Builtins and host functions should get their own structures.
authormark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Jul 2018 17:51:21 +0000 (17:51 +0000)
committermark.lam@apple.com <mark.lam@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 2 Jul 2018 17:51:21 +0000 (17:51 +0000)
commit7cf654fc780bf22b05faf114eec471565ad958ec
tree8960d9220bd72e4e05e50a770ac91d6d766c9eb7
parenta357439823c3e9146039245e5fdf399670db790c
Builtins and host functions should get their own structures.
https://bugs.webkit.org/show_bug.cgi?id=187211
<rdar://problem/41646336>

Reviewed by Saam Barati.

JSTests:

* stress/regress-187211.js: Added.

Source/JavaScriptCore:

JSFunctions do lazy reification of properties, but ordinary functions applies
different rules of property reification than builtin and host functions.  Hence,
we should give builtins and host functions their own structures.

* runtime/JSFunction.cpp:
(JSC::JSFunction::selectStructureForNewFuncExp):
(JSC::JSFunction::create):
(JSC::JSFunction::getOwnPropertySlot):
* runtime/JSGlobalObject.cpp:
(JSC::JSGlobalObject::init):
(JSC::JSGlobalObject::visitChildren):
* runtime/JSGlobalObject.h:
(JSC::JSGlobalObject::hostFunctionStructure const):
(JSC::JSGlobalObject::arrowFunctionStructure const):
(JSC::JSGlobalObject::sloppyFunctionStructure const):
(JSC::JSGlobalObject::strictFunctionStructure const):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233426 268f45cc-cd09-0410-ab3c-d52691b4dbfc
JSTests/ChangeLog
JSTests/stress/regress-187211.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/JSFunction.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSGlobalObject.h