[ext-code-space] Fix improperly created CodeT handles in TurboFan

Bug: v8:11880
Change-Id: Ia86bab21851e8ff2f2317495a9f0e19140b0de2c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2969827
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Auto-Submit: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Georg Neis <neis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#75240}

src/compiler/bytecode-graph-builder.cc

@@ -2283,9 +2283,8 @@ void BytecodeGraphBuilder::VisitCreateClosure() {
           bytecode_iterator().GetFlagOperand(2))
           ? AllocationType::kOld
           : AllocationType::kYoung;
-  Handle<CodeT> compile_lazy =
-      ToCodeT(broker()->local_isolate_or_isolate(),
-              BUILTIN_CODE(jsgraph()->isolate(), CompileLazy));
+  Handle<CodeT> compile_lazy = broker()->CanonicalPersistentHandle(
+      ToCodeT(*BUILTIN_CODE(jsgraph()->isolate(), CompileLazy)));
   const Operator* op = javascript()->CreateClosure(shared_info.object(),
                                                    compile_lazy, allocation);
   Node* closure = NewNode(

src/compiler/js-call-reducer.cc

@@ -843,7 +843,7 @@ class PromiseBuiltinReducerAssembler : public JSCallReducerAssembler {
     Callable const callable =
         Builtins::CallableFor(isolate(), shared.builtin_id());
     Handle<CodeT> code =
-        ToCodeT(broker_->local_isolate_or_isolate(), callable.code());
+        broker_->CanonicalPersistentHandle(ToCodeT(*callable.code()));
     return AddNode<JSFunction>(graph()->NewNode(
         javascript()->CreateClosure(shared.object(), code),
         HeapConstant(feedback_cell), context, effect(), control()));
@@ -6752,7 +6752,7 @@ Node* JSCallReducer::CreateClosureFromBuiltinSharedFunctionInfo(
   Callable const callable =
       Builtins::CallableFor(isolate(), shared.builtin_id());
   Handle<CodeT> code =
-      ToCodeT(broker()->local_isolate_or_isolate(), callable.code());
+      broker()->CanonicalPersistentHandle(ToCodeT(*callable.code()));
   return graph()->NewNode(javascript()->CreateClosure(shared.object(), code),
                           jsgraph()->HeapConstant(feedback_cell), context,
                           effect, control);

src/objects/code-inl.h

@@ -225,22 +225,6 @@ inline CodeT ToCodeT(Code code) {
 #endif
 }
 
-inline Handle<CodeT> ToCodeT(Isolate* isolate, Handle<Code> code) {
-#if V8_EXTERNAL_CODE_SPACE
-  return handle(ToCodeT(*code), isolate);
-#else
-  return code;
-#endif
-}
-
-inline Handle<CodeT> ToCodeT(LocalIsolate* isolate, Handle<Code> code) {
-#if V8_EXTERNAL_CODE_SPACE
-  return handle(ToCodeT(*code), isolate);
-#else
-  return code;
-#endif
-}
-
 inline Code FromCodeT(CodeT code) {
 #if V8_EXTERNAL_CODE_SPACE
   return code.code();

src/objects/code.h

@@ -628,8 +628,6 @@ class Code::OptimizedCodeIterator {
 // Helper functions for converting Code objects to CodeDataContainer and back
 // when V8_EXTERNAL_CODE_SPACE is enabled.
 inline CodeT ToCodeT(Code code);
-inline Handle<CodeT> ToCodeT(Isolate* isolate, Handle<Code> code);
-inline Handle<CodeT> ToCodeT(LocalIsolate* isolate, Handle<Code> code);
 inline Code FromCodeT(CodeT code);
 inline CodeDataContainer CodeDataContainerFromCodeT(CodeT code);