[ext-code-space] Fix code range allocation logic

Previously the code range could be allocated close but still outside
of the "short builtins call" region which would enforce copying of
builtins blob into the code range.
This CL ensures that the calculated hint address takes the required
base alignment into account and thus allocates the core range inside
of preferred region (see Isolate::GetShortBuiltinsCallRegion()).

Bug: v8:11880
Change-Id: I3cbd6a81501efd420063b963a8c4b5c328ae0785
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3283065Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#77919}

src/heap/code-range.cc

@@ -124,8 +124,16 @@ bool CodeRange::InitReservation(v8::PageAllocator* page_allocator,
           : VirtualMemoryCage::ReservationParams::kAnyBaseAlignment;
   params.base_bias_size = RoundUp(reserved_area, allocate_page_size);
   params.page_size = MemoryChunk::kPageSize;
+  // V8_EXTERNAL_CODE_SPACE imposes additional alignment requirement for the
+  // base address, so make sure the hint calculation function takes that into
+  // account. Otherwise the allocated reservation might be outside of the
+  // preferred region (see Isolate::GetShortBuiltinsCallRegion()).
+  const size_t hint_alignment =
+      V8_EXTERNAL_CODE_SPACE_BOOL
+          ? RoundUp(params.base_alignment, allocate_page_size)
+          : allocate_page_size;
   params.requested_start_hint =
-      GetCodeRangeAddressHint()->GetAddressHint(requested, allocate_page_size);
+      GetCodeRangeAddressHint()->GetAddressHint(requested, hint_alignment);
 
   if (!VirtualMemoryCage::InitReservation(params)) return false;