Chromium Code Reviews Chromium Code Reviews
Issue 2445333002:
Ensure slow properties for simple {__proto__:null} literals. (Closed)
| OLD | NEW |
|---|---|
| 1 // Copyright 2014 the V8 project authors. All rights reserved. | 1 // Copyright 2014 the V8 project authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "src/bootstrapper.h" | 5 #include "src/bootstrapper.h" |
| 6 | 6 |
| 7 #include "src/accessors.h" | 7 #include "src/accessors.h" |
| 8 #include "src/api-natives.h" | 8 #include "src/api-natives.h" |
| 9 #include "src/base/ieee754.h" | 9 #include "src/base/ieee754.h" |
| 10 #include "src/code-stubs.h" | 10 #include "src/code-stubs.h" |
| (...skipping 579 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 590 map->set_immutable_proto(true); | 590 map->set_immutable_proto(true); |
| 591 object_function_prototype->set_map(*map); | 591 object_function_prototype->set_map(*map); |
| 592 | 592 |
| 593 native_context()->set_initial_object_prototype(*object_function_prototype); | 593 native_context()->set_initial_object_prototype(*object_function_prototype); |
| 594 // For bootstrapping set the array prototype to be the same as the object | 594 // For bootstrapping set the array prototype to be the same as the object |
| 595 // prototype, otherwise the missing initial_array_prototype will cause | 595 // prototype, otherwise the missing initial_array_prototype will cause |
| 596 // assertions during startup. | 596 // assertions during startup. |
| 597 native_context()->set_initial_array_prototype(*object_function_prototype); | 597 native_context()->set_initial_array_prototype(*object_function_prototype); |
| 598 Accessors::FunctionSetPrototype(object_fun, object_function_prototype) | 598 Accessors::FunctionSetPrototype(object_fun, object_function_prototype) |
| 599 .Assert(); | 599 .Assert(); |
| 600 | |
| 601 // Set up the map for Object.create(null) instances. | |
| 602 Handle<Map> slow_object_with_null_prototype_map = | |
| 603 Map::CopyInitialMap(handle(object_fun->initial_map(), isolate)); | |
| 604 slow_object_with_null_prototype_map->set_dictionary_map(true); | |
| 605 Map::SetPrototype(slow_object_with_null_prototype_map, | |
| 606 isolate->factory()->null_value()); | |
| 607 native_context()->set_slow_object_with_null_prototype_map( | |
| 608 *slow_object_with_null_prototype_map); | |
|
Toon Verwaest
2017/03/14 13:27:47
This already exists?
Camillo Bruni
2017/03/17 16:40:55
just moved to here, so it's available earlier in t
| |
| 600 } | 609 } |
| 601 | 610 |
| 602 // Allocate the empty function as the prototype for function - ES6 19.2.3 | 611 // Allocate the empty function as the prototype for function - ES6 19.2.3 |
| 603 Handle<Code> code(isolate->builtins()->EmptyFunction()); | 612 Handle<Code> code(isolate->builtins()->EmptyFunction()); |
| 604 Handle<JSFunction> empty_function = | 613 Handle<JSFunction> empty_function = |
| 605 factory->NewFunctionWithoutPrototype(factory->empty_string(), code); | 614 factory->NewFunctionWithoutPrototype(factory->empty_string(), code); |
| 606 | 615 |
| 607 // Allocate the function map first and then patch the prototype later | 616 // Allocate the function map first and then patch the prototype later |
| 608 Handle<Map> empty_function_map = | 617 Handle<Map> empty_function_map = |
| 609 factory->CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE); | 618 factory->CreateSloppyFunctionMap(FUNCTION_WITHOUT_PROTOTYPE); |
| (...skipping 3433 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4043 native_context()->set_fast_template_instantiations_cache( | 4052 native_context()->set_fast_template_instantiations_cache( |
| 4044 *fast_template_instantiations_cache); | 4053 *fast_template_instantiations_cache); |
| 4045 | 4054 |
| 4046 auto slow_template_instantiations_cache = UnseededNumberDictionary::New( | 4055 auto slow_template_instantiations_cache = UnseededNumberDictionary::New( |
| 4047 isolate(), ApiNatives::kInitialFunctionCacheSize); | 4056 isolate(), ApiNatives::kInitialFunctionCacheSize); |
| 4048 native_context()->set_slow_template_instantiations_cache( | 4057 native_context()->set_slow_template_instantiations_cache( |
| 4049 *slow_template_instantiations_cache); | 4058 *slow_template_instantiations_cache); |
| 4050 | 4059 |
| 4051 // Store the map for the %ObjectPrototype% after the natives has been compiled | 4060 // Store the map for the %ObjectPrototype% after the natives has been compiled |
| 4052 // and the Object function has been set up. | 4061 // and the Object function has been set up. |
| 4053 Handle<JSFunction> object_function(native_context()->object_function()); | 4062 { |
| 4054 DCHECK(JSObject::cast(object_function->initial_map()->prototype()) | 4063 Handle<JSFunction> object_function(native_context()->object_function()); |
| 4055 ->HasFastProperties()); | 4064 DCHECK(JSObject::cast(object_function->initial_map()->prototype()) |
| 4056 native_context()->set_object_function_prototype_map( | 4065 ->HasFastProperties()); |
| 4057 HeapObject::cast(object_function->initial_map()->prototype())->map()); | 4066 native_context()->set_object_function_prototype_map( |
| 4058 | 4067 HeapObject::cast(object_function->initial_map()->prototype())->map()); |
| 4059 // Set up the map for Object.create(null) instances. | 4068 } |
| 4060 Handle<Map> slow_object_with_null_prototype_map = | |
| 4061 Map::CopyInitialMap(handle(object_function->initial_map(), isolate())); | |
| 4062 slow_object_with_null_prototype_map->set_dictionary_map(true); | |
| 4063 Map::SetPrototype(slow_object_with_null_prototype_map, | |
| 4064 isolate()->factory()->null_value()); | |
| 4065 native_context()->set_slow_object_with_null_prototype_map( | |
| 4066 *slow_object_with_null_prototype_map); | |
| 4067 | 4069 |
| 4068 // Store the map for the %StringPrototype% after the natives has been compiled | 4070 // Store the map for the %StringPrototype% after the natives has been compiled |
| 4069 // and the String function has been set up. | 4071 // and the String function has been set up. |
| 4070 Handle<JSFunction> string_function(native_context()->string_function()); | 4072 Handle<JSFunction> string_function(native_context()->string_function()); |
| 4071 JSObject* string_function_prototype = | 4073 JSObject* string_function_prototype = |
| 4072 JSObject::cast(string_function->initial_map()->prototype()); | 4074 JSObject::cast(string_function->initial_map()->prototype()); |
| 4073 DCHECK(string_function_prototype->HasFastProperties()); | 4075 DCHECK(string_function_prototype->HasFastProperties()); |
| 4074 native_context()->set_string_function_prototype_map( | 4076 native_context()->set_string_function_prototype_map( |
| 4075 string_function_prototype->map()); | 4077 string_function_prototype->map()); |
| 4076 | 4078 |
| (...skipping 1044 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5121 } | 5123 } |
| 5122 | 5124 |
| 5123 | 5125 |
| 5124 // Called when the top-level V8 mutex is destroyed. | 5126 // Called when the top-level V8 mutex is destroyed. |
| 5125 void Bootstrapper::FreeThreadResources() { | 5127 void Bootstrapper::FreeThreadResources() { |
| 5126 DCHECK(!IsActive()); | 5128 DCHECK(!IsActive()); |
| 5127 } | 5129 } |
| 5128 | 5130 |
| 5129 } // namespace internal | 5131 } // namespace internal |
| 5130 } // namespace v8 | 5132 } // namespace v8 |
| OLD | NEW |
