[ubsan] Misc post-Object-migration cleanup

Bug: v8:3770
Change-Id: I9214212454034cf1238cab43dc34d8d9f8ed2d37
Reviewed-on: https://chromium-review.googlesource.com/c/1398222Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58627}

src/api.cc

@@ -6622,17 +6622,12 @@ Local<v8::Object> v8::Object::New(Isolate* isolate,
       // If this is the first element, allocate a proper
       // dictionary elements backing store for {elements}.
       if (!elements->IsNumberDictionary()) {
-        // TODO(3770): Drop explicit cast.
-        elements = i::Handle<i::FixedArrayBase>(
-            i::NumberDictionary::New(i_isolate, static_cast<int>(length))
-                .location());
+        elements =
+            i::NumberDictionary::New(i_isolate, static_cast<int>(length));
       }
-      // TODO(3770): Drop explicit cast.
-      elements = i::Handle<i::FixedArrayBase>(
-          i::NumberDictionary::Set(
-              i_isolate, i::Handle<i::NumberDictionary>::cast(elements), index,
-              value)
-              .location());
+      elements = i::NumberDictionary::Set(
+          i_isolate, i::Handle<i::NumberDictionary>::cast(elements), index,
+          value);
     } else {
       // Internalize the {name} first.
       name = i_isolate->factory()->InternalizeName(name);

src/compiler/code-assembler.h

@@ -353,20 +353,9 @@ typedef ZoneVector<CodeAssemblerVariable*> CodeAssemblerVariableList;
 
 typedef std::function<void()> CodeAssemblerCallback;
 
-// TODO(3770): The Object/HeapObject dance is temporary (while the
-// incremental transition is in progress, we want to pretend that subclasses
-// of HeapObject are also subclasses of Object); it can be
-// removed when the migration is complete.
 template <class T, class U>
 struct is_subtype {
-  static const bool value =
-      std::is_base_of<U, T>::value ||
-      (std::is_same<U, Object>::value && std::is_base_of<HeapObject, T>::value);
-};
-// TODO(3770): Temporary; remove after migration.
-template <>
-struct is_subtype<Smi, Object> {
-  static const bool value = true;
+  static const bool value = std::is_base_of<U, T>::value;
 };
 template <class T1, class T2, class U>
 struct is_subtype<UnionT<T1, T2>, U> {

src/contexts-inl.h

@@ -140,15 +140,15 @@ bool Context::HasSameSecurityTokenAs(Context that) const {
 }
 
 #define NATIVE_CONTEXT_FIELD_ACCESSORS(index, type, name) \
-  void Context::set_##name(type##ArgType value) {         \
+  void Context::set_##name(type value) {                  \
     DCHECK(IsNativeContext());                            \
     set(index, value);                                    \
   }                                                       \
-  bool Context::is_##name(type##ArgType value) const {    \
+  bool Context::is_##name(type value) const {             \
     DCHECK(IsNativeContext());                            \
     return type::cast(get(index)) == value;               \
   }                                                       \
-  type##ArgType Context::name() const {                   \
+  type Context::name() const {                            \
     DCHECK(IsNativeContext());                            \
     return type::cast(get(index));                        \
   }

src/contexts.h

@@ -608,9 +608,9 @@ class Context : public HeapObject {
   static int IntrinsicIndexForName(const unsigned char* name, int length);
 
 #define NATIVE_CONTEXT_FIELD_ACCESSORS(index, type, name) \
-  inline void set_##name(type##ArgType value);            \
-  inline bool is_##name(type##ArgType value) const;       \
-  inline type##ArgType name() const;
+  inline void set_##name(type value);                     \
+  inline bool is_##name(type value) const;                \
+  inline type name() const;
   NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSORS)
 #undef NATIVE_CONTEXT_FIELD_ACCESSORS
 

src/elements.cc

@@ -2063,10 +2063,8 @@ class FastElementsAccessor : public ElementsAccessorBase<Subclass, KindTraits> {
                               PropertyAttributes attributes) {
     Handle<NumberDictionary> dictionary = JSObject::NormalizeElements(object);
     entry = dictionary->FindEntry(object->GetIsolate(), entry);
-    // TODO(3770): Drop type conversion.
-    DictionaryElementsAccessor::ReconfigureImpl(
-        object, Handle<FixedArrayBase>(dictionary.location()), entry, value,
-        attributes);
+    DictionaryElementsAccessor::ReconfigureImpl(object, dictionary, entry,
+                                                value, attributes);
   }
 
   static void AddImpl(Handle<JSObject> object, uint32_t index,

src/handles.h

@@ -117,7 +117,6 @@ class Handle final : public HandleBase {
 
   // Constructor for handling automatic up casting.
   // Ex. Handle<JSFunction> can be passed when Handle<Object> is expected.
-  // TODO(3770): Remove special cases after the migration.
   template <typename S, typename = typename std::enable_if<
                             std::is_convertible<S*, T*>::value>::type>
   V8_INLINE Handle(Handle<S> handle) : HandleBase(handle) {}

src/heap/factory.cc

@@ -3607,9 +3607,8 @@ Handle<SharedFunctionInfo> Factory::NewSharedFunctionInfoForApiFunction(
 
 Handle<SharedFunctionInfo> Factory::NewSharedFunctionInfoForBuiltin(
     MaybeHandle<String> maybe_name, int builtin_index, FunctionKind kind) {
-  // TODO(3770): Switch to MaybeHandle<Code>() after migration.
   Handle<SharedFunctionInfo> shared = NewSharedFunctionInfo(
-      maybe_name, MaybeHandle<HeapObject>(), builtin_index, kind);
+      maybe_name, MaybeHandle<Code>(), builtin_index, kind);
   return shared;
 }
 

src/heap/factory.h

@@ -843,9 +843,7 @@ class V8_EXPORT_PRIVATE Factory {
 
   inline Handle<String> Uint32ToString(uint32_t value, bool check_cache = true);
 
-// TODO(3770): Drop std::remove_pointer after the migration.
-#define ROOT_ACCESSOR(Type, name, CamelName) \
-  inline Handle<std::remove_pointer<Type>::type> name();
+#define ROOT_ACCESSOR(Type, name, CamelName) inline Handle<Type> name();
   ROOT_LIST(ROOT_ACCESSOR)
 #undef ROOT_ACCESSOR
 

src/isolate-inl.h

@@ -118,7 +118,7 @@ Isolate::ExceptionScope::~ExceptionScope() {
   Handle<type> Isolate::name() {                             \
     return Handle<type>(raw_native_context()->name(), this); \
   }                                                          \
-  bool Isolate::is_##name(type##ArgType value) {             \
+  bool Isolate::is_##name(type value) {                      \
     return raw_native_context()->is_##name(value);           \
   }
 NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)

src/isolate.cc

@@ -914,9 +914,7 @@ Handle<Object> Isolate::CaptureSimpleStackTrace(Handle<JSReceiver> error_object,
   }
 
   // TODO(yangguo): Queue this structured stack trace for preprocessing on GC.
-  // TODO(3770): Drop explicit cast.
-  return factory()->NewJSArrayWithElements(
-      Handle<FixedArray>(builder.GetElements().location()));
+  return factory()->NewJSArrayWithElements(builder.GetElements());
 }
 
 MaybeHandle<JSReceiver> Isolate::CaptureAndSetDetailedStackTrace(

src/isolate.h

@@ -960,7 +960,7 @@ class Isolate final : private HiddenFactory {
 
 #define NATIVE_CONTEXT_FIELD_ACCESSOR(index, type, name) \
   inline Handle<type> name();                            \
-  inline bool is_##name(type##ArgType value);
+  inline bool is_##name(type value);
   NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)
 #undef NATIVE_CONTEXT_FIELD_ACCESSOR
 

src/keys.cc

@@ -75,9 +75,7 @@ void KeyAccumulator::AddKey(Handle<Object> key, AddKeyConversion convert) {
   }
   if (IsShadowed(key)) return;
   if (keys_.is_null()) {
-    // TODO(3770): Drop explicit conversion.
-    keys_ =
-        Handle<FixedArray>(OrderedHashSet::Allocate(isolate_, 16).location());
+    keys_ = OrderedHashSet::Allocate(isolate_, 16);
   }
   uint32_t index;
   if (convert == CONVERT_TO_ARRAY_INDEX && key->IsString() &&
@@ -90,8 +88,7 @@ void KeyAccumulator::AddKey(Handle<Object> key, AddKeyConversion convert) {
     // be left-trimmer. Hence the previous Set should not keep a pointer to the
     // new one.
     keys_->set(OrderedHashSet::NextTableIndex(), Smi::kZero);
-    // TODO(3770): Drop explicit conversion.
-    keys_ = Handle<FixedArray>(new_set.location());
+    keys_ = new_set;
   }
 }
 

src/objects.h

@@ -531,33 +531,6 @@ class ZoneForwardList;
 // The element types selection for CreateListFromArrayLike.
 enum class ElementTypes { kAll, kStringAndSymbol };
 
-// TODO(3770): Get rid of this indirection when the migration is complete.
-typedef AbstractCode AbstractCodeArgType;
-typedef ByteArray ByteArrayArgType;
-typedef FixedArray FixedArrayArgType;
-typedef FixedDoubleArray FixedDoubleArrayArgType;
-typedef Foreign ForeignArgType;
-typedef HeapObject HeapObjectArgType;
-typedef JSArray JSArrayArgType;
-typedef JSAsyncGeneratorObject JSAsyncGeneratorObjectArgType;
-typedef JSFunction JSFunctionArgType;
-typedef JSGlobalProxy JSGlobalProxyArgType;
-typedef JSObject JSObjectArgType;
-typedef JSPromise JSPromiseArgType;
-typedef JSProxy JSProxyArgType;
-typedef Map MapArgType;
-typedef Object ObjectArgType;
-typedef RegExpMatchInfo RegExpMatchInfoArgType;
-typedef ScriptContextTable ScriptContextTableArgType;
-typedef SharedFunctionInfo SharedFunctionInfoArgType;
-typedef SimpleNumberDictionary SimpleNumberDictionaryArgType;
-typedef Smi SmiArgType;
-typedef String StringArgType;
-typedef Symbol SymbolArgType;
-typedef TemplateList TemplateListArgType;
-typedef WasmInstanceObject WasmInstanceObjectArgType;
-typedef WasmMemoryObject WasmMemoryObjectArgType;
-
 // Object is the abstract superclass for all classes in the
 // object hierarchy.
 // Object does not use any virtual functions to avoid the

src/objects/frame-array-inl.h

@@ -20,13 +20,13 @@ OBJECT_CONSTRUCTORS_IMPL(FrameArray, FixedArray)
 CAST_ACCESSOR2(FrameArray)
 
 #define DEFINE_FRAME_ARRAY_ACCESSORS(name, type)                              \
-  type##ArgType FrameArray::name(int frame_ix) const {                        \
+  type FrameArray::name(int frame_ix) const {                                 \
     Object obj =                                                              \
         get(kFirstIndex + frame_ix * kElementsPerFrame + k##name##Offset);    \
     return type::cast(obj);                                                   \
   }                                                                           \
                                                                               \
-  void FrameArray::Set##name(int frame_ix, type##ArgType value) {             \
+  void FrameArray::Set##name(int frame_ix, type value) {                      \
     set(kFirstIndex + frame_ix * kElementsPerFrame + k##name##Offset, value); \
   }
 FRAME_ARRAY_FIELD_LIST(DEFINE_FRAME_ARRAY_ACCESSORS)

src/objects/frame-array.h

@@ -30,9 +30,9 @@ class Handle;
 // Container object for data collected during simple stack trace captures.
 class FrameArray : public FixedArray {
  public:
-#define DECL_FRAME_ARRAY_ACCESSORS(name, type)   \
-  inline type##ArgType name(int frame_ix) const; \
-  inline void Set##name(int frame_ix, type##ArgType value);
+#define DECL_FRAME_ARRAY_ACCESSORS(name, type) \
+  inline type name(int frame_ix) const;        \
+  inline void Set##name(int frame_ix, type value);
   FRAME_ARRAY_FIELD_LIST(DECL_FRAME_ARRAY_ACCESSORS)
 #undef DECL_FRAME_ARRAY_ACCESSORS
 

src/objects/smi.h

@@ -43,12 +43,6 @@ class Smi : public Object {
   // Convert a Smi object to an int.
   static inline int ToInt(const Object object);
 
-  // TODO(3770): Drop this when merging Object and Object.
-  bool ToInt32(int32_t* value) {
-    *value = this->value();
-    return true;
-  }
-
   // Convert a value to a Smi object.
   static inline constexpr Smi FromInt(int value) {
 #if V8_CAN_HAVE_DCHECK_IN_CONSTEXPR

src/roots.h

@@ -514,10 +514,9 @@ class ReadOnlyRoots {
   V8_INLINE explicit ReadOnlyRoots(Heap* heap);
   V8_INLINE explicit ReadOnlyRoots(Isolate* isolate);
 
-// TODO(3770): Drop std::remove_pointer after the migration.
 #define ROOT_ACCESSOR(Type, name, CamelName) \
   V8_INLINE class Type name() const;         \
-  V8_INLINE Handle<std::remove_pointer<Type>::type> name##_handle() const;
+  V8_INLINE Handle<Type> name##_handle() const;
 
   READ_ONLY_ROOT_LIST(ROOT_ACCESSOR)
 #undef ROOT_ACCESSOR

src/runtime/runtime-utils.h

@@ -18,7 +18,7 @@ namespace internal {
 // expected type we crash safely.
 #define CONVERT_ARG_CHECKED(Type, name, index) \
   CHECK(args[index]->Is##Type());              \
-  Type##ArgType name = Type::cast(args[index]);
+  Type name = Type::cast(args[index]);
 
 #define CONVERT_ARG_HANDLE_CHECKED(Type, name, index) \
   CHECK(args[index]->Is##Type());                     \

test/cctest/test-field-type-tracking.cc

@@ -133,8 +133,7 @@ class Expectations {
         constness = PropertyConstness::kMutable;
       }
       if (representation.IsHeapObject() && !FieldType::cast(*value)->IsAny()) {
-        // TODO(3770): Drop extra Handle constructor call after migration.
-        value = Handle<Object>(FieldType::Any(isolate_));
+        value = FieldType::Any(isolate_);
       }
     }
     constnesses_[index] = constness;
@@ -263,8 +262,7 @@ class Expectations {
     CHECK(index < number_of_properties_);
     representations_[index] = Representation::Tagged();
     if (locations_[index] == kField) {
-      // TODO(3770): Drop extra Handle constructor call after migration.
-      values_[index] = Handle<Object>(FieldType::Any(isolate_));
+      values_[index] = FieldType::Any(isolate_);
     }
   }