[heap] Avoid creating handles in heap verification

Use raw_native_context().normalized_map_cache() to avoid handle
creation in a safepoint.

Handles have all kinds of DCHECKs that may not hold during heap
verification.

Bug: v8:11708, v8:13244
Change-Id: I3f9ceae6533059c119287b833d5795f8fa67f9d1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3865965Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Dominik Inführ <dinfuehr@chromium.org>
Cr-Commit-Position: refs/heads/main@{#82854}

src/heap/heap-verifier.cc

@@ -80,9 +80,14 @@ void HeapVerification::Verify() {
   heap()->IterateRoots(&visitor, {});
 
   if (!isolate()->context().is_null() &&
-      !isolate()->normalized_map_cache()->IsUndefined(isolate())) {
-    NormalizedMapCache::cast(*isolate()->normalized_map_cache())
-        .NormalizedMapCacheVerify(isolate());
+      !isolate()->raw_native_context().is_null()) {
+    Object normalized_map_cache =
+        isolate()->raw_native_context().normalized_map_cache();
+
+    if (normalized_map_cache.IsNormalizedMapCache()) {
+      NormalizedMapCache::cast(normalized_map_cache)
+          .NormalizedMapCacheVerify(isolate());
+    }
   }
 
   // The heap verifier can't deal with partially deserialized objects, so