Reland "[runtime] Reset clobbered argument in DefineClass"

This is a reland of 9b5f3985

Reland fixes:
 * Store a Handle instead of a raw pointer in the scope, to make sure
   the saved object stays alive.

Original change's description:
> [runtime] Reset clobbered argument in DefineClass
>
> The caller of DefineClass may not expect its arguments to be mutated, so
> add an arguments mutation scope which resets the argument clobbered by
> DefineClass.
>
> Bug: chromium:1268738
> Change-Id: I03e9cd82535ca1f83353012a92e80f822566e64e
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283077
> Auto-Submit: Leszek Swirski <leszeks@chromium.org>
> Commit-Queue: Igor Sheludko <ishell@chromium.org>
> Reviewed-by: Igor Sheludko <ishell@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#77921}

Bug: chromium:1268738
Change-Id: I934ba2063bf2b0e66a3c42f274419ddd178e4b54
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3289146
Auto-Submit: Leszek Swirski <leszeks@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77945}

src/execution/arguments-inl.h

@@ -14,6 +14,15 @@
 namespace v8 {
 namespace internal {
 
+template <ArgumentsType T>
+Arguments<T>::ChangeValueScope::ChangeValueScope(Isolate* isolate,
+                                                 Arguments* args, int index,
+                                                 Object value)
+    : location_(args->address_of_arg_at(index)) {
+  old_value_ = handle(Object(*location_), isolate);
+  *location_ = value.ptr();
+}
+
 template <ArgumentsType T>
 int Arguments<T>::smi_at(int index) const {
   return Smi::ToInt(Object(*address_of_arg_at(index)));

src/execution/arguments.h

@@ -33,6 +33,18 @@ namespace internal {
 template <ArgumentsType arguments_type>
 class Arguments {
  public:
+  // Scope to temporarily change the value of an argument.
+  class ChangeValueScope {
+   public:
+    inline ChangeValueScope(Isolate* isolate, Arguments* args, int index,
+                            Object value);
+    ~ChangeValueScope() { *location_ = old_value_->ptr(); }
+
+   private:
+    Address* location_;
+    Handle<Object> old_value_;
+  };
+
   Arguments(int length, Address* arguments)
       : length_(length), arguments_(arguments) {
     DCHECK_GE(length_, 0);
@@ -51,10 +63,6 @@ class Arguments {
 
   inline double number_at(int index) const;
 
-  inline void set_at(int index, Object value) {
-    *address_of_arg_at(index) = value.ptr();
-  }
-
   inline FullObjectSlot slot_at(int index) const {
     return FullObjectSlot(address_of_arg_at(index));
   }

src/runtime/runtime-classes.cc

@@ -629,7 +629,12 @@ MaybeHandle<Object> DefineClass(Isolate* isolate,
 
   Handle<JSObject> prototype = CreateClassPrototype(isolate);
   DCHECK_EQ(*constructor, args[ClassBoilerplate::kConstructorArgumentIndex]);
-  args.set_at(ClassBoilerplate::kPrototypeArgumentIndex, *prototype);
+  // Temporarily change ClassBoilerplate::kPrototypeArgumentIndex for the
+  // subsequent calls, but use a scope to make sure to change it back before
+  // returning, to not corrupt the caller's argument frame (in particular, for
+  // the interpreter, to not clobber the register frame).
+  RuntimeArguments::ChangeValueScope set_prototype_value_scope(
+      isolate, &args, ClassBoilerplate::kPrototypeArgumentIndex, *prototype);
 
   if (!InitClassConstructor(isolate, class_boilerplate, constructor_parent,
                             constructor, args) ||