Moved the registrered debug event listener from the context to a global handle in the Debugger class. Storing it in the context did not make much sense.
Changed a lot of tests to handle the API change.
BUG=1242707
Review URL: http://codereview.chromium.org/19753
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changed the name of Runtime_GetPrototype to Runtime_DebugGetPrototype to indicate that it is a debugger related function and changed its implementation to do the correct __proto__ lookup.
Added some more information to the Map debug print.
Review URL: http://codereview.chromium.org/18658
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added quoting of the name of the ref property using {"ref":1} instead of {ref:1}. The Chrome C++ JSON parser implementation requires quoted property names.
Changed the JSON format for non finite numbers. The previous formatting using NaN, Infinite and -Infinite caused the Chrome C++ JSON parser implementation to fail. Values "NaN", "Infinite" and "-Infinite" (incuding quotes) are now used.
Reverted changes to DebugLookupResultValue (runtime.cc) from http://codereview.chromium.org/17377. The change caused callback into Chrome with the current V8 context expected to have a DOM Window global object. This is not the case when the debugger context is the active context. This causes properties from interceptors and accessors to be reported as undefined in the debugger.
Review URL: http://codereview.chromium.org/18194
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1101 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
instead of normal JSObjects.
This ensures that __proto__ and accessors on the Object prototype do
not interfere with catch scopes. Also, it fixes the bug that catch
variables were not DontDelete (issue 74).
Next step is to create special lookup routines for context extension
objects and remove the special handling of context extension objects
from the general javascript object lookup routines.
Review URL: http://codereview.chromium.org/18143
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The problem is that Disable/EnableAccessCheck on an object may chnage its constructor's behavior
if object's map is the same as constructor's initial map. By copying maps, the constructor's
initial map is not changed.
Review URL: http://codereview.chromium.org/18067
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1087 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Properties from interceptors are also reflected through PropertyMirror as the distinction did not make sense seen from a JavaScript debugging perspective. The isNative function on a PropertyMirror can be used to check whether a property is defined natively by the host (or V8).
Simplified the local property lookup in the debug runtime call to just call GetProperty as the property is known to be a local property.
Review URL: http://codereview.chromium.org/17377
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1068 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This can lead to large objects which wastes a lot of space if we normalize properties. We therfore clear the inobject properties when normalizing properties. This is done by adjusting the instance size in the new map and overwriting the inobject properties with a filler.
Review URL: http://codereview.chromium.org/17308
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1051 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The performance of Array::concat is critical of jQuery benchmark from
http://www.dromaeo.com. Our current implementation in JavaScript is very
generic and is several times slower than JSC and SpiderMonkey.
Re-implement Array::concat in C++ to take advantage of underlying implementation
details. This cuts dom-travesal-jquery execution time by half.
We may want to move Array specific implementation into a separate source file,
say jsarray.cc.
Review URL: http://codereview.chromium.org/7990
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If a map has descendents in the map transition tree that are alive,
it is kept. Only maps such that they and all their descendants
have no live objects are collected. This happens in mark-sweep and
mark-compact garbage collections.
Review URL: http://codereview.chromium.org/8099
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@601 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Changed WeakReferenceCallback to take a Persistent<Value> instead of
a Persistent<Object>.
- Removed Message::GetUnderline and Message::GetScriptData.
- Added Value::IsDate, Date::Cast and Date::Value.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Reduce it to half size if the pattern is ASCII, saving on initialization
- If pattern is ASCII and subject is not, any non-ASCII char can cause a
full pattern-length shift, even if we haven't indexed the entire pattern.
- Use memset to initialize buffer in the common case where the pattern is
shorter than the max significant suffix limit.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@519 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Patch from Erik Corry to separate BM-algoritm into special case
functions. Also changes condition for bailing out of simple search.
* Added simple search with no bailout for very short patterns.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@513 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
to be insufficient.x
Changed order of tests in loop in simple text search.
Changed limit on pattern length for when we pick simple search.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@496 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
underlying string representation of the two strings involved.
- Renamed ascii and two byte string classes to sequential ascii and
sequential two byte, and renamed IsAscii and friends to
IsAsciiRepresentation. This is to make a clear distinction between
strings with an ascii/two-byte representation, of which there is
four, and flat sequential ascii/two-byte string.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@474 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Added the FLOOR macro that only works on Number objects.
- Added LocalTimeNoCheck in the date code to eliminate some isNaN checks.
- Change computation of four_year_cycle_table to load time.
- Added fast case check to EQUALS and STRICT_EQUALS.
Review URL: http://codereview.chromium.org/6531
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
instances->set(i, *GetScriptWrapper(script));
GetScriptWrapper can call GC. The failure have only been seen on ARM, where
the g++ compiler pulls out the object from the instances handle to a register
before calling GetScriptWrapper causing set to be called on an object which
may have moved.
Marked a test on ARM as no longer flaky, whereas two other fails consistently
but that is no longer related to the problem fixed above.
BUG=1308895
Review URL: http://codereview.chromium.org/6271
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@444 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
All uses of %AddProperty are replaced by %SetProperty. A few uses of
IgnoreAttributesAndSetLocalProperty are added, and the runtime version
of it adds a PropertyAttributes argument. Only the JSObject class
in objects.cc now uses AddProperty, and it can become private.
Review URL: http://codereview.chromium.org/6445
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
