InstanceOf IC should do generic if the prototype is not an object.
authorkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Jul 2018 18:04:54 +0000 (18:04 +0000)
committerkeith_miller@apple.com <keith_miller@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Jul 2018 18:04:54 +0000 (18:04 +0000)
commit3916780ed6d0ed437a4e99d4c8c7a88fb3ce290a
treee9178a422bee12c63ce9db59230f212656333189
parent7cf654fc780bf22b05faf114eec471565ad958ec
InstanceOf IC should do generic if the prototype is not an object.
https://bugs.webkit.org/show_bug.cgi?id=187250

Reviewed by Mark Lam.

JSTests:

* stress/instanceof-non-object-prototype.js: Added.
(let):
(test):
(i.catch):

Source/JavaScriptCore:

The old code was wrong for two reasons. First, the AccessCase expected that
the prototype value would be non-null. Second, we would end up returning
false instead of throwing an exception.

* jit/Repatch.cpp:
(JSC::tryCacheInstanceOf):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233427 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/jit/Repatch.cpp
jstests/stress/instanceof-non-object-prototype.js [new file with mode: 0644]