The problem is that Disable/EnableAccessCheck on an object may chnage its constructor's behavior
if object's map is the same as constructor's initial map. By copying maps, the constructor's
initial map is not changed.
Review URL: http://codereview.chromium.org/18067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Properties from interceptors are also reflected through PropertyMirror as the distinction did not make sense seen from a JavaScript debugging perspective. The isNative function on a PropertyMirror can be used to check whether a property is defined natively by the host (or V8).
Simplified the local property lookup in the debug runtime call to just call GetProperty as the property is known to be a local property.
Review URL: http://codereview.chromium.org/17377
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
calling a stub. The map to check against is unknown when generating
the code, so we patch the map check in the IC initialization code.
Loop nesting is currently not tracked on ARM. I'll file feature
request bug reports for implementing this on ARM and add the number to
the TODOs before I commit.
Review URL: http://codereview.chromium.org/16409
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1015 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Removed the potential for a NULL pointer access in
ContextSwitcher::PreemptionReceived.
- Removed a leak of the semaphore in the ContexSwitcher thread, by removing
the need for this semaphore entirely.
- Added a regression test case which will catch accesses to the ContextSwitcher
singleton after it has been stopped.
Review URL: http://codereview.chromium.org/14483
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@994 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
single atom node. A flag was not set in this case, leading the wrapper
code to think the pattern was equal to the atom and use the pattern
in the indexOf operation.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@971 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The main goal was to improve O(n^2) behavior when there are many object groups. The old API required the grouping to be done on the v8 side, along with a linear search. The new interface requires the caller to do the grouping, passing V8 entire groups at a time. This removes the group id concept on the v8 side.
- Changed AddObjectToGroup to AddObjectGroup.
- Removed the group id concept from the V8 side.
- Remove a static constructor while I'm here, lazily initialize
the object groups list.
- Cleaned up return by non-const references to return pointers.
Review URL: http://codereview.chromium.org/13341
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
initial node is interested in what precedes it the automaton is
given an initial all-consuming character class that determines it.
- Added verification of some node information invariants. We now
check that if a node expresses interest in what precedes it that
information is available to it after assertion expansion.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@964 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Facility for generating a node several ways. This allows
code to be generated for a node knowing where it is trying
to match relative to the 'current position' and it allows
code to be generated that knows where to backtrack to. Both
allow dramatic reductions in the amount of popping and pushing
on the stack and the number of indirect jumps.
* Generate special backtracking for greedy quantifiers on
constant-length atoms. This allows .* to run in constant
space relative to input string size.
* When we are checking a long sequence of characters or character
classes in the input then we do them right to left and only the
first (rightmost) needs to check for end-of-string.
* Record the pattern in the profile instead of just <CompiledRegExp>
* Nodes no longer contain an on_failure_ node. This was only used
for lookaheads and they are now handled with a choice node instead.
Review URL: http://codereview.chromium.org/12900
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@930 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Splitting of character classes into word and non-word parts.
- A bunch of refactorings.
- Made dispatch table construction lazy.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@880 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix for non-empty assertion in debug mode (string representation of empty arguments is a single space, not an empty string).
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@733 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Changed WeakReferenceCallback to take a Persistent<Value> instead of
a Persistent<Object>.
- Removed Message::GetUnderline and Message::GetScriptData.
- Added Value::IsDate, Date::Cast and Date::Value.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
underlying string representation of the two strings involved.
- Renamed ascii and two byte string classes to sequential ascii and
sequential two byte, and renamed IsAscii and friends to
IsAsciiRepresentation. This is to make a clear distinction between
strings with an ascii/two-byte representation, of which there is
four, and flat sequential ascii/two-byte string.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
upper case. Moved it into the RelocInfo class together with the associated
is_xxx functions. Renamed is_xxx to IsXxx in the process.
Removed the exit_js_frame mode as it was no longer used.
Patch Set 2 renames RELOC_MODE_COUNT to NUMBER_OF_MODES and fixes a couple of lint errors.
Review URL: http://codereview.chromium.org/3186
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@354 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
it for scripts too. In the context of Chromium, this should
have a very positive impact on memory consumption for web apps
that run multiple tabs from the same domain with a lot of the
same JavaScript code.
For now, the cache retirement policy is really simple:
Whenever a mark-sweep collection is started we clear the
cache. This guarantees that this change will not have a
huge negative impact on memory consumption, but it may
not be ideal. We should consider a more sophisticated LRU
scheme.
Review URL: http://codereview.chromium.org/1933
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@270 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
exceptions.
It turned out that the stack overflow fix from before had disabled
message storing in another test. Previously, stack overflows would
actually cause a message object to start being created but cause
another exception which would not be reported and that's what stopped
the infinite regress. This change resores that behavior.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Make old_data_space non-executable on OSs and hardware that support it.
* Rename old_space to old_pointer_space (can contain pointers, esp. to new space).
* Ensure that individual pages allocated for old_space are only executable when
they are for code objects.
* Ensure Space::Setup can cope with non-aligned memory.
* Make some methods on Spaces virtual. Make a way to iterate over all spaces.
* Replace executability flag with Executability enum in order to make intent at
call site clearer.
* Fix serialization/deserialization to allocate write barrier memory for large
arrays.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@165 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
of the case where ENV is not a dictionary which could happen when the
environment variable ENV was set when invoking SCons.
Fixed building dynamic library on Windows in the case where env overrides was
specified as before these was not passed to the linking of the DLL.
There is still a SCons issue when the environment variable ENV is set when
invoking SCons, however this looks like a SCons issue.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@156 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
temporary storage for moving data from register xmm0 to st(0) instead of overwriting
the parameters. This fixes a test that crashed on Windows in release build due to
stack corruption.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@55 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
while V8 is running.
A debugger using the V8 message based interface now needs to control the
call to DebugBreak in order for the messages send to be processed. Commands can
still be send when V8 is not in a break, but they will not be processed until
there is a break. The response "request queued" when queuing up messages have
been removed. This gets rid of a non JSON message being used.
Modified the threaded debugger tests to call DebugBreak instead of relying
on it occouring automatically.
This change will not be committed until the outstanding Chrome change
http://chrome-reviews.prom.corp.google.com/2072 (which updates Chrome to control
the DebugBreak call) have been reviewed and committed.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@47 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Fixed mozilla test breakage caused by python's obscure module
loading rules.
- Made sure test.py propagates test failures out as the exit code of
the script.
- Remove runtime calls to get number constants. Remove Heap roots for
some special numbers.
- Fix typo in accessors.h.
- Changes CopyMap to not copy descriptors. Adds
CopyMapRemoveTransitions that copies non-transition descriptors.
Changes interface of DescriptorArray::Copy operations to simplify
them.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added better test support.
Added load, quit and version functions to the shell sample so it's easier to run benchmarks and tests.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@18 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the shell sample don't print the result of executing a script, only
evaluating expressions.
Fixed issue when building samples on Windows using a shared V8
library. Added visibility option on Linux build which makes the
generated library 18% smaller.
Changed build system to accept multiple build modes in one build and
generate seperate objects, libraries and executables for each mode.
Removed deferred negation optimization (a * -b => -(a * b)) since this
visibly changes operand conversion order.
Improved parsing performance by introducing stack guard in preparsing.
Without a stack guard preparsing always bails out with stack overflow.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16 ce2b1a6d-e550-0410-aec6-3dcde31c8c00