Fix bug with inner globals with internal fields on context creation....

src/bootstrapper.cc

 // Copyright 2006-2008 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 199 matching lines @@
   // rest of the context snapshot.
   Handle<JSGlobalProxy> CreateNewGlobals(
       v8::Handle<v8::ObjectTemplate> global_template,
       Handle<Object> global_object,
       Handle<GlobalObject>* global_proxy_out);
   // Hooks the given global proxy into the context.  If the context was created
   // by deserialization then this will unhook the global proxy that was
   // deserialized, leaving the GC to pick it up.
   void HookUpGlobalProxy(Handle<GlobalObject> inner_global,
                          Handle<JSGlobalProxy> global_proxy);
+  // Similarly, we want to use the inner global that has been created by the
+  // templates passed through the API.  The inner global from the snapshot is
+  // detached from the other objects in the snapshot.
+  void HookUpInnerGlobal(Handle<GlobalObject> inner_global);
   // New context initialization.  Used for creating a context from scratch.
   void InitializeGlobal(Handle<GlobalObject> inner_global,
                         Handle<JSFunction> empty_function);
   // Installs the contents of the native .js files on the global objects.
   // Used for creating a context from scratch.
   void InstallNativeFunctions();
   bool InstallNatives();
   // Used both for deserialized and from-scratch contexts to add the extensions
   // provided.
   static bool InstallExtensions(Handle<Context> global_context,
                                 v8::ExtensionConfiguration* extensions);
   static bool InstallExtension(const char* name);
   static bool InstallExtension(v8::RegisteredExtension* current);
   static void InstallSpecialObjects(Handle<Context> global_context);
   bool InstallJSBuiltins(Handle<JSBuiltinsObject> builtins);
   bool ConfigureApiObject(Handle<JSObject> object,
                           Handle<ObjectTemplateInfo> object_template);
   bool ConfigureGlobalObjects(v8::Handle<v8::ObjectTemplate> global_template);
-  void TransferMapsToDeserializedGlobals(
-    Handle<GlobalObject> inner_global_outside_snapshot,
-    Handle<GlobalObject> inner_global_from_snapshot);
 
   // Migrates all properties from the 'from' object to the 'to'
   // object and overrides the prototype in 'to' with the one from
   // 'from'.
   void TransferObject(Handle<JSObject> from, Handle<JSObject> to);
   void TransferNamedProperties(Handle<JSObject> from, Handle<JSObject> to);
   void TransferIndexedProperties(Handle<JSObject> from, Handle<JSObject> to);
 
   Handle<DescriptorArray> ComputeFunctionInstanceDescriptor(
       bool make_prototype_read_only,
@@ skipping 328 matching lines @@
 void Genesis::HookUpGlobalProxy(Handle<GlobalObject> inner_global,
                                 Handle<JSGlobalProxy> global_proxy) {
   // Set the global context for the global object.
   inner_global->set_global_context(*global_context());
   inner_global->set_global_receiver(*global_proxy);
   global_proxy->set_context(*global_context());
   global_context()->set_global_proxy(*global_proxy);
 }
 
 
+void Genesis::HookUpInnerGlobal(Handle<GlobalObject> inner_global) {
+  Handle<GlobalObject> inner_global_from_snapshot(
+      GlobalObject::cast(global_context_->extension()));
+  Handle<JSBuiltinsObject> builtins_global(global_context_->builtins());
+  global_context_->set_extension(*inner_global);
+  global_context_->set_global(*inner_global);
+  global_context_->set_security_token(*inner_global);
+  static const PropertyAttributes attributes =
+      static_cast<PropertyAttributes>(READ_ONLY | DONT_DELETE);
+  ForceSetProperty(builtins_global,
+                   Factory::LookupAsciiSymbol("global"),
+                   inner_global,
+                   attributes);
+  // Setup the reference from the global object to the builtins object.
+  JSGlobalObject::cast(*inner_global)->set_builtins(*builtins_global);
+  TransferNamedProperties(inner_global_from_snapshot, inner_global);
+  TransferIndexedProperties(inner_global_from_snapshot, inner_global);
+}
+
+
+// This is only called if we are not using snapshots.  The equivalent
+// work in the snapshot case is done in HookUpInnerGlobal.
 void Genesis::InitializeGlobal(Handle<GlobalObject> inner_global,
                                Handle<JSFunction> empty_function) {
   // --- G l o b a l   C o n t e x t ---
   // Use the empty function as closure (no scope info).
   global_context()->set_closure(*empty_function);
   global_context()->set_fcontext(*global_context());
   global_context()->set_previous(NULL);
   // Set extension and global object.
   global_context()->set_extension(*inner_global);
   global_context()->set_global(*inner_global);
@@ skipping 676 matching lines @@
                                     false);
   ASSERT(Top::has_pending_exception() != result);
   if (!result) {
     Top::clear_pending_exception();
   }
   current->set_state(v8::INSTALLED);
   return result;
 }
 
 
-void Genesis::TransferMapsToDeserializedGlobals(
-    Handle<GlobalObject> inner_global_outside_snapshot,
-    Handle<GlobalObject> inner_global_from_snapshot) {
-  Handle<Map> from_map(inner_global_outside_snapshot->map());
-#ifdef DEBUG
-  Handle<Map> to_map(inner_global_from_snapshot->map());
-  ASSERT_EQ(to_map->instance_size(), from_map->instance_size());
-  ASSERT_EQ(0, to_map->inobject_properties());
-  ASSERT_EQ(0, from_map->inobject_properties());
-#endif
-  inner_global_from_snapshot->set_map(*from_map);
-}
-
-
 bool Genesis::InstallJSBuiltins(Handle<JSBuiltinsObject> builtins) {
   HandleScope scope;
   for (int i = 0; i < Builtins::NumberOfJavaScriptBuiltins(); i++) {
     Builtins::JavaScript id = static_cast<Builtins::JavaScript>(i);
     Handle<String> name = Factory::LookupAsciiSymbol(Builtins::GetName(id));
     Handle<JSFunction> function
         = Handle<JSFunction>(JSFunction::cast(builtins->GetProperty(*name)));
     builtins->set_javascript_builtin(id, *function);
     Handle<SharedFunctionInfo> shared
         = Handle<SharedFunctionInfo>(function->shared());
     if (!EnsureCompiled(shared, CLEAR_EXCEPTION)) return false;
   }
   return true;
 }
 
 
 bool Genesis::ConfigureGlobalObjects(
     v8::Handle<v8::ObjectTemplate> global_proxy_template) {
   Handle<JSObject> global_proxy(
       JSObject::cast(global_context()->global_proxy()));
-  Handle<JSObject> js_global(JSObject::cast(global_context()->global()));
+  Handle<JSObject> inner_global(JSObject::cast(global_context()->global()));
 
   if (!global_proxy_template.IsEmpty()) {
     // Configure the global proxy object.
     Handle<ObjectTemplateInfo> proxy_data =
         v8::Utils::OpenHandle(*global_proxy_template);
     if (!ConfigureApiObject(global_proxy, proxy_data)) return false;
 
     // Configure the inner global object.
     Handle<FunctionTemplateInfo> proxy_constructor(
         FunctionTemplateInfo::cast(proxy_data->constructor()));
     if (!proxy_constructor->prototype_template()->IsUndefined()) {
       Handle<ObjectTemplateInfo> inner_data(
           ObjectTemplateInfo::cast(proxy_constructor->prototype_template()));
-      if (!ConfigureApiObject(js_global, inner_data)) return false;
+      if (!ConfigureApiObject(inner_global, inner_data)) return false;
     }
   }
 
-  SetObjectPrototype(global_proxy, js_global);
+  SetObjectPrototype(global_proxy, inner_global);
   return true;
 }
 
 
 bool Genesis::ConfigureApiObject(Handle<JSObject> object,
     Handle<ObjectTemplateInfo> object_template) {
   ASSERT(!object_template.is_null());
   ASSERT(object->IsInstanceOf(
       FunctionTemplateInfo::cast(object_template->constructor())));
 
@@ skipping 202 matching lines @@
   Handle<Context> new_context = Snapshot::NewContextFromSnapshot();
   if (!new_context.is_null()) {
     global_context_ =
       Handle<Context>::cast(GlobalHandles::Create(*new_context));
     Top::set_context(*global_context_);
     i::Counters::contexts_created_by_snapshot.Increment();
     result_ = global_context_;
     JSFunction* empty_function =
         JSFunction::cast(result_->function_map()->prototype());
     empty_function_ = Handle<JSFunction>(empty_function);
-    Handle<GlobalObject> inner_global_outside_snapshot;
+    Handle<GlobalObject> inner_global;
     Handle<JSGlobalProxy> global_proxy =
         CreateNewGlobals(global_template,
                          global_object,
-                         &inner_global_outside_snapshot);
-    // CreateNewGlobals returns an inner global that it just made, but
-    // we won't give that to HookUpGlobalProxy because we want to hook
-    // up the global proxy to the one from the snapshot.
-    Handle<GlobalObject> inner_global(
-        GlobalObject::cast(global_context_->extension()));
+                         &inner_global);
+
     HookUpGlobalProxy(inner_global, global_proxy);
-    TransferMapsToDeserializedGlobals(inner_global_outside_snapshot,
-                                      inner_global);
+    HookUpInnerGlobal(inner_global);
+
     if (!ConfigureGlobalObjects(global_template)) return;
   } else {
     // We get here if there was no context snapshot.
     CreateRoots();
     Handle<JSFunction> empty_function = CreateEmptyFunction();
     Handle<GlobalObject> inner_global;
     Handle<JSGlobalProxy> global_proxy =
         CreateNewGlobals(global_template, global_object, &inner_global);
     HookUpGlobalProxy(inner_global, global_proxy);
     InitializeGlobal(inner_global, empty_function);
@@ skipping 50 matching lines @@
 }
 
 
 // Restore statics that are thread local.
 char* BootstrapperActive::RestoreState(char* from) {
   nesting_ = *reinterpret_cast<int*>(from);
   return from + sizeof(nesting_);
 }
 
 } }  // namespace v8::internal