Fix uninitialized new.target register in InvokeBuiltin.

On some architectures the InvokeBuiltin sequence does not go through InvokeFunctionCode, which initializes the new.target register. This initializes the register explicitly on these architectures for now. R=ishell@chromium.org BUG=chromium:565046 LOG=n Review URL: https://codereview.chromium.org/1499953002 Cr-Commit-Position: refs/heads/master@{#32622}

Fix uninitialized new.target register in InvokeBuiltin.
On some architectures the InvokeBuiltin sequence does not go through InvokeFunctionCode, which initializes the new.target register. This initializes the register explicitly on these architectures for now. R=ishell@chromium.org BUG=chromium:565046 LOG=n Review URL: https://codereview.chromium.org/1499953002 Cr-Commit-Position: refs/heads/master@{#32622}
77774035 · mstarzinger · Commit bot · 0f2bffa1 · 77774035 · 77774035
Commit 77774035 authored Dec 04, 2015 by mstarzinger Committed by Commit bot Dec 04, 2015
5 changed files
--- a/src/arm/macro-assembler-arm.cc
+++ b/src/arm/macro-assembler-arm.cc
@@ -2517,6 +2517,9 @@ void MacroAssembler::InvokeBuiltin(int native_context_index, InvokeFlag flag,
  // You can't call a builtin without a valid frame.
  DCHECK(flag == JUMP_FUNCTION || has_frame());

+  // Always initialize new target.
+  LoadRoot(r3, Heap::kUndefinedValueRootIndex);
+
  LoadNativeContextSlot(native_context_index, r1);
  ldr(r2, FieldMemOperand(r1, JSFunction::kCodeEntryOffset));
  if (flag == CALL_FUNCTION) {

--- a/src/arm64/macro-assembler-arm64.cc
+++ b/src/arm64/macro-assembler-arm64.cc
@@ -1707,6 +1707,9 @@ void MacroAssembler::InvokeBuiltin(int native_context_index, InvokeFlag flag,
  // You can't call a builtin without a valid frame.
  DCHECK(flag == JUMP_FUNCTION || has_frame());

+  // Always initialize new target.
+  LoadRoot(x3, Heap::kUndefinedValueRootIndex);
+
  // Get the builtin entry in x2 and setup the function object in x1.
  LoadNativeContextSlot(native_context_index, x1);
  Ldr(x2, FieldMemOperand(x1, JSFunction::kCodeEntryOffset));

--- a/src/mips/macro-assembler-mips.cc
+++ b/src/mips/macro-assembler-mips.cc
@@ -4502,6 +4502,9 @@ void MacroAssembler::InvokeBuiltin(int native_context_index, InvokeFlag flag,
  // You can't call a builtin without a valid frame.
  DCHECK(flag == JUMP_FUNCTION || has_frame());

+  // Always initialize new target.
+  LoadRoot(a3, Heap::kUndefinedValueRootIndex);
+
  LoadNativeContextSlot(native_context_index, a1);
  lw(t9, FieldMemOperand(a1, JSFunction::kCodeEntryOffset));
  if (flag == CALL_FUNCTION) {

--- a/src/mips64/macro-assembler-mips64.cc
+++ b/src/mips64/macro-assembler-mips64.cc
@@ -4898,6 +4898,9 @@ void MacroAssembler::InvokeBuiltin(int native_context_index, InvokeFlag flag,
  // You can't call a builtin without a valid frame.
  DCHECK(flag == JUMP_FUNCTION || has_frame());

+  // Always initialize new target.
+  LoadRoot(a3, Heap::kUndefinedValueRootIndex);
+
  LoadNativeContextSlot(native_context_index, a1);
  ld(t9, FieldMemOperand(a1, JSFunction::kCodeEntryOffset));
  if (flag == CALL_FUNCTION) {

--- a/src/ppc/macro-assembler-ppc.cc
+++ b/src/ppc/macro-assembler-ppc.cc
@@ -2342,6 +2342,9 @@ void MacroAssembler::InvokeBuiltin(int native_context_index, InvokeFlag flag,
  // You can't call a builtin without a valid frame.
  DCHECK(flag == JUMP_FUNCTION || has_frame());

+  // Always initialize new target.
+  LoadRoot(r6, Heap::kUndefinedValueRootIndex);
+
  LoadNativeContextSlot(native_context_index, r4);
  LoadP(ip, FieldMemOperand(r4, JSFunction::kCodeEntryOffset));
  if (flag == CALL_FUNCTION) {