Bailout on possible direct eval calls.

Environment structure for such calls is different from normal global calls. R=fschneider@chromium.org BUG=chromium:122681 Review URL: https://chromiumcodereview.appspot.com/10024060 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00

Bailout on possible direct eval calls.
Environment structure for such calls is different from normal global calls. R=fschneider@chromium.org BUG=chromium:122681 Review URL: https://chromiumcodereview.appspot.com/10024060 git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@11256 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
e831ec2c · vegorov@chromium.org · caf579d0 · e831ec2c
Commit e831ec2c authored Apr 10, 2012 by vegorov@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

hydrogen.cc src/hydrogen.cc +8 -0

No files found.
--- a/src/hydrogen.cc
+++ b/src/hydrogen.cc
@@ -2454,6 +2454,10 @@ HGraph* HGraphBuilder::CreateGraph() {
      Bailout("function with illegal redeclaration");
      return NULL;
    }
+    if (scope->calls_eval()) {
+      Bailout("function calls eval");
+      return NULL;
+    }
    SetUpScope(scope);

    // Add an edge to the body entry.  This is warty: the graph's start
@@ -5936,6 +5940,10 @@ void HGraphBuilder::VisitCall(Call* expr) {
    VariableProxy* proxy = expr->expression()->AsVariableProxy();
    bool global_call = proxy != NULL && proxy->var()->IsUnallocated();

+    if (proxy != NULL && proxy->var()->is_possibly_eval()) {
+      return Bailout("possible direct call to eval");
+    }
+
    if (global_call) {
      Variable* var = proxy->var();
      bool known_global_function = false;