2008-09-09 20:08:45 +00:00
|
|
|
// Copyright 2006-2008 the V8 project authors. All rights reserved.
|
2008-07-03 15:10:15 +00:00
|
|
|
// Redistribution and use in source and binary forms, with or without
|
|
|
|
// modification, are permitted provided that the following conditions are
|
|
|
|
// met:
|
|
|
|
//
|
|
|
|
// * Redistributions of source code must retain the above copyright
|
|
|
|
// notice, this list of conditions and the following disclaimer.
|
|
|
|
// * Redistributions in binary form must reproduce the above
|
|
|
|
// copyright notice, this list of conditions and the following
|
|
|
|
// disclaimer in the documentation and/or other materials provided
|
|
|
|
// with the distribution.
|
|
|
|
// * Neither the name of Google Inc. nor the names of its
|
|
|
|
// contributors may be used to endorse or promote products derived
|
|
|
|
// from this software without specific prior written permission.
|
|
|
|
//
|
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
// "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
// LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
// A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
// OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
|
|
// LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
|
|
// DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
|
|
// THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
|
|
// (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
|
|
|
|
// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
#ifndef V8_HANDLES_H_
|
|
|
|
#define V8_HANDLES_H_
|
|
|
|
|
2009-01-23 17:22:23 +00:00
|
|
|
#include "apiutils.h"
|
|
|
|
|
2009-05-25 10:05:56 +00:00
|
|
|
namespace v8 {
|
|
|
|
namespace internal {
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
// A Handle provides a reference to an object that survives relocation by
|
|
|
|
// the garbage collector.
|
2009-01-23 17:22:23 +00:00
|
|
|
// Handles are only valid within a HandleScope.
|
2008-07-03 15:10:15 +00:00
|
|
|
// When a handle is created for an object a cell is allocated in the heap.
|
|
|
|
|
|
|
|
template<class T>
|
|
|
|
class Handle {
|
|
|
|
public:
|
|
|
|
INLINE(Handle(T** location)) { location_ = location; }
|
|
|
|
INLINE(explicit Handle(T* obj));
|
|
|
|
|
|
|
|
INLINE(Handle()) : location_(NULL) {}
|
|
|
|
|
|
|
|
// Constructor for handling automatic up casting.
|
|
|
|
// Ex. Handle<JSFunction> can be passed when Handle<Object> is expected.
|
|
|
|
template <class S> Handle(Handle<S> handle) {
|
|
|
|
#ifdef DEBUG
|
|
|
|
T* a = NULL;
|
|
|
|
S* b = NULL;
|
|
|
|
a = b; // Fake assignment to enforce type checks.
|
|
|
|
USE(a);
|
|
|
|
#endif
|
|
|
|
location_ = reinterpret_cast<T**>(handle.location());
|
|
|
|
}
|
|
|
|
|
|
|
|
INLINE(T* operator ->() const) { return operator*(); }
|
|
|
|
|
|
|
|
// Check if this handle refers to the exact same object as the other handle.
|
|
|
|
bool is_identical_to(const Handle<T> other) const {
|
|
|
|
return operator*() == *other;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Provides the C++ dereference operator.
|
|
|
|
INLINE(T* operator*() const);
|
|
|
|
|
|
|
|
// Returns the address to where the raw pointer is stored.
|
|
|
|
T** location() const {
|
|
|
|
ASSERT(location_ == NULL ||
|
|
|
|
reinterpret_cast<Address>(*location_) != kZapValue);
|
|
|
|
return location_;
|
|
|
|
}
|
|
|
|
|
|
|
|
template <class S> static Handle<T> cast(Handle<S> that) {
|
|
|
|
T::cast(*that);
|
|
|
|
return Handle<T>(reinterpret_cast<T**>(that.location()));
|
|
|
|
}
|
|
|
|
|
|
|
|
static Handle<T> null() { return Handle<T>(); }
|
|
|
|
bool is_null() {return location_ == NULL; }
|
|
|
|
|
|
|
|
// Closes the given scope, but lets this handle escape. See
|
|
|
|
// implementation in api.h.
|
2009-01-23 17:48:58 +00:00
|
|
|
inline Handle<T> EscapeFrom(v8::HandleScope* scope);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
private:
|
|
|
|
T** location_;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2009-01-23 17:22:23 +00:00
|
|
|
// A stack-allocated class that governs a number of local handles.
|
|
|
|
// After a handle scope has been created, all local handles will be
|
|
|
|
// allocated within that handle scope until either the handle scope is
|
|
|
|
// deleted or another handle scope is created. If there is already a
|
|
|
|
// handle scope and a new one is created, all allocations will take
|
|
|
|
// place in the new handle scope until it is deleted. After that,
|
|
|
|
// new handles will again be allocated in the original handle scope.
|
|
|
|
//
|
|
|
|
// After the handle scope of a local handle has been deleted the
|
|
|
|
// garbage collector will no longer track the object stored in the
|
|
|
|
// handle and may deallocate it. The behavior of accessing a handle
|
|
|
|
// for which the handle scope has been deleted is undefined.
|
|
|
|
class HandleScope {
|
|
|
|
public:
|
|
|
|
HandleScope() : previous_(current_) {
|
|
|
|
current_.extensions = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
~HandleScope() {
|
|
|
|
Leave(&previous_);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Counts the number of allocated handles.
|
|
|
|
static int NumberOfHandles();
|
|
|
|
|
|
|
|
// Creates a new handle with the given value.
|
2009-06-08 07:16:04 +00:00
|
|
|
static inline Object** CreateHandle(Object* value) {
|
2009-03-18 18:50:35 +00:00
|
|
|
void** result = current_.next;
|
|
|
|
if (result == current_.limit) result = Extend();
|
|
|
|
// Update the current next field, set the value in the created
|
|
|
|
// handle, and return the result.
|
|
|
|
ASSERT(result < current_.limit);
|
|
|
|
current_.next = result + 1;
|
2009-06-08 07:16:04 +00:00
|
|
|
*reinterpret_cast<Object**>(result) = value;
|
|
|
|
return reinterpret_cast<Object**>(result);
|
2009-03-18 18:50:35 +00:00
|
|
|
}
|
2009-01-23 17:22:23 +00:00
|
|
|
|
|
|
|
private:
|
|
|
|
// Prevent heap allocation or illegal handle scopes.
|
|
|
|
HandleScope(const HandleScope&);
|
|
|
|
void operator=(const HandleScope&);
|
|
|
|
void* operator new(size_t size);
|
|
|
|
void operator delete(void* size_t);
|
|
|
|
|
|
|
|
static v8::ImplementationUtilities::HandleScopeData current_;
|
|
|
|
const v8::ImplementationUtilities::HandleScopeData previous_;
|
|
|
|
|
|
|
|
// Pushes a fresh handle scope to be used when allocating new handles.
|
|
|
|
static void Enter(
|
|
|
|
v8::ImplementationUtilities::HandleScopeData* previous) {
|
|
|
|
*previous = current_;
|
|
|
|
current_.extensions = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Re-establishes the previous scope state. Should be called only
|
|
|
|
// once, and only for the current scope.
|
|
|
|
static void Leave(
|
|
|
|
const v8::ImplementationUtilities::HandleScopeData* previous) {
|
|
|
|
if (current_.extensions > 0) {
|
|
|
|
DeleteExtensions();
|
|
|
|
}
|
|
|
|
current_ = *previous;
|
|
|
|
#ifdef DEBUG
|
|
|
|
ZapRange(current_.next, current_.limit);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
2009-03-18 18:50:35 +00:00
|
|
|
// Extend the handle scope making room for more handles.
|
|
|
|
static void** Extend();
|
|
|
|
|
2009-01-23 17:22:23 +00:00
|
|
|
// Deallocates any extensions used by the current scope.
|
|
|
|
static void DeleteExtensions();
|
|
|
|
|
|
|
|
// Zaps the handles in the half-open interval [start, end).
|
|
|
|
static void ZapRange(void** start, void** end);
|
|
|
|
|
|
|
|
friend class v8::HandleScope;
|
|
|
|
friend class v8::ImplementationUtilities;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
// Handle operations.
|
|
|
|
// They might invoke garbage collection. The result is an handle to
|
|
|
|
// an object of expected type, or the handle is an error if running out
|
2009-01-15 19:08:34 +00:00
|
|
|
// of space or encountering an internal error.
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-01-12 10:59:58 +00:00
|
|
|
void NormalizeProperties(Handle<JSObject> object,
|
|
|
|
PropertyNormalizationMode mode);
|
2008-07-03 15:10:15 +00:00
|
|
|
void NormalizeElements(Handle<JSObject> object);
|
|
|
|
void TransformToFastProperties(Handle<JSObject> object,
|
|
|
|
int unused_property_fields);
|
|
|
|
void FlattenString(Handle<String> str);
|
|
|
|
|
|
|
|
Handle<Object> SetProperty(Handle<JSObject> object,
|
|
|
|
Handle<String> key,
|
|
|
|
Handle<Object> value,
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
|
|
|
Handle<Object> SetProperty(Handle<Object> object,
|
|
|
|
Handle<Object> key,
|
|
|
|
Handle<Object> value,
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
2009-04-21 13:28:11 +00:00
|
|
|
Handle<Object> ForceSetProperty(Handle<JSObject> object,
|
|
|
|
Handle<Object> key,
|
|
|
|
Handle<Object> value,
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
2009-06-08 09:46:09 +00:00
|
|
|
Handle<Object> ForceDeleteProperty(Handle<JSObject> object,
|
|
|
|
Handle<Object> key);
|
|
|
|
|
2008-10-02 13:45:21 +00:00
|
|
|
Handle<Object> IgnoreAttributesAndSetLocalProperty(Handle<JSObject> object,
|
|
|
|
Handle<String> key,
|
|
|
|
Handle<Object> value,
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> SetPropertyWithInterceptor(Handle<JSObject> object,
|
|
|
|
Handle<String> key,
|
|
|
|
Handle<Object> value,
|
|
|
|
PropertyAttributes attributes);
|
|
|
|
|
|
|
|
Handle<Object> SetElement(Handle<JSObject> object,
|
|
|
|
uint32_t index,
|
|
|
|
Handle<Object> value);
|
|
|
|
|
|
|
|
Handle<Object> GetProperty(Handle<JSObject> obj,
|
|
|
|
const char* name);
|
|
|
|
|
|
|
|
Handle<Object> GetProperty(Handle<Object> obj,
|
|
|
|
Handle<Object> key);
|
|
|
|
|
|
|
|
Handle<Object> GetPropertyWithInterceptor(Handle<JSObject> receiver,
|
|
|
|
Handle<JSObject> holder,
|
|
|
|
Handle<String> name,
|
|
|
|
PropertyAttributes* attributes);
|
|
|
|
|
|
|
|
Handle<Object> GetPrototype(Handle<Object> obj);
|
|
|
|
|
2009-05-12 22:07:10 +00:00
|
|
|
// Return the object's hidden properties object. If the object has no hidden
|
|
|
|
// properties and create_if_needed is true, then a new hidden property object
|
|
|
|
// will be allocated. Otherwise the Heap::undefined_value is returned.
|
2009-03-19 18:50:00 +00:00
|
|
|
Handle<Object> GetHiddenProperties(Handle<JSObject> obj, bool create_if_needed);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<Object> DeleteElement(Handle<JSObject> obj, uint32_t index);
|
|
|
|
Handle<Object> DeleteProperty(Handle<JSObject> obj, Handle<String> prop);
|
|
|
|
|
2008-08-29 08:48:06 +00:00
|
|
|
Handle<Object> LookupSingleCharacterStringFromCode(uint32_t index);
|
|
|
|
|
2008-10-22 08:21:18 +00:00
|
|
|
Handle<JSObject> Copy(Handle<JSObject> obj);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
2009-02-03 13:00:40 +00:00
|
|
|
Handle<FixedArray> AddKeysFromJSArray(Handle<FixedArray>,
|
|
|
|
Handle<JSArray> array);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Get the JS object corresponding to the given script; create it
|
|
|
|
// if none exists.
|
|
|
|
Handle<JSValue> GetScriptWrapper(Handle<Script> script);
|
|
|
|
|
2009-03-10 15:08:45 +00:00
|
|
|
// Script line number computations.
|
|
|
|
void InitScriptLineEnds(Handle<Script> script);
|
|
|
|
int GetScriptLineNumber(Handle<Script> script, int code_position);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
// Computes the enumerable keys from interceptors. Used for debug mirrors and
|
|
|
|
// by GetKeysInFixedArrayFor below.
|
|
|
|
v8::Handle<v8::Array> GetKeysForNamedInterceptor(Handle<JSObject> receiver,
|
|
|
|
Handle<JSObject> object);
|
|
|
|
v8::Handle<v8::Array> GetKeysForIndexedInterceptor(Handle<JSObject> receiver,
|
|
|
|
Handle<JSObject> object);
|
|
|
|
// Computes the enumerable keys for a JSObject. Used for implementing
|
|
|
|
// "for (n in object) { }".
|
|
|
|
Handle<FixedArray> GetKeysInFixedArrayFor(Handle<JSObject> object);
|
|
|
|
Handle<JSArray> GetKeysFor(Handle<JSObject> object);
|
|
|
|
Handle<FixedArray> GetEnumPropertyKeys(Handle<JSObject> object);
|
|
|
|
|
|
|
|
// Computes the union of keys and return the result.
|
|
|
|
// Used for implementing "for (n in object) { }"
|
|
|
|
Handle<FixedArray> UnionOfKeys(Handle<FixedArray> first,
|
|
|
|
Handle<FixedArray> second);
|
|
|
|
|
|
|
|
Handle<String> SubString(Handle<String> str, int start, int end);
|
|
|
|
|
|
|
|
|
|
|
|
// Sets the expected number of properties for the function's instances.
|
|
|
|
void SetExpectedNofProperties(Handle<JSFunction> func, int nof);
|
|
|
|
|
|
|
|
// Sets the prototype property for a function instance.
|
|
|
|
void SetPrototypeProperty(Handle<JSFunction> func, Handle<JSObject> value);
|
|
|
|
|
|
|
|
// Sets the expected number of properties based on estimate from compiler.
|
|
|
|
void SetExpectedNofPropertiesFromEstimate(Handle<SharedFunctionInfo> shared,
|
|
|
|
int estimate);
|
|
|
|
void SetExpectedNofPropertiesFromEstimate(Handle<JSFunction> func,
|
|
|
|
int estimate);
|
|
|
|
|
|
|
|
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<JSGlobalProxy> ReinitializeJSGlobalProxy(
|
2008-07-03 15:10:15 +00:00
|
|
|
Handle<JSFunction> constructor,
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<JSGlobalProxy> global);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
Handle<Object> SetPrototype(Handle<JSFunction> function,
|
|
|
|
Handle<Object> prototype);
|
|
|
|
|
|
|
|
|
|
|
|
// Do lazy compilation of the given function. Returns true on success
|
|
|
|
// and false if the compilation resulted in a stack overflow.
|
|
|
|
enum ClearExceptionFlag { KEEP_EXCEPTION, CLEAR_EXCEPTION };
|
2008-11-17 05:50:52 +00:00
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
bool CompileLazyShared(Handle<SharedFunctionInfo> shared,
|
2008-11-17 05:50:52 +00:00
|
|
|
ClearExceptionFlag flag,
|
|
|
|
int loop_nesting);
|
|
|
|
|
2008-07-03 15:10:15 +00:00
|
|
|
bool CompileLazy(Handle<JSFunction> function, ClearExceptionFlag flag);
|
2008-11-17 05:50:52 +00:00
|
|
|
bool CompileLazyInLoop(Handle<JSFunction> function, ClearExceptionFlag flag);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
// These deal with lazily loaded properties.
|
2009-04-24 08:13:09 +00:00
|
|
|
void SetupLazy(Handle<JSObject> obj,
|
2008-07-03 15:10:15 +00:00
|
|
|
int index,
|
|
|
|
Handle<Context> compile_context,
|
Split window support from V8.
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
2008-10-21 19:07:58 +00:00
|
|
|
Handle<Context> function_context);
|
2009-04-24 08:13:09 +00:00
|
|
|
void LoadLazy(Handle<JSObject> obj, bool* pending_exception);
|
2008-07-03 15:10:15 +00:00
|
|
|
|
|
|
|
class NoHandleAllocation BASE_EMBEDDED {
|
|
|
|
public:
|
|
|
|
#ifndef DEBUG
|
|
|
|
NoHandleAllocation() {}
|
|
|
|
~NoHandleAllocation() {}
|
|
|
|
#else
|
|
|
|
inline NoHandleAllocation();
|
|
|
|
inline ~NoHandleAllocation();
|
|
|
|
private:
|
|
|
|
int extensions_;
|
|
|
|
#endif
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
// ----------------------------------------------------------------------------
|
|
|
|
|
|
|
|
|
|
|
|
// Stack allocated wrapper call for optimizing adding multiple
|
|
|
|
// properties to an object.
|
|
|
|
class OptimizedObjectForAddingMultipleProperties BASE_EMBEDDED {
|
|
|
|
public:
|
|
|
|
OptimizedObjectForAddingMultipleProperties(Handle<JSObject> object,
|
|
|
|
bool condition = true);
|
|
|
|
~OptimizedObjectForAddingMultipleProperties();
|
|
|
|
private:
|
|
|
|
bool has_been_transformed_; // Tells whether the object has been transformed.
|
|
|
|
int unused_property_fields_; // Captures the unused number of field.
|
|
|
|
Handle<JSObject> object_; // The object being optimized.
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
} } // namespace v8::internal
|
|
|
|
|
|
|
|
#endif // V8_HANDLES_H_
|