Reviewers: fschneider, Description: Merge r11256 from the bleeding_edge to the 3.9 branch.
Bailout on possible direct eval calls. Environment structure for such calls is different from normal global calls. [email protected] BUG=chromium:122681 Review URL: https://chromiumcodereview.appspot.com/10024060 ------------------------------------------------------------------------ Please review this at https://chromiumcodereview.appspot.com/10033025/ SVN Base: http://v8.googlecode.com/svn/branches/3.9/ Affected files: M src/hydrogen.cc M src/version.cc Index: src/hydrogen.cc =================================================================== --- src/hydrogen.cc (revision 11256) +++ src/hydrogen.cc (working copy) @@ -2454,6 +2454,10 @@ Bailout("function with illegal redeclaration"); return NULL; } + if (scope->calls_eval()) { + Bailout("function calls eval"); + return NULL; + } SetUpScope(scope); // Add an edge to the body entry. This is warty: the graph's start @@ -5865,6 +5869,10 @@ VariableProxy* proxy = expr->expression()->AsVariableProxy(); bool global_call = proxy != NULL && proxy->var()->IsUnallocated(); + if (proxy != NULL && proxy->var()->is_possibly_eval()) { + return Bailout("possible direct call to eval"); + } + if (global_call) { Variable* var = proxy->var(); bool known_global_function = false; Index: src/version.cc =================================================================== --- src/version.cc (revision 11256) +++ src/version.cc (working copy) @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 9 #define BUILD_NUMBER 24 -#define PATCH_LEVEL 7 +#define PATCH_LEVEL 8 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
