Make sure all prototypes under poly proto get added into the VM's prototype map
authorsbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Oct 2017 07:38:00 +0000 (07:38 +0000)
committersbarati@apple.com <sbarati@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Oct 2017 07:38:00 +0000 (07:38 +0000)
commit2ac392dec15c5b5ce2d76f138a59b0dd9227c134
tree83258ca49a71cdf378708ae62742db250f9122cd
parentdbf8d2a9b4466b5751601be23cbb7080fb203e05
Make sure all prototypes under poly proto get added into the VM's prototype map
https://bugs.webkit.org/show_bug.cgi?id=177909

Reviewed by Keith Miller.

JSTests:

* stress/poly-proto-prototype-map-having-a-bad-time.js: Added.
(assert):
(foo.C):
(foo):
(set x):

Source/JavaScriptCore:

This is an invariant of prototypes that I broke when doing poly proto. This patch fixes it.

* JavaScriptCore.xcodeproj/project.pbxproj:
* bytecode/BytecodeList.json:
* dfg/DFGByteCodeParser.cpp:
(JSC::DFG::ByteCodeParser::parseBlock):
* dfg/DFGOperations.cpp:
* runtime/CommonSlowPaths.cpp:
(JSC::SLOW_PATH_DECL):
* runtime/JSCInlines.h:
* runtime/PrototypeMap.cpp:
(JSC::PrototypeMap::addPrototype): Deleted.
* runtime/PrototypeMap.h:
* runtime/PrototypeMapInlines.h:
(JSC::PrototypeMap::isPrototype const):
(JSC::PrototypeMap::addPrototype):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222901 268f45cc-cd09-0410-ab3c-d52691b4dbfc
12 files changed:
JSTests/ChangeLog
JSTests/stress/poly-proto-prototype-map-having-a-bad-time.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/JavaScriptCore.xcodeproj/project.pbxproj
Source/JavaScriptCore/bytecode/BytecodeList.json
Source/JavaScriptCore/dfg/DFGByteCodeParser.cpp
Source/JavaScriptCore/dfg/DFGOperations.cpp
Source/JavaScriptCore/runtime/CommonSlowPaths.cpp
Source/JavaScriptCore/runtime/JSCInlines.h
Source/JavaScriptCore/runtime/PrototypeMap.cpp
Source/JavaScriptCore/runtime/PrototypeMap.h
Source/JavaScriptCore/runtime/PrototypeMapInlines.h