X87: [turbofan] Don't use the CompareIC in JSGenericLowering.

port d00da47b(r34335) original commit message: The CompareICStub produces an untagged raw word value, which has to be translated to true or false manually in the TurboFan code. But for lazy bailout after the CompareIC, we immediately go back to fullcodegen or Ignition with the raw value, to a location where both fullcodegen and Ignition expect a boolean value, which might crash or in the worst case (depending on the exact computation inside the CompareIC) could lead to arbitrary memory access. Short-term fix is to use the proper runtime functions (unified with the interpreter now) for comparisons. Next task is to provide optimized versions of these based on the CodeStubAssembler, which can then be used via code stubs in TurboFan or directly in handlers in the interpreter. BUG= Review URL: https://codereview.chromium.org/1744923002 Cr-Commit-Position: refs/heads/master@{#34372}

X87: [turbofan] Don't use the CompareIC in JSGenericLowering.
port d00da47b(r34335) original commit message: The CompareICStub produces an untagged raw word value, which has to be translated to true or false manually in the TurboFan code. But for lazy bailout after the CompareIC, we immediately go back to fullcodegen or Ignition with the raw value, to a location where both fullcodegen and Ignition expect a boolean value, which might crash or in the worst case (depending on the exact computation inside the CompareIC) could lead to arbitrary memory access. Short-term fix is to use the proper runtime functions (unified with the interpreter now) for comparisons. Next task is to provide optimized versions of these based on the CodeStubAssembler, which can then be used via code stubs in TurboFan or directly in handlers in the interpreter. BUG= Review URL: https://codereview.chromium.org/1744923002 Cr-Commit-Position: refs/heads/master@{#34372}
4a6f1512 · zhengxing.li · Commit bot · 0a287e23 · 4a6f1512
Commit 4a6f1512 authored Mar 01, 2016 by zhengxing.li Committed by Commit bot Mar 01, 2016
Show whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

code-stubs-x87.cc src/x87/code-stubs-x87.cc +1 -1

No files found.
--- a/src/x87/code-stubs-x87.cc
+++ b/src/x87/code-stubs-x87.cc
@@ -1155,7 +1155,7 @@ void CompareICStub::GenerateGeneric(MacroAssembler* masm) {
      FrameScope scope(masm, StackFrame::INTERNAL);
      __ Push(edx);
      __ Push(eax);
-      __ CallRuntime(strict() ? Runtime::kStrictEquals : Runtime::kEquals);
+      __ CallRuntime(strict() ? Runtime::kStrictEqual : Runtime::kEqual);
    }
    // Turn true into 0 and false into some non-zero value.
    STATIC_ASSERT(EQUAL == 0);