Remove unsafe GetIsolates from string-stream.cc

Also deletes lots of code that attempts to detect when the heap is
corrupt but would likely just crash if the heap was corrupt.

Bug: v8:7786
Change-Id: I2e6bbea2e393b0f640a9d7180114560e7f6d3670
Reviewed-on: https://chromium-review.googlesource.com/1140061Reviewed-by: Ross McIlroy <rmcilroy@chromium.org>
Commit-Queue: Dan Elphick <delphick@chromium.org>
Cr-Commit-Position: refs/heads/master@{#54487}

src/string-stream.cc

@@ -187,9 +187,10 @@ void StringStream::PrintObject(Object* o) {
     return;
   }
   if (o->IsHeapObject() && object_print_mode_ == kPrintObjectVerbose) {
-    HeapObject* ho = HeapObject::cast(o);
-    DebugObjectCache* debug_object_cache = ho->GetIsolate()->
-        string_stream_debug_object_cache();
+    // TODO(delphick): Consider whether we can get the isolate without using
+    // TLS.
+    DebugObjectCache* debug_object_cache =
+        Isolate::Current()->string_stream_debug_object_cache();
     for (size_t i = 0; i < debug_object_cache->size(); i++) {
       if ((*debug_object_cache)[i] == o) {
         Add("#%d#", static_cast<int>(i));
@@ -294,12 +295,6 @@ void StringStream::PrintName(Object* name) {
 
 void StringStream::PrintUsingMap(JSObject* js_object) {
   Map* map = js_object->map();
-  if (!js_object->GetHeap()->Contains(map) ||
-      !map->IsHeapObject() ||
-      !map->IsMap()) {
-    Add("<Invalid map>\n");
-    return;
-  }
   int real_size = map->NumberOfOwnDescriptors();
   DescriptorArray* descs = map->instance_descriptors();
   for (int i = 0; i < real_size; i++) {
@@ -335,10 +330,10 @@ void StringStream::PrintUsingMap(JSObject* js_object) {
 
 
 void StringStream::PrintFixedArray(FixedArray* array, unsigned int limit) {
-  Isolate* isolate = array->GetIsolate();
+  ReadOnlyRoots roots = array->GetReadOnlyRoots();
   for (unsigned int i = 0; i < 10 && i < limit; i++) {
     Object* element = array->get(i);
-    if (element->IsTheHole(isolate)) continue;
+    if (element->IsTheHole(roots)) continue;
     for (int len = 1; len < 18; len++) {
       Put(' ');
     }
@@ -406,77 +401,20 @@ void StringStream::PrintMentionedObjectCache(Isolate* isolate) {
   }
 }
 
-
-void StringStream::PrintSecurityTokenIfChanged(Object* f) {
-  if (!f->IsHeapObject()) return;
-  HeapObject* obj = HeapObject::cast(f);
-  Isolate* isolate = obj->GetIsolate();
-  Heap* heap = isolate->heap();
-  if (!heap->Contains(obj)) return;
-  Map* map = obj->map();
-  if (!map->IsHeapObject() ||
-      !heap->Contains(map) ||
-      !map->IsMap() ||
-      !f->IsJSFunction()) {
-    return;
-  }
-
-  JSFunction* fun = JSFunction::cast(f);
-  Object* perhaps_context = fun->context();
-  if (perhaps_context->IsHeapObject() &&
-      heap->Contains(HeapObject::cast(perhaps_context)) &&
-      perhaps_context->IsContext()) {
-    Context* context = fun->context();
-    if (!heap->Contains(context)) {
-      Add("(Function context is outside heap)\n");
-      return;
-    }
-    Object* token = context->native_context()->security_token();
-    if (token != isolate->string_stream_current_security_token()) {
-      Add("Security context: %o\n", token);
-      isolate->set_string_stream_current_security_token(token);
-    }
-  } else {
-    Add("(Function context is corrupt)\n");
+void StringStream::PrintSecurityTokenIfChanged(JSFunction* fun) {
+  Context* context = fun->context();
+  Object* token = context->native_context()->security_token();
+  Isolate* isolate = fun->GetIsolate();
+  if (token != isolate->string_stream_current_security_token()) {
+    Add("Security context: %o\n", token);
+    isolate->set_string_stream_current_security_token(token);
   }
 }
 
-
-void StringStream::PrintFunction(Object* f, Object* receiver, Code** code) {
-  if (!f->IsHeapObject()) {
-    Add("/* warning: 'function' was not a heap object */ ");
-    return;
-  }
-  Heap* heap = HeapObject::cast(f)->GetHeap();
-  if (!heap->Contains(HeapObject::cast(f))) {
-    Add("/* warning: 'function' was not on the heap */ ");
-    return;
-  }
-  if (!heap->Contains(HeapObject::cast(f)->map())) {
-    Add("/* warning: function's map was not on the heap */ ");
-    return;
-  }
-  if (!HeapObject::cast(f)->map()->IsMap()) {
-    Add("/* warning: function's map was not a valid map */ ");
-    return;
-  }
-  if (f->IsJSFunction()) {
-    JSFunction* fun = JSFunction::cast(f);
-    // Common case: on-stack function present and resolved.
-    PrintPrototype(fun, receiver);
-    *code = fun->code();
-  } else if (f->IsInternalizedString()) {
-    // Unresolved and megamorphic calls: Instead of the function
-    // we have the function name on the stack.
-    PrintName(f);
-    Add("/* unresolved */ ");
-  } else {
-    // Unless this is the frame of a built-in function, we should always have
-    // the callee function or name on the stack. If we don't, we have a
-    // problem or a change of the stack frame layout.
-    Add("%o", f);
-    Add("/* warning: no JSFunction object or function name found */ ");
-  }
+void StringStream::PrintFunction(JSFunction* fun, Object* receiver,
+                                 Code** code) {
+  PrintPrototype(fun, receiver);
+  *code = fun->code();
 }
 
 

src/string-stream.h

@@ -144,9 +144,9 @@ class StringStream final {
   void PrintByteArray(ByteArray* ba);
   void PrintUsingMap(JSObject* js_object);
   void PrintPrototype(JSFunction* fun, Object* receiver);
-  void PrintSecurityTokenIfChanged(Object* function);
+  void PrintSecurityTokenIfChanged(JSFunction* function);
   // NOTE: Returns the code in the output parameter.
-  void PrintFunction(Object* function, Object* receiver, Code** code);
+  void PrintFunction(JSFunction* function, Object* receiver, Code** code);
 
   // Reset the stream.
   void Reset() {