The preprocessor defines ENABLE_LOGGING_AND_PROFILING and ENABLE_VMSTATE_TRACKING has been removed as these where required to be turned on for Crankshaft to work. To re-enable reducing the binary size by leaving out heap and CPU profiler a new set of defines needs to be created.
R=ager@chromium.org
BUG=v8:1271
TEST=all
Review URL: http://codereview.chromium.org//7350014
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Before, they had no extra slots and an extension object with one named
property. Now, they use the extension slot for the property name and have
an extra slot for the thrown object. This increases the size of the context
itself, but removes overall allocation and eliminates a level of indirection.
R=ager@chromium.org
Review URL: http://codereview.chromium.org/7152002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8277 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Introduce separate maps for function and with contexts. Use the function
context map for testing whether a context is a function context (global
contexts are no longer function contexts).
Split the paths for allocating with and catch contexts.
Rename some functions. Generally refactor code to make it simpler.
R=ager@chromium.org
BUG=
TEST=
Review URL: http://codereview.chromium.org/7003058
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8231 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Mainly, there were errors concerning blank lines before and after class access
control sections [whitespace/blank_line].
BEFORE an access control section (e.g. public:, private:) there should be a
blank line (except for the section right after the class declaration).
AFTER an access control section there should be no blank line.
TBR=ager@chromium.org
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@8193 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1) Add new type JSProxy for representing proxy objects.
Currently devoid of functionality, i.e., all properties are undefined.
2) Some rudimentary global $Proxy functions to create proxies.
Next step: Hook up getProperty and getOwnProperty handlers. Will probably
require introducing a new LookupResult type, which is a mixture of
INTERCEPTOR (handles any property) and CALLBACK (calls back to JS).
Can we unify this somehow?
TODO: Should probably rename existing Proxy type to something like
"Foreign", to avoid confusion.
Review URL: http://codereview.chromium.org/6932068
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@7887 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Strict mode flag is passed to runtime DELETE function
and then to JSObject::Delete(Property/Element) as STRICT_DELETION enum.
When deleting non-configurable property/eleemnt, TypeError is thrown.
Adding mozilla test to .gitignore.
Incorporate CR feedback.
Review URL: http://codereview.chromium.org/6515005/
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6782 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The function Runtime_LookupContext searches the context chain for a
LOOKUP slot and returns the object holding the slot. It returned the
global context if the slot was not found or if it was found in a
function's context or arguments object. This is not the correct
object to use for 'delete'.
Since this lookup function is only ever used when deleting LOOKUP
slots (those that have to go through a with or a scope with eval), it
is simply replaced with a Runtime_DeleteContextSlot function that does
the appropriate thing for all kinds of context lookups.
This fixes Chromium bug 70066.
http://code.google.com/p/chromium/issues/detail?id=70066
Review URL: http://codereview.chromium.org/6280013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6442 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Added gdb style debugger commands (and their shortcuts) for d8.
These include:
- s[tep] : step into the current statement.
- s[tep]i[n]: step into the current statement with the minimum step.
- n[ext] : step to the next statement.
- fin[ish] : step out of the current function.
- cond : setting conditions on breakpoints.
- d[elete] : deletes breakpoints.
- en[able]|dis[able]: enables/disables breakpoints including
exception breakpoints.
- ignore : ignores a breakpoint for a specified period.
- inf[o] ar[gs] : info on arguments of the current function.
- inf[o] lo[cals] : info on local vars of the current function.
- inf[o] br[eakpoints] : info on breakpoints.
- l[ist] : similar to source, but allows the user to continually
dump subsequent lines of source code either in the
forward or backward direction.
- quit / exit / disconnect : terminates the remote debugger
session.
NOTE: Active breakpoints will automatically be disabled when
the remote debugger detaches. This allows v8 to continue to
run without worrying about a loss of a debugger session.
2. Added support for breaking the debugger by simply typing ENTER.
The break command is now optional.
3. Once the debugger is broken, the user can now just type ENTER
to repeat the last command. This is useful to functionality that
needs to be invoked repeatedly e.g. step, list.
4. Added more verbose descriptions in d8's help.
5. Fixed a line and column number offset bug in the listing of breakpoint
line and column numbers.
6. Added a gc command to allow GCs to be requested from the debugger
interface. The plumbing for requesting different types of GCs is
there, but the underlying implementation currently only triggers a
full mark-compact GC. The command also returns the before and after
sizes of the heap.
7. Added trace json, and flags commands that are not published in help.
trace json is used for tracing the debugger packets send from and
received by d8. flags is for setting v8 flags. These are useful for
people debugging v8 itself, but not necessarily users of v8.
8. Added the ability to enable and disable break on all / uncaught
exceptions in to d8.
9. Added a fix to prevent the Debugger Agent from being re-instantiated
if one already exists.
10. Added the ability to filter results of the script command by matching
text or numbers on the results.
11. Added v8 flags to enable/disable the sending of debugger BeforeCompile,
AfterCompile, and ScriptCollected events.
12. Fixed some undefined value bugs that resulted in v8 or the debugger
failing.
13. Added a few minor WEBOS__ customizations (analogous to ANDROID
customizations).
Patch by Mark Lam from Hewlett-Packard Development Company, LP
Review URL: http://codereview.chromium.org/5980006
Review URL: http://codereview.chromium.org/6086010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6200 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1. Added gdb style debugger commands (and their shortcuts) for d8.
These include:
- s[tep] : step into the current statement.
- s[tep]i[n]: step into the current statement with the minimum step.
- n[ext] : step to the next statement.
- fin[ish] : step out of the current function.
- cond : setting conditions on breakpoints.
- d[elete] : deletes breakpoints.
- en[able]|dis[able]: enables/disables breakpoints including
exception breakpoints.
- ignore : ignores a breakpoint for a specified period.
- inf[o] ar[gs] : info on arguments of the current function.
- inf[o] lo[cals] : info on local vars of the current function.
- inf[o] br[eakpoints] : info on breakpoints.
- l[ist] : similar to source, but allows the user to continually
dump subsequent lines of source code either in the
forward or backward direction.
- quit / exit / disconnect : terminates the remote debugger
session.
NOTE: Active breakpoints will automatically be disabled when
the remote debugger detaches. This allows v8 to continue to
run without worrying about a loss of a debugger session.
2. Added support for breaking the debugger by simply typing ENTER.
The break command is now optional.
3. Once the debugger is broken, the user can now just type ENTER
to repeat the last command. This is useful to functionality that
needs to be invoked repeatedly e.g. step, list.
4. Added more verbose descriptions in d8's help.
5. Fixed a line and column number offset bug in the listing of breakpoint
line and column numbers.
6. Added a gc command to allow GCs to be requested from the debugger
interface. The plumbing for requesting different types of GCs is
there, but the underlying implementation currently only triggers a
full mark-compact GC. The command also returns the before and after
sizes of the heap.
7. Added trace json, and flags commands that are not published in help.
trace json is used for tracing the debugger packets send from and
received by d8. flags is for setting v8 flags. These are useful for
people debugging v8 itself, but not necessarily users of v8.
8. Added the ability to enable and disable break on all / uncaught
exceptions in to d8.
9. Added a fix to prevent the Debugger Agent from being re-instantiated
if one already exists.
10. Added the ability to filter results of the script command by matching
text or numbers on the results.
11. Added v8 flags to enable/disable the sending of debugger BeforeCompile,
AfterCompile, and ScriptCollected events.
12. Fixed some undefined value bugs that resulted in v8 or the debugger
failing.
13. Added a few minor WEBOS__ customizations (analogous to ANDROID
customizations).
Patch by Mark Lam from Hewlett-Packard Development Company, LP
Review URL: http://codereview.chromium.org/5980006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@6180 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The number of inobject properties used to be derived from the number
of this property assignments in the constructor (and increased by 2 to
allow for properties added later). This very often leads to wasted inobject
slots.
This patch reclaims some of the unused inobject space by the following method:
- for each constructor function the first several objects are allocated using the initial
("generous) instance size estimation (this is called 'tracking phase').
- during the tracking phase map transitions are tracked and actual property counts are collected.
- at the end of the tracking phase instance sizes in the maps are decreased if necessary
(starting with the function's initial map and traversing the transition tree).
- all further allocation use more realistic instance size estimation.
Shrinking generously allocated objects without costly heap traversal is made possible
by initializing their inobject properties with one_pointer_filler_map (instead of undefined).
The initial slack for the generous allocation is increased from 2 to 6 which really helps some tests.
Review URL: http://codereview.chromium.org/3329019
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5510 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The collector class automatically expands to hold the values added to it,
like a List, but doesn't ensure that the backing store is contiguous, which
allows it to avoid copying back and forth as the buffer grows.
This is in preparation for identifyng identical symbols during preparsing.
Review URL: http://codereview.chromium.org/3181036
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5325 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Please note that we do not implement correctly the setting of caller
and arguments on the returned objects, since we already have these
properties on function objects (and they are non-configurable).
Also corrects indention in DefineOwnProperty.
Review URL: http://codereview.chromium.org/3046010
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5124 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
perform a context lookup in the runtime system for the 'eval'
function. Instead load the 'eval' function from the global context in
generated code if it is not shadowed.
Will port to other platforms as a separate change.
Review URL: http://codereview.chromium.org/2666001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4794 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
NumberToUint32 that I was trying to use maps -0 to +0 (as desired) but
also maps +/-Infinity to +0, which made +/-Infinity a valid string
index. I fixed it by introducing a new runtime function with the right
semantics.
TEST=LayoutTests/fast/js/char-at.html,mjsunit/string-charat.js
Review URL: http://codereview.chromium.org/2223003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4734 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Added Get and Set taking uint32_t for faster and more convenient
access to elements.
* Added less verbose casting for handles. Now instead of
v8::Local<v8::String>::Cast(args[0])
one can write
args[0].As<v8::String>().
Review URL: http://codereview.chromium.org/660243
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change allows to associate integer tags with blocks of profiler
log events, and repeat calls to 'ResumeProfiler' / 'PauseProfiler' in
order to establsh nested (not necessary properly nested) blocks. By
supporting this, we will be able to match WebInspector's CPU profiler
abilities in DevTools.
I also refactored some testing code.
Review URL: http://codereview.chromium.org/619004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix for issue 603.
Revision r3484 removed the property name from the call stack for
call ICs. When a non-function was called via a call IC and
Function.prototype.call, an extra value was left on the stack that the
caller could not know to clean up.
Fix is to change the JS builtin used for calling non-functions. It
now gets the callee as receiver, rather than iterating stack frames
and finding it on the expression stack of its JS caller.
Review URL: http://codereview.chromium.org/604064
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3882 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
DefineOwnProperty (changed to allow for redefinition of existing property)
SameValue
Extra info on propertydescriptor
GetProperty
HasProperty
Currently the DefineOrRedefineAccessorProperty deletes the existing
property on the object if it is a dataproperty (FIELD or NORMAL) and
adds a new one. This can potentially be optimized.
Review URL: http://codereview.chromium.org/555149
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3786 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Instead of going through a runtime function for keyed loads
on strings we invoke a separate specialized stub that
assumes string as receiver type and the key to be a number.
The stub calls a JS builtin function to return the corresponding one-character string.
Review URL: http://codereview.chromium.org/521041
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3556 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When generating code for object and array literals we performed
the check if the a boilerplate already exists in generated code.
In the top-level compiler we now do this check in a new runtime
function. This makes the generated code more compact for top-level code.
Review URL: http://codereview.chromium.org/465148
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3437 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
of individual changes:
- Added infrastructure for custom stub caching.
- Push the code object onto the stack in exit calls instead of a
debug/non-debug marker.
- Remove the DEBUG_EXIT frame type.
- Add a new exit stub generator for API getters.
Review URL: http://codereview.chromium.org/330017
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3130 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Based on a recent patch for Webkit.
trim is defined in ES 5 section 15.5.4.20.
Author: Jan de Mooij <jandemooij@gmail.com>
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3052 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For objects which only have simple assignments of the form this.x = ...; a
specialized constructor stub is now generated. This generated code allocates the
object and fills in the initial properties directly. If this fails for some
reason code continues in the generic constructor stub which in turn might pass
control to the runtime system.
Added counter to see how many objects are constructed using a specialized stub.
The specialized stub is only implemented for ia32 architecture in this change.
For x64 and ARM the generic construct stub is used.
This is change is identical to http://codereview.chromium.org/174392 (committed in r2753 and reverted in r2754) except that a few parts have already been committed from http://codereview.chromium.org/173469 (committed in r2762).
Review URL: http://codereview.chromium.org/173470
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2764 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For objects which only have simple assignments of the form this.x = ...; a specialized constructor stub is now generated. This generated code allocates the object and fills in the initial properties directly. If this fails for some reason code continues in the generic constructor stub which in turn might pass control to the runtime system.
Added counter to see how many objects are constructed using a specialized stub.
The specialized stub is only implemented for ia32 architecture in this change. For x64 and ARM the generic construct stub is used.
Review URL: http://codereview.chromium.org/174392
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2753 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Error, ReferenceError, etc. are given a stack property that gives a
stack trace. Here's an example stack trace:
ReferenceError: FAIL is not defined
at Constraint.execute (deltablue.js:527)
at Constraint.recalculate (deltablue.js:426)
at Planner.addPropagate (deltablue.js:703)
at Constraint.satisfy (deltablue.js:186)
at Planner.incrementalAdd (deltablue.js:593)
at Constraint.addConstraint (deltablue.js:164)
at Constraint.BinaryConstraint (deltablue.js:348)
at Constraint.EqualityConstraint (deltablue.js:517)
at chainTest (deltablue.js:809)
at deltaBlue (deltablue.js:881)
at deltablue.js:888
If Error.prepareStackTrace holds a function this function is used to
format the stack trace, for instance allowing code generators to
customize the way stack traces are reported to make them easier to
process.
Next step: performance measurements to see if it is feasible to turn
this on by default.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2302 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Marsaglia's multiply-with-carry instead of mixing the
bits obtained from calling the system random() twice.
This seems to be a bit faster and gives a better
distribution than the system random() in particular on
Windows.
Review URL: http://codereview.chromium.org/126113
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2159 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
For each frame it is now possible to request information on the scope chain. Each scope in the chain can have one of the types local, global, with and closure. For scopes of type global and with the mirror for the actual global or with object is available. For scopes of type local and closure a plain JavaScript object with the materialized content of the scope is created and its mirror is returned. Depending on the level of possible optimization the content of the materialized local and closure scopes might only contain the names which are actually used.
To iterate the scope chain an iterator ScopeIterator have been added which can provide the type of each scope for each part of the chain. This iterator creates an artificial local scope whenever that is present as the context chain does not include the local scope.
To avoid caching the mirror objects for the materialized the local and closure scopes transient mirrors have been added. They have negative handles and cannot be retrieved by subsequent lookup calls. Their content is part of a single response.
For debugging purposes an additional runtime function DebugPrintScopes is been added.
Added commands 'scopes' and 'scope' to the developer shell and fixed the dir command.
BUG=none
TEST=test/mjsunit/debug-scopes.js
Review URL: http://codereview.chromium.org/123021
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2149 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
interceptors and dont-delete attributes.
Minor change to the behavior of eval: throw exception when calling
eval in a context for which the global has been detached. This
matches the behavior of both Firefox and Safari post navigation in the
browser.
Review URL: http://codereview.chromium.org/118374
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This issue was raised by Brett Wilson while reviewing my changelist for readability. Craig Silverstein (one of C++ SG maintainers) confirmed that we should declare one namespace per line. Our way of namespaces closing seems not violating style guides (there is no clear agreement on it), so I left it intact.
Review URL: http://codereview.chromium.org/115756
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2038 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
ENABLE_DEBUGGER_SUPPORT is enabled by default unless it is on Android platform.
On Android platform, it can also enabled by passing -DENABLE_DEBUGGER_SUPPORT flag to the compiler.
This should not affect any existing build (I hope, cross my fingers) except the build in real Android environment (in other word, it only affects me now).
There are lot of room for code refactoring in stead of using #ifdef all over the place. I will leave this to v8 folks.
Review URL: http://codereview.chromium.org/77035
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1745 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Currently function name inference is wired with AST optimization pass to avoid introducing another pass over AST. A better solution would be to rewrite AST visitors so they can be naturally combined together in a single pass, as their current implementation doesn't allow it.
For examples of cases where function names can be inferred, see the tests file.
Review URL: http://codereview.chromium.org/62146
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1696 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Each thread running V8 code is assigned an id in thread local storage the first time V8 code is run in it. The thread information returned to the debugger contains the number of threads, the id of each of these threads and which one is the current thread.
Added a threads command to the developer shell debugger for showing information on threads.
Review URL: http://codereview.chromium.org/48009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1523 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1418, and 1419 from bleeding_edge until we have a fix
for the crashers we see on the distributed test infra-
structure.
We know that revision 1383 is causing issues, but I
had to revert some of the other recent RegExp changes
in order to get this part out.
Review URL: http://codereview.chromium.org/39186
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1429 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Moved the registrered debug event listener from the context to a global handle in the Debugger class. Storing it in the context did not make much sense.
Changed a lot of tests to handle the API change.
BUG=1242707
Review URL: http://codereview.chromium.org/19753
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changed the name of Runtime_GetPrototype to Runtime_DebugGetPrototype to indicate that it is a debugger related function and changed its implementation to do the correct __proto__ lookup.
Added some more information to the Map debug print.
Review URL: http://codereview.chromium.org/18658
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1126 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
instead of normal JSObjects.
This ensures that __proto__ and accessors on the Object prototype do
not interfere with catch scopes. Also, it fixes the bug that catch
variables were not DontDelete (issue 74).
Next step is to create special lookup routines for context extension
objects and remove the special handling of context extension objects
from the general javascript object lookup routines.
Review URL: http://codereview.chromium.org/18143
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1091 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The performance of Array::concat is critical of jQuery benchmark from
http://www.dromaeo.com. Our current implementation in JavaScript is very
generic and is several times slower than JSC and SpiderMonkey.
Re-implement Array::concat in C++ to take advantage of underlying implementation
details. This cuts dom-travesal-jquery execution time by half.
We may want to move Array specific implementation into a separate source file,
say jsarray.cc.
Review URL: http://codereview.chromium.org/7990
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@625 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Added the FLOOR macro that only works on Number objects.
- Added LocalTimeNoCheck in the date code to eliminate some isNaN checks.
- Change computation of four_year_cycle_table to load time.
- Added fast case check to EQUALS and STRICT_EQUALS.
Review URL: http://codereview.chromium.org/6531
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@458 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
All uses of %AddProperty are replaced by %SetProperty. A few uses of
IgnoreAttributesAndSetLocalProperty are added, and the runtime version
of it adds a PropertyAttributes argument. Only the JSObject class
in objects.cc now uses AddProperty, and it can become private.
Review URL: http://codereview.chromium.org/6445
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@426 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Fixed mozilla test breakage caused by python's obscure module
loading rules.
- Made sure test.py propagates test failures out as the exit code of
the script.
- Remove runtime calls to get number constants. Remove Heap roots for
some special numbers.
- Fix typo in accessors.h.
- Changes CopyMap to not copy descriptors. Adds
CopyMapRemoveTransitions that copies non-transition descriptors.
Changes interface of DescriptorArray::Copy operations to simplify
them.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@21 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
In the shell sample don't print the result of executing a script, only
evaluating expressions.
Fixed issue when building samples on Windows using a shared V8
library. Added visibility option on Linux build which makes the
generated library 18% smaller.
Changed build system to accept multiple build modes in one build and
generate seperate objects, libraries and executables for each mode.
Removed deferred negation optimization (a * -b => -(a * b)) since this
visibly changes operand conversion order.
Improved parsing performance by introducing stack guard in preparsing.
Without a stack guard preparsing always bails out with stack overflow.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@16 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Cleaned up ARM version by removing top of stack caching and by introducing push/pop elimination.
Cleaned up the way runtime functions are called to allow runtime calls with no arguments.
Changed Windows build options to make sure that exceptions are disabled and that optimization flags are enabled.
Added first version of Visual Studio project files.
git-svn-id: http://v8.googlecode.com/svn/trunk@13 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fixed the handling of '>' and '<=' to use right-to-left conversion and left-to-right evaluation as specified by ECMA-262.
Fixed a branch elimination bug on the ARM platform where incorrect code was generated because of overly aggressive branch elimination.
Improved performance of code that repeatedly assigns the same function to the same property of different objects with the same map.
Untangled DEBUG and ENABLE_DISASSEMBLER defines. The disassembler no longer expects DEBUG to be defined.
Added platform-nullos.cc to serve as the basis for new platform implementations.
git-svn-id: http://v8.googlecode.com/svn/trunk@9 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Added a few samples and support for building them. The samples include a simple shell that can be used to benchmark and test V8.
Changed V8::GetVersion to return the version as a string.
Added source for lazily loaded scripts to snapshots and made serialization non-destructive.
Improved ARM support by fixing the write barrier code to use aligned loads and stores and by removing premature locals optimization that relied on broken support for callee-saved registers (removed).
Refactored the code for marking live objects during garbage collection and the code for allocating objects in paged spaces. Introduced an abstraction for the map word of a heap-allocated object and changed the memory allocator to allocate executable memory only for spaces that may contain code objects.
Moved StringBuilder to utils.h and ScopedLock to platform.h, where they can be used by debugging and logging modules. Added thread-safe message queues for dealing with debugger events.
Fixed the source code reported by toString for certain builtin empty functions and made sure that the prototype property of a function is enumerable.
Improved performance of converting values to condition flags in generated code.
Merged disassembler-{arch} files.
git-svn-id: http://v8.googlecode.com/svn/trunk@8 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Allowed aliased eval invocations by treating them as evals in the global context. This may change in the future.
Added support for accessing the last entered context through the API and renamed Context::Current to Context::GetCurrent and Context::GetSecurityContext to Context::GetCurrentSecurityContext.
Fixed bug in the debugger that would cause the debugger scripts to be recursively loaded and changed all disabling of interrupts to be block-structured.
Made snapshot data read-only to allow it to be more easily shared across multiple users of V8 when linked as a shared library.
git-svn-id: http://v8.googlecode.com/svn/trunk@6 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
non-tagged value in register eax was pushed to the stack.
Fixed potential quadratic behavior when converting strings to numbers.
Fixed bug where the return value from Object::SetProperty could end up
being the property holder instead of the written value.
Improved debugger support by allowing nested break points and by
dealing with stack-overflows when compiling functions before setting
break points in them.
git-svn-id: http://v8.googlecode.com/svn/trunk@4 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
