Remove bogus DCHECKs for API objects

Objects created through the API may be of different types then JS_API_* and WASM types. E.g. a JsGlobalProxy may be created through an ObjectTemplate. Bug: v8:8022 Change-Id: I393353cc89c82258d7ad3ba460b5bbd94af33090 Reviewed-on: https://chromium-review.googlesource.com/1169021 Commit-Queue: Michael Lippautz <mlippautz@chromium.org> Reviewed-by: Toon Verwaest <verwaest@chromium.org> Cr-Commit-Position: refs/heads/master@{#55035}
2018-08-10 09:39:14 +02:00 · 2018-08-10 09:39:14 +02:00 · 1536ef9052
commit 1536ef9052
parent e7070c2fab
3 changed files with 11 additions and 30 deletions
--- a/src/heap/heap.cc
+++ b/src/heap/heap.cc
@ -4836,7 +4836,7 @@ void Heap::SetEmbedderHeapTracer(EmbedderHeapTracer* tracer) {
 }

 void Heap::TracePossibleWrapper(JSObject* js_object) {
-  DCHECK(js_object->WasConstructedFromApiFunction());
+  DCHECK(js_object->IsApiWrapper());
  if (js_object->GetEmbedderFieldCount() >= 2 &&
      js_object->GetEmbedderField(0) &&
      js_object->GetEmbedderField(0) != ReadOnlyRoots(this).undefined_value() &&
--- a/src/objects.cc
+++ b/src/objects.cc
@ -3324,7 +3324,7 @@ bool JSObject::IsUnmodifiedApiObject(Object** o) {
  HeapObject* heap_object = HeapObject::cast(object);
  if (!object->IsJSObject()) return false;
  JSObject* js_object = JSObject::cast(object);
-  if (!js_object->WasConstructedFromApiFunction()) return false;
+  if (!js_object->IsApiWrapper()) return false;
  Object* maybe_constructor = js_object->map()->GetConstructor();
  if (!maybe_constructor->IsJSFunction()) return false;
  JSFunction* constructor = JSFunction::cast(maybe_constructor);
@ -16078,34 +16078,10 @@ bool FixedArrayBase::IsCowArray() const {
  return map() == GetReadOnlyRoots().fixed_cow_array_map();
 }

-bool JSObject::WasConstructedFromApiFunction() {
+bool JSObject::IsApiWrapper() {
  auto instance_type = map()->instance_type();
-  bool is_api_object = instance_type == JS_API_OBJECT_TYPE ||
+  return instance_type == JS_API_OBJECT_TYPE ||
         instance_type == JS_SPECIAL_API_OBJECT_TYPE;
-  bool is_wasm_object =
-      instance_type == WASM_GLOBAL_TYPE || instance_type == WASM_MEMORY_TYPE ||
-      instance_type == WASM_MODULE_TYPE ||
-      instance_type == WASM_INSTANCE_TYPE || instance_type == WASM_TABLE_TYPE;
-#ifdef ENABLE_SLOW_DCHECKS
-  if (FLAG_enable_slow_asserts) {
-    Object* maybe_constructor = map()->GetConstructor();
-    if (maybe_constructor->IsJSFunction()) {
-      JSFunction* constructor = JSFunction::cast(maybe_constructor);
-      DCHECK_EQ(constructor->shared()->IsApiFunction(),
-                is_api_object || is_wasm_object);
-    } else if (maybe_constructor->IsFunctionTemplateInfo()) {
-      DCHECK(is_api_object || is_wasm_object);
-    } else {
-      return false;
-    }
-  }
-#endif
-  // TODO(titzer): Clean this up somehow. WebAssembly objects should not be
-  // considered "constructed from API functions" even though they have
-  // function template info, since that would make the V8 GC identify them to
-  // the embedder, e.g. the Oilpan GC.
-  USE(is_wasm_object);
-  return is_api_object;
 }

 const char* Symbol::PrivateSymbolToName() const {
--- a/src/objects.h
+++ b/src/objects.h
@ -2520,7 +2520,12 @@ class JSObject: public JSReceiver {
  inline Object* GetEmbedderField(int index);
  inline void SetEmbedderField(int index, Object* value);
  inline void SetEmbedderField(int index, Smi* value);
-  bool WasConstructedFromApiFunction();
+
+  // Returns true when the object is potentially a wrapper that gets special
+  // garbage collection treatment.
+  // TODO(mlippautz): Make check exact and replace the pattern match in
+  // Heap::TracePossibleWrapper.
+  bool IsApiWrapper();

  // Returns a new map with all transitions dropped from the object's current
  // map and the ElementsKind set.