From b8162581bd004e200ae84c6df134d2126b80015f Mon Sep 17 00:00:00 2001 From: "zhengxing.li" Date: Mon, 15 Feb 2016 21:06:16 -0800 Subject: [PATCH] X87: [compiler] Sanitize entry points to LookupSlot access. port 4ff159bd28be36a39a1f8416cdf8fccafd3c2f95(r33880) original commit message: Add dedicated %LoadLookupSlot, %LoadLookupSlotInsideTypeof, %LoadLookupSlotForCall, %StoreLookupSlot_Sloppy and %StoreLookupSlot_Strict runtime entry points and use them appropriately in the various compilers. This way we can finally drop the machine operators from the JS graph level completely in TurboFan. Also drop the funky JSLoadDynamic operator from TurboFan, which was by now just a small wrapper around the runtime call to %LoadLookupSlot. BUG= Review URL: https://codereview.chromium.org/1694343002 Cr-Commit-Position: refs/heads/master@{#34012} --- src/full-codegen/x87/full-codegen-x87.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/full-codegen/x87/full-codegen-x87.cc b/src/full-codegen/x87/full-codegen-x87.cc index a5a939d03b..28e14bcb24 100644 --- a/src/full-codegen/x87/full-codegen-x87.cc +++ b/src/full-codegen/x87/full-codegen-x87.cc @@ -1346,7 +1346,8 @@ void FullCodeGenerator::EmitVariableLoad(VariableProxy* proxy, // Generate code for loading from variables potentially shadowed // by eval-introduced variables. EmitDynamicLookupFastCase(proxy, typeof_mode, &slow, &done); - __ Push(var->name()); + __ bind(&slow); + __ push(Immediate(var->name())); Runtime::FunctionId function_id = typeof_mode == NOT_INSIDE_TYPEOF ? Runtime::kLoadLookupSlot @@ -2339,7 +2340,7 @@ void FullCodeGenerator::EmitVariableAssignment(Variable* var, Token::Value op, (var->mode() == CONST && op == Token::INIT)) { if (var->IsLookupSlot()) { // Assignment to var. - __ Push(var->name()); + __ Push(Immediate(var->name())); __ Push(eax); __ CallRuntime(is_strict(language_mode()) ? Runtime::kStoreLookupSlot_Strict