diff options
Diffstat (limited to 'chromium/v8/src/objects-debug.cc')
| -rw-r--r-- | chromium/v8/src/objects-debug.cc | 49 |
1 files changed, 32 insertions, 17 deletions
diff --git a/chromium/v8/src/objects-debug.cc b/chromium/v8/src/objects-debug.cc index 5d9e161a7e5..ed93e1dc9e1 100644 --- a/chromium/v8/src/objects-debug.cc +++ b/chromium/v8/src/objects-debug.cc @@ -95,6 +95,9 @@ void HeapObject::HeapObjectVerify() { case FIXED_DOUBLE_ARRAY_TYPE: FixedDoubleArray::cast(this)->FixedDoubleArrayVerify(); break; + case CONSTANT_POOL_ARRAY_TYPE: + ConstantPoolArray::cast(this)->ConstantPoolArrayVerify(); + break; case BYTE_ARRAY_TYPE: ByteArray::cast(this)->ByteArrayVerify(); break; @@ -240,6 +243,7 @@ void Symbol::SymbolVerify() { CHECK(HasHashCode()); CHECK_GT(Hash(), 0); CHECK(name()->IsUndefined() || name()->IsString()); + CHECK(flags()->IsSmi()); } @@ -303,6 +307,13 @@ void ExternalDoubleArray::ExternalDoubleArrayVerify() { } +bool JSObject::ElementsAreSafeToExamine() { + return (FLAG_use_gvn && FLAG_use_allocation_folding) || + reinterpret_cast<Map*>(elements()) != + GetHeap()->one_pointer_filler_map(); +} + + void JSObject::JSObjectVerify() { VerifyHeapPointer(properties()); VerifyHeapPointer(elements()); @@ -330,10 +341,9 @@ void JSObject::JSObjectVerify() { } } - // TODO(hpayer): deal gracefully with partially constructed JSObjects, when - // allocation folding is turned off. - if (reinterpret_cast<Map*>(elements()) != - GetHeap()->one_pointer_filler_map()) { + // If a GC was caused while constructing this object, the elements + // pointer may point to a one pointer filler map. + if (ElementsAreSafeToExamine()) { CHECK_EQ((map()->has_fast_smi_or_object_elements() || (elements() == GetHeap()->empty_fixed_array())), (elements()->map() == GetHeap()->fixed_array_map() || @@ -357,9 +367,6 @@ void Map::MapVerify() { SLOW_ASSERT(transitions()->IsSortedNoDuplicates()); SLOW_ASSERT(transitions()->IsConsistentWithBackPointers(this)); } - ASSERT(!is_observed() || instance_type() < FIRST_JS_OBJECT_TYPE || - instance_type() > LAST_JS_OBJECT_TYPE || - has_slow_elements_kind() || has_external_array_elements()); } @@ -438,6 +445,11 @@ void FixedDoubleArray::FixedDoubleArrayVerify() { } +void ConstantPoolArray::ConstantPoolArrayVerify() { + CHECK(IsConstantPoolArray()); +} + + void JSGeneratorObject::JSGeneratorObjectVerify() { // In an expression like "new g()", there can be a point where a generator // object is allocated but its fields are all undefined, as it hasn't yet been @@ -664,16 +676,20 @@ void Code::CodeVerify() { } -void Code::VerifyEmbeddedMapsDependency() { +void Code::VerifyEmbeddedObjectsDependency() { int mode_mask = RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT); for (RelocIterator it(this, mode_mask); !it.done(); it.next()) { - RelocInfo::Mode mode = it.rinfo()->rmode(); - if (mode == RelocInfo::EMBEDDED_OBJECT && - it.rinfo()->target_object()->IsMap()) { - Map* map = Map::cast(it.rinfo()->target_object()); - if (map->CanTransition()) { + Object* obj = it.rinfo()->target_object(); + if (IsWeakEmbeddedObject(kind(), obj)) { + if (obj->IsMap()) { + Map* map = Map::cast(obj); CHECK(map->dependent_code()->Contains( DependentCode::kWeaklyEmbeddedGroup, this)); + } else if (obj->IsJSObject()) { + Object* raw_table = GetIsolate()->heap()->weak_object_to_code_table(); + WeakHashTable* table = WeakHashTable::cast(raw_table); + CHECK(DependentCode::cast(table->Lookup(obj))->Contains( + DependentCode::kWeaklyEmbeddedGroup, this)); } } } @@ -683,10 +699,9 @@ void Code::VerifyEmbeddedMapsDependency() { void JSArray::JSArrayVerify() { JSObjectVerify(); CHECK(length()->IsNumber() || length()->IsUndefined()); - // TODO(hpayer): deal gracefully with partially constructed JSObjects, when - // allocation folding is turned off. - if (reinterpret_cast<Map*>(elements()) != - GetHeap()->one_pointer_filler_map()) { + // If a GC was caused while constructing this array, the elements + // pointer may point to a one pointer filler map. + if (ElementsAreSafeToExamine()) { CHECK(elements()->IsUndefined() || elements()->IsFixedArray() || elements()->IsFixedDoubleArray()); |