[builtins] Check we don't directly call lazy TFJ builtins

Lazy TFJ builtins rely on a mechanism that uses the SharedFunctionInfo to determine the builtin to deserialize. That obviously doesn't work if we call the lazy builtin directly, so make sure this does not happen (at least not through (Tail)CallBuiltin). Bug: v8:6624 Change-Id: Iea95d83379a5a0e47324e1fef83c005350f2f02a Reviewed-on: https://chromium-review.googlesource.com/754684 Reviewed-by: Igor Sheludko <ishell@chromium.org> Commit-Queue: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#49169}
2017-11-06 10:41:20 +01:00 · 2017-11-06 10:41:20 +01:00 · 51554eb126
commit 51554eb126
parent 14ddbc1899
1 changed files with 4 additions and 0 deletions
--- a/src/code-stub-assembler.h
+++ b/src/code-stub-assembler.h
@ -1517,11 +1517,15 @@ class V8_EXPORT_PRIVATE CodeStubAssembler : public compiler::CodeAssembler {

  template <class... TArgs>
  Node* CallBuiltin(Builtins::Name id, Node* context, TArgs... args) {
+    DCHECK_IMPLIES(Builtins::KindOf(id) == Builtins::TFJ,
+                   !Builtins::IsLazy(id));
    return CallStub(Builtins::CallableFor(isolate(), id), context, args...);
  }

  template <class... TArgs>
  Node* TailCallBuiltin(Builtins::Name id, Node* context, TArgs... args) {
+    DCHECK_IMPLIES(Builtins::KindOf(id) == Builtins::TFJ,
+                   !Builtins::IsLazy(id));
    return TailCallStub(Builtins::CallableFor(isolate(), id), context, args...);
  }