2011-06-08 08:13:31 +00:00
|
|
|
// Copyright 2011 the V8 project authors. All rights reserved.
|
2008-07-03 15:10:15 +00:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
|
// modification, are permitted provided that the following conditions are
|
|
|
|
|
// met:
|
|
|
|
|
//
|
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
|
// * Redistributions in binary form must reproduce the above
|
|
|
|
|
// copyright notice, this list of conditions and the following
|
|
|
|
|
// disclaimer in the documentation and/or other materials provided
|
|
|
|
|
// with the distribution.
|
|
|
|
|
// * Neither the name of Google Inc. nor the names of its
|
|
|
|
|
// contributors may be used to endorse or promote products derived
|
|
|
|
|
// from this software without specific prior written permission.
|
|
|
|
|
//
|
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
|
|
#ifndef V8_HANDLES_H_
|
|
|
|
|
#define V8_HANDLES_H_
|
|
|
|
|
|
2011-05-06 06:50:20 +00:00
|
|
|
#include "allocation.h"
|
2009-01-23 17:22:23 +00:00
|
|
|
#include "apiutils.h"
|
|
|
|
|
|
2009-05-25 10:05:56 +00:00
|
|
|
namespace v8 {
|
|
|
|
|
namespace internal {
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
// A Handle provides a reference to an object that survives relocation by
|
|
|
|
|
// the garbage collector.
|
2009-01-23 17:22:23 +00:00
|
|
|
// Handles are only valid within a HandleScope.
|
2008-07-03 15:10:15 +00:00
|
|
|
// When a handle is created for an object a cell is allocated in the heap.
|
|
|
|
|
|
2011-02-24 14:00:52 +00:00
|
|
|
template<typename T>
|
2008-07-03 15:10:15 +00:00
|
|
|
class Handle {
|
|
|
|
|
public:
|
2010-05-03 09:53:47 +00:00
|
|
|
INLINE(explicit Handle(T** location)) { location_ = location; }
|
2008-07-03 15:10:15 +00:00
|
|
|
INLINE(explicit Handle(T* obj));
|
2011-03-18 20:35:07 +00:00
|
|
|
INLINE(Handle(T* obj, Isolate* isolate));
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
INLINE(Handle()) : location_(NULL) {}
|
|
|
|
|
|
|
|
|
|
// Constructor for handling automatic up casting.
|
|
|
|
|
// Ex. Handle<JSFunction> can be passed when Handle<Object> is expected.
|
|
|
|
|
template <class S> Handle(Handle<S> handle) {
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
T* a = NULL;
|
|
|
|
|
S* b = NULL;
|
|
|
|
|
a = b; // Fake assignment to enforce type checks.
|
|
|
|
|
USE(a);
|
|
|
|
|
#endif
|
2013-01-23 13:52:00 +00:00
|
|
|
location_ = reinterpret_cast<T**>(handle.location_);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
2009-07-07 11:41:21 +00:00
|
|
|
INLINE(T* operator ->() const) { return operator*(); }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Check if this handle refers to the exact same object as the other handle.
|
2013-03-13 16:13:05 +00:00
|
|
|
INLINE(bool is_identical_to(const Handle<T> other) const);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Provides the C++ dereference operator.
|
|
|
|
|
INLINE(T* operator*() const);
|
|
|
|
|
|
|
|
|
|
// Returns the address to where the raw pointer is stored.
|
2013-01-23 13:52:00 +00:00
|
|
|
INLINE(T** location() const);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
template <class S> static Handle<T> cast(Handle<S> that) {
|
2013-04-23 09:23:07 +00:00
|
|
|
T::cast(*reinterpret_cast<T**>(that.location_));
|
|
|
|
|
return Handle<T>(reinterpret_cast<T**>(that.location_));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static Handle<T> null() { return Handle<T>(); }
|
2011-03-18 20:35:07 +00:00
|
|
|
bool is_null() const { return location_ == NULL; }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Closes the given scope, but lets this handle escape. See
|
|
|
|
|
// implementation in api.h.
|
2009-01-23 17:48:58 +00:00
|
|
|
inline Handle<T> EscapeFrom(v8::HandleScope* scope);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-04-23 09:23:07 +00:00
|
|
|
#ifdef DEBUG
|
2013-06-03 15:32:22 +00:00
|
|
|
bool IsDereferenceAllowed(bool explicitly_allow_deferred) const;
|
2013-04-23 09:23:07 +00:00
|
|
|
#endif // DEBUG
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
private:
|
|
|
|
|
T** location_;
|
2013-01-23 13:52:00 +00:00
|
|
|
|
|
|
|
|
// Handles of different classes are allowed to access each other's location_.
|
|
|
|
|
template<class S> friend class Handle;
|
2008-07-03 15:10:15 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2012-11-06 12:32:36 +00:00
|
|
|
// Convenience wrapper.
|
|
|
|
|
template<class T>
|
2012-11-16 08:38:11 +00:00
|
|
|
inline Handle<T> handle(T* t, Isolate* isolate) {
|
|
|
|
|
return Handle<T>(t, isolate);
|
2012-11-06 12:32:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2012-07-18 14:15:02 +00:00
|
|
|
class DeferredHandles;
|
2012-07-06 09:31:31 +00:00
|
|
|
class HandleScopeImplementer;
|
|
|
|
|
|
|
|
|
|
|
2009-01-23 17:22:23 +00:00
|
|
|
// A stack-allocated class that governs a number of local handles.
|
|
|
|
|
// After a handle scope has been created, all local handles will be
|
|
|
|
|
// allocated within that handle scope until either the handle scope is
|
|
|
|
|
// deleted or another handle scope is created. If there is already a
|
|
|
|
|
// handle scope and a new one is created, all allocations will take
|
|
|
|
|
// place in the new handle scope until it is deleted. After that,
|
|
|
|
|
// new handles will again be allocated in the original handle scope.
|
|
|
|
|
//
|
|
|
|
|
// After the handle scope of a local handle has been deleted the
|
|
|
|
|
// garbage collector will no longer track the object stored in the
|
|
|
|
|
// handle and may deallocate it. The behavior of accessing a handle
|
|
|
|
|
// for which the handle scope has been deleted is undefined.
|
|
|
|
|
class HandleScope {
|
|
|
|
|
public:
|
2011-03-18 20:35:07 +00:00
|
|
|
explicit inline HandleScope(Isolate* isolate);
|
2009-01-23 17:22:23 +00:00
|
|
|
|
2011-03-18 20:35:07 +00:00
|
|
|
inline ~HandleScope();
|
2009-01-23 17:22:23 +00:00
|
|
|
|
|
|
|
|
// Counts the number of allocated handles.
|
2013-02-25 14:46:09 +00:00
|
|
|
static int NumberOfHandles(Isolate* isolate);
|
2009-01-23 17:22:23 +00:00
|
|
|
|
|
|
|
|
// Creates a new handle with the given value.
|
2009-08-14 17:19:51 +00:00
|
|
|
template <typename T>
|
2013-02-25 14:46:09 +00:00
|
|
|
static inline T** CreateHandle(Isolate* isolate, T* value);
|
2009-01-23 17:22:23 +00:00
|
|
|
|
2009-11-04 08:51:48 +00:00
|
|
|
// Deallocates any extensions used by the current scope.
|
2011-03-18 20:35:07 +00:00
|
|
|
static void DeleteExtensions(Isolate* isolate);
|
2009-11-04 08:51:48 +00:00
|
|
|
|
2013-02-25 14:46:09 +00:00
|
|
|
static Address current_next_address(Isolate* isolate);
|
|
|
|
|
static Address current_limit_address(Isolate* isolate);
|
|
|
|
|
static Address current_level_address(Isolate* isolate);
|
2009-11-04 08:51:48 +00:00
|
|
|
|
2011-03-01 14:00:55 +00:00
|
|
|
// Closes the HandleScope (invalidating all handles
|
|
|
|
|
// created in the scope of the HandleScope) and returns
|
|
|
|
|
// a Handle backed by the parent scope holding the
|
|
|
|
|
// value of the argument handle.
|
|
|
|
|
template <typename T>
|
2011-03-18 20:35:07 +00:00
|
|
|
Handle<T> CloseAndEscape(Handle<T> handle_value);
|
|
|
|
|
|
|
|
|
|
Isolate* isolate() { return isolate_; }
|
2011-03-01 14:00:55 +00:00
|
|
|
|
2009-01-23 17:22:23 +00:00
|
|
|
private:
|
|
|
|
|
// Prevent heap allocation or illegal handle scopes.
|
|
|
|
|
HandleScope(const HandleScope&);
|
|
|
|
|
void operator=(const HandleScope&);
|
|
|
|
|
void* operator new(size_t size);
|
|
|
|
|
void operator delete(void* size_t);
|
|
|
|
|
|
2011-03-18 20:35:07 +00:00
|
|
|
Isolate* isolate_;
|
2011-03-01 14:00:55 +00:00
|
|
|
Object** prev_next_;
|
|
|
|
|
Object** prev_limit_;
|
2009-01-23 17:22:23 +00:00
|
|
|
|
2013-05-29 11:09:01 +00:00
|
|
|
// Close the handle scope resetting limits to a previous state.
|
|
|
|
|
static inline void CloseScope(Isolate* isolate,
|
|
|
|
|
Object** prev_next,
|
|
|
|
|
Object** prev_limit);
|
|
|
|
|
|
2009-03-18 18:50:35 +00:00
|
|
|
// Extend the handle scope making room for more handles.
|
2013-02-25 14:46:09 +00:00
|
|
|
static internal::Object** Extend(Isolate* isolate);
|
2009-03-18 18:50:35 +00:00
|
|
|
|
2013-03-22 13:40:13 +00:00
|
|
|
#ifdef ENABLE_EXTRA_CHECKS
|
2009-01-23 17:22:23 +00:00
|
|
|
// Zaps the handles in the half-open interval [start, end).
|
2013-05-29 11:09:01 +00:00
|
|
|
static void ZapRange(Object** start, Object** end);
|
2013-03-22 13:40:13 +00:00
|
|
|
#endif
|
2009-01-23 17:22:23 +00:00
|
|
|
|
|
|
|
|
friend class v8::HandleScope;
|
2013-03-22 13:40:13 +00:00
|
|
|
friend class v8::internal::DeferredHandles;
|
2012-07-06 09:31:31 +00:00
|
|
|
friend class v8::internal::HandleScopeImplementer;
|
2012-07-18 14:15:02 +00:00
|
|
|
friend class v8::internal::Isolate;
|
2009-01-23 17:22:23 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2012-07-06 09:31:31 +00:00
|
|
|
class DeferredHandles;
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class DeferredHandleScope {
|
|
|
|
|
public:
|
|
|
|
|
explicit DeferredHandleScope(Isolate* isolate);
|
|
|
|
|
// The DeferredHandles object returned stores the Handles created
|
|
|
|
|
// since the creation of this DeferredHandleScope. The Handles are
|
|
|
|
|
// alive as long as the DeferredHandles object is alive.
|
|
|
|
|
DeferredHandles* Detach();
|
|
|
|
|
~DeferredHandleScope();
|
|
|
|
|
|
|
|
|
|
private:
|
|
|
|
|
Object** prev_limit_;
|
|
|
|
|
Object** prev_next_;
|
|
|
|
|
HandleScopeImplementer* impl_;
|
|
|
|
|
|
|
|
|
|
#ifdef DEBUG
|
|
|
|
|
bool handles_detached_;
|
|
|
|
|
int prev_level_;
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
friend class HandleScopeImplementer;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
// Handle operations.
|
2011-10-05 11:09:34 +00:00
|
|
|
// They might invoke garbage collection. The result is an handle to
|
|
|
|
|
// an object of expected type, or the handle is an error if running out
|
|
|
|
|
// of space or encountering an internal error.
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2010-06-30 07:40:40 +00:00
|
|
|
// Flattens a string.
|
2008-07-03 15:10:15 +00:00
|
|
|
void FlattenString(Handle<String> str);
|
|
|
|
|
|
2010-06-30 07:40:40 +00:00
|
|
|
// Flattens a string and returns the underlying external or sequential
|
2011-10-05 11:09:34 +00:00
|
|
|
// string.
|
2010-06-30 07:40:40 +00:00
|
|
|
Handle<String> FlattenGetString(Handle<String> str);
|
2012-03-12 12:35:28 +00:00
|
|
|
|
2012-11-22 07:58:59 +00:00
|
|
|
Handle<Object> SetProperty(Isolate* isolate,
|
|
|
|
|
Handle<Object> object,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> key,
|
|
|
|
|
Handle<Object> value,
|
2011-03-02 04:53:43 +00:00
|
|
|
PropertyAttributes attributes,
|
2011-03-03 16:17:28 +00:00
|
|
|
StrictModeFlag strict_mode);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-04-21 13:28:11 +00:00
|
|
|
Handle<Object> ForceSetProperty(Handle<JSObject> object,
|
|
|
|
|
Handle<Object> key,
|
|
|
|
|
Handle<Object> value,
|
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
|
2013-04-10 12:16:29 +00:00
|
|
|
Handle<Object> DeleteProperty(Handle<JSObject> object, Handle<Object> key);
|
2009-06-08 09:46:09 +00:00
|
|
|
|
2013-04-10 12:16:29 +00:00
|
|
|
Handle<Object> ForceDeleteProperty(Handle<JSObject> object, Handle<Object> key);
|
|
|
|
|
|
|
|
|
|
Handle<Object> HasProperty(Handle<JSReceiver> obj, Handle<Object> key);
|
|
|
|
|
|
|
|
|
|
Handle<Object> GetProperty(Handle<JSReceiver> obj, const char* name);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> GetProperty(Isolate* isolate,
|
|
|
|
|
Handle<Object> obj,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> key);
|
|
|
|
|
|
2010-02-10 14:44:15 +00:00
|
|
|
Handle<Object> SetPrototype(Handle<JSObject> obj, Handle<Object> value);
|
|
|
|
|
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> LookupSingleCharacterStringFromCode(Isolate* isolate,
|
|
|
|
|
uint32_t index);
|
2008-08-29 08:48:06 +00:00
|
|
|
|
2008-10-22 08:21:18 +00:00
|
|
|
Handle<JSObject> Copy(Handle<JSObject> obj);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-04-10 13:52:08 +00:00
|
|
|
Handle<JSObject> DeepCopy(Handle<JSObject> obj);
|
|
|
|
|
|
2010-05-25 12:14:49 +00:00
|
|
|
Handle<Object> SetAccessor(Handle<JSObject> obj, Handle<AccessorInfo> info);
|
|
|
|
|
|
2009-02-03 13:00:40 +00:00
|
|
|
Handle<FixedArray> AddKeysFromJSArray(Handle<FixedArray>,
|
|
|
|
|
Handle<JSArray> array);
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Get the JS object corresponding to the given script; create it
|
|
|
|
|
// if none exists.
|
|
|
|
|
Handle<JSValue> GetScriptWrapper(Handle<Script> script);
|
|
|
|
|
|
2012-07-10 11:04:38 +00:00
|
|
|
// Script line number computations. Note that the line number is zero-based.
|
2009-03-10 15:08:45 +00:00
|
|
|
void InitScriptLineEnds(Handle<Script> script);
|
2010-04-19 16:08:26 +00:00
|
|
|
// For string calculates an array of line end positions. If the string
|
|
|
|
|
// does not end with a new line character, this character may optionally be
|
|
|
|
|
// imagined.
|
|
|
|
|
Handle<FixedArray> CalculateLineEnds(Handle<String> string,
|
|
|
|
|
bool with_imaginary_last_new_line);
|
2009-03-10 15:08:45 +00:00
|
|
|
int GetScriptLineNumber(Handle<Script> script, int code_position);
|
2010-03-18 22:15:54 +00:00
|
|
|
// The safe version does not make heap allocations but may work much slower.
|
|
|
|
|
int GetScriptLineNumberSafe(Handle<Script> script, int code_position);
|
2011-11-09 14:18:30 +00:00
|
|
|
int GetScriptColumnNumber(Handle<Script> script, int code_position);
|
2012-11-12 12:34:18 +00:00
|
|
|
Handle<Object> GetScriptNameOrSourceURL(Handle<Script> script);
|
2009-03-10 15:08:45 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Computes the enumerable keys from interceptors. Used for debug mirrors and
|
|
|
|
|
// by GetKeysInFixedArrayFor below.
|
2011-10-24 15:56:18 +00:00
|
|
|
v8::Handle<v8::Array> GetKeysForNamedInterceptor(Handle<JSReceiver> receiver,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> object);
|
2011-10-24 15:56:18 +00:00
|
|
|
v8::Handle<v8::Array> GetKeysForIndexedInterceptor(Handle<JSReceiver> receiver,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> object);
|
2009-09-15 11:51:40 +00:00
|
|
|
|
|
|
|
|
enum KeyCollectionType { LOCAL_ONLY, INCLUDE_PROTOS };
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Computes the enumerable keys for a JSObject. Used for implementing
|
|
|
|
|
// "for (n in object) { }".
|
2011-10-24 15:56:18 +00:00
|
|
|
Handle<FixedArray> GetKeysInFixedArrayFor(Handle<JSReceiver> object,
|
|
|
|
|
KeyCollectionType type,
|
|
|
|
|
bool* threw);
|
|
|
|
|
Handle<JSArray> GetKeysFor(Handle<JSReceiver> object, bool* threw);
|
Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own descriptor array or not.
Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.
We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.
Review URL: https://chromiumcodereview.appspot.com/10909007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 16:43:57 +00:00
|
|
|
Handle<FixedArray> ReduceFixedArrayTo(Handle<FixedArray> array, int length);
|
2009-12-01 10:25:29 +00:00
|
|
|
Handle<FixedArray> GetEnumPropertyKeys(Handle<JSObject> object,
|
|
|
|
|
bool cache_result);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Computes the union of keys and return the result.
|
|
|
|
|
// Used for implementing "for (n in object) { }"
|
|
|
|
|
Handle<FixedArray> UnionOfKeys(Handle<FixedArray> first,
|
|
|
|
|
Handle<FixedArray> second);
|
|
|
|
|
|
2010-02-26 14:37:33 +00:00
|
|
|
Handle<String> SubString(Handle<String> str,
|
|
|
|
|
int start,
|
|
|
|
|
int end,
|
|
|
|
|
PretenureFlag pretenure = NOT_TENURED);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
// Sets the expected number of properties for the function's instances.
|
|
|
|
|
void SetExpectedNofProperties(Handle<JSFunction> func, int nof);
|
|
|
|
|
|
|
|
|
|
// Sets the prototype property for a function instance.
|
|
|
|
|
void SetPrototypeProperty(Handle<JSFunction> func, Handle<JSObject> value);
|
|
|
|
|
|
|
|
|
|
// Sets the expected number of properties based on estimate from compiler.
|
|
|
|
|
void SetExpectedNofPropertiesFromEstimate(Handle<SharedFunctionInfo> shared,
|
|
|
|
|
int estimate);
|
|
|
|
|
|
|
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<JSGlobalProxy> ReinitializeJSGlobalProxy(
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSFunction> constructor,
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<JSGlobalProxy> global);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
Handle<Object> SetPrototype(Handle<JSFunction> function,
|
|
|
|
|
Handle<Object> prototype);
|
|
|
|
|
|
2011-10-25 14:14:56 +00:00
|
|
|
Handle<ObjectHashSet> ObjectHashSetAdd(Handle<ObjectHashSet> table,
|
|
|
|
|
Handle<Object> key);
|
|
|
|
|
|
|
|
|
|
Handle<ObjectHashSet> ObjectHashSetRemove(Handle<ObjectHashSet> table,
|
|
|
|
|
Handle<Object> key);
|
|
|
|
|
|
2011-07-28 17:21:22 +00:00
|
|
|
Handle<ObjectHashTable> PutIntoObjectHashTable(Handle<ObjectHashTable> table,
|
2011-10-25 14:14:56 +00:00
|
|
|
Handle<Object> key,
|
2011-07-28 17:21:22 +00:00
|
|
|
Handle<Object> value);
|
|
|
|
|
|
2013-06-03 15:32:22 +00:00
|
|
|
|
|
|
|
|
// Seal off the current HandleScope so that new handles can only be created
|
|
|
|
|
// if a new HandleScope is entered.
|
|
|
|
|
class SealHandleScope BASE_EMBEDDED {
|
2008-07-03 15:10:15 +00:00
|
|
|
public:
|
|
|
|
|
#ifndef DEBUG
|
2013-06-03 15:32:22 +00:00
|
|
|
explicit SealHandleScope(Isolate* isolate) {}
|
|
|
|
|
~SealHandleScope() {}
|
2008-07-03 15:10:15 +00:00
|
|
|
#else
|
2013-06-03 15:32:22 +00:00
|
|
|
explicit inline SealHandleScope(Isolate* isolate);
|
|
|
|
|
inline ~SealHandleScope();
|
2008-07-03 15:10:15 +00:00
|
|
|
private:
|
2013-02-25 14:46:09 +00:00
|
|
|
Isolate* isolate_;
|
2013-05-29 11:09:01 +00:00
|
|
|
Object** limit_;
|
2010-10-21 14:21:00 +00:00
|
|
|
int level_;
|
2008-07-03 15:10:15 +00:00
|
|
|
#endif
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
} } // namespace v8::internal
|
|
|
|
|
|
|
|
|
|
#endif // V8_HANDLES_H_
|
