Revision: 11256 Author: [email protected] Date: Tue Apr 10 06:41:00 2012 Log: Bailout on possible direct eval calls.
Environment structure for such calls is different from normal global calls. [email protected] BUG=chromium:122681 Review URL: https://chromiumcodereview.appspot.com/10024060 http://code.google.com/p/v8/source/detail?r=11256 Modified: /branches/bleeding_edge/src/hydrogen.cc ======================================= --- /branches/bleeding_edge/src/hydrogen.cc Thu Apr 5 08:36:31 2012 +++ /branches/bleeding_edge/src/hydrogen.cc Tue Apr 10 06:41:00 2012 @@ -2454,6 +2454,10 @@ Bailout("function with illegal redeclaration"); return NULL; } + if (scope->calls_eval()) { + Bailout("function calls eval"); + return NULL; + } SetUpScope(scope); // Add an edge to the body entry. This is warty: the graph's start @@ -5936,6 +5940,10 @@ VariableProxy* proxy = expr->expression()->AsVariableProxy(); bool global_call = proxy != NULL && proxy->var()->IsUnallocated(); + if (proxy != NULL && proxy->var()->is_possibly_eval()) { + return Bailout("possible direct call to eval"); + } + if (global_call) { Variable* var = proxy->var(); bool known_global_function = false; -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
