• V8::Arguments中This和Holder的区别


    ## v8::Arguments

    namespace v8 {

    class Arguments {
     public:
      inline int Length() const;
      inline Local<Value> operator[](int i) const;
      inline Local<Function> Callee() const;
      inline Local<Object> This() const;
      inline Local<Object> Holder() const;
      inline bool IsConstructCall() const;
      inline Local<Value> Data() const;
      inline Isolate* GetIsolate() const;

    };

    }

    ## 满眼都是问号

    Length/operator[]:

        一眼看去,Length和operator[]好懂,基本上就是与方法参数的值相关。

    Data(): 

        在创建FunctionTemplate时候,FunctionTemplate::New函数所提供的第二个参数。

    This()/Holder():

        This() corresponds to JS 'this' and should be operated upon when you'd like to have a normal JS semantics.

         Holder() is the objects which is instance of your FunctionTemplate.

         This()对应的是JavaScript的this,在很多情况下Holder和This其实是一样的。

         在Google Group中的帖子提到了谈到了二者的区别:

    The Holder value was introduced to deal with some corner cases that
    happen because methods are just properties and can be moved around.
    To explain it you need a bit of background but I'll get to the Holder
    part in minute.

    Consider this code:

    var x = { };
    x.createElement = document.createElement;
    var div = x.createElement('div');

    In the implementation of createElement we need to check what kind of
    object we're being called on because createElement needs to use some
    internal fields stored on the document object.  To implement this we
    use function signatures (by passing a Signature object to
    FunctionTemplate::New for all dom methods).  A signature specifies
    what kind of objects a function can be called with.  In this case we
    would pass a signature that specifies that the receiver must be a
    document and then v8 takes case of giving an error if it isn't.

    However, with this type check in place there can still be problems.
    Consider this code:

    var x = { }
    x.__proto__ = document;
    var div = x.createElement('div');

    In this case createElement is actually given a document, it's there in
    the prototype chain, and for compatibility reasons we have to allow
    this.  However, 'This' is not a document so it's still not safe to try
    to read internal fields from it.  That's where Holder comes in.  If
    your function has a signature that says that it must be called on a
    particular type v8 will search the prototype chain for an object of
    that type when the function is called.  If it is not there we given an
    error.  If it is there that's the value Holder will return to you.

    In short: if you specify, through a Signature, that a function must
    only be called on instances of function template T, the value returned
    by Holder is guaranteed to hold an instance created from T or another
    function template that directly or indirectly
    "FunctionTemplate::Inherit"s from T.  No guarantees hold about the
    type of This.

    ## References

    [This() vs. Holder()](https://groups.google.com/forum/#!topic/v8-users/fK9PBWxJxtQ)

    [What is the difference between Arguments::Holder() and Arguments::This()?](https://groups.google.com/forum/#!topic/v8-users/Axf4hF_RfZo)

    [V8 Javascript Engine Tutorial (Part 1)](https://www.homepluspower.info/2010/06/v8-javascript-engine-tutorial-part-1.html)

    [V8 Javascript Engine Tutorial (Part 2)](https://www.homepluspower.info/2010/06/v8-javascript-engine-tutorial-part-2.html)

  • 相关阅读:
    vue-amap地图组件的使用
    数据分析
    爬虫之scrapy框架
    爬虫之selenium
    记录一下最近的pwn
    内核提权姿势笔记
    CVE-2016-5343分析
    CVE-2015-8660分析
    Docker远程访问get(root)shell姿势
    Linux内核ROP学习
  • 原文地址:https://www.cnblogs.com/piaoger/p/3200715.html
Copyright © 2020-2023  润新知