[heap] Fix updating slots in global handles

Upon Scavenge, nodes may generally be reclaimed or updated. This logic
did not consider the fact that objects may be Smis and thus should be
ignored.

Bug: v8:1341111
Change-Id: I62f68e673377a895d3487ec9d372001342e77e8a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3740722Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#81492}

src/heap/scavenger.cc

@@ -268,16 +268,18 @@ class GlobalHandlesWeakRootsUpdatingVisitor final : public RootVisitor {
 
  private:
   void UpdatePointer(FullObjectSlot p) {
-    HeapObject object = HeapObject::cast(*p);
+    Object object = *p;
     DCHECK(!HasWeakHeapObjectTag(object));
     // The object may be in the old generation as global handles over
-    // approximates the list of young nodes.
+    // approximates the list of young nodes. This checks also bails out for
+    // Smis.
     if (!Heap::InYoungGeneration(object)) return;
 
+    HeapObject heap_object = HeapObject::cast(object);
     // TODO(chromium:1336158): Turn the following CHECKs into DCHECKs after
     // flushing out potential issues.
-    CHECK(Heap::InFromPage(object));
-    MapWord first_word = object.map_word(kRelaxedLoad);
+    CHECK(Heap::InFromPage(heap_object));
+    MapWord first_word = heap_object.map_word(kRelaxedLoad);
     CHECK(first_word.IsForwardingAddress());
     HeapObject dest = first_word.ToForwardingAddress();
     HeapObjectReference::Update(FullHeapObjectSlot(p), dest);