Revision: 11257 Author: [email protected] Date: Tue Apr 10 08:04:02 2012 Log: Merge r11256 from the bleeding_edge to the 3.9 branch.
Bailout on possible direct eval calls. Environment structure for such calls is different from normal global calls. [email protected] BUG=chromium:122681 Review URL: https://chromiumcodereview.appspot.com/10024060 ------------------------------------------------------------------------ Review URL: https://chromiumcodereview.appspot.com/10033025 http://code.google.com/p/v8/source/detail?r=11257 Modified: /branches/3.9/src/hydrogen.cc /branches/3.9/src/version.cc ======================================= --- /branches/3.9/src/hydrogen.cc Fri Mar 23 08:47:56 2012 +++ /branches/3.9/src/hydrogen.cc Tue Apr 10 08:04:02 2012 @@ -2454,6 +2454,10 @@ Bailout("function with illegal redeclaration"); return NULL; } + if (scope->calls_eval()) { + Bailout("function calls eval"); + return NULL; + } SetUpScope(scope); // Add an edge to the body entry. This is warty: the graph's start @@ -5865,6 +5869,10 @@ VariableProxy* proxy = expr->expression()->AsVariableProxy(); bool global_call = proxy != NULL && proxy->var()->IsUnallocated(); + if (proxy != NULL && proxy->var()->is_possibly_eval()) { + return Bailout("possible direct call to eval"); + } + if (global_call) { Variable* var = proxy->var(); bool known_global_function = false; ======================================= --- /branches/3.9/src/version.cc Thu Mar 29 01:20:24 2012 +++ /branches/3.9/src/version.cc Tue Apr 10 08:04:02 2012 @@ -35,7 +35,7 @@ #define MAJOR_VERSION 3 #define MINOR_VERSION 9 #define BUILD_NUMBER 24 -#define PATCH_LEVEL 7 +#define PATCH_LEVEL 8 // Use 1 for candidates and 0 otherwise. // (Boolean macro values are not supported by all preprocessors.) #define IS_CANDIDATE_VERSION 0 -- v8-dev mailing list [email protected] http://groups.google.com/group/v8-dev
