[csa] Add assertions to CSA

src/code-stub-assembler.cc

 // Copyright 2016 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "src/code-stub-assembler.h"
 #include "src/code-factory.h"
 #include "src/frames-inl.h"
 #include "src/frames.h"
 
 namespace v8 {
 namespace internal {
@@ skipping 176 matching lines @@
 Node* CodeStubAssembler::IntPtrRoundUpToPowerOfTwo32(Node* value) {
   Comment("IntPtrRoundUpToPowerOfTwo32");
   CSA_ASSERT(this, UintPtrLessThanOrEqual(value, IntPtrConstant(0x80000000u)));
   value = IntPtrSub(value, IntPtrConstant(1));
   for (int i = 1; i <= 16; i *= 2) {
     value = WordOr(value, WordShr(value, IntPtrConstant(i)));
   }
   return IntPtrAdd(value, IntPtrConstant(1));
 }
 
+Node* CodeStubAssembler::IsParameterMode(Node* value, ParameterMode mode) {
+  return (mode == SMI_PARAMETERS) ? TaggedIsSmi(value) : Int32Constant(1);

[Igor Sheludko, 2017/05/02 10:37:16]

Maybe CSA_ASSERT_PARAMETER_MODE(csa, value, mode) would be a better choice.

[jgruber, 2017/05/03 11:11:51]

CSA_ASSERT_PARAMETER_MODE(csa, value, mode)
CSA_ASSERT(csa, IsParameterMode(value, mode))

No strong opinion either way, but I'm not sure it makes sense to introduce a new
macro for this assertion.

[Igor Sheludko, 2017/05/03 11:21:45]

Even better idea: ensure that CSA::Assert() is no-op when the condition !=
Int32Constant(0).

+}
+
 Node* CodeStubAssembler::WordIsPowerOfTwo(Node* value) {
   // value && !(value & (value - 1))
   return WordEqual(
       Select(
           WordEqual(value, IntPtrConstant(0)),
           [=] { return IntPtrConstant(1); },
           [=] { return WordAnd(value, IntPtrSub(value, IntPtrConstant(1))); },
           MachineType::PointerRepresentation()),
       IntPtrConstant(0));
 }
@@ skipping 223 matching lines @@
 
 Node* CodeStubAssembler::SmiTag(Node* value) {
   int32_t constant_value;
   if (ToInt32Constant(value, constant_value) && Smi::IsValid(constant_value)) {
     return SmiConstant(Smi::FromInt(constant_value));
   }
   return BitcastWordToTaggedSigned(WordShl(value, SmiShiftBitsConstant()));
 }
 
 Node* CodeStubAssembler::SmiUntag(Node* value) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(value));
   return WordSar(BitcastTaggedToWord(value), SmiShiftBitsConstant());
 }
 
 Node* CodeStubAssembler::SmiToWord32(Node* value) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(value));
   Node* result = SmiUntag(value);
   return TruncateWordToWord32(result);
 }
 
 Node* CodeStubAssembler::SmiToFloat64(Node* value) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(value));
   return ChangeInt32ToFloat64(SmiToWord32(value));
 }
 
 Node* CodeStubAssembler::SmiMax(Node* a, Node* b) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(a));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(b));

[Igor Sheludko, 2017/05/02 10:37:17]

I'd rather put these asserts into SmiLessThan() (see SMI_COMPARISON_OP and
similarily into SMI_ARITHMETIC_BINOP and SmiSh[l/r]).

[jgruber, 2017/05/03 11:11:50]

Done.

   return SelectTaggedConstant(SmiLessThan(a, b), b, a);
 }
 
 Node* CodeStubAssembler::SmiMin(Node* a, Node* b) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(a));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(b));
   return SelectTaggedConstant(SmiLessThan(a, b), a, b);
 }
 
 Node* CodeStubAssembler::SmiMod(Node* a, Node* b) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(a));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(b));

[Igor Sheludko, 2017/05/02 10:37:17]

This is overkill, since SmiToWord32()s will do the same checks again.

[jgruber, 2017/05/03 11:11:50]

Done. Although I like having documentation of the expected node types next to
the function signature (types are pretty obvious in this case, but in others
they aren't). I've heard people talking about typed nodes (e.g. Node<Type>),
that would be pretty awesome.

   VARIABLE(var_result, MachineRepresentation::kTagged);
   Label return_result(this, &var_result),
       return_minuszero(this, Label::kDeferred),
       return_nan(this, Label::kDeferred);
 
   // Untag {a} and {b}.
   a = SmiToWord32(a);
   b = SmiToWord32(b);
 
   // Return NaN if {b} is zero.
@@ skipping 39 matching lines @@
 
   BIND(&return_minuszero);
   var_result.Bind(MinusZeroConstant());
   Goto(&return_result);
 
   BIND(&return_nan);
   var_result.Bind(NanConstant());
   Goto(&return_result);
 
   BIND(&return_result);
+  CSA_SLOW_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::SmiMul(Node* a, Node* b) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(a));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(b));

[Igor Sheludko, 2017/05/02 10:37:17]

Same here.

[jgruber, 2017/05/03 11:11:51]

Done.

   VARIABLE(var_result, MachineRepresentation::kTagged);
   VARIABLE(var_lhs_float64, MachineRepresentation::kFloat64);
   VARIABLE(var_rhs_float64, MachineRepresentation::kFloat64);
   Label return_result(this, &var_result);
 
   // Both {a} and {b} are Smis. Convert them to integers and multiply.
   Node* lhs32 = SmiToWord32(a);
   Node* rhs32 = SmiToWord32(b);
   Node* pair = Int32MulWithOverflow(lhs32, rhs32);
 
@@ skipping 37 matching lines @@
   {
     var_lhs_float64.Bind(SmiToFloat64(a));
     var_rhs_float64.Bind(SmiToFloat64(b));
     Node* value = Float64Mul(var_lhs_float64.value(), var_rhs_float64.value());
     Node* result = AllocateHeapNumberWithValue(value);
     var_result.Bind(result);
     Goto(&return_result);
   }
 
   BIND(&return_result);
+  CSA_SLOW_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::TrySmiDiv(Node* dividend, Node* divisor,
                                    Label* bailout) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(dividend));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(divisor));
+
   // Both {a} and {b} are Smis. Bailout to floating point division if {divisor}
   // is zero.
   GotoIf(WordEqual(divisor, SmiConstant(0)), bailout);
 
   // Do floating point division if {dividend} is zero and {divisor} is
   // negative.
   Label dividend_is_zero(this), dividend_is_not_zero(this);
   Branch(WordEqual(dividend, SmiConstant(0)), &dividend_is_zero,
          &dividend_is_not_zero);
 
@@ skipping 57 matching lines @@
 }
 
 Node* CodeStubAssembler::WordIsWordAligned(Node* word) {
   return WordEqual(IntPtrConstant(0),
                    WordAnd(word, IntPtrConstant((1 << kPointerSizeLog2) - 1)));
 }
 
 void CodeStubAssembler::BranchIfPrototypesHaveNoElements(
     Node* receiver_map, Label* definitely_no_elements,
     Label* possibly_elements) {
+  CSA_SLOW_ASSERT(this, IsMap(receiver_map));
   VARIABLE(var_map, MachineRepresentation::kTagged, receiver_map);
   Label loop_body(this, &var_map);
   Node* empty_elements = LoadRoot(Heap::kEmptyFixedArrayRootIndex);
   Goto(&loop_body);
 
   BIND(&loop_body);
   {
     Node* map = var_map.value();
     Node* prototype = LoadMapPrototype(map);
     GotoIf(WordEqual(prototype, NullConstant()), definitely_no_elements);
@@ skipping 297 matching lines @@
   return Load(rep, frame_pointer, IntPtrConstant(offset));
 }
 
 Node* CodeStubAssembler::LoadBufferObject(Node* buffer, int offset,
                                           MachineType rep) {
   return Load(rep, buffer, IntPtrConstant(offset));
 }
 
 Node* CodeStubAssembler::LoadObjectField(Node* object, int offset,
                                          MachineType rep) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   return Load(rep, object, IntPtrConstant(offset - kHeapObjectTag));
 }
 
 Node* CodeStubAssembler::LoadObjectField(Node* object, Node* offset,
                                          MachineType rep) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   return Load(rep, object, IntPtrSub(offset, IntPtrConstant(kHeapObjectTag)));
 }
 
 Node* CodeStubAssembler::LoadAndUntagObjectField(Node* object, int offset) {
   if (Is64()) {
 #if V8_TARGET_LITTLE_ENDIAN
     offset += kPointerSize / 2;
 #endif
     return ChangeInt32ToInt64(
         LoadObjectField(object, offset, MachineType::Int32()));
@@ skipping 56 matching lines @@
     return StoreNoWriteBarrier(MachineRepresentation::kWord32, base,
                                IntPtrConstant(payload_offset),
                                TruncateInt64ToInt32(value));
   } else {
     return StoreNoWriteBarrier(MachineRepresentation::kTaggedSigned, base,
                                IntPtrConstant(offset), SmiTag(value));
   }
 }
 
 Node* CodeStubAssembler::LoadHeapNumberValue(Node* object) {
+  CSA_SLOW_ASSERT(this, IsHeapNumber(object));
   return LoadObjectField(object, HeapNumber::kValueOffset,
                          MachineType::Float64());
 }
 
 Node* CodeStubAssembler::LoadMap(Node* object) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   return LoadObjectField(object, HeapObject::kMapOffset);
 }
 
 Node* CodeStubAssembler::LoadInstanceType(Node* object) {
   return LoadMapInstanceType(LoadMap(object));
 }
 
 Node* CodeStubAssembler::HasInstanceType(Node* object,
                                          InstanceType instance_type) {
   return Word32Equal(LoadInstanceType(object), Int32Constant(instance_type));
@@ skipping 34 matching lines @@
   CSA_SLOW_ASSERT(this, IsMap(map));
   return LoadObjectField(map, Map::kBitField2Offset, MachineType::Uint8());
 }
 
 Node* CodeStubAssembler::LoadMapBitField3(Node* map) {
   CSA_SLOW_ASSERT(this, IsMap(map));
   return LoadObjectField(map, Map::kBitField3Offset, MachineType::Uint32());
 }
 
 Node* CodeStubAssembler::LoadMapInstanceType(Node* map) {
+  // Cannot assert IsMap(map) here since that would induce a cycle.

[Igor Sheludko, 2017/05/02 10:37:16]

IsMap() should be implemented via comparing map of an object with meta map
constant. It will even require less instructions.

Please fix it while you are here.

[jgruber, 2017/05/03 11:11:51]

Done.

   return LoadObjectField(map, Map::kInstanceTypeOffset, MachineType::Uint8());
 }
 
 Node* CodeStubAssembler::LoadMapElementsKind(Node* map) {
   CSA_SLOW_ASSERT(this, IsMap(map));
   Node* bit_field2 = LoadMapBitField2(map);
   return DecodeWord32<Map::ElementsKindBits>(bit_field2);
 }
 
 Node* CodeStubAssembler::LoadMapDescriptors(Node* map) {
@@ skipping 63 matching lines @@
     result.Bind(
         LoadObjectField(result.value(), Map::kConstructorOrBackPointerOffset));
     Goto(&loop);
   }
   BIND(&done);
   return result.value();
 }
 
 Node* CodeStubAssembler::LoadSharedFunctionInfoSpecialField(
     Node* shared, int offset, ParameterMode mode) {
+  CSA_SLOW_ASSERT(this, HasInstanceType(shared, SHARED_FUNCTION_INFO_TYPE));
   if (Is64()) {
     Node* result = LoadObjectField(shared, offset, MachineType::Int32());
     if (mode == SMI_PARAMETERS) {
       result = SmiTag(result);
     } else {
       result = ChangeUint32ToWord(result);
     }
     return result;
   } else {
     Node* result = LoadObjectField(shared, offset);
@@ skipping 40 matching lines @@
   Node* value = LoadWeakCellValueUnchecked(weak_cell);
   if (if_cleared != nullptr) {
     GotoIf(WordEqual(value, IntPtrConstant(0)), if_cleared);
   }
   return value;
 }
 
 Node* CodeStubAssembler::LoadFixedArrayElement(Node* object, Node* index_node,
                                                int additional_offset,
                                                ParameterMode parameter_mode) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(object));
   int32_t header_size =
       FixedArray::kHeaderSize + additional_offset - kHeapObjectTag;
   Node* offset = ElementOffsetFromIndex(index_node, FAST_HOLEY_ELEMENTS,
                                         parameter_mode, header_size);
   return Load(MachineType::AnyTagged(), object, offset);
 }
 
 Node* CodeStubAssembler::LoadFixedTypedArrayElement(
     Node* data_pointer, Node* index_node, ElementsKind elements_kind,
     ParameterMode parameter_mode) {
@@ skipping 54 matching lines @@
       return AllocateHeapNumberWithValue(value);
     default:
       UNREACHABLE();
       return nullptr;
   }
 }
 
 Node* CodeStubAssembler::LoadAndUntagToWord32FixedArrayElement(
     Node* object, Node* index_node, int additional_offset,
     ParameterMode parameter_mode) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(object));
+  CSA_SLOW_ASSERT(this, IsParameterMode(index_node, parameter_mode));
   int32_t header_size =
       FixedArray::kHeaderSize + additional_offset - kHeapObjectTag;
 #if V8_TARGET_LITTLE_ENDIAN
   if (Is64()) {
     header_size += kPointerSize / 2;
   }
 #endif
   Node* offset = ElementOffsetFromIndex(index_node, FAST_HOLEY_ELEMENTS,
                                         parameter_mode, header_size);
   if (Is64()) {
     return Load(MachineType::Int32(), object, offset);
   } else {
     return SmiToWord32(Load(MachineType::AnyTagged(), object, offset));
   }
 }
 
 Node* CodeStubAssembler::LoadFixedDoubleArrayElement(
     Node* object, Node* index_node, MachineType machine_type,
     int additional_offset, ParameterMode parameter_mode, Label* if_hole) {
+  CSA_SLOW_ASSERT(this, IsFixedDoubleArray(object));
+  CSA_SLOW_ASSERT(this, IsParameterMode(index_node, parameter_mode));
   CSA_ASSERT(this, IsFixedDoubleArray(object));
   int32_t header_size =
       FixedDoubleArray::kHeaderSize + additional_offset - kHeapObjectTag;
   Node* offset = ElementOffsetFromIndex(index_node, FAST_HOLEY_DOUBLE_ELEMENTS,
                                         parameter_mode, header_size);
   return LoadDoubleWithHoleCheck(object, offset, if_hole, machine_type);
 }
 
 Node* CodeStubAssembler::LoadDoubleWithHoleCheck(Node* base, Node* offset,
                                                  Label* if_hole,
@@ skipping 14 matching lines @@
     }
   }
   if (machine_type.IsNone()) {
     // This means the actual value is not needed.
     return nullptr;
   }
   return Load(machine_type, base, offset);
 }
 
 Node* CodeStubAssembler::LoadContextElement(Node* context, int slot_index) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));

[Igor Sheludko, 2017/05/02 10:37:16]

Maybe also add IsContext(). 

BTW, I saw a CL flying by where it was suggested to call HeapObject::IsContext()
from CSA. As an alternative we can use the power of macros to generate both C++
and CSA IsContext()s.

[jgruber, 2017/05/03 11:11:50]

I suggest we wait for Camillo's IsContext to land and update these after.

   int offset = Context::SlotOffset(slot_index);
   return Load(MachineType::AnyTagged(), context, IntPtrConstant(offset));
 }
 
 Node* CodeStubAssembler::LoadContextElement(Node* context, Node* slot_index) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
   Node* offset =
       IntPtrAdd(WordShl(slot_index, kPointerSizeLog2),
                 IntPtrConstant(Context::kHeaderSize - kHeapObjectTag));
   return Load(MachineType::AnyTagged(), context, offset);
 }
 
 Node* CodeStubAssembler::StoreContextElement(Node* context, int slot_index,
                                              Node* value) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
   int offset = Context::SlotOffset(slot_index);
   return Store(context, IntPtrConstant(offset), value);
 }
 
 Node* CodeStubAssembler::StoreContextElement(Node* context, Node* slot_index,
                                              Node* value) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
   Node* offset =
       IntPtrAdd(WordShl(slot_index, kPointerSizeLog2),
                 IntPtrConstant(Context::kHeaderSize - kHeapObjectTag));
   return Store(context, offset, value);
 }
 
 Node* CodeStubAssembler::StoreContextElementNoWriteBarrier(Node* context,
                                                            int slot_index,
                                                            Node* value) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
   int offset = Context::SlotOffset(slot_index);
   return StoreNoWriteBarrier(MachineRepresentation::kTagged, context,
                              IntPtrConstant(offset), value);
 }
 
 Node* CodeStubAssembler::LoadNativeContext(Node* context) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
   return LoadContextElement(context, Context::NATIVE_CONTEXT_INDEX);
 }
 
 Node* CodeStubAssembler::LoadJSArrayElementsMap(ElementsKind kind,
                                                 Node* native_context) {
   CSA_ASSERT(this, IsNativeContext(native_context));
   return LoadContextElement(native_context, Context::ArrayMapIndex(kind));
 }
 
 Node* CodeStubAssembler::LoadJSFunctionPrototype(Node* function,
@@ skipping 11 matching lines @@
   GotoIfNot(IsMap(proto_or_map), &done);
 
   var_result.Bind(LoadMapPrototype(proto_or_map));
   Goto(&done);
 
   BIND(&done);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::StoreHeapNumberValue(Node* object, Node* value) {
+  CSA_SLOW_ASSERT(this, IsHeapNumber(object));
   return StoreObjectFieldNoWriteBarrier(object, HeapNumber::kValueOffset, value,
                                         MachineRepresentation::kFloat64);
 }
 
 Node* CodeStubAssembler::StoreObjectField(
     Node* object, int offset, Node* value) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   DCHECK_NE(HeapObject::kMapOffset, offset);  // Use StoreMap instead.
   return Store(object, IntPtrConstant(offset - kHeapObjectTag), value);
 }
 
 Node* CodeStubAssembler::StoreObjectField(Node* object, Node* offset,
                                           Node* value) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   int const_offset;
   if (ToInt32Constant(offset, const_offset)) {
     return StoreObjectField(object, const_offset, value);
   }
   return Store(object, IntPtrSub(offset, IntPtrConstant(kHeapObjectTag)),
                value);
 }
 
 Node* CodeStubAssembler::StoreObjectFieldNoWriteBarrier(
     Node* object, int offset, Node* value, MachineRepresentation rep) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   return StoreNoWriteBarrier(rep, object,
                              IntPtrConstant(offset - kHeapObjectTag), value);
 }
 
 Node* CodeStubAssembler::StoreObjectFieldNoWriteBarrier(
     Node* object, Node* offset, Node* value, MachineRepresentation rep) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   int const_offset;
   if (ToInt32Constant(offset, const_offset)) {
     return StoreObjectFieldNoWriteBarrier(object, const_offset, value, rep);
   }
   return StoreNoWriteBarrier(
       rep, object, IntPtrSub(offset, IntPtrConstant(kHeapObjectTag)), value);
 }
 
 Node* CodeStubAssembler::StoreMap(Node* object, Node* map) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   CSA_SLOW_ASSERT(this, IsMap(map));
   return StoreWithMapWriteBarrier(
       object, IntPtrConstant(HeapObject::kMapOffset - kHeapObjectTag), map);
 }
 
 Node* CodeStubAssembler::StoreMapNoWriteBarrier(
     Node* object, Heap::RootListIndex map_root_index) {
   return StoreMapNoWriteBarrier(object, LoadRoot(map_root_index));
 }
 
 Node* CodeStubAssembler::StoreMapNoWriteBarrier(Node* object, Node* map) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   CSA_SLOW_ASSERT(this, IsMap(map));
   return StoreNoWriteBarrier(
       MachineRepresentation::kTagged, object,
       IntPtrConstant(HeapObject::kMapOffset - kHeapObjectTag), map);
 }
 
 Node* CodeStubAssembler::StoreObjectFieldRoot(Node* object, int offset,
                                               Heap::RootListIndex root_index) {
   if (Heap::RootIsImmortalImmovable(root_index)) {
     return StoreObjectFieldNoWriteBarrier(object, offset, LoadRoot(root_index));
   } else {
     return StoreObjectField(object, offset, LoadRoot(root_index));
   }
 }
 
 Node* CodeStubAssembler::StoreFixedArrayElement(Node* object, Node* index_node,
                                                 Node* value,
                                                 WriteBarrierMode barrier_mode,
                                                 int additional_offset,
                                                 ParameterMode parameter_mode) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(object));
+  CSA_SLOW_ASSERT(this, IsParameterMode(index_node, parameter_mode));
   DCHECK(barrier_mode == SKIP_WRITE_BARRIER ||
          barrier_mode == UPDATE_WRITE_BARRIER);
   int header_size =
       FixedArray::kHeaderSize + additional_offset - kHeapObjectTag;
   Node* offset = ElementOffsetFromIndex(index_node, FAST_HOLEY_ELEMENTS,
                                         parameter_mode, header_size);
   if (barrier_mode == SKIP_WRITE_BARRIER) {
     return StoreNoWriteBarrier(MachineRepresentation::kTagged, object, offset,
                                value);
   } else {
     return Store(object, offset, value);
   }
 }
 
 Node* CodeStubAssembler::StoreFixedDoubleArrayElement(
     Node* object, Node* index_node, Node* value, ParameterMode parameter_mode) {
   CSA_ASSERT(this, IsFixedDoubleArray(object));
+  CSA_SLOW_ASSERT(this, IsParameterMode(index_node, parameter_mode));
   Node* offset =
       ElementOffsetFromIndex(index_node, FAST_DOUBLE_ELEMENTS, parameter_mode,
                              FixedArray::kHeaderSize - kHeapObjectTag);
   MachineRepresentation rep = MachineRepresentation::kFloat64;
   return StoreNoWriteBarrier(rep, object, offset, value);
 }
 
 Node* CodeStubAssembler::EnsureArrayPushable(Node* receiver, Label* bailout) {
   // Disallow pushing onto prototypes. It might be the JSArray prototype.
   // Disallow pushing onto non-extensible objects.
@@ skipping 37 matching lines @@
                                           kind, capacity, new_capacity, mode,
                                           bailout));
   Goto(&fits);
   BIND(&fits);
 }
 
 Node* CodeStubAssembler::BuildAppendJSArray(ElementsKind kind, Node* array,
                                             CodeStubArguments& args,
                                             Variable& arg_index,
                                             Label* bailout) {
+  CSA_SLOW_ASSERT(this, IsJSArray(array));
   Comment("BuildAppendJSArray: %s", ElementsKindToString(kind));
   Label pre_bailout(this);
   Label success(this);
   VARIABLE(var_tagged_length, MachineRepresentation::kTagged);
   ParameterMode mode = OptimalParameterMode();
   VARIABLE(var_length, OptimalParameterRepresentation(),
            TaggedToParameter(LoadJSArrayLength(array), mode));
   VARIABLE(var_elements, MachineRepresentation::kTagged, LoadElements(array));
 
   // Resize the capacity of the fixed array if it doesn't fit.
@@ skipping 50 matching lines @@
                                  Float64SilenceNaN(double_value), mode);
   } else {
     WriteBarrierMode barrier_mode =
         IsFastSmiElementsKind(kind) ? SKIP_WRITE_BARRIER : UPDATE_WRITE_BARRIER;
     StoreFixedArrayElement(elements, index, value, barrier_mode, 0, mode);
   }
 }
 
 void CodeStubAssembler::BuildAppendJSArray(ElementsKind kind, Node* array,
                                            Node* value, Label* bailout) {
+  CSA_SLOW_ASSERT(this, IsJSArray(array));
   Comment("BuildAppendJSArray: %s", ElementsKindToString(kind));
   ParameterMode mode = OptimalParameterMode();
   VARIABLE(var_length, OptimalParameterRepresentation(),
            TaggedToParameter(LoadJSArrayLength(array), mode));
   VARIABLE(var_elements, MachineRepresentation::kTagged, LoadElements(array));
 
   // Resize the capacity of the fixed array if it doesn't fit.
   Node* growth = IntPtrOrSmiConstant(1, mode);
   PossiblyGrowElementsCapacity(mode, kind, array, var_length.value(),
                                &var_elements, growth, bailout);
@@ skipping 39 matching lines @@
   StoreObjectFieldNoWriteBarrier(result, SeqOneByteString::kHashFieldSlot,
                                  IntPtrConstant(String::kEmptyHashField),
                                  MachineType::PointerRepresentation());
   return result;
 }
 
 Node* CodeStubAssembler::AllocateSeqOneByteString(Node* context, Node* length,
                                                   ParameterMode mode,
                                                   AllocationFlags flags) {
   Comment("AllocateSeqOneByteString");
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
+  CSA_SLOW_ASSERT(this, IsParameterMode(length, mode));
   VARIABLE(var_result, MachineRepresentation::kTagged);
 
   // Compute the SeqOneByteString size and check if it fits into new space.
   Label if_lengthiszero(this), if_sizeissmall(this),
       if_notsizeissmall(this, Label::kDeferred), if_join(this);
   GotoIf(WordEqual(length, IntPtrOrSmiConstant(0, mode)), &if_lengthiszero);
 
   Node* raw_size = GetArrayAllocationSize(
       length, UINT8_ELEMENTS, mode,
       SeqOneByteString::kHeaderSize + kObjectAlignmentMask);
@@ skipping 50 matching lines @@
   // Initialize both used and unused parts of hash field slot at once.
   StoreObjectFieldNoWriteBarrier(result, SeqTwoByteString::kHashFieldSlot,
                                  IntPtrConstant(String::kEmptyHashField),
                                  MachineType::PointerRepresentation());
   return result;
 }
 
 Node* CodeStubAssembler::AllocateSeqTwoByteString(Node* context, Node* length,
                                                   ParameterMode mode,
                                                   AllocationFlags flags) {
+  CSA_SLOW_ASSERT(this, IsFixedArray(context));
+  CSA_SLOW_ASSERT(this, IsParameterMode(length, mode));
   Comment("AllocateSeqTwoByteString");
   VARIABLE(var_result, MachineRepresentation::kTagged);
 
   // Compute the SeqTwoByteString size and check if it fits into new space.
   Label if_lengthiszero(this), if_sizeissmall(this),
       if_notsizeissmall(this, Label::kDeferred), if_join(this);
   GotoIf(WordEqual(length, IntPtrOrSmiConstant(0, mode)), &if_lengthiszero);
 
   Node* raw_size = GetArrayAllocationSize(
       length, UINT16_ELEMENTS, mode,
@@ skipping 35 matching lines @@
     Goto(&if_join);
   }
 
   BIND(&if_join);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::AllocateSlicedString(
     Heap::RootListIndex map_root_index, Node* length, Node* parent,
     Node* offset) {
+  CSA_ASSERT(this, IsString(parent));
   CSA_ASSERT(this, TaggedIsSmi(length));
+  CSA_ASSERT(this, TaggedIsSmi(offset));
   Node* result = Allocate(SlicedString::kSize);
   DCHECK(Heap::RootIsImmortalImmovable(map_root_index));
   StoreMapNoWriteBarrier(result, map_root_index);
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kLengthOffset, length,
                                  MachineRepresentation::kTagged);
   // Initialize both used and unused parts of hash field slot at once.
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kHashFieldSlot,
                                  IntPtrConstant(String::kEmptyHashField),
                                  MachineType::PointerRepresentation());
   StoreObjectFieldNoWriteBarrier(result, SlicedString::kParentOffset, parent,
@@ skipping 12 matching lines @@
 Node* CodeStubAssembler::AllocateSlicedTwoByteString(Node* length, Node* parent,
                                                      Node* offset) {
   return AllocateSlicedString(Heap::kSlicedStringMapRootIndex, length, parent,
                               offset);
 }
 
 Node* CodeStubAssembler::AllocateConsString(Heap::RootListIndex map_root_index,
                                             Node* length, Node* first,
                                             Node* second,
                                             AllocationFlags flags) {
+  CSA_ASSERT(this, IsString(first));
+  CSA_ASSERT(this, IsString(second));
   CSA_ASSERT(this, TaggedIsSmi(length));
   Node* result = Allocate(ConsString::kSize, flags);
   DCHECK(Heap::RootIsImmortalImmovable(map_root_index));
   StoreMapNoWriteBarrier(result, map_root_index);
   StoreObjectFieldNoWriteBarrier(result, ConsString::kLengthOffset, length,
                                  MachineRepresentation::kTagged);
   // Initialize both used and unused parts of hash field slot at once.
   StoreObjectFieldNoWriteBarrier(result, ConsString::kHashFieldSlot,
                                  IntPtrConstant(String::kEmptyHashField),
                                  MachineType::PointerRepresentation());
@@ skipping 19 matching lines @@
 
 Node* CodeStubAssembler::AllocateTwoByteConsString(Node* length, Node* first,
                                                    Node* second,
                                                    AllocationFlags flags) {
   return AllocateConsString(Heap::kConsStringMapRootIndex, length, first,
                             second, flags);
 }
 
 Node* CodeStubAssembler::NewConsString(Node* context, Node* length, Node* left,
                                        Node* right, AllocationFlags flags) {
+  CSA_ASSERT(this, IsFixedArray(context));
+  CSA_ASSERT(this, IsString(left));
+  CSA_ASSERT(this, IsString(right));
   CSA_ASSERT(this, TaggedIsSmi(length));
   // Added string can be a cons string.
   Comment("Allocating ConsString");
   Node* left_instance_type = LoadInstanceType(left);
   Node* right_instance_type = LoadInstanceType(right);
 
   // Compute intersection and difference of instance types.
   Node* anded_instance_types =
       Word32And(left_instance_type, right_instance_type);
   Node* xored_instance_types =
@@ skipping 35 matching lines @@
   result.Bind(AllocateTwoByteConsString(length, left, right, flags));
   Goto(&done);
 
   BIND(&done);
 
   return result.value();
 }
 
 Node* CodeStubAssembler::AllocateRegExpResult(Node* context, Node* length,
                                               Node* index, Node* input) {
+  CSA_ASSERT(this, IsFixedArray(context));
+  CSA_ASSERT(this, TaggedIsSmi(index));
+  CSA_ASSERT(this, TaggedIsSmi(length));
+  CSA_ASSERT(this, IsString(input));
+
+#ifdef DEBUG
   Node* const max_length =
       SmiConstant(Smi::FromInt(JSArray::kInitialMaxFastElementArray));
   CSA_ASSERT(this, SmiLessThanOrEqual(length, max_length));
-  USE(max_length);
+#endif  // DEBUG
 
   // Allocate the JSRegExpResult.
   // TODO(jgruber): Fold JSArray and FixedArray allocations, then remove
   // unneeded store of elements.
   Node* const result = Allocate(JSRegExpResult::kSize);
 
   // TODO(jgruber): Store map as Heap constant?
   Node* const native_context = LoadNativeContext(context);
   Node* const map =
       LoadContextElement(native_context, Context::REGEXP_RESULT_MAP_INDEX);
@@ skipping 72 matching lines @@
                                   kHeapObjectTag));
   Node* end_address = IntPtrAdd(
       result_word, IntPtrSub(store_size, IntPtrConstant(kHeapObjectTag)));
   StoreFieldsNoWriteBarrier(start_address, end_address, filler);
   return result;
 }
 
 Node* CodeStubAssembler::CopyNameDictionary(Node* dictionary,
                                             Label* large_object_fallback) {
   Comment("Copy boilerplate property dict");
+  CSA_SLOW_ASSERT(this, IsFixedArray(dictionary));

[Igor Sheludko, 2017/05/02 10:37:17]

CSA::IsDictionary(dictionary)

[jgruber, 2017/05/03 11:11:50]

Done.

   Label done(this);
   Node* length = SmiUntag(LoadFixedArrayBaseLength(dictionary));
   GotoIf(
       IntPtrGreaterThan(length, IntPtrConstant(FixedArray::kMaxRegularLength)),
       large_object_fallback);
   Node* properties =
       AllocateNameDictionary(SmiUntag(GetCapacity<NameDictionary>(dictionary)));
   CopyFixedArrayElements(FAST_ELEMENTS, dictionary, properties, length,
                          SKIP_WRITE_BARRIER, INTPTR_PARAMETERS);
   return properties;
 }
 
 Node* CodeStubAssembler::AllocateJSObjectFromMap(Node* map, Node* properties,
                                                  Node* elements,
                                                  AllocationFlags flags) {
   CSA_ASSERT(this, IsMap(map));
   Node* size =
       IntPtrMul(LoadMapInstanceSize(map), IntPtrConstant(kPointerSize));
   Node* object = AllocateInNewSpace(size, flags);
   StoreMapNoWriteBarrier(object, map);
   InitializeJSObjectFromMap(object, map, size, properties, elements);
   return object;
 }
 
 void CodeStubAssembler::InitializeJSObjectFromMap(Node* object, Node* map,
                                                   Node* size, Node* properties,
                                                   Node* elements) {
+  CSA_SLOW_ASSERT(this, IsMap(map));
   // This helper assumes that the object is in new-space, as guarded by the
   // check in AllocatedJSObjectFromMap.
   if (properties == nullptr) {
     CSA_ASSERT(this, Word32BinaryNot(IsDictionaryMap((map))));
     StoreObjectFieldRoot(object, JSObject::kPropertiesOffset,
                          Heap::kEmptyFixedArrayRootIndex);
   } else {
+    CSA_ASSERT(this, IsFixedArray(properties));
     StoreObjectFieldNoWriteBarrier(object, JSObject::kPropertiesOffset,
                                    properties);
   }
   if (elements == nullptr) {
     StoreObjectFieldRoot(object, JSObject::kElementsOffset,
                          Heap::kEmptyFixedArrayRootIndex);
   } else {
+    CSA_ASSERT(this, IsFixedArray(elements));
     StoreObjectFieldNoWriteBarrier(object, JSObject::kElementsOffset, elements);
   }
   InitializeJSObjectBody(object, map, size, JSObject::kHeaderSize);
 }
 
 void CodeStubAssembler::InitializeJSObjectBody(Node* object, Node* map,
                                                Node* size, int start_offset) {
+  CSA_SLOW_ASSERT(this, IsMap(map));
   // TODO(cbruni): activate in-object slack tracking machinery.
   Comment("InitializeJSObjectBody");
   Node* filler = LoadRoot(Heap::kUndefinedValueRootIndex);
   // Calculate the untagged field addresses.
   object = BitcastTaggedToWord(object);
   Node* start_address =
       IntPtrAdd(object, IntPtrConstant(start_offset - kHeapObjectTag));
   Node* end_address =
       IntPtrSub(IntPtrAdd(object, size), IntPtrConstant(kHeapObjectTag));
   StoreFieldsNoWriteBarrier(start_address, end_address, filler);
 }
 
 void CodeStubAssembler::StoreFieldsNoWriteBarrier(Node* start_address,
                                                   Node* end_address,
                                                   Node* value) {
   Comment("StoreFieldsNoWriteBarrier");
   CSA_ASSERT(this, WordIsWordAligned(start_address));
   CSA_ASSERT(this, WordIsWordAligned(end_address));
   BuildFastLoop(start_address, end_address,
                 [this, value](Node* current) {
                   StoreNoWriteBarrier(MachineRepresentation::kTagged, current,
                                       value);
                 },
                 kPointerSize, INTPTR_PARAMETERS, IndexAdvanceMode::kPost);
 }
 
 Node* CodeStubAssembler::AllocateUninitializedJSArrayWithoutElements(
     ElementsKind kind, Node* array_map, Node* length, Node* allocation_site) {
   Comment("begin allocation of JSArray without elements");
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(length));
+  CSA_SLOW_ASSERT(this, IsMap(array_map));
   int base_size = JSArray::kSize;
   if (allocation_site != nullptr) {
     base_size += AllocationMemento::kSize;
   }
 
   Node* size = IntPtrConstant(base_size);
   Node* array = AllocateUninitializedJSArray(kind, array_map, length,
                                              allocation_site, size);
   return array;
 }
 
 std::pair<Node*, Node*>
 CodeStubAssembler::AllocateUninitializedJSArrayWithElements(
     ElementsKind kind, Node* array_map, Node* length, Node* allocation_site,
     Node* capacity, ParameterMode capacity_mode) {
   Comment("begin allocation of JSArray with elements");
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(length));
+  CSA_SLOW_ASSERT(this, IsMap(array_map));
   int base_size = JSArray::kSize;
 
   if (allocation_site != nullptr) {
     base_size += AllocationMemento::kSize;
   }
 
   int elements_offset = base_size;
 
   // Compute space for elements
   base_size += FixedArray::kHeaderSize;
   Node* size = ElementOffsetFromIndex(capacity, kind, capacity_mode, base_size);
 
   Node* array = AllocateUninitializedJSArray(kind, array_map, length,
                                              allocation_site, size);
 
   Node* elements = InnerAllocate(array, elements_offset);
   StoreObjectFieldNoWriteBarrier(array, JSObject::kElementsOffset, elements);
 
   return {array, elements};
 }
 
 Node* CodeStubAssembler::AllocateUninitializedJSArray(ElementsKind kind,
                                                       Node* array_map,
                                                       Node* length,
                                                       Node* allocation_site,
                                                       Node* size_in_bytes) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(length));
+  CSA_SLOW_ASSERT(this, IsMap(array_map));
+
   // Allocate space for the JSArray and the elements FixedArray in one go.
   Node* array = AllocateInNewSpace(size_in_bytes);
 
   Comment("write JSArray headers");
   StoreMapNoWriteBarrier(array, array_map);
 
   CSA_ASSERT(this, TaggedIsSmi(length));

[Igor Sheludko, 2017/05/02 10:37:17]

Already exists. "Only one can remain" (c).

[jgruber, 2017/05/03 11:11:51]

Done.

   StoreObjectFieldNoWriteBarrier(array, JSArray::kLengthOffset, length);
 
   StoreObjectFieldRoot(array, JSArray::kPropertiesOffset,
                        Heap::kEmptyFixedArrayRootIndex);
 
   if (allocation_site != nullptr) {
     InitializeAllocationMemento(array, JSArray::kSize, allocation_site);
   }
   return array;
 }
 
 Node* CodeStubAssembler::AllocateJSArray(ElementsKind kind, Node* array_map,
                                          Node* capacity, Node* length,
                                          Node* allocation_site,
                                          ParameterMode capacity_mode) {
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(length));
+  CSA_SLOW_ASSERT(this, IsMap(array_map));
+  CSA_SLOW_ASSERT(this, IsParameterMode(capacity, capacity_mode));
+
   Node *array = nullptr, *elements = nullptr;
   if (IsIntPtrOrSmiConstantZero(capacity)) {
     // Array is empty. Use the shared empty fixed array instead of allocating a
     // new one.
     array = AllocateUninitializedJSArrayWithoutElements(kind, array_map, length,
                                                         nullptr);
     StoreObjectFieldRoot(array, JSArray::kElementsOffset,
                          Heap::kEmptyFixedArrayRootIndex);
   } else {
     // Allocate both array and elements object, and initialize the JSArray.
@@ skipping 13 matching lines @@
                             Heap::kTheHoleValueRootIndex, capacity_mode);
   }
 
   return array;
 }
 
 Node* CodeStubAssembler::AllocateFixedArray(ElementsKind kind,
                                             Node* capacity_node,
                                             ParameterMode mode,
                                             AllocationFlags flags) {
+  CSA_SLOW_ASSERT(this, IsParameterMode(capacity_node, mode));
   CSA_ASSERT(this, IntPtrOrSmiGreaterThan(capacity_node,
                                           IntPtrOrSmiConstant(0, mode), mode));
   Node* total_size = GetFixedArrayAllocationSize(capacity_node, kind, mode);
 
   // Allocate both array and elements object, and initialize the JSArray.
   Node* array = Allocate(total_size, flags);
   Heap::RootListIndex map_index = IsFastDoubleElementsKind(kind)
                                       ? Heap::kFixedDoubleArrayMapRootIndex
                                       : Heap::kFixedArrayMapRootIndex;
   DCHECK(Heap::RootIsImmortalImmovable(map_index));
   StoreMapNoWriteBarrier(array, map_index);
   StoreObjectFieldNoWriteBarrier(array, FixedArray::kLengthOffset,
                                  ParameterToTagged(capacity_node, mode));
   return array;
 }
 
 void CodeStubAssembler::FillFixedArrayWithValue(
     ElementsKind kind, Node* array, Node* from_node, Node* to_node,
     Heap::RootListIndex value_root_index, ParameterMode mode) {
+  CSA_SLOW_ASSERT(this, IsParameterMode(from_node, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(to_node, mode));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(array, kind));
   bool is_double = IsFastDoubleElementsKind(kind);
   DCHECK(value_root_index == Heap::kTheHoleValueRootIndex ||
          value_root_index == Heap::kUndefinedValueRootIndex);
   DCHECK_IMPLIES(is_double, value_root_index == Heap::kTheHoleValueRootIndex);
   STATIC_ASSERT(kHoleNanLower32 == kHoleNanUpper32);
   Node* double_hole =
       Is64() ? Int64Constant(kHoleNanInt64) : Int32Constant(kHoleNanLower32);
   Node* value = LoadRoot(value_root_index);
 
   BuildFastFixedArrayForEach(
@@ skipping 23 matching lines @@
                               value);
         }
       },
       mode);
 }
 
 void CodeStubAssembler::CopyFixedArrayElements(
     ElementsKind from_kind, Node* from_array, ElementsKind to_kind,
     Node* to_array, Node* element_count, Node* capacity,
     WriteBarrierMode barrier_mode, ParameterMode mode) {
+  CSA_SLOW_ASSERT(this, IsParameterMode(element_count, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(capacity, mode));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(from_array, from_kind));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(to_array, to_kind));
   STATIC_ASSERT(FixedArray::kHeaderSize == FixedDoubleArray::kHeaderSize);
   const int first_element_offset = FixedArray::kHeaderSize - kHeapObjectTag;
   Comment("[ CopyFixedArrayElements");
 
   // Typed array elements are not supported.
   DCHECK(!IsFixedTypedArrayElementsKind(from_kind));
   DCHECK(!IsFixedTypedArrayElementsKind(to_kind));
 
   Label done(this);
   bool from_double_elements = IsFastDoubleElementsKind(from_kind);
@@ skipping 116 matching lines @@
   IncrementCounter(isolate()->counters()->inlined_copied_elements(), 1);
   Comment("] CopyFixedArrayElements");
 }
 
 void CodeStubAssembler::CopyStringCharacters(Node* from_string, Node* to_string,
                                              Node* from_index, Node* to_index,
                                              Node* character_count,
                                              String::Encoding from_encoding,
                                              String::Encoding to_encoding,
                                              ParameterMode mode) {
+  CSA_SLOW_ASSERT(this, IsString(from_string));
+  CSA_SLOW_ASSERT(this, IsString(to_string));
+  CSA_SLOW_ASSERT(this, IsParameterMode(character_count, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(from_index, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(to_index, mode));
   bool from_one_byte = from_encoding == String::ONE_BYTE_ENCODING;
   bool to_one_byte = to_encoding == String::ONE_BYTE_ENCODING;
   DCHECK_IMPLIES(to_one_byte, from_one_byte);
   Comment("CopyStringCharacters %s -> %s",
           from_one_byte ? "ONE_BYTE_ENCODING" : "TWO_BYTE_ENCODING",
           to_one_byte ? "ONE_BYTE_ENCODING" : "TWO_BYTE_ENCODING");
 
   ElementsKind from_kind = from_one_byte ? UINT8_ELEMENTS : UINT16_ELEMENTS;
   ElementsKind to_kind = to_one_byte ? UINT8_ELEMENTS : UINT16_ELEMENTS;
   STATIC_ASSERT(SeqOneByteString::kHeaderSize == SeqTwoByteString::kHeaderSize);
@@ skipping 38 matching lines @@
                   }
                 },
                 from_increment, INTPTR_PARAMETERS, IndexAdvanceMode::kPost);
 }
 
 Node* CodeStubAssembler::LoadElementAndPrepareForStore(Node* array,
                                                        Node* offset,
                                                        ElementsKind from_kind,
                                                        ElementsKind to_kind,
                                                        Label* if_hole) {
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(array, from_kind));
   if (IsFastDoubleElementsKind(from_kind)) {
     Node* value =
         LoadDoubleWithHoleCheck(array, offset, if_hole, MachineType::Float64());
     if (!IsFastDoubleElementsKind(to_kind)) {
       value = AllocateHeapNumberWithValue(value);
     }
     return value;
 
   } else {
     Node* value = Load(MachineType::AnyTagged(), array, offset);
     if (if_hole) {
       GotoIf(WordEqual(value, TheHoleConstant()), if_hole);
     }
     if (IsFastDoubleElementsKind(to_kind)) {
       if (IsFastSmiElementsKind(from_kind)) {
         value = SmiToFloat64(value);
       } else {
         value = LoadHeapNumberValue(value);
       }
     }
     return value;
   }
 }
 
 Node* CodeStubAssembler::CalculateNewElementsCapacity(Node* old_capacity,
                                                       ParameterMode mode) {
+  CSA_SLOW_ASSERT(this, IsParameterMode(old_capacity, mode));
   Node* half_old_capacity = WordOrSmiShr(old_capacity, 1, mode);
   Node* new_capacity = IntPtrOrSmiAdd(half_old_capacity, old_capacity, mode);
   Node* padding = IntPtrOrSmiConstant(16, mode);
   return IntPtrOrSmiAdd(new_capacity, padding, mode);
 }
 
 Node* CodeStubAssembler::TryGrowElementsCapacity(Node* object, Node* elements,
                                                  ElementsKind kind, Node* key,
                                                  Label* bailout) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(elements, kind));
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(key));
   Node* capacity = LoadFixedArrayBaseLength(elements);
 
   ParameterMode mode = OptimalParameterMode();
   capacity = TaggedToParameter(capacity, mode);
   key = TaggedToParameter(key, mode);
 
   return TryGrowElementsCapacity(object, elements, kind, key, capacity, mode,
                                  bailout);
 }
 
 Node* CodeStubAssembler::TryGrowElementsCapacity(Node* object, Node* elements,
                                                  ElementsKind kind, Node* key,
                                                  Node* capacity,
                                                  ParameterMode mode,
                                                  Label* bailout) {
   Comment("TryGrowElementsCapacity");
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(elements, kind));
+  CSA_SLOW_ASSERT(this, IsParameterMode(capacity, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(key, mode));
 
   // If the gap growth is too big, fall back to the runtime.
   Node* max_gap = IntPtrOrSmiConstant(JSObject::kMaxGap, mode);
   Node* max_capacity = IntPtrOrSmiAdd(capacity, max_gap, mode);
   GotoIf(UintPtrOrSmiGreaterThanOrEqual(key, max_capacity, mode), bailout);
 
   // Calculate the capacity of the new backing store.
   Node* new_capacity = CalculateNewElementsCapacity(
       IntPtrOrSmiAdd(key, IntPtrOrSmiConstant(1, mode), mode), mode);
   return GrowElementsCapacity(object, elements, kind, kind, capacity,
                               new_capacity, mode, bailout);
 }
 
 Node* CodeStubAssembler::GrowElementsCapacity(
     Node* object, Node* elements, ElementsKind from_kind, ElementsKind to_kind,
     Node* capacity, Node* new_capacity, ParameterMode mode, Label* bailout) {
   Comment("[ GrowElementsCapacity");
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
+  CSA_SLOW_ASSERT(this, IsFixedArrayWithKind(elements, from_kind));
+  CSA_SLOW_ASSERT(this, IsParameterMode(capacity, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(new_capacity, mode));
+
   // If size of the allocation for the new capacity doesn't fit in a page
   // that we can bump-pointer allocate from, fall back to the runtime.
   int max_size = FixedArrayBase::GetMaxLengthForNewSpaceAllocation(to_kind);
   GotoIf(UintPtrOrSmiGreaterThanOrEqual(
              new_capacity, IntPtrOrSmiConstant(max_size, mode), mode),
          bailout);
 
   // Allocate the new backing store.
   Node* new_elements = AllocateFixedArray(to_kind, new_capacity, mode);
 
@@ skipping 188 matching lines @@
       }
     }
   }
   BIND(&if_valueisheapnumber);
   {
     Node* result = AllocateHeapNumberWithValue(value);
     var_result.Bind(result);
     Goto(&if_join);
   }
   BIND(&if_join);
+  CSA_SLOW_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ChangeInt32ToTagged(Node* value) {
   if (Is64()) {
     return SmiTag(ChangeInt32ToInt64(value));
   }
   VARIABLE(var_result, MachineRepresentation::kTagged);
   Node* pair = Int32AddWithOverflow(value, value);
   Node* overflow = Projection(1, pair);
   Label if_overflow(this, Label::kDeferred), if_notoverflow(this),
       if_join(this);
   Branch(overflow, &if_overflow, &if_notoverflow);
   BIND(&if_overflow);
   {
     Node* value64 = ChangeInt32ToFloat64(value);
     Node* result = AllocateHeapNumberWithValue(value64);
     var_result.Bind(result);
   }
   Goto(&if_join);
   BIND(&if_notoverflow);
   {
     Node* result = BitcastWordToTaggedSigned(Projection(0, pair));
     var_result.Bind(result);
   }
   Goto(&if_join);
   BIND(&if_join);
+  CSA_SLOW_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ChangeUint32ToTagged(Node* value) {
   Label if_overflow(this, Label::kDeferred), if_not_overflow(this),
       if_join(this);
   VARIABLE(var_result, MachineRepresentation::kTagged);
   // If {value} > 2^31 - 1, we need to store it in a HeapNumber.
   Branch(Uint32LessThan(Int32Constant(Smi::kMaxValue), value), &if_overflow,
          &if_not_overflow);
@@ skipping 16 matching lines @@
   Goto(&if_join);
 
   BIND(&if_overflow);
   {
     Node* float64_value = ChangeUint32ToFloat64(value);
     var_result.Bind(AllocateHeapNumberWithValue(float64_value));
   }
   Goto(&if_join);
 
   BIND(&if_join);
+  CSA_SLOW_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ToThisString(Node* context, Node* value,
                                       char const* method_name) {
   VARIABLE(var_value, MachineRepresentation::kTagged, value);
 
   // Check if the {value} is a Smi or a HeapObject.
   Label if_valueissmi(this, Label::kDeferred), if_valueisnotsmi(this),
       if_valueisstring(this);
@@ skipping 44 matching lines @@
     // The {value} is a Smi, convert it to a String.
     Callable callable = CodeFactory::NumberToString(isolate());
     var_value.Bind(CallStub(callable, context, value));
     Goto(&if_valueisstring);
   }
   BIND(&if_valueisstring);
   return var_value.value();
 }
 
 Node* CodeStubAssembler::ChangeNumberToFloat64(Node* value) {
+  CSA_SLOW_ASSERT(this, IsNumber(value));
   VARIABLE(result, MachineRepresentation::kFloat64);
   Label smi(this);
   Label done(this, &result);
   GotoIf(TaggedIsSmi(value), &smi);
   result.Bind(
       LoadObjectField(value, HeapNumber::kValueOffset, MachineType::Float64()));
   Goto(&done);
 
   BIND(&smi);
   {
     result.Bind(SmiToFloat64(value));
     Goto(&done);
   }
 
   BIND(&done);
   return result.value();
 }
 
 Node* CodeStubAssembler::ChangeNumberToIntPtr(Node* value) {
+  CSA_SLOW_ASSERT(this, IsNumber(value));
   VARIABLE(result, MachineType::PointerRepresentation());
   Label smi(this), done(this, &result);
   GotoIf(TaggedIsSmi(value), &smi);
 
   CSA_ASSERT(this, IsHeapNumber(value));
   result.Bind(ChangeFloat64ToUintPtr(LoadHeapNumberValue(value)));
   Goto(&done);
 
   BIND(&smi);
   result.Bind(SmiToWord(value));
@@ skipping 117 matching lines @@
 
   BIND(&out);
   return var_value_map.value();
 }
 
 Node* CodeStubAssembler::InstanceTypeEqual(Node* instance_type, int type) {
   return Word32Equal(instance_type, Int32Constant(type));
 }
 
 Node* CodeStubAssembler::IsSpecialReceiverMap(Node* map) {
+  CSA_SLOW_ASSERT(this, IsMap(map));
   Node* is_special = IsSpecialReceiverInstanceType(LoadMapInstanceType(map));
   uint32_t mask =
       1 << Map::kHasNamedInterceptor | 1 << Map::kIsAccessCheckNeeded;
   USE(mask);
   // Interceptors or access checks imply special receiver.
   CSA_ASSERT(this,
              SelectConstant(IsSetWord32(LoadMapBitField(map), mask), is_special,
                             Int32Constant(1), MachineRepresentation::kWord32));
   return is_special;
 }
@@ skipping 124 matching lines @@
 }
 
 Node* CodeStubAssembler::IsJSArray(Node* object) {
   return IsJSArrayMap(LoadMap(object));
 }
 
 Node* CodeStubAssembler::IsJSArrayMap(Node* map) {
   return IsJSArrayInstanceType(LoadMapInstanceType(map));
 }
 
+Node* CodeStubAssembler::IsFixedArray(Node* object) {
+  return HasInstanceType(object, FIXED_ARRAY_TYPE);
+}
+
+Node* CodeStubAssembler::IsFixedArrayWithKind(Node* object, ElementsKind kind) {
+  if (IsFastDoubleElementsKind(kind)) {
+    return IsFixedDoubleArray(object);
+  } else {
+    DCHECK(IsFastSmiOrObjectElementsKind(kind));
+    return IsFixedArray(object);
+  }
+}
+
 Node* CodeStubAssembler::IsWeakCell(Node* object) {
   return IsWeakCellMap(LoadMap(object));
 }
 
 Node* CodeStubAssembler::IsBoolean(Node* object) {
   return IsBooleanMap(LoadMap(object));
 }
 
 Node* CodeStubAssembler::IsPropertyCell(Node* object) {
   return IsPropertyCellMap(LoadMap(object));
@@ skipping 115 matching lines @@
 
   var_result.Bind(Int32Constant(0));
   Goto(&out);
 
   BIND(&out);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::StringCharCodeAt(Node* string, Node* index,
                                           ParameterMode parameter_mode) {
-  if (parameter_mode == SMI_PARAMETERS) CSA_ASSERT(this, TaggedIsSmi(index));
+  CSA_ASSERT(this, IsParameterMode(index, parameter_mode));
   CSA_ASSERT(this, IsString(string));
 
   // Translate the {index} into a Word.
   Node* const int_index = ParameterToWord(index, parameter_mode);
   CSA_ASSERT(this, IntPtrGreaterThanOrEqual(int_index, IntPtrConstant(0)));
 
   VARIABLE(var_result, MachineRepresentation::kWord32);
 
   Label out(this, &var_result), runtime_generic(this), runtime_external(this);
 
@@ skipping 91 matching lines @@
     // Allocate a new SeqTwoByteString for {code}.
     Node* result = AllocateSeqTwoByteString(1);
     StoreNoWriteBarrier(
         MachineRepresentation::kWord16, result,
         IntPtrConstant(SeqTwoByteString::kHeaderSize - kHeapObjectTag), code);
     var_result.Bind(result);
     Goto(&if_done);
   }
 
   BIND(&if_done);
+  CSA_ASSERT(this, IsString(var_result.value()));
   return var_result.value();
 }
 
 namespace {
 
 // A wrapper around CopyStringCharacters which determines the correct string
 // encoding, allocates a corresponding sequential string, and then copies the
 // given character range using CopyStringCharacters.
 // |from_string| must be a sequential string. |from_index| and
 // |character_count| must be Smis s.t.
@@ skipping 177 matching lines @@
 
   // Fall back to a runtime call.
   BIND(&runtime);
   {
     var_result.Bind(
         CallRuntime(Runtime::kSubString, context, string, from, to));
     Goto(&end);
   }
 
   BIND(&end);
+  CSA_ASSERT(this, IsString(var_result.value()));
   return var_result.value();
 }
 
 ToDirectStringAssembler::ToDirectStringAssembler(
     compiler::CodeAssemblerState* state, Node* string)
     : CodeStubAssembler(state),
       var_string_(this, MachineRepresentation::kTagged, string),
       var_instance_type_(this, MachineRepresentation::kWord32),
       var_offset_(this, MachineType::PointerRepresentation()),
       var_is_external_(this, MachineRepresentation::kWord32) {
@@ skipping 122 matching lines @@
                                                 kHeapObjectTag));
     }
     var_result.Bind(result);
     Goto(&out);
   }
 
   BIND(&out);
   return var_result.value();
 }
 
-Node* CodeStubAssembler::TryDerefExternalString(Node* const string,
-                                                Node* const instance_type,
-                                                Label* if_bailout) {
-  Label out(this);
-
-  CSA_ASSERT(this, IsExternalStringInstanceType(instance_type));
-  GotoIf(IsShortExternalStringInstanceType(instance_type), if_bailout);
-
-  // Move the pointer so that offset-wise, it looks like a sequential string.
-  STATIC_ASSERT(SeqTwoByteString::kHeaderSize == SeqOneByteString::kHeaderSize);
-
-  Node* resource_data = LoadObjectField(
-      string, ExternalString::kResourceDataOffset, MachineType::Pointer());
-  Node* const fake_sequential_string =
-      IntPtrSub(resource_data,
-                IntPtrConstant(SeqTwoByteString::kHeaderSize - kHeapObjectTag));
-
-  return fake_sequential_string;
-}
-
 void CodeStubAssembler::MaybeDerefIndirectString(Variable* var_string,
                                                  Node* instance_type,
                                                  Variable* var_did_something) {
   Label deref(this), done(this, var_did_something);
   Node* representation =
       Word32And(instance_type, Int32Constant(kStringRepresentationMask));
   GotoIf(Word32Equal(representation, Int32Constant(kThinStringTag)), &deref);
   GotoIf(Word32NotEqual(representation, Int32Constant(kConsStringTag)), &done);
   // Cons string.
   Node* rhs = LoadObjectField(var_string->value(), ConsString::kSecondOffset);
@@ skipping 185 matching lines @@
     Node* value = AllocateSeqTwoByteString(2);
     StoreNoWriteBarrier(
         MachineRepresentation::kWord32, value,
         IntPtrConstant(SeqTwoByteString::kHeaderSize - kHeapObjectTag),
         codepoint);
     var_result.Bind(value);
     Goto(&return_result);
   }
 
   BIND(&return_result);
+  CSA_ASSERT(this, IsString(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::StringToNumber(Node* context, Node* input) {
+  CSA_SLOW_ASSERT(this, IsString(input));
   Label runtime(this, Label::kDeferred);
   Label end(this);
 
   VARIABLE(var_result, MachineRepresentation::kTagged);
 
   // Check if string has a cached array index.
   Node* hash = LoadNameHashField(input);
   Node* bit =
       Word32And(hash, Int32Constant(String::kContainsCachedArrayIndexMask));
   GotoIf(Word32NotEqual(bit, Int32Constant(0)), &runtime);
@@ skipping 79 matching lines @@
     GotoIf(WordNotEqual(smi_key, argument), &runtime);
 
     // Smi match, return value from cache entry.
     IncrementCounter(isolate()->counters()->number_to_string_native(), 1);
     result.Bind(LoadFixedArrayElement(number_string_cache, smi_index,
                                       kPointerSize, SMI_PARAMETERS));
     Goto(&done);
   }
 
   BIND(&done);
+  CSA_ASSERT(this, IsString(result.value()));
   return result.value();
 }
 
 Node* CodeStubAssembler::ToName(Node* context, Node* value) {
   Label end(this);
   VARIABLE(var_result, MachineRepresentation::kTagged);
 
   Label is_number(this);
   GotoIf(TaggedIsSmi(value), &is_number);
 
@@ skipping 26 matching lines @@
     Goto(&end);
 
     BIND(&not_oddball);
     {
       var_result.Bind(CallRuntime(Runtime::kToName, context, value));
       Goto(&end);
     }
   }
 
   BIND(&end);
+  CSA_ASSERT(this, IsName(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::NonNumberToNumber(Node* context, Node* input) {
   // Assert input is a HeapObject (not smi or heap number)
   CSA_ASSERT(this, Word32BinaryNot(TaggedIsSmi(input)));
   CSA_ASSERT(this, Word32BinaryNot(IsHeapNumberMap(LoadMap(input))));
 
   // We might need to loop once here due to ToPrimitive conversions.
   VARIABLE(var_input, MachineRepresentation::kTagged, input);
@@ skipping 68 matching lines @@
       // Note: We cannot tail call to the runtime here, as js-to-wasm
       // trampolines also use this code currently, and they declare all
       // outgoing parameters as untagged, while we would push a tagged
       // object here.
       var_result.Bind(CallRuntime(Runtime::kToNumber, context, input));
       Goto(&end);
     }
   }
 
   BIND(&end);
+  CSA_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ToNumber(Node* context, Node* input) {
   VARIABLE(var_result, MachineRepresentation::kTagged);
   Label end(this);
 
   Label not_smi(this, Label::kDeferred);
   GotoIfNot(TaggedIsSmi(input), &not_smi);
   var_result.Bind(input);
   Goto(&end);
 
   BIND(&not_smi);
   {
     Label not_heap_number(this, Label::kDeferred);
     Node* input_map = LoadMap(input);
     GotoIfNot(IsHeapNumberMap(input_map), &not_heap_number);
 
     var_result.Bind(input);
     Goto(&end);
 
     BIND(&not_heap_number);
     {
       var_result.Bind(NonNumberToNumber(context, input));
       Goto(&end);
     }
   }
 
   BIND(&end);
+  CSA_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 // ES#sec-touint32
 Node* CodeStubAssembler::ToUint32(Node* context, Node* input) {
   Node* const float_zero = Float64Constant(0.0);
   Node* const float_two_32 = Float64Constant(static_cast<double>(1ULL << 32));
 
   Label out(this);
 
@@ skipping 82 matching lines @@
     }
 
     BIND(&return_zero);
     {
       var_result.Bind(SmiConstant(Smi::kZero));
       Goto(&out);
     }
   }
 
   BIND(&out);
+  CSA_ASSERT(this, IsNumber(var_result.value()));
   return var_result.value();
 }
 
 Node* CodeStubAssembler::ToString(Node* context, Node* input) {
   Label is_number(this);
   Label runtime(this, Label::kDeferred);
   VARIABLE(result, MachineRepresentation::kTagged);
   Label done(this, &result);
 
   GotoIf(TaggedIsSmi(input), &is_number);
@@ skipping 19 matching lines @@
     Goto(&done);
   }
 
   BIND(&runtime);
   {
     result.Bind(CallRuntime(Runtime::kToString, context, input));
     Goto(&done);
   }
 
   BIND(&done);
+  CSA_ASSERT(this, IsString(result.value()));
   return result.value();
 }
 
 Node* CodeStubAssembler::JSReceiverToPrimitive(Node* context, Node* input) {
   Label if_isreceiver(this, Label::kDeferred), if_isnotreceiver(this);
   VARIABLE(result, MachineRepresentation::kTagged);
   Label done(this, &result);
 
   BranchIfJSReceiver(input, &if_isreceiver, &if_isnotreceiver);
 
@@ skipping 33 matching lines @@
   Goto(&negative_check);
 
   BIND(&negative_check);
   Branch(SmiLessThan(result.value(), SmiConstant(0)), range_error, &done);
 
   BIND(&return_zero);
   result.Bind(SmiConstant(0));
   Goto(&done);
 
   BIND(&done);
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(result.value()));
   return result.value();
 }
 
 Node* CodeStubAssembler::ToSmiLength(Node* input, Node* const context,
                                      Label* range_error) {
   VARIABLE(result, MachineRepresentation::kTagged, input);
   Label to_integer(this), negative_check(this), return_zero(this), done(this);
   Branch(TaggedIsSmi(result.value()), &negative_check, &to_integer);
 
   BIND(&to_integer);
   result.Bind(ToInteger(context, result.value(),
                         CodeStubAssembler::kTruncateMinusZero));
   GotoIfNot(TaggedIsSmi(result.value()), range_error);
   CSA_ASSERT(this, TaggedIsSmi(result.value()));
   Goto(&negative_check);
 
   BIND(&negative_check);
   Branch(SmiLessThan(result.value(), SmiConstant(0)), &return_zero, &done);
 
   BIND(&return_zero);
   result.Bind(SmiConstant(0));
   Goto(&done);
 
   BIND(&done);
+  CSA_SLOW_ASSERT(this, TaggedIsSmi(result.value()));
   return result.value();
 }
 
 Node* CodeStubAssembler::ToInteger(Node* context, Node* input,
                                    ToIntegerTruncationMode mode) {
   // We might need to loop once for ToNumber conversion.
   VARIABLE(var_arg, MachineRepresentation::kTagged, input);
   Label loop(this, &var_arg), out(this);
   Goto(&loop);
   BIND(&loop);
@@ skipping 40 matching lines @@
       var_arg.Bind(CallStub(callable, context, arg));
       Goto(&loop);
     }
 
     BIND(&return_zero);
     var_arg.Bind(SmiConstant(Smi::kZero));
     Goto(&out);
   }
 
   BIND(&out);
+  CSA_SLOW_ASSERT(this, IsNumber(var_arg.value()));
   return var_arg.value();
 }
 
 Node* CodeStubAssembler::DecodeWord32(Node* word32, uint32_t shift,
                                       uint32_t mask) {
   return Word32Shr(Word32And(word32, Int32Constant(mask)),
                    static_cast<int>(shift));
 }
 
 Node* CodeStubAssembler::DecodeWord(Node* word, uint32_t shift, uint32_t mask) {
@@ skipping 96 matching lines @@
   BIND(&if_hascachedindex);
   var_index->Bind(DecodeWordFromWord32<Name::ArrayIndexValueBits>(hash));
   Goto(if_keyisindex);
 }
 
 void CodeStubAssembler::TryInternalizeString(
     Node* string, Label* if_index, Variable* var_index, Label* if_internalized,
     Variable* var_internalized, Label* if_not_internalized, Label* if_bailout) {
   DCHECK(var_index->rep() == MachineType::PointerRepresentation());
   DCHECK(var_internalized->rep() == MachineRepresentation::kTagged);
+  CSA_SLOW_ASSERT(this, IsString(string));
   Node* function = ExternalConstant(
       ExternalReference::try_internalize_string_function(isolate()));
   Node* result = CallCFunction1(MachineType::AnyTagged(),
                                 MachineType::AnyTagged(), function, string);
   Label internalized(this);
   GotoIf(TaggedIsNotSmi(result), &internalized);
   Node* word_result = SmiUntag(result);
   GotoIf(WordEqual(word_result, IntPtrConstant(ResultSentinel::kNotFound)),
          if_not_internalized);
   GotoIf(WordEqual(word_result, IntPtrConstant(ResultSentinel::kUnsupported)),
@@ skipping 227 matching lines @@
 void CodeStubAssembler::InsertEntry(Node* dictionary, Node* key, Node* value,
                                     Node* index, Node* enum_index) {
   UNREACHABLE();  // Use specializations instead.
 }
 
 template <>
 void CodeStubAssembler::InsertEntry<NameDictionary>(Node* dictionary,
                                                     Node* name, Node* value,
                                                     Node* index,
                                                     Node* enum_index) {
+  CSA_SLOW_ASSERT(this, IsDictionary(dictionary));
+
   // Store name and value.
   StoreFixedArrayElement(dictionary, index, name);
   StoreValueByKeyIndex<NameDictionary>(dictionary, index, value);
 
   // Prepare details of the new property.
   const int kInitialIndex = 0;
   PropertyDetails d(kData, NONE, kInitialIndex, PropertyCellType::kNoCell);
   enum_index =
       SmiShl(enum_index, PropertyDetails::DictionaryStorageField::kShift);
   STATIC_ASSERT(kInitialIndex == 0);
@@ skipping 21 matching lines @@
 void CodeStubAssembler::InsertEntry<GlobalDictionary>(Node* dictionary,
                                                       Node* key, Node* value,
                                                       Node* index,
                                                       Node* enum_index) {
   UNIMPLEMENTED();
 }
 
 template <class Dictionary>
 void CodeStubAssembler::Add(Node* dictionary, Node* key, Node* value,
                             Label* bailout) {
+  CSA_SLOW_ASSERT(this, IsDictionary(dictionary));
   Node* capacity = GetCapacity<Dictionary>(dictionary);
   Node* nof = GetNumberOfElements<Dictionary>(dictionary);
   Node* new_nof = SmiAdd(nof, SmiConstant(1));
   // Require 33% to still be free after adding additional_elements.
   // Computing "x + (x >> 1)" on a Smi x does not return a valid Smi!
   // But that's OK here because it's only used for a comparison.
   Node* required_capacity_pseudo_smi = SmiAdd(new_nof, SmiShr(new_nof, 1));
   GotoIf(SmiBelow(capacity, required_capacity_pseudo_smi), bailout);
   // Require rehashing if more than 50% of free elements are deleted elements.
   Node* deleted = GetNumberOfDeletedElements<Dictionary>(dictionary);
@@ skipping 1617 matching lines @@
   // Store the WeakCell in the feedback vector.
   StoreFixedArrayElement(feedback_vector, slot, cell, UPDATE_WRITE_BARRIER, 0,
                          CodeStubAssembler::SMI_PARAMETERS);
   return cell;
 }
 
 Node* CodeStubAssembler::BuildFastLoop(
     const CodeStubAssembler::VariableList& vars, Node* start_index,
     Node* end_index, const FastLoopBody& body, int increment,
     ParameterMode parameter_mode, IndexAdvanceMode advance_mode) {
+  CSA_SLOW_ASSERT(this, IsParameterMode(start_index, parameter_mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(end_index, parameter_mode));
   MachineRepresentation index_rep = (parameter_mode == INTPTR_PARAMETERS)
                                         ? MachineType::PointerRepresentation()
                                         : MachineRepresentation::kTaggedSigned;
   VARIABLE(var, index_rep, start_index);
   VariableList vars_copy(vars, zone());
   vars_copy.Add(&var, zone());
   Label loop(this, vars_copy);
   Label after_loop(this);
   // Introduce an explicit second check of the termination condition before the
   // loop that helps turbofan generate better code. If there's only a single
@@ skipping 17 matching lines @@
   BIND(&after_loop);
   return var.value();
 }
 
 void CodeStubAssembler::BuildFastFixedArrayForEach(
     const CodeStubAssembler::VariableList& vars, Node* fixed_array,
     ElementsKind kind, Node* first_element_inclusive,
     Node* last_element_exclusive, const FastFixedArrayForEachBody& body,
     ParameterMode mode, ForEachDirection direction) {
   STATIC_ASSERT(FixedArray::kHeaderSize == FixedDoubleArray::kHeaderSize);
+  CSA_SLOW_ASSERT(this, IsParameterMode(first_element_inclusive, mode));
+  CSA_SLOW_ASSERT(this, IsParameterMode(last_element_exclusive, mode));
+  CSA_SLOW_ASSERT(this, IsFixedArray(fixed_array));
   int32_t first_val;
   bool constant_first = ToInt32Constant(first_element_inclusive, first_val);
   int32_t last_val;
   bool constent_last = ToInt32Constant(last_element_exclusive, last_val);
   if (constant_first && constent_last) {
     int delta = last_val - first_val;
     DCHECK(delta >= 0);
     if (delta <= kElementLoopUnrollThreshold) {
       if (direction == ForEachDirection::kForward) {
         for (int i = first_val; i < last_val; ++i) {
@@ skipping 40 matching lines @@
       (kMaxRegularHeapObjectSize - base_size) / kPointerSize;
   GotoIf(IntPtrOrSmiGreaterThan(
              element_count, IntPtrOrSmiConstant(max_newspace_parameters, mode),
              mode),
          doesnt_fit);
 }
 
 void CodeStubAssembler::InitializeFieldsWithRoot(
     Node* object, Node* start_offset, Node* end_offset,
     Heap::RootListIndex root_index) {
+  CSA_SLOW_ASSERT(this, TaggedIsNotSmi(object));
   start_offset = IntPtrAdd(start_offset, IntPtrConstant(-kHeapObjectTag));
   end_offset = IntPtrAdd(end_offset, IntPtrConstant(-kHeapObjectTag));
   Node* root_value = LoadRoot(root_index);
   BuildFastLoop(end_offset, start_offset,
                 [this, object, root_value](Node* current) {
                   StoreNoWriteBarrier(MachineRepresentation::kTagged, object,
                                       current, root_value);
                 },
                 -kPointerSize, INTPTR_PARAMETERS,
                 CodeStubAssembler::IndexAdvanceMode::kPre);
 }
 
 void CodeStubAssembler::BranchIfNumericRelationalComparison(
     RelationalComparisonMode mode, Node* lhs, Node* rhs, Label* if_true,
     Label* if_false) {
+  CSA_SLOW_ASSERT(this, IsNumber(lhs));
+  CSA_SLOW_ASSERT(this, IsNumber(rhs));
+
   Label end(this);
   VARIABLE(result, MachineRepresentation::kTagged);
 
   // Shared entry for floating point comparison.
   Label do_fcmp(this);
   VARIABLE(var_fcmp_lhs, MachineRepresentation::kFloat64);
   VARIABLE(var_fcmp_rhs, MachineRepresentation::kFloat64);
 
   // Check if the {lhs} is a Smi or a HeapObject.
   Label if_lhsissmi(this), if_lhsisnotsmi(this);
@@ skipping 91 matching lines @@
 void CodeStubAssembler::GotoUnlessNumberLessThan(Node* lhs, Node* rhs,
                                                  Label* if_false) {
   Label if_true(this);
   BranchIfNumericRelationalComparison(kLessThan, lhs, rhs, &if_true, if_false);
   BIND(&if_true);
 }
 
 Node* CodeStubAssembler::RelationalComparison(RelationalComparisonMode mode,
                                               Node* lhs, Node* rhs,
                                               Node* context) {
+  CSA_SLOW_ASSERT(this, IsNumber(lhs));
+  CSA_SLOW_ASSERT(this, IsNumber(rhs));
+
   Label return_true(this), return_false(this), end(this);
   VARIABLE(result, MachineRepresentation::kTagged);
 
   // Shared entry for floating point comparison.
   Label do_fcmp(this);
   VARIABLE(var_fcmp_lhs, MachineRepresentation::kFloat64);
   VARIABLE(var_fcmp_rhs, MachineRepresentation::kFloat64);
 
   // We might need to loop several times due to ToPrimitive and/or ToNumber
   // conversions.
@@ skipping 1481 matching lines @@
 
   BIND(&return_false);
   var_result.Bind(FalseConstant());
   Goto(&return_result);
 
   BIND(&return_result);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::NumberInc(Node* value) {
+  CSA_SLOW_ASSERT(this, IsNumber(value));
+
   VARIABLE(var_result, MachineRepresentation::kTagged);
   VARIABLE(var_finc_value, MachineRepresentation::kFloat64);
   Label if_issmi(this), if_isnotsmi(this), do_finc(this), end(this);
   Branch(TaggedIsSmi(value), &if_issmi, &if_isnotsmi);
 
   BIND(&if_issmi);
   {
     // Try fast Smi addition first.
     Node* one = SmiConstant(Smi::FromInt(1));
     Node* pair = IntPtrAddWithOverflow(BitcastTaggedToWord(value),
@@ skipping 32 matching lines @@
     Node* finc_result = Float64Add(finc_value, one);
     var_result.Bind(AllocateHeapNumberWithValue(finc_result));
     Goto(&end);
   }
 
   BIND(&end);
   return var_result.value();
 }
 
 Node* CodeStubAssembler::NumberDec(Node* value) {
+  CSA_SLOW_ASSERT(this, IsNumber(value));
+
   VARIABLE(var_result, MachineRepresentation::kTagged);
   VARIABLE(var_fdec_value, MachineRepresentation::kFloat64);
   Label if_issmi(this), if_isnotsmi(this), do_fdec(this), end(this);
   Branch(TaggedIsSmi(value), &if_issmi, &if_isnotsmi);
 
   BIND(&if_issmi);
   {
     // Try fast Smi addition first.
     Node* one = SmiConstant(Smi::FromInt(1));
     Node* pair = IntPtrSubWithOverflow(BitcastTaggedToWord(value),
@@ skipping 384 matching lines @@
       Load(MachineType::Uint8(),
            ExternalConstant(
                ExternalReference::promise_hook_or_debug_is_active_address(
                    isolate())));
   return Word32NotEqual(promise_hook_or_debug_is_active, Int32Constant(0));
 }
 
 Node* CodeStubAssembler::AllocateFunctionWithMapAndContext(Node* map,
                                                            Node* shared_info,
                                                            Node* context) {
+  CSA_SLOW_ASSERT(this, IsMap(map));
+
   Node* const code = BitcastTaggedToWord(
       LoadObjectField(shared_info, SharedFunctionInfo::kCodeOffset));
   Node* const code_entry =
       IntPtrAdd(code, IntPtrConstant(Code::kHeaderSize - kHeapObjectTag));
 
   Node* const fun = Allocate(JSFunction::kSize);
   StoreMapNoWriteBarrier(fun, map);
   StoreObjectFieldRoot(fun, JSObject::kPropertiesOffset,
                        Heap::kEmptyFixedArrayRootIndex);
   StoreObjectFieldRoot(fun, JSObject::kElementsOffset,
@@ skipping 66 matching lines @@
         formatted.c_str(), TENURED);
     CallRuntime(Runtime::kGlobalPrint, NoContextConstant(),
                 HeapConstant(string));
   }
   CallRuntime(Runtime::kDebugPrint, NoContextConstant(), tagged_value);
 #endif
 }
 
 }  // namespace internal
 }  // namespace v8