[heap] Don't allocate fillers in sampling profiler

Space::AllocationStep already allocates a filler object at the given
address, so there's no need to do another filler object allocation in
the sampling profiler. In addition, this breaks allocation stepping over
areas that have already been initialized, such as off-thread pages being
merged.

Instead, we replace it with a DCHECK that there is a map at the start of
the allocated chunk, which serves as a proxy for "this area is
iteratable"

Change-Id: Ia0a1375ac83b944cf5631e6bef341805d27b6e96
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2122029
Commit-Queue: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#67230}

src/profiler/sampling-heap-profiler.cc

@@ -74,15 +74,13 @@ SamplingHeapProfiler::~SamplingHeapProfiler() {
 void SamplingHeapProfiler::SampleObject(Address soon_object, size_t size) {
   DisallowHeapAllocation no_allocation;
 
+  // Check if the area is iterable by confirming that it starts with a map.
+  DCHECK((*ObjectSlot(soon_object)).IsMap());
+
   HandleScope scope(isolate_);
   HeapObject heap_object = HeapObject::FromAddress(soon_object);
   Handle<Object> obj(heap_object, isolate_);
 
-  // Mark the new block as FreeSpace to make sure the heap is iterable while we
-  // are taking the sample.
-  heap_->CreateFillerObjectAt(soon_object, static_cast<int>(size),
-                              ClearRecordedSlots::kNo);
-
   Local<v8::Value> loc = v8::Utils::ToLocal(obj);
 
   AllocationNode* node = AddStack();