[ext-code-space] Introduce RelocInfo::target_object(PtrComprCageBase)

... as a result of merging RelocInfo::target_object() with RelocInfo::target_object_no_host(PtrComprCageBase), where the cage base is used for accessing compressed embedded pointers. There are two reasons for this change: 1) the parameterless version used to compute the cage base value from the host Code object, however, when external code space is enabled such a base value will not work for non-Code objects, since they require different cage base for decompressing, 2) when external code space is enabled, there must be no need to embed compressed Code objects at all because CodeDataContainers must be used instead. In addition this CL introduces DCHECKs to enforce (2). Bug: v8:11880 Change-Id: I5b504f91dea87c2bcaa1165d2dbfaada70cba7be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211998Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77361}

[ext-code-space] Introduce RelocInfo::target_object(PtrComprCageBase)
... as a result of merging RelocInfo::target_object() with RelocInfo::target_object_no_host(PtrComprCageBase), where the cage base is used for accessing compressed embedded pointers. There are two reasons for this change: 1) the parameterless version used to compute the cage base value from the host Code object, however, when external code space is enabled such a base value will not work for non-Code objects, since they require different cage base for decompressing, 2) when external code space is enabled, there must be no need to embed compressed Code objects at all because CodeDataContainers must be used instead. In addition this CL introduces DCHECKs to enforce (2). Bug: v8:11880 Change-Id: I5b504f91dea87c2bcaa1165d2dbfaada70cba7be Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3211998Reviewed-by: Camillo Bruni <cbruni@chromium.org> Reviewed-by: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Commit-Queue: Igor Sheludko <ishell@chromium.org> Cr-Commit-Position: refs/heads/main@{#77361}
59c38107 · Igor Sheludko · V8 LUCI CQ · 177d09fc · 59c38107 · 59c38107
Commit 59c38107 authored Oct 12, 2021 by Igor Sheludko Committed by V8 LUCI CQ Oct 12, 2021
27 changed files
--- a/src/builtins/setup-builtins-internal.cc
+++ b/src/builtins/setup-builtins-internal.cc
@@ -226,6 +226,7 @@ void SetupIsolateDelegate::ReplacePlaceholders(Isolate* isolate) {
      RelocInfo::ModeMask(RelocInfo::FULL_EMBEDDED_OBJECT) |
      RelocInfo::ModeMask(RelocInfo::COMPRESSED_EMBEDDED_OBJECT) |
      RelocInfo::ModeMask(RelocInfo::RELATIVE_CODE_TARGET);
+  PtrComprCageBase cage_base(isolate);
  for (Builtin builtin = Builtins::kFirst; builtin <= Builtins::kLast;
       ++builtin) {
    Code code = builtins->code(builtin);
@@ -242,8 +243,8 @@ void SetupIsolateDelegate::ReplacePlaceholders(Isolate* isolate) {
                                  UPDATE_WRITE_BARRIER, SKIP_ICACHE_FLUSH);
      } else {
        DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
-        Object object = rinfo->target_object();
-        if (!object.IsCode()) continue;
+        Object object = rinfo->target_object(cage_base);
+        if (!object.IsCode(cage_base)) continue;
        Code target = Code::cast(object);
        if (!target.is_builtin()) continue;
        Code new_target = builtins->code(target.builtin_id());

--- a/src/codegen/arm/assembler-arm-inl.h
+++ b/src/codegen/arm/assembler-arm-inl.h
@@ -91,7 +91,7 @@ Address RelocInfo::constant_pool_entry_address() {

 int RelocInfo::target_address_size() { return kPointerSize; }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
@@ -101,10 +101,6 @@ HeapObject RelocInfo::target_object() {
      Object(Assembler::target_address_at(pc_, constant_pool_)));
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  return target_object();
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_)) {
    return Handle<HeapObject>(reinterpret_cast<Address*>(

--- a/src/codegen/arm64/assembler-arm64-inl.h
+++ b/src/codegen/arm64/assembler-arm64-inl.h
@@ -655,31 +655,25 @@ Address RelocInfo::constant_pool_entry_address() {
  return Assembler::target_pointer_address_at(pc_);
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
  } else if (IsCompressedEmbeddedObject(rmode_)) {
-    CHECK(!host_.is_null());
-    return HeapObject::cast(Object(DecompressTaggedAny(
-        host_.address(),
-        Assembler::target_compressed_address_at(pc_, constant_pool_))));
+    Tagged_t compressed =
+        Assembler::target_compressed_address_at(pc_, constant_pool_);
+    DCHECK(!HAS_SMI_TAG(compressed));
+    Object obj(DecompressTaggedPointer(cage_base, compressed));
+    // Embedding of compressed Code objects must not happen when external code
+    // space is enabled, because CodeDataContainers must be used instead.
+    DCHECK_IMPLIES(V8_EXTERNAL_CODE_SPACE_BOOL, !obj.IsCode(cage_base));
+    return HeapObject::cast(obj);
  } else {
    return HeapObject::cast(
        Object(Assembler::target_address_at(pc_, constant_pool_)));
  }
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  if (IsCompressedEmbeddedObject(rmode_)) {
-    return HeapObject::cast(Object(DecompressTaggedAny(
-        cage_base,
-        Assembler::target_compressed_address_at(pc_, constant_pool_))));
-  } else {
-    return target_object();
-  }
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsDataEmbeddedObject(rmode_)) {
    return Handle<HeapObject>::cast(ReadUnalignedValue<Handle<Object>>(pc_));

--- a/src/codegen/ia32/assembler-ia32-inl.h
+++ b/src/codegen/ia32/assembler-ia32-inl.h
@@ -80,16 +80,12 @@ Address RelocInfo::constant_pool_entry_address() { UNREACHABLE(); }

 int RelocInfo::target_address_size() { return Assembler::kSpecialTargetSize; }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));
  return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  return target_object();
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));

--- a/src/codegen/loong64/assembler-loong64-inl.h
+++ b/src/codegen/loong64/assembler-loong64-inl.h
@@ -85,7 +85,7 @@ void Assembler::deserialization_set_target_internal_reference_at(
  WriteUnalignedValue<Address>(pc, target);
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
@@ -95,10 +95,6 @@ HeapObject RelocInfo::target_object() {
      Object(Assembler::target_address_at(pc_, constant_pool_)));
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  return target_object();
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsDataEmbeddedObject(rmode_)) {
    return Handle<HeapObject>::cast(ReadUnalignedValue<Handle<Object>>(pc_));

--- a/src/codegen/mips/assembler-mips-inl.h
+++ b/src/codegen/mips/assembler-mips-inl.h
@@ -156,7 +156,7 @@ void Assembler::deserialization_set_target_internal_reference_at(
  }
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
@@ -166,10 +166,6 @@ HeapObject RelocInfo::target_object() {
      Object(Assembler::target_address_at(pc_, constant_pool_)));
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  return target_object();
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_)) {
    return Handle<HeapObject>(reinterpret_cast<Address*>(

--- a/src/codegen/mips64/assembler-mips64-inl.h
+++ b/src/codegen/mips64/assembler-mips64-inl.h
@@ -135,7 +135,7 @@ void Assembler::deserialization_set_target_internal_reference_at(
  }
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsFullEmbeddedObject(rmode_) ||
         IsDataEmbeddedObject(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
@@ -145,10 +145,6 @@ HeapObject RelocInfo::target_object() {
      Object(Assembler::target_address_at(pc_, constant_pool_)));
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  return target_object();
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsDataEmbeddedObject(rmode_)) {
    return Handle<HeapObject>::cast(ReadUnalignedValue<Handle<Object>>(pc_));

--- a/src/codegen/ppc/assembler-ppc-inl.h
+++ b/src/codegen/ppc/assembler-ppc-inl.h
@@ -145,13 +145,13 @@ Handle<Object> Assembler::code_target_object_handle_at(Address pc,
  return GetCodeTarget(index);
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
  } else if (IsCompressedEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(DecompressTaggedAny(
-        host_.address(),
+        cage_base,
        Assembler::target_compressed_address_at(pc_, constant_pool_))));
  } else {
    return HeapObject::cast(
@@ -159,16 +159,6 @@ HeapObject RelocInfo::target_object() {
  }
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  if (IsCompressedEmbeddedObject(rmode_)) {
-    return HeapObject::cast(Object(DecompressTaggedAny(
-        cage_base,
-        Assembler::target_compressed_address_at(pc_, constant_pool_))));
-  } else {
-    return target_object();
-  }
-}
-
 Handle<HeapObject> Assembler::compressed_embedded_object_handle_at(
    Address pc, Address const_pool) {
  return GetEmbeddedObject(target_compressed_address_at(pc, const_pool));

--- a/src/codegen/reloc-info.cc
+++ b/src/codegen/reloc-info.cc
@@ -451,9 +451,9 @@ void RelocInfo::Print(Isolate* isolate, std::ostream& os) {
    os << "  ("
       << DeoptimizeReasonToString(static_cast<DeoptimizeReason>(data_)) << ")";
  } else if (rmode_ == FULL_EMBEDDED_OBJECT) {
-    os << "  (" << Brief(target_object()) << ")";
+    os << "  (" << Brief(target_object(isolate)) << ")";
  } else if (rmode_ == COMPRESSED_EMBEDDED_OBJECT) {
-    os << "  (" << Brief(target_object()) << " compressed)";
+    os << "  (" << Brief(target_object(isolate)) << " compressed)";
  } else if (rmode_ == EXTERNAL_REFERENCE) {
    if (isolate) {
      ExternalReferenceEncoder ref_encoder(isolate);
@@ -491,11 +491,11 @@ void RelocInfo::Print(Isolate* isolate, std::ostream& os) {
 void RelocInfo::Verify(Isolate* isolate) {
  switch (rmode_) {
    case COMPRESSED_EMBEDDED_OBJECT:
-      Object::VerifyPointer(isolate, target_object());
+      Object::VerifyPointer(isolate, target_object(isolate));
      break;
    case FULL_EMBEDDED_OBJECT:
    case DATA_EMBEDDED_OBJECT:
-      Object::VerifyAnyTagged(isolate, target_object());
+      Object::VerifyAnyTagged(isolate, target_object(isolate));
      break;
    case CODE_TARGET:
    case RELATIVE_CODE_TARGET: {

--- a/src/codegen/reloc-info.h
+++ b/src/codegen/reloc-info.h
@@ -252,12 +252,9 @@ class RelocInfo {
  // this relocation applies to;
  // can only be called if IsCodeTarget(rmode_) || IsRuntimeEntry(rmode_)
  V8_INLINE Address target_address();
-  V8_INLINE HeapObject target_object();
+  // Cage base value is used for decompressing compressed embedded references.
+  V8_INLINE HeapObject target_object(PtrComprCageBase cage_base);

-  // In GC operations, we don't have a host_ pointer. Retrieving a target
-  // for COMPRESSED_EMBEDDED_OBJECT mode requires a pointer compression cage
-  // base value.
-  V8_INLINE HeapObject target_object_no_host(PtrComprCageBase cage_base);
  V8_INLINE Handle<HeapObject> target_object_handle(Assembler* origin);

  V8_INLINE void set_target_object(

--- a/src/codegen/riscv64/assembler-riscv64-inl.h
+++ b/src/codegen/riscv64/assembler-riscv64-inl.h
@@ -156,13 +156,13 @@ void Assembler::deserialization_set_target_internal_reference_at(
  }
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
  } else if (IsCompressedEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(DecompressTaggedAny(
-        host_.address(),
+        cage_base,
        Assembler::target_compressed_address_at(pc_, constant_pool_))));
  } else {
    return HeapObject::cast(
@@ -170,16 +170,6 @@ HeapObject RelocInfo::target_object() {
  }
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  if (IsCompressedEmbeddedObject(rmode_)) {
-    return HeapObject::cast(Object(DecompressTaggedAny(
-        cage_base,
-        Assembler::target_compressed_address_at(pc_, constant_pool_))));
-  } else {
-    return target_object();
-  }
-}
-
 Handle<HeapObject> RelocInfo::target_object_handle(Assembler* origin) {
  if (IsDataEmbeddedObject(rmode_)) {
    return Handle<HeapObject>::cast(ReadUnalignedValue<Handle<Object>>(pc_));

--- a/src/codegen/s390/assembler-s390-inl.h
+++ b/src/codegen/s390/assembler-s390-inl.h
@@ -139,13 +139,13 @@ Handle<Object> Assembler::code_target_object_handle_at(Address pc) {
  return GetCodeTarget(index);
 }

-HeapObject RelocInfo::target_object() {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
  if (IsDataEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
  } else if (IsCompressedEmbeddedObject(rmode_)) {
    return HeapObject::cast(Object(DecompressTaggedAny(
-        host_.address(),
+        cage_base,
        Assembler::target_compressed_address_at(pc_, constant_pool_))));
  } else {
    return HeapObject::cast(
@@ -153,16 +153,6 @@ HeapObject RelocInfo::target_object() {
  }
 }

-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
-  if (IsCompressedEmbeddedObject(rmode_)) {
-    return HeapObject::cast(Object(DecompressTaggedAny(
-        cage_base,
-        Assembler::target_compressed_address_at(pc_, constant_pool_))));
-  } else {
-    return target_object();
-  }
-}
-
 Handle<HeapObject> Assembler::compressed_embedded_object_handle_at(
    Address pc, Address const_pool) {
  return GetEmbeddedObject(target_compressed_address_at(pc, const_pool));

--- a/src/codegen/x64/assembler-x64-inl.h
+++ b/src/codegen/x64/assembler-x64-inl.h
@@ -314,24 +314,15 @@ int RelocInfo::target_address_size() {
  }
 }

-HeapObject RelocInfo::target_object() {
-  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
-  if (IsCompressedEmbeddedObject(rmode_)) {
-    CHECK(!host_.is_null());
-    Object o = static_cast<Object>(DecompressTaggedPointer(
-        host_.ptr(), ReadUnalignedValue<Tagged_t>(pc_)));
-    return HeapObject::cast(o);
-  }
-  DCHECK(IsFullEmbeddedObject(rmode_) || IsDataEmbeddedObject(rmode_));
-  return HeapObject::cast(Object(ReadUnalignedValue<Address>(pc_)));
-}
-
-HeapObject RelocInfo::target_object_no_host(PtrComprCageBase cage_base) {
+HeapObject RelocInfo::target_object(PtrComprCageBase cage_base) {
  DCHECK(IsCodeTarget(rmode_) || IsEmbeddedObjectMode(rmode_));
  if (IsCompressedEmbeddedObject(rmode_)) {
    Tagged_t compressed = ReadUnalignedValue<Tagged_t>(pc_);
    DCHECK(!HAS_SMI_TAG(compressed));
    Object obj(DecompressTaggedPointer(cage_base, compressed));
+    // Embedding of compressed Code objects must not happen when external code
+    // space is enabled, because CodeDataContainers must be used instead.
+    DCHECK_IMPLIES(V8_EXTERNAL_CODE_SPACE_BOOL, !obj.IsCode(cage_base));
    return HeapObject::cast(obj);
  }
  DCHECK(IsFullEmbeddedObject(rmode_) || IsDataEmbeddedObject(rmode_));

--- a/src/compiler/pipeline.cc
+++ b/src/compiler/pipeline.cc
@@ -1269,14 +1269,14 @@ void PipelineCompilationJob::RegisterWeakObjectsInOptimizedCode(
  DCHECK(code->is_optimized_code());
  {
    DisallowGarbageCollection no_gc;
+    PtrComprCageBase cage_base(isolate);
    int const mode_mask = RelocInfo::EmbeddedObjectModeMask();
    for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
      DCHECK(RelocInfo::IsEmbeddedObjectMode(it.rinfo()->rmode()));
-      if (code->IsWeakObjectInOptimizedCode(it.rinfo()->target_object())) {
-        Handle<HeapObject> object(HeapObject::cast(it.rinfo()->target_object()),
-                                  isolate);
-        if (object->IsMap()) {
-          maps.push_back(Handle<Map>::cast(object));
+      HeapObject target_object = it.rinfo()->target_object(cage_base);
+      if (code->IsWeakObjectInOptimizedCode(target_object)) {
+        if (target_object.IsMap(cage_base)) {
+          maps.push_back(handle(Map::cast(target_object), isolate));
        }
      }
    }

--- a/src/diagnostics/disassembler.cc
+++ b/src/diagnostics/disassembler.cc
@@ -243,11 +243,7 @@ static void PrintRelocInfo(std::ostringstream& out, Isolate* isolate,
  } else if (RelocInfo::IsEmbeddedObjectMode(rmode)) {
    HeapStringAllocator allocator;
    StringStream accumulator(&allocator);
-    if (relocinfo->host().is_null()) {
-      relocinfo->target_object_no_host(isolate).ShortPrint(&accumulator);
-    } else {
-      relocinfo->target_object().ShortPrint(&accumulator);
-    }
+    relocinfo->target_object(isolate).ShortPrint(&accumulator);
    std::unique_ptr<char[]> obj_name = accumulator.ToCString();
    const bool is_compressed = RelocInfo::IsCompressedEmbeddedObject(rmode);
    out << "    ;; " << (is_compressed ? "(compressed) " : "")

--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -4461,7 +4461,7 @@ class SlotVerifyingVisitor : public ObjectVisitorWithCageBases {
  }

  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    Object target = rinfo->target_object_no_host(cage_base());
+    Object target = rinfo->target_object(cage_base());
    if (ShouldHaveBeenRecorded(host, MaybeObject::FromObject(target))) {
      CHECK(
          InTypedSet(FULL_EMBEDDED_OBJECT_SLOT, rinfo->pc()) ||
@@ -6381,7 +6381,7 @@ class UnreachableObjectsFilter : public HeapObjectsFilter {
      MarkHeapObject(target);
    }
    void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) final {
-      MarkHeapObject(rinfo->target_object_no_host(cage_base()));
+      MarkHeapObject(rinfo->target_object(cage_base()));
    }

    void VisitRootPointers(Root root, const char* description,
@@ -6916,7 +6916,7 @@ void VerifyPointersVisitor::VisitCodeTarget(Code host, RelocInfo* rinfo) {
 }

 void VerifyPointersVisitor::VisitEmbeddedPointer(Code host, RelocInfo* rinfo) {
-  VerifyHeapObjectImpl(rinfo->target_object_no_host(cage_base()));
+  VerifyHeapObjectImpl(rinfo->target_object(cage_base()));
 }

 void VerifySmisVisitor::VisitRootPointers(Root root, const char* description,
@@ -7063,10 +7063,12 @@ Code Heap::GcSafeFindCodeForInnerPointer(Address inner_pointer) {
 }

 void Heap::WriteBarrierForCodeSlow(Code code) {
+  PtrComprCageBase cage_base = code.main_cage_base();
  for (RelocIterator it(code, RelocInfo::EmbeddedObjectModeMask()); !it.done();
       it.next()) {
-    GenerationalBarrierForCode(code, it.rinfo(), it.rinfo()->target_object());
-    WriteBarrier::Marking(code, it.rinfo(), it.rinfo()->target_object());
+    HeapObject target_object = it.rinfo()->target_object(cage_base);
+    GenerationalBarrierForCode(code, it.rinfo(), target_object);
+    WriteBarrier::Marking(code, it.rinfo(), target_object);
  }
 }


--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -256,7 +256,7 @@ class FullMarkingVerifier : public MarkingVerifier {

  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
    DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
-    HeapObject target_object = rinfo->target_object_no_host(cage_base());
+    HeapObject target_object = rinfo->target_object(cage_base());
    if (!host.IsWeakObject(target_object)) {
      VerifyHeapObjectImpl(target_object);
    }
@@ -431,7 +431,7 @@ class FullEvacuationVerifier : public EvacuationVerifier {
    VerifyHeapObjectImpl(target);
  }
  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    VerifyHeapObjectImpl(rinfo->target_object_no_host(cage_base()));
+    VerifyHeapObjectImpl(rinfo->target_object(cage_base()));
  }
  void VerifyRootPointers(FullObjectSlot start, FullObjectSlot end) override {
    VerifyPointersImpl(start, end);
@@ -1110,7 +1110,7 @@ class MarkCompactCollector::CustomRootBodyMarkingVisitor final
    MarkObject(host, target);
  }
  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    MarkObject(host, rinfo->target_object_no_host(cage_base()));
+    MarkObject(host, rinfo->target_object(cage_base()));
  }

 private:
@@ -1306,8 +1306,7 @@ class RecordMigratedSlotVisitor : public ObjectVisitorWithCageBases {
  inline void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
    DCHECK_EQ(host, rinfo->host());
    DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
-    HeapObject object =
-        HeapObject::cast(rinfo->target_object_no_host(cage_base()));
+    HeapObject object = rinfo->target_object(cage_base());
    GenerationalBarrierForCode(host, rinfo, object);
    collector_->RecordRelocSlot(host, rinfo, object);
  }
@@ -4482,7 +4481,8 @@ class YoungGenerationMarkingVerifier : public MarkingVerifier {
    VerifyHeapObjectImpl(target);
  }
  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    VerifyHeapObjectImpl(rinfo->target_object());
+    PtrComprCageBase cage_base = host.main_cage_base();
+    VerifyHeapObjectImpl(rinfo->target_object(cage_base));
  }
  void VerifyRootPointers(FullObjectSlot start, FullObjectSlot end) override {
    VerifyPointersImpl(start, end);
@@ -4556,7 +4556,7 @@ class YoungGenerationEvacuationVerifier : public EvacuationVerifier {
    VerifyHeapObjectImpl(target);
  }
  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    VerifyHeapObjectImpl(rinfo->target_object_no_host(cage_base()));
+    VerifyHeapObjectImpl(rinfo->target_object(cage_base()));
  }
  void VerifyRootPointers(FullObjectSlot start, FullObjectSlot end) override {
    VerifyPointersImpl(start, end);

--- a/src/heap/marking-visitor-inl.h
+++ b/src/heap/marking-visitor-inl.h
@@ -111,7 +111,7 @@ void MarkingVisitorBase<ConcreteVisitor, MarkingState>::VisitEmbeddedPointer(
    Code host, RelocInfo* rinfo) {
  DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
  HeapObject object =
-      rinfo->target_object_no_host(ObjectVisitorWithCageBases::cage_base());
+      rinfo->target_object(ObjectVisitorWithCageBases::cage_base());
  if (!concrete_visitor()->marking_state()->IsBlackOrGrey(object)) {
    if (host.IsWeakObject(object)) {
      weak_objects_->weak_objects_in_code.Push(task_id_,

--- a/src/heap/object-stats.cc
+++ b/src/heap/object-stats.cc
@@ -1039,9 +1039,10 @@ void ObjectStatsCollectorImpl::RecordVirtualCodeDetails(Code code) {
    }
  }
  int const mode_mask = RelocInfo::EmbeddedObjectModeMask();
+  PtrComprCageBase cage_base(heap_->isolate());
  for (RelocIterator it(code, mode_mask); !it.done(); it.next()) {
    DCHECK(RelocInfo::IsEmbeddedObjectMode(it.rinfo()->rmode()));
-    Object target = it.rinfo()->target_object();
+    Object target = it.rinfo()->target_object(cage_base);
    if (target.IsFixedArrayExact()) {
      RecordVirtualObjectsForConstantPoolOrEmbeddedObjects(
          code, HeapObject::cast(target), ObjectStats::EMBEDDED_OBJECT_TYPE);

--- a/src/heap/remembered-set.h
+++ b/src/heap/remembered-set.h
@@ -340,7 +340,7 @@ class UpdateTypedSlotHelper {
  static SlotCallbackResult UpdateEmbeddedPointer(Heap* heap, RelocInfo* rinfo,
                                                  Callback callback) {
    DCHECK(RelocInfo::IsEmbeddedObjectMode(rinfo->rmode()));
-    HeapObject old_target = rinfo->target_object_no_host(heap->isolate());
+    HeapObject old_target = rinfo->target_object(heap->isolate());
    HeapObject new_target = old_target;
    SlotCallbackResult result = callback(FullMaybeObjectSlot(&new_target));
    DCHECK(!HasWeakHeapObjectTag(new_target));

--- a/src/heap/scavenger-inl.h
+++ b/src/heap/scavenger-inl.h
@@ -512,7 +512,7 @@ void ScavengeVisitor::VisitCodeTarget(Code host, RelocInfo* rinfo) {
 }

 void ScavengeVisitor::VisitEmbeddedPointer(Code host, RelocInfo* rinfo) {
-  HeapObject heap_object = rinfo->target_object();
+  HeapObject heap_object = rinfo->target_object(cage_base());
 #ifdef DEBUG
  HeapObject old_heap_object = heap_object;
 #endif

--- a/src/heap/scavenger.cc
+++ b/src/heap/scavenger.cc
@@ -54,7 +54,8 @@ class IterateAndScavengePromotedObjectsVisitor final : public ObjectVisitor {
    HandleSlot(host, FullHeapObjectSlot(&target), target);
  }
  V8_INLINE void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) final {
-    HeapObject heap_object = rinfo->target_object();
+    PtrComprCageBase cage_base = host.main_cage_base();
+    HeapObject heap_object = rinfo->target_object(cage_base);
    HandleSlot(host, FullHeapObjectSlot(&heap_object), heap_object);
  }


--- a/src/profiler/heap-snapshot-generator.cc
+++ b/src/profiler/heap-snapshot-generator.cc
@@ -758,11 +758,11 @@ class IndexedReferencesExtractor : public ObjectVisitorWithCageBases {
  }

  void VisitEmbeddedPointer(Code host, RelocInfo* rinfo) override {
-    HeapObject object = rinfo->target_object_no_host(cage_base());
+    HeapObject object = rinfo->target_object(cage_base());
    if (host.IsWeakObject(object)) {
      generator_->SetWeakReference(parent_, next_index_++, object, {});
    } else {
-      VisitHeapObjectImpl(rinfo->target_object(), -1);
+      VisitHeapObjectImpl(object, -1);
    }
  }


--- a/src/snapshot/serializer.cc
+++ b/src/snapshot/serializer.cc
@@ -965,8 +965,8 @@ class Serializer::ObjectSerializer::RelocInfoObjectPreSerializer {
      : serializer_(serializer) {}

  void VisitEmbeddedPointer(Code host, RelocInfo* target) {
-    Object object = target->target_object();
-    serializer_->SerializeObject(handle(HeapObject::cast(object), isolate()));
+    HeapObject object = target->target_object(isolate());
+    serializer_->SerializeObject(handle(object, isolate()));
    num_serialized_objects_++;
  }
  void VisitCodeTarget(Code host, RelocInfo* target) {

--- a/test/cctest/heap/test-heap.cc
+++ b/test/cctest/heap/test-heap.cc
@@ -180,12 +180,15 @@ static void CheckNumber(Isolate* isolate, double value, const char* string) {
  CHECK(String::cast(*print_string).IsOneByteEqualTo(base::CStrVector(string)));
 }

-void CheckEmbeddedObjectsAreEqual(Handle<Code> lhs, Handle<Code> rhs) {
+void CheckEmbeddedObjectsAreEqual(Isolate* isolate, Handle<Code> lhs,
+                                  Handle<Code> rhs) {
  int mode_mask = RelocInfo::ModeMask(RelocInfo::FULL_EMBEDDED_OBJECT);
+  PtrComprCageBase cage_base(isolate);
  RelocIterator lhs_it(*lhs, mode_mask);
  RelocIterator rhs_it(*rhs, mode_mask);
  while (!lhs_it.done() && !rhs_it.done()) {
-    CHECK(lhs_it.rinfo()->target_object() == rhs_it.rinfo()->target_object());
+    CHECK_EQ(lhs_it.rinfo()->target_object(cage_base),
+             rhs_it.rinfo()->target_object(cage_base));

    lhs_it.next();
    rhs_it.next();
@@ -228,9 +231,9 @@ HEAP_TEST(TestNewSpaceRefsInCopiedCode) {
    copy = factory->CopyCode(code);
  }

-  CheckEmbeddedObjectsAreEqual(code, copy);
+  CheckEmbeddedObjectsAreEqual(isolate, code, copy);
  CcTest::CollectAllAvailableGarbage();
-  CheckEmbeddedObjectsAreEqual(code, copy);
+  CheckEmbeddedObjectsAreEqual(isolate, code, copy);
 }

 static void CheckFindCodeObject(Isolate* isolate) {

--- a/test/cctest/test-macro-assembler-arm64.cc
+++ b/test/cctest/test-macro-assembler-arm64.cc
@@ -77,15 +77,17 @@ TEST(EmbeddedObj) {
  CcTest::CollectAllGarbage();
  CcTest::CollectAllGarbage();

+  PtrComprCageBase cage_base(isolate);
+
  // Test the user-facing reloc interface.
  const int mode_mask = RelocInfo::EmbeddedObjectModeMask();
  for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
    RelocInfo::Mode mode = it.rinfo()->rmode();
    if (RelocInfo::IsCompressedEmbeddedObject(mode)) {
-      CHECK_EQ(*my_array, it.rinfo()->target_object());
+      CHECK_EQ(*my_array, it.rinfo()->target_object(cage_base));
    } else {
      CHECK(RelocInfo::IsFullEmbeddedObject(mode));
-      CHECK_EQ(*old_array, it.rinfo()->target_object());
+      CHECK_EQ(*old_array, it.rinfo()->target_object(cage_base));
    }
  }
 #endif  // V8_COMPRESS_POINTERS

--- a/test/cctest/test-macro-assembler-x64.cc
+++ b/test/cctest/test-macro-assembler-x64.cc
@@ -480,15 +480,20 @@ TEST(EmbeddedObj) {
  CcTest::CollectAllGarbage();
  CcTest::CollectAllGarbage();

+  PtrComprCageBase cage_base(isolate);
+
  // Test the user-facing reloc interface.
  const int mode_mask = RelocInfo::EmbeddedObjectModeMask();
  for (RelocIterator it(*code, mode_mask); !it.done(); it.next()) {
    RelocInfo::Mode mode = it.rinfo()->rmode();
    if (RelocInfo::IsCompressedEmbeddedObject(mode)) {
-      CHECK_EQ(*my_array, it.rinfo()->target_object());
+      CHECK_EQ(*my_array, it.rinfo()->target_object(cage_base));
+      if (!V8_EXTERNAL_CODE_SPACE_BOOL) {
+        CHECK_EQ(*my_array, it.rinfo()->target_object(cage_base));
+      }
    } else {
      CHECK(RelocInfo::IsFullEmbeddedObject(mode));
-      CHECK_EQ(*old_array, it.rinfo()->target_object());
+      CHECK_EQ(*old_array, it.rinfo()->target_object(cage_base));
    }
  }
 #endif  // V8_COMPRESS_POINTERS