All prototypes should call didBecomePrototype()
authorrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Apr 2019 22:21:25 +0000 (22:21 +0000)
committerrmorisset@apple.com <rmorisset@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 26 Apr 2019 22:21:25 +0000 (22:21 +0000)
commitf6d37edb3353b3ecab8cff6b9bc7b9594c1e3804
tree152a478b9db1b389aab94b9c54b5169f847a3fb9
parentd7ecee04e014e39703ccd3b0cfdb6119bf20adfc
All prototypes should call didBecomePrototype()
https://bugs.webkit.org/show_bug.cgi?id=196315

Reviewed by Saam Barati.

JSTests:

* stress/function-prototype-indexed-accessor.js: Added.

Source/JavaScriptCore:

Otherwise we won't remember to run haveABadTime() when someone adds to them an indexed accessor.

I added a check used in both Structure::finishCreation() and Structure::changePrototypeTransition to make sure we don't
create structures with invalid prototypes.
It found a lot of objects that are used as prototypes in JSGlobalObject and yet were missing didBecomePrototype() in their finishCreation().
Somewhat surprisingly, some of them have names like FunctionConstructor and not only FooPrototype.

* runtime/BigIntPrototype.cpp:
(JSC::BigIntPrototype::finishCreation):
* runtime/BooleanPrototype.cpp:
(JSC::BooleanPrototype::finishCreation):
* runtime/DatePrototype.cpp:
(JSC::DatePrototype::finishCreation):
* runtime/ErrorConstructor.cpp:
(JSC::ErrorConstructor::finishCreation):
* runtime/ErrorPrototype.cpp:
(JSC::ErrorPrototype::finishCreation):
* runtime/FunctionConstructor.cpp:
(JSC::FunctionConstructor::finishCreation):
* runtime/FunctionPrototype.cpp:
(JSC::FunctionPrototype::finishCreation):
* runtime/IntlCollatorPrototype.cpp:
(JSC::IntlCollatorPrototype::finishCreation):
* runtime/IntlDateTimeFormatPrototype.cpp:
(JSC::IntlDateTimeFormatPrototype::finishCreation):
* runtime/IntlNumberFormatPrototype.cpp:
(JSC::IntlNumberFormatPrototype::finishCreation):
* runtime/IntlPluralRulesPrototype.cpp:
(JSC::IntlPluralRulesPrototype::finishCreation):
* runtime/JSArrayBufferPrototype.cpp:
(JSC::JSArrayBufferPrototype::finishCreation):
* runtime/JSDataViewPrototype.cpp:
(JSC::JSDataViewPrototype::finishCreation):
* runtime/JSGenericTypedArrayViewPrototypeInlines.h:
(JSC::JSGenericTypedArrayViewPrototype<ViewClass>::finishCreation):
* runtime/JSGlobalObject.cpp:
(JSC::createConsoleProperty):
* runtime/JSPromisePrototype.cpp:
(JSC::JSPromisePrototype::finishCreation):
* runtime/JSTypedArrayViewConstructor.cpp:
(JSC::JSTypedArrayViewConstructor::finishCreation):
* runtime/JSTypedArrayViewPrototype.cpp:
(JSC::JSTypedArrayViewPrototype::finishCreation):
* runtime/NumberPrototype.cpp:
(JSC::NumberPrototype::finishCreation):
* runtime/RegExpPrototype.cpp:
(JSC::RegExpPrototype::finishCreation):
* runtime/StringPrototype.cpp:
(JSC::StringPrototype::finishCreation):
* runtime/Structure.cpp:
(JSC::Structure::isValidPrototype):
(JSC::Structure::changePrototypeTransition):
* runtime/Structure.h:
* runtime/SymbolPrototype.cpp:
(JSC::SymbolPrototype::finishCreation):
* wasm/js/WebAssemblyCompileErrorPrototype.cpp:
(JSC::WebAssemblyCompileErrorPrototype::finishCreation):
* wasm/js/WebAssemblyInstancePrototype.cpp:
(JSC::WebAssemblyInstancePrototype::finishCreation):
* wasm/js/WebAssemblyLinkErrorPrototype.cpp:
(JSC::WebAssemblyLinkErrorPrototype::finishCreation):
* wasm/js/WebAssemblyMemoryPrototype.cpp:
(JSC::WebAssemblyMemoryPrototype::finishCreation):
* wasm/js/WebAssemblyModulePrototype.cpp:
(JSC::WebAssemblyModulePrototype::finishCreation):
* wasm/js/WebAssemblyPrototype.cpp:
(JSC::WebAssemblyPrototype::finishCreation):
* wasm/js/WebAssemblyRuntimeErrorPrototype.cpp:
(JSC::WebAssemblyRuntimeErrorPrototype::finishCreation):
* wasm/js/WebAssemblyTablePrototype.cpp:
(JSC::WebAssemblyTablePrototype::finishCreation):

Source/WebCore:

It was found by existing tests, with the new assert in JSC::Structure

* bindings/js/JSWindowProxy.cpp:
(WebCore::JSWindowProxy::setWindow):
* bindings/scripts/CodeGeneratorJS.pm:
(GeneratePrototypeDeclaration):
(GenerateConstructorHelperMethods):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@244708 268f45cc-cd09-0410-ab3c-d52691b4dbfc
100 files changed:
JSTests/ChangeLog
JSTests/stress/function-prototype-indexed-accessor.js [new file with mode: 0644]
Source/JavaScriptCore/ChangeLog
Source/JavaScriptCore/runtime/BigIntPrototype.cpp
Source/JavaScriptCore/runtime/BooleanPrototype.cpp
Source/JavaScriptCore/runtime/DatePrototype.cpp
Source/JavaScriptCore/runtime/ErrorConstructor.cpp
Source/JavaScriptCore/runtime/ErrorPrototype.cpp
Source/JavaScriptCore/runtime/FunctionConstructor.cpp
Source/JavaScriptCore/runtime/FunctionPrototype.cpp
Source/JavaScriptCore/runtime/IntlCollatorPrototype.cpp
Source/JavaScriptCore/runtime/IntlDateTimeFormatPrototype.cpp
Source/JavaScriptCore/runtime/IntlNumberFormatPrototype.cpp
Source/JavaScriptCore/runtime/IntlPluralRulesPrototype.cpp
Source/JavaScriptCore/runtime/JSArrayBufferPrototype.cpp
Source/JavaScriptCore/runtime/JSDataViewPrototype.cpp
Source/JavaScriptCore/runtime/JSGenericTypedArrayViewPrototypeInlines.h
Source/JavaScriptCore/runtime/JSGlobalObject.cpp
Source/JavaScriptCore/runtime/JSPromisePrototype.cpp
Source/JavaScriptCore/runtime/JSTypedArrayViewConstructor.cpp
Source/JavaScriptCore/runtime/JSTypedArrayViewPrototype.cpp
Source/JavaScriptCore/runtime/NumberPrototype.cpp
Source/JavaScriptCore/runtime/RegExpPrototype.cpp
Source/JavaScriptCore/runtime/StringPrototype.cpp
Source/JavaScriptCore/runtime/Structure.cpp
Source/JavaScriptCore/runtime/Structure.h
Source/JavaScriptCore/runtime/SymbolPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyCompileErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyInstancePrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyLinkErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyMemoryPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyModulePrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyRuntimeErrorPrototype.cpp
Source/JavaScriptCore/wasm/js/WebAssemblyTablePrototype.cpp
Source/WebCore/ChangeLog
Source/WebCore/bindings/js/JSWindowProxy.cpp
Source/WebCore/bindings/scripts/CodeGeneratorJS.pm
Source/WebCore/bindings/scripts/test/JS/JSInterfaceName.cpp
Source/WebCore/bindings/scripts/test/JS/JSMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSReadOnlyMapLike.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestActiveDOMObject.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactions.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCEReactionsStringifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestCallTracer.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestClassWithJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestDOMJIT.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEnabledBySetting.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestEventTarget.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGenerateIsReachable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestGlobalObject.h
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIndexedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestInterfaceLeadingUnderscore.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestIterable.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestJSBuiltinConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestMediaQueryListListener.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedAndIndexedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedConstructor.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedDeleterWithIndexedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterCallWith.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedGetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterNoIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterThrowingException.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIdentifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithIndexedGetterAndSetter.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgableProperties.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNamedSetterWithUnforgablePropertiesAndOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestNode.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestObj.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructors.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverloadedConstructorsWithSequence.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestOverrideBuiltins.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestPluginInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestPromiseRejectionEvent.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerialization.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationIndirectInheritance.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInherit.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializationInheritFinal.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestSerializedScriptValueInterface.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifier.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierAnonymousOperation.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierNamedOperation.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationImplementedAs.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierOperationNamedToString.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadOnlyAttribute.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestStringifierReadWriteAttribute.cpp
Source/WebCore/bindings/scripts/test/JS/JSTestTypedefs.cpp