[ptr-cage] Fix Code by PC lookup

The Isolate might not be aware that remapped builtins are used (see
Code::OffHeapInstructionStart()), so always try to lookup PC in the
remapped builtins if they are available.

Bug: chromium:1241665, v8:11460
Change-Id: Iefc373cf0ea0110c8c002b7677e6a1fd8fd45319
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3379817Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#78579}

src/snapshot/embedded/embedded-data.cc

@@ -95,6 +95,20 @@ Builtin OffHeapInstructionStream::TryLookupCode(Isolate* isolate,
       !Builtins::IsBuiltinId(builtin)) {
     builtin = i::TryLookupCode(EmbeddedData::FromBlob(), address);
   }
+
+#ifdef V8_COMPRESS_POINTERS_IN_SHARED_CAGE
+  if (V8_SHORT_BUILTIN_CALLS_BOOL && !Builtins::IsBuiltinId(builtin)) {
+    // When shared pointer compression cage is enabled and it has the embedded
+    // code blob copy then it could have been used regardless of whether the
+    // isolate uses it or knows about it or not (see
+    // Code::OffHeapInstructionStart()).
+    // So, this blob has to be checked too.
+    CodeRange* code_range = CodeRange::GetProcessWideCodeRange().get();
+    if (code_range && code_range->embedded_blob_code_copy() != nullptr) {
+      builtin = i::TryLookupCode(EmbeddedData::FromBlob(code_range), address);
+    }
+  }
+#endif
   return builtin;
 }