[ubsan] Port BytecodeArray to the new design

Bug: v8:3770 Change-Id: If5328a4c63d8efe0ce7a0c5a744666c79c02e1ee Reviewed-on: https://chromium-review.googlesource.com/c/1345912 Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Reviewed-by: Hannes Payer <hpayer@chromium.org> Reviewed-by: Benedikt Meurer <bmeurer@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#57804}
2018-11-24 01:49:54 -08:00 · 2018-11-24 01:49:54 -08:00 · 2bec913886
commit 2bec913886
parent 4ff869ed3c
29 changed files with 70 additions and 61 deletions
--- a/src/compiler/js-heap-broker.cc
+++ b/src/compiler/js-heap-broker.cc
@ -1020,7 +1020,9 @@ class BytecodeArrayData : public FixedArrayBaseData {

  BytecodeArrayData(JSHeapBroker* broker, ObjectData** storage,
                    Handle<BytecodeArray> object)
-      : FixedArrayBaseData(broker, storage, object),
+      // TODO(3770): Drop explicit cast after migrating FixedArrayBase*.
+      : FixedArrayBaseData(broker, storage,
+                           Handle<FixedArrayBase>(object.location())),
        register_count_(object->register_count()) {}

 private:
--- a/src/debug/debug.cc
+++ b/src/debug/debug.cc
@ -249,7 +249,7 @@ void BreakIterator::Next() {
 }

 DebugBreakType BreakIterator::GetDebugBreakType() {
-  BytecodeArray* bytecode_array = debug_info_->OriginalBytecodeArray();
+  BytecodeArray bytecode_array = debug_info_->OriginalBytecodeArray();
  interpreter::Bytecode bytecode =
      interpreter::Bytecodes::FromByte(bytecode_array->get(code_offset()));

@ -294,8 +294,8 @@ void BreakIterator::ClearDebugBreak() {
  DebugBreakType debug_break_type = GetDebugBreakType();
  if (debug_break_type == DEBUGGER_STATEMENT) return;
  DCHECK(debug_break_type >= DEBUG_BREAK_SLOT);
-  BytecodeArray* bytecode_array = debug_info_->DebugBytecodeArray();
-  BytecodeArray* original = debug_info_->OriginalBytecodeArray();
+  BytecodeArray bytecode_array = debug_info_->DebugBytecodeArray();
+  BytecodeArray original = debug_info_->OriginalBytecodeArray();
  bytecode_array->set(code_offset(), original->get(code_offset()));
 }

@ -310,7 +310,7 @@ BreakLocation BreakIterator::GetBreakLocation() {
    // index that holds the generator object by reading it directly off the
    // bytecode array, and we'll read the actual generator object off the
    // interpreter stack frame in GetGeneratorObjectForSuspendedFrame.
-    BytecodeArray* bytecode_array = debug_info_->OriginalBytecodeArray();
+    BytecodeArray bytecode_array = debug_info_->OriginalBytecodeArray();
    interpreter::BytecodeArrayAccessor accessor(
        handle(bytecode_array, isolate()), code_offset());

@ -1151,7 +1151,7 @@ class RedirectActiveFunctions : public ThreadVisitor {
      if (function->shared() != shared_) continue;
      InterpretedFrame* interpreted_frame =
          reinterpret_cast<InterpretedFrame*>(frame);
-      BytecodeArray* debug_copy = shared_->GetDebugInfo()->DebugBytecodeArray();
+      BytecodeArray debug_copy = shared_->GetDebugInfo()->DebugBytecodeArray();
      interpreted_frame->PatchBytecodeArray(debug_copy);
    }
  }
@ -2243,7 +2243,7 @@ bool Debug::PerformSideEffectCheckAtBytecode(InterpretedFrame* frame) {

  DCHECK_EQ(isolate_->debug_execution_mode(), DebugInfo::kSideEffects);
  SharedFunctionInfo* shared = frame->function()->shared();
-  BytecodeArray* bytecode_array = shared->GetBytecodeArray();
+  BytecodeArray bytecode_array = shared->GetBytecodeArray();
  int offset = frame->GetBytecodeOffset();
  interpreter::BytecodeArrayAccessor bytecode_accessor(
      handle(bytecode_array, isolate_), offset);
--- a/src/frames.cc
+++ b/src/frames.cc
@ -1688,7 +1688,7 @@ void InterpretedFrame::PatchBytecodeOffset(int new_offset) {
  SetExpression(index, Smi::FromInt(raw_offset));
 }

-BytecodeArray* InterpretedFrame::GetBytecodeArray() const {
+BytecodeArray InterpretedFrame::GetBytecodeArray() const {
  const int index = InterpreterFrameConstants::kBytecodeArrayExpressionIndex;
  DCHECK_EQ(
      InterpreterFrameConstants::kBytecodeArrayFromFp,
@ -1696,7 +1696,7 @@ BytecodeArray* InterpretedFrame::GetBytecodeArray() const {
  return BytecodeArray::cast(GetExpression(index));
 }

-void InterpretedFrame::PatchBytecodeArray(BytecodeArray* bytecode_array) {
+void InterpretedFrame::PatchBytecodeArray(BytecodeArray bytecode_array) {
  const int index = InterpreterFrameConstants::kBytecodeArrayExpressionIndex;
  DCHECK_EQ(
      InterpreterFrameConstants::kBytecodeArrayFromFp,
@ -1987,11 +1987,12 @@ void JavaScriptFrame::Print(StringStream* accumulator,
    if (is_interpreted()) {
      const InterpretedFrame* iframe =
          reinterpret_cast<const InterpretedFrame*>(this);
-      BytecodeArray* bytecodes = iframe->GetBytecodeArray();
+      BytecodeArray bytecodes = iframe->GetBytecodeArray();
      int offset = iframe->GetBytecodeOffset();
      int source_pos = AbstractCode::cast(bytecodes)->SourcePosition(offset);
      int line = script->GetLineNumber(source_pos) + 1;
-      accumulator->Add(":%d] [bytecode=%p offset=%d]", line, bytecodes, offset);
+      accumulator->Add(":%d] [bytecode=%p offset=%d]", line,
+                       reinterpret_cast<void*>(bytecodes.ptr()), offset);
    } else {
      int function_start_pos = shared->StartPosition();
      int line = script->GetLineNumber(function_start_pos) + 1;
--- a/src/frames.h
+++ b/src/frames.h
@ -848,11 +848,11 @@ class InterpretedFrame : public JavaScriptFrame {
  void PatchBytecodeOffset(int new_offset);

  // Returns the frame's current bytecode array.
-  BytecodeArray* GetBytecodeArray() const;
+  BytecodeArray GetBytecodeArray() const;

  // Updates the frame's BytecodeArray with |bytecode_array|. Used by the
  // debugger to swap execution onto a BytecodeArray patched with breakpoints.
-  void PatchBytecodeArray(BytecodeArray* bytecode_array);
+  void PatchBytecodeArray(BytecodeArray bytecode_array);

  // Access to the interpreter register file for this frame.
  Object* ReadInterpreterRegister(int register_index) const;
--- a/src/handler-table.cc
+++ b/src/handler-table.cc
@ -16,7 +16,7 @@ namespace internal {
 HandlerTable::HandlerTable(Code code)
    : HandlerTable(code->InstructionStart(), code->handler_table_offset()) {}

-HandlerTable::HandlerTable(BytecodeArray* bytecode_array)
+HandlerTable::HandlerTable(BytecodeArray bytecode_array)
    : HandlerTable(bytecode_array->handler_table()) {}

 HandlerTable::HandlerTable(ByteArray byte_array)
--- a/src/handler-table.h
+++ b/src/handler-table.h
@ -48,7 +48,7 @@ class V8_EXPORT_PRIVATE HandlerTable {
  // Constructors for the various encodings.
  explicit HandlerTable(Code code);
  explicit HandlerTable(ByteArray byte_array);
-  explicit HandlerTable(BytecodeArray* bytecode_array);
+  explicit HandlerTable(BytecodeArray bytecode_array);
  explicit HandlerTable(Address instruction_start, size_t handler_table_offset);

  // Getters for handler table based on ranges.
--- a/src/heap/concurrent-marking.cc
+++ b/src/heap/concurrent-marking.cc
@ -302,7 +302,7 @@ class ConcurrentMarkingVisitor final
  // Side-effectful visitation.
  // ===========================================================================

-  int VisitBytecodeArray(Map map, BytecodeArray* object) {
+  int VisitBytecodeArray(Map map, BytecodeArray object) {
    if (!ShouldVisit(object)) return 0;
    int size = BytecodeArray::BodyDescriptor::SizeOf(map, object);
    VisitMapPointer(object, object->map_slot());
--- a/src/heap/mark-compact-inl.h
+++ b/src/heap/mark-compact-inl.h
@ -51,7 +51,7 @@ template <FixedArrayVisitationMode fixed_array_mode,
          TraceRetainingPathMode retaining_path_mode, typename MarkingState>
 int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                   MarkingState>::VisitBytecodeArray(Map map,
-                                                     BytecodeArray* array) {
+                                                     BytecodeArray array) {
  int size = BytecodeArray::BodyDescriptor::SizeOf(map, array);
  BytecodeArray::BodyDescriptor::IterateBody(map, array, size, this);
  array->MakeOlder();
--- a/src/heap/mark-compact.h
+++ b/src/heap/mark-compact.h
@ -923,7 +923,7 @@ class MarkingVisitor final

  V8_INLINE bool ShouldVisitMapPointer() { return false; }

-  V8_INLINE int VisitBytecodeArray(Map map, BytecodeArray* object);
+  V8_INLINE int VisitBytecodeArray(Map map, BytecodeArray object);
  V8_INLINE int VisitEphemeronHashTable(Map map, EphemeronHashTable object);
  V8_INLINE int VisitFixedArray(Map map, FixedArray* object);
  V8_INLINE int VisitJSApiObject(Map map, JSObject* object);
--- a/src/heap/object-stats.cc
+++ b/src/heap/object-stats.cc
@ -375,7 +375,7 @@ class ObjectStatsCollectorImpl {

  // Details.
  void RecordVirtualAllocationSiteDetails(AllocationSite* site);
-  void RecordVirtualBytecodeArrayDetails(BytecodeArray* bytecode);
+  void RecordVirtualBytecodeArrayDetails(BytecodeArray bytecode);
  void RecordVirtualCodeDetails(Code code);
  void RecordVirtualContext(Context context);
  void RecordVirtualFeedbackVectorDetails(FeedbackVector* vector);
@ -877,7 +877,7 @@ void ObjectStatsCollectorImpl::
 }

 void ObjectStatsCollectorImpl::RecordVirtualBytecodeArrayDetails(
-    BytecodeArray* bytecode) {
+    BytecodeArray bytecode) {
  RecordSimpleVirtualObjectStats(
      bytecode, bytecode->constant_pool(),
      ObjectStats::BYTECODE_ARRAY_CONSTANT_POOL_TYPE);
--- a/src/heap/objects-visiting.h
+++ b/src/heap/objects-visiting.h
@ -36,7 +36,7 @@ class WasmInstanceObject;
  V(AllocationSite, AllocationSite*)                                           \
  V(BigInt, BigInt*)                                                           \
  V(ByteArray, ByteArray)                                                      \
-  V(BytecodeArray, BytecodeArray*)                                             \
+  V(BytecodeArray, BytecodeArray)                                              \
  V(Cell, Cell*)                                                               \
  V(Code, Code)                                                                \
  V(CodeDataContainer, CodeDataContainer*)                                     \
@ -137,7 +137,7 @@ class NewSpaceVisitor : public HeapVisitor<int, ConcreteVisitor> {
  V8_INLINE int VisitNativeContext(Map map, NativeContext object);
  V8_INLINE int VisitJSApiObject(Map map, JSObject* object);

-  int VisitBytecodeArray(Map map, BytecodeArray* object) {
+  int VisitBytecodeArray(Map map, BytecodeArray object) {
    UNREACHABLE();
    return 0;
  }
--- a/src/isolate.cc
+++ b/src/isolate.cc
@ -995,8 +995,7 @@ Address Isolate::GetAbstractPC(int* line, int* column) {
  if (frame->is_interpreted()) {
    InterpretedFrame* iframe = static_cast<InterpretedFrame*>(frame);
    Address bytecode_start =
-        reinterpret_cast<Address>(iframe->GetBytecodeArray()) - kHeapObjectTag +
-        BytecodeArray::kHeaderSize;
+        iframe->GetBytecodeArray()->GetFirstBytecodeAddress();
    return bytecode_start + iframe->GetBytecodeOffset();
  }

--- a/src/objects-debug.cc
+++ b/src/objects-debug.cc
@ -459,6 +459,10 @@ void HeapObject::VerifyHeapPointer(Isolate* isolate, Object* p) {
  CHECK(isolate->heap()->Contains(ho));
 }

+void HeapObjectPtr::VerifyHeapPointer(Isolate* isolate, Object* p) {
+  HeapObject::VerifyHeapPointer(isolate, p);
+}
+
 void Symbol::SymbolVerify(Isolate* isolate) {
  CHECK(IsSymbol());
  CHECK(HasHashCode());
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@ -1592,7 +1592,7 @@ int HeapObject::SizeFromMap(Map map) const {
  }
  if (instance_type == BYTECODE_ARRAY_TYPE) {
    return BytecodeArray::SizeFor(
-        reinterpret_cast<const BytecodeArray*>(this)->synchronized_length());
+        BytecodeArray::unchecked_cast(this)->synchronized_length());
  }
  if (instance_type == FREE_SPACE_TYPE) {
    return reinterpret_cast<const FreeSpace*>(this)->relaxed_read_size();
--- a/src/objects-printer.cc
+++ b/src/objects-printer.cc
@ -455,7 +455,7 @@ void ByteArray::ByteArrayPrint(std::ostream& os) {  // NOLINT
 }

 void BytecodeArray::BytecodeArrayPrint(std::ostream& os) {  // NOLINT
-  HeapObject::PrintHeader(os, "BytecodeArray");
+  PrintHeader(os, "BytecodeArray");
  Disassemble(os);
 }

--- a/src/objects.cc
+++ b/src/objects.cc
@ -15266,8 +15266,8 @@ void BytecodeArray::Disassemble(std::ostream& os) {

  // Storage for backing the handle passed to the iterator. This handle won't be
  // updated by the gc, but that's ok because we've disallowed GCs anyway.
-  BytecodeArray* handle_storage = this;
-  Handle<BytecodeArray> handle(&handle_storage);
+  BytecodeArray handle_storage = *this;
+  Handle<BytecodeArray> handle(reinterpret_cast<Address*>(&handle_storage));
  interpreter::BytecodeArrayIterator iterator(handle);
  while (!iterator.done()) {
    if (!source_positions.done() &&
@ -15315,14 +15315,14 @@ void BytecodeArray::Disassemble(std::ostream& os) {
  os << "Handler Table (size = " << handler_table()->length() << ")\n";
 #ifdef ENABLE_DISASSEMBLER
  if (handler_table()->length() > 0) {
-    HandlerTable table(this);
+    HandlerTable table(*this);
    table.HandlerTableRangePrint(os);
  }
 #endif
 }

-void BytecodeArray::CopyBytecodesTo(BytecodeArray* to) {
-  BytecodeArray* from = this;
+void BytecodeArray::CopyBytecodesTo(BytecodeArray to) {
+  BytecodeArray from = *this;
  DCHECK_EQ(from->length(), to->length());
  CopyBytes(reinterpret_cast<byte*>(to->GetFirstBytecodeAddress()),
            reinterpret_cast<byte*>(from->GetFirstBytecodeAddress()),
--- a/src/objects/code-inl.h
+++ b/src/objects/code-inl.h
@ -22,9 +22,10 @@ namespace v8 {
 namespace internal {

 OBJECT_CONSTRUCTORS_IMPL(DeoptimizationData, FixedArrayPtr)
+OBJECT_CONSTRUCTORS_IMPL(BytecodeArray, FixedArrayBasePtr)

 CAST_ACCESSOR(AbstractCode)
-CAST_ACCESSOR(BytecodeArray)
+CAST_ACCESSOR2(BytecodeArray)
 CAST_ACCESSOR2(Code)
 CAST_ACCESSOR(CodeDataContainer)
 CAST_ACCESSOR(DependentCode)
@ -137,7 +138,7 @@ AbstractCode::Kind AbstractCode::kind() {

 Code AbstractCode::GetCode() { return Code::cast(this); }

-BytecodeArray* AbstractCode::GetBytecodeArray() {
+BytecodeArray AbstractCode::GetBytecodeArray() {
  return BytecodeArray::cast(this);
 }

@ -742,7 +743,7 @@ void BytecodeArray::clear_padding() {
 }

 Address BytecodeArray::GetFirstBytecodeAddress() {
-  return reinterpret_cast<Address>(this) - kHeapObjectTag + kHeaderSize;
+  return ptr() - kHeapObjectTag + kHeaderSize;
 }

 ByteArray BytecodeArray::SourcePositionTable() {
--- a/src/objects/code.h
+++ b/src/objects/code.h
@ -563,7 +563,7 @@ class AbstractCode : public HeapObject, public NeverReadOnlySpaceObject {

  DECL_CAST(AbstractCode)
  inline Code GetCode();
-  inline BytecodeArray* GetBytecodeArray();
+  inline BytecodeArray GetBytecodeArray();

  // Max loop nesting marker used to postpose OSR. We don't take loop
  // nesting that is deeper than 5 levels into account.
@ -680,7 +680,7 @@ class DependentCode : public WeakFixedArray {
 };

 // BytecodeArray represents a sequence of interpreter bytecodes.
-class BytecodeArray : public FixedArrayBase {
+class BytecodeArray : public FixedArrayBasePtr {
 public:
  enum Age {
    kNoAgeBytecodeAge = 0,
@ -750,7 +750,7 @@ class BytecodeArray : public FixedArrayBase {
  inline ByteArray SourcePositionTable();
  inline void ClearFrameCacheFromSourcePositionTable();

-  DECL_CAST(BytecodeArray)
+  DECL_CAST2(BytecodeArray)

  // Dispatched behavior.
  inline int BytecodeArraySize();
@ -769,7 +769,7 @@ class BytecodeArray : public FixedArrayBase {

  void Disassemble(std::ostream& os);

-  void CopyBytecodesTo(BytecodeArray* to);
+  void CopyBytecodesTo(BytecodeArray to);

  // Bytecode aging
  bool IsOld() const;
@ -805,8 +805,7 @@ class BytecodeArray : public FixedArrayBase {

  class BodyDescriptor;

- private:
-  DISALLOW_IMPLICIT_CONSTRUCTORS(BytecodeArray);
+  OBJECT_CONSTRUCTORS(BytecodeArray, FixedArrayBasePtr);
 };

 // DeoptimizationData is a fixed array used to hold the deoptimization data for
--- a/src/objects/debug-objects-inl.h
+++ b/src/objects/debug-objects-inl.h
@ -54,12 +54,12 @@ bool DebugInfo::HasInstrumentedBytecodeArray() {
  return debug_bytecode_array()->IsBytecodeArray();
 }

-BytecodeArray* DebugInfo::OriginalBytecodeArray() {
+BytecodeArray DebugInfo::OriginalBytecodeArray() {
  DCHECK(HasInstrumentedBytecodeArray());
  return BytecodeArray::cast(original_bytecode_array());
 }

-BytecodeArray* DebugInfo::DebugBytecodeArray() {
+BytecodeArray DebugInfo::DebugBytecodeArray() {
  DCHECK(HasInstrumentedBytecodeArray());
  DCHECK_EQ(shared()->GetDebugBytecodeArray(), debug_bytecode_array());
  return BytecodeArray::cast(debug_bytecode_array());
--- a/src/objects/debug-objects.h
+++ b/src/objects/debug-objects.h
@ -64,8 +64,8 @@ class DebugInfo : public Struct, public NeverReadOnlySpaceObject {
  // and DebugBytecodeArray returns the instrumented bytecode.
  inline bool HasInstrumentedBytecodeArray();

-  inline BytecodeArray* OriginalBytecodeArray();
-  inline BytecodeArray* DebugBytecodeArray();
+  inline BytecodeArray OriginalBytecodeArray();
+  inline BytecodeArray DebugBytecodeArray();

  // --- Break points ---
  // --------------------
--- a/src/objects/heap-object.h
+++ b/src/objects/heap-object.h
@ -144,6 +144,9 @@ class HeapObjectPtr : public ObjectPtr {
  void PrintHeader(std::ostream& os, const char* id);  // NOLINT
 #endif
  void HeapObjectVerify(Isolate* isolate);
+#ifdef VERIFY_HEAP
+  static void VerifyHeapPointer(Isolate* isolate, Object* p);
+#endif

  static const int kMapOffset = HeapObject::kMapOffset;

--- a/src/objects/shared-function-info-inl.h
+++ b/src/objects/shared-function-info-inl.h
@ -73,7 +73,7 @@ ACCESSORS(UncompiledDataWithPreParsedScope, pre_parsed_scope_data,
          PreParsedScopeData, kPreParsedScopeDataOffset)

 CAST_ACCESSOR(InterpreterData)
-ACCESSORS(InterpreterData, bytecode_array, BytecodeArray, kBytecodeArrayOffset)
+ACCESSORS2(InterpreterData, bytecode_array, BytecodeArray, kBytecodeArrayOffset)
 ACCESSORS2(InterpreterData, interpreter_trampoline, Code,
           kInterpreterTrampolineOffset)

@ -393,7 +393,7 @@ bool SharedFunctionInfo::HasBytecodeArray() const {
         function_data()->IsInterpreterData();
 }

-BytecodeArray* SharedFunctionInfo::GetBytecodeArray() const {
+BytecodeArray SharedFunctionInfo::GetBytecodeArray() const {
  DCHECK(HasBytecodeArray());
  if (HasDebugInfo() && GetDebugInfo()->HasInstrumentedBytecodeArray()) {
    return GetDebugInfo()->OriginalBytecodeArray();
@ -405,7 +405,7 @@ BytecodeArray* SharedFunctionInfo::GetBytecodeArray() const {
  }
 }

-BytecodeArray* SharedFunctionInfo::GetDebugBytecodeArray() const {
+BytecodeArray SharedFunctionInfo::GetDebugBytecodeArray() const {
  DCHECK(HasBytecodeArray());
  DCHECK(HasDebugInfo() && GetDebugInfo()->HasInstrumentedBytecodeArray());
  if (function_data()->IsBytecodeArray()) {
@ -416,7 +416,7 @@ BytecodeArray* SharedFunctionInfo::GetDebugBytecodeArray() const {
  }
 }

-void SharedFunctionInfo::SetDebugBytecodeArray(BytecodeArray* bytecode) {
+void SharedFunctionInfo::SetDebugBytecodeArray(BytecodeArray bytecode) {
  DCHECK(HasBytecodeArray());
  if (function_data()->IsBytecodeArray()) {
    set_function_data(bytecode);
@ -426,7 +426,7 @@ void SharedFunctionInfo::SetDebugBytecodeArray(BytecodeArray* bytecode) {
  }
 }

-void SharedFunctionInfo::set_bytecode_array(BytecodeArray* bytecode) {
+void SharedFunctionInfo::set_bytecode_array(BytecodeArray bytecode) {
  DCHECK(function_data() == Smi::FromEnum(Builtins::kCompileLazy) ||
         HasUncompiledData());
  set_function_data(bytecode);
--- a/src/objects/shared-function-info.h
+++ b/src/objects/shared-function-info.h
@ -158,7 +158,7 @@ class UncompiledDataWithPreParsedScope : public UncompiledData {

 class InterpreterData : public Struct {
 public:
-  DECL_ACCESSORS(bytecode_array, BytecodeArray)
+  DECL_ACCESSORS2(bytecode_array, BytecodeArray)
  DECL_ACCESSORS2(interpreter_trampoline, Code)

 // Layout description.
@ -294,14 +294,14 @@ class SharedFunctionInfo : public HeapObject, public NeverReadOnlySpaceObject {
  inline FunctionTemplateInfo* get_api_func_data();
  inline void set_api_func_data(FunctionTemplateInfo* data);
  inline bool HasBytecodeArray() const;
-  inline BytecodeArray* GetBytecodeArray() const;
-  inline void set_bytecode_array(BytecodeArray* bytecode);
+  inline BytecodeArray GetBytecodeArray() const;
+  inline void set_bytecode_array(BytecodeArray bytecode);
  inline Code InterpreterTrampoline() const;
  inline bool HasInterpreterData() const;
  inline InterpreterData* interpreter_data() const;
  inline void set_interpreter_data(InterpreterData* interpreter_data);
-  inline BytecodeArray* GetDebugBytecodeArray() const;
-  inline void SetDebugBytecodeArray(BytecodeArray* bytecode);
+  inline BytecodeArray GetDebugBytecodeArray() const;
+  inline void SetDebugBytecodeArray(BytecodeArray bytecode);
  inline bool HasAsmWasmData() const;
  inline AsmWasmData* asm_wasm_data() const;
  inline void set_asm_wasm_data(AsmWasmData* data);
--- a/src/runtime-profiler.cc
+++ b/src/runtime-profiler.cc
@ -188,7 +188,7 @@ bool RuntimeProfiler::MaybeOSR(JSFunction* function, InterpretedFrame* frame) {
 }

 OptimizationReason RuntimeProfiler::ShouldOptimize(JSFunction* function,
-                                                   BytecodeArray* bytecode) {
+                                                   BytecodeArray bytecode) {
  int ticks = function->feedback_vector()->profiler_ticks();
  if (bytecode->length() > kMaxBytecodeSizeForOpt) {
    return OptimizationReason::kDoNotOptimize;
--- a/src/runtime-profiler.h
+++ b/src/runtime-profiler.h
@ -33,7 +33,7 @@ class RuntimeProfiler {
  // optimization attempts should be made.
  bool MaybeOSR(JSFunction* function, InterpretedFrame* frame);
  OptimizationReason ShouldOptimize(JSFunction* function,
-                                    BytecodeArray* bytecode_array);
+                                    BytecodeArray bytecode_array);
  void Optimize(JSFunction* function, OptimizationReason reason);
  void Baseline(JSFunction* function, OptimizationReason reason);

--- a/src/runtime/runtime-debug.cc
+++ b/src/runtime/runtime-debug.cc
@ -58,7 +58,7 @@ RUNTIME_FUNCTION_RETURN_PAIR(Runtime_DebugBreakOnBytecode) {
  InterpretedFrame* interpreted_frame =
      reinterpret_cast<InterpretedFrame*>(it.frame());
  SharedFunctionInfo* shared = interpreted_frame->function()->shared();
-  BytecodeArray* bytecode_array = shared->GetBytecodeArray();
+  BytecodeArray bytecode_array = shared->GetBytecodeArray();
  int bytecode_offset = interpreted_frame->GetBytecodeOffset();
  Bytecode bytecode = Bytecodes::FromByte(bytecode_array->get(bytecode_offset));

--- a/src/snapshot/code-serializer.cc
+++ b/src/snapshot/code-serializer.cc
@ -187,7 +187,7 @@ void CodeSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
    DCHECK(!sfi->IsApiFunction() && !sfi->HasAsmWasmData());

    DebugInfo* debug_info = nullptr;
-    BytecodeArray* debug_bytecode_array = nullptr;
+    BytecodeArray debug_bytecode_array;
    if (sfi->HasDebugInfo()) {
      // Clear debug info.
      debug_info = sfi->GetDebugInfo();
@ -208,7 +208,7 @@ void CodeSerializer::SerializeObject(HeapObject* obj, HowToCode how_to_code,
    // Restore debug info
    if (debug_info != nullptr) {
      sfi->set_script_or_debug_info(debug_info);
-      if (debug_bytecode_array != nullptr) {
+      if (!debug_bytecode_array.is_null()) {
        sfi->SetDebugBytecodeArray(debug_bytecode_array);
      }
    }
--- a/src/snapshot/deserializer.cc
+++ b/src/snapshot/deserializer.cc
@ -286,7 +286,7 @@ HeapObject* Deserializer::PostProcessNewObject(HeapObject* obj, int space) {
  } else if (obj->IsBytecodeArray()) {
    // TODO(mythria): Remove these once we store the default values for these
    // fields in the serializer.
-    BytecodeArray* bytecode_array = BytecodeArray::cast(obj);
+    BytecodeArray bytecode_array = BytecodeArray::cast(obj);
    bytecode_array->set_interrupt_budget(
        interpreter::Interpreter::InterruptBudget());
    bytecode_array->set_osr_loop_nesting_level(0);
--- a/test/cctest/test-serialize.cc
+++ b/test/cctest/test-serialize.cc
@ -2244,7 +2244,7 @@ TEST(CodeSerializerAfterExecute) {

    Handle<SharedFunctionInfo> sfi = v8::Utils::OpenHandle(*script);
    CHECK(sfi->HasBytecodeArray());
-    BytecodeArray* bytecode = sfi->GetBytecodeArray();
+    BytecodeArray bytecode = sfi->GetBytecodeArray();
    CHECK_EQ(bytecode->interrupt_budget(),
             interpreter::Interpreter::InterruptBudget());
    CHECK_EQ(bytecode->osr_loop_nesting_level(), 0);