From 0a7e7383ece53616c77a4856718fa046b55d0082 Mon Sep 17 00:00:00 2001
From: Omer Katz <omerkatz@chromium.org>
Date: Wed, 7 Dec 2022 13:15:19 +0100
Subject: [PATCH] [heap] Gate heap verification behind runtime flag

Most verification calls are gated behined both a build flag and a
runtime flag. Some calls were missing the runtime flag.

Bug: v8:12612
Change-Id: I482bf7cd3900e860f9db1932f9490d1af9b19df1
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4085007
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Commit-Queue: Omer Katz <omerkatz@chromium.org>
Cr-Commit-Position: refs/heads/main@{#84932}
---
 src/deoptimizer/translated-state.cc     |  1 +
 src/heap/mark-compact.cc                | 16 +++++++---------
 src/objects/contexts.cc                 |  2 +-
 src/regexp/experimental/experimental.cc |  6 +++---
 src/runtime/runtime-object.cc           |  6 ++++--
 5 files changed, 16 insertions(+), 15 deletions(-)

diff --git a/src/deoptimizer/translated-state.cc b/src/deoptimizer/translated-state.cc
index dfbfb37a1b..42f2a2bba0 100644
--- a/src/deoptimizer/translated-state.cc
+++ b/src/deoptimizer/translated-state.cc
@@ -2256,6 +2256,7 @@ void TranslatedState::UpdateFromPreviouslyMaterializedObjects() {
 
 void TranslatedState::VerifyMaterializedObjects() {
 #if VERIFY_HEAP
+  if (!v8_flags.verify_heap) return;
   int length = static_cast<int>(object_positions_.size());
   for (int i = 0; i < length; i++) {
     TranslatedValue* slot = GetValueByObjectIndex(i);
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index ec940a3525..49cbaea44f 100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -962,17 +962,13 @@ void MarkCompactCollector::VerifyMarking() {
   if (v8_flags.verify_heap) {
     FullMarkingVerifier verifier(heap());
     verifier.Run();
-  }
-#endif
-#ifdef VERIFY_HEAP
-  if (v8_flags.verify_heap) {
     heap()->old_space()->VerifyLiveBytes();
     heap()->code_space()->VerifyLiveBytes();
     if (heap()->shared_space()) heap()->shared_space()->VerifyLiveBytes();
     if (v8_flags.minor_mc && heap()->paged_new_space())
       heap()->paged_new_space()->paged_space()->VerifyLiveBytes();
   }
-#endif
+#endif  // VERIFY_HEAP
 }
 
 namespace {
@@ -3614,7 +3610,7 @@ void MarkCompactCollector::ClearWeakCollections() {
                   non_atomic_marking_state()->IsBlackOrGrey(heap_object));
         }
       }
-#endif
+#endif  // VERIFY_HEAP
       if (!ShouldMarkObject(key)) continue;
       if (!non_atomic_marking_state()->IsBlackOrGrey(key)) {
         table.RemoveEntry(i);
@@ -4817,7 +4813,7 @@ void MarkCompactCollector::Evacuate() {
     FullEvacuationVerifier verifier(heap());
     verifier.Run();
   }
-#endif
+#endif  // VERIFY_HEAP
 }
 
 class UpdatingItem : public ParallelWorkItem {
@@ -6021,8 +6017,10 @@ void MinorMarkCompactCollector::StartMarking() {
       heap()->isolate(), marking_state(), local_marking_worklists());
 
 #ifdef VERIFY_HEAP
-  for (Page* page : *heap()->new_space()) {
-    CHECK(page->marking_bitmap<AccessMode::NON_ATOMIC>()->IsClean());
+  if (v8_flags.verify_heap) {
+    for (Page* page : *heap()->new_space()) {
+      CHECK(page->marking_bitmap<AccessMode::NON_ATOMIC>()->IsClean());
+    }
   }
 #endif  // VERIFY_HEAP
 }
diff --git a/src/objects/contexts.cc b/src/objects/contexts.cc
index a1b99fa970..88f3c99707 100644
--- a/src/objects/contexts.cc
+++ b/src/objects/contexts.cc
@@ -534,7 +534,7 @@ void Context::VerifyExtensionSlot(HeapObject extension) {
 void Context::set_extension(HeapObject object, WriteBarrierMode mode) {
   DCHECK(scope_info().HasContextExtensionSlot());
 #ifdef VERIFY_HEAP
-  VerifyExtensionSlot(object);
+  if (v8_flags.verify_heap) VerifyExtensionSlot(object);
 #endif
   set(EXTENSION_INDEX, object, mode);
 }
diff --git a/src/regexp/experimental/experimental.cc b/src/regexp/experimental/experimental.cc
index a09267d3b9..309dab3b6a 100644
--- a/src/regexp/experimental/experimental.cc
+++ b/src/regexp/experimental/experimental.cc
@@ -38,7 +38,7 @@ bool ExperimentalRegExp::IsCompiled(Handle<JSRegExp> re, Isolate* isolate) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
   DCHECK_EQ(re->type_tag(), JSRegExp::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  re->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) re->JSRegExpVerify(isolate);
 #endif
 
   static constexpr bool kIsLatin1 = true;
@@ -102,7 +102,7 @@ bool ExperimentalRegExp::Compile(Isolate* isolate, Handle<JSRegExp> re) {
   DCHECK(v8_flags.enable_experimental_regexp_engine);
   DCHECK_EQ(re->type_tag(), JSRegExp::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  re->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) re->JSRegExpVerify(isolate);
 #endif
 
   Handle<String> source(re->source(), isolate);
@@ -210,7 +210,7 @@ MaybeHandle<Object> ExperimentalRegExp::Exec(
   DCHECK(v8_flags.enable_experimental_regexp_engine);
   DCHECK_EQ(regexp->type_tag(), JSRegExp::EXPERIMENTAL);
 #ifdef VERIFY_HEAP
-  regexp->JSRegExpVerify(isolate);
+  if (v8_flags.verify_heap) regexp->JSRegExpVerify(isolate);
 #endif
 
   if (!IsCompiled(regexp, isolate) && !Compile(isolate, regexp)) {
diff --git a/src/runtime/runtime-object.cc b/src/runtime/runtime-object.cc
index 5255ee2680..f110e5e649 100644
--- a/src/runtime/runtime-object.cc
+++ b/src/runtime/runtime-object.cc
@@ -219,8 +219,10 @@ bool DeleteObjectPropertyFast(Isolate* isolate, Handle<JSReceiver> receiver,
   // Finally, perform the map rollback.
   receiver->set_map(*parent_map, kReleaseStore);
 #if VERIFY_HEAP
-  receiver->HeapObjectVerify(isolate);
-  receiver->property_array().PropertyArrayVerify(isolate);
+  if (v8_flags.verify_heap) {
+    receiver->HeapObjectVerify(isolate);
+    receiver->property_array().PropertyArrayVerify(isolate);
+  }
 #endif
 
   // If the {descriptor} was "const" so far, we need to update the