[ubsan] Port Cell to the new design

Bug: v8:3770
Change-Id: I24169b4564d1bdf544354b964aa22c066bc0da2b
Reviewed-on: https://chromium-review.googlesource.com/c/1380912
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Toon Verwaest <verwaest@chromium.org>
Cr-Commit-Position: refs/heads/master@{#58320}

src/handles.h

@@ -153,8 +153,8 @@ class Handle final : public HandleBase {
           (std::is_same<T, HeapObject>::value &&
            (std::is_same<S, AllocationSite>::value ||
             std::is_same<S, ArrayBoilerplateDescription>::value ||
-            std::is_same<S, ByteArray>::value || std::is_same<S, Code>::value ||
-            std::is_same<S, Context>::value ||
+            std::is_same<S, ByteArray>::value || std::is_same<S, Cell>::value ||
+            std::is_same<S, Code>::value || std::is_same<S, Context>::value ||
             std::is_same<S, DescriptorArray>::value ||
             std::is_same<S, FeedbackCell>::value ||
             std::is_same<S, FeedbackVector>::value ||

src/heap/objects-visiting.h

@@ -38,7 +38,7 @@ class WasmInstanceObject;
   V(BigInt, BigInt)                                                           \
   V(ByteArray, ByteArray)                                                     \
   V(BytecodeArray, BytecodeArray)                                             \
-  V(Cell, Cell*)                                                              \
+  V(Cell, Cell)                                                               \
   V(Code, Code)                                                               \
   V(CodeDataContainer, CodeDataContainer)                                     \
   V(ConsString, ConsString)                                                   \

src/isolate-inl.h

@@ -137,7 +137,7 @@ NATIVE_CONTEXT_FIELDS(NATIVE_CONTEXT_FIELD_ACCESSOR)
 #undef NATIVE_CONTEXT_FIELD_ACCESSOR
 
 bool Isolate::IsArrayConstructorIntact() {
-  Cell* array_constructor_cell = heap()->array_constructor_protector();
+  Cell array_constructor_cell = heap()->array_constructor_protector();
   return array_constructor_cell->value() == Smi::FromInt(kProtectorValid);
 }
 
@@ -178,7 +178,7 @@ bool Isolate::IsPromiseSpeciesLookupChainIntact() {
 }
 
 bool Isolate::IsStringLengthOverflowIntact() {
-  Cell* string_length_cell = heap()->string_length_protector();
+  Cell string_length_cell = heap()->string_length_protector();
   return string_length_cell->value() == Smi::FromInt(kProtectorValid);
 }
 

src/isolate.cc

@@ -3680,7 +3680,7 @@ bool Isolate::IsNoElementsProtectorIntact() {
 }
 
 bool Isolate::IsIsConcatSpreadableLookupChainIntact() {
-  Cell* is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
+  Cell is_concat_spreadable_cell = heap()->is_concat_spreadable_protector();
   bool is_is_concat_spreadable_set =
       Smi::ToInt(is_concat_spreadable_cell->value()) == kProtectorInvalid;
 #ifdef DEBUG
@@ -3723,7 +3723,7 @@ bool Isolate::IsPromiseHookProtectorIntact() {
 }
 
 bool Isolate::IsPromiseResolveLookupChainIntact() {
-  Cell* promise_resolve_cell = heap()->promise_resolve_protector();
+  Cell promise_resolve_cell = heap()->promise_resolve_protector();
   bool is_promise_resolve_protector_intact =
       Smi::ToInt(promise_resolve_cell->value()) == kProtectorValid;
   return is_promise_resolve_protector_intact;

src/objects-printer.cc

@@ -1519,7 +1519,7 @@ void JSGlobalObject::JSGlobalObjectPrint(std::ostream& os) {  // NOLINT
 }
 
 void Cell::CellPrint(std::ostream& os) {  // NOLINT
-  HeapObject::PrintHeader(os, "Cell");
+  PrintHeader(os, "Cell");
   os << "\n - value: " << Brief(value());
   os << "\n";
 }

src/objects.cc

@@ -12963,7 +12963,7 @@ void InvalidateOnePrototypeValidityCellInternal(Map map) {
   Object* maybe_cell = map->prototype_validity_cell();
   if (maybe_cell->IsCell()) {
     // Just set the value; the cell will be replaced lazily.
-    Cell* cell = Cell::cast(maybe_cell);
+    Cell cell = Cell::cast(maybe_cell);
     cell->set_value(Smi::FromInt(Map::kPrototypeChainInvalid));
   }
 }
@@ -13091,7 +13091,7 @@ bool Map::IsPrototypeChainInvalidated(Map map) {
   DCHECK(map->is_prototype_map());
   Object* maybe_cell = map->prototype_validity_cell();
   if (maybe_cell->IsCell()) {
-    Cell* cell = Cell::cast(maybe_cell);
+    Cell cell = Cell::cast(maybe_cell);
     return cell->value() != Smi::FromInt(Map::kPrototypeChainValid);
   }
   return true;

src/objects/cell-inl.h

@@ -15,10 +15,16 @@
 namespace v8 {
 namespace internal {
 
-CAST_ACCESSOR(Cell)
+OBJECT_CONSTRUCTORS_IMPL(Cell, HeapObjectPtr)
+
+CAST_ACCESSOR2(Cell)
 
 ACCESSORS(Cell, value, Object, kValueOffset)
 
+Cell Cell::FromValueAddress(Address value) {
+  return Cell::cast(HeapObject::FromAddress(value - kValueOffset));
+}
+
 }  // namespace internal
 }  // namespace v8
 

src/objects/cell.h

@@ -5,7 +5,7 @@
 #ifndef V8_OBJECTS_CELL_H_
 #define V8_OBJECTS_CELL_H_
 
-#include "src/objects.h"
+#include "src/objects/heap-object.h"
 
 // Has to be the last include (doesn't have include guards):
 #include "src/objects/object-macros.h"
@@ -13,17 +13,14 @@
 namespace v8 {
 namespace internal {
 
-class Cell : public HeapObject {
+class Cell : public HeapObjectPtr {
  public:
   // [value]: value of the cell.
   DECL_ACCESSORS(value, Object)
 
-  DECL_CAST(Cell)
+  DECL_CAST2(Cell)
 
-  static inline Cell* FromValueAddress(Address value) {
-    Object* result = FromAddress(value - kValueOffset);
-    return static_cast<Cell*>(result);
-  }
+  static inline Cell FromValueAddress(Address value);
 
   inline Address ValueAddress() { return address() + kValueOffset; }
 
@@ -38,8 +35,7 @@ class Cell : public HeapObject {
   typedef FixedBodyDescriptor<kValueOffset, kValueOffset + kPointerSize, kSize>
       BodyDescriptor;
 
- private:
-  DISALLOW_IMPLICIT_CONSTRUCTORS(Cell);
+  OBJECT_CONSTRUCTORS(Cell, HeapObjectPtr);
 };
 
 }  // namespace internal

src/objects/map.h

@@ -624,7 +624,7 @@ class Map : public HeapObjectPtr {
   inline int NumberOfOwnDescriptors() const;
   inline void SetNumberOfOwnDescriptors(int number);
 
-  inline Cell* RetrieveDescriptorsPointer();
+  inline Cell RetrieveDescriptorsPointer();
 
   // Checks whether all properties are stored either in the map or on the object
   // (inobject, properties, or elements backing store), requiring no special

src/objects/module.cc

@@ -140,7 +140,7 @@ void Module::CreateExport(Isolate* isolate, Handle<Module> module,
   module->set_exports(*exports);
 }
 
-Cell* Module::GetCell(int cell_index) {
+Cell Module::GetCell(int cell_index) {
   DisallowHeapAllocation no_gc;
   Object* cell;
   switch (ModuleDescriptor::GetCellIndexKind(cell_index)) {

src/objects/module.h

@@ -105,7 +105,7 @@ class Module : public Struct {
   static V8_WARN_UNUSED_RESULT MaybeHandle<Object> Evaluate(
       Isolate* isolate, Handle<Module> module);
 
-  Cell* GetCell(int cell_index);
+  Cell GetCell(int cell_index);
   static Handle<Object> LoadVariable(Isolate* isolate, Handle<Module> module,
                                      int cell_index);
   static void StoreVariable(Handle<Module> module, int cell_index,

src/profiler/heap-snapshot-generator.cc

@@ -1145,7 +1145,7 @@ void V8HeapExplorer::ExtractCodeReferences(HeapEntry* entry, Code code) {
                        Code::kSourcePositionTableOffset);
 }
 
-void V8HeapExplorer::ExtractCellReferences(HeapEntry* entry, Cell* cell) {
+void V8HeapExplorer::ExtractCellReferences(HeapEntry* entry, Cell cell) {
   SetInternalReference(entry, "value", cell->value(), Cell::kValueOffset);
 }
 

src/profiler/heap-snapshot-generator.h

@@ -363,7 +363,7 @@ class V8HeapExplorer : public HeapEntriesAllocator {
                                      AccessorInfo accessor_info);
   void ExtractAccessorPairReferences(HeapEntry* entry, AccessorPair accessors);
   void ExtractCodeReferences(HeapEntry* entry, Code code);
-  void ExtractCellReferences(HeapEntry* entry, Cell* cell);
+  void ExtractCellReferences(HeapEntry* entry, Cell cell);
   void ExtractFeedbackCellReferences(HeapEntry* entry,
                                      FeedbackCell feedback_cell);
   void ExtractPropertyCellReferences(HeapEntry* entry, PropertyCell cell);

src/reloc-info.h

@@ -239,11 +239,6 @@ class RelocInfo {
       WriteBarrierMode write_barrier_mode = UPDATE_WRITE_BARRIER,
       ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
   V8_INLINE Address target_off_heap_target();
-  V8_INLINE Cell* target_cell();
-  V8_INLINE Handle<Cell> target_cell_handle();
-  V8_INLINE void set_target_cell(
-      Cell* cell, WriteBarrierMode write_barrier_mode = UPDATE_WRITE_BARRIER,
-      ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
   V8_INLINE void set_target_external_reference(
       Address, ICacheFlushMode icache_flush_mode = FLUSH_ICACHE_IF_NEEDED);
 

src/roots.h

@@ -234,21 +234,21 @@ class RootVisitor;
   V(Script, empty_script, EmptyScript)                                       \
   V(FeedbackCell, many_closures_cell, ManyClosuresCell)                      \
   V(FeedbackCell, no_feedback_cell, NoFeedbackCell)                          \
-  V(Cell*, invalid_prototype_validity_cell, InvalidPrototypeValidityCell)    \
+  V(Cell, invalid_prototype_validity_cell, InvalidPrototypeValidityCell)     \
   /* Protectors */                                                           \
-  V(Cell*, array_constructor_protector, ArrayConstructorProtector)           \
+  V(Cell, array_constructor_protector, ArrayConstructorProtector)            \
   V(PropertyCell, no_elements_protector, NoElementsProtector)                \
-  V(Cell*, is_concat_spreadable_protector, IsConcatSpreadableProtector)      \
+  V(Cell, is_concat_spreadable_protector, IsConcatSpreadableProtector)       \
   V(PropertyCell, array_species_protector, ArraySpeciesProtector)            \
   V(PropertyCell, typed_array_species_protector, TypedArraySpeciesProtector) \
   V(PropertyCell, regexp_species_protector, RegExpSpeciesProtector)          \
   V(PropertyCell, promise_species_protector, PromiseSpeciesProtector)        \
-  V(Cell*, string_length_protector, StringLengthProtector)                   \
+  V(Cell, string_length_protector, StringLengthProtector)                    \
   V(PropertyCell, array_iterator_protector, ArrayIteratorProtector)          \
   V(PropertyCell, array_buffer_detaching_protector,                          \
     ArrayBufferDetachingProtector)                                           \
   V(PropertyCell, promise_hook_protector, PromiseHookProtector)              \
-  V(Cell*, promise_resolve_protector, PromiseResolveProtector)               \
+  V(Cell, promise_resolve_protector, PromiseResolveProtector)                \
   V(PropertyCell, map_iterator_protector, MapIteratorProtector)              \
   V(PropertyCell, promise_then_protector, PromiseThenProtector)              \
   V(PropertyCell, set_iterator_protector, SetIteratorProtector)              \

src/snapshot/deserializer.cc

@@ -869,7 +869,7 @@ UnalignedSlot Deserializer::ReadDataCase(Isolate* isolate,
         new_object = reinterpret_cast<Object*>(
             Code::cast(new_object)->raw_instruction_start());
       } else {
-        Cell* cell = Cell::cast(new_object);
+        Cell cell = Cell::cast(new_object);
         new_object = reinterpret_cast<Object*>(cell->ValueAddress());
       }
     }