[TurboFan] Exercise more care around calls to Context::previous()

In serialization for concurrent TurboFan, we need to fully consume
context chains to the root. This interferes with existing protections,
firing the assert IsBootstrappingOrValidParentContext if the chain
is queried to root. Instead, use unchecked_previous().

Bug: v8:7790
Change-Id: Id69885570fb88486c2f292023509bb02413a8ac5
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1710666Reviewed-by: Georg Neis <neis@chromium.org>
Commit-Queue: Michael Stanton <mvstanton@chromium.org>
Cr-Commit-Position: refs/heads/master@{#62846}

src/compiler/js-heap-broker.cc

@@ -602,8 +602,8 @@ ContextData* ContextData::previous(JSHeapBroker* broker, size_t* depth,
   if (serialize && previous_ == nullptr) {
     TraceScope tracer(broker, this, "ContextData::previous");
     Handle<Context> context = Handle<Context>::cast(object());
-    Context prev = context->previous();
-    if (!prev.is_null()) {
+    Object prev = context->unchecked_previous();
+    if (prev.IsContext()) {
       previous_ = broker->GetOrCreateData(prev)->AsContext();
     }
   }
@@ -2088,8 +2088,8 @@ ContextRef ContextRef::previous(size_t* depth, bool serialize) const {
     AllowHandleAllocation handle_allocation;
     AllowHandleDereference handle_dereference;
     Context current = *object();
-    while (*depth != 0 && !current.previous().is_null()) {
-      current = current.previous();
+    while (*depth != 0 && current.unchecked_previous().IsContext()) {
+      current = Context::cast(current.unchecked_previous());
       (*depth)--;
     }
     return ContextRef(broker(), handle(current, broker()->isolate()));