps(kTrapMemOutOfBounds, () => instance.exports.main(65535n));
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-353913485.js b/deps/v8/test/mjsunit/regress/wasm/regress-353913485.js
new file mode 100644
index 00000000000000..c14a984a3dca64
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-353913485.js
@@ -0,0 +1,96 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-staging --allow-natives-syntax
+// Flags: --liftoff --wasm-deopt --wasm-inlining-ignore-call-counts
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+const builder = new WasmModuleBuilder();
+let $array6 = builder.addArray(kWasmI32, true, kNoSuperType, false);
+let $sig8 = builder.addType(makeSig([], []));
+let $sig9 = builder.addType(makeSig([kWasmF64, kWasmF64, kWasmF64, kWasmF64, kWasmF64, kWasmF64, kWasmF64, kWasmS128], []));
+let $sig10 = builder.addType(makeSig([], [wasmRefType($array6)]));
+let $sig11 = builder.addType(kSig_i_i);
+let callee_017 = builder.addFunction(undefined, $sig8);
+let callee_118 = builder.addFunction(undefined, $sig8);
+let inlinee_022 = builder.addFunction(undefined, $sig9);
+let inlinee_123 = builder.addFunction(undefined, $sig10);
+let main24 = builder.addFunction(undefined, $sig11);
+let $global0 = builder.addGlobal(kWasmI32, true, false, wasmI32Const(0));
+let $table0 = builder.addTable(kWasmFuncRef, 7, 7);
+let $segment0 = builder.addActiveElementSegment($table0.index, wasmI32Const(0),
+  [[kExprRefFunc, callee_017.index], [kExprRefFunc, callee_118.index]],
+  kWasmFuncRef);
+
+// func $callee_0: [] -> []
+callee_017.addBody([
+  ]);
+
+// func $callee_1: [] -> []
+callee_118.addBody([
+  ]);
+
+
+// This function has 6 parameters passed via fp registers (on x86-64).
+// The two additional parameters are passed via stack slots.
+// The needed size for these stack slots is 3 (1 stack slot for the f64 and 2
+// stack slots for the v128), however the v128 stack slots are aligned in the
+// wasm calling convention, so we end up with 4 total stack slots.
+// func $inlinee_0: [
+//   kWasmF64,        // xmm1
+//   kWasmF64,        // xmm2
+//   kWasmF64,        // xmm3
+//   kWasmF64,        // xmm4
+//   kWasmF64,        // xmm5
+//   kWasmF64,        // xmm6
+//   kWasmF64,        // stack_slot 0 + 1 gap stack slot
+//   kWasmS128        // stack_slot 2-3]
+// ] -> []
+inlinee_022.addBody([
+    kExprGlobalGet, $global0.index,
+    kExprTableGet, $table0.index,
+    kGCPrefix, kExprRefCast, $sig8,
+    kExprCallRef, $sig8,
+  ]);
+
+// func $inlinee_1: [] -> [wasmRefType($array6)]
+inlinee_123.addBody([
+    ...wasmF64Const(1),
+    ...wasmF64Const(2),
+    ...wasmF64Const(3),
+    ...wasmF64Const(4),
+    ...wasmF64Const(5),
+    ...wasmF64Const(6),
+    ...wasmF64Const(7),
+    kExprI32Const, 8,
+    kSimdPrefix, kExprI8x16Splat,
+    kExprCallFunction, inlinee_022.index,
+    kExprI32Const, 13,
+    ...wasmI32Const(1),
+    kExprI32Const, 1,
+    kExprI32Add,
+    kGCPrefix, kExprArrayNew, $array6,
+  ]);
+
+// func $main: [kWasmI32] -> [kWasmI32]
+main24.addBody([
+    kExprLocalGet, 0,  // $var0
+    kExprGlobalSet, $global0.index,
+    kExprCallFunction, inlinee_123.index,
+    kExprDrop,
+    ...wasmI32Const(994),
+  ]);
+
+builder.addExportOfKind('call_target_index', kExternalGlobal, $global0.index);
+builder.addExport('inlinee_0', inlinee_022.index);
+builder.addExport('inlinee_1', inlinee_123.index);
+builder.addExport('main', main24.index);
+builder.addExport('callee_0', callee_017.index);
+builder.addExport('callee_1', callee_118.index);
+
+const instance = builder.instantiate({});
+print(instance.exports.main(0));
+%WasmTierUpFunction(instance.exports.inlinee_1);
+print(instance.exports.main(1));
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-354324155-2.js b/deps/v8/test/mjsunit/regress/wasm/regress-354324155-2.js
new file mode 100644
index 00000000000000..b44201ff71dba9
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-354324155-2.js
@@ -0,0 +1,61 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-wasm --wasm-inlining-call-indirect
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function TestUnreachableCallIndirect() {
+  var builder = new WasmModuleBuilder();
+
+  // Growable memory causes the Turboshaft graph builder to cache the memory
+  // size.
+  builder.addMemory(1, 2);
+  let funcRefT = builder.addType(makeSig([], [kWasmI32]));
+
+  let callee = builder.addFunction("42", funcRefT)
+    .addBody([kExprI32Const, 42]).exportFunc();
+
+  // A function which "terminates" the control flow when inlined.
+  let unreachable = builder.addFunction("unreachable", kSig_v_v).addBody([
+    kExprUnreachable,
+  ]);
+
+  let table = builder.addTable(kWasmFuncRef, 1);
+  builder.addActiveElementSegment(table.index, wasmI32Const(0), [
+    [kExprRefFunc, callee.index],
+  ], kWasmFuncRef);
+
+  let performCall = builder.addFunction("performCall", kSig_i_i).addBody([
+    kExprLocalGet, 0,
+    kExprCallIndirect, funcRefT, table.index,
+  ]).exportFunc();
+
+  let main = builder.addFunction("main", kSig_i_i);
+  main.addBody([
+      kExprI32Const, 0,
+      kExprIf, kWasmVoid,
+        // Inlining this function causes the graph builder to be in the
+        // __ generating_unreachable_operations() state.
+        kExprCallFunction, unreachable.index,
+        kExprI32Const, 0,
+        // Call to function with call_indirect. Note that when this gets
+        // inlined, we can also inline the call_indirect above as it does have
+        // feedback collected.
+        // Note that this only gets inlined because it's small enough that we
+        // inline it independently of call counts.
+        kExprReturnCall, performCall.index,
+      kExprEnd,
+      kExprI32Const, 11,
+  ]).exportFunc();
+
+  let wasm = builder.instantiate().exports;
+  for (let i = 0; i < 30; ++i) {
+    assertEquals(42, wasm.performCall(0));
+  }
+  %WasmTierUpFunction(wasm.performCall);
+  assertEquals(11, wasm.main(0));
+  %WasmTierUpFunction(wasm.main);
+  assertEquals(11, wasm.main(0));
+ })();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-354324155.js b/deps/v8/test/mjsunit/regress/wasm/regress-354324155.js
new file mode 100644
index 00000000000000..8cdca7b348059a
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-354324155.js
@@ -0,0 +1,57 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-wasm
+// Flags: --wasm-inlining-call-indirect --wasm-inlining-ignore-call-counts
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function TestUnreachableCallIndirect() {
+  var builder = new WasmModuleBuilder();
+
+  // Growable memory causes the Turboshaft graph builder to cache the memory
+  // size.
+  builder.addMemory(1, 2);
+  let funcRefT = builder.addType(kSig_i_ii);
+
+  let add = builder.addFunction("add", funcRefT)
+    .addBody([kExprLocalGet, 0, kExprLocalGet, 1, kExprI32Add])
+    .exportFunc();
+
+  // A function which "terminates" the control flow when inlined.
+  let unreachable = builder.addFunction("unreachable", kSig_v_v).addBody([
+    kExprUnreachable,
+  ]);
+
+  let table = builder.addTable(kWasmFuncRef, 1);
+  builder.addActiveElementSegment(table.index, wasmI32Const(0), [
+    [kExprRefFunc, add.index],
+  ], kWasmFuncRef);
+
+  let mainSig =
+    makeSig([kWasmI32], [kWasmI32]);
+  let main = builder.addFunction("main", mainSig);
+  main.addBody([
+      kExprI32Const, 30,
+      kExprI32Const, 12,
+      kExprLocalGet, 0, // target index
+      kExprCallIndirect, funcRefT, table.index,
+
+      kExprI32Const, 0,
+      kExprIf, kWasmVoid,
+        // Inlining this function causes the graph builder to be in the
+        // __ generating_unreachable_operations() state.
+        kExprCallFunction, unreachable.index,
+        kExprI32Const, 0,
+        // Recursive call. Note that when this gets inlined, we can also inline
+        // the call_indirect above as it does have feedback collected.
+        kExprReturnCall, main.index,
+      kExprEnd,
+  ]).exportFunc();
+
+  let wasm = builder.instantiate().exports;
+  assertEquals(42, wasm.main(0));
+  %WasmTierUpFunction(wasm.main);
+  assertEquals(42, wasm.main(0));
+ })();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-355493919.js b/deps/v8/test/mjsunit/regress/wasm/regress-355493919.js
new file mode 100644
index 00000000000000..c6beb68ed235b2
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-355493919.js
@@ -0,0 +1,13 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+class C0 {
+  constructor() {
+      try { new  C0; } catch (e) {}
+      const v5 = %WasmStruct();
+  }
+}
+new C0;
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-357977718.js b/deps/v8/test/mjsunit/regress/wasm/regress-357977718.js
new file mode 100644
index 00000000000000..4c94d88ab3123a
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-357977718.js
@@ -0,0 +1,29 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --no-lazy-feedback-allocation
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+function explore(v) {
+    let context = {exploredValue: v };
+    let array = [];
+    array.push(context.exploredValue);
+}
+
+%PrepareFunctionForOptimization(explore);
+explore(1);
+
+const builder = new WasmModuleBuilder();
+builder
+    .addFunction("passThrough", makeSig([kWasmExternRef], [kWasmExternRef]))
+    .addBody([kExprLocalGet,0]).exportFunc();
+const wasm = builder.instantiate().exports;
+function fct() {
+    explore(wasm.passThrough());
+}
+%PrepareFunctionForOptimization(fct);
+fct();
+%OptimizeFunctionOnNextCall(fct);
+fct();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-359949835.js b/deps/v8/test/mjsunit/regress/wasm/regress-359949835.js
new file mode 100644
index 00000000000000..ec6876bfc1d36e
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-359949835.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+const builder = new WasmModuleBuilder();
+let $sig0 = builder.addType(makeSig([kWasmFuncRef], []));
+let func0 = builder.addImport('q', 'func', $sig0);
+
+builder.addExport('main', func0);
+
+function f23(a24) {
+    try {
+      typeof a24.arguments[0];
+    } catch(e) {}
+}
+const o27 = {
+    "func": f23,
+};
+const o28 = {
+    "q": o27,
+};
+const v31 = builder.instantiate(o28).exports.main;
+v31(v31);
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-360044696.js b/deps/v8/test/mjsunit/regress/wasm/regress-360044696.js
new file mode 100644
index 00000000000000..b9fcddd85d5bc9
--- /dev/null
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-360044696.js
@@ -0,0 +1,64 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-staging --turboshaft-wasm
+// Flags: --allow-natives-syntax --wasm-inlining-ignore-call-counts
+// The following flags are not needed but simplify the graph while still
+// reproducing the bug:
+// --wasm-inlining-factor=1 --nodebug-code
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+(function TestSpeculativeInliningInstanceCacheReturnCallRef() {
+  const builder = new WasmModuleBuilder();
+  let $struct2 =
+    builder.addStruct([makeField(kWasmI32, false)], kNoSuperType, false);
+  builder.startRecGroup();
+  let $array4 = builder.addArray(kWasmI32, true, kNoSuperType, false);
+  let $sig5 = builder.addType(makeSig([], [kWasmI32]));
+  builder.endRecGroup();
+  let callee_017 = builder.addFunction(undefined, $sig5);
+  let callee_118 = builder.addFunction(undefined, $sig5);
+  let main22 = builder.addFunction(undefined, kSig_i_i);
+  let $mem0 = builder.addMemory(0, 32);
+  let $global0 = builder.addGlobal(kWasmI32, true, false, wasmI32Const(0));
+  let $table0 = builder.addTable(wasmRefType($sig5), 2, 2,
+    [kExprRefFunc, callee_017.index]);
+  builder.addActiveElementSegment($table0.index, wasmI32Const(0),
+    [[kExprRefFunc, callee_017.index], [kExprRefFunc, callee_118.index]],
+    wasmRefType($sig5));
+
+  callee_017.addBody([
+    kExprI32Const, 1,
+    kGCPrefix, kExprStructNew, $struct2,
+    kGCPrefix, kExprStructGet, $struct2, 0,
+    kExprCallFunction, main22.index,
+  ]);
+
+  callee_118.addBody([
+    kExprI32Const, 0,
+    kExprI32Const, 0,
+    kGCPrefix, kExprArrayNewDefault, $array4,
+    kExprMemorySize, $mem0,
+    kGCPrefix, kExprArrayGet, $array4,
+    kExprI32DivS,
+  ]);
+
+  // func $main: [kWasmI32] -> [kWasmI32]
+  main22.addBody([
+    kExprLocalGet, 0,  // $var0
+    kExprGlobalSet, $global0.index,
+    kExprGlobalGet, $global0.index,
+    kExprTableGet, $table0.index,
+    kGCPrefix, kExprRefCast, $sig5,
+    kExprReturnCallRef, $sig5,
+  ]);
+
+  builder.addExport('main', main22.index);
+
+  const instance = builder.instantiate({});
+  assertTraps(kTrapArrayOutOfBounds, () => instance.exports.main(0));
+  %WasmTierUpFunction(instance.exports.main);
+  assertTraps(kTrapArrayOutOfBounds, () => instance.exports.main(0));
+})();
diff --git a/deps/v8/test/mjsunit/regress/wasm/regress-v8-14471.js b/deps/v8/test/mjsunit/regress/wasm/regress-v8-14471.js
index 070988dbeb3b4f..8cd2ea64c57f74 100644
--- a/deps/v8/test/mjsunit/regress/wasm/regress-v8-14471.js
+++ b/deps/v8/test/mjsunit/regress/wasm/regress-v8-14471.js
@@ -10,7 +10,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 (function Regress14471() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let export_params = [kWasmExternRef, kWasmExternRef, kWasmF32];
+  let export_params = [kWasmExternRef, kWasmF32];
   let import_params = [kWasmExternRef, kWasmF32];
   const export_sig = makeSig(export_params, [kWasmExternRef]);
   const import_sig = makeSig(import_params, [kWasmExternRef]);
@@ -18,8 +18,8 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   const fill_newspace_index = builder.addImport('m', 'fill_newspace', kSig_v_v);
   builder.addFunction("test", export_sig)
       .addBody([
+      kExprLocalGet, 0,
       kExprLocalGet, 1,
-      kExprLocalGet, 2,
       // After the params are converted in the generic wasm-to-js wrapper, the
       // signature slot is overwritten with a Smi which signals that parameter
       // scanning can be skipped for this frame.
@@ -33,7 +33,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   };
   function fill_newspace() { %SimulateNewspaceFull(); }
   let instance = builder.instantiate({m: {import_js, fill_newspace}});
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   let args = [{}, 34];
   assertPromiseResult(
       wrapper(...args),
diff --git a/deps/v8/test/mjsunit/strictequals-feedback.js b/deps/v8/test/mjsunit/strictequals-feedback.js
new file mode 100644
index 00000000000000..defe6f82c52da2
--- /dev/null
+++ b/deps/v8/test/mjsunit/strictequals-feedback.js
@@ -0,0 +1,258 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+// Make sure the tested functions won't hit the eval cache.
+let counter = 0;
+function testOneWay(a, b, expectedEquals, expectedFeedback) {
+  const strictEquals = eval('function f' + counter +'(a, b) { return a === b;} f' + counter);
+  ++counter;
+  %PrepareFunctionForOptimization(strictEquals);
+  assertEquals(expectedEquals, strictEquals(a, b));
+  const feedback = %GetFeedback(strictEquals);
+  if (feedback === undefined) {
+    // Feedback -> string conversion not enabled in this build.
+    return;
+  }
+  assertMatches(new RegExp('CompareOp:' + expectedFeedback), feedback[0][1]);
+}
+
+function test(a, b, expectedEquals, expectedFeedback) {
+  testOneWay(a, b, expectedEquals, expectedFeedback);
+  testOneWay(b, a, expectedEquals, expectedFeedback);
+}
+
+// lhs and rhs can be, indepedently of each other:
+// SMI
+// HeapNumber
+// - NaN
+// - other HeapNumber
+// BigInt(64)
+// Oddball
+// - Boolean
+//   - true
+//   - false
+// - null
+// - undefined
+// String
+// - internalized string
+// - other string
+// Symbol
+// receiver (object)
+
+// We detect the following compare operation types:
+// SignedSmall
+// Number
+// NumberOrBoolean
+// NumberOrOddball
+// InternalizedString
+// String
+// Symbol
+// BigInt
+// BigInt64
+// Receiver
+// ReceiverOrNullOrUndefined
+// Any
+
+// SMI, SMI
+test(-14, -14, true, 'SignedSmall');
+test(15, 16, false, 'SignedSmall');
+
+// SMI, HeapNumber
+{
+  const a = 7.1;
+  const b = 9.9;
+  test(17, a + b, true, 'Number');
+  test(-18, a + b, false, 'Number');
+}
+
+test(18, NaN, false, 'Number');
+
+// SMI, BigInt
+test(19, BigInt(19), false, 'Any');
+
+// SMI, Oddball
+// These should actually be NumberOrBoolean, but detecting it is not
+// implemented (unclear if implementing it will improve performance).
+test(20, true, false, 'Any');
+test(21, false, false, 'Any');
+// These should actually be NumberOrOddball, but detecting it is not
+// implemented (unclear if implementing it will improve performance).
+test(22, null, false, 'Any');
+test(23, undefined, false, 'Any');
+
+// SMI, internalized string
+test(24, '24', false, 'Any');
+
+// SMI, non-internalized string
+{
+  const a = '2';
+  const b = '4';
+  test(24, a + b, false, 'Any');
+}
+
+// SMI, Symbol
+test(25, Symbol('foo'), false, 'Any');
+
+// SMI, Object
+test(26, {}, false, 'Any');
+
+// HeapNumber, HeapNumber
+test(3.17, 3.17, true, 'Number');
+test(-3.17, 3.17, false, 'Number');
+
+// HeapNumber, NaN
+test(3.18, NaN, false, 'Number');
+test(NaN, NaN, false, 'Number');
+
+// HeapNumber, BigInt
+test(3.19, BigInt(319), false, 'Any');
+
+// HeapNumber, Oddball
+// These should actually be NumberOrBoolean, but detecting it is not
+// implemented (unclear if implementing it will improve performance).
+test(3.20, true, false, 'Any');
+test(3.21, false, false, 'Any');
+
+// These should actually be NumberOrOddball, but detecting it is not
+// implemented (unclear if implementing it will improve performance).
+test(3.22, null, false, 'Any');
+test(3.23, undefined, false, 'Any');
+
+// HeapNumber, internalized string
+test(3.24, '3.24', false, 'Any');
+
+// HeapNumber, non-internalized string
+{
+  const a = '3.';
+  const b = '25';
+  test(3.25, a + b, false, 'Any');
+}
+
+// HeapNumber, Symbol
+test(3.26, Symbol('foo'), false, 'Any');
+
+// HeapNumber, Object
+test(3.27, {a: 5}, false, 'Any');
+
+// BigInt, BigInt
+test(BigInt(1000000000), BigInt(1000000000), true, 'BigInt(64)?');
+test(BigInt(1000000000), BigInt(1000000001), false, 'BigInt(64)?');
+
+// BigInt, Oddball
+test(BigInt(1000000002), true, false, 'Any');
+test(BigInt(1000000002), false, false, 'Any');
+test(BigInt(1000000002), null, false, 'Any');
+test(BigInt(1000000002), undefined, false, 'Any');
+
+// BigInt, internalized string
+test(BigInt(1000000003), '1000000003', false, 'Any');
+
+// BigInt, non-internalized string
+{
+  const a = '100000000';
+  const b = '4';
+  test(BigInt(1000000004), a + b, false, 'Any');
+}
+
+// BigInt, Symbol
+test(BigInt(1000000005), Symbol('s'), false, 'Any');
+
+// BigInt, Object
+test(BigInt(1000000006), {c: 16}, false, 'Any');
+
+// Oddball, Oddball
+test(true, true, true, 'NumberOrBoolean');
+test(false, false, true, 'NumberOrBoolean');
+
+// TODO(v8): This should be NumberOrBoolean too.
+test(true, false, false, 'Any');
+
+// TODO(v8): These should be NumberOrOddball.
+testOneWay(true, null, false, 'Any');
+testOneWay(null, true, false, 'ReceiverOrNullOrUndefined');
+testOneWay(true, undefined, false, 'Any');
+testOneWay(undefined, true, false, 'ReceiverOrNullOrUndefined');
+testOneWay(false, null, false, 'Any');
+testOneWay(null, false, false, 'ReceiverOrNullOrUndefined');
+testOneWay(false, undefined, false, 'Any');
+testOneWay(undefined, false, false, 'ReceiverOrNullOrUndefined');
+
+test(undefined, undefined, true, 'ReceiverOrNullOrUndefined');
+test(undefined, null, false, 'ReceiverOrNullOrUndefined');
+test(null, null, true, 'ReceiverOrNullOrUndefined');
+
+// Oddball, internalized string
+test(true, 'true', false, 'Any');
+test(false, '', false, 'Any');
+test(undefined, '', false, 'Any');
+test(null, '', false, 'Any');
+
+// Oddball, non-internalized string
+{
+  const a = '100000000';
+  const b = '4';
+  test(true, a + b, false, 'Any');
+  test(false, a + b, false, 'Any');
+  test(undefined, a + b, false, 'Any');
+  test(null, a + b, false, 'Any');
+}
+
+// Oddball, Symbol
+test(true, Symbol('true'), false, 'Any');
+test(false, Symbol(), false, 'Any');
+test(undefined, Symbol(), false, 'Any');
+test(null, Symbol(), false, 'Any');
+
+// Oddball, Object
+test(true, {a: 'b'}, false, 'Any');
+test(false, {a: 'b'}, false, 'Any');
+test(undefined, {a: 'b'}, false, 'ReceiverOrNullOrUndefined');
+test(null, {a: 'b'}, false, 'ReceiverOrNullOrUndefined');
+
+{
+  // Internalized String, internalized String
+  test('internalized', 'internalized', true, 'InternalizedString');
+  test('not', 'equal', false, 'InternalizedString');
+
+  // Internalized string, non-internalized string
+  const a = 'non';
+  const b = '-internalized';
+  test('non-internalized', a + b, true, 'String');
+  test('not equal', a + b, false, 'String');
+
+  // Non-internalized string, non-internalized string
+  const c = 'non-in';
+  const d = 'ternalized';
+  test(a + b, c + d, true, 'String');
+  test(a + b + b, c + d, false, 'String');
+
+  // Internalized string, Symbol
+  test('string', Symbol('string'), false, 'Any');
+
+  // Non-internalized string, Symbol
+  test(a + b, Symbol('non-internalized'), false, 'Any');
+
+  // Internalized string, Object
+  test('string', {}, false, 'Any');
+
+  // Non-internalized string, Object
+  test(a + b, {}, false, 'Any');
+}
+
+// Symbol, Symbol
+test(Symbol('private'), Symbol('private'), false, 'Symbol');
+test(Symbol('something'), Symbol.for('something'), false, 'Symbol');
+test(Symbol.for('something'), Symbol.for('something'), true, 'Symbol');
+
+// Symbol, Object
+test(Symbol('private'), {}, false, 'Any');
+
+// Object, Object
+test({}, {}, false, 'Receiver');
+{
+  const a = {};
+  test(a, a, true, 'Receiver');
+}
diff --git a/deps/v8/test/mjsunit/test-scopeinfo-reuse-eval.js b/deps/v8/test/mjsunit/test-scopeinfo-reuse-eval.js
new file mode 100644
index 00000000000000..f20dfa7cace12b
--- /dev/null
+++ b/deps/v8/test/mjsunit/test-scopeinfo-reuse-eval.js
@@ -0,0 +1,15 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+let x = 1;
+let f = eval("let y = 20; (function() { y; return function() { return x } })");
+// Keep g in f alive to keep its outer scope chain alive.
+let g = f();
+// Flush and recompile f, which will try to reuse the scope info chain attached
+// to g. Verify that we don't get a clash between the eval scope and the script
+// scope.
+%ForceFlush(f);
+f();
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/check-float64-is-nan.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/check-float64-is-nan.js
new file mode 100644
index 00000000000000..efac10fae462d9
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/check-float64-is-nan.js
@@ -0,0 +1,24 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --no-always-turbofan
+
+var glob = NaN;
+
+function foo(val) {
+  glob = val;
+}
+
+%PrepareFunctionForOptimization(foo);
+foo(NaN);
+
+%OptimizeFunctionOnNextCall(foo);
+foo(NaN);
+assertEquals(NaN, glob);
+assertOptimized(foo);
+
+foo(42);
+assertEquals(42, glob);
+assertUnoptimized(foo);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-identical-heap-number-fields.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-identical-heap-number-fields.js
new file mode 100644
index 00000000000000..f2db47b90be5bf
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-identical-heap-number-fields.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+// An unconditional deopt will be inserted after {o} has been created, but
+// before it is initialized with "arg + 1.5" and "arg + 41.5". These 2 fields
+// are thus initialized with the Float64 hole. If {o} is escape-analyzed away,
+// then the deopt state will have 2 identical HeapNumbers as input. These
+// shouldn't be GVNed, because they are mutable.
+function foo(arg) {
+  var o = {
+    x: arg + 1.5,
+    y: arg + 41.5,
+  };
+  return o.x + o.y;
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(NaN, foo());
+assertEquals(NaN, foo());
+
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(45, foo(1));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-regexp.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-regexp.js
new file mode 100644
index 00000000000000..6d971d71b58bb6
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/dematerialized-regexp.js
@@ -0,0 +1,39 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --no-always-turbofan
+
+function bar(re) {
+  let match1 = re.test("123Art");
+  let match2 = re.test("b123ze");
+  let match3 = re.test("C");
+  let nomatch1 = re.test("1234556");
+  let nomatch2 = re.test("iopdsd4 ,!:^");
+  return match1 && match2 && match3 && !nomatch1 && !nomatch2;
+}
+%NeverOptimizeFunction(bar);
+
+function foo(b) {
+  let re = /[abc]/i;
+  if (b) {
+    // We're not collecting feedback for this case. We'll just have an
+    // unconditional deopt here, and {re} will be escape-analyzed away and will
+    // flow in the FrameState here. Since RegExp data are in trusted space,
+    // the FrameState will thus have a trusted object as input.
+    return bar(re);
+  }
+  return 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(42, foo(false));
+assertEquals(42, foo(false));
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(42, foo(false));
+assertOptimized(foo);
+
+// Triggering a deopt, which will materialize the regex object.
+assertEquals(true, foo(true));
+assertUnoptimized(foo);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-1.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-1.js
new file mode 100644
index 00000000000000..522ec770c5f40e
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-1.js
@@ -0,0 +1,39 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+//
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --maglev-extend-properties-backing-store
+
+// TODO(dmercadier): this test is exactly the same as
+// test/mjsunit/maglev/extend-properties-backing-store-1.js, but with a
+// %OptimizeFunctionOnNextCall instead of the %OptimizeMaglevOnNextCall.
+// Consider unifying the 2 tests.
+
+const s = new Set();
+
+function foo(o) {
+  // One of these stores will exhaust the slack and we need to add a property
+  // backing store.
+  o.b1 = 0;
+  o.b2 = 0;
+  o.b3 = 0;
+}
+%PrepareFunctionForOptimization(foo);
+
+let o1 = {a: 1}; // One in-object property.
+
+// Make the StoreIC in `foo` polymorphic.
+foo(o1);
+foo({a: 0, b: 2});
+
+%OptimizeFunctionOnNextCall(foo);
+foo({a: 1, b: 3});
+
+let o2 = {a: 1};
+s.add(o2);  // Force creating the hash.
+
+foo(o2);
+// Assert that the hash value was preseved when adding the properties backing
+// store.
+assertTrue(s.has(o2));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-2.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-2.js
new file mode 100644
index 00000000000000..2f3d4baf9efba0
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/extend-property-backing-store-2.js
@@ -0,0 +1,49 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --maglev-extend-properties-backing-store
+
+// TODO(dmercadier): this test is exactly the same as
+// test/mjsunit/maglev/extend-properties-backing-store-2.js, but with a
+// %OptimizeFunctionOnNextCall instead of the %OptimizeMaglevOnNextCall.
+// Consider unifying the 2 tests.
+
+function addProperties(o) {
+  // Add enough properties to exhaust the slack, so that adding the property
+  // in `foo` will need to grow the property backing store.
+  o.a1 = 1;
+  o.a2 = 2;
+  o.a3 = 3;
+  o.a4 = 4;
+  o.a5 = 5;
+  o.a6 = 6;
+  o.a7 = 7;
+}
+
+const s = new Set();
+
+function foo(o) {
+  o.b = 2;
+}
+%PrepareFunctionForOptimization(foo);
+
+let o1 = {};
+addProperties(o1);
+
+// Make the StoreIC in `foo` polymorphic.
+foo(o1);
+foo({a: 0, b: 2});
+
+%OptimizeFunctionOnNextCall(foo);
+foo({a: 1, b: 3});
+
+let o2 = {};
+addProperties(o2);
+s.add(o2);  // Force creating the hash.
+
+foo(o2);
+// Assert that the hash value was preseved when extending the properties
+// backing store.
+assertTrue(s.has(o2));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async-await-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async-await-loop.js
new file mode 100644
index 00000000000000..66e56321e5579b
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async-await-loop.js
@@ -0,0 +1,23 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+async function foo(x) {
+  let res = 0;
+  for (let i = 0; i < x; i++) {
+    if (i % 2 == 0) {
+      res += await i;
+    }
+  }
+  return res;
+}
+
+%PrepareFunctionForOptimization(foo);
+foo(4).then(function(result) {
+  assertEquals(2, result);
+
+  %OptimizeFunctionOnNextCall(foo);
+  foo(4).then((result) => assertEquals(2, result));
+});
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async.js
new file mode 100644
index 00000000000000..d183f0f68de3c0
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-async.js
@@ -0,0 +1,12 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+async function* foo() {}
+
+%PrepareFunctionForOptimization(foo);
+foo();
+%OptimizeFunctionOnNextCall(foo);
+foo();
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-if.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-if.js
new file mode 100644
index 00000000000000..c95c1d58ac6e09
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-if.js
@@ -0,0 +1,39 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  yield 5;
+  yield 7;
+  if (x) {
+    yield 9;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(true);
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+gen = foo(false);
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(undefined, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(true);
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+gen = foo(false);
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(undefined, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-infinite-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-infinite-loop.js
new file mode 100644
index 00000000000000..ea67483e7718d2
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-infinite-loop.js
@@ -0,0 +1,31 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo() {
+  try {
+    yield 42;
+    for (;;) {
+      if (true) {
+      } else {
+        yield;
+      }
+    }
+  } catch(e) {
+    yield 17;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(17, gen.throw().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(17, gen.throw().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-if.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-if.js
new file mode 100644
index 00000000000000..300fa82ee6cd91
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-if.js
@@ -0,0 +1,28 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    if (i % 2 == 0) {
+      yield i;
+    }
+  }
+  yield 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-multi-if.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-multi-if.js
new file mode 100644
index 00000000000000..9eed41cc50a94f
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-multi-if.js
@@ -0,0 +1,37 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  let s = 625;
+  for (let i = 0; i < x; i++) {
+    s -= i;
+    if (i % 2 == 0) {
+      yield s;
+      s -= 21;
+    } else if (i % 3 == 0) {
+      yield x ^ 42;
+    }
+    s *= i;
+  }
+  s &= 42;
+  yield s;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(625, gen.next().value);
+assertEquals(-3, gen.next().value);
+assertEquals(46, gen.next().value);
+assertEquals(34, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(625, gen.next().value);
+assertEquals(-3, gen.next().value);
+assertEquals(46, gen.next().value);
+assertEquals(34, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-no-forward-edge.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-no-forward-edge.js
new file mode 100644
index 00000000000000..ec3125dec9c80b
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-no-forward-edge.js
@@ -0,0 +1,20 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(o) {
+  o.x; // No feedback for this load --> will be an unconditional deopt in the
+       // Maglev graph. As a result, the while-loop below won't have a forward
+       // edge.
+  let i = 0;
+  while (true) { yield i++; }
+}
+
+let gen = foo({ x : 1 });
+
+for (let i = 0; i < 20000; i++) {
+  // OSR will eventually kick in.
+  assertEquals(i, gen.next().value);
+}
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-untagged-phis.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-untagged-phis.js
new file mode 100644
index 00000000000000..2207709f4851fb
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop-untagged-phis.js
@@ -0,0 +1,41 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+// Note that loop phis of resumable loops cannot currently be untagged, because
+// they always have a `GeneratorRestoreRegister` input, which prevents
+// untagging. Still, this test is meant more as a "future" test: if we can ever
+// untag loop phis in resumable loops, then this test will help make sure that
+// it works correctly.
+
+function* foo(n) {
+  let f64 = 3.45;
+  let i32 = 17;
+  for (let i = 0; i < n; i++) {
+    f64 += 4.45;
+    i32 += 4;
+    if (i % 2 == 0) {
+      yield i;
+    }
+  }
+  yield f64;
+  yield i32;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(21.25, gen.next().value);
+assertEquals(33, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(21.25, gen.next().value);
+assertEquals(33, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop.js
new file mode 100644
index 00000000000000..936f744cdf8637
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-loop.js
@@ -0,0 +1,30 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    yield i;
+  }
+  yield 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(1, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(3, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(1, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(3, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-nested-loops.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-nested-loops.js
new file mode 100644
index 00000000000000..b6924cac2f3367
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-nested-loops.js
@@ -0,0 +1,50 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    for (let j = 0; j < x; j++) {
+      for (let k = 0; k < x; k++) {
+        if (j % 2 == 0) {
+          yield i*32+j*8+k;
+        }
+      }
+      yield j + 625;
+    }
+    yield i + 1459;
+  }
+  yield 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(2);
+assertEquals(0, gen.next().value);
+assertEquals(1, gen.next().value);
+assertEquals(625, gen.next().value);
+assertEquals(626, gen.next().value);
+assertEquals(1459, gen.next().value);
+assertEquals(32, gen.next().value);
+assertEquals(33, gen.next().value);
+assertEquals(625, gen.next().value);
+assertEquals(626, gen.next().value);
+assertEquals(1460, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(2);
+assertEquals(0, gen.next().value);
+assertEquals(1, gen.next().value);
+assertEquals(625, gen.next().value);
+assertEquals(626, gen.next().value);
+assertEquals(1459, gen.next().value);
+assertEquals(32, gen.next().value);
+assertEquals(33, gen.next().value);
+assertEquals(625, gen.next().value);
+assertEquals(626, gen.next().value);
+assertEquals(1460, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally-loop.js
new file mode 100644
index 00000000000000..7ca26bbf3011dc
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally-loop.js
@@ -0,0 +1,40 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+let glob = 0;
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    try {
+      yield i * 10;
+      yield i + 2;
+    } catch(e) {
+    } finally {
+      glob = i;
+    }
+    i++;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(8);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(20, gen.next().value);
+assertEquals(4, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
+assertEquals(2, glob);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(8);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(20, gen.next().value);
+assertEquals(4, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
+assertEquals(2, glob);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally.js
new file mode 100644
index 00000000000000..1de82906f2e538
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return-finally.js
@@ -0,0 +1,34 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+let glob = 0;
+
+function* foo() {
+  yield 11;
+  try {
+    yield 42;
+    yield 15;
+  } catch(e) {
+  } finally {
+    glob++;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo();
+assertEquals(11, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
+assertEquals(1, glob);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo();
+assertEquals(11, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
+assertEquals(2, glob);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return.js
new file mode 100644
index 00000000000000..fbf7912efa8c1a
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-return.js
@@ -0,0 +1,22 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo() {
+  yield 42;
+  yield 15;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(19, gen.return(19).value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-straight-line.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-straight-line.js
new file mode 100644
index 00000000000000..aa3416a41941c0
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-straight-line.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo() {
+  yield 5;
+  yield 7;
+  yield 9;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo();
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(true);
+assertEquals(5, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop-2-yields.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop-2-yields.js
new file mode 100644
index 00000000000000..da3e363898dde7
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop-2-yields.js
@@ -0,0 +1,82 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  let s = 0;
+  for (let i = 0; i < x + 2; i++) {
+    s += 2;
+    try {
+      yield i + 17;
+      s += 1;
+      // The following `yield` looks like it's out of the loop when looking at
+      // the regular .next() path, because it's predecessor is outside of the
+      // loop (we always jump on it through a resume), and because it's a
+      // `yield`, it has no successors.
+      // However, if we resume with .throw() after the yield,
+      yield i * 14;
+      s += 3;
+    } catch (e) {
+      i++;
+    }
+    s += 4;
+    if (i < 2) {
+      yield i - 1;
+    }
+    s += 5;
+  }
+  yield s;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(2);
+assertEquals(17, gen.next().value);
+assertEquals(0, gen.throw().value);
+assertEquals(19, gen.next().value);
+assertEquals(28, gen.next().value);
+assertEquals(23, gen.throw().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(2);
+assertEquals(17, gen.next().value);
+assertEquals(0, gen.throw().value);
+assertEquals(19, gen.next().value);
+assertEquals(28, gen.next().value);
+assertEquals(23, gen.throw().value);
+assertEquals(undefined, gen.next().value);
+
+
+// B1 --> header = <none>
+// B2 --> header = <none>
+// B3 --> header = <none>
+// B4 --> header = <none>
+// B5 --> header = <none>
+// B6 --> header = <none>
+// B7 --> header = <none>
+// B8 --> header = <none>
+// B9 --> header = <none>
+// B10 --> header = <none>
+// B11 --> header = <none>
+// B12 --> header = <none>
+// B13 --> header = <none>
+// B14 --> header = <none>
+// B15 --> header = <none>
+// B16 --> header = <none>
+// B17 --> header = <none>
+// B18 --> header = <none>
+// B19 --> header = B9
+// B20 --> header = <none>
+// B21 --> header = B9
+// B22 --> header = <none>
+// B23 --> header = <none>
+// B24 --> header = B9
+// B25 --> header = B9
+// B26 --> header = B9
+// B27 --> header = <none>
+// B28 --> header = <none>
+// B29 --> header = <none>
+// B30 --> header = <none>
+// B31 --> header = <none>
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop.js
new file mode 100644
index 00000000000000..d20716f53cbc0d
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-loop.js
@@ -0,0 +1,34 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    try {
+      if (i % 2 == 0) {
+        yield i + 17;
+      }
+    } catch (e) {
+      yield i + 3;
+    }
+  }
+  yield 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(17, gen.next().value);
+assertEquals(3, gen.throw().value);
+assertEquals(19, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(17, gen.next().value);
+assertEquals(3, gen.throw().value);
+assertEquals(19, gen.next().value);
+assertEquals(42, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-nested-loop.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-nested-loop.js
new file mode 100644
index 00000000000000..1f99fec02bda43
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw-nested-loop.js
@@ -0,0 +1,42 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo(x) {
+  for (let i = 0; i < x; i++) {
+    try {
+      for (let j = 0; j < x; j++) {
+        if (j % 2 == 0) {
+          // The .next resume after this yield is inside the inner loop, while
+          // the .throw goes to the catch, which is in the outer loop.
+          yield i * 10 + j;
+        }
+      }
+    } catch (e) {
+      i++;
+    }
+  }
+  yield 42;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(20, gen.throw().value);
+assertEquals(22, gen.next().value);
+assertEquals(30, gen.next().value);
+assertEquals(42, gen.throw().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(4);
+assertEquals(0, gen.next().value);
+assertEquals(2, gen.next().value);
+assertEquals(20, gen.throw().value);
+assertEquals(22, gen.next().value);
+assertEquals(30, gen.next().value);
+assertEquals(42, gen.throw().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw.js
new file mode 100644
index 00000000000000..111e01329f898b
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-throw.js
@@ -0,0 +1,27 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* foo() {
+  try {
+    yield 42;
+  } catch (e) {
+    return 14;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(14, gen.throw().value);
+assertEquals(25, gen.return(25).value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo();
+assertEquals(42, gen.next().value);
+assertEquals(14, gen.throw().value);
+assertEquals(25, gen.return(25).value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-1.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-1.js
new file mode 100644
index 00000000000000..3b8f7552718e11
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-1.js
@@ -0,0 +1,32 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* g(x) {
+  yield x+4;
+}
+%NeverOptimizeFunction(g);
+
+function* f(x) {
+  for (let i = 0; i < x; i++) {
+    yield* g(i);
+  }
+}
+
+%PrepareFunctionForOptimization(f);
+let gen = f(4);
+assertEquals(4, gen.next().value);
+assertEquals(5, gen.next().value);
+assertEquals(6, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(f);
+gen = f(4);
+assertEquals(4, gen.next().value);
+assertEquals(5, gen.next().value);
+assertEquals(6, gen.next().value);
+assertEquals(7, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-2.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-2.js
new file mode 100644
index 00000000000000..7300aa687aeda4
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star-loop-2.js
@@ -0,0 +1,36 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* g(x) {
+  yield x+4;
+}
+%NeverOptimizeFunction(g);
+
+function* f(x) {
+  for (let i = 0; i < x; i++) {
+    if (i % 2 == 0) {
+      yield* g(i);
+    } else {
+      yield i * 13;
+    }
+  }
+}
+
+%PrepareFunctionForOptimization(f);
+let gen = f(4);
+assertEquals(4, gen.next().value);
+assertEquals(13, gen.next().value);
+assertEquals(6, gen.next().value);
+assertEquals(39, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(f);
+gen = f(4);
+assertEquals(4, gen.next().value);
+assertEquals(13, gen.next().value);
+assertEquals(6, gen.next().value);
+assertEquals(39, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star.js
new file mode 100644
index 00000000000000..94e3f0dbb26483
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/generator-yield-star.js
@@ -0,0 +1,27 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function* g(x) {
+  yield x+4;
+}
+%NeverOptimizeFunction(g);
+
+function* f(x) {
+  yield* g(x);
+  yield* g(5);
+}
+
+%PrepareFunctionForOptimization(f);
+let gen = f(4);
+assertEquals(8, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(f);
+gen = f(4);
+assertEquals(8, gen.next().value);
+assertEquals(9, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/get-template-object.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/get-template-object.js
new file mode 100644
index 00000000000000..a99b970428a7c8
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/get-template-object.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function foo(x) {
+
+  function bar(x, y) {
+    return [...x, y]
+  }
+
+  if (x) {
+    return bar`123${x}`
+  } else {
+    return 42;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(42, foo(false));
+assertEquals(42, foo(false));
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(["123", "", 1], foo(1));
+assertEquals(["123", "", 2], foo(2));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/holey-float64-phi-to-smi.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/holey-float64-phi-to-smi.js
new file mode 100644
index 00000000000000..f544c28d1b22ae
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/holey-float64-phi-to-smi.js
@@ -0,0 +1,58 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --no-always-turbofan --no-maglev-loop-peeling
+
+// Creating an object with 2 Smi fields.
+let o = { x : 42, y : 19 };
+
+// Making {o}'s fields non-const.
+o.x = 43;
+o.y = 20;
+
+let holey_double_arr = [ -0.0, 2.2, , 4.4 ];
+
+function foo(x, y) {
+  let holey_f64_1 = holey_double_arr[0];
+  let phi_1 = holey_f64_1; // HoleyFloat64 input to the phi
+  for (let i = 0.5; i < x; i += 1) {
+    i += phi_1; // Float64 use to the phi
+    phi_1 = 51; // Smi input to the phi
+  }
+  o.x = phi_1;
+
+  let holey_f64_2 = holey_double_arr[1];
+  let phi_2 = holey_f64_2; // HoleyFloat64 input to the phi
+  for (let i = 0.5; i < y; i += 1) {
+    i += phi_2; // Float64 use to the phi
+    phi_2 = 40; // Smi input to the phi
+  }
+  o.y = phi_2;
+}
+
+%PrepareFunctionForOptimization(foo);
+foo(4, 5);
+assertEquals({x : 51, y : 40}, o);
+
+%OptimizeFunctionOnNextCall(foo);
+foo(4, 5);
+assertEquals({x : 51, y : 40}, o);
+assertOptimized(foo);
+
+// Triggering a deopt because of -0.0
+foo(0, 5);
+assertEquals({x : -0.0, y : 40}, o);
+assertSame(o.x, -0.0);
+assertUnoptimized(foo);
+
+%OptimizeFunctionOnNextCall(foo);
+foo(4, 5);
+assertEquals({x : 51, y : 40}, o);
+assertOptimized(foo);
+
+// Triggering deopt because of regular non-smi float64
+foo(4, 0);
+assertEquals({x : 51, y : 2.2}, o);
+assertUnoptimized(foo);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/literal-nan-hole-deopt.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/literal-nan-hole-deopt.js
new file mode 100644
index 00000000000000..5ba938689b9728
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/literal-nan-hole-deopt.js
@@ -0,0 +1,25 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function foo(b) {
+  let arr = [0.5, 1.5, /* hole */, 2.5];
+  // Turboshaft's Late Load Elimination will replace the following load by a NaN
+  // hole constant.
+  let val = arr[2];
+  if (b) {
+    // The NaN-hole constant will flow into the frame state here.
+    %DeoptimizeNow();
+  }
+  // After deopt, {val} should be undefined rather than NaN.
+  return val;
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(undefined, foo(false));
+
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(undefined, foo(false));
+assertEquals(undefined, foo(true));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-1.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-1.js
new file mode 100644
index 00000000000000..644753ad66f315
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-1.js
@@ -0,0 +1,53 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function g(b) {
+  if (b) {
+    throw_because_function_not_defined();
+  }
+}
+%NeverOptimizeFunction(g);
+
+function A() {}
+class B extends A {}
+class C {}
+
+function is_a(o, b) {
+  let v = b;
+  try {
+    v = 13;
+    g(b);
+    v = 12;
+    return o instanceof A;
+  } catch (e) {
+    return v;
+  }
+}
+
+%PrepareFunctionForOptimization(is_a);
+assertEquals(true, is_a(new B(), false));
+assertEquals(13, is_a(new B(), true));
+assertEquals(true, is_a(new A(), false));
+assertEquals(13, is_a(new A(), true));
+assertEquals(false, is_a(new C(), false));
+assertEquals(13, is_a(new C(), true));
+%OptimizeFunctionOnNextCall(is_a);
+assertEquals(true, is_a(new B(), false));
+assertEquals(13, is_a(new B(), true));
+assertEquals(true, is_a(new A(), false));
+assertEquals(13, is_a(new A(), true));
+assertEquals(false, is_a(new C(), false));
+assertEquals(13, is_a(new C(), true));
+assertOptimized(is_a);
+
+// Changing manually the prototype of an object.
+let b = new B();
+assertEquals(true, is_a(b, false));
+assertEquals(13, is_a(b, true));
+Object.setPrototypeOf(b, {});
+assertEquals(false, is_a(b, false));
+assertEquals(13, is_a(b, true));
+assertOptimized(is_a);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-2.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-2.js
new file mode 100644
index 00000000000000..d3b2079a2349a0
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-354145409-2.js
@@ -0,0 +1,53 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function g(b) {
+  if (b) {
+    throw_because_function_not_defined();
+  }
+}
+%NeverOptimizeFunction(g);
+
+function A() {}
+class B extends A {}
+class C {}
+
+function is_a(o, b) {
+  let v = 12;
+  try {
+    v += 1;
+    g(b);
+    v += 1;
+    return o instanceof A;
+  } catch (e) {
+    return v;
+  }
+}
+
+%PrepareFunctionForOptimization(is_a);
+assertEquals(true, is_a(new B(), false));
+assertEquals(13, is_a(new B(), true));
+assertEquals(true, is_a(new A(), false));
+assertEquals(13, is_a(new A(), true));
+assertEquals(false, is_a(new C(), false));
+assertEquals(13, is_a(new C(), true));
+%OptimizeFunctionOnNextCall(is_a);
+assertEquals(true, is_a(new B(), false));
+assertEquals(13, is_a(new B(), true));
+assertEquals(true, is_a(new A(), false));
+assertEquals(13, is_a(new A(), true));
+assertEquals(false, is_a(new C(), false));
+assertEquals(13, is_a(new C(), true));
+assertOptimized(is_a);
+
+// Changing manually the prototype of an object.
+let b = new B();
+assertEquals(true, is_a(b, false));
+assertEquals(13, is_a(b, true));
+Object.setPrototypeOf(b, {});
+assertEquals(false, is_a(b, false));
+assertEquals(13, is_a(b, true));
+assertOptimized(is_a);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-355016861.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-355016861.js
new file mode 100644
index 00000000000000..5583f0a58c6ccd
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-355016861.js
@@ -0,0 +1,37 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function g(b) {
+  if (b) {
+    throw_before_this_function_is_not_defined();
+  }
+}
+%NeverOptimizeFunction(g);
+
+function foo(n, r, b) {
+  let v = n >>> r; // {v} here has Uint32 representation.
+  try {
+    g(b);
+    v = 45;
+    g(true);
+  } catch(e) {
+    // {v} here is a Phi with a Uint32 and a Int32 input.
+    return v + 3;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(48, foo(23, 3, false));
+assertEquals(5, foo(23, 3, true));
+assertEquals(48, foo(-1478558121, 0, false));
+assertEquals(2816409178, foo(-1478558121, 0, true));
+
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(48, foo(23, 3, false));
+assertEquals(5, foo(23, 3, true));
+// Making sure that negative numbers are turned into positive ones by `>>> 0`.
+assertEquals(48, foo(-1478558121, 0, false));
+assertEquals(2816409178, foo(-1478558121, 0, true));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356194021.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356194021.js
new file mode 100644
index 00000000000000..b1cbe4212255d3
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356194021.js
@@ -0,0 +1,18 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+async function foo(f) {
+  await f();
+}
+
+%PrepareFunctionForOptimization(foo);
+
+foo(async function() {
+  throw new Error("errrrr");
+}).then(() => assertUnreachable())
+    .catch((e) => assertEquals("errrrr", e.message));
+
+%OptimizeFunctionOnNextCall(foo);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356436621.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356436621.js
new file mode 100644
index 00000000000000..077ca5bc4d5a1e
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356436621.js
@@ -0,0 +1,26 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+const v0 = [-988625.4670131855];
+v0[2] = v0;
+
+const v1 = [-30777,-49785];
+
+for (let v2 = 0; v2 < 5; v2++) {
+  function f3() {
+  }
+  function f7(a8) {
+    a8[1];
+    a8.f = a8;
+    a8.forEach(f3);
+  }
+
+  %PrepareFunctionForOptimization(f7);
+  f7(v0);
+  f7(v1);
+
+  %OptimizeFunctionOnNextCall(f7);
+}
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356649152.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356649152.js
new file mode 100644
index 00000000000000..eaf45f2dcda93a
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356649152.js
@@ -0,0 +1,19 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function isBoolean(v) {
+  return typeof v === "boolean";
+}
+
+%PrepareFunctionForOptimization(isBoolean);
+assertTrue(isBoolean(true));
+assertTrue(isBoolean(false));
+assertFalse(isBoolean({}));
+
+%OptimizeFunctionOnNextCall(isBoolean);
+assertTrue(isBoolean(true));
+assertTrue(isBoolean(false));
+assertFalse(isBoolean({}));
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356720579.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356720579.js
new file mode 100644
index 00000000000000..b639f02d0ebb8a
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356720579.js
@@ -0,0 +1,28 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+function foo(a) {
+  // Doing random things to add entries in the feedback vector before the
+  // GetTemplateObject entry.
+  a + 3;
+  a - 3;
+
+  if (a == 5) {
+    // Feedback not collected. Maglev will insert a GetTemplateObject followed
+    // by an unconditional deopt.
+    return ````;
+  } else {
+    return 17;
+  }
+}
+
+%PrepareFunctionForOptimization(foo);
+assertEquals(17, foo(42));
+assertEquals(17, foo(42));
+
+%OptimizeFunctionOnNextCall(foo);
+assertEquals(17, foo(42));
+assertThrows(() => foo(5), TypeError, '"" is not a function');
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356901359.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356901359.js
new file mode 100644
index 00000000000000..08da81b5a5d539
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356901359.js
@@ -0,0 +1,22 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+// Flags: --no-always-turbofan
+
+function foo(a, b) {
+  return a == b;
+}
+
+%PrepareFunctionForOptimization(foo);
+assertTrue(foo(1, true));
+
+%OptimizeFunctionOnNextCall(foo);
+assertTrue(foo(1, true));
+assertFalse(foo(0, true));
+assertOptimized(foo);
+
+// Passing non-boolean non-number to {foo} will make it deopt.
+assertTrue(foo());
+assertUnoptimized(foo);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913279.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913279.js
new file mode 100644
index 00000000000000..e582e749d15e00
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913279.js
@@ -0,0 +1,10 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev
+// Flags: --turboshaft-assert-types --jit-fuzzing
+
+for (let i = 0; i < 50; i++) {
+  function foo() { }
+}
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-1.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-1.js
new file mode 100644
index 00000000000000..03fe46f92fe653
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-1.js
@@ -0,0 +1,35 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+let glob_nan = NaN;
+
+function* foo(n) {
+  let v = n ? 3 : 7;
+
+  // Running the function only once doesn't collect enough feedback for the next
+  // line, which will thus lead to an uncondition deopt there.
+  class C { [undefined] }
+
+  // The following loop will still be emitted, despite the unconditional deopt
+  // above, because there is a yield inside (that is, it looks like the body is
+  // reachable despite the deopt above; it's not, but Maglev doesn't realize
+  // it).
+  for (let i = (() => 1)(); glob_nan;) {
+    yield 42;
+  }
+
+  yield v + 18;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(3);
+assertEquals(21, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(3);
+assertEquals(21, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-2.js b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-2.js
new file mode 100644
index 00000000000000..b8088ff7126793
--- /dev/null
+++ b/deps/v8/test/mjsunit/turboshaft/maglev-frontend/regress-356913284-2.js
@@ -0,0 +1,38 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax --turboshaft-from-maglev --turbofan
+
+let glob_nan = NaN;
+
+function* foo(n) {
+  // Creating a Phi so that ComputePredecessorPermutations gets called a first
+  // time on a block with 2 predecessors.
+  let v = n ? 3 : 7;
+
+  // Running the function only once doesn't collect enough feedback for the next
+  // line, which will thus lead to an uncondition deopt there.
+  class C { [undefined] }
+
+  // The following loop will still be emitted, despite the unconditional deopt
+  // above, because there is a yield inside (that is, it looks like the body is
+  // reachable despite the deopt above; it's not, but Maglev doesn't realize
+  // it).
+  let i = 0;
+  for (i = n + 1; glob_nan;) {
+    yield 42;
+  }
+
+  yield i + 17 + v;
+}
+
+%PrepareFunctionForOptimization(foo);
+let gen = foo(3);
+assertEquals(24, gen.next().value);
+assertEquals(undefined, gen.next().value);
+
+%OptimizeFunctionOnNextCall(foo);
+gen = foo(3);
+assertEquals(24, gen.next().value);
+assertEquals(undefined, gen.next().value);
diff --git a/deps/v8/test/mjsunit/turboshaft/turboshaft-instruction-selection.js b/deps/v8/test/mjsunit/turboshaft/turboshaft-instruction-selection.js
deleted file mode 100644
index 7aa9b200e64028..00000000000000
--- a/deps/v8/test/mjsunit/turboshaft/turboshaft-instruction-selection.js
+++ /dev/null
@@ -1,44 +0,0 @@
-// Copyright 2023 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax --turboshaft --turboshaft-instruction-selection
-
-function simple0() { return 42; }
-%PrepareFunctionForOptimization(simple0);
-assertEquals(42, simple0());
-%OptimizeFunctionOnNextCall(simple0);
-assertEquals(42, simple0());
-
-function simple1(x, y) { return x + y * x - y / x; }
-%PrepareFunctionForOptimization(simple1);
-assertEquals(31.625, simple1(8, 3));
-%OptimizeFunctionOnNextCall(simple1);
-assertEquals(31.625, simple1(8, 3));
-
-function simple2(o, a, b, c) {
-  o.y = a;
-  for(let i = 0; i < b; ++i) {
-    o.y += c;
-  }
-  return o;
-}
-%PrepareFunctionForOptimization(simple2);
-assertEquals({ y:(3 + 8 * -4) }, simple2({}, 3, 8, -4));
-%OptimizeFunctionOnNextCall(simple2);
-assertEquals({ y:(3 + 8 * -4) }, simple2({}, 3, 8, -4));
-
-function simple3(x, y, o) {
-  function foo(f, a) { return f(a + 1.5); }
-  o.x = { o:{a: x - 3.14 * y } };
-  o.y = (x / y) | 0;
-  o.z = y ** x;
-  for(let i = -5.0; i < 5.0; i += 0.5) {
-    o.z = foo((a) => a == 3.5 ? 10 : a, o.z);
-  }
-  return (o.w - o.x.o.a + o.y + o.z) | 0;
-}
-%PrepareFunctionForOptimization(simple3);
-assertEquals(354533, simple3(10.2, 3.5, {w:100}));
-%OptimizeFunctionOnNextCall(simple3);
-assertEquals(354533, simple3(10.2, 3.5, {w:100}));
diff --git a/deps/v8/test/mjsunit/turboshaft/type-inference.js b/deps/v8/test/mjsunit/turboshaft/type-inference.js
deleted file mode 100644
index ea346cb1ef51ed..00000000000000
--- a/deps/v8/test/mjsunit/turboshaft/type-inference.js
+++ /dev/null
@@ -1,118 +0,0 @@
-// Copyright 2022 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-//
-// Flags: --turboshaft --allow-natives-syntax
-
-// NOTE: The following tests are very platform specific and prone to break on
-// any compiler changes. Test are used for type system development only.
-// TODO(nicohartmann@): Replace by more stable tests or remove completely once
-// type system development is close to completion.
-
-/*
-function use() {}
-%NeverOptimizeFunction(use);
-
-function constants() {
-  use(%CheckTypeOf(3, "Word64{6}")); // smi-tagged value 3 in 64 bit register
-  // Cannot check this currently, because NumberConstants are not yet supported
-  // in the typer.
-  // use(%CheckTypeOf(5.5, "Float64{5.5}"));
-}
-
-function add1(x) {
-  let a = x ? 3 : 7;
-  let r = -1;
-  %CheckTurboshaftTypeOf(a, "Word32[3, 7]");
-  if (a < 5) r = a + 2;
-  else r = a - 2;
-  let result = r + 1;
-  return %CheckTurboshaftTypeOf(result, "Word32{6}");
-}
-
-function add2(x) {
-  let a = x ? 3.5 : 7.5;
-  let r = -1.0;
-  %CheckTurboshaftTypeOf(a, "Float64[3.5, 7.5]");
-  if (a < 5.5) r = a + 2.0;
-  else r = a - 2.0;
-  let result = r - 0.5;
-  return %CheckTurboshaftTypeOf(result, "Float64{5.0}");
-}
-
-function mul2(x) {
-  let a = x ? 3.5 : 7.0;
-  let r = -1.0;
-  if (a < 5.0) r = a * 5.0;
-  else r = a * 2.5;
-  let result = r - 0.5;
-  return result;
-}
-
-function div2(x) {
-  let a = x ? 3.3 : 6.6;
-  let r = -1.0;
-  if (a < 5.0) r = a / 1.1;
-  else r = a / 2.2;
-  let result = r - 0.5;
-  return %CheckTypeOf(result, "Float64[2.49999,2.50001]");
-}
-*/
-
-//function min2(x) {
-//  let a = x ? 3.3 : 6.6;
-//  let r = -1.0;
-//  if (a < 5.0) r = Math.min(a, 6.6);
-//  else r = Math.min(3.3, a);
-//  let result = r - 0.3;
-//  return %CheckTypeOf(result, "Float64{3}");
-//}
-//
-//function max2(x) {
-//  let a = x ? 3.3 : 6.6;
-//  let r = -1.0;
-//  if (a < 5.0) r = Math.max(a, 6.6);
-//  else r = Math.max(3.3, a);
-//  let result = r - 0.6;
-//  return %CheckTypeOf(result, "Float64{6}");
-//}
-
-function add_dce(x) {
-  let a = x ? 3 : 7;
-  let r = -1;
-  if (a < 5) r = a + 2;
-  else r = a - 2;
-  let result = r + 1;
-  return result;
-}
-
-function loop_dce(x) {
-  let limit = x ? 50 : 100;
-  let sum = 0;
-  for(let i = 1; i <= limit; ++i) {
-    sum += i;
-  }
-
-  let a = sum > 5000 ? 3 : 7;
-  let r = -1;
-  if(a < 5) r = a + 2;
-  else r = a - 2;
-  let result = r + 1;
-  return result;
-  // TODO(nicohartmann@): DCE should support merging identical return blocks.
-//  if(sum > 5000) {
-//    return true;
-//  } else {
-//    return true;
-//  }
-}
-
-//let targets = [ constants, add1, add2, mul2, div2, /*min2, max2*/ ];
-let targets = [ add_dce, loop_dce ];
-for(let f of targets) {
-  %PrepareFunctionForOptimization(f);
-  f(true);
-  f(false);
-  %OptimizeFunctionOnNextCall(f);
-  f(true);
-}
diff --git a/deps/v8/test/mjsunit/turboshaft/typed-optimizations.js b/deps/v8/test/mjsunit/turboshaft/typed-optimizations.js
index 087869e9aab100..8f13507c6e75d8 100644
--- a/deps/v8/test/mjsunit/turboshaft/typed-optimizations.js
+++ b/deps/v8/test/mjsunit/turboshaft/typed-optimizations.js
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 //
-// Flags: --turboshaft --allow-natives-syntax
+// Flags: --turboshaft --allow-natives-syntax --turboshaft-typed-optimizations
 
 function add1(x) {
   let a = x ? 3 : 7;      // a = {3, 7}
diff --git a/deps/v8/test/mjsunit/value-helper.js b/deps/v8/test/mjsunit/value-helper.js
new file mode 100644
index 00000000000000..b583e35cca0edc
--- /dev/null
+++ b/deps/v8/test/mjsunit/value-helper.js
@@ -0,0 +1,368 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+const float32_array = [
+  -2.70497e+38,
+  -1.4698e+37,
+  -1.22813e+35,
+  -1.20555e+35,
+  -1.34584e+34,
+  -1.0079e+32,
+  -6.49364e+26,
+  -3.06077e+25,
+  -1.46821e+25,
+  -1.17658e+23,
+  -1.9617e+22,
+  -2.7357e+20,
+  -9223372036854775808.0,  // INT64_MIN
+  -1.48708e+13,
+  -1.89633e+12,
+  -4.66622e+11,
+  -2.22581e+11,
+  -1.45381e+10,
+  -2147483904.0,  // First float32 after INT32_MIN
+  -2147483648.0,  // INT32_MIN
+  -2147483520.0,  // Last float32 before INT32_MIN
+  -1.3956e+09,
+  -1.32951e+09,
+  -1.30721e+09,
+  -1.19756e+09,
+  -9.26822e+08,
+  -6.35647e+08,
+  -4.00037e+08,
+  -1.81227e+08,
+  -5.09256e+07,
+  -964300.0,
+  -192446.0,
+  -28455.0,
+  -27194.0,
+  -26401.0,
+  -20575.0,
+  -17069.0,
+  -9167.0,
+  -960.178,
+  -113.0,
+  -62.0,
+  -15.0,
+  -7.0,
+  -1.0,
+  -0.0256635,
+  -4.60374e-07,
+  -3.63759e-10,
+  -4.30175e-14,
+  -5.27385e-15,
+  -1.5707963267948966,
+  -1.48084e-15,
+  -2.220446049250313e-16,
+  -1.05755e-19,
+  -3.2995e-21,
+  -1.67354e-23,
+  -1.11885e-23,
+  -1.78506e-30,
+  -5.07594e-31,
+  -3.65799e-31,
+  -1.43718e-34,
+  -1.27126e-38,
+  -0.0,
+  0.0,
+  1.17549e-38,
+  1.56657e-37,
+  4.08512e-29,
+  3.31357e-28,
+  6.25073e-22,
+  4.1723e-13,
+  1.44343e-09,
+  1.5707963267948966,
+  5.27004e-08,
+  9.48298e-08,
+  5.57888e-07,
+  4.89988e-05,
+  0.244326,
+  1.0,
+  12.4895,
+  19.0,
+  47.0,
+  106.0,
+  538.324,
+  564.536,
+  819.124,
+  7048.0,
+  12611.0,
+  19878.0,
+  20309.0,
+  797056.0,
+  1.77219e+09,
+  2147483648.0,  // INT32_MAX + 1
+  2147483904.0,  // INT32_MAX + 1 and significand = 1.
+  4294967296.0,  // UINT32_MAX + 1
+  1.51116e+11,
+  4.18193e+13,
+  3.59167e+16,
+  9223372036854775808.0,   // INT64_MAX + 1
+  18446744073709551616.0,  // UINT64_MAX + 1
+  3.38211e+19,
+  2.67488e+20,
+  1.78831e+21,
+  9.20914e+21,
+  8.35654e+23,
+  1.4495e+24,
+  5.94015e+25,
+  4.43608e+30,
+  2.44502e+33,
+  2.61152e+33,
+  1.38178e+37,
+  1.71306e+37,
+  3.31899e+38,
+  3.40282e+38,
+];
+
+const float64_array = [
+  -2e66,
+  -2.220446049250313e-16,
+  -9223373136366403584.0,
+  -9223372036854775808.0,  // INT64_MIN
+  -2147483649.5,
+  -2147483648.25,
+  -2147483648.0,
+  -2147483647.875,
+  -2147483647.125,
+  -2147483647.0,
+  -999.75,
+  -2e66,
+  -1.75,
+  -1.5707963267948966,
+  -1.0,
+  -0.5,
+  -0.0,
+  0.0,
+  3e-88,
+  0.125,
+  0.25,
+  0.375,
+  0.5,
+  1.0,
+  1.17549e-38,
+  1.56657e-37,
+  1.0000001,
+  1.25,
+  1.5707963267948966,
+  2,
+  3.1e7,
+  5.125,
+  6.25,
+  888,
+  982983.25,
+  2147483647.0,
+  2147483647.375,
+  2147483647.75,
+  2147483648.0,
+  2147483648.25,
+  2147483649.25,
+  9223372036854775808.0,  // INT64_MAX + 1
+  9223373136366403584.0,
+  18446744073709551616.0,  // UINT64_MAX + 1
+  2e66,
+  Number.MAX_SAFE_INTEGER,
+  Number.MIN_SAFE_INTEGER,
+  Number.MAX_VALUE,
+  Number.MIN_VALUE,
+  Number.NaN,
+  Number.NEGATIVE_INFINITY,
+  Number.POSITIVE_INFINITY,
+];
+
+const int8_array = new Int8Array([
+  0,
+  1,
+  2,
+  127,
+  126,
+  64,
+  63,
+  16,
+  15,
+  14,
+  -128,
+  -127,
+  -64,
+  -63,
+  -16,
+  -15,
+  -14,
+  -2,
+  -1
+]);
+
+const int16_array = new Int16Array([
+  0,
+  1,
+  2,
+  32767,
+  32766,
+  16384,
+  16383,
+  256,
+  255,
+  254,
+  -32768,
+  -32767,
+  -16384,
+  -16383,
+  -256,
+  -255,
+  -254,
+  -2,
+  -1
+]);
+
+const int32_array = new Int32Array([
+  0x00000000,
+  0x00000001,
+  0xFFFFFFFF,
+  0x1B09788B,
+  0x04C5FCE8,
+  0xCC0DE5BF,
+  0x00000002,
+  0x00000003,
+  0x00000004,
+  0x00000005,
+  0x00000008,
+  0x00000009,
+  0x273A798E,
+  0x187937A3,
+  0xECE3AF83,
+  0x5495A16B,
+  0x0B668ECC,
+  0x11223344,
+  0x0000009E,
+  0x00000043,
+  0x0000AF73,
+  0x0000116B,
+  0x00658ECC,
+  0x002B3B4C,
+  0x88776655,
+  0x70000000,
+  0x07200000,
+  0x7FFFFFFF,
+  0x56123761,
+  0x7FFFFF00,
+  0x761C4761,
+  0x80000000,
+  0x88888888,
+  0xA0000000,
+  0xDDDDDDDD,
+  0xE0000000,
+  0xEEEEEEEE,
+  0xFFFFFFFD,
+  0xF0000000,
+  0x007FFFFF,
+  0x003FFFFF,
+  0x001FFFFF,
+  0x000FFFFF,
+  0x0007FFFF,
+  0x0003FFFF,
+  0x0001FFFF,
+  0x0000FFFF,
+  0x00007FFF,
+  0x00003FFF,
+  0x00001FFF,
+  0x00000FFF,
+  0x000007FF,
+  0x000003FF,
+  0x000001FF,
+  // Bit pattern of a quiet NaN and signaling NaN, with or without
+  // additional payload.
+  0x7FC00000,
+  0x7F800000,
+  0x7FFFFFFF,
+  0x7F876543
+]);
+
+const uint64_array = new BigUint64Array([
+  "0x00000000",
+  "0x00000001",
+  "0xFFFFFFFF",
+  "0x1B09788B",
+  "0x04C5FCE8",
+  "0xCC0DE5BF",
+  "0x00000002",
+  "0x00000003",
+  "0x00000004",
+  "0x00000005",
+  "0x00000008",
+  "0x00000009",
+  "0xFFFFFFFFFFFFFFFF",
+  "0xFFFFFFFFFFFFFFFE",
+  "0xFFFFFFFFFFFFFFFD",
+  "0x0000000000000000",
+  "0x0000000100000000",
+  "0xFFFFFFFF00000000",
+  "0x1B09788B00000000",
+  "0x04C5FCE800000000",
+  "0xCC0DE5BF00000000",
+  "0x0000000200000000",
+  "0x0000000300000000",
+  "0x0000000400000000",
+  "0x0000000500000000",
+  "0x0000000800000000",
+  "0x0000000900000000",
+  "0x273A798E187937A3",
+  "0xECE3AF835495A16B",
+  "0x0B668ECC11223344",
+  "0x0000009E",
+  "0x00000043",
+  "0x0000AF73",
+  "0x0000116B",
+  "0x00658ECC",
+  "0x002B3B4C",
+  "0x88776655",
+  "0x70000000",
+  "0x07200000",
+  "0x7FFFFFFF",
+  "0x56123761",
+  "0x7FFFFF00",
+  "0x761C4761EEEEEEEE",
+  "0x80000000EEEEEEEE",
+  "0x88888888DDDDDDDD",
+  "0xA0000000DDDDDDDD",
+  "0xDDDDDDDDAAAAAAAA",
+  "0xE0000000AAAAAAAA",
+  "0xEEEEEEEEEEEEEEEE",
+  "0xFFFFFFFDEEEEEEEE",
+  "0xF0000000DDDDDDDD",
+  "0x007FFFFFDDDDDDDD",
+  "0x003FFFFFAAAAAAAA",
+  "0x001FFFFFAAAAAAAA",
+  "0x000FFFFF",
+  "0x0007FFFF",
+  "0x0003FFFF",
+  "0x0001FFFF",
+  "0x0000FFFF",
+  "0x00007FFF",
+  "0x00003FFF",
+  "0x00001FFF",
+  "0x00000FFF",
+  "0x000007FF",
+  "0x000003FF",
+  "0x000001FF",
+  "0x00003FFFFFFFFFFF",
+  "0x00001FFFFFFFFFFF",
+  "0x00000FFFFFFFFFFF",
+  "0x000007FFFFFFFFFF",
+  "0x000003FFFFFFFFFF",
+  "0x000001FFFFFFFFFF",
+  "0x8000008000000000",
+  "0x8000008000000001",
+  "0x8000000000000400",
+  "0x8000000000000401",
+  "0x0000000000000020",
+  "0x8000000000000000",  // int64_t min
+  "0x7FFFFFFFFFFFFFFF",  // int64_t max
+  // Bit pattern of a quiet NaN and signaling NaN, with or without
+  // additional payload.
+  "0x7FF8000000000000",
+  "0x7FF0000000000000",
+  "0x7FF8123456789ABC",
+  "0x7FF7654321FEDCBA"
+]);
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-call-indirect.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-call-indirect.js
index 473ea0937e4224..62e26cdbe3e8db 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-call-indirect.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-call-indirect.js
@@ -43,12 +43,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   // Tier up.
   assertEquals(42, wasm.main(12, 30, add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Deopt.
   assertEquals(-360, wasm.main(12, -30, mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(42, wasm.main(12, 30, add));
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-dynamic-tierup.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-dynamic-tierup.js
index c8b1c24b3ec7f9..a76ddf2abf5e14 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-dynamic-tierup.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-dynamic-tierup.js
@@ -56,7 +56,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   // queued in the background that re-trigger new deopts with the wasm.mul
   // target. Therefore we can't assert that the deopt count is still 1.
   assertTrue(initialDeoptCount + %WasmDeoptsExecutedCount() < 20);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(42, wasm.main(12, 30, wasm.add));
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-feedback-states.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-feedback-states.js
index 8a99d40fbf2758..21c5ddd3ab57e0 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-feedback-states.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-feedback-states.js
@@ -59,12 +59,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   print("tierup");
   assertEquals(42, wasm.main(12, 30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   print("non-deopt call succeeded, now causing deopt");
   assertEquals(360, wasm.main(12, 30, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   print("deopt happened");
@@ -76,11 +76,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(360, wasm.main(12, 30, wasm.mul));
   assertEquals(42, wasm.main(12, 30, wasm.add));
   assertEquals(-18, wasm.main(12, 30, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(12, wasm.main(12, 30, wasm.first));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   print("deopt happened");
@@ -90,11 +90,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(42, wasm.main(12, 30, wasm.add));
   assertEquals(-18, wasm.main(12, 30, wasm.sub));
   assertEquals(12, wasm.main(12, 30, wasm.first));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(30, wasm.main(12, 30, wasm.second));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   print("deopt happened");
@@ -106,12 +106,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(-18, wasm.main(12, 30, wasm.sub));
   assertEquals(12, wasm.main(12, 30, wasm.first));
   assertEquals(30, wasm.main(12, 30, wasm.second));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Previously unseen call targets do not cause a deopt any more.
   assertEquals(1, wasm.main(42, 42, wasm.equals));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-param-stack-slots.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-param-stack-slots.js
index e178caeb453340..f235cbfb712d87 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-param-stack-slots.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-param-stack-slots.js
@@ -57,12 +57,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   // tierup.
   assertEquals(42, wasm.main(wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // deopt.
   assertEquals(360, wasm.main(wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-stacktrace.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-stacktrace.js
index f692cd515cecf1..504bc5e1d400b3 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-stacktrace.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined-stacktrace.js
@@ -44,7 +44,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   // Trigger tierup.
   %WasmTierUpFunction(wasm.main);
   assertEquals(42, wasm.main(12, 30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Trigger deopt which then calls a target that throws, i.e. the stack trace
@@ -55,7 +55,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   } catch (error) {
     verifyException(error);
   }
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   // Rerun unoptimized which should produce the same result.
@@ -73,7 +73,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   } catch (error) {
     verifyException(error);
   }
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined.js
index f0adf4e48b085b..6ee7cddfd5156a 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-inlined.js
@@ -81,24 +81,24 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
     // Tier up.
     %WasmTierUpFunction(fct);
     assertEquals(46, fct(12, 30, wasm.add));
-    if (%IsolateCountForTesting() == 1) {
+    if (%IsWasmTieringPredictable()) {
       assertTrue(%IsTurboFanFunction(fct));
     }
     // Cause deopt.
     assertEquals(14 * 32, fct(12, 30, wasm.mul));
     // Deopt happened.
-    if (%IsolateCountForTesting() == 1) assertFalse(%IsTurboFanFunction(fct));
+    if (%IsWasmTieringPredictable()) assertFalse(%IsTurboFanFunction(fct));
     assertEquals(46, fct(12, 30, wasm.add));
     // Trigger re-opt.
     %WasmTierUpFunction(fct);
     // Both call targets are used in the re-optimized function, so they don't
     // trigger new deopts.
     assertEquals(46, fct(12, 30, wasm.add));
-    if (%IsolateCountForTesting() == 1) {
+    if (%IsWasmTieringPredictable()) {
       assertTrue(%IsTurboFanFunction(fct));
     }
     assertEquals(14 * 32, fct(12, 30, wasm.mul));
-    if (%IsolateCountForTesting() == 1) {
+    if (%IsWasmTieringPredictable()) {
       assertTrue(%IsTurboFanFunction(fct));
     }
   }
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-int64-values.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-int64-values.js
index 62b7c42f9b161c..728ba29f21e3a6 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-int64-values.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-int64-values.js
@@ -66,12 +66,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(expected, wasm.main(argumentValue, wasm.nop1));
   %WasmTierUpFunction(wasm.main);
   assertEquals(expected, wasm.main(argumentValue, wasm.nop1));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Deopt happened, the result should still be the same.
   assertEquals(expected, wasm.main(argumentValue, wasm.nop2));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
 })();
@@ -109,17 +109,17 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(43n, wasm.main(1n, 42n, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(43n, wasm.main(1n, 42n, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(-41n, wasm.main(1n, 42n, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   assertEquals(43n, wasm.main(1n, 42n, wasm.add));
   assertEquals(-41n, wasm.main(1n, 42n, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-large-i31ref-constant.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-large-i31ref-constant.js
index 490e1a3d96879a..0e237d70426883 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-large-i31ref-constant.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-large-i31ref-constant.js
@@ -32,7 +32,7 @@ assertEquals(-457571083, instance.exports.main(instance.exports.getS));
 %WasmTierUpFunction(instance.exports.main);
 // Test value produced by DeoptimizerLiteral constant.
 assertEquals(1689912565, instance.exports.main(instance.exports.getU));
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertFalse(%IsTurboFanFunction(instance.exports.main));
 }
 // Test value produced by Liftoff.
@@ -40,6 +40,6 @@ assertEquals(1689912565, instance.exports.main(instance.exports.getU));
 %WasmTierUpFunction(instance.exports.main);
 // Test value produced by Turboshaft.
 assertEquals(1689912565, instance.exports.main(instance.exports.getU));
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertTrue(%IsTurboFanFunction(instance.exports.main));
 }
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-many-locals-s128.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-many-locals-s128.js
index bae74913aee218..d2791225388181 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-many-locals-s128.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-many-locals-s128.js
@@ -71,11 +71,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(expectedSum, wasm.main(0, wasm.add));
   %WasmTierUpFunction(wasm.deopting);
   assertEquals(expectedSum, wasm.main(0, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.deopting));
   }
   assertEquals(expectedDiff, wasm.main(0, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.deopting));
   }
 
@@ -83,7 +83,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   assertEquals(expectedSum, wasm.main(0, wasm.add));
   assertEquals(expectedDiff, wasm.main(0, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(expectedMax, wasm.main(0, wasm.max));
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-tagged.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-tagged.js
index 22043560dba2df..a7c6c2ab7383e9 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-tagged.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params-tagged.js
@@ -97,11 +97,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(expectedSum, wasm.main(...valuesTyped, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(expectedSum, wasm.main(...valuesTyped, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
    assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(expectedDiff, wasm.main(...valuesTyped, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
 
@@ -110,20 +110,20 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.outerDirect);
   assertEquals(expectedSum, wasm.outerDirect(42, ...valuesTyped, wasm.add));
   assertEquals(expectedDiff, wasm.outerDirect(42, ...valuesTyped, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.outerDirect));
   }
   assertEquals(expectedSum, wasm.outerDirect(42, ...valuesTyped, wasm.add2));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.outerDirect));
   }
   %WasmTierUpFunction(wasm.outerDirect);
   assertEquals(expectedSum, wasm.outerDirect(42, ...valuesTyped, wasm.add2));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.outerDirect));
   }
   assertEquals(expectedSum, wasm.outerDirect(42, ...valuesTyped, wasm.addGC));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.outerDirect));
   }
 
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params.js
index 3ceaabb63e2335..f0effe44687c08 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-params.js
@@ -37,11 +37,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(expectedSum, wasm.main(...values, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(expectedSum, wasm.main(...values, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(expectedDiff, wasm.main(...values, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
 
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-many-results.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-results.js
new file mode 100644
index 00000000000000..3ab39ed9473274
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-many-results.js
@@ -0,0 +1,130 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-deopt --allow-natives-syntax --turboshaft-wasm
+// Flags: --experimental-wasm-inlining --liftoff --expose-gc
+// Flags: --turboshaft-wasm-instruction-selection-staged
+// Flags: --wasm-inlining-ignore-call-counts --wasm-inlining-factor=30
+// Flags: --wasm-inlining-budget=100000 --no-jit-fuzzing
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+// Test deopt with many results with different types.
+(function TestManyResults() {
+
+  let returnCount = 25;
+  let builder = new WasmModuleBuilder();
+  let struct = builder.addStruct([makeField(kWasmI32, false)]);
+  let array = builder.addArray(kWasmI32, true);
+
+  let gcImport = builder.addImport("i", "gc", makeSig([], []));
+
+  let createStruct = builder.addFunction("struct",
+      makeSig([kWasmI32], [wasmRefType(struct)]))
+    .addBody([
+      kExprLocalGet, 0,
+      kGCPrefix, kExprStructNew, struct,
+    ]).exportFunc();
+  let createArray = builder.addFunction("array",
+      makeSig([kWasmI32], [wasmRefType(array)]))
+    .addBody([
+      kExprLocalGet, 0,
+      kGCPrefix, kExprArrayNewFixed, array, 1,
+    ]).exportFunc();
+
+  let types = [
+    {type: kWasmI32, toI32: [], fromI32: []},
+    {type: wasmRefType(struct), toI32: [kGCPrefix, kExprStructGet, struct, 0],
+     fromI32: [kExprCallFunction, createStruct.index]},
+    {type: kWasmF64, toI32: [kExprI32SConvertF64],
+     fromI32: [kExprF64SConvertI32]},
+    {type: wasmRefType(array),
+     toI32: [kExprI32Const, 0, kGCPrefix, kExprArrayGet, array],
+     fromI32: [kExprCallFunction, createArray.index]},
+    {type: kWasmF32, toI32: [kExprI32SConvertF32],
+     fromI32: [kExprF32SConvertI32]},
+    {type: kWasmI31Ref, toI32: [kGCPrefix, kExprI31GetS],
+     fromI32: [kGCPrefix, kExprRefI31]},
+    {type: kWasmI64, toI32: [kExprI32ConvertI64],
+     fromI32: [kExprI64SConvertI32]},
+  ];
+
+  let calleeReturns = new Array(returnCount).fill()
+    .map((_, i) => types[i % types.length].type);
+  let funcRefT = builder.addType(makeSig([], calleeReturns));
+
+  builder.addFunction("one", funcRefT)
+    .addBody(generateCalleeBody(1)).exportFunc();
+  builder.addFunction("two", funcRefT)
+    .addBody(generateCalleeBody(2)).exportFunc();
+  builder.addFunction("threeGC", funcRefT)
+    .addBody([
+      kExprCallFunction, gcImport,
+      ...generateCalleeBody(3)
+    ]).exportFunc();
+  builder.addFunction("four", funcRefT)
+    .addBody(generateCalleeBody(4)).exportFunc();
+
+  let main = builder.addFunction("passThrough",
+      makeSig([wasmRefType(funcRefT)], calleeReturns))
+    .addBody([
+      kExprLocalGet, 0,
+      kExprCallRef, funcRefT,
+  ]).exportFunc();
+
+  builder.addFunction("passThroughExport",
+      makeSig([wasmRefType(funcRefT)], [kWasmI32]))
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprCallFunction, main.index,
+      ...combine(),
+    ]).exportFunc();
+
+  let expectedOne = returnCount * (returnCount + 1) / 2;
+  let expectedTwo = expectedOne + returnCount;
+  let expectedThree = expectedTwo + returnCount;
+  let expectedFour = expectedThree + returnCount;
+
+  let wasm = builder.instantiate({i: {gc}}).exports;
+  assertEquals(expectedOne, wasm.passThroughExport(wasm.one));
+  %WasmTierUpFunction(wasm.passThrough);
+  assertEquals(expectedTwo, wasm.passThroughExport(wasm.two));
+  if (%IsWasmTieringPredictable()) {
+    assertFalse(%IsTurboFanFunction(wasm.passThrough));
+  }
+  %WasmTierUpFunction(wasm.passThrough);
+  assertEquals(expectedThree, wasm.passThroughExport(wasm.threeGC));
+  if (%IsWasmTieringPredictable()) {
+    assertFalse(%IsTurboFanFunction(wasm.passThrough));
+  }
+  // This time tier up the outer function.
+  %WasmTierUpFunction(wasm.passThroughExport);
+  assertEquals(expectedFour, wasm.passThroughExport(wasm.four));
+  if (%IsWasmTieringPredictable()) {
+    assertFalse(%IsTurboFanFunction(wasm.passThrough));
+  }
+
+  function generateCalleeBody(value) {
+    let result = [];
+    for (let i = 0; i < returnCount; ++i) {
+      result.push(...wasmI32Const(value++), ...types[i % types.length].fromI32);
+    }
+    return result;
+  }
+
+  function combine() {
+    let result = [];
+    for (let i = 0; i < returnCount; ++i) {
+      result.push(
+        ...types[(returnCount - i - 1) % types.length].toI32,
+        kExprLocalGet, 1,
+        kExprI32Add,
+        kExprLocalSet, 1
+      );
+    }
+    result.push(kExprLocalGet, 1);
+    return result;
+  }
+})();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-memory-access.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-memory-access.js
index 02c6ac6e1b4707..1147e1f0029fc7 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-memory-access.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-memory-access.js
@@ -51,7 +51,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(42, wasm.main(12, 30, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(42, wasm.main(12, 30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(360, wasm.main(12, 30, wasm.mul));
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-minimal.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-minimal.js
index 1b367a0aafef79..42cd5c6866f73c 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-minimal.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-minimal.js
@@ -40,12 +40,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   // tierup.
   assertEquals(42, wasm.main(30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Non-deopt call succeeded, now causing deopt.
   assertEquals(360, wasm.main(30, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   // Deopt happened, executions are now in liftoff.
@@ -55,7 +55,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   // There is feedback for both targets, they do not trigger new deopts.
   assertEquals(360, wasm.main(30, wasm.mul));
   assertEquals(42, wasm.main(30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-different-callee.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-different-callee.js
index 34eb7d94d8bdfb..03a5980d61b827 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-different-callee.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-different-callee.js
@@ -31,21 +31,21 @@ const instanceB = builder.instantiate({});
 instanceA.exports.main(instanceA.exports.a);
 %WasmTierUpFunction(instanceA.exports.main);
 instanceA.exports.main(instanceA.exports.a);
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertTrue(%IsTurboFanFunction(instanceA.exports.main));
 }
 
 // This triggers a deopt as the callee is not function a and the optimized code
 // is shared with instanceA.
 instanceB.exports.main(instanceB.exports.b);
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertFalse(%IsTurboFanFunction(instanceB.exports.main));
 }
 // This re-optimizes the function with the feedback from instanceB.
 // To prevent deopt loops, it must also keep the feedback from instanceA.
 %WasmTierUpFunction(instanceB.exports.main);
 instanceB.exports.main(instanceB.exports.b);
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertTrue(%IsTurboFanFunction(instanceA.exports.main));
 }
 // Calling a or b does not trigger a deopt.
@@ -53,7 +53,7 @@ instanceA.exports.main(instanceA.exports.a);
 instanceA.exports.main(instanceA.exports.b);
 instanceB.exports.main(instanceB.exports.a);
 instanceB.exports.main(instanceB.exports.b);
-if (%IsolateCountForTesting() == 1) {
+if (%IsWasmTieringPredictable()) {
   assertTrue(%IsTurboFanFunction(instanceA.exports.main));
   assertTrue(%IsTurboFanFunction(instanceB.exports.main));
 }
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-inlined.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-inlined.js
index 1ac1e2c5259590..dd67f6dd72d406 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-inlined.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance-inlined.js
@@ -3,7 +3,7 @@
 // found in the LICENSE file.
 
 // Flags: --wasm-deopt --allow-natives-syntax --no-jit-fuzzing --liftoff
-// Flags: --turboshaft-wasm-instruction-selection-staged
+// Flags: --turboshaft-wasm-instruction-selection-staged --turboshaft-wasm
 // Flags: --wasm-inlining-ignore-call-counts --wasm-inlining-factor=15
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
@@ -38,16 +38,16 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   assertEquals(84, instance.exports.main(instance.exports.callee_0));
   %WasmTierUpFunction(instance.exports.main);
   assertEquals(84, instance.exports.main(instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance.exports.main));
   }
 
   const instance2 = builder.instantiate({});
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
   assertEquals(84, instance2.exports.main(instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(instance2.exports.main));
   }
   // Run it one more time, so that the call count to inlinee is > 0 for
@@ -55,7 +55,7 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   assertEquals(84, instance2.exports.main(instance.exports.callee_0));
   %WasmTierUpFunction(instance2.exports.main);
   assertEquals(84, instance2.exports.main(instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
 })();
@@ -94,21 +94,21 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   assertEquals(42, instance.exports.main(7, instance.exports.callee_0));
   %WasmTierUpFunction(instance.exports.main);
   assertEquals(42, instance.exports.main(7, instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance.exports.main));
   }
 
   const instance2 = builder.instantiate({});
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
   assertEquals(42, instance2.exports.main(7, instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(instance2.exports.main));
   }
   %WasmTierUpFunction(instance2.exports.main);
   assertEquals(42, instance2.exports.main(7, instance.exports.callee_0));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance.js
index be374572c4e1e4..c56a910b6f8a9a 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-multi-instance.js
@@ -4,7 +4,7 @@
 
 // Flags: --wasm-deopt --allow-natives-syntax --no-jit-fuzzing --liftoff
 // Flags: --turboshaft-wasm-instruction-selection-staged
-// Flags: --wasm-inlining-call-indirect
+// Flags: --wasm-inlining-call-indirect --turboshaft-wasm
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
@@ -27,21 +27,21 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   instance.exports.main(instance.exports.callee_0);
   %WasmTierUpFunction(instance.exports.main);
   instance.exports.main(instance.exports.callee_0);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance.exports.main));
   }
 
   const instance2 = builder.instantiate({});
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
   instance2.exports.main(instance.exports.callee_0);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(instance2.exports.main));
   }
   %WasmTierUpFunction(instance2.exports.main);
   instance2.exports.main(instance.exports.callee_0);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
 })();
@@ -75,21 +75,21 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   instance.exports.main(0);
   %WasmTierUpFunction(instance.exports.main);
   instance.exports.main(0);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance.exports.main));
   }
 
   const instance2 = builder.instantiate({});
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
   instance2.exports.main(1);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(instance2.exports.main));
   }
   %WasmTierUpFunction(instance2.exports.main);
   instance2.exports.main(1);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(instance2.exports.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-multiple.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-multiple.js
index 3fd6ad287ff21a..d3d8f024c38a9f 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-multiple.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-multiple.js
@@ -39,24 +39,24 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals((1 + 2) * 3, wasm.main(1, 2, wasm.add, 3, wasm.mul));
   %WasmTierUpFunction(wasm.main);
   assertEquals((1 + 2) * 3, wasm.main(1, 2, wasm.add, 3, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // New target on 2nd call_ref.
   assertEquals((1 + 2) + 3, wasm.main(1, 2, wasm.add, 3, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   // New target on 1st call_ref.
   assertEquals((1 * 2) * 3, wasm.main(1, 2, wasm.mul, 3, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   // New combination but no new targets.
   assertEquals((1 * 2) + 3, wasm.main(1, 2, wasm.mul, 3, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-nan.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-nan.js
index d801bb04724405..958870ede04a49 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-nan.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-nan.js
@@ -32,16 +32,16 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(1, wasm.main(wasm.justOne));
   %WasmTierUpFunction(wasm.main);
   assertEquals(1, wasm.main(wasm.justOne));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(0x7fa7a1b9, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   assertEquals(0x7fa7a1b9, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
@@ -74,16 +74,16 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(1, wasm.main(wasm.justOne));
   %WasmTierUpFunction(wasm.main);
   assertEquals(1, wasm.main(wasm.justOne));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(0x7fa7a1b9, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   assertEquals(0x7fa7a1b9, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
@@ -112,16 +112,16 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(1n, wasm.main(wasm.justOne));
   %WasmTierUpFunction(wasm.main);
   assertEquals(1n, wasm.main(wasm.justOne));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(0x7ff4000000000000n, wasm.main(wasm.reinterpretF64));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   assertEquals(0x7ff4000000000000n, wasm.main(wasm.reinterpretF64));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
@@ -155,16 +155,16 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(1n, wasm.main(wasm.justOne));
   %WasmTierUpFunction(wasm.main);
   assertEquals(1n, wasm.main(wasm.justOne));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertEquals(0x7ff4000000000000n, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   %WasmTierUpFunction(wasm.main);
   assertEquals(0x7ff4000000000000n, wasm.main(wasm.reinterpretF32));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlineable-target.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlineable-target.js
index c4afe617758249..78712dbe75bb4e 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlineable-target.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlineable-target.js
@@ -36,12 +36,12 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   %WasmTierUpFunction(wasm.main);
   // Tier-up.
   assertEquals(42, wasm.main(30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Non-deopt call succeeded, now causing deopt with imported function.
   assertEquals(360, wasm.main(30, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   // Deopt happened, executions are now in Liftoff.
@@ -52,7 +52,7 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   // non-inlineable), they should not trigger new deopts.
   assertEquals(360, wasm.main(30, wasm.mul));
   assertEquals(42, wasm.main(30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
@@ -93,12 +93,12 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   %WasmTierUpFunction(wasm.main);
   // Tier-up.
   assertEquals(42, wasm.main(12, 30, addTableIndex));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Non-deopt call succeeded, now causing deopt with imported function.
   assertEquals(360, wasm.main(12, 30, mulTableIndex));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   // Deopt happened, executions are now in Liftoff.
@@ -109,7 +109,7 @@ d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
   // non-inlineable), they should not trigger new deopts.
   assertEquals(360, wasm.main(12, 30, mulTableIndex));
   assertEquals(42, wasm.main(12, 30, addTableIndex));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlined-target.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlined-target.js
index 630e961fb01090..f654ec171d5fc0 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlined-target.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-non-inlined-target.js
@@ -39,12 +39,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(30, wasm.main(10, 20, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(30, wasm.main(10, 20, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   // Call with new target causing a deopt.
   assertEquals(-10, wasm.main(10, 20, wasm.sub));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
   // Re-opt. Due to the size of sub(), the target will not be inlined.
@@ -53,7 +53,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   %WasmTierUpFunction(wasm.main);
   // Calling with a new call target therefore doesn't trigger a deopt.
   assertEquals(200, wasm.main(10, 20, wasm.mul));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-signal-handler.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-signal-handler.js
index cf5862bbe2aa90..ecbd1a12018e1b 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-signal-handler.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-signal-handler.js
@@ -46,7 +46,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(42, wasm.main(12, 30, wasm.add));
   %WasmTierUpFunction(wasm.main);
   assertEquals(42, wasm.main(12, 30, wasm.add));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.main));
   }
   assertThrows(() => wasm.main(12, 30, wasm.zero));
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-tail-call-parent-frame.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-tail-call-parent-frame.js
index 428134a9d28799..c2c8848915c43d 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-tail-call-parent-frame.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-tail-call-parent-frame.js
@@ -52,7 +52,7 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEquals(1234567, wasm.main(wasm.c1));
   %WasmTierUpFunction(wasm.main);
   assertEquals(1234567, wasm.main(wasm.c2));
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.main));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-untagged-parameters.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-untagged-parameters.js
index 3544d18756f108..e0e35486e12918 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-untagged-parameters.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-untagged-parameters.js
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 // Flags: --wasm-staging --allow-natives-syntax --turboshaft-wasm --wasm-deopt
+// Flags: --liftoff
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/wasm/deopt/deopt-value-types.js b/deps/v8/test/mjsunit/wasm/deopt/deopt-value-types.js
index 2ee1407193a70d..490db4ffe475f0 100644
--- a/deps/v8/test/mjsunit/wasm/deopt/deopt-value-types.js
+++ b/deps/v8/test/mjsunit/wasm/deopt/deopt-value-types.js
@@ -80,12 +80,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEqualsDelta(expected, wasm.literals(wasm.nop1), delta);
   %WasmTierUpFunction(wasm.literals);
   assertEqualsDelta(expected, wasm.literals(wasm.nop1), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.literals));
   }
   // Deopt happened, the result should still be the same.
   assertEqualsDelta(expected, wasm.literals(wasm.nop2), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.literals));
   }
 })();
@@ -158,12 +158,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEqualsDelta(expected, wasm.literals(wasm.nop1), delta);
   %WasmTierUpFunction(wasm.literals);
   assertEqualsDelta(expected, wasm.literals(wasm.nop1), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.literals));
   }
   // Deopt happened, the result should still be the same.
   assertEqualsDelta(expected, wasm.literals(wasm.nop2), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.literals));
   }
 })();
@@ -234,12 +234,12 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   assertEqualsDelta(42 * 7, wasm.locals(42, wasm.nop1), delta);
   %WasmTierUpFunction(wasm.locals);
   assertEqualsDelta(42 * 7, wasm.locals(42, wasm.nop1), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertTrue(%IsTurboFanFunction(wasm.locals));
   }
   // Deopt happened, the result should still be the same.
   assertEqualsDelta(42 * 7, wasm.locals(42, wasm.nop2), delta);
-  if (%IsolateCountForTesting() == 1) {
+  if (%IsWasmTieringPredictable()) {
     assertFalse(%IsTurboFanFunction(wasm.locals));
   }
 })();
diff --git a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-conflict.js b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-conflict.js
index e0969bf2163d34..cbe9a4acae7670 100644
--- a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-conflict.js
+++ b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-conflict.js
@@ -5,6 +5,7 @@
 // Flags: --turbo-fast-api-calls --expose-fast-api --no-liftoff --wasm-fast-api
 // Flags: --turboshaft-wasm --wasm-lazy-compilation
 // Flags: --no-wasm-native-module-cache-enabled
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-floats.js b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-floats.js
index 48ea9b9b7f323e..d1a1bf5a5e0e0f 100644
--- a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-floats.js
+++ b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-floats.js
@@ -4,6 +4,7 @@
 
 // Flags: --turbo-fast-api-calls --expose-fast-api --no-liftoff --wasm-fast-api
 // Flags: --turboshaft-wasm --wasm-lazy-compilation
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-i64.js b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-i64.js
index d27382890104bb..91e4eda63ff13f 100644
--- a/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-i64.js
+++ b/deps/v8/test/mjsunit/wasm/fast-api-calls-with-wellknown-imports-i64.js
@@ -5,6 +5,7 @@
 // Flags: --turbo-fast-api-calls --expose-fast-api --no-liftoff --wasm-fast-api
 // Flags: --turboshaft-wasm --wasm-lazy-compilation
 // Flags: --no-wasm-native-module-cache-enabled
+// Flags: --fast-api-allow-float-in-sim
 
 d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
 
diff --git a/deps/v8/test/mjsunit/wasm/gc-js-interop-helpers.js b/deps/v8/test/mjsunit/wasm/gc-js-interop-helpers.js
index f3c5b4d6f9632e..22090c609a9250 100644
--- a/deps/v8/test/mjsunit/wasm/gc-js-interop-helpers.js
+++ b/deps/v8/test/mjsunit/wasm/gc-js-interop-helpers.js
@@ -35,26 +35,26 @@ function CreateWasmObjects() {
   };
 }
 
-function testThrowsRepeated(fn, ErrorType, ignoreDeopts = false) {
+function testThrowsRepeated(fn, ErrorType) {
   const maxRuns = 3;
   for (let run = 0; run < maxRuns; ++run) {
     %PrepareFunctionForOptimization(fn);
     for (let i = 0; i < 5; i++) assertThrows(fn, ErrorType);
     %OptimizeFunctionOnNextCall(fn);
     assertThrows(fn, ErrorType);
-    if (isOptimized(fn) || ignoreDeopts) return;
+    if (isOptimized(fn)) return;
   }
   assertOptimized(fn);
 }
 
-function repeated(fn, ignoreDeopts = false) {
+function repeated(fn) {
   const maxRuns = 3;
   for (let run = 0; run < maxRuns; ++run) {
     %PrepareFunctionForOptimization(fn);
     for (let i = 0; i < 5; i++) fn();
     %OptimizeFunctionOnNextCall(fn);
     fn();
-    if (isOptimized(fn) || ignoreDeopts) return;
+    if (isOptimized(fn)) return;
   }
   assertOptimized(fn);
 }
diff --git a/deps/v8/test/mjsunit/wasm/gc-js-interop.js b/deps/v8/test/mjsunit/wasm/gc-js-interop.js
index 83ab33f80340d6..943fe48211e051 100644
--- a/deps/v8/test/mjsunit/wasm/gc-js-interop.js
+++ b/deps/v8/test/mjsunit/wasm/gc-js-interop.js
@@ -6,9 +6,6 @@
 
 d8.file.execute('test/mjsunit/wasm/gc-js-interop-helpers.js');
 
-// TODO(14034): Some operations can still trigger a deopt loop.
-const ignoreDeopts = true;
-
 let {struct, array} = CreateWasmObjects();
 for (const wasm_obj of [struct, array]) {
   repeated(() => assertSame(undefined, wasm_obj.foo));
@@ -57,9 +54,7 @@ for (const wasm_obj of [struct, array]) {
   repeated(() => assertSame(undefined, wasm_obj?.property));
 
   repeated(() => assertEquals(undefined, void wasm_obj));
-  // These deopt loops can also be triggered with JS only code, e.g.
-  // `2 == {valueOf: () => +2n}`.
-  testThrowsRepeated(() => 2 == wasm_obj, TypeError, ignoreDeopts);
+  testThrowsRepeated(() => 2 == wasm_obj, TypeError);
   repeated(() => assertFalse(2 === wasm_obj));
   repeated(() => assertFalse({} === wasm_obj));
   repeated(() => assertTrue(wasm_obj == wasm_obj));
@@ -68,11 +63,9 @@ for (const wasm_obj of [struct, array]) {
   repeated(() => assertFalse(wasm_obj !== wasm_obj));
   repeated(() => assertFalse(struct == array));
   repeated(() => assertTrue(struct != array));
-  // JS Symbols also have the issue of triggering deopt loops on relational
-  // comparisons, e.g. `2 < Symbol("test")`.
-  testThrowsRepeated(() => wasm_obj < wasm_obj, TypeError, ignoreDeopts);
-  testThrowsRepeated(() => wasm_obj <= wasm_obj, TypeError, ignoreDeopts);
-  testThrowsRepeated(() => wasm_obj >= wasm_obj, TypeError, ignoreDeopts);
+  testThrowsRepeated(() => wasm_obj < wasm_obj, TypeError);
+  testThrowsRepeated(() => wasm_obj <= wasm_obj, TypeError);
+  testThrowsRepeated(() => wasm_obj >= wasm_obj, TypeError);
 
   testThrowsRepeated(() => { let [] = wasm_obj; }, TypeError);
   testThrowsRepeated(() => { let [a, b] = wasm_obj; }, TypeError);
diff --git a/deps/v8/test/mjsunit/wasm/memory64.js b/deps/v8/test/mjsunit/wasm/memory64.js
index af57c0fba87b0b..f43b7a4c6ea522 100644
--- a/deps/v8/test/mjsunit/wasm/memory64.js
+++ b/deps/v8/test/mjsunit/wasm/memory64.js
@@ -660,3 +660,44 @@ function InstantiatingWorkerCode() {
           'cannot import memory32 as memory64',
       worker.getMessage());
 })();
+
+(function TestMemory64EmbedLoadInFloatBinop() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  builder.addMemory64(1, 1, true);
+
+  builder.addFunction('move_load_into_float_binop',
+                      makeSig([kWasmF64], [kWasmF64]))
+    .addBody([
+      ...wasmF64Const(0),
+      kExprLocalGet, 0,
+      kExprF64Add,
+      ...wasmI64Const(65536),
+      kExprF64LoadMem, 0, 0,
+      kExprF64Add,
+    ])
+    .exportFunc();
+
+  builder.addFunction('dont_move_load_if_something_traps_in_between',
+                      makeSig([], [kWasmF64]))
+    .addBody([
+      ...wasmI64Const(65536),
+      kExprF64LoadMem, 0, 0,
+
+      ...wasmI32Const(42),
+      ...wasmI64Const(0),
+      kExprI32LoadMem, 0, 0, // Loads zero as i32.
+      kExprI32DivU, // Divide by zero trap.
+      kExprF64UConvertI32,
+
+      kExprF64Add,
+    ])
+    .exportFunc();
+
+  // Instantiation works, this should throw at runtime.
+  let instance = builder.instantiate();
+  assertTraps(kTrapMemOutOfBounds, () =>
+    instance.exports.move_load_into_float_binop(1.0));
+  assertTraps(kTrapMemOutOfBounds, () =>
+    instance.exports.dont_move_load_if_something_traps_in_between());
+})();
diff --git a/deps/v8/test/mjsunit/wasm/module-prototype.js b/deps/v8/test/mjsunit/wasm/module-prototype.js
new file mode 100644
index 00000000000000..8a53edb9dfbb66
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/module-prototype.js
@@ -0,0 +1,27 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm --no-js-source-phase-imports
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+function makeBuilder() {
+  var builder = new WasmModuleBuilder();
+
+  builder.addFunction("f", kSig_v_v)
+    .addBody([])
+    .exportFunc();
+  return builder;
+}
+
+assertEquals(
+  Object.getPrototypeOf(WebAssembly.Module.prototype),
+  Object.prototype);
+
+var builder = makeBuilder();
+var module = new WebAssembly.Module(builder.toBuffer());
+var module_prototype = Object.getPrototypeOf(module);
+assertEquals(module_prototype, WebAssembly.Module.prototype);
+assertTrue(module instanceof WebAssembly.Module);
+assertEquals(module[Symbol.toStringTag], "WebAssembly.Module");
diff --git a/deps/v8/test/mjsunit/wasm/module-source.js b/deps/v8/test/mjsunit/wasm/module-source.js
new file mode 100644
index 00000000000000..a76641fde99d1f
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/module-source.js
@@ -0,0 +1,37 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --expose-wasm --js-source-phase-imports --allow-natives-syntax
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+function makeBuilder() {
+  var builder = new WasmModuleBuilder();
+
+  builder.addFunction("f", kSig_v_v)
+    .addBody([])
+    .exportFunc();
+  return builder;
+}
+
+var AbstractModuleSource = %GetAbstractModuleSource();
+assertEquals(
+  Object.getPrototypeOf(WebAssembly.Module.prototype),
+  AbstractModuleSource.prototype);
+assertEquals(
+  Object.getPrototypeOf(AbstractModuleSource.prototype),
+  Object.prototype);
+
+var ToStringTag = Object
+  .getOwnPropertyDescriptor(
+    AbstractModuleSource.prototype,
+    Symbol.toStringTag,
+  ).get;
+
+var builder = makeBuilder();
+var module = new WebAssembly.Module(builder.toBuffer());
+assertEquals(Object.getPrototypeOf(module), WebAssembly.Module.prototype);
+assertTrue(module instanceof WebAssembly.Module);
+assertTrue(module instanceof AbstractModuleSource);
+assertEquals(ToStringTag.call(module), "WebAssembly.Module");
diff --git a/deps/v8/test/mjsunit/wasm/runtime-gc-objects.js b/deps/v8/test/mjsunit/wasm/runtime-gc-objects.js
new file mode 100644
index 00000000000000..d7f5d19d329cbf
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/runtime-gc-objects.js
@@ -0,0 +1,26 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --allow-natives-syntax
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function TestDeoptMinimalCallRef() {
+  var builder = new WasmModuleBuilder();
+
+  builder.addFunction("isArray", makeSig([kWasmAnyRef], [kWasmI32]))
+    .addBody([kExprLocalGet, 0, kGCPrefix, kExprRefTest, kArrayRefCode])
+    .exportFunc();
+  builder.addFunction("isStruct", makeSig([kWasmAnyRef], [kWasmI32]))
+    .addBody([kExprLocalGet, 0, kGCPrefix, kExprRefTest, kStructRefCode])
+    .exportFunc();
+
+  let wasm = builder.instantiate().exports;
+  let array = %WasmArray();
+  let struct = %WasmStruct();
+  assertEquals(1, wasm.isArray(array));
+  assertEquals(0, wasm.isArray(struct));
+  assertEquals(0, wasm.isStruct(array));
+  assertEquals(1, wasm.isStruct(struct));
+})();
diff --git a/deps/v8/test/mjsunit/wasm/simd-wasm-interpreter.js b/deps/v8/test/mjsunit/wasm/simd-wasm-interpreter.js
new file mode 100644
index 00000000000000..5c3738b39acec8
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/simd-wasm-interpreter.js
@@ -0,0 +1,57 @@
+// Copyright 2023 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+
+// Tests that R2R/S2R mode is not supported for Simd types in the Wasm
+// interpreter.
+(function testSimdSelect() {
+  print(arguments.callee.name);
+
+  const builder = new WasmModuleBuilder();
+  builder.addType(makeSig([], []));
+  builder.addFunction('main', 0 /* sig */)
+    .addLocals(kWasmS128, 2)
+    .exportFunc()
+    .addBody([
+      ...wasmS128Const(new Array(16).fill(0)),  // s128.const
+      ...wasmS128Const(new Array(16).fill(0)),  // s128.const
+      kExprI32Const, 0,
+      kExprSelect,                              // select
+      kExprDrop,
+    ]);
+  var instance = builder.instantiate();
+  instance.exports.main();
+})();
+
+// Tests R2S mode Select instruction for Simd types
+(function testSimdSelectR2S() {
+  print(arguments.callee.name);
+
+  const builder = new WasmModuleBuilder();
+  let globalint = builder.addImportedGlobal('o', 'g', kWasmI32, true);
+
+  builder.addType(makeSig([], []));
+  builder.addFunction('main', 0 /* sig */)
+    .addLocals(kWasmS128, 2)
+    .exportFunc()
+    .addBody([
+      ...wasmS128Const(new Array(16).fill(1)),  // s128.const
+      ...wasmS128Const(new Array(16).fill(0)),  // s128.const
+      kExprGlobalGet, globalint,
+      kExprSelect,                              // select
+
+      // The first s128 const should be selected.
+      ...wasmS128Const(new Array(16).fill(1)),
+      kSimdPrefix, kExprI8x16Ne,
+      kSimdPrefix, kExprI8x16AllTrue,
+      kExprIf, kWasmVoid,
+        kExprUnreachable,
+      kExprEnd,
+    ]);
+  let gint = new WebAssembly.Global({mutable: true, value: 'i32'});
+  gint.value = 1;
+  var instance = builder.instantiate({o: {g: gint}});
+  instance.exports.main();
+})();
diff --git a/deps/v8/test/mjsunit/wasm/stack-switching-export.js b/deps/v8/test/mjsunit/wasm/stack-switching-export.js
index 5fcc88138cf10b..c01b9440dc2cd1 100644
--- a/deps/v8/test/mjsunit/wasm/stack-switching-export.js
+++ b/deps/v8/test/mjsunit/wasm/stack-switching-export.js
@@ -19,7 +19,7 @@ function GC() {
 (function testGenericWrapper0Param() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_r);
+  let sig_index = builder.addType(kSig_r_v);
   let func_index = builder.addImport("mod", "func", kSig_r_v);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -34,7 +34,7 @@ function GC() {
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(), v => assertEquals(undefined, v));
   assertEquals(20, x);
 })();
@@ -42,7 +42,7 @@ function GC() {
 (function testGenericWrapper0ParamTraps() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_r);
+  let sig_index = builder.addType(kSig_r_v);
   builder.addFunction("main", sig_index)
     .addBody([
       kExprUnreachable
@@ -50,49 +50,47 @@ function GC() {
     .exportFunc();
 
   let instance = builder.instantiate();
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertThrowsAsync(main(), WebAssembly.RuntimeError);
 })();
 
 (function testGenericWrapper1ParamTrap() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmExternRef]);
+  let sig = makeSig([kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   builder.addFunction("main", sig_index)
     .addBody([
-      kExprLocalGet, 1, kExprUnreachable
+      kExprLocalGet, 0, kExprUnreachable
     ])
     .exportFunc();
 
   let instance = builder.instantiate();
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertThrowsAsync(main(), WebAssembly.RuntimeError);
 })();
 
 (function testGenericWrapper1ParamGeneral() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmExternRef]);
+  let sig = makeSig([kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param) {
+  function import_func(param) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(5), v => { assertEquals(undefined, v); });
   assertEquals(17, x);
 })();
@@ -100,27 +98,25 @@ function GC() {
 (function testGenericWrapper1ParamNotSmi() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmExternRef]);
+  let sig = makeSig([kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
         kExprLocalGet, 0,
-        kExprLocalGet, 1,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param) {
+  function import_func(param) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param;
   }
 
   let y = { valueOf: () => { print("Hello!"); GC(); return 24; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(y), v => { assertEquals(undefined, v); });
   assertEquals(36, x);
 })();
@@ -128,7 +124,7 @@ function GC() {
 (function testGenericWrapper4Param() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasmI32],
+  let sig = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32],
       [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
@@ -138,22 +134,20 @@ function GC() {
       kExprLocalGet, 1,
       kExprLocalGet, 2,
       kExprLocalGet, 3,
-      kExprLocalGet, 4,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4) {
+  function import_func(param1, param2, param3, param4) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += 2 * param1 + 3 * param2 + 4 * param3 + 5 * param4;
   }
 
   let param2 = { valueOf: () => { GC(); return 6; } };
   let param3 = { valueOf: () => { GC(); return 3; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(9, param2, param3, 0),
       v => { assertEquals(undefined, v); });
@@ -172,13 +166,13 @@ function GC() {
   assertEquals(60, x);
 })();
 
-let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
-    kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmExternRef]);
+let kSig_r_iiiiiiii = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32,
+    kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmExternRef]);
 
 (function testGenericWrapper8Param() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_riiiiiiii);
+  let sig_index = builder.addType(kSig_r_iiiiiiii);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -190,16 +184,14 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
       kExprLocalGet, 5,
       kExprLocalGet, 6,
       kExprLocalGet, 7,
-      kExprLocalGet, 8,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5,
+  function import_func(param1, param2, param3, param4, param5,
       param6, param7, param8) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + 2 * param2 + 3 * param3 + 4 * param4 + 5 * param5
       + 6 * param6 + 7 * param7 + 8 * param8;
   }
@@ -209,7 +201,7 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
   let param6 = { valueOf: () => { GC(); return 10; } };
   let param8 = { valueOf: () => { GC(); return 12; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(param1, 6, 7, param4, 9, param6, 11, param8),
       v => assertEquals(undefined, v));
@@ -220,8 +212,7 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
 (function testGenericWrapper4ParamWithLessParams() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasmI32],
-      [kWasmExternRef]);
+  let sig = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
@@ -230,21 +221,19 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
       kExprLocalGet, 1,
       kExprLocalGet, 2,
       kExprLocalGet, 3,
-      kExprLocalGet, 4,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4) {
+  function import_func(param1, param2, param3, param4) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + param2 + param3 + param4;
   }
 
   let param2 = { valueOf: () => { GC(); return 3; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(5, param2), v => assertEquals(undefined, v));
   assertEquals(20, x);
 })();
@@ -253,8 +242,7 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
 (function testGenericWrapper4ParamWithMoreParams() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasmI32],
-      [kWasmExternRef]);
+  let sig = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
@@ -263,22 +251,20 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
       kExprLocalGet, 1,
       kExprLocalGet, 2,
       kExprLocalGet, 3,
-      kExprLocalGet, 4,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4) {
+  function import_func(param1, param2, param3, param4) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + param2 + param3 + param4;
   }
 
   let param2 = { valueOf: () => { GC(); return 3; } };
   let param3 = { valueOf: () => { GC(); return 6; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(5, param2, param3, 7, 200, 300, 400),
       v => assertEquals(undefined, v));
@@ -288,63 +274,59 @@ let kSig_r_riiiiiiii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
 (function testGenericWrapper1I32ReturnSmi() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmI32]);
+  let sig = makeSig([kWasmI32], [kWasmI32]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
         kExprLocalGet, 0,
-        kExprLocalGet, 1,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param) {
+  function import_func(param) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     return x + param;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(5), v => assertEquals(17, v));
 })();
 
 (function testGenericWrapper1I32ReturnHeapNumber() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmI32]);
+  let sig = makeSig([kWasmI32], [kWasmI32]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 2147483640;
-  function import_func(suspender, param) {
-    assertInstanceof(suspender, WebAssembly.Suspender);
+  function import_func(param) {
     let result = x + param;
     %SimulateNewspaceFull();
     return result;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(5), v => assertEquals(2147483645, v));
 })();
 
-let kSig_i_rlili = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI64, kWasmI32],
+let kSig_i_lili = makeSig([kWasmI64, kWasmI32, kWasmI64, kWasmI32],
     [kWasmI32]);
 
 (function testGenericWrapper4IParam1I32Ret() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_i_rlili);
+  let sig_index = builder.addType(kSig_i_lili);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -352,14 +334,12 @@ let kSig_i_rlili = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI64, kWasmI
       kExprLocalGet, 1,
       kExprLocalGet, 2,
       kExprLocalGet, 3,
-      kExprLocalGet, 4,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12n;
-  function import_func(suspender, param1, param2, param3, param4) {
-    assertInstanceof(suspender, WebAssembly.Suspender);
+  function import_func(param1, param2, param3, param4) {
     x += 2n * param1 + BigInt(3 * param2) + 4n * param3 + BigInt(5 * param4);
     return Number(x);
   }
@@ -367,17 +347,17 @@ let kSig_i_rlili = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI64, kWasmI
   let param2 = { valueOf: () => { GC(); return 6; } };
   let param3 = { valueOf: () => { GC(); return 3n; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(9n, param2, param3, 0), v => assertEquals(60, v));
 })();
 
-let kSig_r_riiili = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasmI64,
-  kWasmI32], [kWasmExternRef]);
+let kSig_r_iiili = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI64, kWasmI32],
+    [kWasmExternRef]);
 
 (function testGenericWrapper5IParam() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_riiili);
+  let sig_index = builder.addType(kSig_r_iiili);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -386,35 +366,33 @@ let kSig_r_riiili = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasm
       kExprLocalGet, 2,
       kExprLocalGet, 3,
       kExprLocalGet, 4,
-      kExprLocalGet, 5,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5) {
+  function import_func(param1, param2, param3, param4, param5) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += 2 * param1 + 3 * param2 + 4 * param3 + 5 * Number(param4) + 6 * param5;
   }
 
   let param2 = { valueOf: () => { GC(); return 6; } };
   let param3 = { valueOf: () => { GC(); return 3; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(9, param2, param3, 0n, 2),
       v => assertEquals(undefined, v));
   assertEquals(72, x);
 })();
 
-let kSig_r_riiilii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
-    kWasmI64, kWasmI32, kWasmI32], [kWasmExternRef]);
+let kSig_r_iiilii = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI64, kWasmI32,
+    kWasmI32], [kWasmExternRef]);
 
 (function testGenericWrapper6IParam() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_riiilii);
+  let sig_index = builder.addType(kSig_r_iiilii);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -424,36 +402,34 @@ let kSig_r_riiilii = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32,
       kExprLocalGet, 3,
       kExprLocalGet, 4,
       kExprLocalGet, 5,
-      kExprLocalGet, 6,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5,
+  function import_func(param1, param2, param3, param4, param5,
       param6) {
     gc();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += 2 * param1 + 3 * param2 + 4 * param3 + 5 * Number(param4) + 6 * param5 + 7 * param6;
   }
 
   let param2 = { valueOf: () => { GC(); return 6; } };
   let param3 = { valueOf: () => { GC(); return 3; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(9, param2, param3, 0n, 2, 3),
       v => assertEquals(undefined, v));
   assertEquals(93, x);
 })();
 
-let kSig_r_rliilliiil = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI32,
-    kWasmI64, kWasmI64, kWasmI32, kWasmI32, kWasmI32, kWasmI64], [kWasmI32]);
+let kSig_r_liilliiil = makeSig([kWasmI64, kWasmI32, kWasmI32, kWasmI64,
+    kWasmI64, kWasmI32, kWasmI32, kWasmI32, kWasmI64], [kWasmI32]);
 
 (function testGenericWrapper9IParam132Ret() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_rliilliiil);
+  let sig_index = builder.addType(kSig_r_liilliiil);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -466,15 +442,13 @@ let kSig_r_rliilliiil = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI32,
       kExprLocalGet, 6,
       kExprLocalGet, 7,
       kExprLocalGet, 8,
-      kExprLocalGet, 9,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5,
-      param6, param7, param8, param9) {
-    assertInstanceof(suspender, WebAssembly.Suspender);
+  function import_func(param1, param2, param3, param4, param5, param6, param7,
+      param8, param9) {
     x += Number(param1) + 2 * param2 + 3 * param3 + Number(4n * param4) + Number(5n * param5)
       + 6 * param6 + 7 * param7 + 8 * param8 + Number(9n * param9);
     return x;
@@ -485,7 +459,7 @@ let kSig_r_rliilliiil = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI32,
   let param6 = { valueOf: () => { GC(); return 10; } };
   let param8 = { valueOf: () => { GC(); return 12; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(param1, 6, 7, param4, 9n, param6, 11, param8, 0n),
       v => assertEquals(360, v));
@@ -495,123 +469,110 @@ let kSig_r_rliilliiil = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI32,
 (function testGenericWrapperTypeError() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI64], [kWasmExternRef]);
+  let sig = makeSig([kWasmI64], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12n;
-  function import_func(suspender, param1) {
-    assertInstanceof(suspender, WebAssembly.Suspender);
+  function import_func(param1) {
     x += param1;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertThrows(() => main(17), TypeError);
 })();
 
 (function testGenericWrapper1I64Return() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef], [kWasmI64]);
-  let sig_index = builder.addType(sig);
+  let sig_index = builder.addType(kSig_l_v);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
-        kExprLocalGet, 0,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
-  function import_func(suspender) {
+  function import_func() {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     return 10000000000n;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(), v => assertEquals(10000000000n, v));
 })();
 
 (function testGenericWrapper1F32Return() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef], [kWasmF32]);
-  let sig_index = builder.addType(sig);
+  let sig_index = builder.addType(kSig_f_v);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
-        kExprLocalGet, 0,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
-  function import_func(suspender) {
+  function import_func() {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     return 0.5;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(), v => assertEquals(0.5, v));
 })();
 
 (function testGenericWrapper1F64Return() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef], [kWasmF64]);
-  let sig_index = builder.addType(sig);
+  let sig_index = builder.addType(kSig_d_v);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
-        kExprLocalGet, 0,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
-  function import_func(suspender) {
+  function import_func() {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     return 0.25;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(), v => assertEquals(0.25, v));
 })();
 
 (function testGenericWrapper1Float32() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmF32], [kWasmExternRef]);
+  let sig = makeSig([kWasmF32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
         kExprLocalGet, 0,
-        kExprLocalGet, 1,
         kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12.5;
-  function import_func(suspender, param) {
+  function import_func(param) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(12.5), v => assertEquals(undefined, v));
   assertEquals(25, x);
 })();
@@ -619,37 +580,35 @@ let kSig_r_rliilliiil = makeSig([kWasmExternRef, kWasmI64, kWasmI32, kWasmI32,
 (function testGenericWrapper1Float64() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmF64], [kWasmExternRef]);
+  let sig = makeSig([kWasmF64], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
       kExprLocalGet, 0,
-      kExprLocalGet, 1,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12.5;
-  function import_func(suspender, param) {
+  function import_func(param) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param;
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(main(12.5), v => assertEquals(undefined, v));
   assertEquals(25, x);
 })();
 
-let kSig_r_rffddddff = makeSig([kWasmExternRef, kWasmF32, kWasmF32, kWasmF64,
-    kWasmF64, kWasmF64, kWasmF64, kWasmF32, kWasmF32], [kWasmExternRef]);
+let kSig_r_ffddddff = makeSig([kWasmF32, kWasmF32, kWasmF64, kWasmF64,
+    kWasmF64, kWasmF64, kWasmF32, kWasmF32], [kWasmExternRef]);
 
 (function testGenericWrapper8Floats() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_rffddddff);
+  let sig_index = builder.addType(kSig_r_ffddddff);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -661,16 +620,14 @@ let kSig_r_rffddddff = makeSig([kWasmExternRef, kWasmF32, kWasmF32, kWasmF64,
       kExprLocalGet, 5,
       kExprLocalGet, 6,
       kExprLocalGet, 7,
-      kExprLocalGet, 8,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5,
+  function import_func(param1, param2, param3, param4, param5,
       param6, param7, param8) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + 2 * param2 + 3 * param3 + 4 * param4 + 5 * param5
       + 6 * param6 + 7 * param7 + 8 * param8;
   }
@@ -680,21 +637,21 @@ let kSig_r_rffddddff = makeSig([kWasmExternRef, kWasmF32, kWasmF32, kWasmF64,
   let param6 = { valueOf: () => { GC(); return 6.5; } };
   let param8 = { valueOf: () => { GC(); return 8.5; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(param1, 2.5, 3.5, param4, 5.5, param6, 7.5, param8),
       v => assertEquals(undefined, v));
   assertEquals(234, x);
 })();
 
-let kSig_r_riiliffddlfdff = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI64,
-  kWasmI32, kWasmF32, kWasmF32, kWasmF64, kWasmF64, kWasmI64, kWasmF32,
-  kWasmF64, kWasmF32, kWasmF32], [kWasmExternRef]);
+let kSig_r_iiliffddlfdff = makeSig([kWasmI32, kWasmI32, kWasmI64, kWasmI32,
+    kWasmF32, kWasmF32, kWasmF64, kWasmF64, kWasmI64, kWasmF32, kWasmF64,
+    kWasmF32, kWasmF32], [kWasmExternRef]);
 // Floats don't fit into param registers.
 (function testGenericWrapper13ParamMix() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_riiliffddlfdff);
+  let sig_index = builder.addType(kSig_r_iiliffddlfdff);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -711,17 +668,15 @@ let kSig_r_riiliffddlfdff = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI6
       kExprLocalGet, 10,
       kExprLocalGet, 11,
       kExprLocalGet, 12,
-      kExprLocalGet, 13,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
   let y = 1.0;
-  function import_func(suspender, parami1, parami2, paraml1, parami3, paramf1,
+  function import_func(parami1, parami2, paraml1, parami3, paramf1,
       paramf2, paramd1, paramd2, paraml2, paramf3, paramd3, paramf4, paramf5) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += parami1 + 2 * parami2 + 3 * Number(paraml1) + 4 * parami3
       + 5 * Number(paraml2);
     y += paramf1 + 2 * paramf2 + 3 * paramd1 + 4 * paramd2 + 5 * paramf3
@@ -729,7 +684,7 @@ let kSig_r_riiliffddlfdff = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI6
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(5, 6, 7n, 8, 1.5, 2.5, 3.5, 4.5, 11n, 5.5, 6.5, 7.5, 8.5),
       v => assertEquals(undefined, v));
@@ -737,14 +692,14 @@ let kSig_r_riiliffddlfdff = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI6
   assertEquals(223, y);
 })();
 
-let kSig_r_riiliiiffddli = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI64,
-    kWasmI32, kWasmI32, kWasmI32, kWasmF32, kWasmF32, kWasmF64, kWasmF64,
-    kWasmI64, kWasmI32], [kWasmExternRef]);
+let kSig_r_iiliiiffddli = makeSig([kWasmI32, kWasmI32, kWasmI64, kWasmI32,
+    kWasmI32, kWasmI32, kWasmF32, kWasmF32, kWasmF64, kWasmF64, kWasmI64,
+    kWasmI32], [kWasmExternRef]);
 // Integers don't fit into param registers.
 (function testGenericWrapper12ParamMix() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_r_riiliiiffddli);
+  let sig_index = builder.addType(kSig_r_iiliiiffddli);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -760,17 +715,15 @@ let kSig_r_riiliiiffddli = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI64
       kExprLocalGet, 9,
       kExprLocalGet, 10,
       kExprLocalGet, 11,
-      kExprLocalGet, 12,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
   let y = 1.0;
-  function import_func(suspender, param1, param2, param3, param4, param5,
+  function import_func(param1, param2, param3, param4, param5,
       param6, paramf1, paramf2, paramd1, paramd2, param7, param8) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + 2 * param2 + 3 * Number(param3) + 4 * param4 + 5 * param5
       + 6 * param6 + 7 * Number(param7) + 8 * param8;
     y += paramf1 + paramf2 + paramd1 + paramd2;
@@ -781,7 +734,7 @@ let kSig_r_riiliiiffddli = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI64
   let param6 = { valueOf: () => { GC(); return 10; } };
   let param8 = { valueOf: () => { GC(); return 12; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(param1, 6, 7n, param4, 9, param6, 1.5, 2.5, 3.6, 4.4, 11n, param8),
       v => assertEquals(undefined, v));
@@ -789,15 +742,15 @@ let kSig_r_riiliiiffddli = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI64
   assertEquals(13, y);
 })();
 
-let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
-    kWasmI64, kWasmI32, kWasmI32, kWasmI32, kWasmF32, kWasmF32, kWasmF64,
-    kWasmF64, kWasmI64, kWasmI32, kWasmF32, kWasmF32, kWasmF32, kWasmF64,
-    kWasmI32], [kWasmF32]);
+let kSig_f_iiliiiffddlifffdi = makeSig([kWasmI32, kWasmI32, kWasmI64,
+    kWasmI32, kWasmI32, kWasmI32, kWasmF32, kWasmF32, kWasmF64, kWasmF64,
+    kWasmI64, kWasmI32, kWasmF32, kWasmF32, kWasmF32, kWasmF64, kWasmI32],
+    [kWasmF32]);
 // Integers and floats don't fit into param registers.
 (function testGenericWrapper17ParamMix() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_f_riiliiiffddlifffdi);
+  let sig_index = builder.addType(kSig_f_iiliiiffddlifffdi);
   let func_index = builder.addImport("mod", "func", sig_index);
   builder.addFunction("main", sig_index)
     .addBody([
@@ -818,17 +771,15 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
       kExprLocalGet, 14,
       kExprLocalGet, 15,
       kExprLocalGet, 16,
-      kExprLocalGet, 17,
       kExprCallFunction, func_index
     ])
     .exportFunc();
 
   let x = 12;
-  function import_func(suspender, param1, param2, param3, param4, param5,
+  function import_func(param1, param2, param3, param4, param5,
       param6, paramf1, paramf2, paramd1, paramd2, param7, param8, paramf3,
       paramf4, paramf5, paramd3, param9) {
     GC();
-    assertInstanceof(suspender, WebAssembly.Suspender);
     x += param1 + 2 * param2 + 3 * Number(param3) + 4 * param4 + 5 * param5
       + 6 * param6 + 7 * Number(param7) + 8 * param8 + 9 * param9;
     let y = 1.0;
@@ -845,7 +796,7 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
   let paramf3 = { valueOf: () => { gc(); return 5.5; } };
   let param9 = { valueOf: () => { gc(); return 0; } };
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertPromiseResult(
       main(param1, 6, 7n, param4, 9, param6, 1.5, 2.5, paramd1,
         4.5, 11n, param8, paramf3, 6.5, 7.5, 8.5, param9),
@@ -862,7 +813,7 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
 
   instance = builder.instantiate();
   function js_caller() {
-    return ToPromising(instance.exports.wasm_fn);
+    return WebAssembly.promising(instance.exports.wasm_fn);
   }
   %PrepareFunctionForOptimization(js_caller);
   js_caller();
@@ -883,21 +834,20 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
     .exportFunc();
 
   let instance = builder.instantiate();
-  let f1 = ToPromising(instance.exports.f1);
+  let f1 = WebAssembly.promising(instance.exports.f1);
   assertPromiseResult(f1(), v => assertEquals(15, v));
 })();
 
 (function testDeoptWithIncorrectNumberOfParams() {
   print(arguments.callee.name);
   const builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32, kWasmI32], [kWasmExternRef]);
+  let sig = makeSig([kWasmI32, kWasmI32], [kWasmExternRef]);
   let sig_index = builder.addType(sig);
   let imp = builder.addImport('q', 'func', sig_index);
   builder.addFunction('main', sig_index)
       .addBody([
           kExprLocalGet, 0,
           kExprLocalGet, 1,
-          kExprLocalGet, 2,
           kExprCallFunction, imp])
       .exportAs('main');
 
@@ -906,7 +856,7 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
   }
 
   let instance = builder.instantiate({q: {func: deopt}});
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   function caller() {
     main(1, 2, 3, 4, 5);
     main(1, 2, 3, 4);
@@ -921,22 +871,22 @@ let kSig_f_riiliiiffddlifffdi = makeSig([kWasmExternRef, kWasmI32, kWasmI32,
 (function testGenericWrapper6Ref7F64Param() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_r_rddrrrrrrddddd = builder.addType(makeSig(
-      [kWasmExternRef, kWasmF64, kWasmF64, kWasmExternRef, kWasmExternRef,
-      kWasmExternRef, kWasmExternRef, kWasmExternRef, kWasmExternRef, kWasmF64,
-      kWasmF64, kWasmF64, kWasmF64, kWasmF64],
-       [kWasmExternRef]));
+  let sig_r_ddrrrrrrddddd = builder.addType(makeSig(
+      [kWasmF64, kWasmF64, kWasmExternRef, kWasmExternRef, kWasmExternRef,
+      kWasmExternRef, kWasmExternRef, kWasmExternRef, kWasmF64, kWasmF64,
+      kWasmF64, kWasmF64, kWasmF64],
+      [kWasmExternRef]));
 
 
-  builder.addFunction("func0", sig_r_rddrrrrrrddddd)
+  builder.addFunction("func0", sig_r_ddrrrrrrddddd)
     .addBody([
-      kExprLocalGet, 8,
+      kExprLocalGet, 7,
       ])
     .exportAs("func0");
 
   let module = new WebAssembly.Module(builder.toBuffer());
   let instance = new WebAssembly.Instance(module);
-  let func0 = ToPromising(instance.exports.func0);
+  let func0 = WebAssembly.promising(instance.exports.func0);
   let res = func0(1, 2, "3", "4", "5", "6", "7", "8", 9, 10, 11, 12, 13);
   assertPromiseResult(res, v => assertEquals("8", v));
 })();
diff --git a/deps/v8/test/mjsunit/wasm/stack-switching-generic-wrapper.js b/deps/v8/test/mjsunit/wasm/stack-switching-generic-wrapper.js
index 41418af5994a4b..b187f40b6123d1 100644
--- a/deps/v8/test/mjsunit/wasm/stack-switching-generic-wrapper.js
+++ b/deps/v8/test/mjsunit/wasm/stack-switching-generic-wrapper.js
@@ -17,9 +17,8 @@ d8.file.execute("test/mjsunit/wasm/stack-switching-export.js");
 (function testGenericWrapperException() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig_index = builder.addType(kSig_v_r);
   let func_index = builder.addImport("mod", "func", kSig_v_v);
-  builder.addFunction("main", sig_index)
+  builder.addFunction("main", kSig_v_v)
     .addBody([
       kExprTry, kWasmVoid,
         kExprCallFunction, func_index,
@@ -39,6 +38,6 @@ d8.file.execute("test/mjsunit/wasm/stack-switching-export.js");
   }
 
   let instance = builder.instantiate({ mod: { func: import_func } });
-  let main = ToPromising(instance.exports.main);
+  let main = WebAssembly.promising(instance.exports.main);
   assertThrowsAsync(main(), RangeError, /Maximum call stack size exceeded/);
 })();
diff --git a/deps/v8/test/mjsunit/wasm/stack-switching-new-api.js b/deps/v8/test/mjsunit/wasm/stack-switching-new-api.js
deleted file mode 100644
index e94ab37137134f..00000000000000
--- a/deps/v8/test/mjsunit/wasm/stack-switching-new-api.js
+++ /dev/null
@@ -1,562 +0,0 @@
-// Copyright 2024 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax --experimental-wasm-jspi
-// Flags: --expose-gc --wasm-stack-switching-stack-size=100
-
-// This is a copy of mjsunit/wasm/stack-switching.js which will migrate to the
-// new API as it is being implemented.
-// Both APIs will be supported at the same time for a short period of time, so
-// we keep both test files until the migration is complete.
-
-d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
-
-(function TestInvalidWrappers() {
-  assertThrows(() => WebAssembly.promising({}), TypeError,
-      /Argument 0 must be a function/);
-  assertThrows(() => WebAssembly.promising(() => {}), TypeError,
-      /Argument 0 must be a WebAssembly exported function/);
-  assertThrows(() => WebAssembly.Suspending(() => {}), TypeError,
-      /WebAssembly.Suspending must be invoked with 'new'/);
-  assertThrows(() => new WebAssembly.Suspending({}), TypeError,
-      /Argument 0 must be a function/);
-})();
-
-(function TestStackSwitchNoSuspend() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprI32Const, 42,
-          kExprGlobalSet, 0,
-          kExprI32Const, 0]).exportFunc();
-  let instance = builder.instantiate();
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  wrapper();
-  assertEquals(42, instance.exports.g.value);
-})();
-
-(function TestStackSwitchSuspend() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, import_index, // suspend
-      ]).exportFunc();
-  let js_import = new WebAssembly.Suspending(() => Promise.resolve(42));
-  let instance = builder.instantiate({m: {import: js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let combined_promise = wrapped_export();
-  assertPromiseResult(combined_promise, v => assertEquals(42, v));
-
-  // Also try with a JS function with a mismatching arity.
-  js_import = new WebAssembly.Suspending((unused) => Promise.resolve(42));
-  instance = builder.instantiate({m: {import: js_import}});
-  wrapped_export = WebAssembly.promising(instance.exports.test);
-  combined_promise = wrapped_export();
-  assertPromiseResult(combined_promise, v => assertEquals(42, v));
-
-  // Also try with a proxy.
-  js_import = new WebAssembly.Suspending(new Proxy(() => Promise.resolve(42), {}));
-  instance = builder.instantiate({m: {import: js_import}});
-  wrapped_export = WebAssembly.promising(instance.exports.test);
-  combined_promise = wrapped_export();
-  assertPromiseResult(combined_promise, v => assertEquals(42, v));
-  %CheckIsOnCentralStack();
-})();
-
-// Check that we can suspend back out of a resumed computation.
-(function TestStackSwitchSuspendLoop() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  // Pseudo-code for the wasm function:
-  // for (i = 0; i < 5; ++i) {
-  //   g = g + import();
-  // }
-  builder.addFunction("test", kSig_i_v)
-      .addLocals(kWasmI32, 1)
-      .addBody([
-          kExprI32Const, 5,
-          kExprLocalSet, 0,
-          kExprLoop, kWasmVoid,
-            kExprCallFunction, import_index, // suspend
-            kExprGlobalGet, 0, // resume
-            kExprI32Add,
-            kExprGlobalSet, 0,
-            kExprLocalGet, 0,
-            kExprI32Const, 1,
-            kExprI32Sub,
-            kExprLocalTee, 0,
-            kExprBrIf, 0,
-          kExprEnd,
-          kExprI32Const, 0,
-      ]).exportFunc();
-  let i = 0;
-  // The n-th call to the import returns a promise that resolves to n.
-  function js_import() {
-    return Promise.resolve(++i);
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-  let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let chained_promise = wrapped_export();
-  assertEquals(0, instance.exports.g.value);
-  assertPromiseResult(chained_promise, _ => assertEquals(15, instance.exports.g.value));
-})();
-
-// Call the GC in the import call.
-(function TestStackSwitchGC() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let gc_index = builder.addImport('m', 'gc', kSig_v_v);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, gc_index,
-          kExprI32Const, 0
-      ]).exportFunc();
-  let js_import = new WebAssembly.Suspending(gc);
-  let instance = builder.instantiate({'m': {'gc': js_import}});
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  wrapper();
-})();
-
-// Call the GC during param conversion.
-(function TestStackSwitchGC2() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let import_index = builder.addImport('m', 'import', kSig_i_i);
-  builder.addFunction("test", kSig_i_i)
-      .addBody([
-          kExprLocalGet, 0,
-          kExprCallFunction, import_index,
-      ]).exportFunc();
-  let js_import = new WebAssembly.Suspending((v) => { return Promise.resolve(v) });
-  let instance = builder.instantiate({'m': {'import': js_import}});
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  let arg = { valueOf: () => { gc(); return 24; } };
-  assertPromiseResult(wrapper(arg), v => assertEquals(arg.valueOf(), v));
-})();
-
-// Check that the suspender does not suspend if the import's
-// return value is not a promise.
-(function TestStackSwitchNoPromise() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, import_index, // suspend
-          kExprGlobalSet, 0, // resume
-          kExprGlobalGet, 0,
-      ]).exportFunc();
-  function js_import() {
-    return 42
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-  let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let result = wrapped_export();
-  assertEquals(42, instance.exports.g.value);
-})();
-
-(function TestStackSwitchSuspendArgs() {
-  print(arguments.callee.name);
-  function reduce(array) {
-    // a[0] + a[1] * 2 + a[2] * 3 + ...
-    return array.reduce((prev, cur, i) => prev + cur * (i + 1));
-  }
-  let builder = new WasmModuleBuilder();
-  // Number of param registers + 1 for both types.
-  let params = [kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32,
-      kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32];
-  let sig = makeSig(params, [kWasmI32]);
-  import_index = builder.addImport('m', 'import', sig);
-  builder.addFunction("test", sig)
-      .addBody([
-          kExprLocalGet, 0, kExprLocalGet, 1, kExprLocalGet, 2, kExprLocalGet, 3,
-          kExprLocalGet, 4, kExprLocalGet, 5, kExprLocalGet, 6, kExprLocalGet, 7,
-          kExprLocalGet, 8, kExprLocalGet, 9, kExprLocalGet, 10, kExprLocalGet, 11,
-          kExprLocalGet, 12,
-          kExprCallFunction, import_index, // suspend
-      ]).exportFunc();
-  function js_import(i1, i2, i3, i4, i5, i6, f1, f2, f3, f4, f5, f6, f7) {
-    return Promise.resolve(reduce(Array.from(arguments)));
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-
-  let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let args = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13];
-  let combined_promise =
-      wrapped_export.apply(null, args);
-  assertPromiseResult(combined_promise, v => assertEquals(reduce(args), v));
-})();
-
-(function TestStackSwitchReturnFloat() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_f_v);
-  builder.addFunction("test", kSig_f_v)
-      .addBody([
-          kExprCallFunction, import_index, // suspend
-      ]).exportFunc();
-  function js_import() {
-    return Promise.resolve(0.5);
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-
-  let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let combined_promise = wrapped_export();
-  assertPromiseResult(combined_promise, v => assertEquals(0.5, v));
-})();
-
-// Throw an exception before suspending. The export wrapper should return a
-// promise rejected with the exception.
-(function TestStackSwitchException1() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let tag = builder.addTag(kSig_v_v);
-  builder.addFunction("throw", kSig_i_v)
-      .addBody([kExprThrow, tag]).exportFunc();
-  let instance = builder.instantiate();
-  let wrapper = WebAssembly.promising(instance.exports.throw);
-  assertThrowsAsync(wrapper(), WebAssembly.Exception);
-})();
-
-// Throw an exception after the first resume event, which propagates to the
-// promise wrapper.
-(function TestStackSwitchException2() {
-  print(arguments.callee.name);
-  let tag = new WebAssembly.Tag({parameters: []});
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  tag_index = builder.addImportedTag('m', 'tag', kSig_v_v);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, import_index,
-          kExprThrow, tag_index
-      ]).exportFunc();
-  function js_import() {
-    return Promise.resolve(42);
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-
-  let instance = builder.instantiate({m: {import: wasm_js_import, tag: tag}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let combined_promise = wrapped_export();
-  assertThrowsAsync(combined_promise, WebAssembly.Exception);
-})();
-
-(function TestStackSwitchPromiseReject() {
-  print(arguments.callee.name);
-  let tag = new WebAssembly.Tag({parameters: ['i32']});
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  tag_index = builder.addImportedTag('m', 'tag', kSig_v_i);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprTry, kWasmI32,
-          kExprCallFunction, import_index,
-          kExprCatch, tag_index,
-          kExprEnd,
-      ]).exportFunc();
-  function js_import() {
-    return Promise.reject(new WebAssembly.Exception(tag, [42]));
-  };
-  let wasm_js_import = new WebAssembly.Suspending(js_import);
-
-  let instance = builder.instantiate({m: {import: wasm_js_import, tag: tag}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  let combined_promise = wrapped_export();
-  assertPromiseResult(combined_promise, v => assertEquals(v, 42));
-})();
-
-function TestNestedSuspenders(suspend) {
-  // Nest two suspenders. The call chain looks like:
-  // outer (wasm) -> outer (js) -> inner (wasm) -> inner (js)
-  // If 'suspend' is true, the inner JS function returns a Promise, which
-  // suspends the inner wasm function, which returns a Promise, which suspends
-  // the outer wasm function, which returns a Promise. The inner Promise
-  // resolves first, which resumes the inner continuation. Then the outer
-  // promise resolves which resumes the outer continuation.
-  // If 'suspend' is false, the inner and outer JS functions return a regular
-  // value and no computation is suspended.
-  let builder = new WasmModuleBuilder();
-  inner_index = builder.addImport('m', 'inner', kSig_i_v);
-  outer_index = builder.addImport('m', 'outer', kSig_i_v);
-  builder.addFunction("outer", kSig_i_v)
-      .addBody([
-          kExprCallFunction, outer_index
-      ]).exportFunc();
-  builder.addFunction("inner", kSig_i_v)
-      .addBody([
-          kExprCallFunction, inner_index
-      ]).exportFunc();
-
-  let inner = new WebAssembly.Suspending(() => suspend ? Promise.resolve(42) : 42);
-
-  let export_inner;
-  let outer = new WebAssembly.Suspending(() => suspend ? export_inner() : 42);
-
-  let instance = builder.instantiate({m: {inner, outer}});
-  export_inner = WebAssembly.promising(instance.exports.inner);
-  let export_outer = WebAssembly.promising(instance.exports.outer);
-  assertPromiseResult(export_outer(), v => assertEquals(42, v));
-}
-
-(function TestNestedSuspendersSuspend() {
-  print(arguments.callee.name);
-  TestNestedSuspenders(true);
-})();
-
-(function TestNestedSuspendersNoSuspend() {
-  print(arguments.callee.name);
-  TestNestedSuspenders(false);
-})();
-
-(function Regress13231() {
-  print(arguments.callee.name);
-  // Check that a promising function with no return is allowed.
-  let builder = new WasmModuleBuilder();
-  builder.addFunction("export", kSig_v_v).addBody([]).exportFunc();
-  let instance = builder.instantiate();
-  let export_wrapper = WebAssembly.promising(instance.exports.export);
-  let export_sig = export_wrapper.type();
-  assertEquals([], export_sig.parameters);
-  assertEquals(['externref'], export_sig.results);
-})();
-
-(function TestStackOverflow() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, 0
-          ]).exportFunc();
-  let instance = builder.instantiate();
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  assertThrowsAsync(wrapper(), RangeError, /Maximum call stack size exceeded/);
-})();
-
-(function SuspendCallRef() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let funcref_type = builder.addType(kSig_i_v);
-  let table = builder.addTable(wasmRefNullType(funcref_type), 1)
-                         .exportAs('table');
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprI32Const, 0, kExprTableGet, table.index,
-          kExprCallRef, funcref_type,
-      ]).exportFunc();
-  let instance = builder.instantiate();
-
-  let funcref = new WebAssembly.Function(
-      {parameters: [], results: ['i32']},
-        new WebAssembly.Suspending(() => Promise.resolve(42)));
-  instance.exports.table.set(0, funcref);
-
-  let exp = WebAssembly.promising(instance.exports.test);
-  assertPromiseResult(exp(), v => assertEquals(42, v));
-})();
-
-(function SuspendCallIndirect() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let functype = builder.addType(kSig_i_v);
-  let table = builder.addTable(kWasmFuncRef, 10, 10);
-  let callee = builder.addImport('m', 'f', kSig_i_v);
-  builder.addActiveElementSegment(table, wasmI32Const(0), [callee]);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprI32Const, 0,
-          kExprCallIndirect, functype, table.index,
-      ]).exportFunc();
-
-  let create_promise = new WebAssembly.Suspending(() => Promise.resolve(42));
-
-  let instance = builder.instantiate({m: {f: create_promise}});
-
-  let exp = WebAssembly.promising(instance.exports.test);
-  assertPromiseResult(exp(), v => assertEquals(42, v));
-})();
-
-(function TestSuspendJSFramesTraps() {
-  // The call stack of this test looks like:
-  // export1 -> import1 -> export2 -> import2
-  // Where export1 is "promising" and import2 is "suspending". Returning a
-  // promise from import2 should trap because of the JS import in the middle.
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let import1_index = builder.addImport("m", "import1", kSig_i_v);
-  let import2_index = builder.addImport("m", "import2", kSig_i_v);
-  builder.addFunction("export1", kSig_i_v)
-      .addBody([
-          // export1 -> import1 (unwrapped)
-          kExprCallFunction, import1_index,
-      ]).exportFunc();
-  builder.addFunction("export2", kSig_i_v)
-      .addBody([
-          // export2 -> import2 (suspending)
-          kExprCallFunction, import2_index,
-      ]).exportFunc();
-  let instance;
-  function import1() {
-    // import1 -> export2 (unwrapped)
-    instance.exports.export2();
-  }
-  function import2() {
-    return Promise.resolve(0);
-  }
-  import2 = new WebAssembly.Suspending(import2);
-  instance = builder.instantiate(
-      {'m':
-        {'import1': import1,
-         'import2': import2
-        }});
-  // export1 (promising)
-  let wrapper = WebAssembly.promising(instance.exports.export1);
-  assertThrowsAsync(wrapper(), WebAssembly.RuntimeError,
-      /trying to suspend JS frames/);
-})();
-
-(function TestSwitchingToTheCentralStackForRuntime() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let table = builder.addTable(kWasmExternRef, 1);
-  let array_index = builder.addArray(kWasmI32, true);
-  let new_space_full_index = builder.addImport('m', 'new_space_full', kSig_v_v);
-  builder.addFunction("test", kSig_i_r)
-      .addBody([
-        kExprLocalGet, 0,
-        kExprI32Const, 1,
-        kNumericPrefix, kExprTableGrow, table.index]).exportFunc();
-  builder.addFunction("test2", kSig_i_r)
-      .addBody([
-        kExprI32Const, 1]).exportFunc();
-  builder.addFunction("test3", kSig_l_v)
-      .addBody([
-        kExprCallFunction, new_space_full_index,
-        ...wasmI64Const(0)
-        ]).exportFunc();
-  builder.addFunction("test4", kSig_v_v)
-      .addBody([
-        kExprCallFunction, new_space_full_index,
-        kExprI32Const, 1,
-        kGCPrefix, kExprArrayNewDefault, array_index,
-        kExprDrop]).exportFunc();
-  function new_space_full() {
-    %SimulateNewspaceFull();
-  }
-  let instance = builder.instantiate({m: {new_space_full}});
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  let wrapper2 = WebAssembly.promising(instance.exports.test2);
-  let wrapper3 = WebAssembly.promising(instance.exports.test3);
-  let wrapper4 = WebAssembly.promising(instance.exports.test4);
-  function switchesToCS(fn) {
-    const beforeCall = %WasmSwitchToTheCentralStackCount();
-    fn();
-    return %WasmSwitchToTheCentralStackCount() - beforeCall;
-  }
-
-  // Calling exported functions from the central stack.
-  assertEquals(0, switchesToCS(() => instance.exports.test({})));
-  assertEquals(0, switchesToCS(() => instance.exports.test2({})));
-  assertEquals(0, switchesToCS(() => instance.exports.test3({})));
-  assertEquals(0, switchesToCS(() => instance.exports.test4({})));
-
-  // Runtime call to table.grow.
-  switchesToCS(wrapper);
-  // No runtime calls.
-  switchesToCS(wrapper2);
-  // Runtime call to allocate the bigint.
-  switchesToCS(wrapper3);
-  // Runtime call for array.new.
-  switchesToCS(wrapper4);
-  %CheckIsOnCentralStack();
-})();
-
-(function TestSwitchingToTheCentralStackForJS() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_v);
-  builder.addFunction("test", kSig_i_v)
-      .addBody([
-          kExprCallFunction, import_index,
-      ]).exportFunc();
-  let js_import = new WebAssembly.Suspending(
-      () => {
-        %CheckIsOnCentralStack();
-        return 123;
-      });
-  let instance = builder.instantiate({m: {import: js_import}});
-  let wrapped_export = WebAssembly.promising(instance.exports.test);
-  assertPromiseResult(wrapped_export(), v => assertEquals(123, v));
-})();
-
-// Test that the wasm-to-js stack params get scanned.
-(function TestSwitchingToTheCentralStackManyParams() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  const num_params = 10;
-  const sig = makeSig(Array(num_params).fill(kWasmExternRef), [kWasmExternRef]);
-  const import_index = builder.addImport('m', 'import_', sig);
-  let body = [];
-  for (let i = 0; i < num_params; ++i) {
-    body.push(kExprLocalGet, i);
-  }
-  body.push(kExprCallFunction, import_index);
-  builder.addFunction("test", sig)
-      .addBody(body).exportFunc();
-  function import_js(arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9) {
-    gc();
-    return [arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9];
-  };
-  import_js();
-  let import_ = new WebAssembly.Suspending(import_js);
-  let instance = builder.instantiate({m: {import_}});
-  let wrapper = WebAssembly.promising(instance.exports.test);
-  let args = Array(num_params).fill({});
-  assertPromiseResult(wrapper(...args), results => { assertEquals(args, results); });
-})();
-
-// Similar to TestNestedSuspenders, but trigger an infinite recursion inside the
-// outer wasm function after the import call. This is likely to crash if the
-// stack limit is not properly restored when we return from the central stack.
-// In particular in the nested case, we should preserve and restore the limit of
-// each intermediate secondary stack.
-(function TestCentralStackReentrency() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  inner_index = builder.addImport('m', 'inner', kSig_i_v);
-  outer_index = builder.addImport('m', 'outer', kSig_i_v);
-  let stack_overflow = builder.addFunction('stack_overflow', kSig_v_v)
-      .addBody([kExprCallFunction, 2]);
-  builder.addFunction("outer", kSig_i_v)
-      .addBody([
-          kExprCallFunction, outer_index,
-          kExprCallFunction, stack_overflow.index,
-      ]).exportFunc();
-  builder.addFunction("inner", kSig_i_v)
-      .addBody([
-          kExprCallFunction, inner_index
-      ]).exportFunc();
-
-  let inner = new WebAssembly.Suspending(() => Promise.resolve(42));
-
-  let export_inner;
-  let outer = new WebAssembly.Suspending(() => export_inner());
-
-  let instance = builder.instantiate({m: {inner, outer}});
-  export_inner = WebAssembly.promising(instance.exports.inner);
-  let export_outer = WebAssembly.promising(instance.exports.outer);
-  assertThrowsAsync(export_outer(), RangeError,
-      /Maximum call stack size exceeded/);
-})();
diff --git a/deps/v8/test/mjsunit/wasm/stack-switching.js b/deps/v8/test/mjsunit/wasm/stack-switching.js
index a04ae4abee652a..2bc27450786d3b 100644
--- a/deps/v8/test/mjsunit/wasm/stack-switching.js
+++ b/deps/v8/test/mjsunit/wasm/stack-switching.js
@@ -1,104 +1,12 @@
-// Copyright 2021 the V8 project authors. All rights reserved.
+// Copyright 2024 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Flags: --allow-natives-syntax --experimental-wasm-jspi
 // Flags: --expose-gc --wasm-stack-switching-stack-size=100
 
-// We pick a small stack size to run the stack overflow test quickly, but big
-// enough to run all the tests.
-
 d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 
-(function TestSuspender() {
-  print(arguments.callee.name);
-  let suspender = new WebAssembly.Suspender();
-  assertTrue(suspender.toString() == "[object WebAssembly.Suspender]");
-  assertThrows(() => WebAssembly.Suspender(), TypeError,
-      /WebAssembly.Suspender must be invoked with 'new'/);
-})();
-
-(function TestSuspenderTypes() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let sig_i_ri = makeSig([kWasmExternRef, kWasmI32], [kWasmI32]);
-  let sig_ii_r = makeSig([kWasmExternRef], [kWasmI32, kWasmI32]);
-  let sig_v_ri = makeSig([kWasmExternRef, kWasmI32], []);
-  builder.addImport('m', 'import', sig_v_ri);
-  builder.addFunction("export", sig_i_ri)
-      .addBody([kExprLocalGet, 1]).exportFunc();
-  builder.addFunction("wrong1", sig_ii_r)
-      .addBody([kExprI32Const, 0, kExprI32Const, 0]).exportFunc();
-  builder.addFunction("wrong2", kSig_v_r)
-      .addBody([]).exportFunc();
-  builder.addFunction("wrong3", kSig_i_v)
-      .addBody([kExprI32Const, 0]).exportFunc();
-  let suspender = new WebAssembly.Suspender();
-  function js_import(i) {
-    return Promise.resolve(42);
-  }
-
-  // Wrap the import, instantiate the module, and wrap the export.
-  let import_wrapper = new WebAssembly.Function(
-      {parameters: ['externref', 'i32'], results: []},
-      js_import,
-      {suspending: 'first'});
-  let instance = builder.instantiate({'m': {'import': import_wrapper}});
-  let export_wrapper = ToPromising(instance.exports.export);
-
-  // Check type errors.
-  assertThrows(() => new WebAssembly.Function(
-      {parameters: ['externref'], results: ['externref']},
-      js_import,
-      {suspending: 'foo'}),
-      TypeError,
-      /JS Promise Integration: Expected suspender position to be "first", "last" or "none"/);
-  // Bad inner signature (promising)
-  for (const f of [instance.exports.wrong1, instance.exports.wrong2, instance.exports.wrong3]) {
-    assertThrows(() => new WebAssembly.Function(
-        {parameters: ['i32'], results: ['externref']},
-        f,
-        {promising: 'first'}),
-        TypeError,
-        /Incompatible signature for promising function/);
-  }
-  // Signature mismatch (suspending)
-  assertThrows(() => new WebAssembly.Function(
-      {parameters: ['externref'], results: []},
-      new WebAssembly.Function(
-          {parameters: [], results: ['i32']}, js_import),
-      {suspending: 'first'}),
-      TypeError,
-      /Incompatible signature for suspending function/);
-  // Signature mismatch (promising)
-  assertThrows(() => new WebAssembly.Function(
-      {parameters: ['externref', 'i32'], results: ['i32']},
-      instance.exports.export,
-      {promising: 'first'}),
-      TypeError,
-      /Incompatible signature for promising function/);
-
-  // Check the wrapped export's signature.
-  let export_sig = export_wrapper.type();
-  assertEquals(['i32'], export_sig.parameters);
-  assertEquals(['externref'], export_sig.results);
-
-  // Check the wrapped import's signature.
-  let import_sig = import_wrapper.type();
-  assertEquals(['externref', 'i32'], import_sig.parameters);
-  assertEquals([], import_sig.results);
-})();
-
-(function TestStackSwitchSuspenderType() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  builder.addFunction("test", kSig_i_r)
-      .addBody([kExprI32Const, 0]).exportFunc();
-  let instance = builder.instantiate();
-  let suspender = new WebAssembly.Suspender();
-  let wrapper = ToPromising(instance.exports.test);
-})();
-
 (function TestInvalidWrappers() {
   print(arguments.callee.name);
   assertThrows(() => WebAssembly.promising({}), TypeError,
@@ -124,13 +32,13 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
           kExprI32Const, 42,
           kExprGlobalSet, 0,
           kExprI32Const, 0]).exportFunc();
   let instance = builder.instantiate();
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   wrapper();
   assertEquals(42, instance.exports.g.value);
 })();
@@ -138,38 +46,28 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 (function TestStackSwitchSuspend() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_r);
-  builder.addFunction("test", kSig_i_r)
+  import_index = builder.addImport('m', 'import', kSig_i_v);
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, import_index, // suspend
       ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => Promise.resolve(42),
-      {suspending: 'first'});
+  let js_import = new WebAssembly.Suspending(() => Promise.resolve(42));
   let instance = builder.instantiate({m: {import: js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let combined_promise = wrapped_export();
   assertPromiseResult(combined_promise, v => assertEquals(42, v));
 
   // Also try with a JS function with a mismatching arity.
-  js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      (unused) => Promise.resolve(42),
-      {suspending: 'first'});
+  js_import = new WebAssembly.Suspending((unused) => Promise.resolve(42));
   instance = builder.instantiate({m: {import: js_import}});
-  wrapped_export = ToPromising(instance.exports.test);
+  wrapped_export = WebAssembly.promising(instance.exports.test);
   combined_promise = wrapped_export();
   assertPromiseResult(combined_promise, v => assertEquals(42, v));
 
   // Also try with a proxy.
-  js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      new Proxy(() => Promise.resolve(42), {}),
-      {suspending: "first"});
+  js_import = new WebAssembly.Suspending(new Proxy(() => Promise.resolve(42), {}));
   instance = builder.instantiate({m: {import: js_import}});
-  wrapped_export = ToPromising(instance.exports.test);
+  wrapped_export = WebAssembly.promising(instance.exports.test);
   combined_promise = wrapped_export();
   assertPromiseResult(combined_promise, v => assertEquals(42, v));
   %CheckIsOnCentralStack();
@@ -180,26 +78,25 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  import_index = builder.addImport('m', 'import', kSig_i_r);
+  import_index = builder.addImport('m', 'import', kSig_i_v);
   // Pseudo-code for the wasm function:
   // for (i = 0; i < 5; ++i) {
   //   g = g + import();
   // }
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addLocals(kWasmI32, 1)
       .addBody([
           kExprI32Const, 5,
-          kExprLocalSet, 1,
+          kExprLocalSet, 0,
           kExprLoop, kWasmVoid,
-            kExprLocalGet, 0,
             kExprCallFunction, import_index, // suspend
             kExprGlobalGet, 0, // resume
             kExprI32Add,
             kExprGlobalSet, 0,
-            kExprLocalGet, 1,
+            kExprLocalGet, 0,
             kExprI32Const, 1,
             kExprI32Sub,
-            kExprLocalTee, 1,
+            kExprLocalTee, 0,
             kExprBrIf, 0,
           kExprEnd,
           kExprI32Const, 0,
@@ -209,12 +106,9 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   function js_import() {
     return Promise.resolve(++i);
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      js_import,
-      {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
   let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let chained_promise = wrapped_export();
   assertEquals(0, instance.exports.g.value);
   assertPromiseResult(chained_promise, _ => assertEquals(15, instance.exports.g.value));
@@ -224,19 +118,15 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 (function TestStackSwitchGC() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let gc_index = builder.addImport('m', 'gc', kSig_v_r);
-  builder.addFunction("test", kSig_i_r)
+  let gc_index = builder.addImport('m', 'gc', kSig_v_v);
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, gc_index,
           kExprI32Const, 0
       ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-          {parameters: ['externref'], results: []},
-          gc,
-          {suspending: 'first'});
+  let js_import = new WebAssembly.Suspending(gc);
   let instance = builder.instantiate({'m': {'gc': js_import}});
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   wrapper();
 })();
 
@@ -244,20 +134,15 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 (function TestStackSwitchGC2() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef, kWasmI32], [kWasmI32]);
-  let import_index = builder.addImport('m', 'import', sig);
-  builder.addFunction("test", sig)
+  let import_index = builder.addImport('m', 'import', kSig_i_i);
+  builder.addFunction("test", kSig_i_i)
       .addBody([
           kExprLocalGet, 0,
-          kExprLocalGet, 1,
           kExprCallFunction, import_index,
       ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-          {parameters: ['externref', 'i32'], results: ['i32']},
-          (v) => { return Promise.resolve(v) },
-          {suspending: 'first'});
+  let js_import = new WebAssembly.Suspending((v) => { return Promise.resolve(v) });
   let instance = builder.instantiate({'m': {'import': js_import}});
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   let arg = { valueOf: () => { gc(); return 24; } };
   assertPromiseResult(wrapper(arg), v => assertEquals(arg.valueOf(), v));
 })();
@@ -268,10 +153,9 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   builder.addGlobal(kWasmI32, true, false).exportAs('g');
-  import_index = builder.addImport('m', 'import', kSig_i_r);
-  builder.addFunction("test", kSig_i_r)
+  import_index = builder.addImport('m', 'import', kSig_i_v);
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, import_index, // suspend
           kExprGlobalSet, 0, // resume
           kExprGlobalGet, 0,
@@ -279,12 +163,9 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   function js_import() {
     return 42
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      js_import,
-      {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
   let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let result = wrapped_export();
   assertEquals(42, instance.exports.g.value);
 })();
@@ -297,29 +178,25 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   }
   let builder = new WasmModuleBuilder();
   // Number of param registers + 1 for both types.
-  let sig = makeSig([kWasmExternRef, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32,
-      kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32], [kWasmI32]);
+  let params = [kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32, kWasmI32,
+      kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32, kWasmF32];
+  let sig = makeSig(params, [kWasmI32]);
   import_index = builder.addImport('m', 'import', sig);
   builder.addFunction("test", sig)
       .addBody([
           kExprLocalGet, 0, kExprLocalGet, 1, kExprLocalGet, 2, kExprLocalGet, 3,
           kExprLocalGet, 4, kExprLocalGet, 5, kExprLocalGet, 6, kExprLocalGet, 7,
           kExprLocalGet, 8, kExprLocalGet, 9, kExprLocalGet, 10, kExprLocalGet, 11,
-          kExprLocalGet, 12, kExprLocalGet, 13,
+          kExprLocalGet, 12,
           kExprCallFunction, import_index, // suspend
       ]).exportFunc();
-  let suspender = new WebAssembly.Suspender();
   function js_import(i1, i2, i3, i4, i5, i6, f1, f2, f3, f4, f5, f6, f7) {
     return Promise.resolve(reduce(Array.from(arguments)));
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref', 'i32', 'i32', 'i32', 'i32', 'i32', 'i32', 'f32',
-        'f32', 'f32', 'f32', 'f32', 'f32', 'f32'], results: ['i32']},
-        js_import,
-        {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
 
   let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let args = [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13];
   let combined_promise =
       wrapped_export.apply(null, args);
@@ -329,23 +206,18 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
 (function TestStackSwitchReturnFloat() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let sig = makeSig([kWasmExternRef], [kWasmF32]);
-  import_index = builder.addImport('m', 'import', sig);
-  builder.addFunction("test", sig)
+  import_index = builder.addImport('m', 'import', kSig_f_v);
+  builder.addFunction("test", kSig_f_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, import_index, // suspend
       ]).exportFunc();
   function js_import() {
     return Promise.resolve(0.5);
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['f32']},
-      js_import,
-      {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
 
   let instance = builder.instantiate({m: {import: wasm_js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let combined_promise = wrapped_export();
   assertPromiseResult(combined_promise, v => assertEquals(0.5, v));
 })();
@@ -356,10 +228,10 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   let tag = builder.addTag(kSig_v_v);
-  builder.addFunction("throw", kSig_i_r)
+  builder.addFunction("throw", kSig_i_v)
       .addBody([kExprThrow, tag]).exportFunc();
   let instance = builder.instantiate();
-  let wrapper = ToPromising(instance.exports.throw);
+  let wrapper = WebAssembly.promising(instance.exports.throw);
   assertThrowsAsync(wrapper(), WebAssembly.Exception);
 })();
 
@@ -369,24 +241,20 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let tag = new WebAssembly.Tag({parameters: []});
   let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_r);
+  import_index = builder.addImport('m', 'import', kSig_i_v);
   tag_index = builder.addImportedTag('m', 'tag', kSig_v_v);
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, import_index,
           kExprThrow, tag_index
       ]).exportFunc();
   function js_import() {
     return Promise.resolve(42);
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      js_import,
-      {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
 
   let instance = builder.instantiate({m: {import: wasm_js_import, tag: tag}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let combined_promise = wrapped_export();
   assertThrowsAsync(combined_promise, WebAssembly.Exception);
 })();
@@ -395,12 +263,11 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   print(arguments.callee.name);
   let tag = new WebAssembly.Tag({parameters: ['i32']});
   let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_r);
+  import_index = builder.addImport('m', 'import', kSig_i_v);
   tag_index = builder.addImportedTag('m', 'tag', kSig_v_i);
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
           kExprTry, kWasmI32,
-          kExprLocalGet, 0,
           kExprCallFunction, import_index,
           kExprCatch, tag_index,
           kExprEnd,
@@ -408,13 +275,10 @@ d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
   function js_import() {
     return Promise.reject(new WebAssembly.Exception(tag, [42]));
   };
-  let wasm_js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      js_import,
-      {suspending: 'first'});
+  let wasm_js_import = new WebAssembly.Suspending(js_import);
 
   let instance = builder.instantiate({m: {import: wasm_js_import, tag: tag}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   let combined_promise = wrapped_export();
   assertPromiseResult(combined_promise, v => assertEquals(v, 42));
 })();
@@ -430,33 +294,25 @@ function TestNestedSuspenders(suspend) {
   // If 'suspend' is false, the inner and outer JS functions return a regular
   // value and no computation is suspended.
   let builder = new WasmModuleBuilder();
-  inner_index = builder.addImport('m', 'inner', kSig_i_r);
-  outer_index = builder.addImport('m', 'outer', kSig_i_r);
-  builder.addFunction("outer", kSig_i_r)
+  inner_index = builder.addImport('m', 'inner', kSig_i_v);
+  outer_index = builder.addImport('m', 'outer', kSig_i_v);
+  builder.addFunction("outer", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, outer_index
       ]).exportFunc();
-  builder.addFunction("inner", kSig_i_r)
+  builder.addFunction("inner", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, inner_index
       ]).exportFunc();
 
-  let inner = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => suspend ? Promise.resolve(42) : 42,
-      {suspending: 'first'});
+  let inner = new WebAssembly.Suspending(() => suspend ? Promise.resolve(42) : 42);
 
   let export_inner;
-  let outer = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => suspend ? export_inner() : 42,
-      {suspending: 'first'});
+  let outer = new WebAssembly.Suspending(() => suspend ? export_inner() : 42);
 
   let instance = builder.instantiate({m: {inner, outer}});
-  export_inner = ToPromising(instance.exports.inner);
-  let export_outer = ToPromising(instance.exports.outer);
+  export_inner = WebAssembly.promising(instance.exports.inner);
+  let export_outer = WebAssembly.promising(instance.exports.outer);
   assertPromiseResult(export_outer(), v => assertEquals(42, v));
 }
 
@@ -474,10 +330,9 @@ function TestNestedSuspenders(suspend) {
   print(arguments.callee.name);
   // Check that a promising function with no return is allowed.
   let builder = new WasmModuleBuilder();
-  let sig_v_r = makeSig([kWasmExternRef], []);
-  builder.addFunction("export", sig_v_r).addBody([]).exportFunc();
+  builder.addFunction("export", kSig_v_v).addBody([]).exportFunc();
   let instance = builder.instantiate();
-  let export_wrapper = ToPromising(instance.exports.export);
+  let export_wrapper = WebAssembly.promising(instance.exports.export);
   let export_sig = export_wrapper.type();
   assertEquals([], export_sig.parameters);
   assertEquals(['externref'], export_sig.results);
@@ -486,94 +341,55 @@ function TestNestedSuspenders(suspend) {
 (function TestStackOverflow() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, 0
           ]).exportFunc();
   let instance = builder.instantiate();
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   assertThrowsAsync(wrapper(), RangeError, /Maximum call stack size exceeded/);
 })();
 
-(function TestBadSuspender() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  let import_index = builder.addImport('m', 'import', kSig_i_r);
-  builder.addFunction("test", kSig_i_r)
-      .addBody([
-          kExprLocalGet, 0,
-          kExprCallFunction, import_index, // suspend
-      ]).exportFunc();
-  builder.addFunction("return_suspender", kSig_r_r)
-      .addBody([
-          kExprLocalGet, 0
-      ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => Promise.resolve(42),
-      {suspending: 'first'});
-  let instance = builder.instantiate({m: {import: js_import}});
-  let suspender = ToPromising(instance.exports.return_suspender)();
-  for (s of [suspender, null, undefined, {}]) {
-    assertThrows(() => instance.exports.test(s),
-        WebAssembly.RuntimeError,
-        /invalid suspender object for suspend/);
-  }
-})();
-
 (function SuspendCallRef() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let funcref_type = builder.addType(kSig_i_r);
+  let funcref_type = builder.addType(kSig_i_v);
   let table = builder.addTable(wasmRefNullType(funcref_type), 1)
                          .exportAs('table');
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprI32Const, 0, kExprTableGet, table.index,
           kExprCallRef, funcref_type,
       ]).exportFunc();
   let instance = builder.instantiate();
 
   let funcref = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => Promise.resolve(42),
-      {suspending: 'first'});
+      {parameters: [], results: ['i32']},
+        new WebAssembly.Suspending(() => Promise.resolve(42)));
   instance.exports.table.set(0, funcref);
 
-  let exp = new WebAssembly.Function(
-      {parameters: [], results: ['externref']},
-      instance.exports.test,
-      {promising: 'first'});
+  let exp = WebAssembly.promising(instance.exports.test);
   assertPromiseResult(exp(), v => assertEquals(42, v));
 })();
 
 (function SuspendCallIndirect() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  let functype = builder.addType(kSig_i_r);
+  let functype = builder.addType(kSig_i_v);
   let table = builder.addTable(kWasmFuncRef, 10, 10);
-  let callee = builder.addImport('m', 'f', kSig_i_r);
+  let callee = builder.addImport('m', 'f', kSig_i_v);
   builder.addActiveElementSegment(table, wasmI32Const(0), [callee]);
-  builder.addFunction("test", kSig_i_r)
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprI32Const, 0,
           kExprCallIndirect, functype, table.index,
       ]).exportFunc();
 
-  let create_promise = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => Promise.resolve(42),
-      {suspending: 'first'});
+  let create_promise = new WebAssembly.Suspending(() => Promise.resolve(42));
 
   let instance = builder.instantiate({m: {f: create_promise}});
 
-  let exp = new WebAssembly.Function(
-      {parameters: [], results: ['externref']},
-      instance.exports.test,
-      {promising: 'first'});
+  let exp = WebAssembly.promising(instance.exports.test);
   assertPromiseResult(exp(), v => assertEquals(42, v));
 })();
 
@@ -585,19 +401,15 @@ function TestNestedSuspenders(suspend) {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   let import1_index = builder.addImport("m", "import1", kSig_i_v);
-  let import2_index = builder.addImport("m", "import2", kSig_i_r);
-  builder.addGlobal(kWasmExternRef, true, false);
-  builder.addFunction("export1", kSig_i_r)
+  let import2_index = builder.addImport("m", "import2", kSig_i_v);
+  builder.addFunction("export1", kSig_i_v)
       .addBody([
           // export1 -> import1 (unwrapped)
-          kExprLocalGet, 0,
-          kExprGlobalSet, 0,
           kExprCallFunction, import1_index,
       ]).exportFunc();
   builder.addFunction("export2", kSig_i_v)
       .addBody([
           // export2 -> import2 (suspending)
-          kExprGlobalGet, 0,
           kExprCallFunction, import2_index,
       ]).exportFunc();
   let instance;
@@ -608,44 +420,18 @@ function TestNestedSuspenders(suspend) {
   function import2() {
     return Promise.resolve(0);
   }
-  import2 = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      import2,
-      {suspending: 'first'});
+  import2 = new WebAssembly.Suspending(import2);
   instance = builder.instantiate(
       {'m':
         {'import1': import1,
          'import2': import2
         }});
   // export1 (promising)
-  let wrapper = new WebAssembly.Function(
-      {parameters: [], results: ['externref']},
-      instance.exports.export1,
-      {promising: 'first'});
+  let wrapper = WebAssembly.promising(instance.exports.export1);
   assertThrowsAsync(wrapper(), WebAssembly.RuntimeError,
       /trying to suspend JS frames/);
 })();
 
-// Regression test for v8:14094.
-// Pass an invalid (null) suspender to the suspending wrapper, but return a
-// non-promise. The import should not trap.
-(function TestImportCheckOrder() {
-  print(arguments.callee.name);
-  let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_r);
-  builder.addFunction("test", kSig_i_r)
-      .addBody([
-          kExprLocalGet, 0,
-          kExprCallFunction, import_index, // suspend
-      ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => 42,
-      {suspending: 'first'});
-  let instance = builder.instantiate({m: {import: js_import}});
-  assertEquals(42, instance.exports.test(null));
-})();
-
 (function TestSwitchingToTheCentralStackForRuntime() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
@@ -660,13 +446,12 @@ function TestNestedSuspenders(suspend) {
   builder.addFunction("test2", kSig_i_r)
       .addBody([
         kExprI32Const, 1]).exportFunc();
-  let sig_l_r = makeSig([kWasmExternRef], [kWasmI64]);
-  builder.addFunction("test3", sig_l_r)
+  builder.addFunction("test3", kSig_l_v)
       .addBody([
         kExprCallFunction, new_space_full_index,
         ...wasmI64Const(0)
         ]).exportFunc();
-  builder.addFunction("test4", kSig_v_r)
+  builder.addFunction("test4", kSig_v_v)
       .addBody([
         kExprCallFunction, new_space_full_index,
         kExprI32Const, 1,
@@ -676,10 +461,10 @@ function TestNestedSuspenders(suspend) {
     %SimulateNewspaceFull();
   }
   let instance = builder.instantiate({m: {new_space_full}});
-  let wrapper = ToPromising(instance.exports.test);
-  let wrapper2 = ToPromising(instance.exports.test2);
-  let wrapper3 = ToPromising(instance.exports.test3);
-  let wrapper4 = ToPromising(instance.exports.test4);
+  let wrapper = WebAssembly.promising(instance.exports.test);
+  let wrapper2 = WebAssembly.promising(instance.exports.test2);
+  let wrapper3 = WebAssembly.promising(instance.exports.test3);
+  let wrapper4 = WebAssembly.promising(instance.exports.test4);
   function switchesToCS(fn) {
     const beforeCall = %WasmSwitchToTheCentralStackCount();
     fn();
@@ -706,21 +491,18 @@ function TestNestedSuspenders(suspend) {
 (function TestSwitchingToTheCentralStackForJS() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  import_index = builder.addImport('m', 'import', kSig_i_r);
-  builder.addFunction("test", kSig_i_r)
+  import_index = builder.addImport('m', 'import', kSig_i_v);
+  builder.addFunction("test", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, import_index,
       ]).exportFunc();
-  let js_import = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
+  let js_import = new WebAssembly.Suspending(
       () => {
         %CheckIsOnCentralStack();
         return 123;
-      },
-      {suspending: 'first'});
+      });
   let instance = builder.instantiate({m: {import: js_import}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   assertPromiseResult(wrapped_export(), v => assertEquals(123, v));
 })();
 
@@ -729,11 +511,10 @@ function TestNestedSuspenders(suspend) {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
   const num_params = 10;
-  let params = Array(num_params + 1 /* suspender */).fill(kWasmExternRef);
-  const sig = makeSig(params, [kWasmExternRef]);
+  const sig = makeSig(Array(num_params).fill(kWasmExternRef), [kWasmExternRef]);
   const import_index = builder.addImport('m', 'import_', sig);
   let body = [];
-  for (let i = 0; i < num_params + 1; ++i) {
+  for (let i = 0; i < num_params; ++i) {
     body.push(kExprLocalGet, i);
   }
   body.push(kExprCallFunction, import_index);
@@ -744,12 +525,9 @@ function TestNestedSuspenders(suspend) {
     return [arg0, arg1, arg2, arg3, arg4, arg5, arg6, arg7, arg8, arg9];
   };
   import_js();
-  let import_ = new WebAssembly.Function(
-      {parameters: Array(num_params + 1).fill('externref'), results: ['externref']},
-      import_js,
-      {suspending: 'first'});
+  let import_ = new WebAssembly.Suspending(import_js);
   let instance = builder.instantiate({m: {import_}});
-  let wrapper = ToPromising(instance.exports.test);
+  let wrapper = WebAssembly.promising(instance.exports.test);
   let args = Array(num_params).fill({});
   assertPromiseResult(wrapper(...args), results => { assertEquals(args, results); });
 })();
@@ -762,47 +540,32 @@ function TestNestedSuspenders(suspend) {
 (function TestCentralStackReentrency() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
-  inner_index = builder.addImport('m', 'inner', kSig_i_r);
-  outer_index = builder.addImport('m', 'outer', kSig_i_r);
+  inner_index = builder.addImport('m', 'inner', kSig_i_v);
+  outer_index = builder.addImport('m', 'outer', kSig_i_v);
   let stack_overflow = builder.addFunction('stack_overflow', kSig_v_v)
       .addBody([kExprCallFunction, 2]);
-  builder.addFunction("outer", kSig_i_r)
+  builder.addFunction("outer", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, outer_index,
           kExprCallFunction, stack_overflow.index,
       ]).exportFunc();
-  builder.addFunction("inner", kSig_i_r)
+  builder.addFunction("inner", kSig_i_v)
       .addBody([
-          kExprLocalGet, 0,
           kExprCallFunction, inner_index
       ]).exportFunc();
 
-  let inner = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => Promise.resolve(42),
-      {suspending: 'first'});
+  let inner = new WebAssembly.Suspending(() => Promise.resolve(42));
 
   let export_inner;
-  let outer = new WebAssembly.Function(
-      {parameters: ['externref'], results: ['i32']},
-      () => export_inner(),
-      {suspending: 'first'});
+  let outer = new WebAssembly.Suspending(() => export_inner());
 
   let instance = builder.instantiate({m: {inner, outer}});
-  export_inner = ToPromising(instance.exports.inner);
-  let export_outer = ToPromising(instance.exports.outer);
+  export_inner = WebAssembly.promising(instance.exports.inner);
+  let export_outer = WebAssembly.promising(instance.exports.outer);
   assertThrowsAsync(export_outer(), RangeError,
       /Maximum call stack size exceeded/);
 })();
 
-(function Regress326106962() {
-  print(arguments.callee.name);
-  const suspender = new WebAssembly.Suspender();
-  suspender.foo = "bar";
-  gc();
-})();
-
 (function TestStackSwitchRegressStackLimit() {
   print(arguments.callee.name);
   let builder = new WasmModuleBuilder();
@@ -821,11 +584,34 @@ function TestNestedSuspenders(suspend) {
           // This call should not throw a stack overflow.
           kExprCallFunction, stackcheck_index,
       ]).exportFunc();
-  let suspend = new WebAssembly.Function(
-      {parameters: ['externref'], results: []},
-      () => Promise.resolve(),
-      {suspending: 'first'});
+  let suspend = new WebAssembly.Suspending(() => Promise.resolve());
   let instance = builder.instantiate({m: {suspend}});
-  let wrapped_export = ToPromising(instance.exports.test);
+  let wrapped_export = WebAssembly.promising(instance.exports.test);
   assertPromiseResult(wrapped_export(), v => assertEquals(undefined, v));
 })();
+
+(function TestSuspendTwoModules() {
+  print(arguments.callee.name);
+  let builder1 = new WasmModuleBuilder();
+  import_index = builder1.addImport('m', 'import', kSig_i_v);
+  builder1.addFunction("f", kSig_i_v)
+      .addBody([
+          kExprCallFunction, import_index, // suspend
+          kExprI32Const, 1,
+          kExprI32Add,
+      ]).exportFunc();
+  let js_import = new WebAssembly.Suspending(() => Promise.resolve(1));
+  let instance1 = builder1.instantiate({m: {import: js_import}});
+  let builder2 = new WasmModuleBuilder();
+  import_index = builder2.addImport('m', 'import', kSig_i_v);
+  builder2.addFunction("main", kSig_i_v)
+      .addBody([
+          kExprCallFunction, import_index,
+          kExprI32Const, 1,
+          kExprI32Add,
+      ]).exportFunc();
+  let instance2 = builder2.instantiate({m: {import: instance1.exports.f}});
+  let wrapped_export = WebAssembly.promising(instance2.exports.main);
+  let combined_promise = wrapped_export();
+  assertPromiseResult(combined_promise, v => assertEquals(3, v));
+})();
diff --git a/deps/v8/test/mjsunit/wasm/turboshaft/reduction-shuffle.js b/deps/v8/test/mjsunit/wasm/turboshaft/reduction-shuffle.js
new file mode 100644
index 00000000000000..552701c1b32aa2
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/turboshaft/reduction-shuffle.js
@@ -0,0 +1,426 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --no-liftoff --no-wasm-lazy-compilation
+// Flags: --turboshaft-wasm --turboshaft-future --enable-testing-opcode-in-wasm
+
+d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');
+d8.file.execute('test/mjsunit/value-helper.js');
+
+(function I8x16UpperToLowerReduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  const shared_simd = [
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprI8x16Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI8x16ReplaceLane, 1,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16ReplaceLane, 2,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI8x16ReplaceLane, 3,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI8x16ReplaceLane, 5,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16ReplaceLane, 6,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI8x16ReplaceLane, 7,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI8x16ReplaceLane, 9,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16ReplaceLane, 10,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI8x16ReplaceLane, 11,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI8x16ReplaceLane, 13,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16ReplaceLane, 14,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI8x16ReplaceLane, 15,
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 8x16
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    kSimdPrefix, kExprI8x16Add,                       // first step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 8x8
+    0x04, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    kSimdPrefix, kExprI8x16Add,                       // second step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 8x4
+    0x02, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    kSimdPrefix, kExprI8x16Add,                       // third step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 16x2
+    0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    kSimdPrefix, kExprI8x16Add,                       // final step of reduction
+  ]
+  const shared_scalar = wasmI32Const(0xFF).concat([
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32And,
+  ]);
+
+  const s8x16 = shared_simd.concat([kSimdPrefix, kExprI8x16ExtractLaneS, 0]);
+  const u8x16 = shared_simd.concat([kSimdPrefix, kExprI8x16ExtractLaneU, 0]);
+  builder.addFunction("sadd_reduce", kSig_i_iiii).addLocals(kWasmS128, 1).addBody(s8x16).exportFunc();
+  builder.addFunction("uadd_reduce", kSig_i_iiii).addLocals(kWasmS128, 1).addBody(u8x16).exportFunc();
+
+  const signed_scalar = shared_scalar.concat([kExprI32SExtendI8]);
+  const unsigned_scalar = shared_scalar.concat([]);
+  builder.addFunction("sadd", kSig_i_iiii).addBody(signed_scalar).exportFunc();
+  builder.addFunction("uadd", kSig_i_iiii).addBody(unsigned_scalar).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let a of int8_array) {
+    for (let b of int8_array) {
+      for (let c of int8_array) {
+        for (let d of int8_array) {
+          assertEquals(wasm.sadd(a, b, c, d),
+                       wasm.sadd_reduce(a, b, c, d));
+          assertEquals(wasm.uadd(a, b, c, d),
+                       wasm.uadd_reduce(a, b, c, d));
+        }
+      }
+    }
+  }
+})();
+
+(function I16x8UpperToLowerReduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  const shared_simd = [
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprI16x8Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI16x8ReplaceLane, 1,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI16x8ReplaceLane, 2,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI16x8ReplaceLane, 3,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI16x8ReplaceLane, 5,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI16x8ReplaceLane, 6,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI16x8ReplaceLane, 7,
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 16x8
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI16x8Add),                       // first step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 16x4
+    0x04, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI16x8Add),                       // second step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 8x2
+    0x02, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI16x8Add),                       // final step of reduction
+  ];
+
+  const shared_scalar = wasmI32Const(0xFFFF).concat([
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32Add,
+    kExprI32And,
+  ]);
+
+  const s16x8 = shared_simd.concat([kSimdPrefix, kExprI16x8ExtractLaneS, 0]);
+  const u16x8 = shared_simd.concat([kSimdPrefix, kExprI16x8ExtractLaneU, 0]);
+  builder.addFunction("sadd_reduce", kSig_i_iiii).addLocals(kWasmS128, 1).addBody(s16x8).exportFunc();
+  builder.addFunction("uadd_reduce", kSig_i_iiii).addLocals(kWasmS128, 1).addBody(u16x8).exportFunc();
+
+  const signed_scalar = shared_scalar.concat([kExprI32SExtendI16]);
+  const unsigned_scalar = shared_scalar.concat([]);
+  builder.addFunction("sadd", kSig_i_iiii).addBody(signed_scalar).exportFunc();
+  builder.addFunction("uadd", kSig_i_iiii).addBody(unsigned_scalar).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let a of int16_array) {
+    for (let b of int16_array) {
+      for (let c of int16_array) {
+        for (let d of int16_array) {
+          assertEquals(wasm.sadd(a, b, c, d),
+                       wasm.sadd_reduce(a, b, c, d));
+          assertEquals(wasm.uadd(a, b, c, d),
+                       wasm.uadd_reduce(a, b, c, d));
+        }
+      }
+    }
+  }
+})();
+
+(function I32x4UpperToLowerReduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addFunction("add_reduce", kSig_i_iiii).addLocals(kWasmS128, 1).addBody([
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprI32x4Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI32x4ReplaceLane, 1,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI32x4ReplaceLane, 2,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprI32x4ReplaceLane, 3,
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 32x4
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI32x4Add),                       // first step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 32x2
+    0x04, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI32x4Add),                       // final step of reduction
+    kSimdPrefix, kExprI32x4ExtractLane, 0,
+  ]).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let idxa = 0; idxa < int32_array.length; ++idxa) {
+    for (let idxb = 0; idxb < int32_array.length; ++idxb) {
+      const idxc = (idxa + 1) % int32_array.length;
+      const idxd = (idxb + 1) % int32_array.length;
+      const a = int32_array[idxa];
+      const b = int32_array[idxb];
+      const c = int32_array[idxc];
+      const d = int32_array[idxd];
+      const expected = 0xFFFFFFFF & (a + b + c + d);
+      assertEquals(expected, wasm.add_reduce(a, b, c, d));
+    }
+  }
+})();
+
+(function F32x4UpperToLowerReduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addFunction("add_reduce", kSig_f_ffff).addLocals(kWasmS128, 1).addBody([
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprF32x4Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprF32x4ReplaceLane, 1,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprF32x4ReplaceLane, 2,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprF32x4ReplaceLane, 3,
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 32x4
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprF32x4Add),                       // first step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // upper-to-lower 32x2
+    0x04, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprF32x4Add),                       // final step of reduction
+    kSimdPrefix, kExprF32x4ExtractLane, 0,
+  ]).exportFunc();
+
+  builder.addFunction("add", kSig_f_ffff).addBody([
+    kExprLocalGet, 0,
+    kExprLocalGet, 2,
+    kExprF32Add,
+    kExprLocalGet, 1,
+    kExprLocalGet, 3,
+    kExprF32Add,
+    kExprF32Add,
+  ]).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let idxa = 0; idxa < float32_array.length; ++idxa) {
+    for (let idxb = 0; idxb < float32_array.length; ++idxb) {
+      const idxc = (idxa + 1) % float32_array.length;
+      const idxd = (idxb + 1) % float32_array.length;
+      const a = float32_array[idxa];
+      const b = float32_array[idxb];
+      const c = float32_array[idxc];
+      const d = float32_array[idxd];
+      assertEquals(wasm.add(a, b, c, d), wasm.add_reduce(a, b, c, d));
+    }
+  }
+})();
+
+(function F32x4PairwiseReduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addFunction("add_reduce", kSig_f_ffff).addLocals(kWasmS128, 1).addBody([
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprF32x4Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprF32x4ReplaceLane, 1,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprF32x4ReplaceLane, 2,
+    kExprLocalGet, 3,
+    kSimdPrefix, kExprF32x4ReplaceLane, 3,
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // pairwise 32x4
+    0x04, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, 0x00,
+    0x0c, 0x0d, 0x0e, 0x0f, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprF32x4Add),                       // first step of reduction
+    kExprLocalTee, 4,
+    kExprLocalGet, 4,
+    kExprLocalGet, 4,
+    kSimdPrefix, kExprI8x16Shuffle,                   // pairwise 32x2
+    0x08, 0x09, 0xa, 0xb, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprF32x4Add),                       // final step of reduction
+    kSimdPrefix, kExprF32x4ExtractLane, 0,
+  ]).exportFunc();
+
+  builder.addFunction("add", kSig_f_ffff).addBody([
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprF32Add,
+    kExprLocalGet, 2,
+    kExprLocalGet, 3,
+    kExprF32Add,
+    kExprF32Add,
+  ]).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let idxa = 0; idxa < float32_array.length; ++idxa) {
+    for (let idxb = 0; idxb < float32_array.length; ++idxb) {
+      const idxc = (idxa + 1) % float32_array.length;
+      const idxd = (idxb + 1) % float32_array.length;
+      const a = float32_array[idxa];
+      const b = float32_array[idxb];
+      const c = float32_array[idxc];
+      const d = float32_array[idxd];
+      assertEquals(wasm.add(a, b, c, d), wasm.add_reduce(a, b, c, d));
+    }
+  }
+})();
+
+(function I64x2Reduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addFunction("add_reduce", kSig_l_ll).addLocals(kWasmS128, 1).addBody([
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprI64x2Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprI64x2ReplaceLane, 1,
+    kExprLocalTee, 2,
+    kExprLocalGet, 2,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16Shuffle,                   // 64x2
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprI64x2Add),                       // final step of reduction
+    kSimdPrefix, kExprI64x2ExtractLane, 0,
+  ]).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let idxa = 0; idxa < uint64_array.length; ++idxa) {
+    for (let idxb = 0; idxb < uint64_array.length; ++idxb) {
+      const a = uint64_array[idxa];
+      const b = uint64_array[idxb];
+      const expected = BigInt.asUintN(64, a + b);
+      assertEquals(expected, BigInt.asUintN(64, wasm.add_reduce(a, b)));
+    }
+  }
+})();
+
+(function F64x2Reduce() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  builder.addFunction("add_reduce", kSig_d_dd).addLocals(kWasmS128, 1).addBody([
+    kExprLocalGet, 0,
+    kSimdPrefix, kExprF64x2Splat,
+    kExprLocalGet, 1,
+    kSimdPrefix, kExprF64x2ReplaceLane, 1,
+    kExprLocalTee, 2,
+    kExprLocalGet, 2,
+    kExprLocalGet, 2,
+    kSimdPrefix, kExprI8x16Shuffle,                   // 64x2
+    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    ...SimdInstr(kExprF64x2Add),                       // final step of reduction
+    kSimdPrefix, kExprF64x2ExtractLane, 0,
+  ]).exportFunc();
+
+  builder.addFunction("add", kSig_d_dd).addBody([
+    kExprLocalGet, 0,
+    kExprLocalGet, 1,
+    kExprF64Add,
+  ]).exportFunc();
+
+  const wasm = builder.instantiate().exports;
+  for (let idxa = 0; idxa < float64_array.length; ++idxa) {
+    for (let idxb = 0; idxb < float64_array.length; ++idxb) {
+      const a = float64_array[idxa];
+      const b = float64_array[idxb];
+      assertEquals(wasm.add(a, b), wasm.add_reduce(a, b));
+    }
+  }
+})();
diff --git a/deps/v8/test/mjsunit/wasm/wasm-interpreter-memory-grow.js b/deps/v8/test/mjsunit/wasm/wasm-interpreter-memory-grow.js
new file mode 100644
index 00000000000000..044b629a82cdd2
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/wasm-interpreter-memory-grow.js
@@ -0,0 +1,47 @@
+// Copyright 2021 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+(function MemoryGrowBoundsCheck() {
+  print("MemoryGrowBoundsCheck");
+  const initial_size = 1; // 64KB
+  const grow_size = 16384-1; // 1GB
+  const final_size = initial_size + grow_size;
+
+  let memory = new WebAssembly.Memory({ initial: initial_size });
+  assertEquals(kPageSize, memory.buffer.byteLength);
+  let i32 = new Int32Array(memory.buffer);
+  let builder = new WasmModuleBuilder();
+  builder.addImportedMemory("foo", "mem");
+  builder.addFunction("load", kSig_i_i)
+    .addBody([kExprLocalGet, 0, kExprI32LoadMem, 0, 0])
+    .exportFunc();
+  builder.addFunction("store", kSig_i_ii)
+    .addBody([kExprLocalGet, 0, kExprLocalGet, 1, kExprI32StoreMem, 0, 0,
+      kExprLocalGet, 1])
+    .exportFunc();
+  var offset;
+  let instance = builder.instantiate({ foo: { mem: memory } });
+  function load() { return instance.exports.load(offset); }
+  function store(value) { return instance.exports.store(offset, value); }
+
+  for (offset = 0; offset < kPageSize - 3; offset += 4) {
+    store(offset);
+  }
+  for (offset = 0; offset < kPageSize - 3; offset += 4) {
+    assertEquals(offset, load());
+  }
+  offset = kPageSize - 3;
+  assertTraps(kTrapMemOutOfBounds, load);
+
+  // Grow memory. The engine will try to grow the memory array, but it might
+  // also allocate a new buffer.
+  memory.grow(grow_size);
+  offset = final_size * kPageSize - 7;
+  store(offset);
+  assertEquals(offset, load());
+  offset = final_size * kPageSize - 3;
+  assertTraps(kTrapMemOutOfBounds, load);
+})();
diff --git a/deps/v8/test/mjsunit/wasm/wasm-interpreter.js b/deps/v8/test/mjsunit/wasm/wasm-interpreter.js
new file mode 100644
index 00000000000000..02025bfc1baeae
--- /dev/null
+++ b/deps/v8/test/mjsunit/wasm/wasm-interpreter.js
@@ -0,0 +1,1890 @@
+// Copyright 2022 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// Flags: --wasm-test-streaming --allow-natives-syntax
+
+d8.file.execute("test/mjsunit/wasm/wasm-module-builder.js");
+
+// Test a sequence of calls JS -> Wasm -> Wasm -> JS -> Wasm.
+(function testMultipleActivations() {
+  print(arguments.callee.name);
+  var instance = null;
+
+  function callSquare(a0, a1, a2, a3) {
+    let r = a0 + a1 + a2 + a3;
+    return instance.exports.square(r);
+  }
+
+  var builder = new WasmModuleBuilder();
+  var kSig_i_iiii = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmI32]);
+
+  var sig_index = builder.addType(kSig_i_iiii);
+
+  // Function 0
+  builder.addImport("o", "func", sig_index);
+
+  // Function 1
+  builder.addFunction("main", kSig_i_i)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      ...wasmI32Const(42),
+      kExprLocalSet, 1,      // $local1 = 42
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprCallFunction, 2,  // Call Wasm function 'foo'
+      ...wasmI32Const(2),    // return foo() * 2
+      kExprI32Mul,           //
+      ])
+    .exportAs("main");
+
+  // Function 2
+  builder.addFunction("foo", kSig_i_iiii)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      ...wasmI32Const(21),   // $local4 = 21
+      kExprLocalSet, 4,      //
+      kExprLocalGet, 3,      // Swap args
+      kExprLocalGet, 2,      //
+      kExprLocalGet, 1,      //
+      kExprLocalGet, 0,      //
+      kExprCallFunction, 0,  // Call JS function 'func'
+      kExprDrop,             // Discard the result
+      kExprLocalGet, 1,      // return $arg1
+    ])
+
+  // Function 3
+  builder.addFunction("square", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprI32Mul])
+    .exportAs("square");
+
+  instance = builder.instantiate({ o: { func: callSquare } });
+  const arg = 3;
+  let result = instance.exports.main(arg);
+  assertEquals(2 * arg, result);
+})();
+
+(function testSpuriousConstInstructions() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // This function contains two I32Const instructions (opcode 0x41), but one of
+  // the const values also contains byte 0x41 as the signed LEB representation
+  // of the const value -63.
+  // Therefore WasmBytecodeGenerator will allocate 3 (and not 2) const slots in
+  // the stack frame for function 'main'.
+  // This function tests that local values are managed correctly in this case.
+  builder.addFunction("main", kSig_i_v)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      0x41, 0x41,            // ...wasmI32Const(-63),
+      ...wasmI32Const(1),
+      kExprCallFunction, 1,  // Call add(-63, 1)
+      kExprLocalGet, 0,
+      kExprI32Add,           // -62 + 0
+      ])
+    .exportAs("main");
+
+  // Function 'add'
+  var kSig_i_ii = makeSig([kWasmI32, kWasmI32], [kWasmI32]);
+  builder.addFunction("add", kSig_i_ii)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 1,
+      kExprI32Add,
+    ])
+
+  instance = builder.instantiate({});
+  let result = instance.exports.main();
+  assertEquals(-62, result);
+})();
+
+// Test that WebAssembly.instantiateStreaming works with the Wasm interpreter.
+(function testAsyncInstantiation() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  function square(val) { return val * val; }
+  function vvFunc() {}
+
+  // Functions 0-63
+  for (let i = 0; i < 32; i++) {
+    builder.addImport("o", "foo", kSig_i_i);
+    builder.addImport("o", "bar", kSig_v_v);
+  }
+
+  // Function 64
+  builder.addFunction("main", kSig_i_i)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      ...wasmI32Const(42),
+      kExprLocalSet, 1,       // $local1 = 42
+      kExprLocalGet, 0,
+      kExprCallFunction, 65,  // Call Wasm function 'f2'
+    ])
+    .exportAs("main");
+
+  // Function 65
+  builder.addFunction("f2", kSig_i_i)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      ...wasmI32Const(21),   // $local1 = 21
+      kExprLocalSet, 1,      //
+      kExprLocalGet, 0,      // Call JS function f3($arg0)
+      kExprCallFunction, 66, //
+      kExprDrop,             // Discard the result
+      kExprLocalGet, 1,
+      kExprCallFunction, 68, // r = f5($local1)
+      kExprCallFunction, 0,  // return callSquare(r)
+    ]);
+
+  // Function 66
+  builder.addFunction("f3", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprI32Mul,
+      kExprCallFunction, 67, // return f4($arg0 * $arg0)
+    ]);
+
+  // Function 67
+  builder.addFunction("f4", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      ...wasmI32Const(1),
+      kExprI32Add,           // return $arg0 + 1
+    ]);
+
+  // Function 68
+  builder.addFunction("f5", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      ...wasmI32Const(2),
+      kExprI32Mul,           // return $arg0 * 2
+    ]);
+
+  let bytes = builder.toBuffer();
+  let promise = WebAssembly.instantiateStreaming(Promise.resolve(bytes),
+    { o: { foo: square, bar: vvFunc } });
+  assertPromiseResult(promise.then(({ module, instance }) => {
+    assertEquals(42 * 42, instance.exports.main(0));
+  }));
+})();
+
+(function testRegressAvoidOverflowInTableFill() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  builder.addTable(kWasmExternRef, 1, 1);
+  builder.addFunction("main", kSig_v_v)
+    .addLocals(kWasmExternRef, 1)
+    .addBody([
+      ...wasmI32Const(1),
+      kExprLocalGet, 0,
+      ...wasmI32Const(4294967295),
+      kNumericPrefix, kExprTableFill, 0
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({});
+
+  // Test that the integer overflow of table's start + count is correctly
+  // handled with a Wasm trap.
+  assertTraps(kTrapTableOutOfBounds, () => instance.exports.main());
+})();
+
+(function testRegressIfBlockStackResizing() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // Returning from an If block should resize the stack to the size expected at
+  // the end of the function. In this case the function main starts with one
+  // element on the stack ($arg0, of type F64) and has no return values, so it
+  // should end with one element on the stack.
+  //
+  // But an Edge bug showed that the logic here was broken in the way
+  // WasmBytecodeGenerator resized the stack at the {end} instruction of the
+  // {if} block, which in this case resulted in a type mismatch for the
+  // arguments of the final I32StoreMem instruction (which expects two I32
+  // values at the top of the stack, but got the F64 value passed as arg).
+  builder.addFunction("main", kSig_v_d)
+    .addBody([
+      ...wasmI32Const(0),
+      kExprBlock, kWasmI32,
+        ...wasmI32Const(1),
+        kExprIf, kWasmVoid,
+          kExprReturn,
+        kExprEnd,
+        ...wasmI32Const(3),
+      kExprEnd,
+      kExprI32StoreMem, 0, 0,
+    ])
+    .exportAs("main");
+  builder.addMemory(1, 1, false);
+
+  let instance = builder.instantiate({});
+  instance.exports.main(.5);
+})();
+
+(function testRegressHandleInvalidAndUnreachableInstructions() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // A Wasm module can have invalid instructions (like the first local.set here)
+  // if they are unreachable. We need to make sure that these instructions are
+  // handled correctly when they can be merged in a super-instruction, as in the
+  // pair(f64.load + local.set) here.
+  builder.addFunction("main", kSig_v_i)
+    .addLocals(kWasmF64, 1)
+    .addBody([
+      kExprUnreachable,
+      kExprLocalSet, 0,
+      kExprLocalGet, 0,
+      kExprF64LoadMem, 0, 0,
+      kExprLocalSet, 1,
+    ])
+    .exportAs("main");
+  builder.addMemory(1, 1, false);
+
+  let instance = builder.instantiate({});
+  assertTraps(kTrapUnreachable, () => instance.exports.main(0));
+})();
+
+(function testRegressExternrefInExternalJSFunctionReturnType() {
+  print(arguments.callee.name);
+  function fn() {
+    return 42;
+  }
+
+  var builder = new WasmModuleBuilder();
+  var kSig_r_i = makeSig([kWasmI32], [kWasmExternRef]);
+
+  // Function 0
+  builder.addImport("o", "func", kSig_r_i);
+
+  // Function 1
+  builder.addFunction("run", kSig_r_v)
+    .addBody([
+      ...wasmI32Const(42),
+      kExprCallFunction, 0,
+    ]);
+
+  // Function 2
+  builder.addFunction("main", kSig_r_v)
+    .addBody([
+      kExprCallFunction, 1,
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate({ o: { func: fn } });
+  instance.exports.main();
+})();
+
+(function testRegressExternrefInExternalJSFunctionArguments() {
+  print(arguments.callee.name);
+  function fn(arg) {
+    return 42;
+  }
+
+  var builder = new WasmModuleBuilder();
+  var kSig_i_r = makeSig([kWasmExternRef], [kWasmI32]);
+
+  // Function 0
+  builder.addImport("o", "func", kSig_i_r);
+
+  // Function 1
+  builder.addFunction("main", kSig_i_r)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprCallFunction, 0,
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate({ o: { func: fn } });
+  instance.exports.main();
+})();
+
+// Test indirect calls to a function in a different Wasm instance that accepts
+// ref arguments and returns ref results.
+(function testRegressReferenceStackIsSharedOnIndirectExternalCalls() {
+  print(arguments.callee.name);
+  let table = new WebAssembly.Table({
+    initial: 10, maximum: 10, element: 'anyfunc',
+  });
+
+  var builder = new WasmModuleBuilder();
+  let sig_index = builder.addType(kSig_r_r);
+  builder.addImportedTable('o', 'table');
+
+  // Function 0
+  builder.addImport("o", "fn", kSig_i_r);
+
+  // Function 1
+  builder.addFunction("func", kSig_r_r)
+    .addBody([
+      kExprLocalGet, 0,
+    ])
+    .exportAs("func");
+
+  // Function 2
+  builder.addFunction("main", kSig_r_r)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+    ])
+    .exportAs("main");
+
+  var instance2 = builder.instantiate({
+    o: {
+      table: table,
+      fn: () => { return 42; },
+    }
+  });
+
+  table.set(0, instance2.exports.func);
+
+  var instance1 = builder.instantiate({
+    o: {
+      table: table,
+      fn: () => { return 42; },
+    }
+  });
+
+  instance1.exports.main(41);
+})();
+
+// Test indirect calling a JS function imported by a different Wasm instance.
+(function WasmCallToFunctionImportedFromAnotherInstance() {
+  print(arguments.callee.name);
+  let table = new WebAssembly.Table({
+    initial: 10, maximum: 10, element: 'anyfunc',
+  });
+
+  var builder = new WasmModuleBuilder();
+  let sig_index = builder.addType(kSig_r_r);
+  builder.addImportedTable('o', 'table');
+
+  // Function 0
+  builder.addImport("o", "fn", kSig_r_r);
+  builder.addExport("fn", 0);
+
+  // Function 1
+  builder.addFunction("main", kSig_r_r)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+    ])
+    .exportAs("main");
+
+  var instance2 = builder.instantiate({
+    o: {
+      table: table,
+      fn: (ref) => { return 42; },
+    }
+  });
+
+  table.set(0, instance2.exports.fn);
+
+  var instance1 = builder.instantiate({
+    o: {
+      table: table,
+      fn: (ref) => { return 43; },
+    }
+  });
+
+  let result = instance1.exports.main(41);
+  assertEquals(42, result);
+})();
+
+// Test recursively calling a function that has ref arguments.
+(function testRegressRefDrop() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // Function 0
+  builder.addFunction("main", kSig_a_v)
+    .addLocals(kWasmI32, 8851)
+    .addBody([
+      kExprLocalGet, ...wasmSignedLeb(8850, 5),
+      kExprDrop,
+      kExprCallFunction, 0,
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate({ o: {} });
+  assertThrows(
+    () => instance.exports.main(0), RangeError);
+})();
+
+// In case of stack overflow was not handled correctly, the call stack was not
+// fully unwound and the execution continued from the next instruction of the
+// caller function.
+(function testRegressCorrectlyUnwindStackOnStackOverflow() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  builder.addFunction("main", kSig_i_v)
+    .addLocals(kWasmF32, 640)
+    .addBody([
+      kExprCallFunction, 0,  // Recursively call main.
+      kExprUnreachable,
+      ...wasmI32Const(0),
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({});
+  assertThrows(() => instance.exports.main(), RangeError);
+})();
+
+// Test that the frame address for a new Activation is correctly calculated
+// for indirect calls to JS functions.
+// (Broke https://silentspacemarine.com/)
+(function testRegressFixIndirectJSFunctionCalls() {
+  print(arguments.callee.name);
+  let table = new WebAssembly.Table({
+    initial: 10, maximum: 10, element: 'anyfunc',
+  });
+
+  var builder = new WasmModuleBuilder();
+  let sig_index = builder.addType(kSig_v_v);
+  builder.addImportedTable('o', 'table');
+
+  // Function 0
+  builder.addImport("o", "fn", kSig_v_v);
+  builder.addExport("fn", 0);
+
+  // Function 1
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprI32Const, 1,
+      kExprCallFunction, 2, // call_foo();
+    ])
+    .exportAs("main");
+
+  // Function 2
+  builder.addFunction("call_foo", kSig_v_v)
+    .addBody([
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+    ]);
+
+  // Function 3
+  builder.addFunction("foo", kSig_v_v)
+    .addLocals(kWasmI32, 8)
+    .addBody([
+    ])
+    .exportAs("foo");
+
+  var instance = null;
+  instance = builder.instantiate({
+    o: {
+      table: table,
+      fn: () => { instance.exports.foo(); },
+    }
+  });
+  table.set(0, instance.exports.fn);
+
+  let result = instance.exports.main();
+  assertEquals(1, result);
+})();
+
+// Fix error decoding i64 atomic instructions.
+(function testRegressI64AtomicInstructionDecoding() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  builder.addFunction("main", kSig_v_v)
+    .addBody([
+      ...wasmI32Const(0), // address
+      ...wasmI64Const(0), // value to add
+      kAtomicPrefix,
+      kExprI64AtomicAdd,
+      0x00, 0x00, 0xad, 0x04,
+      kExprUnreachable,
+    ])
+    .exportAs("main");
+  builder.addMemory(1, 1, false);
+
+  assertThrows(() => builder.instantiate(), WebAssembly.CompileError,
+    /Compiling function #0:\"main\" failed: invalid alignment for atomic operation; expected alignment is 3, actual alignment is 0/);
+})();
+
+// Test capturing a stack trace when calling a JS function imported and exported
+// by a Wasm module.
+(function StackTraceInWasmCallToFunctionImportedFromAnotherInstance() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // Function 0
+  builder.addImport("o", "fn", kSig_r_r);
+  builder.addExport("fn", 0);
+
+  var instance = builder.instantiate({
+    o: {
+      fn: (ref) => {
+        let e = new Error().stack;
+        return e;
+      },
+    }
+  });
+
+  let result = instance.exports.fn(42);
+  assertTrue(result.startsWith("Error"));
+})();
+
+(function testLoadStoreSuperInstruction() {
+  print(arguments.callee.name);
+  let addFunction = function (builder, name, value, makeConstInstr, loadInstr,
+    storeInstr, notEqInstr) {
+    builder.addFunction(name, kSig_v_v)
+      .addBody([
+        ...wasmI32Const(1),
+        ...makeConstInstr(value),
+        storeInstr, 0, 0,
+
+        ...wasmI32Const(2),
+        ...wasmI32Const(0),
+        ...wasmI32Const(1),
+        kExprI32Add,
+        loadInstr, 0, 0,
+        storeInstr, 0, 0,
+
+        ...wasmI32Const(2),
+        loadInstr, 0, 0,
+        ...makeConstInstr(value),
+        notEqInstr,
+        kExprIf, kWasmVoid,
+          kExprUnreachable,
+        kExprEnd,
+      ])
+      .exportAs(name);
+  }
+  var builder = new WasmModuleBuilder();
+  addFunction(builder, "test_i32_r2s_LoadStore", 42, wasmI32Const,
+    kExprI32LoadMem, kExprI32StoreMem, kExprI32Ne);
+  addFunction(builder, "test_f32_r2s_LoadStore", 42.0, wasmF32Const,
+    kExprF32LoadMem, kExprF32StoreMem, kExprF32Ne);
+  addFunction(builder, "test_i64_r2s_LoadStore", 42, wasmI64Const,
+    kExprI64LoadMem, kExprI64StoreMem, kExprI64Ne);
+  addFunction(builder, "test_f64_r2s_LoadStore", 42.0, wasmF64Const,
+    kExprF64LoadMem, kExprF64StoreMem, kExprF64Ne);
+  builder.addMemory(1, 1, false);
+
+  let instance = builder.instantiate({});
+  instance.exports.test_i32_r2s_LoadStore();
+  instance.exports.test_f32_r2s_LoadStore();
+  instance.exports.test_i64_r2s_LoadStore();
+  instance.exports.test_f64_r2s_LoadStore();
+})();
+
+// Test handling exceptions while calling a JS function imported and exported
+// by a Wasm module.
+(function testExceptionFromImportedExportedJSFunction() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // Function 0
+  builder.addImport("o", "fn", kSig_v_v);
+  builder.addExport("fn", 0);
+
+  var instance = builder.instantiate({
+    o: {
+      fn: () => {
+        throw "CRASH";
+      },
+    }
+  });
+
+  var error;
+  try {
+    instance.exports.fn();
+  } catch (e) {
+    error = e;
+  }
+  assertEquals("CRASH", error);
+})();
+
+// Test catching Wasm exceptions thrown after a call to an imported function.
+(function testWasmExceptionCaughtAfterImportedFunctionCall() {
+  print(arguments.callee.name);
+  var instance = null;
+  var builder = new WasmModuleBuilder();
+  let except = builder.addTag(kSig_v_v);
+
+  // Function 0
+  builder.addImport("o", "js_throw", kSig_v_v);
+
+  // Function 1
+  builder.addImport("o", "js2", kSig_v_v);
+
+  // Function 2
+  builder.addFunction("wasm_throw", kSig_v_v)
+    .addBody([
+      kExprThrow, except,
+    ])
+    .exportAs("wasm_throw");
+
+  // Function 3
+  builder.addFunction("fn1", kSig_v_v)
+    .addBody([
+      // Call imported function 'js_throw'.
+      kExprCallFunction, 0,
+      kExprUnreachable,
+    ])
+    .exportAs("fn1");
+
+  // Function 4
+  builder.addFunction("fn2", kSig_v_v)
+    .addBody([
+        // Call imported function 'js2'.
+      kExprCallFunction, 1,
+      kExprUnreachable,
+    ]);
+
+  // Function 5
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprTry, kWasmI32,
+        // Call fn2.
+        kExprCallFunction, 4,
+        kExprI32Const, 0,
+      kExprCatch, except,
+        kExprI32Const, 1,
+      kExprCatchAll,
+        kExprI32Const, 2,
+      kExprEnd,
+    ])
+    .exportAs("main");
+
+  instance = builder.instantiate({
+    o: {
+      js_throw: function () {
+        instance.exports.wasm_throw();
+      },
+      js2: function () {
+        instance.exports.fn1();
+      }
+    }
+  });
+
+  // This call Wasm|main -> Wasm|fn2 -> JS|js2 -> Wasm|fn1 -> JS|js_throw ->
+  //           -> Wasm|wasm_throw.
+  // `wasm_throw` throws an exception that is caught by `main`.
+  let result = instance.exports.main();
+  assertEquals(1, result);
+})();
+
+// Test catching Wasm exceptions thrown after an indirect function call.
+(function testWasmExceptionCaughtAfterIndirectFunctionCall() {
+  print(arguments.callee.name);
+  let table = new WebAssembly.Table({
+    initial: 10, maximum: 10, element: 'anyfunc',
+  });
+
+  var builder = new WasmModuleBuilder();
+  let except = builder.addTag(kSig_v_v);
+  let sig_index = builder.addType(kSig_v_v);
+  builder.addImportedTable('o', 'table');
+
+  // Function 0
+  builder.addFunction("wasm_throw", kSig_v_v)
+    .addBody([
+      kExprThrow, except,
+      kExprUnreachable,
+    ])
+    .exportAs("wasm_throw");
+
+  // Function 1
+  builder.addFunction("fn1", kSig_v_v)
+    .addBody([
+      // Call 'wasm_throw'.
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+      kExprUnreachable,
+    ])
+    .exportAs("fn1");
+
+  // Function 2
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprTry, kWasmI32,
+
+        // Call fn1.
+        kExprI32Const, 1,
+        kExprCallIndirect, sig_index, kTableZero,
+
+        kExprI32Const, 0,
+      kExprCatch, except,
+        kExprI32Const, 1,
+      kExprCatchAll,
+        kExprI32Const, 2,
+      kExprEnd,
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({
+    o: { table: table }
+  });
+
+  table.set(0, instance.exports.wasm_throw);
+  table.set(1, instance.exports.fn1);
+
+  // This call main -> fn1 -> wasm_throw.
+  // `wasm_throw` throws an exception that is caught by `main`.
+  let result = instance.exports.main();
+  assertEquals(1, result);
+})();
+
+// A throw inside the body of a catch block is never caught by the corresponding
+// try block of that catch block.
+(function testWasmCatchHandlerCantCatchExceptionsThrownInThatCatchBlock() {
+  print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+
+  // Function 0
+  builder.addImport("o", "js_throw_1", kSig_v_v);
+
+  // Function 1
+  builder.addImport("o", "js_throw_2", kSig_v_v);
+
+  // Function 2
+  builder.addFunction("main", kSig_i_v)
+    .addBody([
+      kExprTry, kWasmI32,
+        kExprTry, kWasmI32,
+          // Call js_throw_1.
+          kExprCallFunction, 0,
+          kExprI32Const, 0,
+        kExprCatchAll,
+          // Call js_throw_2.
+          kExprCallFunction, 1,
+          kExprI32Const, 1,
+        kExprEnd,
+      kExprCatchAll,
+        kExprI32Const, 2,
+      kExprEnd,
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({
+    o: {
+      js_throw_1: function () {
+        var e = new WebAssembly.Exception();
+        throw e;
+      },
+      js_throw_2: function () {
+        var e = new WebAssembly.Exception();
+        throw e;
+      }
+    }
+  });
+
+  let result = instance.exports.main();
+  assertEquals(2, result);
+})();
+
+// Test a sequence of calls JS -> Wasm-A -> Wasm-B -> Wasm-A.
+(function testMultipleActivationsAcrossInstances() {
+  print(arguments.callee.name);
+  var instanceA = null;
+  var instanceB = null;
+
+  var builderA = new WasmModuleBuilder();
+  let tableA = new WebAssembly.Table({
+    element: "anyfunc",
+    initial: 1,
+    maximum: 1
+  });
+  builderA.addImportedTable("m", "table", 1, 1);
+  var sig_index = builderA.addType(kSig_i_i);
+
+  // Function 0
+  builderA.addFunction("main", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+
+      // Call Wasm function 'callSquare' in module B.
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+
+      // Call Wasm function 'square' in module A.
+      kExprCallFunction, 1,
+    ])
+    .exportAs("main");
+
+  // Function 1
+  builderA.addFunction("square", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      kExprI32Mul])
+    .exportAs("square");
+
+  instanceA = builderA.instantiate({ m: { table: tableA } });
+
+  var builderB = new WasmModuleBuilder();
+
+  // Function 0
+  builderB.addImport("o", "square", kSig_i_i);
+
+  // Function 1
+  builderB.addFunction("call_square", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprCallFunction, 0,  // Call Wasm function 'square' in module A.
+    ])
+    .exportAs("callSquare");
+
+  instanceB = builderB.instantiate({ o: { square: instanceA.exports.square } });
+
+  tableA.set(0, instanceB.exports.callSquare);
+
+  const arg = 3;
+  let result = instanceA.exports.main(arg);
+  assertEquals(arg * arg * arg * arg, result);
+})();
+
+// Test Load+Set superinstructions that set the value of a shared slot.
+(function testRegressSharedSlotsWithLoadSetSuperInstruction() {
+  print(arguments.callee.name);
+  const memory_offset = 1;
+  const old_value = 11;
+  const new_value = 42;
+
+  let addLoadSetTestFunction = function (builder, name, copyFromReg) {
+    builder.addFunction(name, kSig_v_v)
+      .addLocals(kWasmI32, 1)
+      .addBody([
+        // Create a shared slot.
+        ...wasmI32Const(old_value),
+        kExprLocalSet, 0,
+        kExprLocalGet, 0,
+
+        // Write a new value to memory
+        ...wasmI32Const(memory_offset),
+        ...wasmI32Const(new_value),
+        kExprI32StoreMem, 0, 0,
+
+        // Super-instruction: Load+Set.
+        ...wasmI32Const(memory_offset)]
+        .concat(copyFromReg ? [
+          ...wasmI32Const(0),
+          kExprI32Add
+        ] : [])
+        .concat([
+          kExprI32LoadMem, 0, 0,
+          kExprLocalSet, 0,
+
+          // Verify that the set slot contains the new value and that the shared
+          // slot contains the old value.
+          ...wasmI32Const(old_value),
+          kExprI32Ne,
+          kExprIf, kWasmVoid,
+            kExprUnreachable,
+          kExprEnd,
+
+          kExprLocalGet, 0,
+          ...wasmI32Const(new_value),
+          kExprI32Ne,
+          kExprIf, kWasmVoid,
+            kExprUnreachable,
+          kExprEnd
+        ]))
+      .exportAs(name);
+  }
+
+  var builder = new WasmModuleBuilder();
+  builder.addMemory(1, 1, false);
+  addLoadSetTestFunction(builder, "test_r2s_LoadMem_LocalSet", true);
+  addLoadSetTestFunction(builder, "test_s2s_LoadMem_LocalSet", false);
+
+  let instance = builder.instantiate({});
+  instance.exports.test_r2s_LoadMem_LocalSet();
+  instance.exports.test_s2s_LoadMem_LocalSet();
+})();
+
+// Test WorkerThread termination while running in the Wasm interpreter.
+// (This broke https://rummikub-apps.com/?cb=37)
+(function testRegressWorkerThreadTermination() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  builder.addFunction("add", kSig_i_ii)
+    .addBody([kExprLocalGet, 0, kExprLocalGet, 1, kExprI32Add])
+    .exportFunc();
+
+  let module = builder.toModule();
+
+  function workerCode() {
+    onmessage = function (module) {
+      try {
+        let instance = new WebAssembly.Instance(module);
+        let result;
+        postMessage(123);
+        for (let i = 0; i < 10000000; i++) {
+          result = instance.exports.add(40, 2);
+        }
+      } catch (e) {
+        postMessage('ERROR: ' + e);
+      }
+    }
+  }
+
+  let worker = new Worker(workerCode, { type: 'function' });
+  worker.postMessage(module);
+  worker.getMessage();
+  worker.terminate();
+})();
+
+// Test cases where R2R/S2R mode support is not implemented for ref types.
+(function testRegressNoRegisterOptimizationForRefTypes() {
+  print(arguments.callee.name);
+
+  // RefGlobalGet
+  {
+    const builder = new WasmModuleBuilder();
+    let globalref = builder.addImportedGlobal('o', 'g', kWasmExternRef, true);
+
+    builder.addFunction('get_ref_global', kSig_v_r)
+      .exportFunc()
+      .addBody([
+        kExprLocalGet, 0,
+        kExprGlobalSet, globalref,
+        kExprGlobalGet, globalref,
+        kExprGlobalSet, globalref,
+      ]);
+
+    let ref_global = new WebAssembly.Global({mutable: true, value: 'externref'});
+    var instance = builder.instantiate({o: {g: ref_global}});
+    let obj = {foo: 'bar'};
+    instance.exports.get_ref_global(obj);
+    assertEquals(obj, ref_global.value);
+  }
+
+  // RefSelect
+  {
+    const builder = new WasmModuleBuilder();
+    let globalref = builder.addImportedGlobal('o', 'g', kWasmExternRef, true);
+
+    builder.addFunction('select_ref', kSig_v_r)
+      .exportFunc()
+      .addBody([
+        kExprLocalGet, 0,
+        kExprLocalGet, 0,
+        kExprI32Const, 0,
+        kExprSelectWithType, 1, kExternRefCode,
+        kExprGlobalSet, globalref,
+      ]);
+
+    let ref_global = new WebAssembly.Global({mutable: true, value: 'externref'});
+    var instance = builder.instantiate({o: {g: ref_global}});
+    let obj = {foo: 'bar'};
+    instance.exports.select_ref(obj);
+    assertEquals(obj, ref_global.value);
+  }
+})();
+
+// Unreachable select instruction may not have enough stack values.
+(function testRegressUnreachableSelect() {
+  const builder = new WasmModuleBuilder();
+  builder.addFunction('select', kSig_v_v)
+    .exportFunc()
+    .addBody([
+      kExprReturn,
+      kExprSelect,
+      kExprDrop,
+    ]);
+
+  var instance = builder.instantiate({});
+  instance.exports.select();
+})();
+
+// Test resizing the IndirectCallTable while in the middle of an indirect call.
+(function testIndirectCallTableResizingInExecuteIndirectCall() {
+  print(arguments.callee.name);
+
+  var instance = null;
+  function jsFunc0(val) {
+    return val + val;
+  }
+  function jsFunc1(val) {
+    return val * val;
+  }
+  function jsFunc2(val) {
+    table.grow(61); // Resize table from 3 to 64 elements.
+    table.set(63, instance.exports.func3);
+    return instance.exports.foo(val);
+  }
+  function jsFunc3(val) {
+    return val;
+  }
+
+  let table = new WebAssembly.Table({
+    initial: 3, maximum: 64, element: 'anyfunc',
+  });
+
+  var builder = new WasmModuleBuilder();
+  let sig_index = builder.addType(kSig_i_i);
+  builder.addImportedTable('o', 'table');
+
+  // Functions 0-3
+  builder.addImport("o", "func0", sig_index);
+  builder.addExport("func0", 0);
+  builder.addImport("o", "func1", sig_index);
+  builder.addExport("func1", 1);
+  builder.addImport("o", "func2", sig_index);
+  builder.addExport("func2", 2);
+  builder.addImport("o", "func3", sig_index);
+  builder.addExport("func3", 3);
+
+  // Function 4
+  builder.addFunction("foo", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+      ...wasmI32Const(63),
+      kExprCallIndirect, sig_index, kTableZero,
+    ])
+    .exportAs("foo");
+
+  // Function 5
+  builder.addFunction("main", kSig_i_i)
+    .addBody([
+      kExprLocalGet, 0,
+
+      kExprI32Const, 0,
+      kExprCallIndirect, sig_index, kTableZero,
+
+      kExprI32Const, 1,
+      kExprCallIndirect, sig_index, kTableZero,
+
+      kExprI32Const, 2,
+      kExprCallIndirect, sig_index, kTableZero,
+    ])
+    .exportAs("main");
+
+  instance = builder.instantiate(
+    {
+      o: {
+        table: table,
+        func0: jsFunc0, func1: jsFunc1, func2: jsFunc2, func3: jsFunc3
+      }
+    });
+  table.set(0, instance.exports.func0);
+  table.set(1, instance.exports.func1);
+  table.set(2, instance.exports.func2);
+
+  const arg = 42;
+  let result = instance.exports.main(arg);
+  assertEquals((arg*2)*(arg*2), result);
+})();
+
+(function TestReturnCallWithRefArgs() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+
+  let append_dot = builder.addImport("q", "append_dot", kSig_r_r);
+
+  // construct the code for the function
+  // main(N,X) where N=<1 => X
+  // main(N,X) => main(N-1, X + ".")
+  let kSig_r_ir = makeSig([kWasmI32, kWasmExternRef], [kWasmExternRef]);
+  let sig_r_v = builder.addType(kSig_r_v);
+  let main = builder.addFunction("main", kSig_r_ir);
+  main.addBody([
+    kExprLocalGet, 0,
+    kExprI32Const, 0,
+    kExprI32LeS,
+    kExprIf, sig_r_v,
+    kExprLocalGet, 1,
+    kExprElse,
+    kExprLocalGet, 0,
+    kExprI32Const, 1,
+    kExprI32Sub,
+    kExprLocalGet, 1,
+    kExprCallFunction, append_dot,
+    kExprReturnCall, main.index,
+    kExprEnd
+  ]).exportFunc();
+
+  let module = builder.instantiate({
+    q: {
+      append_dot: function (s) { return s + '.'; }
+    }
+  });
+
+  let result = module.exports.main(4, "");
+  assertEquals(4, result.length);
+})();
+
+(function TestReturnCallImportedWithRefArgs() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+
+  let append_dot = builder.addImport("q", "append_dot", kSig_r_r);
+
+  let kSig_r_ir = makeSig([kWasmI32, kWasmExternRef], [kWasmExternRef]);
+  let sig_r_ir = builder.addType(kSig_r_ir);
+  let call_main = builder.addImport("q", "call_main", sig_r_ir);
+
+  // construct the code for the function
+  // main(N,X) where N=<1 => X
+  // main(N,X) => call_main(N-1, X + ".")
+  // where call_main(x, y) is an imported JS function that calls main(x, y).
+  let sig_r_v = builder.addType(kSig_r_v);
+  let main = builder.addFunction("main", kSig_r_ir);
+  main.addBody([
+    kExprLocalGet, 0,
+    kExprI32Const, 0,
+    kExprI32LeS,
+    kExprIf, sig_r_v,
+      kExprLocalGet, 1,
+    kExprElse,
+      kExprLocalGet, 0,
+      kExprI32Const, 1,
+      kExprI32Sub,
+      kExprLocalGet, 1,
+      kExprCallFunction, append_dot,
+      kExprReturnCall, call_main,
+    kExprEnd
+  ]).exportFunc();
+
+  let module = builder.instantiate({
+    q: {
+      append_dot: function (s) { return s + '.'; },
+      call_main: function (arg1, arg2) {
+        return module.exports.main(arg1, arg2);
+      }
+
+    }
+  });
+
+  let result = module.exports.main(4, "");
+  assertEquals(4, result.length);
+})();
+
+(function TestReturnCallIndirectWithRefArgs() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+
+  let append_dot = builder.addImport("q", "append_dot", kSig_r_r);
+
+  // construct the code for the function
+  // main(N,X) where N=<1 => X
+  // main(N,X) => main(N-1, X + ".")
+  // where main(x, y) is called with an indirect call to table[tableIndex].
+  let kSig_r_ir = makeSig([kWasmI32, kWasmExternRef], [kWasmExternRef]);
+  let sig_r_ir = builder.addType(kSig_r_ir);
+  let sig_r_v = builder.addType(kSig_r_v);
+  let main = builder.addFunction("main", kSig_r_ir);
+  main.addBody([
+    kExprLocalGet, 0,
+    kExprI32Const, 0,
+    kExprI32LeS,
+    kExprIf, sig_r_v,
+    kExprLocalGet, 1,
+    kExprElse,
+    kExprLocalGet, 0,
+    kExprI32Const, 1,
+    kExprI32Sub,
+    kExprLocalGet, 1,
+    kExprCallFunction, append_dot,
+    kExprI32Const, 0,
+    kExprReturnCallIndirect, sig_r_ir, kTableZero,
+    kExprEnd
+  ]).exportFunc();
+
+  builder.appendToTable([main.index]);
+
+  let module = builder.instantiate({
+    q: {
+      append_dot: function (s) { return s + '.'; }
+    }
+  });
+
+  let result = module.exports.main(4, "");
+  assertEquals(4, result.length);
+})();
+
+(function TestImportIndirectReturnCallWithRefArgs() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+
+  let append_dot = builder.addImport("q", "append_dot", kSig_r_r);
+
+  let kSig_r_ir = makeSig([kWasmI32, kWasmExternRef], [kWasmExternRef]);
+  let sig_r_ir = builder.addType(kSig_r_ir);
+  let call_main = builder.addImport("q", "call_main", sig_r_ir);
+  builder.addTable(kWasmAnyFunc, 4);
+  // Arbitrary location in the table.
+  const tableIndex = 3;
+  builder.addActiveElementSegment(0, wasmI32Const(tableIndex), [call_main]);
+
+  // construct the code for the function
+  // main(N,X) where N=<1 => X
+  // main(N,X) => main(N-1, X + ".")
+  // where main(x, y) is called through an indirect call to table[tableIndex] ->
+  // (imported JS function) call_main(x, y).
+  let sig_r_v = builder.addType(kSig_r_v);
+  let mainFn = builder.addFunction("main", kSig_r_ir);
+  mainFn.addBody([
+    kExprLocalGet, 0,
+    kExprI32Const, 0,
+    kExprI32LeS,
+    kExprIf, sig_r_v,
+    kExprLocalGet, 1,
+    kExprElse,
+    kExprLocalGet, 0,
+    kExprI32Const, 1,
+    kExprI32Sub,
+    kExprLocalGet, 1,
+    kExprCallFunction, append_dot,
+    kExprI32Const, tableIndex,
+    kExprReturnCallIndirect, sig_r_ir, kTableZero,
+    kExprEnd
+  ]).exportAs("main");
+
+  builder.appendToTable([mainFn.index]);
+
+  let module = builder.instantiate({
+    q: {
+      append_dot: function (s) { return s + '.'; },
+      call_main: function (arg1, arg2) {
+        return module.exports.main(arg1, arg2);
+      }
+    }
+  });
+
+  let result = module.exports.main(4, "");
+  assertEquals(4, result.length);
+})();
+
+(function TestImportIndirectReturnCallOnDifferentInstanceWithRefArgs() {
+  print(arguments.callee.name);
+
+  let table1 = new WebAssembly.Table({
+    initial: 4, maximum: 4, element: 'anyfunc',
+  });
+  let table2 = new WebAssembly.Table({
+    initial: 4, maximum: 4, element: 'anyfunc',
+  });
+  // Arbitrary location in the table.
+  const tableIndex = 3;
+
+  let builder = new WasmModuleBuilder();
+  builder.addImportedTable("q", 'table');
+
+  // Function 0
+  let append_dot = builder.addImport("q", "append_dot", kSig_r_r);
+
+  let kSig_r_ir = makeSig([kWasmI32, kWasmExternRef], [kWasmExternRef]);
+  let sig_r_ir = builder.addType(kSig_r_ir);
+  // Function 1
+  let call_main = builder.addImport("q", "call_main", sig_r_ir);
+  builder.addExport("call_main", 1);
+
+  // construct the code for the function
+  // main(N,X) where N=<1 => X
+  // main(N,X) => main(N-1, X + ".")
+  // where main(x, y) is called with an indirect call to table[tableIndex].
+  // There are two instance of the same module, and in both instances
+  // table[tableIndex] -> instance1.main().
+  let sig_r_v = builder.addType(kSig_r_v);
+  let mainFn = builder.addFunction("main", kSig_r_ir);
+  // Function 2
+  mainFn.addBody([
+    kExprLocalGet, 0,
+    kExprI32Const, 0,
+    kExprI32LeS,
+    kExprIf, sig_r_v,
+    kExprLocalGet, 1,
+    kExprElse,
+    kExprLocalGet, 0,
+    kExprI32Const, 1,
+    kExprI32Sub,
+    kExprLocalGet, 1,
+    kExprCallFunction, append_dot,
+    kExprI32Const, tableIndex,
+    kExprReturnCallIndirect, sig_r_ir, kTableZero,
+    kExprEnd
+  ]).exportAs("main");
+
+  let instance1 = builder.instantiate({
+    q: {
+      table: table1,
+      append_dot: function (s) { return s + '.'; },
+      call_main: function (arg1, arg2) {
+        return instance1.exports.main(arg1, arg2);
+      }
+    }
+  });
+  table1.set(tableIndex, instance1.exports.call_main);
+
+  let instance2 = builder.instantiate({
+    q: {
+      table: table2,
+      append_dot: function (s) { return s + '.'; },
+      call_main: function (arg1, arg2) {
+        return instance1.exports.main(arg1, arg2);
+      }
+    }
+  });
+  table2.set(tableIndex, instance1.exports.main);
+
+  let result = instance2.exports.main(4, "");
+  assertEquals(4, result.length);
+})();
+
+(function TestRefTailCall() {
+  print(arguments.callee.name);
+
+  let builder = new WasmModuleBuilder();
+
+  var sig_index = builder.addType(kSig_i_ii);
+
+  builder.addFunction("main", makeSig(
+    [wasmRefType(sig_index), kWasmI32, kWasmI32], [kWasmI32]))
+    .addBody([kExprLocalGet, 1, kExprLocalGet, 2, kExprLocalGet, 0,
+      kExprReturnCallRef, sig_index])
+    .exportFunc();
+
+  builder.addFunction("sub", sig_index)
+    .addBody([kExprLocalGet, 0, kExprLocalGet, 1, kExprI32Sub])
+    .exportFunc();
+
+  let instance = builder.instantiate({});
+
+  let result = instance.exports.main(instance.exports.sub, 12, 7);
+  assertEquals(5, result);
+})();
+
+(function TestTailCallsMadeFollowingInstructionsUnreachable() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  const table = builder.addTable(kWasmFuncRef, 2, 2);
+  let sig_index = builder.addType(kSig_v_i);
+
+  builder.addFunction("main", kSig_v_i)
+    .addBody([
+      kExprLocalGet, 0,
+      ...wasmI32Const(0),
+      kExprI32Eq,
+      kExprIf, kWasmVoid,
+        kExprReturn,
+      kExprEnd,
+      ...wasmI32Const(0),
+      kExprReturnCall, 0,
+      ...wasmI32Const(42),
+      kExprCallIndirect, sig_index, kTableZero,
+    ])
+    .exportAs("main");
+
+  instance = builder.instantiate({ imports: { table } });
+  instance.exports.main(42);
+})();
+
+// Test Isolate::PrintStack() with interpreter frames.
+(function StackTraceInWasmCallToFunctionImportedFromAnotherInstance() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+
+  // Function 0
+  builder.addImport("o", "foo", kSig_v_v);
+
+  // Function 1
+  builder.addFunction("main", kSig_v_v)
+    .addBody([
+      kExprCallFunction, 0,  // Call Wasm function 'foo'
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate({
+    o: {
+      foo: (ref) => {
+        %DebugTrace();
+      },
+    }
+  });
+
+  instance.exports.main();
+})();
+
+(function TestReturnCallRefMadeFollowingInstructionsUnreachable() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  let sig_index = builder.addType(kSig_l_v);
+
+  builder.addFunction("main", kSig_l_i)
+    .addBody([
+      kExprRefNull, sig_index,
+      kExprReturnCallRef, sig_index,
+      kExprLocalSet, 0
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate();
+  assertThrows(() => instance.exports.main(42), WebAssembly.RuntimeError);
+})();
+
+(function TestPassingRefArgsAcrossJsCalls() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  var instance = null;
+
+  // Function 0
+  builder.addImport("o", "a", kSig_v_v);
+
+  // Function 1
+  builder.addImport("o", "b", kSig_v_r);
+
+  // Function 2
+  builder.addFunction("outer", kSig_v_r)
+    .addBody([
+      kExprCallFunction, 0,  // Call JS function 'a'
+      kExprLocalGet, 0,
+      kExprCallFunction, 1,  // Call JS function 'b'
+    ])
+    .exportAs("outer");
+
+  // Function 3
+  builder.addFunction("inner", kSig_v_r)
+    .addBody([
+    ])
+    .exportAs("inner");
+
+  instance = builder.instantiate({
+    o: {
+      a: function () {
+        instance.exports.inner(null);
+      },
+      b: function (state) {
+        state.push(42);
+      },
+    }
+  });
+
+  instance.exports.outer([]);
+})();
+
+(function TestCompactCopySlotOptimizationAcrossLoops() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  let sig_i_i = builder.addType(kSig_i_i);
+
+  builder.addFunction("main", kSig_v_i)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLocalGet, 0,
+      kExprLoop, sig_i_i,
+      kExprLocalSet, 1,
+      kExprLocalGet, 0,
+      kExprLocalGet, 0,
+      ...wasmI32Const(0),
+      kExprLocalSet, 0,
+      kExprBrIf, 0,
+      kExprEnd,
+      kExprDrop,
+    ])
+    .exportAs("main");
+
+  var instance = builder.instantiate();
+  instance.exports.main(1);
+})();
+
+(function TestWasmGCSubytypeCheck() {
+  print(arguments.callee.name);
+  let builder = new WasmModuleBuilder();
+  let structSuper = builder.addStruct([makeField(kWasmI32, true)]);
+  let structTypes = [];
+  for (let i = 0; i < 50; i++) {
+    structTypes[i] = structSuper;
+    structSuper = builder.addStruct([makeField(kWasmI32, true)], structSuper);
+  }
+
+  builder.addFunction("main", kSig_v_v)
+    .addBody([
+      ...wasmI32Const(0),
+      kGCPrefix, kExprStructNew, structTypes[0],
+      kGCPrefix, kExprRefCast, structTypes[31],
+      kExprDrop
+    ])
+    .exportAs("main");
+
+  instance = builder.instantiate();
+  assertTraps(kTrapIllegalCast, () => instance.exports.main());
+})();
+
+(function TestWasmGCBrOnNonNull() {
+  print(arguments.callee.name);
+  const builder = new WasmModuleBuilder();
+  let array_type_index = builder.addArray(kWasmI32, true);
+  let struct_type_index = builder.addStruct([makeField(kWasmI32, true)]);
+  let sig_v_v = builder.addType(kSig_v_v);
+  let sig_i_v = builder.addType(kSig_i_v);
+
+  builder.addFunction("test_br_on_non_null_with_nullref_nonvoidsig", kSig_i_i)
+    .exportAs("test_br_on_non_null_with_nullref_nonvoidsig").addBody([
+      kExprLoop, sig_i_v,
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNewDefault, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprRefNull, array_type_index,
+        kExprBrOnNonNull, 0, // drop null ref and don't jump
+        kExprDrop, // drop the struct
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+      kExprEnd,
+  ]);
+
+  builder.addFunction("test_br_on_non_null_with_nullref_voidsig", kSig_v_v)
+    .exportAs("test_br_on_non_null_with_nullref_voidsig").addBody([
+      kExprLoop, sig_v_v,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprRefNull, array_type_index,
+        kExprBrOnNonNull, 0, // drop null ref and don't jump
+        kExprDrop, // drop the struct
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_non_null_with_nonnullref_nonvoidsig", kSig_i_i)
+    .exportAs("test_br_on_non_null_with_nonnullref_nonvoidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_i_v,
+        ...wasmI32Const(42),
+        kExprLocalGet, 1,
+        ...wasmI32Const(1),
+        kExprLocalSet, 1, // set local to 0 to end loop at next iteration.
+        kExprBrIf, 1,
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNewDefault, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprBrOnNonNull, 0, // non null ref => fallthru
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+        kExprDrop,
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_non_null_with_nonnullref_voidsig", kSig_v_i)
+    .exportAs("test_br_on_non_null_with_nonnullref_voidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_v_v,
+        kExprLocalGet, 1,
+        ...wasmI32Const(1),
+        kExprLocalSet, 1, // set local to 0 to end loop at next iteration.
+        kExprBrIf, 1,
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNewDefault, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprBrOnNonNull, 0, // non null ref => fallthru
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+        kExprDrop,
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_null_with_nullref_nonvoidsig", kSig_i_i)
+    .exportAs("test_br_on_null_with_nullref_nonvoidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_i_v,
+        ...wasmI32Const(42),
+        kExprLocalGet, 1,
+        ...wasmI32Const(1),
+        kExprLocalSet, 1, // set local to 0 to end loop at next iteration.
+        kExprBrIf, 1,
+        ...wasmI32Const(5),
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNew, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprRefNull, array_type_index,
+        kExprBrOnNull, 0,
+        kExprDrop, // drop the ref
+        kExprDrop, // drop the struct
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+        kExprDrop,
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_null_with_nullref_voidsig", kSig_v_v)
+    .exportAs("test_br_on_null_with_nullref_voidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_v_v,
+        kExprLocalGet, 0,
+        ...wasmI32Const(1),
+        kExprLocalSet, 0, // set local to 0 to end loop at next iteration.
+        kExprBrIf, 1,
+        kExprRefNull, array_type_index,
+        kExprBrOnNull, 0,
+        kExprDrop, // drop the ref
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_null_with_nonnullref_nonvoidsig", kSig_i_i)
+    .exportAs("test_br_on_null_with_nonnullref_nonvoidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_i_v,
+        ...wasmI32Const(42),
+        kExprLocalGet, 1,
+        kExprBrIf, 1,
+        ...wasmI32Const(5),
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNew, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprBrOnNull, 0,
+        kExprDrop, // drop the struct
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+        kExprLocalSet, 1, // set local to end loop
+      kExprEnd,
+    ]);
+
+  builder.addFunction("test_br_on_null_with_nonnullref_voidsig", kSig_v_i)
+    .exportAs("test_br_on_null_with_nonnullref_voidsig")
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprLoop, sig_v_v,
+        kExprLocalGet, 1,
+        kExprBrIf, 1,
+        ...wasmI32Const(5),
+        ...wasmI32Const(5),
+        kGCPrefix, kExprArrayNew, array_type_index,
+        ...wasmI32Const(-8),
+        kGCPrefix, kExprStructNew, struct_type_index,
+        kExprBrOnNull, 0,
+        kExprDrop, // drop the struct
+        kExprLocalGet, 0, // array index
+        kGCPrefix, kExprArrayGet, array_type_index,
+        kExprLocalSet, 1, // set local to end loop
+      kExprEnd,
+    ]);
+
+  let instance = builder.instantiate();
+  assertEquals(0, instance.exports.test_br_on_non_null_with_nullref_nonvoidsig(1));
+  assertTraps(kTrapArrayOutOfBounds, () => instance.exports.test_br_on_non_null_with_nullref_nonvoidsig(1234));
+  instance.exports.test_br_on_non_null_with_nullref_voidsig();
+  assertEquals(42, instance.exports.test_br_on_non_null_with_nonnullref_nonvoidsig(1234));
+  instance.exports.test_br_on_non_null_with_nonnullref_voidsig(1234);
+  assertEquals(42, instance.exports.test_br_on_null_with_nullref_nonvoidsig(1234));
+  instance.exports.test_br_on_null_with_nullref_voidsig();
+  assertEquals(42, instance.exports.test_br_on_null_with_nonnullref_nonvoidsig(1));
+  assertTraps(kTrapArrayOutOfBounds, () => instance.exports.test_br_on_null_with_nonnullref_nonvoidsig(1234));
+  instance.exports.test_br_on_null_with_nonnullref_voidsig(1);
+  assertTraps(kTrapArrayOutOfBounds, () => instance.exports.test_br_on_null_with_nonnullref_voidsig(1234));
+})();
+
+(function testNestedTryCatch() {
+  print(arguments.callee.name);
+  var builder = new WasmModuleBuilder();
+  let except = builder.addTag(kSig_v_v);
+
+  builder.addFunction("main", kSig_i_iii)
+    .addBody([
+      kExprTry, kWasmI32,
+        ...wasmF32Const(3.14),
+        ...wasmF32Const(3.14),
+        kExprTry, kWasmI32,
+          ...wasmI32Const(1),
+        kExprCatch, except,
+          kExprTry, kWasmI32,
+            ...wasmI32Const(2),
+          kExprEnd,
+        kExprCatch, except,
+          ...wasmI32Const(3),
+        kExprEnd,
+        kExprDrop,
+        kExprF32Ne,
+      kExprEnd,
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate();
+  let result = instance.exports.main();
+  assertEquals(0, result);
+})();
+
+(function TestReturnCallWithRefs() {
+  print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+  const table_size = 3;
+  let table = builder.addTable(kWasmFuncRef, table_size, table_size);
+
+  let array_type_index = builder.addArray(kWasmI32, true);
+  let struct_type_index = builder.addStruct([makeField(kWasmI32, true)]);
+  let sig_index = builder.addType(kSig_v_v);
+
+  // Function 0
+  builder.addImport("imports", "imported_func", kSig_v_v);
+
+  // Function 1
+  let f1 = builder.addFunction("main", kSig_v_v)
+    .addBody([
+      kExprRefNull, array_type_index,
+      ...wasmI32Const(13),
+      ...wasmI32Const(-2),
+      ...wasmI32Const(1),
+      kExprCallIndirect, sig_index, table.index,
+      kGCPrefix, kExprArraySet, array_type_index,
+    ])
+    .exportAs("main");
+
+  // Function 2
+  let f2 = builder.addFunction("f2", kSig_v_v)
+    .addBody([
+      ...wasmI32Const(2),
+      kExprReturnCallIndirect, sig_index, kTableZero,
+    ]);
+
+  // Function 3
+  let f3 = builder.addFunction("f3", kSig_v_v)
+    .addLocals(kWasmAnyRef, 1)
+    .addBody([
+      ...wasmI32Const(-8),
+      kGCPrefix, kExprStructNew, struct_type_index,
+      kExprCallFunction, 0, // call $import0
+      kExprLocalSet, 0
+    ]);
+
+  builder.addActiveElementSegment(
+    table.index, wasmI32Const(0),
+    [[kExprRefFunc, f1.index], [kExprRefFunc, f2.index], [kExprRefFunc, f3.index]],
+    kWasmFuncRef);
+
+  let instance = builder.instantiate({ imports: { imported_func: function() {} } });
+  assertTraps(kTrapNullDereference, () => instance.exports.main());
+})();
+
+(function TestRefsParamsAndRetsInIfBlock() {
+  print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+  let array_type_index = builder.addArray(kWasmI32, true);
+  let struct_type_index = builder.addStruct([makeField(kWasmI32, true)]);
+  let sig_a_in = builder.addType(makeSig([kWasmI32, wasmRefNullType(array_type_index)], [kWasmAnyFunc]));
+
+  // Function 0
+  builder.addImport("imports", "imported_func", kSig_v_v);
+
+  // Function 1
+  let f1 = builder.addFunction("main", kSig_v_v)
+    .addLocals(kWasmAnyRef, 1)
+    .addBody([
+      ...wasmI32Const(1),
+      kExprRefNull, array_type_index,
+      ...wasmI32Const(1),
+      kExprIf, sig_a_in,
+        kExprDrop,
+        kExprDrop,
+        kExprRefNull, kAnyFuncCode,
+      kExprElse,
+        kExprDrop,
+        kExprDrop,
+        kExprRefNull, kAnyFuncCode,
+      kExprEnd,
+      kExprDrop,
+      ...wasmI32Const(-8),
+      kGCPrefix, kExprStructNew, struct_type_index,
+      kExprLocalSet, 0,
+      kExprLocalGet, 0,
+      kGCPrefix, kExprRefCast, array_type_index, // invalid cast
+      kExprCallFunction, 0,
+      ...wasmI32Const(13),
+      ...wasmI32Const(-2),
+      kGCPrefix, kExprArraySet, array_type_index,
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({
+    "imports": {
+      imported_func: () => {
+        oob_arr = [1.1, 2.2, 3.3, 4.4];
+        double_arr = [1.1, 2.2, 3.3, 4.4];
+        obj_arr = [double_arr, double_arr];
+      },
+    }
+  });
+  assertTraps(kTrapIllegalCast, () => instance.exports.main());
+})();
+
+(function TestCatchExceptionThrownByCalledFunction() {
+  print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+  builder.addMemory(1, 32);
+  let $tag = builder.addTag(builder.addType(kSig_v_v));
+
+  // Function 0
+  let f1 = builder.addFunction("main", kSig_i_i)
+    .addLocals(kWasmI32, 1)
+    .addBody([
+      kExprTry, kWasmI32,
+        kExprCallFunction, 1,
+        ...wasmI32Const(0),
+      kExprCatch, $tag,
+      kExprLocalGet, 0, // oob read offset
+      kExprI32LoadMem, 0, 0,
+      kExprEnd,
+    ])
+    .exportAs("main");
+
+  // Function 1
+  let f2 = builder.addFunction("f1", kSig_v_v)
+    .addBody([
+      kExprThrow, $tag,
+    ]);
+
+  let instance = builder.instantiate();
+  assertThrows(() => instance.exports.main(0xffffffff), WebAssembly.RuntimeError);
+})();
+
+(function TestRefTypeReturnedByJSFunctions() {
+  print(arguments.callee.name);
+
+  var builder = new WasmModuleBuilder();
+  let array_type_index = builder.addArray(kWasmI32, true);
+  let sig_a_a = builder.addType(makeSig([wasmRefNullType(array_type_index)], [wasmRefNullType(array_type_index)]));
+
+  // Function 0
+  builder.addImport("imports", "imported_func", sig_a_a);
+
+  // Function 1
+  builder.addFunction("main", kSig_v_v)
+    .addBody([
+      kExprRefNull, array_type_index,
+      kExprCallFunction, 0,
+      ...wasmI32Const(0),
+      kGCPrefix, kExprArrayGet, array_type_index,
+      kExprDrop
+    ])
+    .exportAs("main");
+
+  let instance = builder.instantiate({
+    "imports": {
+      imported_func: (refVal) => {
+        return refVal + 0x41414141;
+      },
+    }
+  });
+  assertThrows(() => instance.exports.main(), TypeError);
+})();
diff --git a/deps/v8/test/mjsunit/wasm/wasm-module-builder.js b/deps/v8/test/mjsunit/wasm/wasm-module-builder.js
index f930e0557fc54d..eb229783392521 100644
--- a/deps/v8/test/mjsunit/wasm/wasm-module-builder.js
+++ b/deps/v8/test/mjsunit/wasm/wasm-module-builder.js
@@ -187,9 +187,11 @@ let kSig_l_l = makeSig([kWasmI64], [kWasmI64]);
 let kSig_i_l = makeSig([kWasmI64], [kWasmI32]);
 let kSig_i_ii = makeSig([kWasmI32, kWasmI32], [kWasmI32]);
 let kSig_i_iii = makeSig([kWasmI32, kWasmI32, kWasmI32], [kWasmI32]);
+let kSig_i_iiii = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32], [kWasmI32]);
 let kSig_v_iiii = makeSig([kWasmI32, kWasmI32, kWasmI32, kWasmI32], []);
 let kSig_l_i = makeSig([kWasmI32], [kWasmI64]);
 let kSig_f_ff = makeSig([kWasmF32, kWasmF32], [kWasmF32]);
+let kSig_f_ffff = makeSig([kWasmF32, kWasmF32, kWasmF32, kWasmF32], [kWasmF32]);
 let kSig_d_dd = makeSig([kWasmF64, kWasmF64], [kWasmF64]);
 let kSig_l_ll = makeSig([kWasmI64, kWasmI64], [kWasmI64]);
 let kSig_i_dd = makeSig([kWasmF64, kWasmF64], [kWasmI32]);
@@ -2318,20 +2320,6 @@ function getOpcodeName(opcode) {
   return globalThis.kWasmOpcodeNames?.[opcode] ?? 'unknown';
 }
 
-// Make a wasm export "promising" using JS Promise Integration.
-function ToPromising(wasm_export) {
-  let sig = wasm_export.type();
-  assertTrue(sig.parameters.length > 0);
-  assertEquals('externref', sig.parameters[0]);
-  let wrapper_sig = {
-    parameters: sig.parameters.slice(1),
-    results: ['externref']
-  };
-  return new WebAssembly.Function(
-      wrapper_sig, wasm_export, {promising: 'first'});
-
-}
-
 function wasmF32ConstSignalingNaN() {
   return [kExprF32Const, 0xb9, 0xa1, 0xa7, 0x7f];
 }
diff --git a/deps/v8/test/test262/BUILD.gn b/deps/v8/test/test262/BUILD.gn
index b08d1072c69258..7b68e4b5f9c989 100644
--- a/deps/v8/test/test262/BUILD.gn
+++ b/deps/v8/test/test262/BUILD.gn
@@ -14,6 +14,7 @@ group("v8_test262") {
     "data/",
     "detachArrayBuffer.js",
     "../../third_party/test262-harness/",
+    "harness-abstractmodulesource.js",
     "harness-adapt.js",
     "harness-adapt-donotevaluate.js",
     "harness-agent.js",
diff --git a/deps/v8/test/test262/harness-abstractmodulesource.js b/deps/v8/test/test262/harness-abstractmodulesource.js
new file mode 100644
index 00000000000000..b7fcbc33ee0b8a
--- /dev/null
+++ b/deps/v8/test/test262/harness-abstractmodulesource.js
@@ -0,0 +1,5 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+$262.AbstractModuleSource = %GetAbstractModuleSource();
diff --git a/deps/v8/test/test262/local-tests/test/staging/decorators/private-auto-accessor.js b/deps/v8/test/test262/local-tests/test/staging/decorators/private-auto-accessor.js
new file mode 100644
index 00000000000000..7edbd2566c4f5a
--- /dev/null
+++ b/deps/v8/test/test262/local-tests/test/staging/decorators/private-auto-accessor.js
@@ -0,0 +1,106 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+/*---
+description: Test private auto-accessors.
+features: [decorators]
+---*/
+
+(function TestUninitializedPrivateAccessor() {
+  class C {
+    accessor #x;
+    assertFieldIsUndefined() {
+      assert.sameValue(this.#x, undefined);
+    }
+    assertFieldMatchesValue(value) {
+      assert.sameValue(this.#x, value);
+    }
+    setField(value) {
+      this.#x = value;
+    }
+  }
+  let c = new C();
+  c.assertFieldIsUndefined();
+  c.setField(42);
+  c.assertFieldMatchesValue(42);
+})();
+
+(function TestInitializedPrivateAccessor() {
+  class C {
+    accessor #x = 5;
+    assertFieldMatchesValue(value) {
+      assert.sameValue(this.#x, value);
+    }
+    setField(value) {
+      this.#x = value;
+    }
+  }
+  let c = new C();
+  c.assertFieldMatchesValue(5);
+  c.setField(42);
+  c.assertFieldMatchesValue(42);
+})();
+
+(function TestInitializedMultiplePrivateAccessor() {
+  class C {
+    accessor #x = 5;
+    accessor #y = 42;
+    assertFieldsMatcheValues(value_x, value_y) {
+      assert.sameValue(this.#x, value_x);
+      assert.sameValue(this.#y, value_y);
+    }
+  }
+  let c = new C();
+  c.assertFieldsMatcheValues(5, 42);
+})();
+
+(function TestThrowOnDuplicatedName() {
+  // Auto-accessors will instantiate private getter and setter with the same
+  // name, which shouldn't collide with other private variables.
+  let assertThrowsSyntaxError = (code_string) => {
+    assert.throws(SyntaxError, () => {eval(code_string)});
+  };
+  assertThrowsSyntaxError('class C { accessor #x = 5;  accessor #x = 42; }');
+  assertThrowsSyntaxError('class C { accessor #x = 5; #x = 42; }');
+  assertThrowsSyntaxError('class C { accessor #x = 5; get #x() {}; }');
+  assertThrowsSyntaxError('class C { accessor #x = 5; set #x(value) {}; }');
+  assertThrowsSyntaxError('class C { accessor #x = 5; #x() {}; }');
+  assertThrowsSyntaxError('class C { accessor #x = 5; static #x = 42; }');
+  assertThrowsSyntaxError('class C { static accessor #x = 5; #x = 42; }');
+  assertThrowsSyntaxError(
+      'class C { static accessor #x = 5; static #x = 42; }');
+})();
+
+(function TestUninitializedStaticPrivateAccessor() {
+  class C {
+    static #x;
+    static assertFieldIsUndefined() {
+      assert.sameValue(C.#x, undefined);
+    }
+    static assertFieldMatchesValue(value) {
+      assert.sameValue(C.#x, value);
+    }
+    static setField(value) {
+      C.#x = value;
+    }
+  }
+  C.assertFieldIsUndefined();
+  C.setField(42);
+  C.assertFieldMatchesValue(42);
+})();
+
+(function TestInitializedStaticPrivateAccessor() {
+  class C {
+    static accessor #x = 5;
+    static assertFieldMatchesValue(value) {
+      assert.sameValue(C.#x, value);
+    }
+    static setField(value) {
+      C.#x = value;
+    }
+  }
+  C.assertFieldMatchesValue(5);
+  C.setField(42);
+  C.assertFieldMatchesValue(42);
+})();
diff --git a/deps/v8/test/test262/local-tests/test/staging/features.txt b/deps/v8/test/test262/local-tests/test/staging/features.txt
index 5721ffd2f89b51..566686c66165e8 100644
--- a/deps/v8/test/test262/local-tests/test/staging/features.txt
+++ b/deps/v8/test/test262/local-tests/test/staging/features.txt
@@ -41,10 +41,6 @@ import-assertions
 # https://github.com/tc39/proposal-json-modules
 json-modules
 
-# ArrayBuffer transfer
-# https://github.com/tc39/proposal-arraybuffer-transfer
-arraybuffer-transfer
-
 # Temporal
 # https://github.com/tc39/proposal-temporal
 Temporal
@@ -72,6 +68,10 @@ Array.fromAsync
 # https://github.com/tc39/proposal-json-parse-with-source
 json-parse-with-source
 
+# RegExp.escape
+# https://github.com/tc39/proposal-regex-escaping
+RegExp.escape
+
 # Regular expression modifiers
 # https://github.com/tc39/proposal-regexp-modifiers
 regexp-modifiers
@@ -129,6 +129,7 @@ Array.prototype.includes
 Array.prototype.values
 Atomics.waitAsync
 array-grouping
+arraybuffer-transfer
 arrow-function
 async-iteration
 async-functions
diff --git a/deps/v8/test/test262/test262.status b/deps/v8/test/test262/test262.status
index c59f7bff0f14cd..ef6a7383fa392b 100644
--- a/deps/v8/test/test262/test262.status
+++ b/deps/v8/test/test262/test262.status
@@ -1068,95 +1068,58 @@
   # https://issues.chromium.org/u/0/issues/42204365
   'language/expressions/dynamic-import/catch/nested-arrow-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-arrow-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-arrow-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-arrow-function-await-import-source-source-text-module': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-arrow-function-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-arrow-function-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-arrow-function-return-await-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-arrow-function-return-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-arrow-function-return-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-await-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-function-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-function-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-return-await-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-function-return-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-function-return-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-gen-await-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-gen-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-gen-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-gen-return-await-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-async-gen-return-await-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-async-gen-return-await-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-block-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-block-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-block-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-block-labeled-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-block-labeled-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-block-labeled-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-do-while-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-do-while-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-do-while-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-else-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-else-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-else-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-function-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-function-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-function-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-if-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-if-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-if-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/nested-while-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/nested-while-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/nested-while-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
   'language/expressions/dynamic-import/catch/top-level-import-catch-import-source-source-text-module': [FAIL],
   'language/expressions/dynamic-import/catch/top-level-import-catch-import-source-specifier-tostring': [FAIL],
-  'language/expressions/dynamic-import/catch/top-level-import-catch-import-source-specifier-tostring-abrupt-rejects': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-arrow-assignment-expression-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-arrow-assignment-expression-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-arrow-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-arrow-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-await-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-await-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-return-await-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-arrow-function-return-await-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-await-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-await-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-return-await-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-function-return-await-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-gen-await-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-async-gen-await-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-block-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-block-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-block-labeled-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-block-labeled-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-do-while-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-do-while-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-else-braceless-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-else-braceless-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-else-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-else-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-function-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-function-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-function-return-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-function-return-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-if-braceless-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-if-braceless-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-if-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-if-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-while-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-while-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-with-expression-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-with-expression-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-with-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/nested-with-import-source-script-code-valid': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/top-level-import-source-empty-str-is-valid-assign-expr': [FAIL],
-  'language/expressions/dynamic-import/syntax/valid/top-level-import-source-script-code-valid': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-arrow-assignment-expression-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-arrow-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-await-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-arrow-function-return-await-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-function-await-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-function-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-function-return-await-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-async-gen-await-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-block-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-block-labeled-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-do-while-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-else-braceless-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-else-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-function-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-function-return-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-if-braceless-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-if-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-while-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-with-expression-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/nested-with-import-source-no-new-call-expression': [FAIL],
+  'language/expressions/dynamic-import/syntax/invalid/top-level-import-source-no-new-call-expression': [FAIL],
   'language/module-code/source-phase-import/import-source-binding-name': [FAIL],
+  'language/module-code/source-phase-import/import-source-binding-name-2': [FAIL],
+  'language/module-code/source-phase-import/import-source-newlines': [FAIL],
 
   ######################## NEEDS INVESTIGATION ###########################
 
@@ -1646,14 +1609,9 @@
 ####
 # Roll-watcher patch
 [ALWAYS, {
-  'built-ins/AbstractModuleSource/length': [SKIP],
-  'built-ins/AbstractModuleSource/name': [SKIP],
-  'built-ins/AbstractModuleSource/proto': [SKIP],
+  # https://github.com/tc39/test262/pull/4146
   'built-ins/AbstractModuleSource/prototype': [SKIP],
   'built-ins/AbstractModuleSource/prototype/Symbol.toStringTag': [SKIP],
-  'built-ins/AbstractModuleSource/prototype/constructor': [SKIP],
-  'built-ins/AbstractModuleSource/prototype/proto': [SKIP],
-  'built-ins/AbstractModuleSource/throw-from-constructor': [SKIP],
   'built-ins/Math/sumPrecise/length': [SKIP],
   'built-ins/Math/sumPrecise/name': [SKIP],
   'built-ins/Math/sumPrecise/not-a-constructor': [SKIP],
@@ -2151,4 +2109,70 @@
 # end import test262@753d502e9a582d3aa152c0296310dc0761973d2f
 ####
 
+####
+# Roll-watcher patch
+[ALWAYS, {
+  'built-ins/AsyncDisposableStack/is-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/length': [SKIP],
+  'built-ins/AsyncDisposableStack/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/adopt/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/adopt/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/adopt/not-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/adopt/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/defer/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/defer/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/defer/not-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/defer/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposeAsync/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposeAsync/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposeAsync/not-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposeAsync/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposed/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/disposed/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/move/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/move/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/move/not-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/move/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/prop-desc': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/use/length': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/use/name': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/use/not-a-constructor': [SKIP],
+  'built-ins/AsyncDisposableStack/prototype/use/prop-desc': [SKIP],
+  'built-ins/AsyncIteratorPrototype/Symbol.asyncDispose/length': [SKIP],
+  'built-ins/AsyncIteratorPrototype/Symbol.asyncDispose/name': [SKIP],
+  'built-ins/AsyncIteratorPrototype/Symbol.asyncDispose/prop-desc': [SKIP],
+  'built-ins/Iterator/prototype/Symbol.dispose/length': [SKIP],
+  'built-ins/Iterator/prototype/Symbol.dispose/name': [SKIP],
+  'built-ins/Iterator/prototype/Symbol.dispose/prop-desc': [SKIP],
+  'built-ins/RegExp/escape/cross-realm': [SKIP],
+  'built-ins/RegExp/escape/escaped-control-characters': [SKIP],
+  'built-ins/RegExp/escape/escaped-lineterminator': [SKIP],
+  'built-ins/RegExp/escape/escaped-otherpunctuators': [SKIP],
+  'built-ins/RegExp/escape/escaped-solidus-character-mixed': [SKIP],
+  'built-ins/RegExp/escape/escaped-solidus-character-simple': [SKIP],
+  'built-ins/RegExp/escape/escaped-surrogates': [SKIP],
+  'built-ins/RegExp/escape/escaped-syntax-characters-mixed': [SKIP],
+  'built-ins/RegExp/escape/escaped-syntax-characters-simple': [SKIP],
+  'built-ins/RegExp/escape/escaped-utf16encodecodepoint': [SKIP],
+  'built-ins/RegExp/escape/escaped-whitespace': [SKIP],
+  'built-ins/RegExp/escape/initial-char-escape': [SKIP],
+  'built-ins/RegExp/escape/is-function': [SKIP],
+  'built-ins/RegExp/escape/length': [SKIP],
+  'built-ins/RegExp/escape/name': [SKIP],
+  'built-ins/RegExp/escape/non-string-inputs': [SKIP],
+  'built-ins/RegExp/escape/not-a-constructor': [SKIP],
+  'built-ins/RegExp/escape/not-escaped': [SKIP],
+  'built-ins/RegExp/escape/not-escaped-underscore': [SKIP],
+  'built-ins/RegExp/escape/prop-desc': [SKIP],
+  'built-ins/TypedArray/prototype/reduce/resizable-buffer-grow-mid-iteration': [SKIP],
+  'built-ins/TypedArray/prototype/reduce/resizable-buffer-shrink-mid-iteration': [SKIP],
+  'harness/asyncHelpers-throwsAsync-func-throws-sync': [SKIP],
+  'harness/asyncHelpers-throwsAsync-no-arg': [SKIP],
+  'intl402/NumberFormat/prototype/format/useGrouping-extended-en-IN': [SKIP],
+  'staging/Intl402/Temporal/old/japanese-before-era': [SKIP],
+}],
+# End roll-watcher patch
+####
+
 ]
diff --git a/deps/v8/test/test262/testcfg.py b/deps/v8/test/test262/testcfg.py
index e2121f84dd0ac9..fbb77e70a33bd8 100644
--- a/deps/v8/test/test262/testcfg.py
+++ b/deps/v8/test/test262/testcfg.py
@@ -67,6 +67,7 @@
     'decorators': '--js-decorators',
     'promise-try': '--js-promise-try',
     'Atomics.pause': '--js-atomics-pause',
+    'source-phase-imports': '--js-source-phase-imports --allow-natives-syntax',
 }
 
 SKIPPED_FEATURES = set([])
@@ -221,10 +222,14 @@ def _get_files_params(self):
     harness_args = []
     if "raw" not in self.test_record.get("flags", []):
       harness_args = list(self.suite.harness)
-    return (harness_args + ([self.suite.root / "harness-agent.js"]
-                            if self.__needs_harness_agent() else []) +
+    return (harness_args +
+            ([self.suite.root /
+              "harness-agent.js"] if self.__needs_harness_agent() else []) +
             ([self.suite.root / "harness-ishtmldda.js"]
              if "IsHTMLDDA" in self.test_record.get("features", []) else []) +
+            ([self.suite.root /
+              "harness-abstractmodulesource.js"] if "source-phase-imports"
+             in self.test_record.get("features", []) else []) +
             ([self.suite.root / "harness-adapt-donotevaluate.js"]
              if self.fail_phase_only and not self._fail_phase_reverse else []) +
             ([self.suite.root / "harness-done.js"]
diff --git a/deps/v8/test/unittests/BUILD.gn b/deps/v8/test/unittests/BUILD.gn
index 4af596780b92a1..61771e133025f3 100644
--- a/deps/v8/test/unittests/BUILD.gn
+++ b/deps/v8/test/unittests/BUILD.gn
@@ -597,6 +597,7 @@ v8_source_set("v8_unittests_sources") {
       "asmjs/asm-scanner-unittest.cc",
       "asmjs/asm-types-unittest.cc",
       "compiler/int64-lowering-unittest.cc",
+      "compiler/turboshaft/wasm-simd-unittest.cc",
       "compiler/wasm-address-reassociation-unittest.cc",
       "objects/wasm-backing-store-unittest.cc",
       "wasm/decoder-unittest.cc",
diff --git a/deps/v8/test/unittests/api/deserialize-unittest.cc b/deps/v8/test/unittests/api/deserialize-unittest.cc
index 113727c2332e41..0381575fc6b0b6 100644
--- a/deps/v8/test/unittests/api/deserialize-unittest.cc
+++ b/deps/v8/test/unittests/api/deserialize-unittest.cc
@@ -326,14 +326,16 @@ class MergeDeserializedCodeTest : public DeserializeTest {
   // The source code used in these tests.
   static constexpr char kSourceCode[] = R"(
     // Looks like an IIFE but isn't, to get eagerly parsed:
-    var eager = (function () {
-      // Actual IIFE, also eagerly parsed:
-      return (function iife() {
-        return 42;
-      })();
-    });
-    // Lazily parsed:
-    var lazy = function () { return eager(); };
+    { let captured = 10;
+      var eager = (function () {
+        // Actual IIFE, also eagerly parsed:
+        return (function iife() {
+          return captured, 42;
+        })();
+      });
+      // Lazily parsed:
+      var lazy = function () { return eager(); };
+    }
   )";
 
   // Objects from the Script's object graph whose lifetimes and connectedness
@@ -389,7 +391,7 @@ class MergeDeserializedCodeTest : public DeserializeTest {
 
   static i::Tagged<i::Object> ExtractSharedFunctionInfoData(
       i::Tagged<i::SharedFunctionInfo> sfi, i::Isolate* i_isolate) {
-    i::Tagged<i::Object> data = sfi->GetData(i_isolate);
+    i::Tagged<i::Object> data = sfi->GetTrustedData(i_isolate);
     // BytecodeArrays live in trusted space and so cannot be referenced through
     // tagged/compressed pointers from e.g. a FixedArray. Instead, we need to
     // use their in-sandbox wrapper object for that purpose.
@@ -413,7 +415,7 @@ class MergeDeserializedCodeTest : public DeserializeTest {
                WeakOrSmi(toplevel_sfi->feedback_metadata()));
     i::Tagged<i::Script> script = i::Cast<i::Script>(toplevel_sfi->script());
     array->set(kScript, WeakOrSmi(script));
-    i::Tagged<i::WeakFixedArray> sfis = script->shared_function_infos();
+    i::Tagged<i::WeakFixedArray> sfis = script->infos();
     CHECK_EQ(sfis->length(), 4);
     CHECK_EQ(sfis->get(0), WeakOrSmi(toplevel_sfi));
     i::Tagged<i::SharedFunctionInfo> eager =
@@ -964,7 +966,7 @@ TEST_F(MergeDeserializedCodeTest, MergeThatStartsButDoesNotFinish) {
   // actually finish its merge; the others will abandon their in-progress merges
   // and instead use the result from the first script since it will be in the
   // Isolate compilation cache.
-  i::Handle<i::SharedFunctionInfo> first_script_sfi;
+  i::IndirectHandle<i::SharedFunctionInfo> first_script_sfi;
   for (int i = 0; i < kSimultaneousScripts; ++i) {
     ScriptCompiler::Source source(NewString(kSourceCode), default_origin,
                                   cached_data[i].release(), tasks[i].release());
diff --git a/deps/v8/test/unittests/assembler/disasm-riscv-unittest.cc b/deps/v8/test/unittests/assembler/disasm-riscv-unittest.cc
index c779c2a846e7e7..d476653a070142 100644
--- a/deps/v8/test/unittests/assembler/disasm-riscv-unittest.cc
+++ b/deps/v8/test/unittests/assembler/disasm-riscv-unittest.cc
@@ -271,6 +271,16 @@ TEST_F(DisasmRiscvTest, CSR) {
 
   VERIFY_RUN();
 }
+
+TEST_F(DisasmRiscvTest, ZICOND) {
+  SET_UP();
+
+  COMPARE(czero_eqz(a0, s1, t3), "0fc4d533       czero.eqz a0, s1, t3");
+  COMPARE(czero_nez(s3, a1, t1), "0e65f9b3       czero.nez s3, a1, t1");
+
+  VERIFY_RUN();
+}
+
 #ifdef V8_TARGET_ARCH_RISCV64
 TEST_F(DisasmRiscvTest, RV64I) {
   SET_UP();
diff --git a/deps/v8/test/unittests/assembler/macro-assembler-x64-unittest.cc b/deps/v8/test/unittests/assembler/macro-assembler-x64-unittest.cc
index fe803c066c4512..4b7c3432deeed4 100644
--- a/deps/v8/test/unittests/assembler/macro-assembler-x64-unittest.cc
+++ b/deps/v8/test/unittests/assembler/macro-assembler-x64-unittest.cc
@@ -2307,13 +2307,15 @@ TEST_F(MacroAssemblerX64Test, I16x8SConvertF16x8) {
   float fp16_min = -fp16_max;
   float NaN = std::numeric_limits<float>::quiet_NaN();
   float neg_zero = base::bit_cast<float>(0x80000000);
+  float inf = std::numeric_limits<float>::infinity();
+  float neg_inf = -std::numeric_limits<float>::infinity();
 
   std::vector<std::array<float, 8>> test_cases = {
       {32.4, 2.5, 12.4, 62.346, 235.6, 2.36, 1253.4, 63.46},
       {34.5, 2.63, 234.6, 34.68, -234.6, -1.264, -23.6, -2.36},
       {NaN, 0, 0, neg_zero, NaN, -NaN, neg_zero, neg_zero},
-      {fp16_max, fp16_max, fp16_min, fp16_min, fp16_max + 1, fp16_max + 1,
-       fp16_min - 1, fp16_min - 1}};
+      {fp16_max, fp16_max, fp16_min, fp16_min, fp16_max + 1, inf, fp16_min - 1,
+       neg_inf}};
   uint16_t input[16];
   int16_t output[16];
 
@@ -2376,13 +2378,15 @@ TEST_F(MacroAssemblerX64Test, I16x8TruncF16x8U) {
   float fp16_min = -fp16_max;
   float NaN = std::numeric_limits<float>::quiet_NaN();
   float neg_zero = base::bit_cast<float>(0x80000000);
+  float inf = std::numeric_limits<float>::infinity();
+  float neg_inf = -std::numeric_limits<float>::infinity();
 
   std::vector<std::array<float, 8>> test_cases = {
       {32.4, 2.5, 12.4, 62.346, 235.6, 2.36, 1253.4, 63.46},
       {34.5, 2.63, 234.6, 34.68, -234.6, -1.264, -23.6, -2.36},
       {NaN, 0, 0, neg_zero, NaN, -NaN, neg_zero, neg_zero},
-      {fp16_max, fp16_max, fp16_min, fp16_min, fp16_max + 1, fp16_max + 1,
-       fp16_min - 1, fp16_min - 1}};
+      {fp16_max, fp16_max, fp16_min, fp16_min, fp16_max + 1, inf, fp16_min - 1,
+       neg_inf}};
   uint16_t input[16];
   uint16_t output[16];
 
diff --git a/deps/v8/test/unittests/base/cpu-unittest.cc b/deps/v8/test/unittests/base/cpu-unittest.cc
index faf3828bdac270..ab3be702d9adb3 100644
--- a/deps/v8/test/unittests/base/cpu-unittest.cc
+++ b/deps/v8/test/unittests/base/cpu-unittest.cc
@@ -30,7 +30,6 @@ TEST(CPUTest, SuppressTagCheckingScope) {
   // Check that the scope restores TCO afterwards.
   asm volatile(".arch_extension memtag \n mrs %0, tco" : "=r" (val));
   EXPECT_EQ(val, 0u);
-
 }
 #endif
 
diff --git a/deps/v8/test/unittests/base/doubly-threaded-list-unittest.cc b/deps/v8/test/unittests/base/doubly-threaded-list-unittest.cc
index 14dd892d8d8b2e..29dbbae2f34822 100644
--- a/deps/v8/test/unittests/base/doubly-threaded-list-unittest.cc
+++ b/deps/v8/test/unittests/base/doubly-threaded-list-unittest.cc
@@ -4,7 +4,6 @@
 
 #include "src/base/doubly-threaded-list.h"
 
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "test/unittests/test-utils.h"
 
diff --git a/deps/v8/test/unittests/codegen/code-pages-unittest.cc b/deps/v8/test/unittests/codegen/code-pages-unittest.cc
index aec709b1216c11..49a11c966137b1 100644
--- a/deps/v8/test/unittests/codegen/code-pages-unittest.cc
+++ b/deps/v8/test/unittests/codegen/code-pages-unittest.cc
@@ -294,10 +294,10 @@ TEST_F(CodePagesTest, LargeCodeObject) {
 
   {
     HandleScope scope(i_isolate());
-    DirectHandle<Code> foo_code =
+    IndirectHandle<Code> foo_code =
         Factory::CodeBuilder(i_isolate(), desc, CodeKind::FOR_TESTING).Build();
-    DirectHandle<InstructionStream> foo_istream(foo_code->instruction_stream(),
-                                                i_isolate());
+    IndirectHandle<InstructionStream> foo_istream(
+        foo_code->instruction_stream(), i_isolate());
 
     EXPECT_TRUE(i_isolate()->heap()->InSpace(*foo_istream, CODE_LO_SPACE));
 
@@ -421,10 +421,10 @@ TEST_F(CodePagesTest, LargeCodeObjectWithSignalHandler) {
 
   {
     HandleScope scope(i_isolate());
-    DirectHandle<Code> foo_code =
+    IndirectHandle<Code> foo_code =
         Factory::CodeBuilder(i_isolate(), desc, CodeKind::FOR_TESTING).Build();
-    DirectHandle<InstructionStream> foo_istream(foo_code->instruction_stream(),
-                                                i_isolate());
+    IndirectHandle<InstructionStream> foo_istream(
+        foo_code->instruction_stream(), i_isolate());
 
     EXPECT_TRUE(i_isolate()->heap()->InSpace(*foo_istream, CODE_LO_SPACE));
 
@@ -497,7 +497,7 @@ TEST_F(CodePagesTest, Sorted) {
   };
   {
     HandleScope outer_scope(i_isolate());
-    Handle<InstructionStream> code1, code3;
+    IndirectHandle<InstructionStream> code1, code3;
     Address code2_address;
 
     code1 =
diff --git a/deps/v8/test/unittests/compiler/arm64/turboshaft-instruction-selector-arm64-unittest.cc b/deps/v8/test/unittests/compiler/arm64/turboshaft-instruction-selector-arm64-unittest.cc
index 487da3f1efbf08..e51ffce969cec7 100644
--- a/deps/v8/test/unittests/compiler/arm64/turboshaft-instruction-selector-arm64-unittest.cc
+++ b/deps/v8/test/unittests/compiler/arm64/turboshaft-instruction-selector-arm64-unittest.cc
@@ -960,8 +960,6 @@ TEST_F(TurboshaftInstructionSelectorTest, AddSignedExtendHalfwordOnLeft) {
   }
 }
 
-#if 0
-
 #if V8_ENABLE_WEBASSEMBLY
 enum PairwiseAddSide { LEFT, RIGHT };
 
@@ -986,8 +984,8 @@ std::ostream& operator<<(std::ostream& os,
             << ", isSigned: " << sw.isSigned << " }";
 }
 
-using InstructionSelectorAddWithPairwiseAddTest =
-    InstructionSelectorTestWithParam<AddWithPairwiseAddSideAndWidth>;
+using TurboshaftInstructionSelectorAddWithPairwiseAddTest =
+    TurboshaftInstructionSelectorTestWithParam<AddWithPairwiseAddSideAndWidth>;
 
 TEST_P(TurboshaftInstructionSelectorAddWithPairwiseAddTest,
        AddWithPairwiseAdd) {
@@ -997,21 +995,26 @@ TEST_P(TurboshaftInstructionSelectorAddWithPairwiseAddTest,
 
   OpIndex x = m.Parameter(0);
   OpIndex y = m.Parameter(1);
-  const Operator* pairwiseAddOp;
+  OpIndex pairwiseAdd;
   if (params.width == 32 && params.isSigned) {
-    pairwiseAddOp = m.machine()->I32x4ExtAddPairwiseI16x8S();
+    pairwiseAdd = m.I32x4ExtAddPairwiseI16x8S(x);
   } else if (params.width == 16 && params.isSigned) {
-    pairwiseAddOp = m.machine()->I16x8ExtAddPairwiseI8x16S();
+    pairwiseAdd = m.I16x8ExtAddPairwiseI8x16S(x);
   } else if (params.width == 32 && !params.isSigned) {
-    pairwiseAddOp = m.machine()->I32x4ExtAddPairwiseI16x8U();
+    pairwiseAdd = m.I32x4ExtAddPairwiseI16x8U(x);
+  } else {
+    pairwiseAdd = m.I16x8ExtAddPairwiseI8x16U(x);
+  }
+
+  OpIndex add;
+  if (params.width == 32) {
+    add = params.side == LEFT ? m.I32x4Add(pairwiseAdd, y)
+                              : m.I32x4Add(y, pairwiseAdd);
   } else {
-    pairwiseAddOp = m.machine()->I16x8ExtAddPairwiseI8x16U();
+    add = params.side == LEFT ? m.I16x8Add(pairwiseAdd, y)
+                              : m.I16x8Add(y, pairwiseAdd);
   }
-  OpIndex pairwiseAdd = m.AddNode(pairwiseAddOp, x);
-  const Operator* addOp =
-      params.width == 32 ? m.machine()->I32x4Add() : m.machine()->I16x8Add();
-  OpIndex add = params.side == LEFT ? m.AddNode(addOp, pairwiseAdd, y)
-                                    : m.AddNode(addOp, y, pairwiseAdd);
+
   m.Return(add);
   Stream s = m.Build();
 
@@ -1028,12 +1031,10 @@ const AddWithPairwiseAddSideAndWidth kAddWithPairAddTestCases[] = {
     {LEFT, 32, false}, {RIGHT, 32, false}};
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorAddWithPairwiseAddTest,
+                         TurboshaftInstructionSelectorAddWithPairwiseAddTest,
                          ::testing::ValuesIn(kAddWithPairAddTestCases));
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-#endif
-
 // -----------------------------------------------------------------------------
 // Data processing controlled branches.
 
@@ -2226,16 +2227,72 @@ INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
                          TurboshaftInstructionSelectorIntDPWithIntMulTest,
                          ::testing::ValuesIn(kMulDPInstructions));
 
-#if 0
-
 #if V8_ENABLE_WEBASSEMBLY
+
+TEST_F(TurboshaftInstructionSelectorTest, AddReduce) {
+  {
+    StreamBuilder m(this, MachineType::Int32(), MachineType::Simd128());
+    V<Simd128> reduce = m.I8x16AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64I8x16Addv, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+  {
+    StreamBuilder m(this, MachineType::Int32(), MachineType::Simd128());
+    V<Simd128> reduce = m.I16x8AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64I16x8Addv, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+  {
+    StreamBuilder m(this, MachineType::Int32(), MachineType::Simd128());
+    V<Simd128> reduce = m.I32x4AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64I32x4Addv, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+  {
+    StreamBuilder m(this, MachineType::Int64(), MachineType::Simd128());
+    V<Simd128> reduce = m.I64x2AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64I64x2AddPair, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+  {
+    StreamBuilder m(this, MachineType::Float32(), MachineType::Simd128());
+    V<Simd128> reduce = m.F32x4AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64F32x4AddReducePairwise, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+  {
+    StreamBuilder m(this, MachineType::Float64(), MachineType::Simd128());
+    V<Simd128> reduce = m.F64x2AddReduce(m.Parameter(0));
+    m.Return(reduce);
+    Stream s = m.Build();
+    EXPECT_EQ(kArm64F64x2AddPair, s[0]->arch_opcode());
+    EXPECT_EQ(1U, s[0]->InputCount());
+    EXPECT_EQ(1U, s[0]->OutputCount());
+  }
+}
+
 namespace {
 
 struct SIMDMulDPInst {
   const char* mul_constructor_name;
-  const Operator* (MachineOperatorBuilder::*mul_operator)(void);
-  const Operator* (MachineOperatorBuilder::*add_operator)(void);
-  const Operator* (MachineOperatorBuilder::*sub_operator)(void);
+  TSBinop mul_operator;
+  TSBinop add_operator;
+  TSBinop sub_operator;
   ArchOpcode multiply_add_arch_opcode;
   ArchOpcode multiply_sub_arch_opcode;
   MachineType machine_type;
@@ -2249,24 +2306,21 @@ std::ostream& operator<<(std::ostream& os, const SIMDMulDPInst& inst) {
 }  // namespace
 
 static const SIMDMulDPInst kSIMDMulDPInstructions[] = {
-    {"I32x4Mul", &MachineOperatorBuilder::I32x4Mul,
-     &MachineOperatorBuilder::I32x4Add, &MachineOperatorBuilder::I32x4Sub,
+    {"I32x4Mul", TSBinop::kI32x4Mul, TSBinop::kI32x4Add, TSBinop::kI32x4Sub,
      kArm64Mla, kArm64Mls, MachineType::Simd128(), 32},
-    {"I16x8Mul", &MachineOperatorBuilder::I16x8Mul,
-     &MachineOperatorBuilder::I16x8Add, &MachineOperatorBuilder::I16x8Sub,
+    {"I16x8Mul", TSBinop::kI16x8Mul, TSBinop::kI16x8Add, TSBinop::kI16x8Sub,
      kArm64Mla, kArm64Mls, MachineType::Simd128(), 16}};
 
-using InstructionSelectorSIMDDPWithSIMDMulTest =
-    InstructionSelectorTestWithParam<SIMDMulDPInst>;
+using TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDMulDPInst>;
 
 TEST_P(TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest, AddWithMul) {
   const SIMDMulDPInst mdpi = GetParam();
   const MachineType type = mdpi.machine_type;
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*mdpi.mul_operator)(), m.Parameter(1),
-                          m.Parameter(2));
-    m.Return(m.AddNode((m.machine()->*mdpi.add_operator)(), m.Parameter(0), n));
+    OpIndex n = m.Emit(mdpi.mul_operator, m.Parameter(1), m.Parameter(2));
+    m.Return(m.Emit(mdpi.add_operator, m.Parameter(0), n));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(mdpi.multiply_add_arch_opcode, s[0]->arch_opcode());
@@ -2276,9 +2330,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest, AddWithMul) {
   }
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*mdpi.mul_operator)(), m.Parameter(0),
-                          m.Parameter(1));
-    m.Return(m.AddNode((m.machine()->*mdpi.add_operator)(), n, m.Parameter(2)));
+    OpIndex n = m.Emit(mdpi.mul_operator, m.Parameter(0), m.Parameter(1));
+    m.Return(m.Emit(mdpi.add_operator, n, m.Parameter(2)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(mdpi.multiply_add_arch_opcode, s[0]->arch_opcode());
@@ -2293,9 +2346,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest, SubWithMul) {
   const MachineType type = mdpi.machine_type;
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*mdpi.mul_operator)(), m.Parameter(1),
-                          m.Parameter(2));
-    m.Return(m.AddNode((m.machine()->*mdpi.sub_operator)(), m.Parameter(0), n));
+    OpIndex n = m.Emit(mdpi.mul_operator, m.Parameter(1), m.Parameter(2));
+    m.Return(m.Emit(mdpi.sub_operator, m.Parameter(0), n));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(mdpi.multiply_sub_arch_opcode, s[0]->arch_opcode());
@@ -2306,16 +2358,16 @@ TEST_P(TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest, SubWithMul) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSIMDDPWithSIMDMulTest,
+                         TurboshaftInstructionSelectorSIMDDPWithSIMDMulTest,
                          ::testing::ValuesIn(kSIMDMulDPInstructions));
 
 namespace {
 
 struct SIMDShrAddInst {
   const char* shradd_constructor_name;
-  const Operator* (MachineOperatorBuilder::*shr_s_operator)();
-  const Operator* (MachineOperatorBuilder::*shr_u_operator)();
-  const Operator* (MachineOperatorBuilder::*add_operator)();
+  TSBinop shr_s_operator;
+  TSBinop shr_u_operator;
+  TSBinop add_operator;
   const int laneSize;
 };
 
@@ -2326,27 +2378,26 @@ std::ostream& operator<<(std::ostream& os, const SIMDShrAddInst& inst) {
 }  // namespace
 
 static const SIMDShrAddInst kSIMDShrAddInstructions[] = {
-    {"I64x2ShrAdd", &MachineOperatorBuilder::I64x2ShrS,
-     &MachineOperatorBuilder::I64x2ShrU, &MachineOperatorBuilder::I64x2Add, 64},
-    {"I32x4ShrAdd", &MachineOperatorBuilder::I32x4ShrS,
-     &MachineOperatorBuilder::I32x4ShrU, &MachineOperatorBuilder::I32x4Add, 32},
-    {"I16x8ShrAdd", &MachineOperatorBuilder::I16x8ShrS,
-     &MachineOperatorBuilder::I16x8ShrU, &MachineOperatorBuilder::I16x8Add, 16},
-    {"I8x16ShrAdd", &MachineOperatorBuilder::I8x16ShrS,
-     &MachineOperatorBuilder::I8x16ShrU, &MachineOperatorBuilder::I8x16Add, 8}};
-
-using InstructionSelectorSIMDShrAddTest =
-    InstructionSelectorTestWithParam<SIMDShrAddInst>;
+    {"I64x2ShrAdd", TSBinop::kI64x2ShrS, TSBinop::kI64x2ShrU,
+     TSBinop::kI64x2Add, 64},
+    {"I32x4ShrAdd", TSBinop::kI32x4ShrS, TSBinop::kI32x4ShrU,
+     TSBinop::kI32x4Add, 32},
+    {"I16x8ShrAdd", TSBinop::kI16x8ShrS, TSBinop::kI16x8ShrU,
+     TSBinop::kI16x8Add, 16},
+    {"I8x16ShrAdd", TSBinop::kI8x16ShrS, TSBinop::kI8x16ShrU,
+     TSBinop::kI8x16Add, 8}};
+
+using TurboshaftInstructionSelectorSIMDShrAddTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDShrAddInst>;
 
 TEST_P(TurboshaftInstructionSelectorSIMDShrAddTest, ShrAddS) {
   const SIMDShrAddInst param = GetParam();
   const MachineType type = MachineType::Simd128();
   {
     StreamBuilder m(this, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*param.shr_s_operator)(),
-                          m.Parameter(1), m.Int32Constant(1));
-    m.Return(
-        m.AddNode((m.machine()->*param.add_operator)(), m.Parameter(0), n));
+    OpIndex n =
+        m.Emit(param.shr_s_operator, m.Parameter(1), m.Int32Constant(1));
+    m.Return(m.Emit(param.add_operator, m.Parameter(0), n));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64Ssra, s[0]->arch_opcode());
@@ -2356,10 +2407,9 @@ TEST_P(TurboshaftInstructionSelectorSIMDShrAddTest, ShrAddS) {
   }
   {
     StreamBuilder m(this, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*param.shr_s_operator)(),
-                          m.Parameter(0), m.Int32Constant(1));
-    m.Return(
-        m.AddNode((m.machine()->*param.add_operator)(), n, m.Parameter(1)));
+    OpIndex n =
+        m.Emit(param.shr_s_operator, m.Parameter(0), m.Int32Constant(1));
+    m.Return(m.Emit(param.add_operator, n, m.Parameter(1)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64Ssra, s[0]->arch_opcode());
@@ -2374,10 +2424,9 @@ TEST_P(TurboshaftInstructionSelectorSIMDShrAddTest, ShrAddU) {
   const MachineType type = MachineType::Simd128();
   {
     StreamBuilder m(this, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*param.shr_u_operator)(),
-                          m.Parameter(1), m.Int32Constant(1));
-    m.Return(
-        m.AddNode((m.machine()->*param.add_operator)(), m.Parameter(0), n));
+    OpIndex n =
+        m.Emit(param.shr_u_operator, m.Parameter(1), m.Int32Constant(1));
+    m.Return(m.Emit(param.add_operator, m.Parameter(0), n));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64Usra, s[0]->arch_opcode());
@@ -2387,10 +2436,9 @@ TEST_P(TurboshaftInstructionSelectorSIMDShrAddTest, ShrAddU) {
   }
   {
     StreamBuilder m(this, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*param.shr_u_operator)(),
-                          m.Parameter(0), m.Int32Constant(1));
-    m.Return(
-        m.AddNode((m.machine()->*param.add_operator)(), n, m.Parameter(1)));
+    OpIndex n =
+        m.Emit(param.shr_u_operator, m.Parameter(0), m.Int32Constant(1));
+    m.Return(m.Emit(param.add_operator, n, m.Parameter(1)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64Usra, s[0]->arch_opcode());
@@ -2401,14 +2449,14 @@ TEST_P(TurboshaftInstructionSelectorSIMDShrAddTest, ShrAddU) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSIMDShrAddTest,
+                         TurboshaftInstructionSelectorSIMDShrAddTest,
                          ::testing::ValuesIn(kSIMDShrAddInstructions));
 
 namespace {
 struct SIMDAddExtMulInst {
   const char* mul_constructor_name;
-  const Operator* (MachineOperatorBuilder::*mul_operator)();
-  const Operator* (MachineOperatorBuilder::*add_operator)();
+  TSBinop mul_operator;
+  TSBinop add_operator;
   ArchOpcode multiply_add_arch_opcode;
   MachineType machine_type;
   int lane_size;
@@ -2416,33 +2464,25 @@ struct SIMDAddExtMulInst {
 }  // namespace
 
 static const SIMDAddExtMulInst kSimdAddExtMulInstructions[] = {
-    {"I16x8ExtMulLowI8x16S", &MachineOperatorBuilder::I16x8ExtMulLowI8x16S,
-     &MachineOperatorBuilder::I16x8Add, kArm64Smlal, MachineType::Simd128(),
-     16},
-    {"I16x8ExtMulHighI8x16S", &MachineOperatorBuilder::I16x8ExtMulHighI8x16S,
-     &MachineOperatorBuilder::I16x8Add, kArm64Smlal2, MachineType::Simd128(),
-     16},
-    {"I16x8ExtMulLowI8x16U", &MachineOperatorBuilder::I16x8ExtMulLowI8x16U,
-     &MachineOperatorBuilder::I16x8Add, kArm64Umlal, MachineType::Simd128(),
-     16},
-    {"I16x8ExtMulHighI8x16U", &MachineOperatorBuilder::I16x8ExtMulHighI8x16U,
-     &MachineOperatorBuilder::I16x8Add, kArm64Umlal2, MachineType::Simd128(),
-     16},
-    {"I32x4ExtMulLowI16x8S", &MachineOperatorBuilder::I32x4ExtMulLowI16x8S,
-     &MachineOperatorBuilder::I32x4Add, kArm64Smlal, MachineType::Simd128(),
-     32},
-    {"I32x4ExtMulHighI16x8S", &MachineOperatorBuilder::I32x4ExtMulHighI16x8S,
-     &MachineOperatorBuilder::I32x4Add, kArm64Smlal2, MachineType::Simd128(),
-     32},
-    {"I32x4ExtMulLowI16x8U", &MachineOperatorBuilder::I32x4ExtMulLowI16x8U,
-     &MachineOperatorBuilder::I32x4Add, kArm64Umlal, MachineType::Simd128(),
-     32},
-    {"I32x4ExtMulHighI16x8U", &MachineOperatorBuilder::I32x4ExtMulHighI16x8U,
-     &MachineOperatorBuilder::I32x4Add, kArm64Umlal2, MachineType::Simd128(),
-     32}};
-
-using InstructionSelectorSIMDAddExtMulTest =
-    InstructionSelectorTestWithParam<SIMDAddExtMulInst>;
+    {"I16x8ExtMulLowI8x16S", TSBinop::kI16x8ExtMulLowI8x16S, TSBinop::kI16x8Add,
+     kArm64Smlal, MachineType::Simd128(), 16},
+    {"I16x8ExtMulHighI8x16S", TSBinop::kI16x8ExtMulHighI8x16S,
+     TSBinop::kI16x8Add, kArm64Smlal2, MachineType::Simd128(), 16},
+    {"I16x8ExtMulLowI8x16U", TSBinop::kI16x8ExtMulLowI8x16U, TSBinop::kI16x8Add,
+     kArm64Umlal, MachineType::Simd128(), 16},
+    {"I16x8ExtMulHighI8x16U", TSBinop::kI16x8ExtMulHighI8x16U,
+     TSBinop::kI16x8Add, kArm64Umlal2, MachineType::Simd128(), 16},
+    {"I32x4ExtMulLowI16x8S", TSBinop::kI32x4ExtMulLowI16x8S, TSBinop::kI32x4Add,
+     kArm64Smlal, MachineType::Simd128(), 32},
+    {"I32x4ExtMulHighI16x8S", TSBinop::kI32x4ExtMulHighI16x8S,
+     TSBinop::kI32x4Add, kArm64Smlal2, MachineType::Simd128(), 32},
+    {"I32x4ExtMulLowI16x8U", TSBinop::kI32x4ExtMulLowI16x8U, TSBinop::kI32x4Add,
+     kArm64Umlal, MachineType::Simd128(), 32},
+    {"I32x4ExtMulHighI16x8U", TSBinop::kI32x4ExtMulHighI16x8U,
+     TSBinop::kI32x4Add, kArm64Umlal2, MachineType::Simd128(), 32}};
+
+using TurboshaftInstructionSelectorSIMDAddExtMulTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDAddExtMulInst>;
 
 // TODO(zhin): This can be merged with InstructionSelectorSIMDDPWithSIMDMulTest
 // once sub+extmul matching is implemented.
@@ -2452,9 +2492,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDAddExtMulTest, AddExtMul) {
   {
     // Test Add(x, ExtMul(y, z)).
     StreamBuilder m(this, type, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*mdpi.mul_operator)(), m.Parameter(1),
-                          m.Parameter(2));
-    m.Return(m.AddNode((m.machine()->*mdpi.add_operator)(), m.Parameter(0), n));
+    OpIndex n = m.Emit(mdpi.mul_operator, m.Parameter(1), m.Parameter(2));
+    m.Return(m.Emit(mdpi.add_operator, m.Parameter(0), n));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(mdpi.multiply_add_arch_opcode, s[0]->arch_opcode());
@@ -2465,9 +2504,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDAddExtMulTest, AddExtMul) {
   {
     // Test Add(ExtMul(y, z), x), making sure it's commutative.
     StreamBuilder m(this, type, type, type, type);
-    OpIndex n = m.AddNode((m.machine()->*mdpi.mul_operator)(), m.Parameter(0),
-                          m.Parameter(1));
-    m.Return(m.AddNode((m.machine()->*mdpi.add_operator)(), n, m.Parameter(2)));
+    OpIndex n = m.Emit(mdpi.mul_operator, m.Parameter(0), m.Parameter(1));
+    m.Return(m.Emit(mdpi.add_operator, n, m.Parameter(2)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(mdpi.multiply_add_arch_opcode, s[0]->arch_opcode());
@@ -2478,7 +2516,7 @@ TEST_P(TurboshaftInstructionSelectorSIMDAddExtMulTest, AddExtMul) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSIMDAddExtMulTest,
+                         TurboshaftInstructionSelectorSIMDAddExtMulTest,
                          ::testing::ValuesIn(kSimdAddExtMulInstructions));
 
 struct SIMDMulDupInst {
@@ -2530,17 +2568,17 @@ const SIMDMulDupInst kSIMDF32x4MulDuplInstructions[] = {
     },
 };
 
-using InstructionSelectorSimdF32x4MulWithDupTest =
-    InstructionSelectorTestWithParam<SIMDMulDupInst>;
+using TurboshaftInstructionSelectorSimdF32x4MulWithDupTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDMulDupInst>;
 
 TEST_P(TurboshaftInstructionSelectorSimdF32x4MulWithDupTest, MulWithDup) {
   const SIMDMulDupInst param = GetParam();
   const MachineType type = MachineType::Simd128();
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode(m.machine()->I8x16Shuffle(param.shuffle),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F32x4Mul(), m.Parameter(2), shuffle));
+    OpIndex shuffle =
+        m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), param.shuffle);
+    m.Return(m.F32x4Mul(m.Parameter(2), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64FMulElement, s[0]->arch_opcode());
@@ -2555,9 +2593,9 @@ TEST_P(TurboshaftInstructionSelectorSimdF32x4MulWithDupTest, MulWithDup) {
   // Multiplication operator should be commutative, so test shuffle op as lhs.
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode(m.machine()->I8x16Shuffle(param.shuffle),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F32x4Mul(), shuffle, m.Parameter(2)));
+    OpIndex shuffle =
+        m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), param.shuffle);
+    m.Return(m.F32x4Mul(shuffle, m.Parameter(2)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64FMulElement, s[0]->arch_opcode());
@@ -2571,7 +2609,7 @@ TEST_P(TurboshaftInstructionSelectorSimdF32x4MulWithDupTest, MulWithDup) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSimdF32x4MulWithDupTest,
+                         TurboshaftInstructionSelectorSimdF32x4MulWithDupTest,
                          ::testing::ValuesIn(kSIMDF32x4MulDuplInstructions));
 
 TEST_F(TurboshaftInstructionSelectorTest, SimdF32x4MulWithDupNegativeTest) {
@@ -2580,9 +2618,8 @@ TEST_F(TurboshaftInstructionSelectorTest, SimdF32x4MulWithDupNegativeTest) {
   const uint8_t mask[kSimd128Size] = {0};
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode((m.machine()->I8x16Shuffle(mask)),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F32x4Mul(), m.Parameter(2), shuffle));
+    OpIndex shuffle = m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), mask);
+    m.Return(m.F32x4Mul(m.Parameter(2), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(2U, s.size());
     // The shuffle is a i8x16.dup of lane 0.
@@ -2619,17 +2656,17 @@ const SIMDMulDupInst kSIMDF64x2MulDuplInstructions[] = {
     },
 };
 
-using InstructionSelectorSimdF64x2MulWithDupTest =
-    InstructionSelectorTestWithParam<SIMDMulDupInst>;
+using TurboshaftInstructionSelectorSimdF64x2MulWithDupTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDMulDupInst>;
 
 TEST_P(TurboshaftInstructionSelectorSimdF64x2MulWithDupTest, MulWithDup) {
   const SIMDMulDupInst param = GetParam();
   const MachineType type = MachineType::Simd128();
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode(m.machine()->I8x16Shuffle(param.shuffle),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F64x2Mul(), m.Parameter(2), shuffle));
+    OpIndex shuffle =
+        m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), param.shuffle);
+    m.Return(m.F64x2Mul(m.Parameter(2), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64FMulElement, s[0]->arch_opcode());
@@ -2644,9 +2681,9 @@ TEST_P(TurboshaftInstructionSelectorSimdF64x2MulWithDupTest, MulWithDup) {
   // Multiplication operator should be commutative, so test shuffle op as lhs.
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode(m.machine()->I8x16Shuffle(param.shuffle),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F64x2Mul(), shuffle, m.Parameter(2)));
+    OpIndex shuffle =
+        m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), param.shuffle);
+    m.Return(m.F64x2Mul(shuffle, m.Parameter(2)));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64FMulElement, s[0]->arch_opcode());
@@ -2669,8 +2706,7 @@ TEST_F(TurboshaftInstructionSelectorTest, ReverseShuffle32x4Test) {
       0, 1, 2, 3
     };
     StreamBuilder m(this, type, type, type, type);
-    m.Return(m.AddNode(m.machine()->I8x16Shuffle(shuffle),
-                         m.Parameter(0), m.Parameter(1)));
+    m.Return(m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64S32x4Reverse, s[0]->arch_opcode());
@@ -2685,8 +2721,7 @@ TEST_F(TurboshaftInstructionSelectorTest, ReverseShuffle32x4Test) {
       16, 17, 18, 19
     };
     StreamBuilder m(this, type, type, type, type);
-    m.Return(m.AddNode(m.machine()->I8x16Shuffle(shuffle),
-                         m.Parameter(0), m.Parameter(1)));
+    m.Return(m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64S32x4Reverse, s[0]->arch_opcode());
@@ -2696,7 +2731,7 @@ TEST_F(TurboshaftInstructionSelectorTest, ReverseShuffle32x4Test) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSimdF64x2MulWithDupTest,
+                         TurboshaftInstructionSelectorSimdF64x2MulWithDupTest,
                          ::testing::ValuesIn(kSIMDF64x2MulDuplInstructions));
 
 TEST_F(TurboshaftInstructionSelectorTest, SimdF64x2MulWithDupNegativeTest) {
@@ -2705,9 +2740,8 @@ TEST_F(TurboshaftInstructionSelectorTest, SimdF64x2MulWithDupNegativeTest) {
   const uint8_t mask[kSimd128Size] = {0};
   {
     StreamBuilder m(this, type, type, type, type);
-    OpIndex shuffle = m.AddNode((m.machine()->I8x16Shuffle(mask)),
-                                m.Parameter(0), m.Parameter(1));
-    m.Return(m.AddNode(m.machine()->F64x2Mul(), m.Parameter(2), shuffle));
+    OpIndex shuffle = m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), mask);
+    m.Return(m.F64x2Mul(m.Parameter(2), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(2U, s.size());
     // The shuffle is a i8x16.dup of lane 0.
@@ -2731,8 +2765,7 @@ TEST_F(TurboshaftInstructionSelectorTest, OneLaneSwizzle32x4Test) {
       12, 13, 14, 15
     };
     StreamBuilder m(this, type, type, type, type);
-    m.Return(m.AddNode(m.machine()->I8x16Shuffle(shuffle),
-                         m.Parameter(0), m.Parameter(1)));
+    m.Return(m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64S32x4OneLaneSwizzle, s[0]->arch_opcode());
@@ -2747,8 +2780,7 @@ TEST_F(TurboshaftInstructionSelectorTest, OneLaneSwizzle32x4Test) {
       16, 17, 18, 19
     };
     StreamBuilder m(this, type, type, type, type);
-    m.Return(m.AddNode(m.machine()->I8x16Shuffle(shuffle),
-                         m.Parameter(0), m.Parameter(1)));
+    m.Return(m.Simd128Shuffle(m.Parameter(0), m.Parameter(1), shuffle));
     Stream s = m.Build();
     ASSERT_EQ(1U, s.size());
     EXPECT_EQ(kArm64S32x4OneLaneSwizzle, s[0]->arch_opcode());
@@ -2759,8 +2791,6 @@ TEST_F(TurboshaftInstructionSelectorTest, OneLaneSwizzle32x4Test) {
 
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-#endif
-
 TEST_F(TurboshaftInstructionSelectorTest, Word32MulWithImmediate) {
   // x * (2^k + 1) -> x + (x << k)
   TRACED_FORRANGE(int32_t, k, 1, 30) {
@@ -5807,70 +5837,68 @@ TEST_F(TurboshaftInstructionSelectorTest, PokePairPrepareArgumentsSimd128) {
                expected_poke_pair, expected_poke);
 }
 
-#if 0
-
 struct SIMDConstZeroCmTest {
   const bool is_zero;
   const uint8_t lane_size;
-  const Operator* (MachineOperatorBuilder::*cm_operator)();
+  TSBinop cm_operator;
   const ArchOpcode expected_op_left;
   const ArchOpcode expected_op_right;
   const size_t size;
 };
 
 static const SIMDConstZeroCmTest SIMDConstZeroCmTests[] = {
-    {true, 8, &MachineOperatorBuilder::I8x16Eq, kArm64IEq, kArm64IEq, 1},
-    {true, 8, &MachineOperatorBuilder::I8x16Ne, kArm64INe, kArm64INe, 1},
-    {true, 8, &MachineOperatorBuilder::I8x16GeS, kArm64ILeS, kArm64IGeS, 1},
-    {true, 8, &MachineOperatorBuilder::I8x16GtS, kArm64ILtS, kArm64IGtS, 1},
-    {false, 8, &MachineOperatorBuilder::I8x16Eq, kArm64IEq, kArm64IEq, 2},
-    {false, 8, &MachineOperatorBuilder::I8x16Ne, kArm64INe, kArm64INe, 2},
-    {false, 8, &MachineOperatorBuilder::I8x16GeS, kArm64IGeS, kArm64IGeS, 2},
-    {false, 8, &MachineOperatorBuilder::I8x16GtS, kArm64IGtS, kArm64IGtS, 2},
-    {true, 16, &MachineOperatorBuilder::I16x8Eq, kArm64IEq, kArm64IEq, 1},
-    {true, 16, &MachineOperatorBuilder::I16x8Ne, kArm64INe, kArm64INe, 1},
-    {true, 16, &MachineOperatorBuilder::I16x8GeS, kArm64ILeS, kArm64IGeS, 1},
-    {true, 16, &MachineOperatorBuilder::I16x8GtS, kArm64ILtS, kArm64IGtS, 1},
-    {false, 16, &MachineOperatorBuilder::I16x8Eq, kArm64IEq, kArm64IEq, 2},
-    {false, 16, &MachineOperatorBuilder::I16x8Ne, kArm64INe, kArm64INe, 2},
-    {false, 16, &MachineOperatorBuilder::I16x8GeS, kArm64IGeS, kArm64IGeS, 2},
-    {false, 16, &MachineOperatorBuilder::I16x8GtS, kArm64IGtS, kArm64IGtS, 2},
-    {true, 32, &MachineOperatorBuilder::I32x4Eq, kArm64IEq, kArm64IEq, 1},
-    {true, 32, &MachineOperatorBuilder::I32x4Ne, kArm64INe, kArm64INe, 1},
-    {true, 32, &MachineOperatorBuilder::I32x4GeS, kArm64ILeS, kArm64IGeS, 1},
-    {true, 32, &MachineOperatorBuilder::I32x4GtS, kArm64ILtS, kArm64IGtS, 1},
-    {false, 32, &MachineOperatorBuilder::I32x4Eq, kArm64IEq, kArm64IEq, 2},
-    {false, 32, &MachineOperatorBuilder::I32x4Ne, kArm64INe, kArm64INe, 2},
-    {false, 32, &MachineOperatorBuilder::I32x4GeS, kArm64IGeS, kArm64IGeS, 2},
-    {false, 32, &MachineOperatorBuilder::I32x4GtS, kArm64IGtS, kArm64IGtS, 2},
-    {true, 64, &MachineOperatorBuilder::I64x2Eq, kArm64IEq, kArm64IEq, 1},
-    {true, 64, &MachineOperatorBuilder::I64x2Ne, kArm64INe, kArm64INe, 1},
-    {true, 64, &MachineOperatorBuilder::I64x2GeS, kArm64ILeS, kArm64IGeS, 1},
-    {true, 64, &MachineOperatorBuilder::I64x2GtS, kArm64ILtS, kArm64IGtS, 1},
-    {false, 64, &MachineOperatorBuilder::I64x2Eq, kArm64IEq, kArm64IEq, 2},
-    {false, 64, &MachineOperatorBuilder::I64x2Ne, kArm64INe, kArm64INe, 2},
-    {false, 64, &MachineOperatorBuilder::I64x2GeS, kArm64IGeS, kArm64IGeS, 2},
-    {false, 64, &MachineOperatorBuilder::I64x2GtS, kArm64IGtS, kArm64IGtS, 2},
-    {true, 64, &MachineOperatorBuilder::F64x2Eq, kArm64FEq, kArm64FEq, 1},
-    {true, 64, &MachineOperatorBuilder::F64x2Ne, kArm64FNe, kArm64FNe, 1},
-    {true, 64, &MachineOperatorBuilder::F64x2Lt, kArm64FGt, kArm64FLt, 1},
-    {true, 64, &MachineOperatorBuilder::F64x2Le, kArm64FGe, kArm64FLe, 1},
-    {false, 64, &MachineOperatorBuilder::F64x2Eq, kArm64FEq, kArm64FEq, 2},
-    {false, 64, &MachineOperatorBuilder::F64x2Ne, kArm64FNe, kArm64FNe, 2},
-    {false, 64, &MachineOperatorBuilder::F64x2Lt, kArm64FLt, kArm64FLt, 2},
-    {false, 64, &MachineOperatorBuilder::F64x2Le, kArm64FLe, kArm64FLe, 2},
-    {true, 32, &MachineOperatorBuilder::F32x4Eq, kArm64FEq, kArm64FEq, 1},
-    {true, 32, &MachineOperatorBuilder::F32x4Ne, kArm64FNe, kArm64FNe, 1},
-    {true, 32, &MachineOperatorBuilder::F32x4Lt, kArm64FGt, kArm64FLt, 1},
-    {true, 32, &MachineOperatorBuilder::F32x4Le, kArm64FGe, kArm64FLe, 1},
-    {false, 32, &MachineOperatorBuilder::F32x4Eq, kArm64FEq, kArm64FEq, 2},
-    {false, 32, &MachineOperatorBuilder::F32x4Ne, kArm64FNe, kArm64FNe, 2},
-    {false, 32, &MachineOperatorBuilder::F32x4Lt, kArm64FLt, kArm64FLt, 2},
-    {false, 32, &MachineOperatorBuilder::F32x4Le, kArm64FLe, kArm64FLe, 2},
+    {true, 8, TSBinop::kI8x16Eq, kArm64IEq, kArm64IEq, 1},
+    {true, 8, TSBinop::kI8x16Ne, kArm64INe, kArm64INe, 1},
+    {true, 8, TSBinop::kI8x16GeS, kArm64ILeS, kArm64IGeS, 1},
+    {true, 8, TSBinop::kI8x16GtS, kArm64ILtS, kArm64IGtS, 1},
+    {false, 8, TSBinop::kI8x16Eq, kArm64IEq, kArm64IEq, 2},
+    {false, 8, TSBinop::kI8x16Ne, kArm64INe, kArm64INe, 2},
+    {false, 8, TSBinop::kI8x16GeS, kArm64IGeS, kArm64IGeS, 2},
+    {false, 8, TSBinop::kI8x16GtS, kArm64IGtS, kArm64IGtS, 2},
+    {true, 16, TSBinop::kI16x8Eq, kArm64IEq, kArm64IEq, 1},
+    {true, 16, TSBinop::kI16x8Ne, kArm64INe, kArm64INe, 1},
+    {true, 16, TSBinop::kI16x8GeS, kArm64ILeS, kArm64IGeS, 1},
+    {true, 16, TSBinop::kI16x8GtS, kArm64ILtS, kArm64IGtS, 1},
+    {false, 16, TSBinop::kI16x8Eq, kArm64IEq, kArm64IEq, 2},
+    {false, 16, TSBinop::kI16x8Ne, kArm64INe, kArm64INe, 2},
+    {false, 16, TSBinop::kI16x8GeS, kArm64IGeS, kArm64IGeS, 2},
+    {false, 16, TSBinop::kI16x8GtS, kArm64IGtS, kArm64IGtS, 2},
+    {true, 32, TSBinop::kI32x4Eq, kArm64IEq, kArm64IEq, 1},
+    {true, 32, TSBinop::kI32x4Ne, kArm64INe, kArm64INe, 1},
+    {true, 32, TSBinop::kI32x4GeS, kArm64ILeS, kArm64IGeS, 1},
+    {true, 32, TSBinop::kI32x4GtS, kArm64ILtS, kArm64IGtS, 1},
+    {false, 32, TSBinop::kI32x4Eq, kArm64IEq, kArm64IEq, 2},
+    {false, 32, TSBinop::kI32x4Ne, kArm64INe, kArm64INe, 2},
+    {false, 32, TSBinop::kI32x4GeS, kArm64IGeS, kArm64IGeS, 2},
+    {false, 32, TSBinop::kI32x4GtS, kArm64IGtS, kArm64IGtS, 2},
+    {true, 64, TSBinop::kI64x2Eq, kArm64IEq, kArm64IEq, 1},
+    {true, 64, TSBinop::kI64x2Ne, kArm64INe, kArm64INe, 1},
+    {true, 64, TSBinop::kI64x2GeS, kArm64ILeS, kArm64IGeS, 1},
+    {true, 64, TSBinop::kI64x2GtS, kArm64ILtS, kArm64IGtS, 1},
+    {false, 64, TSBinop::kI64x2Eq, kArm64IEq, kArm64IEq, 2},
+    {false, 64, TSBinop::kI64x2Ne, kArm64INe, kArm64INe, 2},
+    {false, 64, TSBinop::kI64x2GeS, kArm64IGeS, kArm64IGeS, 2},
+    {false, 64, TSBinop::kI64x2GtS, kArm64IGtS, kArm64IGtS, 2},
+    {true, 64, TSBinop::kF64x2Eq, kArm64FEq, kArm64FEq, 1},
+    {true, 64, TSBinop::kF64x2Ne, kArm64FNe, kArm64FNe, 1},
+    {true, 64, TSBinop::kF64x2Lt, kArm64FGt, kArm64FLt, 1},
+    {true, 64, TSBinop::kF64x2Le, kArm64FGe, kArm64FLe, 1},
+    {false, 64, TSBinop::kF64x2Eq, kArm64FEq, kArm64FEq, 2},
+    {false, 64, TSBinop::kF64x2Ne, kArm64FNe, kArm64FNe, 2},
+    {false, 64, TSBinop::kF64x2Lt, kArm64FLt, kArm64FLt, 2},
+    {false, 64, TSBinop::kF64x2Le, kArm64FLe, kArm64FLe, 2},
+    {true, 32, TSBinop::kF32x4Eq, kArm64FEq, kArm64FEq, 1},
+    {true, 32, TSBinop::kF32x4Ne, kArm64FNe, kArm64FNe, 1},
+    {true, 32, TSBinop::kF32x4Lt, kArm64FGt, kArm64FLt, 1},
+    {true, 32, TSBinop::kF32x4Le, kArm64FGe, kArm64FLe, 1},
+    {false, 32, TSBinop::kF32x4Eq, kArm64FEq, kArm64FEq, 2},
+    {false, 32, TSBinop::kF32x4Ne, kArm64FNe, kArm64FNe, 2},
+    {false, 32, TSBinop::kF32x4Lt, kArm64FLt, kArm64FLt, 2},
+    {false, 32, TSBinop::kF32x4Le, kArm64FLe, kArm64FLe, 2},
 };
 
-using InstructionSelectorSIMDConstZeroCmTest =
-    InstructionSelectorTestWithParam<SIMDConstZeroCmTest>;
+using TurboshaftInstructionSelectorSIMDConstZeroCmTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDConstZeroCmTest>;
 
 TEST_P(TurboshaftInstructionSelectorSIMDConstZeroCmTest, ConstZero) {
   const SIMDConstZeroCmTest param = GetParam();
@@ -5879,9 +5907,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDConstZeroCmTest, ConstZero) {
   // Const node on the left
   {
     StreamBuilder m(this, MachineType::Simd128(), MachineType::Simd128());
-    OpIndex cnst = m.S128Const(data);
-    OpIndex fcm =
-        m.AddNode((m.machine()->*param.cm_operator)(), cnst, m.Parameter(0));
+    OpIndex cnst = m.Simd128Constant(data);
+    OpIndex fcm = m.Emit(param.cm_operator, cnst, m.Parameter(0));
     m.Return(fcm);
     Stream s = m.Build();
     ASSERT_EQ(param.size, s.size());
@@ -5901,9 +5928,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDConstZeroCmTest, ConstZero) {
   //  Const node on the right
   {
     StreamBuilder m(this, MachineType::Simd128(), MachineType::Simd128());
-    OpIndex cnst = m.S128Const(data);
-    OpIndex fcm =
-        m.AddNode((m.machine()->*param.cm_operator)(), m.Parameter(0), cnst);
+    OpIndex cnst = m.Simd128Constant(data);
+    OpIndex fcm = m.Emit(param.cm_operator, m.Parameter(0), cnst);
     m.Return(fcm);
     Stream s = m.Build();
     ASSERT_EQ(param.size, s.size());
@@ -5923,12 +5949,12 @@ TEST_P(TurboshaftInstructionSelectorSIMDConstZeroCmTest, ConstZero) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSIMDConstZeroCmTest,
+                         TurboshaftInstructionSelectorSIMDConstZeroCmTest,
                          ::testing::ValuesIn(SIMDConstZeroCmTests));
 
 struct SIMDConstAndTest {
   const uint8_t data[16];
-  const Operator* (MachineOperatorBuilder::*simd_op)();
+  TSBinop simd_op;
   const ArchOpcode expected_op;
   const bool symmetrical;
   const uint8_t lane_size;
@@ -5940,7 +5966,7 @@ struct SIMDConstAndTest {
 static const SIMDConstAndTest SIMDConstAndTests[] = {
     {{0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE,
       0xFF, 0xFE, 0xFF, 0xFE},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      16,
@@ -5949,7 +5975,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF, 0xFE, 0xFF,
       0xFE, 0xFF, 0xFE, 0xFF},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      16,
@@ -5959,7 +5985,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
 
     {{0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE,
       0xFF, 0xFF, 0xFF, 0xFE},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      32,
@@ -5968,7 +5994,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF,
       0xFF, 0xFF, 0xFE, 0xFF},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      32,
@@ -5977,7 +6003,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF,
       0xFF, 0xFE, 0xFF, 0xFF},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      32,
@@ -5986,7 +6012,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF, 0xFE, 0xFF, 0xFF, 0xFF,
       0xFE, 0xFF, 0xFF, 0xFF},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128AndNot,
      true,
      32,
@@ -5996,7 +6022,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
 
     {{0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
       0xEE, 0xEE, 0xEE, 0xEE},
-     &MachineOperatorBuilder::S128And,
+     TSBinop::kS128And,
      kArm64S128And,
      true,
      0,
@@ -6006,7 +6032,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
 
     {{0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01,
       0x00, 0x01, 0x00, 0x01},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      16,
@@ -6015,7 +6041,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x00,
       0x01, 0x00, 0x01, 0x00},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      16,
@@ -6025,7 +6051,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
 
     {{0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01,
       0x00, 0x00, 0x00, 0x01},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      32,
@@ -6034,7 +6060,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,
       0x00, 0x00, 0x01, 0x00},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      32,
@@ -6043,7 +6069,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00,
       0x00, 0x01, 0x00, 0x00},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      32,
@@ -6052,7 +6078,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      1},
     {{0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
       0x01, 0x00, 0x00, 0x00},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      32,
@@ -6062,7 +6088,7 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
 
     {{0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE,
       0xEE, 0xEE, 0xEE, 0xEE},
-     &MachineOperatorBuilder::S128AndNot,
+     TSBinop::kS128AndNot,
      kArm64S128AndNot,
      false,
      0,
@@ -6071,17 +6097,16 @@ static const SIMDConstAndTest SIMDConstAndTests[] = {
      2},
 };
 
-using InstructionSelectorSIMDConstAndTest =
-    InstructionSelectorTestWithParam<SIMDConstAndTest>;
+using TurboshaftInstructionSelectorSIMDConstAndTest =
+    TurboshaftInstructionSelectorTestWithParam<SIMDConstAndTest>;
 
 TEST_P(TurboshaftInstructionSelectorSIMDConstAndTest, ConstAnd) {
   const SIMDConstAndTest param = GetParam();
   // Const node on the left
   {
     StreamBuilder m(this, MachineType::Simd128(), MachineType::Simd128());
-    OpIndex cnst = m.S128Const(param.data);
-    OpIndex op =
-        m.AddNode((m.machine()->*param.simd_op)(), cnst, m.Parameter(0));
+    OpIndex cnst = m.Simd128Constant(param.data);
+    OpIndex op = m.Emit(param.simd_op, cnst, m.Parameter(0));
     m.Return(op);
     Stream s = m.Build();
 
@@ -6105,9 +6130,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDConstAndTest, ConstAnd) {
   //  Const node on the right
   {
     StreamBuilder m(this, MachineType::Simd128(), MachineType::Simd128());
-    OpIndex cnst = m.S128Const(param.data);
-    OpIndex op =
-        m.AddNode((m.machine()->*param.simd_op)(), m.Parameter(0), cnst);
+    OpIndex cnst = m.Simd128Constant(param.data);
+    OpIndex op = m.Emit(param.simd_op, m.Parameter(0), cnst);
     m.Return(op);
     Stream s = m.Build();
     ASSERT_EQ(param.size, s.size());
@@ -6128,10 +6152,8 @@ TEST_P(TurboshaftInstructionSelectorSIMDConstAndTest, ConstAnd) {
 }
 
 INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
-                         InstructionSelectorSIMDConstAndTest,
+                         TurboshaftInstructionSelectorSIMDConstAndTest,
                          ::testing::ValuesIn(SIMDConstAndTests));
 #endif  // V8_ENABLE_WEBASSEMBLY
 
-#endif
-
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/test/unittests/compiler/backend/turboshaft-instruction-selector-unittest.h b/deps/v8/test/unittests/compiler/backend/turboshaft-instruction-selector-unittest.h
index 097e0f50792e83..c2f496da5140ee 100644
--- a/deps/v8/test/unittests/compiler/backend/turboshaft-instruction-selector-unittest.h
+++ b/deps/v8/test/unittests/compiler/backend/turboshaft-instruction-selector-unittest.h
@@ -24,7 +24,16 @@
 
 namespace v8::internal::compiler::turboshaft {
 
+#if V8_ENABLE_WEBASSEMBLY
+#define SIMD_BINOP_LIST(V)          \
+  FOREACH_SIMD_128_BINARY_OPCODE(V) \
+  FOREACH_SIMD_128_SHIFT_OPCODE(V)
+#else
+#define SIMD_BINOP_LIST(V)
+#endif  // V8_ENABLE_WEBASSEMBLY
+
 #define BINOP_LIST(V)           \
+  SIMD_BINOP_LIST(V)            \
   V(Word32BitwiseAnd)           \
   V(Word64BitwiseAnd)           \
   V(Word32BitwiseOr)            \
@@ -406,6 +415,40 @@ class TurboshaftInstructionSelectorTest : public TestWithNativeContextAndZone {
     FOREACH_SIMD_128_UNARY_OPCODE(DECL_SIMD128_UNOP)
 #undef DECL_SIMD128_UNOP
 
+#define DECL_SIMD128_EXTRACT_LANE(Name, Suffix, Type)                 \
+  V<Type> Name##Suffix##ExtractLane(V<Simd128> input, uint8_t lane) { \
+    return V<Type>::Cast(Simd128ExtractLane(                          \
+        input, Simd128ExtractLaneOp::Kind::k##Name##Suffix, lane));   \
+  }
+    DECL_SIMD128_EXTRACT_LANE(I8x16, S, Word32)
+    DECL_SIMD128_EXTRACT_LANE(I8x16, U, Word32)
+    DECL_SIMD128_EXTRACT_LANE(I16x8, S, Word32)
+    DECL_SIMD128_EXTRACT_LANE(I16x8, U, Word32)
+    DECL_SIMD128_EXTRACT_LANE(I32x4, , Word32)
+    DECL_SIMD128_EXTRACT_LANE(I64x2, , Word64)
+    DECL_SIMD128_EXTRACT_LANE(F32x4, , Float32)
+    DECL_SIMD128_EXTRACT_LANE(F64x2, , Float64)
+#undef DECL_SIMD128_EXTRACT_LANE
+
+#define DECL_SIMD128_REDUCE(Name)                                           \
+  V<Simd128> Name##AddReduce(V<Simd128> input) {                            \
+    return Simd128Reduce(input, Simd128ReduceOp::Kind::k##Name##AddReduce); \
+  }
+    DECL_SIMD128_REDUCE(I8x16)
+    DECL_SIMD128_REDUCE(I16x8)
+    DECL_SIMD128_REDUCE(I32x4)
+    DECL_SIMD128_REDUCE(I64x2)
+    DECL_SIMD128_REDUCE(F32x4)
+    DECL_SIMD128_REDUCE(F64x2)
+#undef DECL_SIMD128_REDUCE
+
+#define DECL_SIMD128_SHIFT(Name)                                      \
+  V<Simd128> Name(V<Simd128> input, V<Word32> shift) {                \
+    return Simd128Shift(input, shift, Simd128ShiftOp::Kind::k##Name); \
+  }
+    FOREACH_SIMD_128_SHIFT_OPCODE(DECL_SIMD128_SHIFT)
+#undef DECL_SIMD128_SHIFT
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
    private:
diff --git a/deps/v8/test/unittests/compiler/compiler-unittest.cc b/deps/v8/test/unittests/compiler/compiler-unittest.cc
index d7b25f2b17b9ce..9f78509b595f68 100644
--- a/deps/v8/test/unittests/compiler/compiler-unittest.cc
+++ b/deps/v8/test/unittests/compiler/compiler-unittest.cc
@@ -20,6 +20,7 @@
 #include "src/objects/allocation-site-inl.h"
 #include "src/objects/objects-inl.h"
 #include "src/objects/shared-function-info.h"
+#include "test/unittests/heap/heap-utils.h"  // For ManualGCScope.
 #include "test/unittests/test-utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
@@ -246,7 +247,7 @@ TEST_F(CompilerTest, Regression236) {
   Factory* factory = i_isolate()->factory();
   v8::HandleScope scope(isolate());
 
-  Handle<Script> script = factory->NewScript(factory->undefined_value());
+  DirectHandle<Script> script = factory->NewScript(factory->undefined_value());
   EXPECT_EQ(-1, Script::GetLineNumber(script, 0));
   EXPECT_EQ(-1, Script::GetLineNumber(script, 100));
   EXPECT_EQ(-1, Script::GetLineNumber(script, -1));
@@ -826,39 +827,46 @@ TEST_F(CompilerTest, DeepEagerCompilationPeakMemory) {
 
   v8::HeapStatistics heap_statistics;
   isolate()->GetHeapStatistics(&heap_statistics);
-  size_t peak_mem_1 = heap_statistics.peak_malloced_memory();
-  printf("peak memory after init:          %8zu\n", peak_mem_1);
-
-  v8::ScriptCompiler::Compile(context(), &script_source,
-                              v8::ScriptCompiler::kNoCompileOptions)
-      .ToLocalChecked();
-
-  isolate()->GetHeapStatistics(&heap_statistics);
-  size_t peak_mem_2 = heap_statistics.peak_malloced_memory();
-  printf("peak memory after lazy compile:  %8zu\n", peak_mem_2);
-
-  v8::ScriptCompiler::Compile(context(), &script_source,
-                              v8::ScriptCompiler::kNoCompileOptions)
-      .ToLocalChecked();
+  size_t peak_mem_after_init = heap_statistics.peak_malloced_memory();
+  printf("peak memory after init:          %8zu\n", peak_mem_after_init);
+
+  // Peak memory during lazy compilation should converge to the same value
+  // (usually after 1-2 iterations).
+  std::vector<size_t> peak_mem_after_lazy_compile;
+  const int kNumLazyCompiles = 5;
+  for (int i = 0; i < kNumLazyCompiles; i++) {
+    v8::ScriptCompiler::Compile(context(), &script_source,
+                                v8::ScriptCompiler::kNoCompileOptions)
+        .ToLocalChecked();
 
-  isolate()->GetHeapStatistics(&heap_statistics);
-  size_t peak_mem_3 = heap_statistics.peak_malloced_memory();
-  printf("peak memory after lazy compile:  %8zu\n", peak_mem_3);
+    isolate()->GetHeapStatistics(&heap_statistics);
+    size_t peak_mem = heap_statistics.peak_malloced_memory();
+    printf("peak memory after lazy compile:  %8zu\n", peak_mem);
+    peak_mem_after_lazy_compile.push_back(peak_mem);
+  }
+  size_t peak_mem_after_first_lazy_compile = peak_mem_after_lazy_compile[0];
+  size_t peak_mem_after_second_to_last_lazy_compile =
+      peak_mem_after_lazy_compile[kNumLazyCompiles - 2];
+  size_t peak_mem_after_last_lazy_compile =
+      peak_mem_after_lazy_compile[kNumLazyCompiles - 1];
 
   v8::ScriptCompiler::Compile(context(), &script_source,
                               v8::ScriptCompiler::kEagerCompile)
       .ToLocalChecked();
 
   isolate()->GetHeapStatistics(&heap_statistics);
-  size_t peak_mem_4 = heap_statistics.peak_malloced_memory();
-  printf("peak memory after eager compile: %8zu\n", peak_mem_4);
-
-  EXPECT_LE(peak_mem_1, peak_mem_2);
-  EXPECT_EQ(peak_mem_2, peak_mem_3);
-  EXPECT_LE(peak_mem_3, peak_mem_4);
+  size_t peak_mem_after_eager_compile = heap_statistics.peak_malloced_memory();
+  printf("peak memory after eager compile: %8zu\n",
+         peak_mem_after_eager_compile);
+
+  EXPECT_LE(peak_mem_after_init, peak_mem_after_first_lazy_compile);
+  EXPECT_EQ(peak_mem_after_second_to_last_lazy_compile,
+            peak_mem_after_last_lazy_compile);
+  EXPECT_LE(peak_mem_after_last_lazy_compile, peak_mem_after_eager_compile);
   // Check that eager compilation does not cause significantly higher (+100%)
   // peak memory than lazy compilation.
-  EXPECT_LE(peak_mem_4 - peak_mem_3, peak_mem_3);
+  EXPECT_LE(peak_mem_after_eager_compile - peak_mem_after_last_lazy_compile,
+            peak_mem_after_last_lazy_compile);
 }
 
 namespace {
@@ -928,5 +936,211 @@ TEST_F(CompilerTest, ProfilerEnabledDuringBackgroundCompile) {
   cpu_profiler->StopProfiling(profile);
 }
 
+using BackgroundMergeTest = TestWithNativeContext;
+
+// Tests that a GC during merge doesn't break the merge.
+TEST_F(BackgroundMergeTest, GCDuringMerge) {
+  v8_flags.verify_code_merge = true;
+
+  HandleScope scope(isolate());
+  const char* source =
+      // f is compiled eagerly thanks to the IIFE hack.
+      "f = (function f(x) {"
+      "  let b = x;"
+      // f is compiled eagerly, so g's SFI exists. But, it is not compiled.
+      "  return function g() {"
+      // g isn't compiled, so h's SFI does not exist.
+      "    return function h() {"
+      "      return b;"
+      "    }"
+      "  }"
+      "})";
+  Handle<String> source_string =
+      isolate()
+          ->factory()
+          ->NewStringFromUtf8(base::CStrVector(source))
+          .ToHandleChecked();
+
+  const int kTopLevelId = 0;
+  const int kFId = 1;
+  const int kGId = 2;
+  const int kHId = 3;
+
+  // Compile the script once to warm up the compilation cache.
+  Handle<JSFunction> old_g;
+  IsCompiledScope old_g_bytecode_keepalive;
+  {
+    // Compile in a new handle scope, so that the script can die while the inner
+    // functions stay alive.
+    HandleScope scope(isolate());
+    ScriptCompiler::CompilationDetails compilation_details;
+    Handle<SharedFunctionInfo> top_level_sfi =
+        Compiler::GetSharedFunctionInfoForScript(
+            isolate(), source_string, ScriptDetails(),
+            v8::ScriptCompiler::kNoCompileOptions,
+            ScriptCompiler::kNoCacheNoReason, NOT_NATIVES_CODE,
+            &compilation_details)
+            .ToHandleChecked();
+
+    {
+      Tagged<Script> script = Cast<Script>(top_level_sfi->script());
+      CHECK(!script->infos()->get(kTopLevelId).IsCleared());
+      CHECK(!script->infos()->get(kFId).IsCleared());
+      CHECK(!script->infos()->get(kGId).IsCleared());
+      // h in the script infos list was never initialized by the compilation, so
+      // it's the default value for a WeakFixedArray, which is `undefined`.
+      CHECK(Is<Undefined>(script->infos()->get(kHId)));
+    }
+
+    Handle<JSFunction> top_level =
+        Factory::JSFunctionBuilder{isolate(), top_level_sfi,
+                                   isolate()->native_context()}
+            .Build();
+
+    Handle<JSObject> global(isolate()->context()->global_object(), isolate());
+    Execution::CallScript(isolate(), top_level, global,
+                          isolate()->factory()->empty_fixed_array())
+        .Check();
+
+    Handle<JSFunction> f = Cast<JSFunction>(
+        JSObject::GetProperty(isolate(), global, "f").ToHandleChecked());
+
+    CHECK(f->is_compiled(isolate()));
+
+    // Execute f to get g's SFI (no g bytecode yet)
+    Handle<JSFunction> g = Cast<JSFunction>(
+        Execution::Call(isolate(), f, global, 0, nullptr).ToHandleChecked());
+    CHECK(!g->is_compiled(isolate()));
+
+    // Execute g's SFI to initialize g's bytecode, and to get h.
+    Handle<JSFunction> h = Cast<JSFunction>(
+        Execution::Call(isolate(), g, global, 0, nullptr).ToHandleChecked());
+    CHECK(g->is_compiled(isolate()));
+    CHECK(!h->is_compiled(isolate()));
+
+    CHECK_EQ(top_level->shared()->function_literal_id(), kTopLevelId);
+    CHECK_EQ(f->shared()->function_literal_id(), kFId);
+    CHECK_EQ(g->shared()->function_literal_id(), kGId);
+    CHECK_EQ(h->shared()->function_literal_id(), kHId);
+
+    // Age everything so that subsequent GCs can pick it up if possible.
+    SharedFunctionInfo::EnsureOldForTesting(top_level->shared());
+    SharedFunctionInfo::EnsureOldForTesting(f->shared());
+    SharedFunctionInfo::EnsureOldForTesting(g->shared());
+    SharedFunctionInfo::EnsureOldForTesting(h->shared());
+    old_g = scope.CloseAndEscape(g);
+  }
+  Handle<Script> old_script(Cast<Script>(old_g->shared()->script()), isolate());
+
+  // Make sure bytecode is cleared...
+  for (int i = 0; i < 3; ++i) {
+    InvokeMajorGC();
+  }
+  CHECK(!old_g->is_compiled(isolate()));
+
+  // The top-level script should now be dead.
+  CHECK(old_script->infos()->get(kTopLevelId).IsCleared());
+  // f should still be alive by global reference.
+  CHECK(!old_script->infos()->get(kFId).IsCleared());
+  // g should be kept alive by our old_g handle.
+  CHECK(!old_script->infos()->get(kGId).IsCleared());
+  // h should be dead since g's bytecode was flushed.
+  CHECK(old_script->infos()->get(kHId).IsCleared());
+
+  // Copy the old_script_infos WeakFixedArray, so that we can inspect it after
+  // the merge mutated the original.
+  Handle<WeakFixedArray> unmutated_old_script_list =
+      isolate()->factory()->CopyWeakFixedArray(
+          direct_handle(old_script->infos(), isolate()));
+
+  {
+    HandleScope scope(isolate());
+    ScriptStreamingData streamed_source(
+        std::make_unique<DummySourceStream>(source),
+        v8::ScriptCompiler::StreamedSource::UTF8);
+    ScriptCompiler::CompilationDetails details;
+    streamed_source.task = std::make_unique<i::BackgroundCompileTask>(
+        &streamed_source, isolate(), ScriptType::kClassic,
+        ScriptCompiler::CompileOptions::kNoCompileOptions, &details);
+
+    streamed_source.task->RunOnMainThread(isolate());
+
+    Handle<SharedFunctionInfo> top_level_sfi;
+    {
+      // Use a manual GC scope, because we want to test a GC in a very precise
+      // spot in the merge.
+      ManualGCScope manual_gc(isolate());
+      // There's one more reference to the old_g -- clear it so that nothing is
+      // keeping it alive
+      CHECK(!old_script->infos()->get(kGId).IsCleared());
+      CHECK(!unmutated_old_script_list->get(kGId).IsCleared());
+      old_g.PatchValue({});
+      CHECK(!old_script->infos()->get(kFId).IsCleared());
+
+      BackgroundMergeTask::ForceGCDuringNextMergeForTesting();
+
+      top_level_sfi = streamed_source.task
+                          ->FinalizeScript(isolate(), source_string,
+                                           ScriptDetails(), old_script)
+                          .ToHandleChecked();
+      CHECK(!old_script->infos()->get(kFId).IsCleared());
+    }
+
+    CHECK_EQ(top_level_sfi->script(), *old_script);
+
+    Handle<JSFunction> top_level =
+        Factory::JSFunctionBuilder{isolate(), top_level_sfi,
+                                   isolate()->native_context()}
+            .Build();
+
+    Handle<JSObject> global(isolate()->context()->global_object(), isolate());
+
+    Handle<JSFunction> f = Cast<JSFunction>(
+        JSObject::GetProperty(isolate(), global, "f").ToHandleChecked());
+
+    // f should normally be compiled (with the old shared function info but the
+    // new bytecode). However, the extra GCs in finalization might cause it to
+    // be flushed, so we can't guarantee this check.
+    // CHECK(f->is_compiled(isolate()));
+
+    // Execute f to get g's SFI (no g bytecode yet)
+    Handle<JSFunction> g = Cast<JSFunction>(
+        Execution::Call(isolate(), f, global, 0, nullptr).ToHandleChecked());
+    CHECK(!g->is_compiled(isolate()));
+
+    // Execute g's SFI to initialize g's bytecode, and to get h.
+    Handle<JSFunction> h = Cast<JSFunction>(
+        Execution::Call(isolate(), g, global, 0, nullptr).ToHandleChecked());
+    CHECK(g->is_compiled(isolate()));
+    CHECK(!h->is_compiled(isolate()));
+
+    CHECK_EQ(top_level->shared()->function_literal_id(), kTopLevelId);
+    CHECK_EQ(f->shared()->function_literal_id(), kFId);
+    CHECK_EQ(g->shared()->function_literal_id(), kGId);
+    CHECK_EQ(h->shared()->function_literal_id(), kHId);
+
+    CHECK_EQ(top_level->shared()->script(), *old_script);
+    CHECK_EQ(f->shared()->script(), *old_script);
+    CHECK_EQ(g->shared()->script(), *old_script);
+    CHECK_EQ(h->shared()->script(), *old_script);
+
+    CHECK_EQ(MakeWeak(top_level->shared()),
+             old_script->infos()->get(kTopLevelId));
+    CHECK_EQ(MakeWeak(f->shared()), old_script->infos()->get(kFId));
+    CHECK_EQ(MakeWeak(g->shared()), old_script->infos()->get(kGId));
+    CHECK_EQ(MakeWeak(h->shared()), old_script->infos()->get(kHId));
+
+    // The old top-level died, so we have a new one.
+    CHECK_NE(MakeWeak(top_level->shared()),
+             unmutated_old_script_list->get(kTopLevelId));
+    // The old f was still alive, so it's the same.
+    CHECK_EQ(MakeWeak(f->shared()), unmutated_old_script_list->get(kFId));
+    // The old g was still alive, so it's the same.
+    CHECK_EQ(MakeWeak(g->shared()), unmutated_old_script_list->get(kGId));
+    // The old h died, so it's different.
+    CHECK_NE(MakeWeak(h->shared()), unmutated_old_script_list->get(kHId));
+  }
+}
+
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/test/unittests/compiler/function-tester.h b/deps/v8/test/unittests/compiler/function-tester.h
index 926264a5c1673e..ae7b02bf085892 100644
--- a/deps/v8/test/unittests/compiler/function-tester.h
+++ b/deps/v8/test/unittests/compiler/function-tester.h
@@ -67,11 +67,13 @@ class FunctionTester {
     return CheckCall(expected, a, b, undefined());
   }
 
-  void CheckCall(Handle<Object> expected, Handle<Object> a) {
+  void CheckCall(DirectHandle<Object> expected, Handle<Object> a) {
     CheckCall(expected, a, undefined());
   }
 
-  void CheckCall(Handle<Object> expected) { CheckCall(expected, undefined()); }
+  void CheckCall(DirectHandle<Object> expected) {
+    CheckCall(expected, undefined());
+  }
 
   void CheckCall(double expected, double a, double b) {
     CheckCall(NewNumber(expected), NewNumber(a), NewNumber(b));
diff --git a/deps/v8/test/unittests/compiler/run-jscalls-unittest.cc b/deps/v8/test/unittests/compiler/run-jscalls-unittest.cc
index 84a10af22b9649..bec9ec6e760b51 100644
--- a/deps/v8/test/unittests/compiler/run-jscalls-unittest.cc
+++ b/deps/v8/test/unittests/compiler/run-jscalls-unittest.cc
@@ -152,7 +152,7 @@ TEST_F(RunJSCallsTest, RuntimeCall) {
 
 TEST_F(RunJSCallsTest, EvalCall) {
   FunctionTester T(i_isolate(), "(function(a,b) { return eval(a); })");
-  Handle<JSObject> g(T.function->context()->global_proxy(), T.isolate);
+  DirectHandle<JSObject> g(T.function->context()->global_proxy(), T.isolate);
 
   T.CheckCall(T.NewNumber(23), T.NewString("17 + 6"), T.undefined());
   T.CheckCall(T.NewString("'Y'; a"), T.NewString("'Y'; a"),
@@ -177,7 +177,7 @@ TEST_F(RunJSCallsTest, ReceiverPatching) {
   // patches an undefined receiver to the global receiver. If this starts to
   // fail once we fix the calling protocol, just remove this test.
   FunctionTester T(i_isolate(), "(function(a) { return this; })");
-  Handle<JSObject> g(T.function->context()->global_proxy(), T.isolate);
+  DirectHandle<JSObject> g(T.function->context()->global_proxy(), T.isolate);
   T.CheckCall(g, T.undefined());
 }
 
diff --git a/deps/v8/test/unittests/compiler/turboshaft/snapshot-table-unittest.cc b/deps/v8/test/unittests/compiler/turboshaft/snapshot-table-unittest.cc
index e879e3bc7157df..641f6a07224add 100644
--- a/deps/v8/test/unittests/compiler/turboshaft/snapshot-table-unittest.cc
+++ b/deps/v8/test/unittests/compiler/turboshaft/snapshot-table-unittest.cc
@@ -4,7 +4,6 @@
 
 #include "src/compiler/turboshaft/snapshot-table.h"
 
-#include "src/base/optional.h"
 #include "src/base/vector.h"
 #include "test/unittests/test-utils.h"
 
diff --git a/deps/v8/test/unittests/compiler/turboshaft/wasm-simd-unittest.cc b/deps/v8/test/unittests/compiler/turboshaft/wasm-simd-unittest.cc
new file mode 100644
index 00000000000000..5cfaa19b3b5ebe
--- /dev/null
+++ b/deps/v8/test/unittests/compiler/turboshaft/wasm-simd-unittest.cc
@@ -0,0 +1,186 @@
+// Copyright 2024 the V8 project authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "src/base/vector.h"
+#include "src/compiler/turboshaft/assembler.h"
+#include "src/compiler/turboshaft/copying-phase.h"
+#include "src/compiler/turboshaft/dead-code-elimination-reducer.h"
+#include "src/compiler/turboshaft/machine-optimization-reducer.h"
+#include "src/compiler/turboshaft/operations.h"
+#include "src/compiler/turboshaft/representations.h"
+#include "src/compiler/turboshaft/required-optimization-reducer.h"
+#include "test/common/flag-utils.h"
+#include "test/unittests/compiler/turboshaft/reducer-test.h"
+
+namespace v8::internal::compiler::turboshaft {
+
+#include "src/compiler/turboshaft/define-assembler-macros.inc"
+
+class WasmSimdTest : public ReducerTest {
+  // Some of the optimizations only apply with the new instruction selection and
+  // are not supported by the Turbofan ISel / the RecreateSchedulePhase.
+  FlagScope<bool> force_new_isel_{
+      &v8_flags.turboshaft_wasm_instruction_selection_staged, true};
+};
+
+TEST_F(WasmSimdTest, UpperToLowerF32x4AddReduce) {
+  auto test = CreateFromGraph(1, [](auto& Asm) {
+    auto SplatKind = Simd128SplatOp::Kind::kF32x4;
+    auto AddKind = Simd128BinopOp::Kind::kF32x4Add;
+    auto ExtractKind = Simd128ExtractLaneOp::Kind::kF32x4;
+
+    constexpr uint8_t upper_to_lower_1[kSimd128Size] = {
+        8, 9, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0};
+    constexpr uint8_t upper_to_lower_2[kSimd128Size] = {4, 5, 6, 7, 0, 0, 0, 0,
+                                                        0, 0, 0, 0, 0, 0, 0, 0};
+
+    V<Simd128> input = __ Simd128Splat(__ Float32Constant(1.0), SplatKind);
+    V<Simd128> first_shuffle =
+        __ Simd128Shuffle(input, input, upper_to_lower_1);
+    V<Simd128> first_add = __ Simd128Binop(input, first_shuffle, AddKind);
+    V<Simd128> second_shuffle =
+        __ Simd128Shuffle(first_add, first_add, upper_to_lower_2);
+    V<Simd128> second_add = __ Simd128Binop(first_add, second_shuffle, AddKind);
+    __ Return(__ Simd128ExtractLane(second_add, ExtractKind, 0));
+  });
+
+  test.Run<MachineOptimizationReducer>();
+  test.Run<DeadCodeEliminationReducer>();
+  // We can only match pairwise fp operations.
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 0u);
+}
+
+TEST_F(WasmSimdTest, AlmostUpperToLowerI16x8AddReduce) {
+  auto test = CreateFromGraph(1, [](auto& Asm) {
+    auto SplatKind = Simd128SplatOp::Kind::kI16x8;
+    auto AddKind = Simd128BinopOp::Kind::kI16x8Add;
+    auto ExtractKind = Simd128ExtractLaneOp::Kind::kI16x8U;
+
+    constexpr uint8_t almost_upper_to_lower_1[kSimd128Size] = {
+        0, 0, 8, 9, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0,
+    };
+    constexpr uint8_t upper_to_lower_2[kSimd128Size] = {4, 5, 6, 7, 0, 0, 0, 0,
+                                                        0, 0, 0, 0, 0, 0, 0, 0};
+    constexpr uint8_t upper_to_lower_3[kSimd128Size] = {2, 3, 0, 0, 0, 0, 0, 0,
+                                                        0, 0, 0, 0, 0, 0, 0, 0};
+
+    V<Simd128> input = __ Simd128Splat(Asm.GetParameter(0), SplatKind);
+    V<Simd128> first_shuffle =
+        __ Simd128Shuffle(input, input, almost_upper_to_lower_1);
+    V<Simd128> first_add = __ Simd128Binop(input, first_shuffle, AddKind);
+    V<Simd128> second_shuffle =
+        __ Simd128Shuffle(first_add, first_add, upper_to_lower_2);
+    V<Simd128> second_add = __ Simd128Binop(first_add, second_shuffle, AddKind);
+    V<Simd128> third_shuffle =
+        __ Simd128Shuffle(second_add, second_add, upper_to_lower_3);
+    V<Simd128> third_add = __ Simd128Binop(second_add, third_shuffle, AddKind);
+    __ Return(__ Simd128ExtractLane(third_add, ExtractKind, 0));
+  });
+
+  test.Run<MachineOptimizationReducer>();
+  test.Run<DeadCodeEliminationReducer>();
+
+  // The first shuffle is not the one we're looking for.
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 0u);
+}
+
+TEST_F(WasmSimdTest, UpperToLowerI32x4AddReduce) {
+  auto test = CreateFromGraph(1, [](auto& Asm) {
+    auto SplatKind = Simd128SplatOp::Kind::kI32x4;
+    auto AddKind = Simd128BinopOp::Kind::kI32x4Add;
+    auto ExtractKind = Simd128ExtractLaneOp::Kind::kI32x4;
+
+    constexpr uint8_t upper_to_lower_1[kSimd128Size] = {
+        8, 9, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0};
+    constexpr uint8_t upper_to_lower_2[kSimd128Size] = {4, 5, 6, 7, 0, 0, 0, 0,
+                                                        0, 0, 0, 0, 0, 0, 0, 0};
+
+    V<Simd128> input = __ Simd128Splat(Asm.GetParameter(0), SplatKind);
+    V<Simd128> first_shuffle =
+        __ Simd128Shuffle(input, input, upper_to_lower_1);
+    V<Simd128> first_add = __ Simd128Binop(input, first_shuffle, AddKind);
+    V<Simd128> second_shuffle =
+        __ Simd128Shuffle(first_add, first_add, upper_to_lower_2);
+    V<Simd128> second_add = __ Simd128Binop(first_add, second_shuffle, AddKind);
+    __ Return(__ Simd128ExtractLane(second_add, ExtractKind, 0));
+  });
+
+  test.Run<MachineOptimizationReducer>();
+  test.Run<DeadCodeEliminationReducer>();
+
+#ifdef V8_TARGET_ARCH_ARM64
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Shuffle), 0u);
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 1u);
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128ExtractLane), 1u);
+#else
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 0u);
+#endif
+}
+
+TEST_F(WasmSimdTest, PairwiseF32x4AddReduce) {
+  auto test = CreateFromGraph(1, [](auto& Asm) {
+    auto SplatKind = Simd128SplatOp::Kind::kF32x4;
+    auto AddKind = Simd128BinopOp::Kind::kF32x4Add;
+    auto ExtractKind = Simd128ExtractLaneOp::Kind::kF32x4;
+
+    constexpr uint8_t upper_to_lower_1[kSimd128Size] = {
+        4, 5, 6, 7, 0, 0, 0, 0, 12, 13, 14, 15, 0, 0, 0, 0};
+    constexpr uint8_t upper_to_lower_2[kSimd128Size] = {
+        8, 9, 10, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+    V<Simd128> input = __ Simd128Splat(__ Float32Constant(1.0), SplatKind);
+    V<Simd128> first_shuffle =
+        __ Simd128Shuffle(input, input, upper_to_lower_1);
+    V<Simd128> first_add = __ Simd128Binop(input, first_shuffle, AddKind);
+    V<Simd128> second_shuffle =
+        __ Simd128Shuffle(first_add, first_add, upper_to_lower_2);
+    V<Simd128> second_add = __ Simd128Binop(first_add, second_shuffle, AddKind);
+    __ Return(__ Simd128ExtractLane(second_add, ExtractKind, 0));
+  });
+
+  test.Run<MachineOptimizationReducer>();
+  test.Run<DeadCodeEliminationReducer>();
+
+#ifdef V8_TARGET_ARCH_ARM64
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Shuffle), 0u);
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 1u);
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128ExtractLane), 1u);
+#else
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 0u);
+#endif
+}
+
+TEST_F(WasmSimdTest, AlmostPairwiseF32x4AddReduce) {
+  auto test = CreateFromGraph(1, [](auto& Asm) {
+    auto SplatKind = Simd128SplatOp::Kind::kF32x4;
+    auto AddKind = Simd128BinopOp::Kind::kF32x4Add;
+    auto ExtractKind = Simd128ExtractLaneOp::Kind::kF32x4;
+
+    constexpr uint8_t upper_to_lower_1[kSimd128Size] = {
+        4, 5, 6, 7, 0, 0, 0, 0, 12, 13, 14, 15, 0, 0, 0, 0};
+    constexpr uint8_t upper_to_lower_2[kSimd128Size] = {
+        8, 9, 10, 11, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+    V<Simd128> input = __ Simd128Splat(__ Float32Constant(1.0), SplatKind);
+    V<Simd128> first_shuffle =
+        __ Simd128Shuffle(input, input, upper_to_lower_1);
+    V<Simd128> first_add = __ Simd128Binop(input, first_shuffle, AddKind);
+    V<Simd128> second_shuffle =
+        __ Simd128Shuffle(first_add, first_add, upper_to_lower_2);
+    V<Simd128> tricksy_add = __ Simd128Binop(first_add, first_add, AddKind);
+    V<Simd128> second_add =
+        __ Simd128Binop(tricksy_add, second_shuffle, AddKind);
+    __ Return(__ Simd128ExtractLane(second_add, ExtractKind, 0));
+  });
+
+  test.Run<MachineOptimizationReducer>();
+  test.Run<DeadCodeEliminationReducer>();
+
+  // There's an additional addition.
+  ASSERT_EQ(test.CountOp(Opcode::kSimd128Reduce), 0u);
+}
+
+#include "src/compiler/turboshaft/undef-assembler-macros.inc"
+
+}  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/test/unittests/compiler/x64/turboshaft-instruction-selector-x64-unittest.cc b/deps/v8/test/unittests/compiler/x64/turboshaft-instruction-selector-x64-unittest.cc
index ef9d5c82e94534..cf13f5ab4acf37 100644
--- a/deps/v8/test/unittests/compiler/x64/turboshaft-instruction-selector-x64-unittest.cc
+++ b/deps/v8/test/unittests/compiler/x64/turboshaft-instruction-selector-x64-unittest.cc
@@ -2319,15 +2319,14 @@ INSTANTIATE_TEST_SUITE_P(TurboshaftInstructionSelectorTest,
                          TurboshaftInstructionSelectorSIMDSwizzleConstantTest,
                          ::testing::ValuesIn(kSwizzleConstants));
 
-#if 0
 TEST_F(TurboshaftInstructionSelectorTest,
        F64x2PromoteLowF32x4WithS128Load64Zero) {
   StreamBuilder m(this, MachineType::Simd128(), MachineType::Int64());
-  OpIndex const load = m.Simd128LoadTransform(
-      m.Int64Constant(2), m.Parameter(0),
+  V<Simd128> const load = m.Simd128LoadTransform(
+      m.Parameter(0), m.Int64Constant(2),
       Simd128LoadTransformOp::LoadKind::RawAligned().Protected(),
       Simd128LoadTransformOp::TransformKind::k64Zero, 0);
-  OpIndex const promote = m.F64x2PromoteLowF32x4(load);
+  V<Simd128> const promote = m.F64x2PromoteLowF32x4(load);
   m.Return(promote);
   Stream s = m.Build();
   ASSERT_EQ(1U, s.size());
@@ -2336,7 +2335,7 @@ TEST_F(TurboshaftInstructionSelectorTest,
   EXPECT_EQ(2U, s[0]->InputCount());
   EXPECT_EQ(1U, s[0]->OutputCount());
 }
-#endif
+
 #endif  // V8_ENABLE_WEBASSEMBLY
 
 }  // namespace v8::internal::compiler::turboshaft
diff --git a/deps/v8/test/unittests/execution/microtask-queue-unittest.cc b/deps/v8/test/unittests/execution/microtask-queue-unittest.cc
index 841d52d9be385c..ee89594cf57112 100644
--- a/deps/v8/test/unittests/execution/microtask-queue-unittest.cc
+++ b/deps/v8/test/unittests/execution/microtask-queue-unittest.cc
@@ -430,7 +430,7 @@ TEST_P(MicrotaskQueueTest, DetachGlobal_ResolveThenableForeignThen) {
       "result");
   Handle<JSFunction> then = RunJS<JSFunction>("() => { result[0] = true; }");
 
-  Handle<JSPromise> stale_promise;
+  DirectHandle<JSPromise> stale_promise;
 
   {
     // Create a context with its own microtask queue.
@@ -597,7 +597,7 @@ TEST_P(MicrotaskQueueTest, DetachGlobal_InactiveHandler) {
 
   Handle<JSArray> result;
   Handle<JSFunction> stale_handler;
-  Handle<JSPromise> stale_promise;
+  DirectHandle<JSPromise> stale_promise;
   {
     v8::Context::Scope scope(sub_context);
     result = RunJS<JSArray>("var result = [false, false]; result");
diff --git a/deps/v8/test/unittests/execution/pointer-auth-arm64-unittest.cc b/deps/v8/test/unittests/execution/pointer-auth-arm64-unittest.cc
index 188db280ffeec1..23e287f7c979a0 100644
--- a/deps/v8/test/unittests/execution/pointer-auth-arm64-unittest.cc
+++ b/deps/v8/test/unittests/execution/pointer-auth-arm64-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/codegen/arm64/decoder-arm64-inl.h"
 #include "src/execution/arm64/simulator-arm64.h"
 #include "src/execution/pointer-authentication.h"
@@ -60,9 +62,9 @@ Address GetAlternativeRawCodeAddress() {
 
 // If the platform supports it, corrupt the PAC of |address| so that
 // authenticating it will cause a crash.
-base::Optional<Address> CorruptPACIfSupported(Isolate* isolate,
-                                              Address address) {
-  if constexpr (!ENABLE_CONTROL_FLOW_INTEGRITY_BOOL) return base::nullopt;
+std::optional<Address> CorruptPACIfSupported(Isolate* isolate,
+                                             Address address) {
+  if constexpr (!ENABLE_CONTROL_FLOW_INTEGRITY_BOOL) return std::nullopt;
 
   // First, find where in an address the PAC is located.
 
@@ -76,7 +78,7 @@ base::Optional<Address> CorruptPACIfSupported(Isolate* isolate,
   // If the PAC bits are zero then StripPAC() was a no-op. This means pointer
   // authentication isn't supported.
   if (pac_mask == 0) {
-    return base::nullopt;
+    return std::nullopt;
   }
 
   // At this point, pointer authentication is supported, but individual keys
@@ -105,7 +107,7 @@ base::Optional<Address> CorruptPACIfSupported(Isolate* isolate,
 
   // None of the slots were signed with a non-zero PAC, assume this means PAC
   // isn't enabled.
-  return base::nullopt;
+  return std::nullopt;
 }
 
 }  // namespace
diff --git a/deps/v8/test/unittests/heap/base/bytes-unittest.cc b/deps/v8/test/unittests/heap/base/bytes-unittest.cc
index 6fc32ed7fe159d..9bcd987d0ec71f 100644
--- a/deps/v8/test/unittests/heap/base/bytes-unittest.cc
+++ b/deps/v8/test/unittests/heap/base/bytes-unittest.cc
@@ -4,7 +4,8 @@
 
 #include "src/heap/base/bytes.h"
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace heap::base {
@@ -23,7 +24,7 @@ TEST(BytesAndDurationTest, InitialAsAverage) {
       AverageSpeed(
           buffer,
           BytesAndDuration(100, v8::base::TimeDelta::FromMilliseconds(2)),
-          v8::base::nullopt));
+          std::nullopt));
 }
 
 TEST(BytesAndDurationTest, SelectedDuration) {
@@ -41,18 +42,16 @@ TEST(BytesAndDurationTest, SelectedDuration) {
 
 TEST(BytesAndDurationTest, Empty) {
   BytesAndDurationBuffer buffer;
-  EXPECT_DOUBLE_EQ(0.0,
-                   AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+  EXPECT_DOUBLE_EQ(0.0, AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
 }
 
 TEST(BytesAndDurationTest, Clear) {
   BytesAndDurationBuffer buffer;
   buffer.Push(BytesAndDuration(100, v8::base::TimeDelta::FromMilliseconds(2)));
   EXPECT_DOUBLE_EQ(100.0 / 2,
-                   AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+                   AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
   buffer.Clear();
-  EXPECT_DOUBLE_EQ(0.0,
-                   AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+  EXPECT_DOUBLE_EQ(0.0, AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
 }
 
 TEST(BytesAndDurationTest, MaxSpeed) {
@@ -60,8 +59,8 @@ TEST(BytesAndDurationTest, MaxSpeed) {
   static constexpr size_t kMaxBytesPerMs = 1024;
   buffer.Push(BytesAndDuration(kMaxBytesPerMs,
                                v8::base::TimeDelta::FromMillisecondsD(0.5)));
-  const double bounded_speed = AverageSpeed(
-      buffer, BytesAndDuration(), v8::base::nullopt, 0, kMaxBytesPerMs);
+  const double bounded_speed =
+      AverageSpeed(buffer, BytesAndDuration(), std::nullopt, 0, kMaxBytesPerMs);
   EXPECT_DOUBLE_EQ(double{kMaxBytesPerMs}, bounded_speed);
 }
 
@@ -70,8 +69,8 @@ TEST(BytesAndDurationTest, MinSpeed) {
   static constexpr size_t kMinBytesPerMs = 1;
   buffer.Push(BytesAndDuration(kMinBytesPerMs,
                                v8::base::TimeDelta::FromMillisecondsD(2)));
-  const double bounded_speed = AverageSpeed(buffer, BytesAndDuration(),
-                                            v8::base::nullopt, kMinBytesPerMs);
+  const double bounded_speed =
+      AverageSpeed(buffer, BytesAndDuration(), std::nullopt, kMinBytesPerMs);
   EXPECT_DOUBLE_EQ(double{kMinBytesPerMs}, bounded_speed);
 }
 
@@ -82,17 +81,16 @@ TEST(BytesAndDurationTest, RingBufferAverage) {
     sum += i + 1;
     buffer.Push(
         BytesAndDuration(i + 1, v8::base::TimeDelta::FromMillisecondsD(1)));
-    EXPECT_DOUBLE_EQ(
-        static_cast<double>(sum) / (i + 1),
-        AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+    EXPECT_DOUBLE_EQ(static_cast<double>(sum) / (i + 1),
+                     AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
   }
   EXPECT_DOUBLE_EQ(static_cast<double>(sum) / BytesAndDurationBuffer::kSize,
-                   AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+                   AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
   // Overflow the ring buffer.
   buffer.Push(BytesAndDuration(100, v8::base::TimeDelta::FromMilliseconds(1)));
   EXPECT_DOUBLE_EQ(
       static_cast<double>(sum + 100 - 1) / BytesAndDurationBuffer::kSize,
-      AverageSpeed(buffer, BytesAndDuration(), v8::base::nullopt));
+      AverageSpeed(buffer, BytesAndDuration(), std::nullopt));
 }
 
 }  // namespace heap::base
diff --git a/deps/v8/test/unittests/heap/conservative-stack-visitor-unittest.cc b/deps/v8/test/unittests/heap/conservative-stack-visitor-unittest.cc
index 62e3b3968ecaa6..e21d7372d9effc 100644
--- a/deps/v8/test/unittests/heap/conservative-stack-visitor-unittest.cc
+++ b/deps/v8/test/unittests/heap/conservative-stack-visitor-unittest.cc
@@ -17,6 +17,7 @@ namespace {
 enum : int {
   kRegularObject = 0,
   kCodeObject = 1,
+  kTrustedObject = 2,
   kNumberOfObjects
 };
 // clang-format on
@@ -26,10 +27,11 @@ class RecordingVisitor final : public RootVisitor {
   V8_NOINLINE explicit RecordingVisitor(Isolate* isolate) {
     HandleScope scope(isolate);
     // Allocate some regular object.
-    the_object_[kRegularObject] =
-        *isolate->factory()->NewFixedArray(256, AllocationType::kOld);
+    the_object_[kRegularObject] = AllocateRegularObject(isolate, 256);
     // Allocate a code object.
     the_object_[kCodeObject] = AllocateCodeObject(isolate, 256);
+    // Allocate a trusted object.
+    the_object_[kTrustedObject] = AllocateTrustedObject(isolate, 256);
     // Mark the objects as not found;
     for (int i = 0; i < kNumberOfObjects; ++i) found_[i] = false;
   }
@@ -71,6 +73,10 @@ class RecordingVisitor final : public RootVisitor {
     return the_object_[index];
   }
 
+  Tagged<FixedArray> AllocateRegularObject(Isolate* isolate, int size) {
+    return *isolate->factory()->NewFixedArray(size, AllocationType::kOld);
+  }
+
   Tagged<InstructionStream> AllocateCodeObject(Isolate* isolate, int size) {
     Assembler assm(AssemblerOptions{});
 
@@ -84,6 +90,10 @@ class RecordingVisitor final : public RootVisitor {
     return code->instruction_stream();
   }
 
+  Tagged<TrustedFixedArray> AllocateTrustedObject(Isolate* isolate, int size) {
+    return *isolate->factory()->NewTrustedFixedArray(size);
+  }
+
   // Some heap objects that we want to check if they are visited or not.
   Tagged<HeapObject> the_object_[kNumberOfObjects];
 
@@ -113,6 +123,7 @@ TEST_F(ConservativeStackVisitorTest, DirectBasePointer) {
   {
     volatile Address regular_ptr = recorder->base_address(kRegularObject);
     volatile Address code_ptr = recorder->base_address(kCodeObject);
+    volatile Address trusted_ptr = recorder->base_address(kTrustedObject);
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -120,11 +131,13 @@ TEST_F(ConservativeStackVisitorTest, DirectBasePointer) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(kNullAddress, regular_ptr);
     EXPECT_NE(kNullAddress, code_ptr);
+    EXPECT_NE(kNullAddress, trusted_ptr);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 TEST_F(ConservativeStackVisitorTest, TaggedBasePointer) {
@@ -137,6 +150,7 @@ TEST_F(ConservativeStackVisitorTest, TaggedBasePointer) {
   {
     volatile Address regular_ptr = recorder->tagged_address(kRegularObject);
     volatile Address code_ptr = recorder->tagged_address(kCodeObject);
+    volatile Address trusted_ptr = recorder->tagged_address(kTrustedObject);
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -144,11 +158,13 @@ TEST_F(ConservativeStackVisitorTest, TaggedBasePointer) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(kNullAddress, regular_ptr);
     EXPECT_NE(kNullAddress, code_ptr);
+    EXPECT_NE(kNullAddress, trusted_ptr);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 TEST_F(ConservativeStackVisitorTest, InnerPointer) {
@@ -161,6 +177,7 @@ TEST_F(ConservativeStackVisitorTest, InnerPointer) {
   {
     volatile Address regular_ptr = recorder->inner_address(kRegularObject);
     volatile Address code_ptr = recorder->inner_address(kCodeObject);
+    volatile Address trusted_ptr = recorder->inner_address(kTrustedObject);
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -168,11 +185,13 @@ TEST_F(ConservativeStackVisitorTest, InnerPointer) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(kNullAddress, regular_ptr);
     EXPECT_NE(kNullAddress, code_ptr);
+    EXPECT_NE(kNullAddress, trusted_ptr);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 #ifdef V8_COMPRESS_POINTERS
@@ -188,6 +207,8 @@ TEST_F(ConservativeStackVisitorTest, HalfWord1) {
     volatile uint32_t regular_ptr[] = {recorder->compr_address(kRegularObject),
                                        0};
     volatile uint32_t code_ptr[] = {recorder->compr_address(kCodeObject), 0};
+    volatile uint32_t trusted_ptr[] = {recorder->compr_address(kTrustedObject),
+                                       0};
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -195,11 +216,13 @@ TEST_F(ConservativeStackVisitorTest, HalfWord1) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(static_cast<uint32_t>(0), regular_ptr[0]);
     EXPECT_NE(static_cast<uint32_t>(0), code_ptr[0]);
+    EXPECT_NE(static_cast<uint32_t>(0), trusted_ptr[0]);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 TEST_F(ConservativeStackVisitorTest, HalfWord2) {
@@ -213,6 +236,8 @@ TEST_F(ConservativeStackVisitorTest, HalfWord2) {
     volatile uint32_t regular_ptr[] = {0,
                                        recorder->compr_address(kRegularObject)};
     volatile uint32_t code_ptr[] = {0, recorder->compr_address(kCodeObject)};
+    volatile uint32_t trusted_ptr[] = {0,
+                                       recorder->compr_address(kTrustedObject)};
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -220,11 +245,13 @@ TEST_F(ConservativeStackVisitorTest, HalfWord2) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(static_cast<uint32_t>(0), regular_ptr[1]);
     EXPECT_NE(static_cast<uint32_t>(0), code_ptr[1]);
+    EXPECT_NE(static_cast<uint32_t>(0), trusted_ptr[1]);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 TEST_F(ConservativeStackVisitorTest, InnerHalfWord1) {
@@ -238,6 +265,8 @@ TEST_F(ConservativeStackVisitorTest, InnerHalfWord1) {
     volatile uint32_t regular_ptr[] = {recorder->compr_inner(kRegularObject),
                                        0};
     volatile uint32_t code_ptr[] = {recorder->compr_inner(kCodeObject), 0};
+    volatile uint32_t trusted_ptr[] = {recorder->compr_inner(kTrustedObject),
+                                       0};
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -245,11 +274,13 @@ TEST_F(ConservativeStackVisitorTest, InnerHalfWord1) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(static_cast<uint32_t>(0), regular_ptr[0]);
     EXPECT_NE(static_cast<uint32_t>(0), code_ptr[0]);
+    EXPECT_NE(static_cast<uint32_t>(0), trusted_ptr[0]);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 TEST_F(ConservativeStackVisitorTest, InnerHalfWord2) {
@@ -263,6 +294,8 @@ TEST_F(ConservativeStackVisitorTest, InnerHalfWord2) {
     volatile uint32_t regular_ptr[] = {0,
                                        recorder->compr_inner(kRegularObject)};
     volatile uint32_t code_ptr[] = {0, recorder->compr_inner(kCodeObject)};
+    volatile uint32_t trusted_ptr[] = {0,
+                                       recorder->compr_inner(kTrustedObject)};
 
     ConservativeStackVisitor stack_visitor(isolate(), recorder.get());
     heap()->stack().IteratePointersForTesting(&stack_visitor);
@@ -270,11 +303,13 @@ TEST_F(ConservativeStackVisitorTest, InnerHalfWord2) {
     // Make sure to keep the pointers alive.
     EXPECT_NE(static_cast<uint32_t>(0), regular_ptr[1]);
     EXPECT_NE(static_cast<uint32_t>(0), code_ptr[1]);
+    EXPECT_NE(static_cast<uint32_t>(0), trusted_ptr[1]);
   }
 
   // The objects should have been visited.
   EXPECT_TRUE(recorder->found(kRegularObject));
   EXPECT_TRUE(recorder->found(kCodeObject));
+  EXPECT_TRUE(recorder->found(kTrustedObject));
 }
 
 #endif  // V8_COMPRESS_POINTERS
diff --git a/deps/v8/test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc b/deps/v8/test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc
index 13257d9d715fcf..746d0c57121bf6 100644
--- a/deps/v8/test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc-js/embedder-roots-handler-unittest.cc
@@ -107,6 +107,7 @@ void TracedReferenceTest(v8::Isolate* isolate,
                          ModifierFunction modifier_function,
                          GCFunction gc_function, SurvivalMode survives) {
   auto i_isolate = reinterpret_cast<i::Isolate*>(isolate);
+  ManualGCScope manual_gc_scope(i_isolate);
   DisableConservativeStackScanningScopeForTesting no_stack_scanning(
       i_isolate->heap());
   v8::HandleScope scope(isolate);
diff --git a/deps/v8/test/unittests/heap/cppgc-js/unified-heap-snapshot-unittest.cc b/deps/v8/test/unittests/heap/cppgc-js/unified-heap-snapshot-unittest.cc
index e2a6eaef6650a5..78eb0e25d11932 100644
--- a/deps/v8/test/unittests/heap/cppgc-js/unified-heap-snapshot-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc-js/unified-heap-snapshot-unittest.cc
@@ -605,6 +605,42 @@ constexpr uint8_t kExpectedDetachedValueForDetached =
 
 }  // namespace
 
+TEST_F(UnifiedHeapSnapshotTest, DetachedObjectsRetainedByJSReference) {
+  v8::Isolate* isolate = v8_isolate();
+  v8::HandleScope scope(isolate);
+  v8::HeapProfiler* heap_profiler = isolate->GetHeapProfiler();
+  heap_profiler->SetGetDetachednessCallback(
+      DetachednessHandler::GetDetachedness, nullptr);
+  // Test ensures that objects that are retained by a JS reference are obtained
+  // by the GetDetachedJSWrapperObjects() function
+  JsTestingScope testing_scope(v8_isolate());
+  cppgc::Persistent<GCedWithJSRef> gc_w_js_ref = SetupWrapperWrappablePair(
+      testing_scope, allocation_handle(), "Obj",
+      v8::EmbedderGraph::Node::Detachedness ::kDetached);
+  // Ensure we are obtaining a Detached Wrapper
+  CHECK_EQ(1, heap_profiler->GetDetachedJSWrapperObjects().size());
+
+  cppgc::Persistent<GCedWithJSRef> gc_w_js_ref_not_detached =
+      SetupWrapperWrappablePair(
+          testing_scope, allocation_handle(), "Obj",
+          v8::EmbedderGraph::Node::Detachedness ::kAttached);
+  cppgc::Persistent<GCedWithJSRef> gc_w_js_ref_unknown =
+      SetupWrapperWrappablePair(
+          testing_scope, allocation_handle(), "Obj",
+          v8::EmbedderGraph::Node::Detachedness ::kUnknown);
+  // Ensure we are only obtaining Wrappers that are Detached
+  CHECK_EQ(1, heap_profiler->GetDetachedJSWrapperObjects().size());
+
+  cppgc::Persistent<GCedWithJSRef> gc_w_js_ref2 = SetupWrapperWrappablePair(
+      testing_scope, allocation_handle(), "Obj",
+      v8::EmbedderGraph::Node::Detachedness ::kDetached);
+  cppgc::Persistent<GCedWithJSRef> gc_w_js_ref3 = SetupWrapperWrappablePair(
+      testing_scope, allocation_handle(), "Obj",
+      v8::EmbedderGraph::Node::Detachedness ::kDetached);
+  // Ensure we are obtaining all Detached Wrappers
+  CHECK_EQ(3, heap_profiler->GetDetachedJSWrapperObjects().size());
+}
+
 TEST_F(UnifiedHeapSnapshotTest, NoTriggerForStandAloneTracedReference) {
   // Test ensures that C++ objects with TracedReference have their V8 objects
   // not merged and queried for detachedness if the backreference is invalid.
diff --git a/deps/v8/test/unittests/heap/cppgc-js/unified-heap-unittest.cc b/deps/v8/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
index 89c95c8164c673..42f1a3f191632e 100644
--- a/deps/v8/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc-js/unified-heap-unittest.cc
@@ -482,6 +482,7 @@ class GCedWithHeapRef final : public cppgc::GarbageCollected<GCedWithHeapRef> {
 V8_NOINLINE void StackToHeapTest(v8::Isolate* v8_isolate, Operation op,
                                  TargetHandling target_handling) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
+  i::ManualGCScope manual_gc_scope(i_isolate);
   v8::Global<v8::Object> observer;
   v8::TracedReference<v8::Value> stack_handle;
   v8::CppHeap* cpp_heap = v8_isolate->GetCppHeap();
@@ -530,6 +531,7 @@ V8_NOINLINE void StackToHeapTest(v8::Isolate* v8_isolate, Operation op,
 V8_NOINLINE void HeapToStackTest(v8::Isolate* v8_isolate, Operation op,
                                  TargetHandling target_handling) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
+  i::ManualGCScope manual_gc_scope(i_isolate);
   v8::Global<v8::Object> observer;
   v8::TracedReference<v8::Value> stack_handle;
   v8::CppHeap* cpp_heap = v8_isolate->GetCppHeap();
@@ -578,6 +580,7 @@ V8_NOINLINE void HeapToStackTest(v8::Isolate* v8_isolate, Operation op,
 V8_NOINLINE void StackToStackTest(v8::Isolate* v8_isolate, Operation op,
                                   TargetHandling target_handling) {
   i::Isolate* i_isolate = reinterpret_cast<i::Isolate*>(v8_isolate);
+  i::ManualGCScope manual_gc_scope(i_isolate);
   v8::Global<v8::Object> observer;
   v8::TracedReference<v8::Value> stack_handle1;
   v8::TracedReference<v8::Value> stack_handle2;
diff --git a/deps/v8/test/unittests/heap/cppgc/gc-invoker-unittest.cc b/deps/v8/test/unittests/heap/cppgc/gc-invoker-unittest.cc
index 87844f22021c47..76f1a596e62a15 100644
--- a/deps/v8/test/unittests/heap/cppgc/gc-invoker-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc/gc-invoker-unittest.cc
@@ -4,6 +4,8 @@
 
 #include "src/heap/cppgc/gc-invoker.h"
 
+#include <optional>
+
 #include "include/cppgc/platform.h"
 #include "src/heap/cppgc/heap.h"
 #include "test/unittests/heap/cppgc/test-platform.h"
@@ -11,8 +13,7 @@
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-namespace cppgc {
-namespace internal {
+namespace cppgc::internal {
 
 namespace {
 
@@ -26,7 +27,7 @@ class MockGarbageCollector : public GarbageCollector {
   MOCK_METHOD(void, set_override_stack_state, (EmbedderStackState), (override));
   MOCK_METHOD(void, clear_overridden_stack_state, (), (override));
 #ifdef V8_ENABLE_ALLOCATION_TIMEOUT
-  MOCK_METHOD(v8::base::Optional<int>, UpdateAllocationTimeout, (), (override));
+  MOCK_METHOD(std::optional<int>, UpdateAllocationTimeout, (), (override));
 #endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
@@ -147,5 +148,4 @@ TEST(GCInvokerTest, IncrementalGCIsStarted) {
       GCConfig::ConservativeIncrementalConfig());
 }
 
-}  // namespace internal
-}  // namespace cppgc
+}  // namespace cppgc::internal
diff --git a/deps/v8/test/unittests/heap/cppgc/heap-growing-unittest.cc b/deps/v8/test/unittests/heap/cppgc/heap-growing-unittest.cc
index 0f89a9e189fc3d..1f23cdf00d5236 100644
--- a/deps/v8/test/unittests/heap/cppgc/heap-growing-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc/heap-growing-unittest.cc
@@ -4,14 +4,15 @@
 
 #include "src/heap/cppgc/heap-growing.h"
 
+#include <optional>
+
 #include "include/cppgc/platform.h"
 #include "src/heap/cppgc/heap.h"
 #include "src/heap/cppgc/stats-collector.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
-namespace cppgc {
-namespace internal {
+namespace cppgc::internal {
 
 namespace {
 
@@ -42,9 +43,7 @@ class FakeGarbageCollector : public GarbageCollector {
   void set_override_stack_state(EmbedderStackState state) override {}
   void clear_overridden_stack_state() override {}
 #ifdef V8_ENABLE_ALLOCATION_TIMEOUT
-  v8::base::Optional<int> UpdateAllocationTimeout() override {
-    return v8::base::nullopt;
-  }
+  std::optional<int> UpdateAllocationTimeout() override { return std::nullopt; }
 #endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 
  private:
@@ -63,7 +62,7 @@ class MockGarbageCollector : public GarbageCollector {
   MOCK_METHOD(void, set_override_stack_state, (EmbedderStackState), (override));
   MOCK_METHOD(void, clear_overridden_stack_state, (), (override));
 #ifdef V8_ENABLE_ALLOCATION_TIMEOUT
-  MOCK_METHOD(v8::base::Optional<int>, UpdateAllocationTimeout, (), (override));
+  MOCK_METHOD(std::optional<int>, UpdateAllocationTimeout, (), (override));
 #endif  // V8_ENABLE_ALLOCATION_TIMEOUT
 };
 
@@ -184,5 +183,4 @@ TEST(HeapGrowingTest, IncrementalGCFinalized) {
   FakeAllocate(&stats_collector, StatsCollector::kAllocationThresholdBytes);
 }
 
-}  // namespace internal
-}  // namespace cppgc
+}  // namespace cppgc::internal
diff --git a/deps/v8/test/unittests/heap/cppgc/metric-recorder-unittest.cc b/deps/v8/test/unittests/heap/cppgc/metric-recorder-unittest.cc
index cf02f8a9facf7c..da53883f7e5f05 100644
--- a/deps/v8/test/unittests/heap/cppgc/metric-recorder-unittest.cc
+++ b/deps/v8/test/unittests/heap/cppgc/metric-recorder-unittest.cc
@@ -266,7 +266,7 @@ TEST_F(MetricRecorderTest, CycleEndHistogramReportsCorrectValues) {
             kDurationComparisonTolerance);
   // Check collection rate and efficiency.
   EXPECT_DOUBLE_EQ(
-      0.3, MetricRecorderImpl::GCCycle_event.collection_rate_in_percent);
+      0.7, MetricRecorderImpl::GCCycle_event.collection_rate_in_percent);
   static constexpr double kEfficiencyComparisonTolerance = 0.0005;
   EXPECT_LT(
       std::abs(MetricRecorderImpl::GCCycle_event.efficiency_in_bytes_per_us -
diff --git a/deps/v8/test/unittests/heap/direct-handles-unittest.cc b/deps/v8/test/unittests/heap/direct-handles-unittest.cc
index cb977dfa91b276..5277d803211bda 100644
--- a/deps/v8/test/unittests/heap/direct-handles-unittest.cc
+++ b/deps/v8/test/unittests/heap/direct-handles-unittest.cc
@@ -29,7 +29,7 @@ TEST_F(DirectHandlesTest, CreateLocalFromDirectHandle) {
       i_isolate()->factory()->NewStringFromAsciiChecked("foo");
   i::DirectHandle<i::String> direct = handle;
 
-  Local<String> l1 = Utils::ToLocal(direct, i_isolate());
+  Local<String> l1 = Utils::ToLocal(direct);
   Local<String> l2 = Utils::ToLocal(handle);
 
   EXPECT_EQ(l1, l2);
diff --git a/deps/v8/test/unittests/heap/gc-tracer-unittest.cc b/deps/v8/test/unittests/heap/gc-tracer-unittest.cc
index 59bb508370815c..c40897ba56334e 100644
--- a/deps/v8/test/unittests/heap/gc-tracer-unittest.cc
+++ b/deps/v8/test/unittests/heap/gc-tracer-unittest.cc
@@ -6,6 +6,7 @@
 
 #include <cmath>
 #include <limits>
+#include <optional>
 
 #include "src/base/platform/platform.h"
 #include "src/common/globals.h"
@@ -36,7 +37,7 @@ enum class StartTracingMode {
 
 void StartTracing(GCTracer* tracer, GarbageCollector collector,
                   StartTracingMode mode,
-                  base::Optional<base::TimeTicks> time = {}) {
+                  std::optional<base::TimeTicks> time = {}) {
   DCHECK_IMPLIES(mode != StartTracingMode::kAtomic,
                  !Heap::IsYoungGenerationCollector(collector));
   // Start the cycle for incremental marking.
@@ -65,7 +66,7 @@ void StartTracing(GCTracer* tracer, GarbageCollector collector,
 }
 
 void StopTracing(GCTracer* tracer, GarbageCollector collector,
-                 base::Optional<base::TimeTicks> time = {}) {
+                 std::optional<base::TimeTicks> time = {}) {
   tracer->StopAtomicPause();
   tracer->StopObservablePause(collector, time.value_or(base::TimeTicks::Now()));
   switch (collector) {
diff --git a/deps/v8/test/unittests/heap/global-handles-unittest.cc b/deps/v8/test/unittests/heap/global-handles-unittest.cc
index 6f1b714932d263..ece58c86aa61c3 100644
--- a/deps/v8/test/unittests/heap/global-handles-unittest.cc
+++ b/deps/v8/test/unittests/heap/global-handles-unittest.cc
@@ -140,6 +140,7 @@ template <typename ConstructFunction, typename ModifierFunction,
 void WeakHandleTest(v8::Isolate* isolate, ConstructFunction construct_function,
                     ModifierFunction modifier_function, GCFunction gc_function,
                     SurvivalMode survives) {
+  ManualGCScope manual_gc_scope(reinterpret_cast<internal::Isolate*>(isolate));
   v8::HandleScope scope(isolate);
   v8::Local<v8::Context> context = v8::Context::New(isolate);
   v8::Context::Scope context_scope(context);
@@ -498,6 +499,7 @@ void ForceMajorGC1(const v8::WeakCallbackInfo<FlagAndHandles>& data) {
 
 TEST_F(GlobalHandlesTest, GCFromWeakCallbacks) {
   v8::Isolate* isolate = v8_isolate();
+  ManualGCScope manual_gc_scope(i_isolate());
   DisableConservativeStackScanningScopeForTesting no_stack_scanning(
       i_isolate()->heap());
   v8::HandleScope scope(isolate);
diff --git a/deps/v8/test/unittests/heap/heap-unittest.cc b/deps/v8/test/unittests/heap/heap-unittest.cc
index baa69724579d49..c827ec370d328c 100644
--- a/deps/v8/test/unittests/heap/heap-unittest.cc
+++ b/deps/v8/test/unittests/heap/heap-unittest.cc
@@ -372,6 +372,7 @@ TEST_F(HeapTest, OptimizedAllocationAlwaysInNewSpace) {
       v8_flags.stress_incremental_marking)
     return;
   v8::Isolate* iso = reinterpret_cast<v8::Isolate*>(isolate());
+  ManualGCScope manual_gc_scope(isolate());
   v8::HandleScope scope(iso);
   v8::Local<v8::Context> ctx = iso->GetCurrentContext();
   SimulateFullSpace(heap()->new_space());
@@ -420,6 +421,7 @@ static size_t GetRememberedSetSize(Tagged<HeapObject> obj) {
 TEST_F(HeapTest, RememberedSet_InsertOnPromotingObjectToOld) {
   if (v8_flags.single_generation || v8_flags.stress_incremental_marking) return;
   v8_flags.stress_concurrent_allocation = false;  // For SealCurrentObjects.
+  ManualGCScope manual_gc_scope(isolate());
   Factory* factory = isolate()->factory();
   Heap* heap = isolate()->heap();
   SealCurrentObjects();
@@ -542,11 +544,15 @@ TEST_F(HeapTest, Regress341769455) {
   if (!v8_flags.incremental_marking) return;
   if (!v8_flags.minor_ms) return;
   Isolate* iso = isolate();
+  bool original_concurrent_minor_ms_marking_value =
+      v8_flags.concurrent_minor_ms_marking;
+  ManualGCScope manual_gc_scope(iso);
+  v8_flags.concurrent_minor_ms_marking =
+      original_concurrent_minor_ms_marking_value;
   Heap* heap = iso->heap();
   HandleScope outer(iso);
-  Handle<JSArrayBuffer> ab;
+  DirectHandle<JSArrayBuffer> ab;
   {
-    ManualGCScope manual_gc_scope(isolate());
     // Make sure new space is empty
     InvokeAtomicMajorGC();
     ab = iso->factory()
diff --git a/deps/v8/test/unittests/heap/index-generator-unittest.cc b/deps/v8/test/unittests/heap/index-generator-unittest.cc
index 9fa6b502f7cf73..1ca412665f173d 100644
--- a/deps/v8/test/unittests/heap/index-generator-unittest.cc
+++ b/deps/v8/test/unittests/heap/index-generator-unittest.cc
@@ -4,6 +4,8 @@
 
 #include "src/heap/index-generator.h"
 
+#include <optional>
+
 #include "test/unittests/test-utils.h"
 
 namespace v8 {
@@ -12,7 +14,7 @@ namespace internal {
 TEST(IndexGeneratorTest, Empty) {
   IndexGenerator gen(0);
 
-  EXPECT_EQ(base::nullopt, gen.GetNext());
+  EXPECT_EQ(std::nullopt, gen.GetNext());
 }
 
 TEST(IndexGeneratorTest, GetNext) {
@@ -29,7 +31,7 @@ TEST(IndexGeneratorTest, GetNext) {
   EXPECT_EQ(4U, gen.GetNext());
   EXPECT_EQ(7U, gen.GetNext());
   EXPECT_EQ(10U, gen.GetNext());
-  EXPECT_EQ(base::nullopt, gen.GetNext());
+  EXPECT_EQ(std::nullopt, gen.GetNext());
 }
 
 }  // namespace internal
diff --git a/deps/v8/test/unittests/heap/local-factory-unittest.cc b/deps/v8/test/unittests/heap/local-factory-unittest.cc
index ae953fd77bc488..92ff9084516da6 100644
--- a/deps/v8/test/unittests/heap/local-factory-unittest.cc
+++ b/deps/v8/test/unittests/heap/local-factory-unittest.cc
@@ -85,12 +85,13 @@ class LocalFactoryTest : public TestWithIsolateAndZone {
     parser.ParseOnBackground(local_isolate(), parse_info(), script_, 0, 0,
                              kFunctionLiteralIdTopLevel);
 
-    DeclarationScope::AllocateScopeInfos(parse_info(), local_isolate());
+    DeclarationScope::AllocateScopeInfos(parse_info(), script_,
+                                         local_isolate());
 
     // Create the SFI list on the script so that SFI SetScript works.
     DirectHandle<WeakFixedArray> infos = local_factory()->NewWeakFixedArray(
-        parse_info()->max_function_literal_id() + 1, AllocationType::kOld);
-    script_->set_shared_function_infos(*infos);
+        parse_info()->max_info_id() + 1, AllocationType::kOld);
+    script_->set_infos(*infos);
 
     return parse_info()->literal();
   }
@@ -115,7 +116,7 @@ class LocalFactoryTest : public TestWithIsolateAndZone {
 TEST_F(LocalFactoryTest, OneByteInternalizedString_IsAddedToStringTable) {
   base::Vector<const uint8_t> string_vector = base::StaticOneByteVector("foo");
 
-  Handle<String> string;
+  DirectHandle<String> string;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -143,8 +144,8 @@ TEST_F(LocalFactoryTest, OneByteInternalizedString_IsAddedToStringTable) {
 TEST_F(LocalFactoryTest, OneByteInternalizedString_DuplicateIsDeduplicated) {
   base::Vector<const uint8_t> string_vector = base::StaticOneByteVector("foo");
 
-  Handle<String> string_1;
-  Handle<String> string_2;
+  DirectHandle<String> string_1;
+  DirectHandle<String> string_2;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -168,7 +169,7 @@ TEST_F(LocalFactoryTest, AstRawString_IsInternalized) {
 
   const AstRawString* raw_string = ast_value_factory.GetOneByteString("foo");
 
-  Handle<String> string;
+  DirectHandle<String> string;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -185,7 +186,7 @@ TEST_F(LocalFactoryTest, AstConsString_CreatesConsString) {
   AstValueFactory ast_value_factory(zone(), isolate()->ast_string_constants(),
                                     HashSeed(isolate()));
 
-  Handle<String> string;
+  DirectHandle<String> string;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -209,7 +210,7 @@ TEST_F(LocalFactoryTest, AstConsString_CreatesConsString) {
 TEST_F(LocalFactoryTest, EmptyScript) {
   FunctionLiteral* program = ParseProgram("");
 
-  Handle<SharedFunctionInfo> shared;
+  DirectHandle<SharedFunctionInfo> shared;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -230,7 +231,7 @@ TEST_F(LocalFactoryTest, LazyFunction) {
                               ->AsFunctionDeclaration()
                               ->fun();
 
-  Handle<SharedFunctionInfo> shared;
+  DirectHandle<SharedFunctionInfo> shared;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -256,7 +257,7 @@ TEST_F(LocalFactoryTest, EagerFunction) {
                                ->value()
                                ->AsFunctionLiteral();
 
-  Handle<SharedFunctionInfo> shared;
+  DirectHandle<SharedFunctionInfo> shared;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -287,7 +288,7 @@ TEST_F(LocalFactoryTest, ImplicitNameFunction) {
                                        ->value()
                                        ->AsFunctionLiteral();
 
-  Handle<SharedFunctionInfo> shared;
+  DirectHandle<SharedFunctionInfo> shared;
   {
     LocalHandleScope handle_scope(local_isolate());
 
@@ -315,7 +316,7 @@ TEST_F(LocalFactoryTest, GCDuringPublish) {
                                        ->value()
                                        ->AsFunctionLiteral();
 
-  Handle<SharedFunctionInfo> shared;
+  DirectHandle<SharedFunctionInfo> shared;
   {
     LocalHandleScope handle_scope(local_isolate());
 
diff --git a/deps/v8/test/unittests/heap/local-handles-unittest.cc b/deps/v8/test/unittests/heap/local-handles-unittest.cc
index 634ae3fa54c6eb..05c10d047efe8f 100644
--- a/deps/v8/test/unittests/heap/local-handles-unittest.cc
+++ b/deps/v8/test/unittests/heap/local-handles-unittest.cc
@@ -106,7 +106,7 @@ TEST_F(LocalHandlesTest, DereferenceLocalHandle) {
   // Create a PersistentHandle to create the LocalHandle, and thus not have a
   // HandleScope present to override the LocalHandleScope.
   std::unique_ptr<PersistentHandles> phs = isolate->NewPersistentHandles();
-  Handle<HeapNumber> ph;
+  IndirectHandle<HeapNumber> ph;
   {
     HandleScope handle_scope(isolate);
     Handle<HeapNumber> number = isolate->factory()->NewHeapNumber(42.0);
@@ -128,7 +128,7 @@ TEST_F(LocalHandlesTest, DereferenceLocalHandleFailsWhenDisallowed) {
   // Create a PersistentHandle to create the LocalHandle, and thus not have a
   // HandleScope present to override the LocalHandleScope.
   std::unique_ptr<PersistentHandles> phs = isolate->NewPersistentHandles();
-  Handle<HeapNumber> ph;
+  IndirectHandle<HeapNumber> ph;
   {
     HandleScope handle_scope(isolate);
     Handle<HeapNumber> number = isolate->factory()->NewHeapNumber(42.0);
diff --git a/deps/v8/test/unittests/heap/local-heap-unittest.cc b/deps/v8/test/unittests/heap/local-heap-unittest.cc
index 31f19eab7b9ebe..eef784aea670db 100644
--- a/deps/v8/test/unittests/heap/local-heap-unittest.cc
+++ b/deps/v8/test/unittests/heap/local-heap-unittest.cc
@@ -4,6 +4,8 @@
 
 #include "src/heap/local-heap.h"
 
+#include <optional>
+
 #include "src/base/platform/condition-variable.h"
 #include "src/base/platform/mutex.h"
 #include "src/heap/heap.h"
@@ -131,12 +133,12 @@ class BackgroundThreadForGCEpilogue final : public v8::base::Thread {
 
   void Run() override {
     LocalHeap lh(heap_, ThreadKind::kBackground);
-    base::Optional<UnparkedScope> unparked_scope;
+    std::optional<UnparkedScope> unparked_scope;
     if (!parked_) {
       unparked_scope.emplace(&lh);
     }
     {
-      base::Optional<UnparkedScope> nested_unparked_scope;
+      std::optional<UnparkedScope> nested_unparked_scope;
       if (parked_) nested_unparked_scope.emplace(&lh);
       lh.AddGCEpilogueCallback(&GCEpilogue::Callback, epilogue_);
     }
@@ -145,7 +147,7 @@ class BackgroundThreadForGCEpilogue final : public v8::base::Thread {
       lh.Safepoint();
     }
     {
-      base::Optional<UnparkedScope> nested_unparked_scope;
+      std::optional<UnparkedScope> nested_unparked_scope;
       if (parked_) nested_unparked_scope.emplace(&lh);
       lh.RemoveGCEpilogueCallback(&GCEpilogue::Callback, epilogue_);
     }
diff --git a/deps/v8/test/unittests/heap/persistent-handles-unittest.cc b/deps/v8/test/unittests/heap/persistent-handles-unittest.cc
index e469772125d1bf..70d6e67926286a 100644
--- a/deps/v8/test/unittests/heap/persistent-handles-unittest.cc
+++ b/deps/v8/test/unittests/heap/persistent-handles-unittest.cc
@@ -22,7 +22,7 @@ TEST_F(PersistentHandlesTest, OrderOfBlocks) {
 
   Address* next;
   Address* limit;
-  Handle<String> first_empty, last_empty;
+  DirectHandle<String> first_empty, last_empty;
   std::unique_ptr<PersistentHandles> ph;
 
   {
@@ -199,7 +199,7 @@ TEST_F(PersistentHandlesTest, CreatePersistentHandles) {
 
 TEST_F(PersistentHandlesTest, DereferencePersistentHandle) {
   std::unique_ptr<PersistentHandles> phs = isolate()->NewPersistentHandles();
-  Handle<HeapNumber> ph;
+  IndirectHandle<HeapNumber> ph;
   {
     HandleScope handle_scope(isolate());
     Handle<HeapNumber> number = isolate()->factory()->NewHeapNumber(42.0);
@@ -216,7 +216,7 @@ TEST_F(PersistentHandlesTest, DereferencePersistentHandle) {
 TEST_F(PersistentHandlesTest, DereferencePersistentHandleFailsWhenDisallowed) {
   HandleScope handle_scope(isolate());
   std::unique_ptr<PersistentHandles> phs = isolate()->NewPersistentHandles();
-  Handle<HeapNumber> ph;
+  IndirectHandle<HeapNumber> ph;
   {
     HandleScope handle_scope(isolate());
     Handle<HeapNumber> number = isolate()->factory()->NewHeapNumber(42.0);
diff --git a/deps/v8/test/unittests/heap/shared-heap-unittest.cc b/deps/v8/test/unittests/heap/shared-heap-unittest.cc
index e1ea50cb81ca8c..79c1c6d4e31b97 100644
--- a/deps/v8/test/unittests/heap/shared-heap-unittest.cc
+++ b/deps/v8/test/unittests/heap/shared-heap-unittest.cc
@@ -2,7 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
-#include "src/base/optional.h"
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/base/platform/semaphore.h"
 #include "src/heap/heap.h"
@@ -36,7 +37,7 @@ class SharedHeapNoClientsTest : public TestJSSharedMemoryWithPlatform {
 
  private:
   Isolate* shared_space_isolate_;
-  base::Optional<IsolateWrapper> shared_space_isolate_wrapper;
+  std::optional<IsolateWrapper> shared_space_isolate_wrapper;
 };
 
 namespace {
@@ -240,8 +241,9 @@ TEST_F(SharedHeapTest, TrustedToSharedTrustedPointer) {
   Isolate* isolate = i_isolate();
   Factory* factory = isolate->factory();
 
-  Handle<TrustedFixedArray> constant_pool = factory->NewTrustedFixedArray(0);
-  Handle<TrustedByteArray> handler_table =
+  DirectHandle<TrustedFixedArray> constant_pool =
+      factory->NewTrustedFixedArray(0);
+  DirectHandle<TrustedByteArray> handler_table =
       factory->NewTrustedByteArray(3, AllocationType::kSharedTrusted);
   CHECK_EQ(MemoryChunk::FromHeapObject(*handler_table)
                ->Metadata()
@@ -282,13 +284,13 @@ class TrustedToSharedTrustedPointerOnClient final : public ParkingThread {
                                             Isolate* i_client_isolate) {
       Factory* factory = i_client_isolate->factory();
       HandleScope scope(i_client_isolate);
-      Handle<BytecodeArray> keep_alive_bc;
+      DirectHandle<BytecodeArray> keep_alive_bc;
 
       {
         HandleScope nested_scope(i_client_isolate);
-        Handle<TrustedFixedArray> constant_pool =
+        DirectHandle<TrustedFixedArray> constant_pool =
             factory->NewTrustedFixedArray(0);
-        Handle<TrustedByteArray> handler_table =
+        DirectHandle<TrustedByteArray> handler_table =
             factory->NewTrustedByteArray(3, AllocationType::kSharedTrusted);
         CHECK_EQ(MemoryChunk::FromHeapObject(*handler_table)
                      ->Metadata()
@@ -678,7 +680,7 @@ namespace {
 // Testing the shared heap using ordinary (indirect) handles.
 
 struct StateWithHandle {
-  base::Optional<HandleScope> scope;
+  std::optional<HandleScope> scope;
   Handle<FixedArray> handle;
   Global<v8::FixedArray> weak;
 };
@@ -771,7 +773,7 @@ void AllocateWithRawPointer(Isolate* isolate, StateWithRawPointer* state) {
   DirectHandle<FixedArray> h =
       isolate->factory()->NewFixedArray(size, allocation);
   state->ptr = (*h).ptr();
-  Local<v8::FixedArray> l = Utils::FixedArrayToLocal(h, isolate);
+  Local<v8::FixedArray> l = Utils::FixedArrayToLocal(h);
   state->weak.Reset(reinterpret_cast<v8::Isolate*>(isolate), l);
   state->weak.SetWeak();
 }
diff --git a/deps/v8/test/unittests/heap/strong-root-allocator-unittest.cc b/deps/v8/test/unittests/heap/strong-root-allocator-unittest.cc
index ea0bb25e2b9531..e772b8eb157144 100644
--- a/deps/v8/test/unittests/heap/strong-root-allocator-unittest.cc
+++ b/deps/v8/test/unittests/heap/strong-root-allocator-unittest.cc
@@ -213,7 +213,7 @@ TEST_F(StrongRootAllocatorTest, LocalVector) {
   EXPECT_TRUE(weak.IsEmpty());
 }
 
-#ifdef V8_ENABLE_DIRECT_LOCAL
+#ifdef V8_ENABLE_DIRECT_HANDLE
 TEST_F(StrongRootAllocatorTest, LocalVectorWithDirect) {
   ManualGCScope manual_gc_scope(i_isolate());
   Global<v8::FixedArray> weak;
@@ -245,7 +245,7 @@ TEST_F(StrongRootAllocatorTest, LocalVectorWithDirect) {
   }
   EXPECT_TRUE(weak.IsEmpty());
 }
-#endif  // V8_ENABLE_DIRECT_LOCAL
+#endif  // V8_ENABLE_DIRECT_HANDLE
 
 }  // namespace internal
 }  // namespace v8
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/AsyncModules.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/AsyncModules.golden
index ff2365a8af7e6a..d5b973225be662 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/AsyncModules.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/AsyncModules.golden
@@ -11,27 +11,26 @@ top level: yes
 snippet: "
   await 42;
 "
-frame size: 6
+frame size: 5
 parameter count: 1
-bytecode array length: 112
+bytecode array length: 100
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(2),
                 B(Mov), R(this), R(3),
   /*    0 E> */ B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionEnter), R(2), U8(2),
                 B(Star0),
-  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(2), U8(0),
-                B(ResumeGenerator), R(0), R(0), U8(2),
-                B(Star2),
+                B(Mov), R(context), R(2),
+                B(Ldar), R(0),
+  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(3), U8(0),
+                B(ResumeGenerator), R(0), R(0), U8(3),
+                B(Star3),
                 B(InvokeIntrinsic), U8(Runtime::k_GeneratorGetResumeMode), R(0), U8(1),
                 B(SwitchOnSmiNoFeedback), U8(2), U8(2), I8(0),
-                B(Ldar), R(2),
+                B(Ldar), R(3),
   /*    0 E> */ B(Throw),
-                B(Ldar), R(2),
+                B(Ldar), R(3),
                 B(Return),
-                B(Mov), R(2), R(1),
-                B(Ldar), R(1),
-                B(Mov), R(context), R(2),
   /*    0 S> */ B(LdaSmi), I8(42),
                 B(Star4),
                 B(Mov), R(0), R(3),
@@ -46,60 +45,50 @@ bytecodes: [
                 B(JumpIfTrue), U8(5),
                 B(Ldar), R(3),
                 B(ReThrow),
-                B(LdaUndefined),
-                B(Star4),
+                B(Mov), R(3), R(1),
                 B(Mov), R(0), R(3),
+                B(Mov), R(1), R(4),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(3), U8(2),
   /*   10 S> */ B(Return),
-                B(Star3),
-                B(CreateCatchContext), R(3), U8(4),
-                B(Star2),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(2),
-                B(PushContext), R(3),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star5),
-                B(Mov), R(0), R(4),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
+                B(Star4),
+                B(Mov), R(0), R(3),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(3), U8(2),
                 B(Return),
 ]
 constant pool: [
-  Smi [20],
-  Smi [62],
+  Smi [25],
+  Smi [59],
   Smi [10],
   Smi [7],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
-  [47, 90, 90],
+  [18, 91, 91],
 ]
 
 ---
 snippet: "
   await import(\"foo\");
 "
-frame size: 6
+frame size: 5
 parameter count: 1
-bytecode array length: 121
+bytecode array length: 109
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(2),
                 B(Mov), R(this), R(3),
   /*    0 E> */ B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionEnter), R(2), U8(2),
                 B(Star0),
-  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(2), U8(0),
-                B(ResumeGenerator), R(0), R(0), U8(2),
-                B(Star2),
+                B(Mov), R(context), R(2),
+                B(Ldar), R(0),
+  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(3), U8(0),
+                B(ResumeGenerator), R(0), R(0), U8(3),
+                B(Star3),
                 B(InvokeIntrinsic), U8(Runtime::k_GeneratorGetResumeMode), R(0), U8(1),
                 B(SwitchOnSmiNoFeedback), U8(2), U8(2), I8(0),
-                B(Ldar), R(2),
+                B(Ldar), R(3),
   /*    0 E> */ B(Throw),
-                B(Ldar), R(2),
+                B(Ldar), R(3),
                 B(Return),
-                B(Mov), R(2), R(1),
-                B(Ldar), R(1),
-                B(Mov), R(context), R(2),
   /*    0 S> */ B(LdaConstant), U8(4),
                 B(Star4),
                 B(Mov), R(closure), R(3),
@@ -117,34 +106,25 @@ bytecodes: [
                 B(JumpIfTrue), U8(5),
                 B(Ldar), R(3),
                 B(ReThrow),
-                B(LdaUndefined),
-                B(Star4),
+                B(Mov), R(3), R(1),
                 B(Mov), R(0), R(3),
+                B(Mov), R(1), R(4),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(3), U8(2),
   /*   21 S> */ B(Return),
-                B(Star3),
-                B(CreateCatchContext), R(3), U8(5),
-                B(Star2),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(2),
-                B(PushContext), R(3),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star5),
-                B(Mov), R(0), R(4),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
+                B(Star4),
+                B(Mov), R(0), R(3),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(3), U8(2),
                 B(Return),
 ]
 constant pool: [
-  Smi [20],
-  Smi [71],
+  Smi [25],
+  Smi [68],
   Smi [10],
   Smi [7],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["foo"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
-  [47, 99, 99],
+  [18, 100, 100],
 ]
 
 ---
@@ -155,9 +135,9 @@ snippet: "
   }
   foo();
 "
-frame size: 7
+frame size: 6
 parameter count: 1
-bytecode array length: 122
+bytecode array length: 106
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(3),
@@ -166,19 +146,17 @@ bytecodes: [
                 B(Star0),
                 B(CreateClosure), U8(2), U8(0), U8(0),
                 B(Star1),
+                B(Mov), R(context), R(3),
                 B(Ldar), R(0),
-  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(3), U8(0),
-                B(ResumeGenerator), R(0), R(0), U8(3),
-                B(Star3),
+  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(4), U8(0),
+                B(ResumeGenerator), R(0), R(0), U8(4),
+                B(Star4),
                 B(InvokeIntrinsic), U8(Runtime::k_GeneratorGetResumeMode), R(0), U8(1),
                 B(SwitchOnSmiNoFeedback), U8(3), U8(2), I8(0),
-                B(Ldar), R(3),
+                B(Ldar), R(4),
   /*    0 E> */ B(Throw),
-                B(Ldar), R(3),
+                B(Ldar), R(4),
                 B(Return),
-                B(Mov), R(3), R(2),
-                B(Ldar), R(2),
-                B(Mov), R(context), R(3),
   /*    0 S> */ B(LdaSmi), I8(42),
                 B(Star5),
                 B(Mov), R(0), R(4),
@@ -194,34 +172,25 @@ bytecodes: [
                 B(Ldar), R(4),
                 B(ReThrow),
   /*   47 S> */ B(CallUndefinedReceiver0), R(1), U8(0),
-                B(LdaUndefined),
-                B(Star5),
+                B(Star2),
                 B(Mov), R(0), R(4),
+                B(Mov), R(2), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(4), U8(2),
   /*   54 S> */ B(Return),
-                B(Star4),
-                B(CreateCatchContext), R(4), U8(5),
-                B(Star3),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(3),
-                B(PushContext), R(4),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star6),
-                B(Mov), R(0), R(5),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
+                B(Star5),
+                B(Mov), R(0), R(4),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
                 B(Return),
 ]
 constant pool: [
-  Smi [27],
-  Smi [69],
+  Smi [30],
+  Smi [64],
   SHARED_FUNCTION_INFO_TYPE,
   Smi [10],
   Smi [7],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
-  [54, 100, 100],
+  [23, 97, 97],
 ]
 
 ---
@@ -229,9 +198,9 @@ snippet: "
   import * as foo from \"bar\";
   await import(\"goo\");
 "
-frame size: 7
+frame size: 6
 parameter count: 1
-bytecode array length: 131
+bytecode array length: 117
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(3),
@@ -242,19 +211,17 @@ bytecodes: [
                 B(Star3),
                 B(CallRuntime), U16(Runtime::kGetModuleNamespace), R(3), U8(1),
                 B(Star1),
+                B(Mov), R(context), R(3),
                 B(Ldar), R(0),
-  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(3), U8(0),
-                B(ResumeGenerator), R(0), R(0), U8(3),
-                B(Star3),
+  /*    0 E> */ B(SuspendGenerator), R(0), R(0), U8(4), U8(0),
+                B(ResumeGenerator), R(0), R(0), U8(4),
+                B(Star4),
                 B(InvokeIntrinsic), U8(Runtime::k_GeneratorGetResumeMode), R(0), U8(1),
                 B(SwitchOnSmiNoFeedback), U8(2), U8(2), I8(0),
-                B(Ldar), R(3),
+                B(Ldar), R(4),
   /*    0 E> */ B(Throw),
-                B(Ldar), R(3),
+                B(Ldar), R(4),
                 B(Return),
-                B(Mov), R(3), R(2),
-                B(Ldar), R(2),
-                B(Mov), R(context), R(3),
   /*   28 S> */ B(LdaConstant), U8(4),
                 B(Star5),
                 B(Mov), R(closure), R(4),
@@ -272,33 +239,24 @@ bytecodes: [
                 B(JumpIfTrue), U8(5),
                 B(Ldar), R(4),
                 B(ReThrow),
-                B(LdaUndefined),
-                B(Star5),
+                B(Mov), R(4), R(2),
                 B(Mov), R(0), R(4),
+                B(Mov), R(2), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(4), U8(2),
   /*   49 S> */ B(Return),
-                B(Star4),
-                B(CreateCatchContext), R(4), U8(5),
-                B(Star3),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(3),
-                B(PushContext), R(4),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star6),
-                B(Mov), R(0), R(5),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
+                B(Star5),
+                B(Mov), R(0), R(4),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
                 B(Return),
 ]
 constant pool: [
-  Smi [30],
-  Smi [81],
+  Smi [33],
+  Smi [76],
   Smi [10],
   Smi [7],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["goo"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
-  [57, 109, 109],
+  [26, 108, 108],
 ]
 
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/CallLookupSlot.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/CallLookupSlot.golden
index 4c1dcc766b6b80..b0a2834195d892 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/CallLookupSlot.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/CallLookupSlot.golden
@@ -29,7 +29,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(30),
+                B(LdaSmi), I8(3),
                 B(Star8),
                 B(LdaSmi), I8(52),
                 B(Star9),
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/Eval.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/Eval.golden
index 7f20bbf1fae258..abd6f12cf45fbf 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/Eval.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/Eval.golden
@@ -27,7 +27,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(30),
+                B(LdaSmi), I8(2),
                 B(Star8),
                 B(LdaSmi), I8(41),
                 B(Star9),
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/ForAwaitOf.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/ForAwaitOf.golden
index f03e1ad19fc27b..0362b9e6c57be8 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/ForAwaitOf.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/ForAwaitOf.golden
@@ -15,7 +15,7 @@ snippet: "
 "
 frame size: 17
 parameter count: 1
-bytecode array length: 268
+bytecode array length: 255
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(4),
@@ -127,17 +127,9 @@ bytecodes: [
                 B(Mov), R(0), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(5), U8(2),
   /*   57 S> */ B(Return),
-                B(Star5),
-                B(CreateCatchContext), R(5), U8(9),
-                B(Star4),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(4),
-                B(PushContext), R(5),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star7),
-                B(Mov), R(0), R(6),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(6), U8(2),
+                B(Star6),
+                B(Mov), R(0), R(5),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -150,7 +142,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["done"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["value"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [18, 246, 246],
@@ -167,7 +158,7 @@ snippet: "
 "
 frame size: 17
 parameter count: 1
-bytecode array length: 284
+bytecode array length: 271
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(4),
@@ -285,17 +276,9 @@ bytecodes: [
                 B(Mov), R(0), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(5), U8(2),
   /*   68 S> */ B(Return),
-                B(Star5),
-                B(CreateCatchContext), R(5), U8(11),
-                B(Star4),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(4),
-                B(PushContext), R(5),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star7),
-                B(Mov), R(0), R(6),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(6), U8(2),
+                B(Star6),
+                B(Mov), R(0), R(5),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -310,7 +293,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
   Smi [6],
   Smi [12],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [18, 262, 262],
@@ -330,7 +312,7 @@ snippet: "
 "
 frame size: 17
 parameter count: 1
-bytecode array length: 284
+bytecode array length: 271
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(2),
                 B(Mov), R(closure), R(4),
@@ -449,17 +431,9 @@ bytecodes: [
                 B(Mov), R(0), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(5), U8(2),
   /*  114 S> */ B(Return),
-                B(Star5),
-                B(CreateCatchContext), R(5), U8(9),
-                B(Star4),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(4),
-                B(PushContext), R(5),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star7),
-                B(Mov), R(0), R(6),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(6), U8(2),
+                B(Star6),
+                B(Mov), R(0), R(5),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -472,7 +446,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["done"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["value"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [18, 262, 262],
@@ -490,7 +463,7 @@ snippet: "
 "
 frame size: 13
 parameter count: 1
-bytecode array length: 190
+bytecode array length: 177
 bytecodes: [
                 B(Mov), R(closure), R(2),
                 B(Mov), R(this), R(3),
@@ -572,17 +545,9 @@ bytecodes: [
                 B(Mov), R(0), R(3),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(3), U8(2),
   /*   96 S> */ B(Return),
-                B(Star3),
-                B(CreateCatchContext), R(3), U8(9),
-                B(Star2),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(2),
-                B(PushContext), R(3),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star5),
-                B(Mov), R(0), R(4),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
+                B(Star4),
+                B(Mov), R(0), R(3),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(3), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -595,7 +560,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
   Smi [6],
   Smi [12],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [14, 168, 168],
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/ForOfLoop.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/ForOfLoop.golden
index 0a7882b68a0b86..c3031d3fed0681 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/ForOfLoop.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/ForOfLoop.golden
@@ -152,7 +152,7 @@ bytecodes: [
                 B(Star13),
                 B(LdaZero),
                 B(Star), R(17),
-                B(LdaSmi), I8(37),
+                B(LdaSmi), I8(2),
                 B(Star), R(18),
                 B(LdaSmi), I8(41),
                 B(Star), R(19),
@@ -636,7 +636,7 @@ snippet: "
 "
 frame size: 16
 parameter count: 2
-bytecode array length: 165
+bytecode array length: 152
 bytecodes: [
                 B(Mov), R(closure), R(5),
                 B(Mov), R(this), R(6),
@@ -708,17 +708,9 @@ bytecodes: [
                 B(Mov), R(0), R(6),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(6), U8(2),
   /*   60 S> */ B(Return),
-                B(Star6),
-                B(CreateCatchContext), R(6), U8(4),
-                B(Star5),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(5),
-                B(PushContext), R(6),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star8),
-                B(Mov), R(0), R(7),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(7), U8(2),
+                B(Star7),
+                B(Mov), R(0), R(6),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(6), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -726,7 +718,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["done"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["value"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [14, 143, 143],
@@ -743,7 +734,7 @@ snippet: "
 "
 frame size: 15
 parameter count: 2
-bytecode array length: 199
+bytecode array length: 186
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(1),
                 B(Mov), R(closure), R(4),
@@ -828,17 +819,9 @@ bytecodes: [
                 B(Mov), R(0), R(5),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(5), U8(2),
   /*   54 S> */ B(Return),
-                B(Star5),
-                B(CreateCatchContext), R(5), U8(5),
-                B(Star4),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(4),
-                B(PushContext), R(5),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star7),
-                B(Mov), R(0), R(6),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(6), U8(2),
+                B(Star6),
+                B(Mov), R(0), R(5),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
                 B(Return),
 ]
 constant pool: [
@@ -847,7 +830,6 @@ constant pool: [
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["done"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["value"],
   INTERNALIZED_ONE_BYTE_STRING_TYPE ["return"],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [18, 177, 177],
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/LookupSlot.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/LookupSlot.golden
index c41f23c7266927..cd8c87619ef51e 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/LookupSlot.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/LookupSlot.golden
@@ -28,7 +28,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(10),
+                B(LdaSmi), I8(2),
                 B(Star8),
                 B(LdaSmi), I8(14),
                 B(Star9),
@@ -72,7 +72,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(10),
+                B(LdaSmi), I8(2),
                 B(Star8),
                 B(LdaSmi), I8(14),
                 B(Star9),
@@ -119,7 +119,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(10),
+                B(LdaSmi), I8(2),
                 B(Star8),
                 B(LdaSmi), I8(29),
                 B(Star9),
@@ -167,7 +167,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(38),
+                B(LdaSmi), I8(3),
                 B(Star8),
                 B(LdaSmi), I8(44),
                 B(Star9),
@@ -216,7 +216,7 @@ bytecodes: [
                 B(Star3),
                 B(LdaZero),
                 B(Star7),
-                B(LdaSmi), I8(34),
+                B(LdaSmi), I8(3),
                 B(Star8),
                 B(LdaSmi), I8(40),
                 B(Star9),
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden
index 5d6f27da70979d..a30ba2f87b3105 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateAccessorAccess.golden
@@ -83,7 +83,7 @@ bytecodes: [
   /*   48 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), U8(0),
   /*   53 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
   /*   58 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(323),
+                B(Wide), B(LdaSmi), I16(325),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
@@ -115,7 +115,7 @@ bytecodes: [
   /*   41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), U8(0),
   /*   46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
   /*   51 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(322),
+                B(Wide), B(LdaSmi), I16(324),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
@@ -149,7 +149,7 @@ bytecodes: [
                 B(Star2),
                 B(LdaImmutableCurrentContextSlot), U8(3),
   /*   58 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(323),
+                B(Wide), B(LdaSmi), I16(325),
                 B(Star3),
                 B(LdaConstant), U8(0),
                 B(Star4),
@@ -181,7 +181,7 @@ bytecodes: [
   /*   41 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), U8(0),
   /*   46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
   /*   51 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(322),
+                B(Wide), B(LdaSmi), I16(324),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden
index 4cfe65c65fd77d..9b055a34644c6b 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/PrivateMethodAccess.golden
@@ -58,7 +58,7 @@ bytecodes: [
                 B(Star2),
                 B(LdaImmutableCurrentContextSlot), U8(3),
   /*   54 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(321),
+                B(Wide), B(LdaSmi), I16(323),
                 B(Star3),
                 B(LdaConstant), U8(0),
                 B(Star4),
@@ -91,7 +91,7 @@ bytecodes: [
   /*   44 E> */ B(DefineKeyedOwnProperty), R(this), R(0), U8(0), U8(0),
   /*   49 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
   /*   54 E> */ B(GetKeyedProperty), R(this), U8(2),
-                B(Wide), B(LdaSmi), I16(321),
+                B(Wide), B(LdaSmi), I16(323),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/StandardForLoop.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/StandardForLoop.golden
index 2348930b653eaa..c6725d40b4c196 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/StandardForLoop.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/StandardForLoop.golden
@@ -98,7 +98,7 @@ bytecodes: [
                 B(Star8),
                 B(LdaZero),
                 B(Star12),
-                B(LdaSmi), I8(31),
+                B(LdaSmi), I8(2),
                 B(Star13),
                 B(LdaSmi), I8(48),
                 B(Star14),
@@ -355,9 +355,9 @@ snippet: "
   }
   f();
 "
-frame size: 7
+frame size: 6
 parameter count: 1
-bytecode array length: 67
+bytecode array length: 54
 bytecodes: [
                 B(Mov), R(closure), R(3),
                 B(Mov), R(this), R(4),
@@ -379,21 +379,12 @@ bytecodes: [
                 B(Mov), R(0), R(4),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(4), U8(2),
   /*   67 S> */ B(Return),
-                B(Star4),
-                B(CreateCatchContext), R(4), U8(0),
-                B(Star3),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(3),
-                B(PushContext), R(4),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star6),
-                B(Mov), R(0), R(5),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(5), U8(2),
+                B(Star5),
+                B(Mov), R(0), R(4),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
                 B(Return),
 ]
 constant pool: [
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [14, 45, 45],
@@ -406,9 +397,9 @@ snippet: "
   }
   f();
 "
-frame size: 6
+frame size: 5
 parameter count: 1
-bytecode array length: 101
+bytecode array length: 88
 bytecodes: [
                 B(SwitchOnGeneratorState), R(0), U8(0), U8(1),
                 B(Mov), R(closure), R(2),
@@ -443,22 +434,13 @@ bytecodes: [
                 B(Mov), R(0), R(3),
                 B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionResolve), R(3), U8(2),
   /*   61 S> */ B(Return),
-                B(Star3),
-                B(CreateCatchContext), R(3), U8(1),
-                B(Star2),
-                B(LdaTheHole),
-                B(SetPendingMessage),
-                B(Ldar), R(2),
-                B(PushContext), R(3),
-                B(LdaImmutableCurrentContextSlot), U8(2),
-                B(Star5),
-                B(Mov), R(0), R(4),
-                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(4), U8(2),
+                B(Star4),
+                B(Mov), R(0), R(3),
+                B(InvokeIntrinsic), U8(Runtime::k_AsyncFunctionReject), R(3), U8(2),
                 B(Return),
 ]
 constant pool: [
   Smi [42],
-  SCOPE_INFO_TYPE,
 ]
 handlers: [
   [18, 79, 79],
diff --git a/deps/v8/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden b/deps/v8/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden
index 38bb7d2acae3f2..26f4b5c43262cd 100644
--- a/deps/v8/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden
+++ b/deps/v8/test/unittests/interpreter/bytecode_expectations/StaticPrivateMethodAccess.golden
@@ -24,7 +24,7 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(1),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
@@ -61,13 +61,13 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
   /*   61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2),
                 B(Throw),
-                B(Wide), B(LdaSmi), I16(321),
+                B(Wide), B(LdaSmi), I16(323),
                 B(Star2),
                 B(LdaConstant), U8(1),
                 B(Star3),
@@ -99,13 +99,13 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star1),
                 B(LdaConstant), U8(0),
                 B(Star2),
   /*   61 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
                 B(Throw),
-                B(Wide), B(LdaSmi), I16(321),
+                B(Wide), B(LdaSmi), I16(323),
                 B(Star1),
                 B(LdaConstant), U8(1),
                 B(Star2),
@@ -145,7 +145,7 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
@@ -167,7 +167,7 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star3),
                 B(LdaConstant), U8(0),
                 B(Star4),
@@ -182,7 +182,7 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
@@ -216,13 +216,13 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star1),
                 B(LdaConstant), U8(0),
                 B(Star2),
   /*   65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
                 B(Throw),
-                B(Wide), B(LdaSmi), I16(323),
+                B(Wide), B(LdaSmi), I16(325),
                 B(Star1),
                 B(LdaConstant), U8(1),
                 B(Star2),
@@ -253,13 +253,13 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star1),
                 B(LdaConstant), U8(0),
                 B(Star2),
   /*   58 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(1), U8(2),
                 B(Throw),
-                B(Wide), B(LdaSmi), I16(322),
+                B(Wide), B(LdaSmi), I16(324),
                 B(Star1),
                 B(LdaConstant), U8(1),
                 B(Star2),
@@ -292,13 +292,13 @@ bytecodes: [
                 B(TestReferenceEqual), R(this),
                 B(Mov), R(this), R(0),
                 B(JumpIfTrue), U8(16),
-                B(Wide), B(LdaSmi), I16(315),
+                B(Wide), B(LdaSmi), I16(317),
                 B(Star2),
                 B(LdaConstant), U8(0),
                 B(Star3),
   /*   65 E> */ B(CallRuntime), U16(Runtime::kNewTypeError), R(2), U8(2),
                 B(Throw),
-                B(Wide), B(LdaSmi), I16(323),
+                B(Wide), B(LdaSmi), I16(325),
                 B(Star2),
                 B(LdaConstant), U8(1),
                 B(Star3),
@@ -327,7 +327,7 @@ bytecode array length: 19
 bytecodes: [
   /*   46 S> */ B(LdaImmutableCurrentContextSlot), U8(3),
   /*   51 E> */ B(GetKeyedProperty), R(this), U8(0),
-                B(Wide), B(LdaSmi), I16(322),
+                B(Wide), B(LdaSmi), I16(324),
                 B(Star1),
                 B(LdaConstant), U8(0),
                 B(Star2),
diff --git a/deps/v8/test/unittests/interpreter/constant-array-builder-unittest.cc b/deps/v8/test/unittests/interpreter/constant-array-builder-unittest.cc
index c5f8bf2a74987e..824ce78fdd1ba7 100644
--- a/deps/v8/test/unittests/interpreter/constant-array-builder-unittest.cc
+++ b/deps/v8/test/unittests/interpreter/constant-array-builder-unittest.cc
@@ -350,7 +350,7 @@ TEST_F(ConstantArrayBuilderTest, ReservationsAtAllScales) {
   CHECK_EQ(constant_array->length(), 65537);
   int count = 1;
   for (int i = 0; i < constant_array->length(); ++i) {
-    Handle<Object> expected;
+    DirectHandle<Object> expected;
     if (i == 0 || i == 256 || i == 65536) {
       expected = isolate()->factory()->NewNumber(count++);
     } else {
diff --git a/deps/v8/test/unittests/interpreter/interpreter-unittest.cc b/deps/v8/test/unittests/interpreter/interpreter-unittest.cc
index 299da0f6540bcf..c82194fe13fd44 100644
--- a/deps/v8/test/unittests/interpreter/interpreter-unittest.cc
+++ b/deps/v8/test/unittests/interpreter/interpreter-unittest.cc
@@ -1093,7 +1093,7 @@ TEST_F(InterpreterTest, InterpreterLoadNamedProperty) {
 
   Handle<Object> object = InterpreterTester::NewObject("({ val : 123 })");
   // Test IC miss.
-  Handle<Object> return_val = callable(object).ToHandleChecked();
+  DirectHandle<Object> return_val = callable(object).ToHandleChecked();
   CHECK_EQ(Cast<Smi>(*return_val), Smi::FromInt(123));
 
   // Test transition to monomorphic IC.
@@ -1144,7 +1144,7 @@ TEST_F(InterpreterTest, InterpreterLoadKeyedProperty) {
 
   Handle<Object> object = InterpreterTester::NewObject("({ key : 123 })");
   // Test IC miss.
-  Handle<Object> return_val = callable(object).ToHandleChecked();
+  DirectHandle<Object> return_val = callable(object).ToHandleChecked();
   CHECK_EQ(Cast<Smi>(*return_val), Smi::FromInt(123));
 
   // Test transition to monomorphic IC.
@@ -1932,8 +1932,8 @@ TEST_F(InterpreterTest, InterpreterMixedComparisons) {
                {kInternalizedStringConstant, kComputedString}) {
             const char* lhs_cstr = inputs[i];
             const char* rhs_cstr = inputs[j];
-            double lhs = StringToDouble(lhs_cstr, NO_CONVERSION_FLAGS);
-            double rhs = StringToDouble(rhs_cstr, NO_CONVERSION_FLAGS);
+            double lhs = StringToDouble(lhs_cstr, NO_CONVERSION_FLAG);
+            double rhs = StringToDouble(rhs_cstr, NO_CONVERSION_FLAG);
 
             AstValueFactory ast_factory(zone(),
                                         i_isolate()->ast_string_constants(),
@@ -2031,8 +2031,8 @@ TEST_F(InterpreterTest, InterpreterStrictNotEqual) {
   const char* inputs[] = {"-1.77", "-40.333", "0.01", "55.77e5", "2.01"};
   for (size_t i = 0; i < arraysize(inputs); i++) {
     for (size_t j = 0; j < arraysize(inputs); j++) {
-      double lhs = StringToDouble(inputs[i], NO_CONVERSION_FLAGS);
-      double rhs = StringToDouble(inputs[j], NO_CONVERSION_FLAGS);
+      double lhs = StringToDouble(inputs[i], NO_CONVERSION_FLAG);
+      double rhs = StringToDouble(inputs[j], NO_CONVERSION_FLAG);
       Handle<Object> lhs_obj = factory->NewNumber(lhs);
       Handle<Object> rhs_obj = factory->NewStringFromAsciiChecked(inputs[j]);
 
diff --git a/deps/v8/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc b/deps/v8/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc
index ea97d15705b977..a38c1eb53dd6d3 100644
--- a/deps/v8/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc
+++ b/deps/v8/test/unittests/js-atomics/js-atomics-synchronization-primitive-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/base/platform/time.h"
 #include "src/heap/parked-scope-inl.h"
@@ -22,7 +24,7 @@ namespace {
 class LockingThread : public ParkingThread {
  public:
   LockingThread(Handle<JSAtomicsMutex> mutex,
-                base::Optional<base::TimeDelta> timeout,
+                std::optional<base::TimeDelta> timeout,
                 ParkingSemaphore* sema_ready,
                 ParkingSemaphore* sema_execute_start,
                 ParkingSemaphore* sema_execute_complete)
@@ -63,7 +65,7 @@ class LockingThread : public ParkingThread {
   }
 
   Handle<JSAtomicsMutex> mutex_;
-  base::Optional<base::TimeDelta> timeout_;
+  std::optional<base::TimeDelta> timeout_;
   ParkingSemaphore* sema_ready_;
   ParkingSemaphore* sema_execute_start_;
   ParkingSemaphore* sema_execute_complete_;
@@ -72,7 +74,7 @@ class LockingThread : public ParkingThread {
 class BlockingLockingThread final : public LockingThread {
  public:
   BlockingLockingThread(Handle<JSAtomicsMutex> mutex,
-                        base::Optional<base::TimeDelta> timeout,
+                        std::optional<base::TimeDelta> timeout,
                         ParkingSemaphore* sema_ready,
                         ParkingSemaphore* sema_execute_start,
                         ParkingSemaphore* sema_execute_complete)
@@ -122,7 +124,7 @@ TEST_F(JSAtomicsMutexTest, Contention) {
   std::vector<std::unique_ptr<LockingThread>> threads;
   for (int i = 0; i < kThreads; i++) {
     auto thread = std::make_unique<LockingThread>(
-        contended_mutex, base::nullopt, &sema_ready, &sema_execute_start,
+        contended_mutex, std::nullopt, &sema_ready, &sema_execute_start,
         &sema_execute_complete);
     CHECK(thread->Start());
     threads.push_back(std::move(thread));
@@ -152,7 +154,7 @@ TEST_F(JSAtomicsMutexTest, Timeout) {
   ParkingSemaphore sema_execute_start(0);
   ParkingSemaphore sema_execute_complete(0);
   std::unique_ptr<BlockingLockingThread> blocking_thread =
-      std::make_unique<BlockingLockingThread>(contended_mutex, base::nullopt,
+      std::make_unique<BlockingLockingThread>(contended_mutex, std::nullopt,
                                               &sema_ready, &sema_execute_start,
                                               &sema_execute_complete);
 
@@ -213,7 +215,7 @@ class WaitOnConditionThread final : public ParkingThread {
     while (keep_waiting) {
       (*waiting_threads_count_)++;
       EXPECT_TRUE(JSAtomicsCondition::WaitFor(isolate, condition_, mutex_,
-                                              base::nullopt));
+                                              std::nullopt));
       (*waiting_threads_count_)--;
     }
     mutex_->Unlock(isolate);
diff --git a/deps/v8/test/unittests/maglev/node-type-unittest.cc b/deps/v8/test/unittests/maglev/node-type-unittest.cc
index bde7105ffba5e5..feada3805b19d4 100644
--- a/deps/v8/test/unittests/maglev/node-type-unittest.cc
+++ b/deps/v8/test/unittests/maglev/node-type-unittest.cc
@@ -54,7 +54,7 @@ TEST_F(MaglevTest, NodeTypeApproximationIsConsistent) {
 
     for (NodeType a : kAllNodeTypes) {
       bool isInstance = IsInstanceOfNodeType(map_ref, a, broker());
-      bool isSubtype = NodeTypeIs(StaticTypeForMap(map_ref), a);
+      bool isSubtype = NodeTypeIs(StaticTypeForMap(map_ref, broker()), a);
       CHECK_IMPLIES(isSubtype, isInstance);
       CHECK_IMPLIES(!isInstance, !isSubtype);
     }
diff --git a/deps/v8/test/unittests/numbers/bigint-unittest.cc b/deps/v8/test/unittests/numbers/bigint-unittest.cc
index a8780bc3c7d2f6..310116c4913108 100644
--- a/deps/v8/test/unittests/numbers/bigint-unittest.cc
+++ b/deps/v8/test/unittests/numbers/bigint-unittest.cc
@@ -69,14 +69,14 @@ TEST_F(BigIntWithIsolate, CompareToDouble) {
 
   // Same bit length, difference in first digit.
   double big_double = 4428155326412785451008.0;
-  Handle<BigInt> big =
+  DirectHandle<BigInt> big =
       BigIntLiteral(isolate(), "0xF10D00000000000000").ToHandleChecked();
   Compare(big, big_double, ComparisonResult::kGreaterThan);
   big = BigIntLiteral(isolate(), "0xE00D00000000000000").ToHandleChecked();
   Compare(big, big_double, ComparisonResult::kLessThan);
 
   double other_double = -13758438578910658560.0;
-  Handle<BigInt> other =
+  DirectHandle<BigInt> other =
       BigIntLiteral(isolate(), "-0xBEEFC1FE00000000").ToHandleChecked();
   Compare(other, other_double, ComparisonResult::kGreaterThan);
   other = BigIntLiteral(isolate(), "-0xBEEFCBFE00000000").ToHandleChecked();
diff --git a/deps/v8/test/unittests/numbers/conversions-unittest.cc b/deps/v8/test/unittests/numbers/conversions-unittest.cc
index f46a036977e072..4763d0108d8465 100644
--- a/deps/v8/test/unittests/numbers/conversions-unittest.cc
+++ b/deps/v8/test/unittests/numbers/conversions-unittest.cc
@@ -7,6 +7,7 @@
 #include <stdlib.h>
 
 #include "src/base/platform/platform.h"
+#include "src/base/vector.h"
 #include "src/execution/isolate.h"
 #include "src/heap/factory-inl.h"
 #include "src/init/v8.h"
@@ -37,157 +38,147 @@ class ConversionsTest : public TestWithIsolate {
 };
 
 TEST_F(ConversionsTest, Hex) {
-  CHECK_EQ(0.0, StringToDouble("0x0", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0X0", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(1.0, StringToDouble("0x1", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(16.0, StringToDouble("0x10", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(255.0, StringToDouble("0xFF", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(175.0, StringToDouble("0xAF", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(0.0, StringToDouble("0x0", ALLOW_HEX));
-  CHECK_EQ(0.0, StringToDouble("0X0", ALLOW_HEX));
-  CHECK_EQ(1.0, StringToDouble("0x1", ALLOW_HEX));
-  CHECK_EQ(16.0, StringToDouble("0x10", ALLOW_HEX));
-  CHECK_EQ(255.0, StringToDouble("0xFF", ALLOW_HEX));
-  CHECK_EQ(175.0, StringToDouble("0xAF", ALLOW_HEX));
+  CHECK_EQ(0.0, StringToDouble("0x0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0X0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(1.0, StringToDouble("0x1", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(16.0, StringToDouble("0x10", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(255.0, StringToDouble("0xFF", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(175.0, StringToDouble("0xAF", ALLOW_NON_DECIMAL_PREFIX));
+
+  CHECK_EQ(0.0, HexStringToDouble(base::OneByteVector("0x0")));
+  CHECK_EQ(0.0, HexStringToDouble(base::OneByteVector("0X0")));
+  CHECK_EQ(1.0, HexStringToDouble(base::OneByteVector("0x1")));
+  CHECK_EQ(16.0, HexStringToDouble(base::OneByteVector("0x10")));
+  CHECK_EQ(255.0, HexStringToDouble(base::OneByteVector("0xFF")));
+  CHECK_EQ(175.0, HexStringToDouble(base::OneByteVector("0xAF")));
 }
 
 TEST_F(ConversionsTest, Octal) {
-  CHECK_EQ(0.0, StringToDouble("0o0", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0O0", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(1.0, StringToDouble("0o1", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(7.0, StringToDouble("0o7", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(8.0, StringToDouble("0o10", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(63.0, StringToDouble("0o77", ALLOW_OCTAL | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(0.0, StringToDouble("0o0", ALLOW_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0O0", ALLOW_OCTAL));
-  CHECK_EQ(1.0, StringToDouble("0o1", ALLOW_OCTAL));
-  CHECK_EQ(7.0, StringToDouble("0o7", ALLOW_OCTAL));
-  CHECK_EQ(8.0, StringToDouble("0o10", ALLOW_OCTAL));
-  CHECK_EQ(63.0, StringToDouble("0o77", ALLOW_OCTAL));
+  CHECK_EQ(0.0, StringToDouble("0o0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0O0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(1.0, StringToDouble("0o1", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(7.0, StringToDouble("0o7", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(8.0, StringToDouble("0o10", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(63.0, StringToDouble("0o77", ALLOW_NON_DECIMAL_PREFIX));
+
+  CHECK_EQ(0.0, OctalStringToDouble(base::OneByteVector("0o0")));
+  CHECK_EQ(0.0, OctalStringToDouble(base::OneByteVector("0O0")));
+  CHECK_EQ(1.0, OctalStringToDouble(base::OneByteVector("0o1")));
+  CHECK_EQ(7.0, OctalStringToDouble(base::OneByteVector("0o7")));
+  CHECK_EQ(8.0, OctalStringToDouble(base::OneByteVector("0o10")));
+  CHECK_EQ(63.0, OctalStringToDouble(base::OneByteVector("0o77")));
+
+  const double x = 010000000000;  // Power of 2, no rounding errors.
+  CHECK_EQ(x * x * x * x * x,
+           OctalStringToDouble(base::OneByteVector("0o01"
+                                                   "0000000000"
+                                                   "0000000000"
+                                                   "0000000000"
+                                                   "0000000000"
+                                                   "0000000000")));
 }
 
 TEST_F(ConversionsTest, ImplicitOctal) {
-  CHECK_EQ(0.0, StringToDouble("0", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("00", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(1.0, StringToDouble("01", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(7.0, StringToDouble("07", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(8.0, StringToDouble("010", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(63.0, StringToDouble("077", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(0.0, StringToDouble("0", ALLOW_HEX));
-  CHECK_EQ(0.0, StringToDouble("00", ALLOW_HEX));
-  CHECK_EQ(1.0, StringToDouble("01", ALLOW_HEX));
-  CHECK_EQ(7.0, StringToDouble("07", ALLOW_HEX));
-  CHECK_EQ(10.0, StringToDouble("010", ALLOW_HEX));
-  CHECK_EQ(77.0, StringToDouble("077", ALLOW_HEX));
+  CHECK_EQ(0.0, ImplicitOctalStringToDouble(base::OneByteVector("0")));
+  CHECK_EQ(0.0, ImplicitOctalStringToDouble(base::OneByteVector("00")));
+  CHECK_EQ(1.0, ImplicitOctalStringToDouble(base::OneByteVector("01")));
+  CHECK_EQ(7.0, ImplicitOctalStringToDouble(base::OneByteVector("07")));
+  CHECK_EQ(8.0, ImplicitOctalStringToDouble(base::OneByteVector("010")));
+  CHECK_EQ(63.0, ImplicitOctalStringToDouble(base::OneByteVector("077")));
+
+  CHECK_EQ(0.0, StringToDouble("0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("00", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(1.0, StringToDouble("01", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(7.0, StringToDouble("07", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(10.0, StringToDouble("010", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(77.0, StringToDouble("077", ALLOW_NON_DECIMAL_PREFIX));
 
   const double x = 010000000000;  // Power of 2, no rounding errors.
-  CHECK_EQ(x * x * x * x * x, StringToDouble("01"
-                                             "0000000000"
-                                             "0000000000"
-                                             "0000000000"
-                                             "0000000000"
-                                             "0000000000",
-                                             ALLOW_IMPLICIT_OCTAL));
+  CHECK_EQ(x * x * x * x * x,
+           ImplicitOctalStringToDouble(base::OneByteVector("01"
+                                                           "0000000000"
+                                                           "0000000000"
+                                                           "0000000000"
+                                                           "0000000000"
+                                                           "0000000000")));
 }
 
 TEST_F(ConversionsTest, Binary) {
-  CHECK_EQ(0.0, StringToDouble("0b0", ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0B0", ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(1.0, StringToDouble("0b1", ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(2.0, StringToDouble("0b10", ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(3.0, StringToDouble("0b11", ALLOW_BINARY | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(0.0, StringToDouble("0b0", ALLOW_BINARY));
-  CHECK_EQ(0.0, StringToDouble("0B0", ALLOW_BINARY));
-  CHECK_EQ(1.0, StringToDouble("0b1", ALLOW_BINARY));
-  CHECK_EQ(2.0, StringToDouble("0b10", ALLOW_BINARY));
-  CHECK_EQ(3.0, StringToDouble("0b11", ALLOW_BINARY));
+  CHECK_EQ(0.0, StringToDouble("0b0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0B0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(1.0, StringToDouble("0b1", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(2.0, StringToDouble("0b10", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(3.0, StringToDouble("0b11", ALLOW_NON_DECIMAL_PREFIX));
+
+  CHECK_EQ(0.0, BinaryStringToDouble(base::OneByteVector("0b0")));
+  CHECK_EQ(0.0, BinaryStringToDouble(base::OneByteVector("0B0")));
+  CHECK_EQ(1.0, BinaryStringToDouble(base::OneByteVector("0b1")));
+  CHECK_EQ(2.0, BinaryStringToDouble(base::OneByteVector("0b10")));
+  CHECK_EQ(3.0, BinaryStringToDouble(base::OneByteVector("0b11")));
 }
 
 TEST_F(ConversionsTest, MalformedOctal) {
-  CHECK_EQ(8.0, StringToDouble("08", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(81.0, StringToDouble("081", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(78.0, StringToDouble("078", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK(std::isnan(StringToDouble("07.7", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL)));
-  CHECK(std::isnan(StringToDouble("07.8", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL)));
-  CHECK(std::isnan(StringToDouble("07e8", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL)));
-  CHECK(std::isnan(StringToDouble("07e7", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL)));
-
-  CHECK_EQ(8.7, StringToDouble("08.7", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(8e7, StringToDouble("08e7", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(0.001, StringToDouble("0.001", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.713, StringToDouble("0.713", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-
-  CHECK_EQ(8.0, StringToDouble("08", ALLOW_HEX));
-  CHECK_EQ(81.0, StringToDouble("081", ALLOW_HEX));
-  CHECK_EQ(78.0, StringToDouble("078", ALLOW_HEX));
+  CHECK_EQ(8.0, StringToDouble("08", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(81.0, StringToDouble("081", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(78.0, StringToDouble("078", ALLOW_NON_DECIMAL_PREFIX));
 
-  CHECK_EQ(7.7, StringToDouble("07.7", ALLOW_HEX));
-  CHECK_EQ(7.8, StringToDouble("07.8", ALLOW_HEX));
-  CHECK_EQ(7e8, StringToDouble("07e8", ALLOW_HEX));
-  CHECK_EQ(7e7, StringToDouble("07e7", ALLOW_HEX));
+  CHECK_EQ(7.7, StringToDouble("07.7", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(7.8, StringToDouble("07.8", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(7e8, StringToDouble("07e8", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(7e7, StringToDouble("07e7", ALLOW_NON_DECIMAL_PREFIX));
 
-  CHECK_EQ(8.7, StringToDouble("08.7", ALLOW_HEX));
-  CHECK_EQ(8e7, StringToDouble("08e7", ALLOW_HEX));
+  CHECK_EQ(8.7, StringToDouble("08.7", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(8e7, StringToDouble("08e7", ALLOW_NON_DECIMAL_PREFIX));
 
-  CHECK_EQ(0.001, StringToDouble("0.001", ALLOW_HEX));
-  CHECK_EQ(0.713, StringToDouble("0.713", ALLOW_HEX));
+  CHECK_EQ(0.001, StringToDouble("0.001", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.713, StringToDouble("0.713", ALLOW_NON_DECIMAL_PREFIX));
 }
 
 TEST_F(ConversionsTest, TrailingJunk) {
   CHECK_EQ(8.0, StringToDouble("8q", ALLOW_TRAILING_JUNK));
-  CHECK_EQ(63.0, StringToDouble("077qqq",
-                                ALLOW_IMPLICIT_OCTAL | ALLOW_TRAILING_JUNK));
-  CHECK_EQ(10.0,
-           StringToDouble("10e", ALLOW_IMPLICIT_OCTAL | ALLOW_TRAILING_JUNK));
-  CHECK_EQ(10.0,
-           StringToDouble("10e-", ALLOW_IMPLICIT_OCTAL | ALLOW_TRAILING_JUNK));
+  CHECK_EQ(10.0, StringToDouble("10e", ALLOW_TRAILING_JUNK));
+  CHECK_EQ(10.0, StringToDouble("10e-", ALLOW_TRAILING_JUNK));
 }
 
 TEST_F(ConversionsTest, NonStrDecimalLiteral) {
-  CHECK(std::isnan(StringToDouble(" ", NO_CONVERSION_FLAGS,
+  CHECK(std::isnan(StringToDouble(" ", NO_CONVERSION_FLAG,
                                   std::numeric_limits<double>::quiet_NaN())));
-  CHECK(std::isnan(StringToDouble("", NO_CONVERSION_FLAGS,
+  CHECK(std::isnan(StringToDouble("", NO_CONVERSION_FLAG,
                                   std::numeric_limits<double>::quiet_NaN())));
-  CHECK(std::isnan(StringToDouble(" ", NO_CONVERSION_FLAGS,
+  CHECK(std::isnan(StringToDouble(" ", NO_CONVERSION_FLAG,
                                   std::numeric_limits<double>::quiet_NaN())));
-  CHECK_EQ(0.0, StringToDouble("", NO_CONVERSION_FLAGS));
-  CHECK_EQ(0.0, StringToDouble(" ", NO_CONVERSION_FLAGS));
+  CHECK_EQ(0.0, StringToDouble("", NO_CONVERSION_FLAG));
+  CHECK_EQ(0.0, StringToDouble(" ", NO_CONVERSION_FLAG));
 }
 
 TEST_F(ConversionsTest, IntegerStrLiteral) {
-  CHECK_EQ(0.0, StringToDouble("0.0", NO_CONVERSION_FLAGS));
-  CHECK_EQ(0.0, StringToDouble("0", NO_CONVERSION_FLAGS));
-  CHECK_EQ(0.0, StringToDouble("00", NO_CONVERSION_FLAGS));
-  CHECK_EQ(0.0, StringToDouble("000", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1.0, StringToDouble("1", NO_CONVERSION_FLAGS));
-  CHECK_EQ(-1.0, StringToDouble("-1", NO_CONVERSION_FLAGS));
-  CHECK_EQ(-1.0, StringToDouble("  -1  ", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1.0, StringToDouble("  +1  ", NO_CONVERSION_FLAGS));
-  CHECK(std::isnan(StringToDouble("  -  1  ", NO_CONVERSION_FLAGS)));
-  CHECK(std::isnan(StringToDouble("  +  1  ", NO_CONVERSION_FLAGS)));
-
-  CHECK_EQ(0.0, StringToDouble("0e0", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0e1", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0e-1", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0e-100000", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0e+100000", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
-  CHECK_EQ(0.0, StringToDouble("0.", ALLOW_HEX | ALLOW_IMPLICIT_OCTAL));
+  CHECK_EQ(0.0, StringToDouble("0.0", NO_CONVERSION_FLAG));
+  CHECK_EQ(0.0, StringToDouble("0", NO_CONVERSION_FLAG));
+  CHECK_EQ(0.0, StringToDouble("00", NO_CONVERSION_FLAG));
+  CHECK_EQ(0.0, StringToDouble("000", NO_CONVERSION_FLAG));
+  CHECK_EQ(1.0, StringToDouble("1", NO_CONVERSION_FLAG));
+  CHECK_EQ(-1.0, StringToDouble("-1", NO_CONVERSION_FLAG));
+  CHECK_EQ(-1.0, StringToDouble("  -1  ", NO_CONVERSION_FLAG));
+  CHECK_EQ(1.0, StringToDouble("  +1  ", NO_CONVERSION_FLAG));
+  CHECK(std::isnan(StringToDouble("  -  1  ", NO_CONVERSION_FLAG)));
+  CHECK(std::isnan(StringToDouble("  +  1  ", NO_CONVERSION_FLAG)));
+
+  CHECK_EQ(0.0, StringToDouble("0e0", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0e1", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0e-1", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0e-100000", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0e+100000", ALLOW_NON_DECIMAL_PREFIX));
+  CHECK_EQ(0.0, StringToDouble("0.", ALLOW_NON_DECIMAL_PREFIX));
 }
 
 TEST_F(ConversionsTest, LongNumberStr) {
   CHECK_EQ(1e10, StringToDouble("1"
                                 "0000000000",
-                                NO_CONVERSION_FLAGS));
+                                NO_CONVERSION_FLAG));
   CHECK_EQ(1e20, StringToDouble("1"
                                 "0000000000"
                                 "0000000000",
-                                NO_CONVERSION_FLAGS));
+                                NO_CONVERSION_FLAG));
 
   CHECK_EQ(1e60, StringToDouble("1"
                                 "0000000000"
@@ -196,21 +187,21 @@ TEST_F(ConversionsTest, LongNumberStr) {
                                 "0000000000"
                                 "0000000000"
                                 "0000000000",
-                                NO_CONVERSION_FLAGS));
+                                NO_CONVERSION_FLAG));
 
   CHECK_EQ(1e-2, StringToDouble("."
                                 "0"
                                 "1",
-                                NO_CONVERSION_FLAGS));
+                                NO_CONVERSION_FLAG));
   CHECK_EQ(1e-11, StringToDouble("."
                                  "0000000000"
                                  "1",
-                                 NO_CONVERSION_FLAGS));
+                                 NO_CONVERSION_FLAG));
   CHECK_EQ(1e-21, StringToDouble("."
                                  "0000000000"
                                  "0000000000"
                                  "1",
-                                 NO_CONVERSION_FLAGS));
+                                 NO_CONVERSION_FLAG));
 
   CHECK_EQ(1e-61, StringToDouble("."
                                  "0000000000"
@@ -220,16 +211,16 @@ TEST_F(ConversionsTest, LongNumberStr) {
                                  "0000000000"
                                  "0000000000"
                                  "1",
-                                 NO_CONVERSION_FLAGS));
+                                 NO_CONVERSION_FLAG));
 
   // x = 24414062505131248.0 and y = 24414062505131252.0 are representable in
   // double. Check chat z = (x + y) / 2 is rounded to x...
   CHECK_EQ(24414062505131248.0,
-           StringToDouble("24414062505131250.0", NO_CONVERSION_FLAGS));
+           StringToDouble("24414062505131250.0", NO_CONVERSION_FLAG));
 
   // ... and z = (x + y) / 2 + delta is rounded to y.
   CHECK_EQ(24414062505131252.0,
-           StringToDouble("24414062505131250.000000001", NO_CONVERSION_FLAGS));
+           StringToDouble("24414062505131250.000000001", NO_CONVERSION_FLAG));
 }
 
 TEST_F(ConversionsTest, MaximumSignificantDigits) {
@@ -249,13 +240,13 @@ TEST_F(ConversionsTest, MaximumSignificantDigits) {
       "6998291015625000000000000000000000000000000000e-308";
 
   CHECK_EQ(4.4501477170144017780491e-308,
-           StringToDouble(num, NO_CONVERSION_FLAGS));
+           StringToDouble(num, NO_CONVERSION_FLAG));
 
   // Changes the result of strtod (at least in glibc implementation).
   num[sizeof(num) - 8] = '1';
 
   CHECK_EQ(4.4501477170144022721148e-308,
-           StringToDouble(num, NO_CONVERSION_FLAGS));
+           StringToDouble(num, NO_CONVERSION_FLAG));
 }
 
 TEST_F(ConversionsTest, MinimumExponent) {
@@ -276,29 +267,29 @@ TEST_F(ConversionsTest, MinimumExponent) {
       "998291015625000000000000000000000000000000000e-1108";
 
   CHECK_EQ(4.4501477170144017780491e-308,
-           StringToDouble(num, NO_CONVERSION_FLAGS));
+           StringToDouble(num, NO_CONVERSION_FLAG));
 
   // Changes the result of strtod (at least in glibc implementation).
   num[sizeof(num) - 8] = '1';
 
   CHECK_EQ(4.4501477170144022721148e-308,
-           StringToDouble(num, NO_CONVERSION_FLAGS));
+           StringToDouble(num, NO_CONVERSION_FLAG));
 }
 
 TEST_F(ConversionsTest, MaximumExponent) {
   char num[] = "0.16e309";
 
   CHECK_EQ(1.59999999999999997765e+308,
-           StringToDouble(num, NO_CONVERSION_FLAGS));
+           StringToDouble(num, NO_CONVERSION_FLAG));
 }
 
 TEST_F(ConversionsTest, ExponentNumberStr) {
-  CHECK_EQ(1e1, StringToDouble("1e1", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1e1, StringToDouble("1e+1", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1e-1, StringToDouble("1e-1", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1e100, StringToDouble("1e+100", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1e-100, StringToDouble("1e-100", NO_CONVERSION_FLAGS));
-  CHECK_EQ(1e-106, StringToDouble(".000001e-100", NO_CONVERSION_FLAGS));
+  CHECK_EQ(1e1, StringToDouble("1e1", NO_CONVERSION_FLAG));
+  CHECK_EQ(1e1, StringToDouble("1e+1", NO_CONVERSION_FLAG));
+  CHECK_EQ(1e-1, StringToDouble("1e-1", NO_CONVERSION_FLAG));
+  CHECK_EQ(1e100, StringToDouble("1e+100", NO_CONVERSION_FLAG));
+  CHECK_EQ(1e-100, StringToDouble("1e-100", NO_CONVERSION_FLAG));
+  CHECK_EQ(1e-106, StringToDouble(".000001e-100", NO_CONVERSION_FLAG));
 }
 
 using OneBit1 = base::BitField<uint32_t, 0, 1>;
@@ -436,7 +427,7 @@ TEST_F(ConversionsTest, PositiveNumberToUint32) {
   uint32_t max = std::numeric_limits<uint32_t>::max();
   HandleScope scope(i_isolate());
   // Test Smi conversions.
-  Handle<Object> number = handle(Smi::FromInt(0), i_isolate());
+  DirectHandle<Object> number(Smi::FromInt(0), i_isolate());
   CHECK_EQ(PositiveNumberToUint32(*number), 0u);
   number = handle(Smi::FromInt(-1), i_isolate());
   CHECK_EQ(PositiveNumberToUint32(*number), 0u);
diff --git a/deps/v8/test/unittests/objects/concurrent-feedback-vector-unittest.cc b/deps/v8/test/unittests/objects/concurrent-feedback-vector-unittest.cc
index 713dd197461556..6f68de8fc86c9c 100644
--- a/deps/v8/test/unittests/objects/concurrent-feedback-vector-unittest.cc
+++ b/deps/v8/test/unittests/objects/concurrent-feedback-vector-unittest.cc
@@ -185,7 +185,7 @@ TEST_F(ConcurrentFeedbackVectorTest, CheckLoadICStates) {
       Cast<JSFunction>(Utils::OpenDirectHandle(*result));
   Handle<FeedbackVector> vector(function->feedback_vector(), i_isolate());
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(vector, slot);
+  FeedbackNexus nexus(i_isolate(), vector, slot);
   EXPECT_TRUE(IsLoadICKind(nexus.kind()));
   EXPECT_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   nexus.ConfigureUninitialized();
diff --git a/deps/v8/test/unittests/objects/concurrent-js-array-unittest.cc b/deps/v8/test/unittests/objects/concurrent-js-array-unittest.cc
index cd99752e19b0cb..053617a6fcd322 100644
--- a/deps/v8/test/unittests/objects/concurrent-js-array-unittest.cc
+++ b/deps/v8/test/unittests/objects/concurrent-js-array-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/api/api.h"
 #include "src/base/platform/semaphore.h"
 #include "src/handles/handles-inl.h"
@@ -63,7 +65,7 @@ class BackgroundThread final : public v8::base::Thread {
         continue;
       }
 
-      base::Optional<Tagged<Object>> result =
+      std::optional<Tagged<Object>> result =
           ConcurrentLookupIterator::TryGetOwnCowElement(
               isolate, Cast<FixedArray>(*elements), elements_kind,
               Smi::ToInt(x->length(isolate, kRelaxedLoad)), kIndex);
diff --git a/deps/v8/test/unittests/objects/concurrent-prototype-unittest.cc b/deps/v8/test/unittests/objects/concurrent-prototype-unittest.cc
index 36cfc237492251..93d0637e0b517b 100644
--- a/deps/v8/test/unittests/objects/concurrent-prototype-unittest.cc
+++ b/deps/v8/test/unittests/objects/concurrent-prototype-unittest.cc
@@ -48,10 +48,10 @@ class ConcurrentSearchThread final : public v8::base::Thread {
 
     for (DirectHandle<JSObject> js_obj : handles_) {
       // Walk up the prototype chain all the way to the top.
-      Handle<Map> map(js_obj->map(kAcquireLoad), &local_heap);
+      DirectHandle<Map> map(js_obj->map(kAcquireLoad), &local_heap);
       while (!IsNull(map->prototype())) {
-        Handle<Map> map_prototype_map(map->prototype()->map(kAcquireLoad),
-                                      &local_heap);
+        DirectHandle<Map> map_prototype_map(map->prototype()->map(kAcquireLoad),
+                                            &local_heap);
         if (!IsJSObjectMap(*map_prototype_map)) {
           break;
         }
diff --git a/deps/v8/test/unittests/objects/concurrent-transition-array-unittest.cc b/deps/v8/test/unittests/objects/concurrent-transition-array-unittest.cc
index f19bf3a949b5d1..41b14b9bd7a43c 100644
--- a/deps/v8/test/unittests/objects/concurrent-transition-array-unittest.cc
+++ b/deps/v8/test/unittests/objects/concurrent-transition-array-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/api/api.h"
 #include "src/base/platform/semaphore.h"
 #include "src/handles/handles-inl.h"
@@ -27,7 +29,7 @@ class ConcurrentSearchThread : public v8::base::Thread {
   ConcurrentSearchThread(Heap* heap, base::Semaphore* background_thread_started,
                          std::unique_ptr<PersistentHandles> ph,
                          Handle<Name> name, Handle<Map> map,
-                         base::Optional<Handle<Map>> result_map)
+                         std::optional<Handle<Map>> result_map)
       : v8::base::Thread(base::Thread::Options("ThreadWithLocalHeap")),
         heap_(heap),
         background_thread_started_(background_thread_started),
@@ -56,7 +58,7 @@ class ConcurrentSearchThread : public v8::base::Thread {
   std::unique_ptr<PersistentHandles> ph_;
   Handle<Name> name_;
   Handle<Map> map_;
-  base::Optional<Handle<Map>> result_map_;
+  std::optional<Handle<Map>> result_map_;
 };
 
 // Background search thread class that creates the transitions accessor before
@@ -362,7 +364,7 @@ TEST_F(ConcurrentTransitionArrayTest, UninitializedToFullFieldTransitions) {
   // Background thread will search for name2, guaranteed to *not* be on the map.
   std::unique_ptr<ConcurrentSearchThread> thread(new ConcurrentSearchThread(
       i_isolate()->heap(), &background_thread_started, std::move(ph),
-      persistent_name2, persistent_map0, base::nullopt));
+      persistent_name2, persistent_map0, std::nullopt));
   CHECK(thread->Start());
 
   background_thread_started.Wait();
diff --git a/deps/v8/test/unittests/objects/elements-kind-unittest.cc b/deps/v8/test/unittests/objects/elements-kind-unittest.cc
index da4f51098d2db1..dc6abeb6124099 100644
--- a/deps/v8/test/unittests/objects/elements-kind-unittest.cc
+++ b/deps/v8/test/unittests/objects/elements-kind-unittest.cc
@@ -314,7 +314,7 @@ TEST_F(ElementsKindTest, JSArrayAddingElementsGeneralizingiFastSmiElements) {
 
   Handle<JSArray> array =
       factory->NewJSArray(ElementsKind::PACKED_SMI_ELEMENTS, 0, 0);
-  Handle<Map> previous_map(array->map(), i_isolate());
+  DirectHandle<Map> previous_map(array->map(), i_isolate());
   CHECK_EQ(PACKED_SMI_ELEMENTS, previous_map->elements_kind());
   CHECK_EQ(0, Smi::ToInt(array->length()));
 
@@ -384,7 +384,7 @@ TEST_F(ElementsKindTest, JSArrayAddingElementsGeneralizingFastElements) {
 
   Handle<JSArray> array =
       factory->NewJSArray(ElementsKind::PACKED_ELEMENTS, 0, 0);
-  Handle<Map> previous_map(array->map(), i_isolate());
+  DirectHandle<Map> previous_map(array->map(), i_isolate());
   CHECK_EQ(PACKED_ELEMENTS, previous_map->elements_kind());
   CHECK_EQ(0, Smi::ToInt(array->length()));
 
@@ -431,7 +431,7 @@ TEST_F(ElementsKindTest, JSArrayAddingElementsGeneralizingiFastDoubleElements) {
 
   Handle<JSArray> array =
       factory->NewJSArray(ElementsKind::PACKED_SMI_ELEMENTS, 0, 0);
-  Handle<Map> previous_map(array->map(), i_isolate());
+  DirectHandle<Map> previous_map(array->map(), i_isolate());
 
   // `array[0] = value_double` changes |elements_kind| to PACKED_DOUBLE_ELEMENTS
   name = MakeString("0");
diff --git a/deps/v8/test/unittests/objects/feedback-vector-unittest.cc b/deps/v8/test/unittests/objects/feedback-vector-unittest.cc
index 515a0eb53f48df..c9746e98583b05 100644
--- a/deps/v8/test/unittests/objects/feedback-vector-unittest.cc
+++ b/deps/v8/test/unittests/objects/feedback-vector-unittest.cc
@@ -81,7 +81,7 @@ TEST_F(FeedbackVectorTest, VectorStructure) {
   {
     FeedbackVectorSpec spec(&zone);
     spec.AddForInSlot();
-    spec.AddCreateClosureSlot();
+    spec.AddCreateClosureParameterCount(0);
     spec.AddForInSlot();
     vector = NewFeedbackVector(isolate, &spec);
     FeedbackVectorHelper helper(vector);
@@ -160,7 +160,7 @@ TEST_F(FeedbackVectorTest, VectorCallICStates) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(isolate, feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
 
   TryRunJS("f(function() { return 16; })");
@@ -191,7 +191,7 @@ TEST_F(FeedbackVectorTest, VectorCallICStateApply) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(foo->feedback_vector(), isolate);
   FeedbackSlot slot(4);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   CHECK_EQ(CallFeedbackContent::kReceiver, nexus.GetCallFeedbackContent());
   Tagged<HeapObject> heap_object;
@@ -230,7 +230,7 @@ TEST_F(FeedbackVectorTest, VectorCallFeedback) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
 
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   Tagged<HeapObject> heap_object;
@@ -262,7 +262,7 @@ TEST_F(FeedbackVectorTest, VectorPolymorphicCallFeedback) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
 
   CHECK_EQ(InlineCacheState::POLYMORPHIC, nexus.ic_state());
   Tagged<HeapObject> heap_object;
@@ -290,7 +290,7 @@ TEST_F(FeedbackVectorTest, VectorCallFeedbackForArray) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
 
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   Tagged<HeapObject> heap_object;
@@ -320,7 +320,7 @@ TEST_F(FeedbackVectorTest, VectorCallCounts) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
 
   TryRunJS("f(foo); f(foo);");
@@ -351,7 +351,7 @@ TEST_F(FeedbackVectorTest, VectorConstructCounts) {
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
 
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
 
   CHECK(feedback_vector->Get(slot).IsWeak());
@@ -384,7 +384,7 @@ TEST_F(FeedbackVectorTest, VectorSpeculationMode) {
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
 
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(SpeculationMode::kAllowSpeculation, nexus.GetSpeculationMode());
 
   TryRunJS("f(Foo); f(Foo);");
@@ -420,7 +420,7 @@ TEST_F(FeedbackVectorTest, VectorCallSpeculationModeAndFeedbackContent) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(min->feedback_vector(), isolate);
   FeedbackSlot slot(6);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
 
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   CHECK_EQ(SpeculationMode::kAllowSpeculation, nexus.GetSpeculationMode());
@@ -453,7 +453,7 @@ TEST_F(FeedbackVectorTest, VectorLoadICStates) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
 
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   // Verify that the monomorphic map is the one we expect.
@@ -523,13 +523,13 @@ TEST_F(FeedbackVectorTest, VectorLoadGlobalICSlotSharing) {
   FeedbackSlot slot3 = helper.slot(2);
   FeedbackSlot slot4 = helper.slot(3);
   CHECK_EQ(InlineCacheState::MONOMORPHIC,
-           FeedbackNexus(feedback_vector, slot1).ic_state());
+           FeedbackNexus(i_isolate(), feedback_vector, slot1).ic_state());
   CHECK_EQ(InlineCacheState::MONOMORPHIC,
-           FeedbackNexus(feedback_vector, slot2).ic_state());
+           FeedbackNexus(i_isolate(), feedback_vector, slot2).ic_state());
   CHECK_EQ(InlineCacheState::MONOMORPHIC,
-           FeedbackNexus(feedback_vector, slot3).ic_state());
+           FeedbackNexus(i_isolate(), feedback_vector, slot3).ic_state());
   CHECK_EQ(InlineCacheState::MONOMORPHIC,
-           FeedbackNexus(feedback_vector, slot4).ic_state());
+           FeedbackNexus(i_isolate(), feedback_vector, slot4).ic_state());
 }
 
 TEST_F(FeedbackVectorTest, VectorLoadICOnSmi) {
@@ -551,7 +551,7 @@ TEST_F(FeedbackVectorTest, VectorLoadICOnSmi) {
   Handle<FeedbackVector> feedback_vector =
       Handle<FeedbackVector>(f->feedback_vector(), isolate);
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
   // Verify that the monomorphic map is the one we expect.
   Tagged<Map> number_map = ReadOnlyRoots(heap).heap_number_map();
@@ -754,7 +754,7 @@ TEST_F(FeedbackVectorTest, VectorStoreICBasic) {
   FeedbackVectorHelper helper(feedback_vector);
   CHECK_EQ(1, helper.slot_count());
   FeedbackSlot slot(0);
-  FeedbackNexus nexus(feedback_vector, slot);
+  FeedbackNexus nexus(i_isolate(), feedback_vector, slot);
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
 }
 
@@ -780,7 +780,7 @@ TEST_F(FeedbackVectorTest, DefineNamedOwnIC) {
   CHECK_EQ(2, helper.slot_count());
   CHECK_SLOT_KIND(helper, 0, FeedbackSlotKind::kLiteral);
   CHECK_SLOT_KIND(helper, 1, FeedbackSlotKind::kDefineNamedOwn);
-  FeedbackNexus nexus(feedback_vector, helper.slot(1));
+  FeedbackNexus nexus(i_isolate(), feedback_vector, helper.slot(1));
   CHECK_EQ(InlineCacheState::MONOMORPHIC, nexus.ic_state());
 }
 
diff --git a/deps/v8/test/unittests/objects/hashcode-unittest.cc b/deps/v8/test/unittests/objects/hashcode-unittest.cc
index a33ddff9135fff..c64aa3fca89011 100644
--- a/deps/v8/test/unittests/objects/hashcode-unittest.cc
+++ b/deps/v8/test/unittests/objects/hashcode-unittest.cc
@@ -116,7 +116,7 @@ TEST_F(HashcodeTest, AddHashCodeToFastObjectWithPropertiesArray) {
 }
 
 TEST_F(HashcodeTest, AddHashCodeToSlowObject) {
-  Handle<JSObject> obj =
+  DirectHandle<JSObject> obj =
       i_isolate()->factory()->NewJSObject(i_isolate()->object_function());
   CHECK(obj->HasFastProperties());
   JSObject::NormalizeProperties(i_isolate(), obj, CLEAR_INOBJECT_PROPERTIES, 0,
@@ -170,7 +170,7 @@ TEST_F(HashcodeTest, TransitionFastWithPropertyArrayToSlow) {
       " x.a = 1; x.b = 2; x.c = 3; x.d = 4; x.e = 5; ";
   RunJS(source);
 
-  Handle<JSObject> obj = GetGlobal<JSObject>("x");
+  DirectHandle<JSObject> obj = GetGlobal<JSObject>("x");
   CHECK(IsPropertyArray(obj->raw_properties_or_hash()));
 
   int hash = AddToSetAndGetHash(obj, true);
@@ -186,7 +186,7 @@ TEST_F(HashcodeTest, TransitionSlowToSlow) {
   const char* source = " var x = {}; ";
   RunJS(source);
 
-  Handle<JSObject> obj = GetGlobal<JSObject>("x");
+  DirectHandle<JSObject> obj = GetGlobal<JSObject>("x");
   JSObject::NormalizeProperties(i_isolate(), obj, CLEAR_INOBJECT_PROPERTIES, 0,
                                 "cctest/test-hashcode");
   CheckIsDictionaryModeObject(obj);
@@ -201,7 +201,7 @@ TEST_F(HashcodeTest, TransitionSlowToSlow) {
 }
 
 TEST_F(HashcodeTest, TransitionSlowToFastWithoutProperties) {
-  Handle<JSObject> obj =
+  DirectHandle<JSObject> obj =
       i_isolate()->factory()->NewJSObject(i_isolate()->object_function());
   JSObject::NormalizeProperties(i_isolate(), obj, CLEAR_INOBJECT_PROPERTIES, 0,
                                 "cctest/test-hashcode");
diff --git a/deps/v8/test/unittests/objects/object-unittest.cc b/deps/v8/test/unittests/objects/object-unittest.cc
index 276e0ada6fd87d..faceb19d9f8667 100644
--- a/deps/v8/test/unittests/objects/object-unittest.cc
+++ b/deps/v8/test/unittests/objects/object-unittest.cc
@@ -174,44 +174,6 @@ TEST_F(TestWithNativeContext, EmptyFunctionScopeInfo) {
             empty_function_scope_info->ContextLocalCount());
 }
 
-TEST_F(TestWithNativeContext, RecreateScopeInfoWithLocalsBlocklistWorks) {
-  // Create a JSFunction to get a {ScopeInfo} we can use for the test.
-  DirectHandle<JSFunction> function = RunJS<JSFunction>("(function foo() {})");
-  Handle<ScopeInfo> original_scope_info(function->shared()->scope_info(),
-                                        isolate());
-  ASSERT_FALSE(original_scope_info->HasLocalsBlockList());
-
-  DirectHandle<String> foo_string =
-      isolate()->factory()->NewStringFromStaticChars("foo");
-  DirectHandle<String> bar_string =
-      isolate()->factory()->NewStringFromStaticChars("bar");
-
-  Handle<StringSet> blocklist = StringSet::New(isolate());
-  StringSet::Add(isolate(), blocklist, foo_string);
-
-  DirectHandle<ScopeInfo> scope_info = ScopeInfo::RecreateWithBlockList(
-      isolate(), original_scope_info, blocklist);
-
-  DisallowGarbageCollection no_gc;
-  EXPECT_TRUE(scope_info->HasLocalsBlockList());
-  EXPECT_TRUE(scope_info->LocalsBlockList()->Has(isolate(), foo_string));
-  EXPECT_FALSE(scope_info->LocalsBlockList()->Has(isolate(), bar_string));
-
-  EXPECT_EQ(original_scope_info->length() + 1, scope_info->length());
-
-  // Check that all variable fields *before* the blocklist stayed the same.
-  for (int i = ScopeInfo::kVariablePartIndex;
-       i < scope_info->LocalsBlockListIndex(); ++i) {
-    EXPECT_EQ(original_scope_info->get(i), scope_info->get(i));
-  }
-
-  // Check that all variable fields *after* the blocklist stayed the same.
-  for (int i = scope_info->LocalsBlockListIndex() + 1; i < scope_info->length();
-       ++i) {
-    EXPECT_EQ(original_scope_info->get(i - 1), scope_info->get(i));
-  }
-}
-
 using ObjectTest = TestWithContext;
 
 static void CheckObject(Isolate* isolate, DirectHandle<Object> obj,
@@ -387,12 +349,12 @@ TEST_F(ObjectTest, EnumCache) {
 
   // Creating the EnumCache for {c} will create a new EnumCache on the shared
   // DescriptorArray.
-  Handle<EnumCache> previous_enum_cache(
+  DirectHandle<EnumCache> previous_enum_cache(
       a->map()->instance_descriptors()->enum_cache(), a->GetIsolate());
-  Handle<FixedArray> previous_keys(previous_enum_cache->keys(),
-                                   a->GetIsolate());
-  Handle<FixedArray> previous_indices(previous_enum_cache->indices(),
-                                      a->GetIsolate());
+  DirectHandle<FixedArray> previous_keys(previous_enum_cache->keys(),
+                                         a->GetIsolate());
+  DirectHandle<FixedArray> previous_indices(previous_enum_cache->indices(),
+                                            a->GetIsolate());
   RunJS("var s = 0; for (let key in c) { s += c[key] };");
   {
     CHECK_EQ(a->map()->EnumLength(), 1);
@@ -466,7 +428,7 @@ TEST_F(ObjectTest, ObjectMethodsThatTruncateMinusZero) {
   Handle<Object> minus_zero = factory->NewNumber(-1.0 * 0.0);
   CHECK(IsMinusZero(*minus_zero));
 
-  Handle<Object> result =
+  DirectHandle<Object> result =
       Object::ToInteger(i_isolate(), minus_zero).ToHandleChecked();
   CHECK(IsZero(*result));
 
@@ -704,8 +666,8 @@ TEST_F(ObjectTest, AddDataPropertyNameCollision) {
       factory->NewJSObject(i_isolate()->object_function());
 
   Handle<String> key = factory->NewStringFromStaticChars("key_string");
-  Handle<Object> value1(Smi::FromInt(0), i_isolate());
-  Handle<Object> value2 = factory->NewStringFromAsciiChecked("corrupt");
+  DirectHandle<Object> value1(Smi::FromInt(0), i_isolate());
+  DirectHandle<Object> value2 = factory->NewStringFromAsciiChecked("corrupt");
 
   LookupIterator outer_it(i_isolate(), object, key, object,
                           LookupIterator::OWN_SKIP_INTERCEPTOR);
@@ -743,7 +705,7 @@ TEST_F(ObjectTest, AddDataPropertyNameCollisionDeprecatedMap) {
   CHECK(a->map() == b->map());
 
   Handle<String> key = factory->NewStringFromStaticChars("corrupted_prop");
-  Handle<Object> value = factory->NewStringFromAsciiChecked("corrupt");
+  DirectHandle<Object> value = factory->NewStringFromAsciiChecked("corrupt");
   LookupIterator it(i_isolate(), a, key, a,
                     LookupIterator::OWN_SKIP_INTERCEPTOR);
 
diff --git a/deps/v8/test/unittests/objects/value-serializer-unittest.cc b/deps/v8/test/unittests/objects/value-serializer-unittest.cc
index d667b455526b88..645cdacb40e8f1 100644
--- a/deps/v8/test/unittests/objects/value-serializer-unittest.cc
+++ b/deps/v8/test/unittests/objects/value-serializer-unittest.cc
@@ -1916,8 +1916,8 @@ TEST_F(ValueSerializerTest, RoundTripArrayBuffer) {
   ExpectScriptTrue("Object.getPrototypeOf(result) === ArrayBuffer.prototype");
   // TODO(v8:11111): Use API functions for testing max_byte_length and resizable
   // once they're exposed via the API.
-  i::Handle<i::JSArrayBuffer> array_buffer =
-      Utils::OpenHandle(ArrayBuffer::Cast(*value));
+  i::DirectHandle<i::JSArrayBuffer> array_buffer =
+      Utils::OpenDirectHandle(ArrayBuffer::Cast(*value));
   EXPECT_EQ(0u, array_buffer->max_byte_length());
   EXPECT_EQ(false, array_buffer->is_resizable_by_js());
 
@@ -1925,7 +1925,7 @@ TEST_F(ValueSerializerTest, RoundTripArrayBuffer) {
   ASSERT_TRUE(value->IsArrayBuffer());
   EXPECT_EQ(3u, ArrayBuffer::Cast(*value)->ByteLength());
   ExpectScriptTrue("new Uint8Array(result).toString() === '0,128,255'");
-  array_buffer = Utils::OpenHandle(ArrayBuffer::Cast(*value));
+  array_buffer = Utils::OpenDirectHandle(ArrayBuffer::Cast(*value));
   EXPECT_EQ(3u, array_buffer->max_byte_length());
   EXPECT_EQ(false, array_buffer->is_resizable_by_js());
 
@@ -2090,7 +2090,7 @@ TEST_F(ValueSerializerTest, RoundTripTypedArray) {
   // TODO(v8:11111): Use API functions for testing is_length_tracking and
   // is_backed_by_rab, once they're exposed via the API.
   Local<Value> value;
-  i::Handle<i::JSTypedArray> i_ta;
+  i::DirectHandle<i::JSTypedArray> i_ta;
 #define TYPED_ARRAY_ROUND_TRIP_TEST(Type, type, TYPE, ctype)             \
   value = RoundTripTest("new " #Type "Array(2)");                        \
   ASSERT_TRUE(value->Is##Type##Array());                                 \
@@ -2098,7 +2098,7 @@ TEST_F(ValueSerializerTest, RoundTripTypedArray) {
   EXPECT_EQ(2u, TypedArray::Cast(*value)->Length());                     \
   ExpectScriptTrue("Object.getPrototypeOf(result) === " #Type            \
                    "Array.prototype");                                   \
-  i_ta = v8::Utils::OpenHandle(TypedArray::Cast(*value));                \
+  i_ta = v8::Utils::OpenDirectHandle(TypedArray::Cast(*value));          \
   EXPECT_EQ(false, i_ta->is_length_tracking());                          \
   EXPECT_EQ(false, i_ta->is_backed_by_rab());
 
@@ -2140,7 +2140,7 @@ TEST_F(ValueSerializerTest, RoundTripRabBackedLengthTrackingTypedArray) {
   // TODO(v8:11111): Use API functions for testing is_length_tracking and
   // is_backed_by_rab, once they're exposed via the API.
   Local<Value> value;
-  i::Handle<i::JSTypedArray> i_ta;
+  i::DirectHandle<i::JSTypedArray> i_ta;
 #define TYPED_ARRAY_ROUND_TRIP_TEST(Type, type, TYPE, ctype)          \
   value = RoundTripTest("new " #Type                                  \
                         "Array(new ArrayBuffer(80, "                  \
@@ -2150,7 +2150,7 @@ TEST_F(ValueSerializerTest, RoundTripRabBackedLengthTrackingTypedArray) {
   EXPECT_EQ(80u / sizeof(ctype), TypedArray::Cast(*value)->Length()); \
   ExpectScriptTrue("Object.getPrototypeOf(result) === " #Type         \
                    "Array.prototype");                                \
-  i_ta = v8::Utils::OpenHandle(TypedArray::Cast(*value));             \
+  i_ta = v8::Utils::OpenDirectHandle(TypedArray::Cast(*value));       \
   EXPECT_EQ(true, i_ta->is_length_tracking());                        \
   EXPECT_EQ(true, i_ta->is_backed_by_rab());
 
@@ -2165,7 +2165,7 @@ TEST_F(ValueSerializerTest, RoundTripRabBackedNonLengthTrackingTypedArray) {
   // TODO(v8:11111): Use API functions for testing is_length_tracking and
   // is_backed_by_rab, once they're exposed via the API.
   Local<Value> value;
-  i::Handle<i::JSTypedArray> i_ta;
+  i::DirectHandle<i::JSTypedArray> i_ta;
 #define TYPED_ARRAY_ROUND_TRIP_TEST(Type, type, TYPE, ctype)             \
   value = RoundTripTest("new " #Type                                     \
                         "Array(new ArrayBuffer(80, "                     \
@@ -2175,7 +2175,7 @@ TEST_F(ValueSerializerTest, RoundTripRabBackedNonLengthTrackingTypedArray) {
   EXPECT_EQ(4u, TypedArray::Cast(*value)->Length());                     \
   ExpectScriptTrue("Object.getPrototypeOf(result) === " #Type            \
                    "Array.prototype");                                   \
-  i_ta = v8::Utils::OpenHandle(TypedArray::Cast(*value));                \
+  i_ta = v8::Utils::OpenDirectHandle(TypedArray::Cast(*value));          \
   EXPECT_EQ(false, i_ta->is_length_tracking());                          \
   EXPECT_EQ(true, i_ta->is_backed_by_rab());
 
diff --git a/deps/v8/test/unittests/objects/wasm-backing-store-unittest.cc b/deps/v8/test/unittests/objects/wasm-backing-store-unittest.cc
index 5feb1f14f18c39..6928078eece940 100644
--- a/deps/v8/test/unittests/objects/wasm-backing-store-unittest.cc
+++ b/deps/v8/test/unittests/objects/wasm-backing-store-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/base/platform/platform.h"
 #include "src/objects/backing-store.h"
 #include "test/unittests/test-utils.h"
@@ -20,7 +22,7 @@ TEST_F(BackingStoreTest, GrowWasmMemoryInPlace) {
   EXPECT_EQ(1 * wasm::kWasmPageSize, backing_store->byte_length());
   EXPECT_EQ(2 * wasm::kWasmPageSize, backing_store->byte_capacity());
 
-  base::Optional<size_t> result =
+  std::optional<size_t> result =
       backing_store->GrowWasmMemoryInPlace(isolate(), 1, 2);
   EXPECT_TRUE(result.has_value());
   EXPECT_EQ(result.value(), 1u);
@@ -35,7 +37,7 @@ TEST_F(BackingStoreTest, GrowWasmMemoryInPlace_neg) {
   EXPECT_EQ(1 * wasm::kWasmPageSize, backing_store->byte_length());
   EXPECT_EQ(2 * wasm::kWasmPageSize, backing_store->byte_capacity());
 
-  base::Optional<size_t> result =
+  std::optional<size_t> result =
       backing_store->GrowWasmMemoryInPlace(isolate(), 2, 2);
   EXPECT_FALSE(result.has_value());
   EXPECT_EQ(1 * wasm::kWasmPageSize, backing_store->byte_length());
@@ -49,7 +51,7 @@ TEST_F(BackingStoreTest, GrowSharedWasmMemoryInPlace) {
   EXPECT_EQ(2 * wasm::kWasmPageSize, backing_store->byte_length());
   EXPECT_EQ(3 * wasm::kWasmPageSize, backing_store->byte_capacity());
 
-  base::Optional<size_t> result =
+  std::optional<size_t> result =
       backing_store->GrowWasmMemoryInPlace(isolate(), 1, 3);
   EXPECT_TRUE(result.has_value());
   EXPECT_EQ(result.value(), 2u);
@@ -86,7 +88,7 @@ class GrowerThread : public base::Thread {
     while (true) {
       size_t current_length = backing_store_->byte_length();
       if (current_length >= max_length) break;
-      base::Optional<size_t> result =
+      std::optional<size_t> result =
           backing_store_->GrowWasmMemoryInPlace(isolate_, increment_, max_);
       size_t new_length = backing_store_->byte_length();
       if (result.has_value()) {
diff --git a/deps/v8/test/unittests/objects/weakmaps-unittest.cc b/deps/v8/test/unittests/objects/weakmaps-unittest.cc
index 0eff4231676eac..37eb4fbba1480b 100644
--- a/deps/v8/test/unittests/objects/weakmaps-unittest.cc
+++ b/deps/v8/test/unittests/objects/weakmaps-unittest.cc
@@ -181,6 +181,7 @@ bool EphemeronHashTableContainsKey(Tagged<EphemeronHashTable> table,
 
 TEST_F(WeakMapsTest, WeakMapPromotionMarkCompact) {
   Isolate* isolate = i_isolate();
+  ManualGCScope manual_gc_scope(isolate);
   Factory* factory = isolate->factory();
   HandleScope scope(isolate);
   DirectHandle<JSWeakMap> weakmap = isolate->factory()->NewJSWeakMap();
@@ -216,6 +217,7 @@ TEST_F(WeakMapsTest, WeakMapScavenge) {
   if (i::v8_flags.single_generation) return;
   if (i::v8_flags.stress_incremental_marking) return;
   Isolate* isolate = i_isolate();
+  ManualGCScope manual_gc_scope(isolate);
   Factory* factory = isolate->factory();
   HandleScope scope(isolate);
   DirectHandle<JSWeakMap> weakmap = isolate->factory()->NewJSWeakMap();
@@ -256,6 +258,7 @@ TEST_F(WeakMapsTest, Regress2060a) {
   v8_flags.compact_on_every_full_gc = true;
   v8_flags.stress_concurrent_allocation = false;  // For SimulateFullSpace.
   Isolate* isolate = i_isolate();
+  ManualGCScope manual_gc_scope(isolate);
   Factory* factory = isolate->factory();
   Heap* heap = isolate->heap();
   HandleScope scope(isolate);
@@ -298,6 +301,7 @@ TEST_F(WeakMapsTest, Regress2060b) {
   v8_flags.stress_concurrent_allocation = false;  // For SimulateFullSpace.
 
   Isolate* isolate = i_isolate();
+  ManualGCScope manual_gc_scope(isolate);
   Factory* factory = isolate->factory();
   Heap* heap = isolate->heap();
   HandleScope scope(isolate);
diff --git a/deps/v8/test/unittests/objects/weaksets-unittest.cc b/deps/v8/test/unittests/objects/weaksets-unittest.cc
index 1dd3efc4a27591..0c0d7d46613c94 100644
--- a/deps/v8/test/unittests/objects/weaksets-unittest.cc
+++ b/deps/v8/test/unittests/objects/weaksets-unittest.cc
@@ -169,6 +169,7 @@ TEST_F(WeakSetsTest, WeakSet_Regress2060a) {
   if (i::v8_flags.enable_third_party_heap) return;
   v8_flags.compact_on_every_full_gc = true;
   v8_flags.stress_concurrent_allocation = false;  // For SimulateFullSpace.
+  ManualGCScope manual_gc_scope(i_isolate());
   Factory* factory = i_isolate()->factory();
   Heap* heap = i_isolate()->heap();
   HandleScope scope(i_isolate());
@@ -213,6 +214,7 @@ TEST_F(WeakSetsTest, WeakSet_Regress2060b) {
 #endif
   v8_flags.stress_concurrent_allocation = false;  // For SimulateFullSpace.
 
+  ManualGCScope manual_gc_scope(i_isolate());
   Factory* factory = i_isolate()->factory();
   Heap* heap = i_isolate()->heap();
   HandleScope scope(i_isolate());
diff --git a/deps/v8/test/unittests/parser/parsing-unittest.cc b/deps/v8/test/unittests/parser/parsing-unittest.cc
index e549092beb8a51..7639041de56f08 100644
--- a/deps/v8/test/unittests/parser/parsing-unittest.cc
+++ b/deps/v8/test/unittests/parser/parsing-unittest.cc
@@ -1431,7 +1431,7 @@ TEST_F(ParsingTest, ScopeUsesArgumentsSuperThis) {
       flags.set_allow_lazy_parsing(false);
       i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
       CHECK_PARSE_PROGRAM(&info, script, isolate);
-      i::DeclarationScope::AllocateScopeInfos(&info, isolate);
+      i::DeclarationScope::AllocateScopeInfos(&info, script, isolate);
       CHECK_NOT_NULL(info.literal());
 
       i::DeclarationScope* script_scope = info.literal()->scope();
@@ -1507,26 +1507,24 @@ TEST_F(ParsingTest, ScopePositions) {
   };
 
   const SourceData source_data[] = {
-      {"  with ({}) ", "{ block; }", " more;", i::WITH_SCOPE,
+      {"  with ({}", "){ block; }", " more;", i::WITH_SCOPE,
        i::LanguageMode::kSloppy},
-      {"  with ({}) ", "{ block; }", "; more;", i::WITH_SCOPE,
+      {"  with ({}", "){ block; }", "; more;", i::WITH_SCOPE,
        i::LanguageMode::kSloppy},
-      {"  with ({}) ",
-       "{\n"
+      {"  with ({}",
+       "){\n"
        "    block;\n"
        "  }",
        "\n"
        "  more;",
        i::WITH_SCOPE, i::LanguageMode::kSloppy},
-      {"  with ({}) ", "statement;", " more;", i::WITH_SCOPE,
+      {"  with ({}", ")statement;", " more;", i::WITH_SCOPE,
        i::LanguageMode::kSloppy},
-      {"  with ({}) ", "statement",
+      {"  with ({}", ")statement",
        "\n"
        "  more;",
        i::WITH_SCOPE, i::LanguageMode::kSloppy},
-      {"  with ({})\n"
-       "    ",
-       "statement;",
+      {"  with ({}", ")statement;",
        "\n"
        "  more;",
        i::WITH_SCOPE, i::LanguageMode::kSloppy},
@@ -1577,25 +1575,25 @@ TEST_F(ParsingTest, ScopePositions) {
        "  (function fun",
        "(a,b) { infunction; }", ")();", i::FUNCTION_SCOPE,
        i::LanguageMode::kSloppy},
-      {"  for ", "(let x = 1 ; x < 10; ++ x) { block; }", " more;",
+      {"  for (", "let x = 1 ; x < 10; ++ x) { block; }", " more;",
        i::BLOCK_SCOPE, i::LanguageMode::kStrict},
-      {"  for ", "(let x = 1 ; x < 10; ++ x) { block; }", "; more;",
+      {"  for (", "let x = 1 ; x < 10; ++ x) { block; }", "; more;",
        i::BLOCK_SCOPE, i::LanguageMode::kStrict},
-      {"  for ",
-       "(let x = 1 ; x < 10; ++ x) {\n"
+      {"  for (",
+       "let x = 1 ; x < 10; ++ x) {\n"
        "    block;\n"
        "  }",
        "\n"
        "  more;",
        i::BLOCK_SCOPE, i::LanguageMode::kStrict},
-      {"  for ", "(let x = 1 ; x < 10; ++ x) statement;", " more;",
+      {"  for (", "let x = 1 ; x < 10; ++ x) statement;", " more;",
        i::BLOCK_SCOPE, i::LanguageMode::kStrict},
-      {"  for ", "(let x = 1 ; x < 10; ++ x) statement",
+      {"  for (", "let x = 1 ; x < 10; ++ x) statement",
        "\n"
        "  more;",
        i::BLOCK_SCOPE, i::LanguageMode::kStrict},
-      {"  for ",
-       "(let x = 1 ; x < 10; ++ x)\n"
+      {"  for (",
+       "let x = 1 ; x < 10; ++ x)\n"
        "    statement;",
        "\n"
        "  more;",
@@ -4950,7 +4948,7 @@ TEST_F(ParsingTest, BasicImportAssertionParsing) {
     {
       i::UnoptimizedCompileState compile_state;
       i::ReusableUnoptimizedCompileState reusable_state(isolate);
-      i::Handle<i::Script> script = factory->NewScript(source);
+      i::DirectHandle<i::Script> script = factory->NewScript(source);
       i::UnoptimizedCompileFlags flags =
           i::UnoptimizedCompileFlags::ForScriptCompile(isolate, *script);
       i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
@@ -5004,7 +5002,7 @@ TEST_F(ParsingTest, ImportAssertionParsingErrors) {
     i::DirectHandle<i::String> source =
         factory->NewStringFromAsciiChecked(kErrorSources[i]);
 
-    i::Handle<i::Script> script = factory->NewScript(source);
+    i::DirectHandle<i::Script> script = factory->NewScript(source);
     i::UnoptimizedCompileState compile_state;
     i::ReusableUnoptimizedCompileState reusable_state(isolate);
     i::UnoptimizedCompileFlags flags =
@@ -5078,7 +5076,7 @@ TEST_F(ParsingTest, BasicImportAttributesParsing) {
     {
       i::UnoptimizedCompileState compile_state;
       i::ReusableUnoptimizedCompileState reusable_state(isolate);
-      i::Handle<i::Script> script = factory->NewScript(source);
+      i::DirectHandle<i::Script> script = factory->NewScript(source);
       i::UnoptimizedCompileFlags flags =
           i::UnoptimizedCompileFlags::ForScriptCompile(isolate, *script);
       i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
@@ -5127,7 +5125,7 @@ TEST_F(ParsingTest, ImportAttributesParsingErrors) {
     i::DirectHandle<i::String> source =
         factory->NewStringFromAsciiChecked(kErrorSources[i]);
 
-    i::Handle<i::Script> script = factory->NewScript(source);
+    i::DirectHandle<i::Script> script = factory->NewScript(source);
     i::UnoptimizedCompileState compile_state;
     i::ReusableUnoptimizedCompileState reusable_state(isolate);
     i::UnoptimizedCompileFlags flags =
@@ -5177,7 +5175,7 @@ TEST_F(ParsingTest, BasicImportAttributesAndAssertionsParsing) {
     {
       i::UnoptimizedCompileState compile_state;
       i::ReusableUnoptimizedCompileState reusable_state(isolate);
-      i::Handle<i::Script> script = factory->NewScript(source);
+      i::DirectHandle<i::Script> script = factory->NewScript(source);
       i::UnoptimizedCompileFlags flags =
           i::UnoptimizedCompileFlags::ForScriptCompile(isolate, *script);
       i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
@@ -5211,7 +5209,7 @@ TEST_F(ParsingTest, ImportAttributesAndAssertionsParsingErrors) {
     i::DirectHandle<i::String> source =
         factory->NewStringFromAsciiChecked(kErrorSources[i]);
 
-    i::Handle<i::Script> script = factory->NewScript(source);
+    i::DirectHandle<i::Script> script = factory->NewScript(source);
     i::UnoptimizedCompileState compile_state;
     i::ReusableUnoptimizedCompileState reusable_state(isolate);
     i::UnoptimizedCompileFlags flags =
@@ -5961,6 +5959,35 @@ TEST_F(ParsingTest, PrivateMethodsAndFieldsNoErrors) {
   RunParserSyncTest(context_data, class_body_data, kSuccess);
 }
 
+// TODO(42202709): Merge with PrivateMethodsAndFieldsNoErrors once the
+// decorators flag is enabled by default.
+TEST_F(ParsingTest, PrivateAutoAccessorsAndFieldsNoErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    // Basic syntax
+    "#b;accessor #a;",
+    "#b;accessor #a = 0;",
+    "#b = 1;accessor #a;",
+    "#b = 1;accessor #a = 0;",
+
+    // With public fields
+    "a;accessor #a;",
+    "a;accessor #a = 0;",
+    "a = 1;accessor #a;",
+    "a = 1;accessor #a = 0;",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kSuccess);
+}
+
 TEST_F(ParsingTest, PrivateMethodsErrors) {
   // clang-format off
   // Tests proposed class methods syntax in combination with fields
@@ -6052,6 +6079,25 @@ TEST_F(ParsingTest, PrivateMembersNestedInObjectLiteralsNoErrors) {
   RunParserSyncTest(context_data, class_body_data, kSuccess);
 }
 
+// TODO(42202709): Merge with PrivateMembersNestedInObjectLiteralsNoErrors once
+// the decorators flag is enabled by default.
+TEST_F(ParsingTest, PrivateAutoAccessorsNestedInObjectLiteralsNoErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"({", "})"},
+                                   {"'use strict'; ({", "});"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    "a: class { accessor #a = 1 }",
+    "a: class { accessor #a = () => {} }",
+    "a: class { accessor #a }",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kSuccess);
+}
+
 // Test that private members parse in class bodies nested in classes
 TEST_F(ParsingTest, PrivateMembersInNestedClassNoErrors) {
   // clang-format off
@@ -6077,6 +6123,27 @@ TEST_F(ParsingTest, PrivateMembersInNestedClassNoErrors) {
   RunParserSyncTest(context_data, class_body_data, kSuccess);
 }
 
+// TODO(42202709): Merge with PrivateMembersInNestedClassNoErrors once
+// the decorators flag is enabled by default.
+TEST_F(ParsingTest, PrivateAutoAccessorsInNestedClassNoErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    "a = class { accessor #a = 1 }",
+    "a = class { accessor #a = () => {} }",
+    "a = class { accessor #a }",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kSuccess);
+}
+
 // Test that private members do not parse outside class bodies
 TEST_F(ParsingTest, PrivateMembersInNonClassErrors) {
   // clang-format off
@@ -6106,6 +6173,33 @@ TEST_F(ParsingTest, PrivateMembersInNonClassErrors) {
   RunParserSyncTest(context_data, class_body_data, kError);
 }
 
+// TODO(42202709): Merge with PrivateMembersInNonClassErrors once
+// the decorators flag is enabled by default.
+// Test that private auto-accessors do not parse outside class bodies
+TEST_F(ParsingTest, PrivateAutoAccessorsInNonClassErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"", ""},
+                                   {"({", "})"},
+                                   {"'use strict'; ({", "});"},
+                                   {"function() {", "}"},
+                                   {"() => {", "}"},
+                                   {"class C { test() {", "} }"},
+                                   {"const {", "} = {}"},
+                                   {"({", "} = {})"},
+                                   {"class C { static {", "} }"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    "accessor #a = 1",
+    "accessor #a = () => {}",
+    "accessor #a",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kError);
+}
+
 // Test that nested private members parse
 TEST_F(ParsingTest, PrivateMembersNestedNoErrors) {
   // clang-format off
@@ -6270,6 +6364,59 @@ TEST_F(ParsingTest, PrivateStaticClassMethodsAndAccessorsDuplicateErrors) {
   RunParserSyncTest(context_data, class_body_data, kError);
 }
 
+// TODO(42202709): Merge with
+// PrivateStaticClassMethodsAndAccessorsDuplicateErrors once the decorators flag
+// is enabled by default.
+TEST_F(ParsingTest, PrivateStaticAutoAccessorsDuplicateErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    "static get #a() {} static accessor #a",
+    "static set #a(foo) {} static accessor #a",
+    "static #a() {} static accessor #a",
+    "static #a; static accessor #a",
+    "static accessor #a; static get #a() {}",
+    "static accessor #a; static set #a(foo) {}",
+    "static accessor #a; static #a",
+    "static accessor #a; static #a() {}",
+    "static accessor #a; static accessor #a;",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kError);
+}
+
+TEST_F(ParsingTest, PrivateAutoAccessorsDuplicateErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    "get #a() {} accessor #a",
+    "set #a(foo) {} accessor #a",
+    "#a() {} accessor #a",
+    "#a; accessor #a",
+    "accessor #a; get #a() {}",
+    "accessor #a; set #a(foo) {}",
+    "accessor #a; #a",
+    "accessor #a; #a() {}",
+    "accessor #a; accessor #a;",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kError);
+}
+
 TEST_F(ParsingTest, PrivateClassFieldsNoErrors) {
   // clang-format off
   // Tests proposed class fields syntax.
@@ -6333,6 +6480,73 @@ TEST_F(ParsingTest, PrivateClassFieldsNoErrors) {
   RunParserSyncTest(context_data, class_body_data, kSuccess);
 }
 
+TEST_F(ParsingTest, PrivateAutoAccessorsNoErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  // Tests proposed class fields syntax.
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    // Basic syntax
+    "accessor #a = 0;",
+    "accessor #a = 0; #b",
+    "accessor #a = 0; b",
+    "accessor #a = 0; b(){}",
+    "accessor #a = 0; *b(){}",
+    "accessor #a = 0; ['b'](){}",
+    "accessor #a;",
+    "accessor #a; #b;",
+    "accessor #a; b;",
+    "accessor #a; b(){}",
+    "accessor #a; *b(){}",
+    "accessor #a; ['b'](){}",
+
+    // ASI
+    "accessor #a = 0\n",
+    "accessor #a = 0\n #b",
+    "accessor #a = 0\n b",
+    "accessor #a = 0\n b(){}",
+    "accessor #a\n",
+    "accessor #a\n #b\n",
+    "accessor #a\n b\n",
+    "accessor #a\n b(){}",
+    "accessor #a\n *b(){}",
+    "accessor #a\n ['b'](){}",
+
+    // ASI edge cases
+    "accessor #a\n get",
+    "accessor #get\n *a(){}",
+    "accessor #a\n static",
+
+    "accessor #a = function t() { arguments; }",
+    "accessor #a = () => function() { arguments; }",
+
+    // Misc edge cases
+    "accessor #yield",
+    "accessor #yield = 0",
+    "accessor #yield\n a",
+    "accessor #async;",
+    "accessor #async = 0;",
+    "accessor #async",
+    "accessor #async = 0",
+    "accessor #async\n a(){}",  // a field named async, and a method named a.
+    "accessor #async\n a",
+    "accessor #await;",
+    "accessor #await = 0;",
+    "accessor #await\n a",
+    "accessor #accessor;",
+    "accessor #accessor = 0;",
+    "accessor #accessor\n a",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kSuccess);
+}
+
 TEST_F(ParsingTest, StaticClassFieldsErrors) {
   // clang-format off
   // Tests proposed class fields syntax.
@@ -6505,6 +6719,80 @@ TEST_F(ParsingTest, PrivateClassFieldsErrors) {
   RunParserSyncTest(context_data, class_body_data, kError);
 }
 
+TEST_F(ParsingTest, PrivateClassAutoAccessorsErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  // Tests proposed class fields syntax.
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    // The accessor keyword can only be applied to class fields.
+    "accessor #a() {}",
+    "accessor *#a() {}",
+    "accessor async #a() {}",
+    "accessor get #a() {}",
+    "accessor set #a(foo) {}",
+    "accessor async #a() {}",
+    "accessor async *#a() {}",
+
+    // Accessors should throw the same errors are regular private fields.
+    "accessor #a : 0",
+    "accessor #a =",
+    "accessor #*a = 0",
+    "accessor #*a",
+    "accessor #get a",
+    "accessor #yield a",
+    "accessor #async a = 0",
+    "accessor #async a",
+
+    "accessor #a; #a",
+    "accessor #a = 1; #a",
+    "accessor #a; #a = 1;",
+
+    "accessor #constructor",
+    "accessor #constructor = function() {}",
+
+    "accessor # a = 0",
+    "accessor #get a() { }",
+    "accessor #set a() { }",
+    "accessor #*a() { }",
+    "accessor async #*a() { }",
+
+    "accessor #0 = 0;",
+    "accessor #0;",
+    "accessor #'a' = 0;",
+    "accessor #'a';",
+
+    "accessor #['a']",
+    "accessor #['a'] = 1",
+    "accessor #[a]",
+    "accessor #[a] = 1",
+
+    "accessor #a = arguments",
+    "accessor #a = () => arguments",
+    "accessor #a = () => { arguments }",
+    "accessor #a = arguments[0]",
+    "accessor #a = delete arguments[0]",
+    "accessor #a = f(arguments)",
+    "accessor #a = () => () => arguments",
+
+    // ASI requires a linebreak
+    "accessor #a b",
+    "accessor #a = 0 b",
+
+    // ASI requires that the next token is not part of any legal production
+    "accessor #a = 0\n *b(){}",
+    "accessor #a = 0\n ['b'](){}",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kError);
+}
+
 TEST_F(ParsingTest, PrivateStaticClassFieldsNoErrors) {
   // clang-format off
   // Tests proposed class fields syntax.
@@ -6570,6 +6858,70 @@ TEST_F(ParsingTest, PrivateStaticClassFieldsNoErrors) {
   RunParserSyncTest(context_data, class_body_data, kSuccess, nullptr);
 }
 
+TEST_F(ParsingTest, PrivateStaticAutoAccessorsNoErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  // Tests proposed class fields syntax.
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    // Basic syntax
+    "static accessor #a = 0;",
+    "static accessor #a = 0; b",
+    "static accessor #a = 0; #b",
+    "static accessor #a = 0; b(){}",
+    "static accessor #a = 0; *b(){}",
+    "static accessor #a = 0; ['b'](){}",
+    "static accessor #a;",
+    "static accessor #a; b;",
+    "static accessor #a; b(){}",
+    "static accessor #a; *b(){}",
+    "static accessor #a; ['b'](){}",
+
+    // ASI
+    "static accessor #a = 0\n",
+    "static accessor #a = 0\n b",
+    "static accessor #a = 0\n #b",
+    "static accessor #a = 0\n b(){}",
+    "static accessor #a\n",
+    "static accessor #a\n b\n",
+    "static accessor #a\n #b\n",
+    "static accessor #a\n b(){}",
+    "static accessor #a\n *b(){}",
+    "static accessor #a\n ['b'](){}",
+
+    "static accessor #a = function t() { arguments; }",
+    "static accessor #a = () => function t() { arguments; }",
+
+    // ASI edge cases
+    "static accessor #a\n get",
+    "static accessor #get\n *a(){}",
+    "static accessor #a\n static",
+
+    // Misc edge cases
+    "static accessor #yield",
+    "static accessor #yield = 0",
+    "static accessor #yield\n a",
+    "static accessor #async;",
+    "static accessor #async = 0;",
+    "static accessor #async",
+    "static accessor #async = 0",
+    // A field named async, and a method named a.
+    "static accessor #async\n a(){}",
+    "static accessor #async\n a",
+    "static accessor #await;",
+    "static accessor #await = 0;",
+    "static accessor #await\n a",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kSuccess, nullptr);
+}
+
 TEST_F(ParsingTest, PrivateStaticClassFieldsErrors) {
   // clang-format off
   // Tests proposed class fields syntax.
@@ -6662,6 +7014,90 @@ TEST_F(ParsingTest, PrivateStaticClassFieldsErrors) {
   RunParserSyncTest(context_data, class_body_data, kError);
 }
 
+TEST_F(ParsingTest, PrivateStaticAutoAccessorsErrors) {
+  FLAG_SCOPE(js_decorators);
+  // clang-format off
+  // Tests proposed class fields syntax.
+  const char* context_data[][2] = {{"(class {", "});"},
+                                   {"(class extends Base {", "});"},
+                                   {"class C {", "}"},
+                                   {"class C extends Base {", "}"},
+                                   {nullptr, nullptr}};
+  const char* class_body_data[] = {
+    // The accessor keyword can only be applied to class fields.
+    "static accessor #a() {}",
+    "static accessor *#a() {}",
+    "static accessor async #a() {}",
+    "static accessor get #a() {}",
+    "static accessor set #a(foo) {}",
+    "static accessor async #a() {}",
+    "static accessor async *#a() {}",
+
+    // Accessors should throw the same errors are regular private fields.
+    // Basic syntax
+    "static accessor #['a'] = 0;",
+    "static accessor #['a'] = 0; b",
+    "static accessor #['a'] = 0; #b",
+    "static accessor #['a'] = 0; b(){}",
+    "static accessor #['a'] = 0; *b(){}",
+    "static accessor #['a'] = 0; ['b'](){}",
+    "static accessor #['a'];",
+    "static accessor #['a']; b;",
+    "static accessor #['a']; #b;",
+    "static accessor #['a']; b(){}",
+    "static accessor #['a']; *b(){}",
+    "static accessor #['a']; ['b'](){}",
+
+    "static accessor #0 = 0;",
+    "static accessor #0;",
+    "static accessor #'a' = 0;",
+    "static accessor #'a';",
+
+    "static accessor # a = 0",
+    "static accessor #get a() { }",
+    "static accessor #set a() { }",
+    "static accessor #*a() { }",
+    "static accessor async #*a() { }",
+
+    "#a; static accessor #a",
+    "static accessor #a; #a",
+
+    // ASI
+    "static accessor #['a'] = 0\n",
+    "static accessor #['a'] = 0\n b",
+    "static accessor #['a'] = 0\n #b",
+    "static accessor #['a'] = 0\n b(){}",
+    "static accessor #['a']\n",
+    "static accessor #['a']\n b\n",
+    "static accessor #['a']\n #b\n",
+    "static accessor #['a']\n b(){}",
+    "static accessor #['a']\n *b(){}",
+    "static accessor #['a']\n ['b'](){}",
+
+    // ASI requires a linebreak
+    "static accessor #a b",
+    "static accessor #a = 0 b",
+
+    // ASI requires that the next token is not part of any legal production
+    "static accessor #a = 0\n *b(){}",
+    "static accessor #a = 0\n ['b'](){}",
+
+    "static accessor #a : 0",
+    "static accessor #a =",
+    "static accessor #*a = 0",
+    "static accessor #*a",
+    "static accessor #get a",
+    "static accessor #yield a",
+    "static accessor #async a = 0",
+    "static accessor #async a",
+    "static accessor # a = 0",
+    nullptr
+  };
+  // clang-format on
+
+  RunParserSyncTest(context_data, class_body_data, kError);
+}
+
 TEST_F(ParsingTest, PrivateNameResolutionErrors) {
   // clang-format off
   const char* context_data[][2] = {
@@ -7731,7 +8167,7 @@ TEST_F(ParsingTest, BasicImportExportParsing) {
     {
       i::UnoptimizedCompileState compile_state;
       i::ReusableUnoptimizedCompileState reusable_state(isolate);
-      i::Handle<i::Script> script = factory->NewScript(source);
+      i::DirectHandle<i::Script> script = factory->NewScript(source);
       i::UnoptimizedCompileFlags flags =
           i::UnoptimizedCompileFlags::ForScriptCompile(isolate, *script);
       i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
@@ -7861,7 +8297,7 @@ TEST_F(ParsingTest, ImportExportParsingErrors) {
     i::DirectHandle<i::String> source =
         factory->NewStringFromAsciiChecked(kErrorSources[i]);
 
-    i::Handle<i::Script> script = factory->NewScript(source);
+    i::DirectHandle<i::Script> script = factory->NewScript(source);
     i::UnoptimizedCompileState compile_state;
     i::ReusableUnoptimizedCompileState reusable_state(isolate);
     i::UnoptimizedCompileFlags flags =
@@ -7898,7 +8334,7 @@ TEST_F(ParsingTest, ModuleTopLevelFunctionDecl) {
     i::DirectHandle<i::String> source =
         factory->NewStringFromAsciiChecked(kErrorSources[i]);
 
-    i::Handle<i::Script> script = factory->NewScript(source);
+    i::DirectHandle<i::Script> script = factory->NewScript(source);
     i::UnoptimizedCompileState compile_state;
     i::ReusableUnoptimizedCompileState reusable_state(isolate);
     i::UnoptimizedCompileFlags flags =
@@ -12308,7 +12744,7 @@ TEST_F(ParsingTest, LexicalLoopVariable) {
     i::ParseInfo info(isolate, flags, &compile_state, &reusable_state);
     CHECK_PARSE_PROGRAM(&info, script, isolate);
 
-    i::DeclarationScope::AllocateScopeInfos(&info, isolate);
+    i::DeclarationScope::AllocateScopeInfos(&info, script, isolate);
     CHECK_NOT_NULL(info.literal());
 
     i::DeclarationScope* script_scope = info.literal()->scope();
diff --git a/deps/v8/test/unittests/parser/preparser-unittest.cc b/deps/v8/test/unittests/parser/preparser-unittest.cc
index 3d569b595a43a4..2a33c6643c49da 100644
--- a/deps/v8/test/unittests/parser/preparser-unittest.cc
+++ b/deps/v8/test/unittests/parser/preparser-unittest.cc
@@ -732,7 +732,7 @@ TEST_F(PreParserTest, PreParserScopeAnalysis) {
 
       CHECK(shared->HasUncompiledDataWithPreparseData());
       i::Handle<i::PreparseData> produced_data_on_heap(
-          shared->uncompiled_data_with_preparse_data()->preparse_data(),
+          shared->uncompiled_data_with_preparse_data(isolate)->preparse_data(),
           isolate);
 
       i::UnoptimizedCompileFlags flags =
@@ -787,7 +787,7 @@ TEST_F(PreParserTest, Regress753896) {
 
   i::DirectHandle<i::String> source = factory->InternalizeUtf8String(
       "function lazy() { let v = 0; if (true) { var v = 0; } }");
-  i::Handle<i::Script> script = factory->NewScript(source);
+  i::DirectHandle<i::Script> script = factory->NewScript(source);
   i::UnoptimizedCompileState state;
   i::ReusableUnoptimizedCompileState reusable_state(isolate);
   i::UnoptimizedCompileFlags flags =
@@ -820,7 +820,7 @@ TEST_F(PreParserTest, TopLevelArrowFunctions) {
     Local<Value> v = TryRunJS(name).ToLocalChecked();
     i::DirectHandle<i::Object> o = v8::Utils::OpenDirectHandle(*v);
     i::DirectHandle<i::JSFunction> f = i::Cast<i::JSFunction>(o);
-    i::Handle<i::SharedFunctionInfo> shared = i::handle(f->shared(), isolate);
+    i::DirectHandle<i::SharedFunctionInfo> shared(f->shared(), isolate);
     return shared->is_compiled();
   };
   EXPECT_FALSE(IsCompiled("a"));
diff --git a/deps/v8/test/unittests/regexp/regexp-fuzzer.cc b/deps/v8/test/unittests/regexp/regexp-fuzzer.cc
index 8778583a1c3d1a..9cf62f614b730e 100644
--- a/deps/v8/test/unittests/regexp/regexp-fuzzer.cc
+++ b/deps/v8/test/unittests/regexp/regexp-fuzzer.cc
@@ -29,7 +29,7 @@ class RegExpTest : public fuzztest::PerFuzzTestFixtureAdapter<TestWithContext> {
 
  protected:
   virtual i::Handle<i::String> CreateString(v8::base::Vector<const T>) = 0;
-  void Test(i::Handle<i::JSRegExp>, i::Handle<i::String>);
+  void Test(i::DirectHandle<i::JSRegExp>, i::Handle<i::String>);
 
   Local<Context> context_;
   Isolate* isolate_;
@@ -99,7 +99,7 @@ static fuzztest::Domain<std::vector<v8::base::uc16>> ArbitraryTwoBytes() {
 }
 
 template <class T>
-void RegExpTest<T>::Test(i::Handle<i::JSRegExp> regexp,
+void RegExpTest<T>::Test(i::DirectHandle<i::JSRegExp> regexp,
                          i::Handle<i::String> subject) {
   v8::TryCatch try_catch(isolate_);
   // Exceptions will be swallowed by the try/catch above.
diff --git a/deps/v8/test/unittests/regexp/regexp-unittest.cc b/deps/v8/test/unittests/regexp/regexp-unittest.cc
index 3dfb8a5b26da36..ce10ff3e7ee284 100644
--- a/deps/v8/test/unittests/regexp/regexp-unittest.cc
+++ b/deps/v8/test/unittests/regexp/regexp-unittest.cc
@@ -654,11 +654,14 @@ static Handle<JSRegExp> CreateJSRegExp(DirectHandle<String> source,
   Factory* factory = isolate->factory();
   Handle<JSFunction> constructor = isolate->regexp_function();
   Handle<JSRegExp> regexp = Cast<JSRegExp>(factory->NewJSObject(constructor));
+  regexp->set_source(*source);
+  regexp->set_flags(Smi::FromInt(0));
 
   factory->SetRegExpIrregexpData(regexp, source, {}, 0,
                                  JSRegExp::kNoBacktrackLimit);
+  Tagged<IrRegExpData> data = Cast<IrRegExpData>(regexp->data(isolate));
   const bool is_latin1 = !is_unicode;
-  regexp->set_code(is_latin1, code);
+  data->set_code(is_latin1, *code);
 
   return regexp;
 }
@@ -737,7 +740,7 @@ TEST_F(RegExpTest, MacroAssemblerNativeSimple) {
 
   int captures[4] = {42, 37, 87, 117};
   Handle<String> input = factory->NewStringFromStaticChars("foofoo");
-  Handle<SeqOneByteString> seq_input = Cast<SeqOneByteString>(input);
+  DirectHandle<SeqOneByteString> seq_input = Cast<SeqOneByteString>(input);
   Address start_adr = seq_input->GetCharsAddress();
 
   NativeRegExpMacroAssembler::Result result = Execute(
@@ -798,7 +801,7 @@ TEST_F(RegExpTest, MacroAssemblerNativeSimpleUC16) {
       factory
           ->NewStringFromTwoByte(base::Vector<const base::uc16>(input_data, 6))
           .ToHandleChecked();
-  Handle<SeqTwoByteString> seq_input = Cast<SeqTwoByteString>(input);
+  DirectHandle<SeqTwoByteString> seq_input = Cast<SeqTwoByteString>(input);
   Address start_adr = seq_input->GetCharsAddress();
 
   NativeRegExpMacroAssembler::Result result = Execute(
@@ -1259,7 +1262,8 @@ TEST_F(RegExpTest, MacroAssembler) {
   HandleScope scope(i_isolate());
 
   Handle<String> source = factory->NewStringFromStaticChars("^f(o)o");
-  DirectHandle<ByteArray> array = Cast<ByteArray>(m.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(m.GetCode(source));
   int captures[5];
   std::memset(captures, 0, sizeof(captures));
 
@@ -1792,13 +1796,14 @@ TEST_F(RegExpTest, PeepholeNoChange) {
   Handle<String> source = factory->NewStringFromStaticChars("^foo");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
   uint8_t* byte_array = array->begin();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   uint8_t* byte_array_optimized = array_optimized->begin();
 
   CHECK_EQ(0, memcmp(byte_array, byte_array_optimized, length));
@@ -1827,12 +1832,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilChar) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_LOAD_CURRENT_CHAR) +
@@ -1880,12 +1886,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilBitInTable) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_LOAD_CURRENT_CHAR) +
@@ -1927,12 +1934,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilCharPosChecked) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_CHECK_CURRENT_POSITION) +
@@ -1975,12 +1983,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilCharAnd) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_CHECK_CURRENT_POSITION) +
@@ -2023,12 +2032,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilCharOrChar) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_LOAD_CURRENT_CHAR) +
@@ -2082,12 +2092,13 @@ TEST_F(RegExpTest, PeepholeSkipUntilGtOrNotBitInTable) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
   int length = array->length();
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
   int length_optimized = array_optimized->length();
 
   int length_expected = RegExpBytecodeLength(BC_LOAD_CURRENT_CHAR) +
@@ -2161,7 +2172,8 @@ TEST_F(RegExpTest, PeepholeLabelFixupsInside) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
 
   for (int label_idx = 0; label_idx < 3; label_idx++) {
     for (int pos_idx = 0; pos_idx < 2; pos_idx++) {
@@ -2171,8 +2183,8 @@ TEST_F(RegExpTest, PeepholeLabelFixupsInside) {
   }
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
 
   const int pos_fixups[] = {
       0,  // Position before optimization should be unchanged.
@@ -2267,7 +2279,8 @@ TEST_F(RegExpTest, PeepholeLabelFixupsComplex) {
   Handle<String> source = factory->NewStringFromStaticChars("dummy");
 
   v8_flags.regexp_peephole_optimization = false;
-  DirectHandle<ByteArray> array = Cast<ByteArray>(orig.GetCode(source));
+  DirectHandle<TrustedByteArray> array =
+      Cast<TrustedByteArray>(orig.GetCode(source));
 
   for (int label_idx = 0; label_idx < 4; label_idx++) {
     for (int pos_idx = 0; pos_idx < 3; pos_idx++) {
@@ -2277,8 +2290,8 @@ TEST_F(RegExpTest, PeepholeLabelFixupsComplex) {
   }
 
   v8_flags.regexp_peephole_optimization = true;
-  DirectHandle<ByteArray> array_optimized =
-      Cast<ByteArray>(opt.GetCode(source));
+  DirectHandle<TrustedByteArray> array_optimized =
+      Cast<TrustedByteArray>(opt.GetCode(source));
 
   const int pos_fixups[] = {
       0,    // Position before optimization should be unchanged.
@@ -2317,15 +2330,19 @@ TEST_F(RegExpTestWithContext, UnicodePropertyEscapeCodeSize) {
 
   static constexpr int kMaxSize = 200 * KB;
   static constexpr bool kIsNotLatin1 = false;
-  Tagged<Object> maybe_code = re->code(i_isolate(), kIsNotLatin1);
-  Tagged<Object> maybe_bytecode = re->bytecode(kIsNotLatin1);
-  if (IsByteArray(maybe_bytecode)) {
+
+  Tagged<RegExpData> data = re->data(i_isolate());
+  SBXCHECK(Is<IrRegExpData>(data));
+  Tagged<IrRegExpData> re_data = Cast<IrRegExpData>(data);
+
+  if (re_data->has_bytecode(kIsNotLatin1)) {
     // On x64, excessive inlining produced >250KB.
-    CHECK_LT(Cast<ByteArray>(maybe_bytecode)->AllocatedSize(), kMaxSize);
-  } else if (IsCode(maybe_code)) {
+    CHECK_LT(re_data->bytecode(kIsNotLatin1)->AllocatedSize(), kMaxSize);
+  } else if (re_data->has_code(kIsNotLatin1)) {
+    Tagged<Code> code = re_data->code(i_isolate(), kIsNotLatin1);
     // On x64, excessive inlining produced >360KB.
-    CHECK_LT(Cast<Code>(maybe_code)->Size(), kMaxSize);
-    CHECK_EQ(Cast<Code>(maybe_code)->kind(), CodeKind::REGEXP);
+    CHECK_LT(code->Size(), kMaxSize);
+    CHECK_EQ(code->kind(), CodeKind::REGEXP);
   } else {
     UNREACHABLE();
   }
diff --git a/deps/v8/test/unittests/regress/regress-crbug-1056054-unittest.cc b/deps/v8/test/unittests/regress/regress-crbug-1056054-unittest.cc
index 244cb0f9a9e8c9..c1a3cc62dca8e5 100644
--- a/deps/v8/test/unittests/regress/regress-crbug-1056054-unittest.cc
+++ b/deps/v8/test/unittests/regress/regress-crbug-1056054-unittest.cc
@@ -16,7 +16,7 @@ TEST_F(EnumIndexOverflowTest, GlobalObject) {
       isolate()->global_object()->global_dictionary(kAcquireLoad), isolate());
   dictionary->set_next_enumeration_index(
       PropertyDetails::DictionaryStorageField::kMax);
-  Handle<Object> value(Smi::FromInt(static_cast<int>(42)), isolate());
+  DirectHandle<Object> value(Smi::FromInt(static_cast<int>(42)), isolate());
   Handle<Name> name = factory()->InternalizeUtf8String("eeeee");
   JSObject::AddProperty(isolate(), isolate()->global_object(), name, value,
                         NONE);
diff --git a/deps/v8/test/unittests/strings/unicode-unittest.cc b/deps/v8/test/unittests/strings/unicode-unittest.cc
index 0741d04fbdac20..3eb0c8825dfb45 100644
--- a/deps/v8/test/unittests/strings/unicode-unittest.cc
+++ b/deps/v8/test/unittests/strings/unicode-unittest.cc
@@ -501,6 +501,7 @@ class UnicodeWithGCTest : public TestWithHeapInternals {};
   TEST_F(UnicodeWithGCTest, GCInsideNewStringFromUtf8SubStringWith##NAME) {   \
     v8_flags.stress_concurrent_allocation =                                   \
         false; /* For SimulateFullSpace. */                                   \
+    ManualGCScope manual_gc_scope(isolate());                                 \
     v8::HandleScope scope(reinterpret_cast<v8::Isolate*>(isolate()));         \
     Factory* factory = isolate()->factory();                                  \
     /* Length must be bigger than the buffer size of the Utf8Decoder. */      \
diff --git a/deps/v8/test/unittests/temporal/temporal-parser-unittest.cc b/deps/v8/test/unittests/temporal/temporal-parser-unittest.cc
index 155d243edd405f..d04022c72d4f3f 100644
--- a/deps/v8/test/unittests/temporal/temporal-parser-unittest.cc
+++ b/deps/v8/test/unittests/temporal/temporal-parser-unittest.cc
@@ -4,6 +4,8 @@
 
 #include "src/temporal/temporal-parser.h"
 
+#include <optional>
+
 #include "src/execution/isolate.h"
 #include "src/heap/factory-inl.h"
 #include "test/unittests/test-utils.h"
@@ -82,7 +84,7 @@ char asciitolower(char in) {
       const char* str, int32_t date_year, int32_t date_month,         \
       int32_t date_day, const char* calendar_name) {                  \
     Handle<String> input = MakeString(str);                           \
-    base::Optional<ParsedISO8601Result> result =                      \
+    std::optional<ParsedISO8601Result> result =                       \
         TemporalParser::ParseTemporal##R##String(i_isolate(), input); \
     CHECK(result.has_value());                                        \
     ParsedISO8601Result actual = *result;                             \
@@ -98,7 +100,7 @@ char asciitolower(char in) {
       int32_t time_second, int32_t time_nanosecond,                          \
       const char* calendar_name) {                                           \
     Handle<String> input = MakeString(str);                                  \
-    base::Optional<ParsedISO8601Result> result =                             \
+    std::optional<ParsedISO8601Result> result =                              \
         TemporalParser::ParseTemporal##R##String(i_isolate(), input);        \
     CHECK(result.has_value());                                               \
     ParsedISO8601Result actual = *result;                                    \
@@ -117,7 +119,7 @@ char asciitolower(char in) {
       int32_t tzuo_second, int32_t tzuo_nanosecond, bool utc_designator,       \
       const char* tzi_name) {                                                  \
     Handle<String> input = MakeString(str);                                    \
-    base::Optional<ParsedISO8601Result> result =                               \
+    std::optional<ParsedISO8601Result> result =                                \
         TemporalParser::ParseTemporal##R##String(i_isolate(), input);          \
     CHECK(result.has_value());                                                 \
     ParsedISO8601Result actual = *result;                                      \
@@ -147,7 +149,7 @@ class TemporalParserTest : public TestWithIsolate {
       int32_t tzuo_hour, int32_t tzuo_minute, int32_t tzuo_second,
       int32_t tzuo_nanosecond) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Result> result =
+    std::optional<ParsedISO8601Result> result =
         TemporalParser::ParseTemporalInstantString(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Result actual = *result;
@@ -160,7 +162,7 @@ class TemporalParserTest : public TestWithIsolate {
 
   void VerifyParseCalendarNameSuccess(const char* str) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Result> result =
+    std::optional<ParsedISO8601Result> result =
         TemporalParser::ParseCalendarName(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Result actual = *result;
@@ -173,7 +175,7 @@ class TemporalParserTest : public TestWithIsolate {
 
   void VerifyParseTimeZoneIdentifierSuccess(const char* str) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Result> result =
+    std::optional<ParsedISO8601Result> result =
         TemporalParser::ParseTimeZoneIdentifier(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Result actual = *result;
@@ -210,7 +212,7 @@ class TemporalParserTest : public TestWithIsolate {
                                   int64_t whole_seconds,
                                   int64_t seconds_fraction) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Duration> result =
+    std::optional<ParsedISO8601Duration> result =
         TemporalParser::ParseTemporalDurationString(i_isolate(), input);
     CHECK(result.has_value());
     CheckDuration(*result, sign, years, months, weeks, days, whole_hours,
@@ -229,7 +231,7 @@ class TemporalParserTest : public TestWithIsolate {
 
   void VerifyParseDurationWithPositiveSign(const char* str) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Duration> result =
+    std::optional<ParsedISO8601Duration> result =
         TemporalParser::ParseTemporalDurationString(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Duration expected = *result;
@@ -242,7 +244,7 @@ class TemporalParserTest : public TestWithIsolate {
     std::string with_sign("-");
     with_sign += str;
     Handle<String> input = MakeString(with_sign.c_str());
-    base::Optional<ParsedISO8601Duration> result =
+    std::optional<ParsedISO8601Duration> result =
         TemporalParser::ParseTemporalDurationString(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Duration expected = *result;
@@ -253,7 +255,7 @@ class TemporalParserTest : public TestWithIsolate {
 
   void VerifyParseDurationWithLowerCase(const char* str) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Duration> result =
+    std::optional<ParsedISO8601Duration> result =
         TemporalParser::ParseTemporalDurationString(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Duration expected = *result;
@@ -266,7 +268,7 @@ class TemporalParserTest : public TestWithIsolate {
     std::string period(str);
     std::transform(period.begin(), period.end(), period.begin(), commatoperiod);
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Duration> result =
+    std::optional<ParsedISO8601Duration> result =
         TemporalParser::ParseTemporalDurationString(i_isolate(), input);
     CHECK(result.has_value());
     ParsedISO8601Duration expected = *result;
@@ -277,7 +279,7 @@ class TemporalParserTest : public TestWithIsolate {
       const char* str, int32_t tzuo_sign, int32_t tzuo_hour,
       int32_t tzuo_minute, int32_t tzuo_second, int32_t tzuo_nanosecond) {
     Handle<String> input = MakeString(str);
-    base::Optional<ParsedISO8601Result> result =
+    std::optional<ParsedISO8601Result> result =
         TemporalParser::ParseTimeZoneNumericUTCOffset(i_isolate(), input);
     CHECK(result.has_value());
     CheckTimeZoneNumericUTCOffset(*result, tzuo_sign, tzuo_hour, tzuo_minute,
diff --git a/deps/v8/test/unittests/test-helpers.cc b/deps/v8/test/unittests/test-helpers.cc
index 24ccdfd6805e5a..4db51c2620d5e2 100644
--- a/deps/v8/test/unittests/test-helpers.cc
+++ b/deps/v8/test/unittests/test-helpers.cc
@@ -35,7 +35,7 @@ Handle<SharedFunctionInfo> CreateSharedFunctionInfo(
                                     .ToHandleChecked();
   DirectHandle<Script> script = isolate->factory()->NewScript(source);
   DirectHandle<WeakFixedArray> infos = isolate->factory()->NewWeakFixedArray(3);
-  script->set_shared_function_infos(*infos);
+  script->set_infos(*infos);
   Handle<SharedFunctionInfo> shared =
       isolate->factory()->NewSharedFunctionInfoForBuiltin(
           isolate->factory()->NewStringFromAsciiChecked("f"),
@@ -50,7 +50,8 @@ Handle<SharedFunctionInfo> CreateSharedFunctionInfo(
   // Make sure we have an outer scope info, even though it's empty
   shared->set_raw_outer_scope_info_or_feedback_metadata(
       ScopeInfo::Empty(isolate));
-  shared->SetScript(ReadOnlyRoots(isolate), *script, function_literal_id);
+  shared->SetScript(isolate, ReadOnlyRoots(isolate), *script,
+                    function_literal_id);
   return scope.CloseAndEscape(shared);
 }
 
diff --git a/deps/v8/test/unittests/torque/earley-parser-unittest.cc b/deps/v8/test/unittests/torque/earley-parser-unittest.cc
index f44a49b0473d00..ff75fe12091131 100644
--- a/deps/v8/test/unittests/torque/earley-parser-unittest.cc
+++ b/deps/v8/test/unittests/torque/earley-parser-unittest.cc
@@ -3,6 +3,9 @@
 // found in the LICENSE file.
 
 #include "src/torque/earley-parser.h"
+
+#include <optional>
+
 #include "test/unittests/test-utils.h"
 
 namespace v8 {
@@ -12,7 +15,7 @@ namespace torque {
 namespace {
 
 template <int op(int, int)>
-base::Optional<ParseResult> MakeBinop(ParseResultIterator* child_results) {
+std::optional<ParseResult> MakeBinop(ParseResultIterator* child_results) {
   // Ideally, we would want to use int as a result type here instead of
   // std::string. This is possible, but requires adding int to the list of
   // supported ParseResult types in torque-parser.cc. To avoid changing that
diff --git a/deps/v8/test/unittests/torque/torque-unittest.cc b/deps/v8/test/unittests/torque/torque-unittest.cc
index bb3aabdbec4c3a..384dd1a8cd44fb 100644
--- a/deps/v8/test/unittests/torque/torque-unittest.cc
+++ b/deps/v8/test/unittests/torque/torque-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/torque/torque-compiler.h"
 #include "src/torque/utils.h"
 #include "test/unittests/test-utils.h"
@@ -86,8 +88,8 @@ type ExternalPointer
     generates 'TNode<ExternalPointerT>' constexpr 'ExternalPointer_t';
 type CppHeapPointer
     generates 'TNode<CppHeapPointerT>' constexpr 'CppHeapPointer_t';
-type IndirectPointer
-    generates 'TNode<IndirectPointerHandle>' constexpr 'IndirectPointerHandle';
+type TrustedPointer
+    generates 'TNode<TrustedPointerT>' constexpr 'TrustedPointer_t';
 type ProtectedPointer extends Tagged;
 type InstructionStream extends HeapObject generates 'TNode<InstructionStream>';
 type BuiltinPtr extends Smi generates 'TNode<BuiltinPtr>';
@@ -202,7 +204,7 @@ void ExpectFailingCompilation(std::string source,
   for (size_t i = 0; i < limit; ++i) {
     EXPECT_THAT(result.messages[i].message, message_patterns[i].first);
     if (message_patterns[i].second != LineAndColumn::Invalid()) {
-      base::Optional<SourcePosition> actual = result.messages[i].position;
+      std::optional<SourcePosition> actual = result.messages[i].position;
       EXPECT_TRUE(actual.has_value());
       EXPECT_EQ(actual->start, message_patterns[i].second);
     }
diff --git a/deps/v8/test/unittests/torque/torque-utils-unittest.cc b/deps/v8/test/unittests/torque/torque-utils-unittest.cc
index 48c2a90d8fe54d..97c74f3f451fd0 100644
--- a/deps/v8/test/unittests/torque/torque-utils-unittest.cc
+++ b/deps/v8/test/unittests/torque/torque-utils-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "src/torque/utils.h"
 #include "test/unittests/test-utils.h"
 
@@ -10,10 +12,10 @@ namespace internal {
 namespace torque {
 
 TEST(TorqueUtils, FileUriDecodeIllegal) {
-  EXPECT_EQ(FileUriDecode("http://wrong.scheme"), base::nullopt);
-  EXPECT_EQ(FileUriDecode("file://wrong-escape%"), base::nullopt);
-  EXPECT_EQ(FileUriDecode("file://another-wrong-escape%a"), base::nullopt);
-  EXPECT_EQ(FileUriDecode("file://no-hex-escape%0g"), base::nullopt);
+  EXPECT_EQ(FileUriDecode("http://wrong.scheme"), std::nullopt);
+  EXPECT_EQ(FileUriDecode("file://wrong-escape%"), std::nullopt);
+  EXPECT_EQ(FileUriDecode("file://another-wrong-escape%a"), std::nullopt);
+  EXPECT_EQ(FileUriDecode("file://no-hex-escape%0g"), std::nullopt);
 }
 
 TEST(TorqueUtils, FileUriDecode) {
diff --git a/deps/v8/test/unittests/unittests.status b/deps/v8/test/unittests/unittests.status
index 195660be54b81e..da86636996d320 100644
--- a/deps/v8/test/unittests/unittests.status
+++ b/deps/v8/test/unittests/unittests.status
@@ -395,4 +395,10 @@
   'LogAllTest.LogAll': [SKIP],
 }],  # 'clang_coverage and mode == debug'
 
+['conservative_stack_scanning', {
+  # Test relies on carefully controlled handle lifetime.
+  # TODO(leszeks): Fix this test.
+  'BackgroundMergeTest.GCDuringMerge': [PASS,FAIL],
+}],
+
 ]
diff --git a/deps/v8/test/unittests/wasm/memory-protection-unittest.cc b/deps/v8/test/unittests/wasm/memory-protection-unittest.cc
index 8e1723428cbffb..6cb507a8623bff 100644
--- a/deps/v8/test/unittests/wasm/memory-protection-unittest.cc
+++ b/deps/v8/test/unittests/wasm/memory-protection-unittest.cc
@@ -2,6 +2,8 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
+
 #include "include/v8config.h"
 
 // TODO(clemensb): Extend this to other OSes.
@@ -279,7 +281,7 @@ TEST_P(ParameterizedMemoryProtectionTestWithSignalHandling, TestSignalHandler) {
 #if GTEST_HAS_DEATH_TEST
     ASSERT_DEATH(
         {
-          base::Optional<CodeSpaceWriteScope> write_scope;
+          std::optional<CodeSpaceWriteScope> write_scope;
           if (open_write_scope) write_scope.emplace();
           pthread_kill(pthread_self(), SIGPROF);
           base::OS::Sleep(base::TimeDelta::FromMilliseconds(10));
@@ -299,7 +301,7 @@ TEST_P(ParameterizedMemoryProtectionTestWithSignalHandling, TestSignalHandler) {
                                  "UndefinedBehaviorSanitizer:DEADLYSIGNAL")));
 #endif  // GTEST_HAS_DEATH_TEST
   } else {
-    base::Optional<CodeSpaceWriteScope> write_scope;
+    std::optional<CodeSpaceWriteScope> write_scope;
     if (open_write_scope) write_scope.emplace();
     // The signal handler does not write or code is not protected, hence this
     // should succeed.
diff --git a/deps/v8/test/unittests/wasm/simd-shuffle-unittest.cc b/deps/v8/test/unittests/wasm/simd-shuffle-unittest.cc
index 54e55e24409c8d..41d0d06c66ebfe 100644
--- a/deps/v8/test/unittests/wasm/simd-shuffle-unittest.cc
+++ b/deps/v8/test/unittests/wasm/simd-shuffle-unittest.cc
@@ -43,6 +43,10 @@ class SimdShuffleTest : public ::testing::Test {
   static bool TryMatchSplat(const Shuffle<kSimd128Size>& shuffle, int* index) {
     return SimdShuffle::TryMatchSplat<LANES>(&shuffle[0], index);
   }
+  static bool TryMatch64x2Shuffle(const Shuffle<kSimd128Size>& shuffle,
+                                  uint8_t* shuffle64x2) {
+    return SimdShuffle::TryMatch64x2Shuffle(&shuffle[0], shuffle64x2);
+  }
   static bool TryMatch32x4Shuffle(const Shuffle<kSimd128Size>& shuffle,
                                   uint8_t* shuffle32x4) {
     return SimdShuffle::TryMatch32x4Shuffle(&shuffle[0], shuffle32x4);
@@ -374,6 +378,77 @@ TEST_F(SimdShuffleTest, TryMatchBlend) {
       {{1, 17, 2, 19, 4, 21, 6, 23, 8, 25, 10, 27, 12, 29, 14, 31}}));
 }
 
+TEST_F(SimdShuffleTest, PairwiseReduce) {
+  uint8_t shuffle64x2[2];
+  EXPECT_TRUE(TryMatch64x2Shuffle(
+      {{8, 9, 10, 11, 12, 13, 14, 15, 0, 1, 2, 3, 4, 5, 6, 7}}, shuffle64x2));
+  EXPECT_TRUE(SimdShuffle::TryMatch64x2Reduce(shuffle64x2));
+
+  constexpr uint8_t pairwise_32x4[] = {4,  5,  6,  7,  0, 1, 2, 3,
+                                       12, 13, 14, 15, 0, 1, 2, 3};
+  constexpr uint8_t pairwise_32x2[] = {8, 9, 10, 11, 0, 1, 2, 3,
+                                       0, 1, 2,  3,  0, 1, 2, 3};
+  EXPECT_TRUE(
+      SimdShuffle::TryMatch32x4PairwiseReduce(pairwise_32x4, pairwise_32x2));
+}
+
+TEST_F(SimdShuffleTest, UpperToLowerReduce) {
+  constexpr uint8_t upper_to_lower_32x4[] = {8, 9, 10, 11, 12, 13, 14, 15,
+                                             0, 1, 2,  3,  0,  1,  2,  3};
+  constexpr uint8_t upper_to_lower_32x2[] = {4, 5, 6, 7, 0, 1, 2, 3,
+                                             0, 1, 2, 3, 0, 1, 2, 3};
+  EXPECT_TRUE(SimdShuffle::TryMatch32x4UpperToLowerReduce(upper_to_lower_32x4,
+                                                          upper_to_lower_32x2));
+
+  constexpr uint8_t upper_to_lower_16x8[] = {8, 9, 10, 11, 12, 13, 14, 15, 0,
+                                             1, 0, 1,  0,  1,  0,  1,  0};
+  constexpr uint8_t upper_to_lower_16x4[] = {4, 5, 6, 7, 0, 1, 0, 1,
+                                             0, 1, 0, 1, 0, 1, 0, 1};
+  constexpr uint8_t upper_to_lower_16x2[] = {2, 3, 0, 1, 0, 1, 0, 1,
+                                             0, 1, 0, 1, 0, 1, 0, 1};
+  EXPECT_TRUE(SimdShuffle::TryMatch16x8UpperToLowerReduce(
+      upper_to_lower_16x8, upper_to_lower_16x4, upper_to_lower_16x2));
+
+  constexpr uint8_t upper_to_lower_8x16[] = {8, 9, 10, 11, 12, 13, 14, 15, 0,
+                                             1, 0, 1,  0,  1,  0,  1,  0};
+  constexpr uint8_t upper_to_lower_8x8[] = {4, 5, 6, 7, 0, 1, 0, 1,
+                                            0, 1, 0, 1, 0, 1, 0, 1};
+  constexpr uint8_t upper_to_lower_8x4[] = {2, 3, 0, 1, 0, 1, 0, 1,
+                                            0, 1, 0, 1, 0, 1, 0, 1};
+  constexpr uint8_t upper_to_lower_8x2[] = {1, 0, 0, 1, 0, 1, 0, 1,
+                                            0, 1, 0, 1, 0, 1, 0, 1};
+  EXPECT_TRUE(SimdShuffle::TryMatch8x16UpperToLowerReduce(
+      upper_to_lower_8x16, upper_to_lower_8x8, upper_to_lower_8x4,
+      upper_to_lower_8x2));
+}
+
+TEST_F(SimdShuffleTest, Shuffle64x2) {
+  constexpr uint8_t identity_64x2[] = {0, 1, 2,  3,  4,  5,  6,  7,
+                                       8, 9, 10, 11, 12, 13, 14, 15};
+  uint8_t shuffle64x2[2];
+  EXPECT_TRUE(SimdShuffle::TryMatch64x2Shuffle(identity_64x2, shuffle64x2));
+  EXPECT_EQ(shuffle64x2[0], 0);
+  EXPECT_EQ(shuffle64x2[1], 1);
+
+  constexpr uint8_t rev_64x2[] = {8, 9, 10, 11, 12, 13, 14, 15,
+                                  0, 1, 2,  3,  4,  5,  6,  7};
+  EXPECT_TRUE(SimdShuffle::TryMatch64x2Shuffle(rev_64x2, shuffle64x2));
+  EXPECT_EQ(shuffle64x2[0], 1);
+  EXPECT_EQ(shuffle64x2[1], 0);
+
+  constexpr uint8_t dup0_64x2[] = {0, 1, 2, 3, 4, 5, 6, 7,
+                                   0, 1, 2, 3, 4, 5, 6, 7};
+  EXPECT_TRUE(SimdShuffle::TryMatch64x2Shuffle(dup0_64x2, shuffle64x2));
+  EXPECT_EQ(shuffle64x2[0], 0);
+  EXPECT_EQ(shuffle64x2[1], 0);
+
+  constexpr uint8_t dup1_64x2[] = {8, 9, 10, 11, 12, 13, 14, 15,
+                                   8, 9, 10, 11, 12, 13, 14, 15};
+  EXPECT_TRUE(SimdShuffle::TryMatch64x2Shuffle(dup1_64x2, shuffle64x2));
+  EXPECT_EQ(shuffle64x2[0], 1);
+  EXPECT_EQ(shuffle64x2[1], 1);
+}
+
 TEST(SimdShufflePackTest, PackShuffle4) {
   uint8_t arr[4]{0b0001, 0b0010, 0b0100, 0b1000};
   EXPECT_EQ(0b00001001, SimdShuffle::PackShuffle4(arr));
diff --git a/deps/v8/third_party/abseil-cpp/BUILD.gn b/deps/v8/third_party/abseil-cpp/BUILD.gn
index f80da50d2cf86f..70459636a72587 100644
--- a/deps/v8/third_party/abseil-cpp/BUILD.gn
+++ b/deps/v8/third_party/abseil-cpp/BUILD.gn
@@ -82,7 +82,13 @@ group("absl_component_deps") {
     "//third_party/abseil-cpp/absl/hash",
     "//third_party/abseil-cpp/absl/log:absl_check",
     "//third_party/abseil-cpp/absl/log:absl_log",
+    "//third_party/abseil-cpp/absl/log:absl_vlog_is_on",
     "//third_party/abseil-cpp/absl/log:die_if_null",
+    "//third_party/abseil-cpp/absl/log:globals",
+    "//third_party/abseil-cpp/absl/log:initialize",
+    "//third_party/abseil-cpp/absl/log:log_entry",
+    "//third_party/abseil-cpp/absl/log:log_sink",
+    "//third_party/abseil-cpp/absl/log:log_sink_registry",
     "//third_party/abseil-cpp/absl/memory",
     "//third_party/abseil-cpp/absl/meta:type_traits",
     "//third_party/abseil-cpp/absl/numeric:bits",
@@ -137,6 +143,9 @@ source_set("absl_full") {
 
   if (build_with_chromium) {
     visibility = [
+      # Used by some test executables, but not by anything that is a
+      # part of Chrome.
+      "//components/optimization_guide/internal/*",
       "//third_party/fuzztest:*",
 
       # GoogleTest doesn't actually need absl_full, but this makes gn check
@@ -271,6 +280,8 @@ if (absl_build_tests) {
         "absl/base:nullability_test",
         "absl/base:poison_test",
         "absl/base:prefetch_test",
+        "absl/base:tracing_internal_strong_test",
+        "absl/base:tracing_internal_weak_test",
         "absl/cleanup:cleanup_test",
 
         # TODO(mbonadei): Fix issue with EXPECT_DEATH and uncomment.
@@ -358,7 +369,11 @@ if (absl_build_tests) {
         "absl/strings:str_format_test",
         "absl/strings:str_replace_test",
         "absl/strings:string_view_test",
+        "absl/synchronization:barrier_test",
+        "absl/synchronization:graphcycles_test",
         "absl/synchronization:kernel_timeout_internal_test",
+        "absl/synchronization:mutex_test",
+        "absl/synchronization:per_thread_sem_test",
         "absl/synchronization:waiter_test",
         "absl/time:time_test",
         "absl/types:optional_test",
diff --git a/deps/v8/third_party/abseil-cpp/CMake/AbseilDll.cmake b/deps/v8/third_party/abseil-cpp/CMake/AbseilDll.cmake
index d7fd29f58b76b1..7821194006cede 100644
--- a/deps/v8/third_party/abseil-cpp/CMake/AbseilDll.cmake
+++ b/deps/v8/third_party/abseil-cpp/CMake/AbseilDll.cmake
@@ -48,6 +48,8 @@ set(ABSL_INTERNAL_DLL_FILES
   "base/internal/thread_identity.h"
   "base/internal/throw_delegate.cc"
   "base/internal/throw_delegate.h"
+  "base/internal/tracing.cc"
+  "base/internal/tracing.h"
   "base/internal/tsan_mutex_interface.h"
   "base/internal/unaligned_access.h"
   "base/internal/unscaledcycleclock.cc"
@@ -320,7 +322,6 @@ set(ABSL_INTERNAL_DLL_FILES
   "strings/internal/string_constant.h"
   "strings/internal/stringify_sink.h"
   "strings/internal/stringify_sink.cc"
-  "strings/internal/has_absl_stringify.h"
   "strings/has_absl_stringify.h"
   "strings/has_ostream_operator.h"
   "strings/match.cc"
@@ -486,6 +487,7 @@ endif()
 set(ABSL_INTERNAL_DLL_TARGETS
   "absl_check"
   "absl_log"
+  "absl_vlog_is_on"
   "algorithm"
   "algorithm_container"
   "any"
@@ -643,6 +645,7 @@ set(ABSL_INTERNAL_DLL_TARGETS
   "utility"
   "variant"
   "vlog_config_internal"
+  "vlog_is_on"
 )
 
 if(NOT MSVC)
diff --git a/deps/v8/third_party/abseil-cpp/CMake/AbseilHelpers.cmake b/deps/v8/third_party/abseil-cpp/CMake/AbseilHelpers.cmake
index 70a37f115e963d..d8fb9fe5de3607 100644
--- a/deps/v8/third_party/abseil-cpp/CMake/AbseilHelpers.cmake
+++ b/deps/v8/third_party/abseil-cpp/CMake/AbseilHelpers.cmake
@@ -186,16 +186,16 @@ function(absl_cc_library)
         endif()
       endif()
     endforeach()
-    set(skip_next_cflag OFF)
     foreach(cflag ${ABSL_CC_LIB_COPTS})
-      if(skip_next_cflag)
-        set(skip_next_cflag OFF)
-      elseif(${cflag} MATCHES "^-Xarch_")
+      # Strip out the CMake-specific `SHELL:` prefix, which is used to construct
+      # a group of space-separated options.
+      # https://cmake.org/cmake/help/v3.30/command/target_compile_options.html#option-de-duplication
+      string(REGEX REPLACE "^SHELL:" "" cflag "${cflag}")
+      if(${cflag} MATCHES "^-Xarch_")
         # An -Xarch_ flag implies that its successor only applies to the
-        # specified platform. Filter both of them out before the successor
-        # reaches the "^-m" filter.
-        set(skip_next_cflag ON)
-      elseif(${cflag} MATCHES "^(-Wno|/wd)")
+        # specified platform. Such option groups are each specified in a single
+        # `SHELL:`-prefixed string in the COPTS list, which we simply ignore.
+      elseif(${cflag} MATCHES "^(-Wno-|/wd)")
         # These flags are needed to suppress warnings that might fire in our headers.
         set(PC_CFLAGS "${PC_CFLAGS} ${cflag}")
       elseif(${cflag} MATCHES "^(-W|/w[1234eo])")
@@ -258,6 +258,13 @@ Cflags: -I\${includedir}${PC_CFLAGS}\n")
     elseif(_build_type STREQUAL "static" OR _build_type STREQUAL "shared")
       add_library(${_NAME} "")
       target_sources(${_NAME} PRIVATE ${ABSL_CC_LIB_SRCS} ${ABSL_CC_LIB_HDRS})
+      if(APPLE)
+        set_target_properties(${_NAME} PROPERTIES
+          INSTALL_RPATH "@loader_path")
+      elseif(UNIX)
+        set_target_properties(${_NAME} PROPERTIES
+          INSTALL_RPATH "$ORIGIN")
+      endif()
       target_link_libraries(${_NAME}
       PUBLIC ${ABSL_CC_LIB_DEPS}
       PRIVATE
diff --git a/deps/v8/third_party/abseil-cpp/CMake/install_test_project/test.sh b/deps/v8/third_party/abseil-cpp/CMake/install_test_project/test.sh
index cc028bac861647..962bc8d2d8325a 100755
--- a/deps/v8/third_party/abseil-cpp/CMake/install_test_project/test.sh
+++ b/deps/v8/third_party/abseil-cpp/CMake/install_test_project/test.sh
@@ -22,7 +22,8 @@ set -euox pipefail
 absl_dir=/abseil-cpp
 absl_build_dir=/buildfs
 googletest_builddir=/googletest_builddir
-project_dir="${absl_dir}"/CMake/install_test_project
+googletest_archive="googletest-${ABSL_GOOGLETEST_VERSION}.tar.gz"
+project_dir="${absl_dir}/CMake/install_test_project"
 project_build_dir=/buildfs/project-build
 
 build_shared_libs="OFF"
@@ -33,9 +34,9 @@ fi
 # Build and install GoogleTest
 mkdir "${googletest_builddir}"
 pushd "${googletest_builddir}"
-curl -L "${ABSL_GOOGLETEST_DOWNLOAD_URL}" --output "${ABSL_GOOGLETEST_COMMIT}".zip
-unzip "${ABSL_GOOGLETEST_COMMIT}".zip
-pushd "googletest-${ABSL_GOOGLETEST_COMMIT}"
+curl -L "${ABSL_GOOGLETEST_DOWNLOAD_URL}" --output "${googletest_archive}"
+tar -xz -f "${googletest_archive}"
+pushd "googletest-${ABSL_GOOGLETEST_VERSION}"
 mkdir build
 pushd build
 cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS="${build_shared_libs}" ..
diff --git a/deps/v8/third_party/abseil-cpp/MODULE.bazel b/deps/v8/third_party/abseil-cpp/MODULE.bazel
index fc1534a76c1337..d9eb0f17fba525 100644
--- a/deps/v8/third_party/abseil-cpp/MODULE.bazel
+++ b/deps/v8/third_party/abseil-cpp/MODULE.bazel
@@ -35,8 +35,8 @@ bazel_dep(name = "google_benchmark",
           dev_dependency = True)
 
 bazel_dep(name = "googletest",
-          version = "1.14.0.bcr.1",
+          version = "1.15.2",
           repo_name = "com_google_googletest")
 
 bazel_dep(name = "platforms",
-          version = "0.0.8")
+          version = "0.0.10")
diff --git a/deps/v8/third_party/abseil-cpp/README.chromium b/deps/v8/third_party/abseil-cpp/README.chromium
index 9d38ca7de75a86..6fa94a43d0290c 100644
--- a/deps/v8/third_party/abseil-cpp/README.chromium
+++ b/deps/v8/third_party/abseil-cpp/README.chromium
@@ -4,7 +4,7 @@ URL: https://github.com/abseil/abseil-cpp
 License: Apache 2.0
 License File: LICENSE
 Version: N/A
-Revision: eb852207758a773965301d0ae717e4235fc5301a
+Revision: 69c46839620967c6ffb99b656174d1c544e60a50
 Security Critical: yes
 Shipped: yes
 
diff --git a/deps/v8/third_party/abseil-cpp/WORKSPACE b/deps/v8/third_party/abseil-cpp/WORKSPACE
index 0d8860914d03d3..dee6d05e285d38 100644
--- a/deps/v8/third_party/abseil-cpp/WORKSPACE
+++ b/deps/v8/third_party/abseil-cpp/WORKSPACE
@@ -20,20 +20,21 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 
 # GoogleTest/GoogleMock framework. Used by most unit-tests.
 http_archive(
-  name = "com_google_googletest",
-  sha256 = "8ad598c73ad796e0d8280b082cebd82a630d73e73cd3c70057938a6501bba5d7",
-  strip_prefix = "googletest-1.14.0",
-  # Keep this URL in sync with ABSL_GOOGLETEST_COMMIT in ci/cmake_common.sh and
-  # ci/windows_msvc_cmake.bat.
-  urls = ["https://github.com/google/googletest/archive/refs/tags/v1.14.0.tar.gz"],
+    name = "com_google_googletest",
+    sha256 = "7b42b4d6ed48810c5362c265a17faebe90dc2373c885e5216439d37927f02926",
+    strip_prefix = "googletest-1.15.2",
+    # Keep this URL in sync with the version in ci/cmake_common.sh and
+    # ci/windows_msvc_cmake.bat.
+    urls = ["https://github.com/google/googletest/releases/download/v1.15.2/googletest-1.15.2.tar.gz"],
 )
 
 # RE2 (the regular expression library used by GoogleTest)
 http_archive(
     name = "com_googlesource_code_re2",
-    sha256 = "828341ad08524618a626167bd320b0c2acc97bd1c28eff693a9ea33a7ed2a85f",
-    strip_prefix = "re2-2023-11-01",
-    urls = ["https://github.com/google/re2/releases/download/2023-11-01/re2-2023-11-01.zip"],
+    sha256 = "eb2df807c781601c14a260a507a5bb4509be1ee626024cb45acbd57cb9d4032b",
+    strip_prefix = "re2-2024-07-02",
+    urls = ["https://github.com/google/re2/releases/download/2024-07-02/re2-2024-07-02.tar.gz"],
+    repo_mapping = {"@abseil-cpp": "@com_google_absl"},
 )
 
 # Google benchmark.
@@ -46,14 +47,17 @@ http_archive(
 
 # Bazel Skylib.
 http_archive(
-  name = "bazel_skylib",
-  sha256 = "cd55a062e763b9349921f0f5db8c3933288dc8ba4f76dd9416aac68acee3cb94",
-  urls = ["https://github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz"],
+    name = "bazel_skylib",
+    sha256 = "cd55a062e763b9349921f0f5db8c3933288dc8ba4f76dd9416aac68acee3cb94",
+    urls = ["https://github.com/bazelbuild/bazel-skylib/releases/download/1.5.0/bazel-skylib-1.5.0.tar.gz"],
 )
 
 # Bazel platform rules.
 http_archive(
     name = "platforms",
-    sha256 = "8150406605389ececb6da07cbcb509d5637a3ab9a24bc69b1101531367d89d74",
-    urls = ["https://github.com/bazelbuild/platforms/releases/download/0.0.8/platforms-0.0.8.tar.gz"],
+    urls = [
+        "https://mirror.bazel.build/github.com/bazelbuild/platforms/releases/download/0.0.10/platforms-0.0.10.tar.gz",
+        "https://github.com/bazelbuild/platforms/releases/download/0.0.10/platforms-0.0.10.tar.gz",
+    ],
+    sha256 = "218efe8ee736d26a3572663b374a253c012b716d8af0c07e842e82f238a0a7ee",
 )
diff --git a/deps/v8/third_party/abseil-cpp/absl.gni b/deps/v8/third_party/abseil-cpp/absl.gni
index 3a5a65c2839339..9d04bf42f1cb5f 100644
--- a/deps/v8/third_party/abseil-cpp/absl.gni
+++ b/deps/v8/third_party/abseil-cpp/absl.gni
@@ -85,6 +85,8 @@ template("absl_source_set") {
             "//libassistant/*",
 
             # Not built into Chrome.
+            # TODO(crbug.com/357147248): Remove after these targets depend
+            # on absl_full instead.
             "//components/optimization_guide/internal/*",
           ]
         } else {
diff --git a/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm.h b/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm.h
index 59aeed7d264d92..48f59504d2d563 100644
--- a/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm.h
+++ b/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm.h
@@ -53,8 +53,8 @@ using std::rotate;
 // n = (`last` - `first`) comparisons. A linear search over short containers
 // may be faster than a binary search, even when the container is sorted.
 template <typename InputIterator, typename EqualityComparable>
-bool linear_search(InputIterator first, InputIterator last,
-                   const EqualityComparable& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool linear_search(
+    InputIterator first, InputIterator last, const EqualityComparable& value) {
   return std::find(first, last, value) != last;
 }
 
diff --git a/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm_test.cc b/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm_test.cc
index e6ee46952dfdb8..1c1a3079f8a783 100644
--- a/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/algorithm/algorithm_test.cc
@@ -14,11 +14,9 @@
 
 #include "absl/algorithm/algorithm.h"
 
-#include <algorithm>
-#include <list>
+#include <array>
 #include <vector>
 
-#include "gmock/gmock.h"
 #include "gtest/gtest.h"
 #include "absl/base/config.h"
 
@@ -47,4 +45,16 @@ TEST_F(LinearSearchTest, linear_searchConst) {
       absl::linear_search(const_container->begin(), const_container->end(), 4));
 }
 
+#if defined(ABSL_INTERNAL_CPLUSPLUS_LANG) && \
+    ABSL_INTERNAL_CPLUSPLUS_LANG >= 202002L
+
+TEST_F(LinearSearchTest, Constexpr) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::linear_search(kArray.begin(), kArray.end(), 3));
+  static_assert(!absl::linear_search(kArray.begin(), kArray.end(), 4));
+}
+
+#endif  // defined(ABSL_INTERNAL_CPLUSPLUS_LANG) &&
+        //  ABSL_INTERNAL_CPLUSPLUS_LANG >= 202002L
+
 }  // namespace
diff --git a/deps/v8/third_party/abseil-cpp/absl/algorithm/container.h b/deps/v8/third_party/abseil-cpp/absl/algorithm/container.h
index 6bbe3b5adf40b8..2c0426dada2ad3 100644
--- a/deps/v8/third_party/abseil-cpp/absl/algorithm/container.h
+++ b/deps/v8/third_party/abseil-cpp/absl/algorithm/container.h
@@ -132,7 +132,8 @@ struct IsUnorderedContainer<std::unordered_set<Key, Hash, KeyEqual, Allocator>>
 // Container-based version of absl::linear_search() for performing a linear
 // search within a container.
 template <typename C, typename EqualityComparable>
-bool c_linear_search(const C& c, EqualityComparable&& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_linear_search(
+    const C& c, EqualityComparable&& value) {
   return linear_search(container_algorithm_internal::c_begin(c),
                        container_algorithm_internal::c_end(c),
                        std::forward<EqualityComparable>(value));
@@ -163,7 +164,7 @@ ABSL_INTERNAL_CONSTEXPR_SINCE_CXX17
 // Container-based version of the <algorithm> `std::all_of()` function to
 // test if all elements within a container satisfy a condition.
 template <typename C, typename Pred>
-bool c_all_of(const C& c, Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_all_of(const C& c, Pred&& pred) {
   return std::all_of(container_algorithm_internal::c_begin(c),
                      container_algorithm_internal::c_end(c),
                      std::forward<Pred>(pred));
@@ -174,7 +175,7 @@ bool c_all_of(const C& c, Pred&& pred) {
 // Container-based version of the <algorithm> `std::any_of()` function to
 // test if any element in a container fulfills a condition.
 template <typename C, typename Pred>
-bool c_any_of(const C& c, Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_any_of(const C& c, Pred&& pred) {
   return std::any_of(container_algorithm_internal::c_begin(c),
                      container_algorithm_internal::c_end(c),
                      std::forward<Pred>(pred));
@@ -185,7 +186,7 @@ bool c_any_of(const C& c, Pred&& pred) {
 // Container-based version of the <algorithm> `std::none_of()` function to
 // test if no elements in a container fulfill a condition.
 template <typename C, typename Pred>
-bool c_none_of(const C& c, Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_none_of(const C& c, Pred&& pred) {
   return std::none_of(container_algorithm_internal::c_begin(c),
                       container_algorithm_internal::c_end(c),
                       std::forward<Pred>(pred));
@@ -196,7 +197,8 @@ bool c_none_of(const C& c, Pred&& pred) {
 // Container-based version of the <algorithm> `std::for_each()` function to
 // apply a function to a container's elements.
 template <typename C, typename Function>
-decay_t<Function> c_for_each(C&& c, Function&& f) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 decay_t<Function> c_for_each(C&& c,
+                                                                 Function&& f) {
   return std::for_each(container_algorithm_internal::c_begin(c),
                        container_algorithm_internal::c_end(c),
                        std::forward<Function>(f));
@@ -207,7 +209,9 @@ decay_t<Function> c_for_each(C&& c, Function&& f) {
 // Container-based version of the <algorithm> `std::find()` function to find
 // the first element containing the passed value within a container value.
 template <typename C, typename T>
-container_algorithm_internal::ContainerIter<C> c_find(C& c, T&& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<C>
+    c_find(C& c, T&& value) {
   return std::find(container_algorithm_internal::c_begin(c),
                    container_algorithm_internal::c_end(c),
                    std::forward<T>(value));
@@ -218,7 +222,8 @@ container_algorithm_internal::ContainerIter<C> c_find(C& c, T&& value) {
 // Container-based version of the <algorithm> `std::ranges::contains()` C++23
 // function to search a container for a value.
 template <typename Sequence, typename T>
-bool c_contains(const Sequence& sequence, T&& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_contains(const Sequence& sequence,
+                                                    T&& value) {
   return absl::c_find(sequence, std::forward<T>(value)) !=
          container_algorithm_internal::c_end(sequence);
 }
@@ -228,7 +233,9 @@ bool c_contains(const Sequence& sequence, T&& value) {
 // Container-based version of the <algorithm> `std::find_if()` function to find
 // the first element in a container matching the given condition.
 template <typename C, typename Pred>
-container_algorithm_internal::ContainerIter<C> c_find_if(C& c, Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<C>
+    c_find_if(C& c, Pred&& pred) {
   return std::find_if(container_algorithm_internal::c_begin(c),
                       container_algorithm_internal::c_end(c),
                       std::forward<Pred>(pred));
@@ -239,8 +246,9 @@ container_algorithm_internal::ContainerIter<C> c_find_if(C& c, Pred&& pred) {
 // Container-based version of the <algorithm> `std::find_if_not()` function to
 // find the first element in a container not matching the given condition.
 template <typename C, typename Pred>
-container_algorithm_internal::ContainerIter<C> c_find_if_not(C& c,
-                                                             Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<C>
+    c_find_if_not(C& c, Pred&& pred) {
   return std::find_if_not(container_algorithm_internal::c_begin(c),
                           container_algorithm_internal::c_end(c),
                           std::forward<Pred>(pred));
@@ -251,8 +259,9 @@ container_algorithm_internal::ContainerIter<C> c_find_if_not(C& c,
 // Container-based version of the <algorithm> `std::find_end()` function to
 // find the last subsequence within a container.
 template <typename Sequence1, typename Sequence2>
-container_algorithm_internal::ContainerIter<Sequence1> c_find_end(
-    Sequence1& sequence, Sequence2& subsequence) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence1>
+    c_find_end(Sequence1& sequence, Sequence2& subsequence) {
   return std::find_end(container_algorithm_internal::c_begin(sequence),
                        container_algorithm_internal::c_end(sequence),
                        container_algorithm_internal::c_begin(subsequence),
@@ -262,8 +271,10 @@ container_algorithm_internal::ContainerIter<Sequence1> c_find_end(
 // Overload of c_find_end() for using a predicate evaluation other than `==` as
 // the function's test condition.
 template <typename Sequence1, typename Sequence2, typename BinaryPredicate>
-container_algorithm_internal::ContainerIter<Sequence1> c_find_end(
-    Sequence1& sequence, Sequence2& subsequence, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence1>
+    c_find_end(Sequence1& sequence, Sequence2& subsequence,
+               BinaryPredicate&& pred) {
   return std::find_end(container_algorithm_internal::c_begin(sequence),
                        container_algorithm_internal::c_end(sequence),
                        container_algorithm_internal::c_begin(subsequence),
@@ -277,8 +288,9 @@ container_algorithm_internal::ContainerIter<Sequence1> c_find_end(
 // find the first element within the container that is also within the options
 // container.
 template <typename C1, typename C2>
-container_algorithm_internal::ContainerIter<C1> c_find_first_of(C1& container,
-                                                                C2& options) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<C1>
+    c_find_first_of(C1& container, C2& options) {
   return std::find_first_of(container_algorithm_internal::c_begin(container),
                             container_algorithm_internal::c_end(container),
                             container_algorithm_internal::c_begin(options),
@@ -288,8 +300,9 @@ container_algorithm_internal::ContainerIter<C1> c_find_first_of(C1& container,
 // Overload of c_find_first_of() for using a predicate evaluation other than
 // `==` as the function's test condition.
 template <typename C1, typename C2, typename BinaryPredicate>
-container_algorithm_internal::ContainerIter<C1> c_find_first_of(
-    C1& container, C2& options, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<C1>
+    c_find_first_of(C1& container, C2& options, BinaryPredicate&& pred) {
   return std::find_first_of(container_algorithm_internal::c_begin(container),
                             container_algorithm_internal::c_end(container),
                             container_algorithm_internal::c_begin(options),
@@ -302,8 +315,9 @@ container_algorithm_internal::ContainerIter<C1> c_find_first_of(
 // Container-based version of the <algorithm> `std::adjacent_find()` function to
 // find equal adjacent elements within a container.
 template <typename Sequence>
-container_algorithm_internal::ContainerIter<Sequence> c_adjacent_find(
-    Sequence& sequence) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence>
+    c_adjacent_find(Sequence& sequence) {
   return std::adjacent_find(container_algorithm_internal::c_begin(sequence),
                             container_algorithm_internal::c_end(sequence));
 }
@@ -311,8 +325,9 @@ container_algorithm_internal::ContainerIter<Sequence> c_adjacent_find(
 // Overload of c_adjacent_find() for using a predicate evaluation other than
 // `==` as the function's test condition.
 template <typename Sequence, typename BinaryPredicate>
-container_algorithm_internal::ContainerIter<Sequence> c_adjacent_find(
-    Sequence& sequence, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence>
+    c_adjacent_find(Sequence& sequence, BinaryPredicate&& pred) {
   return std::adjacent_find(container_algorithm_internal::c_begin(sequence),
                             container_algorithm_internal::c_end(sequence),
                             std::forward<BinaryPredicate>(pred));
@@ -323,8 +338,9 @@ container_algorithm_internal::ContainerIter<Sequence> c_adjacent_find(
 // Container-based version of the <algorithm> `std::count()` function to count
 // values that match within a container.
 template <typename C, typename T>
-container_algorithm_internal::ContainerDifferenceType<const C> c_count(
-    const C& c, T&& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerDifferenceType<const C>
+    c_count(const C& c, T&& value) {
   return std::count(container_algorithm_internal::c_begin(c),
                     container_algorithm_internal::c_end(c),
                     std::forward<T>(value));
@@ -335,8 +351,9 @@ container_algorithm_internal::ContainerDifferenceType<const C> c_count(
 // Container-based version of the <algorithm> `std::count_if()` function to
 // count values matching a condition within a container.
 template <typename C, typename Pred>
-container_algorithm_internal::ContainerDifferenceType<const C> c_count_if(
-    const C& c, Pred&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerDifferenceType<const C>
+    c_count_if(const C& c, Pred&& pred) {
   return std::count_if(container_algorithm_internal::c_begin(c),
                        container_algorithm_internal::c_end(c),
                        std::forward<Pred>(pred));
@@ -348,8 +365,9 @@ container_algorithm_internal::ContainerDifferenceType<const C> c_count_if(
 // return the first element where two ordered containers differ. Applies `==` to
 // the first N elements of `c1` and `c2`, where N = min(size(c1), size(c2)).
 template <typename C1, typename C2>
-container_algorithm_internal::ContainerIterPairType<C1, C2> c_mismatch(C1& c1,
-                                                                       C2& c2) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIterPairType<C1, C2>
+    c_mismatch(C1& c1, C2& c2) {
   return std::mismatch(container_algorithm_internal::c_begin(c1),
                        container_algorithm_internal::c_end(c1),
                        container_algorithm_internal::c_begin(c2),
@@ -360,8 +378,9 @@ container_algorithm_internal::ContainerIterPairType<C1, C2> c_mismatch(C1& c1,
 // the function's test condition. Applies `pred`to the first N elements of `c1`
 // and `c2`, where N = min(size(c1), size(c2)).
 template <typename C1, typename C2, typename BinaryPredicate>
-container_algorithm_internal::ContainerIterPairType<C1, C2> c_mismatch(
-    C1& c1, C2& c2, BinaryPredicate pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIterPairType<C1, C2>
+    c_mismatch(C1& c1, C2& c2, BinaryPredicate pred) {
   return std::mismatch(container_algorithm_internal::c_begin(c1),
                        container_algorithm_internal::c_end(c1),
                        container_algorithm_internal::c_begin(c2),
@@ -373,7 +392,7 @@ container_algorithm_internal::ContainerIterPairType<C1, C2> c_mismatch(
 // Container-based version of the <algorithm> `std::equal()` function to
 // test whether two containers are equal.
 template <typename C1, typename C2>
-bool c_equal(const C1& c1, const C2& c2) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_equal(const C1& c1, const C2& c2) {
   return std::equal(container_algorithm_internal::c_begin(c1),
                     container_algorithm_internal::c_end(c1),
                     container_algorithm_internal::c_begin(c2),
@@ -383,7 +402,8 @@ bool c_equal(const C1& c1, const C2& c2) {
 // Overload of c_equal() for using a predicate evaluation other than `==` as
 // the function's test condition.
 template <typename C1, typename C2, typename BinaryPredicate>
-bool c_equal(const C1& c1, const C2& c2, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_equal(const C1& c1, const C2& c2,
+                                                 BinaryPredicate&& pred) {
   return std::equal(container_algorithm_internal::c_begin(c1),
                     container_algorithm_internal::c_end(c1),
                     container_algorithm_internal::c_begin(c2),
@@ -396,7 +416,8 @@ bool c_equal(const C1& c1, const C2& c2, BinaryPredicate&& pred) {
 // Container-based version of the <algorithm> `std::is_permutation()` function
 // to test whether a container is a permutation of another.
 template <typename C1, typename C2>
-bool c_is_permutation(const C1& c1, const C2& c2) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_is_permutation(const C1& c1,
+                                                          const C2& c2) {
   return std::is_permutation(container_algorithm_internal::c_begin(c1),
                              container_algorithm_internal::c_end(c1),
                              container_algorithm_internal::c_begin(c2),
@@ -406,7 +427,8 @@ bool c_is_permutation(const C1& c1, const C2& c2) {
 // Overload of c_is_permutation() for using a predicate evaluation other than
 // `==` as the function's test condition.
 template <typename C1, typename C2, typename BinaryPredicate>
-bool c_is_permutation(const C1& c1, const C2& c2, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_is_permutation(
+    const C1& c1, const C2& c2, BinaryPredicate&& pred) {
   return std::is_permutation(container_algorithm_internal::c_begin(c1),
                              container_algorithm_internal::c_end(c1),
                              container_algorithm_internal::c_begin(c2),
@@ -419,8 +441,9 @@ bool c_is_permutation(const C1& c1, const C2& c2, BinaryPredicate&& pred) {
 // Container-based version of the <algorithm> `std::search()` function to search
 // a container for a subsequence.
 template <typename Sequence1, typename Sequence2>
-container_algorithm_internal::ContainerIter<Sequence1> c_search(
-    Sequence1& sequence, Sequence2& subsequence) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence1>
+    c_search(Sequence1& sequence, Sequence2& subsequence) {
   return std::search(container_algorithm_internal::c_begin(sequence),
                      container_algorithm_internal::c_end(sequence),
                      container_algorithm_internal::c_begin(subsequence),
@@ -430,8 +453,10 @@ container_algorithm_internal::ContainerIter<Sequence1> c_search(
 // Overload of c_search() for using a predicate evaluation other than
 // `==` as the function's test condition.
 template <typename Sequence1, typename Sequence2, typename BinaryPredicate>
-container_algorithm_internal::ContainerIter<Sequence1> c_search(
-    Sequence1& sequence, Sequence2& subsequence, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence1>
+    c_search(Sequence1& sequence, Sequence2& subsequence,
+             BinaryPredicate&& pred) {
   return std::search(container_algorithm_internal::c_begin(sequence),
                      container_algorithm_internal::c_end(sequence),
                      container_algorithm_internal::c_begin(subsequence),
@@ -444,7 +469,8 @@ container_algorithm_internal::ContainerIter<Sequence1> c_search(
 // Container-based version of the <algorithm> `std::ranges::contains_subrange()`
 // C++23 function to search a container for a subsequence.
 template <typename Sequence1, typename Sequence2>
-bool c_contains_subrange(Sequence1& sequence, Sequence2& subsequence) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_contains_subrange(
+    Sequence1& sequence, Sequence2& subsequence) {
   return absl::c_search(sequence, subsequence) !=
          container_algorithm_internal::c_end(sequence);
 }
@@ -452,8 +478,8 @@ bool c_contains_subrange(Sequence1& sequence, Sequence2& subsequence) {
 // Overload of c_contains_subrange() for using a predicate evaluation other than
 // `==` as the function's test condition.
 template <typename Sequence1, typename Sequence2, typename BinaryPredicate>
-bool c_contains_subrange(Sequence1& sequence, Sequence2& subsequence,
-                         BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20 bool c_contains_subrange(
+    Sequence1& sequence, Sequence2& subsequence, BinaryPredicate&& pred) {
   return absl::c_search(sequence, subsequence,
                         std::forward<BinaryPredicate>(pred)) !=
          container_algorithm_internal::c_end(sequence);
@@ -464,8 +490,9 @@ bool c_contains_subrange(Sequence1& sequence, Sequence2& subsequence,
 // Container-based version of the <algorithm> `std::search_n()` function to
 // search a container for the first sequence of N elements.
 template <typename Sequence, typename Size, typename T>
-container_algorithm_internal::ContainerIter<Sequence> c_search_n(
-    Sequence& sequence, Size count, T&& value) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence>
+    c_search_n(Sequence& sequence, Size count, T&& value) {
   return std::search_n(container_algorithm_internal::c_begin(sequence),
                        container_algorithm_internal::c_end(sequence), count,
                        std::forward<T>(value));
@@ -475,8 +502,10 @@ container_algorithm_internal::ContainerIter<Sequence> c_search_n(
 // `==` as the function's test condition.
 template <typename Sequence, typename Size, typename T,
           typename BinaryPredicate>
-container_algorithm_internal::ContainerIter<Sequence> c_search_n(
-    Sequence& sequence, Size count, T&& value, BinaryPredicate&& pred) {
+ABSL_INTERNAL_CONSTEXPR_SINCE_CXX20
+    container_algorithm_internal::ContainerIter<Sequence>
+    c_search_n(Sequence& sequence, Size count, T&& value,
+               BinaryPredicate&& pred) {
   return std::search_n(container_algorithm_internal::c_begin(sequence),
                        container_algorithm_internal::c_end(sequence), count,
                        std::forward<T>(value),
diff --git a/deps/v8/third_party/abseil-cpp/absl/algorithm/container_test.cc b/deps/v8/third_party/abseil-cpp/absl/algorithm/container_test.cc
index 5012224922e4b3..fcb1cf51873356 100644
--- a/deps/v8/third_party/abseil-cpp/absl/algorithm/container_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/algorithm/container_test.cc
@@ -1164,6 +1164,7 @@ TEST(MutatingTest, PermutationOperations) {
 
 #if defined(ABSL_INTERNAL_CPLUSPLUS_LANG) && \
     ABSL_INTERNAL_CPLUSPLUS_LANG >= 201703L
+
 TEST(ConstexprTest, Distance) {
   // Works at compile time with constexpr containers.
   static_assert(absl::c_distance(std::array<int, 3>()) == 3);
@@ -1203,8 +1204,216 @@ TEST(ConstexprTest, MinMaxElementWithPredicate) {
   static_assert(*kMinMaxPair.first == 3);
   static_assert(*kMinMaxPair.second == 1);
 }
-
 #endif  // defined(ABSL_INTERNAL_CPLUSPLUS_LANG) &&
         //  ABSL_INTERNAL_CPLUSPLUS_LANG >= 201703L
 
+#if defined(ABSL_INTERNAL_CPLUSPLUS_LANG) && \
+    ABSL_INTERNAL_CPLUSPLUS_LANG >= 202002L
+
+TEST(ConstexprTest, LinearSearch) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_linear_search(kArray, 3));
+  static_assert(!absl::c_linear_search(kArray, 4));
+}
+
+TEST(ConstexprTest, AllOf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(!absl::c_all_of(kArray, [](int x) { return x > 1; }));
+  static_assert(absl::c_all_of(kArray, [](int x) { return x > 0; }));
+}
+
+TEST(ConstexprTest, AnyOf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_any_of(kArray, [](int x) { return x > 2; }));
+  static_assert(!absl::c_any_of(kArray, [](int x) { return x > 5; }));
+}
+
+TEST(ConstexprTest, NoneOf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(!absl::c_none_of(kArray, [](int x) { return x > 2; }));
+  static_assert(absl::c_none_of(kArray, [](int x) { return x > 5; }));
+}
+
+TEST(ConstexprTest, ForEach) {
+  static constexpr std::array<int, 3> kArray = [] {
+    std::array<int, 3> array = {1, 2, 3};
+    absl::c_for_each(array, [](int& x) { x += 1; });
+    return array;
+  }();
+  static_assert(kArray == std::array{2, 3, 4});
+}
+
+TEST(ConstexprTest, Find) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_find(kArray, 1) == kArray.begin());
+  static_assert(absl::c_find(kArray, 4) == kArray.end());
+}
+
+TEST(ConstexprTest, Contains) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_contains(kArray, 1));
+  static_assert(!absl::c_contains(kArray, 4));
+}
+
+TEST(ConstexprTest, FindIf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_find_if(kArray, [](int x) { return x > 2; }) ==
+                kArray.begin() + 2);
+  static_assert(absl::c_find_if(kArray, [](int x) { return x > 5; }) ==
+                kArray.end());
+}
+
+TEST(ConstexprTest, FindIfNot) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_find_if_not(kArray, [](int x) { return x > 1; }) ==
+                kArray.begin());
+  static_assert(absl::c_find_if_not(kArray, [](int x) { return x > 0; }) ==
+                kArray.end());
+}
+
+TEST(ConstexprTest, FindEnd) {
+  static constexpr std::array<int, 5> kHaystack = {1, 2, 3, 2, 3};
+  static constexpr std::array<int, 2> kNeedle = {2, 3};
+  static_assert(absl::c_find_end(kHaystack, kNeedle) == kHaystack.begin() + 3);
+}
+
+TEST(ConstexprTest, FindFirstOf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_find_first_of(kArray, kArray) == kArray.begin());
+}
+
+TEST(ConstexprTest, AdjacentFind) {
+  static constexpr std::array<int, 4> kArray = {1, 2, 2, 3};
+  static_assert(absl::c_adjacent_find(kArray) == kArray.begin() + 1);
+}
+
+TEST(ConstexprTest, AdjacentFindWithPredicate) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_adjacent_find(kArray, std::less<int>()) ==
+                kArray.begin());
+}
+
+TEST(ConstexprTest, Count) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_count(kArray, 1) == 1);
+  static_assert(absl::c_count(kArray, 2) == 1);
+  static_assert(absl::c_count(kArray, 3) == 1);
+  static_assert(absl::c_count(kArray, 4) == 0);
+}
+
+TEST(ConstexprTest, CountIf) {
+  static constexpr std::array<int, 3> kArray = {1, 2, 3};
+  static_assert(absl::c_count_if(kArray, [](int x) { return x > 0; }) == 3);
+  static_assert(absl::c_count_if(kArray, [](int x) { return x > 1; }) == 2);
+}
+
+TEST(ConstexprTest, Mismatch) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_mismatch(kArray1, kArray2) ==
+                std::pair{kArray1.end(), kArray2.end()});
+  static_assert(absl::c_mismatch(kArray1, kArray3) ==
+                std::pair{kArray1.begin(), kArray3.begin()});
+}
+
+TEST(ConstexprTest, MismatchWithPredicate) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_mismatch(kArray1, kArray2, std::not_equal_to<int>()) ==
+                std::pair{kArray1.begin(), kArray2.begin()});
+  static_assert(absl::c_mismatch(kArray1, kArray3, std::not_equal_to<int>()) ==
+                std::pair{kArray1.end(), kArray3.end()});
+}
+
+TEST(ConstexprTest, Equal) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_equal(kArray1, kArray2));
+  static_assert(!absl::c_equal(kArray1, kArray3));
+}
+
+TEST(ConstexprTest, EqualWithPredicate) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(!absl::c_equal(kArray1, kArray2, std::not_equal_to<int>()));
+  static_assert(absl::c_equal(kArray1, kArray3, std::not_equal_to<int>()));
+}
+
+TEST(ConstexprTest, IsPermutation) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {3, 2, 1};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_is_permutation(kArray1, kArray2));
+  static_assert(!absl::c_is_permutation(kArray1, kArray3));
+}
+
+TEST(ConstexprTest, IsPermutationWithPredicate) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {3, 2, 1};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_is_permutation(kArray1, kArray2, std::equal_to<int>()));
+  static_assert(
+      !absl::c_is_permutation(kArray1, kArray3, std::equal_to<int>()));
+}
+
+TEST(ConstexprTest, Search) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_search(kArray1, kArray2) == kArray1.begin());
+  static_assert(absl::c_search(kArray1, kArray3) == kArray1.end());
+}
+
+TEST(ConstexprTest, SearchWithPredicate) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_search(kArray1, kArray2, std::not_equal_to<int>()) ==
+                kArray1.end());
+  static_assert(absl::c_search(kArray1, kArray3, std::not_equal_to<int>()) ==
+                kArray1.begin());
+}
+
+TEST(ConstexprTest, ContainsSubrange) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(absl::c_contains_subrange(kArray1, kArray2));
+  static_assert(!absl::c_contains_subrange(kArray1, kArray3));
+}
+
+TEST(ConstexprTest, ContainsSubrangeWithPredicate) {
+  static constexpr std::array<int, 3> kArray1 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray2 = {1, 2, 3};
+  static constexpr std::array<int, 3> kArray3 = {2, 3, 4};
+  static_assert(
+      !absl::c_contains_subrange(kArray1, kArray2, std::not_equal_to<>()));
+  static_assert(
+      absl::c_contains_subrange(kArray1, kArray3, std::not_equal_to<>()));
+}
+
+TEST(ConstexprTest, SearchN) {
+  static constexpr std::array<int, 4> kArray = {1, 2, 2, 3};
+  static_assert(absl::c_search_n(kArray, 1, 1) == kArray.begin());
+  static_assert(absl::c_search_n(kArray, 2, 2) == kArray.begin() + 1);
+  static_assert(absl::c_search_n(kArray, 1, 4) == kArray.end());
+}
+
+TEST(ConstexprTest, SearchNWithPredicate) {
+  static constexpr std::array<int, 4> kArray = {1, 2, 2, 3};
+  static_assert(absl::c_search_n(kArray, 1, 1, std::not_equal_to<int>()) ==
+                kArray.begin() + 1);
+  static_assert(absl::c_search_n(kArray, 2, 2, std::not_equal_to<int>()) ==
+                kArray.end());
+  static_assert(absl::c_search_n(kArray, 1, 4, std::not_equal_to<int>()) ==
+                kArray.begin());
+}
+
+#endif  // defined(ABSL_INTERNAL_CPLUSPLUS_LANG) &&
+        //  ABSL_INTERNAL_CPLUSPLUS_LANG >= 202002L
+
 }  // namespace
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/base/BUILD.bazel
index 995ca530918896..38a765227d3d6e 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/base/BUILD.bazel
@@ -926,3 +926,44 @@ cc_test(
         "@com_google_googletest//:gtest_main",
     ],
 )
+
+cc_library(
+    name = "tracing_internal",
+    srcs = ["internal/tracing.cc"],
+    hdrs = ["internal/tracing.h"],
+    copts = ABSL_DEFAULT_COPTS,
+    linkopts = ABSL_DEFAULT_LINKOPTS,
+    visibility = [
+        "//absl:__subpackages__",
+    ],
+    deps = [
+        "//absl/base:config",
+        "//absl/base:core_headers",
+    ],
+)
+
+cc_test(
+    name = "tracing_internal_weak_test",
+    srcs = ["internal/tracing_weak_test.cc"],
+    copts = ABSL_TEST_COPTS,
+    linkopts = ABSL_DEFAULT_LINKOPTS,
+    deps = [
+        ":tracing_internal",
+        "@com_google_googletest//:gtest",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
+
+cc_test(
+    name = "tracing_internal_strong_test",
+    srcs = ["internal/tracing_strong_test.cc"],
+    copts = ABSL_TEST_COPTS,
+    linkopts = ABSL_DEFAULT_LINKOPTS,
+    deps = [
+        ":config",
+        ":core_headers",
+        ":tracing_internal",
+        "@com_google_googletest//:gtest",
+        "@com_google_googletest//:gtest_main",
+    ],
+)
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/BUILD.gn b/deps/v8/third_party/abseil-cpp/absl/base/BUILD.gn
index 9c7d359af438c8..aea261d77ca336 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/BUILD.gn
+++ b/deps/v8/third_party/abseil-cpp/absl/base/BUILD.gn
@@ -332,6 +332,32 @@ absl_test("poison_test") {
   ]
 }
 
+
+absl_source_set("tracing_internal") {
+  public = [ "internal/tracing.h" ]
+  sources = [ "internal/tracing.cc" ]
+  deps = [
+    ":config",
+    ":core_headers",
+  ]
+}
+
+absl_test("tracing_internal_weak_test") {
+  sources = [ "internal/tracing_weak_test.cc" ]
+  deps = [
+    ":tracing_internal",
+  ]
+}
+
+absl_test("tracing_internal_strong_test") {
+  sources = [ "internal/tracing_strong_test.cc" ]
+  deps = [
+    ":config",
+    ":core_headers",
+    ":tracing_internal",
+  ]
+}
+
 absl_test("config_test") {
   sources = [ "config_test.cc" ]
   deps = [
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/CMakeLists.txt b/deps/v8/third_party/abseil-cpp/absl/base/CMakeLists.txt
index fa27ae8d908b12..835624fbadf286 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/CMakeLists.txt
+++ b/deps/v8/third_party/abseil-cpp/absl/base/CMakeLists.txt
@@ -767,3 +767,42 @@ absl_cc_test(
     absl::poison
     GTest::gtest_main
 )
+
+absl_cc_library(
+  NAME
+    tracing_internal
+  HDRS
+    "internal/tracing.h"
+  SRCS
+    "internal/tracing.cc"
+  COPTS
+    ${ABSL_DEFAULT_COPTS}
+  DEPS
+    absl::base
+)
+
+absl_cc_test(
+  NAME
+    tracing_internal_weak_test
+  SRCS
+    "internal/tracing_weak_test.cc"
+  COPTS
+    ${ABSL_TEST_COPTS}
+  DEPS
+    absl::base
+    absl::tracing_internal
+    GTest::gtest_main
+)
+
+absl_cc_test(
+  NAME
+    tracing_internal_strong_test
+  SRCS
+    "internal/tracing_strong_test.cc"
+  COPTS
+    ${ABSL_TEST_COPTS}
+  DEPS
+    absl::base
+    absl::tracing_internal
+    GTest::gtest_main
+)
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/attributes.h b/deps/v8/third_party/abseil-cpp/absl/base/attributes.h
index 5ea5ee3ef8c664..c5f35becd928fc 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/attributes.h
+++ b/deps/v8/third_party/abseil-cpp/absl/base/attributes.h
@@ -133,12 +133,14 @@
 // Tags a function as weak for the purposes of compilation and linking.
 // Weak attributes did not work properly in LLVM's Windows backend before
 // 9.0.0, so disable them there. See https://bugs.llvm.org/show_bug.cgi?id=37598
-// for further information.
+// for further information. Weak attributes do not work across DLL boundary.
 // The MinGW compiler doesn't complain about the weak attribute until the link
 // step, presumably because Windows doesn't use ELF binaries.
-#if (ABSL_HAVE_ATTRIBUTE(weak) ||                                         \
-     (defined(__GNUC__) && !defined(__clang__))) &&                       \
-    (!defined(_WIN32) || (defined(__clang__) && __clang_major__ >= 9)) && \
+#if (ABSL_HAVE_ATTRIBUTE(weak) ||                                 \
+     (defined(__GNUC__) && !defined(__clang__))) &&               \
+    (!defined(_WIN32) ||                                          \
+     (defined(__clang__) && __clang_major__ >= 9 &&               \
+      !defined(ABSL_BUILD_DLL) && !defined(ABSL_CONSUME_DLL))) && \
     !defined(__MINGW32__)
 #undef ABSL_ATTRIBUTE_WEAK
 #define ABSL_ATTRIBUTE_WEAK __attribute__((weak))
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/config.h b/deps/v8/third_party/abseil-cpp/absl/base/config.h
index 97c9a22a109357..ab1e9860a918b6 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/config.h
+++ b/deps/v8/third_party/abseil-cpp/absl/base/config.h
@@ -926,7 +926,7 @@ static_assert(ABSL_INTERNAL_INLINE_NAMESPACE_STR[0] != 'h' ||
 // https://llvm.org/docs/CompileCudaWithLLVM.html#detecting-clang-vs-nvcc-from-code
 #ifdef ABSL_INTERNAL_HAVE_ARM_NEON
 #error ABSL_INTERNAL_HAVE_ARM_NEON cannot be directly set
-#elif defined(__ARM_NEON) && !defined(__CUDA_ARCH__)
+#elif defined(__ARM_NEON) && !(defined(__NVCC__) && defined(__CUDACC__))
 #define ABSL_INTERNAL_HAVE_ARM_NEON 1
 #endif
 
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/sysinfo.cc b/deps/v8/third_party/abseil-cpp/absl/base/internal/sysinfo.cc
index 79eaba3e51c846..1937db307969f6 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/internal/sysinfo.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/sysinfo.cc
@@ -46,6 +46,10 @@
 #include <rtems.h>
 #endif
 
+#if defined(__Fuchsia__)
+#include <zircon/process.h>
+#endif
+
 #include <string.h>
 
 #include <cassert>
@@ -461,6 +465,16 @@ pid_t GetTID() {
   return reinterpret_cast<pid_t>(thread);
 }
 
+#elif defined(__Fuchsia__)
+
+pid_t GetTID() {
+  // Use our thread handle as the TID, which should be unique within this
+  // process (but may not be globally unique). The handle value was chosen over
+  // a kernel object ID (KOID) because zx_handle_t (32-bits) can be cast to a
+  // pid_t type without loss of precision, but a zx_koid_t (64-bits) cannot.
+  return static_cast<pid_t>(zx_thread_self());
+}
+
 #else
 
 // Fallback implementation of `GetTID` using `pthread_self`.
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/thread_identity.h b/deps/v8/third_party/abseil-cpp/absl/base/internal/thread_identity.h
index b6e917ce804ef9..acfc15a8f69761 100644
--- a/deps/v8/third_party/abseil-cpp/absl/base/internal/thread_identity.h
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/thread_identity.h
@@ -130,7 +130,11 @@ struct PerThreadSynch {
 };
 
 // The instances of this class are allocated in NewThreadIdentity() with an
-// alignment of PerThreadSynch::kAlignment.
+// alignment of PerThreadSynch::kAlignment and never destroyed. Initialization
+// should happen in OneTimeInitThreadIdentity().
+//
+// Instances may be reused by new threads - fields should be reset in
+// ResetThreadIdentityBetweenReuse().
 //
 // NOTE: The layout of fields in this structure is critical, please do not
 //       add, remove, or modify the field placements without fully auditing the
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.cc b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.cc
new file mode 100644
index 00000000000000..d304e6a29a6096
--- /dev/null
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.cc
@@ -0,0 +1,39 @@
+// Copyright 2024 The Abseil Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "absl/base/internal/tracing.h"
+
+#include "absl/base/attributes.h"
+#include "absl/base/config.h"
+
+namespace absl {
+ABSL_NAMESPACE_BEGIN
+namespace base_internal {
+
+extern "C" {
+
+ABSL_ATTRIBUTE_WEAK void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(
+    const void*, ObjectKind) {}
+ABSL_ATTRIBUTE_WEAK void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(
+    const void*, ObjectKind) {}
+ABSL_ATTRIBUTE_WEAK void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(
+    const void*, ObjectKind) {}
+ABSL_ATTRIBUTE_WEAK void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceObserved)(
+    const void*, ObjectKind) {}
+
+}  // extern "C"
+
+}  // namespace base_internal
+ABSL_NAMESPACE_END
+}  // namespace absl
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.h b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.h
new file mode 100644
index 00000000000000..e7ab7758fe08e1
--- /dev/null
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing.h
@@ -0,0 +1,81 @@
+// Copyright 2024 The Abseil Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef ABSL_BASE_INTERNAL_TRACING_H_
+#define ABSL_BASE_INTERNAL_TRACING_H_
+
+#include "absl/base/config.h"
+
+namespace absl {
+ABSL_NAMESPACE_BEGIN
+namespace base_internal {
+
+// Well known Abseil object types that have causality.
+enum class ObjectKind { kUnknown, kBlockingCounter, kNotification };
+
+// `TraceWait` and `TraceContinue` record the start and end of a potentially
+// blocking wait operation on `object`. `object` typically represents a higher
+// level synchronization object such as `absl::Notification`.
+void TraceWait(const void* object, ObjectKind kind);
+void TraceContinue(const void* object, ObjectKind kind);
+
+// `TraceSignal` records a signal on `object`.
+void TraceSignal(const void* object, ObjectKind kind);
+
+// `TraceObserved` records the non-blocking observation of a signaled object.
+void TraceObserved(const void* object, ObjectKind kind);
+
+// ---------------------------------------------------------------------------
+// Weak implementation detail:
+//
+// We define the weak API as extern "C": in some build configurations we pass
+// `--detect-odr-violations` to the gold linker. This causes it to flag weak
+// symbol overrides as ODR violations. Because ODR only applies to C++ and not
+// C, `--detect-odr-violations` ignores symbols not mangled with C++ names.
+// By changing our extension points to be extern "C", we dodge this check.
+// ---------------------------------------------------------------------------
+extern "C" {
+
+  void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(const void* object,
+                                                     ObjectKind kind);
+  void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(const void* object,
+                                                         ObjectKind kind);
+  void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(const void* object,
+                                                       ObjectKind kind);
+  void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceObserved)(const void* object,
+                                                         ObjectKind kind);
+
+}  // extern "C"
+
+inline void TraceWait(const void* object, ObjectKind kind) {
+  ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(object, kind);
+}
+
+inline void TraceContinue(const void* object, ObjectKind kind) {
+  ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(object, kind);
+}
+
+inline void TraceSignal(const void* object, ObjectKind kind) {
+  ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(object, kind);
+}
+
+inline void TraceObserved(const void* object, ObjectKind kind) {
+  ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceObserved)(object, kind);
+}
+
+}  // namespace base_internal
+ABSL_NAMESPACE_END
+}  // namespace absl
+
+#endif  // ABSL_BASE_INTERNAL_TRACING_H_
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_strong_test.cc b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_strong_test.cc
new file mode 100644
index 00000000000000..979f1c577abf7c
--- /dev/null
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_strong_test.cc
@@ -0,0 +1,117 @@
+// Copyright 2024 The Abseil Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <tuple>
+#include <vector>
+
+#include "gmock/gmock.h"
+#include "gtest/gtest.h"
+#include "absl/base/attributes.h"
+#include "absl/base/config.h"
+#include "absl/base/internal/tracing.h"
+
+#if ABSL_HAVE_ATTRIBUTE_WEAK
+
+namespace {
+
+using ::testing::ElementsAre;
+
+using ::absl::base_internal::ObjectKind;
+
+enum Function { kWait, kContinue, kSignal, kObserved };
+
+using Record = std::tuple<Function, const void*, ObjectKind>;
+
+thread_local std::vector<Record>* tls_records = nullptr;
+
+}  // namespace
+
+namespace absl {
+ABSL_NAMESPACE_BEGIN
+namespace base_internal {
+
+// Strong extern "C" implementation.
+extern "C" {
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(const void* object,
+                                                   ObjectKind kind) {
+  if (tls_records != nullptr) {
+    tls_records->push_back({kWait, object, kind});
+  }
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(const void* object,
+                                                       ObjectKind kind) {
+  if (tls_records != nullptr) {
+    tls_records->push_back({kContinue, object, kind});
+  }
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(const void* object,
+                                                     ObjectKind kind) {
+  if (tls_records != nullptr) {
+    tls_records->push_back({kSignal, object, kind});
+  }
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceObserved)(const void* object,
+                                                       ObjectKind kind) {
+  if (tls_records != nullptr) {
+    tls_records->push_back({kObserved, object, kind});
+  }
+}
+
+}  // extern "C"
+
+}  // namespace base_internal
+ABSL_NAMESPACE_END
+}  // namespace absl
+
+namespace {
+
+TEST(TracingInternal, InvokesStrongFunctionWithNullptr) {
+  std::vector<Record> records;
+  tls_records = &records;
+  auto kind = absl::base_internal::ObjectKind::kUnknown;
+  absl::base_internal::TraceWait(nullptr, kind);
+  absl::base_internal::TraceContinue(nullptr, kind);
+  absl::base_internal::TraceSignal(nullptr, kind);
+  absl::base_internal::TraceObserved(nullptr, kind);
+  tls_records = nullptr;
+
+  EXPECT_THAT(records, ElementsAre(Record{kWait, nullptr, kind},
+                                   Record{kContinue, nullptr, kind},
+                                   Record{kSignal, nullptr, kind},
+                                   Record{kObserved, nullptr, kind}));
+}
+
+TEST(TracingInternal, InvokesStrongFunctionWithObjectAddress) {
+  int object = 0;
+  std::vector<Record> records;
+  tls_records = &records;
+  auto kind = absl::base_internal::ObjectKind::kUnknown;
+  absl::base_internal::TraceWait(&object, kind);
+  absl::base_internal::TraceContinue(&object, kind);
+  absl::base_internal::TraceSignal(&object, kind);
+  absl::base_internal::TraceObserved(&object, kind);
+  tls_records = nullptr;
+
+  EXPECT_THAT(records, ElementsAre(Record{kWait, &object, kind},
+                                   Record{kContinue, &object, kind},
+                                   Record{kSignal, &object, kind},
+                                   Record{kObserved, &object, kind}));
+}
+
+}  // namespace
+
+#endif  // ABSL_HAVE_ATTRIBUTE_WEAK
diff --git a/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_weak_test.cc b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_weak_test.cc
new file mode 100644
index 00000000000000..6d7553fd6aa7d5
--- /dev/null
+++ b/deps/v8/third_party/abseil-cpp/absl/base/internal/tracing_weak_test.cc
@@ -0,0 +1,34 @@
+// Copyright 2024 The Abseil Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "gtest/gtest.h"
+#include "absl/base/internal/tracing.h"
+
+namespace {
+
+TEST(TracingInternal, HasDefaultImplementation) {
+  auto kind = absl::base_internal::ObjectKind::kUnknown;
+  absl::base_internal::TraceWait(nullptr, kind);
+  absl::base_internal::TraceContinue(nullptr, kind);
+  absl::base_internal::TraceSignal(nullptr, kind);
+  absl::base_internal::TraceObserved(nullptr, kind);
+
+  int object = 0;
+  absl::base_internal::TraceWait(&object, kind);
+  absl::base_internal::TraceContinue(&object, kind);
+  absl::base_internal::TraceSignal(&object, kind);
+  absl::base_internal::TraceObserved(&object, kind);
+}
+
+}  // namespace
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/container/BUILD.bazel
index b00c30fdece141..ef71c9044eb417 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/container/BUILD.bazel
@@ -732,6 +732,7 @@ cc_test(
         "//absl/memory",
         "//absl/meta:type_traits",
         "//absl/strings",
+        "//absl/types:optional",
         "@com_google_googletest//:gtest",
         "@com_google_googletest//:gtest_main",
     ],
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/BUILD.gn b/deps/v8/third_party/abseil-cpp/absl/container/BUILD.gn
index d9a59c348c8102..e3cc2fc2f3cb27 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/BUILD.gn
+++ b/deps/v8/third_party/abseil-cpp/absl/container/BUILD.gn
@@ -429,6 +429,7 @@ absl_test("raw_hash_set_test") {
     "//third_party/abseil-cpp/absl/memory",
     "//third_party/abseil-cpp/absl/meta:type_traits",
     "//third_party/abseil-cpp/absl/strings",
+    "//third_party/abseil-cpp/absl/types:optional",
   ]
 }
 
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/CMakeLists.txt b/deps/v8/third_party/abseil-cpp/absl/container/CMakeLists.txt
index 25831d5fdb8581..18a511ee029863 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/CMakeLists.txt
+++ b/deps/v8/third_party/abseil-cpp/absl/container/CMakeLists.txt
@@ -791,6 +791,7 @@ absl_cc_test(
     absl::log
     absl::memory
     absl::node_hash_set
+    absl::optional
     absl::prefetch
     absl::raw_hash_set
     absl::strings
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h
index ebd9ed67566277..8c939652bb372d 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_map.h
@@ -426,8 +426,7 @@ class ABSL_INTERNAL_ATTRIBUTE_OWNER flat_hash_map
   // flat_hash_map::swap(flat_hash_map& other)
   //
   // Exchanges the contents of this `flat_hash_map` with those of the `other`
-  // flat hash map, avoiding invocation of any move, copy, or swap operations on
-  // individual elements.
+  // flat hash map.
   //
   // All iterators and references on the `flat_hash_map` remain valid, excepting
   // for the past-the-end iterator, which is invalidated.
@@ -574,6 +573,21 @@ typename flat_hash_map<K, V, H, E, A>::size_type erase_if(
   return container_internal::EraseIf(pred, &c);
 }
 
+// swap(flat_hash_map<>, flat_hash_map<>)
+//
+// Swaps the contents of two `flat_hash_map` containers.
+//
+// NOTE: we need to define this function template in order for
+// `flat_hash_set::swap` to be called instead of `std::swap`. Even though we
+// have `swap(raw_hash_set&, raw_hash_set&)` defined, that function requires a
+// derived-to-base conversion, whereas `std::swap` is a function template so
+// `std::swap` will be preferred by compiler.
+template <typename K, typename V, typename H, typename E, typename A>
+void swap(flat_hash_map<K, V, H, E, A>& x,
+          flat_hash_map<K, V, H, E, A>& y) noexcept(noexcept(x.swap(y))) {
+  x.swap(y);
+}
+
 namespace container_internal {
 
 // c_for_each_fast(flat_hash_map<>, Function)
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h
index a3e36e05e3b1bd..dd2e81090eab65 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/flat_hash_set.h
@@ -360,8 +360,7 @@ class ABSL_INTERNAL_ATTRIBUTE_OWNER flat_hash_set
   // flat_hash_set::swap(flat_hash_set& other)
   //
   // Exchanges the contents of this `flat_hash_set` with those of the `other`
-  // flat hash set, avoiding invocation of any move, copy, or swap operations on
-  // individual elements.
+  // flat hash set.
   //
   // All iterators and references on the `flat_hash_set` remain valid, excepting
   // for the past-the-end iterator, which is invalidated.
@@ -478,6 +477,21 @@ typename flat_hash_set<T, H, E, A>::size_type erase_if(
   return container_internal::EraseIf(pred, &c);
 }
 
+// swap(flat_hash_set<>, flat_hash_set<>)
+//
+// Swaps the contents of two `flat_hash_set` containers.
+//
+// NOTE: we need to define this function template in order for
+// `flat_hash_set::swap` to be called instead of `std::swap`. Even though we
+// have `swap(raw_hash_set&, raw_hash_set&)` defined, that function requires a
+// derived-to-base conversion, whereas `std::swap` is a function template so
+// `std::swap` will be preferred by compiler.
+template <typename T, typename H, typename E, typename A>
+void swap(flat_hash_set<T, H, E, A>& x,
+          flat_hash_set<T, H, E, A>& y) noexcept(noexcept(x.swap(y))) {
+  return x.swap(y);
+}
+
 namespace container_internal {
 
 // c_for_each_fast(flat_hash_set<>, Function)
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/container_memory.h b/deps/v8/third_party/abseil-cpp/absl/container/internal/container_memory.h
index ba8e08a2d223a0..e70317970181f4 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/container_memory.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/container_memory.h
@@ -17,6 +17,7 @@
 
 #include <cassert>
 #include <cstddef>
+#include <cstdint>
 #include <cstring>
 #include <memory>
 #include <new>
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h
index d4fe8f5c21bec3..6399542bd06ecb 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set.h
@@ -536,6 +536,14 @@ static_assert(ctrl_t::kDeleted == static_cast<ctrl_t>(-2),
 // See definition comment for why this is size 32.
 ABSL_DLL extern const ctrl_t kEmptyGroup[32];
 
+// We use these sentinel capacity values in debug mode to indicate different
+// classes of bugs.
+enum InvalidCapacity : size_t {
+  kAboveMaxValidCapacity = ~size_t{} - 100,
+  // Used for reentrancy assertions.
+  kInvalidReentrance,
+};
+
 // Returns a pointer to a control byte group that can be used by empty tables.
 inline ctrl_t* EmptyGroup() {
   // Const must be cast away here; no uses of this function will actually write
@@ -1376,7 +1384,8 @@ class CommonFields : public CommonFieldsGenerationInfo {
   // The total number of available slots.
   size_t capacity() const { return capacity_; }
   void set_capacity(size_t c) {
-    assert(c == 0 || IsValidCapacity(c));
+    // We allow setting above the max valid capacity for debugging purposes.
+    assert(c == 0 || IsValidCapacity(c) || c > kAboveMaxValidCapacity);
     capacity_ = c;
   }
 
@@ -1444,6 +1453,20 @@ class CommonFields : public CommonFieldsGenerationInfo {
         std::count(control(), control() + capacity(), ctrl_t::kDeleted));
   }
 
+  // Helper to enable sanitizer mode validation to protect against reentrant
+  // calls during element constructor/destructor.
+  template <typename F>
+  void RunWithReentrancyGuard(F f) {
+#ifdef NDEBUG
+    f();
+    return;
+#endif
+    const size_t cap = capacity();
+    set_capacity(kInvalidReentrance);
+    f();
+    set_capacity(cap);
+  }
+
  private:
   // We store the has_infoz bit in the lowest bit of size_.
   static constexpr size_t HasInfozShift() { return 1; }
@@ -2874,6 +2897,7 @@ class raw_hash_set {
   size_t max_size() const { return (std::numeric_limits<size_t>::max)(); }
 
   ABSL_ATTRIBUTE_REINITIALIZES void clear() {
+    AssertNotDebugCapacity();
     // Iterating over this container is O(bucket_count()). When bucket_count()
     // is much greater than size(), iteration becomes prohibitively expensive.
     // For clear() it is more important to reuse the allocated array when the
@@ -3127,6 +3151,7 @@ class raw_hash_set {
   // This overload is necessary because otherwise erase<K>(const K&) would be
   // a better match if non-const iterator is passed as an argument.
   void erase(iterator it) {
+    AssertNotDebugCapacity();
     AssertIsFull(it.control(), it.generation(), it.generation_ptr(), "erase()");
     destroy(it.slot());
     if (is_soo()) {
@@ -3138,6 +3163,7 @@ class raw_hash_set {
 
   iterator erase(const_iterator first,
                  const_iterator last) ABSL_ATTRIBUTE_LIFETIME_BOUND {
+    AssertNotDebugCapacity();
     // We check for empty first because ClearBackingArray requires that
     // capacity() > 0 as a precondition.
     if (empty()) return end();
@@ -3193,6 +3219,7 @@ class raw_hash_set {
   }
 
   node_type extract(const_iterator position) {
+    AssertNotDebugCapacity();
     AssertIsFull(position.control(), position.inner_.generation(),
                  position.inner_.generation_ptr(), "extract()");
     auto node = CommonAccess::Transfer<node_type>(alloc_ref(), position.slot());
@@ -3325,13 +3352,13 @@ class raw_hash_set {
   template <class K = key_type>
   iterator find(const key_arg<K>& key,
                 size_t hash) ABSL_ATTRIBUTE_LIFETIME_BOUND {
-    AssertHashEqConsistent(key);
+    AssertOnFind(key);
     if (is_soo()) return find_soo(key);
     return find_non_soo(key, hash);
   }
   template <class K = key_type>
   iterator find(const key_arg<K>& key) ABSL_ATTRIBUTE_LIFETIME_BOUND {
-    AssertHashEqConsistent(key);
+    AssertOnFind(key);
     if (is_soo()) return find_soo(key);
     prefetch_heap_block();
     return find_non_soo(key, hash_ref()(key));
@@ -3476,16 +3503,19 @@ class raw_hash_set {
     slot_type&& slot;
   };
 
-  // TODO(b/303305702): re-enable reentrant validation.
   template <typename... Args>
   inline void construct(slot_type* slot, Args&&... args) {
-    PolicyTraits::construct(&alloc_ref(), slot, std::forward<Args>(args)...);
+    common().RunWithReentrancyGuard([&] {
+      PolicyTraits::construct(&alloc_ref(), slot, std::forward<Args>(args)...);
+    });
   }
   inline void destroy(slot_type* slot) {
-    PolicyTraits::destroy(&alloc_ref(), slot);
+    common().RunWithReentrancyGuard(
+        [&] { PolicyTraits::destroy(&alloc_ref(), slot); });
   }
   inline void transfer(slot_type* to, slot_type* from) {
-    PolicyTraits::transfer(&alloc_ref(), to, from);
+    common().RunWithReentrancyGuard(
+        [&] { PolicyTraits::transfer(&alloc_ref(), to, from); });
   }
 
   // TODO(b/289225379): consider having a helper class that has the impls for
@@ -3690,15 +3720,18 @@ class raw_hash_set {
   static slot_type* to_slot(void* buf) { return static_cast<slot_type*>(buf); }
 
   // Requires that lhs does not have a full SOO slot.
-  static void move_common(bool that_is_full_soo, allocator_type& rhs_alloc,
+  static void move_common(bool rhs_is_full_soo, allocator_type& rhs_alloc,
                           CommonFields& lhs, CommonFields&& rhs) {
-    if (PolicyTraits::transfer_uses_memcpy() || !that_is_full_soo) {
+    if (PolicyTraits::transfer_uses_memcpy() || !rhs_is_full_soo) {
       lhs = std::move(rhs);
     } else {
       lhs.move_non_heap_or_soo_fields(rhs);
-      // TODO(b/303305702): add reentrancy guard.
-      PolicyTraits::transfer(&rhs_alloc, to_slot(lhs.soo_data()),
-                             to_slot(rhs.soo_data()));
+      rhs.RunWithReentrancyGuard([&] {
+        lhs.RunWithReentrancyGuard([&] {
+          PolicyTraits::transfer(&rhs_alloc, to_slot(lhs.soo_data()),
+                                 to_slot(rhs.soo_data()));
+        });
+      });
     }
   }
 
@@ -3831,11 +3864,28 @@ class raw_hash_set {
   }
 
  protected:
+  // Asserts for correctness that we run on find/find_or_prepare_insert.
+  template <class K>
+  void AssertOnFind(ABSL_ATTRIBUTE_UNUSED const K& key) {
+#ifdef NDEBUG
+    return;
+#endif
+    AssertHashEqConsistent(key);
+    AssertNotDebugCapacity();
+  }
+
+  // Asserts that the capacity is not a sentinel invalid value.
+  // TODO(b/296061262): also add asserts for moved-from and destroyed states.
+  void AssertNotDebugCapacity() const {
+    assert(capacity() != kInvalidReentrance &&
+           "reentrant container access during element construction/destruction "
+           "is not allowed.");
+  }
+
   // Asserts that hash and equal functors provided by the user are consistent,
   // meaning that `eq(k1, k2)` implies `hash(k1)==hash(k2)`.
   template <class K>
-  void AssertHashEqConsistent(ABSL_ATTRIBUTE_UNUSED const K& key) {
-#ifndef NDEBUG
+  void AssertHashEqConsistent(const K& key) {
     if (empty()) return;
 
     const size_t hash_of_arg = hash_ref()(key);
@@ -3852,13 +3902,13 @@ class raw_hash_set {
         // In this case, we're going to crash. Do a couple of other checks for
         // idempotence issues. Recalculating hash/eq here is also convenient for
         // debugging with gdb/lldb.
-        const size_t once_more_hash_arg = hash_ref()(key);
+        ABSL_ATTRIBUTE_UNUSED const size_t once_more_hash_arg = hash_ref()(key);
         assert(hash_of_arg == once_more_hash_arg && "hash is not idempotent.");
-        const size_t once_more_hash_slot =
+        ABSL_ATTRIBUTE_UNUSED const size_t once_more_hash_slot =
             PolicyTraits::apply(HashElement{hash_ref()}, element);
         assert(hash_of_slot == once_more_hash_slot &&
                "hash is not idempotent.");
-        const bool once_more_eq =
+        ABSL_ATTRIBUTE_UNUSED const bool once_more_eq =
             PolicyTraits::apply(EqualElement<K>{key, eq_ref()}, element);
         assert(is_key_equal == once_more_eq && "equality is not idempotent.");
       }
@@ -3874,7 +3924,6 @@ class raw_hash_set {
     // We only do validation for small tables so that it's constant time.
     if (capacity() > 16) return;
     IterateOverFullSlots(common(), slot_array(), assert_consistent);
-#endif
   }
 
   // Attempts to find `key` in the table; if it isn't found, returns an iterator
@@ -3882,7 +3931,7 @@ class raw_hash_set {
   // `key`'s H2. Returns a bool indicating whether an insertion can take place.
   template <class K>
   std::pair<iterator, bool> find_or_prepare_insert(const K& key) {
-    AssertHashEqConsistent(key);
+    AssertOnFind(key);
     if (is_soo()) return find_or_prepare_insert_soo(key);
     return find_or_prepare_insert_non_soo(key);
   }
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc
index f1257d4b850926..923ea52bf09918 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/container/internal/raw_hash_set_test.cc
@@ -62,6 +62,7 @@
 #include "absl/meta/type_traits.h"
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
+#include "absl/types/optional.h"
 
 namespace absl {
 ABSL_NAMESPACE_BEGIN
@@ -3594,6 +3595,72 @@ TEST(Iterator, InconsistentHashEqFunctorsValidation) {
                             "hash/eq functors are inconsistent.");
 }
 
+struct ConstructCaller {
+  explicit ConstructCaller(int v) : val(v) {}
+  ConstructCaller(int v, absl::FunctionRef<void()> func) : val(v) { func(); }
+  template <typename H>
+  friend H AbslHashValue(H h, const ConstructCaller& d) {
+    return H::combine(std::move(h), d.val);
+  }
+  bool operator==(const ConstructCaller& c) const { return val == c.val; }
+
+  int val;
+};
+
+struct DestroyCaller {
+  explicit DestroyCaller(int v) : val(v) {}
+  DestroyCaller(int v, absl::FunctionRef<void()> func)
+      : val(v), destroy_func(func) {}
+  DestroyCaller(DestroyCaller&& that)
+      : val(that.val), destroy_func(std::move(that.destroy_func)) {
+    that.Deactivate();
+  }
+  ~DestroyCaller() {
+    if (destroy_func) (*destroy_func)();
+  }
+  void Deactivate() { destroy_func = absl::nullopt; }
+
+  template <typename H>
+  friend H AbslHashValue(H h, const DestroyCaller& d) {
+    return H::combine(std::move(h), d.val);
+  }
+  bool operator==(const DestroyCaller& d) const { return val == d.val; }
+
+  int val;
+  absl::optional<absl::FunctionRef<void()>> destroy_func;
+};
+
+TEST(Table, ReentrantCallsFail) {
+#ifdef NDEBUG
+  GTEST_SKIP() << "Reentrant checks only enabled in debug mode.";
+#else
+  {
+    ValueTable<ConstructCaller> t;
+    t.insert(ConstructCaller{0});
+    auto erase_begin = [&] { t.erase(t.begin()); };
+    EXPECT_DEATH_IF_SUPPORTED(t.emplace(1, erase_begin), "");
+  }
+  {
+    ValueTable<DestroyCaller> t;
+    t.insert(DestroyCaller{0});
+    auto find_0 = [&] { t.find(DestroyCaller{0}); };
+    t.insert(DestroyCaller{1, find_0});
+    for (int i = 10; i < 20; ++i) t.insert(DestroyCaller{i});
+    EXPECT_DEATH_IF_SUPPORTED(t.clear(), "");
+    for (auto& elem : t) elem.Deactivate();
+  }
+  {
+    ValueTable<DestroyCaller> t;
+    t.insert(DestroyCaller{0});
+    auto insert_1 = [&] { t.insert(DestroyCaller{1}); };
+    t.insert(DestroyCaller{1, insert_1});
+    for (int i = 10; i < 20; ++i) t.insert(DestroyCaller{i});
+    EXPECT_DEATH_IF_SUPPORTED(t.clear(), "");
+    for (auto& elem : t) elem.Deactivate();
+  }
+#endif
+}
+
 }  // namespace
 }  // namespace container_internal
 ABSL_NAMESPACE_END
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h
index 5615e4966b8c69..d1a311fd693dc0 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_map.h
@@ -417,8 +417,7 @@ class ABSL_INTERNAL_ATTRIBUTE_OWNER node_hash_map
   // node_hash_map::swap(node_hash_map& other)
   //
   // Exchanges the contents of this `node_hash_map` with those of the `other`
-  // node hash map, avoiding invocation of any move, copy, or swap operations on
-  // individual elements.
+  // node hash map.
   //
   // All iterators and references on the `node_hash_map` remain valid, excepting
   // for the past-the-end iterator, which is invalidated.
@@ -558,6 +557,21 @@ typename node_hash_map<K, V, H, E, A>::size_type erase_if(
   return container_internal::EraseIf(pred, &c);
 }
 
+// swap(node_hash_map<>, node_hash_map<>)
+//
+// Swaps the contents of two `node_hash_map` containers.
+//
+// NOTE: we need to define this function template in order for
+// `flat_hash_set::swap` to be called instead of `std::swap`. Even though we
+// have `swap(raw_hash_set&, raw_hash_set&)` defined, that function requires a
+// derived-to-base conversion, whereas `std::swap` is a function template so
+// `std::swap` will be preferred by compiler.
+template <typename K, typename V, typename H, typename E, typename A>
+void swap(node_hash_map<K, V, H, E, A>& x,
+          node_hash_map<K, V, H, E, A>& y) noexcept(noexcept(x.swap(y))) {
+  return x.swap(y);
+}
+
 namespace container_internal {
 
 // c_for_each_fast(node_hash_map<>, Function)
diff --git a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h
index 53435ae6301d27..2308074646704f 100644
--- a/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h
+++ b/deps/v8/third_party/abseil-cpp/absl/container/node_hash_set.h
@@ -349,8 +349,7 @@ class ABSL_INTERNAL_ATTRIBUTE_OWNER node_hash_set
   // node_hash_set::swap(node_hash_set& other)
   //
   // Exchanges the contents of this `node_hash_set` with those of the `other`
-  // node hash set, avoiding invocation of any move, copy, or swap operations on
-  // individual elements.
+  // node hash set.
   //
   // All iterators and references on the `node_hash_set` remain valid, excepting
   // for the past-the-end iterator, which is invalidated.
@@ -467,6 +466,21 @@ typename node_hash_set<T, H, E, A>::size_type erase_if(
   return container_internal::EraseIf(pred, &c);
 }
 
+// swap(node_hash_set<>, node_hash_set<>)
+//
+// Swaps the contents of two `node_hash_set` containers.
+//
+// NOTE: we need to define this function template in order for
+// `flat_hash_set::swap` to be called instead of `std::swap`. Even though we
+// have `swap(raw_hash_set&, raw_hash_set&)` defined, that function requires a
+// derived-to-base conversion, whereas `std::swap` is a function template so
+// `std::swap` will be preferred by compiler.
+template <typename T, typename H, typename E, typename A>
+void swap(node_hash_set<T, H, E, A>& x,
+          node_hash_set<T, H, E, A>& y) noexcept(noexcept(x.swap(y))) {
+  return x.swap(y);
+}
+
 namespace container_internal {
 
 // c_for_each_fast(node_hash_set<>, Function)
diff --git a/deps/v8/third_party/abseil-cpp/absl/debugging/internal/stack_consumption.h b/deps/v8/third_party/abseil-cpp/absl/debugging/internal/stack_consumption.h
index f41b64c39df111..f5ba5575d1b316 100644
--- a/deps/v8/third_party/abseil-cpp/absl/debugging/internal/stack_consumption.h
+++ b/deps/v8/third_party/abseil-cpp/absl/debugging/internal/stack_consumption.h
@@ -24,7 +24,7 @@
 // Use this feature test macro to detect its availability.
 #ifdef ABSL_INTERNAL_HAVE_DEBUGGING_STACK_CONSUMPTION
 #error ABSL_INTERNAL_HAVE_DEBUGGING_STACK_CONSUMPTION cannot be set directly
-#elif !defined(__APPLE__) && !defined(_WIN32) &&                     \
+#elif !defined(__APPLE__) && !defined(_WIN32) && !defined(__Fuchsia__) && \
     (defined(__i386__) || defined(__x86_64__) || defined(__ppc__) || \
      defined(__aarch64__) || defined(__riscv))
 #define ABSL_INTERNAL_HAVE_DEBUGGING_STACK_CONSUMPTION 1
diff --git a/deps/v8/third_party/abseil-cpp/absl/debugging/leak_check.cc b/deps/v8/third_party/abseil-cpp/absl/debugging/leak_check.cc
index fdb8798b814b24..1e57e6af9b7e44 100644
--- a/deps/v8/third_party/abseil-cpp/absl/debugging/leak_check.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/debugging/leak_check.cc
@@ -43,7 +43,7 @@ bool LeakCheckerIsActive() {
 bool LeakCheckerIsActive() { return true; }
 #endif
 
-bool FindAndReportLeaks() { return __lsan_do_recoverable_leak_check(); }
+bool FindAndReportLeaks() { return __lsan_do_recoverable_leak_check() != 0; }
 void DoIgnoreLeak(const void* ptr) { __lsan_ignore_object(ptr); }
 void RegisterLivePointers(const void* ptr, size_t size) {
   __lsan_register_root_region(ptr, size);
diff --git a/deps/v8/third_party/abseil-cpp/absl/flags/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/flags/BUILD.bazel
index 7a8ec7e6f4ca5e..af5f8d3ef2a216 100644
--- a/deps/v8/third_party/abseil-cpp/absl/flags/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/flags/BUILD.bazel
@@ -498,7 +498,10 @@ cc_test(
     ],
     copts = ABSL_TEST_COPTS,
     linkopts = ABSL_DEFAULT_LINKOPTS,
-    tags = ["no_test_wasm"],
+    tags = [
+        "no_test_fuchsia_x64",
+        "no_test_wasm",
+    ],
     deps = [
         ":program_name",
         "//absl/strings",
diff --git a/deps/v8/third_party/abseil-cpp/absl/log/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/log/BUILD.bazel
index b13cf4d4a7116d..8b6a295a2e8d33 100644
--- a/deps/v8/third_party/abseil-cpp/absl/log/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/log/BUILD.bazel
@@ -309,6 +309,7 @@ cc_test(
 cc_test(
     name = "absl_log_basic_test",
     size = "small",
+    timeout = "moderate",
     srcs = ["absl_log_basic_test.cc"],
     copts = ABSL_TEST_COPTS,
     linkopts = ABSL_DEFAULT_LINKOPTS,
@@ -424,6 +425,7 @@ cc_test(
 cc_test(
     name = "log_basic_test",
     size = "small",
+    timeout = "moderate",
     srcs = ["log_basic_test.cc"],
     copts = ABSL_TEST_COPTS,
     linkopts = ABSL_DEFAULT_LINKOPTS,
diff --git a/deps/v8/third_party/abseil-cpp/absl/log/internal/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/log/internal/BUILD.bazel
index 2dbf337a14dafa..db8464eb5fa714 100644
--- a/deps/v8/third_party/abseil-cpp/absl/log/internal/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/log/internal/BUILD.bazel
@@ -427,6 +427,7 @@ cc_binary(
 cc_test(
     name = "stderr_log_sink_test",
     size = "small",
+    timeout = "moderate",
     srcs = ["stderr_log_sink_test.cc"],
     copts = ABSL_TEST_COPTS,
     linkopts = ABSL_DEFAULT_LINKOPTS,
@@ -435,6 +436,7 @@ cc_test(
         "no_test:os:ios",
         "no_test_android",
         "no_test_darwin_x86_64",
+        "no_test_fuchsia_x64",
         "no_test_ios",
         "no_test_wasm",
     ],
diff --git a/deps/v8/third_party/abseil-cpp/absl/random/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/random/BUILD.bazel
index f276cc08a116a5..abb93f8e6787ef 100644
--- a/deps/v8/third_party/abseil-cpp/absl/random/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/random/BUILD.bazel
@@ -474,6 +474,7 @@ cc_test(
 cc_test(
     name = "mock_distributions_test",
     size = "small",
+    timeout = "moderate",
     srcs = ["mock_distributions_test.cc"],
     copts = ABSL_TEST_COPTS,
     linkopts = ABSL_DEFAULT_LINKOPTS,
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.bazel
index 9bffae6138b0e7..2cc014ed4d97a3 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.bazel
@@ -77,7 +77,6 @@ cc_library(
         "escaping.h",
         "has_absl_stringify.h",
         "internal/damerau_levenshtein_distance.h",
-        "internal/has_absl_stringify.h",
         "internal/string_constant.h",
         "match.h",
         "numbers.h",
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.gn b/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.gn
index 1e2e5ca5596258..01eacf20534f70 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.gn
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/BUILD.gn
@@ -47,7 +47,6 @@ absl_source_set("strings") {
     "escaping.h",
     "has_absl_stringify.h",
     "internal/damerau_levenshtein_distance.h",
-    "internal/has_absl_stringify.h",
     "internal/string_constant.h",
     "match.h",
     "numbers.h",
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/CMakeLists.txt b/deps/v8/third_party/abseil-cpp/absl/strings/CMakeLists.txt
index 4a84dbbd214896..3a1619e805e202 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/CMakeLists.txt
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/CMakeLists.txt
@@ -42,7 +42,6 @@ absl_cc_library(
     "has_absl_stringify.h"
     "internal/damerau_levenshtein_distance.h"
     "internal/string_constant.h"
-    "internal/has_absl_stringify.h"
     "match.h"
     "numbers.h"
     "str_cat.h"
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/ascii.cc b/deps/v8/third_party/abseil-cpp/absl/strings/ascii.cc
index 20a696a1f62c24..2af13a6d8c5e56 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/ascii.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/ascii.cc
@@ -180,7 +180,7 @@ constexpr bool AsciiInAZRange(unsigned char c) {
 // Force-inline so the compiler won't merge the short and long implementations.
 template <bool ToUpper>
 ABSL_ATTRIBUTE_ALWAYS_INLINE inline constexpr void AsciiStrCaseFoldImpl(
-    absl::Nonnull<char*> p, size_t size) {
+    absl::Nonnull<char*> dst, absl::Nonnull<const char*> src, size_t size) {
   // The upper- and lowercase versions of ASCII characters differ by only 1 bit.
   // When we need to flip the case, we can xor with this bit to achieve the
   // desired result. Note that the choice of 'a' and 'A' here is arbitrary. We
@@ -189,9 +189,9 @@ ABSL_ATTRIBUTE_ALWAYS_INLINE inline constexpr void AsciiStrCaseFoldImpl(
   constexpr unsigned char kAsciiCaseBitFlip = 'a' ^ 'A';
 
   for (size_t i = 0; i < size; ++i) {
-    unsigned char v = static_cast<unsigned char>(p[i]);
+    unsigned char v = static_cast<unsigned char>(src[i]);
     v ^= AsciiInAZRange<ToUpper>(v) ? kAsciiCaseBitFlip : 0;
-    p[i] = static_cast<char>(v);
+    dst[i] = static_cast<char>(v);
   }
 }
 
@@ -201,17 +201,28 @@ constexpr size_t kCaseFoldThreshold = 16;
 // No-inline so the compiler won't merge the short and long implementations.
 template <bool ToUpper>
 ABSL_ATTRIBUTE_NOINLINE constexpr void AsciiStrCaseFoldLong(
-    absl::Nonnull<char*> p, size_t size) {
+    absl::Nonnull<char*> dst, absl::Nonnull<const char*> src, size_t size) {
   ABSL_ASSUME(size >= kCaseFoldThreshold);
-  AsciiStrCaseFoldImpl<ToUpper>(p, size);
+  AsciiStrCaseFoldImpl<ToUpper>(dst, src, size);
 }
 
 // Splitting to short and long strings to allow vectorization decisions
 // to be made separately in the long and short cases.
 template <bool ToUpper>
-constexpr void AsciiStrCaseFold(absl::Nonnull<char*> p, size_t size) {
-  size < kCaseFoldThreshold ? AsciiStrCaseFoldImpl<ToUpper>(p, size)
-                            : AsciiStrCaseFoldLong<ToUpper>(p, size);
+constexpr void AsciiStrCaseFold(absl::Nonnull<char*> dst,
+                                absl::Nonnull<const char*> src, size_t size) {
+  size < kCaseFoldThreshold ? AsciiStrCaseFoldImpl<ToUpper>(dst, src, size)
+                            : AsciiStrCaseFoldLong<ToUpper>(dst, src, size);
+}
+
+void AsciiStrToLower(absl::Nonnull<char*> dst, absl::Nonnull<const char*> src,
+                     size_t n) {
+  return AsciiStrCaseFold<false>(dst, src, n);
+}
+
+void AsciiStrToUpper(absl::Nonnull<char*> dst, absl::Nonnull<const char*> src,
+                     size_t n) {
+  return AsciiStrCaseFold<true>(dst, src, n);
 }
 
 static constexpr size_t ValidateAsciiCasefold() {
@@ -222,8 +233,8 @@ static constexpr size_t ValidateAsciiCasefold() {
   for (unsigned int i = 0; i < num_chars; ++i) {
     uppered[i] = lowered[i] = static_cast<char>(i);
   }
-  AsciiStrCaseFold<false>(&lowered[0], num_chars);
-  AsciiStrCaseFold<true>(&uppered[0], num_chars);
+  AsciiStrCaseFold<false>(&lowered[0], &lowered[0], num_chars);
+  AsciiStrCaseFold<true>(&uppered[0], &uppered[0], num_chars);
   for (size_t i = 0; i < num_chars; ++i) {
     const char ch = static_cast<char>(i),
                ch_upper = ('a' <= ch && ch <= 'z' ? 'A' + (ch - 'a') : ch),
@@ -241,11 +252,13 @@ static_assert(ValidateAsciiCasefold() == 0, "error in case conversion");
 }  // namespace ascii_internal
 
 void AsciiStrToLower(absl::Nonnull<std::string*> s) {
-  return ascii_internal::AsciiStrCaseFold<false>(&(*s)[0], s->size());
+  char* p = &(*s)[0];
+  return ascii_internal::AsciiStrCaseFold<false>(p, p, s->size());
 }
 
 void AsciiStrToUpper(absl::Nonnull<std::string*> s) {
-  return ascii_internal::AsciiStrCaseFold<true>(&(*s)[0], s->size());
+  char* p = &(*s)[0];
+  return ascii_internal::AsciiStrCaseFold<true>(p, p, s->size());
 }
 
 void RemoveExtraAsciiWhitespace(absl::Nonnull<std::string*> str) {
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/ascii.h b/deps/v8/third_party/abseil-cpp/absl/strings/ascii.h
index c238f4de8290d4..c8c40e85e90df4 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/ascii.h
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/ascii.h
@@ -55,10 +55,12 @@
 #include <algorithm>
 #include <cstddef>
 #include <string>
+#include <utility>
 
 #include "absl/base/attributes.h"
 #include "absl/base/config.h"
 #include "absl/base/nullability.h"
+#include "absl/strings/internal/resize_uninitialized.h"
 #include "absl/strings/string_view.h"
 
 namespace absl {
@@ -74,6 +76,12 @@ ABSL_DLL extern const char kToUpper[256];
 // Declaration for the array of characters to lower-case characters.
 ABSL_DLL extern const char kToLower[256];
 
+void AsciiStrToLower(absl::Nonnull<char*> dst, absl::Nonnull<const char*> src,
+                     size_t n);
+
+void AsciiStrToUpper(absl::Nonnull<char*> dst, absl::Nonnull<const char*> src,
+                     size_t n);
+
 }  // namespace ascii_internal
 
 // ascii_isalpha()
@@ -171,7 +179,18 @@ void AsciiStrToLower(absl::Nonnull<std::string*> s);
 
 // Creates a lowercase string from a given absl::string_view.
 ABSL_MUST_USE_RESULT inline std::string AsciiStrToLower(absl::string_view s) {
-  std::string result(s);
+  std::string result;
+  strings_internal::STLStringResizeUninitialized(&result, s.size());
+  ascii_internal::AsciiStrToLower(&result[0], s.data(), s.size());
+  return result;
+}
+
+// Creates a lowercase string from a given std::string&&.
+//
+// (Template is used to lower priority of this overload.)
+template <int&... DoNotSpecify>
+ABSL_MUST_USE_RESULT inline std::string AsciiStrToLower(std::string&& s) {
+  std::string result = std::move(s);
   absl::AsciiStrToLower(&result);
   return result;
 }
@@ -189,7 +208,18 @@ void AsciiStrToUpper(absl::Nonnull<std::string*> s);
 
 // Creates an uppercase string from a given absl::string_view.
 ABSL_MUST_USE_RESULT inline std::string AsciiStrToUpper(absl::string_view s) {
-  std::string result(s);
+  std::string result;
+  strings_internal::STLStringResizeUninitialized(&result, s.size());
+  ascii_internal::AsciiStrToUpper(&result[0], s.data(), s.size());
+  return result;
+}
+
+// Creates an uppercase string from a given std::string&&.
+//
+// (Template is used to lower priority of this overload.)
+template <int&... DoNotSpecify>
+ABSL_MUST_USE_RESULT inline std::string AsciiStrToUpper(std::string&& s) {
+  std::string result = std::move(s);
   absl::AsciiStrToUpper(&result);
   return result;
 }
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/ascii_benchmark.cc b/deps/v8/third_party/abseil-cpp/absl/strings/ascii_benchmark.cc
index 4ae73174688b77..0eff801aec61ea 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/ascii_benchmark.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/ascii_benchmark.cc
@@ -129,4 +129,32 @@ BENCHMARK(BM_StrToUpper)
     ->RangeMultiplier(2)
     ->Range(64, 1 << 26);
 
+static void BM_StrToUpperFromRvalref(benchmark::State& state) {
+  const size_t size = static_cast<size_t>(state.range(0));
+  std::string s(size, 'X');
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(s);
+    std::string res = absl::AsciiStrToUpper(std::string(s));
+    benchmark::DoNotOptimize(res);
+  }
+}
+BENCHMARK(BM_StrToUpperFromRvalref)
+    ->DenseRange(0, 32)
+    ->RangeMultiplier(2)
+    ->Range(64, 1 << 26);
+
+static void BM_StrToLowerFromRvalref(benchmark::State& state) {
+  const size_t size = static_cast<size_t>(state.range(0));
+  std::string s(size, 'x');
+  for (auto _ : state) {
+    benchmark::DoNotOptimize(s);
+    std::string res = absl::AsciiStrToLower(std::string(s));
+    benchmark::DoNotOptimize(res);
+  }
+}
+BENCHMARK(BM_StrToLowerFromRvalref)
+    ->DenseRange(0, 32)
+    ->RangeMultiplier(2)
+    ->Range(64, 1 << 26);
+
 }  // namespace
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/ascii_test.cc b/deps/v8/third_party/abseil-cpp/absl/strings/ascii_test.cc
index 8885bb15d42d8e..896ffb7d6f7a23 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/ascii_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/ascii_test.cc
@@ -192,11 +192,13 @@ TEST(AsciiStrTo, Lower) {
   const absl::string_view sp(str2);
   const std::string long_str("ABCDEFGHIJKLMNOPQRSTUVWXYZ1!a");
   std::string mutable_str("_`?@[{AMNOPQRSTUVWXYZ");
+  auto fun = []() -> std::string { return "PQRSTU"; };
 
   EXPECT_EQ("abcdef", absl::AsciiStrToLower(buf));
   EXPECT_EQ("ghijkl", absl::AsciiStrToLower(str));
   EXPECT_EQ("mnopqr", absl::AsciiStrToLower(sp));
   EXPECT_EQ("abcdefghijklmnopqrstuvwxyz1!a", absl::AsciiStrToLower(long_str));
+  EXPECT_EQ("pqrstu", absl::AsciiStrToLower(fun()));
 
   absl::AsciiStrToLower(&mutable_str);
   EXPECT_EQ("_`?@[{amnopqrstuvwxyz", mutable_str);
@@ -213,11 +215,13 @@ TEST(AsciiStrTo, Upper) {
   const std::string str2("_`?@[{amnopqrstuvwxyz");
   const absl::string_view sp(str2);
   const std::string long_str("abcdefghijklmnopqrstuvwxyz1!A");
+  auto fun = []() -> std::string { return "pqrstu"; };
 
   EXPECT_EQ("ABCDEF", absl::AsciiStrToUpper(buf));
   EXPECT_EQ("GHIJKL", absl::AsciiStrToUpper(str));
   EXPECT_EQ("_`?@[{AMNOPQRSTUVWXYZ", absl::AsciiStrToUpper(sp));
   EXPECT_EQ("ABCDEFGHIJKLMNOPQRSTUVWXYZ1!A", absl::AsciiStrToUpper(long_str));
+  EXPECT_EQ("PQRSTU", absl::AsciiStrToUpper(fun()));
 
   char mutable_buf[] = "Mutable";
   std::transform(mutable_buf, mutable_buf + strlen(mutable_buf),
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/cord.h b/deps/v8/third_party/abseil-cpp/absl/strings/cord.h
index c68b6f10934703..1d8fcd3738c71d 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/cord.h
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/cord.h
@@ -641,7 +641,6 @@ class Cord {
     bool operator==(const CharIterator& other) const;
     bool operator!=(const CharIterator& other) const;
     reference operator*() const;
-    pointer operator->() const;
 
     friend Cord;
 
@@ -772,7 +771,7 @@ class Cord {
 
   // Cord::Find()
   //
-  // Returns an iterator to the first occurrance of the substring `needle`.
+  // Returns an iterator to the first occurrence of the substring `needle`.
   //
   // If the substring `needle` does not occur, `Cord::char_end()` is returned.
   CharIterator Find(absl::string_view needle) const;
@@ -1659,10 +1658,6 @@ inline Cord::CharIterator::reference Cord::CharIterator::operator*() const {
   return *chunk_iterator_->data();
 }
 
-inline Cord::CharIterator::pointer Cord::CharIterator::operator->() const {
-  return chunk_iterator_->data();
-}
-
 inline Cord Cord::AdvanceAndRead(absl::Nonnull<CharIterator*> it,
                                  size_t n_bytes) {
   assert(it != nullptr);
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/cord_test.cc b/deps/v8/third_party/abseil-cpp/absl/strings/cord_test.cc
index eaf6d719b65b03..993e58638f7902 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/cord_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/cord_test.cc
@@ -1309,6 +1309,7 @@ TEST_P(CordTest, RemoveSuffixMakesZeroLengthNode) {
   absl::Cord c;
   c.Append(absl::Cord(std::string(100, 'x')));
   absl::Cord other_ref = c;  // Prevent inplace appends
+  EXPECT_THAT(other_ref, testing::Eq(c));
   MaybeHarden(c);
   c.Append(absl::Cord(std::string(200, 'y')));
   c.RemoveSuffix(200);
@@ -1665,6 +1666,7 @@ TEST_P(CordTest, ConstructFromExternalReleaserInvoked) {
     auto releaser = [&invoked](absl::string_view) { invoked = true; };
     {
       auto c = absl::MakeCordFromExternal("", releaser);
+      EXPECT_THAT(c, testing::Eq(""));
       EXPECT_TRUE(invoked);
     }
   }
@@ -1679,6 +1681,7 @@ TEST_P(CordTest, ConstructFromExternalReleaserInvoked) {
     auto releaser = [&invoked](absl::string_view) { invoked = true; };
     {
       auto c = absl::MakeCordFromExternal(large_dummy, releaser);
+      EXPECT_THAT(c, testing::Eq(large_dummy));
       EXPECT_FALSE(invoked);
     }
     EXPECT_TRUE(invoked);
@@ -2167,6 +2170,7 @@ TEST_P(CordTest, DiabolicalGrowth) {
   absl::Cord cord;
   for (char c : expected) {
     absl::Cord shared(cord);
+    EXPECT_THAT(cord, testing::Eq(shared));
     cord.Append(absl::string_view(&c, 1));
     MaybeHarden(cord);
   }
@@ -2530,8 +2534,6 @@ static void VerifyCharIterator(const absl::Cord& cord) {
     EXPECT_EQ(*pre_iter, *post_iter);
     EXPECT_EQ(&*pre_iter, &*post_iter);
 
-    EXPECT_EQ(&*pre_iter, pre_iter.operator->());
-
     const char* character_address = &*pre_iter;
     absl::Cord::CharIterator copy = pre_iter;
     ++copy;
@@ -3278,6 +3280,26 @@ TEST_P(CordTest, ChecksummedEmptyCord) {
   EXPECT_EQ(absl::HashOf(c3), absl::HashOf(absl::string_view()));
 }
 
+// This must not be static to avoid aggressive optimizations.
+ABSL_ATTRIBUTE_WEAK
+size_t FalseReport(const absl::Cord& a, bool f);
+
+ABSL_ATTRIBUTE_NOINLINE
+size_t FalseReport(const absl::Cord& a, bool f) {
+  absl::Cord b;
+  const absl::Cord& ref = f ? b : a;
+  // Test that sanitizers report nothing here. Without
+  // InlineData::Rep::annotated_this() compiler can unconditionally load
+  // poisoned parts, assuming that local variable is fully accessible.
+  return ref.size();
+}
+
+TEST(CordSanitizerTest, SanitizesCordFalseReport) {
+  absl::Cord c;
+  for (int i = 0; i < 1000; ++i) c.Append("a");
+  FalseReport(c, false);
+}
+
 TEST(CrcCordTest, ChecksummedEmptyCordEstimateMemoryUsage) {
   absl::Cord cord;
   cord.SetExpectedChecksum(0);
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_internal.h b/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_internal.h
index 9420e764d9aa0f..d33b09e6ef98fc 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_internal.h
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_internal.h
@@ -259,7 +259,7 @@ struct CordRep {
   // on the specific layout of these fields. Notably: the non-trivial field
   // `refcount` being preceded by `length`, and being tailed by POD data
   // members only.
-  // # LINT.IfChange
+  // LINT.IfChange
   size_t length;
   RefcountAndFlags refcount;
   // If tag < FLAT, it represents CordRepKind and indicates the type of node.
@@ -275,7 +275,7 @@ struct CordRep {
   // allocate room for these in the derived class, as not all compilers reuse
   // padding space from the base class (clang and gcc do, MSVC does not, etc)
   uint8_t storage[3];
-  // # LINT.ThenChange(cord_rep_btree.h:copy_raw)
+  // LINT.ThenChange(cord_rep_btree.h:copy_raw)
 
   // Returns true if this instance's tag matches the requested type.
   constexpr bool IsSubstring() const { return tag == SUBSTRING; }
@@ -713,35 +713,53 @@ class InlineData {
                GetOrNull(chars, 13),
                GetOrNull(chars, 14)} {}
 
+#ifdef ABSL_INTERNAL_CORD_HAVE_SANITIZER
+    // Break compiler optimization for cases when value is allocated on the
+    // stack. Compiler assumes that the the variable is fully accessible
+    // regardless of our poisoning.
+    // Missing report: https://github.com/llvm/llvm-project/issues/100640
+    const Rep* self() const {
+      const Rep* volatile ptr = this;
+      return ptr;
+    }
+    Rep* self() {
+      Rep* volatile ptr = this;
+      return ptr;
+    }
+#else
+    constexpr const Rep* self() const { return this; }
+    constexpr Rep* self() { return this; }
+#endif
+
     // Disable sanitizer as we must always be able to read `tag`.
     ABSL_CORD_INTERNAL_NO_SANITIZE
     int8_t tag() const { return reinterpret_cast<const int8_t*>(this)[0]; }
-    void set_tag(int8_t rhs) { reinterpret_cast<int8_t*>(this)[0] = rhs; }
+    void set_tag(int8_t rhs) { reinterpret_cast<int8_t*>(self())[0] = rhs; }
 
-    char* as_chars() { return data + 1; }
-    const char* as_chars() const { return data + 1; }
+    char* as_chars() { return self()->data + 1; }
+    const char* as_chars() const { return self()->data + 1; }
 
-    bool is_tree() const { return (tag() & 1) != 0; }
+    bool is_tree() const { return (self()->tag() & 1) != 0; }
 
     size_t inline_size() const {
-      ABSL_ASSERT(!is_tree());
-      return static_cast<size_t>(tag()) >> 1;
+      ABSL_ASSERT(!self()->is_tree());
+      return static_cast<size_t>(self()->tag()) >> 1;
     }
 
     void set_inline_size(size_t size) {
       ABSL_ASSERT(size <= kMaxInline);
-      set_tag(static_cast<int8_t>(size << 1));
+      self()->set_tag(static_cast<int8_t>(size << 1));
     }
 
-    CordRep* tree() const { return as_tree.rep; }
-    void set_tree(CordRep* rhs) { as_tree.rep = rhs; }
+    CordRep* tree() const { return self()->as_tree.rep; }
+    void set_tree(CordRep* rhs) { self()->as_tree.rep = rhs; }
 
-    cordz_info_t cordz_info() const { return as_tree.cordz_info; }
-    void set_cordz_info(cordz_info_t rhs) { as_tree.cordz_info = rhs; }
+    cordz_info_t cordz_info() const { return self()->as_tree.cordz_info; }
+    void set_cordz_info(cordz_info_t rhs) { self()->as_tree.cordz_info = rhs; }
 
     void make_tree(CordRep* tree) {
-      as_tree.rep = tree;
-      as_tree.cordz_info = kNullCordzInfo;
+      self()->as_tree.rep = tree;
+      self()->as_tree.cordz_info = kNullCordzInfo;
     }
 
 #ifdef ABSL_INTERNAL_CORD_HAVE_SANITIZER
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h b/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h
index be94b62ec8e768..ab259afe64a48d 100644
--- a/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h
+++ b/deps/v8/third_party/abseil-cpp/absl/strings/internal/cord_rep_btree.h
@@ -684,14 +684,14 @@ inline CordRepBtree* CordRepBtree::CopyRaw(size_t new_length) const {
   // except `refcount` is trivially copyable, and the compiler does not
   // efficiently coalesce member-wise copy of these members.
   // See https://gcc.godbolt.org/z/qY8zsca6z
-  // # LINT.IfChange(copy_raw)
+  // LINT.IfChange(copy_raw)
   tree->length = new_length;
   uint8_t* dst = &tree->tag;
   const uint8_t* src = &tag;
   const ptrdiff_t offset = src - reinterpret_cast<const uint8_t*>(this);
   memcpy(dst, src, sizeof(CordRepBtree) - static_cast<size_t>(offset));
   return tree;
-  // # LINT.ThenChange()
+  // LINT.ThenChange()
 }
 
 inline CordRepBtree* CordRepBtree::Copy() const {
diff --git a/deps/v8/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h b/deps/v8/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h
deleted file mode 100644
index 98f27dff694b14..00000000000000
--- a/deps/v8/third_party/abseil-cpp/absl/strings/internal/has_absl_stringify.h
+++ /dev/null
@@ -1,54 +0,0 @@
-// Copyright 2024 The Abseil Authors
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-#ifndef ABSL_STRINGS_INTERNAL_HAS_ABSL_STRINGIFY_H_
-#define ABSL_STRINGS_INTERNAL_HAS_ABSL_STRINGIFY_H_
-
-#include "absl/strings/has_absl_stringify.h"
-
-#include <type_traits>
-#include <utility>
-
-#include "absl/base/config.h"
-
-namespace absl {
-ABSL_NAMESPACE_BEGIN
-
-namespace strings_internal {
-
-// This exists to fix a circular dependency problem with the GoogleTest release.
-// GoogleTest referenced this internal file and this internal trait.  Since
-// simultaneous releases are not possible since once release must reference
-// another, we will temporarily add this back.
-// https://github.com/google/googletest/blob/v1.14.x/googletest/include/gtest/gtest-printers.h#L119
-//
-// This file can be deleted after the next Abseil and GoogleTest release.
-//
-// https://github.com/google/googletest/pull/4368#issuecomment-1717699895
-// https://github.com/google/googletest/pull/4368#issuecomment-1717699895
-template <typename T, typename = void>
-struct HasAbslStringify : std::false_type {};
-
-template <typename T>
-struct HasAbslStringify<
-    T, std::enable_if_t<std::is_void<decltype(AbslStringify(
-           std::declval<strings_internal::UnimplementedSink&>(),
-           std::declval<const T&>()))>::value>> : std::true_type {};
-
-}  // namespace strings_internal
-
-ABSL_NAMESPACE_END
-}  // namespace absl
-
-#endif  // ABSL_STRINGS_INTERNAL_HAS_ABSL_STRINGIFY_H_
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.bazel b/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.bazel
index dafeba33120299..46a23f3bb2ae35 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.bazel
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.bazel
@@ -141,6 +141,7 @@ cc_library(
         "//absl/base:dynamic_annotations",
         "//absl/base:malloc_internal",
         "//absl/base:raw_logging_internal",
+        "//absl/base:tracing_internal",
         "//absl/debugging:stacktrace",
         "//absl/debugging:symbolize",
         "//absl/time",
@@ -177,6 +178,9 @@ cc_test(
     ],
     deps = [
         ":synchronization",
+        "//absl/base:config",
+        "//absl/base:core_headers",
+        "//absl/base:tracing_internal",
         "//absl/time",
         "@com_google_googletest//:gtest",
         "@com_google_googletest//:gtest_main",
@@ -320,6 +324,9 @@ cc_test(
     tags = ["no_test_lexan"],
     deps = [
         ":synchronization",
+        "//absl/base:config",
+        "//absl/base:core_headers",
+        "//absl/base:tracing_internal",
         "//absl/time",
         "@com_google_googletest//:gtest",
         "@com_google_googletest//:gtest_main",
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.gn b/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.gn
index c6f1d3ba1816e7..adee51696c4a68 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.gn
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/BUILD.gn
@@ -83,24 +83,44 @@ absl_source_set("synchronization") {
     "//third_party/abseil-cpp/absl/base:dynamic_annotations",
     "//third_party/abseil-cpp/absl/base:malloc_internal",
     "//third_party/abseil-cpp/absl/base:raw_logging_internal",
+    "//third_party/abseil-cpp/absl/base:tracing_internal",
     "//third_party/abseil-cpp/absl/debugging:stacktrace",
     "//third_party/abseil-cpp/absl/debugging:symbolize",
     "//third_party/abseil-cpp/absl/time",
   ]
 }
 
-absl_test("waiter_test") {
-  sources = [ "internal/waiter_test.cc" ]
+absl_test("barrier_test") {
+  sources = [ "barrier_test.cc" ]
   deps = [
-    ":kernel_timeout_internal",
     ":synchronization",
-    ":thread_pool",
-    "//third_party/abseil-cpp/absl/base:config",
-    "//third_party/abseil-cpp/absl/random",
     "//third_party/abseil-cpp/absl/time",
   ]
 }
 
+# Conflicts at link time with "tracing_strong_test" because also defines
+# strong functions for AbslInternalTraceWait and alike
+# absl_test("blocking_counter_test") {
+#   sources = [ "blocking_counter_test.cc" ]
+#   deps = [
+#     ":synchronization",
+#     "//third_party/abseil-cpp/absl/base:config",
+#     "//third_party/abseil-cpp/absl/base:core_headers",
+#     "//third_party/abseil-cpp/absl/base:tracing_internal",
+#     "//third_party/abseil-cpp/absl/time",
+#   ]
+# }
+
+absl_test("graphcycles_test") {
+  sources = [ "internal/graphcycles_test.cc" ]
+  deps = [
+    ":graphcycles_internal",
+    "//third_party/abseil-cpp/absl/base:core_headers",
+    "//third_party/abseil-cpp/absl/log",
+    "//third_party/abseil-cpp/absl/log:check",
+  ]
+}
+
 absl_source_set("thread_pool") {
   testonly = true
   public = [ "internal/thread_pool.h" ]
@@ -112,6 +132,43 @@ absl_source_set("thread_pool") {
   visibility = [ "//third_party/abseil-cpp/absl/*" ]
 }
 
+absl_test("mutex_test") {
+  sources = [ "mutex_test.cc" ]
+  deps = [
+    ":synchronization",
+    ":thread_pool",
+    "//third_party/abseil-cpp/absl/base",
+    "//third_party/abseil-cpp/absl/base:config",
+    "//third_party/abseil-cpp/absl/base:core_headers",
+    "//third_party/abseil-cpp/absl/log",
+    "//third_party/abseil-cpp/absl/log:check",
+    "//third_party/abseil-cpp/absl/memory",
+    "//third_party/abseil-cpp/absl/time",
+  ]
+}
+
+# Doesn't compile.
+# absl_test("mutex_method_pointer_test") {
+#   sources = [ "mutex_method_pointer_test.cc" ]
+#   deps = [
+#     ":synchronization",
+#     "//third_party/abseil-cpp/absl/base:config",
+#   ]
+# }
+
+# Conflicts at link time with "tracing_strong_test" because also defines
+# strong functions for AbslInternalTraceWait and alike
+# absl_test("notification_test") {
+#   sources = [ "notification_test.cc" ]
+#   deps = [
+#     ":synchronization",
+#     "//third_party/abseil-cpp/absl/base:config",
+#     "//third_party/abseil-cpp/absl/base:core_headers",
+#     "//third_party/abseil-cpp/absl/base:tracing_internal",
+#     "//third_party/abseil-cpp/absl/time",
+#   ]
+# }
+
 absl_source_set("per_thread_sem_test_common") {
   testonly = true
   sources = [ "internal/per_thread_sem_test.cc" ]
@@ -126,10 +183,32 @@ absl_source_set("per_thread_sem_test_common") {
   visibility = [ ":*" ]
 }
 
-# absl_test("mutex_method_pointer_test") {
-#   sources = [ "mutex_method_pointer_test.cc" ]
+absl_test("per_thread_sem_test") {
+  deps = [
+    ":per_thread_sem_test_common",
+    ":synchronization",
+    "//third_party/abseil-cpp/absl/strings",
+    "//third_party/abseil-cpp/absl/time",
+  ]
+}
+
+absl_test("waiter_test") {
+  sources = [ "internal/waiter_test.cc" ]
+  deps = [
+    ":kernel_timeout_internal",
+    ":synchronization",
+    ":thread_pool",
+    "//third_party/abseil-cpp/absl/base:config",
+    "//third_party/abseil-cpp/absl/random",
+    "//third_party/abseil-cpp/absl/time",
+  ]
+}
+# Has it's own main function and thus can't be included into absl_tests target
+# absl_test("lifetime_test") {
+#   sources = [ "lifetime_test.cc" ]
 #   deps = [
 #     ":synchronization",
-#     "//third_party/abseil-cpp/absl/base:config",
+#     "//third_party/abseil-cpp/absl/base:core_headers",
+#     "//third_party/abseil-cpp/absl/log:check",
 #   ]
 # }
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/CMakeLists.txt b/deps/v8/third_party/abseil-cpp/absl/synchronization/CMakeLists.txt
index a0f64e5ceaa220..a74557472c89b6 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/CMakeLists.txt
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/CMakeLists.txt
@@ -112,7 +112,9 @@ absl_cc_library(
     absl::raw_logging_internal
     absl::stacktrace
     absl::symbolize
+    absl::tracing_internal
     absl::time
+    absl::tracing_internal
     Threads::Threads
   PUBLIC
 )
@@ -140,6 +142,7 @@ absl_cc_test(
   DEPS
     absl::synchronization
     absl::time
+    absl::tracing_internal
     GTest::gmock_main
 )
 
@@ -215,8 +218,12 @@ absl_cc_test(
   COPTS
     ${ABSL_TEST_COPTS}
   DEPS
+    absl::base
+    absl::config
+    absl::core_headers
     absl::synchronization
     absl::time
+    absl::tracing_internal
     GTest::gmock_main
 )
 
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc
index d2f82da3bb398c..a530baf4cc4e83 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.cc
@@ -17,6 +17,7 @@
 #include <atomic>
 
 #include "absl/base/internal/raw_logging.h"
+#include "absl/base/internal/tracing.h"
 
 namespace absl {
 ABSL_NAMESPACE_BEGIN
@@ -40,6 +41,7 @@ bool BlockingCounter::DecrementCount() {
   ABSL_RAW_CHECK(count >= 0,
                  "BlockingCounter::DecrementCount() called too many times");
   if (count == 0) {
+    base_internal::TraceSignal(this, TraceObjectKind());
     MutexLock l(&lock_);
     done_ = true;
     return true;
@@ -48,19 +50,23 @@ bool BlockingCounter::DecrementCount() {
 }
 
 void BlockingCounter::Wait() {
-  MutexLock l(&this->lock_);
+  base_internal::TraceWait(this, TraceObjectKind());
+  {
+    MutexLock l(&this->lock_);
 
-  // only one thread may call Wait(). To support more than one thread,
-  // implement a counter num_to_exit, like in the Barrier class.
-  ABSL_RAW_CHECK(num_waiting_ == 0, "multiple threads called Wait()");
-  num_waiting_++;
+    // only one thread may call Wait(). To support more than one thread,
+    // implement a counter num_to_exit, like in the Barrier class.
+    ABSL_RAW_CHECK(num_waiting_ == 0, "multiple threads called Wait()");
+    num_waiting_++;
 
-  this->lock_.Await(Condition(IsDone, &this->done_));
+    this->lock_.Await(Condition(IsDone, &this->done_));
 
-  // At this point, we know that all threads executing DecrementCount
-  // will not touch this object again.
-  // Therefore, the thread calling this method is free to delete the object
-  // after we return from this method.
+    // At this point, we know that all threads executing DecrementCount
+    // will not touch this object again.
+    // Therefore, the thread calling this method is free to delete the object
+    // after we return from this method.
+  }
+  base_internal::TraceContinue(this, TraceObjectKind());
 }
 
 ABSL_NAMESPACE_END
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.h b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.h
index 1908fdb1d9ad3a..d0504a19bf01e2 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.h
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter.h
@@ -22,6 +22,7 @@
 
 #include <atomic>
 
+#include "absl/base/internal/tracing.h"
 #include "absl/base/thread_annotations.h"
 #include "absl/synchronization/mutex.h"
 
@@ -89,6 +90,11 @@ class BlockingCounter {
   void Wait();
 
  private:
+  // Convenience helper to reduce verbosity at call sites.
+  static inline constexpr base_internal::ObjectKind TraceObjectKind() {
+    return base_internal::ObjectKind::kBlockingCounter;
+  }
+
   Mutex lock_;
   std::atomic<int> count_;
   int num_waiting_ ABSL_GUARDED_BY(lock_);
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter_test.cc b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter_test.cc
index 06885f57597307..0c42b56a060059 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/blocking_counter_test.cc
@@ -15,9 +15,13 @@
 #include "absl/synchronization/blocking_counter.h"
 
 #include <thread>  // NOLINT(build/c++11)
+#include <tuple>
 #include <vector>
 
 #include "gtest/gtest.h"
+#include "absl/base/attributes.h"
+#include "absl/base/config.h"
+#include "absl/base/internal/tracing.h"
 #include "absl/time/clock.h"
 #include "absl/time/time.h"
 
@@ -76,5 +80,67 @@ TEST(BlockingCounterTest, WaitNegativeInitialCount) {
 #endif
 
 }  // namespace
+
+#if ABSL_HAVE_ATTRIBUTE_WEAK
+
+namespace base_internal {
+
+namespace {
+
+using TraceRecord = std::tuple<const void*, ObjectKind>;
+
+thread_local TraceRecord tls_signal;
+thread_local TraceRecord tls_wait;
+thread_local TraceRecord tls_continue;
+
+}  // namespace
+
+// Strong extern "C" implementation.
+extern "C" {
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(const void* object,
+                                                   ObjectKind kind) {
+  tls_wait = {object, kind};
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(const void* object,
+                                                       ObjectKind kind) {
+  tls_continue = {object, kind};
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(const void* object,
+                                                     ObjectKind kind) {
+  tls_signal = {object, kind};
+}
+
+}  // extern "C"
+
+TEST(BlockingCounterTest, TracesSignal) {
+  BlockingCounter counter(2);
+
+  tls_signal = {};
+  counter.DecrementCount();
+  EXPECT_EQ(tls_signal, TraceRecord(nullptr, ObjectKind::kUnknown));
+
+  tls_signal = {};
+  counter.DecrementCount();
+  EXPECT_EQ(tls_signal, TraceRecord(&counter, ObjectKind::kBlockingCounter));
+}
+
+TEST(BlockingCounterTest, TracesWaitContinue) {
+  BlockingCounter counter(1);
+  counter.DecrementCount();
+
+  tls_wait = {};
+  tls_continue = {};
+  counter.Wait();
+  EXPECT_EQ(tls_wait, TraceRecord(&counter, ObjectKind::kBlockingCounter));
+  EXPECT_EQ(tls_continue, TraceRecord(&counter, ObjectKind::kBlockingCounter));
+}
+
+}  // namespace base_internal
+
+#endif  // ABSL_HAVE_ATTRIBUTE_WEAK
+
 ABSL_NAMESPACE_END
 }  // namespace absl
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc b/deps/v8/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc
index eacaa28d7b2437..93cd376bde0f32 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/internal/create_thread_identity.cc
@@ -39,7 +39,8 @@ ABSL_CONST_INIT static base_internal::SpinLock freelist_lock(
 ABSL_CONST_INIT static base_internal::ThreadIdentity* thread_identity_freelist;
 
 // A per-thread destructor for reclaiming associated ThreadIdentity objects.
-// Since we must preserve their storage we cache them for re-use.
+// Since we must preserve their storage, we cache them for re-use instead of
+// truly destructing the object.
 static void ReclaimThreadIdentity(void* v) {
   base_internal::ThreadIdentity* identity =
       static_cast<base_internal::ThreadIdentity*>(v);
@@ -124,6 +125,9 @@ static base_internal::ThreadIdentity* NewThreadIdentity() {
     identity = reinterpret_cast<base_internal::ThreadIdentity*>(
         RoundUp(reinterpret_cast<intptr_t>(allocation),
                 base_internal::PerThreadSynch::kAlignment));
+    // Note that *identity is never constructed.
+    // TODO(b/357097463): change this "one time init" to be a proper
+    // constructor.
     OneTimeInitThreadIdentity(identity);
   }
   ResetThreadIdentityBetweenReuse(identity);
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.cc b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.cc
index 165ba669fb8f43..a5853ab3d703ff 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.cc
@@ -17,6 +17,7 @@
 #include <atomic>
 
 #include "absl/base/internal/raw_logging.h"
+#include "absl/base/internal/tracing.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/time/time.h"
 
@@ -24,6 +25,7 @@ namespace absl {
 ABSL_NAMESPACE_BEGIN
 
 void Notification::Notify() {
+  base_internal::TraceSignal(this, TraceObjectKind());
   MutexLock l(&this->mutex_);
 
 #ifndef NDEBUG
@@ -45,31 +47,37 @@ Notification::~Notification() {
 }
 
 void Notification::WaitForNotification() const {
+  base_internal::TraceWait(this, TraceObjectKind());
   if (!HasBeenNotifiedInternal(&this->notified_yet_)) {
-    this->mutex_.LockWhen(Condition(&HasBeenNotifiedInternal,
-                                    &this->notified_yet_));
+    this->mutex_.LockWhen(
+        Condition(&HasBeenNotifiedInternal, &this->notified_yet_));
     this->mutex_.Unlock();
   }
+  base_internal::TraceContinue(this, TraceObjectKind());
 }
 
 bool Notification::WaitForNotificationWithTimeout(
     absl::Duration timeout) const {
+  base_internal::TraceWait(this, TraceObjectKind());
   bool notified = HasBeenNotifiedInternal(&this->notified_yet_);
   if (!notified) {
     notified = this->mutex_.LockWhenWithTimeout(
         Condition(&HasBeenNotifiedInternal, &this->notified_yet_), timeout);
     this->mutex_.Unlock();
   }
+  base_internal::TraceContinue(notified ? this : nullptr, TraceObjectKind());
   return notified;
 }
 
 bool Notification::WaitForNotificationWithDeadline(absl::Time deadline) const {
+  base_internal::TraceWait(this, TraceObjectKind());
   bool notified = HasBeenNotifiedInternal(&this->notified_yet_);
   if (!notified) {
     notified = this->mutex_.LockWhenWithDeadline(
         Condition(&HasBeenNotifiedInternal, &this->notified_yet_), deadline);
     this->mutex_.Unlock();
   }
+  base_internal::TraceContinue(notified ? this : nullptr, TraceObjectKind());
   return notified;
 }
 
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.h b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.h
index 8986d9a4083d0c..78cdf2960849cd 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.h
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification.h
@@ -53,6 +53,7 @@
 #include <atomic>
 
 #include "absl/base/attributes.h"
+#include "absl/base/internal/tracing.h"
 #include "absl/synchronization/mutex.h"
 #include "absl/time/time.h"
 
@@ -75,7 +76,11 @@ class Notification {
   //
   // Returns the value of the notification's internal "notified" state.
   ABSL_MUST_USE_RESULT bool HasBeenNotified() const {
-    return HasBeenNotifiedInternal(&this->notified_yet_);
+    if (HasBeenNotifiedInternal(&this->notified_yet_)) {
+      base_internal::TraceObserved(this, TraceObjectKind());
+      return true;
+    }
+    return false;
   }
 
   // Notification::WaitForNotification()
@@ -108,6 +113,11 @@ class Notification {
   void Notify();
 
  private:
+  // Convenience helper to reduce verbosity at call sites.
+  static inline constexpr base_internal::ObjectKind TraceObjectKind() {
+    return base_internal::ObjectKind::kNotification;
+  }
+
   static inline bool HasBeenNotifiedInternal(
       const std::atomic<bool>* notified_yet) {
     return notified_yet->load(std::memory_order_acquire);
diff --git a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification_test.cc b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification_test.cc
index 49ce61a55a412c..027bc05b2ade57 100644
--- a/deps/v8/third_party/abseil-cpp/absl/synchronization/notification_test.cc
+++ b/deps/v8/third_party/abseil-cpp/absl/synchronization/notification_test.cc
@@ -15,10 +15,15 @@
 #include "absl/synchronization/notification.h"
 
 #include <thread>  // NOLINT(build/c++11)
+#include <tuple>
 #include <vector>
 
 #include "gtest/gtest.h"
+#include "absl/base/attributes.h"
+#include "absl/base/config.h"
+#include "absl/base/internal/tracing.h"
 #include "absl/synchronization/mutex.h"
+#include "absl/time/time.h"
 
 namespace absl {
 ABSL_NAMESPACE_BEGIN
@@ -129,5 +134,93 @@ TEST(NotificationTest, SanityTest) {
   BasicTests(true, &local_notification2);
 }
 
+#if ABSL_HAVE_ATTRIBUTE_WEAK
+
+namespace base_internal {
+
+namespace {
+
+using TraceRecord = std::tuple<const void*, ObjectKind>;
+
+thread_local TraceRecord tls_signal;
+thread_local TraceRecord tls_wait;
+thread_local TraceRecord tls_continue;
+thread_local TraceRecord tls_observed;
+
+}  // namespace
+
+// Strong extern "C" implementation.
+extern "C" {
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceWait)(const void* object,
+                                                   ObjectKind kind) {
+  tls_wait = {object, kind};
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceContinue)(const void* object,
+                                                       ObjectKind kind) {
+  tls_continue = {object, kind};
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceSignal)(const void* object,
+                                                     ObjectKind kind) {
+  tls_signal = {object, kind};
+}
+
+void ABSL_INTERNAL_C_SYMBOL(AbslInternalTraceObserved)(const void* object,
+                                                       ObjectKind kind) {
+  tls_observed = {object, kind};
+}
+
+}  // extern "C"
+
+TEST(NotificationTest, TracesNotify) {
+  Notification n;
+  tls_signal = {};
+  n.Notify();
+  EXPECT_EQ(tls_signal, TraceRecord(&n, ObjectKind::kNotification));
+}
+
+TEST(NotificationTest, TracesWaitForNotification) {
+  Notification n;
+  n.Notify();
+  tls_wait = tls_continue = {};
+  n.WaitForNotification();
+  EXPECT_EQ(tls_wait, TraceRecord(&n, ObjectKind::kNotification));
+  EXPECT_EQ(tls_continue, TraceRecord(&n, ObjectKind::kNotification));
+}
+
+TEST(NotificationTest, TracesWaitForNotificationWithTimeout) {
+  Notification n;
+
+  tls_wait = tls_continue = {};
+  n.WaitForNotificationWithTimeout(absl::Milliseconds(1));
+  EXPECT_EQ(tls_wait, TraceRecord(&n, ObjectKind::kNotification));
+  EXPECT_EQ(tls_continue, TraceRecord(nullptr, ObjectKind::kNotification));
+
+  n.Notify();
+  tls_wait = tls_continue = {};
+  n.WaitForNotificationWithTimeout(absl::Milliseconds(1));
+  EXPECT_EQ(tls_wait, TraceRecord(&n, ObjectKind::kNotification));
+  EXPECT_EQ(tls_continue, TraceRecord(&n, ObjectKind::kNotification));
+}
+
+TEST(NotificationTest, TracesHasBeenNotified) {
+  Notification n;
+
+  tls_observed = {};
+  ASSERT_FALSE(n.HasBeenNotified());
+  EXPECT_EQ(tls_observed, TraceRecord(nullptr, ObjectKind::kUnknown));
+
+  n.Notify();
+  tls_observed = {};
+  ASSERT_TRUE(n.HasBeenNotified());
+  EXPECT_EQ(tls_observed, TraceRecord(&n, ObjectKind::kNotification));
+}
+
+}  // namespace base_internal
+
+#endif  // ABSL_HAVE_ATTRIBUTE_WEAK
+
 ABSL_NAMESPACE_END
 }  // namespace absl
diff --git a/deps/v8/third_party/abseil-cpp/symbols_arm64_dbg.def b/deps/v8/third_party/abseil-cpp/symbols_arm64_dbg.def
index ac60c9c77c7e34..33425d03de070a 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_arm64_dbg.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_arm64_dbg.def
@@ -395,16 +395,6 @@ EXPORTS
     ??$?8UUnrecognizedFlag@absl@@U01@@__Cr@std@@YA_NAEBV?$allocator@UUnrecognizedFlag@absl@@@01@0@Z
     ??$?8V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$unique_ptr@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@01@$$T@Z
     ??$?8VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$unique_ptr@VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@01@$$T@Z
-    ??$?9PEAPEAVCommandLineFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PEAPEAVCordzHandle@cord_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVCordzHandle@cord_internal@absl@@@01@0@Z
-    ??$?9PEAPEAVLogSink@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVLogSink@absl@@@01@0@Z
-    ??$?9PEAPEBVCommandLineFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEBVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PEAUTransitionType@cctz@time_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAUTransitionType@cctz@time_internal@absl@@@01@0@Z
-    ??$?9PEAUUnrecognizedFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAUUnrecognizedFlag@absl@@@01@0@Z
-    ??$?9PEAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@01@0@Z
-    ??$?9PEBQEAVLogSink@absl@@PEAPEAV01@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBQEAVLogSink@absl@@@01@AEBV?$__wrap_iter@PEAPEAVLogSink@absl@@@01@@Z
-    ??$?9PEBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@01@0@Z
-    ??$?9PEBUUnrecognizedFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBUUnrecognizedFlag@absl@@@01@0@Z
     ??$?BV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QEBA?AV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?BV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QEBA?AV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?DH@absl@@YA?AVDuration@0@HV10@@Z
@@ -520,11 +510,12 @@ EXPORTS
     ??$ArgumentToConv@_N@str_format_internal@absl@@YA?AW4FormatConversionCharSet@1@XZ
     ??$AsciiInAZRange@$00@ascii_internal@absl@@YA_NE@Z
     ??$AsciiInAZRange@$0A@@ascii_internal@absl@@YA_NE@Z
-    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
+    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ??$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
+    ??$AssertOnFind@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ??$AssignElements@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PEAUPayload@status_internal@absl@@@23@@inlined_vector_internal@absl@@@inlined_vector_internal@absl@@YAXPEAUPayload@status_internal@1@AEAV?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PEAUPayload@status_internal@absl@@@23@@01@_K@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEBE_KPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPEBD@Z
     ??$BufferSizeFor@$$V@log_internal@absl@@YA_KW4WireType@01@@Z
@@ -820,6 +811,10 @@ EXPORTS
     ??$Register@AEB_JAEA_KAEA_KAEA_KAEAG@?$SampleRecorder@UHashtablezInfo@container_internal@absl@@@profiling_internal@absl@@QEAAPEAUHashtablezInfo@container_internal@2@AEB_JAEA_K11AEAG@Z
     ??$RotateRight@I@crc_internal@absl@@YAIIHH@Z
     ??$RoundUp@$03@crc_internal@absl@@YAPEBEPEBE@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@45@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@45@0@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@0@Z@@Z
     ??$SNPrintF@DHHH@absl@@YAHPEAD_KAEBV?$FormatSpecTemplate@$0BPPPL@$0JPPPL@$0JPPPL@$0JPPPL@@str_format_internal@0@AEBDAEBH44@Z
     ??$STLStringResizeUninitialized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@X@strings_internal@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_K@Z
     ??$STLStringResizeUninitializedAmortized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_K@Z
@@ -1138,6 +1133,7 @@ EXPORTS
     ??$__launder@VFlagRegistry@flags_internal@absl@@@__Cr@std@@YAPEAVFlagRegistry@flags_internal@absl@@PEAV234@@Z
     ??$__launder@VMutex@absl@@@__Cr@std@@YAPEAVMutex@absl@@PEAV23@@Z
     ??$__lower_bound@U_ClassicAlgPolicy@__Cr@std@@PEBUTransition@cctz@time_internal@absl@@PEBU4567@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPEBUTransition@cctz@time_internal@absl@@PEBU2345@0AEBU2345@AEAUByUnixTime@2345@AEAU__identity@01@@Z
+    ??$__lower_bound_bisecting@U_ClassicAlgPolicy@__Cr@std@@PEBUTransition@cctz@time_internal@absl@@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPEBUTransition@cctz@time_internal@absl@@PEBU2345@AEBU2345@_JAEAUByUnixTime@2345@AEAU__identity@01@@Z
     ??$__make_exception_guard@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@__Cr@std@@@__Cr@std@@YA?AU?$__exception_guard_noexceptions@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@__Cr@std@@@01@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@01@@Z
     ??$__memberwise_forward_assign@V?$tuple@AEAPEAVCommandLineFlag@absl@@AEA_N@__Cr@std@@V?$tuple@PEAVCommandLineFlag@absl@@_N@23@PEAVCommandLineFlag@absl@@_N$$Z$0A@$00@__Cr@std@@YAXAEAV?$tuple@AEAPEAVCommandLineFlag@absl@@AEA_N@01@$$QEAV?$tuple@PEAVCommandLineFlag@absl@@_N@01@U?$__tuple_types@PEAVCommandLineFlag@absl@@_N@01@U?$__tuple_indices@$0A@$00@01@@Z
     ??$__move@U_ClassicAlgPolicy@__Cr@std@@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@PEAPEAPEBV45678@PEAPEAPEBV45678@@__Cr@std@@YA?AU?$pair@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@PEAPEAPEBV12345@@01@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@00@Z
@@ -2406,8 +2402,6 @@ EXPORTS
     ??9ChunkIterator@Cord@absl@@QEBA_NAEBV012@@Z
     ??9GraphId@synchronization_internal@absl@@QEBA_NAEBU012@@Z
     ??9__Cr@std@@YA_NAEBU__deque_range@?$deque@UPrefixCrc@CrcCordState@crc_internal@absl@@V?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@01@0@Z
-    ??9__Cr@std@@YA_NAEBV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PEAU1234@AEAU1234@PEAPEAU1234@_J$0A@@01@0@Z
-    ??9__Cr@std@@YA_NAEBV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PEBU1234@AEBU1234@PEBQEBU1234@_J$0A@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAX@23@_J@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PEAX@23@_J@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAX@23@_J@01@0@Z
@@ -2606,6 +2600,8 @@ EXPORTS
     ??Pabsl@@YA_NVuint128@0@0@Z
     ??R<lambda_1>@?0???$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z@QEBA?A?<auto>@@PEBW4ctrl_t@23@PEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@@Z
     ??R<lambda_1>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@23@_K@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@67@@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@67@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$FixedArray@D$0?0V?$allocator@D@__Cr@std@@@absl@@QEAAAEAD_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAAEAUPayload@status_internal@2@_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEBAAEBUPayload@status_internal@2@_K@Z@QEBA?A?<auto>@@XZ
@@ -2628,6 +2624,7 @@ EXPORTS
     ??R<lambda_1>@?0??SubtractSize@?$Storage@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??SubtractSize@?$Storage@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??back@?$InlinedVector@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QEAAAEAPEAUCordRep@cord_internal@3@XZ@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAPEAUPayload@status_internal@3@PEBU453@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??inline_size@Rep@InlineData@cord_internal@absl@@QEBA_KXZ@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??pop_back@?$InlinedVector@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QEAAXXZ@QEBA?A?<auto>@@XZ
@@ -2638,6 +2635,7 @@ EXPORTS
     ??R<lambda_1>@?0??resize_impl@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@CAXAEAVCommonFields@34@_KVHashtablezInfoHandle@34@@Z@QEBA?A?<auto>@@PEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@@Z
     ??R<lambda_1>@?0??set_inline_data@InlineData@cord_internal@absl@@QEAAXPEBD_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??set_inline_size@Rep@InlineData@cord_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@0@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@23@_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0??AssertSameContainer@container_internal@absl@@YAXPEBW4ctrl_t@23@0AEBQEBX1PEBE2@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAPEAUPayload@status_internal@3@PEBU453@@Z@QEBA?A?<auto>@@XZ
@@ -2799,6 +2797,7 @@ EXPORTS
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AEAAX_K@Z
     ?AlignBegin@CordRepBtree@cord_internal@absl@@AEAAXXZ
     ?AlignEnd@CordRepBtree@cord_internal@absl@@AEAAXXZ
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPEAX_K@Z
     ?Alloc@flags_internal@absl@@YAPEAXP6APEAXW4FlagOp@12@PEBXPEAX2@Z@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPEAX_KPEAUArena@123@@Z
     ?Allocate@?$AllocationTransaction@V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAPEAPEAUCordRep@cord_internal@3@_K@Z
@@ -2846,12 +2845,15 @@ EXPORTS
     ?AreItersFromSameContainer@container_internal@absl@@YA_NPEBW4ctrl_t@12@0AEBQEBX1@Z
     ?AsValueType@?$FixedArray@D$0?0V?$allocator@D@__Cr@std@@@absl@@CAPEADPEAD@Z
     ?AsciiStrToLower@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AsciiStrToUpper@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AssertHeld@CordzInfo@cord_internal@absl@@QEAAXXZ
     ?AssertHeld@Mutex@absl@@QEBAXXZ
     ?AssertInSooMode@CommonFields@container_internal@absl@@AEBAXXZ
     ?AssertIsFull@container_internal@absl@@YAXPEBW4ctrl_t@12@EPEBEPEBD@Z
     ?AssertIsValidForComparison@container_internal@absl@@YAXPEBW4ctrl_t@12@EPEBE@Z
+    ?AssertNotDebugCapacity@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEBAXXZ
     ?AssertNotHeld@Mutex@absl@@QEBAXXZ
     ?AssertReaderHeld@Mutex@absl@@QEBAXXZ
     ?AssertSameContainer@container_internal@absl@@YAXPEBW4ctrl_t@12@0AEBQEBX1PEBE2@Z
@@ -3243,6 +3245,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPEAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPEAX@Z
     ?Frequency@CycleClock@base_internal@absl@@SANXZ
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVDuration@1@AEBV?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@chrono@__Cr@std@@@Z
@@ -4133,6 +4136,11 @@ EXPORTS
     ?ToUnixNanos@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@cctz@time_internal@absl@@YA_JAEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$00@__Cr@std@@@234@@chrono@__Cr@std@@@Z
+    ?TraceContinue@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
+    ?TraceObjectKind@BlockingCounter@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceObjectKind@Notification@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceSignal@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
+    ?TraceWait@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
     ?Track@CordzInfo@cord_internal@absl@@AEAAXXZ
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAEAVInlineData@23@AEBV423@W4MethodIdentifier@CordzUpdateTracker@23@@Z
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAEAVInlineData@23@W4MethodIdentifier@CordzUpdateTracker@23@_J@Z
@@ -5672,6 +5680,8 @@ EXPORTS
     ?second@?$__compressed_pair@_KV?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAAEAV?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@23@XZ
     ?second@?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBAHXZ
     ?second@?$civil_time@Usecond_tag@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBAHXZ
+    ?self@Rep@InlineData@cord_internal@absl@@QEAAPEAU1234@XZ
+    ?self@Rep@InlineData@cord_internal@absl@@QEBAPEBU1234@XZ
     ?set@MaybeInitializedPtr@container_internal@absl@@QEAAXPEAX@Z
     ?set_arg@BoundConversion@str_format_internal@absl@@QEAAXPEBVFormatArgImpl@23@@Z
     ?set_begin@CordRepBtree@cord_internal@absl@@AEAAX_K@Z
@@ -5838,5 +5848,18 @@ EXPORTS
     ?year@?$civil_time@Uyear_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBA_JXZ
     ?year_index@impl@detail@cctz@time_internal@absl@@YAH_JC@Z
     ?ymd_ord@impl@detail@cctz@time_internal@absl@@YA_J_JCC@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_arm64_rel.def b/deps/v8/third_party/abseil-cpp/symbols_arm64_rel.def
index 2750976aa2cf97..180d59aeab9a14 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_arm64_rel.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_arm64_rel.def
@@ -34,8 +34,8 @@ EXPORTS
     ??$Append@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@$0A@@Cord@absl@@QEAAX$$QEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??$AppendImpl@AEBVCord@absl@@@Cord@absl@@AEAAXAEBV01@@Z
     ??$AppendImpl@VCord@absl@@@Cord@absl@@AEAAX$$QEAV01@@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEBE_KPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPEBD@Z
     ??$CallOnceImpl@A6AXXZ$$V@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@A6AXXZ@Z
     ??$CallOnceImpl@P8FlagImpl@flags_internal@absl@@EAAXXZPEAV123@@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@$$QEAP8FlagImpl@flags_internal@1@EAAXXZ$$QEAPEAV671@@Z
@@ -172,6 +172,8 @@ EXPORTS
     ??0?$RandenPool@G@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@I@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@_K@random_internal@absl@@QEAA@XZ
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
     ??0AlphaNum@absl@@QEAA@H@Z
     ??0AlphaNum@absl@@QEAA@PEBD@Z
     ??0AlphaNum@absl@@QEAA@_K@Z
@@ -296,9 +298,6 @@ EXPORTS
     ??ACord@absl@@QEBAD_K@Z
     ??BCord@absl@@QEBA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
     ??Bint128@absl@@QEBANXZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
     ??Eiterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QEAAAEAV0123@XZ
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Uday_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
@@ -372,6 +371,7 @@ EXPORTS
     ?AddressIsReadable@debugging_internal@absl@@YA_NPEBX@Z
     ?AdvanceAndReadBytes@ChunkIterator@Cord@absl@@AEAA?AV23@_K@Z
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AEAAX_K@Z
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPEAX_K@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPEAX_KPEAUArena@123@@Z
     ?AlreadyExistsError@absl@@YA?AVStatus@1@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ?AlwaysTrue@Condition@absl@@CA_NPEBV12@@Z
@@ -394,7 +394,9 @@ EXPORTS
     ?ApplyMask@MaskedPointer@flags_internal@absl@@AEAAX_K@Z
     ?ApplySubstitutions@strings_internal@absl@@YAHV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAV?$vector@UViableSubstitution@strings_internal@absl@@V?$allocator@UViableSubstitution@strings_internal@absl@@@__Cr@std@@@45@PEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@45@@Z
     ?AsciiStrToLower@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AsciiStrToUpper@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AssertHeld@Mutex@absl@@QEBAXXZ
     ?AssertNotHeld@Mutex@absl@@QEBAXXZ
     ?AssertReaderHeld@Mutex@absl@@QEBAXXZ
@@ -668,6 +670,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPEAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPEAX@Z
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVTime@1@AEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@234@@chrono@__Cr@std@@@Z
     ?FromTM@absl@@YA?AVTime@1@AEBUtm@@VTimeZone@1@@Z
@@ -1362,5 +1365,18 @@ EXPORTS
     ?words@?$BigUnsigned@$03@strings_internal@absl@@QEBAPEBIXZ
     ?words@?$BigUnsigned@$0FE@@strings_internal@absl@@QEBAPEBIXZ
     ?xsputn@Streambuf@OStringStream@strings_internal@absl@@MEAA_JPEBD_J@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_x64_dbg.def b/deps/v8/third_party/abseil-cpp/symbols_x64_dbg.def
index 8f862b473d2b5b..7eb29a56415faa 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_x64_dbg.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_x64_dbg.def
@@ -395,16 +395,6 @@ EXPORTS
     ??$?8UUnrecognizedFlag@absl@@U01@@__Cr@std@@YA_NAEBV?$allocator@UUnrecognizedFlag@absl@@@01@0@Z
     ??$?8V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$unique_ptr@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@01@$$T@Z
     ??$?8VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$unique_ptr@VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@01@$$T@Z
-    ??$?9PEAPEAVCommandLineFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PEAPEAVCordzHandle@cord_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVCordzHandle@cord_internal@absl@@@01@0@Z
-    ??$?9PEAPEAVLogSink@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEAVLogSink@absl@@@01@0@Z
-    ??$?9PEAPEBVCommandLineFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAPEBVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PEAUTransitionType@cctz@time_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAUTransitionType@cctz@time_internal@absl@@@01@0@Z
-    ??$?9PEAUUnrecognizedFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAUUnrecognizedFlag@absl@@@01@0@Z
-    ??$?9PEAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@01@0@Z
-    ??$?9PEBQEAVLogSink@absl@@PEAPEAV01@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBQEAVLogSink@absl@@@01@AEBV?$__wrap_iter@PEAPEAVLogSink@absl@@@01@@Z
-    ??$?9PEBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@01@0@Z
-    ??$?9PEBUUnrecognizedFlag@absl@@@__Cr@std@@YA_NAEBV?$__wrap_iter@PEBUUnrecognizedFlag@absl@@@01@0@Z
     ??$?BV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QEBA?AV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?BV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QEBA?AV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?DH@absl@@YA?AVDuration@0@HV10@@Z
@@ -520,11 +510,12 @@ EXPORTS
     ??$ArgumentToConv@_N@str_format_internal@absl@@YA?AW4FormatConversionCharSet@1@XZ
     ??$AsciiInAZRange@$00@ascii_internal@absl@@YA_NE@Z
     ??$AsciiInAZRange@$0A@@ascii_internal@absl@@YA_NE@Z
-    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
+    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ??$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
+    ??$AssertOnFind@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ??$AssignElements@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PEAUPayload@status_internal@absl@@@23@@inlined_vector_internal@absl@@@inlined_vector_internal@absl@@YAXPEAUPayload@status_internal@1@AEAV?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PEAUPayload@status_internal@absl@@@23@@01@_K@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEBE_KPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPEBD@Z
     ??$BufferSizeFor@$$V@log_internal@absl@@YA_KW4WireType@01@@Z
@@ -819,6 +810,10 @@ EXPORTS
     ??$ReadCallback@P6A_NPEBU?$atomic@_N@__Cr@std@@@Z@Condition@absl@@AEBAXPEAP6A_NPEBU?$atomic@_N@__Cr@std@@@Z@Z
     ??$Register@AEB_JAEA_KAEA_KAEA_KAEAG@?$SampleRecorder@UHashtablezInfo@container_internal@absl@@@profiling_internal@absl@@QEAAPEAUHashtablezInfo@container_internal@2@AEB_JAEA_K11AEAG@Z
     ??$RotateRight@I@crc_internal@absl@@YAIIHH@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@45@@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@45@0@Z@@CommonFields@container_internal@absl@@QEAAXV<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@12@0@Z@@Z
     ??$SNPrintF@DHHH@absl@@YAHPEAD_KAEBV?$FormatSpecTemplate@$0BPPPL@$0JPPPL@$0JPPPL@$0JPPPL@@str_format_internal@0@AEBDAEBH44@Z
     ??$STLStringResizeUninitialized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@X@strings_internal@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_K@Z
     ??$STLStringResizeUninitializedAmortized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_K@Z
@@ -1139,6 +1134,7 @@ EXPORTS
     ??$__launder@VFlagRegistry@flags_internal@absl@@@__Cr@std@@YAPEAVFlagRegistry@flags_internal@absl@@PEAV234@@Z
     ??$__launder@VMutex@absl@@@__Cr@std@@YAPEAVMutex@absl@@PEAV23@@Z
     ??$__lower_bound@U_ClassicAlgPolicy@__Cr@std@@PEBUTransition@cctz@time_internal@absl@@PEBU4567@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPEBUTransition@cctz@time_internal@absl@@PEBU2345@0AEBU2345@AEAUByUnixTime@2345@AEAU__identity@01@@Z
+    ??$__lower_bound_bisecting@U_ClassicAlgPolicy@__Cr@std@@PEBUTransition@cctz@time_internal@absl@@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPEBUTransition@cctz@time_internal@absl@@PEBU2345@AEBU2345@_JAEAUByUnixTime@2345@AEAU__identity@01@@Z
     ??$__make_exception_guard@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@__Cr@std@@@__Cr@std@@YA?AU?$__exception_guard_noexceptions@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@__Cr@std@@@01@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PEAUUnrecognizedFlag@absl@@@01@@Z
     ??$__memberwise_forward_assign@V?$tuple@AEAPEAVCommandLineFlag@absl@@AEA_N@__Cr@std@@V?$tuple@PEAVCommandLineFlag@absl@@_N@23@PEAVCommandLineFlag@absl@@_N$$Z$0A@$00@__Cr@std@@YAXAEAV?$tuple@AEAPEAVCommandLineFlag@absl@@AEA_N@01@$$QEAV?$tuple@PEAVCommandLineFlag@absl@@_N@01@U?$__tuple_types@PEAVCommandLineFlag@absl@@_N@01@U?$__tuple_indices@$0A@$00@01@@Z
     ??$__move@U_ClassicAlgPolicy@__Cr@std@@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@PEAPEAPEBV45678@PEAPEAPEBV45678@@__Cr@std@@YA?AU?$pair@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@PEAPEAPEBV12345@@01@PEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@00@Z
@@ -2408,8 +2404,6 @@ EXPORTS
     ??9ChunkIterator@Cord@absl@@QEBA_NAEBV012@@Z
     ??9GraphId@synchronization_internal@absl@@QEBA_NAEBU012@@Z
     ??9__Cr@std@@YA_NAEBU__deque_range@?$deque@UPrefixCrc@CrcCordState@crc_internal@absl@@V?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@01@0@Z
-    ??9__Cr@std@@YA_NAEBV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PEAU1234@AEAU1234@PEAPEAU1234@_J$0A@@01@0@Z
-    ??9__Cr@std@@YA_NAEBV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PEBU1234@AEBU1234@PEBQEBU1234@_J$0A@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAX@23@_J@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PEAX@23@_J@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NAEBV?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PEAX@23@_J@01@0@Z
@@ -2608,6 +2602,8 @@ EXPORTS
     ??Pabsl@@YA_NVuint128@0@0@Z
     ??R<lambda_1>@?0???$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEAAXAEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z@QEBA?A?<auto>@@PEBW4ctrl_t@23@PEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@@Z
     ??R<lambda_1>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@23@_K@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@67@@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@AEBUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QEAPEAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@23@AEBUpiecewise_construct_t@__Cr@std@@$$QEAV?$tuple@$$QEBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QEAV?$tuple@$$QEAPEAVCommandLineFlag@absl@@@67@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$FixedArray@D$0?0V?$allocator@D@__Cr@std@@@absl@@QEAAAEAD_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAAEAUPayload@status_internal@2@_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEBAAEBUPayload@status_internal@2@_K@Z@QEBA?A?<auto>@@XZ
@@ -2630,6 +2626,7 @@ EXPORTS
     ??R<lambda_1>@?0??SubtractSize@?$Storage@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??SubtractSize@?$Storage@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??back@?$InlinedVector@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QEAAAEAPEAUCordRep@cord_internal@3@XZ@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAPEAUPayload@status_internal@3@PEBU453@@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??inline_size@Rep@InlineData@cord_internal@absl@@QEBA_KXZ@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??pop_back@?$InlinedVector@PEAUCordRep@cord_internal@absl@@$01V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QEAAXXZ@QEBA?A?<auto>@@XZ
@@ -2640,6 +2637,7 @@ EXPORTS
     ??R<lambda_1>@?0??resize_impl@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@CAXAEAVCommonFields@34@_KVHashtablezInfoHandle@34@@Z@QEBA?A?<auto>@@PEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@@Z
     ??R<lambda_1>@?0??set_inline_data@InlineData@cord_internal@absl@@QEAAXPEBD_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_1>@?0??set_inline_size@Rep@InlineData@cord_internal@absl@@QEAAX_K@Z@QEBA?A?<auto>@@XZ
+    ??R<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AEAAXPEAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@34@0@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PEBVFormatArgImpl@str_format_internal@absl@@@23@_K@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0??AssertSameContainer@container_internal@absl@@YAXPEBW4ctrl_t@23@0AEBQEBX1PEBE2@Z@QEBA?A?<auto>@@XZ
     ??R<lambda_2>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QEAAPEAUPayload@status_internal@3@PEBU453@@Z@QEBA?A?<auto>@@XZ
@@ -2801,6 +2799,7 @@ EXPORTS
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AEAAX_K@Z
     ?AlignBegin@CordRepBtree@cord_internal@absl@@AEAAXXZ
     ?AlignEnd@CordRepBtree@cord_internal@absl@@AEAAXXZ
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPEAX_K@Z
     ?Alloc@flags_internal@absl@@YAPEAXP6APEAXW4FlagOp@12@PEBXPEAX2@Z@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPEAX_KPEAUArena@123@@Z
     ?Allocate@?$AllocationTransaction@V?$allocator@PEAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAPEAPEAUCordRep@cord_internal@3@_K@Z
@@ -2848,12 +2847,15 @@ EXPORTS
     ?AreItersFromSameContainer@container_internal@absl@@YA_NPEBW4ctrl_t@12@0AEBQEBX1@Z
     ?AsValueType@?$FixedArray@D$0?0V?$allocator@D@__Cr@std@@@absl@@CAPEADPEAD@Z
     ?AsciiStrToLower@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AsciiStrToUpper@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AssertHeld@CordzInfo@cord_internal@absl@@QEAAXXZ
     ?AssertHeld@Mutex@absl@@QEBAXXZ
     ?AssertInSooMode@CommonFields@container_internal@absl@@AEBAXXZ
     ?AssertIsFull@container_internal@absl@@YAXPEBW4ctrl_t@12@EPEBEPEBD@Z
     ?AssertIsValidForComparison@container_internal@absl@@YAXPEBW4ctrl_t@12@EPEBE@Z
+    ?AssertNotDebugCapacity@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IEBAXXZ
     ?AssertNotHeld@Mutex@absl@@QEBAXXZ
     ?AssertReaderHeld@Mutex@absl@@QEBAXXZ
     ?AssertSameContainer@container_internal@absl@@YAXPEBW4ctrl_t@12@0AEBQEBX1PEBE2@Z
@@ -3245,6 +3247,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPEAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPEAX@Z
     ?Frequency@CycleClock@base_internal@absl@@SANXZ
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVDuration@1@AEBV?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@chrono@__Cr@std@@@Z
@@ -4137,6 +4140,11 @@ EXPORTS
     ?ToUnixNanos@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@cctz@time_internal@absl@@YA_JAEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$00@__Cr@std@@@234@@chrono@__Cr@std@@@Z
+    ?TraceContinue@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
+    ?TraceObjectKind@BlockingCounter@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceObjectKind@Notification@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceSignal@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
+    ?TraceWait@base_internal@absl@@YAXPEBXW4ObjectKind@12@@Z
     ?Track@CordzInfo@cord_internal@absl@@AEAAXXZ
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAEAVInlineData@23@AEBV423@W4MethodIdentifier@CordzUpdateTracker@23@@Z
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAEAVInlineData@23@W4MethodIdentifier@CordzUpdateTracker@23@_J@Z
@@ -5677,6 +5685,8 @@ EXPORTS
     ?second@?$__compressed_pair@_KV?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAAEAV?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@23@XZ
     ?second@?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBAHXZ
     ?second@?$civil_time@Usecond_tag@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBAHXZ
+    ?self@Rep@InlineData@cord_internal@absl@@QEAAPEAU1234@XZ
+    ?self@Rep@InlineData@cord_internal@absl@@QEBAPEBU1234@XZ
     ?set@MaybeInitializedPtr@container_internal@absl@@QEAAXPEAX@Z
     ?set_arg@BoundConversion@str_format_internal@absl@@QEAAXPEBVFormatArgImpl@23@@Z
     ?set_begin@CordRepBtree@cord_internal@absl@@AEAAX_K@Z
@@ -5843,5 +5853,18 @@ EXPORTS
     ?year@?$civil_time@Uyear_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QEBA_JXZ
     ?year_index@impl@detail@cctz@time_internal@absl@@YAH_JC@Z
     ?ymd_ord@impl@detail@cctz@time_internal@absl@@YA_J_JCC@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_x64_rel.def b/deps/v8/third_party/abseil-cpp/symbols_x64_rel.def
index c19da738f78d0e..8df2a43f8c2534 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_x64_rel.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_x64_rel.def
@@ -34,8 +34,8 @@ EXPORTS
     ??$Append@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@$0A@@Cord@absl@@QEAAX$$QEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??$AppendImpl@AEBVCord@absl@@@Cord@absl@@AEAAXAEBV01@@Z
     ??$AppendImpl@VCord@absl@@@Cord@absl@@AEAAX$$QEAV01@@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEBE_KPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPEBD@Z
     ??$CallOnceImpl@A6AXXZ$$V@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@A6AXXZ@Z
     ??$CallOnceImpl@P8FlagImpl@flags_internal@absl@@EAAXXZPEAV123@@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@$$QEAP8FlagImpl@flags_internal@1@EAAXXZ$$QEAPEAV671@@Z
@@ -175,6 +175,8 @@ EXPORTS
     ??0?$RandenPool@G@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@I@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@_K@random_internal@absl@@QEAA@XZ
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
     ??0AlphaNum@absl@@QEAA@H@Z
     ??0AlphaNum@absl@@QEAA@PEBD@Z
     ??0AlphaNum@absl@@QEAA@_K@Z
@@ -299,9 +301,6 @@ EXPORTS
     ??ACord@absl@@QEBAD_K@Z
     ??BCord@absl@@QEBA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
     ??Bint128@absl@@QEBANXZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
     ??Eiterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QEAAAEAV0123@XZ
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Uday_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
@@ -373,6 +372,7 @@ EXPORTS
     ?AddressIsReadable@debugging_internal@absl@@YA_NPEBX@Z
     ?AdvanceAndReadBytes@ChunkIterator@Cord@absl@@AEAA?AV23@_K@Z
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AEAAX_K@Z
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPEAX_K@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPEAX_KPEAUArena@123@@Z
     ?AlreadyExistsError@absl@@YA?AVStatus@1@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ?AlwaysTrue@Condition@absl@@CA_NPEBV12@@Z
@@ -395,7 +395,9 @@ EXPORTS
     ?ApplyMask@MaskedPointer@flags_internal@absl@@AEAAX_K@Z
     ?ApplySubstitutions@strings_internal@absl@@YAHV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAV?$vector@UViableSubstitution@strings_internal@absl@@V?$allocator@UViableSubstitution@strings_internal@absl@@@__Cr@std@@@45@PEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@45@@Z
     ?AsciiStrToLower@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AsciiStrToUpper@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AssertHeld@Mutex@absl@@QEBAXXZ
     ?AssertNotHeld@Mutex@absl@@QEBAXXZ
     ?AssertReaderHeld@Mutex@absl@@QEBAXXZ
@@ -669,6 +671,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPEAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPEAX@Z
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVTime@1@AEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@234@@chrono@__Cr@std@@@Z
     ?FromTM@absl@@YA?AVTime@1@AEBUtm@@VTimeZone@1@@Z
@@ -1362,5 +1365,18 @@ EXPORTS
     ?words@?$BigUnsigned@$03@strings_internal@absl@@QEBAPEBIXZ
     ?words@?$BigUnsigned@$0FE@@strings_internal@absl@@QEBAPEBIXZ
     ?xsputn@Streambuf@OStringStream@strings_internal@absl@@MEAA_JPEBD_J@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_x64_rel_asan.def b/deps/v8/third_party/abseil-cpp/symbols_x64_rel_asan.def
index 81b86815f25886..43f54a4e67276c 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_x64_rel_asan.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_x64_rel_asan.def
@@ -2,7 +2,6 @@ EXPORTS
     ?$TSS0@?1??CrcAndCopy@CrcMemcpy@crc_internal@absl@@SA?AVcrc32c_t@4@PEIAXPEIBX_KV54@_N@Z@4HA
     ??$?0$$V$0A@@?$NoDestructor@V?$SampleRecorder@UHashtablezInfo@container_internal@absl@@@profiling_internal@absl@@@absl@@QEAA@XZ
     ??$?0$$V$0A@@?$NoDestructor@VFlagRegistry@flags_internal@absl@@@absl@@QEAA@XZ
-    ??$?0AEAVCord@absl@@$0A@@?$optional@VCord@absl@@@__Cr@std@@QEAA@AEAVCord@absl@@@Z
     ??$?0PEAI@?$SaltedSeedSeq@Vseed_seq@__Cr@std@@@random_internal@absl@@QEAA@PEAI0@Z
     ??$?0V?$allocator@D@__Cr@std@@@AlphaNum@absl@@QEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??$?0V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@$0A@@Cord@absl@@QEAA@$$QEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
@@ -37,8 +36,8 @@ EXPORTS
     ??$Append@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@$0A@@Cord@absl@@QEAAX$$QEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??$AppendImpl@AEBVCord@absl@@@Cord@absl@@AEAAXAEBV01@@Z
     ??$AppendImpl@VCord@absl@@@Cord@absl@@AEAAX$$QEAV01@@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEAD_K@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEAD_K@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPEADPEBD_K@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPEBE_KPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPEBD@Z
     ??$CallOnceImpl@A6AXXZ$$V@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@A6AXXZ@Z
     ??$CallOnceImpl@P8FlagImpl@flags_internal@absl@@EAAXXZPEAV123@@base_internal@absl@@YAXPEAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@$$QEAP8FlagImpl@flags_internal@1@EAAXXZ$$QEAPEAV671@@Z
@@ -88,7 +87,6 @@ EXPORTS
     ??$Dispatch@_J@FormatArgImpl@str_format_internal@absl@@CA_NTData@012@VFormatConversionSpecImpl@12@PEAX@Z
     ??$Dispatch@_K@FormatArgImpl@str_format_internal@absl@@CA_NTData@012@VFormatConversionSpecImpl@12@PEAX@Z
     ??$Dispatch@_N@FormatArgImpl@str_format_internal@absl@@CA_NTData@012@VFormatConversionSpecImpl@12@PEAX@Z
-    ??$EmplaceBack@UPayload@status_internal@absl@@@?$Storage@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QEAAAEAUPayload@status_internal@2@$$QEAU342@@Z
     ??$EmplaceBackSlow@AEBQEAVLogSink@absl@@@?$Storage@PEAVLogSink@absl@@$0BA@V?$allocator@PEAVLogSink@absl@@@__Cr@std@@@inlined_vector_internal@absl@@AEAAAEAPEAVLogSink@2@AEBQEAV32@@Z
     ??$EmplaceBackSlow@UPayload@status_internal@absl@@@?$Storage@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@AEAAAEAUPayload@status_internal@2@$$QEAU342@@Z
     ??$FindSubstitutions@V?$initializer_list@U?$pair@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V123@@__Cr@std@@@std@@@strings_internal@absl@@YA?AV?$vector@UViableSubstitution@strings_internal@absl@@V?$allocator@UViableSubstitution@strings_internal@absl@@@__Cr@std@@@__Cr@std@@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@34@AEBV?$initializer_list@U?$pair@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V123@@__Cr@std@@@4@@Z
@@ -127,12 +125,6 @@ EXPORTS
     ??$Merge@$0A@@CordRepBtree@cord_internal@absl@@CAPEAV012@PEAV012@0@Z
     ??$NewLeaf@$00@CordRepBtree@cord_internal@absl@@CAPEAV012@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@_K@Z
     ??$NewLeaf@$0A@@CordRepBtree@cord_internal@absl@@CAPEAV012@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@_K@Z
-    ??$ParseFlagImpl@H@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAH@Z
-    ??$ParseFlagImpl@I@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAI@Z
-    ??$ParseFlagImpl@J@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAJ@Z
-    ??$ParseFlagImpl@K@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAK@Z
-    ??$ParseFlagImpl@_J@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEA_J@Z
-    ??$ParseFlagImpl@_K@flags_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEA_K@Z
     ??$ParseFloat@$09@strings_internal@absl@@YA?AUParsedFloat@01@PEBD0W4chars_format@1@@Z
     ??$ParseFloat@$0BA@@strings_internal@absl@@YA?AUParsedFloat@01@PEBD0W4chars_format@1@@Z
     ??$ParseFormatString@UParsedFormatConsumer@ParsedFormatBase@str_format_internal@absl@@@str_format_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@UParsedFormatConsumer@ParsedFormatBase@01@@Z
@@ -181,7 +173,7 @@ EXPORTS
     ??$__push_back_slow_path@AEBUUnrecognizedFlag@absl@@@?$vector@UUnrecognizedFlag@absl@@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@@__Cr@std@@AEAAPEAUUnrecognizedFlag@absl@@AEBU34@@Z
     ??$__push_back_slow_path@PEBVCommandLineFlag@absl@@@?$vector@PEBVCommandLineFlag@absl@@V?$allocator@PEBVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@AEAAPEAPEBVCommandLineFlag@absl@@$$QEAPEBV34@@Z
     ??$__push_back_slow_path@UConversionItem@ParsedFormatBase@str_format_internal@absl@@@?$vector@UConversionItem@ParsedFormatBase@str_format_internal@absl@@V?$allocator@UConversionItem@ParsedFormatBase@str_format_internal@absl@@@__Cr@std@@@__Cr@std@@AEAAPEAUConversionItem@ParsedFormatBase@str_format_internal@absl@@$$QEAU3456@@Z
-    ??$construct_at@UPayload@status_internal@absl@@AEBU123@PEAU123@@__Cr@std@@YAPEAUPayload@status_internal@absl@@PEAU234@AEBU234@@Z
+    ??$construct_at@UPayload@status_internal@absl@@U123@PEAU123@@__Cr@std@@YAPEAUPayload@status_internal@absl@@PEAU234@$$QEAU234@@Z
     ??$emplace@$$V@?$vector@UTransition@cctz@time_internal@absl@@V?$allocator@UTransition@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAA?AV?$__wrap_iter@PEAUTransition@cctz@time_internal@absl@@@12@V?$__wrap_iter@PEBUTransition@cctz@time_internal@absl@@@12@@Z
     ??$emplace@$$V@?$vector@UTransitionType@cctz@time_internal@absl@@V?$allocator@UTransitionType@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAA?AV?$__wrap_iter@PEAUTransitionType@cctz@time_internal@absl@@@12@V?$__wrap_iter@PEBUTransitionType@cctz@time_internal@absl@@@12@@Z
     ??$emplace_back@$$V@?$__split_buffer@UTransition@cctz@time_internal@absl@@AEAV?$allocator@UTransition@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAXXZ
@@ -199,6 +191,8 @@ EXPORTS
     ??0?$RandenPool@G@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@I@random_internal@absl@@QEAA@XZ
     ??0?$RandenPool@_K@random_internal@absl@@QEAA@XZ
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAA@W4State@012@PEBV?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
     ??0AlphaNum@absl@@QEAA@H@Z
     ??0AlphaNum@absl@@QEAA@PEBD@Z
     ??0AlphaNum@absl@@QEAA@_K@Z
@@ -219,7 +213,6 @@ EXPORTS
     ??0Condition@absl@@QEAA@P6A_NPEAX@Z0@Z
     ??0Condition@absl@@QEAA@PEB_N@Z
     ??0Cord@absl@@AEAA@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@W4MethodIdentifier@CordzUpdateTracker@cord_internal@1@@Z
-    ??0Cord@absl@@QEAA@AEBV01@@Z
     ??0CordzHandle@cord_internal@absl@@IEAA@_N@Z
     ??0CordzInfo@cord_internal@absl@@AEAA@PEAUCordRep@12@PEBV012@W4MethodIdentifier@CordzUpdateTracker@12@_J@Z
     ??0CrcCordState@crc_internal@absl@@QEAA@$$QEAV012@@Z
@@ -231,7 +224,7 @@ EXPORTS
     ??0HashtablezInfo@container_internal@absl@@QEAA@XZ
     ??0Impl@time_zone@cctz@time_internal@absl@@AEAA@AEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??0Impl@time_zone@cctz@time_internal@absl@@AEAA@XZ
-    ??0InlineData@cord_internal@absl@@QEAA@AEBV012@@Z
+    ??0InlineRep@Cord@absl@@QEAA@AEBV012@@Z
     ??0KernelTimeout@synchronization_internal@absl@@QEAA@VDuration@2@@Z
     ??0KernelTimeout@synchronization_internal@absl@@QEAA@VTime@2@@Z
     ??0LogMessage@log_internal@absl@@QEAA@PEBDHUErrorTag@012@@Z
@@ -324,6 +317,7 @@ EXPORTS
     ??6time_internal@absl@@YAAEAV?$basic_ostream@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAV234@V?$civil_time@Usecond_tag@time_internal@absl@@@detail@cctz@01@@Z
     ??6time_internal@absl@@YAAEAV?$basic_ostream@DU?$char_traits@D@__Cr@std@@@__Cr@std@@AEAV234@V?$civil_time@Uyear_tag@time_internal@absl@@@detail@cctz@01@@Z
     ??8StatusRep@status_internal@absl@@QEBA_NAEBV012@@Z
+    ??8absl@@YA_NAEBVCord@0@0@Z
     ??8container_internal@absl@@YA_NAEBViterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@01@0@Z
     ??8cord_internal@absl@@YA_NAEBVInlineData@01@0@Z
     ??ACord@absl@@QEBAD_K@Z
@@ -331,9 +325,6 @@ EXPORTS
     ??Bint128@absl@@QEBANXZ
     ??Citerator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QEBAPEAU?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@XZ
     ??Diterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QEBAAEAU?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@XZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QEAAAEAV012@XZ
     ??Eiterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QEAAAEAV0123@XZ
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Uday_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
@@ -406,6 +397,7 @@ EXPORTS
     ?AddressIsReadable@debugging_internal@absl@@YA_NPEBX@Z
     ?AdvanceAndReadBytes@ChunkIterator@Cord@absl@@AEAA?AV23@_K@Z
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AEAAX_K@Z
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPEAX_K@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPEAX_KPEAUArena@123@@Z
     ?AlreadyExistsError@absl@@YA?AVStatus@1@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ?AlwaysTrue@Condition@absl@@CA_NPEBV12@@Z
@@ -430,14 +422,15 @@ EXPORTS
     ?ApplyMask@MaskedPointer@flags_internal@absl@@AEAAX_K@Z
     ?ApplySubstitutions@strings_internal@absl@@YAHV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAV?$vector@UViableSubstitution@strings_internal@absl@@V?$allocator@UViableSubstitution@strings_internal@absl@@@__Cr@std@@@45@PEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@45@@Z
     ?AsciiStrToLower@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AsciiStrToUpper@absl@@YAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPEADPEBD_K@Z
     ?AssertHeld@Mutex@absl@@QEBAXXZ
     ?AssertNotHeld@Mutex@absl@@QEBAXXZ
     ?AssertReaderHeld@Mutex@absl@@QEBAXXZ
     ?AssertSameContainer@container_internal@absl@@YAXPEBW4ctrl_t@12@0AEBQEBX1PEBE2@Z
     ?AssertValidType@FlagImpl@flags_internal@absl@@QEBAXPEBXP6APEBVtype_info@@XZ@Z
     ?AssignLargeString@Cord@absl@@AEAAAEAV12@$$QEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
-    ?AssignNext@?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PEAUPayload@status_internal@absl@@@23@@inlined_vector_internal@absl@@QEAAXPEAUPayload@status_internal@3@@Z
     ?AssignSlow@InlineRep@Cord@absl@@AEAAXAEBV123@@Z
     ?AsyncSignalSafeWriteError@raw_log_internal@absl@@YAXPEBD_K@Z
     ?At@TimeZone@absl@@QEBA?AUCivilInfo@12@VTime@2@@Z
@@ -512,6 +505,7 @@ EXPORTS
     ?CopyPrefix@CordRepBtree@cord_internal@absl@@AEAA?AUCopyResult@123@_K_N@Z
     ?CopySuffix@CordRepBtree@cord_internal@absl@@AEAA?AUCopyResult@123@_K@Z
     ?CopyTo@InlineRep@Cord@absl@@QEBAXPEAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?CopyToArrayImpl@Cord@absl@@AEBAXPEAD@Z
     ?CopyToArraySlowPath@Cord@absl@@AEBAXPEAD@Z
     ?Crash@Helper@internal_statusor@absl@@SAXAEBVStatus@3@@Z
     ?Crc32c@CRC@crc_internal@absl@@SAPEAV123@XZ
@@ -705,6 +699,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPEAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPEAX@Z
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVTime@1@AEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@234@@chrono@__Cr@std@@@Z
     ?FromTM@absl@@YA?AVTime@1@AEBUtm@@VTimeZone@1@@Z
@@ -866,6 +861,7 @@ EXPORTS
     ?MakeCheckOpValueString@log_internal@absl@@YAXAEAV?$basic_ostream@DU?$char_traits@D@__Cr@std@@@__Cr@std@@D@Z
     ?MakeCheckOpValueString@log_internal@absl@@YAXAEAV?$basic_ostream@DU?$char_traits@D@__Cr@std@@@__Cr@std@@E@Z
     ?MakeCheckOpValueString@log_internal@absl@@YAXAEAV?$basic_ostream@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEBX@Z
+    ?MakeFlatWithExtraCapacity@InlineRep@Cord@absl@@QEAAPEAUCordRepFlat@cord_internal@3@_K@Z
     ?MakeInitValue@FlagImpl@flags_internal@absl@@AEBA?AV?$unique_ptr@XUDynValueDeleter@flags_internal@absl@@@__Cr@std@@XZ
     ?MakeRelativeTimespec@KernelTimeout@synchronization_internal@absl@@QEBA?AUtimespec@@XZ
     ?MakeSeedSeq@absl@@YA?AV?$SaltedSeedSeq@Vseed_seq@__Cr@std@@@random_internal@1@XZ
@@ -1088,6 +1084,7 @@ EXPORTS
     ?SetTimeZone@log_internal@absl@@YAXVTimeZone@2@@Z
     ?SetToZero@?$BigUnsigned@$03@strings_internal@absl@@QEAAXXZ
     ?SetToZero@?$BigUnsigned@$0FE@@strings_internal@absl@@QEAAXXZ
+    ?SetTreeOrEmpty@InlineRep@Cord@absl@@QEAAXPEAUCordRep@cord_internal@3@AEBVCordzUpdateScope@53@@Z
     ?SetVModuleListHeadForTestOnly@log_internal@absl@@YAPEAVVLogSite@12@PEAV312@@Z
     ?ShiftLeft@?$BigUnsigned@$03@strings_internal@absl@@QEAAXH@Z
     ?ShiftLeft@?$BigUnsigned@$0FE@@strings_internal@absl@@QEAAXH@Z
@@ -1361,6 +1358,7 @@ EXPORTS
     ?non_temporal_store_memcpy_avx@crc_internal@absl@@YAPEAXPEIAXPEIBX_K@Z
     ?overflow@Streambuf@OStringStream@strings_internal@absl@@MEAAHH@Z
     ?parse@detail@cctz@time_internal@absl@@YA_NAEBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@0AEBVtime_zone@234@PEAV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$00@__Cr@std@@@234@@chrono@67@PEAV?$duration@_JV?$ratio@$00$0DINHOKEMGIAAA@@__Cr@std@@@chrono@67@PEAV567@@Z
+    ?poison@InlineData@cord_internal@absl@@QEAAXXZ
     ?prev_transition@time_zone@cctz@time_internal@absl@@QEBA_NAEBV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$00@__Cr@std@@@234@@chrono@__Cr@std@@PEAUcivil_transition@1234@@Z
     ?push_back@?$__split_buffer@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@AEAV?$allocator@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX$$QEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@@Z
     ?push_back@?$__split_buffer@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@V?$allocator@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX$$QEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@@Z
@@ -1374,6 +1372,7 @@ EXPORTS
     ?push_front@?$__split_buffer@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@V?$allocator@PEAPEBVImpl@time_zone@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX$$QEAPEAPEBVImpl@time_zone@cctz@time_internal@absl@@@Z
     ?push_front@?$__split_buffer@PEAUPrefixCrc@CrcCordState@crc_internal@absl@@AEAV?$allocator@PEAUPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAXAEBQEAUPrefixCrc@CrcCordState@crc_internal@absl@@@Z
     ?push_front@?$__split_buffer@PEAUPrefixCrc@CrcCordState@crc_internal@absl@@V?$allocator@PEAUPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX$$QEAPEAUPrefixCrc@CrcCordState@crc_internal@absl@@@Z
+    ?remove_prefix@InlineRep@Cord@absl@@QEAAX_K@Z
     ?reserve@?$vector@PEAVCommandLineFlag@absl@@V?$allocator@PEAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@QEAAX_K@Z
     ?reserve@?$vector@UTransition@cctz@time_internal@absl@@V?$allocator@UTransition@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX_K@Z
     ?reserve@?$vector@UTransitionType@cctz@time_internal@absl@@V?$allocator@UTransitionType@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@QEAAX_K@Z
@@ -1389,8 +1388,6 @@ EXPORTS
     ?safe_strtou32_base@numbers_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEAIH@Z
     ?safe_strtou64_base@numbers_internal@absl@@YA_NV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PEA_KH@Z
     ?set_cordz_mean_interval@cord_internal@absl@@YAXH@Z
-    ?set_inline_data@InlineData@cord_internal@absl@@QEAAXPEBD_K@Z
-    ?set_inline_size@InlineData@cord_internal@absl@@QEAAX_K@Z
     ?shallow_subcords_enabled@cord_internal@absl@@3U?$atomic@_N@__Cr@std@@A
     ?should_rehash_for_bug_detection_on_insert@CommonFields@container_internal@absl@@QEBA_NXZ
     ?should_rehash_for_bug_detection_on_insert@CommonFieldsGenerationInfoEnabled@container_internal@absl@@QEBA_NPEBW4ctrl_t@23@_K@Z
@@ -1411,5 +1408,18 @@ EXPORTS
     ?words@?$BigUnsigned@$03@strings_internal@absl@@QEBAPEBIXZ
     ?words@?$BigUnsigned@$0FE@@strings_internal@absl@@QEBAPEBIXZ
     ?xsputn@Streambuf@OStringStream@strings_internal@absl@@MEAA_JPEBD_J@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_x86_dbg.def b/deps/v8/third_party/abseil-cpp/symbols_x86_dbg.def
index b6be8fb2af1f87..53b6efac44816c 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_x86_dbg.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_x86_dbg.def
@@ -395,16 +395,6 @@ EXPORTS
     ??$?8UUnrecognizedFlag@absl@@U01@@__Cr@std@@YA_NABV?$allocator@UUnrecognizedFlag@absl@@@01@0@Z
     ??$?8V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@__Cr@std@@YA_NABV?$unique_ptr@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@U?$default_delete@V?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@@__Cr@std@@@01@$$T@Z
     ??$?8VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@__Cr@std@@YA_NABV?$unique_ptr@VZoneInfoSource@cctz@time_internal@absl@@U?$default_delete@VZoneInfoSource@cctz@time_internal@absl@@@__Cr@std@@@01@$$T@Z
-    ??$?9PAPAVCommandLineFlag@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAPAVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PAPAVCordzHandle@cord_internal@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAPAVCordzHandle@cord_internal@absl@@@01@0@Z
-    ??$?9PAPAVLogSink@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAPAVLogSink@absl@@@01@0@Z
-    ??$?9PAPBVCommandLineFlag@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAPBVCommandLineFlag@absl@@@01@0@Z
-    ??$?9PAUTransitionType@cctz@time_internal@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAUTransitionType@cctz@time_internal@absl@@@01@0@Z
-    ??$?9PAUUnrecognizedFlag@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PAUUnrecognizedFlag@absl@@@01@0@Z
-    ??$?9PAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@__Cr@std@@YA_NABV?$__wrap_iter@PAV?$unique_ptr@VFlagStateInterface@flags_internal@absl@@U?$default_delete@VFlagStateInterface@flags_internal@absl@@@__Cr@std@@@__Cr@std@@@01@0@Z
-    ??$?9PBQAVLogSink@absl@@PAPAV01@@__Cr@std@@YA_NABV?$__wrap_iter@PBQAVLogSink@absl@@@01@ABV?$__wrap_iter@PAPAVLogSink@absl@@@01@@Z
-    ??$?9PBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PBUConversionItem@ParsedFormatBase@str_format_internal@absl@@@01@0@Z
-    ??$?9PBUUnrecognizedFlag@absl@@@__Cr@std@@YA_NABV?$__wrap_iter@PBUUnrecognizedFlag@absl@@@01@0@Z
     ??$?BV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QBE?AV?$vector@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?BV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@$0A@@?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@QBE?AV?$vector@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@V?$allocator@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@@__Cr@std@@XZ
     ??$?DH@absl@@YA?AVDuration@0@HV10@@Z
@@ -520,11 +510,12 @@ EXPORTS
     ??$ArgumentToConv@_N@str_format_internal@absl@@YA?AW4FormatConversionCharSet@1@XZ
     ??$AsciiInAZRange@$00@ascii_internal@absl@@YA_NE@Z
     ??$AsciiInAZRange@$0A@@ascii_internal@absl@@YA_NE@Z
-    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPADI@Z
-    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPADI@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPADI@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPADI@Z
+    ??$AsciiStrCaseFold@$00@ascii_internal@absl@@YAXPADPBDI@Z
+    ??$AsciiStrCaseFold@$0A@@ascii_internal@absl@@YAXPADPBDI@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPADPBDI@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPADPBDI@Z
     ??$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IAEXABV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
+    ??$AssertOnFind@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IAEXABV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ??$AssignElements@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PAUPayload@status_internal@absl@@@23@@inlined_vector_internal@absl@@@inlined_vector_internal@absl@@YAXPAUPayload@status_internal@1@AAV?$IteratorValueAdapter@V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@V?$move_iterator@PAUPayload@status_internal@absl@@@23@@01@I@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPBEIPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPBD@Z
     ??$BufferSizeFor@$$V@log_internal@absl@@YAIW4WireType@01@@Z
@@ -819,6 +810,10 @@ EXPORTS
     ??$ReadCallback@P6A_NPBU?$atomic@_N@__Cr@std@@@Z@Condition@absl@@ABEXPAP6A_NPBU?$atomic@_N@__Cr@std@@@Z@Z
     ??$Register@AB_JAAIAAIAAIAAG@?$SampleRecorder@UHashtablezInfo@container_internal@absl@@@profiling_internal@absl@@QAEPAUHashtablezInfo@container_internal@2@AB_JAAI11AAG@Z
     ??$RotateRight@I@crc_internal@absl@@YAIIHH@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@34@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QAEXV<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@12@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@34@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@78@@Z@@CommonFields@container_internal@absl@@QAEXV<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@12@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@78@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@78@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@45@@Z@@CommonFields@container_internal@absl@@QAEXV<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@12@@Z@@Z
+    ??$RunWithReentrancyGuard@V<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@45@0@Z@@CommonFields@container_internal@absl@@QAEXV<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@12@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@12@0@Z@@Z
     ??$SNPrintF@DHHH@absl@@YAHPADIABV?$FormatSpecTemplate@$0BPPPL@$0JPPPL@$0JPPPL@$0JPPPL@@str_format_internal@0@ABDABH33@Z
     ??$STLStringResizeUninitialized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@X@strings_internal@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@I@Z
     ??$STLStringResizeUninitializedAmortized@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@I@Z
@@ -1139,6 +1134,7 @@ EXPORTS
     ??$__launder@VFlagRegistry@flags_internal@absl@@@__Cr@std@@YAPAVFlagRegistry@flags_internal@absl@@PAV234@@Z
     ??$__launder@VMutex@absl@@@__Cr@std@@YAPAVMutex@absl@@PAV23@@Z
     ??$__lower_bound@U_ClassicAlgPolicy@__Cr@std@@PBUTransition@cctz@time_internal@absl@@PBU4567@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPBUTransition@cctz@time_internal@absl@@PBU2345@0ABU2345@AAUByUnixTime@2345@AAU__identity@01@@Z
+    ??$__lower_bound_bisecting@U_ClassicAlgPolicy@__Cr@std@@PBUTransition@cctz@time_internal@absl@@U4567@U__identity@23@UByUnixTime@4567@@__Cr@std@@YAPBUTransition@cctz@time_internal@absl@@PBU2345@ABU2345@HAAUByUnixTime@2345@AAU__identity@01@@Z
     ??$__make_exception_guard@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PAUUnrecognizedFlag@absl@@@__Cr@std@@@__Cr@std@@YA?AU?$__exception_guard_noexceptions@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PAUUnrecognizedFlag@absl@@@__Cr@std@@@01@V?$_AllocatorDestroyRangeReverse@V?$allocator@UUnrecognizedFlag@absl@@@__Cr@std@@PAUUnrecognizedFlag@absl@@@01@@Z
     ??$__memberwise_forward_assign@V?$tuple@AAPAVCommandLineFlag@absl@@AA_N@__Cr@std@@V?$tuple@PAVCommandLineFlag@absl@@_N@23@PAVCommandLineFlag@absl@@_N$$Z$0A@$00@__Cr@std@@YAXAAV?$tuple@AAPAVCommandLineFlag@absl@@AA_N@01@$$QAV?$tuple@PAVCommandLineFlag@absl@@_N@01@U?$__tuple_types@PAVCommandLineFlag@absl@@_N@01@U?$__tuple_indices@$0A@$00@01@@Z
     ??$__move@U_ClassicAlgPolicy@__Cr@std@@PAPAPBVImpl@time_zone@cctz@time_internal@absl@@PAPAPBV45678@PAPAPBV45678@@__Cr@std@@YA?AU?$pair@PAPAPBVImpl@time_zone@cctz@time_internal@absl@@PAPAPBV12345@@01@PAPAPBVImpl@time_zone@cctz@time_internal@absl@@00@Z
@@ -2408,8 +2404,6 @@ EXPORTS
     ??9ChunkIterator@Cord@absl@@QBE_NABV012@@Z
     ??9GraphId@synchronization_internal@absl@@QBE_NABU012@@Z
     ??9__Cr@std@@YA_NABU__deque_range@?$deque@UPrefixCrc@CrcCordState@crc_internal@absl@@V?$allocator@UPrefixCrc@CrcCordState@crc_internal@absl@@@__Cr@std@@@01@0@Z
-    ??9__Cr@std@@YA_NABV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PAU1234@AAU1234@PAPAU1234@H$0A@@01@0@Z
-    ??9__Cr@std@@YA_NABV?$__deque_iterator@UPrefixCrc@CrcCordState@crc_internal@absl@@PBU1234@ABU1234@PBQBU1234@H$0A@@01@0@Z
     ??9__Cr@std@@YA_NABV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PAX@23@H@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NABV?$__map_iterator@V?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PAX@23@H@__Cr@std@@@01@0@Z
     ??9__Cr@std@@YA_NABV?$__tree_iterator@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PAV?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$map@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@U?$less@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@23@V?$allocator@U?$pair@$$CBV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@@23@@23@@__Cr@std@@PAX@23@H@01@0@Z
@@ -2608,6 +2602,8 @@ EXPORTS
     ??Pabsl@@YA_NVuint128@0@0@Z
     ??R<lambda_1>@?0???$AssertHashEqConsistent@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IAEXABV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z@QBE?A?<auto>@@PBW4ctrl_t@23@PAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@23@@Z
     ??R<lambda_1>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QAEXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PBVFormatArgImpl@str_format_internal@absl@@@23@I@Z@QBE?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@23@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QAV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@67@@Z@QBE?A?<auto>@@XZ
+    ??R<lambda_1>@?0???$construct@ABUpiecewise_construct_t@__Cr@std@@V?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@23@V?$tuple@$$QAPAVCommandLineFlag@absl@@@23@@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@23@ABUpiecewise_construct_t@__Cr@std@@$$QAV?$tuple@$$QBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@67@$$QAV?$tuple@$$QAPAVCommandLineFlag@absl@@@67@@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$FixedArray@D$0PPPPPPPP@V?$allocator@D@__Cr@std@@@absl@@QAEAADI@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QAEAAUPayload@status_internal@2@I@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0???A?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QBEABUPayload@status_internal@2@I@Z@QBE?A?<auto>@@XZ
@@ -2630,6 +2626,7 @@ EXPORTS
     ??R<lambda_1>@?0??SubtractSize@?$Storage@PAUCordRep@cord_internal@absl@@$01V?$allocator@PAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QAEXI@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??SubtractSize@?$Storage@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QAEXI@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??back@?$InlinedVector@PAUCordRep@cord_internal@absl@@$01V?$allocator@PAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QAEAAPAUCordRep@cord_internal@3@XZ@QBE?A?<auto>@@XZ
+    ??R<lambda_1>@?0??destroy@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@34@@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QAEPAUPayload@status_internal@3@PBU453@@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??inline_size@Rep@InlineData@cord_internal@absl@@QBEIXZ@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??pop_back@?$InlinedVector@PAUCordRep@cord_internal@absl@@$01V?$allocator@PAUCordRep@cord_internal@absl@@@__Cr@std@@@absl@@QAEXXZ@QBE?A?<auto>@@XZ
@@ -2640,6 +2637,7 @@ EXPORTS
     ??R<lambda_1>@?0??resize_impl@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@CAXAAVCommonFields@34@IVHashtablezInfoHandle@34@@Z@QBE?A?<auto>@@PAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@34@@Z
     ??R<lambda_1>@?0??set_inline_data@InlineData@cord_internal@absl@@QAEXPBDI@Z@QBE?A?<auto>@@XZ
     ??R<lambda_1>@?0??set_inline_size@Rep@InlineData@cord_internal@absl@@QAEXI@Z@QBE?A?<auto>@@XZ
+    ??R<lambda_1>@?0??transfer@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@AAEXPAT?$map_slot_type@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@34@0@Z@QBE?A?<auto>@@XZ
     ??R<lambda_2>@?0???$Initialize@V?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PBVFormatArgImpl@str_format_internal@absl@@@inlined_vector_internal@absl@@@?$Storage@VFormatArgImpl@str_format_internal@absl@@$03V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QAEXV?$IteratorValueAdapter@V?$allocator@VFormatArgImpl@str_format_internal@absl@@@__Cr@std@@PBVFormatArgImpl@str_format_internal@absl@@@23@I@Z@QBE?A?<auto>@@XZ
     ??R<lambda_2>@?0??AssertSameContainer@container_internal@absl@@YAXPBW4ctrl_t@23@0ABQBX1PBE2@Z@QBE?A?<auto>@@XZ
     ??R<lambda_2>@?0??erase@?$InlinedVector@UPayload@status_internal@absl@@$00V?$allocator@UPayload@status_internal@absl@@@__Cr@std@@@absl@@QAEPAUPayload@status_internal@3@PBU453@@Z@QBE?A?<auto>@@XZ
@@ -2801,6 +2799,7 @@ EXPORTS
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AAEXI@Z
     ?AlignBegin@CordRepBtree@cord_internal@absl@@AAEXXZ
     ?AlignEnd@CordRepBtree@cord_internal@absl@@AAEXXZ
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPAXI@Z
     ?Alloc@flags_internal@absl@@YAPAXP6APAXW4FlagOp@12@PBXPAX2@Z@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPAXIPAUArena@123@@Z
     ?Allocate@?$AllocationTransaction@V?$allocator@PAUCordRep@cord_internal@absl@@@__Cr@std@@@inlined_vector_internal@absl@@QAEPAPAUCordRep@cord_internal@3@I@Z
@@ -2848,12 +2847,15 @@ EXPORTS
     ?AreItersFromSameContainer@container_internal@absl@@YA_NPBW4ctrl_t@12@0ABQBX1@Z
     ?AsValueType@?$FixedArray@D$0PPPPPPPP@V?$allocator@D@__Cr@std@@@absl@@CAPADPAD@Z
     ?AsciiStrToLower@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPADPBDI@Z
     ?AsciiStrToUpper@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPADPBDI@Z
     ?AssertHeld@CordzInfo@cord_internal@absl@@QAEXXZ
     ?AssertHeld@Mutex@absl@@QBEXXZ
     ?AssertInSooMode@CommonFields@container_internal@absl@@ABEXXZ
     ?AssertIsFull@container_internal@absl@@YAXPBW4ctrl_t@12@EPBEPBD@Z
     ?AssertIsValidForComparison@container_internal@absl@@YAXPBW4ctrl_t@12@EPBE@Z
+    ?AssertNotDebugCapacity@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@IBEXXZ
     ?AssertNotHeld@Mutex@absl@@QBEXXZ
     ?AssertReaderHeld@Mutex@absl@@QBEXXZ
     ?AssertSameContainer@container_internal@absl@@YAXPBW4ctrl_t@12@0ABQBX1PBE2@Z
@@ -3245,6 +3247,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPAX@Z
     ?Frequency@CycleClock@base_internal@absl@@SANXZ
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVDuration@1@ABV?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@chrono@__Cr@std@@@Z
@@ -4137,6 +4140,11 @@ EXPORTS
     ?ToUnixNanos@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@absl@@YA_JVTime@1@@Z
     ?ToUnixSeconds@cctz@time_internal@absl@@YA_JABV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$00@__Cr@std@@@234@@chrono@__Cr@std@@@Z
+    ?TraceContinue@base_internal@absl@@YAXPBXW4ObjectKind@12@@Z
+    ?TraceObjectKind@BlockingCounter@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceObjectKind@Notification@absl@@CA?AW4ObjectKind@base_internal@2@XZ
+    ?TraceSignal@base_internal@absl@@YAXPBXW4ObjectKind@12@@Z
+    ?TraceWait@base_internal@absl@@YAXPBXW4ObjectKind@12@@Z
     ?Track@CordzInfo@cord_internal@absl@@AAEXXZ
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAAVInlineData@23@ABV423@W4MethodIdentifier@CordzUpdateTracker@23@@Z
     ?TrackCord@CordzInfo@cord_internal@absl@@SAXAAVInlineData@23@W4MethodIdentifier@CordzUpdateTracker@23@_J@Z
@@ -5677,6 +5685,8 @@ EXPORTS
     ?second@?$__compressed_pair@V?$__tree_end_node@PAV?$__tree_node_base@PAX@__Cr@std@@@__Cr@std@@V?$allocator@V?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PAX@__Cr@std@@@23@@__Cr@std@@QAEAAV?$allocator@V?$__tree_node@U?$__value_type@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@V?$vector@PBVCommandLineFlag@absl@@V?$allocator@PBVCommandLineFlag@absl@@@__Cr@std@@@23@@__Cr@std@@PAX@__Cr@std@@@23@XZ
     ?second@?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QBEHXZ
     ?second@?$civil_time@Usecond_tag@time_internal@absl@@@detail@cctz@time_internal@absl@@QBEHXZ
+    ?self@Rep@InlineData@cord_internal@absl@@QAEPAU1234@XZ
+    ?self@Rep@InlineData@cord_internal@absl@@QBEPBU1234@XZ
     ?set@MaybeInitializedPtr@container_internal@absl@@QAEXPAX@Z
     ?set_arg@BoundConversion@str_format_internal@absl@@QAEXPBVFormatArgImpl@23@@Z
     ?set_begin@CordRepBtree@cord_internal@absl@@AAEXI@Z
@@ -5843,5 +5853,18 @@ EXPORTS
     ?year@?$civil_time@Uyear_tag@detail@cctz@time_internal@absl@@@detail@cctz@time_internal@absl@@QBE_JXZ
     ?year_index@impl@detail@cctz@time_internal@absl@@YAH_JC@Z
     ?ymd_ord@impl@detail@cctz@time_internal@absl@@YA_J_JCC@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/abseil-cpp/symbols_x86_rel.def b/deps/v8/third_party/abseil-cpp/symbols_x86_rel.def
index 7ce60b3728b961..cf12345632695e 100644
--- a/deps/v8/third_party/abseil-cpp/symbols_x86_rel.def
+++ b/deps/v8/third_party/abseil-cpp/symbols_x86_rel.def
@@ -35,8 +35,8 @@ EXPORTS
     ??$Append@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@$0A@@Cord@absl@@QAEX$$QAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
     ??$AppendImpl@ABVCord@absl@@@Cord@absl@@AAEXABV01@@Z
     ??$AppendImpl@VCord@absl@@@Cord@absl@@AAEX$$QAV01@@Z
-    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPADI@Z
-    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPADI@Z
+    ??$AsciiStrCaseFoldLong@$00@ascii_internal@absl@@YAXPADPBDI@Z
+    ??$AsciiStrCaseFoldLong@$0A@@ascii_internal@absl@@YAXPADPBDI@Z
     ??$Base64EscapeInternal@V?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@strings_internal@absl@@YAXPBEIPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@_NPBD@Z
     ??$CallOnceImpl@A6AXXZ$$V@base_internal@absl@@YAXPAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@A6AXXZ@Z
     ??$CallOnceImpl@P8FlagImpl@flags_internal@absl@@AEXXZPAV123@@base_internal@absl@@YAXPAU?$atomic@I@__Cr@std@@W4SchedulingMode@01@$$QAP8FlagImpl@flags_internal@1@AEXXZ$$QAPAV671@@Z
@@ -182,6 +182,8 @@ EXPORTS
     ??0?$RandenPool@G@random_internal@absl@@QAE@XZ
     ??0?$RandenPool@I@random_internal@absl@@QAE@XZ
     ??0?$RandenPool@_K@random_internal@absl@@QAE@XZ
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QAE@W4State@012@PBV?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
+    ??0?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QAE@W4State@012@PBV?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@12@@Z
     ??0AlphaNum@absl@@QAE@H@Z
     ??0AlphaNum@absl@@QAE@I@Z
     ??0AlphaNum@absl@@QAE@PBD@Z
@@ -306,9 +308,6 @@ EXPORTS
     ??ACord@absl@@QBEDI@Z
     ??BCord@absl@@QBE?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@XZ
     ??Bint128@absl@@QBENXZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QAEAAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByAnyChar@absl@@USkipEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QAEAAV012@XZ
-    ??E?$SplitIterator@V?$Splitter@VByChar@absl@@UAllowEmpty@2@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@strings_internal@absl@@@strings_internal@absl@@QAEAAV012@XZ
     ??Eiterator@?$raw_hash_set@U?$FlatHashMapPolicy@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@container_internal@absl@@UStringHash@23@UStringEq@23@V?$allocator@U?$pair@$$CBV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAVCommandLineFlag@absl@@@__Cr@std@@@__Cr@std@@@container_internal@absl@@QAEAAV0123@XZ
     ??Gdetail@cctz@time_internal@absl@@YA?AV?$civil_time@Usecond_tag@detail@cctz@time_internal@absl@@@0123@V40123@_J@Z
     ??Kabsl@@YA?AVint128@0@V10@0@Z
@@ -378,6 +377,7 @@ EXPORTS
     ?AddressIsReadable@debugging_internal@absl@@YA_NPBX@Z
     ?AdvanceAndReadBytes@ChunkIterator@Cord@absl@@AAE?AV23@I@Z
     ?AdvanceBytesBtree@ChunkIterator@Cord@absl@@AAEXI@Z
+    ?Alloc@LowLevelAlloc@base_internal@absl@@SAPAXI@Z
     ?AllocWithArena@LowLevelAlloc@base_internal@absl@@SAPAXIPAUArena@123@@Z
     ?AlreadyExistsError@absl@@YA?AVStatus@1@V?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@@Z
     ?AlwaysTrue@Condition@absl@@CA_NPBV12@@Z
@@ -400,7 +400,9 @@ EXPORTS
     ?ApplyMask@MaskedPointer@flags_internal@absl@@AAEXI@Z
     ?ApplySubstitutions@strings_internal@absl@@YAHV?$basic_string_view@DU?$char_traits@D@__Cr@std@@@__Cr@std@@PAV?$vector@UViableSubstitution@strings_internal@absl@@V?$allocator@UViableSubstitution@strings_internal@absl@@@__Cr@std@@@45@PAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@45@@Z
     ?AsciiStrToLower@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToLower@ascii_internal@absl@@YAXPADPBDI@Z
     ?AsciiStrToUpper@absl@@YAXPAV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@@Z
+    ?AsciiStrToUpper@ascii_internal@absl@@YAXPADPBDI@Z
     ?AssertHeld@Mutex@absl@@QBEXXZ
     ?AssertNotHeld@Mutex@absl@@QBEXXZ
     ?AssertReaderHeld@Mutex@absl@@QBEXXZ
@@ -674,6 +676,7 @@ EXPORTS
     ?FormatTime@absl@@YA?AV?$basic_string@DU?$char_traits@D@__Cr@std@@V?$allocator@D@23@@__Cr@std@@VTime@1@VTimeZone@1@@Z
     ?FormatUntyped@str_format_internal@absl@@YA_NVFormatRawSinkImpl@12@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
     ?FprintF@str_format_internal@absl@@YAHPAU_iobuf@@VUntypedFormatSpecImpl@12@V?$Span@$$CBVFormatArgImpl@str_format_internal@absl@@@2@@Z
+    ?Free@LowLevelAlloc@base_internal@absl@@SAXPAX@Z
     ?Frequency@UnscaledCycleClock@base_internal@absl@@CANXZ
     ?FromChrono@absl@@YA?AVTime@1@ABV?$time_point@Vsystem_clock@chrono@__Cr@std@@V?$duration@_JV?$ratio@$00$0PECEA@@__Cr@std@@@234@@chrono@__Cr@std@@@Z
     ?FromTM@absl@@YA?AVTime@1@ABUtm@@VTimeZone@1@@Z
@@ -1368,5 +1371,18 @@ EXPORTS
     ?words@?$BigUnsigned@$03@strings_internal@absl@@QBEPBIXZ
     ?words@?$BigUnsigned@$0FE@@strings_internal@absl@@QBEPBIXZ
     ?xsputn@Streambuf@OStringStream@strings_internal@absl@@MAEHPBDH@Z
+    AbslContainerInternalSampleEverything
+    AbslInternalMutexYield
+    AbslInternalOnFatalLogMessage
+    AbslInternalPerThreadSemInit
+    AbslInternalPerThreadSemPoke
+    AbslInternalPerThreadSemPost
+    AbslInternalPerThreadSemWait
+    AbslInternalReportFatalUsageError
+    AbslInternalSleepFor
     AbslInternalSpinLockDelay
     AbslInternalSpinLockWake
+    AbslInternalTraceContinue
+    AbslInternalTraceObserved
+    AbslInternalTraceSignal
+    AbslInternalTraceWait
diff --git a/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h b/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
index 7dbb516e398f0b..86a4e22c48b2a5 100644
--- a/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
+++ b/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
@@ -12,7 +12,7 @@
 	#include <immintrin.h>
 #endif
 
-#if defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
+#if defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
 	#include <intrin.h>
 #endif
 
@@ -24,7 +24,7 @@ static inline float fp32_from_bits(uint32_t w) {
 	return __uint_as_float((unsigned int) w);
 #elif defined(__INTEL_COMPILER)
 	return _castu32_f32(w);
-#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
 	return _CopyFloatFromInt32((__int32) w);
 #else
 	union {
@@ -42,7 +42,7 @@ static inline uint32_t fp32_to_bits(float f) {
 	return (uint32_t) __float_as_uint(f);
 #elif defined(__INTEL_COMPILER)
 	return _castf32_u32(f);
-#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
 	return (uint32_t) _CopyInt32FromFloat(f);
 #else
 	union {
@@ -60,7 +60,7 @@ static inline double fp64_from_bits(uint64_t w) {
 	return __longlong_as_double((long long) w);
 #elif defined(__INTEL_COMPILER)
 	return _castu64_f64(w);
-#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
 	return _CopyDoubleFromInt64((__int64) w);
 #else
 	union {
@@ -78,7 +78,7 @@ static inline uint64_t fp64_to_bits(double f) {
 	return (uint64_t) __double_as_longlong(f);
 #elif defined(__INTEL_COMPILER)
 	return _castf64_u64(f);
-#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
 	return (uint64_t) _CopyInt64FromDouble(f);
 #else
 	union {
diff --git a/deps/v8/third_party/inspector_protocol/crdtp/json_platform_v8.cc b/deps/v8/third_party/inspector_protocol/crdtp/json_platform_v8.cc
index 891aa3e8d42eaa..6763df64fbc4d1 100644
--- a/deps/v8/third_party/inspector_protocol/crdtp/json_platform_v8.cc
+++ b/deps/v8/third_party/inspector_protocol/crdtp/json_platform_v8.cc
@@ -16,8 +16,7 @@ namespace platform {
 // Parses |str| into |result|. Returns false iff there are
 // leftover characters or parsing errors.
 bool StrToD(const char* str, double* result) {
-  *result =
-      v8::internal::StringToDouble(str, v8::internal::NO_CONVERSION_FLAGS);
+  *result = v8::internal::StringToDouble(str, v8::internal::NO_CONVERSION_FLAG);
   return std::isfinite(*result);
 }
 
diff --git a/deps/v8/third_party/zlib/chromeconf.h b/deps/v8/third_party/zlib/chromeconf.h
index a50938c44521fb..5b91c86442105a 100644
--- a/deps/v8/third_party/zlib/chromeconf.h
+++ b/deps/v8/third_party/zlib/chromeconf.h
@@ -199,8 +199,5 @@
 /* Symbols added by cpu_features.c */
 #define cpu_check_features Cr_z_cpu_check_features
 #define x86_cpu_enable_sse2 Cr_z_x86_cpu_enable_sse2
-#define x86_cpu_enable_avx512 Cr_z_x86_cpu_enable_avx512
-#define riscv_cpu_enable_rvv Cr_z_riscv_cpu_enable_rvv
-#define riscv_cpu_enable_vclmul Cr_z_riscv_cpu_enable_vclmul
 
 #endif /* THIRD_PARTY_ZLIB_CHROMECONF_H_ */
diff --git a/deps/v8/third_party/zlib/crc32_simd.c b/deps/v8/third_party/zlib/crc32_simd.c
index cbe9739578c943..1c60ae9bd3c118 100644
--- a/deps/v8/third_party/zlib/crc32_simd.c
+++ b/deps/v8/third_party/zlib/crc32_simd.c
@@ -398,7 +398,7 @@ uint32_t ZLIB_INTERNAL crc32_sse42_simd_(  /* SSE4.2+PCLMUL */
  */
 #include <arm_acle.h>
 #include <arm_neon.h>
-#define TARGET_ARMV8_WITH_CRC __attribute__((target("arch=armv8-a+crc")))
+#define TARGET_ARMV8_WITH_CRC __attribute__((target("arch=armv8-a+crc+crypto")))
 #else  // !defined(__GNUC__) && !defined(_aarch64__)
 #error ARM CRC32 SIMD extensions only supported for Clang and GCC
 #endif
diff --git a/deps/v8/third_party/zlib/google/zip_unittest.cc b/deps/v8/third_party/zlib/google/zip_unittest.cc
index 58bafb809d6bf9..5cb61e6330ae92 100644
--- a/deps/v8/third_party/zlib/google/zip_unittest.cc
+++ b/deps/v8/third_party/zlib/google/zip_unittest.cc
@@ -63,8 +63,9 @@ bool CreateFile(const std::string& content,
   if (!base::CreateTemporaryFile(file_path))
     return false;
 
-  if (base::WriteFile(*file_path, content.data(), content.size()) == -1)
+  if (!base::WriteFile(*file_path, content)) {
     return false;
+  }
 
   *file = base::File(
       *file_path, base::File::Flags::FLAG_OPEN | base::File::Flags::FLAG_READ);
@@ -350,7 +351,7 @@ class ZipTest : public PlatformTest {
     base::Time now_time;
     EXPECT_TRUE(base::Time::FromUTCExploded(now_parts, &now_time));
 
-    EXPECT_EQ(1, base::WriteFile(src_file, "1", 1));
+    EXPECT_TRUE(base::WriteFile(src_file, "1"));
     EXPECT_TRUE(base::TouchFile(src_file, base::Time::Now(), test_mtime));
 
     EXPECT_TRUE(zip::Zip(src_dir, zip_file, true));
diff --git a/deps/v8/tools/builtins-pgo/download_profiles.py b/deps/v8/tools/builtins-pgo/download_profiles.py
index 7f1502cfb469fa..2bf15af62852c0 100755
--- a/deps/v8/tools/builtins-pgo/download_profiles.py
+++ b/deps/v8/tools/builtins-pgo/download_profiles.py
@@ -11,200 +11,263 @@
 """
 
 import argparse
-import contextlib
+from functools import cached_property
+import json
 import os
 import pathlib
 import re
 import sys
 
-FILENAME = os.path.basename(__file__)
+FILE = pathlib.Path(os.path.abspath(__file__))
+V8_DIR = FILE.parents[2]
+PGO_PROFILE_DIR = V8_DIR / 'tools/builtins-pgo/profiles'
+
 PGO_PROFILE_BUCKET = 'chromium-v8-builtins-pgo'
-PGO_PROFILE_DIR = pathlib.Path(os.path.dirname(__file__)) / 'profiles'
+CHROMIUM_DEPS_V8_REVISION = r"'v8_revision': '([0-9a-f]{40})',"
+
+DEPOT_TOOLS_DEFAULT_PATH = V8_DIR / 'third_party/depot_tools'
 
-V8_DIR = PGO_PROFILE_DIR.parents[2]
-DEPOT_TOOLS_DEFAULT_PATH = os.path.join(V8_DIR, 'third_party', 'depot_tools')
-VERSION_FILE = V8_DIR / 'include' / 'v8-version.h'
+VERSION_FILE = V8_DIR / 'include/v8-version.h'
 VERSION_RE = r"""#define V8_MAJOR_VERSION (\d+)
 #define V8_MINOR_VERSION (\d+)
 #define V8_BUILD_NUMBER (\d+)
 #define V8_PATCH_LEVEL (\d+)"""
 
 
-def main(cmd_args=None):
-  args = parse_args(cmd_args)
-  import_gsutil(args)
-  version = retrieve_version(args)
-  perform_action(version, args)
-  sys.exit(0)
-
-
-def parse_args(cmd_args):
-  parser = argparse.ArgumentParser(
-      description=(
-          f'Download PGO profiles for V8 builtins generated for the version '
-          f'defined in {VERSION_FILE}. If the current checkout has no version '
-          f'(i.e. build and patch level are 0 in {VERSION_FILE}), no profiles '
-          f'exist and the script returns without errors.'),
-      formatter_class=argparse.RawDescriptionHelpFormatter,
-      epilog='\n'.join([
-          f'examples:', f'  {FILENAME} download',
-          f'  {FILENAME} validate --bucket=chromium-v8-builtins-pgo-staging',
-          f'', f'return codes:',
-          f'  0 - profiles successfully downloaded or validated',
-          f'  1 - unexpected error, see stdout',
-          f'  2 - invalid arguments specified, see {FILENAME} --help',
-          f'  3 - invalid path to depot_tools provided'
-          f'  4 - gsutil was unable to retrieve data from the bucket'
-      ]),
-  )
-
-  parser.add_argument(
-      'action',
-      choices=['download', 'validate'],
-      help=(
-          'download or validate profiles for the currently checked out version'
-      ),
-  )
-
-  parser.add_argument(
-      '--version',
-      help=('download (or validate) profiles for this version (e.g. 11.0.226.0 '
-            'or 11.0.226.2), defaults to the version in v8\'s version file'),
-  )
-
-  parser.add_argument(
-      '--depot-tools',
-      help=('path to depot tools, defaults to V8\'s version in '
-            f'{DEPOT_TOOLS_DEFAULT_PATH}.'),
-      type=pathlib.Path,
-      default=DEPOT_TOOLS_DEFAULT_PATH,
-  )
-
-  parser.add_argument(
-      '--force',
-      help=('force download, overwriting existing profiles'),
-      action='store_true',
-  )
-
-  parser.add_argument(
-      '--quiet',
-      help=('run silently, still display errors'),
-      action='store_true',
-  )
-
-  return parser.parse_args(cmd_args)
-
-
-def import_gsutil(args):
-  abs_depot_tools_path = os.path.abspath(args.depot_tools)
-  file = os.path.join(abs_depot_tools_path, 'download_from_google_storage.py')
-  if not pathlib.Path(file).is_file():
-    print(f'{file} does not exist; check --depot-tools path.', file=sys.stderr)
-    sys.exit(3)
-
-  # Put this path at the beginning of the PATH to give it priority.
-  sys.path.insert(0, abs_depot_tools_path)
-  globals()['gcs_download'] = __import__('download_from_google_storage')
-
-
-def retrieve_version(args):
-  if args.version:
-    return args.version
-
-  with open(VERSION_FILE) as f:
-    version_tuple = re.search(VERSION_RE, f.read()).groups(0)
-
-  version = '.'.join(version_tuple)
-  if version_tuple[2] == version_tuple[3] == '0':
-    log(args, f'The version file specifies {version}, which has no profiles.')
-    sys.exit(0)
-
-  return version
-
-
-def download_profiles(version_path, requested_version, args):
-  if args.force:
-    return True
-
-  if not version_path.is_file():
-    return True
-
-  with open(version_path) as version_file:
-    profiles_version = version_file.read()
-
-  if profiles_version != requested_version:
-    return True
-
-  log(args, 'Profiles already downloaded, use --force to overwrite.')
-  return False
-
-
-@contextlib.contextmanager
-def ensure_profiles(version, args):
-  version_path = PGO_PROFILE_DIR / 'profiles_version'
-  require_profiles = download_profiles(version_path, version, args)
-  yield require_profiles
-  if require_profiles:
-    with open(version_path, 'w') as version_file:
-      version_file.write(version)
-
-
-def perform_action(version, args):
-  path = f'{PGO_PROFILE_BUCKET}/by-version/{version}'
-
-  if args.action == 'download':
-    with ensure_profiles(version, args) as require_profiles:
-      if not require_profiles:
-        return
-
-      cmd = ['cp', '-R', f'gs://{path}/*.profile', str(PGO_PROFILE_DIR)]
+class ProfileDownloader:
+  def __init__(self, cmd_args=None):
+    self.args = self._parse_args(cmd_args)
+    self._import_gsutil()
+
+  def run(self):
+    if self.args.action == 'download':
+      self._download()
+      sys.exit(0)
+
+    if self.args.action == 'validate':
+      self._validate()
+      sys.exit(0)
+
+    raise AssertionError(f'Invalid action: {args.action}')
+
+  def _parse_args(self, cmd_args):
+    parser = argparse.ArgumentParser(
+        description=(
+            f'Download PGO profiles for V8 builtins generated for the version '
+            f'defined in {VERSION_FILE}. If the current checkout has no '
+            f'version (i.e. build and patch level are 0 in {VERSION_FILE}), no '
+            f'profiles exist and the script returns without errors.'),
+        formatter_class=argparse.RawDescriptionHelpFormatter,
+        epilog='\n'.join([
+            f'examples:', f'  {FILE.name} download',
+            f'  {FILE.name} validate --bucket=chromium-v8-builtins-pgo-staging',
+            f'', f'return codes:',
+            f'  0 - profiles successfully downloaded or validated',
+            f'  1 - unexpected error, see stdout',
+            f'  2 - invalid arguments specified, see {FILE.name} --help',
+            f'  3 - invalid path to depot_tools provided'
+            f'  4 - gsutil was unable to retrieve data from the bucket'
+            f'  5 - profiles have been generated for a different revision'
+            f'  6 - chromium DEPS file found without v8 revision'
+            f'  7 - no chromium DEPS file found'
+        ]),
+    )
+
+    parser.add_argument(
+        'action',
+        choices=['download', 'validate'],
+        help=(
+            'download or validate profiles for the currently checked out '
+            'version'
+        ),
+    )
+
+    parser.add_argument(
+        '--version',
+        help=('download (or validate) profiles for this version (e.g. '
+              '11.0.226.0 or 11.0.226.2), defaults to the version in v8\'s '
+              'version file'),
+    )
+
+    parser.add_argument(
+        '--depot-tools',
+        help=('path to depot tools, defaults to V8\'s version in '
+              f'{DEPOT_TOOLS_DEFAULT_PATH}.'),
+        type=pathlib.Path,
+        default=DEPOT_TOOLS_DEFAULT_PATH,
+    )
+
+    parser.add_argument(
+        '--force',
+        help='force download, overwriting existing profiles',
+        action='store_true',
+    )
+
+    parser.add_argument(
+        '--quiet',
+        help='run silently, still display errors',
+        action='store_true',
+    )
+
+    parser.add_argument(
+        '--check-v8-revision',
+        help='validate profiles are built for chromium\'s V8 revision',
+        action='store_true',
+    )
+
+    return parser.parse_args(cmd_args)
+
+  def _import_gsutil(self):
+    abs_depot_tools_path = os.path.abspath(self.args.depot_tools)
+    file = os.path.join(abs_depot_tools_path, 'download_from_google_storage.py')
+    if not pathlib.Path(file).is_file():
+      message = f'{file} does not exist; check --depot-tools path.'
+      self._fail(3, message)
+
+    # Put this path at the beginning of the PATH to give it priority.
+    sys.path.insert(0, abs_depot_tools_path)
+    globals()['gcs_download'] = __import__('download_from_google_storage')
+
+  @cached_property
+  def version(self):
+    if self.args.version:
+      return self.args.version
+
+    with VERSION_FILE.open() as f:
+      version_tuple = re.search(VERSION_RE, f.read()).groups(0)
+
+    version = '.'.join(version_tuple)
+    if version_tuple[2] == version_tuple[3] == '0':
+      self._log(f'The version file specifies {version}, which has no profiles.')
+      sys.exit(0)
+
+    return version
+
+  @cached_property
+  def _remote_profile_path(self):
+    return f'{PGO_PROFILE_BUCKET}/by-version/{self.version}'
+
+  @cached_property
+  def _meta_json_path(self):
+    return PGO_PROFILE_DIR / 'meta.json'
+
+  @cached_property
+  def _v8_revision(self):
+    """If this script is executed within a chromium checkout, return the V8
+    revision defined in chromium. Otherwise return None."""
+
+    chromium_deps_file = V8_DIR.parent / 'DEPS'
+    if not chromium_deps_file.is_file():
+      message = (
+          f'File {chromium_deps_file} not found. Verify the parent directory '
+          f'of V8 is a valid chromium checkout.'
+      )
+      self._fail(7, message)
+
+    with chromium_deps_file.open() as f:
+      chromum_deps = f.read()
+
+    match = re.search(CHROMIUM_DEPS_V8_REVISION, chromum_deps)
+    if not match:
+      message = (
+          f'No V8 revision can be found in {chromium_deps_file}. Verify this '
+          f'is a valid chromium DEPS file including a v8 version entry.'
+      )
+      self._fail(6, message)
+
+    return match.group(1)
+
+  def _download(self):
+    if self._require_download():
+      # Wipe profiles directory.
+      for file in PGO_PROFILE_DIR.glob('*'):
+        if file.name.startswith('.'):
+          continue
+        file.unlink()
+
+      # Download new profiles.
+      path = self._remote_profile_path
+      cmd = ['cp', '-R', f'gs://{path}/*', str(PGO_PROFILE_DIR)]
       failure_hint = f'https://storage.googleapis.com/{path} does not exist.'
-      call_gsutil(cmd, failure_hint)
-      return
-
-  if args.action == 'validate':
-    meta_json = f'{path}/meta.json'
+      self._call_gsutil(cmd, failure_hint)
+
+    # Validate profile revision matches the current V8 revision.
+    if self.args.check_v8_revision:
+      with self._meta_json_path.open() as meta_json_file:
+        meta_json = json.load(meta_json_file)
+
+      if meta_json['revision'] != self._v8_revision:
+        message = (
+            f'V8 Builtins PGO profiles have been built for '
+            f'{meta_json["revision"]}, but this chromium checkout uses '
+            f'{self._v8_revision} in its DEPS file. Invalid profiles might '
+            f'cause the build to fail or result in performance regressions. '
+            f'Select a V8 revision which has up-to-date profiles or build with '
+            f'pgo disabled.'
+        )
+        self._fail(5, message)
+
+  def _require_download(self):
+    if self.args.force:
+      return True
+
+    if not self._meta_json_path.is_file():
+      return True
+
+    with self._meta_json_path.open() as meta_json_file:
+      try:
+        meta_json = json.load(meta_json_file)
+      except json.decoder.JSONDecodeError:
+        return True
+
+    if meta_json['version'] != self.version:
+      return True
+
+    self._log('Profiles already downloaded, use --force to overwrite.')
+    return False
+
+  def _validate(self):
+    meta_json = f'{self._remote_profile_path}/meta.json'
     cmd = ['stat', f'gs://{meta_json}']
     failure_hint = f'https://storage.googleapis.com/{meta_json} does not exist.'
-    call_gsutil(cmd, failure_hint)
-    return
-
-  raise AssertionError(f'Invalid action: {args.action}')
-
-
-def call_gsutil(cmd, failure_hint):
-  # Load gsutil from depot tools, and execute command
-  gsutil = gcs_download.Gsutil(gcs_download.GSUTIL_DEFAULT_PATH)
-  returncode, stdout, stderr = gsutil.check_call(*cmd)
-  if returncode != 0:
-    print_error(['gsutil', *cmd], returncode, stdout, stderr, failure_hint)
-    sys.exit(4)
-
-
-def print_error(cmd, returncode, stdout, stderr, failure_hint):
-  message = [
-      'The following command did not succeed:',
-      f'  $ {" ".join(cmd)}',
-  ]
-  sections = [
-      ('return code', str(returncode)),
-      ('stdout', stdout.strip()),
-      ('stderr', stderr.strip()),
-      ('hint', failure_hint),
-  ]
-  for label, output in sections:
-    if not output:
-      continue
-    message += [f'{label}:', "  " + "\n  ".join(output.split("\n"))]
-
-  print('\n'.join(message), file=sys.stderr)
-
+    self._call_gsutil(cmd, failure_hint)
+
+  def _call_gsutil(self, cmd, failure_hint):
+    # Load gsutil from depot tools, and execute command
+    gsutil = gcs_download.Gsutil(gcs_download.GSUTIL_DEFAULT_PATH)
+    returncode, stdout, stderr = gsutil.check_call(*cmd)
+    if returncode != 0:
+      self._print_error(['gsutil', *cmd], returncode, stdout, stderr, failure_hint)
+      sys.exit(4)
+
+  def _print_error(self, cmd, returncode, stdout, stderr, failure_hint):
+    message = [
+        'The following command did not succeed:',
+        f'  $ {" ".join(cmd)}',
+    ]
+    sections = [
+        ('return code', str(returncode)),
+        ('stdout', stdout.strip()),
+        ('stderr', stderr.strip()),
+        ('hint', failure_hint),
+    ]
+    for label, output in sections:
+      if not output:
+        continue
+      message += [f'{label}:', "  " + "\n  ".join(output.split("\n"))]
+
+    print('\n'.join(message), file=sys.stderr)
+
+  def _log(self, message):
+    if self.args.quiet:
+      return
+    print(message)
 
-def log(args, message):
-  if args.quiet:
-    return
-  print(message)
+  def _fail(self, returncode, message):
+    print(message, file=sys.stderr)
+    sys.exit(returncode)
 
 
 if __name__ == '__main__':
-  main()
+  downloader = ProfileDownloader()
+  downloader.run()
diff --git a/deps/v8/tools/builtins-pgo/download_profiles_test.py b/deps/v8/tools/builtins-pgo/download_profiles_test.py
index f92a8770323c68..56dbe72568fe84 100644
--- a/deps/v8/tools/builtins-pgo/download_profiles_test.py
+++ b/deps/v8/tools/builtins-pgo/download_profiles_test.py
@@ -6,6 +6,7 @@
 
 import contextlib
 import io
+import json
 import os
 import pathlib
 import unittest
@@ -13,19 +14,49 @@
 from tempfile import TemporaryDirectory
 from unittest.mock import patch, mock_open
 
-from download_profiles import main, parse_args, retrieve_version
+from download_profiles import ProfileDownloader
 
 
-def mock_version_file(major, minor, build, patch):
-  return (
-      f'#define V8_MAJOR_VERSION {major}\n'
-      f'#define V8_MINOR_VERSION {minor}\n'
-      f'#define V8_BUILD_NUMBER {build}\n'
-      f'#define V8_PATCH_LEVEL {patch}\n'
-  )
+class BaseTestCase(unittest.TestCase):
+  def setUp(self):
+    self.chromium_dir = TemporaryDirectory()
+    self.chromium_path = pathlib.Path(self.chromium_dir.name)
 
+    os.makedirs(self.profiles_path)
 
-class TestDownloadProfiles(unittest.TestCase):
+    patch('download_profiles.PGO_PROFILE_DIR', self.profiles_path).start()
+    patch('download_profiles.V8_DIR', self.chromium_path / 'v8').start()
+    patch('download_profiles.VERSION_FILE', self.version_h_path).start()
+
+  def tearDown(self):
+    patch.stopall()
+    self.chromium_dir.cleanup()
+
+  def add_version_h_file(self, major, minor, build=0, patch=0):
+    self.version_h_path.parents[0].mkdir(parents=True, exist_ok=True)
+
+    with self.version_h_path.open('w') as f:
+      f.write(
+        f'#define V8_MAJOR_VERSION {major}\n'
+        f'#define V8_MINOR_VERSION {minor}\n'
+        f'#define V8_BUILD_NUMBER {build}\n'
+        f'#define V8_PATCH_LEVEL {patch}\n'
+      )
+
+  @property
+  def v8_path(self):
+    return self.chromium_path / 'v8'
+
+  @property
+  def profiles_path(self):
+    return self.v8_path / 'tools/builtins-pgo/profiles'
+
+  @property
+  def version_h_path(self):
+    return self.v8_path / 'include/v8-version.h'
+
+
+class TestDownloadProfiles(BaseTestCase):
 
   def _test_cmd(self, cmd, exitcode):
     out = io.StringIO()
@@ -33,7 +64,14 @@ def _test_cmd(self, cmd, exitcode):
     with self.assertRaises(SystemExit) as se, \
         contextlib.redirect_stdout(out), \
         contextlib.redirect_stderr(err):
-      main(cmd)
+      downloader = ProfileDownloader(cmd)
+
+      # Note: This loads the version file before running the downloader to
+      # simplify patching.
+      downloader.version
+
+      downloader.run()
+
     self.assertEqual(se.exception.code, exitcode)
     return out.getvalue(), err.getvalue()
 
@@ -43,42 +81,38 @@ def test_validate_profiles(self):
     self.assertEqual(len(err), 0)
 
   def test_download_profiles(self):
-    with TemporaryDirectory() as td, \
-        patch('download_profiles.PGO_PROFILE_DIR', pathlib.Path(td)):
+    out, err = self._test_cmd(['download', '--version', '11.1.0.0'], 0)
+    self.assertEqual(len(out), 0)
+    self.assertEqual(len(err), 0)
+    self.assertTrue(any(
+        f.name.endswith('.profile') for f in self.profiles_path.glob('*')))
+
+    with (self.profiles_path / 'meta.json').open() as f:
+      self.assertEqual(json.load(f)['version'], '11.1.0.0')
+
+    # A second download should not be started as profiles exist already
+    with patch('download_profiles.ProfileDownloader._call_gsutil') as gsutil:
       out, err = self._test_cmd(['download', '--version', '11.1.0.0'], 0)
+      self.assertEqual(out,
+          'Profiles already downloaded, use --force to overwrite.\n')
+      gsutil.assert_not_called()
+
+    # A forced download should always trigger
+    with patch('download_profiles.ProfileDownloader._call_gsutil') as gsutil:
+      cmd = ['download', '--version', '11.1.0.0', '--force']
+      out, err = self._test_cmd(cmd, 0)
       self.assertEqual(len(out), 0)
       self.assertEqual(len(err), 0)
-      self.assertGreater(
-          len([f for f in os.listdir(td) if f.endswith('.profile')]), 0)
-      with open(pathlib.Path(td) / 'profiles_version') as f:
-        self.assertEqual(f.read(), '11.1.0.0')
-
-      # A second download should not be started as profiles exist already
-      with patch('download_profiles.call_gsutil') as gsutil:
-        out, err = self._test_cmd(['download', '--version', '11.1.0.0'], 0)
-        self.assertEqual(
-            out,
-            'Profiles already downloaded, use --force to overwrite.\n',
-        )
-        gsutil.assert_not_called()
-
-      # A forced download should always trigger
-      with patch('download_profiles.call_gsutil') as gsutil:
-        cmd = ['download', '--version', '11.1.0.0', '--force']
-        out, err = self._test_cmd(cmd, 0)
-        self.assertEqual(len(out), 0)
-        self.assertEqual(len(err), 0)
-        gsutil.assert_called_once()
+      gsutil.assert_called_once()
 
   def test_arg_quiet(self):
-    with patch(
-        'builtins.open',
-        new=mock_open(read_data=mock_version_file(11, 9, 0, 0))):
-      out, err = self._test_cmd(['download'], 0)
-      self.assertGreater(len(out), 0)
+    self.add_version_h_file(11, 9)
 
-      out, err = self._test_cmd(['download', '--quiet'], 0)
-      self.assertEqual(len(out), 0)
+    out, err = self._test_cmd(['download'], 0)
+    self.assertGreater(len(out), 0)
+
+    out, err = self._test_cmd(['download', '--quiet'], 0)
+    self.assertEqual(len(out), 0)
 
   def test_invalid_args(self):
     out, err = self._test_cmd(['invalid-action'], 2)
@@ -96,31 +130,50 @@ def test_missing_profiles(self):
     self.assertEqual(len(out), 0)
     self.assertGreater(len(err), 0)
 
+  def test_chromium_deps_valid_v8_revision(self):
+    with (self.chromium_path / 'DEPS').open('w') as f:
+      f.write("'v8_revision': '778cc4ae9ebb1973e900d4a56a16e6415492ab1d',")
+
+    cmd = ['download', '--version', '11.1.0.0', '--check-v8-revision']
+    self._test_cmd(cmd, 0)
+
+  def test_chromium_deps_no_file(self):
+    cmd = ['download', '--version', '11.1.0.0', '--check-v8-revision']
+    self._test_cmd(cmd, 7)
+
+  def test_chromium_deps_no_v8_revision(self):
+    with (self.chromium_path / 'DEPS').open('w') as f:
+      pass
 
-class TestRetrieveVersion(unittest.TestCase):
+    cmd = ['download', '--version', '11.1.0.0', '--check-v8-revision']
+    self._test_cmd(cmd, 6)
+
+  def test_chromium_deps_invalid_v8_revision(self):
+    with (self.chromium_path / 'DEPS').open('w') as f:
+      f.write("'v8_revision': 'deadbeefdeadbeefdeadbeefdeadbeefdeadbeef',")
+
+    cmd = ['download', '--version', '11.1.0.0', '--check-v8-revision']
+    self._test_cmd(cmd, 5)
+
+
+class TestRetrieveVersion(BaseTestCase):
   def test_retrieve_valid_version(self):
-    with patch(
-        'builtins.open',
-        new=mock_open(read_data=mock_version_file(11, 4, 1, 0))):
-      args = parse_args(['download'])
-      version = retrieve_version(args)
+    self.add_version_h_file(11, 4, 1)
 
-    self.assertEqual(version, '11.4.1.0')
+    downloader = ProfileDownloader(['download'])
+    self.assertEqual(downloader.version, '11.4.1.0')
 
   def test_retrieve_parameter_version(self):
-    args = parse_args(['download', '--version', '11.1.1.42'])
-    version = retrieve_version(args)
-    self.assertEqual(version, '11.1.1.42')
+    downloader = ProfileDownloader(['download', '--version', '11.1.1.42'])
+    self.assertEqual(downloader.version, '11.1.1.42')
 
   def test_retrieve_untagged_version(self):
+    self.add_version_h_file(11, 4)
+
     out = io.StringIO()
-    with patch(
-        'builtins.open',
-        new=mock_open(read_data=mock_version_file(11, 4, 0, 0))), \
-        contextlib.redirect_stdout(out), \
-        self.assertRaises(SystemExit) as se:
-      args = parse_args(['download'])
-      version = retrieve_version(args)
+    with contextlib.redirect_stdout(out), self.assertRaises(SystemExit) as se:
+      downloader = ProfileDownloader(['download'])
+      downloader.version
 
     self.assertEqual(se.exception.code, 0)
     self.assertEqual(out.getvalue(),
diff --git a/deps/v8/tools/debug_helper/debug-helper-internal.h b/deps/v8/tools/debug_helper/debug-helper-internal.h
index a8dfcb9009c9af..1429261a6f8541 100644
--- a/deps/v8/tools/debug_helper/debug-helper-internal.h
+++ b/deps/v8/tools/debug_helper/debug-helper-internal.h
@@ -15,6 +15,7 @@
 #include <vector>
 
 #include "debug-helper.h"
+#include "src/common/globals.h"
 #include "src/objects/instance-type.h"
 
 namespace d = v8::debug_helper;
diff --git a/deps/v8/tools/debug_helper/get-object-properties.cc b/deps/v8/tools/debug_helper/get-object-properties.cc
index b2d6572411c078..0db26ad34b2d43 100644
--- a/deps/v8/tools/debug_helper/get-object-properties.cc
+++ b/deps/v8/tools/debug_helper/get-object-properties.cc
@@ -2,6 +2,7 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
+#include <optional>
 #include <sstream>
 
 #include "debug-helper-internal.h"
@@ -18,9 +19,7 @@
 
 namespace i = v8::internal;
 
-namespace v8 {
-namespace internal {
-namespace debug_helper_internal {
+namespace v8::internal::debug_helper_internal {
 
 constexpr char kTaggedValue[] = "v8::internal::TaggedValue";
 constexpr char kSmi[] = "v8::internal::Smi";
@@ -216,7 +215,7 @@ TypedObject GetTypedHeapObject(uintptr_t address, d::MemoryAccessor accessor,
 class ReadStringVisitor : public TqObjectVisitor {
  public:
   struct Result {
-    v8::base::Optional<std::string> maybe_truncated_string;
+    std::optional<std::string> maybe_truncated_string;
     std::unique_ptr<ObjectProperty> maybe_raw_characters_property;
   };
   static Result Visit(d::MemoryAccessor accessor,
@@ -228,7 +227,7 @@ class ReadStringVisitor : public TqObjectVisitor {
   }
 
   // Returns the result as UTF-8 once visiting is complete.
-  v8::base::Optional<std::string> GetString() {
+  std::optional<std::string> GetString() {
     if (failed_) return {};
     std::vector<char> result(
         string_.size() * unibrow::Utf16::kMaxExtraUtf8BytesForOneUtf16CodeUnit);
@@ -813,9 +812,7 @@ std::unique_ptr<StackFrameResult> GetStackFrame(
   return std::make_unique<StackFrameResult>(std::move(props));
 }
 
-}  // namespace debug_helper_internal
-}  // namespace internal
-}  // namespace v8
+}  // namespace v8::internal::debug_helper_internal
 
 namespace di = v8::internal::debug_helper_internal;
 
diff --git a/deps/v8/tools/gdbinit b/deps/v8/tools/gdbinit
index 8432e2ecd41062..9488a7bd3ae941 100644
--- a/deps/v8/tools/gdbinit
+++ b/deps/v8/tools/gdbinit
@@ -63,7 +63,7 @@ class PrintV8LocalCommand(PrintV8HandleCommand):
     # Before https://crrev.com/c/4335544, v8::Local contained a val_.
     if gdb.types.has_field(value.type, "val_"):
       return self.print_indirect(value["val_"], from_tty)
-    # With v8_enable_direct_local=true, v8::Local contains a ptr_.
+    # With v8_enable_direct_handle=true, v8::Local contains a ptr_.
     if gdb.types.has_field(value.type, "ptr_"):
       return self.print_direct(value["ptr_"], from_tty)
     # We don't know how to print this...
diff --git a/deps/v8/tools/grokdump.py b/deps/v8/tools/grokdump.py
index 879696b7b00eb5..36c2769b184e91 100755
--- a/deps/v8/tools/grokdump.py
+++ b/deps/v8/tools/grokdump.py
@@ -817,7 +817,12 @@ def Is32BitTagged(self):
 
   def ReadTagged(self, address):
     if self.Is32BitTagged():
-      return self.ReadU32(address)
+      tagged = self.ReadU32(address)
+      if self.IsPointerCompressed():
+        # Uncompress using the slot address.
+        return (address & (0xFFFFFFFF << 32)) | (tagged & 0xFFFFFFFF)
+      else:
+        return tagged
     return self.ReadU64(address)
 
   def ReadUIntPtr(self, address):
@@ -1367,7 +1372,7 @@ def CharsOffset(self):
   def __init__(self, heap, map, address):
     String.__init__(self, heap, map, address)
     self.chars = heap.reader.ReadBytes(self.address + self.CharsOffset(),
-                                       self.length)
+                                       self.length).decode('utf8')
 
   def GetChars(self):
     return self.chars
@@ -1418,8 +1423,8 @@ def __init__(self, heap, map, address):
   def GetChars(self):
     try:
       return self.left.GetChars() + self.right.GetChars()
-    except:
-      return "***CAUGHT EXCEPTION IN GROKDUMP***"
+    except Exception as e:
+      return "***CAUGHT EXCEPTION IN GROKDUMP***: " + str(e)
 
 
 class Oddball(HeapObject):
@@ -1763,34 +1768,28 @@ def _FormatLine(self, line):
 
 class V8Heap(object):
   CLASS_MAP = {
-    "SYMBOL_TYPE": SeqString,
-    "ONE_BYTE_SYMBOL_TYPE": SeqString,
-    "CONS_SYMBOL_TYPE": ConsString,
-    "CONS_ONE_BYTE_SYMBOL_TYPE": ConsString,
-    "EXTERNAL_SYMBOL_TYPE": ExternalString,
-    "EXTERNAL_SYMBOL_WITH_ONE_BYTE_DATA_TYPE": ExternalString,
-    "EXTERNAL_ONE_BYTE_SYMBOL_TYPE": ExternalString,
-    "UNCACHED_EXTERNAL_SYMBOL_TYPE": ExternalString,
-    "UNCACHED_EXTERNAL_SYMBOL_WITH_ONE_BYTE_DATA_TYPE": ExternalString,
-    "UNCACHED_EXTERNAL_ONE_BYTE_SYMBOL_TYPE": ExternalString,
-    "STRING_TYPE": SeqString,
-    "ONE_BYTE_STRING_TYPE": SeqString,
-    "CONS_STRING_TYPE": ConsString,
-    "CONS_ONE_BYTE_STRING_TYPE": ConsString,
-    "EXTERNAL_STRING_TYPE": ExternalString,
-    "EXTERNAL_STRING_WITH_ONE_BYTE_DATA_TYPE": ExternalString,
-    "EXTERNAL_ONE_BYTE_STRING_TYPE": ExternalString,
-    "MAP_TYPE": Map,
-    "ODDBALL_TYPE": Oddball,
-    "FIXED_ARRAY_TYPE": FixedArray,
-    "HASH_TABLE_TYPE": FixedArray,
-    "OBJECT_BOILERPLATE_DESCRIPTION_TYPE": FixedArray,
-    "SCOPE_INFO_TYPE": FixedArray,
-    "JS_FUNCTION_TYPE": JSFunction,
-    "SHARED_FUNCTION_INFO_TYPE": SharedFunctionInfo,
-    "SCRIPT_TYPE": Script,
-    "CODE_CACHE_TYPE": CodeCache,
-    "CODE_TYPE": Code,
+      "SYMBOL_TYPE": SeqString,
+      "SEQ_TWO_BYTE_STRING_TYPE": SeqString,
+      "SEQ_ONE_BYTE_STRING_TYPE": SeqString,
+      "INTERNALIZED_TWO_BYTE_STRING_TYPE": SeqString,
+      "INTERNALIZED_ONE_BYTE_STRING_TYPE": SeqString,
+      "CONS_TWO_BYTE_STRING_TYPE": ConsString,
+      "CONS_ONE_BYTE_STRING_TYPE": ConsString,
+      "EXTERNAL_TWO_BYTE_STRING_TYPE": ExternalString,
+      "EXTERNAL_ONE_BYTE_STRING_TYPE": ExternalString,
+      "EXTERNAL_INTERNALIZED_TWO_BYTE_STRING_TYPE": ExternalString,
+      "EXTERNAL_INTERNALIZED_ONE_BYTE_STRING_TYPE": ExternalString,
+      "MAP_TYPE": Map,
+      "ODDBALL_TYPE": Oddball,
+      "FIXED_ARRAY_TYPE": FixedArray,
+      "HASH_TABLE_TYPE": FixedArray,
+      "OBJECT_BOILERPLATE_DESCRIPTION_TYPE": FixedArray,
+      "SCOPE_INFO_TYPE": FixedArray,
+      "JS_FUNCTION_TYPE": JSFunction,
+      "SHARED_FUNCTION_INFO_TYPE": SharedFunctionInfo,
+      "SCRIPT_TYPE": Script,
+      "CODE_CACHE_TYPE": CodeCache,
+      "CODE_TYPE": Code,
   }
 
   def __init__(self, reader, stack_map):
@@ -1856,6 +1855,9 @@ def ObjectAlignmentMask(self):
   def IsTaggedObjectAddress(self, address):
     return (address & self.ObjectAlignmentMask()) == 1
 
+  def IsWeakTaggedObjectAddress(self, address):
+    return (address & self.ObjectAlignmentMask()) == 3
+
   def IsValidTaggedObjectAddress(self, address):
     if not self.IsTaggedObjectAddress(address): return False
     return self.reader.IsValidAddress(address)
@@ -1879,10 +1881,16 @@ def PageAlignmentMask(self):
   def IsTaggedAddress(self, address):
     return (address & self.ObjectAlignmentMask()) == 1
 
+  def IsWeakTaggedAddress(self, address):
+    return (address & self.ObjectAlignmentMask()) == 3
+
+  def IsMaybeWeakTaggedAddress(self, address):
+    return (address & 1) == 1
+
   def IsSmi(self, tagged_address):
     if self.reader.Is64() and not self.reader.IsPointerCompressed():
       return (tagged_address & 0xFFFFFFFF) == 0
-    return not self.IsTaggedAddress(tagged_address)
+    return (tagged_address & 1) == 0
 
   def SmiUntag(self, tagged_address):
     if self.reader.Is64() and not self.reader.IsPointerCompressed():
@@ -1941,6 +1949,27 @@ def find_object_in_region(reader, start, size, location):
 
     return objects
 
+
+for instance_type in V8Heap.CLASS_MAP.keys():
+  if instance_type not in set(INSTANCE_TYPES.values()):
+    print(
+        f"Warning: No instance type {instance_type} in"
+        "v8heapconst.INSTANCE_TYPES, you may need to regenerate v8heapconst.py")
+
+
+class UnknownObject(HeapObject):
+
+  def __init__(self, heap, address):
+    HeapObject.__init__(self, heap, None, None)
+    self.address = address
+
+  def GetChars(self):
+    return "<???>"
+
+  def __str__(self):
+    return "<0x%x>" % self.address
+
+
 class KnownObject(HeapObject):
   def __init__(self, heap, known_name):
     HeapObject.__init__(self, heap, None, None)
@@ -2039,6 +2068,7 @@ def get_comment(self, address):
 
 class InspectionPadawan(object):
   """The padawan can improve annotations by sensing well-known objects."""
+
   def __init__(self, reader, heap):
     self.reader = reader
     self.heap = heap
@@ -2099,18 +2129,28 @@ def SenseObject(self, address, slot=None):
       return self.FrameMarkerName(address)
     if self.heap.IsSmi(address):
       return self.FormatSmi(address)
-    if not self.heap.IsTaggedAddress(address): return None
+    if not self.heap.IsMaybeWeakTaggedAddress(address):
+      return None
     tagged_address = address
+    is_weak = self.heap.IsWeakTaggedAddress(address)
+    if is_weak:
+      tagged_address &= ~2
     if self.heap.IsPointerCompressed():
-      # Interpret the first page as the read-only space in pointer-comrpession.
+      # Interpret the first page as the read-only space in pointer-compression.
       page = self.GetPageAddress(tagged_address)
       tagged_page = page & 0xFFFFFFFF
       if tagged_page == 0:
         offset = self.GetPageOffset(tagged_address)
+        if offset == 1 and is_weak:
+          return "<cleared>"
         lookup_key = ("read_only_space", offset)
         known_obj_name = KNOWN_OBJECTS.get(lookup_key)
         if known_obj_name:
           return KnownObject(self, known_obj_name)
+        known_map_info = KNOWN_MAPS.get(lookup_key)
+        if known_map_info:
+          known_map_type, known_map_name = known_map_info
+          return KnownObject(self, known_map_name)
 
     if self.IsInKnownOldSpace(tagged_address):
       offset = self.GetPageOffset(tagged_address)
@@ -2118,43 +2158,65 @@ def SenseObject(self, address, slot=None):
       known_obj_name = KNOWN_OBJECTS.get(lookup_key)
       if known_obj_name:
         return KnownObject(self, known_obj_name)
+      known_map_info = KNOWN_MAPS.get(lookup_key)
+      if known_map_info:
+        known_map_type, known_map_name = known_map_info
+        return KnownObject(self, known_map_name)
+
     if self.IsInKnownMapSpace(tagged_address):
       known_map = self.SenseMap(tagged_address)
       if known_map:
         return known_map
+
     found_obj = self.heap.FindObject(tagged_address)
-    if found_obj: return found_obj
+    if found_obj:
+      return found_obj
     address = tagged_address - 1
     if self.reader.IsValidAddress(address):
       map_tagged_address = self.reader.ReadTagged(address)
       map = self.SenseMap(map_tagged_address)
-      if map is None: return None
+      if map is None:
+        return None
       instance_type_name = INSTANCE_TYPES.get(map.instance_type)
-      if instance_type_name is None: return None
+      if instance_type_name is None:
+        return None
       cls = V8Heap.CLASS_MAP.get(instance_type_name, HeapObject)
       return cls(self, map, address)
     return None
 
   def SenseMap(self, tagged_address):
+    if self.heap.IsPointerCompressed():
+      # Interpret the first page as the read-only space in pointer-compression.
+      page = self.GetPageAddress(tagged_address)
+      tagged_page = page & 0xFFFFFFFF
+      if tagged_page == 0:
+        offset = self.GetPageOffset(tagged_address)
+        lookup_key = ("read_only_space", offset)
+        known_map_info = KNOWN_MAPS.get(lookup_key)
+        if known_map_info:
+          known_map_type, known_map_name = known_map_info
+          return KnownMap(self, known_map_name, known_map_type)
     if self.IsInKnownMapSpace(tagged_address):
       offset = self.GetPageOffset(tagged_address)
-      lookup_key = ("MAP_SPACE", offset)
+      lookup_key = ("old_space", offset)
       known_map_info = KNOWN_MAPS.get(lookup_key)
       if known_map_info:
         known_map_type, known_map_name = known_map_info
         return KnownMap(self, known_map_name, known_map_type)
     found_map = self.heap.FindMap(tagged_address)
-    if found_map: return found_map
+    if found_map:
+      return found_map
     return None
 
   def FindObjectOrSmi(self, tagged_address):
     """When used as a mixin in place of V8Heap."""
     found_obj = self.SenseObject(tagged_address)
-    if found_obj: return found_obj
+    if found_obj:
+      return found_obj
     if self.IsSmi(tagged_address):
       return self.FormatSmi(tagged_address)
     else:
-      return "Unknown(%s)" % self.reader.FormatIntPtr(tagged_address)
+      return UnknownObject(self, tagged_address)
 
   def FindObject(self, tagged_address):
     """When used as a mixin in place of V8Heap."""
@@ -2172,9 +2234,11 @@ def PrintKnowledge(self):
 
   def FindFirstAsciiString(self, start, end=None, min_length=32):
     """ Walk the memory until we find a large string """
-    if not end: end = start + 64
+    if not end:
+      end = start + 64
     for slot in range(start, end):
-      if not self.reader.IsValidAddress(slot): break
+      if not self.reader.IsValidAddress(slot):
+        break
       message = self.reader.ReadAsciiString(slot)
       if len(message) > min_length:
         return (slot, message)
@@ -2187,12 +2251,15 @@ def PrintStackTraceMessage(self, start=None, print_message=True):
     """
     # Only look at the first 1k words on the stack
     ptr_size = self.reader.MachinePointerSize()
-    if start is None: start = self.reader.ExceptionSP()
-    if not self.reader.IsValidAddress(start): return start
+    if start is None:
+      start = self.reader.ExceptionSP()
+    if not self.reader.IsValidAddress(start):
+      return start
     end = start + ptr_size * 1024 * 4
     magic1 = None
     for slot in range(start, end, ptr_size):
-      if not self.reader.IsValidAddress(slot + ptr_size): break
+      if not self.reader.IsValidAddress(slot + ptr_size):
+        break
       magic1 = self.reader.ReadUIntPtr(slot)
       magic2 = self.reader.ReadUIntPtr(slot + ptr_size)
       pair = (magic1 & 0xFFFFFFFF, magic2 & 0xFFFFFFFF)
@@ -2204,23 +2271,23 @@ def PrintStackTraceMessage(self, start=None, print_message=True):
       elif pair[0] == ERROR_MESSAGE_MARKER:
         return self.TryExtractErrorMessage(slot, start, end, print_message)
     # Simple fallback in case not stack trace object was found
-    return self.TryExtractOldStyleStackTrace(0, start, end,
-                                             print_message)
+    return self.TryExtractOldStyleStackTrace(0, start, end, print_message)
 
   def TryExtractStackTrace(self, slot, start, end, print_message):
     ptr_size = self.reader.MachinePointerSize()
     assert self.reader.ReadUIntPtr(slot) & 0xFFFFFFFF == STACK_TRACE_MARKER
-    end_marker = STACK_TRACE_MARKER + 1;
+    end_marker = STACK_TRACE_MARKER + 1
     header_size = 10
     # Look for the end marker after the fields and the message buffer.
-    end_search = start + (32 * 1024) + (header_size * ptr_size);
+    end_search = start + (32 * 1024) + (header_size * ptr_size)
     end_slot = self.reader.FindPtr(end_marker, end_search,
                                    end_search + ptr_size * 512)
-    if not end_slot: return start
+    if not end_slot:
+      return start
     print("Stack Message (start=%s):" % self.heap.FormatIntPtr(slot))
     slot += ptr_size
-    for name in ("isolate","ptr1", "ptr2", "ptr3", "ptr4", "codeObject1",
-                 "codeObject2", "codeObject3", "codeObject4"):
+    for name in ("isolate", "ptr1", "ptr2", "ptr3", "ptr4", "ptr5", "ptr6",
+                 "codeObject1", "codeObject2", "codeObject3", "codeObject4"):
       value = self.reader.ReadUIntPtr(slot)
       print(" %s: %s" % (name.rjust(14), self.heap.FormatIntPtr(value)))
       slot += ptr_size
@@ -2233,12 +2300,13 @@ def TryExtractStackTrace(self, slot, start, end, print_message):
 
   def TryExtractErrorMessage(self, slot, start, end, print_message):
     ptr_size = self.reader.MachinePointerSize()
-    end_marker = ERROR_MESSAGE_MARKER + 1;
+    end_marker = ERROR_MESSAGE_MARKER + 1
     header_size = 1
-    end_search = start + 1024 + (header_size * ptr_size);
+    end_search = start + 1024 + (header_size * ptr_size)
     end_slot = self.reader.FindPtr(end_marker, end_search,
                                    end_search + ptr_size * 512)
-    if not end_slot: return start
+    if not end_slot:
+      return start
     print("Error Message (start=%s):" % self.heap.FormatIntPtr(slot))
     slot += ptr_size
     (message_start, message) = self.FindFirstAsciiString(slot)
@@ -2257,7 +2325,8 @@ def TryExtractOldStyleStackTrace(self, message_slot, start, end,
       magic1 = None
       magic2 = None
       message_start, message = self.FindFirstAsciiString(start, end, 128)
-      if message_start is None: return start
+      if message_start is None:
+        return start
     else:
       message_start = self.reader.ReadUIntPtr(message_slot + ptr_size * 4)
       message = self.reader.ReadAsciiString(message_start)
@@ -2302,18 +2371,20 @@ def FormatStackTrace(self, message, print_message):
     print("="*80)
     print("")
 
-
   def TryInferFramePointer(self, slot, address):
     """ Assume we have a framepointer if we find 4 consecutive links """
     for i in range(0, 4):
-      if not self.reader.IsExceptionStackAddress(address): return 0
+      if not self.reader.IsExceptionStackAddress(address):
+        return 0
       next_address = self.reader.ReadUIntPtr(address)
-      if next_address == address: return 0
+      if next_address == address:
+        return 0
       address = next_address
     return slot
 
   def TryInferContext(self, address):
-    if self.context: return
+    if self.context:
+      return
     ptr_size = self.reader.MachinePointerSize()
     possible_context = dict()
     count = 0
@@ -2326,12 +2397,14 @@ def TryInferContext(self, address):
           possible_context[prev_addr] = 1
       address = self.reader.ReadUIntPtr(address)
       count += 1
-    if count <= 5 or len(possible_context) == 0: return
+    if count <= 5 or len(possible_context) == 0:
+      return
     # Find entry with highest count
     possible_context = list(possible_context.items())
     possible_context.sort(key=lambda pair: pair[1])
     address,count = possible_context[-1]
-    if count <= 4: return
+    if count <= 4:
+      return
     self.context = address
 
   def InterpretMemory(self, start, end):
@@ -2400,8 +2473,10 @@ def InterpretMemory(self, start, end):
           elif maybe_address_contents == 0xdecade01:
             address_info = ["<==== HeapStats end marker"]
           elif maybe_address_contents is not None:
-            address_info = [" %d (%d Mbytes)" % (maybe_address_contents,
-                                                 maybe_address_contents >> 20)]
+            address_info = [
+                " %d (%d Mbytes)" %
+                (maybe_address_contents, maybe_address_contents >> 20)
+            ]
         if slot == frame_pointer:
           if not self.reader.IsExceptionStackAddress(maybe_address):
             address_info.append("<==== BAD frame pointer")
@@ -2411,11 +2486,10 @@ def InterpretMemory(self, start, end):
           frame_pointer = maybe_address
       address_type_marker = self.heap.AddressTypeMarker(maybe_address)
       string_value = self.reader.ReadAsciiPtr(slot)
-      print("%s: %s %s %s %s" % (self.reader.FormatIntPtr(slot),
-                           self.reader.FormatIntPtr(maybe_address),
-                           address_type_marker,
-                           string_value,
-                           ' | '.join(address_info)))
+      print("%s: %s %s %s %s" %
+            (self.reader.FormatIntPtr(slot),
+             self.reader.FormatIntPtr(maybe_address), address_type_marker,
+             string_value, ' | '.join(address_info)))
       if maybe_address_contents == 0xdecade01:
         in_oom_dump_area = False
       heap_object = self.heap.FindObject(maybe_address)
@@ -2845,7 +2919,6 @@ def output_summary(self, f):
     f.write('<div class="code">')
     self.output_context(f, InspectionWebFormatter.CONTEXT_SHORT)
     self.output_disasm_pc(f)
-
     # Output stack, trying to also output the stack trace if dumped.
     stack_top = self.try_output_stack_trace(f)
 
@@ -2895,8 +2968,8 @@ def output_stack_trace(self, f, slot, start, end, print_message):
     f.write("<h3>PushStackTraceAndDie Stack Message (start=%s):</h3>" %
             self.format_address(slot))
     slot += ptr_size
-    for name in ("isolate", "ptr1", "ptr2", "ptr3", "ptr4", "codeObject1",
-                 "codeObject2", "codeObject3", "codeObject4"):
+    for name in ("isolate", "ptr1", "ptr2", "ptr3", "ptr4", "ptr5", "ptr6",
+                 "codeObject1", "codeObject2", "codeObject3", "codeObject4"):
       value = self.reader.ReadUIntPtr(slot)
       f.write("<b>%s</b>: %s %s<br>" %
               (name.rjust(14), self.format_address(value),
@@ -2906,7 +2979,7 @@ def output_stack_trace(self, f, slot, start, end, print_message):
     stack_start = end_slot + ptr_size
     f.write("<b>stack_start</b>:   %s<br>" % self.format_address(stack_start))
     (message_start, message) = self.padawan.FindFirstAsciiString(slot)
-    if print_message:
+    if print_message and message is not None:
       f.write("<a href='#eom'>Scroll to end of message...</a><br>")
       self.output_stack_trace_message(f, message)
       f.write("<span id=eom></span>")
diff --git a/deps/v8/tools/lldb_commands.py b/deps/v8/tools/lldb_commands.py
index 4d8d8f69d6227c..2a922b72801b1a 100644
--- a/deps/v8/tools/lldb_commands.py
+++ b/deps/v8/tools/lldb_commands.py
@@ -128,7 +128,7 @@ def print_func(value):
     field = value.GetValueForExpressionPath(".val_")
     if field.IsValid():
       return print_indirect(debugger, 'jlh', field.value)
-    # With v8_enable_direct_local=true, v8::Local contains a ptr_.
+    # With v8_enable_direct_handle=true, v8::Local contains a ptr_.
     field = value.GetValueForExpressionPath(".ptr_")
     if field.IsValid():
       return print_direct(debugger, 'jlh', field.value)
diff --git a/deps/v8/tools/release/common_includes.py b/deps/v8/tools/release/common_includes.py
index 7529f19354404b..a31b587d50e3a2 100644
--- a/deps/v8/tools/release/common_includes.py
+++ b/deps/v8/tools/release/common_includes.py
@@ -550,7 +550,15 @@ def GetLatestVersion(self):
     all_tags = self.vc.GetTags()
     only_version_tags = NormalizeVersionTags(all_tags)
 
-    version = sorted(only_version_tags,
+    def patched_dev_version(tag):
+      """True if this tag represents a patched dev or mini branch."""
+      parts = tag.split('.')
+      return len(parts) >= 3 and int(parts[2]) > 999
+
+    filtered_version_tags = [
+      tag for tag in only_version_tags if not patched_dev_version(tag)]
+
+    version = sorted(filtered_version_tags,
                      key=LooseVersion, reverse=True)[0]
     self["latest_version"] = version
     return version
diff --git a/deps/v8/tools/testrunner/local/variants.py b/deps/v8/tools/testrunner/local/variants.py
index db2484d12a94cc..5c7ebceefdec2f 100644
--- a/deps/v8/tools/testrunner/local/variants.py
+++ b/deps/v8/tools/testrunner/local/variants.py
@@ -14,7 +14,7 @@
     "interpreted_regexp": [["--regexp-interpret-all"]],
     "stress_regexp_jit": [["--regexp-tier-up-ticks=0"]],
     "experimental_regexp": [["--default-to-experimental-regexp-engine"]],
-    "jitless": [["--jitless"]],
+    "jitless": [["--jitless", "--wasm-jitless-if-available-for-testing"]],
     "sparkplug": [["--sparkplug"]],
     "maglev": [["--maglev"]],
     "maglev_future": [["--maglev", "--maglev-future"]],
diff --git a/deps/v8/tools/v8windbg/src/js-stack.h b/deps/v8/tools/v8windbg/src/js-stack.h
index cc6b11b34b32e2..61692ac06498cd 100644
--- a/deps/v8/tools/v8windbg/src/js-stack.h
+++ b/deps/v8/tools/v8windbg/src/js-stack.h
@@ -11,7 +11,6 @@
 #include <string>
 #include <vector>
 
-#include "src/base/optional.h"
 #include "tools/v8windbg/base/utilities.h"
 #include "tools/v8windbg/src/v8-debug-helper-interop.h"
 #include "tools/v8windbg/src/v8windbg-extension.h"
diff --git a/deps/v8/tools/wasm/mjsunit-module-disassembler-impl.h b/deps/v8/tools/wasm/mjsunit-module-disassembler-impl.h
index fd137a78edbca7..410aa40e582a5b 100644
--- a/deps/v8/tools/wasm/mjsunit-module-disassembler-impl.h
+++ b/deps/v8/tools/wasm/mjsunit-module-disassembler-impl.h
@@ -1111,7 +1111,7 @@ class MjsunitModuleDis {
             "that can be\n"
             "// found in the LICENSE file.\n"
             "\n"
-            "// Flags: --wasm-staging\n"
+            "// Flags: --wasm-staging --wasm-inlining-call-indirect\n"
             "\n"
             "d8.file.execute('test/mjsunit/wasm/wasm-module-builder.js');\n"
             "\n"
diff --git a/deps/v8/tools/wasm/module-inspector.cc b/deps/v8/tools/wasm/module-inspector.cc
index 4080e091258603..0a3ff3837d8023 100644
--- a/deps/v8/tools/wasm/module-inspector.cc
+++ b/deps/v8/tools/wasm/module-inspector.cc
@@ -5,6 +5,7 @@
 #include <fstream>
 #include <iomanip>
 #include <iostream>
+#include <optional>
 #include <vector>
 
 #include "include/libplatform/libplatform.h"
@@ -1050,7 +1051,7 @@ class FormatConverter {
 
    private:
     enum Mode { kFile, kStdout, kError };
-    base::Optional<std::ofstream> filestream_;
+    std::optional<std::ofstream> filestream_;
     Mode mode_;
   };
 

From 013f7d8c693308d550af329dc9b43ee661f40472 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Tue, 17 Sep 2024 12:09:49 +0200
Subject: [PATCH 02/13] build: reset embedder string to "-node.0"

---
 common.gypi | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.gypi b/common.gypi
index b2a4cd9d69c95e..11a9db1ed63325 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.15',
+    'v8_embedder_string': '-node.0',
 
     ##### V8 defaults for Node.js #####
 

From 40113d12bed67180a394424aead9c814079ec5a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Sat, 24 Aug 2024 11:30:21 +0200
Subject: [PATCH 03/13] src: update NODE_MODULE_VERSION to 131

Major V8 updates are usually API/ABI incompatible with previous
versions. This commit adapts NODE_MODULE_VERSION for V8 12.9.

Refs: https://github.com/nodejs/CTC/blob/master/meetings/2016-09-28.md
---
 doc/abi_version_registry.json | 1 +
 src/node_version.h            | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/doc/abi_version_registry.json b/doc/abi_version_registry.json
index 758fc47cfe0eaf..0f795371a6158c 100644
--- a/doc/abi_version_registry.json
+++ b/doc/abi_version_registry.json
@@ -1,5 +1,6 @@
 {
   "NODE_MODULE_VERSION": [
+    { "modules": 131,"runtime": "node",     "variant": "v8_12.9",              "versions": "23.0.0-pre" },
     { "modules": 130,"runtime": "electron", "variant": "electron",             "versions": "33" },
     { "modules": 129,"runtime": "node",     "variant": "v8_12.8",              "versions": "23.0.0-pre" },
     { "modules": 128,"runtime": "electron", "variant": "electron",             "versions": "32" },
diff --git a/src/node_version.h b/src/node_version.h
index 015bb452362390..4f16462fa45d60 100644
--- a/src/node_version.h
+++ b/src/node_version.h
@@ -95,7 +95,7 @@
 #if defined(NODE_EMBEDDER_MODULE_VERSION)
 #define NODE_MODULE_VERSION NODE_EMBEDDER_MODULE_VERSION
 #else
-#define NODE_MODULE_VERSION 129
+#define NODE_MODULE_VERSION 131
 #endif
 
 // The NAPI_VERSION supported by the runtime. This is the inclusive range of

From affda4eac4bb6f27aec3438cdc346f8fa2f7a379 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Wed, 21 Sep 2022 15:47:37 +0200
Subject: [PATCH 04/13] deps: always define V8_EXPORT_PRIVATE as no-op

dllexport introduces issues when compiling with MSVC.

PR-URL: https://github.com/nodejs/node/pull/47251
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
---
 common.gypi               | 2 +-
 deps/v8/src/base/macros.h | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/common.gypi b/common.gypi
index 11a9db1ed63325..2acceb0f012e16 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.0',
+    'v8_embedder_string': '-node.1',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/base/macros.h b/deps/v8/src/base/macros.h
index 488729dd5a9d08..868ed15fb60302 100644
--- a/deps/v8/src/base/macros.h
+++ b/deps/v8/src/base/macros.h
@@ -423,9 +423,9 @@ bool is_inbounds(float_t v) {
 // Setup for Windows shared library export.
 #define V8_EXPORT_ENUM
 #ifdef BUILDING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE __declspec(dllexport)
+#define V8_EXPORT_PRIVATE
 #elif USING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE __declspec(dllimport)
+#define V8_EXPORT_PRIVATE
 #else
 #define V8_EXPORT_PRIVATE
 #endif  // BUILDING_V8_SHARED
@@ -435,8 +435,8 @@ bool is_inbounds(float_t v) {
 // Setup for Linux shared library export.
 #if V8_HAS_ATTRIBUTE_VISIBILITY
 #ifdef BUILDING_V8_SHARED_PRIVATE
-#define V8_EXPORT_PRIVATE __attribute__((visibility("default")))
-#define V8_EXPORT_ENUM V8_EXPORT_PRIVATE
+#define V8_EXPORT_PRIVATE
+#define V8_EXPORT_ENUM
 #else
 #define V8_EXPORT_PRIVATE
 #define V8_EXPORT_ENUM

From ddf2ae431ceb4c8c567c2068b3e8130652a8a019 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Thu, 6 Apr 2023 14:50:56 +0200
Subject: [PATCH 05/13] deps: disable V8 concurrent sparkplug compilation

It introduces process hangs on some platforms because Node.js doesn't
tear down V8 correctly.
Disable it while we work on a solution.

Refs: https://github.com/nodejs/node/issues/47297
Refs: https://bugs.chromium.org/p/v8/issues/detail?id=13902
PR-URL: https://github.com/nodejs/node/pull/47450
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 common.gypi                          | 2 +-
 deps/v8/src/flags/flag-definitions.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common.gypi b/common.gypi
index 2acceb0f012e16..718b9dc24fd873 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.1',
+    'v8_embedder_string': '-node.2',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/flags/flag-definitions.h b/deps/v8/src/flags/flag-definitions.h
index 0795dc0a83cdea..02f367e1126a26 100644
--- a/deps/v8/src/flags/flag-definitions.h
+++ b/deps/v8/src/flags/flag-definitions.h
@@ -1009,7 +1009,7 @@ DEFINE_BOOL(baseline_batch_compilation, true, "batch compile Sparkplug code")
 DEFINE_BOOL_READONLY(concurrent_sparkplug, false,
                      "compile Sparkplug code in a background thread")
 #else
-DEFINE_BOOL(concurrent_sparkplug, ENABLE_SPARKPLUG_BY_DEFAULT,
+DEFINE_BOOL(concurrent_sparkplug, false,
             "compile Sparkplug code in a background thread")
 DEFINE_WEAK_IMPLICATION(future, concurrent_sparkplug)
 DEFINE_NEG_IMPLICATION(predictable, concurrent_sparkplug)

From d9b1876d0e3f7c8471ad01985ee9c0aa16ab2d96 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Sat, 16 Sep 2023 10:13:14 +0200
Subject: [PATCH 06/13] deps: patch V8 to avoid duplicated zlib symbol

PR-URL: https://github.com/nodejs/node/pull/54077
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
---
 common.gypi                           | 2 +-
 deps/v8/third_party/zlib/chromeconf.h | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/common.gypi b/common.gypi
index 718b9dc24fd873..b5e4ea187284e6 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.2',
+    'v8_embedder_string': '-node.3',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/third_party/zlib/chromeconf.h b/deps/v8/third_party/zlib/chromeconf.h
index 5b91c86442105a..a50938c44521fb 100644
--- a/deps/v8/third_party/zlib/chromeconf.h
+++ b/deps/v8/third_party/zlib/chromeconf.h
@@ -199,5 +199,8 @@
 /* Symbols added by cpu_features.c */
 #define cpu_check_features Cr_z_cpu_check_features
 #define x86_cpu_enable_sse2 Cr_z_x86_cpu_enable_sse2
+#define x86_cpu_enable_avx512 Cr_z_x86_cpu_enable_avx512
+#define riscv_cpu_enable_rvv Cr_z_riscv_cpu_enable_rvv
+#define riscv_cpu_enable_vclmul Cr_z_riscv_cpu_enable_vclmul
 
 #endif /* THIRD_PARTY_ZLIB_CHROMECONF_H_ */

From 763a6b92b7aff9ff488b754cf8e5bdb47fd48011 Mon Sep 17 00:00:00 2001
From: StefanStojanovic <stefan.stojanovic@janeasystems.com>
Date: Sun, 21 Apr 2024 11:15:04 +0200
Subject: [PATCH 07/13] deps: patch V8 to support compilation with MSVC
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Michaël Zasso <targos@protonmail.com>
---
 common.gypi                            | 2 +-
 deps/v8/src/compiler/js-heap-broker.cc | 2 +-
 deps/v8/src/execution/frames.h         | 6 +++---
 deps/v8/src/objects/tagged-field.h     | 2 --
 deps/v8/src/wasm/wasm-objects.cc       | 9 +++++++--
 5 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/common.gypi b/common.gypi
index b5e4ea187284e6..bd91c2692f7329 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.3',
+    'v8_embedder_string': '-node.4',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/compiler/js-heap-broker.cc b/deps/v8/src/compiler/js-heap-broker.cc
index 1a7ce3b9f6a50b..d33cf928f733f6 100644
--- a/deps/v8/src/compiler/js-heap-broker.cc
+++ b/deps/v8/src/compiler/js-heap-broker.cc
@@ -861,7 +861,7 @@ ElementAccessFeedback const& JSHeapBroker::ProcessFeedbackMapsForElementAccess(
     Tagged<Map> transition_target;
 
     // Don't generate elements kind transitions from stable maps.
-    if (!map.is_stable()) {
+    if (!map.is_stable() && possible_transition_targets.begin() != possible_transition_targets.end()) {
       // The lock is needed for UnusedPropertyFields (called deep inside
       // FindElementsKindTransitionedMap).
       MapUpdaterGuardIfNeeded mumd_scope(this);
diff --git a/deps/v8/src/execution/frames.h b/deps/v8/src/execution/frames.h
index 68aff9502e14ed..c7ad2d3a27e6e6 100644
--- a/deps/v8/src/execution/frames.h
+++ b/deps/v8/src/execution/frames.h
@@ -1269,11 +1269,11 @@ class WasmFrame : public TypedFrame {
   void Summarize(std::vector<FrameSummary>* frames) const override;
 
   static WasmFrame* cast(StackFrame* frame) {
-    DCHECK(frame->is_wasm()
 #ifdef V8_ENABLE_DRUMBRAKE
-           && !frame->is_wasm_interpreter_entry()
+    DCHECK(frame->is_wasm() && !frame->is_wasm_interpreter_entry());
+#else
+    DCHECK(frame->is_wasm());
 #endif  // V8_ENABLE_DRUMBRAKE
-    );
     return static_cast<WasmFrame*>(frame);
   }
 
diff --git a/deps/v8/src/objects/tagged-field.h b/deps/v8/src/objects/tagged-field.h
index af09fe53441fc2..1669b24f8310a6 100644
--- a/deps/v8/src/objects/tagged-field.h
+++ b/deps/v8/src/objects/tagged-field.h
@@ -101,12 +101,10 @@ static_assert(sizeof(UnalignedDoubleMember) == sizeof(double));
 #define FLEXIBLE_ARRAY_MEMBER(Type, name)                     \
   using FlexibleDataReturnType = Type[0];                     \
   FlexibleDataReturnType& name() {                            \
-    static_assert(alignof(Type) <= alignof(decltype(*this))); \
     using ReturnType = Type[0];                               \
     return reinterpret_cast<ReturnType&>(*(this + 1));        \
   }                                                           \
   const FlexibleDataReturnType& name() const {                \
-    static_assert(alignof(Type) <= alignof(decltype(*this))); \
     using ReturnType = Type[0];                               \
     return reinterpret_cast<const ReturnType&>(*(this + 1));  \
   }                                                           \
diff --git a/deps/v8/src/wasm/wasm-objects.cc b/deps/v8/src/wasm/wasm-objects.cc
index b37eb06f7803a4..785aab50bc890c 100644
--- a/deps/v8/src/wasm/wasm-objects.cc
+++ b/deps/v8/src/wasm/wasm-objects.cc
@@ -2455,14 +2455,19 @@ Handle<WasmExportedFunction> WasmExportedFunction::New(
     DirectHandle<WasmFuncRef> func_ref,
     DirectHandle<WasmInternalFunction> internal_function, int arity,
     DirectHandle<Code> export_wrapper) {
+#if V8_ENABLE_DRUMBRAKE
   DCHECK(CodeKind::JS_TO_WASM_FUNCTION == export_wrapper->kind() ||
          (export_wrapper->is_builtin() &&
           (export_wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
-#if V8_ENABLE_DRUMBRAKE
            export_wrapper->builtin_id() ==
                Builtin::kGenericJSToWasmInterpreterWrapper ||
-#endif  // V8_ENABLE_DRUMBRAKE
            export_wrapper->builtin_id() == Builtin::kWasmPromising)));
+#else
+  DCHECK(CodeKind::JS_TO_WASM_FUNCTION == export_wrapper->kind() ||
+         (export_wrapper->is_builtin() &&
+          (export_wrapper->builtin_id() == Builtin::kJSToWasmWrapper ||
+           export_wrapper->builtin_id() == Builtin::kWasmPromising)));
+#endif  // V8_ENABLE_DRUMBRAKE
   int func_index = internal_function->function_index();
   Factory* factory = isolate->factory();
   const wasm::WasmModule* module = instance_data->module();

From 4d662bb441b1c3510465c9a43a835bb1dae7a415 Mon Sep 17 00:00:00 2001
From: Stefan Stojanovic <StefanStojanovic@users.noreply.github.com>
Date: Tue, 28 May 2024 09:10:52 +0200
Subject: [PATCH 08/13] deps: fix FP16 bitcasts.h
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/nodejs/node/pull/53134
Refs: https://github.com/nodejs/node/issues/52809
Reviewed-By: Yagiz Nizipli <yagiz.nizipli@sentry.io>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
---
 common.gypi                                          |  2 +-
 deps/v8/third_party/fp16/src/include/fp16/bitcasts.h | 10 +++++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/common.gypi b/common.gypi
index bd91c2692f7329..f2d3ed4730f426 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.4',
+    'v8_embedder_string': '-node.5',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h b/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
index 86a4e22c48b2a5..7dbb516e398f0b 100644
--- a/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
+++ b/deps/v8/third_party/fp16/src/include/fp16/bitcasts.h
@@ -12,7 +12,7 @@
 	#include <immintrin.h>
 #endif
 
-#if defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
+#if defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
 	#include <intrin.h>
 #endif
 
@@ -24,7 +24,7 @@ static inline float fp32_from_bits(uint32_t w) {
 	return __uint_as_float((unsigned int) w);
 #elif defined(__INTEL_COMPILER)
 	return _castu32_f32(w);
-#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
 	return _CopyFloatFromInt32((__int32) w);
 #else
 	union {
@@ -42,7 +42,7 @@ static inline uint32_t fp32_to_bits(float f) {
 	return (uint32_t) __float_as_uint(f);
 #elif defined(__INTEL_COMPILER)
 	return _castf32_u32(f);
-#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
 	return (uint32_t) _CopyInt32FromFloat(f);
 #else
 	union {
@@ -60,7 +60,7 @@ static inline double fp64_from_bits(uint64_t w) {
 	return __longlong_as_double((long long) w);
 #elif defined(__INTEL_COMPILER)
 	return _castu64_f64(w);
-#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
 	return _CopyDoubleFromInt64((__int64) w);
 #else
 	union {
@@ -78,7 +78,7 @@ static inline uint64_t fp64_to_bits(double f) {
 	return (uint64_t) __double_as_longlong(f);
 #elif defined(__INTEL_COMPILER)
 	return _castf64_u64(f);
-#elif defined(_MSC_VER) && (defined(_M_ARM) || defined(_M_ARM64))
+#elif defined(_MSC_VER) && !defined(__clang__) && (defined(_M_ARM) || defined(_M_ARM64))
 	return (uint64_t) _CopyInt64FromDouble(f);
 #else
 	union {

From 4e012d4d95539c13c5221666e6083a192985bed2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Thu, 8 Aug 2024 06:53:41 +0200
Subject: [PATCH 09/13] deps: always define V8_NODISCARD as no-op

It's causing compiler errors with some classes on Xcode 11
and the attribute should have no runtime effect.

PR-URL: https://github.com/nodejs/node/pull/54077
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
---
 common.gypi                | 2 +-
 deps/v8/include/v8config.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common.gypi b/common.gypi
index f2d3ed4730f426..74c4b120c114f8 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.5',
+    'v8_embedder_string': '-node.6',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/include/v8config.h b/deps/v8/include/v8config.h
index 1b6a37b2dd4154..b6d087b958edc1 100644
--- a/deps/v8/include/v8config.h
+++ b/deps/v8/include/v8config.h
@@ -677,7 +677,7 @@ path. Add it with -I<path> to the command line
 //   V8_NODISCARD Foo() { ... };
 // [[nodiscard]] comes in C++17 but supported in clang with -std >= c++11.
 #if V8_HAS_CPP_ATTRIBUTE_NODISCARD
-#define V8_NODISCARD [[nodiscard]]
+#define V8_NODISCARD
 #else
 #define V8_NODISCARD /* NOT SUPPORTED */
 #endif

From f00716fb5d6ddf7cc501f36e7c258039ef602d04 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Tue, 27 Aug 2024 10:40:54 +0200
Subject: [PATCH 10/13] deps: patch V8 to support older Clang versions

---
 common.gypi                                 |  2 +-
 deps/v8/src/compiler/turboshaft/assembler.h | 11 ++++++-----
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/common.gypi b/common.gypi
index 74c4b120c114f8..af2f3d9cb1a841 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.6',
+    'v8_embedder_string': '-node.7',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/compiler/turboshaft/assembler.h b/deps/v8/src/compiler/turboshaft/assembler.h
index 914e53ca4e18a0..0ca95e6cae6724 100644
--- a/deps/v8/src/compiler/turboshaft/assembler.h
+++ b/deps/v8/src/compiler/turboshaft/assembler.h
@@ -5,6 +5,7 @@
 #ifndef V8_COMPILER_TURBOSHAFT_ASSEMBLER_H_
 #define V8_COMPILER_TURBOSHAFT_ASSEMBLER_H_
 
+#include <concepts>
 #include <cstring>
 #include <iomanip>
 #include <iterator>
@@ -197,8 +198,8 @@ template <typename T>
 class IndexRange : public Range<T> {
  public:
   using base = Range<T>;
-  using value_type = base::value_type;
-  using iterator_type = base::iterator_type;
+  using value_type = typename base::value_type;
+  using iterator_type = typename base::iterator_type;
 
   explicit IndexRange(ConstOrV<T> count) : Range<T>(0, count, 1) {}
 };
@@ -226,8 +227,8 @@ class Sequence : private Range<T> {
   using base = Range<T>;
 
  public:
-  using value_type = base::value_type;
-  using iterator_type = base::iterator_type;
+  using value_type = typename base::value_type;
+  using iterator_type = typename base::iterator_type;
 
   explicit Sequence(ConstOrV<T> begin, ConstOrV<T> stride = 1)
       : base(begin, 0, stride) {}
@@ -731,7 +732,7 @@ struct LoopLabelForHelper<std::tuple<V<Ts>...>> {
 }  // namespace detail
 
 template <typename T>
-using LoopLabelFor = detail::LoopLabelForHelper<T>::type;
+using LoopLabelFor = typename detail::LoopLabelForHelper<T>::type;
 
 Handle<Code> BuiltinCodeHandle(Builtin builtin, Isolate* isolate);
 

From d2250da3c5de499c935d345ea5c2321b558dbba9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Mon, 26 Aug 2024 20:04:23 +0200
Subject: [PATCH 11/13] deps: V8: cherry-pick 01a47f3ffff2
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Original commit message:

    [cfi] Add missing 'typename' in SegmentedTable

    Makes the code more consistent and fixes compilation on older Clang
    versions.

    Change-Id: I82abebd500e6651ac5c5b180cd7b49b4f20e8299
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5805956
    Reviewed-by: Samuel Groß <saelo@chromium.org>
    Commit-Queue: Michaël Zasso <mic.besace@gmail.com>
    Reviewed-by: Stephen Röttger <sroettger@google.com>
    Cr-Commit-Position: refs/heads/main@{#95809}

Refs: https://github.com/v8/v8/commit/01a47f3ffff2621acdbc5dce0624a31679df4083
---
 common.gypi                              | 2 +-
 deps/v8/src/common/segmented-table-inl.h | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/common.gypi b/common.gypi
index af2f3d9cb1a841..9d4d89afcd5fbc 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.7',
+    'v8_embedder_string': '-node.8',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/common/segmented-table-inl.h b/deps/v8/src/common/segmented-table-inl.h
index 357713e5c8edda..28fa17ef525eab 100644
--- a/deps/v8/src/common/segmented-table-inl.h
+++ b/deps/v8/src/common/segmented-table-inl.h
@@ -103,7 +103,7 @@ void SegmentedTable<Entry, size>::TearDown() {
 }
 
 template <typename Entry, size_t size>
-SegmentedTable<Entry, size>::FreelistHead
+typename SegmentedTable<Entry, size>::FreelistHead
 SegmentedTable<Entry, size>::InitializeFreeList(Segment segment,
                                                 uint32_t start_offset) {
   DCHECK_LT(start_offset, kEntriesPerSegment);

From d174634d23261bc93fabe131d1c99db57cdd0263 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C3=ABl=20Zasso?= <targos@protonmail.com>
Date: Thu, 5 Sep 2024 07:22:42 +0200
Subject: [PATCH 12/13] deps: V8: cherry-pick 97199f686e2f

Original commit message:

    aix: add work around for f16 type

    AIX builds started to fail after this commit https://chromium.googlesource.com/v8/v8.git/+/d057564707d3a5df074b7f49a12a2f1e96638f94.

    Change-Id: I25a5c4ae3b4fe5c27a9fb9e35e2bcd2bbed40351
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/5789180
    Reviewed-by: Clemens Backes <clemensb@chromium.org>
    Reviewed-by: Nico Hartmann <nicohartmann@chromium.org>
    Commit-Queue: Clemens Backes <clemensb@chromium.org>
    Cr-Commit-Position: refs/heads/main@{#95952}

Refs: https://github.com/v8/v8/commit/97199f686e2f05ee126ded43b4d31ac001274d9d
---
 common.gypi               | 2 +-
 deps/v8/src/utils/utils.h | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/common.gypi b/common.gypi
index 9d4d89afcd5fbc..56c79543a5c35a 100644
--- a/common.gypi
+++ b/common.gypi
@@ -36,7 +36,7 @@
 
     # Reset this number to 0 on major V8 upgrades.
     # Increment by one for each non-official patch applied to deps/v8.
-    'v8_embedder_string': '-node.8',
+    'v8_embedder_string': '-node.9',
 
     ##### V8 defaults for Node.js #####
 
diff --git a/deps/v8/src/utils/utils.h b/deps/v8/src/utils/utils.h
index c578ab2a3f7481..4d8ef55942ceab 100644
--- a/deps/v8/src/utils/utils.h
+++ b/deps/v8/src/utils/utils.h
@@ -27,6 +27,8 @@
 
 #if defined(V8_OS_AIX)
 #include <fenv.h>  // NOLINT(build/c++11)
+
+#include "src/wasm/float16.h"
 #endif
 
 #ifdef _MSC_VER
@@ -814,6 +816,13 @@ T FpOpWorkaround(T input, T value) {
   }
   return value;
 }
+
+template <>
+inline Float16 FpOpWorkaround(Float16 input, Float16 value) {
+  float result = FpOpWorkaround(input.ToFloat32(), value.ToFloat32());
+  return Float16::FromFloat32(result);
+}
+
 #endif
 
 V8_EXPORT_PRIVATE bool PassesFilter(base::Vector<const char> name,

From 5e3109255361e88641a6c11eccec97615a41abc8 Mon Sep 17 00:00:00 2001
From: Abdirahim Musse <33973272+abmusse@users.noreply.github.com>
Date: Mon, 9 Sep 2024 12:37:28 -0500
Subject: [PATCH 13/13] tools: add additonal include dirs for V8 on AIX

On AIX, we now include src/wasm/float16.h from within src/utils/utils.h
and src/wasm/float16.h includes additional header files.
---
 tools/v8_gypfiles/v8.gyp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/tools/v8_gypfiles/v8.gyp b/tools/v8_gypfiles/v8.gyp
index 27ee2a21a1927d..4678975099e30d 100644
--- a/tools/v8_gypfiles/v8.gyp
+++ b/tools/v8_gypfiles/v8.gyp
@@ -508,6 +508,9 @@
             },
           ],
         }],
+        ['OS in "aix os400"', {
+          'dependencies': ['fp16'],
+        }],
       ],
     },  # v8_snapshot
     {