Add an API to create a detached global object

src/bootstrapper.cc

 // Copyright 2014 the V8 project authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "src/bootstrapper.h"
 
 #include "src/accessors.h"
 #include "src/api-natives.h"
 #include "src/base/ieee754.h"
 #include "src/code-stubs.h"
@@ skipping 123 matching lines @@
   extensions_cache_.Initialize(isolate_, false);  // Yes, symmetrical
 }
 
 
 class Genesis BASE_EMBEDDED {
  public:
   Genesis(Isolate* isolate, MaybeHandle<JSGlobalProxy> maybe_global_proxy,
           v8::Local<v8::ObjectTemplate> global_proxy_template,
           v8::ExtensionConfiguration* extensions, size_t context_snapshot_index,
           GlobalContextType context_type);
+  Genesis(Isolate* isolate,
+          v8::Local<v8::ObjectTemplate> global_proxy_template);
   ~Genesis() { }
 
   Isolate* isolate() const { return isolate_; }
   Factory* factory() const { return isolate_->factory(); }
   Heap* heap() const { return isolate_->heap(); }
 
   Handle<Context> result() { return result_; }
 
+  Handle<JSGlobalProxy> global_proxy() { return global_proxy_; }
+
  private:
   Handle<Context> native_context() { return native_context_; }
 
   // Creates some basic objects. Used for creating a context from scratch.
   void CreateRoots();
   // Creates the empty function.  Used for creating a context from scratch.
   Handle<JSFunction> CreateEmptyFunction(Isolate* isolate);
   // Creates the ThrowTypeError function. ECMA 5th Ed. 13.2.3
   Handle<JSFunction> GetRestrictedFunctionPropertiesThrower();
   Handle<JSFunction> GetStrictArgumentsPoisonFunction();
@@ skipping 133 matching lines @@
   void SetStrictFunctionInstanceDescriptor(Handle<Map> map,
                                            FunctionMode function_mode);
 
   static bool CallUtilsFunction(Isolate* isolate, const char* name);
 
   static bool CompileExtension(Isolate* isolate, v8::Extension* extension);
 
   Isolate* isolate_;
   Handle<Context> result_;
   Handle<Context> native_context_;
+  Handle<JSGlobalProxy> global_proxy_;
 
   // Function maps. Function maps are created initially with a read only
   // prototype for the processing of JS builtins. Later the function maps are
   // replaced in order to make prototype writable. These are the final, writable
   // prototype, maps.
   Handle<Map> sloppy_function_map_writable_prototype_;
   Handle<Map> strict_function_map_writable_prototype_;
   Handle<JSFunction> strict_poison_function_;
   Handle<JSFunction> restricted_function_properties_thrower_;
 
@@ skipping 15 matching lines @@
   HandleScope scope(isolate_);
   Genesis genesis(isolate_, maybe_global_proxy, global_proxy_template,
                   extensions, context_snapshot_index, context_type);
   Handle<Context> env = genesis.result();
   if (env.is_null() || !InstallExtensions(env, extensions)) {
     return Handle<Context>();
   }
   return scope.CloseAndEscape(env);
 }
 
+Handle<JSGlobalProxy> Bootstrapper::NewDetachedGlobal(
+    v8::Local<v8::ObjectTemplate> global_proxy_template) {
+  HandleScope scope(isolate_);
+  Genesis genesis(isolate_, global_proxy_template);
+  Handle<JSGlobalProxy> global_proxy = genesis.global_proxy();
+  if (global_proxy.is_null()) return Handle<JSGlobalProxy>();
+  return scope.CloseAndEscape(global_proxy);
+}
 
 static void SetObjectPrototype(Handle<JSObject> object, Handle<Object> proto) {
   // object.__proto__ = proto;
   Handle<Map> old_map = Handle<Map>(object->map());
   Handle<Map> new_map = Map::Copy(old_map, "SetObjectPrototype");
   Map::SetPrototype(new_map, proto, FAST_PROTOTYPE);
   JSObject::MigrateToMap(object, new_map);
 }
 
 
@@ skipping 3454 matching lines @@
 };
 
 Genesis::Genesis(Isolate* isolate,
                  MaybeHandle<JSGlobalProxy> maybe_global_proxy,
                  v8::Local<v8::ObjectTemplate> global_proxy_template,
                  v8::ExtensionConfiguration* extensions,
                  size_t context_snapshot_index, GlobalContextType context_type)
     : isolate_(isolate), active_(isolate->bootstrapper()) {
   NoTrackDoubleFieldsForSerializerScope disable_scope(isolate);
   result_ = Handle<Context>::null();
+  global_proxy_ = Handle<JSGlobalProxy>::null();
+
   // Before creating the roots we must save the context and restore it
   // on all function exits.
   SaveContext saved_context(isolate);
 
   // During genesis, the boilerplate for stack overflow won't work until the
   // environment has been at least partially initialized. Add a stack check
   // before entering JS code to catch overflow early.
   StackLimitCheck check(isolate);
   if (check.HasOverflowed()) {
     isolate->StackOverflow();
@@ skipping 88 matching lines @@
 
   // Check that the script context table is empty except for the 'this' binding.
   // We do not need script contexts for native scripts.
   if (!FLAG_global_var_shortcuts) {
     DCHECK_EQ(1, native_context()->script_context_table()->used());
   }
 
   result_ = native_context();
 }
 
+Genesis::Genesis(Isolate* isolate,
+                 v8::Local<v8::ObjectTemplate> global_proxy_template)
+    : isolate_(isolate), active_(isolate->bootstrapper()) {
+  NoTrackDoubleFieldsForSerializerScope disable_scope(isolate);
+  result_ = Handle<Context>::null();
+  global_proxy_ = Handle<JSGlobalProxy>::null();
+
+  // Before creating the roots we must save the context and restore it
+  // on all function exits.
+  SaveContext saved_context(isolate);
+
+  // During genesis, the boilerplate for stack overflow won't work until the
+  // environment has been at least partially initialized. Add a stack check
+  // before entering JS code to catch overflow early.
+  StackLimitCheck check(isolate);
+  if (check.HasOverflowed()) {
+    isolate->StackOverflow();
+    return;
+  }
+
+  Handle<JSGlobalProxy> global_proxy =
+      factory()->NewUninitializedJSGlobalProxy();
+
+  // CreateNewGlobals.
+  Handle<ObjectTemplateInfo> global_proxy_data =
+      v8::Utils::OpenHandle(*global_proxy_template);
+  Handle<FunctionTemplateInfo> global_constructor(
+      FunctionTemplateInfo::cast(global_proxy_data->constructor()));
+
+  Handle<Map> initial_map =
+      CreateSloppyFunctionMap(FUNCTION_WITH_WRITEABLE_PROTOTYPE);
+  Handle<JSFunction> global_proxy_function =
+      ApiNatives::CreateApiFunctionWithMap(
+          isolate, factory()->undefined_value(), global_constructor,
+          initial_map, factory()->the_hole_value(),
+          ApiNatives::GlobalProxyType);
+  Handle<String> global_name = factory()->global_string();
+  global_proxy_function->shared()->set_instance_class_name(*global_name);
+  global_proxy_function->initial_map()->set_is_access_check_needed(true);
+  global_proxy_function->initial_map()->set_has_hidden_prototype(true);
+  factory()->ReinitializeJSGlobalProxy(global_proxy, global_proxy_function);
+
+  // HookUpGlobalProxy.
+  global_proxy->set_native_context(*factory()->null_value());
+

[jochen (gone - plz use gerrit), 2016/06/28 14:27:00]

The regular genesis path would also invoke ConfigureGlobalObjects() - that would
copy over any properties defined for the proxy from the template to the object.
The assumption here is that no such properties exist.

+  // DetachGlobal.
+  SetObjectPrototype(global_proxy, factory()->null_value());

[jochen (gone - plz use gerrit), 2016/06/28 14:27:00]

regular DetachGlobal would also delete the constructor, but then we can't get to
the AccessCheckInfo anymore

+
+  global_proxy_ = global_proxy;
+}
 
 // Support for thread preemption.
 
 // Reserve space for statics needing saving and restoring.
 int Bootstrapper::ArchiveSpacePerThread() {
   return sizeof(NestingCounterType);
 }
 
 
 // Archive statics that are thread-local.
@@ skipping 11 matching lines @@
 }
 
 
 // Called when the top-level V8 mutex is destroyed.
 void Bootstrapper::FreeThreadResources() {
   DCHECK(!IsActive());
 }
 
 }  // namespace internal
 }  // namespace v8