AuroraMiddleware/v8 - v8 - Gitea: Git with a cup of tea

AuroraMiddleware/v8

Fork 0

Commit Graph

Author	SHA1	Message	Date
Alexey Kozyatinskiy	215608f453	debug-evaluate: do not return JSGlobalObject instead of JSGlobalProxy DebugEvaluate contains code since 2009 that bypasses JSGlobalProxy and returns JSGlobalObject when result of expression is global proxy. This behavior may be dangerous: - JSGlobalObject does not perform security checks, - some parts of V8 code do not ready for JSGlobalObject, e.g., SetHashAndUpdateProperties function will crash on DCHECK if we will try to store JSGlobalObject to map. At the same time it looks like there is no any valid use case for it. R=yangguo@chromium.org Bug: none Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel Change-Id: Ib0e35d5ae9ef47318c866e44c5c6856e34ed05a5 Reviewed-on: https://chromium-review.googlesource.com/1198764 Reviewed-by: Yang Guo <yangguo@chromium.org> Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Cr-Commit-Position: refs/heads/master@{#55550}	2018-08-31 14:20:39 +00:00
Alexey Kozyatinskiy	a11b0d962d	[inspector] improve this value for arrow function in scopes Currently we incorrectly show global object as arrow function receiver. With this CL: - if this is used inside of function we show correct this value, - if this is unused and V8 optimizes it out - we show undefined. Second is known issue which we should address separately. R=dgozman@chromium.org,yangguo@chromium.org Bug: chromium:552753 Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel Change-Id: Iac88a07fe622eb9b2f8af7ecbc4a32a56c8cdfaa Reviewed-on: https://chromium-review.googlesource.com/723840 Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org> Reviewed-by: Jakob Gruber <jgruber@chromium.org> Cr-Commit-Position: refs/heads/master@{#48839}	2017-10-23 16:40:29 +00:00

Author

SHA1

Message

Date

Alexey Kozyatinskiy

215608f453

debug-evaluate: do not return JSGlobalObject instead of JSGlobalProxy

DebugEvaluate contains code since 2009 that bypasses JSGlobalProxy and
returns JSGlobalObject when result of expression is global proxy.
This behavior may be dangerous:
- JSGlobalObject does not perform security checks,
- some parts of V8 code do not ready for JSGlobalObject, e.g.,
  SetHashAndUpdateProperties function will crash on DCHECK if we will
  try to store JSGlobalObject to map.

At the same time it looks like there is no any valid use case for it.

R=yangguo@chromium.org

Bug: none
Cq-Include-Trybots: luci.chromium.try:linux_chromium_headless_rel;master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Ib0e35d5ae9ef47318c866e44c5c6856e34ed05a5
Reviewed-on: https://chromium-review.googlesource.com/1198764
Reviewed-by: Yang Guo <yangguo@chromium.org>
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#55550}

2018-08-31 14:20:39 +00:00

Alexey Kozyatinskiy

a11b0d962d

[inspector] improve this value for arrow function in scopes

Currently we incorrectly show global object as arrow function receiver.
With this CL:
- if this is used inside of function we show correct this value,
- if this is unused and V8 optimizes it out - we show undefined.

Second is known issue which we should address separately.

R=dgozman@chromium.org,yangguo@chromium.org

Bug: chromium:552753
Cq-Include-Trybots: master.tryserver.blink:linux_trusty_blink_rel
Change-Id: Iac88a07fe622eb9b2f8af7ecbc4a32a56c8cdfaa
Reviewed-on: https://chromium-review.googlesource.com/723840
Commit-Queue: Aleksey Kozyatinskiy <kozyatinskiy@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/master@{#48839}

2017-10-23 16:40:29 +00:00

2 Commits