[test] Crash on invalid intrinsic use unless --fuzzing is on

For example, when --fuzzing is off, %OptimizeFunctionOnNextCall now crashes when given a non-function argument. The following behaviors remain unchanged for now: - %DeoptimizeFunction continues to do nothing if the function is not optimized. - %DeoptimizeNow continues to do nothing if the top-most JS function is not optimized. - %OptimizeOSR continues to do nothing if the function already has optimized code. Bug: v8:10249 Change-Id: I35d2f3d50ce3f94c8ffccabe50fb4df2b70ce028 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2137406 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67121}

[test] Crash on invalid intrinsic use unless --fuzzing is on
For example, when --fuzzing is off, %OptimizeFunctionOnNextCall now crashes when given a non-function argument. The following behaviors remain unchanged for now: - %DeoptimizeFunction continues to do nothing if the function is not optimized. - %DeoptimizeNow continues to do nothing if the top-most JS function is not optimized. - %OptimizeOSR continues to do nothing if the function already has optimized code. Bug: v8:10249 Change-Id: I35d2f3d50ce3f94c8ffccabe50fb4df2b70ce028 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2137406 Commit-Queue: Georg Neis <neis@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Reviewed-by: Michael Achenbach <machenbach@chromium.org> Reviewed-by: Clemens Backes <clemensb@chromium.org> Cr-Commit-Position: refs/heads/master@{#67121}
aff70262 · Georg Neis · Commit Bot · 90140db6 · aff70262 · aff70262
Commit aff70262 authored Apr 14, 2020 by Georg Neis Committed by Commit Bot Apr 14, 2020
16 changed files
--- a/src/runtime/runtime-test.cc
+++ b/src/runtime/runtime-test.cc
--- a/test/cctest/test-api.cc
+++ b/test/cctest/test-api.cc
@@ -24433,8 +24433,6 @@ TEST(TurboAsmDisablesDetach) {
      "}"
      "var buffer = new ArrayBuffer(4096);"
      "var module = Module(this, {}, buffer);"
-      "%PrepareFunctionForOptimization(module.load);"
-      "%OptimizeFunctionOnNextCall(module.load);"
      "module.load();"
      "buffer";

@@ -24450,8 +24448,6 @@ TEST(TurboAsmDisablesDetach) {
      "}"
      "var buffer = new ArrayBuffer(4096);"
      "var module = Module(this, {}, buffer);"
-      "%PrepareFunctionForOptimization(module.store);"
-      "%OptimizeFunctionOnNextCall(module.store);"
      "module.store();"
      "buffer";


--- a/test/inspector/debugger/asm-js-breakpoint-before-exec-expected.txt
+++ b/test/inspector/debugger/asm-js-breakpoint-before-exec-expected.txt
@@ -5,7 +5,7 @@ Running test: enableDebugger
 Running test: addScript
 Script nr 1 parsed!
 First script; assuming testFunction.
-Flooding script with breakpoints for the lines 3 to 21...
+Flooding script with breakpoints for the lines 3 to 19...
 Setting breakpoint on line 3
 error: undefined
 Setting breakpoint on line 4
@@ -38,36 +38,26 @@ Setting breakpoint on line 17
 error: undefined
 Setting breakpoint on line 18
 error: undefined
-Setting breakpoint on line 19
-error: undefined
-Setting breakpoint on line 20
-error: undefined

 Running test: runTestFunction
 Script nr 2 parsed!
 Paused #1
-  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":17,"columnNumber":2}
+  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":17,"columnNumber":12}
  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 Paused #2
  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":18,"columnNumber":2}
  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 Paused #3
-  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":19,"columnNumber":12}
-  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
-Paused #4
-  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":2}
-  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
-Paused #5
  - [0] {"functionName":"call_debugger","function_lineNumber":13,"function_columnNumber":24,"lineNumber":14,"columnNumber":4}
  - [1] {"functionName":"callDebugger","lineNumber":5,"columnNumber":6}
  - [2] {"functionName":"redirectFun","lineNumber":8,"columnNumber":6}
-  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":2}
+  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":18,"columnNumber":2}
  - [4] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
-Paused #6
+Paused #4
  - [0] {"functionName":"call_debugger","function_lineNumber":13,"function_columnNumber":24,"lineNumber":15,"columnNumber":2}
  - [1] {"functionName":"callDebugger","lineNumber":5,"columnNumber":6}
  - [2] {"functionName":"redirectFun","lineNumber":8,"columnNumber":6}
-  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":2}
+  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":18,"columnNumber":2}
  - [4] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}

 Running test: finished

--- a/test/inspector/debugger/asm-js-breakpoint-before-exec.js
+++ b/test/inspector/debugger/asm-js-breakpoint-before-exec.js
@@ -25,8 +25,6 @@ function testFunction() {
    debugger;
  }

-  %PrepareFunctionForOptimization(generateAsmJs);
-  %OptimizeFunctionOnNextCall(generateAsmJs);
  var fun = generateAsmJs(this, {'call_debugger': call_debugger}, undefined);
  fun();
 }

--- a/test/inspector/debugger/asm-js-breakpoint-during-exec-expected.txt
+++ b/test/inspector/debugger/asm-js-breakpoint-during-exec-expected.txt
@@ -11,10 +11,10 @@ Paused #1
  - [0] {"functionName":"call_debugger","function_lineNumber":13,"function_columnNumber":24,"lineNumber":14,"columnNumber":4}
  - [1] {"functionName":"callDebugger","lineNumber":5,"columnNumber":6}
  - [2] {"functionName":"redirectFun","lineNumber":8,"columnNumber":6}
-  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":2}
+  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":18,"columnNumber":2}
  - [4] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 First time paused, setting breakpoints!
-Flooding script with breakpoints for all lines (0 - 24)...
+Flooding script with breakpoints for all lines (0 - 22)...
 Setting breakpoint on line 0
 error: undefined
 Setting breakpoint on line 1
@@ -59,27 +59,23 @@ Setting breakpoint on line 20
 error: undefined
 Setting breakpoint on line 21
 error: undefined
-Setting breakpoint on line 22
-error: undefined
-Setting breakpoint on line 23
-error: undefined
 Script nr 3 parsed!
 Resuming...
 Paused #2
  - [0] {"functionName":"call_debugger","function_lineNumber":13,"function_columnNumber":24,"lineNumber":15,"columnNumber":2}
  - [1] {"functionName":"callDebugger","lineNumber":5,"columnNumber":6}
  - [2] {"functionName":"redirectFun","lineNumber":8,"columnNumber":6}
-  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":2}
+  - [3] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":18,"columnNumber":2}
  - [4] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 Script nr 4 parsed!
 Resuming...
 Paused #3
-  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":22,"columnNumber":17}
+  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":20,"columnNumber":17}
  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 Script nr 5 parsed!
 Resuming...
 Paused #4
-  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":23,"columnNumber":2}
+  - [0] {"functionName":"testFunction","function_lineNumber":0,"function_columnNumber":21,"lineNumber":21,"columnNumber":2}
  - [1] {"functionName":"","function_lineNumber":0,"function_columnNumber":0,"lineNumber":0,"columnNumber":0}
 Script nr 6 parsed!
 Resuming...

--- a/test/inspector/debugger/asm-js-breakpoint-during-exec.js
+++ b/test/inspector/debugger/asm-js-breakpoint-during-exec.js
@@ -25,8 +25,6 @@ function testFunction() {
    debugger;
  }

-  %PrepareFunctionForOptimization(generateAsmJs);
-  %OptimizeFunctionOnNextCall(generateAsmJs);
  var fun = generateAsmJs(this, {'call_debugger': call_debugger}, undefined);
  fun();


--- a/test/mjsunit/asm/load-elimination.js
+++ b/test/mjsunit/asm/load-elimination.js
@@ -23,5 +23,3 @@ var foo = (function(stdlib, foreign, heap) {

 assertEquals(0x1234, foo());
 assertEquals(0x1234, foo());
-%OptimizeFunctionOnNextCall(foo);
-assertEquals(0x1234, foo());
--- a/test/mjsunit/compiler/osr-infinite.js
+++ b/test/mjsunit/compiler/osr-infinite.js
@@ -11,7 +11,6 @@ function thrower() {
  if (x == 5)  %OptimizeOsr(1);
  if (x == 10) throw "terminate";
 }
-%PrepareFunctionForOptimization(thrower);

 %NeverOptimizeFunction(thrower);  // Don't want to inline the thrower.
 %NeverOptimizeFunction(test);     // Don't want to inline the func into test.

--- a/test/mjsunit/es6/regress/regress-411237.js
+++ b/test/mjsunit/es6/regress/regress-411237.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax
-
-%PrepareFunctionForOptimization(print);
-try {
-  %OptimizeFunctionOnNextCall(print);
-} catch(e) { }
-
-try {
-  function* f() {
-  }
-  %PrepareFunctionForOptimization(f);
-  %OptimizeFunctionOnNextCall(f);
-} catch(e) { }
--- a/test/mjsunit/mjsunit.status
+++ b/test/mjsunit/mjsunit.status
@@ -1137,6 +1137,7 @@

  # interrupt_budget overrides don't work with TurboProp.
  'interrupt-budget-override': [SKIP],
+  'never-optimize': [SKIP],
 }],  # variant == turboprop

 ##############################################################################

--- a/test/mjsunit/never-optimize.js
+++ b/test/mjsunit/never-optimize.js
@@ -25,38 +25,23 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-// Flags: --allow-natives-syntax --opt --no-always-opt
+// Flags: --allow-natives-syntax --opt --no-always-opt --no-use-osr
+// Flags: --interrupt-budget=1024

-function o1() {
-}
+function o1() { }
 %PrepareFunctionForOptimization(o1);
-
 o1(); o1();
 %OptimizeFunctionOnNextCall(o1);
 o1();
-
-// Check that the given function was optimized.
 assertOptimized(o1);

 // Test the %NeverOptimizeFunction runtime call.
+function u1(i) { return i+1 }
+function u2(i) { return i+1 }
 %NeverOptimizeFunction(u1);
-function u1() {
-}
-
-function u2() {
+for (let i = 0; i < 1000; ++i) {
  u1();
+  u2();
 }
-%PrepareFunctionForOptimization(u1);
-%PrepareFunctionForOptimization(u2);
-
-u1(); u1();
-u2(); u2();
-
-%OptimizeFunctionOnNextCall(u1);
-%OptimizeFunctionOnNextCall(u2);
-
-u1(); u1();
-u2(); u2();
-
 assertUnoptimized(u1);
 assertOptimized(u2);
--- a/test/mjsunit/regress/regress-1365.js
+++ b/test/mjsunit/regress/regress-1365.js
@@ -43,7 +43,6 @@ assertEquals(Object.prototype, Object.prototype.valueOf());
 assertThrows(callGlobalValueOf);
 assertThrows(callGlobalHasOwnProperty);

-%OptimizeFunctionOnNextCall(Object.prototype.valueOf);
 Object.prototype.valueOf();

 assertEquals(Object.prototype, Object.prototype.valueOf());

--- a/test/mjsunit/regress/regress-347542.js
+++ b/test/mjsunit/regress/regress-347542.js
-// Copyright 2014 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax
-
-function foo() {};
-%PrepareFunctionForOptimization(foo);
-foo();
-%OptimizeFunctionOnNextCall(foo);
-foo();
-%NeverOptimizeFunction(foo);
--- a/test/mjsunit/regress/regress-447756.js
+++ b/test/mjsunit/regress/regress-447756.js
@@ -42,7 +42,8 @@ function TestOptimizedCode() {
  assertSame(Infinity, 1 / a1.byteOffset);
 }

-%OptimizeFunctionOnNextCall(Uint8Array);
-for (var i = 0; i < 1000; i++) {
-  TestOptimizedCode();
-}
+%PrepareFunctionForOptimization(TestOptimizedCode);
+TestOptimizedCode();
+TestOptimizedCode();
+%OptimizeFunctionOnNextCall(TestOptimizedCode);
+TestOptimizedCode();
--- a/test/mjsunit/regress/regress-491481.js
+++ b/test/mjsunit/regress/regress-491481.js
-// Copyright 2015 the V8 project authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-// Flags: --allow-natives-syntax
-
-try {
-%OptimizeFunctionOnNextCall(print);
-try {
-  __f_16();
-} catch(e) { print(e); }
-try {
-  __f_10();
-} catch(e) {; }
-} catch(e) {}
--- a/test/mjsunit/regress/regress-crbug-754177.js
+++ b/test/mjsunit/regress/regress-crbug-754177.js
@@ -2,11 +2,14 @@
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

-// Flags: --allow-natives-syntax
+// Flags: --allow-natives-syntax  --fuzzing

-// Do not crash on non-JSFunction input.
+// Do not crash on non-JSFunction input when fuzzing.
 %NeverOptimizeFunction(undefined);
 %NeverOptimizeFunction(true);
 %NeverOptimizeFunction(1);
 %NeverOptimizeFunction({});
 assertThrows("%NeverOptimizeFunction()", SyntaxError);
+
+%PrepareFunctionForOptimization(print);
+%OptimizeFunctionOnNextCall(print);