objects-debug.cc source code [v8/src/objects-debug.cc]

1	// Copyright 2012 the V8 project authors. All rights reserved.
2	// Use of this source code is governed by a BSD-style license that can be
3	// found in the LICENSE file.
4
5	#include "src/objects.h"
6
7	#include "src/assembler-inl.h"
8	#include "src/bootstrapper.h"
9	#include "src/counters.h"
10	#include "src/date.h"
11	#include "src/disasm.h"
12	#include "src/disassembler.h"
13	#include "src/elements.h"
14	#include "src/field-type.h"
15	#include "src/heap/heap-write-barrier-inl.h"
16	#include "src/ic/handler-configuration-inl.h"
17	#include "src/layout-descriptor.h"
18	#include "src/objects-inl.h"
19	#include "src/objects/allocation-site-inl.h"
20	#include "src/objects/arguments-inl.h"
21	#include "src/objects/bigint.h"
22	#include "src/objects/cell-inl.h"
23	#include "src/objects/data-handler-inl.h"
24	#include "src/objects/debug-objects-inl.h"
25	#include "src/objects/embedder-data-array-inl.h"
26	#include "src/objects/embedder-data-slot-inl.h"
27	#include "src/objects/feedback-cell-inl.h"
28	#include "src/objects/foreign-inl.h"
29	#include "src/objects/free-space-inl.h"
30	#include "src/objects/hash-table-inl.h"
31	#include "src/objects/js-array-inl.h"
32	#ifdef V8_INTL_SUPPORT
33	#include "src/objects/js-break-iterator-inl.h"
34	#include "src/objects/js-collator-inl.h"
35	#endif // V8_INTL_SUPPORT
36	#include "src/objects/js-collection-inl.h"
37	#ifdef V8_INTL_SUPPORT
38	#include "src/objects/js-date-time-format-inl.h"
39	#endif // V8_INTL_SUPPORT
40	#include "src/objects/js-generator-inl.h"
41	#ifdef V8_INTL_SUPPORT
42	#include "src/objects/js-list-format-inl.h"
43	#include "src/objects/js-locale-inl.h"
44	#include "src/objects/js-number-format-inl.h"
45	#include "src/objects/js-plural-rules-inl.h"
46	#endif // V8_INTL_SUPPORT
47	#include "src/objects/js-regexp-inl.h"
48	#include "src/objects/js-regexp-string-iterator-inl.h"
49	#ifdef V8_INTL_SUPPORT
50	#include "src/objects/js-relative-time-format-inl.h"
51	#include "src/objects/js-segment-iterator-inl.h"
52	#include "src/objects/js-segmenter-inl.h"
53	#endif // V8_INTL_SUPPORT
54	#include "src/objects/js-weak-refs-inl.h"
55	#include "src/objects/literal-objects-inl.h"
56	#include "src/objects/maybe-object.h"
57	#include "src/objects/microtask-inl.h"
58	#include "src/objects/module-inl.h"
59	#include "src/objects/oddball-inl.h"
60	#include "src/objects/promise-inl.h"
61	#include "src/objects/stack-frame-info-inl.h"
62	#include "src/objects/struct-inl.h"
63	#include "src/ostreams.h"
64	#include "src/regexp/jsregexp.h"
65	#include "src/transitions-inl.h"
66	#include "src/wasm/wasm-objects-inl.h"
67
68	namespace v8 {
69	namespace internal {
70
71	// Heap Verification Overview
72	// --------------------------
73	// - Each InstanceType has a separate XXXVerify method which checks an object's
74	// integrity in isolation.
75	// - --verify-heap will iterate over all gc spaces and call ObjectVerify() on
76	// every encountered tagged pointer.
77	// - Verification should be pushed down to the specific instance type if its
78	// integrity is independent of an outer object.
79	// - In cases where the InstanceType is too genernic (e.g. FixedArray) the
80	// XXXVerify of the outer method has to do recursive verification.
81	// - If the corresponding objects have inheritence the parent's Verify method
82	// is called as well.
83	// - For any field containing pointes VerifyPointer(...) should be called.
84	//
85	// Caveats
86	// -------
87	// - Assume that any of the verify methods is incomplete!
88	// - Some integrity checks are only partially done due to objects being in
89	// partially initialized states when a gc happens, for instance when outer
90	// objects are allocted before inner ones.
91	//
92
93	#ifdef VERIFY_HEAP
94
95	void Object::ObjectVerify(Isolate* isolate) {
96	RuntimeCallTimerScope timer(isolate, RuntimeCallCounterId::kObjectVerify);
97	if (IsSmi()) {
98	Smi::cast(*this)->SmiVerify(isolate);
99	} else {
100	HeapObject::cast(*this)->HeapObjectVerify(isolate);
101	}
102	CHECK(!IsConstructor() \|\| IsCallable());
103	}
104
105	void Object::VerifyPointer(Isolate* isolate, Object p) {
106	if (p ->IsHeapObject()) {
107	HeapObject::VerifyHeapPointer(isolate, p);
108	} else {
109	CHECK(p ->IsSmi());
110	}
111	}
112
113	void MaybeObject::VerifyMaybeObjectPointer(Isolate* isolate, MaybeObject p) {
114	HeapObject heap_object;
115	if (p ->GetHeapObject(&heap_object)) {
116	HeapObject::VerifyHeapPointer(isolate, heap_object);
117	} else {
118	CHECK(p ->IsSmi() \|\| p ->IsCleared());
119	}
120	}
121
122	namespace {
123	void VerifyForeignPointer(Isolate* isolate, HeapObject host, Object foreign) {
124	host ->VerifyPointer(isolate, foreign);
125	CHECK(foreign ->IsUndefined(isolate) \|\| Foreign::IsNormalized(foreign));
126	}
127	} // namespace
128
129	void Smi::SmiVerify(Isolate* isolate) {
130	CHECK(IsSmi());
131	CHECK(!IsCallable());
132	CHECK(!IsConstructor());
133	}
134
135	void HeapObject::HeapObjectVerify(Isolate* isolate) {
136	VerifyHeapPointer(isolate, map());
137	CHECK(map()->IsMap());
138
139	switch (map()->instance_type()) {
140	#define STRING_TYPE_CASE(TYPE, size, name, CamelName) case TYPE:
141	STRING_TYPE_LIST(STRING_TYPE_CASE)
142	#undef STRING_TYPE_CASE
143	String::cast(*this)->StringVerify(isolate);
144	break;
145	case SYMBOL_TYPE:
146	Symbol::cast(*this)->SymbolVerify(isolate);
147	break;
148	case MAP_TYPE:
149	Map::cast(*this)->MapVerify(isolate);
150	break;
151	case HEAP_NUMBER_TYPE:
152	CHECK(IsHeapNumber());
153	break;
154	case MUTABLE_HEAP_NUMBER_TYPE:
155	CHECK(IsMutableHeapNumber());
156	break;
157	case BIGINT_TYPE:
158	BigInt::cast(*this)->BigIntVerify(isolate);
159	break;
160	case CALL_HANDLER_INFO_TYPE:
161	CallHandlerInfo::cast(*this)->CallHandlerInfoVerify(isolate);
162	break;
163	case OBJECT_BOILERPLATE_DESCRIPTION_TYPE:
164	ObjectBoilerplateDescription::cast(*this)
165	->ObjectBoilerplateDescriptionVerify(isolate);
166	break;
167	case EMBEDDER_DATA_ARRAY_TYPE:
168	EmbedderDataArray::cast(*this)->EmbedderDataArrayVerify(isolate);
169	break;
170	// FixedArray types
171	case CLOSURE_FEEDBACK_CELL_ARRAY_TYPE:
172	case HASH_TABLE_TYPE:
173	case ORDERED_HASH_MAP_TYPE:
174	case ORDERED_HASH_SET_TYPE:
175	case ORDERED_NAME_DICTIONARY_TYPE:
176	case NAME_DICTIONARY_TYPE:
177	case GLOBAL_DICTIONARY_TYPE:
178	case NUMBER_DICTIONARY_TYPE:
179	case SIMPLE_NUMBER_DICTIONARY_TYPE:
180	case STRING_TABLE_TYPE:
181	case EPHEMERON_HASH_TABLE_TYPE:
182	case FIXED_ARRAY_TYPE:
183	case SCOPE_INFO_TYPE:
184	case SCRIPT_CONTEXT_TABLE_TYPE:
185	FixedArray::cast(*this)->FixedArrayVerify(isolate);
186	break;
187	case AWAIT_CONTEXT_TYPE:
188	case BLOCK_CONTEXT_TYPE:
189	case CATCH_CONTEXT_TYPE:
190	case DEBUG_EVALUATE_CONTEXT_TYPE:
191	case EVAL_CONTEXT_TYPE:
192	case FUNCTION_CONTEXT_TYPE:
193	case MODULE_CONTEXT_TYPE:
194	case SCRIPT_CONTEXT_TYPE:
195	case WITH_CONTEXT_TYPE:
196	Context::cast(*this)->ContextVerify(isolate);
197	break;
198	case NATIVE_CONTEXT_TYPE:
199	NativeContext::cast(*this)->NativeContextVerify(isolate);
200	break;
201	case WEAK_FIXED_ARRAY_TYPE:
202	WeakFixedArray::cast(*this)->WeakFixedArrayVerify(isolate);
203	break;
204	case WEAK_ARRAY_LIST_TYPE:
205	WeakArrayList::cast(*this)->WeakArrayListVerify(isolate);
206	break;
207	case FIXED_DOUBLE_ARRAY_TYPE:
208	FixedDoubleArray::cast(*this)->FixedDoubleArrayVerify(isolate);
209	break;
210	case FEEDBACK_METADATA_TYPE:
211	FeedbackMetadata::cast(*this)->FeedbackMetadataVerify(isolate);
212	break;
213	case BYTE_ARRAY_TYPE:
214	ByteArray::cast(*this)->ByteArrayVerify(isolate);
215	break;
216	case BYTECODE_ARRAY_TYPE:
217	BytecodeArray::cast(*this)->BytecodeArrayVerify(isolate);
218	break;
219	case DESCRIPTOR_ARRAY_TYPE:
220	DescriptorArray::cast(*this)->DescriptorArrayVerify(isolate);
221	break;
222	case TRANSITION_ARRAY_TYPE:
223	TransitionArray::cast(*this)->TransitionArrayVerify(isolate);
224	break;
225	case PROPERTY_ARRAY_TYPE:
226	PropertyArray::cast(*this)->PropertyArrayVerify(isolate);
227	break;
228	case FREE_SPACE_TYPE:
229	FreeSpace::cast(*this)->FreeSpaceVerify(isolate);
230	break;
231	case FEEDBACK_CELL_TYPE:
232	FeedbackCell::cast(*this)->FeedbackCellVerify(isolate);
233	break;
234	case FEEDBACK_VECTOR_TYPE:
235	FeedbackVector::cast(*this)->FeedbackVectorVerify(isolate);
236	break;
237
238	#define VERIFY_TYPED_ARRAY(Type, type, TYPE, ctype) \
239	case FIXED_##TYPE##_ARRAY_TYPE: \
240	Fixed##Type##Array::cast(*this)->FixedTypedArrayVerify(isolate); \
241	break;
242
243	TYPED_ARRAYS(VERIFY_TYPED_ARRAY)
244	#undef VERIFY_TYPED_ARRAY
245
246	case CODE_TYPE:
247	Code::cast(*this)->CodeVerify(isolate);
248	break;
249	case ODDBALL_TYPE:
250	Oddball::cast(*this)->OddballVerify(isolate);
251	break;
252	case JS_OBJECT_TYPE:
253	case JS_ERROR_TYPE:
254	case JS_API_OBJECT_TYPE:
255	case JS_SPECIAL_API_OBJECT_TYPE:
256	case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
257	case WASM_EXCEPTION_TYPE:
258	case WASM_GLOBAL_TYPE:
259	case WASM_MEMORY_TYPE:
260	case WASM_TABLE_TYPE:
261	JSObject::cast(*this)->JSObjectVerify(isolate);
262	break;
263	case WASM_MODULE_TYPE:
264	WasmModuleObject::cast(*this)->WasmModuleObjectVerify(isolate);
265	break;
266	case WASM_INSTANCE_TYPE:
267	WasmInstanceObject::cast(*this)->WasmInstanceObjectVerify(isolate);
268	break;
269	case JS_ARGUMENTS_TYPE:
270	JSArgumentsObject::cast(*this)->JSArgumentsObjectVerify(isolate);
271	break;
272	case JS_GENERATOR_OBJECT_TYPE:
273	JSGeneratorObject::cast(*this)->JSGeneratorObjectVerify(isolate);
274	break;
275	case JS_ASYNC_FUNCTION_OBJECT_TYPE:
276	JSAsyncFunctionObject::cast(*this)->JSAsyncFunctionObjectVerify(isolate);
277	break;
278	case JS_ASYNC_GENERATOR_OBJECT_TYPE:
279	JSAsyncGeneratorObject::cast(*this)->JSAsyncGeneratorObjectVerify(
280	isolate);
281	break;
282	case JS_VALUE_TYPE:
283	JSValue::cast(*this)->JSValueVerify(isolate);
284	break;
285	case JS_DATE_TYPE:
286	JSDate::cast(*this)->JSDateVerify(isolate);
287	break;
288	case JS_BOUND_FUNCTION_TYPE:
289	JSBoundFunction::cast(*this)->JSBoundFunctionVerify(isolate);
290	break;
291	case JS_FUNCTION_TYPE:
292	JSFunction::cast(*this)->JSFunctionVerify(isolate);
293	break;
294	case JS_GLOBAL_PROXY_TYPE:
295	JSGlobalProxy::cast(*this)->JSGlobalProxyVerify(isolate);
296	break;
297	case JS_GLOBAL_OBJECT_TYPE:
298	JSGlobalObject::cast(*this)->JSGlobalObjectVerify(isolate);
299	break;
300	case CELL_TYPE:
301	Cell::cast(*this)->CellVerify(isolate);
302	break;
303	case PROPERTY_CELL_TYPE:
304	PropertyCell::cast(*this)->PropertyCellVerify(isolate);
305	break;
306	case JS_ARRAY_TYPE:
307	JSArray::cast(*this)->JSArrayVerify(isolate);
308	break;
309	case JS_MODULE_NAMESPACE_TYPE:
310	JSModuleNamespace::cast(*this)->JSModuleNamespaceVerify(isolate);
311	break;
312	case JS_SET_TYPE:
313	JSSet::cast(*this)->JSSetVerify(isolate);
314	break;
315	case JS_MAP_TYPE:
316	JSMap::cast(*this)->JSMapVerify(isolate);
317	break;
318	case JS_SET_KEY_VALUE_ITERATOR_TYPE:
319	case JS_SET_VALUE_ITERATOR_TYPE:
320	JSSetIterator::cast(*this)->JSSetIteratorVerify(isolate);
321	break;
322	case JS_MAP_KEY_ITERATOR_TYPE:
323	case JS_MAP_KEY_VALUE_ITERATOR_TYPE:
324	case JS_MAP_VALUE_ITERATOR_TYPE:
325	JSMapIterator::cast(*this)->JSMapIteratorVerify(isolate);
326	break;
327	case JS_ARRAY_ITERATOR_TYPE:
328	JSArrayIterator::cast(*this)->JSArrayIteratorVerify(isolate);
329	break;
330	case JS_STRING_ITERATOR_TYPE:
331	JSStringIterator::cast(*this)->JSStringIteratorVerify(isolate);
332	break;
333	case JS_ASYNC_FROM_SYNC_ITERATOR_TYPE:
334	JSAsyncFromSyncIterator::cast(*this)->JSAsyncFromSyncIteratorVerify(
335	isolate);
336	break;
337	case WEAK_CELL_TYPE:
338	WeakCell::cast(*this)->WeakCellVerify(isolate);
339	break;
340	case JS_WEAK_REF_TYPE:
341	JSWeakRef::cast(*this)->JSWeakRefVerify(isolate);
342	break;
343	case JS_FINALIZATION_GROUP_TYPE:
344	JSFinalizationGroup::cast(*this)->JSFinalizationGroupVerify(isolate);
345	break;
346	case JS_FINALIZATION_GROUP_CLEANUP_ITERATOR_TYPE:
347	JSFinalizationGroupCleanupIterator::cast(*this)
348	->JSFinalizationGroupCleanupIteratorVerify(isolate);
349	break;
350	case JS_WEAK_MAP_TYPE:
351	JSWeakMap::cast(*this)->JSWeakMapVerify(isolate);
352	break;
353	case JS_WEAK_SET_TYPE:
354	JSWeakSet::cast(*this)->JSWeakSetVerify(isolate);
355	break;
356	case JS_PROMISE_TYPE:
357	JSPromise::cast(*this)->JSPromiseVerify(isolate);
358	break;
359	case JS_REGEXP_TYPE:
360	JSRegExp::cast(*this)->JSRegExpVerify(isolate);
361	break;
362	case JS_REGEXP_STRING_ITERATOR_TYPE:
363	JSRegExpStringIterator::cast(*this)->JSRegExpStringIteratorVerify(
364	isolate);
365	break;
366	case FILLER_TYPE:
367	break;
368	case JS_PROXY_TYPE:
369	JSProxy::cast(*this)->JSProxyVerify(isolate);
370	break;
371	case FOREIGN_TYPE:
372	Foreign::cast(*this)->ForeignVerify(isolate);
373	break;
374	case PREPARSE_DATA_TYPE:
375	PreparseData::cast(*this)->PreparseDataVerify(isolate);
376	break;
377	case UNCOMPILED_DATA_WITHOUT_PREPARSE_DATA_TYPE:
378	UncompiledDataWithoutPreparseData::cast(*this)
379	->UncompiledDataWithoutPreparseDataVerify(isolate);
380	break;
381	case UNCOMPILED_DATA_WITH_PREPARSE_DATA_TYPE:
382	UncompiledDataWithPreparseData::cast(*this)
383	->UncompiledDataWithPreparseDataVerify(isolate);
384	break;
385	case SHARED_FUNCTION_INFO_TYPE:
386	SharedFunctionInfo::cast(*this)->SharedFunctionInfoVerify(isolate);
387	break;
388	case JS_MESSAGE_OBJECT_TYPE:
389	JSMessageObject::cast(*this)->JSMessageObjectVerify(isolate);
390	break;
391	case JS_ARRAY_BUFFER_TYPE:
392	JSArrayBuffer::cast(*this)->JSArrayBufferVerify(isolate);
393	break;
394	case JS_TYPED_ARRAY_TYPE:
395	JSTypedArray::cast(*this)->JSTypedArrayVerify(isolate);
396	break;
397	case JS_DATA_VIEW_TYPE:
398	JSDataView::cast(*this)->JSDataViewVerify(isolate);
399	break;
400	case SMALL_ORDERED_HASH_SET_TYPE:
401	SmallOrderedHashSet::cast(*this)->SmallOrderedHashSetVerify(isolate);
402	break;
403	case SMALL_ORDERED_HASH_MAP_TYPE:
404	SmallOrderedHashMap::cast(*this)->SmallOrderedHashMapVerify(isolate);
405	break;
406	case SMALL_ORDERED_NAME_DICTIONARY_TYPE:
407	SmallOrderedNameDictionary::cast(*this)->SmallOrderedNameDictionaryVerify(
408	isolate);
409	break;
410	case CODE_DATA_CONTAINER_TYPE:
411	CodeDataContainer::cast(*this)->CodeDataContainerVerify(isolate);
412	break;
413	#ifdef V8_INTL_SUPPORT
414	case JS_INTL_V8_BREAK_ITERATOR_TYPE:
415	JSV8BreakIterator::cast(*this)->JSV8BreakIteratorVerify(isolate);
416	break;
417	case JS_INTL_COLLATOR_TYPE:
418	JSCollator::cast(*this)->JSCollatorVerify(isolate);
419	break;
420	case JS_INTL_DATE_TIME_FORMAT_TYPE:
421	JSDateTimeFormat::cast(*this)->JSDateTimeFormatVerify(isolate);
422	break;
423	case JS_INTL_LIST_FORMAT_TYPE:
424	JSListFormat::cast(*this)->JSListFormatVerify(isolate);
425	break;
426	case JS_INTL_LOCALE_TYPE:
427	JSLocale::cast(*this)->JSLocaleVerify(isolate);
428	break;
429	case JS_INTL_NUMBER_FORMAT_TYPE:
430	JSNumberFormat::cast(*this)->JSNumberFormatVerify(isolate);
431	break;
432	case JS_INTL_PLURAL_RULES_TYPE:
433	JSPluralRules::cast(*this)->JSPluralRulesVerify(isolate);
434	break;
435	case JS_INTL_RELATIVE_TIME_FORMAT_TYPE:
436	JSRelativeTimeFormat::cast(*this)->JSRelativeTimeFormatVerify(isolate);
437	break;
438	case JS_INTL_SEGMENT_ITERATOR_TYPE:
439	JSSegmentIterator::cast(*this)->JSSegmentIteratorVerify(isolate);
440	break;
441	case JS_INTL_SEGMENTER_TYPE:
442	JSSegmenter::cast(*this)->JSSegmenterVerify(isolate);
443	break;
444	#endif // V8_INTL_SUPPORT
445
446	#define MAKE_STRUCT_CASE(TYPE, Name, name) \
447	case TYPE: \
448	Name::cast(*this)->Name##Verify(isolate); \
449	break;
450	STRUCT_LIST(MAKE_STRUCT_CASE)
451	#undef MAKE_STRUCT_CASE
452
453	case ALLOCATION_SITE_TYPE:
454	AllocationSite::cast(*this)->AllocationSiteVerify(isolate);
455	break;
456
457	case LOAD_HANDLER_TYPE:
458	LoadHandler::cast(*this)->LoadHandlerVerify(isolate);
459	break;
460
461	case STORE_HANDLER_TYPE:
462	StoreHandler::cast(*this)->StoreHandlerVerify(isolate);
463	break;
464	}
465	}
466
467	// static
468	void HeapObject::VerifyHeapPointer(Isolate* isolate, Object p) {
469	CHECK(p ->IsHeapObject());
470	HeapObject ho = HeapObject::cast(p);
471	CHECK(isolate->heap()->Contains(ho));
472	}
473
474	void Symbol::SymbolVerify(Isolate* isolate) {
475	CHECK(IsSymbol());
476	CHECK(HasHashCode());
477	CHECK_GT(Hash(), `0`);
478	CHECK(name()->IsUndefined(isolate) \|\| name()->IsString());
479	CHECK_IMPLIES(IsPrivateName(), IsPrivate());
480	}
481
482	void ByteArray::ByteArrayVerify(Isolate* isolate) { CHECK(IsByteArray()); }
483
484	void BytecodeArray::BytecodeArrayVerify(Isolate* isolate) {
485	// TODO(oth): Walk bytecodes and immediate values to validate sanity.
486	// - All bytecodes are known and well formed.
487	// - Jumps must go to new instructions starts.
488	// - No Illegal bytecodes.
489	// - No consecutive sequences of prefix Wide / ExtraWide.
490	CHECK(IsBytecodeArray());
491	CHECK(constant_pool()->IsFixedArray());
492	VerifyHeapPointer(isolate, constant_pool());
493	}
494
495	void FreeSpace::FreeSpaceVerify(Isolate* isolate) {
496	CHECK(IsFreeSpace());
497	VerifySmiField(kSizeOffset);
498	}
499
500	void FeedbackCell::FeedbackCellVerify(Isolate* isolate) {
501	CHECK(IsFeedbackCell());
502
503	VerifyHeapPointer(isolate, value());
504	CHECK(value()->IsUndefined(isolate) \|\| value()->IsFeedbackVector() \|\|
505	value()->IsFixedArray());
506	}
507
508	void FeedbackVector::FeedbackVectorVerify(Isolate* isolate) {
509	CHECK(IsFeedbackVector());
510	CHECK(closure_feedback_cell_array()->IsFixedArray());
511	MaybeObject code = optimized_code_weak_or_smi();
512	MaybeObject::VerifyMaybeObjectPointer(isolate, code);
513	CHECK(code ->IsSmi() \|\| code ->IsWeakOrCleared());
514	}
515
516	template <class Traits>
517	void FixedTypedArray<Traits>::FixedTypedArrayVerify(Isolate* isolate) {
518	CHECK(IsHeapObject() && map()->instance_type() == Traits::kInstanceType);
519	if (base_pointer()->ptr() == ptr()) {
520	CHECK_EQ(reinterpret_cast<Address>(external_pointer()),
521	FixedTypedArrayBase::kDataOffset - kHeapObjectTag);
522	} else {
523	CHECK_EQ(Smi::kZero, base_pointer());
524	CHECK_EQ(`0`, length());
525	}
526	}
527
528	bool JSObject::ElementsAreSafeToExamine() const {
529	// If a GC was caused while constructing this object, the elements
530	// pointer may point to a one pointer filler map.
531	return elements() != GetReadOnlyRoots().one_pointer_filler_map();
532	}
533
534	namespace {
535	void VerifyJSObjectElements(Isolate* isolate, JSObject object) {
536	// Only TypedArrays can have these specialized elements.
537	if (object ->IsJSTypedArray()) {
538	// TODO(cbruni): Fix CreateTypedArray to either not instantiate the object
539	// or propertly initialize it on errors during construction.
540	/ CHECK(object->HasFixedTypedArrayElements()); /
541	/ CHECK(object->elements()->IsFixedTypedArrayBase()); /
542	return;
543	}
544	CHECK(!object ->HasFixedTypedArrayElements());
545	CHECK(!object ->elements()->IsFixedTypedArrayBase());
546
547	if (object ->HasDoubleElements()) {
548	if (object ->elements()->length() > `0`) {
549	CHECK(object ->elements()->IsFixedDoubleArray());
550	}
551	return;
552	}
553
554	FixedArray elements = FixedArray::cast(object ->elements());
555	if (object ->HasSmiElements()) {
556	// We might have a partially initialized backing store, in which case we
557	// allow the hole + smi values.
558	for (int i = `0`; i < elements ->length(); i++) {
559	Object value = elements ->get(i);
560	CHECK(value ->IsSmi() \|\| value ->IsTheHole(isolate));
561	}
562	} else if (object ->HasObjectElements()) {
563	for (int i = `0`; i < elements ->length(); i++) {
564	Object element = elements ->get(i);
565	CHECK_IMPLIES(!element ->IsSmi(), !HasWeakHeapObjectTag(element));
566	}
567	}
568	}
569	} // namespace
570
571	void JSObject::JSObjectVerify(Isolate* isolate) {
572	VerifyPointer(isolate, raw_properties_or_hash());
573	VerifyHeapPointer(isolate, elements());
574
575	CHECK_IMPLIES(HasSloppyArgumentsElements(), IsJSArgumentsObject());
576	if (HasFastProperties()) {
577	int actual_unused_property_fields = map()->GetInObjectProperties() +
578	property_array()->length() -
579	map()->NextFreePropertyIndex();
580	if (map()->UnusedPropertyFields() != actual_unused_property_fields) {
581	// There are two reasons why this can happen:
582	// - in the middle of StoreTransitionStub when the new extended backing
583	// store is already set into the object and the allocation of the
584	// MutableHeapNumber triggers GC while the map isn't updated yet.
585	// - deletion of the last property can leave additional backing store
586	// capacity behind.
587	CHECK_GT(actual_unused_property_fields, map()->UnusedPropertyFields());
588	int delta = actual_unused_property_fields - map()->UnusedPropertyFields();
589	CHECK_EQ(`0`, delta % JSObject::kFieldsAdded);
590	}
591	DescriptorArray descriptors = map()->instance_descriptors();
592	bool is_transitionable_fast_elements_kind =
593	IsTransitionableFastElementsKind(map()->elements_kind());
594
595	for (int i = `0`; i < map()->NumberOfOwnDescriptors(); i++) {
596	PropertyDetails details = descriptors ->GetDetails(i);
597	if (details.location() == kField) {
598	DCHECK_EQ(kData, details.kind());
599	Representation r = details.representation();
600	FieldIndex index = FieldIndex::ForDescriptor(map(), i);
601	if (IsUnboxedDoubleField(index)) {
602	DCHECK(r.IsDouble());
603	continue;
604	}
605	if (COMPRESS_POINTERS_BOOL && index.is_inobject()) {
606	VerifyObjectField(isolate, index.offset());
607	}
608	Object value = RawFastPropertyAt(index);
609	if (r.IsDouble()) DCHECK(value ->IsMutableHeapNumber());
610	if (value ->IsUninitialized(isolate)) continue;
611	if (r.IsSmi()) DCHECK(value ->IsSmi());
612	if (r.IsHeapObject()) DCHECK(value ->IsHeapObject());
613	FieldType field_type = descriptors ->GetFieldType(i);
614	bool type_is_none = field_type ->IsNone();
615	bool type_is_any = field_type ->IsAny();
616	if (r.IsNone()) {
617	CHECK(type_is_none);
618	} else if (!type_is_any && !(type_is_none && r.IsHeapObject())) {
619	CHECK(!field_type ->NowStable() \|\| field_type ->NowContains(value));
620	}
621	CHECK_IMPLIES(is_transitionable_fast_elements_kind,
622	Map::IsMostGeneralFieldType(r, field_type));
623	}
624	}
625
626	if (map()->EnumLength() != kInvalidEnumCacheSentinel) {
627	EnumCache enum_cache = descriptors ->enum_cache();
628	FixedArray keys = enum_cache ->keys();
629	FixedArray indices = enum_cache ->indices();
630	CHECK_LE(map()->EnumLength(), keys ->length());
631	CHECK_IMPLIES(indices != ReadOnlyRoots (isolate).empty_fixed_array(),
632	keys ->length() == indices ->length());
633	}
634	}
635
636	// If a GC was caused while constructing this object, the elements
637	// pointer may point to a one pointer filler map.
638	if (ElementsAreSafeToExamine()) {
639	CHECK_EQ((map()->has_fast_smi_or_object_elements() \|\|
640	map()->is_frozen_or_sealed_elements() \|\|
641	(elements() == GetReadOnlyRoots().empty_fixed_array()) \|\|
642	HasFastStringWrapperElements()),
643	(elements()->map() == GetReadOnlyRoots().fixed_array_map() \|\|
644	elements()->map() == GetReadOnlyRoots().fixed_cow_array_map()));
645	CHECK_EQ(map()->has_fast_object_elements(), HasObjectElements());
646	VerifyJSObjectElements(isolate, *this);
647	}
648	}
649
650	void Map::MapVerify(Isolate* isolate) {
651	Heap* heap = isolate->heap();
652	CHECK(!ObjectInYoungGeneration(*this));
653	CHECK(FIRST_TYPE <= instance_type() && instance_type() <= LAST_TYPE);
654	CHECK(instance_size() == kVariableSizeSentinel \|\|
655	(kTaggedSize <= instance_size() &&
656	static_cast<size_t>(instance_size()) < heap->Capacity()));
657	CHECK(GetBackPointer()->IsUndefined(isolate) \|\|
658	!Map::cast(GetBackPointer())->is_stable());
659	HeapObject::VerifyHeapPointer(isolate, prototype());
660	HeapObject::VerifyHeapPointer(isolate, instance_descriptors());
661	SLOW_DCHECK(instance_descriptors()->IsSortedNoDuplicates());
662	DisallowHeapAllocation no_gc;
663	SLOW_DCHECK(
664	TransitionsAccessor (isolate, *this, &no_gc).IsSortedNoDuplicates());
665	SLOW_DCHECK(TransitionsAccessor (isolate, *this, &no_gc)
666	.IsConsistentWithBackPointers());
667	SLOW_DCHECK(!FLAG_unbox_double_fields \|\|
668	layout_descriptor()->IsConsistentWithMap(*this));
669	if (!may_have_interesting_symbols()) {
670	CHECK(!has_named_interceptor());
671	CHECK(!is_dictionary_map());
672	CHECK(!is_access_check_needed());
673	DescriptorArray const descriptors = instance_descriptors();
674	for (int i = `0`; i < NumberOfOwnDescriptors(); ++i) {
675	CHECK(!descriptors ->GetKey(i)->IsInterestingSymbol());
676	}
677	}
678	CHECK_IMPLIES(has_named_interceptor(), may_have_interesting_symbols());
679	CHECK_IMPLIES(is_dictionary_map(), may_have_interesting_symbols());
680	CHECK_IMPLIES(is_access_check_needed(), may_have_interesting_symbols());
681	CHECK_IMPLIES(IsJSObjectMap() && !CanHaveFastTransitionableElementsKind(),
682	IsDictionaryElementsKind(elements_kind()) \|\|
683	IsTerminalElementsKind(elements_kind()));
684	CHECK_IMPLIES(is_deprecated(), !is_stable());
685	if (is_prototype_map()) {
686	DCHECK(prototype_info() == Smi::kZero \|\|
687	prototype_info()->IsPrototypeInfo());
688	}
689	CHECK(prototype_validity_cell()->IsSmi() \|\|
690	prototype_validity_cell()->IsCell());
691	}
692
693	void Map::DictionaryMapVerify(Isolate* isolate) {
694	MapVerify(isolate);
695	CHECK(is_dictionary_map());
696	CHECK_EQ(kInvalidEnumCacheSentinel, EnumLength());
697	CHECK_EQ(ReadOnlyRoots (isolate).empty_descriptor_array(),
698	instance_descriptors());
699	CHECK_EQ(`0`, UnusedPropertyFields());
700	CHECK_EQ(Map::GetVisitorId(*this), visitor_id());
701	}
702
703	void AliasedArgumentsEntry::AliasedArgumentsEntryVerify(Isolate* isolate) {
704	VerifySmiField(kAliasedContextSlotOffset);
705	}
706
707	void EmbedderDataArray::EmbedderDataArrayVerify(Isolate* isolate) {
708	EmbedderDataSlot start(*this, `0`);
709	EmbedderDataSlot end(*this, length());
710	for (EmbedderDataSlot slot = start; slot < end; ++slot) {
711	Object e = slot.load_tagged();
712	Object::VerifyPointer(isolate, e);
713	}
714	VerifySmiField(kLengthOffset);
715	}
716
717	void FixedArray::FixedArrayVerify(Isolate* isolate) {
718	for (int i = `0`; i < length(); i++) {
719	Object e = get(i);
720	VerifyPointer(isolate, e);
721	}
722	}
723
724	void WeakFixedArray::WeakFixedArrayVerify(Isolate* isolate) {
725	for (int i = `0`; i < length(); i++) {
726	MaybeObject::VerifyMaybeObjectPointer(isolate, Get(i));
727	}
728	}
729
730	void WeakArrayList::WeakArrayListVerify(Isolate* isolate) {
731	for (int i = `0`; i < length(); i++) {
732	MaybeObject::VerifyMaybeObjectPointer(isolate, Get(i));
733	}
734	}
735
736	void PropertyArray::PropertyArrayVerify(Isolate* isolate) {
737	if (length() == `0`) {
738	CHECK_EQ(*this, ReadOnlyRoots (isolate).empty_property_array());
739	return;
740	}
741	// There are no empty PropertyArrays.
742	CHECK_LT(`0`, length());
743	for (int i = `0`; i < length(); i++) {
744	Object e = get(i);
745	Object::VerifyPointer(isolate, e);
746	}
747	VerifySmiField(kLengthAndHashOffset);
748	}
749
750	void FixedDoubleArray::FixedDoubleArrayVerify(Isolate* isolate) {
751	for (int i = `0`; i < length(); i++) {
752	if (!is_the_hole(i)) {
753	uint64_t value = get_representation(i);
754	uint64_t unexpected =
755	bit_cast<uint64_t>(std::numeric_limits<double>::quiet_NaN()) &
756	uint64_t{`0x7FF8000000000000`};
757	// Create implementation specific sNaN by inverting relevant bit.
758	unexpected ^= uint64_t{`0x0008000000000000`};
759	CHECK((value & uint64_t{`0x7FF8000000000000`}) != unexpected \|\|
760	(value & uint64_t{`0x0007FFFFFFFFFFFF`}) == uint64_t{`0`});
761	}
762	}
763	}
764
765	void Context::ContextVerify(Isolate* isolate) {
766	VerifySmiField(kLengthOffset);
767	VerifyObjectField(isolate, kScopeInfoOffset);
768	VerifyObjectField(isolate, kPreviousOffset);
769	VerifyObjectField(isolate, kExtensionOffset);
770	VerifyObjectField(isolate, kNativeContextOffset);
771	for (int i = `0`; i < length(); i++) {
772	VerifyObjectField(isolate, OffsetOfElementAt(i));
773	}
774	}
775
776	void NativeContext::NativeContextVerify(Isolate* isolate) {
777	ContextVerify(isolate);
778	CHECK_EQ(length(), NativeContext::NATIVE_CONTEXT_SLOTS);
779	CHECK_EQ(kSize, map()->instance_size());
780	}
781
782	void FeedbackMetadata::FeedbackMetadataVerify(Isolate* isolate) {
783	if (slot_count() == `0` && closure_feedback_cell_count() == `0`) {
784	CHECK_EQ(ReadOnlyRoots (isolate).empty_feedback_metadata(), *this);
785	} else {
786	FeedbackMetadataIterator iter(*this);
787	while (iter.HasNext()) {
788	iter.Next();
789	FeedbackSlotKind kind = iter.kind();
790	CHECK_NE(FeedbackSlotKind::kInvalid, kind);
791	CHECK_GT(FeedbackSlotKind::kKindsNumber, kind);
792	}
793	}
794	}
795
796	void DescriptorArray::DescriptorArrayVerify(Isolate* isolate) {
797	for (int i = `0`; i < number_of_all_descriptors(); i++) {
798	MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToKeyIndex(i)));
799	MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToDetailsIndex(i)));
800	MaybeObject::VerifyMaybeObjectPointer(isolate, get(ToValueIndex(i)));
801	}
802	if (number_of_all_descriptors() == `0`) {
803	Heap* heap = isolate->heap();
804	CHECK_EQ(ReadOnlyRoots (heap).empty_descriptor_array(), *this);
805	CHECK_EQ(`0`, number_of_all_descriptors());
806	CHECK_EQ(`0`, number_of_descriptors());
807	CHECK_EQ(ReadOnlyRoots (heap).empty_enum_cache(), enum_cache());
808	} else {
809	CHECK_LT(`0`, number_of_all_descriptors());
810	CHECK_LE(number_of_descriptors(), number_of_all_descriptors());
811
812	// Check that properties with private symbols names are non-enumerable.
813	for (int descriptor = `0`; descriptor < number_of_descriptors();
814	descriptor++) {
815	Object key = get(ToKeyIndex(descriptor))->cast<Object>();
816	// number_of_descriptors() may be out of sync with the actual descriptors
817	// written during descriptor array construction.
818	if (key ->IsUndefined(isolate)) continue;
819	PropertyDetails details = GetDetails(descriptor);
820	if (Name::cast(key)->IsPrivate()) {
821	CHECK_NE(details.attributes() & DONT_ENUM, `0`);
822	}
823	MaybeObject value = get(ToValueIndex(descriptor));
824	HeapObject heap_object;
825	if (details.location() == kField) {
826	CHECK(
827	value == MaybeObject::FromObject(FieldType::None()) \|\|
828	value == MaybeObject::FromObject(FieldType::Any()) \|\|
829	value ->IsCleared() \|\|
830	(value ->GetHeapObjectIfWeak(&heap_object) && heap_object ->IsMap()));
831	} else {
832	CHECK(!value ->IsWeakOrCleared());
833	CHECK(!value ->cast<Object>()->IsMap());
834	}
835	}
836	}
837	}
838
839	void TransitionArray::TransitionArrayVerify(Isolate* isolate) {
840	WeakFixedArrayVerify(isolate);
841	CHECK_LE(LengthFor(number_of_transitions()), length());
842	}
843
844	void JSArgumentsObject::JSArgumentsObjectVerify(Isolate* isolate) {
845	if (IsSloppyArgumentsElementsKind(GetElementsKind())) {
846	SloppyArgumentsElements::cast(elements())
847	->SloppyArgumentsElementsVerify(isolate, *this);
848	}
849	if (isolate->IsInAnyContext(map(), Context::SLOPPY_ARGUMENTS_MAP_INDEX) \|\|
850	isolate->IsInAnyContext(map(),
851	Context::SLOW_ALIASED_ARGUMENTS_MAP_INDEX) \|\|
852	isolate->IsInAnyContext(map(),
853	Context::FAST_ALIASED_ARGUMENTS_MAP_INDEX)) {
854	VerifyObjectField(isolate, JSSloppyArgumentsObject::kLengthOffset);
855	VerifyObjectField(isolate, JSSloppyArgumentsObject::kCalleeOffset);
856	} else if (isolate->IsInAnyContext(map(),
857	Context::STRICT_ARGUMENTS_MAP_INDEX)) {
858	VerifyObjectField(isolate, JSStrictArgumentsObject::kLengthOffset);
859	}
860	JSObjectVerify(isolate);
861	}
862
863	void SloppyArgumentsElements::SloppyArgumentsElementsVerify(Isolate* isolate,
864	JSObject holder) {
865	FixedArrayVerify(isolate);
866	// Abort verification if only partially initialized (can't use arguments()
867	// getter because it does FixedArray::cast()).
868	if (get(kArgumentsIndex)->IsUndefined(isolate)) return;
869
870	ElementsKind kind = holder ->GetElementsKind();
871	bool is_fast = kind == FAST_SLOPPY_ARGUMENTS_ELEMENTS;
872	CHECK(IsFixedArray());
873	CHECK_GE(length(), `2`);
874	CHECK_EQ(map(), ReadOnlyRoots (isolate).sloppy_arguments_elements_map());
875	Context context_object = context();
876	FixedArray arg_elements = FixedArray::cast(arguments());
877	if (arg_elements ->length() == `0`) {
878	CHECK(arg_elements == ReadOnlyRoots (isolate).empty_fixed_array());
879	return;
880	}
881	ElementsAccessor* accessor;
882	if (is_fast) {
883	accessor = ElementsAccessor::ForKind(HOLEY_ELEMENTS);
884	} else {
885	accessor = ElementsAccessor::ForKind(DICTIONARY_ELEMENTS);
886	}
887	int nofMappedParameters = `0`;
888	int maxMappedIndex = `0`;
889	for (int i = `0`; i < nofMappedParameters; i++) {
890	// Verify that each context-mapped argument is either the hole or a valid
891	// Smi within context length range.
892	Object mapped = get_mapped_entry(i);
893	if (mapped ->IsTheHole(isolate)) {
894	// Slow sloppy arguments can be holey.
895	if (!is_fast) continue;
896	// Fast sloppy arguments elements are never holey. Either the element is
897	// context-mapped or present in the arguments elements.
898	CHECK(accessor->HasElement(holder, i, arg_elements));
899	continue;
900	}
901	int mappedIndex = Smi::ToInt(mapped);
902	nofMappedParameters++;
903	CHECK_LE(maxMappedIndex, mappedIndex);
904	maxMappedIndex = mappedIndex;
905	Object value = context_object ->get(mappedIndex);
906	CHECK(value ->IsObject());
907	// None of the context-mapped entries should exist in the arguments
908	// elements.
909	CHECK(!accessor->HasElement(holder, i, arg_elements));
910	}
911	CHECK_LE(nofMappedParameters, context_object ->length());
912	CHECK_LE(nofMappedParameters, arg_elements ->length());
913	CHECK_LE(maxMappedIndex, context_object ->length());
914	CHECK_LE(maxMappedIndex, arg_elements ->length());
915	}
916
917	void JSGeneratorObject::JSGeneratorObjectVerify(Isolate* isolate) {
918	// In an expression like "new g()", there can be a point where a generator
919	// object is allocated but its fields are all undefined, as it hasn't yet been
920	// initialized by the generator. Hence these weak checks.
921	VerifyObjectField(isolate, kFunctionOffset);
922	VerifyObjectField(isolate, kContextOffset);
923	VerifyObjectField(isolate, kReceiverOffset);
924	VerifyObjectField(isolate, kParametersAndRegistersOffset);
925	VerifyObjectField(isolate, kContinuationOffset);
926	}
927
928	void JSAsyncFunctionObject::JSAsyncFunctionObjectVerify(Isolate* isolate) {
929	// Check inherited fields
930	JSGeneratorObjectVerify(isolate);
931	VerifyObjectField(isolate, kPromiseOffset);
932	promise()->HeapObjectVerify(isolate);
933	}
934
935	void JSAsyncGeneratorObject::JSAsyncGeneratorObjectVerify(Isolate* isolate) {
936	// Check inherited fields
937	JSGeneratorObjectVerify(isolate);
938	VerifyObjectField(isolate, kQueueOffset);
939	queue()->HeapObjectVerify(isolate);
940	}
941
942	void JSValue::JSValueVerify(Isolate* isolate) {
943	Object v = value();
944	if (v ->IsHeapObject()) {
945	VerifyHeapPointer(isolate, v);
946	}
947	}
948
949	void JSDate::JSDateVerify(Isolate* isolate) {
950	if (value()->IsHeapObject()) {
951	VerifyHeapPointer(isolate, value());
952	}
953	CHECK(value()->IsUndefined(isolate) \|\| value()->IsSmi() \|\|
954	value()->IsHeapNumber());
955	CHECK(year()->IsUndefined(isolate) \|\| year()->IsSmi() \|\| year()->IsNaN());
956	CHECK(month()->IsUndefined(isolate) \|\| month()->IsSmi() \|\| month()->IsNaN());
957	CHECK(day()->IsUndefined(isolate) \|\| day()->IsSmi() \|\| day()->IsNaN());
958	CHECK(weekday()->IsUndefined(isolate) \|\| weekday()->IsSmi() \|\|
959	weekday()->IsNaN());
960	CHECK(hour()->IsUndefined(isolate) \|\| hour()->IsSmi() \|\| hour()->IsNaN());
961	CHECK(min()->IsUndefined(isolate) \|\| min()->IsSmi() \|\| min()->IsNaN());
962	CHECK(sec()->IsUndefined(isolate) \|\| sec()->IsSmi() \|\| sec()->IsNaN());
963	CHECK(cache_stamp()->IsUndefined(isolate) \|\| cache_stamp()->IsSmi() \|\|
964	cache_stamp()->IsNaN());
965
966	if (month()->IsSmi()) {
967	int month = Smi::ToInt(this->month());
968	CHECK(`0` <= month && month <= `11`);
969	}
970	if (day()->IsSmi()) {
971	int day = Smi::ToInt(this->day());
972	CHECK(`1` <= day && day <= `31`);
973	}
974	if (hour()->IsSmi()) {
975	int hour = Smi::ToInt(this->hour());
976	CHECK(`0` <= hour && hour <= `23`);
977	}
978	if (min()->IsSmi()) {
979	int min = Smi::ToInt(this->min());
980	CHECK(`0` <= min && min <= `59`);
981	}
982	if (sec()->IsSmi()) {
983	int sec = Smi::ToInt(this->sec());
984	CHECK(`0` <= sec && sec <= `59`);
985	}
986	if (weekday()->IsSmi()) {
987	int weekday = Smi::ToInt(this->weekday());
988	CHECK(`0` <= weekday && weekday <= `6`);
989	}
990	if (cache_stamp()->IsSmi()) {
991	CHECK(Smi::ToInt(cache_stamp()) <=
992	Smi::ToInt(isolate->date_cache()->stamp()));
993	}
994	}
995
996	void JSMessageObject::JSMessageObjectVerify(Isolate* isolate) {
997	CHECK(IsJSMessageObject());
998	VerifyObjectField(isolate, kStartPositionOffset);
999	VerifyObjectField(isolate, kEndPositionOffset);
1000	VerifyObjectField(isolate, kArgumentsOffset);
1001	VerifyObjectField(isolate, kScriptOffset);
1002	VerifyObjectField(isolate, kStackFramesOffset);
1003	VerifySmiField(kMessageTypeOffset);
1004	VerifySmiField(kStartPositionOffset);
1005	VerifySmiField(kEndPositionOffset);
1006	VerifySmiField(kErrorLevelOffset);
1007	}
1008
1009	void String::StringVerify(Isolate* isolate) {
1010	CHECK(IsString());
1011	CHECK(length() >= `0` && length() <= Smi::kMaxValue);
1012	CHECK_IMPLIES(length() == `0`, *this == ReadOnlyRoots (isolate).empty_string());
1013	CHECK_EQ(*this == ReadOnlyRoots (isolate).empty_string(),
1014	map() == ReadOnlyRoots (isolate).empty_string_map());
1015	if (IsInternalizedString()) {
1016	CHECK(!ObjectInYoungGeneration(*this));
1017	}
1018	if (IsConsString()) {
1019	ConsString::cast(*this)->ConsStringVerify(isolate);
1020	} else if (IsSlicedString()) {
1021	SlicedString::cast(*this)->SlicedStringVerify(isolate);
1022	} else if (IsThinString()) {
1023	ThinString::cast(*this)->ThinStringVerify(isolate);
1024	}
1025	}
1026
1027	void ConsString::ConsStringVerify(Isolate* isolate) {
1028	CHECK(this->first()->IsString());
1029	CHECK(this->second()->IsString());
1030	CHECK_GT(this->first()->length(), `0`);
1031	CHECK_GE(this->length(), ConsString::kMinLength);
1032	CHECK(this->length() == this->first()->length() + this->second()->length());
1033	if (this->IsFlat()) {
1034	// A flat cons can only be created by String::SlowFlatten.
1035	// Afterwards, the first part may be externalized or internalized.
1036	CHECK(this->first()->IsSeqString() \|\| this->first()->IsExternalString() \|\|
1037	this->first()->IsThinString());
1038	}
1039	}
1040
1041	void ThinString::ThinStringVerify(Isolate* isolate) {
1042	CHECK(this->actual()->IsInternalizedString());
1043	CHECK(this->actual()->IsSeqString() \|\| this->actual()->IsExternalString());
1044	}
1045
1046	void SlicedString::SlicedStringVerify(Isolate* isolate) {
1047	CHECK(!this->parent()->IsConsString());
1048	CHECK(!this->parent()->IsSlicedString());
1049	CHECK_GE(this->length(), SlicedString::kMinLength);
1050	}
1051
1052	void JSBoundFunction::JSBoundFunctionVerify(Isolate* isolate) {
1053	CHECK(IsJSBoundFunction());
1054	JSObjectVerify(isolate);
1055	VerifyObjectField(isolate, kBoundThisOffset);
1056	VerifyObjectField(isolate, kBoundTargetFunctionOffset);
1057	VerifyObjectField(isolate, kBoundArgumentsOffset);
1058	CHECK(IsCallable());
1059
1060	if (!raw_bound_target_function()->IsUndefined(isolate)) {
1061	CHECK(bound_target_function()->IsCallable());
1062	CHECK_EQ(IsConstructor(), bound_target_function()->IsConstructor());
1063	}
1064	}
1065
1066	void JSFunction::JSFunctionVerify(Isolate* isolate) {
1067	CHECK(IsJSFunction());
1068	JSObjectVerify(isolate);
1069	VerifyHeapPointer(isolate, raw_feedback_cell());
1070	CHECK(raw_feedback_cell()->IsFeedbackCell());
1071	CHECK(code()->IsCode());
1072	CHECK(map()->is_callable());
1073	Handle<JSFunction> function(*this, isolate);
1074	LookupIterator it(isolate, function, isolate->factory()->prototype_string(),
1075	LookupIterator::OWN_SKIP_INTERCEPTOR);
1076	if (has_prototype_slot()) {
1077	VerifyObjectField(isolate, kPrototypeOrInitialMapOffset);
1078	}
1079
1080	if (has_prototype_property()) {
1081	CHECK(it.IsFound());
1082	CHECK_EQ(LookupIterator::ACCESSOR, it.state());
1083	CHECK(it.GetAccessors()->IsAccessorInfo());
1084	} else {
1085	CHECK(!it.IsFound() \|\| it.state() != LookupIterator::ACCESSOR \|\|
1086	!it.GetAccessors()->IsAccessorInfo());
1087	}
1088	}
1089
1090	void SharedFunctionInfo::SharedFunctionInfoVerify(Isolate* isolate) {
1091	CHECK(IsSharedFunctionInfo());
1092
1093	VerifyObjectField(isolate, kFunctionDataOffset);
1094	VerifyObjectField(isolate, kOuterScopeInfoOrFeedbackMetadataOffset);
1095	VerifyObjectField(isolate, kScriptOrDebugInfoOffset);
1096	VerifyObjectField(isolate, kNameOrScopeInfoOffset);
1097
1098	Object value = name_or_scope_info();
1099	CHECK(value == kNoSharedNameSentinel \|\| value ->IsString() \|\|
1100	value ->IsScopeInfo());
1101	if (value ->IsScopeInfo()) {
1102	CHECK_LT(`0`, ScopeInfo::cast(value)->length());
1103	CHECK_NE(value, ReadOnlyRoots (isolate).empty_scope_info());
1104	}
1105
1106	CHECK(HasWasmExportedFunctionData() \|\| IsApiFunction() \|\|
1107	HasBytecodeArray() \|\| HasAsmWasmData() \|\| HasBuiltinId() \|\|
1108	HasUncompiledDataWithPreparseData() \|\|
1109	HasUncompiledDataWithoutPreparseData());
1110
1111	CHECK(script_or_debug_info()->IsUndefined(isolate) \|\|
1112	script_or_debug_info()->IsScript() \|\| HasDebugInfo());
1113
1114	if (!is_compiled()) {
1115	CHECK(!HasFeedbackMetadata());
1116	CHECK(outer_scope_info()->IsScopeInfo() \|\|
1117	outer_scope_info()->IsTheHole(isolate));
1118	} else if (HasBytecodeArray() && HasFeedbackMetadata()) {
1119	CHECK(feedback_metadata()->IsFeedbackMetadata());
1120	}
1121
1122	int expected_map_index = Context::FunctionMapIndex(
1123	language_mode(), kind(), HasSharedName(), needs_home_object());
1124	CHECK_EQ(expected_map_index, function_map_index());
1125
1126	if (scope_info()->length() > `0`) {
1127	ScopeInfo info = scope_info();
1128	CHECK(kind() == info ->function_kind());
1129	CHECK_EQ(kind() == kModule, info ->scope_type() == MODULE_SCOPE);
1130	}
1131
1132	if (IsApiFunction()) {
1133	CHECK(construct_as_builtin());
1134	} else if (!HasBuiltinId()) {
1135	CHECK(!construct_as_builtin());
1136	} else {
1137	int id = builtin_id();
1138	if (id != Builtins::kCompileLazy && id != Builtins::kEmptyFunction) {
1139	CHECK(construct_as_builtin());
1140	} else {
1141	CHECK(!construct_as_builtin());
1142	}
1143	}
1144
1145	// At this point we only support skipping arguments adaptor frames
1146	// for strict mode functions (see https://crbug.com/v8/8895).
1147	CHECK_IMPLIES(is_safe_to_skip_arguments_adaptor(),
1148	language_mode() == LanguageMode::kStrict);
1149	}
1150
1151	void JSGlobalProxy::JSGlobalProxyVerify(Isolate* isolate) {
1152	CHECK(IsJSGlobalProxy());
1153	JSObjectVerify(isolate);
1154	VerifyObjectField(isolate, JSGlobalProxy::kNativeContextOffset);
1155	CHECK(map()->is_access_check_needed());
1156	// Make sure that this object has no properties, elements.
1157	CHECK_EQ(`0`, FixedArray::cast(elements())->length());
1158	}
1159
1160	void JSGlobalObject::JSGlobalObjectVerify(Isolate* isolate) {
1161	CHECK(IsJSGlobalObject());
1162	// Do not check the dummy global object for the builtins.
1163	if (global_dictionary()->NumberOfElements() == `0` &&
1164	elements()->length() == `0`) {
1165	return;
1166	}
1167	JSObjectVerify(isolate);
1168	}
1169
1170	void Oddball::OddballVerify(Isolate* isolate) {
1171	CHECK(IsOddball());
1172	Heap* heap = isolate->heap();
1173	VerifyHeapPointer(isolate, to_string());
1174	Object number = to_number();
1175	if (number ->IsHeapObject()) {
1176	CHECK(number == ReadOnlyRoots (heap).nan_value() \|\|
1177	number == ReadOnlyRoots (heap).hole_nan_value());
1178	} else {
1179	CHECK(number ->IsSmi());
1180	int value = Smi::ToInt(number);
1181	// Hidden oddballs have negative smis.
1182	const int kLeastHiddenOddballNumber = -`7`;
1183	CHECK_LE(value, `1`);
1184	CHECK_GE(value, kLeastHiddenOddballNumber);
1185	}
1186
1187	ReadOnlyRoots roots(heap);
1188	if (map() == roots.undefined_map()) {
1189	CHECK(*this == roots.undefined_value());
1190	} else if (map() == roots.the_hole_map()) {
1191	CHECK(*this == roots.the_hole_value());
1192	} else if (map() == roots.null_map()) {
1193	CHECK(*this == roots.null_value());
1194	} else if (map() == roots.boolean_map()) {
1195	CHECK(*this == roots.true_value() \|\| *this == roots.false_value());
1196	} else if (map() == roots.uninitialized_map()) {
1197	CHECK(*this == roots.uninitialized_value());
1198	} else if (map() == roots.arguments_marker_map()) {
1199	CHECK(*this == roots.arguments_marker());
1200	} else if (map() == roots.termination_exception_map()) {
1201	CHECK(*this == roots.termination_exception());
1202	} else if (map() == roots.exception_map()) {
1203	CHECK(*this == roots.exception());
1204	} else if (map() == roots.optimized_out_map()) {
1205	CHECK(*this == roots.optimized_out());
1206	} else if (map() == roots.stale_register_map()) {
1207	CHECK(*this == roots.stale_register());
1208	} else if (map() == roots.self_reference_marker_map()) {
1209	// Multiple instances of this oddball may exist at once.
1210	CHECK_EQ(kind(), Oddball::kSelfReferenceMarker);
1211	} else {
1212	UNREACHABLE();
1213	}
1214	CHECK(to_string()->IsString());
1215	CHECK(type_of()->IsString());
1216	}
1217
1218	void Cell::CellVerify(Isolate* isolate) {
1219	CHECK(IsCell());
1220	VerifyObjectField(isolate, kValueOffset);
1221	}
1222
1223	void PropertyCell::PropertyCellVerify(Isolate* isolate) {
1224	CHECK(IsPropertyCell());
1225	VerifyObjectField(isolate, kValueOffset);
1226	}
1227
1228	void CodeDataContainer::CodeDataContainerVerify(Isolate* isolate) {
1229	CHECK(IsCodeDataContainer());
1230	VerifyObjectField(isolate, kNextCodeLinkOffset);
1231	CHECK(next_code_link()->IsCode() \|\| next_code_link()->IsUndefined(isolate));
1232	}
1233
1234	void Code::CodeVerify(Isolate* isolate) {
1235	CHECK_IMPLIES(
1236	has_safepoint_table(),
1237	IsAligned(safepoint_table_offset(), static_cast<unsigned>(kIntSize)));
1238	CHECK_LE(safepoint_table_offset(), handler_table_offset());
1239	CHECK_LE(handler_table_offset(), constant_pool_offset());
1240	CHECK_LE(constant_pool_offset(), code_comments_offset());
1241	CHECK_LE(code_comments_offset(), InstructionSize());
1242	CHECK(IsAligned(raw_instruction_start(), kCodeAlignment));
1243	relocation_info()->ObjectVerify(isolate);
1244	CHECK(Code::SizeFor(body_size()) <= kMaxRegularHeapObjectSize \|\|
1245	isolate->heap()->InSpace(*this, CODE_LO_SPACE));
1246	Address last_gc_pc = kNullAddress;
1247
1248	for (RelocIterator it(*this); !it.done(); it.next()) {
1249	it.rinfo()->Verify(isolate);
1250	// Ensure that GC will not iterate twice over the same pointer.
1251	if (RelocInfo::IsGCRelocMode(it.rinfo()->rmode())) {
1252	CHECK(it.rinfo()->pc() != last_gc_pc);
1253	last_gc_pc = it.rinfo()->pc();
1254	}
1255	}
1256	}
1257
1258	void JSArray::JSArrayVerify(Isolate* isolate) {
1259	JSObjectVerify(isolate);
1260	CHECK(length()->IsNumber() \|\| length()->IsUndefined(isolate));
1261	// If a GC was caused while constructing this array, the elements
1262	// pointer may point to a one pointer filler map.
1263	if (!ElementsAreSafeToExamine()) return;
1264	if (elements()->IsUndefined(isolate)) return;
1265	CHECK(elements()->IsFixedArray() \|\| elements()->IsFixedDoubleArray());
1266	if (elements()->length() == `0`) {
1267	CHECK_EQ(elements(), ReadOnlyRoots (isolate).empty_fixed_array());
1268	}
1269	if (!length()->IsNumber()) return;
1270	// Verify that the length and the elements backing store are in sync.
1271	if (length()->IsSmi() && (HasFastElements() \|\| HasFrozenOrSealedElements())) {
1272	if (elements()->length() > `0`) {
1273	CHECK_IMPLIES(HasDoubleElements(), elements()->IsFixedDoubleArray());
1274	CHECK_IMPLIES(HasSmiOrObjectElements() \|\| HasFrozenOrSealedElements(),
1275	elements()->IsFixedArray());
1276	}
1277	int size = Smi::ToInt(length());
1278	// Holey / Packed backing stores might have slack or might have not been
1279	// properly initialized yet.
1280	CHECK(size <= elements()->length() \|\|
1281	elements() == ReadOnlyRoots (isolate).empty_fixed_array());
1282	} else {
1283	CHECK(HasDictionaryElements());
1284	uint32_t array_length;
1285	CHECK(length()->ToArrayLength(&array_length));
1286	if (array_length == `0xFFFFFFFF`) {
1287	CHECK(length()->ToArrayLength(&array_length));
1288	}
1289	if (array_length != `0`) {
1290	NumberDictionary dict = NumberDictionary::cast(elements());
1291	// The dictionary can never have more elements than the array length + 1.
1292	// If the backing store grows the verification might be triggered with
1293	// the old length in place.
1294	uint32_t nof_elements = static_cast<uint32_t>(dict ->NumberOfElements());
1295	if (nof_elements != `0`) nof_elements--;
1296	CHECK_LE(nof_elements, array_length);
1297	}
1298	}
1299	}
1300
1301	void JSSet::JSSetVerify(Isolate* isolate) {
1302	CHECK(IsJSSet());
1303	JSObjectVerify(isolate);
1304	VerifyHeapPointer(isolate, table());
1305	CHECK(table()->IsOrderedHashSet() \|\| table()->IsUndefined(isolate));
1306	// TODO(arv): Verify OrderedHashTable too.
1307	}
1308
1309	void JSMap::JSMapVerify(Isolate* isolate) {
1310	CHECK(IsJSMap());
1311	JSObjectVerify(isolate);
1312	VerifyHeapPointer(isolate, table());
1313	CHECK(table()->IsOrderedHashMap() \|\| table()->IsUndefined(isolate));
1314	// TODO(arv): Verify OrderedHashTable too.
1315	}
1316
1317	void JSSetIterator::JSSetIteratorVerify(Isolate* isolate) {
1318	CHECK(IsJSSetIterator());
1319	JSObjectVerify(isolate);
1320	VerifyHeapPointer(isolate, table());
1321	CHECK(table()->IsOrderedHashSet());
1322	CHECK(index()->IsSmi());
1323	}
1324
1325	void JSMapIterator::JSMapIteratorVerify(Isolate* isolate) {
1326	CHECK(IsJSMapIterator());
1327	JSObjectVerify(isolate);
1328	VerifyHeapPointer(isolate, table());
1329	CHECK(table()->IsOrderedHashMap());
1330	CHECK(index()->IsSmi());
1331	}
1332
1333	void WeakCell::WeakCellVerify(Isolate* isolate) {
1334	CHECK(IsWeakCell());
1335
1336	CHECK(target()->IsJSReceiver() \|\| target()->IsUndefined(isolate));
1337
1338	CHECK(prev()->IsWeakCell() \|\| prev()->IsUndefined(isolate));
1339	if (prev()->IsWeakCell()) {
1340	CHECK_EQ(WeakCell::cast(prev())->next(), *this);
1341	}
1342
1343	CHECK(next()->IsWeakCell() \|\| next()->IsUndefined(isolate));
1344	if (next()->IsWeakCell()) {
1345	CHECK_EQ(WeakCell::cast(next())->prev(), *this);
1346	}
1347
1348	CHECK_IMPLIES(key()->IsUndefined(isolate),
1349	key_list_prev()->IsUndefined(isolate));
1350	CHECK_IMPLIES(key()->IsUndefined(isolate),
1351	key_list_next()->IsUndefined(isolate));
1352
1353	CHECK(key_list_prev()->IsWeakCell() \|\| key_list_prev()->IsUndefined(isolate));
1354	if (key_list_prev()->IsWeakCell()) {
1355	CHECK_EQ(WeakCell::cast(key_list_prev())->key_list_next(), *this);
1356	}
1357
1358	CHECK(key_list_next()->IsWeakCell() \|\| key_list_next()->IsUndefined(isolate));
1359	if (key_list_next()->IsWeakCell()) {
1360	CHECK_EQ(WeakCell::cast(key_list_next())->key_list_prev(), *this);
1361	}
1362
1363	CHECK(finalization_group()->IsUndefined(isolate) \|\|
1364	finalization_group()->IsJSFinalizationGroup());
1365	}
1366
1367	void JSWeakRef::JSWeakRefVerify(Isolate* isolate) {
1368	CHECK(IsJSWeakRef());
1369	JSObjectVerify(isolate);
1370	CHECK(target()->IsUndefined(isolate) \|\| target()->IsJSReceiver());
1371	}
1372
1373	void JSFinalizationGroup::JSFinalizationGroupVerify(Isolate* isolate) {
1374	CHECK(IsJSFinalizationGroup());
1375	JSObjectVerify(isolate);
1376	VerifyHeapPointer(isolate, cleanup());
1377	CHECK(active_cells()->IsUndefined(isolate) \|\| active_cells()->IsWeakCell());
1378	if (active_cells()->IsWeakCell()) {
1379	CHECK(WeakCell::cast(active_cells())->prev()->IsUndefined(isolate));
1380	}
1381	CHECK(cleared_cells()->IsUndefined(isolate) \|\| cleared_cells()->IsWeakCell());
1382	if (cleared_cells()->IsWeakCell()) {
1383	CHECK(WeakCell::cast(cleared_cells())->prev()->IsUndefined(isolate));
1384	}
1385	}
1386
1387	void JSFinalizationGroupCleanupIterator::
1388	JSFinalizationGroupCleanupIteratorVerify(Isolate* isolate) {
1389	CHECK(IsJSFinalizationGroupCleanupIterator());
1390	JSObjectVerify(isolate);
1391	VerifyHeapPointer(isolate, finalization_group());
1392	}
1393
1394	void FinalizationGroupCleanupJobTask::FinalizationGroupCleanupJobTaskVerify(
1395	Isolate* isolate) {
1396	CHECK(IsFinalizationGroupCleanupJobTask());
1397	CHECK(finalization_group()->IsJSFinalizationGroup());
1398	}
1399
1400	void JSWeakMap::JSWeakMapVerify(Isolate* isolate) {
1401	CHECK(IsJSWeakMap());
1402	JSObjectVerify(isolate);
1403	VerifyHeapPointer(isolate, table());
1404	CHECK(table()->IsEphemeronHashTable() \|\| table()->IsUndefined(isolate));
1405	}
1406
1407	void JSArrayIterator::JSArrayIteratorVerify(Isolate* isolate) {
1408	CHECK(IsJSArrayIterator());
1409	JSObjectVerify(isolate);
1410	CHECK(iterated_object()->IsJSReceiver());
1411
1412	CHECK_GE(next_index()->Number(), `0`);
1413	CHECK_LE(next_index()->Number(), kMaxSafeInteger);
1414
1415	if (iterated_object()->IsJSTypedArray()) {
1416	// JSTypedArray::length is limited to Smi range.
1417	CHECK(next_index()->IsSmi());
1418	CHECK_LE(next_index()->Number(), Smi::kMaxValue);
1419	} else if (iterated_object()->IsJSArray()) {
1420	// JSArray::length is limited to Uint32 range.
1421	CHECK_LE(next_index()->Number(), kMaxUInt32);
1422	}
1423	}
1424
1425	void JSStringIterator::JSStringIteratorVerify(Isolate* isolate) {
1426	CHECK(IsJSStringIterator());
1427	JSObjectVerify(isolate);
1428	CHECK(string()->IsString());
1429
1430	CHECK_GE(index(), `0`);
1431	CHECK_LE(index(), String::kMaxLength);
1432	}
1433
1434	void JSAsyncFromSyncIterator::JSAsyncFromSyncIteratorVerify(Isolate* isolate) {
1435	CHECK(IsJSAsyncFromSyncIterator());
1436	JSObjectVerify(isolate);
1437	VerifyHeapPointer(isolate, sync_iterator());
1438	}
1439
1440	void JSWeakSet::JSWeakSetVerify(Isolate* isolate) {
1441	CHECK(IsJSWeakSet());
1442	JSObjectVerify(isolate);
1443	VerifyHeapPointer(isolate, table());
1444	CHECK(table()->IsEphemeronHashTable() \|\| table()->IsUndefined(isolate));
1445	}
1446
1447	void Microtask::MicrotaskVerify(Isolate* isolate) { CHECK(IsMicrotask()); }
1448
1449	void CallableTask::CallableTaskVerify(Isolate* isolate) {
1450	CHECK(IsCallableTask());
1451	MicrotaskVerify(isolate);
1452	VerifyHeapPointer(isolate, callable());
1453	CHECK(callable()->IsCallable());
1454	VerifyHeapPointer(isolate, context());
1455	CHECK(context()->IsContext());
1456	}
1457
1458	void CallbackTask::CallbackTaskVerify(Isolate* isolate) {
1459	CHECK(IsCallbackTask());
1460	MicrotaskVerify(isolate);
1461	VerifyHeapPointer(isolate, callback());
1462	VerifyHeapPointer(isolate, data());
1463	}
1464
1465	void PromiseReactionJobTask::PromiseReactionJobTaskVerify(Isolate* isolate) {
1466	CHECK(IsPromiseReactionJobTask());
1467	MicrotaskVerify(isolate);
1468	VerifyPointer(isolate, argument());
1469	VerifyHeapPointer(isolate, context());
1470	CHECK(context()->IsContext());
1471	VerifyHeapPointer(isolate, handler());
1472	CHECK(handler()->IsUndefined(isolate) \|\| handler()->IsCallable());
1473	VerifyHeapPointer(isolate, promise_or_capability());
1474	CHECK(promise_or_capability()->IsJSPromise() \|\|
1475	promise_or_capability()->IsPromiseCapability() \|\|
1476	promise_or_capability()->IsUndefined(isolate));
1477	}
1478
1479	void PromiseFulfillReactionJobTask::PromiseFulfillReactionJobTaskVerify(
1480	Isolate* isolate) {
1481	CHECK(IsPromiseFulfillReactionJobTask());
1482	PromiseReactionJobTaskVerify(isolate);
1483	}
1484
1485	void PromiseRejectReactionJobTask::PromiseRejectReactionJobTaskVerify(
1486	Isolate* isolate) {
1487	CHECK(IsPromiseRejectReactionJobTask());
1488	PromiseReactionJobTaskVerify(isolate);
1489	}
1490
1491	void PromiseResolveThenableJobTask::PromiseResolveThenableJobTaskVerify(
1492	Isolate* isolate) {
1493	CHECK(IsPromiseResolveThenableJobTask());
1494	MicrotaskVerify(isolate);
1495	VerifyHeapPointer(isolate, context());
1496	CHECK(context()->IsContext());
1497	VerifyHeapPointer(isolate, promise_to_resolve());
1498	CHECK(promise_to_resolve()->IsJSPromise());
1499	VerifyHeapPointer(isolate, then());
1500	CHECK(then()->IsCallable());
1501	CHECK(then()->IsJSReceiver());
1502	VerifyHeapPointer(isolate, thenable());
1503	CHECK(thenable()->IsJSReceiver());
1504	}
1505
1506	void PromiseCapability::PromiseCapabilityVerify(Isolate* isolate) {
1507	CHECK(IsPromiseCapability());
1508
1509	VerifyHeapPointer(isolate, promise());
1510	CHECK(promise()->IsJSReceiver() \|\| promise()->IsUndefined(isolate));
1511	VerifyPointer(isolate, resolve());
1512	VerifyPointer(isolate, reject());
1513	}
1514
1515	void PromiseReaction::PromiseReactionVerify(Isolate* isolate) {
1516	CHECK(IsPromiseReaction());
1517
1518	VerifyPointer(isolate, next());
1519	CHECK(next()->IsSmi() \|\| next()->IsPromiseReaction());
1520	VerifyHeapPointer(isolate, reject_handler());
1521	CHECK(reject_handler()->IsUndefined(isolate) \|\|
1522	reject_handler()->IsCallable());
1523	VerifyHeapPointer(isolate, fulfill_handler());
1524	CHECK(fulfill_handler()->IsUndefined(isolate) \|\|
1525	fulfill_handler()->IsCallable());
1526	VerifyHeapPointer(isolate, promise_or_capability());
1527	CHECK(promise_or_capability()->IsJSPromise() \|\|
1528	promise_or_capability()->IsPromiseCapability() \|\|
1529	promise_or_capability()->IsUndefined(isolate));
1530	}
1531
1532	void JSPromise::JSPromiseVerify(Isolate* isolate) {
1533	CHECK(IsJSPromise());
1534	JSObjectVerify(isolate);
1535	VerifyPointer(isolate, reactions_or_result());
1536	VerifySmiField(kFlagsOffset);
1537	if (status() == Promise::kPending) {
1538	CHECK(reactions()->IsSmi() \|\| reactions()->IsPromiseReaction());
1539	}
1540	}
1541
1542	template <typename Derived>
1543	void SmallOrderedHashTable<Derived>::SmallOrderedHashTableVerify(
1544	Isolate* isolate) {
1545	CHECK(IsSmallOrderedHashTable());
1546
1547	int capacity = Capacity();
1548	CHECK_GE(capacity, kMinCapacity);
1549	CHECK_LE(capacity, kMaxCapacity);
1550
1551	for (int entry = `0`; entry < NumberOfBuckets(); entry++) {
1552	int bucket = GetFirstEntry(entry);
1553	if (bucket == kNotFound) continue;
1554	CHECK_GE(bucket, `0`);
1555	CHECK_LE(bucket, capacity);
1556	}
1557
1558	for (int entry = `0`; entry < NumberOfElements(); entry++) {
1559	int chain = GetNextEntry(entry);
1560	if (chain == kNotFound) continue;
1561	CHECK_GE(chain, `0`);
1562	CHECK_LE(chain, capacity);
1563	}
1564
1565	for (int entry = `0`; entry < NumberOfElements(); entry++) {
1566	for (int offset = `0`; offset < Derived::kEntrySize; offset++) {
1567	Object val = GetDataEntry(entry, offset);
1568	VerifyPointer(isolate, val);
1569	}
1570	}
1571
1572	for (int entry = NumberOfElements() + NumberOfDeletedElements();
1573	entry < Capacity(); entry++) {
1574	for (int offset = `0`; offset < Derived::kEntrySize; offset++) {
1575	Object val = GetDataEntry(entry, offset);
1576	CHECK(val ->IsTheHole(isolate));
1577	}
1578	}
1579	}
1580	void SmallOrderedHashMap::SmallOrderedHashMapVerify(Isolate* isolate) {
1581	SmallOrderedHashTable<SmallOrderedHashMap>::SmallOrderedHashTableVerify(
1582	isolate);
1583	for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1584	entry++) {
1585	for (int offset = `0`; offset < kEntrySize; offset++) {
1586	Object val = GetDataEntry(entry, offset);
1587	CHECK(val ->IsTheHole(isolate));
1588	}
1589	}
1590	}
1591
1592	void SmallOrderedHashSet::SmallOrderedHashSetVerify(Isolate* isolate) {
1593	SmallOrderedHashTable<SmallOrderedHashSet>::SmallOrderedHashTableVerify(
1594	isolate);
1595	for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1596	entry++) {
1597	for (int offset = `0`; offset < kEntrySize; offset++) {
1598	Object val = GetDataEntry(entry, offset);
1599	CHECK(val ->IsTheHole(isolate));
1600	}
1601	}
1602	}
1603
1604	void SmallOrderedNameDictionary::SmallOrderedNameDictionaryVerify(
1605	Isolate* isolate) {
1606	SmallOrderedHashTable<
1607	SmallOrderedNameDictionary>::SmallOrderedHashTableVerify(isolate);
1608	for (int entry = NumberOfElements(); entry < NumberOfDeletedElements();
1609	entry++) {
1610	for (int offset = `0`; offset < kEntrySize; offset++) {
1611	Object val = GetDataEntry(entry, offset);
1612	CHECK(val ->IsTheHole(isolate) \|\|
1613	(PropertyDetails::Empty().AsSmi() == Smi::cast(val)));
1614	}
1615	}
1616	}
1617
1618	void JSRegExp::JSRegExpVerify(Isolate* isolate) {
1619	JSObjectVerify(isolate);
1620	CHECK(data()->IsUndefined(isolate) \|\| data()->IsFixedArray());
1621	CHECK(source()->IsUndefined(isolate) \|\| source()->IsString());
1622	CHECK(flags()->IsUndefined() \|\| flags()->IsSmi());
1623	switch (TypeTag()) {
1624	case JSRegExp::ATOM: {
1625	FixedArray arr = FixedArray::cast(data());
1626	CHECK(arr ->get(JSRegExp::kAtomPatternIndex)->IsString());
1627	break;
1628	}
1629	case JSRegExp::IRREGEXP: {
1630	bool is_native = RegExpImpl::UsesNativeRegExp();
1631
1632	FixedArray arr = FixedArray::cast(data());
1633	Object one_byte_data = arr ->get(JSRegExp::kIrregexpLatin1CodeIndex);
1634	// Smi : Not compiled yet (-1).
1635	// Code/ByteArray: Compiled code.
1636	CHECK(
1637	(one_byte_data ->IsSmi() &&
1638	Smi::ToInt(one_byte_data) == JSRegExp::kUninitializedValue) \|\|
1639	(is_native ? one_byte_data ->IsCode() : one_byte_data ->IsByteArray()));
1640	Object uc16_data = arr ->get(JSRegExp::kIrregexpUC16CodeIndex);
1641	CHECK((uc16_data ->IsSmi() &&
1642	Smi::ToInt(uc16_data) == JSRegExp::kUninitializedValue) \|\|
1643	(is_native ? uc16_data ->IsCode() : uc16_data ->IsByteArray()));
1644
1645	CHECK(arr ->get(JSRegExp::kIrregexpCaptureCountIndex)->IsSmi());
1646	CHECK(arr ->get(JSRegExp::kIrregexpMaxRegisterCountIndex)->IsSmi());
1647	break;
1648	}
1649	default:
1650	CHECK_EQ(JSRegExp::NOT_COMPILED, TypeTag());
1651	CHECK(data()->IsUndefined(isolate));
1652	break;
1653	}
1654	}
1655
1656	void JSRegExpStringIterator::JSRegExpStringIteratorVerify(Isolate* isolate) {
1657	CHECK(IsJSRegExpStringIterator());
1658	JSObjectVerify(isolate);
1659	CHECK(iterating_string()->IsString());
1660	CHECK(iterating_regexp()->IsObject());
1661	VerifySmiField(kFlagsOffset);
1662	}
1663
1664	void JSProxy::JSProxyVerify(Isolate* isolate) {
1665	CHECK(IsJSProxy());
1666	CHECK(map()->GetConstructor()->IsJSFunction());
1667	VerifyPointer(isolate, target());
1668	VerifyPointer(isolate, handler());
1669	if (!IsRevoked()) {
1670	CHECK_EQ(target()->IsCallable(), map()->is_callable());
1671	CHECK_EQ(target()->IsConstructor(), map()->is_constructor());
1672	}
1673	CHECK(map()->prototype()->IsNull(isolate));
1674	// There should be no properties on a Proxy.
1675	CHECK_EQ(`0`, map()->NumberOfOwnDescriptors());
1676	}
1677
1678	void JSArrayBuffer::JSArrayBufferVerify(Isolate* isolate) {
1679	CHECK(IsJSArrayBuffer());
1680	if (FIELD_SIZE(kOptionalPaddingOffset) != `0`) {
1681	CHECK_EQ(`4`, FIELD_SIZE(kOptionalPaddingOffset));
1682	CHECK_EQ(`0`,
1683	*reinterpret_cast<uint32_t*>(address() + kOptionalPaddingOffset));
1684	}
1685	JSObjectVerify(isolate);
1686	}
1687
1688	void JSArrayBufferView::JSArrayBufferViewVerify(Isolate* isolate) {
1689	CHECK(IsJSArrayBufferView());
1690	JSObjectVerify(isolate);
1691	VerifyPointer(isolate, buffer());
1692	CHECK(buffer()->IsJSArrayBuffer() \|\| buffer()->IsUndefined(isolate) \|\|
1693	buffer() == Smi::kZero);
1694	CHECK_LE(byte_length(), JSArrayBuffer::kMaxByteLength);
1695	CHECK_LE(byte_offset(), JSArrayBuffer::kMaxByteLength);
1696	}
1697
1698	void JSTypedArray::JSTypedArrayVerify(Isolate* isolate) {
1699	CHECK(IsJSTypedArray());
1700	JSArrayBufferViewVerify(isolate);
1701	VerifyPointer(isolate, raw_length());
1702	CHECK(raw_length()->IsSmi() \|\| raw_length()->IsUndefined(isolate));
1703	VerifyPointer(isolate, elements());
1704	}
1705
1706	void JSDataView::JSDataViewVerify(Isolate* isolate) {
1707	CHECK(IsJSDataView());
1708	JSArrayBufferViewVerify(isolate);
1709	}
1710
1711	void Foreign::ForeignVerify(Isolate* isolate) { CHECK(IsForeign()); }
1712
1713	void AsyncGeneratorRequest::AsyncGeneratorRequestVerify(Isolate* isolate) {
1714	CHECK(IsAsyncGeneratorRequest());
1715	VerifySmiField(kResumeModeOffset);
1716	CHECK_GE(resume_mode(), JSGeneratorObject::kNext);
1717	CHECK_LE(resume_mode(), JSGeneratorObject::kThrow);
1718	CHECK(promise()->IsJSPromise());
1719	VerifyPointer(isolate, value());
1720	VerifyPointer(isolate, next());
1721	next()->ObjectVerify(isolate);
1722	}
1723
1724	void BigInt::BigIntVerify(Isolate* isolate) {
1725	CHECK(IsBigInt());
1726	CHECK_GE(length(), `0`);
1727	CHECK_IMPLIES(is_zero(), !sign()); // There is no -0n.
1728	}
1729
1730	void JSModuleNamespace::JSModuleNamespaceVerify(Isolate* isolate) {
1731	CHECK(IsJSModuleNamespace());
1732	VerifyPointer(isolate, module());
1733	}
1734
1735	void ModuleInfoEntry::ModuleInfoEntryVerify(Isolate* isolate) {
1736	CHECK(IsModuleInfoEntry());
1737
1738	CHECK(export_name()->IsUndefined(isolate) \|\| export_name()->IsString());
1739	CHECK(local_name()->IsUndefined(isolate) \|\| local_name()->IsString());
1740	CHECK(import_name()->IsUndefined(isolate) \|\| import_name()->IsString());
1741
1742	VerifySmiField(kModuleRequestOffset);
1743	VerifySmiField(kCellIndexOffset);
1744	VerifySmiField(kBegPosOffset);
1745	VerifySmiField(kEndPosOffset);
1746
1747	CHECK_IMPLIES(import_name()->IsString(), module_request() >= `0`);
1748	CHECK_IMPLIES(export_name()->IsString() && import_name()->IsString(),
1749	local_name()->IsUndefined(isolate));
1750	}
1751
1752	void Module::ModuleVerify(Isolate* isolate) {
1753	CHECK(IsModule());
1754
1755	VerifyPointer(isolate, code());
1756	VerifyPointer(isolate, exports());
1757	VerifyPointer(isolate, module_namespace());
1758	VerifyPointer(isolate, requested_modules());
1759	VerifyPointer(isolate, script());
1760	VerifyPointer(isolate, import_meta());
1761	VerifyPointer(isolate, exception());
1762	VerifySmiField(kHashOffset);
1763	VerifySmiField(kStatusOffset);
1764
1765	CHECK((status() >= kEvaluating && code()->IsModuleInfo()) \|\|
1766	(status() == kInstantiated && code()->IsJSGeneratorObject()) \|\|
1767	(status() == kInstantiating && code()->IsJSFunction()) \|\|
1768	(code()->IsSharedFunctionInfo()));
1769
1770	CHECK_EQ(status() == kErrored, !exception()->IsTheHole(isolate));
1771
1772	CHECK(module_namespace()->IsUndefined(isolate) \|\|
1773	module_namespace()->IsJSModuleNamespace());
1774	if (module_namespace()->IsJSModuleNamespace()) {
1775	CHECK_LE(kInstantiating, status());
1776	CHECK_EQ(JSModuleNamespace::cast(module_namespace())->module(), *this);
1777	}
1778
1779	CHECK_EQ(requested_modules()->length(), info()->module_requests()->length());
1780
1781	CHECK(import_meta()->IsTheHole(isolate) \|\| import_meta()->IsJSObject());
1782
1783	CHECK_NE(hash(), `0`);
1784	}
1785
1786	void PrototypeInfo::PrototypeInfoVerify(Isolate* isolate) {
1787	CHECK(IsPrototypeInfo());
1788	Object module_ns = module_namespace();
1789	CHECK(module_ns ->IsJSModuleNamespace() \|\| module_ns ->IsUndefined(isolate));
1790	if (prototype_users()->IsWeakArrayList()) {
1791	PrototypeUsers::Verify(WeakArrayList::cast(prototype_users()));
1792	} else {
1793	CHECK(prototype_users()->IsSmi());
1794	}
1795	}
1796
1797	void PrototypeUsers::Verify(WeakArrayList array) {
1798	if (array ->length() == `0`) {
1799	// Allow empty & uninitialized lists.
1800	return;
1801	}
1802	// Verify empty slot chain.
1803	int empty_slot = Smi::ToInt(empty_slot_index(array));
1804	int empty_slots_count = `0`;
1805	while (empty_slot != kNoEmptySlotsMarker) {
1806	CHECK_GT(empty_slot, `0`);
1807	CHECK_LT(empty_slot, array ->length());
1808	empty_slot = array ->Get(empty_slot).ToSmi().value();
1809	++empty_slots_count;
1810	}
1811
1812	// Verify that all elements are either weak pointers or SMIs marking empty
1813	// slots.
1814	int weak_maps_count = `0`;
1815	for (int i = kFirstIndex; i < array ->length(); ++i) {
1816	HeapObject heap_object;
1817	MaybeObject object = array ->Get(i);
1818	if ((object ->GetHeapObjectIfWeak(&heap_object) && heap_object ->IsMap()) \|\|
1819	object ->IsCleared()) {
1820	++weak_maps_count;
1821	} else {
1822	CHECK(object ->IsSmi());
1823	}
1824	}
1825
1826	CHECK_EQ(weak_maps_count + empty_slots_count + `1`, array ->length());
1827	}
1828
1829	void Tuple2::Tuple2Verify(Isolate* isolate) {
1830	CHECK(IsTuple2());
1831	Heap* heap = isolate->heap();
1832	if (*this == ReadOnlyRoots (heap).empty_enum_cache()) {
1833	CHECK_EQ(ReadOnlyRoots (heap).empty_fixed_array(),
1834	EnumCache::cast(*this)->keys());
1835	CHECK_EQ(ReadOnlyRoots (heap).empty_fixed_array(),
1836	EnumCache::cast(*this)->indices());
1837	} else {
1838	VerifyObjectField(isolate, kValue1Offset);
1839	VerifyObjectField(isolate, kValue2Offset);
1840	}
1841	}
1842
1843	void Tuple3::Tuple3Verify(Isolate* isolate) {
1844	CHECK(IsTuple3());
1845	VerifyObjectField(isolate, kValue1Offset);
1846	VerifyObjectField(isolate, kValue2Offset);
1847	VerifyObjectField(isolate, kValue3Offset);
1848	}
1849
1850	void ClassPositions::ClassPositionsVerify(Isolate* isolate) {
1851	CHECK(IsClassPositions());
1852	VerifySmiField(kStartOffset);
1853	VerifySmiField(kEndOffset);
1854	}
1855
1856	void ObjectBoilerplateDescription::ObjectBoilerplateDescriptionVerify(
1857	Isolate* isolate) {
1858	CHECK(IsObjectBoilerplateDescription());
1859	CHECK_GE(this->length(),
1860	ObjectBoilerplateDescription::kDescriptionStartIndex);
1861	this->FixedArrayVerify(isolate);
1862	}
1863
1864	void ArrayBoilerplateDescription::ArrayBoilerplateDescriptionVerify(
1865	Isolate* isolate) {
1866	CHECK(IsArrayBoilerplateDescription());
1867	CHECK(constant_elements()->IsFixedArrayBase());
1868	VerifyObjectField(isolate, kConstantElementsOffset);
1869	}
1870
1871	void AsmWasmData::AsmWasmDataVerify(Isolate* isolate) {
1872	CHECK(IsAsmWasmData());
1873	VerifyObjectField(isolate, kManagedNativeModuleOffset);
1874	VerifyObjectField(isolate, kExportWrappersOffset);
1875	VerifyObjectField(isolate, kAsmJsOffsetTableOffset);
1876	CHECK(uses_bitset()->IsHeapNumber());
1877	VerifyObjectField(isolate, kUsesBitsetOffset);
1878	}
1879
1880	void WasmDebugInfo::WasmDebugInfoVerify(Isolate* isolate) {
1881	CHECK(IsWasmDebugInfo());
1882	VerifyObjectField(isolate, kInstanceOffset);
1883	CHECK(wasm_instance()->IsWasmInstanceObject());
1884	VerifyObjectField(isolate, kInterpreterHandleOffset);
1885	CHECK(interpreter_handle()->IsUndefined(isolate) \|\|
1886	interpreter_handle()->IsForeign());
1887	VerifyObjectField(isolate, kInterpretedFunctionsOffset);
1888	VerifyObjectField(isolate, kLocalsNamesOffset);
1889	VerifyObjectField(isolate, kCWasmEntriesOffset);
1890	VerifyObjectField(isolate, kCWasmEntryMapOffset);
1891	}
1892
1893	void WasmExceptionTag::WasmExceptionTagVerify(Isolate* isolate) {
1894	CHECK(IsWasmExceptionTag());
1895	VerifySmiField(kIndexOffset);
1896	}
1897
1898	void WasmInstanceObject::WasmInstanceObjectVerify(Isolate* isolate) {
1899	JSObjectVerify(isolate);
1900	CHECK(IsWasmInstanceObject());
1901
1902	// Just generically check all tagged fields. Don't check the untagged fields,
1903	// as some of them might still contain the "undefined" value if the
1904	// WasmInstanceObject is not fully set up yet.
1905	for (int offset = kHeaderSize; offset < kEndOfTaggedFieldsOffset;
1906	offset += kTaggedSize) {
1907	VerifyObjectField(isolate, offset);
1908	}
1909	}
1910
1911	void WasmExportedFunctionData::WasmExportedFunctionDataVerify(
1912	Isolate* isolate) {
1913	CHECK(IsWasmExportedFunctionData());
1914	VerifyObjectField(isolate, kWrapperCodeOffset);
1915	CHECK(wrapper_code()->kind() == Code::JS_TO_WASM_FUNCTION \|\|
1916	wrapper_code()->kind() == Code::C_WASM_ENTRY);
1917	VerifyObjectField(isolate, kInstanceOffset);
1918	VerifySmiField(kJumpTableOffsetOffset);
1919	VerifySmiField(kFunctionIndexOffset);
1920	}
1921
1922	void WasmModuleObject::WasmModuleObjectVerify(Isolate* isolate) {
1923	CHECK(IsWasmModuleObject());
1924	VerifyObjectField(isolate, kNativeModuleOffset);
1925	CHECK(managed_native_module()->IsForeign());
1926	VerifyObjectField(isolate, kExportWrappersOffset);
1927	CHECK(export_wrappers()->IsFixedArray());
1928	VerifyObjectField(isolate, kScriptOffset);
1929	VerifyObjectField(isolate, kAsmJsOffsetTableOffset);
1930	VerifyObjectField(isolate, kBreakPointInfosOffset);
1931	}
1932
1933	void DataHandler::DataHandlerVerify(Isolate* isolate) {
1934	CHECK(IsDataHandler());
1935	CHECK_IMPLIES(!smi_handler()->IsSmi(),
1936	smi_handler()->IsCode() && IsStoreHandler());
1937	CHECK(validity_cell()->IsSmi() \|\| validity_cell()->IsCell());
1938	int data_count = data_field_count();
1939	if (data_count >= `1`) {
1940	VerifyMaybeObjectField(isolate, kData1Offset);
1941	}
1942	if (data_count >= `2`) {
1943	VerifyMaybeObjectField(isolate, kData2Offset);
1944	}
1945	if (data_count >= `3`) {
1946	VerifyMaybeObjectField(isolate, kData3Offset);
1947	}
1948	}
1949
1950	void LoadHandler::LoadHandlerVerify(Isolate* isolate) {
1951	DataHandler::DataHandlerVerify(isolate);
1952	// TODO(ishell): check handler integrity
1953	}
1954
1955	void StoreHandler::StoreHandlerVerify(Isolate* isolate) {
1956	DataHandler::DataHandlerVerify(isolate);
1957	// TODO(ishell): check handler integrity
1958	}
1959
1960	void AccessorInfo::AccessorInfoVerify(Isolate* isolate) {
1961	CHECK(IsAccessorInfo());
1962	VerifyPointer(isolate, name());
1963	VerifyPointer(isolate, expected_receiver_type());
1964	VerifyForeignPointer(isolate, *this, getter());
1965	VerifyForeignPointer(isolate, *this, setter());
1966	VerifyForeignPointer(isolate, *this, js_getter());
1967	VerifyPointer(isolate, data());
1968	}
1969
1970	void AccessorPair::AccessorPairVerify(Isolate* isolate) {
1971	CHECK(IsAccessorPair());
1972	VerifyPointer(isolate, getter());
1973	VerifyPointer(isolate, setter());
1974	}
1975
1976	void AccessCheckInfo::AccessCheckInfoVerify(Isolate* isolate) {
1977	CHECK(IsAccessCheckInfo());
1978	VerifyPointer(isolate, callback());
1979	VerifyPointer(isolate, named_interceptor());
1980	VerifyPointer(isolate, indexed_interceptor());
1981	VerifyPointer(isolate, data());
1982	}
1983
1984	void CallHandlerInfo::CallHandlerInfoVerify(Isolate* isolate) {
1985	CHECK(IsCallHandlerInfo());
1986	CHECK(map() == ReadOnlyRoots (isolate).side_effect_call_handler_info_map() \|\|
1987	map() ==
1988	ReadOnlyRoots (isolate).side_effect_free_call_handler_info_map() \|\|
1989	map() == ReadOnlyRoots (isolate)
1990	.next_call_side_effect_free_call_handler_info_map());
1991	VerifyPointer(isolate, callback());
1992	VerifyPointer(isolate, js_callback());
1993	VerifyPointer(isolate, data());
1994	}
1995
1996	void InterceptorInfo::InterceptorInfoVerify(Isolate* isolate) {
1997	CHECK(IsInterceptorInfo());
1998	VerifyForeignPointer(isolate, *this, getter());
1999	VerifyForeignPointer(isolate, *this, setter());
2000	VerifyForeignPointer(isolate, *this, query());
2001	VerifyForeignPointer(isolate, *this, deleter());
2002	VerifyForeignPointer(isolate, *this, enumerator());
2003	VerifyPointer(isolate, data());
2004	VerifySmiField(kFlagsOffset);
2005	}
2006
2007	void TemplateInfo::TemplateInfoVerify(Isolate* isolate) {
2008	VerifyPointer(isolate, tag());
2009	VerifyPointer(isolate, property_list());
2010	VerifyPointer(isolate, property_accessors());
2011	}
2012
2013	void FunctionTemplateInfo::FunctionTemplateInfoVerify(Isolate* isolate) {
2014	CHECK(IsFunctionTemplateInfo());
2015	TemplateInfoVerify(isolate);
2016	VerifyPointer(isolate, serial_number());
2017	VerifyPointer(isolate, call_code());
2018	VerifyPointer(isolate, signature());
2019	VerifyPointer(isolate, cached_property_name());
2020	VerifyPointer(isolate, rare_data());
2021	}
2022
2023	void FunctionTemplateRareData::FunctionTemplateRareDataVerify(
2024	Isolate* isolate) {
2025	CHECK(IsFunctionTemplateRareData());
2026	VerifyPointer(isolate, prototype_template());
2027	VerifyPointer(isolate, parent_template());
2028	VerifyPointer(isolate, named_property_handler());
2029	VerifyPointer(isolate, indexed_property_handler());
2030	VerifyPointer(isolate, instance_template());
2031	VerifyPointer(isolate, access_check_info());
2032	}
2033
2034	void ObjectTemplateInfo::ObjectTemplateInfoVerify(Isolate* isolate) {
2035	CHECK(IsObjectTemplateInfo());
2036	TemplateInfoVerify(isolate);
2037	VerifyPointer(isolate, constructor());
2038	VerifyPointer(isolate, data());
2039	}
2040
2041	void AllocationSite::AllocationSiteVerify(Isolate* isolate) {
2042	CHECK(IsAllocationSite());
2043	}
2044
2045	void AllocationMemento::AllocationMementoVerify(Isolate* isolate) {
2046	CHECK(IsAllocationMemento());
2047	VerifyHeapPointer(isolate, allocation_site());
2048	CHECK(!IsValid() \|\| GetAllocationSite()->IsAllocationSite());
2049	}
2050
2051	void Script::ScriptVerify(Isolate* isolate) {
2052	CHECK(IsScript());
2053	VerifyPointer(isolate, source());
2054	VerifyPointer(isolate, name());
2055	VerifyPointer(isolate, line_ends());
2056	for (int i = `0`; i < shared_function_infos()->length(); ++i) {
2057	MaybeObject maybe_object = shared_function_infos()->Get(i);
2058	HeapObject heap_object;
2059	CHECK(maybe_object ->IsWeak() \|\| maybe_object ->IsCleared() \|\|
2060	(maybe_object ->GetHeapObjectIfStrong(&heap_object) &&
2061	heap_object ->IsUndefined(isolate)));
2062	}
2063	VerifySmiField(kIdOffset);
2064	VerifySmiField(kLineOffsetOffset);
2065	VerifySmiField(kColumnOffsetOffset);
2066	VerifySmiField(kScriptTypeOffset);
2067	VerifySmiField(kEvalFromPositionOffset);
2068	VerifySmiField(kFlagsOffset);
2069	}
2070
2071	void NormalizedMapCache::NormalizedMapCacheVerify(Isolate* isolate) {
2072	WeakFixedArray::cast(*this)->WeakFixedArrayVerify(isolate);
2073	if (FLAG_enable_slow_asserts) {
2074	for (int i = `0`; i < length(); i++) {
2075	MaybeObject e = WeakFixedArray::Get(i);
2076	HeapObject heap_object;
2077	if (e ->GetHeapObjectIfWeak(&heap_object)) {
2078	Map::cast(heap_object)->DictionaryMapVerify(isolate);
2079	} else {
2080	CHECK(e ->IsCleared() \|\| (e ->GetHeapObjectIfStrong(&heap_object) &&
2081	heap_object ->IsUndefined(isolate)));
2082	}
2083	}
2084	}
2085	}
2086
2087	void DebugInfo::DebugInfoVerify(Isolate* isolate) {
2088	CHECK(IsDebugInfo());
2089	VerifyPointer(isolate, shared());
2090	VerifyPointer(isolate, script());
2091	VerifyPointer(isolate, original_bytecode_array());
2092	VerifyPointer(isolate, break_points());
2093	}
2094
2095	void StackTraceFrame::StackTraceFrameVerify(Isolate* isolate) {
2096	CHECK(IsStackTraceFrame());
2097	VerifySmiField(kFrameIndexOffset);
2098	VerifySmiField(kIdOffset);
2099	VerifyPointer(isolate, frame_array());
2100	VerifyPointer(isolate, frame_info());
2101	}
2102
2103	void StackFrameInfo::StackFrameInfoVerify(Isolate* isolate) {
2104	CHECK(IsStackFrameInfo());
2105	VerifyPointer(isolate, script_name());
2106	VerifyPointer(isolate, script_name_or_source_url());
2107	VerifyPointer(isolate, function_name());
2108	}
2109
2110	void PreparseData::PreparseDataVerify(Isolate* isolate) {
2111	CHECK(IsPreparseData());
2112	CHECK_LE(`0`, data_length());
2113	CHECK_LE(`0`, children_length());
2114
2115	for (int i = `0`; i < children_length(); ++i) {
2116	Object child = get_child_raw(i);
2117	CHECK(child ->IsNull() \|\| child ->IsPreparseData());
2118	VerifyPointer(isolate, child);
2119	}
2120	}
2121
2122	void UncompiledDataWithPreparseData::UncompiledDataWithPreparseDataVerify(
2123	Isolate* isolate) {
2124	CHECK(IsUncompiledDataWithPreparseData());
2125	VerifyPointer(isolate, inferred_name());
2126	VerifyPointer(isolate, preparse_data());
2127	}
2128
2129	void UncompiledDataWithoutPreparseData::UncompiledDataWithoutPreparseDataVerify(
2130	Isolate* isolate) {
2131	CHECK(IsUncompiledDataWithoutPreparseData());
2132	VerifyPointer(isolate, inferred_name());
2133	}
2134
2135	void InterpreterData::InterpreterDataVerify(Isolate* isolate) {
2136	CHECK(IsInterpreterData());
2137	CHECK(bytecode_array()->IsBytecodeArray());
2138	CHECK(interpreter_trampoline()->IsCode());
2139	}
2140
2141	#ifdef V8_INTL_SUPPORT
2142	void JSV8BreakIterator::JSV8BreakIteratorVerify(Isolate* isolate) {
2143	JSObjectVerify(isolate);
2144	VerifyObjectField(isolate, kLocaleOffset);
2145	VerifyObjectField(isolate, kTypeOffset);
2146	VerifyObjectField(isolate, kBreakIteratorOffset);
2147	VerifyObjectField(isolate, kUnicodeStringOffset);
2148	VerifyObjectField(isolate, kBoundAdoptTextOffset);
2149	VerifyObjectField(isolate, kBoundFirstOffset);
2150	VerifyObjectField(isolate, kBoundNextOffset);
2151	VerifyObjectField(isolate, kBoundCurrentOffset);
2152	VerifyObjectField(isolate, kBoundBreakTypeOffset);
2153	}
2154
2155	void JSCollator::JSCollatorVerify(Isolate* isolate) {
2156	CHECK(IsJSCollator());
2157	JSObjectVerify(isolate);
2158	VerifyObjectField(isolate, kICUCollatorOffset);
2159	VerifyObjectField(isolate, kBoundCompareOffset);
2160	}
2161
2162	void JSDateTimeFormat::JSDateTimeFormatVerify(Isolate* isolate) {
2163	JSObjectVerify(isolate);
2164	VerifyObjectField(isolate, kICULocaleOffset);
2165	VerifyObjectField(isolate, kICUSimpleDateFormatOffset);
2166	VerifyObjectField(isolate, kICUDateIntervalFormatOffset);
2167	VerifyObjectField(isolate, kBoundFormatOffset);
2168	VerifyObjectField(isolate, kFlagsOffset);
2169	}
2170
2171	void JSListFormat::JSListFormatVerify(Isolate* isolate) {
2172	JSObjectVerify(isolate);
2173	VerifyObjectField(isolate, kLocaleOffset);
2174	VerifyObjectField(isolate, kICUFormatterOffset);
2175	VerifyObjectField(isolate, kFlagsOffset);
2176	}
2177
2178	void JSLocale::JSLocaleVerify(Isolate* isolate) {
2179	JSObjectVerify(isolate);
2180	VerifyObjectField(isolate, kICULocaleOffset);
2181	}
2182
2183	void JSNumberFormat::JSNumberFormatVerify(Isolate* isolate) {
2184	CHECK(IsJSNumberFormat());
2185	JSObjectVerify(isolate);
2186	VerifyObjectField(isolate, kLocaleOffset);
2187	VerifyObjectField(isolate, kICUNumberFormatOffset);
2188	VerifyObjectField(isolate, kBoundFormatOffset);
2189	VerifyObjectField(isolate, kFlagsOffset);
2190	}
2191
2192	void JSPluralRules::JSPluralRulesVerify(Isolate* isolate) {
2193	CHECK(IsJSPluralRules());
2194	JSObjectVerify(isolate);
2195	VerifyObjectField(isolate, kLocaleOffset);
2196	VerifyObjectField(isolate, kFlagsOffset);
2197	VerifyObjectField(isolate, kICUPluralRulesOffset);
2198	VerifyObjectField(isolate, kICUDecimalFormatOffset);
2199	}
2200
2201	void JSRelativeTimeFormat::JSRelativeTimeFormatVerify(Isolate* isolate) {
2202	JSObjectVerify(isolate);
2203	VerifyObjectField(isolate, kLocaleOffset);
2204	VerifyObjectField(isolate, kICUFormatterOffset);
2205	VerifyObjectField(isolate, kFlagsOffset);
2206	}
2207
2208	void JSSegmentIterator::JSSegmentIteratorVerify(Isolate* isolate) {
2209	JSObjectVerify(isolate);
2210	VerifyObjectField(isolate, kICUBreakIteratorOffset);
2211	VerifyObjectField(isolate, kUnicodeStringOffset);
2212	VerifyObjectField(isolate, kFlagsOffset);
2213	}
2214
2215	void JSSegmenter::JSSegmenterVerify(Isolate* isolate) {
2216	JSObjectVerify(isolate);
2217	VerifyObjectField(isolate, kLocaleOffset);
2218	VerifyObjectField(isolate, kICUBreakIteratorOffset);
2219	VerifyObjectField(isolate, kFlagsOffset);
2220	}
2221	#endif // V8_INTL_SUPPORT
2222
2223	#endif // VERIFY_HEAP
2224
2225	#ifdef DEBUG
2226
2227	void JSObject::IncrementSpillStatistics(Isolate* isolate,
2228	SpillInformation* info) {
2229	info->number_of_objects_++;
2230	// Named properties
2231	if (HasFastProperties()) {
2232	info->number_of_objects_with_fast_properties_++;
2233	info->number_of_fast_used_fields_ += map()->NextFreePropertyIndex();
2234	info->number_of_fast_unused_fields_ += map()->UnusedPropertyFields();
2235	} else if (IsJSGlobalObject()) {
2236	GlobalDictionary dict = JSGlobalObject::cast(*this)->global_dictionary();
2237	info->number_of_slow_used_properties_ += dict ->NumberOfElements();
2238	info->number_of_slow_unused_properties_ +=
2239	dict ->Capacity() - dict ->NumberOfElements();
2240	} else {
2241	NameDictionary dict = property_dictionary();
2242	info->number_of_slow_used_properties_ += dict ->NumberOfElements();
2243	info->number_of_slow_unused_properties_ +=
2244	dict ->Capacity() - dict ->NumberOfElements();
2245	}
2246	// Indexed properties
2247	switch (GetElementsKind()) {
2248	case HOLEY_SMI_ELEMENTS:
2249	case PACKED_SMI_ELEMENTS:
2250	case HOLEY_DOUBLE_ELEMENTS:
2251	case PACKED_DOUBLE_ELEMENTS:
2252	case HOLEY_ELEMENTS:
2253	case PACKED_ELEMENTS:
2254	case PACKED_FROZEN_ELEMENTS:
2255	case PACKED_SEALED_ELEMENTS:
2256	case FAST_STRING_WRAPPER_ELEMENTS: {
2257	info->number_of_objects_with_fast_elements_++;
2258	int holes = `0`;
2259	FixedArray e = FixedArray::cast(elements());
2260	int len = e ->length();
2261	for (int i = `0`; i < len; i++) {
2262	if (e ->get(i)->IsTheHole(isolate)) holes++;
2263	}
2264	info->number_of_fast_used_elements_ += len - holes;
2265	info->number_of_fast_unused_elements_ += holes;
2266	break;
2267	}
2268
2269	#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype) case TYPE##_ELEMENTS:
2270
2271	TYPED_ARRAYS(TYPED_ARRAY_CASE)
2272	#undef TYPED_ARRAY_CASE
2273	{
2274	info->number_of_objects_with_fast_elements_++;
2275	FixedArrayBase e = FixedArrayBase::cast(elements());
2276	info->number_of_fast_used_elements_ += e ->length();
2277	break;
2278	}
2279	case DICTIONARY_ELEMENTS:
2280	case SLOW_STRING_WRAPPER_ELEMENTS: {
2281	NumberDictionary dict = element_dictionary();
2282	info->number_of_slow_used_elements_ += dict ->NumberOfElements();
2283	info->number_of_slow_unused_elements_ +=
2284	dict ->Capacity() - dict ->NumberOfElements();
2285	break;
2286	}
2287	case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
2288	case SLOW_SLOPPY_ARGUMENTS_ELEMENTS:
2289	case NO_ELEMENTS:
2290	break;
2291	}
2292	}
2293
2294
2295	void JSObject::SpillInformation::Clear() {
2296	number_of_objects_ = `0`;
2297	number_of_objects_with_fast_properties_ = `0`;
2298	number_of_objects_with_fast_elements_ = `0`;
2299	number_of_fast_used_fields_ = `0`;
2300	number_of_fast_unused_fields_ = `0`;
2301	number_of_slow_used_properties_ = `0`;
2302	number_of_slow_unused_properties_ = `0`;
2303	number_of_fast_used_elements_ = `0`;
2304	number_of_fast_unused_elements_ = `0`;
2305	number_of_slow_used_elements_ = `0`;
2306	number_of_slow_unused_elements_ = `0`;
2307	}
2308
2309
2310	void JSObject::SpillInformation::Print() {
2311	PrintF("\n JSObject Spill Statistics (#%d):\n", number_of_objects_);
2312
2313	PrintF(" - fast properties (#%d): %d (used) %d (unused)\n",
2314	number_of_objects_with_fast_properties_,
2315	number_of_fast_used_fields_, number_of_fast_unused_fields_);
2316
2317	PrintF(" - slow properties (#%d): %d (used) %d (unused)\n",
2318	number_of_objects_ - number_of_objects_with_fast_properties_,
2319	number_of_slow_used_properties_, number_of_slow_unused_properties_);
2320
2321	PrintF(" - fast elements (#%d): %d (used) %d (unused)\n",
2322	number_of_objects_with_fast_elements_,
2323	number_of_fast_used_elements_, number_of_fast_unused_elements_);
2324
2325	PrintF(" - slow elements (#%d): %d (used) %d (unused)\n",
2326	number_of_objects_ - number_of_objects_with_fast_elements_,
2327	number_of_slow_used_elements_, number_of_slow_unused_elements_);
2328
2329	PrintF("\n");
2330	}
2331
2332	bool DescriptorArray::IsSortedNoDuplicates(int valid_entries) {
2333	if (valid_entries == -`1`) valid_entries = number_of_descriptors();
2334	Name current_key;
2335	uint32_t current = `0`;
2336	for (int i = `0`; i < number_of_descriptors(); i++) {
2337	Name key = GetSortedKey(i);
2338	if (key == current_key) {
2339	Print();
2340	return false;
2341	}
2342	current_key = key;
2343	uint32_t hash = GetSortedKey(i)->Hash();
2344	if (hash < current) {
2345	Print();
2346	return false;
2347	}
2348	current = hash;
2349	}
2350	return true;
2351	}
2352
2353	bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
2354	DCHECK_EQ(valid_entries, -`1`);
2355	Name prev_key;
2356	PropertyKind prev_kind = kData;
2357	PropertyAttributes prev_attributes = NONE;
2358	uint32_t prev_hash = `0`;
2359
2360	for (int i = `0`; i < number_of_transitions(); i++) {
2361	Name key = GetSortedKey(i);
2362	uint32_t hash = key ->Hash();
2363	PropertyKind kind = kData;
2364	PropertyAttributes attributes = NONE;
2365	if (!TransitionsAccessor::IsSpecialTransition(key ->GetReadOnlyRoots(),
2366	key)) {
2367	Map target = GetTarget(i);
2368	PropertyDetails details =
2369	TransitionsAccessor::GetTargetDetails(key, target);
2370	kind = details.kind();
2371	attributes = details.attributes();
2372	} else {
2373	// Duplicate entries are not allowed for non-property transitions.
2374	DCHECK_NE(prev_key, key);
2375	}
2376
2377	int cmp = CompareKeys(prev_key, prev_hash, prev_kind, prev_attributes, key,
2378	hash, kind, attributes);
2379	if (cmp >= `0`) {
2380	Print();
2381	return false;
2382	}
2383	prev_key = key;
2384	prev_hash = hash;
2385	prev_attributes = attributes;
2386	prev_kind = kind;
2387	}
2388	return true;
2389	}
2390
2391	bool TransitionsAccessor::IsSortedNoDuplicates() {
2392	// Simple and non-existent transitions are always sorted.
2393	if (encoding() != kFullTransitionArray) return true;
2394	return transitions()->IsSortedNoDuplicates();
2395	}
2396
2397	static bool CheckOneBackPointer(Map current_map, Object target) {
2398	return !target ->IsMap() \|\| Map::cast(target)->GetBackPointer() == current_map;
2399	}
2400
2401	bool TransitionsAccessor::IsConsistentWithBackPointers() {
2402	int num_transitions = NumberOfTransitions();
2403	for (int i = `0`; i < num_transitions; i++) {
2404	Map target = GetTarget(i);
2405	if (!CheckOneBackPointer(map_, target)) return false;
2406	}
2407	return true;
2408	}
2409
2410	#endif // DEBUG
2411
2412	} // namespace internal
2413	} // namespace v8
2414

Browse the source code of v8/src/objects-debug.cc