1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "src/v8.h"
6
7 #include "src/disasm.h"
8 #include "src/disassembler.h"
9 #include "src/heap/objects-visiting.h"
10 #include "src/jsregexp.h"
11 #include "src/macro-assembler.h"
12 #include "src/ostreams.h"
13
14 namespace v8 {
15 namespace internal {
16
17 #ifdef VERIFY_HEAP
18
ObjectVerify()19 void Object::ObjectVerify() {
20 if (IsSmi()) {
21 Smi::cast(this)->SmiVerify();
22 } else {
23 HeapObject::cast(this)->HeapObjectVerify();
24 }
25 }
26
27
VerifyPointer(Object * p)28 void Object::VerifyPointer(Object* p) {
29 if (p->IsHeapObject()) {
30 HeapObject::VerifyHeapPointer(p);
31 } else {
32 CHECK(p->IsSmi());
33 }
34 }
35
36
SmiVerify()37 void Smi::SmiVerify() {
38 CHECK(IsSmi());
39 }
40
41
HeapObjectVerify()42 void HeapObject::HeapObjectVerify() {
43 InstanceType instance_type = map()->instance_type();
44
45 if (instance_type < FIRST_NONSTRING_TYPE) {
46 String::cast(this)->StringVerify();
47 return;
48 }
49
50 switch (instance_type) {
51 case SYMBOL_TYPE:
52 Symbol::cast(this)->SymbolVerify();
53 break;
54 case MAP_TYPE:
55 Map::cast(this)->MapVerify();
56 break;
57 case HEAP_NUMBER_TYPE:
58 case MUTABLE_HEAP_NUMBER_TYPE:
59 HeapNumber::cast(this)->HeapNumberVerify();
60 break;
61 case FIXED_ARRAY_TYPE:
62 FixedArray::cast(this)->FixedArrayVerify();
63 break;
64 case FIXED_DOUBLE_ARRAY_TYPE:
65 FixedDoubleArray::cast(this)->FixedDoubleArrayVerify();
66 break;
67 case CONSTANT_POOL_ARRAY_TYPE:
68 ConstantPoolArray::cast(this)->ConstantPoolArrayVerify();
69 break;
70 case BYTE_ARRAY_TYPE:
71 ByteArray::cast(this)->ByteArrayVerify();
72 break;
73 case FREE_SPACE_TYPE:
74 FreeSpace::cast(this)->FreeSpaceVerify();
75 break;
76
77 #define VERIFY_TYPED_ARRAY(Type, type, TYPE, ctype, size) \
78 case EXTERNAL_##TYPE##_ARRAY_TYPE: \
79 External##Type##Array::cast(this)->External##Type##ArrayVerify(); \
80 break; \
81 case FIXED_##TYPE##_ARRAY_TYPE: \
82 Fixed##Type##Array::cast(this)->FixedTypedArrayVerify(); \
83 break;
84
85 TYPED_ARRAYS(VERIFY_TYPED_ARRAY)
86 #undef VERIFY_TYPED_ARRAY
87
88 case CODE_TYPE:
89 Code::cast(this)->CodeVerify();
90 break;
91 case ODDBALL_TYPE:
92 Oddball::cast(this)->OddballVerify();
93 break;
94 case JS_OBJECT_TYPE:
95 case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
96 JSObject::cast(this)->JSObjectVerify();
97 break;
98 case JS_GENERATOR_OBJECT_TYPE:
99 JSGeneratorObject::cast(this)->JSGeneratorObjectVerify();
100 break;
101 case JS_MODULE_TYPE:
102 JSModule::cast(this)->JSModuleVerify();
103 break;
104 case JS_VALUE_TYPE:
105 JSValue::cast(this)->JSValueVerify();
106 break;
107 case JS_DATE_TYPE:
108 JSDate::cast(this)->JSDateVerify();
109 break;
110 case JS_FUNCTION_TYPE:
111 JSFunction::cast(this)->JSFunctionVerify();
112 break;
113 case JS_GLOBAL_PROXY_TYPE:
114 JSGlobalProxy::cast(this)->JSGlobalProxyVerify();
115 break;
116 case JS_GLOBAL_OBJECT_TYPE:
117 JSGlobalObject::cast(this)->JSGlobalObjectVerify();
118 break;
119 case JS_BUILTINS_OBJECT_TYPE:
120 JSBuiltinsObject::cast(this)->JSBuiltinsObjectVerify();
121 break;
122 case CELL_TYPE:
123 Cell::cast(this)->CellVerify();
124 break;
125 case PROPERTY_CELL_TYPE:
126 PropertyCell::cast(this)->PropertyCellVerify();
127 break;
128 case JS_ARRAY_TYPE:
129 JSArray::cast(this)->JSArrayVerify();
130 break;
131 case JS_SET_TYPE:
132 JSSet::cast(this)->JSSetVerify();
133 break;
134 case JS_MAP_TYPE:
135 JSMap::cast(this)->JSMapVerify();
136 break;
137 case JS_SET_ITERATOR_TYPE:
138 JSSetIterator::cast(this)->JSSetIteratorVerify();
139 break;
140 case JS_MAP_ITERATOR_TYPE:
141 JSMapIterator::cast(this)->JSMapIteratorVerify();
142 break;
143 case JS_WEAK_MAP_TYPE:
144 JSWeakMap::cast(this)->JSWeakMapVerify();
145 break;
146 case JS_WEAK_SET_TYPE:
147 JSWeakSet::cast(this)->JSWeakSetVerify();
148 break;
149 case JS_REGEXP_TYPE:
150 JSRegExp::cast(this)->JSRegExpVerify();
151 break;
152 case FILLER_TYPE:
153 break;
154 case JS_PROXY_TYPE:
155 JSProxy::cast(this)->JSProxyVerify();
156 break;
157 case JS_FUNCTION_PROXY_TYPE:
158 JSFunctionProxy::cast(this)->JSFunctionProxyVerify();
159 break;
160 case FOREIGN_TYPE:
161 Foreign::cast(this)->ForeignVerify();
162 break;
163 case SHARED_FUNCTION_INFO_TYPE:
164 SharedFunctionInfo::cast(this)->SharedFunctionInfoVerify();
165 break;
166 case JS_MESSAGE_OBJECT_TYPE:
167 JSMessageObject::cast(this)->JSMessageObjectVerify();
168 break;
169 case JS_ARRAY_BUFFER_TYPE:
170 JSArrayBuffer::cast(this)->JSArrayBufferVerify();
171 break;
172 case JS_TYPED_ARRAY_TYPE:
173 JSTypedArray::cast(this)->JSTypedArrayVerify();
174 break;
175 case JS_DATA_VIEW_TYPE:
176 JSDataView::cast(this)->JSDataViewVerify();
177 break;
178
179 #define MAKE_STRUCT_CASE(NAME, Name, name) \
180 case NAME##_TYPE: \
181 Name::cast(this)->Name##Verify(); \
182 break;
183 STRUCT_LIST(MAKE_STRUCT_CASE)
184 #undef MAKE_STRUCT_CASE
185
186 default:
187 UNREACHABLE();
188 break;
189 }
190 }
191
192
VerifyHeapPointer(Object * p)193 void HeapObject::VerifyHeapPointer(Object* p) {
194 CHECK(p->IsHeapObject());
195 HeapObject* ho = HeapObject::cast(p);
196 CHECK(ho->GetHeap()->Contains(ho));
197 }
198
199
SymbolVerify()200 void Symbol::SymbolVerify() {
201 CHECK(IsSymbol());
202 CHECK(HasHashCode());
203 CHECK_GT(Hash(), 0);
204 CHECK(name()->IsUndefined() || name()->IsString());
205 CHECK(flags()->IsSmi());
206 }
207
208
HeapNumberVerify()209 void HeapNumber::HeapNumberVerify() {
210 CHECK(IsHeapNumber() || IsMutableHeapNumber());
211 }
212
213
ByteArrayVerify()214 void ByteArray::ByteArrayVerify() {
215 CHECK(IsByteArray());
216 }
217
218
FreeSpaceVerify()219 void FreeSpace::FreeSpaceVerify() {
220 CHECK(IsFreeSpace());
221 }
222
223
224 #define EXTERNAL_ARRAY_VERIFY(Type, type, TYPE, ctype, size) \
225 void External##Type##Array::External##Type##ArrayVerify() { \
226 CHECK(IsExternal##Type##Array()); \
227 }
228
TYPED_ARRAYS(EXTERNAL_ARRAY_VERIFY)229 TYPED_ARRAYS(EXTERNAL_ARRAY_VERIFY)
230 #undef EXTERNAL_ARRAY_VERIFY
231
232
233 template <class Traits>
234 void FixedTypedArray<Traits>::FixedTypedArrayVerify() {
235 CHECK(IsHeapObject() &&
236 HeapObject::cast(this)->map()->instance_type() ==
237 Traits::kInstanceType);
238 }
239
240
ElementsAreSafeToExamine()241 bool JSObject::ElementsAreSafeToExamine() {
242 // If a GC was caused while constructing this object, the elements
243 // pointer may point to a one pointer filler map.
244 return reinterpret_cast<Map*>(elements()) !=
245 GetHeap()->one_pointer_filler_map();
246 }
247
248
JSObjectVerify()249 void JSObject::JSObjectVerify() {
250 VerifyHeapPointer(properties());
251 VerifyHeapPointer(elements());
252
253 if (GetElementsKind() == SLOPPY_ARGUMENTS_ELEMENTS) {
254 CHECK(this->elements()->IsFixedArray());
255 CHECK_GE(this->elements()->length(), 2);
256 }
257
258 if (HasFastProperties()) {
259 CHECK_EQ(map()->unused_property_fields(),
260 (map()->inobject_properties() + properties()->length() -
261 map()->NextFreePropertyIndex()));
262 DescriptorArray* descriptors = map()->instance_descriptors();
263 for (int i = 0; i < map()->NumberOfOwnDescriptors(); i++) {
264 if (descriptors->GetDetails(i).type() == FIELD) {
265 Representation r = descriptors->GetDetails(i).representation();
266 FieldIndex index = FieldIndex::ForDescriptor(map(), i);
267 Object* value = RawFastPropertyAt(index);
268 if (r.IsDouble()) DCHECK(value->IsMutableHeapNumber());
269 if (value->IsUninitialized()) continue;
270 if (r.IsSmi()) DCHECK(value->IsSmi());
271 if (r.IsHeapObject()) DCHECK(value->IsHeapObject());
272 HeapType* field_type = descriptors->GetFieldType(i);
273 if (r.IsNone()) {
274 CHECK(field_type->Is(HeapType::None()));
275 } else if (!HeapType::Any()->Is(field_type)) {
276 CHECK(!field_type->NowStable() || field_type->NowContains(value));
277 }
278 }
279 }
280 }
281
282 // If a GC was caused while constructing this object, the elements
283 // pointer may point to a one pointer filler map.
284 if (ElementsAreSafeToExamine()) {
285 CHECK_EQ((map()->has_fast_smi_or_object_elements() ||
286 (elements() == GetHeap()->empty_fixed_array())),
287 (elements()->map() == GetHeap()->fixed_array_map() ||
288 elements()->map() == GetHeap()->fixed_cow_array_map()));
289 CHECK(map()->has_fast_object_elements() == HasFastObjectElements());
290 }
291 }
292
293
MapVerify()294 void Map::MapVerify() {
295 Heap* heap = GetHeap();
296 CHECK(!heap->InNewSpace(this));
297 CHECK(FIRST_TYPE <= instance_type() && instance_type() <= LAST_TYPE);
298 CHECK(instance_size() == kVariableSizeSentinel ||
299 (kPointerSize <= instance_size() &&
300 instance_size() < heap->Capacity()));
301 VerifyHeapPointer(prototype());
302 VerifyHeapPointer(instance_descriptors());
303 SLOW_DCHECK(instance_descriptors()->IsSortedNoDuplicates());
304 if (HasTransitionArray()) {
305 SLOW_DCHECK(transitions()->IsSortedNoDuplicates());
306 SLOW_DCHECK(transitions()->IsConsistentWithBackPointers(this));
307 }
308 }
309
310
DictionaryMapVerify()311 void Map::DictionaryMapVerify() {
312 MapVerify();
313 CHECK(is_dictionary_map());
314 CHECK(instance_descriptors()->IsEmpty());
315 CHECK_EQ(0, pre_allocated_property_fields());
316 CHECK_EQ(0, unused_property_fields());
317 CHECK_EQ(StaticVisitorBase::GetVisitorId(instance_type(), instance_size()),
318 visitor_id());
319 }
320
321
VerifyOmittedMapChecks()322 void Map::VerifyOmittedMapChecks() {
323 if (!FLAG_omit_map_checks_for_leaf_maps) return;
324 if (!is_stable() ||
325 is_deprecated() ||
326 HasTransitionArray() ||
327 is_dictionary_map()) {
328 CHECK_EQ(0, dependent_code()->number_of_entries(
329 DependentCode::kPrototypeCheckGroup));
330 }
331 }
332
333
CodeCacheVerify()334 void CodeCache::CodeCacheVerify() {
335 VerifyHeapPointer(default_cache());
336 VerifyHeapPointer(normal_type_cache());
337 CHECK(default_cache()->IsFixedArray());
338 CHECK(normal_type_cache()->IsUndefined()
339 || normal_type_cache()->IsCodeCacheHashTable());
340 }
341
342
PolymorphicCodeCacheVerify()343 void PolymorphicCodeCache::PolymorphicCodeCacheVerify() {
344 VerifyHeapPointer(cache());
345 CHECK(cache()->IsUndefined() || cache()->IsPolymorphicCodeCacheHashTable());
346 }
347
348
TypeFeedbackInfoVerify()349 void TypeFeedbackInfo::TypeFeedbackInfoVerify() {
350 VerifyObjectField(kStorage1Offset);
351 VerifyObjectField(kStorage2Offset);
352 VerifyObjectField(kStorage3Offset);
353 }
354
355
AliasedArgumentsEntryVerify()356 void AliasedArgumentsEntry::AliasedArgumentsEntryVerify() {
357 VerifySmiField(kAliasedContextSlot);
358 }
359
360
FixedArrayVerify()361 void FixedArray::FixedArrayVerify() {
362 for (int i = 0; i < length(); i++) {
363 Object* e = get(i);
364 VerifyPointer(e);
365 }
366 }
367
368
FixedDoubleArrayVerify()369 void FixedDoubleArray::FixedDoubleArrayVerify() {
370 for (int i = 0; i < length(); i++) {
371 if (!is_the_hole(i)) {
372 double value = get_scalar(i);
373 CHECK(!std::isnan(value) ||
374 (bit_cast<uint64_t>(value) ==
375 bit_cast<uint64_t>(canonical_not_the_hole_nan_as_double())) ||
376 ((bit_cast<uint64_t>(value) & Double::kSignMask) != 0));
377 }
378 }
379 }
380
381
ConstantPoolArrayVerify()382 void ConstantPoolArray::ConstantPoolArrayVerify() {
383 CHECK(IsConstantPoolArray());
384 ConstantPoolArray::Iterator code_iter(this, ConstantPoolArray::CODE_PTR);
385 while (!code_iter.is_finished()) {
386 Address code_entry = get_code_ptr_entry(code_iter.next_index());
387 VerifyPointer(Code::GetCodeFromTargetAddress(code_entry));
388 }
389 ConstantPoolArray::Iterator heap_iter(this, ConstantPoolArray::HEAP_PTR);
390 while (!heap_iter.is_finished()) {
391 VerifyObjectField(OffsetOfElementAt(heap_iter.next_index()));
392 }
393 }
394
395
JSGeneratorObjectVerify()396 void JSGeneratorObject::JSGeneratorObjectVerify() {
397 // In an expression like "new g()", there can be a point where a generator
398 // object is allocated but its fields are all undefined, as it hasn't yet been
399 // initialized by the generator. Hence these weak checks.
400 VerifyObjectField(kFunctionOffset);
401 VerifyObjectField(kContextOffset);
402 VerifyObjectField(kReceiverOffset);
403 VerifyObjectField(kOperandStackOffset);
404 VerifyObjectField(kContinuationOffset);
405 VerifyObjectField(kStackHandlerIndexOffset);
406 }
407
408
JSModuleVerify()409 void JSModule::JSModuleVerify() {
410 VerifyObjectField(kContextOffset);
411 VerifyObjectField(kScopeInfoOffset);
412 CHECK(context()->IsUndefined() ||
413 Context::cast(context())->IsModuleContext());
414 }
415
416
JSValueVerify()417 void JSValue::JSValueVerify() {
418 Object* v = value();
419 if (v->IsHeapObject()) {
420 VerifyHeapPointer(v);
421 }
422 }
423
424
JSDateVerify()425 void JSDate::JSDateVerify() {
426 if (value()->IsHeapObject()) {
427 VerifyHeapPointer(value());
428 }
429 CHECK(value()->IsUndefined() || value()->IsSmi() || value()->IsHeapNumber());
430 CHECK(year()->IsUndefined() || year()->IsSmi() || year()->IsNaN());
431 CHECK(month()->IsUndefined() || month()->IsSmi() || month()->IsNaN());
432 CHECK(day()->IsUndefined() || day()->IsSmi() || day()->IsNaN());
433 CHECK(weekday()->IsUndefined() || weekday()->IsSmi() || weekday()->IsNaN());
434 CHECK(hour()->IsUndefined() || hour()->IsSmi() || hour()->IsNaN());
435 CHECK(min()->IsUndefined() || min()->IsSmi() || min()->IsNaN());
436 CHECK(sec()->IsUndefined() || sec()->IsSmi() || sec()->IsNaN());
437 CHECK(cache_stamp()->IsUndefined() ||
438 cache_stamp()->IsSmi() ||
439 cache_stamp()->IsNaN());
440
441 if (month()->IsSmi()) {
442 int month = Smi::cast(this->month())->value();
443 CHECK(0 <= month && month <= 11);
444 }
445 if (day()->IsSmi()) {
446 int day = Smi::cast(this->day())->value();
447 CHECK(1 <= day && day <= 31);
448 }
449 if (hour()->IsSmi()) {
450 int hour = Smi::cast(this->hour())->value();
451 CHECK(0 <= hour && hour <= 23);
452 }
453 if (min()->IsSmi()) {
454 int min = Smi::cast(this->min())->value();
455 CHECK(0 <= min && min <= 59);
456 }
457 if (sec()->IsSmi()) {
458 int sec = Smi::cast(this->sec())->value();
459 CHECK(0 <= sec && sec <= 59);
460 }
461 if (weekday()->IsSmi()) {
462 int weekday = Smi::cast(this->weekday())->value();
463 CHECK(0 <= weekday && weekday <= 6);
464 }
465 if (cache_stamp()->IsSmi()) {
466 CHECK(Smi::cast(cache_stamp())->value() <=
467 Smi::cast(GetIsolate()->date_cache()->stamp())->value());
468 }
469 }
470
471
JSMessageObjectVerify()472 void JSMessageObject::JSMessageObjectVerify() {
473 CHECK(IsJSMessageObject());
474 CHECK(type()->IsString());
475 CHECK(arguments()->IsJSArray());
476 VerifyObjectField(kStartPositionOffset);
477 VerifyObjectField(kEndPositionOffset);
478 VerifyObjectField(kArgumentsOffset);
479 VerifyObjectField(kScriptOffset);
480 VerifyObjectField(kStackFramesOffset);
481 }
482
483
StringVerify()484 void String::StringVerify() {
485 CHECK(IsString());
486 CHECK(length() >= 0 && length() <= Smi::kMaxValue);
487 if (IsInternalizedString()) {
488 CHECK(!GetHeap()->InNewSpace(this));
489 }
490 if (IsConsString()) {
491 ConsString::cast(this)->ConsStringVerify();
492 } else if (IsSlicedString()) {
493 SlicedString::cast(this)->SlicedStringVerify();
494 }
495 }
496
497
ConsStringVerify()498 void ConsString::ConsStringVerify() {
499 CHECK(this->first()->IsString());
500 CHECK(this->second() == GetHeap()->empty_string() ||
501 this->second()->IsString());
502 CHECK(this->length() >= ConsString::kMinLength);
503 CHECK(this->length() == this->first()->length() + this->second()->length());
504 if (this->IsFlat()) {
505 // A flat cons can only be created by String::SlowTryFlatten.
506 // Afterwards, the first part may be externalized.
507 CHECK(this->first()->IsSeqString() || this->first()->IsExternalString());
508 }
509 }
510
511
SlicedStringVerify()512 void SlicedString::SlicedStringVerify() {
513 CHECK(!this->parent()->IsConsString());
514 CHECK(!this->parent()->IsSlicedString());
515 CHECK(this->length() >= SlicedString::kMinLength);
516 }
517
518
JSFunctionVerify()519 void JSFunction::JSFunctionVerify() {
520 CHECK(IsJSFunction());
521 VerifyObjectField(kPrototypeOrInitialMapOffset);
522 VerifyObjectField(kNextFunctionLinkOffset);
523 CHECK(code()->IsCode());
524 CHECK(next_function_link() == NULL ||
525 next_function_link()->IsUndefined() ||
526 next_function_link()->IsJSFunction());
527 }
528
529
SharedFunctionInfoVerify()530 void SharedFunctionInfo::SharedFunctionInfoVerify() {
531 CHECK(IsSharedFunctionInfo());
532 VerifyObjectField(kNameOffset);
533 VerifyObjectField(kCodeOffset);
534 VerifyObjectField(kOptimizedCodeMapOffset);
535 VerifyObjectField(kFeedbackVectorOffset);
536 VerifyObjectField(kScopeInfoOffset);
537 VerifyObjectField(kInstanceClassNameOffset);
538 VerifyObjectField(kFunctionDataOffset);
539 VerifyObjectField(kScriptOffset);
540 VerifyObjectField(kDebugInfoOffset);
541 }
542
543
JSGlobalProxyVerify()544 void JSGlobalProxy::JSGlobalProxyVerify() {
545 CHECK(IsJSGlobalProxy());
546 JSObjectVerify();
547 VerifyObjectField(JSGlobalProxy::kNativeContextOffset);
548 // Make sure that this object has no properties, elements.
549 CHECK_EQ(0, properties()->length());
550 CHECK(HasFastSmiElements());
551 CHECK_EQ(0, FixedArray::cast(elements())->length());
552 }
553
554
JSGlobalObjectVerify()555 void JSGlobalObject::JSGlobalObjectVerify() {
556 CHECK(IsJSGlobalObject());
557 JSObjectVerify();
558 for (int i = GlobalObject::kBuiltinsOffset;
559 i < JSGlobalObject::kSize;
560 i += kPointerSize) {
561 VerifyObjectField(i);
562 }
563 }
564
565
JSBuiltinsObjectVerify()566 void JSBuiltinsObject::JSBuiltinsObjectVerify() {
567 CHECK(IsJSBuiltinsObject());
568 JSObjectVerify();
569 for (int i = GlobalObject::kBuiltinsOffset;
570 i < JSBuiltinsObject::kSize;
571 i += kPointerSize) {
572 VerifyObjectField(i);
573 }
574 }
575
576
OddballVerify()577 void Oddball::OddballVerify() {
578 CHECK(IsOddball());
579 Heap* heap = GetHeap();
580 VerifyHeapPointer(to_string());
581 Object* number = to_number();
582 if (number->IsHeapObject()) {
583 CHECK(number == heap->nan_value());
584 } else {
585 CHECK(number->IsSmi());
586 int value = Smi::cast(number)->value();
587 // Hidden oddballs have negative smis.
588 const int kLeastHiddenOddballNumber = -5;
589 CHECK_LE(value, 1);
590 CHECK(value >= kLeastHiddenOddballNumber);
591 }
592 if (map() == heap->undefined_map()) {
593 CHECK(this == heap->undefined_value());
594 } else if (map() == heap->the_hole_map()) {
595 CHECK(this == heap->the_hole_value());
596 } else if (map() == heap->null_map()) {
597 CHECK(this == heap->null_value());
598 } else if (map() == heap->boolean_map()) {
599 CHECK(this == heap->true_value() ||
600 this == heap->false_value());
601 } else if (map() == heap->uninitialized_map()) {
602 CHECK(this == heap->uninitialized_value());
603 } else if (map() == heap->no_interceptor_result_sentinel_map()) {
604 CHECK(this == heap->no_interceptor_result_sentinel());
605 } else if (map() == heap->arguments_marker_map()) {
606 CHECK(this == heap->arguments_marker());
607 } else if (map() == heap->termination_exception_map()) {
608 CHECK(this == heap->termination_exception());
609 } else if (map() == heap->exception_map()) {
610 CHECK(this == heap->exception());
611 } else {
612 UNREACHABLE();
613 }
614 }
615
616
CellVerify()617 void Cell::CellVerify() {
618 CHECK(IsCell());
619 VerifyObjectField(kValueOffset);
620 }
621
622
PropertyCellVerify()623 void PropertyCell::PropertyCellVerify() {
624 CHECK(IsPropertyCell());
625 VerifyObjectField(kValueOffset);
626 VerifyObjectField(kTypeOffset);
627 }
628
629
CodeVerify()630 void Code::CodeVerify() {
631 CHECK(IsAligned(reinterpret_cast<intptr_t>(instruction_start()),
632 kCodeAlignment));
633 relocation_info()->ObjectVerify();
634 Address last_gc_pc = NULL;
635 Isolate* isolate = GetIsolate();
636 for (RelocIterator it(this); !it.done(); it.next()) {
637 it.rinfo()->Verify(isolate);
638 // Ensure that GC will not iterate twice over the same pointer.
639 if (RelocInfo::IsGCRelocMode(it.rinfo()->rmode())) {
640 CHECK(it.rinfo()->pc() != last_gc_pc);
641 last_gc_pc = it.rinfo()->pc();
642 }
643 }
644 CHECK(raw_type_feedback_info() == Smi::FromInt(0) ||
645 raw_type_feedback_info()->IsSmi() == IsCodeStubOrIC());
646 }
647
648
VerifyEmbeddedObjectsDependency()649 void Code::VerifyEmbeddedObjectsDependency() {
650 if (!CanContainWeakObjects()) return;
651 DisallowHeapAllocation no_gc;
652 Isolate* isolate = GetIsolate();
653 HandleScope scope(isolate);
654 int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
655 for (RelocIterator it(this, mode_mask); !it.done(); it.next()) {
656 Object* obj = it.rinfo()->target_object();
657 if (IsWeakObject(obj)) {
658 if (obj->IsMap()) {
659 Map* map = Map::cast(obj);
660 DependentCode::DependencyGroup group = is_optimized_code() ?
661 DependentCode::kWeakCodeGroup : DependentCode::kWeakICGroup;
662 CHECK(map->dependent_code()->Contains(group, this));
663 } else if (obj->IsJSObject()) {
664 Object* raw_table = GetIsolate()->heap()->weak_object_to_code_table();
665 WeakHashTable* table = WeakHashTable::cast(raw_table);
666 Handle<Object> key_obj(obj, isolate);
667 CHECK(DependentCode::cast(table->Lookup(key_obj))->Contains(
668 DependentCode::kWeakCodeGroup, this));
669 }
670 }
671 }
672 }
673
674
JSArrayVerify()675 void JSArray::JSArrayVerify() {
676 JSObjectVerify();
677 CHECK(length()->IsNumber() || length()->IsUndefined());
678 // If a GC was caused while constructing this array, the elements
679 // pointer may point to a one pointer filler map.
680 if (ElementsAreSafeToExamine()) {
681 CHECK(elements()->IsUndefined() ||
682 elements()->IsFixedArray() ||
683 elements()->IsFixedDoubleArray());
684 }
685 }
686
687
JSSetVerify()688 void JSSet::JSSetVerify() {
689 CHECK(IsJSSet());
690 JSObjectVerify();
691 VerifyHeapPointer(table());
692 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
693 // TODO(arv): Verify OrderedHashTable too.
694 }
695
696
JSMapVerify()697 void JSMap::JSMapVerify() {
698 CHECK(IsJSMap());
699 JSObjectVerify();
700 VerifyHeapPointer(table());
701 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
702 // TODO(arv): Verify OrderedHashTable too.
703 }
704
705
JSSetIteratorVerify()706 void JSSetIterator::JSSetIteratorVerify() {
707 CHECK(IsJSSetIterator());
708 JSObjectVerify();
709 VerifyHeapPointer(table());
710 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
711 CHECK(index()->IsSmi() || index()->IsUndefined());
712 CHECK(kind()->IsSmi() || kind()->IsUndefined());
713 }
714
715
JSMapIteratorVerify()716 void JSMapIterator::JSMapIteratorVerify() {
717 CHECK(IsJSMapIterator());
718 JSObjectVerify();
719 VerifyHeapPointer(table());
720 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
721 CHECK(index()->IsSmi() || index()->IsUndefined());
722 CHECK(kind()->IsSmi() || kind()->IsUndefined());
723 }
724
725
JSWeakMapVerify()726 void JSWeakMap::JSWeakMapVerify() {
727 CHECK(IsJSWeakMap());
728 JSObjectVerify();
729 VerifyHeapPointer(table());
730 CHECK(table()->IsHashTable() || table()->IsUndefined());
731 }
732
733
JSWeakSetVerify()734 void JSWeakSet::JSWeakSetVerify() {
735 CHECK(IsJSWeakSet());
736 JSObjectVerify();
737 VerifyHeapPointer(table());
738 CHECK(table()->IsHashTable() || table()->IsUndefined());
739 }
740
741
JSRegExpVerify()742 void JSRegExp::JSRegExpVerify() {
743 JSObjectVerify();
744 CHECK(data()->IsUndefined() || data()->IsFixedArray());
745 switch (TypeTag()) {
746 case JSRegExp::ATOM: {
747 FixedArray* arr = FixedArray::cast(data());
748 CHECK(arr->get(JSRegExp::kAtomPatternIndex)->IsString());
749 break;
750 }
751 case JSRegExp::IRREGEXP: {
752 bool is_native = RegExpImpl::UsesNativeRegExp();
753
754 FixedArray* arr = FixedArray::cast(data());
755 Object* one_byte_data = arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
756 // Smi : Not compiled yet (-1) or code prepared for flushing.
757 // JSObject: Compilation error.
758 // Code/ByteArray: Compiled code.
759 CHECK(
760 one_byte_data->IsSmi() ||
761 (is_native ? one_byte_data->IsCode() : one_byte_data->IsByteArray()));
762 Object* uc16_data = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
763 CHECK(uc16_data->IsSmi() ||
764 (is_native ? uc16_data->IsCode() : uc16_data->IsByteArray()));
765
766 Object* one_byte_saved =
767 arr->get(JSRegExp::kIrregexpLatin1CodeSavedIndex);
768 CHECK(one_byte_saved->IsSmi() || one_byte_saved->IsString() ||
769 one_byte_saved->IsCode());
770 Object* uc16_saved = arr->get(JSRegExp::kIrregexpUC16CodeSavedIndex);
771 CHECK(uc16_saved->IsSmi() || uc16_saved->IsString() ||
772 uc16_saved->IsCode());
773
774 CHECK(arr->get(JSRegExp::kIrregexpCaptureCountIndex)->IsSmi());
775 CHECK(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex)->IsSmi());
776 break;
777 }
778 default:
779 CHECK_EQ(JSRegExp::NOT_COMPILED, TypeTag());
780 CHECK(data()->IsUndefined());
781 break;
782 }
783 }
784
785
JSProxyVerify()786 void JSProxy::JSProxyVerify() {
787 CHECK(IsJSProxy());
788 VerifyPointer(handler());
789 CHECK(hash()->IsSmi() || hash()->IsUndefined());
790 }
791
792
JSFunctionProxyVerify()793 void JSFunctionProxy::JSFunctionProxyVerify() {
794 CHECK(IsJSFunctionProxy());
795 JSProxyVerify();
796 VerifyPointer(call_trap());
797 VerifyPointer(construct_trap());
798 }
799
800
JSArrayBufferVerify()801 void JSArrayBuffer::JSArrayBufferVerify() {
802 CHECK(IsJSArrayBuffer());
803 JSObjectVerify();
804 VerifyPointer(byte_length());
805 CHECK(byte_length()->IsSmi() || byte_length()->IsHeapNumber()
806 || byte_length()->IsUndefined());
807 }
808
809
JSArrayBufferViewVerify()810 void JSArrayBufferView::JSArrayBufferViewVerify() {
811 CHECK(IsJSArrayBufferView());
812 JSObjectVerify();
813 VerifyPointer(buffer());
814 CHECK(buffer()->IsJSArrayBuffer() || buffer()->IsUndefined()
815 || buffer() == Smi::FromInt(0));
816
817 VerifyPointer(byte_offset());
818 CHECK(byte_offset()->IsSmi() || byte_offset()->IsHeapNumber()
819 || byte_offset()->IsUndefined());
820
821 VerifyPointer(byte_length());
822 CHECK(byte_length()->IsSmi() || byte_length()->IsHeapNumber()
823 || byte_length()->IsUndefined());
824 }
825
826
JSTypedArrayVerify()827 void JSTypedArray::JSTypedArrayVerify() {
828 CHECK(IsJSTypedArray());
829 JSArrayBufferViewVerify();
830 VerifyPointer(length());
831 CHECK(length()->IsSmi() || length()->IsHeapNumber()
832 || length()->IsUndefined());
833
834 VerifyPointer(elements());
835 }
836
837
JSDataViewVerify()838 void JSDataView::JSDataViewVerify() {
839 CHECK(IsJSDataView());
840 JSArrayBufferViewVerify();
841 }
842
843
ForeignVerify()844 void Foreign::ForeignVerify() {
845 CHECK(IsForeign());
846 }
847
848
BoxVerify()849 void Box::BoxVerify() {
850 CHECK(IsBox());
851 value()->ObjectVerify();
852 }
853
854
AccessorInfoVerify()855 void AccessorInfo::AccessorInfoVerify() {
856 VerifyPointer(name());
857 VerifyPointer(flag());
858 VerifyPointer(expected_receiver_type());
859 }
860
861
ExecutableAccessorInfoVerify()862 void ExecutableAccessorInfo::ExecutableAccessorInfoVerify() {
863 CHECK(IsExecutableAccessorInfo());
864 AccessorInfoVerify();
865 VerifyPointer(getter());
866 VerifyPointer(setter());
867 VerifyPointer(data());
868 }
869
870
DeclaredAccessorDescriptorVerify()871 void DeclaredAccessorDescriptor::DeclaredAccessorDescriptorVerify() {
872 CHECK(IsDeclaredAccessorDescriptor());
873 VerifyPointer(serialized_data());
874 }
875
876
DeclaredAccessorInfoVerify()877 void DeclaredAccessorInfo::DeclaredAccessorInfoVerify() {
878 CHECK(IsDeclaredAccessorInfo());
879 AccessorInfoVerify();
880 VerifyPointer(descriptor());
881 }
882
883
AccessorPairVerify()884 void AccessorPair::AccessorPairVerify() {
885 CHECK(IsAccessorPair());
886 VerifyPointer(getter());
887 VerifyPointer(setter());
888 }
889
890
AccessCheckInfoVerify()891 void AccessCheckInfo::AccessCheckInfoVerify() {
892 CHECK(IsAccessCheckInfo());
893 VerifyPointer(named_callback());
894 VerifyPointer(indexed_callback());
895 VerifyPointer(data());
896 }
897
898
InterceptorInfoVerify()899 void InterceptorInfo::InterceptorInfoVerify() {
900 CHECK(IsInterceptorInfo());
901 VerifyPointer(getter());
902 VerifyPointer(setter());
903 VerifyPointer(query());
904 VerifyPointer(deleter());
905 VerifyPointer(enumerator());
906 VerifyPointer(data());
907 }
908
909
CallHandlerInfoVerify()910 void CallHandlerInfo::CallHandlerInfoVerify() {
911 CHECK(IsCallHandlerInfo());
912 VerifyPointer(callback());
913 VerifyPointer(data());
914 }
915
916
TemplateInfoVerify()917 void TemplateInfo::TemplateInfoVerify() {
918 VerifyPointer(tag());
919 VerifyPointer(property_list());
920 VerifyPointer(property_accessors());
921 }
922
923
FunctionTemplateInfoVerify()924 void FunctionTemplateInfo::FunctionTemplateInfoVerify() {
925 CHECK(IsFunctionTemplateInfo());
926 TemplateInfoVerify();
927 VerifyPointer(serial_number());
928 VerifyPointer(call_code());
929 VerifyPointer(prototype_template());
930 VerifyPointer(parent_template());
931 VerifyPointer(named_property_handler());
932 VerifyPointer(indexed_property_handler());
933 VerifyPointer(instance_template());
934 VerifyPointer(signature());
935 VerifyPointer(access_check_info());
936 }
937
938
ObjectTemplateInfoVerify()939 void ObjectTemplateInfo::ObjectTemplateInfoVerify() {
940 CHECK(IsObjectTemplateInfo());
941 TemplateInfoVerify();
942 VerifyPointer(constructor());
943 VerifyPointer(internal_field_count());
944 }
945
946
SignatureInfoVerify()947 void SignatureInfo::SignatureInfoVerify() {
948 CHECK(IsSignatureInfo());
949 VerifyPointer(receiver());
950 VerifyPointer(args());
951 }
952
953
TypeSwitchInfoVerify()954 void TypeSwitchInfo::TypeSwitchInfoVerify() {
955 CHECK(IsTypeSwitchInfo());
956 VerifyPointer(types());
957 }
958
959
AllocationSiteVerify()960 void AllocationSite::AllocationSiteVerify() {
961 CHECK(IsAllocationSite());
962 }
963
964
AllocationMementoVerify()965 void AllocationMemento::AllocationMementoVerify() {
966 CHECK(IsAllocationMemento());
967 VerifyHeapPointer(allocation_site());
968 CHECK(!IsValid() || GetAllocationSite()->IsAllocationSite());
969 }
970
971
ScriptVerify()972 void Script::ScriptVerify() {
973 CHECK(IsScript());
974 VerifyPointer(source());
975 VerifyPointer(name());
976 line_offset()->SmiVerify();
977 column_offset()->SmiVerify();
978 VerifyPointer(wrapper());
979 type()->SmiVerify();
980 VerifyPointer(line_ends());
981 VerifyPointer(id());
982 }
983
984
JSFunctionResultCacheVerify()985 void JSFunctionResultCache::JSFunctionResultCacheVerify() {
986 JSFunction::cast(get(kFactoryIndex))->ObjectVerify();
987
988 int size = Smi::cast(get(kCacheSizeIndex))->value();
989 CHECK(kEntriesIndex <= size);
990 CHECK(size <= length());
991 CHECK_EQ(0, size % kEntrySize);
992
993 int finger = Smi::cast(get(kFingerIndex))->value();
994 CHECK(kEntriesIndex <= finger);
995 CHECK((finger < size) || (finger == kEntriesIndex && finger == size));
996 CHECK_EQ(0, finger % kEntrySize);
997
998 if (FLAG_enable_slow_asserts) {
999 for (int i = kEntriesIndex; i < size; i++) {
1000 CHECK(!get(i)->IsTheHole());
1001 get(i)->ObjectVerify();
1002 }
1003 for (int i = size; i < length(); i++) {
1004 CHECK(get(i)->IsTheHole());
1005 get(i)->ObjectVerify();
1006 }
1007 }
1008 }
1009
1010
NormalizedMapCacheVerify()1011 void NormalizedMapCache::NormalizedMapCacheVerify() {
1012 FixedArray::cast(this)->FixedArrayVerify();
1013 if (FLAG_enable_slow_asserts) {
1014 for (int i = 0; i < length(); i++) {
1015 Object* e = FixedArray::get(i);
1016 if (e->IsMap()) {
1017 Map::cast(e)->DictionaryMapVerify();
1018 } else {
1019 CHECK(e->IsUndefined());
1020 }
1021 }
1022 }
1023 }
1024
1025
DebugInfoVerify()1026 void DebugInfo::DebugInfoVerify() {
1027 CHECK(IsDebugInfo());
1028 VerifyPointer(shared());
1029 VerifyPointer(original_code());
1030 VerifyPointer(code());
1031 VerifyPointer(break_points());
1032 }
1033
1034
BreakPointInfoVerify()1035 void BreakPointInfo::BreakPointInfoVerify() {
1036 CHECK(IsBreakPointInfo());
1037 code_position()->SmiVerify();
1038 source_position()->SmiVerify();
1039 statement_position()->SmiVerify();
1040 VerifyPointer(break_point_objects());
1041 }
1042 #endif // VERIFY_HEAP
1043
1044 #ifdef DEBUG
1045
IncrementSpillStatistics(SpillInformation * info)1046 void JSObject::IncrementSpillStatistics(SpillInformation* info) {
1047 info->number_of_objects_++;
1048 // Named properties
1049 if (HasFastProperties()) {
1050 info->number_of_objects_with_fast_properties_++;
1051 info->number_of_fast_used_fields_ += map()->NextFreePropertyIndex();
1052 info->number_of_fast_unused_fields_ += map()->unused_property_fields();
1053 } else {
1054 NameDictionary* dict = property_dictionary();
1055 info->number_of_slow_used_properties_ += dict->NumberOfElements();
1056 info->number_of_slow_unused_properties_ +=
1057 dict->Capacity() - dict->NumberOfElements();
1058 }
1059 // Indexed properties
1060 switch (GetElementsKind()) {
1061 case FAST_HOLEY_SMI_ELEMENTS:
1062 case FAST_SMI_ELEMENTS:
1063 case FAST_HOLEY_DOUBLE_ELEMENTS:
1064 case FAST_DOUBLE_ELEMENTS:
1065 case FAST_HOLEY_ELEMENTS:
1066 case FAST_ELEMENTS: {
1067 info->number_of_objects_with_fast_elements_++;
1068 int holes = 0;
1069 FixedArray* e = FixedArray::cast(elements());
1070 int len = e->length();
1071 Heap* heap = GetHeap();
1072 for (int i = 0; i < len; i++) {
1073 if (e->get(i) == heap->the_hole_value()) holes++;
1074 }
1075 info->number_of_fast_used_elements_ += len - holes;
1076 info->number_of_fast_unused_elements_ += holes;
1077 break;
1078 }
1079
1080 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
1081 case EXTERNAL_##TYPE##_ELEMENTS: \
1082 case TYPE##_ELEMENTS:
1083
1084 TYPED_ARRAYS(TYPED_ARRAY_CASE)
1085 #undef TYPED_ARRAY_CASE
1086 { info->number_of_objects_with_fast_elements_++;
1087 FixedArrayBase* e = FixedArrayBase::cast(elements());
1088 info->number_of_fast_used_elements_ += e->length();
1089 break;
1090 }
1091 case DICTIONARY_ELEMENTS: {
1092 SeededNumberDictionary* dict = element_dictionary();
1093 info->number_of_slow_used_elements_ += dict->NumberOfElements();
1094 info->number_of_slow_unused_elements_ +=
1095 dict->Capacity() - dict->NumberOfElements();
1096 break;
1097 }
1098 case SLOPPY_ARGUMENTS_ELEMENTS:
1099 break;
1100 }
1101 }
1102
1103
Clear()1104 void JSObject::SpillInformation::Clear() {
1105 number_of_objects_ = 0;
1106 number_of_objects_with_fast_properties_ = 0;
1107 number_of_objects_with_fast_elements_ = 0;
1108 number_of_fast_used_fields_ = 0;
1109 number_of_fast_unused_fields_ = 0;
1110 number_of_slow_used_properties_ = 0;
1111 number_of_slow_unused_properties_ = 0;
1112 number_of_fast_used_elements_ = 0;
1113 number_of_fast_unused_elements_ = 0;
1114 number_of_slow_used_elements_ = 0;
1115 number_of_slow_unused_elements_ = 0;
1116 }
1117
1118
Print()1119 void JSObject::SpillInformation::Print() {
1120 PrintF("\n JSObject Spill Statistics (#%d):\n", number_of_objects_);
1121
1122 PrintF(" - fast properties (#%d): %d (used) %d (unused)\n",
1123 number_of_objects_with_fast_properties_,
1124 number_of_fast_used_fields_, number_of_fast_unused_fields_);
1125
1126 PrintF(" - slow properties (#%d): %d (used) %d (unused)\n",
1127 number_of_objects_ - number_of_objects_with_fast_properties_,
1128 number_of_slow_used_properties_, number_of_slow_unused_properties_);
1129
1130 PrintF(" - fast elements (#%d): %d (used) %d (unused)\n",
1131 number_of_objects_with_fast_elements_,
1132 number_of_fast_used_elements_, number_of_fast_unused_elements_);
1133
1134 PrintF(" - slow elements (#%d): %d (used) %d (unused)\n",
1135 number_of_objects_ - number_of_objects_with_fast_elements_,
1136 number_of_slow_used_elements_, number_of_slow_unused_elements_);
1137
1138 PrintF("\n");
1139 }
1140
1141
IsSortedNoDuplicates(int valid_entries)1142 bool DescriptorArray::IsSortedNoDuplicates(int valid_entries) {
1143 if (valid_entries == -1) valid_entries = number_of_descriptors();
1144 Name* current_key = NULL;
1145 uint32_t current = 0;
1146 for (int i = 0; i < number_of_descriptors(); i++) {
1147 Name* key = GetSortedKey(i);
1148 if (key == current_key) {
1149 OFStream os(stdout);
1150 PrintDescriptors(os);
1151 return false;
1152 }
1153 current_key = key;
1154 uint32_t hash = GetSortedKey(i)->Hash();
1155 if (hash < current) {
1156 OFStream os(stdout);
1157 PrintDescriptors(os);
1158 return false;
1159 }
1160 current = hash;
1161 }
1162 return true;
1163 }
1164
1165
IsSortedNoDuplicates(int valid_entries)1166 bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
1167 DCHECK(valid_entries == -1);
1168 Name* current_key = NULL;
1169 uint32_t current = 0;
1170 for (int i = 0; i < number_of_transitions(); i++) {
1171 Name* key = GetSortedKey(i);
1172 if (key == current_key) {
1173 OFStream os(stdout);
1174 PrintTransitions(os);
1175 return false;
1176 }
1177 current_key = key;
1178 uint32_t hash = GetSortedKey(i)->Hash();
1179 if (hash < current) {
1180 OFStream os(stdout);
1181 PrintTransitions(os);
1182 return false;
1183 }
1184 current = hash;
1185 }
1186 return true;
1187 }
1188
1189
CheckOneBackPointer(Map * current_map,Object * target)1190 static bool CheckOneBackPointer(Map* current_map, Object* target) {
1191 return !target->IsMap() || Map::cast(target)->GetBackPointer() == current_map;
1192 }
1193
1194
IsConsistentWithBackPointers(Map * current_map)1195 bool TransitionArray::IsConsistentWithBackPointers(Map* current_map) {
1196 for (int i = 0; i < number_of_transitions(); ++i) {
1197 if (!CheckOneBackPointer(current_map, GetTarget(i))) return false;
1198 }
1199 return true;
1200 }
1201
1202
1203 #endif // DEBUG
1204
1205 } } // namespace v8::internal
1206