[ext-code-space] Change representation of FreeSpace::next field

... to make it independent of the pointer compression scheme used for
the main cage and for code cage.

When external code space is enabled the next pointer is encoded as
Smi values representing a diff from the current FreeSpace object
address in kObjectAlignment chunks. Terminating value is stored as 0.
Such a representation has the following properties:
a) it can hold both positive an negative diffs for full pointer
   compression cage size (HeapObject address has only valuable 30 bits
   while Smis have 31 bits),
b) it's independent of the pointer compression base and pointer
   compression scheme used for main cage and code cage.

When external code space is not enabled the old encoding is used:
it's either 0 or tagged pointer to the next FreeSpace "object".

Bug: v8:11880
Change-Id: Ie7bcd97964c52cce178bfc49355378dded465830
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4023083
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Commit-Queue: Igor Sheludko <ishell@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84262}

src/objects/free-space-inl.h

@@ -25,15 +25,36 @@ RELAXED_SMI_ACCESSORS(FreeSpace, size, kSizeOffset)
 
 int FreeSpace::Size() { return size(kRelaxedLoad); }
 
-FreeSpace FreeSpace::next() {
+FreeSpace FreeSpace::next() const {
   DCHECK(IsValid());
+#ifdef V8_EXTERNAL_CODE_SPACE
+  intptr_t diff_to_next =
+      static_cast<intptr_t>(TaggedField<Smi, kNextOffset>::load(*this).value());
+  if (diff_to_next == 0) {
+    return FreeSpace();
+  }
+  Address next_ptr = ptr() + diff_to_next * kObjectAlignment;
+  return FreeSpace::unchecked_cast(Object(next_ptr));
+#else
   return FreeSpace::unchecked_cast(
       TaggedField<Object, kNextOffset>::load(*this));
+#endif  // V8_EXTERNAL_CODE_SPACE
 }
 
 void FreeSpace::set_next(FreeSpace next) {
   DCHECK(IsValid());
-  RELAXED_WRITE_FIELD(*this, kNextOffset, next);
+#ifdef V8_EXTERNAL_CODE_SPACE
+  if (next.is_null()) {
+    TaggedField<Smi, kNextOffset>::Relaxed_Store(*this, Smi::zero());
+    return;
+  }
+  intptr_t diff_to_next = next.ptr() - ptr();
+  DCHECK(IsAligned(diff_to_next, kObjectAlignment));
+  TaggedField<Smi, kNextOffset>::Relaxed_Store(
+      *this, Smi::FromIntptr(diff_to_next / kObjectAlignment));
+#else
+  TaggedField<Object, kNextOffset>::Relaxed_Store(*this, next);
+#endif  // V8_EXTERNAL_CODE_SPACE
 }
 
 FreeSpace FreeSpace::cast(HeapObject o) {
@@ -46,7 +67,7 @@ FreeSpace FreeSpace::unchecked_cast(const Object o) {
   return base::bit_cast<FreeSpace>(o);
 }
 
-bool FreeSpace::IsValid() {
+bool FreeSpace::IsValid() const {
   Heap* heap = GetHeapFromWritableObject(*this);
   Object free_space_map =
       Isolate::FromHeap(heap)->root(RootIndex::kFreeSpaceMap);

src/objects/free-space.h

@@ -20,6 +20,16 @@ namespace internal {
 // the heap remains iterable.  They have a size and a next pointer.
 // The next pointer is the raw address of the next FreeSpace object (or NULL)
 // in the free list.
+//
+// When external code space is enabled next pointer is stored as Smi values
+// representing a diff from current FreeSpace object address in kObjectAlignment
+// chunks. Terminating FreeSpace value is represented as Smi zero.
+// Such a representation has the following properties:
+// a) it can hold both positive an negative diffs for full pointer compression
+//    cage size (HeapObject address has only valuable 30 bits while Smis have
+//    31 bits),
+// b) it's independent of the pointer compression base and pointer compression
+//    scheme.
 class FreeSpace : public TorqueGeneratedFreeSpace<FreeSpace, HeapObject> {
  public:
   // [size]: size of the free space including the header.
@@ -28,7 +38,7 @@ class FreeSpace : public TorqueGeneratedFreeSpace<FreeSpace, HeapObject> {
   inline int Size();
 
   // Accessors for the next field.
-  inline FreeSpace next();
+  inline FreeSpace next() const;
   inline void set_next(FreeSpace next);
 
   inline static FreeSpace cast(HeapObject obj);
@@ -40,7 +50,7 @@ class FreeSpace : public TorqueGeneratedFreeSpace<FreeSpace, HeapObject> {
   class BodyDescriptor;
 
  private:
-  inline bool IsValid();
+  inline bool IsValid() const;
 
   TQ_OBJECT_CONSTRUCTORS(FreeSpace)
 };

src/objects/free-space.tq

@@ -4,5 +4,5 @@
 
 extern class FreeSpace extends HeapObject {
   size: Smi;
-  next: FreeSpace|Uninitialized;
+  next: FreeSpace|Smi|Uninitialized;
 }