Line data Source code
1 : // Copyright 2012 the V8 project authors. All rights reserved.
2 : // Use of this source code is governed by a BSD-style license that can be
3 : // found in the LICENSE file.
4 :
5 : #include "src/objects.h"
6 :
7 : #include "src/assembler-inl.h"
8 : #include "src/bootstrapper.h"
9 : #include "src/counters.h"
10 : #include "src/date.h"
11 : #include "src/disasm.h"
12 : #include "src/disassembler.h"
13 : #include "src/elements.h"
14 : #include "src/field-type.h"
15 : #include "src/layout-descriptor.h"
16 : #include "src/objects-inl.h"
17 : #include "src/objects/arguments-inl.h"
18 : #include "src/objects/bigint.h"
19 : #include "src/objects/cell-inl.h"
20 : #include "src/objects/data-handler-inl.h"
21 : #include "src/objects/debug-objects-inl.h"
22 : #include "src/objects/embedder-data-array-inl.h"
23 : #include "src/objects/embedder-data-slot-inl.h"
24 : #include "src/objects/feedback-cell-inl.h"
25 : #include "src/objects/foreign-inl.h"
26 : #include "src/objects/free-space-inl.h"
27 : #include "src/objects/hash-table-inl.h"
28 : #include "src/objects/js-array-inl.h"
29 : #ifdef V8_INTL_SUPPORT
30 : #include "src/objects/js-break-iterator-inl.h"
31 : #include "src/objects/js-collator-inl.h"
32 : #endif // V8_INTL_SUPPORT
33 : #include "src/objects/js-collection-inl.h"
34 : #ifdef V8_INTL_SUPPORT
35 : #include "src/objects/js-date-time-format-inl.h"
36 : #endif // V8_INTL_SUPPORT
37 : #include "src/objects/js-generator-inl.h"
38 : #ifdef V8_INTL_SUPPORT
39 : #include "src/objects/js-list-format-inl.h"
40 : #include "src/objects/js-locale-inl.h"
41 : #include "src/objects/js-number-format-inl.h"
42 : #include "src/objects/js-plural-rules-inl.h"
43 : #endif // V8_INTL_SUPPORT
44 : #include "src/objects/js-regexp-inl.h"
45 : #include "src/objects/js-regexp-string-iterator-inl.h"
46 : #ifdef V8_INTL_SUPPORT
47 : #include "src/objects/js-relative-time-format-inl.h"
48 : #include "src/objects/js-segment-iterator-inl.h"
49 : #include "src/objects/js-segmenter-inl.h"
50 : #endif // V8_INTL_SUPPORT
51 : #include "src/objects/js-weak-refs-inl.h"
52 : #include "src/objects/literal-objects-inl.h"
53 : #include "src/objects/maybe-object.h"
54 : #include "src/objects/microtask-inl.h"
55 : #include "src/objects/module-inl.h"
56 : #include "src/objects/oddball-inl.h"
57 : #include "src/objects/promise-inl.h"
58 : #include "src/objects/stack-frame-info-inl.h"
59 : #include "src/objects/struct-inl.h"
60 : #include "src/ostreams.h"
61 : #include "src/regexp/jsregexp.h"
62 : #include "src/transitions.h"
63 : #include "src/wasm/wasm-objects-inl.h"
64 :
65 : namespace v8 {
66 : namespace internal {
67 :
68 : // Heap Verification Overview
69 : // --------------------------
70 : // - Each InstanceType has a separate XXXVerify method which checks an object's
71 : // integrity in isolation.
72 : // - --verify-heap will iterate over all gc spaces and call ObjectVerify() on
73 : // every encountered tagged pointer.
74 : // - Verification should be pushed down to the specific instance type if its
75 : // integrity is independent of an outer object.
76 : // - In cases where the InstanceType is too genernic (e.g. FixedArray) the
77 : // XXXVerify of the outer method has to do recursive verification.
78 : // - If the corresponding objects have inheritence the parent's Verify method
79 : // is called as well.
80 : // - For any field containing pointes VerifyPointer(...) should be called.
81 : //
82 : // Caveats
83 : // -------
84 : // - Assume that any of the verify methods is incomplete!
85 : // - Some integrity checks are only partially done due to objects being in
86 : // partially initialized states when a gc happens, for instance when outer
87 : // objects are allocted before inner ones.
88 : //
89 :
90 : #ifdef VERIFY_HEAP
91 :
92 : void Object::ObjectVerify(Isolate* isolate) {
93 : RuntimeCallTimerScope timer(isolate, RuntimeCallCounterId::kObjectVerify);
94 : if (IsSmi()) {
95 : Smi::cast(*this)->SmiVerify(isolate);
96 : } else {
97 : HeapObject::cast(*this)->HeapObjectVerify(isolate);
98 : }
99 : CHECK(!IsConstructor() || IsCallable());
100 : }
101 :
102 : void Object::VerifyPointer(Isolate* isolate, Object p) {
103 : if (p->IsHeapObject()) {
104 : HeapObject::VerifyHeapPointer(isolate, p);
105 : } else {
106 : CHECK(p->IsSmi());
107 : }
108 : }
109 :
110 : void MaybeObject::VerifyMaybeObjectPointer(Isolate* isolate, MaybeObject p) {
111 : HeapObject heap_object;
112 : if (p->GetHeapObject(&heap_object)) {
113 : HeapObject::VerifyHeapPointer(isolate, heap_object);
114 : } else {
115 : CHECK(p->IsSmi() || p->IsCleared());
116 : }
117 : }
118 :
119 : namespace {
120 : void VerifyForeignPointer(Isolate* isolate, HeapObject host, Object foreign) {
121 : host->VerifyPointer(isolate, foreign);
122 : CHECK(foreign->IsUndefined(isolate) || Foreign::IsNormalized(foreign));
123 : }
124 : } // namespace
125 :
126 : void Smi::SmiVerify(Isolate* isolate) {
127 : CHECK(IsSmi());
128 : CHECK(!IsCallable());
129 : CHECK(!IsConstructor());
130 : }
131 :
132 : void HeapObject::HeapObjectVerify(Isolate* isolate) {
133 : VerifyHeapPointer(isolate, map());
134 : CHECK(map()->IsMap());
135 :
136 : switch (map()->instance_type()) {
137 : #define STRING_TYPE_CASE(TYPE, size, name, CamelName) case TYPE:
138 : STRING_TYPE_LIST(STRING_TYPE_CASE)
139 : #undef STRING_TYPE_CASE
140 : String::cast(*this)->StringVerify(isolate);
141 : break;
142 : case SYMBOL_TYPE:
143 : Symbol::cast(*this)->SymbolVerify(isolate);
144 : break;
145 : case MAP_TYPE:
146 : Map::cast(*this)->MapVerify(isolate);
147 : break;
148 : case HEAP_NUMBER_TYPE:
149 : CHECK(IsHeapNumber());
150 : break;
151 : case MUTABLE_HEAP_NUMBER_TYPE:
152 : CHECK(IsMutableHeapNumber());
153 : break;
154 : case BIGINT_TYPE:
155 : BigInt::cast(*this)->BigIntVerify(isolate);
156 : break;
157 : case CALL_HANDLER_INFO_TYPE:
158 : CallHandlerInfo::cast(*this)->CallHandlerInfoVerify(isolate);
159 : break;
160 : case OBJECT_BOILERPLATE_DESCRIPTION_TYPE:
161 : ObjectBoilerplateDescription::cast(*this)
162 : ->ObjectBoilerplateDescriptionVerify(isolate);
163 : break;
164 : case EMBEDDER_DATA_ARRAY_TYPE:
165 : EmbedderDataArray::cast(*this)->EmbedderDataArrayVerify(isolate);
166 : break;
167 : // FixedArray types
168 : case HASH_TABLE_TYPE:
169 : case ORDERED_HASH_MAP_TYPE:
170 : case ORDERED_HASH_SET_TYPE:
171 : case ORDERED_NAME_DICTIONARY_TYPE:
172 : case NAME_DICTIONARY_TYPE:
173 : case GLOBAL_DICTIONARY_TYPE:
174 : case NUMBER_DICTIONARY_TYPE:
175 : case SIMPLE_NUMBER_DICTIONARY_TYPE:
176 : case STRING_TABLE_TYPE:
177 : case EPHEMERON_HASH_TABLE_TYPE:
178 : case FIXED_ARRAY_TYPE:
179 : case SCOPE_INFO_TYPE:
180 : case SCRIPT_CONTEXT_TABLE_TYPE:
181 : FixedArray::cast(*this)->FixedArrayVerify(isolate);
182 : break;
183 : case AWAIT_CONTEXT_TYPE:
184 : case BLOCK_CONTEXT_TYPE:
185 : case CATCH_CONTEXT_TYPE:
186 : case DEBUG_EVALUATE_CONTEXT_TYPE:
187 : case EVAL_CONTEXT_TYPE:
188 : case FUNCTION_CONTEXT_TYPE:
189 : case MODULE_CONTEXT_TYPE:
190 : case SCRIPT_CONTEXT_TYPE:
191 : case WITH_CONTEXT_TYPE:
192 : Context::cast(*this)->ContextVerify(isolate);
193 : break;
194 : case NATIVE_CONTEXT_TYPE:
195 : NativeContext::cast(*this)->NativeContextVerify(isolate);
196 : break;
197 : case WEAK_FIXED_ARRAY_TYPE:
198 : WeakFixedArray::cast(*this)->WeakFixedArrayVerify(isolate);
199 : break;
200 : case WEAK_ARRAY_LIST_TYPE:
201 : WeakArrayList::cast(*this)->WeakArrayListVerify(isolate);
202 : break;
203 : case FIXED_DOUBLE_ARRAY_TYPE:
204 : FixedDoubleArray::cast(*this)->FixedDoubleArrayVerify(isolate);
205 : break;
206 : case FEEDBACK_METADATA_TYPE:
207 : FeedbackMetadata::cast(*this)->FeedbackMetadataVerify(isolate);
208 : break;
209 : case BYTE_ARRAY_TYPE:
210 : ByteArray::cast(*this)->ByteArrayVerify(isolate);
211 : break;
212 : case BYTECODE_ARRAY_TYPE:
213 : BytecodeArray::cast(*this)->BytecodeArrayVerify(isolate);
214 : break;
215 : case DESCRIPTOR_ARRAY_TYPE:
216 : DescriptorArray::cast(*this)->DescriptorArrayVerify(isolate);
217 : break;
218 : case TRANSITION_ARRAY_TYPE:
219 : TransitionArray::cast(*this)->TransitionArrayVerify(isolate);
220 : break;
221 : case PROPERTY_ARRAY_TYPE:
222 : PropertyArray::cast(*this)->PropertyArrayVerify(isolate);
223 : break;
224 : case FREE_SPACE_TYPE:
225 : FreeSpace::cast(*this)->FreeSpaceVerify(isolate);
226 : break;
227 : case FEEDBACK_CELL_TYPE:
228 : FeedbackCell::cast(*this)->FeedbackCellVerify(isolate);
229 : break;
230 : case FEEDBACK_VECTOR_TYPE:
231 : FeedbackVector::cast(*this)->FeedbackVectorVerify(isolate);
232 : break;
233 :
234 : #define VERIFY_TYPED_ARRAY(Type, type, TYPE, ctype) \
235 : case FIXED_##TYPE##_ARRAY_TYPE: \
236 : Fixed##Type##Array::cast(*this)->FixedTypedArrayVerify(isolate); \
237 : break;
238 :
239 : TYPED_ARRAYS(VERIFY_TYPED_ARRAY)
240 : #undef VERIFY_TYPED_ARRAY
241 :
242 : case CODE_TYPE:
243 : Code::cast(*this)->CodeVerify(isolate);
244 : break;
245 : case ODDBALL_TYPE:
246 : Oddball::cast(*this)->OddballVerify(isolate);
247 : break;
248 : case JS_OBJECT_TYPE:
249 : case JS_ERROR_TYPE:
250 : case JS_API_OBJECT_TYPE:
251 : case JS_SPECIAL_API_OBJECT_TYPE:
252 : case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
253 : case WASM_EXCEPTION_TYPE:
254 : case WASM_GLOBAL_TYPE:
255 : case WASM_MEMORY_TYPE:
256 : case WASM_TABLE_TYPE:
257 : JSObject::cast(*this)->JSObjectVerify(isolate);
258 : break;
259 : case WASM_MODULE_TYPE:
260 : WasmModuleObject::cast(*this)->WasmModuleObjectVerify(isolate);
261 : break;
262 : case WASM_INSTANCE_TYPE:
263 : WasmInstanceObject::cast(*this)->WasmInstanceObjectVerify(isolate);
264 : break;
265 : case JS_ARGUMENTS_TYPE:
266 : JSArgumentsObject::cast(*this)->JSArgumentsObjectVerify(isolate);
267 : break;
268 : case JS_GENERATOR_OBJECT_TYPE:
269 : JSGeneratorObject::cast(*this)->JSGeneratorObjectVerify(isolate);
270 : break;
271 : case JS_ASYNC_FUNCTION_OBJECT_TYPE:
272 : JSAsyncFunctionObject::cast(*this)->JSAsyncFunctionObjectVerify(isolate);
273 : break;
274 : case JS_ASYNC_GENERATOR_OBJECT_TYPE:
275 : JSAsyncGeneratorObject::cast(*this)->JSAsyncGeneratorObjectVerify(
276 : isolate);
277 : break;
278 : case JS_VALUE_TYPE:
279 : JSValue::cast(*this)->JSValueVerify(isolate);
280 : break;
281 : case JS_DATE_TYPE:
282 : JSDate::cast(*this)->JSDateVerify(isolate);
283 : break;
284 : case JS_BOUND_FUNCTION_TYPE:
285 : JSBoundFunction::cast(*this)->JSBoundFunctionVerify(isolate);
286 : break;
287 : case JS_FUNCTION_TYPE:
288 : JSFunction::cast(*this)->JSFunctionVerify(isolate);
289 : break;
290 : case JS_GLOBAL_PROXY_TYPE:
291 : JSGlobalProxy::cast(*this)->JSGlobalProxyVerify(isolate);
292 : break;
293 : case JS_GLOBAL_OBJECT_TYPE:
294 : JSGlobalObject::cast(*this)->JSGlobalObjectVerify(isolate);
295 : break;
296 : case CELL_TYPE:
297 : Cell::cast(*this)->CellVerify(isolate);
298 : break;
299 : case PROPERTY_CELL_TYPE:
300 : PropertyCell::cast(*this)->PropertyCellVerify(isolate);
301 : break;
302 : case JS_ARRAY_TYPE:
303 : JSArray::cast(*this)->JSArrayVerify(isolate);
304 : break;
305 : case JS_MODULE_NAMESPACE_TYPE:
306 : JSModuleNamespace::cast(*this)->JSModuleNamespaceVerify(isolate);
307 : break;
308 : case JS_SET_TYPE:
309 : JSSet::cast(*this)->JSSetVerify(isolate);
310 : break;
311 : case JS_MAP_TYPE:
312 : JSMap::cast(*this)->JSMapVerify(isolate);
313 : break;
314 : case JS_SET_KEY_VALUE_ITERATOR_TYPE:
315 : case JS_SET_VALUE_ITERATOR_TYPE:
316 : JSSetIterator::cast(*this)->JSSetIteratorVerify(isolate);
317 : break;
318 : case JS_MAP_KEY_ITERATOR_TYPE:
319 : case JS_MAP_KEY_VALUE_ITERATOR_TYPE:
320 : case JS_MAP_VALUE_ITERATOR_TYPE:
321 : JSMapIterator::cast(*this)->JSMapIteratorVerify(isolate);
322 : break;
323 : case JS_ARRAY_ITERATOR_TYPE:
324 : JSArrayIterator::cast(*this)->JSArrayIteratorVerify(isolate);
325 : break;
326 : case JS_STRING_ITERATOR_TYPE:
327 : JSStringIterator::cast(*this)->JSStringIteratorVerify(isolate);
328 : break;
329 : case JS_ASYNC_FROM_SYNC_ITERATOR_TYPE:
330 : JSAsyncFromSyncIterator::cast(*this)->JSAsyncFromSyncIteratorVerify(
331 : isolate);
332 : break;
333 : case JS_WEAK_CELL_TYPE:
334 : JSWeakCell::cast(*this)->JSWeakCellVerify(isolate);
335 : break;
336 : case JS_WEAK_REF_TYPE:
337 : JSWeakRef::cast(*this)->JSWeakRefVerify(isolate);
338 : break;
339 : case JS_WEAK_FACTORY_TYPE:
340 : JSWeakFactory::cast(*this)->JSWeakFactoryVerify(isolate);
341 : break;
342 : case JS_WEAK_FACTORY_CLEANUP_ITERATOR_TYPE:
343 : JSWeakFactoryCleanupIterator::cast(*this)
344 : ->JSWeakFactoryCleanupIteratorVerify(isolate);
345 : break;
346 : case JS_WEAK_MAP_TYPE:
347 : JSWeakMap::cast(*this)->JSWeakMapVerify(isolate);
348 : break;
349 : case JS_WEAK_SET_TYPE:
350 : JSWeakSet::cast(*this)->JSWeakSetVerify(isolate);
351 : break;
352 : case JS_PROMISE_TYPE:
353 : JSPromise::cast(*this)->JSPromiseVerify(isolate);
354 : break;
355 : case JS_REGEXP_TYPE:
356 : JSRegExp::cast(*this)->JSRegExpVerify(isolate);
357 : break;
358 : case JS_REGEXP_STRING_ITERATOR_TYPE:
359 : JSRegExpStringIterator::cast(*this)->JSRegExpStringIteratorVerify(
360 : isolate);
361 : break;
362 : case FILLER_TYPE:
363 : break;
364 : case JS_PROXY_TYPE:
365 : JSProxy::cast(*this)->JSProxyVerify(isolate);
366 : break;
367 : case FOREIGN_TYPE:
368 : Foreign::cast(*this)->ForeignVerify(isolate);
369 : break;
370 : case PREPARSE_DATA_TYPE:
371 : PreparseData::cast(*this)->PreparseDataVerify(isolate);
372 : break;
373 : case UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE:
374 : UncompiledDataWithoutPreparseData::cast(*this)
375 : ->UncompiledDataWithoutPreparseDataVerify(isolate);
376 : break;
377 : case UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE:
378 : UncompiledDataWithPreparseData::cast(*this)
379 : ->UncompiledDataWithPreparseDataVerify(isolate);
380 : break;
381 : case SHARED_FUNCTION_INFO_TYPE:
382 : SharedFunctionInfo::cast(*this)->SharedFunctionInfoVerify(isolate);
383 : break;
384 : case JS_MESSAGE_OBJECT_TYPE:
385 : JSMessageObject::cast(*this)->JSMessageObjectVerify(isolate);
386 : break;
387 : case JS_ARRAY_BUFFER_TYPE:
388 : JSArrayBuffer::cast(*this)->JSArrayBufferVerify(isolate);
389 : break;
390 : case JS_TYPED_ARRAY_TYPE:
391 : JSTypedArray::cast(*this)->JSTypedArrayVerify(isolate);
392 : break;
393 : case JS_DATA_VIEW_TYPE:
394 : JSDataView::cast(*this)->JSDataViewVerify(isolate);
395 : break;
396 : case SMALL_ORDERED_HASH_SET_TYPE:
397 : SmallOrderedHashSet::cast(*this)->SmallOrderedHashSetVerify(isolate);
398 : break;
399 : case SMALL_ORDERED_HASH_MAP_TYPE:
400 : SmallOrderedHashMap::cast(*this)->SmallOrderedHashMapVerify(isolate);
401 : break;
402 : case SMALL_ORDERED_NAME_DICTIONARY_TYPE:
403 : SmallOrderedNameDictionary::cast(*this)->SmallOrderedNameDictionaryVerify(
404 : isolate);
405 : break;
406 : case CODE_DATA_CONTAINER_TYPE:
407 : CodeDataContainer::cast(*this)->CodeDataContainerVerify(isolate);
408 : break;
409 : #ifdef V8_INTL_SUPPORT
410 : case JS_INTL_V8_BREAK_ITERATOR_TYPE:
411 : JSV8BreakIterator::cast(*this)->JSV8BreakIteratorVerify(isolate);
412 : break;
413 : case JS_INTL_COLLATOR_TYPE:
414 : JSCollator::cast(*this)->JSCollatorVerify(isolate);
415 : break;
416 : case JS_INTL_DATE_TIME_FORMAT_TYPE:
417 : JSDateTimeFormat::cast(*this)->JSDateTimeFormatVerify(isolate);
418 : break;
419 : case JS_INTL_LIST_FORMAT_TYPE:
420 : JSListFormat::cast(*this)->JSListFormatVerify(isolate);
421 : break;
422 : case JS_INTL_LOCALE_TYPE:
423 : JSLocale::cast(*this)->JSLocaleVerify(isolate);
424 : break;
425 : case JS_INTL_NUMBER_FORMAT_TYPE:
426 : JSNumberFormat::cast(*this)->JSNumberFormatVerify(isolate);
427 : break;
428 : case JS_INTL_PLURAL_RULES_TYPE:
429 : JSPluralRules::cast(*this)->JSPluralRulesVerify(isolate);
430 : break;
431 : case JS_INTL_RELATIVE_TIME_FORMAT_TYPE:
432 : JSRelativeTimeFormat::cast(*this)->JSRelativeTimeFormatVerify(isolate);
433 : break;
434 : case JS_INTL_SEGMENT_ITERATOR_TYPE:
435 : JSSegmentIterator::cast(*this)->JSSegmentIteratorVerify(isolate);
436 : break;
437 : case JS_INTL_SEGMENTER_TYPE:
438 : JSSegmenter::cast(*this)->JSSegmenterVerify(isolate);
439 : break;
440 : #endif // V8_INTL_SUPPORT
441 :
442 : #define MAKE_STRUCT_CASE(TYPE, Name, name) \
443 : case TYPE: \
444 : Name::cast(*this)->Name##Verify(isolate); \
445 : break;
446 : STRUCT_LIST(MAKE_STRUCT_CASE)
447 : #undef MAKE_STRUCT_CASE
448 :
449 : case ALLOCATION_SITE_TYPE:
450 : AllocationSite::cast(*this)->AllocationSiteVerify(isolate);
451 : break;
452 :
453 : case LOAD_HANDLER_TYPE:
454 : LoadHandler::cast(*this)->LoadHandlerVerify(isolate);
455 : break;
456 :
457 : case STORE_HANDLER_TYPE:
458 : StoreHandler::cast(*this)->StoreHandlerVerify(isolate);
459 : break;
460 : }
461 : }
462 :
463 : void HeapObject::VerifyHeapPointer(Isolate* isolate, Object p) {
464 : CHECK(p->IsHeapObject());
465 : HeapObject ho = HeapObject::cast(p);
466 : CHECK(isolate->heap()->Contains(ho));
467 : }
468 :
469 : void Symbol::SymbolVerify(Isolate* isolate) {
470 : CHECK(IsSymbol());
471 : CHECK(HasHashCode());
472 : CHECK_GT(Hash(), 0);
473 : CHECK(name()->IsUndefined(isolate) || name()->IsString());
474 : CHECK_IMPLIES(IsPrivateName(), IsPrivate());
475 : }
476 :
477 : void ByteArray::ByteArrayVerify(Isolate* isolate) { CHECK(IsByteArray()); }
478 :
479 : void BytecodeArray::BytecodeArrayVerify(Isolate* isolate) {
480 : // TODO(oth): Walk bytecodes and immediate values to validate sanity.
481 : // - All bytecodes are known and well formed.
482 : // - Jumps must go to new instructions starts.
483 : // - No Illegal bytecodes.
484 : // - No consecutive sequences of prefix Wide / ExtraWide.
485 : CHECK(IsBytecodeArray());
486 : CHECK(constant_pool()->IsFixedArray());
487 : VerifyHeapPointer(isolate, constant_pool());
488 : }
489 :
490 : void FreeSpace::FreeSpaceVerify(Isolate* isolate) { CHECK(IsFreeSpace()); }
491 :
492 : void FeedbackCell::FeedbackCellVerify(Isolate* isolate) {
493 : CHECK(IsFeedbackCell());
494 :
495 : VerifyHeapPointer(isolate, value());
496 : CHECK(value()->IsUndefined(isolate) || value()->IsFeedbackVector());
497 : }
498 :
499 : void FeedbackVector::FeedbackVectorVerify(Isolate* isolate) {
500 : CHECK(IsFeedbackVector());
501 : MaybeObject code = optimized_code_weak_or_smi();
502 : MaybeObject::VerifyMaybeObjectPointer(isolate, code);
503 : CHECK(code->IsSmi() || code->IsWeakOrCleared());
504 : }
505 :
506 : template <class Traits>
507 : void FixedTypedArray<Traits>::FixedTypedArrayVerify(Isolate* isolate) {
508 : CHECK(IsHeapObject() && map()->instance_type() == Traits::kInstanceType);
509 : if (base_pointer()->ptr() == ptr()) {
510 : CHECK(reinterpret_cast<Address>(external_pointer()) ==
511 : ExternalReference::fixed_typed_array_base_data_offset().address());
512 : } else {
513 : CHECK_EQ(base_pointer(), Smi::kZero);
514 : }
515 : }
516 :
517 : bool JSObject::ElementsAreSafeToExamine() const {
518 : // If a GC was caused while constructing this object, the elements
519 : // pointer may point to a one pointer filler map.
520 : return elements() != GetReadOnlyRoots().one_pointer_filler_map();
521 : }
522 :
523 : namespace {
524 : void VerifyJSObjectElements(Isolate* isolate, JSObject object) {
525 : // Only TypedArrays can have these specialized elements.
526 : if (object->IsJSTypedArray()) {
527 : // TODO(cbruni): Fix CreateTypedArray to either not instantiate the object
528 : // or propertly initialize it on errors during construction.
529 : /* CHECK(object->HasFixedTypedArrayElements()); */
530 : /* CHECK(object->elements()->IsFixedTypedArrayBase()); */
531 : return;
532 : }
533 : CHECK(!object->HasFixedTypedArrayElements());
534 : CHECK(!object->elements()->IsFixedTypedArrayBase());
535 :
536 : if (object->HasDoubleElements()) {
537 : if (object->elements()->length() > 0) {
538 : CHECK(object->elements()->IsFixedDoubleArray());
539 : }
540 : return;
541 : }
542 :
543 : FixedArray elements = FixedArray::cast(object->elements());
544 : if (object->HasSmiElements()) {
545 : // We might have a partially initialized backing store, in which case we
546 : // allow the hole + smi values.
547 : for (int i = 0; i < elements->length(); i++) {
548 : Object value = elements->get(i);
549 : CHECK(value->IsSmi() || value->IsTheHole(isolate));
550 : }
551 : } else if (object->HasObjectElements()) {
552 : for (int i = 0; i < elements->length(); i++) {
553 : Object element = elements->get(i);
554 : CHECK_IMPLIES(!element->IsSmi(), !HasWeakHeapObjectTag(element));
555 : }
556 : }
557 : }
558 : } // namespace
559 :
560 : void JSObject::JSObjectVerify(Isolate* isolate) {
561 : VerifyPointer(isolate, raw_properties_or_hash());
562 : VerifyHeapPointer(isolate, elements());
563 :
564 : CHECK_IMPLIES(HasSloppyArgumentsElements(), IsJSArgumentsObject());
565 : if (HasFastProperties()) {
566 : int actual_unused_property_fields = map()->GetInObjectProperties() +
567 : property_array()->length() -
568 : map()->NextFreePropertyIndex();
569 : if (map()->UnusedPropertyFields() != actual_unused_property_fields) {
570 : // There are two reasons why this can happen:
571 : // - in the middle of StoreTransitionStub when the new extended backing
572 : // store is already set into the object and the allocation of the
573 : // MutableHeapNumber triggers GC while the map isn't updated yet.
574 : // - deletion of the last property can leave additional backing store
575 : // capacity behind.
576 : CHECK_GT(actual_unused_property_fields, map()->UnusedPropertyFields());
577 : int delta = actual_unused_property_fields - map()->UnusedPropertyFields();
578 : CHECK_EQ(0, delta % JSObject::kFieldsAdded);
579 : }
580 : DescriptorArray descriptors = map()->instance_descriptors();
581 : bool is_transitionable_fast_elements_kind =
582 : IsTransitionableFastElementsKind(map()->elements_kind());
583 :
584 : for (int i = 0; i < map()->NumberOfOwnDescriptors(); i++) {
585 : PropertyDetails details = descriptors->GetDetails(i);
586 : if (details.location() == kField) {
587 : DCHECK_EQ(kData, details.kind());
588 : Representation r = details.representation();
589 : FieldIndex index = FieldIndex::ForDescriptor(map(), i);
590 : if (IsUnboxedDoubleField(index)) {
591 : DCHECK(r.IsDouble());
592 : continue;
593 : }
594 : Object value = RawFastPropertyAt(index);
595 : if (r.IsDouble()) DCHECK(value->IsMutableHeapNumber());
596 : if (value->IsUninitialized(isolate)) continue;
597 : if (r.IsSmi()) DCHECK(value->IsSmi());
598 : if (r.IsHeapObject()) DCHECK(value->IsHeapObject());
599 : FieldType field_type = descriptors->GetFieldType(i);
600 : bool type_is_none = field_type->IsNone();
601 : bool type_is_any = field_type->IsAny();
602 : if (r.IsNone()) {
603 : CHECK(type_is_none);
604 : } else if (!type_is_any && !(type_is_none && r.IsHeapObject())) {
605 : CHECK(!field_type->NowStable() || field_type->NowContains(value));
606 : }
607 : CHECK_IMPLIES(is_transitionable_fast_elements_kind,
608 : !Map::IsInplaceGeneralizableField(details.constness(), r,
609 : field_type));
610 : }
611 : }
612 :
613 : if (map()->EnumLength() != kInvalidEnumCacheSentinel) {
614 : EnumCache enum_cache = descriptors->enum_cache();
615 : FixedArray keys = enum_cache->keys();
616 : FixedArray indices = enum_cache->indices();
617 : CHECK_LE(map()->EnumLength(), keys->length());
618 : CHECK_IMPLIES(indices != ReadOnlyRoots(isolate).empty_fixed_array(),
619 : keys->length() == indices->length());
620 : }
621 : }
622 :
623 : // If a GC was caused while constructing this object, the elements
624 : // pointer may point to a one pointer filler map.
625 : if (ElementsAreSafeToExamine()) {
626 : CHECK_EQ((map()->has_fast_smi_or_object_elements() ||
627 : (elements() == GetReadOnlyRoots().empty_fixed_array()) ||
628 : HasFastStringWrapperElements()),
629 : (elements()->map() == GetReadOnlyRoots().fixed_array_map() ||
630 : elements()->map() == GetReadOnlyRoots().fixed_cow_array_map()));
631 : CHECK_EQ(map()->has_fast_object_elements(), HasObjectElements());
632 : VerifyJSObjectElements(isolate, *this);
633 : }
634 : }
635 :
636 : void Map::MapVerify(Isolate* isolate) {
637 : Heap* heap = isolate->heap();
638 : CHECK(!Heap::InNewSpace(*this));
639 : CHECK(FIRST_TYPE <= instance_type() && instance_type() <= LAST_TYPE);
640 : CHECK(instance_size() == kVariableSizeSentinel ||
641 : (kTaggedSize <= instance_size() &&
642 : static_cast<size_t>(instance_size()) < heap->Capacity()));
643 : CHECK(GetBackPointer()->IsUndefined(heap->isolate()) ||
644 : !Map::cast(GetBackPointer())->is_stable());
645 : HeapObject::VerifyHeapPointer(isolate, prototype());
646 : HeapObject::VerifyHeapPointer(isolate, instance_descriptors());
647 : SLOW_DCHECK(instance_descriptors()->IsSortedNoDuplicates());
648 : DisallowHeapAllocation no_gc;
649 : SLOW_DCHECK(
650 : TransitionsAccessor(isolate, *this, &no_gc).IsSortedNoDuplicates());
651 : SLOW_DCHECK(TransitionsAccessor(isolate, *this, &no_gc)
652 : .IsConsistentWithBackPointers());
653 : SLOW_DCHECK(!FLAG_unbox_double_fields ||
654 : layout_descriptor()->IsConsistentWithMap(*this));
655 : if (!may_have_interesting_symbols()) {
656 : CHECK(!has_named_interceptor());
657 : CHECK(!is_dictionary_map());
658 : CHECK(!is_access_check_needed());
659 : DescriptorArray const descriptors = instance_descriptors();
660 : for (int i = 0; i < NumberOfOwnDescriptors(); ++i) {
661 : CHECK(!descriptors->GetKey(i)->IsInterestingSymbol());
662 : }
663 : }
664 : CHECK_IMPLIES(has_named_interceptor(), may_have_interesting_symbols());
665 : CHECK_IMPLIES(is_dictionary_map(), may_have_interesting_symbols());
666 : CHECK_IMPLIES(is_access_check_needed(), may_have_interesting_symbols());
667 : CHECK_IMPLIES(IsJSObjectMap() && !CanHaveFastTransitionableElementsKind(),
668 : IsDictionaryElementsKind(elements_kind()) ||
669 : IsTerminalElementsKind(elements_kind()));
670 : if (is_prototype_map()) {
671 : DCHECK(prototype_info() == Smi::kZero ||
672 : prototype_info()->IsPrototypeInfo());
673 : }
674 : CHECK(prototype_validity_cell()->IsSmi() ||
675 : prototype_validity_cell()->IsCell());
676 : }
677 :
678 : void Map::DictionaryMapVerify(Isolate* isolate) {
679 : MapVerify(isolate);
680 : CHECK(is_dictionary_map());
681 : CHECK_EQ(kInvalidEnumCacheSentinel, EnumLength());
682 : CHECK_EQ(ReadOnlyRoots(isolate).empty_descriptor_array(),
683 : instance_descriptors());
684 : CHECK_EQ(0, UnusedPropertyFields());
685 : CHECK_EQ(Map::GetVisitorId(*this), visitor_id());
686 : }
687 :
688 : void AliasedArgumentsEntry::AliasedArgumentsEntryVerify(Isolate* isolate) {
689 : VerifySmiField(kAliasedContextSlot);
690 : }
691 :
692 : void EmbedderDataArray::EmbedderDataArrayVerify(Isolate* isolate) {
693 : EmbedderDataSlot start(*this, 0);
694 : EmbedderDataSlot end(*this, length());
695 : for (EmbedderDataSlot slot = start; slot < end; ++slot) {
696 : Object e = slot.load_tagged();
697 : Object::VerifyPointer(isolate, e);
698 : }
699 : }
700 :
701 : void FixedArray::FixedArrayVerify(Isolate* isolate) {
702 : for (int i = 0; i < length(); i++) {
703 : Object e = get(i);
704 : VerifyPointer(isolate, e);
705 : }
706 : }
707 :
708 : void WeakFixedArray::WeakFixedArrayVerify(Isolate* isolate) {
709 : for (int i = 0; i < length(); i++) {
710 : MaybeObject::VerifyMaybeObjectPointer(isolate, Get(i));
711 : }
712 : }
713 :
714 : void WeakArrayList::WeakArrayListVerify(Isolate* isolate) {
715 : for (int i = 0; i < length(); i++) {
716 : MaybeObject::VerifyMaybeObjectPointer(isolate, Get(i));
717 : }
718 : }
719 :
720 : void PropertyArray::PropertyArrayVerify(Isolate* isolate) {
721 : if (length() == 0) {
722 : CHECK_EQ(*this, ReadOnlyRoots(isolate).empty_property_array());
723 : return;
724 : }
725 : // There are no empty PropertyArrays.
726 : CHECK_LT(0, length());
727 : for (int i = 0; i < length(); i++) {
728 : Object e = get(i);
729 : Object::VerifyPointer(isolate, e);
730 : }
731 : }
732 :
733 : void FixedDoubleArray::FixedDoubleArrayVerify(Isolate* isolate) {
734 : for (int i = 0; i < length(); i++) {
735 : if (!is_the_hole(i)) {
736 : uint64_t value = get_representation(i);
737 : uint64_t unexpected =
738 : bit_cast<uint64_t>(std::numeric_limits<double>::quiet_NaN()) &
739 : uint64_t{0x7FF8000000000000};
740 : // Create implementation specific sNaN by inverting relevant bit.
741 : unexpected ^= uint64_t{0x0008000000000000};
742 : CHECK((value & uint64_t{0x7FF8000000000000}) != unexpected ||
743 : (value & uint64_t{0x0007FFFFFFFFFFFF}) == uint64_t{0});
744 : }
745 : }
746 : }
747 :
748 : void Context::ContextVerify(Isolate* isolate) {
749 : VerifySmiField(kLengthOffset);
750 : VerifyObjectField(isolate, kScopeInfoOffset);
751 : VerifyObjectField(isolate, kPreviousOffset);
752 : VerifyObjectField(isolate, kExtensionOffset);
753 : VerifyObjectField(isolate, kNativeContextOffset);
754 : for (int i = 0; i < length(); i++) {
755 : VerifyObjectField(isolate, OffsetOfElementAt(i));
756 : }
757 : }
758 :
759 : void NativeContext::NativeContextVerify(Isolate* isolate) {
760 : ContextVerify(isolate);
761 : CHECK_EQ(length(), NativeContext::NATIVE_CONTEXT_SLOTS);
762 : CHECK_EQ(kSize, map()->instance_size());
763 : }
764 :
765 : void FeedbackMetadata::FeedbackMetadataVerify(Isolate* isolate) {
766 : if (slot_count() == 0) {
767 : CHECK_EQ(ReadOnlyRoots(isolate).empty_feedback_metadata(), *this);
768 : } else {
769 : FeedbackMetadataIterator iter(*this);
770 : while (iter.HasNext()) {
771 : iter.Next();
772 : FeedbackSlotKind kind = iter.kind();
773 : CHECK_NE(FeedbackSlotKind::kInvalid, kind);
774 : CHECK_GT(FeedbackSlotKind::kKindsNumber, kind);
775 : }
776 : }
777 : }
778 :
779 : void DescriptorArray::DescriptorArrayVerify(Isolate* isolate) {
780 : for (int i = 0; i < number_of_all_descriptors(); i++) {
781 : MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToKeyIndex(i)));
782 : MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToDetailsIndex(i)));
783 : MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToValueIndex(i)));
784 : }
785 : if (number_of_all_descriptors() == 0) {
786 : Heap* heap = isolate->heap();
787 : CHECK_EQ(ReadOnlyRoots(heap).empty_descriptor_array(), *this);
788 : CHECK_EQ(0, number_of_all_descriptors());
789 : CHECK_EQ(0, number_of_descriptors());
790 : CHECK_EQ(ReadOnlyRoots(heap).empty_enum_cache(), enum_cache());
791 : } else {
792 : CHECK_LT(0, number_of_all_descriptors());
793 : CHECK_LE(number_of_descriptors(), number_of_all_descriptors());
794 :
795 : // Check that properties with private symbols names are non-enumerable.
796 : for (int descriptor = 0; descriptor < number_of_descriptors();
797 : descriptor++) {
798 : Object key = get(ToKeyIndex(descriptor))->cast<Object>();
799 : // number_of_descriptors() may be out of sync with the actual descriptors
800 : // written during descriptor array construction.
801 : if (key->IsUndefined(isolate)) continue;
802 : PropertyDetails details = GetDetails(descriptor);
803 : if (Name::cast(key)->IsPrivate()) {
804 : CHECK_NE(details.attributes() & DONT_ENUM, 0);
805 : }
806 : MaybeObject value = get(ToValueIndex(descriptor));
807 : HeapObject heap_object;
808 : if (details.location() == kField) {
809 : CHECK(
810 : value == MaybeObject::FromObject(FieldType::None()) ||
811 : value == MaybeObject::FromObject(FieldType::Any()) ||
812 : value->IsCleared() ||
813 : (value->GetHeapObjectIfWeak(&heap_object) && heap_object->IsMap()));
814 : } else {
815 : CHECK(!value->IsWeakOrCleared());
816 : CHECK(!value->cast<Object>()->IsMap());
817 : }
818 : }
819 : }
820 : }
821 :
822 : void TransitionArray::TransitionArrayVerify(Isolate* isolate) {
823 : WeakFixedArrayVerify(isolate);
824 : CHECK_LE(LengthFor(number_of_transitions()), length());
825 : }
826 :
827 : void JSArgumentsObject::JSArgumentsObjectVerify(Isolate* isolate) {
828 : if (IsSloppyArgumentsElementsKind(GetElementsKind())) {
829 : SloppyArgumentsElements::cast(elements())
830 : ->SloppyArgumentsElementsVerify(isolate, *this);
831 : }
832 : if (isolate->IsInAnyContext(map(), Context::SLOPPY_ARGUMENTS_MAP_INDEX) ||
833 : isolate->IsInAnyContext(map(),
834 : Context::SLOW_ALIASED_ARGUMENTS_MAP_INDEX) ||
835 : isolate->IsInAnyContext(map(),
836 : Context::FAST_ALIASED_ARGUMENTS_MAP_INDEX)) {
837 : VerifyObjectField(isolate, JSSloppyArgumentsObject::kLengthOffset);
838 : VerifyObjectField(isolate, JSSloppyArgumentsObject::kCalleeOffset);
839 : } else if (isolate->IsInAnyContext(map(),
840 : Context::STRICT_ARGUMENTS_MAP_INDEX)) {
841 : VerifyObjectField(isolate, JSStrictArgumentsObject::kLengthOffset);
842 : }
843 : JSObjectVerify(isolate);
844 : }
845 :
846 : void SloppyArgumentsElements::SloppyArgumentsElementsVerify(Isolate* isolate,
847 : JSObject holder) {
848 : FixedArrayVerify(isolate);
849 : // Abort verification if only partially initialized (can't use arguments()
850 : // getter because it does FixedArray::cast()).
851 : if (get(kArgumentsIndex)->IsUndefined(isolate)) return;
852 :
853 : ElementsKind kind = holder->GetElementsKind();
854 : bool is_fast = kind == FAST_SLOPPY_ARGUMENTS_ELEMENTS;
855 : CHECK(IsFixedArray());
856 : CHECK_GE(length(), 2);
857 : CHECK_EQ(map(), ReadOnlyRoots(isolate).sloppy_arguments_elements_map());
858 : Context context_object = context();
859 : FixedArray arg_elements = FixedArray::cast(arguments());
860 : if (arg_elements->length() == 0) {
861 : CHECK(arg_elements == ReadOnlyRoots(isolate).empty_fixed_array());
862 : return;
863 : }
864 : ElementsAccessor* accessor;
865 : if (is_fast) {
866 : accessor = ElementsAccessor::ForKind(HOLEY_ELEMENTS);
867 : } else {
868 : accessor = ElementsAccessor::ForKind(DICTIONARY_ELEMENTS);
869 : }
870 : int nofMappedParameters = 0;
871 : int maxMappedIndex = 0;
872 : for (int i = 0; i < nofMappedParameters; i++) {
873 : // Verify that each context-mapped argument is either the hole or a valid
874 : // Smi within context length range.
875 : Object mapped = get_mapped_entry(i);
876 : if (mapped->IsTheHole(isolate)) {
877 : // Slow sloppy arguments can be holey.
878 : if (!is_fast) continue;
879 : // Fast sloppy arguments elements are never holey. Either the element is
880 : // context-mapped or present in the arguments elements.
881 : CHECK(accessor->HasElement(holder, i, arg_elements));
882 : continue;
883 : }
884 : int mappedIndex = Smi::ToInt(mapped);
885 : nofMappedParameters++;
886 : CHECK_LE(maxMappedIndex, mappedIndex);
887 : maxMappedIndex = mappedIndex;
888 : Object value = context_object->get(mappedIndex);
889 : CHECK(value->IsObject());
890 : // None of the context-mapped entries should exist in the arguments
891 : // elements.
892 : CHECK(!accessor->HasElement(holder, i, arg_elements));
893 : }
894 : CHECK_LE(nofMappedParameters, context_object->length());
895 : CHECK_LE(nofMappedParameters, arg_elements->length());
896 : CHECK_LE(maxMappedIndex, context_object->length());
897 : CHECK_LE(maxMappedIndex, arg_elements->length());
898 : }
899 :
900 : void JSGeneratorObject::JSGeneratorObjectVerify(Isolate* isolate) {
901 : // In an expression like "new g()", there can be a point where a generator
902 : // object is allocated but its fields are all undefined, as it hasn't yet been
903 : // initialized by the generator. Hence these weak checks.
904 : VerifyObjectField(isolate, kFunctionOffset);
905 : VerifyObjectField(isolate, kContextOffset);
906 : VerifyObjectField(isolate, kReceiverOffset);
907 : VerifyObjectField(isolate, kParametersAndRegistersOffset);
908 : VerifyObjectField(isolate, kContinuationOffset);
909 : }
910 :
911 : void JSAsyncFunctionObject::JSAsyncFunctionObjectVerify(Isolate* isolate) {
912 : // Check inherited fields
913 : JSGeneratorObjectVerify(isolate);
914 : VerifyObjectField(isolate, kPromiseOffset);
915 : promise()->HeapObjectVerify(isolate);
916 : }
917 :
918 : void JSAsyncGeneratorObject::JSAsyncGeneratorObjectVerify(Isolate* isolate) {
919 : // Check inherited fields
920 : JSGeneratorObjectVerify(isolate);
921 : VerifyObjectField(isolate, kQueueOffset);
922 : queue()->HeapObjectVerify(isolate);
923 : }
924 :
925 : void JSValue::JSValueVerify(Isolate* isolate) {
926 : Object v = value();
927 : if (v->IsHeapObject()) {
928 : VerifyHeapPointer(isolate, v);
929 : }
930 : }
931 :
932 : void JSDate::JSDateVerify(Isolate* isolate) {
933 : if (value()->IsHeapObject()) {
934 : VerifyHeapPointer(isolate, value());
935 : }
936 : CHECK(value()->IsUndefined(isolate) || value()->IsSmi() ||
937 : value()->IsHeapNumber());
938 : CHECK(year()->IsUndefined(isolate) || year()->IsSmi() || year()->IsNaN());
939 : CHECK(month()->IsUndefined(isolate) || month()->IsSmi() || month()->IsNaN());
940 : CHECK(day()->IsUndefined(isolate) || day()->IsSmi() || day()->IsNaN());
941 : CHECK(weekday()->IsUndefined(isolate) || weekday()->IsSmi() ||
942 : weekday()->IsNaN());
943 : CHECK(hour()->IsUndefined(isolate) || hour()->IsSmi() || hour()->IsNaN());
944 : CHECK(min()->IsUndefined(isolate) || min()->IsSmi() || min()->IsNaN());
945 : CHECK(sec()->IsUndefined(isolate) || sec()->IsSmi() || sec()->IsNaN());
946 : CHECK(cache_stamp()->IsUndefined(isolate) || cache_stamp()->IsSmi() ||
947 : cache_stamp()->IsNaN());
948 :
949 : if (month()->IsSmi()) {
950 : int month = Smi::ToInt(this->month());
951 : CHECK(0 <= month && month <= 11);
952 : }
953 : if (day()->IsSmi()) {
954 : int day = Smi::ToInt(this->day());
955 : CHECK(1 <= day && day <= 31);
956 : }
957 : if (hour()->IsSmi()) {
958 : int hour = Smi::ToInt(this->hour());
959 : CHECK(0 <= hour && hour <= 23);
960 : }
961 : if (min()->IsSmi()) {
962 : int min = Smi::ToInt(this->min());
963 : CHECK(0 <= min && min <= 59);
964 : }
965 : if (sec()->IsSmi()) {
966 : int sec = Smi::ToInt(this->sec());
967 : CHECK(0 <= sec && sec <= 59);
968 : }
969 : if (weekday()->IsSmi()) {
970 : int weekday = Smi::ToInt(this->weekday());
971 : CHECK(0 <= weekday && weekday <= 6);
972 : }
973 : if (cache_stamp()->IsSmi()) {
974 : CHECK(Smi::ToInt(cache_stamp()) <=
975 : Smi::ToInt(isolate->date_cache()->stamp()));
976 : }
977 : }
978 :
979 : void JSMessageObject::JSMessageObjectVerify(Isolate* isolate) {
980 : CHECK(IsJSMessageObject());
981 : VerifyObjectField(isolate, kStartPositionOffset);
982 : VerifyObjectField(isolate, kEndPositionOffset);
983 : VerifyObjectField(isolate, kArgumentsOffset);
984 : VerifyObjectField(isolate, kScriptOffset);
985 : VerifyObjectField(isolate, kStackFramesOffset);
986 : }
987 :
988 : void String::StringVerify(Isolate* isolate) {
989 : CHECK(IsString());
990 : CHECK(length() >= 0 && length() <= Smi::kMaxValue);
991 : CHECK_IMPLIES(length() == 0, *this == ReadOnlyRoots(isolate).empty_string());
992 : if (IsInternalizedString()) {
993 : CHECK(!Heap::InNewSpace(*this));
994 : }
995 : if (IsConsString()) {
996 : ConsString::cast(*this)->ConsStringVerify(isolate);
997 : } else if (IsSlicedString()) {
998 : SlicedString::cast(*this)->SlicedStringVerify(isolate);
999 : } else if (IsThinString()) {
1000 : ThinString::cast(*this)->ThinStringVerify(isolate);
1001 : }
1002 : }
1003 :
1004 : void ConsString::ConsStringVerify(Isolate* isolate) {
1005 : CHECK(this->first()->IsString());
1006 : CHECK(this->second() == ReadOnlyRoots(isolate).empty_string() ||
1007 : this->second()->IsString());
1008 : CHECK_GE(this->length(), ConsString::kMinLength);
1009 : CHECK(this->length() == this->first()->length() + this->second()->length());
1010 : if (this->IsFlat()) {
1011 : // A flat cons can only be created by String::SlowFlatten.
1012 : // Afterwards, the first part may be externalized or internalized.
1013 : CHECK(this->first()->IsSeqString() || this->first()->IsExternalString() ||
1014 : this->first()->IsThinString());
1015 : }
1016 : }
1017 :
1018 : void ThinString::ThinStringVerify(Isolate* isolate) {
1019 : CHECK(this->actual()->IsInternalizedString());
1020 : CHECK(this->actual()->IsSeqString() || this->actual()->IsExternalString());
1021 : }
1022 :
1023 : void SlicedString::SlicedStringVerify(Isolate* isolate) {
1024 : CHECK(!this->parent()->IsConsString());
1025 : CHECK(!this->parent()->IsSlicedString());
1026 : CHECK_GE(this->length(), SlicedString::kMinLength);
1027 : }
1028 :
1029 : void JSBoundFunction::JSBoundFunctionVerify(Isolate* isolate) {
1030 : CHECK(IsJSBoundFunction());
1031 : JSObjectVerify(isolate);
1032 : VerifyObjectField(isolate, kBoundThisOffset);
1033 : VerifyObjectField(isolate, kBoundTargetFunctionOffset);
1034 : VerifyObjectField(isolate, kBoundArgumentsOffset);
1035 : CHECK(IsCallable());
1036 :
1037 : if (!raw_bound_target_function()->IsUndefined(isolate)) {
1038 : CHECK(bound_target_function()->IsCallable());
1039 : CHECK_EQ(IsConstructor(), bound_target_function()->IsConstructor());
1040 : }
1041 : }
1042 :
1043 : void JSFunction::JSFunctionVerify(Isolate* isolate) {
1044 : CHECK(IsJSFunction());
1045 : JSObjectVerify(isolate);
1046 : VerifyHeapPointer(isolate, raw_feedback_cell());
1047 : CHECK(raw_feedback_cell()->IsFeedbackCell());
1048 : CHECK(code()->IsCode());
1049 : CHECK(map()->is_callable());
1050 : Handle<JSFunction> function(*this, isolate);
1051 : LookupIterator it(isolate, function, isolate->factory()->prototype_string(),
1052 : LookupIterator::OWN_SKIP_INTERCEPTOR);
1053 : if (has_prototype_slot()) {
1054 : VerifyObjectField(isolate, kPrototypeOrInitialMapOffset);
1055 : }
1056 :
1057 : if (has_prototype_property()) {
1058 : CHECK(it.IsFound());
1059 : CHECK_EQ(LookupIterator::ACCESSOR, it.state());
1060 : CHECK(it.GetAccessors()->IsAccessorInfo());
1061 : } else {
1062 : CHECK(!it.IsFound() || it.state() != LookupIterator::ACCESSOR ||
1063 : !it.GetAccessors()->IsAccessorInfo());
1064 : }
1065 : }
1066 :
1067 : void SharedFunctionInfo::SharedFunctionInfoVerify(Isolate* isolate) {
1068 : CHECK(IsSharedFunctionInfo());
1069 :
1070 : VerifyObjectField(isolate, kFunctionDataOffset);
1071 : VerifyObjectField(isolate, kOuterScopeInfoOrFeedbackMetadataOffset);
1072 : VerifyObjectField(isolate, kScriptOrDebugInfoOffset);
1073 : VerifyObjectField(isolate, kNameOrScopeInfoOffset);
1074 :
1075 : Object value = name_or_scope_info();
1076 : CHECK(value == kNoSharedNameSentinel || value->IsString() ||
1077 : value->IsScopeInfo());
1078 : if (value->IsScopeInfo()) {
1079 : CHECK_LT(0, ScopeInfo::cast(value)->length());
1080 : CHECK_NE(value, ReadOnlyRoots(isolate).empty_scope_info());
1081 : }
1082 :
1083 : CHECK(HasWasmExportedFunctionData() || IsApiFunction() ||
1084 : HasBytecodeArray() || HasAsmWasmData() || HasBuiltinId() ||
1085 : HasUncompiledDataWithPreparseData() ||
1086 : HasUncompiledDataWithoutPreparseData());
1087 :
1088 : CHECK(script_or_debug_info()->IsUndefined(isolate) ||
1089 : script_or_debug_info()->IsScript() || HasDebugInfo());
1090 :
1091 : if (!is_compiled()) {
1092 : CHECK(!HasFeedbackMetadata());
1093 : CHECK(outer_scope_info()->IsScopeInfo() ||
1094 : outer_scope_info()->IsTheHole(isolate));
1095 : } else if (HasBytecodeArray() && HasFeedbackMetadata()) {
1096 : CHECK(feedback_metadata()->IsFeedbackMetadata());
1097 : }
1098 :
1099 : int expected_map_index = Context::FunctionMapIndex(
1100 : language_mode(), kind(), true, HasSharedName(), needs_home_object());
1101 : CHECK_EQ(expected_map_index, function_map_index());
1102 :
1103 : if (scope_info()->length() > 0) {
1104 : ScopeInfo info = scope_info();
1105 : CHECK(kind() == info->function_kind());
1106 : CHECK_EQ(kind() == kModule, info->scope_type() == MODULE_SCOPE);
1107 : }
1108 :
1109 : if (IsApiFunction()) {
1110 : CHECK(construct_as_builtin());
1111 : } else if (!HasBuiltinId()) {
1112 : CHECK(!construct_as_builtin());
1113 : } else {
1114 : int id = builtin_id();
1115 : if (id != Builtins::kCompileLazy && id != Builtins::kEmptyFunction) {
1116 : CHECK(construct_as_builtin());
1117 : } else {
1118 : CHECK(!construct_as_builtin());
1119 : }
1120 : }
1121 : }
1122 :
1123 : void JSGlobalProxy::JSGlobalProxyVerify(Isolate* isolate) {
1124 : CHECK(IsJSGlobalProxy());
1125 : JSObjectVerify(isolate);
1126 : VerifyObjectField(isolate, JSGlobalProxy::kNativeContextOffset);
1127 : CHECK(map()->is_access_check_needed());
1128 : // Make sure that this object has no properties, elements.
1129 : CHECK_EQ(0, FixedArray::cast(elements())->length());
1130 : }
1131 :
1132 : void JSGlobalObject::JSGlobalObjectVerify(Isolate* isolate) {
1133 : CHECK(IsJSGlobalObject());
1134 : // Do not check the dummy global object for the builtins.
1135 : if (global_dictionary()->NumberOfElements() == 0 &&
1136 : elements()->length() == 0) {
1137 : return;
1138 : }
1139 : JSObjectVerify(isolate);
1140 : }
1141 :
1142 : void Oddball::OddballVerify(Isolate* isolate) {
1143 : CHECK(IsOddball());
1144 : Heap* heap = isolate->heap();
1145 : VerifyHeapPointer(isolate, to_string());
1146 : Object number = to_number();
1147 : if (number->IsHeapObject()) {
1148 : CHECK(number == ReadOnlyRoots(heap).nan_value() ||
1149 : number == ReadOnlyRoots(heap).hole_nan_value());
1150 : } else {
1151 : CHECK(number->IsSmi());
1152 : int value = Smi::ToInt(number);
1153 : // Hidden oddballs have negative smis.
1154 : const int kLeastHiddenOddballNumber = -7;
1155 : CHECK_LE(value, 1);
1156 : CHECK_GE(value, kLeastHiddenOddballNumber);
1157 : }
1158 :
1159 : ReadOnlyRoots roots(heap);
1160 : if (map() == roots.undefined_map()) {
1161 : CHECK(*this == roots.undefined_value());
1162 : } else if (map() == roots.the_hole_map()) {
1163 : CHECK(*this == roots.the_hole_value());
1164 : } else if (map() == roots.null_map()) {
1165 : CHECK(*this == roots.null_value());
1166 : } else if (map() == roots.boolean_map()) {
1167 : CHECK(*this == roots.true_value() || *this == roots.false_value());
1168 : } else if (map() == roots.uninitialized_map()) {
1169 : CHECK(*this == roots.uninitialized_value());
1170 : } else if (map() == roots.arguments_marker_map()) {
1171 : CHECK(*this == roots.arguments_marker());
1172 : } else if (map() == roots.termination_exception_map()) {
1173 : CHECK(*this == roots.termination_exception());
1174 : } else if (map() == roots.exception_map()) {
1175 : CHECK(*this == roots.exception());
1176 : } else if (map() == roots.optimized_out_map()) {
1177 : CHECK(*this == roots.optimized_out());
1178 : } else if (map() == roots.stale_register_map()) {
1179 : CHECK(*this == roots.stale_register());
1180 : } else if (map() == roots.self_reference_marker_map()) {
1181 : // Multiple instances of this oddball may exist at once.
1182 : CHECK_EQ(kind(), Oddball::kSelfReferenceMarker);
1183 : } else {
1184 : UNREACHABLE();
1185 : }
1186 : }
1187 :
1188 : void Cell::CellVerify(Isolate* isolate) {
1189 : CHECK(IsCell());
1190 : VerifyObjectField(isolate, kValueOffset);
1191 : }
1192 :
1193 : void PropertyCell::PropertyCellVerify(Isolate* isolate) {
1194 : CHECK(IsPropertyCell());
1195 : VerifyObjectField(isolate, kValueOffset);
1196 : }
1197 :
1198 : void CodeDataContainer::CodeDataContainerVerify(Isolate* isolate) {
1199 : CHECK(IsCodeDataContainer());
1200 : VerifyObjectField(isolate, kNextCodeLinkOffset);
1201 : CHECK(next_code_link()->IsCode() || next_code_link()->IsUndefined(isolate));
1202 : }
1203 :
1204 : void Code::CodeVerify(Isolate* isolate) {
1205 : CHECK_LE(constant_pool_offset(), code_comments_offset());
1206 : CHECK_LE(code_comments_offset(), InstructionSize());
1207 : CHECK(IsAligned(raw_instruction_start(), kCodeAlignment));
1208 : relocation_info()->ObjectVerify(isolate);
1209 : CHECK(Code::SizeFor(body_size()) <= kMaxRegularHeapObjectSize ||
1210 : isolate->heap()->InSpace(*this, CODE_LO_SPACE));
1211 : Address last_gc_pc = kNullAddress;
1212 :
1213 : for (RelocIterator it(*this); !it.done(); it.next()) {
1214 : it.rinfo()->Verify(isolate);
1215 : // Ensure that GC will not iterate twice over the same pointer.
1216 : if (RelocInfo::IsGCRelocMode(it.rinfo()->rmode())) {
1217 : CHECK(it.rinfo()->pc() != last_gc_pc);
1218 : last_gc_pc = it.rinfo()->pc();
1219 : }
1220 : }
1221 : }
1222 :
1223 : void JSArray::JSArrayVerify(Isolate* isolate) {
1224 : JSObjectVerify(isolate);
1225 : CHECK(length()->IsNumber() || length()->IsUndefined(isolate));
1226 : // If a GC was caused while constructing this array, the elements
1227 : // pointer may point to a one pointer filler map.
1228 : if (!ElementsAreSafeToExamine()) return;
1229 : if (elements()->IsUndefined(isolate)) return;
1230 : CHECK(elements()->IsFixedArray() || elements()->IsFixedDoubleArray());
1231 : if (elements()->length() == 0) {
1232 : CHECK_EQ(elements(), ReadOnlyRoots(isolate).empty_fixed_array());
1233 : }
1234 : if (!length()->IsNumber()) return;
1235 : // Verify that the length and the elements backing store are in sync.
1236 : if (length()->IsSmi() && HasFastElements()) {
1237 : if (elements()->length() > 0) {
1238 : CHECK_IMPLIES(HasDoubleElements(), elements()->IsFixedDoubleArray());
1239 : }
1240 : int size = Smi::ToInt(length());
1241 : // Holey / Packed backing stores might have slack or might have not been
1242 : // properly initialized yet.
1243 : CHECK(size <= elements()->length() ||
1244 : elements() == ReadOnlyRoots(isolate).empty_fixed_array());
1245 : } else {
1246 : CHECK(HasDictionaryElements());
1247 : uint32_t array_length;
1248 : CHECK(length()->ToArrayLength(&array_length));
1249 : if (array_length == 0xFFFFFFFF) {
1250 : CHECK(length()->ToArrayLength(&array_length));
1251 : }
1252 : if (array_length != 0) {
1253 : NumberDictionary dict = NumberDictionary::cast(elements());
1254 : // The dictionary can never have more elements than the array length + 1.
1255 : // If the backing store grows the verification might be triggered with
1256 : // the old length in place.
1257 : uint32_t nof_elements = static_cast<uint32_t>(dict->NumberOfElements());
1258 : if (nof_elements != 0) nof_elements--;
1259 : CHECK_LE(nof_elements, array_length);
1260 : }
1261 : }
1262 : }
1263 :
1264 : void JSSet::JSSetVerify(Isolate* isolate) {
1265 : CHECK(IsJSSet());
1266 : JSObjectVerify(isolate);
1267 : VerifyHeapPointer(isolate, table());
1268 : CHECK(table()->IsOrderedHashSet() || table()->IsUndefined(isolate));
1269 : // TODO(arv): Verify OrderedHashTable too.
1270 : }
1271 :
1272 : void JSMap::JSMapVerify(Isolate* isolate) {
1273 : CHECK(IsJSMap());
1274 : JSObjectVerify(isolate);
1275 : VerifyHeapPointer(isolate, table());
1276 : CHECK(table()->IsOrderedHashMap() || table()->IsUndefined(isolate));
1277 : // TODO(arv): Verify OrderedHashTable too.
1278 : }
1279 :
1280 : void JSSetIterator::JSSetIteratorVerify(Isolate* isolate) {
1281 : CHECK(IsJSSetIterator());
1282 : JSObjectVerify(isolate);
1283 : VerifyHeapPointer(isolate, table());
1284 : CHECK(table()->IsOrderedHashSet());
1285 : CHECK(index()->IsSmi());
1286 : }
1287 :
1288 : void JSMapIterator::JSMapIteratorVerify(Isolate* isolate) {
1289 : CHECK(IsJSMapIterator());
1290 : JSObjectVerify(isolate);
1291 : VerifyHeapPointer(isolate, table());
1292 : CHECK(table()->IsOrderedHashMap());
1293 : CHECK(index()->IsSmi());
1294 : }
1295 :
1296 : void JSWeakCell::JSWeakCellVerify(Isolate* isolate) {
1297 : CHECK(IsJSWeakCell());
1298 : JSObjectVerify(isolate);
1299 :
1300 : CHECK(next()->IsJSWeakCell() || next()->IsUndefined(isolate));
1301 : if (next()->IsJSWeakCell()) {
1302 : CHECK_EQ(JSWeakCell::cast(next())->prev(), *this);
1303 : }
1304 : CHECK(prev()->IsJSWeakCell() || prev()->IsUndefined(isolate));
1305 : if (prev()->IsJSWeakCell()) {
1306 : CHECK_EQ(JSWeakCell::cast(prev())->next(), *this);
1307 : }
1308 :
1309 : CHECK(factory()->IsUndefined(isolate) || factory()->IsJSWeakFactory());
1310 : }
1311 :
1312 : void JSWeakRef::JSWeakRefVerify(Isolate* isolate) {
1313 : CHECK(IsJSWeakRef());
1314 : JSObjectVerify(isolate);
1315 : CHECK(target()->IsUndefined(isolate) || target()->IsJSReceiver());
1316 : }
1317 :
1318 : void JSWeakFactory::JSWeakFactoryVerify(Isolate* isolate) {
1319 : CHECK(IsJSWeakFactory());
1320 : JSObjectVerify(isolate);
1321 : VerifyHeapPointer(isolate, cleanup());
1322 : CHECK(active_cells()->IsUndefined(isolate) || active_cells()->IsJSWeakCell());
1323 : if (active_cells()->IsJSWeakCell()) {
1324 : CHECK(JSWeakCell::cast(active_cells())->prev()->IsUndefined(isolate));
1325 : }
1326 : CHECK(cleared_cells()->IsUndefined(isolate) ||
1327 : cleared_cells()->IsJSWeakCell());
1328 : if (cleared_cells()->IsJSWeakCell()) {
1329 : CHECK(JSWeakCell::cast(cleared_cells())->prev()->IsUndefined(isolate));
1330 : }
1331 : }
1332 :
1333 : void JSWeakFactoryCleanupIterator::JSWeakFactoryCleanupIteratorVerify(
1334 : Isolate* isolate) {
1335 : CHECK(IsJSWeakFactoryCleanupIterator());
1336 : JSObjectVerify(isolate);
1337 : VerifyHeapPointer(isolate, factory());
1338 : }
1339 :
1340 : void WeakFactoryCleanupJobTask::WeakFactoryCleanupJobTaskVerify(
1341 : Isolate* isolate) {
1342 : CHECK(IsWeakFactoryCleanupJobTask());
1343 : CHECK(factory()->IsJSWeakFactory());
1344 : }
1345 :
1346 : void JSWeakMap::JSWeakMapVerify(Isolate* isolate) {
1347 : CHECK(IsJSWeakMap());
1348 : JSObjectVerify(isolate);
1349 : VerifyHeapPointer(isolate, table());
1350 : CHECK(table()->IsEphemeronHashTable() || table()->IsUndefined(isolate));
1351 : }
1352 :
1353 : void JSArrayIterator::JSArrayIteratorVerify(Isolate* isolate) {
1354 : CHECK(IsJSArrayIterator());
1355 : JSObjectVerify(isolate);
1356 : CHECK(iterated_object()->IsJSReceiver());
1357 :
1358 : CHECK_GE(next_index()->Number(), 0);
1359 : CHECK_LE(next_index()->Number(), kMaxSafeInteger);
1360 :
1361 : if (iterated_object()->IsJSTypedArray()) {
1362 : // JSTypedArray::length is limited to Smi range.
1363 : CHECK(next_index()->IsSmi());
1364 : CHECK_LE(next_index()->Number(), Smi::kMaxValue);
1365 : } else if (iterated_object()->IsJSArray()) {
1366 : // JSArray::length is limited to Uint32 range.
1367 : CHECK_LE(next_index()->Number(), kMaxUInt32);
1368 : }
1369 : }
1370 :
1371 : void JSStringIterator::JSStringIteratorVerify(Isolate* isolate) {
1372 : CHECK(IsJSStringIterator());
1373 : JSObjectVerify(isolate);
1374 : CHECK(string()->IsString());
1375 :
1376 : CHECK_GE(index(), 0);
1377 : CHECK_LE(index(), String::kMaxLength);
1378 : }
1379 :
1380 : void JSAsyncFromSyncIterator::JSAsyncFromSyncIteratorVerify(Isolate* isolate) {
1381 : CHECK(IsJSAsyncFromSyncIterator());
1382 : JSObjectVerify(isolate);
1383 : VerifyHeapPointer(isolate, sync_iterator());
1384 : }
1385 :
1386 : void JSWeakSet::JSWeakSetVerify(Isolate* isolate) {
1387 : CHECK(IsJSWeakSet());
1388 : JSObjectVerify(isolate);
1389 : VerifyHeapPointer(isolate, table());
1390 : CHECK(table()->IsEphemeronHashTable() || table()->IsUndefined(isolate));
1391 : }
1392 :
1393 : void Microtask::MicrotaskVerify(Isolate* isolate) { CHECK(IsMicrotask()); }
1394 :
1395 : void CallableTask::CallableTaskVerify(Isolate* isolate) {
1396 : CHECK(IsCallableTask());
1397 : MicrotaskVerify(isolate);
1398 : VerifyHeapPointer(isolate, callable());
1399 : CHECK(callable()->IsCallable());
1400 : VerifyHeapPointer(isolate, context());
1401 : CHECK(context()->IsContext());
1402 : }
1403 :
1404 : void CallbackTask::CallbackTaskVerify(Isolate* isolate) {
1405 : CHECK(IsCallbackTask());
1406 : MicrotaskVerify(isolate);
1407 : VerifyHeapPointer(isolate, callback());
1408 : VerifyHeapPointer(isolate, data());
1409 : }
1410 :
1411 : void PromiseReactionJobTask::PromiseReactionJobTaskVerify(Isolate* isolate) {
1412 : CHECK(IsPromiseReactionJobTask());
1413 : MicrotaskVerify(isolate);
1414 : VerifyPointer(isolate, argument());
1415 : VerifyHeapPointer(isolate, context());
1416 : CHECK(context()->IsContext());
1417 : VerifyHeapPointer(isolate, handler());
1418 : CHECK(handler()->IsUndefined(isolate) || handler()->IsCallable());
1419 : VerifyHeapPointer(isolate, promise_or_capability());
1420 : CHECK(promise_or_capability()->IsJSPromise() ||
1421 : promise_or_capability()->IsPromiseCapability() ||
1422 : promise_or_capability()->IsUndefined(isolate));
1423 : }
1424 :
1425 : void PromiseFulfillReactionJobTask::PromiseFulfillReactionJobTaskVerify(
1426 : Isolate* isolate) {
1427 : CHECK(IsPromiseFulfillReactionJobTask());
1428 : PromiseReactionJobTaskVerify(isolate);
1429 : }
1430 :
1431 : void PromiseRejectReactionJobTask::PromiseRejectReactionJobTaskVerify(
1432 : Isolate* isolate) {
1433 : CHECK(IsPromiseRejectReactionJobTask());
1434 : PromiseReactionJobTaskVerify(isolate);
1435 : }
1436 :
1437 : void PromiseResolveThenableJobTask::PromiseResolveThenableJobTaskVerify(
1438 : Isolate* isolate) {
1439 : CHECK(IsPromiseResolveThenableJobTask());
1440 : MicrotaskVerify(isolate);
1441 : VerifyHeapPointer(isolate, context());
1442 : CHECK(context()->IsContext());
1443 : VerifyHeapPointer(isolate, promise_to_resolve());
1444 : CHECK(promise_to_resolve()->IsJSPromise());
1445 : VerifyHeapPointer(isolate, then());
1446 : CHECK(then()->IsCallable());
1447 : CHECK(then()->IsJSReceiver());
1448 : VerifyHeapPointer(isolate, thenable());
1449 : CHECK(thenable()->IsJSReceiver());
1450 : }
1451 :
1452 : void PromiseCapability::PromiseCapabilityVerify(Isolate* isolate) {
1453 : CHECK(IsPromiseCapability());
1454 :
1455 : VerifyHeapPointer(isolate, promise());
1456 : CHECK(promise()->IsJSReceiver() || promise()->IsUndefined(isolate));
1457 : VerifyPointer(isolate, resolve());
1458 : VerifyPointer(isolate, reject());
1459 : }
1460 :
1461 : void PromiseReaction::PromiseReactionVerify(Isolate* isolate) {
1462 : CHECK(IsPromiseReaction());
1463 :
1464 : VerifyPointer(isolate, next());
1465 : CHECK(next()->IsSmi() || next()->IsPromiseReaction());
1466 : VerifyHeapPointer(isolate, reject_handler());
1467 : CHECK(reject_handler()->IsUndefined(isolate) ||
1468 : reject_handler()->IsCallable());
1469 : VerifyHeapPointer(isolate, fulfill_handler());
1470 : CHECK(fulfill_handler()->IsUndefined(isolate) ||
1471 : fulfill_handler()->IsCallable());
1472 : VerifyHeapPointer(isolate, promise_or_capability());
1473 : CHECK(promise_or_capability()->IsJSPromise() ||
1474 : promise_or_capability()->IsPromiseCapability() ||
1475 : promise_or_capability()->IsUndefined(isolate));
1476 : }
1477 :
1478 : void JSPromise::JSPromiseVerify(Isolate* isolate) {
1479 : CHECK(IsJSPromise());
1480 : JSObjectVerify(isolate);
1481 : VerifyPointer(isolate, reactions_or_result());
1482 : VerifySmiField(kFlagsOffset);
1483 : if (status() == Promise::kPending) {
1484 : CHECK(reactions()->IsSmi() || reactions()->IsPromiseReaction());
1485 : }
1486 : }
1487 :
1488 : template <typename Derived>
1489 : void SmallOrderedHashTable<Derived>::SmallOrderedHashTableVerify(
1490 : Isolate* isolate) {
1491 : CHECK(IsSmallOrderedHashTable());
1492 :
1493 : int capacity = Capacity();
1494 : CHECK_GE(capacity, kMinCapacity);
1495 : CHECK_LE(capacity, kMaxCapacity);
1496 :
1497 : for (int entry = 0; entry < NumberOfBuckets(); entry++) {
1498 : int bucket = GetFirstEntry(entry);
1499 : if (bucket == kNotFound) continue;
1500 : CHECK_GE(bucket, 0);
1501 : CHECK_LE(bucket, capacity);
1502 : }
1503 :
1504 : for (int entry = 0; entry < NumberOfElements(); entry++) {
1505 : int chain = GetNextEntry(entry);
1506 : if (chain == kNotFound) continue;
1507 : CHECK_GE(chain, 0);
1508 : CHECK_LE(chain, capacity);
1509 : }
1510 :
1511 : for (int entry = 0; entry < NumberOfElements(); entry++) {
1512 : for (int offset = 0; offset < Derived::kEntrySize; offset++) {
1513 : Object val = GetDataEntry(entry, offset);
1514 : VerifyPointer(isolate, val);
1515 : }
1516 : }
1517 :
1518 : for (int entry = NumberOfElements() + NumberOfDeletedElements();
1519 : entry < Capacity(); entry++) {
1520 : for (int offset = 0; offset < Derived::kEntrySize; offset++) {
1521 : Object val = GetDataEntry(entry, offset);
1522 : CHECK(val->IsTheHole(isolate));
1523 : }
1524 : }
1525 : }
1526 : void SmallOrderedHashMap::SmallOrderedHashMapVerify(Isolate* isolate) {
1527 : SmallOrderedHashTable<SmallOrderedHashMap>::SmallOrderedHashTableVerify(
1528 : isolate);
1529 : for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1530 : entry++) {
1531 : for (int offset = 0; offset < kEntrySize; offset++) {
1532 : Object val = GetDataEntry(entry, offset);
1533 : CHECK(val->IsTheHole(isolate));
1534 : }
1535 : }
1536 : }
1537 :
1538 : void SmallOrderedHashSet::SmallOrderedHashSetVerify(Isolate* isolate) {
1539 : SmallOrderedHashTable<SmallOrderedHashSet>::SmallOrderedHashTableVerify(
1540 : isolate);
1541 : for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1542 : entry++) {
1543 : for (int offset = 0; offset < kEntrySize; offset++) {
1544 : Object val = GetDataEntry(entry, offset);
1545 : CHECK(val->IsTheHole(isolate));
1546 : }
1547 : }
1548 : }
1549 :
1550 : void SmallOrderedNameDictionary::SmallOrderedNameDictionaryVerify(
1551 : Isolate* isolate) {
1552 : SmallOrderedHashTable<
1553 : SmallOrderedNameDictionary>::SmallOrderedHashTableVerify(isolate);
1554 : for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1555 : entry++) {
1556 : for (int offset = 0; offset < kEntrySize; offset++) {
1557 : Object val = GetDataEntry(entry, offset);
1558 : CHECK(val->IsTheHole(isolate) ||
1559 : (PropertyDetails::Empty().AsSmi() == Smi::cast(val)));
1560 : }
1561 : }
1562 : }
1563 :
1564 : void JSRegExp::JSRegExpVerify(Isolate* isolate) {
1565 : JSObjectVerify(isolate);
1566 : CHECK(data()->IsUndefined(isolate) || data()->IsFixedArray());
1567 : switch (TypeTag()) {
1568 : case JSRegExp::ATOM: {
1569 : FixedArray arr = FixedArray::cast(data());
1570 : CHECK(arr->get(JSRegExp::kAtomPatternIndex)->IsString());
1571 : break;
1572 : }
1573 : case JSRegExp::IRREGEXP: {
1574 : bool is_native = RegExpImpl::UsesNativeRegExp();
1575 :
1576 : FixedArray arr = FixedArray::cast(data());
1577 : Object one_byte_data = arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
1578 : // Smi : Not compiled yet (-1).
1579 : // Code/ByteArray: Compiled code.
1580 : CHECK(
1581 : (one_byte_data->IsSmi() &&
1582 : Smi::ToInt(one_byte_data) == JSRegExp::kUninitializedValue) ||
1583 : (is_native ? one_byte_data->IsCode() : one_byte_data->IsByteArray()));
1584 : Object uc16_data = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
1585 : CHECK((uc16_data->IsSmi() &&
1586 : Smi::ToInt(uc16_data) == JSRegExp::kUninitializedValue) ||
1587 : (is_native ? uc16_data->IsCode() : uc16_data->IsByteArray()));
1588 :
1589 : CHECK(arr->get(JSRegExp::kIrregexpCaptureCountIndex)->IsSmi());
1590 : CHECK(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex)->IsSmi());
1591 : break;
1592 : }
1593 : default:
1594 : CHECK_EQ(JSRegExp::NOT_COMPILED, TypeTag());
1595 : CHECK(data()->IsUndefined(isolate));
1596 : break;
1597 : }
1598 : }
1599 :
1600 : void JSRegExpStringIterator::JSRegExpStringIteratorVerify(Isolate* isolate) {
1601 : CHECK(IsJSRegExpStringIterator());
1602 : JSObjectVerify(isolate);
1603 : CHECK(iterating_string()->IsString());
1604 : CHECK(iterating_regexp()->IsObject());
1605 : VerifySmiField(kFlagsOffset);
1606 : }
1607 :
1608 : void JSProxy::JSProxyVerify(Isolate* isolate) {
1609 : CHECK(IsJSProxy());
1610 : CHECK(map()->GetConstructor()->IsJSFunction());
1611 : VerifyPointer(isolate, target());
1612 : VerifyPointer(isolate, handler());
1613 : if (!IsRevoked()) {
1614 : CHECK_EQ(target()->IsCallable(), map()->is_callable());
1615 : CHECK_EQ(target()->IsConstructor(), map()->is_constructor());
1616 : }
1617 : CHECK(map()->prototype()->IsNull(isolate));
1618 : // There should be no properties on a Proxy.
1619 : CHECK_EQ(0, map()->NumberOfOwnDescriptors());
1620 : }
1621 :
1622 : void JSArrayBuffer::JSArrayBufferVerify(Isolate* isolate) {
1623 : CHECK(IsJSArrayBuffer());
1624 : if (FIELD_SIZE(kOptionalPaddingOffset) != 0) {
1625 : CHECK_EQ(4, FIELD_SIZE(kOptionalPaddingOffset));
1626 : CHECK_EQ(0,
1627 : *reinterpret_cast<uint32_t*>(address() + kOptionalPaddingOffset));
1628 : }
1629 : JSObjectVerify(isolate);
1630 : }
1631 :
1632 : void JSArrayBufferView::JSArrayBufferViewVerify(Isolate* isolate) {
1633 : CHECK(IsJSArrayBufferView());
1634 : JSObjectVerify(isolate);
1635 : VerifyPointer(isolate, buffer());
1636 : CHECK(buffer()->IsJSArrayBuffer() || buffer()->IsUndefined(isolate) ||
1637 : buffer() == Smi::kZero);
1638 : CHECK_LE(byte_length(), JSArrayBuffer::kMaxByteLength);
1639 : CHECK_LE(byte_offset(), JSArrayBuffer::kMaxByteLength);
1640 : }
1641 :
1642 : void JSTypedArray::JSTypedArrayVerify(Isolate* isolate) {
1643 : CHECK(IsJSTypedArray());
1644 : JSArrayBufferViewVerify(isolate);
1645 : VerifyPointer(isolate, raw_length());
1646 : CHECK(raw_length()->IsSmi() || raw_length()->IsUndefined(isolate));
1647 : VerifyPointer(isolate, elements());
1648 : }
1649 :
1650 : void JSDataView::JSDataViewVerify(Isolate* isolate) {
1651 : CHECK(IsJSDataView());
1652 : JSArrayBufferViewVerify(isolate);
1653 : }
1654 :
1655 : void Foreign::ForeignVerify(Isolate* isolate) { CHECK(IsForeign()); }
1656 :
1657 : void AsyncGeneratorRequest::AsyncGeneratorRequestVerify(Isolate* isolate) {
1658 : CHECK(IsAsyncGeneratorRequest());
1659 : VerifySmiField(kResumeModeOffset);
1660 : CHECK_GE(resume_mode(), JSGeneratorObject::kNext);
1661 : CHECK_LE(resume_mode(), JSGeneratorObject::kThrow);
1662 : CHECK(promise()->IsJSPromise());
1663 : VerifyPointer(isolate, value());
1664 : VerifyPointer(isolate, next());
1665 : next()->ObjectVerify(isolate);
1666 : }
1667 :
1668 : void BigInt::BigIntVerify(Isolate* isolate) {
1669 : CHECK(IsBigInt());
1670 : CHECK_GE(length(), 0);
1671 : CHECK_IMPLIES(is_zero(), !sign()); // There is no -0n.
1672 : }
1673 :
1674 : void JSModuleNamespace::JSModuleNamespaceVerify(Isolate* isolate) {
1675 : CHECK(IsJSModuleNamespace());
1676 : VerifyPointer(isolate, module());
1677 : }
1678 :
1679 : void ModuleInfoEntry::ModuleInfoEntryVerify(Isolate* isolate) {
1680 : CHECK(IsModuleInfoEntry());
1681 :
1682 : CHECK(export_name()->IsUndefined(isolate) || export_name()->IsString());
1683 : CHECK(local_name()->IsUndefined(isolate) || local_name()->IsString());
1684 : CHECK(import_name()->IsUndefined(isolate) || import_name()->IsString());
1685 :
1686 : VerifySmiField(kModuleRequestOffset);
1687 : VerifySmiField(kCellIndexOffset);
1688 : VerifySmiField(kBegPosOffset);
1689 : VerifySmiField(kEndPosOffset);
1690 :
1691 : CHECK_IMPLIES(import_name()->IsString(), module_request() >= 0);
1692 : CHECK_IMPLIES(export_name()->IsString() && import_name()->IsString(),
1693 : local_name()->IsUndefined(isolate));
1694 : }
1695 :
1696 : void Module::ModuleVerify(Isolate* isolate) {
1697 : CHECK(IsModule());
1698 :
1699 : VerifyPointer(isolate, code());
1700 : VerifyPointer(isolate, exports());
1701 : VerifyPointer(isolate, module_namespace());
1702 : VerifyPointer(isolate, requested_modules());
1703 : VerifyPointer(isolate, script());
1704 : VerifyPointer(isolate, import_meta());
1705 : VerifyPointer(isolate, exception());
1706 : VerifySmiField(kHashOffset);
1707 : VerifySmiField(kStatusOffset);
1708 :
1709 : CHECK((status() >= kEvaluating && code()->IsModuleInfo()) ||
1710 : (status() == kInstantiated && code()->IsJSGeneratorObject()) ||
1711 : (status() == kInstantiating && code()->IsJSFunction()) ||
1712 : (code()->IsSharedFunctionInfo()));
1713 :
1714 : CHECK_EQ(status() == kErrored, !exception()->IsTheHole(isolate));
1715 :
1716 : CHECK(module_namespace()->IsUndefined(isolate) ||
1717 : module_namespace()->IsJSModuleNamespace());
1718 : if (module_namespace()->IsJSModuleNamespace()) {
1719 : CHECK_LE(kInstantiating, status());
1720 : CHECK_EQ(JSModuleNamespace::cast(module_namespace())->module(), *this);
1721 : }
1722 :
1723 : CHECK_EQ(requested_modules()->length(), info()->module_requests()->length());
1724 :
1725 : CHECK(import_meta()->IsTheHole(isolate) || import_meta()->IsJSObject());
1726 :
1727 : CHECK_NE(hash(), 0);
1728 : }
1729 :
1730 : void PrototypeInfo::PrototypeInfoVerify(Isolate* isolate) {
1731 : CHECK(IsPrototypeInfo());
1732 : Object module_ns = module_namespace();
1733 : CHECK(module_ns->IsJSModuleNamespace() || module_ns->IsUndefined(isolate));
1734 : if (prototype_users()->IsWeakArrayList()) {
1735 : PrototypeUsers::Verify(WeakArrayList::cast(prototype_users()));
1736 : } else {
1737 : CHECK(prototype_users()->IsSmi());
1738 : }
1739 : }
1740 :
1741 : void PrototypeUsers::Verify(WeakArrayList array) {
1742 : if (array->length() == 0) {
1743 : // Allow empty & uninitialized lists.
1744 : return;
1745 : }
1746 : // Verify empty slot chain.
1747 : int empty_slot = Smi::ToInt(empty_slot_index(array));
1748 : int empty_slots_count = 0;
1749 : while (empty_slot != kNoEmptySlotsMarker) {
1750 : CHECK_GT(empty_slot, 0);
1751 : CHECK_LT(empty_slot, array->length());
1752 : empty_slot = array->Get(empty_slot).ToSmi().value();
1753 : ++empty_slots_count;
1754 : }
1755 :
1756 : // Verify that all elements are either weak pointers or SMIs marking empty
1757 : // slots.
1758 : int weak_maps_count = 0;
1759 : for (int i = kFirstIndex; i < array->length(); ++i) {
1760 : HeapObject heap_object;
1761 : MaybeObject object = array->Get(i);
1762 : if ((object->GetHeapObjectIfWeak(&heap_object) && heap_object->IsMap()) ||
1763 : object->IsCleared()) {
1764 : ++weak_maps_count;
1765 : } else {
1766 : CHECK(object->IsSmi());
1767 : }
1768 : }
1769 :
1770 : CHECK_EQ(weak_maps_count + empty_slots_count + 1, array->length());
1771 : }
1772 :
1773 : void Tuple2::Tuple2Verify(Isolate* isolate) {
1774 : CHECK(IsTuple2());
1775 : Heap* heap = isolate->heap();
1776 : if (*this == ReadOnlyRoots(heap).empty_enum_cache()) {
1777 : CHECK_EQ(ReadOnlyRoots(heap).empty_fixed_array(),
1778 : EnumCache::cast(*this)->keys());
1779 : CHECK_EQ(ReadOnlyRoots(heap).empty_fixed_array(),
1780 : EnumCache::cast(*this)->indices());
1781 : } else {
1782 : VerifyObjectField(isolate, kValue1Offset);
1783 : VerifyObjectField(isolate, kValue2Offset);
1784 : }
1785 : }
1786 :
1787 : void Tuple3::Tuple3Verify(Isolate* isolate) {
1788 : CHECK(IsTuple3());
1789 : VerifyObjectField(isolate, kValue1Offset);
1790 : VerifyObjectField(isolate, kValue2Offset);
1791 : VerifyObjectField(isolate, kValue3Offset);
1792 : }
1793 :
1794 : void ObjectBoilerplateDescription::ObjectBoilerplateDescriptionVerify(
1795 : Isolate* isolate) {
1796 : CHECK(IsObjectBoilerplateDescription());
1797 : CHECK_GE(this->length(),
1798 : ObjectBoilerplateDescription::kDescriptionStartIndex);
1799 : this->FixedArrayVerify(isolate);
1800 : }
1801 :
1802 : void ArrayBoilerplateDescription::ArrayBoilerplateDescriptionVerify(
1803 : Isolate* isolate) {
1804 : CHECK(IsArrayBoilerplateDescription());
1805 : CHECK(constant_elements()->IsFixedArrayBase());
1806 : VerifyObjectField(isolate, kConstantElementsOffset);
1807 : }
1808 :
1809 : void AsmWasmData::AsmWasmDataVerify(Isolate* isolate) {
1810 : CHECK(IsAsmWasmData());
1811 : VerifyObjectField(isolate, kManagedNativeModuleOffset);
1812 : VerifyObjectField(isolate, kExportWrappersOffset);
1813 : VerifyObjectField(isolate, kAsmJsOffsetTableOffset);
1814 : CHECK(uses_bitset()->IsHeapNumber());
1815 : VerifyObjectField(isolate, kUsesBitsetOffset);
1816 : }
1817 :
1818 : void WasmDebugInfo::WasmDebugInfoVerify(Isolate* isolate) {
1819 : CHECK(IsWasmDebugInfo());
1820 : VerifyObjectField(isolate, kInstanceOffset);
1821 : CHECK(wasm_instance()->IsWasmInstanceObject());
1822 : VerifyObjectField(isolate, kInterpreterHandleOffset);
1823 : CHECK(interpreter_handle()->IsUndefined(isolate) ||
1824 : interpreter_handle()->IsForeign());
1825 : VerifyObjectField(isolate, kInterpretedFunctionsOffset);
1826 : VerifyObjectField(isolate, kLocalsNamesOffset);
1827 : VerifyObjectField(isolate, kCWasmEntriesOffset);
1828 : VerifyObjectField(isolate, kCWasmEntryMapOffset);
1829 : }
1830 :
1831 : void WasmExceptionTag::WasmExceptionTagVerify(Isolate* isolate) {
1832 : CHECK(IsWasmExceptionTag());
1833 : VerifySmiField(kIndexOffset);
1834 : }
1835 :
1836 : void WasmInstanceObject::WasmInstanceObjectVerify(Isolate* isolate) {
1837 : JSObjectVerify(isolate);
1838 : CHECK(IsWasmInstanceObject());
1839 :
1840 : // Just generically check all tagged fields. Don't check the untagged fields,
1841 : // as some of them might still contain the "undefined" value if the
1842 : // WasmInstanceObject is not fully set up yet.
1843 : for (int offset = kHeaderSize; offset < kEndOfTaggedFieldsOffset;
1844 : offset += kTaggedSize) {
1845 : VerifyObjectField(isolate, offset);
1846 : }
1847 : }
1848 :
1849 : void WasmExportedFunctionData::WasmExportedFunctionDataVerify(
1850 : Isolate* isolate) {
1851 : CHECK(IsWasmExportedFunctionData());
1852 : VerifyObjectField(isolate, kWrapperCodeOffset);
1853 : CHECK(wrapper_code()->kind() == Code::JS_TO_WASM_FUNCTION ||
1854 : wrapper_code()->kind() == Code::C_WASM_ENTRY);
1855 : VerifyObjectField(isolate, kInstanceOffset);
1856 : VerifySmiField(kJumpTableOffsetOffset);
1857 : VerifySmiField(kFunctionIndexOffset);
1858 : }
1859 :
1860 : void WasmModuleObject::WasmModuleObjectVerify(Isolate* isolate) {
1861 : CHECK(IsWasmModuleObject());
1862 : VerifyObjectField(isolate, kNativeModuleOffset);
1863 : CHECK(managed_native_module()->IsForeign());
1864 : VerifyObjectField(isolate, kExportWrappersOffset);
1865 : CHECK(export_wrappers()->IsFixedArray());
1866 : VerifyObjectField(isolate, kScriptOffset);
1867 : VerifyObjectField(isolate, kAsmJsOffsetTableOffset);
1868 : VerifyObjectField(isolate, kBreakPointInfosOffset);
1869 : }
1870 :
1871 : void DataHandler::DataHandlerVerify(Isolate* isolate) {
1872 : CHECK(IsDataHandler());
1873 : CHECK_IMPLIES(!smi_handler()->IsSmi(),
1874 : smi_handler()->IsCode() && IsStoreHandler());
1875 : CHECK(validity_cell()->IsSmi() || validity_cell()->IsCell());
1876 : int data_count = data_field_count();
1877 : if (data_count >= 1) {
1878 : VerifyMaybeObjectField(isolate, kData1Offset);
1879 : }
1880 : if (data_count >= 2) {
1881 : VerifyMaybeObjectField(isolate, kData2Offset);
1882 : }
1883 : if (data_count >= 3) {
1884 : VerifyMaybeObjectField(isolate, kData3Offset);
1885 : }
1886 : }
1887 :
1888 : void LoadHandler::LoadHandlerVerify(Isolate* isolate) {
1889 : DataHandler::DataHandlerVerify(isolate);
1890 : // TODO(ishell): check handler integrity
1891 : }
1892 :
1893 : void StoreHandler::StoreHandlerVerify(Isolate* isolate) {
1894 : DataHandler::DataHandlerVerify(isolate);
1895 : // TODO(ishell): check handler integrity
1896 : }
1897 :
1898 : void AccessorInfo::AccessorInfoVerify(Isolate* isolate) {
1899 : CHECK(IsAccessorInfo());
1900 : VerifyPointer(isolate, name());
1901 : VerifyPointer(isolate, expected_receiver_type());
1902 : VerifyForeignPointer(isolate, *this, getter());
1903 : VerifyForeignPointer(isolate, *this, setter());
1904 : VerifyForeignPointer(isolate, *this, js_getter());
1905 : VerifyPointer(isolate, data());
1906 : }
1907 :
1908 : void AccessorPair::AccessorPairVerify(Isolate* isolate) {
1909 : CHECK(IsAccessorPair());
1910 : VerifyPointer(isolate, getter());
1911 : VerifyPointer(isolate, setter());
1912 : }
1913 :
1914 : void AccessCheckInfo::AccessCheckInfoVerify(Isolate* isolate) {
1915 : CHECK(IsAccessCheckInfo());
1916 : VerifyPointer(isolate, callback());
1917 : VerifyPointer(isolate, named_interceptor());
1918 : VerifyPointer(isolate, indexed_interceptor());
1919 : VerifyPointer(isolate, data());
1920 : }
1921 :
1922 : void CallHandlerInfo::CallHandlerInfoVerify(Isolate* isolate) {
1923 : CHECK(IsCallHandlerInfo());
1924 : CHECK(map() == ReadOnlyRoots(isolate).side_effect_call_handler_info_map() ||
1925 : map() ==
1926 : ReadOnlyRoots(isolate).side_effect_free_call_handler_info_map() ||
1927 : map() == ReadOnlyRoots(isolate)
1928 : .next_call_side_effect_free_call_handler_info_map());
1929 : VerifyPointer(isolate, callback());
1930 : VerifyPointer(isolate, js_callback());
1931 : VerifyPointer(isolate, data());
1932 : }
1933 :
1934 : void InterceptorInfo::InterceptorInfoVerify(Isolate* isolate) {
1935 : CHECK(IsInterceptorInfo());
1936 : VerifyForeignPointer(isolate, *this, getter());
1937 : VerifyForeignPointer(isolate, *this, setter());
1938 : VerifyForeignPointer(isolate, *this, query());
1939 : VerifyForeignPointer(isolate, *this, deleter());
1940 : VerifyForeignPointer(isolate, *this, enumerator());
1941 : VerifyPointer(isolate, data());
1942 : VerifySmiField(kFlagsOffset);
1943 : }
1944 :
1945 : void TemplateInfo::TemplateInfoVerify(Isolate* isolate) {
1946 : VerifyPointer(isolate, tag());
1947 : VerifyPointer(isolate, property_list());
1948 : VerifyPointer(isolate, property_accessors());
1949 : }
1950 :
1951 : void FunctionTemplateInfo::FunctionTemplateInfoVerify(Isolate* isolate) {
1952 : CHECK(IsFunctionTemplateInfo());
1953 : TemplateInfoVerify(isolate);
1954 : VerifyPointer(isolate, serial_number());
1955 : VerifyPointer(isolate, call_code());
1956 : VerifyPointer(isolate, signature());
1957 : VerifyPointer(isolate, cached_property_name());
1958 : VerifyPointer(isolate, rare_data());
1959 : }
1960 :
1961 : void FunctionTemplateRareData::FunctionTemplateRareDataVerify(
1962 : Isolate* isolate) {
1963 : CHECK(IsFunctionTemplateRareData());
1964 : VerifyPointer(isolate, prototype_template());
1965 : VerifyPointer(isolate, parent_template());
1966 : VerifyPointer(isolate, named_property_handler());
1967 : VerifyPointer(isolate, indexed_property_handler());
1968 : VerifyPointer(isolate, instance_template());
1969 : VerifyPointer(isolate, access_check_info());
1970 : }
1971 :
1972 : void ObjectTemplateInfo::ObjectTemplateInfoVerify(Isolate* isolate) {
1973 : CHECK(IsObjectTemplateInfo());
1974 : TemplateInfoVerify(isolate);
1975 : VerifyPointer(isolate, constructor());
1976 : VerifyPointer(isolate, data());
1977 : }
1978 :
1979 : void AllocationSite::AllocationSiteVerify(Isolate* isolate) {
1980 : CHECK(IsAllocationSite());
1981 : }
1982 :
1983 : void AllocationMemento::AllocationMementoVerify(Isolate* isolate) {
1984 : CHECK(IsAllocationMemento());
1985 : VerifyHeapPointer(isolate, allocation_site());
1986 : CHECK(!IsValid() || GetAllocationSite()->IsAllocationSite());
1987 : }
1988 :
1989 : void Script::ScriptVerify(Isolate* isolate) {
1990 : CHECK(IsScript());
1991 : VerifyPointer(isolate, source());
1992 : VerifyPointer(isolate, name());
1993 : VerifyPointer(isolate, line_ends());
1994 : for (int i = 0; i < shared_function_infos()->length(); ++i) {
1995 : MaybeObject maybe_object = shared_function_infos()->Get(i);
1996 : HeapObject heap_object;
1997 : CHECK(maybe_object->IsWeak() || maybe_object->IsCleared() ||
1998 : (maybe_object->GetHeapObjectIfStrong(&heap_object) &&
1999 : heap_object->IsUndefined(isolate)));
2000 : }
2001 : }
2002 :
2003 : void NormalizedMapCache::NormalizedMapCacheVerify(Isolate* isolate) {
2004 : WeakFixedArray::cast(*this)->WeakFixedArrayVerify(isolate);
2005 : if (FLAG_enable_slow_asserts) {
2006 : for (int i = 0; i < length(); i++) {
2007 : MaybeObject e = WeakFixedArray::Get(i);
2008 : HeapObject heap_object;
2009 : if (e->GetHeapObjectIfWeak(&heap_object)) {
2010 : Map::cast(heap_object)->DictionaryMapVerify(isolate);
2011 : } else {
2012 : CHECK(e->IsCleared() || (e->GetHeapObjectIfStrong(&heap_object) &&
2013 : heap_object->IsUndefined(isolate)));
2014 : }
2015 : }
2016 : }
2017 : }
2018 :
2019 : void DebugInfo::DebugInfoVerify(Isolate* isolate) {
2020 : CHECK(IsDebugInfo());
2021 : VerifyPointer(isolate, shared());
2022 : VerifyPointer(isolate, script());
2023 : VerifyPointer(isolate, original_bytecode_array());
2024 : VerifyPointer(isolate, break_points());
2025 : }
2026 :
2027 : void StackFrameInfo::StackFrameInfoVerify(Isolate* isolate) {
2028 : CHECK(IsStackFrameInfo());
2029 : VerifyPointer(isolate, script_name());
2030 : VerifyPointer(isolate, script_name_or_source_url());
2031 : VerifyPointer(isolate, function_name());
2032 : }
2033 :
2034 : void PreparseData::PreparseDataVerify(Isolate* isolate) {
2035 : CHECK(IsPreparseData());
2036 : CHECK_LE(0, data_length());
2037 : CHECK_LE(0, children_length());
2038 :
2039 : for (int i = 0; i < children_length(); ++i) {
2040 : Object child = get_child_raw(i);
2041 : CHECK(child->IsNull() || child->IsPreparseData());
2042 : VerifyPointer(isolate, child);
2043 : }
2044 : }
2045 :
2046 : void UncompiledDataWithPreparseData::UncompiledDataWithPreparseDataVerify(
2047 : Isolate* isolate) {
2048 : CHECK(IsUncompiledDataWithPreparseData());
2049 : VerifyPointer(isolate, inferred_name());
2050 : VerifyPointer(isolate, preparse_data());
2051 : }
2052 :
2053 : void UncompiledDataWithoutPreparseData::UncompiledDataWithoutPreparseDataVerify(
2054 : Isolate* isolate) {
2055 : CHECK(IsUncompiledDataWithoutPreparseData());
2056 : VerifyPointer(isolate, inferred_name());
2057 : }
2058 :
2059 : void InterpreterData::InterpreterDataVerify(Isolate* isolate) {
2060 : CHECK(IsInterpreterData());
2061 : CHECK(bytecode_array()->IsBytecodeArray());
2062 : CHECK(interpreter_trampoline()->IsCode());
2063 : }
2064 :
2065 : #ifdef V8_INTL_SUPPORT
2066 : void JSV8BreakIterator::JSV8BreakIteratorVerify(Isolate* isolate) {
2067 : JSObjectVerify(isolate);
2068 : VerifyObjectField(isolate, kLocaleOffset);
2069 : VerifyObjectField(isolate, kTypeOffset);
2070 : VerifyObjectField(isolate, kBreakIteratorOffset);
2071 : VerifyObjectField(isolate, kUnicodeStringOffset);
2072 : VerifyObjectField(isolate, kBoundAdoptTextOffset);
2073 : VerifyObjectField(isolate, kBoundFirstOffset);
2074 : VerifyObjectField(isolate, kBoundNextOffset);
2075 : VerifyObjectField(isolate, kBoundCurrentOffset);
2076 : VerifyObjectField(isolate, kBoundBreakTypeOffset);
2077 : }
2078 :
2079 : void JSCollator::JSCollatorVerify(Isolate* isolate) {
2080 : CHECK(IsJSCollator());
2081 : JSObjectVerify(isolate);
2082 : VerifyObjectField(isolate, kICUCollatorOffset);
2083 : VerifyObjectField(isolate, kBoundCompareOffset);
2084 : }
2085 :
2086 : void JSDateTimeFormat::JSDateTimeFormatVerify(Isolate* isolate) {
2087 : JSObjectVerify(isolate);
2088 : VerifyObjectField(isolate, kICULocaleOffset);
2089 : VerifyObjectField(isolate, kICUSimpleDateFormatOffset);
2090 : VerifyObjectField(isolate, kBoundFormatOffset);
2091 : VerifyObjectField(isolate, kFlagsOffset);
2092 : }
2093 :
2094 : void JSListFormat::JSListFormatVerify(Isolate* isolate) {
2095 : JSObjectVerify(isolate);
2096 : VerifyObjectField(isolate, kLocaleOffset);
2097 : VerifyObjectField(isolate, kICUFormatterOffset);
2098 : VerifyObjectField(isolate, kFlagsOffset);
2099 : }
2100 :
2101 : void JSLocale::JSLocaleVerify(Isolate* isolate) {
2102 : JSObjectVerify(isolate);
2103 : VerifyObjectField(isolate, kICULocaleOffset);
2104 : }
2105 :
2106 : void JSNumberFormat::JSNumberFormatVerify(Isolate* isolate) {
2107 : CHECK(IsJSNumberFormat());
2108 : JSObjectVerify(isolate);
2109 : VerifyObjectField(isolate, kLocaleOffset);
2110 : VerifyObjectField(isolate, kICUNumberFormatOffset);
2111 : VerifyObjectField(isolate, kBoundFormatOffset);
2112 : VerifyObjectField(isolate, kFlagsOffset);
2113 : }
2114 :
2115 : void JSPluralRules::JSPluralRulesVerify(Isolate* isolate) {
2116 : CHECK(IsJSPluralRules());
2117 : JSObjectVerify(isolate);
2118 : VerifyObjectField(isolate, kLocaleOffset);
2119 : VerifyObjectField(isolate, kFlagsOffset);
2120 : VerifyObjectField(isolate, kICUPluralRulesOffset);
2121 : VerifyObjectField(isolate, kICUDecimalFormatOffset);
2122 : }
2123 :
2124 : void JSRelativeTimeFormat::JSRelativeTimeFormatVerify(Isolate* isolate) {
2125 : JSObjectVerify(isolate);
2126 : VerifyObjectField(isolate, kLocaleOffset);
2127 : VerifyObjectField(isolate, kICUFormatterOffset);
2128 : VerifyObjectField(isolate, kFlagsOffset);
2129 : }
2130 :
2131 : void JSSegmentIterator::JSSegmentIteratorVerify(Isolate* isolate) {
2132 : JSObjectVerify(isolate);
2133 : VerifyObjectField(isolate, kICUBreakIteratorOffset);
2134 : VerifyObjectField(isolate, kUnicodeStringOffset);
2135 : VerifyObjectField(isolate, kFlagsOffset);
2136 : }
2137 :
2138 : void JSSegmenter::JSSegmenterVerify(Isolate* isolate) {
2139 : JSObjectVerify(isolate);
2140 : VerifyObjectField(isolate, kLocaleOffset);
2141 : VerifyObjectField(isolate, kICUBreakIteratorOffset);
2142 : VerifyObjectField(isolate, kFlagsOffset);
2143 : }
2144 : #endif // V8_INTL_SUPPORT
2145 :
2146 : #endif // VERIFY_HEAP
2147 :
2148 : #ifdef DEBUG
2149 :
2150 : void JSObject::IncrementSpillStatistics(Isolate* isolate,
2151 : SpillInformation* info) {
2152 : info->number_of_objects_++;
2153 : // Named properties
2154 : if (HasFastProperties()) {
2155 : info->number_of_objects_with_fast_properties_++;
2156 : info->number_of_fast_used_fields_ += map()->NextFreePropertyIndex();
2157 : info->number_of_fast_unused_fields_ += map()->UnusedPropertyFields();
2158 : } else if (IsJSGlobalObject()) {
2159 : GlobalDictionary dict = JSGlobalObject::cast(*this)->global_dictionary();
2160 : info->number_of_slow_used_properties_ += dict->NumberOfElements();
2161 : info->number_of_slow_unused_properties_ +=
2162 : dict->Capacity() - dict->NumberOfElements();
2163 : } else {
2164 : NameDictionary dict = property_dictionary();
2165 : info->number_of_slow_used_properties_ += dict->NumberOfElements();
2166 : info->number_of_slow_unused_properties_ +=
2167 : dict->Capacity() - dict->NumberOfElements();
2168 : }
2169 : // Indexed properties
2170 : switch (GetElementsKind()) {
2171 : case HOLEY_SMI_ELEMENTS:
2172 : case PACKED_SMI_ELEMENTS:
2173 : case HOLEY_DOUBLE_ELEMENTS:
2174 : case PACKED_DOUBLE_ELEMENTS:
2175 : case HOLEY_ELEMENTS:
2176 : case PACKED_ELEMENTS:
2177 : case FAST_STRING_WRAPPER_ELEMENTS: {
2178 : info->number_of_objects_with_fast_elements_++;
2179 : int holes = 0;
2180 : FixedArray e = FixedArray::cast(elements());
2181 : int len = e->length();
2182 : for (int i = 0; i < len; i++) {
2183 : if (e->get(i)->IsTheHole(isolate)) holes++;
2184 : }
2185 : info->number_of_fast_used_elements_ += len - holes;
2186 : info->number_of_fast_unused_elements_ += holes;
2187 : break;
2188 : }
2189 :
2190 : #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype) case TYPE##_ELEMENTS:
2191 :
2192 : TYPED_ARRAYS(TYPED_ARRAY_CASE)
2193 : #undef TYPED_ARRAY_CASE
2194 : {
2195 : info->number_of_objects_with_fast_elements_++;
2196 : FixedArrayBase e = FixedArrayBase::cast(elements());
2197 : info->number_of_fast_used_elements_ += e->length();
2198 : break;
2199 : }
2200 : case DICTIONARY_ELEMENTS:
2201 : case SLOW_STRING_WRAPPER_ELEMENTS: {
2202 : NumberDictionary dict = element_dictionary();
2203 : info->number_of_slow_used_elements_ += dict->NumberOfElements();
2204 : info->number_of_slow_unused_elements_ +=
2205 : dict->Capacity() - dict->NumberOfElements();
2206 : break;
2207 : }
2208 : case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
2209 : case SLOW_SLOPPY_ARGUMENTS_ELEMENTS:
2210 : case NO_ELEMENTS:
2211 : break;
2212 : }
2213 : }
2214 :
2215 :
2216 : void JSObject::SpillInformation::Clear() {
2217 : number_of_objects_ = 0;
2218 : number_of_objects_with_fast_properties_ = 0;
2219 : number_of_objects_with_fast_elements_ = 0;
2220 : number_of_fast_used_fields_ = 0;
2221 : number_of_fast_unused_fields_ = 0;
2222 : number_of_slow_used_properties_ = 0;
2223 : number_of_slow_unused_properties_ = 0;
2224 : number_of_fast_used_elements_ = 0;
2225 : number_of_fast_unused_elements_ = 0;
2226 : number_of_slow_used_elements_ = 0;
2227 : number_of_slow_unused_elements_ = 0;
2228 : }
2229 :
2230 :
2231 : void JSObject::SpillInformation::Print() {
2232 : PrintF("\n JSObject Spill Statistics (#%d):\n", number_of_objects_);
2233 :
2234 : PrintF(" - fast properties (#%d): %d (used) %d (unused)\n",
2235 : number_of_objects_with_fast_properties_,
2236 : number_of_fast_used_fields_, number_of_fast_unused_fields_);
2237 :
2238 : PrintF(" - slow properties (#%d): %d (used) %d (unused)\n",
2239 : number_of_objects_ - number_of_objects_with_fast_properties_,
2240 : number_of_slow_used_properties_, number_of_slow_unused_properties_);
2241 :
2242 : PrintF(" - fast elements (#%d): %d (used) %d (unused)\n",
2243 : number_of_objects_with_fast_elements_,
2244 : number_of_fast_used_elements_, number_of_fast_unused_elements_);
2245 :
2246 : PrintF(" - slow elements (#%d): %d (used) %d (unused)\n",
2247 : number_of_objects_ - number_of_objects_with_fast_elements_,
2248 : number_of_slow_used_elements_, number_of_slow_unused_elements_);
2249 :
2250 : PrintF("\n");
2251 : }
2252 :
2253 : bool DescriptorArray::IsSortedNoDuplicates(int valid_entries) {
2254 : if (valid_entries == -1) valid_entries = number_of_descriptors();
2255 : Name current_key;
2256 : uint32_t current = 0;
2257 : for (int i = 0; i < number_of_descriptors(); i++) {
2258 : Name key = GetSortedKey(i);
2259 : if (key == current_key) {
2260 : Print();
2261 : return false;
2262 : }
2263 : current_key = key;
2264 : uint32_t hash = GetSortedKey(i)->Hash();
2265 : if (hash < current) {
2266 : Print();
2267 : return false;
2268 : }
2269 : current = hash;
2270 : }
2271 : return true;
2272 : }
2273 :
2274 : bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
2275 : DCHECK_EQ(valid_entries, -1);
2276 : Name prev_key;
2277 : PropertyKind prev_kind = kData;
2278 : PropertyAttributes prev_attributes = NONE;
2279 : uint32_t prev_hash = 0;
2280 :
2281 : for (int i = 0; i < number_of_transitions(); i++) {
2282 : Name key = GetSortedKey(i);
2283 : uint32_t hash = key->Hash();
2284 : PropertyKind kind = kData;
2285 : PropertyAttributes attributes = NONE;
2286 : if (!TransitionsAccessor::IsSpecialTransition(key->GetReadOnlyRoots(),
2287 : key)) {
2288 : Map target = GetTarget(i);
2289 : PropertyDetails details =
2290 : TransitionsAccessor::GetTargetDetails(key, target);
2291 : kind = details.kind();
2292 : attributes = details.attributes();
2293 : } else {
2294 : // Duplicate entries are not allowed for non-property transitions.
2295 : DCHECK_NE(prev_key, key);
2296 : }
2297 :
2298 : int cmp = CompareKeys(prev_key, prev_hash, prev_kind, prev_attributes, key,
2299 : hash, kind, attributes);
2300 : if (cmp >= 0) {
2301 : Print();
2302 : return false;
2303 : }
2304 : prev_key = key;
2305 : prev_hash = hash;
2306 : prev_attributes = attributes;
2307 : prev_kind = kind;
2308 : }
2309 : return true;
2310 : }
2311 :
2312 : bool TransitionsAccessor::IsSortedNoDuplicates() {
2313 : // Simple and non-existent transitions are always sorted.
2314 : if (encoding() != kFullTransitionArray) return true;
2315 : return transitions()->IsSortedNoDuplicates();
2316 : }
2317 :
2318 : static bool CheckOneBackPointer(Map current_map, Object target) {
2319 : return !target->IsMap() || Map::cast(target)->GetBackPointer() == current_map;
2320 : }
2321 :
2322 : bool TransitionsAccessor::IsConsistentWithBackPointers() {
2323 : int num_transitions = NumberOfTransitions();
2324 : for (int i = 0; i < num_transitions; i++) {
2325 : Map target = GetTarget(i);
2326 : if (!CheckOneBackPointer(map_, target)) return false;
2327 : }
2328 : return true;
2329 : }
2330 :
2331 : #endif // DEBUG
2332 :
2333 : } // namespace internal
2334 183867 : } // namespace v8
|
