[v8-dev] [turbofan] Disallow cross native context inlining. (issue 1213383002 by bmeurer@chromium.org)

[bmeu...@chromium.org via codereview.chromium.org]

Reviewers: jarin,

Description:
[turbofan] Disallow cross native context inlining.
R=ja...@chromium.org

Please review this at https://codereview.chromium.org/1213383002/

Base URL: https://chromium.googlesource.com/v8/v8.git@master

Affected files (+17, -1 lines):
  M src/compiler/js-inlining.cc


Index: src/compiler/js-inlining.cc
diff --git a/src/compiler/js-inlining.cc b/src/compiler/js-inlining.cc
index  
6d7de1d30df21621c02dda5590a722d387eb5dff..83de86428f816577b72bc08f123e15e9d1a85662  
100644
--- a/src/compiler/js-inlining.cc
+++ b/src/compiler/js-inlining.cc
@@ -251,6 +251,22 @@ Reduction JSInliner::Reduce(Node* node) {
     return NoChange();
   }

+  // Disallow cross native-context inlining for now. This means that all  
parts
+  // of the resulting code will operate on the same global object.
+  // This also prevents cross context leaks for asm.js code, where we could
+  // inline functions from a different context and hold on to that context  
(and
+  // closure) from the code object.
+  // TODO(turbofan): We might want to revisit this restriction later when  
we
+  // have a need for this, and we know how to model different native  
contexts
+  // in the same graph in a compositional way.
+  if (function->context()->native_context() !=
+      info_->context()->native_context()) {
+    TRACE("Not inlining %s into %s because of different native contexts\n",
+          function->shared()->DebugName()->ToCString().get(),
+          info_->shared_info()->DebugName()->ToCString().get());
+    return NoChange();
+  }
+
   Zone zone;
   ParseInfo parse_info(&zone, function);
   CompilationInfo info(&parse_info);
@@ -261,7 +277,7 @@ Reduction JSInliner::Reduce(Node* node) {

   if (info.scope()->arguments() != NULL &&  
is_sloppy(info.language_mode())) {
     // For now do not inline functions that use their arguments array.
-    TRACE("Not Inlining %s into %s because inlinee uses arguments array\n",
+    TRACE("Not inlining %s into %s because inlinee uses arguments array\n",
           function->shared()->DebugName()->ToCString().get(),
           info_->shared_info()->DebugName()->ToCString().get());
     return NoChange();


--
--
v8-dev mailing list
v8-dev@googlegroups.com
http://groups.google.com/group/v8-dev
--- 
You received this message because you are subscribed to the Google Groups "v8-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to v8-dev+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.