• mbrandy's avatar
    PPC: [turbofan] Don't use the CompareIC in JSGenericLowering. · c1507e15
    mbrandy authored
    Port d00da47b
    
    Original commit message:
        The CompareICStub produces an untagged raw word value, which has to be
        translated to true or false manually in the TurboFan code. But for lazy
        bailout after the CompareIC, we immediately go back to fullcodegen or
        Ignition with the raw value, to a location where both fullcodegen and
        Ignition expect a boolean value, which might crash or in the worst case
        (depending on the exact computation inside the CompareIC) could lead to
        arbitrary memory access.
    
        Short-term fix is to use the proper runtime functions (unified with the
        interpreter now) for comparisons. Next task is to provide optimized
        versions of these based on the CodeStubAssembler, which can then be used
        via code stubs in TurboFan or directly in handlers in the interpreter.
    
    R=bmeurer@chromium.org, joransiu@ca.ibm.com, jyan@ca.ibm.com, michael_dawson@ca.ibm.com
    BUG=v8:4788
    LOG=n
    
    Review URL: https://codereview.chromium.org/1745643002
    
    Cr-Commit-Position: refs/heads/master@{#34341}
    c1507e15
code-stubs-ppc.cc 202 KB