Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(93)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: src/objects-inl.h

Issue 2126613002: making heap verification more aggressive (Closed) Base URL: https://chromium.googlesource.com/v8/v8.git@master
Patch Set: adding additional validation Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « src/objects-debug.cc ('k') | src/runtime/runtime-literals.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: src/objects-inl.h
diff --git a/src/objects-inl.h b/src/objects-inl.h
index 4bf439095ebac474606f265bef9c5d87942ceacd..430cb0f44282fa2fc819474af3ba13cafa9d8045 100644
--- a/src/objects-inl.h
+++ b/src/objects-inl.h
@@ -796,6 +796,7 @@ TYPE_CHECKER(Cell, CELL_TYPE)
TYPE_CHECKER(PropertyCell, PROPERTY_CELL_TYPE)
TYPE_CHECKER(WeakCell, WEAK_CELL_TYPE)
TYPE_CHECKER(SharedFunctionInfo, SHARED_FUNCTION_INFO_TYPE)
+TYPE_CHECKER(JSArgumentsObject, JS_ARGUMENTS_TYPE)
TYPE_CHECKER(JSDate, JS_DATE_TYPE)
TYPE_CHECKER(JSError, JS_ERROR_TYPE)
TYPE_CHECKER(JSGeneratorObject, JS_GENERATOR_OBJECT_TYPE)
@@ -2355,8 +2356,8 @@ void FixedArray::set(int index, Object* value) {
double FixedDoubleArray::get_scalar(int index) {
- DCHECK(map() != GetHeap()->fixed_cow_array_map() &&
- map() != GetHeap()->fixed_array_map());
+ DCHECK_NE(GetHeap()->fixed_cow_array_map(), map());
+ DCHECK_NE(GetHeap()->fixed_array_map(), map());
DCHECK(index >= 0 && index < this->length());
DCHECK(!is_the_hole(index));
return READ_DOUBLE_FIELD(this, kHeaderSize + index * kDoubleSize);
@@ -2364,8 +2365,8 @@ double FixedDoubleArray::get_scalar(int index) {
uint64_t FixedDoubleArray::get_representation(int index) {
- DCHECK(map() != GetHeap()->fixed_cow_array_map() &&
- map() != GetHeap()->fixed_array_map());
+ DCHECK_NE(GetHeap()->fixed_cow_array_map(), map());
+ DCHECK_NE(GetHeap()->fixed_array_map(), map());
DCHECK(index >= 0 && index < this->length());
int offset = kHeaderSize + index * kDoubleSize;
return READ_UINT64_FIELD(this, offset);
@@ -3207,6 +3208,7 @@ CAST_ACCESSOR(HeapObject)
CAST_ACCESSOR(Int16x8)
CAST_ACCESSOR(Int32x4)
CAST_ACCESSOR(Int8x16)
+CAST_ACCESSOR(JSArgumentsObject)
CAST_ACCESSOR(JSArray)
CAST_ACCESSOR(JSArrayBuffer)
CAST_ACCESSOR(JSArrayBufferView)
@@ -6868,30 +6870,6 @@ void JSRegExp::SetDataAt(int index, Object* value) {
ElementsKind JSObject::GetElementsKind() {
ElementsKind kind = map()->elements_kind();
-#if VERIFY_HEAP && DEBUG
- FixedArrayBase* fixed_array =
- reinterpret_cast<FixedArrayBase*>(READ_FIELD(this, kElementsOffset));
-
- // If a GC was caused while constructing this object, the elements
- // pointer may point to a one pointer filler map.
- if (ElementsAreSafeToExamine()) {
- Map* map = fixed_array->map();
- if (IsFastSmiOrObjectElementsKind(kind)) {
- DCHECK(map == GetHeap()->fixed_array_map() ||
- map == GetHeap()->fixed_cow_array_map());
- } else if (IsFastDoubleElementsKind(kind)) {
- DCHECK(fixed_array->IsFixedDoubleArray() ||
- fixed_array == GetHeap()->empty_fixed_array());
- } else if (kind == DICTIONARY_ELEMENTS) {
- DCHECK(fixed_array->IsFixedArray());
- DCHECK(fixed_array->IsDictionary());
- } else {
- DCHECK(kind > DICTIONARY_ELEMENTS);
- }
- DCHECK(!IsSloppyArgumentsElements(kind) ||
- (elements()->IsFixedArray() && elements()->length() >= 2));
- }
-#endif
return kind;
}
« no previous file with comments | « src/objects-debug.cc ('k') | src/runtime/runtime-literals.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698