[ubsan][cleanup] Drop ObjectSlot::load in favor of operator*

Now that we no longer have ObjectPtr and Object* return types,
one way to load the slot's contents is enough.

Bug: v8:3770
Change-Id: I5acaeed22e68595b0e0ba036fcc4ac3d15c57462
Reviewed-on: https://chromium-review.googlesource.com/c/1400416
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58678}

src/deoptimizer.cc

@@ -2911,10 +2911,9 @@ Address TranslatedState::ComputeArgumentsPosition(Address input_frame_pointer,
   if (parent_frame_type ==
       StackFrame::TypeToMarker(StackFrame::ARGUMENTS_ADAPTOR)) {
     if (length)
-      *length = Smi::cast(FullObjectSlot(
+      *length = Smi::cast(*FullObjectSlot(
                               parent_frame_pointer +
-                              ArgumentsAdaptorFrameConstants::kLengthOffset)
-                              .load())
+                              ArgumentsAdaptorFrameConstants::kLengthOffset))
                     ->value();
     arguments_frame = parent_frame_pointer;
   } else {
@@ -2972,8 +2971,7 @@ void TranslatedState::CreateArgumentsElementsTranslatedValues(
     Address argument_slot = arguments_frame +
                             CommonFrameConstants::kFixedFrameSizeAboveFp +
                             i * kPointerSize;
-    frame.Add(
-        TranslatedValue::NewTagged(this, FullObjectSlot(argument_slot).load()));
+    frame.Add(TranslatedValue::NewTagged(this, *FullObjectSlot(argument_slot)));
   }
 }
 

src/handles-inl.h

@@ -25,7 +25,7 @@ Handle<T> Handle<T>::New(T object, Isolate* isolate) {
 template <typename T>
 template <typename S>
 const Handle<T> Handle<T>::cast(Handle<S> that) {
-  T::cast(FullObjectSlot(that.location()).load());
+  T::cast(*FullObjectSlot(that.location()));
   return Handle<T>(that.location_);
 }
 

src/heap/heap.cc

@@ -5074,7 +5074,7 @@ class UnreachableObjectsFilter : public HeapObjectsFilter {
     V8_INLINE void MarkPointersImpl(TSlot start, TSlot end) {
       // Treat weak references as strong.
       for (TSlot p = start; p < end; ++p) {
-        typename TSlot::TObject object = p.load();
+        typename TSlot::TObject object = *p;
         HeapObject heap_object;
         if (object.GetHeapObject(&heap_object)) {
           MarkHeapObject(heap_object);
@@ -5434,7 +5434,7 @@ void VerifyPointersVisitor::VerifyHeapObjectImpl(HeapObject heap_object) {
 template <typename TSlot>
 void VerifyPointersVisitor::VerifyPointersImpl(TSlot start, TSlot end) {
   for (TSlot slot = start; slot < end; ++slot) {
-    typename TSlot::TObject object = slot.load();
+    typename TSlot::TObject object = *slot;
     HeapObject heap_object;
     if (object.GetHeapObject(&heap_object)) {
       VerifyHeapObjectImpl(heap_object);

src/heap/mark-compact-inl.h

@@ -279,7 +279,7 @@ void MarkingVisitor<fixed_array_mode, retaining_path_mode,
   static_assert(std::is_same<TSlot, ObjectSlot>::value ||
                     std::is_same<TSlot, MaybeObjectSlot>::value,
                 "Only ObjectSlot and MaybeObjectSlot are expected here");
-  typename TSlot::TObject object = slot.load();
+  typename TSlot::TObject object = *slot;
   HeapObject target_object;
   if (object.GetHeapObjectIfStrong(&target_object)) {
     collector_->RecordSlot(host, HeapObjectSlot(slot), target_object);

src/heap/mark-compact.cc

@@ -224,7 +224,7 @@ class FullMarkingVerifier : public MarkingVerifier {
   template <typename TSlot>
   V8_INLINE void VerifyPointersImpl(TSlot start, TSlot end) {
     for (TSlot slot = start; slot < end; ++slot) {
-      typename TSlot::TObject object = slot.load();
+      typename TSlot::TObject object = *slot;
       HeapObject heap_object;
       if (object.GetHeapObjectIfStrong(&heap_object)) {
         VerifyHeapObjectImpl(heap_object);
@@ -329,7 +329,7 @@ class FullEvacuationVerifier : public EvacuationVerifier {
   template <typename TSlot>
   void VerifyPointersImpl(TSlot start, TSlot end) {
     for (TSlot current = start; current < end; ++current) {
-      typename TSlot::TObject object = current.load();
+      typename TSlot::TObject object = *current;
       HeapObject heap_object;
       if (object.GetHeapObjectIfStrong(&heap_object)) {
         VerifyHeapObjectImpl(heap_object);
@@ -2469,7 +2469,7 @@ static inline SlotCallbackResult UpdateSlot(TSlot slot) {
 
 template <AccessMode access_mode, typename TSlot>
 static inline SlotCallbackResult UpdateStrongSlot(TSlot slot) {
-  DCHECK(!HasWeakHeapObjectTag(slot.load().ptr()));
+  DCHECK(!HasWeakHeapObjectTag((*slot).ptr()));
   typename TSlot::TObject obj = slot.Relaxed_Load();
   HeapObject heap_obj;
   if (obj.GetHeapObject(&heap_obj)) {
@@ -3235,7 +3235,7 @@ class RememberedSetUpdatingItem : public UpdatingItem {
         "Only FullMaybeObjectSlot and MaybeObjectSlot are expected here");
     using THeapObjectSlot = typename TSlot::THeapObjectSlot;
     HeapObject heap_object;
-    if (!slot.load().GetHeapObject(&heap_object)) {
+    if (!(*slot).GetHeapObject(&heap_object)) {
       return REMOVE_SLOT;
     }
     if (Heap::InFromSpace(heap_object)) {
@@ -3244,7 +3244,7 @@ class RememberedSetUpdatingItem : public UpdatingItem {
         HeapObjectReference::Update(THeapObjectSlot(slot),
                                     map_word.ToForwardingAddress());
       }
-      bool success = slot.load().GetHeapObject(&heap_object);
+      bool success = (*slot).GetHeapObject(&heap_object);
       USE(success);
       DCHECK(success);
       // If the object was in from space before and is after executing the
@@ -3813,7 +3813,7 @@ class YoungGenerationMarkingVerifier : public MarkingVerifier {
   template <typename TSlot>
   V8_INLINE void VerifyPointersImpl(TSlot start, TSlot end) {
     for (TSlot slot = start; slot < end; ++slot) {
-      typename TSlot::TObject object = slot.load();
+      typename TSlot::TObject object = *slot;
       HeapObject heap_object;
       // Minor MC treats weak references as strong.
       if (object.GetHeapObject(&heap_object)) {
@@ -3846,7 +3846,7 @@ class YoungGenerationEvacuationVerifier : public EvacuationVerifier {
   template <typename TSlot>
   void VerifyPointersImpl(TSlot start, TSlot end) {
     for (TSlot current = start; current < end; ++current) {
-      typename TSlot::TObject object = current.load();
+      typename TSlot::TObject object = *current;
       HeapObject heap_object;
       if (object.GetHeapObject(&heap_object)) {
         VerifyHeapObjectImpl(heap_object);
@@ -3942,7 +3942,7 @@ class YoungGenerationMarkingVisitor final
 
   template <typename TSlot>
   V8_INLINE void VisitPointerImpl(HeapObject host, TSlot slot) {
-    typename TSlot::TObject target = slot.load();
+    typename TSlot::TObject target = *slot;
     if (Heap::InNewSpace(target)) {
       // Treat weak references as strong.
       // TODO(marja): Proper weakness handling for minor-mcs.
@@ -4503,7 +4503,7 @@ class PageMarkingItem : public MarkingItem {
         std::is_same<TSlot, FullMaybeObjectSlot>::value ||
             std::is_same<TSlot, MaybeObjectSlot>::value,
         "Only FullMaybeObjectSlot and MaybeObjectSlot are expected here");
-    MaybeObject object = slot.load();
+    MaybeObject object = *slot;
     if (Heap::InNewSpace(object)) {
       // Marking happens before flipping the young generation, so the object
       // has to be in ToSpace.

src/heap/scavenger-inl.h

@@ -488,7 +488,7 @@ template <typename TSlot>
 void ScavengeVisitor::VisitPointersImpl(HeapObject host, TSlot start,
                                         TSlot end) {
   for (TSlot slot = start; slot < end; ++slot) {
-    typename TSlot::TObject object = slot.load();
+    typename TSlot::TObject object = *slot;
     HeapObject heap_object;
     // Treat weak references as strong.
     if (object.GetHeapObject(&heap_object)) {

src/heap/scavenger.cc

@@ -102,7 +102,7 @@ class IterateAndScavengePromotedObjectsVisitor final : public ObjectVisitor {
     // Treat weak references as strong.
     // TODO(marja): Proper weakness handling in the young generation.
     for (TSlot slot = start; slot < end; ++slot) {
-      typename TSlot::TObject object = slot.load();
+      typename TSlot::TObject object = *slot;
       HeapObject heap_object;
       if (object.GetHeapObject(&heap_object)) {
         HandleSlot(host, THeapObjectSlot(slot), heap_object);

src/heap/spaces.cc

@@ -2199,8 +2199,9 @@ LinearAllocationArea LocalAllocationBuffer::Close() {
 }
 
 LocalAllocationBuffer::LocalAllocationBuffer(
-    Heap* heap, LinearAllocationArea allocation_info)
-    : heap_(heap), allocation_info_(allocation_info) {
+    Heap* heap, LinearAllocationArea allocation_info) V8_NOEXCEPT
+    : heap_(heap),
+      allocation_info_(allocation_info) {
   if (IsValid()) {
     heap_->CreateFillerObjectAt(
         allocation_info_.top(),
@@ -2864,10 +2865,10 @@ void FreeListCategory::RepairFreeList(Heap* heap) {
   FreeSpace n = top();
   while (!n.is_null()) {
     MapWordSlot map_location = n.map_slot();
-    // We can't use .is_null() here because ObjectSlot.load() returns an
+    // We can't use .is_null() here because *map_location returns an
     // Object (for which "is null" is not defined, as it would be
     // indistinguishable from "is Smi(0)"). Only HeapObject has "is_null()".
-    if (map_location.load() == Map()) {
+    if (*map_location == Map()) {
       map_location.store(ReadOnlyRoots(heap).free_space_map());
     } else {
       DCHECK(*map_location == ReadOnlyRoots(heap).free_space_map());
@@ -3078,7 +3079,7 @@ size_t FreeListCategory::SumFreeList() {
   while (!cur.is_null()) {
     // We can't use "cur->map()" here because both cur's map and the
     // root can be null during bootstrapping.
-    DCHECK_EQ(cur->map_slot().load(),
+    DCHECK_EQ(*cur->map_slot(),
               page()->heap()->isolate()->root(RootIndex::kFreeSpaceMap));
     sum += cur->relaxed_read_size();
     cur = cur->next();

src/heap/spaces.h

@@ -1999,7 +1999,8 @@ class LocalAllocationBuffer {
   LinearAllocationArea Close();
 
  private:
-  LocalAllocationBuffer(Heap* heap, LinearAllocationArea allocation_info);
+  LocalAllocationBuffer(Heap* heap,
+                        LinearAllocationArea allocation_info) V8_NOEXCEPT;
 
   Heap* heap_;
   LinearAllocationArea allocation_info_;

src/objects/slots-inl.h

@@ -33,8 +33,6 @@ bool FullObjectSlot::contains_value(Address raw_value) const {
 
 Object FullObjectSlot::operator*() const { return Object(*location()); }
 
-Object FullObjectSlot::load() const { return Object(*location()); }
-
 void FullObjectSlot::store(Object value) const { *location() = value->ptr(); }
 
 Object FullObjectSlot::Acquire_Load() const {
@@ -67,10 +65,6 @@ MaybeObject FullMaybeObjectSlot::operator*() const {
   return MaybeObject(*location());
 }
 
-MaybeObject FullMaybeObjectSlot::load() const {
-  return MaybeObject(*location());
-}
-
 void FullMaybeObjectSlot::store(MaybeObject value) const {
   *location() = value.ptr();
 }

src/objects/slots.h

@@ -111,8 +111,6 @@ class FullObjectSlot
   inline bool contains_value(Address raw_value) const;
 
   inline Object operator*() const;
-  // TODO(3770): drop this in favor of operator* once migration is complete.
-  inline Object load() const;
   inline void store(Object value) const;
 
   inline Object Acquire_Load() const;
@@ -144,8 +142,6 @@ class FullMaybeObjectSlot
       : SlotBase(slot.address()) {}
 
   inline MaybeObject operator*() const;
-  // TODO(3770): drop this once ObjectSlot::load() is dropped.
-  inline MaybeObject load() const;
   inline void store(MaybeObject value) const;
 
   inline MaybeObject Relaxed_Load() const;

src/ptr-compr-inl.h

@@ -103,11 +103,6 @@ Object CompressedObjectSlot::operator*() const {
   return Object(DecompressTaggedAny(address(), value));
 }
 
-Object CompressedObjectSlot::load() const {
-  Tagged_t value = *location();
-  return Object(DecompressTaggedAny(address(), value));
-}
-
 void CompressedObjectSlot::store(Object value) const {
   *location() = CompressTagged(value->ptr());
 }
@@ -155,11 +150,6 @@ Object CompressedMapWordSlot::operator*() const {
   return Object(DecompressTaggedPointer(address(), value));
 }
 
-Object CompressedMapWordSlot::load() const {
-  Tagged_t value = *location();
-  return Object(DecompressTaggedPointer(address(), value));
-}
-
 void CompressedMapWordSlot::store(Object value) const {
   *location() = CompressTagged(value.ptr());
 }
@@ -202,11 +192,6 @@ MaybeObject CompressedMaybeObjectSlot::operator*() const {
   return MaybeObject(DecompressTaggedAny(address(), value));
 }
 
-MaybeObject CompressedMaybeObjectSlot::load() const {
-  Tagged_t value = *location();
-  return MaybeObject(DecompressTaggedAny(address(), value));
-}
-
 void CompressedMaybeObjectSlot::store(MaybeObject value) const {
   *location() = CompressTagged(value->ptr());
 }

src/ptr-compr.h

@@ -41,8 +41,6 @@ class CompressedObjectSlot
       : SlotBase(slot.address()) {}
 
   inline Object operator*() const;
-  // TODO(3770): drop this in favor of operator* once migration is complete.
-  inline Object load() const;
   inline void store(Object value) const;
 
   inline Object Acquire_Load() const;
@@ -74,7 +72,6 @@ class CompressedMapWordSlot
   inline bool contains_value(Address raw_value) const;
 
   inline Object operator*() const;
-  inline Object load() const;
   inline void store(Object value) const;
 
   inline Object Relaxed_Load() const;
@@ -107,8 +104,6 @@ class CompressedMaybeObjectSlot
       : SlotBase(slot.address()) {}
 
   inline MaybeObject operator*() const;
-  // TODO(3770): drop this once ObjectSlot::load() is dropped.
-  inline MaybeObject load() const;
   inline void store(MaybeObject value) const;
 
   inline MaybeObject Relaxed_Load() const;