Revert of [runtime] Replace global object link with native context link in all contexts.

src/bootstrapper.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/bootstrapper.h"
 
 #include "src/accessors.h"
 #include "src/api-natives.h"
 #include "src/code-stubs.h"
 #include "src/extensions/externalize-string-extension.h"
@@ skipping 1034 matching lines @@
 }
 
 
 void Genesis::HookUpGlobalObject(Handle<JSGlobalObject> global_object,
                                  Handle<FixedArray> outdated_contexts) {
   Handle<JSGlobalObject> global_object_from_snapshot(
       JSGlobalObject::cast(native_context()->extension()));
   native_context()->set_extension(*global_object);
   native_context()->set_security_token(*global_object);
 
+  // Replace outdated global objects in deserialized contexts.
+  for (int i = 0; i < outdated_contexts->length(); ++i) {
+    Context* context = Context::cast(outdated_contexts->get(i));
+    // Assert that there is only one native context.
+    DCHECK(!context->IsNativeContext() || context == *native_context());
+    DCHECK_EQ(context->global_object(), *global_object_from_snapshot);
+    context->set_global_object(*global_object);
+  }
+
   TransferNamedProperties(global_object_from_snapshot, global_object);
   TransferIndexedProperties(global_object_from_snapshot, global_object);
 }
 
 
 // This is only called if we are not using snapshots.  The equivalent
 // work in the snapshot case is done in HookUpGlobalObject.
 void Genesis::InitializeGlobal(Handle<JSGlobalObject> global_object,
                                Handle<JSFunction> empty_function,
                                ContextType context_type) {
   // --- N a t i v e   C o n t e x t ---
   // Use the empty function as closure (no scope info).
   native_context()->set_closure(*empty_function);
   native_context()->set_previous(NULL);
   // Set extension and global object.
   native_context()->set_extension(*global_object);
+  native_context()->set_global_object(*global_object);
   // Security setup: Set the security token of the native context to the global
   // object. This makes the security check between two different contexts fail
   // by default even in case of global object reinitialization.
   native_context()->set_security_token(*global_object);
 
   Isolate* isolate = global_object->GetIsolate();
   Factory* factory = isolate->factory();
 
   Handle<ScriptContextTable> script_context_table =
       factory->NewScriptContextTable();
@@ skipping 525 matching lines @@
   Handle<String> script_name =
       isolate->factory()->NewStringFromUtf8(name).ToHandleChecked();
   Handle<SharedFunctionInfo> function_info = Compiler::CompileScript(
       source, script_name, 0, 0, ScriptOriginOptions(), Handle<Object>(),
       context, NULL, NULL, ScriptCompiler::kNoCompileOptions, NATIVES_CODE,
       false);
   if (function_info.is_null()) return false;
 
   DCHECK(context->IsNativeContext());
 
+  Handle<Context> runtime_context(context->runtime_context());
   Handle<JSFunction> fun =
       isolate->factory()->NewFunctionFromSharedFunctionInfo(function_info,
-                                                            context);
+                                                            runtime_context);
   Handle<Object> receiver = isolate->factory()->undefined_value();
 
   // For non-extension scripts, run script to get the function wrapper.
   Handle<Object> wrapper;
   if (!Execution::Call(isolate, fun, receiver, 0, NULL).ToHandle(&wrapper)) {
     return false;
   }
   // Then run the function wrapper.
   return !Execution::Call(isolate, Handle<JSFunction>::cast(wrapper), receiver,
                           argc, argv).is_null();
@@ skipping 106 matching lines @@
       Handle<JSObject> global = isolate()->global_object();
       JSObject::AddProperty(global, natives_key, utils, DONT_ENUM);
       break;
     }
     case THIN_CONTEXT:
       break;
   }
 
   // The utils object can be removed for cases that reach this point.
   native_context()->set_natives_utils_object(heap()->undefined_value());
+
+#ifdef DEBUG
+  JSGlobalObject* dummy = native_context()->runtime_context()->global_object();
+  DCHECK_EQ(0, dummy->elements()->length());
+  DCHECK_EQ(0, GlobalDictionary::cast(dummy->properties())->NumberOfElements());
+#endif
 }
 
 
 void Bootstrapper::ExportFromRuntime(Isolate* isolate,
                                      Handle<JSObject> container) {
   Factory* factory = isolate->factory();
   HandleScope scope(isolate);
   Handle<Context> native_context = isolate->native_context();
 #define EXPORT_PRIVATE_SYMBOL(NAME)                                       \
   Handle<String> NAME##_name = factory->NewStringFromAsciiChecked(#NAME); \
@@ skipping 464 matching lines @@
     initial_map->AppendDescriptor(&d);
   }
 
   return array_function;
 }
 
 
 bool Genesis::InstallNatives(ContextType context_type) {
   HandleScope scope(isolate());
 
+  // Create a bridge function that has context in the native context.
+  Handle<JSFunction> bridge = factory()->NewFunction(factory()->empty_string());
+  DCHECK(bridge->context() == *isolate()->native_context());
+
+  // Allocate the runtime context.
+  {
+    Handle<Context> context =
+        factory()->NewFunctionContext(Context::MIN_CONTEXT_SLOTS, bridge);
+    native_context()->set_runtime_context(*context);
+    Handle<Code> code = isolate()->builtins()->Illegal();
+    Handle<JSFunction> global_fun =
+        factory()->NewFunction(factory()->empty_string(), code,
+                               JS_GLOBAL_OBJECT_TYPE, JSGlobalObject::kSize);
+    global_fun->initial_map()->set_dictionary_map(true);
+    global_fun->initial_map()->set_prototype(heap()->null_value());
+    Handle<JSGlobalObject> dummy_global =
+        Handle<JSGlobalObject>::cast(factory()->NewJSGlobalObject(global_fun));
+    dummy_global->set_native_context(*native_context());
+    dummy_global->set_global_proxy(native_context()->global_proxy());
+    context->set_global_object(*dummy_global);
+    // Something went wrong if we actually need to write into the dummy global.
+    dummy_global->set_properties(*GlobalDictionary::New(isolate(), 0));
+    dummy_global->set_elements(heap()->empty_fixed_array());
+  }
+
   // Set up the utils object as shared container between native scripts.
   Handle<JSObject> utils = factory()->NewJSObject(isolate()->object_function());
   JSObject::NormalizeProperties(utils, CLEAR_INOBJECT_PROPERTIES, 16,
                                 "utils container for native scripts");
   native_context()->set_natives_utils_object(*utils);
 
   // Set up the extras utils object as a shared container between native
   // scripts and extras. (Extras consume things added there by native scripts.)
   Handle<JSObject> extras_utils =
       factory()->NewJSObject(isolate()->object_function());
@@ skipping 903 matching lines @@
     Handle<JSFunction> empty_function = CreateEmptyFunction(isolate);
     CreateStrictModeFunctionMaps(empty_function);
     CreateStrongModeFunctionMaps(empty_function);
     CreateIteratorMaps();
     Handle<JSGlobalObject> global_object =
         CreateNewGlobals(global_proxy_template, global_proxy);
     HookUpGlobalProxy(global_object, global_proxy);
     InitializeGlobal(global_object, empty_function, context_type);
     InitializeNormalizedMapCaches();
 
-    // TODO(yangguo): Find a way to prevent accidentially installing properties
-    // on the global object.
     if (!InstallNatives(context_type)) return;
 
     MakeFunctionInstancePrototypeWritable();
 
     if (context_type != THIN_CONTEXT) {
       if (!InstallExtraNatives()) return;
       if (!ConfigureGlobalObjects(global_proxy_template)) return;
     }
     isolate->counters()->contexts_created_from_scratch()->Increment();
     // Re-initialize the counter because it got incremented during snapshot
@@ skipping 56 matching lines @@
 }
 
 
 // Called when the top-level V8 mutex is destroyed.
 void Bootstrapper::FreeThreadResources() {
   DCHECK(!IsActive());
 }
 
 }  // namespace internal
 }  // namespace v8