objects-debug.cc 56.6 KB
Newer Older
1
// Copyright 2012 the V8 project authors. All rights reserved.
2 3
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
4

5
#include "src/objects.h"
6

7
#include "src/assembler-inl.h"
8
#include "src/bootstrapper.h"
9
#include "src/disasm.h"
10
#include "src/disassembler.h"
11
#include "src/elements.h"
12
#include "src/field-type.h"
13
#include "src/layout-descriptor.h"
14
#include "src/macro-assembler.h"
15
#include "src/objects-inl.h"
16
#include "src/objects/bigint.h"
17
#include "src/objects/data-handler-inl.h"
18
#include "src/objects/debug-objects-inl.h"
19
#include "src/objects/literal-objects.h"
20
#include "src/objects/module.h"
21
#include "src/ostreams.h"
22
#include "src/regexp/jsregexp.h"
23
#include "src/transitions.h"
24

25 26
namespace v8 {
namespace internal {
27

28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49
// Heap Verification Overview
// --------------------------
// - Each InstanceType has a separate XXXVerify method which checks an object's
//   integrity in isolation.
// - --verify-heap will iterate over all gc spaces and call ObjectVerify() on
//   every encountered tagged pointer.
// - Verification should be pushed down to the specific instance type if its
//   integrity is independent of an outer object.
// - In cases where the InstanceType is too genernic (e.g. FixedArray) the
//   XXXVerify of the outer method has to do recursive verification.
// - If the corresponding objects have inheritence the parent's Verify method
//   is called as well.
// - For any field containing pointes VerifyPointer(...) should be called.
//
// Caveats
// -------
// - Assume that any of the verify methods is incomplete!
// - Some integrity checks are only partially done due to objects being in
//   partially initialized states when a gc happens, for instance when outer
//   objects are allocted before inner ones.
//

50
#ifdef VERIFY_HEAP
51

52 53 54 55 56 57
void Object::ObjectVerify() {
  if (IsSmi()) {
    Smi::cast(this)->SmiVerify();
  } else {
    HeapObject::cast(this)->HeapObjectVerify();
  }
58
  CHECK(!IsConstructor() || IsCallable());
59 60 61
}


62 63 64 65
void Object::VerifyPointer(Object* p) {
  if (p->IsHeapObject()) {
    HeapObject::VerifyHeapPointer(p);
  } else {
66
    CHECK(p->IsSmi());
67 68 69
  }
}

70 71 72 73 74 75 76
namespace {
void VerifyForeignPointer(HeapObject* host, Object* foreign) {
  host->VerifyPointer(foreign);
  CHECK(foreign->IsUndefined(host->GetIsolate()) ||
        Foreign::IsNormalized(foreign));
}
}  // namespace
77 78

void Smi::SmiVerify() {
79
  CHECK(IsSmi());
80
  CHECK(!IsCallable());
81
  CHECK(!IsConstructor());
82 83 84 85
}


void HeapObject::HeapObjectVerify() {
86 87
  VerifyHeapPointer(map());
  CHECK(map()->IsMap());
88 89 90 91
  InstanceType instance_type = map()->instance_type();


  switch (instance_type) {
92 93 94 95 96
#define STRING_TYPE_CASE(TYPE, size, name, camel_name) case TYPE:
    STRING_TYPE_LIST(STRING_TYPE_CASE)
#undef STRING_TYPE_CASE
    String::cast(this)->StringVerify();
    break;
97 98 99
    case SYMBOL_TYPE:
      Symbol::cast(this)->SymbolVerify();
      break;
100 101 102 103
    case MAP_TYPE:
      Map::cast(this)->MapVerify();
      break;
    case HEAP_NUMBER_TYPE:
104
    case MUTABLE_HEAP_NUMBER_TYPE:
105 106
      HeapNumber::cast(this)->HeapNumberVerify();
      break;
107 108 109
    case BIGINT_TYPE:
      BigInt::cast(this)->BigIntVerify();
      break;
110
    case HASH_TABLE_TYPE:
111
    case FIXED_ARRAY_TYPE:
112
    case SCOPE_INFO_TYPE:
113 114
      FixedArray::cast(this)->FixedArrayVerify();
      break;
115 116 117
    case FIXED_DOUBLE_ARRAY_TYPE:
      FixedDoubleArray::cast(this)->FixedDoubleArrayVerify();
      break;
118 119 120
    case BYTE_ARRAY_TYPE:
      ByteArray::cast(this)->ByteArrayVerify();
      break;
121 122 123
    case BYTECODE_ARRAY_TYPE:
      BytecodeArray::cast(this)->BytecodeArrayVerify();
      break;
124 125 126
    case DESCRIPTOR_ARRAY_TYPE:
      DescriptorArray::cast(this)->DescriptorArrayVerify();
      break;
127 128 129
    case TRANSITION_ARRAY_TYPE:
      TransitionArray::cast(this)->TransitionArrayVerify();
      break;
130 131 132
    case PROPERTY_ARRAY_TYPE:
      PropertyArray::cast(this)->PropertyArrayVerify();
      break;
133 134 135
    case FREE_SPACE_TYPE:
      FreeSpace::cast(this)->FreeSpaceVerify();
      break;
136 137 138
    case FEEDBACK_CELL_TYPE:
      FeedbackCell::cast(this)->FeedbackCellVerify();
      break;
139 140 141
    case FEEDBACK_VECTOR_TYPE:
      FeedbackVector::cast(this)->FeedbackVectorVerify();
      break;
142 143 144 145

#define VERIFY_TYPED_ARRAY(Type, type, TYPE, ctype, size)                      \
    case FIXED_##TYPE##_ARRAY_TYPE:                                            \
      Fixed##Type##Array::cast(this)->FixedTypedArrayVerify();                 \
146
      break;
147 148 149 150

    TYPED_ARRAYS(VERIFY_TYPED_ARRAY)
#undef VERIFY_TYPED_ARRAY

151 152 153 154 155 156 157
    case CODE_TYPE:
      Code::cast(this)->CodeVerify();
      break;
    case ODDBALL_TYPE:
      Oddball::cast(this)->OddballVerify();
      break;
    case JS_OBJECT_TYPE:
158
    case JS_ERROR_TYPE:
159
    case JS_API_OBJECT_TYPE:
160
    case JS_SPECIAL_API_OBJECT_TYPE:
ager@chromium.org's avatar
ager@chromium.org committed
161
    case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
162 163 164 165
    case WASM_INSTANCE_TYPE:
    case WASM_MEMORY_TYPE:
    case WASM_MODULE_TYPE:
    case WASM_TABLE_TYPE:
166 167
      JSObject::cast(this)->JSObjectVerify();
      break;
168 169 170
    case JS_ARGUMENTS_TYPE:
      JSArgumentsObject::cast(this)->JSArgumentsObjectVerify();
      break;
171 172 173
    case JS_GENERATOR_OBJECT_TYPE:
      JSGeneratorObject::cast(this)->JSGeneratorObjectVerify();
      break;
174 175 176
    case JS_ASYNC_GENERATOR_OBJECT_TYPE:
      JSAsyncGeneratorObject::cast(this)->JSAsyncGeneratorObjectVerify();
      break;
177 178 179
    case JS_VALUE_TYPE:
      JSValue::cast(this)->JSValueVerify();
      break;
180 181 182
    case JS_DATE_TYPE:
      JSDate::cast(this)->JSDateVerify();
      break;
183 184 185
    case JS_BOUND_FUNCTION_TYPE:
      JSBoundFunction::cast(this)->JSBoundFunctionVerify();
      break;
186 187 188
    case JS_FUNCTION_TYPE:
      JSFunction::cast(this)->JSFunctionVerify();
      break;
189 190 191
    case JS_GLOBAL_PROXY_TYPE:
      JSGlobalProxy::cast(this)->JSGlobalProxyVerify();
      break;
192 193 194
    case JS_GLOBAL_OBJECT_TYPE:
      JSGlobalObject::cast(this)->JSGlobalObjectVerify();
      break;
195 196 197 198
    case CELL_TYPE:
      Cell::cast(this)->CellVerify();
      break;
    case PROPERTY_CELL_TYPE:
199
      PropertyCell::cast(this)->PropertyCellVerify();
200
      break;
ulan@chromium.org's avatar
ulan@chromium.org committed
201 202 203
    case WEAK_CELL_TYPE:
      WeakCell::cast(this)->WeakCellVerify();
      break;
204 205 206
    case JS_ARRAY_TYPE:
      JSArray::cast(this)->JSArrayVerify();
      break;
207 208 209
    case JS_MODULE_NAMESPACE_TYPE:
      JSModuleNamespace::cast(this)->JSModuleNamespaceVerify();
      break;
210 211 212 213 214 215
    case JS_SET_TYPE:
      JSSet::cast(this)->JSSetVerify();
      break;
    case JS_MAP_TYPE:
      JSMap::cast(this)->JSMapVerify();
      break;
216 217
    case JS_SET_KEY_VALUE_ITERATOR_TYPE:
    case JS_SET_VALUE_ITERATOR_TYPE:
218 219
      JSSetIterator::cast(this)->JSSetIteratorVerify();
      break;
220 221 222
    case JS_MAP_KEY_ITERATOR_TYPE:
    case JS_MAP_KEY_VALUE_ITERATOR_TYPE:
    case JS_MAP_VALUE_ITERATOR_TYPE:
223 224
      JSMapIterator::cast(this)->JSMapIteratorVerify();
      break;
225

226 227 228
#define ARRAY_ITERATOR_CASE(type) case type:
      ARRAY_ITERATOR_TYPE_LIST(ARRAY_ITERATOR_CASE)
#undef ARRAY_ITERATOR_CASE
229 230 231
      JSArrayIterator::cast(this)->JSArrayIteratorVerify();
      break;

232 233 234
    case JS_STRING_ITERATOR_TYPE:
      JSStringIterator::cast(this)->JSStringIteratorVerify();
      break;
235 236 237
    case JS_ASYNC_FROM_SYNC_ITERATOR_TYPE:
      JSAsyncFromSyncIterator::cast(this)->JSAsyncFromSyncIteratorVerify();
      break;
238 239 240
    case JS_WEAK_MAP_TYPE:
      JSWeakMap::cast(this)->JSWeakMapVerify();
      break;
241 242 243
    case JS_WEAK_SET_TYPE:
      JSWeakSet::cast(this)->JSWeakSetVerify();
      break;
244 245 246
    case JS_PROMISE_TYPE:
      JSPromise::cast(this)->JSPromiseVerify();
      break;
247 248 249
    case JS_REGEXP_TYPE:
      JSRegExp::cast(this)->JSRegExpVerify();
      break;
250 251
    case FILLER_TYPE:
      break;
252 253 254
    case JS_PROXY_TYPE:
      JSProxy::cast(this)->JSProxyVerify();
      break;
255 256
    case FOREIGN_TYPE:
      Foreign::cast(this)->ForeignVerify();
257 258 259 260
      break;
    case SHARED_FUNCTION_INFO_TYPE:
      SharedFunctionInfo::cast(this)->SharedFunctionInfoVerify();
      break;
261 262 263
    case JS_MESSAGE_OBJECT_TYPE:
      JSMessageObject::cast(this)->JSMessageObjectVerify();
      break;
264 265 266
    case JS_ARRAY_BUFFER_TYPE:
      JSArrayBuffer::cast(this)->JSArrayBufferVerify();
      break;
267 268 269
    case JS_TYPED_ARRAY_TYPE:
      JSTypedArray::cast(this)->JSTypedArrayVerify();
      break;
270 271 272
    case JS_DATA_VIEW_TYPE:
      JSDataView::cast(this)->JSDataViewVerify();
      break;
273
    case SMALL_ORDERED_HASH_SET_TYPE:
274 275 276 277
      SmallOrderedHashSet::cast(this)->SmallOrderedHashTableVerify();
      break;
    case SMALL_ORDERED_HASH_MAP_TYPE:
      SmallOrderedHashMap::cast(this)->SmallOrderedHashTableVerify();
278
      break;
279 280 281
    case CODE_DATA_CONTAINER_TYPE:
      CodeDataContainer::cast(this)->CodeDataContainerVerify();
      break;
282 283 284 285 286 287 288 289

#define MAKE_STRUCT_CASE(NAME, Name, name) \
  case NAME##_TYPE:                        \
    Name::cast(this)->Name##Verify();      \
    break;
    STRUCT_LIST(MAKE_STRUCT_CASE)
#undef MAKE_STRUCT_CASE

290 291 292 293 294 295 296
    case LOAD_HANDLER_TYPE:
      LoadHandler::cast(this)->LoadHandlerVerify();
      break;

    case STORE_HANDLER_TYPE:
      StoreHandler::cast(this)->StoreHandlerVerify();
      break;
297 298 299 300 301
  }
}


void HeapObject::VerifyHeapPointer(Object* p) {
302
  CHECK(p->IsHeapObject());
303 304
  HeapObject* ho = HeapObject::cast(p);
  CHECK(ho->GetHeap()->Contains(ho));
305 306 307
}


308 309 310
void Symbol::SymbolVerify() {
  CHECK(IsSymbol());
  CHECK(HasHashCode());
311
  CHECK_GT(Hash(), 0);
312
  CHECK(name()->IsUndefined(GetIsolate()) || name()->IsString());
313
  CHECK_IMPLIES(IsPrivateField(), IsPrivate());
314 315 316
}


317
void HeapNumber::HeapNumberVerify() {
318
  CHECK(IsHeapNumber() || IsMutableHeapNumber());
319
}
320

321
void ByteArray::ByteArrayVerify() {
322
  CHECK(IsByteArray());
323 324 325
}


326 327
void BytecodeArray::BytecodeArrayVerify() {
  // TODO(oth): Walk bytecodes and immediate values to validate sanity.
328 329 330 331
  // - All bytecodes are known and well formed.
  // - Jumps must go to new instructions starts.
  // - No Illegal bytecodes.
  // - No consecutive sequences of prefix Wide / ExtraWide.
332
  CHECK(IsBytecodeArray());
333 334
  CHECK(constant_pool()->IsFixedArray());
  VerifyHeapPointer(constant_pool());
335 336 337
}


338
void FreeSpace::FreeSpaceVerify() {
339
  CHECK(IsFreeSpace());
340 341
}

342 343 344 345 346 347 348
void FeedbackCell::FeedbackCellVerify() {
  CHECK(IsFeedbackCell());
  Isolate* const isolate = GetIsolate();
  VerifyHeapPointer(value());
  CHECK(value()->IsUndefined(isolate) || value()->IsFeedbackVector());
}

349
void FeedbackVector::FeedbackVectorVerify() { CHECK(IsFeedbackVector()); }
350

351 352
template <class Traits>
void FixedTypedArray<Traits>::FixedTypedArrayVerify() {
353 354 355
  CHECK(IsHeapObject() &&
        HeapObject::cast(this)->map()->instance_type() ==
            Traits::kInstanceType);
356 357 358 359
  if (base_pointer() == this) {
    CHECK(external_pointer() ==
          ExternalReference::fixed_typed_array_base_data_offset().address());
  } else {
360
    CHECK_NULL(base_pointer());
361
  }
362 363 364
}


365
bool JSObject::ElementsAreSafeToExamine() {
366 367 368
  // If a GC was caused while constructing this object, the elements
  // pointer may point to a one pointer filler map.
  return reinterpret_cast<Map*>(elements()) !=
369 370 371
      GetHeap()->one_pointer_filler_map();
}

372

373
void JSObject::JSObjectVerify() {
374
  VerifyPointer(raw_properties_or_hash());
375
  VerifyHeapPointer(elements());
376

377
  CHECK_IMPLIES(HasSloppyArgumentsElements(), IsJSArgumentsObject());
378 379
  if (HasFastProperties()) {
    int actual_unused_property_fields = map()->GetInObjectProperties() +
380
                                        property_array()->length() -
381
                                        map()->NextFreePropertyIndex();
382
    if (map()->UnusedPropertyFields() != actual_unused_property_fields) {
383 384 385 386 387 388
      // There are two reasons why this can happen:
      // - in the middle of StoreTransitionStub when the new extended backing
      //   store is already set into the object and the allocation of the
      //   MutableHeapNumber triggers GC while the map isn't updated yet.
      // - deletion of the last property can leave additional backing store
      //   capacity behind.
389 390
      CHECK_GT(actual_unused_property_fields, map()->UnusedPropertyFields());
      int delta = actual_unused_property_fields - map()->UnusedPropertyFields();
391
      CHECK_EQ(0, delta % JSObject::kFieldsAdded);
392
    }
393 394
    DescriptorArray* descriptors = map()->instance_descriptors();
    Isolate* isolate = GetIsolate();
395 396 397
    bool is_transitionable_fast_elements_kind =
        IsTransitionableFastElementsKind(map()->elements_kind());

398
    for (int i = 0; i < map()->NumberOfOwnDescriptors(); i++) {
399 400 401
      PropertyDetails details = descriptors->GetDetails(i);
      if (details.location() == kField) {
        DCHECK_EQ(kData, details.kind());
402
        Representation r = details.representation();
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418
        FieldIndex index = FieldIndex::ForDescriptor(map(), i);
        if (IsUnboxedDoubleField(index)) {
          DCHECK(r.IsDouble());
          continue;
        }
        Object* value = RawFastPropertyAt(index);
        if (r.IsDouble()) DCHECK(value->IsMutableHeapNumber());
        if (value->IsUninitialized(isolate)) continue;
        if (r.IsSmi()) DCHECK(value->IsSmi());
        if (r.IsHeapObject()) DCHECK(value->IsHeapObject());
        FieldType* field_type = descriptors->GetFieldType(i);
        bool type_is_none = field_type->IsNone();
        bool type_is_any = field_type->IsAny();
        if (r.IsNone()) {
          CHECK(type_is_none);
        } else if (!type_is_any && !(type_is_none && r.IsHeapObject())) {
419
          CHECK(!field_type->NowStable() || field_type->NowContains(value));
420
        }
421 422 423
        CHECK_IMPLIES(is_transitionable_fast_elements_kind,
                      !Map::IsInplaceGeneralizableField(details.constness(), r,
                                                        field_type));
424 425
      }
    }
426 427 428 429 430

    if (map()->EnumLength() != kInvalidEnumCacheSentinel) {
      EnumCache* enum_cache = descriptors->GetEnumCache();
      FixedArray* keys = enum_cache->keys();
      FixedArray* indices = enum_cache->indices();
431 432 433
      CHECK_LE(map()->EnumLength(), keys->length());
      CHECK_IMPLIES(indices != isolate->heap()->empty_fixed_array(),
                    keys->length() == indices->length());
434
    }
435
  }
436

437 438 439 440 441 442 443 444
  // If a GC was caused while constructing this object, the elements
  // pointer may point to a one pointer filler map.
  if (ElementsAreSafeToExamine()) {
    CHECK_EQ((map()->has_fast_smi_or_object_elements() ||
              (elements() == GetHeap()->empty_fixed_array()) ||
              HasFastStringWrapperElements()),
             (elements()->map() == GetHeap()->fixed_array_map() ||
              elements()->map() == GetHeap()->fixed_cow_array_map()));
445
    CHECK(map()->has_fast_object_elements() == HasObjectElements());
446
  }
447
}
448

449

450
void Map::MapVerify() {
451 452
  Heap* heap = GetHeap();
  CHECK(!heap->InNewSpace(this));
453
  CHECK(FIRST_TYPE <= instance_type() && instance_type() <= LAST_TYPE);
454
  CHECK(instance_size() == kVariableSizeSentinel ||
455 456
        (kPointerSize <= instance_size() &&
         static_cast<size_t>(instance_size()) < heap->Capacity()));
457
  CHECK(GetBackPointer()->IsUndefined(heap->isolate()) ||
458
        !Map::cast(GetBackPointer())->is_stable());
459 460
  VerifyHeapPointer(prototype());
  VerifyHeapPointer(instance_descriptors());
461
  SLOW_DCHECK(instance_descriptors()->IsSortedNoDuplicates());
462 463 464 465 466
  DisallowHeapAllocation no_gc;
  SLOW_DCHECK(TransitionsAccessor(this, &no_gc).IsSortedNoDuplicates());
  SLOW_DCHECK(TransitionsAccessor(this, &no_gc).IsConsistentWithBackPointers());
  SLOW_DCHECK(!FLAG_unbox_double_fields ||
              layout_descriptor()->IsConsistentWithMap(this));
467 468 469 470 471 472 473 474 475 476 477 478
  if (!may_have_interesting_symbols()) {
    CHECK(!has_named_interceptor());
    CHECK(!is_dictionary_map());
    CHECK(!is_access_check_needed());
    DescriptorArray* const descriptors = instance_descriptors();
    for (int i = 0; i < NumberOfOwnDescriptors(); ++i) {
      CHECK(!descriptors->GetKey(i)->IsInterestingSymbol());
    }
  }
  CHECK_IMPLIES(has_named_interceptor(), may_have_interesting_symbols());
  CHECK_IMPLIES(is_dictionary_map(), may_have_interesting_symbols());
  CHECK_IMPLIES(is_access_check_needed(), may_have_interesting_symbols());
479 480 481
  CHECK_IMPLIES(IsJSObjectMap() && !CanHaveFastTransitionableElementsKind(),
                IsDictionaryElementsKind(elements_kind()) ||
                    IsTerminalElementsKind(elements_kind()));
482 483 484 485
  if (is_prototype_map()) {
    DCHECK(prototype_info() == Smi::kZero ||
           prototype_info()->IsPrototypeInfo());
  }
486 487 488
}


489
void Map::DictionaryMapVerify() {
490
  MapVerify();
491
  CHECK(is_dictionary_map());
492 493
  CHECK_EQ(kInvalidEnumCacheSentinel, EnumLength());
  CHECK_EQ(GetHeap()->empty_descriptor_array(), instance_descriptors());
494
  CHECK_EQ(0, UnusedPropertyFields());
495
  CHECK_EQ(Map::GetVisitorId(this), visitor_id());
496 497
}

498 499 500 501 502
void AliasedArgumentsEntry::AliasedArgumentsEntryVerify() {
  VerifySmiField(kAliasedContextSlot);
}


503 504 505
void FixedArray::FixedArrayVerify() {
  for (int i = 0; i < length(); i++) {
    Object* e = get(i);
506
    VerifyPointer(e);
507 508 509
  }
}

510
void PropertyArray::PropertyArrayVerify() {
511 512 513 514 515 516
  if (length() == 0) {
    CHECK_EQ(this, this->GetHeap()->empty_property_array());
    return;
  }
  // There are no empty PropertyArrays.
  CHECK_LT(0, length());
517 518 519 520 521
  for (int i = 0; i < length(); i++) {
    Object* e = get(i);
    VerifyPointer(e);
  }
}
522

523 524 525
void FixedDoubleArray::FixedDoubleArrayVerify() {
  for (int i = 0; i < length(); i++) {
    if (!is_the_hole(i)) {
526
      uint64_t value = get_representation(i);
527 528
      uint64_t unexpected =
          bit_cast<uint64_t>(std::numeric_limits<double>::quiet_NaN()) &
529
          uint64_t{0x7FF8000000000000};
530
      // Create implementation specific sNaN by inverting relevant bit.
531 532 533
      unexpected ^= uint64_t{0x0008000000000000};
      CHECK((value & uint64_t{0x7FF8000000000000}) != unexpected ||
            (value & uint64_t{0x0007FFFFFFFFFFFF}) == uint64_t{0});
534 535 536 537
    }
  }
}

538 539 540 541 542 543 544 545 546 547 548 549 550
void DescriptorArray::DescriptorArrayVerify() {
  FixedArrayVerify();
  if (number_of_descriptors_storage() == 0) {
    Heap* heap = GetHeap();
    CHECK_EQ(heap->empty_descriptor_array(), this);
    CHECK_EQ(2, length());
    CHECK_EQ(0, number_of_descriptors());
    CHECK_EQ(heap->empty_enum_cache(), GetEnumCache());
  } else {
    CHECK_LT(2, length());
    CHECK_LE(LengthFor(number_of_descriptors()), length());
  }
}
551

552
void TransitionArray::TransitionArrayVerify() {
553
  FixedArrayVerify();
554 555 556
  CHECK_LE(LengthFor(number_of_transitions()), length());
}

557 558
void JSArgumentsObject::JSArgumentsObjectVerify() {
  if (IsSloppyArgumentsElementsKind(GetElementsKind())) {
559 560
    SloppyArgumentsElements::cast(elements())
        ->SloppyArgumentsElementsVerify(this);
561 562 563 564 565 566 567
  }
  Isolate* isolate = GetIsolate();
  if (isolate->IsInAnyContext(map(), Context::SLOPPY_ARGUMENTS_MAP_INDEX) ||
      isolate->IsInAnyContext(map(),
                              Context::SLOW_ALIASED_ARGUMENTS_MAP_INDEX) ||
      isolate->IsInAnyContext(map(),
                              Context::FAST_ALIASED_ARGUMENTS_MAP_INDEX)) {
568 569 570 571 572
    VerifyObjectField(JSSloppyArgumentsObject::kLengthOffset);
    VerifyObjectField(JSSloppyArgumentsObject::kCalleeOffset);
  } else if (isolate->IsInAnyContext(map(),
                                     Context::STRICT_ARGUMENTS_MAP_INDEX)) {
    VerifyObjectField(JSStrictArgumentsObject::kLengthOffset);
573
  }
574
  JSObjectVerify();
575 576
}

577
void SloppyArgumentsElements::SloppyArgumentsElementsVerify(JSObject* holder) {
578 579
  Isolate* isolate = GetIsolate();
  FixedArrayVerify();
580 581 582
  // Abort verification if only partially initialized (can't use arguments()
  // getter because it does FixedArray::cast()).
  if (get(kArgumentsIndex)->IsUndefined(isolate)) return;
583 584

  ElementsKind kind = holder->GetElementsKind();
585
  bool is_fast = kind == FAST_SLOPPY_ARGUMENTS_ELEMENTS;
586 587 588 589 590 591 592 593 594 595
  CHECK(IsFixedArray());
  CHECK_GE(length(), 2);
  CHECK_EQ(map(), isolate->heap()->sloppy_arguments_elements_map());
  Context* context_object = Context::cast(context());
  FixedArray* arg_elements = FixedArray::cast(arguments());
  if (arg_elements->length() == 0) {
    CHECK(arg_elements == isolate->heap()->empty_fixed_array());
    return;
  }
  ElementsAccessor* accessor;
596
  if (is_fast) {
597
    accessor = ElementsAccessor::ForKind(HOLEY_ELEMENTS);
598 599 600
  } else {
    accessor = ElementsAccessor::ForKind(DICTIONARY_ELEMENTS);
  }
601 602
  int nofMappedParameters = 0;
  int maxMappedIndex = 0;
603 604 605 606
  for (int i = 0; i < nofMappedParameters; i++) {
    // Verify that each context-mapped argument is either the hole or a valid
    // Smi within context length range.
    Object* mapped = get_mapped_entry(i);
607 608 609 610 611 612 613 614
    if (mapped->IsTheHole(isolate)) {
      // Slow sloppy arguments can be holey.
      if (!is_fast) continue;
      // Fast sloppy arguments elements are never holey. Either the element is
      // context-mapped or present in the arguments elements.
      CHECK(accessor->HasElement(holder, i, arg_elements));
      continue;
    }
jgruber's avatar
jgruber committed
615
    int mappedIndex = Smi::ToInt(mapped);
616 617 618 619
    nofMappedParameters++;
    CHECK_LE(maxMappedIndex, mappedIndex);
    maxMappedIndex = mappedIndex;
    Object* value = context_object->get(mappedIndex);
620 621
    CHECK(value->IsObject());
    // None of the context-mapped entries should exist in the arguments
622
    // elements.
623 624
    CHECK(!accessor->HasElement(holder, i, arg_elements));
  }
625 626 627 628
  CHECK_LE(nofMappedParameters, context_object->length());
  CHECK_LE(nofMappedParameters, arg_elements->length());
  CHECK_LE(maxMappedIndex, context_object->length());
  CHECK_LE(maxMappedIndex, arg_elements->length());
629
}
630

631 632 633 634 635 636
void JSGeneratorObject::JSGeneratorObjectVerify() {
  // In an expression like "new g()", there can be a point where a generator
  // object is allocated but its fields are all undefined, as it hasn't yet been
  // initialized by the generator.  Hence these weak checks.
  VerifyObjectField(kFunctionOffset);
  VerifyObjectField(kContextOffset);
637
  VerifyObjectField(kReceiverOffset);
638
  VerifyObjectField(kRegisterFileOffset);
639 640 641
  VerifyObjectField(kContinuationOffset);
}

642 643 644 645 646 647
void JSAsyncGeneratorObject::JSAsyncGeneratorObjectVerify() {
  // Check inherited fields
  JSGeneratorObjectVerify();
  VerifyObjectField(kQueueOffset);
  queue()->HeapObjectVerify();
}
648

649 650 651 652 653 654 655 656
void JSValue::JSValueVerify() {
  Object* v = value();
  if (v->IsHeapObject()) {
    VerifyHeapPointer(v);
  }
}


657 658 659 660
void JSDate::JSDateVerify() {
  if (value()->IsHeapObject()) {
    VerifyHeapPointer(value());
  }
661 662 663 664 665 666 667 668 669 670 671 672
  Isolate* isolate = GetIsolate();
  CHECK(value()->IsUndefined(isolate) || value()->IsSmi() ||
        value()->IsHeapNumber());
  CHECK(year()->IsUndefined(isolate) || year()->IsSmi() || year()->IsNaN());
  CHECK(month()->IsUndefined(isolate) || month()->IsSmi() || month()->IsNaN());
  CHECK(day()->IsUndefined(isolate) || day()->IsSmi() || day()->IsNaN());
  CHECK(weekday()->IsUndefined(isolate) || weekday()->IsSmi() ||
        weekday()->IsNaN());
  CHECK(hour()->IsUndefined(isolate) || hour()->IsSmi() || hour()->IsNaN());
  CHECK(min()->IsUndefined(isolate) || min()->IsSmi() || min()->IsNaN());
  CHECK(sec()->IsUndefined(isolate) || sec()->IsSmi() || sec()->IsNaN());
  CHECK(cache_stamp()->IsUndefined(isolate) || cache_stamp()->IsSmi() ||
673 674
        cache_stamp()->IsNaN());

675
  if (month()->IsSmi()) {
jgruber's avatar
jgruber committed
676
    int month = Smi::ToInt(this->month());
677 678 679
    CHECK(0 <= month && month <= 11);
  }
  if (day()->IsSmi()) {
jgruber's avatar
jgruber committed
680
    int day = Smi::ToInt(this->day());
681 682 683
    CHECK(1 <= day && day <= 31);
  }
  if (hour()->IsSmi()) {
jgruber's avatar
jgruber committed
684
    int hour = Smi::ToInt(this->hour());
685 686 687
    CHECK(0 <= hour && hour <= 23);
  }
  if (min()->IsSmi()) {
jgruber's avatar
jgruber committed
688
    int min = Smi::ToInt(this->min());
689 690 691
    CHECK(0 <= min && min <= 59);
  }
  if (sec()->IsSmi()) {
jgruber's avatar
jgruber committed
692
    int sec = Smi::ToInt(this->sec());
693 694 695
    CHECK(0 <= sec && sec <= 59);
  }
  if (weekday()->IsSmi()) {
jgruber's avatar
jgruber committed
696
    int weekday = Smi::ToInt(this->weekday());
697
    CHECK(0 <= weekday && weekday <= 6);
698
  }
699
  if (cache_stamp()->IsSmi()) {
jgruber's avatar
jgruber committed
700 701
    CHECK(Smi::ToInt(cache_stamp()) <=
          Smi::ToInt(isolate->date_cache()->stamp()));
702
  }
703 704 705
}


706 707 708 709 710 711 712 713 714 715
void JSMessageObject::JSMessageObjectVerify() {
  CHECK(IsJSMessageObject());
  VerifyObjectField(kStartPositionOffset);
  VerifyObjectField(kEndPositionOffset);
  VerifyObjectField(kArgumentsOffset);
  VerifyObjectField(kScriptOffset);
  VerifyObjectField(kStackFramesOffset);
}


716 717 718
void String::StringVerify() {
  CHECK(IsString());
  CHECK(length() >= 0 && length() <= Smi::kMaxValue);
719
  CHECK_IMPLIES(length() == 0, this == GetHeap()->empty_string());
720
  if (IsInternalizedString()) {
721
    CHECK(!GetHeap()->InNewSpace(this));
722
  }
723 724 725 726
  if (IsConsString()) {
    ConsString::cast(this)->ConsStringVerify();
  } else if (IsSlicedString()) {
    SlicedString::cast(this)->SlicedStringVerify();
727 728
  } else if (IsThinString()) {
    ThinString::cast(this)->ThinStringVerify();
729 730 731 732 733
  }
}


void ConsString::ConsStringVerify() {
734 735 736
  CHECK(this->first()->IsString());
  CHECK(this->second() == GetHeap()->empty_string() ||
        this->second()->IsString());
737
  CHECK_GE(this->length(), ConsString::kMinLength);
738
  CHECK(this->length() == this->first()->length() + this->second()->length());
739
  if (this->IsFlat()) {
740 741 742 743
    // A flat cons can only be created by String::SlowFlatten.
    // Afterwards, the first part may be externalized or internalized.
    CHECK(this->first()->IsSeqString() || this->first()->IsExternalString() ||
          this->first()->IsThinString());
744 745 746
  }
}

747 748 749 750
void ThinString::ThinStringVerify() {
  CHECK(this->actual()->IsInternalizedString());
  CHECK(this->actual()->IsSeqString() || this->actual()->IsExternalString());
}
751 752 753 754

void SlicedString::SlicedStringVerify() {
  CHECK(!this->parent()->IsConsString());
  CHECK(!this->parent()->IsSlicedString());
755
  CHECK_GE(this->length(), SlicedString::kMinLength);
756 757 758
}


759 760
void JSBoundFunction::JSBoundFunctionVerify() {
  CHECK(IsJSBoundFunction());
761
  JSObjectVerify();
762 763 764 765 766
  VerifyObjectField(kBoundThisOffset);
  VerifyObjectField(kBoundTargetFunctionOffset);
  VerifyObjectField(kBoundArgumentsOffset);
  CHECK(IsCallable());

767 768 769 770 771 772
  Isolate* const isolate = GetIsolate();
  if (!raw_bound_target_function()->IsUndefined(isolate)) {
    CHECK(bound_target_function()->IsCallable());
    CHECK_EQ(IsConstructor(), bound_target_function()->IsConstructor());
  }
}
773

774 775
void JSFunction::JSFunctionVerify() {
  CHECK(IsJSFunction());
776 777 778
  JSObjectVerify();
  VerifyHeapPointer(feedback_cell());
  CHECK(feedback_cell()->IsFeedbackCell());
779
  CHECK(code()->IsCode());
780
  CHECK(map()->is_callable());
781 782 783
  if (has_prototype_slot()) {
    VerifyObjectField(kPrototypeOrInitialMapOffset);
  }
784 785
}

786

787 788
void SharedFunctionInfo::SharedFunctionInfoVerify() {
  CHECK(IsSharedFunctionInfo());
789

790
  VerifyObjectField(kCodeOffset);
791
  VerifyObjectField(kDebugInfoOffset);
792
  VerifyObjectField(kFeedbackMetadataOffset);
793 794 795 796 797 798 799
  VerifyObjectField(kFunctionDataOffset);
  VerifyObjectField(kFunctionIdentifierOffset);
  VerifyObjectField(kNameOffset);
  VerifyObjectField(kOuterScopeInfoOffset);
  VerifyObjectField(kScopeInfoOffset);
  VerifyObjectField(kScriptOffset);

800 801 802 803
  CHECK(raw_name() == kNoSharedNameSentinel || raw_name()->IsString());

  Isolate* isolate = GetIsolate();
  CHECK(function_data()->IsUndefined(isolate) || IsApiFunction() ||
804
        HasBytecodeArray() || HasAsmWasmData() ||
805
        HasLazyDeserializationBuiltinId() || HasPreParsedScopeData());
806

807 808
  CHECK(function_identifier()->IsUndefined(isolate) || HasBuiltinFunctionId() ||
        HasInferredName());
809

810
  int expected_map_index = Context::FunctionMapIndex(
811
      language_mode(), kind(), true, has_shared_name(), needs_home_object());
812 813
  CHECK_EQ(expected_map_index, function_map_index());

814 815 816 817
  if (scope_info()->length() > 0) {
    CHECK(kind() == scope_info()->function_kind());
    CHECK_EQ(kind() == kModule, scope_info()->scope_type() == MODULE_SCOPE);
  }
818
}
819 820 821 822 823


void JSGlobalProxy::JSGlobalProxyVerify() {
  CHECK(IsJSGlobalProxy());
  JSObjectVerify();
824
  VerifyObjectField(JSGlobalProxy::kNativeContextOffset);
825
  // Make sure that this object has no properties, elements.
826
  CHECK_EQ(0, FixedArray::cast(elements())->length());
827
}
828 829 830 831


void JSGlobalObject::JSGlobalObjectVerify() {
  CHECK(IsJSGlobalObject());
yangguo's avatar
yangguo committed
832
  // Do not check the dummy global object for the builtins.
833
  if (global_dictionary()->NumberOfElements() == 0 &&
yangguo's avatar
yangguo committed
834 835
      elements()->length() == 0) {
    return;
836 837 838 839 840 841 842
  }
  JSObjectVerify();
}


void Oddball::OddballVerify() {
  CHECK(IsOddball());
843
  Heap* heap = GetHeap();
844 845 846
  VerifyHeapPointer(to_string());
  Object* number = to_number();
  if (number->IsHeapObject()) {
847 848
    CHECK(number == heap->nan_value() ||
          number == heap->hole_nan_value());
849
  } else {
850
    CHECK(number->IsSmi());
jgruber's avatar
jgruber committed
851
    int value = Smi::ToInt(number);
852
    // Hidden oddballs have negative smis.
853
    const int kLeastHiddenOddballNumber = -7;
854
    CHECK_LE(value, 1);
855
    CHECK_GE(value, kLeastHiddenOddballNumber);
856
  }
857 858 859 860 861 862 863 864 865 866 867 868 869 870 871
  if (map() == heap->undefined_map()) {
    CHECK(this == heap->undefined_value());
  } else if (map() == heap->the_hole_map()) {
    CHECK(this == heap->the_hole_value());
  } else if (map() == heap->null_map()) {
    CHECK(this == heap->null_value());
  } else if (map() == heap->boolean_map()) {
    CHECK(this == heap->true_value() ||
          this == heap->false_value());
  } else if (map() == heap->uninitialized_map()) {
    CHECK(this == heap->uninitialized_value());
  } else if (map() == heap->arguments_marker_map()) {
    CHECK(this == heap->arguments_marker());
  } else if (map() == heap->termination_exception_map()) {
    CHECK(this == heap->termination_exception());
872 873
  } else if (map() == heap->exception_map()) {
    CHECK(this == heap->exception());
874 875
  } else if (map() == heap->optimized_out_map()) {
    CHECK(this == heap->optimized_out());
876 877
  } else if (map() == heap->stale_register_map()) {
    CHECK(this == heap->stale_register());
878 879 880
  } else {
    UNREACHABLE();
  }
881 882 883
}


884 885 886 887 888 889
void Cell::CellVerify() {
  CHECK(IsCell());
  VerifyObjectField(kValueOffset);
}


890 891
void PropertyCell::PropertyCellVerify() {
  CHECK(IsPropertyCell());
892 893 894 895
  VerifyObjectField(kValueOffset);
}


ulan@chromium.org's avatar
ulan@chromium.org committed
896 897 898 899 900
void WeakCell::WeakCellVerify() {
  CHECK(IsWeakCell());
  VerifyObjectField(kValueOffset);
}

901 902
void CodeDataContainer::CodeDataContainerVerify() {
  CHECK(IsCodeDataContainer());
903 904 905
  VerifyObjectField(kNextCodeLinkOffset);
  CHECK(next_code_link()->IsCode() ||
        next_code_link()->IsUndefined(GetIsolate()));
906
}
ulan@chromium.org's avatar
ulan@chromium.org committed
907

908
void Code::CodeVerify() {
909
  CHECK(IsAligned(reinterpret_cast<intptr_t>(instruction_start()),
910
                  kCodeAlignment));
911
  relocation_info()->ObjectVerify();
912
  Address last_gc_pc = nullptr;
913
  Isolate* isolate = GetIsolate();
914
  for (RelocIterator it(this); !it.done(); it.next()) {
915
    it.rinfo()->Verify(isolate);
916
    // Ensure that GC will not iterate twice over the same pointer.
917
    if (RelocInfo::IsGCRelocMode(it.rinfo()->rmode())) {
918 919 920
      CHECK(it.rinfo()->pc() != last_gc_pc);
      last_gc_pc = it.rinfo()->pc();
    }
921 922 923 924
  }
}


925
void Code::VerifyEmbeddedObjectsDependency() {
926
  if (!CanContainWeakObjects()) return;
ulan's avatar
ulan committed
927
  WeakCell* cell = CachedWeakCell();
928 929 930
  DisallowHeapAllocation no_gc;
  Isolate* isolate = GetIsolate();
  HandleScope scope(isolate);
931 932
  int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
  for (RelocIterator it(this, mode_mask); !it.done(); it.next()) {
933
    Object* obj = it.rinfo()->target_object();
934
    if (IsWeakObject(obj)) {
935 936
      if (obj->IsMap()) {
        Map* map = Map::cast(obj);
937
        CHECK(map->dependent_code()->Contains(DependentCode::kWeakCodeGroup,
ulan's avatar
ulan committed
938
                                              cell));
939
      } else if (obj->IsJSObject()) {
940 941
        if (isolate->heap()->InNewSpace(obj)) {
          ArrayList* list =
942
              GetIsolate()->heap()->weak_new_space_object_to_code_list();
943 944 945 946 947 948 949 950 951 952 953 954 955
          bool found = false;
          for (int i = 0; i < list->Length(); i += 2) {
            WeakCell* obj_cell = WeakCell::cast(list->Get(i));
            if (!obj_cell->cleared() && obj_cell->value() == obj &&
                WeakCell::cast(list->Get(i + 1)) == cell) {
              found = true;
              break;
            }
          }
          CHECK(found);
        } else {
          Handle<HeapObject> key_obj(HeapObject::cast(obj), isolate);
          DependentCode* dep =
956
              GetIsolate()->heap()->LookupWeakObjectToCodeDependency(key_obj);
957 958
          dep->Contains(DependentCode::kWeakCodeGroup, cell);
        }
959 960 961 962 963 964
      }
    }
  }
}


965 966
void JSArray::JSArrayVerify() {
  JSObjectVerify();
967
  Isolate* isolate = GetIsolate();
968
  CHECK(length()->IsNumber() || length()->IsUndefined(isolate));
969 970
  // If a GC was caused while constructing this array, the elements
  // pointer may point to a one pointer filler map.
971 972 973 974 975 976
  if (!ElementsAreSafeToExamine()) return;
  if (elements()->IsUndefined(isolate)) return;
  CHECK(elements()->IsFixedArray() || elements()->IsFixedDoubleArray());
  if (!length()->IsNumber()) return;
  // Verify that the length and the elements backing store are in sync.
  if (length()->IsSmi() && HasFastElements()) {
jgruber's avatar
jgruber committed
977
    int size = Smi::ToInt(length());
978 979 980 981 982 983
    // Holey / Packed backing stores might have slack or might have not been
    // properly initialized yet.
    CHECK(size <= elements()->length() ||
          elements() == isolate->heap()->empty_fixed_array());
  } else {
    CHECK(HasDictionaryElements());
984 985
    uint32_t array_length;
    CHECK(length()->ToArrayLength(&array_length));
986
    if (array_length == 0xFFFFFFFF) {
987 988 989
      CHECK(length()->ToArrayLength(&array_length));
    }
    if (array_length != 0) {
990
      NumberDictionary* dict = NumberDictionary::cast(elements());
991 992 993 994 995 996
      // The dictionary can never have more elements than the array length + 1.
      // If the backing store grows the verification might be triggered with
      // the old length in place.
      uint32_t nof_elements = static_cast<uint32_t>(dict->NumberOfElements());
      if (nof_elements != 0) nof_elements--;
      CHECK_LE(nof_elements, array_length);
997
    }
998
  }
999 1000
}

1001

1002 1003 1004 1005
void JSSet::JSSetVerify() {
  CHECK(IsJSSet());
  JSObjectVerify();
  VerifyHeapPointer(table());
1006
  CHECK(table()->IsOrderedHashSet() || table()->IsUndefined(GetIsolate()));
1007
  // TODO(arv): Verify OrderedHashTable too.
1008 1009 1010 1011 1012 1013 1014
}


void JSMap::JSMapVerify() {
  CHECK(IsJSMap());
  JSObjectVerify();
  VerifyHeapPointer(table());
1015
  CHECK(table()->IsOrderedHashMap() || table()->IsUndefined(GetIsolate()));
1016 1017 1018 1019 1020 1021 1022 1023
  // TODO(arv): Verify OrderedHashTable too.
}


void JSSetIterator::JSSetIteratorVerify() {
  CHECK(IsJSSetIterator());
  JSObjectVerify();
  VerifyHeapPointer(table());
1024
  CHECK(table()->IsOrderedHashSet());
1025
  CHECK(index()->IsSmi());
1026 1027 1028 1029 1030 1031 1032
}


void JSMapIterator::JSMapIteratorVerify() {
  CHECK(IsJSMapIterator());
  JSObjectVerify();
  VerifyHeapPointer(table());
1033
  CHECK(table()->IsOrderedHashMap());
1034
  CHECK(index()->IsSmi());
1035 1036 1037
}


1038 1039 1040 1041
void JSWeakMap::JSWeakMapVerify() {
  CHECK(IsJSWeakMap());
  JSObjectVerify();
  VerifyHeapPointer(table());
1042
  CHECK(table()->IsHashTable() || table()->IsUndefined(GetIsolate()));
1043 1044
}

1045 1046 1047 1048 1049 1050 1051 1052 1053 1054
void JSArrayIterator::JSArrayIteratorVerify() {
  CHECK(IsJSArrayIterator());
  JSObjectVerify();
  CHECK(object()->IsJSReceiver() || object()->IsUndefined(GetIsolate()));

  CHECK_GE(index()->Number(), 0);
  CHECK_LE(index()->Number(), kMaxSafeInteger);
  CHECK(object_map()->IsMap() || object_map()->IsUndefined(GetIsolate()));
}

1055 1056 1057
void JSStringIterator::JSStringIteratorVerify() {
  CHECK(IsJSStringIterator());
  JSObjectVerify();
1058
  CHECK(string()->IsString());
1059

1060 1061 1062
  CHECK_GE(index(), 0);
  CHECK_LE(index(), String::kMaxLength);
}
1063

1064 1065 1066 1067 1068 1069
void JSAsyncFromSyncIterator::JSAsyncFromSyncIteratorVerify() {
  CHECK(IsJSAsyncFromSyncIterator());
  JSObjectVerify();
  VerifyHeapPointer(sync_iterator());
}

1070 1071 1072 1073
void JSWeakSet::JSWeakSetVerify() {
  CHECK(IsJSWeakSet());
  JSObjectVerify();
  VerifyHeapPointer(table());
1074
  CHECK(table()->IsHashTable() || table()->IsUndefined(GetIsolate()));
1075 1076
}

1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102
void Microtask::MicrotaskVerify() { CHECK(IsMicrotask()); }

void CallableTask::CallableTaskVerify() {
  CHECK(IsCallableTask());
  MicrotaskVerify();
  VerifyHeapPointer(callable());
  CHECK(callable()->IsCallable());
  VerifyHeapPointer(context());
  CHECK(context()->IsContext());
}

void CallbackTask::CallbackTaskVerify() {
  CHECK(IsCallbackTask());
  MicrotaskVerify();
  VerifyHeapPointer(callback());
  VerifyHeapPointer(data());
}

void PromiseReactionJobTask::PromiseReactionJobTaskVerify() {
  CHECK(IsPromiseReactionJobTask());
  MicrotaskVerify();
  Isolate* isolate = GetIsolate();
  VerifyPointer(argument());
  VerifyHeapPointer(context());
  CHECK(context()->IsContext());
  VerifyHeapPointer(handler());
1103 1104 1105 1106 1107 1108 1109
  VerifyHeapPointer(payload());
  if (handler()->IsCode()) {
    CHECK(payload()->IsJSReceiver());
  } else {
    CHECK(handler()->IsUndefined(isolate) || handler()->IsCallable());
    CHECK(payload()->IsJSPromise() || payload()->IsPromiseCapability());
  }
1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135
}

void PromiseFulfillReactionJobTask::PromiseFulfillReactionJobTaskVerify() {
  CHECK(IsPromiseFulfillReactionJobTask());
  PromiseReactionJobTaskVerify();
}

void PromiseRejectReactionJobTask::PromiseRejectReactionJobTaskVerify() {
  CHECK(IsPromiseRejectReactionJobTask());
  PromiseReactionJobTaskVerify();
}

void PromiseResolveThenableJobTask::PromiseResolveThenableJobTaskVerify() {
  CHECK(IsPromiseResolveThenableJobTask());
  MicrotaskVerify();
  VerifyHeapPointer(context());
  CHECK(context()->IsContext());
  VerifyHeapPointer(promise_to_resolve());
  CHECK(promise_to_resolve()->IsJSPromise());
  VerifyHeapPointer(then());
  CHECK(then()->IsCallable());
  CHECK(then()->IsJSReceiver());
  VerifyHeapPointer(thenable());
  CHECK(thenable()->IsJSReceiver());
}

1136 1137
void PromiseCapability::PromiseCapabilityVerify() {
  CHECK(IsPromiseCapability());
1138 1139 1140
  Isolate* isolate = GetIsolate();
  VerifyHeapPointer(promise());
  CHECK(promise()->IsJSReceiver() || promise()->IsUndefined(isolate));
1141 1142 1143 1144
  VerifyPointer(resolve());
  VerifyPointer(reject());
}

1145 1146 1147 1148 1149 1150 1151
void PromiseReaction::PromiseReactionVerify() {
  CHECK(IsPromiseReaction());
  Isolate* isolate = GetIsolate();
  VerifyPointer(next());
  CHECK(next()->IsSmi() || next()->IsPromiseReaction());
  VerifyHeapPointer(reject_handler());
  VerifyHeapPointer(fulfill_handler());
1152 1153 1154 1155 1156 1157 1158 1159 1160 1161 1162
  VerifyHeapPointer(payload());
  if (reject_handler()->IsCode()) {
    CHECK(fulfill_handler()->IsCode());
    CHECK(payload()->IsJSReceiver());
  } else {
    CHECK(reject_handler()->IsUndefined(isolate) ||
          reject_handler()->IsCallable());
    CHECK(fulfill_handler()->IsUndefined(isolate) ||
          fulfill_handler()->IsCallable());
    CHECK(payload()->IsJSPromise() || payload()->IsPromiseCapability());
  }
1163 1164
}

1165 1166 1167
void JSPromise::JSPromiseVerify() {
  CHECK(IsJSPromise());
  JSObjectVerify();
1168 1169 1170 1171 1172
  VerifyPointer(reactions_or_result());
  VerifySmiField(kFlagsOffset);
  if (status() == Promise::kPending) {
    CHECK(reactions()->IsSmi() || reactions()->IsPromiseReaction());
  }
1173
}
1174

1175 1176 1177
template <typename Derived>
void SmallOrderedHashTable<Derived>::SmallOrderedHashTableVerify() {
  CHECK(IsSmallOrderedHashTable());
1178 1179 1180 1181 1182
  Isolate* isolate = GetIsolate();

  for (int entry = 0; entry < NumberOfBuckets(); entry++) {
    int bucket = GetFirstEntry(entry);
    if (bucket == kNotFound) continue;
1183 1184 1185 1186 1187

    for (int offset = 0; offset < Derived::kEntrySize; offset++) {
      Object* val = GetDataEntry(bucket, offset);
      CHECK(!val->IsTheHole(isolate));
    }
1188 1189 1190 1191 1192
  }

  for (int entry = 0; entry < NumberOfElements(); entry++) {
    int chain = GetNextEntry(entry);
    if (chain == kNotFound) continue;
1193 1194 1195 1196 1197

    for (int offset = 0; offset < Derived::kEntrySize; offset++) {
      Object* val = GetDataEntry(chain, offset);
      CHECK(!val->IsTheHole(isolate));
    }
1198 1199 1200
  }

  for (int entry = 0; entry < NumberOfElements(); entry++) {
1201 1202 1203 1204
    for (int offset = 0; offset < Derived::kEntrySize; offset++) {
      Object* val = GetDataEntry(entry, offset);
      VerifyPointer(val);
    }
1205 1206 1207
  }

  for (int entry = NumberOfElements(); entry < Capacity(); entry++) {
1208 1209 1210 1211
    for (int offset = 0; offset < Derived::kEntrySize; offset++) {
      Object* val = GetDataEntry(entry, offset);
      CHECK(val->IsTheHole(isolate));
    }
1212 1213 1214
  }
}

1215 1216 1217 1218 1219
template void
SmallOrderedHashTable<SmallOrderedHashMap>::SmallOrderedHashTableVerify();
template void
SmallOrderedHashTable<SmallOrderedHashSet>::SmallOrderedHashTableVerify();

1220 1221
void JSRegExp::JSRegExpVerify() {
  JSObjectVerify();
1222 1223
  Isolate* isolate = GetIsolate();
  CHECK(data()->IsUndefined(isolate) || data()->IsFixedArray());
1224 1225 1226
  switch (TypeTag()) {
    case JSRegExp::ATOM: {
      FixedArray* arr = FixedArray::cast(data());
1227
      CHECK(arr->get(JSRegExp::kAtomPatternIndex)->IsString());
1228
      break;
1229
    }
1230
    case JSRegExp::IRREGEXP: {
1231
      bool is_native = RegExpImpl::UsesNativeRegExp();
1232

1233
      FixedArray* arr = FixedArray::cast(data());
1234
      Object* one_byte_data = arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
1235
      // Smi : Not compiled yet (-1).
1236
      // Code/ByteArray: Compiled code.
1237
      CHECK(
jgruber's avatar
jgruber committed
1238 1239
          (one_byte_data->IsSmi() &&
           Smi::ToInt(one_byte_data) == JSRegExp::kUninitializedValue) ||
1240
          (is_native ? one_byte_data->IsCode() : one_byte_data->IsByteArray()));
1241
      Object* uc16_data = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
1242
      CHECK((uc16_data->IsSmi() &&
jgruber's avatar
jgruber committed
1243
             Smi::ToInt(uc16_data) == JSRegExp::kUninitializedValue) ||
1244
            (is_native ? uc16_data->IsCode() : uc16_data->IsByteArray()));
1245

1246 1247
      CHECK(arr->get(JSRegExp::kIrregexpCaptureCountIndex)->IsSmi());
      CHECK(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex)->IsSmi());
1248 1249 1250
      break;
    }
    default:
1251
      CHECK_EQ(JSRegExp::NOT_COMPILED, TypeTag());
1252
      CHECK(data()->IsUndefined(isolate));
1253
      break;
1254
  }
1255 1256
}

1257
void JSProxy::JSProxyVerify() {
1258
  CHECK(IsJSProxy());
1259
  VerifyPointer(target());
1260
  VerifyPointer(handler());
1261
  Isolate* isolate = GetIsolate();
1262 1263 1264 1265
  if (!IsRevoked()) {
    CHECK_EQ(target()->IsCallable(), map()->is_callable());
    CHECK_EQ(target()->IsConstructor(), map()->is_constructor());
  }
1266
  CHECK(map()->prototype()->IsNull(isolate));
1267 1268
  // There should be no properties on a Proxy.
  CHECK_EQ(0, map()->NumberOfOwnDescriptors());
1269 1270
}

1271

1272 1273 1274 1275
void JSArrayBuffer::JSArrayBufferVerify() {
  CHECK(IsJSArrayBuffer());
  JSObjectVerify();
  VerifyPointer(byte_length());
1276 1277
  CHECK(byte_length()->IsSmi() || byte_length()->IsHeapNumber() ||
        byte_length()->IsUndefined(GetIsolate()));
1278 1279
}

1280

1281 1282
void JSArrayBufferView::JSArrayBufferViewVerify() {
  CHECK(IsJSArrayBufferView());
1283 1284
  JSObjectVerify();
  VerifyPointer(buffer());
1285 1286
  Isolate* isolate = GetIsolate();
  CHECK(buffer()->IsJSArrayBuffer() || buffer()->IsUndefined(isolate) ||
1287
        buffer() == Smi::kZero);
1288

1289 1290
  VerifyPointer(raw_byte_offset());
  CHECK(raw_byte_offset()->IsSmi() || raw_byte_offset()->IsHeapNumber() ||
1291
        raw_byte_offset()->IsUndefined(isolate));
1292

1293 1294
  VerifyPointer(raw_byte_length());
  CHECK(raw_byte_length()->IsSmi() || raw_byte_length()->IsHeapNumber() ||
1295
        raw_byte_length()->IsUndefined(isolate));
1296 1297
}

1298

1299 1300 1301
void JSTypedArray::JSTypedArrayVerify() {
  CHECK(IsJSTypedArray());
  JSArrayBufferViewVerify();
1302
  VerifyPointer(raw_length());
1303
  CHECK(raw_length()->IsSmi() || raw_length()->IsUndefined(GetIsolate()));
1304 1305 1306 1307
  VerifyPointer(elements());
}


1308 1309 1310 1311 1312 1313
void JSDataView::JSDataViewVerify() {
  CHECK(IsJSDataView());
  JSArrayBufferViewVerify();
}


1314
void Foreign::ForeignVerify() {
1315
  CHECK(IsForeign());
1316 1317 1318
}


1319 1320 1321 1322 1323 1324 1325 1326 1327 1328 1329
void AsyncGeneratorRequest::AsyncGeneratorRequestVerify() {
  CHECK(IsAsyncGeneratorRequest());
  VerifySmiField(kResumeModeOffset);
  CHECK_GE(resume_mode(), JSGeneratorObject::kNext);
  CHECK_LE(resume_mode(), JSGeneratorObject::kThrow);
  CHECK(promise()->IsJSPromise());
  VerifyPointer(value());
  VerifyPointer(next());
  next()->ObjectVerify();
}

1330 1331 1332 1333 1334
void BigInt::BigIntVerify() {
  CHECK(IsBigInt());
  CHECK_GE(length(), 0);
  CHECK_IMPLIES(is_zero(), !sign());  // There is no -0n.
}
1335

1336 1337
void JSModuleNamespace::JSModuleNamespaceVerify() {
  CHECK(IsJSModuleNamespace());
1338
  VerifyPointer(module());
1339 1340
}

1341 1342 1343 1344 1345 1346 1347 1348 1349 1350 1351 1352 1353 1354 1355 1356 1357 1358
void ModuleInfoEntry::ModuleInfoEntryVerify() {
  Isolate* isolate = GetIsolate();
  CHECK(IsModuleInfoEntry());

  CHECK(export_name()->IsUndefined(isolate) || export_name()->IsString());
  CHECK(local_name()->IsUndefined(isolate) || local_name()->IsString());
  CHECK(import_name()->IsUndefined(isolate) || import_name()->IsString());

  VerifySmiField(kModuleRequestOffset);
  VerifySmiField(kCellIndexOffset);
  VerifySmiField(kBegPosOffset);
  VerifySmiField(kEndPosOffset);

  CHECK_IMPLIES(import_name()->IsString(), module_request() >= 0);
  CHECK_IMPLIES(export_name()->IsString() && import_name()->IsString(),
                local_name()->IsUndefined(isolate));
}

1359 1360
void Module::ModuleVerify() {
  CHECK(IsModule());
1361 1362 1363 1364 1365

  VerifyPointer(code());
  VerifyPointer(exports());
  VerifyPointer(module_namespace());
  VerifyPointer(requested_modules());
1366
  VerifyPointer(script());
1367
  VerifyPointer(import_meta());
1368
  VerifyPointer(exception());
1369
  VerifySmiField(kHashOffset);
1370
  VerifySmiField(kStatusOffset);
1371

1372 1373
  CHECK((status() >= kEvaluating && code()->IsModuleInfo()) ||
        (status() == kInstantiated && code()->IsJSGeneratorObject()) ||
1374
        (status() == kInstantiating && code()->IsJSFunction()) ||
1375
        (code()->IsSharedFunctionInfo()));
1376 1377

  CHECK_EQ(status() == kErrored, !exception()->IsTheHole(GetIsolate()));
1378 1379

  CHECK(module_namespace()->IsUndefined(GetIsolate()) ||
1380
        module_namespace()->IsJSModuleNamespace());
1381
  if (module_namespace()->IsJSModuleNamespace()) {
1382
    CHECK_LE(kInstantiating, status());
1383 1384 1385 1386
    CHECK_EQ(JSModuleNamespace::cast(module_namespace())->module(), this);
  }

  CHECK_EQ(requested_modules()->length(), info()->module_requests()->length());
1387

1388 1389
  CHECK(import_meta()->IsTheHole(GetIsolate()) || import_meta()->IsJSObject());

1390
  CHECK_NE(hash(), 0);
1391
}
1392

1393 1394
void PrototypeInfo::PrototypeInfoVerify() {
  CHECK(IsPrototypeInfo());
1395
  CHECK(weak_cell()->IsWeakCell() || weak_cell()->IsUndefined(GetIsolate()));
1396 1397 1398 1399 1400
  if (prototype_users()->IsWeakFixedArray()) {
    WeakFixedArray::cast(prototype_users())->FixedArrayVerify();
  } else {
    CHECK(prototype_users()->IsSmi());
  }
1401
  CHECK(validity_cell()->IsSmi() || validity_cell()->IsCell());
1402 1403
}

1404 1405
void Tuple2::Tuple2Verify() {
  CHECK(IsTuple2());
1406 1407 1408 1409 1410 1411 1412 1413
  Heap* heap = GetHeap();
  if (this == heap->empty_enum_cache()) {
    CHECK_EQ(heap->empty_fixed_array(), EnumCache::cast(this)->keys());
    CHECK_EQ(heap->empty_fixed_array(), EnumCache::cast(this)->indices());
  } else {
    VerifyObjectField(kValue1Offset);
    VerifyObjectField(kValue2Offset);
  }
1414 1415
}

1416 1417 1418 1419 1420 1421 1422
void Tuple3::Tuple3Verify() {
  CHECK(IsTuple3());
  VerifyObjectField(kValue1Offset);
  VerifyObjectField(kValue2Offset);
  VerifyObjectField(kValue3Offset);
}

1423 1424 1425 1426 1427
void DataHandler::DataHandlerVerify() {
  CHECK(IsDataHandler());
  CHECK_IMPLIES(!smi_handler()->IsSmi(),
                smi_handler()->IsCode() && IsStoreHandler());
  CHECK(validity_cell()->IsSmi() || validity_cell()->IsCell());
1428 1429 1430 1431 1432
  int data_count = data_field_count();
  if (data_count >= 1) {
    VerifyObjectField(kData1Offset);
  }
  if (data_count >= 2) {
1433 1434
    VerifyObjectField(kData2Offset);
  }
1435 1436 1437
  if (data_count >= 3) {
    VerifyObjectField(kData3Offset);
  }
1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449
}

void LoadHandler::LoadHandlerVerify() {
  DataHandler::DataHandlerVerify();
  // TODO(ishell): check handler integrity
}

void StoreHandler::StoreHandlerVerify() {
  DataHandler::DataHandlerVerify();
  // TODO(ishell): check handler integrity
}

1450 1451
void ContextExtension::ContextExtensionVerify() {
  CHECK(IsContextExtension());
1452 1453 1454 1455
  VerifyObjectField(kScopeInfoOffset);
  VerifyObjectField(kExtensionOffset);
}

1456 1457 1458 1459
void AccessorInfo::AccessorInfoVerify() {
  CHECK(IsAccessorInfo());
  VerifyPointer(name());
  VerifyPointer(expected_receiver_type());
1460 1461 1462
  VerifyForeignPointer(this, getter());
  VerifyForeignPointer(this, setter());
  VerifyForeignPointer(this, js_getter());
1463 1464 1465 1466
  VerifyPointer(data());
}


1467 1468 1469 1470 1471 1472 1473
void AccessorPair::AccessorPairVerify() {
  CHECK(IsAccessorPair());
  VerifyPointer(getter());
  VerifyPointer(setter());
}


1474 1475
void AccessCheckInfo::AccessCheckInfoVerify() {
  CHECK(IsAccessCheckInfo());
1476
  VerifyPointer(callback());
1477 1478
  VerifyPointer(named_interceptor());
  VerifyPointer(indexed_interceptor());
1479 1480 1481
  VerifyPointer(data());
}

1482

1483 1484
void InterceptorInfo::InterceptorInfoVerify() {
  CHECK(IsInterceptorInfo());
1485 1486 1487 1488 1489
  VerifyForeignPointer(this, getter());
  VerifyForeignPointer(this, setter());
  VerifyForeignPointer(this, query());
  VerifyForeignPointer(this, deleter());
  VerifyForeignPointer(this, enumerator());
1490
  VerifyPointer(data());
1491
  VerifySmiField(kFlagsOffset);
1492
}
1493

1494 1495 1496 1497

void TemplateInfo::TemplateInfoVerify() {
  VerifyPointer(tag());
  VerifyPointer(property_list());
1498
  VerifyPointer(property_accessors());
1499 1500
}

1501

1502 1503 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513
void FunctionTemplateInfo::FunctionTemplateInfoVerify() {
  CHECK(IsFunctionTemplateInfo());
  TemplateInfoVerify();
  VerifyPointer(serial_number());
  VerifyPointer(call_code());
  VerifyPointer(prototype_template());
  VerifyPointer(parent_template());
  VerifyPointer(named_property_handler());
  VerifyPointer(indexed_property_handler());
  VerifyPointer(instance_template());
  VerifyPointer(signature());
  VerifyPointer(access_check_info());
1514
  VerifyPointer(cached_property_name());
1515 1516 1517 1518 1519 1520 1521
}


void ObjectTemplateInfo::ObjectTemplateInfoVerify() {
  CHECK(IsObjectTemplateInfo());
  TemplateInfoVerify();
  VerifyPointer(constructor());
1522
  VerifyPointer(data());
1523 1524
}

1525

1526 1527 1528 1529 1530
void AllocationSite::AllocationSiteVerify() {
  CHECK(IsAllocationSite());
}


1531 1532
void AllocationMemento::AllocationMementoVerify() {
  CHECK(IsAllocationMemento());
1533 1534
  VerifyHeapPointer(allocation_site());
  CHECK(!IsValid() || GetAllocationSite()->IsAllocationSite());
1535 1536 1537
}


1538 1539 1540 1541
void Script::ScriptVerify() {
  CHECK(IsScript());
  VerifyPointer(source());
  VerifyPointer(name());
1542
  VerifyPointer(wrapper());
1543
  VerifyPointer(line_ends());
1544 1545 1546
}


1547
void NormalizedMapCache::NormalizedMapCacheVerify() {
1548
  FixedArray::cast(this)->FixedArrayVerify();
1549
  if (FLAG_enable_slow_asserts) {
1550
    Isolate* isolate = GetIsolate();
1551
    for (int i = 0; i < length(); i++) {
1552
      Object* e = FixedArray::get(i);
1553 1554 1555 1556
      if (e->IsWeakCell()) {
        if (!WeakCell::cast(e)->cleared()) {
          Map::cast(WeakCell::cast(e)->value())->DictionaryMapVerify();
        }
1557
      } else {
1558
        CHECK(e->IsUndefined(isolate));
1559 1560 1561 1562 1563 1564
      }
    }
  }
}


1565 1566 1567
void DebugInfo::DebugInfoVerify() {
  CHECK(IsDebugInfo());
  VerifyPointer(shared());
1568
  VerifyPointer(debug_bytecode_array());
1569 1570 1571 1572
  VerifyPointer(break_points());
}


1573 1574 1575 1576 1577 1578
void StackFrameInfo::StackFrameInfoVerify() {
  CHECK(IsStackFrameInfo());
  VerifyPointer(script_name());
  VerifyPointer(script_name_or_source_url());
  VerifyPointer(function_name());
}
1579 1580 1581 1582 1583 1584 1585

void PreParsedScopeData::PreParsedScopeDataVerify() {
  CHECK(IsPreParsedScopeData());
  CHECK(scope_data()->IsByteArray());
  CHECK(child_data()->IsFixedArray());
}

1586
#endif  // VERIFY_HEAP
1587

1588
#ifdef DEBUG
1589 1590 1591 1592 1593 1594 1595

void JSObject::IncrementSpillStatistics(SpillInformation* info) {
  info->number_of_objects_++;
  // Named properties
  if (HasFastProperties()) {
    info->number_of_objects_with_fast_properties_++;
    info->number_of_fast_used_fields_   += map()->NextFreePropertyIndex();
1596
    info->number_of_fast_unused_fields_ += map()->UnusedPropertyFields();
1597
  } else if (IsJSGlobalObject()) {
1598
    GlobalDictionary* dict = JSGlobalObject::cast(this)->global_dictionary();
1599 1600 1601
    info->number_of_slow_used_properties_ += dict->NumberOfElements();
    info->number_of_slow_unused_properties_ +=
        dict->Capacity() - dict->NumberOfElements();
1602
  } else {
1603
    NameDictionary* dict = property_dictionary();
1604 1605 1606 1607 1608
    info->number_of_slow_used_properties_ += dict->NumberOfElements();
    info->number_of_slow_unused_properties_ +=
        dict->Capacity() - dict->NumberOfElements();
  }
  // Indexed properties
1609
  switch (GetElementsKind()) {
1610 1611 1612 1613 1614 1615
    case HOLEY_SMI_ELEMENTS:
    case PACKED_SMI_ELEMENTS:
    case HOLEY_DOUBLE_ELEMENTS:
    case PACKED_DOUBLE_ELEMENTS:
    case HOLEY_ELEMENTS:
    case PACKED_ELEMENTS:
1616
    case FAST_STRING_WRAPPER_ELEMENTS: {
1617 1618 1619 1620
      info->number_of_objects_with_fast_elements_++;
      int holes = 0;
      FixedArray* e = FixedArray::cast(elements());
      int len = e->length();
1621
      Isolate* isolate = GetIsolate();
1622
      for (int i = 0; i < len; i++) {
1623
        if (e->get(i)->IsTheHole(isolate)) holes++;
1624 1625 1626 1627
      }
      info->number_of_fast_used_elements_   += len - holes;
      info->number_of_fast_unused_elements_ += holes;
      break;
1628
    }
1629 1630 1631 1632 1633 1634 1635

#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size)                       \
    case TYPE##_ELEMENTS:

    TYPED_ARRAYS(TYPED_ARRAY_CASE)
#undef TYPED_ARRAY_CASE
    { info->number_of_objects_with_fast_elements_++;
1636
      FixedArrayBase* e = FixedArrayBase::cast(elements());
1637 1638 1639
      info->number_of_fast_used_elements_ += e->length();
      break;
    }
1640 1641
    case DICTIONARY_ELEMENTS:
    case SLOW_STRING_WRAPPER_ELEMENTS: {
1642
      NumberDictionary* dict = element_dictionary();
1643 1644 1645 1646 1647
      info->number_of_slow_used_elements_ += dict->NumberOfElements();
      info->number_of_slow_unused_elements_ +=
          dict->Capacity() - dict->NumberOfElements();
      break;
    }
1648 1649
    case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
    case SLOW_SLOPPY_ARGUMENTS_ELEMENTS:
1650
    case NO_ELEMENTS:
1651
      break;
1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669
  }
}


void JSObject::SpillInformation::Clear() {
  number_of_objects_ = 0;
  number_of_objects_with_fast_properties_ = 0;
  number_of_objects_with_fast_elements_ = 0;
  number_of_fast_used_fields_ = 0;
  number_of_fast_unused_fields_ = 0;
  number_of_slow_used_properties_ = 0;
  number_of_slow_unused_properties_ = 0;
  number_of_fast_used_elements_ = 0;
  number_of_fast_unused_elements_ = 0;
  number_of_slow_used_elements_ = 0;
  number_of_slow_unused_elements_ = 0;
}

1670

1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693
void JSObject::SpillInformation::Print() {
  PrintF("\n  JSObject Spill Statistics (#%d):\n", number_of_objects_);

  PrintF("    - fast properties (#%d): %d (used) %d (unused)\n",
         number_of_objects_with_fast_properties_,
         number_of_fast_used_fields_, number_of_fast_unused_fields_);

  PrintF("    - slow properties (#%d): %d (used) %d (unused)\n",
         number_of_objects_ - number_of_objects_with_fast_properties_,
         number_of_slow_used_properties_, number_of_slow_unused_properties_);

  PrintF("    - fast elements (#%d): %d (used) %d (unused)\n",
         number_of_objects_with_fast_elements_,
         number_of_fast_used_elements_, number_of_fast_unused_elements_);

  PrintF("    - slow elements (#%d): %d (used) %d (unused)\n",
         number_of_objects_ - number_of_objects_with_fast_elements_,
         number_of_slow_used_elements_, number_of_slow_unused_elements_);

  PrintF("\n");
}


1694 1695
bool DescriptorArray::IsSortedNoDuplicates(int valid_entries) {
  if (valid_entries == -1) valid_entries = number_of_descriptors();
1696
  Name* current_key = nullptr;
1697
  uint32_t current = 0;
1698
  for (int i = 0; i < number_of_descriptors(); i++) {
1699
    Name* key = GetSortedKey(i);
1700
    if (key == current_key) {
1701
      Print();
1702 1703 1704
      return false;
    }
    current_key = key;
1705
    uint32_t hash = GetSortedKey(i)->Hash();
1706
    if (hash < current) {
1707
      Print();
1708 1709 1710 1711 1712 1713 1714 1715
      return false;
    }
    current = hash;
  }
  return true;
}


1716
bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
1717
  DCHECK_EQ(valid_entries, -1);
1718
  Name* prev_key = nullptr;
1719
  PropertyKind prev_kind = kData;
1720 1721
  PropertyAttributes prev_attributes = NONE;
  uint32_t prev_hash = 0;
1722
  for (int i = 0; i < number_of_transitions(); i++) {
1723
    Name* key = GetSortedKey(i);
1724
    uint32_t hash = key->Hash();
1725
    PropertyKind kind = kData;
1726
    PropertyAttributes attributes = NONE;
1727
    if (!TransitionsAccessor::IsSpecialTransition(key)) {
1728
      Map* target = GetTarget(i);
1729 1730
      PropertyDetails details =
          TransitionsAccessor::GetTargetDetails(key, target);
1731
      kind = details.kind();
1732 1733 1734
      attributes = details.attributes();
    } else {
      // Duplicate entries are not allowed for non-property transitions.
1735
      DCHECK_NE(prev_key, key);
1736
    }
1737

1738 1739
    int cmp = CompareKeys(prev_key, prev_hash, prev_kind, prev_attributes, key,
                          hash, kind, attributes);
1740 1741
    if (cmp >= 0) {
      Print();
1742 1743
      return false;
    }
1744 1745 1746
    prev_key = key;
    prev_hash = hash;
    prev_attributes = attributes;
1747
    prev_kind = kind;
1748 1749 1750 1751
  }
  return true;
}

1752
bool TransitionsAccessor::IsSortedNoDuplicates() {
1753
  // Simple and non-existent transitions are always sorted.
1754 1755
  if (encoding() != kFullTransitionArray) return true;
  return transitions()->IsSortedNoDuplicates();
1756 1757 1758
}


1759 1760 1761 1762
static bool CheckOneBackPointer(Map* current_map, Object* target) {
  return !target->IsMap() || Map::cast(target)->GetBackPointer() == current_map;
}

1763 1764 1765 1766 1767
bool TransitionsAccessor::IsConsistentWithBackPointers() {
  int num_transitions = NumberOfTransitions();
  for (int i = 0; i < num_transitions; i++) {
    Map* target = GetTarget(i);
    if (!CheckOneBackPointer(map_, target)) return false;
1768 1769 1770 1771
  }
  return true;
}

1772 1773 1774 1775 1776 1777 1778 1779 1780 1781 1782 1783 1784 1785 1786 1787 1788 1789 1790
// Estimates if there is a path from the object to a context.
// This function is not precise, and can return false even if
// there is a path to a context.
bool CanLeak(Object* obj, Heap* heap, bool skip_weak_cell) {
  if (!obj->IsHeapObject()) return false;
  if (obj->IsWeakCell()) {
    if (skip_weak_cell) return false;
    return CanLeak(WeakCell::cast(obj)->value(), heap, skip_weak_cell);
  }
  if (obj->IsCell()) {
    return CanLeak(Cell::cast(obj)->value(), heap, skip_weak_cell);
  }
  if (obj->IsPropertyCell()) {
    return CanLeak(PropertyCell::cast(obj)->value(), heap, skip_weak_cell);
  }
  if (obj->IsContext()) return true;
  if (obj->IsMap()) {
    Map* map = Map::cast(obj);
    for (int i = 0; i < Heap::kStrongRootListLength; i++) {
1791 1792
      Heap::RootListIndex root_index = static_cast<Heap::RootListIndex>(i);
      if (map == heap->root(root_index)) return false;
1793 1794 1795 1796 1797 1798 1799 1800 1801
    }
    return true;
  }
  return CanLeak(HeapObject::cast(obj)->map(), heap, skip_weak_cell);
}


void Code::VerifyEmbeddedObjects(VerifyMode mode) {
  if (kind() == OPTIMIZED_FUNCTION) return;
1802
  Heap* heap = GetIsolate()->heap();
1803
  int mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
1804
  bool skip_weak_cell = (mode == kNoContextSpecificPointers) ? false : true;
1805
  for (RelocIterator it(this, mask); !it.done(); it.next()) {
1806
    Object* target = it.rinfo()->target_object();
1807
    DCHECK(!CanLeak(target, heap, skip_weak_cell));
1808 1809 1810
  }
}

1811 1812
#endif  // DEBUG

1813 1814
}  // namespace internal
}  // namespace v8