From ad8169a0c3242bc73c5cd7371574a30f5464c050 Mon Sep 17 00:00:00 2001
From: Jakob Kummerow <jkummerow@chromium.org>
Date: Fri, 2 Nov 2018 18:46:10 -0700
Subject: [PATCH] [ubsan] Replace Object** in StrongRootsList with ObjectSlot

as part of the ongoing quest to get rid of Object*/Object** entirely.

Bug: v8:3770
Change-Id: Id3c6112a48a7a7ddb5441c72d81f4e4be61e3eae
Reviewed-on: https://chromium-review.googlesource.com/c/1316610
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#57225}
---
 src/deoptimizer.cc  |  6 +++---
 src/heap/heap.cc    | 14 ++++++--------
 src/heap/heap.h     |  4 ++--
 src/identity-map.cc | 11 +++++------
 4 files changed, 16 insertions(+), 19 deletions(-)

diff --git a/src/deoptimizer.cc b/src/deoptimizer.cc
index c7368f0920..9a2d26f6f6 100644
--- a/src/deoptimizer.cc
+++ b/src/deoptimizer.cc
@@ -136,8 +136,8 @@ DeoptimizerData::DeoptimizerData(Heap* heap) : heap_(heap), current_(nullptr) {
   }
   Code** start = &deopt_entry_code_[0];
   Code** end = &deopt_entry_code_[DeoptimizerData::kLastDeoptimizeKind + 1];
-  heap_->RegisterStrongRoots(reinterpret_cast<Object**>(start),
-                             reinterpret_cast<Object**>(end));
+  heap_->RegisterStrongRoots(ObjectSlot(reinterpret_cast<Address>(start)),
+                             ObjectSlot(reinterpret_cast<Address>(end)));
 }
 
 
@@ -146,7 +146,7 @@ DeoptimizerData::~DeoptimizerData() {
     deopt_entry_code_[i] = nullptr;
   }
   Code** start = &deopt_entry_code_[0];
-  heap_->UnregisterStrongRoots(reinterpret_cast<Object**>(start));
+  heap_->UnregisterStrongRoots(ObjectSlot(reinterpret_cast<Address>(start)));
 }
 
 Code* DeoptimizerData::deopt_entry_code(DeoptimizeKind kind) {
diff --git a/src/heap/heap.cc b/src/heap/heap.cc
index d2ec92633e..610dd0cf42 100644
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@@ -111,8 +111,8 @@ Heap::GCCallbackTuple& Heap::GCCallbackTuple::operator=(
     const Heap::GCCallbackTuple& other) = default;
 
 struct Heap::StrongRootsList {
-  Object** start;
-  Object** end;
+  ObjectSlot start;
+  ObjectSlot end;
   StrongRootsList* next;
 };
 
@@ -3856,8 +3856,7 @@ void Heap::IterateStrongRoots(RootVisitor* v, VisitMode mode) {
 
   // Iterate over other strong roots (currently only identity maps).
   for (StrongRootsList* list = strong_roots_list_; list; list = list->next) {
-    v->VisitRootPointers(Root::kStrongRoots, nullptr, ObjectSlot(list->start),
-                         ObjectSlot(list->end));
+    v->VisitRootPointers(Root::kStrongRoots, nullptr, list->start, list->end);
   }
   v->Synchronize(VisitorSynchronization::kStrongRoots);
 
@@ -4538,7 +4537,7 @@ void Heap::TracePossibleWrapper(JSObject* js_object) {
 void Heap::RegisterExternallyReferencedObject(Address* location) {
   // The embedder is not aware of whether numbers are materialized as heap
   // objects are just passed around as Smis.
-  Object* object = *reinterpret_cast<Object**>(location);
+  ObjectPtr object(*location);
   if (!object->IsHeapObject()) return;
   HeapObject* heap_object = HeapObject::cast(object);
   DCHECK(Contains(heap_object));
@@ -5218,7 +5217,7 @@ void Heap::RememberUnmappedPage(Address page, bool compacted) {
   remembered_unmapped_pages_index_ %= kRememberedUnmappedPages;
 }
 
-void Heap::RegisterStrongRoots(Object** start, Object** end) {
+void Heap::RegisterStrongRoots(ObjectSlot start, ObjectSlot end) {
   StrongRootsList* list = new StrongRootsList();
   list->next = strong_roots_list_;
   list->start = start;
@@ -5226,8 +5225,7 @@ void Heap::RegisterStrongRoots(Object** start, Object** end) {
   strong_roots_list_ = list;
 }
 
-
-void Heap::UnregisterStrongRoots(Object** start) {
+void Heap::UnregisterStrongRoots(ObjectSlot start) {
   StrongRootsList* prev = nullptr;
   StrongRootsList* list = strong_roots_list_;
   while (list != nullptr) {
diff --git a/src/heap/heap.h b/src/heap/heap.h
index c075114aa1..c5a868b4f7 100644
--- a/src/heap/heap.h
+++ b/src/heap/heap.h
@@ -658,8 +658,8 @@ class Heap {
   // snapshot blob, we need to reset it before serializing.
   void ClearStackLimits();
 
-  void RegisterStrongRoots(Object** start, Object** end);
-  void UnregisterStrongRoots(Object** start);
+  void RegisterStrongRoots(ObjectSlot start, ObjectSlot end);
+  void UnregisterStrongRoots(ObjectSlot start);
 
   void SetBuiltinsConstantsTable(FixedArray* cache);
 
diff --git a/src/identity-map.cc b/src/identity-map.cc
index dbaadcd4d2..e3b30c6512 100644
--- a/src/identity-map.cc
+++ b/src/identity-map.cc
@@ -22,7 +22,7 @@ IdentityMapBase::~IdentityMapBase() {
 void IdentityMapBase::Clear() {
   if (keys_) {
     DCHECK(!is_iterable());
-    heap_->UnregisterStrongRoots(reinterpret_cast<Object**>(keys_));
+    heap_->UnregisterStrongRoots(ObjectSlot(keys_));
     DeleteArray(keys_);
     DeleteArray(values_);
     keys_ = nullptr;
@@ -168,8 +168,8 @@ IdentityMapBase::RawEntry IdentityMapBase::GetEntry(Address key) {
     values_ = NewPointerArray(capacity_);
     memset(values_, 0, sizeof(void*) * capacity_);
 
-    heap_->RegisterStrongRoots(reinterpret_cast<Object**>(keys_),
-                               reinterpret_cast<Object**>(keys_ + capacity_));
+    heap_->RegisterStrongRoots(ObjectSlot(keys_),
+                               ObjectSlot(keys_ + capacity_));
   }
   int index = LookupOrInsert(key);
   return &values_[index];
@@ -293,9 +293,8 @@ void IdentityMapBase::Resize(int new_capacity) {
   }
 
   // Unregister old keys and register new keys.
-  heap_->UnregisterStrongRoots(reinterpret_cast<Object**>(old_keys));
-  heap_->RegisterStrongRoots(reinterpret_cast<Object**>(keys_),
-                             reinterpret_cast<Object**>(keys_ + capacity_));
+  heap_->UnregisterStrongRoots(ObjectSlot(old_keys));
+  heap_->RegisterStrongRoots(ObjectSlot(keys_), ObjectSlot(keys_ + capacity_));
 
   // Delete old storage;
   DeleteArray(old_keys);