[stubs] Add more assertions in the CodeStubAssembler

src/code-stub-assembler.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "src/code-stub-assembler.h"
 #include "src/code-factory.h"
 #include "src/frames-inl.h"
 #include "src/frames.h"
 #include "src/ic/handler-configuration.h"
 #include "src/ic/stub-cache.h"
 
@@ skipping 995 matching lines @@
 }
 
 Node* CodeStubAssembler::LoadProperties(Node* object) {
   return LoadObjectField(object, JSObject::kPropertiesOffset);
 }
 
 Node* CodeStubAssembler::LoadElements(Node* object) {
   return LoadObjectField(object, JSObject::kElementsOffset);
 }
 
-Node* CodeStubAssembler::LoadJSArrayLength(compiler::Node* array) {
+Node* CodeStubAssembler::LoadJSArrayLength(Node* array) {
+  CSA_ASSERT(IsJSArray(array));
   return LoadObjectField(array, JSArray::kLengthOffset);
 }
 
-Node* CodeStubAssembler::LoadFixedArrayBaseLength(compiler::Node* array) {
+Node* CodeStubAssembler::LoadFixedArrayBaseLength(Node* array) {
   return LoadObjectField(array, FixedArrayBase::kLengthOffset);
 }
 
 Node* CodeStubAssembler::LoadAndUntagFixedArrayBaseLength(Node* array) {
   return LoadAndUntagObjectField(array, FixedArrayBase::kLengthOffset);
 }
 
 Node* CodeStubAssembler::LoadMapBitField(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return LoadObjectField(map, Map::kBitFieldOffset, MachineType::Uint8());
 }
 
 Node* CodeStubAssembler::LoadMapBitField2(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return LoadObjectField(map, Map::kBitField2Offset, MachineType::Uint8());
 }
 
 Node* CodeStubAssembler::LoadMapBitField3(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return LoadObjectField(map, Map::kBitField3Offset, MachineType::Uint32());
 }
 
 Node* CodeStubAssembler::LoadMapInstanceType(Node* map) {
   return LoadObjectField(map, Map::kInstanceTypeOffset, MachineType::Uint8());
 }
 
 Node* CodeStubAssembler::LoadMapElementsKind(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   Node* bit_field2 = LoadMapBitField2(map);
   return DecodeWord32<Map::ElementsKindBits>(bit_field2);
 }
 
 Node* CodeStubAssembler::LoadMapDescriptors(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return LoadObjectField(map, Map::kDescriptorsOffset);
 }
 
 Node* CodeStubAssembler::LoadMapPrototype(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return LoadObjectField(map, Map::kPrototypeOffset);
 }
 
 Node* CodeStubAssembler::LoadMapPrototypeInfo(Node* map,
                                               Label* if_no_proto_info) {
+  CSA_ASSERT(IsMap(map));
   Node* prototype_info =
       LoadObjectField(map, Map::kTransitionsOrPrototypeInfoOffset);
   GotoIf(TaggedIsSmi(prototype_info), if_no_proto_info);
   GotoUnless(WordEqual(LoadMap(prototype_info),
                        LoadRoot(Heap::kPrototypeInfoMapRootIndex)),
              if_no_proto_info);
   return prototype_info;
 }
 
 Node* CodeStubAssembler::LoadMapInstanceSize(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   return ChangeUint32ToWord(
       LoadObjectField(map, Map::kInstanceSizeOffset, MachineType::Uint8()));
 }
 
 Node* CodeStubAssembler::LoadMapInobjectProperties(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   // See Map::GetInObjectProperties() for details.
   STATIC_ASSERT(LAST_JS_OBJECT_TYPE == LAST_TYPE);
   CSA_ASSERT(Int32GreaterThanOrEqual(LoadMapInstanceType(map),
                                      Int32Constant(FIRST_JS_OBJECT_TYPE)));
   return ChangeUint32ToWord(LoadObjectField(
       map, Map::kInObjectPropertiesOrConstructorFunctionIndexOffset,
       MachineType::Uint8()));
 }
 
 Node* CodeStubAssembler::LoadMapConstructorFunctionIndex(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   // See Map::GetConstructorFunctionIndex() for details.
   STATIC_ASSERT(FIRST_PRIMITIVE_TYPE == FIRST_TYPE);
   CSA_ASSERT(Int32LessThanOrEqual(LoadMapInstanceType(map),
                                   Int32Constant(LAST_PRIMITIVE_TYPE)));
   return ChangeUint32ToWord(LoadObjectField(
       map, Map::kInObjectPropertiesOrConstructorFunctionIndexOffset,
       MachineType::Uint8()));
 }
 
 Node* CodeStubAssembler::LoadMapConstructor(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
   Variable result(this, MachineRepresentation::kTagged);
   result.Bind(LoadObjectField(map, Map::kConstructorOrBackPointerOffset));
 
   Label done(this), loop(this, &result);
   Goto(&loop);
   Bind(&loop);
   {
     GotoIf(TaggedIsSmi(result.value()), &done);
     Node* is_map_type =
         Word32Equal(LoadInstanceType(result.value()), Int32Constant(MAP_TYPE));
     GotoUnless(is_map_type, &done);
     result.Bind(
         LoadObjectField(result.value(), Map::kConstructorOrBackPointerOffset));
     Goto(&loop);
   }
   Bind(&done);
   return result.value();
 }
 
-Node* CodeStubAssembler::IsSpecialReceiverMap(Node* map) {
-  Node* is_special = IsSpecialReceiverInstanceType(LoadMapInstanceType(map));
-  Node* bit_field = LoadMapBitField(map);
-  uint32_t mask =
-      1 << Map::kHasNamedInterceptor | 1 << Map::kIsAccessCheckNeeded;
-  // Interceptors or access checks imply special receiver.
-  CSA_ASSERT(
-      Select(IsSetWord32(bit_field, mask), is_special, Int32Constant(1)));
-  return is_special;
-}
-
-Node* CodeStubAssembler::IsSpecialReceiverInstanceType(Node* instance_type) {
-  STATIC_ASSERT(JS_GLOBAL_OBJECT_TYPE <= LAST_SPECIAL_RECEIVER_TYPE);
-  return Int32LessThanOrEqual(instance_type,
-                              Int32Constant(LAST_SPECIAL_RECEIVER_TYPE));
-}
-
-Node* CodeStubAssembler::IsDictionaryMap(Node* map) {
-  Node* bit_field3 = LoadMapBitField3(map);
-  return Word32NotEqual(IsSetWord32<Map::DictionaryMap>(bit_field3),
-                        Int32Constant(0));
-}
-
 Node* CodeStubAssembler::LoadNameHashField(Node* name) {
+  CSA_ASSERT(IsName(name));
   return LoadObjectField(name, Name::kHashFieldOffset, MachineType::Uint32());
 }
 
 Node* CodeStubAssembler::LoadNameHash(Node* name, Label* if_hash_not_computed) {
   Node* hash_field = LoadNameHashField(name);
   if (if_hash_not_computed != nullptr) {
     GotoIf(Word32Equal(
                Word32And(hash_field, Int32Constant(Name::kHashNotComputedMask)),
                Int32Constant(0)),
            if_hash_not_computed);
   }
   return Word32Shr(hash_field, Int32Constant(Name::kHashShift));
 }
 
 Node* CodeStubAssembler::LoadStringLength(Node* object) {
+  CSA_ASSERT(IsString(object));
   return LoadObjectField(object, String::kLengthOffset);
 }
 
 Node* CodeStubAssembler::LoadJSValueValue(Node* object) {
+  CSA_ASSERT(IsJSValue(object));
   return LoadObjectField(object, JSValue::kValueOffset);
 }
 
+Node* CodeStubAssembler::LoadWeakCellValueUnchecked(Node* weak_cell) {
+  // TODO(ishell): fix callers.
+  return LoadObjectField(weak_cell, WeakCell::kValueOffset);
+}
+
 Node* CodeStubAssembler::LoadWeakCellValue(Node* weak_cell, Label* if_cleared) {
-  Node* value = LoadObjectField(weak_cell, WeakCell::kValueOffset);
+  CSA_ASSERT(IsWeakCell(weak_cell));
+  Node* value = LoadWeakCellValueUnchecked(weak_cell);
   if (if_cleared != nullptr) {
     GotoIf(WordEqual(value, IntPtrConstant(0)), if_cleared);
   }
   return value;
 }
 
 Node* CodeStubAssembler::LoadFixedArrayElement(Node* object, Node* index_node,
                                                int additional_offset,
                                                ParameterMode parameter_mode) {
   int32_t header_size =
@@ skipping 56 matching lines @@
   if (Is64()) {
     return Load(MachineType::Int32(), object, offset);
   } else {
     return SmiToWord32(Load(MachineType::AnyTagged(), object, offset));
   }
 }
 
 Node* CodeStubAssembler::LoadFixedDoubleArrayElement(
     Node* object, Node* index_node, MachineType machine_type,
     int additional_offset, ParameterMode parameter_mode, Label* if_hole) {
+  CSA_ASSERT(IsFixedDoubleArray(object));
   int32_t header_size =
       FixedDoubleArray::kHeaderSize + additional_offset - kHeapObjectTag;
   Node* offset = ElementOffsetFromIndex(index_node, FAST_HOLEY_DOUBLE_ELEMENTS,
                                         parameter_mode, header_size);
   return LoadDoubleWithHoleCheck(object, offset, if_hole, machine_type);
 }
 
 Node* CodeStubAssembler::LoadDoubleWithHoleCheck(Node* base, Node* offset,
                                                  Label* if_hole,
                                                  MachineType machine_type) {
@@ skipping 30 matching lines @@
   return Store(MachineRepresentation::kTagged, context, IntPtrConstant(offset),
                value);
 }
 
 Node* CodeStubAssembler::LoadNativeContext(Node* context) {
   return LoadContextElement(context, Context::NATIVE_CONTEXT_INDEX);
 }
 
 Node* CodeStubAssembler::LoadJSArrayElementsMap(ElementsKind kind,
                                                 Node* native_context) {
+  CSA_ASSERT(IsNativeContext(native_context));
   return LoadFixedArrayElement(native_context,
                                IntPtrConstant(Context::ArrayMapIndex(kind)));
 }
 
 Node* CodeStubAssembler::StoreHeapNumberValue(Node* object, Node* value) {
   return StoreObjectFieldNoWriteBarrier(object, HeapNumber::kValueOffset, value,
                                         MachineRepresentation::kFloat64);
 }
 
 Node* CodeStubAssembler::StoreObjectField(
@@ skipping 55 matching lines @@
   MachineRepresentation rep = MachineRepresentation::kTagged;
   if (barrier_mode == SKIP_WRITE_BARRIER) {
     return StoreNoWriteBarrier(rep, object, offset, value);
   } else {
     return Store(rep, object, offset, value);
   }
 }
 
 Node* CodeStubAssembler::StoreFixedDoubleArrayElement(
     Node* object, Node* index_node, Node* value, ParameterMode parameter_mode) {
+  CSA_ASSERT(IsFixedDoubleArray(object));
   Node* offset =
       ElementOffsetFromIndex(index_node, FAST_DOUBLE_ELEMENTS, parameter_mode,
                              FixedArray::kHeaderSize - kHeapObjectTag);
   MachineRepresentation rep = MachineRepresentation::kFloat64;
   return StoreNoWriteBarrier(rep, object, offset, value);
 }
 
 Node* CodeStubAssembler::AllocateHeapNumber(MutableMode mode) {
   Node* result = Allocate(HeapNumber::kSize, kNone);
   Heap::RootListIndex heap_map_index =
@@ skipping 124 matching lines @@
         CallRuntime(Runtime::kAllocateSeqTwoByteString, context,
                     mode == SMI_PARAMETERS ? length : SmiFromWord(length));
     var_result.Bind(result);
     Goto(&if_join);
   }
 
   Bind(&if_join);
   return var_result.value();
 }
 
-Node* CodeStubAssembler::AllocateSlicedOneByteString(Node* length, Node* parent,
-                                                     Node* offset) {
+Node* CodeStubAssembler::AllocateSlicedString(
+    Heap::RootListIndex map_root_index, Node* length, Node* parent,
+    Node* offset) {
+  CSA_ASSERT(TaggedIsSmi(length));
   Node* result = Allocate(SlicedString::kSize);
-  Node* map = LoadRoot(Heap::kSlicedOneByteStringMapRootIndex);
+  Node* map = LoadRoot(map_root_index);
+  DCHECK(Heap::RootIsImmortalImmovable(map_root_index));
   StoreMapNoWriteBarrier(result, map);
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kLengthOffset, length,
                                  MachineRepresentation::kTagged);
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kHashFieldOffset,
                                  Int32Constant(String::kEmptyHashField),
                                  MachineRepresentation::kWord32);
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kParentOffset, parent,
                                  MachineRepresentation::kTagged);
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kOffsetOffset, offset,
                                  MachineRepresentation::kTagged);
   return result;
 }
 
+Node* CodeStubAssembler::AllocateSlicedOneByteString(Node* length, Node* parent,
+                                                     Node* offset) {
+  return AllocateSlicedString(Heap::kSlicedOneByteStringMapRootIndex, length,
+                              parent, offset);
+}
+
 Node* CodeStubAssembler::AllocateSlicedTwoByteString(Node* length, Node* parent,
                                                      Node* offset) {
-  CSA_ASSERT(TaggedIsSmi(length));
-  Node* result = Allocate(SlicedString::kSize);
-  Node* map = LoadRoot(Heap::kSlicedStringMapRootIndex);
-  StoreMapNoWriteBarrier(result, map);
-  StoreObjectFieldNoWriteBarrier(result, SlicedString::kLengthOffset, length,
-                                 MachineRepresentation::kTagged);
-  StoreObjectFieldNoWriteBarrier(result, SlicedString::kHashFieldOffset,
-                                 Int32Constant(String::kEmptyHashField),
-                                 MachineRepresentation::kWord32);
-  StoreObjectFieldNoWriteBarrier(result, SlicedString::kParentOffset, parent,
-                                 MachineRepresentation::kTagged);
-  StoreObjectFieldNoWriteBarrier(result, SlicedString::kOffsetOffset, offset,
-                                 MachineRepresentation::kTagged);
-  return result;
+  return AllocateSlicedString(Heap::kSlicedStringMapRootIndex, length, parent,
+                              offset);
 }
 
-Node* CodeStubAssembler::AllocateOneByteConsString(Node* length, Node* first,
-                                                   Node* second,
-                                                   AllocationFlags flags) {
+Node* CodeStubAssembler::AllocateConsString(Heap::RootListIndex map_root_index,
+                                            Node* length, Node* first,
+                                            Node* second,
+                                            AllocationFlags flags) {
   CSA_ASSERT(TaggedIsSmi(length));
   Node* result = Allocate(ConsString::kSize, flags);
-  Node* map = LoadRoot(Heap::kConsOneByteStringMapRootIndex);
-  DCHECK(Heap::RootIsImmortalImmovable(Heap::kConsOneByteStringMapRootIndex));
+  Node* map = LoadRoot(map_root_index);
+  DCHECK(Heap::RootIsImmortalImmovable(map_root_index));
   StoreMapNoWriteBarrier(result, map);
   StoreObjectFieldNoWriteBarrier(result, ConsString::kLengthOffset, length,
                                  MachineRepresentation::kTagged);
   StoreObjectFieldNoWriteBarrier(result, ConsString::kHashFieldOffset,
                                  Int32Constant(String::kEmptyHashField),
                                  MachineRepresentation::kWord32);
   bool const new_space = !(flags & kPretenured);
   if (new_space) {
     StoreObjectFieldNoWriteBarrier(result, ConsString::kFirstOffset, first,
                                    MachineRepresentation::kTagged);
     StoreObjectFieldNoWriteBarrier(result, ConsString::kSecondOffset, second,
                                    MachineRepresentation::kTagged);
   } else {
     StoreObjectField(result, ConsString::kFirstOffset, first);
     StoreObjectField(result, ConsString::kSecondOffset, second);
   }
   return result;
 }
 
+Node* CodeStubAssembler::AllocateOneByteConsString(Node* length, Node* first,
+                                                   Node* second,
+                                                   AllocationFlags flags) {
+  return AllocateConsString(Heap::kConsOneByteStringMapRootIndex, length, first,
+                            second, flags);
+}
+
 Node* CodeStubAssembler::AllocateTwoByteConsString(Node* length, Node* first,
                                                    Node* second,
                                                    AllocationFlags flags) {
-  CSA_ASSERT(TaggedIsSmi(length));
-  Node* result = Allocate(ConsString::kSize, flags);
-  Node* map = LoadRoot(Heap::kConsStringMapRootIndex);
-  DCHECK(Heap::RootIsImmortalImmovable(Heap::kConsStringMapRootIndex));
-  StoreMapNoWriteBarrier(result, map);
-  StoreObjectFieldNoWriteBarrier(result, ConsString::kLengthOffset, length,
-                                 MachineRepresentation::kTagged);
-  StoreObjectFieldNoWriteBarrier(result, ConsString::kHashFieldOffset,
-                                 Int32Constant(String::kEmptyHashField),
-                                 MachineRepresentation::kWord32);
-  bool const new_space = !(flags & kPretenured);
-  if (new_space) {
-    StoreObjectFieldNoWriteBarrier(result, ConsString::kFirstOffset, first,
-                                   MachineRepresentation::kTagged);
-    StoreObjectFieldNoWriteBarrier(result, ConsString::kSecondOffset, second,
-                                   MachineRepresentation::kTagged);
-  } else {
-    StoreObjectField(result, ConsString::kFirstOffset, first);
-    StoreObjectField(result, ConsString::kSecondOffset, second);
-  }
-  return result;
+  return AllocateConsString(Heap::kConsStringMapRootIndex, length, first,
+                            second, flags);
 }
 
 Node* CodeStubAssembler::NewConsString(Node* context, Node* length, Node* left,
                                        Node* right, AllocationFlags flags) {
   CSA_ASSERT(TaggedIsSmi(length));
   // Added string can be a cons string.
   Comment("Allocating ConsString");
   Node* left_instance_type = LoadInstanceType(left);
   Node* right_instance_type = LoadInstanceType(right);
 
@@ skipping 132 matching lines @@
                              kHeapObjectTag));
   Node* end_address = IntPtrAdd(
       result,
       IntPtrSubFoldConstants(store_size, IntPtrConstant(kHeapObjectTag)));
   StoreFieldsNoWriteBarrier(start_address, end_address, filler);
   return result;
 }
 
 Node* CodeStubAssembler::AllocateJSObjectFromMap(Node* map, Node* properties,
                                                  Node* elements) {
+  CSA_ASSERT(IsMap(map));
   Node* size =
       IntPtrMul(LoadMapInstanceSize(map), IntPtrConstant(kPointerSize));
   CSA_ASSERT(IsRegularHeapObjectSize(size));
   Node* object = Allocate(size);
   StoreMapNoWriteBarrier(object, map);
   InitializeJSObjectFromMap(object, map, size, properties, elements);
   return object;
 }
 
 void CodeStubAssembler::InitializeJSObjectFromMap(Node* object, Node* map,
@@ skipping 132 matching lines @@
                                                       : IntPtrConstant(0),
       capacity, Heap::kTheHoleValueRootIndex, capacity_mode);
 
   return array;
 }
 
 Node* CodeStubAssembler::AllocateFixedArray(ElementsKind kind,
                                             Node* capacity_node,
                                             ParameterMode mode,
                                             AllocationFlags flags) {
+  CSA_ASSERT(IntPtrGreaterThan(capacity_node, IntPtrOrSmiConstant(0, mode)));
   Node* total_size = GetFixedArrayAllocationSize(capacity_node, kind, mode);
 
   // Allocate both array and elements object, and initialize the JSArray.
   Node* array = Allocate(total_size, flags);
   Heap* heap = isolate()->heap();
   Handle<Map> map(IsFastDoubleElementsKind(kind)
                       ? heap->fixed_double_array_map()
                       : heap->fixed_array_map());
   if (flags & kPretenured) {
     StoreObjectField(array, JSObject::kMapOffset, HeapConstant(map));
@@ skipping 726 matching lines @@
       Runtime::kThrowIncompatibleMethodReceiver, context,
       HeapConstant(factory()->NewStringFromAsciiChecked(method_name, TENURED)),
       value);
   var_value_map.Bind(UndefinedConstant());
   Goto(&out);  // Never reached.
 
   Bind(&out);
   return var_value_map.value();
 }
 
+Node* CodeStubAssembler::IsSpecialReceiverMap(Node* map) {
+  Node* is_special = IsSpecialReceiverInstanceType(LoadMapInstanceType(map));
+  Node* bit_field = LoadMapBitField(map);
+  uint32_t mask =
+      1 << Map::kHasNamedInterceptor | 1 << Map::kIsAccessCheckNeeded;
+  // Interceptors or access checks imply special receiver.
+  CSA_ASSERT(
+      Select(IsSetWord32(bit_field, mask), is_special, Int32Constant(1)));
+  return is_special;
+}
+
+Node* CodeStubAssembler::IsDictionaryMap(Node* map) {
+  CSA_SLOW_ASSERT(IsMap(map));
+  Node* bit_field3 = LoadMapBitField3(map);
+  return Word32NotEqual(IsSetWord32<Map::DictionaryMap>(bit_field3),
+                        Int32Constant(0));
+}
+
+Node* CodeStubAssembler::IsCallableMap(Node* map) {
+  CSA_ASSERT(IsMap(map));
+  return Word32NotEqual(
+      Word32And(LoadMapBitField(map), Int32Constant(1 << Map::kIsCallable)),
+      Int32Constant(0));
+}
+
+Node* CodeStubAssembler::IsSpecialReceiverInstanceType(Node* instance_type) {
+  STATIC_ASSERT(JS_GLOBAL_OBJECT_TYPE <= LAST_SPECIAL_RECEIVER_TYPE);
+  return Int32LessThanOrEqual(instance_type,
+                              Int32Constant(LAST_SPECIAL_RECEIVER_TYPE));
+}
+
 Node* CodeStubAssembler::IsStringInstanceType(Node* instance_type) {
   STATIC_ASSERT(INTERNALIZED_STRING_TYPE == FIRST_TYPE);
   return Int32LessThan(instance_type, Int32Constant(FIRST_NONSTRING_TYPE));
 }
 
 Node* CodeStubAssembler::IsJSReceiverInstanceType(Node* instance_type) {
   STATIC_ASSERT(LAST_JS_RECEIVER_TYPE == LAST_TYPE);
   return Int32GreaterThanOrEqual(instance_type,
                                  Int32Constant(FIRST_JS_RECEIVER_TYPE));
 }
 
-Node* CodeStubAssembler::IsCallableMap(Node* map) {
-  return Word32NotEqual(
-      Word32And(LoadMapBitField(map), Int32Constant(1 << Map::kIsCallable)),
-      Int32Constant(0));
+Node* CodeStubAssembler::IsJSReceiver(Node* object) {
+  STATIC_ASSERT(LAST_JS_OBJECT_TYPE == LAST_TYPE);
+  return IsJSReceiverInstanceType(LoadInstanceType(object));
+}
+
+Node* CodeStubAssembler::IsJSObject(Node* object) {
+  STATIC_ASSERT(LAST_JS_OBJECT_TYPE == LAST_TYPE);
+  return Int32GreaterThanOrEqual(LoadInstanceType(object),
+                                 Int32Constant(FIRST_JS_RECEIVER_TYPE));
+}
+
+Node* CodeStubAssembler::IsMap(Node* map) {
+  return HasInstanceType(map, MAP_TYPE);
+}
+
+Node* CodeStubAssembler::IsJSValue(Node* map) {
+  return HasInstanceType(map, JS_VALUE_TYPE);
+}
+
+Node* CodeStubAssembler::IsJSArray(Node* object) {
+  return HasInstanceType(object, JS_ARRAY_TYPE);
+}
+
+Node* CodeStubAssembler::IsWeakCell(Node* object) {
+  return HasInstanceType(object, WEAK_CELL_TYPE);
+}
+
+Node* CodeStubAssembler::IsName(Node* object) {
+  return Int32LessThanOrEqual(LoadInstanceType(object),
+                              Int32Constant(LAST_NAME_TYPE));
+}
+
+Node* CodeStubAssembler::IsString(Node* object) {
+  return Int32LessThanOrEqual(LoadInstanceType(object),
+                              Int32Constant(FIRST_NONSTRING_TYPE));
+}
+
+Node* CodeStubAssembler::IsNativeContext(Node* object) {
+  return WordEqual(LoadMap(object), LoadRoot(Heap::kNativeContextMapRootIndex));
+}
+
+Node* CodeStubAssembler::IsFixedDoubleArray(Node* object) {
+  return WordEqual(LoadMap(object), FixedDoubleArrayMapConstant());
+}
+
+Node* CodeStubAssembler::IsHashTable(Node* object) {
+  return WordEqual(LoadMap(object), LoadRoot(Heap::kHashTableMapRootIndex));
+}
+
+Node* CodeStubAssembler::IsDictionary(Node* object) {
+  return WordOr(IsHashTable(object), IsUnseededNumberDictionary(object));
+}
+
+Node* CodeStubAssembler::IsUnseededNumberDictionary(Node* object) {
+  return WordEqual(LoadMap(object),
+                   LoadRoot(Heap::kUnseededNumberDictionaryMapRootIndex));
 }
 
 Node* CodeStubAssembler::StringCharCodeAt(Node* string, Node* index) {
+  CSA_ASSERT(IsString(string));
   // Translate the {index} into a Word.
   index = SmiToWord(index);
 
   // We may need to loop in case of cons or sliced strings.
   Variable var_index(this, MachineType::PointerRepresentation());
   Variable var_result(this, MachineRepresentation::kWord32);
   Variable var_string(this, MachineRepresentation::kTagged);
   Variable* loop_vars[] = {&var_index, &var_string};
   Label done_loop(this, &var_result), loop(this, 2, loop_vars);
   var_string.Bind(string);
@@ skipping 591 matching lines @@
     IncrementCounter(counters->string_add_native(), 1);
     Goto(&done);
   }
 
   Bind(&done);
   return result.value();
 }
 
 Node* CodeStubAssembler::StringIndexOfChar(Node* context, Node* string,
                                            Node* needle_char, Node* from) {
+  CSA_ASSERT(IsString(string));
   Variable var_result(this, MachineRepresentation::kTagged);
 
   Label out(this), runtime(this, Label::kDeferred);
 
   // Let runtime handle non-one-byte {needle_char}.
 
   Node* const one_byte_char_mask = IntPtrConstant(0xFF);
   GotoUnless(WordEqual(WordAnd(needle_char, one_byte_char_mask), needle_char),
              &runtime);
 
@@ skipping 409 matching lines @@
   {
     result.Bind(CallRuntime(Runtime::kToString, context, input));
     Goto(&done);
   }
 
   Bind(&done);
   return result.value();
 }
 
 Node* CodeStubAssembler::FlattenString(Node* string) {
+  CSA_ASSERT(IsString(string));
   Variable var_result(this, MachineRepresentation::kTagged);
   var_result.Bind(string);
 
   Node* instance_type = LoadInstanceType(string);
 
   // Check if the {string} is not a ConsString (i.e. already flat).
   Label is_cons(this, Label::kDeferred), is_flat_in_cons(this), end(this);
   {
     GotoUnless(Word32Equal(Word32And(instance_type,
                                      Int32Constant(kStringRepresentationMask)),
@@ skipping 18 matching lines @@
   {
     var_result.Bind(LoadObjectField(string, ConsString::kFirstOffset));
     Goto(&end);
   }
 
   Bind(&end);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::JSReceiverToPrimitive(Node* context, Node* input) {
-  STATIC_ASSERT(LAST_JS_RECEIVER_TYPE == LAST_TYPE);
   Label if_isreceiver(this, Label::kDeferred), if_isnotreceiver(this);
   Variable result(this, MachineRepresentation::kTagged);
   Label done(this, &result);
 
-  GotoIf(TaggedIsSmi(input), &if_isnotreceiver);
-
-  Node* map = LoadMap(input);
-  Node* instance_type = LoadMapInstanceType(map);
-  Branch(IsJSReceiverInstanceType(instance_type), &if_isreceiver,
-         &if_isnotreceiver);
+  BranchIfJSReceiver(input, &if_isreceiver, &if_isnotreceiver);
 
   Bind(&if_isreceiver);
   {
     // Convert {input} to a primitive first passing Number hint.
     Callable callable = CodeFactory::NonPrimitiveToPrimitive(isolate());
     result.Bind(CallStub(callable, context, input));
     Goto(&done);
   }
 
   Bind(&if_isnotreceiver);
@@ skipping 169 matching lines @@
 Node* CodeStubAssembler::IntPtrMax(Node* left, Node* right) {
   return Select(IntPtrGreaterThanOrEqual(left, right), left, right);
 }
 
 template <typename Dictionary>
 void CodeStubAssembler::NameDictionaryLookup(Node* dictionary,
                                              Node* unique_name, Label* if_found,
                                              Variable* var_name_index,
                                              Label* if_not_found,
                                              int inlined_probes) {
+  CSA_ASSERT(IsDictionary(dictionary));
   DCHECK_EQ(MachineType::PointerRepresentation(), var_name_index->rep());
   Comment("NameDictionaryLookup");
 
   Node* capacity = SmiUntag(LoadFixedArrayElement(
       dictionary, IntPtrConstant(Dictionary::kCapacityIndex), 0,
       INTPTR_PARAMETERS));
   Node* mask = IntPtrSub(capacity, IntPtrConstant(1));
   Node* hash = ChangeUint32ToWord(LoadNameHash(unique_name));
 
   // See Dictionary::FirstProbe().
@@ skipping 64 matching lines @@
   hash = Word32Xor(hash, Word32Shr(hash, Int32Constant(16)));
   return Word32And(hash, Int32Constant(0x3fffffff));
 }
 
 template <typename Dictionary>
 void CodeStubAssembler::NumberDictionaryLookup(Node* dictionary,
                                                Node* intptr_index,
                                                Label* if_found,
                                                Variable* var_entry,
                                                Label* if_not_found) {
+  CSA_ASSERT(IsDictionary(dictionary));
   DCHECK_EQ(MachineType::PointerRepresentation(), var_entry->rep());
   Comment("NumberDictionaryLookup");
 
   Node* capacity = SmiUntag(LoadFixedArrayElement(
       dictionary, IntPtrConstant(Dictionary::kCapacityIndex), 0,
       INTPTR_PARAMETERS));
   Node* mask = IntPtrSub(capacity, IntPtrConstant(1));
 
   Node* int32_seed;
   if (Dictionary::ShapeT::UsesSeed) {
@@ skipping 282 matching lines @@
   Bind(&done);
 
   Comment("] LoadPropertyFromFastObject");
 }
 
 void CodeStubAssembler::LoadPropertyFromNameDictionary(Node* dictionary,
                                                        Node* name_index,
                                                        Variable* var_details,
                                                        Variable* var_value) {
   Comment("LoadPropertyFromNameDictionary");
-
+  CSA_ASSERT(IsDictionary(dictionary));
   const int name_to_details_offset =
       (NameDictionary::kEntryDetailsIndex - NameDictionary::kEntryKeyIndex) *
       kPointerSize;
   const int name_to_value_offset =
       (NameDictionary::kEntryValueIndex - NameDictionary::kEntryKeyIndex) *
       kPointerSize;
 
   Node* details = LoadAndUntagToWord32FixedArrayElement(dictionary, name_index,
                                                         name_to_details_offset);
 
   var_details->Bind(details);
   var_value->Bind(
       LoadFixedArrayElement(dictionary, name_index, name_to_value_offset));
 
   Comment("] LoadPropertyFromNameDictionary");
 }
 
 void CodeStubAssembler::LoadPropertyFromGlobalDictionary(Node* dictionary,
                                                          Node* name_index,
                                                          Variable* var_details,
                                                          Variable* var_value,
                                                          Label* if_deleted) {
   Comment("[ LoadPropertyFromGlobalDictionary");
+  CSA_ASSERT(IsDictionary(dictionary));
 
   const int name_to_value_offset =
       (GlobalDictionary::kEntryValueIndex - GlobalDictionary::kEntryKeyIndex) *
       kPointerSize;
 
   Node* property_cell =
       LoadFixedArrayElement(dictionary, name_index, name_to_value_offset);
 
   Node* value = LoadObjectField(property_cell, PropertyCell::kValueOffset);
   GotoIf(WordEqual(value, TheHoleConstant()), if_deleted);
@@ skipping 534 matching lines @@
     var_receiver_map.Bind(LoadMap(receiver));
     Goto(&if_result);
   }
   Bind(&if_result);
   return var_receiver_map.value();
 }
 
 compiler::Node* CodeStubAssembler::TryMonomorphicCase(
     compiler::Node* slot, compiler::Node* vector, compiler::Node* receiver_map,
     Label* if_handler, Variable* var_handler, Label* if_miss) {
+  Comment("TryMonomorphicCase");
   DCHECK_EQ(MachineRepresentation::kTagged, var_handler->rep());
 
   // TODO(ishell): add helper class that hides offset computations for a series
   // of loads.
   int32_t header_size = FixedArray::kHeaderSize - kHeapObjectTag;
   // Adding |header_size| with a separate IntPtrAdd rather than passing it
   // into ElementOffsetFromIndex() allows it to be folded into a single
   // [base, index, offset] indirect memory access on x64.
   Node* offset =
       ElementOffsetFromIndex(slot, FAST_HOLEY_ELEMENTS, SMI_PARAMETERS);
   Node* feedback = Load(MachineType::AnyTagged(), vector,
                         IntPtrAdd(offset, IntPtrConstant(header_size)));
 
   // Try to quickly handle the monomorphic case without knowing for sure
   // if we have a weak cell in feedback. We do know it's safe to look
   // at WeakCell::kValueOffset.
-  GotoIf(WordNotEqual(receiver_map, LoadWeakCellValue(feedback)), if_miss);
+  GotoIf(WordNotEqual(receiver_map, LoadWeakCellValueUnchecked(feedback)),
+         if_miss);
 
   Node* handler =
       Load(MachineType::AnyTagged(), vector,
            IntPtrAdd(offset, IntPtrConstant(header_size + kPointerSize)));
 
   var_handler->Bind(handler);
   Goto(if_handler);
   return feedback;
 }
 
 void CodeStubAssembler::HandlePolymorphicCase(
     compiler::Node* receiver_map, compiler::Node* feedback, Label* if_handler,
     Variable* var_handler, Label* if_miss, int unroll_count) {
+  Comment("HandlePolymorphicCase");
   DCHECK_EQ(MachineRepresentation::kTagged, var_handler->rep());
 
   // Iterate {feedback} array.
   const int kEntrySize = 2;
 
   for (int i = 0; i < unroll_count; i++) {
     Label next_entry(this);
     Node* cached_map = LoadWeakCellValue(LoadFixedArrayElement(
         feedback, IntPtrConstant(i * kEntrySize), 0, INTPTR_PARAMETERS));
     GotoIf(WordNotEqual(receiver_map, cached_map), &next_entry);
@@ skipping 1735 matching lines @@
   }
   Bind(&no_memento_found);
   Comment("] TrapAllocationMemento");
 }
 
 Node* CodeStubAssembler::PageFromAddress(Node* address) {
   return WordAnd(address, IntPtrConstant(~Page::kPageAlignmentMask));
 }
 
 Node* CodeStubAssembler::EnumLength(Node* map) {
+  CSA_ASSERT(IsMap(map));
   Node* bitfield_3 = LoadMapBitField3(map);
   Node* enum_length = DecodeWordFromWord32<Map::EnumLengthBits>(bitfield_3);
   return SmiTag(enum_length);
 }
 
 void CodeStubAssembler::CheckEnumCache(Node* receiver, Label* use_cache,
                                        Label* use_runtime) {
   Variable current_js_object(this, MachineRepresentation::kTagged);
   current_js_object.Bind(receiver);
 
@@ skipping 1878 matching lines @@
   Node* buffer_bit_field = LoadObjectField(
       buffer, JSArrayBuffer::kBitFieldOffset, MachineType::Uint32());
   Node* was_neutered_mask = Int32Constant(JSArrayBuffer::WasNeutered::kMask);
 
   return Word32NotEqual(Word32And(buffer_bit_field, was_neutered_mask),
                         Int32Constant(0));
 }
 
 }  // namespace internal
 }  // namespace v8