Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(116)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 6602081: Stop using plain Arrays internally in built-in functions. (Closed)

Created:
9 years, 9 months ago by Lasse Reichstein
Modified:
9 years, 6 months ago
CC:
v8-dev
Visibility:
Public.

Description

Stop using plain Arrays internally in built-in functions. In built-in code we use arrays for internal computations. This makes it possible to affect the built-in code by putting getters or setters on the Array prototype chain. This adds a new internal Array constructor that creates Arrays with a very simplistic prototype chain that doesn't include any publicly visible objects. These Arrays shoudl ofcourse never leak outside the builtins, since that would expose the prototype object. The prototype object contains only the array functions that we use: push, pop and join (and not even a toString, so it doesn't stringify well). Also change uses of .call to %_CallFunction. BUG=1206 Committed: http://code.google.com/p/v8/source/detail?r=7040

Patch Set 1 #

Patch Set 2 : Changed implementation of ArrayMap to something hopefully a little faster. #

Total comments: 7

Patch Set 3 : Addressed review comments. #

Patch Set 4 : Added toString. #

Patch Set 5 : Changed header in bootstrapper.cc #

Unified diffs Side-by-side diffs Delta from patch set Stats (+109 lines, -51 lines) Patch
M src/arm/builtins-arm.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M src/array.js View 1 2 3 17 chunks +36 lines, -18 lines 0 comments Download
M src/bootstrapper.cc View 1 2 3 4 2 chunks +38 lines, -0 lines 0 comments Download
M src/ia32/builtins-ia32.cc View 1 chunk +3 lines, -5 lines 0 comments Download
M src/json.js View 1 2 7 chunks +10 lines, -10 lines 0 comments Download
M src/objects.cc View 1 2 1 chunk +4 lines, -0 lines 0 comments Download
M src/regexp.js View 1 2 1 chunk +3 lines, -3 lines 0 comments Download
M src/string.js View 1 2 7 chunks +7 lines, -7 lines 0 comments Download
M src/v8natives.js View 1 2 5 chunks +5 lines, -5 lines 0 comments Download
M src/x64/builtins-x64.cc View 1 chunk +1 line, -1 line 0 comments Download
M src/x64/macro-assembler-x64.cc View 1 chunk +1 line, -1 line 0 comments Download

Messages

Total messages: 4 (0 generated)
Lasse Reichstein
Hold for benchmark results.
9 years, 9 months ago (2011-03-02 12:01:04 UTC) #1
Mads Ager (chromium)
LGTM We need a name that makes it more clear. Also, you should comment that ...
9 years, 9 months ago (2011-03-03 10:33:21 UTC) #2
Erik Corry
How about a ToString that returns "Internal Array, length x"?
9 years, 9 months ago (2011-03-03 10:38:21 UTC) #3
Lasse Reichstein
9 years, 9 months ago (2011-03-03 12:28:21 UTC) #4 
I'll try to find a way to prohibit non-constructor calls.

http://codereview.chromium.org/6602081/diff/13/src/arm/builtins-arm.cc
File src/arm/builtins-arm.cc (right):

http://codereview.chromium.org/6602081/diff/13/src/arm/builtins-arm.cc#newcod...
src/arm/builtins-arm.cc:431: // Initial map for the builtin Array functions
shoud be maps.
Fixed.

http://codereview.chromium.org/6602081/diff/13/src/array.js
File src/array.js (right):

http://codereview.chromium.org/6602081/diff/13/src/array.js#newcode1233
src/array.js:1233: // The internal Array prototype doesn't need to be fancy,
since it's never
Changing to InternalArray.

http://codereview.chromium.org/6602081/diff/13/src/array.js#newcode1238
src/array.js:1238: Array.prototype = new $Object();
True. Removing.

Powered by Google App Engine
This is Rietveld 408576698