From f6d85958e08c0f4fd4083b740ce4059e8cf48064 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Fl=C3=BCckiger?= <olivf@chromium.org>
Date: Wed, 14 Dec 2022 16:09:10 +0000
Subject: [PATCH] [static-roots] Use operator== in HeapObject::Is##Type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace SafeEquals with normal equals operator in `IsUndefined` and
friends. This will allow us to have more efficient checks with static
roots, since pointers do not need to be decompressed.

After this change calling Is##Type on CodeObjects is no longer possible.
This is ensured by dchecks in operator==. The change might reveal more
callers that need to be fixed.

Bug: v8:13466
Change-Id: I3353d10aebb7a192a77281c44e4159f0da336297
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4106849
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Commit-Queue: Camillo Bruni <cbruni@chromium.org>
Reviewed-by: Dominik Inführ <dinfuehr@chromium.org>
Auto-Submit: Olivier Flückiger <olivf@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84974}
---
 include/v8-local-handle.h              | 2 ++
 src/objects/objects-inl.h              | 2 +-
 src/profiler/sampling-heap-profiler.cc | 7 ++++++-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/include/v8-local-handle.h b/include/v8-local-handle.h
index cbf87f949d..633c5633c5 100644
--- a/include/v8-local-handle.h
+++ b/include/v8-local-handle.h
@@ -53,6 +53,7 @@ class Utils;
 namespace internal {
 template <typename T>
 class CustomArguments;
+class SamplingHeapProfiler;
 }  // namespace internal
 
 namespace api_internal {
@@ -313,6 +314,7 @@ class Local {
   friend class BasicTracedReference;
   template <class F>
   friend class TracedReference;
+  friend class v8::internal::SamplingHeapProfiler;
 
   explicit V8_INLINE Local(T* that) : val_(that) {}
   V8_INLINE static Local<T> New(Isolate* isolate, T* that) {
diff --git a/src/objects/objects-inl.h b/src/objects/objects-inl.h
index f2108a8a61..680e870981 100644
--- a/src/objects/objects-inl.h
+++ b/src/objects/objects-inl.h
@@ -110,7 +110,7 @@ IS_TYPE_FUNCTION_DEF(CodeT)
     return Is##Type(ReadOnlyRoots(isolate));                     \
   }                                                              \
   bool Object::Is##Type(ReadOnlyRoots roots) const {             \
-    return SafeEquals(roots.Value());                            \
+    return (*this) == roots.Value();                             \
   }                                                              \
   bool Object::Is##Type() const {                                \
     return IsHeapObject() && HeapObject::cast(*this).Is##Type(); \
diff --git a/src/profiler/sampling-heap-profiler.cc b/src/profiler/sampling-heap-profiler.cc
index 50a32dd4d5..6747f7bceb 100644
--- a/src/profiler/sampling-heap-profiler.cc
+++ b/src/profiler/sampling-heap-profiler.cc
@@ -81,7 +81,12 @@ void SamplingHeapProfiler::SampleObject(Address soon_object, size_t size) {
   HeapObject heap_object = HeapObject::FromAddress(soon_object);
   Handle<Object> obj(heap_object, isolate_);
 
-  Local<v8::Value> loc = v8::Utils::ToLocal(obj);
+  // Since soon_object can be in code space we can't use v8::Utils::ToLocal.
+  DCHECK(obj.is_null() ||
+         (obj->IsSmi() ||
+          (V8_EXTERNAL_CODE_SPACE_BOOL && IsCodeSpaceObject(heap_object)) ||
+          !obj->IsTheHole()));
+  Local<v8::Value> loc(reinterpret_cast<v8::Value*>(obj.location()));
 
   AllocationNode* node = AddStack();
   node->allocations_[size]++;