diff --git a/src/heap/concurrent-marking.cc b/src/heap/concurrent-marking.cc
index eadd3b432f..3886c2a9a9 100644
--- a/src/heap/concurrent-marking.cc
+++ b/src/heap/concurrent-marking.cc
@@ -245,7 +245,7 @@ class ConcurrentMarkingVisitor final
     DCHECK(length->IsSmi());
     int size = FixedArray::SizeFor(Smi::ToInt(length));
     VisitMapPointer(object, object->map_slot());
-    FixedArray::BodyDescriptor::IterateBody(object, size, this);
+    FixedArray::BodyDescriptor::IterateBody(map, object, size, this);
     return size;
   }
 
@@ -266,7 +266,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(object)) return 0;
     int size = BytecodeArray::BodyDescriptorWeak::SizeOf(map, object);
     VisitMapPointer(object, object->map_slot());
-    BytecodeArray::BodyDescriptorWeak::IterateBody(object, size, this);
+    BytecodeArray::BodyDescriptorWeak::IterateBody(map, object, size, this);
     object->MakeOlder();
     return size;
   }
@@ -275,7 +275,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(object)) return 0;
     int size = AllocationSite::BodyDescriptorWeak::SizeOf(map, object);
     VisitMapPointer(object, object->map_slot());
-    AllocationSite::BodyDescriptorWeak::IterateBody(object, size, this);
+    AllocationSite::BodyDescriptorWeak::IterateBody(map, object, size, this);
     return size;
   }
 
@@ -283,7 +283,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(object)) return 0;
     int size = CodeDataContainer::BodyDescriptorWeak::SizeOf(map, object);
     VisitMapPointer(object, object->map_slot());
-    CodeDataContainer::BodyDescriptorWeak::IterateBody(object, size, this);
+    CodeDataContainer::BodyDescriptorWeak::IterateBody(map, object, size, this);
     return size;
   }
 
@@ -291,7 +291,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(object)) return 0;
     int size = JSFunction::BodyDescriptorWeak::SizeOf(map, object);
     VisitMapPointer(object, object->map_slot());
-    JSFunction::BodyDescriptorWeak::IterateBody(object, size, this);
+    JSFunction::BodyDescriptorWeak::IterateBody(map, object, size, this);
     return size;
   }
 
@@ -317,7 +317,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(object)) return 0;
     int size = Context::BodyDescriptorWeak::SizeOf(map, object);
     VisitMapPointer(object, object->map_slot());
-    Context::BodyDescriptorWeak::IterateBody(object, size, this);
+    Context::BodyDescriptorWeak::IterateBody(map, object, size, this);
     return size;
   }
 
@@ -325,7 +325,7 @@ class ConcurrentMarkingVisitor final
     if (!ShouldVisit(array)) return 0;
     VisitMapPointer(array, array->map_slot());
     int size = TransitionArray::BodyDescriptor::SizeOf(map, array);
-    TransitionArray::BodyDescriptor::IterateBody(array, size, this);
+    TransitionArray::BodyDescriptor::IterateBody(map, array, size, this);
     weak_objects_->transition_arrays.Push(task_id_, array);
     return size;
   }
@@ -405,7 +405,7 @@ class ConcurrentMarkingVisitor final
     SlotSnapshottingVisitor visitor(&slot_snapshot_);
     visitor.VisitPointer(object,
                          reinterpret_cast<Object**>(object->map_slot()));
-    T::BodyDescriptor::IterateBody(object, size, &visitor);
+    T::BodyDescriptor::IterateBody(map, object, size, &visitor);
     return slot_snapshot_;
   }
   ConcurrentMarking::MarkingWorklist::View shared_;
diff --git a/src/heap/invalidated-slots-inl.h b/src/heap/invalidated-slots-inl.h
index 8ca289cf1a..577c4a5576 100644
--- a/src/heap/invalidated-slots-inl.h
+++ b/src/heap/invalidated-slots-inl.h
@@ -61,7 +61,7 @@ bool InvalidatedSlotsFilter::IsValid(Address slot) {
     // we can return true here.
     return true;
   }
-  return invalidated_object_->IsValidSlot(offset);
+  return invalidated_object_->IsValidSlot(invalidated_object_->map(), offset);
 }
 
 }  // namespace internal
diff --git a/src/heap/mark-compact-inl.h b/src/heap/mark-compact-inl.h
index 99de660a44..8a1e783ea5 100644
--- a/src/heap/mark-compact-inl.h
+++ b/src/heap/mark-compact-inl.h
@@ -28,7 +28,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                    MarkingState>::VisitAllocationSite(Map* map,
                                                       AllocationSite* object) {
   int size = AllocationSite::BodyDescriptorWeak::SizeOf(map, object);
-  AllocationSite::BodyDescriptorWeak::IterateBody(object, size, this);
+  AllocationSite::BodyDescriptorWeak::IterateBody(map, object, size, this);
   return size;
 }
 
@@ -38,7 +38,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                    MarkingState>::VisitBytecodeArray(Map* map,
                                                      BytecodeArray* array) {
   int size = BytecodeArray::BodyDescriptor::SizeOf(map, array);
-  BytecodeArray::BodyDescriptor::IterateBody(array, size, this);
+  BytecodeArray::BodyDescriptor::IterateBody(map, array, size, this);
   array->MakeOlder();
   return size;
 }
@@ -48,7 +48,7 @@ template <FixedArrayVisitationMode fixed_array_mode,
 int MarkingVisitor<fixed_array_mode, retaining_path_mode, MarkingState>::
     VisitCodeDataContainer(Map* map, CodeDataContainer* object) {
   int size = CodeDataContainer::BodyDescriptorWeak::SizeOf(map, object);
-  CodeDataContainer::BodyDescriptorWeak::IterateBody(object, size, this);
+  CodeDataContainer::BodyDescriptorWeak::IterateBody(map, object, size, this);
   return size;
 }
 
@@ -71,7 +71,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
     heap_->TracePossibleWrapper(object);
   }
   int size = JSObject::BodyDescriptor::SizeOf(map, object);
-  JSObject::BodyDescriptor::IterateBody(object, size, this);
+  JSObject::BodyDescriptor::IterateBody(map, object, size, this);
   return size;
 }
 
@@ -81,7 +81,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                    MarkingState>::VisitJSFunction(Map* map,
                                                   JSFunction* object) {
   int size = JSFunction::BodyDescriptorWeak::SizeOf(map, object);
-  JSFunction::BodyDescriptorWeak::IterateBody(object, size, this);
+  JSFunction::BodyDescriptorWeak::IterateBody(map, object, size, this);
   return size;
 }
 
@@ -98,7 +98,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode, MarkingState>::
   // Skip visiting the backing hash table containing the mappings and the
   // pointer to the other enqueued weak collections, both are post-processed.
   int size = JSWeakCollection::BodyDescriptorWeak::SizeOf(map, weak_collection);
-  JSWeakCollection::BodyDescriptorWeak::IterateBody(weak_collection, size,
+  JSWeakCollection::BodyDescriptorWeak::IterateBody(map, weak_collection, size,
                                                     this);
 
   // Partially initialized weak collection is enqueued, but table is ignored.
@@ -135,7 +135,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                    MarkingState>::VisitNativeContext(Map* map,
                                                      Context* context) {
   int size = Context::BodyDescriptorWeak::SizeOf(map, context);
-  Context::BodyDescriptorWeak::IterateBody(context, size, this);
+  Context::BodyDescriptorWeak::IterateBody(map, context, size, this);
   return size;
 }
 
@@ -145,7 +145,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode,
                    MarkingState>::VisitTransitionArray(Map* map,
                                                        TransitionArray* array) {
   int size = TransitionArray::BodyDescriptor::SizeOf(map, array);
-  TransitionArray::BodyDescriptor::IterateBody(array, size, this);
+  TransitionArray::BodyDescriptor::IterateBody(map, array, size, this);
   collector_->AddTransitionArray(array);
   return size;
 }
@@ -327,7 +327,7 @@ int MarkingVisitor<fixed_array_mode, retaining_path_mode, MarkingState>::
       }
     }
   } else {
-    FixedArray::BodyDescriptor::IterateBody(object, object_size, this);
+    FixedArray::BodyDescriptor::IterateBody(map, object, object_size, this);
   }
   return object_size;
 }
diff --git a/src/heap/mark-compact.cc b/src/heap/mark-compact.cc
index 3ac0badad5..4b3c4e7966 100644
--- a/src/heap/mark-compact.cc
+++ b/src/heap/mark-compact.cc
@@ -1443,16 +1443,14 @@ class EvacuateVisitorBase : public HeapObjectVisitor {
       base->heap_->CopyBlock(dst_addr, src_addr, size);
       if (mode != MigrationMode::kFast)
         base->ExecuteMigrationObservers(dest, src, dst, size);
-      dst->IterateBodyFast(dst->map()->instance_type(), size,
-                           base->record_visitor_);
+      dst->IterateBodyFast(dst->map(), size, base->record_visitor_);
     } else if (dest == CODE_SPACE) {
       DCHECK_CODEOBJECT_SIZE(size, base->heap_->code_space());
       base->heap_->CopyBlock(dst_addr, src_addr, size);
       Code::cast(dst)->Relocate(dst_addr - src_addr);
       if (mode != MigrationMode::kFast)
         base->ExecuteMigrationObservers(dest, src, dst, size);
-      dst->IterateBodyFast(dst->map()->instance_type(), size,
-                           base->record_visitor_);
+      dst->IterateBodyFast(dst->map(), size, base->record_visitor_);
     } else {
       DCHECK_OBJECT_SIZE(size);
       DCHECK(dest == NEW_SPACE);
@@ -1771,7 +1769,7 @@ void MarkCompactCollector::ProcessTopOptimizedFrame(ObjectVisitor* visitor) {
     if (it.frame()->type() == StackFrame::OPTIMIZED) {
       Code* code = it.frame()->LookupCode();
       if (!code->CanDeoptAt(it.frame()->pc())) {
-        Code::BodyDescriptor::IterateBody(code, visitor);
+        Code::BodyDescriptor::IterateBody(code->map(), code, visitor);
       }
       return;
     }
@@ -3717,7 +3715,7 @@ class ToSpaceUpdatingItem : public UpdatingItem {
       HeapObject* object = HeapObject::FromAddress(cur);
       Map* map = object->map();
       int size = object->SizeFromMap(map);
-      object->IterateBody(map->instance_type(), size, &visitor);
+      object->IterateBody(map, size, &visitor);
       cur += size;
     }
   }
diff --git a/src/heap/objects-visiting-inl.h b/src/heap/objects-visiting-inl.h
index 8384cead02..c3ab0e6616 100644
--- a/src/heap/objects-visiting-inl.h
+++ b/src/heap/objects-visiting-inl.h
@@ -80,7 +80,7 @@ void HeapVisitor<ResultType, ConcreteVisitor>::VisitMapPointer(
     int size = type::BodyDescriptor::SizeOf(map, object);           \
     if (visitor->ShouldVisitMapPointer())                           \
       visitor->VisitMapPointer(object, object->map_slot());         \
-    type::BodyDescriptor::IterateBody(object, size, visitor);       \
+    type::BodyDescriptor::IterateBody(map, object, size, visitor);  \
     return static_cast<ResultType>(size);                           \
   }
 TYPED_VISITOR_ID_LIST(VISIT)
@@ -100,7 +100,7 @@ ResultType HeapVisitor<ResultType, ConcreteVisitor>::VisitNativeContext(
   int size = Context::BodyDescriptor::SizeOf(map, object);
   if (visitor->ShouldVisitMapPointer())
     visitor->VisitMapPointer(object, object->map_slot());
-  Context::BodyDescriptor::IterateBody(object, size, visitor);
+  Context::BodyDescriptor::IterateBody(map, object, size, visitor);
   return static_cast<ResultType>(size);
 }
 
@@ -123,7 +123,7 @@ ResultType HeapVisitor<ResultType, ConcreteVisitor>::VisitJSObjectFast(
   int size = JSObject::FastBodyDescriptor::SizeOf(map, object);
   if (visitor->ShouldVisitMapPointer())
     visitor->VisitMapPointer(object, object->map_slot());
-  JSObject::FastBodyDescriptor::IterateBody(object, size, visitor);
+  JSObject::FastBodyDescriptor::IterateBody(map, object, size, visitor);
   return static_cast<ResultType>(size);
 }
 
@@ -135,7 +135,7 @@ ResultType HeapVisitor<ResultType, ConcreteVisitor>::VisitJSApiObject(
   int size = JSObject::BodyDescriptor::SizeOf(map, object);
   if (visitor->ShouldVisitMapPointer())
     visitor->VisitMapPointer(object, object->map_slot());
-  JSObject::BodyDescriptor::IterateBody(object, size, visitor);
+  JSObject::BodyDescriptor::IterateBody(map, object, size, visitor);
   return static_cast<ResultType>(size);
 }
 
@@ -147,7 +147,7 @@ ResultType HeapVisitor<ResultType, ConcreteVisitor>::VisitStruct(
   int size = map->instance_size();
   if (visitor->ShouldVisitMapPointer())
     visitor->VisitMapPointer(object, object->map_slot());
-  StructBodyDescriptor::IterateBody(object, size, visitor);
+  StructBodyDescriptor::IterateBody(map, object, size, visitor);
   return static_cast<ResultType>(size);
 }
 
@@ -166,7 +166,7 @@ int NewSpaceVisitor<ConcreteVisitor>::VisitJSFunction(Map* map,
                                                       JSFunction* object) {
   ConcreteVisitor* visitor = static_cast<ConcreteVisitor*>(this);
   int size = JSFunction::BodyDescriptorWeak::SizeOf(map, object);
-  JSFunction::BodyDescriptorWeak::IterateBody(object, size, visitor);
+  JSFunction::BodyDescriptorWeak::IterateBody(map, object, size, visitor);
   return size;
 }
 
@@ -175,7 +175,7 @@ int NewSpaceVisitor<ConcreteVisitor>::VisitNativeContext(Map* map,
                                                          Context* object) {
   ConcreteVisitor* visitor = static_cast<ConcreteVisitor*>(this);
   int size = Context::BodyDescriptor::SizeOf(map, object);
-  Context::BodyDescriptor::IterateBody(object, size, visitor);
+  Context::BodyDescriptor::IterateBody(map, object, size, visitor);
   return size;
 }
 
diff --git a/src/heap/scavenger.cc b/src/heap/scavenger.cc
index ffd78a64c0..6c65cdf12a 100644
--- a/src/heap/scavenger.cc
+++ b/src/heap/scavenger.cc
@@ -103,7 +103,7 @@ void Scavenger::IterateAndScavengePromotedObject(HeapObject* target, int size) {
       is_compacting_ &&
       heap()->incremental_marking()->atomic_marking_state()->IsBlack(target);
   IterateAndScavengePromotedObjectsVisitor visitor(heap(), this, record_slots);
-  target->IterateBody(target->map()->instance_type(), size, &visitor);
+  target->IterateBody(target->map(), size, &visitor);
 }
 
 void Scavenger::AddPageToSweeperIfNecessary(MemoryChunk* page) {
diff --git a/src/heap/spaces.cc b/src/heap/spaces.cc
index b596f89407..b0552a992d 100644
--- a/src/heap/spaces.cc
+++ b/src/heap/spaces.cc
@@ -1930,7 +1930,7 @@ void PagedSpace::Verify(ObjectVisitor* visitor) {
 
       // All the interior pointers should be contained in the heap.
       int size = object->Size();
-      object->IterateBody(map->instance_type(), size, visitor);
+      object->IterateBody(map, size, visitor);
       CHECK(object->address() + size <= top);
       end_of_previous_object = object->address() + size;
     }
@@ -2382,7 +2382,7 @@ void NewSpace::Verify() {
       // All the interior pointers should be contained in the heap.
       VerifyPointersVisitor visitor;
       int size = object->Size();
-      object->IterateBody(map->instance_type(), size, &visitor);
+      object->IterateBody(map, size, &visitor);
 
       current += size;
     } else {
@@ -3473,7 +3473,7 @@ void LargeObjectSpace::Verify() {
     // Byte arrays and strings don't have interior pointers.
     if (object->IsAbstractCode()) {
       VerifyPointersVisitor code_visitor;
-      object->IterateBody(map->instance_type(), object->Size(), &code_visitor);
+      object->IterateBody(map, object->Size(), &code_visitor);
     } else if (object->IsFixedArray()) {
       FixedArray* array = FixedArray::cast(object);
       for (int j = 0; j < array->length(); j++) {
diff --git a/src/objects-body-descriptors-inl.h b/src/objects-body-descriptors-inl.h
index a3cbdcbc79..d22ef97bf1 100644
--- a/src/objects-body-descriptors-inl.h
+++ b/src/objects-body-descriptors-inl.h
@@ -20,30 +20,32 @@ int FlexibleBodyDescriptor<start_offset>::SizeOf(Map* map, HeapObject* object) {
   return object->SizeFromMap(map);
 }
 
-bool BodyDescriptorBase::IsValidSlotImpl(HeapObject* obj, int offset) {
-  if (!FLAG_unbox_double_fields || obj->map()->HasFastPointerLayout()) {
+bool BodyDescriptorBase::IsValidSlotImpl(Map* map, HeapObject* obj,
+                                         int offset) {
+  if (!FLAG_unbox_double_fields || map->HasFastPointerLayout()) {
     return true;
   } else {
     DCHECK(FLAG_unbox_double_fields);
     DCHECK(IsAligned(offset, kPointerSize));
 
-    LayoutDescriptorHelper helper(obj->map());
+    LayoutDescriptorHelper helper(map);
     DCHECK(!helper.all_fields_tagged());
     return helper.IsTagged(offset);
   }
 }
 
 template <typename ObjectVisitor>
-void BodyDescriptorBase::IterateBodyImpl(HeapObject* obj, int start_offset,
-                                         int end_offset, ObjectVisitor* v) {
-  if (!FLAG_unbox_double_fields || obj->map()->HasFastPointerLayout()) {
+void BodyDescriptorBase::IterateBodyImpl(Map* map, HeapObject* obj,
+                                         int start_offset, int end_offset,
+                                         ObjectVisitor* v) {
+  if (!FLAG_unbox_double_fields || map->HasFastPointerLayout()) {
     IteratePointers(obj, start_offset, end_offset, v);
   } else {
     DCHECK(FLAG_unbox_double_fields);
     DCHECK(IsAligned(start_offset, kPointerSize) &&
            IsAligned(end_offset, kPointerSize));
 
-    LayoutDescriptorHelper helper(obj->map());
+    LayoutDescriptorHelper helper(map);
     DCHECK(!helper.all_fields_tagged());
     for (int offset = start_offset; offset < end_offset;) {
       int end_of_region_offset;
@@ -87,15 +89,15 @@ class JSObject::BodyDescriptor final : public BodyDescriptorBase {
  public:
   static const int kStartOffset = JSReceiver::kPropertiesOrHashOffset;
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     if (offset < kStartOffset) return false;
-    return IsValidSlotImpl(obj, offset);
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
-    IterateBodyImpl(obj, kStartOffset, object_size, v);
+    IterateBodyImpl(map, obj, kStartOffset, object_size, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) {
@@ -107,12 +109,12 @@ class JSObject::FastBodyDescriptor final : public BodyDescriptorBase {
  public:
   static const int kStartOffset = JSReceiver::kPropertiesOrHashOffset;
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset >= kStartOffset;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointers(obj, kStartOffset, object_size, v);
   }
@@ -124,20 +126,21 @@ class JSObject::FastBodyDescriptor final : public BodyDescriptorBase {
 
 class JSFunction::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     if (offset < kSizeWithoutPrototype) return true;
-    if (offset < kSizeWithPrototype && obj->map()->has_prototype_slot()) {
+    if (offset < kSizeWithPrototype && map->has_prototype_slot()) {
       return true;
     }
-    return IsValidSlotImpl(obj, offset);
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
-    int header_size = JSFunction::cast(obj)->GetHeaderSize();
+    int header_size = JSFunction::GetHeaderSize(map->has_prototype_slot());
+    DCHECK_EQ(header_size, JSObject::GetHeaderSize(map));
     IteratePointers(obj, kPropertiesOrHashOffset, header_size, v);
-    IterateBodyImpl(obj, header_size, object_size, v);
+    IterateBodyImpl(map, obj, header_size, object_size, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) {
@@ -151,20 +154,20 @@ class JSArrayBuffer::BodyDescriptor final : public BodyDescriptorBase {
   STATIC_ASSERT(kBackingStoreOffset + kPointerSize == kBitFieldSlot);
   STATIC_ASSERT(kBitFieldSlot + kPointerSize == kSize);
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     if (offset < kBitFieldSlot) return true;
     if (offset < kSize) return false;
-    return IsValidSlotImpl(obj, offset);
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     // Array buffers contain raw pointers that the GC does not know about. These
     // are stored at kBackStoreOffset and later, so we do not iterate over
     // those.
     IteratePointers(obj, kPropertiesOrHashOffset, kBackingStoreOffset, v);
-    IterateBodyImpl(obj, kSize, object_size, v);
+    IterateBodyImpl(map, obj, kSize, object_size, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) {
@@ -176,14 +179,14 @@ template <typename Derived>
 class SmallOrderedHashTable<Derived>::BodyDescriptor final
     : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     Derived* table = reinterpret_cast<Derived*>(obj);
     if (offset < table->GetDataTableStartOffset()) return false;
-    return IsValidSlotImpl(obj, offset);
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     Derived* table = reinterpret_cast<Derived*>(obj);
     int start = table->GetDataTableStartOffset();
@@ -200,10 +203,12 @@ class SmallOrderedHashTable<Derived>::BodyDescriptor final
 
 class ByteArray::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -213,13 +218,13 @@ class ByteArray::BodyDescriptor final : public BodyDescriptorBase {
 
 class BytecodeArray::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset >= kConstantPoolOffset &&
            offset <= kSourcePositionTableOffset;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointer(obj, kConstantPoolOffset, v);
     IteratePointer(obj, kHandlerTableOffset, v);
@@ -234,10 +239,12 @@ class BytecodeArray::BodyDescriptor final : public BodyDescriptorBase {
 
 class BigInt::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -247,10 +254,12 @@ class BigInt::BodyDescriptor final : public BodyDescriptorBase {
 
 class FixedDoubleArray::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -261,12 +270,12 @@ class FixedDoubleArray::BodyDescriptor final : public BodyDescriptorBase {
 
 class FixedTypedArrayBase::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset == kBasePointerOffset;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointer(obj, kBasePointerOffset, v);
   }
@@ -278,12 +287,12 @@ class FixedTypedArrayBase::BodyDescriptor final : public BodyDescriptorBase {
 
 class WeakFixedArray::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset >= kHeaderSize;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IterateMaybeWeakPointers(obj, kHeaderSize, object_size, v);
   }
@@ -295,10 +304,12 @@ class WeakFixedArray::BodyDescriptor final : public BodyDescriptorBase {
 
 class FeedbackMetadata::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -309,13 +320,13 @@ class FeedbackMetadata::BodyDescriptor final : public BodyDescriptorBase {
 
 class FeedbackVector::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset == kSharedFunctionInfoOffset ||
            offset == kOptimizedCodeOffset || offset >= kFeedbackSlotsOffset;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointer(obj, kSharedFunctionInfoOffset, v);
     IterateMaybeWeakPointer(obj, kOptimizedCodeOffset, v);
@@ -333,18 +344,18 @@ class JSWeakCollection::BodyDescriptorImpl final : public BodyDescriptorBase {
   STATIC_ASSERT(kTableOffset + kPointerSize == kNextOffset);
   STATIC_ASSERT(kNextOffset + kPointerSize == kSize);
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
-    return IsValidSlotImpl(obj, offset);
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     if (body_visiting_policy == kIgnoreWeakness) {
-      IterateBodyImpl(obj, kPropertiesOrHashOffset, object_size, v);
+      IterateBodyImpl(map, obj, kPropertiesOrHashOffset, object_size, v);
     } else {
       IteratePointers(obj, kPropertiesOrHashOffset, kTableOffset, v);
-      IterateBodyImpl(obj, kSize, object_size, v);
+      IterateBodyImpl(map, obj, kSize, object_size, v);
     }
   }
 
@@ -355,10 +366,12 @@ class JSWeakCollection::BodyDescriptorImpl final : public BodyDescriptorBase {
 
 class Foreign::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     v->VisitExternalReference(Foreign::cast(obj),
                               reinterpret_cast<Address*>(HeapObject::RawField(
@@ -370,24 +383,26 @@ class Foreign::BodyDescriptor final : public BodyDescriptorBase {
 
 class ExternalOneByteString::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
-                                 ObjectVisitor* v) {
-  }
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
+                                 ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* object) { return kSize; }
 };
 
 class ExternalTwoByteString::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
-                                 ObjectVisitor* v) {
-  }
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
+                                 ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* object) { return kSize; }
 };
@@ -402,13 +417,13 @@ class Code::BodyDescriptor final : public BodyDescriptorBase {
                 kCodeDataContainerOffset);
   STATIC_ASSERT(kCodeDataContainerOffset + kPointerSize == kDataStart);
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     // Slots in code can't be invalid because we never trim code objects.
     return true;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, ObjectVisitor* v) {
+  static inline void IterateBody(Map* map, HeapObject* obj, ObjectVisitor* v) {
     int mode_mask = RelocInfo::kCodeTargetMask |
                     RelocInfo::ModeMask(RelocInfo::EMBEDDED_OBJECT) |
                     RelocInfo::ModeMask(RelocInfo::EXTERNAL_REFERENCE) |
@@ -427,9 +442,9 @@ class Code::BodyDescriptor final : public BodyDescriptorBase {
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
-    IterateBody(obj, v);
+    IterateBody(map, obj, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) {
@@ -439,10 +454,12 @@ class Code::BodyDescriptor final : public BodyDescriptorBase {
 
 class SeqOneByteString::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -453,10 +470,12 @@ class SeqOneByteString::BodyDescriptor final : public BodyDescriptorBase {
 
 class SeqTwoByteString::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) { return false; }
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
+    return false;
+  }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {}
 
   static inline int SizeOf(Map* map, HeapObject* obj) {
@@ -467,17 +486,17 @@ class SeqTwoByteString::BodyDescriptor final : public BodyDescriptorBase {
 
 class WasmInstanceObject::BodyDescriptor final : public BodyDescriptorBase {
  public:
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     if (offset < kMemoryStartOffset) return true;
     if (offset < kCompiledModuleOffset) return false;
-    return IsValidSlotImpl(obj, offset);
+    return IsValidSlotImpl(map, obj, offset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointers(obj, kPropertiesOrHashOffset, kFirstUntaggedOffset, v);
-    IterateBodyImpl(obj, kSize, object_size, v);
+    IterateBodyImpl(map, obj, kSize, object_size, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) {
@@ -486,25 +505,25 @@ class WasmInstanceObject::BodyDescriptor final : public BodyDescriptorBase {
 };
 
 template <typename Op, typename ReturnType, typename T1, typename T2,
-          typename T3>
-ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3) {
+          typename T3, typename T4>
+ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3, T4 p4) {
   if (type < FIRST_NONSTRING_TYPE) {
     switch (type & kStringRepresentationMask) {
       case kSeqStringTag:
         return ReturnType();
       case kConsStringTag:
-        return Op::template apply<ConsString::BodyDescriptor>(p1, p2, p3);
+        return Op::template apply<ConsString::BodyDescriptor>(p1, p2, p3, p4);
       case kThinStringTag:
-        return Op::template apply<ThinString::BodyDescriptor>(p1, p2, p3);
+        return Op::template apply<ThinString::BodyDescriptor>(p1, p2, p3, p4);
       case kSlicedStringTag:
-        return Op::template apply<SlicedString::BodyDescriptor>(p1, p2, p3);
+        return Op::template apply<SlicedString::BodyDescriptor>(p1, p2, p3, p4);
       case kExternalStringTag:
         if ((type & kStringEncodingMask) == kOneByteStringTag) {
           return Op::template apply<ExternalOneByteString::BodyDescriptor>(
-              p1, p2, p3);
+              p1, p2, p3, p4);
         } else {
           return Op::template apply<ExternalTwoByteString::BodyDescriptor>(
-              p1, p2, p3);
+              p1, p2, p3, p4);
         }
     }
     UNREACHABLE();
@@ -524,23 +543,26 @@ ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3) {
     case NATIVE_CONTEXT_TYPE:
     case SCRIPT_CONTEXT_TYPE:
     case WITH_CONTEXT_TYPE:
-      return Op::template apply<FixedArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<FixedArray::BodyDescriptor>(p1, p2, p3, p4);
     case WEAK_FIXED_ARRAY_TYPE:
-      return Op::template apply<WeakFixedArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<WeakFixedArray::BodyDescriptor>(p1, p2, p3, p4);
     case FIXED_DOUBLE_ARRAY_TYPE:
       return ReturnType();
     case FEEDBACK_METADATA_TYPE:
-      return Op::template apply<FeedbackMetadata::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<FeedbackMetadata::BodyDescriptor>(p1, p2, p3,
+                                                                  p4);
     case PROPERTY_ARRAY_TYPE:
-      return Op::template apply<PropertyArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<PropertyArray::BodyDescriptor>(p1, p2, p3, p4);
     case DESCRIPTOR_ARRAY_TYPE:
-      return Op::template apply<DescriptorArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<DescriptorArray::BodyDescriptor>(p1, p2, p3,
+                                                                 p4);
     case TRANSITION_ARRAY_TYPE:
-      return Op::template apply<TransitionArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<TransitionArray::BodyDescriptor>(p1, p2, p3,
+                                                                 p4);
     case FEEDBACK_CELL_TYPE:
-      return Op::template apply<FeedbackCell::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<FeedbackCell::BodyDescriptor>(p1, p2, p3, p4);
     case FEEDBACK_VECTOR_TYPE:
-      return Op::template apply<FeedbackVector::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<FeedbackVector::BodyDescriptor>(p1, p2, p3, p4);
     case JS_OBJECT_TYPE:
     case JS_ERROR_TYPE:
     case JS_ARGUMENTS_TYPE:
@@ -574,46 +596,49 @@ ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3) {
     case WASM_MEMORY_TYPE:
     case WASM_MODULE_TYPE:
     case WASM_TABLE_TYPE:
-      return Op::template apply<JSObject::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<JSObject::BodyDescriptor>(p1, p2, p3, p4);
     case WASM_INSTANCE_TYPE:
-      return Op::template apply<WasmInstanceObject::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<WasmInstanceObject::BodyDescriptor>(p1, p2, p3,
+                                                                    p4);
     case JS_WEAK_MAP_TYPE:
     case JS_WEAK_SET_TYPE:
-      return Op::template apply<JSWeakCollection::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<JSWeakCollection::BodyDescriptor>(p1, p2, p3,
+                                                                  p4);
     case JS_ARRAY_BUFFER_TYPE:
-      return Op::template apply<JSArrayBuffer::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<JSArrayBuffer::BodyDescriptor>(p1, p2, p3, p4);
     case JS_FUNCTION_TYPE:
-      return Op::template apply<JSFunction::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<JSFunction::BodyDescriptor>(p1, p2, p3, p4);
     case ODDBALL_TYPE:
-      return Op::template apply<Oddball::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Oddball::BodyDescriptor>(p1, p2, p3, p4);
     case JS_PROXY_TYPE:
-      return Op::template apply<JSProxy::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<JSProxy::BodyDescriptor>(p1, p2, p3, p4);
     case FOREIGN_TYPE:
-      return Op::template apply<Foreign::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Foreign::BodyDescriptor>(p1, p2, p3, p4);
     case MAP_TYPE:
-      return Op::template apply<Map::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Map::BodyDescriptor>(p1, p2, p3, p4);
     case CODE_TYPE:
-      return Op::template apply<Code::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Code::BodyDescriptor>(p1, p2, p3, p4);
     case CELL_TYPE:
-      return Op::template apply<Cell::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Cell::BodyDescriptor>(p1, p2, p3, p4);
     case PROPERTY_CELL_TYPE:
-      return Op::template apply<PropertyCell::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<PropertyCell::BodyDescriptor>(p1, p2, p3, p4);
     case WEAK_CELL_TYPE:
-      return Op::template apply<WeakCell::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<WeakCell::BodyDescriptor>(p1, p2, p3, p4);
     case SYMBOL_TYPE:
-      return Op::template apply<Symbol::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<Symbol::BodyDescriptor>(p1, p2, p3, p4);
     case BYTECODE_ARRAY_TYPE:
-      return Op::template apply<BytecodeArray::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<BytecodeArray::BodyDescriptor>(p1, p2, p3, p4);
     case SMALL_ORDERED_HASH_SET_TYPE:
       return Op::template apply<
           SmallOrderedHashTable<SmallOrderedHashSet>::BodyDescriptor>(p1, p2,
-                                                                      p3);
+                                                                      p3, p4);
     case SMALL_ORDERED_HASH_MAP_TYPE:
       return Op::template apply<
           SmallOrderedHashTable<SmallOrderedHashMap>::BodyDescriptor>(p1, p2,
-                                                                      p3);
+                                                                      p3, p4);
     case CODE_DATA_CONTAINER_TYPE:
-      return Op::template apply<CodeDataContainer::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<CodeDataContainer::BodyDescriptor>(p1, p2, p3,
+                                                                   p4);
     case HEAP_NUMBER_TYPE:
     case MUTABLE_HEAP_NUMBER_TYPE:
     case FILLER_TYPE:
@@ -622,27 +647,30 @@ ReturnType BodyDescriptorApply(InstanceType type, T1 p1, T2 p2, T3 p3) {
     case BIGINT_TYPE:
       return ReturnType();
 
-#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size) \
-  case FIXED_##TYPE##_ARRAY_TYPE:                       \
-    return Op::template apply<FixedTypedArrayBase::BodyDescriptor>(p1, p2, p3);
+#define TYPED_ARRAY_CASE(Type, type, TYPE, ctype, size)                        \
+  case FIXED_##TYPE##_ARRAY_TYPE:                                              \
+    return Op::template apply<FixedTypedArrayBase::BodyDescriptor>(p1, p2, p3, \
+                                                                   p4);
       TYPED_ARRAYS(TYPED_ARRAY_CASE)
 #undef TYPED_ARRAY_CASE
 
     case SHARED_FUNCTION_INFO_TYPE: {
-      return Op::template apply<SharedFunctionInfo::BodyDescriptor>(p1, p2, p3);
+      return Op::template apply<SharedFunctionInfo::BodyDescriptor>(p1, p2, p3,
+                                                                    p4);
     }
 
 #define MAKE_STRUCT_CASE(NAME, Name, name) case NAME##_TYPE:
       STRUCT_LIST(MAKE_STRUCT_CASE)
 #undef MAKE_STRUCT_CASE
       if (type == ALLOCATION_SITE_TYPE) {
-        return Op::template apply<AllocationSite::BodyDescriptor>(p1, p2, p3);
+        return Op::template apply<AllocationSite::BodyDescriptor>(p1, p2, p3,
+                                                                  p4);
       } else {
-        return Op::template apply<StructBodyDescriptor>(p1, p2, p3);
+        return Op::template apply<StructBodyDescriptor>(p1, p2, p3, p4);
       }
     case LOAD_HANDLER_TYPE:
     case STORE_HANDLER_TYPE:
-      return Op::template apply<StructBodyDescriptor>(p1, p2, p3);
+      return Op::template apply<StructBodyDescriptor>(p1, p2, p3, p4);
     default:
       PrintF("Unknown type: %d\n", type);
       UNREACHABLE();
@@ -660,21 +688,22 @@ void HeapObject::IterateFast(ObjectVisitor* v) {
 template <typename ObjectVisitor>
 void HeapObject::IterateBodyFast(ObjectVisitor* v) {
   Map* m = map();
-  IterateBodyFast(m->instance_type(), SizeFromMap(m), v);
+  IterateBodyFast(m, SizeFromMap(m), v);
 }
 
 
 struct CallIterateBody {
   template <typename BodyDescriptor, typename ObjectVisitor>
-  static void apply(HeapObject* obj, int object_size, ObjectVisitor* v) {
-    BodyDescriptor::IterateBody(obj, object_size, v);
+  static void apply(Map* map, HeapObject* obj, int object_size,
+                    ObjectVisitor* v) {
+    BodyDescriptor::IterateBody(map, obj, object_size, v);
   }
 };
 
 template <typename ObjectVisitor>
-void HeapObject::IterateBodyFast(InstanceType type, int object_size,
-                                 ObjectVisitor* v) {
-  BodyDescriptorApply<CallIterateBody, void>(type, this, object_size, v);
+void HeapObject::IterateBodyFast(Map* map, int object_size, ObjectVisitor* v) {
+  BodyDescriptorApply<CallIterateBody, void>(map->instance_type(), map, this,
+                                             object_size, v);
 }
 }  // namespace internal
 }  // namespace v8
diff --git a/src/objects-body-descriptors.h b/src/objects-body-descriptors.h
index c33676f04c..d6baf86e11 100644
--- a/src/objects-body-descriptors.h
+++ b/src/objects-body-descriptors.h
@@ -18,13 +18,13 @@ namespace internal {
 //    It is used for invalid slots filtering. If the offset points outside
 //    of the object or to the map word, the result is UNDEFINED (!!!).
 //
-//   static bool IsValidSlot(HeapObject* obj, int offset);
+//   static bool IsValidSlot(Map* map, HeapObject* obj, int offset);
 //
 //
 // 2) Iterate object's body using stateful object visitor.
 //
 //   template <typename ObjectVisitor>
-//   static inline void IterateBody(HeapObject* obj, int object_size,
+//   static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
 //                                  ObjectVisitor* v);
 class BodyDescriptorBase BASE_EMBEDDED {
  public:
@@ -46,12 +46,13 @@ class BodyDescriptorBase BASE_EMBEDDED {
 
  protected:
   // Returns true for all header and embedder fields.
-  static inline bool IsValidSlotImpl(HeapObject* obj, int offset);
+  static inline bool IsValidSlotImpl(Map* map, HeapObject* obj, int offset);
 
   // Treats all header and embedder fields in the range as tagged.
   template <typename ObjectVisitor>
-  static inline void IterateBodyImpl(HeapObject* obj, int start_offset,
-                                     int end_offset, ObjectVisitor* v);
+  static inline void IterateBodyImpl(Map* map, HeapObject* obj,
+                                     int start_offset, int end_offset,
+                                     ObjectVisitor* v);
 };
 
 
@@ -65,19 +66,19 @@ class FixedBodyDescriptor final : public BodyDescriptorBase {
   static const int kEndOffset = end_offset;
   static const int kSize = size;
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return offset >= kStartOffset && offset < kEndOffset;
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, ObjectVisitor* v) {
+  static inline void IterateBody(Map* map, HeapObject* obj, ObjectVisitor* v) {
     IteratePointers(obj, start_offset, end_offset, v);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
-    IterateBody(obj, v);
+    IterateBody(map, obj, v);
   }
 
   static inline int SizeOf(Map* map, HeapObject* object) { return kSize; }
@@ -92,12 +93,12 @@ class FlexibleBodyDescriptor final : public BodyDescriptorBase {
  public:
   static const int kStartOffset = start_offset;
 
-  static bool IsValidSlot(HeapObject* obj, int offset) {
+  static bool IsValidSlot(Map* map, HeapObject* obj, int offset) {
     return (offset >= kStartOffset);
   }
 
   template <typename ObjectVisitor>
-  static inline void IterateBody(HeapObject* obj, int object_size,
+  static inline void IterateBody(Map* map, HeapObject* obj, int object_size,
                                  ObjectVisitor* v) {
     IteratePointers(obj, start_offset, object_size, v);
   }
diff --git a/src/objects.cc b/src/objects.cc
index 379d4bdc5c..435bb8f787 100644
--- a/src/objects.cc
+++ b/src/objects.cc
@@ -1341,8 +1341,7 @@ int JSObject::GetHeaderSize(InstanceType type,
     case JS_BOUND_FUNCTION_TYPE:
       return JSBoundFunction::kSize;
     case JS_FUNCTION_TYPE:
-      return function_has_prototype_slot ? JSFunction::kSizeWithPrototype
-                                         : JSFunction::kSizeWithoutPrototype;
+      return JSFunction::GetHeaderSize(function_has_prototype_slot);
     case JS_VALUE_TYPE:
       return JSValue::kSize;
     case JS_DATE_TYPE:
@@ -3479,27 +3478,24 @@ void HeapObject::Iterate(ObjectVisitor* v) { IterateFast<ObjectVisitor>(v); }
 
 void HeapObject::IterateBody(ObjectVisitor* v) {
   Map* m = map();
-  IterateBodyFast<ObjectVisitor>(m->instance_type(), SizeFromMap(m), v);
+  IterateBodyFast<ObjectVisitor>(m, SizeFromMap(m), v);
 }
 
-
-void HeapObject::IterateBody(InstanceType type, int object_size,
-                             ObjectVisitor* v) {
-  IterateBodyFast<ObjectVisitor>(type, object_size, v);
+void HeapObject::IterateBody(Map* map, int object_size, ObjectVisitor* v) {
+  IterateBodyFast<ObjectVisitor>(map, object_size, v);
 }
 
 
 struct CallIsValidSlot {
   template <typename BodyDescriptor>
-  static bool apply(HeapObject* obj, int offset, int) {
-    return BodyDescriptor::IsValidSlot(obj, offset);
+  static bool apply(Map* map, HeapObject* obj, int offset, int) {
+    return BodyDescriptor::IsValidSlot(map, obj, offset);
   }
 };
 
-
-bool HeapObject::IsValidSlot(int offset) {
+bool HeapObject::IsValidSlot(Map* map, int offset) {
   DCHECK_NE(0, offset);
-  return BodyDescriptorApply<CallIsValidSlot, bool>(map()->instance_type(),
+  return BodyDescriptorApply<CallIsValidSlot, bool>(map->instance_type(), map,
                                                     this, offset, 0);
 }
 
diff --git a/src/objects.h b/src/objects.h
index d5757494d2..faac8cce1d 100644
--- a/src/objects.h
+++ b/src/objects.h
@@ -1750,19 +1750,18 @@ class HeapObject: public Object {
   // If it's not performance critical iteration use the non-templatized
   // version.
   void IterateBody(ObjectVisitor* v);
-  void IterateBody(InstanceType type, int object_size, ObjectVisitor* v);
+  void IterateBody(Map* map, int object_size, ObjectVisitor* v);
 
   template <typename ObjectVisitor>
   inline void IterateBodyFast(ObjectVisitor* v);
 
   template <typename ObjectVisitor>
-  inline void IterateBodyFast(InstanceType type, int object_size,
-                              ObjectVisitor* v);
+  inline void IterateBodyFast(Map* map, int object_size, ObjectVisitor* v);
 
   // Returns true if the object contains a tagged value at given offset.
   // It is used for invalid slots filtering. If the offset points outside
   // of the object or to the map word, the result is UNDEFINED (!!!).
-  bool IsValidSlot(int offset);
+  bool IsValidSlot(Map* map, int offset);
 
   // Returns the heap object's size in bytes
   inline int Size() const;
@@ -3445,6 +3444,11 @@ class JSFunction: public JSObject {
   // Returns if this function has been compiled to native code yet.
   inline bool is_compiled();
 
+  static int GetHeaderSize(bool function_has_prototype_slot) {
+    return function_has_prototype_slot ? JSFunction::kSizeWithPrototype
+                                       : JSFunction::kSizeWithoutPrototype;
+  }
+
   // Prints the name of the function using PrintF.
   void PrintName(FILE* out = stdout);
 
diff --git a/src/snapshot/serializer.cc b/src/snapshot/serializer.cc
index 91bda6dece..a8547aeae2 100644
--- a/src/snapshot/serializer.cc
+++ b/src/snapshot/serializer.cc
@@ -667,12 +667,12 @@ void Serializer<AllocatorT>::ObjectSerializer::SerializeContent(Map* map,
     // For code objects, output raw bytes first.
     OutputCode(size);
     // Then iterate references via reloc info.
-    object_->IterateBody(map->instance_type(), size, this);
+    object_->IterateBody(map, size, this);
     // Finally skip to the end.
     serializer_->FlushSkip(SkipTo(object_->address() + size));
   } else {
     // For other objects, iterate references first.
-    object_->IterateBody(map->instance_type(), size, this);
+    object_->IterateBody(map, size, this);
     // Then output data payload, if any.
     OutputRawData(object_->address() + size);
   }