1 // Copyright 2012 the V8 project authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "src/disasm.h"
8 #include "src/disassembler.h"
9 #include "src/heap/objects-visiting.h"
10 #include "src/jsregexp.h"
11 #include "src/macro-assembler.h"
12 #include "src/ostreams.h"
19 void Object::ObjectVerify() {
21 Smi::cast(this)->SmiVerify();
23 HeapObject::cast(this)->HeapObjectVerify();
28 void Object::VerifyPointer(Object* p) {
29 if (p->IsHeapObject()) {
30 HeapObject::VerifyHeapPointer(p);
37 void Smi::SmiVerify() {
42 void HeapObject::HeapObjectVerify() {
43 InstanceType instance_type = map()->instance_type();
45 if (instance_type < FIRST_NONSTRING_TYPE) {
46 String::cast(this)->StringVerify();
50 switch (instance_type) {
52 Symbol::cast(this)->SymbolVerify();
55 Map::cast(this)->MapVerify();
57 case HEAP_NUMBER_TYPE:
58 case MUTABLE_HEAP_NUMBER_TYPE:
59 HeapNumber::cast(this)->HeapNumberVerify();
62 Float32x4::cast(this)->Float32x4Verify();
64 case FIXED_ARRAY_TYPE:
65 FixedArray::cast(this)->FixedArrayVerify();
67 case FIXED_DOUBLE_ARRAY_TYPE:
68 FixedDoubleArray::cast(this)->FixedDoubleArrayVerify();
71 ByteArray::cast(this)->ByteArrayVerify();
73 case BYTECODE_ARRAY_TYPE:
74 BytecodeArray::cast(this)->BytecodeArrayVerify();
77 FreeSpace::cast(this)->FreeSpaceVerify();
80 #define VERIFY_TYPED_ARRAY(Type, type, TYPE, ctype, size) \
81 case EXTERNAL_##TYPE##_ARRAY_TYPE: \
82 External##Type##Array::cast(this)->External##Type##ArrayVerify(); \
84 case FIXED_##TYPE##_ARRAY_TYPE: \
85 Fixed##Type##Array::cast(this)->FixedTypedArrayVerify(); \
88 TYPED_ARRAYS(VERIFY_TYPED_ARRAY)
89 #undef VERIFY_TYPED_ARRAY
92 Code::cast(this)->CodeVerify();
95 Oddball::cast(this)->OddballVerify();
98 case JS_CONTEXT_EXTENSION_OBJECT_TYPE:
99 JSObject::cast(this)->JSObjectVerify();
101 case JS_GENERATOR_OBJECT_TYPE:
102 JSGeneratorObject::cast(this)->JSGeneratorObjectVerify();
105 JSModule::cast(this)->JSModuleVerify();
108 JSValue::cast(this)->JSValueVerify();
111 JSDate::cast(this)->JSDateVerify();
113 case JS_FUNCTION_TYPE:
114 JSFunction::cast(this)->JSFunctionVerify();
116 case JS_GLOBAL_PROXY_TYPE:
117 JSGlobalProxy::cast(this)->JSGlobalProxyVerify();
119 case JS_GLOBAL_OBJECT_TYPE:
120 JSGlobalObject::cast(this)->JSGlobalObjectVerify();
122 case JS_BUILTINS_OBJECT_TYPE:
123 JSBuiltinsObject::cast(this)->JSBuiltinsObjectVerify();
126 Cell::cast(this)->CellVerify();
128 case PROPERTY_CELL_TYPE:
129 PropertyCell::cast(this)->PropertyCellVerify();
132 WeakCell::cast(this)->WeakCellVerify();
135 JSArray::cast(this)->JSArrayVerify();
138 JSSet::cast(this)->JSSetVerify();
141 JSMap::cast(this)->JSMapVerify();
143 case JS_SET_ITERATOR_TYPE:
144 JSSetIterator::cast(this)->JSSetIteratorVerify();
146 case JS_MAP_ITERATOR_TYPE:
147 JSMapIterator::cast(this)->JSMapIteratorVerify();
149 case JS_WEAK_MAP_TYPE:
150 JSWeakMap::cast(this)->JSWeakMapVerify();
152 case JS_WEAK_SET_TYPE:
153 JSWeakSet::cast(this)->JSWeakSetVerify();
156 JSRegExp::cast(this)->JSRegExpVerify();
161 JSProxy::cast(this)->JSProxyVerify();
163 case JS_FUNCTION_PROXY_TYPE:
164 JSFunctionProxy::cast(this)->JSFunctionProxyVerify();
167 Foreign::cast(this)->ForeignVerify();
169 case SHARED_FUNCTION_INFO_TYPE:
170 SharedFunctionInfo::cast(this)->SharedFunctionInfoVerify();
172 case JS_MESSAGE_OBJECT_TYPE:
173 JSMessageObject::cast(this)->JSMessageObjectVerify();
175 case JS_ARRAY_BUFFER_TYPE:
176 JSArrayBuffer::cast(this)->JSArrayBufferVerify();
178 case JS_TYPED_ARRAY_TYPE:
179 JSTypedArray::cast(this)->JSTypedArrayVerify();
181 case JS_DATA_VIEW_TYPE:
182 JSDataView::cast(this)->JSDataViewVerify();
185 #define MAKE_STRUCT_CASE(NAME, Name, name) \
187 Name::cast(this)->Name##Verify(); \
189 STRUCT_LIST(MAKE_STRUCT_CASE)
190 #undef MAKE_STRUCT_CASE
199 void HeapObject::VerifyHeapPointer(Object* p) {
200 CHECK(p->IsHeapObject());
201 HeapObject* ho = HeapObject::cast(p);
202 CHECK(ho->GetHeap()->Contains(ho));
206 void Symbol::SymbolVerify() {
208 CHECK(HasHashCode());
209 CHECK_GT(Hash(), 0u);
210 CHECK(name()->IsUndefined() || name()->IsString());
211 CHECK(flags()->IsSmi());
215 void HeapNumber::HeapNumberVerify() {
216 CHECK(IsHeapNumber() || IsMutableHeapNumber());
220 void Float32x4::Float32x4Verify() { CHECK(IsFloat32x4()); }
223 void ByteArray::ByteArrayVerify() {
224 CHECK(IsByteArray());
228 void BytecodeArray::BytecodeArrayVerify() {
229 // TODO(oth): Walk bytecodes and immediate values to validate sanity.
230 CHECK(IsBytecodeArray());
234 void FreeSpace::FreeSpaceVerify() {
235 CHECK(IsFreeSpace());
239 #define EXTERNAL_ARRAY_VERIFY(Type, type, TYPE, ctype, size) \
240 void External##Type##Array::External##Type##ArrayVerify() { \
241 CHECK(IsExternal##Type##Array()); \
244 TYPED_ARRAYS(EXTERNAL_ARRAY_VERIFY)
245 #undef EXTERNAL_ARRAY_VERIFY
248 template <class Traits>
249 void FixedTypedArray<Traits>::FixedTypedArrayVerify() {
250 CHECK(IsHeapObject() &&
251 HeapObject::cast(this)->map()->instance_type() ==
252 Traits::kInstanceType);
253 CHECK(base_pointer() == this);
257 bool JSObject::ElementsAreSafeToExamine() {
258 // If a GC was caused while constructing this object, the elements
259 // pointer may point to a one pointer filler map.
260 return reinterpret_cast<Map*>(elements()) !=
261 GetHeap()->one_pointer_filler_map();
265 void JSObject::JSObjectVerify() {
266 VerifyHeapPointer(properties());
267 VerifyHeapPointer(elements());
269 if (HasSloppyArgumentsElements()) {
270 CHECK(this->elements()->IsFixedArray());
271 CHECK_GE(this->elements()->length(), 2);
274 if (HasFastProperties()) {
275 int actual_unused_property_fields = map()->inobject_properties() +
276 properties()->length() -
277 map()->NextFreePropertyIndex();
278 if (map()->unused_property_fields() != actual_unused_property_fields) {
279 // This could actually happen in the middle of StoreTransitionStub
280 // when the new extended backing store is already set into the object and
281 // the allocation of the MutableHeapNumber triggers GC (in this case map
282 // is not updated yet).
283 CHECK_EQ(map()->unused_property_fields(),
284 actual_unused_property_fields - JSObject::kFieldsAdded);
286 DescriptorArray* descriptors = map()->instance_descriptors();
287 for (int i = 0; i < map()->NumberOfOwnDescriptors(); i++) {
288 if (descriptors->GetDetails(i).type() == DATA) {
289 Representation r = descriptors->GetDetails(i).representation();
290 FieldIndex index = FieldIndex::ForDescriptor(map(), i);
291 if (IsUnboxedDoubleField(index)) {
292 DCHECK(r.IsDouble());
295 Object* value = RawFastPropertyAt(index);
296 if (r.IsDouble()) DCHECK(value->IsMutableHeapNumber());
297 if (value->IsUninitialized()) continue;
298 if (r.IsSmi()) DCHECK(value->IsSmi());
299 if (r.IsHeapObject()) DCHECK(value->IsHeapObject());
300 HeapType* field_type = descriptors->GetFieldType(i);
301 bool type_is_none = field_type->Is(HeapType::None());
302 bool type_is_any = HeapType::Any()->Is(field_type);
305 } else if (!type_is_any && !(type_is_none && r.IsHeapObject())) {
306 CHECK(!field_type->NowStable() || field_type->NowContains(value));
312 // If a GC was caused while constructing this object, the elements
313 // pointer may point to a one pointer filler map.
314 if (ElementsAreSafeToExamine()) {
315 CHECK_EQ((map()->has_fast_smi_or_object_elements() ||
316 (elements() == GetHeap()->empty_fixed_array())),
317 (elements()->map() == GetHeap()->fixed_array_map() ||
318 elements()->map() == GetHeap()->fixed_cow_array_map()));
319 CHECK(map()->has_fast_object_elements() == HasFastObjectElements());
324 void Map::MapVerify() {
325 Heap* heap = GetHeap();
326 CHECK(!heap->InNewSpace(this));
327 CHECK(FIRST_TYPE <= instance_type() && instance_type() <= LAST_TYPE);
328 CHECK(instance_size() == kVariableSizeSentinel ||
329 (kPointerSize <= instance_size() &&
330 instance_size() < heap->Capacity()));
331 VerifyHeapPointer(prototype());
332 VerifyHeapPointer(instance_descriptors());
333 SLOW_DCHECK(instance_descriptors()->IsSortedNoDuplicates());
334 SLOW_DCHECK(TransitionArray::IsSortedNoDuplicates(this));
335 SLOW_DCHECK(TransitionArray::IsConsistentWithBackPointers(this));
336 // TODO(ishell): turn it back to SLOW_DCHECK.
337 CHECK(!FLAG_unbox_double_fields ||
338 layout_descriptor()->IsConsistentWithMap(this));
342 void Map::DictionaryMapVerify() {
344 CHECK(is_dictionary_map());
345 CHECK(instance_descriptors()->IsEmpty());
346 CHECK_EQ(0, unused_property_fields());
347 CHECK_EQ(StaticVisitorBase::GetVisitorId(this), visitor_id());
351 void Map::VerifyOmittedMapChecks() {
352 if (!FLAG_omit_map_checks_for_leaf_maps) return;
355 is_dictionary_map()) {
356 CHECK_EQ(0, dependent_code()->number_of_entries(
357 DependentCode::kPrototypeCheckGroup));
362 void CodeCache::CodeCacheVerify() {
363 VerifyHeapPointer(default_cache());
364 VerifyHeapPointer(normal_type_cache());
365 CHECK(default_cache()->IsFixedArray());
366 CHECK(normal_type_cache()->IsUndefined()
367 || normal_type_cache()->IsCodeCacheHashTable());
371 void PolymorphicCodeCache::PolymorphicCodeCacheVerify() {
372 VerifyHeapPointer(cache());
373 CHECK(cache()->IsUndefined() || cache()->IsPolymorphicCodeCacheHashTable());
377 void TypeFeedbackInfo::TypeFeedbackInfoVerify() {
378 VerifyObjectField(kStorage1Offset);
379 VerifyObjectField(kStorage2Offset);
380 VerifyObjectField(kStorage3Offset);
384 void AliasedArgumentsEntry::AliasedArgumentsEntryVerify() {
385 VerifySmiField(kAliasedContextSlot);
389 void FixedArray::FixedArrayVerify() {
390 for (int i = 0; i < length(); i++) {
397 void FixedDoubleArray::FixedDoubleArrayVerify() {
398 for (int i = 0; i < length(); i++) {
399 if (!is_the_hole(i)) {
400 uint64_t value = get_representation(i);
401 uint64_t unexpected =
402 bit_cast<uint64_t>(std::numeric_limits<double>::quiet_NaN()) &
403 V8_UINT64_C(0x7FF8000000000000);
404 // Create implementation specific sNaN by inverting relevant bit.
405 unexpected ^= V8_UINT64_C(0x0008000000000000);
406 CHECK((value & V8_UINT64_C(0x7FF8000000000000)) != unexpected ||
407 (value & V8_UINT64_C(0x0007FFFFFFFFFFFF)) == V8_UINT64_C(0));
413 void JSGeneratorObject::JSGeneratorObjectVerify() {
414 // In an expression like "new g()", there can be a point where a generator
415 // object is allocated but its fields are all undefined, as it hasn't yet been
416 // initialized by the generator. Hence these weak checks.
417 VerifyObjectField(kFunctionOffset);
418 VerifyObjectField(kContextOffset);
419 VerifyObjectField(kReceiverOffset);
420 VerifyObjectField(kOperandStackOffset);
421 VerifyObjectField(kContinuationOffset);
425 void JSModule::JSModuleVerify() {
426 VerifyObjectField(kContextOffset);
427 VerifyObjectField(kScopeInfoOffset);
428 CHECK(context()->IsUndefined() ||
429 Context::cast(context())->IsModuleContext());
433 void JSValue::JSValueVerify() {
435 if (v->IsHeapObject()) {
436 VerifyHeapPointer(v);
441 void JSDate::JSDateVerify() {
442 if (value()->IsHeapObject()) {
443 VerifyHeapPointer(value());
445 CHECK(value()->IsUndefined() || value()->IsSmi() || value()->IsHeapNumber());
446 CHECK(year()->IsUndefined() || year()->IsSmi() || year()->IsNaN());
447 CHECK(month()->IsUndefined() || month()->IsSmi() || month()->IsNaN());
448 CHECK(day()->IsUndefined() || day()->IsSmi() || day()->IsNaN());
449 CHECK(weekday()->IsUndefined() || weekday()->IsSmi() || weekday()->IsNaN());
450 CHECK(hour()->IsUndefined() || hour()->IsSmi() || hour()->IsNaN());
451 CHECK(min()->IsUndefined() || min()->IsSmi() || min()->IsNaN());
452 CHECK(sec()->IsUndefined() || sec()->IsSmi() || sec()->IsNaN());
453 CHECK(cache_stamp()->IsUndefined() ||
454 cache_stamp()->IsSmi() ||
455 cache_stamp()->IsNaN());
457 if (month()->IsSmi()) {
458 int month = Smi::cast(this->month())->value();
459 CHECK(0 <= month && month <= 11);
461 if (day()->IsSmi()) {
462 int day = Smi::cast(this->day())->value();
463 CHECK(1 <= day && day <= 31);
465 if (hour()->IsSmi()) {
466 int hour = Smi::cast(this->hour())->value();
467 CHECK(0 <= hour && hour <= 23);
469 if (min()->IsSmi()) {
470 int min = Smi::cast(this->min())->value();
471 CHECK(0 <= min && min <= 59);
473 if (sec()->IsSmi()) {
474 int sec = Smi::cast(this->sec())->value();
475 CHECK(0 <= sec && sec <= 59);
477 if (weekday()->IsSmi()) {
478 int weekday = Smi::cast(this->weekday())->value();
479 CHECK(0 <= weekday && weekday <= 6);
481 if (cache_stamp()->IsSmi()) {
482 CHECK(Smi::cast(cache_stamp())->value() <=
483 Smi::cast(GetIsolate()->date_cache()->stamp())->value());
488 void JSMessageObject::JSMessageObjectVerify() {
489 CHECK(IsJSMessageObject());
490 VerifyObjectField(kStartPositionOffset);
491 VerifyObjectField(kEndPositionOffset);
492 VerifyObjectField(kArgumentsOffset);
493 VerifyObjectField(kScriptOffset);
494 VerifyObjectField(kStackFramesOffset);
498 void String::StringVerify() {
500 CHECK(length() >= 0 && length() <= Smi::kMaxValue);
501 if (IsInternalizedString()) {
502 CHECK(!GetHeap()->InNewSpace(this));
504 if (IsConsString()) {
505 ConsString::cast(this)->ConsStringVerify();
506 } else if (IsSlicedString()) {
507 SlicedString::cast(this)->SlicedStringVerify();
512 void ConsString::ConsStringVerify() {
513 CHECK(this->first()->IsString());
514 CHECK(this->second() == GetHeap()->empty_string() ||
515 this->second()->IsString());
516 CHECK(this->length() >= ConsString::kMinLength);
517 CHECK(this->length() == this->first()->length() + this->second()->length());
518 if (this->IsFlat()) {
519 // A flat cons can only be created by String::SlowTryFlatten.
520 // Afterwards, the first part may be externalized.
521 CHECK(this->first()->IsSeqString() || this->first()->IsExternalString());
526 void SlicedString::SlicedStringVerify() {
527 CHECK(!this->parent()->IsConsString());
528 CHECK(!this->parent()->IsSlicedString());
529 CHECK(this->length() >= SlicedString::kMinLength);
533 void JSFunction::JSFunctionVerify() {
534 CHECK(IsJSFunction());
535 VerifyObjectField(kPrototypeOrInitialMapOffset);
536 VerifyObjectField(kNextFunctionLinkOffset);
537 CHECK(code()->IsCode());
538 CHECK(next_function_link() == NULL ||
539 next_function_link()->IsUndefined() ||
540 next_function_link()->IsJSFunction());
544 void SharedFunctionInfo::SharedFunctionInfoVerify() {
545 CHECK(IsSharedFunctionInfo());
546 VerifyObjectField(kNameOffset);
547 VerifyObjectField(kCodeOffset);
548 VerifyObjectField(kOptimizedCodeMapOffset);
549 VerifyObjectField(kFeedbackVectorOffset);
550 VerifyObjectField(kScopeInfoOffset);
551 VerifyObjectField(kInstanceClassNameOffset);
552 CHECK(function_data()->IsUndefined() || IsApiFunction() ||
553 HasBuiltinFunctionId() || HasBytecodeArray());
554 VerifyObjectField(kFunctionDataOffset);
555 VerifyObjectField(kScriptOffset);
556 VerifyObjectField(kDebugInfoOffset);
560 void JSGlobalProxy::JSGlobalProxyVerify() {
561 CHECK(IsJSGlobalProxy());
563 VerifyObjectField(JSGlobalProxy::kNativeContextOffset);
564 // Make sure that this object has no properties, elements.
565 CHECK_EQ(0, properties()->length());
566 CHECK_EQ(0, FixedArray::cast(elements())->length());
570 void JSGlobalObject::JSGlobalObjectVerify() {
571 CHECK(IsJSGlobalObject());
573 for (int i = GlobalObject::kBuiltinsOffset;
574 i < JSGlobalObject::kSize;
576 VerifyObjectField(i);
581 void JSBuiltinsObject::JSBuiltinsObjectVerify() {
582 CHECK(IsJSBuiltinsObject());
584 for (int i = GlobalObject::kBuiltinsOffset;
585 i < JSBuiltinsObject::kSize;
587 VerifyObjectField(i);
592 void Oddball::OddballVerify() {
594 Heap* heap = GetHeap();
595 VerifyHeapPointer(to_string());
596 Object* number = to_number();
597 if (number->IsHeapObject()) {
598 CHECK(number == heap->nan_value());
600 CHECK(number->IsSmi());
601 int value = Smi::cast(number)->value();
602 // Hidden oddballs have negative smis.
603 const int kLeastHiddenOddballNumber = -5;
605 CHECK(value >= kLeastHiddenOddballNumber);
607 if (map() == heap->undefined_map()) {
608 CHECK(this == heap->undefined_value());
609 } else if (map() == heap->the_hole_map()) {
610 CHECK(this == heap->the_hole_value());
611 } else if (map() == heap->null_map()) {
612 CHECK(this == heap->null_value());
613 } else if (map() == heap->boolean_map()) {
614 CHECK(this == heap->true_value() ||
615 this == heap->false_value());
616 } else if (map() == heap->uninitialized_map()) {
617 CHECK(this == heap->uninitialized_value());
618 } else if (map() == heap->no_interceptor_result_sentinel_map()) {
619 CHECK(this == heap->no_interceptor_result_sentinel());
620 } else if (map() == heap->arguments_marker_map()) {
621 CHECK(this == heap->arguments_marker());
622 } else if (map() == heap->termination_exception_map()) {
623 CHECK(this == heap->termination_exception());
624 } else if (map() == heap->exception_map()) {
625 CHECK(this == heap->exception());
632 void Cell::CellVerify() {
634 VerifyObjectField(kValueOffset);
638 void PropertyCell::PropertyCellVerify() {
639 CHECK(IsPropertyCell());
640 VerifyObjectField(kValueOffset);
644 void WeakCell::WeakCellVerify() {
646 VerifyObjectField(kValueOffset);
647 VerifyObjectField(kNextOffset);
651 void Code::CodeVerify() {
652 CHECK(IsAligned(reinterpret_cast<intptr_t>(instruction_start()),
654 relocation_info()->ObjectVerify();
655 Address last_gc_pc = NULL;
656 Isolate* isolate = GetIsolate();
657 for (RelocIterator it(this); !it.done(); it.next()) {
658 it.rinfo()->Verify(isolate);
659 // Ensure that GC will not iterate twice over the same pointer.
660 if (RelocInfo::IsGCRelocMode(it.rinfo()->rmode())) {
661 CHECK(it.rinfo()->pc() != last_gc_pc);
662 last_gc_pc = it.rinfo()->pc();
665 CHECK(raw_type_feedback_info() == Smi::FromInt(0) ||
666 raw_type_feedback_info()->IsSmi() == IsCodeStubOrIC());
670 void Code::VerifyEmbeddedObjectsDependency() {
671 if (!CanContainWeakObjects()) return;
672 WeakCell* cell = CachedWeakCell();
673 DisallowHeapAllocation no_gc;
674 Isolate* isolate = GetIsolate();
675 HandleScope scope(isolate);
676 int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT);
677 for (RelocIterator it(this, mode_mask); !it.done(); it.next()) {
678 Object* obj = it.rinfo()->target_object();
679 if (IsWeakObject(obj)) {
681 Map* map = Map::cast(obj);
682 CHECK(map->dependent_code()->Contains(DependentCode::kWeakCodeGroup,
684 } else if (obj->IsJSObject()) {
685 WeakHashTable* table =
686 GetIsolate()->heap()->weak_object_to_code_table();
687 Handle<HeapObject> key_obj(HeapObject::cast(obj), isolate);
688 CHECK(DependentCode::cast(table->Lookup(key_obj))
689 ->Contains(DependentCode::kWeakCodeGroup, cell));
696 void JSArray::JSArrayVerify() {
698 CHECK(length()->IsNumber() || length()->IsUndefined());
699 // If a GC was caused while constructing this array, the elements
700 // pointer may point to a one pointer filler map.
701 if (ElementsAreSafeToExamine()) {
702 CHECK(elements()->IsUndefined() ||
703 elements()->IsFixedArray() ||
704 elements()->IsFixedDoubleArray());
709 void JSSet::JSSetVerify() {
712 VerifyHeapPointer(table());
713 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
714 // TODO(arv): Verify OrderedHashTable too.
718 void JSMap::JSMapVerify() {
721 VerifyHeapPointer(table());
722 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
723 // TODO(arv): Verify OrderedHashTable too.
727 void JSSetIterator::JSSetIteratorVerify() {
728 CHECK(IsJSSetIterator());
730 VerifyHeapPointer(table());
731 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
732 CHECK(index()->IsSmi() || index()->IsUndefined());
733 CHECK(kind()->IsSmi() || kind()->IsUndefined());
737 void JSMapIterator::JSMapIteratorVerify() {
738 CHECK(IsJSMapIterator());
740 VerifyHeapPointer(table());
741 CHECK(table()->IsOrderedHashTable() || table()->IsUndefined());
742 CHECK(index()->IsSmi() || index()->IsUndefined());
743 CHECK(kind()->IsSmi() || kind()->IsUndefined());
747 void JSWeakMap::JSWeakMapVerify() {
748 CHECK(IsJSWeakMap());
750 VerifyHeapPointer(table());
751 CHECK(table()->IsHashTable() || table()->IsUndefined());
755 void JSWeakSet::JSWeakSetVerify() {
756 CHECK(IsJSWeakSet());
758 VerifyHeapPointer(table());
759 CHECK(table()->IsHashTable() || table()->IsUndefined());
763 void JSRegExp::JSRegExpVerify() {
765 CHECK(data()->IsUndefined() || data()->IsFixedArray());
767 case JSRegExp::ATOM: {
768 FixedArray* arr = FixedArray::cast(data());
769 CHECK(arr->get(JSRegExp::kAtomPatternIndex)->IsString());
772 case JSRegExp::IRREGEXP: {
773 bool is_native = RegExpImpl::UsesNativeRegExp();
775 FixedArray* arr = FixedArray::cast(data());
776 Object* one_byte_data = arr->get(JSRegExp::kIrregexpLatin1CodeIndex);
777 // Smi : Not compiled yet (-1) or code prepared for flushing.
778 // JSObject: Compilation error.
779 // Code/ByteArray: Compiled code.
781 one_byte_data->IsSmi() ||
782 (is_native ? one_byte_data->IsCode() : one_byte_data->IsByteArray()));
783 Object* uc16_data = arr->get(JSRegExp::kIrregexpUC16CodeIndex);
784 CHECK(uc16_data->IsSmi() ||
785 (is_native ? uc16_data->IsCode() : uc16_data->IsByteArray()));
787 Object* one_byte_saved =
788 arr->get(JSRegExp::kIrregexpLatin1CodeSavedIndex);
789 CHECK(one_byte_saved->IsSmi() || one_byte_saved->IsString() ||
790 one_byte_saved->IsCode());
791 Object* uc16_saved = arr->get(JSRegExp::kIrregexpUC16CodeSavedIndex);
792 CHECK(uc16_saved->IsSmi() || uc16_saved->IsString() ||
793 uc16_saved->IsCode());
795 CHECK(arr->get(JSRegExp::kIrregexpCaptureCountIndex)->IsSmi());
796 CHECK(arr->get(JSRegExp::kIrregexpMaxRegisterCountIndex)->IsSmi());
800 CHECK_EQ(JSRegExp::NOT_COMPILED, TypeTag());
801 CHECK(data()->IsUndefined());
807 void JSProxy::JSProxyVerify() {
809 VerifyPointer(handler());
810 CHECK(hash()->IsSmi() || hash()->IsUndefined());
814 void JSFunctionProxy::JSFunctionProxyVerify() {
815 CHECK(IsJSFunctionProxy());
817 VerifyPointer(call_trap());
818 VerifyPointer(construct_trap());
822 void JSArrayBuffer::JSArrayBufferVerify() {
823 CHECK(IsJSArrayBuffer());
825 VerifyPointer(byte_length());
826 CHECK(byte_length()->IsSmi() || byte_length()->IsHeapNumber()
827 || byte_length()->IsUndefined());
831 void JSArrayBufferView::JSArrayBufferViewVerify() {
832 CHECK(IsJSArrayBufferView());
834 VerifyPointer(buffer());
835 CHECK(buffer()->IsJSArrayBuffer() || buffer()->IsUndefined()
836 || buffer() == Smi::FromInt(0));
838 VerifyPointer(raw_byte_offset());
839 CHECK(raw_byte_offset()->IsSmi() || raw_byte_offset()->IsHeapNumber() ||
840 raw_byte_offset()->IsUndefined());
842 VerifyPointer(raw_byte_length());
843 CHECK(raw_byte_length()->IsSmi() || raw_byte_length()->IsHeapNumber() ||
844 raw_byte_length()->IsUndefined());
848 void JSTypedArray::JSTypedArrayVerify() {
849 CHECK(IsJSTypedArray());
850 JSArrayBufferViewVerify();
851 VerifyPointer(raw_length());
852 CHECK(raw_length()->IsSmi() || raw_length()->IsHeapNumber() ||
853 raw_length()->IsUndefined());
855 VerifyPointer(elements());
859 void JSDataView::JSDataViewVerify() {
860 CHECK(IsJSDataView());
861 JSArrayBufferViewVerify();
865 void Foreign::ForeignVerify() {
870 void Box::BoxVerify() {
872 value()->ObjectVerify();
876 void PrototypeInfo::PrototypeInfoVerify() {
877 CHECK(IsPrototypeInfo());
878 if (prototype_users()->IsWeakFixedArray()) {
879 WeakFixedArray::cast(prototype_users())->FixedArrayVerify();
881 CHECK(prototype_users()->IsSmi());
883 CHECK(validity_cell()->IsCell() || validity_cell()->IsSmi());
884 VerifyPointer(constructor_name());
888 void AccessorInfo::AccessorInfoVerify() {
889 VerifyPointer(name());
890 VerifyPointer(flag());
891 VerifyPointer(expected_receiver_type());
895 void ExecutableAccessorInfo::ExecutableAccessorInfoVerify() {
896 CHECK(IsExecutableAccessorInfo());
897 AccessorInfoVerify();
898 VerifyPointer(getter());
899 VerifyPointer(setter());
900 VerifyPointer(data());
904 void AccessorPair::AccessorPairVerify() {
905 CHECK(IsAccessorPair());
906 VerifyPointer(getter());
907 VerifyPointer(setter());
911 void AccessCheckInfo::AccessCheckInfoVerify() {
912 CHECK(IsAccessCheckInfo());
913 VerifyPointer(named_callback());
914 VerifyPointer(indexed_callback());
915 VerifyPointer(data());
919 void InterceptorInfo::InterceptorInfoVerify() {
920 CHECK(IsInterceptorInfo());
921 VerifyPointer(getter());
922 VerifyPointer(setter());
923 VerifyPointer(query());
924 VerifyPointer(deleter());
925 VerifyPointer(enumerator());
926 VerifyPointer(data());
927 VerifySmiField(kFlagsOffset);
931 void CallHandlerInfo::CallHandlerInfoVerify() {
932 CHECK(IsCallHandlerInfo());
933 VerifyPointer(callback());
934 VerifyPointer(data());
938 void TemplateInfo::TemplateInfoVerify() {
939 VerifyPointer(tag());
940 VerifyPointer(property_list());
941 VerifyPointer(property_accessors());
945 void FunctionTemplateInfo::FunctionTemplateInfoVerify() {
946 CHECK(IsFunctionTemplateInfo());
947 TemplateInfoVerify();
948 VerifyPointer(serial_number());
949 VerifyPointer(call_code());
950 VerifyPointer(prototype_template());
951 VerifyPointer(parent_template());
952 VerifyPointer(named_property_handler());
953 VerifyPointer(indexed_property_handler());
954 VerifyPointer(instance_template());
955 VerifyPointer(signature());
956 VerifyPointer(access_check_info());
960 void ObjectTemplateInfo::ObjectTemplateInfoVerify() {
961 CHECK(IsObjectTemplateInfo());
962 TemplateInfoVerify();
963 VerifyPointer(constructor());
964 VerifyPointer(internal_field_count());
968 void TypeSwitchInfo::TypeSwitchInfoVerify() {
969 CHECK(IsTypeSwitchInfo());
970 VerifyPointer(types());
974 void AllocationSite::AllocationSiteVerify() {
975 CHECK(IsAllocationSite());
979 void AllocationMemento::AllocationMementoVerify() {
980 CHECK(IsAllocationMemento());
981 VerifyHeapPointer(allocation_site());
982 CHECK(!IsValid() || GetAllocationSite()->IsAllocationSite());
986 void Script::ScriptVerify() {
988 VerifyPointer(source());
989 VerifyPointer(name());
990 line_offset()->SmiVerify();
991 column_offset()->SmiVerify();
992 VerifyPointer(wrapper());
994 VerifyPointer(line_ends());
999 void JSFunctionResultCache::JSFunctionResultCacheVerify() {
1000 JSFunction::cast(get(kFactoryIndex))->ObjectVerify();
1002 int size = Smi::cast(get(kCacheSizeIndex))->value();
1003 CHECK(kEntriesIndex <= size);
1004 CHECK(size <= length());
1005 CHECK_EQ(0, size % kEntrySize);
1007 int finger = Smi::cast(get(kFingerIndex))->value();
1008 CHECK(kEntriesIndex <= finger);
1009 CHECK((finger < size) || (finger == kEntriesIndex && finger == size));
1010 CHECK_EQ(0, finger % kEntrySize);
1012 if (FLAG_enable_slow_asserts) {
1013 for (int i = kEntriesIndex; i < size; i++) {
1014 CHECK(!get(i)->IsTheHole());
1015 get(i)->ObjectVerify();
1017 for (int i = size; i < length(); i++) {
1018 CHECK(get(i)->IsTheHole());
1019 get(i)->ObjectVerify();
1025 void NormalizedMapCache::NormalizedMapCacheVerify() {
1026 FixedArray::cast(this)->FixedArrayVerify();
1027 if (FLAG_enable_slow_asserts) {
1028 for (int i = 0; i < length(); i++) {
1029 Object* e = FixedArray::get(i);
1031 Map::cast(e)->DictionaryMapVerify();
1033 CHECK(e->IsUndefined());
1040 void DebugInfo::DebugInfoVerify() {
1041 CHECK(IsDebugInfo());
1042 VerifyPointer(shared());
1043 VerifyPointer(code());
1044 VerifyPointer(break_points());
1048 void BreakPointInfo::BreakPointInfoVerify() {
1049 CHECK(IsBreakPointInfo());
1050 code_position()->SmiVerify();
1051 source_position()->SmiVerify();
1052 statement_position()->SmiVerify();
1053 VerifyPointer(break_point_objects());
1055 #endif // VERIFY_HEAP
1059 void JSObject::IncrementSpillStatistics(SpillInformation* info) {
1060 info->number_of_objects_++;
1062 if (HasFastProperties()) {
1063 info->number_of_objects_with_fast_properties_++;
1064 info->number_of_fast_used_fields_ += map()->NextFreePropertyIndex();
1065 info->number_of_fast_unused_fields_ += map()->unused_property_fields();
1066 } else if (IsGlobalObject()) {
1067 GlobalDictionary* dict = global_dictionary();
1068 info->number_of_slow_used_properties_ += dict->NumberOfElements();
1069 info->number_of_slow_unused_properties_ +=
1070 dict->Capacity() - dict->NumberOfElements();
1072 NameDictionary* dict = property_dictionary();
1073 info->number_of_slow_used_properties_ += dict->NumberOfElements();
1074 info->number_of_slow_unused_properties_ +=
1075 dict->Capacity() - dict->NumberOfElements();
1077 // Indexed properties
1078 switch (GetElementsKind()) {
1079 case FAST_HOLEY_SMI_ELEMENTS:
1080 case FAST_SMI_ELEMENTS:
1081 case FAST_HOLEY_DOUBLE_ELEMENTS:
1082 case FAST_DOUBLE_ELEMENTS:
1083 case FAST_HOLEY_ELEMENTS:
1084 case FAST_ELEMENTS: {
1085 info->number_of_objects_with_fast_elements_++;
1087 FixedArray* e = FixedArray::cast(elements());
1088 int len = e->length();
1089 Heap* heap = GetHeap();
1090 for (int i = 0; i < len; i++) {
1091 if (e->get(i) == heap->the_hole_value()) holes++;
1093 info->number_of_fast_used_elements_ += len - holes;
1094 info->number_of_fast_unused_elements_ += holes;
1098 #define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
1099 case EXTERNAL_##TYPE##_ELEMENTS: \
1100 case TYPE##_ELEMENTS:
1102 TYPED_ARRAYS(TYPED_ARRAY_CASE)
1103 #undef TYPED_ARRAY_CASE
1104 { info->number_of_objects_with_fast_elements_++;
1105 FixedArrayBase* e = FixedArrayBase::cast(elements());
1106 info->number_of_fast_used_elements_ += e->length();
1109 case DICTIONARY_ELEMENTS: {
1110 SeededNumberDictionary* dict = element_dictionary();
1111 info->number_of_slow_used_elements_ += dict->NumberOfElements();
1112 info->number_of_slow_unused_elements_ +=
1113 dict->Capacity() - dict->NumberOfElements();
1116 case FAST_SLOPPY_ARGUMENTS_ELEMENTS:
1117 case SLOW_SLOPPY_ARGUMENTS_ELEMENTS:
1123 void JSObject::SpillInformation::Clear() {
1124 number_of_objects_ = 0;
1125 number_of_objects_with_fast_properties_ = 0;
1126 number_of_objects_with_fast_elements_ = 0;
1127 number_of_fast_used_fields_ = 0;
1128 number_of_fast_unused_fields_ = 0;
1129 number_of_slow_used_properties_ = 0;
1130 number_of_slow_unused_properties_ = 0;
1131 number_of_fast_used_elements_ = 0;
1132 number_of_fast_unused_elements_ = 0;
1133 number_of_slow_used_elements_ = 0;
1134 number_of_slow_unused_elements_ = 0;
1138 void JSObject::SpillInformation::Print() {
1139 PrintF("\n JSObject Spill Statistics (#%d):\n", number_of_objects_);
1141 PrintF(" - fast properties (#%d): %d (used) %d (unused)\n",
1142 number_of_objects_with_fast_properties_,
1143 number_of_fast_used_fields_, number_of_fast_unused_fields_);
1145 PrintF(" - slow properties (#%d): %d (used) %d (unused)\n",
1146 number_of_objects_ - number_of_objects_with_fast_properties_,
1147 number_of_slow_used_properties_, number_of_slow_unused_properties_);
1149 PrintF(" - fast elements (#%d): %d (used) %d (unused)\n",
1150 number_of_objects_with_fast_elements_,
1151 number_of_fast_used_elements_, number_of_fast_unused_elements_);
1153 PrintF(" - slow elements (#%d): %d (used) %d (unused)\n",
1154 number_of_objects_ - number_of_objects_with_fast_elements_,
1155 number_of_slow_used_elements_, number_of_slow_unused_elements_);
1161 bool DescriptorArray::IsSortedNoDuplicates(int valid_entries) {
1162 if (valid_entries == -1) valid_entries = number_of_descriptors();
1163 Name* current_key = NULL;
1164 uint32_t current = 0;
1165 for (int i = 0; i < number_of_descriptors(); i++) {
1166 Name* key = GetSortedKey(i);
1167 if (key == current_key) {
1172 uint32_t hash = GetSortedKey(i)->Hash();
1173 if (hash < current) {
1183 bool TransitionArray::IsSortedNoDuplicates(int valid_entries) {
1184 DCHECK(valid_entries == -1);
1185 Name* prev_key = NULL;
1186 PropertyKind prev_kind = kData;
1187 PropertyAttributes prev_attributes = NONE;
1188 uint32_t prev_hash = 0;
1189 for (int i = 0; i < number_of_transitions(); i++) {
1190 Name* key = GetSortedKey(i);
1191 uint32_t hash = key->Hash();
1192 PropertyKind kind = kData;
1193 PropertyAttributes attributes = NONE;
1194 if (!IsSpecialTransition(key)) {
1195 Map* target = GetTarget(i);
1196 PropertyDetails details = GetTargetDetails(key, target);
1197 kind = details.kind();
1198 attributes = details.attributes();
1200 // Duplicate entries are not allowed for non-property transitions.
1201 CHECK_NE(prev_key, key);
1204 int cmp = CompareKeys(prev_key, prev_hash, prev_kind, prev_attributes, key,
1205 hash, kind, attributes);
1212 prev_attributes = attributes;
1220 bool TransitionArray::IsSortedNoDuplicates(Map* map) {
1221 Object* raw_transitions = map->raw_transitions();
1222 if (IsFullTransitionArray(raw_transitions)) {
1223 return TransitionArray::cast(raw_transitions)->IsSortedNoDuplicates();
1225 // Simple and non-existent transitions are always sorted.
1230 static bool CheckOneBackPointer(Map* current_map, Object* target) {
1231 return !target->IsMap() || Map::cast(target)->GetBackPointer() == current_map;
1236 bool TransitionArray::IsConsistentWithBackPointers(Map* map) {
1237 Object* transitions = map->raw_transitions();
1238 for (int i = 0; i < TransitionArray::NumberOfTransitions(transitions); ++i) {
1239 Map* target = TransitionArray::GetTarget(transitions, i);
1240 if (!CheckOneBackPointer(map, target)) return false;
1246 // Estimates if there is a path from the object to a context.
1247 // This function is not precise, and can return false even if
1248 // there is a path to a context.
1249 bool CanLeak(Object* obj, Heap* heap, bool skip_weak_cell) {
1250 if (!obj->IsHeapObject()) return false;
1251 if (obj->IsWeakCell()) {
1252 if (skip_weak_cell) return false;
1253 return CanLeak(WeakCell::cast(obj)->value(), heap, skip_weak_cell);
1255 if (obj->IsCell()) {
1256 return CanLeak(Cell::cast(obj)->value(), heap, skip_weak_cell);
1258 if (obj->IsPropertyCell()) {
1259 return CanLeak(PropertyCell::cast(obj)->value(), heap, skip_weak_cell);
1261 if (obj->IsContext()) return true;
1263 Map* map = Map::cast(obj);
1264 for (int i = 0; i < Heap::kStrongRootListLength; i++) {
1265 if (map == heap->roots_array_start()[i]) return false;
1269 return CanLeak(HeapObject::cast(obj)->map(), heap, skip_weak_cell);
1273 void Code::VerifyEmbeddedObjects(VerifyMode mode) {
1274 if (kind() == OPTIMIZED_FUNCTION) return;
1275 Heap* heap = GetIsolate()->heap();
1276 int mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT) |
1277 RelocInfo::ModeMask(RelocInfo::CELL);
1278 bool skip_weak_cell = (mode == kNoContextSpecificPointers) ? false : true;
1279 for (RelocIterator it(this, mask); !it.done(); it.next()) {
1280 Object* target = it.rinfo()->rmode() == RelocInfo::CELL
1281 ? it.rinfo()->target_cell()
1282 : it.rinfo()->target_object();
1283 CHECK(!CanLeak(target, heap, skip_weak_cell));
1290 } // namespace internal
projects / platform / upstream / v8.git / blob