Reviewers: fschneider,
Description:
Bailout on possible direct eval calls.
Environment structure for such calls is different from normal global calls.
[email protected]
BUG=chromium:122681
Please review this at https://chromiumcodereview.appspot.com/10024060/
SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge
Affected files:
M src/hydrogen.cc
Index: src/hydrogen.cc
diff --git a/src/hydrogen.cc b/src/hydrogen.cc
index
f9d41910f31edb9f1bbbda6ac22ec0ce5935d1c0..2b999cb768dd2239e69a527c3e50a2f423887992
100644
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -2454,6 +2454,10 @@ HGraph* HGraphBuilder::CreateGraph() {
Bailout("function with illegal redeclaration");
return NULL;
}
+ if (scope->calls_eval()) {
+ Bailout("function calls eval");
+ return NULL;
+ }
SetUpScope(scope);
// Add an edge to the body entry. This is warty: the graph's start
@@ -5936,6 +5940,10 @@ void HGraphBuilder::VisitCall(Call* expr) {
VariableProxy* proxy = expr->expression()->AsVariableProxy();
bool global_call = proxy != NULL && proxy->var()->IsUnallocated();
+ if (proxy != NULL && proxy->var()->is_possibly_eval()) {
+ return Bailout("possible direct call to eval");
+ }
+
if (global_call) {
Variable* var = proxy->var();
bool known_global_function = false;
--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev
