Approximation is done by building a dominators tree for the heap graph.
Dominator nodes and retained sizes are serialized into JSON.
Removed:
- reachable size (it is useless, after all);
- HeapEntryCalculatedData (size is now stored in the node, retaining
paths in a hash map);
Review URL: http://codereview.chromium.org/5154007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5867 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Otherwise, retaned memory sizes are not precise. This increases size
of heap snapshot, I will deal with this later. Heap objects and
references previously missing in snapshot are now marked as 'hidden'.
That means, they not shown to user, but participate in sizes
calculation.
Other small changes:
- added 'shortcut' graph edges: e.g. to pin global objects on top
level;
- meta-information in JSON snapshot is no more double encoded.
Review URL: http://codereview.chromium.org/5139002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5849 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
HeapNumbers do consume memory, so it's worth dumping them. However, we
don't dump their values, as they are not as self-descriptive as values
of strings, and they will increase snapshot size. Storing heap numbers
values can be added if we will feel a sufficient demand for that.
InternalFields are used, e.g. for storing references to DOM nodes
event handlers.
Review URL: http://codereview.chromium.org/3769007
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5635 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
to avoid storing serialized snapshot on VM, instead it is emitted
using output stream interface.
The size of JSON emitted is roughly equal to used heap size
(when stored as an ASCII string).
Now a whole heap snapshot can be serialized and transmitted outside
VM. This makes possible:
- implementing non-async UI for heap snapshots inspection;
- storing heap snapshots for further inspection;
- remote profiling (we can even implement a snapshotting mode
where a snapshot isn't even stored in VM, only transmitted --
good for mobile devices);
- creating tools for outside heap snapshots processing, e.g.
converting to HPROF.
Review URL: http://codereview.chromium.org/3311028
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5450 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Allows the host application to provide a mechanism for notification and custom logging through a callback (set through the API V8::AddMemoryAllocationCallback and removed through V8::RemoveMemoryAllocationCallback), when V8 allocates ro frees memory.
This replaces the current histogram data "V8.ExecutableMemoryMax" by allowing usage data to be logged by the application as required rather than always through V8.
BUG=http://crbug.com/54222
TEST=Set the callback function with the API and cause V8 to allocate memory.
Patch by Paul Mehta <pmehta@chromium.org>
Review URL: http://codereview.chromium.org/3329006
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5403 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Eventually indexed property query callbacks will return attributes
(as an integer) or an empty handle if property is not intercepted.
To gradually migrate to this new API, USE_NEW_QUERY_CALLBACK
macro would control if old or new style API is used.
So the migration plan is:
1) introduce new API which should be explictily enabled;
2) switch to new API defining USE_NEW_QUERY_CALLBACK before
include of <v8.h> (that would require changes to client code as well)
3) remove old API from v8
4) remove #define USE_NEW_QUERY_CALLBACK from clients.
BUG=http://code.google.com/p/v8/issues/detail?id=816
Review URL: http://codereview.chromium.org/3101001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
If object enters NEAR_DEATH state, it must be explicitly cleared and/or disposed, otherwise
it would retain JS object forever. Note as well that parameter is reset to NULL on first
invocation so weak handle callback would be in hard situation.
Review URL: http://codereview.chromium.org/3011009
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
TYPE_CHECK in v8.h should assign to volatile qualified null-pointer.
Unless the pointer is volatile qualified, Clang will warn that LLVM
removes the assignment during optimization. This is not a problem as
that code should never execute, but the warning is treated as an error
when building Chromium, and thus stops the build.
Code review URL: http://codereview.chromium.org/3005010/show
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5093 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
To trace objects between snapshots, an external map of object tags is
maintained. After the first heap snapshot has been taken, the map is
updated by reporting object moves from the GC. If no snapshots were
taken, there is no overhead (except for flag checking).
I considered graph comparison algorithms that doesn't require using
object tags, but they are all of a high computational complexity, and
will still fail to detect object moves properly, even for trivial
cases, so using tags looks like unavoidable.
Review URL: http://codereview.chromium.org/3020002
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5078 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Fix issues so v8 could be built as a DLL.
-. get rid of all the compiler warning by moving dllexport/dllimport
to the individual members for classes which have inline members.
-. update v8 gyp to build v8.dll for chromium multi-dll version (win
and component==shared_library)
Note: most of the code are contributed by sjesse.
Code review URL: http://codereview.chromium.org/2882009/show
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@5006 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This changes the way the constants kJSObjectType, kFirstNonstringType and kProxyType are made available to the inlined part of the V8 API. This change to fixed constants resolves linker this linker error Windows
error LNK2001: unresolved external symbol "public: static int v8::internal::Internals::kJSObjectType" (?kJSObjectType@Internals@internal@v8@@2HA)
when linking against a V8 DLL.
This change also makes it possible to build all the C++ tests with ENABLE_DEBUGGER_SUPPORT not defined. Now C++ tests run ENABLE_DEBUGGER_SUPPORT not defined, and only the JavaScript tests which tests the debugger fails when ENABLE_DEBUGGER_SUPPORT is not defined.
Review URL: http://codereview.chromium.org/2820016
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4898 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changed the disposal of external string resources to call a virtual Dispose method on the resource. The default inplementation of Dispose deletes the object and will capture the delete operator matching the new operator used to allocate the object.
Review URL: http://codereview.chromium.org/2658008
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4816 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Eventually named property query callbacks will return attributes
(as an integer) or an empty handle if property is not intercepted.
To gradually migrate to this new API, USE_NEW_QUERY_CALLBACK
macro would control if old or new style API is used.
So the migration plan is:
1) introduce new API which should be explictily enabled;
2) switch to new API defining USE_NEW_QUERY_CALLBACK before
include of <v8.h> (that would require changes to client code as well)
3) remove old API from v8
4) remove #define USE_NEW_QUERY_CALLBACK from clients.
Review URL: http://codereview.chromium.org/2576003
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4797 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Currently one can only define accessors on object templates. This patch
allows to create accessors on the fly.
These accessors could control access to elements as well. This element
support is somewhat rudimentary and may require future work (for example,
we probably don't want to convert index into a string.)
Review URL: http://codereview.chromium.org/2123012
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4714 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changing ScriptData API to serialize its internal representation to a
const char* array.
This decouples the API from the internal representation and avoids the need for
callers to serialize themselves.
As a side-effect, ScriptData::New() no longer assumes ownership of its input.
This shouldn't matter as typical usage patterns for the old API would have
required a copy prior to calling ScriptData::New().
Review URL: http://codereview.chromium.org/2118010/show
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4710 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As several pages can run in a single V8 instance, it is possible to
have functions from different security contexts intermixed in a single
CPU profile. To avoid exposing function names from one page to
another, filtering is introduced.
The basic idea is that instead of capturing return addresses from
stack, we're now capturing JSFunction addresses (as we anyway work
only with JS stack frames.) Each JSFunction can reach out for
context's security token. When providing a profile to a page, the
profile is filtered using the security token of caller page. Any
functions with different security tokens are filtered out (yes, we
only do fast path check for now) and their ticks are attributed to
their parents.
Review URL: http://codereview.chromium.org/2083005
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4673 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
1) Exposes Local<Context> v8::Debug::GetDebugContext().
Rationale: We can already get debugger context instance using various workarounds,
so exposing it explicitly in the API only makes things more clear.
2) Removes debugger.HasJavaScriptFrames() requirement for entering debugger context.
Rationale: Sometimes we'd like to call into debugger from the external native code.
3) Makes Debugger v8::Debug::Call execute on debugger context's global object.
Rationale: This is somewhat arguable, but temporary measure. We've agreed that we
should introduce a DebugAPI object that would expose necessary API in the debug-delay.
The problem is that it would take some time to define this API and it is not really
convenient to do that on the v8 land given the difference in v8 / host lifecycle.
The plan is to compose this API as a Debug.* wrapper outside v8 by means of exposing
debugger context's global object here, and once API settles down, upstream it to v8 and
start making Debug::Calls on this new DebugAPI object instead.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4251 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
* Added Get and Set taking uint32_t for faster and more convenient
access to elements.
* Added less verbose casting for handles. Now instead of
v8::Local<v8::String>::Cast(args[0])
one can write
args[0].As<v8::String>().
Review URL: http://codereview.chromium.org/660243
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@4002 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This change allows to associate integer tags with blocks of profiler
log events, and repeat calls to 'ResumeProfiler' / 'PauseProfiler' in
order to establsh nested (not necessary properly nested) blocks. By
supporting this, we will be able to match WebInspector's CPU profiler
abilities in DevTools.
I also refactored some testing code.
Review URL: http://codereview.chromium.org/619004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3889 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Instead of weak handles external strings use a separate table. This
table uses 5 times less memory than weak handles. Moreover, since we
don't have to follow the weak handle callback protocol we can collect
the strings faster and even on scavenge collections.
Review URL: http://codereview.chromium.org/467037
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3439 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Storing a JSArray in the Script object could cause an indirect reference from the compilation cache to a global object to be created. Now the line ends are only stored as a FixedArrya and when that is needed in JavaScript a JSArray copy is created. Changed some of the JavaScript code to cache the line ends in a local variable for better performance.
BUG=http://code.google.com/p/v8/issues/detail?id=528
TEST=test/test-api/Bug528
Review URL: http://codereview.chromium.org/434117
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3374 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The different length string types was used to encode the string length and the hash in one field. This is now split into two fields one for length and one for hash. The hash field still encodes the array index of the string if it has one. If an array index is encoded in the hash field the string length is added to the top bits of the hash field to avoid a hash value of zero.
On 32-bit this causes an additional 4 bytes to be used for all string objects. On 64-bit this will be half on average dur to pointer alignment.
Review URL: http://codereview.chromium.org/436001
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3350 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
A callback on the debugger thread when a message is received. Allows the
embedding application to wake up the main thread in order to handle the
message. Useful when the embedding application is idle and sitting in a
select() call.
Patch by Ryan Dahl <coldredlemur@gmail.com>
Review URL: http://codereview.chromium.org/395013
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3326 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
separate JS stack.
In exception handling, we need to be able to compare addresses into
the JavaScript portion of the stack with the address of a C++ handler
on the stack. Since the stacks are separate on the simulator, we need
a JavaScript stack address corresponding to a C++ try catch handler in
order to perform valid address comparisons.
On the simulator, we now link the C++ try catch handlers indirectly
through the JS stack and use the JS stack indirection address for
comparisons.
JS C++
handler
[C++ address] <------ next_
\
\
\----> handler
[C++ address] <------ next_
On actual hardware the C++ try catch handlers continue to be directly
linked.
BUG=http://code.google.com/p/v8/issues/detail?id=271
Review URL: http://codereview.chromium.org/360004
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3228 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
specification under development. The optimizations are patterned after
those previously done for CanvasPixelArray. This CL adds all of the
necessary framework but continues to use the generic KeyedLoadIC and
KeyedStoreIC code, to create a baseline for benchmarking purposes. The
next CL will add the optimized ICs to ic-ia32.cc and ic-x64.cc.
These new CanvasArray types have different semantics than
CanvasPixelArray; out-of-range values are clamped via C cast
semantics, which is cheaper than the clamping behavior specified by
CanvasPixelArray. Out-of-range indices raise exceptions instead of
being silently ignored.
As part of this work, pulled FloatingPointHelper::AllocateHeapNumber
up to MacroAssembler on ia32 and x64 platforms. Slightly refactored
KeyedLoadIC and KeyedStoreIC. Fixed encoding for fistp_d on x64 and
added a few more instructions that are needed for the new ICs. The
test cases in test-api.cc have been verified by hand to exercise all
of the generated code paths in the forthcoming specialized ICs.
Review URL: http://codereview.chromium.org/293023
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@3096 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Actually 1st parameter could be any object in prototype chain from this to actual holder, not only a
the global object.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2937 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Android system provides a unique feature that it sends a notification to the
browser in low memory condition, and the browser cleans up cache and frees
resources. Forcing a GC in low memory condition can free DOM objects and also
can shrink the old spaces.
This patch addresses the last comment in
http://codereview.chromium.org/173016/show
Mads Ager 2009/08/19 17:24:23
I would prefer to not use the flags to signal that a compacting collection is
requested.
TBR = ager
Review URL: http://codereview.chromium.org/173102
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2725 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
I'm planning to use it in DevTools heap profiler. It is a common scenario in debugging memory leaks to enforce GC, then perform an operation, then enforce GC again to check for non-collected (that is, leaked) objects. Using the existing GC extension isn't possible because it doesn't exposed in the normal operation mode of Chromium.
Review URL: http://codereview.chromium.org/159787
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2619 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
As we'll have several aspects of heap profiling, it is more handy to control them using binary flags than by individual functions. CPU profiling represent just a particular aspect to control, so {Pause,Resume}Profiler and IsProfilerPaused are only left for compatibility.
For now, PROFILER_FLAG_HEAP_STATS and PROFILER_FLAG_JS_CONSTRUCTOR are equivalent, but later will be split.
Review URL: http://codereview.chromium.org/159581
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2574 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
interceptors and dont-delete attributes.
Minor change to the behavior of eval: throw exception when calling
eval in a context for which the global has been detached. This
matches the behavior of both Firefox and Safari post navigation in the
browser.
Review URL: http://codereview.chromium.org/118374
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@2118 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
When loaded scripts are requested this cache is filled with all the script objects in the heap. Hereafter its content is kept in sync with the active scripts in the heap through the notifications of new scripts compiled and by using weak handles to get notified when a script is collected.
Through the tracking of collected scripts the debugger event OnScriptCollected have been added to notify a debugger that a script previously returned through the scripts command is no longer in use.
Make the ComputeIntegerHash globally available.
Moved clearing of the mirror cache to when debugger is really left. Previously recursive invocations of the debugger cause the mirror cache to be cleared causing handles to become either stale or reference other objects.
Review URL: http://codereview.chromium.org/115462
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1988 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
This will enable reading profiler log in Chrome. The current implementation of memory buffer is trivial (fixed size buffer, no memory recycling) but enough to start end-to-end DevTools Profiler implementation. Later it will be enhanced.
Review URL: http://codereview.chromium.org/108011
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1870 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The object delivered to the debug message handler contains additional information on the current break handling the messages.
Clients which require just JSON message parsing can simply get the JSON using the GetJSON message on the message object to still have the previous behaviour.
NewMessageHangler(const v8::Debug::Message& message) {
v8::String::Value val(message.GetJSON());
OldMessageHandler(Vector<uint16_t>(const_cast<uint16_t*>(*val), val.length()));
}
Refactored some of the debugger code to use internal handles instead of API handles. Also changed Object to JSObject is some places.
The access to the active context when the break occurred is still not implemented. I will add this in a new CL, as this one is quite big already.
Review URL: http://codereview.chromium.org/99122
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1811 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The debug message thread was introduced to make it possible to have the message handler callback be called from a different thread than the thread running V8 where the debug event occoured, but it never had any practical use, and prevents providing information to the message handler which is only available from the V8 thread.
In the future any thread decoupling will have do be done by the embedder.
This also removes the queue used for outbound messages.
Renamed the class Message to CommandMessage as it is only used for debugger commands from the client. Related message queue classes has also been renamed.
Review URL: http://codereview.chromium.org/93118
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1788 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The message handler function set through the debugger API is normally called in a different thread than the V8 thread where execution is stopped due to debugger event. This change adds an option to the API for specifying that the message handler should be called directly from the V8 thread. For an application like Chrome where thread dispatching is already in place this makes more sense.
Add an option to the message handler debugger API to process messages in the thread where V8 is running instead of posting it to a queue for processing on a additional thread.
Review URL: http://codereview.chromium.org/42643
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1627 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- String traversal test data (now in a zone)
- Debug message thread (now joined on exit)
- Threading test threads (now joined on exit)
- Changed message tests framework to cope with valgrind
Also, fixed a bug where we'd try to delete stack-allocated objects
when tearing down v8. Good times.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1622 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Changed the script break points to be able to handle both break points based on script names and script ids. When break points are set through a script id the position is relative to the script itself. This is different from the script break points set through script names where the line/coulmn offset is taken into account.
This has the side effect that function break points are not converted into script break points for named scripts.
Show the script id in the D8 shell debugger when listing all scripts using the 'scripts' command.
Review URL: http://codereview.chromium.org/40317
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1468 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The debugger agent listens on a TCP/IP port for a remote debugger connection. When such a connection is established the debuger JSON protocol is communicated between the agent the the remote debugger. The messages containing the JSON protocol has a RFC-822 like header with a Content-Length field and with the body containing the JSON in UTF-8 encoding.
The D8 shell has option --debugger-agent to start the debugger agent.
Review URL: http://codereview.chromium.org/27355
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1405 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Add the ability to have the host embedding V8 receive a callback in the V8 thread while V8 is processing a debug callback. When V8 is processing a debug callback the thread where V8 is executing is sitting in a tight loop processing debug commands until the continue command has been executed. In some embedding situations it is beneficial to be able to call back into the embedding host from the thread where V8 is sitting. The might have functions which needs to be called to complement the JavaScript debugging.
Using the uint16_t array to pass a void* is a temporary hack.
Review URL: http://codereview.chromium.org/20491
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1318 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Moved the registrered debug event listener from the context to a global handle in the Debugger class. Storing it in the context did not make much sense.
Changed a lot of tests to handle the API change.
BUG=1242707
Review URL: http://codereview.chromium.org/19753
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1212 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
through the API. This allows us to verify state on entry through the API.
In this change verification in the API entry is checking that the current
thread holds the V8 lock when a HandleScope is instantiated if a v8::Locker
has ever been used by the V8 instance.
Review URL: http://codereview.chromium.org/18707
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@1140 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
The main goal was to improve O(n^2) behavior when there are many object groups. The old API required the grouping to be done on the v8 side, along with a linear search. The new interface requires the caller to do the grouping, passing V8 entire groups at a time. This removes the group id concept on the v8 side.
- Changed AddObjectToGroup to AddObjectGroup.
- Removed the group id concept from the V8 side.
- Remove a static constructor while I'm here, lazily initialize
the object groups list.
- Cleaned up return by non-const references to return pointers.
Review URL: http://codereview.chromium.org/13341
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@965 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
- Changed WeakReferenceCallback to take a Persistent<Value> instead of
a Persistent<Object>.
- Removed Message::GetUnderline and Message::GetScriptData.
- Added Value::IsDate, Date::Cast and Date::Value.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@564 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
escape commas.
- Fixed issue with block-comparing unaligned strings on arm.
- Added short documentation to one of the Persistent constructors.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@554 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
Here is a description of the background and design of split window in Chrome and V8:
https://docs.google.com/a/google.com/Doc?id=chhjkpg_47fwddxbfr
This change list splits the window object into two parts: 1) an inner window object used as the global object of contexts; 2) an outer window object exposed to JavaScript and accessible by the name 'window'. Firefox did it awhile ago, here are some discussions: https://wiki.mozilla.org/Gecko:SplitWindow. One additional benefit of splitting window in Chrome is that accessing global variables don't need security checks anymore, it can improve applications that use many global variables.
V8 support of split window:
There are a small number of changes on V8 api to support split window:
Security context is removed from V8, so does related API functions;
A global object can be detached from its context and reused by a new context;
Access checks on an object template can be turned on/off by default;
An object can turn on its access checks later;
V8 has a new object type, ApiGlobalObject, which is the outer window object type. The existing JSGlobalObject becomes the inner window object type. Security checks are moved from JSGlobalObject to ApiGlobalObject. ApiGlobalObject is the one exposed to JavaScript, it is accessible through Context::Global(). ApiGlobalObject's prototype is set to JSGlobalObject so that property lookups are forwarded to JSGlobalObject. ApiGlobalObject forwards all other property access requests to JSGlobalObject, such as SetProperty, DeleteProperty, etc.
Security token is moved to a global context, and ApiGlobalObject has a reference to its global context. JSGlobalObject has a reference to its global context as well. When accessing properties on a global object in JavaScript, the domain security check is performed by comparing the security token of the lexical context (Top::global_context()) to the token of global object's context. The check is only needed when the receiver is a window object, such as 'window.document'. Accessing global variables, such as 'var foo = 3; foo' does not need checks because the receiver is the inner window object.
When an outer window is detached from its global context (when a frame navigates away from a page), it is completely detached from the inner window. A new context is created for the new page, and the outer global object is reused. At this point, the access check on the DOMWindow wrapper of the old context is turned on. The code in old context is still able to access DOMWindow properties, but it has to go through domain security checks.
It is debatable on how to implement the outer window object. Currently each property access function has to check if the receiver is ApiGlobalObject type. This approach might be error-prone that one may forget to check the receiver when adding new functions. It is unlikely a performance issue because accessing global variables are more common than 'window.foo' style coding.
I am still working on the ARM port, and I'd like to hear comments and suggestions on the best way to support it in V8.
Review URL: http://codereview.chromium.org/7366
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@540 ce2b1a6d-e550-0410-aec6-3dcde31c8c00
exceptions.
It turned out that the stack overflow fix from before had disabled
message storing in another test. Previously, stack overflows would
actually cause a message object to start being created but cause
another exception which would not be reported and that's what stopped
the infinite regress. This change resores that behavior.
git-svn-id: http://v8.googlecode.com/svn/branches/bleeding_edge@259 ce2b1a6d-e550-0410-aec6-3dcde31c8c00