[ubsan] Port BigInt to the new design

Bug: v8:3770
Change-Id: I6ad84a663926fffc9e1acc590c13780c39461274
Reviewed-on: https://chromium-review.googlesource.com/c/1351248
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Hannes Payer <hpayer@chromium.org>
Reviewed-by: Adam Klein <adamk@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57952}

src/heap/factory.cc

@@ -2313,7 +2313,7 @@ Handle<FreshlyAllocatedBigInt> Factory::NewBigInt(int length,
   }
   HeapObject* result = AllocateRawWithImmortalMap(BigInt::SizeFor(length),
                                                   pretenure, *bigint_map());
-  FreshlyAllocatedBigInt* bigint = FreshlyAllocatedBigInt::cast(result);
+  FreshlyAllocatedBigInt bigint = FreshlyAllocatedBigInt::cast(result);
   bigint->clear_padding();
   return handle(bigint, isolate());
 }

src/heap/objects-visiting.h

@@ -34,7 +34,7 @@ class WasmInstanceObject;
 
 #define TYPED_VISITOR_ID_LIST(V)                                               \
   V(AllocationSite, AllocationSite*)                                           \
-  V(BigInt, BigInt*)                                                           \
+  V(BigInt, BigInt)                                                            \
   V(ByteArray, ByteArray)                                                      \
   V(BytecodeArray, BytecodeArray)                                              \
   V(Cell, Cell*)                                                               \

src/objects-inl.h

@@ -508,11 +508,15 @@ NormalizedMapCache::NormalizedMapCache(Address ptr) : WeakFixedArray(ptr) {
   // OBJECT_CONSTRUCTORS_IMPL macro?
 }
 
+OBJECT_CONSTRUCTORS_IMPL(BigIntBase, HeapObjectPtr)
+OBJECT_CONSTRUCTORS_IMPL(BigInt, BigIntBase)
+OBJECT_CONSTRUCTORS_IMPL(FreshlyAllocatedBigInt, BigIntBase)
+
 // ------------------------------------
 // Cast operations
 
 CAST_ACCESSOR(AccessorPair)
-CAST_ACCESSOR(BigInt)
+CAST_ACCESSOR2(BigInt)
 CAST_ACCESSOR2(ObjectBoilerplateDescription)
 CAST_ACCESSOR(Cell)
 CAST_ACCESSOR(ArrayBoilerplateDescription)
@@ -1602,7 +1606,7 @@ int HeapObject::SizeFromMap(Map map) const {
         reinterpret_cast<const FeedbackVector*>(this)->length());
   }
   if (instance_type == BIGINT_TYPE) {
-    return BigInt::SizeFor(reinterpret_cast<const BigInt*>(this)->length());
+    return BigInt::SizeFor(BigInt::unchecked_cast(this)->length());
   }
   if (instance_type == PRE_PARSED_SCOPE_DATA_TYPE) {
     return PreParsedScopeData::SizeFor(
@@ -2063,9 +2067,9 @@ bool ScopeInfo::HasSimpleParameters() const {
 FOR_EACH_SCOPE_INFO_NUMERIC_FIELD(FIELD_ACCESSORS)
 #undef FIELD_ACCESSORS
 
-FreshlyAllocatedBigInt* FreshlyAllocatedBigInt::cast(Object* object) {
+FreshlyAllocatedBigInt FreshlyAllocatedBigInt::cast(Object* object) {
   SLOW_DCHECK(object->IsBigInt());
-  return reinterpret_cast<FreshlyAllocatedBigInt*>(object);
+  return FreshlyAllocatedBigInt(object->ptr());
 }
 
 }  // namespace internal

src/objects/bigint.h

@@ -7,6 +7,7 @@
 
 #include "src/globals.h"
 #include "src/objects.h"
+#include "src/objects/heap-object.h"
 #include "src/utils.h"
 
 // Has to be the last include (doesn't have include guards):
@@ -21,7 +22,7 @@ class ValueSerializer;
 
 // BigIntBase is just the raw data object underlying a BigInt. Use with care!
 // Most code should be using BigInts instead.
-class BigIntBase : public HeapObject {
+class BigIntBase : public HeapObjectPtr {
  public:
   inline int length() const {
     int32_t bitfield = RELAXED_READ_INT32_FIELD(this, kBitfieldOffset);
@@ -34,6 +35,9 @@ class BigIntBase : public HeapObject {
     return LengthBits::decode(static_cast<uint32_t>(bitfield));
   }
 
+  static inline BigIntBase unchecked_cast(ObjectPtr o) {
+    return bit_cast<BigIntBase>(o);
+  }
   // Increasing kMaxLength will require code changes.
   static const int kMaxLengthBits =
       kMaxInt - kSystemPointerSize * kBitsPerByte - 1;
@@ -86,7 +90,10 @@ class BigIntBase : public HeapObject {
 
   bool is_zero() const { return length() == 0; }
 
-  DISALLOW_IMPLICIT_CONSTRUCTORS(BigIntBase);
+  // Only serves to make macros happy; other code should use IsBigInt.
+  bool IsBigIntBase() const { return true; }
+
+  OBJECT_CONSTRUCTORS(BigIntBase, HeapObjectPtr);
 };
 
 class FreshlyAllocatedBigInt : public BigIntBase {
@@ -102,7 +109,10 @@ class FreshlyAllocatedBigInt : public BigIntBase {
   //   (and no explicit operator is provided either).
 
  public:
-  inline static FreshlyAllocatedBigInt* cast(Object* object);
+  inline static FreshlyAllocatedBigInt cast(Object* object);
+  inline static FreshlyAllocatedBigInt unchecked_cast(ObjectPtr o) {
+    return bit_cast<FreshlyAllocatedBigInt>(o);
+  }
 
   // Clear uninitialized padding space.
   inline void clear_padding() {
@@ -114,10 +124,12 @@ class FreshlyAllocatedBigInt : public BigIntBase {
   }
 
  private:
-  DISALLOW_IMPLICIT_CONSTRUCTORS(FreshlyAllocatedBigInt);
+  // Only serves to make macros happy; other code should use IsBigInt.
+  bool IsFreshlyAllocatedBigInt() const { return true; }
+
+  OBJECT_CONSTRUCTORS(FreshlyAllocatedBigInt, BigIntBase);
 };
 
-// UNDER CONSTRUCTION!
 // Arbitrary precision integers in JavaScript.
 class V8_EXPORT_PRIVATE BigInt : public BigIntBase {
  public:
@@ -148,7 +160,7 @@ class V8_EXPORT_PRIVATE BigInt : public BigIntBase {
                                                 Handle<BigInt> y);
   // More convenient version of "bool LessThan(x, y)".
   static ComparisonResult CompareToBigInt(Handle<BigInt> x, Handle<BigInt> y);
-  static bool EqualToBigInt(BigInt* x, BigInt* y);
+  static bool EqualToBigInt(BigInt x, BigInt y);
   static MaybeHandle<BigInt> BitwiseAnd(Isolate* isolate, Handle<BigInt> x,
                                         Handle<BigInt> y);
   static MaybeHandle<BigInt> BitwiseXor(Isolate* isolate, Handle<BigInt> x,
@@ -189,7 +201,7 @@ class V8_EXPORT_PRIVATE BigInt : public BigIntBase {
   int Words64Count();
   void ToWordsArray64(int* sign_bit, int* words64_count, uint64_t* words);
 
-  DECL_CAST(BigInt)
+  DECL_CAST2(BigInt)
   DECL_VERIFIER(BigInt)
   DECL_PRINTER(BigInt)
   void BigIntShortPrint(std::ostream& os);
@@ -239,7 +251,7 @@ class V8_EXPORT_PRIVATE BigInt : public BigIntBase {
       Isolate* isolate, uint32_t bitfield, Vector<const uint8_t> digits_storage,
       PretenureFlag pretenure);
 
-  DISALLOW_IMPLICIT_CONSTRUCTORS(BigInt);
+  OBJECT_CONSTRUCTORS(BigInt, BigIntBase);
 };
 
 }  // namespace internal

src/value-serializer.cc

@@ -265,7 +265,7 @@ void ValueSerializer::WriteTwoByteString(Vector<const uc16> chars) {
   WriteRawBytes(chars.begin(), chars.length() * sizeof(uc16));
 }
 
-void ValueSerializer::WriteBigIntContents(BigInt* bigint) {
+void ValueSerializer::WriteBigIntContents(BigInt bigint) {
   uint32_t bitfield = bigint->GetBitfieldForSerialization();
   int bytelength = BigInt::DigitsByteLengthForBitfield(bitfield);
   WriteVarint<uint32_t>(bitfield);
@@ -435,7 +435,7 @@ void ValueSerializer::WriteMutableHeapNumber(MutableHeapNumber* number) {
   WriteDouble(number->value());
 }
 
-void ValueSerializer::WriteBigInt(BigInt* bigint) {
+void ValueSerializer::WriteBigInt(BigInt bigint) {
   WriteTag(SerializationTag::kBigInt);
   WriteBigIntContents(bigint);
 }

src/value-serializer.h

@@ -110,7 +110,7 @@ class ValueSerializer {
   void WriteZigZag(T value);
   void WriteOneByteString(Vector<const uint8_t> chars);
   void WriteTwoByteString(Vector<const uc16> chars);
-  void WriteBigIntContents(BigInt* bigint);
+  void WriteBigIntContents(BigInt bigint);
   Maybe<uint8_t*> ReserveRawBytes(size_t bytes);
 
   // Writing V8 objects of various kinds.
@@ -118,7 +118,7 @@ class ValueSerializer {
   void WriteSmi(Smi smi);
   void WriteHeapNumber(HeapNumber* number);
   void WriteMutableHeapNumber(MutableHeapNumber* number);
-  void WriteBigInt(BigInt* bigint);
+  void WriteBigInt(BigInt bigint);
   void WriteString(Handle<String> string);
   Maybe<bool> WriteJSReceiver(Handle<JSReceiver> receiver)
       V8_WARN_UNUSED_RESULT;