[Bindings] Create and use V8 context snapshots

third_party/WebKit/Source/bindings/core/v8/V8SnapshotUtil.cpp

Index: third_party/WebKit/Source/bindings/core/v8/V8SnapshotUtil.cpp
diff --git a/third_party/WebKit/Source/bindings/core/v8/V8SnapshotUtil.cpp b/third_party/WebKit/Source/bindings/core/v8/V8SnapshotUtil.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..ceff87709173cb1dcbe4f162100c9b39dd051683
--- /dev/null
+++ b/third_party/WebKit/Source/bindings/core/v8/V8SnapshotUtil.cpp
@@ -0,0 +1,493 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "bindings/core/v8/V8SnapshotUtil.h"
+
+#include <array>
+#include <cstring>
+
+#include "bindings/core/v8/GeneratedCodeHelper.h"
+#include "bindings/core/v8/V8Document.h"
+#include "bindings/core/v8/V8EventTarget.h"
+#include "bindings/core/v8/V8HTMLDocument.h"
+#include "bindings/core/v8/V8Initializer.h"
+#include "bindings/core/v8/V8Node.h"
+#include "bindings/core/v8/V8Window.h"
+#include "platform/bindings/DOMWrapperWorld.h"
+#include "platform/bindings/V8ObjectConstructor.h"
+#include "platform/bindings/V8PerIsolateData.h"
+#include "platform/bindings/V8PrivateProperty.h"
+#include "v8/include/v8.h"
+
+namespace blink {
+
+namespace {
+
+intptr_t* g_snapshot_reference_table = nullptr;
+
+// TODO(peria): This method is almost a copy of
+// V8PerContext::ConstructorForTypeSlowCase(), so merge with it.
+v8::Local<v8::Function> ConstructPlainType(v8::Isolate* isolate,
+                                           const DOMWrapperWorld& world,
+                                           v8::Local<v8::Context> context,
+                                           const WrapperTypeInfo* type) {
+  v8::Context::Scope scope(context);
+  // We shouldn't reach this point for the types that are implemented in v8 such
+  // as typed arrays and hence don't have domTemplateFunction.
+  DCHECK(type->dom_template_function);
+  v8::Local<v8::FunctionTemplate> interface_template =
+      type->domTemplate(isolate, world);
+  // Getting the function might fail if we're running out of stack or memory.
+  v8::Local<v8::Function> interface_object =
+      interface_template->GetFunction(context).ToLocalChecked();
+
+  if (type->parent_class) {
+    v8::Local<v8::Object> prototype_template =
+        ConstructPlainType(isolate, world, context, type->parent_class);
+    CHECK(interface_object->SetPrototype(context, prototype_template)
+              .ToChecked());
+  }
+
+  v8::Local<v8::Value> prototype_value =
+      interface_object->Get(context, V8AtomicString(isolate, "prototype"))
+          .ToLocalChecked();
+  CHECK(prototype_value->IsObject());
+  v8::Local<v8::Object> prototype_object = prototype_value.As<v8::Object>();
+  if (prototype_object->InternalFieldCount() ==
+          kV8PrototypeInternalFieldcount &&
+      type->wrapper_type_prototype ==
+          WrapperTypeInfo::kWrapperTypeObjectPrototype) {
+    prototype_object->SetAlignedPointerInInternalField(
+        kV8PrototypeTypeIndex, const_cast<WrapperTypeInfo*>(type));
+  }
+  type->PreparePrototypeAndInterfaceObject(
+      context, world, prototype_object, interface_object, interface_template);
+
+  return interface_object;
+}
+
+// TODO(peria): This method is almost a copy of
+// V8PerContext::CreateWrapperFromCacheSlowCase(), so merge with it.
+v8::Local<v8::Object> CreatePlainWrapper(v8::Isolate* isolate,
+                                         const DOMWrapperWorld& world,
+                                         v8::Local<v8::Context> context,
+                                         const WrapperTypeInfo* type) {
+  CHECK(V8HTMLDocument::wrapperTypeInfo.Equals(type));
+
+  v8::Context::Scope scope(context);
+  v8::Local<v8::Function> interface_object =
+      ConstructPlainType(isolate, world, context, type);
+  CHECK(!interface_object.IsEmpty());
+  v8::Local<v8::Object> instance_template =
+      V8ObjectConstructor::NewInstance(isolate, interface_object)
+          .ToLocalChecked();
+  v8::Local<v8::Object> wrapper = instance_template->Clone();
+  wrapper->SetAlignedPointerInInternalField(kV8DOMWrapperTypeIndex,
+                                            const_cast<WrapperTypeInfo*>(type));
+  return wrapper;
+}
+
+constexpr int kWorldIdForNonMainWorld =
+    DOMWrapperWorld::WorldId::kIsolatedWorldIdLimit - 1;
+
+int GetSnapshotIndexForWorld(const DOMWrapperWorld& world) {
+  return world.IsMainWorld() ? 0 : 1;
+}
+
+constexpr const WrapperTypeInfo* kSnapshotWrapperTypes[] = {
+    &V8Window::wrapperTypeInfo,      &V8HTMLDocument::wrapperTypeInfo,
+    &V8EventTarget::wrapperTypeInfo, &V8Node::wrapperTypeInfo,
+    &V8Document::wrapperTypeInfo,
+};
+constexpr size_t kSnapshotWrapperSize = WTF_ARRAY_LENGTH(kSnapshotWrapperTypes);
+
+enum class InternalFieldType : uint8_t {
+  kNone,
+  kNodeType,
+  kDocumentType,
+  kHTMLDocumentType,
+  kHTMLDocumentObject,
+};
+
+const WrapperTypeInfo* FieldTypeToWrapperTypeInfo(InternalFieldType type) {
+  switch (type) {
+    case InternalFieldType::kNone:
+      NOTREACHED();
+      break;
+    case InternalFieldType::kNodeType:
+      return &V8Node::wrapperTypeInfo;
+    case InternalFieldType::kDocumentType:
+      return &V8Document::wrapperTypeInfo;
+    case InternalFieldType::kHTMLDocumentType:
+      return &V8HTMLDocument::wrapperTypeInfo;
+    case InternalFieldType::kHTMLDocumentObject:
+      return &V8HTMLDocument::wrapperTypeInfo;
+  }
+  NOTREACHED();
+  return nullptr;
+}
+
+struct DataForDeserializer {
+  STACK_ALLOCATED();
+  Member<Document> document;
+};
+
+int CountExternalReferenceEntries() {
+  if (!g_snapshot_reference_table)
+    return 0;
+
+  int count = 0;
+  for (intptr_t* p = g_snapshot_reference_table; *p; ++p)
+    ++count;
+  return count;
+}
+
+}  // namespace
+
+v8::Local<v8::Context> V8SnapshotUtil::CreateContext(
+    v8::Isolate* isolate,
+    const DOMWrapperWorld& world,
+    v8::ExtensionConfiguration* extension_configuration,
+    v8::Local<v8::Object> global_proxy,
+    Document* document) {
+  if (!CanCreateContextFromSnapshot(isolate, world, document)) {
+    return v8::Local<v8::Context>();
+  }
+
+  const int index = GetSnapshotIndexForWorld(world);
+  DataForDeserializer data{document};
+  v8::DeserializeInternalFieldsCallback callback =
+      v8::DeserializeInternalFieldsCallback(&DeserializeInternalField, &data);
+  v8::Local<v8::Context> context =
+      v8::Context::FromSnapshot(isolate, index, callback,
+                                extension_configuration, global_proxy)
+          .ToLocalChecked();
+  CHECK(!context.IsEmpty());

[Yuki, 2017/06/27 12:43:47]

This CHECK is meaningless after ToLocalChecked().

[peria, 2017/06/28 03:02:43]

Done.

+  DLOG(INFO) << "A context is created from snapshot for "
+             << (world.IsMainWorld() ? "" : "non-") << "main world";
+
+  return context;
+}
+
+void V8SnapshotUtil::SetupContext(v8::Local<v8::Context> context,
+                                  Document* document) {
+  ScriptState* script_state = ScriptState::From(context);
+  v8::Isolate* isolate = script_state->GetIsolate();
+  const DOMWrapperWorld& world = script_state->World();
+  if (!CanCreateContextFromSnapshot(isolate, world, document)) {
+    return;
+  }
+
+  v8::Local<v8::String> prototype_str = V8AtomicString(isolate, "prototype");
+  V8PerContextData* data = script_state->PerContextData();
+
+  v8::Local<v8::Object> global_proxy = context->Global();
+  v8::Local<v8::Object> window_wrapper =
+      global_proxy->GetPrototype().As<v8::Object>();
+  {
+    const WrapperTypeInfo* type = &V8EventTarget::wrapperTypeInfo;
+    v8::Local<v8::Function> interface = data->ConstructorForType(type);
+    v8::Local<v8::Object> prototype = interface->Get(context, prototype_str)
+                                          .ToLocalChecked()
+                                          .As<v8::Object>();
+    V8EventTarget::InstallRuntimeEnabledFeatures(isolate, world, window_wrapper,

[Yuki, 2017/06/27 12:43:47]

I'm confused again.  Exactly what InstallRuntimeEnabledFeatures does?

Suppose that EventTarget has an [Unforgeable] attribute |foo|,
Does V8Window::InstallRuntimeEnabledFeatures install |foo|?

Like InstanceTemplate(), if the most derived interface takes care of all
inherited properties, we shouldn't pass |window_wrapper| here.

[peria, 2017/06/28 03:02:43]

Ah, I think your understanding is correct.
No need to pass |window_wrapper| for V8EventTarget.

+                                                 prototype, interface);
+  }
+  {
+    const WrapperTypeInfo* type = &V8Window::wrapperTypeInfo;
+    v8::Local<v8::Function> interface = data->ConstructorForType(type);
+    v8::Local<v8::Object> prototype = interface->Get(context, prototype_str)
+                                          .ToLocalChecked()
+                                          .As<v8::Object>();
+    V8Window::install_runtime_enabled_features_function_(
+        isolate, world, window_wrapper, prototype, interface);
+  }
+
+  if (world.IsMainWorld()) {

[Yuki, 2017/06/27 12:43:49]

nit: Can we do an early-exit?

[peria, 2017/06/28 03:02:43]

Done.

+    CHECK(document);
+    DCHECK(document->IsHTMLDocument());
+    CHECK(document->ContainsWrapper());
+    v8::Local<v8::Object> document_wrapper =
+        document->MainWorldWrapper(isolate);

[Yuki, 2017/06/27 12:43:47]

Is this the only reason that V8SnapshotUtil needs to be a friend of
ScriptWrappable?
Then, we should use ToV8 instead.

[peria, 2017/06/28 03:02:43]

Done.

+
+    {
+      // Prototype object and interface object of EventTarget were set up with
+      // Window wrapper.
+      V8EventTarget::InstallRuntimeEnabledFeatures(
+          isolate, world, document_wrapper, v8::Local<v8::Object>(),
+          v8::Local<v8::Function>());
+    }
+    {
+      const WrapperTypeInfo* type = &V8Node::wrapperTypeInfo;
+      v8::Local<v8::Function> interface = data->ConstructorForType(type);
+      v8::Local<v8::Object> prototype = interface->Get(context, prototype_str)
+                                            .ToLocalChecked()
+                                            .As<v8::Object>();
+      V8Node::InstallRuntimeEnabledFeatures(isolate, world, document_wrapper,
+                                            prototype, interface);
+    }
+    {
+      const WrapperTypeInfo* type = &V8Document::wrapperTypeInfo;
+      v8::Local<v8::Function> interface = data->ConstructorForType(type);
+      v8::Local<v8::Object> prototype = interface->Get(context, prototype_str)
+                                            .ToLocalChecked()
+                                            .As<v8::Object>();
+      V8Document::InstallRuntimeEnabledFeatures(
+          isolate, world, document_wrapper, prototype, interface);
+    }
+    {
+      const WrapperTypeInfo* type = &V8HTMLDocument::wrapperTypeInfo;
+      v8::Local<v8::Function> interface = data->ConstructorForType(type);
+      v8::Local<v8::Object> prototype = interface->Get(context, prototype_str)
+                                            .ToLocalChecked()
+                                            .As<v8::Object>();
+      V8HTMLDocument::InstallRuntimeEnabledFeatures(
+          isolate, world, document_wrapper, prototype, interface);
+    }
+  }
+}
+
+void V8SnapshotUtil::EnsureInterfaceTemplates(v8::Isolate* isolate) {
+  if (V8PerIsolateData::From(isolate)->GetV8ContextMode() !=
+      V8PerIsolateData::V8ContextMode::kUseSnapshot) {
+    return;
+  }
+
+  EnsureInterfaceTemplatesForWorld(isolate, DOMWrapperWorld::MainWorld());
+  EnsureInterfaceTemplatesForWorld(
+      isolate,
+      *DOMWrapperWorld::EnsureIsolatedWorld(isolate, kWorldIdForNonMainWorld));
+}
+
+void V8SnapshotUtil::SetReferenceTable(intptr_t* table) {
+  DCHECK(!g_snapshot_reference_table);
+  g_snapshot_reference_table = table;
+}
+
+intptr_t* V8SnapshotUtil::GetReferenceTable() {
+  DCHECK(g_snapshot_reference_table);
+  return g_snapshot_reference_table;
+}
+
+v8::StartupData V8SnapshotUtil::TakeSnapshot() {
+  DCHECK_EQ(V8PerIsolateData::From(V8PerIsolateData::MainThreadIsolate())
+                ->GetV8ContextMode(),
+            V8PerIsolateData::V8ContextMode::kTakeSnapshot);
+
+  v8::SnapshotCreator* creator =
+      V8PerIsolateData::From(V8PerIsolateData::MainThreadIsolate())
+          ->GetSnapshotCreator();
+  v8::Isolate* isolate = creator->GetIsolate();
+  CHECK_EQ(isolate, v8::Isolate::GetCurrent());
+
+  VLOG(1) << "External reference table has " << CountExternalReferenceEntries()
+          << " entries.";
+
+  // Disable all runtime enabled featuers
+  RuntimeEnabledFeatures::SetStableFeaturesEnabled(false);
+  RuntimeEnabledFeatures::SetExperimentalFeaturesEnabled(false);
+  RuntimeEnabledFeatures::SetTestFeaturesEnabled(false);
+
+  {
+    v8::HandleScope handleScope(isolate);
+    creator->SetDefaultContext(v8::Context::New(isolate));
+
+    TakeSnapshotForWorld(creator, DOMWrapperWorld::MainWorld());
+    // For non main worlds, we can use any type to create a context.
+    TakeSnapshotForWorld(creator, *DOMWrapperWorld::EnsureIsolatedWorld(
+                                      isolate, kWorldIdForNonMainWorld));
+  }
+
+  // Snapshot is taken on the main thread, but it can be used on other threads.
+  // So we remove a message handler for the main thread.
+  isolate->RemoveMessageListeners(V8Initializer::MessageHandlerInMainThread);
+
+  return creator->CreateBlob(v8::SnapshotCreator::FunctionCodeHandling::kClear);
+}
+
+v8::StartupData V8SnapshotUtil::SerializeInternalField(
+    v8::Local<v8::Object> object,
+    int index,
+    void*) {
+  InternalFieldType field_type = InternalFieldType::kNone;
+  const WrapperTypeInfo* wrapper_type = ToWrapperTypeInfo(object);
+  if (kV8DOMWrapperObjectIndex == index) {
+    if (blink::V8HTMLDocument::wrapperTypeInfo.Equals(wrapper_type)) {
+      field_type = InternalFieldType::kHTMLDocumentObject;
+    }
+  } else if (kV8DOMWrapperTypeIndex == index) {
+    if (blink::V8HTMLDocument::wrapperTypeInfo.Equals(wrapper_type)) {
+      field_type = InternalFieldType::kHTMLDocumentType;
+    } else if (blink::V8Document::wrapperTypeInfo.Equals(wrapper_type)) {
+      field_type = InternalFieldType::kDocumentType;
+    } else if (blink::V8Node::wrapperTypeInfo.Equals(wrapper_type)) {
+      field_type = InternalFieldType::kNodeType;
+    }
+  }
+  CHECK_NE(field_type, InternalFieldType::kNone);
+
+  int size = sizeof(InternalFieldType);
+  char* data = new char[size];
+  std::memcpy(data, &field_type, size);
+
+  return {data, size};
+}
+
+void V8SnapshotUtil::DeserializeInternalField(v8::Local<v8::Object> object,
+                                              int index,
+                                              v8::StartupData payload,
+                                              void* ptr) {
+  // DeserializeInternalField() expects to be called in the main world
+  // with |document| being HTMLDocument.
+  CHECK_EQ(payload.raw_size, static_cast<int>(sizeof(InternalFieldType)));
+  InternalFieldType type =
+      *reinterpret_cast<const InternalFieldType*>(payload.data);
+
+  const WrapperTypeInfo* wrapper_type_info = FieldTypeToWrapperTypeInfo(type);
+  switch (type) {
+    case InternalFieldType::kNodeType:
+    case InternalFieldType::kDocumentType:
+    case InternalFieldType::kHTMLDocumentType: {
+      CHECK_EQ(index, kV8DOMWrapperTypeIndex);
+      object->SetAlignedPointerInInternalField(
+          index, const_cast<WrapperTypeInfo*>(wrapper_type_info));
+      return;
+    }
+    case InternalFieldType::kHTMLDocumentObject: {
+      LOG(INFO) << "wrapper";
+      CHECK_EQ(index, kV8DOMWrapperObjectIndex);
+      LOG(INFO) << "setting document wrapper";
+      v8::Isolate* isolate = v8::Isolate::GetCurrent();
+      DataForDeserializer* data = static_cast<DataForDeserializer*>(ptr);
+      ScriptWrappable* document = data->document;
+      DCHECK(document);
+
+      // Make reference from wrapper to document
+      object->SetAlignedPointerInInternalField(index, document);
+      // Make reference from document to wrapper
+      CHECK(document->SetWrapper(isolate, wrapper_type_info, object));
+      WrapperTypeInfo::WrapperCreated();
+      return;
+    }
+    case InternalFieldType::kNone:
+      NOTREACHED();
+      return;
+  }
+
+  NOTREACHED();
+}
+
+bool V8SnapshotUtil::CanCreateContextFromSnapshot(v8::Isolate* isolate,
+                                                  const DOMWrapperWorld& world,
+                                                  Document* document) {

[Yuki, 2017/06/27 12:43:47]

nit: Can we add DCHECK(document)?

If document == nullptr is expected, why?

[peria, 2017/06/28 03:02:43]

Done.

+  if (V8PerIsolateData::From(isolate)->GetV8ContextMode() !=
+      V8PerIsolateData::V8ContextMode::kUseSnapshot) {
+    return false;
+  }
+  // In case we create a context for the main world from snapshot, we also need
+  // a HTMLDocument wrapper.
+  if (world.IsMainWorld() && !(document && document->IsHTMLDocument())) {

[Yuki, 2017/06/27 12:43:47]

nit: A→B is defined as ¬A∨B, hence (!A || B) is one of well-known patterns.
return !world.IsMainWorld() || document->IsHTMLDocument();

[peria, 2017/06/28 03:02:43]

Done.

+    return false;
+  }
+  return true;
+}
+
+void V8SnapshotUtil::EnsureInterfaceTemplatesForWorld(
+    v8::Isolate* isolate,
+    const DOMWrapperWorld& world) {
+  V8PerIsolateData* data = V8PerIsolateData::From(isolate);
+  for (const WrapperTypeInfo* wrapper_type_info : kSnapshotWrapperTypes) {
+    v8::Local<v8::FunctionTemplate> interface =
+        InterfaceTemplateFromSnapshot(isolate, world, wrapper_type_info);
+    CHECK(!interface.IsEmpty());
+    data->SetInterfaceTemplate(world, wrapper_type_info, interface);
+  }
+}
+
+v8::Local<v8::FunctionTemplate> V8SnapshotUtil::InterfaceTemplateFromSnapshot(
+    v8::Isolate* isolate,
+    const DOMWrapperWorld& world,
+    const WrapperTypeInfo* wrapper_type_info) {
+  static const InstallRuntimeEnabledFeaturesOnTemplateFunction kInstallers[] = {

[Yuki, 2017/06/27 12:43:49]

Maybe my comment was unclear.  I was recommending to define a struct to
represent tuples of WrapperTypeInfo and installer function.

struct T {
  const WrapperTypeInfo* wrapper_type_info;
  InstallFunction install_function;
} kSnapshotWrapperTypes[] = {
  {V8Window::wrapperTypeInfo,
V8Window::InstallRuntimeEnabledFeaturesOnTemplate},
  ...
};

[peria, 2017/06/28 03:02:43]

Done.

+      V8Window::install_runtime_enabled_features_on_template_function_,
+      V8HTMLDocument::InstallRuntimeEnabledFeaturesOnTemplate,
+      V8EventTarget::InstallRuntimeEnabledFeaturesOnTemplate,
+      V8Node::InstallRuntimeEnabledFeaturesOnTemplate,
+      V8Document::InstallRuntimeEnabledFeaturesOnTemplate,
+  };
+
+  const int index_offset = world.IsMainWorld() ? 0 : kSnapshotWrapperSize;
+
+  for (size_t i = 0; i < kSnapshotWrapperSize; ++i) {
+    if (kSnapshotWrapperTypes[i]->Equals(wrapper_type_info)) {
+      v8::Local<v8::FunctionTemplate> interface_template =
+          v8::FunctionTemplate::FromSnapshot(isolate, index_offset + i)
+              .ToLocalChecked();
+      kInstallers[i](isolate, world, interface_template);

[Yuki, 2017/06/27 12:43:49]

Just a comment for future work, it's not good to have a side effect in a getter
function, or to name a non-getter function a getter-like name.

[peria, 2017/06/28 03:02:43]

Acknowledged.

+      return interface_template;
+    }
+  }
+
+  NOTREACHED();
+  return v8::Local<v8::FunctionTemplate>();
+}
+
+void V8SnapshotUtil::TakeSnapshotForWorld(v8::SnapshotCreator* creator,
+                                          const DOMWrapperWorld& world) {
+  v8::Isolate* isolate = creator->GetIsolate();
+  CHECK_EQ(isolate, v8::Isolate::GetCurrent());
+
+  // Function templates
+  v8::HandleScope handleScope(isolate);
+  std::array<v8::Local<v8::FunctionTemplate>, kSnapshotWrapperSize>
+      interface_templates;
+  v8::Local<v8::FunctionTemplate> window_template;
+  for (size_t i = 0; i < kSnapshotWrapperSize; ++i) {
+    const WrapperTypeInfo* wrapper_type_info = kSnapshotWrapperTypes[i];
+    v8::Local<v8::FunctionTemplate> interface_template =
+        wrapper_type_info->domTemplate(isolate, world);
+    CHECK(!interface_template.IsEmpty());
+    interface_templates[i] = interface_template;
+    if (V8Window::wrapperTypeInfo.Equals(wrapper_type_info)) {
+      window_template = interface_template;
+    }
+  }
+  CHECK(!window_template.IsEmpty());
+
+  v8::Local<v8::ObjectTemplate> window_instance_template =
+      window_template->InstanceTemplate();
+  CHECK(!window_instance_template.IsEmpty());
+
+  v8::Local<v8::Context> context;
+  {
+    V8PerIsolateData::UseCounterDisabledScope use_counter_disabled(
+        V8PerIsolateData::From(isolate));
+    context = v8::Context::New(isolate, nullptr, window_instance_template);
+  }
+  CHECK(!context.IsEmpty());
+
+  if (world.IsMainWorld()) {
+    v8::Context::Scope scope(context);
+    v8::Local<v8::Object> document_wrapper = CreatePlainWrapper(
+        isolate, world, context, &V8HTMLDocument::wrapperTypeInfo);
+    int indices[] = {kV8DOMWrapperObjectIndex, kV8DOMWrapperTypeIndex};
+    void* values[] = {nullptr, const_cast<WrapperTypeInfo*>(
+                                   &V8HTMLDocument::wrapperTypeInfo)};
+    document_wrapper->SetAlignedPointerInInternalFields(
+        WTF_ARRAY_LENGTH(indices), indices, values);
+
+    // Set the cached accessor for window.document.
+    CHECK(V8PrivateProperty::GetWindowDocumentCachedAccessor(isolate).Set(
+        context->Global(), document_wrapper));
+  }
+
+  for (auto& interface_template : interface_templates) {
+    creator->AddTemplate(interface_template);
+  }
+  creator->AddContext(context, SerializeInternalField);
+
+  V8PerIsolateData::From(isolate)->ClearPersistentsForV8Snapshot();
+}
+
+}  // namespace blink