PPC/s390: [turbofan] Handle class constructor

Port e127f584 Original Commit Message: Handling of class constructors was moved from CallFunction to Call in [1]. When reducing calls with spread we forward varargs directly to CallFunction, if we are spreading to inlined arguments or arguments of the outermost function. In that case we didn't check for class constructors and therefore didn't raise an exception. This CL adds checks for class constructors to all JSCall* nodes in JSCallReducer that missed them before. [1] https://crrev.com/c/3186434 R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I02cba90369354f064201daa1bf8812e17cb2dc21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234040Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#77480}

PPC/s390: [turbofan] Handle class constructor
Port e127f584 Original Commit Message: Handling of class constructors was moved from CallFunction to Call in [1]. When reducing calls with spread we forward varargs directly to CallFunction, if we are spreading to inlined arguments or arguments of the outermost function. In that case we didn't check for class constructors and therefore didn't raise an exception. This CL adds checks for class constructors to all JSCall* nodes in JSCallReducer that missed them before. [1] https://crrev.com/c/3186434 R=pthier@chromium.org, joransiu@ca.ibm.com, junyan@redhat.com, midawson@redhat.com BUG= LOG=N Change-Id: I02cba90369354f064201daa1bf8812e17cb2dc21 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/3234040Reviewed-by: Junliang Yan <junyan@redhat.com> Commit-Queue: Milad Fa <mfarazma@redhat.com> Cr-Commit-Position: refs/heads/main@{#77480}
d219d39a · Milad Fa · V8 LUCI CQ · 4d64208e · d219d39a · d219d39a
Commit d219d39a authored Oct 20, 2021 by Milad Fa Committed by V8 LUCI CQ Oct 20, 2021
6 changed files
--- a/src/builtins/ppc/builtins-ppc.cc
+++ b/src/builtins/ppc/builtins-ppc.cc
@@ -2045,7 +2045,7 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
  //  -- r3 : the number of arguments (not including the receiver)
  //  -- r4 : the function to call (checked to be a JSFunction)
  // -----------------------------------
-  __ AssertFunction(r4);
+  __ AssertCallableFunction(r4);

  __ LoadTaggedPointerField(
      r5, FieldMemOperand(r4, JSFunction::kSharedFunctionInfoOffset), r0);

--- a/src/builtins/s390/builtins-s390.cc
+++ b/src/builtins/s390/builtins-s390.cc
@@ -2089,7 +2089,7 @@ void Builtins::Generate_CallFunction(MacroAssembler* masm,
  //  -- r2 : the number of arguments (not including the receiver)
  //  -- r3 : the function to call (checked to be a JSFunction)
  // -----------------------------------
-  __ AssertFunction(r3);
+  __ AssertCallableFunction(r3);

  __ LoadTaggedPointerField(
      r4, FieldMemOperand(r3, JSFunction::kSharedFunctionInfoOffset));

--- a/src/codegen/ppc/macro-assembler-ppc.cc
+++ b/src/codegen/ppc/macro-assembler-ppc.cc
@@ -2165,6 +2165,20 @@ void MacroAssembler::AssertFunction(Register object) {
  }
 }

+void MacroAssembler::AssertCallableFunction(Register object) {
+  if (!FLAG_debug_code) return;
+  ASM_CODE_COMMENT(this);
+  STATIC_ASSERT(kSmiTag == 0);
+  TestIfSmi(object, r0);
+  Check(ne, AbortReason::kOperandIsASmiAndNotAFunction);
+  push(object);
+  LoadMap(object, object);
+  CompareInstanceTypeRange(object, object, FIRST_CALLABLE_JS_FUNCTION_TYPE,
+                           LAST_CALLABLE_JS_FUNCTION_TYPE);
+  pop(object);
+  Check(le, AbortReason::kOperandIsNotACallableFunction);
+}
+
 void MacroAssembler::AssertBoundFunction(Register object) {
  if (FLAG_debug_code) {
    STATIC_ASSERT(kSmiTag == 0);

--- a/src/codegen/ppc/macro-assembler-ppc.h
+++ b/src/codegen/ppc/macro-assembler-ppc.h
@@ -1312,6 +1312,10 @@ class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
  // Abort execution if argument is not a JSFunction, enabled via --debug-code.
  void AssertFunction(Register object);

+  // Abort execution if argument is not a callable JSFunction, enabled via
+  // --debug-code.
+  void AssertCallableFunction(Register object);
+
  // Abort execution if argument is not a JSBoundFunction,
  // enabled via --debug-code.
  void AssertBoundFunction(Register object);

--- a/src/codegen/s390/macro-assembler-s390.cc
+++ b/src/codegen/s390/macro-assembler-s390.cc
@@ -2164,6 +2164,20 @@ void MacroAssembler::AssertFunction(Register object) {
  }
 }

+void MacroAssembler::AssertCallableFunction(Register object) {
+  if (!FLAG_debug_code) return;
+  ASM_CODE_COMMENT(this);
+  STATIC_ASSERT(kSmiTag == 0);
+  TestIfSmi(object);
+  Check(ne, AbortReason::kOperandIsASmiAndNotAFunction);
+  push(object);
+  LoadMap(object, object);
+  CompareInstanceTypeRange(object, object, FIRST_CALLABLE_JS_FUNCTION_TYPE,
+                           LAST_CALLABLE_JS_FUNCTION_TYPE);
+  pop(object);
+  Check(le, AbortReason::kOperandIsNotACallableFunction);
+}
+
 void MacroAssembler::AssertBoundFunction(Register object) {
  if (FLAG_debug_code) {
    STATIC_ASSERT(kSmiTag == 0);

--- a/src/codegen/s390/macro-assembler-s390.h
+++ b/src/codegen/s390/macro-assembler-s390.h
@@ -1492,6 +1492,10 @@ class V8_EXPORT_PRIVATE MacroAssembler : public TurboAssembler {
  // Abort execution if argument is not a JSFunction, enabled via --debug-code.
  void AssertFunction(Register object);

+  // Abort execution if argument is not a callable JSFunction, enabled via
+  // --debug-code.
+  void AssertCallableFunction(Register object);
+
  // Abort execution if argument is not a JSBoundFunction,
  // enabled via --debug-code.
  void AssertBoundFunction(Register object);