2014-03-31 12:01:02 +00:00
|
|
|
// Copyright 2014 the V8 project authors. All rights reserved.
|
|
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
|
|
// found in the LICENSE file.
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-06-03 08:12:43 +00:00
|
|
|
#include "src/bootstrapper.h"
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-06-03 08:12:43 +00:00
|
|
|
#include "src/accessors.h"
|
2014-06-20 08:40:11 +00:00
|
|
|
#include "src/code-stubs.h"
|
2014-06-03 08:12:43 +00:00
|
|
|
#include "src/extensions/externalize-string-extension.h"
|
|
|
|
#include "src/extensions/free-buffer-extension.h"
|
|
|
|
#include "src/extensions/gc-extension.h"
|
|
|
|
#include "src/extensions/statistics-extension.h"
|
|
|
|
#include "src/extensions/trigger-failure-extension.h"
|
2014-06-20 08:40:11 +00:00
|
|
|
#include "src/isolate-inl.h"
|
|
|
|
#include "src/natives.h"
|
|
|
|
#include "src/snapshot.h"
|
|
|
|
#include "src/trig-table.h"
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-05-25 10:05:56 +00:00
|
|
|
namespace v8 {
|
|
|
|
namespace internal {
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2011-03-18 20:35:07 +00:00
|
|
|
NativesExternalStringResource::NativesExternalStringResource(
|
|
|
|
Bootstrapper* bootstrapper,
|
2011-06-06 20:47:30 +00:00
|
|
|
const char* source,
|
|
|
|
size_t length)
|
|
|
|
: data_(source), length_(length) {
|
2011-03-18 20:35:07 +00:00
|
|
|
if (bootstrapper->delete_these_non_arrays_on_tear_down_ == NULL) {
|
|
|
|
bootstrapper->delete_these_non_arrays_on_tear_down_ = new List<char*>(2);
|
2009-11-09 13:30:50 +00:00
|
|
|
}
|
|
|
|
// The resources are small objects and we only make a fixed number of
|
|
|
|
// them, but let's clean them up on exit for neatness.
|
2011-03-18 20:35:07 +00:00
|
|
|
bootstrapper->delete_these_non_arrays_on_tear_down_->
|
2009-11-09 13:30:50 +00:00
|
|
|
Add(reinterpret_cast<char*>(this));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-02-15 09:27:10 +00:00
|
|
|
Bootstrapper::Bootstrapper(Isolate* isolate)
|
|
|
|
: isolate_(isolate),
|
|
|
|
nesting_(0),
|
2011-03-18 20:35:07 +00:00
|
|
|
extensions_cache_(Script::TYPE_EXTENSION),
|
|
|
|
delete_these_non_arrays_on_tear_down_(NULL),
|
|
|
|
delete_these_arrays_on_tear_down_(NULL) {
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<String> Bootstrapper::NativesSourceLookup(int index) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(0 <= index && index < Natives::GetBuiltinsCount());
|
2013-02-15 09:27:10 +00:00
|
|
|
Heap* heap = isolate_->heap();
|
2011-03-28 13:09:37 +00:00
|
|
|
if (heap->natives_source_cache()->get(index)->IsUndefined()) {
|
2012-01-30 12:25:29 +00:00
|
|
|
// We can use external strings for the natives.
|
|
|
|
Vector<const char> source = Natives::GetRawScriptSource(index);
|
|
|
|
NativesExternalStringResource* resource =
|
|
|
|
new NativesExternalStringResource(this,
|
|
|
|
source.start(),
|
|
|
|
source.length());
|
2014-03-25 09:09:24 +00:00
|
|
|
// We do not expect this to throw an exception. Change this if it does.
|
2014-04-03 12:41:37 +00:00
|
|
|
Handle<String> source_code =
|
|
|
|
isolate_->factory()->NewExternalStringFromAscii(
|
|
|
|
resource).ToHandleChecked();
|
2012-01-30 12:25:29 +00:00
|
|
|
heap->natives_source_cache()->set(index, *source_code);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> cached_source(heap->natives_source_cache()->get(index),
|
|
|
|
isolate_);
|
2008-07-03 15:10:15 +00:00
|
|
|
return Handle<String>::cast(cached_source);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Bootstrapper::Initialize(bool create_heap_objects) {
|
2013-09-11 08:39:38 +00:00
|
|
|
extensions_cache_.Initialize(isolate_, create_heap_objects);
|
2013-05-21 12:03:49 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-01-17 10:52:00 +00:00
|
|
|
static const char* GCFunctionName() {
|
|
|
|
bool flag_given = FLAG_expose_gc_as != NULL && strlen(FLAG_expose_gc_as) != 0;
|
|
|
|
return flag_given ? FLAG_expose_gc_as : "gc";
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
v8::Extension* Bootstrapper::free_buffer_extension_ = NULL;
|
|
|
|
v8::Extension* Bootstrapper::gc_extension_ = NULL;
|
|
|
|
v8::Extension* Bootstrapper::externalize_string_extension_ = NULL;
|
|
|
|
v8::Extension* Bootstrapper::statistics_extension_ = NULL;
|
|
|
|
v8::Extension* Bootstrapper::trigger_failure_extension_ = NULL;
|
|
|
|
|
|
|
|
|
2013-05-21 12:03:49 +00:00
|
|
|
void Bootstrapper::InitializeOncePerProcess() {
|
2014-01-17 10:52:00 +00:00
|
|
|
free_buffer_extension_ = new FreeBufferExtension;
|
|
|
|
v8::RegisterExtension(free_buffer_extension_);
|
|
|
|
gc_extension_ = new GCExtension(GCFunctionName());
|
|
|
|
v8::RegisterExtension(gc_extension_);
|
|
|
|
externalize_string_extension_ = new ExternalizeStringExtension;
|
|
|
|
v8::RegisterExtension(externalize_string_extension_);
|
|
|
|
statistics_extension_ = new StatisticsExtension;
|
|
|
|
v8::RegisterExtension(statistics_extension_);
|
|
|
|
trigger_failure_extension_ = new TriggerFailureExtension;
|
|
|
|
v8::RegisterExtension(trigger_failure_extension_);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Bootstrapper::TearDownExtensions() {
|
|
|
|
delete free_buffer_extension_;
|
|
|
|
delete gc_extension_;
|
|
|
|
delete externalize_string_extension_;
|
|
|
|
delete statistics_extension_;
|
|
|
|
delete trigger_failure_extension_;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-11 10:40:01 +00:00
|
|
|
char* Bootstrapper::AllocateAutoDeletedArray(int bytes) {
|
|
|
|
char* memory = new char[bytes];
|
|
|
|
if (memory != NULL) {
|
2011-03-18 20:35:07 +00:00
|
|
|
if (delete_these_arrays_on_tear_down_ == NULL) {
|
|
|
|
delete_these_arrays_on_tear_down_ = new List<char*>(2);
|
2009-12-11 10:40:01 +00:00
|
|
|
}
|
2011-03-18 20:35:07 +00:00
|
|
|
delete_these_arrays_on_tear_down_->Add(memory);
|
2009-12-11 10:40:01 +00:00
|
|
|
}
|
|
|
|
return memory;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
void Bootstrapper::TearDown() {
|
2011-03-18 20:35:07 +00:00
|
|
|
if (delete_these_non_arrays_on_tear_down_ != NULL) {
|
|
|
|
int len = delete_these_non_arrays_on_tear_down_->length();
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(len < 24); // Don't use this mechanism for unbounded allocations.
|
2009-11-06 13:48:33 +00:00
|
|
|
for (int i = 0; i < len; i++) {
|
2011-03-18 20:35:07 +00:00
|
|
|
delete delete_these_non_arrays_on_tear_down_->at(i);
|
|
|
|
delete_these_non_arrays_on_tear_down_->at(i) = NULL;
|
2009-11-06 13:48:33 +00:00
|
|
|
}
|
2011-03-18 20:35:07 +00:00
|
|
|
delete delete_these_non_arrays_on_tear_down_;
|
|
|
|
delete_these_non_arrays_on_tear_down_ = NULL;
|
2009-11-06 13:48:33 +00:00
|
|
|
}
|
|
|
|
|
2011-03-18 20:35:07 +00:00
|
|
|
if (delete_these_arrays_on_tear_down_ != NULL) {
|
|
|
|
int len = delete_these_arrays_on_tear_down_->length();
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(len < 1000); // Don't use this mechanism for unbounded allocations.
|
2009-12-11 10:40:01 +00:00
|
|
|
for (int i = 0; i < len; i++) {
|
2011-03-18 20:35:07 +00:00
|
|
|
delete[] delete_these_arrays_on_tear_down_->at(i);
|
|
|
|
delete_these_arrays_on_tear_down_->at(i) = NULL;
|
2009-12-11 10:40:01 +00:00
|
|
|
}
|
2011-03-18 20:35:07 +00:00
|
|
|
delete delete_these_arrays_on_tear_down_;
|
|
|
|
delete_these_arrays_on_tear_down_ = NULL;
|
2009-12-11 10:40:01 +00:00
|
|
|
}
|
|
|
|
|
2013-09-11 08:39:38 +00:00
|
|
|
extensions_cache_.Initialize(isolate_, false); // Yes, symmetrical
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
class Genesis BASE_EMBEDDED {
|
|
|
|
public:
|
2011-04-14 08:01:19 +00:00
|
|
|
Genesis(Isolate* isolate,
|
2014-07-01 12:12:34 +00:00
|
|
|
MaybeHandle<JSGlobalProxy> maybe_global_proxy,
|
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template,
|
2008-07-03 15:10:15 +00:00
|
|
|
v8::ExtensionConfiguration* extensions);
|
2010-03-23 11:40:38 +00:00
|
|
|
~Genesis() { }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2011-04-14 08:01:19 +00:00
|
|
|
Isolate* isolate() const { return isolate_; }
|
|
|
|
Factory* factory() const { return isolate_->factory(); }
|
|
|
|
Heap* heap() const { return isolate_->heap(); }
|
|
|
|
|
2013-03-18 17:36:47 +00:00
|
|
|
Handle<Context> result() { return result_; }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-03-18 17:36:47 +00:00
|
|
|
private:
|
2012-08-17 09:03:08 +00:00
|
|
|
Handle<Context> native_context() { return native_context_; }
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Creates some basic objects. Used for creating a context from scratch.
|
|
|
|
void CreateRoots();
|
|
|
|
// Creates the empty function. Used for creating a context from scratch.
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<JSFunction> CreateEmptyFunction(Isolate* isolate);
|
2011-03-17 20:28:17 +00:00
|
|
|
// Creates the ThrowTypeError function. ECMA 5th Ed. 13.2.3
|
2014-05-19 10:47:00 +00:00
|
|
|
Handle<JSFunction> GetStrictPoisonFunction();
|
|
|
|
// Poison for sloppy generator function arguments/callee.
|
|
|
|
Handle<JSFunction> GetGeneratorPoisonFunction();
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
void CreateStrictModeFunctionMaps(Handle<JSFunction> empty);
|
2012-02-20 08:42:18 +00:00
|
|
|
|
|
|
|
// Make the "arguments" and "caller" properties throw a TypeError on access.
|
|
|
|
void PoisonArgumentsAndCaller(Handle<Map> map);
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Creates the global objects using the global and the template passed in
|
|
|
|
// through the API. We call this regardless of whether we are building a
|
|
|
|
// context from scratch or using a deserialized one from the partial snapshot
|
|
|
|
// but in the latter case we don't use the objects it produces directly, as
|
|
|
|
// we have to used the deserialized ones that are linked together with the
|
|
|
|
// rest of the context snapshot.
|
|
|
|
Handle<JSGlobalProxy> CreateNewGlobals(
|
2014-07-01 12:12:34 +00:00
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template,
|
|
|
|
MaybeHandle<JSGlobalProxy> maybe_global_proxy,
|
|
|
|
Handle<GlobalObject>* global_object_out);
|
2010-03-23 11:40:38 +00:00
|
|
|
// Hooks the given global proxy into the context. If the context was created
|
|
|
|
// by deserialization then this will unhook the global proxy that was
|
|
|
|
// deserialized, leaving the GC to pick it up.
|
2014-07-01 12:12:34 +00:00
|
|
|
void HookUpGlobalProxy(Handle<GlobalObject> global_object,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<JSGlobalProxy> global_proxy);
|
2014-07-01 12:12:34 +00:00
|
|
|
// Similarly, we want to use the global that has been created by the templates
|
|
|
|
// passed through the API. The global from the snapshot is detached from the
|
|
|
|
// other objects in the snapshot.
|
|
|
|
void HookUpGlobalObject(Handle<GlobalObject> global_object);
|
2010-03-23 11:40:38 +00:00
|
|
|
// New context initialization. Used for creating a context from scratch.
|
2014-07-01 12:12:34 +00:00
|
|
|
void InitializeGlobal(Handle<GlobalObject> global_object,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<JSFunction> empty_function);
|
2011-08-03 11:55:13 +00:00
|
|
|
void InitializeExperimentalGlobal();
|
2010-03-23 11:40:38 +00:00
|
|
|
// Installs the contents of the native .js files on the global objects.
|
|
|
|
// Used for creating a context from scratch.
|
2008-07-03 15:10:15 +00:00
|
|
|
void InstallNativeFunctions();
|
2011-05-18 14:00:34 +00:00
|
|
|
void InstallExperimentalNativeFunctions();
|
2013-02-15 15:20:05 +00:00
|
|
|
Handle<JSFunction> InstallInternalArray(Handle<JSBuiltinsObject> builtins,
|
|
|
|
const char* name,
|
|
|
|
ElementsKind elements_kind);
|
2008-07-03 15:10:15 +00:00
|
|
|
bool InstallNatives();
|
2013-04-16 14:16:30 +00:00
|
|
|
|
2014-04-22 12:24:28 +00:00
|
|
|
void InstallTypedArray(
|
|
|
|
const char* name,
|
|
|
|
ElementsKind elements_kind,
|
|
|
|
Handle<JSFunction>* fun,
|
|
|
|
Handle<Map>* external_map);
|
2011-04-15 12:31:03 +00:00
|
|
|
bool InstallExperimentalNatives();
|
2010-12-14 18:53:48 +00:00
|
|
|
void InstallBuiltinFunctionIds();
|
2010-04-14 14:46:15 +00:00
|
|
|
void InstallJSFunctionResultCaches();
|
2010-08-25 13:25:54 +00:00
|
|
|
void InitializeNormalizedMapCaches();
|
2011-11-15 23:26:22 +00:00
|
|
|
|
2011-11-15 22:48:55 +00:00
|
|
|
enum ExtensionTraversalState {
|
|
|
|
UNVISITED, VISITED, INSTALLED
|
|
|
|
};
|
|
|
|
|
|
|
|
class ExtensionStates {
|
2012-02-23 09:12:57 +00:00
|
|
|
public:
|
2011-11-15 22:48:55 +00:00
|
|
|
ExtensionStates();
|
|
|
|
ExtensionTraversalState get_state(RegisteredExtension* extension);
|
|
|
|
void set_state(RegisteredExtension* extension,
|
|
|
|
ExtensionTraversalState state);
|
2012-02-23 09:12:57 +00:00
|
|
|
private:
|
2011-11-15 22:48:55 +00:00
|
|
|
HashMap map_;
|
2011-11-15 23:26:22 +00:00
|
|
|
DISALLOW_COPY_AND_ASSIGN(ExtensionStates);
|
2011-11-15 22:48:55 +00:00
|
|
|
};
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Used both for deserialized and from-scratch contexts to add the extensions
|
|
|
|
// provided.
|
2012-08-17 09:03:08 +00:00
|
|
|
static bool InstallExtensions(Handle<Context> native_context,
|
2010-03-23 11:40:38 +00:00
|
|
|
v8::ExtensionConfiguration* extensions);
|
2014-01-16 13:18:28 +00:00
|
|
|
static bool InstallAutoExtensions(Isolate* isolate,
|
|
|
|
ExtensionStates* extension_states);
|
|
|
|
static bool InstallRequestedExtensions(Isolate* isolate,
|
|
|
|
v8::ExtensionConfiguration* extensions,
|
|
|
|
ExtensionStates* extension_states);
|
2013-02-15 09:27:10 +00:00
|
|
|
static bool InstallExtension(Isolate* isolate,
|
|
|
|
const char* name,
|
2011-11-15 22:48:55 +00:00
|
|
|
ExtensionStates* extension_states);
|
2013-02-15 09:27:10 +00:00
|
|
|
static bool InstallExtension(Isolate* isolate,
|
|
|
|
v8::RegisteredExtension* current,
|
2011-11-15 22:48:55 +00:00
|
|
|
ExtensionStates* extension_states);
|
2014-01-16 13:18:28 +00:00
|
|
|
static bool InstallSpecialObjects(Handle<Context> native_context);
|
2010-02-11 08:05:33 +00:00
|
|
|
bool InstallJSBuiltins(Handle<JSBuiltinsObject> builtins);
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
bool ConfigureApiObject(Handle<JSObject> object,
|
|
|
|
Handle<ObjectTemplateInfo> object_template);
|
2014-07-01 12:12:34 +00:00
|
|
|
bool ConfigureGlobalObjects(
|
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Migrates all properties from the 'from' object to the 'to'
|
|
|
|
// object and overrides the prototype in 'to' with the one from
|
|
|
|
// 'from'.
|
|
|
|
void TransferObject(Handle<JSObject> from, Handle<JSObject> to);
|
|
|
|
void TransferNamedProperties(Handle<JSObject> from, Handle<JSObject> to);
|
|
|
|
void TransferIndexedProperties(Handle<JSObject> from, Handle<JSObject> to);
|
|
|
|
|
2014-06-13 12:19:04 +00:00
|
|
|
enum FunctionMode {
|
|
|
|
// With prototype.
|
|
|
|
FUNCTION_WITH_WRITEABLE_PROTOTYPE,
|
|
|
|
FUNCTION_WITH_READONLY_PROTOTYPE,
|
|
|
|
// Without prototype.
|
|
|
|
FUNCTION_WITHOUT_PROTOTYPE,
|
|
|
|
BOUND_FUNCTION
|
2010-04-28 12:05:40 +00:00
|
|
|
};
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2014-06-13 12:19:04 +00:00
|
|
|
static bool IsFunctionModeWithPrototype(FunctionMode function_mode) {
|
|
|
|
return (function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE ||
|
|
|
|
function_mode == FUNCTION_WITH_READONLY_PROTOTYPE);
|
|
|
|
}
|
|
|
|
|
|
|
|
Handle<Map> CreateFunctionMap(FunctionMode function_mode);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
void SetFunctionInstanceDescriptor(Handle<Map> map,
|
2014-06-13 12:19:04 +00:00
|
|
|
FunctionMode function_mode);
|
2008-07-03 15:10:15 +00:00
|
|
|
void MakeFunctionInstancePrototypeWritable();
|
|
|
|
|
2014-03-11 14:41:22 +00:00
|
|
|
Handle<Map> CreateStrictFunctionMap(
|
2014-06-13 12:19:04 +00:00
|
|
|
FunctionMode function_mode,
|
2012-02-20 08:42:18 +00:00
|
|
|
Handle<JSFunction> empty_function);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
void SetStrictFunctionInstanceDescriptor(Handle<Map> map,
|
2014-06-13 12:19:04 +00:00
|
|
|
FunctionMode function_mode);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2011-04-14 08:01:19 +00:00
|
|
|
static bool CompileBuiltin(Isolate* isolate, int index);
|
2011-04-15 12:31:03 +00:00
|
|
|
static bool CompileExperimentalBuiltin(Isolate* isolate, int index);
|
2013-02-15 09:27:10 +00:00
|
|
|
static bool CompileNative(Isolate* isolate,
|
|
|
|
Vector<const char> name,
|
|
|
|
Handle<String> source);
|
|
|
|
static bool CompileScriptCached(Isolate* isolate,
|
|
|
|
Vector<const char> name,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<String> source,
|
|
|
|
SourceCodeCache* cache,
|
|
|
|
v8::Extension* extension,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<Context> top_context,
|
2008-07-03 15:10:15 +00:00
|
|
|
bool use_runtime_context);
|
|
|
|
|
2013-03-18 17:36:47 +00:00
|
|
|
Isolate* isolate_;
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Context> result_;
|
2013-03-18 17:36:47 +00:00
|
|
|
Handle<Context> native_context_;
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2013-05-10 12:59:20 +00:00
|
|
|
// Function maps. Function maps are created initially with a read only
|
|
|
|
// prototype for the processing of JS builtins. Later the function maps are
|
|
|
|
// replaced in order to make prototype writable. These are the final, writable
|
|
|
|
// prototype, maps.
|
2014-03-11 14:41:22 +00:00
|
|
|
Handle<Map> sloppy_function_map_writable_prototype_;
|
|
|
|
Handle<Map> strict_function_map_writable_prototype_;
|
2014-05-19 10:47:00 +00:00
|
|
|
Handle<JSFunction> strict_poison_function;
|
|
|
|
Handle<JSFunction> generator_poison_function;
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
BootstrapperActive active_;
|
|
|
|
friend class Bootstrapper;
|
2008-07-03 15:10:15 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
void Bootstrapper::Iterate(ObjectVisitor* v) {
|
2011-03-18 20:35:07 +00:00
|
|
|
extensions_cache_.Iterate(v);
|
2011-12-06 17:41:47 +00:00
|
|
|
v->Synchronize(VisitorSynchronization::kExtensions);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Handle<Context> Bootstrapper::CreateEnvironment(
|
2014-07-01 12:12:34 +00:00
|
|
|
MaybeHandle<JSGlobalProxy> maybe_global_proxy,
|
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template,
|
2008-07-03 15:10:15 +00:00
|
|
|
v8::ExtensionConfiguration* extensions) {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate_);
|
2014-07-01 12:12:34 +00:00
|
|
|
Genesis genesis(
|
|
|
|
isolate_, maybe_global_proxy, global_proxy_template, extensions);
|
2013-04-10 09:34:37 +00:00
|
|
|
Handle<Context> env = genesis.result();
|
|
|
|
if (env.is_null() || !InstallExtensions(env, extensions)) {
|
|
|
|
return Handle<Context>();
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
2013-04-10 09:34:37 +00:00
|
|
|
return scope.CloseAndEscape(env);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
static void SetObjectPrototype(Handle<JSObject> object, Handle<Object> proto) {
|
|
|
|
// object.__proto__ = proto;
|
2014-06-24 14:53:48 +00:00
|
|
|
Handle<Map> old_map = Handle<Map>(object->map());
|
|
|
|
Handle<Map> new_map = Map::Copy(old_map);
|
|
|
|
new_map->set_prototype(*proto);
|
|
|
|
JSObject::MigrateToMap(object, new_map);
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Bootstrapper::DetachGlobal(Handle<Context> env) {
|
2011-04-14 08:01:19 +00:00
|
|
|
Factory* factory = env->GetIsolate()->factory();
|
2012-08-28 11:25:08 +00:00
|
|
|
Handle<JSGlobalProxy> global_proxy(JSGlobalProxy::cast(env->global_proxy()));
|
|
|
|
global_proxy->set_native_context(*factory->null_value());
|
|
|
|
SetObjectPrototype(global_proxy, factory->null_value());
|
2014-07-28 09:15:10 +00:00
|
|
|
global_proxy->map()->set_constructor(*factory->null_value());
|
2010-03-24 13:24:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
static Handle<JSFunction> InstallFunction(Handle<JSObject> target,
|
|
|
|
const char* name,
|
|
|
|
InstanceType type,
|
|
|
|
int instance_size,
|
2014-05-09 16:34:58 +00:00
|
|
|
MaybeHandle<JSObject> maybe_prototype,
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::Name call) {
|
2011-04-14 08:01:19 +00:00
|
|
|
Isolate* isolate = target->GetIsolate();
|
2011-03-28 13:09:37 +00:00
|
|
|
Factory* factory = isolate->factory();
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> internalized_name = factory->InternalizeUtf8String(name);
|
2011-03-28 13:09:37 +00:00
|
|
|
Handle<Code> call_code = Handle<Code>(isolate->builtins()->builtin(call));
|
2014-05-09 16:59:03 +00:00
|
|
|
Handle<JSObject> prototype;
|
|
|
|
Handle<JSFunction> function = maybe_prototype.ToHandle(&prototype)
|
2014-05-09 17:39:54 +00:00
|
|
|
? factory->NewFunction(internalized_name, call_code, prototype,
|
|
|
|
type, instance_size)
|
|
|
|
: factory->NewFunctionWithoutPrototype(internalized_name, call_code);
|
2011-09-01 11:57:02 +00:00
|
|
|
PropertyAttributes attributes;
|
|
|
|
if (target->IsJSBuiltinsObject()) {
|
|
|
|
attributes =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
|
|
|
|
} else {
|
|
|
|
attributes = DONT_ENUM;
|
|
|
|
}
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(target, internalized_name, function, attributes);
|
2014-05-09 17:21:51 +00:00
|
|
|
if (target->IsJSGlobalObject()) {
|
2013-02-28 17:03:34 +00:00
|
|
|
function->shared()->set_instance_class_name(*internalized_name);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2011-10-20 12:31:33 +00:00
|
|
|
function->shared()->set_native(true);
|
2008-07-03 15:10:15 +00:00
|
|
|
return function;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
void Genesis::SetFunctionInstanceDescriptor(
|
2014-06-13 12:19:04 +00:00
|
|
|
Handle<Map> map, FunctionMode function_mode) {
|
|
|
|
int size = IsFunctionModeWithPrototype(function_mode) ? 5 : 4;
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(map, size);
|
2012-07-23 16:18:25 +00:00
|
|
|
|
2014-06-03 11:52:07 +00:00
|
|
|
PropertyAttributes attribs = static_cast<PropertyAttributes>(
|
|
|
|
DONT_ENUM | DONT_DELETE | READ_ONLY);
|
2011-10-21 10:32:38 +00:00
|
|
|
|
2014-04-24 11:24:13 +00:00
|
|
|
Handle<AccessorInfo> length =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionLengthInfo(isolate(), attribs);
|
2011-03-17 20:28:17 +00:00
|
|
|
{ // Add length.
|
2014-04-24 11:24:13 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(length->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
length, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-04-28 08:26:35 +00:00
|
|
|
Handle<AccessorInfo> name =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionNameInfo(isolate(), attribs);
|
2011-03-17 20:28:17 +00:00
|
|
|
{ // Add name.
|
2014-04-28 08:26:35 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(name->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
name, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-04-28 12:02:11 +00:00
|
|
|
Handle<AccessorInfo> args =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionArgumentsInfo(isolate(), attribs);
|
2011-03-17 20:28:17 +00:00
|
|
|
{ // Add arguments.
|
2014-04-28 12:02:11 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(args->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
args, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-04-28 13:41:12 +00:00
|
|
|
Handle<AccessorInfo> caller =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionCallerInfo(isolate(), attribs);
|
2011-03-17 20:28:17 +00:00
|
|
|
{ // Add caller.
|
2014-04-28 13:41:12 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(caller->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
caller, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-06-13 12:19:04 +00:00
|
|
|
if (IsFunctionModeWithPrototype(function_mode)) {
|
|
|
|
if (function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE) {
|
2014-06-03 11:52:07 +00:00
|
|
|
attribs = static_cast<PropertyAttributes>(attribs & ~READ_ONLY);
|
2014-02-07 15:29:18 +00:00
|
|
|
}
|
2014-04-24 08:35:53 +00:00
|
|
|
Handle<AccessorInfo> prototype =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionPrototypeInfo(isolate(), attribs);
|
2014-04-24 08:35:53 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(prototype->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
prototype, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2010-04-28 12:05:40 +00:00
|
|
|
}
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
|
2014-06-13 12:19:04 +00:00
|
|
|
Handle<Map> Genesis::CreateFunctionMap(FunctionMode function_mode) {
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
|
2014-06-13 12:19:04 +00:00
|
|
|
SetFunctionInstanceDescriptor(map, function_mode);
|
|
|
|
map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode));
|
2011-03-17 20:28:17 +00:00
|
|
|
return map;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<JSFunction> Genesis::CreateEmptyFunction(Isolate* isolate) {
|
2011-03-17 20:28:17 +00:00
|
|
|
// Allocate the map for function instances. Maps are allocated first and their
|
|
|
|
// prototypes patched later, once empty function is created.
|
|
|
|
|
2010-04-28 12:05:40 +00:00
|
|
|
// Functions with this map will not have a 'prototype' property, and
|
|
|
|
// can not be used as constructors.
|
2011-03-30 10:46:55 +00:00
|
|
|
Handle<Map> function_without_prototype_map =
|
2014-06-13 12:19:04 +00:00
|
|
|
CreateFunctionMap(FUNCTION_WITHOUT_PROTOTYPE);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_sloppy_function_without_prototype_map(
|
2011-03-30 10:46:55 +00:00
|
|
|
*function_without_prototype_map);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2011-03-17 20:28:17 +00:00
|
|
|
// Allocate the function map. This map is temporary, used only for processing
|
|
|
|
// of builtins.
|
|
|
|
// Later the map is replaced with writable prototype map, allocated below.
|
2014-06-13 12:19:04 +00:00
|
|
|
Handle<Map> function_map =
|
|
|
|
CreateFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_sloppy_function_map(*function_map);
|
2014-05-09 17:59:15 +00:00
|
|
|
native_context()->set_sloppy_function_with_readonly_prototype_map(
|
|
|
|
*function_map);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
// The final map for functions. Writeable prototype.
|
|
|
|
// This map is installed in MakeFunctionInstancePrototypeWritable.
|
2014-03-11 14:41:22 +00:00
|
|
|
sloppy_function_map_writable_prototype_ =
|
2014-06-13 12:19:04 +00:00
|
|
|
CreateFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2011-03-28 13:09:37 +00:00
|
|
|
Factory* factory = isolate->factory();
|
|
|
|
|
2013-05-13 10:59:00 +00:00
|
|
|
Handle<String> object_name = factory->Object_string();
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
{ // --- O b j e c t ---
|
2014-05-09 16:39:33 +00:00
|
|
|
Handle<JSFunction> object_fun = factory->NewFunction(object_name);
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Map> object_function_map =
|
2011-03-28 13:09:37 +00:00
|
|
|
factory->NewMap(JS_OBJECT_TYPE, JSObject::kHeaderSize);
|
2008-07-03 15:10:15 +00:00
|
|
|
object_fun->set_initial_map(*object_function_map);
|
|
|
|
object_function_map->set_constructor(*object_fun);
|
2014-05-23 12:55:57 +00:00
|
|
|
object_function_map->set_unused_property_fields(
|
|
|
|
JSObject::kInitialGlobalObjectUnusedPropertiesCount);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_object_function(*object_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Allocate a new prototype for the object function.
|
2013-04-04 12:10:23 +00:00
|
|
|
Handle<JSObject> prototype = factory->NewJSObject(
|
|
|
|
isolate->object_function(),
|
2013-02-26 10:46:00 +00:00
|
|
|
TENURED);
|
2013-04-04 12:10:23 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_initial_object_prototype(*prototype);
|
2013-05-13 07:35:26 +00:00
|
|
|
// For bootstrapping set the array prototype to be the same as the object
|
|
|
|
// prototype, otherwise the missing initial_array_prototype will cause
|
|
|
|
// assertions during startup.
|
|
|
|
native_context()->set_initial_array_prototype(*prototype);
|
2013-08-16 21:27:11 +00:00
|
|
|
Accessors::FunctionSetPrototype(object_fun, prototype);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Allocate the empty function as the prototype for function ECMAScript
|
|
|
|
// 262 15.3.4.
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> empty_string =
|
|
|
|
factory->InternalizeOneByteString(STATIC_ASCII_VECTOR("Empty"));
|
2014-04-17 11:57:32 +00:00
|
|
|
Handle<Code> code(isolate->builtins()->builtin(Builtins::kEmptyFunction));
|
2014-05-09 17:39:54 +00:00
|
|
|
Handle<JSFunction> empty_function = factory->NewFunctionWithoutPrototype(
|
|
|
|
empty_string, code);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// --- E m p t y ---
|
2014-04-17 13:27:02 +00:00
|
|
|
Handle<String> source = factory->NewStringFromStaticAscii("() {}");
|
2011-03-28 13:09:37 +00:00
|
|
|
Handle<Script> script = factory->NewScript(source);
|
2010-03-23 11:40:38 +00:00
|
|
|
script->set_type(Smi::FromInt(Script::TYPE_NATIVE));
|
|
|
|
empty_function->shared()->set_script(*script);
|
|
|
|
empty_function->shared()->set_start_position(0);
|
|
|
|
empty_function->shared()->set_end_position(source->length());
|
|
|
|
empty_function->shared()->DontAdaptArguments();
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
// Set prototypes for the function maps.
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->sloppy_function_map()->set_prototype(*empty_function);
|
|
|
|
native_context()->sloppy_function_without_prototype_map()->
|
2010-04-29 10:39:36 +00:00
|
|
|
set_prototype(*empty_function);
|
2014-03-11 14:41:22 +00:00
|
|
|
sloppy_function_map_writable_prototype_->set_prototype(*empty_function);
|
2010-04-28 12:05:40 +00:00
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Allocate the function map first and then patch the prototype later
|
2014-06-13 12:19:04 +00:00
|
|
|
Handle<Map> empty_function_map =
|
|
|
|
CreateFunctionMap(FUNCTION_WITHOUT_PROTOTYPE);
|
2012-05-16 07:52:41 +00:00
|
|
|
empty_function_map->set_prototype(
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->object_function()->prototype());
|
2012-05-16 07:52:41 +00:00
|
|
|
empty_function->set_map(*empty_function_map);
|
2010-03-23 11:40:38 +00:00
|
|
|
return empty_function;
|
|
|
|
}
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
void Genesis::SetStrictFunctionInstanceDescriptor(
|
2014-06-13 12:19:04 +00:00
|
|
|
Handle<Map> map, FunctionMode function_mode) {
|
|
|
|
int size = IsFunctionModeWithPrototype(function_mode) ? 5 : 4;
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(map, size);
|
2012-07-23 16:18:25 +00:00
|
|
|
|
|
|
|
Handle<AccessorPair> arguments(factory()->NewAccessorPair());
|
|
|
|
Handle<AccessorPair> caller(factory()->NewAccessorPair());
|
2013-06-18 07:51:50 +00:00
|
|
|
PropertyAttributes rw_attribs =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
|
|
|
|
PropertyAttributes ro_attribs =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
|
2011-10-21 10:32:38 +00:00
|
|
|
|
2014-06-13 12:19:04 +00:00
|
|
|
// Add length.
|
|
|
|
if (function_mode == BOUND_FUNCTION) {
|
|
|
|
Handle<String> length_string = isolate()->factory()->length_string();
|
|
|
|
FieldDescriptor d(length_string, 0, ro_attribs, Representation::Tagged());
|
|
|
|
map->AppendDescriptor(&d);
|
|
|
|
} else {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE ||
|
2014-06-13 12:19:04 +00:00
|
|
|
function_mode == FUNCTION_WITH_READONLY_PROTOTYPE ||
|
|
|
|
function_mode == FUNCTION_WITHOUT_PROTOTYPE);
|
|
|
|
Handle<AccessorInfo> length =
|
|
|
|
Accessors::FunctionLengthInfo(isolate(), ro_attribs);
|
2014-04-24 11:24:13 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(length->name())),
|
|
|
|
length, ro_attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-04-28 08:26:35 +00:00
|
|
|
Handle<AccessorInfo> name =
|
2014-06-03 11:52:07 +00:00
|
|
|
Accessors::FunctionNameInfo(isolate(), ro_attribs);
|
2012-02-20 08:42:18 +00:00
|
|
|
{ // Add name.
|
2014-04-28 08:26:35 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(name->name())),
|
2014-06-03 11:52:07 +00:00
|
|
|
name, ro_attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2012-02-20 08:42:18 +00:00
|
|
|
{ // Add arguments.
|
2014-04-09 14:26:32 +00:00
|
|
|
CallbacksDescriptor d(factory()->arguments_string(), arguments,
|
2013-06-18 07:51:50 +00:00
|
|
|
rw_attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2012-02-20 08:42:18 +00:00
|
|
|
{ // Add caller.
|
2014-04-09 14:26:32 +00:00
|
|
|
CallbacksDescriptor d(factory()->caller_string(), caller, rw_attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
2014-06-13 12:19:04 +00:00
|
|
|
if (IsFunctionModeWithPrototype(function_mode)) {
|
2012-02-20 08:42:18 +00:00
|
|
|
// Add prototype.
|
2013-06-18 07:51:50 +00:00
|
|
|
PropertyAttributes attribs =
|
2014-06-13 12:19:04 +00:00
|
|
|
function_mode == FUNCTION_WITH_WRITEABLE_PROTOTYPE ? rw_attribs
|
|
|
|
: ro_attribs;
|
2014-04-24 08:35:53 +00:00
|
|
|
Handle<AccessorInfo> prototype =
|
|
|
|
Accessors::FunctionPrototypeInfo(isolate(), attribs);
|
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(prototype->name())),
|
|
|
|
prototype, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// ECMAScript 5th Edition, 13.2.3
|
2014-05-19 10:47:00 +00:00
|
|
|
Handle<JSFunction> Genesis::GetStrictPoisonFunction() {
|
|
|
|
if (strict_poison_function.is_null()) {
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> name = factory()->InternalizeOneByteString(
|
2012-12-17 15:56:16 +00:00
|
|
|
STATIC_ASCII_VECTOR("ThrowTypeError"));
|
2011-05-24 11:07:06 +00:00
|
|
|
Handle<Code> code(isolate()->builtins()->builtin(
|
|
|
|
Builtins::kStrictModePoisonPill));
|
2014-05-19 10:47:00 +00:00
|
|
|
strict_poison_function = factory()->NewFunctionWithoutPrototype(name, code);
|
|
|
|
strict_poison_function->set_map(native_context()->sloppy_function_map());
|
|
|
|
strict_poison_function->shared()->DontAdaptArguments();
|
|
|
|
|
|
|
|
JSObject::PreventExtensions(strict_poison_function).Assert();
|
|
|
|
}
|
|
|
|
return strict_poison_function;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Handle<JSFunction> Genesis::GetGeneratorPoisonFunction() {
|
|
|
|
if (generator_poison_function.is_null()) {
|
|
|
|
Handle<String> name = factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("ThrowTypeError"));
|
|
|
|
Handle<Code> code(isolate()->builtins()->builtin(
|
|
|
|
Builtins::kGeneratorPoisonPill));
|
|
|
|
generator_poison_function = factory()->NewFunctionWithoutPrototype(
|
2014-05-09 17:39:54 +00:00
|
|
|
name, code);
|
2014-05-19 10:47:00 +00:00
|
|
|
generator_poison_function->set_map(native_context()->sloppy_function_map());
|
|
|
|
generator_poison_function->shared()->DontAdaptArguments();
|
2011-05-24 11:07:06 +00:00
|
|
|
|
2014-05-19 10:47:00 +00:00
|
|
|
JSObject::PreventExtensions(generator_poison_function).Assert();
|
2011-05-24 11:07:06 +00:00
|
|
|
}
|
2014-05-19 10:47:00 +00:00
|
|
|
return generator_poison_function;
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-03-11 14:41:22 +00:00
|
|
|
Handle<Map> Genesis::CreateStrictFunctionMap(
|
2014-06-13 12:19:04 +00:00
|
|
|
FunctionMode function_mode,
|
2012-02-20 08:42:18 +00:00
|
|
|
Handle<JSFunction> empty_function) {
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<Map> map = factory()->NewMap(JS_FUNCTION_TYPE, JSFunction::kSize);
|
2014-06-13 12:19:04 +00:00
|
|
|
SetStrictFunctionInstanceDescriptor(map, function_mode);
|
|
|
|
map->set_function_with_prototype(IsFunctionModeWithPrototype(function_mode));
|
2011-03-17 20:28:17 +00:00
|
|
|
map->set_prototype(*empty_function);
|
|
|
|
return map;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::CreateStrictModeFunctionMaps(Handle<JSFunction> empty) {
|
|
|
|
// Allocate map for the prototype-less strict mode instances.
|
2014-03-11 14:41:22 +00:00
|
|
|
Handle<Map> strict_function_without_prototype_map =
|
2014-06-13 12:19:04 +00:00
|
|
|
CreateStrictFunctionMap(FUNCTION_WITHOUT_PROTOTYPE, empty);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_strict_function_without_prototype_map(
|
|
|
|
*strict_function_without_prototype_map);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
// Allocate map for the strict mode functions. This map is temporary, used
|
|
|
|
// only for processing of builtins.
|
|
|
|
// Later the map is replaced with writable prototype map, allocated below.
|
2014-03-11 14:41:22 +00:00
|
|
|
Handle<Map> strict_function_map =
|
2014-06-13 12:19:04 +00:00
|
|
|
CreateStrictFunctionMap(FUNCTION_WITH_READONLY_PROTOTYPE, empty);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_strict_function_map(*strict_function_map);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
// The final map for the strict mode functions. Writeable prototype.
|
|
|
|
// This map is installed in MakeFunctionInstancePrototypeWritable.
|
2014-03-11 14:41:22 +00:00
|
|
|
strict_function_map_writable_prototype_ =
|
2014-06-13 12:19:04 +00:00
|
|
|
CreateStrictFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE, empty);
|
|
|
|
// Special map for bound functions.
|
|
|
|
Handle<Map> bound_function_map =
|
|
|
|
CreateStrictFunctionMap(BOUND_FUNCTION, empty);
|
|
|
|
native_context()->set_bound_function_map(*bound_function_map);
|
2011-03-17 20:28:17 +00:00
|
|
|
|
2012-01-10 16:11:33 +00:00
|
|
|
// Complete the callbacks.
|
2014-03-11 14:41:22 +00:00
|
|
|
PoisonArgumentsAndCaller(strict_function_without_prototype_map);
|
|
|
|
PoisonArgumentsAndCaller(strict_function_map);
|
|
|
|
PoisonArgumentsAndCaller(strict_function_map_writable_prototype_);
|
2014-06-13 12:19:04 +00:00
|
|
|
PoisonArgumentsAndCaller(bound_function_map);
|
2012-02-20 08:42:18 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void SetAccessors(Handle<Map> map,
|
|
|
|
Handle<String> name,
|
|
|
|
Handle<JSFunction> func) {
|
|
|
|
DescriptorArray* descs = map->instance_descriptors();
|
Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own descriptor array or not.
Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.
We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.
Review URL: https://chromiumcodereview.appspot.com/10909007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 16:43:57 +00:00
|
|
|
int number = descs->SearchWithCache(*name, *map);
|
2012-02-20 08:42:18 +00:00
|
|
|
AccessorPair* accessors = AccessorPair::cast(descs->GetValue(number));
|
|
|
|
accessors->set_getter(*func);
|
|
|
|
accessors->set_setter(*func);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-05-19 10:47:00 +00:00
|
|
|
static void ReplaceAccessors(Handle<Map> map,
|
|
|
|
Handle<String> name,
|
|
|
|
PropertyAttributes attributes,
|
|
|
|
Handle<AccessorPair> accessor_pair) {
|
|
|
|
DescriptorArray* descriptors = map->instance_descriptors();
|
|
|
|
int idx = descriptors->SearchWithCache(*name, *map);
|
|
|
|
CallbacksDescriptor descriptor(name, accessor_pair, attributes);
|
|
|
|
descriptors->Replace(idx, &descriptor);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-02-20 08:42:18 +00:00
|
|
|
void Genesis::PoisonArgumentsAndCaller(Handle<Map> map) {
|
2014-05-19 10:47:00 +00:00
|
|
|
SetAccessors(map, factory()->arguments_string(), GetStrictPoisonFunction());
|
|
|
|
SetAccessors(map, factory()->caller_string(), GetStrictPoisonFunction());
|
2011-03-17 20:28:17 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
static void AddToWeakNativeContextList(Context* context) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(context->IsNativeContext());
|
2011-04-14 08:01:19 +00:00
|
|
|
Heap* heap = context->GetIsolate()->heap();
|
2010-12-07 11:31:57 +00:00
|
|
|
#ifdef DEBUG
|
|
|
|
{ // NOLINT
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(context->get(Context::NEXT_CONTEXT_LINK)->IsUndefined());
|
2010-12-07 11:31:57 +00:00
|
|
|
// Check that context is not in the list yet.
|
2012-08-17 09:03:08 +00:00
|
|
|
for (Object* current = heap->native_contexts_list();
|
2010-12-07 11:31:57 +00:00
|
|
|
!current->IsUndefined();
|
|
|
|
current = Context::cast(current)->get(Context::NEXT_CONTEXT_LINK)) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(current != context);
|
2010-12-07 11:31:57 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
2012-08-17 09:03:08 +00:00
|
|
|
context->set(Context::NEXT_CONTEXT_LINK, heap->native_contexts_list());
|
|
|
|
heap->set_native_contexts_list(context);
|
2010-12-07 11:31:57 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
void Genesis::CreateRoots() {
|
2012-08-17 09:03:08 +00:00
|
|
|
// Allocate the native context FixedArray first and then patch the
|
2010-03-23 11:40:38 +00:00
|
|
|
// closure and extension object later (we need the empty function
|
|
|
|
// and the global object, but in order to create those, we need the
|
2012-08-17 09:03:08 +00:00
|
|
|
// native context).
|
2013-03-18 17:36:47 +00:00
|
|
|
native_context_ = factory()->NewNativeContext();
|
|
|
|
AddToWeakNativeContextList(*native_context());
|
2012-08-17 09:03:08 +00:00
|
|
|
isolate()->set_context(*native_context());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Allocate the message listeners object.
|
|
|
|
{
|
2014-01-08 14:44:30 +00:00
|
|
|
v8::NeanderArray listeners(isolate());
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_message_listeners(*listeners.value());
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
|
|
|
}
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<JSGlobalProxy> Genesis::CreateNewGlobals(
|
2014-07-01 12:12:34 +00:00
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template,
|
|
|
|
MaybeHandle<JSGlobalProxy> maybe_global_proxy,
|
|
|
|
Handle<GlobalObject>* global_object_out) {
|
|
|
|
// The argument global_proxy_template aka data is an ObjectTemplateInfo.
|
2010-03-23 11:40:38 +00:00
|
|
|
// It has a constructor pointer that points at global_constructor which is a
|
|
|
|
// FunctionTemplateInfo.
|
2014-07-01 12:12:34 +00:00
|
|
|
// The global_proxy_constructor is used to create or reinitialize the
|
|
|
|
// global_proxy. The global_proxy_constructor also has a prototype_template
|
|
|
|
// pointer that points at js_global_object_template which is an
|
|
|
|
// ObjectTemplateInfo.
|
2010-03-23 11:40:38 +00:00
|
|
|
// That in turn has a constructor pointer that points at
|
2014-07-01 12:12:34 +00:00
|
|
|
// js_global_object_constructor which is a FunctionTemplateInfo.
|
|
|
|
// js_global_object_constructor is used to make js_global_object_function
|
|
|
|
// js_global_object_function is used to make the new global_object.
|
2010-03-23 11:40:38 +00:00
|
|
|
//
|
|
|
|
// --- G l o b a l ---
|
2014-07-01 12:12:34 +00:00
|
|
|
// Step 1: Create a fresh JSGlobalObject.
|
|
|
|
Handle<JSFunction> js_global_object_function;
|
|
|
|
Handle<ObjectTemplateInfo> js_global_object_template;
|
|
|
|
if (!global_proxy_template.IsEmpty()) {
|
|
|
|
// Get prototype template of the global_proxy_template.
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<ObjectTemplateInfo> data =
|
2014-07-01 12:12:34 +00:00
|
|
|
v8::Utils::OpenHandle(*global_proxy_template);
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<FunctionTemplateInfo> global_constructor =
|
|
|
|
Handle<FunctionTemplateInfo>(
|
|
|
|
FunctionTemplateInfo::cast(data->constructor()));
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> proto_template(global_constructor->prototype_template(),
|
|
|
|
isolate());
|
2010-03-23 11:40:38 +00:00
|
|
|
if (!proto_template->IsUndefined()) {
|
2014-07-01 12:12:34 +00:00
|
|
|
js_global_object_template =
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<ObjectTemplateInfo>::cast(proto_template);
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
}
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
if (js_global_object_template.is_null()) {
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> name = Handle<String>(heap()->empty_string());
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<Code> code = Handle<Code>(isolate()->builtins()->builtin(
|
2011-03-23 13:40:07 +00:00
|
|
|
Builtins::kIllegal));
|
2014-07-07 13:12:29 +00:00
|
|
|
Handle<JSObject> prototype =
|
2014-07-07 13:27:37 +00:00
|
|
|
factory()->NewFunctionPrototype(isolate()->object_function());
|
|
|
|
js_global_object_function = factory()->NewFunction(
|
|
|
|
name, code, prototype, JS_GLOBAL_OBJECT_TYPE, JSGlobalObject::kSize);
|
|
|
|
#ifdef DEBUG
|
|
|
|
LookupIterator it(prototype, factory()->constructor_string(),
|
|
|
|
LookupIterator::CHECK_OWN_REAL);
|
|
|
|
Handle<Object> value = JSReceiver::GetProperty(&it).ToHandleChecked();
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(it.IsFound());
|
|
|
|
DCHECK_EQ(*isolate()->object_function(), *value);
|
2014-07-07 13:27:37 +00:00
|
|
|
#endif
|
2010-03-23 11:40:38 +00:00
|
|
|
} else {
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<FunctionTemplateInfo> js_global_object_constructor(
|
|
|
|
FunctionTemplateInfo::cast(js_global_object_template->constructor()));
|
|
|
|
js_global_object_function =
|
|
|
|
factory()->CreateApiFunction(js_global_object_constructor,
|
2014-04-29 17:48:07 +00:00
|
|
|
factory()->the_hole_value(),
|
2014-07-01 12:12:34 +00:00
|
|
|
factory()->GlobalObjectType);
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
js_global_object_function->initial_map()->set_is_hidden_prototype();
|
|
|
|
js_global_object_function->initial_map()->set_dictionary_map(true);
|
|
|
|
Handle<GlobalObject> global_object =
|
|
|
|
factory()->NewGlobalObject(js_global_object_function);
|
|
|
|
if (global_object_out != NULL) {
|
|
|
|
*global_object_out = global_object;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Step 2: create or re-initialize the global proxy object.
|
|
|
|
Handle<JSFunction> global_proxy_function;
|
2014-07-01 12:12:34 +00:00
|
|
|
if (global_proxy_template.IsEmpty()) {
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> name = Handle<String>(heap()->empty_string());
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<Code> code = Handle<Code>(isolate()->builtins()->builtin(
|
2011-03-23 13:40:07 +00:00
|
|
|
Builtins::kIllegal));
|
2014-05-09 16:42:57 +00:00
|
|
|
global_proxy_function = factory()->NewFunction(
|
2014-05-09 17:39:54 +00:00
|
|
|
name, code, JS_GLOBAL_PROXY_TYPE, JSGlobalProxy::kSize);
|
2010-03-23 11:40:38 +00:00
|
|
|
} else {
|
|
|
|
Handle<ObjectTemplateInfo> data =
|
2014-07-01 12:12:34 +00:00
|
|
|
v8::Utils::OpenHandle(*global_proxy_template);
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<FunctionTemplateInfo> global_constructor(
|
|
|
|
FunctionTemplateInfo::cast(data->constructor()));
|
|
|
|
global_proxy_function =
|
2011-04-14 08:01:19 +00:00
|
|
|
factory()->CreateApiFunction(global_constructor,
|
2014-04-29 17:48:07 +00:00
|
|
|
factory()->the_hole_value(),
|
2014-07-01 12:12:34 +00:00
|
|
|
factory()->GlobalProxyType);
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
|
|
|
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> global_name = factory()->InternalizeOneByteString(
|
2012-12-17 15:56:16 +00:00
|
|
|
STATIC_ASCII_VECTOR("global"));
|
2010-03-23 11:40:38 +00:00
|
|
|
global_proxy_function->shared()->set_instance_class_name(*global_name);
|
|
|
|
global_proxy_function->initial_map()->set_is_access_check_needed(true);
|
|
|
|
|
|
|
|
// Set global_proxy.__proto__ to js_global after ConfigureGlobalObjects
|
|
|
|
// Return the global proxy.
|
|
|
|
|
2014-05-05 18:27:57 +00:00
|
|
|
Handle<JSGlobalProxy> global_proxy;
|
2014-07-01 12:12:34 +00:00
|
|
|
if (maybe_global_proxy.ToHandle(&global_proxy)) {
|
2014-04-15 11:51:34 +00:00
|
|
|
factory()->ReinitializeJSGlobalProxy(global_proxy, global_proxy_function);
|
2010-03-23 11:40:38 +00:00
|
|
|
} else {
|
2014-05-05 18:27:57 +00:00
|
|
|
global_proxy = Handle<JSGlobalProxy>::cast(
|
2011-04-14 08:01:19 +00:00
|
|
|
factory()->NewJSObject(global_proxy_function, TENURED));
|
2014-05-05 18:27:57 +00:00
|
|
|
global_proxy->set_hash(heap()->undefined_value());
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
2014-05-05 18:27:57 +00:00
|
|
|
return global_proxy;
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
void Genesis::HookUpGlobalProxy(Handle<GlobalObject> global_object,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<JSGlobalProxy> global_proxy) {
|
2012-08-17 09:03:08 +00:00
|
|
|
// Set the native context for the global object.
|
2014-07-01 12:12:34 +00:00
|
|
|
global_object->set_native_context(*native_context());
|
|
|
|
global_object->set_global_context(*native_context());
|
|
|
|
global_object->set_global_proxy(*global_proxy);
|
2012-08-20 11:35:50 +00:00
|
|
|
global_proxy->set_native_context(*native_context());
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_global_proxy(*global_proxy);
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
void Genesis::HookUpGlobalObject(Handle<GlobalObject> global_object) {
|
|
|
|
Handle<GlobalObject> global_object_from_snapshot(
|
2013-03-18 17:36:47 +00:00
|
|
|
GlobalObject::cast(native_context()->extension()));
|
|
|
|
Handle<JSBuiltinsObject> builtins_global(native_context()->builtins());
|
2014-07-01 12:12:34 +00:00
|
|
|
native_context()->set_extension(*global_object);
|
|
|
|
native_context()->set_global_object(*global_object);
|
|
|
|
native_context()->set_security_token(*global_object);
|
2010-03-23 11:40:38 +00:00
|
|
|
static const PropertyAttributes attributes =
|
|
|
|
static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE);
|
2014-06-27 13:48:37 +00:00
|
|
|
Runtime::DefineObjectProperty(builtins_global,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("global")),
|
2014-07-01 12:12:34 +00:00
|
|
|
global_object,
|
2014-06-27 13:48:37 +00:00
|
|
|
attributes).Assert();
|
2012-01-13 13:09:52 +00:00
|
|
|
// Set up the reference from the global object to the builtins object.
|
2014-07-01 12:12:34 +00:00
|
|
|
JSGlobalObject::cast(*global_object)->set_builtins(*builtins_global);
|
|
|
|
TransferNamedProperties(global_object_from_snapshot, global_object);
|
|
|
|
TransferIndexedProperties(global_object_from_snapshot, global_object);
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// This is only called if we are not using snapshots. The equivalent
|
2014-07-01 12:12:34 +00:00
|
|
|
// work in the snapshot case is done in HookUpGlobalObject.
|
|
|
|
void Genesis::InitializeGlobal(Handle<GlobalObject> global_object,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<JSFunction> empty_function) {
|
2013-10-14 13:25:36 +00:00
|
|
|
// --- N a t i v e C o n t e x t ---
|
2010-03-23 11:40:38 +00:00
|
|
|
// Use the empty function as closure (no scope info).
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_closure(*empty_function);
|
|
|
|
native_context()->set_previous(NULL);
|
2010-03-23 11:40:38 +00:00
|
|
|
// Set extension and global object.
|
2014-07-01 12:12:34 +00:00
|
|
|
native_context()->set_extension(*global_object);
|
|
|
|
native_context()->set_global_object(*global_object);
|
|
|
|
// Security setup: Set the security token of the native context to the global
|
|
|
|
// object. This makes the security check between two different contexts fail
|
|
|
|
// by default even in case of global object reinitialization.
|
|
|
|
native_context()->set_security_token(*global_object);
|
|
|
|
|
|
|
|
Isolate* isolate = global_object->GetIsolate();
|
2011-03-28 13:09:37 +00:00
|
|
|
Factory* factory = isolate->factory();
|
|
|
|
Heap* heap = isolate->heap();
|
|
|
|
|
2013-05-13 10:59:00 +00:00
|
|
|
Handle<String> object_name = factory->Object_string();
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(
|
2014-07-01 12:12:34 +00:00
|
|
|
global_object, object_name, isolate->object_function(), DONT_ENUM);
|
2010-03-23 11:40:38 +00:00
|
|
|
|
2014-05-09 17:21:51 +00:00
|
|
|
Handle<JSObject> global(native_context()->global_object());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Install global Function object
|
|
|
|
InstallFunction(global, "Function", JS_FUNCTION_TYPE, JSFunction::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
empty_function, Builtins::kIllegal);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
{ // --- A r r a y ---
|
|
|
|
Handle<JSFunction> array_function =
|
|
|
|
InstallFunction(global, "Array", JS_ARRAY_TYPE, JSArray::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kArrayCode);
|
2008-09-16 10:12:32 +00:00
|
|
|
array_function->shared()->DontAdaptArguments();
|
2013-06-19 09:25:24 +00:00
|
|
|
array_function->shared()->set_function_data(Smi::FromInt(kArrayCode));
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// This seems a bit hackish, but we need to make sure Array.length
|
|
|
|
// is 1.
|
|
|
|
array_function->shared()->set_length(1);
|
2012-07-18 14:00:58 +00:00
|
|
|
|
2012-08-13 08:43:16 +00:00
|
|
|
Handle<Map> initial_map(array_function->initial_map());
|
2013-06-28 13:16:14 +00:00
|
|
|
|
|
|
|
// This assert protects an optimization in
|
|
|
|
// HGraphBuilder::JSArrayBuilder::EmitMapCode()
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(initial_map->elements_kind() == GetInitialFastElementsKind());
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(initial_map, 1);
|
2012-07-23 16:18:25 +00:00
|
|
|
|
2012-07-18 14:00:58 +00:00
|
|
|
PropertyAttributes attribs = static_cast<PropertyAttributes>(
|
|
|
|
DONT_ENUM | DONT_DELETE);
|
|
|
|
|
2014-04-28 14:59:29 +00:00
|
|
|
Handle<AccessorInfo> array_length =
|
|
|
|
Accessors::ArrayLengthInfo(isolate, attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{ // Add length.
|
2014-04-28 14:59:29 +00:00
|
|
|
CallbacksDescriptor d(
|
|
|
|
Handle<Name>(Name::cast(array_length->name())),
|
|
|
|
array_length, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
array_function->initial_map()->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// array_function is used internally. JS code creating array object should
|
|
|
|
// search for the 'Array' property on the global object and use that one
|
|
|
|
// as the constructor. 'Array' property on a global object can be
|
|
|
|
// overwritten by JS code.
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_array_function(*array_function);
|
2013-04-25 16:00:32 +00:00
|
|
|
|
2013-06-25 16:31:07 +00:00
|
|
|
// Cache the array maps, needed by ArrayConstructorStub
|
|
|
|
CacheInitialJSArrayMaps(native_context(), initial_map);
|
|
|
|
ArrayConstructorStub array_constructor_stub(isolate);
|
2014-04-24 12:07:40 +00:00
|
|
|
Handle<Code> code = array_constructor_stub.GetCode();
|
2013-06-25 16:31:07 +00:00
|
|
|
array_function->shared()->set_construct_stub(*code);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- N u m b e r ---
|
|
|
|
Handle<JSFunction> number_fun =
|
|
|
|
InstallFunction(global, "Number", JS_VALUE_TYPE, JSValue::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_number_function(*number_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- B o o l e a n ---
|
|
|
|
Handle<JSFunction> boolean_fun =
|
|
|
|
InstallFunction(global, "Boolean", JS_VALUE_TYPE, JSValue::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_boolean_function(*boolean_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- S t r i n g ---
|
|
|
|
Handle<JSFunction> string_fun =
|
|
|
|
InstallFunction(global, "String", JS_VALUE_TYPE, JSValue::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2010-08-26 13:59:37 +00:00
|
|
|
string_fun->shared()->set_construct_stub(
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->builtins()->builtin(Builtins::kStringConstructCode));
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_string_function(*string_fun);
|
2012-07-18 14:00:58 +00:00
|
|
|
|
2012-07-19 10:01:52 +00:00
|
|
|
Handle<Map> string_map =
|
2012-08-17 09:03:08 +00:00
|
|
|
Handle<Map>(native_context()->string_function()->initial_map());
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(string_map, 1);
|
2012-07-23 16:18:25 +00:00
|
|
|
|
2012-07-18 14:00:58 +00:00
|
|
|
PropertyAttributes attribs = static_cast<PropertyAttributes>(
|
|
|
|
DONT_ENUM | DONT_DELETE | READ_ONLY);
|
2014-04-15 13:25:17 +00:00
|
|
|
Handle<AccessorInfo> string_length(
|
|
|
|
Accessors::StringLengthInfo(isolate, attribs));
|
2012-07-18 14:00:58 +00:00
|
|
|
|
|
|
|
{ // Add length.
|
2014-04-09 14:26:32 +00:00
|
|
|
CallbacksDescriptor d(factory->length_string(), string_length, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
string_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- D a t e ---
|
|
|
|
// Builtin functions for Date.prototype.
|
|
|
|
Handle<JSFunction> date_fun =
|
2012-03-09 11:11:55 +00:00
|
|
|
InstallFunction(global, "Date", JS_DATE_TYPE, JSDate::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_date_function(*date_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
{ // -- R e g E x p
|
|
|
|
// Builtin functions for RegExp.prototype.
|
|
|
|
Handle<JSFunction> regexp_fun =
|
2008-09-23 11:45:43 +00:00
|
|
|
InstallFunction(global, "RegExp", JS_REGEXP_TYPE, JSRegExp::kSize,
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_regexp_function(*regexp_fun);
|
2010-03-26 14:19:47 +00:00
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(regexp_fun->has_initial_map());
|
2010-03-26 14:19:47 +00:00
|
|
|
Handle<Map> initial_map(regexp_fun->initial_map());
|
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK_EQ(0, initial_map->inobject_properties());
|
2010-03-26 14:19:47 +00:00
|
|
|
|
|
|
|
PropertyAttributes final =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(initial_map, 5);
|
2012-07-19 10:01:52 +00:00
|
|
|
|
2010-03-26 14:19:47 +00:00
|
|
|
{
|
|
|
|
// ECMA-262, section 15.10.7.1.
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor field(factory->source_string(),
|
2010-03-26 14:19:47 +00:00
|
|
|
JSRegExp::kSourceFieldIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
final,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&field);
|
2010-03-26 14:19:47 +00:00
|
|
|
}
|
|
|
|
{
|
|
|
|
// ECMA-262, section 15.10.7.2.
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor field(factory->global_string(),
|
2010-03-26 14:19:47 +00:00
|
|
|
JSRegExp::kGlobalFieldIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
final,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&field);
|
2010-03-26 14:19:47 +00:00
|
|
|
}
|
|
|
|
{
|
|
|
|
// ECMA-262, section 15.10.7.3.
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor field(factory->ignore_case_string(),
|
2010-03-26 14:19:47 +00:00
|
|
|
JSRegExp::kIgnoreCaseFieldIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
final,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&field);
|
2010-03-26 14:19:47 +00:00
|
|
|
}
|
|
|
|
{
|
|
|
|
// ECMA-262, section 15.10.7.4.
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor field(factory->multiline_string(),
|
2010-03-26 14:19:47 +00:00
|
|
|
JSRegExp::kMultilineFieldIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
final,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&field);
|
2010-03-26 14:19:47 +00:00
|
|
|
}
|
|
|
|
{
|
|
|
|
// ECMA-262, section 15.10.7.5.
|
|
|
|
PropertyAttributes writable =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor field(factory->last_index_string(),
|
2010-03-26 14:19:47 +00:00
|
|
|
JSRegExp::kLastIndexFieldIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
writable,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&field);
|
2010-03-26 14:19:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
initial_map->set_inobject_properties(5);
|
|
|
|
initial_map->set_pre_allocated_property_fields(5);
|
|
|
|
initial_map->set_unused_property_fields(0);
|
|
|
|
initial_map->set_instance_size(
|
|
|
|
initial_map->instance_size() + 5 * kPointerSize);
|
2010-08-11 14:30:14 +00:00
|
|
|
initial_map->set_visitor_id(StaticVisitorBase::GetVisitorId(*initial_map));
|
2011-09-26 08:42:01 +00:00
|
|
|
|
|
|
|
// RegExp prototype object is itself a RegExp.
|
2014-04-01 17:43:20 +00:00
|
|
|
Handle<Map> proto_map = Map::Copy(initial_map);
|
2012-08-17 09:03:08 +00:00
|
|
|
proto_map->set_prototype(native_context()->initial_object_prototype());
|
2011-09-26 08:42:01 +00:00
|
|
|
Handle<JSObject> proto = factory->NewJSObjectFromMap(proto_map);
|
|
|
|
proto->InObjectPropertyAtPut(JSRegExp::kSourceFieldIndex,
|
2013-02-28 17:03:34 +00:00
|
|
|
heap->query_colon_string());
|
2011-09-26 08:42:01 +00:00
|
|
|
proto->InObjectPropertyAtPut(JSRegExp::kGlobalFieldIndex,
|
|
|
|
heap->false_value());
|
|
|
|
proto->InObjectPropertyAtPut(JSRegExp::kIgnoreCaseFieldIndex,
|
|
|
|
heap->false_value());
|
|
|
|
proto->InObjectPropertyAtPut(JSRegExp::kMultilineFieldIndex,
|
|
|
|
heap->false_value());
|
|
|
|
proto->InObjectPropertyAtPut(JSRegExp::kLastIndexFieldIndex,
|
|
|
|
Smi::FromInt(0),
|
|
|
|
SKIP_WRITE_BARRIER); // It's a Smi.
|
|
|
|
initial_map->set_prototype(*proto);
|
|
|
|
factory->SetRegExpIrregexpData(Handle<JSRegExp>::cast(proto),
|
|
|
|
JSRegExp::IRREGEXP, factory->empty_string(),
|
|
|
|
JSRegExp::Flags(0), 0);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2009-04-24 08:13:09 +00:00
|
|
|
{ // -- J S O N
|
2013-09-25 15:11:48 +00:00
|
|
|
Handle<String> name = factory->InternalizeUtf8String("JSON");
|
2014-05-09 16:39:33 +00:00
|
|
|
Handle<JSFunction> cons = factory->NewFunction(name);
|
2013-07-18 07:59:48 +00:00
|
|
|
JSFunction::SetInstancePrototype(cons,
|
|
|
|
Handle<Object>(native_context()->initial_object_prototype(), isolate));
|
2009-04-24 08:13:09 +00:00
|
|
|
cons->SetInstanceClassName(*name);
|
2011-03-28 13:09:37 +00:00
|
|
|
Handle<JSObject> json_object = factory->NewJSObject(cons, TENURED);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(json_object->IsJSObject());
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(global, name, json_object, DONT_ENUM);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_json_object(*json_object);
|
2009-04-24 08:13:09 +00:00
|
|
|
}
|
|
|
|
|
2014-06-06 08:15:05 +00:00
|
|
|
{ // -- A r r a y B u f f e r
|
2013-08-20 13:55:52 +00:00
|
|
|
Handle<JSFunction> array_buffer_fun =
|
|
|
|
InstallFunction(
|
|
|
|
global, "ArrayBuffer", JS_ARRAY_BUFFER_TYPE,
|
|
|
|
JSArrayBuffer::kSizeWithInternalFields,
|
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2013-08-20 13:55:52 +00:00
|
|
|
native_context()->set_array_buffer_fun(*array_buffer_fun);
|
|
|
|
}
|
|
|
|
|
2014-06-06 08:15:05 +00:00
|
|
|
{ // -- T y p e d A r r a y s
|
2014-01-24 16:01:15 +00:00
|
|
|
#define INSTALL_TYPED_ARRAY(Type, type, TYPE, ctype, size) \
|
|
|
|
{ \
|
2014-04-22 12:24:28 +00:00
|
|
|
Handle<JSFunction> fun; \
|
|
|
|
Handle<Map> external_map; \
|
|
|
|
InstallTypedArray(#Type "Array", \
|
|
|
|
TYPE##_ELEMENTS, \
|
|
|
|
&fun, \
|
|
|
|
&external_map); \
|
2014-01-24 16:01:15 +00:00
|
|
|
native_context()->set_##type##_array_fun(*fun); \
|
2014-04-22 12:24:28 +00:00
|
|
|
native_context()->set_##type##_array_external_map(*external_map); \
|
2014-01-24 16:01:15 +00:00
|
|
|
}
|
|
|
|
TYPED_ARRAYS(INSTALL_TYPED_ARRAY)
|
|
|
|
#undef INSTALL_TYPED_ARRAY
|
2013-08-20 13:55:52 +00:00
|
|
|
|
|
|
|
Handle<JSFunction> data_view_fun =
|
|
|
|
InstallFunction(
|
|
|
|
global, "DataView", JS_DATA_VIEW_TYPE,
|
|
|
|
JSDataView::kSizeWithInternalFields,
|
|
|
|
isolate->initial_object_prototype(),
|
2014-05-09 17:21:51 +00:00
|
|
|
Builtins::kIllegal);
|
2013-08-20 13:55:52 +00:00
|
|
|
native_context()->set_data_view_fun(*data_view_fun);
|
|
|
|
}
|
|
|
|
|
2014-05-09 16:34:58 +00:00
|
|
|
// -- W e a k M a p
|
|
|
|
InstallFunction(global, "WeakMap", JS_WEAK_MAP_TYPE, JSWeakMap::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate->initial_object_prototype(), Builtins::kIllegal);
|
2014-05-09 16:34:58 +00:00
|
|
|
// -- W e a k S e t
|
|
|
|
InstallFunction(global, "WeakSet", JS_WEAK_SET_TYPE, JSWeakSet::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate->initial_object_prototype(), Builtins::kIllegal);
|
2014-05-06 14:48:34 +00:00
|
|
|
|
2014-08-04 18:17:54 +00:00
|
|
|
{
|
|
|
|
// --- S y m b o l ---
|
|
|
|
Handle<JSFunction> symbol_fun = InstallFunction(
|
|
|
|
global, "Symbol", JS_VALUE_TYPE, JSValue::kSize,
|
|
|
|
isolate->initial_object_prototype(), Builtins::kIllegal);
|
|
|
|
native_context()->set_symbol_function(*symbol_fun);
|
|
|
|
}
|
|
|
|
|
2014-07-07 13:27:37 +00:00
|
|
|
{ // --- sloppy arguments map
|
2008-07-03 15:10:15 +00:00
|
|
|
// Make sure we can recognize argument objects at runtime.
|
|
|
|
// This is done by introducing an anonymous function with
|
|
|
|
// class_name equals 'Arguments'.
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> arguments_string = factory->InternalizeOneByteString(
|
2012-12-17 15:56:16 +00:00
|
|
|
STATIC_ASCII_VECTOR("Arguments"));
|
2014-04-22 08:30:09 +00:00
|
|
|
Handle<Code> code(isolate->builtins()->builtin(Builtins::kIllegal));
|
2014-05-09 17:39:54 +00:00
|
|
|
Handle<JSFunction> function = factory->NewFunctionWithoutPrototype(
|
|
|
|
arguments_string, code);
|
2014-07-07 13:12:29 +00:00
|
|
|
function->shared()->set_instance_class_name(*arguments_string);
|
2011-03-17 20:28:41 +00:00
|
|
|
|
2014-07-07 13:27:37 +00:00
|
|
|
Handle<Map> map =
|
|
|
|
factory->NewMap(JS_OBJECT_TYPE, Heap::kSloppyArgumentsObjectSize);
|
|
|
|
// Create the descriptor array for the arguments object.
|
|
|
|
Map::EnsureDescriptorSlack(map, 2);
|
|
|
|
|
|
|
|
{ // length
|
|
|
|
FieldDescriptor d(factory->length_string(), Heap::kArgumentsLengthIndex,
|
|
|
|
DONT_ENUM, Representation::Tagged());
|
|
|
|
map->AppendDescriptor(&d);
|
|
|
|
}
|
|
|
|
{ // callee
|
|
|
|
FieldDescriptor d(factory->callee_string(), Heap::kArgumentsCalleeIndex,
|
|
|
|
DONT_ENUM, Representation::Tagged());
|
|
|
|
map->AppendDescriptor(&d);
|
|
|
|
}
|
|
|
|
|
|
|
|
map->set_function_with_prototype(true);
|
|
|
|
map->set_prototype(native_context()->object_function()->prototype());
|
|
|
|
map->set_pre_allocated_property_fields(2);
|
|
|
|
map->set_inobject_properties(2);
|
|
|
|
native_context()->set_sloppy_arguments_map(*map);
|
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!function->has_initial_map());
|
2014-07-07 13:27:37 +00:00
|
|
|
function->set_initial_map(*map);
|
|
|
|
map->set_constructor(*function);
|
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(map->inobject_properties() > Heap::kArgumentsCalleeIndex);
|
|
|
|
DCHECK(map->inobject_properties() > Heap::kArgumentsLengthIndex);
|
|
|
|
DCHECK(!map->is_dictionary_map());
|
|
|
|
DCHECK(IsFastObjectElementsKind(map->elements_kind()));
|
2014-07-07 12:21:01 +00:00
|
|
|
}
|
|
|
|
|
2014-07-07 13:27:37 +00:00
|
|
|
{ // --- aliased arguments map
|
|
|
|
Handle<Map> map = Map::Copy(isolate->sloppy_arguments_map());
|
|
|
|
map->set_elements_kind(SLOPPY_ARGUMENTS_ELEMENTS);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK_EQ(2, map->pre_allocated_property_fields());
|
2014-07-07 13:27:37 +00:00
|
|
|
native_context()->set_aliased_arguments_map(*map);
|
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- strict mode arguments map
|
2011-03-17 20:28:41 +00:00
|
|
|
const PropertyAttributes attributes =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
|
|
|
|
|
|
|
|
// Create the ThrowTypeError functions.
|
2012-01-10 16:11:33 +00:00
|
|
|
Handle<AccessorPair> callee = factory->NewAccessorPair();
|
|
|
|
Handle<AccessorPair> caller = factory->NewAccessorPair();
|
2011-03-17 20:28:41 +00:00
|
|
|
|
2014-05-19 10:47:00 +00:00
|
|
|
Handle<JSFunction> poison = GetStrictPoisonFunction();
|
2011-03-17 20:28:41 +00:00
|
|
|
|
|
|
|
// Install the ThrowTypeError functions.
|
2014-05-19 10:47:00 +00:00
|
|
|
callee->set_getter(*poison);
|
|
|
|
callee->set_setter(*poison);
|
|
|
|
caller->set_getter(*poison);
|
|
|
|
caller->set_setter(*poison);
|
2011-03-17 20:28:41 +00:00
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
// Create the map. Allocate one in-object field for length.
|
|
|
|
Handle<Map> map = factory->NewMap(JS_OBJECT_TYPE,
|
2014-03-11 14:41:22 +00:00
|
|
|
Heap::kStrictArgumentsObjectSize);
|
2011-03-17 20:28:41 +00:00
|
|
|
// Create the descriptor array for the arguments object.
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(map, 3);
|
2012-07-19 10:01:52 +00:00
|
|
|
|
2011-03-17 20:28:41 +00:00
|
|
|
{ // length
|
2014-07-07 13:27:37 +00:00
|
|
|
FieldDescriptor d(factory->length_string(), Heap::kArgumentsLengthIndex,
|
|
|
|
DONT_ENUM, Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:41 +00:00
|
|
|
}
|
|
|
|
{ // callee
|
2014-07-07 13:27:37 +00:00
|
|
|
CallbacksDescriptor d(factory->callee_string(), callee, attributes);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:41 +00:00
|
|
|
}
|
|
|
|
{ // caller
|
2014-07-07 13:27:37 +00:00
|
|
|
CallbacksDescriptor d(factory->caller_string(), caller, attributes);
|
2014-04-11 12:13:53 +00:00
|
|
|
map->AppendDescriptor(&d);
|
2011-03-17 20:28:41 +00:00
|
|
|
}
|
2012-07-18 15:38:58 +00:00
|
|
|
|
2011-03-17 20:28:41 +00:00
|
|
|
map->set_function_with_prototype(true);
|
2012-08-17 09:03:08 +00:00
|
|
|
map->set_prototype(native_context()->object_function()->prototype());
|
2011-03-17 20:28:41 +00:00
|
|
|
map->set_pre_allocated_property_fields(1);
|
|
|
|
map->set_inobject_properties(1);
|
|
|
|
|
2014-03-11 14:39:08 +00:00
|
|
|
// Copy constructor from the sloppy arguments boilerplate.
|
2011-03-17 20:28:41 +00:00
|
|
|
map->set_constructor(
|
2014-07-07 13:27:37 +00:00
|
|
|
native_context()->sloppy_arguments_map()->constructor());
|
2014-07-07 13:12:29 +00:00
|
|
|
|
2014-07-07 13:27:37 +00:00
|
|
|
native_context()->set_strict_arguments_map(*map);
|
2008-10-23 08:46:32 +00:00
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(map->inobject_properties() > Heap::kArgumentsLengthIndex);
|
|
|
|
DCHECK(!map->is_dictionary_map());
|
|
|
|
DCHECK(IsFastObjectElementsKind(map->elements_kind()));
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{ // --- context extension
|
|
|
|
// Create a function for the context extension objects.
|
2011-03-18 20:35:07 +00:00
|
|
|
Handle<Code> code = Handle<Code>(
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->builtins()->builtin(Builtins::kIllegal));
|
2014-05-09 16:42:57 +00:00
|
|
|
Handle<JSFunction> context_extension_fun = factory->NewFunction(
|
2014-05-09 17:39:54 +00:00
|
|
|
factory->empty_string(), code, JS_CONTEXT_EXTENSION_OBJECT_TYPE,
|
|
|
|
JSObject::kHeaderSize);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> name = factory->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("context_extension"));
|
2008-07-03 15:10:15 +00:00
|
|
|
context_extension_fun->shared()->set_instance_class_name(*name);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_context_extension_function(*context_extension_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2009-05-20 19:33:44 +00:00
|
|
|
|
|
|
|
{
|
2011-08-30 09:35:20 +00:00
|
|
|
// Set up the call-as-function delegate.
|
2009-05-20 19:33:44 +00:00
|
|
|
Handle<Code> code =
|
2011-03-28 13:09:37 +00:00
|
|
|
Handle<Code>(isolate->builtins()->builtin(
|
2011-03-23 13:40:07 +00:00
|
|
|
Builtins::kHandleApiCallAsFunction));
|
2014-05-09 16:42:57 +00:00
|
|
|
Handle<JSFunction> delegate = factory->NewFunction(
|
2014-05-09 17:39:54 +00:00
|
|
|
factory->empty_string(), code, JS_OBJECT_TYPE, JSObject::kHeaderSize);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_call_as_function_delegate(*delegate);
|
2009-05-20 19:33:44 +00:00
|
|
|
delegate->shared()->DontAdaptArguments();
|
|
|
|
}
|
|
|
|
|
|
|
|
{
|
2011-08-30 09:35:20 +00:00
|
|
|
// Set up the call-as-constructor delegate.
|
2009-05-20 19:33:44 +00:00
|
|
|
Handle<Code> code =
|
2011-03-28 13:09:37 +00:00
|
|
|
Handle<Code>(isolate->builtins()->builtin(
|
2011-03-23 13:40:07 +00:00
|
|
|
Builtins::kHandleApiCallAsConstructor));
|
2014-05-09 16:42:57 +00:00
|
|
|
Handle<JSFunction> delegate = factory->NewFunction(
|
2014-05-09 17:39:54 +00:00
|
|
|
factory->empty_string(), code, JS_OBJECT_TYPE, JSObject::kHeaderSize);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_call_as_constructor_delegate(*delegate);
|
2009-05-20 19:33:44 +00:00
|
|
|
delegate->shared()->DontAdaptArguments();
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-11-13 12:27:03 +00:00
|
|
|
// Initialize the embedder data slot.
|
2013-12-18 08:45:17 +00:00
|
|
|
Handle<FixedArray> embedder_data = factory->NewFixedArray(3);
|
2012-11-13 12:27:03 +00:00
|
|
|
native_context()->set_embedder_data(*embedder_data);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-04-22 12:24:28 +00:00
|
|
|
void Genesis::InstallTypedArray(
|
|
|
|
const char* name,
|
|
|
|
ElementsKind elements_kind,
|
|
|
|
Handle<JSFunction>* fun,
|
|
|
|
Handle<Map>* external_map) {
|
2013-04-16 14:16:30 +00:00
|
|
|
Handle<JSObject> global = Handle<JSObject>(native_context()->global_object());
|
2014-05-09 17:21:51 +00:00
|
|
|
Handle<JSFunction> result = InstallFunction(
|
|
|
|
global, name, JS_TYPED_ARRAY_TYPE, JSTypedArray::kSize,
|
|
|
|
isolate()->initial_object_prototype(), Builtins::kIllegal);
|
2013-05-15 15:23:53 +00:00
|
|
|
|
|
|
|
Handle<Map> initial_map = isolate()->factory()->NewMap(
|
2014-04-22 12:24:28 +00:00
|
|
|
JS_TYPED_ARRAY_TYPE,
|
|
|
|
JSTypedArray::kSizeWithInternalFields,
|
|
|
|
elements_kind);
|
2013-05-15 15:23:53 +00:00
|
|
|
result->set_initial_map(*initial_map);
|
|
|
|
initial_map->set_constructor(*result);
|
2014-04-22 12:24:28 +00:00
|
|
|
*fun = result;
|
|
|
|
|
|
|
|
ElementsKind external_kind = GetNextTransitionElementsKind(elements_kind);
|
|
|
|
*external_map = Map::AsElementsKind(initial_map, external_kind);
|
2013-04-16 14:16:30 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-03 11:55:13 +00:00
|
|
|
void Genesis::InitializeExperimentalGlobal() {
|
2012-08-17 12:59:00 +00:00
|
|
|
Handle<JSObject> global = Handle<JSObject>(native_context()->global_object());
|
2011-08-03 11:55:13 +00:00
|
|
|
|
2011-08-03 12:23:55 +00:00
|
|
|
// TODO(mstarzinger): Move this into Genesis::InitializeGlobal once we no
|
2013-03-22 16:33:50 +00:00
|
|
|
// longer need to live behind flags, so functions get added to the snapshot.
|
|
|
|
|
2011-10-25 14:14:56 +00:00
|
|
|
if (FLAG_harmony_collections) {
|
2014-05-09 16:34:58 +00:00
|
|
|
// -- M a p
|
|
|
|
InstallFunction(global, "Map", JS_MAP_TYPE, JSMap::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate()->initial_object_prototype(), Builtins::kIllegal);
|
2014-05-09 16:34:58 +00:00
|
|
|
// -- S e t
|
|
|
|
InstallFunction(global, "Set", JS_SET_TYPE, JSSet::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate()->initial_object_prototype(), Builtins::kIllegal);
|
2014-04-17 17:45:32 +00:00
|
|
|
{ // -- S e t I t e r a t o r
|
2014-06-03 00:34:01 +00:00
|
|
|
Handle<JSObject> builtins(native_context()->builtins());
|
|
|
|
Handle<JSFunction> set_iterator_function =
|
|
|
|
InstallFunction(builtins, "SetIterator", JS_SET_ITERATOR_TYPE,
|
|
|
|
JSSetIterator::kSize,
|
|
|
|
isolate()->initial_object_prototype(),
|
|
|
|
Builtins::kIllegal);
|
|
|
|
native_context()->set_set_iterator_map(
|
|
|
|
set_iterator_function->initial_map());
|
2014-04-17 17:45:32 +00:00
|
|
|
}
|
|
|
|
{ // -- M a p I t e r a t o r
|
2014-06-03 00:34:01 +00:00
|
|
|
Handle<JSObject> builtins(native_context()->builtins());
|
|
|
|
Handle<JSFunction> map_iterator_function =
|
|
|
|
InstallFunction(builtins, "MapIterator", JS_MAP_ITERATOR_TYPE,
|
|
|
|
JSMapIterator::kSize,
|
|
|
|
isolate()->initial_object_prototype(),
|
|
|
|
Builtins::kIllegal);
|
|
|
|
native_context()->set_map_iterator_map(
|
|
|
|
map_iterator_function->initial_map());
|
2014-04-17 17:45:32 +00:00
|
|
|
}
|
2014-03-18 09:57:14 +00:00
|
|
|
}
|
|
|
|
|
2013-04-11 16:28:19 +00:00
|
|
|
if (FLAG_harmony_generators) {
|
|
|
|
// Create generator meta-objects and install them on the builtins object.
|
|
|
|
Handle<JSObject> builtins(native_context()->builtins());
|
|
|
|
Handle<JSObject> generator_object_prototype =
|
|
|
|
factory()->NewJSObject(isolate()->object_function(), TENURED);
|
2014-05-09 17:21:51 +00:00
|
|
|
Handle<JSFunction> generator_function_prototype = InstallFunction(
|
|
|
|
builtins, "GeneratorFunctionPrototype", JS_FUNCTION_TYPE,
|
|
|
|
JSFunction::kHeaderSize, generator_object_prototype,
|
|
|
|
Builtins::kIllegal);
|
2013-04-11 16:28:19 +00:00
|
|
|
InstallFunction(builtins, "GeneratorFunction",
|
|
|
|
JS_FUNCTION_TYPE, JSFunction::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
generator_function_prototype, Builtins::kIllegal);
|
2013-04-11 16:28:19 +00:00
|
|
|
|
|
|
|
// Create maps for generator functions and their prototypes. Store those
|
|
|
|
// maps in the native context.
|
2014-05-19 10:47:00 +00:00
|
|
|
Handle<Map> sloppy_function_map(native_context()->sloppy_function_map());
|
|
|
|
Handle<Map> generator_function_map = Map::Copy(sloppy_function_map);
|
2013-04-11 16:28:19 +00:00
|
|
|
generator_function_map->set_prototype(*generator_function_prototype);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_sloppy_generator_function_map(
|
|
|
|
*generator_function_map);
|
2013-04-11 16:28:19 +00:00
|
|
|
|
2014-05-19 10:47:00 +00:00
|
|
|
// The "arguments" and "caller" instance properties aren't specified, so
|
|
|
|
// technically we could leave them out. They make even less sense for
|
|
|
|
// generators than for functions. Still, the same argument that it makes
|
|
|
|
// sense to keep them around but poisoned in strict mode applies to
|
|
|
|
// generators as well. With poisoned accessors, naive callers can still
|
|
|
|
// iterate over the properties without accessing them.
|
|
|
|
//
|
|
|
|
// We can't use PoisonArgumentsAndCaller because that mutates accessor pairs
|
|
|
|
// in place, and the initial state of the generator function map shares the
|
|
|
|
// accessor pair with sloppy functions. Also the error message should be
|
|
|
|
// different. Also unhappily, we can't use the API accessors to implement
|
|
|
|
// poisoning, because API accessors present themselves as data properties,
|
|
|
|
// not accessor properties, and so getOwnPropertyDescriptor raises an
|
|
|
|
// exception as it tries to get the values. Sadness.
|
|
|
|
Handle<AccessorPair> poison_pair(factory()->NewAccessorPair());
|
|
|
|
PropertyAttributes rw_attribs =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE);
|
2014-05-19 12:31:36 +00:00
|
|
|
Handle<JSFunction> poison_function = GetGeneratorPoisonFunction();
|
|
|
|
poison_pair->set_getter(*poison_function);
|
|
|
|
poison_pair->set_setter(*poison_function);
|
2014-05-19 10:47:00 +00:00
|
|
|
ReplaceAccessors(generator_function_map, factory()->arguments_string(),
|
|
|
|
rw_attribs, poison_pair);
|
|
|
|
ReplaceAccessors(generator_function_map, factory()->caller_string(),
|
|
|
|
rw_attribs, poison_pair);
|
|
|
|
|
|
|
|
Handle<Map> strict_function_map(native_context()->strict_function_map());
|
|
|
|
Handle<Map> strict_generator_function_map = Map::Copy(strict_function_map);
|
|
|
|
// "arguments" and "caller" already poisoned.
|
|
|
|
strict_generator_function_map->set_prototype(*generator_function_prototype);
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_strict_generator_function_map(
|
2014-05-19 10:47:00 +00:00
|
|
|
*strict_generator_function_map);
|
2013-04-11 16:28:19 +00:00
|
|
|
|
2014-04-02 13:30:36 +00:00
|
|
|
Handle<JSFunction> object_function(native_context()->object_function());
|
|
|
|
Handle<Map> generator_object_prototype_map = Map::Create(
|
|
|
|
object_function, 0);
|
2013-04-11 16:28:19 +00:00
|
|
|
generator_object_prototype_map->set_prototype(
|
|
|
|
*generator_object_prototype);
|
|
|
|
native_context()->set_generator_object_prototype_map(
|
|
|
|
*generator_object_prototype_map);
|
2014-04-17 17:45:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (FLAG_harmony_collections || FLAG_harmony_generators) {
|
|
|
|
// Collection forEach uses an iterator result object.
|
|
|
|
// Generators return iteraror result objects.
|
2013-05-07 08:46:42 +00:00
|
|
|
|
2014-04-16 21:19:25 +00:00
|
|
|
STATIC_ASSERT(JSGeneratorObject::kResultPropertyCount == 2);
|
2014-04-17 17:45:32 +00:00
|
|
|
Handle<JSFunction> object_function(native_context()->object_function());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(object_function->initial_map()->inobject_properties() == 0);
|
2014-04-17 17:45:32 +00:00
|
|
|
Handle<Map> iterator_result_map = Map::Create(
|
2014-04-02 13:30:36 +00:00
|
|
|
object_function, JSGeneratorObject::kResultPropertyCount);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(iterator_result_map->inobject_properties() ==
|
2013-05-07 08:46:42 +00:00
|
|
|
JSGeneratorObject::kResultPropertyCount);
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(
|
2014-04-17 17:45:32 +00:00
|
|
|
iterator_result_map, JSGeneratorObject::kResultPropertyCount);
|
2013-05-07 08:46:42 +00:00
|
|
|
|
2014-04-17 17:45:32 +00:00
|
|
|
FieldDescriptor value_descr(isolate()->factory()->value_string(),
|
2013-05-07 08:46:42 +00:00
|
|
|
JSGeneratorObject::kResultValuePropertyIndex,
|
|
|
|
NONE,
|
|
|
|
Representation::Tagged());
|
2014-04-17 17:45:32 +00:00
|
|
|
iterator_result_map->AppendDescriptor(&value_descr);
|
2013-05-07 08:46:42 +00:00
|
|
|
|
2014-04-17 17:45:32 +00:00
|
|
|
FieldDescriptor done_descr(isolate()->factory()->done_string(),
|
2013-05-07 08:46:42 +00:00
|
|
|
JSGeneratorObject::kResultDonePropertyIndex,
|
|
|
|
NONE,
|
|
|
|
Representation::Tagged());
|
2014-04-17 17:45:32 +00:00
|
|
|
iterator_result_map->AppendDescriptor(&done_descr);
|
2013-05-07 08:46:42 +00:00
|
|
|
|
2014-04-17 17:45:32 +00:00
|
|
|
iterator_result_map->set_unused_property_fields(0);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK_EQ(JSGeneratorObject::kResultSize,
|
2014-04-17 17:45:32 +00:00
|
|
|
iterator_result_map->instance_size());
|
|
|
|
native_context()->set_iterator_result_map(*iterator_result_map);
|
2013-04-11 16:28:19 +00:00
|
|
|
}
|
2011-08-03 11:55:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-04-14 08:01:19 +00:00
|
|
|
bool Genesis::CompileBuiltin(Isolate* isolate, int index) {
|
2008-07-03 15:10:15 +00:00
|
|
|
Vector<const char> name = Natives::GetScriptName(index);
|
2011-03-18 20:35:07 +00:00
|
|
|
Handle<String> source_code =
|
2011-04-14 08:01:19 +00:00
|
|
|
isolate->bootstrapper()->NativesSourceLookup(index);
|
2013-02-15 09:27:10 +00:00
|
|
|
return CompileNative(isolate, name, source_code);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-04-15 12:31:03 +00:00
|
|
|
bool Genesis::CompileExperimentalBuiltin(Isolate* isolate, int index) {
|
|
|
|
Vector<const char> name = ExperimentalNatives::GetScriptName(index);
|
|
|
|
Factory* factory = isolate->factory();
|
2014-04-17 13:27:02 +00:00
|
|
|
Handle<String> source_code;
|
|
|
|
ASSIGN_RETURN_ON_EXCEPTION_VALUE(
|
|
|
|
isolate, source_code,
|
2011-06-06 20:47:30 +00:00
|
|
|
factory->NewStringFromAscii(
|
2014-04-17 13:27:02 +00:00
|
|
|
ExperimentalNatives::GetRawScriptSource(index)),
|
|
|
|
false);
|
2013-02-15 09:27:10 +00:00
|
|
|
return CompileNative(isolate, name, source_code);
|
2011-04-15 12:31:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-02-15 09:27:10 +00:00
|
|
|
bool Genesis::CompileNative(Isolate* isolate,
|
|
|
|
Vector<const char> name,
|
|
|
|
Handle<String> source) {
|
|
|
|
HandleScope scope(isolate);
|
2014-06-02 11:41:50 +00:00
|
|
|
SuppressDebug compiling_natives(isolate->debug());
|
2014-03-28 14:16:11 +00:00
|
|
|
// During genesis, the boilerplate for stack overflow won't work until the
|
|
|
|
// environment has been at least partially initialized. Add a stack check
|
|
|
|
// before entering JS code to catch overflow early.
|
|
|
|
StackLimitCheck check(isolate);
|
|
|
|
if (check.HasOverflowed()) return false;
|
2012-04-03 15:54:07 +00:00
|
|
|
|
2013-02-15 09:27:10 +00:00
|
|
|
bool result = CompileScriptCached(isolate,
|
|
|
|
name,
|
2010-03-23 11:40:38 +00:00
|
|
|
source,
|
|
|
|
NULL,
|
|
|
|
NULL,
|
2011-03-18 20:35:07 +00:00
|
|
|
Handle<Context>(isolate->context()),
|
2010-03-23 11:40:38 +00:00
|
|
|
true);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(isolate->has_pending_exception() != result);
|
2011-03-18 20:35:07 +00:00
|
|
|
if (!result) isolate->clear_pending_exception();
|
2008-07-03 15:10:15 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-02-15 09:27:10 +00:00
|
|
|
bool Genesis::CompileScriptCached(Isolate* isolate,
|
|
|
|
Vector<const char> name,
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<String> source,
|
|
|
|
SourceCodeCache* cache,
|
|
|
|
v8::Extension* extension,
|
2010-03-23 11:40:38 +00:00
|
|
|
Handle<Context> top_context,
|
2008-07-03 15:10:15 +00:00
|
|
|
bool use_runtime_context) {
|
2013-02-15 09:27:10 +00:00
|
|
|
Factory* factory = isolate->factory();
|
|
|
|
HandleScope scope(isolate);
|
2010-03-23 06:04:44 +00:00
|
|
|
Handle<SharedFunctionInfo> function_info;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// If we can't find the function in the cache, we compile a new
|
|
|
|
// function and insert it into the cache.
|
2010-03-23 11:40:38 +00:00
|
|
|
if (cache == NULL || !cache->Lookup(name, &function_info)) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(source->IsOneByteRepresentation());
|
2014-04-17 13:27:02 +00:00
|
|
|
Handle<String> script_name =
|
|
|
|
factory->NewStringFromUtf8(name).ToHandleChecked();
|
2013-12-23 14:30:35 +00:00
|
|
|
function_info = Compiler::CompileScript(
|
Change ScriptCompiler::CompileOptions to allow for two 'cache' modes
(parser or code) and to be explicit about cache consumption or production
(rather than making presence of cached_data imply one or the other.)
Also add a --cache flag to d8, to allow testing the functionality.
-----------------------------
API change
Reason: Currently, V8 supports a 'parser cache' for repeatedly executing the same script. We'd like to add a 2nd mode that would cache code, and would like to let the embedder decide which mode they chose (if any).
Note: Previously, the 'use cached data' property was implied by the presence of the cached data itself. (That is, kNoCompileOptions and source->cached_data != NULL.) That is no longer sufficient, since the presence of data is no longer sufficient to determine /which kind/ of data is present.
Changes from old behaviour:
- If you previously didn't use caching, nothing changes.
Example:
v8::CompileUnbound(isolate, source, kNoCompileOptions);
- If you previously used caching, it worked like this:
- 1st run:
v8::CompileUnbound(isolate, source, kProduceToCache);
Then, source->cached_data would contain the
data-to-be cached. This remains the same, except you
need to tell V8 which type of data you want.
v8::CompileUnbound(isolate, source, kProduceParserCache);
- 2nd run:
v8::CompileUnbound(isolate, source, kNoCompileOptions);
with source->cached_data set to the data you received in
the first run. This will now ignore the cached data, and
you need to explicitly tell V8 to use it:
v8::CompileUnbound(isolate, source, kConsumeParserCache);
-----------------------------
BUG=
R=marja@chromium.org, yangguo@chromium.org
Review URL: https://codereview.chromium.org/389573006
git-svn-id: https://v8.googlecode.com/svn/branches/bleeding_edge@22431 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2014-07-16 12:18:33 +00:00
|
|
|
source, script_name, 0, 0, false, top_context, extension, NULL,
|
|
|
|
ScriptCompiler::kNoCompileOptions,
|
2010-03-23 06:04:44 +00:00
|
|
|
use_runtime_context ? NATIVES_CODE : NOT_NATIVES_CODE);
|
|
|
|
if (function_info.is_null()) return false;
|
2010-03-23 11:40:38 +00:00
|
|
|
if (cache != NULL) cache->Add(name, function_info);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2012-01-13 13:09:52 +00:00
|
|
|
// Set up the function context. Conceptually, we should clone the
|
2008-07-03 15:10:15 +00:00
|
|
|
// function before overwriting the context but since we're in a
|
|
|
|
// single-threaded environment it is not strictly necessary.
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(top_context->IsNativeContext());
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Context> context =
|
|
|
|
Handle<Context>(use_runtime_context
|
2010-03-23 11:40:38 +00:00
|
|
|
? Handle<Context>(top_context->runtime_context())
|
|
|
|
: top_context);
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSFunction> fun =
|
2011-03-28 13:09:37 +00:00
|
|
|
factory->NewFunctionFromSharedFunctionInfo(function_info, context);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2010-01-28 10:46:58 +00:00
|
|
|
// Call function using either the runtime object or the global
|
2008-07-03 15:10:15 +00:00
|
|
|
// object as the receiver. Provide no parameters.
|
|
|
|
Handle<Object> receiver =
|
|
|
|
Handle<Object>(use_runtime_context
|
2010-03-23 11:40:38 +00:00
|
|
|
? top_context->builtins()
|
2013-02-25 14:46:09 +00:00
|
|
|
: top_context->global_object(),
|
|
|
|
isolate);
|
2014-04-11 10:41:09 +00:00
|
|
|
return !Execution::Call(
|
|
|
|
isolate, fun, receiver, 0, NULL).is_null();
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-07-30 13:54:45 +00:00
|
|
|
static Handle<JSObject> ResolveBuiltinIdHolder(Handle<Context> native_context,
|
|
|
|
const char* holder_expr) {
|
|
|
|
Isolate* isolate = native_context->GetIsolate();
|
|
|
|
Factory* factory = isolate->factory();
|
|
|
|
Handle<GlobalObject> global(native_context->global_object());
|
|
|
|
const char* period_pos = strchr(holder_expr, '.');
|
|
|
|
if (period_pos == NULL) {
|
|
|
|
return Handle<JSObject>::cast(
|
|
|
|
Object::GetPropertyOrElement(
|
|
|
|
global, factory->InternalizeUtf8String(holder_expr))
|
|
|
|
.ToHandleChecked());
|
|
|
|
}
|
|
|
|
const char* inner = period_pos + 1;
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK_EQ(NULL, strchr(inner, '.'));
|
2014-07-30 13:54:45 +00:00
|
|
|
Vector<const char> property(holder_expr,
|
|
|
|
static_cast<int>(period_pos - holder_expr));
|
|
|
|
Handle<String> property_string = factory->InternalizeUtf8String(property);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!property_string.is_null());
|
2014-07-30 13:54:45 +00:00
|
|
|
Handle<JSObject> object = Handle<JSObject>::cast(
|
|
|
|
Object::GetProperty(global, property_string).ToHandleChecked());
|
|
|
|
if (strcmp("prototype", inner) == 0) {
|
|
|
|
Handle<JSFunction> function = Handle<JSFunction>::cast(object);
|
|
|
|
return Handle<JSObject>(JSObject::cast(function->prototype()));
|
|
|
|
}
|
|
|
|
Handle<String> inner_string = factory->InternalizeUtf8String(inner);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!inner_string.is_null());
|
2014-07-30 13:54:45 +00:00
|
|
|
Handle<Object> value =
|
|
|
|
Object::GetProperty(object, inner_string).ToHandleChecked();
|
|
|
|
return Handle<JSObject>::cast(value);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-04-09 12:21:47 +00:00
|
|
|
#define INSTALL_NATIVE(Type, name, var) \
|
|
|
|
Handle<String> var##_name = \
|
2014-04-11 12:47:34 +00:00
|
|
|
factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR(name)); \
|
|
|
|
Handle<Object> var##_native = Object::GetProperty( \
|
|
|
|
handle(native_context()->builtins()), var##_name).ToHandleChecked(); \
|
2014-04-09 12:21:47 +00:00
|
|
|
native_context()->set_##var(Type::cast(*var##_native));
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-07-30 13:54:45 +00:00
|
|
|
#define INSTALL_NATIVE_MATH(name) \
|
|
|
|
{ \
|
|
|
|
Handle<Object> fun = \
|
|
|
|
ResolveBuiltinIdHolder(native_context(), "Math." #name); \
|
|
|
|
native_context()->set_math_##name##_fun(JSFunction::cast(*fun)); \
|
|
|
|
}
|
2011-03-18 20:35:07 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
void Genesis::InstallNativeFunctions() {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate());
|
2008-07-03 15:10:15 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "CreateDate", create_date_fun);
|
2014-05-06 14:48:34 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "ToNumber", to_number_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToString", to_string_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToDetailString", to_detail_string_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToObject", to_object_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToInteger", to_integer_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToUint32", to_uint32_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ToInt32", to_int32_fun);
|
2014-05-06 14:48:34 +00:00
|
|
|
|
2010-01-05 09:38:02 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "GlobalEval", global_eval_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "Instantiate", instantiate_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "ConfigureTemplateInstance",
|
|
|
|
configure_instance_fun);
|
|
|
|
INSTALL_NATIVE(JSFunction, "GetStackTraceLine", get_stack_trace_line_fun);
|
|
|
|
INSTALL_NATIVE(JSObject, "functionCache", function_cache);
|
2011-09-21 12:45:51 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "ToCompletePropertyDescriptor",
|
|
|
|
to_complete_property_descriptor);
|
2014-05-06 14:48:34 +00:00
|
|
|
|
|
|
|
INSTALL_NATIVE(JSFunction, "IsPromise", is_promise);
|
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseCreate", promise_create);
|
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseResolve", promise_resolve);
|
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseReject", promise_reject);
|
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseChain", promise_chain);
|
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseCatch", promise_catch);
|
2014-06-12 11:33:30 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "PromiseThen", promise_then);
|
2014-05-06 14:48:34 +00:00
|
|
|
|
2014-03-13 00:20:06 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "NotifyChange", observers_notify_change);
|
|
|
|
INSTALL_NATIVE(JSFunction, "EnqueueSpliceRecord", observers_enqueue_splice);
|
|
|
|
INSTALL_NATIVE(JSFunction, "BeginPerformSplice",
|
|
|
|
observers_begin_perform_splice);
|
|
|
|
INSTALL_NATIVE(JSFunction, "EndPerformSplice",
|
|
|
|
observers_end_perform_splice);
|
2014-05-02 16:13:10 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "NativeObjectObserve",
|
|
|
|
native_object_observe);
|
|
|
|
INSTALL_NATIVE(JSFunction, "NativeObjectGetNotifier",
|
|
|
|
native_object_get_notifier);
|
|
|
|
INSTALL_NATIVE(JSFunction, "NativeObjectNotifierPerformChange",
|
|
|
|
native_object_notifier_perform_change);
|
2014-08-04 18:17:54 +00:00
|
|
|
INSTALL_NATIVE(Symbol, "symbolIterator", iterator_symbol);
|
2014-07-30 13:54:45 +00:00
|
|
|
|
|
|
|
INSTALL_NATIVE_MATH(abs)
|
|
|
|
INSTALL_NATIVE_MATH(acos)
|
|
|
|
INSTALL_NATIVE_MATH(asin)
|
|
|
|
INSTALL_NATIVE_MATH(atan)
|
|
|
|
INSTALL_NATIVE_MATH(atan2)
|
|
|
|
INSTALL_NATIVE_MATH(ceil)
|
|
|
|
INSTALL_NATIVE_MATH(cos)
|
|
|
|
INSTALL_NATIVE_MATH(exp)
|
|
|
|
INSTALL_NATIVE_MATH(floor)
|
|
|
|
INSTALL_NATIVE_MATH(imul)
|
|
|
|
INSTALL_NATIVE_MATH(log)
|
|
|
|
INSTALL_NATIVE_MATH(max)
|
|
|
|
INSTALL_NATIVE_MATH(min)
|
|
|
|
INSTALL_NATIVE_MATH(pow)
|
|
|
|
INSTALL_NATIVE_MATH(random)
|
|
|
|
INSTALL_NATIVE_MATH(round)
|
|
|
|
INSTALL_NATIVE_MATH(sin)
|
|
|
|
INSTALL_NATIVE_MATH(sqrt)
|
|
|
|
INSTALL_NATIVE_MATH(tan)
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2013-07-05 09:52:11 +00:00
|
|
|
|
2011-05-18 14:00:34 +00:00
|
|
|
void Genesis::InstallExperimentalNativeFunctions() {
|
|
|
|
if (FLAG_harmony_proxies) {
|
2011-07-19 09:38:59 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "DerivedHasTrap", derived_has_trap);
|
2011-05-18 14:00:34 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "DerivedGetTrap", derived_get_trap);
|
Implement set trap for proxies, and revamp class hierarchy in preparation:
- Introduce a class JSReceiver, that is a common superclass of JSObject and
JSProxy. Use JSReceiver where appropriate (probably lots of places that we
still have to migrate, but we will find those later with proxy test suite).
- Move appropriate methods to JSReceiver class (SetProperty,
GetPropertyAttribute, Get/SetPrototype, Lookup, and so on).
- Introduce new JSFunctionProxy subclass of JSProxy. Currently only a stub.
- Overhaul enum InstanceType:
* Introduce FIRST/LAST_SPEC_OBJECT_TYPE that ranges over all types that
represent JS objects, and use that consistently to check language types.
* Rename FIRST/LAST_JS_OBJECT_TYPE and FIRST/LAST_FUNCTION_CLASS_TYPE
to FIRST/LAST_[NON]CALLABLE_SPEC_OBJECT_TYPE for clarity.
* Eliminate the overlap over JS_REGEXP_TYPE.
* Also replace FIRST_JS_OBJECT with FIRST_JS_RECEIVER, but only use it where
we exclusively talk about the internal representation type.
* Insert JS_PROXY and JS_FUNCTION_PROXY in the appropriate places.
- Fix all checks concerning classification, especially for functions, to
use the CALLABLE_SPEC_OBJECT range (that includes funciton proxies).
- Handle proxies in SetProperty (that was the easiest part :) ).
- A few simple test cases.
R=kmillikin@chromium.org
Review URL: http://codereview.chromium.org/6992072
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2011-05-31 16:38:40 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "DerivedSetTrap", derived_set_trap);
|
2011-10-24 15:56:18 +00:00
|
|
|
INSTALL_NATIVE(JSFunction, "ProxyEnumerate", proxy_enumerate);
|
2011-05-18 14:00:34 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
#undef INSTALL_NATIVE
|
|
|
|
|
|
|
|
|
2013-02-15 15:20:05 +00:00
|
|
|
Handle<JSFunction> Genesis::InstallInternalArray(
|
|
|
|
Handle<JSBuiltinsObject> builtins,
|
|
|
|
const char* name,
|
|
|
|
ElementsKind elements_kind) {
|
|
|
|
// --- I n t e r n a l A r r a y ---
|
|
|
|
// An array constructor on the builtins object that works like
|
|
|
|
// the public Array constructor, except that its prototype
|
|
|
|
// doesn't inherit from Object.prototype.
|
|
|
|
// To be used only for internal work by builtins. Instances
|
|
|
|
// must not be leaked to user code.
|
|
|
|
Handle<JSObject> prototype =
|
|
|
|
factory()->NewJSObject(isolate()->object_function(), TENURED);
|
2014-05-09 17:21:51 +00:00
|
|
|
Handle<JSFunction> array_function = InstallFunction(
|
|
|
|
builtins, name, JS_ARRAY_TYPE, JSArray::kSize,
|
|
|
|
prototype, Builtins::kInternalArrayCode);
|
2013-02-15 15:20:05 +00:00
|
|
|
|
2013-06-25 16:31:07 +00:00
|
|
|
InternalArrayConstructorStub internal_array_constructor_stub(isolate());
|
2014-04-24 12:07:40 +00:00
|
|
|
Handle<Code> code = internal_array_constructor_stub.GetCode();
|
2013-06-25 16:31:07 +00:00
|
|
|
array_function->shared()->set_construct_stub(*code);
|
2013-02-15 15:20:05 +00:00
|
|
|
array_function->shared()->DontAdaptArguments();
|
|
|
|
|
2013-05-29 15:38:09 +00:00
|
|
|
Handle<Map> original_map(array_function->initial_map());
|
2014-04-01 17:43:20 +00:00
|
|
|
Handle<Map> initial_map = Map::Copy(original_map);
|
2013-05-29 15:38:09 +00:00
|
|
|
initial_map->set_elements_kind(elements_kind);
|
|
|
|
array_function->set_initial_map(*initial_map);
|
2013-02-15 15:20:05 +00:00
|
|
|
|
|
|
|
// Make "length" magic on instances.
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(initial_map, 1);
|
2013-02-15 15:20:05 +00:00
|
|
|
|
|
|
|
PropertyAttributes attribs = static_cast<PropertyAttributes>(
|
|
|
|
DONT_ENUM | DONT_DELETE);
|
|
|
|
|
2014-04-28 14:59:29 +00:00
|
|
|
Handle<AccessorInfo> array_length =
|
|
|
|
Accessors::ArrayLengthInfo(isolate(), attribs);
|
2013-02-15 15:20:05 +00:00
|
|
|
{ // Add length.
|
|
|
|
CallbacksDescriptor d(
|
2014-04-28 14:59:29 +00:00
|
|
|
Handle<Name>(Name::cast(array_length->name())), array_length, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
array_function->initial_map()->AppendDescriptor(&d);
|
2013-02-15 15:20:05 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return array_function;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
bool Genesis::InstallNatives() {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Create a function for the builtins object. Allocate space for the
|
|
|
|
// JavaScript builtins, a reference to the builtins object
|
2012-08-17 09:03:08 +00:00
|
|
|
// (itself) and a reference to the native_context directly in the object.
|
2011-03-18 20:35:07 +00:00
|
|
|
Handle<Code> code = Handle<Code>(
|
2011-04-14 08:01:19 +00:00
|
|
|
isolate()->builtins()->builtin(Builtins::kIllegal));
|
2014-05-09 16:42:57 +00:00
|
|
|
Handle<JSFunction> builtins_fun = factory()->NewFunction(
|
2014-05-09 17:39:54 +00:00
|
|
|
factory()->empty_string(), code, JS_BUILTINS_OBJECT_TYPE,
|
|
|
|
JSBuiltinsObject::kSize);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-12-17 15:56:16 +00:00
|
|
|
Handle<String> name =
|
2013-02-28 17:03:34 +00:00
|
|
|
factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR("builtins"));
|
2008-07-03 15:10:15 +00:00
|
|
|
builtins_fun->shared()->set_instance_class_name(*name);
|
2012-08-06 14:25:19 +00:00
|
|
|
builtins_fun->initial_map()->set_dictionary_map(true);
|
2012-08-13 15:34:49 +00:00
|
|
|
builtins_fun->initial_map()->set_prototype(heap()->null_value());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Allocate the builtins object.
|
|
|
|
Handle<JSBuiltinsObject> builtins =
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<JSBuiltinsObject>::cast(factory()->NewGlobalObject(builtins_fun));
|
2008-07-03 15:10:15 +00:00
|
|
|
builtins->set_builtins(*builtins);
|
2012-08-17 09:03:08 +00:00
|
|
|
builtins->set_native_context(*native_context());
|
2012-08-28 11:25:08 +00:00
|
|
|
builtins->set_global_context(*native_context());
|
2014-07-01 12:12:34 +00:00
|
|
|
builtins->set_global_proxy(native_context()->global_proxy());
|
2014-01-07 10:46:39 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-01-13 13:09:52 +00:00
|
|
|
// Set up the 'global' properties of the builtins object. The
|
2008-07-03 15:10:15 +00:00
|
|
|
// 'global' property that refers to the global object is the only
|
|
|
|
// way to get from code running in the builtins context to the
|
|
|
|
// global object.
|
|
|
|
static const PropertyAttributes attributes =
|
|
|
|
static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE);
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> global_string =
|
|
|
|
factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR("global"));
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> global_obj(native_context()->global_object(), isolate());
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(builtins, global_string, global_obj, attributes);
|
2014-01-07 10:46:39 +00:00
|
|
|
Handle<String> builtins_string =
|
|
|
|
factory()->InternalizeOneByteString(STATIC_ASCII_VECTOR("builtins"));
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(builtins, builtins_string, builtins, attributes);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-01-13 13:09:52 +00:00
|
|
|
// Set up the reference from the global object to the builtins object.
|
2012-08-17 12:59:00 +00:00
|
|
|
JSGlobalObject::cast(native_context()->global_object())->
|
|
|
|
set_builtins(*builtins);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
// Create a bridge function that has context in the native context.
|
2014-05-09 16:39:33 +00:00
|
|
|
Handle<JSFunction> bridge = factory()->NewFunction(factory()->empty_string());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(bridge->context() == *isolate()->native_context());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Allocate the builtins context.
|
|
|
|
Handle<Context> context =
|
2011-04-14 08:01:19 +00:00
|
|
|
factory()->NewFunctionContext(Context::MIN_CONTEXT_SLOTS, bridge);
|
2012-08-17 12:59:00 +00:00
|
|
|
context->set_global_object(*builtins); // override builtins global object
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_runtime_context(*context);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
{ // -- S c r i p t
|
|
|
|
// Builtin functions for Script.
|
2014-05-09 16:34:58 +00:00
|
|
|
Handle<JSFunction> script_fun = InstallFunction(
|
|
|
|
builtins, "Script", JS_VALUE_TYPE, JSValue::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate()->initial_object_prototype(), Builtins::kIllegal);
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> prototype =
|
2011-04-14 08:01:19 +00:00
|
|
|
factory()->NewJSObject(isolate()->object_function(), TENURED);
|
2013-08-16 21:27:11 +00:00
|
|
|
Accessors::FunctionSetPrototype(script_fun, prototype);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_script_function(*script_fun);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2012-07-18 15:38:58 +00:00
|
|
|
Handle<Map> script_map = Handle<Map>(script_fun->initial_map());
|
2014-07-02 07:01:31 +00:00
|
|
|
Map::EnsureDescriptorSlack(script_map, 14);
|
2012-07-23 16:18:25 +00:00
|
|
|
|
|
|
|
PropertyAttributes attribs =
|
|
|
|
static_cast<PropertyAttributes>(DONT_ENUM | DONT_DELETE | READ_ONLY);
|
2012-07-18 14:00:58 +00:00
|
|
|
|
2014-04-16 11:57:23 +00:00
|
|
|
Handle<AccessorInfo> script_column =
|
|
|
|
Accessors::ScriptColumnOffsetInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 11:57:23 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_column->name())),
|
|
|
|
script_column, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 11:57:23 +00:00
|
|
|
Handle<AccessorInfo> script_id =
|
|
|
|
Accessors::ScriptIdInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 11:57:23 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_id->name())),
|
|
|
|
script_id, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 11:57:23 +00:00
|
|
|
|
|
|
|
Handle<AccessorInfo> script_name =
|
|
|
|
Accessors::ScriptNameInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 11:57:23 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_name->name())),
|
|
|
|
script_name, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 11:57:23 +00:00
|
|
|
Handle<AccessorInfo> script_line =
|
|
|
|
Accessors::ScriptLineOffsetInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 11:57:23 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_line->name())),
|
|
|
|
script_line, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 11:57:23 +00:00
|
|
|
Handle<AccessorInfo> script_source =
|
|
|
|
Accessors::ScriptSourceInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 11:57:23 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_source->name())),
|
|
|
|
script_source, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_type =
|
|
|
|
Accessors::ScriptTypeInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 14:30:58 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_type->name())),
|
|
|
|
script_type, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_compilation_type =
|
|
|
|
Accessors::ScriptCompilationTypeInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<Name>(Name::cast(script_compilation_type->name())),
|
|
|
|
script_compilation_type, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_line_ends =
|
|
|
|
Accessors::ScriptLineEndsInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
2014-04-16 14:30:58 +00:00
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_line_ends->name())),
|
|
|
|
script_line_ends, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_context_data =
|
|
|
|
Accessors::ScriptContextDataInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<Name>(Name::cast(script_context_data->name())),
|
|
|
|
script_context_data, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_eval_from_script =
|
|
|
|
Accessors::ScriptEvalFromScriptInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<Name>(Name::cast(script_eval_from_script->name())),
|
|
|
|
script_eval_from_script, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_eval_from_script_position =
|
|
|
|
Accessors::ScriptEvalFromScriptPositionInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<Name>(Name::cast(script_eval_from_script_position->name())),
|
|
|
|
script_eval_from_script_position, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<AccessorInfo> script_eval_from_function_name =
|
|
|
|
Accessors::ScriptEvalFromFunctionNameInfo(isolate(), attribs);
|
2012-07-18 14:00:58 +00:00
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
2014-04-16 14:30:58 +00:00
|
|
|
Handle<Name>(Name::cast(script_eval_from_function_name->name())),
|
|
|
|
script_eval_from_function_name, attribs);
|
2014-04-11 12:13:53 +00:00
|
|
|
script_map->AppendDescriptor(&d);
|
2012-07-18 14:00:58 +00:00
|
|
|
}
|
|
|
|
|
2014-07-02 07:01:31 +00:00
|
|
|
Handle<AccessorInfo> script_source_url =
|
|
|
|
Accessors::ScriptSourceUrlInfo(isolate(), attribs);
|
|
|
|
{
|
|
|
|
CallbacksDescriptor d(Handle<Name>(Name::cast(script_source_url->name())),
|
|
|
|
script_source_url, attribs);
|
|
|
|
script_map->AppendDescriptor(&d);
|
|
|
|
}
|
|
|
|
|
|
|
|
Handle<AccessorInfo> script_source_mapping_url =
|
|
|
|
Accessors::ScriptSourceMappingUrlInfo(isolate(), attribs);
|
|
|
|
{
|
|
|
|
CallbacksDescriptor d(
|
|
|
|
Handle<Name>(Name::cast(script_source_mapping_url->name())),
|
|
|
|
script_source_mapping_url, attribs);
|
|
|
|
script_map->AppendDescriptor(&d);
|
|
|
|
}
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Allocate the empty script.
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<Script> script = factory()->NewScript(factory()->empty_string());
|
2009-06-08 10:47:49 +00:00
|
|
|
script->set_type(Smi::FromInt(Script::TYPE_NATIVE));
|
2011-04-14 08:01:19 +00:00
|
|
|
heap()->public_set_empty_script(*script);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2010-02-24 19:59:09 +00:00
|
|
|
{
|
|
|
|
// Builtin function for OpaqueReference -- a JSValue-based object,
|
|
|
|
// that keeps its field isolated from JavaScript code. It may store
|
|
|
|
// objects, that JavaScript code may not access.
|
2014-05-09 16:34:58 +00:00
|
|
|
Handle<JSFunction> opaque_reference_fun = InstallFunction(
|
|
|
|
builtins, "OpaqueReference", JS_VALUE_TYPE, JSValue::kSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
isolate()->initial_object_prototype(), Builtins::kIllegal);
|
2010-02-24 19:59:09 +00:00
|
|
|
Handle<JSObject> prototype =
|
2011-04-14 08:01:19 +00:00
|
|
|
factory()->NewJSObject(isolate()->object_function(), TENURED);
|
2013-08-16 21:27:11 +00:00
|
|
|
Accessors::FunctionSetPrototype(opaque_reference_fun, prototype);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_opaque_reference_function(*opaque_reference_fun);
|
2010-02-24 19:59:09 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2013-02-15 15:20:05 +00:00
|
|
|
// InternalArrays should not use Smi-Only array optimizations. There are too
|
|
|
|
// many places in the C++ runtime code (e.g. RegEx) that assume that
|
|
|
|
// elements in InternalArrays can be set to non-Smi values without going
|
|
|
|
// through a common bottleneck that would make the SMI_ONLY -> FAST_ELEMENT
|
|
|
|
// transition easy to trap. Moreover, they rarely are smi-only.
|
|
|
|
{
|
|
|
|
Handle<JSFunction> array_function =
|
|
|
|
InstallInternalArray(builtins, "InternalArray", FAST_HOLEY_ELEMENTS);
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_internal_array_function(*array_function);
|
2011-03-03 11:49:03 +00:00
|
|
|
}
|
|
|
|
|
2013-02-15 15:20:05 +00:00
|
|
|
{
|
2013-05-29 15:38:09 +00:00
|
|
|
InstallInternalArray(builtins, "InternalPackedArray", FAST_ELEMENTS);
|
2013-02-15 15:20:05 +00:00
|
|
|
}
|
|
|
|
|
2010-03-23 15:04:45 +00:00
|
|
|
if (FLAG_disable_native_files) {
|
|
|
|
PrintF("Warning: Running without installed natives!\n");
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2010-03-23 11:40:38 +00:00
|
|
|
// Install natives.
|
|
|
|
for (int i = Natives::GetDebuggerCount();
|
|
|
|
i < Natives::GetBuiltinsCount();
|
|
|
|
i++) {
|
2011-04-14 08:01:19 +00:00
|
|
|
if (!CompileBuiltin(isolate(), i)) return false;
|
2010-03-23 11:40:38 +00:00
|
|
|
// TODO(ager): We really only need to install the JS builtin
|
|
|
|
// functions on the builtins object after compiling and running
|
|
|
|
// runtime.js.
|
|
|
|
if (!InstallJSBuiltins(builtins)) return false;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
InstallNativeFunctions();
|
|
|
|
|
2010-08-12 13:43:08 +00:00
|
|
|
// Store the map for the string prototype after the natives has been compiled
|
2012-01-13 13:09:52 +00:00
|
|
|
// and the String function has been set up.
|
2012-08-17 09:03:08 +00:00
|
|
|
Handle<JSFunction> string_function(native_context()->string_function());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(JSObject::cast(
|
2010-08-12 13:43:08 +00:00
|
|
|
string_function->initial_map()->prototype())->HasFastProperties());
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_string_function_prototype_map(
|
2010-08-12 13:43:08 +00:00
|
|
|
HeapObject::cast(string_function->initial_map()->prototype())->map());
|
|
|
|
|
2008-09-15 15:02:38 +00:00
|
|
|
// Install Function.prototype.call and apply.
|
2013-02-28 17:03:34 +00:00
|
|
|
{ Handle<String> key = factory()->function_class_string();
|
2008-09-15 15:02:38 +00:00
|
|
|
Handle<JSFunction> function =
|
2014-03-28 09:49:27 +00:00
|
|
|
Handle<JSFunction>::cast(Object::GetProperty(
|
2014-07-01 12:12:34 +00:00
|
|
|
handle(native_context()->global_object()), key).ToHandleChecked());
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSObject> proto =
|
|
|
|
Handle<JSObject>(JSObject::cast(function->instance_prototype()));
|
2008-09-15 15:02:38 +00:00
|
|
|
|
|
|
|
// Install the call and the apply functions.
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSFunction> call =
|
2008-09-15 15:02:38 +00:00
|
|
|
InstallFunction(proto, "call", JS_OBJECT_TYPE, JSObject::kHeaderSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
MaybeHandle<JSObject>(), Builtins::kFunctionCall);
|
2008-09-15 15:02:38 +00:00
|
|
|
Handle<JSFunction> apply =
|
|
|
|
InstallFunction(proto, "apply", JS_OBJECT_TYPE, JSObject::kHeaderSize,
|
2014-05-09 17:21:51 +00:00
|
|
|
MaybeHandle<JSObject>(), Builtins::kFunctionApply);
|
2014-07-21 11:19:56 +00:00
|
|
|
if (FLAG_vector_ics) {
|
|
|
|
// Apply embeds an IC, so we need a type vector of size 1 in the shared
|
|
|
|
// function info.
|
|
|
|
Handle<FixedArray> feedback_vector = factory()->NewTypeFeedbackVector(1);
|
|
|
|
apply->shared()->set_feedback_vector(*feedback_vector);
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Make sure that Function.prototype.call appears to be compiled.
|
|
|
|
// The code will never be called, but inline caching for call will
|
|
|
|
// only work if it appears to be compiled.
|
2008-09-15 15:02:38 +00:00
|
|
|
call->shared()->DontAdaptArguments();
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(call->is_compiled());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-01-15 19:08:34 +00:00
|
|
|
// Set the expected parameters for apply to 2; required by builtin.
|
2008-09-15 15:02:38 +00:00
|
|
|
apply->shared()->set_formal_parameter_count(2);
|
|
|
|
|
|
|
|
// Set the lengths for the functions to satisfy ECMA-262.
|
|
|
|
call->shared()->set_length(1);
|
|
|
|
apply->shared()->set_length(2);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2011-08-10 16:05:17 +00:00
|
|
|
InstallBuiltinFunctionIds();
|
|
|
|
|
2010-04-13 09:31:03 +00:00
|
|
|
// Create a constructor for RegExp results (a variant of Array that
|
|
|
|
// predefines the two properties index and match).
|
|
|
|
{
|
|
|
|
// RegExpResult initial map.
|
|
|
|
|
|
|
|
// Find global.Array.prototype to inherit from.
|
2012-08-17 09:03:08 +00:00
|
|
|
Handle<JSFunction> array_constructor(native_context()->array_function());
|
2010-04-13 09:31:03 +00:00
|
|
|
Handle<JSObject> array_prototype(
|
|
|
|
JSObject::cast(array_constructor->instance_prototype()));
|
|
|
|
|
|
|
|
// Add initial map.
|
|
|
|
Handle<Map> initial_map =
|
2013-02-18 10:25:21 +00:00
|
|
|
factory()->NewMap(JS_ARRAY_TYPE, JSRegExpResult::kSize);
|
2010-04-13 09:31:03 +00:00
|
|
|
initial_map->set_constructor(*array_constructor);
|
|
|
|
|
|
|
|
// Set prototype on map.
|
|
|
|
initial_map->set_non_instance_prototype(false);
|
|
|
|
initial_map->set_prototype(*array_prototype);
|
|
|
|
|
|
|
|
// Update map with length accessor from Array and add "index" and "input".
|
2014-04-11 12:13:53 +00:00
|
|
|
Map::EnsureDescriptorSlack(initial_map, 3);
|
2011-10-21 10:32:38 +00:00
|
|
|
|
2012-07-19 10:01:52 +00:00
|
|
|
{
|
2012-08-17 09:03:08 +00:00
|
|
|
JSFunction* array_function = native_context()->array_function();
|
2012-07-19 10:01:52 +00:00
|
|
|
Handle<DescriptorArray> array_descriptors(
|
|
|
|
array_function->initial_map()->instance_descriptors());
|
2014-04-09 14:26:32 +00:00
|
|
|
Handle<String> length = factory()->length_string();
|
Sharing of descriptor arrays.
This CL adds multiple things:
Transition arrays do not directly point at their descriptor array anymore, but rather do so via an indirect pointer (a JSGlobalPropertyCell).
An ownership bit is added to maps indicating whether it owns its own descriptor array or not.
Maps owning a descriptor array can pass on ownership if a transition from that map is generated; but only if the descriptor array stays exactly the same; or if a descriptor is added.
Maps that don't have ownership get ownership back if their direct child to which ownership was passed is cleared in ClearNonLiveTransitions.
To detect which descriptors in an array are valid, each map knows its own NumberOfOwnDescriptors. Since the descriptors are sorted in order of addition, if we search and find a descriptor with index bigger than this number, it is not valid for the given map.
We currently still build up an enumeration cache (although this may disappear). The enumeration cache is always built for the entire descriptor array, even if not all descriptors are owned by the map. Once a descriptor array has an enumeration cache for a given map; this invariant will always be true, even if the descriptor array was extended. The extended array will inherit the enumeration cache from the smaller descriptor array. If a map with more descriptors needs an enumeration cache, it's EnumLength will still be set to invalid, so it will have to recompute the enumeration cache. This new cache will also be valid for smaller maps since they have their own enumlength; and use this to loop over the cache. If the EnumLength is still invalid, but there is already a cache present that is big enough; we just initialize the EnumLength field for the map.
When we apply ClearNonLiveTransitions and descriptor ownership is passed back to a parent map, the descriptor array is trimmed in-place and resorted. At the same time, the enumeration cache is trimmed in-place.
Only transition arrays contain descriptor arrays. If we transition to a map and pass ownership of the descriptor array along, the child map will not store the descriptor array it owns. Rather its parent will keep the pointer. So for every leaf-map, we find the descriptor array by following the back pointer, reading out the transition array, and fetching the descriptor array from the JSGlobalPropertyCell. If a map has a transition array, we fetch it from there. If a map has undefined as its back-pointer and has no transition array; it is considered to have an empty descriptor array.
When we modify properties, we cannot share the descriptor array. To accommodate this, the child map will get its own transition array; even if there are not necessarily any transitions leaving from the child map. This is necessary since it's the only way to store its own descriptor array.
Review URL: https://chromiumcodereview.appspot.com/10909007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@12492 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2012-09-12 16:43:57 +00:00
|
|
|
int old = array_descriptors->SearchWithCache(
|
2014-04-09 14:26:32 +00:00
|
|
|
*length, array_function->initial_map());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(old != DescriptorArray::kNotFound);
|
2012-07-19 10:01:52 +00:00
|
|
|
CallbacksDescriptor desc(length,
|
2014-04-09 14:26:32 +00:00
|
|
|
handle(array_descriptors->GetValue(old),
|
|
|
|
isolate()),
|
2012-07-19 10:01:52 +00:00
|
|
|
array_descriptors->GetDetails(old).attributes());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&desc);
|
2012-07-19 10:01:52 +00:00
|
|
|
}
|
2010-04-13 09:31:03 +00:00
|
|
|
{
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor index_field(factory()->index_string(),
|
2010-04-13 09:31:03 +00:00
|
|
|
JSRegExpResult::kIndexIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
NONE,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&index_field);
|
2010-04-13 09:31:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
{
|
2014-04-09 14:26:32 +00:00
|
|
|
FieldDescriptor input_field(factory()->input_string(),
|
2010-04-13 09:31:03 +00:00
|
|
|
JSRegExpResult::kInputIndex,
|
2013-04-26 15:30:41 +00:00
|
|
|
NONE,
|
|
|
|
Representation::Tagged());
|
2014-04-11 12:13:53 +00:00
|
|
|
initial_map->AppendDescriptor(&input_field);
|
2010-04-13 09:31:03 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
initial_map->set_inobject_properties(2);
|
|
|
|
initial_map->set_pre_allocated_property_fields(2);
|
|
|
|
initial_map->set_unused_property_fields(0);
|
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_regexp_result_map(*initial_map);
|
2010-04-13 09:31:03 +00:00
|
|
|
}
|
|
|
|
|
2012-10-15 06:34:22 +00:00
|
|
|
#ifdef VERIFY_HEAP
|
2014-04-01 08:57:48 +00:00
|
|
|
builtins->ObjectVerify();
|
2008-07-03 15:10:15 +00:00
|
|
|
#endif
|
2010-03-23 11:40:38 +00:00
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-11-27 17:21:40 +00:00
|
|
|
#define INSTALL_EXPERIMENTAL_NATIVE(i, flag, file) \
|
|
|
|
if (FLAG_harmony_##flag && \
|
|
|
|
strcmp(ExperimentalNatives::GetScriptName(i).start(), \
|
|
|
|
"native " file) == 0) { \
|
|
|
|
if (!CompileExperimentalBuiltin(isolate(), i)) return false; \
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-04-15 12:31:03 +00:00
|
|
|
bool Genesis::InstallExperimentalNatives() {
|
2011-05-13 10:58:25 +00:00
|
|
|
for (int i = ExperimentalNatives::GetDebuggerCount();
|
|
|
|
i < ExperimentalNatives::GetBuiltinsCount();
|
|
|
|
i++) {
|
2013-11-27 17:21:40 +00:00
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, proxies, "proxy.js")
|
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, collections, "collection.js")
|
2014-06-03 00:34:01 +00:00
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, collections, "collection-iterator.js")
|
2013-11-27 17:21:40 +00:00
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, generators, "generator.js")
|
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, iteration, "array-iterator.js")
|
2014-06-25 07:43:14 +00:00
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, iteration, "string-iterator.js")
|
2013-11-27 17:21:40 +00:00
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, strings, "harmony-string.js")
|
|
|
|
INSTALL_EXPERIMENTAL_NATIVE(i, arrays, "harmony-array.js")
|
2011-04-15 12:31:03 +00:00
|
|
|
}
|
2011-05-18 14:00:34 +00:00
|
|
|
|
|
|
|
InstallExperimentalNativeFunctions();
|
2011-04-15 12:31:03 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-14 18:53:48 +00:00
|
|
|
static void InstallBuiltinFunctionId(Handle<JSObject> holder,
|
|
|
|
const char* function_name,
|
|
|
|
BuiltinFunctionId id) {
|
2014-04-16 13:28:11 +00:00
|
|
|
Isolate* isolate = holder->GetIsolate();
|
2014-04-11 12:47:34 +00:00
|
|
|
Handle<Object> function_object =
|
2014-04-16 13:28:11 +00:00
|
|
|
Object::GetProperty(isolate, holder, function_name).ToHandleChecked();
|
2014-04-09 12:21:47 +00:00
|
|
|
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
|
2010-05-06 13:21:53 +00:00
|
|
|
function->shared()->set_function_data(Smi::FromInt(id));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-14 18:53:48 +00:00
|
|
|
void Genesis::InstallBuiltinFunctionIds() {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate());
|
2010-12-14 18:53:48 +00:00
|
|
|
#define INSTALL_BUILTIN_ID(holder_expr, fun_name, name) \
|
|
|
|
{ \
|
|
|
|
Handle<JSObject> holder = ResolveBuiltinIdHolder( \
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context(), #holder_expr); \
|
2010-12-14 18:53:48 +00:00
|
|
|
BuiltinFunctionId id = k##name; \
|
|
|
|
InstallBuiltinFunctionId(holder, #fun_name, id); \
|
2010-05-06 13:21:53 +00:00
|
|
|
}
|
2010-12-14 18:53:48 +00:00
|
|
|
FUNCTIONS_WITH_ID_LIST(INSTALL_BUILTIN_ID)
|
|
|
|
#undef INSTALL_BUILTIN_ID
|
2010-05-06 13:21:53 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-04-14 14:46:15 +00:00
|
|
|
// Do not forget to update macros.py with named constant
|
|
|
|
// of cache id.
|
|
|
|
#define JSFUNCTION_RESULT_CACHE_LIST(F) \
|
2012-08-17 09:03:08 +00:00
|
|
|
F(16, native_context()->regexp_function())
|
2010-04-14 14:46:15 +00:00
|
|
|
|
|
|
|
|
2011-05-16 09:06:16 +00:00
|
|
|
static FixedArray* CreateCache(int size, Handle<JSFunction> factory_function) {
|
2011-04-14 08:01:19 +00:00
|
|
|
Factory* factory = factory_function->GetIsolate()->factory();
|
2010-04-14 14:46:15 +00:00
|
|
|
// Caches are supposed to live for a long time, allocate in old space.
|
|
|
|
int array_size = JSFunctionResultCache::kEntriesIndex + 2 * size;
|
2010-05-04 16:42:11 +00:00
|
|
|
// Cannot use cast as object is not fully initialized yet.
|
|
|
|
JSFunctionResultCache* cache = reinterpret_cast<JSFunctionResultCache*>(
|
2011-04-14 08:01:19 +00:00
|
|
|
*factory->NewFixedArrayWithHoles(array_size, TENURED));
|
2011-05-16 09:06:16 +00:00
|
|
|
cache->set(JSFunctionResultCache::kFactoryIndex, *factory_function);
|
2010-05-04 16:42:11 +00:00
|
|
|
cache->MakeZeroSize();
|
|
|
|
return cache;
|
2010-04-14 14:46:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::InstallJSFunctionResultCaches() {
|
|
|
|
const int kNumberOfCaches = 0 +
|
|
|
|
#define F(size, func) + 1
|
|
|
|
JSFUNCTION_RESULT_CACHE_LIST(F)
|
|
|
|
#undef F
|
|
|
|
;
|
|
|
|
|
2013-06-04 10:30:05 +00:00
|
|
|
Handle<FixedArray> caches =
|
|
|
|
factory()->NewFixedArray(kNumberOfCaches, TENURED);
|
2010-04-14 14:46:15 +00:00
|
|
|
|
|
|
|
int index = 0;
|
2010-09-23 08:27:51 +00:00
|
|
|
|
2011-05-16 09:06:16 +00:00
|
|
|
#define F(size, func) do { \
|
|
|
|
FixedArray* cache = CreateCache((size), Handle<JSFunction>(func)); \
|
|
|
|
caches->set(index++, cache); \
|
2010-09-23 08:27:51 +00:00
|
|
|
} while (false)
|
|
|
|
|
|
|
|
JSFUNCTION_RESULT_CACHE_LIST(F);
|
|
|
|
|
2010-04-14 14:46:15 +00:00
|
|
|
#undef F
|
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
native_context()->set_jsfunction_result_caches(*caches);
|
2010-04-14 14:46:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-08-25 13:25:54 +00:00
|
|
|
void Genesis::InitializeNormalizedMapCaches() {
|
2014-05-02 13:03:39 +00:00
|
|
|
Handle<NormalizedMapCache> cache = NormalizedMapCache::New(isolate());
|
|
|
|
native_context()->set_normalized_map_cache(*cache);
|
2010-08-25 13:25:54 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
bool Bootstrapper::InstallExtensions(Handle<Context> native_context,
|
2010-03-23 11:40:38 +00:00
|
|
|
v8::ExtensionConfiguration* extensions) {
|
2013-02-15 09:27:10 +00:00
|
|
|
BootstrapperActive active(this);
|
|
|
|
SaveContext saved_context(isolate_);
|
|
|
|
isolate_->set_context(*native_context);
|
2014-01-16 13:18:28 +00:00
|
|
|
return Genesis::InstallExtensions(native_context, extensions) &&
|
|
|
|
Genesis::InstallSpecialObjects(native_context);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-01-16 13:18:28 +00:00
|
|
|
bool Genesis::InstallSpecialObjects(Handle<Context> native_context) {
|
2012-08-17 09:03:08 +00:00
|
|
|
Isolate* isolate = native_context->GetIsolate();
|
2014-07-07 13:27:37 +00:00
|
|
|
// Don't install extensions into the snapshot.
|
|
|
|
if (isolate->serializer_enabled()) return true;
|
|
|
|
|
2012-01-05 17:16:19 +00:00
|
|
|
Factory* factory = isolate->factory();
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate);
|
2012-08-17 12:59:00 +00:00
|
|
|
Handle<JSGlobalObject> global(JSGlobalObject::cast(
|
|
|
|
native_context->global_object()));
|
2014-07-07 13:27:37 +00:00
|
|
|
|
|
|
|
Handle<JSObject> Error = Handle<JSObject>::cast(
|
|
|
|
Object::GetProperty(isolate, global, "Error").ToHandleChecked());
|
|
|
|
Handle<String> name =
|
|
|
|
factory->InternalizeOneByteString(STATIC_ASCII_VECTOR("stackTraceLimit"));
|
|
|
|
Handle<Smi> stack_trace_limit(Smi::FromInt(FLAG_stack_trace_limit), isolate);
|
|
|
|
JSObject::AddProperty(Error, name, stack_trace_limit, NONE);
|
|
|
|
|
2008-08-14 13:41:48 +00:00
|
|
|
// Expose the natives in global if a name for it is specified.
|
|
|
|
if (FLAG_expose_natives_as != NULL && strlen(FLAG_expose_natives_as) != 0) {
|
2013-02-28 17:03:34 +00:00
|
|
|
Handle<String> natives =
|
|
|
|
factory->InternalizeUtf8String(FLAG_expose_natives_as);
|
2014-07-07 13:27:37 +00:00
|
|
|
JSObject::AddProperty(global, natives, handle(global->builtins()),
|
|
|
|
DONT_ENUM);
|
2009-06-30 11:08:37 +00:00
|
|
|
}
|
|
|
|
|
2014-07-02 14:18:10 +00:00
|
|
|
// Expose the stack trace symbol to native JS.
|
2014-07-07 13:12:29 +00:00
|
|
|
RETURN_ON_EXCEPTION_VALUE(
|
|
|
|
isolate,
|
|
|
|
JSObject::SetOwnPropertyIgnoreAttributes(
|
|
|
|
handle(native_context->builtins(), isolate),
|
|
|
|
factory->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("stack_trace_symbol")),
|
|
|
|
factory->stack_trace_symbol(),
|
|
|
|
NONE),
|
|
|
|
false);
|
2014-07-02 14:18:10 +00:00
|
|
|
|
2008-08-14 13:41:48 +00:00
|
|
|
// Expose the debug global object in global if a name for it is specified.
|
|
|
|
if (FLAG_expose_debug_as != NULL && strlen(FLAG_expose_debug_as) != 0) {
|
|
|
|
// If loading fails we just bail out without installing the
|
|
|
|
// debugger but without tanking the whole context.
|
2014-05-20 08:52:42 +00:00
|
|
|
Debug* debug = isolate->debug();
|
2014-01-16 13:18:28 +00:00
|
|
|
if (!debug->Load()) return true;
|
2014-05-20 08:52:42 +00:00
|
|
|
Handle<Context> debug_context = debug->debug_context();
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
// Set the security token for the debugger context to the same as
|
2012-08-17 09:03:08 +00:00
|
|
|
// the shell native context to allow calling between these (otherwise
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
// exposing debug global object doesn't make much sense).
|
2014-05-20 08:52:42 +00:00
|
|
|
debug_context->set_security_token(native_context->security_token());
|
2008-08-14 13:41:48 +00:00
|
|
|
Handle<String> debug_string =
|
2013-02-28 17:03:34 +00:00
|
|
|
factory->InternalizeUtf8String(FLAG_expose_debug_as);
|
2014-05-20 08:52:42 +00:00
|
|
|
Handle<Object> global_proxy(debug_context->global_proxy(), isolate);
|
2014-07-07 13:27:37 +00:00
|
|
|
JSObject::AddProperty(global, debug_string, global_proxy, DONT_ENUM);
|
2008-08-14 13:41:48 +00:00
|
|
|
}
|
2014-01-16 13:18:28 +00:00
|
|
|
return true;
|
2008-08-14 13:41:48 +00:00
|
|
|
}
|
|
|
|
|
2013-07-05 09:52:11 +00:00
|
|
|
|
2011-11-15 22:48:55 +00:00
|
|
|
static uint32_t Hash(RegisteredExtension* extension) {
|
|
|
|
return v8::internal::ComputePointerHash(extension);
|
|
|
|
}
|
|
|
|
|
2013-07-05 09:52:11 +00:00
|
|
|
|
2014-04-15 14:48:21 +00:00
|
|
|
Genesis::ExtensionStates::ExtensionStates() : map_(HashMap::PointersMatch, 8) {}
|
2011-11-15 22:48:55 +00:00
|
|
|
|
|
|
|
Genesis::ExtensionTraversalState Genesis::ExtensionStates::get_state(
|
|
|
|
RegisteredExtension* extension) {
|
|
|
|
i::HashMap::Entry* entry = map_.Lookup(extension, Hash(extension), false);
|
|
|
|
if (entry == NULL) {
|
|
|
|
return UNVISITED;
|
|
|
|
}
|
|
|
|
return static_cast<ExtensionTraversalState>(
|
|
|
|
reinterpret_cast<intptr_t>(entry->value));
|
|
|
|
}
|
|
|
|
|
|
|
|
void Genesis::ExtensionStates::set_state(RegisteredExtension* extension,
|
|
|
|
ExtensionTraversalState state) {
|
|
|
|
map_.Lookup(extension, Hash(extension), true)->value =
|
|
|
|
reinterpret_cast<void*>(static_cast<intptr_t>(state));
|
|
|
|
}
|
2008-08-14 13:41:48 +00:00
|
|
|
|
2014-01-16 13:18:28 +00:00
|
|
|
|
2012-08-17 09:03:08 +00:00
|
|
|
bool Genesis::InstallExtensions(Handle<Context> native_context,
|
2010-03-23 11:40:38 +00:00
|
|
|
v8::ExtensionConfiguration* extensions) {
|
2013-02-15 09:27:10 +00:00
|
|
|
Isolate* isolate = native_context->GetIsolate();
|
2011-11-15 23:26:22 +00:00
|
|
|
ExtensionStates extension_states; // All extensions have state UNVISITED.
|
2014-01-16 13:18:28 +00:00
|
|
|
return InstallAutoExtensions(isolate, &extension_states) &&
|
|
|
|
(!FLAG_expose_free_buffer ||
|
|
|
|
InstallExtension(isolate, "v8/free-buffer", &extension_states)) &&
|
|
|
|
(!FLAG_expose_gc ||
|
|
|
|
InstallExtension(isolate, "v8/gc", &extension_states)) &&
|
|
|
|
(!FLAG_expose_externalize_string ||
|
|
|
|
InstallExtension(isolate, "v8/externalize", &extension_states)) &&
|
|
|
|
(!FLAG_track_gc_object_stats ||
|
|
|
|
InstallExtension(isolate, "v8/statistics", &extension_states)) &&
|
|
|
|
(!FLAG_expose_trigger_failure ||
|
|
|
|
InstallExtension(isolate, "v8/trigger-failure", &extension_states)) &&
|
|
|
|
InstallRequestedExtensions(isolate, extensions, &extension_states);
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-01-16 13:18:28 +00:00
|
|
|
|
|
|
|
bool Genesis::InstallAutoExtensions(Isolate* isolate,
|
|
|
|
ExtensionStates* extension_states) {
|
|
|
|
for (v8::RegisteredExtension* it = v8::RegisteredExtension::first_extension();
|
|
|
|
it != NULL;
|
|
|
|
it = it->next()) {
|
|
|
|
if (it->extension()->auto_enable() &&
|
|
|
|
!InstallExtension(isolate, it, extension_states)) {
|
|
|
|
return false;
|
|
|
|
}
|
2013-12-05 17:26:22 +00:00
|
|
|
}
|
2014-01-16 13:18:28 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-01-16 13:18:28 +00:00
|
|
|
bool Genesis::InstallRequestedExtensions(Isolate* isolate,
|
|
|
|
v8::ExtensionConfiguration* extensions,
|
|
|
|
ExtensionStates* extension_states) {
|
2014-01-16 08:17:40 +00:00
|
|
|
for (const char** it = extensions->begin(); it != extensions->end(); ++it) {
|
2014-01-16 13:18:28 +00:00
|
|
|
if (!InstallExtension(isolate, *it, extension_states)) return false;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Installs a named extension. This methods is unoptimized and does
|
|
|
|
// not scale well if we want to support a large number of extensions.
|
2013-02-15 09:27:10 +00:00
|
|
|
bool Genesis::InstallExtension(Isolate* isolate,
|
|
|
|
const char* name,
|
2011-11-15 22:48:55 +00:00
|
|
|
ExtensionStates* extension_states) {
|
2014-01-16 13:18:28 +00:00
|
|
|
for (v8::RegisteredExtension* it = v8::RegisteredExtension::first_extension();
|
|
|
|
it != NULL;
|
|
|
|
it = it->next()) {
|
|
|
|
if (strcmp(name, it->extension()->name()) == 0) {
|
|
|
|
return InstallExtension(isolate, it, extension_states);
|
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2014-01-16 13:18:28 +00:00
|
|
|
return Utils::ApiCheck(false,
|
|
|
|
"v8::Context::New()",
|
|
|
|
"Cannot find required extension");
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-02-15 09:27:10 +00:00
|
|
|
bool Genesis::InstallExtension(Isolate* isolate,
|
|
|
|
v8::RegisteredExtension* current,
|
2011-11-15 22:48:55 +00:00
|
|
|
ExtensionStates* extension_states) {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2011-11-15 22:48:55 +00:00
|
|
|
if (extension_states->get_state(current) == INSTALLED) return true;
|
2008-07-03 15:10:15 +00:00
|
|
|
// The current node has already been visited so there must be a
|
|
|
|
// cycle in the dependency graph; fail.
|
2014-01-13 09:42:23 +00:00
|
|
|
if (!Utils::ApiCheck(extension_states->get_state(current) != VISITED,
|
|
|
|
"v8::Context::New()",
|
|
|
|
"Circular extension dependency")) {
|
2008-07-03 15:10:15 +00:00
|
|
|
return false;
|
|
|
|
}
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(extension_states->get_state(current) == UNVISITED);
|
2011-11-15 22:48:55 +00:00
|
|
|
extension_states->set_state(current, VISITED);
|
2008-07-03 15:10:15 +00:00
|
|
|
v8::Extension* extension = current->extension();
|
|
|
|
// Install the extension's dependencies
|
|
|
|
for (int i = 0; i < extension->dependency_count(); i++) {
|
2013-02-15 09:27:10 +00:00
|
|
|
if (!InstallExtension(isolate,
|
|
|
|
extension->dependencies()[i],
|
|
|
|
extension_states)) {
|
2011-11-15 22:48:55 +00:00
|
|
|
return false;
|
2013-02-15 09:27:10 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2014-03-25 09:09:24 +00:00
|
|
|
// We do not expect this to throw an exception. Change this if it does.
|
2014-04-03 12:41:37 +00:00
|
|
|
Handle<String> source_code =
|
|
|
|
isolate->factory()->NewExternalStringFromAscii(
|
|
|
|
extension->source()).ToHandleChecked();
|
2013-02-15 09:27:10 +00:00
|
|
|
bool result = CompileScriptCached(isolate,
|
|
|
|
CStrVector(extension->name()),
|
|
|
|
source_code,
|
|
|
|
isolate->bootstrapper()->extensions_cache(),
|
|
|
|
extension,
|
|
|
|
Handle<Context>(isolate->context()),
|
|
|
|
false);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(isolate->has_pending_exception() != result);
|
2008-07-03 15:10:15 +00:00
|
|
|
if (!result) {
|
2011-10-25 13:43:19 +00:00
|
|
|
// We print out the name of the extension that fail to install.
|
|
|
|
// When an error is thrown during bootstrapping we automatically print
|
|
|
|
// the line number at which this happened to the console in the isolate
|
|
|
|
// error throwing functionality.
|
2014-06-30 13:25:46 +00:00
|
|
|
base::OS::PrintError("Error installing extension '%s'.\n",
|
|
|
|
current->extension()->name());
|
2011-03-28 13:09:37 +00:00
|
|
|
isolate->clear_pending_exception();
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
2011-11-15 22:48:55 +00:00
|
|
|
extension_states->set_state(current, INSTALLED);
|
|
|
|
isolate->NotifyExtensionInstalled();
|
2008-07-03 15:10:15 +00:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-02-11 08:05:33 +00:00
|
|
|
bool Genesis::InstallJSBuiltins(Handle<JSBuiltinsObject> builtins) {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope scope(isolate());
|
2010-02-11 08:05:33 +00:00
|
|
|
for (int i = 0; i < Builtins::NumberOfJavaScriptBuiltins(); i++) {
|
|
|
|
Builtins::JavaScript id = static_cast<Builtins::JavaScript>(i);
|
2014-04-16 13:28:11 +00:00
|
|
|
Handle<Object> function_object = Object::GetProperty(
|
|
|
|
isolate(), builtins, Builtins::GetName(id)).ToHandleChecked();
|
2014-04-09 12:21:47 +00:00
|
|
|
Handle<JSFunction> function = Handle<JSFunction>::cast(function_object);
|
2010-02-11 08:05:33 +00:00
|
|
|
builtins->set_javascript_builtin(id, *function);
|
2014-07-30 13:54:45 +00:00
|
|
|
// TODO(mstarzinger): This is just a temporary hack to make TurboFan work,
|
|
|
|
// the correct solution is to restore the context register after invoking
|
|
|
|
// builtins from full-codegen.
|
|
|
|
function->shared()->set_optimization_disabled(true);
|
2013-12-23 14:30:35 +00:00
|
|
|
if (!Compiler::EnsureCompiled(function, CLEAR_EXCEPTION)) {
|
2011-10-19 12:04:16 +00:00
|
|
|
return false;
|
|
|
|
}
|
2012-06-05 13:15:35 +00:00
|
|
|
builtins->set_javascript_builtin_code(id, function->shared()->code());
|
2010-02-11 08:05:33 +00:00
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
bool Genesis::ConfigureGlobalObjects(
|
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template) {
|
|
|
|
Handle<JSObject> global_proxy(
|
2012-08-17 09:03:08 +00:00
|
|
|
JSObject::cast(native_context()->global_proxy()));
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<JSObject> global_object(
|
2012-08-17 12:59:00 +00:00
|
|
|
JSObject::cast(native_context()->global_object()));
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
|
|
|
if (!global_proxy_template.IsEmpty()) {
|
2008-10-21 20:08:49 +00:00
|
|
|
// Configure the global proxy object.
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<ObjectTemplateInfo> global_proxy_data =
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
v8::Utils::OpenHandle(*global_proxy_template);
|
2014-07-01 12:12:34 +00:00
|
|
|
if (!ConfigureApiObject(global_proxy, global_proxy_data)) return false;
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
// Configure the global object.
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<FunctionTemplateInfo> proxy_constructor(
|
2014-07-01 12:12:34 +00:00
|
|
|
FunctionTemplateInfo::cast(global_proxy_data->constructor()));
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
if (!proxy_constructor->prototype_template()->IsUndefined()) {
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<ObjectTemplateInfo> global_object_data(
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
ObjectTemplateInfo::cast(proxy_constructor->prototype_template()));
|
2014-07-01 12:12:34 +00:00
|
|
|
if (!ConfigureApiObject(global_object, global_object_data)) return false;
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
}
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
SetObjectPrototype(global_proxy, global_object);
|
2013-05-13 07:35:26 +00:00
|
|
|
|
|
|
|
native_context()->set_initial_array_prototype(
|
|
|
|
JSArray::cast(native_context()->array_function()->prototype()));
|
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2008-10-21 20:08:49 +00:00
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
bool Genesis::ConfigureApiObject(Handle<JSObject> object,
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<ObjectTemplateInfo> object_template) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!object_template.is_null());
|
|
|
|
DCHECK(FunctionTemplateInfo::cast(object_template->constructor())
|
2013-11-19 13:38:15 +00:00
|
|
|
->IsTemplateFor(object->map()));;
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
|
2014-04-11 10:41:09 +00:00
|
|
|
MaybeHandle<JSObject> maybe_obj =
|
|
|
|
Execution::InstantiateObject(object_template);
|
|
|
|
Handle<JSObject> obj;
|
|
|
|
if (!maybe_obj.ToHandle(&obj)) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(isolate()->has_pending_exception());
|
2011-04-14 08:01:19 +00:00
|
|
|
isolate()->clear_pending_exception();
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
TransferObject(obj, object);
|
2008-07-03 15:10:15 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::TransferNamedProperties(Handle<JSObject> from,
|
|
|
|
Handle<JSObject> to) {
|
|
|
|
if (from->HasFastProperties()) {
|
|
|
|
Handle<DescriptorArray> descs =
|
|
|
|
Handle<DescriptorArray>(from->map()->instance_descriptors());
|
2013-05-07 13:09:23 +00:00
|
|
|
for (int i = 0; i < from->map()->NumberOfOwnDescriptors(); i++) {
|
2012-04-17 07:16:19 +00:00
|
|
|
PropertyDetails details = descs->GetDetails(i);
|
2008-07-03 15:10:15 +00:00
|
|
|
switch (details.type()) {
|
|
|
|
case FIELD: {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope inner(isolate());
|
2013-03-04 15:00:57 +00:00
|
|
|
Handle<Name> key = Handle<Name>(descs->GetKey(i));
|
2014-06-10 14:01:08 +00:00
|
|
|
FieldIndex index = FieldIndex::ForDescriptor(from->map(), i);
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!descs->GetDetails(i).representation().IsDouble());
|
2013-05-08 15:02:08 +00:00
|
|
|
Handle<Object> value = Handle<Object>(from->RawFastPropertyAt(index),
|
2013-02-25 14:46:09 +00:00
|
|
|
isolate());
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(to, key, value, details.attributes());
|
2008-07-03 15:10:15 +00:00
|
|
|
break;
|
|
|
|
}
|
2013-07-24 12:34:50 +00:00
|
|
|
case CONSTANT: {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope inner(isolate());
|
2013-03-04 15:00:57 +00:00
|
|
|
Handle<Name> key = Handle<Name>(descs->GetKey(i));
|
2013-07-24 12:34:50 +00:00
|
|
|
Handle<Object> constant(descs->GetConstant(i), isolate());
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(to, key, constant, details.attributes());
|
2008-07-03 15:10:15 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
case CALLBACKS: {
|
2011-10-18 11:18:55 +00:00
|
|
|
LookupResult result(isolate());
|
2014-04-29 13:43:17 +00:00
|
|
|
Handle<Name> key(Name::cast(descs->GetKey(i)), isolate());
|
2014-05-22 15:27:57 +00:00
|
|
|
to->LookupOwn(key, &result);
|
2008-07-03 15:10:15 +00:00
|
|
|
// If the property is already there we skip it
|
2012-07-16 14:47:28 +00:00
|
|
|
if (result.IsFound()) continue;
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope inner(isolate());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!to->HasFastProperties());
|
2010-03-23 11:40:38 +00:00
|
|
|
// Add to dictionary.
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> callbacks(descs->GetCallbacksObject(i), isolate());
|
2013-05-07 13:09:23 +00:00
|
|
|
PropertyDetails d = PropertyDetails(
|
|
|
|
details.attributes(), CALLBACKS, i + 1);
|
2012-01-05 17:16:19 +00:00
|
|
|
JSObject::SetNormalizedProperty(to, key, callbacks, d);
|
2008-07-03 15:10:15 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
case NORMAL:
|
|
|
|
// Do not occur since the from object has fast properties.
|
2011-05-16 16:33:58 +00:00
|
|
|
case HANDLER:
|
2008-07-03 15:10:15 +00:00
|
|
|
case INTERCEPTOR:
|
2012-06-25 13:10:54 +00:00
|
|
|
case NONEXISTENT:
|
2011-05-16 16:33:58 +00:00
|
|
|
// No element in instance descriptors have proxy or interceptor type.
|
2008-07-03 15:10:15 +00:00
|
|
|
UNREACHABLE();
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
2013-03-04 15:00:57 +00:00
|
|
|
Handle<NameDictionary> properties =
|
|
|
|
Handle<NameDictionary>(from->property_dictionary());
|
2008-07-03 15:10:15 +00:00
|
|
|
int capacity = properties->Capacity();
|
|
|
|
for (int i = 0; i < capacity; i++) {
|
|
|
|
Object* raw_key(properties->KeyAt(i));
|
|
|
|
if (properties->IsKey(raw_key)) {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(raw_key->IsName());
|
2008-07-03 15:10:15 +00:00
|
|
|
// If the property is already there we skip it.
|
2011-10-18 11:18:55 +00:00
|
|
|
LookupResult result(isolate());
|
2014-04-29 13:43:17 +00:00
|
|
|
Handle<Name> key(Name::cast(raw_key));
|
2014-05-22 15:27:57 +00:00
|
|
|
to->LookupOwn(key, &result);
|
2012-07-16 14:47:28 +00:00
|
|
|
if (result.IsFound()) continue;
|
2008-07-03 15:10:15 +00:00
|
|
|
// Set the property.
|
2013-02-25 14:46:09 +00:00
|
|
|
Handle<Object> value = Handle<Object>(properties->ValueAt(i),
|
|
|
|
isolate());
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!value->IsCell());
|
2013-06-14 16:06:12 +00:00
|
|
|
if (value->IsPropertyCell()) {
|
|
|
|
value = Handle<Object>(PropertyCell::cast(*value)->value(),
|
2013-02-25 14:46:09 +00:00
|
|
|
isolate());
|
2009-06-30 10:05:36 +00:00
|
|
|
}
|
2008-07-03 15:10:15 +00:00
|
|
|
PropertyDetails details = properties->DetailsAt(i);
|
2014-06-30 13:48:57 +00:00
|
|
|
JSObject::AddProperty(to, key, value, details.attributes());
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::TransferIndexedProperties(Handle<JSObject> from,
|
|
|
|
Handle<JSObject> to) {
|
|
|
|
// Cloning the elements array is sufficient.
|
|
|
|
Handle<FixedArray> from_elements =
|
|
|
|
Handle<FixedArray>(FixedArray::cast(from->elements()));
|
2013-06-04 10:30:05 +00:00
|
|
|
Handle<FixedArray> to_elements = factory()->CopyFixedArray(from_elements);
|
2008-07-03 15:10:15 +00:00
|
|
|
to->set_elements(*to_elements);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::TransferObject(Handle<JSObject> from, Handle<JSObject> to) {
|
2013-02-15 09:27:10 +00:00
|
|
|
HandleScope outer(isolate());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!from->IsJSArray());
|
|
|
|
DCHECK(!to->IsJSArray());
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
TransferNamedProperties(from, to);
|
|
|
|
TransferIndexedProperties(from, to);
|
|
|
|
|
|
|
|
// Transfer the prototype (new map is needed).
|
2014-06-24 14:53:48 +00:00
|
|
|
Handle<Object> proto(from->map()->prototype(), isolate());
|
|
|
|
SetObjectPrototype(to, proto);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Genesis::MakeFunctionInstancePrototypeWritable() {
|
2011-03-17 20:28:17 +00:00
|
|
|
// The maps with writable prototype are created in CreateEmptyFunction
|
|
|
|
// and CreateStrictModeFunctionMaps respectively. Initially the maps are
|
|
|
|
// created with read-only prototype for JS builtins processing.
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!sloppy_function_map_writable_prototype_.is_null());
|
|
|
|
DCHECK(!strict_function_map_writable_prototype_.is_null());
|
2011-03-17 20:28:17 +00:00
|
|
|
|
|
|
|
// Replace function instance maps to make prototype writable.
|
2014-03-11 14:41:22 +00:00
|
|
|
native_context()->set_sloppy_function_map(
|
|
|
|
*sloppy_function_map_writable_prototype_);
|
|
|
|
native_context()->set_strict_function_map(
|
|
|
|
*strict_function_map_writable_prototype_);
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-01-29 14:18:55 +00:00
|
|
|
class NoTrackDoubleFieldsForSerializerScope {
|
|
|
|
public:
|
2014-04-25 08:40:23 +00:00
|
|
|
explicit NoTrackDoubleFieldsForSerializerScope(Isolate* isolate)
|
2014-05-22 09:36:20 +00:00
|
|
|
: flag_(FLAG_track_double_fields) {
|
|
|
|
if (isolate->serializer_enabled()) {
|
2014-01-29 14:18:55 +00:00
|
|
|
// Disable tracking double fields because heap numbers treated as
|
|
|
|
// immutable by the serializer.
|
|
|
|
FLAG_track_double_fields = false;
|
|
|
|
}
|
|
|
|
}
|
2014-04-30 09:50:58 +00:00
|
|
|
|
2014-01-29 14:18:55 +00:00
|
|
|
~NoTrackDoubleFieldsForSerializerScope() {
|
2014-05-22 09:36:20 +00:00
|
|
|
FLAG_track_double_fields = flag_;
|
2014-01-29 14:18:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
private:
|
|
|
|
bool flag_;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2011-04-14 08:01:19 +00:00
|
|
|
Genesis::Genesis(Isolate* isolate,
|
2014-07-01 12:12:34 +00:00
|
|
|
MaybeHandle<JSGlobalProxy> maybe_global_proxy,
|
|
|
|
v8::Handle<v8::ObjectTemplate> global_proxy_template,
|
2013-02-15 09:27:10 +00:00
|
|
|
v8::ExtensionConfiguration* extensions)
|
|
|
|
: isolate_(isolate),
|
|
|
|
active_(isolate->bootstrapper()) {
|
2014-04-25 08:40:23 +00:00
|
|
|
NoTrackDoubleFieldsForSerializerScope disable_scope(isolate);
|
2009-07-07 11:41:21 +00:00
|
|
|
result_ = Handle<Context>::null();
|
2013-09-02 17:06:08 +00:00
|
|
|
// If V8 cannot be initialized, just return.
|
|
|
|
if (!V8::Initialize(NULL)) return;
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// Before creating the roots we must save the context and restore it
|
|
|
|
// on all function exits.
|
2011-03-18 20:35:07 +00:00
|
|
|
SaveContext saved_context(isolate);
|
2010-03-23 11:40:38 +00:00
|
|
|
|
2012-04-05 14:01:39 +00:00
|
|
|
// During genesis, the boilerplate for stack overflow won't work until the
|
|
|
|
// environment has been at least partially initialized. Add a stack check
|
|
|
|
// before entering JS code to catch overflow early.
|
2013-02-15 09:27:10 +00:00
|
|
|
StackLimitCheck check(isolate);
|
2014-03-28 14:16:11 +00:00
|
|
|
if (check.HasOverflowed()) return;
|
2012-04-05 14:01:39 +00:00
|
|
|
|
2013-06-28 13:40:41 +00:00
|
|
|
// We can only de-serialize a context if the isolate was initialized from
|
|
|
|
// a snapshot. Otherwise we have to build the context from scratch.
|
|
|
|
if (isolate->initialized_from_snapshot()) {
|
2013-09-03 11:54:08 +00:00
|
|
|
native_context_ = Snapshot::NewContextFromSnapshot(isolate);
|
2013-06-28 13:40:41 +00:00
|
|
|
} else {
|
|
|
|
native_context_ = Handle<Context>();
|
|
|
|
}
|
|
|
|
|
2013-03-18 17:36:47 +00:00
|
|
|
if (!native_context().is_null()) {
|
|
|
|
AddToWeakNativeContextList(*native_context());
|
|
|
|
isolate->set_context(*native_context());
|
2011-03-18 20:35:07 +00:00
|
|
|
isolate->counters()->contexts_created_by_snapshot()->Increment();
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<GlobalObject> global_object;
|
|
|
|
Handle<JSGlobalProxy> global_proxy = CreateNewGlobals(
|
|
|
|
global_proxy_template, maybe_global_proxy, &global_object);
|
|
|
|
|
|
|
|
HookUpGlobalProxy(global_object, global_proxy);
|
|
|
|
HookUpGlobalObject(global_object);
|
|
|
|
native_context()->builtins()->set_global_proxy(
|
2014-01-07 10:46:39 +00:00
|
|
|
native_context()->global_proxy());
|
2010-03-23 11:40:38 +00:00
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
if (!ConfigureGlobalObjects(global_proxy_template)) return;
|
2010-03-23 11:40:38 +00:00
|
|
|
} else {
|
|
|
|
// We get here if there was no context snapshot.
|
|
|
|
CreateRoots();
|
2011-04-14 08:01:19 +00:00
|
|
|
Handle<JSFunction> empty_function = CreateEmptyFunction(isolate);
|
2011-03-17 20:28:17 +00:00
|
|
|
CreateStrictModeFunctionMaps(empty_function);
|
2014-07-01 12:12:34 +00:00
|
|
|
Handle<GlobalObject> global_object;
|
|
|
|
Handle<JSGlobalProxy> global_proxy = CreateNewGlobals(
|
|
|
|
global_proxy_template, maybe_global_proxy, &global_object);
|
|
|
|
HookUpGlobalProxy(global_object, global_proxy);
|
|
|
|
InitializeGlobal(global_object, empty_function);
|
2010-04-14 14:46:15 +00:00
|
|
|
InstallJSFunctionResultCaches();
|
2010-08-25 13:25:54 +00:00
|
|
|
InitializeNormalizedMapCaches();
|
2010-05-12 12:44:00 +00:00
|
|
|
if (!InstallNatives()) return;
|
2010-03-23 11:40:38 +00:00
|
|
|
|
|
|
|
MakeFunctionInstancePrototypeWritable();
|
|
|
|
|
2014-07-01 12:12:34 +00:00
|
|
|
if (!ConfigureGlobalObjects(global_proxy_template)) return;
|
2014-02-12 13:27:13 +00:00
|
|
|
isolate->counters()->contexts_created_from_scratch()->Increment();
|
2010-03-23 11:40:38 +00:00
|
|
|
}
|
2008-08-14 13:41:48 +00:00
|
|
|
|
2011-08-03 11:55:13 +00:00
|
|
|
// Initialize experimental globals and install experimental natives.
|
|
|
|
InitializeExperimentalGlobal();
|
2011-04-15 12:31:03 +00:00
|
|
|
if (!InstallExperimentalNatives()) return;
|
|
|
|
|
2013-11-22 11:35:39 +00:00
|
|
|
// We can't (de-)serialize typed arrays currently, but we are lucky: The state
|
|
|
|
// of the random number generator needs no initialization during snapshot
|
|
|
|
// creation time and we don't need trigonometric functions then.
|
2014-05-22 09:36:20 +00:00
|
|
|
if (!isolate->serializer_enabled()) {
|
2013-11-22 11:35:39 +00:00
|
|
|
// Initially seed the per-context random number generator using the
|
|
|
|
// per-isolate random number generator.
|
|
|
|
const int num_elems = 2;
|
|
|
|
const int num_bytes = num_elems * sizeof(uint32_t);
|
|
|
|
uint32_t* state = reinterpret_cast<uint32_t*>(malloc(num_bytes));
|
|
|
|
|
|
|
|
do {
|
|
|
|
isolate->random_number_generator()->NextBytes(state, num_bytes);
|
|
|
|
} while (state[0] == 0 || state[1] == 0);
|
|
|
|
|
2013-11-28 08:21:26 +00:00
|
|
|
v8::Local<v8::ArrayBuffer> buffer = v8::ArrayBuffer::New(
|
|
|
|
reinterpret_cast<v8::Isolate*>(isolate), state, num_bytes);
|
2013-11-22 11:35:39 +00:00
|
|
|
Utils::OpenHandle(*buffer)->set_should_be_freed(true);
|
|
|
|
v8::Local<v8::Uint32Array> ta = v8::Uint32Array::New(buffer, 0, num_elems);
|
2013-11-22 08:25:50 +00:00
|
|
|
Handle<JSBuiltinsObject> builtins(native_context()->builtins());
|
2014-06-27 13:48:37 +00:00
|
|
|
Runtime::DefineObjectProperty(builtins,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("rngstate")),
|
|
|
|
Utils::OpenHandle(*ta),
|
|
|
|
NONE).Assert();
|
2013-11-22 11:35:39 +00:00
|
|
|
|
2013-11-22 08:25:50 +00:00
|
|
|
// Initialize trigonometric lookup tables and constants.
|
|
|
|
const int table_num_bytes = TrigonometricLookupTable::table_num_bytes();
|
|
|
|
v8::Local<v8::ArrayBuffer> sin_buffer = v8::ArrayBuffer::New(
|
2013-11-28 08:21:26 +00:00
|
|
|
reinterpret_cast<v8::Isolate*>(isolate),
|
2013-11-22 08:25:50 +00:00
|
|
|
TrigonometricLookupTable::sin_table(), table_num_bytes);
|
|
|
|
v8::Local<v8::ArrayBuffer> cos_buffer = v8::ArrayBuffer::New(
|
2013-11-28 08:21:26 +00:00
|
|
|
reinterpret_cast<v8::Isolate*>(isolate),
|
2013-11-22 08:25:50 +00:00
|
|
|
TrigonometricLookupTable::cos_x_interval_table(), table_num_bytes);
|
|
|
|
v8::Local<v8::Float64Array> sin_table = v8::Float64Array::New(
|
|
|
|
sin_buffer, 0, TrigonometricLookupTable::table_size());
|
|
|
|
v8::Local<v8::Float64Array> cos_table = v8::Float64Array::New(
|
|
|
|
cos_buffer, 0, TrigonometricLookupTable::table_size());
|
|
|
|
|
2014-06-27 13:48:37 +00:00
|
|
|
Runtime::DefineObjectProperty(builtins,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("kSinTable")),
|
|
|
|
Utils::OpenHandle(*sin_table),
|
|
|
|
NONE).Assert();
|
|
|
|
Runtime::DefineObjectProperty(
|
2014-04-04 12:06:11 +00:00
|
|
|
builtins,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("kCosXIntervalTable")),
|
|
|
|
Utils::OpenHandle(*cos_table),
|
|
|
|
NONE).Assert();
|
2014-06-27 13:48:37 +00:00
|
|
|
Runtime::DefineObjectProperty(
|
2014-04-04 12:06:11 +00:00
|
|
|
builtins,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("kSamples")),
|
|
|
|
factory()->NewHeapNumber(
|
|
|
|
TrigonometricLookupTable::samples()),
|
|
|
|
NONE).Assert();
|
2014-06-27 13:48:37 +00:00
|
|
|
Runtime::DefineObjectProperty(
|
2014-04-04 12:06:11 +00:00
|
|
|
builtins,
|
|
|
|
factory()->InternalizeOneByteString(
|
|
|
|
STATIC_ASCII_VECTOR("kIndexConvert")),
|
|
|
|
factory()->NewHeapNumber(
|
|
|
|
TrigonometricLookupTable::samples_over_pi_half()),
|
|
|
|
NONE).Assert();
|
2013-11-22 08:25:50 +00:00
|
|
|
}
|
|
|
|
|
2013-03-18 17:36:47 +00:00
|
|
|
result_ = native_context();
|
2008-07-03 15:10:15 +00:00
|
|
|
}
|
|
|
|
|
2009-01-26 18:09:46 +00:00
|
|
|
|
|
|
|
// Support for thread preemption.
|
|
|
|
|
|
|
|
// Reserve space for statics needing saving and restoring.
|
|
|
|
int Bootstrapper::ArchiveSpacePerThread() {
|
2011-03-18 20:35:07 +00:00
|
|
|
return sizeof(NestingCounterType);
|
2009-01-26 18:09:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-05-22 15:27:57 +00:00
|
|
|
// Archive statics that are thread-local.
|
2009-01-26 18:09:46 +00:00
|
|
|
char* Bootstrapper::ArchiveState(char* to) {
|
2011-03-18 20:35:07 +00:00
|
|
|
*reinterpret_cast<NestingCounterType*>(to) = nesting_;
|
|
|
|
nesting_ = 0;
|
|
|
|
return to + sizeof(NestingCounterType);
|
2009-01-26 18:09:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-05-22 15:27:57 +00:00
|
|
|
// Restore statics that are thread-local.
|
2009-01-26 18:09:46 +00:00
|
|
|
char* Bootstrapper::RestoreState(char* from) {
|
2011-03-18 20:35:07 +00:00
|
|
|
nesting_ = *reinterpret_cast<NestingCounterType*>(from);
|
|
|
|
return from + sizeof(NestingCounterType);
|
2009-01-26 18:09:46 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-09-28 12:25:21 +00:00
|
|
|
// Called when the top-level V8 mutex is destroyed.
|
|
|
|
void Bootstrapper::FreeThreadResources() {
|
2014-08-04 11:34:54 +00:00
|
|
|
DCHECK(!IsActive());
|
2009-01-26 18:09:46 +00:00
|
|
|
}
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
} } // namespace v8::internal
|